| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* agent/findkey.c (agent_key_from_file): Take care of the case
where GRIP==CTRL->keygrip1.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use NULL for the
GRIP, it's for crypto operation where prompt is expected.
--
GnuPG-bug-id: 7648
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (read_key_file): Free BUF.
--
Fixes-commit: 434a641d40cbff82beb9f485e0adca72419bfdf2
Signed-off-by: Sorah Fukumori <[email protected]>
|
|
* agent/findkey.c (unprotect): Print a diagnostic if unprotection
failed.
--
GnuPG-bug-id: 6375
|
|
--
These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.
With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.
GnuPG-bug-id: 7116
|
|
* agent/agent.h (struct ephemeral_private_key_s): New.
(struct server_control_s): Add ephemeral_mode and ephemeral_keys.
(GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New.
* agent/genkey.c (clear_ephemeral_keys): New.
(store_key): Add arg ctrl and implement ephemeral_mode. Change all
callers.
(agent_genkey): Replace args no_protection and preset by a generic new
flags arg.
* agent/findkey.c (wipe_and_fclose): New.
(agent_write_private_key): Add arg ctrl and implement ephemeral_mode.
Change all callers.
(agent_update_private_key): Ditto
(read_key_file): Ditto.
(agent_key_available): Ditto.
* agent/command-ssh.c (card_key_available): Do not update display s/n
in ephemeral mode. This is however enver triggred.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral
keys.
* agent/command.c (cmd_genkey): Use the new flags instead of separate
vars.
(cmd_readkey): Create a shadow key only in non-ephemeral_mode.
(cmd_getinfo): Add sub-command "ephemeral".
(option_handler): Add option "ephemeral".
--
The idea here that a session can be switched in an ephemeral mode
which does not store or read keys from disk but keeps them local to
the session.
GnuPG-bug-id: 6944
|
|
* agent/findkey.c (read_key_file): Add optional arg r_orig_key_value
to return the old Key value. Change all callers.
(agent_write_private_key): Detect whether the Key entry was really
changed.
--
GnuPG-bug-id: 6829
|
|
* common/name-value.c (struct name_value_container): Add flag
"modified".
(nvc_modified): New.
(nvc_new): Set flag.
(_nvc_add): Set flag.
(nvc_delete): Set flag.
(nvc_set): Set flag unless value did not change.
(nve_set): Add arg PK. Change the caller.
* agent/findkey.c (agent_write_private_key): Update only if modified.
--
This helps software which uses a file system watcher to track changes
to private keys. In particular smartcard triggered changes are a
problem for such software because this may at worst trigger another
smartcard read.
GnuPG-bug-id: 6829
|
|
* agent/findkey.c (agent_write_private_key): Initialize FP.
--
Cherry-picked from master commit of:
a8618fdccdab228a8bbe3efeb87223a68fa57219
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_update_private_key): Check FNAME0.
--
Cherry-pick master commit of:
08e529fa7cfa8f55256337dd525fe8724c78cd92
Fixes-commit: a216e9c028ee389c4bf0250b822d567ffe9ad85e
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_update_private_key): Check FNAME0.
--
Fixes-commit: a216e9c028ee389c4bf0250b822d567ffe9ad85e
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_write_private_key): Initialize FP.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_write_private_key): Partly rewrite to align
with 2.2 code and to make sure that we don't overwrite a real key.
(is_shadowed_key): New.
--
This change is now also needed in 2.4 due to the the former change
"Create and use Token entries to track the display s/n".
GnuPG-bug-id: 6386
|
|
* agent/findkey.c (fname_from_keygrip): New.
(agent_write_private_key): Use here. Use temp file for updating.
(agent_update_private_key): Use fname_from_keygrip and use gnupg
rename function instead of a vanilla rename.
|
|
* agent/findkey.c (agent_write_private_key): Add arg dispserialno and
update the token.
(agent_write_shadow_key): Add arg dispserialno and adjust all callers.
--
GnuPG-bug-id: 6135
Note that this has been forward ported from 2.2
|
|
* agent/findkey.c (agent_write_private_key): Partly rewrite to align
with 2.2 code and to make sure that we don't overwrite a real key.
(is_shadowed_key): New.
--
This change is now also needed in 2.4 due to the the former change
"Create and use Token entries to track the display s/n".
GnuPG-bug-id: 6386
|
|
* agent/findkey.c (fname_from_keygrip): New.
(agent_write_private_key): Use here. Use temp file for updating.
(agent_update_private_key): Use fname_from_keygrip and use gnupg
rename function instead of a vanilla rename.
|
|
* agent/findkey.c (agent_write_private_key): Add arg dispserialno and
update the token.
(agent_write_shadow_key): Add arg dispserialno and adjust all callers.
