aboutsummaryrefslogtreecommitdiffstats
path: root/g10/options.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Remove unfinished experimental code to export as S-expressions.Werner Koch2015-10-071-1/+1
| | | | | | | | | | | | | * g10/options.h (EXPORT_SEXP_FORMAT): Remove. (EXPORT_DANE_FORMAT): New. * g10/export.c (parse_export_options): Remove "export-sexp-format". (export_seckeys): Adjust for removed option. (export_secsubkeys): Ditto. (do_export): Prepare for DANE format. (build_sexp, build_sexp_seckey): Remove. (do_export_stream): Remove use of removed functions. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add new --auto-key-locate mechanism "dane".Werner Koch2015-10-061-0/+1
| | | | | | | | | | | | | | | * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE. * g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode". * g10/options.h (AKL_DANE): New. * g10/getkey.c (get_pubkey_byname): Implement AKL_DANE. (parse_auto_key_locate): Ditto. -- To test this use gpg --auto-key-locate clear,dane,local --locate-key -v [email protected] Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove option --no-sig-create-check.Werner Koch2015-09-011-1/+0
| | | | | | | | | * g10/gpg.c (opts): Remove --no-sig-create-check. * g10/options.h (struct opt): Remove field no_sig_create_check. * g10/sign.c (do_sign): Always check unless it is RSA and we are using Libgcrypt 1.7. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make keyserver-option http_proxy work.Werner Koch2015-04-211-0/+1
| | | | | | | * g10/options.h (opt): Add field keyserver_options.http_proxy. * g10/keyserver.c (warn_kshelper_option): Add arg noisy. (parse_keyserver_options): Parse into new http_proxy field. * g10/call-dirmngr.c (create_context): Send the http-proxy option.
* gpg: Update sub-options of --keyserver-optionsWerner Koch2015-04-211-2/+2
| | | | | | | | | | | | | | | | | | | | | * g10/options.h (KEYSERVER_HTTP_PROXY): New. (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove. (KEYSERVER_TIMEOUT): New. * common/keyserver.h (KEYSERVER_TIMEOUT): Remove. * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files" and "keep-temp-files". Add "http-proxy" and "timeout". (parse_keyserver_options): Remove 1.2 compatibility option "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files" code. -- Note that many of these options where implicitly used by passing any unknown option down to the former keyserver helpers. The don't exist anymore thus we need to make them explicit. Another patch will convey them to dirmngr. Temp files are not anymore used thus they can be removed and will be ignored when used. Signed-off-by: Werner Koch <[email protected]>
* Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG.Werner Koch2015-04-061-7/+5
| | | | * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
* Fix use of DBG_CACHE and DBG_LOOKUPWerner Koch2015-04-061-1/+3
| | | | | | * dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192. * g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New. * g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
* gpg: Rename a debug macro.Werner Koch2015-04-061-2/+2
| | | | | * g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE. (DBG_CIPHER): Rename to DBG_CRYPTO.
* gpg: Add command --print-pka-records.Werner Koch2015-02-241-0/+1
| | | | | | | | | | | | | * g10/gpg.c (main): Add command --print-pka-records. * g10/options.h (struct opt): Add field "print_pka_records". * g10/keylist.c (list_keyblock_pka): New. (list_keyblock): Call it if new option is set. (print_fingerprint): Add mode 10. -- This is a fist step towards a slightly updated PKA implementation. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add option to print fingerprints in ICAO spelling.Werner Koch2015-02-231-0/+1
| | | | | | | | | * g10/gpg.c: Add option --with-icao-spelling. * g10/options.h (struct opt): Add with_icao_spelling. * g10/keylist.c (print_icao_hexdigit): New. (print_fingerprint): Print ICAO spelling. Signed-off-by: Werner Koch <[email protected]>
* gpg: Obsolete some keyserver helper options.Werner Koch2014-12-081-1/+0
| | | | | | | | | | | | | | | | | | * g10/options.h (opt): Remove keyserver_options.other. * g10/gpg.c (main): Obsolete option --honor-http-proxt. * g10/keyserver.c (add_canonical_option): Replace by ... (warn_kshelper_option): New. (parse_keyserver_uri): Obsolete "x-broken-http". -- Some of these options are deprecated for 10 years and they do not make any sense without the keyserver helpers. For one we print a hint on how to replace it: gpg: keyserver option 'ca-cert-file' is obsolete; \ please use 'hkp-cacert' in dirmngr.conf Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove option aliases --[no-]throw-keyid and --notation-data.Werner Koch2014-12-031-1/+1
| | | | | | | | | * g10/gpg.c (opts): Remove them. * g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users. -- See mails starting http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html
* Add option --no-autostart.Werner Koch2014-11-281-0/+1
