aboutsummaryrefslogtreecommitdiffstats
path: root/g10/keygen.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Limit keysize for unattended key generation to useful values.Werner Koch2014-06-301-2/+10
| | | | | | | | | | | | * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096. (gen_rsa): Enforce keysize 1024 to 4096. (gen_dsa): Enforce keysize 768 to 3072. -- It was possible to create 16k RSA keys in batch mode. In addition to the silliness of such keys, they have the major drawback that GnuPG, with its limited amount of specially secured memory areas, the use of such keys may lead to an "out of secure memory" condition.
* gpg: Allow setting of all zero key flagsDaniel Kahn Gillmor2013-10-041-3/+0
| | | | | | * g10/keygen.c (do_add_key_flags): Do not check for empty key flags. (cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151) (cherry picked from commit dd868acb0d13a9f119c0536777350a6c237a66a1)
* gpg: Use 2048 as the default keysize in batch mode.Werner Koch2013-08-301-3/+3
| | | | | | | * g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to 2048. Signed-off-by: Werner Koch <[email protected]>
* Create off-line card encryption key with the right size.Werner Koch2012-11-081-1/+16
| | | | | | | | | | | * g10/keygen.c (gen_card_key_with_backup): Get the size of the key from the card. -- Formerly the off-line encryption key was created with a fixed length of 1024 bit. With this change the key is created as expected. GnuPG-bug-id: 1230
* Support the not anymore patented IDEA cipher algorithm.Werner Koch2012-11-081-8/+3
| | | | | | | | | | | | | | | | | | | | | | | | * cipher/idea.c: New. Take from Libgcrypt master and adjust for direct use in GnuPG. * cipher/idea-stub.c: Remove. * cipher/Makefile.am: Add idea.c and remove idea-stub.c rules. * configure.ac: Remove idea-stub code. * g10/gpg.c (check_permissions): Remove code path for ITEM==2. (main): Make --load-extension a dummy option. * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 compatibility mode. * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. * g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA. * g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA. * g10/status.h (STATUS_RSA_OR_IDEA): Remove. -- To keep the number of actually used algorithms low, we support IDEA only in a basically read-only way (unless --pgp2 is used during key generation). It does not make sense to suggest the use of this old 64 bit blocksize algorithm. However, there is old data available where it might be helpful to have IDEA available.
* Fix bug#1307Werner Koch2011-08-091-64/+64
| | | | | This is a backport of the fixes for 2.0. There is only one real bug, the other changes are for clarity and for more picky compilers.
* Detect unsigned time_t and adjust y2038 detection.Werner Koch2010-10-271-1/+1
|
* Fix bug 1186Werner Koch2010-02-171-1/+1
|
* Update key generation menu to match gnupg 2.0.Werner Koch2009-07-291-100/+168
| | | | | Changes default preferences and key algorithms.
* First set of changes to backport the new card code from 2.0.Werner Koch2009-07-211-42/+77
| | | | | | | | For compatibility reasons a few new files had to be added. Also added estream-printf as this is now used in app-openpgp.c and provides a better and generic asprintf implementation than the hack we used for the W32 code in ttyio.c. Card code is not yet finished.
* Backport of Creation-Date parameter for unattended key generation.Werner Koch2009-05-051-51/+118
|
* Check algo usage.Werner Koch2008-12-091-19/+39
|
* Fix bug #947 (expire time overflow)Werner Koch2008-08-111-6/+12
|
* Comment typ fixes.Werner Koch2007-12-031-2/+15
| | | | | Workaround for bad translations of the capability menu.
* Switched to GPLv3.Werner Koch2007-10-231-4/+2
| | | | | Updated gettext.
* Missed one caller.David Shaw2007-02-011-1/+1
|
* * main.h, keygen.c (ask_expire_interval, parse_expire_string): Pass inDavid Shaw2007-02-011-13/+11
| | | | | | the time to use to calculate the expiration offset, rather than querying it internally. Change all callers.
* * keygen.c (do_generate_keypair, proc_parameter_file,David Shaw2007-01-311-35/+58
| | | | | | generate_keypair, generate_subkeypair): Pass a timestamp through to all the gen_xxx functions.
