aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.5.3gnupg-2.5.3Werner Koch2025-01-091-2/+2
|
* po: msgmerge runWerner Koch2025-01-0927-37/+362
| | | | --
* Remove the default keyserver.Werner Koch2025-01-084-6/+7
|
* doc: One typo fix.Werner Koch2025-01-082-1/+6
| | | | | -- GnuPG-bug-id: 7479
* Stronger deprecate the --supervised option.Werner Koch2025-01-084-20/+21
| | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (opts): Rename option supervised. * dirmngr/dirmngr.c (opts): Ditto. -- The --supervised way to start gpg-agent has been deprecated for 2.5 years and will probably entirely removed with version 2.6.0. To allow its use until its removal the systemd service description need to be adjusted to use this option. The reason for the deprecation are conflicts with the way systemd starts gpg-agent and gpg expects how gpg-agent is started. In particular gpg expects that the gpg-agent matching its own version is started. Further the systemd way is not portable to other platforms and long term experience on Windows has show that the standard way of starting gpg-agent is less error prone. Note to those who want to re-introduse this option: Pretty please do not use socket names conflicting with our standard socket names. For example use /run/user/1000/foo-gnupg/S.gpg-agent.
* Update README and copyright years.Werner Koch2025-01-084-8/+37
| | | | --
* gpg: Print a warning if the card backup key could not be written.Werner Koch2025-01-081-4/+14
| | | | | | | | * g10/keygen.c (card_write_key_to_backup_file): Fix error handing by removing the RC variable. Add warning note. -- GnuPG-bug-id: 2169
* gpg: Force the use of AES-256 in some casesDamien Goutte-Gattat via Gnupg-devel2025-01-062-4/+25
| | | | | | | | | | | | | | | | | | | | | | * g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if PQC encryption was required or if all recipient keys are Kyber keys. -- If --require-pqc-encryption was set, then it should be safe to always force AES-256, without even checking if we are encrypting to Kyber keys (if some recipients do not have Kyber keys, --require-pqc-encryption will fail elsewhere). Otherwise, we force AES-256 if we encrypt *only* to Kyber keys -- unless the user explicitly requested another algo, in which case we assume they know what they are doing. GnuPG-bug-id: 7472 Signed-off-by: Damien Goutte-Gattat <[email protected]> Man page entry extended Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow smaller session keys with KyberDamien Goutte-Gattat via Gnupg-devel2025-01-061-6/+2
| | | | | | | | | * g10/pubkey-enc.c (get_it): Do not error out when decrypting a session key of less than 32 octets encrypted to a Kyber key. -- GnuPG-bug-id: 7472 Signed-off-by: Damien Goutte-Gattat <[email protected]>
* po: Update French translationbubu2025-01-021-1177/+820
| | | | | | | | | | | -- (proofread by the debian-l10n-french team) GnuPG-bug-id:7469 Changed original patch to use positional arguments for "un hachage de %1$u bits n'est pa[...]"
* po: Update Japanese Translation.NIIBE Yutaka2024-12-201-23/+15
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Use gpgrt_spawn_actions_set_env_rev to have clean semantics.NIIBE Yutaka2024-12-201-11/+3
| | | | | | | | | | * scd/app.c (report_change): Use gpgrt_spawn_actions_set_env_rev. -- It's UTF-8 string. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Clean up for the refactoring.NIIBE Yutaka2024-12-161-2/+2
| | | | | | | | | * agent/call-scd.c (agent_card_pkdecrypt): Remove unused variables. -- Fixes-commit: fe147645d2397dd77b646a253965c5994f360f26 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix key generation with existing key from card.NIIBE Yutaka2024-12-161-1/+1
| | | | | | | | | | | * g10/keygen.c (ask_algo): Fix condition. Continue the loop when failure. -- Fixes-commit: e7891225788ab5f6d050a06643b1f488c227771f GnuPG-bug-id: 7309, 7457 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Allow for longer signature subpackets.Werner Koch2024-12-091-7/+8
| | | | | | | | | | | | * g10/parse-packet.c (parse_signature): Increase the cap for hashed subpackets to 30000. Print the value in the error message. Do not return an error but skip a too long signature. -- The limit of 10000 served us well for decades but given the option to put a key into the signature, a larger limit will eventually be useful. The second part makes things a bit robust against rogue subpackets on a keyserver.
