aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* g10: Support key attribute change at --card-edit/generate.NIIBE Yutaka2018-03-293-77/+169
| | | | | | | | | | | | | | | | * g10/card-util.c (ask_card_rsa_keysize): Drop support for magic number 25519 for ed25519/cv25519. Rename from ask_card_keyattr. (ask_card_keyattr): Support ECC, as well as RSA. (do_change_keyattr): Support ECC dropping magical number 25519. * g10/keygen.c (ask_curve): Allow call from outside, adding last arg of CURRENT. (generate_keypair): Follow the change of ask_curve. (generate_subkeypair): Likewise. -- GnuPG-bug-id: 3781 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: check_pin_for_key_operation should be just before genkey.NIIBE Yutaka2018-03-291-7/+7
| | | | | | | | | | | | | * g10/card-util.c (generate_card_keys): Check PIN later. (card_generate_subkey): Likewise. -- Changing key attribute resets PIN authentication status. So, CHECKPIN should be after that, before key generation. Note that CHECKPIN is done for binding signature. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Change ask_curve so that it can be used outside.NIIBE Yutaka2018-03-282-30/+23
| | | | | | | | | | | | | | * g10/call-agent.h (struct key_attr): New. * g10/keygen.c (ask_curve): Return const char *. No allocation. (quick_generate_keypair): Follow the change. (generate_keypair, generate_subkeypair): Likewise. (parse_algo_usage_expire): Return const char *. -- This change is intended for using ask_curve from card-util.c. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Auto-fix a broken trustdb with just the version record.Werner Koch2018-03-261-0/+14
| | | | | | | * g10/tdbio.c (get_trusthashrec): Create hashtable on error. GnuPG-bug-id: 3839 Signed-off-by: Werner Koch <[email protected]>
* gpg: Pass CTRL arg to get_trusthashrec.Werner Koch2018-03-264-11/+15
| | | | | | | | * g10/tdbio.c (get_trusthashrec): Add arg CTRL. (tdbio_search_trust_byfpr): Ditto. (tdbio_search_trust_bypk): Ditto. Signed-off-by: Werner Koch <[email protected]>
* gpg: Return better error codes in case of a too short trustdb.Werner Koch2018-03-261-15/+16
| | | | | | | | | | | | | * g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF. (tdbio_new_recnum): Never return on error. (lookup_hashtable): Print a more descriptive error in case of !TABLE. -- Also: tdbio_new_recnum had a bug in that it returned an error code and not a record number in the error case. The function is expected to always return a valid new record number. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix trustdb updates without lock held.Werner Koch2018-03-261-10/+29
| | | | | | | | | | | | | | | | | | | | | | | * g10/tdbio.c (is_locked): Turn into a counter. (take_write_lock, release_write_lock): Implement recursive locks. -- On trustdb creation we have this call sequence: init_trustdb -> takes lock tdbio_set_dbname create_version_record tdbio_write_record put_record_into_cache -> takes lock put_record_into_cache -> releases lock init_trustdb -> releases lock The second take lock does noting but the first release lock has already released the lock and the second release lock is a thus a NOP. This is likely the cause for the corrupted trustdb as reported in GnuPG-bug-id: 3839 Signed-off-by: Werner Koch <[email protected]>
* gpg: Disable unused code parts in tdbio.cWerner Koch2018-03-261-3/+7
| | | | | | | | * g10/tdbio.c (in_transaction): Comment this var. (put_record_into_cache): Comment the transaction code. (tdbio_sync): Ditto Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: New option --request-origin.Werner Koch2018-03-233-0/+26
| | | | | | | | | | | | | | | * g10/gpg.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * g10/options.h (struct opt): Add field request_origin. * g10/call-agent.c (start_agent): Send option to the agent. * sm/gpgsm.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * sm/gpgsm.h (struct opt): Add field request_origin. * sm/call-agent.c (start_agent): Send option to the agent. Signed-off-by: Werner Koch <[email protected]>
