This commit is contained in:
Werner Koch 2006-10-23 14:02:13 +00:00
parent 2a9f9d76a2
commit 7b8ea82ab6
20 changed files with 172 additions and 49 deletions

View File

@ -1,3 +1,7 @@
2006-10-20 Werner Koch <wk@g10code.com>
* Makefile.am (stowinstall): Add convenience target.
2006-10-18 Werner Koch <wk@g10code.com>
* configure.ac: svn revison magic fixes for old bashs. Suggested

View File

@ -79,5 +79,7 @@ SUBDIRS = m4 intl gl include jnlib common ${kbx} \
dist-hook:
echo "$(VERSION)" > $(distdir)/VERSION
stowinstall:
$(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/gnupg

5
NEWS
View File

@ -4,6 +4,11 @@ Noteworthy changes in version 1.9.94
* Keys for gpgsm may now be specified using a keygrip. A keygrip is
indicated by a prefixing it with an ampersand.
* gpgconf now supports switching the CMS cipher algo (e.g. to AES).
* New command --gpgconf-test for all major tools. This may be used to
check whether the configuration file is sane.
Noteworthy changes in version 1.9.93 (2006-10-18)
-------------------------------------------------

View File

@ -1,5 +1,7 @@
2006-10-23 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): New command --gpgconf-test.
* minip12.c (parse_bag_encrypted_data, parse_bag_data): Allow for
a salt of 20 bytes.

View File

@ -61,6 +61,7 @@ enum cmd_and_opt_values
oNoVerbose = 500,
aGPGConfList,
aGPGConfTest,
oOptions,
oDebug,
oDebugAll,
@ -105,6 +106,7 @@ enum cmd_and_opt_values
static ARGPARSE_OPTS opts[] = {
{ aGPGConfList, "gpgconf-list", 256, "@" },
{ aGPGConfTest, "gpgconf-test", 256, "@" },
{ 301, NULL, 0, N_("@Options:\n ") },
@ -620,6 +622,7 @@ main (int argc, char **argv )
switch (pargs.r_opt)
{
case aGPGConfList: gpgconf_list = 1; break;
case aGPGConfTest: gpgconf_list = 2; break;
case oBatch: opt.batch=1; break;
case oDebugWait: debug_wait = pargs.r.ret_int; break;
@ -719,6 +722,8 @@ main (int argc, char **argv )
log_debug ("... okay\n");
}
if (gpgconf_list == 2)
agent_exit (0);
if (gpgconf_list)
{
char *filename;

View File

@ -365,12 +365,13 @@ those of the given name. The new keyring is written to stdout or to the
file given with option @option{--output}. Use together with
@option{--armor} to mail those keys.
@item --send-keys
@item --send-keys @code{key IDs}
@opindex send-keys
Same as @option{--export} but sends the keys to a keyserver. Option
@option{--keyserver} must be used to give the name of this
keyserver. Don't send your complete keyring to a keyserver --- select
only those keys which are new or changed by you.
Similar to @option{--export} but sends the keys to a keyserver.
Fingerprints may be used instead of key IDs. Option @option{--keyserver}
must be used to give the name of this keyserver. Don't send your
complete keyring to a keyserver --- select only those keys which are new
or changed by you.
@item --export-secret-keys
@itemx --export-secret-subkeys

View File

@ -490,10 +490,19 @@ certificate.
@table @gnupgtabopt
@item --include-certs @var{n}
@opindex include-certs
Using @var{n} of -2 includes all certificate except for the root cert,
-1 includes all certs, 0 does not include any certs, 1 includes only
the signers cert (this is the default) and all other positive
values include up to @var{n} certificates starting with the signer cert.
@item --cipher-algo @var{oid}
@opindex cipher-algo
Use the cipher algorithm with the ASN.1 object identifier @var{oid} for
encryption. For convenience the strings @code{3DES}, @code{AES} and
@code{AES256} may be used instead of their OIDs. The default is
@code{3DES} (1.2.840.113549.3.7).
@end table

View File

@ -1,3 +1,9 @@
2006-10-23 Werner Koch <wk@g10code.com>
* gpg.c (main): New command --gpgconf-test.
* Makefile.am (bzip2_source): New.
2006-10-20 Werner Koch <wk@g10code.com>
* getkey.c (classify_user_id): Reserve '&' for search by keygrip.

