security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10/call-agent.h

222 lines
8.6 KiB
C
Raw Permalink Normal View History

A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
/* call-agent.h - Divert operations to the agent
* Copyright (C) 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* the Free Software Foundation; either version 3 of the License, or
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
*/
#ifndef GNUPG_G10_CALL_AGENT_H
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
#define GNUPG_G10_CALL_AGENT_H
A small step for GnuPG but a huge leap for error codes. (Sorry, it does not build currently - I need to check it in to avoid duplicate work.)
2003-06-05 09:14:21 +02:00
g10: Change ask_curve so that it can be used outside. * g10/call-agent.h (struct key_attr): New. * g10/keygen.c (ask_curve): Return const char *. No allocation. (quick_generate_keypair): Follow the change. (generate_keypair, generate_subkeypair): Likewise. (parse_algo_usage_expire): Return const char *. -- This change is intended for using ask_curve from card-util.c. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-28 11:44:45 +02:00
struct key_attr {
int algo; /* Algorithm identifier. */
union {
unsigned int nbits; /* Supported keysize. */
const char *curve; /* Name of curve. */
};
};
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct agent_card_info_s
g10/ does build again.
2006-05-23 18:19:43 +02:00
{
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
int error; /* private. */
scd: Add reder information to --card-status. * g10/call-agent.h, g10/call-agent.c (agent_release_card_info) g10/card-util.c (card_status): Add READER. * scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME. (apdu_get_reader_name): New. * scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P. * scd/command.c (cmd_learn): Return READER information.
2015-11-09 08:15:44 +01:00
char *reader; /* Reader information. */
Add a sample key. Detect and show the card type.
2009-01-13 15:01:56 +01:00
char *apptype; /* Malloced application type string. */
gpg: Use the new MANUFACTURER attribute. * g10/call-agent.h (struct agent_card_info_s): Add manufacturer fields. * g10/call-agent.c (agent_release_card_info): Release them. (learn_status_cb): Parse MANUFACTURER attribute. * g10/card-util.c (get_manufacturer): Remove. (current_card_status): Use new attribute. -- This does away with the duplicated OpenPGP vendor tables; they are now at a better place (app-openpgp.c). Signed-off-by: Werner Koch <wk@gnupg.org> Backported from master: - Removed the gpg-card stuff. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-03 10:00:57 +02:00
unsigned int manufacturer_id;
char *manufacturer_name; /* malloced. */
* app-openpgp.c (store_fpr): Fixed fingerprint calculation. * keygen.c (gen_card_key): Obviously we should use the creation date received from SCDAEMON, so that the fingerprints will match. * sign.c (do_sign): Pass the serialno to the sign code. * keyid.c (serialno_and_fpr_from_sk): New.
2003-07-01 10:34:45 +02:00
char *serialno; /* malloced hex string. */
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
char *disp_name; /* malloced. */
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
char *disp_lang; /* malloced. */
int disp_sex; /* 0 = unspecified, 1 = male, 2 = female */
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
char *pubkey_url; /* malloced. */
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
char *login_data; /* malloced. */
g10/ does build again.
2006-05-23 18:19:43 +02:00
char *private_do[4]; /* malloced. */
* card-util.c (change_login): Kludge to allow reading data from a file. (card_edit): Pass ARG_STRING to change_login. (card_status): Print CA fingerprints. (change_cafpr): New. (card_edit): New command CAFPR. * call-agent.h: Add members for CA fingerprints. * call-agent.c (agent_release_card_info): Invalid them. (learn_status_cb): Store them.
2004-07-01 19:42:09 +02:00
char cafpr1valid;
char cafpr2valid;
char cafpr3valid;
char cafpr1[20];
char cafpr2[20];
char cafpr3[20];
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
char fpr1valid;
char fpr2valid;
char fpr3valid;
char fpr1[20];
char fpr2[20];
char fpr3[20];
g10/ does build again.