* speedo: Change the default to build a 64 bit versionWerner Koch2024-12-062-3/+4
| | | | | * build-aux/speedo.mk (W32VERSION): Default to 64 bit. * build-aux/speedo/w32/inst.nsi: Remove the doc dir.
* gpg: Silence expired trusted-key diagnostics in quiet mode.Werner Koch2024-12-052-4/+10
| | | | | | | * g10/trustdb.c (validate_keys): Take care of --quiet. -- GnuPG-bug-id: 7351
* Post release updatesWerner Koch2024-12-052-1/+5
| | | | --
* Release 2.5.2gnupg-2.5.2Werner Koch2024-12-052-3/+72
|
* po: Run msgmergeWerner Koch2024-12-0525-516/+940
| | | | --
* po: Update German translationWerner Koch2024-12-051-9/+35
| | | | --
* agent: Use SETDATA --apend for larger data to communicate scdaemon.NIIBE Yutaka2024-12-051-22/+31
| | | | | | | | | | | * agent/call-scd.c (prepare_setdata): New. (agent_card_pksign): Use prepare_setdata for SETDATA. (agent_card_pkdecrypt): Likewise. -- GnuPG-bug-id: 7436 Signed-off-by: NIIBE Yutaka <[email protected]>
* Require gpgrt 1.51Werner Koch2024-12-043-2/+6
| | | | | | | | | * configure.ac (NEED_GPGRT_VERSION): Bump to 1.51. * g10/keydb.c (internal_keydb_update_keyblock) [!USE_TOFU]: Mark an arg unused. * common/homedir.c (create_common_conf) [!BUILD_WITH_KEYBOXD]: Mark an arg unused.
* w32: Introduce Registry key GNUPG_ASSUME_COMPLIANCE.Werner Koch2024-12-041-0/+12
| | | | | | | | * common/compliance.c (get_assumed_de_vs_compliance): Also consider a registry entry. -- On Windows it is easier to set the registry key than to use an envvar.
* po: Update Portuguese Translation.Daniel Cerqueira2024-12-021-8/+31
| | | | Signed-off-by: Daniel Cerqueira <[email protected]>
* po: Update Traditional Chinese Translation.Kisaragi Hiu2024-11-251-832/+748
| | | | | | | | | | | | | | | -- - Follow conventions from other zh_TW user interfaces - Use "確定" for "OK" like KDE - Remove extra space between keyboard accelerator like in "取消(_C)" - Follow conventions of modern zh_TW - Character -> 字元 - 衹有 -> 「只」有 - Fix some "pinentry" translations Sometimes it was translated as an entry of PIN codes among a list and not the "pinentry" tool Signed-off-by: Kisaragi Hiu <[email protected]>
* gpg: Fix modifying signature data by pk_verify for Ed25519.NIIBE Yutaka2024-11-251-6/+21
| | | | | | | | | | | | | | | | * g10/pkglue.c (pk_verify): When fixing R and S, make sure those are copies. -- GnuPG-bug-id: 7426 Fixing-commit: 0a5a854510fda6e6990938a3fca424df868fe676 Signed-off-by: NIIBE Yutaka <[email protected]> Also avoid clearing the error by the S code of a failed mpi_print of R. Signed-off-by: Werner Koch <[email protected]>
* common: Change daemon startup timeout from 5 to 8 seconds.Werner Koch2024-11-251-3/+3
| | | | | | | | | | | * common/asshelp.c (SECS_TO_WAIT_FOR_AGENT): Change from 5 to 8 seconds. (SECS_TO_WAIT_FOR_KEYBOXD): Ditto. (SECS_TO_WAIT_FOR_DIRMNGR): Ditto. -- Experience on Windows showed that right after re-booting we may need some more time to get things up.
