X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fkeytrans%2Fopenpgp2ssh.c;h=f16eac5c3ea85236942b33b8021b2b599dac5107;hb=9556a2f1659aa6432cc74469a25d401319d74e79;hp=30e19d5e1790f1c42305afb604a55c62a56a1b75;hpb=6f2d6f78cd11231d6f7ffd6361812b1bd49a4c34;p=monkeysphere.git diff --git a/src/keytrans/openpgp2ssh.c b/src/keytrans/openpgp2ssh.c index 30e19d5..f16eac5 100644 --- a/src/keytrans/openpgp2ssh.c +++ b/src/keytrans/openpgp2ssh.c @@ -35,14 +35,16 @@ /* FIXME: keyid should be const as well */ -int convert_private_pgp_to_x509(gnutls_x509_privkey_t* output, const gnutls_openpgp_privkey_t* pgp_privkey, gnutls_openpgp_keyid_t* keyid) { +int convert_private_pgp_to_x509(gnutls_x509_privkey_t* output, const gnutls_openpgp_privkey_t* pgp_privkey, const unsigned char* keyfpr, unsigned int fprlen) { gnutls_datum_t m, e, d, p, q, u, g, y, x; gnutls_pk_algorithm_t pgp_algo; unsigned int pgp_bits; int ret; - -/* FIXME: actually respect keyid argument. At the moment, we just - emit the primary key. */ + int subkeyidx; + int subkeycount; + int found = 0; + unsigned char fingerprint[20]; + size_t fingerprint_length = sizeof(fingerprint); init_datum(&m); init_datum(&e); @@ -54,45 +56,130 @@ int convert_private_pgp_to_x509(gnutls_x509_privkey_t* output, const gnutls_open init_datum(&y); init_datum(&x); - pgp_algo = gnutls_openpgp_privkey_get_pk_algorithm(*pgp_privkey, &pgp_bits); - if (pgp_algo < 0) { - err("failed to get OpenPGP key algorithm (error: %d)\n", pgp_algo); + subkeycount = gnutls_openpgp_privkey_get_subkey_count(*pgp_privkey); + if (subkeycount < 0) { + err(0,"Could not determine subkey count (got value %d)\n", subkeycount); return 1; } - if (pgp_algo == GNUTLS_PK_RSA) { - err("OpenPGP RSA Key, with %d bits\n", pgp_bits); - ret = gnutls_openpgp_privkey_export_rsa_raw(*pgp_privkey, &m, &e, &d, &p, &q, &u); - if (GNUTLS_E_SUCCESS != ret) { - err ("failed to export RSA key parameters (error: %d)\n", ret); + + if ((keyfpr == NULL) && + (subkeycount > 0)) { + err(0,"No key identifier passed in, but there were %d keys to choose from\n", subkeycount + 1); + return 1; + } + + if (keyfpr != NULL) { + ret = gnutls_openpgp_privkey_get_fingerprint(*pgp_privkey, fingerprint, &fingerprint_length); + if (ret) { + err(0,"Could not get fingerprint (error: %d)\n", ret); return 1; } + if (fprlen > fingerprint_length) { + err(0, "Requested key identifier is longer than computed fingerprint\n"); + return 1; + } + if (fingerprint_length > fprlen) { + err(0, "Only comparing last %d bits of key fingerprint\n", fprlen*8); + } + } + if ((keyfpr == NULL) || (memcmp(fingerprint + (fingerprint_length - fprlen), keyfpr, fprlen) == 0)) { + /* we want to export the primary key: */ + err(0,"exporting primary key\n"); - ret = gnutls_x509_privkey_import_rsa_raw (*output, &m, &e, &d, &p, &q, &u); - if (GNUTLS_E_SUCCESS != ret) { - err ("failed to import RSA key parameters (error: %d)\n", ret); + /* FIXME: this is almost identical to the block below for subkeys. + This clumsiness seems inherent in the gnutls OpenPGP API, + though. ugh. */ + pgp_algo = gnutls_openpgp_privkey_get_pk_algorithm(*pgp_privkey, &pgp_bits); + if (pgp_algo < 0) { + err(0, "failed to get OpenPGP key algorithm (error: %d)\n", pgp_algo); return 1; } - } else if (pgp_algo == GNUTLS_PK_DSA) { - err("OpenPGP DSA Key, with %d bits\n", pgp_bits); - ret = gnutls_openpgp_privkey_export_dsa_raw(*pgp_privkey, &p, &q, &g, &y, &x); + if (pgp_algo == GNUTLS_PK_RSA) { + err(0,"OpenPGP RSA Key, with %d bits\n", pgp_bits); + ret = gnutls_openpgp_privkey_export_rsa_raw(*pgp_privkey, &m, &e, &d, &p, &q, &u); + if (GNUTLS_E_SUCCESS != ret) { + err(0, "failed to export RSA key parameters (error: %d)\n", ret); + return 1; + } + + } else if (pgp_algo == GNUTLS_PK_DSA) { + err(0,"OpenPGP DSA Key, with %d bits\n", pgp_bits); + ret = gnutls_openpgp_privkey_export_dsa_raw(*pgp_privkey, &p, &q, &g, &y, &x); + if (GNUTLS_E_SUCCESS != ret) { + err(0,"failed to export DSA key parameters (error: %d)\n", ret); + return 1; + } + } + found = 1; + } else { + /* lets trawl through the subkeys until we find the one we want: */ + for (subkeyidx = 0; (subkeyidx < subkeycount) && !found; subkeyidx++) { + ret = gnutls_openpgp_privkey_get_subkey_fingerprint(*pgp_privkey, subkeyidx, fingerprint, &fingerprint_length); + if (ret) { + err(0,"Could not get fingerprint of subkey with index %d (error: %d)\n", subkeyidx, ret); + return 1; + } + if (fprlen > fingerprint_length) { + err(0, "Requested key identifier is longer than computed fingerprint\n"); + return 1; + } + if (fingerprint_length > fprlen) { + err(1, "Only comparing last %d bits of key fingerprint\n", fprlen*8); + } + if (memcmp(fingerprint + (fingerprint_length - fprlen), keyfpr, fprlen) == 0) { + err(0,"exporting subkey index %d\n", subkeyidx); + + /* FIXME: this is almost identical to the block above for the + primary key. */ + pgp_algo = gnutls_openpgp_privkey_get_subkey_pk_algorithm(*pgp_privkey, subkeyidx, &pgp_bits); + if (pgp_algo < 0) { + err(0,"failed to get the algorithm of the OpenPGP public key (error: %d)\n", pgp_algo); + return pgp_algo; + } else if (pgp_algo == GNUTLS_PK_RSA) { + err(0,"OpenPGP RSA key, with %d bits\n", pgp_bits); + ret = gnutls_openpgp_privkey_export_subkey_rsa_raw(*pgp_privkey, subkeyidx, &m, &e, &d, &p, &q, &u); + if (GNUTLS_E_SUCCESS != ret) { + err(0,"failed to export RSA key parameters (error: %d)\n", ret); + return 1; + } + } else if (pgp_algo == GNUTLS_PK_DSA) { + err(0,"OpenPGP DSA Key, with %d bits\n", pgp_bits); + ret = gnutls_openpgp_privkey_export_subkey_dsa_raw(*pgp_privkey, subkeyidx, &p, &q, &g, &y, &x); + if (GNUTLS_E_SUCCESS != ret) { + err(0,"failed to export DSA key parameters (error: %d)\n", ret); + return 1; + } + } + found = 1; + } + } + } + + if (!found) { + err(0,"Could not find key in input\n"); + return 1; + } + + if (pgp_algo == GNUTLS_PK_RSA) { + ret = gnutls_x509_privkey_import_rsa_raw (*output, &m, &e, &d, &p, &q, &u); if (GNUTLS_E_SUCCESS != ret) { - err ("failed to export DSA key parameters (error: %d)\n", ret); + err(0, "failed to import RSA key parameters (error: %d)\n", ret); return 1; } - + } else if (pgp_algo == GNUTLS_PK_DSA) { ret = gnutls_x509_privkey_import_dsa_raw (*output, &p, &q, &g, &y, &x); if (GNUTLS_E_SUCCESS != ret) { - err ("failed to import DSA key parameters (error: %d)\n", ret); + err(0,"failed to import DSA key parameters (error: %d)\n", ret); return 1; } } else { - err("OpenPGP Key was not RSA or DSA -- can't deal! (actual algorithm was: %d)\n", pgp_algo); + err(0,"OpenPGP Key was not RSA or DSA -- can't deal! (actual algorithm was: %d)\n", pgp_algo); return 1; } ret = gnutls_x509_privkey_fix(*output); if (ret != 0) { - err("failed to fix up the private key in X.509 format (error: %d)\n", ret); + err(0,"failed to fix up the private key in X.509 format (error: %d)\n", ret); return 1; } @@ -100,8 +187,7 @@ int convert_private_pgp_to_x509(gnutls_x509_privkey_t* output, const gnutls_open } /* FIXME: keyid should be const also */ -int emit_public_openssh_from_pgp(const gnutls_openpgp_crt_t* pgp_crt, gnutls_openpgp_keyid_t* keyid) { - gnutls_openpgp_keyid_t curkeyid; +int emit_public_openssh_from_pgp(const gnutls_openpgp_crt_t* pgp_crt, const