aboutsummaryrefslogtreecommitdiffstats
path: root/agent (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix computation of PQC KEM.NIIBE Yutaka2024-03-201-15/+19
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix cmd_sigkey and agent_hybrid_kem_decap.NIIBE Yutaka2024-03-192-4/+2
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix since AES KeyWrap is always with AES256 for hybrid KEM.NIIBE Yutaka2024-03-071-7/+8
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Experiment with hybrid KEM.NIIBE Yutaka2024-03-071-3/+304
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: PKDECRYPT KEM-mode can be used by CMS too.NIIBE Yutaka2024-03-043-12/+25
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add --another option for hybrid crypto.NIIBE Yutaka2024-03-012-4/+15
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Experiment to use KEM interface for Curve25519 ECDH.NIIBE Yutaka2024-01-263-7/+192
| | | | | | Works now with hard-coded, but not checked things. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,kbx: Fix reliable_homedir_inotify (2/2).NIIBE Yutaka2023-12-261-7/+7
| | | | | | | | | | | | * agent/gpg-agent.c (main): The value of reliable_homedir_inotify doesn't not related to nodetach, and it's only zero in the specific condition. * kbx/keyboxd.c (handle_connections): Remove the last argument. (main): Remove reliable_homedir_inotify, as it's always one. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,kbx: Fix reliable_homedir_inotify (1/2).NIIBE Yutaka2023-12-261-13/+14
| | | | | | | | | | | | | | | * agent/gpg-agent.c (reliable_homedir_inotify): Remove the global. (handle_connections): Add reliable_homedir_inotify as an arg. Don't call gnupg_inotify_watch_delete_self when it's not reliable. (check_others_thread): No check of reliable_homedir_inotify repeatedly in the loop. * kbx/keyboxd.c (reliable_homedir_inotify): Remove the global. (handle_connections): Add reliable_homedir_inotify as an arg. (handle_tick): No check of reliable_homedir_inotify in the loop. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Merge branch 'STABLE-BRANCH-2-4'Werner Koch2023-12-221-13/+62
|\ | | | | | | | | | | | | | | | | | | -- Fixed conflicts in NEWS g10/encrypt.c sm/encrypt.c sm/sign.c
| * agent: Update the key file only if changed (slight return).Werner Koch2023-11-211-12/+52
| | | | | | | | | | | | | | | | | | | | * agent/findkey.c (read_key_file): Add optional arg r_orig_key_value to return the old Key value. Change all callers. (agent_write_private_key): Detect whether the Key entry was really changed. -- GnuPG-bug-id: 6829
| * agent: Update the key file only if not changed.Werner Koch2023-11-211-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/name-value.c (struct name_value_container): Add flag "modified". (nvc_modified): New. (nvc_new): Set flag. (_nvc_add): Set flag. (nvc_delete): Set flag. (nvc_set): Set flag unless value did not change. (nve_set): Add arg PK. Change the caller. * agent/findkey.c (agent_write_private_key): Update only if modified. -- This helps software which uses a file system watcher to track changes to private keys. In particular smartcard triggered changes are a problem for such software because this may at worst trigger another smartcard read. GnuPG-bug-id: 6829
* | agent: Fix homedir check wrt --disable-check-own-socket option.NIIBE Yutaka2023-12-201-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (handle_connections): Don't disable use of inotify when it has the --disable-check-own-socket option. -- Before the fix, it checks the homedir using the gnupg_stat function when --disable-check-own-socket is enabled, without trying use of inotify. Signed-off-by: NIIBE Yutaka <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-4'Werner Koch2023-11-071-6/+9
|\| | | | | | | | | | | | | * common/b64dec.c (b64decode): Move to ... * common/miscellaneous.c: here. * common/t-b64.c: Re-inroduce and keep only the b64decode test code.
