[Pkg-gnupg-commit] [gnupg2] 70/102: g10: Export cleartext keys as cleartext

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jun 17 00:14:56 UTC 2016


This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit c41c46fa84cabbed74a13ded51fc3a817a919367
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Fri Jun 10 16:15:36 2016 -0400

    g10: Export cleartext keys as cleartext
    
    * g10/export.c (do_export_stream): If a key is stored by the agent in
    cleartext, then try to export it as cleartext.
    * tests/openpgp/export.test: For secret keys that are stored in
    cleartext, test should try to export without pinentry interaction.
    --
    
    This restores the behavior of GnuPG 2.0 and 1.4 when exporting
    passphraseless secret keys, and fixes the test suite accordingly.
    
    GnuPG-bug-id: 2070, 2324
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
 g10/export.c              |  5 +++--
 tests/openpgp/export.test | 28 ++++------------------------
 2 files changed, 7 insertions(+), 26 deletions(-)

diff --git a/g10/export.c b/g10/export.c
index 25a3319..870cb45 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1141,6 +1141,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
   gcry_cipher_hd_t cipherhd = NULL;
   char *cache_nonce = NULL;
   struct export_stats_s dummystats;
+  int cleartext = 0;
 
   if (!stats)
     stats = &dummystats;
@@ -1445,7 +1446,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
                   serialno = NULL;
                 }
               else
-                err = agent_get_keyinfo (ctrl, hexgrip, &serialno, NULL);
+                err = agent_get_keyinfo (ctrl, hexgrip, &serialno, &cleartext);
 
               if ((!err && serialno)
                   && secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
@@ -1494,7 +1495,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
               else if (!err)
                 {
                   err = receive_seckey_from_agent (ctrl, cipherhd,
-                                                   0, &cache_nonce,
+                                                   cleartext, &cache_nonce,
                                                    hexgrip, pk);
                   if (err)
                     {
diff --git a/tests/openpgp/export.test b/tests/openpgp/export.test
index e0fe926..9776760 100755
--- a/tests/openpgp/export.test
+++ b/tests/openpgp/export.test
@@ -61,8 +61,6 @@ assert_passphrases_consumed()
     rm -f -- $logfile
 }
 
-# XXX: Currently, gpg does not allow one to export private keys
-# without a passphrase (issue2070, issue2324).
 export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile"
 
 info "Checking key export."
@@ -78,23 +76,13 @@ do
     check_armored_public_key $KEY.public
     rm $KEY.public
 
+    # test without --armor:
+
     if [ $KEY = D74C5F22 ]; then
         # Key D74C5F22 is protected by a passphrase.  Prepare this
         # one.  Currently, GnuPG does not ask for an export passphrase
         # in this case.
         prepare_passphrase "$usrpass1"
-    else
-        # We use a weak passphrase which we'll have to confirm.
-        prepare_passphrase "export passphrase"
-        prepare_passphrase_confirm
-        prepare_passphrase "export passphrase"
-
-        # Key C40FDECF has a subkey.
-        if [ $KEY = C40FDECF ]; then
-            prepare_passphrase "export passphrase"
-            prepare_passphrase_confirm
-            prepare_passphrase "export passphrase"
-        fi
     fi
 
     $GPG --export-secret-keys $KEY >$KEY.private
@@ -103,21 +91,13 @@ do
 
     assert_passphrases_consumed
 
+    # test with --armor:
+
     if [ $KEY = D74C5F22 ]; then
         # Key D74C5F22 is protected by a passphrase.  Prepare this
         # one.  Currently, GnuPG does not ask for an export passphrase
         # in this case.
         prepare_passphrase "$usrpass1"
-    else
-        # We use a stronger passphrase here.
-        prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
-        prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
-
-        # Key C40FDECF has a subkey.
-        if [ $KEY = C40FDECF ]; then
-            prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
-            prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
-        fi
     fi
 
     $GPG --armor --export-secret-keys $KEY >$KEY.private

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git



More information about the Pkg-gnupg-commit mailing list