2006-05-23 18:19:43 +02:00
u32 fpr1time;
u32 fpr2time;
u32 fpr3time;
gpg: Print the keygrip with --card-status * g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and grp3. * g10/call-agent.c (unhexify_fpr): Allow for space as delimiter. (learn_status_cb): Parse KEYPARIINFO int the grpX fields. * g10/card-util.c (print_keygrip): New. (current_card_status): Print "grp:" records or with --with-keygrip a human readable keygrip. -- Suggested-by: Peter Lebbing <peter@digitalbrains.com> Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-01 19:03:23 +01:00
char grp1[20]; /* The keygrip for OPENPGP.1 */
char grp2[20]; /* The keygrip for OPENPGP.2 */
char grp3[20]; /* The keygrip for OPENPGP.3 */
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
unsigned long sig_counter;
int chv1_cached; /* True if a PIN is not required for each
signing. Note that the gpg-agent might cache
it anyway. */
Finished support for v2 cards with the exception of secure messaging.
2008-09-25 12:06:02 +02:00
int is_v2; /* True if this is a v2 card. */
* g10.c: New command --card-status. * card-util.c (card_status): New. * call-agent.c (learn_status_cb): Parse more information. * keylist.c (print_pubkey_info): Add FP arg for optinal printing to a stream. Changed all callers.
2003-07-24 11:06:43 +02:00
int chvmaxlen[3]; /* Maximum allowed length of a CHV. */
int chvretry[3]; /* Allowed retries for the CHV; 0 = blocked. */
g10: Change ask_curve so that it can be used outside. * g10/call-agent.h (struct key_attr): New. * g10/keygen.c (ask_curve): Return const char *. No allocation. (quick_generate_keypair): Follow the change. (generate_keypair, generate_subkeypair): Likewise. (parse_algo_usage_expire): Return const char *. -- This change is intended for using ask_curve from card-util.c. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-28 11:44:45 +02:00
struct key_attr key_attr[3];
Make use of the card's extended capabilities.
2009-07-22 19:21:47 +02:00
struct {
unsigned int ki:1; /* Key import available. */
unsigned int aac:1; /* Algorithm attributes are changeable. */
scd: Support KDF DO setup. * g10/call-agent.c (learn_status_cb): Parse the capability for KDF. * g10/card-util.c (gen_kdf_data, kdf_setup): New. (card_edit): New admin command cmdKDFSETUP to call kdf_setup. * scd/app-openpgp.c (do_getattr): Emit KDF capability. -- GnuPG-bug-id: 3823 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-22 07:50:31 +01:00
unsigned int kdf:1; /* KDF object to support PIN hashing available. */
Make use of the card's extended capabilities.
2009-07-22 19:21:47 +02:00
} extcap;
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
unsigned int status_indicator;
card: Fix showing KDF object attribute. * g10/call-agent.c (learn_status_cb): Parse the KDF DO. * g10/card-util.c (current_card_status): Show it correctly. -- Backport master commit of: 98f4eff7ffde106ae4f60739d1104282430ac14f Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-19 06:26:49 +02:00
int kdf_do_enabled; /* Non-zero if card has a KDF object, 0 if not. */
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
};
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
/* Release the card info structure. */
void agent_release_card_info (struct agent_card_info_s *info);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* Return card info. */
g10: Fix keytocard. g10/call-agent.h (agent_scd_learn): Add FORCE option. g10/call-agent.c (agent_scd_learn): Implement FORCE option. g10/keygen.c (gen_card_key): Follow the change of option. g10/card-util.c (change_pin, card_status, factory_reset): Likewise. g10/keyedit.c (keyedit_menu): Update private key storage by agent_scd_learn. -- This is not a perfect solution since there is a possibility user unplug card before quitting 'gpg --keyedit' session. Usually, it works well. GnuPG-bug-id: 1846
2015-04-03 10:39:59 +02:00
int agent_scd_learn (struct agent_card_info_s *info, int force);
