| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not
exact match.
--
In the situation of corrupted .gnupg/ where only private subkey is
available but no corresponding public key of the subkey, the code
returned public primary key which caused mysterious error (for a
user). This fix detects an error earlier.
GnuPG-bug-id: 1422
Debian-Bug-Id: #638619
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* util/pka.c: Rewrite.
(get_pka_info): Add arg fprbuflen. Change callers to pass this.
* util/strgutil.c (ascii_strlwr): New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--
Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.
The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time. Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified. Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key. Having a solid way of getting a key matching
a mail address is however a must have.
More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase. The auto-key-locate mechanism
should also be able to continue key fetching with another method once
the fingerprint has been retrieved with PKA.
Signed-off-by: Werner Koch <[email protected]>
This is a backport from master.
(backported from commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
This fixes sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.
(back ported from commit 2183683bd633818dd031b090b5530951de76f392)
Signed-off-by: Werner Koch <[email protected]>
[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--
We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature. Thus if key
flags are used in any way, the default key capabilities are never
used.
This allows to create a key with key flags set to all zero so it can't
be used. This better reflects common sense.
(cherry picked from commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf)
(cherry picked from commit 0a805ed1604ef3e9b27f3e22a936a2d439300e9f)
Resolved conflicts:
include/cipher.h
|
| |
|
|
|
|
|
|
|
|
| |
We allow a single or a double space in the middle of the fingerprint
to help with c+p fingerprints from an HTML pages which are not being
enclosed in a "pre" tag.
* g10/getkey.c (classify_user_id): Check for space separated GPG
fingerprint.
--
This is a backport of commit 957fe72 and 372fb4f.
|
| |
|
|
|
|
|
| |
This does not mean we have any kind of ECC support now. It is merely
to avoid printing a question mark for the algorithm.
Trailing white space changes as usual.
|
| | |
|
| |
|
|
|
| |
Minor W32 installer fix.
|
| |
|
|
|
| |
backsigs, take the most recent one.
|
| |
|
|
|
|
| |
Allow de/encryption using legacy type 20 keys.
Updated config.{sub,guess}
|
| |
|
|
|
| |
Updated gettext.
|
| |
|
|
|
|
|
|
|
| |
fix_keyblock() or collapse_uids()) make sure we reprocess the keyblock
so the flags are correct. Noted by Robin H. Johnson.
* getkey.c (fixup_uidnode): Properly clear flags that don't apply to
us (revoked, expired) so that we can reprocess a uid.
|
| |
|
|
|
|
| |
* getkey.c (merge_selfsigs_subkey): Avoid listing the contents of a
backsig when list mode is on. Noted by Timo Schulz.
|
| |
|
|
|
|
|
|
|
| |
(build_sig_subpkt_from_sig), getkey.c (fixup_uidnode,
merge_selfsigs_main, merge_selfsigs_subkey), keygen.c
(keygen_add_key_expire): Fix meaning of key expiration and sig
expiration subpackets - zero means "never expire" according to 2440,
not "expire instantly".
|
| |
|
|
|
|
| |
problem when auto-key-locate returns a list of keys, not all of which are
usable (revoked, expired, etc). Noted by Simon Josefsson.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* keyedit.c (menu_backsign): Allow backsigning even if the secret
subkey doesn't have a binding signature.
* armor.c (radix64_read): Don't report EOF when reading only a pad (=)
character. The EOF actually starts after the pad.
* gpg.c (main): Make --export, --send-keys, --recv-keys,
--refresh-keys, and --fetch-keys follow their arguments from left to
right. Suggested by Peter Palfrader.
|
| | |
|
| |
|
|
|
| |
Fix strings to not start with a capital letter as per convention.
|
| |
|
|
|
| |
than causing an error.
|
| |
|
|
|
|
|
| |
both the fingerprint alone, and fingerprint+URL cases.
* getkey.c (get_pubkey_byname): Minor cleanup.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
same API as the other auto-key-locate fetchers.
* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched. This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it. In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker. By forcing the use of
the fingerprint, we won't use the attacker's key here.
|
| |
|
|
|
|
| |
keyserver_import_cert, keyserver_import_name, keyserver_import_ldap):
Pass fingerprint info through.
|
| |
|
|
|
|
|
|
|
| |
"pka" when those features are disabled.
* misc.c (has_invalid_email_chars): Fix some C syntax that broke the
compilers on SGI IRIX MIPS and Compaq/DEC OSF/1 Alpha. Noted by Nelson H.
