aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Support key flags for RENC, TIME, and GROUP.Werner Koch2022-09-077-3/+70
| | | | | | | | | | | | | | | | | | * g10/packet.h (PUBKEY_USAGE_RENC): New. (PUBKEY_USAGE_TIME): New. (PUBKEY_USAGE_GROUP): New. * g10/getkey.c (parse_key_usage): Set the new key flags. * g10/keyedit.c (show_key_with_all_names_colon): Show the new key flags. * g10/keyid.c (usagestr_from_pk): Ditto * g10/keylist.c (print_capabilities): Ditto. * g10/keygen.c (parse_usagestr): Parse line and set new flags. (quickgen_set_para): Show flags. -- See draft-koch-openpgp-2015-rfc4880bis-00 for the current version. Actually these flags have been in the draft for years now. This patch is a first step to make use of them.
* tools:gpg-auth: Support use of pinpad.NIIBE Yutaka2022-09-061-14/+27
| | | | | | | | | * tools/gpg-auth.c (getpin): Use comment. (inq_needpin): Support "POPUPPINPADPROMPT" protocol response. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix to determine ECC curve for SSH.NIIBE Yutaka2022-09-061-3/+3
| | | | | | | | | | | | * common/ssh-utils.c (ssh_public_key_in_base64): Use standard name for ECC curve. -- See oidtable in common/openpgp-oid.c. Fixes-commit: 8e650dbd48fa5fde6d8f08154e6a892d495e9227 Signed-off-by: NIIBE Yutaka <[email protected]>
* tools:gpg-auth: Show SSH key comment when asking PIN.NIIBE Yutaka2022-09-051-3/+21
| | | | | | | | | | * tools/gpg-auth.c (authenticate): Put key_list->comment to assuan user's pointer. (getpin): Show SSH key comment if any. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Fix gpg-auth.NIIBE Yutaka2022-09-021-15/+42
| | | | | | | | | | | | | | | | | | * tools/gpg-auth.c (my_strusage): Fix usage string. (main): Use gpg-agent to get scdaemon socket. (authenticate): Return GPG_ERR_NOT_FOUND when no success. (ga_scd_connect): Use DBG_IPC. (inq_needpin): Change API for getpin. (put_second_field_cb): New, to get the second field. (scd_get_pubkey): Use put_second_field_cb. (ga_filter_by_authorized_keys): Put NULL at the PREV->next. (getpin): Flush the standard output. Include the last terminating NUL. Return the length. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tools:gpg-auth: New tool for authentication.NIIBE Yutaka2022-09-022-1/+924
| | | | | | | | | | | * tools/Makefile.am (bin_PROGRAMS): Add gpg-auth. (gpg_auth_SOURCES, gpg_auth_LDADD): * tools/gpg-auth.c: New. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Make nvc_lookup more robust.Werner Koch2022-09-011-1/+12
| | | | | | | | * common/name-value.c (nvc_first): Allow for NULL arg. (nvc_lookup): Allow for PK being NULL. -- GnuPG-bug-id: 6176
* po: Update Japanese Translation.NIIBE Yutaka2022-09-011-26/+13
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: New option --debug-cache-expired-certs.Werner Koch2022-08-313-3/+14
| | | | | | | | * dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs: * dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New. (opts): Add option. (parse_rereadable_options): Set option. * dirmngr/certcache.c (put_cert): Handle the option.
* dirmngr: Reject certificate which is not valid into cache.NIIBE Yutaka2022-08-261-0/+14
| | | | | | | | | | | | | | | | * dirmngr/certcache.c (put_cert): When PERMANENT, reject the certificate which is obviously invalid. -- With this change, invalid certificates from system won't be registered into cache. Then, an intermediate certificate which is issued by an entity certified by such an invalid certificate will be also rejected with GPG_ERR_INV_CERT_OBJ. With less invalid certificates in cache, it helps the validate_cert_chain function work better. GnuPG-bug-id: 6142 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add npth_unprotect/npth_protect for blocking operations.NIIBE Yutaka2022-08-251-0/+20
| | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Name the thread. (ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap blocking operations by npth_unprotect/npth_protect. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add a libusb debug level.Werner Koch2022-08-221-1/+33
| | | | | | | | | | * scd/ccid-driver.c (USE_LIBUSB_DEBUG_CB): New const. (debug_libusb_cb): new. (ccid_set_debug_level): Use it. -- This allows to see the libusb log in our usual debug output. For this the option debug-ccid-driver needs to be given 5 or more times.
