aboutsummaryrefslogtreecommitdiffstats
path: root/agent/findkey.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* agent: Fix a memory leak.Sorah Fukumori2025-01-141-0/+1
| | | | | | | | | * agent/findkey.c (read_key_file): Free BUF. -- Fixes-commit: 434a641d40cbff82beb9f485e0adca72419bfdf2 Signed-off-by: Sorah Fukumori <[email protected]>
* agent: Better diagnostic for a failed key unprotection.Werner Koch2024-09-271-0/+2
| | | | | | | | * agent/findkey.c (unprotect): Print a diagnostic if unprotection failed. -- GnuPG-bug-id: 6375
* indent: Fix spellingDaniel Kahn Gillmor2024-05-311-1/+1
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* agent: Add "ephemeral" Assuan option.Werner Koch2024-01-221-103/+277
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (struct ephemeral_private_key_s): New. (struct server_control_s): Add ephemeral_mode and ephemeral_keys. (GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New. * agent/genkey.c (clear_ephemeral_keys): New. (store_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_genkey): Replace args no_protection and preset by a generic new flags arg. * agent/findkey.c (wipe_and_fclose): New. (agent_write_private_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_update_private_key): Ditto (read_key_file): Ditto. (agent_key_available): Ditto. * agent/command-ssh.c (card_key_available): Do not update display s/n in ephemeral mode. This is however enver triggred. * agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral keys. * agent/command.c (cmd_genkey): Use the new flags instead of separate vars. (cmd_readkey): Create a shadow key only in non-ephemeral_mode. (cmd_getinfo): Add sub-command "ephemeral". (option_handler): Add option "ephemeral". -- The idea here that a session can be switched in an ephemeral mode which does not store or read keys from disk but keeps them local to the session. GnuPG-bug-id: 6944
* agent: Update the key file only if changed (slight return).Werner Koch2023-11-211-12/+52
| | | | | | | | | | * agent/findkey.c (read_key_file): Add optional arg r_orig_key_value to return the old Key value. Change all callers. (agent_write_private_key): Detect whether the Key entry was really changed. -- GnuPG-bug-id: 6829
* agent: Update the key file only if not changed.Werner Koch2023-11-211-1/+10
| | | | | | | | | | | | | | | | | | | | * common/name-value.c (struct name_value_container): Add flag "modified". (nvc_modified): New. (nvc_new): Set flag. (_nvc_add): Set flag. (nvc_delete): Set flag. (nvc_set): Set flag unless value did not change. (nve_set): Add arg PK. Change the caller. * agent/findkey.c (agent_write_private_key): Update only if modified. -- This helps software which uses a file system watcher to track changes to private keys. In particular smartcard triggered changes are a problem for such software because this may at worst trigger another smartcard read. GnuPG-bug-id: 6829
* agent: Initialize FP for the case of error return.NIIBE Yutaka2023-10-061-1/+1
| | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Initialize FP. -- Cherry-picked from master commit of: a8618fdccdab228a8bbe3efeb87223a68fa57219 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix agent_update_private_key.NIIBE Yutaka2023-10-041-1/+1
| | | | | | | | | | | | * agent/findkey.c (agent_update_private_key): Check FNAME0. -- Cherry-pick master commit of: 08e529fa7cfa8f55256337dd525fe8724c78cd92 Fixes-commit: a216e9c028ee389c4bf0250b822d567ffe9ad85e Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Do not overwrite a key file by a shadow key file.Werner Koch2023-05-261-90/+64
| | | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Partly rewrite to align with 2.2 code and to make sure that we don't overwrite a real key. (is_shadowed_key): New. -- This change is now also needed in 2.4 due to the the former change "Create and use Token entries to track the display s/n". GnuPG-bug-id: 6386
* agent: Update key files by first writing to a temp file.Werner Koch2023-05-261-66/+97
| | | | | | | * agent/findkey.c (fname_from_keygrip): New. (agent_write_private_key): Use here. Use temp file for updating. (agent_update_private_key): Use fname_from_keygrip and use gnupg rename function instead of a vanilla rename.
