Commit Graph

359 Commits

Author SHA1 Message Date
Werner Koch
d75b2a9151
Support GPGME_ENCRYPT_ALWAYS_TRUST also for S/MIME.
* src/engine-gpgsm.c (gpgsm_encrypt): Send the always-trust options.

* tests/run-encrypt.c: Add option --always-trust.
--

Note that the run-encrypt test tool used to assume always-trust for
OpenPGP since 1.7.0 This bug has also been fixed by introducing the
explicit option.

GnuPG-bug-id: 6559
2023-08-31 12:02:02 +02:00
Ingo Klöcker
bc98f01c85
core: Use offline mode for all operations of gpgsm engine
* src/engine-backend.h (keylist, keylist_ext): Remove engine_flags.
* src/engine-gpg.c (gpg_keylist, gpg_keylist_ext): Ditto.
* src/engine.c, src/engine.h (_gpgme_engine_op_keylist): Ditto.
(_gpgme_engine_op_keylist_ext): Ditto.
* src/engine.h (GPGME_ENGINE_FLAG_OFFLINE): Remove.
* src/engine-gpgsm.c (struct engine_gpgsm): New field flags with offline
flag.
(have_gpgsm_version): New.
(gpg_set_engine_flags): Set the offline flag.
(start): Send OPTION "offline".
(gpgsm_keylist, gpgsm_keylist_ext): Remove engine_flags.  Remove
sending of OPTION "offline".
* src/keylist.c (gpgme_op_keylist_start, gpgme_op_keylist_ext_start):
Remove setting of offline flag.
--

GnuPG-bug-id: 6648
2023-08-14 12:24:00 +02:00
Ingo Klöcker
1a9f192ab4
core: Support reading the archive to decrypt/verify directly from a file
* src/engine-gpg.c (add_file_name_arg_or_data): New.
(gpg_decrypt): Use add_file_name_arg_or_data instead of add_data for the
ciphertext.
(gpg_verify): Use add_file_name_arg_or_data instead of add_data for the
signature and the signed text.

* tests/run-decrypt.c (show_usage): New option --direct-file-io.
(main): Parse new option. If option is given, then don't open input
file, create simple data object instead of data object from stream and
set input file name on input data.
* tests/run-verify.c (show_usage): New option --direct-file-io.
(main): Parse new option. If option is given, then don't open input
files, create simple data objects instead of data objects from stream
and set input file names on input data objects.
--

This change makes it possible to tell gpg (and gpgtar) to read the
input (i.e. the signed/encrypted data or the signature or the created
archive) directly from the files with given file names instead of from
streams piped through GpgME's Data IO.

GnuPG-bug-id: 6530
2023-06-21 14:38:50 +02:00
Ingo Klöcker
c38b620039
core: Support writing the sign/encrypt output directly to a file
* src/engine-gpg.c (gpg_encrypt): Pass output file name to gpg if output
has file name set.
(gpg_encrypt_sign): Ditto.
(gpg_sign): Ditto.

* tests/run-encrypt.c (show_usage): New option --output.
(main): Parse new option. Set file name on output if --output is given.
Do not print output if --output is given.
* tests/run-sign.c (show_usage): New option --output.
(main): Parse new option. Set file name on output if --output is given.
Do not print output if --output is given.
--

This change makes it possible to tell gpg (and gpgtar) to write the
output (i.e. the signed/encrypted data or the signature or the created
archive) directly to a file with given file name instead of piping
the output back to gpgme.

GnuPG-bug-id: 6530
2023-06-19 18:08:47 +02:00
Ingo Klöcker
7990f70107
doc,cpp: Treat GPG_ERR_FULLY_CANCELED as canceled
* doc/gpgme.texi (GPG_ERR_FULLY_CANCELED): New.
* lang/cpp/src/context.cpp (Error::isCanceled): Also return true for
GPG_ERR_FULLY_CANCELED.
--

For internal purposes, GnuPG sometimes uses the error code
GPG_ERR_FULLY_CANCELED instead of GPG_ERR_CANCELED. From a user
perspective both values mean the same thing and should therefore be
treated identically.

