Commit Graph

425 Commits

Author SHA1 Message Date
Werner Koch
7f9e0ca57b
core: New export mode to export as OpenSSH public key.
* src/gpgme.h.in (GPGME_EXPORT_MODE_SSH): New.
* src/export.c (export_ext_start): Allow for new mode.
* src/engine-gpg.c (export_common): Implement.
* tests/run-export.c (status_cb): New.
(main): New options --status and --ssh.
--

GnuPG-bug-id: 4310
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-16 12:00:46 +02:00
Werner Koch
8589091682
core: Deprecate the non-working trustlist functions.
* src/gpgme.h.in: Clarify that the trustlist function should not be
used.
* src/engine.c (_gpgme_engine_op_trustlist): Always return an error.
* src/engine-backend.h (struct engine_ops): Remove trustlist member.
* src/engine-gpg.c (gpg_trustlist): Remove.
(struct engine_ops): Remove that member.  Also in all other engines.
* tests/gpg/t-trustlist.c: Remove.
* lang/python/tests/t-trustlist.py: Remove.
--

This never worked in reality because the required feature has been
removed from GnuPG version 1.3.2 soon after introduction of this
feature in gpgme - 17 years ago.  It was anyway marked as
experimental.  We keep the API and ABI, though.

GnuPG-bug-id: 4834
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-15 16:34:24 +02:00
Werner Koch
c8048bf8eb
core: New keylist mode GPGME_KEYLIST_MODE_WITH_KEYGRIP.
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_KEYGRIP): New.
* src/gpgme-json.c (op_keylist): New flag "keygrip".
* src/engine-gpg.c (gpg_keylist_build_options): Pass the options.

* lang/cpp/src/global.h (WithKeygrip): New.
* lang/cpp/src/context.cpp: Add check.
* lang/cpp/src/key.cpp (Key::update): Handle WithKeygrip.
* lang/cpp/src/verificationresult.cpp: Ditto.
* lang/cpp/src/util.h (add_to_gpgme_keylist_mode_t): Ditto.
--

GnuPG-bug-id: 4939
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-15 14:11:17 +02:00
Andre Heinecke
88f3202521
doc: Explain verify_result_t.status == 0 more
* doc/gpgme.texi (gpgme_verify_result_t): Explain
GPGME_STATUS_NO_ERROR more clearly.

--
This might help to avoid misunderstandings how the
status can be interpreted and explains why a verify
of unsigned PGP Data returns no error.

As a reaction to CVE-2020-10759 discovered by Justin Steven.
2020-06-09 10:22:27 +02:00
dupgit
49c13854f3
GPGME_CREATE_NOEXPIRE is only available since 1.9.0
* doc/gpgme.texi: Fixes version number from 1.8.0 to
   1.9.0 for GPGME_CREATE_NOEXPIRE.

GnuPG-Bug-Id: T4922
Signed-off-by: dupgit <olivier.delhomme@free.fr>
2020-05-08 12:34:20 +02:00
Werner Koch
004fdf61c8
core: Make sure the keygrip is available in WITH_SECRET mode.
* src/engine-gpg.c (gpg_keylist_build_options): Send --with-keygrip
if --with-secret is used.
--

Since GnuPG 2.2.19 the keygrip was not anymore send if only
--with-secret was used in a public key listing.  Given that
--with-secret requires computation of the keygrip anyway, there is no
point in not requesting the keyrip in this case.

GnuPG-bug-id: 4820
2020-05-08 11:18:42 +02:00
Werner Koch
3afa534645
core: New context flags "include-key-block" and "auto-key-import".
* src/gpgme.c (gpgme_set_ctx_flag): Add flags "include-key-block" and
"auto-key-import".
(gpgme_get_ctx_flag): Ditto.
* src/context.h (struct gpgme_context): Add flags include_key_block
and auto_key_import.
* src/engine-gpg.c (struct engine_gpg): Likewise.
(gpg_set_engine_flags): Set the flags for gpg versions >= 2.2.20.
(gpg_decrypt): Set option according to the new flags.
(gpg_encrypt): Ditto.
(gpg_encrypt_sign): Ditto.
(gpg_sign): Ditto.
(gpg_verify): Ditto.

tests/run-verify: Add option --auto-key-import.
tests/run-sign: add option --include-key-block.
--

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-17 17:24:21 +01:00
Werner Koch
5eeae535ee
core: Extend gpgme_user_id_t with uidhash member.
* src/gpgme.h.in (struct _gpgme_user_id): Add field 'uidhash'.
* src/key.c (gpgme_key_unref): Free it.
* src/keylist.c (keylist_colon_handler): Set it.
* tests/run-keylist.c (main): Print it.
--

The uidhash value is part of gpg's output since the year 2005.  This
now adds support to gpgme.  The application for uidhash is to select
a user id in an edit interactor: Instead of giving the number of the
user id, the uidhash value can be be used to avoid tracking the user
id numbers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-13 15:11:00 +01:00
Andre Heinecke
7e7eaf4342
Revert "doc: Remove UI Server documentation"
This reverts commit 1b2ad3b73c.

--
Just removing the documentation was not the right way as
this is still in use.
2019-12-11 10:30:41 +01:00
Andre Heinecke
1b2ad3b73c
doc: Remove UI Server documentation
* doc/Makefile.am: Remove uiserver.texi
* doc/gpgme.texi: Remove UI-Server mentions.
* doc/uiserver.texi: Removed.

--
This prepares the removal of UI Server from implementing
applications like Kleopatra.
The only user of the UI Server is GpgEX and even that
does not need it at all and is better served with process
calls.

GnuPG-Bug-Id: T4030
2019-11-12 11:04:11 +01:00
Andre Heinecke
0224408c63
core: Add cert-notation support and extended-edit
* src/context.h (gpgme_context): Add new flag for extended-edit.
* src/engine-gpg.c (append_args_from_sig_notations): Add flags to
control the kind of notations.
(gpg_edit): Respect extended-edit and notations.
(gpg_encrypt_sign, gpg_sign): Update call to
append_args_from_sig_notations.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Support
extended-edit.
* NEWS, doc/gpgme.texi: Mention extended-edit.

--
This provides a way to get the extended key-edit interface without
breaking bad state machines that rely on the current command flow.

