aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* regexp: Fix use of regexp in g10/trustdb.c.NIIBE Yutaka2020-02-121-20/+2
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* regexp: Use regexp/libregexp.a by gpg frontend.NIIBE Yutaka2020-02-121-1/+1
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Improve key creation direct from the card.Werner Koch2020-02-113-26/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (readkey_status_cb): New. (agent_scd_readkey): Add new arg r_keytime and allow NULL for r_result. Change all callers. (agent_readkey): Minor code reformatting. * g10/keygen.c (pCARDKEY): New. (struct para_data_s): Add u.bool. (get_parameter_bool): New. (do_create_from_keygrip): Add arg cardkey and make use of it. (ask_algo): Add args r_cardkey and r_keytime. Read the keytime of the selected card key and return it. (generate_keypair): Store CARDKEY and KEYTIME. (do_generate_keypair): Pass CARDKEY to do_create_from_keygrip. (generate_subkeypair): Ditto. -- This allows to first create keys on the card (e.g. using gpg-card) even without having any public key for OpenPGP. Then the key generation option 14 (cardkey) can be used to create a primary OpenPGP key from the key on the card. There are still a couple of problems related to the agent which creates the stub key and may run into problems if creating a second key from the card. This will be fixed in a future patch. Signed-off-by: Werner Koch <[email protected]>
* common: Extend the openpgp_curve_to_oid function.Werner Koch2020-02-114-6/+7
| | | | | | | | | * common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS. Change all callers. -- In particular for ed25519 and cv25519 it is quite useful to have an ability to get the required algorithm.
* build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.Werner Koch2020-02-104-9/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | * common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only here but now without the Norcroft-C. Change all other places where it gets defined. * common/iobuf.h (iobuf_debug_mode): Declare unconditionally as extern. * common/iobuf.c (iobuf_debug_mode): Define it here. * agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in all main modules of all other programs. * g10/main.h: Put util.h before the local header files. -- This change is required for use with gcc/ld's LTO feature which does not allow common blocks. Further gcc 10 will make -fno-common the default and thus this chnage is always needed. What a pitty. Co-authored-by: Tomáš Mráz GnuPG-bug-id: 4831 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 21d9bd8b87a9f793a106095e3838eb71825189d7) - Applied respective chnages also to gpg-card and keyboxd. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make really sure that --verify-files always returns an error.Werner Koch2020-02-101-5/+13
| | | | | | | | | | | | | | | | * g10/verify.c (verify_files): Track the first error code. -- It seems to be possible to play tricks with packet structures so that log_error is not used for a bad input data. By actually checking the return code and let the main driver in gpg call log_error, we can fix this case. Note that using gpg --verify-files and relying solely on gpg's return code is at best a questionable strategy. It is for example impossible to tell which data has been signed. Signed-off-by: Werner Koch <[email protected]>
* scd:openpgp: Let the genkey function also accept a full keyref.Werner Koch2020-02-091-1/+1
| | | | | | | | | | | * scd/app-openpgp.c (send_key_attr): Use log_assert. (do_genkey): Allow prefix. -- It is more uniform to always use full keyref (e.g. "OPENPGP.1") instead of just the key number. Signed-off-by: Werner Koch <[email protected]>
* common: New function get_keyalgo_string.Werner Koch2020-02-091-1/+4
