1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Merge branch 'STABLE-BRANCH-2-4'

--
Resolved conflicts:
	NEWS
	common/exechelp-w32.c
	configure.ac
This commit is contained in:
Werner Koch 2024-03-12 16:00:55 +01:00
commit 4485930f9f
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
103 changed files with 1485 additions and 1135 deletions

View File

@ -1,2 +1,4 @@
# indent: Modernize mem2str. # indent: Modernize mem2str.
6a80d6f9206eae2c867c45daa5cd3e7d6c6ad114 6a80d6f9206eae2c867c45daa5cd3e7d6c6ad114
# doc: Fix spelling errors found by lintian.
2ed1f68b48db7b5503045386de0500fddf70077e

View File

@ -247,8 +247,8 @@ release:
mkopt=""; \ mkopt=""; \
if [ -n "$$CUSTOM_SWDB" ]; then \ if [ -n "$$CUSTOM_SWDB" ]; then \
mkopt="CUSTOM_SWB=1"; \ mkopt="CUSTOM_SWB=1"; \
x=$$(grep '^OVERRIDE_TARBALLS=' \ x=$$(grep '^[[:blank:]]*OVERRIDE_TARBALLS[[:blank:]]*=' \
$$HOME/.gnupg-autogen.rc|cut -d= -f2);\ $$HOME/.gnupg-autogen.rc|cut -d= -f2|xargs);\
if [ -f "$$x/swdb.lst" ]; then \ if [ -f "$$x/swdb.lst" ]; then \
echo "/* Copying swdb.lst from the overrides directory */"; \ echo "/* Copying swdb.lst from the overrides directory */"; \
cp "$$x/swdb.lst" . ; \ cp "$$x/swdb.lst" . ; \
@ -275,13 +275,15 @@ release:
sign-release: sign-release:
+(set -e; \ +(set -e; \
test $$(pwd | sed 's,.*/,,') = dist || cd dist; \ test $$(pwd | sed 's,.*/,,') = dist || cd dist; \
x=$$(grep '^RELEASE_ARCHIVE=' $$HOME/.gnupg-autogen.rc|cut -d= -f2);\ x=$$(grep '^[[:blank:]]*RELEASE_ARCHIVE[[:blank:]]*=' \
$$HOME/.gnupg-autogen.rc|cut -d= -f2|xargs);\
if [ -z "$$x" ]; then \ if [ -z "$$x" ]; then \
echo "error: RELEASE_ARCHIVE missing in ~/.gnupg-autogen.rc">&2; \ echo "error: RELEASE_ARCHIVE missing in ~/.gnupg-autogen.rc">&2; \
exit 2;\ exit 2;\
fi;\ fi;\
myarchive="$$x/$(RELEASE_ARCHIVE_SUFFIX)";\ myarchive="$$x/$(RELEASE_ARCHIVE_SUFFIX)";\
x=$$(grep '^RELEASE_SIGNKEY=' $$HOME/.gnupg-autogen.rc|cut -d= -f2);\ x=$$(grep '^[[:blank:]]*RELEASE_SIGNKEY[[:blank:]]*=' \
$$HOME/.gnupg-autogen.rc|cut -d= -f2|xargs);\
if [ -z "$$x" ]; then \ if [ -z "$$x" ]; then \
echo "error: RELEASE_SIGNKEY missing in ~/.gnupg-autogen.rc">&2; \ echo "error: RELEASE_SIGNKEY missing in ~/.gnupg-autogen.rc">&2; \
exit 2;\ exit 2;\

60
NEWS
View File

@ -1,6 +1,51 @@
Noteworthy changes in version 2.5.0 (unreleased) Noteworthy changes in version 2.5.0 (unreleased)
------------------------------------------------ ------------------------------------------------
Changes also found in 2.4.5:
Noteworthy changes in version 2.4.5 (2024-03-07)
------------------------------------------------
* gpg,gpgv: New option --assert-pubkey-algo. [T6946]
* gpg: Emit status lines for errors in the compression layer.
[T6977]
* gpg: Fix invocation with --trusted-keys and --no-options. [T7025]
* gpgsm: Allow for a longer salt in PKCS#12 files. [T6757]
* gpgtar: Make --status-fd=2 work on Windows. [T6961]
* scd: Support for the ACR-122U NFC reader. [rG1682ca9f01]
* scd: Suport D-TRUST ECC cards. [T7000,T7001]
* scd: Allow auto detaching of kernel drivers; can be disabled with
the new compatibility-flag ccid-no-auto-detach. [rGa1ea3b13e0]
* scd: Allow setting a PIN length of 6 also with a reset code for
openpgp cards. [T6843]
* agent: Allow GET_PASSPHRASE in restricted mode. [rGadf4db6e20]
* dirmngr: Trust system's root CAs for checking CRL issuers.
[T6963]
* dirmngr: Fix regression in 2.4.4 in fetching keys via hkps.
[T6997]
* gpg-wks-client: Make option --mirror work properly w/o specifying
domains. [rG37cc255e49]
* g13,gpg-wks-client: Allow command style options as in "g13 mount
foo". [rGa09157ccb2]
* Allow tilde expansion for the foo-program options. [T7017]
* Make the getswdb.sh tool usable outside the GnuPG tree.
Changes also found in 2.4.4: Changes also found in 2.4.4:
* gpg: Do not keep an unprotected smartcard backup key on disk. See * gpg: Do not keep an unprotected smartcard backup key on disk. See
@ -178,6 +223,7 @@ Noteworthy changes in version 2.5.0 (unreleased)
Release dates of 2.4 versions Release dates of 2.4 versions
----------------------------- -----------------------------
Version 2.4.5 (2024-03-07) https://dev.gnupg.org/T6960
Version 2.4.4 (2024-01-25) https://dev.gnupg.org/T6578 Version 2.4.4 (2024-01-25) https://dev.gnupg.org/T6578
Version 2.4.3 (2023-07-04) https://dev.gnupg.org/T6509 Version 2.4.3 (2023-07-04) https://dev.gnupg.org/T6509
Version 2.4.2 (2023-05-30) https://dev.gnupg.org/T6506 Version 2.4.2 (2023-05-30) https://dev.gnupg.org/T6506
@ -1392,7 +1438,7 @@ Noteworthy changes in version 2.3.0 (2021-04-07)
Changes also found in 2.2.12: Changes also found in 2.2.12:
* tools: New commands --install-key and --remove-key for * tools: New commands --install-key and --remove-key for
gpg-wks-client. This allows to prepare a Web Key Directory on a gpg-wks-client. This allows one to prepare a Web Key Directory on a
local file system for later upload to a web server. local file system for later upload to a web server.
* gpg: New --list-option "show-only-fpr-mbox". This makes the use * gpg: New --list-option "show-only-fpr-mbox". This makes the use
@ -1436,7 +1482,7 @@ Noteworthy changes in version 2.3.0 (2021-04-07)
query. query.
* gpg: Do not store the TOFU trust model in the trustdb. This * gpg: Do not store the TOFU trust model in the trustdb. This
allows to enable or disable a TOFO model without triggering a allows one to enable or disable a TOFO model without triggering a
trustdb rebuild. [#4134] trustdb rebuild. [#4134]
* scd: Fix cases of "Bad PIN" after using "forcesig". [#4177] * scd: Fix cases of "Bad PIN" after using "forcesig". [#4177]
@ -1855,7 +1901,7 @@ Noteworthy changes in version 2.1.23 (2017-08-09)
to your gpg.conf. to your gpg.conf.
* agent: Option --no-grab is now the default. The new option --grab * agent: Option --no-grab is now the default. The new option --grab
allows to revert this. allows one to revert this.
* gpg: New import option "show-only". * gpg: New import option "show-only".
@ -2985,7 +3031,7 @@ Noteworthy changes in version 2.1.0 (2014-11-06)
* gpg: Allow use of Brainpool curves. * gpg: Allow use of Brainpool curves.
* gpg: Accepts a space separated fingerprint as user ID. This * gpg: Accepts a space separated fingerprint as user ID. This
allows to copy and paste the fingerprint from the key listing. allows one to copy and paste the fingerprint from the key listing.
* gpg: The hash algorithm is now printed for signature records in key * gpg: The hash algorithm is now printed for signature records in key
listings. listings.
@ -3765,7 +3811,7 @@ Noteworthy changes in version 1.9.10 (2004-07-22)
* Fixed a serious bug in the checking of trusted root certificates. * Fixed a serious bug in the checking of trusted root certificates.
* New configure option --enable-agent-pnly allows to build and * New configure option --enable-agent-only allows one to build and
install just the agent. install just the agent.
* Fixed a problem with the log file handling. * Fixed a problem with the log file handling.
@ -4160,7 +4206,7 @@ Noteworthy changes in version 1.1.92 (2002-09-11)
extension specified with --load-extension are checked, along extension specified with --load-extension are checked, along
with their enclosing directories. with their enclosing directories.
* The configure option --with-static-rnd=auto allows to build gpg * The configure option --with-static-rnd=auto allows one to build gpg
with all available entropy gathering modules included. At with all available entropy gathering modules included. At
runtime the best usable one will be selected from the list runtime the best usable one will be selected from the list
linux, egd, unix. This is also the default for systems lacking linux, egd, unix. This is also the default for systems lacking
@ -4543,7 +4589,7 @@ Noteworthy changes in version 1.0.2 (2000-07-12)
* New command --export-secret-subkeys which outputs the * New command --export-secret-subkeys which outputs the
the _primary_ key with it's secret parts deleted. This is the _primary_ key with it's secret parts deleted. This is
useful for automated decryption/signature creation as it useful for automated decryption/signature creation as it
allows to keep the real secret primary key offline and allows one to keep the real secret primary key offline and
thereby protecting the key certificates and allowing to thereby protecting the key certificates and allowing to
create revocations for the subkeys. See the FAQ for a create revocations for the subkeys. See the FAQ for a
procedure to install such secret keys. procedure to install such secret keys.

View File

@ -86,8 +86,8 @@ struct
/* Enable pinentry debugging (--debug 1024 should also be used). */ /* Enable pinentry debugging (--debug 1024 should also be used). */
int debug_pinentry; int debug_pinentry;
/* Filename of the program to start as pinentry. */ /* Filename of the program to start as pinentry (malloced). */
const char *pinentry_program; char *pinentry_program;
/* Filename of the program to handle daemon tasks. */ /* Filename of the program to handle daemon tasks. */
const char *daemon_program[DAEMON_MAX_TYPE]; const char *daemon_program[DAEMON_MAX_TYPE];

View File

@ -1988,9 +1988,6 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
struct pin_entry_info_s *pi2 = NULL; struct pin_entry_info_s *pi2 = NULL;
int is_generated; int is_generated;
if (ctrl->restricted)
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
opt_data = has_option (line, "--data"); opt_data = has_option (line, "--data");
opt_check = has_option (line, "--check"); opt_check = has_option (line, "--check");
opt_no_ask = has_option (line, "--no-ask"); opt_no_ask = has_option (line, "--no-ask");
@ -2039,7 +2036,9 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
if (!desc) if (!desc)
return set_error (GPG_ERR_ASS_PARAMETER, "no description given"); return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
if (!strcmp (cacheid, "X")) /* The only limitation in restricted mode is that we don't consider
* the cache. */
if (ctrl->restricted || !strcmp (cacheid, "X"))
cacheid = NULL; cacheid = NULL;
if (!strcmp (errtext, "X")) if (!strcmp (errtext, "X"))
errtext = NULL; errtext = NULL;
@ -2121,7 +2120,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
entry_errtext = NULL; entry_errtext = NULL;
is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED); is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);
/* We don't allow an empty passpharse in this mode. */ /* We don't allow an empty passphrase in this mode. */
if (!is_generated if (!is_generated
&& check_passphrase_constraints (ctrl, pi->pin, && check_passphrase_constraints (ctrl, pi->pin,
pi->constraints_flags, pi->constraints_flags,

View File

@ -876,6 +876,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
opt.debug = 0; opt.debug = 0;
opt.no_grab = 1; opt.no_grab = 1;
opt.debug_pinentry = 0; opt.debug_pinentry = 0;
xfree (opt.pinentry_program);
opt.pinentry_program = NULL; opt.pinentry_program = NULL;
opt.pinentry_touch_file = NULL; opt.pinentry_touch_file = NULL;
xfree (opt.pinentry_invisible_char); xfree (opt.pinentry_invisible_char);
@ -936,7 +937,10 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
case oNoGrab: opt.no_grab |= 1; break; case oNoGrab: opt.no_grab |= 1; break;
case oGrab: opt.no_grab |= 2; break; case oGrab: opt.no_grab |= 2; break;
case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break; case oPinentryProgram:
xfree (opt.pinentry_program);
opt.pinentry_program = make_filename_try (pargs->r.ret_str, NULL);
break;
case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break; case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
case oPinentryInvisibleChar: case oPinentryInvisibleChar:
xfree (opt.pinentry_invisible_char); xfree (opt.pinentry_invisible_char);

View File

@ -28,15 +28,24 @@ cvtver () {
usage() usage()
{ {
cat <<EOF cat <<EOF
Usage: $(basename $0) [OPTIONS] Usage: $(basename $0) [OPTIONS] [packages]
Get the online version of the GnuPG software version database Get the online version of the GnuPG software version database
and optionally download packages and verify their signatures.
Options: Options:
--info Print only infos about packages
--skip-download Assume download has already been done. --skip-download Assume download has already been done.
--skip-verify Do not check signatures --skip-verify Do not check signatures
--skip-selfcheck Do not check GnuPG version --skip-selfcheck Do not check GnuPG version
(default if not used in the GnuPG tree)
--find-sha1sum Print the name of the sha1sum utility --find-sha1sum Print the name of the sha1sum utility
--find-sha256sum Print the name of the sha256sum utility --find-sha256sum Print the name of the sha256sum utility
--help Print this help. --help Print this help.
Example:
getswdb.sh gnupg24 gpgme libksba libassuan
EOF EOF
exit $1 exit $1
} }
@ -49,6 +58,9 @@ skip_verify=no
skip_selfcheck=no skip_selfcheck=no
find_sha1sum=no find_sha1sum=no
find_sha256sum=no find_sha256sum=no
info_mode=no
packages=
die=no
while test $# -gt 0; do while test $# -gt 0; do
case "$1" in case "$1" in
# Set up `optarg'. # Set up `optarg'.
@ -79,13 +91,20 @@ while test $# -gt 0; do
--find-sha256sum) --find-sha256sum)
find_sha256sum=yes find_sha256sum=yes
;; ;;
*) --info)
info_mode=yes
;;
--*)
usage 1 1>&2 usage 1 1>&2
;; ;;
*)
packages="$packages $1"
;;
esac esac
shift shift
done done
# Mac OSX has only a shasum and not sha1sum # Mac OSX has only a shasum and not sha1sum
if [ ${find_sha1sum} = yes ]; then if [ ${find_sha1sum} = yes ]; then
for i in sha1sum shasum ; do for i in sha1sum shasum ; do
@ -114,16 +133,37 @@ if [ ${find_sha256sum} = yes ]; then
fi fi
if [ $skip_verify = no ]; then
if [ ! -f "$distsigkey" ]; then
distsigkey="/usr/local/share/gnupg/distsigkey.gpg"
if [ ! -f "$distsigkey" ]; then
distsigkey="/usr/share/gnupg/distsigkey.gpg"
if [ ! -f "$distsigkey" ]; then
echo "no keyring with release keys found!" >&2
exit 1
fi
fi
echo "using release keys from $distsigkey" >&2
skip_selfcheck=yes
fi
fi
# Get GnuPG version from VERSION file. For a GIT checkout this means # Get GnuPG version from VERSION file. For a GIT checkout this means
# that ./autogen.sh must have been run first. For a regular tarball # that ./autogen.sh must have been run first. For a regular tarball
# VERSION is always available. # VERSION is always available.
if [ $skip_selfcheck = no ]; then
if [ ! -f "$srcdir/../VERSION" ]; then if [ ! -f "$srcdir/../VERSION" ]; then
echo "VERSION file missing - run autogen.sh first." >&2 echo "VERSION file missing - run autogen.sh first." >&2
exit 1 exit 1
fi fi
version=$(cat "$srcdir/../VERSION") version=$(cat "$srcdir/../VERSION")
else
version="0.0.0"
fi
version_num=$(echo "$version" | cvtver) version_num=$(echo "$version" | cvtver)
if [ $skip_verify = no ]; then if [ $skip_verify = no ]; then
if ! $GPGV --version >/dev/null 2>/dev/null ; then if ! $GPGV --version >/dev/null 2>/dev/null ; then
echo "command \"gpgv\" is not installed" >&2 echo "command \"gpgv\" is not installed" >&2
@ -164,7 +204,7 @@ else
fi fi
fi fi
if [ $skip_verify = no ]; then if [ $skip_verify = no ]; then
if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst 2>/dev/null; then
echo "list of software versions is not valid!" >&2 echo "list of software versions is not valid!" >&2
exit 1 exit 1
fi fi
@ -188,3 +228,73 @@ if [ $skip_selfcheck = no ]; then
exit 1 exit 1
fi fi
fi fi
# Download a package and check its signature.
download_pkg () {
local url="$1"
local file="${url##*/}"
if ! $WGET -q -O - "$url" >"${file}.tmp" ; then
echo "download of $file failed." >&2
[ -f "${file}.tmp" ] && rm "${file}.tmp"
return 1
fi
if [ $skip_verify = no ]; then
if ! $WGET -q -O - "${url}.sig" >"${file}.tmpsig" ; then
echo "download of $file.sig failed." >&2
[ -f "${file}.tmpsig" ] && rm "${file}.tmpsig"
return 1
fi
if ! $GPGV -q --keyring "$distsigkey" \
"${file}.tmpsig" "${file}.tmp" 2>/dev/null; then
echo "signature of $file is not valid!" >&2
return 1
fi
mv "${file}.tmpsig" "${file}.sig"
else
[ -f "${file}.sig" ] && rm "${file}.sig"
fi
mv "${file}.tmp" "${file}"
return 0
}
baseurl=$(awk '$1=="gpgorg_base" {print $2; exit 0}' swdb.lst)
for p in $packages; do
pver=$(awk '$1=="'"$p"'_ver" {print $2}' swdb.lst)
if [ -z "$pver" ]; then
echo "package '$p' not found" >&2
die=yes
else
pdir=$(awk '$1=="'"$p"'_dir" {print $2":"$3":"$4}' swdb.lst)
if [ -n "$pdir" ]; then
psuf=$(echo "$pdir" | cut -d: -f3)
pname=$(echo "$pdir" | cut -d: -f2)
pdir=$(echo "$pdir" | cut -d: -f1)
else
psuf=
pdir="$p"
pname="$p"
fi
if [ -z "$psuf" ]; then
psuf=$(awk 'BEGIN {suf="bz2"};
$1=="'"$p"'_sha1_gz" {suf="gz"; exit 0};
$1=="'"$p"'_sha1_xz" {suf"xz"; exit 0};
END {print suf}' swdb.lst)
fi
pfullname="$pname-$pver.tar.$psuf"
if [ $info_mode = yes ]; then
echo "$baseurl/$pdir/$pfullname"
else
echo "downloading $pfullname"
download_pkg "$baseurl/$pdir/$pfullname" || die=yes
fi
fi
done
if [ $die = yes ]; then
echo "errors found!" >&2
exit 1
fi
exit 0

View File

@ -51,10 +51,13 @@
# # This is greped by the Makefile. # # This is greped by the Makefile.
# RELEASE_ARCHIVE=foo@somehost:tarball-archive # RELEASE_ARCHIVE=foo@somehost:tarball-archive
# #
# # The key used to sign the released sources. # # The key used to sign the GnuPG sources.
# # This is greped by the Makefile. # # This is greped by the Makefile.
# RELEASE_SIGNKEY=6DAA6E64A76D2840571B4902528897B826403ADA # RELEASE_SIGNKEY=6DAA6E64A76D2840571B4902528897B826403ADA
# #
# # The key used to sign the VERSION files of some MSI installers.
# VERSION_SIGNKEY=02F38DFF731FF97CB039A1DA549E695E905BA208
#
# # For signing Windows binaries we need to employ a Windows machine. # # For signing Windows binaries we need to employ a Windows machine.
# # We connect to this machine via ssh and take the connection # # We connect to this machine via ssh and take the connection
# # parameters via .ssh/config. For example a VM could be specified # # parameters via .ssh/config. For example a VM could be specified
@ -74,6 +77,9 @@
# # This is greped by the Makefile. # # This is greped by the Makefile.
# AUTHENTICODE_TOOL="C:\Program Files (x86)\Windows Kits\10\bin\signtool.exe" # AUTHENTICODE_TOOL="C:\Program Files (x86)\Windows Kits\10\bin\signtool.exe"
# #
# # The URL for the timestamping service
# AUTHENTICODE_TSURL=http://rfc3161timestamp.globalsign.com/advanced
#
# # To use osslsigncode the follwing entries are required and # # To use osslsigncode the follwing entries are required and
# # an empty string must be given for AUTHENTICODE_SIGNHOST. # # an empty string must be given for AUTHENTICODE_SIGNHOST.
# # They are greped by the Makefile. # # They are greped by the Makefile.
@ -238,10 +244,11 @@ PATCHELF := $(shell patchelf --version 2>/dev/null >/dev/null || echo "echo plea
# Read signing information from ~/.gnupg-autogen.rc # Read signing information from ~/.gnupg-autogen.rc
define READ_AUTOGEN_template define READ_AUTOGEN_template
$(1) = $$(shell grep '^$(1)=' $$$$HOME/.gnupg-autogen.rc|cut -d= -f2) $(1) = $$(shell grep '^[[:blank:]]*$(1)[[:blank:]]*=' $$$$HOME/.gnupg-autogen.rc|cut -d= -f2|xargs)
endef endef
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_SIGNHOST)) $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_SIGNHOST))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TOOL)) $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TOOL))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TSURL))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_KEY)) $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_KEY))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_CERTS)) $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_CERTS))
$(eval $(call READ_AUTOGEN_template,OSSLSIGNCODE)) $(eval $(call READ_AUTOGEN_template,OSSLSIGNCODE))
@ -1350,7 +1357,7 @@ define AUTHENTICODE_sign
scp $(1) "$(AUTHENTICODE_SIGNHOST):a.exe" ;\ scp $(1) "$(AUTHENTICODE_SIGNHOST):a.exe" ;\
ssh "$(AUTHENTICODE_SIGNHOST)" '$(AUTHENTICODE_TOOL)' sign \ ssh "$(AUTHENTICODE_SIGNHOST)" '$(AUTHENTICODE_TOOL)' sign \
/a /n '"g10 Code GmbH"' \ /a /n '"g10 Code GmbH"' \
/tr 'http://rfc3161timestamp.globalsign.com/advanced' /td sha256 \ /tr '$(AUTHENTICODE_TSURL)' /td sha256 \
/fd sha256 /du https://gnupg.org a.exe ;\ /fd sha256 /du https://gnupg.org a.exe ;\
scp "$(AUTHENTICODE_SIGNHOST):a.exe" $(2);\ scp "$(AUTHENTICODE_SIGNHOST):a.exe" $(2);\
echo "speedo: signed file is '$(2)'" ;\ echo "speedo: signed file is '$(2)'" ;\
@ -1361,13 +1368,13 @@ define AUTHENTICODE_sign
-pkcs11module $(SCUTEMODULE) \ -pkcs11module $(SCUTEMODULE) \
-certs $(AUTHENTICODE_CERTS) \ -certs $(AUTHENTICODE_CERTS) \
-h sha256 -n GnuPG -i https://gnupg.org \ -h sha256 -n GnuPG -i https://gnupg.org \
-ts http://rfc3161timestamp.globalsign.com/advanced \ -ts $(AUTHENTICODE_TSURL) \
-in $(1) -out $(2).tmp ; mv $(2).tmp $(2) ; \ -in $(1) -out $(2).tmp ; mv $(2).tmp $(2) ; \
elif [ -e "$(AUTHENTICODE_KEY)" ]; then \ elif [ -e "$(AUTHENTICODE_KEY)" ]; then \
echo "speedo: Signing using key $(AUTHENTICODE_KEY)";\ echo "speedo: Signing using key $(AUTHENTICODE_KEY)";\
osslsigncode sign -certs $(AUTHENTICODE_CERTS) \ osslsigncode sign -certs $(AUTHENTICODE_CERTS) \
-pkcs12 $(AUTHENTICODE_KEY) -askpass \ -pkcs12 $(AUTHENTICODE_KEY) -askpass \
-ts "http://timestamp.globalsign.com/scripts/timstamp.dll" \ -ts "$(AUTHENTICODE_TSURL)" \
-h sha256 -n GnuPG -i https://gnupg.org \ -h sha256 -n GnuPG -i https://gnupg.org \
-in $(1) -out $(2) ;\ -in $(1) -out $(2) ;\
else \ else \

View File

@ -61,9 +61,12 @@ and then manually edited:
<Component Id="cmp74961776CCC7B203F500FE261DC12F92" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="FBA2569C-554D-4C06-88FC-0FD6541B5B4B"> <Component Id="cmp74961776CCC7B203F500FE261DC12F92" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="FBA2569C-554D-4C06-88FC-0FD6541B5B4B">
<File Id="filB82A767EB9971018C006215A9FDE77EF" KeyPath="yes" Source="$(var.SourceDir)\bin\gpg-connect-agent.exe"/> <File Id="filB82A767EB9971018C006215A9FDE77EF" KeyPath="yes" Source="$(var.SourceDir)\bin\gpg-connect-agent.exe"/>
</Component> </Component>
<Component Id="cmp74961776CCC7B203F500FE261DC12F94" Directory="dirAA72FFDDFA224FB221D53750596B0144" Guid="FBA2569C-554D-4C06-88FC-0FD6541B5B4C"> <Component Id="cmp74961776CCC7B203F500FE261DC12F94" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="FBA2569C-554D-4C06-88FC-0FD6541B5B4C">
<File Id="filB82A767EB9971018C006215A9FDE77F1" KeyPath="yes" Source="$(var.SourceDir)\bin\gpg-card.exe"/> <File Id="filB82A767EB9971018C006215A9FDE77F1" KeyPath="yes" Source="$(var.SourceDir)\bin\gpg-card.exe"/>
</Component> </Component>
<Component Id="cmp74961776CCC7B203F500FE261DC12F95" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="3134BF55-46AF-4B76-A535-DC1EDDB0DBFD">
<File Id="filB82A767EB9971018C006215A9FDE77F2" KeyPath="yes" Source="$(var.SourceDir)\libexec\keyboxd.exe"/>
</Component>
<Component Id="cmp6C1FB70721B208E33DB24296B93AB93F" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="FE29D2AA-3151-4421-B8C0-355F69F267A1"> <Component Id="cmp6C1FB70721B208E33DB24296B93AB93F" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="FE29D2AA-3151-4421-B8C0-355F69F267A1">
<File Id="fil563D2C0464DCE7ECADE6E15C0FC65821" KeyPath="yes" Source="$(var.SourceDir)\libexec\gpg-preset-passphrase.exe"/> <File Id="fil563D2C0464DCE7ECADE6E15C0FC65821" KeyPath="yes" Source="$(var.SourceDir)\libexec\gpg-preset-passphrase.exe"/>
</Component> </Component>

View File

@ -41,7 +41,7 @@ static int initialized;
static int module; static int module;
/* This value is used by DSA and RSA checks in addition to the hard /* This value is used by DSA and RSA checks in addition to the hard
* coded length checks. It allows to increase the required key length * coded length checks. It allows one to increase the required key length
* using a confue file. */ * using a confue file. */
static unsigned int min_compliant_rsa_length; static unsigned int min_compliant_rsa_length;

View File

@ -437,6 +437,7 @@ check_syscall_func (void)
} }
} }
static void static void
pre_syscall (void) pre_syscall (void)
{ {
@ -444,6 +445,7 @@ pre_syscall (void)
pre_syscall_func (); pre_syscall_func ();
} }
static void static void
post_syscall (void) post_syscall (void)
{ {

View File

@ -54,6 +54,7 @@ enum
STATUS_NEED_PASSPHRASE, STATUS_NEED_PASSPHRASE,
STATUS_VALIDSIG, STATUS_VALIDSIG,
STATUS_ASSERT_SIGNER, STATUS_ASSERT_SIGNER,
STATUS_ASSERT_PUBKEY_ALGO,
STATUS_SIG_ID, STATUS_SIG_ID,
STATUS_ENC_TO, STATUS_ENC_TO,
STATUS_NODATA, STATUS_NODATA,

