| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* agent/findkey.c (agent_write_private_key): Init FP.
--
With
Fixes-commit: 3b69d8bf7146b8d10737d0cfea9c97affc60ad73
we took a shortcut but forgot to init FP which is usually set after
the new check. At least in the AppImage this always triggered a segv
and gpg or Kleopatra had to restart the agent. Not a problem in 2.4
becuase this code is a hack we don't need in 2.4 due to that new
ephemeral key storing feature.
GnuPG-bug-id: 6944
|
|
* agent/command.c (cmd_learn): Add option --reallyforce.
* agent/findkey.c (agent_write_private_key): Implement reallyforce.
Also add arg reallyforce and pass it along the call chain.
* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
special force value.
* g10/keygen.c (card_store_key_with_backup): Use that force value.
--
This was a regression in 2.2.42. We took the easy path to fix it by
getting the behaviour back to what we did prior to 2.2.42. With GnuPG
2.4.4 we use an entire different and safer approach by introducing an
ephemeral private key store.
GnuPG-bug-id: 6944
|
|
* agent/findkey.c (read_key_file): Add optional arg r_orig_key_value
to return the old Key value. Change all callers.
(agent_write_private_key): Detect whether the Key entry was really
changed.
--
GnuPG-bug-id: 6829
|
|
* common/name-value.c (struct name_value_container): Add flag
"modified".
(nvc_modified): New.
(nvc_new): Set flag.
(_nvc_add): Set flag.
(nvc_delete): Set flag.
(nve_set): Add arg PK. Change the caller. Check whether to change at
all.
* agent/findkey.c (agent_write_private_key): Update only if modified.
--
This helps software which uses a file system watcher to track changes
to private keys. In particular smartcard triggered changes are a
problem for such software because this may at worst trigger another
smartcard read.
GnuPG-bug-id: 6829
|
|
* agent/command.c (KEYTOCARD_TIMESTAMP_FORMAT): Remove and use format
string direct.
(cmd_keytocard): Change timestamp to an u64 and use the new u64 parser
functions. Use split_fields. Add ecdh parameter stuff. Take the
default timestamp from the keyfile.
* agent/findkey.c (agent_key_from_file): Add arg timestamp and set it.
Adjust all callers.
--
This is backport from 2.4 but only the agent part. We consider it
more relibale if we also pass the ECDH parameters along in 2.2.
Adding the timestamp stuff should not harm either. Because we now
have the u64 time string parser, we use them here.
See-commit: c03ba92576e34f791430ab1c68814ff16c81407b
See-commit: c795be79c14fac01b984bdc2e2041d2141f27612
This patch is somewhat related to:
GnuPG-bug-id: 6378, 5538
|
|
* agent/findkey.c (agent_write_private_key): Fix error reporting.
|
|
* agent/findkey.c: Remove assert.h and use log_assert all over the
file.
(fname_from_keygrip): Add arg for_new.
(is_shadowed_key): New.
(agent_write_private_key): Rewrite to use read, write to new file,
rename pattern. Ignore attempts to overwrite a regular key file by a
shadow key file.
(read_key_file): Move all cleanup code to the end of the function.
--
GnuPG-bug-id: 6386
I am not shure whether we should allow overwriting with FORCE set.
|
|
* agent/agent.h (opt): Remove enable_extended_key_format.
* agent/gpg-agent.c (enum cmd_and_opt_values): Turn
oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy
options.
* agent/protect.c (do_encryption): Remove arg use_ocb and
corresponding code.
(agent_protect): Ditto. Change all callers.
* agent/command.c (cmd_readkey): Do not test for key availability here
but defer that agent_write_shadow_key.
* agent/findkey.c (agent_write_private_key): Simplify due to the
removal of disable-extended-key-format.
(write_extended_private_key): Fold into agent_write_private_key.
Remove the maybe_update arg.
(agent_write_shadow_key): Ditto. Simplify.
--
GnuPG-bug-id: 6386
Backported-from-master: 6d792ae2eb46b3c411d36a87f0d08fbfc1b65cc9
But with large changes to get 2.2 more aligned with master again. This
is not finished; in particular the bug is not fixed; this comes wit
the next patch.
|
|
* agent/findkey.c (agent_write_private_key): Fix condition.
--
Fixes-commit: 755920d4335730fbf25e24342dc9c8a8a772dac3
|
|
* agent/findkey.c (agent_write_private_key): Factor file name
generation out to ...
(fname_from_keygrip): new.
(write_extended_private_key): Add and implement new arg MAYBE_UPDATE.
(agent_write_shadow_key): Ditto.
* agent/command.c (cmd_readkey): Update the shadow-key in card mode.