--
GnuPG-bug-id: 6135
Note that this has been forward ported from 2.2
|
|
* agent/agent.h (opt): Remove enable_extended_key_format.
* agent/gpg-agent.c (enum cmd_and_opt_values): Turn
oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy
options.
* agent/protect.c (do_encryption): Remove arg use_ocb and
corresponding code.
(agent_protect): Ditto. Change all callers.
* agent/findkey.c (agent_write_private_key): Simplify due to the
removal of disable-extended-key-format.
(write_extended_private_key): Fold into agent_write_private_key.
--
This change is related to
GnuPG-bug-id: 6386
but should have no visible effect except for the removal of
option --disable-extended-key-format.
|
|
* agent/findkey.c (agent_key_from_file): Check the error of
read_key_file again.
* agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was
found. Also remove useless condition.
--
The first patch fixes a likely merge error. The second is about the
actual return code: If we have no smardcard but simply try to decrypt
with the current smartcard we should return the originla error code.
GnuPG-bug-id: 5170
Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
|
|
* agent/findkey.c (public_key_from_file): Add arg r_sshorder.
(agent_ssh_key_from_file): Ditto.
* agent/command-ssh.c (struct key_collection_item_s): New.
(struct key_collection_s): New.
(search_control_file): Add art r_lnr.
(add_to_key_array): New.
(free_key_array): New.
(compare_key_collection_items): New.
(ssh_send_available_keys): Rewrite to return the keys in the user
given order.
--
GnuPG-bug-id: 6212
We now first return the keys from active cards, followed by keys
listed in sshcontrol, finally from those with the "Use-for-ssh" key
attribute. Keys from active cards are returned sorted by their S/N.
Keys from sshcontrol are returned in the order they are given in that
file. Use-for-ssh keys are ordered by the value assigned to that key
attribute. The values for the latter are clamped at 99999.
|
|
--
|
|
* agent/command.c (do_one_keyinfo): New arg need_Attr.
(cmd_keyinfo): New option --need-attr.
* agent/findkey.c (public_key_from_file): Use nvc_get_boolean.
--
This option makes it easier to list keys suitable only for certain
purposes.
The second patch makes if compliant to the description in
keyformat.txt
|
|
* agent/command-ssh.c: Fix comments.
* agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check.
--
GnuPG-bug-id: 5996
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (write_extended_private_key): Make sure
it is flushed out.
--
GnuPG-bug-id: 6035
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (agent_raw_key_from_file): Add R_KEYMETA argument.
(agent_update_private_key): New.
* agent/command-ssh.c (data_sign): Follow the change of the function
agent_raw_key_from_file.
* agent/command.c (do_one_keyinfo): Likewise.
(cmd_keyattr): New.
(register_commands): Add an entry of cmd_keyattr.
* agent/findkey.c (agent_update_private_key): New.
(agent_raw_key_from_file): Add R_KEYMETA argument.
--
GnuPG-bug-id: 5988
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (prompt_for_card): Don't print "(null").
|
|
* agent/findkey.c (prompt_for_card): Add "Prompt" field handling.
--
GnuPG-bug-id: 5987
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (public_key_from_file): Support "Use-for-ssh"
when it's in extended format.
--
GnuPG-bug-id: 5985
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (agent_ssh_key_from_file): New.
* agent/command-ssh.c (get_ssh_keyinfo_on_cards): New.
(ssh_send_available_keys): Loop on the GNUPG_PRIVATE_KEYS_DIR.
Support keys by agent_ssh_key_from_file.
(ssh_handler_request_identities): Move card key handling to
ssh_send_available_keys.
* agent/findkey.c (public_key_from_file): New. Adding handling
for SSH.
(agent_public_key_from_file): Use public_key_from_file.
(agent_ssh_key_from_file): New.
--
GnuPG-bug-id: 5996
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (prompt_for_card): Use "Label:" field.
(agent_key_from_file): Use KEYMETA.
--
GnuPG-bug-id: 5986
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API.
(divert_pksign, divert_pkdecrypt): Likewise.
* agent/divert-scd.c (ask_for_card): Remove.
(divert_pksign, divert_pkdecrypt): Don't call ask_for_card.
* agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt):
Remove DESC_TEXT argument.
* agent/findkey.c (prompt_for_card): New (was: ask_for_card).
(agent_key_from_file): Call prompt_for_card when it's a key
on card.
* agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API.
* agent/pksign.c (agent_pksign_do): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_key_from_file): Support "Confirm:".
--
GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_key_from_file): Change the semantics of
GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH.
* agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL.
* agent/pksign.c (agent_pksign_do): Likewise.
--
GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (agent_key_from_file): Change the declaration.
* agent/findkey.c (agent_key_from_file): Return timestamp.
* agent/pkdecrypt.c (agent_pkdecrypt): Follow the change.
