aboutsummaryrefslogtreecommitdiffstats
path: root/sm/keylist.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpgsm: Terminate key listing on output write error.Werner Koch2024-10-231-0/+15
| | | | | | | | | | | | | | | | | | | | | * sm/keylist.c (list_internal_keys): Detect write errors to the output stream. * sm/server.c (any_failure_printed): New var. (gpgsm_status2): Handle new var. Move statusfp init to ... (gpgsm_init_statusfp): new function. (gpgsm_exit_failure_status): New. * sm/gpgsm.c (main): Explicit statusfp init. (gpgsm_exit): Print failure status on error. -- Test by using gpgsm -k >/dev/full gpgsm -k --wit-colons >/dev/full and also by redirecting to a file on a small partition. GnuPG-bug-id: 6185
* sm: Emit user IDs in colon mode even if the Subject is empty.Werner Koch2024-06-211-20/+31
| | | | | | | | | | * sm/keylist.c (list_cert_colon): Rework listing of user IDs. -- Only in colon mode this did not work. Note that an updated libksba is anyway required to parse a certificate with an empty Subject. GnuPG-bug-id: 7171
* indent: Fix spellingDaniel Kahn Gillmor2024-05-311-1/+1
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* gpgsm: Set validity flag in keylisting to n for untrusted root cert.Werner Koch2023-11-271-0/+2
| | | | | | | | * sm/keylist.c (list_cert_colon): Map not_trusted to 'n' for non-root certs like we do for root certs. -- GnuPG-bug-id: 6841
* sm: Flag Brainpool curves as compliant for all other operations.Werner Koch2023-10-241-1/+1
| | | | | | | | | | | | | | * sm/fingerprint.c (gpgsm_get_key_algo_info2): Rename to (gpgsm_get_key_algo_info): this. Remove the old wrapper. Adjust all callers. * sm/decrypt.c (gpgsm_decrypt): Pass the curve to the compliance checker. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6253
* sm: Flag Brainpool curves as compliant.Werner Koch2023-10-241-3/+3
| | | | | | | | * sm/keylist.c (print_compliance_flags): Add arg curve. (list_cert_colon): Pass curve to the compliance check. -- GnuPG-bug-id: 6253
* doc: Minor typo fixes.Werner Koch2023-10-181-1/+3
| | | | --
* gpgsm: Print revocation date and reason in cert listings.Werner Koch2022-12-051-0/+18
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/ocsp.c (ocsp_isvalid): Add args r_revoked_at and r_revocation_reason. * dirmngr/server.c (cmd_isvalid): Emit a new REVOCATIONINFO status. (cmd_checkocsp): Ditto. * sm/call-dirmngr.c (struct isvalid_status_parm_s): Add new fields. (isvalid_status_cb): Parse REVOCATIONINFO. (gpgsm_dirmngr_isvalid): Add args r_revoked_at and r_revocation_reason. * sm/gpgsm.h (struct server_control_s): Add fields revoked_art and revocation_reason. * sm/keylist.c (list_cert_raw): Print revocation date. (list_cert_std): Ditto. -- Note that for now we do this only for OCSP because it is an important piece of information when using the chain model. For a sample key see commit 7fa1d3cc821dca1ea8e1c80a0bdd527177c185ee.
* gpgsm: Fix colon outout of ECC encryption certificatesWerner Koch2022-11-151-3/+3
| | | | | | | | | | * sm/keylist.c (print_capabilities): Add arg algo and use it to check for ECC capabilities. (list_cert_colon): Call with algo. -- This will mark certificates with only keyAgreement usage correctly in the --with-colons listing.
* gpgsm: New option --compatibility-flags.Werner Koch2022-06-131-5/+23
| | | | | | | | | | * sm/gpgsm.c (oCompatibilityFlags): New option. (compatibility_flags): new. (main): Parse and print them in verbose mode. * sm/gpgsm.h (opt): Add field compat_glags.: (COMPAT_ALLOW_KA_TO_ENCR): New. * sm/keylist.c (print_capabilities): Take care of the new flag. * sm/certlist.c (cert_usage_p): Ditto.
