|
|
@ -1350,6 +1350,53 @@ DYNAMIC_API const char *per_user_directory(void); |
|
|
|
|
|
|
|
DYNAMIC_API const char *per_machine_directory(void); |
|
|
|
|
|
|
|
// FIXME: replace in canonical style |
|
|
|
// |
|
|
|
// config_passphrase() - configure a key passphrase for the current session. |
|
|
|
// |
|
|
|
// A passphrase can be configured into a p≡p session. Then it is used whenever a |
|
|
|
// secret key is used which requires a passphrase. |
|
|
|
// |
|
|
|
// A passphrase is a string between 1 and 1024 bytes and is only ever present in |
|
|
|
// memory. Because strings in the p≡p engine are UTF-8 NFC, the string is |
|
|
|
// restricted to 250 code points in UI. |
|
|
|
// |
|
|
|
// This function copies the passphrase into the session. It may return |
|
|
|
// PEP_OUT_OF_MEMORY. The behaviour of all functions which use secret keys may |
|
|
|
// change after this is configured. Error behaviour |
|
|
|
// |
|
|
|
// For any function which may trigger the use of a secret key, if an attempt |
|
|
|
// to use a secret key which requires a passphrase occurs and no passphrase |
|
|
|
// is configured for the current session, PEP_PASSPHRASE_REQUIRED is |
|
|
|
// returned by this function (and thus, all functions which could trigger |
|
|
|
// such a usage must be prepared to return this value). For any function |
|
|
|
// which may trigger the use of a secret key, if a passphrase is configured |
|
|
|
// and the configured passphrase is the wrong passphrase for the use of a |
|
|
|
// given passphrase-protected secret key, PEP_WRONG_PASSPHRASE is returned |
|
|
|
// by this function (and thus, all functions which could trigger such a |
|
|
|
// usage must be prepared to return this value). |
|
|
|
|
|
|
|
DYNAMIC_API PEP_STATUS config_passphrase(PEP_SESSION session, const char *passphrase); |
|
|
|
|
|
|
|
// FIXME: replace in canonical style |
|
|
|
// |
|
|
|
// Passphrase enablement for newly-generated secret keys |
|
|
|
// |
|
|
|
// If it is desired that new p≡p keys are passphrase-protected, the following |
|
|
|
// API call is used to enable the addition of passphrases to new keys during key |
|
|
|
// generation: |
|
|
|
// |
|
|
|
// If enabled and a passphrase has been configured (see above), then any |
|
|
|
// time a secret key is generated while enabled, the configured passphrase |
|
|
|
// will be used as the passphrase for any newly-generated secret key. If |
|
|
|
// enabled and a passphrase has not been configured, then any function which |
|
|
|
// can attempt to generate a secret key will return |
|
|
|
// PEP_PASSPHRASE_FOR_NEW_KEY_REQUIRED. If disabled (i.e. not enabled) and |
|
|
|
// a passphrase has been configured, no passphrases will be used for |
|
|
|
// newly-generated keys. |
|
|
|
// |
|
|
|
|
|
|
|
DYNAMIC_API void config_passphrase_for_new_keys(PEP_SESSION session, bool enable); |
|
|
|
|
|
|
|
PEP_STATUS _generate_keypair(PEP_SESSION session, |
|
|
|
pEp_identity *identity, |
|
|
|