| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpg-wks.h (uidinfo_list_s): Add field 'created'.
* tools/wks-util.c (append_to_uidinfo_list): Add arf 'created'.
(wks_list_key): Pass timestamp to append_to_uidinfo_list.
* tools/gpg-wks-client.c (command_check): Print UID creation time.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpg-wks.h (uidinfo_list_s, uidinfo_list_t): New.
* tools/wks-util.c (append_to_uidinfo_list): New.
(free_uidinfo_list): New.
(wks_list_key): Change arg r_mboxes to uidinfo_list_t. Use
append_to_uidinfo_list.
* tools/gpg-wks-server.c (sserver_ctx_s): Replace strlist_t by
uidinfo_list_t.
(process_new_key): Ditto.
(check_and_publish): Ditto.
(command_receive_cb): Replace free_strlist by free_uidinfo_list.
* tools/gpg-wks-client.c (command_check): Replace strlist_t by
uidinfo_list_t. Also print user id in verbose mode.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/gpgv.c (main): Call gnupg_initialize_compliance.
--
The compliance checker needs to be initialize so that it won't let
spit out a "not suitable" message. We use the module name of gpg.
Because there is no option to change the compliance mode in gpgv we
will always be in the default (CO_GNUPG) mode. It also does not make
much sense to have it here because gpgv expects a "curated" keyring.
GnuPG-bug-id: 3404
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| | |
* tools/gpg-wks-client.c (command_send): Additional hack for posteo.
Check the protocol-version flag.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| | |
* tools/gpg-wks.h (policy_flags_s): Add field protocol_version.
* tools/wks-util.c (wks_parse_policy): Add new policy flag.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keygen.c (proc_parameter_file): Don't check the result of
stpcpy.
--
Fixes-commit: 7089dcc54099a4909ce7d386c07ab87e1398e2eb
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpg-wks-client.c (command_send): Allow sending in draft-1
mode.
--
Obviously Posteo did not implement the current draft and thus it was
not possible to send a request to them. This hack uses the old method
for posteo.de. Not sending it encrypted is okay here because they use
authenticated sending anyway.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| | |
* tools/mime-maker.c (mime_maker_add_body_data): New.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
comparison.
--
This is a bug fix for Amelia Earhart who is probably in UTC-12.
When expiration date is specified, GnuPG interprets it as noon of the
date in local time.
Before this fix, the test compared the value by 2145916800 which is
2038-01-01 00:00:00 in UTC with allowance of 1 day. When the test
was ran in UTC-12 timezone, it failed because of noon in the timezone
is midnight of the next day in UTC.
GnuPG-bug-id: 3393
Reported-by: Daniel Kahn Gillmor
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (do_decipher): Support larger length.
--
Reported-by: Achim Pietig <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keygen.c (proc_parameter_file): Special case the email only
case.
--
Using a parameter file like
%ask-passphrase
key-type: RSA
key-length: 2048
key-usage: sign
subkey-type: RSA
subkey-length: 2048
subkey-usage: encrypt
name-email: [email protected]
with "gpg --gen-key --patch" the result was this key
pub rsa2048 2017-09-11 [SC]
63A8C1BA12CC289A0E8072C971C7F8D4A18CE0BE
uid [ultimate] <[email protected]>
sub rsa2048 2017-09-11 [E]
At least the the extra leading space the left angle bracket is wrong.
Further some mail providers reject keys which consist of more than
just a plain mail address. Using just a mail address is anyway the
new new suggested content for a user id. With this patch the key
will be
pub rsa2048 2017-09-11 [SC]
B302343C20EA6DECDB6A155135352F2520397080
uid [ultimate] [email protected]
sub rsa2048 2017-09-11 [E]
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
by agent_probe_secret_key.
(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.
--
GnuPG-bug-id: 1967
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* agent/call-scd.c (cancel_inquire): Remove.
(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
(agent_card_scd): Don't call cancel_inquire.
