* src/gpgme.h.in (GPGME_DECRYPT_ARCHIVE): New decryption flag.
* src/engine-gpg.c (gpg_decrypt): Set use_gpgtar engine flag if
GPGME_DECRYPT_ARCHIVE flag is set. Check for new enough gpg and
incompatible flags. Use add_gpg_arg_with_value for gpg-only options
with a value and add_gpg_arg for gpg-only options without a value.
Set extra options for gpgtar and pass input data to stdin when using
gpgtar.
* tests/run-decrypt.c (show_usage): New options --archive and
--directory.
(main): Parse new options. Decrypt with gpgtar if --archive is given.
Set file name of output data to value of --directory option.
--
GnuPG-bug-id: 6342
* lang/qt/src/importjob.h (ImportJob::startLater): New pure virtual
method.
* lang/qt/src/qgpgmeimportjob.cpp, lang/qt/src/qgpgmeimportjob.h
(QGpgMEImportJob::startLater): New method.
* lang/qt/tests/t-import.cpp (ImportTest::testDeferredStart): New.
--
This makes it possible to prepare an import job for a deferred start.
GnuPG-bug-id: 6323
* lang/qt/src/job.cpp, lang/qt/src/job.h (Job::startNow): New method.
* lang/qt/src/job_p.h (JobPrivate::start): New pure virtual method.
* lang/qt/src/qgpgmechangeexpiryjob.cpp
(QGpgMEChangeExpiryJobPrivate::start): New.
* lang/qt/src/qgpgmeencryptjob.cpp (QGpgMEEncryptJobPrivate::start):
New.
* lang/qt/src/qgpgmeimportjob.cpp (QGpgMEImportJobPrivate::start): New.
* lang/qt/src/qgpgmelistallkeysjob.cpp
(QGpgMEListAllKeysJobPrivate::start): New.
* lang/qt/src/qgpgmesignencryptjob.cpp
(QGpgMESignEncryptJobPrivate::start): New.
* lang/qt/src/threadedjobmixin.h (Thread::hasFunction): New method.
(ThreadedJobMixin::run, ThreadedJobMixin::setWorkerFunction): New
methods.
--
startNow() starts a deferred job for which the worker function has been
set before.
GnuPG-bug-id: 6323
* src/context.h (gpgme_context): Add field no_auto_check_trustdb.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add flag
"no-auto-check-trustdb".
* src/engine-gpg.c (engine_gpg): Add flags.no_auto_check_trustdb.
(gpg_set_engine_flags): Set the flag.
(build_argv): Pass option to gpg.
* tests/run-keylist.c (show_usage, main): Add option --no-trust-check.
--
This makes the --no-auto-check-trustdb option available in the GPGME API
to disable the potentially expensive automatic trust database check.
GnuPG-bug-id: 6261
lang/cpp/src/gpggencardkeyinteractor.h (class GpgGenCardKeyInteractor):
Add enum Curve. Add member function setCurve.
lang/cpp/src/gpggencardkeyinteractor.cpp
(class GpgGenCardKeyInteractor::Private): Initialize simple members
in-class. Add member curve.
(GpgGenCardKeyInteractor::~GpgGenCardKeyInteractor): Use default d'tor.
(GpgGenCardKeyInteractor::setCurve): New.
(GpgGenCardKeyInteractor::action): Return curve defaulting to
Curve25519.
--
This enables users of this interactor to request the generation of
ECC keys with a specific curve as smart card keys. It's up to the user
to specify a curve that is actually supported by the smart card.
GnuPG-bug-id: 4429
* src/gpgme.h.in (GPGME_KEYLIST_MODE_FORCE_EXTERN): New.
(GPGME_KEYLIST_MODE_LOCATE_EXTERNAL): New.
* src/gpgme.c (gpgme_set_keylist_mode): Check for invalid mode.
* src/engine-gpg.c (gpg_keylist_build_options): Use
"--locate-external-keys" instead of "--locate-keys" if flag is set.
* src/gpgme-json.c (op_keylist): New flag "force-extern".
* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Handle
new mode.
--
GnuPG-bug-id: 5951
* lang/cpp/src/result.h (class Result): Add member function setError.
--
This can be used to replace the error of a result with a more suitable
error.
GnuPG-bug-id: 5939
* src/gpgme.h.in (gpgme_op_receive_keys_start, gpgme_op_receive_keys):
New.
* src/gpgme.def, src/libgpgme.vers: Add them.
* src/engine-backend.h (struct engine_ops): Add arg keyids to field
'import'.
* src/engine.h, src/engine.c (_gpgme_engine_op_import): Add arg keyids.
