aboutsummaryrefslogtreecommitdiffstats
path: root/doc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Fix mixed invocation with --trusted-keys and --no-options.Werner Koch2024-03-041-1/+3
| | | | | | | | | | | | * g10/trustdb.c: Move a function and some definitions around. (user_utk_list): Rename to trusted_key_list. Change all users. (any_trusted_key_seen): New. (tdb_register_trusted_key): Set it here. Handle the new value "none". (verify_own_keys): Do not delete a trusted key from the trustdb if a trusted-key option was not used. -- GnuPG-bug-id: 7025
* wks: Allow command style args for gpg-wks-client.Werner Koch2024-02-211-0/+2
| | | | | | | | | | * tools/gpg-wks-client.c (wrong_args): Take two args. Change all callers. (main): Pass ARGPARSE_FLAG_COMMAND for recent gpgrt version. -- This requires gpgrt 1.48. Of course "gpg-wks-client --create ..." continues to work.
* gpg: Add option --assert-pubkey_algo.Werner Koch2024-02-103-1/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
* doc: Suggest the use of a fingerprint for --default-key.Werner Koch2024-02-051-18/+23
| | | | | | -- GnuPG-bug-id: 6975
* doc: Improve warning for --use-embedded-filename.Werner Koch2024-02-051-1/+15
| | | | | | -- GnuPG-bug-id: 6972
* doc: Mark --textmode as legacy option.Werner Koch2024-01-291-18/+19
| | | | --
* doc: Fix spelling errors found by lintian.Werner Koch2024-01-297-16/+16
| | | | | | -- Reported-by: Andreas Metzler <[email protected]>
* card: Tweak the checkcmds sub-command.Werner Koch2024-01-251-0/+34
| | | | * tools/gpg-card.c (cmd_checkkeys): Skip not found keys.
* gpg: Add sub-option ignore-attributes to --import-options.Werner Koch2024-01-241-0/+4
| | | | | | | | | | | | | | | * g10/options.h (IMPORT_IGNORE_ATTRIBUTES): New. * g10/import.c (parse_import_options): Add new sub-option. (read_block): Implement sub-option. -- Suggested-by: Robin H. Johnson Tested using the import-export feature: gpg --export KEY_WITH_PICTURE \ | gpg --import --import-options import-export,ignore-attributes \ | gpg --show-key
* doc: Fix description of gpg --unwrapWerner Koch2024-01-221-6/+5
| | | | --
* doc: Describe the ssh-agent protocol options for Windows.Werner Koch2024-01-151-5/+16
| | | | | | -- Also fix a typo in a macro.
* doc: Document the gpgconf --unlock command.Werner Koch2024-01-111-1/+12
| | | | | | | * tools/gpgconf.c (main): Fix usage message. -- GnuPG-bug-id: 6838
* gpg: Fix regression in the Revoker keyword of the parmeter file.Werner Koch2024-01-111-3/+4
| | | | | | | | | | * g10/keygen.c (parse_revocation_key): Actually allow for v4 fingerprints. -- Note that the use of the parameter file is deprecated. GnuPG-bug-id: 6923
* common: Add keyword socketdir to gpgconf.ctlWerner Koch2023-12-222-11/+27
| | | | | | | | | | | * common/homedir.c (enum wantdir_values): New enums. (unix_rootdir): Change arg to use the enums. Adjust all callers. Add support for the socketdir keyword. (_gnupg_socketdir_internal): Take care of the socketdir keyword in gpgconf.ctl. * doc/tools.texi (Files used by gpgconf): Briefly explain the gpgconf.ctl syntax.