unsigned char* keyfpr, size_t fprlen) { int ret; int subkeyidx; int subkeycount; @@ -116,10 +202,13 @@ int emit_public_openssh_from_pgp(const gnutls_openpgp_crt_t* pgp_crt, gnutls_ope algorithm name: */ char output_data[20]; + unsigned char fingerprint[20]; + size_t fingerprint_length = sizeof(fingerprint); + /* variables for the output conversion: */ int pipestatus; int pipefd, child_pid; - char* const b64args[] = {"/usr/bin/base64", "--wrap=0", NULL}; + char* const b64args[] = {"sh", "-c", "base64 | tr -c -d '[A-Za-z0-9=+/]'", NULL}; init_datum(&m); init_datum(&e); @@ -132,46 +221,53 @@ int emit_public_openssh_from_pgp(const gnutls_openpgp_crt_t* pgp_crt, gnutls_ope /* figure out if we've got the right thing: */ subkeycount = gnutls_openpgp_crt_get_subkey_count(*pgp_crt); if (subkeycount < 0) { - err("Could not determine subkey count (got value %d)\n", subkeycount); + err(0,"Could not determine subkey count (got value %d)\n", subkeycount); return 1; } - if ((keyid == NULL) && + if ((keyfpr == NULL) && (subkeycount > 0)) { - err("No keyid passed in, but there were %d keys to choose from\n", subkeycount + 1); + err(0,"No key identifier passed in, but there were %d keys to choose from\n", subkeycount + 1); return 1; } - if (keyid != NULL) { - ret = gnutls_openpgp_crt_get_key_id(*pgp_crt, curkeyid); + if (keyfpr != NULL) { + ret = gnutls_openpgp_crt_get_fingerprint(*pgp_crt, fingerprint, &fingerprint_length); if (ret) { - err("Could not get keyid (error: %d)\n", ret); + err(0,"Could not get key fingerprint (error: %d)\n", ret); + return 1; + } + if (fprlen > fingerprint_length) { + err(0, "Requested key identifier is longer than computed fingerprint\n"); return 1; } + if (fingerprint_length > fprlen) { + err(0, "Only comparing last %d bits of key fingerprint\n", fprlen*8); + } } - if ((keyid == NULL) || (memcmp(*keyid, curkeyid, sizeof(gnutls_openpgp_keyid_t)) == 0)) { + if ((keyfpr == NULL) || (memcmp(fingerprint + (fingerprint_length - fprlen), keyfpr, fprlen) == 0)) { /* we want to export the primary key: */ - err("exporting primary key\n"); + err(0,"exporting primary key\n"); /* FIXME: this is almost identical to the block below for subkeys. This clumsiness seems inherent in the gnutls OpenPGP API, though. ugh. */ algo = gnutls_openpgp_crt_get_pk_algorithm(*pgp_crt, &bits); if (algo < 0) { - err("failed to get the algorithm of the OpenPGP public key (error: %d)\n", algo); + err(0,"failed to get the algorithm of the OpenPGP public key (error: %d)\n", algo); return algo; } else if (algo == GNUTLS_PK_RSA) { - err("OpenPGP RSA certificate, with %d bits\n", bits); + err(0,"OpenPGP RSA certificate, with %d bits\n", bits); ret = gnutls_openpgp_crt_get_pk_rsa_raw(*pgp_crt, &m, &e); if (GNUTLS_E_SUCCESS != ret) { - err ("failed to export RSA key parameters (error: %d)\n", ret); + err(0,"failed to export RSA certificate parameters (error: %d)\n", ret); return 1; } } else if (algo == GNUTLS_PK_DSA) { - err("OpenPGP DSA Key, with %d bits\n", bits); + err(0,"OpenPGP DSA certificate, with %d bits\n", bits); ret = gnutls_openpgp_crt_get_pk_dsa_raw(*pgp_crt, &p, &q, &g, &y); if (GNUTLS_E_SUCCESS != ret) { - err ("failed to export DSA key parameters (error: %d)\n", ret); + err(0,"failed to export DSA certificate parameters (error: %d)\n", ret); return 1; } } @@ -180,32 +276,39 @@ int emit_public_openssh_from_pgp(const gnutls_openpgp_crt_t* pgp_crt, gnutls_ope } else { /* lets trawl through the subkeys until we find the one we want: */ for (subkeyidx = 0; (subkeyidx < subkeycount) && !found; subkeyidx++) { - ret = gnutls_openpgp_crt_get_subkey_id(*pgp_crt, subkeyidx, curkeyid); + ret = gnutls_openpgp_crt_get_subkey_fingerprint(*pgp_crt, subkeyidx, fingerprint, &fingerprint_length); if (ret) { - err("Could not get keyid of subkey with index %d (error: %d)\n", subkeyidx, ret); + err(0,"Could not get fingerprint of subkey with index %d (error: %d)\n", subkeyidx, ret); + return 1; + } + if (fprlen > fingerprint_length) { + err(0, "Requested key identifier is longer than computed fingerprint\n"); return 1; } - if (memcmp(*keyid, curkeyid, sizeof(gnutls_openpgp_keyid_t)) == 0) { - err("exporting subkey index %d\n", subkeyidx); + if (fingerprint_length > fprlen) { + err(1, "Only comparing last %d bits of key fingerprint\n", fprlen*8); + } + if (memcmp(fingerprint + (fingerprint_length - fprlen), keyfpr, fprlen) == 0) { + err(0,"exporting subkey index %d\n", subkeyidx); /* FIXME: this is almost identical to the block above for the primary key. */ algo = gnutls_openpgp_crt_get_subkey_pk_algorithm(*pgp_crt, subkeyidx, &bits); if (algo < 0) { - err("failed to get the algorithm of the OpenPGP public key (error: %d)\n", algo); + err(0,"failed to get the algorithm of the OpenPGP public key (error: %d)\n", algo); return algo; } else if (algo == GNUTLS_PK_RSA) { - err("OpenPGP RSA certificate, with %d bits\n", bits); + err(0,"OpenPGP RSA certificate, with %d bits\n", bits); ret = gnutls_openpgp_crt_get_subkey_pk_rsa_raw(*pgp_crt, subkeyidx, &m, &e); if (GNUTLS_E_SUCCESS != ret) { - err ("failed to export RSA key parameters (error: %d)\n", ret); + err(0,"failed to export RSA certificate parameters (error: %d)\n", ret); return 1; } } else if (algo == GNUTLS_PK_DSA) { - err("OpenPGP DSA Key, with %d bits\n", bits); + err(0,"OpenPGP DSA certificate, with %d bits\n", bits); ret = gnutls_openpgp_crt_get_subkey_pk_dsa_raw(*pgp_crt, subkeyidx, &p, &q, &g, &y); if (GNUTLS_E_SUCCESS != ret) { - err ("failed to export DSA key parameters (error: %d)\n", ret); + err(0,"failed to export DSA certificate parameters (error: %d)\n", ret); return 1; } } @@ -216,7 +319,7 @@ int emit_public_openssh_from_pgp(const gnutls_openpgp_crt_t* pgp_crt, gnutls_ope } if (!found) { - err("Could not find key in input\n"); + err(0,"Could not find key in input\n"); return 1; } @@ -239,12 +342,12 @@ int emit_public_openssh_from_pgp(const gnutls_openpgp_crt_t* pgp_crt, gnutls_ope all[3] = &g; all[4] = &y; } else { - err("Key algorithm was neither DSA nor RSA (it was %d). Can't deal. Sorry!\n", algo); + err(0,"Key algorithm was neither DSA nor RSA (it was %d). Can't deal. Sorry!\n", algo); return 1; } if (ret = datum_from_string(&algolabel, algoname), ret) { - err("couldn't label string (error: %d)\n", ret); + err(0,"couldn't label string (error: %d)\n", ret); return ret; } @@ -252,135 +355,89 @@ int emit_public_openssh_from_pgp(const gnutls_openpgp_crt_t* pgp_crt, gnutls_ope pipefd = create_writing_pipe(&child_pid, b64args[0], b64args); if (pipefd < 0) { - err("failed to create a writing pipe (returned %d)\n", pipefd); + err(0,"failed to create a writing pipe (returned %d)\n", pipefd); return pipefd; } write(1, output_data, strlen(output_data)); if (0 != write_data_fd_with_length(pipefd, all, mpicount)) { - err("was not able to write out RSA key data\n"); + err(0,"was not able to write out RSA key data\n"); return 1; } close(pipefd); if (child_pid != waitpid(child_pid, &pipestatus, 0)) { - err("could not wait for child process to return for some reason.\n"); + err(0,"could not wait for child process to return for some reason.