| * scd:openpgp: Return better error codes for the Reset Code.Werner Koch2023-10-061-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where appropriate. * common/util.h: Add error codes missing in gpgrt 1.46. * agent/call-pinentry.c (unlock_pinentry): Handle GPG_ERR_BAD_RESET_CODE. (agent_askpin): Ditlo. Also simply condition. (agent_get_passphrase): Ditto. * g10/call-agent.c (status_sc_op_failure): Handle GPG_ERR_BAD_RESET_CODE. * g10/card-util.c (write_sc_op_status): Ditto. * tools/card-call-scd.c (status_sc_op_failure): Ditto.
| * agent: fix tpm2d keytotpm handlingNIIBE Yutaka2023-10-061-5/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Call agent_delete_key before agent_write_private_key. Recover from an error. -- Cherry-picked from master commit of: eda3997b439e415f1bebaa3be20c8bdb43d3a1d0 Fixes-commit: a1015bf2fc07dabb1200eab5fa41f13e7bf98202 Signed-off-by: James Bottomley <[email protected]>
| * agent: Initialize FP for the case of error return.NIIBE Yutaka2023-10-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Initialize FP. -- Cherry-picked from master commit of: a8618fdccdab228a8bbe3efeb87223a68fa57219 Signed-off-by: NIIBE Yutaka <[email protected]>
| * agent: Fix agent_update_private_key.NIIBE Yutaka2023-10-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (agent_update_private_key): Check FNAME0. -- Cherry-pick master commit of: 08e529fa7cfa8f55256337dd525fe8724c78cd92 Fixes-commit: a216e9c028ee389c4bf0250b822d567ffe9ad85e Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Fix agent_update_private_key.NIIBE Yutaka2023-10-041-1/+1
| | | | | | | | | | | | | | | | | | * agent/findkey.c (agent_update_private_key): Check FNAME0. -- Fixes-commit: a216e9c028ee389c4bf0250b822d567ffe9ad85e Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: fix tpm2d keytotpm handlingNIIBE Yutaka2023-09-281-5/+28
| | | | | | | | | | | | | | | | | | | | | | * agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Call agent_delete_key before agent_write_private_key. Recover from an error. -- Fixes-commit: a1015bf2fc07dabb1200eab5fa41f13e7bf98202 Signed-off-by: James Bottomley <[email protected]>
* | agent,common,gpg: Use unsigned int for 1-bit field.NIIBE Yutaka2023-09-261-7/+7
| | | | | | | | | | | | | | | | | | | | * agent/trustlist.c (struct trustitem_s): Use unsigned int. * common/audit.c (struct log_item_s): Likewise. * g10/packet.h (struct seckey_info): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Initialize FP for the case of error return.NIIBE Yutaka2023-09-261-1/+1
| | | | | | | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Initialize FP. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Fix timer round-up check when inserting an entry into cache.NIIBE Yutaka2023-09-041-1/+1
| | | | | | | | | | | | | | | | * agent/cache.c (insert_to_timer_list): Round up when >= a half second. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Fix sock_inotify_fd handling.NIIBE Yutaka2023-09-041-2/+5
| | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (handle_connections): Also check SOCK_INOTIFY_FD when spawning check_onw_socket_thread. When removal of the socket is detected, do same as AGENT_PROBLEM_SOCKET_TAKEOVER. -- GnuPG-bug-id: 6692 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Fix timer list management.NIIBE Yutaka2023-09-011-2/+6
| | | | | | | | | | | | | | | | | | * agent/cache.c (insert_to_timer_list): Update TV_SEC of the top entry when inserted. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Fix the previous commit.NIIBE Yutaka2023-09-011-3/+0
| | | | | | | | | | | | | | | | | | * agent/cache.c (remove_from_timer_list_new): Fix cut&paste error. TV_SEC field should not be touched. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Introduce management of timer to expire cache entries.NIIBE Yutaka2023-08-311-84/+284