View File

@ -33,11 +33,18 @@ needed_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
bin_PROGRAMS = gpg2 gpgv2
if ENABLE_BZIP2_SUPPORT
bzip2_source = compress-bz2.c
else
bzip2_source =
endif
common_source = \
gpg.h \
build-packet.c \
compress.c \
compress-bz2.c \
$(bzip2_source) \
filter.h \
free-packet.c \
getkey.c \

View File

@ -110,6 +110,7 @@ enum cmd_and_opt_values
aLSignKey,
aListConfig,
aGPGConfList,
aGPGConfTest,
aListPackets,
aEditKey,
aDeleteKeys,
@ -408,6 +409,7 @@ static ARGPARSE_OPTS opts[] = {
#endif
{ aListConfig, "list-config", 256, "@"},
{ aGPGConfList, "gpgconf-list", 256, "@" },
{ aGPGConfTest, "gpgconf-test", 256, "@" },
{ aListPackets, "list-packets",256, "@"},
{ aExportOwnerTrust, "export-ownertrust", 256, "@"},
{ aImportOwnerTrust, "import-ownertrust", 256, "@"},
@ -2026,6 +2028,7 @@ main (int argc, char **argv )
case aCheckKeys:
case aListConfig:
case aGPGConfList:
case aGPGConfTest:
case aListPackets:
case aImport:
case aFastImport:
@ -3183,7 +3186,7 @@ main (int argc, char **argv )
SELinux, this is so that the rings are added to the list of
secured files. */
if( ALWAYS_ADD_KEYRINGS
|| (cmd != aDeArmor && cmd != aEnArmor) )
|| (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
{
if (ALWAYS_ADD_KEYRINGS
|| (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
@ -3202,6 +3205,9 @@ main (int argc, char **argv )
FREE_STRLIST(nrings);
FREE_STRLIST(sec_nrings);
if (cmd == aGPGConfTest)
g10_exit(0);
if( pwfd != -1 ) /* Read the passphrase now. */
read_passphrase_from_fd( pwfd );

View File

@ -1,3 +1,8 @@
2006-10-20 Werner Koch <wk@g10code.com>
* Makefile.am: Reporder macros for better readability.
(gpg2keys_finger_LDADD): Add GPG_ERROR_LIBS.
2006-10-19 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_hkp.c (curl_mrindex_writer): Print a warning if we see

View File

@ -40,18 +40,17 @@ common_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS)
gpg2keys_ldap_LDADD = $(LDAPLIBS) $(NETLIBS) \
$(other_libs)
gpg2keys_ldap_LDADD = $(LDAPLIBS) $(NETLIBS) $(other_libs)
gpg2keys_finger_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) \
gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_ldap_CPPFLAGS = $(AM_CPPFLAGS)
gpg2keys_finger_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \
$(NETLIBS) $(other_libs)
gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h no-libgcrypt.c
gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h no-libgcrypt.c
if FAKE_CURL
gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h
gpg2keys_curl_CPPFLAGS = $(AM_CPPFLAGS)

View File

@ -1,3 +1,7 @@
2006-10-23 Werner Koch <wk@g10code.com>
* scdaemon.c (main): New command --gpgconf-test.
2006-10-17 Werner Koch <wk@g10code.com>
* Makefile.am (scdaemon_LDADD): Link against libcommonpth.

View File

@ -2712,7 +2712,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
general rule for it so we need to decide case by case. */
if (app->app_local->card_type == CARD_TYPE_BELPIC)
{
/* The eID card has a card number printed on the fron matter
/* The eID card has a card number printed on the front matter
which seems to be a good indication. */
unsigned char *buffer;
const unsigned char *p;
@ -2938,7 +2938,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
/* Due to the fact that the non-repudiation signature on a BELPIC
card requires a ver verify immediately before the DSO we set the
card requires a verify immediately before the DSO we set the
MSE before we do the verification. Other cards might allow to do
this also but I don't want to break anything, thus we do it only
for the BELPIC card here. */

