aboutsummaryrefslogtreecommitdiffstats
path: root/agent/command.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* agent: Remove useless conditions in command.c.Werner Koch2015-03-151-6/+6
| | | | | | | | | | | | * agent/command.c (cmd_setkeydesc): Remove NULL check. (cmd_get_passphrase): Ditto. (cmd_clear_passphrase): Ditto. (cmd_get_confirmation): Ditto. (cmd_getval): Ditto. (cmd_putval): Ditto. -- Detected by Stack 0.3.
* agent: Fix use of imported but unprotected openpgp keys.Werner Koch2015-01-291-3/+5
| | | | | | | | | | | | * agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New. * agent/command.c (do_one_keyinfo): Implement it. * agent/findkey.c (agent_key_from_file): Ditto. (agent_key_info_from_file): Ditto. (agent_delete_key): Ditto. * agent/protect.c (agent_private_key_type): Add detection for openpgp "none" method. Signed-off-by: Werner Koch <[email protected]>
* gpg: Re-enable the "Passphrase" parameter for batch key generation.Werner Koch2015-01-211-6/+40
| | | | | | | | | | | | | * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <[email protected]>
* agent: Keep the session environment for restricted connections.Werner Koch2014-12-191-0/+6
| | | | | | | | | | | | | | | | | * agent/command-ssh.c (setup_ssh_env): Move code to ... * agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change calllers. * agent/command.c (start_command_handler): Call that fucntion for restricted connections. -- A remote connection is and should not be able to setup the local session environment. However, unless --keep-display is used we would be left without an environment and thus pinentry can't be used. The fix is the same as used for ssh-agent connection: We use the default environment as used at the startup of the agent. Signed-off-by: Werner Koch <[email protected]>
* agent: Fix string prepended to remotely initiated prompts.Werner Koch2014-12-191-1/+1
| | | | | | | * agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make translatable. Signed-off-by: Werner Koch <[email protected]>
* gpg: Let --card--status create a shadow key (card key stub).Werner Koch2014-12-121-5/+10
| | | | | | | | | | | | | | | | | | * agent/command.c (cmd_learn): Add option --sendinfo. * agent/learncard.c (agent_handle_learn): Add arg "send" andsend certifciate only if that is set. * g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO optional. (agent_learn): Remove. * g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn. -- The requirement of using --card-status on the first use of card on a new box is a bit annoying but the alternative of always checking whether a card is available before a decryption starts does not sound promising either. Signed-off-by: Werner Koch <[email protected]>
* gpg-agent: Add restricted connection feature.Мирослав Николић2014-11-271-42/+138
| | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): Add field extra_socket. (server_control_s): Add field restricted. * agent/command.c: Check restricted flag on many commands. * agent/gpg-agent.c (oExtraSocket): New. (opts): Add option --extra-socket. (socket_name_extra): New. (cleanup): Cleanup that socket name. (main): Implement oExtraSocket. (create_socket_name): Add arg homedir and change all callers. (create_server_socket): Rename arg is_ssh to primary and change callers. (start_connection_thread): Take ctrl as arg. (start_connection_thread_std): New. (start_connection_thread_extra): New. (handle_connections): Add arg listen_fd_extra and replace the connection starting code by parameterized loop. * common/asshelp.c (start_new_gpg_agent): Detect the use of the restricted mode and don't fail on sending the pinentry environment. * common/util.h (GPG_ERR_FORBIDDEN): New.
* Change a couple of files to use abbreviated copyright notes.Werner Koch2014-11-041-3/+2
| | | | | | | | | -- Also fixed some of my own copyright notices due to the termination of my assignment. The one displayed by --version is kept at FSF because we had contributors in 2014 with FSF assignments and it gives the FSF some visibility.