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/cache.c (struct timer_s): New. (struct cache_item_s): Add a member filed T for timer. (the_timer_list, the_timer_list_new): New. (insert_to_timer_list_new, insert_to_timer_list): New. (remove_from_timer_list, remove_from_timer_list_new): New. (housekeeping): Remove. (compute_expiration, update_expiration): New. (do_expire): New. (TIMERTICK_INTERVAL): Remove. (agent_cache_expiration): Use timer list to manage the expiration of cache entries. (agent_flush_cache): Call update_expiration when needed. (agent_put_cache): Don't call housekeeping any more, but update_expiration for an entry in question. (agent_get_cache): Likewise. -- GnuPG-bug-id: 6681 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Better interaction between main loop and cache expiration.NIIBE Yutaka2023-08-303-47/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (agent_cache_housekeeping): Remove. (agent_cache_expiration): New. * agent/cache.c (agent_cache_housekeeping): Remove. (agent_cache_expiration): New. * agent/gpg-agent.c (TIMERTICK_INTERVAL): Remove. (handle_tick): Remove. (handle_connections): Call agent_cache_expiration and use the timeout value determined by the call. -- GnuPG-bug-id: 6681 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Have a thread monitoring parent PID and homedir.NIIBE Yutaka2023-08-301-39/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (CHECK_PROBLEMS_INTERVAL): New. (socket_takeover_detected): Remove. (problem_detected): New. (handle_tick): Don't check parent PID and homedir in this function. (handle_connections): Spawn check_others_thread when needed. Handle AGENT_PROBLEM_PARENT_HAS_GONE and AGENT_PROBLEM_HOMEDIR_REMOVED. (check_own_socket_thread): Check SHUTDOWN_PENDING variable in the loop. Use PROBLEM_DETECTED variable. (check_others_thread): New. -- GnuPG-bug-id: 6693 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Recover support CHECK_OWN_SOCKET_INTERVAL == 0.NIIBE Yutaka2023-08-301-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (handle_connections): Only spawn the thread when CHECK_OWN_SOCKET_INTERVAL > 0. [CHECK_OWN_SOCKET_INTERVAL == 0] (check_own_socket_pid_cb) (do_check_own_socket, check_own_socket_thread): Ifdef out. -- GnuPG-bug-id: 6692 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Fix the handling of socket takeover.NIIBE Yutaka2023-08-301-9/+11
| | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (handle_connections): Check the takeover when interrupted. (check_own_socket_thread): Kick the loop when detected. -- GnuPG-bug-id: 6692 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Use a thread to monitor socket takeover.NIIBE Yutaka2023-08-301-62/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (check_own_socket_running): Remove. (socket_takeover_detected): New. (check_own_socket): Remove. (handle_tick): Don't call check_own_socket any more. (handle_connections): Start off the check_own_socket_thread. Check socket_takeover_detected to handle the event. (do_check_own_socket): New, factoring out the task. (check_own_socket_thread): Loop with the interval. -- GnuPG-bug-id: 6692 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Add agent_kick_the_loop function.NIIBE Yutaka2023-08-242-34/+117
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (agent_kick_the_loop): New. * agent/gpg-agent.c [HAVE_W32_SYSTEM] (the_event2): New. [HAVE_PSELECT_NO_EINTR] (event_pipe_fd): New. [!HAVE_PSELECT_NO_EINTR] (main_thread_pid): New. (create_an_event): New, factored out. (get_agent_daemon_notify_event): Use create_an_event. (handle_signal): Add a case for SIGCONT. (agent_kick_the_loop): New. (handle_connections): Call pselect possibly with the pipe. Call eselect with THE_EVENT2. -- GnuPG-bug-id: 6682 Signed-off-by: NIIBE Yutaka <[email protected]>