View File

@ -63,6 +63,7 @@ enum cmd_and_opt_values
oNoVerbose = 500,
aGPGConfList,
aGPGConfTest,
oOptions,
oDebug,
oDebugAll,
@ -97,6 +98,7 @@ enum cmd_and_opt_values
static ARGPARSE_OPTS opts[] = {
{ aGPGConfList, "gpgconf-list", 256, "@" },
{ aGPGConfTest, "gpgconf-test", 256, "@" },
{ 301, NULL, 0, N_("@Options:\n ") },
@ -450,6 +452,7 @@ main (int argc, char **argv )
switch (pargs.r_opt)
{
case aGPGConfList: gpgconf_list = 1; break;
case aGPGConfTest: gpgconf_list = 2; break;
case oQuiet: opt.quiet = 1; break;
case oVerbose: opt.verbose++; break;
case oBatch: opt.batch=1; break;
@ -552,6 +555,8 @@ main (int argc, char **argv )
log_debug ("... okay\n");
}
if (gpgconf_list == 2)
scd_exit (0);
if (gpgconf_list)
{
/* List options and default values in the GPG Conf format. */

View File

@ -1,3 +1,8 @@
2006-10-23 Werner Koch <wk@g10code.com>
* gpgsm.c (main): Remap common cipher algo names to their OIDs.
(main): New command --gpgconf-test.
2006-10-20 Werner Koch <wk@g10code.com>
* keydb.c (classify_user_id): Parse keygrip for the '&' identifier.

View File

@ -90,6 +90,7 @@ enum cmd_and_opt_values {
aCallProtectTool,
aPasswd,
aGPGConfList,
aGPGConfTest,
aDumpKeys,
aDumpChain,
aDumpSecretKeys,
@ -265,6 +266,7 @@ static ARGPARSE_OPTS opts[] = {
N_("invoke gpg-protect-tool")},
{ aPasswd, "passwd", 256, N_("change a passphrase")},
{ aGPGConfList, "gpgconf-list", 256, "@" },
{ aGPGConfTest, "gpgconf-test", 256, "@" },
{ aDumpKeys, "dump-cert", 256, "@"},
{ aDumpKeys, "dump-keys", 256, "@"},
@ -781,7 +783,7 @@ main ( int argc, char **argv)
create_dotlock (NULL); /* register locking cleanup */
i18n_init();
opt.def_cipher_algoid = "1.2.840.113549.3.7"; /*des-EDE3-CBC*/
opt.def_cipher_algoid = "3DES"; /*des-EDE3-CBC*/
opt.homedir = default_homedir ();
#ifdef HAVE_W32_SYSTEM
@ -880,6 +882,7 @@ main ( int argc, char **argv)
switch (pargs.r_opt)
{
case aGPGConfList:
case aGPGConfTest:
set_cmd (&cmd, pargs.r_opt);
do_not_setup_keys = 1;
nogreeting = 1;
@ -1265,18 +1268,32 @@ main ( int argc, char **argv)
}
/* Must do this after dropping setuid, because the mapping functions
may try to load an module and we may have disabled an algorithm. */
if ( !gcry_cipher_map_name (opt.def_cipher_algoid)
|| !gcry_cipher_mode_from_oid (opt.def_cipher_algoid))
log_error (_("selected cipher algorithm is invalid\n"));
may try to load an module and we may have disabled an algorithm.
We remap the commonly used algorithms to the OIDs for
convenience. We need to work with the OIDs because they are used
to check whether the encryption mode is actually available. */
if (!strcmp (opt.def_cipher_algoid, "3DES") )
opt.def_cipher_algoid = "1.2.840.113549.3.7";
else if (!strcmp (opt.def_cipher_algoid, "AES")
|| !strcmp (opt.def_cipher_algoid, "AES128"))
opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.2";
else if (!strcmp (opt.def_cipher_algoid, "AES256") )
opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.42";
if (def_digest_string)
if (cmd != aGPGConfList)
{
opt.def_digest_algo = gcry_md_map_name (def_digest_string);
xfree (def_digest_string);
def_digest_string = NULL;
if (our_md_test_algo(opt.def_digest_algo) )
log_error (_("selected digest algorithm is invalid\n"));
if ( !gcry_cipher_map_name (opt.def_cipher_algoid)
|| !gcry_cipher_mode_from_oid (opt.def_cipher_algoid))
log_error (_("selected cipher algorithm is invalid\n"));
if (def_digest_string)
{
opt.def_digest_algo = gcry_md_map_name (def_digest_string);
xfree (def_digest_string);
def_digest_string = NULL;
if (our_md_test_algo(opt.def_digest_algo) )
log_error (_("selected digest algorithm is invalid\n"));
}
}
if (log_get_errorcount(0))
@ -1411,9 +1428,15 @@ main ( int argc, char **argv)
GC_OPT_FLAG_NONE );
printf ("prefer-system-dirmngr:%lu:\n",
GC_OPT_FLAG_NONE );
printf ("cipher-algo:%lu:\"3DES:\n",
GC_OPT_FLAG_DEFAULT );
}
break;
case aGPGConfTest:
/* This is merely a dummy command to test whether the
configuration file is valid. */
break;
case aServer:
if (debug_wait)

