aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Use AKL for angle bracketed mail address with -r.Werner Koch2019-12-041-6/+31
| | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_byname): Extend is_mbox checking. (get_best_pubkey_byname): Ditto. -- With this patch it is now possible to use gpg -e -r '<[email protected]>' and auto key locate will find the key. Without that a plain mail address; i.e. gpg -e -r '[email protected]' was required. GnuPG-bug-id: 4726 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix double free with anonymous recipients.Werner Koch2019-11-292-4/+11
| | | | | | | | | | | | | | | | | * g10/pubkey-enc.c (get_session_key): Do not release SK. -- Bug is in 2.2.18 only. The semantics of the enum_secret_keys function changed in master. When back porting this for 2.2.18 I missed this change and thus we ran into a double free. The patches fixes the regression but is it clumsy. We need to change the enum_secret_keys interface to avoid such a surprising behaviour; this needs to be done in master first. Regression-due-to: 9a317557c58d2bdcc504b70c366b77f4cac71df7 GnuPG-bug-id: 4762 Signed-off-by: Werner Koch <[email protected]>
* dirmngr,gpg: Better diagnostic in case of bad TLS certificates.Werner Koch2019-11-181-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | * doc/DETAILS: Specify new status code "NOTE". * dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a bad TLS certificate. * g10/call-dirmngr.c (ks_status_cb): Detect this status. -- For example a gpg -v --locate-external-keys [email protected] now yields gpg: Note: server uses an invalid certificate gpg: (further info: bad cert for 'posteo.net': \ Hostname does not match the certificate) gpg: error retrieving '[email protected]' via WKD: Wrong name gpg: error reading key: Wrong name (without -v the "further info" line is not shown). Note that even after years Posteo is not able to provide a valid certificate for their .net addresses. Anyway, this help to show the feature. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Forward http redirect warnings to gpg.Werner Koch2019-11-181-0/+6
| | | | | | | | | | | | | | | | * dirmngr/http.c: Include dirmngr-status.h (http_prepare_redirect): Emit WARNING status lines for redirection problems. * dirmngr/http.h: Include fwddecl.h. (struct http_redir_info_s): Add field ctrl. * dirmngr/ks-engine-hkp.c (send_request): Set it. * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. -- This should make it easier to diagnose problems with bad WKD servers. Signed-off-by: Werner Koch <[email protected]>
* gpg: Forbid the creation of SHA-1 third-party key signatures.Werner Koch2019-11-111-7/+45
| | | | | | | | | | | | * g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New. (do_sign): Add arg signhints and inhibit SHA-1 signatures. Change callers to pass 0. (complete_sig): Add arg signhints and pass on. (make_keysig_packet, update_keysig_packet): Set signhints. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit dd18be979e138dd3712315ee390463e8ee1fe8c1)
* gpg: Add option --allow-weak-key-signatures.Werner Koch2019-11-115-1/+31
| | | | | | | | | | | | | | * g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e624c41dbafd33af82c1153188d14de72fcc7cd8)
* gpg: Fix a potential loss of key sigs during import with self-sigs-only.Werner Koch2019-11-071-1/+4
| | | | | | | | | | | | * g10/import.c (import_one_real): Don't do the final clean in the merge case. -- This fixes a regression introduced with self-sigs-only. GnuPG-bug-id: 4628 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 6701a38f8e4a35ba715ad37743b8505bfd089541)
* gpg: Also delete key-binding signature when deleting a subkey.Werner Koch2019-10-151-16/+7
| | | | | | | | | * g10/delkey.c (do_delete_key): Simplify and correct subkey deletion. -- GnuPG-bug-id: 4665, 4457 Fixes-commit: d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a Signed-off-by: Werner Koch <[email protected]>
* Revert "gpg: The first key should be in candidates."NIIBE Yutaka2019-10-151-8/+1
| | | | | | This reverts commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Extend --quick-gen-key for creating keys from a card.Werner Koch2019-10-151-60/+271
