aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Reformat parts of decrypt-data.cWerner Koch2020-04-151-101/+125
| | | | | | | | | | | | * g10/decrypt-data.c (struct decode_filter_context_s): Rename 'defer' to 'holdback' and 'defer_filled' to 'holdbacklen'. Increase size of holdback to allow for future AEAD decryption. Turn 'partial' and 'eof_seen' into bit fields. (decrypt_data): Replace write_status_text by write_Status_printf. Indent parts of the code. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Use the new MANUFACTURER attribute.Werner Koch2020-04-153-43/+20
| | | | | | | | | | | | | | | | | | | * g10/call-agent.h (struct agent_card_info_s): Add manufacturer fields. * g10/call-agent.c (agent_release_card_info): Release them. (learn_status_cb): Parse MANUFACTURER attribute. * g10/card-util.c (get_manufacturer): Remove. (current_card_status): Use new attribute. -- This does away with the duplicated OpenPGP vendor tables; they are now at a better place (app-openpgp.c). Signed-off-by: Werner Koch <[email protected]> Backported from master: - Removed the gpg-card stuff. Signed-off-by: Werner Koch <[email protected]>
* gpg: ECDH: Accept longer padding.NIIBE Yutaka2020-04-081-4/+1
| | | | | | | | | | | | | | | | | * g10/pubkey-enc.c (get_it): Remove check which mandates shorter padding. -- Cherry-picked master commit of: fd79cadf7ba5ce45dfb5e266975f58bf5c7ce145 According to the section 8 of RFC 6637, the sender MAY use 21 bytes of padding for AES-128 to provide 40-byte "m". Reported-by: Metin Savignano GnuPG-bug-id: 4908 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Print a hint for --batch mode and --delete-secret-key.Werner Koch2020-03-181-0/+6
| | | | | | | | | | | | | * g10/delkey.c: Include shareddefs.h. (delete_keys): Print a hint. -- The option --yes has some side-effects so it is not desirable to use it automatically. The code in master (2.3) has special treatment of confirm messages and thus this patch is only for 2.2. GnuPG-bug-id: 4667 Signed-off-by: Werner Koch <[email protected]>
* gpg: Update --trusted-key to accept fingerprint as well as long key id.Daniel Kahn Gillmor2020-03-181-6/+18
| | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well as long key ID. * doc/gpg.texi: document that --trusted-key can accept a fingerprint. -- GnuPG-bug-id: 4855 Signed-off-by: Daniel Kahn Gillmor <[email protected]> Fixed uses or return and kept the old string to avoid breaking translations. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb) Remove the test for FPRLEN which we do not have in 2.2 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix key expiration and usage for keys created at the Epoch.Werner Koch2020-03-181-12/+16
| | | | | | | | | | | | | | | | * g10/getkey.c (merge_selfsigs_main): Take a zero key creation time in account. -- Keys created at the Epoch have a creation time of 0; when figuring out the latest signature with properties to apply to a key the usual comparison A > B does not work if A is always 0. We now special case this for the expiration and usage data. Co-authored-by: [email protected] GnuPG-bug-id: 4670 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 161a098be6f9d50fb5f7e120baee81e75d6eb5ad)
* gpg: New option --auto-key-importWerner Koch2020-03-143-7/+16
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]> Backported from master. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make use of the included key block in a signature.Werner Koch2020-03-1411-53/+251
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/import.c (read_key_from_file): Rename to ... (read_key_from_file_or_buffer): this and add new parameters. Adjust callers. (import_included_key_block): New. * g10/packet.h (PKT_signature): Add field flags.key_block. * g10/parse-packet.c (parse_signature): Set that flags. * g10/sig-check.c (check_signature2): Add parm forced_pk and change all callers. * g10/mainproc.c (do_check_sig): Ditto. (check_sig_and_print): Try the included key block if no key is available. -- This is is the second part to support the new Key Block subpacket. The idea is that after having received a signed mail, it is instantly possible to reply encrypted - without the need for any centralized infrastructure. There is one case where this does not work: A signed mail is received using a specified signer ID (e.g. using gpg --sender option) and the key block with only that user ID is thus imported. The next time a mail is received using the same key but with a different user ID; the signatures checks out using the key imported the last time. However, the new user id is not imported. Now when trying to reply to that last mail, no key will be found. We need to see whether we can update a key in such a case. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]> Backported from master Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --include-key-block.Werner Koch2020-03-144-10/+133
