aboutsummaryrefslogtreecommitdiffstats
path: root/agent/command.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* agent: Extend the PINENTRY_LAUNCHED inquiry and status.Werner Koch2016-11-031-3/+4
| | | | | | | | | * agent/call-pinentry.c (start_pinentry): Get flavor and version and pass it to agent_inq_pinentry_launched. * agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA. * g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic. Signed-off-by: Werner Koch <[email protected]>
* agent: Slightly change structure of cmd_readkey.Werner Koch2016-10-241-29/+31
| | | | | | | | | | | | | | | * agent/command.c (cmd_readkey): Avoid a leave label in the middle of the code. Remove the special return. -- This helps to get better debug output. The set_error macro which is used by parse_keygrip merely sets the error code into the Assuan context. It is thus no problem anymore to call leave_cmd after having used set_error. This might havve been diffferent in the past. Signed-off-by: Werner Koch <[email protected]>
* Fix use cases of snprintf.NIIBE Yutaka2016-10-211-1/+1
| | | | | | | | | | | * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent, g10: Fix keygen.NIIBE Yutaka2016-10-201-1/+1
| | | | | | | | | * agent/command.c (cmd_readkey): Get length after card_readkey. * g10/keygen.c (gen_card_key): Fix off-by-one error. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add --card option for READKEY.NIIBE Yutaka2016-10-201-12/+57
| | | | | | | | | | * agent/findkey.c (agent_write_shadow_key): New. * agent/command-ssh.c (card_key_available): Use agent_write_shadow_key. * agent/learncard.c (agent_handle_learn): Likewise. * agent/command.c (cmd_readkey): Add --card option. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix more spellingDaniel Kahn Gillmor2016-09-171-1/+1
| | | | | | | | | | | | | | | | | | | * NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c, agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c, common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS, doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi, doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi, doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c, g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c, g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c, sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt, tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm, tests/openpgp/multisig.test, tests/openpgp/verify.scm, tests/pkits/README, tools/applygnupgdefaults, tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c: minor spelling cleanup. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* agent: Silence --debug IPC output for connections from self.Werner Koch2016-09-051-1/+34
| | | | | | | | | | | | * agent/command.c (server_local_s): Add fields 'greeting_seen' and 'connect_from_self'. (io_monitor): Do not log connections from self. (start_command_handler): Set flag 'connect_from_self'. * agent/gpg-agent.c (check_own_socket_thread): Disable logging. (do_start_connection_thread): Do not log conection start and termination if IPC debugging is enabled. Signed-off-by: Werner Koch <[email protected]>
* agent: Small improvement of the server's local state.Werner Koch2016-09-051-10/+10
| | | | | | | * agent/command.c (sserver_local_s): Change flags to use only one bit. (option_handler): Make an atoi return 1 or 0. Signed-off-by: Werner Koch <[email protected]>
* agent: Allow import of overly large keys.Werner Koch2016-08-161-1/+1
| | | | | | | | * agent/command.c (MAXLEN_KEYDATA): Double the size. -- Debian-bug-id: 834447 Signed-off-by: Werner Koch <[email protected]>
* agent: Fix long standing regression tracking the connection count.Werner Koch2016-08-061-0/+9
| | | | | | | | | | | | | | | * agent/gpg-agent.c (get_agent_active_connection_count): New. (do_start_connection_thread, start_connection_thread_ssh): Bump ACTIVE_CONNECTIONS up and down. * agent/command.c (cmd_getinfo): Add subcommand "connections". -- The variable ACTIVE_CONNECTIONS is used to shutdown gpg-agent in a friendly way. Before we switched to nPth a Pth provided count of threads was used for this. During the migration to nPth ACTIVE_CONNECTIONS was introduced and checked but never set. Signed-off-by: Werner Koch <[email protected]>
* More cleanup of "allow to".Daniel Kahn Gillmor2016-08-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | * README, agent/command.c, agent/keyformat.txt, common/i18n.c, common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c, dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE, doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi, doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt, g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4, m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po, po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po, po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po, po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po, scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c, sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to" with clearer text. In standard English, the normal construction is "${XXX} allows ${YYY} to" -- that is, the subject (${XXX}) of the sentence is allowing the object (${YYY}) to do something. When the object is missing, the phrasing sounds awkward, even if the object is implied by context. There's almost always a better construction that isn't as awkward. These changes should make the language a bit clearer. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* agent: Fix envvars for UPDATESTARTUPTTY.NIIBE Yutaka2016-07-131-6/+6
