You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

702 lines
25 KiB

8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
7 years ago
7 years ago
6 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
3 years ago
3 years ago
3 years ago
3 years ago
8 years ago
8 years ago
8 years ago
8 years ago
7 years ago
7 years ago
7 years ago
7 years ago
4 years ago
4 years ago
4 years ago
4 years ago
2 years ago
8 years ago
  1. /**
  2. * @file message_api.h
  3. * @brief pEp engine API for message handling and evaluation and related functions
  4. * @license GNU General Public License 3.0 - see LICENSE.txt
  5. */
  6. #pragma once
  7. #include "pEpEngine.h"
  8. #include "keymanagement.h"
  9. #include "message.h"
  10. #include "cryptotech.h"
  11. #ifdef __cplusplus
  12. extern "C" {
  13. #endif
  14. bool import_attached_keys(
  15. PEP_SESSION session,
  16. message *msg,
  17. identity_list **private_idents,
  18. stringlist_t** imported_keys,
  19. uint64_t* changed_keys
  20. );
  21. /**
  22. * <!-- attach_own_key() -->
  23. *
  24. * @brief TODO
  25. *
  26. * @param[in] session PEP_SESSION
  27. * @param[in] *msg message
  28. *
  29. */
  30. void attach_own_key(PEP_SESSION session, message *msg);
  31. /**
  32. * <!-- determine_encryption_format() -->
  33. *
  34. * @brief TODO
  35. *
  36. * @param[in] *msg message
  37. *
  38. */
  39. PEP_cryptotech determine_encryption_format(message *msg);
  40. /**
  41. * <!-- add_opt_field() -->
  42. *
  43. * @brief TODO
  44. *
  45. * @param[in] *msg message
  46. * @param[in] *name constchar
  47. * @param[in] *value constchar
  48. *
  49. */
  50. void add_opt_field(message *msg, const char *name, const char *value);
  51. /**
  52. * @enum PEP_encrypt_flags
  53. *
  54. * @brief TODO
  55. *
  56. */
  57. typedef enum _PEP_encrypt_flags {
  58. // "default" means whatever the default behaviour for the function is.
  59. PEP_encrypt_flag_default = 0x0,
  60. PEP_encrypt_flag_force_encryption = 0x1,
  61. // This flag is for special use cases and should not be used
  62. // by normal pEp clients!
  63. PEP_encrypt_flag_force_unsigned = 0x2,
  64. PEP_encrypt_flag_force_no_attached_key = 0x4,
  65. // This is used for outer messages (used to wrap the real message)
  66. // This is only used internally and (eventually) by transport functions
  67. PEP_encrypt_flag_inner_message = 0x8,
  68. // This is mainly used by pEp clients to send private keys to
  69. // their own PGP-only device
  70. PEP_encrypt_flag_force_version_1 = 0x10,
  71. PEP_encrypt_flag_key_reset_only = 0x20,
  72. // This flag is used to let internal functions know that an encryption
  73. // call is being used as part of a reencryption operation
  74. PEP_encrypt_reencrypt = 0x40
  75. } PEP_encrypt_flags;
  76. typedef unsigned int PEP_encrypt_flags_t;
  77. /**
  78. * @enum message_wrap_type
  79. *
  80. * @brief TODO
  81. *
  82. */
  83. typedef enum _message_wrap_type {
  84. PEP_message_unwrapped, // 1.0 or anything we don't wrap
  85. PEP_message_default, // typical inner/outer message 2.0
  86. PEP_message_transport, // e.g. for onion layers
  87. PEP_message_key_reset // for wrapped key reset information
  88. } message_wrap_type;
  89. /**
  90. * <!-- encrypt_message() -->
  91. *
  92. * @brief Encrypt message in memory
  93. *
  94. * @param[in] session session handle
  95. * @param[in,out] src message to encrypt - usually in-only, but can be
  96. * in-out for unencrypted messages; in that case,
  97. * we may attach the key and decorate the message
  98. * @param[in] extra extra keys for encryption
  99. * @param[out] dst pointer to new encrypted message or NULL if no
  100. * encryption could take place