GnuPG-bug-id: 6510
2023-06-01 09:37:41 +02:00
Werner Koch
9c5506fde7
core: Switch to logging via gpgrt
* src/debug.c (errfp): Remove.
(debug_init): Factor some code out to ...
(safe_to_use_debug_file): new.
(tid_log_callback): New.
(debug_init): Rewrite to make use of gpgrt logging.
(_gpgme_debug): Ditto.
(_gpgme_debug_end): Remove extra LF testing code.
* src/dirinfo.c (get_gpgconf_item): Remove now unneeded LFs.  Realign
output.
2023-02-10 11:12:52 +01:00
Ingo Klöcker
472f109138
doc: Update "since" version
--
2023-01-31 12:13:29 +01:00
Werner Koch
5d07f8db77
doc: Fix description of gpgme_data_identify
--
GnuPG-bug-id: 5887
2023-01-31 09:53:20 +01:00
Ingo Klöcker
1328a57586
doc: Fix syntax errors
--

GnuPG-bug-id: 6342
2023-01-27 12:11:21 +01:00
Ingo Klöcker
3580bb139b
core: Update required GnuPG version for new archive features
* src/engine-gpg.c (gpg_decrypt, gpg_encrypt, gpg_encrypt_sign,
gpg_sign, gpg_verify): Require gpg 2.4.1.

--

To work properly the archive feature needs a fix added in GnuPG 2.4.1.

GnuPG-bug-id: 6342
2023-01-26 09:52:11 +01:00
Ingo Klöcker
ab7146aa61
doc: Update NEWS and API documentation
--

GnuPG-bug-id: 6342
2023-01-25 12:17:05 +01:00
Ingo Klöcker
95ea3bf831
core: Support usage of gpgtar for decrypting an encrypted archive
* src/gpgme.h.in (GPGME_DECRYPT_ARCHIVE): New decryption flag.
* src/engine-gpg.c (gpg_decrypt): Set use_gpgtar engine flag if
GPGME_DECRYPT_ARCHIVE flag is set. Check for new enough gpg and
incompatible flags. Use add_gpg_arg_with_value for gpg-only options
with a value and add_gpg_arg for gpg-only options without a value.
Set extra options for gpgtar and pass input data to stdin when using
gpgtar.

* tests/run-decrypt.c (show_usage): New options --archive and
--directory.
(main): Parse new options. Decrypt with gpgtar if --archive is given.
Set file name of output data to value of --directory option.
--

GnuPG-bug-id: 6342
2023-01-24 12:32:23 +01:00
Ingo Klöcker
419adf41af
core: Allow setting the base directory when creating an archive
* src/engine-gpg.c (gpg_encrypt, gpg_encrypt_sign, gpg_sign): Pass
file name set in data with --directory option to gpgtar.

* tests/run-encrypt.c (show_usage): New option --directory.
(main): Parse new option. Set file name of input data to option value.
* tests/run-sign.c (show_usage): New option --directory.
(main): Parse new option. Set file name of input data to option value.
--

GnuPG-bug-id: 6342
2023-01-23 12:17:22 +01:00
Ingo Klöcker
4c872b6741
doc: Update NEWS and API documentation
--

GnuPG-bug-id: 6342
2023-01-19 12:08:35 +01:00
Ingo Klöcker
7a68a1ca64
doc: Document socketdir value of gpgme_get_dirinfo
--
2023-01-18 10:37:39 +01:00
Ingo Klöcker
12e490d97f
core: Extend gpgme_get_dirinfo to return the gpgtar name
* src/dirinfo.c (WANT_GPGTAR_NAME): New.
(dirinfo): Add field gpgtar_name.
(get_gpgconf_item): Build gpgtar_name on demand and return it.
(_gpgme_get_default_gpgtar_name) : New.
(gpgme_get_dirinfo): New value "gpgtar-name" for WHAT.
* src/util.h (_gpgme_get_default_gpgtar_name): New.

* tests/t-engine-info.c (main): Add gpgtar-name to the output.

