static int pkcs7_import_keys (GMimeCryptoContext *context, GMimeStream *istream, GError **err) { #ifdef ENABLE_SMIME GMimePkcs7Context *ctx = (GMimePkcs7Context *) context; Pkcs7Ctx *pkcs7 = ctx->priv; gpgme_data_t keydata; gpgme_error_t error; if ((error = gpgme_data_new_from_cbs (&keydata, &pkcs7_stream_funcs, istream)) != GPG_ERR_NO_ERROR) { g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open input stream")); return -1; } /* import the key(s) */ if ((error = gpgme_op_import (pkcs7->ctx, keydata)) != GPG_ERR_NO_ERROR) { //printf ("import error (%d): %s\n", error & GPG_ERR_CODE_MASK, gpg_strerror (error)); g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not import key data")); gpgme_data_release (keydata); return -1; } gpgme_data_release (keydata); return 0; #else g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("S/MIME support is not enabled in this build")); return -1; #endif /* ENABLE_SMIME */ }
gboolean fu_keyring_add_public_key (FuKeyring *keyring, const gchar *filename, GError **error) { FuKeyringPrivate *priv = GET_PRIVATE (keyring); gpgme_error_t rc; gpgme_import_result_t result; gpgme_import_status_t s; g_auto(gpgme_data_t) data = NULL; g_return_val_if_fail (FU_IS_KEYRING (keyring), FALSE); g_return_val_if_fail (filename != NULL, FALSE); /* import public key */ g_debug ("Adding public key %s", filename); rc = gpgme_data_new_from_file (&data, filename, 1); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, "failed to load %s: %s", filename, gpgme_strerror (rc)); return FALSE; } rc = gpgme_op_import (priv->ctx, data); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, "failed to import %s: %s", filename, gpgme_strerror (rc)); return FALSE; } /* print what keys were imported */ result = gpgme_op_import_result (priv->ctx); for (s = result->imports; s != NULL; s = s->next) { g_debug ("importing key %s [%u] %s", s->fpr, s->status, gpgme_strerror (s->result)); } /* make sure keys were really imported */ if (result->imported == 0 && result->unchanged == 0) { g_debug("imported: %d, unchanged: %d, not_imported: %d", result->imported, result->unchanged, result->not_imported); g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, "key import failed %s", filename); return FALSE; } return TRUE; }
/* Deprecated interface. */ gpgme_error_t gpgme_op_import_ext (gpgme_ctx_t ctx, gpgme_data_t keydata, int *nr) { gpgme_error_t err = gpgme_op_import (ctx, keydata); if (!err && nr) { gpgme_import_result_t result = gpgme_op_import_result (ctx); *nr = result->considered; } return err; }
int main (int argc, char **argv) { gpgme_ctx_t ctx; gpgme_error_t err; gpgme_data_t in; gpgme_import_result_t result; char *cert_1 = make_filename ("cert_dfn_pca01.der"); char *cert_2 = make_filename ("cert_dfn_pca15.der"); init_gpgme (GPGME_PROTOCOL_CMS); err = gpgme_new (&ctx); fail_if_err (err); gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS); err = gpgme_data_new_from_file (&in, cert_1, 1); free (cert_1); fail_if_err (err); err = gpgme_op_import (ctx, in); fail_if_err (err); result = gpgme_op_import_result (ctx); check_result (result, "DFA56FB5FC41E3A8921F77AD1622EEFD9152A5AD", 1, 1); gpgme_data_release (in); err = gpgme_data_new_from_file (&in, cert_2, 1); free (cert_2); fail_if_err (err); err = gpgme_op_import (ctx, in); fail_if_err (err); result = gpgme_op_import_result (ctx); check_result (result, "2C8F3C356AB761CB3674835B792CDA52937F9285", 1, 2); gpgme_data_release (in); gpgme_release (ctx); return 0; }
