aboutsummaryrefslogtreecommitdiffstats
path: root/sm/certreqgen.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpgsm: Allow CSR generation with an unprotected key.Werner Koch2025-01-291-1/+4
| | | | | | | * sm/call-agent.c (gpgsm_agent_genkey): Add arg no_protection. * sm/certreqgen.c (struct reqgen_ctrl_s): Add field no_protection. (read_parameters): Add keyword "%no-protection". (proc_parameters): Pass no_protection to gpgsm_agent_genkey.
* indent: Fix spellingDaniel Kahn Gillmor2024-05-311-2/+2
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* gpgsm: Allow to add extensions at the --gen-key prompt.Werner Koch2024-03-271-0/+5
| | | | | | | | | | * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Add a prompt for extensions. -- An example for an extension would be extKeyUsage for authentication: 2.5.29.37 n 301406082B0601050507030206082B06010505070301
* gpgsm: Replace all assert calls by log_assert.Werner Koch2020-07-081-4/+7
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* sm: Fix recently introduced regression in CSR creation.Werner Koch2020-06-031-1/+5
| | | | | | | | * sm/certreqgen.c (create_request): Also set SIGKEYLEN. -- Fixes-commit: 44676819f2873705b78849e7b2fd22214b691642 Signed-off-by: Werner Koch <[email protected]>
* sm: Create ECC certificates with AKI and SKI by default.Werner Koch2020-05-191-31/+127
| | | | | | | | * sm/certreqgen.c (create_request): Create AKI and SKI by default. -- GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <[email protected]>
* sm: Support creation of EdDSA certificates.Werner Koch2020-05-181-21/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/misc.c (transform_sigval): Support EdDSA. * sm/certreqgen.c (create_request): Support EdDSA cert creation. * sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to hash algos. * sm/call-agent.c (struct sethash_inq_parm_s): New. (sethash_inq_cb): New. (gpgsm_agent_pksign): Add mode to pass plain data for EdDSA. -- Tested using a parameter file Key-Type: EdDSA Key-Length: 1024 Key-Grip: 09D9AE3D494F7888C93BE5106AD8A734A87617F0 Key-Usage: sign Serial: random Name-DN: CN=dummy test ed25519 where the keygrip is from a gpg generated Ed25519 key. ECDSA was tested using Key-Type: ECDSA Key-Length: 1024 Key-Grip: 8E06A180EFFE4C65B812150CAF19BF30C0689A4C Key-Usage: sign Serial: random Name-DN: CN=dummy test nistp256 and RSA using Key-Type: RSA Key-Length: 2048 Key-Grip: C6A6390E9388CDBAD71EAEA698233FE5E04F001E Key-Usage: sign Serial: random Name-DN: CN=dummy test rsa The command used in all cases is gpgsm -v --gen-key --batch a.parm >a.crt gpgsm -v --import <a.crt More support, in particular in the user interface, is required and will follow soon. GnuPG-bug-id: 4888 Signed-off-by: Werner Koch <[email protected]>
* sm: Fix possible NULL deref in error messages of --gen-key.Werner Koch2020-03-301-20/+20
| | | | | | | | * sm/certreqgen.c: Protect printing the liniernur in case of !R. -- GnuPG-bug-id: 4895 Signed-off-by: Werner Koch <[email protected]>
* gpgsm: Fix the previous commit.NIIBE Yutaka2020-03-271-5/+5
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgsm: Support key generation with ECC.NIIBE Yutaka2020-03-261-5/+37
| | | | | | | | | * sm/certreqgen.c (pKEYCURVE): New. (read_parameters): Add pKEYCURVE handling. (proc_parameters): Support ECC key generation. GnuPG-bug-id: 4888 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgsm: Remove restriction of key generation (only RSA).NIIBE Yutaka2020-03-261-8/+9
| | | | | | | | | | | * sm/certreqgen.c (proc_parameters): Remove checking GCRY_PK_RSA. -- This is an initial change to support ECC key generation. GnuPG-bug-id: 4888 Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Fix certificate creation with key on card.Werner Koch2019-02-211-1/+1
| | | | | | | | | | | | | | * sm/certreqgen.c (create_request): Fix for certmode. -- When using an existing key from a card for certificate signing (in contrast to the default of generating a CSR), the code tried to use the same key for signing instead of the Signing-Key parameter. It is perfectly okay to use the regular signing path via gpg-agent for certificate creation - only self-signed certificates with a key on the card require the direct use of the card key (via "SCD PKSIGN"). Signed-off-by: Werner Koch <[email protected]>