* gpg: Implement --dry-run for --passwd.Werner Koch2018-03-221-1/+3
| | | | | | * g10/keyedit.c (change_passphrase): Take care of --dry-run. Signed-off-by: Werner Koch <[email protected]>
* scd: Support KDF DO setup.NIIBE Yutaka2018-03-223-1/+107
| | | | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse the capability for KDF. * g10/card-util.c (gen_kdf_data, kdf_setup): New. (card_edit): New admin command cmdKDFSETUP to call kdf_setup. * scd/app-openpgp.c (do_getattr): Emit KDF capability. -- GnuPG-bug-id: 3823 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Typo fix in comment.Werner Koch2018-03-211-4/+4
| | | | --
* gpg: Fix out-of-bound read in subpacket enumerationWerner Koch2018-03-211-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading the type octet. Print diagnostic. -- If the final subpacket has only a length header evaluating to zero and missing the type octet, a read could happen right behind the buffer. Valgrind detected this. Fix is obvious. Note that the further parsing of the subpacket is still okay because it always checks the length. Note further that --list-packets uses a different code path and already reported an error. Reported-by: Philippe Antoine He provided a test file copied below. Running "gpg -v --verify" on it triggered the bug. -----BEGIN PGP ARMORED FILE----- Comment: Use "gpg --dearmor" for unpacking kA0DAAoBov87N383R0QBrQJhYgZsb2wucHlaqTVWYnl0ZXMgPSBbMHg1LCAweDY0 LCAweDRjLCAweGM0LCAweDMsIDB4MCwgMHg0LCAweDAsIDB4YWMsIDB4YSwgMHhj MSwgMHhjMSwgMHgyLCAweDEsIDB4MiwgMHg3LCAweDQwLCAweDIsIDB4MiwgMHgy LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDJkLCAweGRkLCAweDIs IDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4 MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4NzcsIDB4ODcsIDB4MiwgMHgy LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAw eDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHg3NywgMHg4NywgMHgyLCAweDIsIDB4 MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4Miwg MHgyLCAweDIsIDB4MiwgMHgyLCAweDc3LCAweDg3LCAweDIsIDB4MiwgMHgyLCAw eDIsIDB4MiwgMHgyLCAweDIsIDB4MCwgMHhhZF0KCmZvciBpIGluIHJhbmdlKGxl bihieXRlcykpOgogICAgaWYgaSUxNiA9PSAwOgogICAgICAgIHByaW50CiAgICAg ICAgcHJpbnQgIiUwNngiICUgaSwKICAgIHByaW50ICIlMDJ4ICIgJSBieXRlc1tp XSwKiQJNBAABCgAeFiEEU+Y3aLjDLA3x+9Epov87N383R0QFAlqpNVYAAAoJEKL/ Ozd/N0dElccP/jBAcFHyeMl7kop71Q7/5NPu3DNULmdUzOZPle8PVjNURT4PSELF qpJ8bd9PAsO4ZkUGwssY4Kfb1iG5cR/a8ADknNd0Cj9/QA2KMVNmgYtReuttAjvn hQRm2VY0tvDCVAPI/z8OnV/NpOcbk8kSwE+shLsP7EwqL5MJNMXKqzm1uRxGNYxr 8TNuECo3DO64O2NZLkMDXqq6lg+lSxvDtXKxzKXgVC+GMtOE56lDwxWLqr39f9Ae Pn0q2fVBKhJfpUODeEbYSYUp2hhmMUIJL/ths9MvyRZ9Z/bHCseFPT58Pgx6g+MP q+iHnVZEIVb38XG+rTYW9hvctkRZP/azhpa7eO8JAZuFNeBGr4IGapwzFPvQSF4B wBXBu0+PPrV9VJVe98P4nw2xcuJmkn6mgZhRVYSqDIhY64bSTgQxb/pdtGwrTjtL WoUKVI+joLRPnDmwexH9+QJCB+uA6RsN/LqsQfDseyr40Z6dHJRqWGgP3ll6iZgw WF768uiIDJD8d4fegVnkpcH98Hm0I/dKsMR1MGV/sBxYC8mAOcOWwSPNGDqPlwwR eWPdr1O6CoYEWwiZMicSe0b5TsjB5nkAWMy7c9RyhtMJzCQ/hFpycpj0A0Zs+OGa eJQMZZV0s8AQZ04JzoX0zRpe0RcTyJn3Tr6QGbVi9tr+QdKHFuDMUqoX =qYZP -----END PGP ARMORED FILE----- Signed-off-by: Werner Koch <[email protected]>
* scd: Better user interaction for factory-reset.NIIBE Yutaka2018-03-161-6/+21
| | | | | | | | | | | | * g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte. Connect the card again at the last step. -- Before the change, a user has to quit the session to continue. Now, it is possible to type RET in the session and see if it's really done. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix build on Windows.NIIBE Yutaka2018-03-082-0/+5
| | | | | | | | | | -- WIN32_LEAN_AND_MEAN is required to avoid definitions of grp1, grp2, and grp3 in dlgs.h, which is included by windows.h. Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix regression in last --card-status patchWerner Koch2018-03-011-1/+1