* gpg: Avoid extra pinentries for each subkey in --export-secret-keys.Werner Koch2014-11-021-4/+26
| | | | | | | | * agent/command.c (cmd_export_key): Actually implement the cache_nonce feature. * g10/export.c (do_export_stream): Make use of a cache_nonce. Signed-off-by: Werner Koch <[email protected]>
* Remove support for the GPG_AGENT_INFO envvar.Werner Koch2014-10-031-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): Remove field use_standard_socket. * agent/command.c (cmd_killagent): Always allow killing. * agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and --write-env-file into dummy options. Always return true for --use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar setting or set that envvar. (create_socket_name): Simplify by removing non standard socket support. (check_for_running_agent): Ditto. * common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use. * common/simple-pwquery.c (agent_open): Ditto. * configure.ac (GPG_AGENT_INFO_NAME): Remove. * g10/server.c (gpg_server): Do not print the AgentInfo comment. * g13/server.c (g13_server): Ditto. * sm/server.c (gpgsm_server): Ditto. * tools/gpgconf.c (main): Simplify by removing non standard socket support. -- The indented fix to allow using a different socket than the one in the gnupg home directory is to change Libassuan to check whether the socket files exists as a regualr file with a special keyword to redirect to another socket file name.
* gpg: Fix regression in secret key export.Werner Koch2014-04-151-1/+1
| | | | | | | | | | * agent/cvt-openpgp.c (convert_to_openpgp): Fix use gcry_sexp_extract_param. * g10/export.c (do_export_stream): Provide a proper prompt to the agent. -- NB: The export needs more work, in particular the ECC algorithms.
* agent: Add command DELETE_KEY.Werner Koch2014-04-151-1/+35
| | | | | | | | | | | * agent/command.c (cmd_delete_key): New. * agent/findkey.c (modify_description): Add '%C' feature. (remove_key_file): New. (agent_delete_key): New. * agent/command-ssh.c (search_control_file): Make arg R_DISABLE optional. * configure.ac: Require libgpg-error 1.13.
* agent: Cleanups to prepare implementation of Ed25519.Werner Koch2014-03-221-1/+1
| | | | | | | | | | | | * agent/cvt-openpgp.c: Remove. (convert_to_openpgp): Use gcry_sexp_extract_param. * agent/findkey.c (is_eddsa): New. (agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA. * agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and OVERRIDEDATALEN. * common/ssh-utils.c (is_eddsa): New. (get_fingerprint): Take care or EdDSA.
* agent: API change of agent_key_from_file.NIIBE Yutaka2014-03-111-12/+20
| | | | | | | | | | | | * agent/findkey.c (agent_key_from_file): Always return S-expression. * agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO. (cmd_export_key): Likewise. Free SHADOW_INFO. (cmd_keytocard): Likewise. Release S_SKEY. * agent/pkdecrypt.c (agent_pkdecrypt): Likewise. * agent/pksign.c (agent_pksign_do): Likewise. Use the S-expression to know the key type. Signed-off-by: NIIBE Yutaka <[email protected]>
* Make use of the *_NAME etc macros.Werner Koch2013-11-181-4/+10
| | | | | | | | | Replace hardwired strings at many places with new macros from config.h and use the new strusage macro replacement feature. * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn sentinels. * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
* gpg: Make decryption with the OpenPGP card work.Werner Koch2013-08-281-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <[email protected]>
* agent: Fix two compiler warnings.Werner Koch2013-08-281-2/+2
| | | | | | | | | | | | | | * agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu in format string. * scd/ccid-driver.c (ccid_get_atr): Ditto. * agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to avoid maybe_unitialized warning. -- Actually the first one might have been a problem on big endian machines. Signed-off-by: Werner Koch <[email protected]>
* agent: Extend cmd KEYINFO to return data from sshcontrol.Werner Koch2013-08-081-25/+122
| | | | | | | | | | | | | | | | | | | * agent/command-ssh.c (struct control_file_s): Rename to ssh_control_file_s. (ssh_open_control_file, ssh_close_control_file) (ssh_read_control_file, ssh_search_control_file): New. (control_file_t): Rename and move to ... * agent/agent.h (ssh_control_file_t): here. * agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled, and confirm. Rename unknown keytype indicator from '-' to 'X'. Extend output. (cmd_keyinfo): Add options --ssh-list and --with-ssh. -- This extension allows the development of frontends to manage the sshcontrol file. Signed-off-by: Werner Koch <[email protected]>