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New. * g10/gpg.c (oIncludeKeyBlock): New. (opts): New option --include-key-block. (main): Implement. * g10/options.h (opt): New flag include_key_block. * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK. (parse_one_sig_subpkt): Ditto. (can_handle_critical): Ditto. * g10/sign.c (mk_sig_subpkt_key_block): New. (write_signature_packets): Call it for data signatures. -- This patch adds support for a to be proposed OpenPGP ferature: Introduce the Key Block subpacket to align OpenPGP with CMS. This new subpacket may be used similar to the CertificateSet of CMS (RFC-5652) and thus allows to start encrypted communication after having received a signed message. In practice a stripped down version of the key should be including having only the key material and the self-signatures which are really useful and shall be used by the recipient to reply encrypted. #### Key Block (1 octet with value 0, N octets of key data) This subpacket MAY be used to convey key data along with a signature of class 0x00, 0x01, or 0x02. It MUST contain the key used to create the signature; either as the primary key or as a subkey. The key SHOULD contain a primary or subkey capable of encryption and the entire key must be a valid OpenPGP key including at least one User ID packet and the corresponding self-signatures. Implementations MUST ignore this subpacket if the first octet does not have a value of zero or if the key data does not represent a valid transferable public key. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]> Backported from master. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add property "fpr" for use by --export-filter.Werner Koch2020-03-146-2/+67
| | | | | | | | | | | | | | | | * g10/export.c (push_export_filters): New. (pop_export_filters): New. (export_pubkey_buffer): Add args prefix and prefixlen. Adjust callers. * g10/import.c (impex_filter_getval): Add property "fpr". * g10/main.h (struct impex_filter_parm_s): Add field hexfpr. -- The push and pop feature will help us to use the export filter internally in gpg. Same for the export_pubkey_buffer change. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]>
* gpg: Add a new OpenPGP card vendor.Werner Koch2020-03-141-0/+1
| | | | --
* gpg: Add new card vendorWerner Koch2020-03-031-0/+1
| | | | --
* gpg: Fix default-key selection when card is available.NIIBE Yutaka2020-02-191-1/+9
| | | | | | | | | | * g10/getkey.c (get_seckey_default_or_card): Handle the case when card key is not suitable for requested usage. -- GnuPG-bug-id: 4850 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.Werner Koch2020-02-104-9/+3
| | | | | | | | | | | | | | | | | | | | | | * common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only here but now without the Norcroft-C. Change all other places where it gets defined. * common/iobuf.h (iobuf_debug_mode): Declare unconditionally as extern. * common/iobuf.c (iobuf_debug_mode): Define it here. * agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in all main modules of all other programs. * g10/main.h: Put util.h before the local header files. -- This change is required for use with gcc/ld's LTO feature which does not allow common blocks. Further gcc 10 will make -fno-common the default and thus this chnage is always needed. What a pitty. Co-authored-by: Tomáš Mráz GnuPG-bug-id: 4831 Signed-off-by: Werner Koch <[email protected]>
* gpg: Make really sure that --verify-files always returns an error.Werner Koch2020-02-101-5/+13
| | | | | | | | | | | | | | | | | * g10/verify.c (verify_files): Track the first error code. -- It seems to be possible to play tricks with packet structures so that log_error is not used for a bad input data. By actually checking the return code and let the main driver in gpg call log_error, we can fix this case. Note that using gpg --verify-files and relying solely on gpg's return code is at best a questionable strategy. It is for example impossible to tell which data has been signed. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 5681b8eaa44005afdd30211b47e5fb1a799583dd)
* card: Add new OpenPGP card vendor.Werner Koch2020-01-281-0/+1
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* card: Add new OpenPGP card vendorWerner Koch2020-01-211-0/+1
| | | | | | -- Backport from master.
* gpg: default-key: Simply don't limit by capability.NIIBE Yutaka2020-01-161-4/+0
| | | | | | | | | | | | | * g10/getkey.c (parse_def_secret_key): Remove the check. -- Backport from master commit: 1aa2a0a46dc19e108b79dc129a3b0c5576d14671 GnuPG-bug-id: 4810 Fixes-commit: e573e6188dada4d70f6897aa2fda3c3af8c50441 Signed-off-by: NIIBE Yutaka <[email protected]>
* Update wk's signing keyWerner Koch2020-01-011-0/+0
| | | | | | -- The expiration time of that smartcard based key has been prolonged by 2 years.
