diff options
| -rw-r--r-- | doc/DETAILS | 25 | ||||
| -rw-r--r-- | doc/gpg.texi | 2 | ||||
| -rw-r--r-- | sm/decrypt.c | 8 | ||||
| -rw-r--r-- | sm/sign.c | 15 |
4 files changed, 31 insertions, 19 deletions
diff --git a/doc/DETAILS b/doc/DETAILS index 4c1e9b67c..eee640a01 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -1695,6 +1695,7 @@ Description of some debug flags: - RFC-1750 :: Randomness Recommendations for Security - RFC-1991 :: PGP Message Exchange Formats (obsolete) - RFC-2144 :: The CAST-128 Encryption Algorithm + - RFC-2253 :: UTF-8 String Representation of Distinguished Names. - RFC-2279 :: UTF-8, a transformation format of ISO 10646 - RFC-2440 :: OpenPGP (obsolete). - RFC-3156 :: MIME Security with Pretty Good Privacy (PGP). @@ -1813,3 +1814,27 @@ Description of some debug flags: it is also possible to set them direct: Use a "=" character directly followed by a combination of "a" (for authentication), "s" (for signing), or "c" (for certification). + +** extendedKeyUsage and keyUsage in gpgsm + +This table describes how the extended KeyUsage masks the KeyUsage. + + | ExtKeyUsage | Valid KeyUsages | + |-----------------+------------------| + | serverAuth | digitalSignature | + | | keyEncipherment | + | | keyAgreement | + |-----------------+------------------| + | clientAuth | digitalSignature | + | | keyAgreement | + |-----------------+------------------| + | codeSigning | digitalSignature | + |-----------------+------------------| + | emailProtection | digitalSignature | + | | nonRepudiation | + | | keyEncipherment | + | | keyAgreement | + |-----------------+------------------| + | timeStamping | digitalSignature | + | | nonRepudiation | + |-----------------+------------------| diff --git a/doc/gpg.texi b/doc/gpg.texi index 7a4935fc6..393267858 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -622,7 +622,7 @@ outputs an endless stream of hex-encoded octets. The special level @item --gen-prime @var{mode} @var{bits} @opindex gen-prime Use the source, Luke :-). The output format is subject to change -with ant release. +with any release. @item --enarmor diff --git a/sm/decrypt.c b/sm/decrypt.c index 3702cd893..68b362b45 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -37,14 +37,6 @@ #include "../common/tlv.h" #include "../common/compliance.h" -/* We can provide an enum value which is only availabale with KSBA - * 1.6.0 so that we can compile even against older versions. Some - * calls will of course return an error in this case. This value is - * currently not used because the cipher mode is sufficient here. */ -/* #if KSBA_VERSION_NUMBER < 0x010600 /\* 1.6.0 *\/ */ -/* # define KSBA_CT_AUTHENVELOPED_DATA 10 */ -/* #endif */ - struct decrypt_filter_parm_s { @@ -300,7 +300,6 @@ add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert) } -#if KSBA_VERSION_NUMBER >= 0x010400 && 0 /* 1.4.0 */ static gpg_error_t add_signed_attribute (ksba_cms_t cms, const char *attrstr) { @@ -378,7 +377,12 @@ add_signed_attribute (ksba_cms_t cms, const char *attrstr) } /* Store the data in the CMS object for all signers. */ +#if 0 err = ksba_cms_add_attribute (cms, -1, fields[0], 0, der, derlen); +#else + (void)cms; + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); +#endif if (err) { log_error ("invalid attribute specification '%s': %s\n", @@ -391,7 +395,6 @@ add_signed_attribute (ksba_cms_t cms, const char *attrstr) xfree (fields); return err; } -#endif /*ksba >= 1.4.0 */ @@ -474,9 +477,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if (!err) err = ksba_cms_set_content_type (cms, 1, -#if KSBA_VERSION_NUMBER >= 0x010400 && 0 opt.authenticode? KSBA_CT_SPC_IND_DATA_CTX : -#endif KSBA_CT_DATA ); if (err) @@ -758,8 +759,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, } } - /* We can add signed attributes only when build against libksba 1.4. */ -#if KSBA_VERSION_NUMBER >= 0x010400 && 0 /* 1.4.0 */ { strlist_t sl; @@ -767,10 +766,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if ((err = add_signed_attribute (cms, sl->d))) goto leave; } -#else - if (opt.attributes) - log_info ("Note: option --attribute is ignored by this version\n"); -#endif /*ksba >= 1.4.0 */ /* We need to write at least a minimal list of our capabilities to |