[Pkg-gnupg-commit] [gnupg2] 74/166: gpg: Make --export-ssh-key work for the primary key.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Mar 16 22:33:07 UTC 2017 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit b456e5be91dc064fc9509ea86edab113721ed299
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Feb 14 10:55:13 2017 +0100

    gpg: Make --export-ssh-key work for the primary key.
    
    * g10/export.c (export_ssh_key): Also check the primary key.
    --
    
    If no suitable subkey was found for export, we now check whether the
    primary key is suitable for export and export this one.  Without this
    change it was only possible to export the primary key by using the '!'
    suffix in the key specification.
    
    Also added a sample key for testing this.
    
    GnuPG-bug-id: 2957
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 g10/export.c                                       | 42 ++++++++++++++++++++++
 tests/openpgp/samplekeys/README                    |  2 ++
 .../samplekeys/rsa-primary-auth-only.pub.asc       | 23 ++++++++++++
 .../samplekeys/rsa-primary-auth-only.sec.asc       | 38 ++++++++++++++++++++
 4 files changed, 105 insertions(+)

diff --git a/g10/export.c b/g10/export.c
index f354ca0..8668126 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -2208,6 +2208,48 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
               latest_key = node;
             }
         }
+
+      /* If no subkey was suitable check the primary key.  */
+      if (!latest_key
+          && (node = keyblock) && node->pkt->pkttype == PKT_PUBLIC_KEY)
+        {
+          pk = node->pkt->pkt.public_key;
+          if (DBG_LOOKUP)
+            log_debug ("\tchecking primary key %08lX\n",
+                       (ulong) keyid_from_pk (pk, NULL));
+          if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH))
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key not usable for authentication\n");
+            }
+          else if (!pk->flags.valid)
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key not valid\n");
+            }
+          else if (pk->flags.revoked)
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key has been revoked\n");
+            }
+          else if (pk->has_expired)
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key has expired\n");
+            }
+          else if (pk->timestamp > curtime && !opt.ignore_valid_from)
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key not yet valid\n");
+            }
+          else
+            {
+              if (DBG_LOOKUP)
+                log_debug ("\tprimary key is fine\n");
+              latest_date = pk->timestamp;
+              latest_key = node;
+            }
+        }
     }
 
   if (!latest_key)
diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README
index 29524d5..6f2399f 100644
--- a/tests/openpgp/samplekeys/README
+++ b/tests/openpgp/samplekeys/README
@@ -17,3 +17,5 @@ E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection)
 rsa-rsa-sample-1.asc   RSA+RSA sample key (no passphrase)
 ed25519-cv25519-sample-1.asc  Ed25519+CV25519 sample key (no passphrase)
 silent-running.asc     Collection of sample secret keys (no passphrases)
+rsa-primary-auth-only.pub.asc  rsa2408 primary only, usage: cert,auth
+rsa-primary-auth-only.sec.asc  Ditto but the secret keyblock.
diff --git a/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc b/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc
new file mode 100644
index 0000000..f34999e
--- /dev/null
+++ b/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc
@@ -0,0 +1,23 @@
+pub   rsa2048 2017-02-14 [CA]
+      F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
+      Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
+uid           [ unknown] ssh://host.example.net
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
+Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
+S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
+ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
+SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
+j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAG0FnNzaDovL2hvc3QuZXhh
+bXBsZS5uZXSJAU4EEwEIADgWIQT3S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIb
+IQULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclV
+tM60+ydPNgUJwyRXpKdLIm/AtM1zOijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv3
+1NNDNMbUuFumApVrLzJUBugFRb+8/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYX
+Zy6uim8E4OlJ41S68fQcMiTxbLTCDkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXf
+dyoiDz9N1V0ERzmGEiPewvHg2zWcVia07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCy
+AyU3X8fL10XKWooCAU+t4hR5hXYxYTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9
+kV8icGkI6KXp
+=zMXp
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc b/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc
new file mode 100644
index 0000000..9d72421
--- /dev/null
+++ b/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc
@@ -0,0 +1,38 @@
+sec   rsa2048 2017-02-14 [CA]
+      F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
+      Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
+uid           [ unknown] ssh://host.example.net
+
+Passprase: none
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQOYBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
+Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
+S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
+ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
+SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
+j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAEAB/wN0yan4HIdQ+fU5i2c
+v0uknI9+i9zW8mWUi84Puks0K15CZ1VTLHC8JQ6hgq4twhw3HeS7GkJO3X2K4BuQ
+tggdIv94slqtQKaQ9XbNgYraz/AMXZtIiNy0FdGaGmM6rY+ccwxM9w1BFXn+48v4
+lzCUCq/2wX53wwDSC5dpRPw8km6+uksFh3dfY8kgfpjU/lUCCwQiooYrQhut1EGB
+lDLRHp2ntC1xsnowtdPzluIHFetFSnmn2ehGqXqXtXLAMF0HOirViO5dUVMuj2Pe
+ra3IYVYANYK/7FEsRXHxU6aB/BSnubb5EiqB1Oi1JNyMrvYZnRsoRUaMjVgjA4ne
+RwD5BADBZN2USYGgciDVh7kvTbrtS1igPhoe3xUUQsM0hVIEwBzG4A4pWXznIQyW
+BziVTnRNp953EbHJIYdn7vmJzdiRKI+hOvrF8dfvVsq+fp4pWxrc+zrC6qptpo6H
+IhkHWUpyfIPuTI8d+glIUIuDshwKau0UZ8VDTOYuRYEZX9PrAwQA15RdS3geA1cf
+UK/ZaKs5VnohcLtEE/z3BlvlQaEdHxSQJSLYC4By7zKVOFZlZkHk36IPikwYNTgc
+P57aLe7rwNZqPhADue1ZN6Ypetvrek55lAYL9XoPJ/mWaYz6oDWWW8vHYqEPk8OL
+N8/8a6DhK0iydXi9/ztHQllbOt0EUcsEAJBjX84FgIi3VRotRSEDN/tIhekNo8p6
+Pl8YF4V8A1hCVBEKRIcsPVx603DFiGFRcQQcBbblqVG4fpOYYgiBtEgJksRiMg/o
+kmVkl8BPrIhBGe2ez7byhhFvJDAoOWCdH0MWGaPGUoCGTDvd046GE8B3UWN9TSmo
+qAqfrUG0hQVQLEa0FnNzaDovL2hvc3QuZXhhbXBsZS5uZXSJAU4EEwEIADgWIQT3
+S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIbIQULCQgHAgYVCAkKCwIEFgIDAQIe
+AQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclVtM60+ydPNgUJwyRXpKdLIm/AtM1z
+OijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv31NNDNMbUuFumApVrLzJUBugFRb+8
+/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYXZy6uim8E4OlJ41S68fQcMiTxbLTC
+DkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXfdyoiDz9N1V0ERzmGEiPewvHg2zWc
+Via07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCyAyU3X8fL10XKWooCAU+t4hR5hXYx
+YTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9kV8icGkI6KXp
+=3QG9
+-----END PGP PRIVATE KEY BLOCK-----

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list