📄 keygen.c
字号:
/*____________________________________________________________________________
keymgmt.c
Copyright(C) 1998,1999 Network Associates, Inc.
All rights reserved.
PGP 6.5 Command Line
use the PGP SDK to generate a key.
$Id: keygen.c,v 1.16.6.2.2.1.2.1 1999/07/29 23:10:32 heller Exp $
____________________________________________________________________________*/
#include <stdio.h>
#include "pgpBase.h"
#include "pgpKeys.h"
#include "pgpErrors.h"
#include "pgpUserInterface.h"
#include "pgpUtilities.h"
#include "pgpEnv.h"
#include "pgpContext.h"
#include "pgpSDKPrefs.h"
#include "pgpFeatures.h"
#include "usuals.h"
#include "pgp.h"
#include "globals.h"
#include "prototypes.h"
#include "language.h"
#include "config.h"
void GetRSAStatus(PGPBoolean *haveRSAAlgorithm,
PGPBoolean *canGenerateKeys,
char *copyright)
{
PGPError err;
PGPUInt32 numAlgs;
*haveRSAAlgorithm = FALSE;
*canGenerateKeys = FALSE;
*copyright = '\0';
strcpy(copyright,"DSS/DH only support");
err = PGPCountPublicKeyAlgorithms( &numAlgs );
if( IsntPGPError( err ) )
{
PGPUInt32 algIndex;
for( algIndex = 0; algIndex < numAlgs; algIndex++ )
{
PGPPublicKeyAlgorithmInfo algInfo;
err = PGPGetIndexedPublicKeyAlgorithmInfo( algIndex, &algInfo );
if( IsntPGPError( err ) &&
algInfo.algID == kPGPPublicKeyAlgorithm_RSA )
{
*haveRSAAlgorithm = TRUE;
*canGenerateKeys = algInfo.canGenerate;
if (strstr(algInfo.info.longName, "CAPI") != NULL)
{
strcpy(copyright,
"Uses the Enhanced CAPI Provider for RSA support" );
}
else
{
strcpy(copyright, algInfo.info.copyright);
}
break;
}
}
}
}
/*
Get a passphrase from the user. Note: this function allocates
the new passphrase, but the caller is responsible for freeing
it with PGPFreeData() then removing it from the leaks list using
pgpRemoveFromPointerList( );
*/
PGPError pgpPassphraseDialogCmdline( struct pgpmainBones *mainbPtr,
PGPBoolean confirm, const char *prompt, char **passphrasePtr)
{
PGPContextRef context = mainbPtr->pgpContext;
struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
struct pgpenvBones *envbPtr=mainbPtr->envbPtr;
PGPMemoryMgrRef mmgr = PGPGetContextMemoryMgr( context );
PGPError err;
char *pass1;
char *pass2;
PGPUInt32 attempts = 1;
pgpAssertAddrValid( passphrasePtr, char * );
*passphrasePtr = NULL;
pass1 = PGPNewSecureData( mmgr, kMaxPassPhraseLength+1, 0 );
if( pass1 == NULL)
return kPGPError_OutOfMemory;
pass2 = PGPNewSecureData( mmgr, kMaxPassPhraseLength+1, 0 );
if( pass2 == NULL)
{
PGPFreeData(pass1);
return kPGPError_OutOfMemory;
}
pgpAppendToPointerList( mainbPtr->leaks, pass1 );
pgpAppendToPointerList( mainbPtr->leaks, pass2 );
for (;;)
{
if( filebPtr->pgpout ) {
if( prompt && *prompt != '\0')
fputs( prompt, filebPtr->pgpout);
fprintf( filebPtr->pgpout, LANG("\nEnter pass phrase: "));
fflush( filebPtr->pgpout );
}
/* hmm... how do i specify what fd to read from? */
pgpTtyGetString( pass1, kMaxPassPhraseLength, envbPtr->bShowpass ? stdout : NULL);
if( confirm ) {
if( filebPtr->pgpout ) {
fprintf( filebPtr->pgpout,
LANG("\nEnter same pass phrase again: "));
fflush( filebPtr->pgpout );
}
pgpTtyGetString( pass2, kMaxPassPhraseLength, envbPtr->bShowpass ? stdout : NULL);
if (strcmp(pass1,pass2)==0)
break;
fprintf(filebPtr->pgpout,
LANG("\n\007Error: Pass phrases were different. Try again."));
fflush( filebPtr->pgpout );
}
else break;
} /* for */
*passphrasePtr = pass1;
err = PGPFreeData(pass2);
pgpRemoveFromPointerList( mainbPtr->leaks, pass2 );
fprintf(filebPtr->pgpout, "\n");
pgpAssertNoErr(err);
return kPGPError_NoErr;
}
PGPError genhandler(PGPContextRef context, struct PGPEvent *event,
PGPUserValue userValue)
{
