| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (aAddRecipients, aChangeRecipients): New consts.
(opts): Add --add-recipients and --change-recipients.
(main): Handle them.
* g10/gpg.h (struct server_control_s): Add fields modify_recipients,
clear_recipients, and last_read_ctb.
* g10/armor.c (was_armored): New.
* g10/decrypt.c (decrypt_message): Add optional arg 'remusr'. Handle
re-encryption if desired.
* g10/encrypt.c (write_pubkey_enc): Factor info printing out to ...
(show_encrypted_for_user_info): new.
(reencrypt_to_new_recipients): New.
* g10/packet.h (struct parse_packet_ctx_s): Add fields only_fookey_enc
and last_ctb.
(init_parse_packet): Clear them.
* g10/parse-packet.c (parse): Store CTB in the context. Early return
on pubkey_enc and symkey_enc packets if requested.
* g10/mainproc.c (proc_encrypted): Allow for PKT being NULL. Return
early in modify-recipients mode.
(proc_encryption_packets): Add two optional args 'r_dek' and 'r_list'.
Adjust callers. Call do_proc_packets in modify-recipients mode
depending on the optional args.
(do_proc_packets): Add arg 'keep_dek_and_list'. Adjust callers. Save
the last read CTB in CTRL and return after the last fooenc_enc
packets.
--
This basically works but does not yet handle symmetric encrypted
packets (symkey_enc).
GnuPG-bug-id: 1825
(Yes, this is an at least 9 year old feature request)
|
| |
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (has_key_with_fingerprint): New.
* g10/keyedit.c (menu_addadsk): Replace code by new function.
(keyedit_quick_addadsk): Handle magic arg "default".
* g10/keygen.c (append_all_default_adsks): New.
--
GnuPG-bug-id: 6882
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--
Designated revokers were only printed in --with-colons mode. For
quick inspection of a key it is useful to see them right away.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove. It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--
The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (list_all): Handle error from list_keyblock.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock): Detect write error, print, and return it.
(list_keyblock_direct): Return error from list_keyblock.
* g10/import.c (import_one_real): Break on listing error.
--
Test by using
gpg -k >/dev/full
GnuPG-bug-id: 6185
|
| |\
| |
| |
| |
| |
| |
| |
| | |
--
Resolved conflicts:
NEWS
common/exechelp-w32.c
configure.ac
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keyid.c (parse_one_algo_string): New.
(compare_pubkey_string_part): New.
(compare_pubkey_string): New.
* g10/verify.c (check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo.
* g10/options.h (opt): Add field assert_pubkey_algos.
* g10/gpg.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false.
* common/status.h (ASSERT_PUBKEY_ALGOS): new.
* common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if
this macro is set.
* g10/gpgv.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Check assert_pubkey_algo_false.
* g10/t-keyid.c: New.
* g10/Makefile.am: Add t-keyid.
* g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and
remove from other tests.
(check_assert_signer_list): Ditto.
(check_assert_pubkey_algo): Ditto.
--
GnuPG-bug-id: 6946
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/iobuf.c (iobuf_get_fd): Return type is now gnupg_fd_t.
* common/iobuf.h (iobuf_get_fd): Fix the return type.
* g10/misc.c (is_secured_file): Argument is now gnupg_fd_t.
* g10/main.h (is_secured_file): Fix the argument type.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/decrypt.c (decrypt_message_fd): Use gnupg_fd_t.
* g10/plaintext.c (hash_datafile_by_fd): Use gnupg_fd_t.
* g10/main.h: Fix the declarations.
* g10/mainproc.c (struct mainproc_context): Use gnupg_fd_t for
DATA_FD.
(proc_compressed_cb, proc_signature_packets): Follow the change.
(proc_signature_packets_by_fd): Use gnupg_fd_t.
* g10/packet.h: Fix the declaration.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/iobuf.h (iobuf_fdopen_nc): Use gnupg_t.
* common/iobuf.c (iobuf_fdopen_nc): Use gnupg_t.
* g10/main.h (encrypt_crypt, gpg_verify): Use gnupg_fd_t.
* g10/encrypt.c (encrypt_crypt): Use gnupg_fd_t.
(encrypt_crypt_files): Follow the change.
* g10/gpg.c (main): Follow the change.
* g10/verify.c (gpg_verify): Use gnupg_fd_t.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/main.h (open_outfile): Use gnupg_fd_t instead of int.
* g10/openfile.c (open_outfile): Likewise. Use GNUPG_INVALID_FD.
