aboutsummaryrefslogtreecommitdiffstats
path: root/g10/options.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Do not allow compressed key packets on import.Werner Koch2025-05-161-1/+1
| | | | | | | | | | | | | | * g10/import.c (read_block): Bail out on compressed packets. * g10/options.h (COMPAT_COMPR_KEYS): New. * g10/gpg.c (compatibility_flags): Add "compr-keys". * common/util.h: Remove replacement code not any longer needed. (GPG_ERR_UNEXPECTED_PACKET): Add a new replacement code. -- Compressed key packets do not make much sense but historically they were supported. Thus we also add a compatibility flag. GnuPG-bug-id: 7014
* gpg: Add debug flag "recsel".Werner Koch2025-04-301-0/+2
| | | | | | | | | | | | * g10/gpg.c: Include recsel.h. (debug_flags): New flag "recsel". (set_debug): Set it. * g10/options.h (DBG_RECSEL_VALUE, DBG_RECSEL): New. * g10/import.c (impex_filter_getval): Add debug diagnostics. * g10/keylist.c (parse_and_set_list_filter): Dump the record filter. * common/recsel.c (recsel_debug): New variable. (recsel_set_debug): New function. (recsel_select): Add debug output if requested.
* gpg: New list options "show-trustsig"Werner Koch2025-04-291-0/+1
| | | | | | | * g10/options.h (LIST_SHOW_TRUSTSIG): New. * g10/gpg.c (parse_list_options): Add "show-trustsig". * g10/keylist.c (parse_trust_name): New. (list_signature_print): Print trust signature info.
* gpg: New option --disable-pqc-encryption.Werner Koch2025-02-061-0/+3
| | | | | | | | | | | | * g10/options.h (flags): Add field disable_pqc_encryption. * g10/gpg.c (oDisablePQCEncryption): New. (opts): Add --option. (main): Set option. * g10/getkey.c (finish_lookup): Skip subkeys if option is set. -- This option can be used to avoid the use of Kyber encryption subkeys if this does not make sense (i.e. protection of local files).
* gpg: New option --proc-all-sigsWerner Koch2024-08-231-0/+3
| | | | | | | | | | | | * g10/options.h (flags): Add proc_all_sigs. * g10/mainproc.c (proc_tree): Do not stop signature checking if this new option is used. * g10/gpg.c (oProcAllSigs): New. (opts): Add "proc-all-sigs". (main): Set it. -- GnuPG-bug-id: 7261
* gpg: New debug flag "keydb".Werner Koch2024-08-091-0/+2
| | | | | | | | | | | | * g10/options.h (DBG_KEYDB_VALUE): New. * g10/gpg.c (debug_flags): Add it. * g10/keydb.c: Replace all DBG_LOOKUP by DBG_KEYDB. * g10/keyring.c: Ditto. * g10/call-keyboxd.c: Ditto. -- Using "lookup" also for key search debugging was not a good idea. This uses a separate flag for the latter.