int main (int argc, char *argv[]) { gpgme_ctx_t ctx; gpgme_error_t err; gpgme_data_t in; gpgme_import_result_t result; char *pubkey_1_asc = make_filename ("pubkey-1.asc"); char *seckey_1_asc = make_filename ("seckey-1.asc"); init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); fail_if_err (err); err = gpgme_data_new_from_file (&in, pubkey_1_asc, 1); free (pubkey_1_asc); fail_if_err (err); err = gpgme_op_import (ctx, in); fail_if_err (err); result = gpgme_op_import_result (ctx); check_result (result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", 0); gpgme_data_release (in); err = gpgme_data_new_from_file (&in, seckey_1_asc, 1); free (seckey_1_asc); fail_if_err (err); err = gpgme_op_import (ctx, in); fail_if_err (err); result = gpgme_op_import_result (ctx); check_result (result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", 1); gpgme_data_release (in); gpgme_release (ctx); return 0; }
SEXP R_gpg_import(SEXP pubkey) { gpgme_data_t KEY; bail(gpgme_data_new_from_mem(&KEY, (const char*) RAW(pubkey), LENGTH(pubkey), 0), "creating key buffer"); bail(gpgme_op_import(ctx, KEY), "importing pubkey"); gpgme_import_result_t result = gpgme_op_import_result(ctx); SEXP out = PROTECT(allocVector(INTSXP, 5)); INTEGER(out)[0] = result->considered; INTEGER(out)[1] = result->imported; INTEGER(out)[2] = result->secret_imported; INTEGER(out)[3] = result->new_signatures; INTEGER(out)[4] = result->new_revocations; UNPROTECT(1); return out; }
/* ------------------ * import ascii armored key * ------------------ */ int import_key(char* armored_key) { gpgme_error_t error; gpgme_ctx_t ctx; gpgme_data_t keydata; gpgme_import_result_t result; // connect to gpgme gpgme_check_version (NULL); error = gpgme_new(&ctx); if (error) { purple_debug_error(PLUGIN_ID,"gpgme_new failed: %s %s\n",gpgme_strsource (error), gpgme_strerror (error)); return FALSE; } purple_debug_info(PLUGIN_ID,"try to import key: %s\n",armored_key); // create data containers gpgme_data_new_from_mem (&keydata, armored_key,strlen(armored_key),1); // import key, ascii armored gpgme_set_armor(ctx,1); error = gpgme_op_import (ctx, keydata); if (error) { purple_debug_error(PLUGIN_ID,"gpgme_op_import: %s %s\n",gpgme_strsource (error), gpgme_strerror (error)); gpgme_release (ctx); return FALSE; } result = gpgme_op_import_result (ctx); purple_debug_info(PLUGIN_ID,"considered keys: %d; imported keys: %d; not imported keys: %d\n",result->considered,result->imported,result->not_imported); // release memory for data containers gpgme_data_release(keydata); // close gpgme connection gpgme_release (ctx); return TRUE; }
void import ( gpgme_ctx_t * context, telem_gpg_opts * options, int num_keys, char ** key_path ) { gpgme_error_t err; int url_mode = 0; int nul_mode = 0; gpgme_import_result_t impres; gpgme_data_t data; for (; num_keys; --num_keys, key_path++) { printf ("reading file `%s'\n", *key_path); err = gpgme_data_new_from_file(&data, *key_path, 1); fail_if_err(err); if (url_mode) gpgme_data_set_encoding( data, (nul_mode? GPGME_DATA_ENCODING_URL0 : GPGME_DATA_ENCODING_URL) ); err = gpgme_op_import(*context, data); fail_if_err(err); impres = gpgme_op_import_result(*context); if (!impres) { fprintf(stderr, "No import result returned\n"); exit(1); } print_import_result(impres); gpgme_data_release(data); } }
static PyObject * pygpgme_context_import(PyGpgmeContext *self, PyObject *args) { PyObject *py_keydata, *result; gpgme_data_t keydata; gpgme_error_t err; if (!PyArg_ParseTuple(args, "O", &py_keydata)) return NULL; if (pygpgme_data_new(&keydata, py_keydata)) return NULL; Py_BEGIN_ALLOW_THREADS; err = gpgme_op_import(self->ctx, keydata); Py_END_ALLOW_THREADS; gpgme_data_release(keydata); result = pygpgme_import_result(self->ctx); if (pygpgme_check_error(err)) { PyObject *err_type, *err_value, *err_traceback; PyErr_Fetch(&err_type, &err_value, &err_traceback); PyErr_NormalizeException(&err_type, &err_value, &err_traceback); if (!PyErr_GivenExceptionMatches(err_type, pygpgme_error)) goto end; if (result != NULL) { PyObject_SetAttrString(err_value, "result", result); Py_DECREF(result); } end: PyErr_Restore(err_type, err_value, err_traceback); return NULL; } return result; }