* doc: Explain what to put into mailcap for gpg-wks-client.Werner Koch2023-12-201-0/+15
| | | | --
* doc: Fix description of scdaemon for --disable-ccid.NIIBE Yutaka2023-12-121-10/+8
| | | | | | | -- GnuPG-bug-id: 6871 Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Update Portuguese Translation.Daniel Cerqueira2023-11-291-112/+301
| | | | | | | | | | -- This commit log (with no ChangeLog entry) is written by gniibe, following the practice; Translation update don't need a ChangeLog entry in a commit log. Signed-off-by: Daniel Cerqueira <[email protected]>
* dirmngr: Implement automatic proxy detection on Windows.Werner Koch2023-09-261-1/+3
| | | | | | | | | | | | | | * dirmngr/http.c [W32]: Include winhttp.h (w32_get_internet_session): New. (w32_get_proxy): New. (get_proxy_for_url): Implement automatic proxy detection and fix error in last patch. (http_reinitialize): New. * dirmngr/dirmngr.c (dirmngr_sighup_action): Call reinitialize. * dirmngr/Makefile.am (NETLIBS) [W32]: Link with winhttp. -- GnuPG-bug-id: 5768
* gpg: Add --list-filter properties sig_expires/sig_expires_dRobin H. Johnson via Gnupg-devel2023-09-151-0/+6
| | | | | | | | | Modelled after key_expires/key_expires_d. This should be useful to detect upcoming certification expiry, so the certifications can be renewed in advance of the expiry. Signed-off-by: Robin H. Johnson <[email protected]>
* dirmngr: Allow conf files to disable default keyservers.Werner Koch2023-09-061-1/+2
| | | | | | | | * dirmngr/server.c (ensure_keyserver): Detect special value "none" (cmd_keyserver): Ignore "none" and "hkp://none". -- GnuPG-bug-id: 6708
* gpg: Add option --with-v5-fingerprintWerner Koch2023-09-041-0/+5
| | | | | | | | | | | | | | | | * g10/gpg.c (oWithV5Fingerprint): New. (opts): Add new option. (main): Set option. * g10/options.h (opt): Add with_v5_fingerprint. * g10/keyid.c (hash_public_key): Factor out to ... (do_hash_public_key): this. Add new arg to foce v5 style hashing. (v5_fingerprint_from_pk): New. (v5hexfingerprint): New. * g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys if the option is set. -- GnuPG-bug-id: 6705
* gpgsm: Add --always-trust feature.Werner Koch2023-08-311-0/+20
| | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (opt): Re-purpose unused flag always_trust. (struct server_control_s): Add "always_trust". (VALIDATE_FLAG_BYPASS): New. * sm/gpgsm.c (oAlwaysTrust): New. (opts): Add "--always-trust" (main): Set option. * sm/server.c (option_handler): Add option "always-trust". (reset_notify): Clear that option. (cmd_encrypt): Ditto. (cmd_getinfo): Add sub-command always-trust. * sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS. * sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients in always-trust mode. -- GnuPG-bug-id: 6559
* doc: Add some hints for AD queries.Werner Koch2023-08-241-0/+65
| | | | | | -- This is repo only.
* dirmngr: Add doc for faked-system-timeAndre Heinecke2023-07-211-0/+7
| | | | | | | | | | | * dirmngr/dirmngr.c (gpgrt_opt_t): Use string for oFakedSystemTime. (oFakedSystemTime): Use similar conversion as gpgsm has. * dirmngr/dirmngr.texi (faked-system-time): Document it. -- For testing X509 certificates this is usually required and then confusing that the example from the gpgsm man page does not work for dirmngr.
* wks: Make --add-revocs the default.Werner Koch2023-06-211-1/+3
| | | | | | | | * tools/gpg-wks-client.c (opt): New option --no-add-revocs. (main): Make --add-revocs the default. (command_send): Rename to ... (command_create): to match the command name.
* dirmngr: New option --ignore-crl-extensions.Werner Koch2023-06-191-0/+9
| | | | | | | | | | | | | | * dirmngr/dirmngr.c (oIgnoreCRLExtension): New. (opts): Add --ignore-crl-extension. (parse_rereadable_options): Add to list/ * dirmngr/dirmngr.h (opt): Add ignored_crl_extensions. * dirmngr/crlcache.c (crl_cache_insert): Implement option. -- This option is is useful for debugging problems with new CRL extensions. It is similar to --ignore-cert-extension. GnuPG-bug-id: 6545
* dirmngr: New option --compatibility-flags.Werner Koch2023-06-151-0/+8
| | | | | | | * dirmngr/dirmngr.c (oCompatibilityFlags): NEw. (opts): Add option --compatibility-flags. (compatibility_flags): New. (parse_rereadable_options): Parse them.
* gpgtar: New option --no-compress.Werner Koch2023-06-151-0/+6
| | | | | | | | | * tools/gpgtar.c: Add option --no-compress. * tools/gpgtar.h (opt): Add field no_compress. * tools/gpgtar-create.c (gpgtar_create): Pass -z0 to gpg. -- This option is probably easier to remember than --gpg-args '-z0'.
