aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Ed448 and X448 are only for v5 (for subkey).NIIBE Yutaka2021-09-291-1/+6
| | | | | | | | | | | | * g10/keygen.c (generate_subkeypair): Specify KEYGEN_FLAG_CREATE_V5_KEY for Ed448 or X448 key. -- Reported-by: William Holmes Fixes-commit: 36355394d865f5760075e62267d70f7a7d5dd671 GnuPG-bug-id: 5609 Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: A 20 byte fingerprint is right filled in version 2 blob.NIIBE Yutaka2021-09-281-0/+2
| | | | | | | | | | * kbx/keybox-blob.c (create_blob_header): Fix creating FPR20 key in blob with 32-byte fingerprint. -- GnuPG-bug-id: 5609 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Skip the packet when not used for AEAD.NIIBE Yutaka2021-09-281-0/+1
| | | | | | | | | | * g10/free-packet.c (free_packet): Add the case for case PKT_ENCRYPTED_AEAD. -- GnuPG-bug-id: 5464 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Fix several "include file not found" problemsIngo Klöcker2021-09-203-7/+8
| | | | | | | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS. * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add NPTH_CFLAGS. * tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS, gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS. -- The tools include gcrypt.h via common/util.h. GnuPG-bug-id: 5592
* po: Fixed Italian translation for key expirationgiomba2021-09-201-1/+1
| | | | | | | | | | | * po/it.po: Fix italian translation. -- In English, "too" has two different meanings (eg. "too much" vs "change it too"). Italian translation used wrong meaning, and the sentence made no sense. Signed-off-by: Andre Heinecke <[email protected]>
* common: Support a gpgconf.ctl file under Unix.Werner Koch2021-09-171-17/+252
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/homedir.c (unix_rootdir): New. (gnupg_bindir): Use it. (gnupg_libexecdir): Use it. (gnupg_libdir): Use it. (gnupg_datadir): Use it. (gnupg_localedir): Use it. -- This feature is useful for building and using an AppImage version of gnupg and probably also for some other use cases. GnuPG-bug-id: 5999 Here is a sample gpgconf.ctl file --8<---------------cut here---------------start------------->8--- # gpgconf.ctl # # This file is used to change the directories where the gpg components # are installed. It does not change the configuration directories. # The file is expected in the same directory as gpgconf. The physical # installation directories are evaluated and no symlinks. Blank lines # and lines starting with pound signed are ignored. No errors are # printed for unknown keywords or commands. The only defined key for # now is "rootdir" which must be followed by one optional space, an # equal sign, and the value for the root directory. Environment # variables are substituted in standard shell manner, the final value # must start with a slash, trailing slashed are stripped. rootdir = $APPDIR/gnupg --8<---------------cut here---------------end--------------->8---
* common: New function substitute_envvars.Werner Koch2021-09-173-0/+206
| | | | | | | | | | * common/stringhelp.c (substitute_envvars): New. Based on code in gpg-connect-agent. * common/t-stringhelp.c: Include sysutils.h. (test_substitute_envvars): New. -- GnuPG-bug-id: 5599
* doc: Clarify some gpg keyring optionsWerner Koch2021-09-141-22/+28
| | | | | -- GnuPG-bug-id: 5594
* gpg: Print a warning when importing a bad cv25519 secret key.Werner Koch2021-09-141-1/+17
| | | | | | | | * g10/import.c (transfer_secret_keys): Add simple check. -- Note that the requirement for a set high bit is not yet checked. GnuPG-bug-id: 5464
* Update release signing keys.Werner Koch2021-09-141-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -- These are now # ------------------------ >8 ------------------------ pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15] 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) uid Andre Heinecke (Release Signing Key) sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <[email protected]> pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA6E64A76D2840571B4902528897B826403ADA uid Werner Koch (dist signing 2020) sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020) sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig) sig 63113AE866587D0A 2020-08-24 [email protected] sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing) sig F2AD85AC1E42B367 2020-08-24 Werner Koch <[email protected]> pub ed25519 2021-05-19 [SC] [expires: 2027-04-04] AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD uid Niibe Yutaka (GnuPG Release Key) sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key) sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <[email protected]> sig E267B052364F028D 2021-09-14 NIIBE Yutaka <[email protected]>
* common: New envvar GNUPG_EXEC_DEBUG_FLAGS.Werner Koch2021-09-131-4/+16
| | | | | * common/exechelp-w32.c (gnupg_spawn_process_detached): Silence breakaway messages and turn them again into debug messages.
