aboutsummaryrefslogtreecommitdiffstats
path: root/sm/keylist.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* sm: Print Yubikey attestation extensions with --dump-cert.Werner Koch2019-03-071-3/+37
| | | | | | | | | | * sm/keylist.c (oidtranstbl): Add Yubikey OIDs. (OID_FLAG_HEX): New. (print_hex_extn): New. (list_cert_raw): Make use of that flag. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e)
* sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.Werner Koch2019-02-281-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | * sm/keylist.c (print_compliance_flags): Also check the digest_algo. Add new arg 'cert'. -- A certificate with algorithm sha1WithRSAEncryption can be de-vs compliant (e.g. if the next in the chain used sha256WithRSAEncryption to sign it and RSA is long enough) but flagging it as such is useless because that certificate can't be used because it will create signatures using the non-compliant SHA-1 algorithm. Well, it could be used for encryption. But also evaluating the key-usage flags here would make it harder for the user to understand why certain certificates are listed as de-vs compliant and others are not. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 2c75af9f65d15653ed1bc191f1098ae316607041) Reworked to also pass the CERT. Note that 2.2 won't get the PK Screening feature. Signed-off-by: Werner Koch <[email protected]>
* sm: Fix colon listing of fields > 12 in crt records.Werner Koch2017-10-191-2/+1
| | | | | | | | | * sm/keylist.c (print_capabilities): Move colon printing ... (list_cert_colon): to here. -- Fixes-commit: 7af008bfe1641938a6c2c995cb065829fa05a693 Signed-off-by: Werner Koch <[email protected]>
* sm: Always print the keygrip in colon mode.Werner Koch2017-08-081-7/+7
| | | | | | | * sm/keylist.c (list_cert_colon): Always print the keygrip as described in the manual. Signed-off-by: Werner Koch <[email protected]>
* gpg,common: Move the compliance framework.Justus Winter2017-06-011-2/+3
| | | | | | | | | | | | | | * common/Makefile.am (common_sources): Add new files. * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here, and tweak it to not rely on types private to gpg. * common/compliance.h: New file. Move the compliance enum here. * g10/keylist.c (print_compliance_flags): Adapt callsite. * g10/main.h (gnupg_pk_is_compliant): Remove prototype. * g10/misc.c (gnupg_pk_is_compliant): Remove function. * g10/options.h (opt): Use the new compliance enum. * sm/keylist.c (print_compliance_flags): Use the common functions. Signed-off-by: Justus Winter <[email protected]>
* Spelling fixes in docs and comments.NIIBE Yutaka2017-04-281-1/+1
| | | | | | | | | | -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Add new field no 18 to the colon listing.Werner Koch2017-03-201-3/+15
| | | | | | | | | | | | | | | * g10/misc.c (gnupg_pk_is_compliant): New. * g10/keylist.c (print_compliance_flags): New. (list_keyblock_colon): Call it here. * sm/keylist.c (print_compliance_flags): New. (list_cert_colon): Call it here. -- This patch is to convey information about DE_VS compliant keys to the caller. The double digit value is used so that parsers do the right thing and don't just look for a single digit. Signed-off-by: Werner Koch <[email protected]>
* Remove -I option to common.NIIBE Yutaka2017-03-071-2/+2
| | | | | | | | | | | | | * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <[email protected]>
* Clean up word replication.Yuri Chornoivan2017-02-211-1/+1
| | | | | | | | | -- This fixes extra word repetitions (like "the the" or "is is") in the code and docs. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.Werner Koch2016-11-101-4/+3
| | | | | | | | | | | | | | | | * g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED file-global. Write a STATUS_ERROR. (maybe_create_keyring_or_box): Check for non-accessible but existant file. (keydb_search): Write a STATUS_ERROR if no keyring has been registered but continue to return NOT_FOUND. * sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED and make file-global. Write a STATUS_ERROR. (keydb_search): Write a STATUS_ERROR if no keyring has been registered but continue to return NOT_FOUND. Also add new arg CTRL and change all callers to pass it down. Signed-off-by: Werner Koch <[email protected]>
* sm: Remove unused arg SECRET from keydb functions.Werner Koch2016-11-101-1/+1
| | | | | | | | * sm/keydb.c (struct resource_item): Remove field 'secret'. (keydb_add_resource): Remove arg 'secret' and change all callers. (keydb_new): Ditto. Signed-off-by: Werner Koch <[email protected]>
* Change all http://www.gnu.org in license notices to https://Werner Koch2016-11-051-1/+1
| | | | --
* gpgsm: Fix machine-readable key listing.Justus Winter2016-08-011-1/+0
| | | | | | | * sm/keylist.c (list_cert_colon): Drop superfluous colon. GnuPG-bug-id: 2432 Signed-off-by: Justus Winter <[email protected]>
* Add new option --with-secret.Werner Koch2014-06-031-5/+9
| | | | | | | | | | | | | | | | | | | * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass.
* Change all quotes in strings and comments to the new GNU standard.Werner Koch2012-06-051-1/+1
| | | | | | | | | | | | | | | | | | | The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
* gpgsm: Add new validation model "steed".Werner Koch2011-12-071-9/+19
| | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (VALIDATE_FLAG_STEED): New. * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed". * sm/server.c (option_handler): Allow validation model "steed". * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New. * sm/certchain.c (do_validate_chain): Handle the well-known-private-key attribute. Support the "steed" model. (gpgsm_validate_chain): Ditto. * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line. * sm/keylist.c (list_cert_colon): Print the new 'w' flag. -- This is the first part of changes to implement the STEED proposal as described at http://g10code.com/steed.html . The idea for X.509 is not to use plain self-signed certificates but certificates signed by a dummy CA (i.e. one for which the private key is known). Having a single CA as an indication for the use of STEED might help other X.509 implementations to implement STEED.
