pgpk.c

著名的加密软件的应用于电子邮件中

Public Key written to %s\n\
Private Key written to %s\n", pub, sec);

	return error;
}

static int
doKeyDisable (struct PgpEnv *env, int argc, char *argv[],
	struct PgpTtyUI *ui_arg)
{
	struct RingSet *pubring = NULL;
	struct RingSet *keys = NULL;
	char const *pub;
	union RingObject *obj;
#if 0
	struct RingIterator *iter;
#endif
	int disabled;
	int done_something = 0;
	int err;
	(void) ui_arg;

	mainOpenPubSec(env, &pub, &pubring, NULL, NULL, stderr);
	if (!pubring) {
		fprintf (stderr, "No keys in pubring\n");
		return 0;
	}

#if 0
	selectKeyArgs (env, argc, argv, pub, pubring, &keys, 0);
	ringSetFreeze (keys);
#else
	/* Select object to remove */
	err = selectRingObject(env, argc, argv, pub, pubring, RINGTYPE_KEY,
			"to disable or enable", stderr, &obj);
	keys = pubring;
	if (err <= 0) {
		return 0;
	}
	pgpAssert(ringObjectType(obj) == RINGTYPE_KEY);
#endif

	disabled = ringKeyDisabled (keys, obj);
	fprintf (stderr, "\n");
	ringKeyPrint (stderr, keys, obj, 1);
	fprintf (stderr, "\n");
	if (disabled) {
	fprintf (stderr, "Re-enable this key? (y/N) ");
		if (pgpTtyGetBool (0, stderr)) {
		ringKeyEnable (pubring, obj);
			done_something = 1;
			fprintf (stderr, "\nKey re-enabled.\n");
		}
	}
	else {
	fprintf (stderr, "Disable this key? (y/N) ");
		if (pgpTtyGetBool (0, stderr)) {
		ringKeyDisable (pubring, obj);
			done_something = 1;
			fprintf (stderr,"\nKey disabled.\n");
		}
	}
	ringSetDestroy (keys);
	/* Uncomment if disabled keys cannot participate in trust computation
	if (done_something) {
		reloadAllKeys (env, 0, 1); [* no untrusted keyrings *]
	return mainDoMaint ((void *) ui_arg, allkeys, 2, allkeys);
	}
*/
	return 0;
}

static int
doKeyCheck (struct PgpEnv *env, struct Flags *flags, int argc, char *argv[],
	struct PgpTtyUI *ui_arg)
{
	struct RingSet *pubring = NULL;
	struct RingSet *keys;
	char const *pub;

	(void)flags;
	mainOpenPubSec(env, &pub, &pubring, NULL, NULL, stderr);

	if (!pubring) {
		fprintf (stderr, "No keys in pubring\n");
		return 0;
	}
	
	reloadAllKeys (env, 0, 1); /* no untrusted keyrings */
	fprintf (stderr, "\n");
	if (argc > 0) {
		selectKeyArgs (env, argc, argv, pub,
				pubring, &keys, 0);
		ringSetFreeze (keys);
		ringTtyKeyView ((void *) ui_arg, keys, allkeys, NULL, 3);
		ringSetDestroy (keys);
	} else {
		int err = mainDoMaint ((void *) ui_arg, allkeys, 2, NULL);
		if (err < 0) {
			ringSetDestroy(pubring);
			return err;
		}
		ringTtyKeyView ((void *) ui_arg, allkeys, allkeys, NULL, 4);
	}
	ringSetDestroy(pubring);
	return 0;
}


static int
doKeyList (struct PgpEnv *env, struct Flags *flags, int argc, char *argv[],
	struct PgpTtyUI *ui_arg)
{
	/* struct RingSet *pubring = NULL; */
	struct RingSet *keys;
	char const *pub = NULL;
	int list_mode = 0;

