X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/213e565ffaaa420441d7a8d25f995358c5f9f30f..946c3f725423fb5b822d809f1befb8c361ac2625:/catsign.c

diff --git a/catsign.c b/catsign.c
index ce05618..46b7b87 100644
--- a/catsign.c
+++ b/catsign.c
@@ -91,6 +91,7 @@ typedef struct sigmsg {
 #define F_BOGUS 128u
 #define F_BUFFER 256u
 #define F_UTC 512u
+#define F_NOCHECK 1024u
 
 /*----- Chunk I/O ---------------------------------------------------------*/
 
@@ -453,9 +454,10 @@ static int sign(int argc, char *argv[])
       { "format",	OPTF_ARGREQ,	0,	'f' },
       { "output",	OPTF_ARGREQ,	0,	'o' },
       { "text",		0,		0,	't' },
+      { "nocheck",	0,		0,	'C' },
       { 0,		0,		0,	0 }
     };
-    i = mdwopt(argc, argv, "k:f:o:abdt", opt, 0, 0, 0);
+    i = mdwopt(argc, argv, "k:f:o:abdtC", opt, 0, 0, 0);
     if (i < 0) break;
     switch (i) {
       case 'k': kn = optarg; break;
@@ -465,6 +467,7 @@ static int sign(int argc, char *argv[])
       case 't': f &= ~F_BINARY; break;
       case 'b': f |= F_BINARY; break;
       case 'd': f |= F_DETACH; break;
+      case 'C': f |= F_NOCHECK; break;
       default: f |= F_BOGUS; break;
     }
   }
@@ -494,7 +497,7 @@ static int sign(int argc, char *argv[])
   dstr_reset(&d);
   key_fulltag(k, &d);
   s.s = getsig(k, "ccsig", 1);
-  if ((err = s.s->ops->check(s.s)) != 0)
+  if (!(f & F_NOCHECK) && (err = s.s->ops->check(s.s)) != 0)
     moan("key %s fails check: %s", d.buf, err);
   keyhash(k, s.s, &s.kh);
   e = initenc(eo, ofp,
@@ -600,6 +603,7 @@ static int verify(int argc, char *argv[])
       { "fresh-time",	0,		0,	't' },
       { "gmt",		0,		0,	'u' },
       { "verbose",	0,		0,	'v' },
+      { "nocheck",	0,		0,	'C' },
       { 0,		0,		0,	0 }
     };
     i = mdwopt(argc, argv, "k:f:o:abqt:uv", opt, 0, 0, 0);
@@ -611,6 +615,7 @@ static int verify(int argc, char *argv[])
       case 'f': ef = optarg; break;
       case 'o': of = optarg; break;
       case 'u': v.f |= F_UTC; break;
+      case 'C': v.f |= F_NOCHECK; break;
       case 't':
 	if (strcmp(optarg, "always") == 0) t_fresh = 0;
         else if ((t_fresh = get_date(optarg, 0)) < 0)
@@ -672,7 +677,7 @@ static int verify(int argc, char *argv[])
 
   s.s = getsig(k, "ccsig", 0);
   dstr_reset(&d); key_fulltag(k, &d);
-  if (v.verb && (err = s.s->ops->check(s.s)) != 0)
+  if (!(v.f & F_NOCHECK) && v.verb && (err = s.s->ops->check(s.s)) != 0)
     printf("WARN verification key %s fails check: %s\n", d.buf, err);
 
   dstr_reset(&dd); keyhash(k, s.s, &dd);
@@ -1053,7 +1058,7 @@ static cmd cmdtab[] = {
   CMD_ENCODE,
   CMD_DECODE,
   { "sign", sign,
-    "sign [-adt] [-k TAG] [-f FORMAT] [-o OUTPUT] [FILE]", "\
+    "sign [-adtC] [-k TAG] [-f FORMAT] [-o OUTPUT] [FILE]", "\
 Options:\n\
 \n\
 -a, --armour		Same as `-f pem'.\n\
@@ -1063,9 +1068,10 @@ Options:\n\
 -k, --key=TAG		Use public encryption key named by TAG.\n\
 -o, --output=FILE	Write output to FILE.\n\
 -t, --text		Canonify input message as a text file.\n\
+-C, --nocheck		Don't check the private key.\n\
 " },
   { "verify", verify,
-    "verify [-abquv] [-f FORMAT] [-k TAG] [-o OUTPUT]\n\t\
+    "verify [-abquvC] [-f FORMAT] [-k TAG] [-o OUTPUT]\n\t\
 [FILE [MESSAGE]]", "\
 Options:\n\
 \n\
@@ -1078,6 +1084,7 @@ Options:\n\
 -t, --freshtime=TIME	Only accept signatures made after this time.\n\
 -u, --utc		Show dates in UTC rather than local time.\n\
 -v, --verbose		Produce more verbose messages.\n\
+-C, --nocheck		Don't check the public key.\n\
 " },
   { "info", info,
     "info [-au] [-f FORMAT] [FILE]", "\