1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

391 Commits

Author SHA1 Message Date
NIIBE Yutaka
6022f10da3
gpg: Robust error handling for SCD READKEY.
* g10/keygen.c (ask_algo): List the card key only when it's valid.

--

GnuPG-bug-id: 7309
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-08 08:42:03 +01:00
Werner Koch
794950ec75
gpg: Allow the use of an ADSK subkey as ADSK subkey.
* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.
--

If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage.  However, it used to have that E usage when it was added.

While testing this I found another pecularity: If you do
  gpg -k ADSK_SUBKEY_FPR
without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error.  I hesitate to fix that due to
possible side-effects.

GnuPG-bug-id: 6882
2024-10-31 15:13:49 +01:00
Werner Koch
a8b503c42b
gpg: Emit status error for an invalid ADSK.
* g10/keygen.c (prepare_adsk): Emit status error.
--

This is useful for GPGME.

GnuPG-bug-id: 7322
2024-10-07 08:25:56 +02:00
Werner Koch
ce75af47eb
gpg: Add magic parameter "default" to --quick-add-adsk.
* g10/getkey.c (has_key_with_fingerprint): New.
* g10/keyedit.c (menu_addadsk): Replace code by new function.
(keyedit_quick_addadsk): Handle magic arg "default".
* g10/keygen.c (append_all_default_adsks): New.
--

GnuPG-bug-id: 6882
(cherry picked from commit 77afc9ee1c75a28083edf6d98888f9b472c3e39d)
2024-07-01 15:07:03 +02:00
Werner Koch
222045d850
gpg: Print designated revokers also in a standard listing.
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--

Designated revokers were only printed in --with-colons mode.  For
quick inspection of a key it is useful to see them right away.

(cherry picked from commit 9d618d1273120ca2cca97028730352768b0c1897)
2024-07-01 15:01:50 +02:00
Werner Koch
330354972a
gpg: Autoload designated revoker key and ADSK when needed.
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--

The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.

GnuPG-bug-id: 7133
(cherry picked from commit 465ea9116d1f9467814143ed35b515034a849e86)
2024-07-01 15:01:14 +02:00
Werner Koch
c6cecbd89a
gpg: New option --default-new-key-adsk.
* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new.  Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--

GnuPG-bug-id: 6882
(cherry picked from commit ed118e2ed521d82c1be7765a0a19d5b4f19afe10)
2024-07-01 15:00:16 +02:00
Werner Koch
234e9db3c3
gpg: Avoid a double free on error in the key generation.
* g10/keygen.c (card_store_key_with_backup): Avoid double free and
simplify error handling.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit bcc002cd45d1c6bd51c2b2093f92d396970c082e)
2024-05-29 11:46:48 +02:00
Werner Koch
0b1f7427b3
gpg: Do not allow to accidently set the RENC usage.
* g10/keygen.c (print_key_flags): Print "RENC" if set.
(ask_key_flags_with_mask): Remove RENC from the possible set of
usages.  Add a direct way to set it iff the key is encryption capable.
--

This could be done by using "set your own capabilities" for an RSA
key.  In fact it was always set in this case.

GnuPG-bug-id: 7072
2024-04-04 16:39:14 +02:00
Werner Koch
ead2982286
gpg: Use ephemeral mode for generating card keys.
* g10/call-agent.c (agent_set_ephemeral_mode): New.
* g10/keyedit.c (keyedit_menu) <bkuptocard>: Switch to ephemeral mode.
* g10/keygen.c (do_generate_keypair): Switch to ephemeral mode for
card keys with backup.
--

GnuPG-bug-id: 6944
2024-01-22 16:52:22 +01:00
Werner Koch
ee56f71c8a
gpg: Add a communication object to the key generation code.
* g10/keygen.c (struct common_gen_cb_parm_s): New.
(common_gen): Add args common_gen_cb and common_gen_cb_parm.  Adjust
all callers.
(do_generate_keypair): Clarify the code by using a better var name.
--