* gpg: New option --no-compress as alias for -z0.Werner Koch2023-06-151-7/+12
|
* gpgsm: New option --input-size-hint.Werner Koch2023-06-151-0/+10
| | | | | | | | | | | | | | | | | | * sm/gpgsm.c (oInputSizeHint): New. (opts): Add "--input-size-hint". (main): Set option. * sm/server.c (option_handler): Add option "input-size-hint". * sm/gpgsm.h (struct server_control_s): Add field input_size_hint. * sm/encrypt.c (gpgsm_encrypt): Set the toatl file size. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- This option allows to set a value for the progress output line. Note that as of now there is no other way to set the file size. GnuPG-bug-id: 6534
* gpg: Add --list-filter properties key_expires and key_expires_d.Werner Koch2023-06-091-0/+6
| | | | | | | | | | | | | | | | * g10/import.c (impex_filter_getval): Support new filter properties. -- Here is how to list all subkeys expiring in the year 2061: gpg --list-keys --list-filter 'select= sub/key_expires_d -gt 2061-01-01 \ && sub/key_expires_d -lt 2061-12-31' To list all primary key expirations, use the "pub/" prefix and to list all expiration dates use no prefix. GnuPG-bug-id: 6509
* doc: Replace remaining "gpg2" by "gpg".Werner Koch2023-06-013-11/+10
| | | | --
* gpg: New option --debug-ignore-expiration to help with testing.Werner Koch2023-05-091-4/+9
| | | | | | | | | | | | | * g10/gpg.c (oDebugIgnoreExpiration): New. (opts): Add option. (main): Set flag. * g10/options.h (opt): Add field ignore_expiration. * g10/pkclist.c (do_we_trust): Handle the option. * g10/getkey.c (skip_unusable): Ditto. (finish_lookup): Ditto. -- GnuPG-bug-id: 2703
* gpg: New command "openpgp" for --card-edit.Werner Koch2023-04-201-4/+7
| | | | | | | | | | | | | | | | | | * g10/card-util.c (current_card_status): Print a hint for fishy outputs. (enum cmdids): Add cmdOPENPGP. (cmds): Add "openpgp". (card_edit): Implement that command. -- If a Yubikey has been used in PIV mode the initial listing does not look correct. Although we explicitly switch to the OpenPGP app when needed, we don't want to do this in listing mode. Instead we offer a new command "openpgp" to force the openpgp mode. The ultimate goal will be to enhance the gpg-card tool to completely take over the --card-edit features. But we are not yet there. GnuPG-bug-id: 6462
* ssh: Allow to prefer on-disk keys over active card keys.Werner Koch2023-04-181-1/+36
| | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Redefine the order of keys. -- GnuPG-bug-id: 6212
* gpg: New option --assert-signer.Werner Koch2023-04-052-9/+28
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner. (opts): Add "assert-signer". (main): Set option. (assert_signer_true): New var. (g10_exit): Evaluate new var. * g10/main.h (assert_signer_true): Declare new var. * common/status.h (STATUS_ASSERT_SIGNER): New. * g10/options.h (opt): Add field assert_signer_list. * g10/verify.c (is_fingerprint): New. (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call that function. Clear assert_signer_true on a warning. * g10/gpgv.c: Add dummy function and vars. * g10/t-keydb-get-keyblock.c: Ditto. * g10/t-keydb.c: Ditto. * g10/t-stutter.c: Ditto. --
* Use the keyboxd for a fresh installWerner Koch2023-04-041-1/+3
| | | | | | | | | | | | * common/homedir.c (gnupg_maybe_make_homedir): Also create a common.conf. * g10/keydb.c: Include comopt.h. (maybe_create_keyring_or_box): Detect the creation of a common.conf. * g10/gpg.c (main): Avoid adding more resources in this case. * sm/keydb.c: Include comopt.h. (maybe_create_keybox): Detect the creation of a common.conf. * common/comopt.h (comopt): Remove the conditional "extern".
* agent: Add trustlist flag "de-vs".Werner Koch2023-04-031-0/+5
| | | | | | | | | | | | | | | | * agent/trustlist.c (struct trustitem_s): Add field de_vs. (read_one_trustfile): Parse it. (istrusted_internal): Emit TRUSTLISTFLAG status line. * sm/gpgsm.h (struct rootca_flags_s): Add field de_vs. * sm/call-agent.c (istrusted_status_cb): Detect the flags. * sm/sign.c (write_detached_signature): Remove unused vars. -- Right now this flag has no effect; we first need to specify the exact behaviour. GnuPG-bug-id: 5079
* gpgsm: Remove conditional compilation for older libksba versions.Werner Koch2023-03-312-1/+26
| | | | | | | | | * sm/sign.c (add_signed_attribute): Return an error because the option --attribute is not yet working. -- We require libskba 1.6 anyway.
* gpg: New command --quick-add-adskWerner Koch2023-03-211-0/+9
| | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add aQuickAddADSK. (opts): Add --quick-add-adsk. (main): Call the actual function. * g10/keyedit.c (keyedit_quick_addadsk): New. (menu_addadsk): Add arg adskfpr and change caller. -- GnuPG-bug-id: 6395
* gpgsm: New option --no-pretty-dnWerner Koch2023-03-161-0/+9
| | | | | | | | * sm/gpgsm.c (oNoPrettyDN): New. (opts): Add --no-pretty-dn. (main): Implement. * sm/gpgsm.h (opt): Add no_pretty_dn. * sm/certdump.c (gpgsm_es_print_name): Act upon.