| | | | | | | | | | agent/command.c (cmd_updatestartuptty): Use session_env_list_stdenvnames to get the list. -- Debian-bug-id: 801247 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Add openpgp_protected flag to agent secret key export functionsDaniel Kahn Gillmor2016-06-111-1/+6
| | | | | | | | | | | | | | | | | * g10/call-agent.c, g10/call-agent.h (agent_export_key): Add openpgp_protected flag. * g10/export.c (receive_seckey_from_agent): Request openpgp_protected secret keys from agent. * agent/command.c (hlp_export_key): EXPORT_KEY help text: add a brief description of the effect of --openpgp. -- The --openpgp flag for gpg-agent's EXPORT_KEY actually forces encryption in a certain (RFC 4880-compatible format). This changeset exposes that functionality in internal functions, and clarifies functionality in the agent's help text. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Replace use of opt.homedir by accessor functions.Werner Koch2016-06-071-1/+2
| | | | | | | | | | | | | | | | | | | * common/homedir.c (the_gnupg_homedir): New var. (gnupg_set_homedir): New. (gnupg_homedir): New. * g10/options.h (struct opt): Remove 'homedir' and replace all users by the new accessor functions. * g13/g13-common.h (struct opt): Ditto. * scd/scdaemon.h (struct opt): Ditto. * sm/gpgsm.h (struct opt): Ditto. * dirmngr/dirmngr.h (struct opt): Ditto. * agent/preset-passphrase.c (opt_homedir): Ditto. * agent/protect-tool.c (opt_homedir): Ditto. -- This will make detection of a non-default homedir easier. Signed-off-by: Werner Koch <[email protected]>
* gpg: Try to use the passphrase from the primary for --quick-addkey.Werner Koch2016-06-021-4/+45
| | | | | | | | | | | | | | | * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow unattended deletion of secret keys.Werner Koch2016-05-101-2/+8
| | | | | | | | | | | | | | | * agent/command.c (cmd_delete_key): Make the --force option depend on --disallow-loopback-passphrase. * g10/call-agent.c (agent_delete_key): Add arg FORCE. * g10/delkey.c (do_delete_key): Pass opt.answer_yes to agent_delete_key. -- Unless the agent has been configured with --disallow-loopback-passpharse an unattended deletion of a secret key is now possible with gpg by using --batch _and_ --yes. Signed-off-by: Werner Koch <[email protected]>
* agent: Implement new protection mode openpgp-s2k3-ocb-aes.Werner Koch2016-04-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/protect.c (agent_protect): Add arg use_ocb. Change all caller to pass -1 for default. * agent/protect-tool.c: New option --debug-use-ocb. (oDebugUseOCB): New. (opt_debug_use_ocb): New. (main): Set option. (read_and_protect): Implement option. * agent/protect.c (OCB_MODE_SUPPORTED): New macro. (PROT_DEFAULT_TO_OCB): New macro. (do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp, and timestamp_exp_len. Implement OCB. (agent_protect): Change to support OCB. (do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len. Implement OCB. (merge_lists): Allow NULL for sha1hash. (agent_unprotect): Change to support OCB. (agent_private_key_type): Remove debug output. -- Instead of using the old OpenPGP way of appending a hash of the plaintext and encrypt that along with the plaintext, the new scheme uses a proper authenticated encryption mode. See keyformat.txt for a description. Libgcrypt 1.7 is required. This mode is not yet enabled because there would be no way to return to an older GnuPG version. To test the new scheme use gpg-protect-tool: ./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key ./gpg-protect-tool -av -P abc -u <prot.key Any key from the private key storage should work. Signed-off-by: Werner Koch <[email protected]>
* common: Consolidate Assuan server argument handling.Justus Winter2016-03-021-80/+1
| | | | | | | | | | | | | | | * common/Makefile.am (common_sources): Add new files. * common/server-help.c: New file. * common/server-help.h: Likewise. * agent/command.c: Drop argument handling primitives in favor of using the consolidated ones. * dirmngr/server.c: Likewise. * g10/server.c: Likewise. * g13/server.c: Likewise. * scd/command.c: Likewise. * sm/server.c: Likewise. Signed-off-by: Justus Winter <[email protected]>
* agent: Send PROGRESS status lines to the client.Werner Koch2016-01-251-0/+18
| | | | | | | | | | | | | | | * agent/gpg-agent.c (struct progress_dispatch_s): New. (progress_dispatch_list): New. (main): Register libgcrypt pogress handler. (agent_libgcrypt_progress_cb): New. (agent_set_progress_cb): New. (unregister_progress_cb): New. (agent_deinit_default_ctrl): Call unregister. * agent/command.c (progress_cb): New. (start_command_handler): Register progress callback. -- Signed-off-by: Werner Koch <[email protected]>
* agent: Typo fix for help text.Werner Koch2016-01-051-1/+1
| | | | --
* agent: IMPORT_KEY with --force option fix.NIIBE Yutaka2015-12-241-1/+1
| | | | | | | | | * agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not to check existing key. (convert_from_openpgp): Ditto. (convert_from_openpgp_native): Call convert_from_openpgp_main with dontcare_exist=0. * agent/command.c (cmd_import_key): Call with dontcare_exist=force.
