X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/213e565ffaaa420441d7a8d25f995358c5f9f30f..946c3f725423fb5b822d809f1befb8c361ac2625:/catcrypt.c?ds=sidebyside diff --git a/catcrypt.c b/catcrypt.c index bbe4660..fdb8473 100644 --- a/catcrypt.c +++ b/catcrypt.c @@ -153,6 +153,7 @@ static int encrypt(int argc, char *argv[]) enc *e; #define f_bogus 1u +#define f_nocheck 2u for (;;) { static const struct option opt[] = { @@ -162,9 +163,10 @@ static int encrypt(int argc, char *argv[]) { "armor", 0, 0, 'a' }, { "format", OPTF_ARGREQ, 0, 'f' }, { "output", OPTF_ARGREQ, 0, 'o' }, + { "nocheck", 0, 0, 'C' }, { 0, 0, 0, 0 } }; - i = mdwopt(argc, argv, "k:s:af:o:", opt, 0, 0, 0); + i = mdwopt(argc, argv, "k:s:af:o:C", opt, 0, 0, 0); if (i < 0) break; switch (i) { case 'k': kn = optarg; break; @@ -172,6 +174,7 @@ static int encrypt(int argc, char *argv[]) case 'a': ef = "pem"; break; case 'f': ef = optarg; break; case 'o': of = optarg; break; + case 'C': f |= f_nocheck; break; default: f |= f_bogus; break; } } @@ -210,7 +213,7 @@ static int encrypt(int argc, char *argv[]) key_fulltag(k, &d); e = initenc(eo, ofp, "CATCRYPT ENCRYPTED MESSAGE"); km = getkem(k, "cckem", 0); - if ((err = km->ops->check(km)) != 0) + if (!(f & f_nocheck) && (err = km->ops->check(km)) != 0) moan("key %s fails check: %s", d.buf, err); if (sk) { dstr_reset(&d); @@ -303,6 +306,7 @@ static int encrypt(int argc, char *argv[]) return (0); #undef f_bogus +#undef f_nocheck } /*---- Decryption ---------------------------------------------------------*/ @@ -337,6 +341,7 @@ static int decrypt(int argc, char *argv[]) #define f_bogus 1u #define f_buffer 2u +#define f_nocheck 4u for (;;) { static const struct option opt[] = { @@ -345,17 +350,19 @@ static int decrypt(int argc, char *argv[]) { "buffer", 0, 0, 'b' }, { "verbose", 0, 0, 'v' }, { "quiet", 0, 0, 'q' }, + { "nocheck", 0, 0, 'C' }, { "format", OPTF_ARGREQ, 0, 'f' }, { "output", OPTF_ARGREQ, 0, 'o' }, { 0, 0, 0, 0 } }; - i = mdwopt(argc, argv, "abf:o:qv", opt, 0, 0, 0); + i = mdwopt(argc, argv, "abf:o:qvC", opt, 0, 0, 0); if (i < 0) break; switch (i) { case 'a': ef = "pem"; break; case 'b': f |= f_buffer; break; case 'v': verb++; break; case 'q': if (verb) verb--; break; + case 'C': f |= f_nocheck; break; case 'f': ef = optarg; break; case 'o': of = optarg; break; default: f |= f_bogus; break; @@ -427,7 +434,7 @@ static int decrypt(int argc, char *argv[]) s = getsig(sk, "ccsig", 0); dstr_reset(&d); key_fulltag(sk, &d); - if (verb && (err = s->ops->check(s)) != 0) + if (!(f & f_nocheck) && verb && (err = s->ops->check(s)) != 0) printf("WARN verification key %s fails check: %s\n", d.buf, err); dstr_reset(&d); dstr_ensure(&d, 1024); @@ -535,6 +542,7 @@ static int decrypt(int argc, char *argv[]) #undef f_bogus #undef f_buffer +#undef f_nocheck } /*----- Main code ---------------------------------------------------------*/ @@ -570,7 +578,7 @@ static cmd cmdtab[] = { CMD_ENCODE, CMD_DECODE, { "encrypt", encrypt, - "encrypt [-a] [-k TAG] [-s TAG] [-f FORMAT]\n\t\ + "encrypt [-aC] [-k TAG] [-s TAG] [-f FORMAT]\n\t\ [-o OUTPUT] [FILE]", "\ Options:\n\ \n\ @@ -579,9 +587,10 @@ Options:\n\ -k, --key=TAG Use public encryption key named by TAG.\n\ -s, --sign-key=TAG Use private signature key named by TAG.\n\ -o, --output=FILE Write output to FILE.\n\ +-C, --nocheck Don't check the public key.\n\ " }, { "decrypt", decrypt, - "decrypt [-abqv] [-f FORMAT] [-o OUTPUT] [FILE]", "\ + "decrypt [-abqvC] [-f FORMAT] [-o OUTPUT] [FILE]", "\ Options:\n\ \n\ -a, --armour Same as `-f pem'.\n\ @@ -590,6 +599,7 @@ Options:\n\ -o, --output=FILE Write output to FILE.\n\ -q, --quiet Produce fewer messages.\n\ -v, --verbose Produce more verbose messages.\n\ +-C, --nocheck Don't check the private key.\n\ " }, /* ' emacs is confused */ { 0, 0, 0 } };