void
update_keys (FILE * keys)
{
FILE *privring, *privlock;
char line[1024];
long pos;
unsigned long exp, expmax;
int sk = 0, pk = 0, tk = 0;
mix_lock ("secring", &privlock);
if ((privring = try_open_mix_file (SECRING, "r+")) == NULL)
mix_unlock ("secring", privlock);
else
{
/* We're a remailer */
expmax = time (NULL) + KEYOVERLAP * SECONDSPERDAY;
while ((pos = next_key (privring)) != -1)
{
if (keyheader (privring, pos, KEY_VERSION, line) == -1)
pk++; /* permanent key, old version */
if ((keyheader (privring, pos, KEY_TYPE, line) != -1) &&
(streq (line, "sig")))
sk++; /* signature key */
else if (keyheader (privring, pos, KEY_EXPIRES, line) == -1)
pk++; /* permanent key */
else
{
sscanf (line, "%lu", &exp);
if (exp <= (unsigned long) time (NULL))
{
fseek (privring, pos, SEEK_SET);
/* OVERWRITE UNTIL END OF KEY */
}
else
{
expmax = exp;
tk++; /* temporary key */
}
}
}
fclose (privring);
mix_unlock ("secring", privlock);
#ifdef NEW
if (sk == 0)
generate_key (KEY_TYPE "sig\n");
#endif
if (pk == 0)
generate_key ("");
for (; tk < CREATEKEYS; tk++)
{
sprintf (line, KEY_VALID "%lu\n" KEY_EXPIRES "%lu\n",
expmax - KEYOVERLAP * SECONDSPERDAY,
expmax + (KEYVALIDITY - KEYOVERLAP) * SECONDSPERDAY);
expmax += (KEYVALIDITY - KEYOVERLAP) * SECONDSPERDAY;
generate_key (line);
}
/* write our public keys to file */
write_keyfile ();
}
if (keys != NULL)
read_key_file (keys);
expire_pub_keys ();
}
int
main(int argc, char *argv[])
{
int i;
int opt;
int temp;
char *newKeyFile = NULL;
while(1) {
opt = getopt_long(argc, argv, "a:dfk:K:m:p:r:vVW:", long_options, NULL);
if(opt == -1)
break;
switch(opt) {
case 'd':
mode = MD_DECRYPT;
break;
case 'W':
mode = MD_WRITE_KEYFILE;
newKeyFile = optarg;
break;
case 'k':
keyfile = optarg;
break;
case 'p':
keyprog = optarg;
break;
case 'f':
optionForce = 1;
break;
case 'r':
randomKeyLen = atoi(optarg);
if(randomKeyLen > 64*1024) {
fprintf(stderr, "ERROR: keys larger than 64KiB are "
"not supported\n");
exit(1);
}
break;
case 'K':
fprintf(stderr, "WARNING: specifying the actual key "
"via the command line is highly insecure\n"
"Do NOT use this for PRODUCTION use.\n");
cry_key = optarg;
cry_keylen = strlen(cry_key);
break;
case 'a':
temp = rsgcryAlgoname2Algo(optarg);
if(temp == GCRY_CIPHER_NONE) {
fprintf(stderr, "ERROR: algorithm \"%s\" is not "
"kown/supported\n", optarg);
exit(1);
}
cry_algo = temp;
break;
case 'm':
temp = rsgcryModename2Mode(optarg);
if(temp == GCRY_CIPHER_MODE_NONE) {
fprintf(stderr, "ERROR: cipher mode \"%s\" is not "
"kown/supported\n", optarg);
exit(1);
}
cry_mode = temp;
break;
case 'v':
verbose = 1;
break;
case 'V':
fprintf(stderr, "rsgtutil " VERSION "\n");
exit(0);
break;
case '?':
break;
default:fprintf(stderr, "getopt_long() returns unknown value %d\n", opt);
return 1;
}
}
setKey();
if(mode == MD_WRITE_KEYFILE) {
if(optind != argc) {
fprintf(stderr, "ERROR: no file parameters permitted in "
"--write-keyfile mode\n");
exit(1);
}
write_keyfile(newKeyFile);
} else {
if(optind == argc)
decrypt("-");
else {
for(i = optind ; i < argc ; ++i)
decrypt(argv[i]);
}
}
memset(cry_key, 0, cry_keylen); /* zero-out key store */
cry_keylen = 0;
return 0;
}
