Displaying the length of the key we are about to import allows the user to spot forged keys more easily.
References: http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-keys.html#key-public-key-forgery Signed-off-by: Florian Pritz <[email protected]> --- lib/libalpm/alpm.h | 1 + lib/libalpm/signing.c | 1 + src/pacman/callback.c | 4 ++-- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 9fda940..2e4de79 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -226,6 +226,7 @@ typedef struct _alpm_pgpkey_t { char *email; alpm_time_t created; alpm_time_t expires; + unsigned int length; } alpm_pgpkey_t; /** Signature result. Contains the key, status, and validity of a given diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index bdaa83a..3d965b4 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -270,6 +270,7 @@ static int key_search(alpm_handle_t *handle, const char *fpr, pgpkey->email = key->uids->email; pgpkey->created = key->subkeys->timestamp; pgpkey->expires = key->subkeys->expires; + pgpkey->length = key->subkeys->length; ret = 1; error: diff --git a/src/pacman/callback.c b/src/pacman/callback.c index d856455..cb2b080 100644 --- a/src/pacman/callback.c +++ b/src/pacman/callback.c @@ -349,8 +349,8 @@ void cb_question(alpm_question_t event, void *data1, void *data2, char created[12]; time_t time = (time_t)key->created; strftime(created, 12, "%Y-%m-%d", localtime(&time)); - *response = yesno(_(":: Import PGP key %s, \"%s\", created %s?"), - key->fingerprint, key->uid, created); + *response = yesno(_(":: Import PGP key %s, \"%s\", created %s, length %d bytes?"), + key->fingerprint, key->uid, created, key->length); } break; } -- 1.7.7
