security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10/call-agent.h

242 lines
9.6 KiB
C
Raw Normal View History

A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
/* call-agent.h - Divert operations to the agent
* Copyright (C) 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* the Free Software Foundation; either version 3 of the License, or
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
*/
#ifndef GNUPG_G10_CALL_AGENT_H
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
#define GNUPG_G10_CALL_AGENT_H
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
g10: Change ask_curve so that it can be used outside. * g10/call-agent.h (struct key_attr): New. * g10/keygen.c (ask_curve): Return const char *. No allocation. (quick_generate_keypair): Follow the change. (generate_keypair, generate_subkeypair): Likewise. (parse_algo_usage_expire): Return const char *. -- This change is intended for using ask_curve from card-util.c. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-28 11:44:45 +02:00
struct key_attr {
int algo; /* Algorithm identifier. */
union {
unsigned int nbits; /* Supported keysize. */
const char *curve; /* Name of curve. */
};
};
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct agent_card_info_s
g10/ does build again.
2006-05-23 18:19:43 +02:00
{
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
int error; /* private. */
scd: Add reder information to --card-status. * g10/call-agent.h, g10/call-agent.c (agent_release_card_info) g10/card-util.c (card_status): Add READER. * scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME. (apdu_get_reader_name): New. * scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P. * scd/command.c (cmd_learn): Return READER information.
2015-11-09 08:15:44 +01:00
char *reader; /* Reader information. */
Add a sample key. Detect and show the card type.
2009-01-13 15:01:56 +01:00
char *apptype; /* Malloced application type string. */
* app-openpgp.c (store_fpr): Fixed fingerprint calculation. * keygen.c (gen_card_key): Obviously we should use the creation date received from SCDAEMON, so that the fingerprints will match. * sign.c (do_sign): Pass the serialno to the sign code. * keyid.c (serialno_and_fpr_from_sk): New.
2003-07-01 10:34:45 +02:00
char *serialno; /* malloced hex string. */
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
char *disp_name; /* malloced. */
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
char *disp_lang; /* malloced. */
int disp_sex; /* 0 = unspecified, 1 = male, 2 = female */
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
char *pubkey_url; /* malloced. */
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
char *login_data; /* malloced. */
g10/ does build again.
2006-05-23 18:19:43 +02:00
char *private_do[4]; /* malloced. */
gpg: Prepare for longer card fingerprints. * g10/call-agent.h (agent_card_info_s): Rename the "*valid" fields to "*len". * g10/call-agent.c (unhexify_fpr): Change to take a FPRLEN and to return the actual length. (agent_release_card_info): Adjust for these changes. * g10/card-util.c (print_sha1_fpr): Rename to print_shax_fpr and add arg FPRLEN. Change all callers to pass the length. (print_sha1_fpr_colon): Rename to print_shax_fpr_colon and add arg FPRLEN. Change all callers to pass the length. (fpr_is_zero): Add arg FPRLEN. (fpr_is_ff): Ditto. (show_card_key_info): Use the new functions. * g10/skclist.c (enum_secret_keys): Use MAX_FINGERPRINT_LEN. -- This is not needed right now but we should get rid of all hard coded fingerprint lengths. Thus this change. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-27 16:57:04 +02:00
char cafpr1len; /* Length of the CA-fingerprint or 0 if invalid. */
char cafpr2len;
char cafpr3len;
* card-util.c (change_login): Kludge to allow reading data from a file. (card_edit): Pass ARG_STRING to change_login. (card_status): Print CA fingerprints. (change_cafpr): New. (card_edit): New command CAFPR. * call-agent.h: Add members for CA fingerprints. * call-agent.c (agent_release_card_info): Invalid them. (learn_status_cb): Store them.
2004-07-01 19:42:09 +02:00
char cafpr1[20];
char cafpr2[20];
char cafpr3[20];
gpg: Prepare for longer card fingerprints. * g10/call-agent.h (agent_card_info_s): Rename the "*valid" fields to "*len". * g10/call-agent.c (unhexify_fpr): Change to take a FPRLEN and to return the actual length. (agent_release_card_info): Adjust for these changes. * g10/card-util.c (print_sha1_fpr): Rename to print_shax_fpr and add arg FPRLEN. Change all callers to pass the length. (print_sha1_fpr_colon): Rename to print_shax_fpr_colon and add arg FPRLEN. Change all callers to pass the length. (fpr_is_zero): Add arg FPRLEN. (fpr_is_ff): Ditto. (show_card_key_info): Use the new functions. * g10/skclist.c (enum_secret_keys): Use MAX_FINGERPRINT_LEN. -- This is not needed right now but we should get rid of all hard coded fingerprint lengths. Thus this change. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-27 16:57:04 +02:00
unsigned char fpr1len; /* Length of the fingerprint or 0 if invalid. */
unsigned char fpr2len;
unsigned char fpr3len;
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
char fpr1[20];
char fpr2[20];
char fpr3[20];
g10/ does build again.