| | | | | | | | | | -- Sorry, I accidentally pushed the last commit without having amended it with this fix. Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94 Signed-off-by: Werner Koch <[email protected]>
* gpg: Print the keygrip with --card-statusWerner Koch2018-03-013-7/+58
| | | | | | | | | | | | | | * g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and grp3. * g10/call-agent.c (unhexify_fpr): Allow for space as delimiter. (learn_status_cb): Parse KEYPARIINFO int the grpX fields. * g10/card-util.c (print_keygrip): New. (current_card_status): Print "grp:" records or with --with-keygrip a human readable keygrip. -- Suggested-by: Peter Lebbing <[email protected]> Signed-off-by: Werner Koch <[email protected]>
* gpg: Don't let gpg return failure on an invalid packet in a keyblock.Werner Koch2018-02-222-6/+3
| | | | | | | | | | | | * g10/keydb.c (parse_keyblock_image): Use log_info instead of log_error for skipped packets. * g10/keyring.c (keyring_get_keyblock): Ditto. -- log_info should be sufficient and makes this more robust. Some tools (e.g. Enigmail) are too picky on return codes from gpg. Signed-off-by: Werner Koch <[email protected]>
* g10: Select a secret key by checking availability under gpg-agent.NIIBE Yutaka2018-02-221-4/+11
| | | | | | | | | | | | * g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm by agent_probe_secret_key. (get_pubkey_fromfile, lookup): Supply WANT_SECRET argument. -- GnuPG-bug-id: 1967 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6)
* gpg: Fix reversed messages for --only-sign-text-ids.NIIBE Yutaka2018-02-151-2/+2
| | | | | | | | | | * g10/keyedit.c (keyedit_menu): Fix messages. -- GnuPG-bug-id: 3787 Fixes-commit: a74aeb5dae1f673fcd98b39a6a0496f3c622709a Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Update list of card vendors from masterWerner Koch2018-02-011-0/+2
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix the use of future-default with --quick-add-key.Werner Koch2018-01-181-12/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_part): Add arg clear_cert. (parse_key_parameter_string): Add arg suggested_use and implement fallback. Change callers to pass 0 for new arg. (parse_algo_usage_expire): Pass the parsed USAGESTR to parse_key_parameter_string so that it can use it in case a subkey is to be created. -- The problem here was that future-default gives the primary and subkey algorithm. However, when using future-default for adding a key, the second part was always used which is for encryption. If the caller now wanted to create a signing subkey using the future-default parameters this did not worked. gpg --batch --passphrase "" --quick-add-key FPR future-default encr aready worked as did gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign but gpg --batch --passphrase "" --quick-add-key FPR future-default sign does only work with this fix. GnuPG-bug-id: 3747 Signed-off-by: Werner Koch <[email protected]>
* gpg: Print all keys with --decrypt --list-only.Werner Koch2018-01-081-4/+6
| | | | | | | | | | | | | * g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for list-only and put the key into PKENC_LIST. (print_pkenc_list): Take care of the new error code. -- If the secret keys exist in --list-only mode it was not printed in --list-only mode. GnuPG-bug-id: 3718 Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow "futuredefault" as alias for "future-default".Werner Koch2018-01-011-6/+8
| | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and use case-insensitive matching (quick_generate_keypair): Ditto. (parse_algo_usage_expire): Ditto. -- The man page is sometimes rendered in a way that the hyphen may be not be considered as part of the string. And while at it we also allow case-insensitivity. GnuPG-bug-id: 3655 Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.Werner Koch2017-12-291-0/+7
