aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* tools: Fix gpg-pair-tool to follow new API.gniibe/x25519NIIBE Yutaka2019-09-191-15/+6
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Don't prepare G in gpg-pair-tool.NIIBE Yutaka2019-09-191-2/+1
| | | | | | * tools/gpg-pair-tool.c (create_dh_keypair): Use NULL for G. Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Use new API of libgcrypt for gpg-pair-tool.NIIBE Yutaka2019-09-191-67/+21
| | | | | | | | | * tools/gpg-pair-tool.c (create_dh_keypair): Just use gcry_random_bytes for secret. Call gcry_ecc_mul_point with G to get the public key. (compute_master_secret): Use gcry_ecc_mul_point. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,pcsc: Use HANDLE for context and card.NIIBE Yutaka2019-09-171-28/+34
| | | | | | * scd/apdu.c (HANDLE): New. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Remove old fallback logic from CCID to PC/SC.gniibe/T4620NIIBE Yutaka2019-09-121-12/+5
| | | | | | * scd/apdu.c (apdu_dev_list_start): Return an error on failure. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,pcsc: Support "reader-port" option for PC/SC reader.NIIBE Yutaka2019-09-121-29/+34
| | | | | | | * scd/apdu.c (apdu_open_reader): Skip use of a reader if it's not the one specified when it is specified. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,pcsc: Remove the restriction of no-scanning in PC/SC.NIIBE Yutaka2019-09-113-12/+3
| | | | | | | | * scd/apdu.h (app_open_reader): Remove the last argument. * scd/apdu.c (app_open_reader): Ditto. * scd/app.c (select_application): Don't supply APP_EMPTY. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,pcsc: Fix examining the list of readers.NIIBE Yutaka2019-09-111-5/+13
| | | | | | * scd/apdu.c (apdu_dev_list_start): Traverse the string+NUL carefully. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,pcsc: Fix for initializing PC/SC.NIIBE Yutaka2019-09-111-9/+13
| | | | | | | * scd/apdu.c (pcsc_init): Load it at first. (apdu_open_reader): Check for the CCID internal driver. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,pcsc: Support multiple card readers.NIIBE Yutaka2019-09-111-180/+217
| | | | | | | | | | | * scd/apdu.c (close_pcsc_reader, apdu_init): Clear pcsc.rdrname. (pcsc_init): Load of PC/SC module moved from ... (open_pcsc_reader): ... here. (apdu_dev_list_start): Add support for PC/SC. (apdu_dev_list_finish): Likewise. (apdu_open_reader): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,pcsc: Use a single context.NIIBE Yutaka2019-09-111-26/+46
| | | | | | | | | | | | | | * scd/apdu.c (pcsc): New variable. (struct reader_table_s): Remove pcsc.context from member. (pcsc_get_status, connect_pcsc_card): Use pcsc.context. (close_pcsc_reader): Release pcsc.context here with reference count. (pcsc_init): New. (open_pcsc_reader): Don't call pcsc_establish_context here. Call close_pcsc_reader instead of pcsc_release_context. (apdu_open_reader): Call pcsc_init if needed. (apdu_init): Initialize pcsc.count and pcsc.context. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clean up the structure for future fix of PC/SC.NIIBE Yutaka2019-09-113-18/+23
| | | | | | | | | | | | * scd/apdu.c (struct dev_list): Rename from ccid_table, with void*. (open_ccid_reader): Follow the change. (apdu_dev_list_start, apdu_dev_list_finish): Likewise. (apdu_open_reader): Likewise. * scd/ccid-driver.c (ccid_dev_scan): Use void *. (ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise. * scd/ccid-driver.h: Change the APIs. Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Fix distchek for generated eps fileAndre Heinecke2019-09-101-2/+2
| | | | | | | | | | | * doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Add gnupg-module-overview.eps, gnupg-card-architecture.eps (DISTCLEANFILES): Remove them. -- The files needs to be added so that it is properly included in the dist tarball. As the rule for it was moved into maintainer mode by 58bab1a.