2006-05-23 18:19:43 +02:00
u32 fpr1time;
u32 fpr2time;
u32 fpr3time;
gpg: Print the keygrip with --card-status * g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and grp3. * g10/call-agent.c (unhexify_fpr): Allow for space as delimiter. (learn_status_cb): Parse KEYPARIINFO int the grpX fields. * g10/card-util.c (print_keygrip): New. (current_card_status): Print "grp:" records or with --with-keygrip a human readable keygrip. -- Suggested-by: Peter Lebbing <peter@digitalbrains.com> Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-01 19:03:23 +01:00
char grp1[20]; /* The keygrip for OPENPGP.1 */
char grp2[20]; /* The keygrip for OPENPGP.2 */
char grp3[20]; /* The keygrip for OPENPGP.3 */
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
unsigned long sig_counter;
int chv1_cached; /* True if a PIN is not required for each
signing. Note that the gpg-agent might cache
it anyway. */
Finished support for v2 cards with the exception of secure messaging.
2008-09-25 12:06:02 +02:00
int is_v2; /* True if this is a v2 card. */
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
int chvmaxlen[3]; /* Maximum allowed length of a CHV. */
int chvretry[3]; /* Allowed retries for the CHV; 0 = blocked. */
g10: Change ask_curve so that it can be used outside. * g10/call-agent.h (struct key_attr): New. * g10/keygen.c (ask_curve): Return const char *. No allocation. (quick_generate_keypair): Follow the change. (generate_keypair, generate_subkeypair): Likewise. (parse_algo_usage_expire): Return const char *. -- This change is intended for using ask_curve from card-util.c. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-28 11:44:45 +02:00
struct key_attr key_attr[3];
Make use of the card's extended capabilities.
2009-07-22 19:21:47 +02:00
struct {
unsigned int ki:1; /* Key import available. */
unsigned int aac:1; /* Algorithm attributes are changeable. */
scd: Support KDF DO setup. * g10/call-agent.c (learn_status_cb): Parse the capability for KDF. * g10/card-util.c (gen_kdf_data, kdf_setup): New. (card_edit): New admin command cmdKDFSETUP to call kdf_setup. * scd/app-openpgp.c (do_getattr): Emit KDF capability. -- GnuPG-bug-id: 3823 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-22 07:50:31 +01:00
unsigned int kdf:1; /* KDF object to support PIN hashing available. */
g10,scd: Improve UIF support. * g10/call-agent.c (learn_status_cb): Parse "bt" flag. * g10/call-agent.h: New member field "bt". * g10/card-util.c (uif): Limit its access only when it is supported. * scd/app-openpgp.c (do_setattr): Allow access to UIF objects only when there is a button. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-25 09:20:20 +02:00
unsigned int bt:1; /* Button for confirmation available. */
Make use of the card's extended capabilities.
2009-07-22 19:21:47 +02:00
} extcap;
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
unsigned int status_indicator;
card: Fix showing KDF object attribute. * g10/call-agent.c (learn_status_cb): Parse the KDF DO. * g10/card-util.c (current_card_status): Show it correctly. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-19 06:26:49 +02:00
int kdf_do_enabled; /* Non-zero if card has a KDF object, 0 if not. */
card: Display UIF setting. * g10/call-agent.h (agent_card_info_s): Add UIF fields. * g10/call-agent.c (learn_status_cb): Put UIF DOs info. * g10/card-util.c (current_card_status): Output for UIF. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-15 05:57:31 +01:00
int uif[3]; /* True if User Interaction Flag is on. */
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
};
gpg: Rename the struct card_key_info_s. * g10/call-agent.h (struct card_key_info_s): Rename to ... (struct keypair_info_s): this. (keypair_info_t): New. Use this everywhere instead of card_key_info_s. * g10/call-agent.c (agent_scd_free_keyinfo): Rename to .. (free_keypair_info): this. Change all callers. -- The struct is also useful to store the data from KEYPAIRINFO status lines. Thus renaming it makes sense. A future patch will extend the struct. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-12 17:29:51 +01:00
/* Object to store information from the KEYPAIRINFO or the KEYINFO
* status lines. */
struct keypair_info_s
gpg: Add agent_scd_keyinfo to retrieve available card keys. * g10/call-agent.c (card_keyinfo_cb, agent_scd_free_keyinfo) (agent_scd_keyinfo): New. * g10/call-agent.h: Define new functions. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-01-16 05:01:46 +01:00
{
gpg: Rename the struct card_key_info_s. * g10/call-agent.h (struct card_key_info_s): Rename to ... (struct keypair_info_s): this. (keypair_info_t): New. Use this everywhere instead of card_key_info_s. * g10/call-agent.c (agent_scd_free_keyinfo): Rename to .. (free_keypair_info): this. Change all callers. -- The struct is also useful to store the data from KEYPAIRINFO status lines. Thus renaming it makes sense. A future patch will extend the struct. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-12 17:29:51 +01:00