* common: New common option no-autostart.Werner Koch2022-08-228-2/+39
| | | | | | | | | | | | | | | | | | | | * common/comopt.c (opts): Add "no-autostart". (parse_comopt): Set it. * common/comopt.h (comopt): Add no_autostart. * g10/gpg.c (main): Take care of the new option. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add. (main): Parse common options and handle new option. * tools/gpg-card.c (main): Ditto. (cmd_yubikey): Fix minor error reporting issue. * common/util.h (GNUPG_MODULE_NAME_CARD): New const. * common/homedir.c (gnupg_module_name): Support it. -- Having a global option makes it easier to use disable autostart on a server which is required to use a remote gpg-agent reliable.
* dirmngr: Fix NTBTLS include for testAndre Heinecke2022-08-161-1/+2
| | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add NTBTLS. -- This fixes the build in case every lib is installed into its own prefix.
* gpg: Fix --card-status to handle lowercase APPTYPEsWerner Koch2022-08-161-6/+6
| | | | * g10/card-util.c (current_card_status): Use ascii_strcasecmp.
* doc: Update description of the key format.Werner Koch2022-08-162-11/+21
| | | | --
* gpg: Improve --edit-key setpref.Werner Koch2022-08-121-5/+17
| | | | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Allow extra spaces before preference elements. Detect the bracketed versions of the strings. Ignore "aead". -- This allows to c+p the list shown by pref with out remove the brackets.
* agent: New option --need-attr for KEYINFO.Werner Koch2022-08-112-17/+73
| | | | | | | | | | | | | | * agent/command.c (do_one_keyinfo): New arg need_Attr. (cmd_keyinfo): New option --need-attr. * agent/findkey.c (public_key_from_file): Use nvc_get_boolean. -- This option makes it easier to list keys suitable only for certain purposes. The second patch makes if compliant to the description in keyformat.txt
* common: New function nvc_get_boolean.Werner Koch2022-08-112-0/+25
| | | | * common/name-value.c (nvc_get_boolean): New.
* gpg: Emit an ERROR status if --quick-set-primary-uid failsIngo Klöcker2022-08-091-3/+9
| | | | | | | | | | * g10/keyedit.c (keyedit_quick_set_primary): Issue a status error. -- This allows GpgME to detect and report a failure if setting the primary user ID of a key failed. GnuPG-bug-id: 6126
* gpg: Look up user ID to mark as primary by UID hashIngo Klöcker2022-08-082-26/+25
| | | | | | | | | | | | | | | | * g10/keyedit.c (find_userid_by_namehash, find_userid): Add argument want_valid. Skip invalid user IDs if valid is wanted. (keyedit_quick_revuid): Ask find_userid() for any matching user ID. (keyedit_quick_set_primary): Use find_userid() to find the user ID to mark as primary. * tests/openpgp/quick-key-manipulation.scm: Change second call of the quick-set-primary-uid test to specify the user ID by its hash. -- This makes it possible to specify the user ID to mark as primary via its UID hash when calling --quick-set-primary-uid. GnuPG-bug-id: 6126
* gpg: Fix wrong error message for keytocard.Werner Koch2022-08-041-3/+1
| | | | | | | * g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE. -- GnuPG-bug-id: 6122
* common: Silence warnings from AllowSetForegroundWindow.Werner Koch2022-08-032-2/+12
| | | | | * common/sysutils.c (gnupg_allow_set_foregound_window): Print warning only with debug flag set.
* dirmngr: Fix failed malloc error message.Werner Koch2022-08-031-2/+5
| | | | * dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
* gpgconf: Add config file for Windows Registry dumps.Werner Koch2022-08-033-1/+85
| | | | | | | * tools/gpgconf.c (show_registry_entries_from_file): New. (show_configs): Call it. * doc/examples/gpgconf.rnames: New. * doc/Makefile.am (examples): Add it.
* g13: Remove unused variable.Werner Koch2022-08-021-1/+0
| | | | --
* gpg: Make symmetric + pubkey encryption de-vs compliant.Werner Koch2022-08-021-5/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption de-vs compliant. * g10/mainproc.c (struct symlist_item): New. (struct mainproc_context): Add field symenc_list. (release_list): Free that list. (proc_symkey_enc): Record infos from symmetric session packet. (proc_encrypted): Check symkey packet algos -- The original check was too strong because it is in fact compliant to encrypt with a symmetric key and and public key. Thus decryption should issue a compliance status. In addition we now check that the cipher algorithms used to symmetrically encrypt the session key are all compliant. This is similar to our check for all public key encrypted session key packets. GnuPG-bug-id: 6119 Fixes-commit: b03fab09e188f7bb10237d4f20455e4026737e4e Backported from 2.2 Signed-off-by: Werner Koch <[email protected]>
* gpgconf: Improve registry dumping.Werner Koch2022-08-024-15/+31
| | | | | | | | | | | | * common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and change all callers. (show_configs): Indicate whether the HKLM fallback was used. * tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin Registry key. Indicate whether the HKLM fallback was used. -- Note that this is backport from 2.2. The new support there for REG_DWORD needs to be implemented in libgpg-error, though.