  101. * @param[in] enc_format The desired format this message should be encrypted with
  102. * @param[in] flags flags to set special encryption features
  103. *
  104. * @retval PEP_STATUS_OK on success
  105. * @retval PEP_KEY_HAS_AMBIG_NAME at least one of the receipient keys has
  106. * an ambiguous name
  107. * @retval PEP_UNENCRYPTED on demand or no recipients with usable
  108. * key, is left unencrypted, and key is
  109. * attached to it
  110. *
  111. * @warning the ownership of src remains with the caller
  112. * the ownership of dst goes to the caller
  113. *
  114. * enc_format PEP_enc_inline_EA:
  115. * internal format of the encrypted attachments is changing, see
  116. * https://dev.pep.foundation/Engine/ElevatedAttachments
  117. *
  118. * Only use this for transports without support for attachments
  119. * when attached data must be sent inline
  120. *
  121. */
  122. DYNAMIC_API PEP_STATUS encrypt_message(
  123. PEP_SESSION session,
  124. message *src,
  125. stringlist_t *extra,
  126. message **dst,
  127. PEP_enc_format enc_format,
  128. PEP_encrypt_flags_t flags
  129. );
  130. /**
  131. * <!-- encrypt_message_and_add_priv_key() -->
  132. *
  133. * @brief Encrypt message in memory, adding an encrypted private
  134. * key (encrypted separately and sent within the inner message)
  135. *
  136. * @param[in] session session handle
  137. * @param[in] src message to encrypt
  138. * @param[out] dst pointer to new encrypted message or NULL if no
  139. * encryption could take place
  140. * @param[in] to_fpr fingerprint of the recipient key to which the private key
  141. * should be encrypted
  142. * @param[in] enc_format encrypted format
  143. * @param[in] flags flags to set special encryption features
  144. *
  145. * @retval PEP_STATUS_OK on success
  146. * @retval PEP_KEY_HAS_AMBIG_NAME at least one of the receipient keys has
  147. * an ambiguous name
  148. * @retval PEP_UNENCRYPTED on demand or no recipients with usable
  149. * key, is left unencrypted, and key is
  150. * attached to it
  151. *
  152. * @warning the ownershop of src remains with the caller
  153. * the ownership of dst goes to the caller
  154. *
  155. */
  156. DYNAMIC_API PEP_STATUS encrypt_message_and_add_priv_key(
  157. PEP_SESSION session,
  158. message *src,
  159. message **dst,
  160. const char* to_fpr,
  161. PEP_enc_format enc_format,
  162. PEP_encrypt_flags_t flags
  163. );
  164. /**
  165. * <!-- encrypt_message_for_self() -->
  166. *
  167. * @brief Encrypt message in memory for user's identity only,
  168. * ignoring recipients and other identities from
  169. * the message
  170. *
  171. * @param[in] session session handle
  172. * @param[in] target_id self identity this message should be encrypted for
  173. * @param[in] src message to encrypt
  174. * @param[in] extra extra keys for encryption
  175. * @param[out] dst pointer to new encrypted message or NULL on failure
  176. * @param[in] enc_format encrypted format
  177. * @param[in] flags flags to set special encryption features
  178. *
  179. * @retval PEP_STATUS_OK on success
  180. * @retval PEP_KEY_NOT_FOUND at least one of the receipient keys
  181. * could not be found
  182. * @retval PEP_KEY_HAS_AMBIG_NAME at least one of the receipient keys has
  183. * an ambiguous name
  184. * @retval PEP_GET_KEY_FAILED cannot retrieve key
  185. *
  186. * @warning the ownership of src remains with the caller
  187. * the ownership of target_id remains w/ caller
  188. * the ownership of dst goes to the caller
  189. * message is NOT encrypted for identities other than the target_id (and then,
  190. * only if the target_id refers to self!)
