aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* dirmngr: Support "ldap:///" for the current AD user.Werner Koch2020-12-173-15/+54
| | | | | | | | | | | * dirmngr/http.h (struct parsed_uri_s): Add field ad_current. * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current. -- Ported from 2.2. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Allow LDAP searches via fingerprint.Werner Koch2020-12-171-23/+41
| | | | | | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg serverinfo and allow searching by fingerprint. (ks_ldap_get, ks_ldap_search): First connect then create teh filter. -- With the new schema we can finally search by fingerprint.
* dirmngr: Finalize Active Directory LDAP SchemaWerner Koch2020-12-173-5/+7
| | | | | | | | -- With these modifications it is now possible to store and retrieve keys from an AD without manually tweaking the schema. Permissions need to be set manuallay, though.
* dirmngr: Store all version 2 schema attributes.Werner Koch2020-12-152-45/+88
| | | | | | | | | | * g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records. * dirmngr/ks-engine-ldap.c (extract_attributes): Add args extract-state and schemav2. Add data for the new schema version. remove the legacy code to handle UIDs in the "pub" line. (ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Remove superfluous attribute from the LDAP schema.Werner Koch2020-12-152-27/+10
| | | | | | | | | | | -- I accidently added a gpgSubCertID attribute not realizing that the pgpSubKeyID already carries the long keyid. Remove that. Note that the pgpkeyID has the short keyid and the long keyid has the name pgpCertID. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Support the new Active Directory schemaWerner Koch2020-12-144-110/+523
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants. (my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new serverinfo arg. Set the new info flags. (ks_ldap_get): Adjust for change. (ks_ldap_search): Ditto. (ks_ldap_put): Ditto. Replace xmalloc by xtrymalloc. Change the DN for use with NTDS (aka Active Directory). * doc/ldap/gnupg-ldap-init.ldif (pgpSoftware): Update definition of pgpVersion. * doc/ldap/gnupg-ldap-ad-init.ldif: New. * doc/ldap/gnupg-ldap-ad-schema.ldif: New. -- This is a first take on better Active Directory support. The main change for NTDS in the code is that the an top-RDN of CN is used instead of the old pgpCertID. More changes to come; for example using and storing the fingerprint. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Do not store the useless pgpSignerID in the LDAP.Werner Koch2020-12-144-25/+5
| | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the pgpSignerID. * g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records. -- The pgpSignerID has no use in the LDAP and thus don't store it. David's idea back in 2004 was /* This bit is really for the benefit of people who store their keys in LDAP servers. It makes it easy to do queries for things like "all keys signed by Isabella". */ See-commit: 3ddd4410aef928827e1c8d4fb02c1ccd3f8eaea5 I consider this dangerous because such a query is not able to validate the signature, does not get revocation signatures, and also has no information about the validity of the signatures. Further many keys are spammed tehse days with faked signatures and it does not make sense to blow up the LDAP with such garbage. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix adding keys to an LDAP server.Werner Koch2020-12-141-2/+2
| | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into addlist. -- The code used the wrong list which resulting in adding attributes marked for deletion. In particular Active Directory does not accept such an data and rejects them. The bug was introduced into 2.1 while porting the code from the old keyserver helpers to dirmngr. Fixes-commit: 51341badb623927f2a358588c725a356fc77dbe7 Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.NIIBE Yutaka2020-12-111-0/+22
| | | | | | | | | | * scd/app-nks.c (do_readkey): Allow KEYGRIP access. Support NKS-IDLM.XXXX keyref. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Factor out pubkey retrieval from keygrip handling.NIIBE Yutaka2020-12-111-84/+72
