| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* g10/gpg.c: Include shareddefs.h.
(main): Add option --pinentry-mode.
* g10/options.h (struct opt): Add field pinentry_mode.
* g10/passphrase.c: Include shareddefs.h.
(have_static_passphrase): Take care of loopback pinentry_mode.
(read_passphrase_from_fd): Ditto.
(get_static_passphrase): New.
(passphrase_to_dek_ext): Factor some code out to ...
(emit_status_need_passphrase): new.
* g10/call-agent.c (start_agent): Send the pinentry mode.
(default_inq_cb): Take care of the PASSPHRASE inquiry. Return a
proper error code.
(agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
(agent_pkdecrypt): Ditto.
* g10/pubkey-enc.c (get_it): Pass new args.
* g10/sign.c (do_sign): Pass new args.
* g10/call-agent.c (struct default_inq_parm_s): New. Change all
similar structs to reference this one. Change all users and inquire
callback to use this struct, instead of NULL or some undefined but not
used structs. This change will help to eventually get rid of global
variables.
--
This new features allows to use gpg without a Pinentry. As a
prerequisite the agent must be configured to allow the loopback
pinentry mode (option --allow-loopback-pinentry). For example
gpg2 --pinentry-mode=loopback FILE.gpg
may be used to decrypt FILE.gpg while entering the passphrase on the
tty. If batch is used, --passphrase et al. may be used, if
--command-fd is used, the passphrase may be provided by another
process. Note that there are no try-again prompts in case of a bad
passphrase.
|
|
* g10/keydb.h (keydb_search): Remove macro.
* g10/keydb.c (keydb_search2): Rename to keydb_search. Change all
callers.
|
|
* kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to ..
* kbx/keybox.h: here.
* kbx/keybox-init.c (keybox_lock): Add dummy function
* g10/keydb.c: Include keybox.h.
(KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX.
(struct resource_item): Add field kb.
(maybe_create_keyring_or_box): Add error descriptions to diagnostics.
Add arg IS_BOX. Write a header for a new keybox file.
(keydb_add_resource): No more need for the force flag. Rename the
local variable "force" to "create". Add URL scheme "gnupg-kbx". Add
magic test to detect a keybox file. Add basic support for keybox.
(keydb_new, keydb_get_resource_name, keydb_delete_keyblock)
(keydb_locate_writable, keydb_search_reset, keydb_search2): Add
support for keybox.
(lock_all, unlock_all): Ditto.
* g10/Makefile.am (needed_libs): Add libkeybox.a.
(gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround.
* g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY)
KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New.
* g10/gpg.c, g10/gpgv.c (main): Use new constants.
--
I did most of these changes back in 2011 and only cleaned them up
now. More to follow soon.
|
|
Returning -1 as an error code is not very clean given that gpg error
has more descriptive error codes. Thus we now return
GPG_ERR_NOT_FOUND for all search operations and adjusted all callers.
|
|
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
|
|
|
|
A couple of forward ported changes.
Doc updates.
|
|
It builds fine and passes some of the tests but there are quite some
features which don't work yet.
|
|
|
|
|
|
|
|
|
|
|
|
Comment fixes.
Minor chnages in preparation of a W32CE port.
|
|
Collected changes.
|
|
|
|
|
|
Improved card key generation prompts.
|
|
|
|
|
|
Removed intl/.
|
|
|
|
|
|
Migrated the gpg regression tests.
Some changes tp the gpg code to fix bugs and
for the use in testing.
make distcheck works now with gpg enabled.
|
|
shows no prblems. Needs more testing of course.
|
|
|
|
union for preference hints rather than doing void * games.
* sign.c (sign_file): Use it here.
|
|
|
|
The gpg part does not yet build.
|
|
--no-auto-key-locate.
* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.
* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New. Find a keyserver that matches ours and
return its spec.
* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
|
|
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
|
|
passphrase as if it was used (move from next_pw to last_pw).
* pubkey-enc.c (get_session_key): Use it here to handle the case where a
passphrase happens to be correct for a secret key, but yet that key isn't
the anonymous recipient (i.e. the secret key could be decrypted, but not
the session key). This also handles the case where a secret key is
located on a card and a secret key with no passphrase. Note this does not
fix bug 594 (anonymous recipients on smartcard do not work) - it just
prevents the anonymous search from stopping when the card is encountered.
|
|
|
|
saved codeset.
(agent_open): Add arg ORIG_CODESET and switch back to it in case
of error. Changed all callers.