* gpgtar: Print a result status with skiupped files.Werner Koch2023-03-151-0/+11
| | | | | | | * tools/gpgtar.h (struct tarinfo_s): Add new fields. * tools/gpgtar-extract.c (check_suspicious_name): Add arg info. (extract_regular): Count files. (gpgtar_extract): Print stats.
* agent: Make --disable-extended-key-format a dummy option.Werner Koch2023-03-131-9/+5
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): Remove enable_extended_key_format. * agent/gpg-agent.c (enum cmd_and_opt_values): Turn oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy options. * agent/protect.c (do_encryption): Remove arg use_ocb and corresponding code. (agent_protect): Ditto. Change all callers. * agent/findkey.c (agent_write_private_key): Simplify due to the removal of disable-extended-key-format. (write_extended_private_key): Fold into agent_write_private_key. -- This change is related to GnuPG-bug-id: 6386 but should have no visible effect except for the removal of option --disable-extended-key-format.
* gpg,gpgsm: New option --log-timeWerner Koch2023-03-082-0/+8
| | | | | | | | | | | * g10/gpg.c (oLogTime): New. (opts): Add "log-time". (opt_log_time): New var. (main): Implement. * sm/gpgsm.c (oLogTime): New. (opts): Add "log-time". (opt_log_time): New var. (main): Implement.
* gpgsm: Strip trailing zeroes from detached signatures.Werner Koch2023-03-081-2/+4
| | | | | | | | | | | | | | | | * common/ksba-io-support.c: Include tlv.h (struct reader_cb_parm_s): Add new fields. (starts_with_sequence): New. (simple_reader_cb): Handle stripping. * common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New. (gnupg_ksba_create_reader): Handle the new flag. * sm/verify.c (gpgsm_verify): Use the new flag for detached signatures. -- Note that this works only if --assume-binary is given. The use case for the feature is PDF signature checking where the PDF specs require that the detached signature is padded with zeroes.
* doc: Typo fixes and new notes in DETAILSWerner Koch2023-03-031-0/+6
| | | | --
* gpg: Allow adding of Additional Decryption Subkeys.Werner Koch2023-03-012-11/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/free-packet.c (copy_public_key): Factor some code out to ... (copy_public_key_basics): new. * g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints. * g10/packet.h (PUBKEY_USAGE_RENC): Fix value. (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c. (SIGNHINT_ADSK): New. (PKT_public_key): Change pubkey_usage from byte to u16. (PKT_user_id): Cosmetic fix: change help_key_usage from int to u16. * g10/getkey.c (parse_key_usage): Make public. * g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in account. * g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK. (make_keysig_packet): Ditto. (do_sign): No time warp check in ADSK mode. * g10/sig-check.c (check_signature_metadata_validity): Ditto. * g10/keygen.c (struct opaque_data_usage_and_pk): Remove. (write_keybinding): Do not use the removed struct. (do_add_key_flags): Support PUBKEY_USAGE_RENC and others. (keygen_add_key_flags_and_expire): Rewrite and make public. * g10/keyedit.c (enum cmdids): Add cmdADDADSK. (keyedit_menu): Add command "addadsk". (menu_addadsk): New. -- This makes use of a new encryption flag: The "restricted encryption key" (2nd,0x04) does not take part in any automatic selection of encryption keys. It is only found on a subkey signature (type 0x18), one that refers to the key the flag applies to. Followup patches will add encryption support and a --quick command. GnuPG-bug-id: 6395
* gpg: New option --add-desig-revokerWerner Koch2023-02-161-0/+13
| | | | | | | | | | | | * g10/gpg.c (oAddDesigRevoker): New. (opts): Add new option. * g10/options.h (opt): Add field desig_revokers. * g10/keygen.c (get_parameter_idx): New. (get_parameter): Make use of get_parameter_idx. (prepare_desig_revoker): New. (get_parameter_revkey): Add arg idx. (proc_parameter_file): Add designated revokers. (do_generate_keypair): Write all designated revokers.
* doc: Put the Unattended Usage of GPG section also into the man page.Werner Koch2023-02-161-28/+17
| | | | --
* gpg: New list-option --show-unusable-sigs.Werner Koch2023-02-071-0/+4
| | | | | | | | | | | | | | | | | | | * g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New. * g10/gpg.c (parse_list_options): Add "show-unusable-sigs". * g10/keydb.h (keyid_eq): New. (pk_is_primary): New. * g10/keylist.c (list_signature_print): Early return for weak key signatures. Print "self-signature" instead of user-id. (list_keyblock_print): Simplify and always set self-sig node flag. -- This patch avoid the printing of often hundreds of "Invalid digest algorithm" notices during key signature listings if those key signatures were done with SHA1. The new option can be used to revert the behaviour. We now also print "[self-signature]" with --check-sigs or --list-sigs instead of the primary user id. This makes such listing easier to read.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-25 15:29:01 +0000