| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--
The revalidation mark was only set if the imported key had a new key
signature. This is in general correct but not if the imported key is
a trusted key.
GnuPG-bug-id: 7200
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_block): Don't show a warning for unbnown version
also for non-primary-key packets.
* g10/parse-packet.c (parse_key): Use log_info for unsupported v5
packets.
--
This fixes the problem that 2.2 can't import keys with a v5 subkey.
This fix allows a gnupg 2.6. version to export a key with an
additional PQC subkey and 2.2 can still import the other subkeys.
The second patch avoids that gpg returns with an error code.
Updates-commit: de70a2f377c1647417fb8a2b6476c3744a901296
|
| |
|
|
|
|
|
|
|
| |
* g10/import.c (parse_import_options): Rename option.
* g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS.
Change all users.
--
GnuPG-bug-id: 7146
|
| |
|
|
|
|
|
| |
* g10/import.c (parse_import_options): Add "no-seckeys".
--
GnuPG-bug-id: 7146
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (struct keyinfo_data_parm_s): Remove CARD_AVAILABLE
field.
(keyinfo_status_cb): Don't touch CARD_AVAILABLE field.
(agent_probe_secret_key); Don't check CARD_AVAILABLE field.
* g10/import.c (do_transfer): Check if it's card key or not.
--
In 2.2 branch, gpg-agent doesn't have a capability to report if card
is available or not by KEYINFO command. Thus, this clean up.
GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (do_transfer): Force the overridden key import
even when smartcard is available.
--
Cherry picked from 2.4 branch:
0ec10fbd0d4007997cec59da9a514797bc0531a8
Fixes-commit: 2c1297055041b4657ea1a927acac978c2b09a483
GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (do_transfer): Force importing when it's card
reference.
--
Cherry-picked from 2.4 branch:
2c1297055041b4657ea1a927acac978c2b09a483
GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/kbnode.c (new_kbnode2): New.
* g10/import.c (delete_inv_parts): New arg r_otherrevsigs to store
misplaced revocations.
(import_revoke_cert): Allow to pass an entire list.
(import_one): Import revocations found by delete_inv_parts.
--
It might be useful to distribute revocations of old keys along with
new keys. This is in particicualrr useful for WKD stored keys. This
patch allows to put unrelated standalone revocations into a key. For
example they can simply appended to a keyblock. Right now it is a bit
inaesthetic to see diagnostics about misplaced or bad revocation
signatures.
Backported-from-master: 7aaedfb10767c74f3e6868dd1563cbbf1282ab2f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--
I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are. Thus we
can allow the import of key signature from LDAP keyservers by default.
GnuPG-bug-id: 5387
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
(gpgsm_agent_import_key): Ditto.
* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
(agent_import_key): Ditto.
* g10/import.c (transfer_secret_keys): Pass the creation date to the
agent.
* g10/keygen.c (common_gen): Ditto.
--
Having the creation time in the private key file makes it a lot easier
to re-create an OpenPGP public keyblock in case it was accidentally
lost.
Signed-off-by: Werner Koch <[email protected]>
Cherry-picked-from-master: 4031c42bfd0135874a5b362df175de93a19f1b51
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_key_from_file): Rename to ...
(read_key_from_file_or_buffer): this and add new parameters. Adjust
callers.
(import_included_key_block): New.
* g10/packet.h (PKT_signature): Add field flags.key_block.
* g10/parse-packet.c (parse_signature): Set that flags.
* g10/sig-check.c (check_signature2): Add parm forced_pk and change
all callers.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Try the included key block if no key is
available.
--
This is is the second part to support the new Key Block subpacket.
The idea is that after having received a signed mail, it is instantly
possible to reply encrypted - without the need for any centralized
infrastructure.
There is one case where this does not work: A signed mail is received
using a specified signer ID (e.g. using gpg --sender option) and the
key block with only that user ID is thus imported. The next time a
mail is received using the same key but with a different user ID; the
signatures checks out using the key imported the last time. However,
the new user id is not imported. Now when trying to reply to that
last mail, no key will be found. We need to see whether we can update
a key in such a case.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>
Backported from master
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/export.c (push_export_filters): New.
(pop_export_filters): New.
