security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10/options.h

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

468 lines
16 KiB
C
Raw Normal View History

This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* options.h
Ported changes from 1.4. Add copyright notices.
2007-10-25 11:06:21 +02:00
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
* 2007, 2010, 2011 Free Software Foundation, Inc.
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
* Copyright (C) 2015 g10 Code GmbH
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* the Free Software Foundation; either version 3 of the License, or
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*/
#ifndef G10_OPTIONS_H
#define G10_OPTIONS_H
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#include <sys/types.h>
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/types.h"
gpg: New option --input-size-hint. * g10/options.h: Include stdint.h. (struct opt): Add field 'input_size_hint'. * g10/gpg.c (oInputSizeHint): New. (opts): Add --input-size-hint. (main): Set opt.input_size_hint. * g10/progress.c (write_status_progress): Use the hint. -- This is a prerequisite to fix GnuPG-bug-id: 2368 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-11 21:31:12 +02:00
#include <stdint.h>
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#include "main.h"
#include "packet.h"
gpg: Use the proper type. * g10/options.h: Include "tofu.h". (opt.tofu_default_policy): Change type to enum tofu_policy. * g10/gpgv.c (enum tofu_policy): Don't redeclare. * g10/test-stubs.c (enum tofu_policy): Likewise. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 20:24:27 +02:00
#include "tofu.h"
Reworked passing of envars to Pinentry.
2009-07-07 12:02:41 +02:00
#include "../common/session-env.h"
gpg,common: Move the compliance framework. * common/Makefile.am (common_sources): Add new files. * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here, and tweak it to not rely on types private to gpg. * common/compliance.h: New file. Move the compliance enum here. * g10/keylist.c (print_compliance_flags): Adapt callsite. * g10/main.h (gnupg_pk_is_compliant): Remove prototype. * g10/misc.c (gnupg_pk_is_compliant): Remove function. * g10/options.h (opt): Use the new compliance enum. * sm/keylist.c (print_compliance_flags): Use the common functions. Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-31 14:33:45 +02:00
#include "../common/compliance.h"
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg,sm: Simplify keyserver spec parsing. * common/keyserver.h: Remove. * sm/gpgsm.h (struct keyserver_spec): Remove. (opt): Change keyserver to a strlist_t. * sm/gpgsm.c (keyserver_list_free): Remove. (parse_keyserver_line): Remove. (main): Store keyserver in an strlist. * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid an ambiguity in dirmngr by adding a prefix if needed. * g10/options.h (struct keyserver_spec): Move definition from keyserver.h to here. Remove most fields. * g10/keyserver.c (free_keyserver_spec): Adjust. (cmp_keyserver_spec): Adjust. (parse_keyserver_uri): Simplify. (keyidlist): Remove fakev3 arg which does not make any sense because we don't even support v3 keys. -- We now rely on the dirmngr to parse the keyserver specs. Thus a bad specification will not be caught immediately. However, even before that dirmngr had stricter tests. Signed-off-by: Werner Koch <wk@gnupg.org> Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
2021-05-26 14:28:26 +02:00
/* Object to hold information pertaining to a keyserver; it also
allows building a list of keyservers. For historic reasons this is
not a strlist_t. */
struct keyserver_spec
{
struct keyserver_spec *next;
char *uri;
};
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
typedef struct keyserver_spec *keyserver_spec_t;
/* Global options for GPG. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
EXTERN_UNLESS_MAIN_MODULE
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
struct
{
int verbose;
int quiet;
unsigned debug;
int armor;
char *outfile;
Change stack size for Wince. Allow for a longer agent atartup under wince. Print gpg output via estream.
2010-11-23 19:46:41 +01:00
estream_t outfp; /* Hack, sometimes used in place of outfile. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
off_t max_output;
gpg: New option --input-size-hint. * g10/options.h: Include stdint.h. (struct opt): Add field 'input_size_hint'. * g10/gpg.c (oInputSizeHint): New. (opts): Add --input-size-hint. (main): Set opt.input_size_hint. * g10/progress.c (write_status_progress): Use the hint. -- This is a prerequisite to fix GnuPG-bug-id: 2368 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-11 21:31:12 +02:00
/* If > 0 a hint with the expected number of input data bytes. This
* is not necessary an exact number but intended to be used for
* progress info and to decide on how to allocate buffers. */
uint64_t input_size_hint;
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
/* The AEAD chunk size expressed as a power of 2. */
int chunk_size;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int dry_run;
Add option --no-autostart. * g10/gpg.c: Add option --no-autostart. * sm/gpgsm.c: Ditto. * g10/options.h (opt): Add field autostart. * sm/gpgsm.h (opt): Ditto. * g10/call-agent.c (start_agent): Print note if agent was not autostarted. * sm/call-agent.c (start_agent): Ditto. * g10/call-dirmngr.c (create_context): Likewise. * sm/call-dirmngr.c (start_dirmngr_ext): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
int autostart;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int list_only;
gpg: New option --mimemode. * g10/gpg.c (oMimemode): New. (opts): Add --mimemode. (main): Use --mimemode only in rfc4880bis compliance mode. * g10/options.h (struct opt): Add field "mimemode". * g10/build-packet.c (do_plaintext): Allow for mode 'm'. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested. * g10/plaintext.c (handle_plaintext): Handle 'm' mode. * g10/sign.c (write_plaintext_packet): Handle 'm' mode. (sign_file, sign_symencrypt_file): Use 'm' if requested. -- Thsi patch prepares for a proposed change in RFC4880bis to support a MIME flag. A literal data packet with the mime flag set is handled like a 't' or 'u' but CR are not removed. The PLAINTEXT status line will also indicate a MIME content. If --mimemode is used without --rfc4880bis 't' will be used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 13:31:12 +02:00
int mimemode;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int textmode;
int expert;
const char *def_sig_expire;
int ask_sig_expire;
const char *def_cert_expire;
int ask_cert_expire;
int batch; /* run in batch mode */
int answer_yes; /* answer yes on most questions */
int answer_no; /* answer no on most questions */
int check_sigs; /* check key signatures */
int with_colons;
int with_key_data;
gpg: Add option to print fingerprints in ICAO spelling. * g10/gpg.c: Add option --with-icao-spelling. * g10/options.h (struct opt): Add with_icao_spelling. * g10/keylist.c (print_icao_hexdigit): New. (print_fingerprint): Print ICAO spelling. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-23 17:54:05 +01:00
int with_icao_spelling; /* Print ICAO spelling with fingerprints. */
gpg: Add option --with-v5-fingerprint * g10/gpg.c (oWithV5Fingerprint): New. (opts): Add new option. (main): Set option. * g10/options.h (opt): Add with_v5_fingerprint. * g10/keyid.c (hash_public_key): Factor out to ... (do_hash_public_key): this. Add new arg to foce v5 style hashing. (v5_fingerprint_from_pk): New. (v5hexfingerprint): New. * g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys if the option is set. -- GnuPG-bug-id: 6705
2023-09-04 16:34:55 +02:00
int with_v5_fingerprint; /* Option --with-v5-fingerprint active. */
Add new option --with-keygrip
2010-10-08 13:11:08 +02:00
int with_fingerprint; /* Option --with-fingerprint active. */
gpg: Add option --with-subkey-fingerprint. * g10/gpg.c (oWithSubkeyFingerprint): New. (opts): Add --with-subkey-fingerprint[s]. (main): Set that option. * g10/options.h (struct opt): Add 'with_subkey_fingerprint'. * g10/keylist.c (list_keyblock_print): Print subkey fingerprint. (print_fingerprint): Tweak printing to use compact format if desirable. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 16:55:03 +02:00
int with_subkey_fingerprint; /* Option --with-subkey-fingerprint active. */
Add new option --with-keygrip
2010-10-08 13:11:08 +02:00
int with_keygrip; /* Option --with-keygrip active. */
gpg,sm: New option --with-key-screening. * common/pkscreening.c: New. * common/pkscreening.h: New. * common/Makefile.am (common_sources): Add them. * g10/gpg.c (opts): New option --with-key-screening. * g10/options.h (struct opt): New field with_key_screening. * g10/keylist.c: Include pkscreening.h. (print_pk_screening): New. (list_keyblock_print): Call it. (print_compliance_flags): Call it. * sm/gpgsm.c (opts): New option --with-key-screening. * sm/gpgsm.h (scruct opt): New field with_key_screening. * sm/keylist.c: Include pkscreening.h. (print_pk_screening): New. (print_compliance_flags): Call it. Add new arg cert. (list_cert_colon): Pass arg cert (list_cert_std): Call print_pk_screening. * sm/fingerprint.c (gpgsm_get_rsa_modulus): New. -- This new option can be used to detect ROCA affected keys. To scan an entire keyring and print the affected fingerprints use this: gpg -k --with-key-screening --with-colons | gawk -F: \ '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next}; $1=="fpr" && found {print $10}; {found=0}' The same works for gpgsm. Note that we need gawk due to the "\<" in the r.e. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-17 21:10:19 +02:00
int with_key_screening;/* Option --with-key-screening active. */
gpg: New option --with-tofu-info. * g10/gpg.c (oWithTofuInfo): New. (opts): Add --with-tofu-info. (main): Set opt.with_tofu_info. * g10/options.h (struct opt): Add field WITH_TOFU_INFO. * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter special mode if not NULL. Change all callers. (tofu_write_tfs_record): New. * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as part of the "uid" record. Print a new "tfs" record if the new option is set. * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record. -- A separate option is required to avoid slowing down key listings. Foer example the current code takes for a keylisting in tofu+pgp mode 17 seconds while it takes more than 5 minutes if the option is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 09:26:36 +02:00
int with_tofu_info; /* Option --with-tofu_info active. */
Add new option --with-secret. * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass.