struct keypair_info_s *next;
gpg: Changes to allow direct key generation from an OpenPGP card. * g10/call-agent.h (struct keypair_info_s): Add fields keytime and usage. * g10/call-agent.c (struct keypairinfo_cb_parm_s): New. (scd_keypairinfo_status_cb): Rework to store parsed KEYPAIRINFO data. (agent_scd_keypairinfo): Change accordingly. (agent_scd_readkey): Add arg ctrl and change callers. Change return arg from an strlist_t to a keypair_info_t. (readkey_status_cb): Use KEYPAIRINFO instead of KEY-TIME. * g10/keygen.c (pSUBKEYCREATIONDATE): New. (pAUTHKEYCREATIONDATE): New. (get_parameter_u32): Allow for new parameters. (do_create_from_keygrip): For card keys use direct scd call which does not create a stub file. (ask_algo): Rework to use the new keypair_info_t as return from agent_scd_keypairinfo. (parse_key_parameter_part): Likewise. Also get and return the key creation time using a arg. (parse_key_parameter_string): New args r_keytime and r_subkeytime. (parse_algo_usage_expire): New arg r_keytime. (proc_parameter_file): Ignore the explict pCREATIONDATE for card keys. (quickgen_set_para): New arg keytime. (quick_generate_keypair): Get the keytimes and set the pCARDKEY flag. (generate_keypair): Likewise. (do_generate_keypair): Implement the cardkey with keytime thingy. (generate_subkeypair): Use the keytime parameters. * g10/keygen.c (pAUTHKEYCREATIONDATE): New. Not yet set but may come handy later. (get_parameter_u32): Take care of that. (do_generate_keypair): For cardkeys sign with the current time. -- Key generation direct from the card used to work for all cards except the OpenPGP cards. The key generation from card using an OpenPGP card is special because the fingerprint is stored on the card and we must make sure that the newly created key has the same fingerprint. This requires that we take the key creation date as stored on the card into account. Along with the recent change in gpg-agent this change also fixes a problem with existing stub files. Note that with a key take from a card the self-signature are created with the current time and not the creation time. This allows to better distinguish keys created using the same card. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:03:59 +01:00
char keygrip[2 * KEYGRIP_LEN + 1]; /* Stored in hex. */
char *serialno; /* NULL or the malloced serialno. */
char *idstr; /* Malloced keyref (e.g. "OPENPGP.1") */
unsigned int usage; /* Key usage flags. */
u32 keytime; /* Key creation time from the card's DO. */
int algo; /* Helper to store the pubkey algo. */
gpg: Add agent_scd_keyinfo to retrieve available card keys. * g10/call-agent.c (card_keyinfo_cb, agent_scd_free_keyinfo) (agent_scd_keyinfo): New. * g10/call-agent.h: Define new functions. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-01-16 05:01:46 +01:00
};
gpg: Rename the struct card_key_info_s. * g10/call-agent.h (struct card_key_info_s): Rename to ... (struct keypair_info_s): this. (keypair_info_t): New. Use this everywhere instead of card_key_info_s. * g10/call-agent.c (agent_scd_free_keyinfo): Rename to .. (free_keypair_info): this. Change all callers. -- The struct is also useful to store the data from KEYPAIRINFO status lines. Thus renaming it makes sense. A future patch will extend the struct. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-12 17:29:51 +01:00
typedef struct keypair_info_s *keypair_info_t;
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
/* Release the card info structure. */
void agent_release_card_info (struct agent_card_info_s *info);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* Return card info. */
g10: Fix keytocard. g10/call-agent.h (agent_scd_learn): Add FORCE option. g10/call-agent.c (agent_scd_learn): Implement FORCE option. g10/keygen.c (gen_card_key): Follow the change of option. g10/card-util.c (change_pin, card_status, factory_reset): Likewise. g10/keyedit.c (keyedit_menu): Update private key storage by agent_scd_learn. -- This is not a perfect solution since there is a possibility user unplug card before quitting 'gpg --keyedit' session. Usually, it works well. GnuPG-bug-id: 1846
2015-04-03 10:39:59 +02:00
int agent_scd_learn (struct agent_card_info_s *info, int force);
gpg: Make card key generation work again. * g10/call-agent.c (agent_scd_learn): Rename from agent_learn. (agent_learn): New. * g10/keygen.c (gen_card_key): Call new agent-learn. -- Without a shadow key we can't create the self-signatures. Thus we need to issue the learn command after each key generation. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:09:04 +02:00
