gpg-agent: add new CACHE_MODE_EXPORT
6915baf507e3Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

This commit no longer exists in the repository. It may have been part of a branch which was deleted.This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

gpg-agent: add new CACHE_MODE_EXPORT

* agent/agent.h: define CACHE_MODE_EXPORT
* agent/call-pinentry.c (agent_askpin, agent_get_passphrase): use "e/"
as the prefix for SETKEYINFO when in CACHE_MODE_EXPORT.
(agent_clear_passphrase): allow clearing the export cache.
* agent/command.c (cmd_clear_passphrase): add --mode=export.
(cmd_export_key): use CACHE_MODE_EXPORT.
* tests/openpgp/export.scm: no need to feed passphrases during export,
already cached.

We don't want secret keys to be able to be exported automatically
based on the same system passphrase cache used by standard decryption
or signing operations.

So we introduce a "export" cache mode which can be used by EXPORT_KEY.

I confess i don't fully understand the changes made to
tests/openpgp/export.scm -- i'm not sure why the passphrase is already
supplied in this case.

Gnupg-Bug-Id: T4522
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Details

Provenance

dkg	Authored on May 20 2019, 9:06 PM

Event Timeline

dkg committed rG6915baf507e3: gpg-agent: add new CACHE_MODE_EXPORT (authored by dkg).May 20 2019, 11:34 PM

Commit No Longer Exists

This commit no longer exists in the repository.