We may eventually also replace the long arg list with that object.
The immediate reason for this change is the followup commit.
2024-01-22 10:16:03 +01:00
Werner Koch
5402e6fb93
gpg: For v5 key generation for X448 also in parm file mode.
* g10/keygen.c (curve_is_448): New.
(do_create_from_keygrip): Pass arg keygen_flags byref so that it can
be updated.  Set v5 flag for X448.
(gen_ecc): Ditto.
(do_create): Change keygen_flags as above.  For robustness change
checking for Ed448.
(do_generate_keypair): Change keygen_flags as above
(generate_subkeypair): Ditto.
(gen_card_key): Ditto. Support v5 keys.
--

GnuPG-bug-id: 6942
2024-01-16 14:32:04 +01:00
Werner Koch
1a2c8267f5
gpg: When using a parm file w/o usage don't set the RENC usage.
* g10/keygen.c (proc_parameter_file): Don't include RENC in the
default usage.
--

Testplan:

  $ gpg --gen-key --batch <<EOF
  Key-Type: EDDSA
  Key-Curve: ed448
  Key-Usage: cert
  Name-Real: Meh Muh
  Name-Email: test-3@example.org
  Expire-Date: 2025-01-01
  Passphrase: abc
  subkey-type: ecdh
  Subkey-curve: cv448
  EOF

and check that the R flag does not show up in the usage.
2024-01-16 14:02:42 +01:00
Werner Koch
8dfbad0c41
gpg: Fix regression in the Revoker keyword of the parmeter file.
* g10/keygen.c (parse_revocation_key): Actually allow for v4
fingerprints.
--

Note that the use of the parameter file is deprecated.

GnuPG-bug-id: 6923
2024-01-11 09:08:54 +01:00
Werner Koch
95b9a31f81
gpg: Fix minor memory leak during certain smartcard operations.
* g10/keygen.c (card_store_key_with_backup): Fix memory leak on error.
2023-10-27 14:20:47 +02:00
Werner Koch
a4fe307b55
gpg: Allow expiration time after 2038-01-19 on 32 bit Windows.
* g10/keygen.c (parse_expire_string_with_ct): Use isotime2epoch_u64.
(parse_creation_string): Ditto.
--

GnuPG-bug-id: 6736
2023-10-26 12:45:50 +02:00
Werner Koch
606933dfb4
gpg: Allow to specify seconds since Epoch beyond 2038.
* g10/keygen.c (parse_expire_string_with_ct): Use new function
scan_secondsstr.
(parse_creation_string): Ditto.
--

Noet that we cap the seconds at the year 2106.

GnuPG-bug-id: 6736
2023-10-14 17:23:42 +02:00
NIIBE Yutaka
96b69c1866
gpg: Add support for Subkey-Expire-Date.
* g10/keygen.c (enum para_name): Add pSUBKEYEXPIREDATE.
(proc_parameter_file): Add support for pSUBKEYEXPIREDATE.
(read_parameter_file): Add "Subkey-Expire-Date".

--

Cherry-pick from master commit of:
	23bcb78d279ebc81ec9340356401d19cf89985f1

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-25 11:15:22 +09:00
NIIBE Yutaka
2258bcded6
gpg: Fix expiration time when Creation-Date is specified.
* g10/keygen.c (parse_expire_string_with_ct): New function, optionally
supply the creation time.
(parse_expire_string): Use parse_expire_string_with_ct with no
creation time.
(proc_parameter_file): Use parse_expire_string_with_ct possibly with
the creation time.