* sm: Fix use of value NONE in gnupg_isotime_t type.NIIBE Yutaka2022-02-181-3/+6
| | | | | | | | | | | | | | * common/gettime.h (GNUPG_ISOTIME_NONE): New. * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it. * sm/certlist.c (gpgsm_add_to_certlist): Likewise. * sm/import.c (check_and_store): Likewise. * sm/keylist.c (list_cert_colon, list_cert_raw): Likewise. (list_cert_std): Likewise. * sm/sign.c (gpgsm_sign): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Detect circular chains in --list-chain.Werner Koch2021-11-151-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/keylist.c (list_cert_chain): Break loop for a too long chain. -- This avoids endless loops in case of circular chain definitions. We use such a limit at other palces as well. Example for such a chain is # ------------------------ >8 ------------------------ ID: 0xBE231B05 S/N: 51260A931CE27F9CC3A55F79E072AE82 (dec): 107864989418777835411218143713715990146 Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53 sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05 md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6 pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678 certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82 keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9 notBefore: 2005-06-07 08:09:10 notAfter: 2019-06-24 19:06:30 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A authKeyId: [none] authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F [...] Certified by ID: 0xCE2E4C63 S/N: 46EAF096054CC5E3FA65EA6E9F42C664 (dec): 94265836834010752231943569188608722532 Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73 sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63 md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27 pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840 certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664 keygrip: 10678FB5A458D99B7692851E49849F507688B847 notBefore: 2005-06-07 08:09:10 notAfter: 2020-05-30 10:48:38 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F authKeyId: [none] authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A keyUsage: certSign crlSign [...] Which has a circular dependency on subKeyId/authkeyId.ki.
* sm: Add LotW support to the key listingWerner Koch2021-09-091-0/+7
| | | | | | | | | | * sm/certdump.c (parse_dn_part): Translate OID to "Callsign" * sm/keylist.c (oidtranstbl): Some more OIDs. -- This is Ham thingy to make it easier to read LotW certificates. Signed-off-by: Werner Koch <[email protected]>
* sm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.Werner Koch2021-05-201-7/+45
| | | | | | | | | | * sm/keylist.c (list_cert_raw): Print the OpenPGP fpr. -- This is useful for debugging for example if an OpenPGP key is used to create an X.509 cert. Signed-off-by: Werner Koch <[email protected]>
* sm: New command --show-certsWerner Koch2021-04-201-0/+95
| | | | | | | | | | | | | | | * sm/keylist.c (do_show_certs): New. (gpgsm_show_certs): New. * sm/gpgsm.c (aShowCerts): New. (opts): Add --show-certs. (main): Call gpgsm_show_certs. -- I have been using libksba test programs for countless times to look at certificates and I always wanted to add such a feature to gpgsm. This is simply much more convenient. Signed-off-by: Werner Koch <[email protected]>
* sm: Add a few more OIDs to the table for nicer keylistingsWerner Koch2021-03-241-0/+4
| | | | --
* sm: Extend the list of known OIDs.Werner Koch2021-02-221-4/+16
| | | | | * sm/keylist.c (oidtranstbl): Add a couple of OIDs and mark them for key usage.
* sm: Add a few OIDs and merge OID tables.Werner Koch2021-02-011-52/+44
| | | | | | | | | | * sm/keylist.c (OID_FLAG_KP): New. (key_purpose_map): Merge into ... (oidtranstbl): this. (get_oid_desc): New arg 'matchflag'. Use function in place of direct access to key_purpose_map. Signed-off-by: Werner Koch <[email protected]>
* sm: Implement initial support for keyboxd.Werner Koch2020-09-101-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (MAX_FINGERPRINT_LEN): New. * sm/keydb.c (struct keydb_local_s): Change definition of search_result. (keydb_get_cert): Implement keyboxd mode. (keydb_get_flags): Temporary hack for keyboxd mode. Needs to be fixed. (struct store_parm_s, store_inq_cb): New. (keydb_insert_cert): Implement keyboxd mode. (keydb_locate_writable): Make static. (keydb_search_reset): Implement keyboxd mode. (search_status_cb): New. (keydb_search): Implement keyboxd mode. Replace return code -1 by GPG_ERR_NOT_FOUND. (keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND. * sm/keylist.c (list_cert_colon): Adjust for replacement of -1 by GPG_ERR_NOT_FOUND. (list_internal_keys): Ditto. * sm/sign.c (add_certificate_list): Ditto. * sm/certchain.c (find_up_search_by_keyid): Ditto. (find_up_external, find_up, find_up_dirmngr): Ditto. (gpgsm_walk_cert_chain): Ditto. (get_regtp_ca_info): Ditto. * sm/certlist.c (gpgsm_add_to_certlist): Ditto. (gpgsm_find_cert): Ditto. * sm/delete.c (delete_one): Ditto. * sm/export.c (gpgsm_export): Ditto. (gpgsm_p12_export): Ditto. * sm/import.c (gpgsm_import_files): Ditto. -- Note that keyboxd is not yet able to handle the ephemeral flag. This needs fixing here and in keyboxd. Delete et al. is also not yet implemented. A basic key listing works, though. Signed-off-by: Werner Koch <[email protected]>
* sm: Add arg ctrl to keydb_new.Werner Koch2020-09-031-1/+1
| | | | | | | * sm/keydb.c (keydb_new): Add arg and change all callers. -- This will be used later.