* gpg: Fix comparing ed448 vs ed25519 with --assert-pubkey-algo.Werner Koch2024-11-222-1/+25
| | | | | | | | * g10/keyid.c (extra_algo_strength_offset): New. (compare_pubkey_string_part): Use the mapping. -- GnuPG-bug-id: 6425
* doc: Explain that qualified.txt is a legacy method.Werner Koch2024-11-221-10/+14
| | | | --
* scd: No hard lock-up when apdu_connect never returns.NIIBE Yutaka2024-11-181-4/+15
| | | | | | | | | | | | * scd/app.c (new_card_lock): New. (select_application): Scanning is serialized by NEW_CARD_LOCK. For app_new_register, we hold the W-lock. (initialize_module): Initialize NEW_CARD_LOCK. -- GnuPG-bug-id: 7402 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: Include a minimal secure version in the --query-swdb output.Werner Koch2024-11-151-2/+7
| | | | * tools/gpgconf.c (query_swdb): Parse the new minver tag.
* gpg: Consider Kyber to be de-vs compliant.Werner Koch2024-11-141-13/+61
| | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant) <CO_DE_VS>: Consider Brainpool Kyber variants compliant. (gnupg_pk_is_allowed): Ditto. (assumed_de_vs_compliance): Remove variable. (get_assumed_de_vs_compliance): New. (get_compliance_cache): Use new accessor. (gnupg_status_compliance_flag): Ditto. -- Use GNUPG_ASSUME_COMPLIANCE=de-vs gpg --compliance=de-vs .... for testing. This returns 2023 instead of 23 to indicate the non-approval state. GnuPG-bug-id: 6638
* gpg: Allow "Kyber" as algorithm for the Subkey-Type keyword.Werner Koch2024-11-141-0/+2
| | | | | | | | * g10/keygen.c (get_parameter_algo): Make "KYBER" to PUBKEY_ALGO_KYBER. -- GnuPG-bug-id: 7397
* gpg: For composite algos add the algo string to the colons listings.Werner Koch2024-11-143-2/+20
| | | | | | | | * g10/keylist.c (list_keyblock_colon): Put the algo string into the curve field for Kyber. -- GnuPG-bug-id: 6638
* gpg: Add option to create Kyber with --full-gen-key.Werner Koch2024-11-132-8/+167
| | | | | | | | | | | | * g10/keygen.c (PQC_STD_KEY_PARAM_PRI, PQC_STD_KEY_PARAM_SUB): New. (PQC_STD_KEY_PARAM): Construct from above. (gen_kyber): Allow short curve names. (ask_algo): Add Entry for ecc+kyber. (ask_kyber_variant): New. (generate_keypair): Generate ECC primary and Kyber sub. -- GnuPG-bug-id: 6638
* gpgconf: Show also the used nPth version with -VWerner Koch2024-11-121-1/+4
| | | | | | | * dirmngr/dirmngr.c (gpgconf_versions): Get and show nPth version. -- Note that this requires nPth 1.8
* gpg-mail-tube: Fix content type for an attached non-plaintext.Werner Koch2024-11-121-2/+3
| | | | | | | | | * tools/gpg-mail-tube.c (mail_tube_encrypt): Fix content type for an attached message. -- We can't use message/rfc822 if we encrypt this message as a simple PGP file.
* scd: Clean up app_send_active_apps and app_send_card_list.NIIBE Yutaka2024-11-121-8/+6
| | | | | | | | | | | * scd/app.c (send_card_and_app_list): Only handle the case with WANTCARD=NULL. (app_send_card_list): Follow the change. (app_send_active_apps): Factor out the case with WANTCARD!=NULL. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix a memory leak.NIIBE Yutaka2024-11-111-0/+4
| | | | | | | | * scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix resource leaks on error paths.NIIBE Yutaka2024-11-112-4/+13
| | | | | | | | | | * scd/app-dinsig.c (do_readcert): Don't return directly but care about releasing memory. * scd/app-nks.c (readcert_from_ef): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Improve wording for only-pubkeys.Werner Koch2024-11-082-2/+3
| | | | | | | | * g10/import.c (parse_import_options): Add a description to only-pubkeys. -- See gnupg-devel for a brief discussion.
