mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
agent: Re-introduce --enable-extended-key-format.
* agent/gpg-agent.c (oEnableExtendedKeyFormat): Re-introduce. (parse_rereadable_options): Handle it in a special way. * agent/protect.c (agent_protect): Be safe and set use_ocb only to 1 or 0. * tools/gpgconf-comp.c: Add --enable-extended-key-format again. -- This is required for backward compatible with profiles. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
72feb8fa82
commit
91ae3e7fb6
@ -124,7 +124,11 @@ struct
|
|||||||
passphrase change. */
|
passphrase change. */
|
||||||
int enable_passphrase_history;
|
int enable_passphrase_history;
|
||||||
|
|
||||||
/* If set the extended key format is used for new keys. */
|
/* If set the extended key format is used for new keys. Note that
|
||||||
|
* this may vave the value 2 in which case
|
||||||
|
* --disable-extended-key-format won't have any effect and thus
|
||||||
|
* effectivley locking it. This is required to support existing
|
||||||
|
* profiles which lock the use of --enable-extended-key-format. */
|
||||||
int enable_extended_key_format;
|
int enable_extended_key_format;
|
||||||
|
|
||||||
int running_detached; /* We are running detached from the tty. */
|
int running_detached; /* We are running detached from the tty. */
|
||||||
|
@ -113,6 +113,7 @@ enum cmd_and_opt_values
|
|||||||
oMaxPassphraseDays,
|
oMaxPassphraseDays,
|
||||||
oEnablePassphraseHistory,
|
oEnablePassphraseHistory,
|
||||||
oDisableExtendedKeyFormat,
|
oDisableExtendedKeyFormat,
|
||||||
|
oEnableExtendedKeyFormat,
|
||||||
oUseStandardSocket,
|
oUseStandardSocket,
|
||||||
oNoUseStandardSocket,
|
oNoUseStandardSocket,
|
||||||
oExtraSocket,
|
oExtraSocket,
|
||||||
@ -254,6 +255,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
#endif
|
#endif
|
||||||
),
|
),
|
||||||
ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"),
|
ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"),
|
||||||
|
ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
|
||||||
|
|
||||||
ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
|
ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
|
||||||
ARGPARSE_s_u (oS2KCalibration, "s2k-calibration", "@"),
|
ARGPARSE_s_u (oS2KCalibration, "s2k-calibration", "@"),
|
||||||
@ -268,7 +270,6 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"),
|
ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"),
|
||||||
|
|
||||||
/* Dummy options. */
|
/* Dummy options. */
|
||||||
ARGPARSE_s_n (oNoop, "enable-extended-key-format", "@"),
|
|
||||||
|
|
||||||
|
|
||||||
ARGPARSE_end () /* End of list */
|
ARGPARSE_end () /* End of list */
|
||||||
@ -906,7 +907,13 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
|||||||
opt.enable_passphrase_history = 1;
|
opt.enable_passphrase_history = 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case oDisableExtendedKeyFormat: opt.enable_extended_key_format = 0; break;
|
case oEnableExtendedKeyFormat:
|
||||||
|
opt.enable_extended_key_format = 2;
|
||||||
|
break;
|
||||||
|
case oDisableExtendedKeyFormat:
|
||||||
|
if (opt.enable_extended_key_format != 2)
|
||||||
|
opt.enable_extended_key_format = 0;
|
||||||
|
break;
|
||||||
|
|
||||||
case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
|
case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
|
||||||
|
|
||||||
|
@ -623,7 +623,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
|
|||||||
int have_curve = 0;
|
int have_curve = 0;
|
||||||
|
|
||||||
if (use_ocb == -1)
|
if (use_ocb == -1)
|
||||||
use_ocb = opt.enable_extended_key_format;
|
use_ocb = !!opt.enable_extended_key_format;
|
||||||
|
|
||||||
/* Create an S-expression with the protected-at timestamp. */
|
/* Create an S-expression with the protected-at timestamp. */
|
||||||
memcpy (timestamp_exp, "(12:protected-at15:", 19);
|
memcpy (timestamp_exp, "(12:protected-at15:", 19);
|
||||||
|
@ -585,16 +585,19 @@ local gpg-agent and use its private keys. This enables decrypting or
|
|||||||
signing data on a remote machine without exposing the private keys to the
|
signing data on a remote machine without exposing the private keys to the
|
||||||
remote machine.
|
remote machine.
|
||||||
|
|
||||||
@item --disable-extended-key-format
|
@item --enable-extended-key-format
|
||||||
|
@itemx --disable-extended-key-format
|
||||||
|
@opindex enable-extended-key-format
|
||||||
@opindex disable-extended-key-format
|
@opindex disable-extended-key-format
|
||||||
Since version 2.3 keys are created in the extended private key format.
|
Since version 2.3 keys are created in the extended private key format.
|
||||||
Changing the passphrase of a key will also convert the key to that new
|
Changing the passphrase of a key will also convert the key to that new
|
||||||
format. This new key format is supported since GnuPG version 2.1.12
|
format. This new key format is supported since GnuPG version 2.1.12
|
||||||
and thus there should be no need to disable it. However, this options
|
and thus there should be no need to disable it. The disable option
|
||||||
allows to revert to the old behaviour for new keys; be aware that keys
|
allows to revert to the old behavior for new keys; be aware that keys
|
||||||
are never migrated back to the old format. The advantage of the
|
are never migrated back to the old format. However if the enable
|
||||||
extended private key format is that it is text based and can carry
|
option has been used the disable option won't have an effect. The
|
||||||
additional meta data.
|
advantage of the extended private key format is that it is text based
|
||||||
|
and can carry additional meta data.
|
||||||
|
|
||||||
@anchor{option --enable-ssh-support}
|
@anchor{option --enable-ssh-support}
|
||||||
@item --enable-ssh-support
|
@item --enable-ssh-support
|
||||||
|
@ -508,6 +508,9 @@ static gc_option_t gc_options_gpg_agent[] =
|
|||||||
{ "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
{ "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
||||||
"gnupg", "enable putty support",
|
"gnupg", "enable putty support",
|
||||||
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
|
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
|
||||||
|
{ "enable-extended-key-format", GC_OPT_FLAG_RUNTIME, GC_LEVEL_INVISIBLE,
|
||||||
|
NULL, NULL,
|
||||||
|
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
|
||||||
|
|
||||||
{ "Debug",
|
{ "Debug",
|
||||||
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
|
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user