* gpg: Fix output of --with-secret if a pattern is given.Werner Koch2019-12-231-8/+25
| | | | | | | | | | | | | | * g10/keylist.c (list_one): Probe for a secret key in --with-secret mode. -- In contrast to list_all(), list_one() did not tests for a secret key and took MARK_TRUSTED verbatim as an indication for "secret key available". GnuPG-bug: 4061 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 59d49e4a0ac2ed27803507cb7d2c6af166527bd5)
* po: Make g10/call-dirmngr.c translatable.Werner Koch2019-12-071-2/+3
| | | | | | | | * po/POTFILES.in: Add g10/call-dirmngr.c * g10/call-dirmngr.c (create_context): Change an i18n sting for easier reuse. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Tell gpg about WKD lookups resulting from a cache.Werner Koch2019-12-071-2/+7
| | | | | | | | | | | | | * dirmngr/server.c (proc_wkd_get): Print new NOTE status "wkd_cached_result". * g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein verbose mode. -- This little patch is helpful to see why a WKD change still does not work after it has been updated on the server. Signed-off-by: Werner Koch <[email protected]>
* gpg: Use AKL for angle bracketed mail address with -r.Werner Koch2019-12-041-6/+31
| | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_byname): Extend is_mbox checking. (get_best_pubkey_byname): Ditto. -- With this patch it is now possible to use gpg -e -r '<[email protected]>' and auto key locate will find the key. Without that a plain mail address; i.e. gpg -e -r '[email protected]' was required. GnuPG-bug-id: 4726 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix double free with anonymous recipients.Werner Koch2019-11-292-4/+11
| | | | | | | | | | | | | | | | | * g10/pubkey-enc.c (get_session_key): Do not release SK. -- Bug is in 2.2.18 only. The semantics of the enum_secret_keys function changed in master. When back porting this for 2.2.18 I missed this change and thus we ran into a double free. The patches fixes the regression but is it clumsy. We need to change the enum_secret_keys interface to avoid such a surprising behaviour; this needs to be done in master first. Regression-due-to: 9a317557c58d2bdcc504b70c366b77f4cac71df7 GnuPG-bug-id: 4762 Signed-off-by: Werner Koch <[email protected]>
* dirmngr,gpg: Better diagnostic in case of bad TLS certificates.Werner Koch2019-11-181-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | * doc/DETAILS: Specify new status code "NOTE". * dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a bad TLS certificate. * g10/call-dirmngr.c (ks_status_cb): Detect this status. -- For example a gpg -v --locate-external-keys [email protected] now yields gpg: Note: server uses an invalid certificate gpg: (further info: bad cert for 'posteo.net': \ Hostname does not match the certificate) gpg: error retrieving '[email protected]' via WKD: Wrong name gpg: error reading key: Wrong name (without -v the "further info" line is not shown). Note that even after years Posteo is not able to provide a valid certificate for their .net addresses. Anyway, this help to show the feature. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Forward http redirect warnings to gpg.Werner Koch2019-11-181-0/+6
| | | | | | | | | | | | | | | | * dirmngr/http.c: Include dirmngr-status.h (http_prepare_redirect): Emit WARNING status lines for redirection problems. * dirmngr/http.h: Include fwddecl.h. (struct http_redir_info_s): Add field ctrl. * dirmngr/ks-engine-hkp.c (send_request): Set it. * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. -- This should make it easier to diagnose problems with bad WKD servers. Signed-off-by: Werner Koch <[email protected]>
* gpg: Forbid the creation of SHA-1 third-party key signatures.Werner Koch2019-11-111-7/+45
| | | | | | | | | | | | * g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New. (do_sign): Add arg signhints and inhibit SHA-1 signatures. Change callers to pass 0. (complete_sig): Add arg signhints and pass on. (make_keysig_packet, update_keysig_packet): Set signhints. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit dd18be979e138dd3712315ee390463e8ee1fe8c1)
* gpg: Add option --allow-weak-key-signatures.Werner Koch2019-11-115-1/+31
| | | | | | | | | | | | | | * g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e624c41dbafd33af82c1153188d14de72fcc7cd8)
* gpg: Fix a potential loss of key sigs during import with self-sigs-only.Werner Koch2019-11-071-1/+4
| | | | | | | | | | | | * g10/import.c (import_one_real): Don't do the final clean in the merge case. -- This fixes a regression introduced with self-sigs-only. GnuPG-bug-id: 4628 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 6701a38f8e4a35ba715ad37743b8505bfd089541)