* sm: Also show the SHA-256 fingerprint.Werner Koch2020-08-041-1/+13
| | | | | | | | * sm/keylist.c (list_cert_colon): Emit a new "fp2" record. (list_cert_raw): Print the SHA2 fingerprint. (list_cert_std): Ditto. Signed-off-by: Werner Koch <[email protected]>
* gpgsm: Replace all assert calls by log_assert.Werner Koch2020-07-081-2/+1
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* sm: Exclude rsaPSS from de-vs compliance mode.Werner Koch2020-07-031-1/+4
| | | | | | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_RSAPSS): New. * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and test rsaPSS. Adjust all callers. (gnupg_pk_is_allowed): Ditto. * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function. (gpgsm_get_hash_algo_from_sigval): New. * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS. * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to also get the algo flags. Pass algo flags along. Signed-off-by: Werner Koch <[email protected]>
* sm: Print the serial number of a cert also in decimal.Werner Koch2020-06-261-2/+8
| | | | | | | | | | | | * sm/certdump.c: Include membuf.h. (gpgsm_print_serial_decimal): New. * sm/keylist.c (list_cert_raw): Print s/n also in decimal (list_cert_std): Ditto. -- Many CA's print the serial number in decimal on their cards. Signed-off-by: Werner Koch <[email protected]>
* sm: Print the key types as standard key algorithm strings.Werner Koch2020-05-071-12/+13
| | | | | | | | | | | | | | | | * sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ... (gpgsm_get_key_algo_info2): new. (gpgsm_pubkey_algo_string): New. * sm/keylist.c (list_cert_colon): Put curve into field 17 (list_cert_raw): Print the unified key algotithm string instead of the algo and size. (list_cert_std): Ditto. -- It is important to known whether a 256 bit ECC uses a NIST or a Brainpool curve. Signed-off-by: Werner Koch <[email protected]>
* sm: Lookup missing issuers first using authorityInfoAccess.Werner Koch2020-04-161-1/+1
| | | | | | | | | | | | | | | | * sm/call-dirmngr.c (gpgsm_dirmngr_lookup): Add optional arg URL and adjust all callers. * sm/certchain.c (oidstr_caIssuers): New. (struct find_up_store_certs_s): Add additional fields. (find_up_store_certs_cb): Store the fingerprint. (find_up_via_auth_info_access): New. (find_up): Try the AIA URI first. -- Note that --auto-issuer-key-retrieve is required to use that. GnuPG-bug-id: 4898 Signed-off-by: Werner Koch <[email protected]>
* sm: Add a couple of debug calls to the keydb module.Werner Koch2019-05-151-0/+2
| | | | | | | | | | | | | | * sm/gpgsm.h (DBG_CLOCK_VALUE, DBG_CLOCK): New. (DBG_LOOKUP_VALUE, DBG_LOOKUP): New. * sm/gpgsm.c: new debug flags "lookup" and "clock" * sm/keydb.c: Add log_clock calls to most functions. (keydb_search_desc_dump): New. (keydb_search) [DBG_LOOKUP]: Print descrh decription. * sm/keylist.c (list_cert_std): Flush FP in debug mode to better syncronize the output with the debug output -- Signed-off-by: Werner Koch <[email protected]>
* kbx: Unify the fingerprint search modes.Werner Koch2019-03-141-2/+0
| | | | | | | | | | | | | | | * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16) (KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove. Switch all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value. -- These search modes were added over time and there has until recently be no incentive to remove the cruft. With the change for v5 keys I finally went over all places and allowed the generic fingerprint mode along with a given length of the fingerprint at all places. Consequently the other modes can now be removed. Signed-off-by: Werner Koch <[email protected]>
* sm: Print Yubikey attestation extensions with --dump-cert.Werner Koch2019-03-011-3/+37
| | | | | | | | | * sm/keylist.c (oidtranstbl): Add Yubikey OIDs. (OID_FLAG_HEX): New. (print_hex_extn): New. (list_cert_raw): Make use of that flag. Signed-off-by: Werner Koch <[email protected]>
* sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.Werner Koch2019-02-281-4/+9