* gpgtar: Make sure to create upper directories for regular files.Werner Koch2024-11-072-31/+74
| | | | | | | | | | | | | | | | | | | | | | * tools/gpgtar-extract.c (extract_directory): Factor parent directory creation out to .. (try_mkdir_p): new. (extract_regular): Create directory on ENOENT. * g10/pubkey-enc.c (get_it): Use log_info instead of log_error if the public key was not found for preference checking. -- If tarball was created with tar cf tarball file1.txt foo/file2.txt the tarball has no entry for foo/ and thus the extraction fails. This patch fixes this. GnuPG-bug-id: 7380 The second patch avoid a wrong exist status status line due to the use of log_error. But the actual cause needs stuill needs tobe investigated.
* gpg-mail-type: Assume text/plain for missing content-type.Werner Koch2024-11-071-10/+14
| | | | | | | | | | * tools/gpg-mail-tube.c (mail_tube_encrypt): Rename var ct_text for clarity. Replace debug diagnostic by log_info. Assume text/plain for missing content-type. -- Without this fix we would create message/rfc822 attachment instead of a text/plain attachment with the encrypted body.
* gpgtar: Use log-file from common.conf only in --batch mode.Werner Koch2024-11-072-3/+7
| | | | | | | | * tools/gpgtar.c (main): Do it. -- This makes the interactive use of gpgtar more convenient and is more aligned to what gpg and gpgsm do.
* scd: Fix getinfo active_apps.NIIBE Yutaka2024-11-061-1/+3
| | | | | | | | | | * scd/app.c (send_card_and_app_list): Avoid locking recursively. -- Fixes-commit: 25a140542a9186a27b7df9cd3ca3d478b59cbf1b GnuPG-bug-id: 7323 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Serialize CARD access for send_card_and_app_list.NIIBE Yutaka2024-11-061-2/+7
| | | | | | | | | * scd/app.c (send_card_and_app_list): Lock the CARD. -- GnuPG-bug-id: 7323 Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Align German trustlist question to what we use in Kleopatra.Werner Koch2024-11-051-5/+2
| | | | | | | -- This replaces our long standing wedding style prompt to something more straight.
* gpg: Allow the use of an ADSK subkey as ADSK subkey.Werner Koch2024-10-314-10/+16
| | | | | | | | | | | | | | | | | | | | | | * g10/packet.h (PKT_public_key): Increased size of req_usage to 16. * g10/getkey.c (key_byname): Set allow_adsk in the context if ir was requested via req_usage. (finish_lookup): Allow RENC usage matching. * g10/keyedit.c (append_adsk_to_key): Adjust the assert. * g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey. -- If an ADSK is to be added it may happen that an ADSK subkey is found first and this should then be used even that it does not have the E usage. However, it used to have that E usage when it was added. While testing this I found another pecularity: If you do gpg -k ADSK_SUBKEY_FPR without the '!' suffix and no corresponding encryption subkey is dound, you will get an unusabe key error. I hesitate to fix that due to possible side-effects. GnuPG-bug-id: 6882
* agent: Fix status output for LISTTRUSTED.NIIBE Yutaka2024-10-311-2/+2
| | | | | | | | | | | * agent/trustlist.c (istrusted_internal): When LISTMODE is enabled, TRUSTLISTFPR status output should be done. -- GnuPG-bug-id: 7363 Signed-off-by: NIIBE Yutaka <[email protected]> Fixes-commit: 4275d5fa7a51731544d243ba16628a9958ffe3ce
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 08:52:54 +0000