| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/ksba-io-support.c: Include tlv.h
(struct reader_cb_parm_s): Add new fields.
(starts_with_sequence): New.
(simple_reader_cb): Handle stripping.
* common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New.
(gnupg_ksba_create_reader): Handle the new flag.
* sm/verify.c (gpgsm_verify): Use the new flag for detached
signatures.
--
Note that this works only if --assume-binary is given. The use case
for the feature is PDF signature checking where the PDF specs require
that the detached signature is padded with zeroes.
(cherry picked from commit 2a13f7f9dc75265ece649e30fecd3dc694b1240e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.h (opt): Re-purpose unused flag always_trust.
(struct server_control_s): Add "always_trust".
(VALIDATE_FLAG_BYPASS): New.
* sm/gpgsm.c (oAlwaysTrust): New.
(opts): Add "--always-trust"
(main): Set option.
* sm/server.c (option_handler): Add option "always-trust".
(reset_notify): Clear that option.
(cmd_encrypt): Ditto.
(cmd_getinfo): Add sub-command always-trust.
* sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS.
* sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients
in always-trust mode.
--
GnuPG-bug-id: 6559
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oInputSizeHint): New.
(opts): Add "--input-size-hint".
(main): Set option.
* sm/server.c (option_handler): Add option "input-size-hint".
* sm/gpgsm.h (struct server_control_s): Add field input_size_hint.
* sm/encrypt.c (gpgsm_encrypt): Set the toatl file size.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
This option allows to set a value for the progress output line. Note
that as of now there is no other way to set the file size.
GnuPG-bug-id: 6534
|
| |
|
|
|
|
|
|
|
| |
* sm/certreqgen.c (create_request): Create AKI and SKI by default.
--
GnuPG-bug-id: 4098, 6253
Signed-off-by: Werner Koch <[email protected]>
Backported-from-master: 44676819f2873705b78849e7b2fd22214b691642
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.
* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
--
Backported-from-master: f0b373cec93bb01f02b9c0a3ab1f3e242b381c3f
Backported-from-master: ce63eaa4f8f3f41aafcaddd8d658dacd522334a8
|
| |
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* sm/gpgsm.h (opt): Add field require_compliance.
(gpgsm_errors_seen): Declare.
* sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
|
| |
|
|
|
|
|
|
| |
* sm/gpgsm.c (oIgnoreCertWithOID): New.
(opts): Add option.
(main): Store its value.
* sm/call-agent.c (learn_cb): Test against that list.
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver"
invisible.
(known_options_dirmngr): Add "ldapserver".
* sm/gpgsm.c (oKeyServer_deprecated): New.
(opts): Assign "ldapserver" to the new option and makr it as obsolete.
--
We want to use "ldapserver" in dirmngr but need to keep using
"keyserver" in gpgsm for existant versions of Kleopatra etc.
GnuPG-bug-id: 5801
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an
alias.
--
We should use "keyserver" for OpenPGP and thus it is better to allow
for "ldapserver" here - it is the same convention as now used in
dirmngr.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
--
GnuPG-bug-id: 5071
Also fixed one in keyformat.txt [wk].
(cherry picked from commit 572bcacc287d24d0a2cc56442f9fb6a9ac49e12d)
|
| |
|
|
|
|
|
|
|
| |
* sm/certchain.c (find_up): Disable external lookups in offline mode.
Always allow AKI lookup if CRLs are also enabled.
--
GnuPG-bug-id: 4898
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
* sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
* sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.
--
If the issuer does not provide a DP and the user wants such an issuer,
we expect that a certificate does not need revocation checks. The new
option --enable-issuer-based-crl-check can be used to revert to the
old behaviour which requires that a suitable LDAP server has been
configured to lookup a CRL by issuer.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from master)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.
--
3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
(cherry picked from commit 7955262151a5c755814dd23414e6804f79125355)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
--
GnuPG-bug-id: 3788
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete.
Signed-off-by: Marcus Brinkmann <[email protected]>
GnuPG-bug-id: 2231
|
| |
|
|
|
|
|
| |
* doc/gpgsm.texi: Mention that '--with-key-data' implies
'--with-colons'.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
--
In addition, fix trailing spaces in tests/inittests.
GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
--
This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* doc/gpg.texi: Add the old version of every option that was updated
with the last change set.
* doc/gpgsm.texi: Likewise.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.
* doc/gpgsm.texi: Likewise.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <[email protected]>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
--
The commands --help, --version, --dump-options are special in that
they can't be abbreciated on the command line. This is to avoid
problems with regular options with the same prefix.