| | | | | | | | | | | | | | | | | | * sm/keylist.c (print_compliance_flags): Also check the diges_also. -- A certificate with algorithm sha1WithRSAEncryption can be de-vs compliant (e.g. if the next in the chain used sha256WithRSAEncryption to sign it and RSA is long enough) but flagging it as such is useless because that certificate can't be used because it will create signatures using the non-compliant SHA-1 algorithm. Well, it could be used for encryption. But also evaluating the key-usage flags here would make it harder for the user to understand why certain certificates are listed as de-vs compliant and others are not. Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: New option --with-key-screening.Werner Koch2017-10-171-3/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/pkscreening.c: New. * common/pkscreening.h: New. * common/Makefile.am (common_sources): Add them. * g10/gpg.c (opts): New option --with-key-screening. * g10/options.h (struct opt): New field with_key_screening. * g10/keylist.c: Include pkscreening.h. (print_pk_screening): New. (list_keyblock_print): Call it. (print_compliance_flags): Call it. * sm/gpgsm.c (opts): New option --with-key-screening. * sm/gpgsm.h (scruct opt): New field with_key_screening. * sm/keylist.c: Include pkscreening.h. (print_pk_screening): New. (print_compliance_flags): Call it. Add new arg cert. (list_cert_colon): Pass arg cert (list_cert_std): Call print_pk_screening. * sm/fingerprint.c (gpgsm_get_rsa_modulus): New. -- This new option can be used to detect ROCA affected keys. To scan an entire keyring and print the affected fingerprints use this: gpg -k --with-key-screening --with-colons | gawk -F: \ '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next}; $1=="fpr" && found {print $10}; {found=0}' The same works for gpgsm. Note that we need gawk due to the "\<" in the r.e. Signed-off-by: Werner Koch <[email protected]>
* sm: Fix colon listing of fields > 12 in crt records.Werner Koch2017-10-171-2/+1
| | | | | | | | | * sm/keylist.c (print_capabilities): Move colon printing ... (list_cert_colon): to here. -- Fixes-commit: 7af008bfe1641938a6c2c995cb065829fa05a693 Signed-off-by: Werner Koch <[email protected]>
* sm: Always print the keygrip in colon mode.Werner Koch2017-08-081-7/+7
| | | | | | | * sm/keylist.c (list_cert_colon): Always print the keygrip as described in the manual. Signed-off-by: Werner Koch <[email protected]>
* gpg,common: Move the compliance framework.Justus Winter2017-06-011-2/+3
| | | | | | | | | | | | | | * common/Makefile.am (common_sources): Add new files. * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here, and tweak it to not rely on types private to gpg. * common/compliance.h: New file. Move the compliance enum here. * g10/keylist.c (print_compliance_flags): Adapt callsite. * g10/main.h (gnupg_pk_is_compliant): Remove prototype. * g10/misc.c (gnupg_pk_is_compliant): Remove function. * g10/options.h (opt): Use the new compliance enum. * sm/keylist.c (print_compliance_flags): Use the common functions. Signed-off-by: Justus Winter <[email protected]>
* Spelling fixes in docs and comments.NIIBE Yutaka2017-04-281-1/+1
| | | | | | | | | | -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Add new field no 18 to the colon listing.Werner Koch2017-03-201-3/+15
| | | | | | | | | | | | | | | * g10/misc.c (gnupg_pk_is_compliant): New. * g10/keylist.c (print_compliance_flags): New. (list_keyblock_colon): Call it here. * sm/keylist.c (print_compliance_flags): New. (list_cert_colon): Call it here. -- This patch is to convey information about DE_VS compliant keys to the caller. The double digit value is used so that parsers do the right thing and don't just look for a single digit. Signed-off-by: Werner Koch <[email protected]>
* Remove -I option to common.NIIBE Yutaka2017-03-071-2/+2
| | | | | | | | | | | | | * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <[email protected]>
* Clean up word replication.Yuri Chornoivan2017-02-211-1/+1
| | | | | | | | | -- This fixes extra word repetitions (like "the the" or "is is") in the code and docs. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.Werner Koch2016-11-101-4/+3
