| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
* g10/gpg.c (oNoAutoKeyUpload): New.
(opts): Add "no-auto-key-upload".
(main): Clear the flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (opt.flags): Add member auto_key_upload.
(EXPORT_NO_STATUS): New.
(KEYSERVER_LDAP_ONLY): New.
(KEYSERVER_WARN_ONLY): New.
* g10/gpg.c (oAutoKeyUpload): New.
(opts): New option --auto-key-upload.
(main): Set option.
* g10/keyserver.c (keyserver_export_pubkey): New.
(keyserver_put): Take care of the WARN_ONLY and LDAP_ONLY options.
Delay printing of the EXPORTED status.
* g10/keygen.c (do_generate_keypair): Export new key if option is set.
* g10/export.c (do_export_one_keyblock): Take care of the NO_STATUS
option.
(print_status_exported): Move function to ...
* g10/cpr.c (write_status_warning): here and make public.
--
This change also fixes a bug with --send-key which used to emit an
EXPORTED line before actually sending the key to the dirmngr. Thus if
the upload failed a EXPORTED status has already been emitted.
GnuPG-bug-id: 7333
This is the first part which handles the new key case. We also need
to implement an upload after key modifications.
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/trustlist.c (read_one_trustfile): Enabled the relax flag be
default. Add new keyword "norelax".
--
In any real world settings the "relax" flag is always set. Thus it is
better to make it the default and provide a way to disable it. In
fact, it is questionable whether this flag make sense at all. It is
some kind of legacy thing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/trustlist.c (struct trustitem_s): Add flag "noconsent".
(read_one_trustfile): Set flag.
(istrusted_internal): Emit flag value.
* sm/call-agent.c (istrusted_status_cb): Parse flag.
* sm/certchain.c (do_validate_chain): Handle flag by using a different
true value for an existing variable.
* sm/sign.c (gpgsm_sign): Consult the new flag.
* sm/gpgsm.c (enum cmd_and_opt_values): Add oNoQESNote.
(opts): Add option --no-qes-note.
* sm/gpgsm.h (opt): Add field no_qes_note.
(struct rootca_flags_s): Add flag noconsent.
* sm/sign.c (gpgsm_sign): Take care of the noconsent flag.
* sm/qualified.c (gpgsm_qualified_consent): Take care of no_qes_note.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 7713
|
| |
|
|
|
| |
* sm/gpgsm.c (set_debug): Do not set the IPC debug flag when using
some debug-levels.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-ldap.c (SERVERINFO_CNFPR): New. Replace all
SERVERINFO_NTDS with this one.
(interrogate_ldap_dn): Parse "cnfpr" flag and set SERVERINFO_CNFPR.
Set this flag also for "ntds".
* doc/ldap/gnupg-ldap-init.ldif (pgpVersion): Suggest the use of the
"cnfpr" flag.
--
Note that SERVERINFO_NTDS is currently not anymore used directly but
we keep it in case we need to do other NTDS specific things in the
future.
The advantage of using a fingerprint for referencing a key is that
there won't be any collisions in the keyid. Further this unifies the
schema with an LDS (Windows) installation where DNs must anyway be
unique. But take care the client needs to support this new flag.
GnuPG-bug-id: 7742
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (KEYSERVER_UPDATE_BEFORE_SEND): New.
* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_SILENT): New.
(KEYSERVER_IMPORT_FLAG_ONLYFPR): New.
(KEYSERVER_IMPORT_FLAG_UPDSEND): New.
* g10/gpg.c (main): Set default keyserver_options to
update-before-send.
* g10/keyserver.c (keyserver_opts): Add option "update-before-send".
(keyserver_export): Add optional arg assume_new_key.
(keyserver_import): Add arg flags. Act upon the new
KEYSERVER_IMPORT_FLAG_xxx values and pass flags on.
(keyserver_get_chunk): Ditto.
(keyserver_put): Add optional arg assume_new_key. Implement
update-before-send feature.
* g10/import.c (import_one_real): Take care of IMPORT_MERGE_ONLY when
passes in the option arg. Required for the update-before-send
feature.
--
This featureis enabled by default bu can be disabled using
--keyserver-flags no-update-before-send .
GnuPG-bug-id: 7730
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (print_matching_notations): New.