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and support the special algo "card". (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP. Handle the "card" algo. Adjust callers. (parse_algo_usage_expire): Add arg R_KEYGRIP. (quickgen_set_para): Add arg KEYGRIP and put it into the parameter list. (quick_generate_keypair): Handle algo "card". (generate_keypair): Also handle the keygrips as returned by parse_key_parameter_string. (ask_algo): Support ed25519 from a card. -- Note that this allows to create a new OpenPGP key from an initialized OpenPGP card or from any other supported cards. It has been tested with the TCOS Netkey card. Right now a stub file for the cards might be needed; this can be achieved by running "gpgsm --learn" with the card plugged in. Example: gpg --quick-gen-key [email protected] card Signed-off-by: Werner Koch <[email protected]> Backported from master d3f5d8544fdb43082ff34b106122bbf0619a0ead which required to remove the extra key version args. GnuPG-bug-id: 4681 Signed-off-by: Werner Koch <[email protected]>
* gpg: The first key should be in candidates.NIIBE Yutaka2019-10-151-1/+8
| | | | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Handle the first key as the initial candidate for the selection. -- Cherry-picked from master commit: 7535f1d47a35e30f736f0e842844555f7a4a9841 GnuPG-bug-id: 4713 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix a memory leak in get_best_pubkey_byname.NIIBE Yutaka2019-10-151-1/+4
| | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Free the public key parts. -- Cherry-picked from master commit: e28572116fe4c586ba9d1e8f27389bf3f06e036b Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.Werner Koch2019-10-031-15/+27
| | | | | | | | | | | | * g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain SHA-1 based signatures. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4) Adjusted for changed added arguments in a function.
* gpg: Make --quiet work on --send-keys.Werner Koch2019-09-061-3/+4
| | | | | | | | * g10/keyserver.c (keyserver_put): Act upon --quiet. -- Suggested-by: Robin H. Johnson <[email protected]> Signed-off-by: Werner Koch <[email protected]>
* gpg: Implement keybox compression runWerner Koch2019-08-231-5/+18
| | | | | | | | | | | | | | * kbx/keybox-init.c (keybox_lock): Add arg TIMEOUT and change all callers to pass -1. * g10/keydb.c (keydb_add_resource): Call keybox_compress. -- Note that here in the 2.2 branch the way we call the locking in gpgsm is different from the one in gpg. So we could not cherry-pick from master. GnuPG-bug-id: 4644 Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow --locate-external-key even with --no-auto-key-locate.Werner Koch2019-08-233-1/+35
| | | | | | | | | | | | | | | | * g10/getkey.c (akl_empty_or_only_local): New. * g10/gpg.c (DEFAULT_AKL_LIST): New. (main): Use it here. (main) <aLocateExtKeys>: Set default AKL if none is set. -- This better matches the expectations of the user. The used list in this case is the default list ("local,wkd") with local ignored by the command anyway. GnuPG-bug-id: 4662 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d058d80ed0d5edeff6d85108054b1dfd45ddad7d)
* gpg: Silence some warning messages during -Kv.Werner Koch2019-08-233-10/+19
| | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (glo_ctrl): Add flag silence_parse_warnings. * g10/keylist.c (list_all): Set that during secret key listsings. * g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do not print info message normally emitted inh verbose mode. (can_handle_critical_notation, enum_sig_subpkt): Ditto. (parse_signature, parse_key, parse_attribute_subpkts): Ditto. -- Those messages are annoying because they might be emitted due to parsing public keys which are latter not shows because the secret part is missing. No functional regressions are expected because --verbose should not change anything. Note that this suppression is only done if no arguments are given to the command; that is if a listing of the entire keyring is requested. Thus to see the earnings anyway, a listing of a single or group of keys can be requested. GnuPG-bug-id: 4627 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d7aca1bef68589134b36395901b92496a7a37392)
* gpg: Do not show an informational diagnostics with quiet.Werner Koch2019-08-231-1/+3
