From 257661d6ae0ca376df758c38fabab2316d10e3a9 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 6 Jun 2018 11:50:58 +0200 Subject: gpg: New command --show-keys. * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch --- doc/gpg.texi | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/gpg.texi b/doc/gpg.texi index a12b5afee..642805f88 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -353,6 +353,14 @@ may thus be used to see what keys @command{@gpgname} might use. In particular external methods as defined by @option{--auto-key-locate} may be used to locate a key. Only public keys are listed. +@item --show-keys +@opindex show-keys +This commands takes OpenPGP keys as input and prints information about +them in the same way the command @option{--list-keys} does for +imported key. No internal state is changed. For automated processing +this command should be combined with the option +@option{--with-colons}. + @item --fingerprint @opindex fingerprint List all keys (or the specified ones) along with their @@ -2305,7 +2313,8 @@ opposite meaning. The options are: Show a listing of the key as imported right before it is stored. This can be combined with the option @option{--dry-run} to only look at keys; the option @option{show-only} is a shortcut for this - combination. Note that suffixes like '#' for "sec" and "sbb" lines + combination. The command @option{--show-keys} is another shortcut + for this. Note that suffixes like '#' for "sec" and "sbb" lines may or may not be printed. @item import-export -- cgit v1.2.3 From 70f26e4263364f4b521c7856c38ba7ee59e38445 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 6 Jun 2018 17:25:51 +0200 Subject: doc: Typo fixes -- Reported-by: Claus Assmann Signed-off-by: Werner Koch --- doc/gpg.texi | 4 ++-- doc/scdaemon.texi | 2 +- doc/tools.texi | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/gpg.texi b/doc/gpg.texi index 642805f88..9db23652c 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -328,7 +328,7 @@ following the "sig" tag (and thus before the flags described below. A "!" indicates that the signature has been successfully verified, a "-" denotes a bad signature and a "%" is used if an error occurred while checking the signature (e.g. a non supported algorithm). Signatures -where the public key is not availabale are not listed; to see their +where the public key is not available are not listed; to see their keyids the command @option{--list-sigs} can be used. For each signature listed, there are several flags in between the @@ -3377,7 +3377,7 @@ absolute date in the form YYYY-MM-DD. Defaults to "0". @opindex default-new-key-algo @var{string} This option can be used to change the default algorithms for key generation. The @var{string} is similar to the arguments required for -the command @option{--quick-add-key} but slighly different. For +the command @option{--quick-add-key} but slightly different. For example the current default of @code{"rsa2048/cert,sign+rsa2048/encr"} (or @code{"rsa3072"}) can be changed to the value of what we currently call future default, which is @code{"ed25519/cert,sign+cv25519/encr"}. diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index a9e6d1e7a..81af28105 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -399,7 +399,7 @@ comes with almost all German banking cards. This application adds read-only support for keys and certificates stored on a @uref{http://www.smartcard-hsm.com, SmartCard-HSM}. -To generate keys and store certifiates you may use +To generate keys and store certificates you may use @uref{https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM, OpenSC} or the tools from @uref{http://www.openscdp.org, OpenSCDP}. diff --git a/doc/tools.texi b/doc/tools.texi index 9301334c7..7becf67e2 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -290,7 +290,7 @@ Check the options for the component @var{component}. Apply the configuration settings listed in @var{file} to the configuration files. If @var{file} has no suffix and no slashes the command first tries to read a file with the suffix @code{.prf} from -the the data directory (@code{gpgconf --list-dirs datadir}) before it +the data directory (@code{gpgconf --list-dirs datadir}) before it reads the file verbatim. A profile is divided into sections using the bracketed component name. Each section then lists the option which shall go into the respective configuration file. -- cgit v1.2.3 From d2bc66f241a66cc95140cbb3a07555f6301290ed Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 11 Jun 2018 08:46:37 +0200 Subject: gpg: Set some list options with --show-keys * g10/gpg.c (main): Set some list options. -- The new command --show-keys is commonly used to check the content of a file with keys. In this case it can be expected that all included subkeys and uids are of interested, even when they are already expired or have been revoked. Signed-off-by: Werner Koch --- doc/gpg.texi | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/gpg.texi b/doc/gpg.texi index 9db23652c..5f114c519 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -356,9 +356,11 @@ be used to locate a key. Only public keys are listed. @item --show-keys @opindex show-keys This commands