* doc: Minor update of the AD schema.Werner Koch2021-09-093-39/+45
| | | | --
* sm: Add LotW support to the key listingWerner Koch2021-09-093-3/+11
| | | | | | | | | | * sm/certdump.c (parse_dn_part): Translate OID to "Callsign" * sm/keylist.c (oidtranstbl): Some more OIDs. -- This is Ham thingy to make it easier to read LotW certificates. Signed-off-by: Werner Koch <[email protected]>
* build: Fix "ksba.h not found" problemIngo Klöcker2021-09-081-1/+1
| | | | | | | * sm/Makefile.am (t_minip12_CFLAGS): Add KSBA_CFLAGS. -- GnuPG-bug-id: 5592
* agent: Fix segv in GET_PASSPHRASE (regression)Werner Koch2021-09-071-1/+1
| | | | | | | | | * agent/command.c (cmd_get_passphrase): Do not deref PI. PI is always NULL. -- Fixes-commit: b89b1f35c29ceaebe39b31444936aa66c9297f2c GnuPG-bug-id: 5577
* gpg: Print a note about the obsolete option --secret-keyring.Werner Koch2021-08-282-2/+2
| | | | | | -- GnuPG-bug-id: 2749
* gpg: Change default and max AEAD chunk size to 4 MiBWerner Koch2021-08-272-4/+4
| | | | | | | | | -- This is per OpenPGP WG design team decision from 2021-08-13 (raising a new wall after exactly 60 years ;-) Signed-off-by: Werner Koch <[email protected]>
* kbx: Fix checksum computation for no UBID entry on disk.NIIBE Yutaka2021-08-271-2/+2
| | | | | | | | | | | | * kbx/keybox-blob.c (create_blob_header): Fix the flag to match no UBID entry, (create_blob_finish): Fix the length of data to be hashed. -- GnuPG-bug-id: 5573 Fixes-commit: 915297705af6f1db74dacf0d6665b83eb0a58459 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix put_membuf.NIIBE Yutaka2021-08-271-1/+4
| | | | | | | | | | * common/membuf.c (put_membuf): Allow NULL for the second arg. -- There has been such a use case in keybox-blob.c. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix get_signal_name for GNU/Linux.NIIBE Yutaka2021-08-262-1/+4
| | | | | | | | | | * common/signal.c (get_signal_name): Use sigdescr_np if available. * configure.ac: Check the function. -- GnuPG-bug-id: 5568 Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2021-08-242-1/+8
| | | | --
* Release 2.3.2gnupg-2.3.2Werner Koch2021-08-242-8/+132
|
* dirmngr: Change the default keyserver.Werner Koch2021-08-247-57/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to keyserver.ubuntu.com. * dirmngr/certcache.c (cert_cache_init): Disable default pool cert. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/http.c (http_session_new): Ditto. * dirmngr/server.c (make_keyserver_item): Use a different mapping for the gnupg.net names. -- Due to the unfortunate shutdown of the keyserver pool, the long term defaults won't work anymore. Thus it is better to change them. For https access keyserver.ubuntu.com is now used because it can be expected that this server can stand the load from newer gnupg LTS versions. For http based access the Dutch Surfnet keyserver is used. However due to a non-standard TLS certificate this server can not easily be made the default for https. Note: that the default server will be changed again as soon as a new connected keyserver infrastructure has been established. (cherry picked from commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1)
* po: In German always use "Passwort" instead of "Passphrase".Werner Koch2021-08-241-109/+109
| | | | | | | | | | | | | | | | | -- This is a several decade old debate how to name this. Meanwhile in Germany it seems to be more clean to use the term "Passwort" instead of "Passphrase" (or that "Mantra" thing). It is easier to explain to users that a password may include spaces etc than to to explain the difference between passphrase and password. So let's keep the things in the code as is but change the translations. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c9859967c0d85e36c56ff481d402b97d2fd386bb) and adjusted for 2.3.
* po: Auto update translationsWerner Koch2021-08-2425-4428/+3725
| | | | --
* po: Update German translationWerner Koch2021-08-241-171/+160
| | | | --
* gpg: Report the status of NO_SECKEY for decryption.NIIBE Yutaka2021-08-241-2/+2
| | | | | | | | | | * g10/mainproc.c (proc_encrypted): Fix the condition to report NO_SECKEY even when the key was not considered by get_session_key. -- GnuPG-bug-id: 5562 Signed-off-by: NIIBE Yutaka <[email protected]>
* wkd: Properly unescape the user-id from a key listing.Werner Koch2021-08-201-6/+16
| | | | * tools/wks-util.c (append_to_uidinfo_list): Unescape UID.
