| 1 | /* GPG key management with proper isolation and signing configuration */ |
| 2 | |
| 3 | #ifndef GPG_MANAGER_H |
| 4 | #define GPG_MANAGER_H |
| 5 | |
| 6 | #include "gitswitch.h" |
| 7 | |
| 8 | /* GPG management modes */ |
| 9 | typedef enum { |
| 10 | GPG_MODE_SYSTEM, /* Use system GPG configuration */ |
| 11 | GPG_MODE_ISOLATED, /* Use isolated GNUPGHOME per account */ |
| 12 | GPG_MODE_SHARED /* Shared GNUPGHOME with key switching */ |
| 13 | } gpg_mode_t; |
| 14 | |
| 15 | /* GPG configuration structure */ |
| 16 | typedef struct { |
| 17 | gpg_mode_t mode; |
| 18 | char gnupg_home[MAX_PATH_LEN]; /* GNUPGHOME path */ |
| 19 | char current_key_id[MAX_KEY_ID_LEN]; |
| 20 | bool signing_enabled; |
| 21 | bool home_owned; /* Whether we created this GNUPGHOME */ |
| 22 | } gpg_config_t; |
| 23 | |
| 24 | /* Function prototypes */ |
| 25 | |
| 26 | /** |
| 27 | * Initialize GPG manager with specified mode |
| 28 | */ |
| 29 | int gpg_manager_init(gpg_config_t *gpg_config, gpg_mode_t mode); |
| 30 | |
| 31 | /** |
| 32 | * Cleanup GPG manager |
| 33 | */ |
| 34 | void gpg_manager_cleanup(gpg_config_t *gpg_config); |
| 35 | |
| 36 | /** |
| 37 | * Switch to account's GPG configuration with proper isolation |
| 38 | * - Sets appropriate GNUPGHOME if using isolated mode |
| 39 | * - Configures git signing key |
| 40 | * - Enables/disables git commit signing |
| 41 | * - Validates key exists and is usable |
| 42 | */ |
| 43 | int gpg_switch_account(gpg_config_t *gpg_config, const account_t *account); |
| 44 | |
| 45 | /** |
| 46 | * Create isolated GNUPGHOME for account |
| 47 | * - Creates directory with proper permissions (700) |
| 48 | * - Imports account's GPG key if available |
| 49 | * - Sets up basic GPG configuration |
| 50 | */ |
| 51 | int gpg_create_isolated_home(gpg_config_t *gpg_config, const account_t *account); |
| 52 | |
| 53 | /** |
| 54 | * Import GPG key from file or keyserver |
| 55 | * - Supports ASCII-armored and binary key formats |
| 56 | * - Validates key after import |
| 57 | * - Sets trust level appropriately |
| 58 | */ |
| 59 | int gpg_import_key(gpg_config_t *gpg_config, const char *key_source); |
| 60 | |
| 61 | /** |
| 62 | * Export GPG public key for backup/sharing |
| 63 | */ |
| 64 | int gpg_export_public_key(gpg_config_t *gpg_config, const char *key_id, |
| 65 | char *output, size_t output_size); |
| 66 | |
| 67 | /** |
| 68 | * List available GPG keys |
| 69 | */ |
| 70 | int gpg_list_keys(gpg_config_t *gpg_config, char *output, size_t output_size); |
| 71 | |
| 72 | /** |
| 73 | * Validate GPG key exists and is usable |
| 74 | * - Checks key exists in keyring |
| 75 | * - Verifies key is not expired |
| 76 | * - Tests signing capability if required |
| 77 | */ |
| 78 | int gpg_validate_key(gpg_config_t *gpg_config, const char *key_id); |
| 79 | |
| 80 | /** |
| 81 | * Configure git GPG signing |
| 82 | * - Sets user.signingkey |
| 83 | * - Enables/disables commit.gpgsign |
| 84 | * - Sets gpg.program if needed |
| 85 | */ |
| 86 | int gpg_configure_git_signing(gpg_config_t *gpg_config, const account_t *account, |
| 87 | git_scope_t scope); |
| 88 | |
| 89 | /** |
| 90 | * Test GPG signing by creating a test signature |
| 91 | */ |
| 92 | int gpg_test_signing(gpg_config_t *gpg_config, const char *key_id); |
| 93 | |
| 94 | /** |
| 95 | * Generate new GPG key for account |
| 96 | * - Creates key with account name and email |
| 97 | * - Uses secure key parameters |
| 98 | * - Exports public key for verification |
| 99 | */ |
| 100 | int gpg_generate_key(gpg_config_t *gpg_config, const account_t *account); |
| 101 | |
| 102 | /** |
| 103 | * Set environment variables for GPG operation |
| 104 | */ |
| 105 | int gpg_set_environment(const gpg_config_t *gpg_config); |
| 106 | |
| 107 | #endif /* GPG_MANAGER_H */ |