A use case for this is to enable multiple local signatures, which
can be used together with annotations for:

GnuPG-Bug-Id: T4734
2019-10-29 16:11:54 +01:00
Werner Koch
2b2977c215
doc: Remove cruft from a doc entry.
--

Reported-by: dkg@fifthhorseman.net
2019-10-01 08:08:17 +02:00
Werner Koch
649b196881
doc: Minor comment cleanups.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-03 10:41:00 +01:00
Werner Koch
8d91c0f4cd
Add SPDX identifiers to most source files
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 13:27:33 +01:00
Daniel Kahn Gillmor
2557d0ae6f spelling: fix misspellings
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-11-08 12:34:27 +07:00
Daniel Kahn Gillmor
2f12427e41 doc: use https:// for www.gnu.org
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-18 00:28:51 -04:00
Andre Heinecke
85627e5818
core: Add trust-model flag
* src/context.h (gpgme_context): Extend with trust_model.
* src/engine-gpg.c (engine_gpg): Extend with trust_model.
(gpg_set_engine_flags): Take trust_model from context.
(build_argv): Handle trust_model.
(gpg_release): Free trust_model.
* src/gpgme.c (gpgme_set_ctx_flag): Handle trust-model flag.
(gpgme_release): Release trust-model.
* doc/gpgme.texi: Document new flag for gpgme_set_ctx_flag.
(Context Flags): New subsection for the context flags.
* tests/run-keylist.c (show_usage, main): Add new --trust-model
parameter.

--
This gives a GPGME user fine grained control over the
trust-model.

Changing the trust model for only a single application depends
on:
GnuPG-Bug-Id: T4134
Maniphest Tasks: T4134
Differential Revision: https://dev.gnupg.org/D466
2018-10-09 10:48:58 +02:00
Werner Koch
ecfa48fffa
build: Move config.h to conf/config.h
* conf/: New dir.
* configure.ac (AC_CONFIG_HEADER): Move header to conf dir.
* doc/Makefile.am (mkdefsinc): Adjust rule.
* lang/python/Makefile.am (copystamp): Ditto.
--

C++ uses those stupid files without a suffix and thus the new standard
header <version> as included by newer other libc++ versions may
conflict with the VERSION file in out top directory.   This change
should solve the problem.

GnuPG-bug-id: 4168
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-05 15:14:58 +02:00
Ben McGinnes
f3fc737382 python: makefiles
* doc/Makefile.am: Removed a bit I forgot about.
* Renamed lang/python/docs to lang/python/doc bvecause apparently
  automake cares about that too.
* Decided to be extra explicit in the manifest because if I don't then
  all sorts of things get deleted ... like lang/python
* Tested on an external linux system just in case my osx workstation
  introduces too much weirdness.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-10-04 21:10:46 +10:00
Ben McGinnes
b280205319 docs: pre-python preparation
* doc/Makefile.am: removed the python howto from this file, restoring
  it to just the main project and the newer .js files.
* deleted: doc/gpgme-python-howto.texi
* renamed the Short_History.org file to short-history.org to keep the
  naming conventions similar.
* All the Python files can (and should) live together.
2018-10-04 01:42:12 +10:00
Ben McGinnes
23894ac9a9 python bindings: CPython order
* Changed the order of python versions the configure/make process
  checks for, placing Python 3.7 ahead of 3.6.
* Updated the HOWTO documentation to reflect this change.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-10-03 06:58:51 +10:00
Werner Koch
7b861945fd
core: add experimental GPGME_EXPORT_MODE_NOUID.
* src/gpgme.h.in (GPGME_EXPORT_MODE_NOUID): New.
* src/export.c (export_start): Adjust option check.
* src/engine-gpg.c (export_common): Implement option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-02 11:18:00 +02:00
Ben McGinnes
76bdfabb05 docs: python bindings
* Tightened up the docs a little bit, updated the "what's new"
  section, dropped the "-draft" version in preparation for GPGME
  1.12.0's release.
* Exported another .texi version (and updated the draft copies to this
  commit (which ought to be 1.11.1-beta313).

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-10-01 02:10:03 +10:00
Ben McGinnes
b625258d54 docs: a typographical two-step
* Sometimes you really do need or want punctuation in a heading, but
  ideally without something else generating whitespace and other
  annoyances to go with it.
* Trying a real decimal point instead.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-25 10:17:39 +10:00
Ben McGinnes
62e4e2cb5e docs and examples: python bindings
* Woumd up the "what's new" section.
* Added an example for sending a key to the keyservers via hkp4py.
* Updated the export key code to use a more complete check for the
  $GNUPGHOME location.
* Expanded on the installation and reinstallation troubleshooting
  section.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-25 09:59:31 +10:00
Ben McGinnes
e9da4d9710 docs: python bindings howto
* Added a What's New section to summarise changes since the last
  release.  There have been quite a few and some attention does need
  to be drawn to some of them.
* Confirming certain issues with some platform builds, especially
  BSD/OSX vs. Linux issues which will need to update the installation
  troubleshooting guides.
2018-09-25 04:32:13 +10:00
Ben McGinnes
b12b2cc996 docs and examples: python bindings howto
* Added more comprehensive examples using hkp4py and added a couple
  more example scripts for protonmail.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-23 19:36:54 +10:00
Ben McGinnes
ced4bdbbb2 examples: python bindings and hkp4py updates
* Mostly tightening up the details on the hkp4py example script.
* Also fixed a typo in the LGPL boiler plate text included in all the
  other example scripts for the HOWTO.
2018-09-23 11:43:34 +10:00
Ben McGinnes
6ed9a77c92 python bindings: importing from keyservers with hkp4py
* added a new example script to search the keyservers and import the
  results, this time using Marcel Fest's hkp4py module.
* Updated the key importing section to match this addition.
* Tested with the current version of hkp4py from github.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-23 08:18:44 +10:00
Ben McGinnes
3622576105 docs: python bindings howto
* Confirmed that updates to the tests have significant'y improved that
  output.
* Updated some of the additional notes for the section on hkp4py.
** This is in anticipation adding at least import examples using that
   module as well.  It may also include adding examples of exporting a
   key and uploading it to the keyservers.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-23 05:37:40 +10:00
Ben McGinnes
5cb67257f2 docs: python bindings and its special request
* Added some material on using the new-ish hkp4py module with GPGME.
* Example code will be added later once a couple of little issues are
  addressed.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-20 11:38:20 +10:00
Ben McGinnes
362caaf02f docs: python bindings
* Updated the Cython example code slightly, along with the
  corresponding explanation.
2018-09-18 08:32:30 +10:00
Ben McGinnes
f4d83800d8 docs: python bindings howto
* Tightened up the Cython demonstration.
2018-09-17 14:33:02 +10:00
Ben McGinnes
44c846345e docs: cython sanitized
* Sanitized the shell command examples of extraneous whitespace.
* Removed keycount.c as sanitising it is pointless and it will be
  generated by Cython when the example is followed.
* Regenerated the .texi version.
2018-09-16 13:58:34 +10:00
Ben McGinnes
61c08f7435 docs: python bindings howto
* Added new advanced section with an example of using the Python
  bindings with CPython code compiled back to C code using Cython.
* Though it may seem a bit counter-intuitive to use the bindings just
  to go back to C via a different route, this is not actually stupid.
* Added examples/howto/advanced/cython/ directory.
* Added keycount.pyx, setup.py and the keycount.c file which the first
  two generated with Cython.  Not including the .so and .o files from
  the build.
* Exported the .texi version of the howto for the main docs.
2018-09-16 13:48:12 +10:00
Ben McGinnes
fbec29fdac docs: even more edits
* doc/gpgme-python-howto.texi: hunting down and killing commas,
  Oxford or not it can't stay in a heading.
2018-09-16 11:06:32 +10:00
Ben McGinnes
2a1b0b88d9 docs: more edits
* lang/python/docs/gpgme-python-howto.org: more tweaks and edits,
  along with another build of output formats.
* doc/gpgme-python-howto.texi: updated texinfo version for parent docs.
2018-09-16 10:52:30 +10:00
Ben McGinnes
76f7702284 docs: python howto texinfo update
* doc/gpgme-python-howto.texi:
2018-09-16 06:42:35 +10:00
Ben McGinnes
7e9df9b9e3 docs: Python howto update
* lang/python/docs/GPGMEpythonHOWTOen.org: Added corresponding GPGME
  version number to table at the start and cut the shortcut from the
  groups.py example.
* doc/gpgme-python-howto.texi: New export of Texinfo file for docs
  build.
2018-09-16 06:35:02 +10:00
Ben McGinnes
93a2ea0207 docs: generated whitespace
* doc/gpgme-python-howto.texi: culled whitespace included with the
  org-mode export.
2018-09-16 05:02:44 +10:00
Ben McGinnes
2e5b060370 Docs: including howto with standard docs
* gpgme.spec.in: Added gpgme-python-howto.info build on the grounds
  that it now deals with certain possible installation issues and end
  users encountering them would want the docs to hand.
* doc/gpgme.texi: updated the copyright year to this year.
2018-09-16 04:55:33 +10:00
Ben McGinnes
b19faa26e0 Docs: Python bindings HOWTO
* Added doc/gpgme-python-howto.texi: generated from
  GPGMEpythonHOWTOen.org and then slightly modified so the generated
  Info file doesn't use camelCase.
* doc/Makefile.am: Updated makefile to include the Python HOWTO with
  gpgme_TEXINFOS and to export the generated files to the webserver
  along with the main GPGME one.
2018-09-16 04:04:13 +10:00
Werner Koch
702566b36c
doc: Add warning that FILE_NAME is not part of the signed data.
--
2018-08-27 11:43:02 +02:00
Andre Heinecke
59ed27bae1
Merge branch 'javascript-binding'
This adds a new language binding "gpgme.js" to GPGME. It
serves as a bridge between the native-messaging service "gpgme-json"
and JavaScript Applications.