* gpg: New option --show-only-session-keyWerner Koch2024-06-241-1/+2
| | | | | | | | | | | | | | | | * g10/options.h (opt): Add show_only_session_key and turn show_session_key into a bit flag. * g10/gpg.c (oShowOnlySessionKey): New. (opts): Add "show-only-session-key". (main): Set flag. * g10/mainproc.c (proc_encrypted): Handle the new option. * g10/decrypt-data.c (decrypt_data): Ditto. Add compliance error flag to the DECRYPTION_INFO status line. -- This new option is somehow related to GnuPG-bug-id: 1825
* gpg: Rename recently added import option no-seckeys to only-pubkeys.Werner Koch2024-06-241-1/+1
| | | | | | | | | * g10/import.c (parse_import_options): Rename option. * g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS. Change all users. -- GnuPG-bug-id: 7146
* gpg: Autoload designated revoker key and ADSK when needed.Werner Koch2024-06-051-17/+22
| | | | | | | | | | | | | | | | * g10/options.h (opt): Move the definition of struct akl to global scope. * g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME. * g10/keygen.c (prepare_desig_revoker): Use it here. (prepare_adsk): and here. -- The revoker key is required before we create it along with a new key. This is because the we need to know the algo and also to make sure that the key really exists. GnuPG-bug-id: 7133
* gpg: New option --default-new-key-adsk.Werner Koch2024-06-031-0/+2
| | | | | | | | | | | | | | | | | | | | | * g10/options.h (opt): Add field def_new_key_adsks. * g10/gpg.c (oDefaultNewKeyADSK): New. (opts): Add --default-new-key-adsk. (main): Parse option. * g10/keyedit.c (menu_addadsk): Factor some code out to ... (append_adsk_to_key): new. Add compliance check. * g10/keygen.c (pADSK): New. (para_data_s): Add adsk to the union. (release_parameter_list): Free the adsk. (prepare_adsk): New. (get_parameter_adsk): New. (get_parameter_revkey): Remove unneeded arg key and change callers. (proc_parameter_file): Prepare adsk parameter from the configured fingerprints. (do_generate_keypair): Create adsk. -- GnuPG-bug-id: 6882
* indent: Fix spellingDaniel Kahn Gillmor2024-05-311-1/+1
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* gpg: New option --require-pqc-encryptionWerner Koch2024-04-241-0/+1
| | | | | | | | | | | | | * g10/gpg.c (oRequirePQCEncryption): New. (opts): Add option. (main): Set option. * g10/mainproc.c (print_pkenc_list): Print a warning. * g10/options.h (flags): Add flag require_pqc_encryption. * g10/getkey.c (finish_lookup): Skip non-pqc keys if the option is set. -- GnuPG-bug-id: 6815
* gpg: Mark disabled keys and add show-ownertrust list option.Werner Koch2024-04-171-0/+1
| | | | | | | | | | | | | | | * g10/options.h (LIST_SHOW_OWNERTRUST): New. * g10/keylist.c (print_key_line): Show wonertrust and always show whether a key is disabled. * g10/gpg.c (parse_list_options): Add "show-ownertrust". * g10/gpgv.c (get_ownertrust_string): Add stub. * g10/test-stubs.c (get_ownertrust_string): Add stub. -- Note that in a --with-colons listing the ownertrust has always been emitted and the disabled state is marked in that listing with a special 'D' usage.
* gpg: Prepare to use the fingerprint as fixed-info for Kyber.Werner Koch2024-04-121-3/+2
| | | | | | | | | | * g10/pubkey-enc.c (get_it): Use algo and fingerprint for the fixed-info. Keep a testing mode. * g10/options.h (COMPAT_T7014_OLD): New. * g10/gpg.c (compatibility_flags): Add "t71014-old" flag. -- GnuPG-bug-id: 6815
* gpg: new list-option store-x509-notations.Werner Koch2024-03-141-0/+1
| | | | | | | | | | * g10/options.h (LIST_STORE_X509_NOTATIONS): New. * g10/gpg.c (parse_list_options): Add "store-x509-notations". * g10/keylist.c (print_x509_notations): Add arg PK and code to write a file. (list_signature_print): Add arg lastpk and handle new option. (list_keyblock_print): Track last key or subkey and pass to list_signature_print.
* gpg: new list-option show-x509-notationsWerner Koch2024-03-121-0/+1
| | | | | | | | | | | * g10/gpg.c (parse_list_options): Add new option. * g10/options.h (LIST_SHOW_X509_NOTATIONS): New. * g10/build-packet.c (search_sig_notations): New. * g10/keylist.c (print_x509_notations): New. (list_signature_print): Use macros for the sig classes. Call print_x509_notations. (list_keyblock_print): Call list_signature_print if x509 notation printing is enabled.
* Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-03-121-5/+10
|\ | | | | | | | | | | | | | | -- Resolved conflicts: NEWS common/exechelp-w32.c configure.ac
| * gpg: Prepare for a new export option export-realclean.Werner Koch2024-03-041-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (EXPORT_REALCLEAN): New. Also re-assign other values to keep them more in sync with the corresponding import values. * g10/export.c (parse_export_options): Add "export-realclean". (do_export_stream): Call clean_all_uids directly with the options arg. * g10/import.c (import_one_real): Change for direct use of options in clean_all_uids. * g10/key-clean.c (is_trusted_key_sig): New. Stub for now. (clean_sigs_from_uid): Re-purpose self_only to a general options arg. Implement EXPORT_REALCLEAN code path. (clean_one_uid): Re-purpose self_only to a general options arg. (clean_all_uids): Ditto. * g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple flag. (menu_clean): Re-purpose self_only to a general options arg. * g10/keyid.c (fpr20_from_pk): Factor code out to .... (fpr20_from_fpr): new. Remove useless case for ARRAY being NULL. * g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use fpr20_from_fpr if needed. (tdbio_search_trust_bypk): Pass 20 for the fingerprint length. -- Note that this code has no function yet. Another patch will follow to extract the trusted-keys flag from the trustdb.
| * Allow tilde expansion for the foo-program options.Werner Koch2024-02-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try for opt.pinentry_program. Change definition accordingly. * g10/gpg.c (main): Use make_filename for agent_program, dirmngr_program, and keyboxd_program. Change definition accordingly. * sm/gpgsm.c (main): Ditto. * tools/gpg-card.c (parse_arguments): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpg-wks-client.c (parse_arguments): Likewise. Do it also for option --output. (process_confirmation_request): Print a note for a successful sent. -- GnuPG-bug-id: 7017
| * gpg: Add option --assert-pubkey_algo.Werner Koch2024-02-101-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
* | Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-01-261-0/+1
|\| | | | | | | | | | | | | | | -- Fixed conflicts: NEWS configure.ac doc/gpg.texi
| * gpg: Add sub-option ignore-attributes to --import-options.Werner Koch2024-01-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_IGNORE_ATTRIBUTES): New. * g10/import.c (parse_import_options): Add new sub-option. (read_block): Implement sub-option. -- Suggested-by: Robin H. Johnson Tested using the import-export feature: gpg --export KEY_WITH_PICTURE \ | gpg --import --import-options import-export,ignore-attributes \ | gpg --show-key
| * gpg: Add option --with-v5-fingerprintWerner Koch2023-09-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oWithV5Fingerprint): New. (opts): Add new option. (main): Set option. * g10/options.h (opt): Add with_v5_fingerprint. * g10/keyid.c (hash_public_key): Factor out to ... (do_hash_public_key): this. Add new arg to foce v5 style hashing. (v5_fingerprint_from_pk): New. (v5hexfingerprint): New. * g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys if the option is set. -- GnuPG-bug-id: 6705