| | | | | | | * scd/app-nks.c (pubkey_from_pk_file): New. (keygripstr_from_pk_file): Use pubkey_from_pk_file. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Add support of KEYGRIP for do_readcert.NIIBE Yutaka2020-12-101-0/+18
| | | | | | | | | * scd/app-nks.c (do_readcert): Support KEYGRIP. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Factor out iteration over filelist.NIIBE Yutaka2020-12-101-78/+114
| | | | | | | * scd/app-nks.c (iterate_over_filelist): New. (do_with_keygrip): Use iterate_over_filelist. Signed-off-by: NIIBE Yutaka <[email protected]>
* wks-client: Improve an error messageWerner Koch2020-12-091-1/+1
| | | | | | | | | | * tools/gpg-wks-client.c (read_confirmation_request): Print trust letter. -- The trust letter gives a hint on what's wrong with the key. Signed-off-by: Werner Koch <[email protected]>
* scd:ccid:spr532: Extend abort_cmd for initialization time.NIIBE Yutaka2020-12-091-11/+18
| | | | | | | | | * scd/ccid-driver.c (abort_cmd): Add INIT argument to support synchronize until success, even ignoring timeout. (bulk_in): Normal use case of abort_cmd. (ccid_vendor_specific_init): Initial use case of abort_cmd. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup.NIIBE Yutaka2020-12-091-0/+1
| | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_setup): Only for SPR532, call libusb_clear_halt. -- GnuPG-bug-id: 5167 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR.NIIBE Yutaka2020-12-091-1/+0
| | | | | | | | | * scd/ccid-driver.c (ccid_setup_intr): Don't call libusb_clear_halt. -- GnuPG-bug-id: 5167 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:yubikey: Fix support of Yubikey NEO.NIIBE Yutaka2020-12-081-0/+3
| | | | | | * scd/app-openpgp.c (get_public_key): Yubikey NEO also has this issue. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Allow decryption with card but no file.NIIBE Yutaka2020-12-081-2/+5
| | | | | | | | | | * agent/pkdecrypt.c (agent_pkdecrypt): Support decryption with card but without a stub key. -- GnuPG-bug-id: 5170 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Clean up the API of agent_pkdecrypt.NIIBE Yutaka2020-12-082-24/+24
| | | | | | | * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Allow pksign operation with card but no file.NIIBE Yutaka2020-12-081-2/+4
| | | | | | | | | * agent/pksign.c (agent_pksign_do): Add support with no file. -- GnuPG-bug-id: 5166 Signed-off-by: Ingo Klöcker <[email protected]>
* gpg: Make quick-gen-key with algo "card" work for keys without keytimeIngo Klöcker2020-12-071-6/+4
| | | | | | | | | | | | | | | * g10/keygen.c (quick_generate_keypair): Set pCARDKEY flag if algostr is "card" or "card/...". -- For keys stored on NetKey cards or PIV cards we do not necessarily know the creation time. Therefore set the cardkey flag if the generation of a key from the keys available on the currently inserted smartcard is requested with the special algo "card" or, in case of the extended unattended mode, with an algo like "card/sign". GnuPG-bug-id: 5141 Signed-off-by: Ingo Klöcker <[email protected]>
* gpg,card: Allow no version information of Yubikey.NIIBE Yutaka2020-12-072-2/+4
| | | | | | | | | | * g10/call-agent.c (learn_status_cb): Assume >= 2 when no version. * tools/card-call-scd.c (learn_status_cb): Likewise. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Fix caching keygrip (more).NIIBE Yutaka2020-12-031-5/+7
| | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID. -- GnuPG-bug-id: 5150, 5161 Fixes-commit: 920154370834ad8d947aed19c9d914a27dde6baa Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix KEYINFO command with --data option.NIIBE Yutaka2020-12-031-4/+3
| | | | | | * scd/command.c (cmd_keyinfo): Handle --data option correctly. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix writing ECC key to card.NIIBE Yutaka2020-12-031-6/+27
| | | | | | | | | | * scd/app-openpgp.c (build_privkey_template): Adding another argument of ecc_d_fixed_len to handle variable-size MPI. -- GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: Better error message in case of a crippled Libgcrypt.Werner Koch2020-12-021-2/+10
| | | | * kbx/keybox-openpgp.c (keygrip_from_keyparm): Detect missing curve.