* g10/mainproc.c (check_sig_and_print): Call this.
* g10/options.h (opt): Add field print_notations.
* g10/gpgv.c (oPrintNotation): New.
(opts): Add "print-notation".
(main): Implement.
--
I had the code floating around but can't remember what triggered me to
write this. But it might eventually be useful, so better apply it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (gnupg_manu_notation_value): New.
* g10/build-packet.c (name_value_to_notation): New.
* g10/options.h (COMPAT_NO_MANU): New.
(LIST_SHOW_HIDDEN_NOTATIONS): New.
(VERIFY_SHOW_HIDDEN_NOTATIONS): New.
* g10/gpg.c (compatibility_flags): Add "no-manu".
(parse_list_options): Add "show-hidden-notations".
(main): Ditto for verify-options.
* g10/import.c (list_standalone_revocation): Implement new list option.
* g10/mainproc.c (check_sig_and_print):Ditto
* g10/keyedit.c (keyedit_print_one_sig): Ditto.
* g10/keylist.c (list_signature_print): Ditto.
(show_notation): Handle hidden notation.
* sm/keylist.c (oidtranstbl): Add OID for manu.
* g10/sign.c (mk_notation_policy_etc): Add arg with_manu and insert
extra notation.
(write_signature_packets): Request manu notation in certain cases.
(make_keysig_packet): Ditto.
--
See DETAILS for a description of the format. Obviously this leaks the
version of the used GnuPG version (major and minor only) and the fact
that it was generated by GnuPG. However, by close inspection of the
order of packets and and other meta data similar information can be
found. We include this information to help the support desk to figure
out problems. Sometimes users have very very old versions and the
help desk needs to employ core developers to figure the cause. Having
this information may eventually allow for better user support. This
feature can be disabled unless certain compliance modes are enabled.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.h (opt): Add user_agent.
* dirmngr/dirmngr.c (oUserAgent): New.
(opts): Add "user-agent".
(parse_rereadable_options): Set option.
* dirmngr/ks-engine-hkp.c (send_request): Send User-Agent.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
--
Note that the http_open_document function is not used by dirmngr. If
it ever gets used we may want to add a way to configure the http.c
module with a user-agent string, so that it is send by the
send_request function and we do not need to explictly do that in the
caller.
GnuPG-bug-id: 7715
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* g10/keylist.c (list_keyblock_colon): Print the revocation reasons in
the pub record's comment field.
--
GnuPG-bug-id: 7083
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/helpfile.c (gnupg_get_template): Add arg locale_override and
adjust all callers.
* tools/wks-receive.c (struct receive_ctx_s): Add field ct_language.
(get_language): New.
(new_part): Call it.
(wks_receive): Pass language to the result callback.
* tools/gpg-wks-client.c (short_locale): New.
(main): Get and store the current locale.
(command_create): Fix a glitch for the Posteo hack. Insert the locale
into the confirmation request.
(send_confirmation_response): Ditto.
* tools/gpg-wks-server.c (struct server_ctx_s): Add field language.
(only_ascii): New.
(struct my_subst_vars_s, my_subst_vars_cb, my_subst_vars): New.
(send_confirmation_request): Use a template.
(send_congratulation_message): Ditto.
(check_and_publish): Pss ctx to send_congratulation_message.
(command_receive_cb): Add arg language.
* doc/wks-utils.txt, doc/wks-utils.de.txt: New.
* doc/Makefile.am (helpfiles): Add them.
--
GnuPG-bug-id: 7381
Note that the subject is not yet translated or templated due to a
missing header encoding function.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-mail-tube.c: Include i18n.h.
(main): Call i18n.h
(only_ascii): New.
(mail_tube_encrypt): Use a template or fallback to the old version.
* doc/mail-tube.txt, doc/mail-tube.de.txt: Two standard templates.
* doc/Makefile.am (helpfiles): Add them.
--
GnuPG-bug-id: 7381
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/cache.c (compute_expiration): Expire newly created entry when
max-cache-ttl is zero.
--
Fixes-commit: 92de0387f04b1e87a4a49ed063323624f25ac3ef
GnuPG-bug-id: 6681
Suggested-by: Lucas Mulling <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (aQuickTSignKey): New.
