aboutsummaryrefslogtreecommitdiffstats
path: root/g10/pubkey-enc.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Allow multiple --default-key options. Take the last available key.Neal H. Walfield2015-11-041-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <[email protected]> GnuPG-bug-id: 806
* Curve25519 support.NIIBE Yutaka2015-08-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | * agent/cvt-openpgp.c (get_keygrip): Handle Curve25519. (convert_secret_key, convert_transfer_key): Ditto. * common/openpgp-oid.c (oidtable): Add Curve25519. (oid_crv25519, openpgp_oid_is_crv25519): New. * common/util.h (openpgp_oid_is_crv25519): New. * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case with Montgomery curve which uses x-only coordinate. * g10/keygen.c (gen_ecc): Handle Curve25519. (ask_curve): Change the API and second arg is to return subkey algo. (generate_keypair, generate_subkeypair): Follow chage of ask_curve. * g10/keyid.c (keygrip_from_pk): Handle Curve25519. * g10/pkglue.c (pk_encrypt): Handle Curve25519. * g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve. * scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New. (send_key_attr): Work with general ECC, Ed25519, and Curve25519. (get_public_key): Likewise. (ecc_writekey): Handle flag_djb_tweak. -- When libgcrypt has Curve25519, GnuPG now supports Curve25519.
* gpg: Rename a debug macro.Werner Koch2015-04-061-2/+2
| | | | | * g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE. (DBG_CIPHER): Rename to DBG_CRYPTO.
* Use inline functions to convert buffer data to scalars.Werner Koch2015-02-111-2/+2
| | | | | | | | | | | | | | | * common/host2net.h (buf16_to_ulong, buf16_to_uint): New. (buf16_to_ushort, buf16_to_u16): New. (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New. -- Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to avoid all sign extension on shift problems. Hanno Böck found a case with an invalid read due to this problem. To fix that once and for all almost all uses of "<< 24" and "<< 8" are changed by this patch to use an inline function from host2net.h. Signed-off-by: Werner Koch <[email protected]>
* gpg: Replace remaining old error code macros by GPG_ERR_.Werner Koch2015-01-221-6/+6
| | | | | | | | | * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <[email protected]>
* Use a unique capitalization for "Note:".Werner Koch2014-10-101-2/+2
| | | | --
* ECC Fixes.NIIBE Yutaka2014-04-281-1/+1
| | | | | | | | | | | | | * agent/cvt-openpgp.c (get_keygrip, convert_secret_key) (convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which does not distinguish the detail. (do_unprotect, convert_from_openpgp_main): Don't call map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and not the value defined by OpenPGP. (convert_to_openpgp): It's "ecc". * agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove. * g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error. * g10/pubkey-enc.c (get_it): Fix swapping the fields error.
* gpg: Change pinentry prompt to talk about "secret key".Werner Koch2014-04-151-1/+1
| | | | | | | | | * g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings. * g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT) (FORMAT_KEYDESC_EXPORT): New. Use them for clarity. -- The use of the term "certificate" was more confusing than helpful.
* gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.Werner Koch2014-01-301-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a string. * g10/keygen.c (check_keygrip): Adjust for change. * sm/certreqgen-ui.c (check_keygrip): Likewise. * agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry. * g10/misc.c (map_pk_openpgp_to_gcry): Remove. (openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2. (openpgp_pk_test_algo2): Rewrite. (openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA. (openpgp_pk_algo_name): Rewrite to remove need for gcry calls. (pubkey_get_npkey, pubkey_get_nskey): Ditto. (pubkey_get_nsig, pubkey_get_nenc): Ditto. * g10/keygen.c(do_create_from_keygrip): Support EdDSA. (common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto. * g10/build-packet.c (do_key): Ditto. * g10/export.c (transfer_format_to_openpgp): Ditto. * g10/getkey.c (cache_public_key): Ditto. * g10/import.c (transfer_secret_keys): Ditto. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto. * g10/mainproc.c (proc_pubkey_enc): Ditto. * g10/parse-packet.c (parse_key): Ditto, * g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto. * g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name. * g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only OpenPGP algo ids and support EdDSA. * g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids. * g10/seskey.c (encode_md_value): Ditto. -- This patch separates Libgcrypt and OpenPGP public key algorithms ids and in most cases completely removes the Libgcrypt ones. This is useful because for Libgcrypt we specify the algorithm in the S-expressions and the public key ids are not anymore needed. This patch also adds some support for PUBKEY_ALGO_EDDSA which will eventually be used instead of merging EdDSA with ECDSA. As of now an experimental algorithm id is used but the plan is to write an I-D so that we can get a new id from the IETF. Note that EdDSA (Ed25519) does not yet work and that more changes are required. The ECC support is still broken right now. Needs to be fixed. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove cipher.h and put algo ids into a common file.Werner Koch2014-01-291-1/+0
