aboutsummaryrefslogtreecommitdiffstats
path: root/agent/agent.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* agent: Add command DELETE_KEY.Werner Koch2014-04-151-0/+2
| | | | | | | | | | | * agent/command.c (cmd_delete_key): New. * agent/findkey.c (modify_description): Add '%C' feature. (remove_key_file): New. (agent_delete_key): New. * agent/command-ssh.c (search_control_file): Make arg R_DISABLE optional. * configure.ac: Require libgpg-error 1.13.
* agent: Cleanups to prepare implementation of Ed25519.Werner Koch2014-03-221-1/+2
| | | | | | | | | | | | * agent/cvt-openpgp.c: Remove. (convert_to_openpgp): Use gcry_sexp_extract_param. * agent/findkey.c (is_eddsa): New. (agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA. * agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and OVERRIDEDATALEN. * common/ssh-utils.c (is_eddsa): New. (get_fingerprint): Take care or EdDSA.
* ssh: Add support for Putty.Werner Koch2014-03-071-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c [W32]: Include Several Windows header. (opts): Change help text for enable-ssh-support. (opts, main): Add option --enable-putty-support (putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32. (agent_init_default_ctrl): Add and asssert call. (putty_message_proc, putty_message_thread): New. (handle_connections) [W32]: Start putty message thread. * common/sysutils.c (w32_get_user_sid): New for W32 only * tools/gpgconf-comp.c (gc_options_gpg_agent): Add --enable-ssh-support and --enable-putty-support. Make the configuration group visible at basic level. * agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only. -- This patch enables support for Putty. It has been tested with Putty 0.62 using an Unix created ssh key copied to the private-keys-v1.d directory on Windows and with a manually crafted sshcontrol file. It also works with a smartcard key. May thanks to gniibe who implemented a proxy in Python to test the putty/gpg-agent communication. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9f32499f99a0817f63f7a73b09bdcebe60d4775d) Resolved conflicts: NEWS agent/agent.h agent/gpg-agent.c: Convert from pth to npth. common/sysutils.c common/sysutils.h
* gpg: Rework ECC support and add experimental support for Ed25519.Werner Koch2013-11-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (key_parms_from_sexp): Add algo name "ecc". (agent_is_dsa_key): Ditto. (agent_is_eddsa_key): New. Not finished, though. * agent/pksign.c (do_encode_eddsa): New. (agent_pksign_do): Use gcry_log_debug functions. * agent/protect.c (agent_protect): Parse a flags parameter. * g10/keygen.c (gpg_curve_to_oid): Move to ... * common/openpgp-oid.c (openpgp_curve_to_oid): here and rename. (oid_ed25519): New. (openpgp_oid_is_ed25519): New. (openpgp_oid_to_curve): New. * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New. * g10/build-packet.c (gpg_mpi_write): Write the length header also for opaque MPIs. (gpg_mpi_write_nohdr): New. (do_key): Use gpg_mpi_write_nohdr depending on algorithm. (do_pubkey_enc): Ditto. * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use gpg_mpi_write_nohdr. * g10/export.c (transfer_format_to_openpgp): * g10/keygen.c (ecckey_from_sexp): Return the error. (gen_ecc): Repalce arg NBITS by CURVE. (read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve". (ask_curve): New. (generate_keypair, generate_subkeypair): Use ask_curve. (do_generate_keypair): Also pass curve name. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print curve name. * g10/parse-packet.c (mpi_read): Remove workaround for Libcgrypt < 1.5. (parse_key): Fix ECC case. Print the curve name. * g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp. (pk_verify, pk_check_secret_key): Add special case for Ed25519. * g10/seskey.c (encode_md_value): Ditto. * g10/sign.c (do_sign, hash_for, sign_file): Ditto. -- Be warned that this code is subject to further changes and that the format will very likely change before a release. There are also known bugs and missing code. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make decryption with the OpenPGP card work.Werner Koch2013-08-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <[email protected]>
* agent: Extend cmd KEYINFO to return data from sshcontrol.Werner Koch2013-08-081-0/+14
| | | | | | | | | | | | | | | | | | | * agent/command-ssh.c (struct control_file_s): Rename to ssh_control_file_s. (ssh_open_control_file, ssh_close_control_file) (ssh_read_control_file, ssh_search_control_file): New. (control_file_t): Rename and move to ... * agent/agent.h (ssh_control_file_t): here. * agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled, and confirm. Rename unknown keytype indicator from '-' to 'X'. Extend output. (cmd_keyinfo): Add options --ssh-list and --with-ssh. -- This extension allows the development of frontends to manage the sshcontrol file. Signed-off-by: Werner Koch <[email protected]>
