aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Avoid linking to LibksbaWerner Koch2015-08-171-8/+3
| | | | | | | | | | | | | | | | | | | | * kbx/keybox.h (KEYBOX_WITH_X509): Do not define. * sm/Makefile.am (AM_CPPFLAGS): Define it here. (common_libs): Change to libkeybox509.a * g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS. (gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS * kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a. (libkeybox509_a_SOURCES): New. (libkeybox_a_CFLAGS): New. (libkeybox509_a_CFLAGS): New. (kbxutil_CFLAGS): New. * kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args as unused. -- There is no real need to link to Libksba in gpg. Signed-off-by: Werner Koch <[email protected]>
* Fix sending INQUIRE_MAXLEN for symmetric data.Ben Kibbey2015-08-161-0/+8
| | | | * g10/passphrase.c (passphrase_to_dek_ext): Write the status message.
* Inform a user about inquire length limit.Ben Kibbey2015-08-151-0/+4
| | | | | | | | | | * common/status.h (INQUIRE_MAXLEN): New. * g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN. client when inquiring a passphrase over pinentry-loopback. -- This is to inform a user about the maximum length of a passphrase. The limit is the same that gpg-agent uses.
* Allow --gen-key to inquire a passphrase.Ben Kibbey2015-08-151-3/+12
| | | | | | | * g10/gpg.c (main): test for --command-fd during --gen-key parse. When --command-fd is set then imply --batch to let gpg inquire a passphrase rather than requiring a pinentry.
* gpg: Allow gpgv to work with a trustedkeys.kbx file.Werner Koch2015-08-073-2/+22
| | | | | | | | | | * g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New. * g10/keydb.c (keydb_add_resource): Take care of new flag. * g10/gpgv.c (main): Use new flag. -- GnuPG-bug-id: 2025 Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove duplicated printing of the curve name in "sub" lines.Werner Koch2015-08-061-12/+0
| | | | | | | | | | * g10/keylist.c (list_keyblock_print): Do not print extra curve name. -- This was cruft from the time before we changed to the new algo/size string. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add commands "fpr *" and "grip" to --edit-key.Werner Koch2015-08-062-6/+71
| | | | | | | | | | | | | * g10/keyedit.c (cmdGRIP): New. (cmds): Add command "grip". (keyedit_menu) <cmdFPR>: Print subkeys with argument "*". (keyedit_menu) <cmdGRIP>: Print keygrip. (show_key_and_fingerprint): Add arg "with_subkeys". (show_key_and_grip): New. * g10/keylist.c (print_fingerprint): Add mode 4. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Adjust UID line indentation for common key algos.Werner Koch2015-08-062-3/+6
| | | | | | | | | | | | | * g10/keylist.c (list_keyblock_print): Change UID line indentation * g10/mainproc.c (list_node): Ditto. -- Due to the new keyalgo/size format the UID was not anymore printed properly aligned to the creation date. Although we can't do that in any case, this change does it for common algos like "rsa2048", "dsa2048", and "ed25519". Signed-off-by: Werner Koch <[email protected]>
* Curve25519 support.NIIBE Yutaka2015-08-065-14/+36
| | | | | | | | | | | | | | | | | | | | | | | | * agent/cvt-openpgp.c (get_keygrip): Handle Curve25519. (convert_secret_key, convert_transfer_key): Ditto. * common/openpgp-oid.c (oidtable): Add Curve25519. (oid_crv25519, openpgp_oid_is_crv25519): New. * common/util.h (openpgp_oid_is_crv25519): New. * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case with Montgomery curve which uses x-only coordinate. * g10/keygen.c (gen_ecc): Handle Curve25519. (ask_curve): Change the API and second arg is to return subkey algo. (generate_keypair, generate_subkeypair): Follow chage of ask_curve. * g10/keyid.c (keygrip_from_pk): Handle Curve25519. * g10/pkglue.c (pk_encrypt): Handle Curve25519. * g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve. * scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New. (send_key_attr): Work with general ECC, Ed25519, and Curve25519. (get_public_key): Likewise. (ecc_writekey): Handle flag_djb_tweak. -- When libgcrypt has Curve25519, GnuPG now supports Curve25519.