View File

@ -31,6 +31,8 @@
#ifndef GNUPG_COMMON_T_SUPPORT_H #ifndef GNUPG_COMMON_T_SUPPORT_H
#define GNUPG_COMMON_T_SUPPORT_H 1 #define GNUPG_COMMON_T_SUPPORT_H 1
#ifndef LEAN_T_SUPPORT
#ifdef GCRYPT_VERSION #ifdef GCRYPT_VERSION
#error The regression tests should not include with gcrypt.h #error The regression tests should not include with gcrypt.h
#endif #endif
@ -45,11 +47,6 @@
# define getenv(a) (NULL) # define getenv(a) (NULL)
#endif #endif
#ifndef DIM
# define DIM(v) (sizeof(v)/sizeof((v)[0]))
# define DIMof(type,member) DIM(((type *)0)->member)
#endif
/* Replacement prototypes. */ /* Replacement prototypes. */
void *gcry_xmalloc (size_t n); void *gcry_xmalloc (size_t n);
@ -65,6 +62,12 @@ void gcry_free (void *a);
#define xstrdup(a) gcry_xstrdup ( (a) ) #define xstrdup(a) gcry_xstrdup ( (a) )
#define xfree(a) gcry_free ( (a) ) #define xfree(a) gcry_free ( (a) )
#endif /* LEAN_T_SUPPORT */
#ifndef DIM
# define DIM(v) (sizeof(v)/sizeof((v)[0]))
# define DIMof(type,member) DIM(((type *)0)->member)
#endif
/* Macros to print the result of a test. */ /* Macros to print the result of a test. */
#define pass() do { ; } while(0) #define pass() do { ; } while(0)

View File

@ -152,7 +152,7 @@ find_tlv_unchecked (const unsigned char *buffer, size_t length,
/* ASN.1 BER parser: Parse BUFFER of length SIZE and return the tag /* ASN.1 BER parser: Parse BUFFER of length SIZE and return the tag
* and the length part from the TLV triplet. Update BUFFER and SIZE * and the length part from the TLV triplet. Update BUFFER and SIZE
* on success. Note that this function does not check that the value * on success. Note that this function does not check that the value
* fits into the provided buffer; this allows to work on the TL part * fits into the provided buffer; this allows one to work on the TL part
* of a TLV. */ * of a TLV. */
gpg_error_t gpg_error_t
parse_ber_header (unsigned char const **buffer, size_t *size, parse_ber_header (unsigned char const **buffer, size_t *size,

View File

@ -2086,6 +2086,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
err = validate_cert_chain (ctrl, crlissuer_cert, NULL, err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
(VALIDATE_FLAG_TRUST_CONFIG (VALIDATE_FLAG_TRUST_CONFIG
| VALIDATE_FLAG_TRUST_SYSTEM
| VALIDATE_FLAG_CRL | VALIDATE_FLAG_CRL
| VALIDATE_FLAG_RECURSIVE), | VALIDATE_FLAG_RECURSIVE),
r_trust_anchor); r_trust_anchor);

View File

@ -107,7 +107,7 @@ static gpgrt_opt_t opts[] = {
" a record oriented format"}, " a record oriented format"},
{ oProxy, "proxy", 2, { oProxy, "proxy", 2,
"|NAME|ignore host part and connect through NAME"}, "|NAME|ignore host part and connect through NAME"},
{ oStartTLS, "starttls", 0, "use STARTLS for the conenction"}, { oStartTLS, "starttls", 0, "use STARTLS for the connection"},
{ oLdapTLS, "ldaptls", 0, "use a TLS for the connection"}, { oLdapTLS, "ldaptls", 0, "use a TLS for the connection"},
{ oNtds, "ntds", 0, "authenticate using AD"}, { oNtds, "ntds", 0, "authenticate using AD"},
{ oARecOnly, "areconly", 0, "do only an A record lookup"}, { oARecOnly, "areconly", 0, "do only an A record lookup"},

View File

@ -2362,7 +2362,6 @@ run_gnutls_handshake (http_t hd, const char *server)
* NULL, decode the string and use this as input from teh server. On * NULL, decode the string and use this as input from teh server. On
* success the final output token is stored at PROXY->OUTTOKEN and * success the final output token is stored at PROXY->OUTTOKEN and
* OUTTOKLEN. IF the authentication succeeded OUTTOKLEN is zero. */ * OUTTOKLEN. IF the authentication succeeded OUTTOKLEN is zero. */
#ifdef USE_TLS
static gpg_error_t static gpg_error_t
proxy_get_token (proxy_info_t proxy, const char *inputstring) proxy_get_token (proxy_info_t proxy, const char *inputstring)
{ {
@ -2530,11 +2529,9 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring)
#endif /*!HAVE_W32_SYSTEM*/ #endif /*!HAVE_W32_SYSTEM*/
} }
#endif /*USE_TLS*/
/* Use the CONNECT method to proxy our TLS stream. */ /* Use the CONNECT method to proxy our TLS stream. */
#ifdef USE_TLS
static gpg_error_t static gpg_error_t
run_proxy_connect (http_t hd, proxy_info_t proxy, run_proxy_connect (http_t hd, proxy_info_t proxy,
const char *httphost, const char *server, const char *httphost, const char *server,
@ -2556,6 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
* RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
*/ */
auth_basic = !!proxy->uri->auth; auth_basic = !!proxy->uri->auth;
hd->keep_alive = !auth_basic; /* We may need to send more requests. */
/* For basic authentication we need to send just one request. */ /* For basic authentication we need to send just one request. */
if (auth_basic if (auth_basic
@ -2577,16 +2575,15 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
httphost ? httphost : server, httphost ? httphost : server,
port, port,
authhdr ? authhdr : "", authhdr ? authhdr : "",
auth_basic? "" : "Connection: keep-alive\r\n"); hd->keep_alive? "Connection: keep-alive\r\n" : "");
if (!request) if (!request)
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
goto leave; goto leave;
} }
hd->keep_alive = !auth_basic; /* We may need to send more requests. */
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP)) if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_debug_with_string (request, "http.c:proxy:request:"); log_debug_string (request, "http.c:proxy:request:");
if (!hd->fp_write) if (!hd->fp_write)
{ {
@ -2610,16 +2607,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
if (err) if (err)
goto leave; goto leave;
{
unsigned long count = 0;
while (es_getc (hd->fp_read) != EOF)
count++;
if (opt_debug)
log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
count);
}
/* Reset state. */ /* Reset state. */
es_clearerr (hd->fp_read); es_clearerr (hd->fp_read);
((cookie_t)(hd->read_cookie))->up_to_empty_line = 1; ((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
@ -2730,6 +2717,14 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
} }
leave: leave:
if (hd->keep_alive)
{
es_fclose (hd->fp_write);
hd->fp_write = NULL;
/* The close has released the cookie and thus we better set it
* to NULL. */
hd->write_cookie = NULL;
}
/* Restore flags, destroy stream, reset state. */ /* Restore flags, destroy stream, reset state. */
hd->flags = saved_flags; hd->flags = saved_flags;
es_fclose (hd->fp_read); es_fclose (hd->fp_read);
@ -2743,7 +2738,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
xfree (tmpstr); xfree (tmpstr);
return err; return err;
} }
#endif /*USE_TLS*/
/* Make a request string using a standard proxy. On success the /* Make a request string using a standard proxy. On success the
@ -2882,7 +2876,7 @@ send_request (ctrl_t ctrl,
if (proxy && proxy->is_http_proxy) if (proxy && proxy->is_http_proxy)
{ {
use_http_proxy = 1; /* We want to use a proxy for the conenction. */ use_http_proxy = 1; /* We want to use a proxy for the connection. */
err = connect_server (ctrl, err = connect_server (ctrl,
*proxy->uri->host ? proxy->uri->host : "localhost", *proxy->uri->host ? proxy->uri->host : "localhost",
proxy->uri->port ? proxy->uri->port : 80, proxy->uri->port ? proxy->uri->port : 80,
@ -2903,7 +2897,6 @@ send_request (ctrl_t ctrl,
goto leave; goto leave;
} }
#if USE_TLS
if (use_http_proxy && hd->uri->use_tls) if (use_http_proxy && hd->uri->use_tls)
{ {
err = run_proxy_connect (hd, proxy, httphost, server, port); err = run_proxy_connect (hd, proxy, httphost, server, port);
@ -2915,7 +2908,6 @@ send_request (ctrl_t ctrl,
* clear the flag to indicate this. */ * clear the flag to indicate this. */
use_http_proxy = 0; use_http_proxy = 0;
} }
#endif /* USE_TLS */
#if HTTP_USE_NTBTLS #if HTTP_USE_NTBTLS
err = run_ntbtls_handshake (hd); err = run_ntbtls_handshake (hd);
@ -4411,7 +4403,7 @@ same_host_p (parsed_uri_t a, parsed_uri_t b)
} }
/* Also consider hosts the same if they differ only in a subdomain; /* Also consider hosts the same if they differ only in a subdomain;
* in both direction. This allows to have redirection between the * in both direction. This allows one to have redirection between the
* WKD advanced and direct lookup methods. */ * WKD advanced and direct lookup methods. */
for (i=0; i < DIM (subdomains); i++) for (i=0; i < DIM (subdomains); i++)
{ {

View File

@ -607,7 +607,7 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
* including whether to use TLS and the username and password (see * including whether to use TLS and the username and password (see
* ldap_parse_uri for a description of the various fields). Be * ldap_parse_uri for a description of the various fields). Be
* default a PGP keyserver is assumed; if GENERIC is true a generic * default a PGP keyserver is assumed; if GENERIC is true a generic
* ldap conenction is instead established. * ldap connection is instead established.
* *
* Returns: The ldap connection handle in *LDAP_CONNP, R_BASEDN is set * Returns: The ldap connection handle in *LDAP_CONNP, R_BASEDN is set
* to the base DN for the PGP key space, several flags will be stored * to the base DN for the PGP key space, several flags will be stored

View File

@ -3325,7 +3325,7 @@ dirmngr_status_help (ctrl_t ctrl, const char *text)
/* Print a help status line using a printf like format. The function /* Print a help status line using a printf like format. The function
* splits text at LFs. With CTRL beeing NULL, the function behaves * splits text at LFs. With CTRL being NULL, the function behaves
* like log_info. */ * like log_info. */
gpg_error_t gpg_error_t
dirmngr_status_helpf (ctrl_t ctrl, const char *format, ...) dirmngr_status_helpf (ctrl_t ctrl, const char *format, ...)

View File

@ -532,6 +532,12 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
--assert-signer is used. The fingerprint is printed with --assert-signer is used. The fingerprint is printed with
uppercase hex digits. uppercase hex digits.
*** ASSERT_PUBKEY_ALGO <fingerprint> <state> <algostr>
This is emitted when option --assert-pubkey-algo is used and the
signing algorithms is accepted according to that list if state is
1 or denied if state is 0. The fingerprint is printed with
uppercase hex digits.
*** SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp> *** SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp>
This is emitted only for signatures of class 0 or 1 which have This is emitted only for signatures of class 0 or 1 which have
been verified okay. The string is a signature id and may be used been verified okay. The string is a signature id and may be used

View File

@ -172,7 +172,7 @@ socket.
Set compatibility flags to work around certain problems or to emulate Set compatibility flags to work around certain problems or to emulate
bugs. The @var{flags} are given as a comma separated list of flag bugs. The @var{flags} are given as a comma separated list of flag
names and are OR-ed together. The special flag "none" clears the list names and are OR-ed together. The special flag "none" clears the list
and allows to start over with an empty list. To get a list of and allows one to start over with an empty list. To get a list of
available flags the sole word "help" can be used. available flags the sole word "help" can be used.
@item --faked-system-time @var{epoch} @item --faked-system-time @var{epoch}

View File

@ -302,7 +302,7 @@ debugging.
@item --steal-socket @item --steal-socket
@opindex steal-socket @opindex steal-socket
In @option{--daemon} mode, gpg-agent detects an already running In @option{--daemon} mode, gpg-agent detects an already running
gpg-agent and does not allow to start a new instance. This option can gpg-agent and does not allow one to start a new instance. This option can
be used to override this check: the new gpg-agent process will try to be used to override this check: the new gpg-agent process will try to
take over the communication sockets from the already running process take over the communication sockets from the already running process
and start anyway. This option should in general not be used. and start anyway. This option should in general not be used.
@ -643,7 +643,7 @@ gpg-agent as a replacement for PuTTY's Pageant, the option
In this mode of operation, the agent does not only implement the In this mode of operation, the agent does not only implement the
gpg-agent protocol, but also the agent protocol used by OpenSSH gpg-agent protocol, but also the agent protocol used by OpenSSH
(through a separate socket or via Named Pipes) or the protocol used by (through a separate socket or via Named Pipes) or the protocol used by
PuTTY. Consequently, this allows to use the gpg-agent as a drop-in PuTTY. Consequently, this allows one to use the gpg-agent as a drop-in
replacement for the ssh-agent. replacement for the ssh-agent.
SSH keys, which are to be used through the agent, need to be added to SSH keys, which are to be used through the agent, need to be added to
@ -693,7 +693,7 @@ The order in which keys are presented to ssh are:
@item Negative Use-for-ssh values @item Negative Use-for-ssh values
If a key file has the attribute "Use-for-ssh" and its value is If a key file has the attribute "Use-for-ssh" and its value is
negative, these keys are presented first to ssh. The negative negative, these keys are presented first to ssh. The negative
values are capped at -999 with -999 beeing lower ranked than -1. values are capped at -999 with -999 being lower ranked than -1.
These values can be used to prefer on-disk keys over keys taken These values can be used to prefer on-disk keys over keys taken
from active cards. from active cards.

View File

@ -226,7 +226,7 @@ OpenPGP or X.509 keys.
@item LOGIN [--clear] [< @var{file}] @item LOGIN [--clear] [< @var{file}]
@opindex login @opindex login
Set the login data object of OpenPGP cards. If @var{file} is given Set the login data object of OpenPGP cards. If @var{file} is given
the data is is read from that file. This allows to store binary data the data is is read from that file. This allows one to store binary data
in the login field. The option @option{--clear} deletes the login in the login field. The option @option{--clear} deletes the login
data object. data object.

View File

@ -716,7 +716,7 @@ inserted smartcard, the special string ``card'' can be used for
will figure them out and creates an OpenPGP key consisting of the will figure them out and creates an OpenPGP key consisting of the
usual primary key and one subkey. This works only with certain usual primary key and one subkey. This works only with certain
smartcards. Note that the interactive @option{--full-gen-key} command smartcards. Note that the interactive @option{--full-gen-key} command
allows to do the same but with greater flexibility in the selection of allows one to do the same but with greater flexibility in the selection of
the smartcard keys. the smartcard keys.
Note that it is possible to create a primary key and a subkey using Note that it is possible to create a primary key and a subkey using
@ -1290,19 +1290,22 @@ are usually found in the option file.
@item --default-key @var{name} @item --default-key @var{name}
@opindex default-key @opindex default-key
Use @var{name} as the default key to sign with. If this option is not Use @var{name} as the default key to sign with. It is suggested to
used, the default key is the first key found in the secret keyring. use a fingerprint or at least a long keyID for @var{name}. If this
Note that @option{-u} or @option{--local-user} overrides this option. option is not used, the default key is the first key found in the
This option may be given multiple times. In this case, the last key secret keyring. Note that @option{-u} or @option{--local-user}
for which a secret key is available is used. If there is no secret overrides this option. This option may be given multiple times. In
key available for any of the specified values, GnuPG will not emit an this case, the last key for which a secret key is available is used.
error message but continue as if this option wasn't given. If there is no secret key available for any of the specified values,
GnuPG will not emit an error message but continue as if this option
wasn't given.
@item --default-recipient @var{name} @item --default-recipient @var{name}
@opindex default-recipient @opindex default-recipient
Use @var{name} as default recipient if option @option{--recipient} is Use @var{name} as default recipient if option @option{--recipient} is
not used and don't ask if this is a valid one. @var{name} must be not used and don't ask if this is a valid one. @var{name} must be
non-empty. non-empty and it is suggested to use a fingerprint for @var{name}.
@item --default-recipient-self @item --default-recipient-self
@opindex default-recipient-self @opindex default-recipient-self
@ -1773,7 +1776,9 @@ useful if you don't want to keep your secret keys (or one of them)
online but still want to be able to check the validity of a given online but still want to be able to check the validity of a given
recipient's or signator's key. If the given key is not locally recipient's or signator's key. If the given key is not locally
available but an LDAP keyserver is configured the missing key is available but an LDAP keyserver is configured the missing key is
imported from that server. imported from that server. The value "none" is explicitly allowed to
distinguish between the use of any trusted-key option and no use of
this option at all (e.g. due to the @option{--no-options} option).
@item --add-desig-revoker [sensitive:]@var{fingerprint} @item --add-desig-revoker [sensitive:]@var{fingerprint}
@opindex add-desig-revoker @opindex add-desig-revoker
@ -1914,6 +1919,29 @@ is guaranteed to return with an exit code of 0 if and only if a
signature has been encountered, is valid, and the key matches one of signature has been encountered, is valid, and the key matches one of
the fingerprints given by this option. the fingerprints given by this option.
@item --assert-pubkey-algo @var{algolist}
@opindex assert-pubkey-algo
During data signature verification this options checks whether the
used public key algorithm matches the algorithms given by
@var{algolist}. This option can be given multiple times to
concatenate more algorithms to the list; the delimiter of the list are
either commas or spaces.
The algorithm names given in the list may either be verbatim names
like "ed25519" with an optional leading single equal sign, or being
prefixed with ">", ">=", "<=", or "<". That prefix operator is
applied to the number part of the algorithm name; for example 2048 in
"rsa2048" or 384 in "brainpoolP384r1". If the the leading non-digits
in the name matches, the prefix operator is used to compare the number
part, a trailing suffix is ignored in this case. For example an
algorithm list ">rsa3000, >=brainpool384r1, =ed25519" allows RSA
signatures with more that 3000 bits, Brainpool curves 384 and 512,
and the ed25519 algorithm.
With this option gpg (and also gpgv) is guaranteed to return with an
exit code of 0 if and only if all valid signatures on data are made
using a matching algorithm from the given list.
@item --auto-key-locate @var{mechanisms} @item --auto-key-locate @var{mechanisms}
@itemx --no-auto-key-locate @itemx --no-auto-key-locate
@ -1947,20 +1975,20 @@ list. The default is "local,wkd".
@item ntds @item ntds
Locate the key using the Active Directory (Windows only). This Locate the key using the Active Directory (Windows only). This
method also allows to search by fingerprint using the command method also allows one to search by fingerprint using the command
@option{--locate-external-key}. Note that this mechanism is @option{--locate-external-key}. Note that this mechanism is
actually a shortcut for the mechanism @samp{keyserver} but using actually a shortcut for the mechanism @samp{keyserver} but using
"ldap:///" as the keyserver. "ldap:///" as the keyserver.
@item keyserver @item keyserver
Locate a key using a keyserver. This method also allows to search Locate a key using a keyserver. This method also allows one to search
by fingerprint using the command @option{--locate-external-key} if by fingerprint using the command @option{--locate-external-key} if
any of the configured keyservers is an LDAP server. any of the configured keyservers is an LDAP server.
@item keyserver-URL @item keyserver-URL
In addition, a keyserver URL as used in the @command{dirmngr} In addition, a keyserver URL as used in the @command{dirmngr}
configuration may be used here to query that particular keyserver. configuration may be used here to query that particular keyserver.
This method also allows to search by fingerprint using the command This method also allows one to search by fingerprint using the command
@option{--locate-external-key} if the URL specifies an LDAP server. @option{--locate-external-key} if the URL specifies an LDAP server.
@item local @item local
@ -2336,19 +2364,21 @@ the key in this file is fully valid.
@opindex encrypt-to @opindex encrypt-to
Same as @option{--recipient} but this one is intended for use in the Same as @option{--recipient} but this one is intended for use in the
options file and may be used with your own user-id as an options file and may be used with your own user-id as an
"encrypt-to-self". These keys are only used when there are other "encrypt-to-self". It is suggested to use a fingerprint or at least a
recipients given either by use of @option{--recipient} or by the asked long keyID for @var{name}. These keys are only used when there are
user id. No trust checking is performed for these user ids and even other recipients given either by use of @option{--recipient} or by the
disabled keys can be used. asked user id. No trust checking is performed for these user ids and
even disabled keys can be used.
@item --hidden-encrypt-to @var{name} @item --hidden-encrypt-to @var{name}
@opindex hidden-encrypt-to @opindex hidden-encrypt-to
Same as @option{--hidden-recipient} but this one is intended for use in the Same as @option{--hidden-recipient} but this one is intended for use
options file and may be used with your own user-id as a hidden in the options file and may be used with your own user-id as a hidden
"encrypt-to-self". These keys are only used when there are other "encrypt-to-self". It is suggested to use a fingerprint or at least a
recipients given either by use of @option{--recipient} or by the asked user id. long keyID for @var{name}. These keys are only used when there are
No trust checking is performed for these user ids and even disabled other recipients given either by use of @option{--recipient} or by the
keys can be used. asked user id. No trust checking is performed for these user ids and
even disabled keys can be used.
@item --no-encrypt-to @item --no-encrypt-to
@opindex no-encrypt-to @opindex no-encrypt-to
@ -2899,24 +2929,6 @@ done with @code{--with-colons}.
@table @gnupgtabopt @table @gnupgtabopt
@item -t, --textmode
@itemx --no-textmode
@opindex textmode
Treat input files as text and store them in the OpenPGP canonical text
form with standard "CRLF" line endings. This also sets the necessary
flags to inform the recipient that the encrypted or signed data is text
and may need its line endings converted back to whatever the local
system uses. This option is useful when communicating between two
platforms that have different line ending conventions (UNIX-like to Mac,
Mac to Windows, etc). @option{--no-textmode} disables this option, and
is the default.
@item --force-v3-sigs
@itemx --no-force-v3-sigs
@item --force-v4-certs
@itemx --no-force-v4-certs
These options are obsolete and have no effect since GnuPG 2.1.
@item --force-ocb @item --force-ocb
@itemx --force-aead @itemx --force-aead
@opindex force-ocb @opindex force-ocb
@ -3151,7 +3163,7 @@ Prompt before overwriting any files.
Set compatibility flags to work around problems due to non-compliant Set compatibility flags to work around problems due to non-compliant
keys or data. The @var{flags} are given as a comma separated keys or data. The @var{flags} are given as a comma separated
list of flag names and are OR-ed together. The special flag "none" list of flag names and are OR-ed together. The special flag "none"
clears the list and allows to start over with an empty list. To get a clears the list and allows one to start over with an empty list. To get a
list of available flags the sole word "help" can be used. list of available flags the sole word "help" can be used.
@item --debug-level @var{level} @item --debug-level @var{level}
@ -3207,7 +3219,7 @@ and may thus be changed or removed at any time without notice.
@item --debug-allow-large-chunks @item --debug-allow-large-chunks
@opindex debug-allow-large-chunks @opindex debug-allow-large-chunks
To facilitate software tests and experiments this option allows to To facilitate software tests and experiments this option allows one to
specify a limit of up to 4 EiB (@code{--chunk-size 62}). specify a limit of up to 4 EiB (@code{--chunk-size 62}).
@item --debug-ignore-expiration @item --debug-ignore-expiration
@ -3378,9 +3390,23 @@ to display the message. This option overrides @option{--set-filename}.
@itemx --no-use-embedded-filename @itemx --no-use-embedded-filename
@opindex use-embedded-filename @opindex use-embedded-filename
Try to create a file with a name as embedded in the data. This can be Try to create a file with a name as embedded in the data. This can be
a dangerous option as it enables overwriting files. Defaults to no. a dangerous option as it enables overwriting files by giving the
sender control on how to store files. Defaults to no.
Note that the option @option{--output} overrides this option. Note that the option @option{--output} overrides this option.
A better approach than using this option is to decrypt to a temporary
filename and then rename that file to the embedded file name after
checking that the embedded filename is harmless. When using the
@option{--status-fd} option gpg tells the filename as part of the
PLAINTEXT status message. If the filename is important, the use of
@command{gpgtar} is another option because gpgtar will never overwrite
a file but decrypt the files to a new directory.
Note also that unless a modern version 5 signature is used the
embedded filename is not part of the signed data.
@item --cipher-algo @var{name} @item --cipher-algo @var{name}
@opindex cipher-algo @opindex cipher-algo
Use @var{name} as cipher algorithm. Running the program with the Use @var{name} as cipher algorithm. Running the program with the
@ -3646,7 +3672,7 @@ not need to be listed explicitly.
@opindex allow-weak-key-signatures @opindex allow-weak-key-signatures
To avoid a minor risk of collision attacks on third-party key To avoid a minor risk of collision attacks on third-party key
signatures made using SHA-1, those key signatures are considered signatures made using SHA-1, those key signatures are considered
invalid. This options allows to override this restriction. invalid. This options allows one to override this restriction.
@item --override-compliance-check @item --override-compliance-check
This was a temporary introduced option and has no more effect. This was a temporary introduced option and has no more effect.
@ -3891,6 +3917,25 @@ all on Windows.
@table @gnupgtabopt @table @gnupgtabopt
@item -t, --textmode
@itemx --no-textmode
@opindex textmode
Treat input files as text and store them in the OpenPGP canonical text
form with standard "CRLF" line endings. This also sets the necessary
flags to inform the recipient that the encrypted or signed data is text
and may need its line endings converted back to whatever the local
system uses. This option was useful when communicating between two
platforms with different line ending conventions (UNIX-like to Mac,
Mac to Windows, etc). @option{--no-textmode} disables this option, and
is the default. Note that this is a legacy option which should not
anymore be used by any modern software.
@item --force-v3-sigs
@itemx --no-force-v3-sigs
@item --force-v4-certs
@itemx --no-force-v4-certs
These options are obsolete and have no effect since GnuPG 2.1.
@item --show-photos @item --show-photos
@itemx --no-show-photos @itemx --no-show-photos
@opindex show-photos @opindex show-photos
@ -4111,7 +4156,7 @@ Operation is further controlled by a few environment variables:
@item GNUPG_EXEC_DEBUG_FLAGS @item GNUPG_EXEC_DEBUG_FLAGS
@efindex GNUPG_EXEC_DEBUG_FLAGS @efindex GNUPG_EXEC_DEBUG_FLAGS
This variable allows to enable diagnostics for process management. This variable allows one to enable diagnostics for process management.
A numeric decimal value is expected. Bit 0 enables general A numeric decimal value is expected. Bit 0 enables general
diagnostics, bit 1 enables certain warnings on Windows. diagnostics, bit 1 enables certain warnings on Windows.

View File

@ -767,7 +767,7 @@ is given as fingerprint or keygrip.
Set compatibility flags to work around problems due to non-compliant Set compatibility flags to work around problems due to non-compliant
certificates or data. The @var{flags} are given as a comma separated certificates or data. The @var{flags} are given as a comma separated
list of flag names and are OR-ed together. The special flag "none" list of flag names and are OR-ed together. The special flag "none"
clears the list and allows to start over with an empty list. To get a clears the list and allows one to start over with an empty list. To get a
list of available flags the sole word "help" can be used. list of available flags the sole word "help" can be used.
@item --debug-level @var{level} @item --debug-level @var{level}

View File

@ -140,6 +140,10 @@ This option enables a mode in which filenames of the form
@file{-&n}, where n is a non-negative decimal number, @file{-&n}, where n is a non-negative decimal number,
refer to the file descriptor n and not to a file with that name. refer to the file descriptor n and not to a file with that name.
@item --assert-pubkey-algo @var{algolist}
@opindex assert-pubkey-algo
This option works in the same way as described for @command{gpg}.
@end table @end table
@mansect return value @mansect return value
@ -198,4 +202,3 @@ the allowed keys, using a legacy format.
@mansect see also @mansect see also
@command{gpg}(1) @command{gpg}(1)
@include see-also-note.texi @include see-also-note.texi

View File

@ -309,7 +309,7 @@ with lower priority should be used by default.
@item --application-priority @var{namelist} @item --application-priority @var{namelist}
@opindex application-priority @opindex application-priority
This option allows to change the order in which applications of a card This option allows one to change the order in which applications of a card
a tried if no specific application was requested. @var{namelist} is a a tried if no specific application was requested. @var{namelist} is a
space or comma delimited list of application names. Unknown names are space or comma delimited list of application names. Unknown names are
simply skipped. Applications not mentioned in the list are put in the simply skipped. Applications not mentioned in the list are put in the

View File

@ -400,7 +400,7 @@ expected in the current GnuPG home directory. This command is usually
not required because GnuPG is able to detect and remove stale lock not required because GnuPG is able to detect and remove stale lock
files. Before using the command make sure that the file protected by files. Before using the command make sure that the file protected by
the lock file is actually not in use. The lock command may be used to the lock file is actually not in use. The lock command may be used to
lock an accidently removed lock file. Note that the commands have no lock an accidentally removed lock file. Note that the commands have no
effect on Windows because the mere existence of a lock file does not effect on Windows because the mere existence of a lock file does not
mean that the lock is active. mean that the lock is active.