| | | | | | | | | | * g10/keygen.c (gen_ecc): Map curve names. -- See https://lists.gnupg.org/pipermail/gnupg-users/2017-December/059619.html Signed-off-by: Werner Koch <[email protected]>
* gpg: Print a warning for too much data encrypted with 3DES et al.Werner Koch2017-12-132-5/+26
| | | | | | | | | | | | | | | * g10/filter.h (cipher_filter_context_t): Remove unused filed 'create_mdc'. Turn field 'header' into a bit field. Add new fields 'short_blklen_warn' and 'short_blklen_count'. * g10/cipher.c (write_header): Print a warning if MDC is not used. (cipher_filter): Print a warning for long messages encrypted with a short block length algorithm. -- Note that to test this warning in a reliable way compression needs to be disabled. Signed-off-by: Werner Koch <[email protected]>
* gpg: Simplify cipher:write_header.Werner Koch2017-12-131-6/+2
| | | | | | * g10/cipher.c (write_header): Use write_status_printf. Signed-off-by: Werner Koch <[email protected]>
* indent: Re-indent g10/cipher.cWerner Koch2017-12-131-103/+109
| | | | --
* gpg: Simplify default_recipient().Werner Koch2017-12-131-27/+22
| | | | | | | | | | | * g10/pkclist.c (default_recipient): Use hexfingerprint. -- Note that on malloc failure this function now returns NULL instead of terminating the process. However, under memory pressure any function called latter will very likely fail as well. Signed-off-by: Werner Koch <[email protected]>
* gpg: Return an error from hexfingerprint on malloc error.Werner Koch2017-12-135-33/+92
| | | | | | | * g10/keyid.c (hexfingerprint): Return NULL on malloc failure. Chnage all callers. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove some xmallocs.Werner Koch2017-12-131-7/+26
| | | | | | | | | | * g10/getkey.c (get_pubkeys): Do not use xmalloc. -- We eventually need to get rid of all xmallocs so that gpg won't fail easily when we make more use of the s server mode. Signed-off-by: Werner Koch <[email protected]>
* indent: Re-indent get_pubkeys.Werner Koch2017-12-131-59/+48
| | | | --
* gpg: default-preference-list: prefer SHA512.Daniel Kahn Gillmor2017-12-121-10/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (keygen_set_std_prefs): when producing default internal personal-digest-preferences, keep the same order. When publishing external preferences, state preference for SHA512 first. -- SHA-512 has a wider security margin than SHA-256. It is also slightly faster on most of the architectures on which GnuPG runs today. New keys should publish defaults that indicate we prefer the stronger, more performant digest. Specifically, this changes --default-preference-list from: SHA256 SHA384 SHA512 SHA224 to: SHA512 SHA384 SHA256 SHA224 This patch deliberately avoids touching --personal-digest-preferences (which itself would affect the default of --digest-algo and --cert-digest-algo), so that public-facing cleartext signatures and identity certifications will continue to be made with SHA256 by default. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* g10: Fix regexp sanitization.NIIBE Yutaka2017-12-041-1/+5
| | | | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (sanitize_regexp): Only escape operators. -- Backport from master commit: ccf3ba92087e79abdeaa0208795829b431c6f201 To sanitize a regular expression, quoting by backslash should be only done for defined characters. POSIX defines 12 characters including dot and backslash. Quoting other characters is wrong, in two ways; It may build an operator like: \b, \s, \w when using GNU library. Case ignored match doesn't work, because quoting lower letter means literally and no much to upper letter. GnuPG-bug-id: 2923 Co-authored-by: Damien Goutte-Gattat <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Do not read from uninitialized memory with --list-packets.Werner Koch2017-11-261-0/+6