The first user of this binding will be Mailvelope which will
see GnuPG integration in the near future.

GnuPG-Bug-Id: T4107
2018-08-22 13:15:35 +02:00
Andre Heinecke
9608996d88
Add example manifests for gpgme-json
* doc/examples/gpgme-chrome.json, doc/examples/gpgme-mozilla.json: New.
* doc/Makefile.am (EXTRA_DIST): Include them.

--
The id contained in the examples is the ID of Mailvelope.
2018-08-21 13:58:51 +02:00
Werner Koch
f42cd70f18
core: New interface gpgme_data_new_from_estream.
* src/gpgme.h.in (gpgme_data_new_from_estream): New.
* src/data-estream.c: New.
* src/data.h (gpgme_data): New union member e_stream.
--

The estream functions (gpgrt_fopen et al.) are any waypart of the
required libgpg-error library and thus it makes sense to provide this
convenience interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-19 09:51:45 +02:00
Andre Heinecke
31bc51e2af
doc: More explicit doc for EXTERN and LOCAL modes.
* doc/gpgme.texi (GPGME_KEYLIST_MODE_EXTERN),
(GPGME_KEYLIST_MODE_LOCATE, GPGME_KEYLIST_MODE_LOCAL): Mention
command line flags for CMS and OpenPGP Protocol.

--
This might help new users coming to gnupg to understand what
the flags do.
2018-07-09 11:10:19 +02:00
Andre Heinecke
7bc5d3c7e4
Add ctx flag for auto-key-locate
* src/context.h (gpgme_context): Add auto_key_locate.
* src/engine-gpg.c (engine_gpg): Add auto_key_locate.
(gpg_set_engine_flags, build_argv): Handle auto_key_locate.
(gpg_release): Free auto_key_locate.
* src/gpgme.c (gpgme_release): Free auto_key_locate.
(gpgme_get_ctx_flag, gpgme_set_ctx_flag): Handle auto-key-locate.
* doc/gpgme.texi: Document auto-key-locate flag.
* tests/run-keylist.c (show_usage, main): Add --from-wkd option.

--
This enables users of GPGME to control more fine grained what
auto-key-locate does.  Especially for WKD lookups / refreshes
can this be useful.

GnuPG-Bug-Id: T2917
Differential Revision: https://dev.gnupg.org/D463
2018-07-09 10:58:04 +02:00
Andre Heinecke
a2458806f8
core: Add gpg auditlog to get diagnostics
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.

--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".

For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.

GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
2018-07-05 11:29:36 +02:00
Werner Koch
662604c5bc
core: New context flag "ignore-mdc-error".
* src/context.h (gpgme_context): Add field ignore_mdc_error.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Set/get it.
* src/engine-gpg.c (engine_gpg): Add flags.ignore_mdc_error.
(gpg_set_engine_flags): Set it.
(build_argv): Pass option to gpg.
* src/decrypt.c (_gpgme_decrypt_status_handler): Take care of flag.
(gpgme_op_decrypt_result): Clear flag.
(gpgme_op_decrypt): Clear flag.
* src/decrypt-verify.c (gpgme_op_decrypt_verify): Clear flag
(gpgme_op_decrypt_ext): Clear flag.

* tests/run-decrypt.c (show_usage): Add option --ignore-mdc-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:29:34 +02:00
Werner Koch
dd19cabe81
core: New decryption result flag 'legacy_cipher_nomdc'.
* src/gpgme.h.in (_gpgme_op_decrypt_result): Add flag
legacy_cipher_nomdc.
* src/decrypt.c (parse_status_error): Set this flag.
* tests/run-decrypt.c (print_result): print it.
(main): Print the result even on error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-01 01:01:08 +02:00
Werner Koch
8a0c8c5251
core: Always fail if an OpenPG message is not integrity protected.
* src/decrypt.c (struct op_data_t): Add field not_integrity_protected.
(parse_decryption_info): Set this.  Also rename mode to aead_algo for
clarity.
(_gpgme_decrypt_status_handler): Force failure in case of a missing
MDC.
--

This extra check makes sure that a missing or stripped MDC in
 - gpg < 2.1
 - or gpg 2.2 with an old cipher algorithm
will lead to a decryption failure.  gpg 2.3 will always fail in this
case.  Implementing this check here and not backporting the 2.3 change
to 2.2 has the benefit that all GPGME using applications are protected
but scripts relying on rfc2440 (i.e. without MDC) will only break when
migrating to 2.3.

