aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Add a communication object to the key generation code.Werner Koch2024-01-221-22/+72
| | | | | | | | | | | * g10/keygen.c (struct common_gen_cb_parm_s): New. (common_gen): Add args common_gen_cb and common_gen_cb_parm. Adjust all callers. (do_generate_keypair): Clarify the code by using a better var name. -- We may eventually also replace the long arg list with that object. The immediate reason for this change is the followup commit.
* gpg: For v5 key generation for X448 also in parm file mode.Werner Koch2024-01-161-56/+114
| | | | | | | | | | | | | | | * g10/keygen.c (curve_is_448): New. (do_create_from_keygrip): Pass arg keygen_flags byref so that it can be updated. Set v5 flag for X448. (gen_ecc): Ditto. (do_create): Change keygen_flags as above. For robustness change checking for Ed448. (do_generate_keypair): Change keygen_flags as above (generate_subkeypair): Ditto. (gen_card_key): Ditto. Support v5 keys. -- GnuPG-bug-id: 6942
* gpg: When using a parm file w/o usage don't set the RENC usage.Werner Koch2024-01-161-2/+3
| | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (proc_parameter_file): Don't include RENC in the default usage. -- Testplan: $ gpg --gen-key --batch <<EOF Key-Type: EDDSA Key-Curve: ed448 Key-Usage: cert Name-Real: Meh Muh Name-Email: [email protected] Expire-Date: 2025-01-01 Passphrase: abc subkey-type: ecdh Subkey-curve: cv448 EOF and check that the R flag does not show up in the usage.
* gpg: Improve error message for expired default keys.Werner Koch2024-01-111-4/+22
| | | | | | | * g10/getkey.c (parse_def_secret_key): Track reason for skipping keys. -- GnuPG-bug-id: 4704
* gpg: Fix regression in the Revoker keyword of the parmeter file.Werner Koch2024-01-111-1/+1
| | | | | | | | | | * g10/keygen.c (parse_revocation_key): Actually allow for v4 fingerprints. -- Note that the use of the parameter file is deprecated. GnuPG-bug-id: 6923
* gpg: Allow to create revocations even with non-compliant algos.Werner Koch2024-01-101-5/+7
| | | | | | | | | | * g10/sign.c (do_sign): Skip compliance check for revocation certs. -- It just does not make sense to inhibit the creation of revocations depending on the compliance mode. We do this only for key revocation but not for another kind of revocation because the rationale for uid or subkey revocation is more complicated to explain.
* gpg: Print a useful error id SKI algo 253 is found.Werner Koch2024-01-091-1/+10
| | | | | | | | * g10/parse-packet.c (parse_key): Detect the SKI algo 253. -- As long as we have not yet implemented this we should at least be able to detect this case.
* gpg: Improve error return for --quick-add-subkey and -add-adsk.Werner Koch2024-01-051-2/+8
| | | | | | | | * g10/keyedit.c (keyedit_quick_addkey): Emit a ERROR status line. (keyedit_quick_addadsk): Ditto. -- GnuPG-bug-id: 6880
* gpg: Choose key from inserted card over a non-inserted cardWerner Koch2024-01-022-3/+17
| | | | | | | | | * g10/call-agent.c (agent_probe_secret_key): Do not return an error but 0. * g10/getkey.c (finish_lookup): Improve the selection of secret keys. -- GnuPG-bug-id: 6831
* gpg: Don't call keybox_compress when KEYDB_RESOURCE_FLAG_READONLY.NIIBE Yutaka2023-12-291-12/+14
| | | | | | | | | | * g10/keydb.c (keydb_add_resource): Check the FLAGS to call keybox_compress. -- GnuPG-bug-id: 6811 Signed-off-by: NIIBE Yutaka <[email protected]>
* keyboxd: Pass lock info back to gpg and gpgsm.Werner Koch2023-12-181-3/+23
| | | | | | | | | | | | | | | * g10/call-keyboxd.c (keydb_default_status_cb): New. (keydb_update_keyblock): Add new status callback. (keydb_insert_keyblock): Ditto. (keydb_delete_keyblock): Ditto. (search_status_cb): Also try the new status callback. * sm/keydb.c (keydb_default_status_cb): New. (keydb_insert_cert): Add new status callback. (keydb_delete): Ditto (search_status_cb): Also try the new status callback. -- GnuPG-bug-id: 6838