* agent: Support --force option for IMPORT_KEY.NIIBE Yutaka2015-12-241-5/+7
| | | | * agent/command.c (cmd_keywrap_key): New option --force.
* Fix typos found using codespell.Justus Winter2015-11-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/cache.c: Fix typos. * agent/call-pinentry.c: Likewise. * agent/call-scd.c: Likewise. * agent/command-ssh.c: Likewise. * agent/command.c: Likewise. * agent/divert-scd.c: Likewise. * agent/findkey.c: Likewise. * agent/gpg-agent.c: Likewise. * agent/w32main.c: Likewise. * common/argparse.c: Likewise. * common/audit.c: Likewise. * common/audit.h: Likewise. * common/convert.c: Likewise. * common/dotlock.c: Likewise. * common/exechelp-posix.c: Likewise. * common/exechelp-w32.c: Likewise. * common/exechelp-w32ce.c: Likewise. * common/exechelp.h: Likewise. * common/helpfile.c: Likewise. * common/i18n.h: Likewise. * common/iobuf.c: Likewise. * common/iobuf.h: Likewise. * common/localename.c: Likewise. * common/logging.c: Likewise. * common/openpgp-oid.c: Likewise. * common/session-env.c: Likewise. * common/sexputil.c: Likewise. * common/sysutils.c: Likewise. * common/t-sexputil.c: Likewise. * common/ttyio.c: Likewise. * common/util.h: Likewise. * dirmngr/cdblib.c: Likewise. * dirmngr/certcache.c: Likewise. * dirmngr/crlcache.c: Likewise. * dirmngr/dirmngr-client.c: Likewise. * dirmngr/dirmngr.c: Likewise. * dirmngr/dirmngr_ldap.c: Likewise. * dirmngr/dns-stuff.c: Likewise. * dirmngr/http.c: Likewise. * dirmngr/ks-engine-hkp.c: Likewise. * dirmngr/ks-engine-ldap.c: Likewise. * dirmngr/ldap-wrapper.c: Likewise. * dirmngr/ldap.c: Likewise. * dirmngr/misc.c: Likewise. * dirmngr/ocsp.c: Likewise. * dirmngr/validate.c: Likewise. * g10/encrypt.c: Likewise. * g10/getkey.c: Likewise. * g10/gpg.c: Likewise. * g10/gpgv.c: Likewise. * g10/import.c: Likewise. * g10/keydb.c: Likewise. * g10/keydb.h: Likewise. * g10/keygen.c: Likewise. * g10/keyid.c: Likewise. * g10/keylist.c: Likewise. * g10/keyring.c: Likewise. * g10/mainproc.c: Likewise. * g10/misc.c: Likewise. * g10/options.h: Likewise. * g10/packet.h: Likewise. * g10/parse-packet.c: Likewise. * g10/pkclist.c: Likewise. * g10/pkglue.c: Likewise. * g10/plaintext.c: Likewise. * g10/server.c: Likewise. * g10/sig-check.c: Likewise. * g10/sqlite.c: Likewise. * g10/tdbio.c: Likewise. * g10/test-stubs.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. * g13/create.c: Likewise. * g13/mountinfo.c: Likewise. * kbx/keybox-blob.c: Likewise. * kbx/keybox-file.c: Likewise. * kbx/keybox-init.c: Likewise. * kbx/keybox-search-desc.h: Likewise. * kbx/keybox-search.c: Likewise. * kbx/keybox-update.c: Likewise. * scd/apdu.c: Likewise. * scd/app-openpgp.c: Likewise. * scd/app-p15.c: Likewise. * scd/app.c: Likewise. * scd/ccid-driver.c: Likewise. * scd/command.c: Likewise. * scd/iso7816.c: Likewise. * sm/base64.c: Likewise. * sm/call-agent.c: Likewise. * sm/call-dirmngr.c: Likewise. * sm/certchain.c: Likewise. * sm/gpgsm.c: Likewise. * sm/import.c: Likewise. * sm/keydb.c: Likewise. * sm/minip12.c: Likewise. * sm/qualified.c: Likewise. * sm/server.c: Likewise. * tools/gpg-check-pattern.c: Likewise. * tools/gpgconf-comp.c: Likewise. * tools/gpgkey2ssh.c: Likewise. * tools/gpgparsemail.c: Likewise. * tools/gpgtar.c: Likewise. * tools/rfc822parse.c: Likewise. * tools/symcryptrun.c: Likewise. Signed-off-by: Justus Winter <[email protected]>
