aboutsummaryrefslogtreecommitdiffstats
path: root/doc/DETAILS (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Emit status line NEWSIG before signature verification starts.Werner Koch2015-03-191-3/+3
| | | | | | | | | * g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG. -- gpgsm does this for a long time but somehow it never made it into gpg. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add --list-gcrypt-config and "curve" item for --list-config.Werner Koch2015-03-101-1/+10
| | | | | | | | | | | | | * common/openpgp-oid.c (curve_supported_p): New. (openpgp_enum_curves): New. * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. (main): Add option --verbose. * g10/gpg.c (opts): Add --list-gcrypt-config. (list_config): Add items "curve" and "curveoid". Remove unused code. -- GnuPG-bug-id: 1917 Signed-off-by: Werner Koch <[email protected]>
* doc: Some typo fixes.Werner Koch2015-03-061-2/+2
| | | | --
* doc: Update the description of the S2K extension.Werner Koch2015-02-261-6/+20
| | | | --
* gpg: Allow predefined names as answer to the keygen.algo prompt.Werner Koch2015-01-281-0/+30
| | | | | | * g10/keygen.c (ask_algo): Add list of strings. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add sub-command "factory-reset" to --card-edit.Werner Koch2014-12-151-0/+1
| | | | | | | | | | | | | | | | | | * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <[email protected]>
* gpg: Track number of skipped v3 keys on import.Werner Koch2014-11-211-0/+1
| | | | | | | | | * g10/import.c (stats_s): Add field v3keys. (import): Update this field. (import_print_stats): Print v3 key count. (read_block): Skip v3 keys and return a count for them. Signed-off-by: Werner Koch <[email protected]>
* Typo fixes.Werner Koch2014-11-041-1/+1
| | | | --
* gpg: Remove extra RSA import status line.Werner Koch2014-10-131-1/+1
| | | | | | | | | | | | * g10/import.c (stats_s): Remove field "imported_rsa". (import_print_stats): Do not print separate value for RSA. (import_one): Remove the RSA counter. -- RSA is the standard key format and thus there is no more need to have a separate counter. This is a remain from the RSA patent times. Signed-off-by: Werner Koch <[email protected]>
* gpg: Use more specific reason codes for INV_RECP.Werner Koch2014-06-101-0/+2
| | | | | | | | * g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific reasons codes for INV_RECP. -- GnuPG-bug-id: 1650
* Add new option --with-secret.Werner Koch2014-06-031-1/+2
| | | | | | | | | | | | | | | | | | | * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass.
* gpg: Re-enable secret key deletion.Werner Koch2014-04-151-0/+1
| | | | | | | * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
* gpg: Change --show-session-key to print the session key earlier.Werner Koch2013-12-111-3/+4
| | | | | | | | | | | | | | | | | | * g10/cpr.c (write_status_strings): New. (write_status_text): Replace code by a call to write_status_strings. * g10/mainproc.c (proc_encrypted): Remove show_session_key code. * g10/decrypt-data.c (decrypt_data): Add new show_session_key code. -- This feature can be used to return the session key for just a part of a file. For example to downloading just the first 32k of a huge file, decrypting that incomplete part and while ignoring all the errors break out the session key. The session key may then be used on the server to decrypt the entire file without the need to have the private key on the server. GnuPG-bug-id: 1389 Signed-off-by: Werner Koch <[email protected]>
* gpg: Rework ECC support and add experimental support for Ed25519.Werner Koch2013-11-151-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (key_parms_from_sexp): Add algo name "ecc". (agent_is_dsa_key): Ditto. (agent_is_eddsa_key): New. Not finished, though. * agent/pksign.c (do_encode_eddsa): New. (agent_pksign_do): Use gcry_log_debug functions. * agent/protect.c (agent_protect): Parse a flags parameter. * g10/keygen.c (gpg_curve_to_oid): Move to ... * common/openpgp-oid.c (openpgp_curve_to_oid): here and rename. (oid_ed25519): New. (openpgp_oid_is_ed25519): New. (openpgp_oid_to_curve): New. * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New. * g10/build-packet.c (gpg_mpi_write): Write the length header also for opaque MPIs. (gpg_mpi_write_nohdr): New. (do_key): Use gpg_mpi_write_nohdr depending on algorithm. (do_pubkey_enc): Ditto. * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use gpg_mpi_write_nohdr. * g10/export.c (transfer_format_to_openpgp): * g10/keygen.c (ecckey_from_sexp): Return the error. (gen_ecc): Repalce arg NBITS by CURVE. (read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve". (ask_curve): New. (generate_keypair, generate_subkeypair): Use ask_curve. (do_generate_keypair): Also pass curve name. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print curve name. * g10/parse-packet.c (mpi_read): Remove workaround for Libcgrypt < 1.5. (parse_key): Fix ECC case. Print the curve name. * g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp. (pk_verify, pk_check_secret_key): Add special case for Ed25519. * g10/seskey.c (encode_md_value): Ditto. * g10/sign.c (do_sign, hash_for, sign_file): Ditto. -- Be warned that this code is subject to further changes and that the format will very likely change before a release. There are also known bugs and missing code. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix bug with deeply nested compressed packets.Werner Koch2013-10-021-0/+1
| | | | | | | | | | * g10/mainproc.c (MAX_NESTING_DEPTH): New. (proc_compressed): Return an error code. (check_nesting): New. (do_proc_packets): Check packet nesting depth. Handle errors from check_compressed. Signed-off-by: Werner Koch <[email protected]>
* gpg: Print indicator for unknown key capability.Werner Koch2013-03-191-0/+1
| | | | * g10/keylist.c (print_capabilities): Print '?' for unknown usage.
* doc: Fix description for NEED_PASSPHRASE status.Werner Koch2013-02-071-1/+1
| | | | --
* Convert doc/DETAILS to org-modeWerner Koch2013-01-301-869/+958
| | | | | -- Also restructure the file and fix some obviously wrong things.
* gpg: Add status line PINENTRY_LAUNCHED.Werner Koch2013-01-301-0/+9
| | | | | | | | | * common/status.h (STATUS_PINENTRY_LAUNCHED): New. * g10/server.c (server_local_s): Add field allow_pinentry_notify. (option_handler): Add option "allow-pinentry-notify". (gpg_proxy_pinentry_notify): New. * g10/call-agent.c (default_inq_cb): Factor code out to the new function.
* Fix description of validity flag 'n'.Werner Koch2012-11-121-1/+1
| | | | | -- Thanks to Hauke Laging for spotting this.
* Print the hash algorithm in colon mode key listing.Werner Koch2012-05-241-2/+6
| | | | * g10/keylist.c (list_keyblock_colon): Print digest_algo.
* Add tweaks for the not anymore patented IDEA algorithm.Werner Koch2012-05-081-5/+3
| | | | | | | | | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 compatibility mode. * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. * common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this status anymore. -- To keep the number of actually used algorithms low, we want to support IDEA only in a basically read-only way (unless --pgp2 is used during key generation). It does not make sense to suggest the use of this old 64 bit blocksize algorithm. However, there is old data available where it might be helpful to have IDEA available.
* gpgsm: Add new validation model "steed".Werner Koch2011-12-071-0/+5
| | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (VALIDATE_FLAG_STEED): New. * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed". * sm/server.c (option_handler): Allow validation model "steed". * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New. * sm/certchain.c (do_validate_chain): Handle the well-known-private-key attribute. Support the "steed" model. (gpgsm_validate_chain): Ditto. * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line. * sm/keylist.c (list_cert_colon): Print the new 'w' flag. -- This is the first part of changes to implement the STEED proposal as described at http://g10code.com/steed.html . The idea for X.509 is not to use plain self-signed certificates but certificates signed by a dummy CA (i.e. one for which the private key is known). Having a single CA as an indication for the use of STEED might help other X.509 implementations to implement STEED.