GnuPG-bug-id: 6342
2023-01-18 10:30:17 +01:00
NIIBE Yutaka
a9921d797b
doc: Don't use AM_PATH_GPGME_PTHREAD any more.
--

GnuPG-bug-id: 6285
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-29 11:18:40 +09:00
NIIBE Yutaka
ae2057e601
doc: Update documentation for gpgme.pc and pkg-config.
--

GnuPG-bug-id: 6274
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-15 14:25:26 +09:00
Ingo Klöcker
4f874ea431
core: New context flag "no-auto-check-trustdb"
* src/context.h (gpgme_context): Add field no_auto_check_trustdb.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add flag
"no-auto-check-trustdb".
* src/engine-gpg.c (engine_gpg): Add flags.no_auto_check_trustdb.
(gpg_set_engine_flags): Set the flag.
(build_argv): Pass option to gpg.

* tests/run-keylist.c (show_usage, main): Add option --no-trust-check.
--

This makes the --no-auto-check-trustdb option available in the GPGME API
to disable the potentially expensive automatic trust database check.

GnuPG-bug-id: 6261
2022-11-04 10:38:41 +01:00
Werner Koch
1c9694f8d5
core: New global flags "inst-type".
* src/gpgme.c (gpgme_set_global_flag): Add flag "inst-type".
* src/w32-util.c (_gpgme_set_get_inst_type): New.
(INST_TYPE_GPG4WIN_DIR): New.
(INST_TYPE_GPGDESK_DIR): New.
(_gpgme_get_gpgconf_path): Implement this flag.  Replace fixed strings
by the macros.
* src/posix-util.c (_gpgme_set_get_inst_type): New dummy.
--

This is intended for use by Kleopatra to reliable find the expected
GnuPG installation.
2022-10-26 12:10:57 +02:00
Werner Koch
b1e5f3b183
core: Fix SIG_CREATED status parsing for 0x1F sigs
* src/sign.c (parse_sig_created): Special case the rfc4880 "1F" status.
--

This has always been wrong but we can't simply force strtol to assume
hex.  Patch compiles but has received no specific test.  For details
see
GnuPG-bug-id: 6223
2022-09-29 09:59:27 +02:00
Ingo Klöcker
aff9aaac68 core: Support --locate-external-keys command of gpg
* src/gpgme.h.in (GPGME_KEYLIST_MODE_FORCE_EXTERN): New.
(GPGME_KEYLIST_MODE_LOCATE_EXTERNAL): New.
* src/gpgme.c (gpgme_set_keylist_mode): Check for invalid mode.
* src/engine-gpg.c (gpg_keylist_build_options): Use
"--locate-external-keys" instead of "--locate-keys" if flag is set.
* src/gpgme-json.c (op_keylist): New flag "force-extern".
* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Handle
new mode.
--

GnuPG-bug-id: 5951
2022-04-27 16:57:17 +02:00
NIIBE Yutaka
b10791b055 doc: Remove explanation about AM_PATH_GPGME_PTH for GNU Pth.
--

The commit 3ddf4c3d40 in 2011 removed
the support.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-08 09:19:19 +09:00
Ingo Klöcker
ff3c93881a doc: Remove bogus documentation
--

These lines were accidentally added with the documentation for
gpgme_op_setexpire. The actual documentation for gpgme_op_revuid_start
is a bit further down.
2022-03-28 17:22:48 +02:00
Ingo Klöcker
3c2cff74b5 core: New function gpgme_op_receive_keys
* src/gpgme.h.in (gpgme_op_receive_keys_start, gpgme_op_receive_keys):
New.
* src/gpgme.def, src/libgpgme.vers: Add them.
* src/engine-backend.h (struct engine_ops): Add arg keyids to field
'import'.
* src/engine.h, src/engine.c (_gpgme_engine_op_import): Add arg keyids.
* src/engine.c (_gpgme_engine_op_import): Forward new arg keyids.
* src/import.c: (_gpgme_op_import_start, _gpgme_op_import_keys_start):
Pass NULL to new arg of _gpgme_op_import_start.
(_gpgme_op_receive_keys_start, gpgme_op_receive_keys_start,
gpgme_op_receive_keys): New.
* src/engine-gpg.c (gpg_import): Add arg keyids. Extend check for
valid arguments. Build command line if keyids are given.
* src/engine-gpgsm.c (gpgsm_import): Add arg keyids. Return error if
keyids is not NULL.

tests/run-receive-keys.c: New.
tests/Makefile.am (noinst_PROGRAMS): Add new test runner.
--

The new function allows importing keys given by their key ids or
fingerprints from a keyserver (like gpg's --recv-keys command).

