| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* g10/keydb.h (enum get_pubkey_modes): New.
* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
change all callers.
--
This change prepares the implementation of GET_PUBKEY_NO_LOCAL.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 9980f81da765f88a65604ab083563bf15ccdb425)
|
|
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--
GnuPG-bug-id: 4457
|
|
* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
sublists in private-key S-expression.
--
When gpg-agent learns about a private key from its ssh-agent
interface, it stores its S-expression with the comment attached. The
export mechanism for OpenPGP keys already in cleartext was too brittle
because it would choke on these comments. This change lets it ignore
any additional trailing sublists.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Gnupg-Bug-Id: 4490
|
|
* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
* g10/key-clean.c (clean_one_subkey): New.
(clean_all_subkeys): Add arg CLEAN_LEVEL.
* g10/import.c (import_one): Call clean_all_subkeys with
KEY_CLEAN_NONE.
* g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
the export clean options.
--
GnuPG-bug-id: 3622
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit c2fd65ec8498a08ee36ca52d99b6b014f6db8d93)
|
|
* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
subkey cleaning into ...
(clean_all_subkeys): new. Call that always after the former clean_key
invocations.
--
Note that the clean_all_subkeys function will later be extended.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 6c3567196f7e72552f326ce07dccbcce31926e5d)
|
|
* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
* g10/key-clean.c: new file.
* g10/key-clean.h: New.
* g10/Makefile.am (gpg_sources): Add new files.
* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
new header.
* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
* g10/keydb.h: here.
--
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 135e46ea480d749b8a9692f71d4d0bfdadd8ee2f)
|
|
* g10/keyid.c (hexfingerprint): Return NULL on malloc failure. Chnage
all callers.
Signed-off-by: Werner Koch <[email protected]>
|
|
This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe.
|
|
* g10/main.h (open_outfile): New parameter NO_OUTFILE.
* g10/openfile.c (open_outfile): New parameter NO_OUTFILE. If given,
never use opt.outfile.
* g10/revoke.c (create_revocation): If FILENAME is true, also set
NO_OUTFILE to true (for standard revocation certificates).
* g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c,
g10/sign.c: Adjust all other callers.
Signed-off-by: Marcus Brinkmann <[email protected]>
GnuPG-bug-id: 3015
|
|
* call-agent.h (agent_export_key): Add keyid parameters.
* call-agent.c (agent_export_key): Set keyid parameters.
* export.c (receive_seckey_from_agent): Pass keyid parameters.
Signed-off-by: Marcus Brinkmann <[email protected]>
GnuPG-bug-id: 2667
|
|
* g10/export.c (cleartext_secret_key_to_openpgp): No initialization.
(do_export_one_keyblock): Initialize with GPG_ERR_NOT_FOUND.
* g10/getkey.c (get_best_pubkey_byname): Add non-null check.
* g10/tofu.c (tofu_set_policy): ERR initialize to 0.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/export.c (export_ssh_key): Check IDENTIFIER for error.
Release base64 thing on error of get_membuf.
--
Compiler (older) may misunderstand the variable IDENTIFIER is not
initialized, while good one can do better analysys on the value for
ERR (and thus, IDENTIFIER).
On the error of get_membuf, still, b64enc_finish should be called,
even if it lost the ERR value.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/getkey.c (getkey_end): Add arg CTRL. Change all callers.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions. Quite
a lot of changes but fortunately straightforward to do.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/parse-packet.c (parse_trust): Rename to ...
(parse_ring_trust): this. Change args and implement new ring trust
packet format.
(parse): Add special ring trust packet handling.
* g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
KEYSRC.
(PKT_public_key): Ditto.
(RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
(PKT_ring_trust): New.
(struct packet_struct): Remove member RING_TRUST.
(strcu parse_packet_ctx_s): Add field SKIP_META.
(init_parse_packet): Init SKIPT_META.
* g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
(free_user_id): Ditto.
* g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
lines.
* g10/build-packet.c (build_packet_and_meta): New.
(do_ring_trust): New.
* g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
in backup mode.
(do_export_one_keyblock): Ditto.
* g10/import.c (read_block): Add arg WITH_META. Skip ring trust
packets if that ism not set.
(import): Call read_block WITH_META in restore mode.
* g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
(KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not
yet used, though.
* g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
(build_keyblock_image): Ditto. Use build_packet_and_meta.
* g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
ring trust packets.
(write_keyblock): Use build_packet_and_meta. Remove special treatment
of ring trust packets and initialization of the signature caches.
--
This patch introduced the framework to store meta data for keys and
user ids in the keyrings/keyboxes. Ring trust packets are
implementation defined and have always been used in gpg to cache the
signature verification status.
Ring trust packets are only exported with the export option "backup"
and only imported with the import option "restore".
The new code uses a cleaner way to handle the ring trust packets: When
the parser reads a ring trust packet and the previously read packet
matches the type of that ring trust packet, the information is stored
in that previously read packet (signature, user id, or primary key)
and the next packet is read immediately. Thus only the parser sees
the ring trust packets. Ring trust packets are written by using the
new function build_packet_and_meta instead of build_packet. That
function writes a ring trust packet when the needed information is
available.