View File

@ -136,6 +136,8 @@ The command @option{--print-wkd-url} prints the URLs used to fetch the
key for the given user-ids from WKD. The meanwhile preferred format key for the given user-ids from WKD. The meanwhile preferred format
with sub-domains is used here. with sub-domains is used here.
All commands may also be given without the two leading dashes.
@mansect options @mansect options
@noindent @noindent
@command{gpg-wks-client} understands these options: @command{gpg-wks-client} understands these options:

View File

@ -183,7 +183,7 @@ gpgv_LDFLAGS =
t_common_ldadd = t_common_ldadd =
module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter t-keyid
t_rmd160_SOURCES = t-rmd160.c rmd160.c t_rmd160_SOURCES = t-rmd160.c rmd160.c
t_rmd160_LDADD = $(t_common_ldadd) t_rmd160_LDADD = $(t_common_ldadd)
t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source) t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source)
@ -200,6 +200,10 @@ t_stutter_SOURCES = t-stutter.c test-stubs.c \
t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
$(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
$(LIBICONV) $(t_common_ldadd) $(LIBICONV) $(t_common_ldadd)
t_keyid_SOURCES = t-keyid.c test-stubs.c $(common_source)
t_keyid_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
$(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
$(LIBICONV) $(t_common_ldadd)
$(PROGRAMS): $(needed_libs) ../common/libgpgrl.a $(PROGRAMS): $(needed_libs) ../common/libgpgrl.a

View File

@ -306,7 +306,9 @@ gpg_mpi_write (iobuf_t out, gcry_mpi_t a, unsigned int *r_nwritten)
p = gcry_mpi_get_opaque (a, &nbits); p = gcry_mpi_get_opaque (a, &nbits);
if (p) if (p)
{ {
/* Strip leading zero bits. */ /* First get nbits back to full bytes. */
nbits = ((nbits + 7) / 8) * 8;
/* Then strip leading zero bits. */
for (; nbits >= 8 && !*p; p++, nbits -= 8) for (; nbits >= 8 && !*p; p++, nbits -= 8)
; ;
if (nbits >= 8 && !(*p & 0x80)) if (nbits >= 8 && !(*p & 0x80))

View File

@ -53,7 +53,11 @@ init_compress( compress_filter_context_t *zfx, bz_stream *bzs )
} }
if((rc=BZ2_bzCompressInit(bzs,level,0,0))!=BZ_OK) if((rc=BZ2_bzCompressInit(bzs,level,0,0))!=BZ_OK)
log_fatal("bz2lib problem: %d\n",rc); {
log_error ("bz2lib problem: %d\n",rc);
write_status_error ("bzip2.init", gpg_error (GPG_ERR_INTERNAL));
g10_exit (2);
}
zfx->outbufsize = 8192; zfx->outbufsize = 8192;
zfx->outbuf = xmalloc( zfx->outbufsize ); zfx->outbuf = xmalloc( zfx->outbufsize );
@ -80,7 +84,11 @@ do_compress(compress_filter_context_t *zfx, bz_stream *bzs, int flush, IOBUF a)
if( zrc == BZ_STREAM_END && flush == BZ_FINISH ) if( zrc == BZ_STREAM_END && flush == BZ_FINISH )
; ;
else if( zrc != BZ_RUN_OK && zrc != BZ_FINISH_OK ) else if( zrc != BZ_RUN_OK && zrc != BZ_FINISH_OK )
log_fatal("bz2lib deflate problem: rc=%d\n", zrc ); {
log_error ("bz2lib deflate problem: rc=%d\n", zrc );
write_status_error ("bzip2.deflate", gpg_error (GPG_ERR_INTERNAL));
g10_exit (2);
}
n = zfx->outbufsize - bzs->avail_out; n = zfx->outbufsize - bzs->avail_out;
if( DBG_FILTER ) if( DBG_FILTER )
@ -91,7 +99,7 @@ do_compress(compress_filter_context_t *zfx, bz_stream *bzs, int flush, IOBUF a)
if( (rc=iobuf_write( a, zfx->outbuf, n )) ) if( (rc=iobuf_write( a, zfx->outbuf, n )) )
{ {
log_debug("bzCompress: iobuf_write failed\n"); log_error ("bzCompress: iobuf_write failed\n");
return rc; return rc;
} }
} }
@ -106,7 +114,11 @@ init_uncompress( compress_filter_context_t *zfx, bz_stream *bzs )
int rc; int rc;
if((rc=BZ2_bzDecompressInit(bzs,0,opt.bz2_decompress_lowmem))!=BZ_OK) if((rc=BZ2_bzDecompressInit(bzs,0,opt.bz2_decompress_lowmem))!=BZ_OK)
log_fatal("bz2lib problem: %d\n",rc); {
log_error ("bz2lib problem: %d\n",rc);
write_status_error ("bzip2.init.un", gpg_error (GPG_ERR_INTERNAL));
g10_exit (2);
}
zfx->inbufsize = 2048; zfx->inbufsize = 2048;
zfx->inbuf = xmalloc( zfx->inbufsize ); zfx->inbuf = xmalloc( zfx->inbufsize );
@ -159,7 +171,11 @@ do_uncompress( compress_filter_context_t *zfx, bz_stream *bzs,
if( zrc == BZ_STREAM_END ) if( zrc == BZ_STREAM_END )
rc = -1; /* eof */ rc = -1; /* eof */
else if( zrc != BZ_OK && zrc != BZ_PARAM_ERROR ) else if( zrc != BZ_OK && zrc != BZ_PARAM_ERROR )
log_fatal("bz2lib inflate problem: rc=%d\n", zrc ); {
log_error ("bz2lib inflate problem: rc=%d\n", zrc );
write_status_error ("bzip2.inflate", gpg_error (GPG_ERR_BAD_DATA));
g10_exit (2);
}
else if (zrc == BZ_OK && eofseen else if (zrc == BZ_OK && eofseen
&& !bzs->avail_in && bzs->avail_out > 0) && !bzs->avail_in && bzs->avail_out > 0)
{ {

View File

@ -73,10 +73,12 @@ init_compress( compress_filter_context_t *zfx, z_stream *zs )
-13, 8, Z_DEFAULT_STRATEGY) -13, 8, Z_DEFAULT_STRATEGY)
: deflateInit( zs, level ) : deflateInit( zs, level )
) != Z_OK ) { ) != Z_OK ) {
log_fatal("zlib problem: %s\n", zs->msg? zs->msg : log_error ("zlib problem: %s\n", zs->msg? zs->msg :
rc == Z_MEM_ERROR ? "out of core" : rc == Z_MEM_ERROR ? "out of core" :
rc == Z_VERSION_ERROR ? "invalid lib version" : rc == Z_VERSION_ERROR ? "invalid lib version" :
"unknown error" ); "unknown error" );
write_status_error ("zlib.init", gpg_error (GPG_ERR_INTERNAL));
g10_exit (2);
} }
zfx->outbufsize = 8192; zfx->outbufsize = 8192;
@ -104,9 +106,11 @@ do_compress( compress_filter_context_t *zfx, z_stream *zs, int flush, IOBUF a )
; ;
else if( zrc != Z_OK ) { else if( zrc != Z_OK ) {
if( zs->msg ) if( zs->msg )
log_fatal("zlib deflate problem: %s\n", zs->msg ); log_error ("zlib deflate problem: %s\n", zs->msg );
else else
log_fatal("zlib deflate problem: rc=%d\n", zrc ); log_error ("zlib deflate problem: rc=%d\n", zrc );
write_status_error ("zlib.deflate", gpg_error (GPG_ERR_INTERNAL));
g10_exit (2);
} }
n = zfx->outbufsize - zs->avail_out; n = zfx->outbufsize - zs->avail_out;
if( DBG_FILTER ) if( DBG_FILTER )
@ -116,7 +120,7 @@ do_compress( compress_filter_context_t *zfx, z_stream *zs, int flush, IOBUF a )
(unsigned)n, zrc ); (unsigned)n, zrc );
if( (rc=iobuf_write( a, zfx->outbuf, n )) ) { if( (rc=iobuf_write( a, zfx->outbuf, n )) ) {
log_debug("deflate: iobuf_write failed\n"); log_error ("deflate: iobuf_write failed\n");
return rc; return rc;
} }
} while( zs->avail_in || (flush == Z_FINISH && zrc != Z_STREAM_END) ); } while( zs->avail_in || (flush == Z_FINISH && zrc != Z_STREAM_END) );
@ -140,10 +144,12 @@ init_uncompress( compress_filter_context_t *zfx, z_stream *zs )
*/ */
if( (rc = zfx->algo == 1? inflateInit2( zs, -15) if( (rc = zfx->algo == 1? inflateInit2( zs, -15)
: inflateInit( zs )) != Z_OK ) { : inflateInit( zs )) != Z_OK ) {
log_fatal("zlib problem: %s\n", zs->msg? zs->msg : log_error ("zlib problem: %s\n", zs->msg? zs->msg :
rc == Z_MEM_ERROR ? "out of core" : rc == Z_MEM_ERROR ? "out of core" :
rc == Z_VERSION_ERROR ? "invalid lib version" : rc == Z_VERSION_ERROR ? "invalid lib version" :
"unknown error" ); "unknown error" );
write_status_error ("zlib.init.un", gpg_error (GPG_ERR_INTERNAL));
g10_exit (2);
} }
zfx->inbufsize = 2048; zfx->inbufsize = 2048;
@ -198,9 +204,11 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
rc = -1; /* eof */ rc = -1; /* eof */
else if( zrc != Z_OK && zrc != Z_BUF_ERROR ) { else if( zrc != Z_OK && zrc != Z_BUF_ERROR ) {
if( zs->msg ) if( zs->msg )
log_fatal("zlib inflate problem: %s\n", zs->msg ); log_error ("zlib inflate problem: %s\n", zs->msg );
else else
log_fatal("zlib inflate problem: rc=%d\n", zrc ); log_error ("zlib inflate problem: rc=%d\n", zrc );
write_status_error ("zlib.inflate", gpg_error (GPG_ERR_BAD_DATA));
g10_exit (2);
} }
} while (zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR } while (zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR
&& !leave); && !leave);

View File

@ -129,6 +129,8 @@ parse_export_options(char *str,unsigned int *options,int noisy)
N_("export revocation keys marked as \"sensitive\"")}, N_("export revocation keys marked as \"sensitive\"")},
{"export-clean",EXPORT_CLEAN,NULL, {"export-clean",EXPORT_CLEAN,NULL,
N_("remove unusable parts from key during export")}, N_("remove unusable parts from key during export")},
{"export-realclean",EXPORT_MINIMAL|EXPORT_REALCLEAN|EXPORT_CLEAN,NULL,
NULL},
{"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL, {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL,
N_("remove as much as possible from key during export")}, N_("remove as much as possible from key during export")},
@ -166,7 +168,7 @@ parse_export_options(char *str,unsigned int *options,int noisy)
{ {
*options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES *options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES
| EXPORT_SENSITIVE_REVKEYS); | EXPORT_SENSITIVE_REVKEYS);
*options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL *options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL | EXPORT_REALCLEAN
| EXPORT_DANE_FORMAT); | EXPORT_DANE_FORMAT);
} }
@ -643,7 +645,7 @@ canon_pk_algo (enum gcry_pk_algos algo)
} }
/* Take an s-expression wit the public and private key and change the /* Take an s-expression with the public and private key and change the
* parameter array in PK to include the secret parameters. */ * parameter array in PK to include the secret parameters. */
static gpg_error_t static gpg_error_t
secret_key_to_mode1003 (gcry_sexp_t s_key, PKT_public_key *pk) secret_key_to_mode1003 (gcry_sexp_t s_key, PKT_public_key *pk)
@ -2366,8 +2368,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
if ((options & EXPORT_CLEAN)) if ((options & EXPORT_CLEAN))
{ {
merge_keys_and_selfsig (ctrl, keyblock); merge_keys_and_selfsig (ctrl, keyblock);
clean_all_uids (ctrl, keyblock, opt.verbose, clean_all_uids (ctrl, keyblock, opt.verbose, options, NULL, NULL);
(options&EXPORT_MINIMAL), NULL, NULL);
clean_all_subkeys (ctrl, keyblock, opt.verbose, clean_all_subkeys (ctrl, keyblock, opt.verbose,
(options&EXPORT_MINIMAL)? KEY_CLEAN_ALL (options&EXPORT_MINIMAL)? KEY_CLEAN_ALL
/**/ : KEY_CLEAN_AUTHENCR, /**/ : KEY_CLEAN_AUTHENCR,

View File

@ -1921,7 +1921,7 @@ get_pubkey_byfprint_fast (ctrl_t ctrl, PKT_public_key * pk,
* R_HD may be NULL. If LOCK is set the handle has been opend in * R_HD may be NULL. If LOCK is set the handle has been opend in
* locked mode and keydb_disable_caching () has been called. On error * locked mode and keydb_disable_caching () has been called. On error
* R_KEYBLOCK is set to NULL but R_HD must be released by the caller; * R_KEYBLOCK is set to NULL but R_HD must be released by the caller;
* it may have a value of NULL, though. This allows to do an insert * it may have a value of NULL, though. This allows one to do an insert
* operation on a locked keydb handle. */ * operation on a locked keydb handle. */
gpg_error_t gpg_error_t
get_keyblock_byfprint_fast (ctrl_t ctrl, get_keyblock_byfprint_fast (ctrl_t ctrl,

View File

@ -451,6 +451,7 @@ enum cmd_and_opt_values
oCompatibilityFlags, oCompatibilityFlags,
oAddDesigRevoker, oAddDesigRevoker,
oAssertSigner, oAssertSigner,
oAssertPubkeyAlgo,
oKbxBufferSize, oKbxBufferSize,
oNoop oNoop
@ -715,6 +716,7 @@ static gpgrt_opt_t opts[] = {
#endif #endif
ARGPARSE_s_s (oAddDesigRevoker, "add-desig-revoker", "@"), ARGPARSE_s_s (oAddDesigRevoker, "add-desig-revoker", "@"),
ARGPARSE_s_s (oAssertSigner, "assert-signer", "@"), ARGPARSE_s_s (oAssertSigner, "assert-signer", "@"),
ARGPARSE_s_s (oAssertPubkeyAlgo,"assert-pubkey-algo", "@"),
ARGPARSE_header ("Input", N_("Options controlling the input")), ARGPARSE_header ("Input", N_("Options controlling the input")),
@ -753,7 +755,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oNoEscapeFrom, "no-escape-from-lines", "@"), ARGPARSE_s_n (oNoEscapeFrom, "no-escape-from-lines", "@"),
ARGPARSE_s_n (oMimemode, "mimemode", "@"), ARGPARSE_s_n (oMimemode, "mimemode", "@"),
ARGPARSE_s_n (oTextmodeShort, NULL, "@"), ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")), ARGPARSE_s_n (oTextmode, "textmode", "@"),
ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"), ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
ARGPARSE_s_s (oSetFilename, "set-filename", "@"), ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"), ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
@ -1045,9 +1047,12 @@ static struct compatibility_flags_s compatibility_flags [] =
/* Can be set to true to force gpg to return with EXIT_FAILURE. */ /* Can be set to true to force gpg to return with EXIT_FAILURE. */
int g10_errors_seen = 0; int g10_errors_seen = 0;
/* If opt.assert_signer_list is used and this variabale is not true /* If opt.assert_signer_list is used and this variable is not true
* gpg will be forced to return EXIT_FAILURE. */ * gpg will be forced to return EXIT_FAILURE. */
int assert_signer_true = 0; int assert_signer_true = 0;
/* If opt.assert_pubkey_algo is used and this variable is not true
* gpg will be forced to return EXIT_FAILURE. */
int assert_pubkey_algo_false = 0;
static int utf8_strings = static int utf8_strings =
@ -3584,9 +3589,18 @@ main (int argc, char **argv)
case oPersonalCompressPreferences: case oPersonalCompressPreferences:
pers_compress_list=pargs.r.ret_str; pers_compress_list=pargs.r.ret_str;
break; break;
case oAgentProgram: opt.agent_program = pargs.r.ret_str; break; case oAgentProgram:
case oKeyboxdProgram: opt.keyboxd_program = pargs.r.ret_str; break; xfree (opt.agent_program);
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break; opt.agent_program = make_filename (pargs.r.ret_str, NULL);
break;
case oKeyboxdProgram:
xfree (opt.keyboxd_program);
opt.keyboxd_program = make_filename (pargs.r.ret_str, NULL);
break;
case oDirmngrProgram:
xfree (opt.dirmngr_program);
opt.dirmngr_program = make_filename (pargs.r.ret_str, NULL);
break;
case oDisableDirmngr: opt.disable_dirmngr = 1; break; case oDisableDirmngr: opt.disable_dirmngr = 1; break;
case oWeakDigest: case oWeakDigest:
additional_weak_digest(pargs.r.ret_str); additional_weak_digest(pargs.r.ret_str);
@ -3767,6 +3781,18 @@ main (int argc, char **argv)
add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str); add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str);
break; break;
case oAssertPubkeyAlgo:
if (!opt.assert_pubkey_algos)
opt.assert_pubkey_algos = xstrdup (pargs.r.ret_str);
else
{
char *tmp = opt.assert_pubkey_algos;
opt.assert_pubkey_algos = xstrconcat (tmp, ",",
pargs.r.ret_str, NULL);
xfree (tmp);
}
break;
case oKbxBufferSize: case oKbxBufferSize:
keybox_set_buffersize (pargs.r.ret_ulong, 0); keybox_set_buffersize (pargs.r.ret_ulong, 0);
break; break;
@ -5471,6 +5497,17 @@ emergency_cleanup (void)
void void
g10_exit( int rc ) g10_exit( int rc )
{ {
if (rc)
;
else if (log_get_errorcount(0))
rc = 2;
else if (g10_errors_seen)
rc = 1;
else if (opt.assert_signer_list && !assert_signer_true)
rc = 1;
else if (opt.assert_pubkey_algos && assert_pubkey_algo_false)
rc = 1;
/* If we had an error but not printed an error message, do it now. /* If we had an error but not printed an error message, do it now.
* Note that write_status_failure will never print a second failure * Note that write_status_failure will never print a second failure
* status line. */ * status line. */
@ -5495,15 +5532,6 @@ g10_exit( int rc )
gnupg_block_all_signals (); gnupg_block_all_signals ();
emergency_cleanup (); emergency_cleanup ();
if (rc)
;
else if (log_get_errorcount(0))
rc = 2;
else if (g10_errors_seen)
rc = 1;
else if (opt.assert_signer_list && !assert_signer_true)
rc = 1;
exit (rc); exit (rc);
} }

View File

@ -68,6 +68,7 @@ enum cmd_and_opt_values {
oWeakDigest, oWeakDigest,
oEnableSpecialFilenames, oEnableSpecialFilenames,
oDebug, oDebug,
oAssertPubkeyAlgo,
aTest aTest
}; };
@ -91,6 +92,7 @@ static gpgrt_opt_t opts[] = {
N_("|ALGO|reject signatures made with ALGO")), N_("|ALGO|reject signatures made with ALGO")),
ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"), ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
ARGPARSE_s_s (oDebug, "debug", "@"), ARGPARSE_s_s (oDebug, "debug", "@"),
ARGPARSE_s_s (oAssertPubkeyAlgo,"assert-pubkey-algo", "@"),
ARGPARSE_end () ARGPARSE_end ()
}; };
@ -119,6 +121,7 @@ static struct debug_flags_s debug_flags [] =
int g10_errors_seen = 0; int g10_errors_seen = 0;
int assert_signer_true = 0; int assert_signer_true = 0;
int assert_pubkey_algo_false = 0;
static char * static char *
make_libversion (const char *libname, const char *(*getfnc)(const char*)) make_libversion (const char *libname, const char *(*getfnc)(const char*))
@ -251,6 +254,19 @@ main( int argc, char **argv )
case oEnableSpecialFilenames: case oEnableSpecialFilenames:
enable_special_filenames (); enable_special_filenames ();
break; break;
case oAssertPubkeyAlgo:
if (!opt.assert_pubkey_algos)
opt.assert_pubkey_algos = xstrdup (pargs.r.ret_str);
else
{
char *tmp = opt.assert_pubkey_algos;
opt.assert_pubkey_algos = xstrconcat (tmp, ",",
pargs.r.ret_str, NULL);
xfree (tmp);
}
break;
default : pargs.err = ARGPARSE_PRINT_ERROR; break; default : pargs.err = ARGPARSE_PRINT_ERROR; break;
} }
} }
@ -290,7 +306,15 @@ main( int argc, char **argv )
void void
g10_exit (int rc) g10_exit (int rc)
{ {
rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0; if (rc)
;
else if (log_get_errorcount(0))
rc = 2;
else if (g10_errors_seen)
rc = 1;
else if (opt.assert_pubkey_algos && assert_pubkey_algo_false)
rc = 1;
exit (rc); exit (rc);
} }

View File

@ -2081,7 +2081,9 @@ import_one_real (ctrl_t ctrl,
{ {
merge_keys_and_selfsig (ctrl, keyblock); merge_keys_and_selfsig (ctrl, keyblock);
clean_all_uids (ctrl, keyblock, clean_all_uids (ctrl, keyblock,
opt.verbose, (options&IMPORT_MINIMAL), NULL, NULL); opt.verbose,
(options&IMPORT_MINIMAL)? EXPORT_MINIMAL : 0,
NULL, NULL);
clean_all_subkeys (ctrl, keyblock, opt.verbose, KEY_CLEAN_NONE, clean_all_subkeys (ctrl, keyblock, opt.verbose, KEY_CLEAN_NONE,
NULL, NULL); NULL, NULL);
} }
@ -2233,7 +2235,8 @@ import_one_real (ctrl_t ctrl,
if ((options & IMPORT_CLEAN)) if ((options & IMPORT_CLEAN))
{ {
merge_keys_and_selfsig (ctrl, keyblock); merge_keys_and_selfsig (ctrl, keyblock);
clean_all_uids (ctrl, keyblock, opt.verbose, (options&IMPORT_MINIMAL), clean_all_uids (ctrl, keyblock, opt.verbose,
(options&IMPORT_MINIMAL)? EXPORT_MINIMAL : 0,
&n_uids_cleaned,&n_sigs_cleaned); &n_uids_cleaned,&n_sigs_cleaned);
clean_all_subkeys (ctrl, keyblock, opt.verbose, KEY_CLEAN_NONE, clean_all_subkeys (ctrl, keyblock, opt.verbose, KEY_CLEAN_NONE,
NULL, NULL); NULL, NULL);
@ -2331,7 +2334,7 @@ import_one_real (ctrl_t ctrl,
{ {
merge_keys_and_selfsig (ctrl, keyblock_orig); merge_keys_and_selfsig (ctrl, keyblock_orig);
clean_all_uids (ctrl, keyblock_orig, opt.verbose, clean_all_uids (ctrl, keyblock_orig, opt.verbose,
(options&IMPORT_MINIMAL), (options&IMPORT_MINIMAL)? EXPORT_MINIMAL : 0,
&n_uids_cleaned,&n_sigs_cleaned); &n_uids_cleaned,&n_sigs_cleaned);
clean_all_subkeys (ctrl, keyblock_orig, opt.verbose, KEY_CLEAN_NONE, clean_all_subkeys (ctrl, keyblock_orig, opt.verbose, KEY_CLEAN_NONE,
NULL, NULL); NULL, NULL);

View File

@ -91,6 +91,7 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
continue; continue;
} }
node->flag |= 1<<NF_CONSIDER; node->flag |= 1<<NF_CONSIDER;
} }
/* Reset the remaining flags. */ /* Reset the remaining flags. */
for (; node; node = node->next) for (; node; node = node->next)
@ -215,9 +216,22 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
} }
/* Return true if the signature at NODE has is from a key specified by
* the --trusted-key option and is exportable. */
static int
is_trusted_key_sig (kbnode_t node)
{
if (!node->pkt->pkt.signature->flags.exportable)
return 0;
/* Not yet implemented. */
return 0;
}
/* Note: OPTIONS are from the EXPORT_* set. */
static int static int
clean_sigs_from_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode, clean_sigs_from_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
int noisy, int self_only) int noisy, unsigned int options)
{ {
int deleted = 0; int deleted = 0;
kbnode_t node; kbnode_t node;
@ -256,8 +270,15 @@ clean_sigs_from_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
{ {
int keep; int keep;
keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0] if ((options & EXPORT_REALCLEAN))
&& node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1; keep = ((node->pkt->pkt.signature->keyid[0] == keyid[0]
&& node->pkt->pkt.signature->keyid[1] == keyid[1])
|| is_trusted_key_sig (node));
else if ((options & EXPORT_MINIMAL))
keep = (node->pkt->pkt.signature->keyid[0] == keyid[0]
&& node->pkt->pkt.signature->keyid[1] == keyid[1]);
else
keep = 1;
/* Keep usable uid sigs ... */ /* Keep usable uid sigs ... */
if ((node->flag & (1<<NF_USABLE)) && keep) if ((node->flag & (1<<NF_USABLE)) && keep)
@ -364,10 +385,12 @@ clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
} }
/* Needs to be called after a merge_keys_and_selfsig() */ /* Needs to be called after a merge_keys_and_selfsig().
* Note: OPTIONS are from the EXPORT_* set. */
void void
clean_one_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode, clean_one_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
int noisy, int self_only, int *uids_cleaned, int *sigs_cleaned) int noisy, unsigned int options,
int *uids_cleaned, int *sigs_cleaned)
{ {
int dummy = 0; int dummy = 0;
@ -386,15 +409,15 @@ clean_one_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
*uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy); *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
if (!uidnode->pkt->pkt.user_id->flags.compacted) if (!uidnode->pkt->pkt.user_id->flags.compacted)
*sigs_cleaned += clean_sigs_from_uid (ctrl, keyblock, uidnode, *sigs_cleaned += clean_sigs_from_uid (ctrl, keyblock, uidnode,
noisy, self_only); noisy, options);
} }
/* NB: This function marks the deleted nodes only and the caller is /* NB: This function marks the deleted nodes only and the caller is
* responsible to skip or remove them. Needs to be called after a * responsible to skip or remove them. Needs to be called after a
* merge_keys_and_selfsig(). */ * merge_keys_and_selfsig. Note: OPTIONS are from the EXPORT_* set. */
void void
clean_all_uids (ctrl_t ctrl, kbnode_t keyblock, int noisy, int self_only, clean_all_uids (ctrl_t ctrl, kbnode_t keyblock, int noisy, unsigned int options,
int *uids_cleaned, int *sigs_cleaned) int *uids_cleaned, int *sigs_cleaned)
{ {
kbnode_t node; kbnode_t node;
@ -405,7 +428,7 @@ clean_all_uids (ctrl_t ctrl, kbnode_t keyblock, int noisy, int self_only,
node = node->next) node = node->next)
{ {
if (node->pkt->pkttype == PKT_USER_ID) if (node->pkt->pkttype == PKT_USER_ID)
clean_one_uid (ctrl, keyblock, node, noisy, self_only, clean_one_uid (ctrl, keyblock, node, noisy, options,
uids_cleaned, sigs_cleaned); uids_cleaned, sigs_cleaned);
} }

View File

@ -40,9 +40,10 @@ void mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
u32 curtime, u32 *next_expire); u32 curtime, u32 *next_expire);
void clean_one_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode, void clean_one_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
int noisy, int self_only, int noisy, unsigned int options,
int *uids_cleaned, int *sigs_cleaned); int *uids_cleaned, int *sigs_cleaned);
void clean_all_uids (ctrl_t ctrl, kbnode_t keyblock, int noisy, int self_only, void clean_all_uids (ctrl_t ctrl, kbnode_t keyblock,
int noisy, unsigned int options,
int *uids_cleaned,int *sigs_cleaned); int *uids_cleaned,int *sigs_cleaned);
void clean_all_subkeys (ctrl_t ctrl, kbnode_t keyblock, void clean_all_subkeys (ctrl_t ctrl, kbnode_t keyblock,
int noisy, int clean_level, int noisy, int clean_level,

View File

@ -487,6 +487,7 @@ const char *key_origin_string (int origin);
/*-- keyid.c --*/ /*-- keyid.c --*/
int pubkey_letter( int algo ); int pubkey_letter( int algo );
char *pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize); char *pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize);
int compare_pubkey_string (const char *astr, const char *bstr);
#define PUBKEY_STRING_SIZE 32 #define PUBKEY_STRING_SIZE 32
u32 v3_keyid (gcry_mpi_t a, u32 *ki); u32 v3_keyid (gcry_mpi_t a, u32 *ki);
void hash_public_key( gcry_md_hd_t md, PKT_public_key *pk ); void hash_public_key( gcry_md_hd_t md, PKT_public_key *pk );
@ -572,6 +573,7 @@ const char *colon_expirestr_from_sig (PKT_signature *sig);
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len ); byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
byte *v5_fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len); byte *v5_fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len);
void fpr20_from_pk (PKT_public_key *pk, byte array[20]); void fpr20_from_pk (PKT_public_key *pk, byte array[20]);
void fpr20_from_fpr (const byte *fpr, unsigned int fprlen, byte array[20]);
char *hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen); char *hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen);
char *v5hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen); char *v5hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen);
char *format_hexfingerprint (const char *fingerprint, char *format_hexfingerprint (const char *fingerprint,