View File

@ -1,3 +1,11 @@
2006-10-23 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <gpgsm>: Add --cipher-algo.
2006-10-20 Werner Koch <wk@g10code.com>
* gpgsm-gencert.sh: Enhanced the main menu.
2006-10-12 Werner Koch <wk@g10code.com>
* Makefile.am (gpg-zip, gpgsplit): Do not install due to a

View File

@ -676,6 +676,9 @@ static gc_option_t gc_options_gpgsm[] =
{ "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"gnupg", "fetch missing issuer certificates",
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
{ "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"gnupg", "|NAME|use cipher algorithm NAME",
GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
GC_OPTION_NULL
};

View File

@ -84,29 +84,53 @@ query_user_menu()
echo "You selected: $ANSWER" >&2
}
query_user_menu "Key type" "RSA" "existing key" "OPENPGP.1" "OPENPGP.3"
case "$ANSWER" in
RSA)
KEY_TYPE=$ANSWER
query_user_menu "Key length" "1024" "2048"
KEY_LENGTH=$ANSWER
KEY_GRIP=
;;
existing*)
# User requested to use an existing key; need to set some dummy defaults
KEY_TYPE=RSA
KEY_LENGTH=1024
query_user "Keygrip "
KEY_GRIP=$ANSWER
;;
*)
KEY_TYPE="card:$ANSWER"
KEY_LENGTH=
KEY_GRIP=
;;
esac
KEY_TYPE=""
while [ -z "$KEY_TYPE" ]; do
query_user_menu "Key type" "RSA" "Existing key" "Direct from card"
case "$ANSWER" in
RSA)
KEY_TYPE=$ANSWER
query_user_menu "Key length" "1024" "2048"
KEY_LENGTH=$ANSWER
KEY_GRIP=
;;
Existing*)
# User requested to use an existing key; need to set some dummy defaults
query_user "Keygrip "
if [ -n "$ANSWER" ]; then
KEY_TYPE=RSA
KEY_LENGTH=1024
KEY_GRIP=$ANSWER
fi
;;
Direct*)
tmp=$(echo 'SCD SERIALNO' | gpg-connect-agent | \
awk '$2 == "SERIALNO" {print $3}')
if [ -z "$tmp" ]; then
echo "No card found" >&2
else
echo "Card with S/N $tmp found" >&2
tmp=$(echo 'SCD LEARN --force' | gpg-connect-agent | \
awk '$2 == "KEYPAIRINFO" {printf " %s", $4}')
sshid=$(echo 'SCD GETATTR $AUTHKEYID' | gpg-connect-agent | \
awk '$2 == "$AUTHKEYID" {print $3}')
[ -n "$sshid" ] && echo "gpg-agent uses $sshid as ssh key" >&2
query_user_menu "Select key " $tmp "back"
if [ "$ANSWER" != "back" ]; then
KEY_TYPE="card:$ANSWER"
KEY_LENGTH=
KEY_GRIP=
fi
fi
;;
*)
exit 1
;;
esac
done
query_user_menu "Key usage" "sign, encrypt" "sign" "encrypt"
KEY_USAGE=$ANSWER