takes OpenPGP keys as input and prints information about -them in the same way the command @option{--list-keys} does for -imported key. No internal state is changed. For automated processing -this command should be combined with the option +them in the same way the command @option{--list-keys} does for locally +stored key. In addition the list options @code{show-unusable-uids}, +@code{show-unusable-subkeys}, @code{show-notations} and +@code{show-policy-urls} are also enabled. As usual for automated +processing, this command should be combined with the option @option{--with-colons}. @item --fingerprint -- cgit v1.2.3 From 2ddfb5bef920919443309ece9fa2930282bbce85 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 12 Jun 2018 00:41:59 -0400 Subject: gpg: Add new usage option for drop-subkey filters. * g10/import.c (impex_filter_getval): Add new "usage" property for drop-subkey filter. -- For example, this permits extraction of only encryption-capable subkeys like so: gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR GnuPG-Bug-id: 4019 Signed-off-by: Daniel Kahn Gillmor --- doc/gpg.texi | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc') diff --git a/doc/gpg.texi b/doc/gpg.texi index 5f114c519..4cfd00079 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2428,6 +2428,11 @@ The available properties are: Boolean indicating whether a key or subkey is a secret one. (drop-subkey) + @item usage + A string indicating the usage flags for the subkey, from the + sequence ``ecsa?''. For example, a subkey capable of just signing + and authentication would be an exact match for ``sa''. (drop-subkey) + @item sig_created @itemx sig_created_d The first is the timestamp a signature packet was created. The -- cgit v1.2.3 From 386b9c4f25b28fd769d7563f2d86ac3a19cc3011 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 21 Jun 2018 15:06:30 +0200 Subject: gpg: Let --show-keys print revocation certificates. * g10/import.c (list_standalone_revocation): New. (import_revoke_cert): Call new function. -- GnuPG-bug-id: 4018 Signed-off-by: Werner Koch --- doc/DETAILS | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/DETAILS b/doc/DETAILS index e7567f7e3..1bfc04dd5 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -59,6 +59,7 @@ described here. - uat :: User attribute (same as user id except for field 10). - sig :: Signature - rev :: Revocation signature + - rvs :: Recocation signature (standalone) [since 2.2.9] - fpr :: Fingerprint (fingerprint is in field 10) - pkd :: Public key data [*] - grp :: Keygrip @@ -207,12 +208,13 @@ described here. For "uid" records this field lists the preferences in the same way gpg's --edit-key menu does. - For "sig" records, this is the fingerprint of the key that issued - the signature. Note that this may only be filled if the signature - verified correctly. Note also that for various technical reasons, - this fingerprint is only available if --no-sig-cache is used. - Since 2.2.7 this field will also be set if the key is missing but - the signature carries an issuer fingerprint as meta data. + For "sig", "rev" and "rvs" records, this is the fingerprint of the + key that issued the signature. Note that this may only be filled + if the signature verified correctly. Note also that for various + technical reasons, this fingerprint is only available if + --no-sig-cache is used. Since 2.2.7 this field will also be set + if the key is missing but the signature carries an issuer + fingerprint as meta data. *** Field 14 - Flag field -- cgit v1.2.3 From b7cd2c2093ae1b47645be50fa1d431a028187cad Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 21 Jun 2018 18:32:13 +0200 Subject: gpg: Print revocation reason for "rvs" records. * g10/import.c (get_revocation_reason): New. (list_standalone_revocation): Extend function. -- Note that this function extends the "rvs" field signature-class (field 11) with the revocation reason. GPGME does not yet parse this but it can be expected that the comma delimiter does not break other parsers. A new field is added to the "rvs" (and in future also the "rev") record to carry a record specific comment. Hopefully all parsers meanwhile learned the lesson from other new fields and don't bail out on more fields than they know about. This is partial solution to GnuPG-bug-id: 1173 Signed-off-by: Werner Koch --- doc/DETAILS | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'doc') diff --git a/doc/DETAILS b/doc/DETAILS index 1bfc04dd5..eb6d7dd4b 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -180,6 +180,9 @@ described here. revocation key is also given here, 'x' and 'l' is used the same way. This field if not used for X.509. + "rev" and "rvs" may be followed by a comma and a 2 digit hexnumber + with the revocation reason. + *** Field 12 - Key capabilities The defined capabilities are: @@ -262,6 +265,12 @@ described here. optionally followed by a space and an URL. This goes along with the previous field. The URL is quoted in C style. +*** Field 21 - Comment + + This is currently only used in "rev" and "rvs" records to carry + the the comment field of the recocation reason. The value is + quoted in C style. + ** Special fields *** PKD - Public key data -- cgit v1.2.3