View File

@ -70,7 +70,7 @@ static int menu_adduid (ctrl_t ctrl, kbnode_t keyblock,
int photo, const char *photo_name, const char *uidstr); int photo, const char *photo_name, const char *uidstr);
static void menu_deluid (KBNODE pub_keyblock); static void menu_deluid (KBNODE pub_keyblock);
static int menu_delsig (ctrl_t ctrl, kbnode_t pub_keyblock); static int menu_delsig (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_clean (ctrl_t ctrl, kbnode_t keyblock, int self_only); static int menu_clean (ctrl_t ctrl, kbnode_t keyblock, unsigned int options);
static void menu_delkey (KBNODE pub_keyblock); static void menu_delkey (KBNODE pub_keyblock);
static int menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive); static int menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive);
static int menu_addadsk (ctrl_t ctrl, kbnode_t pub_keyblock, static int menu_addadsk (ctrl_t ctrl, kbnode_t pub_keyblock,
@ -2258,7 +2258,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break; break;
case cmdMINIMIZE: case cmdMINIMIZE:
if (menu_clean (ctrl, keyblock, 1)) if (menu_clean (ctrl, keyblock, EXPORT_MINIMAL))
redisplay = modified = 1; redisplay = modified = 1;
break; break;
@ -4543,11 +4543,13 @@ menu_delsig (ctrl_t ctrl, kbnode_t pub_keyblock)
} }
/* Note: OPTIONS are from the EXPORT_* set. */
static int static int
menu_clean (ctrl_t ctrl, kbnode_t keyblock, int self_only) menu_clean (ctrl_t ctrl, kbnode_t keyblock, unsigned int options)
{ {
KBNODE uidnode; KBNODE uidnode;
int modified = 0, select_all = !count_selected_uids (keyblock); int modified = 0;
int select_all = !count_selected_uids (keyblock);
for (uidnode = keyblock->next; for (uidnode = keyblock->next;
uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY; uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
@ -4561,8 +4563,8 @@ menu_clean (ctrl_t ctrl, kbnode_t keyblock, int self_only)
uidnode->pkt->pkt.user_id->len, uidnode->pkt->pkt.user_id->len,
0); 0);
clean_one_uid (ctrl, keyblock, uidnode, opt.verbose, self_only, &uids, clean_one_uid (ctrl, keyblock, uidnode, opt.verbose, options,
&sigs); &uids, &sigs);
if (uids) if (uids)
{ {
const char *reason; const char *reason;
@ -4587,7 +4589,7 @@ menu_clean (ctrl_t ctrl, kbnode_t keyblock, int self_only)
} }
else else
{ {
tty_printf (self_only == 1 ? tty_printf ((options & EXPORT_MINIMAL)?
_("User ID \"%s\": already minimized\n") : _("User ID \"%s\": already minimized\n") :
_("User ID \"%s\": already clean\n"), user); _("User ID \"%s\": already clean\n"), user);
} }

View File

@ -145,6 +145,130 @@ pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize)
} }
/* Helper for compare_pubkey_string. This skips leading spaces,
* commas and optional condition operators and returns a pointer to
* the first non-space character or NULL in case of an error. The
* length of a prefix consisting of letters is then returned ar PFXLEN
* and the value of the number (e.g. 384 for "brainpoolP384r1") at
* NUMBER. R_LENGTH receives the entire length of the algorithm name
* which is terminated by a space, nul, or a comma. If R_CONDITION is
* not NULL, 0 is stored for a leading "=", 1 for a ">", 2 for a ">=",
* -1 for a "<", and -2 for a "<=". If R_CONDITION is NULL no
* condition prefix is allowed. */
static const char *
parse_one_algo_string (const char *str, size_t *pfxlen, unsigned int *number,
size_t *r_length, int *r_condition)
{
int condition = 0;
const char *result;
while (spacep (str) || *str ==',')
str++;
if (!r_condition)
;
else if (*str == '>' && str[1] == '=')
condition = 2, str += 2;
else if (*str == '>' )
condition = 1, str += 1;
else if (*str == '<' && str[1] == '=')
condition = -2, str += 2;
else if (*str == '<')
condition = -1, str += 1;
else if (*str == '=') /* Default. */
str += 1;
if (!alphap (str))
return NULL; /* Error. */
*pfxlen = 1;
for (result = str++; alphap (str); str++)
++*pfxlen;
while (*str == '-' || *str == '+')
str++;
*number = atoi (str);
while (*str && !spacep (str) && *str != ',')
str++;
*r_length = str - result;
if (r_condition)
*r_condition = condition;
return result;
}
/* Helper for compare_pubkey_string. If BPARSED is set to 0 on
* return, an error in ASTR or BSTR was found and further checks are
* not possible. */
static int
compare_pubkey_string_part (const char *astr, const char *bstr_arg,
size_t *bparsed)
{
const char *bstr = bstr_arg;
size_t alen, apfxlen, blen, bpfxlen;
unsigned int anumber, bnumber;
int condition;
*bparsed = 0;
astr = parse_one_algo_string (astr, &apfxlen, &anumber, &alen, &condition);
if (!astr)
return 0; /* Invalid algorithm name. */
bstr = parse_one_algo_string (bstr, &bpfxlen, &bnumber, &blen, &condition);
if (!bstr)
return 0; /* Invalid algorithm name. */
*bparsed = blen + (bstr - bstr_arg);
if (apfxlen != bpfxlen || ascii_strncasecmp (astr, bstr, apfxlen))
return 0; /* false. */
switch (condition)
{
case 2: return anumber >= bnumber;
case 1: return anumber > bnumber;
case -1: return anumber < bnumber;
case -2: return anumber <= bnumber;
}
return alen == blen && !ascii_strncasecmp (astr, bstr, alen);
}
/* Check whether ASTR matches the constraints given by BSTR. ASTR may
* be any algo string like "rsa2048", "ed25519" and BSTR may be a
* constraint which is in the simplest case just another algo string.
* BSTR may have more that one string in which case they are comma
* separated and any match will return true. It is possible to prefix
* BSTR with ">", ">=", "<=", or "<". That prefix operator is applied
* to the number part of the algorithm, i.e. the first sequence of
* digits found before end-of-string or a comma. Examples:
*
* | ASTR | BSTR | result |
* |----------+----------------------+--------|
* | rsa2048 | rsa2048 | true |
* | rsa2048 | >=rsa2048 | true |
* | rsa2048 | >rsa2048 | false |
* | ed25519 | >rsa1024 | false |
* | ed25519 | ed25519 | true |
* | nistp384 | >nistp256 | true |
* | nistp521 | >=rsa3072, >nistp384 | true |
*/
int
compare_pubkey_string (const char *astr, const char *bstr)
{
size_t bparsed;
int result;
while (*bstr)
{
result = compare_pubkey_string_part (astr, bstr, &bparsed);
if (result)
return 1;
if (!bparsed)
return 0; /* Syntax error in ASTR or BSTR. */
bstr += bparsed;
}
return 0;
}
/* Hash a public key and allow to specify the to be used format. /* Hash a public key and allow to specify the to be used format.
* Note that if the v5 format is requested for a v4 key, a 0x04 as * Note that if the v5 format is requested for a v4 key, a 0x04 as
* version is hashed instead of the 0x05. */ * version is hashed instead of the 0x05. */
@ -239,20 +363,16 @@ do_hash_public_key (gcry_md_hd_t md, PKT_public_key *pk, int use_v5)
if (use_v5) if (use_v5)
{ {
gcry_md_putc ( md, 0x9a ); /* ctb */ gcry_md_putc ( md, 0x9a ); /* ctb */
gcry_md_putc ( md, n >> 24 ); /* 4 byte length header */ gcry_md_putc ( md, n >> 24 ); /* 4 byte length header (upper bits) */
gcry_md_putc ( md, n >> 16 ); gcry_md_putc ( md, n >> 16 );
gcry_md_putc ( md, n >> 8 );
gcry_md_putc ( md, n );
/* Note that the next byte may either be 4 or 5. */
gcry_md_putc ( md, pk->version );
} }
else else
{ {
gcry_md_putc ( md, 0x99 ); /* ctb */ gcry_md_putc ( md, 0x99 ); /* ctb */
gcry_md_putc ( md, n >> 8 ); /* 2 byte length header */ }
gcry_md_putc ( md, n >> 8 ); /* lower bits of the length header. */
gcry_md_putc ( md, n ); gcry_md_putc ( md, n );
gcry_md_putc ( md, pk->version ); gcry_md_putc ( md, pk->version );
}
gcry_md_putc ( md, pk->timestamp >> 24 ); gcry_md_putc ( md, pk->timestamp >> 24 );
gcry_md_putc ( md, pk->timestamp >> 16 ); gcry_md_putc ( md, pk->timestamp >> 16 );
gcry_md_putc ( md, pk->timestamp >> 8 ); gcry_md_putc ( md, pk->timestamp >> 8 );
@ -260,7 +380,7 @@ do_hash_public_key (gcry_md_hd_t md, PKT_public_key *pk, int use_v5)
gcry_md_putc ( md, pk->pubkey_algo ); gcry_md_putc ( md, pk->pubkey_algo );
if (use_v5) if (use_v5) /* Hash the 32 bit length */
{ {
n -= 10; n -= 10;
gcry_md_putc ( md, n >> 24 ); gcry_md_putc ( md, n >> 24 );
@ -935,6 +1055,32 @@ v5_fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
} }
/*
* This is the core of fpr20_from_pk which directly takes a
* fingerprint and its length instead of the public key. See below
* for details.
*/
void
fpr20_from_fpr (const byte *fpr, unsigned int fprlen, byte array[20])
{
if (fprlen >= 32) /* v5 fingerprint (or larger) */
{
memcpy (array + 0, fpr + 20, 4);
memcpy (array + 4, fpr + 24, 4);
memcpy (array + 8, fpr + 28, 4);
memcpy (array + 12, fpr + 0, 4); /* kid[0] */
memcpy (array + 16, fpr + 4, 4); /* kid[1] */
}
else if (fprlen == 20) /* v4 fingerprint */
memcpy (array, fpr, 20);
else /* v3 or too short: fill up with zeroes. */
{
memset (array, 0, 20);
memcpy (array, fpr, fprlen);
}
}
/* /*
* Get FPR20 for the given PK/SK into ARRAY. * Get FPR20 for the given PK/SK into ARRAY.
* *
@ -951,19 +1097,7 @@ fpr20_from_pk (PKT_public_key *pk, byte array[20])
if (!pk->fprlen) if (!pk->fprlen)
compute_fingerprint (pk); compute_fingerprint (pk);
if (!array) fpr20_from_fpr (pk->fpr, pk->fprlen, array);
array = xmalloc (pk->fprlen);
if (pk->fprlen == 32) /* v5 fingerprint */
{
memcpy (array + 0, pk->fpr + 20, 4);
memcpy (array + 4, pk->fpr + 24, 4);
memcpy (array + 8, pk->fpr + 28, 4);
memcpy (array + 12, pk->fpr + 0, 4); /* kid[0] */
memcpy (array + 16, pk->fpr + 4, 4); /* kid[1] */
}
else /* v4 fingerprint */
memcpy (array, pk->fpr, 20);
} }

View File

@ -84,6 +84,7 @@ struct weakhash
/*-- gpg.c --*/ /*-- gpg.c --*/
extern int g10_errors_seen; extern int g10_errors_seen;
extern int assert_signer_true; extern int assert_signer_true;
extern int assert_pubkey_algo_false;
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ) #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
void g10_exit(int rc) __attribute__ ((__noreturn__)); void g10_exit(int rc) __attribute__ ((__noreturn__));
@ -495,6 +496,7 @@ int verify_files (ctrl_t ctrl, int nfiles, char **files );
int gpg_verify (ctrl_t ctrl, gnupg_fd_t sig_fd, gnupg_fd_t data_fd, int gpg_verify (ctrl_t ctrl, gnupg_fd_t sig_fd, gnupg_fd_t data_fd,
estream_t out_fp); estream_t out_fp);
void check_assert_signer_list (const char *mainpkhex, const char *pkhex); void check_assert_signer_list (const char *mainpkhex, const char *pkhex);
void check_assert_pubkey_algo (const char *algostr, const char *pkhex);
/*-- decrypt.c --*/ /*-- decrypt.c --*/
int decrypt_message (ctrl_t ctrl, const char *filename ); int decrypt_message (ctrl_t ctrl, const char *filename );

View File

@ -898,7 +898,7 @@ proc_encrypted (CTX c, PACKET *pkt)
* encrypted packet. */ * encrypted packet. */
literals_seen++; literals_seen++;
/* The --require-compliance option allows to simplify decryption in /* The --require-compliance option allows one to simplify decryption in
* de-vs compliance mode by just looking at the exit status. */ * de-vs compliance mode by just looking at the exit status. */
if (opt.flags.require_compliance if (opt.flags.require_compliance
&& opt.compliance == CO_DE_VS && opt.compliance == CO_DE_VS
@ -1876,6 +1876,8 @@ check_sig_and_print (CTX c, kbnode_t node)
const void *extrahash = NULL; const void *extrahash = NULL;
size_t extrahashlen = 0; size_t extrahashlen = 0;
kbnode_t included_keyblock = NULL; kbnode_t included_keyblock = NULL;
char pkstrbuf[PUBKEY_STRING_SIZE] = { 0 };
if (opt.skip_verify) if (opt.skip_verify)
{ {
@ -2409,8 +2411,14 @@ check_sig_and_print (CTX c, kbnode_t node)
show_notation (sig, 0, 2, 0); show_notation (sig, 0, 2, 0);
} }
/* Fill PKSTRBUF with the algostring in case we later need it. */
if (pk)
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
/* For good signatures print the VALIDSIG status line. */ /* For good signatures print the VALIDSIG status line. */
if (!rc && (is_status_enabled () || opt.assert_signer_list) && pk) if (!rc && (is_status_enabled ()
|| opt.assert_signer_list
|| opt.assert_pubkey_algos) && pk)
{ {
char pkhex[MAX_FINGERPRINT_LEN*2+1]; char pkhex[MAX_FINGERPRINT_LEN*2+1];
char mainpkhex[MAX_FINGERPRINT_LEN*2+1]; char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
@ -2432,6 +2440,8 @@ check_sig_and_print (CTX c, kbnode_t node)
mainpkhex); mainpkhex);
/* Handle the --assert-signer option. */ /* Handle the --assert-signer option. */
check_assert_signer_list (mainpkhex, pkhex); check_assert_signer_list (mainpkhex, pkhex);
/* Handle the --assert-pubkey-algo option. */
check_assert_pubkey_algo (pkstrbuf, pkhex);
} }
/* Print compliance warning for Good signatures. */ /* Print compliance warning for Good signatures. */
@ -2464,13 +2474,6 @@ check_sig_and_print (CTX c, kbnode_t node)
if (opt.verbose) if (opt.verbose)
{ {
char pkstrbuf[PUBKEY_STRING_SIZE];
if (pk)
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
else
*pkstrbuf = 0;
log_info (_("%s signature, digest algorithm %s%s%s\n"), log_info (_("%s signature, digest algorithm %s%s%s\n"),
sig->sig_class==0x00?_("binary"): sig->sig_class==0x00?_("binary"):
sig->sig_class==0x01?_("textmode"):_("unknown"), sig->sig_class==0x01?_("textmode"):_("unknown"),

View File

@ -126,9 +126,9 @@ struct
int marginals_needed; int marginals_needed;
int completes_needed; int completes_needed;
int max_cert_depth; int max_cert_depth;
const char *agent_program; char *agent_program;
const char *keyboxd_program; char *keyboxd_program;
const char *dirmngr_program; char *dirmngr_program;
int disable_dirmngr; int disable_dirmngr;
const char *def_new_key_algo; const char *def_new_key_algo;
@ -241,6 +241,10 @@ struct
* modify to be uppercase if they represent a fingerrint */ * modify to be uppercase if they represent a fingerrint */
strlist_t assert_signer_list; strlist_t assert_signer_list;
/* A single string with the comma delimited args from
* --assert-pubkey_algo. */
char *assert_pubkey_algos;
struct struct
{ {
/* If set, require an 0x19 backsig to be present on signatures /* If set, require an 0x19 backsig to be present on signatures
@ -414,12 +418,13 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
#define EXPORT_ATTRIBUTES (1<<1) #define EXPORT_ATTRIBUTES (1<<1)
#define EXPORT_SENSITIVE_REVKEYS (1<<2) #define EXPORT_SENSITIVE_REVKEYS (1<<2)
#define EXPORT_RESET_SUBKEY_PASSWD (1<<3) #define EXPORT_RESET_SUBKEY_PASSWD (1<<3)
#define EXPORT_MINIMAL (1<<4) #define EXPORT_MINIMAL (1<<5)
#define EXPORT_CLEAN (1<<5) #define EXPORT_CLEAN (1<<6)
#define EXPORT_DANE_FORMAT (1<<7) #define EXPORT_DANE_FORMAT (1<<7)
#define EXPORT_BACKUP (1<<10) #define EXPORT_BACKUP (1<<10)
#define EXPORT_REVOCS (1<<11) #define EXPORT_REVOCS (1<<11)
#define EXPORT_MODE1003 (1<<12) #define EXPORT_MODE1003 (1<<12)
#define EXPORT_REALCLEAN (1<<13)
#define LIST_SHOW_PHOTOS (1<<0) #define LIST_SHOW_PHOTOS (1<<0)
#define LIST_SHOW_POLICY_URLS (1<<1) #define LIST_SHOW_POLICY_URLS (1<<1)

View File

@ -67,12 +67,3 @@ do_test (int argc, char *argv[])
release_kbnode (kb1); release_kbnode (kb1);
xfree (ctrl); xfree (ctrl);
} }
int assert_signer_true = 0;
void
check_assert_signer_list (const char *mainpkhex, const char *pkhex)
{
(void)mainpkhex;
(void)pkhex;
}

View File

@ -105,13 +105,3 @@ do_test (int argc, char *argv[])
keydb_release (hd2); keydb_release (hd2);
xfree (ctrl); xfree (ctrl);
} }
int assert_signer_true = 0;
void
check_assert_signer_list (const char *mainpkhex, const char *pkhex)
{
(void)mainpkhex;
(void)pkhex;
}

129
g10/t-keyid.c Normal file
View File

@ -0,0 +1,129 @@
/* t-keyid.c - Tests for keyid.c.
* Copyright (C) 2024 g10 Code GmbH
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define LEAN_T_SUPPORT 1
#define PGM "t-keyid"
#include "gpg.h"
#include "keydb.h"
#include "../common/t-support.h"
static int verbose;
static void
test_compare_pubkey_string (void)
{
static struct { const char *astr; const char *bstr; int expected; } t[] =
{
{ "rsa2048" , "rsa2048" , 1 },
{ "rsa2048" , ">=rsa2048" , 1 },
{ "rsa2048" , ">rsa2048" , 0 },
{ "ed25519" , ">rsa1024" , 0 },
{ "ed25519" , "ed25519" , 1 },
{ "ed25519" , ",,,=ed25519" , 1 },
{ "nistp384" , ">nistp256" , 1 },
{ "nistp521" , ">=rsa3072, >nistp384", 1 },
{ " nistp521" , ">=rsa3072, >nistp384 ", 1 },
{ " nistp521 " , " >=rsa3072, >nistp384 ", 1 },
{ " =nistp521 " , " >=rsa3072, >nistp384,,", 1 },
{ "nistp384" , ">nistp384" , 0 },
{ "nistp384" , ">=nistp384" , 1 },
{ "brainpoolP384" , ">=brainpoolp256", 1 },
{ "brainpoolP384" , ">brainpoolp384" , 0 },
{ "brainpoolP384" , ">=brainpoolp384", 1 },
{ "brainpoolP256r1", ">brainpoolp256r1", 0 },
{ "brainpoolP384r1", ">brainpoolp384r1" , 0 },
{ "brainpoolP384r1", ">=brainpoolp384r1", 1 },
{ "brainpoolP384r1", ">=brainpoolp384" , 1 },
{ "", "", 0}
};
int idx;
int result;
for (idx=0; idx < DIM(t); idx++)
{
result = compare_pubkey_string (t[idx].astr, t[idx].bstr);
if (result != t[idx].expected)
{
fail (idx);
if (verbose)
log_debug ("\"%s\", \"%s\" want %d got %d\n",
t[idx].astr, t[idx].bstr, t[idx].expected, result);
}
}
}
int
main (int argc, char **argv)
{
int last_argc = -1;
no_exit_on_fail = 1;
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--help"))
{
fputs ("usage: " PGM " [FILE]\n"
"Options:\n"
" --verbose Print timings etc.\n"
" --debug Flyswatter\n"
, stdout);
exit (0);
}
else if (!strcmp (*argv, "--verbose"))
{
verbose++;
argc--; argv++;
}
else if (!strcmp (*argv, "--debug"))
{
verbose += 2;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
{
fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
exit (1);
}
}
test_compare_pubkey_string ();
return !!errcount;
}

View File

@ -611,12 +611,3 @@ do_test (int argc, char *argv[])
xfree (filename); xfree (filename);
} }
int assert_signer_true = 0;
void
check_assert_signer_list (const char *mainpkhex, const char *pkhex)
{
(void)mainpkhex;
(void)pkhex;
}

View File

@ -190,7 +190,11 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
while (fprlen < MAX_FINGERPRINT_LEN) while (fprlen < MAX_FINGERPRINT_LEN)
fpr[fprlen++] = 0; fpr[fprlen++] = 0;
rc = tdbio_search_trust_byfpr (ctrl, fpr, &rec); /* FIXME: The intention is to save the special fpr20 as used
* in the trustdb here. However, the above conversions seems
* not to be aware of this. Or why does it allow up to
* MAX_FINGERPRINT_LEN ? */
rc = tdbio_search_trust_byfpr (ctrl, fpr, 20, &rec);
if( !rc ) { /* found: update */ if( !rc ) { /* found: update */
if (rec.r.trust.ownertrust != otrust) if (rec.r.trust.ownertrust != otrust)
{ {

View File

@ -1864,13 +1864,21 @@ cmp_trec_fpr ( const void *fpr, const TRUSTREC *rec )
* Return: 0 if found, GPG_ERR_NOT_FOUND, or another error code. * Return: 0 if found, GPG_ERR_NOT_FOUND, or another error code.
*/ */
gpg_error_t gpg_error_t
tdbio_search_trust_byfpr (ctrl_t ctrl, const byte *fingerprint, TRUSTREC *rec) tdbio_search_trust_byfpr (ctrl_t ctrl, const byte *fpr, unsigned int fprlen,
TRUSTREC *rec)
{ {
int rc; int rc;
byte fingerprint[20];
if (fprlen != 20)
{
fpr20_from_fpr (fpr, fprlen, fingerprint);
fpr = fingerprint;
}
/* Locate the trust record using the hash table */ /* Locate the trust record using the hash table */
rc = lookup_hashtable (get_trusthashrec (ctrl), fingerprint, 20, rc = lookup_hashtable (get_trusthashrec (ctrl), fpr, 20,
cmp_trec_fpr, fingerprint, rec ); cmp_trec_fpr, fpr, rec);
return rc; return rc;
} }
@ -1887,7 +1895,7 @@ tdbio_search_trust_bypk (ctrl_t ctrl, PKT_public_key *pk, TRUSTREC *rec)
byte fingerprint[20]; byte fingerprint[20];
fpr20_from_pk (pk, fingerprint); fpr20_from_pk (pk, fingerprint);
return tdbio_search_trust_byfpr (ctrl, fingerprint, rec); return tdbio_search_trust_byfpr (ctrl, fingerprint, 20, rec);
} }

View File

@ -111,7 +111,8 @@ int tdbio_end_transaction(void);
int tdbio_cancel_transaction(void); int tdbio_cancel_transaction(void);
int tdbio_delete_record (ctrl_t ctrl, ulong recnum); int tdbio_delete_record (ctrl_t ctrl, ulong recnum);
ulong tdbio_new_recnum (ctrl_t ctrl); ulong tdbio_new_recnum (ctrl_t ctrl);
gpg_error_t tdbio_search_trust_byfpr (ctrl_t ctrl, const byte *fingerprint, gpg_error_t tdbio_search_trust_byfpr (ctrl_t ctrl,
const byte *fpr, unsigned int fprlen,
TRUSTREC *rec); TRUSTREC *rec);
gpg_error_t tdbio_search_trust_bypk (ctrl_t ctrl, PKT_public_key *pk, gpg_error_t tdbio_search_trust_bypk (ctrl_t ctrl, PKT_public_key *pk,
TRUSTREC *rec); TRUSTREC *rec);

View File

@ -43,6 +43,9 @@
#include "call-agent.h" #include "call-agent.h"
int g10_errors_seen; int g10_errors_seen;
int assert_signer_true = 0;
int assert_pubkey_algo_false = 0;
void void
@ -580,3 +583,18 @@ impex_filter_getval (void *cookie, const char *propname)
(void)propname; (void)propname;
return NULL; return NULL;
} }
void
check_assert_signer_list (const char *mainpkhex, const char *pkhex)
{
(void)mainpkhex;
(void)pkhex;
}
void
check_assert_pubkey_algo (const char *algostr, const char *pkhex)
{
(void)algostr;
(void)pkhex;
}

View File

@ -15,6 +15,7 @@
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>. * along with this program; if not, see <https://www.gnu.org/licenses/>.
* SPDX-License-Identifier: GPL-3.0-or-later
*/ */
#include <config.h> #include <config.h>

View File

@ -39,8 +39,52 @@
#include "tofu.h" #include "tofu.h"
#include "key-clean.h" #include "key-clean.h"
typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
/*
* Structure to keep track of keys, this is used as an array where the
* item right after the last one has a keyblock set to NULL. Maybe we
* can drop this thing and replace it by key_item
*/
struct key_array
{
KBNODE keyblock;
};
/* Control information for the trust DB. */
static struct
{
int init;
int level;
char *dbname;
int no_trustdb;
} trustdb_args;
/* Some globals. */
static struct key_item *utk_list; /* all ultimately trusted keys */
/* A list used to temporary store trusted keys and a flag indicated
* whether any --trusted-key option has been seen. */
static struct key_item *trusted_key_list;
static int any_trusted_key_seen;
/* Flag whether a trustdb check is pending. */
static int pending_check_trustdb;
static void write_record (ctrl_t ctrl, TRUSTREC *rec); static void write_record (ctrl_t ctrl, TRUSTREC *rec);
static void do_sync (void); static void do_sync (void);
static int validate_keys (ctrl_t ctrl, int interactive);
/**********************************************
************* some helpers *******************
**********************************************/
@ -54,7 +98,7 @@ keyid_from_fpr20 (ctrl_t ctrl, const byte *fpr, u32 *keyid)
keyid = dummy_keyid; keyid = dummy_keyid;
/* Problem: We do only use fingerprints in the trustdb but /* Problem: We do only use fingerprints in the trustdb but
* we need the keyID here to indetify the key; we can only * we need the keyID here to identify the key; we can only
* use that ugly hack to distinguish between 16 and 20 * use that ugly hack to distinguish between 16 and 20
* bytes fpr - it does not work always so we better change * bytes fpr - it does not work always so we better change
* the whole validation code to only work with * the whole validation code to only work with
@ -88,40 +132,6 @@ keyid_from_fpr20 (ctrl_t ctrl, const byte *fpr, u32 *keyid)
return keyid[1]; return keyid[1];
} }
typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
/*
* Structure to keep track of keys, this is used as an array wherre
* the item right after the last one has a keyblock set to NULL.
* Maybe we can drop this thing and replace it by key_item
*/
struct key_array
{
KBNODE keyblock;
};
/* Control information for the trust DB. */
static struct
{
int init;
int level;
char *dbname;
int no_trustdb;
} trustdb_args;
/* Some globals. */
static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */
static struct key_item *utk_list; /* all ultimately trusted keys */
static int pending_check_trustdb;
static int validate_keys (ctrl_t ctrl, int interactive);
/**********************************************
************* some helpers *******************
**********************************************/
static struct key_item * static struct key_item *
new_key_item (void) new_key_item (void)
@ -245,11 +255,19 @@ tdb_register_trusted_keyid (u32 *keyid)
k = new_key_item (); k = new_key_item ();
k->kid[0] = keyid[0]; k->kid[0] = keyid[0];
k->kid[1] = keyid[1]; k->kid[1] = keyid[1];
k->next = user_utk_list; k->next = trusted_key_list;
user_utk_list = k; trusted_key_list = k;
} }
/* This is called for the option --trusted-key to register these keys
* for later syncing them into the trustdb. The special value "none"
* may be used to indicate that there is a trusted-key option but no
* key shall be inserted for it. This "none" value is helpful to
* distinguish between changing the gpg.conf from a trusted-key to no
* trusted-key options at all. Simply not specify the option would
* not allow to distinguish this case from the --no-options case as
* used for certain calls of gpg for example by gpg-wks-client. */
void void
tdb_register_trusted_key (const char *string) tdb_register_trusted_key (const char *string)
{ {
@ -257,6 +275,9 @@ tdb_register_trusted_key (const char *string)
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
u32 kid[2]; u32 kid[2];
any_trusted_key_seen = 1;
if (!strcmp (string, "none"))
return;
err = classify_user_id (string, &desc, 1); err = classify_user_id (string, &desc, 1);
if (!err) if (!err)
{ {
@ -378,11 +399,12 @@ verify_own_keys (ctrl_t ctrl)
if (!add_utk (kid)) if (!add_utk (kid))
log_info (_("key %s occurs more than once in the trustdb\n"), log_info (_("key %s occurs more than once in the trustdb\n"),
keystr(kid)); keystr(kid));
else if ((rec.r.trust.flags & 1)) else if ((rec.r.trust.flags & 1)
&& any_trusted_key_seen)
{ {
/* Record marked as inserted via --trusted-key. Is this /* Record marked as inserted via --trusted-key. Is this
* still the case? */ * still the case? */
for (k2 = user_utk_list; k2; k2 = k2->next) for (k2 = trusted_key_list; k2; k2 = k2->next)
if (k2->kid[0] == kid[0] && k2->kid[1] == kid[1]) if (k2->kid[0] == kid[0] && k2->kid[1] == kid[1])
break; break;
if (!k2) /* No - clear the flag. */ if (!k2) /* No - clear the flag. */
@ -406,7 +428,7 @@ verify_own_keys (ctrl_t ctrl)
} }
/* Put any --trusted-key keys into the trustdb */ /* Put any --trusted-key keys into the trustdb */
for (k = user_utk_list; k; k = k->next) for (k = trusted_key_list; k; k = k->next)
{ {
if ( add_utk (k->kid) ) if ( add_utk (k->kid) )
{ /* not yet in trustDB as ultimately trusted */ { /* not yet in trustDB as ultimately trusted */
@ -431,9 +453,9 @@ verify_own_keys (ctrl_t ctrl)
} }
} }
/* release the helper table table */ /* Release the helper table. */
release_key_items (user_utk_list); release_key_items (trusted_key_list);
user_utk_list = NULL; trusted_key_list = NULL;
return; return;
} }