| | | | | | | | | | | | | | | | | * common/openpgp-oid.c (struct keyalgo_string_s): New. (keyalgo_strings): New. (keyalgo_strings_size, keyalgo_strings_used): New. (get_keyalgo_string): New. -- This function is intended as a more general version of gpg's pubkey_string function. It has the advantage to avoid mallocs and uses static table of algorithm strings instead. There should be only a few dozen of such strings (if at all) and thus all those allocations we do internally in gpg's pubkey_string and the static buffers all over the place are not too nice. Signed-off-by: Werner Koch <[email protected]>
* common: Add OpenPGP<->Gcrypt pubkey id mapping functions.Werner Koch2020-02-093-20/+4
| | | | | | | | | * g10/misc.c (map_pk_gcry_to_openpgp): Move to ... * common/openpgp-oid.c (map_gcry_pk_to_openpgp): here and rename. Change all 4 callers. (map_openpgp_pk_to_gcry): New. Signed-off-by: Werner Koch <[email protected]>
* card: Add new OpenPGP card vendor.Werner Koch2020-01-281-0/+1
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix printing of keyring name (regression in master)Werner Koch2020-01-211-1/+1
| | | | | | | | * g10/keydb.c (keydb_get_resource_name): -- Fixes-commit: aba82684fe14289cf62b4694bc398f3a274b4762 Signed-off-by: Werner Koch <[email protected]>
* card: Add new OpenPGP card vendorWerner Koch2020-01-211-0/+1
| | | | --
* build: Require libgpg-error 1.37Werner Koch2020-01-211-1/+1
| | | | --
* gpg: Prefer card key on use in multiple subkeys situation.NIIBE Yutaka2020-01-172-42/+80
| | | | | | | | | | | | | * g10/call-agent.c (keyinfo_status_cb): Parse more fields. (agent_probe_secret_key): Use KEYINFO and returns bigger value representing the preference. * g10/getkey.c (finish_lookup): For subkeys, select one by using value of agent_probe_secret_key. -- GnuPG-bug-id: 3416 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Prepare enhancement of agent_probe_secret_key.NIIBE Yutaka2020-01-178-26/+32
| | | | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_probe_secret_key): Change semantics of return value. * g10/call-agent.h (agent_probe_secret_key): Change comment. * g10/delkey.c (do_delete_key): Follow the change. * g10/getkey.c (get_seckey, parse_def_secret_key): Likewise. (finish_lookup, have_secret_key_with_kid): Likewise. * g10/gpgv.c (agent_probe_secret_key): Likewise. * g10/keyedit.c (keyedit_menu, quick_find_keyblock): Likewise. (show_key_with_all_names_colon): Likewise. * g10/revoke.c (gen_desig_revoke, gen_revoke): Likewise * g10/test-stubs.c (agent_probe_secret_key): Likewise. -- GnuPG-bug-id: 3416 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Print better debug info in case of broken sig subpackets.Werner Koch2020-01-161-1/+4
| | | | | | | | | | | | | | | | | * g10/parse-packet.c (enum_sig_subpkt): Print a hexdump. -- A test key for this is 02DF08F5FD356BF27F5F7B838921B5DCCD15A883 . A key listing in verbose mode will now yield gpg: DBG: buffer shorter than subpacket (10/9/25);\ dump: 19100d87e54973647cff The error here is that the packet length is 0x19 but what follows is a long keyid (subpacket 16) which is shorter. The debug output might be helpful to better analyze broken signatures. Signed-off-by: Werner Koch <[email protected]>
* gpg: Use "SCD KEYINFO" to get available card keys.NIIBE Yutaka2020-01-161-80/+29
| | | | | | | | | | | | | * g10/skclist.c (enum_secret_keys): Don't use agent_scd_cardlist and agent_scd_serialno, but agent_scd_keyinfo. -- When there are multiple cards/tokens, this change can avoid switching card of foreground access. GnuPG-bug-id: 4784 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Add agent_scd_keyinfo to retrieve available card keys.NIIBE Yutaka2020-01-162-1/+178
| | | | | | | | * g10/call-agent.c (card_keyinfo_cb, agent_scd_free_keyinfo) (agent_scd_keyinfo): New. * g10/call-agent.h: Define new functions. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: default-key: Simply don't limit by capability.NIIBE Yutaka2020-01-161-5/+0
| | | | | | | | | | * g10/getkey.c (parse_def_secret_key): Remove the check. -- GnuPG-bug-id: 4810 Fixes-commit: e573e6188dada4d70f6897aa2fda3c3af8c50441 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Cert only key should be usable with --default-key.NIIBE Yutaka2020-01-151-1/+2