* doc: Add parameters for batch generation of ECC keys.Jens Meißner2020-12-011-0/+8
| | | | | | | | | | | * doc/gpg.texi: Add parameters for batch generation of ECC keys. -- There are parameters required for batch generation of ECC keys which weren't mentioned in the documentation. Signed-off-by: Jens Meißner <[email protected]>
* scd:nks: Minor additions to the basic IDLM application support.Werner Koch2020-11-301-15/+25
| | | | | | | | | | | | | * scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys. (keygripstr_from_pk_file): Handle special value. (do_readcert): Ditto. (do_writecert): Ditto. -- This allows to get information about the keys from the card. However the do_readkey still requires a fallback to readcert. This does not work because there are no certificates yet on the card. The fix is to fully implement do_readkey.
* card: Let the APDU command prints a description of the status word.Werner Koch2020-11-273-1/+43
| | | | | | | | * tools/card-call-scd.c (scd_apdu_strerror): New. * tools/gpg-card.c (cmd_apdu): Print a description. -- Pretty convenient to explore smartcards.
* scd: New getinfo sub-command apdu_strerror.Werner Koch2020-11-272-15/+28
| | | | | | | | | * scd/apdu.c (apdu_strerror): Add missing status codes. * scd/command.c (cmd_getinfo): New sub-command apdu_strerror. -- This is quite handy for gpg-card's APDU command and avoids that we need to duplicate the mapping table or put it into a shared file.
* card: Netkey improvement for passwd.Werner Koch2020-11-271-13/+22
| | | | | * tools/gpg-card.c (cmd_passwd) [Netkey]: No Standard/QES menu if the card does not support it. Print no error in cases the user canceled.
* scd:ccid-driver: Fix pinpad error handling for cancel/timeout.NIIBE Yutaka2020-11-274-2/+17
| | | | | | | | | | | | | | * scd/apdu.h (SW_HOST_UI_CANCELLED, SW_HOST_UI_TIMEOUT): New. * scd/ccid-driver.h (CCID_DRIVER_ERR_UI_CANCELLED): New. (CCID_DRIVER_ERR_UI_TIMEOUT): New. * scd/ccid-driver.c (bulk_in): Handle PIN input cancel/timeout error. * scd/iso7816.c (map_sw): Support SW_HOST_UI_CANCELLED and SW_HOST_UI_TIMEOUT. -- GnuPG-bug-id: 4614 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix YK s/n and prettify the request card prompt for YubikeysWerner Koch2020-11-263-38/+39
| | | | | | | | | | * agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey prompt. * scd/app.c (app_munge_serialno): Fix Yubikey s/n munging. (card_get_dispserialno): Ditto. * scd/app-openpgp.c (get_disp_serialno): Remove. (get_prompt_info): Use app_get_dispserialno.-- --
* scd: Do not try to use a non-enabled app after card switching.Werner Koch2020-11-261-2/+19
| | | | | | | | | | | | | * scd/app.c (app_dump_state): Also print the refcount. (maybe_switch_app): Make sure the app exists on the card. -- When switching the current card and the card does not support the same apps as the former, we now reset the app to the first one. Testcase is to use a standard OpenPGP card and a P15 card. Signed-off-by: Werner Koch <[email protected]>
* scd: Add special serialno compare for OpenPGP cards.Werner Koch2020-11-263-10/+45
| | | | | | | | | | | | | | | | | * scd/app.c (is_same_serialno): New. (check_application_conflict): Use this. (select_application): Ditto. (app_switch_current_card): Ditto. * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also compare case insensitive. -- This is required because we change what we emit as serialno of OpenPGP cards but existing keys still use the old form of the serial number (i.e. with a firmware version). See-commit: 3a8250c02031080c6c8eebd5dea03f5f87f9ddd7 Signed-off-by: Werner Koch <[email protected]>
* gpg: Report an error for receiving key from agent.NIIBE Yutaka2020-11-261-0/+1
| | | | | | | | | * g10/export.c (do_export_one_keyblock): Report an error. -- GnuPG-bug-id: 5151 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,nks: Fix caching keygrip.NIIBE Yutaka2020-11-261-3/+4
| | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if available. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Print the internal card type.Werner Koch2020-11-251-0/+8
| | | | * scd/app-p15.c (read_ef_tokeninfo): Print the internal card type.