--

Cherry-pick from master commit of:
	b07b5144ff6a9208ea27fe1e1518270bd22b382c

GnuPG-bug-id: 5252
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-25 11:14:43 +09:00
Werner Koch
baa8883215
gpg: Set default expiration date to 3 years.
* g10/keygen.c (default_expiration_interval): Change.
--

This is a revision of
GnuPG-bug-id: 2701
2023-06-05 15:07:22 +02:00
Werner Koch
c03ba92576
gpg: Fix writing ECDH keys to OpenPGP smartcards.
* agent/command.c (cmd_keytocard): Add new arg for ECDH params.
* scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to
compute the fingerprint.
* g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str.
* g10/keyid.c (ecdh_param_str_from_pk): New.
* g10/card-util.c (card_store_subkey): Pass ECDH params to writekey.
* g10/keygen.c (card_store_key_with_backup): Ditto.

* scd/app-openpgp.c (store_fpr): Add arg update.
(rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid
writing the fingerprint back to the card if not set.
(read_public_key): Also add arg meta_update.
(get_public_key): Do not pass it as true here...
(do_genkey): ... but here.
(rsa_write_key, ecc_writekey): Force string the fingerprint.
--

The problem showed up because in 2.4 we changed the standard ECDH
parameter some years ago.  Now when trying to write an ECDH key
created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong
fingerprint and thus gpg was not able to find the key again by
fingerprint.

The patch also avoids updating the stored fingerprint in certain
situations.

This fix is somewhat related to
GnuPG-bug-id: 6378
2023-04-21 15:23:29 +02:00
Werner Koch
3a18378a92
gpg: Allow adding of Additional Decryption Subkeys.
* g10/free-packet.c (copy_public_key): Factor some code out to ...
(copy_public_key_basics): new.
* g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints.
* g10/packet.h (PUBKEY_USAGE_RENC): Fix value.
(SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c.
(SIGNHINT_ADSK): New.
(PKT_public_key): Change pubkey_usage from byte to u16.
(PKT_user_id): Cosmetic fix: change help_key_usage from int to u16.
* g10/getkey.c (parse_key_usage): Make public.
* g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in
account.
* g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK.
(make_keysig_packet): Ditto.
(do_sign): No time warp check in ADSK mode.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/keygen.c (struct opaque_data_usage_and_pk): Remove.
(write_keybinding): Do not use the removed struct.
(do_add_key_flags): Support PUBKEY_USAGE_RENC and others.
(keygen_add_key_flags_and_expire): Rewrite and make public.
* g10/keyedit.c (enum cmdids): Add cmdADDADSK.
(keyedit_menu): Add command "addadsk".
(menu_addadsk): New.
--

This makes use of a new encryption flag:

  The "restricted encryption key" (2nd,0x04) does not take part in any
  automatic selection of encryption keys.  It is only found on a
  subkey signature (type 0x18), one that refers to the key the flag
  applies to.

Followup patches will add encryption support and a --quick command.

GnuPG-bug-id: 6395
2023-03-01 17:22:20 +01:00
Werner Koch
3d094e2bcf
gpg: New option --add-desig-revoker
* g10/gpg.c (oAddDesigRevoker): New.
(opts): Add new option.
* g10/options.h (opt): Add field desig_revokers.
* g10/keygen.c (get_parameter_idx): New.
(get_parameter): Make use of get_parameter_idx.
(prepare_desig_revoker): New.
(get_parameter_revkey): Add arg idx.
(proc_parameter_file): Add designated revokers.
(do_generate_keypair): Write all designated revokers.
2023-02-16 18:10:03 +01:00
Werner Koch
1a85ee9a43
gpg: New export option "mode1003".
* agent/command.c (cmd_export_key): Add option --mode1003.
(command_has_option): Ditto.
* g10/build-packet.c (do_key): Implement mode 1003.
* g10/parse-packet.c (parse_key): Ditto.
* g10/options.h (EXPORT_MODE1003): New.o
* g10/call-agent.c (agent_export_key): Add arg mode1003.
* g10/export.c (parse_export_options): Add "mode1003"
(secret_key_to_mode1003): New.
(receive_seckey_from_agent): Add arg mode1003.
(do_export_one_keyblock): Pass option down.
--

This option allows to export a secret key in GnuPG's native format.
Thus no re-encryption is required and further the public key parameters
are also authenticated if a protection passphrase has been used.