	/*	mainOpenPubSec(env, &pub, &pubring, NULL, NULL, stderr); */
	loadAllKeys (env, 0, 0);
	selectKeyArgs (env, argc, argv, pub, allkeys, &keys, 1);
	/*	ringSetDestroy(pubring); */
	ringSetFreeze (keys);

	if (flags->argc > 0 && flags->args[0] == 'l')
	list_mode = 2; /* verbose */
	fprintf (stderr, "\n");
	ringTtyKeyView ((void *) ui_arg, keys, allkeys, NULL, list_mode);

	ringSetDestroy (keys);
	return 0;
}

/*
* Give the user an opportunity to edit the trust of object obj.
* Return 1 if he changes it, 0 if he does not.
* firsttime means that we have not previously had a trust value for
* this key, which changes the wording of the questions somewhat.
* If PGPTRUSTMODEL is 0, obj should be a key, else it should be a name.
* The key and/or name should have been printed just before this routine
* is called.
*/
static int
doKeyEditTrust(union RingObject *obj, struct RingSet *set, int firsttime,
	FILE *log)
{
	byte keytrust;
	word16 oldtrust;
	unsigned long confvalue;
	unsigned long trustcode;
	int len;
	PgpTrustModel pgptrustmodel;
	char buf[8];		/* enough for 7 digit response */

	if (firsttime) {
		fprintf (log,
"Do you want to change your estimate of this key owner's reliability\n"\
"as an introducer of other keys (y/N)? ");
		if (!pgpTtyGetBool(0, log)) {
			fprintf (log,
"No changes made.\n");
			return 0;
		}
		fprintf (log,
"\n"\
"Make a determination in your own mind whether this key actually\n"\
"belongs to the person whom you think it belongs to, based on available\n"\
"evidence.  If you think it does, then based on your estimate of\n"\
"that person's integrity and competence in key management, answer\n"\
"the following question:\n");
	}

	pgptrustmodel = pgpTrustModel(ringpool);
	if (pgptrustmodel == PGPTRUST0) {
		fprintf (log,
"\nWould you trust this key owner\n"\
"to act as an introducer and certify other people's public keys to you?\n"\
"(1=I don't know. 2=No. 3=Usually. 4=Yes, always.) ? ");
		len = pgpTtyGetString (buf, 2, log);
		if (!len) {
			fprintf (log,
	"No changes made.\n");
			return 0;
		}
		trustcode = atoi(buf);
		switch (trustcode) {
		case 1:
			keytrust = PGP_KEYTRUST_UNKNOWN;
			break;
		case 2:
			keytrust = PGP_KEYTRUST_NEVER;
			break;
		case 3:
			keytrust = PGP_KEYTRUST_MARGINAL;
			break;
		case 4:
			keytrust = PGP_KEYTRUST_COMPLETE;
			break;
		default:
			fprintf (log,
	"Unrecognized response.\n");
			fprintf (log,
	"No changes made.\n");
			return 0;
		}	
		ringKeySetTrust(set, obj, keytrust);
	} else {					/* New trust model */
		fprintf (log,
"\nDescribe the confidence you have in this person as an introducer.\n"\
"What are the odds that this key owner is going to be wrong about\n"\
"a key which he has signed as an introducer?\n");
		if (!firsttime) {
			oldtrust = ringNameConfidence (set, obj);
			if (oldtrust==PGP_TRUST_INFINITE)
				fprintf (log,
"(Currently he is listed as having essentially zero chance"\
" of being wrong.)\n");
			else if (oldtrust==0)
				fprintf (log,
"(Currently he is listed as not having any confidence as an introducer.)\n");
			else {
				int d = oldtrust-PGP_TRUST_DECADE-PGP_TRUST_OCTAVE;
				int i;
				unsigned long l;
				fprintf (log,
"(Currently he is listed as having a one in ");
				if (d < 0)
					d = 0;
				d -= d % PGP_TRUST_DECADE;
				i = d / PGP_TRUST_DECADE;
				l = ringTrustToInt(oldtrust - d);
				if (i)
					fprintf(log, "%lu%0*u", l, i, 0);
				else
					fprintf(log, "%lu", l);
				fprintf (log,
						" chance of being wrong.)\n");
			}
		}
		fprintf (log,
"Enter a number from 1 to 2 million");
		if (!firsttime)
			fprintf (log,
", or hit return to leave unchanged.");
		fprintf (log,
"\nHe will be wrong one time in: ");
		len = pgpTtyGetString (buf, sizeof(buf), log);
		if (!len) {
			fprintf (log,
"No changes made.\n");
			return 0;
		}
		trustcode = strtoul(buf, NULL, 0);
		confvalue = ringIntToTrust(trustcode);
		ringNameSetConfidence(set, obj, confvalue);
	}
	return 1;	 	/* made a change */
}