View File

@ -335,7 +335,7 @@ check_assert_signer_list (const char *mainpkhex, const char *pkhex)
assert_signer_true = 1; assert_signer_true = 1;
write_status_text (STATUS_ASSERT_SIGNER, item->d); write_status_text (STATUS_ASSERT_SIGNER, item->d);
if (!opt.quiet) if (!opt.quiet)
log_info ("signer '%s' matched\n", item->d); log_info ("asserted signer '%s'\n", item->d);
goto leave; goto leave;
} }
} }
@ -390,7 +390,7 @@ check_assert_signer_list (const char *mainpkhex, const char *pkhex)
assert_signer_true = 1; assert_signer_true = 1;
write_status_text (STATUS_ASSERT_SIGNER, p); write_status_text (STATUS_ASSERT_SIGNER, p);
if (!opt.quiet) if (!opt.quiet)
log_info ("signer '%s' matched '%s', line %d\n", log_info ("asserted signer '%s' (%s:%d)\n",
p, fname, lnr); p, fname, lnr);
goto leave; goto leave;
} }
@ -407,3 +407,32 @@ check_assert_signer_list (const char *mainpkhex, const char *pkhex)
leave: leave:
es_fclose (fp); es_fclose (fp);
} }
/* This function shall be called with the signer's public key
* algorithm ALGOSTR iff a signature is fully valid. If the option
* --assert-pubkey-algo is active the functions checks whether the
* signing key's algo is valid according to that list; in this case a
* global flag is set. */
void
check_assert_pubkey_algo (const char *algostr, const char *pkhex)
{
if (!opt.assert_pubkey_algos)
return; /* Nothing to do. */
if (compare_pubkey_string (algostr, opt.assert_pubkey_algos))
{
write_status_strings (STATUS_ASSERT_PUBKEY_ALGO,
pkhex, " 1 ", algostr, NULL);
if (!opt.quiet)
log_info ("asserted signer '%s' with algo %s\n", pkhex, algostr);
}
else
{
if (!opt.quiet)
log_info ("denied signer '%s' with algo %s\n", pkhex, algostr);
assert_pubkey_algo_false = 1;
write_status_strings (STATUS_ASSERT_PUBKEY_ALGO,
pkhex, " 0 ", algostr, NULL);
}
}

View File

@ -455,6 +455,9 @@ main (int argc, char **argv)
pargs.argv = &argv; pargs.argv = &argv;
pargs.flags |= (ARGPARSE_FLAG_RESET pargs.flags |= (ARGPARSE_FLAG_RESET
| ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_KEEP
#if GPGRT_VERSION_NUMBER >= 0x013000 /* >= 1.48 */
| ARGPARSE_FLAG_COMMAND
#endif
| ARGPARSE_FLAG_SYS | ARGPARSE_FLAG_SYS
| ARGPARSE_FLAG_USER); | ARGPARSE_FLAG_USER);

View File

@ -2303,9 +2303,6 @@ msgstr "crea eixida amb armadura ascii"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FITXER|carrega el mòdul d'extensió especificat" msgstr "|FITXER|carrega el mòdul d'extensió especificat"
msgid "use canonical text mode"
msgstr "usa el mode de text canònic"
#, fuzzy #, fuzzy
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|nivell de compressió N (0 no comprimeix)" msgstr "|N|nivell de compressió N (0 no comprimeix)"
@ -7132,7 +7129,7 @@ msgid "||Please enter the PIN"
msgstr "canvia la contrasenya" msgstr "canvia la contrasenya"
#, fuzzy #, fuzzy
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "Seleccioneu la raó de la revocació:\n" msgstr "Seleccioneu la raó de la revocació:\n"
#, c-format #, c-format
@ -9505,6 +9502,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "usa el mode de text canònic"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2132,9 +2132,6 @@ msgstr "vytvořit výstup zapsaný v ASCII"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|SOUBOR|zapsat výstup do SOUBORU" msgstr "|SOUBOR|zapsat výstup do SOUBORU"
msgid "use canonical text mode"
msgstr "použít kanonický textový režim"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|nastavit úroveň komprese na N (0  žádná)" msgstr "|N|nastavit úroveň komprese na N (0  žádná)"
@ -6707,7 +6704,9 @@ msgstr "přístup k příkazům správce není nakonfigurován\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Prosím, zadejte PIN" msgstr "||Prosím, zadejte PIN"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Prosím, zadejte resetační kód karty" msgstr "||Prosím, zadejte resetační kód karty"
#, c-format #, c-format
@ -8983,6 +8982,9 @@ msgstr "Příkazy pro správu Yubikey"
msgid "manage the command history" msgid "manage the command history"
msgstr "spravuje historii příkazů" msgstr "spravuje historii příkazů"
#~ msgid "use canonical text mode"
#~ msgstr "použít kanonický textový režim"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"
#~ msgstr "vybraný algoritmus AEAD je neplatný\n" #~ msgstr "vybraný algoritmus AEAD je neplatný\n"

View File

@ -2334,9 +2334,6 @@ msgstr "opret ascii-pansrede uddata"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|skriv resultat til FIL" msgstr "|FILE|skriv resultat til FIL"
msgid "use canonical text mode"
msgstr "brug kanonisk teksttilstand"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|sæt komprimeringsniveauet til N (0 deaktiverer)" msgstr "|N|sæt komprimeringsniveauet til N (0 deaktiverer)"
@ -7175,7 +7172,9 @@ msgstr "adgang til administratorkommandoer er ikke konfigureret\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Indtast venligst PIN'en" msgstr "||Indtast venligst PIN'en"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Indtast venligst nulstillingskoden for kortet" msgstr "||Indtast venligst nulstillingskoden for kortet"
#, c-format #, c-format
@ -9720,6 +9719,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "brug kanonisk teksttilstand"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -9,7 +9,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: gnupg-2.4.1\n" "Project-Id-Version: gnupg-2.4.1\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2024-01-24 14:05+0100\n" "PO-Revision-Date: 2024-03-07 13:56+0100\n"
"Last-Translator: Werner Koch <wk@gnupg.org>\n" "Last-Translator: Werner Koch <wk@gnupg.org>\n"
"Language-Team: German\n" "Language-Team: German\n"
"Language: de\n" "Language: de\n"
@ -2142,9 +2142,6 @@ msgstr "Ausgabe mit ASCII-Hülle versehen"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|DATEI|Ausgabe auf DATEI schreiben" msgstr "|DATEI|Ausgabe auf DATEI schreiben"
msgid "use canonical text mode"
msgstr "Textmodus benutzen"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|Kompressionsstufe auf N setzen (0=keine)" msgstr "|N|Kompressionsstufe auf N setzen (0=keine)"
@ -6801,8 +6798,8 @@ msgstr "Zugriff auf Admin-Befehle ist nicht eingerichtet\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Bitte die PIN eingeben" msgstr "||Bitte die PIN eingeben"
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "Bitte geben Sie den Rückstellcode für diese Karte ein" msgstr "|R|Bitte geben Sie den Rückstellcode für diese Karte ein"
#, c-format #, c-format
msgid "Reset Code is too short; minimum length is %d\n" msgid "Reset Code is too short; minimum length is %d\n"
@ -9116,6 +9113,9 @@ msgstr "Verwaltungskommandos für Yubikeys"
msgid "manage the command history" msgid "manage the command history"
msgstr "Verwaltung der Kommandohistorie" msgstr "Verwaltung der Kommandohistorie"
#~ msgid "use canonical text mode"
#~ msgstr "Textmodus benutzen"
#~ msgid "continuing verification anyway due to option %s\n" #~ msgid "continuing verification anyway due to option %s\n"
#~ msgstr "Die Prüfung wird aufgrund der Option %s weiter durchgeführt\n" #~ msgstr "Die Prüfung wird aufgrund der Option %s weiter durchgeführt\n"
@ -9298,7 +9298,6 @@ msgstr "Verwaltung der Kommandohistorie"
#~ msgid "ldapserver missing" #~ msgid "ldapserver missing"
#~ msgstr "LDAP Server fehlt" #~ msgstr "LDAP Server fehlt"
#, fuzzy
#~ msgid "Suggest a random passphrase." #~ msgid "Suggest a random passphrase."
#~ msgstr "Ein zufälliges Passwort vorschlagen" #~ msgstr "Ein zufälliges Passwort vorschlagen"

View File

@ -2232,9 +2232,6 @@ msgstr "δημιουργία ascii θωρακισμένης εξόδου"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|ΑΡΧΕΙΟ|φόρτωμα του αρθρώματος επέκτασης ΑΡΧΕΙΟ" msgstr "|ΑΡΧΕΙΟ|φόρτωμα του αρθρώματος επέκτασης ΑΡΧΕΙΟ"
msgid "use canonical text mode"
msgstr "χρήση κανονικής κατάστασης κειμένου"
#, fuzzy #, fuzzy
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|καθορισμός επιπέδου συμπίεσης N (0 απενεργοποιεί)" msgstr "|N|καθορισμός επιπέδου συμπίεσης N (0 απενεργοποιεί)"
@ -6997,7 +6994,7 @@ msgid "||Please enter the PIN"
msgstr "αλλαγή της φράσης κλειδί" msgstr "αλλαγή της φράσης κλειδί"
#, fuzzy #, fuzzy
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n" msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
#, c-format #, c-format
@ -9329,6 +9326,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "χρήση κανονικής κατάστασης κειμένου"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2215,9 +2215,6 @@ msgstr "krei eligon en askia kiraso"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO" msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
msgid "use canonical text mode"
msgstr "uzi tekstan reĝimon"
#, fuzzy #, fuzzy
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|difini densig-nivelon N (0=nenia)" msgstr "|N|difini densig-nivelon N (0=nenia)"
@ -6906,7 +6903,7 @@ msgid "||Please enter the PIN"
msgstr "ŝanĝi la pasfrazon" msgstr "ŝanĝi la pasfrazon"
#, fuzzy #, fuzzy
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "Kialo por revoko: " msgstr "Kialo por revoko: "
#, c-format #, c-format
@ -9240,6 +9237,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "uzi tekstan reĝimon"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2201,9 +2201,6 @@ msgstr "crea una salida ascii con armadura"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|volcar salida en FICHERO" msgstr "|FILE|volcar salida en FICHERO"
msgid "use canonical text mode"
msgstr "usa modo de texto canónico"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|nivel de compresión N (0 desactiva)" msgstr "|N|nivel de compresión N (0 desactiva)"
@ -6848,7 +6845,9 @@ msgstr "el acceso a órdenes de administrador no está configurado\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Por favor introduzca PIN" msgstr "||Por favor introduzca PIN"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Por favor introduzca Código de Reinicio de la tarjeta" msgstr "||Por favor introduzca Código de Reinicio de la tarjeta"
#, c-format #, c-format
@ -9166,6 +9165,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "usa modo de texto canónico"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2223,9 +2223,6 @@ msgstr "loo ascii pakendis väljund"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FAIL|lae laiendusmoodul FAIL" msgstr "|FAIL|lae laiendusmoodul FAIL"
msgid "use canonical text mode"
msgstr "kasuta kanoonilist tekstimoodi"
#, fuzzy #, fuzzy
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|määra pakkimise tase N (0 blokeerib)" msgstr "|N|määra pakkimise tase N (0 blokeerib)"
@ -6917,7 +6914,7 @@ msgid "||Please enter the PIN"
msgstr "muuda parooli" msgstr "muuda parooli"
#, fuzzy #, fuzzy
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "Palun valige tühistamise põhjus:\n" msgstr "Palun valige tühistamise põhjus:\n"
#, c-format #, c-format
@ -9244,6 +9241,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "kasuta kanoonilist tekstimoodi"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2240,9 +2240,6 @@ msgstr "tuota ascii-koodattu tuloste"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO" msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
msgid "use canonical text mode"
msgstr "käytä tekstimuotoa"
#, fuzzy #, fuzzy
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|aseta pakkausaste N (0 poistaa käytöstä)" msgstr "|N|aseta pakkausaste N (0 poistaa käytöstä)"
@ -6980,7 +6977,7 @@ msgid "||Please enter the PIN"
msgstr "muuta salasanaa" msgstr "muuta salasanaa"
#, fuzzy #, fuzzy
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "Valitse mitätöinnin syy:\n" msgstr "Valitse mitätöinnin syy:\n"
#, c-format #, c-format
@ -9312,6 +9309,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "käytä tekstimuotoa"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2260,9 +2260,6 @@ msgstr "créer une sortie ASCII avec armure"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FICHIER|écrire la sortie dans le FICHIER" msgstr "|FICHIER|écrire la sortie dans le FICHIER"
msgid "use canonical text mode"
msgstr "utiliser le mode texte canonique"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|niveau de compression N (0 désactive)" msgstr "|N|niveau de compression N (0 désactive)"
@ -7116,7 +7113,9 @@ msgstr "l'accès aux commandes d'administration n'est pas configuré\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Veuillez entrer le code personnel" msgstr "||Veuillez entrer le code personnel"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Veuillez entrer le code de réinitialisation pour la carte" msgstr "||Veuillez entrer le code de réinitialisation pour la carte"
#, c-format #, c-format
@ -9523,6 +9522,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "utiliser le mode texte canonique"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2231,9 +2231,6 @@ msgstr "crear saída con armadura en ascii"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO" msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
msgid "use canonical text mode"
msgstr "usar modo de texto canónico"
#, fuzzy #, fuzzy
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|axusta-lo nivel de compresión a N (0 desactiva)" msgstr "|N|axusta-lo nivel de compresión a N (0 desactiva)"
@ -6981,7 +6978,7 @@ msgid "||Please enter the PIN"
msgstr "cambia-lo contrasinal" msgstr "cambia-lo contrasinal"
#, fuzzy #, fuzzy
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "Por favor, escolla o motivo da revocación:\n" msgstr "Por favor, escolla o motivo da revocación:\n"
#, c-format #, c-format
@ -9324,6 +9321,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "usar modo de texto canónico"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2223,9 +2223,6 @@ msgstr "ascii páncélozott kimenet létrehozása"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|fájl|bővítő modul betöltése" msgstr "|fájl|bővítő modul betöltése"
msgid "use canonical text mode"
msgstr "kanonikus szöveges mód használata"
#, fuzzy #, fuzzy
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|tömörítési szint beállítása N-re (0: tiltás)" msgstr "|N|tömörítési szint beállítása N-re (0: tiltás)"
@ -6943,7 +6940,7 @@ msgid "||Please enter the PIN"
msgstr "jelszóváltoztatás" msgstr "jelszóváltoztatás"
#, fuzzy #, fuzzy
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "Kérem, válassza ki a visszavonás okát:\n" msgstr "Kérem, válassza ki a visszavonás okát:\n"
#, c-format #, c-format
@ -9271,6 +9268,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "kanonikus szöveges mód használata"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2227,9 +2227,6 @@ msgstr "ciptakan output ascii"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|muat modul ekstensi FILE" msgstr "|FILE|muat modul ekstensi FILE"
msgid "use canonical text mode"
msgstr "gunakan mode teks kanonikal"
#, fuzzy #, fuzzy
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|set tingkat kompresi N (0 tidak ada)" msgstr "|N|set tingkat kompresi N (0 tidak ada)"
@ -6942,7 +6939,7 @@ msgid "||Please enter the PIN"
msgstr "ubah passphrase" msgstr "ubah passphrase"
#, fuzzy #, fuzzy
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "Silakan pilih alasan untuk pembatalan:\n" msgstr "Silakan pilih alasan untuk pembatalan:\n"
#, c-format #, c-format
@ -9270,6 +9267,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "gunakan mode teks kanonikal"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2135,9 +2135,6 @@ msgstr "crea un output ascii con armatura"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|scrittura dell'output in FILE" msgstr "|FILE|scrittura dell'output in FILE"
msgid "use canonical text mode"
msgstr "usa il modo testo canonico"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|Impostare il livello di compressione su N (0 disabilita)" msgstr "|N|Impostare il livello di compressione su N (0 disabilita)"
@ -6762,7 +6759,9 @@ msgstr "l'accesso ai comandi di amministrazione non è configurato\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Inserisci il PIN" msgstr "||Inserisci il PIN"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Inserisci il Codice reset per la carta" msgstr "||Inserisci il Codice reset per la carta"
#, c-format #, c-format
@ -9078,6 +9077,9 @@ msgstr "Comandi di gestione Yubikey"
msgid "manage the command history" msgid "manage the command history"
msgstr "gestire la cronologia dei comandi" msgstr "gestire la cronologia dei comandi"
#~ msgid "use canonical text mode"
#~ msgstr "usa il modo testo canonico"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"
#~ msgstr "l'algoritmo AEAD selezionato non è valido\n" #~ msgstr "l'algoritmo AEAD selezionato non è valido\n"

View File

@ -11,7 +11,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: gnupg 2.4.3\n" "Project-Id-Version: gnupg 2.4.3\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2024-01-25 09:06+0900\n" "PO-Revision-Date: 2024-03-07 13:59+0100\n"
"Last-Translator: NIIBE Yutaka <gniibe@fsij.org>\n" "Last-Translator: NIIBE Yutaka <gniibe@fsij.org>\n"
"Language-Team: none\n" "Language-Team: none\n"
"Language: ja\n" "Language: ja\n"
@ -2086,9 +2086,6 @@ msgstr "ASCII形式の外装を作成"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|出力をFILEに書き出す" msgstr "|FILE|出力をFILEに書き出す"
msgid "use canonical text mode"
msgstr "正準テキスト・モードを使用"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|圧縮レベルをNに設定 (0は非圧縮)" msgstr "|N|圧縮レベルをNに設定 (0は非圧縮)"
@ -6484,8 +6481,8 @@ msgstr "管理コマンドへのアクセスが設定されていません\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||PINを入力してください" msgstr "||PINを入力してください"
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "||カードのリセット・コードを入力してください" msgstr "|R|カードのリセット・コードを入力してください"
#, c-format #, c-format
msgid "Reset Code is too short; minimum length is %d\n" msgid "Reset Code is too short; minimum length is %d\n"
@ -8738,6 +8735,9 @@ msgstr "Yubikey管理コマンド"
msgid "manage the command history" msgid "manage the command history"
msgstr "コマンド履歴を管理する" msgstr "コマンド履歴を管理する"
#~ msgid "use canonical text mode"
#~ msgstr "正準テキスト・モードを使用"
#~ msgid "continuing verification anyway due to option %s\n" #~ msgid "continuing verification anyway due to option %s\n"
#~ msgstr "オプション %sのため、検証を続けます\n" #~ msgstr "オプション %sのため、検証を続けます\n"

View File

@ -2171,9 +2171,6 @@ msgstr "lag ASCII-beskyttet utdata"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|skriv utdata til valgt FIL" msgstr "|FILE|skriv utdata til valgt FIL"
msgid "use canonical text mode"
msgstr "bruk kanonisk tekstmodus"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|endre komprimeringsnivå til N (0 for å slå av)" msgstr "|N|endre komprimeringsnivå til N (0 for å slå av)"
@ -6770,7 +6767,9 @@ msgstr "tilgang til admin-kommandoer er ikke konfigurert\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Skriv inn PIN-kode" msgstr "||Skriv inn PIN-kode"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Skriv inn tilbakestillingskode for kortet" msgstr "||Skriv inn tilbakestillingskode for kortet"
#, c-format #, c-format
@ -9055,6 +9054,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "bruk kanonisk tekstmodus"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

