aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* po: Auto-updateWerner Koch2019-02-1225-53/+124
| | | | --
* sm: In --gen-key with "key from card" show also the algorithm.Werner Koch2019-02-111-1/+21
| | | | | | | | | | | | | | | | | | | | | | | | | * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo. -- This extends the prompt to show something like Serial number of the card: FF020001008A77F6 Available keys: (1) 4130F84FA3704F4645924AEC3FFA48AD26D33656 PIV.9A nistp384 (2) AB2988FB8C227BCD5175BF92F66AA3A95AE83214 PIV.9E rsa2048 (3) DB7DDAEAA88534BA45CCD7A9B761425103EA2090 PIV.9C rsa2048 (4) BABB48C3D80ACCF9839F101DF2910966C8B988DF PIV.9D nistp256 Your selection? 1 Having the algorithm here is helpful in particular because right now we support only RSA with X.509. Take care: PIV card based certificate creation does not yet work. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0328976c94adc2c518c7a7763a35319a0000c5e2) Note that 2.2 does not support PIV cards, but the feature also works also with other cards.
* common: Provide function to get public key algo names in our format.Werner Koch2019-02-112-0/+59
| | | | | | | | | | | | | | | * common/sexputil.c (pubkey_algo_string): New. -- The new gpg format for public key algorithms is useful at other places as well. Thus we make this new function available. Note that the code we use in gpg is not based on s-expressions and thus a new function was required. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 03bf8e967adb2dd13329ba1089deb419d49e55c0) Not yet used in 2.2 but will likely be needed by future backports.
* common: New functions get_option_value and ascii_strupr.Werner Koch2019-02-114-1/+71
| | | | | | | | | | | * common/server-help.c (get_option_value): New. * common/stringhelp.c (ascii_strupr): New. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e2f18023b3b3b7e55b35218f65e37448d1011172) This might come handy when we eventually backport other changes.
* scd: Make app_genkey and supporting ISO function more flexible.Werner Koch2019-02-116-19/+24
| | | | | | | | | | | | | | | | | | | | * scd/app.c (app_genkey): Add arg keytype. * scd/app-common.h (struct app_ctx_s): Fitto for the genkey member. * scd/command.c (cmd_genkey): Adjust for change. * scd/iso7816.c (do_generate_keypair): Replace arg read_only by new args p1 and p2. (iso7816_read_public_key): Adjust for this. (iso7816_generate_keypair): Add new args p1 and p2. * scd/app-openpgp.c (do_genkey): Adjust for changes. -- The OpenPGP card creates keys according to parameters read from a data object. Other cards we are about to implement require a direct specification of the requested keytype. This patch implements the required changes. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c)
* scd: Fix parameter name of app_change_key.Werner Koch2019-02-112-7/+10
| | | | | | | | | | | | * scd/app-common.h (APP_GENKEY_FLAG_FORCE): New. * scd/app.c (app_change_pin): Rename arg reset_mode to flags and change from int to unsigned int. -- This is basically a documentation fix. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c26af8ac263ea006ed32e110a09271e4bfbf1f37)
* scd: Allow standard keyref scheme for app-openpgp.Werner Koch2019-02-113-2/+16
| | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with "OPENPGP." -- The generic keyref allows for better error detection in case a keyref is send to a wrong card. This has been taken from master commit 3231ecdafd71ac47b734469b07170756979ede72 which has additional changed for gpg-card-tool, which is only available there. Signed-off-by: Werner Koch <[email protected]>
* gpg: Emit an ERROR status if no key was found with --list-keys.Werner Koch2019-02-111-0/+1
| | | | | | | | * g10/keylist.c (list_one): Emit status line. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 140fda8c61422ec055c3f7e214cc35706c4320dd)
* po: Update Japanese translation.NIIBE Yutaka2019-02-061-5/+7
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Clear bogus pinentry cache, when it causes an error.NIIBE Yutaka2019-02-063-21/+39
| | | | | | | | | | | | | | | | | | | | * agent/agent.h (PINENTRY_STATUS_*): Expose to public. (struct pin_entry_info_s): Add status. * agent/call-pinentry.c (agent_askpin): Clearing the ->status before the loop, let the assuan_transact set ->status. When failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns soon. * agent/findkey.c (unprotect): Clear the pinentry cache, when it causes an error. -- Cherry-picked from master commit of: 02a2633a7f0b7d91aa48ea615fb3a0edfd6ed6bb Debian-bug-id: 919856 GnuPG-bug-id: 4348 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix initialization of assuan's nPth hook.NIIBE Yutaka2019-02-061-1/+1
| | | | | | | | | | | | * dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to... (thread_init): ... here. -- Cherry picked master commit of: 1f8817475f59ede3f28f57edc10ba56bbdd08b49 Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Update Polish translationJakub Bogusz2019-01-311-2704/+1372
| | | | --
* gpg: Allow generating Ed25519 key from an existing key.Werner Koch2019-01-301-0/+1
| | | | | | | | | | | * g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping. -- Due to this missing mapping a "gpg --export --full-gen-key" with selection "13 - Existing key" did not worked for an ed25519 key. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 346a98fabe03adf2e202e36fc2aa24b1c2571154)
* gpg: Implement searching keys via keygrip.Werner Koch2019-01-295-24/+204
| | | | | | | | | | | | | | | | | | | | * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip. * kbx/keybox-openpgp.c (struct keyparm_s): New. (keygrip_from_keyparm): New. (parse_key): Compute keygrip. * kbx/keybox-search.c (blob_openpgp_has_grip): New. (has_keygrip): Call it. -- This has been marked for too long as not yet working. However, it is a pretty useful feature and will come pretty handy when looking for all keys matching one keygrip. Can be optimized a lot by storing the keygrip in the meta data. This will be done along with the upgrade of KBX for v5 fingerprints. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c128667b3cba749dd14262e032d4c260a2b0acd3)
* common: Provide some convenient OpenPGP related constants.Werner Koch2019-01-292-5/+11
| | | | | | | | | | | * common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New. (OPENPGP_MAX_NSKEY): New. (OPENPGP_MAX_NSIG): New. (OPENPGP_MAX_NENC): New. * g10/packet.h: Define PUBKEY_MAX using the new consts. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)
* common: New helper functions for OpenPGP curve OIDs.Werner Koch2019-01-293-34/+66
| | | | | | | | | | | | | | | | * common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out to ... (openpgp_oidbuf_to_str): new. (openpgp_oidbuf_is_ed25519): New. (openpgp_oidbuf_is_cv25519): New. -- At some places it is more convenient (and faster) to directly work on buffers and avoid the way via opaque MPIs. These 3 new functions allow for that. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 4a1558d0c7190cf13d35385e47291a7aa121be3e)
* doc: Mark keyserver-options timeout and http-proxy as obsolete.Werner Koch2019-01-221-25/+5
| | | | | | -- (cherry picked from commit 6c000d4b78b836686e5a2789cc88a41e465e4400)
* scd: Add option --clear to PASSWD.Werner Koch2019-01-227-6/+46
| | | | | | | | | | | | | | | | * scd/command.c (cmd_passwd): Add option --clear. (send_status_printf): New. * scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New. * scd/app-nks.c (do_change_pin): Return an error if that option is used. * scd/app-openpgp.c (do_change_pin): Ditto. -- Card application may support this option to clear the PIN verification status of a specific PIN. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 29929e65521279eabc98a67c766fe485057405a9)
* scd: One new and one improved 7816 function.Werner Koch2019-01-226-27/+90
| | | | | | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): New arg R_SW. * scd/command.c (cmd_apdu): Ditto. * scd/iso7816.c (iso7816_apdu_direct): New arg R_SW. (iso7816_general_authenticate): New. * scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new arg. -- iso7816_general_authenticate will be used for the PIV card support. The new arg to iso7816_apdu_direct and apdu_send_direct allows to get the raw status word back without the need to handle an output buffer. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 70bb5c7931598590b1acfae90bf4657f5911d2d3)
* ssh: Simplify the curve name lookup.Werner Koch2019-01-221-84/+54