\n"); return 1; } if (pipestatus != 0) { - err("base64 pipe died with return code %d\n", pipestatus); + err(0,"base64 pipe died with return code %d\n", pipestatus); return pipestatus; } write(1, "\n", 1); - return 0; } - - -int convert_x509_to_pgp(gnutls_openpgp_privkey_t* output, gnutls_datum_t* input) { +int main(int argc, char* argv[]) { + gnutls_datum_t data; + int ret = 0; gnutls_x509_privkey_t x509_privkey; - gnutls_datum_t m, e, d, p, q, u, g, y, x; - gnutls_pk_algorithm_t x509_algo; - int ret; - - init_datum(&m); - init_datum(&e); - init_datum(&d); - init_datum(&p); - init_datum(&q); - init_datum(&u); - init_datum(&g); - init_datum(&y); - init_datum(&x); - - if (ret = gnutls_x509_privkey_init(&x509_privkey), ret) { - err("Failed to initialized X.509 private key (error: %d)\n", ret); - return 1; - } - + gnutls_openpgp_privkey_t pgp_privkey; + gnutls_openpgp_crt_t pgp_crt; - /* format could be either: GNUTLS_X509_FMT_DER, - GNUTLS_X509_FMT_PEM; if MONKEYSPHERE_DER is set, use DER, - otherwise, use PEM: */ + char output_data[10240]; + size_t ods = sizeof(output_data); + + unsigned char * fingerprint = NULL; + size_t fpr_size; + char * prettyfpr = NULL; - if (getenv("MONKEYSPHERE_DER")) { - err("assuming DER formatted private keys\n"); - if (ret = gnutls_x509_privkey_import(x509_privkey, input, GNUTLS_X509_FMT_DER), ret) - err("failed to import the X.509 private key in DER format (error: %d)\n", ret); - } else { - err("assuming PEM formatted private keys\n"); - if (ret = gnutls_x509_privkey_import (x509_privkey, input, GNUTLS_X509_FMT_PEM), ret) - err("failed to import the X.509 private key in PEM format (error: %d)\n", ret); - } + init_gnutls(); - x509_algo = gnutls_x509_privkey_get_pk_algorithm(x509_privkey); - if (x509_algo < 0) { - err("failed to get X.509 key algorithm (error: %d)\n", x509_algo); - return 1; - } - if (x509_algo == GNUTLS_PK_RSA) { - err("X.509 RSA Key\n"); - ret = gnutls_x509_privkey_export_rsa_raw(x509_privkey, &m, &e, &d, &p, &q, &u); - if (GNUTLS_E_SUCCESS != ret) { - err ("failed to export RSA key parameters (error: %d)\n", ret); + /* figure out what key we should be looking for: */ + if (argv[1] != NULL) { + if (strlen(argv[1]) > 81) { + /* safety check to avoid some sort of wacky overflow situation: + there's no reason that the key id should be longer than twice + a sane fingerprint (one byte between chars, and then another + two at the beginning and end) */ + err(0, "Key identifier is way too long. Please use at most 40 hex digits.\n"); return 1; } - /* ret = gnutls_openpgp_privkey_import_rsa_raw (*output, &m, &e, &d, &p, &q, &u); */ - ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; - if (GNUTLS_E_SUCCESS != ret) { - err ("failed to import RSA key parameters (error: %d)\n", ret); + fpr_size = hexstring2bin(NULL, argv[1]); + if (fpr_size > 40*4) { + err(0, "Key identifier is longer than 40 hex digits\n"); return 1; } - } else if (x509_algo == GNUTLS_PK_DSA) { - err("X.509 DSA Key\n"); - ret = gnutls_x509_privkey_export_dsa_raw(x509_privkey, &p, &q, &g, &y, &x); - if (GNUTLS_E_SUCCESS != ret) { - err ("failed to export DSA key parameters (error: %d)\n", ret); + /* since fpr_size is initially in bits: */ + if (fpr_size % 8 != 0) { + err(0, "Please provide an even number of hex digits for the key identifier\n"); return 1; } + fpr_size /= 8; + + fingerprint = malloc(sizeof(unsigned char) * fpr_size); + bzero(fingerprint, sizeof(unsigned char) * fpr_size); + hexstring2bin(fingerprint, argv[1]); + + prettyfpr = malloc(sizeof(unsigned char)*fpr_size*2 + 1); + if (prettyfpr != NULL) { + hex_print_data(prettyfpr, fingerprint, fpr_size); + prettyfpr[sizeof(unsigned