aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Allow decryption using non-OpenPGP cards.Werner Koch2019-08-215-174/+400
| | | | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (struct getattr_one_parm_s): New. (getattr_one_status_cb): New. (agent_scd_getattr_one): New. * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from pkcs#1. * g10/getkey.c (enum_secret_keys): Move to... * g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4) This commit also incorporates "g10: Move enum_secret_keys to skclist.c." Which was started with commit 03a8de7def4195b9accde47c1dcb84279361936d on master about a year ago. Signed-off-by: Werner Koch <[email protected]> GnuPG-bug-id: 4681
* scd: New standard attributes $ENCRKEYID and $SIGNKEYID.Werner Koch2019-08-214-6/+36
| | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo. * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto. * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and "$SIGNKEYID". * scd/app-nks.c (do_getattr): Add attributes too. -- We already have $AUTHKEYID to locate the keyref of the key to be used with ssh. It will also be useful to have default keyref for encryption and signing. For example, this will allow us to replace the use of "OPENPGP.2" by a app type specific keyref. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 2b1135cf920cf3d863813d60f032d476dcccfb58) Removed changes for the non-existing app-piv.c. Added support for NKS.
* gpg: Allow direct key generation from card with --full-gen-key.Werner Koch2019-08-214-20/+205
| | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_readkey): New. * g10/keygen.c (ask_key_flags): Factor code out to .. (ask_key_flags_with_mask): new. (ask_algo): New mode 14. -- Note that this new menu 14 is always displayed. The usage flags can be changed only in --expert mode, though. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit a480182f9d7ec316648cb64248f7a0cc8f681bc3) Removed stuff from gpg-card which does not exists in 2.2. No tests yet done for this backport.
* common: Extend function pubkey_algo_string.Werner Koch2019-08-213-4/+9
| | | | | | | | | | | | * common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f952226043824cbbeb8517126b5266926121c4e8) Removed the changes in gpg-card which is not part of 2.2 Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --use-only-openpgp-cardWerner Koch2019-08-213-1/+15
| | | | | | | | | | | | | | * g10/gpg.c (opts): Add option. (main): Set flag. * g10/options.h: Add flags.use_only_openpgp_card. * g10/call-agent.c (start_agent): Implement option. -- With the previous patch we switch to autoselect an application instead of requesting an openpgp card. This option allows to revert this in case of use use cases which expected the former behaviour. Signed-off-by: Werner Koch <[email protected]>
* gpg: Prepare card code to allow other than OpenPGP cards.Werner Koch2019-08-212-16/+30
| | | | | | | | | * g10/call-agent.c (start_agent): Use card app auto selection. * g10/card-util.c (current_card_status): Print the Application type. (card_status): Put empty line between card listings. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e47524c34a2a9f53c2507f67a0b41b460cee78b7)
* gpg: New card function agent_scd_keypairinfo.Werner Koch2019-08-212-3/+82
| | | | | | | | * g10/call-agent.c (scd_keypairinfo_status_cb) (agent_scd_keypairinfo): New. Taken from gpgsm. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6)
* gpg: Remove two unused card related functions.Werner Koch2019-08-213-98/+76
| | | | | | | | * g10/call-agent.c (inq_writekey_parms): Remove. (agent_scd_writekey): Remove. (agent_clear_pin_cache): Remove this stub. (cherry picked from commit 334b16b868e771b983263ed20c200869e7e51198)
* gpg: Repurpose the ISO defined DO "sex" to "salutation".Werner Koch2019-08-212-7/+8
| | | | | | | | | | | | | * g10/card-util.c (current_card_status): String changes. (change_sex): Description change. (cmds): Add "salutation"; keep "sex" as an alias. -- Note that we can't change the used values or tags but at least the UI should show reflect the real purpose of the field. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 166f3f9ec40888e10cb0c51017944bfc57503fc1)
* gpg: Remove unused arg in a card related function.Werner Koch2019-08-214-33/+34
| | | | | | | * g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e)
* common: Fix line break handling, finding a space.NIIBE Yutaka2019-08-121-3/+3
| | | | | | | | | | | * common/name-value.c (assert_raw_value): Correctly find a space. -- Cherry-pick master commit of: f588dd8d1766de48c90a5501cf2d537f256d003e Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Support AES-256 key.NIIBE Yutaka2019-08-121-3/+3
| | | | | | | | | | | * sm/decrypt.c (prepare_decryption): Handle a case for AES-256. -- Cherry-pick master commit of: ef2424144a070c9199e40424ec8d9b5a9919aa72 Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Fix error checking of decryption result.NIIBE Yutaka2019-08-121-7/+8
| | | | | | | | | | | * sm/call-agent.c (gpgsm_agent_pkdecrypt): Fix condition. -- Cherry-pick master commit of: 15fe78184cc66ce6e657a6e949a522d7821f8a1c Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,gpgsm: Handle pkdecrypt responses with/without NUL terminators.Daniel Kahn Gillmor2019-08-122-8/+17