* agent: Create and use Token entries to track the display s/n.Werner Koch2023-05-261-10/+51
| | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Add arg dispserialno and update the token. (agent_write_shadow_key): Add arg dispserialno and adjust all callers. -- GnuPG-bug-id: 6135 Note that this has been forward ported from 2.2
* agent: Make --disable-extended-key-format a dummy option.Werner Koch2023-03-131-137/+108
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): Remove enable_extended_key_format. * agent/gpg-agent.c (enum cmd_and_opt_values): Turn oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy options. * agent/protect.c (do_encryption): Remove arg use_ocb and corresponding code. (agent_protect): Ditto. Change all callers. * agent/findkey.c (agent_write_private_key): Simplify due to the removal of disable-extended-key-format. (write_extended_private_key): Fold into agent_write_private_key. -- This change is related to GnuPG-bug-id: 6386 but should have no visible effect except for the removal of option --disable-extended-key-format.
* agent: Show "no secret key" instead of "card removed".Werner Koch2023-03-011-0/+9
| | | | | | | | | | | | | | | * agent/findkey.c (agent_key_from_file): Check the error of read_key_file again. * agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was found. Also remove useless condition. -- The first patch fixes a likely merge error. The second is about the actual return code: If we have no smardcard but simply try to decrypt with the current smartcard we should return the originla error code. GnuPG-bug-id: 5170 Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
* ssh: Allow to define the order in which keys are returned.Werner Koch2023-02-011-5/+10
| | | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (public_key_from_file): Add arg r_sshorder. (agent_ssh_key_from_file): Ditto. * agent/command-ssh.c (struct key_collection_item_s): New. (struct key_collection_s): New. (search_control_file): Add art r_lnr. (add_to_key_array): New. (free_key_array): New. (compare_key_collection_items): New. (ssh_send_available_keys): Rewrite to return the keys in the user given order. -- GnuPG-bug-id: 6212 We now first return the keys from active cards, followed by keys listed in sshcontrol, finally from those with the "Use-for-ssh" key attribute. Keys from active cards are returned sorted by their S/N. Keys from sshcontrol are returned in the order they are given in that file. Use-for-ssh keys are ordered by the value assigned to that key attribute. The values for the latter are clamped at 99999.
* doc: Update description of the key format.Werner Koch2022-08-161-1/+1
| | | | --
* agent: New option --need-attr for KEYINFO.Werner Koch2022-08-111-5/+1
| | | | | | | | | | | | | | * agent/command.c (do_one_keyinfo): New arg need_Attr. (cmd_keyinfo): New option --need-attr. * agent/findkey.c (public_key_from_file): Use nvc_get_boolean. -- This option makes it easier to list keys suitable only for certain purposes. The second patch makes if compliant to the description in keyformat.txt
* agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:".NIIBE Yutaka2022-06-281-15/+1
| | | | | | | | | | * agent/command-ssh.c: Fix comments. * agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check. -- GnuPG-bug-id: 5996 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Flush before calling ftruncate.NIIBE Yutaka2022-06-231-0/+2
| | | | | | | | | | * agent/findkey.c (write_extended_private_key): Make sure it is flushed out. -- GnuPG-bug-id: 6035 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add KEYATTR command.NIIBE Yutaka2022-06-221-3/+55
| | | | | | | | | | | | | | | | | * agent/agent.h (agent_raw_key_from_file): Add R_KEYMETA argument. (agent_update_private_key): New. * agent/command-ssh.c (data_sign): Follow the change of the function agent_raw_key_from_file. * agent/command.c (do_one_keyinfo): Likewise. (cmd_keyattr): New. (register_commands): Add an entry of cmd_keyattr. * agent/findkey.c (agent_update_private_key): New. (agent_raw_key_from_file): Add R_KEYMETA argument. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Improve "Insert the card" message.Werner Koch2022-06-171-1/+2
| | | | * agent/findkey.c (prompt_for_card): Don't print "(null").