* g10/dearmor.c (dearmor_file, enarmor_file): Follow the change.
* g10/encrypt.c (encrypt_simple): Likewise.
* g10/export.c (do_export): Likewise.
* g10/revoke.c (gen_desig_revoke, create_revocation): Likewise.
* g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file):
Likewise.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner.
(opts): Add "assert-signer".
(main): Set option.
(assert_signer_true): New var.
(g10_exit): Evaluate new var.
* g10/main.h (assert_signer_true): Declare new var.
* common/status.h (STATUS_ASSERT_SIGNER): New.
* g10/options.h (opt): Add field assert_signer_list.
* g10/verify.c (is_fingerprint): New.
(check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call that function. Clear
assert_signer_true on a warning.
* g10/gpgv.c: Add dummy function and vars.
* g10/t-keydb-get-keyblock.c: Ditto.
* g10/t-keydb.c: Ditto.
* g10/t-stutter.c: Ditto.
--
|
| |
|
|
|
|
|
| |
* g10/main.h (DEFAULT_S2K_DIGEST_ALGO): Alias to DEFAULT_DIGEST_ALGO.
--
GnuPG-bug-id: 6367
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/card-util.c (card_store_subkey): Add arg processed_keys.
* g10/keyedit.c (keyedit_menu): Delete secret key.
--
This used to work using the gpg-agent: learn we called at "save" time.
However, the recent change inhibited the creation of a shadow key by
learn if a regular key still exists. Now we do an explicit delete key
at save time. This syncs the behaviour with the description of the
man page.
GnuPG-bug-id: 6378
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/free-packet.c (copy_public_key): Factor some code out to ...
(copy_public_key_basics): new.
* g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints.
* g10/packet.h (PUBKEY_USAGE_RENC): Fix value.
(SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c.
(SIGNHINT_ADSK): New.
(PKT_public_key): Change pubkey_usage from byte to u16.
(PKT_user_id): Cosmetic fix: change help_key_usage from int to u16.
* g10/getkey.c (parse_key_usage): Make public.
* g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in
account.
* g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK.
(make_keysig_packet): Ditto.
(do_sign): No time warp check in ADSK mode.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/keygen.c (struct opaque_data_usage_and_pk): Remove.
(write_keybinding): Do not use the removed struct.
(do_add_key_flags): Support PUBKEY_USAGE_RENC and others.
(keygen_add_key_flags_and_expire): Rewrite and make public.
* g10/keyedit.c (enum cmdids): Add cmdADDADSK.
(keyedit_menu): Add command "addadsk".
(menu_addadsk): New.
--
This makes use of a new encryption flag:
The "restricted encryption key" (2nd,0x04) does not take part in any
automatic selection of encryption keys. It is only found on a
subkey signature (type 0x18), one that refers to the key the flag
applies to.
Followup patches will add encryption support and a --quick command.
GnuPG-bug-id: 6395
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_export_key): Add option --mode1003.
(command_has_option): Ditto.
* g10/build-packet.c (do_key): Implement mode 1003.
* g10/parse-packet.c (parse_key): Ditto.
* g10/options.h (EXPORT_MODE1003): New.o
* g10/call-agent.c (agent_export_key): Add arg mode1003.
* g10/export.c (parse_export_options): Add "mode1003"
(secret_key_to_mode1003): New.
(receive_seckey_from_agent): Add arg mode1003.
(do_export_one_keyblock): Pass option down.
--
This option allows to export a secret key in GnuPG's native format.
Thus no re-encryption is required and further the public key parameters
are also authenticated if a protection passphrase has been used.
Note that --import is not yet able to handle this new mode. Although
old version of GnuPG will bail out with "invalid packet" if a mode1003
exported secret key is seen.
|
| |
|
|
|
|
|
|
| |
* g10/export.c (receive_seckey_from_agent): Add arg r_key.
(do_export_one_keyblock): Pass NULL for new arg.
(receive_raw_seckey_from_agent): Remove.
(export_secret_ssh_key): Use receive_seckey_from_agent.
* g10/keygen.c (card_store_key_with_backup): Pass NULL for new arg.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (oListFilter): New.
(opts): Add --list-filter.
(main): Parse oListFilter.
* g10/keylist.c: Include init.h and recsel.h.
(struct list_filter_s, list_filter): New.
(release_list_filter): New.
(cleanup_keylist_globals): New.
(parse_and_set_list_filter): New.
(list_keyblock): Implement --list-filter type "select".
* g10/import.c (impex_filter_getval): Add scope support and new
property names "key-size", "algostr", "origin", "lastupd", and "url".