F. Beebe.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--no-auto-key-locate.
* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.
* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New. Find a keyserver that matches ours and
return its spec.
* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
|
| |
|
|
|
|
| |
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
|
| |
|
|
|
|
| |
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
|
| |
|
|
|
|
|
|
|
|
| |
importing at -r time. The URL in the PKA record may point to a key put in
by an attacker. Fix is to use the fingerprint from the PKA record as the
recipient. This ensures that the PKA record is followed.
* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
getkey.c:get_pubkey_byname which was getting crowded.
* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records. Can handle both the PGP (actual key) and IPGP (URL) CERT types.
* getkey.c (get_pubkey_byname): Call them both here.
* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
|
| |
|
|
|
|
|
|
|
|
| |
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keygerver_getname): New keyserver_getname function to fetch keys by name.
* getkey.c (get_pubkey_byname): Call it here to enable locating keys by
full mailbox from a keyserver a la PKA. Try PKA first, though, as it is
likely to be faster.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
adding a cert-only designated revoker. Code was looking for a key with
sign ability, and not cert ability. Noted by Timo Schulz.
|
| |
|
|
|
|
|
|
|
| |
add 0x19 backsigs to old keys that don't have them.
* misc.c (parse_options): Fix build warning.
* main.h, keygen.c (make_backsig): Make public.
|
| |
|
|
|
|
| |
(signature_check2): Add --require-backsigs and --no-require-backsigs.
Currently defaults to --no-require-backsigs.
|
| |
|
|
|
|
|
| |
keygen.c (make_backsig): Did some backsig interop testing with the PGP
folks. All is well, so I'm turning generation of backsigs on for new
keys. Checking for backsigs on verification is still off.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
algorithms.
* keyedit.c (sign_uids): Don't request a signing key to make a
certification.
* keygen.c (do_add_key_flags): Force the certify flag on for all
primary keys, as the spec requires primary keys must be able to
certify (if nothing else, which key is going to issue the user ID
signature?) (print_key_flags): Show certify flag. (ask_key_flags,
ask_algo): Don't allow setting the C flag for subkeys.
* keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): Distinguish
between a sign/certify key and a certify-only key.
|
| |
|
|
|
|
|
|
| |
samples since it is being shut down.
* getkey.c (classify_user_id): Disable the '.' and '+' search modes
since they aren't supported yet.
|
| |
|
|
|
|
| |
so that gpg can get the key from DNS. This helps with opportunistic
encryption. No integration with the trust modell yet.
|
| | |
|
| |
|
|
|
|
| |
that even after keys may be merged together, we only have one chosen
selfsig.
|
| |
|
|
|
|
|
| |
and revoked uids in fixup_uidnode(). No need to special case in
merge_selfsigs_main(). This also means that an expired uid will have
its selfsig tagged with chosen_selfsig.
|
| | |
|
| |
|
|
|
| |
pick a disabled default. Noted by David Crick.
|
| |
|
|
|
| |
backsigs code.
|
| |
|
|
|
|
|
|
|
| |
* card-util.c (card_status): Create asecret key stub on the fly
and print more information about a card key.
* import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New.
* getkey.c (get_seckeyblock_byfprint): New.
* keylist.c (print_card_key_info): New.
|
| |
|
|
|
|
| |
(revokestr_from_pk), keyedit.c (show_key_with_all_names): Show who revoked
a key (either the same key or a designated revoker) and when.
|
| |
|
|
|
|
|
|
|
|
|
| |
* passphrase.c: Don't check for __CYGWIN__, so it is treated as a
unix-like system.
* options.h, g10.c (main), textfilter.c (standard): Use new option
--rfc2440-text to determine whether to filter "<space>\t\r\n" or just
"\r\n" before canonicalizing text line endings. Default to
"<space>\t\r\n".
|
| |
|
|
|
|
|
| |
Set PUBKEY_USAGE_UNKNOWN to handle flags that we don't understand.
(fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey): Call it from
here to remove duplicate code.
|
| |
|
|
|
|
|
|
|
|
|
| |
opt.s2k_digest_algo. This helps fix a problem with PGP 2.x encrypted
symmetric messages. Change all callers (encode.c, g10.c, keyedit.c,
keygen.c, passphrase.c, sign.c).
* armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent in some
more quoted strings. Always use 'user ID', not 'user id', "quotes" for
user IDs, etc.
|