* gpg: Report BEGIN_* status before examining the input.NIIBE Yutaka2023-11-164-81/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/miscellaneous.c (is_openpgp_compressed_packet) (is_file_compressed): Moved to ... * common/iobuf.c: ... in this file. (is_file_compressed): Change the argument to INP, the iobuf. * common/util.h (is_file_compressed): Remove. * common/iobuf.h (is_file_compressed): Add. * g10/cipher-aead.c (write_header): Don't call write_status_printf here. (cipher_filter_aead): Call write_status_printf when called with IOBUFCTRL_INIT. * g10/cipher-cfb.c (write_header): Don't call write_status_printf here. (cipher_filter_cfb): Call write_status_printf when called with IOBUFCTRL_INIT. * g10/encrypt.c (encrypt_simple): Use new is_file_compressed function, after call of iobuf_push_filter. (encrypt_crypt): Likewise. * g10/sign.c (sign_file): Likewise. -- Cherry-pick from master commit of: 2f872fa68c6576724b9dabee9fb0844266f55d0d GnuPG-bug-id: 6481 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,gpgsm: Hide password in debug output also for asked passwords.Werner Koch2023-11-141-1/+5
| | | | | | | | | | | | | * g10/call-agent.c (agent_get_passphrase): Call assuan_begin_confidential and assuan_end_confidential. * sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto. -- GnuPG-bug-id: 6654 The drawback of this solution is that we don't see any IPC lines from the assuan_transact. Everything else would require larger changes to libassuan.
* gpg,sm: Set confidential in assuan communication for password.NIIBE Yutaka2023-11-091-0/+2
| | | | | | | | | | | | | | * g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential and assuan_end_confidential. * sm/call-agent.c (default_inq_cb): Likewise. -- Cherry pick from master commit of: ec1446f9446506b5fbdf90cdeb9cbe1f410a657e GnuPG-bug-id: 6654 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Declare two LibrePGP constants for future useWerner Koch2023-11-081-1/+1
| | | | | * common/openpgpdefs.h (SIGSUBPKT_META_HASH): New. (SIGSUBPKT_TRUST_ALIAS): New.
* gpg,tools: Handle GPG_ERR_PIN_BLOCKED and GPG_ERR_NO_RESET_CODE.NIIBE Yutaka2023-11-081-0/+6
| | | | | | | | | | | | | * g10/card-util.c (write_sc_op_status): Emit 3 and 4 in status line. * tools/card-call-scd.c (status_sc_op_failure): Likewise. -- Cherry-pick from master commit of: 64f5f7b74e428b15205f6e8ae14dec84663c3076 GnuPG-bug-id: 6425 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix minor memory leak during certain smartcard operations.Werner Koch2023-10-271-2/+11
| | | | * g10/keygen.c (card_store_key_with_backup): Fix memory leak on error.
* gpg: Allow expiration time after 2038-01-19 on 32 bit Windows.Werner Koch2023-10-261-5/+16
| | | | | | | | * g10/keygen.c (parse_expire_string_with_ct): Use isotime2epoch_u64. (parse_creation_string): Ditto. -- GnuPG-bug-id: 6736
* gpg: Allow to specify seconds since Epoch beyond 2038.Werner Koch2023-10-141-3/+10
| | | | | | | | | | | * g10/keygen.c (parse_expire_string_with_ct): Use new function scan_secondsstr. (parse_creation_string): Ditto. -- Noet that we cap the seconds at the year 2106. GnuPG-bug-id: 6736
* scd:openpgp: Return better error codes for the Reset Code.Werner Koch2023-10-062-0/+2
| | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where appropriate. * common/util.h: Add error codes missing in gpgrt 1.46. * agent/call-pinentry.c (unlock_pinentry): Handle GPG_ERR_BAD_RESET_CODE. (agent_askpin): Ditlo. Also simply condition. (agent_get_passphrase): Ditto. * g10/call-agent.c (status_sc_op_failure): Handle GPG_ERR_BAD_RESET_CODE. * g10/card-util.c (write_sc_op_status): Ditto. * tools/card-call-scd.c (status_sc_op_failure): Ditto.
