| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c (do_decipher): New.
--
tested using the D-TRUSt card and a SCR3310 reader. The Kobil KAAN
Advanced, I used for the signing tests could not be used because it
supports only Short APDU Level exchange.
Signed-off-by: Werner Koch <[email protected]>
Back ported from master.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c (do_sign): Factor code out to ...
(prepare_verify_pin, verify_pin): new functions.
--
Signed-off-by: Werner Koch <[email protected]>
Bakc ported from master
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_pkey and change all callers.
(app_help_get_keygrip_string): Ditto.
* scd/app-p15.c (struct cdf_object_s): Use bit flags
(struct aodf_object_s): Ditto. Add field 'fid'.
(struct prkdf_object_s): Ditto. Add fields keygrip, keyalgo, and
keynbits.
(parse_certid): Allow a keygrip instead of a certid aka keyref.
(read_ef_aodf): Store the FID.
(keygripstr_from_prkdf): Rename to ...
(keygrip_from_prkdf): this. Remove arg r_gripstr and implement cache.
Change callers to directly use the values from the object. Also store
the algo and length of the key ion the object.
(keyref_from_keyinfo): New. Factored out code.
(do_sign): Support SHA-256 and >2048 bit RSA keys.
common/scd:p15: Support signing with CardOS 5 cards.
* common/util.h (KEYGRIP_LEN): New.
--
This has been tested with a D-Trust card featuring 3072 bit keys.
Note that non-repudiation key for a qualified signature does not yet
work because we do not yet support rsaPSS padding. Thus a gpgsm
--learn shows a couple of Bad Signature errors for this key.
Signed-off-by: Werner Koch <[email protected]>
Back ported from master:
- Removed do_with_keygrip
- Added KEYGRIP_LEN
- app_help_get_keygrip_string_pk actually added.
- Move keygrip_from_prkdf in do_sign before the verification.
It used to work in master only because there it is implictly
called prior to signing by do_with_keygrip
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c (readcert_by_cdf): Allow reading in extended mode.
* scd/app-common.h (app_get_slot): New.
--
Signed-off-by: Werner Koch <[email protected]>
(Back ported from master)
Added app_get_slot.
|
| |
|
|
|
|
|
| |
* scd/iso7816.c (iso7816_read_binary): Factor code out to ...
(iso7816_read_binary_ext): new function. Add arg extended_mode.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
--
This removes almost all log_debug calls and uses opt.verbose and
log_info to show card information. Also avoid too long and thus
harder to read lines.
Signed-off-by: Werner Koch <[email protected]>
(back ported from master)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly. Silence
the garbage warning for null bytes.
(print_tokeninfo_tokenflags): New.
(read_ef_tokeninfo): Print manufacturer, label, and flags.
(app_select_p15): No need to use the app_get_slot macro.
(CARD_TYPE_CARDOS_50): New const.
(card_atr_list): Detect CardOS 5.0
--
The card under test is a "Test-Signaturkarte D-TRUST Card 3.1" for a
mere 49 Euro and no specs available. D-Trust is a branch of the
German Bundesdruckerei. Compare that to Telesec and Yubikey who have
always been nice enough to send bunches of sample cards without a need
to wade through lots of forms and not even asking for money. Guess
which cards I prefer.
Signed-off-by: Werner Koch <[email protected]>
(backported from master)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (NAME_OF_SENDMAIL): New ac_define.
* tools/send-mail.c (run_sendmail): Use it.
--
We used to ac_subst the SENDMAIL in the old keyserver via mail script.
We can reuse this to avoid a fixed name for sendmail in the
send-mail.c helper.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 08147f8bbdca40c98c2a094fa48fab15b8339c80)
GnuPG-bug-id: 4886
|
| |
|
|
|
|
|
|
|
|
| |
* agent/protect-tool.c (read_key): Detect simple extended key format.
--
This is a quick hack to get a useful error messages. The real fix is
to replace the protect tool by a more useful new tool.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* sm/certreqgen.c: Protect printing the line numbers in case of !R.
--
GnuPG-bug-id: 4895
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
* sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
* sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.
--
If the issuer does not provide a DP and the user wants such an issuer,
we expect that a certificate does not need revocation checks. The new
option --enable-issuer-based-crl-check can be used to revert to the
old behaviour which requires that a suitable LDAP server has been
configured to lookup a CRL by issuer.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from master)
|
| |
|
|
| |
--
|
| |
|
|
| |
* build-aux/speedo.mk (sign-installer): Fix syntax error.