  191. *
  192. */
  193. DYNAMIC_API PEP_STATUS encrypt_message_for_self(
  194. PEP_SESSION session,
  195. pEp_identity* target_id,
  196. message *src,
  197. stringlist_t* extra,
  198. message **dst,
  199. PEP_enc_format enc_format,
  200. PEP_encrypt_flags_t flags
  201. );
  202. /**
  203. * @enum PEP_rating
  204. *
  205. * @brief TODO
  206. *
  207. */
  208. typedef enum _PEP_rating {
  209. PEP_rating_undefined = 0,
  210. // no color
  211. PEP_rating_cannot_decrypt = 1,
  212. PEP_rating_have_no_key = 2,
  213. PEP_rating_unencrypted = 3,
  214. PEP_rating_unreliable = 5,
  215. PEP_rating_b0rken = -2,
  216. // yellow
  217. PEP_rating_reliable = 6,
  218. // green
  219. PEP_rating_trusted = 7,
  220. PEP_rating_trusted_and_anonymized = 8,
  221. PEP_rating_fully_anonymous = 9,
  222. // red
  223. PEP_rating_mistrust = -1,
  224. PEP_rating_under_attack = -3
  225. } PEP_rating;
  226. /**
  227. * @enum PEP_color
  228. *
  229. * @brief TODO
  230. *
  231. */
  232. typedef enum _PEP_color {
  233. PEP_color_no_color = 0,
  234. PEP_color_yellow,
  235. PEP_color_green,
  236. PEP_color_red = -1,
  237. } PEP_color;
  238. /**
  239. * <!-- color_from_rating() -->
  240. *
  241. * @brief Calculate color from rating
  242. *
  243. * @param[in] rating rating
  244. *
  245. * @retval PEP_color color representing the rating
  246. */
  247. DYNAMIC_API PEP_color color_from_rating(PEP_rating rating);
  248. /**
  249. * @enum PEP_decrypt_flags
  250. *
  251. * @brief TODO
  252. *
  253. */
  254. typedef enum _PEP_decrypt_flags {
  255. PEP_decrypt_flag_own_private_key = 0x1,
  256. PEP_decrypt_flag_consume = 0x2,
  257. PEP_decrypt_flag_ignore = 0x4,
  258. PEP_decrypt_flag_src_modified = 0x8,
  259. // input flags
  260. PEP_decrypt_flag_untrusted_server = 0x100,
  261. PEP_decrypt_flag_dont_trigger_sync = 0x200
  262. } PEP_decrypt_flags;
  263. typedef unsigned int PEP_decrypt_flags_t;
  264. /**
  265. * <!-- decrypt_message() -->
  266. *
  267. * @brief Decrypt message in memory
  268. *
  269. * @param[in] session session handle
  270. * @param[in,out] src message to decrypt
  271. * @param[out] dst pointer to new decrypted message or NULL on failure
  272. * @param[in,out] keylist in: stringlist with additional keyids for reencryption if needed
  273. * (will be freed and replaced with output keylist)
  274. * out: stringlist with keyids used for signing and encryption. first
  275. * first key is signer, additional keys are the ones it was encrypted
  276. * to. Only signer and whichever of the user's keys was used are
  277. * reliable
  278. * @param[out] rating rating for the message
  279. * @param[in,out] flags flags to signal special decryption features
  280. *
  281. * @retval <ERROR> any error status
  282. * @retval PEP_DECRYPTED if message decrypted but not verified
  283. * @retval PEP_CANNOT_REENCRYPT if message was decrypted (and possibly
  284. * verified) but a reencryption operation is expected by the caller
  285. * and failed
  286. * @retval PEP_STATUS_OK on success
  287. *
  288. * @note Flags above are as follows:
  289. * @verbatim
  290. * ---------------------------------------------------------------------------------------------|
  291. * Incoming flags |
  292. * ---------------------------------------------------------------------------------------------|
  293. * Flag | Description |
  294. * --------------------------------------|------------------------------------------------------|
  295. * PEP_decrypt_flag_untrusted_server | used to signal that decrypt function should engage |
  296. * | in behaviour specified for when the server storing |
  297. * | the source is untrusted. |
  298. * ---------------------------------------------------------------------------------------------|
  299. * Outgoing flags |
  300. * ---------------------------------------------------------------------------------------------|
  301. * PEP_decrypt_flag_own_private_key | private key was imported for one of our addresses |
  302. * | (NOT trusted or set to be used - handshake/trust is |
  303. * | required for that) |
  304. * | |
  305. * PEP_decrypt_flag_src_modified | indicates that the modified_src field should contain |
  306. * | a modified version of the source, at the moment |
  307. * | always as a result of the input flags. |
  308. * | |
  309. * PEP_decrypt_flag_consume | used by sync to indicate this was a pEp internal |
  310. * | message and should be consumed externally without |
  311. * | showing it as a normal message to the user |
  312. * | |
  313. * PEP_decrypt_flag_ignore | used by sync |
  314. * ---------------------------------------------------------------------------------------------| @endverbatim
  315. *
  316. * @warning the ownership of src remains with the caller - however, the contents
  317. * might be modified (strings freed and allocated anew or set to NULL,
  318. * etc) intentionally; when this happens, PEP_decrypt_flag_src_modified
  319. * is set.
