| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* g10/options.h (IMPORT_IGNORE_ATTRIBUTES): New.
* g10/import.c (parse_import_options): Add new sub-option.
(read_block): Implement sub-option.
--
Suggested-by: Robin H. Johnson
Tested using the import-export feature:
gpg --export KEY_WITH_PICTURE \
| gpg --import --import-options import-export,ignore-attributes \
| gpg --show-key
|
|
--
|
|
* g10/call-agent.c (agent_set_ephemeral_mode): New.
* g10/keyedit.c (keyedit_menu) <bkuptocard>: Switch to ephemeral mode.
* g10/keygen.c (do_generate_keypair): Switch to ephemeral mode for
card keys with backup.
--
GnuPG-bug-id: 6944
|
|
* g10/keygen.c (struct common_gen_cb_parm_s): New.
(common_gen): Add args common_gen_cb and common_gen_cb_parm. Adjust
all callers.
(do_generate_keypair): Clarify the code by using a better var name.
--
We may eventually also replace the long arg list with that object.
The immediate reason for this change is the followup commit.
|
|
* g10/keygen.c (curve_is_448): New.
(do_create_from_keygrip): Pass arg keygen_flags byref so that it can
be updated. Set v5 flag for X448.
(gen_ecc): Ditto.
(do_create): Change keygen_flags as above. For robustness change
checking for Ed448.
(do_generate_keypair): Change keygen_flags as above
(generate_subkeypair): Ditto.
(gen_card_key): Ditto. Support v5 keys.
--
GnuPG-bug-id: 6942
|
|
* g10/keygen.c (proc_parameter_file): Don't include RENC in the
default usage.
--
Testplan:
$ gpg --gen-key --batch <<EOF
Key-Type: EDDSA
Key-Curve: ed448
Key-Usage: cert
Name-Real: Meh Muh
Name-Email: [email protected]
Expire-Date: 2025-01-01
Passphrase: abc
subkey-type: ecdh
Subkey-curve: cv448
EOF
and check that the R flag does not show up in the usage.
|
|
* g10/getkey.c (parse_def_secret_key): Track reason for skipping keys.
--
GnuPG-bug-id: 4704
|
|
* g10/keygen.c (parse_revocation_key): Actually allow for v4
fingerprints.
--
Note that the use of the parameter file is deprecated.
GnuPG-bug-id: 6923
|
|
* g10/sign.c (do_sign): Skip compliance check for revocation certs.
--
It just does not make sense to inhibit the creation of revocations
depending on the compliance mode. We do this only for key revocation
but not for another kind of revocation because the rationale for uid
or subkey revocation is more complicated to explain.
|
|
* g10/parse-packet.c (parse_key): Detect the SKI algo 253.
--
As long as we have not yet implemented this we should at least be
able to detect this case.
|
|
* g10/keyedit.c (keyedit_quick_addkey): Emit a ERROR status line.
(keyedit_quick_addadsk): Ditto.
--
GnuPG-bug-id: 6880
|
|
* g10/call-agent.c (agent_probe_secret_key): Do not return an error
but 0.
* g10/getkey.c (finish_lookup): Improve the selection of secret keys.
--
GnuPG-bug-id: 6831
|
|
* g10/keydb.c (keydb_add_resource): Check the FLAGS to call
keybox_compress.
--
GnuPG-bug-id: 6811
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/call-keyboxd.c (keydb_default_status_cb): New.
(keydb_update_keyblock): Add new status callback.
(keydb_insert_keyblock): Ditto.
(keydb_delete_keyblock): Ditto.
(search_status_cb): Also try the new status callback.
* sm/keydb.c (keydb_default_status_cb): New.
(keydb_insert_cert): Add new status callback.
(keydb_delete): Ditto
(search_status_cb): Also try the new status callback.
--
GnuPG-bug-id: 6838
|
|
* common/miscellaneous.c (is_openpgp_compressed_packet)
(is_file_compressed): Moved to ...
* common/iobuf.c: ... in this file.
(is_file_compressed): Change the argument to INP, the iobuf.
* common/util.h (is_file_compressed): Remove.
* common/iobuf.h (is_file_compressed): Add.
* g10/cipher-aead.c (write_header): Don't call write_status_printf
here.
(cipher_filter_aead): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/cipher-cfb.c (write_header): Don't call write_status_printf
here.
(cipher_filter_cfb): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
after call of iobuf_push_filter.
(encrypt_crypt): Likewise.
* g10/sign.c (sign_file): Likewise.
--
Cherry-pick from master commit of:
2f872fa68c6576724b9dabee9fb0844266f55d0d
GnuPG-bug-id: 6481
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/call-agent.c (agent_get_passphrase): Call
assuan_begin_confidential and assuan_end_confidential.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
GnuPG-bug-id: 6654
The drawback of this solution is that we don't see any IPC lines from
the assuan_transact. Everything else would require larger changes to
libassuan.
|
|
* g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential
and assuan_end_confidential.
* sm/call-agent.c (default_inq_cb): Likewise.