gpg: Make card key generation work again. * g10/call-agent.c (agent_scd_learn): Rename from agent_learn. (agent_learn): New. * g10/keygen.c (gen_card_key): Call new agent-learn. -- Without a shadow key we can't create the self-signatures. Thus we need to issue the learn command after each key generation. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:09:04 +02:00
gpg: New card function agent_scd_keypairinfo. * g10/call-agent.c (scd_keypairinfo_status_cb) (agent_scd_keypairinfo): New. Taken from gpgsm. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6)
2019-04-01 18:37:02 +02:00
/* Get the keypariinfo directly from scdaemon. */
gpg_error_t agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list);
agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 06:32:51 +01:00
/* Return list of cards. */
int agent_scd_cardlist (strlist_t *result);
/* Return the serial number, possibly select by DEMAND. */
int agent_scd_serialno (char **r_serialno, const char *demand);
gpg: Add sub-command "factory-reset" to --card-edit. * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. * scd/iso7816.c (map_sw): Add this error code. * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. * scd/app.c (select_application): Allow a return value of GPG_ERR_OBJ_TERM_STATE. * scd/scdaemon.c (set_debug): Print the DBG_READER value. * g10/call-agent.c (start_agent): Print a status line for the termination state. (agent_scd_learn): Make arg "info" optional. (agent_scd_apdu): New. * g10/card-util.c (send_apdu): New. (factory_reset): New. (card_edit): Add command factory-reset. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
/* Send an APDU to the card. */
gpg_error_t agent_scd_apdu (const char *hexapdu, unsigned int *r_sw);
gpg: Allow decryption using non-OpenPGP cards. * g10/call-agent.c (struct getattr_one_parm_s): New. (getattr_one_status_cb): New. (agent_scd_getattr_one): New. * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from pkcs#1. * g10/getkey.c (enum_secret_keys): Move to... * g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards. -- Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4) This commit also incorporates "g10: Move enum_secret_keys to skclist.c." Which was started with commit 03a8de7def4195b9accde47c1dcb84279361936d on master about a year ago. Signed-off-by: Werner Koch <wk@gnupg.org> GnuPG-bug-id: 4681
2019-04-03 15:30:10 +02:00
/* Get attribute NAME from the card and store at R_VALUE. */
gpg_error_t agent_scd_getattr_one (const char *name, char **r_value);
* keylist.c (print_card_serialno): New. (list_keyblock_print): Use it here. * card-util.c (toggle_forcesig): New. (card_edit): New command "forcesig". * card-util.c (print_name, print_isoname): Use 0 and not LF fro the max_n arg of tty_print_utf8_string2. * call-agent.c (agent_scd_getattr): New. (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. * card-util.c (change_pin): Simplified. We now have only a PIN and an Admin PIN.
2003-09-30 19:34:38 +02:00
/* Update INFO with the attribute NAME. */
int agent_scd_getattr (const char *name, struct agent_card_info_s *info);
gpg: Implement card_store_subkey again. * g10/call-agent.h (agent_keytocard): New. * g10/call-agent.c (agent_keytocard): New. * g10/card-util.c (replace_existing_key_p): Returns 1 when replace. (card_generate_subkey): Check return value of replace_existing_key_p. (card_store_subkey): Implement again using agent_keytocard.
2013-02-06 06:01:23 +01:00
/* Send the KEYTOCARD command. */
int agent_keytocard (const char *hexgrip, int keyno, int force,
const char *serialno, const char *timestamp);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* Send a SETATTR command to the SCdaemon. */
gpg: Remove unused arg in a card related function. * g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e)
2019-04-01 18:12:35 +02:00
gpg_error_t agent_scd_setattr (const char *name,
const void *value, size_t valuelen);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
Support the Certifciate DO of the v2 OpenPGP cards.