* agent: New field "Prompt" to prevent asking card key insertion.NIIBE Yutaka2022-05-271-4/+21
| | | | | | | | | * agent/findkey.c (prompt_for_card): Add "Prompt" field handling. -- GnuPG-bug-id: 5987 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,ssh: Support "Use-for-ssh" flag in private key.NIIBE Yutaka2022-05-261-10/+22
| | | | | | | | | | * agent/findkey.c (public_key_from_file): Support "Use-for-ssh" when it's in extended format. -- GnuPG-bug-id: 5985 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,ssh: Make not-inserted OpenPGP.3 keys available for SSH.NIIBE Yutaka2022-05-261-5/+43
| | | | | | | | | | | | | | | | | | * agent/agent.h (agent_ssh_key_from_file): New. * agent/command-ssh.c (get_ssh_keyinfo_on_cards): New. (ssh_send_available_keys): Loop on the GNUPG_PRIVATE_KEYS_DIR. Support keys by agent_ssh_key_from_file. (ssh_handler_request_identities): Move card key handling to ssh_send_available_keys. * agent/findkey.c (public_key_from_file): New. Adding handling for SSH. (agent_public_key_from_file): Use public_key_from_file. (agent_ssh_key_from_file): New. -- GnuPG-bug-id: 5996 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Show "Label:" field of private key when prompt the insertion.NIIBE Yutaka2022-05-201-24/+27
| | | | | | | | | | * agent/findkey.c (prompt_for_card): Use "Label:" field. (agent_key_from_file): Use KEYMETA. -- GnuPG-bug-id: 5986 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Move confirmation handling into findkey.c.NIIBE Yutaka2022-05-201-4/+122
| | | | | | | | | | | | | | | | | | * agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API. (divert_pksign, divert_pkdecrypt): Likewise. * agent/divert-scd.c (ask_for_card): Remove. (divert_pksign, divert_pkdecrypt): Don't call ask_for_card. * agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Remove DESC_TEXT argument. * agent/findkey.c (prompt_for_card): New (was: ask_for_card). (agent_key_from_file): Call prompt_for_card when it's a key on card. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API. * agent/pksign.c (agent_pksign_do): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Pop up dialog window for confirmation, when specified so.NIIBE Yutaka2022-05-191-0/+39
| | | | | | | | | * agent/findkey.c (agent_key_from_file): Support "Confirm:". -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Supply GRIP=NULL for agent_key_from_file, for real use.NIIBE Yutaka2022-05-191-16/+17
| | | | | | | | | | | | * agent/findkey.c (agent_key_from_file): Change the semantics of GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH. * agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL. * agent/pksign.c (agent_pksign_do): Likewise. -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Use "Created:" field for creation time.NIIBE Yutaka2022-03-251-1/+12
| | | | | | | | | | | | | | * agent/agent.h (agent_key_from_file): Change the declaration. * agent/findkey.c (agent_key_from_file): Return timestamp. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change. * agent/pksign.c (agent_pkdecrypt): Likewise. * agent/command.c (cmd_passwd, cmd_export_key): Likewise. (cmd_keytocard): Use timestamp in private key file in "Created:". -- GnuPG-bug-id: 5538 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.NIIBE Yutaka2021-10-051-1/+1
| | | | | | | | | | | | | | | | * agent/findkey.c (unprotect): Use gnupg_sleep. * agent/gpg-agent.c (handle_connections): Likewise. * dirmngr/crlfetch.c (handle_connections): Likewise. * kbx/keyboxd.c (handle_connections): Likewise. * tpm2d/tpm3daemon.c (handle_connections): Likewise. * scd/scdaemon.c (handle_connections): Likewise. * scd/command.c (cmd_lock): Likewise. * dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise. (ldap_wrapper_wait_connections): Use gnupg_usleep. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Simplify a function.Werner Koch2021-03-181-32/+23
| | | | | | | * agent/findkey.c (agent_public_key_from_file): Use a membuf instead of handcounting space. Signed-off-by: Werner Koch <[email protected]>
* Replace all calls to access by gnupg_accessWerner Koch2020-10-201-2/+2
| | | | | | | | | | | | | | | | * common/sysutils.c (gnupg_access): New. Replace all calls to access by this wrapper. * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8 directory name. (standard_homedir): Adjust for change. (w32_commondir, gnupg_cachedir): Ditto. -- Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows. This is required to correctly handle non-ascii filenames on Windows. GnuPG-bug-id: 5098
* doc: Typo fixesWerner Koch2020-08-251-1/+1
| | | | --
* agent: Allow to pass a timestamp to genkey and import.Werner Koch2020-08-171-12/+29
| | | | | | | | | | | | | | * agent/command.c (cmd_genkey): Add option --timestamp. (cmd_import_key): Ditto. * agent/genkey.c (store_key): Add arg timestamp and change callers. (agent_genkey): Ditto. * agent/findkey.c (write_extended_private_key): Add args timestamp and new key to write a Created line. (agent_write_private_key): Add arg timestamp. (agent_write_shadow_key): Ditto. agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg. Signed-off-by: Werner Koch <[email protected]>
