aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.2.18gnupg-2.2.18Werner Koch2019-11-251-3/+3
|
* po: auto-updateWerner Koch2019-11-2526-774/+1247
| | | | --
* speedo: Tell makensis the used charset of the script.Andre Heinecke2019-11-251-1/+2
| | | | | | -- Adapted from the version in master.
* tests: Adjust for now invalid SHA-1 key signatures.Werner Koch2019-11-251-0/+1
| | | | | | | * tests/openpgp/defs.scm (create-gpghome): Add allow-weak-key-signatures. Signed-off-by: Werner Koch <[email protected]>
* po: Update German translationWerner Koch2019-11-251-31/+49
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* agent: Improve --debug-pinentry diagnosticsWerner Koch2019-11-251-19/+35
| | | | | | | | | | | | | | | * agent/call-pinentry.c (atfork_cb): Factor code out to ... (atfork_core): new. -- We convey certain envvars directly via the environment to Pinentry and thus they don't show up in the Assuan logging. Because we better don't call a logging function in an atfork handle, this patch splits the code up and uses the same code to display what was done in at fork after the connection has been established. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c8783b3a204b371d44b8953429652101cf2e4d1b)
* doc: Prepare a NEWS file for the next release.Werner Koch2019-11-241-0/+66
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* doc,dirmngr: Clarify --standard-resolver.Werner Koch2019-11-231-1/+2
| | | | | | | | -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c21267e1c7aab332ebcd26f27f7f9724839a8e3a) GnuPG-bug-id: 4547
* wkd: Let --install-key write a template policy file.Werner Koch2019-11-231-0/+83
| | | | | | | | | | * tools/wks-util.c (ensure_policy_file): New. (wks_cmd_install_key): Call it. -- GnuPG-bug-id: 4753 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 50cd1a58f3a612704a0056386e1d5cd7cb28d57d)
* doc: Clarify how to use --log-file in gpg.Werner Koch2019-11-181-1/+3
| | | | | | -- Note that in 2.3 --batch is not anymore required.
* dirmngr,gpg: Better diagnostic in case of bad TLS certificates.Werner Koch2019-11-183-7/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | * doc/DETAILS: Specify new status code "NOTE". * dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a bad TLS certificate. * g10/call-dirmngr.c (ks_status_cb): Detect this status. -- For example a gpg -v --locate-external-keys [email protected] now yields gpg: Note: server uses an invalid certificate gpg: (further info: bad cert for 'posteo.net': \ Hostname does not match the certificate) gpg: error retrieving '[email protected]' via WKD: Wrong name gpg: error reading key: Wrong name (without -v the "further info" line is not shown). Note that even after years Posteo is not able to provide a valid certificate for their .net addresses. Anyway, this help to show the feature. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Forward http redirect warnings to gpg.Werner Koch2019-11-185-1/+26
| | | | | | | | | | | | | | | | * dirmngr/http.c: Include dirmngr-status.h (http_prepare_redirect): Emit WARNING status lines for redirection problems. * dirmngr/http.h: Include fwddecl.h. (struct http_redir_info_s): Add field ctrl. * dirmngr/ks-engine-hkp.c (send_request): Set it. * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. -- This should make it easier to diagnose problems with bad WKD servers. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Factor some prototypes out to dirmngr-status.h.Werner Koch2019-11-184-9/+87
| | | | | | | | | | | | | * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (t_common_src): Add new file. -- This helps to backport changes from master. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fixed typo in recently added diagnostic.Werner Koch2019-11-182-2/+2
| | | | --
* scd,ccid: Add support of GEMPC_EZIO.NIIBE Yutaka2019-11-152-5/+20
| | | | | | | | | | | * scd/ccid-driver.h (GEMPC_EZIO): New. * scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO. -- This is backport from master. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Use IPv4 or IPv6 interface only if available.Werner Koch2019-11-124-3/+119
| | | | | | | | | | | | | | | * dirmngr/dns-stuff.c (cached_inet_support): New variable. (dns_stuff_housekeeping): New. (check_inet_support): New. * dirmngr/http.c (connect_server): Use only detected interfaces. * dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache. -- This currently works only for Windows but that is where users really ran into problems. The old workaround was to configure disable-ipv4 or disable-ipv6. Signed-off-by: Werner Koch <[email protected]>