char)*fpr_size*2] = '\0'; + err(1, "searching for key with fingerprint '%s'\n", prettyfpr); + free(prettyfpr); + } - /* ret = gnutls_openpgp_privkey_import_dsa_raw (*output, &p, &q, &g, &y, &x); */ - ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; - if (GNUTLS_E_SUCCESS != ret) { - err ("failed to import DSA key parameters (error: %d)\n", ret); + if (fpr_size < 4) { + err(0, "You MUST provide at least 8 hex digits in any key identifier\n"); return 1; } - } else { - err("OpenPGP Key was not RSA or DSA -- can't deal! (actual algorithm was: %d)\n", x509_algo); - return 1; - } - - gnutls_x509_privkey_deinit(x509_privkey); - return 0; -} - - -int main(int argc, char* argv[]) { - gnutls_datum_t data; - int ret; - gnutls_x509_privkey_t x509_privkey; - gnutls_openpgp_privkey_t pgp_privkey; - gnutls_openpgp_crt_t pgp_crt; - - char output_data[10240]; - size_t ods = sizeof(output_data); - - gnutls_openpgp_keyid_t keyid; - gnutls_openpgp_keyid_t* use_keyid; - - init_gnutls(); - - /* figure out what keyid we should be looking for: */ - use_keyid = NULL; - if (argv[1] != NULL) { - ret = convert_string_to_keyid(keyid, argv[1]); - if (ret != 0) - return ret; - use_keyid = &keyid; + if (fpr_size < 8) + err(0, "You should provide at least 16 hex digits in any key identifier (proceeding with %d digits anyway)\n", fpr_size*2); + } @@ -388,26 +445,26 @@ int main(int argc, char* argv[]) { /* slurp in the key from stdin */ if (ret = set_datum_fd(&data, 0), ret) { - err("didn't read file descriptor 0\n"); + err(0,"didn't read file descriptor 0\n"); return 1; } if (ret = gnutls_openpgp_privkey_init(&pgp_privkey), ret) { - err("Failed to initialized OpenPGP private key (error: %d)\n", ret); + err(0,"Failed to initialized OpenPGP private key (error: %d)\n", ret); return 1; } /* check whether it's a private key or a public key, by trying them: */ if ((gnutls_openpgp_privkey_import(pgp_privkey, &data, GNUTLS_OPENPGP_FMT_RAW, NULL, 0) == 0) || (gnutls_openpgp_privkey_import(pgp_privkey, &data, GNUTLS_OPENPGP_FMT_BASE64, NULL, 0) == 0)) { /* we're dealing with a private key */ - err("Translating private key\n"); + err(0,"Translating private key\n"); if (ret = gnutls_x509_privkey_init(&x509_privkey), ret) { - err("Failed to initialize X.509 private key for output (error: %d)\n", ret); + err(0,"Failed to initialize X.509 private key for output (error: %d)\n", ret); return 1; } - ret = convert_private_pgp_to_x509(&x509_privkey, &pgp_privkey, use_keyid); + ret = convert_private_pgp_to_x509(&x509_privkey, &pgp_privkey, fingerprint, fpr_size); gnutls_openpgp_privkey_deinit(pgp_privkey); if (ret) @@ -424,27 +481,27 @@ int main(int argc, char* argv[]) { } else { if (ret = gnutls_openpgp_crt_init(&pgp_crt), ret) { - err("Failed to initialized OpenPGP certificate (error: %d)\n", ret); + err(0,"Failed to initialized OpenPGP certificate (error: %d)\n", ret); return 1; } if ((gnutls_openpgp_crt_import(pgp_crt, &data, GNUTLS_OPENPGP_FMT_RAW) == 0) || (gnutls_openpgp_crt_import(pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64) == 0)) { /* we're dealing with a public key */ - err("Translating public key\n"); + err(0,"Translating public key\n"); - ret = emit_public_openssh_from_pgp(&pgp_crt, use_keyid); + ret = emit_public_openssh_from_pgp(&pgp_crt, fingerprint, fpr_size); + if (ret != 0) + return ret; } else { /* we have no idea what kind of key this is at all anyway! */ - err("Input does contain any form of OpenPGP key I recognize."); + err(0,"Input does not contain any form of OpenPGP key I recognize.\n"); return 1; } } - - - gnutls_global_deinit(); + free(fingerprint); return 0; }