* wkd: Fix client issue with leading or trailing spaces in user-ids.Werner Koch2021-08-206-20/+200
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/recsel.c (recsel_parse_expr): Add flag -t. * common/stringhelp.c: Remove assert.h. (strtokenize): Factor code out to do_strtokenize. (strtokenize_nt): New. (do_strtokenize): Add arg trim to support the strtokenize_nt. * common/t-stringhelp.c (test_strtokenize_nt): New test cases. * tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel flag -t. -- This fixes a bug with user ids with leading spaces because: wks-client lists all mail addresses from the key and matches them to the requested mail address. If there are several user-ids all with the same mail address wks-client picks one of them and then extracts exactly that user id. However, here it does not match by the mail address but by the full user-id so that we can be sure that there will be only one user-id in the final key. The filter built expression unfortunately strips leading blanks but requires a verbatim match. Thus it won't find the user id again and errors out. The new -t flag and a non-trimming strtokenize solves the problem. Signed-off-by: Werner Koch <[email protected]>
* scd: Don't release the context until list_finish for PC/SC.NIIBE Yutaka2021-08-201-1/+8
| | | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Increment PCSC.COUNT here. (apdu_dev_list_finish): Decrement PCSC.COUNT. -- GnuPG-bug-id: 5416 Fixes-commit: 32baa9acfb153004bdb2509f9516482b78f256a4 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Return SUCCESS/FAILURE status also for --card-edit/name.Werner Koch2021-08-191-3/+8
| | | | | | | * g10/card-util.c (change_name): Call write_sc_op_status. -- Reported-by: Joey Berkovitz
* agent: Use the sysconfdir for a pattern file.Werner Koch2021-08-182-5/+34
| | | | * agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
* agent: Ignore passphrase constraints for a generated passphrase.Werner Koch2021-08-184-35/+74
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New. (MAX_GENPIN_TRIES): Remove. * agent/call-pinentry.c (struct entry_parm_s): (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid. (is_generated_pin): New. (inq_cb): Suppress constraints checking for a generated passphrase. No more need for several tries to generate the passphrase. (do_getpin): Store a generated passphrase/pin in the status field. (agent_askpin): Suppress constraints checking for a generated passphrase. (agent_get_passphrase): Ditto. * agent/command.c (cmd_get_passphrase): Ditto. -- A generated passphrase has enough entropy so that all kind of extra checks would only reduce the actual available entropy. We thus detect if a passphrase has been generated (and not changed) and skip all passphrase constraints checking.
* agent: Improve the GENPIN callback.Werner Koch2021-08-181-9/+14
| | | | | | * agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ... (DEFAULT_GENPIN_BITS): this and increase to 150. (generate_pin): Make sure that we use at least 128 bits.
* agent: Fix for zero length help string in pinentry hints.Werner Koch2021-08-181-13/+31
| | | | | | | | | | | | * agent/call-pinentry.c: Remove unused assert.h. (inq_cb): Fix use use of assuan_end_confidential in case of nested use. (do_getpin): Ditto. (setup_formatted_passphrase): Escape the help string. (setup_enforced_constraints): Ignore empty help strings. -- (Ported from 2.2)
* common,w32: Replace log_debug by log_info for InProcessJobsWerner Koch2021-08-181-3/+3
| | | | * common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info.
* doc: Add sample texts for Pinentry hintsWerner Koch2021-08-181-1/+27
| | | | --
* agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pientWerner Koch2021-08-131-1/+8
| | | | * agent/call-pinentry.c (atfork_core): Pass DISPLAY.