* gpg: Forbid the creation of SHA-1 third-party key signatures.Werner Koch2019-11-111-7/+45
| | | | | | | | | | | | * g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New. (do_sign): Add arg signhints and inhibit SHA-1 signatures. Change callers to pass 0. (complete_sig): Add arg signhints and pass on. (make_keysig_packet, update_keysig_packet): Set signhints. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit dd18be979e138dd3712315ee390463e8ee1fe8c1)
* gpg: Add option --allow-weak-key-signatures.Werner Koch2019-11-116-4/+43
| | | | | | | | | | | | | | * g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e624c41dbafd33af82c1153188d14de72fcc7cd8)
* doc: Improved description of status PLAINTEXT_LENGTH.Werner Koch2019-11-071-1/+4
| | | | | | -- GnuPG-bug-id: 4741
* gpg: Fix a potential loss of key sigs during import with self-sigs-only.Werner Koch2019-11-072-7/+12
| | | | | | | | | | | | * g10/import.c (import_one_real): Don't do the final clean in the merge case. -- This fixes a regression introduced with self-sigs-only. GnuPG-bug-id: 4628 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 6701a38f8e4a35ba715ad37743b8505bfd089541)
* po: Fix an accidentally translated keyword in zh_TW.Werner Koch2019-11-042-3/+4
| | | | | | | -- GnuPG-bug-id: 4737 Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fix for gpg.texi in desc of --local-sigs.Werner Koch2019-10-171-1/+1
| | | | | | -- (Already fixed in master in January)
* gpg: Also delete key-binding signature when deleting a subkey.Werner Koch2019-10-151-16/+7
| | | | | | | | | * g10/delkey.c (do_delete_key): Simplify and correct subkey deletion. -- GnuPG-bug-id: 4665, 4457 Fixes-commit: d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a Signed-off-by: Werner Koch <[email protected]>
* Revert "gpg: The first key should be in candidates."NIIBE Yutaka2019-10-151-8/+1
| | | | | | This reverts commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Extend --quick-gen-key for creating keys from a card.Werner Koch2019-10-152-60/+280
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and support the special algo "card". (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP. Handle the "card" algo. Adjust callers. (parse_algo_usage_expire): Add arg R_KEYGRIP. (quickgen_set_para): Add arg KEYGRIP and put it into the parameter list. (quick_generate_keypair): Handle algo "card". (generate_keypair): Also handle the keygrips as returned by parse_key_parameter_string. (ask_algo): Support ed25519 from a card. -- Note that this allows to create a new OpenPGP key from an initialized OpenPGP card or from any other supported cards. It has been tested with the TCOS Netkey card. Right now a stub file for the cards might be needed; this can be achieved by running "gpgsm --learn" with the card plugged in. Example: gpg --quick-gen-key [email protected] card Signed-off-by: Werner Koch <[email protected]> Backported from master d3f5d8544fdb43082ff34b106122bbf0619a0ead which required to remove the extra key version args. GnuPG-bug-id: 4681 Signed-off-by: Werner Koch <[email protected]>
* po: Update Japanese translation.NIIBE Yutaka2019-10-151-20/+13
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: The first key should be in candidates.NIIBE Yutaka2019-10-151-1/+8
| | | | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Handle the first key as the initial candidate for the selection. -- Cherry-picked from master commit: 7535f1d47a35e30f736f0e842844555f7a4a9841 GnuPG-bug-id: 4713 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix a memory leak in get_best_pubkey_byname.NIIBE Yutaka2019-10-151-1/+4
| | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Free the public key parts. -- Cherry-picked from master commit: e28572116fe4c586ba9d1e8f27389bf3f06e036b Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Fix c+p bug in the examples for --import-filter.Werner Koch2019-10-121-5/+5
| | | | | | | -- Reported-by: Steve McIntyre Signed-off-by: Werner Koch <[email protected]>
* gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.Werner Koch2019-10-031-15/+27
| | | | | | | | | | | | * g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain SHA-1 based signatures. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4) Adjusted for changed added arguments in a function.