Note that --import is not yet able to handle this new mode.  Although
old version of GnuPG will bail out with "invalid packet" if a mode1003
exported secret key is seen.
2022-12-02 10:09:58 +01:00
Werner Koch
1d88e14de7
gpg: Remove a mostly duplicated function.
* g10/export.c (receive_seckey_from_agent): Add arg r_key.
(do_export_one_keyblock): Pass NULL for new arg.
(receive_raw_seckey_from_agent): Remove.
(export_secret_ssh_key): Use receive_seckey_from_agent.
* g10/keygen.c (card_store_key_with_backup): Pass NULL for new arg.
2022-12-02 10:09:58 +01:00
Werner Koch
4583f4fe2e
gpg: Merge --rfc4880bis features into --gnupg
* g10/gpg.c (oRFC4880bis): Remove.
(opts): Make --rfc4880bis a Noop.
(compliance_options): Make rfc4880bis to gnupg.
(set_compliance_option): Remove rfc4880bis stuff.
(main): Ditto.  Note that this now activates the --mimemode option.
* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection.
(keygen_upd_std_prefs): Always announce support for v5 keys.
(read_parameter_file): Activate the v4 and v5 keywords.
--
2022-10-31 16:14:18 +01:00
Werner Koch
5a2cef801d
gpg: Allow only OCB for AEAD encryption.
* g10/gpg.c (opts): New option--force-ocb as alias for force-aead.
Turn --aead-algo and --personal-aead-preferences into dummy options.
(build_list_md_test_algo, build_list_aead_algo_name): Remove.
(my_strusage): Remove output of AEAD algos.
(main): Remove code from the --aead options.
* g10/encrypt.c (encrypt_seskey): Make file local.
(use_aead): Remove requirement for rfc4880bis.  Always return
AEAD_ALGO_OCB.
* g10/main.h (DEFAULT_AEAD_ALGO): Removed unused macro.
* g10/misc.c (default_aead_algo): Remove.
* g10/pkclist.c (select_aead_from_pklist): Return AEAD_ALGO_OCB or 0.
(select_algo_from_prefs): Remove personal AEAD algo setting.
* g10/keygen.c (keygen_set_std_prefs): Remove AEAD preference option
parsing.
* g10/options.h (opt): Remove def_aead_algo and personal_aead_prefs.
--

Due to the meanwhile expired patent on OCB there is no more reason for
using EAX.  Thus we forcefully use OCB if the AEAD feature flag is set
on a key.
2022-10-31 15:51:21 +01:00
NIIBE Yutaka
87d4338ed1
gpg,common,scd,sm: Function prototype fixes for modern compiler.
* common/gettime.c (gnupg_get_time): It has no arguments.
* common/signal.c (gnupg_block_all_signals): Likewise.
(gnupg_unblock_all_signals): Likewise.
* common/utf8conv.c (get_native_charset): Likewise.
* g10/cpr.c (is_status_enabled, cpr_enabled): Likewise.
* g10/getkey.c (getkey_disable_caches): Likewise.
* g10/keygen.c (ask_expiredate): Likewise.
* g10/passphrase.c (have_static_passphrase): Likewise.
(get_last_passphrase): Likewise.
* g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise.
(tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise.
(tdbio_read_nextcheck): Likewise.
* g10/trustdb.c (how_to_fix_the_trustdb): Likewise.
* scd/scdaemon.c (scd_get_socket_name): Likewise.
* sm/passphrase.c (have_static_passphrase): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-13 16:34:00 +09:00
Werner Koch
0988e49c45
gpg: Support key flags for RENC, TIME, and GROUP.
* g10/packet.h (PUBKEY_USAGE_RENC): New.
(PUBKEY_USAGE_TIME): New.
(PUBKEY_USAGE_GROUP): New.
* g10/getkey.c (parse_key_usage): Set the new key flags.
* g10/keyedit.c (show_key_with_all_names_colon): Show the new key
flags.
* g10/keyid.c (usagestr_from_pk): Ditto
* g10/keylist.c (print_capabilities): Ditto.
* g10/keygen.c (parse_usagestr): Parse line and set new flags.
(quickgen_set_para): Show flags.
--