| | | | | | | | | | * g10/getkey.c (parse_def_secret_key): Allow cert-only key. -- GnuPG-bug-id: 4810 Fixes-commit: e573e6188dada4d70f6897aa2fda3c3af8c50441 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,sm: Avoid useless ASFW diagnostic in loopback mode.Werner Koch2020-01-131-0/+9
| | | | | | | | | | | * common/sysutils.c (inhibit_set_foregound_window): New var. (gnupg_inhibit_set_foregound_window): New func. (gnupg_allow_set_foregound_window): Use var. * g10/gpg.c (main): Inhibit in loopback mode. * sm/gpgsm.c (main): Ditto. -- Signed-off-by: Werner Koch <[email protected]>
* scd: Minor fix for readibility.Werner Koch2020-01-031-1/+1
| | | | | | | | | | | | * scd/command.c (open_card_with_request): Use NULL instead of APPTYPE_NULL. -- Using the enum is wrong because a string is expected. However it did harm anything because the value of the enum is 0 and thus equivalent to NULL. Signed-off-by: Werner Koch <[email protected]>
* Update wk's signing keyWerner Koch2020-01-011-0/+0
| | | | | | -- The expiration time of that smartcard based key has been prolonged by 2 years.
* gpg: Fix output of --with-secret if a pattern is given.Werner Koch2019-12-231-8/+25
| | | | | | | | | | | | | * g10/keylist.c (list_one): Probe for a secret key in --with-secret mode. -- In contrast to list_all(), list_one() did not tests for a secret key and took MARK_TRUSTED verbatim as an indication for "secret key available". GnuPG-bug: 4061 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Tell gpg about WKD looks resulting from a cache.Werner Koch2019-12-061-2/+7
| | | | | | | | | | | | | * dirmngr/server.c (proc_wkd_get): Print new NOTE status "wkd_cached_result". * g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein verbose mode. -- This little patch is helpful to see why a WKD change still does not work after it has been updated on the server. Signed-off-by: Werner Koch <[email protected]>
* gpg: Use AKL for angle bracketed mail address with -r.Werner Koch2019-12-041-6/+31
| | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_byname): Extend is_mbox checking. (get_best_pubkey_byname): Ditto. -- With this patch it is now possible to use gpg -e -r '<[email protected]>' and auto key locate will find the key. Without that a plain mail address; i.e. gpg -e -r '[email protected]' was required. GnuPG-bug-id: 4726 Signed-off-by: Werner Koch <[email protected]>
* gpg: Change the way v5 fingerprints are printed.Werner Koch2019-11-283-16/+7
| | | | | | | | | | | | | * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): Increase by one. * g10/keyid.c (format_hexfingerprint): Change v5 key formatting. -- The new format are groups of 5 letters to resemble the CW speed measurement rules. Many hams are used to such blocks from their CW lessons. Note that there is no double blank in the middle as with the v4 keys. Signed-off-by: Werner Koch <[email protected]>
* gpg: Implement insert, update, and delete via keyboxd.Werner Koch2019-11-281-7/+96
| | | | | | | | | | | | * g10/call-keyboxd.c (struct store_parm_s): New. (store_inq_cb): New. (keydb_update_keyblock): Implement the keyboxd part. (keydb_insert_keyblock): Ditto. (keydb_delete_keyblock): Ditto. (keydb_search_reset): Clear ubid flag. Also use the correct union member for building the search string. Signed-off-by: Werner Koch <[email protected]>