* gpg: Also delete key-binding signature when deleting a subkey.Werner Koch2019-10-151-16/+7
| | | | | | | | | * g10/delkey.c (do_delete_key): Simplify and correct subkey deletion. -- GnuPG-bug-id: 4665, 4457 Fixes-commit: d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a Signed-off-by: Werner Koch <[email protected]>
* Revert "gpg: The first key should be in candidates."NIIBE Yutaka2019-10-151-8/+1
| | | | | | This reverts commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Extend --quick-gen-key for creating keys from a card.Werner Koch2019-10-151-60/+271
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and support the special algo "card". (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP. Handle the "card" algo. Adjust callers. (parse_algo_usage_expire): Add arg R_KEYGRIP. (quickgen_set_para): Add arg KEYGRIP and put it into the parameter list. (quick_generate_keypair): Handle algo "card". (generate_keypair): Also handle the keygrips as returned by parse_key_parameter_string. (ask_algo): Support ed25519 from a card. -- Note that this allows to create a new OpenPGP key from an initialized OpenPGP card or from any other supported cards. It has been tested with the TCOS Netkey card. Right now a stub file for the cards might be needed; this can be achieved by running "gpgsm --learn" with the card plugged in. Example: gpg --quick-gen-key [email protected] card Signed-off-by: Werner Koch <[email protected]> Backported from master d3f5d8544fdb43082ff34b106122bbf0619a0ead which required to remove the extra key version args. GnuPG-bug-id: 4681 Signed-off-by: Werner Koch <[email protected]>
* gpg: The first key should be in candidates.NIIBE Yutaka2019-10-151-1/+8
| | | | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Handle the first key as the initial candidate for the selection. -- Cherry-picked from master commit: 7535f1d47a35e30f736f0e842844555f7a4a9841 GnuPG-bug-id: 4713 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix a memory leak in get_best_pubkey_byname.NIIBE Yutaka2019-10-151-1/+4
| | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Free the public key parts. -- Cherry-picked from master commit: e28572116fe4c586ba9d1e8f27389bf3f06e036b Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.Werner Koch2019-10-031-15/+27
| | | | | | | | | | | | * g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain SHA-1 based signatures. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4) Adjusted for changed added arguments in a function.
* gpg: Make --quiet work on --send-keys.Werner Koch2019-09-061-3/+4
| | | | | | | | * g10/keyserver.c (keyserver_put): Act upon --quiet. -- Suggested-by: Robin H. Johnson <[email protected]> Signed-off-by: Werner Koch <[email protected]>
* gpg: Implement keybox compression runWerner Koch2019-08-231-5/+18
| | | | | | | | | | | | | | * kbx/keybox-init.c (keybox_lock): Add arg TIMEOUT and change all callers to pass -1. * g10/keydb.c (keydb_add_resource): Call keybox_compress. -- Note that here in the 2.2 branch the way we call the locking in gpgsm is different from the one in gpg. So we could not cherry-pick from master. GnuPG-bug-id: 4644 Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow --locate-external-key even with --no-auto-key-locate.Werner Koch2019-08-233-1/+35
| | | | | | | | | | | | | | | | * g10/getkey.c (akl_empty_or_only_local): New. * g10/gpg.c (DEFAULT_AKL_LIST): New. (main): Use it here. (main) <aLocateExtKeys>: Set default AKL if none is set. -- This better matches the expectations of the user. The used list in this case is the default list ("local,wkd") with local ignored by the command anyway. GnuPG-bug-id: 4662 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d058d80ed0d5edeff6d85108054b1dfd45ddad7d)
* gpg: Silence some warning messages during -Kv.Werner Koch2019-08-233-10/+19
| | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (glo_ctrl): Add flag silence_parse_warnings. * g10/keylist.c (list_all): Set that during secret key listsings. * g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do not print info message normally emitted inh verbose mode. (can_handle_critical_notation, enum_sig_subpkt): Ditto. (parse_signature, parse_key, parse_attribute_subpkts): Ditto. -- Those messages are annoying because they might be emitted due to parsing public keys which are latter not shows because the secret part is missing. No functional regressions are expected because --verbose should not change anything. Note that this suppression is only done if no arguments are given to the command; that is if a listing of the entire keyring is requested. Thus to see the earnings anyway, a listing of a single or group of keys can be requested. GnuPG-bug-id: 4627 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d7aca1bef68589134b36395901b92496a7a37392)