  320. * the ownership of dst goes to the caller
  321. * the ownership of keylist goes to the caller
  322. * if src is unencrypted this function returns PEP_UNENCRYPTED and sets
  323. * dst to NULL
  324. * if src->enc_format is PEP_enc_inline_EA on input then elevated attachments
  325. * will be expected
  326. *
  327. */
  328. DYNAMIC_API PEP_STATUS decrypt_message(
  329. PEP_SESSION session,
  330. message *src,
  331. message **dst,
  332. stringlist_t **keylist,
  333. PEP_rating *rating,
  334. PEP_decrypt_flags_t *flags
  335. );
  336. /**
  337. * <!-- own_message_private_key_details() -->
  338. *
  339. * @brief Details on own key in own message
  340. *
  341. * @param[in] session session handle
  342. * @param[in] msg message to decrypt
  343. * @param[out] ident identity containing uid, address and fpr of key
  344. * note:
  345. * In order to obtain details about key to be possibly imported
  346. * as a replacement of key currently used as own identity,
  347. * application passes message that have been previously flagged by
  348. * decrypt_message() as own message containing own key to this function
  349. *
  350. * @retval error status or PEP_STATUS_OK on success
  351. *
  352. * @warning the ownership of msg remains with the caller
  353. * the ownership of ident goes to the caller
  354. * msg MUST be encrypted so that this function can check own signature
  355. *
  356. */
  357. DYNAMIC_API PEP_STATUS own_message_private_key_details(
  358. PEP_SESSION session,
  359. message *msg,
  360. pEp_identity **ident
  361. );
  362. /**
  363. * <!-- outgoing_message_rating() -->
  364. *
  365. * @brief Get rating for an outgoing message
  366. *
  367. * @param[in] session session handle
  368. * @param[in] msg message to get the rating for
  369. * @param[out] rating rating for the message
  370. *
  371. * @retval error status or PEP_STATUS_OK on success
  372. *
  373. * @warning msg->from must point to a valid pEp_identity
  374. * msg->dir must be PEP_dir_outgoing
  375. * the ownership of msg remains with the caller
  376. *
  377. */
  378. DYNAMIC_API PEP_STATUS outgoing_message_rating(
  379. PEP_SESSION session,
  380. message *msg,
  381. PEP_rating *rating
  382. );
  383. /**
  384. * <!-- outgoing_message_rating_preview() -->
  385. *
  386. * @brief Get rating preview
  387. *
  388. * @param[in] session session handle
  389. * @param[in] msg message to get the rating for
  390. * @param[out] rating rating preview for the message
  391. *
  392. * @retval error status or PEP_STATUS_OK on success
  393. *
  394. * @warning msg->from must point to a valid pEp_identity
  395. * msg->dir must be PEP_dir_outgoing
  396. * the ownership of msg remains with the caller
  397. *
  398. */
  399. DYNAMIC_API PEP_STATUS outgoing_message_rating_preview(
  400. PEP_SESSION session,
  401. message *msg,
  402. PEP_rating *rating
  403. );
  404. /**
  405. * <!-- identity_rating() -->
  406. *
  407. * @brief Get rating for a single identity
  408. *
  409. * @param[in] session session handle
  410. * @param[in] ident identity to get the rating for
  411. * @param[out] rating rating for the identity
  412. *
  413. * @retval error status or PEP_STATUS_OK on success
  414. *
  415. * @warning the ownership of ident remains with the caller
  416. *
  417. */
  418. DYNAMIC_API PEP_STATUS identity_rating(
  419. PEP_SESSION session,
  420. pEp_identity *ident,
  421. PEP_rating *rating
  422. );
  423. /**
  424. * <!-- get_binary_path() -->
  425. *
  426. * @brief Retrieve path of cryptotech binary if available
  427. *
  428. * @param[in] tech cryptotech to get the binary for
  429. * @param[out] path path to cryptotech binary or NULL if not available
  430. * **path is owned by the library, do not change it!
