From e043384c6756d7de65814d2077690827332516ad Mon Sep 17 00:00:00 2001 From: stephen mcquay Date: Mon, 26 Feb 2018 19:31:31 -0800 Subject: [PATCH] Adds pm key remove --- cmd/pm/main.go | 9 +++++++++ keyring/keyring.go | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/cmd/pm/main.go b/cmd/pm/main.go index 7432082..0c972ed 100644 --- a/cmd/pm/main.go +++ b/cmd/pm/main.go @@ -22,6 +22,7 @@ subcommands: export (e) -- export a public key to stdout import (i) -- import a public key from stdin list (ls) -- list configured key info + remove (rm) -- remove a key from the keyring sign (s) -- sign a file verify (v) -- verify a detached signature ` @@ -114,6 +115,14 @@ func main() { if err := keyring.Import(root, os.Stdin); err != nil { fatalf("importing key: %v\n", err) } + case "remove", "rm": + if len(args) != 1 { + fatalf("missing key id\n\nusage: pm key remove \n") + } + id := args[0] + if err := keyring.Remove(root, id); err != nil { + fatalf("removing key for %q: %v\n", id, err) + } default: fatalf("unknown keyring subcommand: %q\n\nusage: %v", sub, keyUsage) } diff --git a/keyring/keyring.go b/keyring/keyring.go index 2385336..43dc428 100644 --- a/keyring/keyring.go +++ b/keyring/keyring.go @@ -220,6 +220,48 @@ func Verify(root string, file, sig io.Reader) error { return nil } +// Remove removes public key information for a given id. +// +// It skips public keys that have matching secret keys, and does not effect +// private keys. +func Remove(root string, id string) error { + if err := ensureDir(root); err != nil { + return errors.Wrap(err, "can't find or create pgp dir") + } + srn, prn := getNames(root) + secs, pubs, err := getELs(srn, prn) + if err != nil { + return errors.Wrap(err, "getting existing keyrings") + } + victim, err := findKey(pubs, id) + if err != nil { + return errors.Wrapf(err, "finding key %q", id) + } + + pr, err := os.Create(prn) + if err != nil { + return errors.Wrap(err, "opening pubring") + } + var rerr error + for _, p := range pubs { + if victim.PrimaryKey.KeyId == p.PrimaryKey.KeyId { + if len(secs.KeysById(victim.PrimaryKey.KeyId)) == 0 { + continue + } + rerr = fmt.Errorf("skipping pubkey with matching privkey: %v", p.PrimaryKey.KeyIdShortString()) + } + + if err := p.Serialize(pr); err != nil { + return errors.Wrapf(err, "serializing %v", p.PrimaryKey.KeyIdString()) + } + } + if err := pr.Close(); err != nil { + return errors.Wrap(err, "closing pubring") + } + + return rerr +} + func pGPDir(root string) string { return filepath.Join(root, "var", "lib", "pm", "pgp") }