GnuPG-bug-id: 5808
2022-02-03 15:56:30 +01:00
Werner Koch
5bb4174efa
doc: Fixed type of an object member
--

GnuPG-bug-id: 5719
2022-01-20 20:36:03 +01:00
Ingo Klöcker
0e19c48791 core: New export mode to export secret subkeys.
* src/gpgme.h.in (GPGME_EXPORT_MODE_SECRET_SUBKEY): New.
* src/export.c (check_mode): Allow new mode and check for invalid
combinations.
(export_keys_start): Return error if new mode flag is set.
* src/engine-gpg.c (export_common): Implement.
* src/gpgme-tool.c (cmd_export): New option --secret-subkey.
* tests/run-export.c (main): New option --secret-subkey.
--

This adds support for exporting secret subkeys (via gpg's
--export-secret-subkeys) to gpgme_op_export[_ext][_start].
The flag is not supported by gpgme_op_export_keys[_start] because
there is no way to specify which subkey(s) to export with these
functions.

GnuPG-bug-id: 5757
2022-01-04 09:23:40 +01:00
Ingo Klöcker
414bbdd53c doc: Remove documentation of obsolete export mode flag
* doc/gpgme.texi: Remove GPGME_EXPORT_MODE_NOUID.
--

Support for this experimental flag has been removed with revision
c8fd8870b3.

GnuPG-bug-id: 5757
2022-01-04 09:23:27 +01:00
Ingo Klöcker
305d8668ca core: Detect bad passphrase error on certificate import
* src/import.c (gpgme_op_import_result): Check fpr for NULL.
(parse_error): New.
(import_status_handler): Handle error status line.

* doc/gpgme.texi (gpgme_import_status_t): Mention that fpr can be NULL.

* tests/gpg/t-import.c (check_result): Check fpr for NULL.
* tests/run-threaded.c (delete_impres): Check fpr for NULL.
--

When importing an encrypted certificate a wrong passphrase may be
entered. In this case gpgsm emits a status line with a bad passphrase
error and an "invalid object" error. To make it possible for callers
to handle a wrong passphrase error more gracefully, an import status
with bad passphrase error is added to the import result for each
status line with bad passphrase error.

GnuPG-bug-id: 5713
2021-12-22 15:25:42 +01:00
Ingo Klöcker
d35d44efaf core: Allow setting import filters when importing keys
* src/context.h (struct gpgme_context): New field import_filter.
* src/engine-backend.h (struct engine_ops): Add arg import_filter to
field 'import'.
* src/engine-gpg.c (gpg_import): Add arg import_filter and pass option
--import-filter with argument value to gpg. Adjust all callers.
* src/engine-gpgsm.c (gpgsm_import): Add dummy arg import_filter.
* src/gpgme.c (gpgme_release): Free 'import_filter'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag "import-filter".

* tests/run-import.c (main): Add option --import-filter.
--

This makes the --import-filter option available in the GPGME API for
key imports.

GnuPG-bug-id: 5739
2021-12-14 15:44:37 +01:00
Ingo Klöcker
60880adafa core: Allow specifiying a key origin when importing keys
* src/context.h (struct gpgme_context): New field key_origin.
* src/engine-backend.h (struct engine_ops): Add arg key_origin to
field 'import'.
* src/engine-gpg.c (gpg_import): Add arg key_origin and pass option
--key-origin with argument value to gpg. Adjust all callers.
* src/engine-gpgsm.c (gpgsm_import): Add dummy arg key_origin.
* src/gpgme.c (gpgme_release): Free 'key_origin'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag "key-origin".

* tests/run-import.c (main): Add option --key-origin.
* tests/gpg/t-import.c (main): Set and verify key origin.
--

This makes the --key-origin option available in the GPGME API for
key imports.

