aboutsummaryrefslogtreecommitdiffstats
path: root/doc/DETAILS (unfollow)
Commit message (Collapse)AuthorFilesLines
2011-12-07gpgsm: Add new validation model "steed".Werner Koch1-0/+5
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New. * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed". * sm/server.c (option_handler): Allow validation model "steed". * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New. * sm/certchain.c (do_validate_chain): Handle the well-known-private-key attribute. Support the "steed" model. (gpgsm_validate_chain): Ditto. * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line. * sm/keylist.c (list_cert_colon): Print the new 'w' flag. -- This is the first part of changes to implement the STEED proposal as described at http://g10code.com/steed.html . The idea for X.509 is not to use plain self-signed certificates but certificates signed by a dummy CA (i.e. one for which the private key is known). Having a single CA as an indication for the use of STEED might help other X.509 implementations to implement STEED.
2011-12-06gpgsm: Allow arbitrary extensions for cert creation.Werner Koch1-0/+1
* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New. (read_parameters): Add new keywords. (proc_parameters): Check values of new keywords. (create_request): Add SubjectKeyId and extensions. (parse_parameter_usage): Support "cert" and the encrypt alias "encr".
2011-03-01Move parameter file description to the manual.Werner Koch1-189/+2
2011-03-01Support X.509 certificate creation.Werner Koch1-1/+4
Using "gpgsm --genkey" allows the creation of a self-signed certificate via a new prompt. Using "gpgsm --genkey --batch" should allow the creation of arbitrary certificates controlled by a parameter file. An example parameter file is Key-Type: RSA Key-Length: 1024 Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA Key-Usage: sign, encrypt Serial: random Name-DN: CN=some test key Name-Email: [email protected] Name-Email: [email protected] Hash-Algo: SHA384 not-after: 2038-01-16 12:44 This creates a self-signed X.509 certificate using the key given by the keygrip and using SHA-384 as hash algorithm. The keyword signing-key can be used to sign the certificate with a different key. See sm/certreggen.c for details.
2011-02-04Removed deprecated SIGEXPIRED status line.Werner Koch1-5/+10
2011-02-03Add a DECRYPTION_INFO status.Werner Koch1-33/+37
DECRYPTION_INFO <mdc_method> <sym_algo> Print information about the symmetric encryption algorithm and the MDC method. This will be emitted even if the decryption fails.
2010-11-17Smartcard related updatesWerner Koch1-1/+2
2010-10-18doc fixWerner Koch1-1/+2
2010-10-14All tests work are again workingWerner Koch1-0/+13
2010-10-01Exporting secret keys via gpg-agent is now basically supported.Werner Koch1-1/+2
A couple of forward ported changes. Doc updates.
2010-04-21More changes on the way to remove secring.gpg.Werner Koch1-1/+1
2010-03-15Finished the bulk of changes to use estream in most places instead ofWerner Koch1-0/+6
stdio.
2010-01-08Add dummu option --passwd for gpg.Werner Koch1-1/+3
Collected changes.
2009-12-17Implement --faked-systrem-time for gpg.Werner Koch1-6/+7
Typo and comment fixes.
2009-12-07Use ADNS for PKA and SRV records if no other resolver is available.Werner Koch1-1/+1
2009-12-04allow for default algorithms in a gpg parameter fileWerner Koch1-9/+32
2009-10-28[scd] Memory leak fix.Werner Koch1-0/+6
[g13] Send MOUNTPOINT status line
2009-08-06Improved detection of bad/invalid signer keys.Werner Koch1-6/+14
2009-07-23Print status of CRL checks in the audit log.Werner Koch1-3/+3
2009-07-13[g10]Werner Koch1-0/+1
* exec.c: Fix function name indentation. (expand_args): Simplify by using membuf functions. (exec_write): Fix memory leak on error. (w32_system): Use DETACHED_PROCESS so that a new console is not created.
2009-07-09Support writing of existing keys with non-matching key sizes.Werner Koch1-2/+3
2009-06-29Make soem omnikey readers work with extended length APDUs.Werner Koch1-1/+6
2009-03-25Print NO_SECKEY status line in gpgsm.Werner Koch1-6/+6
This fixes bug#1020.