gpg: New card function agent_scd_keypairinfo. * g10/call-agent.c (scd_keypairinfo_status_cb) (agent_scd_keypairinfo): New. Taken from gpgsm. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-01 18:37:02 +02:00
/* Get the keypariinfo directly from scdaemon. */
gpg: Improve the code to decrypt using PIV cards. * g10/call-agent.c (agent_scd_keypairinfo): Add arg 'keyref'. * g10/keygen.c (ask_algo): Adjust. * g10/skclist.c (enum_secret_keys): Request the keyref directly. -- This improves commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4 to avoid looping over all keypairinfos. This way scdaemon does not need to compute all the keypairinfos for all keys of a card. This patch is possible due the enhanced READKEY command in scdaemon. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-03 17:45:35 +02:00
gpg_error_t agent_scd_keypairinfo (ctrl_t ctrl, const char *keyref,
gpg: Changes to allow direct key generation from an OpenPGP card. * g10/call-agent.h (struct keypair_info_s): Add fields keytime and usage. * g10/call-agent.c (struct keypairinfo_cb_parm_s): New. (scd_keypairinfo_status_cb): Rework to store parsed KEYPAIRINFO data. (agent_scd_keypairinfo): Change accordingly. (agent_scd_readkey): Add arg ctrl and change callers. Change return arg from an strlist_t to a keypair_info_t. (readkey_status_cb): Use KEYPAIRINFO instead of KEY-TIME. * g10/keygen.c (pSUBKEYCREATIONDATE): New. (pAUTHKEYCREATIONDATE): New. (get_parameter_u32): Allow for new parameters. (do_create_from_keygrip): For card keys use direct scd call which does not create a stub file. (ask_algo): Rework to use the new keypair_info_t as return from agent_scd_keypairinfo. (parse_key_parameter_part): Likewise. Also get and return the key creation time using a arg. (parse_key_parameter_string): New args r_keytime and r_subkeytime. (parse_algo_usage_expire): New arg r_keytime. (proc_parameter_file): Ignore the explict pCREATIONDATE for card keys. (quickgen_set_para): New arg keytime. (quick_generate_keypair): Get the keytimes and set the pCARDKEY flag. (generate_keypair): Likewise. (do_generate_keypair): Implement the cardkey with keytime thingy. (generate_subkeypair): Use the keytime parameters. * g10/keygen.c (pAUTHKEYCREATIONDATE): New. Not yet set but may come handy later. (get_parameter_u32): Take care of that. (do_generate_keypair): For cardkeys sign with the current time. -- Key generation direct from the card used to work for all cards except the OpenPGP cards. The key generation from card using an OpenPGP card is special because the fingerprint is stored on the card and we must make sure that the newly created key has the same fingerprint. This requires that we take the key creation date as stored on the card into account. Along with the recent change in gpg-agent this change also fixes a problem with existing stub files. Note that with a key take from a card the self-signature are created with the current time and not the creation time. This allows to better distinguish keys created using the same card. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:03:59 +01:00
keypair_info_t *r_list);
gpg: New card function agent_scd_keypairinfo. * g10/call-agent.c (scd_keypairinfo_status_cb) (agent_scd_keypairinfo): New. Taken from gpgsm. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-01 18:37:02 +02:00
agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 06:32:51 +01:00
/* Return list of cards. */
int agent_scd_cardlist (strlist_t *result);
gpg: Rename the struct card_key_info_s. * g10/call-agent.h (struct card_key_info_s): Rename to ... (struct keypair_info_s): this. (keypair_info_t): New. Use this everywhere instead of card_key_info_s. * g10/call-agent.c (agent_scd_free_keyinfo): Rename to .. (free_keypair_info): this. Change all callers. -- The struct is also useful to store the data from KEYPAIRINFO status lines. Thus renaming it makes sense. A future patch will extend the struct. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-12 17:29:51 +01:00
/* Free a keypair info list. */
void free_keypair_info (keypair_info_t l);
gpg: Add agent_scd_keyinfo to retrieve available card keys. * g10/call-agent.c (card_keyinfo_cb, agent_scd_free_keyinfo) (agent_scd_keyinfo): New. * g10/call-agent.h: Define new functions. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-01-16 05:01:46 +01:00
/* Return card key information. */
gpg_error_t agent_scd_keyinfo (const char *keygrip, int cap,
gpg: Rename the struct card_key_info_s. * g10/call-agent.h (struct card_key_info_s): Rename to ... (struct keypair_info_s): this. (keypair_info_t): New. Use this everywhere instead of card_key_info_s. * g10/call-agent.c (agent_scd_free_keyinfo): Rename to .. (free_keypair_info): this. Change all callers. -- The struct is also useful to store the data from KEYPAIRINFO status lines. Thus renaming it makes sense. A future patch will extend the struct. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-12 17:29:51 +01:00