* | gpg: Add option --with-v5-fingerprintWerner Koch2023-09-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oWithV5Fingerprint): New. (opts): Add new option. (main): Set option. * g10/options.h (opt): Add with_v5_fingerprint. * g10/keyid.c (hash_public_key): Factor out to ... (do_hash_public_key): this. Add new arg to foce v5 style hashing. (v5_fingerprint_from_pk): New. (v5hexfingerprint): New. * g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys if the option is set. -- GnuPG-bug-id: 6705
* | gpg: Add parallelized filter for hashing.NIIBE Yutaka2023-07-251-1/+3
|/ | | | | | | | | | | | | | | | | | | * g10/options.h (COMPAT_PARALLELIZED): New. * g10/filter.h (md_thd_filter_context_t): New type. (md_thd_filter_set_md, md_thd_filter): New. * g10/gpg.c (compatibility_flags): Update to support COMPAT_PARALLELIZED. * g10/mdfilter.c (struct md_thd_filter_context): New. (lock_md, unlock_md, get_buffer_to_hash, put_buffer_to_recv): New. (get_buffer_to_fill, put_buffer_to_send, md_thread): New. (md_thd_filter, md_thd_filter_set_md): New. * g10/sign.c (sign_file): Add support for md_thd_filter. (sign_symencrypt_file): Likewise. -- GnuPG-bug-id: 6570 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New option --debug-ignore-expiration to help with testing.Werner Koch2023-05-091-0/+1
| | | | | | | | | | | | | * g10/gpg.c (oDebugIgnoreExpiration): New. (opts): Add option. (main): Set flag. * g10/options.h (opt): Add field ignore_expiration. * g10/pkclist.c (do_we_trust): Handle the option. * g10/getkey.c (skip_unusable): Ditto. (finish_lookup): Ditto. -- GnuPG-bug-id: 2703
* gpg: New option --assert-signer.Werner Koch2023-04-051-0/+4
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner. (opts): Add "assert-signer". (main): Set option. (assert_signer_true): New var. (g10_exit): Evaluate new var. * g10/main.h (assert_signer_true): Declare new var. * common/status.h (STATUS_ASSERT_SIGNER): New. * g10/options.h (opt): Add field assert_signer_list. * g10/verify.c (is_fingerprint): New. (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call that function. Clear assert_signer_true on a warning. * g10/gpgv.c: Add dummy function and vars. * g10/t-keydb-get-keyblock.c: Ditto. * g10/t-keydb.c: Ditto. * g10/t-stutter.c: Ditto. --
* gpg: New option --add-desig-revokerWerner Koch2023-02-161-0/+3
| | | | | | | | | | | | * g10/gpg.c (oAddDesigRevoker): New. (opts): Add new option. * g10/options.h (opt): Add field desig_revokers. * g10/keygen.c (get_parameter_idx): New. (get_parameter): Make use of get_parameter_idx. (prepare_desig_revoker): New. (get_parameter_revkey): Add arg idx. (proc_parameter_file): Add designated revokers. (do_generate_keypair): Write all designated revokers.
* gpg: New list-option --show-unusable-sigs.Werner Koch2023-02-071-0/+1
| | | | | | | | | | | | | | | | | | | * g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New. * g10/gpg.c (parse_list_options): Add "show-unusable-sigs". * g10/keydb.h (keyid_eq): New. (pk_is_primary): New. * g10/keylist.c (list_signature_print): Early return for weak key signatures. Print "self-signature" instead of user-id. (list_keyblock_print): Simplify and always set self-sig node flag. -- This patch avoid the printing of often hundreds of "Invalid digest algorithm" notices during key signature listings if those key signatures were done with SHA1. The new option can be used to revert the behaviour. We now also print "[self-signature]" with --check-sigs or --list-sigs instead of the primary user id. This makes such listing easier to read.