2014-06-03 21:35:59 +02:00
int with_secret; /* Option --with-secret active. */
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash. * g10/getkey.c (parse_auto_key_locate): Add method "wkd". (get_pubkey_byname): Implement that method. Also rename a variable. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. * g10/keyserver.c (keyserver_import_wkd): New. * g10/test-stubs.c (keyserver_import_wkd): Add stub. * g10/gpgv.c (keyserver_import_wkd): Ditto. * g10/options.h (opt): Add field 'with_wkd_hash'. (AKL_WKD): New. * g10/gpg.c (oWithWKDHash): New. (opts): Add option --with-wkd-hash. (main): Set that option. * g10/keylist.c (list_keyblock_print): Implement that option. -- The Web Key Directory is an experimental feature to retrieve a key via https. It is similar to OpenPGP DANE but also uses an encryption to reveal less information about a key lookup. For example the URI to lookup the key for Joe.Doe@Example.ORG is: https://example.org/.well-known/openpgpkey/ hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q (line has been wrapped for rendering purposes). The hash is a z-Base-32 encoded SHA-1 hash of the mail address' local-part. The address wk@gnupg.org can be used for testing. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-27 08:34:29 +02:00
int with_wkd_hash; /* Option --with-wkd-hash. */
gpg: New option --with-key-origin. * g10/getkey.c (parse_key_origin): Factor list out as ... (key_origin_list): new struct. (key_origin_string): New. * g10/gpg.c (oWithKeyOrigin): New const. (opts): New option --with-key-origin. (main): Implement option. * g10/options.h (struct opt): New flag with_key_origin. * g10/keylist.c (list_keyblock_print): Print key origin info. (list_keyblock_colon): Ditto.
2017-07-20 17:27:48 +02:00
int with_key_origin; /* Option --with-key-origin. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int fingerprint; /* list fingerprints */
int list_sigs; /* list signatures */
int no_armor;
g10: Fix --list-packets. * g10/gpg.c (main): Call set_packet_list_mode after assignment of opt.list_packets. * g10/mainproc.c (do_proc_packets): Don't stop processing with --list-packets as the comment says. * g10/options.h (list_packets): Fix the comment. * g10/parse-packet.c: Fix the condition for opt.list_packets. -- Debian-bug-id: 828109 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-28 08:56:48 +02:00
int list_packets; /* Option --list-packets active. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int def_cipher_algo;
int force_mdc;
int disable_mdc;
gpg: New option --force-aead * g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric into single bit vars. Make sure they are always set to 1 or 0. (DEK): New field use_aead. * g10/options.h (struct opt): New field force_aead. * g10/pkclist.c (select_aead_from_pklist): New. * g10/gpg.c (oForceAEAD): New const. (opts): New options "--force-aead". (main): Set new option. * g10/encrypt.c (use_aead): New. (encrypt_simple): Implement new flags DEK.use_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. -- This patch should be enough to detect whether AEAD can be used. Not tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:07:11 +01:00
int force_aead;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int def_digest_algo;
int cert_digest_algo;
int compress_algo;
gpg: Detect already compressed data also when using a pipe. * common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature. (file_filter): Implement peeking. (iobuf_ioctl): Add new IOBUF_IOCTL_PEEK. * common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New. * common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF. * g10/encrypt.c (encrypt_simple): Peek before detecting compression. (encrypt_crypt): Ditto. * g10/sign.c (sign_file): Also detect already compressed data. * g10/options.h (opt): Add explicit_compress_option. * g10/gpg.c (main): Set opt.explicit_compress_option for -z. -- Note that this patch also introduces a compression check for signing which was never done in the past. GnuPG-bug-id: 6332
2023-01-18 18:04:50 +01:00
int explicit_compress_option; /* A compress option was explicitly given. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int compress_level;
int bz2_compress_level;
int bz2_decompress_lowmem;
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
strlist_t def_secret_key;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
char *def_recipient;
int def_recipient_self;
More agent support for gpg.
2010-10-13 17:57:08 +02:00
strlist_t secret_keys_to_try;
gpg: New option --sender * g10/options.h (struct opt): Add field 'sender_list'. * g10/gpg.c: Include mbox-util.h. (oSender): New. (opts): Add option "--sender". (main): Parse option. -- This option will eventually be used for more advanced purposes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 10:08:34 +02:00
/* A list of mail addresses (addr-spec) provided by the user with
* the option --sender. */
strlist_t sender_list;
gpg: New option --add-desig-revoker * g10/gpg.c (oAddDesigRevoker): New. (opts): Add new option. * g10/options.h (opt): Add field desig_revokers. * g10/keygen.c (get_parameter_idx): New. (get_parameter): Make use of get_parameter_idx. (prepare_desig_revoker): New. (get_parameter_revkey): Add arg idx. (proc_parameter_file): Add designated revokers. (do_generate_keypair): Write all designated revokers.
2023-02-16 18:09:22 +01:00
/* A list of fingerprints added as designated revokers to new keys. */
strlist_t desig_revokers;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int def_cert_level;
int min_cert_level;
int ask_cert_level;
gpg: Change armor Version header to emit only the major version. * g10/options.h (opt): Rename field no_version to emit_version. * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version to bump up opt.emit_version. * g10/armor.c (armor_filter): Implement different --emit-version values. -- GnuPG-bug-id: 1572 Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-27 09:20:02 +01:00
int emit_version; /* 0 = none,
1 = major only,
2 = major and minor,
3 = full version,
4 = full version plus OS string. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int marginals_needed;
int completes_needed;
int max_cert_depth;
Allow tilde expansion for the foo-program options. * agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try for opt.pinentry_program. Change definition accordingly. * g10/gpg.c (main): Use make_filename for agent_program, dirmngr_program, and keyboxd_program. Change definition accordingly. * sm/gpgsm.c (main): Ditto. * tools/gpg-card.c (parse_arguments): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpg-wks-client.c (parse_arguments): Likewise. Do it also for option --output. (process_confirmation_request): Print a note for a successful sent. -- GnuPG-bug-id: 7017
2024-02-27 10:35:46 +01:00
char *agent_program;
char *keyboxd_program;
char *dirmngr_program;
gpg: Add option '--disable-dirmngr'. * doc/gpg.texi: Document new option. * g10/call-dirmngr.c (create_context): Fail if option is given. * g10/gpg.c (cmd_and_opt_values): New value. (opts): New option. (gpgconf_list): Add new option. (main): Handle new option. * g10/options.h (struct opt): New field 'disable_dirmngr'. * tools/gpgconf-comp.c (gc_options_gpg): New option. GnuPG-bug-id: 3334 Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-08 11:43:22 +02:00
int disable_dirmngr;
Reworked passing of envars to Pinentry.
2009-07-07 12:02:41 +02:00
gpg: New option --default-new-key-algo. * common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg R_ALGO and change all callers. * common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code. * g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO. * g10/gpg.c (oDefaultNewKeyAlgo): New enum. (opts): New option "--default-new-key-algo". (main): Set the option. * g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace them by ... (DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants. (get_keysize_range): Remove arg R_DEF and return that value instead. Change all callers. (gen_rsa): Use get_keysize_range instead of the removed DEFAULT_STD_KEYSIZE. (parse_key_parameter_part): New function. (parse_key_parameter_string): New function. (quick_generate_keypair): Refactor using parse_key_parameter_string. (generate_keypair): Ditto. (parse_algo_usage_expire): Ditto. -- This new option is intended to be used in the forthcoming --set-profile command of gpgconf. It allows to provide a gpg configuration with custom defaults for a new key using the simple commands which use the default algorithm set. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:43:36 +01:00
const char *def_new_key_algo;
Reworked passing of envars to Pinentry.
2009-07-07 12:02:41 +02:00
/* Options to be passed to the gpg-agent */
session_env_t session_env;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
char *lc_ctype;
char *lc_messages;
int skip_verify;
Add gpgconf related dummy options default_pubkey_algo. Add option --skip-hidden-recipients Comment updates.
