| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
* m4/gpg-error.m4: Update from Libgpg-error git master.
* m4/libgcrypt.m4: Update from Libgcrypt git master.
* configure.ac: Declare SYSROOT a precious variable. Add extra error
message for library configuration mismatches.
|
| |
|
|
|
| |
* doc/Makefile.am (YAT2M_OPTIONS): Add 2.1 to the source info.
* doc/gpg.texi: Remove gpg1 related texts.
|
| |
|
|
|
|
|
|
| |
* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
strict RFC or PGP modes.
* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
RSA key signatures.
* configure.ac: Do not allow to disable sha256.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (aFullKeygen): New.
(opts): Add command --full-key-gen.
(main): Implement it.
* g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although
the value is identical.
(DEFAULT_STD_CURVE): New.
(DEFAULT_STD_SUBALGO): New.
(DEFAULT_STD_SUBKEYSIZE): New.
(DEFAULT_STD_SUBCURVE): New.
(quick_generate_keypair): Use new macros here.
(generate_keypair): Add arg "full" and fix call callers. Do not ask
for keysize in non-full node.
(ask_user_id): Add arg "full" and simplify for non-full mode.
|
| |
|
|
|
|
|
| |
--
It should actually be completey reworked but for now I added just a
few notes.
|
| |
|
|
|
| |
* g10/keygen.c (ask_key_flags): Add shortcut '='.
* doc/help.txt (gpg.keygen.flags): New.
|
| |
|
|
|
|
|
| |
* g10/gpg.c (main): Pass option names to obsolete_option without
double dash.
* g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double
dash only for command line options.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c: Add config options that should belong in scdaemon.conf
* g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.
--
In gpg2, the following options are only relevant for scdaemon:
reader-port
ctapi-driver
pcsc-driver
disable-ccid
but in gpg1, they are options for gpg itself.
Some users of gpg1 might have these options in their
~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that
config file.
gpg2 should not fail hard, though giving a warning (and suggesting a
move to scdaemon.conf) seems OK.
This patch does *not* reintroduce any documentation for these options
in gpg.texi, even to indicate that they are "dummy" options, since
scdaemon.texi contains the appropriate documentation.
Debian-bug-id: 762844
- Program names factored out from obsolete_scdaemon_option to make
reuse without new translations easier. -wk
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
--
The second thing is to explain the file names below under
~/.gnupg/openpgp-revocs.d/.
|
| |
|
|
| |
--
|
| |
|
|
| |
* build-aux/getswdb.sh: Check for required tools.
|
| |
|
|
|
|
| |
* build-aux/getswdb.sh: Add option --find-sha1sum.
* build-aux/speedo.mk (check-tools): New phony target. Not yet used.
(SHA1SUM): New var. Use it instead of sha1sum.
|
| |
|
|
|
|
| |
* g10/keydb.c (maybe_create_keyring_or_box): Rename arg for clarity.
(keydb_add_resource): Fix order of args to maybe_create_keyring_or_box
and check and create .kbx.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* g10/delkey.c (do_delete_key): Check availibility of a secret key.
--
Actually we check that at least one secret subkey exists.
|
| |
|
|
| |
* g10/keygen.c (ask_algo): Change 9 to "ECC and ECC".
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
* Makefile.am (EXTRA_DIST): Add speedo stuff.
|
| | |
|
| |
|
|
|
|
| |
* common/Makefile.am (module_maint_tests): Use only in maintainer
mode.
(t_common_cflags): New.
|
| |
|
|
|
|
|
|
|
|
| |
* common/exechelp-posix.c: Remove weak pragmas.
* common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double
const.
--
We do not use Pth anymore and thus there is no more need for the weak
pragmas.
|
| |
|
|
|
|
| |
* g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an
early error.
(gpg_decrypt_blob): Ditto.
|
| |
|
|
|
|
|
| |
* scd/app-p15.c (parse_certid): Use snprintf and cast value.
(send_certinfo): Ditto.
(send_keypairinfo): Ditto.