* gpg: Do not show an informational diagnostics with quiet.Werner Koch2019-08-231-1/+3
| | | | | | | | | | | * g10/trustdb.c (verify_own_keys): Silence informational diagnostic. -- This silences this notes with --quiet gpg: key EE65E8C75D41FD1D marked as ultimately trusted GnuPG-bug-id: 4634 Signed-off-by: Werner Koch <[email protected]>
* gpg: Use modern spelling for the female salutation.Werner Koch2019-08-221-2/+2
| | | | | | | -- GnuPG-bug-id: 4682 Signed-off-by: Werner Koch <[email protected]>
* sm: Show the usage flags when generating a key from a card.Werner Koch2019-08-211-2/+18
| | | | | | | | | | * g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage flags. * sm/call-agent.c (scd_keypairinfo_status_cb): Ditto. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7)
* gpg: Allow decryption using non-OpenPGP cards.Werner Koch2019-08-215-174/+400
| | | | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (struct getattr_one_parm_s): New. (getattr_one_status_cb): New. (agent_scd_getattr_one): New. * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from pkcs#1. * g10/getkey.c (enum_secret_keys): Move to... * g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4) This commit also incorporates "g10: Move enum_secret_keys to skclist.c." Which was started with commit 03a8de7def4195b9accde47c1dcb84279361936d on master about a year ago. Signed-off-by: Werner Koch <[email protected]> GnuPG-bug-id: 4681
* scd: New standard attributes $ENCRKEYID and $SIGNKEYID.Werner Koch2019-08-211-1/+1
| | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo. * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto. * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and "$SIGNKEYID". * scd/app-nks.c (do_getattr): Add attributes too. -- We already have $AUTHKEYID to locate the keyref of the key to be used with ssh. It will also be useful to have default keyref for encryption and signing. For example, this will allow us to replace the use of "OPENPGP.2" by a app type specific keyref. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 2b1135cf920cf3d863813d60f032d476dcccfb58) Removed changes for the non-existing app-piv.c. Added support for NKS.
* gpg: Allow direct key generation from card with --full-gen-key.Werner Koch2019-08-213-20/+204
| | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_readkey): New. * g10/keygen.c (ask_key_flags): Factor code out to .. (ask_key_flags_with_mask): new. (ask_algo): New mode 14. -- Note that this new menu 14 is always displayed. The usage flags can be changed only in --expert mode, though. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit a480182f9d7ec316648cb64248f7a0cc8f681bc3) Removed stuff from gpg-card which does not exists in 2.2. No tests yet done for this backport.
* gpg: New option --use-only-openpgp-cardWerner Koch2019-08-213-1/+15
| | | | | | | | | | | | | | * g10/gpg.c (opts): Add option. (main): Set flag. * g10/options.h: Add flags.use_only_openpgp_card. * g10/call-agent.c (start_agent): Implement option. -- With the previous patch we switch to autoselect an application instead of requesting an openpgp card. This option allows to revert this in case of use use cases which expected the former behaviour. Signed-off-by: Werner Koch <[email protected]>
* gpg: Prepare card code to allow other than OpenPGP cards.Werner Koch2019-08-212-16/+30
| | | | | | | | | * g10/call-agent.c (start_agent): Use card app auto selection. * g10/card-util.c (current_card_status): Print the Application type. (card_status): Put empty line between card listings. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e47524c34a2a9f53c2507f67a0b41b460cee78b7)
* gpg: New card function agent_scd_keypairinfo.Werner Koch2019-08-212-3/+82
| | | | | | | | * g10/call-agent.c (scd_keypairinfo_status_cb) (agent_scd_keypairinfo): New. Taken from gpgsm. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6)
* gpg: Remove two unused card related functions.Werner Koch2019-08-213-98/+76
| | | | | | | | * g10/call-agent.c (inq_writekey_parms): Remove. (agent_scd_writekey): Remove. (agent_clear_pin_cache): Remove this stub. (cherry picked from commit 334b16b868e771b983263ed20c200869e7e51198)
* gpg: Repurpose the ISO defined DO "sex" to "salutation".Werner Koch2019-08-211-6/+7
| | | | | | | | | | | | | * g10/card-util.c (current_card_status): String changes. (change_sex): Description change. (cmds): Add "salutation"; keep "sex" as an alias. -- Note that we can't change the used values or tags but at least the UI should show reflect the real purpose of the field. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 166f3f9ec40888e10cb0c51017944bfc57503fc1)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 20:32:13 +0000