* gpg: expand GPG groups when resolving a keyStephan Mueller2019-09-065-52/+99
| | | | | | | | | | | | | | | | | | | | | | | | * g10/expand-group.c: New * g10/pkclist.c: Extract expand_group and expand_id into expand-group.c. * g10/keydb.h: Add prototypes of expand_id and expand_group. * g10/getkey.c: Use expand_group before resolving key references. * g10/Makefile.am: Compile expand-group.c. -- When searching a key by its name, try to expand the provided name in case it is a GPG group reference. This GPG group resolution is performed before the individual keys are verified. This allows key listing using a GPG group reference. In particular, this modification fixes the encryption to group support in KDE's Kmail which is broken since version 18.04. Signed-off-by: Stephan Mueller <[email protected]> - Changed new filename to use a dash instead of an underscore. - Indendation changes. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make --quiet work on --send-keys.Werner Koch2019-09-061-3/+4
| | | | | | | | * g10/keyserver.c (keyserver_put): Act upon --quiet. -- Suggested-by: Robin H. Johnson <[email protected]> Signed-off-by: Werner Koch <[email protected]>
* gpg: Prepare parser for the new attestation certificates.Werner Koch2019-09-054-14/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgpdefs.h (SIGSUBPKT_ATTST_SIGS): New. * g10/keydb.h (IS_ATTST_SIGS): New. (IS_CERT): Include the new one. * g10/sign.c (mk_notation_policy_etc): Do not put notations into attestation key signatures. * g10/parse-packet.c (dump_sig_subpkt): Add new arg digest_algo. Print the attestation sigs. (parse_one_sig_subpkt): Support SIGSUBPKT_ATTST_SIGS. (can_handle_critical): Ditto. (enum_sig_subpkt): Pass digest algo to dump_sig_subpkt. -- This change allows to list the new subpacket with --list-packets. Example output: :signature packet: algo 22, keyid C694723A1370EAB1 version 4, created 1567097576, md5len 0, sigclass 0x16 digest algo 8, begin of digest ff 0c hashed subpkt 2 len 4 (sig created 2019-08-29) hashed subpkt 37 len 32 (attst-sigs: 1 A794C6E9CCFE2F34C67E07[...]) hashed subpkt 33 len 21 (issuer fpr v4 156A3872[...]) subpkt 16 len 8 (issuer key ID C694723A1370EAB1) data: [256 bits] data: [256 bits] GnuPG-bug-id: 4694 Signed-off-by: Werner Koch <[email protected]>
* gpg: Rework the signature subpacket iteration function.Werner Koch2019-09-0512-114/+114
| | | | | | | | | | | | * g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args so that the entire signature packet is available. Change all callers. (parse_sig_subpkt): Ditto. -- This patch is a prerequisite to support the new attestation key signatures. Signed-off-by: Werner Koch <[email protected]>
* scd: Implement auto-switching between Yubikey apps.Werner Koch2019-09-051-34/+105
| | | | | | | | | | | | | * scd/app.c (apptype_from_keyref): New. (maybe_switch_app): Add arg 'keyref' and use this also for switching. Change all callers to pass a keyref if needed. -- A drawback of this auto-switching is that the PIN cache of the cards are cleared. That could be mitigated by having our own cache but we always tried to avoid that. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Avoid PIN caching issues after re-select.Werner Koch2019-09-051-0/+6
| | | | | | | | | | | * scd/app-openpgp.c (do_reselect): Clear PIN cache flags. -- It seems that the verification status of the OpenPGP app on a Yubikey is reset on a select. We need to reflect this in our cache to avoid a "Bad PIN" error on computing a signature. Signed-off-by: Werner Koch <[email protected]>
* doc: Update description of --debugWerner Koch2019-09-055-81/+23
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* scd:piv: Allow the keygrip as alternative to a keyref.Werner Koch2019-09-051-2/+22
