aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Improve detection of input data read errors.Werner Koch2024-09-061-3/+10
| | | | | | | | | | | | * g10/build-packet.c (do_plaintext): Better error checking for iobuf_copy. -- Fixes-commit: 695cb04af5218cd7b42c7eaaefc186472b99a995 GnuPG-bug-id: 6528 The original fix handles only the disk full case but didn't bother about read errors (i.e. I/O problems on an external drive).
* gpg: Make --no-literal work again for -c and --store.Werner Koch2024-09-062-18/+29
| | | | | | | | | | | * g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy. (enarmor_file): Ditto. * g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy (encrypt_crypt): Use iobuf_copy. -- Fixes-commit: 756c0bd5d89bd0a773f844fbc2ec508c1a36c63d GnuPG-bug-id: 5852
* gpg: Simplify the pubkey_enc_list objectWerner Koch2024-09-064-62/+88
| | | | | | | | | | | | * g10/packet.h (struct pubkey_enc_list): Replace most by a PKT_pubkey_enc member. * g10/free-packet.c (free_pubkey_enc): Factor most stuff out to ... (release_pubkey_enc_parts): new. (copy_pubkey_enc_parts): New. * g10/mainproc.c (release_list): Adjust for above change. (proc_pubkey_enc): Ditto. (print_pkenc_list): Ditto. (proc_encrypted): Ditto.
* gpg: remove workaround for Libgcrypt < 1.8.6Werner Koch2024-09-061-29/+4
| | | | * g10/free-packet.c (is_mpi_copy_broken): Remove.
* gpg: Switch Kyber to the final algo id and add it to the menu.Werner Koch2024-08-271-24/+21
| | | | | | | | | | | | * common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8. * g10/keygen.c (do_generate_keypair): Remove the experimental algo note ... (write_keybinding): and the experimental notation data. (ask_algo): Add a mode 16 for a Kyber subkey. (generate_subkeypair): Set parameters for mode 16. -- GnuPG-bug-id: 6815
* gpg: New option --proc-all-sigsWerner Koch2024-08-233-3/+15
| | | | | | | | | | | | * g10/options.h (flags): Add proc_all_sigs. * g10/mainproc.c (proc_tree): Do not stop signature checking if this new option is used. * g10/gpg.c (oProcAllSigs): New. (opts): Add "proc-all-sigs". (main): Set it. -- GnuPG-bug-id: 7261
* gpg: Warn if a keyring is specified along with --use-keyboxd.Werner Koch2024-08-231-0/+3
| | | | | | * g10/gpg.c (main): Print the warning. -- GnuPG-bug-id: 7265
* gpg: Minor fix when building with --disable-execWerner Koch2024-08-191-1/+0
| | | | | | | * g10/photoid.c (show_photo): No return for a void function. -- GnuPG-bug-id: 7256
* gpg: Improve decryption diagnostic for an ADSK key.Werner Koch2024-08-124-12/+41
| | | | | | | | | | | | | | | | | | | | | * g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant. * g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant. * g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked for encryption use". (get_it): Print a note if an ADSK key was used. Use the new get_pubkeyblock flag. * g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk. (get_pubkeyblock): Factor all code out to ... (get_pubkeyblock_ext): new. (finish_lookup): Add new arg allow_adsk and make use of it. -- This patch solves two purposes: - We write a note that the ADSK key was used for decryption - We avoid running into a "oops: public key not found for preference check\n" due to ADSK keys. The error is mostly harmless but lets gpg return with an exit code of 2.
* gpg: New debug flag "keydb".Werner Koch2024-08-095-23/+28
| | | | | | | | | | | | * g10/options.h (DBG_KEYDB_VALUE): New. * g10/gpg.c (debug_flags): Add it. * g10/keydb.c: Replace all DBG_LOOKUP by DBG_KEYDB. * g10/keyring.c: Ditto. * g10/call-keyboxd.c: Ditto. -- Using "lookup" also for key search debugging was not a good idea. This uses a separate flag for the latter.
* gpg: Increase compress buffer size.Werner Koch2024-08-081-1/+1
| | | | | | | * g10/compress.c (init_compress): Increase buffersize. -- This may speed up things a little bit.