* agent: New option --check-sym-passphrase-pattern.Werner Koch2021-08-137-29/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oCheckSymPassphrasePattern): New. (opts): Add --check-sym-passphrase-pattern. (parse_rereadable_options): Set option. (main): Return option info. * tools/gpgconf-comp.c: Add new option. * agent/agent.h (opt): Add var check_sym_passphrase_pattern. (struct pin_entry_info_s): Add var constraints_flags. (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1. (CHECK_CONSTRAINTS_NEW_SYMKEY): New. * agent/genkey.c (check_passphrase_pattern): Rename to ... (do_check_passphrase_pattern): this to make code reading easier. Handle the --check-sym-passphrase-pattern option. (check_passphrase_constraints): Replace arg no_empty by a generic flags arg. Also handle --check-sym-passphrase-pattern here. * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass CHECK_CONSTRAINTS_NEW_SYMKEY flag. * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags. (struct inq_cb_parm_s): New. (inq_cb): Use new struct for parameter passing. Pass flags to teh constraints checking. (do_getpin): Pass constraints flag down. (agent_askpin): Take constrainst flag from the supplied pinentry struct. -- Requirements for a passphrase to protect a private key and for a passphrase used for symmetric encryption are different. Thus a the use of a different pattern file will be useful. Note that a pattern file can be used to replace the other passphrase constraints options and thus we don't need to duplicate them for symmetric encryption. GnuPG-bug-id: 5517 Signed-off-by: Werner Koch <[email protected]>
* indent: Add a git blame ignore fileWerner Koch2021-08-131-0/+2
| | | | --
* agent: Make --pinentry-formatted-passphrase a simple flagIngo Klöcker2021-08-124-39/+8
| | | | | | | | | | | | | | * agent/agent.h (opt): Change type of pinentry_formatted_passphrase to int (as for other flags). * agent/call-pinentry.c (setup_formatted_passphrase): Remove no longer needed translated strings. Write option without value to Assuan connection. * agent/gpg-agent.c (opts): Use ARGPARSE_s_n for oPinentryFormattedPassphrase. (parse_rereadable_options): Set option to 1. -- GnuPG-bug-id: 5553, 5517
* w32: Move socketdir to LCOAL_APPDATAWerner Koch2021-08-115-87/+152
| | | | | | | | | | | | | | | | | | | | | | | * common/homedir.c (is_gnupg_default_homedir): Use standard_homedir instead of the constant which makes a difference on Windows. (_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA. (gnupg_cachedir): Remove unsued function. * common/sysutils.c (gnupg_rmdir): New. * tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/. -- That is actually a more correct directory than APPDATA. This fixes a problem with installations where the APPDATA is non a network drive and the resulting socket filename is truncated in our socket helper function (because we use sockaddr also for our local socket emulation on Windows). LOCAL_APPDATA is expected to be on the local box and thus in the majority of cases the resulting socket file name will be short enough. GnuPG-bug-id: 5537 Signed-off-by: Werner Koch <[email protected]>
* gpgconf,w32: Print more registry diagnostics with --list-dirs.Werner Koch2021-08-111-2/+36
| | | | | | * tools/gpgconf.c (list_dirs): Figure out classes with the key. Signed-off-by: Werner Koch <[email protected]>
* agent: Add checkpin inquiry for pinentryIngo Klöcker2021-08-101-0/+104
| | | | | | | | | | | | | | | | * agent/call-pinentry.c (inq_cb): Handle checkpin inquiry. (setup_enforced_constraints): New. (agent_get_passphrase): Call setup_enforced_constraints if new passphrase is requested. -- This implements the gpg-agent side for checking whether a new passphrase entered by the user in pinentry satisfies the passphrase constraints. Performing a checkpin inquiry is only allowed if the passphrase constraints are enforced. setup_enforced_constraints sends necessary options and translated strings to pinentry. GnuPG-bug-id: 5517, 5532
* agent: New option --pinentry-formatted-passphraseIngo Klöcker2021-08-104-0/+104
| | | | | | | | | | | | * agent/agent.h (opt): Add field pinentry_formatted_passphrase. * agent/call-pinentry.c (setup_formatted_passphrase): New. (agent_get_passphrase): Pass option to pinentry. * agent/gpg-agent.c (oPinentryFormattedPassphrase): New. (opts): Add option. (parse_rereadable_options): Set option. -- GnuPG-bug-id: 5517
* build: Simplify for string.h and getopt.h.NIIBE Yutaka2021-08-053-7/+1
| | | | | | | | | | | | | * configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h. * dirmngr/ks-engine-ldap.c: Remove including getopt.h. * tools/make-dns-cert.c: Likewise. -- Checking string.h is supported by AC_HEADER_STDC. Use of getopt.h is only needed for getopt_long of GNU extention. Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Fix pwri.NIIBE Yutaka2021-08-051-3/+3
| | | | | | | | | | * sm/decrypt.c (pwri_parse_pbkdf2): Use int for digest algo. (pwri_decrypt): Use int for cipher algo and digest algo. -- Fixes-commit: 02029f9eab87e9fd667829dfb083846275576398 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Remove duplication of AC_HEADER_TIME.NIIBE Yutaka2021-08-051-3/+1
| | | | | | * configure.ac: Have a single AC_HEADER_TIME. Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update checking headers.NIIBE Yutaka2021-08-051-2/+2
| | | | | | | | | * configure.ac (AC_CHECK_HEADERS): Remove pty.h utmp.h, util.h, and libutil.h. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentryIngo Klöcker2021-08-021-0/+5
| | | | | | | | | | | | | * common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and QT_QPA_PLATFORM. -- On Unix systems (except Darwin), Qt uses those two environment variables additionally to DISPLAY and WAYLAND_DISPLAY to figure out whether to use X11 or Wayland. For example, QT_QPA_PLATFORM needs to be set to "wayland" to make Qt use Wayland on Gnome. GnuPG-bug-id: 3659
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 22:51:20 +0000