* gpg: Replace --override-compliance-check by a real fix.Werner Koch2023-01-201-1/+0
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA. * g10/gpg.c (oOverrideComplianceCheck): Remove. (opts): Turn --override-compliance-check into a dummy option. * g10/options.h (opt): Remove override_compliance_check. * g10/sig-check.c (check_key_verify_compliance): Remove use of that option. -- The introduction of --override-compliance-check actually hid the real cause for the signature verification problem in de-vs mode for the Ed25519 key. The real fix is to handle the EdDSA algorithm in gnupg_pk_is_allowed. Fixes-commit: fb26e144adfd93051501d58f5d0d4f8826ddf436 GnuPG-bug-id: 5655
* gpg: Detect already compressed data also when using a pipe.Werner Koch2023-01-191-0/+1
| | | | | | | | | | | | | | | | | | | | | * common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature. (file_filter): Implement peeking. (iobuf_ioctl): Add new IOBUF_IOCTL_PEEK. * common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New. * common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF. * g10/encrypt.c (encrypt_simple): Peek before detecting compression. (encrypt_crypt): Ditto. * g10/sign.c (sign_file): Also detect already compressed data. * g10/options.h (opt): Add explicit_compress_option. * g10/gpg.c (main): Set opt.explicit_compress_option for -z. -- Note that this patch also introduces a compression check for signing which was never done in the past. GnuPG-bug-id: 6332
* gpg: New export option "mode1003".Werner Koch2022-12-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_export_key): Add option --mode1003. (command_has_option): Ditto. * g10/build-packet.c (do_key): Implement mode 1003. * g10/parse-packet.c (parse_key): Ditto. * g10/options.h (EXPORT_MODE1003): New.o * g10/call-agent.c (agent_export_key): Add arg mode1003. * g10/export.c (parse_export_options): Add "mode1003" (secret_key_to_mode1003): New. (receive_seckey_from_agent): Add arg mode1003. (do_export_one_keyblock): Pass option down. -- This option allows to export a secret key in GnuPG's native format. Thus no re-encryption is required and further the public key parameters are also authenticated if a protection passphrase has been used. Note that --import is not yet able to handle this new mode. Although old version of GnuPG will bail out with "invalid packet" if a mode1003 exported secret key is seen.
* gpg: New export-filter export-revocsWerner Koch2022-11-281-0/+1
| | | | | | | | | | | * g10/options.h (EXPORT_REVOCS): New. * g10/export.c (export_select_filter): New. (struct export_filter_attic_s): Add field. (cleanup_export_globals): Cleanup. (parse_export_options): Add option "export-revocs". (parse_and_set_export_filter): Parse the select type. (do_export_revocs): New. (do_export_stream): Add a way to select things for export.
* gpg: New list-options show-pref and show-pref-verbose.Werner Koch2022-11-041-0/+2
| | | | | | | | | * g10/options.h (LIST_SHOW_PREF): New. (LIST_SHOW_PREF_VERBOSE): New. * g10/gpg.c (parse_list_options): Add new options. * g10/keyedit.c (show_prefs): Factor code out to ... * g10/keylist.c (show_preferences): new. (list_keyblock_print): Call show_preferences.
* gpg: Allow only OCB for AEAD encryption.Werner Koch2022-10-311-2/+0
| | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (opts): New option--force-ocb as alias for force-aead. Turn --aead-algo and --personal-aead-preferences into dummy options. (build_list_md_test_algo, build_list_aead_algo_name): Remove. (my_strusage): Remove output of AEAD algos. (main): Remove code from the --aead options. * g10/encrypt.c (encrypt_seskey): Make file local. (use_aead): Remove requirement for rfc4880bis. Always return AEAD_ALGO_OCB. * g10/main.h (DEFAULT_AEAD_ALGO): Removed unused macro. * g10/misc.c (default_aead_algo): Remove. * g10/pkclist.c (select_aead_from_pklist): Return AEAD_ALGO_OCB or 0. (select_algo_from_prefs): Remove personal AEAD algo setting. * g10/keygen.c (keygen_set_std_prefs): Remove AEAD preference option parsing. * g10/options.h (opt): Remove def_aead_algo and personal_aead_prefs. -- Due to the meanwhile expired patent on OCB there is no more reason for using EAX. Thus we forcefully use OCB if the AEAD feature flag is set on a key.
* gpg: New option --compatibility-flagsWerner Koch2022-10-311-1/+7
| | | | | | | | | | | * g10/gpg.c (oCompatibilityFlags): New. (opts): Add option. (compatibility_flags): New list. (main): Set flags and print help. * g10/options.h (opt): Add field compatibility_flags. -- No flags are yet defined but it is good to have the framework.
* gpg: New option --require-compliance.Werner Koch2022-03-081-0/+3
| | | | | | | | | | | | | | * g10/options.h (opt): Add field flags.require_compliance. * g10/gpg.c (oRequireCompliance): New. (opts): Add --require-compliance. (main): Set option. * g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant. (check_sig_and_print): Ditto. * g10/encrypt.c (encrypt_crypt): Ditto. -- Note that in the --encrypt and --verify cased other checks may kick in earlier than this new --require-compliance controlled one.