| | | | | | | | | | | * g10/trustdb.c (verify_own_keys): Silence informational diagnostic. -- This silences this notes with --quiet gpg: key EE65E8C75D41FD1D marked as ultimately trusted GnuPG-bug-id: 4634 Signed-off-by: Werner Koch <[email protected]>
* gpg: Use modern spelling for the female salutation.Werner Koch2019-08-221-2/+2
| | | | | | | -- GnuPG-bug-id: 4682 Signed-off-by: Werner Koch <[email protected]>
* sm: Show the usage flags when generating a key from a card.Werner Koch2019-08-211-2/+18
| | | | | | | | | | * g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage flags. * sm/call-agent.c (scd_keypairinfo_status_cb): Ditto. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7)
* gpg: Allow decryption using non-OpenPGP cards.Werner Koch2019-08-215-174/+400
| | | | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (struct getattr_one_parm_s): New. (getattr_one_status_cb): New. (agent_scd_getattr_one): New. * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from pkcs#1. * g10/getkey.c (enum_secret_keys): Move to... * g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4) This commit also incorporates "g10: Move enum_secret_keys to skclist.c." Which was started with commit 03a8de7def4195b9accde47c1dcb84279361936d on master about a year ago. Signed-off-by: Werner Koch <[email protected]> GnuPG-bug-id: 4681
* scd: New standard attributes $ENCRKEYID and $SIGNKEYID.Werner Koch2019-08-211-1/+1
| | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo. * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto. * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and "$SIGNKEYID". * scd/app-nks.c (do_getattr): Add attributes too. -- We already have $AUTHKEYID to locate the keyref of the key to be used with ssh. It will also be useful to have default keyref for encryption and signing. For example, this will allow us to replace the use of "OPENPGP.2" by a app type specific keyref. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 2b1135cf920cf3d863813d60f032d476dcccfb58) Removed changes for the non-existing app-piv.c. Added support for NKS.
* gpg: Allow direct key generation from card with --full-gen-key.Werner Koch2019-08-213-20/+204
| | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_readkey): New. * g10/keygen.c (ask_key_flags): Factor code out to .. (ask_key_flags_with_mask): new. (ask_algo): New mode 14. -- Note that this new menu 14 is always displayed. The usage flags can be changed only in --expert mode, though. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit a480182f9d7ec316648cb64248f7a0cc8f681bc3) Removed stuff from gpg-card which does not exists in 2.2. No tests yet done for this backport.
* gpg: New option --use-only-openpgp-cardWerner Koch2019-08-213-1/+15
| | | | | | | | | | | | | | * g10/gpg.c (opts): Add option. (main): Set flag. * g10/options.h: Add flags.use_only_openpgp_card. * g10/call-agent.c (start_agent): Implement option. -- With the previous patch we switch to autoselect an application instead of requesting an openpgp card. This option allows to revert this in case of use use cases which expected the former behaviour. Signed-off-by: Werner Koch <[email protected]>
* gpg: Prepare card code to allow other than OpenPGP cards.Werner Koch2019-08-212-16/+30
| | | | | | | | | * g10/call-agent.c (start_agent): Use card app auto selection. * g10/card-util.c (current_card_status): Print the Application type. (card_status): Put empty line between card listings. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e47524c34a2a9f53c2507f67a0b41b460cee78b7)
* gpg: New card function agent_scd_keypairinfo.Werner Koch2019-08-212-3/+82
| | | | | | | | * g10/call-agent.c (scd_keypairinfo_status_cb) (agent_scd_keypairinfo): New. Taken from gpgsm. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6)
* gpg: Remove two unused card related functions.Werner Koch2019-08-213-98/+76
| | | | | | | | * g10/call-agent.c (inq_writekey_parms): Remove. (agent_scd_writekey): Remove. (agent_clear_pin_cache): Remove this stub. (cherry picked from commit 334b16b868e771b983263ed20c200869e7e51198)
* gpg: Repurpose the ISO defined DO "sex" to "salutation".Werner Koch2019-08-211-6/+7
