diff options
| author | Werner Koch <[email protected]> | 2019-03-06 13:09:57 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-03-06 13:09:57 +0000 |
| commit | 05eff1f6623c272fcabd4e238842afc832710324 (patch) | |
| tree | 55db8fcd43734c4087f24114f0b5358fad62de1c | |
| parent | doc: First take on instructions on how to init PIV cards (diff) | |
| download | gnupg-05eff1f6623c272fcabd4e238842afc832710324.tar.gz gnupg-05eff1f6623c272fcabd4e238842afc832710324.zip | |
agent: Default to extended key format.
* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(oEnableExtendedKeyFormat): Remove.
(opts): Make --enable-extended-key-format a dummy option. Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
--
Extended key format is supported since vesion 2.1.12 which should have
long been replaced by a newer version inh all installations. Thus for
2.3 we will make use of the extended-key-format by default.
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | agent/gpg-agent.c | 22 | ||||
| -rw-r--r-- | doc/gpg-agent.texi | 20 | ||||
| -rw-r--r-- | tools/gpgconf-comp.c | 3 |
3 files changed, 23 insertions, 22 deletions
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index e1c0e2b0b..27a3f7135 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -112,7 +112,7 @@ enum cmd_and_opt_values oCheckPassphrasePattern, oMaxPassphraseDays, oEnablePassphraseHistory, - oEnableExtendedKeyFormat, + oDisableExtendedKeyFormat, oUseStandardSocket, oNoUseStandardSocket, oExtraSocket, @@ -139,7 +139,9 @@ enum cmd_and_opt_values oAutoExpandSecmem, oListenBacklog, - oWriteEnvFile + oWriteEnvFile, + + oNoop }; @@ -251,7 +253,7 @@ static ARGPARSE_OPTS opts[] = { /* */ "@" #endif ), - ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"), + ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"), ARGPARSE_s_u (oS2KCount, "s2k-count", "@"), ARGPARSE_s_u (oS2KCalibration, "s2k-calibration", "@"), @@ -265,6 +267,10 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"), ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"), + /* Dummy options. */ + ARGPARSE_s_n (oNoop, "enable-extended-key-format", "@"), + + ARGPARSE_end () /* End of list */ }; @@ -825,7 +831,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.check_passphrase_pattern = NULL; opt.max_passphrase_days = MAX_PASSPHRASE_DAYS; opt.enable_passphrase_history = 0; - opt.enable_extended_key_format = 0; + opt.enable_extended_key_format = 1; opt.ignore_cache_for_signing = 0; opt.allow_mark_trusted = 1; opt.allow_external_cache = 1; @@ -900,9 +906,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.enable_passphrase_history = 1; break; - case oEnableExtendedKeyFormat: - opt.enable_extended_key_format = 1; - break; + case oDisableExtendedKeyFormat: opt.enable_extended_key_format = 0; break; case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break; @@ -936,6 +940,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) set_s2k_calibration_time (pargs->r.ret_ulong); break; + case oNoop: break; + default: return 0; /* not handled */ } @@ -1451,8 +1457,6 @@ main (int argc, char **argv ) GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); es_printf ("pinentry-timeout:%lu:0:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME); - es_printf ("enable-extended-key-format:%lu:\n", - GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); es_printf ("grab:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 3997d2046..770da17b0 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -585,16 +585,16 @@ local gpg-agent and use its private keys. This enables decrypting or signing data on a remote machine without exposing the private keys to the remote machine. -@anchor{option --enable-extended-key-format} -@item --enable-extended-key-format -@opindex enable-extended-key-format -This option creates keys in the extended private key format. Changing -the passphrase of a key will also convert the key to that new format. -Using this option makes the private keys unreadable for gpg-agent -versions before 2.1.12. The advantage of the extended private key -format is that it is text based and can carry additional meta data. -Note that this option also changes the key protection format to use -OCB mode. +@item --disable-extended-key-format +@opindex disable-extended-key-format +Since version 2.3 keys are created in the extended private key format. +Changing the passphrase of a key will also convert the key to that new +format. This new key format is supported since GnuPG version 2.1.12 +and thus there should be no need to disable it. However, this options +allows to revert to the old behaviour for new keys; be aware that keys +are never migrated back to the old format. The advantage of the +extended private key format is that it is text based and can carry +additional meta data. @anchor{option --enable-ssh-support} @item --enable-ssh-support diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 2ae79d91d..83283940c 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -508,9 +508,6 @@ static gc_option_t gc_options_gpg_agent[] = { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, "gnupg", "enable putty support", GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, - { "enable-extended-key-format", GC_OPT_FLAG_RUNTIME, GC_LEVEL_INVISIBLE, - NULL, NULL, - GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, { "Debug", GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, |