* gpg,gpgsm: Add option --min-rsa-length.Werner Koch2021-11-181-0/+1
| | | | | | | | | | | | | | | * common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
* gpg: New option --override-compliance-checkWerner Koch2021-10-131-0/+1
| | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oOverrideComplianceCheck): New. (opts): Add new option. (main): Set option and add check for batch mode. * g10/options.h (opt): Add flags.override_compliance_check. * g10/sig-check.c (check_signature2): Factor complaince checking out to ... (check_key_verify_compliance): this. Turn error into a warning in override mode. -- There is one important use case for this: For systems configured globally to use de-vs mode, Ed25519 and other key types are not allowed because they are not listred in the BSI algorithm catalog. Now, our release signing keys happen to be Ed25519 and thus we need to offer a way for users to check new versions even if the system is in de-vs mode. This does on purpose not work in --batch mode so that scripted solutions won't accidently pass a signature check. GnuPG-bug-id: 5655
* gpg,sm: Simplify keyserver spec parsing.Werner Koch2021-06-161-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | * common/keyserver.h: Remove. * sm/gpgsm.h (struct keyserver_spec): Remove. (opt): Change keyserver to a strlist_t. * sm/gpgsm.c (keyserver_list_free): Remove. (parse_keyserver_line): Remove. (main): Store keyserver in an strlist. * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid an ambiguity in dirmngr by adding a prefix if needed. * g10/options.h (struct keyserver_spec): Move definition from keyserver.h to here. Remove most fields. * g10/keyserver.c (free_keyserver_spec): Adjust. (cmp_keyserver_spec): Adjust. (parse_keyserver_uri): Simplify. (keyidlist): Remove fakev3 arg which does not make any sense because we don't even support v3 keys. -- We now rely on the dirmngr to parse the keyserver specs. Thus a bad specification will not be caught immediately. However, even before that dirmngr had stricter tests. Signed-off-by: Werner Koch <[email protected]> Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
* gpg: Do not use import-clean for LDAP keyserver imports.Werner Koch2021-04-261-0/+3
| | | | | | | | | | | | | | | * g10/options.h (opts): New field expl_import_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we don't clean the key anymore so that key certifications are kept even if the public key has not yet been imported. See-commit: 6c26e593df51475921410ac97e9227df6b258618 GnuPG-bug-id: 5387
* gpg: Do not use self-sigs-only for LDAP keyserver imports.Werner Koch2021-04-131-0/+3
| | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status. * g10/options.h (opts): New field expl_import_self_sigs_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we can allow the import of key signature from LDAP keyservers by default. GnuPG-bug-id: 5387
* gpg: New option --no-auto-trust-new-key.Beta-2.3.0-beta1655Werner Koch2021-03-151-0/+2
| | | | | | | | | * g10/gpg.c (oNoAutoTrustNewKey): New. (opts): Add --no-auto-trust-new-key. (main): Set it. * g10/options.h (opt): Add flags.no_auto_trust_new_key. Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --force-sign-keyWerner Koch2021-03-111-0/+2
| | | | | | | | | | * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key". (main): Set it. * g10/options.h (opt): New flag flags.force_sign_key. * g10/keyedit.c (sign_uids): Use new flag. -- GnuPG-bug-id: 4584
* gpg: Do not allow old cipher algorithms for encryption.Werner Koch2021-02-101-0/+1
| | | | | | | | | | | | | | | | | | | * g10/gpg.c: New option --allow-old-cipher-algos. (set_compliance_option): Set --rfc4880bis explictly to SHA256 and AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440. * g10/options.h (opt): Add flags.allow_old_cipher_algos. * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note unless in --quiet mode. * g10/encrypt.c (setup_symkey): Disallow by default algos with a blocklengt < 128. (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES. * g10/pkclist.c (algo_available): Take care of old cipher also. (select_algo_from_prefs): Use AES as implicit algorithm by default. * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos. -- GnuPG-bug-id: 3415