(export_pubkey_buffer): Add args prefix and prefixlen. Adjust
callers.
* g10/import.c (impex_filter_getval): Add property "fpr".
* g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
--
The push and pop feature will help us to use the export filter
internally in gpg. Same for the export_pubkey_buffer change.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import_one_real): Don't do the final clean in the
merge case.
--
This fixes a regression introduced with self-sigs-only.
GnuPG-bug-id: 4628
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 6701a38f8e4a35ba715ad37743b8505bfd089541)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_block): Avoid O(N^2) append.
(sec_to_pub_keyblock): Likewise.
--
Cherry-picking the master commit of:
33c17a8008c3ba3bb740069f9f97c7467f156b54
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* g10/import.c (import_one): Check options.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_block): Make sure KEYID is availabale also on a
pending packet.
--
Reported-by: Phil Pennock
Fixes-commit: adb120e663fc5e78f714976c6e42ae233c1990b0
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import_one): Rename to ...
(import_one_real): this. Do not print and update stats on keyring
write errors.
(import_one): New. Add fallback code.
--
GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 3a403ab04eeb45f12b34f9d9c421dac93eaf2160)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
* g10/import.c (parse_import_options): Add option "self-sigs-only".
(read_block): Handle that option.
--
This option is intended to help against importing keys with many bogus
key-signatures. It has obvious drawbacks and is not a bullet-proof
solution because a self-signature can also be faked and would be
detected only later.
GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0)
|
| |
|
|
|
|
|
|
|
| |
* g10/import.c: Change arg 'with_meta' to 'options'. Change callers.
--
This chnage allows to pass more options to read_block.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import): Limit the number of considered keys to 5.
(import_one): Return the first fingerprint in case of WKD.
--
The Web Key Directory should carry only one key. However, some
providers like to put old or expired keys also into the WKD. I don't
thunk that this is a good idea but I heard claims that this is needed
for them to migrate existing key data bases.
This patch puts a limit on 5 on it (we had none right now) and also
fixes the issue that gpg could not work immediately with the requested
key because the code uses the fingerprint of the key to use the
imported key. Now the first key is used. On a second try (w/o
accessing the WKD) the regular key selection mechanism would be in
effect. I think this is the most conservative approach. Let's see
whether it helps.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION
instead of invalid packet.
* g10/keydb.c (parse_keyblock_image): Do not map the unknown version
error to invalid keyring.
(keydb_search): Skip unknown version errors simlar to legacy keys.
* g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown
versions.
* g10/import.c (read_block): Handle unknown version.
--
When using gpg 2.3 the local keyring may contain v5 keys. This patch
allows the use of such a keyring also with a 2.2 version which does
not support v5 keys. We will probably need some more tweaking here
but this covers the most common cases of listing keys and also
importing v5 keys.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (NODE_TRANSFER_SECKEY): New.
(import): Add attic kludge.
(transfer_secret_keys): Add arg only_marked.
(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
r_removedsecs.
(import_secret_one): New arg r_secattic. Change to take ownership of
arg keyblock. Implement extra secret key import logic. Factor some
code out to ...
(do_transfer): New.
(import_matching_seckeys): New.
--
The PGP desktops exported secret keys are really stupid. And they
even a have kind of exception in rfc4880 which does not rule that
out (section 11.2):
[...] Implementations SHOULD include self-signatures on any user
IDs and subkeys, as this allows for a complete public key to be
automatically extracted from the transferable secret key.
Implementations MAY choose to omit the self-signatures, especially
if a transferable public key accompanies the transferable secret
key.
Now if they would only put the public key before the secret
key. Anyway we now have a workaround for that ugliness.
GnuPG-bug-id: 4392
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 5205512fc092c53c0a52c8379ef2a129ce6e58a9)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
new field TAG.
* g10/kbnode.c (alloc_node): Change accordingly.
* g10/import.c (import_one): Add arg r_valid.
(sec_to_pub_keyblock): Set tags.
(resync_sec_with_pub_keyblock): New.
(import_secret_one): Change return code to gpg_error_t. Return an
error code if sec_to_pub_keyblock failed. Resync secret keyblock.
