aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* doc: Improve warning for --use-embedded-filename.Werner Koch2024-02-051-1/+15
| | | | | | -- GnuPG-bug-id: 6972
* gpgsm: Increase salt size in pkcs#12 parser.Werner Koch2024-02-051-1/+1
| | | | | | | * sm/minip12.c (parse_bag_encrypted_data): Need 32 bytes. -- GnuPG-bug-id: 6757
* gpgsm: cleanup on error pathsÁngel González2024-02-051-19/+22
| | | | | | | | | | * sm/minip12.c (p12_parse): set err on the different error paths -- GnuPG-bug-id: 6973 Fixes-commit: 101433dfb42b333e48427baf9dd58ac4787c9786 Signed-off-by: Ángel González <[email protected]>
* scd:openpgp: Allow PIN length of 6 also with a reset code.Werner Koch2024-01-301-2/+15
| | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b scd:openpgp: Allow PIN length of 6 also with a reset code. * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
* w32, msi: Fix directory of gpg-card, add keyboxdAndre Heinecke2024-01-301-1/+4
| | | | | * build-aux/speedo/w32/wixlib.wxs: Fix gpg-card directory id. Add keyboxd.
* po: update Polish translationJakub Bogusz2024-01-291-548/+91
|
* gpg: Minor code cleanup for fingerprint computation.Werner Koch2024-01-291-9/+5
| | | | * g10/keyid.c (do_hash_public_key): Simplify code for clarity.
* gpg: Hide --textmode from the help output.Werner Koch2024-01-291-1/+1
| | | | --
* doc: Mark --textmode as legacy option.Werner Koch2024-01-292-18/+21
| | | | --
* doc: Fix spelling errors found by lintian.Werner Koch2024-01-2920-36/+36
| | | | | | -- Reported-by: Andreas Metzler <[email protected]>
* speedo: Improve parsing of the ~./.gnupg-autogen.rcWerner Koch2024-01-262-5/+7
| | | | | | -- We now allow spaces around the variable name and the value.
* dirmngr: For CRL issuer verification trust the system's root CA.Werner Koch2024-01-261-0/+1
| | | | | | | | * dirmngr/crlcache.c (crl_parse_insert): Add VALIDATE_FLAG_TRUST_SYSTEM. -- GnuPG-bug-id: 6963
* common,w32: Fix use of GNUPG_SPAWN_KEEP_STDERR.Werner Koch2024-01-261-1/+1
| | | | | | | | * common/exechelp-w32.c (gnupg_spawn_process): Fix macro. -- Fixes-commit: 6d6438a361d25f3b269f702e017f5e39fd1f5c38 GnuPG-bug-id: 6961
* Post release updatesWerner Koch2024-01-252-1/+8
| | | | --
* Release 2.4.4gnupg-2.4.4Werner Koch2024-01-251-2/+9
|
* po: msgmergeWerner Koch2024-01-2524-256/+353
| | | | --
* card: Tweak the checkcmds sub-command.Werner Koch2024-01-252-5/+42
| | | | * tools/gpg-card.c (cmd_checkkeys): Skip not found keys.
* po: Update Japanese Translation.NIIBE Yutaka2024-01-251-2/+5
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Add sub-option ignore-attributes to --import-options.Werner Koch2024-01-243-0/+17
| | | | | | | | | | | | | | | * g10/options.h (IMPORT_IGNORE_ATTRIBUTES): New. * g10/import.c (parse_import_options): Add new sub-option. (read_block): Implement sub-option. -- Suggested-by: Robin H. Johnson Tested using the import-export feature: gpg --export KEY_WITH_PICTURE \ | gpg --import --import-options import-export,ignore-attributes \ | gpg --show-key
* po: Update German translation.Werner Koch2024-01-241-16/+20
| | | | | | -- Just the new string for gpg-card's checkkeys.
* speedo: Build zlib, bzip2 and sqlite also on Unix.Werner Koch2024-01-241-9/+4
| | | | | | | | | -- This avoids extra build dependencies. Note that bzip2 is not necessary statically linked but an existing bzip2 SO might be used. We would need to fix the bzip2 SO building and also provide a gnupg configure option to build statically against bzip2.
* card: flush stdout to get checkcmd's info messages in order.Werner Koch2024-01-241-0/+1
| | | | * tools/gpg-card.c (cmd_checkkeys): Insert an fflush.