* agent: expose shadow key typeJames Bottomley via Gnupg-devel2020-06-241-2/+3
| | | | | | | | | | -- For TPM support it is necessary to indroduce another type of shadow key, so allow other agent functions to extract the type so they can make the right decisions based on it. Signed-off-by: James Bottomley <[email protected]> Minor editorial changes by wk
* agent: Use get_pk_algo_from_key.NIIBE Yutaka2020-06-191-158/+0
| | | | | | | | * agent/findkey.c (key_parms_from_sexp, is_eddsa): Remove. (agent_pk_get_algo): Remove. * agent/pksign.c (agent_pksign_do): Use get_pk_algo_from_key. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Clean up for getting info from SEXP.NIIBE Yutaka2020-06-191-32/+10
| | | | | | | | | | * agent/agent.h (agent_is_dsa_key, agent_is_eddsa_key): Remove. (agent_pk_get_algo): New. * agent/findkey.c (agent_pk_get_algo): New. * agent/pksign.c (do_encode_dsa): Use generic GCRY_PK_ECC. (agent_pksign_do): Use agent_pk_get_algo. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: A little clean up.NIIBE Yutaka2020-06-191-2/+0
| | | | | | | | | | | * agent/findkey.c (agent_is_eddsa_key): Remove dead case. -- There is no possibility the call of key_parms_from_sexp returns "eddsa". Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,ecc: Use of opaque MPI for ECC, fixup 'd'.NIIBE Yutaka2020-06-051-11/+5
| | | | | | | | | | | * agent/Makefile.am: Add sexp-secret.c. * agent/agent.h: New function declarations. * agent/sexp-secret.c: New. * agent/findkey.c (agent_key_from_file): Use sexp_sscan_private_key. * agent/protect-tool.c (read_and_unprotect): Fix up private part, calling fixup_when_ecc_private_key. Signed-off-by: NIIBE Yutaka <[email protected]>
* Spelling cleanup.Daniel Kahn Gillmor2020-02-181-2/+2
| | | | | | | | | | | | | | | | No functional changes, just fixing minor spelling issues. --- Most of these were identified from the command line by running: codespell \ --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \ --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \ doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \ NEWS README README.maint TODO Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* agent: Allow signing with card key even without a stub key.Werner Koch2020-02-131-0/+2
| | | | | | | | | | | | | | | | | | | | * agent/call-scd.c (agent_card_serialno): Allow NULL for R_SERIAL. (struct readkey_status_parm_s): New. (readkey_status_cb): New. (agent_card_readkey): Add optional arg R_KEYREF and change all callers. * agent/findkey.c (key_parms_from_sexp): Allow also a "public-key". * agent/divert-scd.c (ask_for_card): Allow for SHADOW_INFO being NULL. * agent/pksign.c (agent_pksign_do): Fallback to sign with an on-card if there is no stub key yet. Create the stub key. Also fixed a misnaming between s_pkey and s_skey. -- This change allows to create OpenPGP keys directly from a card without first making sure that a stub key exists. It is also the less surprising behaviour. Signed-off-by: Werner Koch <[email protected]>
* agent: Replace most assert by log_assert.Werner Koch2019-05-141-11/+9
| | | | --
* agent: correct length for uri and comment on 64-bit big-endian platformsDaniel Kahn Gillmor2019-05-141-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (agent_public_key_from_file): pass size_t as int to gcry_sexp_build_array's %b. -- This is only a problem on big-endian systems where size_t is not the same size as an int. It was causing failures on debian's s390x, powerpc64, and sparc64 platforms. There may well be other failures with %b on those platforms in the codebase, and it probably needs an audit. Once you have a key in private-keys-v1.d/$KEYGRIP.key with a comment or a uri of reasonable length associated with it, this fix can be tested with: gpg-agent --server <<<"READKEY $KEYGRIP" On the failing platforms, the printed comment will be of length 0. Gnupg-bug-id: 4501 Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* agent: If a Label is make sure that label is part of the prompt.Werner Koch2019-05-071-0/+40
| | | | | | | | | | | | | | * agent/findkey.c (has_comment_expando): New. (agent_key_from_file): Modify DESC_TEXT. -- A Label entry in the keyfile is always set manually and thus we can assume that the user wants to have this label in the prompt. In case the prompt template does not demand a comment this patch appends a comment to thhe template. This is a common case for on-disk keys used by gpg. Signed-off-by: Werner Koch <[email protected]>