* gpg: Fix --no-utf8-strings.Werner Koch2023-09-181-1/+1
| | | | | | | | * g10/gpg.c (main): Ignore --no-utf8-strings only on Windows. -- Fixes-commit: 8c41b8aac3efb78178fe1eaf52d8d1bbc44941a8 Reported-by: Ingo Klöcker
* gpg: Add --list-filter properties sig_expires/sig_expires_dRobin H. Johnson via Gnupg-devel2023-09-151-0/+14
| | | | | | | | | Modelled after key_expires/key_expires_d. This should be useful to detect upcoming certification expiry, so the certifications can be renewed in advance of the expiry. Signed-off-by: Robin H. Johnson <[email protected]>
* gpg: Fix validity of re-imported keys.Werner Koch2023-09-061-1/+22
| | | | | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (tdb_clear_ownertrusts): Detect stale validity records. -- GnuPG-bug-id: 6399 This problem was introduced by an actually very useful patch 2002-12-13 David Shaw <[email protected]> [...] * import.c (import_keys_internal): Used here so we don't rebuild the trustdb if it is still clean. (import_one, chk_self_sigs): Only mark trustdb dirty if the key that is being imported has any sigs other than self-sigs. Suggested by Adrian von Bidder. [the last part] The bug exhibited itself only after signing a key, deleting that key and then re-importing the original non-signed key.
* gpg: Fix last commit.Werner Koch2023-09-051-1/+1
| | | | | | | * g10/keyid.c (hash_public_key): Do not pass the version. -- Fixes-commit: 1f76cbca35133969ccccfa324d633556e19a386c
* gpg: Add option --with-v5-fingerprintWerner Koch2023-09-045-9/+97
| | | | | | | | | | | | | | | | * g10/gpg.c (oWithV5Fingerprint): New. (opts): Add new option. (main): Set option. * g10/options.h (opt): Add with_v5_fingerprint. * g10/keyid.c (hash_public_key): Factor out to ... (do_hash_public_key): this. Add new arg to foce v5 style hashing. (v5_fingerprint_from_pk): New. (v5hexfingerprint): New. * g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys if the option is set. -- GnuPG-bug-id: 6705
* gpg: Add support for Subkey-Expire-Date.NIIBE Yutaka2023-07-251-6/+25
| | | | | | | | | | | | | * g10/keygen.c (enum para_name): Add pSUBKEYEXPIREDATE. (proc_parameter_file): Add support for pSUBKEYEXPIREDATE. (read_parameter_file): Add "Subkey-Expire-Date". -- Cherry-pick from master commit of: 23bcb78d279ebc81ec9340356401d19cf89985f1 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix expiration time when Creation-Date is specified.NIIBE Yutaka2023-07-251-9/+20
| | | | | | | | | | | | | | | | | * g10/keygen.c (parse_expire_string_with_ct): New function, optionally supply the creation time. (parse_expire_string): Use parse_expire_string_with_ct with no creation time. (proc_parameter_file): Use parse_expire_string_with_ct possibly with the creation time. -- Cherry-pick from master commit of: b07b5144ff6a9208ea27fe1e1518270bd22b382c GnuPG-bug-id: 5252 Signed-off-by: NIIBE Yutaka <[email protected]>
* delete redundant characterszhangguangzhi2023-06-201-1/+1
| | | | | | | -- GnuPG-bug-id: 6482 Signed-off-by: zhangguangzhi <[email protected]>
* gpg: New option --no-compress as alias for -z0.Werner Koch2023-06-151-0/+7
|
* gpg: Make progress work for large files on Windows.Werner Koch2023-06-136-29/+40
| | | | | | | | | | | | | | | | | | * common/iobuf.c (iobuf_get_filelength): Change return type to uint64_t and remove the overflow args. For Windows always use GetFileSizeEx which is available since the long EOL-ed Windows XP. * g10/sign.c (write_plaintext_packet): Adjust for changed iobuf_get_filelength. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto. * g10/photoid.c (generate_photo_id): Ditto. Also add an upper limit. * g10/filter.h (progress_filter_context_t): Change amount values to use uint64_t. * g10/progress.c (write_status_progress): Change accordingly. -- GnuPG-bug-id: 6534
* gpg: Print status line and proper diagnostics for write errors.Werner Koch2023-06-091-3/+11
| | | | | | | | | * common/iobuf.c (file_filter): Improve diagnostics. * g10/build-packet.c (do_plaintext): Make sure to cache all error cases. -- GnuPG-bug-id: 6528
