aboutsummaryrefslogtreecommitdiffstats
path: root/doc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg: New command --quick-revoke-sigWerner Koch2020-10-281-0/+11
| | | | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig. (opts): Add --quick-revoke-sig. (main): Implement. * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and adjust all callers. (keyedit_quick_revsig): new. * g10/revoke.c (get_default_sig_revocation_reason): New. * g10/keylist.c (cmp_signodes): Make global. -- GnuPG-bug-id: 5093
* gpg: Sort the signatures in standard key listings.Werner Koch2020-10-271-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (parse_list_options): Add "sort-sigs". (main): Make it the default. * g10/options.h (LIST_SORT_SIGS): New. * g10/keylist.c (cmp_signodes): New. (list_keyblock_print): Sort signatures and factor signature printing code out to ... (list_signature_print): new. -- In particular together with --full-timestamps this makes it easier to see the history of key signatures and their revocations. The self-signatures are also printed first. To disable this --list-options no-sort-sigs can be used. Also don't print the annoying "no recocation reason specified" message. Signed-off-by: Werner Koch <[email protected]>
* common: Allow building with released libgpg-error.Werner Koch2020-10-231-1/+2
| | | | | | | | * common/sysutils.c (gnupg_access) [W32]: Fix for older libgpgrt. -- Fixes-commit: c94ee1386e0d5cdac51086c4d5b92de59c09c9b5 Signed-off-by: Werner Koch <[email protected]>
* doc: Add notes on how to setup LDAPWerner Koch2020-10-073-0/+681
| | | | --
* dirmngr: Add warning on the use of --add-servers.Werner Koch2020-10-051-11/+16
| | | | | * tools/gpgconf-comp.c (known_options_dirmngr): Degrade add-servers to expert mode.
* doc: Remove enable-extended-key-format in vsnfdAndre Heinecke2020-10-011-1/+0
| | | | | | | | | | * doc/examples/vsnfd.prf: Remove enable-extended-key-format -- This is no longer a valid option for gpg-agent because it is now the default. (cherry picked from commit d833030f8cf646b5de83d01fc3e412ad77ec4b1c)
* gpg: New experimental import option "bulk-import"Werner Koch2020-09-241-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_BULK): New. * g10/import.c (parse_import_options): Add "bulk-import". * g10/call-keyboxd.c (in_transaction): New var. (gpg_keyboxd_deinit_session_data): Run a commit if in bulk import mode. (create_new_context): Run a begin transaction if in bulk import mode. -- Initial tests with this option are not very promising. Importing about 3000 real world keys with --use-keyboxd and full logging took: real 33m31.724s user 19m54.265s sys 2m49.662s With bulk-import this saves a mere 12%: real 29m36.542s user 19m3.391s sys 2m46.728s Signed-off-by: Werner Koch <[email protected]>
* keyboxd: Extend PUBKEY_INFO status line with an uid ordinal.Werner Koch2020-09-221-1/+5
| | | | | | | | | | | | | | | | | | | | * kbx/backend-sqlite.c (table_definitions): Add column UINO to userids. (be_sqlite_local_s): Add fields select_col_uidno and select_col_subkey. (run_select_statement): Also select subkey or uidno column. (be_sqlite_search): Return their values. (store_into_userid): Store the UIDNO. * kbx/backend-support.c (be_return_pubkey): Extend PUBKEY_INFO. -- For an existing database adding the new column to the table userid is straightforward. However if the original version of the schema used an integer for the keyid column, that column has likely be renamed. Make sure that the NOT NULL constraint has also be removed; check the SQLite documentation on how this can be done. Signed-off-by: Werner Koch <[email protected]>
* scd: Extend KEYPAIRINFO with an algorithm string.Werner Koch2020-09-211-4/+5
| | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (send_keypair_info): Emit the algo string as part of a KEYPAIRINFO. * scd/command.c (do_readkey): Ditto. * scd/app-piv.c (do_readkey): Ditto. * scd/app-nks.c (do_learn_status_core): Ditto. (struct fid_cache_s): Add field algostr. (flush_fid_cache): Release it. (keygripstr_from_pk_file): Fill it and add it to the cache. Use a single exit label. * scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg r_algostr. Change all callers. -- This is helpful so that callers do not need to parse the key for this basic information. Use "scd readkey --info-only" to return the info status line instead of the key material; using just --info returns the info in addition to the key material. Signed-off-by: Werner Koch <[email protected]>
* doc: Some documentation updates.Werner Koch2020-09-213-10/+77
| | | | | | -- Also fixed some typos and documented soon to be used OIDs
* keyboxd: Add ephemeral and revoked flag to the sqlite backend.Werner Koch2020-09-111-1/+5
| | | | | | | | | | | | | | | | * kbx/backend-support.c (be_return_pubkey): Add args is_ephemeral and is_revoked. Adjust callers. * kbx/backend-sqlite.c: Alter table pubkey to add new columns. (run_select_statement): Add new column to all selects. (be_sqlite_search): Return the new flags. -- For existing test databases the new column can be added with: alter table pubkey add ephemeral integer not null default 0; alter table pubkey add revoked integer not null default 0; Signed-off-by: Werner Koch <[email protected]>
* doc: Update and extend module overviewAndre Heinecke2020-09-101-90/+274
| | | | | | | | | | * doc/gnupg-module-overview.svg: Add examples of GPGME aware applications -- Whenever I used this overview I needed to explain what this meant so giving examples might help a bit and also illustrate the codesharing between GpgOL, Kleopatra and KMail.
* scd: Parse "Algorithm Information" data object in scdaemon.NIIBE Yutaka2020-09-041-0/+6
| | | | | | | | * scd/app-openpgp.c (data_objects): 0x00FA for binary data. (do_getattr): Parse the data and send it in status lines. (get_algorithm_attribute_string): New. Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Fix typosGavin L. Rebeiro2020-08-282-2/+2
| | | | --
* doc: Add a remark about keyservers.Werner Koch2020-08-271-0/+5
| | | | --
* examples: Simplify vsnfd.prfWerner Koch2020-08-251-1/+0
| | | | * doc/examples/vsnfd.prf: Remove default-new-key-algo option.
* gpgtar,w32: Handle Unicode file names.Werner Koch2020-08-211-0/+6
| | | | | | | | | | | | | | | | | | | | | | * tools/gpgtar.c (oUtf8Strings): New. (opts): Add option --utf8-strings. (parse_arguments): Set option. * tools/gpgtar.h (opt): Add field utf8strings. * tools/gpgtar-create.c (name_to_utf8): New. (fillup_entry_w32): Use that. (scan_directory): Ditto. (scan_directory) [W32]: Convert file name to utf8. (gpgtar_create): Convert pattern. -- Note that this works only with file names read from a file or if the specified files on the command line are plain ascii. When recursing into a directory Unicode file names work again. This limitation is due to main(int, char**) which can't get the wchar version. We could fix that but is needs a bit more work in our init code. GnuPG-bug-id: 4083 Signed-off-by: Werner Koch <[email protected]>
* gpgtar: Add dummy option --tarWerner Koch2020-08-201-0/+5
| | | | | | | -- GnuPG-bug-id: 3772 Signed-off-by: Werner Koch <[email protected]>
* doc: Describe the relation between pubring.gpg and pubring.kbxWerner Koch2020-08-201-6/+34
| | | | | -- GnuPG-bug-id: 4958
* gpg: Fix regression for non-default --passphrase-repeat option.Werner Koch2020-08-201-1/+4
| | | | | | | | * agent/command.c (cmd_get_passphrase): Take care of --repeat with --newsymkey. -- GnuPG-bug-id: 4997
* Add --chuid to gpg, gpg-card, and gpg-connect-agent.Werner Koch2020-08-143-33/+63
