diff options
| author | Werner Koch <[email protected]> | 2021-08-13 11:42:31 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-08-13 11:42:31 +0000 |
| commit | 7c45a69eb988e9c0329d75900af0c5b1e47291b7 (patch) | |
| tree | 96ced8bfada21a95699d862e4b44ad8025c43573 /doc/gpg-agent.texi | |
| parent | indent: Add a git blame ignore file (diff) | |
| download | gnupg-7c45a69eb988e9c0329d75900af0c5b1e47291b7.tar.gz gnupg-7c45a69eb988e9c0329d75900af0c5b1e47291b7.zip | |
agent: New option --check-sym-passphrase-pattern.
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg. Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing. Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constrainst flag from the supplied pinentry
struct.
--
Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different. Thus a
the use of a different pattern file will be useful. Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.
GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'doc/gpg-agent.texi')
| -rw-r--r-- | doc/gpg-agent.texi | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index a061283d6..5413a88ac 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -205,14 +205,14 @@ if used in an options file. @item -v -@item --verbose +@itemx --verbose @opindex verbose Outputs additional information while running. You can increase the verbosity by giving several verbose commands to @command{gpg-agent}, such as @samp{-vv}. @item -q -@item --quiet +@itemx --quiet @opindex quiet Try to be as quiet as possible. @@ -429,11 +429,15 @@ of digits or special characters a warning will be displayed. Defaults to 1. @item --check-passphrase-pattern @var{file} +@itemx --check-sym-passphrase-pattern @var{file} @opindex check-passphrase-pattern +@opindex check-sym-passphrase-pattern Check the passphrase against the pattern given in @var{file}. When entering a new passphrase matching one of these pattern a warning will -be displayed. @var{file} should be an absolute filename. The default is -not to use any pattern file. +be displayed. @var{file} should be an absolute filename. The default +is not to use any pattern file. The second version of this option is +only used when creating a new symmetric key to allow the use of +different patterns for such passphrases. Security note: It is known that checking a passphrase against a list of pattern or even against a complete dictionary is not very effective to |