2008-09-23 11:57:45 +02:00
/* Send a WRITECERT command to the SCdaemon. */
int agent_scd_writecert (const char *certidstr,
const unsigned char *certdata, size_t certdatalen);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
/* Send a GENKEY command to the SCdaemon. */
g10: smartcard keygen change. * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove. (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS. (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out argument. (agent_readkey): Use READKEY --card instead of SCD READKEY. * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent to retrieve public key information from card and let the agent make a file for private key with shadow info. -- This change removes gpg's KEY-DATA handling for SCD GENKEY. Information with KEY-DATA is simply not used. Instead, it is read by READKEY --card command of gpg-agent. This can consolidate public key handling in a single method by READKEY. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 06:30:47 +02:00
int agent_scd_genkey (int keyno, int force, u32 *createtime);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
gpg: Allow direct key generation from card with --full-gen-key. * g10/call-agent.c (agent_scd_readkey): New. * g10/keygen.c (ask_key_flags): Factor code out to .. (ask_key_flags_with_mask): new. (ask_algo): New mode 14. -- Note that this new menu 14 is always displayed. The usage flags can be changed only in --expert mode, though. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit a480182f9d7ec316648cb64248f7a0cc8f681bc3) Removed stuff from gpg-card which does not exists in 2.2. No tests yet done for this backport.
2019-04-02 18:57:09 +02:00
/* Send a READCERT command to the SCdaemon. */
Add readcert command. fix reading large certificates.
2009-06-17 11:45:50 +02:00
int agent_scd_readcert (const char *certidstr,
void **r_buf, size_t *r_buflen);
gpg: Allow direct key generation from card with --full-gen-key. * g10/call-agent.c (agent_scd_readkey): New. * g10/keygen.c (ask_key_flags): Factor code out to .. (ask_key_flags_with_mask): new. (ask_algo): New mode 14. -- Note that this new menu 14 is always displayed. The usage flags can be changed only in --expert mode, though. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit a480182f9d7ec316648cb64248f7a0cc8f681bc3) Removed stuff from gpg-card which does not exists in 2.2. No tests yet done for this backport.
2019-04-02 18:57:09 +02:00
/* Send a READKEY command to the SCdaemon. */
gpg_error_t agent_scd_readkey (const char *keyrefstr, gcry_sexp_t *r_result);
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. (do_generate_keypair): Abd generate the authkey. (check_smartcard): Changed menu accordingly.
2003-07-23 09:11:06 +02:00
/* Change the PIN of an OpenPGP card or reset the retry counter. */
g10/ does build again.
2006-05-23 18:19:43 +02:00
int agent_scd_change_pin (int chvno, const char *serialno);
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
* card-util.c (card_edit): New command "passwd". Add logic to check the PIN in advance. (card_status): Add new args to return the serial number. Changed all callers. * call-agent.c (agent_scd_checkpin): New.
2003-10-21 19:12:21 +02:00
/* Send the CHECKPIN command to the SCdaemon. */
int agent_scd_checkpin (const char *serialno);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
/* Send the GET_PASSPHRASE command to the agent. */
gpg_error_t agent_get_passphrase (const char *cache_id,
const char *err_msg,
const char *prompt,
const char *desc_msg,
gpg: Use integrated passphrase repeat entry also for -c. * g10/call-agent.c (agent_get_passphrase): Add arg newsymkey. * g10/passphrase.c (passphrase_get): Add arg newsymkey. (passphrase_to_dek): Pass it on. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:33:09 +02:00
int newsymkey,
Move password repetition from gpg to gpg-agent.
2009-03-17 13:13:32 +01:00
int repeat,
Made card key generate with backup key work for 2048 bit. Improved card key generation prompts.
2009-05-15 21:26:46 +02:00
int check,
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
char **r_passphrase);
/* Send the CLEAR_PASSPHRASE command to the agent. */
gpg_error_t agent_clear_passphrase (const char *cache_id);
Ask to insert the right OpenPGP card.
2009-08-11 12:56:44 +02:00
/* Present the prompt DESC and ask the user to confirm. */
gpg_error_t gpg_agent_get_confirmation (const char *desc);
Add dummu option --passwd for gpg. Collected changes.