* | gpg,agent,kbx,sm,scd,tpm2d,g13: Use assuan_control.NIIBE Yutaka2023-08-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (thread_init_once): Call assuan_control. * g10/gpg.c (main): Likewise. * g13/g13.c (main): Likewise. * kbx/keyboxd.c (thread_init_once): Likewise. * scd/scdaemon.c (main): Likewise. * sm/gpgsm.c (main): Likewise. * tpm2d/tpm2daemon.c (main): Likewise. -- GnuPG-bug-id: 6606 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Use new libassuan API for pipe server process.NIIBE Yutaka2023-08-032-78/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/call-daemon.c (struct wait_child_thread_parm_s): Remove PID field. (wait_child_thread): Don't touch the internals but call assuan_pipe_wait_server_termination. (daemon_start): Don't use PID. (agent_daemon_dump_state): Don't use PID. * agent/call-pinentry.c (watch_sock): Call assuan_pipe_kill_server. (agent_popup_message_stop): Likewise. -- GnuPG-bug-id: 6487 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent,dirmgr,gpg,g13,kbx,scd,sm,tmp2d: Remove ASSUAN_SYSTEM_NPTH.NIIBE Yutaka2023-08-031-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove. (initialize_modules): Don't call assuan_set_system_hooks. (main): Don't call assuan_sock_set_system_hooks. * dirmngr/dirmngr.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove. (thread_init): Don't call assuan_set_system_hooks. * g10/gpg.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove. (main): Don't call assuan_set_system_hooks. * g13/g13.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove. (main): Set the syscall clamp with gpgrt_set_syscall_clamp. Don't call assuan_set_system_hooks. * kbx/keyboxd.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove. (initialize_modules): Don't call assuan_set_system_hooks. (main): Don't call assuan_sock_set_system_hooks. * scd/scdaemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove. (main): Don't call assuan_set_system_hooks. * sm/gpgsm.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove. (main): Don't call assuan_set_system_hooks. * tpm2d/tpm2daemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove. (main): Don't call assuan_set_system_hooks. -- GnuPG-bug-id: 6606 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent,dirmngr,kbx,scdaemon: Use assuan_sock_accept.NIIBE Yutaka2023-08-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (handle_connections): Use assuan_sock_accept. * dirmngr/dirmngr.c (handle_connections): Ditto. * kbx/keyboxd.c (handle_connections): Ditto. * scd/scdaemon.c (handle_connections): Ditto. * tpm2d/tpm2daemon.c (handle_connections): Ditto. -- GnuPG-bug-id: 6599 Signed-off-by: NIIBE Yutaka <[email protected]>
* | commond: Introduce FD2NUM to express conversion to number of fds.NIIBE Yutaka2023-07-182-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/sysutils.h (FD2NUM): New. * agent/call-pinentry.c (watch_sock): Use FD2NUM. * agent/gpg-agent.c (handle_connections): Likewise. * dirmngr/dirmngr.c (handle_connections): Likewise. * dirmngr/http.c (connect_with_timeout): Likewise. * kbx/keyboxd.c (handle_connections): Likewise. * scd/scdaemon.c (handle_connections): Likewise. * tpm2d/tpm2daemon.c (handle_connections): Likewise. -- GnuPG-bug-id: 6598 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent,build,w32: Fix use of SOCKET.NIIBE Yutaka2023-07-181-0/+4
| | | | | | | | | | | | | | | | | | | | | | * configure.ac (HAVE_SOCKET): Detect SOCKET type. * agent/command-ssh.c [HAVE_SOCKET] (start_command_handler_ssh): Use SOCKET to cast. -- GnuPG-bug-id: 6508 Signed-off-by: NIIBE Yutaka <[email protected]>