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (gc_component_check_options): Take care of
--homedir.
(retrieve_options_from_program): Ditto.
--
Note that due to the large changes in master we could not backport the
patch from there.
GnuPG-bug-id: 4882
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_getattr): Send the KDF DO information.
--
Fixes-commit: 95c7498b76231d3297541172d878f6a26702539b
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 11da441016222337284c519ff56aca34e3042373)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field.
(do_getattr): Set pinpad.disabled field.
(check_pinpad_request): Use the pinpad.disabled field.
(do_setattr): Update pinpad.disabled field.
--
GnuPG-bug-id: 4832
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 95c7498b76231d3297541172d878f6a26702539b)
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/delkey.c: Include shareddefs.h.
(delete_keys): Print a hint.
--
The option --yes has some side-effects so it is not desirable to use it
automatically. The code in master (2.3) has special treatment of
confirm messages and thus this patch is only for 2.2.
GnuPG-bug-id: 4667
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/certcache.c (find_cert_bysubject): Add better debug output
and try to locate by keyid.
--
This change was suggested in T4536
but we do not have any test cases for this.
GnuPG-bug-id: 4536
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 4699e294cc9e59f35262adca26ca291927acca9e)
The bug report meanwhile has a test description but I have not done
the testing yet. I port this back to 2.2 anyway given that no
regression have been reported for master in nearly a year.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well
as long key ID.
* doc/gpg.texi: document that --trusted-key can accept a fingerprint.
--
GnuPG-bug-id: 4855
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Fixed uses or return and kept the old string to avoid breaking
translations.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb)
Remove the test for FPRLEN which we do not have in 2.2
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (merge_selfsigs_main): Take a zero key creation time in
account.
--
Keys created at the Epoch have a creation time of 0; when figuring out
the latest signature with properties to apply to a key the usual
comparison A > B does not work if A is always 0. We now special case
this for the expiration and usage data.
Co-authored-by: [email protected]
GnuPG-bug-id: 4670
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 161a098be6f9d50fb5f7e120baee81e75d6eb5ad)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (opts): New options --auto-key-import,
--no-auto-key-import, and --no-include-key-block.
(gpgconf_list): Add them.
* g10/options.h (opt): Add field flags.auto_key_import.
* g10/mainproc.c (check_sig_and_print): Use flag to enable that
feature.
* tools/gpgconf-comp.c: Give the new options a Basic config level.
--
Note that the --no variants of the options are intended for easy
disabling at the command line.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>
Backported from master.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_key_from_file): Rename to ...
(read_key_from_file_or_buffer): this and add new parameters. Adjust
callers.
(import_included_key_block): New.
* g10/packet.h (PKT_signature): Add field flags.key_block.
* g10/parse-packet.c (parse_signature): Set that flags.
* g10/sig-check.c (check_signature2): Add parm forced_pk and change
all callers.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Try the included key block if no key is
available.
--
This is is the second part to support the new Key Block subpacket.
The idea is that after having received a signed mail, it is instantly
possible to reply encrypted - without the need for any centralized
infrastructure.
There is one case where this does not work: A signed mail is received
using a specified signer ID (e.g. using gpg --sender option) and the
key block with only that user ID is thus imported. The next time a
mail is received using the same key but with a different user ID; the
signatures checks out using the key imported the last time. However,
the new user id is not imported. Now when trying to reply to that
last mail, no key will be found. We need to see whether we can update
a key in such a case.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>
Backported from master
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.
--
This patch adds support for a to be proposed OpenPGP ferature:
Introduce the Key Block subpacket to align OpenPGP with CMS.
This new subpacket may be used similar to the CertificateSet of
CMS (RFC-5652) and thus allows to start encrypted communication
after having received a signed message. In practice a stripped down
version of the key should be including having only the key material
and the self-signatures which are really useful and shall be used by
the recipient to reply encrypted.
#### Key Block
(1 octet with value 0, N octets of key data)
This subpacket MAY be used to convey key data along with a signature
of class 0x00, 0x01, or 0x02. It MUST contain the key used to create
the signature; either as the primary key or as a subkey. The key
SHOULD contain a primary or subkey capable of encryption and the
entire key must be a valid OpenPGP key including at least one User ID
packet and the corresponding self-signatures.