| | | | | | | | | | | | | | | | | | | * g10/gpg.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. Delay setting of homedir until the new chuid is done. * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is done. * tools/gpg-card.c (oChUid): New. (opts): Add --chuid. (changeuser): New helper var. (main): Implement --chuid. * tools/gpg-connect-agent.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. -- Signed-off-by: Werner Koch <[email protected]>
* doc: Add a list of RFCS to DETAIL.Werner Koch2020-08-131-0/+13
| | | | --
* gpgsm: New option --chuid.Werner Koch2020-08-061-0/+11
| | | | | | | | | | * sm/gpgsm.c (oChUid, opts): New option --chuid. (main): Implement option. -- This option will at least be useful for Scute. Signed-off-by: Werner Koch <[email protected]>
* gpgconf: New option --chuid.Werner Koch2020-08-062-1/+11
| | | | | | | | * tools/gpgconf.c (oChUid, opts): New option --chuid. (main): Implement. -- Signed-off-by: Werner Koch <[email protected]>
* sm: Also show the SHA-256 fingerprint.Werner Koch2020-08-041-2/+3
| | | | | | | | * sm/keylist.c (list_cert_colon): Emit a new "fp2" record. (list_cert_raw): Print the SHA2 fingerprint. (list_cert_std): Ditto. Signed-off-by: Werner Koch <[email protected]>
* Support a history file in gpg-card and gpg-connect-agent.Werner Koch2020-07-022-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | * common/gpgrlhelp.c (read_write_history): New. (gnupg_rl_initialize): Register new function. * common/ttyio.c (my_rl_rw_history): New var. (tty_private_set_rl_hooks): Add arg read_write_history. (tty_read_history): New. (tty_write_history): New. * tools/gpg-card.c (HISTORYNAME): New. (oNoHistory): New enum value. (opts): New option --no-history. (cmd_history): New. (cmds): New command "history". (interactive_loop): Read and save the history. * tools/gpg-connect-agent.c (HISTORYNAME): New. (opts): New option --no-history. (main): Read and save the history. New command /history. -- Yeah, finally we have stored history; I should have added this much earlier. Signed-off-by: Werner Koch <[email protected]>
* gpg: Extend the TRUST_ status lines.Werner Koch2020-06-091-11/+32
| | | | | | | | | * g10/pkclist.c (write_trust_status): Add arg mbox. (check_signatures_trust): Appenmd mbox to the status lines. -- GnuPG-bug-id: 4735 Signed-off-by: Werner Koch <[email protected]>
* gpg: If possible TRUST values now depend on signer's UID or --sender.Werner Koch2020-06-081-5/+26
| | | | | | | | | | | | | | * g10/mainproc.c (check_sig_and_print): Add failsafe check for PK. Pass KEYBLOCK down do check_signatures_trust. Protect existsing error ocde in case the signature expired. * g10/pkclist.c (is_in_sender_list): New. (check_signatures_trust): Add args keyblock and pk. Add new uid based checking code. * g10/test-stubs.c, g10/gpgv.c: Adjust stubs. -- GnuPG-bug-id: 4735 Signed-off-by: Werner Koch <[email protected]>
* build: Fix recent commit for SOURCE_DATE_EPOCH.Werner Koch2020-06-081-2/+2
| | | | | | | | | | -- Fixes-commit: 074ab108e768b2f946d789c1f3a7f14a65e07c52 which was recently pushed to make use of $SOURCE_DATE_EPOCH as fallback. Also fixes two typos
* doc: Minor enhancement for reproducibility.Werner Koch2020-06-031-0/+2
| | | | | | | | * doc/Makefile.am (defsincdate): In no repo mode and with SOURCE_DATE_EPOCH set, use that instead of blanking the date. -- GnuPG-bug-id: 4947
* card: Allow to store and retrieve keyblocks in OpenPGP cards.Werner Koch2020-05-281-0/+2
| | | | | | | | | | | | * tools/gpg-card.c: Include tlv.h. (cmd_writecert): Add option --openpgp. (cmd_readcert): Ditto. -- We use the CERT object for this and encapsulate the key block in a CMS object. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: New KEY-STATUS attribute.Werner Koch2020-05-271-0/+8
| | | | * scd/app-openpgp.c (do_getattr): Return KEY-STATUS
* sm: Create ECC certificates with AKI and SKI by default.Werner Koch2020-05-191-2/+18
| | | | | | | | * sm/certreqgen.c (create_request): Create AKI and SKI by default. -- GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <[email protected]>