* * main.h, keygen.c (ask_expiredate), keyedit.c (menu_expire): RemoveDavid Shaw2007-01-311-8/+0
| | | | | the need for ask_expiredate().
* * keygen.c (make_backsig, write_direct_sig, write_selfsigs)David Shaw2007-01-301-7/+9
| | | | | | | | (write_keybinding): Have the various selfsigs created during key generation use the timestamp of their parent key. This helps avoid leaking information about the performance of the machine where the keys were generated. Noted by Christian Danner.
* * parse-packet.c (read_protected_v3_mpi): Make sure to stopWerner Koch2007-01-151-1/+1
| | | | | | | reading even for corrupted packets. * keygen.c (generate_user_id): Need to allocate one byte more. Reported by Felix von Leitner.
* Fixed memory allocation bug and typos.Werner Koch2006-07-261-0/+2
|
* * options.h, gpg.c (main), keygen.c (keygen_upd_std_prefs,David Shaw2006-06-221-1/+28
| | | | | | | keygen_add_std_prefs, proc_parameter_file): Add --default-keyserver-url to specify a keyserver URL at key generation time, and "Keyserver:" keyword for doing the same through a batch file.
* * keygen.c (gen_card_key): Add optional argument to return a pointerDavid Shaw2006-06-101-8/+13
| | | | | | | | (not a copy) of the stub secret key for the secret key we just generated on the card. (generate_card_subkeypair): Use it here so that the signing key on the card can use the card to generate the 0x19 backsig on the primary key. Noted by Janko Heilgeist and Jonas Oberg.
* * keygen.c (gen_dsa): Allow generating DSA2 keys (allow specifying sizes >David Shaw2006-05-251-21/+56
| | | | | | | 1024 when --enable-dsa2 is set). The size of q is set automatically based on the key size. (ask_keysize, generate_keypair): Ask for DSA size when --enable-dsa2 is set.
* * parse-packet.c (dump_sig_subpkt, parse_signature), build-packet.cDavid Shaw2006-05-231-1/+1
| | | | | | | | | (build_sig_subpkt_from_sig), getkey.c (fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey), keygen.c (keygen_add_key_expire): Fix meaning of key expiration and sig expiration subpackets - zero means "never expire" according to 2440, not "expire instantly".
* * packet.h, build-packet.c (sig_to_notation), keygen.cDavid Shaw2006-03-091-2/+4
| | | | | | (keygen_add_notations): Provide printable text for non-human-readable notation values.
* * packet.h, build-packet.c (sig_to_notation), keygen.cDavid Shaw2006-03-081-1/+4
| | | | | | (keygen_add_notations): Tweak to handle non-human-readable notation values.
* * options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data):David Shaw2006-03-081-2/+46
| | | | | | | | | | Use it here for the various notation commands. * packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c (string_to_notation, sig_to_notation) (free_notation): New "one stop shopping" functions to handle notations and start removing some code duplication.
* * packet.h: Move some flags to a bitfield. Change all callers.David Shaw2005-11-101-2/+2
|
* * keygen.c (proc_parameter_file): Default key and subkey usage flags toDavid Shaw2005-10-261-7/+29
| | | | | | algo capabilities if parameter file doesn't specify them. Noted by Timo Schulz.
* Fixed minor card related bugs and enhanced status messagesWerner Koch2005-10-181-3/+7
|
* * keyedit.c (keyedit_menu, menu_backsign): New "backsign" command toDavid Shaw2005-10-141-1/+1
| | | | | | | | | add 0x19 backsigs to old keys that don't have them. * misc.c (parse_options): Fix build warning. * main.h, keygen.c (make_backsig): Make public.
* * getkey.c (merge_selfsigs_subkey), sig-check.c (signature_check2),David Shaw2005-10-111-14/+6
| | | | | | | keygen.c (make_backsig): Did some backsig interop testing with the PGP folks. All is well, so I'm turning generation of backsigs on for new keys. Checking for backsigs on verification is still off.