--
GnuPG-bug-id 6135
|
|
* agent/divert-scd.c (linefeed_to_percent0A): New.
(ask_for_card): Add arg grip. Read Token and Label items and use
them.
(divert_pksign, divert_pkdecrypt): Pass down grip.
* agent/findkey.c (write_extended_private_key): Add args serialno,
keyref, and dispserialno. Writen Token item.
(agent_write_private_key): Add args serialno, keyref, and
dispserialno.
(read_key_file): Add arg r_keymeta.
(agent_keymeta_from_file): New.
(agent_write_shadow_key): Remove leading spaces from serialno and keyid.
* agent/protect-tool.c (agent_write_private_key): Ditto.
* agent/learncard.c (agent_handle_learn): Get DISPSERIALNO and pass to
agent_write_shadow_key.
* agent/command-ssh.c (card_key_available): Ditto.
--
GnuPG-bug-id: 6135
This patch backports some changes from master but also adds the
Display-S/N tracking.
|
|
* agent/findkey.c (write_extended_private_key): Make sure
it is flushed out.
--
Cherry-picked from master commit of:
99d2931887e5ba0db9007024b3420b110603d5be
GnuPG-bug-id: 6035
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.c (gnupg_access): New. Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--
Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.
This is required to correctly handle non-ascii filenames on Windows.
GnuPG-bug-id: 5098
(cherry picked from commit c94ee1386e0d5cdac51086c4d5b92de59c09c9b5)
|
|
* agent/command.c (cmd_genkey): Add option --timestamp.
(cmd_import_key): Ditto.
* agent/genkey.c (store_key): Add arg timestamp and change callers.
(agent_genkey): Ditto.
* agent/findkey.c (write_extended_private_key): Add args timestamp and
newkey to write a Created line.
(agent_write_private_key): Add arg timestamp.
(agent_write_shadow_key): Ditto.
* agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
--
Signed-off-by: Werner Koch <[email protected]>
Backported-from-master: 0da923a1240ac78d60c92cdd8488c4e405c3243b
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
gcry_sexp_build_array's %b.
--
This is only a problem on big-endian systems where size_t is not the
same size as an int. It was causing failures on debian's s390x,
powerpc64, and sparc64 platforms.
There may well be other failures with %b on those platforms in the
codebase, and it probably needs an audit.
Once you have a key in private-keys-v1.d/$KEYGRIP.key with a comment
or a uri of reasonable length associated with it, this fix can be
tested with:
gpg-agent --server <<<"READKEY $KEYGRIP"
On the failing platforms, the printed comment will be of length 0.
Gnupg-bug-id: 4501
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* agent/agent.h (PINENTRY_STATUS_*): Expose to public.
(struct pin_entry_info_s): Add status.
* agent/call-pinentry.c (agent_askpin): Clearing the ->status
before the loop, let the assuan_transact set ->status. When
failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
soon.
* agent/findkey.c (unprotect): Clear the pinentry cache,
when it causes an error.
--
Cherry-picked from master commit of:
02a2633a7f0b7d91aa48ea615fb3a0edfd6ed6bb
Debian-bug-id: 919856
GnuPG-bug-id: 4348
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.
* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto. Take RESTRICTED into account.
(agent_get_cache): Ditto.
--
If requests are coming from different sources they should not share the
same cache. This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.
GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
* agent/findkey.c (read_key_file): Ditto. Change return type to
gpg_error_t. On es_fessk failure return a correct error code.
(agent_key_from_file): Change var name 'rc' to 'err'.
* agent/pksign.c (agent_pksign_do): Ditto. Change return type to
gpg_error_t. Return a valid erro code on malloc failure.
(agent_pksign): Ditto. Change return type to gpg_error_t. replace
xmalloc by xtrymalloc.
* agent/protect.c (calculate_mic): Change return type to gpg_error_t.
(do_decryption): Ditto. Do not init RC.
(merge_lists): Change return type to gpg_error_t.
(agent_unprotect): Ditto.
(agent_get_shadow_info): Ditto.
--
While code starring for bug 3266 I found two glitches and also changed
var name for easier reading.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--
OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256. This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <[email protected]>
|
|
* common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter.
(ssh_get_fingerprint{,_string}): Likewise.
* common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes.
* common/t-ssh-utils.c (main): Adapt accordingly.
* agent/command-ssh.c (agent_raw_key_from_file): Likewise.
(ssh_identity_register): Likewise.
* agent/command.c (do_one_keyinfo): Likewise.
* agent/findkey.c (modify_description): Likewise.
--
This lays the foundation to support other algorithms.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <[email protected]>
|
|
--
In addition, fix trailing spaces in tests/inittests.
GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-pinentry.c (start_pinentry): Return RC.
* agent/command-ssh.c (ssh_handler_request_identities): Don't set ERR.
* agent/findkey.c (try_unprotect_cb): Return ERR.
(unprotect): Don't set RC.
* agent/gpg-agent.c (handle_connections): Don't set fd.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (oEnableExtendedKeyFormat): New const.
(opts): New option --enable-extended-key-format.
(parse_rereadable_options): Set option
* agent/findkey.c (write_extended_private_key): Add arg 'update'.
(agent_write_private_key): Implement new option.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/findkey.c (agent_delete_key): Add arg 'only_stubs'.
* agent/command.c (cmd_delete_key): Add option --stub-only.
--
This option can be used to savely remove stub keys.
|
|
* agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* agent/call-pinentry.c, agent/call-scd.c: Follow the change.
* agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
* agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
* agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
* agent/w32main.c: Ditto.
--
For openpty function, we need to include util.h on some OS.
We also have util.h in common/, so this change is needed.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/divert-scd.c (has_percent0A_suffix): New.
(getpin_cb): Prepend DESC_TEXT to the prompt.
* agent/findkey.c (modify_description): Rename to ...
(agent_modify_description): this. MAke global. Add kludge to remove
empty parentheses from the end.
(agent_key_from_file, agent_delete_key): Adjust for above change.
* agent/pksign.c (agent_pksign_do): Modify DESC_TEXT also when
diverting to a card.
--
Now that we have support for multiple tokens, it is important to show
information on which key has been requested. Without that it may
happen that the PIN for a wrong card is accidentally entered.
The texts are a bit ugly, because they talk about "passphrase" but
later about entering a PIN.
A quick hack would be to s/passphrase/PIN/ in the description but that
is complicated due to i18n. Another solution might be never to talk
about PINs in the description but always about "passphrase: and only
use "PIN" or "passphrase" on the left of the entry field.
|
|
--
This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
--
|
|
* agent/findkey.c (agent_write_private_key): Avoid label name error.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/findkey.c (agent_write_private_key): Recover from an error of
GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_write_shadow_key): New.
* agent/command-ssh.c (card_key_available): Use agent_write_shadow_key.
* agent/learncard.c (agent_handle_learn): Likewise.
* agent/command.c (cmd_readkey): Add --card option.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/name-value.c (struct name_value_container): Add field
'private_key_mode'.
(my_error): New. Use instead of gpg_error.
(nvc_new_private_key): New.
(nve_release): Add arg 'private_key_mode'.
(nvc_release): Call nve_release with private_key_mode flag.
(nvc_delete): Ditto.
(_nvc_add): Do no special case "Key:" in non-private_key_mode.
(nvc_get_private_key): Return error in non-private_key_mode.
(nvc_set_private_key): Ditto.
(nvc_parse): Factor all code out to ...
(do_nvc_parse): new. Add arg 'for_private_key'.
(nvc_parse_private_key): New.
* agent/findkey.c (write_extended_private_key): Replace nvc_parse by
nvc_parse_private_key.
(read_key_file): Ditto.
* common/t-name-value.c (private_key_mode): New variable.
(my_nvc_new): New. Replace all callers.
(test_key_extraction): Take mode in account.
(run_tests): Ditto.
(run_modification_tests): Ditto.
(parse): Ditto.
(main): Add option --parse and rename --parse to --parse-key.
--
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/name-value.c, common/name-value.h: Rename symbol prefixes
from "pkc_" to "nvc_" and from "pke_" to "nve_". Change all callers.
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/private-keys.c: Rename to name-value.c.
* common/private-keys.h: Rename to name-value.h. Chage all users.
* common/t-private-keys.c: Rename to t-name-value.c.
* common/Makefile.am: Adjust accordingly.
--
The module is cool enough to be used for other purposes as well. Thus
we better change the name.
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/homedir.c (the_gnupg_homedir): New var.
(gnupg_set_homedir): New.
(gnupg_homedir): New.
* g10/options.h (struct opt): Remove 'homedir' and replace all users
by the new accessor functions.
* g13/g13-common.h (struct opt): Ditto.
* scd/scdaemon.h (struct opt): Ditto.
* sm/gpgsm.h (struct opt): Ditto.
* dirmngr/dirmngr.h (struct opt): Ditto.
* agent/preset-passphrase.c (opt_homedir): Ditto.
* agent/protect-tool.c (opt_homedir): Ditto.
--
This will make detection of a non-default homedir easier.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/findkey.c (write_extended_private_key): New function.
(agent_write_private_key): Detect if an existing file is in extended
format and update the key within if it is.