--
Since libassuan 2.1.0, cancellation command "CAN" is handled within
the library, by assuan_transact. So, cancel_inquire just caused
spurious "CAN" command to scdaemon which resulted an error.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/apdu.h (SW_HOST_CANCELLED): New.
* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/gettime.c (isotime_p): Accept the Z suffix.
--
The intention is use for human interface.
GnuPG-bug-id: 3278
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
even if we already see an error.
--
The value stored by waitpid for exit code is encoded; It requires
decoded by WEXITSTATUS macro, regardless of an error.
For example, when one of processes is already exited and another is
still running, it resulted wrong value of in r_exitcodes[n].
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* doc/Makefile.am: Move qualified.txt into examples.
* doc/qualified.txt: Move into examples, remove trailing spaces.
* doc/examples/README: Document qualified.txt.
* doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
* sm/qualified.c (read_list): Move qualified.txt from datadir into
sysconfdir.
--
The qualified.txt is maintained by Administrator it is a configuration
file. In the past it was a hybrid, provided by package and controlled
by the Administrator, however, it is no longer maintained by package.
Signed-off-by: Alon Bar-Lev <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
AGENT_S2K_CALIBRATION (measured in milliseconds)
* agent/protect.c (calibrate_s2k_count): Calibrate based on
AGENT_S2K_CALIBRATION.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
GnuPG-bug-id: 3399
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.
--
It's 2017, and pretty much everyone has AES-256 available. Symmetric
crypto is also rarely the bottleneck (asymmetric crypto is much more
expensive). AES-256 provides some level of protection against
large-scale decryption efforts, and longer key lengths provide a hedge
against unforseen cryptanalysis.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.
--
3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0015-gpg-default-to-3072-bit-RSA-keys.patch
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.
--
3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
comparison.
--
This is a bug fix for Amelia Earhart who is probably in UTC-12.
When expiration date is specified, GnuPG interprets it as noon of the
date in local time.
Before this fix, the test compared the value by 2145916800 which is
2038-01-01 00:00:00 in UTC with allowance of 1 day. When the test
was ran in UTC-12 timezone, it failed because of noon in the timezone
is midnight of the next day in UTC.
GnuPG-bug-id: 3393
Reported-by: Daniel Kahn Gillmor
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (do_decipher): Support larger length.
--
Reported-by: Achim Pietig <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |/
|
|
| |
--
|
| | |
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (determine_rsa_response): Round bits up.
--
Co-authored-by: Arnaud Fontaine <[email protected]>
Arnaud wrote:
Actually, when the incorrect expected response length (i.e. Le
field) is transmitted to the card, the card's answer is missing a
byte (i.e. ... 6101) so an additional command has to be sent to the
card to retrieve the last byte. Using the correct length avoids to
send the additional command to retrieve the missing byte, when the
computed length is wrong.
Note that an value of 65537 for E is pretty standard and thus we can
avoid the 6101 return code inmost cases.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/trustdb.c (update_min_ownertrust): Free PK.
--
This bug was revealed by the new trust-pgp-2.scm test.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
condition. Actually free when SIGNER was allocated by us.
--
SIGNER_ALLOCATED never received a value of -1 but that was tested.
IF SIGNER_ALLOCATED was 2 the memory was never freed:
if (signer_allocated == 1)
if (signer_allocated == 2)
free()
Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
This function needs to be audited more thoroughly.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--
This is to make those function better readable.
if (foo)
/* Comment */
{
}
is bad style because it requires extra time to notice the begin of the
block and vice versa when noticing the block it is not clear whether
this is an conditioned or unconditioned block.
Having asterisks on the left is better for view impaired people and
for b/w printouts.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* autogen.rc: Remove --enable-gpg2-is-gpg.
--
This option is now the default.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve".
(main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE.
* tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible. Make
"auto-key-retrieve" an expert option.
--
This basically reverts 9bb13a0e819334681caca38c9074bd7bfc04e45e
because --no-auto-key-retrieve is again the default. Note that we
allow both options for the sake of profiles.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/openpgp/Makefile.am (XTESTS): Remove test.