* export_secret_ssh_key: Avoid memory leak.Jakub Jelen2024-07-221-1/+1
| | | | | | | | | * g10/export.c (export_secret_ssh_key): Free memory on errrors. -- GnuPG-bug-id: 7201 Signed-off-by: Jakub Jelen <[email protected]>
* gpg: Fix agent_probe_any_secret_key.NIIBE Yutaka2024-07-101-3/+8
| | | | | | | | | | * g10/call-agent.c (agent_probe_any_secret_key): No second keygrip is not an error. -- GnuPG-bug-id: 7195 Signed-off-by: NIIBE Yutaka <[email protected]>
* Use gpgrt_process_spawn API from libgpg-error.NIIBE Yutaka2024-07-092-8/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API. * common/asshelp.c (start_new_service): Ditto. * common/exechelp.h: Remove gnupg_process_spawn API. * common/exechelp-posix.c: Remove gnupg_process_spawn implementation. * common/exechelp-w32.c: Likewise. * common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API. * common/t-exechelp.c (test_pipe_stream): Remove. * dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use the gpgrt API. (ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto. * dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h. * g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API. * g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto. * g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h. * scd/apdu.c: No need to include exechelp.h. * scd/app.c (report_change): Use the gpgrt API. * sm/export.c, sm/import.c: No need to include exechelp.h. * tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap) (do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the gpgrt API. * tools/gpg-auth.c: No need to include exechelp.h. * tools/gpg-card.c (cmd_gpg): Use the gpgrt API. * tools/gpg-connect-agent.c: No need to include exechelp.h. * tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage) (start_gpg_encrypt): Use the gpgrt API. * tools/gpgconf-comp.c (gpg_agent_runtime_change) (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Ditto. * tools/gpgconf.c (show_versions_via_dirmngr): Ditto. * tools/gpgtar-create.c (gpgtar_create): Ditto. * tools/gpgtar-extract.c (gpgtar_extract): Ditto. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- GnuPG-bug-id: 7192 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Print a warning if the (draft) Kyber algorithm is used.Werner Koch2024-07-051-2/+20
| | | | * g10/keygen.c (do_generate_keypair): Check for draf Kyber stuff.
* gpg: Make --with-sig-check with -with --show-key in non-colon mode.Werner Koch2024-07-011-0/+2
| | | | * g10/keylist.c (list_keyblock_direct): Set check_sigs.
* gpg: New option --show-only-session-keyWerner Koch2024-06-244-10/+33
| | | | | | | | | | | | | | | | * g10/options.h (opt): Add show_only_session_key and turn show_session_key into a bit flag. * g10/gpg.c (oShowOnlySessionKey): New. (opts): Add "show-only-session-key". (main): Set flag. * g10/mainproc.c (proc_encrypted): Handle the new option. * g10/decrypt-data.c (decrypt_data): Ditto. Add compliance error flag to the DECRYPTION_INFO status line. -- This new option is somehow related to GnuPG-bug-id: 1825
* gpg: Rename recently added import option no-seckeys to only-pubkeys.Werner Koch2024-06-243-7/+7
| | | | | | | | | * g10/import.c (parse_import_options): Rename option. * g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS. Change all users. -- GnuPG-bug-id: 7146
* gpg: Add --import-option "no-seckeys".Werner Koch2024-06-111-0/+2
| | | | | | | * g10/import.c (parse_import_options): Add "no-seckeys". -- GnuPG-bug-id: 7146
* gpg: Allow shortcut algo string "pqc" for --quick-gen-key.Werner Koch2024-06-111-8/+12
| | | | | | | | | | | | | | | * g10/keygen.c (PQC_STD_KEY_PARAM): New. (quickgen_set_para): Always store the provided NBITS. (parse_key_parameter_string): Detect the special value "pqc". (quick_generate_keypair): Ditto. -- With this change we can finally do a gpg --quick-gen-key --batch --passphrase='' [email protected] pqc and get a full key. Currently with a brainpoolp386r1 primary key and a Kyber768_brainpoolp256 subkey.