As a side-effect of this patch the signature status cache works again
and "gpg --check-sigs" is thus much faster.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/export.c (write_keyblock_to_output): Export ring trust packets.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and
'is_expired' into the flags bitfield, and drop the prefix.
* g10/call-dirmngr.c: Adapt accordingly.
* g10/export.c: Likewise.
* g10/getkey.c: Likewise.
* g10/import.c: Likewise.
* g10/kbnode.c: Likewise.
* g10/keyedit.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyserver.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pubkey-enc.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
--
This patch has been created by applying the following semantic patch:
@@
expression E;
@@
-E->is_expired
+E->flags.expired
@@
expression E;
@@
-E->is_primary
+E->flags.primary
@@
expression E;
@@
-E->is_revoked
+E->flags.revoked
Signed-off-by: Justus Winter <[email protected]>
|
|
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/import.c (impex_filter_getval): Add new variables "expired",
"revoked", and "disabled".
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/export.c (export_seckeys): Add arg OPTIONS and pass it to
do_export.
(export_secsubkeys): Ditto.
* g10/gpg.c (main): Pass opt.export_options to export_seckeys and
export_secsubkeys
--
Back in the old days we did not used the export options for secret
keys export because of a lot of duplicated code and that the old
secring.gpg was anyway smaller that the pubring.gpg. With 2.1 it was
pretty easy to enable it.
Reported-by: Peter Lebbing
GnuPG-bug-id: 2973
|
|
--
This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* g10/export.c (export_ssh_key): Also check the primary key.
--
If no suitable subkey was found for export, we now check whether the
primary key is suitable for export and export this one. Without this
change it was only possible to export the primary key by using the '!'
suffix in the key specification.
Also added a sample key for testing this.
GnuPG-bug-id: 2957
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/export.c (parse_export_options): Add "backup" and its alias
"export-backup".
(do_export_one_keyblock): Export ring trust packets in backup mode.
* g10/import.c (parse_import_options): Add "restore" and its alias
"import-restore".
(read_block): Import ring trust packets.
--
These options are intended to, well, backup and restore keys between
GnuPG implementations. These options may eventually be enhanced to
backup and restore all public key related information.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/trust.c (clean_key): Also clean bogus subkey bindings.
--
GnuPG-bug-id: 2922
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/gpg.c (aQuickSetExpire): New.
(opts): New option --quick-set-expire.
(main): Implement option.
* g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and
NEWEXPIRATION. Change semantics of the return value. Change caller.
(keyedit_quick_set_expire): New.
--
This patch partly solves
GnuPG-bug-id: 2701
|
|
--
|
|
* g10/import.c (impex_filter_getval): Add properties for key packets.
* g10/export.c (export_drop_subkey): New var.
(cleanup_export_globals): Release that var.
(parse_and_set_export_filter): Add filter "drop-subkey".
(apply_drop_subkey_filter): New.
(do_export_stream): Run that filter.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/import.c (filter_getval): Rename to ...
(impex_filter_getval): this. Make global.
(apply_keep_uid_filter, apply_drop_sig_filter): Adjust.
* g10/export.c (filter_getval): Remove.
(apply_drop_sig_filter): Use impex_filter_getval.
Signed-off-by: Werner Koch <[email protected]>
|
|
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
with clearer text.
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* g10/export.c (do_export_stream): Move PKA and DANE printing helper
code to ...
(print_pka_or_dane_records): this fucntion.
(write_keyblock_to_output): Add arg OPTIOSN and call
print_pka_or_dane_records if requested.
--
It is now possible to print a DANE record given a a file with a key
without importing the key first:
gpg --export-options export-dane \
--import-options import-export \
--import-filter keep-uid='mbox =~ alpha' \
--import FILE_WITH_KEY
Using the filter we only print a user id with the substring "alpha" in
the addr-spec.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/import.c (write_keyblock_to_output): Move to ...
* g10/export.c (write_keyblock_to_output): here. Add arg WITH_ARMOR.
Also make sure never to export ring trust packets.
|
|
* g10/options.h (EXPORT_PKA_FORMAT): New.
* g10/keylist.c (list_keyblock_pka): Do not use DANE flag.
* g10/export.c: Include zb32.h.
(parse_export_options): Add options "export-pka" and "export-dane".
(do_export): Do not armor if either of these option is set.
(print_pka_or_dane_records): New.
(do_export_stream): Implement new options.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/export.c (do_export_stream): Factor some code out to ...
(do_export_one_keyblock): new.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/gpg.c (oExportFilter): New.
(opts): Add --export-filter.
(main): Handle option.
* g10/export.c: Include recsel.h, init.h, and mbox-util.h.
(export_keep_uid): New global var.
(cleanup_export_globals): New.
(parse_and_set_export_filter): New.
(filter_getval): New.
(apply_keep_uid_filter): New.
