agent: Default to extended key format.

* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New. (oEnableExtendedKeyFormat): Remove. (opts): Make --enable-extended-key-format a dummy option. Add disable-extended-key-format. (parse_rereadable_options): Implement oDisableExtendedKeyFormat. -- Extended key format is supported since vesion 2.1.12 which should have long been replaced by a newer version inh all installations. Thus for 2.3 we will make use of the extended-key-format by default. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-01-02 12:01:32 +01:00 · 2019-03-06 14:09:57 +01:00 · 2019-03-06 14:09:57 +01:00 · 05eff1f662
commit 05eff1f662
parent af9f4fb3d2
3 changed files with 23 additions and 22 deletions
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -112,7 +112,7 @@ enum cmd_and_opt_values
  oCheckPassphrasePattern,
  oMaxPassphraseDays,
  oEnablePassphraseHistory,
-  oEnableExtendedKeyFormat,
+  oDisableExtendedKeyFormat,
  oUseStandardSocket,
  oNoUseStandardSocket,
  oExtraSocket,
@ -139,7 +139,9 @@ enum cmd_and_opt_values
  oAutoExpandSecmem,
  oListenBacklog,

-  oWriteEnvFile
+  oWriteEnvFile,
+
+  oNoop
 };


@ -251,7 +253,7 @@ static ARGPARSE_OPTS opts[] = {
                /* */           "@"
 #endif
                ),
-  ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
+  ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"),

  ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
  ARGPARSE_s_u (oS2KCalibration, "s2k-calibration", "@"),
@ -265,6 +267,10 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
  ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"),

+  /* Dummy options.  */
+  ARGPARSE_s_n (oNoop, "enable-extended-key-format", "@"),
+
+
  ARGPARSE_end () /* End of list */
 };

@ -825,7 +831,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
      opt.check_passphrase_pattern = NULL;
      opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
      opt.enable_passphrase_history = 0;
-      opt.enable_extended_key_format = 0;
+      opt.enable_extended_key_format = 1;
      opt.ignore_cache_for_signing = 0;
      opt.allow_mark_trusted = 1;
      opt.allow_external_cache = 1;
@ -900,9 +906,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
      opt.enable_passphrase_history = 1;
      break;

-    case oEnableExtendedKeyFormat:
-      opt.enable_extended_key_format = 1;
-      break;
+    case oDisableExtendedKeyFormat: opt.enable_extended_key_format = 0; break;

    case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;

@ -936,6 +940,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
      set_s2k_calibration_time (pargs->r.ret_ulong);
      break;

+    case oNoop: break;
+
    default:
      return 0; /* not handled */
    }
@ -1451,8 +1457,6 @@ main (int argc, char **argv )
                 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
      es_printf ("pinentry-timeout:%lu:0:\n",
                 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
-      es_printf ("enable-extended-key-format:%lu:\n",
-                 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
      es_printf ("grab:%lu:\n",
                 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);

--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -585,16 +585,16 @@ local gpg-agent and use its private keys.  This enables decrypting or
 signing data on a remote machine without exposing the private keys to the
 remote machine.

-@anchor{option --enable-extended-key-format}
-@item --enable-extended-key-format
-@opindex enable-extended-key-format
-This option creates keys in the extended private key format.  Changing
-the passphrase of a key will also convert the key to that new format.
-Using this option makes the private keys unreadable for gpg-agent
-versions before 2.1.12.  The advantage of the extended private key
-format is that it is text based and can carry additional meta data.
-Note that this option also changes the key protection format to use
-OCB mode.
+@item --disable-extended-key-format
+@opindex disable-extended-key-format
+Since version 2.3 keys are created in the extended private key format.
+Changing the passphrase of a key will also convert the key to that new
+format.  This new key format is supported since GnuPG version 2.1.12
+and thus there should be no need to disable it.  However, this options
+allows to revert to the old behaviour for new keys; be aware that keys
+are never migrated back to the old format.  The advantage of the
+extended private key format is that it is text based and can carry
+additional meta data.

@anchor{option --enable-ssh-support}
@item --enable-ssh-support
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@ -508,9 +508,6 @@ static gc_option_t gc_options_gpg_agent[] =
   { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
     "gnupg", "enable putty support",
     GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
-   { "enable-extended-key-format", GC_OPT_FLAG_RUNTIME, GC_LEVEL_INVISIBLE,
-     NULL, NULL,
-     GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },

   { "Debug",
     GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,