GnuPG-bug-id: 5733
2021-12-13 16:52:23 +01:00
Ingo Klöcker
c89226d47f doc: Fix a few errors in the documentation of gpgme_op_import_*
--
2021-12-13 16:07:54 +01:00
Ingo Klöcker
0ac3679a74 core: Support all components with dirinfo()
* src/dirinfo.c (WANT_KEYBOXD_NAME, WANT_AGENT_NAME, WANT_SCDAEMON_NAME,
WANT_DIRMNGR_NAME, WANT_PINENTRY_NAME): New.
(dirinfo): Add fields keyboxd_name, agent_name, scdaemon_name,
dirmngr_name, pinentry_name.
(parse_output): Support "keyboxd", "gpg-agent", "scdaemon", "dirmngr",
"pinentry".
(get_gpgconf_item): Return new components.

tests/t-engine-info.c (main): Add new components to the output.
--

GnuPG-bug-id: 5727
2021-12-10 12:04:05 +01:00
Ingo Klöcker
34d9defc42 core: Allow specifying an expiration date for key signatures
* src/context.h (struct gpgme_context): Add 'cert_expire'.
* src/engine-gpg.c (append_args_from_cert_expire): New.
(gpg_edit): Set option according to the new flag.
* src/gpgme.c (gpgme_release): Free 'cert_expire'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add "cert-expire".

* tests/gpg/Makefile.am (c_tests): Add new test.
(gpg.conf): Write "allow-weak-key-signatures" to gpg.conf.
* tests/gpg/t-edit-sign.c: New.
--

The new context flag "cert-expire" allows setting the expiration date
for key signatures created with gpgme_op_interact.

GnuPG-bug-id: 5336, 5505
2021-06-22 16:35:03 +02:00
Werner Koch
fde20940b5
core: New data flags "io-buffer-size" and "sensitive".
* src/data.c (_gpgme_data_release): Free buffers.
(gpgme_data_seek): Adjust from renamed fields.
(gpgme_data_set_flag): Implement new flags.
(_gpgme_data_inbound_handler): Allow the use of a malloced buffer.
(_gpgme_data_outbound_handler): Ditto.
* src/data.h (BUFFER_SIZE): Move out of the struct definition.
(struct gpgme_data): Remove pending filed and introduce inbound and
outbound fields.

* src/conversion.c (_gpgme_wipememory): New.  Taken from GnuPG.
* src/cJSON.c (wipememory): Use this here too.

* tests/run-decrypt.c (main): Add options "--large-buffers" and
"--sensitive".
--

GnuPG-bug-id: 5478
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-14 19:51:28 +02:00
Ingo Klöcker
276187f6b6 core: Extend gpgme_key_sig_t with trust signature members.
* src/gpgme.h.in (struct _gpgme_key_sig): Add fields 'trust_depth',
'trust_value', and 'trust_scope'.
* src/key.c (gpgme_key_unref): Free trust_scope.
* src/keylist.c (keylist_colon_handler): Set the fields.
* tests/run-keylist.c (main): Print the fields.
--

The trust signature values are part of gpg's output since the year 2003.
This now adds support to gpgme.

GnuPG-bug-id: 5245, 5419
2021-05-05 19:23:48 +02:00
Werner Koch
0821e2b149
core: New flag GPGME_KEYSIGN_FORCE.
* src/gpgme.h.in (GPGME_KEYSIGN_FORCE): New.
* src/engine-gpg.c (gpg_keysign): Implement.

