aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg,regexp: Use -DREGEXP_PREFIX=gnupg_.NIIBE Yutaka6 days1-1/+1
| | | | | | | | | | | | * g10/Makefile.am (AM_CPPFLAGS): Add -DREGEXP_PREFIX=gnupg_ * regexp/Makefile.am (AM_CPPFLAGS): Likewise. * regexp/jimregexp.h (ADD_PREFIX): New. (regcomp, regexec, regerror, regfree): Use ADD_PREFIX. -- GnuPG-bug-id: 7668 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Allow updating a SHA-1 key certification w/o --force-sign-key.Werner Koch12 days1-1/+10
| | | | | | | * g10/keyedit.c (sign_uids): Add a case for this. -- GnuPG-bug-id: 7663
* gpg: Fix ECC_POINT_LEN_MAX to allow NIST curves.NIIBE Yutaka2025-05-261-1/+1
| | | | | | | | | | * g10/pkglue.c (ECC_POINT_LEN_MAX): NIST P-521 is large. -- GnuPG-bug-id: 7664 Reported-by: Collin Funk Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,agent: Clean up around using ECC KEM.NIIBE Yutaka2025-05-234-489/+84
| | | | | | | | | | | | | | | | | | | | | | * common/util.h (gnupg_ecc_kem_kdf): Change the last two args. * common/kem.c (gnupg_ecc_kem_kdf): The last arguments are KDF_PARAMS and its length. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Follow the change. * g10/pkglue.c (do_encrypt_kem): Follow the change. * g10/ecdh.c (extract_secret_x, derive_kek): Remove. (gnupg_ecc_6637_kdf): Remove. (ecc_build_kdf_params): Rename from build_kdf_params, changing arguments. * g10/pkglue.c (do_encrypt_ecdh): Refactor by ecc_build_kdf_params and gnupg_ecc_kem_kdf. * g10/pkglue.h (pk_ecdh_decrypt, gnupg_ecc_6637_kdf): Remove. (ecc_build_kdf_params): New. * g10/pubkey-enc.c (ecdh_sexp_build): Use ecc_build_kdf_params. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Use ECC KEM interface for decryption.NIIBE Yutaka2025-05-222-29/+83
| | | | | | | | | | | | | * g10/call-agent.c (agent_pkdecrypt): Use --kem=PGP for PUBKEY_ALGO_ECDH. * g10/pubkey-enc.c (ecdh_sexp_build): New. (get_it): Use ecdh_sexp_build for PUBKEY_ALGO_ECDH. And don't use pk_ecdh_decrypt since it's done by agent. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Support ECC KEM by PKDECRYPT --kem.NIIBE Yutaka2025-05-211-1/+1
| | | | | | | | | | | | | | | | * common/kem.c (gnupg_ecc_kem_kdf): Support traditional KDF of RFC 6637. * common/util.h (gnupg_ecc_kem_kdf): Add FIXED_INFO argument. * g10/pkglue.c (do_encrypt_kem): Follow the change. * agent/pkdecrypt.c (ecc_pgp_kem_decap): Return ECC parameters. (composite_pgp_kem_decrypt): Follow the changes. (ecc_kem_decrypt): New. (agent_kem_decrypt): Support ECC KEM. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Use the KEM API for ECC encryption.NIIBE Yutaka2025-05-193-250/+344
| | | | | | | | | | | | | | | | | * g10/ecdh.c (gnupg_ecc_6637_kdf): New. (pk_ecdh_encrypt_with_shared_point, gen_k): Remove. (pk_ecdh_generate_ephemeral_key): Remove. * g10/pkglue.c (get_data_from_sexp): Remove. (do_encrypt_ecdh): Use gcry_kem_encap of the KEM API, gnupg_ecc_6637_kdf, and AESWRAP. * g10/pkglue.h (gnupg_ecc_6637_kdf): New. (pk_ecdh_encrypt_with_shared_point): Remove. (pk_ecdh_generate_ephemeral_key, pk_ecdh_encrypt): Remove. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Remove unused variable.Werner Koch2025-05-161-3/+0
| | | | * g10/export.c (do_export): Remove zfx.