keypair_info_t *result);
gpg: Add agent_scd_keyinfo to retrieve available card keys. * g10/call-agent.c (card_keyinfo_cb, agent_scd_free_keyinfo) (agent_scd_keyinfo): New. * g10/call-agent.h: Define new functions. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-01-16 05:01:46 +01:00
agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 06:32:51 +01:00
/* Return the serial number, possibly select by DEMAND. */
int agent_scd_serialno (char **r_serialno, const char *demand);
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
/* Send an APDU to the card. */
gpg_error_t agent_scd_apdu (const char *hexapdu, unsigned int *r_sw);
gpg: Allow decryption using PIV cards. * g10/call-agent.c (struct getattr_one_parm_s): New. (getattr_one_status_cb): New. (agent_scd_getattr_one): New. * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from pkcs#1. * g10/skclist.c (enum_secret_keys): Handle non-OpenPGP cards. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-03 15:30:10 +02:00
/* Get attribute NAME from the card and store at R_VALUE. */
gpg_error_t agent_scd_getattr_one (const char *name, char **r_value);
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
/* Update INFO with the attribute NAME. */
int agent_scd_getattr (const char *name, struct agent_card_info_s *info);
gpg: Implement card_store_subkey again. * g10/call-agent.h (agent_keytocard): New. * g10/call-agent.c (agent_keytocard): New. * g10/card-util.c (replace_existing_key_p): Returns 1 when replace. (card_generate_subkey): Check return value of replace_existing_key_p. (card_store_subkey): Implement again using agent_keytocard.
2013-02-06 06:01:23 +01:00
/* Send the KEYTOCARD command. */
int agent_keytocard (const char *hexgrip, int keyno, int force,
const char *serialno, const char *timestamp);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* Send a SETATTR command to the SCdaemon. */
gpg: Remove unused arg in a card related function. * g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-01 18:12:35 +02:00
gpg_error_t agent_scd_setattr (const char *name,
const void *value, size_t valuelen);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
/* Send a WRITECERT command to the SCdaemon. */
int agent_scd_writecert (const char *certidstr,
const unsigned char *certdata, size_t certdatalen);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* Send a GENKEY command to the SCdaemon. */
g10: smartcard keygen change. * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out argument. (agent_readkey): Use READKEY --card instead of SCD READKEY. * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent to retrieve public key information from card and let the agent make a file for private key with shadow info. -- This change removes gpg's KEY-DATA handling for SCD GENKEY. Information with KEY-DATA is simply not used. Instead, it is read by READKEY --card command of gpg-agent. This can consolidate public key handling in a single method by READKEY. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 06:30:47 +02:00
int agent_scd_genkey (int keyno, int force, u32 *createtime);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
gpg: Allow direct key generation from card with --full-gen-key. * g10/call-agent.c (agent_scd_readkey): New. * g10/keygen.c (ask_key_flags): Factor code out to .. (ask_key_flags_with_mask): new. (ask_algo): New mode 14. -- Note that this new menu 14 is always displayed. The usage flags can be changed only in --expert mode, though. Creating and using signing keys works but decryption does not yet work; we will need to tweak a couple of other places for that. Tested with a Yubikey's PIV app. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 18:57:09 +02:00
/* Send a READCERT command to the SCdaemon. */
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
int agent_scd_readcert (const char *certidstr,
void **r_buf, size_t *r_buflen);
gpg: Allow direct key generation from card with --full-gen-key. * g10/call-agent.c (agent_scd_readkey): New. * g10/keygen.c (ask_key_flags): Factor code out to .. (ask_key_flags_with_mask): new. (ask_algo): New mode 14. -- Note that this new menu 14 is always displayed. The usage flags can be changed only in --expert mode, though. Creating and using signing keys works but decryption does not yet work; we will need to tweak a couple of other places for that. Tested with a Yubikey's PIV app. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 18:57:09 +02:00
/* Send a READKEY command to the SCdaemon. */