* zh_TW.po, fr.po, cs.po: Updated.
|
|
when compacting a uid. There is no reason to make an attacker's job
easier - this way they only have a revocation which is useless in
bringing the uid back.
* keydb.h, kbnode.c (undelete_kbnode): Removed. No longer needed.
* import.c (chk_self_sigs): Allow a uid revocation to be enough to
allow importing a particular uid (no self sig needed). This allows
importing compacted uids.
|
|
kbnode.
* trustdb.c (clean_uids_from_key): Further tweak the algorithm so that
the last good selfsig is kept when the chosen selfsig is a revocation.
|
|
* cardglue.c (assuan_strerror, assuan_transact): Dummy functions
if not build with agent support.
* zh_TW.po, zh_CN.po, es.po, ro.po: Updated.
* tr.po: Updated from TP. Note: this is an exception in general
translations from the Robot are not anymore accepted.
* regcomp.c (MB_CUR_MAX) [_WIN32]: Define it only if not defined.
|
|
|
|
bit in the R-block than in the I block, this was wrong at one
place. Fixes bug #419 and hopefully several others.
|
|
Changed all callers.
(ask_passphrase): Add new arg CACHEID and use it in agent mode.
Changed all callers.
(passphrase_clear_cache): New arg CACHEID. Changed all callers.
* cardglue.c (format_cacheid): New.
(pin_cb): Compute a cache ID.
(agent_scd_pksign, agent_scd_pkdecrypt): Use it.
(agent_clear_pin_cache): New.
* card-util.c (change_pin): Clear the PIN cache.
(check_pin_for_key_operation): Ditto.
|
|
* card-util.c (card_status): Create asecret key stub on the fly
and print more information about a card key.
* import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New.
* getkey.c (get_seckeyblock_byfprint): New.
* keylist.c (print_card_key_info): New.
|
|
(main): Unconditionally implement --status-file, --logger-file,
--attribute-file, --passphrase-file, --command-file. This is not
generally useful but easy to support and might make scripting
under Windows easier.
|
|
* apdu.c (open_pcsc_reader): Do not print empty reader string.
* keygen.c (ask_algo): Allow creation of AUTH keys.
* keyid.c (usagestr_from_pk): New.
* app-openpgp.c (app_openpgp_storekey): Call flush_cache.
* keyedit.c (keyedit_menu): New command "keytocard"
(keyedit_menu): Bad hack for the not_with_sk element.
(show_key_with_all_names): Print the usage.
(find_pk_from_sknode): New.
* card-util.c (card_store_subkey): New.
(copy_mpi): New.
* cardglue.c (agent_openpgp_storekey): New.
|
|
not have card support.
* keydb.h, keyserver.c (print_keyrec, keyserver_spawn): fpr is an array of
unsigned bytes.
|
|
and remove the printable stuff since we're print-ifying valid utf8
characters. Change all callers in import.c, sign.c, keylist.c, and
encode.c.
|
|
merge selfsigs if we have to for honor-keyserver-url. (keyserver_refresh):
Keyserver URL handler moved here. (calculate_keyid_fpr): Removed.
* keydb.h, keyid.c (keystr_from_desc): Calculate a key string from a
KEYDB_SEARCH_DESC.
|
|
a key string from a key in one step. This isn't faster than before, but
makes for neater code.
* keylist.c (list_keyblock_print): Use keystr_from_xx here.
(print_key_data): No need to pass a keyid in.
|
|
replace the list-option (and eventually verify-option) show-long-keyids.
The format can be short, long, 0xshort, and 0xlong.
* keydb.h, keyid.c (keystr, keystrlen): New functions to generate a
printable keyid.
* keyedit.c (print_and_check_one_sig, show_key_with_all_names), keylist.c
(list_keyblock_print): Use new keystr() function here to print keyids.
|
|
public subkeys.
* keylist.c (list_keyblock_print), keyedit.c (show_key_with_all_names):
Show the revocation date of a key/subkey, and general formatting work.
* packet.h, getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
merge_selfsigs): Keep track of the revocation date of a key.
* keydb.h, keyid.c (revokestr_from_pk): New function to print the
revocation date of a key.
|
|
keyring.c (keyring_rebuild_cache): Add "noisy" flag so cache rebuilds can
remain noisy when called for itself, and quiet when called as part of the
trustdb rebuild.
* trustdb.c (validate_keys): Rebuild the sig caches before building the
trustdb. Note that this is going to require some architectual
re-thinking, as it is agonizingly slow.
|
