g10: Export cleartext keys as cleartext

* g10/export.c (do_export_stream): If a key is stored by the agent in cleartext, then try to export it as cleartext. * tests/openpgp/export.test: For secret keys that are stored in cleartext, test should try to export without pinentry interaction. -- This restores the behavior of GnuPG 2.0 and 1.4 when exporting passphraseless secret keys, and fixes the test suite accordingly. GnuPG-bug-id: 2070, 2324 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gpg · Jun 11, 2016 · c41c46f · c41c46f
1 parent a3cb72a
commit c41c46f
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 26 deletions.
diff --git a/g10/export.c b/g10/export.c
@@ -1141,6 +1141,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
   gcry_cipher_hd_t cipherhd = NULL;
   char *cache_nonce = NULL;
   struct export_stats_s dummystats;
+  int cleartext = 0;
 
   if (!stats)
     stats = &dummystats;
@@ -1445,7 +1446,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
                   serialno = NULL;
                 }
               else
-                err = agent_get_keyinfo (ctrl, hexgrip, &serialno, NULL);
+                err = agent_get_keyinfo (ctrl, hexgrip, &serialno, &cleartext);
 
               if ((!err && serialno)
                   && secret == 2 && node->pkt->pkttype == PKT_PUBLIC_KEY)
@@ -1494,7 +1495,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
               else if (!err)
                 {
                   err = receive_seckey_from_agent (ctrl, cipherhd,
-                                                   0, &cache_nonce,
+                                                   cleartext, &cache_nonce,
                                                    hexgrip, pk);
                   if (err)
                     {

diff --git a/tests/openpgp/export.test b/tests/openpgp/export.test
@@ -61,8 +61,6 @@ assert_passphrases_consumed()
     rm -f -- $logfile
 }
 
-# XXX: Currently, gpg does not allow one to export private keys
-# without a passphrase (issue2070, issue2324).
 export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile"
 
 info "Checking key export."
@@ -78,23 +76,13 @@ do
     check_armored_public_key $KEY.public
     rm $KEY.public
 
+    # test without --armor:
+
     if [ $KEY = D74C5F22 ]; then
         # Key D74C5F22 is protected by a passphrase.  Prepare this
         # one.  Currently, GnuPG does not ask for an export passphrase
         # in this case.
         prepare_passphrase "$usrpass1"
-    else
-        # We use a weak passphrase which we'll have to confirm.
-        prepare_passphrase "export passphrase"
-        prepare_passphrase_confirm
-        prepare_passphrase "export passphrase"
-
-        # Key C40FDECF has a subkey.
-        if [ $KEY = C40FDECF ]; then
-            prepare_passphrase "export passphrase"
-            prepare_passphrase_confirm
-            prepare_passphrase "export passphrase"
-        fi
     fi
 
     $GPG --export-secret-keys $KEY >$KEY.private
@@ -103,21 +91,13 @@ do
 
     assert_passphrases_consumed
 
+    # test with --armor:
+
     if [ $KEY = D74C5F22 ]; then
         # Key D74C5F22 is protected by a passphrase.  Prepare this
         # one.  Currently, GnuPG does not ask for an export passphrase
         # in this case.
         prepare_passphrase "$usrpass1"
-    else
-        # We use a stronger passphrase here.
-        prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
-        prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
-
-        # Key C40FDECF has a subkey.
-        if [ $KEY = C40FDECF ]; then
-            prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
-            prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
-        fi
     fi
 
     $GPG --armor --export-secret-keys $KEY >$KEY.private