| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
the second field which shows the location of the key.
|
| |
|
|
|
|
|
|
|
|
|
| |
To better cope with round robin pooled A records like keys.gnupg.net
we need to keep some information on unresponsive hosts etc. What we
do now is to resolve the hostnames, remember them and select a random
one. If a host is dead it will be marked and a different one
selected. This is intended to solve the problem of long timeouts due
to unresponsive hosts.
The code is not yet finished but selection works.
|
| |
|
|
|
|
|
|
|
|
|
| |
This helps in the case of an unknown key algorithm with a corrupted
packet which claims a longer packet length. This used to allocate the
announced packet length and then tried to fill it up without detecting
an EOF, thus taking quite some time. IT is easy to fix, thus we do
it. However, there are many other ways to force gpg to use large
amount of resources; thus as before it is strongly suggested that the
sysadm uses ulimit do assign suitable resource limits to the gpg
process. Suggested by Timo Schulz.
|
| |
|
|
|
|
| |
Factoring common code out is always a Good Thing. Also added a
configure test to print an error if gcry_kdf_derive is missing in
Libgcrypt.
|
| |
|
|
|
|
|
| |
This is so that we read compatible with gnutls's certtool. Only
AES-128 is supported. The latest Libgcrypt from git is required.
Fixes bug#1321.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Without Libgcrypt 1.5 is was not possible to use ECC keys. ECC is
major new feature and thus it does not make sense to allow building
with an older Libgcrypt without supporting ECC.
Also fixed a few missing prototypes.
|
| |
|
|
| |
passphrase will be truncated to the first encountered null byte.
|
| |
|
|
|
| |
This provides the framework and implements the ask, cancel and error.
loopback will be implemented later.
|
| | |
|
| |
|
|
|
|
|
| |
* keyid.c (hash_public_key): Remove shadowing NBITS.
* misc.c (pubkey_nbits): Replace GCRY_PK_ by PUBKEY_ALGO_.
(get_signature_count): Remove warning.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is not a part of pin pad support series of mine.
As I found the bug while I am preparing the patches, I report this.
As CCID protocol is little endian, wLangId of US English = 0x0409
is represented as two bytes of 0x09 then 0x04.
It is really confusing that the code like following is floating
around:
pin_verify -> wLangId = HOST_TO_CCID_16(0x0904);
But, it is 0x0409 (not 0x0904). It is defined in the documentation:
http://www.usb.org/developers/docs/USB_LANGIDs.pdf
and origin of this table is Microsoft. We can see it at:
http://msdn.microsoft.com/en-us/library/bb165625%28VS.80%29.aspx
Yes, it would be better not to hard-code 0x0409. It would be better
to try current locale of the user, or to use the first entry of string
descriptor. I don't have time to implement such a thing...
|
| |
|
|
|
|
|
| |
This was a regression in 2.1 introduced due to having the agent do the
signing in contrast to the old "SCD PKSIGN" command which accesses the
scdaemon directly and passed the hash algorithm. The hash algorithm
is used by app-openpgp.c only for a sanity check.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
a mode of CACHE_MODE_NORMAL. These cache modes are created with PKDECRYPT.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.
Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file. An example parameter file
is
Key-Type: RSA
Key-Length: 1024
Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
Key-Usage: sign, encrypt
Serial: random
Name-DN: CN=some test key
Name-Email: [email protected]
Name-Email: [email protected]
Hash-Algo: SHA384
not-after: 2038-01-16 12:44
This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm. The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This solves a problem where ccid was used, the card unplugged and then
scdaemon tries to find a new (plugged in) reader and thus will
eventually try PC/SC over and over again.
Also added an explicit --kill command to gpgconf.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also updated de.po
|
| |
|
|
|
|
| |
The import test imports the keys as needed and because they are
passphrase protected we now need a pinentry script to convey the
passphrase to gpg-agent.
|
| |
|
|
| |
This is similar to the change in keylist.c and elsewhere.
|
| | |
|
| |
|
|
|
|
| |
A simple test case is:
gpg2 --fetch-key http://werner.eifelkommune.de/mykey.asc
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The basic network code from http.c is used for finger. This keeps the
network related code at one place and we are able to use the somewhat
matured code form http.c. Unfortunately I had to enhance the http
code for more robustness and probably introduced new bugs.
Test this code using
gpg --fetch-key finger:[email protected]
(I might be the last user of finger ;-)
|
| |
|
|
|
| |
This fix also allows the creation and use of an 521 bit ECDH key which
used to fail while creating the binding signature.
|
| |
|
|
|
|
|
|
| |
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
|
| |
|
|
|
|
|
|
| |
To avoid checking in trailing scripts the autogen.sh script now
enables the standard pre-commit hook, which check for this.
Add a cleanpo filter if not yet set. This works with together with
po/.gitattributes.
|
| | |
|
| |
|
|
|
| |
Add a compatibility fixes for the non-curve case.
Remove -lber from the dirmngr link line.
|
| |
|
|
|
|
|
| |
DECRYPTION_INFO <mdc_method> <sym_algo>
Print information about the symmetric encryption algorithm and
the MDC method. This will be emitted even if the decryption
fails.
|
| | |
|
| |
|
|
|
|
|
| |
This allows to add an ECC key and to set the capabilities of an ECDSA
key.
Fix printing of the ECC algorithm when creating a signature.
|
| |
|
|
| |
Nuked some trailing spaces.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week. Adjusted my own ChangeLog
entries to be consistent with that entry.
Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future. "git diff -b" is useful
to read the actual changes ;-).
The ECC-INTEGRATION-2-1 branch can be closed now.
|
| | |
| |
| |
| |
| | |
This also fixes a failed assertion when using a v3 key where the
fingerprint size is not 20.
|