* Implement unattended OpenPGP secret key import.Werner Koch2013-05-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_import_key): Add option --unattended. * agent/cvt-openpgp.c (convert_transfer_key): New. (do_unprotect): Factor some code out to ... (prepare_unprotect): new function. (convert_from_openpgp): Factor all code out to ... (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement openpgp-native protection modes. (convert_from_openpgp_native): New. * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion * agent/protect-tool.c (convert_from_openpgp_native): Ditto. * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all callers. Support openpgp-native protection. * g10/call-agent.c (agent_import_key): Add arg 'unattended'. * g10/import.c (transfer_secret_keys): Use unattended in batch mode. -- With the gpg-agent taking care of the secret keys, the user needs to migrate existing keys from secring.gpg to the agent. This and also the standard import of secret keys required the user to unprotect the secret keys first, so that gpg-agent was able to re-protected them using its own scheme. With many secret keys this is quite some usability hurdle. In particular if a passphrase is not instantly available. To make this migration smoother, this patch implements an unattended key import/migration which delays the conversion to the gpg-agent format until the key is actually used. For example: gpg2 --batch --import mysecretkey.gpg works without any user interaction due to the use of --batch. Now if a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent has to ask for the passphrase anyway, converts the key from the openpgp format to the internal format, signs, re-encrypts the key and tries to store it in the gpg-agent format to the disk. The next time, the internal format of the key is used. This patch has only been tested with the old demo keys, more tests with other protection formats and no protection are needed. Signed-off-by: Werner Koch <[email protected]>
* agent: pksign result conversion to sexp to upper layer.NIIBE Yutaka2013-02-281-1/+2
| | | | | | | | | | | * agent/agent.h (divert_pksign): Add R_SIGLEN argument. * agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN. * agent/call-scd.c (agent_card_pksign): Move composition of S-expression to... * agent/pksign.c (agent_pksign_do): ... here. -- Composing S-expression would be better to be done by SCDaemon.
* agent: Add KEYTOCARD command.NIIBE Yutaka2013-02-121-0/+7
| | | | | | | | * agent/agent.h (divert_writekey, agent_card_writekey): New. * agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New. * agent/command.c (cmd_keytocard, hlp_keytocard): New. (register_commands): Add cmd_keytocard. * agent/divert-scd.c (divert_writekey): New.
* agent: Move a typedef to common and provide parse_pinentry_mode.Werner Koch2013-02-061-10/+1
| | | | | | | | | * common/agent-opt.c: New. * common/shareddefs.h: New. * common/Makefile.am: Add new files. * agent/agent.h: Include shareddefs.h. (pinentry_mode_t): Factor out to shareddefs.h. * agent/command.c (option_handler): Use parse_pinentry_mode.
* agent: Add pin length field to the shadowed private key format.Werner Koch2012-02-071-1/+1
| | | | | | | | This is not yet fully implemented. It will eventually allow to support pinpad equipped readers which do not support variable length pin lengths. * agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and parse pinlen info. Change all callers to pass NULL for it.
* agent: New function agent_print_status.Werner Koch2012-02-071-0/+3
| | | | | | * common/asshelp2.c (vprint_assuan_status): New. (print_assuan_status): Re-implement using above func. * agent/command.c (agent_print_status): New.
* Amend the agent code with more comments.Werner Koch2011-12-051-22/+61
| | | | * agent/command.c (server_local_s): Remove unused field MESSAGE_FD.
* Handle pinentry-mode=loopback.Ben Kibbey2011-09-121-0/+3
| | | | | | When this mode is set an inquire will be sent to the client to retrieve the passphrase. This adds a new inquire keyword "NEW_PASSPHRASE" that the GENKEY and PASSWD commands use when generating a new key.
* Support a confirm flag for ssh.Werner Koch2011-07-201-0/+2
| | | | | This implements the suggestion from bug#1349. With this change the fingerprint of the ssh key is also displayed in the pinentry prompts.
* Added gpg-agent OPTION "s2k-count".Ben Kibbey2011-06-291-1/+4
| | | | When unset or 0, the calibrated count will be used.
* Fixed regression in OpenPGP secret key export.Werner Koch2011-04-261-0/+1
| | | | | | | | The protection used in the exported key used a different iteration count than given in the S2K field. Thus all OpenPGP keys exported from GnuPG 2.1-beta can't be imported again. Given that the actual secret key material is kept in private-keys-v1.d/ the can be re-exported with this fixed version.