* common: extend API of openpgp_oid_to_curve for canonical name.NIIBE Yutaka2015-08-064-6/+6
| | | | | | | | | | | | | | | * common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument. * common/util.h: Update. * g10/import.c (transfer_secret_keys): Follow the change. * g10/keyid.c (pubkey_string): Likewise. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise. * parse-packet.c (parse_key): Likewise. * scd/app-openpgp.c (send_key_attr, get_public_key): Likewise. -- Change the function so that caller can select canonical name of curve or name for printing. Suggested by wk.
* gpg: Fix duplicate key import due to legacy key in keyring.Werner Koch2015-08-041-1/+8
| | | | | | | | | | * g10/keydb.c (keydb_search_fpr): Skip legacy keys. -- A test case for this problem can be found at GnuPG-bug-id: 2031 Signed-off-by: Werner Koch <[email protected]>
* gpg: Properly handle legacy keys while looking for a secret key.Werner Koch2015-08-041-1/+8
| | | | | | | | | | * g10/getkey.c (have_secret_key_with_kid): Skip legacy keys. -- This fixes GnuPG-bug-id: 2031 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix endless loop for expired keys given by fpr.Werner Koch2015-07-311-0/+5
| | | | | | | | | | * g10/getkey.c (lookup): Disable keydb caching when continuing a search. -- Caches are Fierce Creatures. Reported-by: Patrick Brunschwig
* gpg: Do not return "Legacy Key" from lookup if a key is expired.Werner Koch2015-07-291-1/+2
| | | | | | | | | | | | * g10/getkey.c (lookup): Map GPG_ERR_LEGACY_KEY. -- If an expired key is directly followed by a legacy key in the keyring, the lookup function incorrectly returned "legacy key" instead of "unusable key". We fix it by handling not found identical to a legacy key if the last finish lookup failed. Signed-off-by: Werner Koch <[email protected]>
* gpg: Indicate secret keys and cards in a key-edit listing.Werner Koch2015-07-291-25/+77
| | | | | | | | | | | | | | | | | * g10/keyedit.c (sign_uids): Add arg "ctrl". (show_key_with_all_names_colon): Ditto. (show_key_with_all_names): Ditto. * g10/keyedit.c (show_key_with_all_names): Print key record indicators by checking with gpg-agent. (show_key_with_all_names): Ditto. May now also print sec/sbb. -- This also fixes a problem in the --with-colons mode. Before this patch the --with-colons output of --edit-key always showed pub/sub regardless of the old toogle state. Now it also prints sec/sbb. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove the edit-key toggle command.Werner Koch2015-07-281-13/+2
| | | | | | | | | | | | | | * g10/keyedit.c (cmds): Remove helptext from "toggle". (keyedit_menu): Remove "toggle" var and remove the sub/pub check against toggle. -- Because it is now easily possible to have only secret keys for some of the main/subkeys the current check on whether any secret is available is not really useful. A finer grained check should eventually be implemented. Signed-off-by: Werner Koch <[email protected]>
* Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.Werner Koch2015-07-261-1/+1
| | | | | | | | | | | | | * common/util.h: Provide replacement for GPGRT_ATTR_ macros when using libgpg-error < 1.20. * common/mischelp.h: Ditto. * common/types.h: Ditto. -- Given that libgpg-error is a dependency of all GnuPG related libraries it is better to define such macros at only one place instead of having similar macros at a lot of places. For now we need repalcement macros, though.