* kbx: Redefine the UBID which is now the primary fingerprint.Werner Koch2019-11-283-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/util.h (UBID_LEN): New. Use it at all places. * kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item. * kbx/keybox-dump.c (print_ubib): Remove. (_keybox_dump_blob): Do not print the now removed ubid flag. * kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants for the size of the ubid and grip. * kbx/keybox-search.c (blob_cmp_ubid): New. (has_ubid): Make it a simple wrapper around blob_cmp_ubid. (keybox_get_data): Add arg 'r_ubid'. * kbx/frontend.h (enum kbxd_store_modes): New. * kbx/kbxserver.c (cmd_store): Add new option --insert. * kbx/backend-cache.c (be_cache_initialize): New. (be_cache_add_resource): Call it here. * kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'. (be_kbx_search): Get the UBID from keybox_get_data. * kbx/backend-support.c (be_fingerprint_from_blob): Replace by ... (be_ubid_from_blob): new. Change all callers. * kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but use the new cache init function. (kbxd_store): Replace arg 'only_update' by 'mode'. Seek using the ubid. Take care of the mode. -- It turned out that using the hash of the entire blob was not helpful. Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint of the blob. In case this is a v5 OpenPGP key a left truncated version of the SHA-256 hash is used; in all other cases the full SHA-1 hash. Using a SHA-256 hash does not make sense because v4 keys are and will for some time be the majority of keys and thus padding them with zeroes won't make any difference. Even if fingerprint collisions can eventually be created we will assume that the keys are bogus and that it does not make sense to store its twin also in our key storage. We can also easily extend the update code to detect a collision and reject the update. Signed-off-by: Werner Koch <[email protected]>
* gpg: Move a keydb function to another file.Werner Koch2019-11-273-42/+46
| | | | | | | * g10/keydb.c (build_keyblock_image): Move to ... * g10/build-packet.c (build_keyblock_image): here. Signed-off-by: Werner Koch <[email protected]>
* dirmngr,gpg: Better diagnostic in case of bad TLS certificates.Werner Koch2019-11-181-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | * doc/DETAILS: Specify new status code "NOTE". * dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a bad TLS certificate. * g10/call-dirmngr.c (ks_status_cb): Detect this status. -- For example a gpg -v --locate-external-keys [email protected] now yields gpg: Note: server uses an invalid certificate gpg: (further info: bad cert for 'posteo.net': \ Hostname does not match the certificate) gpg: error retrieving '[email protected]' via WKD: Wrong name gpg: error reading key: Wrong name (without -v the "further info" line is not shown). Note that even after years Posteo is not able to provide a valid certificate for their .net addresses. Anyway, this help to show the feature. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Forward http redirect warnings to gpg.Werner Koch2019-11-181-0/+4
| | | | | | | | | | | | | | | | * dirmngr/http.c: Include dirmngr-status.h (http_prepare_redirect): Emit WARNING status lines for redirection problems. * dirmngr/http.h: Include fwddecl.h. (struct http_redir_info_s): Add field ctrl. * dirmngr/ks-engine-hkp.c (send_request): Set it. * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. -- This should make it easier to diagnose problems with bad WKD servers. Signed-off-by: Werner Koch <[email protected]>
* gpg: Forbid the creation of SHA-1 third-party key signatures.Werner Koch2019-11-111-7/+44
| | | | | | | | | | | * g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New. (do_sign): Add arg signhints and inhibit SHA-1 signatures. Change callers to pass 0. (complete_sig): Add arg signhints and pass on. (make_keysig_packet, update_keysig_packet): Set signhints. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix a potential loss of key sigs during import with self-sigs-only.Werner Koch2019-11-071-1/+4
| | | | | | | | | | | * g10/import.c (import_one_real): Don't do the final clean in the merge case. -- This fixes a regression introduced with self-sigs-only. GnuPG-bug-id: 4628 Signed-off-by: Werner Koch <[email protected]>
* gpg: Add option --allow-weak-key-signatures.Werner Koch2019-11-075-1/+31
| | | | | | | | | | | | * g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. Signed-off-by: Werner Koch <[email protected]>
* gpg: Print rfc4880bis note only in verbose mode.Werner Koch2019-11-071-1/+1