* agent: Clarify agent's KEYWRAP_KEY description.Daniel Kahn Gillmor2015-10-281-1/+1
| | | | | | -- Signed-Off-By: Daniel Kahn Gillmor <[email protected]>
* Fix pinentry loopback and passphrase contraints.Ben Kibbey2015-08-161-0/+3
| | | | | | | | | | | * agent/command.c (cmd_get_passphrase): Don't repeat passphrase for pinentry loopback mode. * agent/genkey.c (check_passphrase_constraints): Immediately return when pinentry mode is loopback. -- Fixes endless loop when inquiring a passphrase with pinentry-mode=loopback that may not satisfy passphrase contraints.
* agent: Add option --force to the DELETE_KEY command.Werner Koch2015-08-071-3/+5
| | | | | | | * agent/findkey.c (agent_delete_key): Add arg "force". * agent/command.c (cmd_delete_key): Add option --force. Signed-off-by: Werner Koch <[email protected]>
* Show passphrase constraints errors as password prompt errorsNeal H. Walfield2015-06-291-7/+9
| | | | | | | | | | | | | | | | | | | | * agent/agent.h (check_passphrase_constraints): Add parameter failed_constraint and remove parameter silent. Update callers. * agent/genkey.c (check_passphrase_constraints): Add parameter failed_constraint and remove parameter silent. If FAILED_CONSTRAINT is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway or take_this_one_anyway2. If FAILED_CONSTRAINT is NULL, act as if SILENT was set. (agent_ask_new_passphrase): Change initial_errtext's type from a const char * to a char *. Pass it to check_passphrase_constraints. If it contains malloc's memory, free it. -- Signed-off-by: Neal H. Walfield <[email protected]> Based on a patch provided by Watson Yuuma Sato <[email protected]> in issue 2018.
* agent: Add --verify to the PASSWD command.Werner Koch2015-06-291-5/+15
| | | | | | | | * agent/command.c (cmd_passwd): Add option --verify. -- GnuPG-bug-id: 1951 Signed-off-by: Werner Koch <[email protected]>
* agent: Add experimental option --browser-socket.Werner Koch2015-06-111-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): Add field "browser_socket". * agent/command.c (cmd_setkeydesc): Use a different message for restricted==2. * agent/gpg-agent.c (oBrowserSocket): New. (opts): Add --browser-socket. (socket_name_browser, redir_socket_name_browser): New. (socket_nonce_browser): New. (cleanup): Cleanup browser socket. (main): Implement option. (start_connection_thread_browser): New. (handle_connections): Add arg listen_fd_browser and use it. -- This is very similar to --extra-socket but intended to be used by a web browser session. AS of now it only displays a different "Note: in the Pinentry than --extra-socket but it may eventually be tweaked for the use by browser extensions making use of gpg-agent. It is marked experimental and and thus may be removed in later versions. To better support the different "client classes", it would be useful to add corresponsing cache classes so that each class has its own cache. Signed-off-by: Werner Koch <[email protected]>
* agent: Add command "getinfo std_env_names".Werner Koch2015-06-081-0/+16
| | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_getinfo): Add new sub-command. -- The current output is: > getinfo std_env_names D GPG_TTY D TERM D DISPLAY D XAUTHORITY D XMODIFIERS D GTK_IM_MODULE D QT_IM_MODULE D PINENTRY_USER_DATA OK Note that there is an invisible \x00 at the end of each line.