* scd: support any curves defined by libgcrypt.NIIBE Yutaka2015-07-253-13/+39
| | | | | | | | | | | | | | * g10/call-agent.h (struct agent_card_info_s): Add curve field. * g10/call-agent.c (learn_status_cb): Use curve name. * g10/card-util.c (card_status): Show pubkey name. * scd/app-openpgp.c (struct app_local_s): Record OID and flags. (store_fpr): Use ALGO instead of key type. (send_key_attr): Use curve name instead of OID. (get_public_key): Clean up by OID to curve name. (ecc_writekey): Support any curves in libgcrypt. (do_genkey, do_auth, ): Follow the change. (ecc_oid): New. (parse_algorithm_attribute): Show OID here.
* scd: Format change to specify "rsa2048" for KEY-ATTR.NIIBE Yutaka2015-07-231-1/+1
| | | | | | | | | * g10/card-util.c (do_change_keysize): Put "rsa". * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string): Change the command format. (rsa_writekey): Check key type. (do_writekey): Remove "ecdh" and "ecdsa" support which was available in experimental libgcrypt before 1.6.0.
* Don't segfault if the first 'auto-key-locate' option is 'clear'.Neal H. Walfield2015-07-161-0/+3
| | | | | | | | | * g10/getkey.c (free_akl): If AKL is NULL, just return. -- Signed-off-by: Neal H. Walfield <[email protected]>. Reported-by: Sami Farin. GnuPG-bug-id: 2045
* g10: Use canonical name for curve.NIIBE Yutaka2015-07-084-7/+9
| | | | | | | | * g10/import.c (transfer_secret_keys): Use canonical name. * common/openpgp-oid.c (openpgp_curve_to_oid): Return NULL on error. * g10/keyid.c (pubkey_string): Follow change of openpgp_curve_to_oid. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto. * g10/parse-packet.c (parse_key): Ditto.
* Remove obsolete file g10/comment.c.Werner Koch2015-06-301-108/+0
| | | | --
* doc: Updated HACKING.Werner Koch2015-06-302-2/+2
| | | | | | | -- Added used commit keywords. Add some comments to the list of files.
* gpg: Make show-sig-subpackets work again.Werner Koch2015-06-301-1/+1
| | | | | | | | | * g10/gpg.c (parse_list_options): Fix offset for subpackets. -- Regression-due-to: 7d0492075ea638607309b3ea6a792b0e95ea7d98 GnuPG-bug-id: 2008 Signed-off-by: Werner Koch <[email protected]>
* agent: Prepare for Libassuan with Cygwin support.Werner Koch2015-06-291-1/+0
| | | | | | | | * agent/gpg-agent.c (create_server_socket): Add arg "cygwin". Call assuan_sock_set_flag if Assuan version is recent enough. (main): Create ssh server socket with Cygwin flag set. Signed-off-by: Werner Koch <[email protected]>
* Improve the description of old packets with an indeterminate length.Neal H. Walfield2015-06-291-1/+1
| | | | | | | | | * g10/parse-packet.c (parse): Make the description more accurate when listing packets: old format packets don't support partial lengths, only indeterminate lengths (RFC 4880, Section 4.2). -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Allow debug flag names for --debug.Werner Koch2015-06-221-45/+35
| | | | | | | | | | * g10/gpg.c (opts): Change arg for oDebug to a string. (debug_flags): New; factored out from set_debug. (set_debug): Remove "--debug-level help". Use parse_debug_flag to print the used flags. (main): Use parse_debug_flag for oDebug. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix regression due to recent commit 6500f33Werner Koch2015-06-221-28/+59
| | | | | | | | | | | * g10/keydb.c (kid_list_s): Keep a state in the table. (kid_not_found_table): Rename to kid_found_table. (n_kid_not_found_table): Rename to kid_found_table_count. (kid_not_found_p): Return found state. (kid_not_found_insert): Add arg found. (keydb_search): Store found state in the table. Signed-off-by: Werner Koch <[email protected]>
* gpg: Print number of good signatures with --check-sigs.Werner Koch2015-06-201-7/+15
| | | | | | | | | * g10/keylist.c (keylist_context): Add field good_sigs. (list_keyblock_print): Updated good_sigs. (print_signature_stats): Print number of good signatures and use log_info instead of tty_printf. Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve speed of --check-sigs and --lish-sigs.Werner Koch2015-06-203-0/+101