* sm: Support generation of card-based ed25519 CSR.Damien Goutte-Gattat via Gnupg-devel2019-02-181-2/+4
| | | | | | | | | | | | | * sm/call-agent.c (gpgsm_scd_pksign): Allow SHA512. Create proper S-expression for EdDSA signature. * sm/certreqgen.c (create_request): Force use of SHA512 when using a ed25519 key. * sm/misc.c (transform_sigval): Insert OID for ed25519. -- GnuPG-bug-id: 4013 Signed-off-by: Damien Goutte-Gattat <[email protected]>
* gpgsm: default to 3072-bit keys.Daniel Kahn Gillmor2017-09-081-2/+2
| | | | | | | | | | | | | | | | | | * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update default to 3072 bits. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to 3072 bits. * sm/certreqgen.c (proc_parameters): update default to 3072 bits. * sm/gpgsm.c (main): print correct default_pubkey_algo. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gbp-Pq: Topic update-defaults Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
* Remove -I option to common.NIIBE Yutaka2017-03-071-1/+1
| | | | | | | | | | | | | * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Rename remaining symbols in ksba-io-support.Werner Koch2017-02-161-3/+3
| | | | | | | | | | | | | | | | | | * common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ... (gnupg_ksba_reader_eof_seen): this. Change all callers. (gpgsm_destroy_reader): Rename to ... (gnupg_ksba_destroy_reader): this. Change all callers. (gpgsm_finish_writer): Rename to ... (gnupg_ksba_finish_writer): this. Change all callers. (gpgsm_destroy_writer): Rename to ... (gnupg_ksba_destroy_writer): this. Change all callers. * common/ksba-io-support.c (struct base64_context_s): Rename to ... (gnupg_ksba_io_s): this. * common/ksba-io-support.h (base64_context_s): Ditto. (Base64Context): Rename this typedef to ... (gnupg_ksba_io_t): this. Change all users. Signed-off-by: Werner Koch <[email protected]>
* common: Remove gpgsm dependencies from ksba-io-support.Werner Koch2017-02-161-1/+5
| | | | | | | | | | | | | | | | | * common/ksba-io-support.c: Include ksba-io-support.h instead of ../sm/gpgsm.h. Include util.h. (writer_cb_parm_s): Remove const from 'pem_name'. (gpgsm_destroy_writer): Free 'pem_name'. (gpgsm_create_reader): Rename to ... (gnupg_ksba_create_reader): this. Replace args CTRL and ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate FLAGS. Change all callers to pass the FLAGS. (gpgsm_create_writer): Rename to ... (gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS. Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change all callers to pass the FLAGS and PEM_NAME. Signed-off-by: Werner Koch <[email protected]>
* Change all http://www.gnu.org in license notices to https://Werner Koch2016-11-051-1/+1
| | | | --
* Fix use cases of snprintf.NIIBE Yutaka2016-10-211-1/+1
| | | | | | | | | | | * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Allow combination of usage flags --gen-key.Werner Koch2015-10-281-31/+46
| | | | | | | | | * sm/certreqgen.c (create_request): Re-implement building of the key-usage extension. -- GnuPG-bug-id: 2029 Signed-off-by: Werner Koch <[email protected]>
* sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).Werner Koch2015-03-251-1/+1
| | | | | | | | * sm/certreqgen.c (create_request): Change default hash algo. * sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change default bulk cipher algo. -- Signed-off-by: Werner Koch <[email protected]>
* sm: Silence compiler warnings.Werner Koch2014-09-181-1/+1
| | | | | | * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I. * sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler warning.
* Change all quotes in strings and comments to the new GNU standard.Werner Koch2012-06-051-8/+8
| | | | | | | | | | | | | | | | | | | The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
* gpgsm: Allow specification of an AuthorityKeyIdentifier.Werner Koch2011-12-061-0/+56
| | | | | | | * sm/certreqgen.c (pAUTHKEYID): New. (read_parameters): Add keyword Authority-Key-Id. (proc_parameters): Check its value. (create_request): Insert an Authority-Key-Id.