* | common: Introduce FD_DBG to display gnupg_fd_t value.NIIBE Yutaka2023-07-181-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/sysutils.h (FD_DBG): New. * agent/gpg-agent.c (check_nonce): Use FD_DBG. (do_start_connection_thread, start_connection_thread_ssh): Likewise. * common/iobuf.c (fd_cache_close, file_filter, do_open): Likewise. (do_iobuf_fdopen): Likewise. * dirmngr/dirmngr.c (check_nonce, start_connection_thread) (handle_connections): Likewise. * dirmngr/http.c (_my_socket_new, _my_socket_ref): Likewise. (_my_socket_unref): Likewise. * g10/decrypt.c (decrypt_message_fd): Likewise. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/openfile.c (open_outfile): Likewise. * g10/plaintext.c (get_output_file, hash_datafile_by_fd): Likewise. * g10/verify.c (gpg_verify): Likewise. * kbx/keyboxd.c (check_nonce, do_start_connection_thread): Likewise. * scd/scdaemon.c (start_connection_thread): Likewise. (handle_connections): Likewise. * sm/gpgsm.c (open_es_fread, open_es_fwrite): Likewise. * tpm2d/tpm2daemon.c (start_connection_thread): Likewise. (handle_connections): Likewise. -- GnuPG-bug-id: 6597 Signed-off-by: NIIBE Yutaka <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-4' into masterWerner Koch2023-07-041-2/+2
|\|
| * agent: Do not overwrite a key file by a shadow key file.Werner Koch2023-05-261-90/+64
| | | | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Partly rewrite to align with 2.2 code and to make sure that we don't overwrite a real key. (is_shadowed_key): New. -- This change is now also needed in 2.4 due to the the former change "Create and use Token entries to track the display s/n". GnuPG-bug-id: 6386
| * agent: Update key files by first writing to a temp file.Werner Koch2023-05-261-66/+97
| | | | | | | | | | | | | | * agent/findkey.c (fname_from_keygrip): New. (agent_write_private_key): Use here. Use temp file for updating. (agent_update_private_key): Use fname_from_keygrip and use gnupg rename function instead of a vanilla rename.
| * agent: Create and use Token entries to track the display s/n.Werner Koch2023-05-2610-29/+102
| | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Add arg dispserialno and update the token. (agent_write_shadow_key): Add arg dispserialno and adjust all callers. -- GnuPG-bug-id: 6135 Note that this has been forward ported from 2.2
| * agent,w32: Fix resource leak for a process.NIIBE Yutaka2023-05-251-2/+2
| | | | | | | | | | | | | | * agent/call-daemon.c (wait_child_thread): Call assuan_set_flag only for !HAVE_W32_SYSTEM. Signed-off-by: NIIBE Yutaka <[email protected]>
| * w32: Add missing supportedOS Ids for Windows-10Werner Koch2023-05-241-0/+1
| | | | | | | | --
| * w32: Add missing manifests and set a requestedExecutionLevel.Werner Koch2023-05-243-2/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.w32-manifest.in: New. * dirmngr/dirmngr-client-w32info.rc: New. * dirmngr/dirmngr-client.w32-manifest.in: New. * dirmngr/dirmngr-w32info.rc: New. * dirmngr/dirmngr.w32-manifest.in: New. * dirmngr/dirmngr_ldap-w32info.rc: New. * dirmngr/dirmngr_ldap.w32-manifest.in: New. * g10/gpgv-w32info.rc: New. * g10/gpgv.w32-manifest.in: New. * kbx/keyboxd.w32-manifest.in: New. * scd/scdaemon.w32-manifest.in: New. * sm/gpgsm.w32-manifest.in: New. -- This avoids the use of the VirtualStore uner Windows. GnuPG-bug-id: 6503
* | agent: Fix formatting thread ID of nPth.NIIBE Yutaka2023-07-031-2/+3
| | | | | | | | | | | | | | | | | | | | * agent/call-pinentry.c (agent_query_dump_state): Use %lx to format thread ID. -- Fixes-commit: ba6f8b3d9ec83b35c4f3839853567491fee2f99c Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Fix cast mistake for Windows.NIIBE Yutaka2023-06-261-2/+2
| | | | | | | | | | | | | | | | | | | | * agent/call-daemon.c [HAVE_W32_SYSTEM] (daemon_start): Use %p for the format with a pointer. -- GnuPG-bug-id: 6508 Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Do not overwrite a key file by a shadow key file.Werner Koch2023-05-261-90/+64
| | | | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Partly rewrite to align with 2.2 code and to make sure that we don't overwrite a real key. (is_shadowed_key): New. -- This change is now also needed in 2.4 due to the the former change "Create and use Token entries to track the display s/n". GnuPG-bug-id: 6386