2010-01-08 20:18:49 +01:00
/* Return the S2K iteration count as computed by gpg-agent. */
gpg_error_t agent_get_s2k_count (unsigned long *r_count);
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
/* Check whether a secret key for public key PK is available. Returns
0 if the secret key is available. */
gpg_error_t agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
/* Ask the agent whether a secret key is availabale for any of the
keys (primary or sub) in KEYBLOCK. Returns 0 if available. */
gpg_error_t agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
/* Return infos about the secret key with HEXKEYGRIP. */
gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
g10: report whether key in agent is passphrase-protected or not * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add r_cleartext parameter to report whether a key is stored without passphrase protection. * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to match new API. * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c, g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet need to know whether agent is passphrase-protected. -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:33 +02:00
char **r_serialno, int *r_cleartext);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
/* Generate a new key. */
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
gpg_error_t agent_genkey (ctrl_t ctrl,
char **cache_nonce_addr, char **passwd_nonce_addr,
All tests work are again working
2010-10-14 18:34:31 +02:00
const char *keyparms, int no_protection,
gpg,gpgsm: Record the creation time of a private key. * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option. (gpgsm_agent_import_key): Ditto. * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on. (agent_import_key): Ditto. * g10/import.c (transfer_secret_keys): Pass the creation date to the agent. * g10/keygen.c (common_gen): Ditto. -- Having the creation time in the private key file makes it a lot easier to re-create an OpenPGP public keyblock in case it was accidentally lost. Signed-off-by: Werner Koch <wk@gnupg.org> Cherry-picked-from-master: 4031c42bfd0135874a5b362df175de93a19f1b51
2020-08-19 13:43:16 +02:00
const char *passphrase, time_t timestamp,
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gcry_sexp_t *r_pubkey);
Allow creating subkeys using an existing key This works by specifying the keygrip instead of an algorithm (section number 13) and requires that the option -expert has been used. It will be easy to extend this to the primary key.
2011-11-06 17:01:31 +01:00
/* Read a public key. */
gpg_error_t agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
unsigned char **r_pubkey);
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
/* Create a signature. */
Even less prompts for a new key now.
2010-09-01 14:49:05 +02:00
gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce,
const char *hexkeygrip, const char *desc,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
u32 *keyid, u32 *mainkeyid, int pubkey_algo,
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
unsigned char *digest, size_t digestlen,
int digestalgo,
gcry_sexp_t *r_sigval);
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
/* Decrypt a ciphertext. */
gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
u32 *keyid, u32 *mainkeyid, int pubkey_algo,
Decryption and signi via agent is now implemented.
2010-04-23 13:36:59 +02:00
gcry_sexp_t s_ciphertext,
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
unsigned char **r_buf, size_t *r_buflen,
int *r_padding);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
/* Retrieve a key encryption key. */
gpg_error_t agent_keywrap_key (ctrl_t ctrl, int forexport,
void **r_kek, size_t *r_keklen);
/* Send a key to the agent. */
gpg_error_t agent_import_key (ctrl_t ctrl, const char *desc,
g10: Use --force when importing key for bkuptocard. * g10/call-agent.c (agent_import_key): Add an argument FORCE. * g10/import.c (transfer_secret_keys): Likewise. (import_secret_one): Call transfer_secret_keys with FORCE=0. * g10/keyedit.c (keyedit_menu): Call with FORCE=1.
