On Tue, 31 Jul 2012 11:56, [email protected] said: > On a related note, is it possible to extract the session key > (--show-session-key), but without decrypting the file in the process? > Just obtain the session key and stop there? I've already tried -n
There is no such option. I once did something similar, maybe you can make use of attached patch. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Patch for the gpg running on the freenigma servers. This enables a new mode to split public-key and symmetric encryption between two processes. When decrypting, gpg stops right after printing information pertaining to the used session key. When encrypting gpg stops after it has encrypted the session key to all given recipients. Information pertaining to this session key as well as the encrypted session keys are printed. 2006-07-20 Werner Koch <[email protected]> * gpg.c, options.h: New option --remote-session-key * encode.c (encode_crypt): Handle remote_session_key mode. * mainproc.c (proc_pubkey_enc): Ditto. * cipher.c (write_remote_session_header): New. diff -up orig/gnupg-1.4.4/g10/cipher.c gnupg-1.4.4/g10/cipher.c --- orig/gnupg-1.4.4/g10/cipher.c 2005-07-27 19:02:55.000000000 +0200 +++ gnupg-1.4.4/g10/cipher.c 2006-07-20 11:10:10.000000000 +0200 @@ -39,6 +39,44 @@ #define MIN_PARTIAL_SIZE 512 +void +write_remote_session_header (DEK *dek, unsigned long filesize) +{ + byte temp[16+14]; + unsigned int blocksize; + unsigned int nprefix; + u32 alen; + int i; + + blocksize = cipher_get_blocksize (dek->algo); + if ( blocksize < 8 || blocksize > 16) + log_fatal ("unsupported blocksize %u\n", blocksize ); + + { + char buf[20]; + + sprintf (buf, "%d %d", 0, dek->algo); + write_status_text (STATUS_BEGIN_ENCRYPTION, buf); + } + + nprefix = blocksize; + randomize_buffer (temp, nprefix, 1); + temp[nprefix] = temp[nprefix-2]; + temp[nprefix+1] = temp[nprefix-1]; + temp[nprefix+2] = 0xcb; /* Tag for a literal data packet. */ + temp[nprefix+3] = 0xff; /* Indicate 4 byte length header. */ + alen = filesize + 6; + temp[nprefix+4] = (alen >> 24); /* Length of plaintext. */ + temp[nprefix+5] = (alen >> 16); + temp[nprefix+6] = (alen >> 8); + temp[nprefix+7] = (alen); + temp[nprefix+8] = 0x62; /* Mode = binary. */ + temp[nprefix+9] = 0; /* Length of filename is zero. */ + memset (temp+nprefix+10, 0, 4); /* No time given. */ + for (i=0; i < nprefix+14; i++ ) + printf ("%02X", temp[i] ); +} + static void write_header( cipher_filter_context_t *cfx, IOBUF a ) diff -up orig/gnupg-1.4.4/g10/encode.c gnupg-1.4.4/g10/encode.c --- orig/gnupg-1.4.4/g10/encode.c 2006-04-20 09:26:52.000000000 +0200 +++ gnupg-1.4.4/g10/encode.c 2006-07-20 22:07:24.000000000 +0200 @@ -441,6 +441,9 @@ encode_crypt( const char *filename, STRL memset( &tfx, 0, sizeof tfx); init_packet(&pkt); + if (opt.remote_session_key) + do_compress = 0; + if(use_symkey && (rc=setup_symkey(&symkey_s2k,&symkey_dek))) return rc; @@ -484,8 +487,17 @@ encode_crypt( const char *filename, STRL if( opt.textmode ) iobuf_push_filter( inp, text_filter, &tfx ); - if( (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) - goto leave; + if (opt.remote_session_key) + { + out = iobuf_temp (); + rc = out? 0 : G10ERR_RESOURCE_LIMIT; + } + else + { + rc = open_outfile( filename, opt.armor? 1:0, &out ); + } + if (rc) + goto leave; if( opt.armor ) iobuf_push_filter( out, armor_filter, &afx ); @@ -574,7 +586,18 @@ encode_crypt( const char *filename, STRL } } - if (!iobuf_is_pipe_filename (filename) && *filename && !opt.textmode ) + if (opt.remote_session_key) + { + /* We read the size of the file from the input file. */ + char temp[20]; + int c, i; + + for (i=0; (c=iobuf_get(inp)) != -1 && c != '\n' && i < DIM(temp)-1;) + temp[i++] = c; + temp[i] = 0; + filesize = strtoul (temp, NULL, 0); + } + else if (!iobuf_is_pipe_filename (filename) && *filename && !opt.textmode ) { off_t tmpsize; int overflow; @@ -594,7 +617,7 @@ encode_crypt( const char *filename, STRL else filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */ - if (!opt.no_literal) { + if (!opt.no_literal && !opt.remote_session_key) { pt->timestamp = make_timestamp(); pt->mode = opt.textmode ? 