| | | | | | | | | | | | | | | | | | | | | | * agent/command-ssh.c (struct ssh_key_type_spec): Add field alt_curve_name. (ssh_key_types): Add some alternate curve names. (ssh_identifier_from_curve_name): Lookup also bey alternative names and return the canonical name. (ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve instead of the explicit mapping. (ssh_receive_key): Likewise. Use ssh_identifier_from_curve_name to validate the curve name. Remove the reverse mapping because since GnuPG-2.2 Libgcrypt 1.7 is required. (ssh_handler_request_identities): Log an error message. -- This change will make it easier to support other curves, in particular those from tokens. Libgcrypt has a large list of alias names which we now use to to make the mapping more flexible. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d93797c8a7892fe26672c551017468e9f8099ef6)
* gpg: Stop early when trying to create a primary Elgamal key.Werner Koch2019-01-221-0/+7
| | | | | | | | | | | | | | * g10/misc.c (openpgp_pk_test_algo2): Add extra check. -- The problem is that --key-gen --batch with a parameter file didn't detect that Elgamal is not capable of signing and so an error was only triggered at the time the self-signature was created. See the code comment for details. GnuPG-bug-id: 4329 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8)
* scd: Fix for USB INTERRUPT transfer.NIIBE Yutaka2019-01-161-2/+1
| | | | | | | | | | | | | | | | | * scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE, just handle this event as failure. -- Cherry-picked from master commit: 5ab3bc422a5cc1a646c168b547f2b6538b3a4ffa It used to try another interrupt transfer request to make sure if it fails again. GnuPG-bug-id: 4308 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix message for ACK button.NIIBE Yutaka2018-12-191-13/+35
| | | | | | | | | | | * agent/divert-scd.c (getpin_cb): Display correct message. -- Cherry-picked master commit of: 4ed941ff26783c4fabfe2079029f8e436eb7e340 Signed-off-by: NIIBE Yutaka <[email protected]>
* Silence compiler warnings new with gcc 8.Werner Koch2018-12-182-5/+24
| | | | | | | | | | | | * dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc. * tests/gpgscm/scheme.c: Include gpgrt.h. (Eval_Cycle): Ignore -Wimplicit-fallthrough. -- The funny use of case and labels in the CASE macro seems confuse the fallthrough detection. Signed-off-by: Werner Koch <[email protected]>
* wks: Do not use compression for the encrypted data.Werner Koch2018-12-182-0/+2
| | | | | | | | | | | | | | | | | | | * tools/gpg-wks-client.c (encrypt_response): Add arg -z0. * tools/gpg-wks-server.c (encrypt_stream): Ditto. -- If for example a server was built without the development packages of the compression libraries installed, the server will not be able to decrypt a request. In theory this can't happen due to the preference system but it is just to easy to create the server's key using a different version of gpg and then use gpg-wks-server built differently. For the short messages we exchange compression is not really required and thus we better do without to make the system more robust. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 70a8db0333e3c22403b3647f8b5f924f6dace719)
* po: Update Japanese translation.NIIBE Yutaka2018-12-181-3/+2
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support "acknowledge button" feature.NIIBE Yutaka2018-12-187-1/+97
| | | | | | | | | | | | | | | | | | * scd/apdu.c (set_prompt_cb): New member function. (set_prompt_cb_ccid_reader): New function. (open_ccid_reader): Initialize with set_prompt_cb_ccid_reader. (apdu_set_prompt_cb): New. * scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb. * ccid-driver.c (ccid_set_prompt_cb): New. (bulk_in): Call ->prompt_cb when timer extension. * scd/command.c (popup_prompt): New. -- Cherry-picked master commit of: 7a5a4c4cac8709f7c413e94cd0b40f4123baa1e5 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Support --ack option for POPUPPINPADPROMPT.NIIBE Yutaka2018-12-181-1/+1
| | | | | | | | | | | | | | | | | | * agent/divert-scd.c (getpin_cb): Support --ack option. -- Cherry-picked master commit of: 827529339a4854886dbb5625238e7e01013efdcd We are now introducing "acknowledge button" feature to scdaemon, so that we can support OpenPGPcard User Interaction Flag. We will (re)use the mechanism of POPUPPINPADPROMPT for this. Perhaps, we will change the name of POPUPPINPADPROMPT, since it will be no longer for PINPAD only. Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2018-12-142-1/+5
| | | | --
* Release 2.2.12gnupg-2.2.12Werner Koch2018-12-142-9/+38
|
* po: Auto-updateWerner Koch2018-12-1426-318/+472
| | | | --
* New simplified Chinese translationChuhao Li2018-12-141-4271/+2609
| | | | | | | | -- Signed-off-by: Werner Koch <[email protected]> This is a complete rework of the original file from 1.4.