  431. *
  432. *
  433. */
  434. DYNAMIC_API PEP_STATUS get_binary_path(PEP_cryptotech tech, const char **path);
  435. /**
  436. * <!-- get_trustwords() -->
  437. *
  438. * @brief Get full trustwords string for a *pair* of identities
  439. *
  440. * @param[in] session session handle
  441. * @param[in] id1 identity of first party in communication - fpr can't be NULL
  442. * @param[in] id2 identity of second party in communication - fpr can't be NULL
  443. * @param[in] lang C string with ISO 639-1 language code
  444. * @param[out] words pointer to C string with all trustwords UTF-8 encoded,
  445. * separated by a blank each
  446. * NULL if language is not supported or trustword
  447. * wordlist is damaged or unavailable
  448. * @param[out] wsize length of full trustwords string
  449. * @param[in] full if true, generate ALL trustwords for these identities.
  450. * else, generate a fixed-size subset. (TODO: fixed-minimum-entropy
  451. * subset in next version)
  452. *
  453. * @retval PEP_STATUS_OK trustwords retrieved
  454. * @retval PEP_OUT_OF_MEMORY out of memory
  455. * @retval PEP_TRUSTWORD_NOT_FOUND at least one trustword not found
  456. *
  457. * @warning the word pointer goes to the ownership of the caller
  458. * the caller is responsible to free() it (on Windoze use pEp_free())
  459. *
  460. */
  461. DYNAMIC_API PEP_STATUS get_trustwords(
  462. PEP_SESSION session, const pEp_identity* id1, const pEp_identity* id2,
  463. const char* lang, char **words, size_t *wsize, bool full
  464. );
  465. /**
  466. * <!-- get_message_trustwords() -->
  467. *
  468. * @brief Get full trustwords string for message sender and reciever identities
  469. *
  470. * @param[in] session session handle
  471. * @param[in] msg message to get sender identity from
  472. * @param[in] keylist NULL if message to be decrypted,
  473. * keylist returned by decrypt_message() otherwise
  474. * @param[in] received_by identity for account receiving message can't be NULL
  475. * @param[in] lang C string with ISO 639-1 language code
  476. * @param[out] words pointer to C string with all trustwords UTF-8 encoded,
  477. * separated by a blank each
  478. * NULL if language is not supported or trustword
  479. * wordlist is damaged or unavailable
  480. * @param[in] full if true, generate ALL trustwords for these identities.
  481. * else, generate a fixed-size subset. (TODO: fixed-minimum-entropy
  482. * subset in next version)
  483. *
  484. * @retval PEP_STATUS_OK trustwords retrieved
  485. * @retval PEP_OUT_OF_MEMORY out of memory
  486. * @retval PEP_TRUSTWORD_NOT_FOUND at least one trustword not found
  487. * @retval error status of decrypt_message() if decryption fails.
  488. *
  489. * @warning the word pointer goes to the ownership of the caller
  490. * the caller is responsible to free() it (on Windoze use pEp_free())
  491. *
  492. */
  493. DYNAMIC_API PEP_STATUS get_message_trustwords(
  494. PEP_SESSION session,
  495. message *msg,
  496. stringlist_t *keylist,
  497. pEp_identity* received_by,
  498. const char* lang, char **words, bool full
  499. );
  500. /**
  501. * <!-- get_trustwords_for_fprs() -->
  502. *
  503. * @brief Get full trustwords string for a pair of fingerprints
  504. *
  505. * @param[in] session session handle
  506. * @param[in] fpr1 fingerprint 1
  507. * @param[in] fpr2 fingerprint 2
  508. * @param[in] lang C string with ISO 639-1 language code
  509. * @param[out] words pointer to C string with all trustwords UTF-8 encoded,
  510. * separated by a blank each
  511. * NULL if language is not supported or trustword
  512. * wordlist is damaged or unavailable
  513. * @param[out] wsize length of full trustwords string
  514. * @param[in] full if true, generate ALL trustwords for these identities.