* tests/run-keysign.c (show_usage): Add option --force
--

GnuPG-bug-id: 4584
2021-03-11 11:49:07 +01:00
Ingo Klöcker
f3407d0ee4 core: New function gpgme_op_revsig.
* src/gpgme.h.in (gpgme_op_revsig_start, gpgme_op_revsig): New.
(GPGME_REVSIG_LFSEP): New.
* src/context.h (ctx_op_data_id_t): Add OPDATA_REVSIG.
* src/revsig.c: New.
* src/Makefile.am (main_sources): Add revsig.
* src/libgpgme.vers, src/gpgme.def: Add gpgme_op_revsig and
gpgme_op_revsig_start.
* src/engine.h, src/engine.c: (_gpgme_engine_op_revsig): New.
* src/engine-backend.h (engine_ops): Add 'revsig' and adjust all
engine initializers.
* src/engine-gpg.c (gpg_revsig): New.
(_gpgme_engine_ops_gpg): Set revsig to gpg_revsig.
* doc/gpgme.texi: Document new functions.
* tests/run-keysign.c: Add option --revoke.
--

This extends GPGME to support the --quick-revoke-sig command
added by GnuPG 2.2.24. This allows revoking key signatures.

GnuPG-bug-id: 5094
2020-10-29 12:57:10 +01:00
Ingo Klöcker
db82e99a8a core: New function gpgme_op_setexpire.
* src/gpgme.h.in (gpgme_op_setexpire_start, gpgme_op_setexpire): New.
* src/libgpgme.vers, src/gpgme.def: Add new functions.
* src/genkey.c (setexpire): New.
(gpgme_op_setexpire_start, gpgme_op_setexpire): New.
* src/engine.h, src/engine.c: (_gpgme_engine_op_setexpire): New.
* src/engine-backend.h (engine_ops): Add 'setexpire' and adjust all
engine initializers.
* src/engine-gpg.c (gpg_setexpire): New.
(_gpgme_engine_ops_gpg): Set setexpire to gpg_setexpire.
* doc/gpgme.texi: Document new functions.
* tests/run-genkey.c: Add option --setexpire.
--

This extends GPGME to support the --quick-set-expire command
added by GnuPG 2.1.22. This allows changing subkeys expiry
date without going through the editinteractor interface.

Co-authored-by: Andre Heinecke <aheinecke@gnupg.org>
GnuPG-bug-id: 4999
2020-08-04 16:51:56 +02:00
Werner Koch
7f9e0ca57b
core: New export mode to export as OpenSSH public key.
* src/gpgme.h.in (GPGME_EXPORT_MODE_SSH): New.
* src/export.c (export_ext_start): Allow for new mode.
* src/engine-gpg.c (export_common): Implement.
* tests/run-export.c (status_cb): New.
(main): New options --status and --ssh.
--

GnuPG-bug-id: 4310
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-16 12:00:46 +02:00
Werner Koch
8589091682
core: Deprecate the non-working trustlist functions.
* src/gpgme.h.in: Clarify that the trustlist function should not be
used.
* src/engine.c (_gpgme_engine_op_trustlist): Always return an error.
* src/engine-backend.h (struct engine_ops): Remove trustlist member.
* src/engine-gpg.c (gpg_trustlist): Remove.
(struct engine_ops): Remove that member.  Also in all other engines.
* tests/gpg/t-trustlist.c: Remove.
* lang/python/tests/t-trustlist.py: Remove.
--

This never worked in reality because the required feature has been
removed from GnuPG version 1.3.2 soon after introduction of this
feature in gpgme - 17 years ago.  It was anyway marked as
experimental.  We keep the API and ABI, though.

GnuPG-bug-id: 4834
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-15 16:34:24 +02:00
Werner Koch
c8048bf8eb
core: New keylist mode GPGME_KEYLIST_MODE_WITH_KEYGRIP.
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_KEYGRIP): New.
* src/gpgme-json.c (op_keylist): New flag "keygrip".
* src/engine-gpg.c (gpg_keylist_build_options): Pass the options.

* lang/cpp/src/global.h (WithKeygrip): New.
* lang/cpp/src/context.cpp: Add check.
* lang/cpp/src/key.cpp (Key::update): Handle WithKeygrip.
* lang/cpp/src/verificationresult.cpp: Ditto.
* lang/cpp/src/util.h (add_to_gpgme_keylist_mode_t): Ditto.
--

GnuPG-bug-id: 4939
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-15 14:11:17 +02:00
Andre Heinecke
88f3202521
doc: Explain verify_result_t.status == 0 more
* doc/gpgme.texi (gpgme_verify_result_t): Explain
GPGME_STATUS_NO_ERROR more clearly.