Fixes-commit: 0a27d8a57c4c990fcada4278a1ce2e6fc9043e9
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/instguide.texi, doc/scdaemon.texi, doc/specify-user-id.texi,
doc/tools.texi: Fix.
|
| |
|
|
|
|
| |
* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/howto-create-a-server-cert.texi, doc/scdaemon.texi,
doc/specify-user-id.texi, doc/tools.texi: Fix.
|
| |
|
|
| |
* doc/gpg.texi, doc/gpgsm.texi, doc/specify-user-id.texi: Fix.
|
| |
|
|
|
|
| |
* doc/dirmngr.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/howto-create-a-server-cert.texi,
doc/scdaemon.texi, doc/tools.texi: Fix.
|
| |
|
|
|
| |
* doc/debugging.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/tools.texi: Fix.
|
| |
|
|
|
| |
* doc/dirmngr.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi: Fix.
|
| |
|
|
|
|
|
| |
* doc/debugging.texi, doc/dirmngr.texi, doc/glossary.texi
* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
* doc/instguide.texi, doc/opt-homedir.texi, doc/scdaemon.texi
* doc/specify-user-id.texi, doc/tools.texi: Fix.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
tests/openpgp/multisig.test, tests/openpgp/verify.scm,
tests/pkits/README, tools/applygnupgdefaults,
tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
minor spelling cleanup.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/logging.c (log_set_socket_dir_cb): New.
(socket_dir_cb): New.
(set_file_fd): Allow "socket://".
(fun_writer): Implement default socket name.
* common/init.c (_init_common_subsystems): Register default socket.
--
This change allows the use of
log-file socket://
in any configuration file.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
with clearer text.
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
| |
* doc/gnupg.texi: Define new index "ef".
(Environment Index): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'.
* sm/Makefile.am (gpgsm_SOURCES): Add new files
* sm/call-agent.c (struct default_inq_parm_s): New definition.
(start_agent): Pass in the pinentry mode.
(default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries.
Adapt all call sites to the new callback cookie.
* sm/gpgsm.c (cmd_and_opt_values): Add new values.
(opts): Add new options.
(main): Handle new options.
* sm/gpgsm.h (struct opt): Add field 'pinentry_mode'.
* sm/passphrase.c: New file.
* sm/passphrase.h: Likewise.
GnuPG-bug-id: 1970
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* doc/gpgsm.texi: Drop description.
* sm/gpgsm.c (cmd_and_opt_values): Drop enum value.
(opts): Drop argument.
(main): Drop argument handling.
* sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/server.c (option_handler): Add "offline".
(cmd_getinfo): Ditto.
* sm/certchain.c (is_cert_still_valid):
(do_validate_chain):
* sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
of --disable-dirmngr.
* sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
ctrl->offline.
--
Adding this option makes it easier to implement the corresponding
feature in gpgme.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* doc/mkdefsinc.c: New.
* doc/Makefile.am: Include cmacros.am.
(EXTRA_DIST): Add mkdefsinc.c defsincdate.
(BUILT_SOURCES): Add defsincdate
(CLEANFILES): Add mkdefsinc and defs.inc.
(mkdefsinc): New rule.
(yat2m-stamp): Depend on defs.inc.
($(myman_pages) gnupg.7): Ditto.
(gnupg.texi): Remove rule to touch itself.
(dist-hook): New.
(defsincdate): New.
(defs.inc): New.
* doc/gnupg.texi: Remove inclusion of version.texi. Include defs.inc.
Also include defs.inc in all files used to build man files. Change
fixed directory names to those from defs.inc.
--
GnuPG-bug-id: 1661
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c: Add option --no-autostart.
* sm/gpgsm.c: Ditto.
* g10/options.h (opt): Add field autostart.
* sm/gpgsm.h (opt): Ditto.
* g10/call-agent.c (start_agent): Print note if agent was not
autostarted.
* sm/call-agent.c (start_agent): Ditto.
* g10/call-dirmngr.c (create_context): Likewise.
* sm/call-dirmngr.c (start_dirmngr_ext): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oDebugQuickRandom): New.
(opts): New option --debug-quick-random.
(main): Use new option.
* common/asshelp.c (start_new_gpg_agent): Add hack to pass an
additional argument for the agent name.
* tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
starting parameters.
* tests/openpgp/version.test: Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options. Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--
The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret. Also move
the token string from the wrong field 14 to 15.
--
This option is useful for key managers which need to know whether a
key has a secret key. This change allows to collect this information
in one pass.
|
| |
|
|
|
|
|
|
|
| |
* sm/gpgsm.c: Add new commands.
* sm/minip12.c (build_key_sequence): Add arg mode.
(p12_raw_build): New.
* sm/export.c (export_p12): Add arg rawmode. Call p12_raw_build.
(gpgsm_p12_export): Ditto.
(print_short_info): Print the keygrip.
|