(opts): Add new command.
(main): Parse args for it.
* g10/keyedit.c: Include mbox-util.h.
(parse_trustsig_string): New.
(sign_uids): Add arg trustsig for use in quick mode.
(keyedit_quick_sign): Also add arg trustsig and print a diagnostic on
error.
|
| |
|
|
|
|
|
|
|
| |
* g10/keyedit.c (SIGN_UIDS_LOCAL): New.
(SIGN_UIDS_NONREVOCABLE): New.
(SIGN_UIDS_TRUSTSIG): New.
(SIGN_UIDS_INTERACTIVE): New.
(SIGN_UIDS_QUICK): New.
(sign_uids): Replace several boolean args by flags arg.
|
| |
|
|
|
|
|
| |
* g10/options.h (LIST_SHOW_TRUSTSIG): New.
* g10/gpg.c (parse_list_options): Add "show-trustsig".
* g10/keylist.c (parse_trust_name): New.
(list_signature_print): Print trust signature info.
|
| |
|
|
| |
--
|
| |
|
|
| |
* g10/keygen.c (read_parameter_file): Add keyword "User-Id".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_learn): Allow for s/n argument.
* agent/learncard.c (agent_handle_learn): Ditto.
* agent/call-scd.c (agent_card_learn): Ditto. Pass it on to scd.
* scd/command.c (cmd_switchcard): Factor most code out to ...
(switchcard_core): new.
(cmd_learn): Add option --demand to specify a s/n.
* sm/gpgsm.c (main): Allow a s/n argument for --learn-card.
--
This help Kleopatra to get a stable certificate listing.
GnuPG-bug-id: 7379
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/recsel.c (struct recsel_expr_s): Add field lefta.
(recsel_parse_expr): Parse it.
(recsel_select): Implement selection.
--
This flags makes it for example easy to select keys last updated from
an ldap server:
gpg --list-filter 'select=origin=ks && -^ url =~ ldap' \
-k --with-key-origin
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/session-env.c (stdenvnames): Add field "disabled".
(INITIAL_ARRAYSIZE): Increase size a bit.
(session_env_mod_stdenvnames): New.
(session_env_list_stdenvnames): Handle the disabled flag.
* agent/gpg-agent.c (oChangeStdEnvName): New.
(opts): Add --change-std-env-name.
(main): Implement option.
--
GnuPG-bug-id: 7522
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* doc/Makefile.am: Ship gnupg.7.html with other html, not with
manpages.
--
Without this change, gnupg.7.html gets placed in /usr/share/manh/
Since it can't be correctly rendered by groff, this is undesirable.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (flags): Add field disable_pqc_encryption.
* g10/gpg.c (oDisablePQCEncryption): New.
(opts): Add --option.
(main): Set option.
* g10/getkey.c (finish_lookup): Skip subkeys if option is set.
--
This option can be used to avoid the use of Kyber encryption subkeys
if this does not make sense (i.e. protection of local files).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (set_compliance_option): Base most settings on oGnuPG.
For oGnuPG explictly clear the allow_old_cipher_algos flag.
--
Note that --allow-old-cipher-algos must now come after a compliance
settings. This avoids a bug when first setting oRFC2440 and then
oGnuPG which would not clear the flag.
GnuPG-bug-id: T7501
|
| |
|
|
|
|
|
|
|
|
| |
* doc/gpg.texi (Compliance options): Explain that when multiple
--compliance options are given, the final one supersedes any previous
option.
--
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oNoProtection): New.
(opts): Add "--no-protection".
(main): PArse it.
* sm/gpgsm.h (struct server_control_s): Add field no_protection.
* sm/server.c (option_handler): Add option "no-protection".
(reset_notify): Clear option.
* sm/export.c (export_p12): Use empty passphrase if option is set.
|
| |
|
|
|
|
|
| |
* sm/call-agent.c (gpgsm_agent_genkey): Add arg no_protection.
* sm/certreqgen.c (struct reqgen_ctrl_s): Add field no_protection.
(read_parameters): Add keyword "%no-protection".
(proc_parameters): Pass no_protection to gpgsm_agent_genkey.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (opts): Rename option supervised.
* dirmngr/dirmngr.c (opts): Ditto.