--
This option is pretty useful to select keys based on their properties.
The scope thing can be sued to limit a selection to just the primary
key or to subkeys. For example:
gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519'
Lists all non-revoked keys with an ed25519 (signing)-subkey.
|
| |
|
|
|
|
|
|
|
| |
* g10/options.h (LIST_SHOW_PREF): New.
(LIST_SHOW_PREF_VERBOSE): New.
* g10/gpg.c (parse_list_options): Add new options.
* g10/keyedit.c (show_prefs): Factor code out to ...
* g10/keylist.c (show_preferences): new.
(list_keyblock_print): Call show_preferences.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (opts): New option--force-ocb as alias for force-aead.
Turn --aead-algo and --personal-aead-preferences into dummy options.
(build_list_md_test_algo, build_list_aead_algo_name): Remove.
(my_strusage): Remove output of AEAD algos.
(main): Remove code from the --aead options.
* g10/encrypt.c (encrypt_seskey): Make file local.
(use_aead): Remove requirement for rfc4880bis. Always return
AEAD_ALGO_OCB.
* g10/main.h (DEFAULT_AEAD_ALGO): Removed unused macro.
* g10/misc.c (default_aead_algo): Remove.
* g10/pkclist.c (select_aead_from_pklist): Return AEAD_ALGO_OCB or 0.
(select_algo_from_prefs): Remove personal AEAD algo setting.
* g10/keygen.c (keygen_set_std_prefs): Remove AEAD preference option
parsing.
* g10/options.h (opt): Remove def_aead_algo and personal_aead_prefs.
--
Due to the meanwhile expired patent on OCB there is no more reason for
using EAX. Thus we forcefully use OCB if the AEAD feature flag is set
on a key.
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns.c: Use __noreturn__.
* doc/yat2m.c: Likewise.
* g10/main.h: Likewise.
--
GnuPG-bug-id: 4002
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/misc.c (openpgp_cipher_algo_mode_name): New.
* g10/decrypt-data.c (decrypt_data): Use function here.
--
Note that openpgp_cipher_algo_mode_name is different from the version
2.2 becuase we append ".CFB" here.
Without this change we would see
gpg: cipher algorithm 'AES256' may not be used in
--compliance=de-vs mode
This is confusing because AES256 is compliant. Now we see
gpg: cipher algorithm 'AES256.OCB' may not be used in
--compliance=de-vs mode
which gives a hint on the problem.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (exportSecretSshKey): New.
(opts): Add --export-secret-ssh-key.
(main): Implement option.
* g10/export.c (do_export_stream): Factor keywrap key code out to ...
(get_keywrap_key): new.
(mb_write_uint32, mb_write_uint8)
(mb_write_data, mb_write_cstring)
(mb_write_string, mb_write_mpi): New.
(receive_raw_seckey_from_agent): New.
(export_secret_ssh_key): New.
--
Due to time constraints the code is not yet ready.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/misc.c (is_weak_digest): New.
(print_digest_algo_note): Use it here.
* g10/sig-check.c (check_signature_end_simple): Use it.
* g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
the least of weak digest algorithm.
--
If a message is signed and encrypted to several recipients, the to be
used digest algorithm is deduced from the preferences of the
recipient. This is so that all recipients are able to check the the
signature. However, if the sender has a declared an algorithm as
week, that algorithm shall not be used - in this case we fallback to
the standard way of selecting an algorithm.
Note that a smarter way of selecting the algo is to check this while
figuring out the algorithm - this needs more testing and thus we do it
the simple way.
Reported-by: Phil Pennock
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/main.h (checksum): Use const.
* g10/misc.c (checksum): Use const.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig.
(opts): Add --quick-revoke-sig.
(main): Implement.
* g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and
adjust all callers.
(keyedit_quick_revsig): new.
* g10/revoke.c (get_default_sig_revocation_reason): New.
* g10/keylist.c (cmp_signodes): Make global.
--
GnuPG-bug-id: 5093
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/asshelp.c (warn_server_version_mismatch): New. Actually a
slightly modified version of warn_version_mismatch found in other
modules.
* common/status.c (gnupg_status_strings): New.
* g10/cpr.c (write_status_strings2): New.
* g10/call-agent.c (warn_version_mismatch): Use the new unified
warn_server_version_mismatch function.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* g10/call-keyboxd.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
* tools/card-call-scd.c (warn_version_mismatch): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (IMPORT_COLLAPSE_UIDS): New.