* agent: Make the S2K calibration time runtime configurable.Werner Koch2018-12-114-9/+43
| | | | | | | | | | | | | | | | | | | * agent/protect.c (s2k_calibration_time): New file global var. (calibrate_s2k_count): Use it here. (get_calibrated_s2k_count): Replace function static var by ... (s2k_calibrated_count): new file global var. (set_s2k_calibration_time): New function. * agent/gpg-agent.c (oS2KCalibration): New const. (opts): New option --s2k-calibration. (parse_rereadable_options): Parse that option. -- Note that using an unrelistic high value (like 60000) takes quite some time for calibration. GnuPG-bug-id: 3399 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit cbcc8c19541fe8407f3b6588fce1535c64cf6b25)
* agent: compile-time configuration of s2k calibration.Daniel Kahn Gillmor2018-12-112-4/+12
| | | | | | | | | | | * configure.ac: add --with-agent-s2k-calibration=MSEC, introduces AGENT_S2K_CALIBRATION (measured in milliseconds) * agent/protect.c (calibrate_s2k_count): Calibrate based on AGENT_S2K_CALIBRATION. Signed-off-by: Daniel Kahn Gillmor <[email protected]> GnuPG-bug-id: 3399 (cherry picked from commit 926d07c5fa05de05caef3a72b6fe156606ac0549)
* dirmngr: Retry another server from the pool on 502, 503, 504.Werner Koch2018-12-111-7/+33
| | | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg http_status and handle it. (ks_hkp_search): Get http_status froms end_request and pass on to handle_send_request_error. (ks_hkp_get): Ditto. (ks_hkp_put): Ditto. -- GnuPG-bug-id: 4175 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 05ef6282784495a77f4faf76c0de5bc85dfecf06)
* dirmngr: New function http_status2string.Werner Koch2018-12-112-0/+26
| | | | | | | | | | * dirmngr/http.c (http_status2string): New. -- Right now only the standard 5xx codes. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit dc61f4ecea5c9815cb00aeb25439978337c1fd64)
* gpg: In search-keys return "Not found" instead of "No Data".Werner Koch2018-12-111-1/+3
| | | | | | | | | * g10/keyserver.c (keyserver_search): Check for NO_DATA. -- GnuPG-bug-id: 3830 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e7252ae57f3c9da557f23295268f74dd25fee3a1)
* tools: Use POSIX compatible arguments for findTomi Leppänen2018-12-111-1/+1
| | | | * tools/addgnupghome (filelist): Remove bashism.