| | | | | | | | | | | | | | * g10/gpg.c: Add option --no-autostart. * sm/gpgsm.c: Ditto. * g10/options.h (opt): Add field autostart. * sm/gpgsm.h (opt): Ditto. * g10/call-agent.c (start_agent): Print note if agent was not autostarted. * sm/call-agent.c (start_agent): Ditto. * g10/call-dirmngr.c (create_context): Likewise. * sm/call-dirmngr.c (start_dirmngr_ext): Ditto. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove PGP-2 related cruft.Werner Koch2014-11-131-1/+0
| | | | | | | | | | | | | | | | | | | | * g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash header. (fake_packet): Remove pgp-2 workaround for white space stripping. * g10/filter.h (armor_filter_context_t): Remove field pgp2mode. * g10/options.h (opt): Remove field pgp2_workarounds. * g10/gpg.c (main): Do not set this field. * g10/gpgv.c (main): Ditto. * g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash algo. Using MD5 here is useless. (proc_plaintext): Remove PGP-2 related woraround (proc_tree): Remove another workaround but keep the one for PGP-5. -- The removed code was either not anymore used or its use would have caused an error message later anyway. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add import options "keep-ownertrust".Werner Koch2014-11-121-0/+1
| | | | | | | | | | | | * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New. * g10/import.c (parse_import_options): Add "keep-ownertrust". (import_one): Act upon new option. -- This option is in particular useful to convert from a pubring.gpg to the new pubring.kbx in GnuPG 2.1 or vice versa: gpg1 --export | gpg2 --import-options keep-ownertrust --import
* gpg: Remove all support for v3 keys and always create v4-signatures.Werner Koch2014-10-171-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/build-packet.c (do_key): Remove support for building v3 keys. * g10/parse-packet.c (read_protected_v3_mpi): Remove. (parse_key): Remove support for v3-keys. Add dedicated warnings for v3-key packets. * g10/keyid.c (hash_public_key): Remove v3-key support. (keyid_from_pk): Ditto. (fingerprint_from_pk): Ditto. * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs. * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs, oForceV4Certs, oNoForceV4Certs. (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs, --no-force-v4-certs int dummy options. (main): Remove setting of the force_v3_sigs force_v4_certs flags. * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs. * g10/sign.c (hash_uid): Remove support for v3-signatures (hash_sigversion_to_magic): Ditto. (only_old_style): Remove this v3-key function. (write_signature_packets): Remove support for creating v3-signatures. (sign_file): Ditto. (sign_symencrypt_file): Ditto. (clearsign_file): Ditto. Remove code to emit no Hash armor line if only v3-keys are used. (make_keysig_packet): Remove arg SIGVERSION and force using v4-signatures. Change all callers to not pass a value for this arg. Remove all v3-key related code. (update_keysig_packet): Remove v3-signature support. * g10/keyedit.c (sign_uids): Always create v4-signatures. * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and change caller. -- v3 keys are deprecated for about 15 years and due the severe weaknesses of MD5 it does not make any sense to keep code around to use these old and broken keys. Users who need to decrypt old messages should use gpg 1.4 and best re-encrypt them to modern standards. verification of old (i.e. PGP2) created signatures is thus also not anymore possible but such signatures have no values anyway - MD5 is just too broken. We have also kept support for v3 signatures until now. With the removal of support for v3 keys it is questionable whether it makes any sense to keep support for v3-signatures. What we do now is to keep support for verification of v3-signatures but we force the use of v4-signatures. The latter makes the --pgp6 and --pgp7 switch a bit obsolete because those PGP versions require v3-signatures for messages. These versions of PGP are also really old and not anymore maintained so they have not received any bug fixes and should not be used anyway. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add build and runtime support for larger RSA keysDaniel Kahn Gillmor2014-10-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -- This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from STABLE-BRANCH-1-4 against master Some older implementations built and used RSA keys up to 16Kib, but the larger secret keys now fail when used by more recent GnuPG, due to secure memory limitations. Building with ./configure --enable-large-secmem will make gpg capable of working with those secret keys, as well as permitting the use of a new gpg option --enable-large-rsa, which let gpg generate RSA keys up to 8Kib when used with --batch --gen-key. Debian-bug-id: 739424 Minor edits by wk. GnuPG-bug-id: 1732
* gpg: Remove options --pgp2 and --rfc1991.Werner Koch2014-08-141-4/+2
| | | | | | | | | | | | | | * g10/gpg.c (oRFC1991, oPGP2): Remove (opts): Remove --pgp2 and --rfc1991. * g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users. (RFC2440, PGP2): Remove. Remove all code only enabled by these conditions. * tests/openpgp/clearsig.test: Remove --rfc1991 test. -- The use of PGP 2.c is considered insecure for quite some time now (e.g. due to the use of MD5). Thus we remove all support for _creating_ PGP 2 compatible messages.