2009-03-20Fix keygrip computation for TCOS 3 cards.Werner Koch1-1/+2
Emit PROGRESS status lines during --learn-card.
2008-12-08Cleanups. Fixes bug 956.Werner Koch1-156/+59
2008-08-28Add a warning nite to --throw-keyds.Werner Koch1-2/+2
2008-08-13Print a 'f' for validated non-root certificates in gpgsm colon style listing.Werner Koch1-1/+5
Doc fixes.
2008-08-11Cehck for expire date overflows.Werner Koch1-4/+10
2008-07-17Do not run the setuid test if running under as root proper.Werner Koch1-1/+5
Documentation fixes. Some enhancements for the new OpenPGP Card.
2008-06-16Add controlo statement %ask-passphraseWerner Koch1-0/+10
2008-06-13Clarify descrition for field 10.Werner Koch1-1/+1
2008-06-11Made --fixed-list-mode obsolete.Werner Koch1-2/+2
2008-05-09Updated German translation.Werner Koch1-1/+1
Fix in gpgconf for W32.
2008-01-30W32 fix for trustdb creation.Werner Koch1-2/+2
2007-11-19Document --auto-issuer-key-retrieve.Werner Koch1-0/+1
2007-08-10Implemented the chain model for X.509 validation.Werner Koch1-11/+20
2007-07-05Fixed card key generation of gpg2.Werner Koch1-0/+7
Reveal less information about timings while generating a key.
2007-02-26Add new SVN only file README.maintWerner Koch1-6/+6
doc/ * gpg.texi (GPG Configuration): Document envvar LANGUAGE. (GPG Configuration Options): Document show-primary-uid-only. g10/ * gpg.c (main): Add verify option show-primary-uid-only. * options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New. * mainproc.c (check_sig_and_print): Implement it. * encr-data.c (decrypt_data): Correctly test for unknown algorithm. * import.c (check_prefs): Ditto. * keyedit.c (show_prefs): Ditto. * mainproc.c (proc_symkey_enc): Ditto.
2007-01-30Added LIBINTL to more Makefile targets.Werner Koch1-1/+1
doc/ * com-certs.pem: Added the current root certifcates of D-Trust and S-Trust. g10/ * status.c (write_status_begin_signing): New. * sign.c (sign_file, sign_symencrypt_file): Call it. * textfilter.c (copy_clearsig_text): Call it. * call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if required. * gpg.c (main): Let --no-use-agent and --gpg-agent-info print a warning. * misc.c (obsolete_option): New.
2006-11-14sm/Werner Koch1-23/+40
* server.c (skip_options): Skip leading spaces. (has_option): Honor "--". (cmd_export): Add option --data to do an inline export. Skip all options. * certdump.c (gpgsm_fpr_and_name_for_status): New. * verify.c (gpgsm_verify): Use it to print correct status messages. doc/ * gpgsm.texi (GPGSM EXPORT): Document changes.
2006-11-11.Werner Koch1-7/+19
2006-08-21Migrated more stuff to doc/Werner Koch1-0/+1250
Migrated the gpg regression tests. Some changes tp the gpg code to fix bugs and for the use in testing. make distcheck works now with gpg enabled.
2006-06-23* gpg.sgml: Document --enable-dsa2, --disable-dsa2, andDavid Shaw1-0/+3
--default-keyserver-url. * DETAILS: Note "Keyserver:"
2006-04-03About to release 1.4.3gnupg-1.4.3Werner Koch1-0/+5
2006-02-14Fixed a wrong return code with gpg --verifyWerner Koch1-1/+3
2005-12-20Finished PKA featureWerner Koch1-0/+6
2005-10-27* gpg.sgml: Document backsign, --require-backsigs, andDavid Shaw1-3/+8
--no-require-backsigs. * DETAILS: Clarify Key-Usage.
2005-10-18Fixed minor card related bugs and enhanced status messagesWerner Koch1-2/+6
2005-09-07Updated card stuff to support T=0 cards.Werner Koch1-1/+1
2005-07-19Document --limit-card-insert-tries.Werner Koch1-2/+3
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 18:21:47 +0000