* agent/pksign.c (agent_pkdecrypt): Likewise.
* agent/command.c (cmd_passwd, cmd_export_key): Likewise.
(cmd_keytocard): Use timestamp in private key file in "Created:".
--
GnuPG-bug-id: 5538
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (unprotect): Use gnupg_sleep.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/crlfetch.c (handle_connections): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* tpm2d/tpm3daemon.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* scd/command.c (cmd_lock): Likewise.
* dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise.
(ldap_wrapper_wait_connections): Use gnupg_usleep.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_public_key_from_file): Use a membuf instead
of handcounting space.
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/sysutils.c (gnupg_access): New. Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--
Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.
This is required to correctly handle non-ascii filenames on Windows.
GnuPG-bug-id: 5098
|
|
--
|
|
* agent/command.c (cmd_genkey): Add option --timestamp.
(cmd_import_key): Ditto.
* agent/genkey.c (store_key): Add arg timestamp and change callers.
(agent_genkey): Ditto.
* agent/findkey.c (write_extended_private_key): Add args timestamp and
new key to write a Created line.
(agent_write_private_key): Add arg timestamp.
(agent_write_shadow_key): Ditto.
agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
For TPM support it is necessary to indroduce another type of shadow
key, so allow other agent functions to extract the type so they can
make the right decisions based on it.
Signed-off-by: James Bottomley <[email protected]>
Minor editorial changes by wk
|
|
* agent/findkey.c (key_parms_from_sexp, is_eddsa): Remove.
(agent_pk_get_algo): Remove.
* agent/pksign.c (agent_pksign_do): Use get_pk_algo_from_key.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (agent_is_dsa_key, agent_is_eddsa_key): Remove.
(agent_pk_get_algo): New.
* agent/findkey.c (agent_pk_get_algo): New.
* agent/pksign.c (do_encode_dsa): Use generic GCRY_PK_ECC.
(agent_pksign_do): Use agent_pk_get_algo.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_is_eddsa_key): Remove dead case.
--
There is no possibility the call of key_parms_from_sexp returns
"eddsa".
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/Makefile.am: Add sexp-secret.c.
* agent/agent.h: New function declarations.
* agent/sexp-secret.c: New.
* agent/findkey.c (agent_key_from_file): Use sexp_sscan_private_key.
* agent/protect-tool.c (read_and_unprotect): Fix up private part,
calling fixup_when_ecc_private_key.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* agent/call-scd.c (agent_card_serialno): Allow NULL for R_SERIAL.
(struct readkey_status_parm_s): New.
(readkey_status_cb): New.
(agent_card_readkey): Add optional arg R_KEYREF and change all
callers.
* agent/findkey.c (key_parms_from_sexp): Allow also a "public-key".
* agent/divert-scd.c (ask_for_card): Allow for SHADOW_INFO being NULL.
* agent/pksign.c (agent_pksign_do): Fallback to sign with an on-card
if there is no stub key yet. Create the stub key. Also fixed a
misnaming between s_pkey and s_skey.
--
This change allows to create OpenPGP keys directly from a card without
first making sure that a stub key exists. It is also the less
surprising behaviour.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
|
|
* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
gcry_sexp_build_array's %b.
--
This is only a problem on big-endian systems where size_t is not the
same size as an int. It was causing failures on debian's s390x,
powerpc64, and sparc64 platforms.
There may well be other failures with %b on those platforms in the
codebase, and it probably needs an audit.
Once you have a key in private-keys-v1.d/$KEYGRIP.key with a comment
or a uri of reasonable length associated with it, this fix can be
tested with:
gpg-agent --server <<<"READKEY $KEYGRIP"
On the failing platforms, the printed comment will be of length 0.
Gnupg-bug-id: 4501
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* agent/findkey.c (has_comment_expando): New.
(agent_key_from_file): Modify DESC_TEXT.
--
A Label entry in the keyfile is always set manually and thus we can
assume that the user wants to have this label in the prompt. In case
the prompt template does not demand a comment this patch appends a
comment to thhe template. This is a common case for on-disk keys used
by gpg.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/findkey.c (linefeed_to_percent0A): New.
(read_key_file): Add optional arg 'keymeta' and change all callers.
(agent_key_from_file): Prefer "Label:" over the comment for protected
keys.
--
If in the extended key format an item
Label: This is my key
is found, "This is my key" will be displayed instead of the comment
intially recorded in the s-expression. This is pretty useful for the
ssh keys because often there is only the original file name recorded
in the comment.
If no Label is found or it is empty the S-expression comment is used.
To show more than one line, the standard name-value syntax can be
used, for example:
Label: The Ssh key
<blank line>
<space>I registered on fencepost.
Signed-off-by: Werner Koch <[email protected]>
|
