| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Returning -1 as an error code is not very clean given that gpg error
has more descriptive error codes. Thus we now return
GPG_ERR_NOT_FOUND for all search operations and adjusted all callers.
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
|
|
| |
The protection used in the exported key used a different iteration
count than given in the S2K field. Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again. Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
|
| |
|
|
|
|
| |
Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'. This happened when I merged the user id
classification code of gpgsm and gpg.
|
| |
|
|
|
| |
This option may be used to change the default ttl values use with the
--preset option of GENKEY and PASSWD.
|
| |
|
|
|
| |
* keylist.c (list_keyblock_colon): Use get_ownertrust_info, not
get_ownertrust (which lead to binary zeroes in the output!).
|
| |
|
|
|
|
|
|
| |
2011-04-20 Marcus Brinkmann <[email protected]>
* command.c (cmd_import_key): Release key from failed import
before converting openpgp private key in the openpgp-private-key
case.
|
| |
|
|
| |
Check for an error before presetting the passphrase.
|
| |
|
|
|
| |
The previous patch required that the keygrip be cached before adding the
new passphrase to the cache. No more.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
the second field which shows the location of the key.
|
| |
|
|
|
|
|
|
|
|
|
| |
To better cope with round robin pooled A records like keys.gnupg.net
we need to keep some information on unresponsive hosts etc. What we
do now is to resolve the hostnames, remember them and select a random
one. If a host is dead it will be marked and a different one
selected. This is intended to solve the problem of long timeouts due
to unresponsive hosts.
The code is not yet finished but selection works.
|
| |
|
|
|
|
|
|
|
|
|
| |
This helps in the case of an unknown key algorithm with a corrupted
packet which claims a longer packet length. This used to allocate the
announced packet length and then tried to fill it up without detecting
an EOF, thus taking quite some time. IT is easy to fix, thus we do
it. However, there are many other ways to force gpg to use large
amount of resources; thus as before it is strongly suggested that the
sysadm uses ulimit do assign suitable resource limits to the gpg
process. Suggested by Timo Schulz.
|
| |
|
|
|
|
| |
Factoring common code out is always a Good Thing. Also added a
configure test to print an error if gcry_kdf_derive is missing in
Libgcrypt.
|
| |
|
|
|
|
|
| |
This is so that we read compatible with gnutls's certtool. Only
AES-128 is supported. The latest Libgcrypt from git is required.
Fixes bug#1321.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Without Libgcrypt 1.5 is was not possible to use ECC keys. ECC is
major new feature and thus it does not make sense to allow building
with an older Libgcrypt without supporting ECC.
Also fixed a few missing prototypes.
|
| |
|
|
| |
passphrase will be truncated to the first encountered null byte.
|
| |
|
|
|
| |
This provides the framework and implements the ask, cancel and error.
loopback will be implemented later.
|
| | |
|
| |
|
|
|
|
|
| |
* keyid.c (hash_public_key): Remove shadowing NBITS.
* misc.c (pubkey_nbits): Replace GCRY_PK_ by PUBKEY_ALGO_.
(get_signature_count): Remove warning.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is not a part of pin pad support series of mine.
As I found the bug while I am preparing the patches, I report this.
As CCID protocol is little endian, wLangId of US English = 0x0409
is represented as two bytes of 0x09 then 0x04.
It is really confusing that the code like following is floating
around:
pin_verify -> wLangId = HOST_TO_CCID_16(0x0904);
But, it is 0x0409 (not 0x0904). It is defined in the documentation:
http://www.usb.org/developers/docs/USB_LANGIDs.pdf
and origin of this table is Microsoft. We can see it at:
http://msdn.microsoft.com/en-us/library/bb165625%28VS.80%29.aspx
Yes, it would be better not to hard-code 0x0409. It would be better
to try current locale of the user, or to use the first entry of string
descriptor. I don't have time to implement such a thing...
|
| |
|
|
|
|
|
| |
This was a regression in 2.1 introduced due to having the agent do the
signing in contrast to the old "SCD PKSIGN" command which accesses the
scdaemon directly and passed the hash algorithm. The hash algorithm
is used by app-openpgp.c only for a sanity check.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
a mode of CACHE_MODE_NORMAL. These cache modes are created with PKDECRYPT.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.
Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file. An example parameter file
is
Key-Type: RSA
Key-Length: 1024
Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
Key-Usage: sign, encrypt
Serial: random
Name-DN: CN=some test key
Name-Email: [email protected]
Name-Email: [email protected]
Hash-Algo: SHA384
not-after: 2038-01-16 12:44
This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm. The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This solves a problem where ccid was used, the card unplugged and then
scdaemon tries to find a new (plugged in) reader and thus will
eventually try PC/SC over and over again.
Also added an explicit --kill command to gpgconf.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also updated de.po
|
| |
|
|
|
|
| |
The import test imports the keys as needed and because they are
passphrase protected we now need a pinentry script to convey the
passphrase to gpg-agent.
|