* gpg: Do not allow compressed key packets on import.Werner Koch2025-05-163-2/+8
| | | | | | | | | | | | | | * g10/import.c (read_block): Bail out on compressed packets. * g10/options.h (COMPAT_COMPR_KEYS): New. * g10/gpg.c (compatibility_flags): Add "compr-keys". * common/util.h: Remove replacement code not any longer needed. (GPG_ERR_UNEXPECTED_PACKET): Add a new replacement code. -- Compressed key packets do not make much sense but historically they were supported. Thus we also add a compatibility flag. GnuPG-bug-id: 7014
* gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work.Werner Koch2025-05-131-1/+2
| | | | | | | | | | * g10/keylist.c (list_keyblock_simple): Take care of show-unusable-uids. -- This allows to upload revoked keys to a WKD. Suggested-by: Uwe Kleine-König
* gpg: Fully implement the group key flag.Werner Koch2025-05-122-4/+7
| | | | | | | | | | * g10/getkey.c (merge_selfsigs_main): Do not mask out the group bit. (merge_selfsigs_subkey): Ditto/ * g10/keygen.c (ask_key_flags_with_mask): Ditto. (proc_parameter_file): Ditto. -- Updates-commit: 0988e49c45d0fb73d0b536aa027bd114f9dc65a7
* Update distsigkeyWerner Koch2025-05-091-0/+0
| | | | | | -- Added Alexander. Removed Andre.
* gpg: Fix another regression due to the T7547 fix.Werner Koch2025-05-021-3/+5
| | | | | | | | | | | | | * g10/getkey.c (get_pubkey_for_sig): Keep a requested PUBKEY_USAGE_CERT. (finish_lookup): For correctness in future use cases allow PUBKEY_USAGE_CERT to also trigger verify mode. -- The case here was that a cert-only primary key was removed with export-clean. GnuPG-bug-id: 7583
* gpg: Add debug flag "recsel".Werner Koch2025-04-304-0/+11
| | | | | | | | | | | | * g10/gpg.c: Include recsel.h. (debug_flags): New flag "recsel". (set_debug): Set it. * g10/options.h (DBG_RECSEL_VALUE, DBG_RECSEL): New. * g10/import.c (impex_filter_getval): Add debug diagnostics. * g10/keylist.c (parse_and_set_list_filter): Dump the record filter. * common/recsel.c (recsel_debug): New variable. (recsel_set_debug): New function. (recsel_select): Add debug output if requested.
* gpg: New command --quick-tsign-key.Werner Koch2025-04-293-15/+165
| | | | | | | | | | | * g10/gpg.c (aQuickTSignKey): New. (opts): Add new command. (main): Parse args for it. * g10/keyedit.c: Include mbox-util.h. (parse_trustsig_string): New. (sign_uids): Add arg trustsig for use in quick mode. (keyedit_quick_sign): Also add arg trustsig and print a diagnostic on error.
* gpg: Make the internal sign_uids function easier to read.Werner Koch2025-04-291-46/+59
| | | | | | | | | * g10/keyedit.c (SIGN_UIDS_LOCAL): New. (SIGN_UIDS_NONREVOCABLE): New. (SIGN_UIDS_TRUSTSIG): New. (SIGN_UIDS_INTERACTIVE): New. (SIGN_UIDS_QUICK): New. (sign_uids): Replace several boolean args by flags arg.
* gpg: New list options "show-trustsig"Werner Koch2025-04-293-0/+59
| | | | | | | * g10/options.h (LIST_SHOW_TRUSTSIG): New. * g10/gpg.c (parse_list_options): Add "show-trustsig". * g10/keylist.c (parse_trust_name): New. (list_signature_print): Print trust signature info.
* gpg: New key generation parameter "User-Id".Werner Koch2025-04-041-0/+1
| | | | * g10/keygen.c (read_parameter_file): Add keyword "User-Id".