* src/engine.c (_gpgme_engine_op_import): Forward new arg keyids.
* src/import.c: (_gpgme_op_import_start, _gpgme_op_import_keys_start):
Pass NULL to new arg of _gpgme_op_import_start.
(_gpgme_op_receive_keys_start, gpgme_op_receive_keys_start,
gpgme_op_receive_keys): New.
* src/engine-gpg.c (gpg_import): Add arg keyids. Extend check for
valid arguments. Build command line if keyids are given.
* src/engine-gpgsm.c (gpgsm_import): Add arg keyids. Return error if
keyids is not NULL.
tests/run-receive-keys.c: New.
tests/Makefile.am (noinst_PROGRAMS): Add new test runner.
--
The new function allows importing keys given by their key ids or
fingerprints from a keyserver (like gpg's --recv-keys command).
GnuPG-bug-id: 5808
* lang/qt/src/addexistingsubkeyjob.h,
lang/qt/src/qgpgmeaddexistingsubkeyjob.cpp,
lang/qt/src/qgpgmeaddexistingsubkeyjob.h: New.
* lang/qt/src/protocol.h (class Protocol): Add pure virtual member
function addExistingSubkeyJob.
* lang/qt/src/protocol_p.h (Protocol::addExistingSubkeyJob): Implement.
* lang/qt/src/job.cpp, lang/qt/src/Makefile.am: Update accordingly.
* lang/qt/tests/Makefile.am (the_tests, moc_files, noinst_PROGRAMS):
Add new test.
(t_addexistingsubkey_SOURCES): New.
* lang/qt/tests/t-addexistingsubkey.cpp: New.
* lang/qt/tests/t-support.h (VERIFY_OR_RETURN_VALUE,
COMPARE_OR_RETURN_VALUE, VERIFY_OR_OBJECT, COMPARE_OR_OBJECT,
VERIFY_OR_FALSE, COMPARE_OR_FALSE): New.
* lang/qt/tests/t-support.h, lang/qt/tests/t-support.cpp
(class QQGpgMETest): New member function importSecretKeys.
--
The new job allows adding existing subkeys to other keys as with the
"addkey" edit-key command of gpg. The added subkey will have the same
expiration date (+/- 1 second) as the original subkey.
GnuPG-bug-id: 5770
src/export.c (export_status_handler): Handle "export_keys.secret".
--
This allows callers of the synchronous export operations to react
properly to errors (e.g. wrong passphrase) during the export of secret
keys.
GnuPG-bug-id: 5766
* src/gpgme.h.in (GPGME_EXPORT_MODE_SECRET_SUBKEY): New.
* src/export.c (check_mode): Allow new mode and check for invalid
combinations.
(export_keys_start): Return error if new mode flag is set.
* src/engine-gpg.c (export_common): Implement.
* src/gpgme-tool.c (cmd_export): New option --secret-subkey.
* tests/run-export.c (main): New option --secret-subkey.
--
This adds support for exporting secret subkeys (via gpg's
--export-secret-subkeys) to gpgme_op_export[_ext][_start].
The flag is not supported by gpgme_op_export_keys[_start] because
there is no way to specify which subkey(s) to export with these
functions.
GnuPG-bug-id: 5757
* src/context.h (struct gpgme_context): New field import_filter.
* src/engine-backend.h (struct engine_ops): Add arg import_filter to
field 'import'.
* src/engine-gpg.c (gpg_import): Add arg import_filter and pass option
--import-filter with argument value to gpg. Adjust all callers.
* src/engine-gpgsm.c (gpgsm_import): Add dummy arg import_filter.
* src/gpgme.c (gpgme_release): Free 'import_filter'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag "import-filter".
* tests/run-import.c (main): Add option --import-filter.
--
This makes the --import-filter option available in the GPGME API for
key imports.
GnuPG-bug-id: 5739
* src/context.h (struct gpgme_context): New field key_origin.
* src/engine-backend.h (struct engine_ops): Add arg key_origin to
field 'import'.
* src/engine-gpg.c (gpg_import): Add arg key_origin and pass option
--key-origin with argument value to gpg. Adjust all callers.
* src/engine-gpgsm.c (gpgsm_import): Add dummy arg key_origin.
* src/gpgme.c (gpgme_release): Free 'key_origin'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag "key-origin".
* tests/run-import.c (main): Add option --key-origin.
* tests/gpg/t-import.c (main): Set and verify key origin.
--
This makes the --key-origin option available in the GPGME API for
key imports.