| | | | | | | | | | | | | * g10/card-util.c (current_card_status): String changes. (change_sex): Description change. (cmds): Add "salutation"; keep "sex" as an alias. -- Note that we can't change the used values or tags but at least the UI should show reflect the real purpose of the field. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 166f3f9ec40888e10cb0c51017944bfc57503fc1)
* gpg: Remove unused arg in a card related function.Werner Koch2019-08-214-33/+34
| | | | | | | * g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e)
* gpg,gpgsm: Handle pkdecrypt responses with/without NUL terminators.Daniel Kahn Gillmor2019-08-121-5/+8
| | | | | | | | | | | | | | | * g10/call-agent.c (agent_pkdecrypt): accept but do not require NUL-terminated data from the agent. * sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require NUL-terminated data from the agent. -- Cherry-pick master commit of: 3ba091ab8c93c87741a451f579d63dd500d7621d GnuPG-bug-id: 4652 Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* card: Fix showing KDF object attribute.NIIBE Yutaka2019-08-123-5/+30
| | | | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse the KDF DO. * g10/card-util.c (current_card_status): Show it correctly. -- Backport master commit of: 98f4eff7ffde106ae4f60739d1104282430ac14f Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: The option --passphrase= can be empty.NIIBE Yutaka2019-07-221-2/+2
| | | | | | | | | | | | | | * g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow empty string. -- Cherri-picked from master commit of: fcd766719a6e8f18f4be4c0f91e12aa157ca5506 GnuPG-bug-id: 4633 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Improve import slowness.NIIBE Yutaka2019-07-151-5/+13
| | | | | | | | | | | | * g10/import.c (read_block): Avoid O(N^2) append. (sec_to_pub_keyblock): Likewise. -- Cherry-picking the master commit of: 33c17a8008c3ba3bb740069f9f97c7467f156b54 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix keyring retrieval.NIIBE Yutaka2019-07-151-3/+6
| | | | | | | | | | | | * g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append. -- Cherry-picking the master commit of: a7a043e82555a9da984c6fb01bfec4990d904690 GnuPG-bug-id: 4592 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Do not try the import fallback if the options are already used.Werner Koch2019-07-091-1/+3
| | | | | | * g10/import.c (import_one): Check options. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix regression in option "self-sigs-only".Werner Koch2019-07-091-1/+11
| | | | | | | | | | * g10/import.c (read_block): Make sure KEYID is availabale also on a pending packet. -- Reported-by: Phil Pennock Fixes-commit: adb120e663fc5e78f714976c6e42ae233c1990b0 Signed-off-by: Werner Koch <[email protected]>
* gpg: With --auto-key-retrieve prefer WKD over keyservers.Werner Koch2019-07-052-51/+64
| | | | | | | | | | | | | | | * g10/mainproc.c (check_sig_and_print): Print a hint on how to make use of the preferred keyserver. Remove keyserver lookup just by the keyid. Try a WKD lookup before a keyserver lookup. -- The use of the the keyid for lookups does not make much sense anymore since for quite some time we do have the fingerprint as part of the signature. GnuPG-bug-id: 4595 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9)
* gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.Werner Koch2019-07-041-1/+3
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): Change default. -- Due to the DoS attack on the keyeservers we do not anymore default to import key signatures. That makes the keyserver unsuable for getting keys for the WoT but it still allows to retriev keys - even if that takes long to download the large keyblocks. To revert to the old behavior add keyserver-optiions no-self-sigs-only,no-import-clean to gpg.conf. GnuPG-bug-id: 4607 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 23c978640812d123eaffd4108744bdfcf48f7c93)
* gpg: Avoid printing false AKL error message.Werner Koch2019-07-041-4/+4
| | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_byname): Add special traeatment for default and skipped-local. -- This change avoids error message like gpg: error retrieving '[email protected]' via None: No public key A 'None' mechanism is something internal. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 91a6ba32347a21c9029728eec96b8ff80f944629)
* gpg: New command --locate-external-key.Werner Koch2019-07-046-28/+54