Note that S/MIME has no integrity protection mechanism but gpgsm
neither emits a DECRYPTION_INFO status line, so an error will not be
triggered.  If in the future gpgsm supports authenticated encryption
it may issue a DECRYPTION_INFO line to force a failure here but it
will in that case also emit a DECRYPTION_FAILED anyway.

GnuPG-bug-id: 3981
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-17 09:16:05 +02:00
Werner Koch
969700bc56
doc: Suggest the use of strconcat for recipient strings.
--
GnuPG-bug-id: 3775

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-20 08:56:53 +02:00
Werner Koch
55e9a94680
core: New convenience constant GPGME_KEYLIST_MODE_LOCATE.
* src/gpgme.h.in (GPGME_KEYLIST_MODE_LOCATE): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 17:59:29 +02:00
Werner Koch
65479fe7b8
core: Add 'is_mime' flags to the verify and decrypt results.
* src/op-support.c (_gpgme_parse_plaintext): Add arg r_mime.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ser mime flag.
* src/verify.c (_gpgme_verify_status_handler): Ditto.
* src/gpgme.h.in (gpgme_op_verify_result_t): Append fields 'is_mime'
and '_unused'.
(gpgme_op_decrypt_result_t): New field 'is_mime'.  Shrink '_unused'.

* tests/run-decrypt.c (print_result): Print MIME flag.
* tests/run-verify.c (print_result): Ditto.
--

Note that this flag (Liternal Data packet's 'm' mode) is only
specified in RFC-4880bis.  To use it you currently need to add
"rfc4880bis" to the the gpg.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-18 15:20:35 +02:00
Werner Koch
01435da498
core: Extend decryption result with symkey_algo.
* src/gpgme.h.in (gpgme_op_decrypt_result_t): Add field 'symkey_algo'.
* src/decrypt.c (release_op_data): Free SYMKEY_ALGO.
(gpgme_op_decrypt_result): Make sure SYMKEY_ALGO is not NULL.
(parse_decryption_info): New.
(_gpgme_decrypt_status_handler): Parse DECRYPTION_INFO status.
* src/conversion.c (_gpgme_cipher_algo_name): New.
(_gpgme_cipher_mode_name): New.

* tests/run-decrypt.c (print_result): Print SYMKEY_ALGO

* src/util.h (_gpgme_map_gnupg_error): Remove obsolete prototype.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 13:48:56 +02:00
Werner Koch
3589da0500
core: New keyword --file for OpenPGP recpstring.
* src/engine-gpg.c (append_args_from_recipients_string): Add new
flags.
--

Now you can use gpgme to encrypt without first importing a key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 12:40:30 +02:00
Werner Koch
c143ab692c
core: For OpenPGP let offline mode disable dirmngr.
* src/engine-gpg.c (struct engine_gpg): New flag.offline.
(gpg_set_engine_flags): Set it.  Also fix setting of no_symkey_cache.
(build_argv): Pass --disable-dirmngr in offline mode.
--

GnuPG-bug-id: 3831
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 11:06:27 +02:00
Werner Koch
4bba3b8e2c
core: Allow for --hidden keyword in OpenPGP recpstrings.
* src/engine-gpg.c (append_args_from_recipients_string): Add special
keywords.
--

GnuPG-bug-id: 3775
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 10:04:20 +02:00
Werner Koch
86efba2be2
core: New encryption flag GPGME_ENCRYPT_WANT_ADDRESS.
* src/gpgme.h.in (GPGME_ENCRYPT_WANT_ADDRESS): New flag.
* src/engine-gpg.c (add_arg_recipient): New.
(add_arg_recipient_string): New.
(append_args_from_recipients): Call new helper function.
(append_args_from_recipients_string): Ditto.
* src/gpgme-json.c (op_encrypt): Add flag "want-address".
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 09:40:27 +02:00
Werner Koch
a1f76b3b54
core: Add extended versions of the encrypt functions.
* src/gpgme.h.in (gpgme_op_encrypt_ext_start) New.
(gpgme_op_encrypt_ext): New.
(gpgme_op_encrypt_sign_ext_start): New.
(gpgme_op_encrypt_sign_ext): New.
* src/libgpgme.vers, tests/run-encrypt.c: Add them.

* src/encrypt.c (encrypt_start): Add arg recpstring.
(gpgme_op_encrypt): Factor code out to ...
(gpgme_op_encrypt_ext): new function with new arg recpstring.
(gpgme_op_encrypt_start): Factor code out to ...
(gpgme_op_encrypt_ext_start): new function with new arg recpstring.
* src/encrypt-sign.c (encrypt_sign_start): Add arg recpstring.
(gpgme_op_encrypt_sign): Factor code out to ...
(gpgme_op_encrypt_sign_ext): new function with new arg recpstring.
(gpgme_op_encrypt_sign_start): Factor code out to ...
(gpgme_op_encrypt_sign_ext_start): new function with new arg
recpstring.

* src/engine-backend.h (struct engine_ops): Change fields encrypt and
encrypt_sign.
* src/engine.c (_gpgme_engine_op_encrypt): Add arg recpstring and pass
to engine.
(_gpgme_engine_op_encrypt_sign): Ditto.
* src/engine-gpg.c (append_args_from_recipients_string): New.
(gpg_encrypt): Add arg recpstring and call new function as needed.
(gpg_encrypt_sign): Ditto.
* src/engine-gpgsm.c (set_recipients_from_string): New.
(gpgsm_encrypt): Add arg recpstring and call new function as needed.
* src/engine-uiserver.c (set_recipients_from_string): New.
(uiserver_encrypt): Add arg recpstring and call new function as
needed.

* tests/run-encrypt.c (xstrdup): New.
(main): Add option --keystring.

* src/gpgme-json.c (get_keys): Simplify.
(op_encrypt): Modify to make use of the extended encrypt function.

--

This new feature can be used to avoid the need for a key lookup and
thus several extra calls to the backend.

Note that run-test uses a semicolon as delimiter because that make
testing the feature on the command line much easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-17 08:45:00 +02:00
Werner Koch
f7700a0169
core: Add new context flag "no-symkey-cache".
* src/gpgme.c (gpgme_set_ctx_flag): Set flag.
(gpgme_get_ctx_flag): Get flag.
* src/context.h (struct gpgme_context): Add field no_symkey_cache.
* src/engine-gpg.c (struct engine_gpg): Ditto.
(gpg_set_engine_flags): Set flag.
(build_argv): Pass option --no-symkey-cache to gpg.