2009-11-23 20:18:04 +01:00
int skip_hidden_recipients;
gpg: Remove --compress-keys and --compress-sigs feature. * g10/gpg.c (oCompressKeys, oCompressSigs): Remove. (opts): Turn --compress-keys and --compress-signs in NOPs. * g10/options.h (opt): Remove fields compress_keys and compress_sigs. * g10/export.c (do_export): Remove compress_keys feature. * g10/sign.c (sign_file): Remove compress_sigs feature. -- These features are disabled in GnuPG since the very early days and they fulfill no real purpose. For now we keep the command line options as dummys.
2014-08-12 10:36:30 +02:00
gpg: Remove tofu database format "split". * g10/options.h (struct opt): Remove field tofu_db_format. * g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and tofu.batch_update_started. * g10/gpg.c (parse_tofu_db_format): Remove. (main): Make option --tofu-db-format obsolete. * g10/tofu.c: Major rework. Remove the pretty complicated and slower split format and with that all the caching. Use the dbs struct directly. Move global vars for batch update into CTRL. Change calling conventions of some function to take CTRL or DBS pointers instead of the former low-level database pointer. -- The split database format might have been nice for use with Unison but it bypasses the concept of a relational database by doing parts of this itself and also risking deadlocks. Working with the Tofu database for debugging or experiments is also not possible with parts of the database logic implemented in gpg. The Tofu support is quite new and we can assume that it is not in real use now. Thus we better remove that now so that we do not need to maintain it for all future. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-05 14:40:36 +02:00
/* TM_CLASSIC must be zero to accommodate trustdbsg generated before
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
we started storing the trust model inside the trustdb. */
enum
{
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2,
TM_ALWAYS, TM_DIRECT, TM_AUTO, TM_TOFU, TM_TOFU_PGP
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
} trust_model;
gpg: Use the proper type. * g10/options.h: Include "tofu.h". (opt.tofu_default_policy): Change type to enum tofu_policy. * g10/gpgv.c (enum tofu_policy): Don't redeclare. * g10/test-stubs.c (enum tofu_policy): Likewise. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 20:24:27 +02:00
enum tofu_policy tofu_default_policy;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int force_ownertrust;
gpg,common: Move the compliance framework. * common/Makefile.am (common_sources): Add new files. * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here, and tweak it to not rely on types private to gpg. * common/compliance.h: New file. Move the compliance enum here. * g10/keylist.c (print_compliance_flags): Adapt callsite. * g10/main.h (gnupg_pk_is_compliant): Remove prototype. * g10/misc.c (gnupg_pk_is_compliant): Remove function. * g10/options.h (opt): Use the new compliance enum. * sm/keylist.c (print_compliance_flags): Use the common functions. Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-31 14:33:45 +02:00
enum gnupg_compliance_mode compliance;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
enum
{
gpg: Implement --keyid-format=none. * g10/gpg.c (main): Add option "none" to --keyid-format. * g10/options.h (KF_NONE): New. * g10/keyid.c (format_keyid): Implement that. (keystr): Use format "long" is KF_NONE is in use. (keystr_with_sub): Ditto. * g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE. Factor some code out to ... (print_key_line): new. (print_fingerprint): Add mode 20. * g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by flags.primary in the PK. Fix putting a " revoked..." string into the colons format. * g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This slightly changes the putput format. * g10/revoke.c (gen_standard_revoke): Use print_key_line. This may also put "expires: " into the output. -- Due to user experience problems with the keyid and we better allow to show the fingerprint instead. Note that we do not support v3 keys anymore and thus there is no technical need for a user to know the keyid. GnuPG-bug-id: 2379 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 16:00:50 +02:00
KF_DEFAULT, KF_NONE, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
} keyid_format;
const char *set_filename;
Fix for bug 537
2006-10-02 13:54:35 +02:00
strlist_t comments;
gpg: Remove option aliases --[no-]throw-keyid and --notation-data. * g10/gpg.c (opts): Remove them. * g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users. -- See mails starting http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html
2014-12-03 11:28:10 +01:00
int throw_keyids;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
const char *photo_viewer;
int s2k_mode;
int s2k_digest_algo;
int s2k_cipher_algo;
* parse-packet.c (parse_symkeyenc): Show the unpacked as well as the packed s2k iteration count. * main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c (hash_passphrase): Add --s2k-count option to specify the number of s2k hash iterations.
2006-10-13 06:06:24 +02:00
unsigned char s2k_count; /* This is the encoded form, not the raw
count */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int not_dash_escaped;
int escape_from;
int lock_once;
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
keyserver_spec_t keyserver; /* The list of configured keyservers. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
struct
{
unsigned int options;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
unsigned int import_options;
unsigned int export_options;
gpg: Make keyserver-option http_proxy work. * g10/options.h (opt): Add field keyserver_options.http_proxy. * g10/keyserver.c (warn_kshelper_option): Add arg noisy. (parse_keyserver_options): Parse into new http_proxy field. * g10/call-dirmngr.c (create_context): Send the http-proxy option.
2015-04-21 19:29:53 +02:00
char *http_proxy;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
} keyserver_options;
int exec_disable;
int exec_path_set;
unsigned int import_options;
unsigned int export_options;
unsigned int list_options;
unsigned int verify_options;
Ported patches from 1.4.x
2006-06-27 16:30:59 +02:00
const char *def_preference_list;
const char *def_keyserver_url;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
prefitem_t *personal_cipher_prefs;
prefitem_t *personal_digest_prefs;
prefitem_t *personal_compress_prefs;
gpg: Ensure all weak digest rejection notices are shown * g10/main.h: Add rejection_shown flag to each weakhash struct * g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not treat MD5 separately; (print_digest_rejected_note): Use weakhash.rejection_shown instead of static shown. * g10/options.h (opt): Change from additional_weak_digests to weak_digests. * g10/sig-check.c: Do not treat MD5 separately. * g10/gpg.c (main): Explicitly set MD5 as weak. * g10/gpgv.c (main): Explicitly set MD5 as weak. -- Previously, only one weak digest rejection message was shown, of whichever was the first type encountered. This meant that if "gpg --weak-digest SHA224" encountered both an MD5 digest and a SHA224 digest, it would only show the user that the MD5 digest was rejected. In order to let the user know which algorithms were rejected, we needed to move the "shown" flag into a per-weak-algorithm location. Given this additional complication, it made no sense to continue to treat MD5 specially, so it is added as a default weak algorithm in the same opt.weak_digests data structure as any other. Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-23 23:46:57 +02:00
struct weakhash *weak_digests;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int no_perm_warn;
char *temp_dir;
int no_encrypt_to;
gpg: Add --encrypt-to-default-key. * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and export the function. * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey. (opts): Handle oEncryptToDefaultKey. (main): Likewise. * g10/options.h (opt): Add field encrypt_to_default_key. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 807
2015-11-03 23:39:46 +01:00
int encrypt_to_default_key;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int interactive;
struct notation *sig_notations;
struct notation *cert_notations;
Fix for bug 537
2006-10-02 13:54:35 +02:00
strlist_t sig_policy_url;
strlist_t cert_policy_url;
strlist_t sig_keyserver_url;
strlist_t cert_subpackets;
strlist_t sig_subpackets;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int allow_non_selfsigned_uid;
int allow_freeform_uid;
int no_literal;
ulong set_filesize;
int fast_list_mode;
gpg: Change format for the key size in --list-key and --edit-key. * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode. * g10/options.h (struct opt): Add field legacy_list_mode. * g10/keydb.h (PUBKEY_STRING_SIZE): New. * g10/keyid.c (pubkey_string): New. * g10/import.c (import_one, import_secret_one): Use pubkey_string. * g10/keylist.c (print_seckey_info): Ditto. (print_pubkey_info, print_card_key_info): Ditto. (list_keyblock_print): Ditto. * g10/mainproc.c (list_node): Ditto. * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto. * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the format. (show_basic_key_info): Ditto. * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519". (openpgp_oid_to_curve): Downcase "ed25519" -- For ECC it seems to be better to show the name of the curve and not just the size of the prime field. The curve name does not anymore fit into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length format does not work either. Thus the new format uses "rsa2048" - RSA with 2048 bit "elg1024" - Elgamal with 1024 bit "ed25519" - ECC using the curve Ed25519. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". unless --legacy-list-mode is given. In does not anymore line up nicely in columns thus I expect further changes to this new format. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-02-05 10:37:59 +01:00