  515. * else, generate a fixed-size subset. (TODO: fixed-minimum-entropy
  516. * subset in next version)
  517. *
  518. * @retval PEP_STATUS_OK trustwords retrieved
  519. * @retval PEP_OUT_OF_MEMORY out of memory
  520. * @retval PEP_TRUSTWORD_NOT_FOUND at least one trustword not found
  521. *
  522. * @warning the word pointer goes to the ownership of the caller
  523. * the caller is responsible to free() it (on Windoze use pEp_free())
  524. *
  525. */
  526. DYNAMIC_API PEP_STATUS get_trustwords_for_fprs(
  527. PEP_SESSION session, const char* fpr1, const char* fpr2,
  528. const char* lang, char **words, size_t *wsize, bool full
  529. );
  530. /**
  531. * <!-- re_evaluate_message_rating() -->
  532. *
  533. * @brief Re-evaluate already decrypted message rating
  534. *
  535. * @param[in] session session handle
  536. * @param[in] msg message to get the rating for
  537. * @param[in] x_keylist decrypted message recipients keys fpr
  538. * @param[in] x_enc_status original rating for the decrypted message
  539. * @param[out] rating rating for the message
  540. *
  541. * @retval PEP_ILLEGAL_VALUE if decrypted message doesn't contain
  542. * X-EncStatus optional field and x_enc_status is
  543. * pEp_rating_udefined
  544. * or if decrypted message doesn't contain
  545. * X-Keylist optional field and x_keylist is NULL
  546. * @retval PEP_OUT_OF_MEMORY if not enough memory could be allocated
  547. *
  548. * @warning msg->from must point to a valid pEp_identity
  549. * the ownership of msg remains with the caller
  550. * the ownership of x_keylist remains with to the caller
  551. *
  552. */
  553. DYNAMIC_API PEP_STATUS re_evaluate_message_rating(
  554. PEP_SESSION session,
  555. message *msg,
  556. stringlist_t *x_keylist,
  557. PEP_rating x_enc_status,
  558. PEP_rating *rating
  559. );
  560. /**
  561. * <!-- get_key_rating_for_user() -->
  562. *
  563. * @brief Get the rating of a certain key for a certain user
  564. *
  565. * @param[in] session session handle
  566. * @param[in] user_id string with user ID
  567. * @param[in] fpr string with fingerprint
  568. * @param[out] rating rating of key for this user
  569. *
  570. * @retval PEP_RECORD_NOT_FOUND if no trust record for user_id
  571. * and fpr can be found
  572. *
  573. *
  574. */
  575. DYNAMIC_API PEP_STATUS get_key_rating_for_user(
  576. PEP_SESSION session,
  577. const char *user_id,
  578. const char *fpr,
  579. PEP_rating *rating
  580. );
  581. /**
  582. * <!-- rating_from_comm_type() -->
  583. *
  584. * @brief Get the rating for a comm type
  585. *
  586. * @param[in] ct the comm type to deliver the rating for
  587. *
  588. * @retval PEP_rating rating value for comm type ct
  589. *
  590. *
  591. */
  592. DYNAMIC_API PEP_rating rating_from_comm_type(PEP_comm_type ct);
  593. /**
  594. * @internal
  595. *
  596. * <!-- try_encrypt_message() -->
  597. *
  598. * @brief This is the internal version of encrypt_message()
  599. * to be used by asynchronous network protocol
  600. * implementations. This function is calls messageToSend(NULL)
  601. * in case there is a missing or wrong passphrase.
  602. *
  603. * @param[in] session PEP_SESSION
  604. * @param[in] *src message
  605. * @param[in] *extra stringlist_t
  606. * @param[in] **dst message
  607. * @param[in] enc_format PEP_enc_format
  608. * @param[in] flags PEP_encrypt_flags_t
  609. *
  610. * @warning Do NOT use this function in adapters.
  611. *
  612. * @todo KB: line up with the try_base_blahblah docs
  613. */
  614. PEP_STATUS try_encrypt_message(
  615. PEP_SESSION session,
  616. message *src,
  617. stringlist_t *extra,
  618. message **dst,
  619. PEP_enc_format enc_format,
  620. PEP_encrypt_flags_t flags
  621. );
  622. /**
  623. * <!-- probe_encrypt() -->
  624. *
  625. * @brief Test if passphrase for a key is working in current session
  626. *
  627. * @param[in] session session handle
  628. * @param[in] fpr fingerprint of key to test
  629. *
  630. * @retval PEP_STATUS_OK in case passphrase works
  631. * @retval error if not
  632. *
  633. *
  634. */
  635. DYNAMIC_API PEP_STATUS probe_encrypt(PEP_SESSION session, const char *fpr);
  636. #ifdef __cplusplus
  637. }
  638. #endif