* scd: Make "learn" report about KDF data object.NIIBE Yutaka2018-12-062-0/+6
| | | | | | | | | | * scd/app-openpgp.c (do_learn_status): Report KDF attr. * g10/card-util.c (current_card_status): Output KDF for with_colons. -- Backport of master commit: 05d163aebc04db109ec5e004eb04a4b3796f6421 Signed-off-by: NIIBE Yutaka <[email protected]>
* card: Display if KDF is enabled or not.NIIBE Yutaka2018-12-063-2/+12
| | | | | | | | | | | * g10/call-agent.h (kdf_do_enabled): New field. * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available. * g10/card-util.c (current_card_status): Inform the availability. -- Cherry pick of master commit: a5542a4a702c2210facf58a98bc8d3d16089b6ab Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix memory leak for --card-status.NIIBE Yutaka2018-12-061-4/+3
| | | | | | | | | * g10/card-util.c (card_status): Release memory of serial number. -- Cherry pick of master commit: fe8b6339542f3b1228b5fd56fc710ea3b07a3a2b Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix print_pubkey_info new line output.NIIBE Yutaka2018-12-051-1/+1
| | | | | | | | | | | | | | | * g10/keylist.c (print_pubkey_info): Reverse the condition. -- This mistakes were introduced when replacing by estream. It resulted 'gpg --card-status' from a process with no controlling terminal fails. Fixes-commit: fb2ba98963beea249474f5d6d7345cf9b4b7f570 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit e154fba30ba0d5f29040a33f5c1b5c25b441b69f)
* gpg: New list-option "show-only-fpr-mbox".Werner Koch2018-12-054-1/+65
| | | | | | | | | | | | | | | | * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox". * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New. * g10/keylist.c (list_keyblock_simple): New. (list_keyblock): Call it. (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX mode. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49) * g10/keylist.c (list_keyblock_simple): Remove optional arg from mailbox_from_userid
* wks: Fix filter expression syntax flaw.Werner Koch2018-12-051-4/+10
| | | | | | | | | | | | | | * tools/wks-util.c (wks_get_key, wks_filter_uid): The filter expression needs a space before the value. (install_key_from_spec_file): Replace es_getline by es_read_line and remove debug output. -- A value of starting with '<' was considered an invalid operator due to our tokenization method. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0c36ec241d285545f286069843de4f663cd274a3)
* wks: Allow reading of --install-key arguments from stdin.Werner Koch2018-12-054-10/+81
| | | | | | | | | | * tools/wks-util.c (install_key_from_spec_file): New. (wks_cmd_install_key): Call it. * tools/gpg-wks-client.c (main): Allow --install-key w/o arguments. * tools/gpg-wks-server.c (main): Ditto. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)
* wks: Create sub-directoriesWerner Koch2018-12-051-5/+25
| | | | | | | | * tools/wks-util.c (wks_compute_hu_fname): Stat and create directory if needed. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0)
* wks: Add new commands --install-key and --remove-key to the client.Werner Koch2018-12-052-0/+68
| | | | | | | | | | | | | | | * tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New. (opts): Add "--install-key", "--remove-key" and "-C". (parse_arguments): Parse them. (main): Check that the given directory exists. Implement the new commands. -- These commands maybe useful to prepare a WKD directory on a non-Unix box using the standard wks client. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 602b1909632925d5a2e0778c102d66109795c627)
* wks: Move a few server functions to wks-util.Werner Koch2018-12-053-309/+317
| | | | | | | | | | | | | | | | * tools/gpg-wks-server.c (write_to_file): Move to ... * tools/wks-util.c: here. * tools/gpg-wks-server.c (compute_hu_fname): Move to ... * tools/wks-util.c (wks_compute_hu_fname): here. * tools/gpg-wks-server.c (fname_from_userid): Move to ... * tools/wks-util.c (wks_fname_from_userid): here. * tools/gpg-wks-server.c (command_install_key): Move to ... * tools/wks-util.c (wks_cmd_install_key): here and change caller. * tools/gpg-wks-server.c (command_remove_key): Move to ... * tools/wks-util.c (wks_cmd_remove_key): here and change callers. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89)
* g10/mainproc: disable hash contexts when --skip-verify is usedJussi Kivilinna2018-12-051-3/+8
| | | | | | | | | * g10/mainproc.c (proc_plaintext): Do not enable hash contexts when opt.skip_verify is set. -- Signed-off-by: Jussi Kivilinna <[email protected]> (cherry picked from commit 73e74de0e33bbb76300f96a4174024779047df06)
* common/iobuf: fix memory wiping in iobuf_copyJussi Kivilinna2018-12-051-1/+6
| | | | | | | | | * common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of first sizeof(char*) bytes. -- Signed-off-by: Jussi Kivilinna <[email protected]> (cherry picked from commit 654e353d9b20f10fa275e7ae10cc50480654f079)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 01:55:43 +0000