int legacy_list_mode;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int ignore_time_conflict;
int ignore_valid_from;
int ignore_crc_error;
int ignore_mdc_error;
gpg: New option --debug-ignore-expiration to help with testing. * g10/gpg.c (oDebugIgnoreExpiration): New. (opts): Add option. (main): Set flag. * g10/options.h (opt): Add field ignore_expiration. * g10/pkclist.c (do_we_trust): Handle the option. * g10/getkey.c (skip_unusable): Ditto. (finish_lookup): Ditto. -- GnuPG-bug-id: 2703
2023-05-09 08:17:30 +02:00
int ignore_expiration;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int command_fd;
const char *override_session_key;
int show_session_key;
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
const char *gpg_agent_info;
int try_all_secrets;
int no_expensive_trust_checks;
int no_sig_cache;
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
unsigned int screen_columns;
unsigned int screen_lines;
byte *show_subpackets;
int rfc2440_text;
gpg,gpgsm: Add option --min-rsa-length. * common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
2021-11-18 20:44:14 +01:00
unsigned int min_rsa_length; /* Used for compliance checks. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* If true, let write failures on the status-fd exit the process. */
int exit_on_status_write_error;
/* If > 0, limit the number of card insertion prompts to this
value. */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
int limit_card_insert_tries;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: New option --assert-signer. * g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner. (opts): Add "assert-signer". (main): Set option. (assert_signer_true): New var. (g10_exit): Evaluate new var. * g10/main.h (assert_signer_true): Declare new var. * common/status.h (STATUS_ASSERT_SIGNER): New. * g10/options.h (opt): Add field assert_signer_list. * g10/verify.c (is_fingerprint): New. (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call that function. Clear assert_signer_true on a warning. * g10/gpgv.c: Add dummy function and vars. * g10/t-keydb-get-keyblock.c: Ditto. * g10/t-keydb.c: Ditto. * g10/t-stutter.c: Ditto. --
2023-04-05 21:32:23 +02:00
/* The list of --assert-signer option values. Note: The values are
* modify to be uppercase if they represent a fingerrint */
strlist_t assert_signer_list;
gpg: Add option --assert-pubkey_algo. * g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
2024-02-10 14:24:50 +01:00
/* A single string with the comma delimited args from
* --assert-pubkey_algo. */
char *assert_pubkey_algos;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
struct
{
/* If set, require an 0x19 backsig to be present on signatures
made by signing subkeys. If not set, a missing backsig is not
an error (but an invalid backsig still is). */
unsigned int require_cross_cert:1;
Merged recent changes from 1.4
2006-04-28 16:31:29 +02:00
unsigned int use_embedded_filename:1;
unsigned int utf8_filename:1;
unsigned int dsa2:1;
gpg: Do not allow old cipher algorithms for encryption. * g10/gpg.c: New option --allow-old-cipher-algos. (set_compliance_option): Set --rfc4880bis explictly to SHA256 and AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440. * g10/options.h (opt): Add flags.allow_old_cipher_algos. * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note unless in --quiet mode. * g10/encrypt.c (setup_symkey): Disallow by default algos with a blocklengt < 128. (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES. * g10/pkclist.c (algo_available): Take care of old cipher also. (select_algo_from_prefs): Use AES as implicit algorithm by default. * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos. -- GnuPG-bug-id: 3415
2021-02-10 14:31:34 +01:00
unsigned int allow_old_cipher_algos:1;
gpg: Reject signatures made with MD5. * g10/gpg.c: Add option --allow-weak-digest-algos. (main): Set option also in PGP2 mode. * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. * g10/sig-check.c (do_check): Reject MD5 signatures. * tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
2014-03-17 17:54:36 +01:00
unsigned int allow_weak_digest_algos:1;
gpg: Add option --allow-weak-key-signatures. * g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 10:36:17 +01:00
unsigned int allow_weak_key_signatures:1;
gpg: Add build and runtime support for larger RSA keys * configure.ac: Added --enable-large-secmem option. * g10/options.h: Add opt.flags.large_rsa. * g10/gpg.c: Contingent on configure option: adjust secmem size, add gpg --enable-large-rsa, bound to opt.flags.large_rsa. * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -- This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from STABLE-BRANCH-1-4 against master Some older implementations built and used RSA keys up to 16Kib, but the larger secret keys now fail when used by more recent GnuPG, due to secure memory limitations. Building with ./configure --enable-large-secmem will make gpg capable of working with those secret keys, as well as permitting the use of a new gpg option --enable-large-rsa, which let gpg generate RSA keys up to 8Kib when used with --batch --gen-key. Debian-bug-id: 739424 Minor edits by wk. GnuPG-bug-id: 1732
2014-10-09 22:54:15 +02:00
unsigned int large_rsa:1;
gpg: New option --disable-signer-uid, create Signer's UID sub-packet. * g10/gpg.c (oDisableSignerUID): New. (opts): New option '--disable-signer-uid'. (main): Set option. * g10/options.h (opt): Add field flags.disable_signer_uid. * g10/sign.c: Include mbox-util.h. (mk_notation_policy_etc): Embed the signer's uid. * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key retrieval if --disable-signer-uid is used. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 11:24:09 +02:00
unsigned int disable_signer_uid:1;
gpg: New option --include-key-block. * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New. * g10/gpg.c (oIncludeKeyBlock): New. (opts): New option --include-key-block. (main): Implement. * g10/options.h (opt): New flag include_key_block. * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK. (parse_one_sig_subpkt): Ditto. (can_handle_critical): Ditto. * g10/sign.c (mk_sig_subpkt_key_block): New. (write_signature_packets): Call it for data signatures. -- This patch adds support for a to be proposed OpenPGP ferature: Introduce the Key Block subpacket to align OpenPGP with CMS. This new subpacket may be used similar to the CertificateSet of CMS (RFC-5652) and thus allows to start encrypted communication after having received a signed message. In practice a stripped down version of the key should be including having only the key material and the self-signatures which are really useful and shall be used by the recipient to reply encrypted. #### Key Block (1 octet with value 0, N octets of key data) This subpacket MAY be used to convey key data along with a signature of class 0x00, 0x01, or 0x02. It MUST contain the key used to create the signature; either as the primary key or as a subkey. The key SHOULD contain a primary or subkey capable of encryption and the entire key must be a valid OpenPGP key including at least one User ID packet and the corresponding self-signatures. Implementations MUST ignore this subpacket if the first octet does not have a value of zero or if the key data does not represent a valid transferable public key. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 13:28:35 +01:00
unsigned int include_key_block:1;
gpg: New option --auto-key-import * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:04:47 +01:00
unsigned int auto_key_import:1;
gpg: New option --no-symkey-cache. * g10/gpg.c (oNoSymkeyCache): New. (opts): Add that option. (main): Set var. * g10/options.h (struct opt): New field no_symkey_cache. * g10/passphrase.c (passphrase_to_dek): Implement that feature. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-11 20:35:40 +02:00
/* Flag to enable experimental features from RFC4880bis. */
gpg: New option --rfc4880bis. * g10/options.h (struct opt): Add field flags.rfc4880bis. * g10/gpg.c (oRFC4880bis): new. (opts): add --rfc4880bis. (main): Implement that and print a warning. -- This is option enables experimental features which may be dropped or changed with the next release. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-20 22:19:23 +02:00
unsigned int rfc4880bis:1;
gpg: Fix using --decrypt along with --use-embedded-filename. * g10/options.h (opt): Add flags.dummy_outfile. * g10/decrypt.c (decrypt_message): Set this global flag instead of the fucntion local flag. * g10/plaintext.c (get_output_file): Ignore opt.output if that was used as a dummy option aslong with --use-embedded-filename. -- The problem here was that an explicit specified --decrypt, as meanwhile suggested, did not work with that dangerous --use-embedded-filename. In contrast it worked when gpg decrypted as a side-effect of parsing the data. GnuPG-bug-id: 4500 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-17 13:40:24 +02:00
/* Hack: --output is not given but OUTFILE was temporary set to "-". */
unsigned int dummy_outfile:1;
gpg: New option --use-only-openpgp-card * g10/gpg.c (opts): Add option. (main): Set flag. * g10/options.h: Add flags.use_only_openpgp_card. * g10/call-agent.c (start_agent): Implement option. -- With the previous patch we switch to autoselect an application instead of requesting an openpgp card. This option allows to revert this in case of use use cases which expected the former behaviour. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit c185f6dfbd1bfd809369da789239a371e9d1610e) This was first added to the 2.2 branch.
