/**************** * wrapper around do_we_trust, so we can ask whether to use the * key anyway. */ static int do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel ) { int rc; rc = do_we_trust( pk, trustlevel ); if( !opt.batch && !rc ) { print_pubkey_info(NULL,pk); print_fingerprint (pk, NULL, 2); tty_printf("\n"); tty_printf( _("It is NOT certain that the key belongs to the person named\n" "in the user ID. If you *really* know what you are doing,\n" "you may answer the next question with yes.\n")); tty_printf("\n"); if( cpr_get_answer_is_yes("untrusted_key.override", _("Use this key anyway? (y/N) ")) ) rc = 1; /* Hmmm: Should we set a flag to tell the user about * his decision the next time he encrypts for this recipient? */ } return rc; }
static int list_public_keys(void) { int r, i; struct sc_pkcs15_object *objs[32]; r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PUBKEY, objs, 32); if (r < 0) { fprintf(stderr, "Public key enumeration failed: %s\n", sc_strerror(r)); return 1; } if (verbose) printf("Card has %d public key(s).\n\n", r); for (i = 0; i < r; i++) { print_pubkey_info(objs[i]); printf("\n"); } return 0; }
/**************** * wrapper around do_we_trust, so we can ask whether to use the * key anyway. */ static int do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel ) { int rc; rc = do_we_trust( pk, trustlevel ); if( !opt.batch && !rc ) { print_pubkey_info(NULL,pk); print_fingerprint (pk, 2); tty_printf("\n"); tty_printf( _("It is NOT certain that the key belongs to the person named\n" "in the user ID. If you *really* know what you are doing,\n" "you may answer the next question with yes.\n")); tty_printf("\n"); if (is_status_enabled ()) { u32 kid[2]; char *hint_str; keyid_from_pk (pk, kid); hint_str = get_long_user_id_string ( kid ); write_status_text ( STATUS_USERID_HINT, hint_str ); xfree (hint_str); } if( cpr_get_answer_is_yes("untrusted_key.override", _("Use this key anyway? (y/N) ")) ) rc = 1; /* Hmmm: Should we set a flag to tell the user about * his decision the next time he encrypts for this recipient? */ } return rc; }
/**************** * Delete a public or secret key from a keyring. * r_sec_avail will be set if a secret key is available and the public * key can't be deleted for that reason. */ static int do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) { int rc = 0; KBNODE keyblock = NULL; KBNODE node; KEYDB_HANDLE hd = keydb_new (secret); PKT_public_key *pk = NULL; PKT_secret_key *sk = NULL; u32 keyid[2]; int okay=0; int yes; KEYDB_SEARCH_DESC desc; int exactmatch; *r_sec_avail = 0; /* search the userid */ classify_user_id (username, &desc); exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR || desc.mode == KEYDB_SEARCH_MODE_FPR16 || desc.mode == KEYDB_SEARCH_MODE_FPR20); rc = desc.mode? keydb_search (hd, &desc, 1):G10ERR_INV_USER_ID; if (rc) { log_error (_("key \"%s\" not found: %s\n"), username, g10_errstr (rc)); write_status_text( STATUS_DELETE_PROBLEM, "1" ); goto leave; } /* read the keyblock */ rc = keydb_get_keyblock (hd, &keyblock ); if (rc) { log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) ); goto leave; } /* get the keyid from the keyblock */ node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY ); if( !node ) { log_error("Oops; key not found anymore!\n"); rc = G10ERR_GENERAL; goto leave; } if( secret ) { sk = node->pkt->pkt.secret_key; keyid_from_sk( sk, keyid ); } else { /* public */ pk = node->pkt->pkt.public_key; keyid_from_pk( pk, keyid ); if(!force) { rc = seckey_available( keyid ); if( !rc ) { *r_sec_avail = 1; rc = -1; goto leave; } else if( rc != G10ERR_NO_SECKEY ) log_error("%s: get secret key: %s\n", username, g10_errstr(rc) ); else rc = 0; } } if( rc ) rc = 0; else if (opt.batch && exactmatch) okay++; else if( opt.batch && secret ) { log_error(_("can't do this in batch mode\n")); log_info (_("(unless you specify the key by fingerprint)\n")); } else if( opt.batch && opt.answer_yes ) okay++; else if( opt.batch ) { log_error(_("can't do this in batch mode without \"--yes\"\n")); log_info (_("(unless you specify the key by fingerprint)\n")); } else { if( secret ) print_seckey_info( sk ); else print_pubkey_info(NULL, pk ); tty_printf( "\n" ); yes = cpr_get_answer_is_yes( secret? "delete_key.secret.okay" : "delete_key.okay", _("Delete this key from the keyring? (y/N) ")); if( !cpr_enabled() && secret && yes ) { /* I think it is not required to check a passphrase; if * the user is so stupid as to let others access his secret keyring * (and has no backup) - it is up him to read some very * basic texts about security. */ yes = cpr_get_answer_is_yes("delete_key.secret.okay", _("This is a secret key! - really delete? (y/N) ")); } if( yes ) okay++; } if( okay ) { rc = keydb_delete_keyblock (hd); if (rc) { log_error (_("deleting keyblock failed: %s\n"), g10_errstr(rc) ); goto leave; } /* Note that the ownertrust being cleared will trigger a revalidation_mark(). This makes sense - only deleting keys that have ownertrust set should trigger this. */ if (!secret && pk && clear_ownertrusts (pk)) { if (opt.verbose) log_info (_("ownertrust information cleared\n")); } } leave: keydb_release (hd); release_kbnode (keyblock); return rc; }