aboutsummaryrefslogtreecommitdiffstats
path: root/sm/gpgsm.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpgsm: Add new validation model "steed".Werner Koch2011-12-071-2/+5
| | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (VALIDATE_FLAG_STEED): New. * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed". * sm/server.c (option_handler): Allow validation model "steed". * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New. * sm/certchain.c (do_validate_chain): Handle the well-known-private-key attribute. Support the "steed" model. (gpgsm_validate_chain): Ditto. * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line. * sm/keylist.c (list_cert_colon): Print the new 'w' flag. -- This is the first part of changes to implement the STEED proposal as described at http://g10code.com/steed.html . The idea for X.509 is not to use plain self-signed certificates but certificates signed by a dummy CA (i.e. one for which the private key is known). Having a single CA as an indication for the use of STEED might help other X.509 implementations to implement STEED.
* Support X.509 certificate creation.Werner Koch2011-03-011-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Using "gpgsm --genkey" allows the creation of a self-signed certificate via a new prompt. Using "gpgsm --genkey --batch" should allow the creation of arbitrary certificates controlled by a parameter file. An example parameter file is Key-Type: RSA Key-Length: 1024 Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA Key-Usage: sign, encrypt Serial: random Name-DN: CN=some test key Name-Email: [email protected] Name-Email: [email protected] Hash-Algo: SHA384 not-after: 2038-01-16 12:44 This creates a self-signed X.509 certificate using the key given by the keygrip and using SHA-384 as hash algorithm. The keyword signing-key can be used to sign the certificate with a different key. See sm/certreggen.c for details.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-7/+7
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Remove superfluous parameter.Werner Koch2010-11-261-1/+1
| | | | | Make self-check interval larger
* Add new option --with-keygripWerner Koch2010-10-081-0/+2
|
* Auto-start dirmngr.Werner Koch2010-08-161-1/+0
|
* Implement export of pkcs#12 objects using a direct agent connection.Werner Koch2010-06-211-2/+6
|
* Avoid using the protect-tool to import pkcs#12.Werner Koch2010-06-171-0/+6
|
* Merged jnlib into common.Werner Koch2010-03-101-1/+0
|
* Removed almost al dup calls.Werner Koch2010-03-081-3/+3
|
* Replace use stdio by estream functions.Werner Koch2010-03-081-6/+8
|
* Add option --cert-extension.Werner Koch2009-12-101-1/+6
|
* Impleemned gpgsm's IMPORT --re-import feature.Werner Koch2009-07-071-1/+1
| | | | | Typo fix.
* Reworked passing of envars to Pinentry.Werner Koch2009-07-071-6/+5
|
* Create a pkcs#10 request directly from a card.Werner Koch2009-07-021-0/+2
| | | | | Deprecate gpgsm-gencert.sh script.
* Signing using Netkey 3 cards does now work.Werner Koch2009-03-261-2/+3
|
* Print NO_SECKEY status line in gpgsm.Werner Koch2009-03-251-2/+3
| | | | | This fixes bug#1020.
* Add server option with-ephemeral-keys.Werner Koch2009-03-181-3/+2
| | | | | Extend SCD LEARN command.
* New gpg-agent command to list key information.Werner Koch2009-03-061-0/+2
| | | | | | Gpgsm does now print the S/N of cards. Consider ephemeral keys during listing an export.
* fixed a bug in the prompt formatter.Werner Koch2008-10-281-0/+1
|
* Help dirmngr to use supplied trust anchors.Werner Koch2008-10-211-1/+1
|
* Add gpgsm server command GETINFO agent-check.Werner Koch2008-09-301-0/+1
| | | | | Fix tests.
* 2008-08-08 Marcus Brinkmann <[email protected]>Marcus Brinkmann2008-08-081-2/+0
| | | | | | | | | | | | | | | | * gpgsm.h (struct server_control_s): Remove member dirmngr_seen. * call-dirmngr.c (dirmngr2_ctx, dirmngr_ctx_locked) (dirmngr2_ctx_locked): New global variables. (prepare_dirmngr): Don't check dirmngr_seen anymore. (start_dirmngr): Move bunch of code to ... (start_dirmngr_ext): ... this new function. (release_dirmngr, start_dirmngr2, release_dirmngr2): New functions. (gpgsm_dirmngr_isvalid): Call release_dirmngr. (gpgsm_dirmngr_lookup): Call release_dirmngr. If dirmngr_ctx is locked, use dirmngr2_locked. (gpgsm_dirmngr_run_command): Call release_dirmngr.