| | | | | | | | | | | | | | | | | | * g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME. -- This actually does not harm because we merely display a buffer allocated by ourselves. However, we better tell Valgrind about it so that we don't need to track this thing down ever again. Test using a corrupted literal data packet: echo cb 0a 75 ff 59 ae 90 d5 74 65 73 74 | \ undump |\ valgrind gpg --list-packets >/dev/null Reported-by: Sebastian Schinzel Signed-off-by: Werner Koch <[email protected]>
* build: Update distsigkey.gpgWerner Koch2017-11-221-0/+0
| | | | --
* gpg: Fix memory leaking for long inputs via --command-fd.Werner Koch2017-11-221-1/+7
| | | | | | | | | | | * g10/cpr.c (do_get_from_fd): Free the old buffer. -- If the received input is longer than 200 characters we used to leak the previous allocated buffer. GnuPG-bug-id: 3528 Signed-off-by: Werner Koch <[email protected]>
* gpg: Print AKL info only in verbose mode.Werner Koch2017-11-151-2/+3
| | | | | | | | * g10/getkey.c (get_pubkey_byname): Print info only in verbose mode. -- GnuPG-bug-id: 3504 Signed-off-by: Werner Koch <[email protected]>
* g10: Unattended key generation "Key-Grip" and "Subkey-Grip".NIIBE Yutaka2017-11-061-9/+16
| | | | | | | | | | | | | | | * g10/keygen.c (pSUBKEYGRIP): New. (read_parameter_file): Add "Key-Grip" and "Subkey-Grip". (do_generate_keypair): Support pSUBKEYGRIP. -- In the manual, it says "Key-Grip". gpgsm also supports "Key-Grip". Adding "Subkey-Grip" now, adding "Key-Grip" makes sense. GnuPG-bug-id: 3478 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 6c63a04569c07c9c2817c7c530a92ccfa58155cc)
* g10: Simplify "factory-reset" procedure.NIIBE Yutaka2017-11-061-14/+0
| | | | | | | | | | | | | | | | | | | | | | | | * g10/card-util.c (factory_reset): Simplify. -- In this summer, I got report about old code before this change didn't work with newer Yubikey. I got another report test version of OpenPGP card V3.3 implementation didn't work, either. Then, I confirmed that according to the OpenPGP card specification, the procedure of old code is not expected by its author. This change simplify "factory-reset" as simple. Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this change. That's because the factory-reset feature of Gnuk was introduced by reading the implementation of GnuPG, instead of reading the specification. Gnuk 1.2.5 and later works well. All OpenPGPcard implementations I have work well (2.0, 2.1, 2.2, test version of 3). GnuPG-bug-id: 3286 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit d63b7966cdd72548c60466c620de5cd6104a779e)
* gpg: Introduce magic value 25519 to switch a card to ECC.Werner Koch2017-11-021-21/+54
| | | | | | | | | | | | | | | * g10/card-util.c (ask_card_keyattr): Handle special value 25519. (do_change_keyattr): Allow changing to cv25519/ed25519. (generate_card_keys): Ditto. (card_generate_subkey): Ditto. -- This is kludge to make it easier for gnuk to be switched into ECC mode. This is basically the same change as commit ea09b6cded9d31a8ebd91878553c3eaa2b76e817 but without the string change in show_keysize_warning. Signed-off-by: Werner Koch <[email protected]>
* gpg: Rename two card related functions in card-util.Werner Koch2017-11-021-6/+6
| | | | | | | | | | | | * g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr. (do_change_rsa_keysize): Rename to do_change_keyattr. -- We want to support other algos than RSA and thus we need a better name for the functions. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f795f4529d8ab5a05db1cc1960abd34390bfae1b)
* gpg: Avoid superfluous sig check info during import.Werner Koch2017-10-241-47/+96
| | | | | | | | | | | | | | * g10/key-check.c (print_info): New. (key_check_all_keysigs): Print sig checking results only in debug mode. Prettify the stats info and suppress them in quiet mode. -- This also makes usable stats by prefixing them with the key and the program name. GnuPG-bug-id: 3397 Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve the "secret key available" notice in keyedit.cWerner Koch2017-10-241-10/+26
