aboutsummaryrefslogtreecommitdiffstats
path: root/sm/certreqgen.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpgsm: default to 3072-bit keys.Daniel Kahn Gillmor2019-02-281-2/+2
| | | | | | | | | | | | | | | | | | | | * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update default to 3072 bits. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to 3072 bits. * sm/certreqgen.c (proc_parameters): update default to 3072 bits. * sm/gpgsm.c (main): print correct default_pubkey_algo. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gbp-Pq: Topic update-defaults Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch (cherry picked from commit 7955262151a5c755814dd23414e6804f79125355)
* sm: Fix certificate creation with key on card.Werner Koch2019-02-251-1/+1
| | | | | | | | | | | | | | | * sm/certreqgen.c (create_request): Fix for certmode. -- When using an existing key from a card for certificate signing (in contrast to the default of generating a CSR), the code tried to use the same key for signing instead of the Signing-Key parameter. It is perfectly okay to use the regular signing path via gpg-agent for certificate creation - only self-signed certificates with a key on the card require the direct use of the card key (via "SCD PKSIGN"). Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c1000c673814e552923cf1361346d7dfeee55608)
* Remove -I option to common.NIIBE Yutaka2017-03-071-1/+1
| | | | | | | | | | | | | * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Rename remaining symbols in ksba-io-support.Werner Koch2017-02-161-3/+3
| | | | | | | | | | | | | | | | | | * common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ... (gnupg_ksba_reader_eof_seen): this. Change all callers. (gpgsm_destroy_reader): Rename to ... (gnupg_ksba_destroy_reader): this. Change all callers. (gpgsm_finish_writer): Rename to ... (gnupg_ksba_finish_writer): this. Change all callers. (gpgsm_destroy_writer): Rename to ... (gnupg_ksba_destroy_writer): this. Change all callers. * common/ksba-io-support.c (struct base64_context_s): Rename to ... (gnupg_ksba_io_s): this. * common/ksba-io-support.h (base64_context_s): Ditto. (Base64Context): Rename this typedef to ... (gnupg_ksba_io_t): this. Change all users. Signed-off-by: Werner Koch <[email protected]>
* common: Remove gpgsm dependencies from ksba-io-support.Werner Koch2017-02-161-1/+5
| | | | | | | | | | | | | | | | | * common/ksba-io-support.c: Include ksba-io-support.h instead of ../sm/gpgsm.h. Include util.h. (writer_cb_parm_s): Remove const from 'pem_name'. (gpgsm_destroy_writer): Free 'pem_name'. (gpgsm_create_reader): Rename to ... (gnupg_ksba_create_reader): this. Replace args CTRL and ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate FLAGS. Change all callers to pass the FLAGS. (gpgsm_create_writer): Rename to ... (gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS. Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change all callers to pass the FLAGS and PEM_NAME. Signed-off-by: Werner Koch <[email protected]>
* Change all http://www.gnu.org in license notices to https://Werner Koch2016-11-051-1/+1
| | | | --
* Fix use cases of snprintf.NIIBE Yutaka2016-10-211-1/+1
| | | | | | | | | | | * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Allow combination of usage flags --gen-key.Werner Koch2015-10-281-31/+46
| | | | | | | | | * sm/certreqgen.c (create_request): Re-implement building of the key-usage extension. -- GnuPG-bug-id: 2029 Signed-off-by: Werner Koch <[email protected]>
* sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).Werner Koch2015-03-251-1/+1
| | | | | | | | * sm/certreqgen.c (create_request): Change default hash algo. * sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change default bulk cipher algo. -- Signed-off-by: Werner Koch <[email protected]>
* sm: Silence compiler warnings.Werner Koch2014-09-181-1/+1
| | | | | | * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I. * sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler warning.
* Change all quotes in strings and comments to the new GNU standard.Werner Koch2012-06-051-8/+8
| | | | | | | | | | | | | | | | | | | The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
* gpgsm: Allow specification of an AuthorityKeyIdentifier.Werner Koch2011-12-061-0/+56
| | | | | | | * sm/certreqgen.c (pAUTHKEYID): New. (read_parameters): Add keyword Authority-Key-Id. (proc_parameters): Check its value. (create_request): Insert an Authority-Key-Id.