--
When importing an invalid secret key ring for example without key
binding signatures or no UIDs, gpg used to let gpg-agent store the
secret keys anyway. This is clearly a bug because the diagnostics
before claimed that for example the subkeys have been skipped.
Importing the secret key parameters then anyway is surprising in
particular because a gpg -k does not show the key. After importing
the public key the secret keys suddenly showed up.
This changes the behaviour of
GnuPG-bug-id: 4392
to me more consistent but is not a solution to the actual bug.
Caution: The ecc.scm test now fails because two of the sample keys
don't have binding signatures.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit f799e9728bcadb3d4148a47848c78c5647860ea4)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'. Remove
useless code for "sub" and "ssb".
* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info. Do
not print the first keyinfo in FROM_SK mode.
printing.
--
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit f64477db86568bdc28c313bfeb8b95d8edf05a3c)
|
| |
|
|
|
|
|
|
|
|
| |
* g10/cpr.c (write_status_printf): Escape CR and LF.
* g10/import.c (print_import_check): Simplify by using
write_status_printf and hexfingerprint.
Signed-off-by: Werner Koch <[email protected]>
Fixed one conlict in a comment.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_block): Call free_packet to skip the packet.
--
Cherry-pick of master commit of:
7c96cc67e108f3a9514a4222ffac2f9f9a2ab19e
Reported-by: Philippe Antoine
GnuPG-bug-id: 3916
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
(get_pubkey_byname): Set it.
(only_expired_enc_subkeys): New.
(get_best_pubkey_byname): Add support to refresh expired keys from the
WKD.
--
A little drawback of that code is that if the WKD has no update for an
expired key each access of the key will trigger a WKD lookup (unless
cached by the dirmngr). To avoid this we need to record the last time
we have checked for an update but that would in turn require that we
update the keyring for each check. We defer this until we have a
better key database which allows for fast updates of meta data.
Testing the code is currently a bit cumbersome because it requires to
update a key in the WKD several times. Eventually we we need a
network emulation layer to provide sample data for the regression
tests.
GnuPG-bug-id: 2917
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 7f172404bfcf719b9b1af4a182d4803525ebff7c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
* g10/key-clean.c (clean_one_subkey): New.
(clean_all_subkeys): Add arg CLEAN_LEVEL.
* g10/import.c (import_one): Call clean_all_subkeys with
KEY_CLEAN_NONE.
* g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
the export clean options.
--
GnuPG-bug-id: 3622
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit c2fd65ec8498a08ee36ca52d99b6b014f6db8d93)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
subkey cleaning into ...
(clean_all_subkeys): new. Call that always after the former clean_key
invocations.
--
Note that the clean_all_subkeys function will later be extended.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 6c3567196f7e72552f326ce07dccbcce31926e5d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
* g10/key-clean.c: new file.
* g10/key-clean.h: New.
* g10/Makefile.am (gpg_sources): Add new files.
* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
new header.
* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
* g10/keydb.h: here.
--
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 135e46ea480d749b8a9692f71d4d0bfdadd8ee2f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_block): Add special treatment for bad user ids
and comment packets.
--
See
GnuPG-bug-id: 4022
for an example of a bogus user id.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 01cd66f9faf1623833e6afac84164de5a136ecff)
|
| |
|
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 60e7e102a153a246d7e887a64e30dbb4c4f7b6dd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (get_revocation_reason): New.
(list_standalone_revocation): Extend function.
--
Note that this function extends the "rvs" field signature-class (field
11) with the revocation reason. GPGME does not yet parse this but it
can be expected that the comma delimiter does not break other parsers.
A new field is added to the "rvs" (and in future also the "rev")
record to carry a record specific comment. Hopefully all parsers
meanwhile learned the lesson from other new fields and don't bail out
on more fields than they know about.
This is partial solution to
GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit b7cd2c2093ae1b47645be50fa1d431a028187cad)
|
| |
|
|
|
|
|
|
|
|
| |
* g10/import.c (list_standalone_revocation): New.
(import_revoke_cert): Call new function.
--
GnuPG-bug-id: 4018
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 386b9c4f25b28fd769d7563f2d86ac3a19cc3011)
|
| |
|
|
|
|
|
|
|
|
| |
* g10/import.c (import_revoke_cert): Add arg 'options'. Take care of
IMPORT_DRY_RUN.