* tests/run-decrypt.c (print_result): Fix segv for symmetric messages.
(main): New option --no-symkey-cache.
* tests/run-encrypt.c (main): New option --no-symkey-cache.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 09:17:27 +02:00
Werner Koch
b9000bc293
core: New gpgme_set_ctx_flag "request-origin".
* src/context.h (gpgme_context): Add 'request_origin'.
* src/gpgme.c (gpgme_release): Free that field.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add "request-origin".
* src/engine-backend.h (engine_ops): Add 'set_engine_ops' func ptr and
adjust all users.
* src/engine.c (_gpgme_engine_set_engine_flags): New.
* src/op-support.c (_gpgme_op_reset): Call that func.
* src/engine-gpg.c (struct engine_gpg): Add 'request_origin'.
(gpg_set_engine_flags): New.
(_gpgme_engine_ops_gpg): Hook it.
(build_argv): Use command line option --request-origin.
* src/engine-gpgsm.c (struct engine_gpgsm): Add 'request_origin'.
(gpgsm_set_engine_flags): New.
(_gpgme_engine_ops_gpgsm): Hook it.
(start): Send OPTION "request-origin".
* src/engine-assuan.c (struct engine_llass): Add 'request_origin'.
(gpgsm_set_engine_flags): New.
(_gpgme_engine_ops_assuan): Hook it.
(start): Send OPTION "pretend-request-origin".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 15:27:32 +01:00
Werner Koch
9e1e655483
core: Fix ABI regression in recent commit.
* src/gpgme.h.in (_gpgme_op_import_result): Move new field
'skipped_v3_keys' to the end.
--

The ABI break has not made it into a release.

Also document the new field.

Fixes-commit: a630a1e3e7
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-20 10:38:36 +01:00
Andre Heinecke
7b5182f288
Spelling fixes for comments and doc
--
Patch provided by ka7 in dev.gnupg.org

Differential D423
2017-12-08 05:59:11 +01:00
Werner Koch
0c1244a2b7
core: Also check for a failed selftest in gpgm_data_new.
* src/data.c (_gpgme_data_new): Check for failed selftest.
* tests/run-support.h (make_filename): Print a message on mallooc
failure.
(init_gpgme_basic): New.
* tests/run-identify.c (main): Call init_gpgme_basic becuase we do not
need to setup a protocol.
* tests/t-data.c: Define PGM and include run-support.h.
(make_filename): Remove.
(main): Call init_gpgme_basic.
--

Note: This patch may break applications which used gpgme_data but no
gpgme_new without having called the required gpgme_check_version.

GPGME can be used without a protocol for example to work with the data
object abstraction.  Thus a call to gpgme_data_new also needs to check
the result of the core selftests - including on whether
gpgme_check_version has been called.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-04 12:08:31 +01:00
Werner Koch
47f61df070
core: New context flag "auto-key-retrieve"
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag
"auto-key-retrieve".
* src/context.h (gpgme_context): New field auto_key_retrieve.
* src/engine-backend.h (struct engine_ops): Add arg auto_key_retrieve
to field 'decrypt'.
* src/engine-gpg.c (gpg_decrypt): Add arg auto_key_retrieve and pass
option --auto-key-retrieve to gpg.  Adjust all callers.
(gpg_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Add dummy arg auto_key_retrieve.
* src/engine-uiserver.c (uiserver_decrypt): Ditto.
* tests/run-verify.c (main): Add option --auto-key-retrieve.
--

This makes the --auto-key-retrieve option available in the GPGME API.

Test plan:
Run

  GPGME_DEBUG=9:out tests/run-verify SIGNEDFILE

with and without its new option --auto-key-retrieve and check in the
trace stored in "out" whether --auto-key-retrieve was passed to gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24 17:17:11 +02:00
Marcus Brinkmann
b9b08e4693 doc: Add version information.
* doc/gpgme.texi (since): New macro.  Use it to add version
information to those APIs that are mentioned in the NEWS file.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3137
2017-08-16 23:12:15 +02:00
Marcus Brinkmann
0ee7f4f178 doc: Clarify import keys operation further.
* doc/gpgme.texi (gpgme_op_import_keys): Further clarifications.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3215
2017-08-16 15:39:38 +02:00
Marcus Brinkmann
a0cc6e01a8 g10: Add new delete operations that allow more flags.
* NEWS: Document new interfaces.
* doc/gpgme.texi: Document new interfaces.
* src/gpgme.h.in (GPGME_DELETE_ALLOW_SECRET, GPGME_DELETE_FORCE,
gpgme_op_delete_ext_start, gpgme_op_delete_ext): New.
* src/delete.c (delete_start): Change allow_secret argument to flags.
(gpgme_op_delete_ext, gpgme_op_delete_ext_start): New functions.
* src/engine-backend.h (delete): Change allow_secret argument to flags.
* src/engine.c (_gpgme_engine_op_delete): Likewise.
* src/engine.h (_gpgme_engine_op_delete): Likewise (for prototype).
* src/engine-gpgsm.c (gpgsm_delete): Likewise.
* src/engine-gpg.c (gpg_delete): Likewise.  Implement GPGME_DELETE_FORCE.
* src/gpgme.def (gpgme_op_delete_ext, gpgme_op_delete_ext_start): New.
* src/libgpgme.vers (gpgme_op_delete_ext, gpgme_op_delete_ext_start): New.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2916
2017-08-11 19:13:44 +02:00
Marcus Brinkmann
dfb3ca8568 doc: Clarify import keys operation.
* doc/gpgme.texi (gpgme_op_import_start): Fix grammar.
(gpgme_op_import_keys): Clarify some wording and fix result.
* src/import.c (gpgme_op_import_keys): Clarify comment.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3215
2017-08-10 16:50:11 +02:00
Marcus Brinkmann
274609bace doc: Add more tofu documentation.
* doc/gpgme.texi (gpgme_tofu_info_t): Document structure.
(gpgme_sigsum_t): Document GPGME_SIGSUM_TOFU_CONFLICT.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2816
2017-08-10 16:10:40 +02:00
Werner Koch
ad0c5ab4cd
core: Return NO_SECKEY error code on decryption
* src/decrypt.c (op_data_t): Add flag any_no_seckey.
(_gpgme_decrypt_status_handler): Consult that flag.
(_gpgme_decrypt_status_handler): Set that flag.
--

The NO_SECKEY is emitted instead of an "S ERROR pkdecrypt_failed" if
gpg knowns that a key has been encrypted to that key (cf. "S ENC_TO").
it is not fool proffof but in the majority of cases we can provide a
better error message than just DECRYPTION_FAILED.