| | | | | | * scd/app-piv.c (find_dobj_by_keyref): Allow the keygrip as input. Signed-off-by: Werner Koch <[email protected]>
* scd: Improve locking of app_do_with_keygrip.Werner Koch2019-09-051-10/+24
| | | | | | * scd/app.c (app_do_with_keygrip): Lock once per card. Signed-off-by: Werner Koch <[email protected]>
* scd: New debug flag "app".Werner Koch2019-09-053-27/+97
| | | | | | | | | | | | * scd/scdaemon.h (DBG_APP_VALUE, DBG_APP): New. * scd/scdaemon.c (debug_flags): Add "app". * scd/app.c (xstrapptype): New. (app_readcert, app_readkey, app_getattr): Add debug output. (app_setattr, app_sign, app_auth): Ditto. (app_writecert, app_writekey, app_change_pin): Ditto. (app_check_pin): Ditto. Signed-off-by: Werner Koch <[email protected]>
* agent: Fix ask_for_card to allow a key on multiple cards.NIIBE Yutaka2019-09-051-83/+36
| | | | | | | | * agent/divert-scd.c (ask_for_card): Don't use SERIALNO to select card, but use KEYGRIP. GnuPG-bug-id: 4695 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: New sub-command cmd_has_option for GETINFO.Werner Koch2019-09-041-1/+55
| | | | | | * scd/command.c (cmd_getinfo): Add cmd_has_option sub-command. Signed-off-by: Werner Koch <[email protected]>
* scd: Add option --all to the SERIALNO command.Werner Koch2019-09-042-11/+105
| | | | | | | | | | | | | | | | | | | | * scd/command.c (cmd_serialno): Add option --all. (open_card_with_request): Implement that option. * scd/app.c (select_all_additional_applications_internal): New. (select_additional_application): Add mode to call new function. -- This option is currently only useful for Yubikeys and basically ignored with other cards. Its use is SERIALNO --all LEARN --force --multi which will then print keypairinfo and other stuff for the OpenPGP and PIV application of a Yubikey. Scute is going to use this to allow using certificates from OpenPGP and PIV at the same time. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix Error checking in additioal app selection.Werner Koch2019-09-041-2/+3
| | | | | | | | | | * scd/app.c (select_additional_application): Return error for unknown NAME. -- ERR was only set but not used. Signed-off-by: Werner Koch <[email protected]>
* scd: Add option --multi to the LEARN command.Werner Koch2019-09-043-19/+61
| | | | | | | | | | | | | | | | * scd/app-common.h (APP_LEARN_FLAG_MULTI): New. * scd/command.c (cmd_learn): Add option --multi. * scd/app.c (app_write_learn_status): Factor some code out to ... (write_learn_status_core): new. (app_write_learn_status): Implement flag --multi. -- This new option is intended to return information about all active applications of the current card. Thus if a "SERIALNO openpgp" and a "SERIALNO piv" has been done in a session the command "LEARN --force --multi" returns information about both applications. Signed-off-by: Werner Koch <[email protected]>
* scd: Use a macro for the flag parameter of learn_status.Werner Koch2019-09-047-7/+12
| | | | | | | | | | | | * scd/app-common.h (APP_LEARN_FLAG_KEYPAIRINFO): New flag macro.. * scd/command.c (cmd_learn): Pass that flag instead of a plain number. * scd/app-nks.c (do_learn_status_core): Use new flag. * scd/app-p15.c (do_learn_status): Ditto. * scd/app-piv.c (do_learn_status): Ditto. * scd/app-sc-hsm.c (do_learn_status): Ditto. * scd/app.c (app_write_learn_status): Ditto. Signed-off-by: Werner Koch <[email protected]>
* doc: Fix grammar error.Werner Koch2019-08-301-1/+1
| | | | | -- GnuPG-bug-id: 4691
* gpg,sm: Implement keybox compression run and release lock in gpgsmWerner Koch2019-08-232-3/+19
| | | | | | | | | | | | | * g10/keydb.c (keydb_add_resource): Call keybox_compress. * sm/keydb.c (keydb_add_resource): Release the lock after a compress. -- Note that in gpgsm we already did the compress run but we didn't released the lock on the file. This might have been a reason for some strange hangs. GnuPG-bug-id: 4644 Signed-off-by: Werner Koch <[email protected]>