* gpgsm: Allow arbitrary extensions for cert creation.Werner Koch2011-12-061-0/+1
| | | | | | | | * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New. (read_parameters): Add new keywords. (proc_parameters): Check values of new keywords. (create_request): Add SubjectKeyId and extensions. (parse_parameter_usage): Support "cert" and the encrypt alias "encr".
* Fix regression in gpg's mail address parsing.Werner Koch2011-04-251-1/+1
| | | | | | Since 2009-12-08 gpg was not able to find email addresses indicated by a leading '<'. This happened when I merged the user id classification code of gpgsm and gpg.
* Support X.509 certificate creation.Werner Koch2011-03-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Using "gpgsm --genkey" allows the creation of a self-signed certificate via a new prompt. Using "gpgsm --genkey --batch" should allow the creation of arbitrary certificates controlled by a parameter file. An example parameter file is Key-Type: RSA Key-Length: 1024 Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA Key-Usage: sign, encrypt Serial: random Name-DN: CN=some test key Name-Email: [email protected] Name-Email: [email protected] Hash-Algo: SHA384 not-after: 2038-01-16 12:44 This creates a self-signed X.509 certificate using the key given by the keygrip and using SHA-384 as hash algorithm. The keyword signing-key can be used to sign the certificate with a different key. See sm/certreggen.c for details.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-66/+66
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Add new option --with-keygripWerner Koch2010-10-081-0/+10
|
* Various changes to eventually support openpgp keys in pgp-agent.Werner Koch2010-02-021-1/+1
| | | | | | Comment fixes. Minor chnages in preparation of a W32CE port.
* Unification of the search descriptor usage.Werner Koch2009-12-081-1/+1
|
* 2009-07-29 Marcus Brinkmann <[email protected]>Marcus Brinkmann2009-07-291-0/+2
| | | | | * keylist.c (print_capabilities): Print a trailing colon.
* Print the card's S/N in a secret key listing.Werner Koch2009-04-021-1/+9
|
* Print NO_SECKEY status line in gpgsm.Werner Koch2009-03-251-2/+2
| | | | | This fixes bug#1020.
* Fix keygrip computation for TCOS 3 cards.Werner Koch2009-03-201-0/+1
| | | | | Emit PROGRESS status lines during --learn-card.
* Add server option with-ephemeral-keys.Werner Koch2009-03-181-1/+1
| | | | | Extend SCD LEARN command.
* New gpg-agent command to list key information.Werner Koch2009-03-061-3/+38
| | | | | | Gpgsm does now print the S/N of cards. Consider ephemeral keys during listing an export.
* Minor fixesWerner Koch2009-01-121-1/+1
|
* Help dirmngr to use supplied trust anchors.Werner Koch2008-10-211-1/+1
|
* Marked all unused args on non-W32 platforms.Werner Koch2008-10-201-0/+6
|
* Print a 'f' for validated non-root certificates in gpgsm colon style listing.Werner Koch2008-08-131-0/+2
| | | | | Doc fixes.
* Minor fixes.Werner Koch2008-06-261-2/+2
|
* Start support of TCOS 3 cards.Werner Koch2008-06-261-15/+107
| | | | | | | Support restriction attribute. Fix utf-8 printing problems. Use AES by default.
* Fixed bug#907.Werner Koch2008-05-061-0/+3
| | | | | Fixed a segv in keybox and made it more robust.
* Fixed an email/DN bug.Werner Koch2008-03-131-2/+2
| | | | | Changed pinentry prompts.
* Always search missing certifcates using a running Dirmngr's cache.Werner Koch2008-02-131-3/+3
|
* 2008-01-29 Marcus Brinkmann <[email protected]>Marcus Brinkmann2008-01-301-2/+15
| | | | | | * keylist.c (list_internal_keys): New variable lastcert. Use it to suppress duplicates which immediately follow each other.
* Typo fixes.Werner Koch2008-01-261-2/+2
| | | | | | Portability fix for asschk.c
* Implemented the chain model for X.509 validation.Werner Koch2007-08-101-9/+27
|
* Changed to GPLv3.Werner Koch2007-07-041-26/+13
| | | | | Removed intl/.
* kbx/Werner Koch2007-03-201-1/+1
| | | | | | | | | | | | | | | | | | | | * keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL): New. * keybox-update.c (keybox_compress): Use it here instead of a magic constant. sm/ * fingerprint.c (gpgsm_get_fingerprint): Add caching. (gpgsm_get_fingerprint_string): Use bin2hexcolon(). (gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only as much memory as required. (gpgsm_get_keygrip_hexstring): Use bin2hex. * certchain.c (gpgsm_validate_chain): Keep track of the certificate chain and reset the ephemeral flags. * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK. Changed caller to use a mask of ~0. Return a proper error code if the certificate is not available.
* Changes to let the key listing use estream to help systems withoutWerner Koch2007-03-191-216/+222
| | | | | funopen.
* Preparing a releasegnupg-1.9.93Werner Koch2006-10-181-17/+35
|
* Fix for bug 537Werner Koch2006-10-021-4/+4
|
* New "relax" option for trustlist.txtWerner Koch2006-09-251-3/+5
|
* Take advantage of newer gpg-error features.Werner Koch2006-09-141-1/+1
|
* Various fixes and new features.Werner Koch2006-09-131-2/+2
| | | | | Enhanced gpg-connect-agent.
* The big Assuan error code removal.Werner Koch2006-09-061-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-11 01:10:04 +0000