2015-12-24 06:15:58 +01:00
char **cache_nonce_addr, const void *key,
g10: Make sure to emit NEED_PASSPHRASE on --import of secret key. * call-agent.h (agent_import_key): Add keyid parameters. * call-agent.c (agent_import_key): Set keyid parameters. * import.c (transfer_secret_keys): Pass keyid parameters. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2667
2017-07-24 17:18:42 +02:00
size_t keylen, int unattended, int force,
gpg,gpgsm: Record the creation time of a private key. * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option. (gpgsm_agent_import_key): Ditto. * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on. (agent_import_key): Ditto. * g10/import.c (transfer_secret_keys): Pass the creation date to the agent. * g10/keygen.c (common_gen): Ditto. -- Having the creation time in the private key file makes it a lot easier to re-create an OpenPGP public keyblock in case it was accidentally lost. Signed-off-by: Werner Koch <wk@gnupg.org> Cherry-picked-from-master: 4031c42bfd0135874a5b362df175de93a19f1b51
2020-08-19 13:43:16 +02:00
u32 *keyid, u32 *mainkeyid, int pubkey_algo,
u32 timestamp);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
/* Receive a key from the agent. */
gpg_error_t agent_export_key (ctrl_t ctrl, const char *keygrip,
g10: Add openpgp_protected flag to agent secret key export functions * g10/call-agent.c, g10/call-agent.h (agent_export_key): Add openpgp_protected flag. * g10/export.c (receive_seckey_from_agent): Request openpgp_protected secret keys from agent. * agent/command.c (hlp_export_key): EXPORT_KEY help text: add a brief description of the effect of --openpgp. -- The --openpgp flag for gpg-agent's EXPORT_KEY actually forces encryption in a certain (RFC 4880-compatible format). This changeset exposes that functionality in internal functions, and clarifies functionality in the agent's help text. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-10 22:15:34 +02:00
const char *desc, int openpgp_protected,
char **cache_nonce_addr,
g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key. * call-agent.h (agent_export_key): Add keyid parameters. * call-agent.c (agent_export_key): Set keyid parameters. * export.c (receive_seckey_from_agent): Pass keyid parameters. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2667
2017-07-24 16:03:25 +02:00
unsigned char **r_result, size_t *r_resultlen,
card: Display if KDF is enabled or not. * g10/call-agent.h (kdf_do_enabled): New field. * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available. * g10/card-util.c (current_card_status): Inform the availability. -- Cherry pick of master commit: a5542a4a702c2210facf58a98bc8d3d16089b6ab Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-15 04:19:02 +01:00
u32 *keyid, u32 *mainkeyid, int pubkey_algo);
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
/* Delete a key from the agent. */
gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip,
gpg: Allow unattended deletion of secret keys. * agent/command.c (cmd_delete_key): Make the --force option depend on --disallow-loopback-passphrase. * g10/call-agent.c (agent_delete_key): Add arg FORCE. * g10/delkey.c (do_delete_key): Pass opt.answer_yes to agent_delete_key. -- Unless the agent has been configured with --disallow-loopback-passpharse an unattended deletion of a secret key is now possible with gpg by using --batch _and_ --yes. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
const char *desc, int force);
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
/* Change the passphrase of a key. */
gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
gpg: Try to use the passphrase from the primary for --quick-addkey. * agent/command.c (cmd_genkey): Add option --passwd-nonce. (cmd_passwd): Return a PASSWD_NONCE in verify mode. * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do not send a RESET if given. (agent_passwd): Add arg 'verify'. * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'. (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto. (generate_subkeypair): Use sepeare hexgrip var for the to be created for hexgrip feature. Verify primary key first. Make use of the passwd nonce. Allow for a static passphrase. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
int verify,
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
char **cache_nonce_addr, char **passwd_nonce_addr);
gpg: Check gpg-agent version before 2.1 migration. * g10/call-agent.c, g10/call-agent.h (agent_get_version): New. * g10/migrate.c (migrate_secring): Abort migration if agent_get_version returns not at least 2.1.0 -- GnuPG-bug-id: 1718 On the first installation of GnuPG 2.1 it is likely that an old gpg-agent is still running in the environment. In that case the migration would fail. Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2014-09-19 19:38:13 +02:00
/* Get the version reported by gpg-agent. */
gpg_error_t agent_get_version (ctrl_t ctrl, char **r_version);
Fixed agent access for gpg.
2006-10-04 18:45:04 +02:00
Key generation and signing using the OpenPGP card does rudimentary work.
2003-06-27 22:53:09 +02:00
Re-implemented GPG's --passwd command and improved it.
2010-10-26 11:10:29 +02:00
#endif /*GNUPG_G10_CALL_AGENT_H*/