/* Helper routine for doKeyEdit, when the key being edited is someone else's */
static int
doKeyEditOthers(struct PgpEnv *env, struct Flags *flags, union RingObject *obj,
		const char *pub, struct RingSet *pubring, const char *sec,
		struct RingSet *secring, struct PgpTtyUI *ui_arg)
{
	struct RingSet *tring;
	union RingObject *name;
	int err;
	PgpTrustModel pgptrustmodel;

	(void) flags;
	(void) pub;
	(void) sec;
	(void) secring;

	pgptrustmodel = pgpTrustModel(ringpool);
	if (pgptrustmodel == PGPTRUST0) {
		err = doKeyEditTrust(obj, pubring, 0, stderr);
	} else {
		/* New trust model works on a per user ID basis. Must select one. */
		tring = ringSetCreate(ringpool);
		if (!tring) {
			return ringPoolError(ringpool)->error;
		}
		ringSetAddHierarchy(tring, pubring, obj);
		ringSetFreeze(tring);

		err = selectChildObject(env, tring, RINGTYPE_NAME, "to edit", stderr,
					&name);
		ringSetDestroy(tring);
		if (err < 0)
			return err;

		fprintf (stderr, "\n");
		ui_arg->fp = stderr;
		ringTtyShowKey(ui_arg, obj, pubring, 0);
		ringObjectRelease(obj);

		err = doKeyEditTrust(name, pubring, 0, stderr);
	}
	if (err < 0)
		return err;
	if (err == 0)
		return 0;	/* No changes made */
	fprintf (stderr,
"Public keyring updated.\n");

	reloadAllKeys (env, 0, 1);
	err = mainDoMaint ((void *) ui_arg, allkeys, 0, NULL);
	ringSetDestroy(pubring);
	ringSetDestroy(secring);
	return err;
}

/*
* Helper routine for doKeyEditSelf, to change a pass phrase.
* If parent is non-NULL, it is a subkey pass phrase.
* secobj is the object getting its pass phrase changed, with seckey
* having been made from it.
*/
static int
doKeyChangePassphrase(struct PgpEnv *env, struct PgpTtyUI *ui_arg,
	struct RingSet *set, struct PgpSecKey *seckey,
	union RingObject *secobj, union RingObject *parent)
{
	word32 validity;
	union RingObject *newsecobj;
	struct PgpKeySpec *keyspec = NULL;
	PgpVersion version;
	int err;

	fprintf (stderr, "\n");
	if (!rng)
		rng = pgpRandomCreate ();
	err = setPassword (env, seckey, ui_arg);
	if (err < 0)
		return err;
	keyspec = pgpKeySpecCreate (env);
	if (!keyspec)
		return PGPERR_NOMEM;
	/* We need to make this keyspec just like the existing one */
	/* XXX This could be put into the ABI */
	pgpKeySpecSetCreation(keyspec,
			ringKeyCreation(allkeys, secobj));
	/* Fix "version bug", don't change version from earlier one. */
	version = ringSecVersion(allkeys, secobj);
	pgpKeySpecSetVersion(keyspec, version);
	validity = ringKeyExpiration(allkeys, secobj);
	if (validity != 0) {
		validity -= ringKeyCreation(allkeys, secobj);
		validity /= 3600*24;
	}
	pgpKeySpecSetValidity(keyspec, validity);

	newsecobj = ringCreateSec (set, parent, seckey, keyspec,
				seckey->pkAlg);
	pgpKeySpecDestroy(keyspec);
	if (!newsecobj)
		return ringSetError(set)->error;
	return 0;
}


/* Helper routine for doKeyEdit, when the key being edited belongs to us */
static int
doKeyEditSelf(struct PgpEnv *env, struct Flags *flags, union RingObject *obj,
	const char *pub, struct RingSet *pubring, const char *sec,
	struct RingSet *secring, struct PgpTtyUI *ui_arg)
{
	union RingObject *subobj;
	struct RingSet *pubset=NULL, *secset=NULL;
	struct PgpSigSpec *sigspec = NULL;
	struct PgpSecKey *seckey = NULL, *subkey = NULL;
	int needwritesec=0, needwritepub=0;
	int err = 0;