(do_export_stream): Apply filter if set.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/export.c (do_export_stream): Free secret parameters.
Signed-off-by: Justus Winter <[email protected]>
|
|
* g10/call-agent.c (struct keyinfo_data): Rename to
keyinfo_data_parm_s.
(agent_get_keyinfo): Replace C-99 style init.
(keyinfo_status_cb): Use new fucntion split_fields.
* g10/export.c (match_curve_skey_pk): Add missings returns error
cases.
(cleartext_secret_key_to_openpgp): Better clear PK->PKEY first.
--
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/export.c (do_export_stream): If a key is stored by the agent in
cleartext, then try to export it as cleartext.
* tests/openpgp/export.test: For secret keys that are stored in
cleartext, test should try to export without pinentry interaction.
--
This restores the behavior of GnuPG 2.0 and 1.4 when exporting
passphraseless secret keys, and fixes the test suite accordingly.
GnuPG-bug-id: 2070, 2324
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* g10/export.c (match_curve_skey_pk): New function, testing whether an
OpenPGP public key and an S-expression use the same curve.
* g10/export.c (cleartext_secret_key_to_openpgp): New function,
filling in the secret key parameters of a PKT_public_key object from
a corresponding cleartext S-expression.
* g10/export.c, g10/main.h (receive_seckey_from_agent): Add cleartext
parameter, enabling retrieval of the secret key, unlocked.
* g10/export.c (do_export_stream): Send cleartext as 0, keeping current
behavior.
* g10/keygen.c (card_store_key_with_backup): Use cleartext=0 to ensure
that smartcard backups are all passphrase-locked.
--
This sets up internal functionality to be capable of exporting
cleartext secret keys, but does not change any existing behavior.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
openpgp_protected flag.
* g10/export.c (receive_seckey_from_agent): Request openpgp_protected
secret keys from agent.
* agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
brief description of the effect of --openpgp.
--
The --openpgp flag for gpg-agent's EXPORT_KEY actually forces
encryption in a certain (RFC 4880-compatible format). This changeset
exposes that functionality in internal functions, and clarifies
functionality in the agent's help text.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add
r_cleartext parameter to report whether a key is stored without
passphrase protection.
* g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to
match new API.
* g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c,
g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet
need to know whether agent is passphrase-protected.
--
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
--
Signed-off-by: Justus Winter <[email protected]>
|
|
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/export.c (key_to_sshblob): Add hack for ECDSA.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/export.c: Include membuf.h and host2net.h.
(key_to_sshblob): New.
(export_ssh_key): New.
* g10/gpg.c (aExportSshKey): New.
(opts): Add command.
(main): Implement that command.
--
GnuPG-bug-id: 2212
I have done only a few tests rights now and the ECDSA curves do not
yet work. However ssh-keygen -l accept RSA and ed25519 keys exported
using this command.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/export.c (receive_seckey_from_agent): New.
(do_export_stream): Use it.
--
Also fixed a memory leak of WRAPPEDKEY on a successful path of
build_packet.
In the log message, key is now by a hexgrip instead of a format by
keystr_with_sub.
|
|
* g10/keydb.c (keydb_new): Print an error message if needed. Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.
* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.
* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--
Commit 04a6b903 changed keydb_new to return an error. However the
error was not checked at most places which we fix with this patch. To
make things easier keydb_new prints an error message itself.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/keyring.c (keyring_search): Take new argument, ignore_legacy.
If set, skip any legacy keys. Update callers.
* g10/keydb.c (keydb_search): Skip any legacy keys.
(keydb_search_first): Don't skip legacy keys. Treat them
as an error.
(keydb_search_next): Likewise.
(keydb_search_fpr): Likewise.
* g10/export.c (do_export_stream): Likewise.
* g10/getkey.c (lookup): Likewise.
(have_secret_key_with_kid): Likewise.
* g10/keylist.c (list_all): Likewise.
(keyring_rebuild_cache): Likewise.
* g10/keyserver.c (keyidlist): Likewise.
* g10/trustdb.c (validate_key_list): Likewise.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
* g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New.
* g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN.
Change all callers.
(format_hexfingerprint): New.
* g10/keylist.c (print_fingerprint): Change to use hexfingerprint.
* g10/tofu.c (fingerprint_format): Remove. Replace calls by
format_hexfingerprint.
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/status.h (STATUS_EXPORTED): New.
* g10/export.c (print_status_exported): New.
(do_export_stream): Call that function.
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/status.h (STATUS_EXPORT_RES): New.
* g10/main.h (export_stats_t): New.
* g10/export.c (export_stats_s): New.
(export_new_stats, export_release_stats): New.
(export_print_stats): New.
(export_pubkeys, export_seckeys, export_secsubkeys)
(export_pubkey_buffer, do_export): Add arg "stats".
(do_export_stream): Add arg stats and update it.
* g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create,
pass, and print a stats object to the export function calls.
* g10/export.c (export_pubkeys_stream): Remove unused function.
Signed-off-by: Werner Koch <[email protected]>
|