651
po/pl.po
View File

@ -2,13 +2,13 @@
# Copyright (C) 1998, 1999, 2000, 2001, 2002, # Copyright (C) 1998, 1999, 2000, 2001, 2002,
# 2007 Free Software Foundation, Inc. # 2007 Free Software Foundation, Inc.
# Janusz A. Urbanowicz <alex@bofh.net.pl>, 1999, 2000, 2001, 2002, 2003-2004 # Janusz A. Urbanowicz <alex@bofh.net.pl>, 1999, 2000, 2001, 2002, 2003-2004
# Jakub Bogusz <qboosh@pld-linux.org>, 2003-2023. # Jakub Bogusz <qboosh@pld-linux.org>, 2003-2024.
# #
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: gnupg-2.4.3\n" "Project-Id-Version: gnupg-2.4.4\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2023-10-20 21:29+0200\n" "PO-Revision-Date: 2024-03-07 14:00+0100\n"
"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n" "Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n" "Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
"Language: pl\n" "Language: pl\n"
@ -923,43 +923,35 @@ msgstr "OSTRZEŻENIE: „%s%s” jest przestarzałą opcją - nie ma efektu\n"
msgid "unknown debug flag '%s' ignored\n" msgid "unknown debug flag '%s' ignored\n"
msgstr "nieznana flaga diagnostyczna „%s” zignorowana\n" msgstr "nieznana flaga diagnostyczna „%s” zignorowana\n"
#, fuzzy, c-format #, c-format
#| msgid "waiting for the %s to come up ... (%ds)\n"
msgid "waiting for the dirmngr to come up ... (%ds)\n" msgid "waiting for the dirmngr to come up ... (%ds)\n"
msgstr "oczekiwanie na uruchomienie procesu %s... (%ds)\n" msgstr "oczekiwanie na uruchomienie procesu dirmngr... (%ds)\n"
#, fuzzy, c-format #, c-format
#| msgid "waiting for the %s to come up ... (%ds)\n"
msgid "waiting for the keyboxd to come up ... (%ds)\n" msgid "waiting for the keyboxd to come up ... (%ds)\n"
msgstr "oczekiwanie na uruchomienie procesu %s... (%ds)\n" msgstr "oczekiwanie na uruchomienie procesu keyboxd... (%ds)\n"
#, fuzzy, c-format #, c-format
#| msgid "waiting for the %s to come up ... (%ds)\n"
msgid "waiting for the agent to come up ... (%ds)\n" msgid "waiting for the agent to come up ... (%ds)\n"
msgstr "oczekiwanie na uruchomienie procesu %s... (%ds)\n" msgstr "oczekiwanie na uruchomienie procesu agenta... (%ds)\n"
#, fuzzy, c-format #, c-format
#| msgid "connection to %s established\n"
msgid "connection to the dirmngr established\n" msgid "connection to the dirmngr established\n"
msgstr "ustanowiono połączenie z procesem %s\n" msgstr "ustanowiono połączenie z procesem dirmngr\n"
#, fuzzy, c-format #, c-format
#| msgid "connection to %s established\n"
msgid "connection to the keyboxd established\n" msgid "connection to the keyboxd established\n"
msgstr "ustanowiono połączenie z procesem %s\n" msgstr "ustanowiono połączenie z procesem keyboxd\n"
#, fuzzy, c-format #, c-format
#| msgid "connection to %s established\n"
msgid "connection to the agent established\n" msgid "connection to the agent established\n"
msgstr "ustanowiono połączenie z procesem %s\n" msgstr "ustanowiono połączenie z procesem agenta\n"
#, fuzzy, c-format #, c-format
#| msgid "no running Dirmngr - starting '%s'\n"
msgid "no running %s - starting '%s'\n" msgid "no running %s - starting '%s'\n"
msgstr "Dirmngr nie działa - uruchamianie „%s”\n" msgstr "brak działającego %s - uruchamianie „%s”\n"
#, fuzzy, c-format #, c-format
#| msgid "connection to agent is in restricted mode\n"
msgid "connection to the agent is in restricted mode\n" msgid "connection to the agent is in restricted mode\n"
msgstr "połączenie z agentem jest w trybie ograniczonym\n" msgstr "połączenie z agentem jest w trybie ograniczonym\n"
@ -1332,10 +1324,11 @@ msgstr "problem z agentem: %s\n"
msgid "no dirmngr running in this session\n" msgid "no dirmngr running in this session\n"
msgstr "brak działającego dirmngr w tej sesji\n" msgstr "brak działającego dirmngr w tej sesji\n"
#, fuzzy, c-format #, c-format
#| msgid "keyserver option \"%s\" may not be used in %s mode\n"
msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n" msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
msgstr "opcja serwera kluczy „%s” nie może być używana w trybie %s\n" msgstr ""
"opcja serwera kluczy „honor-keyserver-url” nie może być używana w trybie "
"Tor\n"
msgid "WKD uses a cached result" msgid "WKD uses a cached result"
msgstr "WKD używa zapamiętanego wyniku" msgstr "WKD używa zapamiętanego wyniku"
@ -1402,7 +1395,7 @@ msgstr "wymuszono"
#, c-format #, c-format
msgid "Please try command \"%s\" if the listing does not look correct\n" msgid "Please try command \"%s\" if the listing does not look correct\n"
msgstr "Proszę spróbować polecenia ,,%s'', jeśli lista nie wygląda poprawnie\n" msgstr "Proszę spróbować polecenia „%s”, jeśli lista nie wygląda poprawnie\n"
msgid "Error: Only plain ASCII is currently allowed.\n" msgid "Error: Only plain ASCII is currently allowed.\n"
msgstr "Błąd: aktualnie dopuszczalne jest tylko czyste ASCII.\n" msgstr "Błąd: aktualnie dopuszczalne jest tylko czyste ASCII.\n"
@ -1768,14 +1761,13 @@ msgstr ""
"OSTRZEŻENIE: wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami " "OSTRZEŻENIE: wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami "
"adresata\n" "adresata\n"
#, fuzzy, c-format #, c-format
#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
msgid "cipher algorithm '%s' may not be used for encryption\n" msgid "cipher algorithm '%s' may not be used for encryption\n"
msgstr "szyfr „%s” nie może być używany w trybie %s\n" msgstr "algorytm szyfru „%s” nie może być używany do szyfrowania\n"
#, c-format #, c-format
msgid "(use option \"%s\" to override)\n" msgid "(use option \"%s\" to override)\n"
msgstr "" msgstr "(opcją „%s” można to obejść)\n"
#, c-format #, c-format
msgid "cipher algorithm '%s' may not be used in %s mode\n" msgid "cipher algorithm '%s' may not be used in %s mode\n"
@ -1821,17 +1813,15 @@ msgstr ""
"OSTRZEŻENIE: wymuszone użycie kompresji %s (%d) kłóci się z ustawieniami " "OSTRZEŻENIE: wymuszone użycie kompresji %s (%d) kłóci się z ustawieniami "
"adresata\n" "adresata\n"
#, fuzzy, c-format #, c-format
#| msgid "%s/%s encrypted for: \"%s\"\n"
msgid "%s/%s.%s encrypted for: \"%s\"\n" msgid "%s/%s.%s encrypted for: \"%s\"\n"
msgstr "%s/%s zaszyfrowany dla: „%s”\n" msgstr "%s/%s.%s zaszyfrowany dla: „%s”\n"
#, c-format #, c-format
msgid "option '%s' may not be used in %s mode\n" msgid "option '%s' may not be used in %s mode\n"
msgstr "opcja „%s” nie może być używana w trybie %s\n" msgstr "opcja „%s” nie może być używana w trybie %s\n"
#, fuzzy, c-format #, c-format
#| msgid "%s encrypted data\n"
msgid "%s encrypted data\n" msgid "%s encrypted data\n"
msgstr "dane zaszyfrowano za pomocą %s\n" msgstr "dane zaszyfrowano za pomocą %s\n"
@ -2101,9 +2091,6 @@ msgstr "opakowanie ASCII pliku wynikowego"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|PLIK|zapis wyjścia do PLIKU" msgstr "|PLIK|zapis wyjścia do PLIKU"
msgid "use canonical text mode"
msgstr "kanoniczny format tekstowy"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|ustawienie poziomu kompresji N (0 - bez)" msgstr "|N|ustawienie poziomu kompresji N (0 - bez)"
@ -2798,12 +2785,11 @@ msgstr ""
#, c-format #, c-format
msgid " \"%s\": preference for cipher algorithm %s\n" msgid " \"%s\": preference for cipher algorithm %s\n"
msgstr " „%s”: preferowany szyfr %s\n" msgstr " „%s”: preferowany algorytm szyfru %s\n"
#, fuzzy, c-format #, c-format
#| msgid " \"%s\": preference for cipher algorithm %s\n"
msgid " \"%s\": preference for AEAD algorithm %s\n" msgid " \"%s\": preference for AEAD algorithm %s\n"
msgstr " „%s”: preferowany szyfr %s\n" msgstr " „%s”: preferowany algorytm AEAD %s\n"
#, c-format #, c-format
msgid " \"%s\": preference for digest algorithm %s\n" msgid " \"%s\": preference for digest algorithm %s\n"
@ -3905,7 +3891,7 @@ msgstr "Czy podano odcisk podklucza?\n"
#, c-format #, c-format
msgid "key \"%s\" is already on this keyblock\n" msgid "key \"%s\" is already on this keyblock\n"
msgstr "klucz ,,%s'' jest już w tym bloku kluczy\n" msgstr "klucz „%s” jest już w tym bloku kluczy\n"
msgid "" msgid ""
"Are you sure you want to change the expiration time for multiple subkeys? (y/" "Are you sure you want to change the expiration time for multiple subkeys? (y/"
@ -4154,77 +4140,64 @@ msgstr " (%c) Przełączenie możliwości uwierzytelniania\n"
msgid " (%c) Finished\n" msgid " (%c) Finished\n"
msgstr " (%c) Zakończenie\n" msgstr " (%c) Zakończenie\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) RSA and RSA (default)\n"
msgid " (%d) RSA and RSA%s\n" msgid " (%d) RSA and RSA%s\n"
msgstr " (%d) RSA i RSA (domyślne)\n" msgstr " (%d) RSA i RSA%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) DSA and Elgamal\n"
msgid " (%d) DSA and Elgamal%s\n" msgid " (%d) DSA and Elgamal%s\n"
msgstr " (%d) DSA i Elgamala\n" msgstr " (%d) DSA i Elgamala%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) DSA (sign only)\n"
msgid " (%d) DSA (sign only)%s\n" msgid " (%d) DSA (sign only)%s\n"
msgstr " (%d) DSA (tylko do podpisywania)\n" msgstr " (%d) DSA (tylko do podpisywania)%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) RSA (sign only)\n"
msgid " (%d) RSA (sign only)%s\n" msgid " (%d) RSA (sign only)%s\n"
msgstr " (%d) RSA (tylko do podpisywania)\n" msgstr " (%d) RSA (tylko do podpisywania)%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) Elgamal (encrypt only)\n"
msgid " (%d) Elgamal (encrypt only)%s\n" msgid " (%d) Elgamal (encrypt only)%s\n"
msgstr " (%d) Elgamala (tylko do szyfrowania)\n" msgstr " (%d) Elgamala (tylko do szyfrowania)%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) RSA (encrypt only)\n"
msgid " (%d) RSA (encrypt only)%s\n" msgid " (%d) RSA (encrypt only)%s\n"
msgstr " (%d) RSA (tylko do szyfrowania)\n" msgstr " (%d) RSA (tylko do szyfrowania)%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) DSA (set your own capabilities)\n"
msgid " (%d) DSA (set your own capabilities)%s\n" msgid " (%d) DSA (set your own capabilities)%s\n"
msgstr " (%d) DSA (możliwości do ustawienia)\n" msgstr " (%d) DSA (możliwości do ustawienia)%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) RSA (set your own capabilities)\n"
msgid " (%d) RSA (set your own capabilities)%s\n" msgid " (%d) RSA (set your own capabilities)%s\n"
msgstr " (%d) RSA (możliwości do ustawienia)\n" msgstr " (%d) RSA (możliwości do ustawienia)%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) sign, encrypt\n"
msgid " (%d) ECC (sign and encrypt)%s\n" msgid " (%d) ECC (sign and encrypt)%s\n"
msgstr " (%d) podpisywanie, szyfrowanie\n" msgstr " (%d) ECC (podpisywanie i szyfrowanie)%s\n"
msgid " *default*" msgid " *default*"
msgstr "" msgstr " *domyślne*"
#, c-format #, c-format
msgid " (%d) ECC (sign only)\n" msgid " (%d) ECC (sign only)\n"
msgstr " (%d) ECC (tylko do podpisywania)\n" msgstr " (%d) ECC (tylko do podpisywania)\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) ECC (set your own capabilities)\n"
msgid " (%d) ECC (set your own capabilities)%s\n" msgid " (%d) ECC (set your own capabilities)%s\n"
msgstr " (%d) ECC (możliwości do ustawienia)\n" msgstr " (%d) ECC (możliwości do ustawienia)%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) ECC (encrypt only)\n"
msgid " (%d) ECC (encrypt only)%s\n" msgid " (%d) ECC (encrypt only)%s\n"
msgstr " (%d) ECC (tylko do szyfrowania)\n" msgstr " (%d) ECC (tylko do szyfrowania)%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) Existing key\n"
msgid " (%d) Existing key%s\n" msgid " (%d) Existing key%s\n"
msgstr " (%d) Istniejący klucz\n" msgstr " (%d) Istniejący klucz%s\n"
#, fuzzy, c-format #, c-format
#| msgid " (%d) Existing key from card\n"
msgid " (%d) Existing key from card%s\n" msgid " (%d) Existing key from card%s\n"
msgstr " (%d) Istniejący klucz z karty\n" msgstr " (%d) Istniejący klucz z karty%s\n"
msgid "Enter the keygrip: " msgid "Enter the keygrip: "
msgstr "Uchwyt klucza: " msgstr "Uchwyt klucza: "
@ -5336,25 +5309,22 @@ msgstr ""
"OSTRZEŻENIE: ten klucz mógł zostać unieważniony\n" "OSTRZEŻENIE: ten klucz mógł zostać unieważniony\n"
" (brak klucza unieważniającego aby to sprawdzić)\n" " (brak klucza unieważniającego aby to sprawdzić)\n"
#, fuzzy, c-format #, c-format
#| msgid "user ID: \"%s\"\n"
msgid "checking User ID \"%s\"\n" msgid "checking User ID \"%s\"\n"
msgstr "identyfikator użytkownika: „%s”\n" msgstr "sprawdzanie identyfikatora użytkownika: „%s”\n"
#, fuzzy, c-format #, c-format
#| msgid "option '%s' given, but option '%s' not given\n"
msgid "option %s given but issuer \"%s\" does not match\n" msgid "option %s given but issuer \"%s\" does not match\n"
msgstr "podano opcję „%s”, ale nie podano opcji „%s”\n" msgstr "podano opcję %s, ale wystawca „%s” nie pasuje\n"
#, fuzzy, c-format #, c-format
#| msgid "key %s: doesn't match our copy\n"
msgid "issuer \"%s\" does not match any User ID\n" msgid "issuer \"%s\" does not match any User ID\n"
msgstr "klucz %s: nie zgadza się z lokalną kopią\n" msgstr "klucz „%s” nie pasuje do żadnego identyfikatora użytkownika\n"
#, fuzzy, c-format #, c-format
#| msgid "option '%s' given, but option '%s' not given\n"
msgid "option %s given but no matching User ID found\n" msgid "option %s given but no matching User ID found\n"
msgstr "podano opcję „%s”, ale nie podano opcji „%s”\n" msgstr ""
"podano opcję %s, ale nie znaleziono pasującego identyfikatora użytkownika\n"
#, c-format #, c-format
msgid "WARNING: This key has been revoked by its designated revoker!\n" msgid "WARNING: This key has been revoked by its designated revoker!\n"
@ -6524,15 +6494,14 @@ msgstr "linia wejścia %u zbyt długa lub brak znaku LF\n"
msgid "can't open fd %d: %s\n" msgid "can't open fd %d: %s\n"
msgstr "nie można otworzyć fd %d: %s\n" msgstr "nie można otworzyć fd %d: %s\n"
#, fuzzy, c-format #, c-format
#| msgid "WARNING: message was not integrity protected\n"
msgid "WARNING: encrypting without integrity protection is dangerous\n" msgid "WARNING: encrypting without integrity protection is dangerous\n"
msgstr "OSTRZEŻENIE: wiadomość nie była zabezpieczona przed manipulacją\n" msgstr ""
"OSTRZEŻENIE: szyfrowanie bez ochrony przed manipulacją jest niebezpieczne\n"
#, fuzzy, c-format #, c-format
#| msgid "ambiguous option '%s'\n"
msgid "Hint: Do not use option %s\n" msgid "Hint: Do not use option %s\n"
msgstr "niejednoznaczna opcja „%s”\n" msgstr "Podpowiedź: nie używać opcji %s\n"
msgid "set debugging flags" msgid "set debugging flags"
msgstr "ustawienie flag diagnostycznych" msgstr "ustawienie flag diagnostycznych"
@ -6774,8 +6743,8 @@ msgstr "dostęp do poleceń administratora nie został skonfigurowany\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Proszę wpisać PIN" msgstr "||Proszę wpisać PIN"
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "||Proszę wprowadzić kod resetujący dla karty" msgstr "|R|Proszę wprowadzić kod resetujący dla karty"
#, c-format #, c-format
msgid "Reset Code is too short; minimum length is %d\n" msgid "Reset Code is too short; minimum length is %d\n"
@ -8553,7 +8522,7 @@ msgstr "%s:%u: podano hasło bez użytkownika\n"
#, c-format #, c-format
msgid "%s:%u: ignoring unknown flag '%s'\n" msgid "%s:%u: ignoring unknown flag '%s'\n"
msgstr "%s:%u: zignorowano nieznaną flagę ,,%s''\n" msgstr "%s:%u: zignorowano nieznaną flagę „%s”\n"
#, c-format #, c-format
msgid "%s:%u: skipping this line\n" msgid "%s:%u: skipping this line\n"
@ -8986,489 +8955,69 @@ msgstr ""
"Składnia: gpg-check-pattern [opcje] plik-wzorców\n" "Składnia: gpg-check-pattern [opcje] plik-wzorców\n"
"Sprawdzanie hasła ze standardowego wejścia względem pliku wzorców\n" "Sprawdzanie hasła ze standardowego wejścia względem pliku wzorców\n"
#, fuzzy, c-format #, c-format
#| msgid "Note: keys are already stored on the card!\n"
msgid "Note: key %s is already stored on the card!\n" msgid "Note: key %s is already stored on the card!\n"
msgstr "Uwaga: klucze są już zapisane na karcie!\n" msgstr "Uwaga: klucz %s jest już zapisany na karcie!\n"
#, fuzzy, c-format #, c-format
#| msgid "Note: keys are already stored on the card!\n"
msgid "Note: Keys are already stored on the card!\n" msgid "Note: Keys are already stored on the card!\n"
msgstr "Uwaga: klucze są już zapisane na karcie!\n" msgstr "Uwaga: klucze są już zapisane na karcie!\n"
#, fuzzy, c-format #, c-format
#| msgid "Replace existing keys? (y/N) "
msgid "Replace existing key %s ? (y/N) " msgid "Replace existing key %s ? (y/N) "
msgstr "Zastąpić istniejące klucze? (t/N) " msgstr "Zastąpić istniejące klucz %s? (t/N) "
#, fuzzy, c-format #, c-format
#| msgid "OpenPGP card no. %s detected\n"
msgid "%s card no. %s detected\n" msgid "%s card no. %s detected\n"
msgstr "Wykryto kartę OpenPGP nr %s\n" msgstr "Wykryto kartę %s nr %s\n"
#, c-format #, c-format
msgid "User Interaction Flag is set to \"%s\" - can't change\n" msgid "User Interaction Flag is set to \"%s\" - can't change\n"
msgstr "" msgstr ""
"Flaga interakcji użytkownika (UIF) jest ustawiona na „%s” - nie można "
"zmienić\n"
#, c-format #, c-format
msgid "" msgid ""
"Warning: Setting the User Interaction Flag to \"%s\"\n" "Warning: Setting the User Interaction Flag to \"%s\"\n"
" can only be reverted using a factory reset!\n" " can only be reverted using a factory reset!\n"
msgstr "" msgstr ""
"Uwaga: ustawienie flagi interakcji użytkownika (UIF) na „%s”\n"
" może być odwrócone tylko przez reset do ustawień fabrycznych!\n"
#, c-format #, c-format
msgid "Please use \"uif --yes %d %s\"\n" msgid "Please use \"uif --yes %d %s\"\n"
msgstr "" msgstr "Proszę użyć „uif --yes %d %s”\n"
#, fuzzy
#| msgid "add a certificate to the cache"
msgid "authenticate to the card" msgid "authenticate to the card"
msgstr "dodanie certyfikatu do pamięci podręcznej" msgstr "uwierzytelnienie względem karty"
msgid "send a reset to the card daemon" msgid "send a reset to the card daemon"
msgstr "" msgstr "wysłanie resetu do demona kart"
msgid "setup KDF for PIN authentication" msgid "setup KDF for PIN authentication"
msgstr "ustawienie KDF do uwierzytelniania PIN-em" msgstr "ustawienie KDF do uwierzytelniania PIN-em"
msgid "change a private data object" msgid "change a private data object"
msgstr "" msgstr "zmiana obiektu danych prywatnych"
#, fuzzy
#| msgid "add a certificate to the cache"
msgid "read a certificate from a data object" msgid "read a certificate from a data object"
msgstr "dodanie certyfikatu do pamięci podręcznej" msgstr "odczyt certyfikatu z obiektu danych"
#, fuzzy
#| msgid "add a certificate to the cache"
msgid "store a certificate to a data object" msgid "store a certificate to a data object"
msgstr "dodanie certyfikatu do pamięci podręcznej" msgstr "zapis certyfikatu w obiekcie danych"
msgid "store a private key to a data object" msgid "store a private key to a data object"
msgstr "" msgstr "zapis klucza prywatnego w obiekcie danych"
msgid "run various checks on the keys" msgid "run various checks on the keys"
msgstr "" msgstr "wykonanie różnych sprawdzeń kluczy"
msgid "Yubikey management commands" msgid "Yubikey management commands"
msgstr "" msgstr "polecenia zarządzające kluczami Yubikey"
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr "zarządzanie historią poleceń"
#, fuzzy #~ msgid "use canonical text mode"
#~| msgid "selected digest algorithm is invalid\n" #~ msgstr "kanoniczny format tekstowy"
#~ msgid "selected AEAD algorithm is invalid\n"
#~ msgstr "wybrany algorytm skrótów wiadomości jest niepoprawny\n"
#, fuzzy
#~| msgid "invalid personal cipher preferences\n"
#~ msgid "invalid personal AEAD preferences\n"
#~ msgstr "niewłaściwe ustawienia szyfrów\n"
#, fuzzy
#~| msgid "cipher algorithm '%s' may not be used in %s mode\n"
#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
#~ msgstr "szyfr „%s” nie może być używany w trybie %s\n"
#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
#~ msgstr "wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami adresata\n"
#~ msgid "error writing to temporary file: %s\n"
#~ msgstr "błąd zapisu do pliku tymczasowego: %s\n"
#~ msgid "run in supervised mode"
#~ msgstr "uruchomienie w trybie dozorowanym"
#~ msgid "Name may not start with a digit\n"
#~ msgstr "Imię lub nazwisko nie może zaczynać się od cyfry\n"
#~ msgid "Name must be at least 5 characters long\n"
#~ msgstr "Imię i nazwisko muszą mieć co najmniej 5 znaków długości.\n"
#~ msgid "Configuration for Keyservers"
#~ msgstr "Konfiguracja dla serwerów kluczy"
#~ msgid "Configuration of LDAP servers to use"
#~ msgstr "Konfiguracja używanych serwerów LDAP"
#~ msgid "selfsigned certificate has a BAD signature"
#~ msgstr "certyfikat z własnym podpisem ma BŁĘDNY podpis"
#~ msgid "requesting key %s from %s server %s\n"
#~ msgstr "zapytanie o klucz %s z serwera %s %s\n"
#~ msgid "%s:%u: no hostname given\n"
#~ msgstr "%s:%u: nie podano nazwy hosta\n"
#~ msgid "could not parse keyserver\n"
#~ msgstr "niezrozumiały adres serwera kluczy\n"
#~ msgid "return all values in a record oriented format"
#~ msgstr "zwrócenie wszystkich wartości w formacie rekordu"
#~ msgid "|NAME|ignore host part and connect through NAME"
#~ msgstr "|NAZWA|zignorowanie części z hostem i połączenie poprzez NAZWĘ"
#~ msgid "|NAME|connect to host NAME"
#~ msgstr "|NAZWA|połączenie z hostem NAZWA"
#~ msgid "|N|connect to port N"
#~ msgstr "|N|połączenie z portem N"
#~ msgid "|NAME|use user NAME for authentication"
#~ msgstr "|NAZWA|użycie NAZWY użytkownika do uwierzytelnienia"
#~ msgid "|PASS|use password PASS for authentication"
#~ msgstr "|HASŁO|użycie HASŁA do uwierzytelnienia"
#~ msgid "take password from $DIRMNGR_LDAP_PASS"
#~ msgstr "pobranie hasła z $DIRMNGR_LDAP_PASS"
#~ msgid "|STRING|query DN STRING"
#~ msgstr "|ŁAŃCUCH|ŁAŃCUCH zapytania DN"
#~ msgid "|STRING|use STRING as filter expression"
#~ msgstr "|ŁAŃCUCH|użycie ŁAŃCUCHA jako wyrażenia filtra"
#~ msgid "|STRING|return the attribute STRING"
#~ msgstr "|ŁAŃCUCH|zwrócenie atrybutu ŁAŃCUCH"
#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
#~ msgstr "Składnia: dirmngr_ldap [opcje] [URL] (-h wyświetla pomoc)\n"
#~ msgid ""
#~ "Syntax: dirmngr_ldap [options] [URL]\n"
#~ "Internal LDAP helper for Dirmngr\n"
#~ "Interface and options may change without notice\n"
#~ msgstr ""
#~ "Składnia: dirmngr_ldap [opcje] [URL]\n"
#~ "Wewnętrzny program pomocniczy LDAP dla Dirmngr\n"
#~ "Interfejs i opcje mogą się zmienić bez uprzedzenia\n"
#~ msgid "invalid port number %d\n"
#~ msgstr "błędny numer portu %d\n"
#~ msgid "scanning result for attribute '%s'\n"
#~ msgstr "przeszukiwanie wyniku pod kątem atrybutu „%s”\n"
#~ msgid "error writing to stdout: %s\n"
#~ msgstr "błąd zapisu na standardowe wyjście: %s\n"
#~ msgid " available attribute '%s'\n"
#~ msgstr " dostępny atrybut „%s”\n"
#~ msgid "attribute '%s' not found\n"
#~ msgstr "nie znaleziono atrybutu „%s”\n"
#~ msgid "found attribute '%s'\n"
#~ msgstr "znaleziono atrybut „%s”\n"
#~ msgid "processing url '%s'\n"
#~ msgstr "przetwarzanie URL-a „%s”\n"
#~ msgid " user '%s'\n"
#~ msgstr " użytkownik „%s”\n"
#~ msgid " pass '%s'\n"
#~ msgstr " hasło „%s”\n"
#~ msgid " host '%s'\n"
#~ msgstr " host „%s”\n"
#~ msgid " port %d\n"
#~ msgstr " port %d\n"
#~ msgid " DN '%s'\n"
#~ msgstr " DN „%s”\n"
#~ msgid " filter '%s'\n"
#~ msgstr " filtr „%s”\n"
#~ msgid " attr '%s'\n"
#~ msgstr " atrybut „%s”\n"
#~ msgid "no host name in '%s'\n"
#~ msgstr "brak nazwy hosta w „%s”\n"
#~ msgid "no attribute given for query '%s'\n"
#~ msgstr "nie podano atrybutu dla zapytania „%s”\n"
#~ msgid "WARNING: using first attribute only\n"
#~ msgstr "OSTRZEŻENIE: użyto tylko pierwszego atrybutu\n"
#~ msgid "LDAP init to '%s:%d' failed: %s\n"
#~ msgstr "nie udało się zainicjować LDAP na „%s:%d”: %s\n"
#, fuzzy
#~| msgid "LDAP init to '%s:%d' failed: %s\n"
#~ msgid "LDAP init to '%s' failed: %s\n"
#~ msgstr "nie udało się zainicjować LDAP na „%s:%d”: %s\n"
#, fuzzy
#~| msgid "LDAP init to '%s:%d' failed: %s\n"
#~ msgid "LDAP init to '%s' done\n"
#~ msgstr "nie udało się zainicjować LDAP na „%s:%d”: %s\n"
#~ msgid "binding to '%s:%d' failed: %s\n"
#~ msgstr "dowiązanie do „%s:%d” nie powiodło się: %s\n"
#~ msgid "searching '%s' failed: %s\n"
#~ msgstr "szukanie „%s” nie powiodło się: %s\n"
#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
#~ msgstr "start_cert_fetch: błędny wzorzec „%s”\n"
#~ msgid "ldapserver missing"
#~ msgstr "brak pola ldapserver"
#, fuzzy
#~| msgid "change a passphrase"
#~ msgid "Suggest a random passphrase."
#~ msgstr "zmiana hasła"
#~ msgid "detected card with S/N: %s\n"
#~ msgstr "wykryto kartę o numerze seryjnym: %s\n"
#~ msgid "no authentication key for ssh on card: %s\n"
#~ msgstr "nie znaleziono klucza uwierzytelniającego dla ssh na karcie: %s\n"
#~ msgid "Please remove the current card and insert the one with serial number"
#~ msgstr "Proszę wyjąć obecną kartę i włożyć kartę z numerem seryjnym"
#~ msgid "use a log file for the server"
#~ msgstr "użycie pliku loga dla serwera"
#~ msgid "no running gpg-agent - starting '%s'\n"
#~ msgstr "gpg-agent nie działa - uruchamianie „%s”\n"
#~ msgid "argument not expected"
#~ msgstr "nieoczekiwany argument"
#~ msgid "read error"
#~ msgstr "błąd odczytu"
#~ msgid "keyword too long"
#~ msgstr "słowo kluczowe zbyt długie"
#~ msgid "missing argument"
#~ msgstr "brak argumentu"
#~ msgid "invalid argument"
#~ msgstr "niepoprawny argument"
#~ msgid "invalid command"
#~ msgstr "błędne polecenie"
#~ msgid "invalid alias definition"
#~ msgstr "błędna definicja aliasu"
#~ msgid "out of core"
#~ msgstr "brak pamięci"
#, fuzzy
#~| msgid "invalid command"
#~ msgid "invalid meta command"
#~ msgstr "błędne polecenie"
#, fuzzy
#~| msgid "unknown command '%s'\n"
#~ msgid "unknown meta command"
#~ msgstr "nieznane polecenie „%s”\n"
#, fuzzy
#~| msgid "unexpected armor: "
#~ msgid "unexpected meta command"
#~ msgstr "nieoczekiwane opakowanie: "
#~ msgid "invalid option"
#~ msgstr "błędna opcja"
#~ msgid "missing argument for option \"%.50s\"\n"
#~ msgstr "brak argumentu dla opcji „%.50s”\n"
#~ msgid "option \"%.50s\" does not expect an argument\n"
#~ msgstr "opcja „%.50s” nie może mieć argumentów\n"
#~ msgid "invalid command \"%.50s\"\n"
#~ msgstr "błędne polecenie „%.50s”\n"
#~ msgid "option \"%.50s\" is ambiguous\n"
#~ msgstr "opcja „%.50s” jest niejednoznaczna\n"
#~ msgid "command \"%.50s\" is ambiguous\n"
#~ msgstr "polecenie „%.50s” jest niejednoznaczne\n"
#~ msgid "invalid option \"%.50s\"\n"
#~ msgstr "błędna opcja „%.50s”\n"
#~ msgid "Note: no default option file '%s'\n"
#~ msgstr "Uwaga: brak domyślnego pliku opcji „%s”\n"
#~ msgid "option file '%s': %s\n"
#~ msgstr "plik opcji „%s”: %s\n"
#~ msgid "unable to execute program '%s': %s\n"
#~ msgstr "nie można uruchomić programu „%s”: %s\n"
#~ msgid "unable to execute external program\n"
#~ msgstr "nie można uruchomić zewnętrznego programu\n"
#~ msgid "unable to read external program response: %s\n"
#~ msgstr "nie można odczytać odpowiedzi programu zewnętrznego: %s\n"
#~ msgid "validate signatures with PKA data"
#~ msgstr "sprawdzanie podpisów z danymi PKA"
#~ msgid "elevate the trust of signatures with valid PKA data"
#~ msgstr "zwiększenie zaufania podpisów z poprawnymi danymi PKA"
#~ msgid " (%d) ECC and ECC\n"
#~ msgstr " (%d) ECC i ECC\n"
#~ msgid "honor the PKA record set on a key when retrieving keys"
#~ msgstr "honorowanie rekordu PKA ustawionego w kluczu przy pobieraniu kluczy"
#~ msgid "Note: Verified signer's address is '%s'\n"
#~ msgstr "Uwaga: Sprawdzony adres pospisującego to „%s”\n"
#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
#~ msgstr "Uwaga: Adres podpisującego „%s” nie pasuje do wpisu DNS\n"
#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
#~ msgstr ""
#~ "poziom zaufania poprawiony na PEŁNY ze względu na poprawne informacje "
#~ "PKA\n"
#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
#~ msgstr ""
#~ "poziom zaufania poprawiony na ŻADEN ze względu na błędne informacje PKA\n"
#~ msgid "|FILE|write a server mode log to FILE"
#~ msgstr "|PLIK|zapisanie logów trybu serwerowego do PLIKU"
#~ msgid "run without asking a user"
#~ msgstr "działanie bez pytania użytkownika"
#~ msgid "allow PKA lookups (DNS requests)"
#~ msgstr "zezwolenie na wyszukiwania PKA (żądania DNS)"
#~ msgid "Options controlling the format of the output"
#~ msgstr "Opcje sterujące formatem wyjścia"
#~ msgid "Options controlling the use of Tor"
#~ msgstr "Opcje sterujące użyciem Tora"
#~ msgid "LDAP server list"
#~ msgstr "lista serwerów LDAP"
#~ msgid "Note: old default options file '%s' ignored\n"
#~ msgstr "Uwaga: stary domyślny plik opcji „%s” został zignorowany\n"
#~ msgid ""
#~ "@\n"
#~ "Commands:\n"
#~ " "
#~ msgstr ""
#~ "@\n"
#~ "Polecenia:\n"
#~ " "
#~ msgid "decryption modus"
#~ msgstr "tryb rozszyfrowywania"
#~ msgid "encryption modus"
#~ msgstr "tryb szyfrowania"
#~ msgid "tool class (confucius)"
#~ msgstr "klasa narzędzia (confucius)"
#~ msgid "program filename"
#~ msgstr "nazwa programu"
#~ msgid "secret key file (required)"
#~ msgstr "plik klucza tajnego (wymagany)"
#~ msgid "input file name (default stdin)"
#~ msgstr "nazwa pliku wejściowego (domyślnie standardowe wejście)"
#~ msgid "Usage: symcryptrun [options] (-h for help)"
#~ msgstr "Składnia: symcryptrun [opcje] (-h wyświetla pomoc)"
#~ msgid ""
#~ "Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
#~ "[options...] COMMAND [inputfile]\n"
#~ "Call a simple symmetric encryption tool\n"
#~ msgstr ""
#~ "Składnia: symcryptrun --class KLASA --program PROGRAM --keyfile "
#~ "PLIK_KLUCZA [opcje...] POLECENIE [plik-weściowy]\n"
#~ "Wywołanie prostego narzędzia do szyfrowania symetrycznego\n"
#~ msgid "%s on %s aborted with status %i\n"
#~ msgstr "%s na %s przerwany ze stanem %i\n"
#~ msgid "%s on %s failed with status %i\n"
#~ msgstr "%s na %s nie powiódł się ze stanem %i\n"
#~ msgid "can't create temporary directory '%s': %s\n"
#~ msgstr "nie można utworzyć katalogu tymczasowego „%s”: %s\n"
#~ msgid "could not open %s for writing: %s\n"
#~ msgstr "nie udało się otworzyć %s do zapisu: %s\n"
#~ msgid "error closing %s: %s\n"
#~ msgstr "błąd zamykania %s: %s\n"
#~ msgid "no --program option provided\n"
#~ msgstr "nie podano opcji --program\n"
#~ msgid "only --decrypt and --encrypt are supported\n"
#~ msgstr "obsługiwane są tylko --decrypt i --encrypt\n"
#~ msgid "no --keyfile option provided\n"
#~ msgstr "nie podano opcji --keyfile\n"
#~ msgid "cannot allocate args vector\n"
#~ msgstr "nie można przydzielić wektora args\n"
#~ msgid "could not create pipe: %s\n"
#~ msgstr "nie udało się utworzyć potoku: %s\n"
#~ msgid "could not create pty: %s\n"
#~ msgstr "nie udało się utworzyć pty: %s\n"
#~ msgid "could not fork: %s\n"
#~ msgstr "nie udało się wykonać fork: %s\n"
#~ msgid "execv failed: %s\n"
#~ msgstr "execv nie powiodło się: %s\n"
#~ msgid "select failed: %s\n"
#~ msgstr "select nie powiodło się: %s\n"
#~ msgid "read failed: %s\n"
#~ msgstr "odczyt nie powiódł się: %s\n"
#~ msgid "pty read failed: %s\n"
#~ msgstr "odczyt pty nie powiódł się: %s\n"
#~ msgid "waitpid failed: %s\n"
#~ msgstr "waitpid nie powiodło się: %s\n"
#~ msgid "child aborted with status %i\n"
#~ msgstr "potomek został przerwany ze stanem %i\n"
#~ msgid "cannot allocate infile string: %s\n"
#~ msgstr "nie można przydzielić łańcucha pliku wejściowego: %s\n"
#~ msgid "cannot allocate outfile string: %s\n"
#~ msgstr "nie można przydzielić łańcucha pliku wyjściowego: %s\n"
#~ msgid "either %s or %s must be given\n"
#~ msgstr "musi być podane %s lub %s\n"
#~ msgid "no class provided\n"
#~ msgstr "nie podano klasy\n"
#~ msgid "class %s is not supported\n"
#~ msgstr "klasa %s nie jest obsługiwana\n"