gpg: Changes to allow direct key generation from an OpenPGP card. * g10/call-agent.h (struct keypair_info_s): Add fields keytime and usage. * g10/call-agent.c (struct keypairinfo_cb_parm_s): New. (scd_keypairinfo_status_cb): Rework to store parsed KEYPAIRINFO data. (agent_scd_keypairinfo): Change accordingly. (agent_scd_readkey): Add arg ctrl and change callers. Change return arg from an strlist_t to a keypair_info_t. (readkey_status_cb): Use KEYPAIRINFO instead of KEY-TIME. * g10/keygen.c (pSUBKEYCREATIONDATE): New. (pAUTHKEYCREATIONDATE): New. (get_parameter_u32): Allow for new parameters. (do_create_from_keygrip): For card keys use direct scd call which does not create a stub file. (ask_algo): Rework to use the new keypair_info_t as return from agent_scd_keypairinfo. (parse_key_parameter_part): Likewise. Also get and return the key creation time using a arg. (parse_key_parameter_string): New args r_keytime and r_subkeytime. (parse_algo_usage_expire): New arg r_keytime. (proc_parameter_file): Ignore the explict pCREATIONDATE for card keys. (quickgen_set_para): New arg keytime. (quick_generate_keypair): Get the keytimes and set the pCARDKEY flag. (generate_keypair): Likewise. (do_generate_keypair): Implement the cardkey with keytime thingy. (generate_subkeypair): Use the keytime parameters. * g10/keygen.c (pAUTHKEYCREATIONDATE): New. Not yet set but may come handy later. (get_parameter_u32): Take care of that. (do_generate_keypair): For cardkeys sign with the current time. -- Key generation direct from the card used to work for all cards except the OpenPGP cards. The key generation from card using an OpenPGP card is special because the fingerprint is stored on the card and we must make sure that the newly created key has the same fingerprint. This requires that we take the key creation date as stored on the card into account. Along with the recent change in gpg-agent this change also fixes a problem with existing stub files. Note that with a key take from a card the self-signature are created with the current time and not the creation time. This allows to better distinguish keys created using the same card. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:03:59 +01:00
gpg_error_t agent_scd_readkey (ctrl_t ctrl, const char *keyrefstr,
gpg: Improve key creation direct from the card. * g10/call-agent.c (readkey_status_cb): New. (agent_scd_readkey): Add new arg r_keytime and allow NULL for r_result. Change all callers. (agent_readkey): Minor code reformatting. * g10/keygen.c (pCARDKEY): New. (struct para_data_s): Add u.bool. (get_parameter_bool): New. (do_create_from_keygrip): Add arg cardkey and make use of it. (ask_algo): Add args r_cardkey and r_keytime. Read the keytime of the selected card key and return it. (generate_keypair): Store CARDKEY and KEYTIME. (do_generate_keypair): Pass CARDKEY to do_create_from_keygrip. (generate_subkeypair): Ditto. -- This allows to first create keys on the card (e.g. using gpg-card) even without having any public key for OpenPGP. Then the key generation option 14 (cardkey) can be used to create a primary OpenPGP key from the key on the card. There are still a couple of problems related to the agent which creates the stub key and may run into problems if creating a second key from the card. This will be fixed in a future patch. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-11 20:51:33 +01:00
gcry_sexp_t *r_result, u32 *r_keytime);
gpg: Allow direct key generation from card with --full-gen-key. * g10/call-agent.c (agent_scd_readkey): New. * g10/keygen.c (ask_key_flags): Factor code out to .. (ask_key_flags_with_mask): new. (ask_algo): New mode 14. -- Note that this new menu 14 is always displayed. The usage flags can be changed only in --expert mode, though. Creating and using signing keys works but decryption does not yet work; we will need to tweak a couple of other places for that. Tested with a Yubikey's PIV app. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 18:57:09 +02:00
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
/* Change the PIN of an OpenPGP card or reset the retry counter. */
g10/ does build again.
2006-05-23 18:19:43 +02:00
int agent_scd_change_pin (int chvno, const char *serialno);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
* card-util.c (card_edit): New command "passwd". Add logic to check the PIN in advance. (card_status): Add new args to return the serial number. Changed all callers. * call-agent.c (agent_scd_checkpin): New.
2003-10-21 19:12:21 +02:00
/* Send the CHECKPIN command to the SCdaemon. */
int agent_scd_checkpin (const char *serialno);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
/* Send the GET_PASSPHRASE command to the agent. */
gpg_error_t agent_get_passphrase (const char *cache_id,
const char *err_msg,
const char *prompt,
const char *desc_msg,
Move password repetition from gpg to gpg-agent.
2009-03-17 13:13:32 +01:00
int repeat,
Made card key generate with backup key work for 2048 bit. Improved card key generation prompts.
