* src/gpgme-json.c (process_request): Init res. Check for
json object before encode and chunk.
--
If json is invalid we can't read chunksize and would crash
in encode and chunk.
* src/cJSON.c: Add comments on the origin of the code.
(parse_string): Allocate an extra byte for safeness.
(cJSON_AddItemToArray): Allo ARRAY to be NULL.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/cJSON.c (parse_string): Correctly detect bad hex.
--
The call to parse_hex4 checks that only hex digits follow and in the
error case returns 0. However, by the time of the combined check for
an invalid value and the error PTR has already been set to the last
hex character and thus if the end-of-string or a quote character was
one of the bad hex digits the loop will miss the end of the string
which does not match with the simple buffer length allocation test at
the begin of the function.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme-json.c (add_secret_fprs): New helper.
(op_export, hlp_export): Extend for with-sec fprs.
--
This is a request from Mailvelope, to import an export
they need the information for which keys from the export
a secret key is also available. For simplicity it is
much preferred to get this information in a single call
without the need to do and parse a keylisting additionally
in a second native-messaging call.
So we make it optional to include that info in the export.
* Complete typographic overhaul.
* Removed all section level indentation since it does not affect
output formatting, but might affect source code examples.
* In text-mode stripped out all tabs which had crept in and replaced
them with four spaces.
* Updated all code examples (again) to conform with Python-mode.
* Bumped version number in preparation for next release of GPG 2.2.9
and corresponding GPGME release.
* doc/gpgme.texi (GPGME_KEYLIST_MODE_EXTERN),
(GPGME_KEYLIST_MODE_LOCATE, GPGME_KEYLIST_MODE_LOCAL): Mention
command line flags for CMS and OpenPGP Protocol.
--
This might help new users coming to gnupg to understand what
the flags do.
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.
--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".
For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.
GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
* src/gpgme-json.c (op_keylist, hlp_keylist): Add locate.
--
The same rationale for the KEYLIST_MODE_LOCATE in GPGME
also applies here. It makes the API a little less magic.
* Apparently I am wrong and Scheme is the new Python after all.
* Non-import related PEP8 compliance must wait for another day, though
the other PEP8 fixes remain.
* Changed id/else statements to a more pythonic form from scheme
masquerading as python - sorry Justus, it had to go ;).
* With the added bonus of enabling PEP8 compliance in those sections.
* Fixed remaining PEP8 compliance issues with the exception of the
imports at the beginning of the file (changing those will break the
entire module, so we'll cope with it as it is).
* Bindings confirmed to work with the newly released 3.7.0.
* Updated M4 file to reflect this change and correct the Python binary
search order (3.7 is not yet given priority, but will still be found
first via the more generic python3 executable).
* Updated setup.py.in, bindings documentation and README to reflect this.
* Added a secret key export variant which saves output as both GPG
binary and ASCII armoured, plus saves in $GNUPGHOME and uses
multiple methods of determining what that location is.
* Example of default exporting keys.
* Example of exporting minimised keys.
* Example of exporting secret keys to a file with correct permissions.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* The holy grail: a function to export secret keys.
* GPGME will still invoke pinentry and gpg-agent as usual to authorise
the export.
* Mostly similar to the two previous export functions for public keys
except that it will return None if the result had a length of zero
bytes. Meaning that the difference between the specified pattern
(if any) not matching available keys and an incorrect passphrase is
not able to be determined from this function (or the underlying one
for that matter).
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Updated key_export and key_export_minimal to return None where a
pattern matched no keys in a manner simnilar to the possible result
of key_export_secret.
* Added functions for exporting public keys to gpg.core in both
complete form and in minimised form.
* Rather than letting people need to worry about the export modes we
are simply separating the functions as people would be more familiar
with from the command line usage anyway.
* Functions added for Context are: ctx.key_export_minimal and
ctx.key_export as the default or full export.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* src/gpgme-json.c (main): Add possibilty to set log file.
--
This is similar to how GPGME_DEBUG works. It takes ; on
Windows as seperator and : on linux. Followed by a file name.
For Linux it might make sense to use a different seperator
to allow setting a socket explicitly. But this is better
in line with the current GPGME_DEBUG behavior.
The change helps on Windows where we don't have a
log socket.
* Fixed most of the PEP8 errors in core.py
* Those remaining may need more than little edits and are a bit
strange (too clearly the result of a programmer who has spent far
too much time dealing with Lisp so that for Python it looks
... strange).
* Wrapped the key import function in the try/exception statements
needed to catch at least the most likely unsuccessful import attempt
errors.
* Mostly draws on the file error and no data import statuses for
errors, with a couple of exceptions.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* The foundation of a pythonic key import function authored by Jacob
Adams.
