From d5d892140bfb721f7ed5b08e66f861e52e037832 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sat, 26 Oct 2019 15:46:20 +0100 Subject: [PATCH] progs/key.c: Don't print secret parts of keys at verbosity 3. Print them at level 4. Push printing of locked portions to level 5. --- progs/key.1 | 6 +++--- progs/key.c | 25 +++++++++++++------------ 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/progs/key.1 b/progs/key.1 index 15552fd0..f5b64455 100644 --- a/progs/key.1 +++ b/progs/key.1 @@ -966,9 +966,9 @@ keyids, types, expiry and deletion dates, and comments. Additional .RB ` \-v ' options show more information, such as the exact time of day for expiry and deletion, key attributes, and a dump of the actual key data. If the -verbosity level is sufficiently high, passphrases are requested to -decrypt locked keys. Make sure nobody is looking over your shoulder -when you do this! +verbosity level is sufficiently high, secret parts of keys are printed, +and passphrases are requested to decrypt locked keys. Make sure nobody +is looking over your shoulder when you do this! .SS "fingerprint" Reports a fingerprint (secure hash) on components of requested keys. The following options are supported: diff --git a/progs/key.c b/progs/key.c index 9c9466b8..c38ed5db 100644 --- a/progs/key.c +++ b/progs/key.c @@ -1397,6 +1397,11 @@ static void showkeydata(key_data *k, int ind, listopts *o, dstr *d) } \ } while (0) + if ((k->e&KF_ENCMASK) == KENC_ENCRYPT && o->v <= 4) + { fputs(" encrypted\n", stdout); return; } + if ((k->e&KF_ENCMASK) != KENC_STRUCT && !(k->e&KF_NONSECRET) && o->v <= 3) + { fputs(" secret\n", stdout); return; } + switch (k->e & KF_ENCMASK) { /* --- Binary key data --- * @@ -1432,20 +1437,16 @@ static void showkeydata(key_data *k, int ind, listopts *o, dstr *d) * key. Otherwise just say that it's encrypted and move on. */ - case KENC_ENCRYPT: - if (o->v <= 3) - fputs(" encrypted\n", stdout); + case KENC_ENCRYPT: { + key_data *kd; + if (key_punlock(&kd, k, d->buf)) + printf(" \n", d->buf); else { - key_data *kd; - if (key_punlock(&kd, k, d->buf)) - printf(" \n", d->buf); - else { - fputs(" encrypted", stdout); - showkeydata(kd, ind, o, d); - key_drop(kd); - } + fputs(" encrypted", stdout); + showkeydata(kd, ind, o, d); + key_drop(kd); } - break; + } break; /* --- Integer keys --- * * -- 2.11.0