* gpgsm: Allow arbitrary extensions for cert creation.Werner Koch2011-12-061-2/+182
| | | | | | | | * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New. (read_parameters): Add new keywords. (proc_parameters): Check values of new keywords. (create_request): Add SubjectKeyId and extensions. (parse_parameter_usage): Support "cert" and the encrypt alias "encr".
* gpgsm: Fix storing of the serial numberWerner Koch2011-12-061-1/+1
| | | | * sm/certreqgen.c (create_request): Fix hex-bin conversion.
* Replace gcry_md_start_debug by gcry_md_debug.Werner Koch2011-09-201-1/+1
| | | | | This is to allow building with Libgcrypt master (1.6) which has some cleanups in the API/ABI.
* Fix size_t vs int issues.Marcus Brinkmann2011-06-011-1/+1
|
* Move parameter file description to the manual.Werner Koch2011-03-011-121/+14
|
* Support X.509 certificate creation.Werner Koch2011-03-011-68/+425
| | | | | | | | | | | | | | | | | | | | | | | | | Using "gpgsm --genkey" allows the creation of a self-signed certificate via a new prompt. Using "gpgsm --genkey --batch" should allow the creation of arbitrary certificates controlled by a parameter file. An example parameter file is Key-Type: RSA Key-Length: 1024 Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA Key-Usage: sign, encrypt Serial: random Name-DN: CN=some test key Name-Email: [email protected] Name-Email: [email protected] Hash-Algo: SHA384 not-after: 2038-01-16 12:44 This creates a self-signed X.509 certificate using the key given by the keygrip and using SHA-384 as hash algorithm. The keyword signing-key can be used to sign the certificate with a different key. See sm/certreggen.c for details.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-29/+28
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Remove superfluous parameter.Werner Koch2010-11-261-1/+1
| | | | | Make self-check interval larger
* 2010-04-23 Marcus Brinkmann <[email protected]>Marcus Brinkmann2010-04-231-2/+2
| | | | | | * certreqgen.c (read_parameters): Use ascii_isspace instead of spacep to stop at newline, too.
* Removed almost al dup calls.Werner Koch2010-03-081-3/+4
|
* Add gpgconf related dummy options default_pubkey_algo.Werner Koch2009-11-231-1/+2
| | | | | | Add option --skip-hidden-recipients Comment updates.
* Change fallback keysize to 2048Werner Koch2009-11-101-3/+3
|
* Fixed a bunch of little bugs as reported by Fabian Keil.Werner Koch2009-06-241-1/+1
| | | | | Still one problem left; marked with a gcc #warning.
* Add a custom prompt for the CSR generation.Werner Koch2008-12-051-6/+20
| | | | | Add a new percent escape fucntion.
* Fixed creation of private keys under W32.Werner Koch2007-08-221-3/+2
| | | | | Minor code cleanups.
* Updated estream.Werner Koch2007-08-221-21/+7
| | | | | More changes for Windows.
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* Fixed a problem in estream-printf.c.Werner Koch2007-06-251-4/+4
| | | | | Changes for Windows (gpgsm -k does now work). Minor cleanups.
* Implemented the --gen-key command as we can't use the gpgsm-gencert.sh under ↵Werner Koch2007-06-211-5/+9
| | | | Windows.
* Allow export to work on systems without funopen/fopencookie.Werner Koch2007-03-191-1/+1
|
* No more warnings for AMD64 (at least when cross-compiling). Thus tehre is aWerner Koch2006-11-211-1/+1
| | | | | | | good chance that gpg2 will now work. Other cleanups. Updated gettext.
* Allow pkcs#10 creation directkly from a smart cardWerner Koch2006-10-111-17/+57
|
* The big Assuan error code removal.Werner Koch2006-09-061-3/+3
|
* Minor changes and typo fixes.Werner Koch2006-09-061-1/+1
|
* With --enable-gpg the keyservers are now build and a first test using gpg2Werner Koch2006-08-161-4/+2
| | | | | shows no prblems. Needs more testing of course.
* better reporting of bad DNsWerner Koch2006-07-031-7/+23
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 09:28:27 +0000