aboutsummaryrefslogtreecommitdiffstats
path: root/doc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* wkd: New command --print-wkd-url for gpg-wks-client.Werner Koch2019-03-251-2/+6
| | | | | | | | | * tools/gpg-wks-client.c (aPrintWKDURL): New. (opts): Add option. (main): Implement. * tools/wks-util.c (wks_cmd_print_wkd_url): New. Signed-off-by: Werner Koch <[email protected]>
* doc: Clarify option --no-keyring.Werner Koch2019-03-251-1/+2
| | | | | | | -- GnuPG-bug-id: 4424 Signed-off-by: Werner Koch <[email protected]>
* wkd: New command --print-wkd-hash for gpg-wks-client.Werner Koch2019-03-251-0/+4
| | | | | | | | | | | | | * tools/gpg-wks-client.c (aPrintWKDHash): New. (opts) : Add "--print-wkd-hash". (main): Implement that command. (proc_userid_from_stdin): New. * tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY. (wks_cmd_print_wkd_hash): New. -- GnuPG-bug-id: 4418 Signed-off-by: Werner Koch <[email protected]>
* doc: fix formatting errorDaniel Kahn Gillmor2019-03-221-1/+2
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpgtar: Make option -C work for archive creation.Werner Koch2019-03-071-4/+5
| | | | | | | | | | | | * tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory. -- The -C option is pretty useful given that pattern are always relative to the current directory. In contrast to GNU tar, the switching is done only once. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit b3a7a5140784b5a015107b5c5c73b15ae44e71dc)
* gpgv: Improve documentation for keyring choicesDaniel Kahn Gillmor2019-03-071-7/+8
| | | | | | | | | | | | | * doc/gpgv.texi: Improve documentation for keyring choices -- From the existing documentation, it's not clear whether the default keyring will always be mixed into the set of keyrings, or whether it will be skipped if a --keyring is present. The updated text here attempts to describe the keyring selection logic more completely. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpgsm: default to 3072-bit keys.Daniel Kahn Gillmor2019-02-282-8/+8
| | | | | | | | | | | | | | | | | | | | * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update default to 3072 bits. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to 3072 bits. * sm/certreqgen.c (proc_parameters): update default to 3072 bits. * sm/gpgsm.c (main): print correct default_pubkey_algo. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gbp-Pq: Topic update-defaults Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch (cherry picked from commit 7955262151a5c755814dd23414e6804f79125355)
* scd: Allow standard keyref scheme for app-openpgp.Werner Koch2019-02-111-1/+1
| | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with "OPENPGP." -- The generic keyref allows for better error detection in case a keyref is send to a wrong card. This has been taken from master commit 3231ecdafd71ac47b734469b07170756979ede72 which has additional changed for gpg-card-tool, which is only available there. Signed-off-by: Werner Koch <[email protected]>
* gpg: Implement searching keys via keygrip.Werner Koch2019-01-291-4/+1
| | | | | | | | | | | | | | | | | | | | * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip. * kbx/keybox-openpgp.c (struct keyparm_s): New. (keygrip_from_keyparm): New. (parse_key): Compute keygrip. * kbx/keybox-search.c (blob_openpgp_has_grip): New. (has_keygrip): Call it. -- This has been marked for too long as not yet working. However, it is a pretty useful feature and will come pretty handy when looking for all keys matching one keygrip. Can be optimized a lot by storing the keygrip in the meta data. This will be done along with the upgrade of KBX for v5 fingerprints. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c128667b3cba749dd14262e032d4c260a2b0acd3)
* doc: Mark keyserver-options timeout and http-proxy as obsolete.Werner Koch2019-01-221-25/+5
| | | | | | -- (cherry picked from commit 6c000d4b78b836686e5a2789cc88a41e465e4400)
* agent: Make the S2K calibration time runtime configurable.Werner Koch2018-12-111-2/+9
| | | | | | | | | | | | | | | | | | | * agent/protect.c (s2k_calibration_time): New file global var. (calibrate_s2k_count): Use it here. (get_calibrated_s2k_count): Replace function static var by ... (s2k_calibrated_count): new file global var. (set_s2k_calibration_time): New function. * agent/gpg-agent.c (oS2KCalibration): New const. (opts): New option --s2k-calibration. (parse_rereadable_options): Parse that option. -- Note that using an unrelistic high value (like 60000) takes quite some time for calibration. GnuPG-bug-id: 3399 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit cbcc8c19541fe8407f3b6588fce1535c64cf6b25)
* gpg: New list-option "show-only-fpr-mbox".Werner Koch2018-12-051-0/+4
| | | | | | | | | | | | | | | | * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox". * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New. * g10/keylist.c (list_keyblock_simple): New. (list_keyblock): Call it. (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX mode. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49) * g10/keylist.c (list_keyblock_simple): Remove optional arg from mailbox_from_userid
* wks: Allow reading of --install-key arguments from stdin.Werner Koch2018-12-051-3/+8
| | | | | | | | | | * tools/wks-util.c (install_key_from_spec_file): New. (wks_cmd_install_key): Call it. * tools/gpg-wks-client.c (main): Allow --install-key w/o arguments. * tools/gpg-wks-server.c (main): Ditto. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)
* wks: Add new commands --install-key and --remove-key to the client.Werner Koch2018-12-051-0/+15
| | | | | | | | | | | | | | | * tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New. (opts): Add "--install-key", "--remove-key" and "-C". (parse_arguments): Parse them. (main): Check that the given directory exists. Implement the new commands. -- These commands maybe useful to prepare a WKD directory on a non-Unix box using the standard wks client. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 602b1909632925d5a2e0778c102d66109795c627)
* doc: Clarify use of clear and nodefault in the AKL.Werner Koch2018-11-211-1/+3
| | | | | | -- (cherry picked from commit e5c3a6999a374813134a9e68744444c25c3017f6)
* wks: New option --with-colons for gpg-wks-client.Werner Koch2018-11-051-1/+40
| | | | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (opt): Add field with_colons. * tools/gpg-wks-client.c (oWithColons): New const. (opts, parse_arguments): Add option --with-colons. (main): Change aSupported to take several domains in --with-colons mode. (command_send): Factor policy getting code out to ... (get_policy_and_sa): New function. (command_supported): Make use of new function. -- In addition to this the --create command now also supports a submission address only in the policy file. That means the submission-address file is not anymore required and can be replaced by the policy file. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e3a1e80d13487c9336640a99b2f6d385d7d6f55c)
* gpg: Don't take the a TOFU trust model from the trustdb,Werner Koch2018-11-051-1/+2
| | | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model. (create_version_record): Don't init as TOFU. (tdbio_db_matches_options): Don't indicate a change in case TOFU is stored in an old trustdb file. -- This change allows to switch between a tofu and pgp or tofu+pgp trust model without an auto rebuild of the trustdb. This also requires that the tofu trust model is requested on the command line. If TOFU will ever be the default we need to tweak the model detection via TM_AUTO by also looking into the TOFU data base, GnuPG-bug-id: 4134 (cherry picked from commit 150a33df41944d764621f037038683f3d605aa3f)
* wkd: Add option --directory to the server.Werner Koch2018-10-261-11/+18
| | | | | | | | | | | | | | * tools/gpg-wks-server.c (opts): Add '--directory', (main): Explain how to set correct permissions. (command_list_domains): Create an empty policy file and remove the warning for an empty policy file. -- Note that a policy file is meanwhile required and thus is is useful to create it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f248416bc9792e80bb0785302058131de49d7639)
* doc: Minor additions to the gpg man pageWerner Koch2018-08-291-4/+10
| | | | | | | | | | -- Includes a fix for GnuPG-bug-id: 3906 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 420dc2b49ad816bdd27b40db45d900551c71476f)
* doc: Show how to list envvars send to gpg-agent.Werner Koch2018-08-291-0/+9
| | | | | | | | -- GnuPG-bug: 3353 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 53bbac0865719076f7ad7bb57e13f656bd6edf39)
* gpg: New option --known-notation.Werner Koch2018-08-291-0/+7
| | | | | | | | | | | | | | | * g10/gpg.c (oKnownNotation): New const. (opts): Add option --known-notation. (main): Set option. * g10/parse-packet.c (known_notations_list): New local var. (register_known_notation): New. (can_handle_critical_notation): Rewrite to handle the new feature. Also print the name of unknown notations in verbose mode. -- GnuPG-bug-id: 4060 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3da835713fb6220112d988e1953f3d84beabbf6a)
* gpg: Print revocation reason for "rvs" records.Werner Koch2018-07-031-0/+9