struct pgpmainBones *mainbPtr = (struct pgpmainBones *)userValue;
struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
PGPEnv *env = pgpContextGetEnvironment( context );
PGPUInt32 need;
PGPError err;
PGPInt32 pri;
PGPInt32 verbose = pgpenvGetInt( env, PGPENV_VERBOSE, &pri, &err );
PGPBoolean compatible = mainbPtr->envbPtr->compatible;
switch ( event->type ) {
case kPGPEvent_EntropyEvent:
/* how much entropy do we need?*/
need = event->data.entropyData.entropyBitsNeeded;
if(verbose)
fprintf( filebPtr->pgpout,
LANG("event %d: entropy needed: %d\n"),
event->type, need);
/* usually equals this...*/
/*need = PGPGlobalRandomPoolGetMinimumEntropy()*/
/* - PGPGlobalRandomPoolGetEntropy();*/
#if PGP_UNIX || PGP_WIN32
err = pgpAcquireEntropy( filebPtr, need );
#else
err = PGPCollectRandomDataDialog( context, need,
PGPOLastOption( context ) );
#endif
if( IsPGPError( err ) ) {
if(!compatible)
pgpShowError(filebPtr, err,__FILE__,__LINE__);
return err;
}
break;
case kPGPEvent_KeyGenEvent:
fprintf( filebPtr->pgpout,"%c", event->data.keyGenData.state);
fflush( filebPtr->pgpout );
break;
default:
/* ignore the event...*/
if(verbose)
fprintf( filebPtr->pgpout, LANG("event %d: unknown\n"),
event->type);
err = 0;
}
return err;
}
PGPError askMasterKeySize(struct pgpfileBones *filebPtr,
PGPPublicKeyAlgorithm sigalg, char *sigalgstr, PGPSize *numbits)
{
int i;
char scratch[8];
PGPError err;
for(i=0;i<3;i++) {
if( sigalg == kPGPPublicKeyAlgorithm_DSA ) {
fprintf(filebPtr->pgpout,
LANG("Pick your DSS ``master key'' size:\n"
"1) 1024 bits- Maximum size (Recommended)\n"
"Choose 1 or enter desired number of bits: "));
pgpTtyGetString(scratch, 5, filebPtr->pgpout);
if(strlen(scratch)==1) {
if(*scratch == '1')
*numbits=1024;
else
*numbits = -1;
} else
*numbits = atoi( scratch );
if( *numbits & 0x3f ) {
/* DSA keys must be multiple of 64 bits. round up a little.*/
*numbits += (64 - ( *numbits & 0x3f ));
}
if( *numbits >= 768 && *numbits <= 1024) {
err = kPGPError_NoErr;
goto done;
}
fprintf(filebPtr->pgpout,
LANG("\nKey size must range from 768-1024 bits.\n"));
} else {
/* RSA key size limited to no more than 2048 bits in sdk */
fprintf(filebPtr->pgpout, LANG("Pick your %s key size:\n"
"1) 1024 bits- High commercial grade, secure for many years\n"
"2) 2048 bits- \"Military\" grade, secure for forseeable future\n"
"Choose 1, 2, or enter desired number of bits: "), sigalgstr);
pgpTtyGetString(scratch, 5, filebPtr->pgpout);
if(strlen(scratch)==1) {
if(*scratch == '1')
*numbits=1024;
else if(*scratch == '2')
*numbits=2048;
else
*numbits = -1;
}
else
*numbits = atoi( scratch );
if( *numbits >= 768 && *numbits <= 2048) {
err = kPGPError_NoErr;
goto done;
}
fprintf(filebPtr->pgpout,
LANG("\nKey size must range from 768-2048 bits.\n"));
}
fprintf(filebPtr->pgpout, LANG("\nInvalid response\n\n"));
}
err = kPGPError_UserAbort;
done:
return err;
}
PGPError askKeySize(struct pgpfileBones *filebPtr,
PGPPublicKeyAlgorithm alg, char *algstr, PGPSize *numbits)
{
int i;
char scratch[8];
for(i=0;i<3;i++) {
fprintf(filebPtr->pgpout, LANG("Pick your %s key size:\n"
"1) 1024 bits- High commercial grade, secure for many years\n"
"2) 2048 bits- \"Military\" grade, secure for forseeable future\n"
"3) 3072 bits- Archival grade, slow, highest security\n"
"Choose 1, 2, 3, or enter desired number of bits: "), algstr);
pgpTtyGetString(scratch, 5, filebPtr->pgpout);
if(strlen(scratch)==1) {
if(*scratch == '1')
*numbits=1024;
else if(*scratch == '2')
*numbits=2048;
else if(*scratch == '3')
*numbits=3072;
else
*numbits=-1;
} else
*numbits = atoi( scratch );
if( *numbits >= 768 && *numbits <= 4096)
return kPGPError_NoErr;
fprintf( filebPtr->pgpout,