	(void)flags;		/* make the compiler happy */
	loadAllKeys(env, 1, 0);
	
	pub = pgpenvGetString (env, PGPENV_PUBRING, NULL, NULL);
	if (!pub) {
		fprintf (stderr,
			"Unknown pubring file, assuming \"pubring.pkr\"\n");
		pub = "pubring.pkr";
	}
	pubring = mainOpenRingfile (env, ringpool, pub, "public", 1);

	/* Create copies of pub and secret sets */
	secset = ringSetCreate (ringpool);
	pubset = ringSetCreate (ringpool);
	if (!secset || !pubset) {
		err = ringPoolError(ringpool)->error;
		goto cleanup;
	}
	ringSetAddSet(secset, secring);
	ringSetAddSet(pubset, pubring);

	seckey = ringSecSecKey(allkeys, obj, 0);
	ui_arg->ringset = allkeys;
	err = pgpTtyUnlockSeckey (ui_arg, obj, seckey,
"\nYou need a pass phrase to unlock your private key.\n");
	if (err < 0)
		goto cleanup;

	if (!ringKeyAxiomatic(allkeys, obj)) {
		fprintf (stderr,
"\nUse this key as an ultimately-trusted introducer (y/N)? ");
		if (pgpTtyGetBool (0, stderr)) {
			ringKeySetAxiomatic (allkeys, obj);
			fprintf (stderr,
"\nKey has been marked as having ultimate confidence.\n");
			needwritepub = 1;
		}
	}
	fprintf (stderr,
"\nDo you want to add a new user ID (y/N)? ");
	if (pgpTtyGetBool (0, stderr)) {
		union RingObject *nameobj;
		char namebuf[256];
		int namelen;

		fprintf (stderr,
"Enter the new user ID: ");
		namelen = pgpTtyGetString (namebuf, sizeof (namebuf), stderr);
		if (!namelen) {
			fprintf (stderr,
"No name entered.\n");
			goto cleanup;
		}
		nameobj = ringCreateName (secset, obj, namebuf, namelen);
		if (!nameobj) {
			err = ringSetError(secset)->error;
			goto cleanup;
		}
		ringSetAddObject(pubset, nameobj);
		/* Setting key axiomatic sets name trust as well */
		ringKeySetAxiomatic(pubset, obj);

		fprintf (stderr,
"Make this user ID the primary user ID for this key (y/N)? ");
		if (pgpTtyGetBool(0, stderr)) {
			ringRaiseName(secset, nameobj);
			ringRaiseName(pubset, nameobj);
		}

		sigspec = pgpSigSpecCreate (env, seckey,
					PGP_SIGTYPE_KEY_GENERIC);
		if (!rng)
			rng = pgpRandomCreate();
		if (!sigspec || !rng) {
			err = PGPERR_NOMEM;
			goto cleanup;
		}
		err = ringSignObject (pubset, nameobj, sigspec, rng);
		pgpSigSpecDestroy(sigspec);
		sigspec = NULL;
		if (err < 0)
			goto cleanup;
		needwritesec = needwritepub = 1;
	}

	subobj = ringKeySubkey(allkeys, obj);
	if (subobj)
		fprintf (stderr,
"\nDo you want to change your signature key pass phrase (y/N)? ");
	else
		fprintf (stderr,
"\nDo you want to change your pass phrase (y/N)? ");
	if (pgpTtyGetBool(0, stderr)) {
		err = doKeyChangePassphrase(env, ui_arg, secset,
					seckey, obj, NULL);
		if (err < 0)
			goto cleanup;
		needwritesec = 1;
	}
	
	if (subobj && ringKeyIsSec(secset, subobj)) {
		fprintf (stderr,
"\nDo you want to change your encryption key pass phrase (y/N)? ");
		if (pgpTtyGetBool(0, stderr)) {
			subkey = ringSecSecKey(allkeys, subobj, 0);
			pgpAssert(subkey);
			err = pgpTtyUnlockSeckey (ui_arg, obj, subkey,
"\nYou need a pass phrase to unlock your private encryption key.\n");
		if (err < 0)
				goto cleanup;
			err = doKeyChangePassphrase(env, ui_arg, secset,
						subkey, subobj, obj);
			if (err < 0)
				goto cleanup;
			needwritesec = 1;
		}
	}