* gpg: Add --list-filter properties key_expires and key_expires_d.Werner Koch2023-06-091-0/+14
| | | | | | | | | | | | | | | | * g10/import.c (impex_filter_getval): Support new filter properties. -- Here is how to list all subkeys expiring in the year 2061: gpg --list-keys --list-filter 'select= sub/key_expires_d -gt 2061-01-01 \ && sub/key_expires_d -lt 2061-12-31' To list all primary key expirations, use the "pub/" prefix and to list all expiration dates use no prefix. GnuPG-bug-id: 6509
* gpg: Set default expiration date to 3 years.Werner Koch2023-06-051-1/+1
| | | | | | | | * g10/keygen.c (default_expiration_interval): Change. -- This is a revision of GnuPG-bug-id: 2701
* gpg: Skip keys found via ADSKs.Werner Koch2023-05-252-15/+28
| | | | | | | | | | | | | | | * g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK. * g10/getkey.c (finish_lookup): Skip ADKS keys. -- If a key is searched by fingerprint or keyid and it happens that this is an ADSK (subkey with the RENC usage), we need to skip this key because it is not the key we actually want to encrypt to. The actual ADSK key is taken later by looking at all subkeys of the actual selected key. This is related to GnuPG-bug-id: 6504
* gpg: Fix searching for the ADSK key when adding an ADSK.Werner Koch2023-05-252-0/+12
| | | | | | | | * g10/keyedit.c (menu_addadsk): Request an exact search. * g10/getkey.c (finish_lookup): Add an debug output. -- GnuPG-bug-id: 6504
* gpg: Return ERROR status for --quick-sign-key.Werner Koch2023-05-241-3/+6
| | | | | * g10/keyedit.c (keyedit_quick_sign): Return an error status line. --
* w32: Add missing supportedOS Ids for Windows-10Werner Koch2023-05-242-0/+2
| | | | --
* w32: Add missing manifests and set a requestedExecutionLevel.Werner Koch2023-05-244-7/+93
| | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.w32-manifest.in: New. * dirmngr/dirmngr-client-w32info.rc: New. * dirmngr/dirmngr-client.w32-manifest.in: New. * dirmngr/dirmngr-w32info.rc: New. * dirmngr/dirmngr.w32-manifest.in: New. * dirmngr/dirmngr_ldap-w32info.rc: New. * dirmngr/dirmngr_ldap.w32-manifest.in: New. * g10/gpgv-w32info.rc: New. * g10/gpgv.w32-manifest.in: New. * kbx/keyboxd.w32-manifest.in: New. * scd/scdaemon.w32-manifest.in: New. * sm/gpgsm.w32-manifest.in: New. -- This avoids the use of the VirtualStore uner Windows. GnuPG-bug-id: 6503
* gpg: New option --debug-ignore-expiration to help with testing.Werner Koch2023-05-094-5/+17
| | | | | | | | | | | | | * g10/gpg.c (oDebugIgnoreExpiration): New. (opts): Add option. (main): Set flag. * g10/options.h (opt): Add field ignore_expiration. * g10/pkclist.c (do_we_trust): Handle the option. * g10/getkey.c (skip_unusable): Ditto. (finish_lookup): Ditto. -- GnuPG-bug-id: 2703
* gpg: Print a warning if no more encryption subkey was left over.Werner Koch2023-05-083-0/+37
| | | | | | | * g10/keyedit.c (no_usable_encr_subkeys_warning): New. (keyedit_menu): Call it after running an expire command. * g10/import.c (import_one_real): Call it in the show_key case. --
* kbx: Use custom estream bufferingWerner Koch2023-05-081-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k (stream_buffers): New var. (keybox_set_buffersize): New. (_keybox_ll_open, _keybox_ll_close): Implement buffering. * sm/gpgsm.c (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. * g10/gpg.c: Include keybox.h. * (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. -- Running a test on Windows using a pubring.kbx with Total number of blobs: 2098 openpgp: 1294 x509: 803 and a size of 42MiB with gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul gives these performance figures using procmon | N(k) | file events | time(s) | |------+-------------+---------| | 0 | 4900000 | 86 | | 16 | 2456000 | 58 | | 32 | 1233000 | 43 | | 64 | 622000 | 37 | | 128 | 317000 | 32 | | 256 | 164000 | 31 | | 512 | 88000 | 30 | Using _open instead of CreateFile give the same number of file events but increased the time slight by one second for the measured buffer size of 64k and 128k. Benchmarks for gpg have not been conducted.