* A unit testing script for the same function originally authored by
Tobias Mueller
* Added DCO reference for Jacob Adams to the GPGME AUTHORS file.
* Additional details regarding this patch are available here:
https://dev.gnupg.org/T4001
Signed-off-by: Ben McGinnes <ben@adversary.org>
* lang/cpp/src/context.cpp, lang/cpp/src/context.h
(Context::createKeyEx): New.
--
The createKeyEx function follows the usual pattern that the
synchronous call returns a result directly while for the
async an extra call is neccessary.
* src/gpgme-json.c (hlp_createkey, op_createkey): New.
(process_request, hlp_help): Add it.
--
This uses an unrestricted context for now until
GnuPG-Bug-Id: T4010
is implemented in GnuPG.
* src/gpgme-json.c (MIN_REPLY_CHUNK_SIZE): Lower value to
new real minimum.
(DEF_REPLY_CHUNK_SIZE): Don't chunk by default.
(pending_data): Remove type and base64.
(make_data_object): Remove chunksize handling as this is now
generic.
(encode_and_chunk): Setup the pending_data buffer for chunking
if required.
(op_getmore): Changed to generically work on a response.
(hlp_getmore): Update accordingly.
(hlp_help): Document chunksize as generic parameter for all commands.
(process_request): Use encode_and_chunk on the response.
(hlp_encrypt, op_encrypt, hlp_decrypt, op_decrypt),
(hlp_verify, op_verify, hlp_sign, op_sign),
(op_keylist, hlp_keylist, hlp_export, op_export): Update accordingly.
--
To include handling for json properties e.g. in a keylist in
the chunk mechanism the mechanism is now more general.
If the chunksize property is provided the response will
always look exactly like a "getmore" response. E.g.
e.g.:
{
"op": "keylist",
"chunksize": 64
}
Results in:
{
"more": true,
"base64": true,
"response": "ewoJImtleXMiOglbewoJCQkicmV2b2tlZCI6"
}
For simplicity this is even true if the chunksize is larger
then the response.
The client has to combine all "response" chunks and base64
decode them to get valid json.
The complete response (including json) is never larger then
the chunksize but might be smaller. Except for interactive
use due to additional format characters.
* src/gpgme-json.c (sigsum_to_json): Add bool repr.
(signature_to_json, verify_result_to_json): Extend and follow better
pattern.
(hlp_decrypt, hlp_verify): Expand doc.
--
This should make it more clear which values are mapped as
the naming is more direct and clear and help to use
the gpgme documentation to understand the verify_result values.
* src/gpgme-json.c (op_config_opt, hlp_config_opt): New operation.
(process_request, hlp_help): Add it.
--
This is more conveniant API for most query operations where
a single option is required.
An example would be:
{
"op": "config_opt",
"component": "gpg",
"option": "default-key"
}
Which results in:
{
"option": {
"name": "default-key",
"description": "use NAME as default secret key",
"argname": "NAME",
"flags": 0,
"level": 0,
"type": 1,
"alt_type": 1,
"value": [{
"string": "F462B6B1",
"is_none": false
}]
}
}
* Uses the groups module to prepare a list of recipients and encrypt
to those.
* The main version (encrypt-to-group.py) tries to check for invalid
recipients, but still falls back to always trust for the second
encryption attempt.
* The gullible version doesn't try pruning the recipient list at all,
it just tries to encrypt and if it fails, switches straight to
always trust.
* The trustno1 version doesn't use the always trust model at all and
only attempts pruning the list of invalid recipients.
* src/decrypt.c (op_data_t): Add field first_status_error.
(parse_status_error): Set it.
(_gpgme_decrypt_status_handler): Prefer an ERROR code over a
NO_SECKEY.
--
GnuPG-bug-id: 3983
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/cJSON.c: Use gpgrt fucntion only if available.
--
We have a hack in gpgme-json to allow building with older libgpg-error
versions. That whole thing will not work but the instead the binary
will print an error at runtime that it needs to be build with a newer
libgcrypt. There was a little bug here for the Debian packages
libgpg-error versions which failed to build cJSON. cJSON is only
needed be the full gpgme-json but nevertheless the Makefile wants to
build it. The fix is straightforward.
GnuPG-bug-id: 3971
Signed-off-by: Werner Koch <wk@gnupg.org>
* Another attempt at fixing the org-mode version.
* A proof reader ascertained there were tabs in it instead of whitespace.
* Stripped the lot out and replaced with standard 4 spaces, fixed
every incorrect example ... and it still breaks upon save and/or export.
* Added the reference to the mutt-groups.py script to demonstrate the
groups.py module/code.