--
Cherry pick from master commit of:
ec1446f9446506b5fbdf90cdeb9cbe1f410a657e
GnuPG-bug-id: 6654
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/openpgpdefs.h (SIGSUBPKT_META_HASH): New.
(SIGSUBPKT_TRUST_ALIAS): New.
|
|
* g10/card-util.c (write_sc_op_status): Emit 3 and 4 in status line.
* tools/card-call-scd.c (status_sc_op_failure): Likewise.
--
Cherry-pick from master commit of:
64f5f7b74e428b15205f6e8ae14dec84663c3076
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/keygen.c (card_store_key_with_backup): Fix memory leak on error.
|
|
* g10/keygen.c (parse_expire_string_with_ct): Use isotime2epoch_u64.
(parse_creation_string): Ditto.
--
GnuPG-bug-id: 6736
|
|
* g10/keygen.c (parse_expire_string_with_ct): Use new function
scan_secondsstr.
(parse_creation_string): Ditto.
--
Noet that we cap the seconds at the year 2106.
GnuPG-bug-id: 6736
|
|
* scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where
appropriate.
* common/util.h: Add error codes missing in gpgrt 1.46.
* agent/call-pinentry.c (unlock_pinentry): Handle
GPG_ERR_BAD_RESET_CODE.
(agent_askpin): Ditlo. Also simply condition.
(agent_get_passphrase): Ditto.
* g10/call-agent.c (status_sc_op_failure): Handle
GPG_ERR_BAD_RESET_CODE.
* g10/card-util.c (write_sc_op_status): Ditto.
* tools/card-call-scd.c (status_sc_op_failure): Ditto.
|
|
* g10/gpg.c (main): Ignore --no-utf8-strings only on Windows.
--
Fixes-commit: 8c41b8aac3efb78178fe1eaf52d8d1bbc44941a8
Reported-by: Ingo Klöcker
|
|
Modelled after key_expires/key_expires_d.
This should be useful to detect upcoming certification expiry, so the
certifications can be renewed in advance of the expiry.
Signed-off-by: Robin H. Johnson <[email protected]>
|
|
* g10/trustdb.c (tdb_clear_ownertrusts): Detect stale validity
records.
--
GnuPG-bug-id: 6399
This problem was introduced by an actually very useful patch
2002-12-13 David Shaw <[email protected]>
[...]
* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.
[the last part]
The bug exhibited itself only after signing a key, deleting that key
and then re-importing the original non-signed key.
|
|
* g10/keyid.c (hash_public_key): Do not pass the version.
--
Fixes-commit: 1f76cbca35133969ccccfa324d633556e19a386c
|
|
* g10/gpg.c (oWithV5Fingerprint): New.
(opts): Add new option.
(main): Set option.
* g10/options.h (opt): Add with_v5_fingerprint.
* g10/keyid.c (hash_public_key): Factor out to ...
(do_hash_public_key): this. Add new arg to foce v5 style hashing.
(v5_fingerprint_from_pk): New.
(v5hexfingerprint): New.
* g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys
if the option is set.
--
GnuPG-bug-id: 6705
|
|
* g10/keygen.c (enum para_name): Add pSUBKEYEXPIREDATE.
(proc_parameter_file): Add support for pSUBKEYEXPIREDATE.
(read_parameter_file): Add "Subkey-Expire-Date".
--
Cherry-pick from master commit of:
23bcb78d279ebc81ec9340356401d19cf89985f1
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/keygen.c (parse_expire_string_with_ct): New function, optionally
supply the creation time.
(parse_expire_string): Use parse_expire_string_with_ct with no
creation time.
(proc_parameter_file): Use parse_expire_string_with_ct possibly with
the creation time.
--
Cherry-pick from master commit of:
b07b5144ff6a9208ea27fe1e1518270bd22b382c
GnuPG-bug-id: 5252
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
GnuPG-bug-id: 6482
Signed-off-by: zhangguangzhi <[email protected]>
|
|
|
|
* common/iobuf.c (iobuf_get_filelength): Change return type to
uint64_t and remove the overflow args. For Windows always use
GetFileSizeEx which is available since the long EOL-ed Windows XP.
* g10/sign.c (write_plaintext_packet): Adjust for changed
iobuf_get_filelength.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto.
* g10/photoid.c (generate_photo_id): Ditto. Also add an upper limit.
* g10/filter.h (progress_filter_context_t): Change amount values to
use uint64_t.
* g10/progress.c (write_status_progress): Change accordingly.
--
GnuPG-bug-id: 6534
|
|
* common/iobuf.c (file_filter): Improve diagnostics.
* g10/build-packet.c (do_plaintext): Make sure to cache all error
cases.
--
GnuPG-bug-id: 6528
|
|
* g10/import.c (impex_filter_getval): Support new filter properties.
--
Here is how to list all subkeys expiring in the year 2061:
gpg --list-keys --list-filter
'select= sub/key_expires_d -gt 2061-01-01 \
&& sub/key_expires_d -lt 2061-12-31'
To list all primary key expirations, use the "pub/" prefix and to list
all expiration dates use no prefix.