GnuPG-bug-id: 5733
--
This functionality got dropped somewhere after 1.12, as part of the
cleanup of the `Context.decrypt` call signature. Reintroduce it again,
now using an explicit keyword argument `filter_signatures` (which
defaults to hiding signatures by unknown keys).
GnuPG-bug-id: 5292
* src/context.h (struct gpgme_context): Add 'cert_expire'.
* src/engine-gpg.c (append_args_from_cert_expire): New.
(gpg_edit): Set option according to the new flag.
* src/gpgme.c (gpgme_release): Free 'cert_expire'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add "cert-expire".
* tests/gpg/Makefile.am (c_tests): Add new test.
(gpg.conf): Write "allow-weak-key-signatures" to gpg.conf.
* tests/gpg/t-edit-sign.c: New.
--
The new context flag "cert-expire" allows setting the expiration date
for key signatures created with gpgme_op_interact.
GnuPG-bug-id: 5336, 5505
* src/gpgme.h.in (struct _gpgme_key_sig): Add fields 'trust_depth',
'trust_value', and 'trust_scope'.
* src/key.c (gpgme_key_unref): Free trust_scope.
* src/keylist.c (keylist_colon_handler): Set the fields.
* tests/run-keylist.c (main): Print the fields.
--
The trust signature values are part of gpg's output since the year 2003.
This now adds support to gpgme.
GnuPG-bug-id: 5245, 5419
* lang/qt/src/cryptoconfig.h, lang/qt/src/cryptoconfig.cpp
(CryptoConfig::entry): Move implementation to cpp. Add overload not
requiring a group name.
--
The group name is not needed for identifying a config entry because the
groups only provide a logical grouping of config entry for user
interfaces. To improve usability entries are sometimes moved to a
different group, but this shouldn't break existing applications trying
to access those entries. The new group-agnostic overload makes
applications robust against regrouping of config entries.
GnuPG-bug-id: 5217
* configure.ac (NEED_GPG_ERROR_VERSION): Require 1.36.
* src/cJSON.c: Remove code for older version.
* src/engine.c (gpgme_get_engine_info): Ditto.
* src/gpgme-json.c: Ditto.
* src/op-support.c: Ditto.
* src/util.h: Ditto.
--
Libgpg-error 1.36 has been released more than 18 months ago so it is
time to avoid hacks and require this verion. This will for example
help Kleopatra to support PIV cards and improves the gpgme-json.
Signed-off-by: Werner Koch <wk@gnupg.org>
lang/qt/src/quickjob.h (QuickJob::result): Make parameters
auditLogAsHtml and audigLogError optional.
--
This aligns the signature of QuickJob's result signal with the result
signals of the other Job subclasses.
GnuPG-bug-id: 5094
lang/cpp/src/key.h, lang/cpp/src/key.cpp (UserID::Signature::operator<):
New.
lang/cpp/src/key.cpp (signature_index): New.
--
operator< defines a canonical sort order for signatures belonging to
the same user ID. It is based on the sort order defined by
cmp_signodes() in g10/keylist.c of gnupg. In particular, the ordering
of signatures made with the same key by creation time allows to see
easily whether the most recent signature is a certification or a
revocation.
GnuPG-bug-id: 5094
recent
* lang/cpp/src/context.cpp, lang/cpp/src/context.h
(Context::revokeSignature, Context::startRevokeSignature): New.
* lang/cpp/src/context.cpp
(getLFSeparatedListOfStrings, getLFSeparatedListOfUserIds): New.
(getLFSeparatedListOfFingerprintsFromSubkeys): Extracted second part
of function to getLFSeparatedListOfStrings.
--
GnuPG-bug-id: 5094
* lang/cpp/src/context.cpp, lang/cpp/context.h
(Context::cancelPendingOperationImmediately): New.
* NEWS: Mention added API
--
This allows immediate canceling of running operations, e.g. when a
thread with a long running operation (like SCD DEVINFO --watch) is
going to be terminated (on application shutdown).
GnuPG-bug-id: 5066
* lang/cpp/src/Makefile.am: Add new files.
* lang/cpp/src/interfaces/statusconsumer.h,
lang/cpp/src/statusconsumerassuantransaction.cpp,
lang/cpp/src/statusconsumerassuantransaction.h: New.
* NEWS: Mention new API.
--
This Assuan transaction is useful for long running Assuan commands.
Classes implementing the StatusConsumer interface can process received
status lines while the Assuan command is still running.
GnuPG-bug-id: 5066
* lang/qt/src/Makefile.am: Add new files.
* lang/qt/src/debug.h, lang/qt/src/debug.cpp: New.
* NEWS: Mention it.
--
This was previously implemented in Kleopatra, but it makes sense for
all users of qgpgme.