* Implement unattended OpenPGP secret key import.Werner Koch2013-05-221-4/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_import_key): Add option --unattended. * agent/cvt-openpgp.c (convert_transfer_key): New. (do_unprotect): Factor some code out to ... (prepare_unprotect): new function. (convert_from_openpgp): Factor all code out to ... (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement openpgp-native protection modes. (convert_from_openpgp_native): New. * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion * agent/protect-tool.c (convert_from_openpgp_native): Ditto. * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all callers. Support openpgp-native protection. * g10/call-agent.c (agent_import_key): Add arg 'unattended'. * g10/import.c (transfer_secret_keys): Use unattended in batch mode. -- With the gpg-agent taking care of the secret keys, the user needs to migrate existing keys from secring.gpg to the agent. This and also the standard import of secret keys required the user to unprotect the secret keys first, so that gpg-agent was able to re-protected them using its own scheme. With many secret keys this is quite some usability hurdle. In particular if a passphrase is not instantly available. To make this migration smoother, this patch implements an unattended key import/migration which delays the conversion to the gpg-agent format until the key is actually used. For example: gpg2 --batch --import mysecretkey.gpg works without any user interaction due to the use of --batch. Now if a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent has to ask for the passphrase anyway, converts the key from the openpgp format to the internal format, signs, re-encrypts the key and tries to store it in the gpg-agent format to the disk. The next time, the internal format of the key is used. This patch has only been tested with the old demo keys, more tests with other protection formats and no protection are needed. Signed-off-by: Werner Koch <[email protected]>
* agent: Fix length detection of canonical formatted openpgp keys.Werner Koch2013-05-221-1/+1
| | | | | | | | | | | | | | | * agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to gcry_sexp_canon_len. -- We used to pass KEYLEN to the gcry_sexp_canon_len for no good reason: convert_from_openpgp is guaranteed to return a valid canonical S-expression and KEYLEN would thus act only as an upper limit. This is not a problem because usually the original input key is longer than the returned unprotected key. A future patch may change this assertion and thus we better fix this bug now. Signed-off-by: Werner Koch <[email protected]>
* agent: fix two bugs.NIIBE Yutaka2013-02-221-0/+1
| | | | | | | | * agent/command.c (cmd_keytocard): Decrement KEYDATALEN. * agent/findkey.c (agent_public_key_from_file): Increment for ELEMS. -- For ECDSA and ECDH, there are 6 elements.
* agent: Add KEYTOCARD command.NIIBE Yutaka2013-02-121-0/+125
| | | | | | | | * agent/agent.h (divert_writekey, agent_card_writekey): New. * agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New. * agent/command.c (cmd_keytocard, hlp_keytocard): New. (register_commands): Add cmd_keytocard. * agent/divert-scd.c (divert_writekey): New.
* agent: Move a typedef to common and provide parse_pinentry_mode.Werner Koch2013-02-061-14/+6
| | | | | | | | | * common/agent-opt.c: New. * common/shareddefs.h: New. * common/Makefile.am: Add new files. * agent/agent.h: Include shareddefs.h. (pinentry_mode_t): Factor out to shareddefs.h. * agent/command.c (option_handler): Use parse_pinentry_mode.
* agent: Use wipememory instead of memset in one place.Werner Koch2012-11-061-1/+1
| | | | | * agent/command.c (clear_outbuf): Use wipememory. Suggested by Ben Kibbey.
* agent: Add pin length field to the shadowed private key format.Werner Koch2012-02-071-1/+1
| | | | | | | | This is not yet fully implemented. It will eventually allow to support pinpad equipped readers which do not support variable length pin lengths. * agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and parse pinlen info. Change all callers to pass NULL for it.
* Use new status printing functions.Werner Koch2012-02-071-12/+4
| | | | | | * agent/command.c (cmd_geteventcounter): Get rid of static buffers. * scd/command.c (cmd_serialno, cmd_learn): Simplify by using print_assuan_status.
* agent: New function agent_print_status.Werner Koch2012-02-071-0/+16
| | | | | | * common/asshelp2.c (vprint_assuan_status): New. (print_assuan_status): Re-implement using above func. * agent/command.c (agent_print_status): New.
* agent: Simplify printing of INQUIRE_MAXLEN.Werner Koch2012-02-061-12/+5
| | | | | | * agent/command.c: Include asshelp.h. (cmd_pkdecrypt, cmd_genkey, cmd_preset_passphrase) (pinentry_loopback): Use print_assuan_status for INQUIRE_MAXLEN.