* gpg: Fix for overridden key import.NIIBE Yutaka2023-04-251-1/+1
| | | | | | | | | | | * g10/import.c (do_transfer): Force the overridden key import even when smartcard is available. -- Fixes-commit: 2c1297055041b4657ea1a927acac978c2b09a483 GnuPG-bug-id: 3456 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix writing ECDH keys to OpenPGP smartcards.Werner Koch2023-04-216-8/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_keytocard): Add new arg for ECDH params. * scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to compute the fingerprint. * g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str. * g10/keyid.c (ecdh_param_str_from_pk): New. * g10/card-util.c (card_store_subkey): Pass ECDH params to writekey. * g10/keygen.c (card_store_key_with_backup): Ditto. * scd/app-openpgp.c (store_fpr): Add arg update. (rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid writing the fingerprint back to the card if not set. (read_public_key): Also add arg meta_update. (get_public_key): Do not pass it as true here... (do_genkey): ... but here. (rsa_write_key, ecc_writekey): Force string the fingerprint. -- The problem showed up because in 2.4 we changed the standard ECDH parameter some years ago. Now when trying to write an ECDH key created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong fingerprint and thus gpg was not able to find the key again by fingerprint. The patch also avoids updating the stored fingerprint in certain situations. This fix is somewhat related to GnuPG-bug-id: 6378
* gpg: New command "openpgp" for --card-edit.Werner Koch2023-04-201-1/+15
| | | | | | | | | | | | | | | | | | * g10/card-util.c (current_card_status): Print a hint for fishy outputs. (enum cmdids): Add cmdOPENPGP. (cmds): Add "openpgp". (card_edit): Implement that command. -- If a Yubikey has been used in PIV mode the initial listing does not look correct. Although we explicitly switch to the OpenPGP app when needed, we don't want to do this in listing mode. Instead we offer a new command "openpgp" to force the openpgp mode. The ultimate goal will be to enhance the gpg-card tool to completely take over the --card-edit features. But we are not yet there. GnuPG-bug-id: 6462
* gpg: Make sure that we are not accidently working with the PIV app.Werner Koch2023-04-183-0/+28
| | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_switchapp): New. * g10/card-util.c (get_info_for_key_operation): Call it. -- It may happen that the active card was last used for PIV and in that case certain commands will fail because they assume the OpenPGP app. Fortunately we have a pretty central place to assure that the right app has been selected. The bug can be easily noticed on Windows. GnuPG-bug-id: 6378
* gpg: Allow overridden key import when stub exists.NIIBE Yutaka2023-04-181-1/+11
| | | | | | | | | | * g10/import.c (do_transfer): Force importing when it's card reference. -- GnuPG-bug-id: 3456 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix handling of importing cv25519 secret key.NIIBE Yutaka2023-04-061-0/+1
| | | | | | | | | | | * g10/import.c (transfer_secret_keys): Only emit a warning when secret key is not encrypted. -- Fixing-commit: dbfb7f809b89cfe05bdacafdb91a2d485b9fe2e0 GnuPG-bug-id: 6322 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New option --assert-signer.Werner Koch2023-04-059-5/+184
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner. (opts): Add "assert-signer". (main): Set option. (assert_signer_true): New var. (g10_exit): Evaluate new var. * g10/main.h (assert_signer_true): Declare new var. * common/status.h (STATUS_ASSERT_SIGNER): New. * g10/options.h (opt): Add field assert_signer_list. * g10/verify.c (is_fingerprint): New. (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call that function. Clear assert_signer_true on a warning. * g10/gpgv.c: Add dummy function and vars. * g10/t-keydb-get-keyblock.c: Ditto. * g10/t-keydb.c: Ditto. * g10/t-stutter.c: Ditto. --
* Use the keyboxd for a fresh installWerner Koch2023-04-042-10/+41
| | | | | | | | | | | | * common/homedir.c (gnupg_maybe_make_homedir): Also create a common.conf. * g10/keydb.c: Include comopt.h. (maybe_create_keyring_or_box): Detect the creation of a common.conf. * g10/gpg.c (main): Avoid adding more resources in this case. * sm/keydb.c: Include comopt.h. (maybe_create_keybox): Detect the creation of a common.conf. * common/comopt.h (comopt): Remove the conditional "extern".
* gpg: Set the default digest algo for S2K to SHA256.Werner Koch2023-04-041-2/+2
| | | | | | | * g10/main.h (DEFAULT_S2K_DIGEST_ALGO): Alias to DEFAULT_DIGEST_ALGO. -- GnuPG-bug-id: 6367
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-24 06:02:21 +0000