forked from AGWA/git-crypt
-
Notifications
You must be signed in to change notification settings - Fork 1
/
gpg.cpp
195 lines (176 loc) · 6.17 KB
/
gpg.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
/*
* Copyright 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include "gpg.hpp"
#include "util.hpp"
#include "commands.hpp"
#include <sstream>
static std::string gpg_get_executable()
{
std::string gpgbin = "gpg";
try {
gpgbin = get_git_config("gpg.program");
} catch (...) {
}
return gpgbin;
}
static std::string gpg_nth_column (const std::string& line, unsigned int col)
{
std::string::size_type pos = 0;
for (unsigned int i = 0; i < col; ++i) {
pos = line.find_first_of(':', pos);
if (pos == std::string::npos) {
throw Gpg_error("Malformed output from gpg");
}
pos = pos + 1;
}
const std::string::size_type end_pos = line.find_first_of(':', pos);
return end_pos != std::string::npos ?
line.substr(pos, end_pos - pos) :
line.substr(pos);
}
// given a key fingerprint, return the last 8 nibbles
std::string gpg_shorten_fingerprint (const std::string& fingerprint)
{
return fingerprint.size() == 40 ? fingerprint.substr(32) : fingerprint;
}
// given a key fingerprint, return the key's UID (e.g. "John Smith <[email protected]>")
std::string gpg_get_uid (const std::string& fingerprint)
{
// gpg --batch --with-colons --fixed-list-mode --list-keys 0x7A399B2DB06D039020CD1CE1D0F3702D61489532
std::vector<std::string> command;
command.push_back(gpg_get_executable());
command.push_back("--batch");
command.push_back("--with-colons");
command.push_back("--fixed-list-mode");
command.push_back("--list-keys");
command.push_back("0x" + fingerprint);
std::stringstream command_output;
if (!successful_exit(exec_command(command, command_output))) {
// This could happen if the keyring does not contain a public key with this fingerprint
return "";
}
while (command_output.peek() != -1) {
std::string line;
std::getline(command_output, line);
if (line.substr(0, 4) == "uid:") {
// uid:u::::1395975462::AB97D6E3E5D8789988CA55E5F77D9E7397D05229::John Smith <[email protected]>:
// want the 9th column (counting from 0)
return gpg_nth_column(line, 9);
}
}
return "";
}
// return a list of fingerprints of public keys matching the given search query (such as [email protected])
std::vector<std::string> gpg_lookup_key (const std::string& query)
{
std::vector<std::string> fingerprints;
// gpg --batch --with-colons --fingerprint --list-keys [email protected]
std::vector<std::string> command;
command.push_back(gpg_get_executable());
command.push_back("--batch");
command.push_back("--with-colons");
command.push_back("--fingerprint");
command.push_back("--list-keys");
command.push_back(query);
std::stringstream command_output;
if (successful_exit(exec_command(command, command_output))) {
bool is_pubkey = false;
while (command_output.peek() != -1) {
std::string line;
std::getline(command_output, line);
if (line.substr(0, 4) == "pub:") {
is_pubkey = true;
} else if (line.substr(0, 4) == "sub:") {
is_pubkey = false;
} else if (is_pubkey && line.substr(0, 4) == "fpr:") {
// fpr:::::::::7A399B2DB06D039020CD1CE1D0F3702D61489532:
// want the 9th column (counting from 0)
fingerprints.push_back(gpg_nth_column(line, 9));
}
}
}
return fingerprints;
}
std::vector<std::string> gpg_list_secret_keys ()
{
// gpg --batch --with-colons --list-secret-keys --fingerprint
std::vector<std::string> command;
command.push_back(gpg_get_executable());
command.push_back("--batch");
command.push_back("--with-colons");
command.push_back("--list-secret-keys");
command.push_back("--fingerprint");
std::stringstream command_output;
if (!successful_exit(exec_command(command, command_output))) {
throw Gpg_error("gpg --list-secret-keys failed");
}
std::vector<std::string> secret_keys;
while (command_output.peek() != -1) {
std::string line;
std::getline(command_output, line);
if (line.substr(0, 4) == "fpr:") {
// fpr:::::::::7A399B2DB06D039020CD1CE1D0F3702D61489532:
// want the 9th column (counting from 0)
secret_keys.push_back(gpg_nth_column(line, 9));
}
}
return secret_keys;
}
void gpg_encrypt_to_file (const std::string& filename, const std::string& recipient_fingerprint, bool key_is_trusted, const char* p, size_t len)
{
// gpg --batch -o FILENAME -r RECIPIENT -e
std::vector<std::string> command;
command.push_back(gpg_get_executable());
command.push_back("--batch");
if (key_is_trusted) {
command.push_back("--trust-model");
command.push_back("always");
}
command.push_back("-o");
command.push_back(filename);
command.push_back("-r");
command.push_back("0x" + recipient_fingerprint);
command.push_back("-e");
if (!successful_exit(exec_command_with_input(command, p, len))) {
throw Gpg_error("Failed to encrypt");
}
}
void gpg_decrypt_from_file (const std::string& filename, std::ostream& output)
{
// gpg -q -d FILENAME
std::vector<std::string> command;
command.push_back(gpg_get_executable());
command.push_back("-q");
command.push_back("-d");
command.push_back(filename);
if (!successful_exit(exec_command(command, output))) {
throw Gpg_error("Failed to decrypt");
}
}