| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* build-aux/speedo.mk: Remove support gpgme.
* build-aux/speedo/w32/inst.nsi: Ditto.
* build-aux/speedo/w32/wixlib.wxs: Remove the gpgme components.
--
GPGME is either already availabale on Unix platforms or can be
installed on Widnows with gpg4win. GnuPG itself does not require
gpgme.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_pubkey): Factor code out to ...
(get_pubkey_bykid): new. Add feature to return the keyblock.
(get_pubkey_for_sig): Add arg r_keyblock to return the used keyblock.
Request a signing usage.
(get_pubkeyblock_for_sig): Remove.
(finish_lookup): Improve debug output.
* g10/sig-check.c (check_signature): Add arg r_keyblock and pass it
down.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Use the keyblock returned by do_check_sig to
show further information instead of looking it up again with
get_pubkeyblock_for_sig. Also re-check the signature after the import
of an included keyblock.
--
The problem here is that it is possible to import a key from someone
who added a signature subkey from another public key and thus inhibits
that a good signature good be verified.
Such a malicious key signature subkey must have been created w/o the
mandatory backsig which bind a signature subkey to its primary key.
For encryption subkeys this is not an issue because the existence of a
decryption private key is all you need to decrypt something and then
it does not matter if the public subkey or its binding signature has
been put below another primary key; in fact we do the latter for
ADSKs.
GnuPG-bug-id: 7527
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| | |
|
| | |
|
| |
|
|
|
| |
--
GnuPG-bug-id: 7479
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* g10/trustdb.c (validate_keys): Take care of --quiet.
--
GnuPG-bug-id: 7351
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
| |
* g10/keylist.c (list_keyblock_colon): Put the algo string into the
curve field for Kyber.
--
GnuPG-bug-id: 6638
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (PQC_STD_KEY_PARAM_PRI, PQC_STD_KEY_PARAM_SUB): New.
(PQC_STD_KEY_PARAM): Construct from above.
(gen_kyber): Allow short curve names.
(ask_algo): Add Entry for ecc+kyber.
(ask_kyber_variant): New.
(generate_keypair): Generate ECC primary and Kyber sub.
--
GnuPG-bug-id: 6638
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/crlcache.c (crl_cache_list): Print a summary of URLs.
* sm/call-dirmngr.c (gpgsm_dirmngr_run_command): Print a notice to
stdout if the dirmngr has been disabled.
--
GnuPG-bug-id: 7337
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--
GnuPG-bug-id: 7286
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (proc_tree): Do not stop signature checking if this
new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--
GnuPG-bug-id: 7261
|
| |
|
|
|
|
|
|
|
|
|
|
| |
--
bzip2 is a make-only package and thus we can't set the prefix with
configure. We need to set PREFIX here so that the install target:
if ( test ! -d $(PREFIX)/lib ) ; then mkdir -p $(PREFIX)/lib;fi
[...]
does not try to install to the default PREFIX /usr/local/lib.
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
* g10/keygen.c (do_generate_keypair): Check for draf Kyber stuff.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Fixed conflicts in:
NEWS
g10/call-agent.c
g10/options.h
kbx/kbxutil.c
tools/gpgconf.c
|
| | |
| |
| |
| | |
--
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
--
Resolved conflicts:
NEWS
common/exechelp-w32.c
configure.ac
|
| | |
| |
| |
| | |
--
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
--
Reported-by: Andreas Metzler <[email protected]>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
--
Fixed conflicts:
NEWS
configure.ac
doc/gpg.texi
|
| | |
| |
| |
| | |
--
|
| | | |
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/homedir.c (copy_dir_with_fixup) [W32]: Fold double
backslashes.
--
This is in general no problem but when we hash or compare the directory
to test whether tit is the standard home directory, we may use a
different socket file and thus a second instance of a daemon.
GnuPG-bug-id: 6833
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Fixed conflicts in
NEWS
g10/encrypt.c
sm/encrypt.c
sm/sign.c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/compliance.h (PK_ALGO_FLAG_ECC18): New.
* common/compliance.c (gnupg_pk_is_allowed): Implement.
* sm/decrypt.c (gpgsm_decrypt): Pass new flag.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6802
|
| |\|
| |
| |
| |
| |
| |
| | |
* common/b64dec.c (b64decode): Move to ...
* common/miscellaneous.c: here.
* common/t-b64.c: Re-inroduce and keep only the b64decode test code.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* common/gettime.c (asctimestamp) [W32]: Use ".UTF8" for the locale.
--
This has been suggested by the reporter of
GnuPG-bug-id: 6741
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* dirmngr/server.c (ensure_keyserver): Detect special value "none"
(cmd_keyserver): Ignore "none" and "hkp://none".
--
GnuPG-bug-id: 6708
|
| |\| |
|
| | |
| |
| |
| | |
--
|
| | | |
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| | |
--
|
| | | |
|
| | |
| |
| |
| | |
--
|