* gpg: Make --quiet work on --send-keys.Werner Koch2019-09-061-3/+4
| | | | | | | | * g10/keyserver.c (keyserver_put): Act upon --quiet. -- Suggested-by: Robin H. Johnson <[email protected]> Signed-off-by: Werner Koch <[email protected]>
* doc: Fix grammar error.Werner Koch2019-08-301-1/+1
| | | | | -- GnuPG-bug-id: 4691
* gpg: Implement keybox compression runWerner Koch2019-08-233-9/+28
| | | | | | | | | | | | | | * kbx/keybox-init.c (keybox_lock): Add arg TIMEOUT and change all callers to pass -1. * g10/keydb.c (keydb_add_resource): Call keybox_compress. -- Note that here in the 2.2 branch the way we call the locking in gpgsm is different from the one in gpg. So we could not cherry-pick from master. GnuPG-bug-id: 4644 Signed-off-by: Werner Koch <[email protected]>
* kbx: Include deleted records into the --stats output.Werner Koch2019-08-231-1/+6
| | | | | | | | | | | | * kbx/keybox-dump.c (_keybox_dump_file): Take deleted records in account. -- This also changes the numbering of the records to reflect the real record number. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 5ef0d7a795cf2462314ea0cb72c7efa7243ab405)
* kbx: Allow "gpgsm --faked-system-time" to kick off a compression run.Werner Koch2019-08-231-2/+2
| | | | | | | | | | * kbx/keybox-update.c (keybox_compress): Use make_timestamp. -- We have implemented the same in master, albeit we needed two commits for that. Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow --locate-external-key even with --no-auto-key-locate.Werner Koch2019-08-233-1/+35
| | | | | | | | | | | | | | | | * g10/getkey.c (akl_empty_or_only_local): New. * g10/gpg.c (DEFAULT_AKL_LIST): New. (main): Use it here. (main) <aLocateExtKeys>: Set default AKL if none is set. -- This better matches the expectations of the user. The used list in this case is the default list ("local,wkd") with local ignored by the command anyway. GnuPG-bug-id: 4662 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d058d80ed0d5edeff6d85108054b1dfd45ddad7d)
* gpg: Silence some warning messages during -Kv.Werner Koch2019-08-233-10/+19
| | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (glo_ctrl): Add flag silence_parse_warnings. * g10/keylist.c (list_all): Set that during secret key listsings. * g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do not print info message normally emitted inh verbose mode. (can_handle_critical_notation, enum_sig_subpkt): Ditto. (parse_signature, parse_key, parse_attribute_subpkts): Ditto. -- Those messages are annoying because they might be emitted due to parsing public keys which are latter not shows because the secret part is missing. No functional regressions are expected because --verbose should not change anything. Note that this suppression is only done if no arguments are given to the command; that is if a listing of the entire keyring is requested. Thus to see the earnings anyway, a listing of a single or group of keys can be requested. GnuPG-bug-id: 4627 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d7aca1bef68589134b36395901b92496a7a37392)
* gpg: Do not show an informational diagnostics with quiet.Werner Koch2019-08-231-1/+3
| | | | | | | | | | | * g10/trustdb.c (verify_own_keys): Silence informational diagnostic. -- This silences this notes with --quiet gpg: key EE65E8C75D41FD1D marked as ultimately trusted GnuPG-bug-id: 4634 Signed-off-by: Werner Koch <[email protected]>
* gpgconf: Suggest the use of --gpgconf-test on --launch problems.Werner Koch2019-08-231-1/+1
| | | | | | | | | * tools/gpgconf-comp.c (gc_component_launch): Change suggestion. -- GnuPG-bug-id: 4668 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 2a45800b2f8043d2533403eaadf8736d15ad7017)
* gpg: Use modern spelling for the female salutation.Werner Koch2019-08-221-2/+2
| | | | | | | -- GnuPG-bug-id: 4682 Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Extend keypairinfo with usage flags.Werner Koch2019-08-211-0/+11