2009-05-15 21:26:46 +02:00
int check,
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
char **r_passphrase);
/* Send the CLEAR_PASSPHRASE command to the agent. */
gpg_error_t agent_clear_passphrase (const char *cache_id);
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
/* Present the prompt DESC and ask the user to confirm. */
gpg_error_t gpg_agent_get_confirmation (const char *desc);
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
/* Return the S2K iteration count as computed by gpg-agent. */
gpg: Move S2K encoding function to a shared file. * g10/passphrase.c (encode_s2k_iterations): Move function to ... * common/openpgp-s2k.c: new file. Remove default intialization code. * common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy. * g10/call-agent.c (agent_get_s2k_count): Change to return the count and print an error. * agent/protect.c: Include openpgpdefs.h * g10/card-util.c (gen_kdf_data): Adjust for changes * g10/gpgcompose.c: Include call-agent.h. (sk_esk): Adjust for changes. * g10/passphrase (passphrase_to_dek): Adjust for changes. * g10/main.h (S2K_DECODE_COUNT): Remove macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-26 23:10:38 +01:00
unsigned long agent_get_s2k_count (void);
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
/* Check whether a secret key for public key PK is available. Returns
gpg: Prepare enhancement of agent_probe_secret_key. * g10/call-agent.c (agent_probe_secret_key): Change semantics of return value. * g10/call-agent.h (agent_probe_secret_key): Change comment. * g10/delkey.c (do_delete_key): Follow the change. * g10/getkey.c (get_seckey, parse_def_secret_key): Likewise. (finish_lookup, have_secret_key_with_kid): Likewise. * g10/gpgv.c (agent_probe_secret_key): Likewise. * g10/keyedit.c (keyedit_menu, quick_find_keyblock): Likewise. (show_key_with_all_names_colon): Likewise. * g10/revoke.c (gen_desig_revoke, gen_revoke): Likewise * g10/test-stubs.c (agent_probe_secret_key): Likewise. -- GnuPG-bug-id: 3416 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-01-17 07:11:02 +01:00
0 if not available, positive value if the secret key is available. */
int agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
Spelling cleanup. No functional changes, just fixing minor spelling issues. --- Most of these were identified from the command line by running: codespell \ --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \ --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \ doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \ NEWS README README.maint TODO Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 15:34:42 +01:00
/* Ask the agent whether a secret key is available for any of the
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
keys (primary or sub) in KEYBLOCK. Returns 0 if available. */
gpg_error_t agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
/* Return infos about the secret key with HEXKEYGRIP. */
gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
char **r_serialno, int *r_cleartext);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
/* Generate a new key. */
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
gpg_error_t agent_genkey (ctrl_t ctrl,
char **cache_nonce_addr, char **passwd_nonce_addr,
All tests work are again working
2010-10-14 18:34:31 +02:00
const char *keyparms, int no_protection,
gpg: Re-enable the "Passphrase" parameter for batch key generation. * agent/command.c (cmd_genkey): Add option --inq-passwd. * agent/genkey.c (agent_genkey): Add new arg override_passphrase. * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. (agent_genkey): Add arg optional arg "passphrase". * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) (gen_rsa, do_create): Add arg "passphrase" and pass it through. (do_generate_keypair): Make use of pPASSPHRASE. (release_parameter_list): Wipe out a passphrase parameter. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
const char *passphrase,
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gcry_sexp_t *r_pubkey);
gpg: Improve key creation direct from the card. * g10/call-agent.c (readkey_status_cb): New. (agent_scd_readkey): Add new arg r_keytime and allow NULL for r_result. Change all callers. (agent_readkey): Minor code reformatting. * g10/keygen.c (pCARDKEY): New. (struct para_data_s): Add u.bool. (get_parameter_bool): New. (do_create_from_keygrip): Add arg cardkey and make use of it. (ask_algo): Add args r_cardkey and r_keytime. Read the keytime of the selected card key and return it. (generate_keypair): Store CARDKEY and KEYTIME. (do_generate_keypair): Pass CARDKEY to do_create_from_keygrip. (generate_subkeypair): Ditto. -- This allows to first create keys on the card (e.g. using gpg-card) even without having any public key for OpenPGP. Then the key generation option 14 (cardkey) can be used to create a primary OpenPGP key from the key on the card. There are still a couple of problems related to the agent which creates the stub key and may run into problems if creating a second key from the card. This will be fixed in a future patch. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-11 20:51:33 +01:00
/* Read a public key. FROMCARD may be 0, 1, or 2. */
Allow creating subkeys using an existing key This works by specifying the keygrip instead of an algorithm (section number 13) and requires that the option -expert has been used. It will be easy to extend this to the primary key.