| | | | | | | | | | | | | | | | | | | | | * g10/import.c (get_revocation_reason): New. (list_standalone_revocation): Extend function. -- Note that this function extends the "rvs" field signature-class (field 11) with the revocation reason. GPGME does not yet parse this but it can be expected that the comma delimiter does not break other parsers. A new field is added to the "rvs" (and in future also the "rev") record to carry a record specific comment. Hopefully all parsers meanwhile learned the lesson from other new fields and don't bail out on more fields than they know about. This is partial solution to GnuPG-bug-id: 1173 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit b7cd2c2093ae1b47645be50fa1d431a028187cad)
* gpg: Let --show-keys print revocation certificates.Werner Koch2018-07-031-6/+8
| | | | | | | | | | * g10/import.c (list_standalone_revocation): New. (import_revoke_cert): Call new function. -- GnuPG-bug-id: 4018 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 386b9c4f25b28fd769d7563f2d86ac3a19cc3011)
* gpg: Add new usage option for drop-subkey filters.Daniel Kahn Gillmor2018-06-121-0/+5
| | | | | | | | | | | | | | | * g10/import.c (impex_filter_getval): Add new "usage" property for drop-subkey filter. -- For example, this permits extraction of only encryption-capable subkeys like so: gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR GnuPG-Bug-id: 4019 Signed-off-by: Daniel Kahn Gillmor <[email protected]> (cherry picked from commit 2ddfb5bef920919443309ece9fa2930282bbce85)
* gpg: Set some list options with --show-keysWerner Koch2018-06-111-3/+5
| | | | | | | | | | | | | * g10/gpg.c (main): Set some list options. -- The new command --show-keys is commonly used to check the content of a file with keys. In this case it can be expected that all included subkeys and uids are of interested, even when they are already expired or have been revoked. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d2bc66f241a66cc95140cbb3a07555f6301290ed)
* doc: Typo fixesWerner Koch2018-06-063-4/+4
| | | | | | | | -- Reported-by: Claus Assmann <[email protected]> Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 70f26e4263364f4b521c7856c38ba7ee59e38445)
* gpg: New command --show-keys.Werner Koch2018-06-061-1/+10
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 257661d6ae0ca376df758c38fabab2316d10e3a9)
* gpg: Remove MDC optionsWerner Koch2018-05-311-12/+11
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc into NOPs. * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. * g10/cipher.c (write_header): Include extra hint and make translatable. * g10/options.h (struct opt): Remove fields force_mdc and disable_mdc. -- The MDC is now always used except with --rfc2440 which will lead to a a big fat warning. This is a stripped down version of commit 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be applied due to the AEAD mechanisms there. Signed-off-by: Werner Koch <[email protected]>
* gpg: Hard fail on a missing MDC even for legacy algorithms.Werner Koch2018-05-311-4/+5
| | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Require an MDC or AEAD * tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to allow testing with the current files. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f) Resolved Conflicts: g10/mainproc.c - Remove AEAD stuff.
* gpg: Turn --no-mdc-warn into a NOP.Werner Koch2018-05-311-4/+0
| | | | | | | | | | | | | | | | * g10/gpg.c (oNoMDCWarn): Remove. (opts): Make --no-mdc-warn a NOP. (main): Don't set var. * g10/options.h (struct opt): Remove 'no_mdc_var'. * g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false. * g10/mainproc.c (proc_encrypted): Ditto. -- Users should not be allowed to suppress the warning that they are shooting into their foot. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 96350c5d5afcbc7f66c535e38b9fcc7355622855)
* doc: Update description of displayed trust values.Ineiev2018-05-074-32/+65
| | | | | | | | | | | | | | * doc/trust-values.texi: New file. * doc/Makefile.am (EXTRA_DIST): Add trust-values.texi. * doc/gnupg.texi (Trust Values): New chapter. * doc/gpg.texi (OpenPGP Key Management): Update the description of how trust values are displayed, replace table with a reference to Trust Values. * doc/gpg.texi (GPG Examples): Add @mansect trust values. -- Signed-off-by: Ineiev <[email protected]>
* dirmngr: Add the used TLS library to the debug output.Werner Koch2018-04-251-3/+4
| | | | | | | | | | | * dirmngr/http.c (send_request): Print the used TLS library in debug mode. -- We allow two different TLS libararies and thus it is useful to see that in the debug output of bug reports. Signed-off-by: Werner Koch <[email protected]>
* doc: Update NEWS and add an example to gpg.texi.Werner Koch2018-04-231-1/+7
| | | | --
* doc: Remove unneccesary empty flags in vsndf.prfAndre Heinecke2018-04-201-1/+1