(do_getattr): Ditto.
|
| |
|
|
| |
* agent/pksign.c (do_encode_md): Init HASH on error.
|
| |
|
|
|
| |
* agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug
output.
|
| |
|
|
|
| |
* agent/call-pinentry.c (agent_query_dump_state): Use %p for
POPUP_TID.
|
| |
|
|
|
|
| |
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I.
* sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler
warning.
|
| |
|
|
| |
* g10/parse-packet.c (enum_sig_subpkt): Replace hack.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (print_mds): Replace openpgp_md_test_algo.
--
This is actually not required because as of now the used OpenPGP and
Gcrypt hash algorithm numbers are identical. But that might change in
the future.
This changes the behavior of GnuPG in case it has been build with
some algorithms disabled: If those algorithms are available in
Libgcrypt, their results will be used printed anyway.
|
| |
|
|
| |
--
|
| |
|
|
|
| |
* build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org. Minor
other fixes.
|
| |
|
|
|
|
|
|
|
|
| |
--
Building for the native platform is now a mere
make -f build-aux/speedo.mk native
You may also use "help" as target.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (subkey_expire_warning): New.
(keyedit_menu): Call it when needed.
--
GnuPG-bug-id: 1715
The heuristic to detect a problem is not very advanced but it should
catch the most common cases.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/cache.c (last_stored_cache_key): New.
(agent_get_cache): Allow NULL for KEY.
(agent_store_cache_hit): New.
* agent/findkey.c (unprotect): Call new function and try to use the
last stored key.
* g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
make_keysig_packet.
(gen_standard_revoke): Add arg CACHE_NONCE and pass to
create_revocation.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
cache nonce.
--
This patch adds two features:
1. The key for the last passphrase successfully used for unprotecting
a key is stored away. On a cache miss the stored away passphrase is
tried as well. This helps for the common GPG use case of having a
signing and encryption (sub)key with the same passphrase. See the
code for more comments.
2. The now auto-generated revocation certificate does not anymore
popup a passphrase prompt. Thus for standard key generation the
passphrase needs to be given only once (well, two with the
confirmation).
|
| |
|
|
|
|
|
|
|
| |
* common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
* g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
--
In the hope that the IETF will eventually assign 22 for EdDSA using
the draft-koch-eddsa-for-openpgp-01 specs we start using this number.
|
| |
|
|
|
|
|
| |
--
1.14 had a problem in its ABI and was thus remove from the FTP Server
after 3 days. 1.15 fixes this.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* g10/parse-packet.c (parse_key): Take care of too short packets for
old style commet packets.
--
GnuPG-bug-id: 1714
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
* dirmngr/misc.c (cert_log_cb): here.
* dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
and https.
--
Note that this requires that the root certificates are registered using
the --hkp-cacert option. Eventually we may introduce a separate
option to allow using different CAs for KS_FETCH and keyserver based
requests.
|
| |
|
|
|
|
|
|
|
|
| |
* common/http.c (http_session_ref): Allow for NULL arg.
--
We always test for a an existing session and thus passing NULL as
session object should be allowed.
Reported-by: Jens Lechtenboerger
|
| |\ |
|
| | |
| |
| |
| |
| | |
* g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error
handling.
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| | |
--
Debian-bug-id: 760273
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/openpgp-oid.c (struct oidtable): New.
(openpgp_curve_to_oid): Rewrite and allow OID as input.
(openpgp_oid_to_curve): Make use of the new table.
--
Due to the previous change we now usually store the OID with the
private key and not the name. Thus during import we do not anymore
need to map the name to an oid but can use the oid directly. We fix
that by extending openpgp_curve_to_oid to allow an oidstr as input.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* agent/cvt-openpgp.c (get_keygrip): Special case EdDSA.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(apply_protection): Handle opaque MPIs.
(do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before
unpacking an opaque mpi.
--
The key transfer protocol between gpg and gpg-agent uses gcrypt
algorithm numbers which merge all ECC algorithms into one. Thus it is
not possible to use the algorithm number to determine the EdDSA
algorithm. We need to known that because Libgcrypt requires the
"eddsa" flag with the curve "Ed25519" to actually use the Ed25519
signature specification.
The last fix is for correctness; the first case won't be used anyway.
|
