aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* tools,w32: Add resource and manifest files to all binaries.Beta-2.3.0-beta1598Werner Koch2021-02-2117-21/+378
| | | | --
* doc: Update NEWSWerner Koch2021-02-191-4/+56
| | | | --
* wkd: Install gpg-wks-client under bin and add wrapper for libexecWerner Koch2021-02-194-14/+22
| | | | | | | -- gpg-wks-client is a pretty useful command on the command line. Thus we now install it at bin and provide a compatibility wrapper.
* build: Remove now obsolete HAVE_NEWER_LIBGCRYPT AM conditional.Werner Koch2021-02-192-24/+25
| | | | | | | | * configure.ac (HAVE_NEWER_LIBGCRYPT): Remove conditional. * tools/Makefile.am (gpg_pair_tool_SOURCES): We build it always. -- This is because we require libgcrypt 1.9 anyway.
* scd: Minor tweak for easier backportingWerner Koch2021-02-193-23/+30
| | | | | | | | * scd/app-common.h (APP_CARD): New. Use it in app-*.c to access app->card. -- This should help to make backporting to 2.2 easier.
* po: Update Japanese Translation.NIIBE Yutaka2021-02-191-288/+173
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Unified the term "message" in the German translationWerner Koch2021-02-181-43/+43
| | | | | | | -- Using "Botschaft" as we used to do is better than "Nachricht" as used in tofu and some other places.
* po: Update German translationWerner Koch2021-02-181-285/+169
| | | | --
* po: update-poWerner Koch2021-02-1826-14768/+23383
| | | | --
* scd:piv: Fix a typo in a string.Werner Koch2021-02-181-2/+2
| | | | --
* po: Change translatability of a fallback string.Werner Koch2021-02-181-4/+4
| | | | | * agent/call-pinentry.c (setup_genpin): Do not make the fallback translatable.
* po: Update all po files from 2.2.27Werner Koch2021-02-1826-21535/+26838
| | | | --
* po: Update POTFILESWerner Koch2021-02-181-0/+2
| | | | --
* speedo: Update w32 stuff from 2.2Werner Koch2021-02-185-37/+81
| | | | | | | | | | | | * build-aux/speedo.mk: Update from 2.2. Add target w32-msi-release. * build-aux/speedo/w32/inst.nsi: Fix location of doc files. * build-aux/speedo/w32/wixlib.wxs: Add gpg-card and fix a wrong name. * Makefile.am (release): Support a WITH_MSI variable. (wixlibfile): Improve copying to archive. (release): Use AMTAR instead of TAR. -- Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.Werner Koch2021-02-175-22/+40
| | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds extension. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with hostname - which is NULL and thus the same if not given. Fix minor error in error code handling. -- Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet been officially regisetered. Thus for correctness the OID can be used: 1.3.6.1.4.1.11591.2.5 LDAP URL extensions 1.3.6.1.4.1.11591.2.5.1 gpgNtds=1 (auth. with current user) Note that the value must be 1; all other values won't enable AD authentication and are resevered for future use. This has been cherry-picked from the 2.2 branch, commit 55f46b33df08e8e0ea520ade5f73b321bc01d705 Signed-off-by: Werner Koch <[email protected]>
* build: Update gpg-error.m4 again.NIIBE Yutaka2021-02-161-11/+33
| | | | | | * m4/gpg-error.m4: Update from libgpg-error. Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update gpg-error.m4.NIIBE Yutaka2021-02-151-6/+6
| | | | | | * m4/gpg-error.m4: Update from libgpg-error. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Comment spell fix.NIIBE Yutaka2021-02-121-2/+2
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update gpg-error.m4.NIIBE Yutaka2021-02-121-46/+42
| | | | | | | | * m4/gpg-error.m4: Update from libgpg-error. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Fix library dependency of g13 test program.NIIBE Yutaka2021-02-121-1/+1
| | | | | | | | * g13/Makefile.am (t_common_ldadd): Add GPG_ERROR_LIBS. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Add NEWS with news from the 2.2 series.Werner Koch2021-02-112-45/+188
| | | | --
* doc: Improve the gpg-card man page.Werner Koch2021-02-112-6/+200
| | | | --
* gpg: Do not allow old cipher algorithms for encryption.Werner Koch2021-02-107-16/+92
| | | | | | | | | | | | | | | | | | | * g10/gpg.c: New option --allow-old-cipher-algos. (set_compliance_option): Set --rfc4880bis explictly to SHA256 and AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440. * g10/options.h (opt): Add flags.allow_old_cipher_algos. * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note unless in --quiet mode. * g10/encrypt.c (setup_symkey): Disallow by default algos with a blocklengt < 128. (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES. * g10/pkclist.c (algo_available): Take care of old cipher also. (select_algo_from_prefs): Use AES as implicit algorithm by default. * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos. -- GnuPG-bug-id: 3415
* Remove obsolete M4 macros.Werner Koch2021-02-103-361/+1
| | | | | | | | * m4/gnupg-pth.m4: Remove. * m4/libcurl.m4: Remove. -- Both macros are not used for ages.