* gpg: Do not bail out on secret keys with an unknown algoWerner Koch2024-06-111-0/+2
| | | | | | | | | * g10/getkey.c (lookup): Skip keys with unknown algos. -- If the local store has private keys with an algorithm not supported by thi version of gpg, gpg used to bail out. Thus decryption of proper messages was not possible. This fix skips such secret keys.
* gpg: Add magic parameter "default" to --quick-add-adsk.Werner Koch2024-06-055-17/+85
| | | | | | | | | | * g10/getkey.c (has_key_with_fingerprint): New. * g10/keyedit.c (menu_addadsk): Replace code by new function. (keyedit_quick_addadsk): Handle magic arg "default". * g10/keygen.c (append_all_default_adsks): New. -- GnuPG-bug-id: 6882
* gpg: Do not show RENC if no key capabilities are found for a key.Werner Koch2024-06-052-2/+8
| | | | | | * g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New. * g10/getkey.c (merge_selfsigs_subkey): Mask the default. (merge_selfsigs_main): Ditto.
* gpg: Print designated revokers also in a standard listing.Werner Koch2024-06-054-31/+67
| | | | | | | | | | * g10/keylist.c (print_revokers): Add arg with_colon, adjust callers, add human printable format. (list_keyblock_print): Call print_revokers. -- Designated revokers were only printed in --with-colons mode. For quick inspection of a key it is useful to see them right away.
* gpg: Autoload designated revoker key and ADSK when needed.Werner Koch2024-06-054-27/+42
| | | | | | | | | | | | | | | | * g10/options.h (opt): Move the definition of struct akl to global scope. * g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME. * g10/keygen.c (prepare_desig_revoker): Use it here. (prepare_adsk): and here. -- The revoker key is required before we create it along with a new key. This is because the we need to know the algo and also to make sure that the key really exists. GnuPG-bug-id: 7133
* gpg: Implement the LDAP AKL method.Werner Koch2024-06-045-98/+30
| | | | | | | | | | | | | | | * g10/keyserver.c (keyserver_import_mbox): Add arg flags and change callers. (keyserver_import_ldap): Remove. It has always returned a not implemented error since 2.1. * g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the same as KEYSERVER. -- The old LDAP mechanism to locate a server via SRV records has long been gone (since 2014) due to the dropping of the keyserver helpers. The new purpose better reflects reality and can be used in environments where keys are provided by an in-house LDAP server.
* gpg: Rename functions with an "fprint" part to "fpr"Werner Koch2024-06-0415-107/+101
| | | | | | -- The fprint is too uncommon in our code base and to similar to fprintf.
* gpg: New option --default-new-key-adsk.Werner Koch2024-06-035-52/+222
| | | | | | | | | | | | | | | | | | | | | * g10/options.h (opt): Add field def_new_key_adsks. * g10/gpg.c (oDefaultNewKeyADSK): New. (opts): Add --default-new-key-adsk. (main): Parse option. * g10/keyedit.c (menu_addadsk): Factor some code out to ... (append_adsk_to_key): new. Add compliance check. * g10/keygen.c (pADSK): New. (para_data_s): Add adsk to the union. (release_parameter_list): Free the adsk. (prepare_adsk): New. (get_parameter_adsk): New. (get_parameter_revkey): Remove unneeded arg key and change callers. (proc_parameter_file): Prepare adsk parameter from the configured fingerprints. (do_generate_keypair): Create adsk. -- GnuPG-bug-id: 6882
* indent: Fix spellingDaniel Kahn Gillmor2024-05-3122-38/+38
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* spawn: Remove spawn callback, introduce gnupg_spawn_actions.NIIBE Yutaka2024-05-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/exechelp-posix.c (call_spawn_cb): Remove. (gnupg_spawn_actions_new, gnupg_spawn_actions_release) (gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork) (gnupg_spawn_actions_set_redirect) (gnupg_spawn_actions_set_inherit_fds): New. (my_exec, spawn_detached): Use spawn actions. (gnupg_spawn_helper): Remove. (gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions. * common/exechelp-w32.c: Ditto. * common/exechelp.h: Ditto. * agent/genkey.c (do_check_passphrase_pattern): Follow the change of gnupg_process_spawn API. * common/asshelp.c (start_new_service): Likewise. * common/exectool.c (gnupg_exec_tool_stream): Likewise. * common/t-exechelp.c (test_pipe_stream): Likewise. * dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise. * g10/photoid.c (run_with_pipe): Likewise. * scd/app.c (report_change): Likewise. * tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd): Likewise. * tools/gpg-card.c (cmd_gpg): Likewise. * tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise. (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Likewise. * tools/gpgconf.c (show_versions_via_dirmngr): Likewise. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Avoid a double free on error in the key generation.Werner Koch2024-05-281-30/+23
| | | | | | | | | | * g10/keygen.c (card_store_key_with_backup): Avoid double free and simplify error handling. -- This is part of GnuPG-bug-id: 7129 Co-authored-by: Jakub Jelen <[email protected]>
* Merge branch 'STABLE-BRANCH-2-4' into masterWerner Koch2024-05-161-1/+1
|\ | | | | | | | | | | | | | | | | | | -- Fixed conflicts in: NEWS g10/call-agent.c g10/options.h kbx/kbxutil.c tools/gpgconf.c
| * gpg: Allow no CRC24 checksum in armor.NIIBE Yutaka2024-05-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | * g10/armor.c (radix64_read): Detect the end of armor when there is no CRC24 checksum. -- Cherry-pick master commit of: 3a344d6236521d768793e8b34a96a18ce13bab0e GnuPG-bug-id: 7071 Signed-off-by: NIIBE Yutaka <[email protected]>
| * gpg: Mark disabled keys and add show-ownertrust list option.Werner Koch2024-04-175-10/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (LIST_SHOW_OWNERTRUST): New. * g10/keylist.c (print_key_line): Show wonertrust and always show whether a key is disabled. * g10/gpg.c (parse_list_options): Add "show-ownertrust". * g10/gpgv.c (get_ownertrust_string): Add stub. * g10/test-stubs.c (get_ownertrust_string): Add stub. -- Note that in a --with-colons listing the ownertrust has always been emitted and the disabled state is marked in that listing with a special 'D' usage.
| * gpg: New command --quick-set-ownertrust.Werner Koch2024-04-173-1/+97
| | | | | | | | | | | | | | * g10/gpg.c (aQuickSetOwnertrust): New. (opts): Add new command. (main): Implement it. * g10/keyedit.c (keyedit_quick_set_ownertrust): New.
| * gpg: Don't show the "fast path listing" diagnostic with --quiet.Werner Koch2024-04-051-2/+3
| | | | | | | | | | | | | | | | * g10/call-agent.c (agent_probe_any_secret_key): Act on --quiet. -- When using the extra-socket this disagnostic will be printed because a listing of all secret keys is not allowed by a remote gpg.
| * gpg: Do not allow to accidently set the RENC usage.Werner Koch2024-04-041-1/+14
| | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (print_key_flags): Print "RENC" if set. (ask_key_flags_with_mask): Remove RENC from the possible set of usages. Add a direct way to set it iff the key is encryption capable. -- This could be done by using "set your own capabilities" for an RSA key. In fact it was always set in this case. GnuPG-bug-id: 7072
| * gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag.Werner Koch2024-03-142-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Force a decryption failure if any error has been seen. * g10/decrypt-data.c (aead_checktag): Issue an ERROR line. -- GnuPG-bug-id: 7042 Note that gpg in any case returns a failure exit code but due to double forking GPGME would not see it.
* | gpg: Terminate key listing on output write error.Werner Koch2024-05-154-20/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keylist.c (list_all): Handle error from list_keyblock. (list_one): Ditto. (locate_one): Ditto. (list_keyblock): Detect write error, print, and return it. (list_keyblock_direct): Return error from list_keyblock. * g10/import.c (import_one_real): Break on listing error. -- Test by using gpg -k >/dev/full GnuPG-bug-id: 6185
* | gpg: Algo "kyber" is now a shortcut for ky768_bp256.Werner Koch2024-05-061-2/+2
| | | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_part): Change Kyber defaults. -- Also kyber1024 is now a shortcut for ky1024_bp384. This change is to align it with the original wussler draft.
