diff options
Diffstat (limited to '')
| -rw-r--r-- | agent/agent.h | 4 | ||||
| -rw-r--r-- | agent/gpg-agent.c | 9 | ||||
| -rw-r--r-- | agent/protect.c | 3 | ||||
| -rw-r--r-- | doc/gpg-agent.texi | 14 |
4 files changed, 30 insertions, 0 deletions
diff --git a/agent/agent.h b/agent/agent.h index 7bb46faa1..19f9f4997 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -171,6 +171,10 @@ struct /* The digest algorithm to use for ssh fingerprints when * communicating with the user. */ int ssh_fingerprint_digest; + + /* The value of the option --s2k-count. If this option is not given + * or 0 an auto-calibrated value is used. */ + unsigned long s2k_count; } opt; diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 030d1da83..2e19d19c1 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -134,6 +134,8 @@ enum cmd_and_opt_values oPuttySupport, oDisableScdaemon, oDisableCheckOwnSocket, + oS2KCount, + oWriteEnvFile }; @@ -248,6 +250,8 @@ static ARGPARSE_OPTS opts[] = { ), ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"), + ARGPARSE_s_u (oS2KCount, "s2k-count", "@"), + /* Dummy options for backward compatibility. */ ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"), @@ -819,6 +823,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) disable_check_own_socket = 0; /* Note: When changing the next line, change also gpgconf_list. */ opt.ssh_fingerprint_digest = GCRY_MD_MD5; + opt.s2k_count = 0; return 1; } @@ -910,6 +915,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.ssh_fingerprint_digest = i; break; + case oS2KCount: + opt.s2k_count = pargs->r.ret_ulong; + break; + default: return 0; /* not handled */ } diff --git a/agent/protect.c b/agent/protect.c index c257861e2..ab26220f5 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -198,6 +198,9 @@ get_standard_s2k_count (void) { static unsigned long count; + if (opt.s2k_count) + return opt.s2k_count < 65536 ? 65536 : opt.s2k_count; + if (!count) count = calibrate_s2k_count (); diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index d7a562af1..6579622d8 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -648,6 +648,19 @@ Select the digest algorithm used to compute ssh fingerprints that are communicated to the user, e.g. in pinentry dialogs. OpenSSH has transitioned from using MD5 to the more secure SHA256. +@item --s2k-count @var{n} +@opindex s2k-count +Specify the iteration count used to protect the passphrase. This +option can be used to override the auto-calibration done by default. +This auto-calibration computes a count which requires 100ms to mangle +a given passphrase. To view the auto-calibrated count do not use this +option (or use 0 for @var{n}) and run this command: + +@example +gpg-connect-agent 'GETINFO s2k_count' /bye +@end example + + @end table All the long options may also be given in the configuration file after @@ -813,6 +826,7 @@ again. Only certain options are honored: @code{quiet}, @code{pinentry-invisible-char}, @code{default-cache-ttl}, @code{max-cache-ttl}, @code{ignore-cache-for-signing}, +@code{s2k-count}, @code{no-allow-external-cache}, @code{allow-emacs-pinentry}, @code{no-allow-mark-trusted}, @code{disable-scdaemon}, and @code{disable-check-own-socket}. @code{scdaemon-program} is also |