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keydb.c (kid_list_t): New. (kid_not_found_table, n_kid_not_found_table): New. (kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New. (keydb_insert_keyblock): Flush the new cache. (keydb_delete_keyblock): Ditto. (keydb_update_keyblock): Ditto. (keydb_search): Use the new cache. (keydb_dump_stats): New. * g10/gpg.c (g10_exit): Dump keydb stats. -- What we do here is to keep track of key searches by long keyids (as stored in all signatures) so that we do not need to scan the keybox again after we already found that this keyid will result in not-found. As soon as we change gpg to run as a co-process we should store this table per session because other instances of gpg may have updated the keybox without us knowing. On a test ring with gpg: 94721 good signatures gpg: 6831 bad signatures gpg: 150703 signatures not checked due to missing keys gpg: 5 signatures not checked due to errors gpg: keydb: kid_not_found_table: total: 14132 this new cache speeds a --check-sigs listing up from 28 minutes to less than 3 minutes. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add more log_clock calls to keydb.cWerner Koch2015-06-191-0/+9
| | | | * g10/keydb.c (keydb_get_keyblock): Add log_clock calls.
* gpg: Print available debug flags using "--debug-level help".Werner Koch2015-06-191-18/+44
| | | | | | | * g10/gpg.c (set_debug): Add "help" option and use a table for the flags. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix export problem in case an old keyring has PGP-2 keys.Werner Koch2015-06-191-1/+8
| | | | | | * g10/export.c (do_export_stream): Skip legacy keys. Signed-off-by: Werner Koch <[email protected]>
* agent: Print a warning for obsolete options.Werner Koch2015-06-172-15/+0
| | | | | | | | | | | * g10/misc.c (obsolete_scdaemon_option): Move to * common/miscellaneous.c (obsolete_option): ... here. * agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete options. -- GnuPG-bug-id: 2016 Signed-off-by: Werner Koch <[email protected]>
* Don't prompt for the password multiple times in pinentry loopback mode.Neal H. Walfield2015-06-161-0/+7
| | | | | * g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK, clear OPT.PASSPHRASE_REPEAT.
* gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.cWerner Koch2015-06-044-66/+71
| | | | | | | | | | | | * g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND. * g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND. * g10/trustdb.c (read_trust_record): Ditto. (tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto. (tdb_update_ownertrust, update_min_ownertrust): Ditto. (tdb_clear_ownertrusts, update_validity): Ditto. (tdb_cache_disabled_value): Ditto. Signed-off-by: Werner Koch <[email protected]>
* gpg: Cleanup error code path in case of a bad trustdb.Werner Koch2015-06-041-26/+28
| | | | | | | | | | * g10/tdbio.c (tdbio_read_record): Fix returning of the error. -- Actually the returned error will anyway be GPG_ERR_TRUSTDB but the old code was not correct. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix output in case of a corrupted trustdb.Werner Koch2015-06-044-13/+14
| | | | | | | | | * g10/tdbdump.c (list_trustdb): Add arg FP and change callers to pass es_stdout. * g10/tdbio.c (upd_hashtable): On a corrupted trustdb call list_trustdb only in verbose > 1 mode and let it dump to stderr. Signed-off-by: Werner Koch <[email protected]>
* gpg: Re-indent and improve documentation of g10/tdbio.cWerner Koch2015-06-042-965/+1267
| | | | --
* g10: Fix a race condition initially creating trustdb.NIIBE Yutaka2015-05-281-65/+56
| | | | | | | | | | | | * g10/tdbio.c (take_write_lock, release_write_lock): New. (put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use new lock functions. (tdbio_set_dbname): Fix the race. (open_db): Don't call dotlock_create. -- GnuPG-bug-id: 1675
* g10: Remove g10/signal.c.NIIBE Yutaka2015-05-273-211/+2
| | | | | | | | | | | * g10/signal.c: Remove. * g10/main.h: Remove old function API. * g10/tdbio.c: Use new API, even in the dead code. -- We use common/signal.c now. The file g10/signal.c has been useless since 2003-06-27. Now, the removal.