2019-08-21 10:19:16 +02:00
/* Force the use of the OpenPGP card and do not allow the use of
* another card. */
unsigned int use_only_openpgp_card:1;
gpg: New option --full-timestrings. * g10/options.h (opt): Add flags.full_timestrings. * g10/gpg.c (oFullTimestrings): New. (opts): New option. (main): Set new flag. * g10/keyid.c (dateonlystr_from_pk): New. (dateonlystr_from_sig): New. (datestr_from_pk): Divert to isotimestamp if requested. (datestr_from_sig): Ditto. (expirestr_from_pk): Ditto. (expirestr_from_sig): Ditto. (revokestr_from_pk): Ditto. * g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and dateonlystr_from_pk. -- Quite helpful for debugging keys. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:01:07 +01:00
unsigned int full_timestrings:1;
gpg: New option --force-sign-key * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key". (main): Set it. * g10/options.h (opt): New flag flags.force_sign_key. * g10/keyedit.c (sign_uids): Use new flag. -- GnuPG-bug-id: 4584
2021-03-11 11:27:07 +01:00
/* Force signing keys even if a key signature already exists. */
unsigned int force_sign_key:1;
gpg: New option --no-auto-trust-new-key. * g10/gpg.c (oNoAutoTrustNewKey): New. (opts): Add --no-auto-trust-new-key. (main): Set it. * g10/options.h (opt): Add flags.no_auto_trust_new_key. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-15 10:47:19 +01:00
/* On key generation do not set the ownertrust. */
unsigned int no_auto_trust_new_key:1;
gpg: Do not use self-sigs-only for LDAP keyserver imports. * dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status. * g10/options.h (opts): New field expl_import_self_sigs_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we can allow the import of key signature from LDAP keyservers by default. GnuPG-bug-id: 5387
2021-04-13 14:25:16 +02:00
/* The next flag is set internally iff IMPORT_SELF_SIGS_ONLY has
* been set by the user and is not the default value. */
unsigned int expl_import_self_sigs_only:1;
gpg: Do not use import-clean for LDAP keyserver imports. * g10/options.h (opts): New field expl_import_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we don't clean the key anymore so that key certifications are kept even if the public key has not yet been imported. See-commit: 6c26e593df51475921410ac97e9227df6b258618 GnuPG-bug-id: 5387
2021-04-26 14:15:21 +02:00
/* The next flag is set internally iff IMPORT_CLEAN has
* been set by the user and is not the default value. */
unsigned int expl_import_clean:1;
gpg: New option --require-compliance. * g10/options.h (opt): Add field flags.require_compliance. * g10/gpg.c (oRequireCompliance): New. (opts): Add --require-compliance. (main): Set option. * g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant. (check_sig_and_print): Ditto. * g10/encrypt.c (encrypt_crypt): Ditto. -- Note that in the --encrypt and --verify cased other checks may kick in earlier than this new --require-compliance controlled one.
2022-03-08 10:13:44 +01:00
/* Fail if an operation can't be done in the requested compliance
* mode. */
unsigned int require_compliance:1;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
} flags;
/* Linked list of ways to find a key if the key isn't on the local
keyring. */
struct akl
{
Enhanced --auto-key-locate.
2008-04-08 13:04:16 +02:00
enum {
AKL_NODEFAULT,
AKL_LOCAL,
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
AKL_CERT,
AKL_PKA,
gpg: Add new --auto-key-locate mechanism "dane". * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE. * g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode". * g10/options.h (AKL_DANE): New. * g10/getkey.c (get_pubkey_byname): Implement AKL_DANE. (parse_auto_key_locate): Ditto. -- To test this use gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 20:31:43 +02:00
AKL_DANE,
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash. * g10/getkey.c (parse_auto_key_locate): Add method "wkd". (get_pubkey_byname): Implement that method. Also rename a variable. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. * g10/keyserver.c (keyserver_import_wkd): New. * g10/test-stubs.c (keyserver_import_wkd): Add stub. * g10/gpgv.c (keyserver_import_wkd): Ditto. * g10/options.h (opt): Add field 'with_wkd_hash'. (AKL_WKD): New. * g10/gpg.c (oWithWKDHash): New. (opts): Add option --with-wkd-hash. (main): Set that option. * g10/keylist.c (list_keyblock_print): Implement that option. -- The Web Key Directory is an experimental feature to retrieve a key via https. It is similar to OpenPGP DANE but also uses an encryption to reveal less information about a key lookup. For example the URI to lookup the key for Joe.Doe@Example.ORG is: https://example.org/.well-known/openpgpkey/ hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q (line has been wrapped for rendering purposes). The hash is a z-Base-32 encoded SHA-1 hash of the mail address' local-part. The address wk@gnupg.org can be used for testing. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-27 08:34:29 +02:00
AKL_WKD,
Enhanced --auto-key-locate.
2008-04-08 13:04:16 +02:00
AKL_LDAP,
gpg: New AKL method "ntds" * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new support for KEYDB_SEARCH_MODE_MAIL. (ks_ldap_get): Add a debug. * g10/options.h (AKL_NTDS): New. * g10/keyserver.c (keyserver_import_ntds): New. (keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL. * g10/getkey.c (parse_auto_key_locate): Support "ntds". (get_pubkey_byname): Ditto.
2020-12-17 18:18:52 +01:00
AKL_NTDS,
Enhanced --auto-key-locate.
2008-04-08 13:04:16 +02:00
AKL_KEYSERVER,
AKL_SPEC
} type;
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
keyserver_spec_t spec;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
struct akl *next;
} *auto_key_locate;
gpg: New option --key-origin. * g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 17:28:32 +02:00
/* The value of --key-origin. See parse_key_origin(). */
int key_origin;
gpg: Extend --key-origin to take an optional URL arg. * g10/getkey.c (parse_key_origin): Parse appended URL. * g10/options.h (struct opt): Add field 'key_origin_url'. * g10/gpg.c (main) <aImport>: Pass that option to import_keys. * g10/import.c (apply_meta_data): Extend for file and url. * g10/keyserver.c (keyserver_fetch): Pass the url to import_keys_es_stream. -- Example: gpg --key-origin url,myscheme://bla --import FILE Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 21:07:03 +02:00
char *key_origin_url;
gpg: New option --key-origin. * g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 17:28:32 +02:00
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
int passphrase_repeat;
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
int pinentry_mode;
gpg,sm: New option --request-origin. * g10/gpg.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * g10/options.h (struct opt): Add field request_origin. * g10/call-agent.c (start_agent): Send option to the agent. * sm/gpgsm.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * sm/gpgsm.h (struct opt): Add field request_origin. * sm/call-agent.c (start_agent): Send option to the agent. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 09:06:20 +01:00
int request_origin;
gpg: Add support for unwrapping the outer level of encryption. * g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set, copy the data to the output file instead of continuing to process it. * g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap. (opts): Handle oUnwrap. (main): Likewise. * g10/options.h (opt): Add field unwrap_encryption. * g10/plaintext.c (handle_plaintext): Break the output file selection functionality into ... (get_output_file): ... this new function. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 1060 Debian-bug-id: 282061
2015-11-05 12:20:42 +01:00
int unwrap_encryption;
gpg: Add new option --only-sign-text-ids. * g10/options.h (opt): Add field only_sign_text_ids. * g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs. (opts): Handle oOnlySignTextIDs. (main): Likewise. * g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't select non-text based IDs automatically. (keyedit_menu): Adapt the prompt asking to sign all user ids according to OPT.ONLY_SIGN_TEXT_IDS. * doc/gpg.texi: Document the new option --only-sign-text-ids. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 1241 Debian-bug-id: 569702
2015-11-06 13:14:57 +01:00
int only_sign_text_ids;
gpg: New option --no-symkey-cache. * g10/gpg.c (oNoSymkeyCache): New. (opts): Add that option. (main): Set var. * g10/options.h (struct opt): New field no_symkey_cache. * g10/passphrase.c (passphrase_to_dek): Implement that feature. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-11 20:35:40 +02:00
int no_symkey_cache; /* Disable the cache used for --symmetric. */
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
int use_keyboxd; /* Use the external keyboxd as storage backend. */
gpg: New option --compatibility-flags * g10/gpg.c (oCompatibilityFlags): New. (opts): Add option. (compatibility_flags): New list. (main): Set flags and print help. * g10/options.h (opt): Add field compatibility_flags. -- No flags are yet defined but it is good to have the framework.
2022-10-31 15:01:24 +01:00
/* Compatibility flags (COMPAT_FLAG_xxxx). */
unsigned int compat_flags;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
} opt;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* CTRL is used to keep some global variables we currently can't
avoid. Future concurrent versions of gpg will put it into a per
request structure CTRL. */
EXTERN_UNLESS_MAIN_MODULE
struct {
int in_auto_key_retrieve; /* True if we are doing an
auto_key_retrieve. */
[g13] Add RECIPEINT and CREATE command. [sm] Chnage --include-certs default
2009-10-19 11:18:46 +02:00
/* Hack to store the last error. We currently need it because the
proc_packet machinery is not able to reliabale return error
codes. Thus for the --server purposes we store some of the error
codes here. FIXME! */
gpg_error_t lasterr;
gpg: Silence some warning messages during -Kv. * g10/options.h (glo_ctrl): Add flag silence_parse_warnings. * g10/keylist.c (list_all): Set that during secret key listsings. * g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do not print info message normally emitted inh verbose mode. (can_handle_critical_notation, enum_sig_subpkt): Ditto. (parse_signature, parse_key, parse_attribute_subpkts): Ditto. -- Those messages are annoying because they might be emitted due to parsing public keys which are latter not shows because the secret part is missing. No functional regressions are expected because --verbose should not change anything. Note that this suppression is only done if no arguments are given to the command; that is if a listing of the entire keyring is requested. Thus to see the earnings anyway, a listing of a single or group of keys can be requested. GnuPG-bug-id: 4627 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 12:50:41 +02:00
/* Kludge to silence some warnings using --secret-key-list. */
int silence_parse_warnings;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
} glo_ctrl;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define DBG_PACKET_VALUE 1 /* debug packet reading/writing */
#define DBG_MPI_VALUE 2 /* debug mpi details */
gpg: Rename a debug macro. * g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE. (DBG_CIPHER): Rename to DBG_CRYPTO.