2011-11-06 17:01:31 +01:00
gpg_error_t agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
unsigned char **r_pubkey);
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
/* Create a signature. */
Even less prompts for a new key now.
2010-09-01 14:49:05 +02:00
gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce,
const char *hexkeygrip, const char *desc,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
u32 *keyid, u32 *mainkeyid, int pubkey_algo,
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
unsigned char *digest, size_t digestlen,
int digestalgo,
gcry_sexp_t *r_sigval);
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
/* Decrypt a ciphertext. */
gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
u32 *keyid, u32 *mainkeyid, int pubkey_algo,
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
gcry_sexp_t s_ciphertext,
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
unsigned char **r_buf, size_t *r_buflen,
int *r_padding);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
/* Retrieve a key encryption key. */
gpg_error_t agent_keywrap_key (ctrl_t ctrl, int forexport,
void **r_kek, size_t *r_keklen);
/* Send a key to the agent. */
gpg_error_t agent_import_key (ctrl_t ctrl, const char *desc,
g10: Use --force when importing key for bkuptocard. * g10/call-agent.c (agent_import_key): Add an argument FORCE. * g10/import.c (transfer_secret_keys): Likewise. (import_secret_one): Call transfer_secret_keys with FORCE=0. * g10/keyedit.c (keyedit_menu): Call with FORCE=1.
2015-12-24 06:15:58 +01:00
char **cache_nonce_addr, const void *key,
g10: Make sure to emit NEED_PASSPHRASE on --import of secret key. * call-agent.h (agent_import_key): Add keyid parameters. * call-agent.c (agent_import_key): Set keyid parameters. * import.c (transfer_secret_keys): Pass keyid parameters. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2667
2017-07-24 17:18:42 +02:00
size_t keylen, int unattended, int force,
card: Display if KDF is enabled or not. * g10/call-agent.h (kdf_do_enabled): New field. * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available. * g10/card-util.c (current_card_status): Inform the availability. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-15 04:19:02 +01:00
u32 *keyid, u32 *mainkeyid, int pubkey_algo);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
/* Receive a key from the agent. */
gpg_error_t agent_export_key (ctrl_t ctrl, const char *keygrip,
g10: Add openpgp_protected flag to agent secret key export functions * g10/call-agent.c, g10/call-agent.h (agent_export_key): Add openpgp_protected flag. * g10/export.c (receive_seckey_from_agent): Request openpgp_protected secret keys from agent. * agent/command.c (hlp_export_key): EXPORT_KEY help text: add a brief description of the effect of --openpgp. -- The --openpgp flag for gpg-agent's EXPORT_KEY actually forces encryption in a certain (RFC 4880-compatible format). This changeset exposes that functionality in internal functions, and clarifies functionality in the agent's help text. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:34 +02:00
const char *desc, int openpgp_protected,
char **cache_nonce_addr,
g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key. * call-agent.h (agent_export_key): Add keyid parameters. * call-agent.c (agent_export_key): Set keyid parameters. * export.c (receive_seckey_from_agent): Pass keyid parameters. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2667
2017-07-24 16:03:25 +02:00
unsigned char **r_result, size_t *r_resultlen,
card: Display if KDF is enabled or not. * g10/call-agent.h (kdf_do_enabled): New field. * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available. * g10/card-util.c (current_card_status): Inform the availability. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-15 04:19:02 +01:00
u32 *keyid, u32 *mainkeyid, int pubkey_algo);
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
/* Delete a key from the agent. */
gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip,
gpg: Allow unattended deletion of secret keys. * agent/command.c (cmd_delete_key): Make the --force option depend on --disallow-loopback-passphrase. * g10/call-agent.c (agent_delete_key): Add arg FORCE. * g10/delkey.c (do_delete_key): Pass opt.answer_yes to agent_delete_key. -- Unless the agent has been configured with --disallow-loopback-passpharse an unattended deletion of a secret key is now possible with gpg by using --batch _and_ --yes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
const char *desc, int force);
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
/* Change the passphrase of a key. */
gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
int verify,
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
char **cache_nonce_addr, char **passwd_nonce_addr);
gpg: Check gpg-agent version before 2.1 migration. * g10/call-agent.c, g10/call-agent.h (agent_get_version): New. * g10/migrate.c (migrate_secring): Abort migration if agent_get_version returns not at least 2.1.0 -- GnuPG-bug-id: 1718 On the first installation of GnuPG 2.1 it is likely that an old gpg-agent is still running in the environment. In that case the migration would fail. Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2014-09-19 19:38:13 +02:00
/* Get the version reported by gpg-agent. */
gpg_error_t agent_get_version (ctrl_t ctrl, char **r_version);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
#endif /*GNUPG_G10_CALL_AGENT_H*/