* gpg: Remove --compress-keys and --compress-sigs feature.Werner Koch2014-08-141-2/+1
| | | | | | | | | | | | | * g10/gpg.c (oCompressKeys, oCompressSigs): Remove. (opts): Turn --compress-keys and --compress-signs in NOPs. * g10/options.h (opt): Remove fields compress_keys and compress_sigs. * g10/export.c (do_export): Remove compress_keys feature. * g10/sign.c (sign_file): Remove compress_sigs feature. -- These features are disabled in GnuPG since the very early days and they fulfill no real purpose. For now we keep the command line options as dummys.
* gpg: Add list-option "show-usage".Werner Koch2014-08-131-0/+1
| | | | | | | * g10/gpg.c (parse_list_options): Add "show-usage". * g10/options.h (LIST_SHOW_USAGE): New. * g10/keyid.c (usagestr_from_pk): Add arg FILL. Change caller. * g10/keylist.c (list_keyblock_print): Print usage info.
* Add new option --with-secret.Werner Koch2014-06-031-0/+1
| | | | | | | | | | | | | | | | | | | * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass.
* gpg: Reject signatures made with MD5.Werner Koch2014-03-171-0/+1
| | | | | | | | * g10/gpg.c: Add option --allow-weak-digest-algos. (main): Set option also in PGP2 mode. * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. * g10/sig-check.c (do_check): Reject MD5 signatures. * tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
* gpg: Add option --dirmngr-program.Werner Koch2014-03-121-0/+1
| | | | | | | | | | | * g10/gpg.c: Add option --dirmngr-program. * g10/options.h (struct opt): Add field dirmngr_program. * g10/call-dirmngr.c (create_context): Use new var. * dirmngr/dirmngr.c: Include gc-opt-flags.h. (main): Remove GC_OPT_FLAG_*. * tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ... * common/gc-opt-flags.h: here.
* gpg: Protect against rogue keyservers sending secret keys.Werner Koch2014-03-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_NO_SECKEY): New. * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new flag. * g10/import.c (import_secret_one): Deny import if flag is set. -- By modifying a keyserver or a DNS record to send a secret key, an attacker could trick a user into signing using a different key and user id. The trust model should protect against such rogue keys but we better make sure that secret keys are never received from remote sources. Suggested-by: Stefan Tomanek Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e7abed3448c1c1a4e756c12f95b665b517d22ebe) Resolved conflicts: g10/import.c g10/keyserver.c
* gpg: Change format for the key size in --list-key and --edit-key.Werner Koch2014-02-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode. * g10/options.h (struct opt): Add field legacy_list_mode. * g10/keydb.h (PUBKEY_STRING_SIZE): New. * g10/keyid.c (pubkey_string): New. * g10/import.c (import_one, import_secret_one): Use pubkey_string. * g10/keylist.c (print_seckey_info): Ditto. (print_pubkey_info, print_card_key_info): Ditto. (list_keyblock_print): Ditto. * g10/mainproc.c (list_node): Ditto. * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto. * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the format. (show_basic_key_info): Ditto. * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519". (openpgp_oid_to_curve): Downcase "ed25519" -- For ECC it seems to be better to show the name of the curve and not just the size of the prime field. The curve name does not anymore fit into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length format does not work either. Thus the new format uses "rsa2048" - RSA with 2048 bit "elg1024" - Elgamal with 1024 bit "ed25519" - ECC using the curve Ed25519. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". unless --legacy-list-mode is given. In does not anymore line up nicely in columns thus I expect further changes to this new format. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove cipher.h and put algo ids into a common file.Werner Koch2014-01-291-1/+2