* tests: Install links for tpm2daemonWerner Koch2022-08-012-1/+3
| | | | | | | * Makefile.am (all-local): Install missing symlinks. -- GnuPG-bug-id: 6052
* common: Add a default OpenPGP ECC mapping.Werner Koch2022-08-011-0/+1
| | | | | | | | * common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map ECC to ECDSA which is similar to what we do at opther places in gpg. -- GnuPG-bug-id: 5555
* scd:opengpg: Minor vendor name fixWerner Koch2022-07-281-1/+1
| | | | --
* gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.Werner Koch2022-07-281-2/+10
| | | | | | | | * g10/pkclist.c (select_algo_from_prefs): Change implicit hash algorithm. -- GnuPG-bug-id: 6043
* scd:openpgp: New vendorWerner Koch2022-07-281-0/+1
| | | | --
* wkd: Bind the address to the nonce.Werner Koch2022-07-271-6/+67
| | | | | | | | | | | | * tools/gpg-wks-server.c (make_pending_fname): New. (store_key_as_pending, check_and_publish): Use here. (process_new_key): Pass addrspec to store_key_as_pending. (expire_one_domain): Expire also the new files. -- Along with the pass traversal bug this enhancement was Suggested-by: Philipp Breuch <[email protected]> GnuPG-bug-id: 6098
* tests: Add missing file for tpm2d tests to the tarball.Werner Koch2022-07-271-1/+1
| | | | | -- GnuPG-bug-id: 6052
* doc: Minor typo fixWerner Koch2022-07-261-1/+1
| | | | | | -- GnuPG-bug-id: 6092
* wkd: Fix path traversal attack on gpg-wks-server.Werner Koch2022-07-252-0/+25
| | | | | | | | * tools/gpg-wks-server.c (check_and_publish): Check for invalid characters in sender controlled data. * tools/wks-util.c (wks_fname_from_userid): Ditto. (wks_compute_hu_fname): Ditto. (ensure_policy_file): Ditto.
* build: Update gpg-error.m4.NIIBE Yutaka2022-07-221-1/+2
| | | | | | | | * gpg-error.m4: Update from libgpg-error. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update config.guess, config.sub, and config.rpath.NIIBE Yutaka2022-07-183-1965/+2324
| | | | | | | | | | | * build-aux/config.guess: Update from upstream. * build-aux/config.sub: Ditto. * build-aux/config.rpath: Update from gettext 0.21. -- GnuPG-bug-id: 6078 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix workaround for Yubikey heuristics.NIIBE Yutaka2022-07-131-8/+21
| | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2022-07-1128-200/+369
| | | | --
* Release 2.3.7gnupg-2.3.7Werner Koch2022-07-111-1/+75
|
* gpg-connect-agent: No help string for --unbufferedWerner Koch2022-07-101-1/+1
| | | | --
* gpg,build: Fix message for newer gettext.NIIBE Yutaka2022-07-051-1/+3
| | | | | | | | * g10/keyserver.c (keyserver_refresh): Use ngettext. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: New short options -V and -XWerner Koch2022-06-291-4/+39
| | | | | | | | * tools/gpgconf.c: Assign short options -X and -V (show_version_gnupg): Print the vsd version if available. -- These changes are helpful for phone support.
* agent: Add description for "Prompt" field.NIIBE Yutaka2022-06-281-0/+6
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:".NIIBE Yutaka2022-06-282-17/+3
| | | | | | | | | | * agent/command-ssh.c: Fix comments. * agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check. -- GnuPG-bug-id: 5996 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Do not consider --min-passphrase-len for the magic wand.Werner Koch2022-06-273-14/+38
| | | | | * agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets. * g10/gpg.c (main) <aGenRandom>: Add Level 30.
* agent: Flush before calling ftruncate.NIIBE Yutaka2022-06-231-0/+2
| | | | | | | | | | * agent/findkey.c (write_extended_private_key): Make sure it is flushed out. -- GnuPG-bug-id: 6035 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: KEYATTR only allows access to attribute.NIIBE Yutaka2022-06-231-0/+8
| | | | | | | | | * agent/command.c (cmd_keyattr): Check the ATTRNAME. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 16:10:23 +0000