* lang/qt/src/changeexpiryjob.h (ChangeExpiryJob::start): New overload
that accepts subkeys (with empty implementation).
* lang/qt/src/qgpgmechangeexpiryjob.h,
lang/qt/src/qgpgmechangeexpiryjob.cpp (QGpgMEChangeExpiryJob::start):
New overload that accepts subkeys.
--
This adds the possibility to change the expiry of subkeys.
GnuPG-bug-id: 4717
* src/gpgme.h.in (gpgme_op_setexpire_start, gpgme_op_setexpire): New.
* src/libgpgme.vers, src/gpgme.def: Add new functions.
* src/genkey.c (setexpire): New.
(gpgme_op_setexpire_start, gpgme_op_setexpire): New.
* src/engine.h, src/engine.c: (_gpgme_engine_op_setexpire): New.
* src/engine-backend.h (engine_ops): Add 'setexpire' and adjust all
engine initializers.
* src/engine-gpg.c (gpg_setexpire): New.
(_gpgme_engine_ops_gpg): Set setexpire to gpg_setexpire.
* doc/gpgme.texi: Document new functions.
* tests/run-genkey.c: Add option --setexpire.
--
This extends GPGME to support the --quick-set-expire command
added by GnuPG 2.1.22. This allows changing subkeys expiry
date without going through the editinteractor interface.
Co-authored-by: Andre Heinecke <aheinecke@gnupg.org>
GnuPG-bug-id: 4999
* lang/cpp/context.cpp, lang/cpp/context.h
(Context::startPublicKeyExport, Context::exportPublicKeys): Extend
with flags paramenter.
(Context::ExportMode): New.
* lang/qt/src/exportjob.h (ExportJob::setExportMode): New.
* lang/qt/src/qgpgmeexportjob.cpp, lang/qt/src/qgpgmeexportjob.h:
Update accordingly.
--
This adds the C++ and Qt API for export modes.
* src/gpgme.h.in: Clarify that the trustlist function should not be
used.
* src/engine.c (_gpgme_engine_op_trustlist): Always return an error.
* src/engine-backend.h (struct engine_ops): Remove trustlist member.
* src/engine-gpg.c (gpg_trustlist): Remove.
(struct engine_ops): Remove that member. Also in all other engines.
* tests/gpg/t-trustlist.c: Remove.
* lang/python/tests/t-trustlist.py: Remove.
--
This never worked in reality because the required feature has been
removed from GnuPG version 1.3.2 soon after introduction of this
feature in gpgme - 17 years ago. It was anyway marked as
experimental. We keep the API and ABI, though.
GnuPG-bug-id: 4834
Signed-off-by: Werner Koch <wk@gnupg.org>
* lang/qt/src/*: Change logging category to macro to QGPGME_LOG.
--
The old logging category macro had a typo and this way we
are more consistent with other logging rules. For example
you could write gpg.* in the logging conf.
* lang/qt/src/Makefile.am: Add new files.
* lang/qt/src/job.cpp (GpgCardJob): Add impl stuff.
* lang/qt/src/protocol.h (gpgCardJob): Get one.
* lang/qt/src/qgpgmebackend.cpp,
lang/qt/src/qgpgmebackend.h: Add helpers to get the job.
* lang/qt/src/qgpgmegpgcardjob.cpp,
lang/qt/src/gpgcardjob.h,
lang/qt/src/qgpgmegpgcardjob.h: New.
--
This is annoyingly complex to add a simple new job.
In the future we should implement something like this
without the threadedjobmixin stuff. But the idea was
to follow the usual job pattern.
GnuPG-Bug-Id: T4794
* src/gpgme.h.in (struct _gpgme_user_id): Add field 'uidhash'.
* src/key.c (gpgme_key_unref): Free it.
* src/keylist.c (keylist_colon_handler): Set it.
* tests/run-keylist.c (main): Print it.
--
The uidhash value is part of gpg's output since the year 2005. This
now adds support to gpgme. The application for uidhash is to select
a user id in an edit interactor: Instead of giving the number of the
user id, the uidhash value can be be used to avoid tracking the user
id numbers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* lang/cpp/src/key.cpp, lang/cpp/src/key.h (UserID::remarks): New.
* NEWS: Mention this.
--
This can be useful if we want to show remarks made by others, too.
For:
GnuPG-Bug-Id: T4734
* lang/qt/src/qgpgmesignkeyjob.cpp: Handle remarks and
dupeOK.
* lang/qt/src/signkeyjob.h (SignKeyJob::setDupeOk),
(SignKeyJob::setRemark): New.