* g10: detects public key encryption packet error properly.NIIBE Yutaka2015-05-191-5/+3
| | | | | g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for encryption.
* build: Make --disable-gpgsm work.Werner Koch2015-05-151-1/+4
| | | | | | | | | | * Makefile.am: Always build kbx/ * g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS. -- Note that "make check" still prints a warning. Signed-off-by: Werner Koch <[email protected]>
* gpg: Avoid cluttering stdout with trustdb info in verbose mode.Werner Koch2015-05-081-1/+1
| | | | | | | | | | | | | * g10/trustdb.c (validate_keys): Call dump_key_array only in debug mode. -- I guess that is a left-over from an early attempt to output information on the trustdb for use by other tools. Maybe related to the former --list-trust-path command. Sending it to stdout is probably useful so we do this now only in debug mode. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix wrong output in list mode.Werner Koch2015-05-081-1/+1
| | | | | | | | | | | | | * g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to LISTFP. -- Reported-by: Daniel Kahn Gillmor <[email protected]> This was an oversight from the conversion to estream or a separate listing stream. Signed-off-by: Werner Koch <[email protected]>
* gpg: New command --quick-adduid.Werner Koch2015-05-085-29/+174
| | | | | | | | | | | | | | | * g10/keygen.c (ask_user_id): Factor some code out to ... (uid_already_in_keyblock): new. (generate_user_id): Add arg UIDSTR. Fix leaked P. * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. (keyedit_quick_adduid): New. * g10/gpg.c (aQuickAddUid): New. (opts): Add command --quick-adduid. (main): Implement that. -- GnuPG-bug-id: 1956 Signed-off-by: Werner Koch <[email protected]>
* gpg: Add push/pop found state feature to keydb.Werner Koch2015-05-084-5/+88
| | | | | | | | | | | | | | * g10/keydb.c (keydb_handle): Add field saved_found. (keydb_new): Init new field. (keydb_push_found_state, keydb_pop_found_state): New. * g10/keyring.c (kyring_handle): Add field saved_found. (keyring_push_found_state, keyring_pop_found_state): New. -- We have the same feature in gpgsm. It is very useful to check for an unambiguous user id with a follow up update of the keyblock. Signed-off-by: Werner Koch <[email protected]>
* gpg: Minor code merging in keyedit.Werner Koch2015-05-081-17/+26
| | | | | | | | | | | * g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order. (fix_keyblock): New. Call fix_key_signature_order and other fix functions. (keyedit_menu): Factor code out to new fix_keyblock. (keyedit_quick_sign): Ditto. Check for primary fpr before calling fix_keyblock. Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve 'General key info' line of --card-status.Werner Koch2015-05-076-40/+35
| | | | | | | | | | | | | | | | | * g10/keylist.c (print_pubkey_info): Print either "pub" or "sub". * g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK. * g10/keyid.c (keyid_from_fingerprint): Adjust for change. * g10/revoke.c (gen_desig_revoke): Adjust for change. * g10/card-util.c (card_status): Simplify by using new arg. Align card-no string. * g10/card-util.c (card_status): Remove not used GnuPG-1 code. -- This now prints "sub" if the first used card key is actually a subkey. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix regression not displaying the card serial numberWerner Koch2015-05-071-1/+1
| | | | | | | | | | | * g10/call-agent.c (keyinfo_status_cb): Detect KEYINFO. -- This regression is due to commit 585d5c62eece23911a768d97d11f159be138b13d from February 2013! Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-22 15:22:39 +0000