| | | | | | | | | | | | | | | | * g10/keyedit.c (KEYEDIT_NEED_SUBSK): New. (cmds): Add this flag to keytocard, bkuptocard, expire, and passwd. (keyedit_menu): Check whether only subkeys are available and take care of that in the command check and in the HELP listing. Also print a different notice if only subkeys are available. -- Print "Secret key is available" and the bailing out in all commands which require the _primary_ secret key was surprising. Now we print another notice and adjust the checks. GnuPG-bug-id: 3463 Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove unused flags from keyedit.c.Werner Koch2017-10-241-39/+35
| | | | | | | | | | | * g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove. (cmds): Remove them. -- These flags were cruft from the time we had to switch between secret and public key view. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix creating on-disk subkey with on-card primary key.Werner Koch2017-10-191-0/+3
| | | | | | | | | | | | | | | | * g10/keygen.c (generate_subkeypair): Ignore error code issued for trying to verify a card based key. -- We try to verify the primary key and thus seed the passphrase cache before generating the subkey. However, the verification does not yet work for on-card keys and thus the PASSWD --verify send to the agent returns an error. This patch detects this error and continues without a seeded passphrase cache. After all that pre-seeding is just a convenience. GnuPG-bug-id: 3280 Signed-off-by: Werner Koch <[email protected]>
* gpg: Print sec/sbb with --import-option import-show or show-only.Werner Koch2017-10-191-1/+1
| | | | | | | | | | | | | * g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct. -- Note that this will likely add the suffix '#' top "sec" because the secret key has not yet (or will not be) imported. If the secret key already exists locally another suffix might be printed. The upshot is that the suffix has no usefulness. GnuPG-bug-id: 3431 Signed-off-by: Werner Koch <[email protected]>
* gpg: Make --dry-run and show-only work for secret keys.Werner Koch2017-10-191-1/+2
| | | | | | | | | | | | | * g10/import.c (import_secret_one): Check for dry-run before transferring keys. -- The use of --dry-run or --import-option show-only had no effect when importing a secret key and the public key already existed. If the public key did not exist an error message inhibited the import of the secret key. Signed-off-by: Werner Koch <[email protected]>
* g10: Fix find_and_check_key for multiple keyrings.NIIBE Yutaka2017-10-191-2/+5
| | | | | | | | | | | | | | | | | * g10/pkclist.c (find_and_check_key): Call get_validity on a specific keyblock. -- When we have multiple keyrings, get_validity after get_best_pubkey_byname should access same keyring. Or else, the situation of an expired key in keyring A but valid key in keyring B causes SEGV. Thanks to Guido Günther for the use case and the log. Debian-bug-id: 878812 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Keep a lock during the read-update/insert cycle in import.Werner Koch2017-10-193-3/+41
| | | | | | | | | | | | | | | | | | | | * g10/keydb.c (keydb_handle): New field 'keep_lock'. (keydb_release): Clear that flag. (keydb_lock): New function. (unlock_all): Skip if KEEP_LOCK is set. * g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if requested. -- That change is straightforward. It helps to avoid the race condition that another gpg process inserts a key while the first process is between the search and the insert. A similar change is due for gpgsm. Note that the key edit operations may still suffer from a race. GnuPG-bug-id: 3446
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-22 16:27:26 +0000