gboolean lr_gpg_import_key(const char *key_fn, const char *home_dir, GError **err) { gpgme_error_t gpgerr; int key_fd; gpgme_ctx_t context; gpgme_data_t key_data; assert(!err || *err == NULL); // Initialization gpgme_check_version(NULL); gpgerr = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP); if (gpgerr != GPG_ERR_NO_ERROR) { g_debug("%s: gpgme_engine_check_version: %s", __func__, gpgme_strerror(gpgerr)); g_set_error(err, LR_GPG_ERROR, LRE_GPGNOTSUPPORTED, "gpgme_engine_check_version() error: %s", gpgme_strerror(gpgerr)); return FALSE; } gpgerr = gpgme_new(&context); if (gpgerr != GPG_ERR_NO_ERROR) { g_debug("%s: gpgme_new: %s", __func__, gpgme_strerror(gpgerr)); g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR, "gpgme_new() error: %s", gpgme_strerror(gpgerr)); return FALSE; } gpgerr = gpgme_set_protocol(context, GPGME_PROTOCOL_OpenPGP); if (gpgerr != GPG_ERR_NO_ERROR) { g_debug("%s: gpgme_set_protocol: %s", __func__, gpgme_strerror(gpgerr)); g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR, "gpgme_set_protocol() error: %s", gpgme_strerror(gpgerr)); gpgme_release(context); return FALSE; } if (home_dir) { gpgerr = gpgme_ctx_set_engine_info(context, GPGME_PROTOCOL_OpenPGP, NULL, home_dir); if (gpgerr != GPG_ERR_NO_ERROR) { g_debug("%s: gpgme_ctx_set_engine_info: %s", __func__, gpgme_strerror(gpgerr)); g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR, "gpgme_ctx_set_engine_info() error: %s", gpgme_strerror(gpgerr)); gpgme_release(context); return FALSE; } } gpgme_set_armor(context, 1); // Key import key_fd = open(key_fn, O_RDONLY); if (key_fd == -1) { g_debug("%s: Opening key: %s", __func__, strerror(errno)); g_set_error(err, LR_GPG_ERROR, LRE_IO, "Error while opening key %s: %s", key_fn, strerror(errno)); gpgme_release(context); return FALSE; } gpgerr = gpgme_data_new_from_fd(&key_data, key_fd); if (gpgerr != GPG_ERR_NO_ERROR) { g_debug("%s: gpgme_data_new_from_fd: %s", __func__, gpgme_strerror(gpgerr)); g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR, "gpgme_data_new_from_fd(_, %d) error: %s", key_fd, gpgme_strerror(gpgerr)); gpgme_release(context); close(key_fd); return FALSE; } gpgerr = gpgme_op_import(context, key_data); gpgme_data_release(key_data); if (gpgerr != GPG_ERR_NO_ERROR) { g_debug("%s: gpgme_op_import: %s", __func__, gpgme_strerror(gpgerr)); g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR, "gpgme_op_import() error: %s", gpgme_strerror(gpgerr)); gpgme_release(context); close(key_fd); return FALSE; } close(key_fd); gpgme_release(context); return TRUE; }
int opkg_verify_file (char *text_file, char *sig_file) { #if defined HAVE_GPGME if (conf->check_signature == 0 ) return 0; int status = -1; gpgme_ctx_t ctx; gpgme_data_t sig, text, key; gpgme_error_t err; gpgme_verify_result_t result; gpgme_signature_t s; char *trusted_path = NULL; gpgme_check_version (NULL); err = gpgme_new (&ctx); if (err) return -1; sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg"); err = gpgme_data_new_from_file (&key, trusted_path, 1); free (trusted_path); if (err) { return -1; } err = gpgme_op_import (ctx, key); if (err) { gpgme_data_release (key); return -1; } gpgme_data_release (key); err = gpgme_data_new_from_file (&sig, sig_file, 1); if (err) { gpgme_release (ctx); return -1; } err = gpgme_data_new_from_file (&text, text_file, 1); if (err) { gpgme_data_release (sig); gpgme_release (ctx); return -1; } err = gpgme_op_verify (ctx, sig, text, NULL); result = gpgme_op_verify_result (ctx); if (!result) return -1; /* see if any of the signitures matched */ s = result->signatures; while (s) { status = gpg_err_code (s->status); if (status == GPG_ERR_NO_ERROR) break; s = s->next; } gpgme_data_release (sig); gpgme_data_release (text); gpgme_release (ctx); return status; #elif defined HAVE_OPENSSL X509_STORE *store = NULL; PKCS7 *p7 = NULL; BIO *in = NULL, *indata = NULL; // Sig check failed by default ! int status = -1; openssl_init(); // Set-up the key store if(!