--
This API makes it easy for Kleopatra to add remarks for:
GnuPG-Bug-Id: T4734
* lang/cpp/src/gpgsignkeyeditinteractor.cpp
(GpgSignKeyEditInteractor::setDupeOk): New.
(makeTable): Add new tansitions.
(SignKeyState): Add DUPE_OK Status.
(GpgSignKeyEditInteractor::action): Handle DUPE_OK.
(GpgSignKeyEditInteractor::Private::Private): Carry flag.
--
When extended-edit is enabled this can be used to answer
the "dupe_ok" query from the edit-key with yes.
This is for:
GnuPG-Bug-Id: T4734
* src/context.h (gpgme_context): Add new flag for extended-edit.
* src/engine-gpg.c (append_args_from_sig_notations): Add flags to
control the kind of notations.
(gpg_edit): Respect extended-edit and notations.
(gpg_encrypt_sign, gpg_sign): Update call to
append_args_from_sig_notations.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Support
extended-edit.
* NEWS, doc/gpgme.texi: Mention extended-edit.
--
This provides a way to get the extended key-edit interface without
breaking bad state machines that rely on the current command flow.
A use case for this is to enable multiple local signatures, which
can be used together with annotations for:
GnuPG-Bug-Id: T4734
* NEWS: Mention interface change.
* lang/cpp/src/gpggencardkeyinteractor.cpp
(GpgGenCardKeyInteractor::setAlgo): New.
(GpgGenCardKeyInteractor::action),
(GpgGenCardKeyInteractor::nextState: Handle new interface.
--
Tested that this workes with the old interface of GnuPG 2.2.5
and the new interface since GnuPG 2.2.6
GnuPG-Bug-Id: T4428
* lang/cpp/src/context.cpp (Context::create): New.
* lang/cpp/src/context.h: Update accordingly.
* lang/cpp/src/key.cpp, lang/cpp/src/key.h:
(Key::isBad, Subkey::isBad, UserID::isBad)
(UserID::Signature::isBad): Add shorthand for the isX checks.
* NEWS: Mention it.
--
I don't know how often I wrote:
if (key.isNull() || key.isExpired() || key.isRevoked() ...
And for the context it is good practice to use a unique ptr
so the API should make it easy.
* configure.ac: Bump core LT version to C32/A21/R0. Bump C++ LT
version to C14/A8/R0.
* lang/qt/tests/Makefile.am (CLEANFILES): Add reader status files.
* Makefile.am (EXTRA_DIST): Add conf/whatisthis.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_data_new_from_estream): New.
* src/data-estream.c: New.
* src/data.h (gpgme_data): New union member e_stream.
--
The estream functions (gpgrt_fopen et al.) are any waypart of the
required libgpg-error library and thus it makes sense to provide this
convenience interface.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.
--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".
For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.
GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
* lang/cpp/src/context.cpp, lang/cpp/src/context.h
(Context::createKeyEx): New.
--
The createKeyEx function follows the usual pattern that the
synchronous call returns a result directly while for the
async an extra call is neccessary.
* src/gpgme.h.in (_gpgme_op_decrypt_result): Add flag
legacy_cipher_nomdc.
* src/decrypt.c (parse_status_error): Set this flag.
* tests/run-decrypt.c (print_result): print it.
(main): Print the result even on error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* lang/cpp/src/data.h, lang/cpp/src/data.cpp (Data::rewind): New.
* lang/qt/tests/t-various.cpp (testDataRewind): Test it.
--
The advantage of this convieniance function in GPGME is that
it avoids the messiness that are declarations with off_t.
GnuPG-Bug-Id: T3996
* src/decrypt.c (struct op_data_t): Add field not_integrity_protected.
(parse_decryption_info): Set this. Also rename mode to aead_algo for
clarity.
(_gpgme_decrypt_status_handler): Force failure in case of a missing
MDC.
--
This extra check makes sure that a missing or stripped MDC in
- gpg < 2.1
- or gpg 2.2 with an old cipher algorithm
will lead to a decryption failure. gpg 2.3 will always fail in this
case. Implementing this check here and not backporting the 2.3 change
to 2.2 has the benefit that all GPGME using applications are protected
but scripts relying on rfc2440 (i.e. without MDC) will only break when
migrating to 2.3.
Note that S/MIME has no integrity protection mechanism but gpgsm
neither emits a DECRYPTION_INFO status line, so an error will not be
triggered. If in the future gpgsm supports authenticated encryption
it may issue a DECRYPTION_INFO line to force a failure here but it
will in that case also emit a DECRYPTION_FAILED anyway.
GnuPG-bug-id: 3981
Signed-off-by: Werner Koch <wk@gnupg.org>