@opindex delete-keys
Remove key from the public keyring. In batch mode either @option{--yes} is
required or the key must be specified by fingerprint. This is a
-safeguard against accidental deletion of multiple keys.
+safeguard against accidental deletion of multiple keys. If the
+exclamation mark syntax is used with the fingerprint of a subkey only
+that subkey is deleted; if the exclamation mark is used with the
+fingerprint of the primary key the entire public key is deleted.
@item --delete-secret-keys @var{name}
@opindex delete-secret-keys
advice gpg-agent not to request a confirmation. This extra
pre-caution is done because @command{@gpgname} can't be sure that the
secret key (as controlled by gpg-agent) is only used for the given
-OpenPGP public key.
+OpenPGP public key. If the exclamation mark syntax is used with the
+fingerprint of a subkey only the secret part of that subkey is
+deleted; if the exclamation mark is used with the fingerprint of the
+primary key only the secret part of the primary key is deleted.
@item --delete-secret-and-public-key @var{name}
/* delkey.c - delete keys
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004,
* 2005, 2006 Free Software Foundation, Inc.
- * Copyright (C) 2014 Werner Koch
+ * Copyright (C) 2014, 2019 Werner Koch
*
* This file is part of GnuPG.
*
gpg_error_t err;
kbnode_t keyblock = NULL;
kbnode_t node, kbctx;
+ kbnode_t targetnode;
KEYDB_HANDLE hd;
PKT_public_key *pk = NULL;
u32 keyid[2];
int okay=0;
int yes;
KEYDB_SEARCH_DESC desc;
- int exactmatch;
+ int exactmatch; /* True if key was found by fingerprint. */
+ int thiskeyonly; /* 0 = false, 1 = is primary key, 2 = is a subkey. */
*r_sec_avail = 0;
exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR
|| desc.mode == KEYDB_SEARCH_MODE_FPR16
|| desc.mode == KEYDB_SEARCH_MODE_FPR20);
+ thiskeyonly = desc.exact;
if (!err)
err = keydb_search (hd, &desc, 1, NULL);
if (err)
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
- pk = node->pkt->pkt.public_key;
+
+ /* If an operation only on a subkey is requested, find that subkey
+ * now. */
+ if (thiskeyonly)
+ {
+ kbnode_t tmpnode;
+
+ for (kbctx=NULL; (tmpnode = walk_kbnode (keyblock, &kbctx, 0)); )
+ {
+ if (!(tmpnode->pkt->pkttype == PKT_PUBLIC_KEY
+ || tmpnode->pkt->pkttype == PKT_PUBLIC_SUBKEY))
+ continue;
+ if (exact_subkey_match_p (&desc, tmpnode))
+ break;
+ }
+ if (!tmpnode)
+ {
+ log_error ("Oops; requested subkey not found anymore!\n");
+ err = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+ /* Set NODE to this specific subkey or primary key. */
+ thiskeyonly = node == tmpnode? 1 : 2;
+ targetnode = tmpnode;
+ }
+ else
+ targetnode = node;
+
+ pk = targetnode->pkt->pkt.public_key;
keyid_from_pk (pk, keyid);
if (!secret && !force)
print_pubkey_info (ctrl, NULL, pk );
tty_printf( "\n" );
+ if (thiskeyonly == 1 && !secret)
+ {
+ /* We need to delete the entire public key despite the use
+ * of the thiskeyonly request. */
+ tty_printf (_("Note: The public primary key and all its subkeys"
+ " will be deleted.\n"));
+ }
+ else if (thiskeyonly == 2 && !secret)
+ {
+ tty_printf (_("Note: Only the shown public subkey"
+ " will be deleted.\n"));
+ }
+ if (thiskeyonly == 1 && secret)
+ {
+ tty_printf (_("Note: Only the secret part of the shown primary"
+ " key will be deleted.\n"));
+ }
+ else if (thiskeyonly == 2 && secret)
+ {
+ tty_printf (_("Note: Only the secret part of the shown subkey"
+ " will be deleted.\n"));
+ }
+
+ if (thiskeyonly)
+ tty_printf ("\n");
+
yes = cpr_get_answer_is_yes
(secret? "delete_key.secret.okay": "delete_key.okay",
_("Delete this key from the keyring? (y/N) "));
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY))
continue;
+ if (thiskeyonly && targetnode != node)
+ continue;
+
if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
continue; /* No secret key for that public (sub)key. */
if (firsterr)
goto leave;
}
+ else if (thiskeyonly == 2)
+ {
+ int selected = 0;
+
+ /* Delete the specified public subkey. */
+ for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
+ {
+ if (thiskeyonly && targetnode != node)
+ continue;
+
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ selected = targetnode == node;
+ if (selected)
+ delete_kbnode (node);
+ }
+ else if (selected && node->pkt->pkttype == PKT_SIGNATURE)
+ delete_kbnode (node);
+ else
+ selected = 0;
+ }
+ commit_kbnode (&keyblock);
+ err = keydb_update_keyblock (ctrl, hd, keyblock);
+ if (err)
+ {
+ log_error (_("update failed: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+ }
else
{
- err = opt.dry_run? 0 : keydb_delete_keyblock (hd);
+ err = keydb_delete_keyblock (hd);
if (err)
{
log_error (_("deleting keyblock failed: %s\n"),
revalidation_mark(). This makes sense - only deleting keys
that have ownertrust set should trigger this. */
- if (!secret && pk && !opt.dry_run && clear_ownertrusts (ctrl, pk))
+ if (!secret && pk && !opt.dry_run && thiskeyonly != 2
+ && clear_ownertrusts (ctrl, pk))
{
if (opt.verbose)
log_info (_("ownertrust information cleared\n"));
return err;
}
-/****************
+
+/*
* Delete a public or secret key from a keyring.
*/
gpg_error_t
projects / gnupg2.git / commitdiff