* scd:p15: Improve support for some CardOS based cards.Werner Koch2020-11-253-14/+68
| | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and change callers. (iso7816_read_record): Factor all code out to ... (iso7816_read_record_ext): new. * scd/app-p15.c (select_and_read_binary): Fallback to record reading. (read_ef_aodf): Clear EOF error.
* g13: Add missing headerWerner Koch2020-11-251-0/+1
| | | | --
* scd: Rework the handling of the displayed serial number.Werner Koch2020-11-255-119/+178
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app.c (app_new_register): Call app_munge_serialno for Yubikeys. (app_munge_serialno): Handle Yubikey serial numbers. (card_get_serialno): Remove special Yubikey treatment. Drop arg is_canonical. (app_get_serialno): Clear ERRNO on error. (card_get_dispserialno): New. Also change formatting of Yubikey and OpenPGP numbers to match those printed on the card. (app_get_dispserialno): New. * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno. (yubikey_get_serialno): Remove. * scd/app-piv.c (get_dispserialno): Remove. (do_getattr): Use app_get_dispserialno. -- This patch gets us back to a unique serial number for cards and provides a stable serial number as printed for Yubikeys. Because we use a slightly different serial number now for Yubikeys and cards only supporting OpenPGP card we need to come up with another change so that the version number of OpenPGP serial numbers are ignored when comparing card serial numbers. This is so that existing stub keys of gpg-agent will continue to work. GnuPG-bug-id: 5100 Signed-off-by: Werner Koch <[email protected]>
* scd: Fix an error return for READKEY.NIIBE Yutaka2020-11-251-0/+3
| | | | | | | | | | * scd/command.c (cmd_readkey): Return when error. -- GnuPG-bug-id: 5150 Suggested-by: Ingo Klöcker Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,nks: Fix SEGV for learn for older card.NIIBE Yutaka2020-11-251-0/+1
| | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Set algostr. -- GnuPG-bug-id: 5144 Fixes-commit: 26da47ae53d51e16ae6867cd419ddbf124a94933 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Fix typosGavin L. Rebeiro2020-11-234-7/+7
| | | | | | | -- GnuPG-bug-id: 5071 Also fixed one in keyformat.txt [wk].
* gpg: Change API of agent_scd_serialno.NIIBE Yutaka2020-11-203-21/+13
| | | | | | | | | | * g10/call-agent.c (agent_scd_serialno): Extend API to allow with R_SERIALNO == NULL. * g10/card-util.c (card_status): Use NULL for agent_scd_serialno. (factory_reset): Likewise. * g10/skclist.c (build_sk_list): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix the previous comment changes help doc string.NIIBE Yutaka2020-11-203-3/+3
| | | | | | * scd/command.c (hlp_learn): Fix the doc string. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,agent: Fix comments for KEYPAIRINFO status report.NIIBE Yutaka2020-11-202-2/+2
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: Also print revision of libksba.Werner Koch2020-11-191-3/+4
| | | | | | | | | | | | * dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty string. (gpgconf_versions): Print ksba revision. -- The latest Libksba version support retrieving of the revision (commit) id. We now use that or print a question mark. Signed-off-by: Werner Koch <[email protected]>
* agent: Fix creating shadow key on card key generation.NIIBE Yutaka2020-11-191-3/+3
| | | | | | | | | * agent/command.c (cmd_readkey): Fix handling --card option. -- Fixes-commit: 9c719c9c1ff34cc06a0fef2bfe29cfd7182753eb Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix --card-edit command.NIIBE Yutaka2020-11-191-1/+2
| | | | | | | | | * g10/card-util.c (get_info_for_key_operation): Revert the change. -- Fixes-commit: 157f1de64e437cecd75335e9f4077ba9835e3da0 Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 19:46:22 +0000