* agent: Cleanup caching code for command GET_PASSPHRASE.Werner Koch2015-05-201-1/+1
| | | | | | | | | | * agent/command.c (cmd_get_passphrase): Read from the user cache. -- We used to read the passphrase with mode CACHE_MODE_NORMAL but we put it into the cache with CACHE_MODE_USER. However, agent_get_cache does not yet distinguish between them and thus this does not change anything.
* agent: When the password cache is cleared, also clear the ext. cache.Neal H. Walfield2015-05-191-0/+4
| | | | | | | | | * agent/agent.h (agent_clear_passphrase): New declaration. * agent/call-pinentry.c (agent_clear_passphrase): New function. * agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase. -- Signed-off-by: Neal H. Walfield <[email protected]>
* agent: Modify agent_clear_passphrase to support an ext. password cache.Neal H. Walfield2015-05-191-2/+3
| | | | | | | | | | | * agent/agent.h (agent_get_passphrase): Add arguments keyinfo and cache_mode. Update callers. * agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo and cache_mode. If KEYINFO and CACHE_MODE describe a cachable key, then send SETKEYINFO to the pinentry. -- Signed-off-by: Neal H. Walfield <[email protected]>
* agent: Add --force option for LEARN.NIIBE Yutaka2015-04-031-46/+6
| | | | | | | | | * agent/command.c (cmd_learn): Handle --force option. (cmd_keytocard): Don't update key storage file. * agent/agent.h (agent_handle_learn): Add FORCE. * agent/learncard.c (agent_handle_learn): Implement FORCE to update key stroage file. --
* agent: Remove useless conditions in command.c.Werner Koch2015-03-151-6/+6
| | | | | | | | | | | | * agent/command.c (cmd_setkeydesc): Remove NULL check. (cmd_get_passphrase): Ditto. (cmd_clear_passphrase): Ditto. (cmd_get_confirmation): Ditto. (cmd_getval): Ditto. (cmd_putval): Ditto. -- Detected by Stack 0.3.
* agent: Fix use of imported but unprotected openpgp keys.Werner Koch2015-01-291-3/+5
| | | | | | | | | | | | * agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New. * agent/command.c (do_one_keyinfo): Implement it. * agent/findkey.c (agent_key_from_file): Ditto. (agent_key_info_from_file): Ditto. (agent_delete_key): Ditto. * agent/protect.c (agent_private_key_type): Add detection for openpgp "none" method. Signed-off-by: Werner Koch <[email protected]>
* gpg: Re-enable the "Passphrase" parameter for batch key generation.Werner Koch2015-01-211-6/+40
| | | | | | | | | | | | | * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <[email protected]>
* agent: Keep the session environment for restricted connections.Werner Koch2014-12-191-0/+6
| | | | | | | | | | | | | | | | | * agent/command-ssh.c (setup_ssh_env): Move code to ... * agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change calllers. * agent/command.c (start_command_handler): Call that fucntion for restricted connections. -- A remote connection is and should not be able to setup the local session environment. However, unless --keep-display is used we would be left without an environment and thus pinentry can't be used. The fix is the same as used for ssh-agent connection: We use the default environment as used at the startup of the agent. Signed-off-by: Werner Koch <[email protected]>
* agent: Fix string prepended to remotely initiated prompts.Werner Koch2014-12-191-1/+1
| | | | | | | * agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make translatable. Signed-off-by: Werner Koch <[email protected]>
* gpg: Let --card--status create a shadow key (card key stub).Werner Koch2014-12-121-5/+10
| | | | | | | | | | | | | | | | | | * agent/command.c (cmd_learn): Add option --sendinfo. * agent/learncard.c (agent_handle_learn): Add arg "send" andsend certifciate only if that is set. * g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO optional. (agent_learn): Remove. * g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn. -- The requirement of using --card-status on the first use of card on a new box is a bit annoying but the alternative of always checking whether a card is available before a decryption starts does not sound promising either. Signed-off-by: Werner Koch <[email protected]>
* gpg-agent: Add restricted connection feature.Мирослав Николић2014-11-271-42/+138
| | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): Add field extra_socket. (server_control_s): Add field restricted. * agent/command.c: Check restricted flag on many commands. * agent/gpg-agent.c (oExtraSocket): New. (opts): Add option --extra-socket. (socket_name_extra): New. (cleanup): Cleanup that socket name. (main): Implement oExtraSocket. (create_socket_name): Add arg homedir and change all callers. (create_server_socket): Rename arg is_ssh to primary and change callers. (start_connection_thread): Take ctrl as arg. (start_connection_thread_std): New. (start_connection_thread_extra): New. (handle_connections): Add arg listen_fd_extra and replace the connection starting code by parameterized loop. * common/asshelp.c (start_new_gpg_agent): Detect the use of the restricted mode and don't fail on sending the pinentry environment. * common/util.h (GPG_ERR_FORBIDDEN): New.