| | | | | | * doc/examples/vsnfd.prf (max-cache-ttl): Remove empty flags. Signed-off-by: Andre Heinecke <[email protected]>
* gpg: Extend the "sig" record in --list-mode.Werner Koch2018-04-121-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call callers. (get_user_id): Add arg R_NOUID. Change call callers. * g10/mainproc.c (issuer_fpr_string): Make global. * g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key also in --list-mode. Print the "issuer fpr" field also if there is an issuer fingerprint subpacket. -- Scripts used to rely on the "User ID not found" string even in the --with-colons listing. However, that is not a good idea because that string is subject to translations etc. Now we have an explicit way of telling that a key is missing. For example: gpg --list-sigs --with-colons | \ awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}' Prints all keyids or fingerprint of signing keys for which we do not have the key in our local keyring. Signed-off-by: Werner Koch <[email protected]>
* gpg: Extend the ERRSIG status line with a fingerprint.Werner Koch2018-04-121-4/+9
| | | | | | | | | | | | | | * g10/mainproc.c (issuer_fpr_raw): New. (issuer_fpr_string): Re-implement using issuer_fpr_rtaw. (check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW. Use write_status_printf. Extend ERRSIG status. -- Modern OpenPGP implementations put the ISSUER_FPR into the signature to make it easier to discover the, public needed to check the signature. This is also useful in error messages and thus we add it. Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --no-symkey-cache.Werner Koch2018-04-111-1/+10
| | | | | | | | | | * g10/gpg.c (oNoSymkeyCache): New. (opts): Add that option. (main): Set var. * g10/options.h (struct opt): New field no_symkey_cache. * g10/passphrase.c (passphrase_to_dek): Implement that feature. Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fix in gpg.texiWerner Koch2018-04-091-1/+1
| | | | | | -- Reported-by: Cody Brownstein
* doc: Add an example for --default-new-key-algoWerner Koch2018-04-092-5/+14
| | | | --
* doc: Document --key-edit:change-usageWerner Koch2018-04-091-0/+9
| | | | | | | | * g10/keyedit.c (menu_changeusage): Make strings translatable. -- GnuPG-bug-id: 3816 Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: New option --request-origin.Werner Koch2018-03-232-0/+18
| | | | | | | | | | | | | | | * g10/gpg.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * g10/options.h (struct opt): Add field request_origin. * g10/call-agent.c (start_agent): Send option to the agent. * sm/gpgsm.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * sm/gpgsm.h (struct opt): Add field request_origin. * sm/call-agent.c (start_agent): Send option to the agent. Signed-off-by: Werner Koch <[email protected]>
* agent: New OPTION pretend-request-originWerner Koch2018-03-231-0/+21
| | | | | | | | | | | | | * common/shareddefs.h (request_origin_t): New. * common/agent-opt.c (parse_request_origin): New. (str_request_origin): New. * agent/command.c (option_handler): Implement new option. -- This allows to pretend that a request originated from the extra or browser socket. Signed-off-by: Werner Koch <[email protected]>
* build: Fix the manual source field.NIIBE Yutaka2018-03-231-1/+1
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Implement --dry-run for --passwd.Werner Koch2018-03-221-1/+3
| | | | | | * g10/keyedit.c (change_passphrase): Take care of --dry-run. Signed-off-by: Werner Koch <[email protected]>
* doc: man page grammarBen McGinnes2018-03-071-2/+2
| | | | | | -- Fixed two grammatical errors: their vs. there and oneself vs. one (one's self would still be too stilted).
* agent: Also evict cached items via a timer.Werner Koch2018-03-061-1/+4
| | | | | | | | | | | | * agent/cache.c (agent_cache_housekeeping): New func. * agent/gpg-agent.c (handle_tick): Call it. -- This change mitigates the risk of having cached items in a post mortem dump. GnuPG-bug-id: 3829 Signed-off-by: Werner Koch <[email protected]>
* doc: Fix recently introduced typo in gpgsm.texi.Werner Koch2018-02-221-1/+1
| | | | --
* doc: Clarify -export-secret-key-p12Werner Koch2018-02-221-3/+3
| | | | | | | -- GnuPG-bug-id: 3788 Signed-off-by: Werner Koch <[email protected]>
* doc: Add extra hint on unattended use of gpg.Werner Koch2018-02-211-0/+13
| | | | --
* wks: Add special mode to --install-key.Werner Koch2018-02-201-10/+7
| | | | | | | | | | | * tools/gpg-wks-client.c (get_key_status_parm_s) (get_key_status_cb, get_key): Move to ... * tools/wks-util.c: ...here. (get_key): Rename to wks_get_key. * tools/gpg-wks-server.c: Include userids.h. (command_install_key): Allow use of a fingerprint. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 18:28:39 +0000