* Require GpgRT version 1.41.Werner Koch2021-02-104-46/+6
| | | | | | | | | | | | | | * configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION and set to 1.41. * common/sysutils.c (gnupg_access): Remove code for older gpgrt versions. * kbx/backend-sqlite.c: Ditto. * sm/gpgsm.c (main): Ditto. -- We already have a requirement for a newer Libgcrypt and thus we can also require a more recent libgpgrt (aka libgpg-error) which was released before Libgcrypt.
* build: Make make distcheck work again.Werner Koch2021-02-091-1/+1
| | | | | | | * m4/Makefile.am (EXTRA_DIST): Remove isc-posix.m4 -- Fixes-commit: d66fb3aa53a6c4a815fe35a15e3c61886c5df628
* tools: Remove the symcryptrun tool.Werner Koch2021-02-097-1179/+3
| | | | | | | | | | | | | * tools/symcryptrun.c: Remove. * tools/Makefile.am: Ditto. * doc/tools.texi: Remove man page. * configure.ac: Remove build option and tests used only by this tool. * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Do not build symcryptrun. -- symcryptrun is too ancient to be of any use and has not been tested in many years. Thus we should not distribute it anymore.
* gpg: Fix selection of key.NIIBE Yutaka2021-02-051-1/+3
| | | | | | | | | * g10/getkey.c (pubkey_cmp): Handle the case of TRUST_EXPIRED. -- GnuPG-bug-id: 4713 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Remove support for PKA.Werner Koch2021-02-0217-464/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oPrintPKARecords): Remove. (opts): Remove --print-pka-records. (main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff. * g10/options.h (EXPORT_DANE_FORMAT): Remove. (VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove. (KEYSERVER_HONOR_PKA_RECORD): Remove. * g10/packet.h (pka_info_t): Remove. (PKT_signature): Remove flags.pka_tried and pka_info. * g10/parse-packet.c (register_known_notation): Remove "[email protected]". * g10/pkclist.c (check_signatures_trust): Remove PKA stuff. * g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove. * g10/export.c (parse_export_options): Remove "export-pka". (do_export): Adjust for this. (write_keyblock_to_output): Ditto. (do_export_stream): Ditto. (print_pka_or_dane_records): Rename to ... (print_dane_records): this and remove two args. Remove PKA printing. * g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed pka_info field. * g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy. * g10/keyserver.c: Remove "honor-pka-record". (keyserver_import_pka): Remove. * g10/mainproc.c (get_pka_address): Remove. (pka_uri_from_sig): Remove. (check_sig_and_print): Remove code for PKA. -- PKA (Public Key Association) was a DNS based key discovery method which looked up fingerprint by mail addresses in the DNS. This goes back to the conference where DKIM was suggested to show that we already had a better method for this available with PGP/MIME. PKA was was later superseded by an experimental DANE method and is today not anymore relevant. It is anyway doubtful whether PKA was ever widely used. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove more or less useless tool gpgcompose.Werner Koch2021-02-022-3128/+0
| | | | | | | | * g10/gpgcompose.c: Remove -- This tool duplicated a lot of code and was hard to maintain. IIRC, it was part of some Univerity assignment and of no real use anymore.