* | gpg: Add a notation to Kyber encryption subkeysWerner Koch2024-05-021-2/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (struct opaque_data_usage_and_pk): New. (do_add_notation): New. (keygen_add_key_flags_from_oduap): New. (write_keybinding): Prepare for de-vs cplimance notation. Add a notation to Kyber subkeys. -- This code is based on the 2.2 commit b284412786d71c1cf382e1dff3a36ec6cce11556 However the de-vs notation is currently ineffective as long as Libgcrypt won't claim compliance. The new notation fips203.ipd.2023-08-24 has been added to allow detection of subkeys which have been crated with a pre-final FIPS203 spec for Kyber.
* | gpg: New option --require-pqc-encryptionWerner Koch2024-04-244-1/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oRequirePQCEncryption): New. (opts): Add option. (main): Set option. * g10/mainproc.c (print_pkenc_list): Print a warning. * g10/options.h (flags): Add flag require_pqc_encryption. * g10/getkey.c (finish_lookup): Skip non-pqc keys if the option is set. -- GnuPG-bug-id: 6815
* | gpg: Split keygrip in a standard key listing.Werner Koch2024-04-231-2/+15
| | | | | | | | | | * g10/keylist.c (print_keygrip): New. (list_keyblock_print): Use new function to print the keygrip.
* | gpg: Support Kyber with Brainpool512r1.Werner Koch2024-04-231-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512. * agent/pkdecrypt.c (ecc_table): Support bp512 * g10/pkglue.c (do_encrypt_kem): Ditto. * tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384, and bp512. * tests/openpgp/privkeys: Add corresponding private keys. * tests/openpgp/samplemsgs: Add sample messages for those keys. -- GnuPG-bug-id: 6815
* | gpg: Support encryption with kyber_bp256 and kyber_bp384Werner Koch2024-04-232-0/+35
| | | | | | | | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384. * g10/pkglue.c (do_encrypt_kem): Ditto. -- GnuPG-bug-id: 6815 Note, this needs the very latest Libgcrypt to work properly
* | gpg: Support encryption with kyber_cv448.Werner Koch2024-04-231-13/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/pkglue.c (do_encrypt_kem): Support cv25519 w/o 0x40 prefix. Support X448. (ECC_POINT_LEN_MAX): New. (ECC_HASH_LEN_MAX): New. * common/openpgp-oid.c (oidtable): Support X448 KEM. -- This needs more work. For example we should use a parameter table like what we do in agent/pkdecrypt.c. GnuPG-bug-id: 6815
* | gpg: Prepare Kyber encryption code for more variants.Werner Koch2024-04-181-22/+66
| | | | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add field kem_algo. (openpgp_oid_to_kem_algo): New. * g10/pkglue.c (do_encrypt_kem): Add support for Kyber1024. -- GnuPG-bug-id: 6815
* | gpg: Mark disabled keys and add show-ownertrust list option.Werner Koch2024-04-175-10/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (LIST_SHOW_OWNERTRUST): New. * g10/keylist.c (print_key_line): Show wonertrust and always show whether a key is disabled. * g10/gpg.c (parse_list_options): Add "show-ownertrust". * g10/gpgv.c (get_ownertrust_string): Add stub. * g10/test-stubs.c (get_ownertrust_string): Add stub. -- Note that in a --with-colons listing the ownertrust has always been emitted and the disabled state is marked in that listing with a special 'D' usage.
* | gpg: New command --quick-set-ownertrust.Werner Koch2024-04-173-1/+97
| | | | | | | | | | | | | | * g10/gpg.c (aQuickSetOwnertrust): New. (opts): Add new command. (main): Implement it. * g10/keyedit.c (keyedit_quick_set_ownertrust): New.
* | gpg: Make --with-subkey-fingerprint the default.Werner Koch2024-04-161-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oWithoutSubkeyFingerprint): New. (opts): Add "without-subkey-fingerprint". (main): Make --with-subkey-fingerprint the default. Implementation the without option. -- Given that the default for the keyid format is none, the subkey fingerprints are important to do anything with a subkey. Thus we make the old option the default and provide a new option to revert it.
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 09:21:37 +0000