View File

@ -2157,9 +2157,6 @@ msgstr "criar saída blindada ASCII"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|escrever saída em FILE" msgstr "|FILE|escrever saída em FILE"
msgid "use canonical text mode"
msgstr "usar modo de texto canónico"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|definir nível de compressão para N (0 desabilita)" msgstr "|N|definir nível de compressão para N (0 desabilita)"
@ -6726,7 +6723,9 @@ msgstr "o acesso aos comandos admin não está configurado\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Introduza o PIN" msgstr "||Introduza o PIN"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Introduza o Código de Reset do cartão" msgstr "||Introduza o Código de Reset do cartão"
#, c-format #, c-format
@ -8997,6 +8996,9 @@ msgstr "comandos de gerir uma Yubikey"
msgid "manage the command history" msgid "manage the command history"
msgstr "gerir o histórico de comandos" msgstr "gerir o histórico de comandos"
#~ msgid "use canonical text mode"
#~ msgstr "usar modo de texto canónico"
#, c-format #, c-format
#~ msgid "waiting for process to terminate failed: ec=%d\n" #~ msgid "waiting for process to terminate failed: ec=%d\n"
#~ msgstr "falha ao esperar que o processo terminasse: ec=%d\n" #~ msgstr "falha ao esperar que o processo terminasse: ec=%d\n"

View File

@ -2248,9 +2248,6 @@ msgstr "crează ieşire în armură ascii"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FIŞIER|încarcă modulul extensie FIŞIER" msgstr "|FIŞIER|încarcă modulul extensie FIŞIER"
msgid "use canonical text mode"
msgstr "foloseşte modul text canonic"
#, fuzzy #, fuzzy
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|setează nivel de compresie N (0 deactivează)" msgstr "|N|setează nivel de compresie N (0 deactivează)"
@ -7056,7 +7053,7 @@ msgid "||Please enter the PIN"
msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]" msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
#, fuzzy #, fuzzy
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]" msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
#, fuzzy, c-format #, fuzzy, c-format
@ -9415,6 +9412,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "foloseşte modul text canonic"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2158,9 +2158,6 @@ msgstr "вывод в текстовом формате"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|выводить данные в файл FILE" msgstr "|FILE|выводить данные в файл FILE"
msgid "use canonical text mode"
msgstr "использовать канонический текстовый режим"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|установить уровень сжатия N (0 - без сжатия)" msgstr "|N|установить уровень сжатия N (0 - без сжатия)"
@ -6836,7 +6833,9 @@ msgstr "доступ к командам управления не настро
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Введите PIN" msgstr "||Введите PIN"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Введите код сброса для карты" msgstr "||Введите код сброса для карты"
#, c-format #, c-format
@ -9156,6 +9155,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "использовать канонический текстовый режим"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2231,9 +2231,6 @@ msgstr "vytvor výstup zakódovaný pomocou ASCII"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|SÚBOR|nahrať rozširujúci modul SÚBOR" msgstr "|SÚBOR|nahrať rozširujúci modul SÚBOR"
msgid "use canonical text mode"
msgstr "použiť kánonický textový mód"
#, fuzzy #, fuzzy
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "" msgstr ""
@ -6969,7 +6966,7 @@ msgid "||Please enter the PIN"
msgstr "zmeniť heslo" msgstr "zmeniť heslo"
#, fuzzy #, fuzzy
msgid "||Please enter the Reset Code for the card" msgid "|R|Please enter the Reset Code for the card"
msgstr "Prosím výberte dôvod na revokáciu:\n" msgstr "Prosím výberte dôvod na revokáciu:\n"
#, c-format #, c-format
@ -9304,6 +9301,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "použiť kánonický textový mód"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2369,9 +2369,6 @@ msgstr "skapa utdata med ett ascii-skal"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FIL|skriv utdata till FIL" msgstr "|FIL|skriv utdata till FIL"
msgid "use canonical text mode"
msgstr "använd \"ursprunglig text\"-läget"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|ställ in komprimeringsnivån till N (0 för att inaktivera)" msgstr "|N|ställ in komprimeringsnivån till N (0 för att inaktivera)"
@ -7294,7 +7291,9 @@ msgstr "åtkomst till administrationskommandon är inte konfigurerat\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Ange PIN-koden" msgstr "||Ange PIN-koden"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Ange nollställningskoden för kortet" msgstr "||Ange nollställningskoden för kortet"
#, c-format #, c-format
@ -9860,6 +9859,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "använd \"ursprunglig text\"-läget"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2101,9 +2101,6 @@ msgstr "ascii zırhlı çıktı oluştur"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|çıktıyı FILE'a yaz" msgstr "|FILE|çıktıyı FILE'a yaz"
msgid "use canonical text mode"
msgstr "kurallı metin kipini kullan"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|sıkıştırma düzeyini N olarak ayarla (0 devre dışı bırakır)" msgstr "|N|sıkıştırma düzeyini N olarak ayarla (0 devre dışı bırakır)"
@ -6666,7 +6663,9 @@ msgstr "yönetici komutlarına erişim yapılandırılmamış\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Lütfen PIN'i giriniz" msgstr "||Lütfen PIN'i giriniz"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz" msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
#, c-format #, c-format
@ -8918,3 +8917,6 @@ msgstr "Yubikey yönetim konsolu"
msgid "manage the command history" msgid "manage the command history"
msgstr "komut geçmişini yönet" msgstr "komut geçmişini yönet"
#~ msgid "use canonical text mode"
#~ msgstr "kurallı metin kipini kullan"

View File

@ -2179,9 +2179,6 @@ msgstr "створити дані у форматі ASCII"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|записати дані до вказаного файла" msgstr "|FILE|записати дані до вказаного файла"
msgid "use canonical text mode"
msgstr "використовувати канонічний текстовий режим"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|встановити рівень стиснення (0 — вимкнути)" msgstr "|N|встановити рівень стиснення (0 — вимкнути)"
@ -6937,7 +6934,9 @@ msgstr "доступ до адміністративних команд не н
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||Вкажіть пінкод" msgstr "||Вкажіть пінкод"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||Вкажіть код скидання коду картки" msgstr "||Вкажіть код скидання коду картки"
#, c-format #, c-format
@ -9249,6 +9248,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "використовувати канонічний текстовий режим"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -2075,9 +2075,6 @@ msgstr "创建 ASCII 字符封装的输出"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|FILE|写输出到 FILE" msgstr "|FILE|写输出到 FILE"
msgid "use canonical text mode"
msgstr "使用规范的文本模式"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|设置压缩等级为 N 0 为禁用)" msgstr "|N|设置压缩等级为 N 0 为禁用)"
@ -6435,7 +6432,9 @@ msgstr "未配置到管理员命令的访问\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||请输入 PIN" msgstr "||请输入 PIN"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||请输入卡片的重置码" msgstr "||请输入卡片的重置码"
#, c-format #, c-format
@ -8675,6 +8674,9 @@ msgstr "Yubikey 管理命令"
msgid "manage the command history" msgid "manage the command history"
msgstr "管理命令历史记录" msgstr "管理命令历史记录"
#~ msgid "use canonical text mode"
#~ msgstr "使用规范的文本模式"
#~ msgid "continuing verification anyway due to option %s\n" #~ msgid "continuing verification anyway due to option %s\n"
#~ msgstr "由于 %s 选项,验证仍在继续中\n" #~ msgstr "由于 %s 选项,验证仍在继续中\n"

View File

@ -2189,9 +2189,6 @@ msgstr "建立以 ASCII 封裝過的輸出"
msgid "|FILE|write output to FILE" msgid "|FILE|write output to FILE"
msgstr "|檔案|將輸出寫入至指定檔案" msgstr "|檔案|將輸出寫入至指定檔案"
msgid "use canonical text mode"
msgstr "使用標準的文字模式"
msgid "|N|set compress level to N (0 disables)" msgid "|N|set compress level to N (0 disables)"
msgstr "|N|設定壓縮等級為 N (0 表示不壓縮)" msgstr "|N|設定壓縮等級為 N (0 表示不壓縮)"
@ -6778,7 +6775,9 @@ msgstr "管理者指令存取權限尚未組態\n"
msgid "||Please enter the PIN" msgid "||Please enter the PIN"
msgstr "||請輸入個人識別碼 (PIN)" msgstr "||請輸入個人識別碼 (PIN)"
msgid "||Please enter the Reset Code for the card" #, fuzzy
#| msgid "||Please enter the Reset Code for the card"
msgid "|R|Please enter the Reset Code for the card"
msgstr "||請輸入卡片的重設碼" msgstr "||請輸入卡片的重設碼"
#, c-format #, c-format
@ -9057,6 +9056,9 @@ msgstr ""
msgid "manage the command history" msgid "manage the command history"
msgstr "" msgstr ""
#~ msgid "use canonical text mode"
#~ msgstr "使用標準的文字模式"
#, fuzzy #, fuzzy
#~| msgid "selected digest algorithm is invalid\n" #~| msgid "selected digest algorithm is invalid\n"
#~ msgid "selected AEAD algorithm is invalid\n" #~ msgid "selected AEAD algorithm is invalid\n"

View File

@ -1613,7 +1613,7 @@ verify_pin (app_t app, int pwid, const char *desc,
memset (&pininfo, 0, sizeof pininfo); memset (&pininfo, 0, sizeof pininfo);
pininfo.fixedlen = -1; pininfo.fixedlen = -1;
/* FIXME: TCOS allows to read the min. and max. values - do this. */ /* FIXME: TCOS allows one to read the min. and max. values - do this. */
if (app->appversion == 15) if (app->appversion == 15)
{ {
if (app->app_local->active_nks_app == NKS_APP_NKS && pwid == 0x03) if (app->app_local->active_nks_app == NKS_APP_NKS && pwid == 0x03)

View File

@ -3306,6 +3306,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
char *pinvalue = NULL; char *pinvalue = NULL;
int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET);
int set_resetcode = 0; int set_resetcode = 0;
int use_resetcode = 0;
pininfo_t pininfo; pininfo_t pininfo;
int use_pinpad = 0; int use_pinpad = 0;
int minlen = 6; int minlen = 6;
@ -3458,7 +3459,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
} }
rc = pincb (pincb_arg, rc = pincb (pincb_arg,
_("||Please enter the Reset Code for the card"), _("|R|Please enter the Reset Code for the card"),
&resetcode); &resetcode);
if (rc) if (rc)
{ {
@ -3473,13 +3474,14 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
rc = gpg_error (GPG_ERR_BAD_RESET_CODE); rc = gpg_error (GPG_ERR_BAD_RESET_CODE);
goto leave; goto leave;
} }
use_resetcode = 1;
} }
else else
{ {
rc = gpg_error (GPG_ERR_INV_ID); rc = gpg_error (GPG_ERR_INV_ID);
goto leave; goto leave;
} }
} } /* End version 2 cards. */
if (chvno == 3) if (chvno == 3)
app->did_chv3 = 0; app->did_chv3 = 0;
@ -3511,6 +3513,17 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
goto leave; goto leave;
} }
} }
else if (use_resetcode)
{
minlen = 6; /* Reset from the RC value to the PIN value. */
if (strlen (pinvalue) < minlen)
{
log_info (_("PIN for CHV%d is too short;"
" minimum length is %d\n"), 1, minlen);
rc = gpg_error (GPG_ERR_BAD_PIN);
goto leave;
}
}
else else
{ {
if (chvno == 3) if (chvno == 3)

View File

@ -305,7 +305,7 @@ struct prkdf_object_s
keyaccess_flags_t accessflags; keyaccess_flags_t accessflags;
/* Extended key usage flags. Only used if .valid is set. This /* Extended key usage flags. Only used if .valid is set. This
* information is computed from an associated certificate15. */ * information is computed from an associated certificate. */
struct { struct {
unsigned int valid:1; unsigned int valid:1;
unsigned int sign:1; unsigned int sign:1;
@ -520,6 +520,9 @@ struct app_local_s
/* Information on all useful certificates. */ /* Information on all useful certificates. */
cdf_object_t useful_certificate_info; cdf_object_t useful_certificate_info;
/* Counter to make object ids of certificates unique. */
unsigned int cdf_dup_counter;
/* Information on all public keys. */ /* Information on all public keys. */
prkdf_object_t public_key_info; prkdf_object_t public_key_info;
@ -2419,6 +2422,22 @@ read_ef_pukdf (app_t app, unsigned short fid, pukdf_object_t *result)
} }
/* Return true id CDFLIST has the given object id. */
static int
objid_in_cdflist_p (cdf_object_t cdflist,
const unsigned char *objid, size_t objidlen)
{
cdf_object_t cdf;
if (!objid || !objidlen)
return 0;
for (cdf = cdflist; cdf; cdf = cdf->next)
if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen))
return 1;
return 0;
}
/* Read and parse the Certificate Directory Files identified by FID. /* Read and parse the Certificate Directory Files identified by FID.
On success a newlist of CDF object gets stored at RESULT and the On success a newlist of CDF object gets stored at RESULT and the
caller is then responsible of releasing this list. On error a caller is then responsible of releasing this list. On error a
@ -2464,6 +2483,7 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
unsigned long ul; unsigned long ul;
const unsigned char *objid; const unsigned char *objid;
size_t objidlen; size_t objidlen;
int objidextralen;
err = parse_ber_header (&p, &n, &class, &tag, &constructed, err = parse_ber_header (&p, &n, &class, &tag, &constructed,
&ndef, &objlen, &hdrlen); &ndef, &objlen, &hdrlen);
@ -2588,8 +2608,19 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
label = NULL; label = NULL;
} }
cdf->objidlen = objidlen; /* Card's have been found in the wild which do not have unique
cdf->objid = xtrymalloc (objidlen); * IDs for their certificate objects. If we detect this we
* append a counter to the ID. */
objidextralen =
(objid_in_cdflist_p (cdflist, objid, objidlen)
|| objid_in_cdflist_p (app->app_local->certificate_info,
objid, objidlen)
|| objid_in_cdflist_p (app->app_local->trusted_certificate_info,
objid, objidlen)
|| objid_in_cdflist_p (app->app_local->useful_certificate_info,
objid, objidlen));
cdf->objidlen = objidlen + objidextralen;
cdf->objid = xtrymalloc (objidlen + objidextralen);
if (!cdf->objid) if (!cdf->objid)
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
@ -2597,6 +2628,16 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
goto leave; goto leave;
} }
memcpy (cdf->objid, objid, objidlen); memcpy (cdf->objid, objid, objidlen);
if (objidextralen)
{
if (app->app_local->cdf_dup_counter == 255)
{
log_error ("p15: too many duplicate certificate ids\n");
err = gpg_error (GPG_ERR_TOO_MANY);
goto parse_error;
}
cdf->objid[objidlen] = ++app->app_local->cdf_dup_counter;
}
cdf->pathlen = objlen/2; cdf->pathlen = objlen/2;
for (i=0; i < cdf->pathlen; i++, pp += 2, nn -= 2) for (i=0; i < cdf->pathlen; i++, pp += 2, nn -= 2)
@ -3664,6 +3705,7 @@ read_p15_info (app_t app)
log_assert (!app->app_local->certificate_info); log_assert (!app->app_local->certificate_info);
log_assert (!app->app_local->trusted_certificate_info); log_assert (!app->app_local->trusted_certificate_info);
log_assert (!app->app_local->useful_certificate_info); log_assert (!app->app_local->useful_certificate_info);
app->app_local->cdf_dup_counter = 0;
err = read_ef_cdf (app, app->app_local->odf.certificates, 'c', err = read_ef_cdf (app, app->app_local->odf.certificates, 'c',
&app->app_local->certificate_info); &app->app_local->certificate_info);
if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA) if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
@ -4214,7 +4256,8 @@ set_usage_string (char usage[5], prkdf_object_t prkdf)
&& (!prkdf->extusage.valid || prkdf->extusage.sign)) && (!prkdf->extusage.valid || prkdf->extusage.sign))
usage[usagelen++] = 'c'; usage[usagelen++] = 'c';
if ((prkdf->usageflags.decrypt if ((prkdf->usageflags.decrypt
|| prkdf->usageflags.unwrap) || prkdf->usageflags.unwrap
|| prkdf->usageflags.derive)
&& (!prkdf->extusage.valid || prkdf->extusage.encr)) && (!prkdf->extusage.valid || prkdf->extusage.encr))
usage[usagelen++] = 'e'; usage[usagelen++] = 'e';
if ((prkdf->usageflags.sign if ((prkdf->usageflags.sign
@ -4661,7 +4704,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
/* We return the ID of the first private key capable of the /* We return the ID of the first private key capable of the
* requested action. If any gpgusage flag has been set for the * requested action. If any gpgusage flag has been set for the
* card we consult the gpgusage flags and not the regualr usage * card we consult the gpgusage flags and not the regular usage
* flags. * flags.
*/ */
/* FIXME: This changed: Note that we do not yet return /* FIXME: This changed: Note that we do not yet return
@ -4683,7 +4726,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
if ((name[1] == 'A' && (prkdf->usageflags.sign if ((name[1] == 'A' && (prkdf->usageflags.sign
|| prkdf->usageflags.sign_recover)) || prkdf->usageflags.sign_recover))
|| (name[1] == 'E' && (prkdf->usageflags.decrypt || (name[1] == 'E' && (prkdf->usageflags.decrypt
|| prkdf->usageflags.unwrap)) || prkdf->usageflags.unwrap
|| prkdf->usageflags.derive))
|| (name[1] == 'S' && (prkdf->usageflags.sign || (name[1] == 'S' && (prkdf->usageflags.sign
|| prkdf->usageflags.sign_recover))) || prkdf->usageflags.sign_recover)))
break; break;
@ -4892,7 +4936,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
} }
else else
{ {
if (prkdf->usageflags.decrypt || prkdf->usageflags.unwrap) if (prkdf->usageflags.decrypt || prkdf->usageflags.unwrap
|| prkdf->usageflags.derive)
break; break;
} }
} }
@ -5784,9 +5829,8 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
{ {
if (prkdf->is_ecc) if (prkdf->is_ecc)
{ {
/* Not implemented due to lacking test hardware. */ err = iso7816_manage_security_env (app_get_slot (app),
log_info ("Note: ECC is not yet implemented for DTRUST 4 cards\n"); 0xf3, 0x21, NULL, 0);
err = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
} }
else else
{ {
@ -5927,7 +5971,8 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf); err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
if (err) if (err)
return err; return err;
if (!(prkdf->usageflags.sign || prkdf->gpgusage.auth)) if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover
|| prkdf->gpgusage.auth))
{ {
log_error ("p15: key %s may not be used for authentication\n", keyidstr); log_error ("p15: key %s may not be used for authentication\n", keyidstr);
return gpg_error (GPG_ERR_WRONG_KEY_USAGE); return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
@ -5970,6 +6015,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
return err; return err;
if (!(prkdf->usageflags.decrypt if (!(prkdf->usageflags.decrypt
|| prkdf->usageflags.unwrap || prkdf->usageflags.unwrap
|| prkdf->usageflags.derive
|| prkdf->gpgusage.encr )) || prkdf->gpgusage.encr ))
{ {
log_error ("p15: key %s may not be used for decryption\n", keyidstr); log_error ("p15: key %s may not be used for decryption\n", keyidstr);
@ -5979,17 +6025,18 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
/* Find the authentication object to this private key object. */ /* Find the authentication object to this private key object. */
if (!prkdf->authid) if (!prkdf->authid)
{ {
log_error ("p15: no authentication object defined for %s\n", keyidstr); log_info ("p15: no authentication object defined for %s\n", keyidstr);
/* fixme: we might want to go ahead and do without PIN aodf = NULL;
verification. */
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
} }
else
{
for (aodf = app->app_local->auth_object_info; aodf; aodf = aodf->next) for (aodf = app->app_local->auth_object_info; aodf; aodf = aodf->next)
if (aodf->objidlen == prkdf->authidlen if (aodf->objidlen == prkdf->authidlen
&& !memcmp (aodf->objid, prkdf->authid, prkdf->authidlen)) && !memcmp (aodf->objid, prkdf->authid, prkdf->authidlen))
break; break;
if (!aodf) if (!aodf)
log_info ("p15: no authentication for %s needed\n", keyidstr); log_info ("p15: no authentication for %s needed\n", keyidstr);
}
/* We need some more info about the key - get the keygrip to /* We need some more info about the key - get the keygrip to
* populate these fields. */ * populate these fields. */
@ -6042,9 +6089,8 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
{ {
if (prkdf->is_ecc) if (prkdf->is_ecc)
{ {
/* Not implemented due to lacking test hardware. */ err = iso7816_manage_security_env (app_get_slot (app),
log_info ("Note: ECC is not yet implemented for DTRUST 4 cards\n"); 0xF3, 0x39, NULL, 0);
err = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
} }
else else
{ {
@ -6274,7 +6320,8 @@ do_with_keygrip (app_t app, ctrl_t ctrl, int action,
} }
else if (capability == GCRY_PK_USAGE_ENCR) else if (capability == GCRY_PK_USAGE_ENCR)
{ {
if (!(prkdf->usageflags.decrypt || prkdf->usageflags.unwrap)) if (!(prkdf->usageflags.decrypt || prkdf->usageflags.unwrap
|| prkdf->usageflags.derive))
continue; continue;
} }
else if (capability == GCRY_PK_USAGE_AUTH) else if (capability == GCRY_PK_USAGE_AUTH)

View File

@ -298,6 +298,23 @@ static int send_escape_cmd (ccid_driver_t handle, const unsigned char *data,
size_t resultmax, size_t *resultlen); size_t resultmax, size_t *resultlen);
static void
my_npth_unprotect (void)
{
#ifdef USE_NPTH
npth_unprotect ();
#endif
}
static void
my_npth_protect (void)
{
#ifdef USE_NPTH
npth_protect ();
#endif
}
static int static int
map_libusb_error (int usberr) map_libusb_error (int usberr)
{ {
@ -984,31 +1001,23 @@ get_escaped_usb_string (libusb_device_handle *idev, int idx,
/* First get the list of supported languages and use the first one. /* First get the list of supported languages and use the first one.
If we do don't find it we try to use English. Note that this is If we do don't find it we try to use English. Note that this is
all in a 2 bute Unicode encoding using little endian. */ all in a 2 bute Unicode encoding using little endian. */
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN, rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN,
LIBUSB_REQUEST_GET_DESCRIPTOR, LIBUSB_REQUEST_GET_DESCRIPTOR,
(LIBUSB_DT_STRING << 8), 0, (LIBUSB_DT_STRING << 8), 0,
buf, sizeof buf, 1000 /* ms timeout */); buf, sizeof buf, 1000 /* ms timeout */);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
if (rc < 4) if (rc < 4)
langid = 0x0409; /* English. */ langid = 0x0409; /* English. */
else else
langid = (buf[3] << 8) | buf[2]; langid = (buf[3] << 8) | buf[2];
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN, rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN,
LIBUSB_REQUEST_GET_DESCRIPTOR, LIBUSB_REQUEST_GET_DESCRIPTOR,
(LIBUSB_DT_STRING << 8) + idx, langid, (LIBUSB_DT_STRING << 8) + idx, langid,
buf, sizeof buf, 1000 /* ms timeout */); buf, sizeof buf, 1000 /* ms timeout */);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
if (rc < 2 || buf[1] != LIBUSB_DT_STRING) if (rc < 2 || buf[1] != LIBUSB_DT_STRING)
return NULL; /* Error or not a string. */ return NULL; /* Error or not a string. */
len = buf[0]; len = buf[0];
@ -1345,13 +1354,9 @@ ccid_vendor_specific_setup (ccid_driver_t handle)
{ {
if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532) if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532)
{ {
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
libusb_clear_halt (handle->idev, handle->ep_intr); libusb_clear_halt (handle->idev, handle->ep_intr);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
} }
return 0; return 0;
} }
@ -1660,13 +1665,9 @@ ccid_usb_thread (void *arg)
while (ccid_usb_thread_is_alive) while (ccid_usb_thread_is_alive)
{ {
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
libusb_handle_events_completed (ctx, NULL); libusb_handle_events_completed (ctx, NULL);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
} }
return NULL; return NULL;
@ -1776,36 +1777,42 @@ ccid_open_usb_reader (const char *spec_reader_name,
goto leave; goto leave;
} }
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect (); if (!(opt.compat_flags & COMPAT_CCID_NO_AUTO_DETACH))
#endif {
rc = libusb_set_auto_detach_kernel_driver (idev, 1);
if (rc)
{
my_npth_protect ();
DEBUGOUT_1 ("note: set_auto_detach_kernel_driver failed: %d\n", rc);
my_npth_unprotect ();
}
}
rc = libusb_claim_interface (idev, ifc_no); rc = libusb_claim_interface (idev, ifc_no);
if (rc) if (rc)
{ {
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc); DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
rc = map_libusb_error (rc); rc = map_libusb_error (rc);
goto leave; goto leave;
} }
/* Submit SET_INTERFACE control transfer which can reset the device. */ /* Submit SET_INTERFACE control transfer which can reset the device. */
if ((*handle)->id_vendor == VENDOR_ACR && (*handle)->id_product == ACR_122U)
rc = 0; /* Not supported by this reader. */
else
rc = libusb_set_interface_alt_setting (idev, ifc_no, set_no); rc = libusb_set_interface_alt_setting (idev, ifc_no, set_no);
if (rc) if (rc)
{ {
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
DEBUGOUT_1 ("usb_set_interface_alt_setting failed: %d\n", rc); DEBUGOUT_1 ("usb_set_interface_alt_setting failed: %d\n", rc);
rc = map_libusb_error (rc); rc = map_libusb_error (rc);
goto leave; goto leave;
} }
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
/* Perform any vendor specific intialization. */
rc = ccid_vendor_specific_init (*handle); rc = ccid_vendor_specific_init (*handle);
leave: leave:
@ -1939,13 +1946,9 @@ do_close_reader (ccid_driver_t handle)
while (!handle->powered_off) while (!handle->powered_off)
{ {
DEBUGOUT ("libusb_handle_events_completed\n"); DEBUGOUT ("libusb_handle_events_completed\n");
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
libusb_handle_events_completed (NULL, &handle->powered_off); libusb_handle_events_completed (NULL, &handle->powered_off);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
} }
} }
@ -2076,15 +2079,11 @@ bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen,
} }
} }
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out, rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out,
msg, msglen, &transferred, msg, msglen, &transferred,
5000 /* ms timeout */); 5000 /* ms timeout */);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
if (rc == 0 && transferred == msglen) if (rc == 0 && transferred == msglen)
return 0; return 0;
@ -2124,14 +2123,10 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
memset (buffer, 0, length); memset (buffer, 0, length);
retry: retry:
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in, rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in,
buffer, length, &msglen, bwi*timeout); buffer, length, &msglen, bwi*timeout);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
if (rc) if (rc)
{ {
DEBUGOUT_1 ("usb_bulk_read error: %s\n", libusb_error_name (rc)); DEBUGOUT_1 ("usb_bulk_read error: %s\n", libusb_error_name (rc));
@ -2280,9 +2275,7 @@ abort_cmd (ccid_driver_t handle, int seqno, int init)
/* Send the abort command to the control pipe. Note that we don't /* Send the abort command to the control pipe. Note that we don't
need to keep track of sent abort commands because there should need to keep track of sent abort commands because there should
never be another thread using the same slot concurrently. */ never be another thread using the same slot concurrently. */
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
rc = libusb_control_transfer (handle->idev, rc = libusb_control_transfer (handle->idev,
0x21,/* bmRequestType: host-to-device, 0x21,/* bmRequestType: host-to-device,
class specific, to interface. */ class specific, to interface. */
@ -2291,9 +2284,7 @@ abort_cmd (ccid_driver_t handle, int seqno, int init)
handle->ifc_no, handle->ifc_no,
dummybuf, 0, dummybuf, 0,
1000 /* ms timeout */); 1000 /* ms timeout */);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
if (rc) if (rc)
{ {
DEBUGOUT_1 ("usb_control_msg error: %s\n", libusb_error_name (rc)); DEBUGOUT_1 ("usb_control_msg error: %s\n", libusb_error_name (rc));
@ -2319,15 +2310,11 @@ abort_cmd (ccid_driver_t handle, int seqno, int init)
msglen = 10; msglen = 10;
set_msg_len (msg, 0); set_msg_len (msg, 0);
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out, rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out,
msg, msglen, &transferred, msg, msglen, &transferred,
init? 100: 5000 /* ms timeout */); init? 100: 5000 /* ms timeout */);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
if (rc == 0 && transferred == msglen) if (rc == 0 && transferred == msglen)
rc = 0; rc = 0;
else if (rc) else if (rc)
@ -2337,15 +2324,11 @@ abort_cmd (ccid_driver_t handle, int seqno, int init)
if (rc) if (rc)
return map_libusb_error (rc); return map_libusb_error (rc);
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in, rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in,
msg, sizeof msg, &msglen, msg, sizeof msg, &msglen,
init? 100: 5000 /*ms timeout*/); init? 100: 5000 /*ms timeout*/);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
if (rc) if (rc)
{ {
DEBUGOUT_1 ("usb_bulk_read error in abort_cmd: %s\n", DEBUGOUT_1 ("usb_bulk_read error in abort_cmd: %s\n",
@ -2559,14 +2542,10 @@ ccid_slot_status (ccid_driver_t handle, int *statusbits, int on_wire)
if (!retries) if (!retries)
{ {
DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n"); DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n");
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
libusb_clear_halt (handle->idev, handle->ep_bulk_in); libusb_clear_halt (handle->idev, handle->ep_bulk_in);
libusb_clear_halt (handle->idev, handle->ep_bulk_out); libusb_clear_halt (handle->idev, handle->ep_bulk_out);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
} }
else else
DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n"); DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n");
@ -3335,13 +3314,9 @@ ccid_transceive (ccid_driver_t handle,
if (tpdulen < 4) if (tpdulen < 4)
{ {
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
libusb_clear_halt (handle->idev, handle->ep_bulk_in); libusb_clear_halt (handle->idev, handle->ep_bulk_in);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
return CCID_DRIVER_ERR_ABORTED; return CCID_DRIVER_ERR_ABORTED;
} }
@ -3793,13 +3768,9 @@ ccid_transceive_secure (ccid_driver_t handle,
if (tpdulen < 4) if (tpdulen < 4)
{ {
#ifdef USE_NPTH my_npth_unprotect ();
npth_unprotect ();
#endif
libusb_clear_halt (handle->idev, handle->ep_bulk_in); libusb_clear_halt (handle->idev, handle->ep_bulk_in);
#ifdef USE_NPTH my_npth_protect ();
npth_protect ();
#endif
return CCID_DRIVER_ERR_ABORTED; return CCID_DRIVER_ERR_ABORTED;
} }
if (debug_level > 1) if (debug_level > 1)