| | | | | | | | | | | | | | | * g10/call-agent.c (agent_pkdecrypt): accept but do not require NUL-terminated data from the agent. * sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require NUL-terminated data from the agent. -- Cherry-pick master commit of: 3ba091ab8c93c87741a451f579d63dd500d7621d GnuPG-bug-id: 4652 Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* scd: Handle CCID bwi of time extension.NIIBE Yutaka2019-08-121-1/+6
| | | | | | | | | | | | | | | | * scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier value as defined section 6.2.6 in CCID specification. -- Backport master commit of: 996c497a864d820af06333014b2c5f74d1054866 For TPDU level transfer, it was handled. This is fix for APDU level transfer. GnuPG-bug-id: 4646 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix bBWI value.NIIBE Yutaka2019-08-121-2/+2
| | | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU level transfer. (ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU level transfer. -- Backported master commit of: 858dc9564326e65e6d8771af160d4513aea1e4eb GnuPG-bug-id: 4654 Signed-off-by: NIIBE Yutaka <[email protected]>
* card: Fix showing KDF object attribute.NIIBE Yutaka2019-08-123-5/+30
| | | | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse the KDF DO. * g10/card-util.c (current_card_status): Show it correctly. -- Backport master commit of: 98f4eff7ffde106ae4f60739d1104282430ac14f Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: The option --passphrase= can be empty.NIIBE Yutaka2019-07-221-2/+2
| | | | | | | | | | | | | | * g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow empty string. -- Cherri-picked from master commit of: fcd766719a6e8f18f4be4c0f91e12aa157ca5506 GnuPG-bug-id: 4633 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Don't add system CAs for SKS HKPS pool.NIIBE Yutaka2019-07-161-0/+2
| | | | | | | | | | | | | * dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear add_system_cas. -- Cherry-picking the master commit of: 75e0ec65170b7053743406e3f3b605febcf7312a GnuPG-bug-id: 4594 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Improve import slowness.NIIBE Yutaka2019-07-151-5/+13
| | | | | | | | | | | | * g10/import.c (read_block): Avoid O(N^2) append. (sec_to_pub_keyblock): Likewise. -- Cherry-picking the master commit of: 33c17a8008c3ba3bb740069f9f97c7467f156b54 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix keyring retrieval.NIIBE Yutaka2019-07-151-3/+6
| | | | | | | | | | | | * g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append. -- Cherry-picking the master commit of: a7a043e82555a9da984c6fb01bfec4990d904690 GnuPG-bug-id: 4592 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: fix spellingDaniel Kahn Gillmor2019-07-121-3/+3
| | | | | | * doc/tools.texi: fix a handful of minor spelling errors. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Post release updatesWerner Koch2019-07-092-1/+5
| | | | --
* Release 2.2.17gnupg-2.2.17Werner Koch2019-07-091-1/+2
|
* po: Auto updateWerner Koch2019-07-0925-6/+188
| | | | --
* po: Update Russian translation.Ineiev2019-07-091-11/+9
|
* po: Update Czech translationPetr Pisar2019-07-091-13/+11
| | | | --
* po: Update Polish translationWerner Koch2019-07-091-50/+10
| | | | --
* po: Update German translationWerner Koch2019-07-091-1/+8
| | | | --
* gpg: Do not try the import fallback if the options are already used.Werner Koch2019-07-091-1/+3
| | | | | | * g10/import.c (import_one): Check options. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix regression in option "self-sigs-only".Werner Koch2019-07-091-1/+11
| | | | | | | | | | * g10/import.c (read_block): Make sure KEYID is availabale also on a pending packet. -- Reported-by: Phil Pennock Fixes-commit: adb120e663fc5e78f714976c6e42ae233c1990b0 Signed-off-by: Werner Koch <[email protected]>
* Prepare NEWS for the next releaseWerner Koch2019-07-051-0/+11
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* gpg: With --auto-key-retrieve prefer WKD over keyservers.Werner Koch2019-07-053-55/+84
| | | | | | | | | | | | | | | * g10/mainproc.c (check_sig_and_print): Print a hint on how to make use of the preferred keyserver. Remove keyserver lookup just by the keyid. Try a WKD lookup before a keyserver lookup. -- The use of the the keyid for lookups does not make much sense anymore since for quite some time we do have the fingerprint as part of the signature. GnuPG-bug-id: 4595 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9)
* wkd: Change client/server limit back to 64 KiBWerner Koch2019-07-051-1/+1
| | | | | | | | | | * tools/wks-receive.c (decrypt_data): Change limit. -- The former limit ~1MiB of was used during development. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit b0e8724b102535c27a8c973ec038d340858a8eb8)
* dirmngr: fix handling of HTTPS redirections during HKPDaniel Kahn Gillmor2019-07-041-1/+3
| | | | | | | | | | | * dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when following a HTTP redirection. -- inspired by patch from Damien Goutte-Gattat <[email protected]> GnuPG-Bug_id: 4566 Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.Werner Koch2019-07-043-1/+26