* gpgsm: Allow arbitrary extensions for cert creation.Werner Koch2011-12-061-2/+182
| | | | | | | | * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New. (read_parameters): Add new keywords. (proc_parameters): Check values of new keywords. (create_request): Add SubjectKeyId and extensions. (parse_parameter_usage): Support "cert" and the encrypt alias "encr".
* gpgsm: Fix storing of the serial numberWerner Koch2011-12-061-1/+1
| | | | * sm/certreqgen.c (create_request): Fix hex-bin conversion.
* Replace gcry_md_start_debug by gcry_md_debug.Werner Koch2011-09-201-1/+1
| | | | | This is to allow building with Libgcrypt master (1.6) which has some cleanups in the API/ABI.
* Fix size_t vs int issues.Marcus Brinkmann2011-06-011-1/+1
|
* Move parameter file description to the manual.Werner Koch2011-03-011-121/+14
|
* Support X.509 certificate creation.Werner Koch2011-03-011-68/+425
| | | | | | | | | | | | | | | | | | | | | | | | | Using "gpgsm --genkey" allows the creation of a self-signed certificate via a new prompt. Using "gpgsm --genkey --batch" should allow the creation of arbitrary certificates controlled by a parameter file. An example parameter file is Key-Type: RSA Key-Length: 1024 Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA Key-Usage: sign, encrypt Serial: random Name-DN: CN=some test key Name-Email: [email protected] Name-Email: [email protected] Hash-Algo: SHA384 not-after: 2038-01-16 12:44 This creates a self-signed X.509 certificate using the key given by the keygrip and using SHA-384 as hash algorithm. The keyword signing-key can be used to sign the certificate with a different key. See sm/certreggen.c for details.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-29/+28
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Remove superfluous parameter.Werner Koch2010-11-261-1/+1
| | | | | Make self-check interval larger
* 2010-04-23 Marcus Brinkmann <[email protected]>Marcus Brinkmann2010-04-231-2/+2
| | | | | | * certreqgen.c (read_parameters): Use ascii_isspace instead of spacep to stop at newline, too.
* Removed almost al dup calls.Werner Koch2010-03-081-3/+4
|
* Add gpgconf related dummy options default_pubkey_algo.Werner Koch2009-11-231-1/+2
| | | | | | Add option --skip-hidden-recipients Comment updates.
* Change fallback keysize to 2048Werner Koch2009-11-101-3/+3
|
* Fixed a bunch of little bugs as reported by Fabian Keil.Werner Koch2009-06-241-1/+1
| | | | | Still one problem left; marked with a gcc #warning.
* Add a custom prompt for the CSR generation.Werner Koch2008-12-051-6/+20
| | | | | Add a new percent escape fucntion.
* Fixed creation of private keys under W32.Werner Koch2007-08-221-3/+2
| | | | | Minor code cleanups.
* Updated estream.Werner Koch2007-08-221-21/+7
| | | | | More changes for Windows.
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* Fixed a problem in estream-printf.c.Werner Koch2007-06-251-4/+4
| | | | | Changes for Windows (gpgsm -k does now work). Minor cleanups.
* Implemented the --gen-key command as we can't use the gpgsm-gencert.sh under ↵Werner Koch2007-06-211-5/+9
| | | | Windows.
* Allow export to work on systems without funopen/fopencookie.Werner Koch2007-03-191-1/+1
|
* No more warnings for AMD64 (at least when cross-compiling). Thus tehre is aWerner Koch2006-11-211-1/+1
| | | | | | | good chance that gpg2 will now work. Other cleanups. Updated gettext.
* Allow pkcs#10 creation directkly from a smart cardWerner Koch2006-10-111-17/+57
|
* The big Assuan error code removal.Werner Koch2006-09-061-3/+3
|
* Minor changes and typo fixes.Werner Koch2006-09-061-1/+1
|
* With --enable-gpg the keyservers are now build and a first test using gpg2Werner Koch2006-08-161-4/+2
| | | | | shows no prblems. Needs more testing of course.