--
The --supervised way to start gpg-agent has been deprecated for 2.5
years and will probably entirely removed with version 2.6.0. To allow
its use until its removal the systemd service description need to be
adjusted to use this option. The reason for the deprecation are
conflicts with the way systemd starts gpg-agent and gpg expects how
gpg-agent is started. In particular gpg expects that the gpg-agent
matching its own version is started. Further the systemd way is not
portable to other platforms and long term experience on Windows has
show that the standard way of starting gpg-agent is less error prone.
Note to those who want to re-introduse this option: Pretty please do
not use socket names conflicting with our standard socket names. For
example use /run/user/1000/foo-gnupg/S.gpg-agent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if
PQC encryption was required or if all recipient keys are Kyber keys.
--
If --require-pqc-encryption was set, then it should be safe to always
force AES-256, without even checking if we are encrypting to Kyber keys
(if some recipients do not have Kyber keys, --require-pqc-encryption
will fail elsewhere).
Otherwise, we force AES-256 if we encrypt *only* to Kyber keys -- unless
the user explicitly requested another algo, in which case we assume they
know what they are doing.
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <[email protected]>
Man page entry extended
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* g10/keylist.c (list_keyblock_colon): Put the algo string into the
curve field for Kyber.
--
GnuPG-bug-id: 6638
|
| |
|
|
|
|
|
|
| |
* g10/import.c (parse_import_options): Add a description to
only-pubkeys.
--
See gnupg-devel for a brief discussion.
|
| |
|
|
|
|
|
|
| |
* tools/gpgtar.c (main): Do it.
--
This makes the interactive use of gpgtar more convenient and is more
aligned to what gpg and gpgsm do.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (assumed_de_vs_compliance): New.
(get_compliance_cache): Check envvar and fake compliance.
(gnupg_status_compliance_flag): Return 2023 for de-vs if in faked
mode.
* g10/gpg.c (gpgconf_list): For compliance_de_vs return 23 or 2023.
--
The user visible changes are that
GNUPG_ASSUME_COMPLIANCE=de-vs gpgconf --list-options gpg \
| awk -F: '$1=="compliance_de_vs" {print $8}'
returns 2023 if "compliance de-vs" is found in gpg.conf. If
eventually the software is arpproved the returned value will be 23 and
not 1 as it was before. Consumers should check whether they see value
of true (Kleopatra does this right now) and also check whether the
value is > 2000 and in this case print a beta/non-approved warning.
The envvar is currently used to assume that the underlying libgcrypt
is compliant and approved. This is not yet the case but eventually
libgcrypt will announce this itself and from then on the envvar is not
anymore required for testing.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--
GnuPG-bug-id: 7286
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (--enable-gpg-is-gpg2): Remove option.
(USE_GPG2_HACK): Remove var.
* common/homedir.c (gnupg_module_name): Remove code for gpg2
installation option.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (noinst_PROGRAMS): Ditto.
* doc/gpg.texi: Ditto.
* doc/gpgv.texi: Ditto.
--
This option and all its build stuff does not make anymore sense. gpg1
is way too old for anyone to use on a regualar base along with a
standard gpg. It is better to rename that single gpg (1.4) binary to
gpg1 and adjust any scripts.
|
| |
|
|
|
|
|
|
| |
* doc/Makefile.am (myman_pages): Add gpg and gpgv.
(USE_GPG2_HACK): Remove conditional.
(myhtmlman_pages): New.
(DISTCLEANFILES): Add html pages.
--
|
| |
|
|
|
|
|
|
| |
* tools/gpg-mail-tube.c (oAsAttach): NEw.
(opts): Add --as-attach.
(opt): Add .as_attach.
(parse_arguments): Set it.
(mail_tube_encrypt): Detect plain text and hhandle new option.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (proc_tree): Do not stop signature checking if this
new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--
GnuPG-bug-id: 7261
|
| |
|
|
|
|
|
|
| |
* configure.ac (YAT2M): Use standard detection.
* doc/Makefile.am (EXTRA_DIST): Remove yat2m.c.
(CLEANFILES): Ditto.
(yat2m): Remove targets.
(yat2m-stamp): Also build html versions.
|
| |
|
|
| |
--
|