2015-04-06 13:07:09 +02:00
#define DBG_CRYPTO_VALUE 4 /* debug crypto handling */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* (may reveal sensitive data) */
#define DBG_FILTER_VALUE 8 /* debug internal filter handling */
#define DBG_IOBUF_VALUE 16 /* debug iobuf stuff */
#define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */
Fix use of DBG_CACHE and DBG_LOOKUP * dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192. * g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New. * g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
2015-04-06 13:27:26 +02:00
#define DBG_CACHE_VALUE 64 /* debug the caching */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
#define DBG_TRUST_VALUE 256 /* debug the trustdb */
#define DBG_HASHING_VALUE 512 /* debug hashing operations */
Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG. * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
2015-04-06 13:42:17 +02:00
#define DBG_IPC_VALUE 1024 /* debug assuan communication */
New function log_clock. * common/logging.c (log_clock): New. * g10/gpg.c (set_debug): Print clock debug flag. * g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New. -- To actually use log_clock you need to enable the code in logginc.c:log_check() and link against librt. --debug 4096 may then be used to enable it at runtime.
2013-01-07 16:51:24 +01:00
#define DBG_CLOCK_VALUE 4096
gpg: New option --disable-signer-uid, create Signer's UID sub-packet. * g10/gpg.c (oDisableSignerUID): New. (opts): New option '--disable-signer-uid'. (main): Set option. * g10/options.h (opt): Add field flags.disable_signer_uid. * g10/sign.c: Include mbox-util.h. (mk_notation_policy_etc): Embed the signer's uid. * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key retrieval if --disable-signer-uid is used. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 11:24:09 +02:00
#define DBG_LOOKUP_VALUE 8192 /* debug the key lookup */
Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG. * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
2015-04-06 13:42:17 +02:00
#define DBG_EXTPROG_VALUE 16384 /* debug external program calls */
Started to code a --server mode. It is far from being ready!
2006-12-21 20:40:00 +01:00
/* Tests for the debugging flags. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define DBG_PACKET (opt.debug & DBG_PACKET_VALUE)
gpg: Put extra parens around bit tests. * g10/options.h (DBG_MPI): New. * g10/gpg.c (set_debug): Use macro or extra parens for binary operator. * g10/parse-packet.c (set_packet_list_mode): Use dbg macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 07:54:38 +02:00
#define DBG_MPI (opt.debug & DBG_MPI_VALUE)
gpg: Rename a debug macro. * g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE. (DBG_CIPHER): Rename to DBG_CRYPTO.
2015-04-06 13:07:09 +02:00
#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define DBG_FILTER (opt.debug & DBG_FILTER_VALUE)
#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
#define DBG_TRUST (opt.debug & DBG_TRUST_VALUE)
#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG. * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
2015-04-06 13:42:17 +02:00
#define DBG_IPC (opt.debug & DBG_IPC_VALUE)
New function log_clock. * common/logging.c (log_clock): New. * g10/gpg.c (set_debug): Print clock debug flag. * g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New. -- To actually use log_clock you need to enable the code in logginc.c:log_check() and link against librt. --debug 4096 may then be used to enable it at runtime.
2013-01-07 16:51:24 +01:00
#define DBG_CLOCK (opt.debug & DBG_CLOCK_VALUE)
Fix use of DBG_CACHE and DBG_LOOKUP * dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192. * g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New. * g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
2015-04-06 13:27:26 +02:00
#define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE)
Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG. * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
2015-04-06 13:42:17 +02:00
#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: Put extra parens around bit tests. * g10/options.h (DBG_MPI): New. * g10/gpg.c (set_debug): Use macro or extra parens for binary operator. * g10/parse-packet.c (set_packet_list_mode): Use dbg macro. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 07:54:38 +02:00
/* FIXME: We need to check why we did not put this into opt. */
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#define DBG_MEMORY memory_debug_mode
#define DBG_MEMSTAT memory_stat_debug_mode
EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
gpg: New option --compatibility-flags * g10/gpg.c (oCompatibilityFlags): New. (opts): Add option. (compatibility_flags): New list. (main): Set flags and print help. * g10/options.h (opt): Add field compatibility_flags. -- No flags are yet defined but it is good to have the framework.
2022-10-31 15:01:24 +01:00
/* Compatibility flags */
gpg: Prepare to use the fingerprint as fixed-info for Kyber. * g10/pubkey-enc.c (get_it): Use algo and fingerprint for the fixed-info. Keep a testing mode. * g10/options.h (COMPAT_T7014_OLD): New. * g10/gpg.c (compatibility_flags): Add "t71014-old" flag. -- GnuPG-bug-id: 6815
2024-04-12 11:31:01 +02:00
#define COMPAT_PARALLELIZED 1 /* Use threaded hashing for signatures. */
#define COMPAT_T7014_OLD 2 /* Use initial T7014 test data. */
gpg: New option --compatibility-flags * g10/gpg.c (oCompatibilityFlags): New. (opts): Add option. (compatibility_flags): New list. (main): Set flags and print help. * g10/options.h (opt): Add field compatibility_flags. -- No flags are yet defined but it is good to have the framework.
2022-10-31 15:01:24 +01:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: New option --compatibility-flags * g10/gpg.c (oCompatibilityFlags): New. (opts): Add option. (compatibility_flags): New list. (main): Set flags and print help. * g10/options.h (opt): Add field compatibility_flags. -- No flags are yet defined but it is good to have the framework.
2022-10-31 15:01:24 +01:00
/* Compliance test macors. */
gpg: Add new compliance mode "de-vs". * g10/options.h (CO_DE_VS): New. (GNUPG): Also allow CO_DE_VS. * g10/gpg.c (oDE_VS): New. (parse_compliance_option): Add "de-vs". (set_compliance_option): Set "de-vs". * g10/misc.c (compliance_option_string): Return a description string. (compliance_failure): Ditto. * g10/keygen.c (ask_algo): Take care of CO_DE_VS. (get_keysize_range): Ditto. (ask_curve): Add new field to CURVES and trun flags into bit flags. Allow only Brainpool curves in CO_DE_VS mode. -- As of now this compliance mode only restricts the set of algorithms and curves which can be created. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 17:50:03 +01:00
#define GNUPG (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define RFC2440 (opt.compliance==CO_RFC2440)
Ported changes from 1.4. Add copyright notices.