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): Change default. -- Due to the DoS attack on the keyeservers we do not anymore default to import key signatures. That makes the keyserver unsuable for getting keys for the WoT but it still allows to retriev keys - even if that takes long to download the large keyblocks. To revert to the old behavior add keyserver-optiions no-self-sigs-only,no-import-clean to gpg.conf. GnuPG-bug-id: 4607 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 23c978640812d123eaffd4108744bdfcf48f7c93)
* gpg: Avoid printing false AKL error message.Werner Koch2019-07-041-4/+4
| | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_byname): Add special traeatment for default and skipped-local. -- This change avoids error message like gpg: error retrieving '[email protected]' via None: No public key A 'None' mechanism is something internal. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 91a6ba32347a21c9029728eec96b8ff80f944629)
* gpg: New command --locate-external-key.Werner Koch2019-07-047-32/+63
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d00c8024e58822e0623b3fad99248ce68a8b7725)
* gpg: Make the get_pubkey_byname interface easier to understand.Werner Koch2019-07-046-32/+57
| | | | | | | | | | | | * g10/keydb.h (enum get_pubkey_modes): New. * g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and change all callers. -- This change prepares the implementation of GET_PUBKEY_NO_LOCAL. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9980f81da765f88a65604ab083563bf15ccdb425)
* dirmngr: Avoid endless loop in case of HTTP error 503.Werner Koch2019-07-031-10/+33
| | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New. (handle_send_request_error): Use it for 503 and 504. (ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for extra_tries. -- This is a pretty stupid fix but one which works without much risk of regressions. We could have used the existing TRIES but in that case the fallback to other host would have been too limited. With the used value we can have several fallbacks to other hosts. Note that the TRIES is still cumulative and not per host. GnuPG-bug-id: 4600 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 8b113bb148f273524682252233b3c65954e1419e)
* dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.Werner Koch2019-07-031-0/+20
| | | | | | | | | | * dirmngr/http.c (same_host_p): Consider certain subdomains to be the same. -- GnuPG-bug-id: 4603 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 37f0c55c7be3fc4912237f2bc72466aef6f8aa36)
* Mention --sender in documentationPeter Lebbing2019-07-031-5/+5
|
* dirmngr: Fix previous commitWerner Koch2019-07-031-1/+1
| | | | | | | | -- Ooops, forgot to commit the actual backport part. GnuPG-bug-id: 4590 Fixes-commit: 458973f502b9a43ecf29e804a2c0c86e78f5927a
* dirmngr: Support the new WKD draft with the openpgpkey subdomain.Werner Koch2019-07-032-9/+60
| | | | | | | | | * dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain method. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 914fa3be22bf8848a97a7dd405a040d6ef31e2fd)
* gpg: Fallback to import with self-sigs-only on too large keyblocks.Werner Koch2019-07-021-22/+102
| | | | | | | | | | | | * g10/import.c (import_one): Rename to ... (import_one_real): this. Do not print and update stats on keyring write errors. (import_one): New. Add fallback code. -- GnuPG-bug-id: 4591 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3a403ab04eeb45f12b34f9d9c421dac93eaf2160)
* gpg: New import and keyserver option "self-sigs-only"Werner Koch2019-07-013-2/+47
| | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_SELF_SIGS_ONLY): New. * g10/import.c (parse_import_options): Add option "self-sigs-only". (read_block): Handle that option. -- This option is intended to help against importing keys with many bogus key-signatures. It has obvious drawbacks and is not a bullet-proof solution because a self-signature can also be faked and would be detected only later. GnuPG-bug-id: 4591 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0)
* gpg: Make read_block in import.c more flexible.Werner Koch2019-07-011-12/+11
| | | | | | | | | * g10/import.c: Change arg 'with_meta' to 'options'. Change callers. -- This chnage allows to pass more options to read_block. Signed-off-by: Werner Koch <[email protected]>
* tools: gpgconf: Killing order is children-first.NIIBE Yutaka2019-07-011-1/+1
| | | | | | | | | | | | | | | | | | | | * tools/gpgconf-comp.c (gc_component_kill): Reverse the order. -- Cherry-picked from master commit: 7c877f942a344e7778005840ed7f3e20ace12f4a The order matters in a corner case; On a busy machine, there was a race condition between gpg-agent's running KILLAGENT command and its accepting incoming request on the socket. If a request by gpg-connect-agent was accepted, it resulted an error by sudden shutdown. This change of the order can remove such a race. Here, we know backend=0 is none. GnuPG-bug-id: 4577 Signed-off-by: NIIBE Yutaka <[email protected]>
* spelling: Fix "synchronize"Daniel Kahn Gillmor2019-06-246-7/+7
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Return better error code for some getinfo IPC commands.Werner Koch2019-06-033-6/+6
| | | | | | | | | | | | | * agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False. * g13/server.c (cmd_getinfo): Ditto. * sm/server.c (cmd_getinfo): Ditto. -- GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require a later version for gnupg 2. Thus we can switch to this more descriptive code. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 20:58:39 +0000