| | | | | | | | | | | | | | | | | | * common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t) (compress_algo_t): New. * agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h. * g10/cipher.h (DEK): Move to ... * g10/dek.h: new file. * g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA) (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC) (PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT) (PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to * g10/packet.h: here. * g10/cipher.h: Remove. Remove from all files. * g10/filter.h, g10/packet.h: Include dek.h. * g10/Makefile.am (common_source): Remove cipher.h. Add dek.h. Signed-off-by: Werner Koch <[email protected]>
* gpg: Change armor Version header to emit only the major version.Werner Koch2013-11-271-1/+5
| | | | | | | | | | | | * g10/options.h (opt): Rename field no_version to emit_version. * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version to bump up opt.emit_version. * g10/armor.c (armor_filter): Implement different --emit-version values. -- GnuPG-bug-id: 1572 Signed-off-by: Werner Koch <[email protected]>
* Merge branch 'master' into key-storage-workWerner Koch2013-02-121-0/+1
|\
| * gpg: Add pinentry-mode feature.Werner Koch2013-02-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
* | New function log_clock.Werner Koch2013-01-071-0/+2
|/ | | | | | | | | | | * common/logging.c (log_clock): New. * g10/gpg.c (set_debug): Print clock debug flag. * g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New. -- To actually use log_clock you need to enable the code in logginc.c:log_check() and link against librt. --debug 4096 may then be used to enable it at runtime.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-5/+5
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Initial code checking for backup - not yet working.Werner Koch2011-01-101-18/+10
|
* Change stack size for Wince.Werner Koch2010-11-231-1/+1
| | | | | | Allow for a longer agent atartup under wince. Print gpg output via estream.
* More agent support for gpg.Werner Koch2010-10-131-0/+2
|
* Add new option --with-keygripWerner Koch2010-10-081-1/+2
|
* Exporting secret keys via gpg-agent is now basically supported.Werner Koch2010-10-011-2/+0
| | | | | | A couple of forward ported changes. Doc updates.
* Import OpenPGP keys into the agent.Werner Koch2010-08-311-1/+0
|
* Add dummu option --passwd for gpg.Werner Koch2010-01-081-2/+2
| | | | | Collected changes.
* Add gpgconf related dummy options default_pubkey_algo.Werner Koch2009-11-231-0/+1
| | | | | | Add option --skip-hidden-recipients Comment updates.
* [g13] Add RECIPEINT and CREATE command.Werner Koch2009-10-191-0/+5
| | | | | [sm] Chnage --include-certs default
* Implement the server comamnd DECRYPT.Werner Koch2009-10-021-0/+1
| | | | | | | Use int instead of gnupg_fd_t in the server. Comment fixes. Rename encr-data.c -> decrypt-data.c
* Reworked passing of envars to Pinentry.Werner Koch2009-07-071-5/+4
|
* Made --fixed-list-mode obsolete.Werner Koch2008-06-111-1/+0
|
* Enhanced --auto-key-locate.Werner Koch2008-04-081-1/+9
|
* Started to implement the audit log feature.Werner Koch2007-11-191-0/+2
| | | | | | | | Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry. Improved support for the quality bar. Minor internal restructuring. Translation fixes.
* Ported changes from 1.4.Werner Koch2007-10-251-3/+6
| | | | | Add copyright notices.
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* Ported multiple-messages protection.Werner Koch2007-03-051-2/+1
|
* Add new SVN only file README.maintWerner Koch2007-02-261-0/+1
| | | | | | | | | | | | | | | | doc/ * gpg.texi (GPG Configuration): Document envvar LANGUAGE. (GPG Configuration Options): Document show-primary-uid-only. g10/ * gpg.c (main): Add verify option show-primary-uid-only. * options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New. * mainproc.c (check_sig_and_print): Implement it. * encr-data.c (decrypt_data): Correctly test for unknown algorithm. * import.c (check_prefs): Ditto. * keyedit.c (show_prefs): Ditto. * mainproc.c (proc_symkey_enc): Ditto.
* Started to code a --server mode. Werner Koch2006-12-211-0/+6
| | | | | It is far from being ready!