* doc: Update NEWSWerner Koch2025-03-251-0/+1
| | | | --
* doc: Minor updatesWerner Koch2025-03-142-2/+2
| | | | --
* gpg: Fix double free of internal data.Werner Koch2025-03-131-1/+2
| | | | | | | | | * g10/sig-check.c (check_signature_over_key_or_uid): Do not free in no-sig-cache mode if allocated by caller. -- GnuPG-bug-id: 7547 Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
* Typo fix and add missing prototype.Werner Koch2025-03-071-1/+1
| | | | --
* gpg: Fix regression for the recent malicious subkey DoS fix.Werner Koch2025-03-062-19/+34
| | | | | | | | | | | * g10/packet.h (PUBKEY_USAGE_VERIFY): New. * g10/getkey.c (get_pubkey_for_sig): Pass new flag also to requested usage. (finish_lookup): Introduce a verify_mode. -- Fixes-commit: 48978ccb4e20866472ef18436a32744350a65158 GnuPG-bug-id: 7547
* gpg: Fix a verification DoS due to a malicious subkey in the keyring.Werner Koch2025-02-216-86/+152
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey): Factor code out to ... (get_pubkey_bykid): new. Add feature to return the keyblock. (get_pubkey_for_sig): Add arg r_keyblock to return the used keyblock. Request a signing usage. (get_pubkeyblock_for_sig): Remove. (finish_lookup): Improve debug output. * g10/sig-check.c (check_signature): Add arg r_keyblock and pass it down. * g10/mainproc.c (do_check_sig): Ditto. (check_sig_and_print): Use the keyblock returned by do_check_sig to show further information instead of looking it up again with get_pubkeyblock_for_sig. Also re-check the signature after the import of an included keyblock. -- The problem here is that it is possible to import a key from someone who added a signature subkey from another public key and thus inhibits that a good signature good be verified. Such a malicious key signature subkey must have been created w/o the mandatory backsig which bind a signature subkey to its primary key. For encryption subkeys this is not an issue because the existence of a decryption private key is all you need to decrypt something and then it does not matter if the public subkey or its binding signature has been put below another primary key; in fact we do the latter for ADSKs. GnuPG-bug-id: 7527
* gpg: Remove a signature check function wrapper.Werner Koch2025-02-203-31/+14
| | | | | | * g10/sig-check.c (check_signature2): Rename to (check_signature): this and remove the old wrapper. Adjust all callers.
* gpg: Lookup key for merging/inserting only beu primary key.Werner Koch2025-02-113-6/+24
| | | | | | | | | | | | | | | | * g10/getkey.c (get_keyblock_byfpr_fast): Add arg primary_only and implement. * g10/import.c (import_one_real): Simplify filling the fpr buffer with zeroes. (import_one_real): Find key only by primary fingerprint. -- This should have been done early: When looking up the original keyblock we want to update, we need to lookup it up only using the primary key. This avoids to find a key which has the primary key also has a subkey. GnuPG-bug-id: 7527
* gpg: Store Link attributes for composite keys.Werner Koch2025-02-073-0/+57
| | | | | | | | | | | * g10/call-agent.c (agent_crosslink_keys): New. * g10/keygen.c (common_gen): Store the Link attribute. -- The Link attribute may be useful to quickly find the other part of a composite private key. GnuPG-bug-id: 6638
* gpg: New option --disable-pqc-encryption.Werner Koch2025-02-063-0/+18
| | | | | | | | | | | | * g10/options.h (flags): Add field disable_pqc_encryption. * g10/gpg.c (oDisablePQCEncryption): New. (opts): Add --option. (main): Set option. * g10/getkey.c (finish_lookup): Skip subkeys if option is set. -- This option can be used to avoid the use of Kyber encryption subkeys if this does not make sense (i.e. protection of local files).
* kbx: Fix for building without keyboxd.Werner Koch2025-02-061-7/+1
| | | | | | | | | | | | * kbx/keybox-fwddecl.h: New. * kbx/keybox.h: Replace typedef for KEYBOX_HANDLE by including the new file. * g10/keydb-private.h: Ditto. -- The duplicated typedef was a bit ugly and will fail, depending on compiler, iof for example building without keyboxd. Fix only tested in the standard case but the fix is obvious.