* Add OPTION:cache-ttl-opt-preset to gpg-agent.Werner Koch2011-04-211-2/+7
| | | | | This option may be used to change the default ttl values use with the --preset option of GENKEY and PASSWD.
* Use macros for the 120 and 900s cache TTLs.Werner Koch2011-04-121-0/+6
|
* Added GENKEY --preset to add the passphrase of the generated key to the cache.Ben Kibbey2011-04-121-1/+1
|
* New agent option pinentry-mode.Werner Koch2011-03-031-1/+16
| | | | | This provides the framework and implements the ask, cancel and error. loopback will be implemented later.
* Fix usage of SHA-2 algorithm with OpenPGP cards.Werner Koch2011-03-021-0/+1
| | | | | | | This was a regression in 2.1 introduced due to having the agent do the signing in contrast to the old "SCD PKSIGN" command which accesses the scdaemon directly and passed the hash algorithm. The hash algorithm is used by app-openpgp.c only for a sanity check.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-11/+11
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Fixed key generation with P-521. Confirmed that signature generation and ↵Andrey Jivsov2011-01-131-0/+1
| | | | verification work.
* Fix bug where scdaemon kills a non-daemon gpg-agent.Werner Koch2010-11-111-0/+3
|
* Re-implemented GPG's --passwd command and improved it.Werner Koch2010-10-261-1/+2
|
* All tests work are again workingWerner Koch2010-10-141-1/+2
|
* More agent support for gpg.Werner Koch2010-10-131-2/+2
|
* Exporting secret keys via gpg-agent is now basically supported.Werner Koch2010-10-011-4/+6
| | | | | | A couple of forward ported changes. Doc updates.
* Obscure the cached passphrases.Werner Koch2010-09-021-3/+3
|
* s/CACHE_MODE_IMPGEN/CACHE_MODE_NONCE/.Werner Koch2010-09-011-4/+6
| | | | | Prepare for more use cases of the cache nonce.
* Use passphrase caching for import and genkey.Werner Koch2010-09-011-2/+4
|
* Import OpenPGP keys into the agent.Werner Koch2010-08-311-2/+7
|
* Avoid using the protect-tool to import pkcs#12.Werner Koch2010-06-171-0/+2
|
* Update tests.Werner Koch2010-05-111-0/+3
|
* More changes on the way to remove secring.gpg.Werner Koch2010-04-211-0/+1
|
* Implement dynamic S2K count computation.Werner Koch2009-12-141-0/+1
|
* Reworked passing of envars to Pinentry.Werner Koch2009-07-071-10/+4
|
* Use cancel button in confirmation only if requested.Werner Koch2009-06-171-1/+1
|
* Fix bug #1053Werner Koch2009-05-151-2/+7
| | | | | Add option --qualitybar to command GET_PASSPHRASE.
* Signing using Netkey 3 cards does now work.Werner Koch2009-03-261-1/+1
|
* Fix keygrip computation for TCOS 3 cards.Werner Koch2009-03-201-1/+2
| | | | | Emit PROGRESS status lines during --learn-card.
* Changed order of the confirmation questions for root certificatesWerner Koch2009-03-191-1/+1
| | | | | and stores negative answers in trustlist.txt.
* New gpg-agent command to list key information.Werner Koch2009-03-061-0/+5
| | | | | | Gpgsm does now print the S/N of cards. Consider ephemeral keys during listing an export.
* Add --reload command to gpgconf.Werner Koch2009-03-031-0/+1
| | | | | | Fix a problem in exechelp.c Get ready for a release.
* Remove hacks which are not anymore needed since we now require Libgcrypt 1.4Werner Koch2008-09-291-3/+3
|
* Fix a bug in the ambigious name detection.Werner Koch2008-03-201-0/+1
| | | | | Minor cleanups.
* [W32] Changed default socket for dirmngr.Werner Koch2007-11-271-0/+3
| | | | | | [W32] Add some code for event notifications between scdaemon and gpg-agent.
* Started to implement the audit log feature.Werner Koch2007-11-191-1/+4
| | | | | | | | Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry. Improved support for the quality bar. Minor internal restructuring. Translation fixes.
* Use Assuan socket wrapper calls.Werner Koch2007-10-011-6/+5
| | | | | Made socket servers secure under Windows.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-23 22:26:01 +0000