* Change a couple of files to use abbreviated copyright notes.Werner Koch2014-11-041-3/+2
| | | | | | | | | -- Also fixed some of my own copyright notices due to the termination of my assignment. The one displayed by --version is kept at FSF because we had contributors in 2014 with FSF assignments and it gives the FSF some visibility.
* gpg: Avoid extra pinentries for each subkey in --export-secret-keys.Werner Koch2014-11-021-4/+26
| | | | | | | | * agent/command.c (cmd_export_key): Actually implement the cache_nonce feature. * g10/export.c (do_export_stream): Make use of a cache_nonce. Signed-off-by: Werner Koch <[email protected]>
* Remove support for the GPG_AGENT_INFO envvar.Werner Koch2014-10-031-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): Remove field use_standard_socket. * agent/command.c (cmd_killagent): Always allow killing. * agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and --write-env-file into dummy options. Always return true for --use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar setting or set that envvar. (create_socket_name): Simplify by removing non standard socket support. (check_for_running_agent): Ditto. * common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use. * common/simple-pwquery.c (agent_open): Ditto. * configure.ac (GPG_AGENT_INFO_NAME): Remove. * g10/server.c (gpg_server): Do not print the AgentInfo comment. * g13/server.c (g13_server): Ditto. * sm/server.c (gpgsm_server): Ditto. * tools/gpgconf.c (main): Simplify by removing non standard socket support. -- The indented fix to allow using a different socket than the one in the gnupg home directory is to change Libassuan to check whether the socket files exists as a regualr file with a special keyword to redirect to another socket file name.
* gpg: Fix regression in secret key export.Werner Koch2014-04-151-1/+1
| | | | | | | | | | * agent/cvt-openpgp.c (convert_to_openpgp): Fix use gcry_sexp_extract_param. * g10/export.c (do_export_stream): Provide a proper prompt to the agent. -- NB: The export needs more work, in particular the ECC algorithms.
* agent: Add command DELETE_KEY.Werner Koch2014-04-151-1/+35
| | | | | | | | | | | * agent/command.c (cmd_delete_key): New. * agent/findkey.c (modify_description): Add '%C' feature. (remove_key_file): New. (agent_delete_key): New. * agent/command-ssh.c (search_control_file): Make arg R_DISABLE optional. * configure.ac: Require libgpg-error 1.13.
* agent: Cleanups to prepare implementation of Ed25519.Werner Koch2014-03-221-1/+1
| | | | | | | | | | | | * agent/cvt-openpgp.c: Remove. (convert_to_openpgp): Use gcry_sexp_extract_param. * agent/findkey.c (is_eddsa): New. (agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA. * agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and OVERRIDEDATALEN. * common/ssh-utils.c (is_eddsa): New. (get_fingerprint): Take care or EdDSA.
* agent: API change of agent_key_from_file.NIIBE Yutaka2014-03-111-12/+20
| | | | | | | | | | | | * agent/findkey.c (agent_key_from_file): Always return S-expression. * agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO. (cmd_export_key): Likewise. Free SHADOW_INFO. (cmd_keytocard): Likewise. Release S_SKEY. * agent/pkdecrypt.c (agent_pkdecrypt): Likewise. * agent/pksign.c (agent_pksign_do): Likewise. Use the S-expression to know the key type. Signed-off-by: NIIBE Yutaka <[email protected]>
* Make use of the *_NAME etc macros.Werner Koch2013-11-181-4/+10
| | | | | | | | | Replace hardwired strings at many places with new macros from config.h and use the new strusage macro replacement feature. * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn sentinels. * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
* gpg: Make decryption with the OpenPGP card work.Werner Koch2013-08-281-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <[email protected]>