* gpgsm: Allow arbitrary extensions for cert creation.Werner Koch2011-12-061-0/+1
| | | | | | | | * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New. (read_parameters): Add new keywords. (proc_parameters): Check values of new keywords. (create_request): Add SubjectKeyId and extensions. (parse_parameter_usage): Support "cert" and the encrypt alias "encr".
* Move parameter file description to the manual.Werner Koch2011-03-011-189/+2
|
* Support X.509 certificate creation.Werner Koch2011-03-011-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Using "gpgsm --genkey" allows the creation of a self-signed certificate via a new prompt. Using "gpgsm --genkey --batch" should allow the creation of arbitrary certificates controlled by a parameter file. An example parameter file is Key-Type: RSA Key-Length: 1024 Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA Key-Usage: sign, encrypt Serial: random Name-DN: CN=some test key Name-Email: [email protected] Name-Email: [email protected] Hash-Algo: SHA384 not-after: 2038-01-16 12:44 This creates a self-signed X.509 certificate using the key given by the keygrip and using SHA-384 as hash algorithm. The keyword signing-key can be used to sign the certificate with a different key. See sm/certreggen.c for details.
* Removed deprecated SIGEXPIRED status line.Werner Koch2011-02-041-5/+10
|
* Add a DECRYPTION_INFO status.Werner Koch2011-02-031-33/+37
| | | | | | | DECRYPTION_INFO <mdc_method> <sym_algo> Print information about the symmetric encryption algorithm and the MDC method. This will be emitted even if the decryption fails.
* Smartcard related updatesWerner Koch2010-11-171-1/+2
|
* doc fixWerner Koch2010-10-181-1/+2
|
* All tests work are again workingWerner Koch2010-10-141-0/+13
|
* Exporting secret keys via gpg-agent is now basically supported.Werner Koch2010-10-011-1/+2
| | | | | | A couple of forward ported changes. Doc updates.
* More changes on the way to remove secring.gpg.Werner Koch2010-04-211-1/+1
|
* Finished the bulk of changes to use estream in most places instead ofWerner Koch2010-03-151-0/+6
| | | | | stdio.
* Add dummu option --passwd for gpg.Werner Koch2010-01-081-1/+3
| | | | | Collected changes.
* Implement --faked-systrem-time for gpg.Werner Koch2009-12-171-6/+7
| | | | | Typo and comment fixes.
* Use ADNS for PKA and SRV records if no other resolver is available.Werner Koch2009-12-071-1/+1
|
* allow for default algorithms in a gpg parameter fileWerner Koch2009-12-041-9/+32
|
* [scd] Memory leak fix.Werner Koch2009-10-281-0/+6
| | | | | [g13] Send MOUNTPOINT status line
* Improved detection of bad/invalid signer keys.Werner Koch2009-08-061-6/+14
|
* Print status of CRL checks in the audit log.Werner Koch2009-07-231-3/+3
|
* [g10]Werner Koch2009-07-131-0/+1
| | | | | | | | | | * exec.c: Fix function name indentation. (expand_args): Simplify by using membuf functions. (exec_write): Fix memory leak on error. (w32_system): Use DETACHED_PROCESS so that a new console is not created.
* Support writing of existing keys with non-matching key sizes.Werner Koch2009-07-091-2/+3
|
* Make soem omnikey readers work with extended length APDUs.Werner Koch2009-06-291-1/+6
|
* Print NO_SECKEY status line in gpgsm.Werner Koch2009-03-251-6/+6
| | | | | This fixes bug#1020.
* Fix keygrip computation for TCOS 3 cards.Werner Koch2009-03-201-1/+2
| | | | | Emit PROGRESS status lines during --learn-card.
* Cleanups. Fixes bug 956.Werner Koch2008-12-081-156/+59
|
* Add a warning nite to --throw-keyds.Werner Koch2008-08-281-2/+2
|
* Print a 'f' for validated non-root certificates in gpgsm colon style listing.Werner Koch2008-08-131-1/+5
| | | | | Doc fixes.
* Cehck for expire date overflows.Werner Koch2008-08-111-4/+10
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 23:56:10 +0000