* agent: Allow the use of "Label:" in a key file.Werner Koch2019-05-071-23/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (linefeed_to_percent0A): New. (read_key_file): Add optional arg 'keymeta' and change all callers. (agent_key_from_file): Prefer "Label:" over the comment for protected keys. -- If in the extended key format an item Label: This is my key is found, "This is my key" will be displayed instead of the comment intially recorded in the s-expression. This is pretty useful for the ssh keys because often there is only the original file name recorded in the comment. If no Label is found or it is empty the S-expression comment is used. To show more than one line, the standard name-value syntax can be used, for example: Label: The Ssh key <blank line> <space>I registered on fencepost. Signed-off-by: Werner Koch <[email protected]>
* agent: Put Token lines into the key files.Werner Koch2019-05-031-8/+54
| | | | | | | | | | | | | | | * agent/findkey.c (write_extended_private_key): Add args serialno and keyref. Write a Token line if that does not yet exist. (agent_write_private_key): Add args serialno and keyref and change all callers. (agent_write_shadow_key): Skip leading spaces. * agent/keyformat.txt: Improve extended key format docs. -- Noet that the extended key forma is the defaqult in 2.3. This patch is a first step to better handle tokens which carray the same key. Signed-off-by: Werner Koch <[email protected]>
* agent: Clear bogus pinentry cache, when it causes an error.NIIBE Yutaka2019-01-281-1/+11
| | | | | | | | | | | | | | | | * agent/agent.h (PINENTRY_STATUS_*): Expose to public. (struct pin_entry_info_s): Add status. * agent/call-pinentry.c (agent_askpin): Clearing the ->status before the loop, let the assuan_transact set ->status. When failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns soon. * agent/findkey.c (unprotect): Clear the pinentry cache, when it causes an error. -- GnuPG-bug-id: 4348 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Make the request origin a part of the cache items.Werner Koch2018-03-271-4/+4
| | | | | | | | | | | | | | | | | | | | * agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all callers to pass it. (agent_get_cache): Ditto. * agent/cache.c (struct cache_items_s): Add field 'restricted'. (housekeeping): Adjust debug output. (agent_flush_cache): Ditto. (agent_put_cache): Ditto. Take RESTRICTED into account. (agent_get_cache): Ditto. -- If requests are coming from different sources they should not share the same cache. This way we make sure that a Pinentry pops up for a remote request to a key we have already used locally. GnuPG-bug-id: 3858 Signed-off-by: Werner Koch <[email protected]>
* agent: Minor cleanup (mostly for documentation).Werner Koch2017-07-281-66/+66
| | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_pksign): Change var name 'rc' to 'err'. * agent/findkey.c (read_key_file): Ditto. Change return type to gpg_error_t. On es_fessk failure return a correct error code. (agent_key_from_file): Change var name 'rc' to 'err'. * agent/pksign.c (agent_pksign_do): Ditto. Change return type to gpg_error_t. Return a valid erro code on malloc failure. (agent_pksign): Ditto. Change return type to gpg_error_t. replace xmalloc by xtrymalloc. * agent/protect.c (calculate_mic): Change return type to gpg_error_t. (do_decryption): Ditto. Do not init RC. (merge_lists): Change return type to gpg_error_t. (agent_unprotect): Ditto. (agent_get_shadow_info): Ditto. -- While code starring for bug 3266 I found two glitches and also changed var name for easier reading. Signed-off-by: Werner Koch <[email protected]>
* agent: Make digest algorithms for ssh fingerprints configurable.Justus Winter2017-05-241-1/+2
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): New field 'ssh_fingerprint_digest'. * agent/command-ssh.c (data_sign, ssh_identity_register): Honor the option for strings used to communicate with the user. * agent/findkey.c (agent_modify_description): Likewise. * agent/gpg-agent.c (cmd_and_opt_values): New value. (opts): New option '--ssh-fingerprint-digest'. (parse_rereadable_options): Set the default to MD5 for now. (main): Handle the new option. * doc/gpg-agent.texi: Document the new option. -- OpenSSH has transitioned from using MD5 to compute key fingerprints to SHA256. This patch makes the digest used when communicating key fingerprints to the user (e.g. in pinentry dialogs) configurable. For now this patch conservatively defaults to MD5. GnuPG-bug-id: 2106 Signed-off-by: Justus Winter <[email protected]>
* common: Support different digest algorithms for ssh fingerprints.Justus Winter2017-05-241-1/+1
| | | | | | | | | | | | | | | | * common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter. (ssh_get_fingerprint{,_string}): Likewise. * common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes. * common/t-ssh-utils.c (main): Adapt accordingly. * agent/command-ssh.c (agent_raw_key_from_file): Likewise. (ssh_identity_register): Likewise. * agent/command.c (do_one_keyinfo): Likewise. * agent/findkey.c (modify_description): Likewise. -- This lays the foundation to support other algorithms. GnuPG-bug-id: 2106 Signed-off-by: Justus Winter <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 09:28:55 +0000