* gpg: Remove experimental feature to export w/o user-ids.Werner Koch2021-02-024-84/+7
| | | | | | | | | * g10/options.h (IMPORT_DROP_UIDS, EXPORT_DROP_UIDS): Remove. * g10/import.c (parse_import_options): Remove option import-drop-uids. (import_one_real): Remove drop uids code. (remove_all_uids): Remove function. * g10/export.c (parse_export_options): Remove option export-drop-uids. (do_export_one_keyblock): Remove drop uids code.
* card: List keys of pkcs#15 cards.Werner Koch2021-02-021-0/+19
| | | | | * tools/gpg-card.c (list_p15): New. (list_card): Call it.
* scd:p15: Read PuKDF and minor refactoring.Werner Koch2021-02-021-85/+447
| | | | | | | | | | | | | * scd/app-p15.c (pukdf_object_t): New. (struct app_local_s): Add field public_key_info. (release_pukdflist): New. (select_and_read_record): No diagnostic in case of not_found. (read_first_record): New. Factored out from the read_ef_ fucntions. (read_ef_pukdf): New. Basically a copy of read_ef_prkdf for now. (read_p15_info): Also read the public keys. (cardtype2str): New. (read_ef_tokeninfo): Print a string with the cardtype.
* sm: Add a few OIDs and merge OID tables.Werner Koch2021-02-011-52/+44
| | | | | | | | | | * sm/keylist.c (OID_FLAG_KP): New. (key_purpose_map): Merge into ... (oidtranstbl): this. (get_oid_desc): New arg 'matchflag'. Use function in place of direct access to key_purpose_map. Signed-off-by: Werner Koch <[email protected]>
* Include the library version in the compliance checks.Werner Koch2021-01-286-17/+69
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_gcrypt_is_compliant): New. (gnupg_rng_is_compliant): Also check library version. * g10/mainproc.c (proc_encrypted): Use new function. (check_sig_and_print): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/verify.c (gpgsm_verify): Ditto -- This will eventually allow us to declare Libgcrypt 1.9 to be de-vs compliant. GnuPG can use this information then for its own checks. As of now GnuPG tests the version of the used library but that is a bit cumbersome to maintain. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Make file selection more robust.Werner Koch2021-01-271-37/+60
| | | | | | | | | | | | | | | | | | | * scd/app-p15.c: Include host2net.h. (DEFAULT_HOME_DF): New. (select_and_read_binary): Replace slot by app. Change callers. Use select_ef_by_path. (select_and_read_record): ditto. (select_ef_by_path): Make use use the home_df. (parse_certid): Adjust for always set home_df. (print_tokeninfo_tokenflags): Ditto. (app_select_p15): Take the home_df from the FCI returned by select. -- This uses modern APDUs and always selectd starting at the PCKS-15 home DF. We could have made this much simpler but the goal is to keep support for older cards although we can't test that easily. Signed-off-by: Werner Koch <[email protected]>
* scd: Define new status wordWerner Koch2021-01-274-9/+17
| | | | | | | | * scd/apdu.h (SW_NO_CURRENT_EF): New. -- This merely to show better diagnostics. Used for example by CardOS 5.3.
* scd:p15: Factor the commonKeyAttributes parser out.Werner Koch2021-01-271-134/+206
| | | | | | | * scd/app-p15.c (read_ef_prkdf): Fix detection of unsupported key objects. Factor some code out to ... (parse_common_key_attr): new. --
* gpg: Fix ugly error message for an unknown symkey algorithm.Werner Koch2021-01-271-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown algorithm. -- Trying to encrypt data created with printf "\x8c\x49\x05\x0e\x0a\x03\x01" fails in version 2.2.19 with gpg: packet(3) with unknown version 5 but with later versions with gpg: encrypted with unknown algorithm 14 gpg: Ohhhh jeeee: ... this is a bug \ ([...]/passphrase.c:433:passphrase_to_dek) so we better catch this case earlier. Reported-by: Tavis Ormandy Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Factor the commonObjectAttributes parser out.Werner Koch2021-01-261-139/+112
| | | | | | * scd/app-p15.c (parse_common_obj_attr): New. (read_ef_prkdf): Use new function. (read_ef_aodf): Ditto.