* kbx: Include deleted records into the --stats output.Werner Koch2019-08-231-1/+6
| | | | | | | | | | | * kbx/keybox-dump.c (_keybox_dump_file): Take deleted records in account. -- This also changes the numbering of the records to reflect the real record number. Signed-off-by: Werner Koch <[email protected]>
* kbx: Fix regression in compression trigger from July 18Werner Koch2019-08-231-2/+2
| | | | | | | | | | | * kbx/keybox-update.c (keybox_compress): Change condition back. Also use make_timestamp for CUT_TIME. -- Fixes-commit: 824ca6f042dc69edaf67bf9d4e875be75babab00 Note that the original change was not backported to 2.2. Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow --locate-external-key even with --no-auto-key-locate.Werner Koch2019-08-233-1/+35
| | | | | | | | | | | | | | | * g10/getkey.c (akl_empty_or_only_local): New. * g10/gpg.c (DEFAULT_AKL_LIST): New. (main): Use it here. (main) <aLocateExtKeys>: Set default AKL if none is set. -- This better matches the expectations of the user. The used list in this case is the default list ("local,wkd") with local ignored by the command anyway. GnuPG-bug-id: 4662 Signed-off-by: Werner Koch <[email protected]>
* gpg: Silence some warning messages during -Kv.Werner Koch2019-08-233-10/+17
| | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (glo_ctrl): Add flag silence_parse_warnings. * g10/keylist.c (list_all): Set that during secret key listsings. * g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do not print info message normally emitted inh verbose mode. (can_handle_critical_notation, enum_sig_subpkt): Ditto. (parse_signature, parse_key, parse_attribute_subpkts): Ditto. -- Those messages are annoying because they might be emitted due to parsing public keys which are latter not shows because the secret part is missing. No functional regressions are expected because --verbose should not change anything. Note that this suppression is only done if no arguments are given to the command; that is if a listing of the entire keyring is requested. Thus to see the earnings anyway, a listing of a single or group of keys can be requested. GnuPG-bug-id: 4627 Signed-off-by: Werner Koch <[email protected]>
* gpg: Do not show two informational diagnostics with quiet.Werner Koch2019-08-232-2/+7
| | | | | | | | | | | | * g10/trustdb.c (verify_own_keys): Silence informational diagnostic. -- This silences these notes with --quiet gpg: Note: RFC4880bis features are enabled. gpg: key EE65E8C75D41FD1D marked as ultimately trusted GnuPG-bug-id: 4634 Signed-off-by: Werner Koch <[email protected]>
* gpgconf: Suggest the use of --gpgconf-test on --launch problems.Werner Koch2019-08-231-1/+1
| | | | | | | | * tools/gpgconf-comp.c (gc_component_launch): Change suggestion. -- GnuPG-bug-id: 4668 Signed-off-by: Werner Koch <[email protected]>
* gpg: Extend --quick-gen-key for creating keys from a card.Werner Koch2019-08-222-58/+270
| | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and support the special algo "card". (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP. Handle the "card" algo. Adjust callers. (parse_algo_usage_expire): Add arg R_KEYGRIP. (quickgen_set_para): Add arg KEYGRIP and put it into the parameter list. (quick_generate_keypair): Handle algo "card". (generate_keypair): Also handle the keygrips as returned by parse_key_parameter_string. (ask_algo): Support ed25519 from a card. -- Note that this allows to create a new OpenPGP key from an initialized OpenPGP card or from any other supported cards. It has been tested with the TCOS Netkey card. Right now a stub file for the cards might be needed; this can be achieved by running "gpgsm --learn" with the card plugged in. Example: gpg --quick-gen-key [email protected] card Signed-off-by: Werner Koch <[email protected]>