* gpg: Fix --quick-add-key for Weierstrass ECC with usage given.Werner Koch2025-02-051-0/+37
| | | | | | | | * g10/keygen.c (adjust_algo_for_ecdh_ecdsa): New. (parse_algo_usage_expire): Adjust key algo. -- GnuPG-bug-id: 7506
* gpg: Base compliance "de-vs" now on "gnupg" and not on "openpgp".Werner Koch2025-02-031-1/+1
| | | | | | | | * g10/gpg.c (set_compliance_option) <oDE_VS>: Change. -- This version has not yet been evaluated and thus we are able to change it to a more useful default.
* gpg: Simplify the compliance settings.Werner Koch2025-02-031-34/+24
| | | | | | | | | | | | * g10/gpg.c (set_compliance_option): Base most settings on oGnuPG. For oGnuPG explictly clear the allow_old_cipher_algos flag. -- Note that --allow-old-cipher-algos must now come after a compliance settings. This avoids a bug when first setting oRFC2440 and then oGnuPG which would not clear the flag. GnuPG-bug-id: T7501
* gpg: --compliance={pgp7, pgp8} also now restore default optionsDaniel Kahn Gillmor via Gnupg-devel2025-02-031-2/+8
| | | | | | | | | | | | | * g10/gpg.c (set_compliance_option): oPGP7 and oPGP8 both restore policy-relevant default options before setting the compliance flag. -- With this change, any ordering of --compliance options will always result in the options selected from the last option given. GnuPG-bug-id: 7501 Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: --compliance=gnupg restores default for policy-affected optionsDaniel Kahn Gillmor via Gnupg-devel2025-02-031-10/+16
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (set_compliance_option): oGnuPG restores default policy-affected options, moved from... (main): ...here. Invoke set_compliance_option(oGnuPG) directly instead of just setting opt.compliance. -- Some of these default option values (flags.dsa2, rfc2440_text, allow_non_selfsigned_uid, allow_freeform_uid) had to be inferrerd from the fact that the opt struct is static and therefore initialized to zero by the compiler. With this change, --compliance=gnupg now completely reverts to the defaults that were changed from other --compliance= options. GnuPG-bug-id: T7501 Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: --compliance=rfc2440 does not require cross-certificationDaniel Kahn Gillmor via Gnupg-devel2025-02-031-0/+1
| | | | | | | | | | | | | | | | | | * g10/gpg.c (set_compliance_option): clear opt.flags.require_cross_cert with oRFC2440 -- This aligns with the expectations in RFC 2440, which doesn't specify any cross-certifications. As doc/gpg.texi says: "This is dangerous", but it aligns with the specification. The comment above says that 4880 is the same as 2440, "but with [...] --require-cross-certification", so we align the code with the intent from the comment. It looks like opt.require_cross_cert was turned on by default after that comment (and the oRFC2440 section) was written, but the oRFC2440 section was never updated to turn it off. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Fix handling with no CRC armor.NIIBE Yutaka2025-01-201-2/+4
| | | | | | | | | * g10/armor.c (radix64_read): Set ->any_data if any data is available. -- GnuPG-bug-id: 7071 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Show the default PIN hint also before "name" and "key-attr"Werner Koch2025-01-091-14/+32
| | | | | | | | | | | | | | | | | * g10/card-util.c (USER_PIN_DEFAULT): Move to the top. Same for the other constants. (show_pin_hint): New. (generate_card_keys): Use show_pin_hint. (do_change_keyattr): Also show pin hint here. (change_name): And here. -- We used to show a hint for the default PINs only before generate. However it is often useful to first change the attributes and thus the hint should be show here as well. The above is only done if no name has yet been set, thus before setting the name we also show the hint.