View File

@ -70,6 +70,7 @@ enum {
VENDOR_FSIJ = 0x234b, VENDOR_FSIJ = 0x234b,
VENDOR_VASCO = 0x1a44, VENDOR_VASCO = 0x1a44,
VENDOR_NXP = 0x1fc9, VENDOR_NXP = 0x1fc9,
VENDOR_ACR = 0x072f
}; };
@ -88,6 +89,7 @@ enum {
#define VEGA_ALPHA 0x0008 #define VEGA_ALPHA 0x0008
#define CYBERJACK_GO 0x0504 #define CYBERJACK_GO 0x0504
#define CRYPTOUCAN 0x81e6 #define CRYPTOUCAN 0x81e6
#define ACR_122U 0x2200 /* NFC Reader */
#endif /*CCID_DRIVER_INCLUDE_USB_IDS*/ #endif /*CCID_DRIVER_INCLUDE_USB_IDS*/

View File

@ -104,6 +104,7 @@ enum cmd_and_opt_values
oDisableApplication, oDisableApplication,
oApplicationPriority, oApplicationPriority,
oEnablePinpadVarlen, oEnablePinpadVarlen,
oCompatibilityFlags,
oListenBacklog oListenBacklog
}; };
@ -172,6 +173,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oDisableApplication, "disable-application", "@"), ARGPARSE_s_s (oDisableApplication, "disable-application", "@"),
ARGPARSE_s_s (oApplicationPriority, "application-priority", ARGPARSE_s_s (oApplicationPriority, "application-priority",
N_("|LIST|change the application priority to LIST")), N_("|LIST|change the application priority to LIST")),
ARGPARSE_s_s (oCompatibilityFlags, "compatibility-flags", "@"),
ARGPARSE_s_i (oListenBacklog, "listen-backlog", "@"), ARGPARSE_s_i (oListenBacklog, "listen-backlog", "@"),
@ -204,6 +206,14 @@ static struct debug_flags_s debug_flags [] =
}; };
/* The list of compatibility flags. */
static struct compatibility_flags_s compatibility_flags [] =
{
{ COMPAT_CCID_NO_AUTO_DETACH, "ccid-no-auto-detach" },
{ 0, NULL }
};
/* The card driver we use by default for PC/SC. */ /* The card driver we use by default for PC/SC. */
#if defined(HAVE_W32_SYSTEM) || defined(__CYGWIN__) #if defined(HAVE_W32_SYSTEM) || defined(__CYGWIN__)
#define DEFAULT_PCSC_DRIVER "winscard.dll" #define DEFAULT_PCSC_DRIVER "winscard.dll"
@ -628,6 +638,15 @@ main (int argc, char **argv )
case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break; case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break;
case oCompatibilityFlags:
if (parse_compatibility_flags (pargs.r.ret_str, &opt.compat_flags,
compatibility_flags))
{
pargs.r_opt = ARGPARSE_INVALID_ARG;
pargs.err = ARGPARSE_PRINT_WARNING;
}
break;
case oListenBacklog: case oListenBacklog:
listen_backlog = pargs.r.ret_int; listen_backlog = pargs.r.ret_int;
break; break;

View File

@ -67,6 +67,9 @@ struct
want to use. */ want to use. */
unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */ unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */
int debug_allow_pin_logging; /* Allow PINs in debug output. */ int debug_allow_pin_logging; /* Allow PINs in debug output. */
/* Compatibility flags (COMPAT_FLAG_xxxx). */
unsigned int compat_flags;
} opt; } opt;
@ -92,6 +95,11 @@ struct
#define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE) #define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE)
#define DBG_READER (opt.debug & DBG_READER_VALUE) #define DBG_READER (opt.debug & DBG_READER_VALUE)
#define COMPAT_CCID_NO_AUTO_DETACH 1
struct server_local_s; struct server_local_s;
struct card_ctx_s; struct card_ctx_s;
struct app_ctx_s; struct app_ctx_s;

View File

@ -1330,8 +1330,19 @@ main ( int argc, char **argv)
case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
case oChUid: break; /* Command line only (see above). */ case oChUid: break; /* Command line only (see above). */
case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
case oKeyboxdProgram: opt.keyboxd_program = pargs.r.ret_str; break; case oAgentProgram:
xfree (opt.agent_program);
opt.agent_program = make_filename (pargs.r.ret_str, NULL);
break;
case oKeyboxdProgram:
xfree (opt.keyboxd_program);
opt.keyboxd_program = make_filename (pargs.r.ret_str, NULL);
break;
case oDirmngrProgram:
xfree (opt.dirmngr_program);
opt.dirmngr_program = make_filename (pargs.r.ret_str, NULL);
break;
case oDisplay: case oDisplay:
set_opt_session_env ("DISPLAY", pargs.r.ret_str); set_opt_session_env ("DISPLAY", pargs.r.ret_str);
@ -1349,7 +1360,6 @@ main ( int argc, char **argv)
case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break; case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break;
case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break; case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
case oDisableDirmngr: opt.disable_dirmngr = 1; break; case oDisableDirmngr: opt.disable_dirmngr = 1; break;
case oPreferSystemDirmngr: /* Obsolete */; break; case oPreferSystemDirmngr: /* Obsolete */; break;
case oProtectToolProgram: case oProtectToolProgram:

View File

@ -60,16 +60,16 @@ struct
int use_keyboxd; /* Use the external keyboxd as storage backend. */ int use_keyboxd; /* Use the external keyboxd as storage backend. */
const char *config_filename; /* Name of the used config file. */ const char *config_filename; /* Name of the used config file. */
const char *agent_program; char *agent_program;
const char *keyboxd_program; char *keyboxd_program;
session_env_t session_env; session_env_t session_env;
char *lc_ctype; char *lc_ctype;
char *lc_messages; char *lc_messages;
int autostart; int autostart;
const char *dirmngr_program; char *dirmngr_program;
int disable_dirmngr; /* Do not do any dirmngr calls. */ int disable_dirmngr; /* Do not do any dirmngr calls. */
const char *protect_tool_program; const char *protect_tool_program;
char *outfile; /* name of output file */ char *outfile; /* name of output file */

View File

@ -677,7 +677,7 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx, tlv_parser_t tlv)
const unsigned char *data; const unsigned char *data;
size_t datalen; size_t datalen;
int intval; int intval;
char salt[20]; char salt[32];
size_t saltlen; size_t saltlen;
char iv[16]; char iv[16];
unsigned int iter; unsigned int iter;
@ -1945,43 +1945,46 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
} }
where = "pfx"; where = "pfx";
if (tlv_next (tlv)) if ((err = tlv_next (tlv)))
goto bailout; goto bailout;
if (tlv_expect_sequence (tlv)) if ((err = tlv_expect_sequence (tlv)))
goto bailout; goto bailout;
where = "pfxVersion"; where = "pfxVersion";
if (tlv_next (tlv)) if ((err = tlv_next (tlv)))
goto bailout; goto bailout;
if (tlv_expect_integer (tlv, &intval) || intval != 3) if ((err = tlv_expect_integer (tlv, &intval)) || intval != 3)
goto bailout; goto bailout;
where = "authSave"; where = "authSave";
if (tlv_next (tlv)) if ((err = tlv_next (tlv)))
goto bailout; goto bailout;
if (tlv_expect_sequence (tlv)) if ((err = tlv_expect_sequence (tlv)))
goto bailout; goto bailout;
if (tlv_next (tlv)) if ((err = tlv_next (tlv)))
goto bailout; goto bailout;
if (tlv_expect_object_id (tlv, &oid, &oidlen)) if ((err = tlv_expect_object_id (tlv, &oid, &oidlen)))
goto bailout; goto bailout;
if (oidlen != DIM(oid_data) || memcmp (oid, oid_data, DIM(oid_data))) if (oidlen != DIM(oid_data) || memcmp (oid, oid_data, DIM(oid_data)))
{
err = gpg_error (GPG_ERR_INV_OBJ);
goto bailout;
}
if ((err = tlv_next (tlv)))
goto bailout;
if ((err = tlv_expect_context_tag (tlv, &intval)) || intval != 0 )
goto bailout; goto bailout;
if (tlv_next (tlv)) if ((err = tlv_next (tlv)))
goto bailout; goto bailout;
if (tlv_expect_context_tag (tlv, &intval) || intval != 0 ) if ((err = tlv_expect_octet_string (tlv, 1, NULL, NULL)))
goto bailout;
if (tlv_next (tlv))
goto bailout;
if (tlv_expect_octet_string (tlv, 1, NULL, NULL))
goto bailout; goto bailout;
if (tlv_peek (tlv, CLASS_UNIVERSAL, TAG_OCTET_STRING)) if (tlv_peek (tlv, CLASS_UNIVERSAL, TAG_OCTET_STRING))
{ {
if (tlv_next (tlv)) if ((err = tlv_next (tlv)))
goto bailout; goto bailout;
err = tlv_expect_octet_string (tlv, 1, NULL, NULL); err = tlv_expect_octet_string (tlv, 1, NULL, NULL);
if (err) if (err)
@ -1989,9 +1992,9 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
} }
where = "bags"; where = "bags";
if (tlv_next (tlv)) if ((err = tlv_next (tlv)))
goto bailout; goto bailout;
if (tlv_expect_sequence (tlv)) if ((err = tlv_expect_sequence (tlv)))
goto bailout; goto bailout;
startlevel = tlv_parser_level (tlv); startlevel = tlv_parser_level (tlv);
@ -2000,12 +2003,12 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
{ {
where = "bag-sequence"; where = "bag-sequence";
tlv_parser_dump_state (where, NULL, tlv); tlv_parser_dump_state (where, NULL, tlv);
if (tlv_expect_sequence (tlv)) if ((err = tlv_expect_sequence (tlv)))
goto bailout; goto bailout;
if (tlv_next (tlv)) if ((err = tlv_next (tlv)))
goto bailout; goto bailout;
if (tlv_expect_object_id (tlv, &oid, &oidlen)) if ((err = tlv_expect_object_id (tlv, &oid, &oidlen)))
goto bailout; goto bailout;
if (oidlen == DIM(oid_encryptedData) if (oidlen == DIM(oid_encryptedData)

View File

@ -99,7 +99,7 @@ suite.
This envvar gives the root directory of the build tree. See This envvar gives the root directory of the build tree. See
tests/gpgconf.ctl.in for the way we tell the GnuPG components this tests/gpgconf.ctl.in for the way we tell the GnuPG components this
location. Note that we can't use that envvar directly because this location. Note that we can't use that envvar directly because this
would allow user scripts and other software to accidently mess up the would allow user scripts and other software to accidentally mess up the
used components. used components.
**** argv[0] **** argv[0]
run-tests.scm depends on being able to re-exec gpgscm. It uses run-tests.scm depends on being able to re-exec gpgscm. It uses

View File

@ -220,9 +220,15 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
} }
break; break;
case oGpgProgram: opt.gpg_program = pargs->r.ret_str; break; case oGpgProgram:
case oGpgsmProgram: opt.gpgsm_program = pargs->r.ret_str; break; opt.gpg_program = make_filename (pargs->r.ret_str, NULL);
case oAgentProgram: opt.agent_program = pargs->r.ret_str; break; break;
case oGpgsmProgram:
opt.gpgsm_program = make_filename (pargs->r.ret_str, NULL);
break;
case oAgentProgram:
opt.agent_program = make_filename (pargs->r.ret_str, NULL);
break;
case oStatusFD: case oStatusFD:
gnupg_set_status_fd (translate_sys2libc_fd_int (pargs->r.ret_int, 1)); gnupg_set_status_fd (translate_sys2libc_fd_int (pargs->r.ret_int, 1));
@ -402,7 +408,7 @@ nullnone (const char *s)
* success returns 0 and stores the number of bytes read at R_BUFLEN * success returns 0 and stores the number of bytes read at R_BUFLEN
* and the address of a newly allocated buffer at R_BUFFER. A * and the address of a newly allocated buffer at R_BUFFER. A
* complementary nul byte is always appended to the data but not * complementary nul byte is always appended to the data but not
* counted; this allows to pass NULL for R-BUFFER and consider the * counted; this allows one to pass NULL for R-BUFFER and consider the
* returned data as a string. */ * returned data as a string. */
static gpg_error_t static gpg_error_t
get_data_from_file (const char *fname, char **r_buffer, size_t *r_buflen) get_data_from_file (const char *fname, char **r_buffer, size_t *r_buflen)

View File

@ -34,9 +34,9 @@ struct
unsigned int debug; unsigned int debug;
int quiet; int quiet;
int with_colons; int with_colons;
const char *gpg_program; char *gpg_program;
const char *gpgsm_program; char *gpgsm_program;
const char *agent_program; char *agent_program;
int autostart; int autostart;
int no_key_lookup; /* Assume --no-key-lookup for "list". */ int no_key_lookup; /* Assume --no-key-lookup for "list". */

View File

@ -126,9 +126,9 @@ struct
int quiet; /* Be extra quiet. */ int quiet; /* Be extra quiet. */
int autostart; /* Start the server if not running. */ int autostart; /* Start the server if not running. */
const char *homedir; /* Configuration directory name */ const char *homedir; /* Configuration directory name */
const char *agent_program; /* Value of --agent-program. */ char *agent_program; /* Value of --agent-program. */
const char *dirmngr_program; /* Value of --dirmngr-program. */ char *dirmngr_program; /* Value of --dirmngr-program. */
const char *keyboxd_program; /* Value of --keyboxd-program. */ char *keyboxd_program; /* Value of --keyboxd-program. */
int hex; /* Print data lines in hex format. */ int hex; /* Print data lines in hex format. */
int decode; /* Decode received data lines. */ int decode; /* Decode received data lines. */
int use_dirmngr; /* Use the dirmngr and not gpg-agent. */ int use_dirmngr; /* Use the dirmngr and not gpg-agent. */
@ -1269,9 +1269,15 @@ main (int argc, char **argv)
case oVerbose: opt.verbose++; break; case oVerbose: opt.verbose++; break;
case oNoVerbose: opt.verbose = 0; break; case oNoVerbose: opt.verbose = 0; break;
case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
case oAgentProgram: opt.agent_program = pargs.r.ret_str; break; case oAgentProgram:
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break; opt.agent_program = make_filename (pargs.r.ret_str, NULL);
case oKeyboxdProgram: opt.keyboxd_program = pargs.r.ret_str; break; break;
case oDirmngrProgram:
opt.dirmngr_program = make_filename (pargs.r.ret_str, NULL);
break;
case oKeyboxdProgram:
opt.keyboxd_program = make_filename (pargs.r.ret_str, NULL);
break;
case oNoAutostart: opt.autostart = 0; break; case oNoAutostart: opt.autostart = 0; break;
case oNoHistory: opt.no_history = 1; break; case oNoHistory: opt.no_history = 1; break;
case oHex: opt.hex = 1; break; case oHex: opt.hex = 1; break;

View File

@ -78,6 +78,7 @@ enum cmd_and_opt_values
oNoAutostart, oNoAutostart,
oAddRevocs, oAddRevocs,
oNoAddRevocs, oNoAddRevocs,
oRealClean,
oDummy oDummy
}; };
@ -121,8 +122,9 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oWithColons, "with-colons", "@"), ARGPARSE_s_n (oWithColons, "with-colons", "@"),
ARGPARSE_s_s (oBlacklist, "blacklist", "@"), ARGPARSE_s_s (oBlacklist, "blacklist", "@"),
ARGPARSE_s_s (oDirectory, "directory", "@"), ARGPARSE_s_s (oDirectory, "directory", "@"),
ARGPARSE_s_n (oAddRevocs, "add-revocs", "add revocation certificates"), ARGPARSE_s_n (oAddRevocs, "add-revocs", "@"),
ARGPARSE_s_n (oNoAddRevocs, "no-add-revocs", "do not add revocation certificates"), ARGPARSE_s_n (oNoAddRevocs, "no-add-revocs", "do not add revocation certificates"),
ARGPARSE_s_n (oRealClean, "realclean", "remove most key signatures"),
ARGPARSE_s_s (oFakeSubmissionAddr, "fake-submission-addr", "@"), ARGPARSE_s_s (oFakeSubmissionAddr, "fake-submission-addr", "@"),
@ -154,7 +156,7 @@ static char **blacklist_array;
static size_t blacklist_array_len; static size_t blacklist_array_len;
static void wrong_args (const char *text) GPGRT_ATTR_NORETURN; static void wrong_args (const char *t1, const char *t2) GPGRT_ATTR_NORETURN;
static void add_blacklist (const char *fname); static void add_blacklist (const char *fname);
static gpg_error_t proc_userid_from_stdin (gpg_error_t (*func)(const char *), static gpg_error_t proc_userid_from_stdin (gpg_error_t (*func)(const char *),
const char *text); const char *text);
@ -204,10 +206,15 @@ my_strusage( int level )
static void static void
wrong_args (const char *text) wrong_args (const char *text, const char *text2)
{ {
es_fprintf (es_stderr, _("usage: %s [options] %s\n"), #if GPGRT_VERSION_NUMBER >= 0x013000 /* >= 1.48 */
gpgrt_strusage (11), text); /* Skip the leading dashes if build with command support. */
if (text[0] == '-' && text[1] == '-' && text[2])
text += 2;
#endif
es_fprintf (es_stderr, _("usage: %s %s [options] %s\n"),
gpgrt_strusage (11), text, text2);
exit (2); exit (2);
} }
@ -235,16 +242,16 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
break; break;
case oGpgProgram: case oGpgProgram:
opt.gpg_program = pargs->r.ret_str; opt.gpg_program = make_filename (pargs->r.ret_str, NULL);
break; break;
case oDirectory: case oDirectory:
opt.directory = pargs->r.ret_str; opt.directory = make_filename (pargs->r.ret_str, NULL);
break; break;
case oSend: case oSend:
opt.use_sendmail = 1; opt.use_sendmail = 1;
break; break;
case oOutput: case oOutput:
opt.output = pargs->r.ret_str; opt.output = make_filename (pargs->r.ret_str, NULL);
break; break;
case oFakeSubmissionAddr: case oFakeSubmissionAddr:
fake_submission_addr = pargs->r.ret_str; fake_submission_addr = pargs->r.ret_str;
@ -268,6 +275,10 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
opt.add_revocs = 0; opt.add_revocs = 0;
break; break;
case oRealClean:
opt.realclean = 1;
break;
case aSupported: case aSupported:
case aCreate: case aCreate:
case aReceive: case aReceive:
@ -315,6 +326,9 @@ main (int argc, char **argv)
pargs.argc = &argc; pargs.argc = &argc;
pargs.argv = &argv; pargs.argv = &argv;
pargs.flags = ARGPARSE_FLAG_KEEP; pargs.flags = ARGPARSE_FLAG_KEEP;
#if GPGRT_VERSION_NUMBER >= 0x013000 /* >= 1.48 */
pargs.flags |= ARGPARSE_FLAG_COMMAND;
#endif
cmd = parse_arguments (&pargs, opts); cmd = parse_arguments (&pargs, opts);
gpgrt_argparse (NULL, &pargs, NULL); gpgrt_argparse (NULL, &pargs, NULL);
@ -350,7 +364,7 @@ main (int argc, char **argv)
/* Set defaults for non given options. */ /* Set defaults for non given options. */
if (!opt.gpg_program) if (!opt.gpg_program)
opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG); opt.gpg_program = xstrdup (gnupg_module_name (GNUPG_MODULE_NAME_GPG));
if (!opt.directory) if (!opt.directory)
opt.directory = "openpgpkey"; opt.directory = "openpgpkey";
@ -394,7 +408,7 @@ main (int argc, char **argv)
else else
{ {
if (argc != 1) if (argc != 1)
wrong_args ("--supported DOMAIN"); wrong_args ("--supported", "DOMAIN");
err = command_supported (argv[0]); err = command_supported (argv[0]);
if (err && gpg_err_code (err) != GPG_ERR_FALSE) if (err && gpg_err_code (err) != GPG_ERR_FALSE)
log_error ("checking support failed: %s\n", gpg_strerror (err)); log_error ("checking support failed: %s\n", gpg_strerror (err));
@ -403,7 +417,7 @@ main (int argc, char **argv)
case aCreate: case aCreate:
if (argc != 2) if (argc != 2)
wrong_args ("--create FINGERPRINT USER-ID"); wrong_args ("--create", "FINGERPRINT USER-ID");
err = command_create (argv[0], argv[1]); err = command_create (argv[0], argv[1]);
if (err) if (err)
log_error ("creating request failed: %s\n", gpg_strerror (err)); log_error ("creating request failed: %s\n", gpg_strerror (err));
@ -411,7 +425,7 @@ main (int argc, char **argv)
case aReceive: case aReceive:
if (argc) if (argc)
wrong_args ("--receive < MIME-DATA"); wrong_args ("--receive", "< MIME-DATA");
err = wks_receive (es_stdin, command_receive_cb, NULL); err = wks_receive (es_stdin, command_receive_cb, NULL);
if (err) if (err)
log_error ("processing mail failed: %s\n", gpg_strerror (err)); log_error ("processing mail failed: %s\n", gpg_strerror (err));
@ -419,7 +433,7 @@ main (int argc, char **argv)
case aRead: case aRead:
if (argc) if (argc)
wrong_args ("--read < WKS-DATA"); wrong_args ("--read", "< WKS-DATA");
err = read_confirmation_request (es_stdin); err = read_confirmation_request (es_stdin);
if (err) if (err)
log_error ("processing mail failed: %s\n", gpg_strerror (err)); log_error ("processing mail failed: %s\n", gpg_strerror (err));
@ -427,7 +441,7 @@ main (int argc, char **argv)
case aCheck: case aCheck:
if (argc != 1) if (argc != 1)
wrong_args ("--check USER-ID"); wrong_args ("--check", "USER-ID");
err = command_check (argv[0]); err = command_check (argv[0]);
break; break;
@ -444,12 +458,12 @@ main (int argc, char **argv)
else if (argc == 2) else if (argc == 2)
err = wks_cmd_install_key (*argv, argv[1]); err = wks_cmd_install_key (*argv, argv[1]);
else else
wrong_args ("--install-key [FILE|FINGERPRINT USER-ID]"); wrong_args ("--install-key", "[FILE|FINGERPRINT USER-ID]");
break; break;
case aRemoveKey: case aRemoveKey:
if (argc != 1) if (argc != 1)
wrong_args ("--remove-key USER-ID"); wrong_args ("--remove-key", "USER-ID");
err = wks_cmd_remove_key (*argv); err = wks_cmd_remove_key (*argv);
break; break;
@ -1779,6 +1793,8 @@ process_confirmation_request (estream_t msg, const char *mainfpr)
log_info ("no encryption key found - sending response in the clear\n"); log_info ("no encryption key found - sending response in the clear\n");
err = send_confirmation_response (sender, address, nonce, 0, NULL); err = send_confirmation_response (sender, address, nonce, 0, NULL);
} }
if (!err)
log_info ("response sent to '%s' for '%s'\n", sender, address);
leave: leave:
nvc_release (nvc); nvc_release (nvc);
@ -1903,7 +1919,7 @@ domain_matches_mbox (const char *domain, const char *mbox)
* so that for a key with * so that for a key with
* uid: Joe Someone <joe@example.org> * uid: Joe Someone <joe@example.org>
* uid: Joe <joe@example.org> * uid: Joe <joe@example.org>
* only the news user id (and thus its self-signature) is used. * only the newest user id (and thus its self-signature) is used.
* UIDLIST is nodified to set all MBOX fields to NULL for a processed * UIDLIST is nodified to set all MBOX fields to NULL for a processed
* user id. FPR is the fingerprint of the key. * user id. FPR is the fingerprint of the key.
*/ */
@ -2010,7 +2026,7 @@ mirror_one_key (estream_t key)
continue; /* No mail box or already processed. */ continue; /* No mail box or already processed. */
if (uid->expired) if (uid->expired)
continue; continue;
if (!domain_matches_mbox (domain, uid->mbox)) if (*domain && !domain_matches_mbox (domain, uid->mbox))
continue; /* We don't want this one. */ continue; /* We don't want this one. */
if (is_in_blacklist (uid->mbox)) if (is_in_blacklist (uid->mbox))
continue; continue;

View File

@ -308,7 +308,7 @@ main (int argc, char **argv)
/* Set defaults for non given options. */ /* Set defaults for non given options. */
if (!opt.gpg_program) if (!opt.gpg_program)
opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG); opt.gpg_program = xstrdup (gnupg_module_name (GNUPG_MODULE_NAME_GPG));
if (!opt.directory) if (!opt.directory)
opt.directory = "/var/lib/gnupg/wks"; opt.directory = "/var/lib/gnupg/wks";

Some files were not shown because too many files have changed in this diff Show More