* scd:p15: First step towards real CardOS 5 support.Werner Koch2021-01-264-76/+218
| | | | | | | | | | | | | | | | | | | | * scd/iso7816.c (iso7816_select_path): Add arg from_cdf. * scd/app-nks.c (do_readkey): Adjust for this change. * scd/app-p15.c (CARD_TYPE_CARDOS_53): New. (IS_CARDOS_5): New. (card_atr_list): Add standard ATR for CardOS 5.3. (select_and_read_binary): Remove the fallback to record read hack. (select_and_read_record): New. (select_ef_by_path): Rework and support CardOS feature. (read_ef_prkdf): Use read record for CardOS. (read_ef_cdf): Ditto. (read_ef_aodf): Ditto. Also fix bug in the detection of other unsupported attribute types. (verify_pin): Use IS_CARDOS_5 macro. (app_select_p15): Force direct method for CardOS. Signed-off-by: Werner Koch <[email protected]>
* agent: Support ssh-agent extensions for environment variables.Werner Koch2021-01-252-4/+120
| | | | | | | | | | | | | | | * common/session-env.c (session_env_list_stdenvnames): Extend to allow return all names as one string. * agent/command-ssh.c (SSH_REQUEST_EXTENSION): New. (SSH_RESPONSE_EXTENSION_FAILURE): New. (request_specs): Add handler for the extension command. (ssh_handler_extension): New. -- The extension mechanism is specified in https://tools.ietf.org/html/draft-miller-ssh-agent-04 Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Show the ATR as part of the TokenInfo diagnostics.Werner Koch2021-01-211-0/+12
| | | | | | | | | * scd/app-p15.c (read_ef_tokeninfo): Print the ATR in verbose mode. -- It is convenient to see the ATR close to the other info, Signed-off-by: Werner Koch <[email protected]>
* Require Libgcrypt 1.9Werner Koch2021-01-1911-63/+24
| | | | | | | | | | | * configure.ac: Require at least Libgcrypt 1.9.0. Remove all GCRYPT_VERSION_NUMBER dependent code. -- Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in RFC4880bis. Signed-off-by: Werner Koch <[email protected]>
* tools: Add option --clock to watchgnupgWerner Koch2021-01-121-1/+28
| | | | | | * tools/watchgnupg.c (print_fd_and_time) [ENABLE_LOG_CLOCK]: Use clock_gettime. (print_version): New option --clock.
* po: Update Simplified Chinese Translation.bobwxc2021-01-121-49/+47
| | | | | | | -- GnuPG-bug-id: 5189 Signed-off-by: bobwxc <[email protected]>
* gpg,w32: Fix gnupg_remove.Werner Koch2021-01-113-1/+132
| | | | | | | | | | | | | | | | | | | | | | | * common/sysutils.c (map_w32_to_errno): New. (gnupg_w32_set_errno): New. (gnupg_remove) [w32]: Set ERRNO -- To support Unicode gnupg_remove was changed to use DeleteFileW and not properly tested because the code was alreadt used in Windows CE. However, ERRNO was not set and thus Dirmngr failed due to if (!gnupg_remove (fname)) log_info (_("removed stale te[...] file '%s'\n"), fname); else if (errno != ENOENT) { err = gpg_error_from_syserror (); log_error (_("problem remov[...] file '%s': %s\n"), fname, gpg_strerror (err)); goto leave; } GnuPG-bug-id: 5230
* I meant "SHA-2 digests" in the previous commit.Ingo Klöcker2021-01-060-0/+0
| | | | GnuPG-bug-id: 5184
* scd:nks: Add support for signing plain SHA-3 digests.Ingo Klöcker2021-01-061-17/+67
| | | | | | | | | | | * scd/app-nks.c (do_sign): Handle plain SHA-3 digests and verify encoding of ASN.1 encoded hashes. -- This makes it possible to create CSRs for NetKey card keys which are signed with SHA256 by default. GnuPG-bug-id: 5184
* po: Fix Simplified Chinese Translation.NIIBE Yutaka2021-01-051-2/+2
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 10:54:02 +0000