* gpg: Print a warning if the card backup key could not be written.Werner Koch2025-01-081-4/+14
| | | | | | | | * g10/keygen.c (card_write_key_to_backup_file): Fix error handing by removing the RC variable. Add warning note. -- GnuPG-bug-id: 2169
* gpg: Force the use of AES-256 in some casesDamien Goutte-Gattat via Gnupg-devel2025-01-061-0/+19
| | | | | | | | | | | | | | | | | | | | | | * g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if PQC encryption was required or if all recipient keys are Kyber keys. -- If --require-pqc-encryption was set, then it should be safe to always force AES-256, without even checking if we are encrypting to Kyber keys (if some recipients do not have Kyber keys, --require-pqc-encryption will fail elsewhere). Otherwise, we force AES-256 if we encrypt *only* to Kyber keys -- unless the user explicitly requested another algo, in which case we assume they know what they are doing. GnuPG-bug-id: 7472 Signed-off-by: Damien Goutte-Gattat <[email protected]> Man page entry extended Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow smaller session keys with KyberDamien Goutte-Gattat via Gnupg-devel2025-01-061-6/+2
| | | | | | | | | * g10/pubkey-enc.c (get_it): Do not error out when decrypting a session key of less than 32 octets encrypted to a Kyber key. -- GnuPG-bug-id: 7472 Signed-off-by: Damien Goutte-Gattat <[email protected]>
* gpg: Fix key generation with existing key from card.NIIBE Yutaka2024-12-161-1/+1
| | | | | | | | | | | * g10/keygen.c (ask_algo): Fix condition. Continue the loop when failure. -- Fixes-commit: e7891225788ab5f6d050a06643b1f488c227771f GnuPG-bug-id: 7309, 7457 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Allow for longer signature subpackets.Werner Koch2024-12-091-7/+8
| | | | | | | | | | | | * g10/parse-packet.c (parse_signature): Increase the cap for hashed subpackets to 30000. Print the value in the error message. Do not return an error but skip a too long signature. -- The limit of 10000 served us well for decades but given the option to put a key into the signature, a larger limit will eventually be useful. The second part makes things a bit robust against rogue subpackets on a keyserver.
* gpg: Silence expired trusted-key diagnostics in quiet mode.Werner Koch2024-12-051-4/+6
| | | | | | | * g10/trustdb.c (validate_keys): Take care of --quiet. -- GnuPG-bug-id: 7351
* Require gpgrt 1.51Werner Koch2024-12-041-0/+2
| | | | | | | | | * configure.ac (NEED_GPGRT_VERSION): Bump to 1.51. * g10/keydb.c (internal_keydb_update_keyblock) [!USE_TOFU]: Mark an arg unused. * common/homedir.c (create_common_conf) [!BUILD_WITH_KEYBOXD]: Mark an arg unused.
* gpg: Fix modifying signature data by pk_verify for Ed25519.NIIBE Yutaka2024-11-251-6/+21
| | | | | | | | | | | | | | | | * g10/pkglue.c (pk_verify): When fixing R and S, make sure those are copies. -- GnuPG-bug-id: 7426 Fixing-commit: 0a5a854510fda6e6990938a3fca424df868fe676 Signed-off-by: NIIBE Yutaka <[email protected]> Also avoid clearing the error by the S code of a failed mpi_print of R. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix comparing ed448 vs ed25519 with --assert-pubkey-algo.Werner Koch2024-11-222-1/+25
| | | | | | | | * g10/keyid.c (extra_algo_strength_offset): New. (compare_pubkey_string_part): Use the mapping. -- GnuPG-bug-id: 6425
* gpg: Allow "Kyber" as algorithm for the Subkey-Type keyword.Werner Koch2024-11-141-0/+2
| | | | | | | | * g10/keygen.c (get_parameter_algo): Make "KYBER" to PUBKEY_ALGO_KYBER. -- GnuPG-bug-id: 7397
* gpg: For composite algos add the algo string to the colons listings.Werner Koch2024-11-141-0/+14
| | | | | | | | * g10/keylist.c (list_keyblock_colon): Put the algo string into the curve field for Kyber. -- GnuPG-bug-id: 6638
* gpg: Add option to create Kyber with --full-gen-key.Werner Koch2024-11-131-8/+165
| | | | | | | | | | | | * g10/keygen.c (PQC_STD_KEY_PARAM_PRI, PQC_STD_KEY_PARAM_SUB): New. (PQC_STD_KEY_PARAM): Construct from above. (gen_kyber): Allow short curve names. (ask_algo): Add Entry for ecc+kyber. (ask_kyber_variant): New. (generate_keypair): Generate ECC primary and Kyber sub. -- GnuPG-bug-id: 6638
* gpg: Improve wording for only-pubkeys.Werner Koch2024-11-081-1/+2
| | | | | | | | * g10/import.c (parse_import_options): Add a description to only-pubkeys. -- See gnupg-devel for a brief discussion.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 05:33:19 +0000