(IMPORT_COLLAPSE_SUBKEYS): New.
* g10/gpg.c (main): Make them the default.
* g10/import.c (parse_import_options): New import options
"no-collapse-uids" and "no-collapse_subkeys".
(collapse_subkeys): New.
(import_one_real): Collapse subkeys and allow disabling the collapsing
using the new options.
(read_key_from_file_or_buffer): Always collapse subkeys.
* g10/keyedit.c (fix_keyblock): Call collapse_subkeys.
--
GnuPG-bug-id: 4421
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo. Fix error code.
(encrypt_simple): Use setup_symkey.
--
Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion. The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/main.h (DEFAULT_AEAD_ALGO): Set to OCB.
--
With the old code and using libgcrypt 1.9 would have switched from the
high performance OCB to the ugly EAX mode. We are free software, we
are OCB.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_key_from_file): Rename to ...
(read_key_from_file_or_buffer): this and add new parameters. Adjust
callers.
(import_included_key_block): New.
* g10/packet.h (PKT_signature): Add field flags.key_block.
* g10/parse-packet.c (parse_signature): Set that flags.
* g10/sig-check.c (check_signature2): Add parm forced_pk and change
all callers.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Try the included key block if no key is
available.
--
This is is the second part to support the new Key Block subpacket.
The idea is that after having received a signed mail, it is instantly
possible to reply encrypted - without the need for any centralized
infrastructure.
There is one case where this does not work: A signed mail is received
using a specified signer ID (e.g. using gpg --sender option) and the
key block with only that user ID is thus imported. The next time a
mail is received using the same key but with a different user ID; the
signatures checks out using the key imported the last time. However,
the new user id is not imported. Now when trying to reply to that
last mail, no key will be found. We need to see whether we can update
a key in such a case.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/export.c (push_export_filters): New.
(pop_export_filters): New.
(export_pubkey_buffer): Add args prefix and prefixlen. Adjust
callers.
* g10/import.c (impex_filter_getval): Add property "fpr".
* g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
--
The push and pop feature will help us to use the export filter
internally in gpg. Same for the export_pubkey_buffer change.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C. Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.
* g10/main.h: Put util.h before the local header files.
--
This change is required for use with gcc/ld's LTO feature which does
not allow common blocks. Further gcc 10 will make -fno-common the
default and thus this chnage is always needed. What a pitty.
Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 21d9bd8b87a9f793a106095e3838eb71825189d7)
- Applied respective chnages also to gpg-card and keyboxd.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/misc.c (map_pk_gcry_to_openpgp): Move to ...
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): here and rename.
Change all 4 callers.
(map_openpgp_pk_to_gcry): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
* g10/misc.c (print_sha1_keysig_rejected_note): New.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts.
(opts): New options --use-keyboxd and --keyboxd-program.
(main): Implement them.
* g10/keydb.c: Move some defs out to ...
* g10/keydb-private.h: new file.
* g10/keydb.c: prefix function names with "internal" and move original
functions to ...
* g10/call-keyboxd.c: new file. Divert to the internal fucntion if
--use-keyboxd is used. Add a CTRL arg to most fucntions and change
all callers.
* g10/Makefile.am (common_source): Add new files.
(noinst_PROGRAMS): Do bot build gpgcompose.
--
Note that this is just the framework with only a basic implementation
of searching via keyboxd.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (aLocateExtKeys): New.
(opts): Add --locate-external-keys.
(main): Implement that.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
(get_best_pubkey_byname): Add arg 'mode' and pass on to
get_pubkey_byname. Change callers.
* g10/keylist.c (public_key_list): Add arg 'no_local'.
(locate_one): Ditto. Pass on to get_best_pubkey_byname.
--
This new command is a shortcut for
--auto-key-locate nodefault,clear,wkd,... --locate-key
and uses the default or configured AKL list but does so without local.
See also
GnuPG-bug-id: 4599
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--
GnuPG-bug-id: 4457
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (format_seckey_info): Remove.
(print_pubkey_info, print_seckey_info): Remove.
(format_key_info): New.
(print_key_info): New.
(print_key_info_log): New.
* g10/card-util.c (current_card_status): Use print_key_info and remove
the useless condition on KEYBLOCK.
* g10/delkey.c (do_delete_key): Replace print_pubkey_info and
print_seckey_info by print_key_info.
* g10/keyedit.c (menu_addrevoker): Replace print_pubkey_info by
print_key_info.
* g10/pkclist.c (do_we_trust_pre): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto. Also use print_key_info_log instead of separate
functions.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (NODE_TRANSFER_SECKEY): New.