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d00c8024e58822e0623b3fad99248ce68a8b7725)
* gpg: Make the get_pubkey_byname interface easier to understand.Werner Koch2019-07-046-32/+57
| | | | | | | | | | | | * g10/keydb.h (enum get_pubkey_modes): New. * g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and change all callers. -- This change prepares the implementation of GET_PUBKEY_NO_LOCAL. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9980f81da765f88a65604ab083563bf15ccdb425)
* gpg: Fallback to import with self-sigs-only on too large keyblocks.Werner Koch2019-07-021-22/+102
| | | | | | | | | | | | * g10/import.c (import_one): Rename to ... (import_one_real): this. Do not print and update stats on keyring write errors. (import_one): New. Add fallback code. -- GnuPG-bug-id: 4591 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3a403ab04eeb45f12b34f9d9c421dac93eaf2160)
* gpg: New import and keyserver option "self-sigs-only"Werner Koch2019-07-012-2/+39
| | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_SELF_SIGS_ONLY): New. * g10/import.c (parse_import_options): Add option "self-sigs-only". (read_block): Handle that option. -- This option is intended to help against importing keys with many bogus key-signatures. It has obvious drawbacks and is not a bullet-proof solution because a self-signature can also be faked and would be detected only later. GnuPG-bug-id: 4591 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0)
* gpg: Make read_block in import.c more flexible.Werner Koch2019-07-011-12/+11
| | | | | | | | | * g10/import.c: Change arg 'with_meta' to 'options'. Change callers. -- This chnage allows to pass more options to read_block. Signed-off-by: Werner Koch <[email protected]>
* spelling: Fix "synchronize"Daniel Kahn Gillmor2019-06-241-1/+1
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Fixed i18n markup of some strings.Werner Koch2019-05-271-20/+12
| | | | | | | | | | | | | | | | * g10/tofu.c: Removed some translation markups which either make no sense or are not possble. -- Error message which are not helpful for the user but indicate a problem of the installation or the code do not need a translation. The translator may not understand them correctly and the use support can't immediately locate the problem because it needs to be reverse translated. There is also one case where certain grammar constructs are assumed (concatenating parts of a sentence at runtime). Better do not translate that than getting weird sentences.
* gpg: Allow deletion of subkeys with --delete-[secret-]key.Werner Koch2019-05-273-8/+101
| | | | | | | | | | * common/userids.c (classify_user_id): Do not set the EXACT flag in the default case. * g10/export.c (exact_subkey_match_p): Make static, * g10/delkey.c (do_delete_key): Implement subkey only deleting. -- GnuPG-bug-id: 4457
* gpg: Do not bail on an invalid packet in the local keyring.Werner Koch2019-05-211-4/+11
| | | | | | | | | | | | | | * g10/keydb.c (parse_keyblock_image): Treat invalid packet special. -- This is in particular useful to run --list-keys on a keyring with corrupted packets. The extra flush is to keep the diagnostic close to the regular --list-key output. Signed-off-by: Werner Koch <[email protected]> This is a backport from master with support for the unsupported v5 key handling.
* gpg: Do not allow creation of user ids larger than our parser allows.Werner Koch2019-05-214-22/+32
| | | | | | | | | | | | | | | | | | * g10/parse-packet.c: Move max packet lengths constants to ... * g10/packet.h: ... here. * g10/build-packet.c (do_user_id): Return an error if too data is too large. * g10/keygen.c (write_uid): Return an error for too large data. -- This can lead to keyring corruption becuase we expect that our parser is abale to parse packts created by us. Test case is gpg --batch --passphrase 'abc' -v \ --quick-gen-key $(yes 'a'| head -4000|tr -d '\n') GnuPG-bug-id: 4532 Signed-off-by: Werner Koch <[email protected]>
* gpg: Do not delete any keys if --dry-run is passed.Werner Koch2019-05-201-3/+3
| | | | | | | | | * g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs. Do not clear the ownertrust. Do not let the agent delete the key. -- Co-authored-by: Matheus Afonso Martins Moreira Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 20:22:50 +0000