2007-10-25 11:06:21 +02:00
#define RFC4880 (opt.compliance==CO_RFC4880)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define PGP7 (opt.compliance==CO_PGP7)
#define PGP8 (opt.compliance==CO_PGP8)
gpg: Remove PGP6 compliance mode. * g10/gpg.c: Make --pgp6 an alias for --pgp7. * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6. * g10/options.h (PGP6): Remove. Adjust all users. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 13:01:12 +02:00
#define PGPX (PGP7 || PGP8)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* Various option flags. Note that there should be no common string
names between the IMPORT_ and EXPORT_ flags as they can be mixed in
the keyserver-options option. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#define IMPORT_LOCAL_SIGS (1<<0)
#define IMPORT_REPAIR_PKS_SUBKEY_BUG (1<<1)
#define IMPORT_FAST (1<<2)
gpg: New import option "import-show". * g10/options.h (IMPORT_SHOW): New. * g10/import.c (parse_import_options): Add "import-show". (import_one): Implement that. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 19:25:53 +02:00
#define IMPORT_SHOW (1<<3)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#define IMPORT_MERGE_ONLY (1<<4)
#define IMPORT_MINIMAL (1<<5)
#define IMPORT_CLEAN (1<<6)
gpg: Protect against rogue keyservers sending secret keys. * g10/options.h (IMPORT_NO_SECKEY): New. * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new flag. * g10/import.c (import_secret_one): Deny import if flag is set. -- By modifying a keyserver or a DNS record to send a secret key, an attacker could trick a user into signing using a different key and user id. The trust model should protect against such rogue keys but we better make sure that secret keys are never received from remote sources. Suggested-by: Stefan Tomanek Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit e7abed3448c1c1a4e756c12f95b665b517d22ebe) Resolved conflicts: g10/import.c g10/keyserver.c
2013-10-04 13:44:39 +02:00
#define IMPORT_NO_SECKEY (1<<7)
gpg: Add import options "keep-ownertrust". * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New. * g10/import.c (parse_import_options): Add "keep-ownertrust". (import_one): Act upon new option. -- This option is in particular useful to convert from a pubring.gpg to the new pubring.kbx in GnuPG 2.1 or vice versa: gpg1 --export | gpg2 --import-options keep-ownertrust --import
2014-11-12 09:56:40 +01:00
#define IMPORT_KEEP_OWNERTTRUST (1<<8)
gpg: New import option "import-export". * g10/import.c (parse_import_options): Add option "import-export". (write_keyblock_to_output): New. (import_one): Implement option. -- We are now in the import export business. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-24 13:11:37 +02:00
#define IMPORT_EXPORT (1<<9)
gpg: New export and import options "backup" and "restore". * g10/export.c (parse_export_options): Add "backup" and its alias "export-backup". (do_export_one_keyblock): Export ring trust packets in backup mode. * g10/import.c (parse_import_options): Add "restore" and its alias "import-restore". (read_block): Import ring trust packets. -- These options are intended to, well, backup and restore keys between GnuPG implementations. These options may eventually be enhanced to backup and restore all public key related information. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 10:12:18 +01:00
#define IMPORT_RESTORE (1<<10)
gpg: Check and fix keys on import. * doc/gpg.texi: Document the new import option. * g10/gpg.c (main): Make the new option default to yes. * g10/import.c (parse_import_options): Parse the new option. (import_one): Act on the new option. * g10/options.h (IMPORT_REPAIR_KEYS): New macro. GnuPG-bug-id: 2236 Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-13 15:35:01 +02:00
#define IMPORT_REPAIR_KEYS (1<<11)
gpg: New import option show-only. * g10/options.h (IMPORT_DRY_RUN): New. * g10/import.c (parse_import_options): Add "show-only". (import_one): use that as alternative to opt.dry_run. -- This is just a convenience thing for --import-options import-show --dry-run Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 17:03:03 +02:00
#define IMPORT_DRY_RUN (1<<12)
gpg: New import and keyserver option "self-sigs-only" * g10/options.h (IMPORT_SELF_SIGS_ONLY): New. * g10/import.c (parse_import_options): Add option "self-sigs-only". (read_block): Handle that option. -- This option is intended to help against importing keys with many bogus key-signatures. It has obvious drawbacks and is not a bullet-proof solution because a self-signature can also be faked and would be detected only later. GnuPG-bug-id: 4591 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-01 15:14:59 +02:00
#define IMPORT_SELF_SIGS_ONLY (1<<14)
gpg: Collapse duplicate subkeys. * g10/options.h (IMPORT_COLLAPSE_UIDS): New. (IMPORT_COLLAPSE_SUBKEYS): New. * g10/gpg.c (main): Make them the default. * g10/import.c (parse_import_options): New import options "no-collapse-uids" and "no-collapse_subkeys". (collapse_subkeys): New. (import_one_real): Collapse subkeys and allow disabling the collapsing using the new options. (read_key_from_file_or_buffer): Always collapse subkeys. * g10/keyedit.c (fix_keyblock): Call collapse_subkeys. -- GnuPG-bug-id: 4421 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 10:33:57 +02:00
#define IMPORT_COLLAPSE_UIDS (1<<15)
#define IMPORT_COLLAPSE_SUBKEYS (1<<16)
gpg: New experimental import option "bulk-import" * g10/options.h (IMPORT_BULK): New. * g10/import.c (parse_import_options): Add "bulk-import". * g10/call-keyboxd.c (in_transaction): New var. (gpg_keyboxd_deinit_session_data): Run a commit if in bulk import mode. (create_new_context): Run a begin transaction if in bulk import mode. -- Initial tests with this option are not very promising. Importing about 3000 real world keys with --use-keyboxd and full logging took: real 33m31.724s user 19m54.265s sys 2m49.662s With bulk-import this saves a mere 12%: real 29m36.542s user 19m3.391s sys 2m46.728s Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 16:47:10 +02:00
#define IMPORT_BULK (1<<17)
gpg: Add sub-option ignore-attributes to --import-options. * g10/options.h (IMPORT_IGNORE_ATTRIBUTES): New. * g10/import.c (parse_import_options): Add new sub-option. (read_block): Implement sub-option. -- Suggested-by: Robin H. Johnson Tested using the import-export feature: gpg --export KEY_WITH_PICTURE \ | gpg --import --import-options import-export,ignore-attributes \ | gpg --show-key
2024-01-24 18:23:02 +01:00
#define IMPORT_IGNORE_ATTRIBUTES (1<<18)
* export.c (parse_export_options): New option sexp-format. (export_seckeys,export_secsubkeys): Check sexp-format option. (do_export): Ignore armor for sexp format. (do_export_stream): Handle sexp-format. (write_sexp_line,write_sexp_keyparm, build_sexp_seckey): New. (build_sexp): New.
2003-07-16 15:45:15 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#define EXPORT_LOCAL_SIGS (1<<0)
#define EXPORT_ATTRIBUTES (1<<1)
#define EXPORT_SENSITIVE_REVKEYS (1<<2)
#define EXPORT_RESET_SUBKEY_PASSWD (1<<3)
gpg: Prepare for a new export option export-realclean. * g10/options.h (EXPORT_REALCLEAN): New. Also re-assign other values to keep them more in sync with the corresponding import values. * g10/export.c (parse_export_options): Add "export-realclean". (do_export_stream): Call clean_all_uids directly with the options arg. * g10/import.c (import_one_real): Change for direct use of options in clean_all_uids. * g10/key-clean.c (is_trusted_key_sig): New. Stub for now. (clean_sigs_from_uid): Re-purpose self_only to a general options arg. Implement EXPORT_REALCLEAN code path. (clean_one_uid): Re-purpose self_only to a general options arg. (clean_all_uids): Ditto. * g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple flag. (menu_clean): Re-purpose self_only to a general options arg. * g10/keyid.c (fpr20_from_pk): Factor code out to .... (fpr20_from_fpr): new. Remove useless case for ARRAY being NULL. * g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use fpr20_from_fpr if needed. (tdbio_search_trust_bypk): Pass 20 for the fingerprint length. -- Note that this code has no function yet. Another patch will follow to extract the trusted-keys flag from the trustdb.
2024-03-04 14:22:42 +01:00
#define EXPORT_MINIMAL (1<<5)
#define EXPORT_CLEAN (1<<6)
gpg: Add export options "export-pka" and "export-dane". * g10/options.h (EXPORT_PKA_FORMAT): New. * g10/keylist.c (list_keyblock_pka): Do not use DANE flag. * g10/export.c: Include zb32.h. (parse_export_options): Add options "export-pka" and "export-dane". (do_export): Do not armor if either of these option is set. (print_pka_or_dane_records): New. (do_export_stream): Implement new options. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-07 17:02:58 +02:00
#define EXPORT_DANE_FORMAT (1<<7)
gpg: New export and import options "backup" and "restore". * g10/export.c (parse_export_options): Add "backup" and its alias "export-backup". (do_export_one_keyblock): Export ring trust packets in backup mode. * g10/import.c (parse_import_options): Add "restore" and its alias "import-restore". (read_block): Import ring trust packets. -- These options are intended to, well, backup and restore keys between GnuPG implementations. These options may eventually be enhanced to backup and restore all public key related information. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 10:12:18 +01:00
#define EXPORT_BACKUP (1<<10)
gpg: New export-filter export-revocs * g10/options.h (EXPORT_REVOCS): New. * g10/export.c (export_select_filter): New. (struct export_filter_attic_s): Add field. (cleanup_export_globals): Cleanup. (parse_export_options): Add option "export-revocs". (parse_and_set_export_filter): Parse the select type. (do_export_revocs): New. (do_export_stream): Add a way to select things for export.
2022-11-28 12:43:11 +01:00
#define EXPORT_REVOCS (1<<11)
gpg: New export option "mode1003". * agent/command.c (cmd_export_key): Add option --mode1003. (command_has_option): Ditto. * g10/build-packet.c (do_key): Implement mode 1003. * g10/parse-packet.c (parse_key): Ditto. * g10/options.h (EXPORT_MODE1003): New.o * g10/call-agent.c (agent_export_key): Add arg mode1003. * g10/export.c (parse_export_options): Add "mode1003" (secret_key_to_mode1003): New. (receive_seckey_from_agent): Add arg mode1003. (do_export_one_keyblock): Pass option down. -- This option allows to export a secret key in GnuPG's native format. Thus no re-encryption is required and further the public key parameters are also authenticated if a protection passphrase has been used. Note that --import is not yet able to handle this new mode. Although old version of GnuPG will bail out with "invalid packet" if a mode1003 exported secret key is seen.