* gpg: Use modern spelling for the female salutation.Werner Koch2019-08-222-4/+4
| | | | | | | -- GnuPG-bug-id: 4682 Signed-off-by: Werner Koch <[email protected]>
* gpg: Factor export_ssh_key.NIIBE Yutaka2019-08-221-90/+100
| | | | | | | * g10/export.c (export_one_ssh_key): Factor out. (export_ssh_key): Use export_one_ssh_key. Signed-off-by: NIIBE Yutaka <[email protected]>
* dns: Fix irrelevant use of tmpfile.NIIBE Yutaka2019-08-221-2/+0
| | | | | | | * dirmngr/dns.c (dns_trace_open): Don't use tmpfile. GnuPG-bug-id: 4228 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: In a list of card keys show the standard keys.Werner Koch2019-08-212-3/+27
| | | | | | | | | | * g10/keygen.c (ask_algo): Identify the standard keys. -- The asterisks mark the usages of a key as retruned by scd via the $AUTHKEYID et al. attributes. Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Extend keypairinfo with usage flags.Werner Koch2019-08-211-0/+11
| | | | | | | * scd/app-nks.c (do_learn_status_core): Return usage. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0a9053eff0406c6799ee201013194200c0ed3487)
* scd:nks: Support attributes $ENCRKEYID and $SIGNKEYID.Werner Koch2019-08-211-4/+20
| | | | | | | | | | * scd/app-nks.c (do_getattr): Add new attributes. -- Note that these were already added to 2.2 as part of commit 23784f8bf0ac6d6c52cb2de2f99f46017a92c11a Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --use-only-openpgp-cardWerner Koch2019-08-214-1/+22
| | | | | | | | | | | | | | | | * g10/gpg.c (opts): Add option. (main): Set flag. * g10/options.h: Add flags.use_only_openpgp_card. * g10/call-agent.c (start_agent): Implement option. -- With the previous patch we switch to autoselect an application instead of requesting an openpgp card. This option allows to revert this in case of use use cases which expected the former behaviour. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c185f6dfbd1bfd809369da789239a371e9d1610e) This was first added to the 2.2 branch.
* scd: Fix check_application_conflict.NIIBE Yutaka2019-08-211-0/+6
| | | | | | | * scd/scd/app.c (check_application_conflict): Compare APPTYPE. Fixes-commit: 5a5288d051a551a1a8f169225e62572f6ee8cb10 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix selecting additional APP.NIIBE Yutaka2019-08-211-28/+59
| | | | | | | | | | * scd/app.c (select_additional_application_internal): Factor out. (select_additional_application): Getting the lock and call select_additional_application_internal, set current_apptype, then. (select_application): Call select_additional_application_internal for Yubikey. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix how select_additional_application is called.NIIBE Yutaka2019-08-211-10/+3
| | | | | | | * scd/app.c (check_application_conflict): Check against current APP. (select_additional_application): Update current_apptype of CTRL. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix resetting CARD_CTX.NIIBE Yutaka2019-08-213-17/+4
| | | | | | | | | | | | | | | * scd/app.c (deallocate_card): Don't call scd_clear_current_app. (card_reset): Reset ctrl->current_apptype. * scd/command.c (open_card_with_request): Likewise. (send_client_notifications): Likewise. (scd_clear_current_app): Remove. -- It's too late to call scd_clear_current_app from deallocate_card, because CARD_CTX is already reset. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix switching to another APP.NIIBE Yutaka2019-08-211-4/+9
| | | | | | | | * scd/app.c (select_additional_application): Initialize card of APP. Break after the selection. Don't free APP if success. Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-10 18:45:15 +0000