GnuPG-bug-id: 3270
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-12 18:30:49 +02:00
Andre Heinecke
8d61aba1fe
doc: Improve doc on passphrase_cb / pinentry mode
* doc/gpgme.texi (Passphrase Callback): Mention pinentry_mode and
restrictions.
(Pinentry Mode): Fix wording and clarify versions that need
loopback mode for passphrase_cb to work.
2017-04-24 16:46:09 +02:00
Werner Koch
aa0390ec3b
Release 1.9.0
* configure.ac <c>: Bump LT version to C29/A18/R0.
<cpp>: Bump LT version to C10/A4/R0.
<qt>: Bump LT version to C9/A2/R0.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-28 16:21:37 +02:00
Werner Koch
813ae5fa2d
core: Prepare for new key listing data send by gpg.
* src/gpgme.h.in (gpgme_user_id_t): New fields 'origin' and
'last_update'.
(gpgme_key_t): New fields 'origin' and 'last_update'.
* src/conversion.c (_gpgme_parse_timestamp_ul): New.
* src/keylist.c (keylist_colon_handler): Parse fields 19 and 20.

* tests/run-keylist.c (main): Print new fields.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-28 11:41:30 +02:00
Werner Koch
6ac1f2cded
core: New flags GPGME_DECRYPT_UNWRAP and GPGME_ENCRYPT_WRAP.
* src/gpgme.h.in (GPGME_ENCRYPT_WRAP): New const.
(gpgme_decrypt_flags_t): New enum.
(GPGME_DECRYPT_VERIFY): New const
(GPGME_DECRYPT_UNWRAP): New const
(gpgme_op_decrypt_ext_start): New func.
(gpgme_op_decrypt_ext): New func.
* src/decrypt-verify.c (gpgme_op_decrypt_ext_start): New.
(gpgme_op_decrypt_ext): New.
(decrypt_verify_start): Add arg FLAGS.  Replace call to
engine_op_decrypt_verify by the plain decrypt with the flag set.
(gpgme_op_decrypt_verify_start): Pass the flag.
(gpgme_op_decrypt_verify): Pass the flag.
* src/decrypt.c (decrypt_start): Rename to ...
(_gpgme_decrypt_start): this.  Add arg FLAGS.  Pass FLAGS to
engine_op_decrypt.
(gpgme_op_decrypt_start): Adjust for chnage pass 0 for FLAG.
(gpgme_op_decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt_verify): Remove.
(_gpgme_engine_op_decrypt): Add arg FLAGS.
* src/gpgme.def, src/libgpgme.vers: Add new functions.
* src/engine-backend.h (struct engine_ops): Remove member
'decrypt_verify'.  Add FLAGS to 'decrypt'.  Adjust all initialization.
* src/engine-uiserver.c (uiserver_decrypt): Remove.
(uiserver_decrypt_verify): Remove.
(_uiserver_decrypt): Rename to ...
(uiserver_decrypt): this.  Replace arg VERIFY by new arg FLAGS.
* src/engine-gpg.c (gpg_decrypt): Support GPGME_DECRYPT_UNWRAP.
(gpg_encrypt): Support GPGME_ENCRYPT_WRAP.

* tests/run-decrypt.c (main): New option --unwrap.
* tests/run-encrypt.c (main): New option --wrap.
--

Manual testing of that wrap/unwrap feature can be done this way:

 ./run-encrypt --verbose --key Alice /etc/motd > x
 ./run-decrypt --verbose --unwrap x > y
 ./run-encrypt --verbose --key Bob --wrap y > z

1. The message was first encrypted to Alice.
2. Alice decrypts the message receiving a valid OpenPGP message.
3. Alice encrypt that message to Bob

This will also work with encrypted and signed messages; the signature
will be kept intact during re-encryption.  Requires GnuPG 2.1.12.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-24 15:17:23 +01:00
Werner Koch
421ddd1e67
core: New API gpgme_op_set_uid_flag.
* src/gpgme.h.in (gpgme_op_set_uid_flag_start): New.
(gpgme_op_set_uid_flag_start): New.
* src/gpgme.def, src/libgpgme.vers: Add them.
* src/genkey.c (addrevuid_start): Change arg revoke to a flag.
(gpgme_op_revuid_start): Pass GENKEY_EXTRAFLAG_REVOKE for the fomer
revoke parameter.
(gpgme_op_revuid): Ditto.
(set_uid_flag): New.
(gpgme_op_set_uid_flag_start): New.
(gpgme_op_set_uid_flag): New.
* src/engine.h (GENKEY_EXTRAFLAG_SETPRIMARY): new.
* src/engine-gpg.c (gpg_adduid): Implement that flag.

* tests/run-genkey.c (main): New command --set-primary.
--

GnuPG-bug-id: 2931
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 19:03:58 +01:00
Werner Koch
55ac5eed9f
core: Extend gpgme_get_dirinfo to return the gpg-wks-client name.
* src/dirinfo.c (WANT_GPG_WKS_CLIENT_NAME): New const.
(struct dirinfo): New field 'gpg_wks_client_name'.
(get_gpgconf_item): Build it on demand.
(gpgme_get_dirinfo): New value "gpg-wks-client-name" for WHAT.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 11:16:16 +01:00
Werner Koch
fab8b1a166
core: New encryption flag GPGME_ENCRYPT_THROW_KEYIDS.
* src/gpgme.h.in (GPGME_ENCRYPT_THROW_KEYIDS): New flag.
* src/engine-gpg.c (gpg_encrypt): Implement flag
(gpg_encrypt_sign): Implement flag.

* tests/run-encrypt.c (main): New option --throw-keyids.
--

It would be nice to also selectively hide recipients (that is gpg
--hidden-recipient) but our API does not ye allow this because it is
based on key objects.  A possible way to implement that would be a API
to set processing flags into a key but this is complicated due to the
reference counting and thus the possibility that a key object is used
by different context.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 10:39:33 +01:00
Andre Heinecke
35023f3136
core: New public API gpgme_op_keylist_from_data_start.
* src/gpgme.h.in: New API gpgme_op_keylist_from_data_start.
* src/libgpgme.vers, src/gpgme.def: Add it.
* src/keylist.c (gpgme_op_keylist_from_data_start): New.
* src/engine-backend.h (engine_ops): Add field 'keylist_data'.  Change
all engines to pass NULL for it.
* src/engine.c (_gpgme_engine_op_keylist_data): New.
* src/engine-gpg.c (gpg_keylist_data): New.
(_gpgme_engine_ops_gpg): Register gpg_keylist_data.

* tests/run-keylist.c (main): New option --from-file.
--

Co-authored-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 2819
2017-03-21 09:50:23 +01:00
Werner Koch
ea9686ec71
core,cpp: New key flag 'is_de_vs'.
* src/gpgme.h.in (_gpgme_subkey): New flag is_de_vs.
* tests/run-keylist.c (main): Print that flag.
* src/keylist.c (parse_pub_field18): New.
(keylist_colon_handler): Parse compliance flags.
* lang/cpp/src/key.cpp (Key::isDeVs): New.
(Subkey::isDeVs): New.