(read_key_file): Handle the new format.
* agent/keyformat.txt: Document the new format.
* common/Makefile.am: Add the new files.
* common/private-keys.c: New file.
* common/private-keys.h: Likewise.
* common/t-private-keys.c: Likewise.
* common/util.h (alphap, alnump): New macros.
* tests/migrations: Add test demonstrating that we can cope with the
new format.
--
GnuPG 2.3+ will use a new format to store private keys that is both
more flexible and easier to read and edit by human beings. The new
format stores name,value-pairs using the common mail and http header
convention.
This patch adds the parser and support code and prepares GnuPG 2.1 for
the new format.
Signed-off-by: Justus Winter <[email protected]>
|
|
* agent/findkey.c (agent_delete_key): Remove the key when asked.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.
Signed-off-by: Justus Winter <[email protected]>
|
|
* agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t.
(start_pinentry, setup_qualitybar): Likewise.
(agent_askpin): Fix return value check of check_cb.
* agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t.
(ssh_identity_register): Fix return value check of agent_askpin.
* agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t.
* agent/findkey.c (try_unprotect_cb): Likewise.
* agent/genkey.c (reenter_compare_cb): Return gpg_error_t.
(agent_ask_new_passphrase): Fix return value check of agent_askpin.
|
|
* agent/agent.h (MAX_PASSPHRASE_LEN): Define.
* agent/command-ssh.c (ssh_identity_register): Use it instead of a
hard-coded literal.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
* agent/findkey.c (unprotect): Likewise.
* agent/genkey.c (agent_ask_new_passphrase): Likewise.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
GnuPG-bug-id: 2038
|
|
* agent/findkey.c (agent_delete_key): Add arg "force".
* agent/command.c (cmd_delete_key): Add option --force.
Signed-off-by: Werner Koch <[email protected]>
|
|
* po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
* common/i18n.c (i18n_localegettext): New stub.
* common/i18n.h: Expand the LunderscoreIMPL macro.
* agent/agent.h (L_): New.
(LunderscoreIMPL): New.
* agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
caller.
* agent/findkey.c (try_unprotect_cb): Add local var ctrl.
* agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
by xtrystrdup to avoid gcc warning. Unfortinately this changes the
string.
(agent_ask_new_passphrase): Cleanup the use of initial_errtext.
--
Static strings in gpg-agent need to be translated according to the
locale set by the caller. This is required so that a gpg-agent can be
started in one locale and a gpg can be run in another. If we don't do
this the static strings (prompt, buttons) are not or in the wrong
locale translated while dynamic strings (e.g. key description) uses
the locale of gpg.
This is only the first part of the change the actual local switching
still needs to be implemented.
Debian-bug-id: 788983
Signed-off-by: Werner Koch <[email protected]>
|
|
--
|
|
* agent/call-pinentry.c (agent_askpin): Add args keyinfo and
cache_mode. Change all callers to pass (NULL,0) for them. Send
SETKEYINFO command.
* agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for
the new args.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New.
* agent/command.c (do_one_keyinfo): Implement it.
* agent/findkey.c (agent_key_from_file): Ditto.
(agent_key_info_from_file): Ditto.
(agent_delete_key): Ditto.
* agent/protect.c (agent_private_key_type): Add detection for openpgp
"none" method.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize".
Make sure that R_FLAGS and R_CURVE are set to NULL.
--
Given that extract_private_key is not file local it is good to have some
extra asserts to protect against future wrong use.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/cvt-openpgp.c (extract_private_key): New.
(convert_to_openpgp): Use extract_private_key.
* agent/findkey.c (agent_public_key_from_file): Use
extract_private_key.
--
This patch add support of ECC key with a curve name and flags. Since
same functionality is also needed for convert_to_openpgp, it was
factored out into the extract_private_key function.
|
|
* agent/cache.c (last_stored_cache_key): New.
(agent_get_cache): Allow NULL for KEY.
(agent_store_cache_hit): New.
* agent/findkey.c (unprotect): Call new function and try to use the
last stored key.
* g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
make_keysig_packet.
(gen_standard_revoke): Add arg CACHE_NONCE and pass to
create_revocation.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
cache nonce.
--
This patch adds two features:
1. The key for the last passphrase successfully used for unprotecting
a key is stored away. On a cache miss the stored away passphrase is
tried as well. This helps for the common GPG use case of having a
signing and encryption (sub)key with the same passphrase. See the
code for more comments.
2. The now auto-generated revocation certificate does not anymore
popup a passphrase prompt. Thus for standard key generation the
passphrase needs to be given only once (well, two with the
confirmation).
|
|
* agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY.
* agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.
|
|
|