(store = setup_verify(conf->signature_ca_file, conf->signature_ca_path))){ opkg_msg(ERROR, "Can't open CA certificates.\n"); goto verify_file_end; } // Open a BIO to read the sig file if (!(in = BIO_new_file(sig_file, "rb"))){ opkg_msg(ERROR, "Can't open signature file %s.\n", sig_file); goto verify_file_end; } // Read the PKCS7 block contained in the sig file p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); if(!p7){ opkg_msg(ERROR, "Can't read signature file %s (Corrupted ?).\n", sig_file); goto verify_file_end; } #if defined(HAVE_PATHFINDER) if(conf->check_x509_path){ if(!pkcs7_pathfinder_verify_signers(p7)){ opkg_msg(ERROR, "pkcs7_pathfinder_verify_signers: " "Path verification failed.\n"); goto verify_file_end; } } #endif // Open the Package file to authenticate if (!(indata = BIO_new_file(text_file, "rb"))){ opkg_msg(ERROR, "Can't open file %s.\n", text_file); goto verify_file_end; } // Let's verify the autenticity ! if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1){ // Get Off My Lawn! opkg_msg(ERROR, "Verification failure.\n"); }else{ // Victory ! status = 0; } verify_file_end: BIO_free(in); BIO_free(indata); PKCS7_free(p7); X509_STORE_free(store); return status; #else /* mute `unused variable' warnings. */ (void) sig_file; (void) text_file; (void) conf; return 0; #endif }
void c_gpgme::load_public_key ( const std::string &filename ) { auto key_file_ptr = load_file(filename); m_error_code = gpgme_op_import(m_ctx, *key_file_ptr); }
int opkg_verify_gpg_signature(const char *file, const char *sigfile) { int status = -1; int ret = -1; gpgme_ctx_t ctx; int have_ctx = 0; gpgme_data_t sig, text, key; int have_sig = 0, have_text = 0, have_key = 0; gpgme_error_t err; gpgme_verify_result_t result; gpgme_signature_t s; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; char *trusted_path = NULL; if (opkg_config->check_signature == 0) return 0; gpgme_check_version(NULL); err = gpgme_new(&ctx); if (err) { opkg_msg(ERROR, "Unable to create gpgme context: %s\n", gpg_strerror(err)); goto out_err; } have_ctx = 1; err = gpgme_set_protocol(ctx, protocol); if (err) { opkg_msg(ERROR, "Unable to set gpgme protocol to OpenPGP: %s\n", gpg_strerror(err)); goto out_err; } trusted_path = root_filename_alloc("/etc/opkg/trusted.gpg"); if (!trusted_path) { opkg_msg(ERROR, "Out of memory!\n"); goto out_err; } err = gpgme_data_new_from_file(&key, trusted_path, 1); if (err) { opkg_msg(ERROR, "Unable to get data from file %s: %s\n", trusted_path, gpg_strerror(err)); goto out_err; } have_key = 1; err = gpgme_op_import(ctx, key); if (err) { opkg_msg(ERROR, "Unable to import key from file %s: %s\n", trusted_path, gpg_strerror(err)); goto out_err; } err = gpgme_data_new_from_file(&sig, sigfile, 1); if (err) { opkg_msg(ERROR, "Unable to get data from file %s: %s\n", sigfile, gpg_strerror(err)); goto out_err; } have_sig = 1; err = gpgme_data_new_from_file(&text, file, 1); if (err) { opkg_msg(ERROR, "Unable to get data from file %s: %s\n", file, gpg_strerror(err)); goto out_err; } have_text = 1; err = gpgme_op_verify(ctx, sig, text, NULL); if (err) { opkg_msg(ERROR, "Unable to verify signature: %s\n", gpg_strerror(err)); goto out_err; } result = gpgme_op_verify_result(ctx); if (!result) { opkg_msg(ERROR, "Unable to get verification data: %s\n", gpg_strerror(err)); goto out_err; } /* see if any of the signitures matched */ s = result->signatures; while (s) { status = gpg_err_code(s->status); if (status == GPG_ERR_NO_ERROR) { ret = 0; break; } s = s->next; } out_err: if (have_sig) gpgme_data_release(sig); if (have_text) gpgme_data_release(text); if (have_key) gpgme_data_release(key); if (trusted_path) free(trusted_path); if (have_ctx) gpgme_release(ctx); return ret; }