* sm: Print the key types as standard key algorithm strings.Werner Koch2020-05-071-2/+2
| | | | | | | | | | | | | | | | * sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ... (gpgsm_get_key_algo_info2): new. (gpgsm_pubkey_algo_string): New. * sm/keylist.c (list_cert_colon): Put curve into field 17 (list_cert_raw): Print the unified key algotithm string instead of the algo and size. (list_cert_std): Ditto. -- It is important to known whether a 256 bit ECC uses a NIST or a Brainpool curve. Signed-off-by: Werner Koch <[email protected]>
* sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.Werner Koch2020-04-161-3/+8
| | | | | | | | | * sm/certchain.c (find_up): Disable external lookups in offline mode. Always allow AKI lookup if CRLs are also enabled. -- GnuPG-bug-id: 4898 Signed-off-by: Werner Koch <[email protected]>
* indent: Some typo and indentation changes for gpg.Werner Koch2020-04-151-5/+2
| | | | --
* scd: Factor common PIN status check out.Werner Koch2020-04-071-1/+1
| | | | | | | | | | | | | | * scd/iso7816.h (ISO7816_VERIFY_ERROR): New. (ISO7816_VERIFY_NO_PIN): New. (ISO7816_VERIFY_BLOCKED): New. (ISO7816_VERIFY_NULLPIN): New. (ISO7816_VERIFY_NOT_NEEDED): New. * scd/iso7816.c (iso7816_verify_status): New. * scd/app-nks.c (get_chv_status): Use new function. * scd/app-piv.c (get_chv_status): Ditto. (verify_chv): Ditto. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: New attribute "MANUFACTURER".Werner Koch2020-04-031-0/+7
| | | | | | | | | | | | * scd/app-openpgp.c (get_manufacturer): New.. (do_getattr): Add new attribute "MANUFACTURER". (do_learn_status): Always print it. -- This will make it easy to maintain the list of OpenPGP vendors at just one place. Signed-off-by: Werner Koch <[email protected]>
* sm: Consider certificates w/o CRL DP as valid.Werner Koch2020-03-271-0/+8
| | | | | | | | | | | | | | | | | | | * sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP. * common/audit.c (proc_type_verify): Print "n/a" if a cert has no distribution point. * sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check. * sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New. (opts): Add option --enable-issuer-based-crl-check. (main): Set option. -- If the issuer does not provide a DP and the user wants such an issuer, we expect that a certificate does not need revocation checks. The new option --enable-issuer-based-crl-check can be used to revert to the old behaviour which requires that a suitable LDAP server has been configured to lookup a CRL by issuer. Signed-off-by: Werner Koch <[email protected]>
* gpg: Also allow a v5 fingerprint for --trusted-key.Werner Koch2020-03-181-1/+2
| | | | | | | | | * g10/trustdb.c (tdb_register_trusted_key): Add case for 32 octet fingerprints. -- GnuPG-bug-id: 4855 Signed-off-by: Werner Koch <[email protected]>
* gpg: Update --trusted-key to accept fingerprint as well as long key id.Daniel Kahn Gillmor2020-03-181-2/+2
| | | | | | | | | | | | | | | * g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well as long key ID. * doc/gpg.texi: document that --trusted-key can accept a fingerprint. -- GnuPG-bug-id: 4855 Signed-off-by: Daniel Kahn Gillmor <[email protected]> Fixed uses or return and kept the old string to avoid breaking translations. Signed-off-by: Werner Koch <[email protected]>
* doc: Remove duplicate description of --include-key-block.Werner Koch2020-03-141-17/+10
| | | | --
* gpg: New option --auto-key-importWerner Koch2020-03-141-4/+35
| | | | | | | | | | | | | | | | | * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --include-key-block.Werner Koch2020-03-131-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New. * g10/gpg.c (oIncludeKeyBlock): New. (opts): New option --include-key-block. (main): Implement. * g10/options.h (opt): New flag include_key_block. * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK. (parse_one_sig_subpkt): Ditto. (can_handle_critical): Ditto. * g10/sign.c (mk_sig_subpkt_key_block): New. (write_signature_packets): Call it for data signatures. -- This patch adds support for a to be proposed OpenPGP ferature: Introduce the Key Block subpacket to align OpenPGP with CMS. This new subpacket may be used similar to the CertificateSet of CMS (RFC-5652) and thus allows to start encrypted communication after having received a signed message. In practice a stripped down version of the key should be including having only the key material and the self-signatures which are really useful and shall be used by the recipient to reply encrypted. #### Key Block (1 octet with value 0, N octets of key data) This subpacket MAY be used to convey key data along with a signature of class 0x00, 0x01, or 0x02. It MUST contain the key used to create the signature; either as the primary key or as a subkey. The key SHOULD contain a primary or subkey capable of encryption and the entire key must be a valid OpenPGP key including at least one User ID packet and the corresponding self-signatures. Implementations MUST ignore this subpacket if the first octet does not have a value of zero or if the key data does not represent a valid transferable public key. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]>
* gpg: Add property "fpr" for use by --export-filter.Werner Koch2020-03-131-0/+4
| | | | | | | | | | | | | | | | * g10/export.c (push_export_filters): New. (pop_export_filters): New. (export_pubkey_buffer): Add args prefix and prefixlen. Adjust callers. * g10/import.c (impex_filter_getval): Add property "fpr". * g10/main.h (struct impex_filter_parm_s): Add field hexfpr. -- The push and pop feature will help us to use the export filter internally in gpg. Same for the export_pubkey_buffer change. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]>
* Spelling cleanup.Daniel Kahn Gillmor2020-02-187-8/+8
| | | | | | | | | | | | | | | | No functional changes, just fixing minor spelling issues. --- Most of these were identified from the command line by running: codespell \ --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \ --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \ doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \ NEWS README README.maint TODO Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc: Correction of typo in documentation of KEY_CONSIDEREDNick Piper2020-02-181-1/+1
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: New option --full-timestrings.Werner Koch2020-02-131-0/+8
| | | | | | | | | | | | | | | | | | | | | * g10/options.h (opt): Add flags.full_timestrings. * g10/gpg.c (oFullTimestrings): New. (opts): New option. (main): Set new flag. * g10/keyid.c (dateonlystr_from_pk): New. (dateonlystr_from_sig): New. (datestr_from_pk): Divert to isotimestamp if requested. (datestr_from_sig): Ditto. (expirestr_from_pk): Ditto. (expirestr_from_sig): Ditto. (revokestr_from_pk): Ditto. * g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and dateonlystr_from_pk. -- Quite helpful for debugging keys. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Return key creation time as part of KEYPARIINFO.Werner Koch2020-02-131-0/+14
| | | | | | | | | | | | | * scd/app-openpgp.c (send_keypair_info): Reaturn the key creation time as part of a KEYPAIRINFO. (do_readkey): Do not return the KEY-TIME anymore. -- Sending the KEY_TIME status as part of a READKEY command was only recently added. It is better to merge that into the KEYPAIRINFO line. Another patch with chnage this for the consumers of that info. Signed-off-by: Werner Koch <[email protected]>
* doc: Improve the warning section of the gpg man page.Werner Koch2020-02-101-10/+16
| | | | | | * doc/gpg.texi: Update return valeu and warning sections. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-13 01:37:14 +0000