* lang/cpp/src/key.h (class Key): New method isDeVs.
(class Subkey): New method isDeVs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-20 20:05:16 +01:00
Daniel Kahn Gillmor
5b49095b89 doc: Correct documentation for recp arg of gpgme_op_encrypt_sign_start
* doc/gpgme.texi (gpgme_op_encrypt_sign_start): recp is an array of
gpgme_key_t, not a single element.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-25 22:43:38 -08:00
Justus Winter
15fbac9e72
python: Support manipulating the TOFU policy.
* NEWS: Update.
* doc/gpgme.texi: Fix typos.
* lang/python/gpg/constants/__init__.py: Import new files.
* lang/python/gpg/constants/tofu/__init__.py: New file.
* lang/python/gpg/constants/tofu/policy.py: New file.
* lang/python/gpg/core.py (Context.key_tofu_policy): New function.
* lang/python/gpgme.i: Nice reprs for gpgme_tofu_info_t.
* lang/python/setup.py.in: Install new package.
* lang/python/tests/t-quick-key-manipulation.py: Extend test.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-17 17:08:03 +01:00
Justus Winter
48634e651f
python: Support quick key signing.
* NEWS: Update.
* doc/gpgme.texi (gpgme_op_keysign): Fix the description of the
'expire' argument.
* lang/python/gpg/constants/__init__.py: Import new file.
* lang/python/gpg/constants/keysign.py: New file.
* lang/python/gpg/core.py (Context.key_sign): New function.
* lang/python/tests/Makefile.am (py_tests): Add new test.
* lang/python/tests/t-quick-key-signing.py: New test.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-17 16:28:00 +01:00
Justus Winter
de708e5934
core: Fix expiration time handling when creating keys.
* NEWS: Update.
* doc/gpgme.texi (gpgme_op_createkey): Clarify the meaning of the
'expire' parameter.
(GPGME_CREATE_NOEXPIRE): Document new flag.
(gpgme_op_createsubkey): Clarify the meaning of the 'expire'
parameter.
* src/engine-gpg.c (gpg_add_algo_usage_expire): Fix handling of the
expiration time.
* src/gpgme.h.in (GPGME_CREATE_NOEXPIRE): New macro.
--

Previously, the documentation stated that the expiration time was an
absolute timestamp.  However, this value was passed using the
'seconds=N' syntax to GnuPG which specifies the expiration time in
seconds relative to the creation time.  Fix the documentation.

Furthermore, the documentation stated that using 0 results in keys
that do not expire.  This was communicated to GnuPG by using the
implicit default.  However, as of GnuPG 2.1.17, the default was
changed to create keys that expire within a reasonable timespan.

Fix this discrepancy by aligning the behavior with recent GnuPG
versions: 0 means use a reasonable default, and introduce a flag that
can be used to create keys that do not expire.  Communicate this
explicitly to GnuPG.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-15 16:45:45 +01:00
Daniel Kahn Gillmor
ad22bee538 doc: Document that gpgme_op_genkey() parms parameter is not XML.
* doc/gpgme.texi (GnupgKeyParms): document that input format is not
true XML.

--

Please see discussion at
https://lists.gnupg.org/pipermail/gnupg-devel/2017-January/032507.html

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-05 23:38:53 -05:00
Werner Koch
752d3597ef
core: Add new context flag "redraw".
* src/context.h (struct gpgme_context): New field 'redraw_suggested'.
* src/op-support.c (_gpgme_op_reset): Clear REDRAW_SUGGESTED.
* src/progress.c (_gpgme_progress_status_handler): Set REDRAW_SUGGESTED.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add "redraw".
* tests/run-sign.c (main): Use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-31 09:44:29 +01:00
Werner Koch
ecb0e3280a
doc: Let's suggest GNU guidelines for bit checking.
--

While educating students we can also get them to use useful habits, in
particular to parenthese bit tests.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-07 23:25:50 +01:00
Andre Heinecke
7880335273 Clarify what "checking on bit" means
* doc/gpgme.texi (gpgme_sigsum_t summary): Clarify what "you
can check one bit means"

--
It was unclear which bit to test for is. And tests
with students have shown that they would "test" for
this one bit by using if(sig.summary == GPGME_SIGSUM_VALID)
which would fail because valid sigs are also SIGSUM_GREEN.

So lets give an example for people not used to checking bits and
clarify through this example which bit is meant to be checked.
2016-12-07 21:46:24 +01:00
Werner Koch
7f5f26fd66
doc: Replace http: by https: in core source files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 13:27:00 +01:00
Werner Koch
9fc92a15bd
core: Do not leak the override session key to ps(1).
* src/engine-gpg.c (struct engine_gpg): New field
override_session_key.
(gpg_release): Free that field.
(gpg_decrypt): With gnupg 2.1.16 use --override-session-key-fd.

* tests/run-decrypt.c (main): Fix setting over the override key.
--

Note that this works only with gnupg 2.1.16 and later.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 10:15:31 +01:00
Daniel Kahn Gillmor
5730647421
doc,tests: Require use of ctx_flag before use of session_key.
* doc/gpgme.texi: Document requirements of verifying that it is OK to
use session_key.
* tests/run-decrypt.c: Ensure that we fail if we're unable to access
the session key, so that we do not violate the guidance above.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Changed the description

 -@code{gpgme_set_ctx_flag (ctx, "export-session-key")} returns
 -@code{GPG_ERR_NO_ERROR} or @code{gpgme_get_ctx_flag (ctx,
 -"export-session-key")} returns @code{"1"}.
 +@code{gpgme_set_ctx_flag (ctx, "export-session-key")} returns success
 +or @code{gpgme_get_ctx_flag (ctx, "export-session-key")} returns true
 +(non-empty string).

to get gpgme_get_ctx_flag for boolean values in sync with its own
description.

Note that I don't agree with the above suggestion but it does not
really harm to have it in the man page.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 10:15:31 +01:00
Daniel Kahn Gillmor
ff3b72e2a3 doc: Fix typos.
--
2016-11-15 12:02:56 +01:00
Werner Koch
7659d42468
core: Implement context flag "override-session-key".
* src/gpgme.c (gpgme_set_ctx_flag): Add flags "export-session-key" and
"override-session-key".
(gpgme_get_ctx_flag): Ditto.
(gpgme_set_export_session_keys): Remove.
(gpgme_get_export_session_keys): Remove.
* src/gpgme.def, src/libgpgme.vers: Remove them.
* src/context.h (struct gpgme_context): Add field
override_session_key.
* src/decrypt-verify.c (decrypt_verify_start): Pass
override_session_key value to the engine.
* src/decrypt.c (decrypt_start): Ditto.
* src/engine.c (_gpgme_engine_op_decrypt): Ditto.
(_gpgme_engine_op_decrypt_verify): Ditto.
* src/engine-backend.h (struct engine_ops): Extend DECRYPT and
DECRYPT_VERIFY_START with override_session_key.
* src/engine-uiserver.c (_uiserver_decrypt): Add stub arg
override_session_key.
(uiserver_decrypt): Ditto.
(uiserver_decrypt_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Ditto.
* src/engine-gpg.c (gpg_decrypt): Add arg override_session_key and set
corresponding gpg option.