--
This might help to avoid misunderstandings how the
status can be interpreted and explains why a verify
of unsigned PGP Data returns no error.

As a reaction to CVE-2020-10759 discovered by Justin Steven.
2020-06-09 10:22:27 +02:00
dupgit
49c13854f3
GPGME_CREATE_NOEXPIRE is only available since 1.9.0
* doc/gpgme.texi: Fixes version number from 1.8.0 to
   1.9.0 for GPGME_CREATE_NOEXPIRE.

GnuPG-Bug-Id: T4922
Signed-off-by: dupgit <olivier.delhomme@free.fr>
2020-05-08 12:34:20 +02:00
Werner Koch
004fdf61c8
core: Make sure the keygrip is available in WITH_SECRET mode.
* src/engine-gpg.c (gpg_keylist_build_options): Send --with-keygrip
if --with-secret is used.
--

Since GnuPG 2.2.19 the keygrip was not anymore send if only
--with-secret was used in a public key listing.  Given that
--with-secret requires computation of the keygrip anyway, there is no
point in not requesting the keyrip in this case.

GnuPG-bug-id: 4820
2020-05-08 11:18:42 +02:00
Werner Koch
3afa534645
core: New context flags "include-key-block" and "auto-key-import".
* src/gpgme.c (gpgme_set_ctx_flag): Add flags "include-key-block" and
"auto-key-import".
(gpgme_get_ctx_flag): Ditto.
* src/context.h (struct gpgme_context): Add flags include_key_block
and auto_key_import.
* src/engine-gpg.c (struct engine_gpg): Likewise.
(gpg_set_engine_flags): Set the flags for gpg versions >= 2.2.20.
(gpg_decrypt): Set option according to the new flags.
(gpg_encrypt): Ditto.
(gpg_encrypt_sign): Ditto.
(gpg_sign): Ditto.
(gpg_verify): Ditto.

tests/run-verify: Add option --auto-key-import.
tests/run-sign: add option --include-key-block.
--

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-17 17:24:21 +01:00
Werner Koch
5eeae535ee
core: Extend gpgme_user_id_t with uidhash member.
* src/gpgme.h.in (struct _gpgme_user_id): Add field 'uidhash'.
* src/key.c (gpgme_key_unref): Free it.
* src/keylist.c (keylist_colon_handler): Set it.
* tests/run-keylist.c (main): Print it.
--

The uidhash value is part of gpg's output since the year 2005.  This
now adds support to gpgme.  The application for uidhash is to select
a user id in an edit interactor: Instead of giving the number of the
user id, the uidhash value can be be used to avoid tracking the user
id numbers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-13 15:11:00 +01:00
Andre Heinecke
7e7eaf4342
Revert "doc: Remove UI Server documentation"
This reverts commit 1b2ad3b73c.

--
Just removing the documentation was not the right way as
this is still in use.
2019-12-11 10:30:41 +01:00
Andre Heinecke
1b2ad3b73c
doc: Remove UI Server documentation
* doc/Makefile.am: Remove uiserver.texi
* doc/gpgme.texi: Remove UI-Server mentions.
* doc/uiserver.texi: Removed.

--
This prepares the removal of UI Server from implementing
applications like Kleopatra.
The only user of the UI Server is GpgEX and even that
does not need it at all and is better served with process
calls.

GnuPG-Bug-Id: T4030
2019-11-12 11:04:11 +01:00
Andre Heinecke
0224408c63
core: Add cert-notation support and extended-edit
* src/context.h (gpgme_context): Add new flag for extended-edit.
* src/engine-gpg.c (append_args_from_sig_notations): Add flags to
control the kind of notations.
(gpg_edit): Respect extended-edit and notations.
(gpg_encrypt_sign, gpg_sign): Update call to
append_args_from_sig_notations.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Support
extended-edit.
* NEWS, doc/gpgme.texi: Mention extended-edit.

--
This provides a way to get the extended key-edit interface without
breaking bad state machines that rely on the current command flow.

A use case for this is to enable multiple local signatures, which
can be used together with annotations for:

GnuPG-Bug-Id: T4734
2019-10-29 16:11:54 +01:00