2022-12-02 10:03:36 +01:00
#define EXPORT_MODE1003 (1<<12)
gpg: Prepare for a new export option export-realclean. * g10/options.h (EXPORT_REALCLEAN): New. Also re-assign other values to keep them more in sync with the corresponding import values. * g10/export.c (parse_export_options): Add "export-realclean". (do_export_stream): Call clean_all_uids directly with the options arg. * g10/import.c (import_one_real): Change for direct use of options in clean_all_uids. * g10/key-clean.c (is_trusted_key_sig): New. Stub for now. (clean_sigs_from_uid): Re-purpose self_only to a general options arg. Implement EXPORT_REALCLEAN code path. (clean_one_uid): Re-purpose self_only to a general options arg. (clean_all_uids): Ditto. * g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple flag. (menu_clean): Re-purpose self_only to a general options arg. * g10/keyid.c (fpr20_from_pk): Factor code out to .... (fpr20_from_fpr): new. Remove useless case for ARRAY being NULL. * g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use fpr20_from_fpr if needed. (tdbio_search_trust_bypk): Pass 20 for the fingerprint length. -- Note that this code has no function yet. Another patch will follow to extract the trusted-keys flag from the trustdb.
2024-03-04 14:22:42 +01:00
#define EXPORT_REALCLEAN (1<<13)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#define LIST_SHOW_PHOTOS (1<<0)
#define LIST_SHOW_POLICY_URLS (1<<1)
#define LIST_SHOW_STD_NOTATIONS (1<<2)
#define LIST_SHOW_USER_NOTATIONS (1<<3)
#define LIST_SHOW_NOTATIONS (LIST_SHOW_STD_NOTATIONS|LIST_SHOW_USER_NOTATIONS)
#define LIST_SHOW_KEYSERVER_URLS (1<<4)
#define LIST_SHOW_UID_VALIDITY (1<<5)
#define LIST_SHOW_UNUSABLE_UIDS (1<<6)
#define LIST_SHOW_UNUSABLE_SUBKEYS (1<<7)
#define LIST_SHOW_KEYRING (1<<8)
#define LIST_SHOW_SIG_EXPIRE (1<<9)
#define LIST_SHOW_SIG_SUBPACKETS (1<<10)
gpg: Add list-option "show-usage". * g10/gpg.c (parse_list_options): Add "show-usage". * g10/options.h (LIST_SHOW_USAGE): New. * g10/keyid.c (usagestr_from_pk): Add arg FILL. Change caller. * g10/keylist.c (list_keyblock_print): Print usage info.
2014-08-12 10:36:30 +02:00
#define LIST_SHOW_USAGE (1<<11)
gpg: New list-option "show-only-fpr-mbox". * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox". * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New. * g10/keylist.c (list_keyblock_simple): New. (list_keyblock): Call it. (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX mode. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-04 12:32:28 +01:00
#define LIST_SHOW_ONLY_FPR_MBOX (1<<12)
gpg: Sort the signatures in standard key listings. * g10/gpg.c (parse_list_options): Add "sort-sigs". (main): Make it the default. * g10/options.h (LIST_SORT_SIGS): New. * g10/keylist.c (cmp_signodes): New. (list_keyblock_print): Sort signatures and factor signature printing code out to ... (list_signature_print): new. -- In particular together with --full-timestamps this makes it easier to see the history of key signatures and their revocations. The self-signatures are also printed first. To disable this --list-options no-sort-sigs can be used. Also don't print the annoying "no recocation reason specified" message. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-27 17:10:48 +01:00
#define LIST_SORT_SIGS (1<<13)
gpg: New list-options show-pref and show-pref-verbose. * g10/options.h (LIST_SHOW_PREF): New. (LIST_SHOW_PREF_VERBOSE): New. * g10/gpg.c (parse_list_options): Add new options. * g10/keyedit.c (show_prefs): Factor code out to ... * g10/keylist.c (show_preferences): new. (list_keyblock_print): Call show_preferences.
2022-11-04 12:44:09 +01:00
#define LIST_SHOW_PREF (1<<14)
#define LIST_SHOW_PREF_VERBOSE (1<<15)
gpg: New list-option --show-unusable-sigs. * g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New. * g10/gpg.c (parse_list_options): Add "show-unusable-sigs". * g10/keydb.h (keyid_eq): New. (pk_is_primary): New. * g10/keylist.c (list_signature_print): Early return for weak key signatures. Print "self-signature" instead of user-id. (list_keyblock_print): Simplify and always set self-sig node flag. -- This patch avoid the printing of often hundreds of "Invalid digest algorithm" notices during key signature listings if those key signatures were done with SHA1. The new option can be used to revert the behaviour. We now also print "[self-signature]" with --check-sigs or --list-sigs instead of the primary user id. This makes such listing easier to read.
2023-02-07 14:25:58 +01:00
#define LIST_SHOW_UNUSABLE_SIGS (1<<16)
gpg: new list-option show-x509-notations * g10/gpg.c (parse_list_options): Add new option. * g10/options.h (LIST_SHOW_X509_NOTATIONS): New. * g10/build-packet.c (search_sig_notations): New. * g10/keylist.c (print_x509_notations): New. (list_signature_print): Use macros for the sig classes. Call print_x509_notations. (list_keyblock_print): Call list_signature_print if x509 notation printing is enabled.
2024-03-12 18:01:24 +01:00
#define LIST_SHOW_X509_NOTATIONS (1<<17)
gpg: new list-option store-x509-notations. * g10/options.h (LIST_STORE_X509_NOTATIONS): New. * g10/gpg.c (parse_list_options): Add "store-x509-notations". * g10/keylist.c (print_x509_notations): Add arg PK and code to write a file. (list_signature_print): Add arg lastpk and handle new option. (list_keyblock_print): Track last key or subkey and pass to list_signature_print.
2024-03-14 20:58:01 +01:00
#define LIST_STORE_X509_NOTATIONS (1<<18)
gpg: Mark disabled keys and add show-ownertrust list option. * g10/options.h (LIST_SHOW_OWNERTRUST): New. * g10/keylist.c (print_key_line): Show wonertrust and always show whether a key is disabled. * g10/gpg.c (parse_list_options): Add "show-ownertrust". * g10/gpgv.c (get_ownertrust_string): Add stub. * g10/test-stubs.c (get_ownertrust_string): Add stub. -- Note that in a --with-colons listing the ownertrust has always been emitted and the disabled state is marked in that listing with a special 'D' usage.
2024-04-17 12:16:20 +02:00
#define LIST_SHOW_OWNERTRUST (1<<19)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#define VERIFY_SHOW_PHOTOS (1<<0)
#define VERIFY_SHOW_POLICY_URLS (1<<1)
#define VERIFY_SHOW_STD_NOTATIONS (1<<2)
#define VERIFY_SHOW_USER_NOTATIONS (1<<3)
#define VERIFY_SHOW_NOTATIONS (VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_USER_NOTATIONS)
#define VERIFY_SHOW_KEYSERVER_URLS (1<<4)
#define VERIFY_SHOW_UID_VALIDITY (1<<5)
#define VERIFY_SHOW_UNUSABLE_UIDS (1<<6)
Add new SVN only file README.maint doc/ * gpg.texi (GPG Configuration): Document envvar LANGUAGE. (GPG Configuration Options): Document show-primary-uid-only. g10/ * gpg.c (main): Add verify option show-primary-uid-only. * options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New. * mainproc.c (check_sig_and_print): Implement it. * encr-data.c (decrypt_data): Correctly test for unknown algorithm. * import.c (check_prefs): Ditto. * keyedit.c (show_prefs): Ditto. * mainproc.c (proc_symkey_enc): Ditto.
2007-02-26 21:24:29 +01:00
#define VERIFY_SHOW_PRIMARY_UID_ONLY (1<<9)
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
2003-09-23 19:48:33 +02:00
gpg: Update sub-options of --keyserver-options * g10/options.h (KEYSERVER_HTTP_PROXY): New. (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove. (KEYSERVER_TIMEOUT): New. * common/keyserver.h (KEYSERVER_TIMEOUT): Remove. * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files" and "keep-temp-files". Add "http-proxy" and "timeout". (parse_keyserver_options): Remove 1.2 compatibility option "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files" code. -- Note that many of these options where implicitly used by passing any unknown option down to the former keyserver helpers. The don't exist anymore thus we need to make them explicit. Another patch will convey them to dirmngr. Temp files are not anymore used thus they can be removed and will be ignored when used. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-21 10:15:04 +02:00
#define KEYSERVER_HTTP_PROXY (1<<0)
#define KEYSERVER_TIMEOUT (1<<1)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#define KEYSERVER_ADD_FAKE_V3 (1<<2)
#define KEYSERVER_AUTO_KEY_RETRIEVE (1<<3)
#define KEYSERVER_HONOR_KEYSERVER_URL (1<<4)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Remove cipher.h and put algo ids into a common file. * common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t) (compress_algo_t): New. * agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h. * g10/cipher.h (DEK): Move to ... * g10/dek.h: new file. * g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA) (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC) (PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT) (PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to * g10/packet.h: here. * g10/cipher.h: Remove. Remove from all files. * g10/filter.h, g10/packet.h: Include dek.h. * g10/Makefile.am (common_source): Remove cipher.h. Add dek.h. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-29 20:35:05 +01:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#endif /*G10_OPTIONS_H*/