* tests/run-decrypt.c (print_result): Print the session key if
available.
(main): Add options --export-session-key and --override-session-key.

--

To keep the number of context manipulation functions at bay, this
patches removes the just added gpgme_set_export_session_keys and
gpgme_get_export_session_keys by flags for the generic context
function.

The patch also implements the --override-session-key feature.

GnuPG-bug-id: 2754
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 10:34:13 +01:00
Werner Koch
3234b1bf1d
core: Add public function gpgme_get_ctx_flag.
* src/gpgme.h.in (gpgme_get_ctx_flag): New.
* src/gpgme.c (gpgme_set_ctx_flag): Move down the file and add a trace
statement.
(gpgme_get_ctx_flag): New.
* src/gpgme.def, src/libgpgme.vers: Add new interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 09:24:17 +01:00
Daniel Kahn Gillmor
cad1210fb8
core: Enable extraction of session keys.
* src/gpgme.c (gpgme_set_export_session_keys): New function.
(gpgme_get_export_session_keys): New function.
* src/gpgme.h.in (struct _gpgme_op_decrypt_result): Add session_key
member.
(gpgme_{set,get}_export_session_keys): Declare new functions.
* src/libgpgme.vers, src/gpgme.def: Export new functions in shared
object.
* src/engine.h: (_gpgme_engine_op_decrypt) Add export_session_key
parameter.
(_gpgme_engine_op_decrypt_verify): Add export_session_key parameter.
* src/engine-backend.h: (struct engine_ops): Change function
pointer declarations to match.
* src/context.h (struct gpgme_context): Add export_session_keys member.
* src/decrypt.c (release_op_data): Free result.session_key.
(_gpgme_decrypt_status_handler): Store a copy of the exported session
key.
(decrypt_start): Pass export_session_keys from the context.
* src/decrypt-verify.c (decrypt_verify_start): Pass
export_session_keys from context.
* src/engine.c (_gpgme_engine_op_decrypt): Pass through
export_session_key flag.
(_gpgme_engine_op_decrypt_verify): Pass through export_session_key
flag.
* src/engine-gpg.c (gpg_decrypt): If export_session_key is set, add
--export-session-key to argument list.
* src/engine-gpgsm.c (gpgsm_decrypt): Ignore export_session_key for
now, since gpgsm offers no such mechanism.
* src/engine-uiserver.c (_uiserver_decrypt): If export_session_key is
set, add --export-session-key flag to cmd.
* doc/gpgme.texi: Document new functions and session_key member of
decrypt_result_t.
* doc/uiserver.texi: Add --export-session-key flag to DECRYPT command.

--

gpg(1) documents session key export as useful for key escrow, and is
rightly dubious of that use case.  However, session key export is also
useful in other use cases.  Two examples from MUA development (where
this functionality would be specifically useful to me right now):

 * If the MUA stores a local copy of the session key upon decrypting
   the message, it can re-decrypt the message without expensive
   asymmetric operations.  When rendering a thread with dozens of
   encrypted messages, this can represent a significant speedup.

 * A user may have expired encryption-capable secret key material,
   along with many messages encrypted to that material.  If she stores
   the session keys for those messages she wants to keep, she can
   destroy her secret key material and make any messages she has
   deleted completely unrecoverable, even to an attacker who gets her
   remaining secret keys in the future.

This patchset makes a two specific implementation decisions that could
have gone in different ways.  I welcome feedback on preferred outcomes.

 0) session key representation: we currently represent the session key
    as an opaque textual string, rather than trying to provide any
    sort of in-memory structure.  While it wouldn't be hard to parse
    the data produced by gpg's --export-session-key, I chose to use
    the opaque string rather than lock in a particular data format.

 1) API/ABI: i've added a member to gpgme_op_decrypt_result_t.  This
    has the potential to cause an out-of-bound memory access if
    someone uses code compiled against the newer verision, but linked
    at runtime against an older version.  I've attempted to limit that
    risk by documenting that users must verify
    gpgme_get_export_session_keys() before accessing this new struct
    member -- this means that code expecting this capability will
    require the symbol at link-time, and will refuse to link against
    older versions.

    Another approach to solving this problem would be to avoid
    modifying gpgme_op_decrypt_result_t, and to introduce instead a
    new function gpgme_op_session_key(), which could be called in the
    same places as gpgme_op_decrypt_result().  Depending on the
    representation of the session key, this might introduce new
    memory-management burdens on the user of the library, and the
    session key is certainly part of a decryption result, so it seemed
    simpler to go with what i have here.

If anyone has strong preferences that these choices should be solved
in a different way, i'm happy to hear them.

Additionally, I note that i'm also still pretty unclear about how the
"UI Server" fits into this whole ecosystem. In particular, I don't
know whether it's kosher to just add an --export-session-key flag to
the DECRYPT operation without actually having implemented it anywhere,
but i don't see where i would actually implement it either :/

If this patch (or some variant) is adopted, i will supply another
patch that permits offering a session key during decryption (e.g. "gpg
--override-session-key"), but I wanted to get these implementation
choices ironed out first.

Gnupg-Bug-Id: 2754
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

On the concern of adding a new field to a structure: It may not be
clearly documented but we don't expect that a user ever allocates such
a structure - those result structure may only be created bu gpgme and
are read-only for the user.  Adding a new member constitutes a
compatible ABI change and thus an older SO may not be used by code
compiled with a header for the newer API.  Unless someone tinkers with
the build system, this should never happen.  We have added new fields
to result structure may times and I can't remember any problems.

 - wk
2016-11-15 08:52:06 +01:00
Daniel Kahn Gillmor
16a3020506
doc: Correct deftypefun for gpgme_op_decrypt_verify_start.
* doc/gpgme.texi: Documentationabout gpgme_op_decrypt_verify_start was
stored under the name gpgme_op_decrypt_verify instead.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-11 15:17:45 +01:00
Daniel Kahn Gillmor
d50bdb269e
doc: Correct text about gpgme_cancel_async.
* doc/gpgme.texi: Documentation about gpgme_cancel_async should refer
to the correct name.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-11 15:16:53 +01:00
Werner Koch
05775b5248
doc: Fix regression in macro handling
--

The way macros are handled seem to have changed since 2008.  Fix that:

Reported-by: dkg@fifthhorseman.net
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-11 15:10:57 +01:00