| | | | | | | | | | | | | | | | | | * common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t) (compress_algo_t): New. * agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h. * g10/cipher.h (DEK): Move to ... * g10/dek.h: new file. * g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA) (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC) (PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT) (PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to * g10/packet.h: here. * g10/cipher.h: Remove. Remove from all files. * g10/filter.h, g10/packet.h: Include dek.h. * g10/Makefile.am (common_source): Remove cipher.h. Add dek.h. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make decryption with the OpenPGP card work.Werner Koch2013-08-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <[email protected]>
* Merge branch 'master' into key-storage-workWerner Koch2013-02-121-1/+3
|\
| * gpg: Add pinentry-mode feature.Werner Koch2013-02-071-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
* | gpg: Cache keybox searches.Werner Koch2013-01-081-0/+10
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/iobuf.c (iobuf_seek): Fix for temp streams. * g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls. * g10/keydb.c (dump_search_desc): New. (enum_keyblock_states, struct keyblock_cache): New. (keyblock_cache_clear): New. (keydb_get_keyblock, keydb_search): Implement a keyblock cache. (keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock) (keydb_rebuild_caches, keydb_search_reset): Clear the cache. -- Gpg uses the key database at several places without a central coordination. This leads to several scans of the keybox for the same key. To improve that we now use a simple cache to store a retrieved keyblock in certain cases. In theory this caching could also be done for old keyrings, but it is a bit more work and questionable whether it is needed; the keybox scheme is anyway much faster than keyrings. Using a keybox with 20000 384 bit ECDSA/ECHD keypairs and a 252 byte sample text we get these values for encrypt and decrypt operations on an Core i5 4*3.33Ghz system. The option --trust-model=always is used. Times are given in milliseconds wall time. | | enc | dec | dec,q | |-----------+-----+-----+-------| | key 1 | 48 | 96 | 70 | | key 10000 | 60 | 98 | 80 | | key 20000 | 69 | 106 | 88 | | 10 keys | 540 | 290 | 70 | The 10 keys test uses a mix of keys, the first one is used for decryption but all keys are looked up so that information about are printed. The last column gives decryption results w/o information printing (--quiet). The keybox is always scanned sequentially without using any index. By adding an index to the keybox it will be possible to further reduce the time required for keys stored to the end of the file.
* Add tweaks for the not anymore patented IDEA algorithm.Werner Koch2012-05-081-4/+0
| | | | | | | | | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 compatibility mode. * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. * common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this status anymore. -- To keep the number of actually used algorithms low, we want to support IDEA only in a basically read-only way (unless --pgp2 is used during key generation). It does not make sense to suggest the use of this old 64 bit blocksize algorithm. However, there is old data available where it might be helpful to have IDEA available.
* Don't print anonymous recipient messages in quiet mode.Werner Koch2011-11-221-3/+5
| | | | This is bug#1378.
* Allow NULL for free_public_key.Werner Koch2011-09-201-4/+2
|
* Finished ECC integration.ECC-INTEGRATION-2-1Werner Koch2011-02-031-4/+6
| | | | | | | | | | | | Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo the cleanups I did in the last week. Adjusted my own ChangeLog entries to be consistent with that entry. Nuked quite some trailing spaces; again sorry for that, I will better take care of not saving them in the future. "git diff -b" is useful to read the actual changes ;-). The ECC-INTEGRATION-2-1 branch can be closed now.
* Fixed the ECC interface to Libgcrypt to be ABI compatible with the previous ↵Werner Koch2011-01-311-1/+1
| | | | | | | | | | | | | | | | version. Quite some changes were needed but in the end we have less code than before. Instead of trying to do everything with MPIs and pass them back and forth between Libgcrypt and GnuPG, we know use the S-expression based interface and make heavy use of our opaque MPI feature. Encryption, decryption, signing and verification work with self-generared keys. Import and export does not yet work; thus it was not possible to check the test keys at https://sites.google.com/site/brainhub/pgpecckeys .
* Editorial cleanups of keygen.cWerner Koch2011-01-251-14/+15
| | | | | Also fixed a regression introduced by me in pubkey_enc.c. Added extra checks. Removed unused code.
* Editorial changes and allow building with old libgcrypts.Werner Koch2011-01-211-54/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | Changed order of some conditional to make to put the special case into the true branch. Indentation changes. Minor other changes to make the ECC code more similar to the rest of our code. It builds but many sefltests still fail. Need to fix that before using it with an ECDH enabled libgcrypt. [/] 2011-01-21 Werner Koch <[email protected]> * configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP. (HAVE_GCRY_PK_ECDH): Add new test. [agent/] 2011-01-21 Werner Koch <[email protected]> * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New. [include/] 2011-01-21 Werner Koch <[email protected]> * cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros because we now require libgcrypt 1.4.6. (GCRY_PK_ECDH): Add replacement.