| | | | | | * g10/gpg.c (main): Change condition for an info diagnostic. Signed-off-by: Werner Koch <[email protected]>
* doc: Make clear that by default RFC-4880bis features are used.Werner Koch2019-11-071-1/+1
| | | | --
* gpg: Remove an unused variable.Werner Koch2019-11-061-2/+0
| | | | | | * g10/delkey.c (do_delete_key): here. Signed-off-by: Werner Koch <[email protected]>
* gpg: Do not require --batch when using --log-file.Werner Koch2019-11-061-5/+1
| | | | | | * g10/gpg.c (main): Remove a long standing FIXME. Signed-off-by: Werner Koch <[email protected]>
* gpg: More fix of get_best_pubkey_byname.NIIBE Yutaka2019-10-171-1/+0
| | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Remove useless req_usage setting of CTX. Fixes-commit: f2734381ae1431e395a0bed16df2f4d5d13aa2c5 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix two other cases in get_best_pubkey_byname.NIIBE Yutaka2019-10-171-29/+34
| | | | | | | | | * g10/getkey.c (pubkey_cmp): Handle a primary key with PUBKEY_USAGE_ENC, and make sure new key is for encryption. (get_best_pubkey_byname): Add comment for ranking. GnuPG-bug-id: 4713 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix get_best_pubkey_byname to consider the first match.NIIBE Yutaka2019-10-161-19/+39
| | | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Always use PK0 to search by get_pubkey_byname. Add initial call to pubkey_cmp to fill BEST at first before the loop. -- Fixes-commit: 44604209c1cfe18532d13eda63d8c1f86a6e12ec GnuPG-bug-id: 4713 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Also delete key-binding signature when deleting a subkey.Werner Koch2019-10-151-14/+7
| | | | | | | | | * g10/delkey.c (do_delete_key): Simplify and correct subkey deletion. -- GnuPG-bug-id: 4665, 4457 Fixes-commit: cc6069ac6ecd57dcbb808f28d54fd9f89dc55014 Signed-off-by: Werner Koch <[email protected]>
* gpg: Put the first key in candidates correctly.NIIBE Yutaka2019-10-151-19/+18
| | | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): After the call of get_pubkey_byname, set up CTX with KEYDB_SEARCH_MODE_LONG_KID to enter the loop. -- Fixes-commit: 7535f1d47a35e30f736f0e842844555f7a4a9841 GnuPG-bug-id: 4713 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: The first key should be in candidates.NIIBE Yutaka2019-10-091-1/+8
| | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Handle the first key as the initial candidate for the selection. -- GnuPG-bug-id: 4713 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix a memory leak in get_best_pubkey_byname.NIIBE Yutaka2019-10-071-1/+4
| | | | | | * g10/getkey.c (get_best_pubkey_byname): Free the public key parts. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Ignore all SHA-1 signatures in 3rd party key signatures.Werner Koch2019-10-031-6/+2
| | | | | | | | | | | * g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date and remove debug output. -- With 2.2 we do not not support SHA-1 key signatures anymore even if that means that the WoT shrinks. Signed-off-by: Werner Koch <[email protected]>
* gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.Werner Koch2019-10-031-15/+29
| | | | | | | | * g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain SHA-1 based signatures. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Read the UBID from the keybox and detect wrong blob type.Werner Koch2019-10-012-7/+46
| | | | | | | | | | | * g10/keydb-private.h (struct keydb_handle_s): Add fields for UBID. * g10/call-keyboxd.c (search_status_cb): New. (keydb_search): Set new UBID fields. -- The UBID is not yet used but may come handy later. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix --recv-key in case of a given fingerprint.Werner Koch2019-09-301-1/+2
| | | | | | | | | | | * g10/keyserver.c (keyserver_retrieval_screener): Compare against actual length. -- This was a long standing and annoying regression due to changes for v5 keys. Really simple to fix :-). Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 11:11:15 +0000