| | | | | | * scd/app-nks.c (do_learn_status_core): Return usage. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Extend keypairinfo with usage flags.Werner Koch2019-08-211-0/+10
| | | | | | | * scd/app-openpgp.c (send_keypair_info): Return usage. -- Signed-off-by: Werner Koch <[email protected]>
* sm: Show the usage flags when generating a key from a card.Werner Koch2019-08-213-8/+61
| | | | | | | | | | * g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage flags. * sm/call-agent.c (scd_keypairinfo_status_cb): Ditto. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7)
* gpg: Allow decryption using non-OpenPGP cards.Werner Koch2019-08-215-174/+400
| | | | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (struct getattr_one_parm_s): New. (getattr_one_status_cb): New. (agent_scd_getattr_one): New. * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from pkcs#1. * g10/getkey.c (enum_secret_keys): Move to... * g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4) This commit also incorporates "g10: Move enum_secret_keys to skclist.c." Which was started with commit 03a8de7def4195b9accde47c1dcb84279361936d on master about a year ago. Signed-off-by: Werner Koch <[email protected]> GnuPG-bug-id: 4681
* scd: New standard attributes $ENCRKEYID and $SIGNKEYID.Werner Koch2019-08-214-6/+36
| | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo. * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto. * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and "$SIGNKEYID". * scd/app-nks.c (do_getattr): Add attributes too. -- We already have $AUTHKEYID to locate the keyref of the key to be used with ssh. It will also be useful to have default keyref for encryption and signing. For example, this will allow us to replace the use of "OPENPGP.2" by a app type specific keyref. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 2b1135cf920cf3d863813d60f032d476dcccfb58) Removed changes for the non-existing app-piv.c. Added support for NKS.
* gpg: Allow direct key generation from card with --full-gen-key.Werner Koch2019-08-214-20/+205
| | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_readkey): New. * g10/keygen.c (ask_key_flags): Factor code out to .. (ask_key_flags_with_mask): new. (ask_algo): New mode 14. -- Note that this new menu 14 is always displayed. The usage flags can be changed only in --expert mode, though. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit a480182f9d7ec316648cb64248f7a0cc8f681bc3) Removed stuff from gpg-card which does not exists in 2.2. No tests yet done for this backport.
* common: Extend function pubkey_algo_string.Werner Koch2019-08-213-4/+9
| | | | | | | | | | | | * common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f952226043824cbbeb8517126b5266926121c4e8) Removed the changes in gpg-card which is not part of 2.2 Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --use-only-openpgp-cardWerner Koch2019-08-213-1/+15
| | | | | | | | | | | | | | * g10/gpg.c (opts): Add option. (main): Set flag. * g10/options.h: Add flags.use_only_openpgp_card. * g10/call-agent.c (start_agent): Implement option. -- With the previous patch we switch to autoselect an application instead of requesting an openpgp card. This option allows to revert this in case of use use cases which expected the former behaviour. Signed-off-by: Werner Koch <[email protected]>
* gpg: Prepare card code to allow other than OpenPGP cards.Werner Koch2019-08-212-16/+30
| | | | | | | | | * g10/call-agent.c (start_agent): Use card app auto selection. * g10/card-util.c (current_card_status): Print the Application type. (card_status): Put empty line between card listings. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e47524c34a2a9f53c2507f67a0b41b460cee78b7)
* gpg: New card function agent_scd_keypairinfo.Werner Koch2019-08-212-3/+82
| | | | | | | | * g10/call-agent.c (scd_keypairinfo_status_cb) (agent_scd_keypairinfo): New. Taken from gpgsm. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 19:32:25 +0000