* speedo: Add a hint to run ldconfigWerner Koch2024-01-233-1/+4
| | | | --
* tests: Add two more sample p12 filesWerner Koch2024-01-234-0/+14
| | | | | -- GnuPG-bug-id: 6940
* speedo: Minor fix to the install targetWerner Koch2024-01-232-7/+7
| | | | --
* sm: Fix ECDH encryption with dhSinglePass-stdDH-sha384kdf-scheme.NIIBE Yutaka2024-01-231-1/+1
| | | | | | | | * sm/encrypt.c (ecdh_encrypt): Cipher is AES192 for id-aes192-wrap. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Use ephemeral mode for generating card keys.Werner Koch2024-01-224-19/+104
| | | | | | | | | | * g10/call-agent.c (agent_set_ephemeral_mode): New. * g10/keyedit.c (keyedit_menu) <bkuptocard>: Switch to ephemeral mode. * g10/keygen.c (do_generate_keypair): Switch to ephemeral mode for card keys with backup. -- GnuPG-bug-id: 6944
* agent: Add "ephemeral" Assuan option.Werner Koch2024-01-2211-207/+497
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (struct ephemeral_private_key_s): New. (struct server_control_s): Add ephemeral_mode and ephemeral_keys. (GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New. * agent/genkey.c (clear_ephemeral_keys): New. (store_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_genkey): Replace args no_protection and preset by a generic new flags arg. * agent/findkey.c (wipe_and_fclose): New. (agent_write_private_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_update_private_key): Ditto (read_key_file): Ditto. (agent_key_available): Ditto. * agent/command-ssh.c (card_key_available): Do not update display s/n in ephemeral mode. This is however enver triggred. * agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral keys. * agent/command.c (cmd_genkey): Use the new flags instead of separate vars. (cmd_readkey): Create a shadow key only in non-ephemeral_mode. (cmd_getinfo): Add sub-command "ephemeral". (option_handler): Add option "ephemeral". -- The idea here that a session can be switched in an ephemeral mode which does not store or read keys from disk but keeps them local to the session. GnuPG-bug-id: 6944
* doc: Fix description of gpg --unwrapWerner Koch2024-01-221-6/+5
| | | | --
* gpg: Add a communication object to the key generation code.Werner Koch2024-01-221-22/+72
| | | | | | | | | | | * g10/keygen.c (struct common_gen_cb_parm_s): New. (common_gen): Add args common_gen_cb and common_gen_cb_parm. Adjust all callers. (do_generate_keypair): Clarify the code by using a better var name. -- We may eventually also replace the long arg list with that object. The immediate reason for this change is the followup commit.
* card: New subcommand "checkkeys".Werner Koch2024-01-224-11/+265
| | | | | | | | | | | | | | | | | * agent/command.c (cmd_havekey): Add new option --info. * tools/card-call-scd.c (scd_readkey): Allow using without result arg. (struct havekey_status_parm_s): New. (havekey_status_cb): New. (scd_havekey_info): New. (scd_delete_key): New. * tools/gpg-card.c (print_keygrip): Add arg with_lf. (cmd_checkkeys): New. (cmdCHECKKEYS): New. (cmds): Add command "checkkeys". (dispatch_command, interactive_loop): Call cmd_checkkeys. -- GnuPG-bug-id: 6943
* doc: Document Backup-info in keyformat.txtWerner Koch2024-01-221-0/+10
| | | | | | | -- This name is used by Kleopatra for quite some time now but was missing a specification.
* Pass PINENTRY_GEOM_HINT environment variable to pinentryTobias Fella2024-01-221-1/+2
| | | | | | | | * common/session-env.c: Add PINENTRY_GEOM_HINT to variables. -- GnuPG-Bug-ID: 6930
* gpg: For v5 key generation for X448 also in parm file mode.Werner Koch2024-01-161-56/+114
| | | | | | | | | | | | | | | * g10/keygen.c (curve_is_448): New. (do_create_from_keygrip): Pass arg keygen_flags byref so that it can be updated. Set v5 flag for X448. (gen_ecc): Ditto. (do_create): Change keygen_flags as above. For robustness change checking for Ed448. (do_generate_keypair): Change keygen_flags as above (generate_subkeypair): Ditto. (gen_card_key): Ditto. Support v5 keys. -- GnuPG-bug-id: 6942
* gpg: When using a parm file w/o usage don't set the RENC usage.Werner Koch2024-01-161-2/+3
| | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (proc_parameter_file): Don't include RENC in the default usage. -- Testplan: $ gpg --gen-key --batch <<EOF Key-Type: EDDSA Key-Curve: ed448 Key-Usage: cert Name-Real: Meh Muh Name-Email: [email protected] Expire-Date: 2025-01-01 Passphrase: abc subkey-type: ecdh Subkey-curve: cv448 EOF and check that the R flag does not show up in the usage.