* better reporting of bad DNsWerner Koch2006-07-031-7/+23
|
* Updated FSF's address.Werner Koch2006-06-201-1/+2
|
* * findkey.c (agent_public_key_from_file): Fixed array assignment.Werner Koch2005-07-251-9/+30
| | | | | | | This was the cause for random segvs. * call-agent.c (gpgsm_agent_readkey): New.
* * gpgsm.c (main): New options --no-log-file and --debug-none.Werner Koch2005-07-211-28/+94
| | | | | | | | | | | * certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg to allow enumeration. Changed all callers. (create_request): Process DNS and URI parameters. * gpgsm-gencert.sh: Reworked to allow for multiple email addresses as well as DNsanmes and URi. Present the parameter file before creating the certificate.
* gcc-4 defaults forced me to edit many many files to get rid of theWerner Koch2005-06-161-4/+5
| | | | | | | char * vs. unsigned char * warnings. The GNU coding standards used to say that these mismatches are okay and better than a bunch of casts. Obviously this has changed now.
* * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Link a simple testV1-9-15Werner Koch2005-01-131-1/+1
| | | | | | | program to see whether the installation is sane. * certreqgen.c (proc_parameters): Cast printf arg.
* (gpgsm_genkey): Remove the NEW from the certificateWerner Koch2004-10-221-1/+1
| | | | | request PEM header. This is according to the Sphinx standard.
* * configure.ac: Changed tests for libusb to also suuport theWerner Koch2004-08-051-7/+8
| | | | | | | | | | | | | | | | | | stable version 0.1.x. * scdaemon.texi (Card applications): New section. * scdaemon.c (main): New option --disable-application. * app.c (is_app_allowed): New. (select_application): Use it to check for disabled applications. * ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New. * ccid-driver.c (ccid_open_reader): Support the stable 0.1 version of libusb. (ccid_get_atr): Handle short messages. * apdu.c (my_rapdu_get_status): Implemented.
* * configure.ac: Require libksba 0.9.7.Werner Koch2004-06-061-2/+38
| | | | | | | | | | | | | | | | * certreqgen.c (get_parameter_uint, create_request): Create an extension for key usage when requested. * gpgsm.c (main): Install emergency_cleanup also as an atexit handler. * verify.c (gpgsm_verify): Removed the separate error code handling for KSBA. We use shared error codes anyway. * export.c (export_p12): Removed debugging code. * encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
* typo fixWerner Koch2004-04-291-1/+1
|
* * call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt)Werner Koch2004-04-261-13/+17
| | | | | | | | | | | | | | (gpgsm_agent_genkey, gpgsm_agent_istrusted) (gpgsm_agent_marktrusted, gpgsm_agent_havekey) (gpgsm_agent_passwd): Add new arg CTRL and changed all callers. (start_agent): New arg CTRL. Send progress item when starting a new agent. * sign.c (gpgsm_get_default_cert, get_default_signer): New arg CTRL to be passed down to the agent function. * decrypt.c (prepare_decryption): Ditto. * certreqgen.c (proc_parameters, read_parameters): Ditto. * certcheck.c (gpgsm_create_cms_signature): Ditto.
* * certcheck.c (gpgsm_create_cms_signature): Format a descriptionWerner Koch2004-02-131-1/+1
| | | | | | | | | | | | for use by the pinentry. * decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP. * certdump.c (format_name_cookie, format_name_writer) (gpgsm_format_name): New. (gpgsm_format_serial): New. (gpgsm_format_keydesc): New. * call-agent.c (gpgsm_agent_pksign): New arg DESC. (gpgsm_agent_pkdecrypt): Ditto.
* Replaced deprecated type names.Werner Koch2003-12-171-9/+9
| | | | | | | | * certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul. (gpgsm_dump_serial): Ditto. * decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 11:39:40 +0000