* Start support of TCOS 3 cards.Werner Koch2008-06-261-0/+2
| | | | | | | Support restriction attribute. Fix utf-8 printing problems. Use AES by default.
* sm/Marcus Brinkmann2008-06-121-0/+14
| | | | | | | | | | | | | | | | 2008-06-12 Marcus Brinkmann <[email protected]> * gpgsm.h (struct keyserver_spec): New struct. (opt): Add member keyserver. * gpgsm.c (keyserver_list_free, parse_keyserver_line): New functions. (main): Implement --keyserver option. * call-dirmngr.c (prepare_dirmngr): Send LDAPSERVER commands. tools/ 2008-06-12 Marcus Brinkmann <[email protected]> * gpgconf-comp.c (gc_options_gpgsm): Add option keyserver.
* Improve certificate chain construction.Werner Koch2008-02-191-0/+1
| | | | | Extend PKITS framework
* Poems for AllowSetForegroundWindow (W32)Werner Koch2008-02-141-0/+2
|
* Always search missing certifcates using a running Dirmngr's cache.Werner Koch2008-02-131-3/+4
|
* Allow verification of some broken S-TRUST generated signatures.Werner Koch2007-12-131-0/+3
|
* Support DSA2.Werner Koch2007-12-121-0/+4
| | | | | | Support Camellia for testing. More audit stuff.
* Started to implement the audit log feature.Werner Koch2007-11-191-1/+8
| | | | | | | | Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry. Improved support for the quality bar. Minor internal restructuring. Translation fixes.
* Add new features to kbxutil.Werner Koch2007-08-231-1/+2
| | | | | Fixed bug 829 (can't encrypt if duplicated certs are in the keybox)
* Updated estream.Werner Koch2007-08-221-1/+1
| | | | | More changes for Windows.
* Implemented the chain model for X.509 validation.Werner Koch2007-08-101-3/+14
|
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* Implemented the --gen-key command as we can't use the gpgsm-gencert.sh under ↵Werner Koch2007-06-211-2/+5
| | | | Windows.
* Allow setting of the passphrase encoding of pkcs#12 files.Werner Koch2007-03-201-0/+4
| | | | New option --p12-charset.
* Allow export to work on systems without funopen/fopencookie.Werner Koch2007-03-191-2/+3
|
* Changes to let the key listing use estream to help systems withoutWerner Koch2007-03-191-4/+6
| | | | | funopen.
* sm/Werner Koch2006-11-141-0/+2
| | | | | | | | | | | | | | * server.c (skip_options): Skip leading spaces. (has_option): Honor "--". (cmd_export): Add option --data to do an inline export. Skip all options. * certdump.c (gpgsm_fpr_and_name_for_status): New. * verify.c (gpgsm_verify): Use it to print correct status messages. doc/ * gpgsm.texi (GPGSM EXPORT): Document changes.
* Allow pkcs#10 creation directkly from a smart cardWerner Koch2006-10-111-1/+4
|
* Fix for bug 537Werner Koch2006-10-021-4/+4
|
* New "relax" option for trustlist.txtWerner Koch2006-09-251-1/+12
|
* The big Assuan error code removal.Werner Koch2006-09-061-15/+17
|
* Various smaller changesWerner Koch2006-06-271-0/+2
|
* Updated FSF's address.Werner Koch2006-06-201-1/+2
|
* Add Kludge for RegTP sillyness.Werner Koch2006-03-211-1/+2
|
* Print a note that the software has not been approved for qualified signatures.Werner Koch2005-11-231-0/+8
|
* Added qualified signature features.Werner Koch2005-11-131-0/+5
|
* * findkey.c (agent_public_key_from_file): Fixed array assignment.Werner Koch2005-07-251-0/+2
| | | | | | | This was the cause for random segvs. * call-agent.c (gpgsm_agent_readkey): New.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 12:43:24 +0000