* * misc.c (openpgp_pk_algo_usage): Default to allowing CERT for signingDavid Shaw2005-08-271-7/+17
| | | | | | | | | | | | | | | | | algorithms. * keyedit.c (sign_uids): Don't request a signing key to make a certification. * keygen.c (do_add_key_flags): Force the certify flag on for all primary keys, as the spec requires primary keys must be able to certify (if nothing else, which key is going to issue the user ID signature?) (print_key_flags): Show certify flag. (ask_key_flags, ask_algo): Don't allow setting the C flag for subkeys. * keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): Distinguish between a sign/certify key and a certify-only key.
* auto retrieve keys from PKA. Thsi allows to specify an email addressWerner Koch2005-08-051-7/+2
| | | | | | so that gpg can get the key from DNS. This helps with opportunistic encryption. No integration with the trust modell yet.
* * keygen.c (proc_parameter_file): Sanity check items in keygen batchDavid Shaw2005-08-051-98/+120
| | | | | file. Noted by Michael Schierl.
* * keygen.c (write_keyblock): Don't try and build deleted kbnodes sinceDavid Shaw2005-08-041-6/+12
| | | | | we start our tree with one.
* Revert bad patch.David Shaw2005-08-041-8/+1
|
* * keygen.c (start_tree): Need to use an actual packet type (which weDavid Shaw2005-08-041-1/+8
| | | | | can then delete) to start the tree.
* Implemented PKA trust modelWerner Koch2005-07-281-21/+0
|
* Converted all m_free to xfree etc.Werner Koch2005-07-271-113/+113
|
* * keygen.c (save_unprotected_key_to_card): Better fix for gcc4 warning.David Shaw2005-06-201-1/+1
|
* * keygen.c (save_unprotected_key_to_card): Fix gcc4 warning.David Shaw2005-06-141-1/+1
| | | | | | | | | | * options.h, import.c (parse_import_options, import_one): Add import-clean-uids option to automatically compact unusable uids when importing. Like import-clean-sigs, this may nodify the local keyring. * trustdb.c (clean_uids_from_key): Only allow selfsigs to be a candidate for re-inclusion.
* Updated FSF street address and preparations for a release candidate.Werner Koch2005-05-311-1/+2
|
* * cardglue.c (send_status_info): Make CTRL optional.Werner Koch2005-05-211-122/+50
| | | | | | | | | | | (agent_scd_writekey, inq_writekey_parms): New. (agent_openpgp_storekey): Removed. * cardglue.h: Add a few more error code mappings. * keygen.c (copy_mpi): Removed. (save_unprotected_key_to_card): Changed to use agent_scd_writekey. * app-common.h, app-openpgp.c, tlv.c, tlv.h: Updated from newer version in gnupg 1.9 CVS.
* * keygen.c (write_selfsigs): Rename from write_selfsig. Write the sameDavid Shaw2005-05-111-12/+16
| | | | | | | | | | | | | | | selfsig into both the pk and sk, so that someone importing their sk (which will get an autoconvert to the pk) won't end up with two selfsigs. (do_generate_keypair): Call it from here. * parse-packet.c (can_handle_critical_notation): New. Check for particular notation tags that we will accept when critical. Currently, that's only [email protected], since we know how to handle it (pass it through to a mail program). (can_handle_critical): Call it from here. (parse_one_sig_subpkt): Sanity check that notations are well-formed in that the internal lengths add up to the size of the subpacket.
* * main.h, keygen.c (parse_expire_string, ask_expire_interval), sign.cDavid Shaw2005-05-061-55/+52
| | | | | | | | (sign_file, clearsign_file, sign_symencrypt_file), g10.c (main), keyedit.c (sign_uids): Use seconds rather than days internally to calculate expiration. We no longer need the day-based code as we don't generate v3 keys.
* * keygen.c (start_tree): New function to "prime" a KBNODE list.David Shaw2005-05-051-26/+20
| | | | | | | | | | | | (do_generate_keypair): Use it here rather than creating and deleting a comment packet. * keygen.c (gen_elg, gen_dsa): Do not put public factors in secret key as a comment. * options.h, encode.c (encode_simple, encode_crypt), keygen.c (do_create): Remove disabled comment packet code.
* * keygen.c (keygen_set_std_prefs): Add SHA256 and BZip2 to defaultDavid Shaw2005-05-051-3/+19
| | | | | preferences.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-23 17:57:54 +0000