(EXTRA_DIST): Add test file.
--
There are two problems with this test: First a syntax error in the
file name so that the test was not used at all. Second the test
currently returns FAIL.
Fixes-commit: c23a69970ba38edae9d3b2603825d18fbb732423
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* configure.ac (GNUPG_SWDB_TAG): New ac_define. Set it to "gnupg22".
* tools/gpgconf.c (query_swdb): Use it.
* build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
* Makefile.am (distcheck-hook): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (L_): Define agent_Lunderscore when simple
gettext is used.
--
This fixes a regression introduced by b3286af3 ENABLE_NLS
is not defined if we use simple gettext and not gettext.
GnuPG-Bug-Id: T3364
Signed-off-by: Andre Heinecke <[email protected]>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/openpgp/trust-pgp-1.scm: New file.
* tests/openpgp/trust-pgp-2.scm: New file.
* tests/openpgp/trust-pgp-3.scm: New file.
* tests/openpgp/trust-pgp-4.scm: New file.
* tests/openpgp/trust-pgp/common.scm: New file.
* tests/openpgp/trust-pgp/scenario1.asc: New file.
* tests/openpgp/trust-pgp/scenario2.asc: New file.
* tests/openpgp/trust-pgp/scenario3.asc: New file.
* tests/openpgp/trust-pgp/scenario4.asc: New file.
* tests/openpgp/trust-pgp/alice.sec.asc: New file.
* tests/openpgp/trust-pgp/bobby.sec.asc: New file.
* tests/openpgp/trust-pgp/carol.sec.asc: New file.
* tests/openpgp/trust-pgp/david.sec.asc: New file.
* tests/openpgp/trust-pgp/frank.sec.asc: New file.
* tests/openpgp/trust-pgp/grace.sec.asc: New file.
* tests/openpgp/trust-pgp/heidi.sec.asc: New file.
* tests/openpgp/Makefile.am (XTESTS): Add new tests.
(TEST_FILES): Add new files.
(EXTRA_DIST): Add new common file.
Signed-off-by: Damien Goutte-Gattat <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
module.
(checktrust): Likewise.
* tests/openpgp/defs.scm (gettrust): New function.
(checktrust): Likewise.
--
These functions will be re-used by the tests for the PGP trust
model.
Signed-off-by: Damien Goutte-Gattat <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
completes-needed, and marginals-needed options.
* g10/gpg.c (gpgconf_list): Likewise.
--
Some tests to come for the PGP trust model will need to manipulate
these parameters.
Signed-off-by: Damien Goutte-Gattat <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement
is at the front.
(Eval_Cycle): Improve fallthrough annotations.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--
This is a partial reversion of
7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it
earlier today, and came to the conclusion that:
* the risk of metadata leakage represented by a default
--auto-key-retrieve, both in e-mail (as a "web bug") and in other
contexts where GnuPG is used to verified signatures, is quite high.
* the advantages of --auto-key-retrieve (in terms of signature
verification) can sometimes be achieved in other ways, such as when
a signed message includes a copy of its own key.
* when those other ways are not useful, a graphical, user-facing
application can still offer the user the opportunity to choose to
fetch the key; or it can apply its own policy about when to set
--auto-key-retrieve, without needing to affect the defaults.
Note that --auto-key-retrieve is specifically about signature
verification. Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate. This change
does not touch the --auto-key-locate default of "local,wkd". The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
| |
--
There was a small merge conflict. I hope I did not mess it up. -wk
|
| |
|
|
|
|
|
| |
* tests/openpgp/README: Add quickstart instructions, how to use
shell.scm, remove no longer used MKDATA.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_quick_revuid): Write status error on error.
Signed-off-by: Marcus Brinkmann <[email protected]>
GnuPG-bug-id: 2963
|
| |
|
|
| |
--
|
| |
|
|
| |
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