(import): Add attic kludge.
(transfer_secret_keys): Add arg only_marked.
(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
r_removedsecs.
(import_secret_one): New arg r_secattic. Change to take ownership of
arg keyblock. Implement extra secret key import logic. Factor some
code out to ...
(do_transfer): New.
(import_matching_seckeys): New.
--
The PGP desktops exported secret keys are really stupid. And they
even a have kind of exception in rfc4880 which does not rule that
out (section 11.2):
[...] Implementations SHOULD include self-signatures on any user
IDs and subkeys, as this allows for a complete public key to be
automatically extracted from the transferable secret key.
Implementations MAY choose to omit the self-signatures, especially
if a transferable public key accompanies the transferable secret
key.
Now if they would only put the public key before the secret
key. Anyway we now have a workaround for that ugliness.
GnuPG-bug-id: 4392
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/passphrase.c (encode_s2k_iterations): Move function to ...
* common/openpgp-s2k.c: new file. Remove default intialization code.
* common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy.
* g10/call-agent.c (agent_get_s2k_count): Change to return the count
and print an error.
* agent/protect.c: Include openpgpdefs.h
* g10/card-util.c (gen_kdf_data): Adjust for changes
* g10/gpgcompose.c: Include call-agent.h.
(sk_esk): Adjust for changes.
* g10/passphrase (passphrase_to_dek): Adjust for changes.
* g10/main.h (S2K_DECODE_COUNT): Remove macro.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/main.h (GCRYPT_VERSION_NUMBER): Fix type in condition.
--
GnuPG-bug-id: 4259
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/main.h: Add prototype.
* g10/keylist.c (list_keyblock_print): Print revocation info.
(list_keyblock_colon): Ditto.
* g10/test-stubs.c (get_revocation_reason): New stub.
* g10/gpgv.c (get_revocation_reason): New stub.
--
GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <[email protected]>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
--
Fixed conflicts:
NEWS - keep master
configure.ac - merge
g10/card-util.c - mostly 2.2
g10/sig-check.c - 2.2
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
number 25519 for ed25519/cv25519. Rename from ask_card_keyattr.
(ask_card_keyattr): Support ECC, as well as RSA.
(do_change_keyattr): Support ECC dropping magical number 25519.
* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
of CURRENT.
(generate_keypair): Follow the change of ask_curve.
(generate_subkeypair): Likewise.
--
GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int. Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto. Use a single keydb_new and simplify the use of
of keydb_release.
--
Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use. Note that we also
disable the keydb caching for the insert case.
The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| | |
* g10/openfile.c (open_outfile): Rename inp_fd to out_fd.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/gpg.c (opts): New option --chunk-size.
(oChunkSize): New const.
(build_list_aead_test_algo, build_list_aead_algo_name): New.
(my_strusage): List AEAD algos.
(main): Implement --chunk-size..
* g10/options.h (struct opt): Add field 'chunk_size'.
(DBG_IPC): Remove duplicated macro.
* g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version.
* g10/misc.c (openpgp_aead_test_algo): Ditto.
* g10/cipher-aead.c: Silence if not in debug mode.
* g10/decrypt-data.c: Ditto.
--
And that new option immediatley revealed bugs in our chunking code :-(.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/packet.h (PKT_symkey_enc): Add field aead_algo.
* g10/build-packet.c (do_symkey_enc): Support version 5 packets.
* g10/parse-packet.c (parse_symkeyenc): Ditto.
* g10/encrypt.c (encrypt_symmetric): Force using a random session
key in AEAD mode.
(encrypt_seskey): Add and support arg aead_algo.
(write_symkey_enc): Ditto.
(encrypt_simple): Adjust accordingly.
(encrypt_filter): Ditto.
* g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
support.
* g10/mainproc.c (symkey_decrypt_seskey): Support AEAD. Nver call BUG
but return an error.
(proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.
* g10/import.c (check_prefs): Check AEAD preferences.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
--
For easier debugging this patch also changes some diagnostics to also
print the encryption mode with the cipher algorithm.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo.
* g10/encrypt.c (use_aead): Return the AEAD algo.
(encrypt_simple): Adjust for this change.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_algo_info): New.
* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(write_header): Use new fucntion.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(decrypt_data): Use new function. Also allow for chunkbytes other
than 10.
--
Note that other chunk bytes than 10 and in particular 0 (64 byte
chunks) have not yet been tested.
Signed-off-by: Werner Koch <[email protected]>
|