* Also let GENKEY and PKDECRYPT send the INQUIRE_MAXLEN status message.Ben Kibbey2012-02-031-3/+11
| | | | | | * agent/command.c (cmd_pkdecrypt): Send the INQUIRE_MAXLEN status message before doing the inquire. (cmd_genkey): Ditto.
* Inform the client of the preset passphrase length.Ben Kibbey2012-02-021-1/+7
| | | | | * agent/command.c (cmd_preset_passphrase): Send the INQUIRE_MAXLEN status message before inquiring the passphrase.
* Add the INQUIRE_MAXLEN status message.Ben Kibbey2012-01-181-0/+6
| | | | | | | | This status message is used to inform the client of the maximum length of an inquired passphrase and is used in pinentry-mode=loopback. * agent/command.c (pinentry_loopback): Send the INQUIRE_MAXLEN status message before doing the inquire.
* Require Libassuan 2.0.3Werner Koch2011-12-201-4/+0
| | | | | | | | | * configure.ac: Require Libassuan 2.0.3. * agent/call-scd.c (ASSUAN_CONVEY_COMMENTS): Remove macro replacement. * agent/command.c (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Remove dependency. (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Ditto. * scd/command.c (cmd_killscd) [ASSUAN_FORCE_CLOSE]: Ditto.
* Fix last change.Werner Koch2011-12-051-1/+0
| | | | * agent/command.c (start_command_handler): Remove use of removed var.
* Amend the agent code with more comments.Werner Koch2011-12-051-23/+79
| | | | * agent/command.c (server_local_s): Remove unused field MESSAGE_FD.
* Handle pinentry-mode=loopback.Ben Kibbey2011-09-121-0/+15
| | | | | | When this mode is set an inquire will be sent to the client to retrieve the passphrase. This adds a new inquire keyword "NEW_PASSPHRASE" that the GENKEY and PASSWD commands use when generating a new key.
* Update option s2k-count to match the documentation.Ben Kibbey2011-08-101-3/+3
| | | | The option would previously return an error if its value was < 65536.
* Made the KILLAGENT and KILLSCD commands working again.Werner Koch2011-08-101-0/+5
| | | | | This requires that GnuPG is build with a newer version of Libassuan (2.0.3).
* Allow listing of ssh fingerprint with the agent's KEYINFO command.Werner Koch2011-07-201-8/+30
|
* Added gpg-agent OPTION "s2k-count".Ben Kibbey2011-06-291-1/+10
| | | | When unset or 0, the calibrated count will be used.
* Add OPTION:cache-ttl-opt-preset to gpg-agent.Werner Koch2011-04-211-3/+7
| | | | | This option may be used to change the default ttl values use with the --preset option of GENKEY and PASSWD.
* Fix gpg-agent secure memory leak in OpenPGP private key import.Marcus Brinkmann2011-04-201-0/+2
| | | | | | | | 2011-04-20 Marcus Brinkmann <[email protected]> * command.c (cmd_import_key): Release key from failed import before converting openpgp private key in the openpgp-private-key case.
* Another PASSWD --preset fix.Ben Kibbey2011-04-181-1/+1
| | | | Check for an error before presetting the passphrase.
* Fixed PASSWD --preset.Ben Kibbey2011-04-131-7/+7
| | | | | The previous patch required that the keygrip be cached before adding the new passphrase to the cache. No more.
* Use macros for the 120 and 900s cache TTLs.Werner Koch2011-04-121-5/+6
|
* Added PASSWD --preset.Ben Kibbey2011-04-121-2/+11
|
* Added GENKEY --preset to add the passphrase of the generated key to the cache.Ben Kibbey2011-04-121-2/+7
|
* Added KEYINFO field to show the protection type of a key. This differs from ↵Ben Kibbey2011-04-121-10/+21
| | | | the second field which shows the location of the key.
* Added option --inquire to PRESET_PASSPHRASE. Note that the inquired ↵Ben Kibbey2011-03-041-4/+26
| | | | passphrase will be truncated to the first encountered null byte.
* New agent option pinentry-mode.Werner Koch2011-03-031-0/+18
| | | | | This provides the framework and implements the ask, cancel and error. loopback will be implemented later.
* Add comment to last patch.Werner Koch2011-03-021-13/+20
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 17:13:22 +0000