LANG("\nKey size must range from 768-4096 bits.\n"));
fprintf( filebPtr->pgpout, LANG("\nInvalid response\n"));
}
return kPGPError_UserAbort;
}
PGPError askKeyValidityPeriod( struct pgpfileBones *filebPtr,
const char *keytype,
PGPSize deflt, PGPSize maximum, PGPSize *validfor )
{
char scratch[8];
int i;
for( i=0; i<3; i++ ) {
fprintf( filebPtr->pgpout,
LANG("\nEnter the validity period of your %s key in days from 0 - %d\n"
"0 is forever (the default is %d): "), keytype, maximum, deflt);
fflush( filebPtr->pgpout );
pgpTtyGetString(scratch, 6 , filebPtr->pgpout);
if(strlen(scratch)==0)
*validfor=deflt;
else
*validfor=atoi(scratch);
if(*validfor >= 0 && *validfor <= maximum)
return kPGPError_NoErr;
fprintf( filebPtr->pgpout,
LANG("Validity must be between 0 and %d days!\n"), maximum);
}
return kPGPError_UserAbort;
}
PGPError askWhetherSubKey( struct pgpfileBones *filebPtr, PGPBoolean
*encOnly )
{
PGPBoolean ok=FALSE;
char scratch[8];
*encOnly=FALSE;
while(!ok) {
/* ask whether to generate a new signing key or to generate a*/
/* new encryption key for an existing signing key.*/
fprintf( filebPtr->pgpout,
LANG("Choose the type of key you want to generate\n"
"1) Generate a new signing key (default)\n"
"2) Generate an encryption key for an existing signing key\n"
"Choose 1 or 2: "));
fflush( filebPtr->pgpout );
pgpTtyGetString(scratch, 5, filebPtr->pgpout);
if(strlen(scratch)!=1)
scratch[1]='\0';
switch( scratch[0] ) {
case '\0':
case '1':
ok=TRUE;
break;
case '2':
*encOnly=TRUE;
ok=TRUE;
break;
default:
fprintf( filebPtr->pgpout, LANG("Invalid response\n"));
}
}
return kPGPError_NoErr;
}
PGPError askForMasterKey( struct pgpmainBones *mainbPtr, PGPKeyRef *mykey)
{
struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
PGPEnv *env = filebPtr->envbPtr->m_env;
PGPError err;
PGPInt32 pri;
char useridstr[kPGPMaxUserIDSize];
const char *myName = pgpenvGetCString( env, PGPENV_MYNAME, &pri );
PGPInt32 verbose = pgpenvGetInt( env, PGPENV_VERBOSE, &pri, &err );
PGPBoolean canencrypt;
PGPBoolean cansign = FALSE;
PGPBoolean isdisabled = FALSE;
PGPKeySetRef myset = NULL;
PGPKeyListRef mylist = NULL;
PGPKeyIterRef myiter = NULL;
fprintf( filebPtr->pgpout, LANG("\n"));
if ( myName != NULL && *myName != '\0' && pri >= PGPENV_PRI_CONFIG ) {
strcpy(useridstr, myName);
} else {
fprintf( filebPtr->pgpout,
LANG("Enter the user ID of your existing master key: ") );
fflush( filebPtr->pgpout );
pgpTtyGetString(useridstr, kPGPMaxUserIDSize-1 , filebPtr->pgpout);
}
err = pgpGetMatchingKeySet(mainbPtr, useridstr,
kMatch_NotDisabled | kMatch_NotExpired | kMatch_NotKeyServer,
&myset );
pgpAssertNoErr(err);
err = PGPOrderKeySet( myset, kPGPAnyOrdering, &mylist );
pgpAssertNoErr(err);
err = PGPNewKeyIter( mylist, &myiter );
pgpAssertNoErr(err);
err = PGPKeyIterRewind( myiter );
pgpAssertNoErr(err);
err = PGPKeyIterNext( myiter, mykey);
if( IsPGPError(err))
goto done;
while( *mykey != NULL ) {
/* simply choose the first key with the needed properties.
matches MYNAME and is not disabled and is a signing key, but is
not an encryption key.. */
err = PGPGetKeyBoolean( *mykey, kPGPKeyPropIsDisabled, &isdisabled );
pgpAssertNoErr(err);
err = PGPGetKeyBoolean( *mykey, kPGPKeyPropCanEncrypt, &canencrypt );
pgpAssertNoErr(err);
err = PGPGetKeyBoolean( *mykey, kPGPKeyPropCanSign, &cansign );
pgpAssertNoErr(err);
if( cansign ) {
if( verbose )
pgpShowKeyBrief( filebPtr, *mykey );
if( isdisabled )
goto next;
/* it's okay to have one that can already encrypt.
if( canencrypt )
goto next;
*/
break;
}
next:
err = PGPKeyIterNext( myiter, mykey);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -