mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
.
This commit is contained in:
parent
2a9f9d76a2
commit
7b8ea82ab6
@ -1,3 +1,7 @@
|
||||
2006-10-20 Werner Koch <wk@g10code.com>
|
||||
|
||||
* Makefile.am (stowinstall): Add convenience target.
|
||||
|
||||
2006-10-18 Werner Koch <wk@g10code.com>
|
||||
|
||||
* configure.ac: svn revison magic fixes for old bashs. Suggested
|
||||
|
@ -79,5 +79,7 @@ SUBDIRS = m4 intl gl include jnlib common ${kbx} \
|
||||
dist-hook:
|
||||
echo "$(VERSION)" > $(distdir)/VERSION
|
||||
|
||||
stowinstall:
|
||||
$(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/gnupg
|
||||
|
||||
|
||||
|
5
NEWS
5
NEWS
@ -4,6 +4,11 @@ Noteworthy changes in version 1.9.94
|
||||
* Keys for gpgsm may now be specified using a keygrip. A keygrip is
|
||||
indicated by a prefixing it with an ampersand.
|
||||
|
||||
* gpgconf now supports switching the CMS cipher algo (e.g. to AES).
|
||||
|
||||
* New command --gpgconf-test for all major tools. This may be used to
|
||||
check whether the configuration file is sane.
|
||||
|
||||
|
||||
Noteworthy changes in version 1.9.93 (2006-10-18)
|
||||
-------------------------------------------------
|
||||
|
@ -1,5 +1,7 @@
|
||||
2006-10-23 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpg-agent.c (main): New command --gpgconf-test.
|
||||
|
||||
* minip12.c (parse_bag_encrypted_data, parse_bag_data): Allow for
|
||||
a salt of 20 bytes.
|
||||
|
||||
|
@ -61,6 +61,7 @@ enum cmd_and_opt_values
|
||||
|
||||
oNoVerbose = 500,
|
||||
aGPGConfList,
|
||||
aGPGConfTest,
|
||||
oOptions,
|
||||
oDebug,
|
||||
oDebugAll,
|
||||
@ -105,6 +106,7 @@ enum cmd_and_opt_values
|
||||
static ARGPARSE_OPTS opts[] = {
|
||||
|
||||
{ aGPGConfList, "gpgconf-list", 256, "@" },
|
||||
{ aGPGConfTest, "gpgconf-test", 256, "@" },
|
||||
|
||||
{ 301, NULL, 0, N_("@Options:\n ") },
|
||||
|
||||
@ -620,6 +622,7 @@ main (int argc, char **argv )
|
||||
switch (pargs.r_opt)
|
||||
{
|
||||
case aGPGConfList: gpgconf_list = 1; break;
|
||||
case aGPGConfTest: gpgconf_list = 2; break;
|
||||
case oBatch: opt.batch=1; break;
|
||||
|
||||
case oDebugWait: debug_wait = pargs.r.ret_int; break;
|
||||
@ -719,6 +722,8 @@ main (int argc, char **argv )
|
||||
log_debug ("... okay\n");
|
||||
}
|
||||
|
||||
if (gpgconf_list == 2)
|
||||
agent_exit (0);
|
||||
if (gpgconf_list)
|
||||
{
|
||||
char *filename;
|
||||
|
11
doc/gpg.texi
11
doc/gpg.texi
@ -365,12 +365,13 @@ those of the given name. The new keyring is written to stdout or to the
|
||||
file given with option @option{--output}. Use together with
|
||||
@option{--armor} to mail those keys.
|
||||
|
||||
@item --send-keys
|
||||
@item --send-keys @code{key IDs}
|
||||
@opindex send-keys
|
||||
Same as @option{--export} but sends the keys to a keyserver. Option
|
||||
@option{--keyserver} must be used to give the name of this
|
||||
keyserver. Don't send your complete keyring to a keyserver --- select
|
||||
only those keys which are new or changed by you.
|
||||
Similar to @option{--export} but sends the keys to a keyserver.
|
||||
Fingerprints may be used instead of key IDs. Option @option{--keyserver}
|
||||
must be used to give the name of this keyserver. Don't send your
|
||||
complete keyring to a keyserver --- select only those keys which are new
|
||||
or changed by you.
|
||||
|
||||
@item --export-secret-keys
|
||||
@itemx --export-secret-subkeys
|
||||
|
@ -490,11 +490,20 @@ certificate.
|
||||
|
||||
@table @gnupgtabopt
|
||||
@item --include-certs @var{n}
|
||||
@opindex include-certs
|
||||
Using @var{n} of -2 includes all certificate except for the root cert,
|
||||
-1 includes all certs, 0 does not include any certs, 1 includes only
|
||||
the signers cert (this is the default) and all other positive
|
||||
values include up to @var{n} certificates starting with the signer cert.
|
||||
|
||||
|
||||
@item --cipher-algo @var{oid}
|
||||
@opindex cipher-algo
|
||||
Use the cipher algorithm with the ASN.1 object identifier @var{oid} for
|
||||
encryption. For convenience the strings @code{3DES}, @code{AES} and
|
||||
@code{AES256} may be used instead of their OIDs. The default is
|
||||
@code{3DES} (1.2.840.113549.3.7).
|
||||
|
||||
@end table
|
||||
|
||||
|
||||
|
@ -1,3 +1,9 @@
|
||||
2006-10-23 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpg.c (main): New command --gpgconf-test.
|
||||
|
||||
* Makefile.am (bzip2_source): New.
|
||||
|
||||
2006-10-20 Werner Koch <wk@g10code.com>
|
||||
|
||||
* getkey.c (classify_user_id): Reserve '&' for search by keygrip.
|
||||
|
@ -33,11 +33,18 @@ needed_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
|
||||
|
||||
bin_PROGRAMS = gpg2 gpgv2
|
||||
|
||||
if ENABLE_BZIP2_SUPPORT
|
||||
bzip2_source = compress-bz2.c
|
||||
else
|
||||
bzip2_source =
|
||||
endif
|
||||
|
||||
|
||||
common_source = \
|
||||
gpg.h \
|
||||
build-packet.c \
|
||||
compress.c \
|
||||
compress-bz2.c \
|
||||
$(bzip2_source) \
|
||||
filter.h \
|
||||
free-packet.c \
|
||||
getkey.c \
|
||||
|
@ -110,6 +110,7 @@ enum cmd_and_opt_values
|
||||
aLSignKey,
|
||||
aListConfig,
|
||||
aGPGConfList,
|
||||
aGPGConfTest,
|
||||
aListPackets,
|
||||
aEditKey,
|
||||
aDeleteKeys,
|
||||
@ -408,6 +409,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
#endif
|
||||
{ aListConfig, "list-config", 256, "@"},
|
||||
{ aGPGConfList, "gpgconf-list", 256, "@" },
|
||||
{ aGPGConfTest, "gpgconf-test", 256, "@" },
|
||||
{ aListPackets, "list-packets",256, "@"},
|
||||
{ aExportOwnerTrust, "export-ownertrust", 256, "@"},
|
||||
{ aImportOwnerTrust, "import-ownertrust", 256, "@"},
|
||||
@ -2026,6 +2028,7 @@ main (int argc, char **argv )
|
||||
case aCheckKeys:
|
||||
case aListConfig:
|
||||
case aGPGConfList:
|
||||
case aGPGConfTest:
|
||||
case aListPackets:
|
||||
case aImport:
|
||||
case aFastImport:
|
||||
@ -3183,7 +3186,7 @@ main (int argc, char **argv )
|
||||
SELinux, this is so that the rings are added to the list of
|
||||
secured files. */
|
||||
if( ALWAYS_ADD_KEYRINGS
|
||||
|| (cmd != aDeArmor && cmd != aEnArmor) )
|
||||
|| (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
|
||||
{
|
||||
if (ALWAYS_ADD_KEYRINGS
|
||||
|| (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
|
||||
@ -3202,6 +3205,9 @@ main (int argc, char **argv )
|
||||
FREE_STRLIST(nrings);
|
||||
FREE_STRLIST(sec_nrings);
|
||||
|
||||
if (cmd == aGPGConfTest)
|
||||
g10_exit(0);
|
||||
|
||||
|
||||
if( pwfd != -1 ) /* Read the passphrase now. */
|
||||
read_passphrase_from_fd( pwfd );
|
||||
|
@ -1,3 +1,8 @@
|
||||
2006-10-20 Werner Koch <wk@g10code.com>
|
||||
|
||||
* Makefile.am: Reporder macros for better readability.
|
||||
(gpg2keys_finger_LDADD): Add GPG_ERROR_LIBS.
|
||||
|
||||
2006-10-19 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* gpgkeys_hkp.c (curl_mrindex_writer): Print a warning if we see
|
||||
|
@ -40,18 +40,17 @@ common_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
|
||||
other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
|
||||
|
||||
gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h no-libgcrypt.c
|
||||
gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h no-libgcrypt.c
|
||||
gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c
|
||||
gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h no-libgcrypt.c
|
||||
|
||||
|
||||
gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS)
|
||||
gpg2keys_ldap_LDADD = $(LDAPLIBS) $(NETLIBS) \
|
||||
$(other_libs)
|
||||
gpg2keys_ldap_LDADD = $(LDAPLIBS) $(NETLIBS) $(other_libs)
|
||||
|
||||
gpg2keys_finger_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) \
|
||||
gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c
|
||||
gpg2keys_ldap_CPPFLAGS = $(AM_CPPFLAGS)
|
||||
gpg2keys_finger_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \
|
||||
$(NETLIBS) $(other_libs)
|
||||
|
||||
|
||||
gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h no-libgcrypt.c
|
||||
gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h no-libgcrypt.c
|
||||
if FAKE_CURL
|
||||
gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h
|
||||
gpg2keys_curl_CPPFLAGS = $(AM_CPPFLAGS)
|
||||
|
@ -1,3 +1,7 @@
|
||||
2006-10-23 Werner Koch <wk@g10code.com>
|
||||
|
||||
* scdaemon.c (main): New command --gpgconf-test.
|
||||
|
||||
2006-10-17 Werner Koch <wk@g10code.com>
|
||||
|
||||
* Makefile.am (scdaemon_LDADD): Link against libcommonpth.
|
||||
|
@ -2712,7 +2712,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
|
||||
general rule for it so we need to decide case by case. */
|
||||
if (app->app_local->card_type == CARD_TYPE_BELPIC)
|
||||
{
|
||||
/* The eID card has a card number printed on the fron matter
|
||||
/* The eID card has a card number printed on the front matter
|
||||
which seems to be a good indication. */
|
||||
unsigned char *buffer;
|
||||
const unsigned char *p;
|
||||
@ -2938,7 +2938,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
|
||||
|
||||
/* Due to the fact that the non-repudiation signature on a BELPIC
|
||||
card requires a ver verify immediately before the DSO we set the
|
||||
card requires a verify immediately before the DSO we set the
|
||||
MSE before we do the verification. Other cards might allow to do
|
||||
this also but I don't want to break anything, thus we do it only
|
||||
for the BELPIC card here. */
|
||||
|
@ -63,6 +63,7 @@ enum cmd_and_opt_values
|
||||
|
||||
oNoVerbose = 500,
|
||||
aGPGConfList,
|
||||
aGPGConfTest,
|
||||
oOptions,
|
||||
oDebug,
|
||||
oDebugAll,
|
||||
@ -97,6 +98,7 @@ enum cmd_and_opt_values
|
||||
static ARGPARSE_OPTS opts[] = {
|
||||
|
||||
{ aGPGConfList, "gpgconf-list", 256, "@" },
|
||||
{ aGPGConfTest, "gpgconf-test", 256, "@" },
|
||||
|
||||
{ 301, NULL, 0, N_("@Options:\n ") },
|
||||
|
||||
@ -450,6 +452,7 @@ main (int argc, char **argv )
|
||||
switch (pargs.r_opt)
|
||||
{
|
||||
case aGPGConfList: gpgconf_list = 1; break;
|
||||
case aGPGConfTest: gpgconf_list = 2; break;
|
||||
case oQuiet: opt.quiet = 1; break;
|
||||
case oVerbose: opt.verbose++; break;
|
||||
case oBatch: opt.batch=1; break;
|
||||
@ -552,6 +555,8 @@ main (int argc, char **argv )
|
||||
log_debug ("... okay\n");
|
||||
}
|
||||
|
||||
if (gpgconf_list == 2)
|
||||
scd_exit (0);
|
||||
if (gpgconf_list)
|
||||
{
|
||||
/* List options and default values in the GPG Conf format. */
|
||||
|
@ -1,3 +1,8 @@
|
||||
2006-10-23 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpgsm.c (main): Remap common cipher algo names to their OIDs.
|
||||
(main): New command --gpgconf-test.
|
||||
|
||||
2006-10-20 Werner Koch <wk@g10code.com>
|
||||
|
||||
* keydb.c (classify_user_id): Parse keygrip for the '&' identifier.
|
||||
|
27
sm/gpgsm.c
27
sm/gpgsm.c
@ -90,6 +90,7 @@ enum cmd_and_opt_values {
|
||||
aCallProtectTool,
|
||||
aPasswd,
|
||||
aGPGConfList,
|
||||
aGPGConfTest,
|
||||
aDumpKeys,
|
||||
aDumpChain,
|
||||
aDumpSecretKeys,
|
||||
@ -265,6 +266,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
N_("invoke gpg-protect-tool")},
|
||||
{ aPasswd, "passwd", 256, N_("change a passphrase")},
|
||||
{ aGPGConfList, "gpgconf-list", 256, "@" },
|
||||
{ aGPGConfTest, "gpgconf-test", 256, "@" },
|
||||
|
||||
{ aDumpKeys, "dump-cert", 256, "@"},
|
||||
{ aDumpKeys, "dump-keys", 256, "@"},
|
||||
@ -781,7 +783,7 @@ main ( int argc, char **argv)
|
||||
create_dotlock (NULL); /* register locking cleanup */
|
||||
i18n_init();
|
||||
|
||||
opt.def_cipher_algoid = "1.2.840.113549.3.7"; /*des-EDE3-CBC*/
|
||||
opt.def_cipher_algoid = "3DES"; /*des-EDE3-CBC*/
|
||||
|
||||
opt.homedir = default_homedir ();
|
||||
#ifdef HAVE_W32_SYSTEM
|
||||
@ -880,6 +882,7 @@ main ( int argc, char **argv)
|
||||
switch (pargs.r_opt)
|
||||
{
|
||||
case aGPGConfList:
|
||||
case aGPGConfTest:
|
||||
set_cmd (&cmd, pargs.r_opt);
|
||||
do_not_setup_keys = 1;
|
||||
nogreeting = 1;
|
||||
@ -1265,7 +1268,20 @@ main ( int argc, char **argv)
|
||||
}
|
||||
|
||||
/* Must do this after dropping setuid, because the mapping functions
|
||||
may try to load an module and we may have disabled an algorithm. */
|
||||
may try to load an module and we may have disabled an algorithm.
|
||||
We remap the commonly used algorithms to the OIDs for
|
||||
convenience. We need to work with the OIDs because they are used
|
||||
to check whether the encryption mode is actually available. */
|
||||
if (!strcmp (opt.def_cipher_algoid, "3DES") )
|
||||
opt.def_cipher_algoid = "1.2.840.113549.3.7";
|
||||
else if (!strcmp (opt.def_cipher_algoid, "AES")
|
||||
|| !strcmp (opt.def_cipher_algoid, "AES128"))
|
||||
opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.2";
|
||||
else if (!strcmp (opt.def_cipher_algoid, "AES256") )
|
||||
opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.42";
|
||||
|
||||
if (cmd != aGPGConfList)
|
||||
{
|
||||
if ( !gcry_cipher_map_name (opt.def_cipher_algoid)
|
||||
|| !gcry_cipher_mode_from_oid (opt.def_cipher_algoid))
|
||||
log_error (_("selected cipher algorithm is invalid\n"));
|
||||
@ -1278,6 +1294,7 @@ main ( int argc, char **argv)
|
||||
if (our_md_test_algo(opt.def_digest_algo) )
|
||||
log_error (_("selected digest algorithm is invalid\n"));
|
||||
}
|
||||
}
|
||||
|
||||
if (log_get_errorcount(0))
|
||||
gpgsm_exit(2);
|
||||
@ -1411,9 +1428,15 @@ main ( int argc, char **argv)
|
||||
GC_OPT_FLAG_NONE );
|
||||
printf ("prefer-system-dirmngr:%lu:\n",
|
||||
GC_OPT_FLAG_NONE );
|
||||
printf ("cipher-algo:%lu:\"3DES:\n",
|
||||
GC_OPT_FLAG_DEFAULT );
|
||||
|
||||
}
|
||||
break;
|
||||
case aGPGConfTest:
|
||||
/* This is merely a dummy command to test whether the
|
||||
configuration file is valid. */
|
||||
break;
|
||||
|
||||
case aServer:
|
||||
if (debug_wait)
|
||||
|
@ -1,3 +1,11 @@
|
||||
2006-10-23 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpgconf-comp.c <gpgsm>: Add --cipher-algo.
|
||||
|
||||
2006-10-20 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpgsm-gencert.sh: Enhanced the main menu.
|
||||
|
||||
2006-10-12 Werner Koch <wk@g10code.com>
|
||||
|
||||
* Makefile.am (gpg-zip, gpgsplit): Do not install due to a
|
||||
|
@ -676,6 +676,9 @@ static gc_option_t gc_options_gpgsm[] =
|
||||
{ "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
||||
"gnupg", "fetch missing issuer certificates",
|
||||
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
|
||||
{ "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
|
||||
"gnupg", "|NAME|use cipher algorithm NAME",
|
||||
GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
|
||||
|
||||
GC_OPTION_NULL
|
||||
};
|
||||
|
@ -84,28 +84,52 @@ query_user_menu()
|
||||
echo "You selected: $ANSWER" >&2
|
||||
}
|
||||
|
||||
query_user_menu "Key type" "RSA" "existing key" "OPENPGP.1" "OPENPGP.3"
|
||||
case "$ANSWER" in
|
||||
|
||||
|
||||
KEY_TYPE=""
|
||||
while [ -z "$KEY_TYPE" ]; do
|
||||
query_user_menu "Key type" "RSA" "Existing key" "Direct from card"
|
||||
case "$ANSWER" in
|
||||
RSA)
|
||||
KEY_TYPE=$ANSWER
|
||||
query_user_menu "Key length" "1024" "2048"
|
||||
KEY_LENGTH=$ANSWER
|
||||
KEY_GRIP=
|
||||
;;
|
||||
existing*)
|
||||
Existing*)
|
||||
# User requested to use an existing key; need to set some dummy defaults
|
||||
query_user "Keygrip "
|
||||
if [ -n "$ANSWER" ]; then
|
||||
KEY_TYPE=RSA
|
||||
KEY_LENGTH=1024
|
||||
query_user "Keygrip "
|
||||
KEY_GRIP=$ANSWER
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
Direct*)
|
||||
tmp=$(echo 'SCD SERIALNO' | gpg-connect-agent | \
|
||||
awk '$2 == "SERIALNO" {print $3}')
|
||||
if [ -z "$tmp" ]; then
|
||||
echo "No card found" >&2
|
||||
else
|
||||
echo "Card with S/N $tmp found" >&2
|
||||
tmp=$(echo 'SCD LEARN --force' | gpg-connect-agent | \
|
||||
awk '$2 == "KEYPAIRINFO" {printf " %s", $4}')
|
||||
sshid=$(echo 'SCD GETATTR $AUTHKEYID' | gpg-connect-agent | \
|
||||
awk '$2 == "$AUTHKEYID" {print $3}')
|
||||
[ -n "$sshid" ] && echo "gpg-agent uses $sshid as ssh key" >&2
|
||||
query_user_menu "Select key " $tmp "back"
|
||||
if [ "$ANSWER" != "back" ]; then
|
||||
KEY_TYPE="card:$ANSWER"
|
||||
KEY_LENGTH=
|
||||
KEY_GRIP=
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
*)
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
query_user_menu "Key usage" "sign, encrypt" "sign" "encrypt"
|
||||
KEY_USAGE=$ANSWER
|
||||
|
Loading…
x
Reference in New Issue
Block a user