| | | | | | | | | | | | | | | | * g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED file-global. Write a STATUS_ERROR. (maybe_create_keyring_or_box): Check for non-accessible but existant file. (keydb_search): Write a STATUS_ERROR if no keyring has been registered but continue to return NOT_FOUND. * sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED and make file-global. Write a STATUS_ERROR. (keydb_search): Write a STATUS_ERROR if no keyring has been registered but continue to return NOT_FOUND. Also add new arg CTRL and change all callers to pass it down. Signed-off-by: Werner Koch <[email protected]>
* sm: Remove unused arg SECRET from keydb functions.Werner Koch2016-11-101-1/+1
| | | | | | | | * sm/keydb.c (struct resource_item): Remove field 'secret'. (keydb_add_resource): Remove arg 'secret' and change all callers. (keydb_new): Ditto. Signed-off-by: Werner Koch <[email protected]>
* Change all http://www.gnu.org in license notices to https://Werner Koch2016-11-051-1/+1
| | | | --
* gpgsm: Fix machine-readable key listing.Justus Winter2016-08-011-1/+0
| | | | | | | * sm/keylist.c (list_cert_colon): Drop superfluous colon. GnuPG-bug-id: 2432 Signed-off-by: Justus Winter <[email protected]>
* Add new option --with-secret.Werner Koch2014-06-031-5/+9
| | | | | | | | | | | | | | | | | | | * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass.
* Change all quotes in strings and comments to the new GNU standard.Werner Koch2012-06-051-1/+1
| | | | | | | | | | | | | | | | | | | The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
* gpgsm: Add new validation model "steed".Werner Koch2011-12-071-9/+19
| | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (VALIDATE_FLAG_STEED): New. * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed". * sm/server.c (option_handler): Allow validation model "steed". * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New. * sm/certchain.c (do_validate_chain): Handle the well-known-private-key attribute. Support the "steed" model. (gpgsm_validate_chain): Ditto. * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line. * sm/keylist.c (list_cert_colon): Print the new 'w' flag. -- This is the first part of changes to implement the STEED proposal as described at http://g10code.com/steed.html . The idea for X.509 is not to use plain self-signed certificates but certificates signed by a dummy CA (i.e. one for which the private key is known). Having a single CA as an indication for the use of STEED might help other X.509 implementations to implement STEED.
* gpgsm: Allow arbitrary extensions for cert creation.Werner Koch2011-12-061-0/+1
| | | | | | | | * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New. (read_parameters): Add new keywords. (proc_parameters): Check values of new keywords. (create_request): Add SubjectKeyId and extensions. (parse_parameter_usage): Support "cert" and the encrypt alias "encr".
* Fix regression in gpg's mail address parsing.Werner Koch2011-04-251-1/+1
| | | | | | Since 2009-12-08 gpg was not able to find email addresses indicated by a leading '<'. This happened when I merged the user id classification code of gpgsm and gpg.
* Support X.509 certificate creation.Werner Koch2011-03-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Using "gpgsm --genkey" allows the creation of a self-signed certificate via a new prompt. Using "gpgsm --genkey --batch" should allow the creation of arbitrary certificates controlled by a parameter file. An example parameter file is Key-Type: RSA Key-Length: 1024 Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA Key-Usage: sign, encrypt Serial: random Name-DN: CN=some test key Name-Email: [email protected] Name-Email: [email protected] Hash-Algo: SHA384 not-after: 2038-01-16 12:44 This creates a self-signed X.509 certificate using the key given by the keygrip and using SHA-384 as hash algorithm. The keyword signing-key can be used to sign the certificate with a different key. See sm/certreggen.c for details.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-66/+66
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Add new option --with-keygripWerner Koch2010-10-081-0/+10
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 09:27:50 +0000