Implementations MUST ignore this subpacket if the first octet does not
have a value of zero or if the key data does not represent a valid
transferable public key.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>
Backported from master.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/export.c (push_export_filters): New.
(pop_export_filters): New.
(export_pubkey_buffer): Add args prefix and prefixlen. Adjust
callers.
* g10/import.c (impex_filter_getval): Add property "fpr".
* g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
--
The push and pop feature will help us to use the export filter
internally in gpg. Same for the export_pubkey_buffer change.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_seckey_default_or_card): Handle the case
when card key is not suitable for requested usage.
--
GnuPG-bug-id: 4850
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
| |
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
(cherry picked from commit 0e1cbabc0ad4fe2ca9644fffb5cf27b1a8a1509f)
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/ksba-io-support.c (base64_reader_cb): Detect the END tag and
don't just rely on the padding chars. This could happen only with
CR+LF termnmated PEM files. Also move the detection into the invalid
character detection branch for a minor parser speedup.
--
GnuPG-bug-id: 4847
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 6248739799fd4a877529089375e2a4103d33e6f4)
|
| |
|
|
|
|
|
| |
* doc/gpg.texi: Update return value and warning sections.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 113a8288b85725f7726bb2952431deea745997d8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C. Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.
* g10/main.h: Put util.h before the local header files.
--
This change is required for use with gcc/ld's LTO feature which does
not allow common blocks. Further gcc 10 will make -fno-common the
default and thus this chnage is always needed. What a pitty.
Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/verify.c (verify_files): Track the first error code.
--
It seems to be possible to play tricks with packet structures so that
log_error is not used for a bad input data. By actually checking the
return code and let the main driver in gpg call log_error, we can fix
this case.
Note that using gpg --verify-files and relying solely on gpg's return
code is at best a questionable strategy. It is for example impossible
to tell which data has been signed.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 5681b8eaa44005afdd30211b47e5fb1a799583dd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/logging.c (log_inc_errorcount): Also protect against
overflow.
(log_error): Call log_inc_errorcount instead of directly bumping the
counter.
--
We already had an overflow checking for log_error but not for the
silent increment function.
This is basically the same fix we have in libgpg-error
(libgpg-error commit d72c1ddfde09ffa69745ec2439c5a16d15e2202f)
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
Backport from master.
|
| |
|
|
|
|
|
|
|
| |
* tools/gpgconf.c (list_dirs): Check whether the homedir has been
taken from the registry.
--
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 7f12fb55f9757cd68147eca8f162c85378538405)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (parse_def_secret_key): Remove the check.
--
Backport from master commit:
1aa2a0a46dc19e108b79dc129a3b0c5576d14671
GnuPG-bug-id: 4810
Fixes-commit: e573e6188dada4d70f6897aa2fda3c3af8c50441
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
| |
--
GnuPG-bug-id: 4799
|
| |
|
|
|
|
| |
--
The expiration time of that smartcard based key has been prolonged
by 2 years.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (list_one): Probe for a secret key in --with-secret
mode.
--
In contrast to list_all(), list_one() did not tests for a secret key
and took MARK_TRUSTED verbatim as an indication for "secret key
available".
GnuPG-bug: 4061
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 59d49e4a0ac2ed27803507cb7d2c6af166527bd5)
|
| |
|
|
|
| |
* build-aux/speedo.mk (AUTHENTICODE_sign): Check if
certificates are available.
|
| |
|
|
| |
* build-aux/speedo.mk (dist-source): Add -T0 parameter to xz.
|
| |
|
|
|
| |
* Makefile.am (sign-release): Add handling for wixlib.
* build-aux/speedo.mk: Add help-wixlib and improve handling.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Makefile.am (EXTRA_DIST): Add wixlib.wxs
* build-aux/speedo.mk (w32-wixlib): New target.
(w32-release): Build wixlib if WIXPREFIX is set.
(help): Add documentation.
* build-aux/speedo/w32/wixlib.wxs
--
This build a wixlib of the Windows binaries of GnuPG.
A wixlib is a module that can be linked into another
wix project to create an installer including this
module. Gpg4win uses the wixlib from GnuPG for
it's MSI Package.
To build the wixlib you need wine with wine-mono installed
and the wixtoolset.
When calling speedo set the variable WIXPREFIX to
the location containing the extracted toolset.
e.g.:
make -f build-aux/speedo.mk w32-wixlib WIXPREFIX=~/wix
(cherry picked from commit 0b7088dc8035e8d5832c89085eea3b288de67710)
|