't' : 'b'; pt->len = filesize; @@ -608,7 +631,8 @@ encode_crypt( const char *filename, STRL cfx.datalen = filesize && !do_compress ? filesize : 0; /* register the cipher filter */ - iobuf_push_filter( out, cipher_filter, &cfx ); + if (!opt.remote_session_key) + iobuf_push_filter( out, cipher_filter, &cfx ); /* register the compress filter */ if( do_compress ) { @@ -639,8 +663,53 @@ encode_crypt( const char *filename, STRL } /* do the work */ - if (!opt.no_literal) { + if (opt.remote_session_key) + { + /* We have gathered most of the data, print it out. As usual + we do this to stdout while ignoring --output. */ + int i; + const unsigned char *outbuf; + size_t outbuflen; + u32 alen; + + alen = filesize + 30; /* 30 is the length of ldphdr assuming a + blocksize of 16. */ + iobuf_put (out, 0xc9); /* Packet tag. */ + iobuf_put (out, 0xff); /* 4 byte length header follows. */ + iobuf_put (out, alen >> 24); + iobuf_put (out, alen >> 16); + iobuf_put (out, alen >> 8); + iobuf_put (out, alen); + iobuf_flush_temp (out); + outbuf = iobuf_get_temp_buffer (out); + outbuflen = iobuf_get_temp_length (out); + + printf ("<freenigma version=\"1\">\n" + " <encryptreply>\n" + " <dek>\n" + " <algo>%d</algo>\n" + " <key>", + cfx.dek->algo); + for (i=0; i < cfx.dek->keylen; i++ ) + printf ("%02X", cfx.dek->key[i] ); + fputs ( "</key>\n" + " </dek>\n" + " <encdek>\n" + " <data>", stdout); + for (i=0; i < outbuflen ; i++ ) + printf ("%02X", outbuf[i] ); + fputs ( "</data>\n" + " </encdek>\n" + " <ldphdr>\n" + " <data>", stdout); + write_remote_session_header (cfx.dek, filesize); + fputs ( "</data>\n" + " </ldphdr>\n" + " </encryptreply>\n" + "</freenigma>\n", stdout); + } + else if (!opt.no_literal) { if( (rc = build_packet( out, &pkt )) ) log_error("build_packet failed: %s\n", g10_errstr(rc) ); } diff -up orig/gnupg-1.4.4/g10/filter.h gnupg-1.4.4/g10/filter.h --- orig/gnupg-1.4.4/g10/filter.h 2005-07-27 19:02:55.000000000 +0200 +++ gnupg-1.4.4/g10/filter.h 2006-07-17 22:14:08.000000000 +0200 @@ -143,6 +143,7 @@ void push_compress_filter2(IOBUF out,com int algo,int rel); /*-- cipher.c --*/ +void write_remote_session_header (DEK *dek, unsigned long filesize); int cipher_filter( void *opaque, int control, IOBUF chain, byte *buf, size_t *ret_len); diff -up orig/gnupg-1.4.4/g10/gpg.c gnupg-1.4.4/g10/gpg.c --- orig/gnupg-1.4.4/g10/gpg.c 2006-06-25 12:58:40.000000000 +0200 +++ gnupg-1.4.4/g10/gpg.c 2006-07-17 08:47:34.000000000 +0200 @@ -314,6 +314,7 @@ enum cmd_and_opt_values oIgnoreValidFrom, oIgnoreCrcError, oIgnoreMDCError, + oRemoteSessionKey, oShowSessionKey, oOverrideSessionKey, oNoRandomSeedFile, @@ -650,6 +651,7 @@ static ARGPARSE_OPTS opts[] = { { oIgnoreValidFrom, "ignore-valid-from", 0, "@" }, { oIgnoreCrcError, "ignore-crc-error", 0,"@" }, { oIgnoreMDCError, "ignore-mdc-error", 0,"@" }, + { oRemoteSessionKey, "remote-session-key", 0, "@" }, { oShowSessionKey, "show-session-key", 0, "@" }, { oOverrideSessionKey, "override-session-key", 2, "@" }, { oNoRandomSeedFile, "no-random-seed-file", 0, "@" }, @@ -2632,6 +2634,7 @@ main (int argc, char **argv ) pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve": "no-auto-key-retrieve"); break; + case oRemoteSessionKey: opt.remote_session_key = 1; break; case oShowSessionKey: opt.show_session_key = 1; break; case oOverrideSessionKey: opt.override_session_key = pargs.r.ret_str; diff -up orig/gnupg-1.4.4/g10/mainproc.c gnupg-1.4.4/g10/mainproc.c --- orig/gnupg-1.4.4/g10/mainproc.c 2006-04-08 02:51:28.000000000 +0200 +++ gnupg-1.4.4/g10/mainproc.c 2006-07-20 22:08:26.000000000 +0200 @@ -437,6 +437,30 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) if( !result && opt.verbose > 1 ) log_info( _("public key encrypted data: good DEK\n") ); + + if (!result && c->dek && opt.remote_session_key) + { + int i; + + /* While decrypting we skip all further processing and + only return the session key and some related info. To + make things easier we will always output this + information to stdout!. */ + printf ("<freenigma version=\"1\">\n" + " <decryptreply>\n" + " <dek>\n" + " <algo>%d</algo>\n" + " <key>", + c->dek->algo); + for (i=0; i < c->dek->keylen; i++ ) + printf ("%02X", c->dek->key[i] ); + fputs ( "</key>\n" + " </dek>\n" + " </decryptreply>\n" + "</freenigma>\n", stdout); + g10_exit (0); + } + } free_packet(pkt); diff -up orig/gnupg-1.4.4/g10/options.h gnupg-1.4.4/g10/options.h --- orig/gnupg-1.4.4/g10/options.h 2006-06-25 12:58:40.000000000 +0200 +++ gnupg-1.4.4/g10/options.h 2006-07-17 08:47:56.000000000 +0200 @@ -184,6 +184,7 @@ struct int command_fd; const char *override_session_key; int show_session_key; + int remote_session_key; int use_agent; const char *gpg_agent_info; int try_all_secrets;
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