GnuPG-bug-id: 6509
|
|
* g10/keygen.c (default_expiration_interval): Change.
--
This is a revision of
GnuPG-bug-id: 2701
|
|
* g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK.
* g10/getkey.c (finish_lookup): Skip ADKS keys.
--
If a key is searched by fingerprint or keyid and it happens that this
is an ADSK (subkey with the RENC usage), we need to skip this key
because it is not the key we actually want to encrypt to. The actual
ADSK key is taken later by looking at all subkeys of the actual
selected key.
This is related to
GnuPG-bug-id: 6504
|
|
* g10/keyedit.c (menu_addadsk): Request an exact search.
* g10/getkey.c (finish_lookup): Add an debug output.
--
GnuPG-bug-id: 6504
|
|
* g10/keyedit.c (keyedit_quick_sign): Return an error status line.
--
|
|
--
|
|
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--
This avoids the use of the VirtualStore uner Windows.
GnuPG-bug-id: 6503
|
|
* g10/gpg.c (oDebugIgnoreExpiration): New.
(opts): Add option.
(main): Set flag.
* g10/options.h (opt): Add field ignore_expiration.
* g10/pkclist.c (do_we_trust): Handle the option.
* g10/getkey.c (skip_unusable): Ditto.
(finish_lookup): Ditto.
--
GnuPG-bug-id: 2703
|
|
* g10/keyedit.c (no_usable_encr_subkeys_warning): New.
(keyedit_menu): Call it after running an expire command.
* g10/import.c (import_one_real): Call it in the show_key case.
--
|
|
* kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k
(stream_buffers): New var.
(keybox_set_buffersize): New.
(_keybox_ll_open, _keybox_ll_close): Implement buffering.
* sm/gpgsm.c (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.
* g10/gpg.c: Include keybox.h.
* (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.
--
Running a test on Windows using a pubring.kbx with
Total number of blobs: 2098
openpgp: 1294
x509: 803
and a size of 42MiB with
gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul
gives these performance figures using procmon
| N(k) | file events | time(s) |
|------+-------------+---------|
| 0 | 4900000 | 86 |
| 16 | 2456000 | 58 |
| 32 | 1233000 | 43 |
| 64 | 622000 | 37 |
| 128 | 317000 | 32 |
| 256 | 164000 | 31 |
| 512 | 88000 | 30 |
Using _open instead of CreateFile give the same number of file events
but increased the time slight by one second for the measured buffer
size of 64k and 128k. Benchmarks for gpg have not been conducted.
|
|
* g10/import.c (do_transfer): Force the overridden key import
even when smartcard is available.
--
Fixes-commit: 2c1297055041b4657ea1a927acac978c2b09a483
GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (cmd_keytocard): Add new arg for ECDH params.
* scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to
compute the fingerprint.
* g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str.
* g10/keyid.c (ecdh_param_str_from_pk): New.
* g10/card-util.c (card_store_subkey): Pass ECDH params to writekey.
* g10/keygen.c (card_store_key_with_backup): Ditto.
* scd/app-openpgp.c (store_fpr): Add arg update.
(rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid
writing the fingerprint back to the card if not set.
(read_public_key): Also add arg meta_update.
(get_public_key): Do not pass it as true here...
(do_genkey): ... but here.
(rsa_write_key, ecc_writekey): Force string the fingerprint.
--
The problem showed up because in 2.4 we changed the standard ECDH
parameter some years ago. Now when trying to write an ECDH key
created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong
fingerprint and thus gpg was not able to find the key again by
fingerprint.
The patch also avoids updating the stored fingerprint in certain
situations.
This fix is somewhat related to
GnuPG-bug-id: 6378
|
|
* g10/card-util.c (current_card_status): Print a hint for fishy
outputs.
(enum cmdids): Add cmdOPENPGP.
(cmds): Add "openpgp".
(card_edit): Implement that command.
--
If a Yubikey has been used in PIV mode the initial listing does not
look correct. Although we explicitly switch to the OpenPGP app when
needed, we don't want to do this in listing mode. Instead we offer a
new command "openpgp" to force the openpgp mode. The ultimate goal
will be to enhance the gpg-card tool to completely take over the
--card-edit features. But we are not yet there.
GnuPG-bug-id: 6462
|
|
* g10/call-agent.c (agent_scd_switchapp): New.
* g10/card-util.c (get_info_for_key_operation): Call it.
--
It may happen that the active card was last used for PIV and in that
case certain commands will fail because they assume the OpenPGP app.
Fortunately we have a pretty central place to assure that the right
app has been selected.
The bug can be easily noticed on Windows.
GnuPG-bug-id: 6378
|
|
* g10/import.c (do_transfer): Force importing when it's card
reference.
--
GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/import.c (transfer_secret_keys): Only emit a warning when secret
key is not encrypted.
--
Fixing-commit: dbfb7f809b89cfe05bdacafdb91a2d485b9fe2e0
GnuPG-bug-id: 6322
Signed-off-by: NIIBE Yutaka <[email protected]>
|