* doc: Describe the ssh-agent protocol options for Windows.Werner Koch2024-01-152-7/+18
| | | | | | -- Also fix a typo in a macro.
* po: Update parts of the Polish translationJakub Bogusz2024-01-151-256/+139
| | | | | | | | -- Jakub provided the translation in October but at this time it did cleanly apply anymore due to string changes. Thus only parts of his changes are here. -wk
* gpgsm: Allow parsing of PKCS#12 files with two private keys.Werner Koch2024-01-154-91/+133
| | | | | | | | | | | | | | | | | | * sm/minip12.c (struct p12_parse_ctx_s): Add privatekey2. (parse_shrouded_key_bag): Handle a second private key. (p12_parse_free_kparms): New. * sm/import.c (parse_p12): Factor some code out to ... (p12_to_skey): this. (parse_p12): Use p12_parse_free_kparms. -- Take care: We allow parsing of a second private key but we are not yet able to import the second private key. The whole things is required to at least import the certificates of current pkcs#12 files as created by the German Elster tax system. No test data, sorry.
* gpgsm: Improve the status line for --verify errors.Werner Koch2024-01-151-1/+6
| | | | | | | * sm/verify.c (gpgsm_verify): Improve verify.leave status line. -- Suggested-by: Jakob Bohm
* po: Fix indentation for key generation optionsMario Haustein2024-01-1520-101/+101
| | | | --
* Prepare the NEWSWerner Koch2024-01-121-2/+93
| | | | --
* speedo: Add install target for Unix.Werner Koch2024-01-122-13/+65
| | | | | | | | * build-aux/speedo.mk: Default to SELFCHECK=0. (install, install-speedo): New targets. -- GnuPG-bug-id: 6710
* speedo: Patch ELF binaries to use built librariesWerner Koch2024-01-127-216/+66
| | | | | | | | * build-aux/speedo.mk: Remove GUI stuff. Add patchelf feature. * Makefile.am (speedo): New target. -- GnuPG-bug-id: 6710
* gpg: Improve error message for expired default keys.Werner Koch2024-01-111-4/+22
| | | | | | | * g10/getkey.c (parse_def_secret_key): Track reason for skipping keys. -- GnuPG-bug-id: 4704
* doc: Document the gpgconf --unlock command.Werner Koch2024-01-112-5/+16
| | | | | | | * tools/gpgconf.c (main): Fix usage message. -- GnuPG-bug-id: 6838
* gpg: Fix regression in the Revoker keyword of the parmeter file.Werner Koch2024-01-112-4/+5
| | | | | | | | | | * g10/keygen.c (parse_revocation_key): Actually allow for v4 fingerprints. -- Note that the use of the parameter file is deprecated. GnuPG-bug-id: 6923
* gpg: Allow to create revocations even with non-compliant algos.Werner Koch2024-01-101-5/+7
| | | | | | | | | | * g10/sign.c (do_sign): Skip compliance check for revocation certs. -- It just does not make sense to inhibit the creation of revocations depending on the compliance mode. We do this only for key revocation but not for another kind of revocation because the rationale for uid or subkey revocation is more complicated to explain.
* scd:p15: Allow signing for CVISION cardsWerner Koch2024-01-101-4/+81
| | | | | | | | | | | * scd/app-p15.c (do_sign): Add code for Starcos 3.2 and the CVISION product. -- The code for the Starcos cards has been implemented according to the 3.52 manual However, this does not work with my test cards. Protocol analysis shows that decryption can be used for the cryptovision product. Thus we do it the same for now.
* g13: New option --no-mount.Werner Koch2024-01-098-43/+76
| | | | | | | | | | | | | | | | | | | | | * g13/g13.c (oNoMount): New. (opts): Add --no-mount. (main): Implement this. * g13/g13-common.h (opt): Add field no_mount. * common/status.h (STATUS_PLAINDEV): New. * g13/sh-cmd.c (has_option): Uncomment. (cmd_mount): Add option --no-mount and pass down. * g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Add arg nomount and emit PLAINDEV status line. (sh_dmcrypt_umount_container): Rund findmnt before umount. -- This option can be used to decrypt a device but not to mount it. For example to run fsck first. A command or option to run fsck before a mount will eventually be added. The use of findmnt is needed so that we can easily remove a device which has not been mounted.
* gpg: Print a useful error id SKI algo 253 is found.Werner Koch2024-01-091-1/+10
| | | | | | | | * g10/parse-packet.c (parse_key): Detect the SKI algo 253. -- As long as we have not yet implemented this we should at least be able to detect this case.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 06:31:35 +0000