--
GnuPG-bug-id: 4017
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 6c9e37b2e541e96e7c65e1679982a614b4863fdb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (impex_filter_getval): Add new "usage" property for
drop-subkey filter.
--
For example, this permits extraction of only encryption-capable
subkeys like so:
gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR
GnuPG-Bug-id: 4019
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
(cherry picked from commit 2ddfb5bef920919443309ece9fa2930282bbce85)
|
| |
|
|
|
|
|
|
|
| |
* g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
keyid.
(delete_inv_parts): Ditto.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
* g10/import.c (import_keys_internal): Don't print stats in show-only
mode.
(import_one): Be silent in show-only mode.
--
Using
--import --import-options show-only
to look at a key is too cumbersome. Provide this shortcut and also
remove some diagnostic cruft in this case.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 257661d6ae0ca376df758c38fabab2316d10e3a9)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/compress.c (push_compress_filter2): Return an error if no filter
was pushed.
(push_compress_filter): Ditto.
(handle_compressed): Free CFX if no filter was pushed.
* g10/import.c (read_block): Ditto.
--
GnuPG-bug-id: 3898, 3930
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
--
Note that this will likely add the suffix '#' top "sec" because the
secret key has not yet (or will not be) imported. If the secret key
already exists locally another suffix might be printed. The upshot is
that the suffix has no usefulness.
GnuPG-bug-id: 3431
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import_secret_one): Check for dry-run before
transferring keys.
--
The use of --dry-run or --import-option show-only had no effect when
importing a secret key and the public key already existed. If the
public key did not exist an error message inhibited the import of the
secret key.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
(get_keyblock_byfprint_fast): .. new function.
* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
handle. Remove the now surplus keyblock fetch in the merge branch.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int. Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto. Use a single keydb_new and simplify the use of
of keydb_release.
--
Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use. Note that we also
disable the keydb caching for the insert case.
The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/import.c (import_one) <IMPORT_SHOW>: Take care of fingerprint
options.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (IMPORT_DRY_RUN): New.
* g10/import.c (parse_import_options): Add "show-only".
(import_one): use that as alternative to opt.dry_run.
--
This is just a convenience thing for
--import-options import-show --dry-run
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/key-check.c (key_check_all_keysigs): Add arg mode and change all
output calls to use it.
* g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all
output calls to use it.
(keyedit_menu): Adjust for changes.
* g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp.
* g10/import.c (import_one): Call key_check_all_keysigs with output to
the log stream.
--
Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035
GnuPG-bug-id: 3288
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (update_key_origin): New.
(merge_blocks): Add arg curtime.
(import_one): Pass curtime to merge_blocks. Call update_key_origin.
--
We probably need to refine the rules on how this is done. But it is a
start.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (apply_meta_data): Rename to ...
(insert_key_origin): this. Factor code out to ...
(insert_key_origin_pk, insert_key_origin_uid): new funcs.
(import_one): Move insert_key_origin behind clean_key.
(merge_blocks): Add args options, origin, and url.
(append_uid): Rename to ...
(append_new_uid): this. Add args options, curtime, origin, and url.
Call insert_key_origin_uid for new UIDs.
--
This is a straightforward change to handle new user ids.
How to test:
With an empty keyring run
gpg --with-key-origin --locate-key \
--auto-key-locate clear,nodefault,wkd [email protected]
and then append a new keyid using
gpg --with-key-origin --locate-key \
--auto-key-locate clear,nodefault,wkd [email protected]
Works with my current key 80615870F5BAD690333686D0F2AD85AC1E42B367.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (parse_key_origin): Parse appended URL.
* g10/options.h (struct opt): Add field 'key_origin_url'.
* g10/gpg.c (main) <aImport>: Pass that option to import_keys.
* g10/import.c (apply_meta_data): Extend for file and url.
* g10/keyserver.c (keyserver_fetch): Pass the url to
import_keys_es_stream.
--
Example:
gpg --key-origin url,myscheme://bla --import FILE
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was
done by fingerprint.
* g10/import.c (apply_meta_data): Implement that.
Signed-off-by: Werner Koch <[email protected]>
|
