2008-05-15 Marcus Brinkmann <marcus@g10code.de>
[gnupg.git] / g10 / delkey.c
blobfe29d52ea42b60a1f716698bb79d0c89cbb00f37
1 /* delkey.c - delete keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004,
3 * 2005, 2006 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <assert.h>
27 #include <ctype.h>
29 #include "gpg.h"
30 #include "options.h"
31 #include "packet.h"
32 #include "status.h"
33 #include "iobuf.h"
34 #include "keydb.h"
35 #include "util.h"
36 #include "main.h"
37 #include "trustdb.h"
38 #include "filter.h"
39 #include "ttyio.h"
40 #include "status.h"
41 #include "i18n.h"
44 /****************
45 * Delete a public or secret key from a keyring.
46 * r_sec_avail will be set if a secret key is available and the public
47 * key can't be deleted for that reason.
49 static int
50 do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
52 int rc = 0;
53 KBNODE keyblock = NULL;
54 KBNODE node;
55 KEYDB_HANDLE hd = keydb_new (secret);
56 PKT_public_key *pk = NULL;
57 PKT_secret_key *sk = NULL;
58 u32 keyid[2];
59 int okay=0;
60 int yes;
61 KEYDB_SEARCH_DESC desc;
62 int exactmatch;
64 *r_sec_avail = 0;
66 /* search the userid */
67 classify_user_id (username, &desc);
68 exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR
69 || desc.mode == KEYDB_SEARCH_MODE_FPR16
70 || desc.mode == KEYDB_SEARCH_MODE_FPR20);
71 rc = desc.mode? keydb_search (hd, &desc, 1):G10ERR_INV_USER_ID;
72 if (rc) {
73 log_error (_("key \"%s\" not found: %s\n"), username, g10_errstr (rc));
74 write_status_text( STATUS_DELETE_PROBLEM, "1" );
75 goto leave;
78 /* read the keyblock */
79 rc = keydb_get_keyblock (hd, &keyblock );
80 if (rc) {
81 log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
82 goto leave;
85 /* get the keyid from the keyblock */
86 node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY );
87 if( !node ) {
88 log_error("Oops; key not found anymore!\n");
89 rc = G10ERR_GENERAL;
90 goto leave;
93 if( secret )
95 sk = node->pkt->pkt.secret_key;
96 keyid_from_sk( sk, keyid );
98 else
100 /* public */
101 pk = node->pkt->pkt.public_key;
102 keyid_from_pk( pk, keyid );
104 if(!force)
106 rc = seckey_available( keyid );
107 if( !rc )
109 *r_sec_avail = 1;
110 rc = -1;
111 goto leave;
113 else if( rc != G10ERR_NO_SECKEY )
114 log_error("%s: get secret key: %s\n", username, g10_errstr(rc) );
115 else
116 rc = 0;
120 if( rc )
121 rc = 0;
122 else if (opt.batch && exactmatch)
123 okay++;
124 else if( opt.batch && secret )
126 log_error(_("can't do this in batch mode\n"));
127 log_info (_("(unless you specify the key by fingerprint)\n"));
129 else if( opt.batch && opt.answer_yes )
130 okay++;
131 else if( opt.batch )
133 log_error(_("can't do this in batch mode without \"--yes\"\n"));
134 log_info (_("(unless you specify the key by fingerprint)\n"));
136 else {
137 if( secret )
138 print_seckey_info( sk );
139 else
140 print_pubkey_info(NULL, pk );
141 tty_printf( "\n" );
143 yes = cpr_get_answer_is_yes( secret? "delete_key.secret.okay"
144 : "delete_key.okay",
145 _("Delete this key from the keyring? (y/N) "));
146 if( !cpr_enabled() && secret && yes ) {
147 /* I think it is not required to check a passphrase; if
148 * the user is so stupid as to let others access his secret keyring
149 * (and has no backup) - it is up him to read some very
150 * basic texts about security.
152 yes = cpr_get_answer_is_yes("delete_key.secret.okay",
153 _("This is a secret key! - really delete? (y/N) "));
155 if( yes )
156 okay++;
160 if( okay ) {
161 rc = keydb_delete_keyblock (hd);
162 if (rc) {
163 log_error (_("deleting keyblock failed: %s\n"), g10_errstr(rc) );
164 goto leave;
167 /* Note that the ownertrust being cleared will trigger a
168 revalidation_mark(). This makes sense - only deleting keys
169 that have ownertrust set should trigger this. */
171 if (!secret && pk && clear_ownertrusts (pk)) {
172 if (opt.verbose)
173 log_info (_("ownertrust information cleared\n"));
177 leave:
178 keydb_release (hd);
179 release_kbnode (keyblock);
180 return rc;
183 /****************
184 * Delete a public or secret key from a keyring.
187 delete_keys( strlist_t names, int secret, int allow_both )
189 int rc, avail, force=(!allow_both && !secret && opt.expert);
191 /* Force allows us to delete a public key even if a secret key
192 exists. */
194 for(;names;names=names->next) {
195 rc = do_delete_key (names->d, secret, force, &avail );
196 if ( rc && avail ) {
197 if ( allow_both ) {
198 rc = do_delete_key (names->d, 1, 0, &avail );
199 if ( !rc )
200 rc = do_delete_key (names->d, 0, 0, &avail );
202 else {
203 log_error(_(
204 "there is a secret key for public key \"%s\"!\n"),names->d);
205 log_info(_(
206 "use option \"--delete-secret-keys\" to delete it first.\n"));
207 write_status_text( STATUS_DELETE_PROBLEM, "2" );
208 return rc;
212 if(rc) {
213 log_error("%s: delete key failed: %s\n", names->d, g10_errstr(rc) );
214 return rc;
218 return 0;