[Pkg-gnupg-commit] [gnupg2] 74/166: gpg: Make --export-ssh-key work for the primary key.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Mar 16 22:33:07 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit b456e5be91dc064fc9509ea86edab113721ed299
Author: Werner Koch <wk at gnupg.org>
Date: Tue Feb 14 10:55:13 2017 +0100
gpg: Make --export-ssh-key work for the primary key.
* g10/export.c (export_ssh_key): Also check the primary key.
--
If no suitable subkey was found for export, we now check whether the
primary key is suitable for export and export this one. Without this
change it was only possible to export the primary key by using the '!'
suffix in the key specification.
Also added a sample key for testing this.
GnuPG-bug-id: 2957
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/export.c | 42 ++++++++++++++++++++++
tests/openpgp/samplekeys/README | 2 ++
.../samplekeys/rsa-primary-auth-only.pub.asc | 23 ++++++++++++
.../samplekeys/rsa-primary-auth-only.sec.asc | 38 ++++++++++++++++++++
4 files changed, 105 insertions(+)
diff --git a/g10/export.c b/g10/export.c
index f354ca0..8668126 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -2208,6 +2208,48 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
latest_key = node;
}
}
+
+ /* If no subkey was suitable check the primary key. */
+ if (!latest_key
+ && (node = keyblock) && node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ pk = node->pkt->pkt.public_key;
+ if (DBG_LOOKUP)
+ log_debug ("\tchecking primary key %08lX\n",
+ (ulong) keyid_from_pk (pk, NULL));
+ if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH))
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not usable for authentication\n");
+ }
+ else if (!pk->flags.valid)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not valid\n");
+ }
+ else if (pk->flags.revoked)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key has been revoked\n");
+ }
+ else if (pk->has_expired)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key has expired\n");
+ }
+ else if (pk->timestamp > curtime && !opt.ignore_valid_from)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not yet valid\n");
+ }
+ else
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key is fine\n");
+ latest_date = pk->timestamp;
+ latest_key = node;
+ }
+ }
}
if (!latest_key)
diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README
index 29524d5..6f2399f 100644
--- a/tests/openpgp/samplekeys/README
+++ b/tests/openpgp/samplekeys/README
@@ -17,3 +17,5 @@ E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection)
rsa-rsa-sample-1.asc RSA+RSA sample key (no passphrase)
ed25519-cv25519-sample-1.asc Ed25519+CV25519 sample key (no passphrase)
silent-running.asc Collection of sample secret keys (no passphrases)
+rsa-primary-auth-only.pub.asc rsa2408 primary only, usage: cert,auth
+rsa-primary-auth-only.sec.asc Ditto but the secret keyblock.
diff --git a/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc b/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc
new file mode 100644
index 0000000..f34999e
--- /dev/null
+++ b/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc
@@ -0,0 +1,23 @@
+pub rsa2048 2017-02-14 [CA]
+ F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
+ Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
+uid [ unknown] ssh://host.example.net
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
+Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
+S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
+ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
+SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
+j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAG0FnNzaDovL2hvc3QuZXhh
+bXBsZS5uZXSJAU4EEwEIADgWIQT3S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIb
+IQULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclV
+tM60+ydPNgUJwyRXpKdLIm/AtM1zOijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv3
+1NNDNMbUuFumApVrLzJUBugFRb+8/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYX
+Zy6uim8E4OlJ41S68fQcMiTxbLTCDkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXf
+dyoiDz9N1V0ERzmGEiPewvHg2zWcVia07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCy
+AyU3X8fL10XKWooCAU+t4hR5hXYxYTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9
+kV8icGkI6KXp
+=zMXp
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc b/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc
new file mode 100644
index 0000000..9d72421
--- /dev/null
+++ b/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc
@@ -0,0 +1,38 @@
+sec rsa2048 2017-02-14 [CA]
+ F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
+ Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
+uid [ unknown] ssh://host.example.net
+
+Passprase: none
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQOYBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
+Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
+S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
+ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
+SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
+j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAEAB/wN0yan4HIdQ+fU5i2c
+v0uknI9+i9zW8mWUi84Puks0K15CZ1VTLHC8JQ6hgq4twhw3HeS7GkJO3X2K4BuQ
+tggdIv94slqtQKaQ9XbNgYraz/AMXZtIiNy0FdGaGmM6rY+ccwxM9w1BFXn+48v4
+lzCUCq/2wX53wwDSC5dpRPw8km6+uksFh3dfY8kgfpjU/lUCCwQiooYrQhut1EGB
+lDLRHp2ntC1xsnowtdPzluIHFetFSnmn2ehGqXqXtXLAMF0HOirViO5dUVMuj2Pe
+ra3IYVYANYK/7FEsRXHxU6aB/BSnubb5EiqB1Oi1JNyMrvYZnRsoRUaMjVgjA4ne
+RwD5BADBZN2USYGgciDVh7kvTbrtS1igPhoe3xUUQsM0hVIEwBzG4A4pWXznIQyW
+BziVTnRNp953EbHJIYdn7vmJzdiRKI+hOvrF8dfvVsq+fp4pWxrc+zrC6qptpo6H
+IhkHWUpyfIPuTI8d+glIUIuDshwKau0UZ8VDTOYuRYEZX9PrAwQA15RdS3geA1cf
+UK/ZaKs5VnohcLtEE/z3BlvlQaEdHxSQJSLYC4By7zKVOFZlZkHk36IPikwYNTgc
+P57aLe7rwNZqPhADue1ZN6Ypetvrek55lAYL9XoPJ/mWaYz6oDWWW8vHYqEPk8OL
+N8/8a6DhK0iydXi9/ztHQllbOt0EUcsEAJBjX84FgIi3VRotRSEDN/tIhekNo8p6
+Pl8YF4V8A1hCVBEKRIcsPVx603DFiGFRcQQcBbblqVG4fpOYYgiBtEgJksRiMg/o
+kmVkl8BPrIhBGe2ez7byhhFvJDAoOWCdH0MWGaPGUoCGTDvd046GE8B3UWN9TSmo
+qAqfrUG0hQVQLEa0FnNzaDovL2hvc3QuZXhhbXBsZS5uZXSJAU4EEwEIADgWIQT3
+S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIbIQULCQgHAgYVCAkKCwIEFgIDAQIe
+AQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclVtM60+ydPNgUJwyRXpKdLIm/AtM1z
+OijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv31NNDNMbUuFumApVrLzJUBugFRb+8
+/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYXZy6uim8E4OlJ41S68fQcMiTxbLTC
+DkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXfdyoiDz9N1V0ERzmGEiPewvHg2zWc
+Via07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCyAyU3X8fL10XKWooCAU+t4hR5hXYx
+YTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9kV8icGkI6KXp
+=3QG9
+-----END PGP PRIVATE KEY BLOCK-----
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list