* 'g10/gpg2 --encrypt --debug 15 -r ecdsa -a -o _e.asc _' and 'g10/gpg2 ↵Andrey Jivsov2011-01-111-3/+37
| | | | | | | | --debug 15 _e.asc', as well as decoding of an old message posted on https://sites.google.com/site/brainhub/pgpecckeys work. This is the milestone 2 that brings in ECDH support from http://code.google.com/p/gnupg-ecc/source/detail?r=15 . This corresponds to the commit 899386826c85f1e757e75bcc5d5b2159d05676a0 in libgcrypt
* Integrating http://code.google.com/p/gnupg-ecc/source/detail?r=15 .Andrey Jivsov2011-01-061-22/+40
| | | | | | | | | | The following works: gpg2 --gen-key (ECC) gpg2 --list-keys gpg2 --list-packets ~/.gnupg/pubring.gpg gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys> ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
* Make public key data structure easier to read.Werner Koch2010-10-201-1/+1
| | | | | Check vor v1 card while signing.
* More agent support for gpg.Werner Koch2010-10-131-28/+7
|
* Removed more secret key related code.Werner Koch2010-09-061-1/+1
| | | | | | It builds fine and passes some of the tests but there are quite some features which don't work yet.
* Provide a useful pinentry prompt.Werner Koch2010-04-271-1/+1
|
* Decryption and signi via agent is now implemented.Werner Koch2010-04-231-65/+60
|
* Re-indent and changed return type.Werner Koch2010-04-211-244/+275
|
* Generating an OpenPGP key cia gpg-agent basically works.Werner Koch2010-04-201-4/+4
|
* Add gpgconf related dummy options default_pubkey_algo.Werner Koch2009-11-231-0/+2
| | | | | | Add option --skip-hidden-recipients Comment updates.
* Add full Camellia support.David Shaw2009-06-051-2/+2
| | | | | | | | | | | | | | | | | | * configure.ac: Remove Camellia restriction. * gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia restriction. * misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and openpgp_cipher_get_algo_blklen to wrap around the corresponding gcry_* functions, but pass the algorithm number through map_cipher_openpgp_to_gcry. This is needed in case the gcry algorithm number doesn't match the OpenPGP number (c.f. Camellia). * encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c, seskey.c, passphrase.c, seckey-cert.c: Use new openpgp_cipher_* macros here.
* Use more warning options with modern GCCs.Werner Koch2008-10-171-1/+1
| | | | | Other minor changes.
* Support DSA2.Werner Koch2007-12-121-1/+1
| | | | | | Support Camellia for testing. More audit stuff.
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* No more warnings for AMD64 (at least when cross-compiling). Thus tehre is aWerner Koch2006-11-211-2/+3
| | | | | | | good chance that gpg2 will now work. Other cleanups. Updated gettext.
* With --enable-gpg the keyservers are now build and a first test using gpg2Werner Koch2006-08-161-0/+1
| | | | | shows no prblems. Needs more testing of course.
* A couple of fixes. gpg2's key generation does now work.Werner Koch2006-06-301-1/+1
|
* g10/ does build again.Werner Koch2006-05-231-3/+3
|
* Merged with gpg 1.4.3 code. Werner Koch2006-04-191-146/+158
| | | | | The gpg part does not yet build.
* Adjusted for use with current libgcrypt (1.1.42).Werner Koch2003-07-281-5/+2
|
* * options.h (DBG_CIPHER): Reintroduced it.Werner Koch2003-07-031-125/+161
| | | | | | | | | | | | | | | | | | * seskey.c (encode_session_key): Debug output of the session key. * pubkey-enc.c (get_it): Handle card case. * call-agent.c (agent_scd_pkdecrypt): New. * pkglue.c (pk_encrypt): Add RSA support. * g10.c (main): Default to --use-agent. * keygen.c (show_smartcard): Print info about the public key. (check_smartcard): Check for existing key here. (gen_card_key): And not anymore here. (fpr_is_zero): New. (generate_keypair): Generate both keys for a card. (smartcard_change_url): Nw.
* Fixes to the libgcrypt switch. Basically works now.Werner Koch2003-06-231-1/+1
|
* Finished the bulk of changes for gnupg 1.9. This included switchingWerner Koch2003-06-181-30/+35
| | | | | | | | | | | to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
* This commit was manufactured by cvs2svn to create branchRepo Admin2003-01-091-0/+307
| | | | 'GNUPG-1-9-BRANCH'.
* This commit was manufactured by cvs2svn to create branchRepo Admin2002-10-191-296/+0
| | | | 'GNUPG-1-9-BRANCH'.
* Update head to match stable 1.0David Shaw2002-06-291-109/+122
|
* See ChangeLog: Mon Sep 18 16:35:45 CEST 2000 Werner KochWerner Koch2000-09-181-4/+1
|
* See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner KochWerner Koch2000-07-311-1/+1
|
* See ChangeLog: Tue Jul 25 17:44:15 CEST 2000 Werner KochWerner Koch2000-07-251-25/+17
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 22:06:32 +0000