* gpg: Remove support for PKA.Werner Koch2021-02-021-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oPrintPKARecords): Remove. (opts): Remove --print-pka-records. (main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff. * g10/options.h (EXPORT_DANE_FORMAT): Remove. (VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove. (KEYSERVER_HONOR_PKA_RECORD): Remove. * g10/packet.h (pka_info_t): Remove. (PKT_signature): Remove flags.pka_tried and pka_info. * g10/parse-packet.c (register_known_notation): Remove "[email protected]". * g10/pkclist.c (check_signatures_trust): Remove PKA stuff. * g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove. * g10/export.c (parse_export_options): Remove "export-pka". (do_export): Adjust for this. (write_keyblock_to_output): Ditto. (do_export_stream): Ditto. (print_pka_or_dane_records): Rename to ... (print_dane_records): this and remove two args. Remove PKA printing. * g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed pka_info field. * g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy. * g10/keyserver.c: Remove "honor-pka-record". (keyserver_import_pka): Remove. * g10/mainproc.c (get_pka_address): Remove. (pka_uri_from_sig): Remove. (check_sig_and_print): Remove code for PKA. -- PKA (Public Key Association) was a DNS based key discovery method which looked up fingerprint by mail addresses in the DNS. This goes back to the conference where DKIM was suggested to show that we already had a better method for this available with PGP/MIME. PKA was was later superseded by an experimental DANE method and is today not anymore relevant. It is anyway doubtful whether PKA was ever widely used. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove experimental feature to export w/o user-ids.Werner Koch2021-02-021-2/+0
| | | | | | | | | * g10/options.h (IMPORT_DROP_UIDS, EXPORT_DROP_UIDS): Remove. * g10/import.c (parse_import_options): Remove option import-drop-uids. (import_one_real): Remove drop uids code. (remove_all_uids): Remove function. * g10/export.c (parse_export_options): Remove option export-drop-uids. (do_export_one_keyblock): Remove drop uids code.
* gpg: New AKL method "ntds"Werner Koch2020-12-171-0/+1
| | | | | | | | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new support for KEYDB_SEARCH_MODE_MAIL. (ks_ldap_get): Add a debug. * g10/options.h (AKL_NTDS): New. * g10/keyserver.c (keyserver_import_ntds): New. (keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL. * g10/getkey.c (parse_auto_key_locate): Support "ntds". (get_pubkey_byname): Ditto.
* gpg: Sort the signatures in standard key listings.Werner Koch2020-10-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (parse_list_options): Add "sort-sigs". (main): Make it the default. * g10/options.h (LIST_SORT_SIGS): New. * g10/keylist.c (cmp_signodes): New. (list_keyblock_print): Sort signatures and factor signature printing code out to ... (list_signature_print): new. -- In particular together with --full-timestamps this makes it easier to see the history of key signatures and their revocations. The self-signatures are also printed first. To disable this --list-options no-sort-sigs can be used. Also don't print the annoying "no recocation reason specified" message. Signed-off-by: Werner Koch <[email protected]>
* gpg: New experimental import option "bulk-import"Werner Koch2020-09-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_BULK): New. * g10/import.c (parse_import_options): Add "bulk-import". * g10/call-keyboxd.c (in_transaction): New var. (gpg_keyboxd_deinit_session_data): Run a commit if in bulk import mode. (create_new_context): Run a begin transaction if in bulk import mode. -- Initial tests with this option are not very promising. Importing about 3000 real world keys with --use-keyboxd and full logging took: real 33m31.724s user 19m54.265s sys 2m49.662s With bulk-import this saves a mere 12%: real 29m36.542s user 19m3.391s sys 2m46.728s Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-07 22:06:30 +0000