See draft-koch-openpgp-2015-rfc4880bis-00 for the current version.
Actually these flags have been in the draft for years now.  This patch
is a first step to make use of them.
2022-09-07 11:54:23 +02:00
Werner Koch
1908fa8b83
gpg: Improve --edit-key setpref.
* g10/keygen.c (keygen_set_std_prefs): Allow extra spaces before
preference elements.  Detect the bracketed versions of the strings.
Ignore "aead".
--

This allows to c+p the list shown by pref with out remove the
brackets.
2022-08-12 11:46:30 +02:00
Jakub Jelen
4dbef2addc keygen: Fix reading AEAD preference
* g10/keygen.c (keygen_set_std_prefs): Use the right variable when
  reading AEAD preference string
--

GnuPG-bug-id: 6019
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-06-14 15:37:15 +09:00
Werner Koch
8945f1aedf
gpg: Remove restrictions for the name part of a user-id.
* g10/keygen.c (ask_user_id): Allow for the name to start with a
digit.  Allow names shorter than 5.
--

The reason for this change is that we don't enforce these constraints
in the --quick-gen-key interface.  I added the constraints right in the
beginning of gnupg to make sure that we have a uniform style for
user-ids.  However, this is all problematic with non-Latin names
and we prefer to use mail addresses anyway.
2022-04-08 16:03:12 +02:00
Werner Koch
253fcb9777
gpg: Remove EAX from the preference list.
* g10/gpg.c (main): Remove note about rfc4880bis.
* g10/keygen.c (keygen_set_std_prefs): Use only OCB in the AEAD
preference list.
--

It is more than unlikely that EAX will ever be used in practice and
thus we remove it from the preference list.
2022-03-28 15:25:55 +02:00
NIIBE Yutaka
4aeeaa65ad gpg: Fix adding the list of ultimate trusted keys.
* g10/keygen.c (do_generate_keypair): Remove another call to
update_ownertrust.
* g10/trust.c (update_ownertrust): Add call to tdb_update_utk.
* g10/trustdb.c (tdb_update_utk): New.
* g10/trustdb.h (tdb_update_utk): New.

--

GnuPG-bug-id: 5742
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-01-12 13:34:31 +09:00
Ingo Klöcker
b66854ac93 gpg: Report failed generation of subkey pair via status interface
* g10/keygen.c (generate_subkeypair): On error, write error and
"key not created" message to status interface.
--

This change allows users of the status/command interface to detect
errors when adding a subkey to a key. Similar status messages are
output by do_generate_keypair.

GnuPG-bug-id: 5771
2022-01-11 10:12:07 +01:00
Ingo Klöcker
19b1a28621 gpg: Request keygrip of key to add via command interface
* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
* doc/help.txt (gpg.keygen.keygrip): New help text.
--

This change makes it possible to add an existing (sub)key to
another key via the status/command interface.

GnuPG-bug-id: 5771
2022-01-11 10:12:07 +01:00
Werner Koch
6105287252
gpg: Correctly set the ownertrust for a new key.
* g10/keygen.c (do_generate_keypair): Use update_ownertrust.
--

GnuPG-bug-id: 5742
2021-12-20 22:03:03 +01:00
Jakub Jelen
d24c5df52b gpg: Avoid uninitialized revkey.fprlen.
* g10/keygen.c (parse_revocation_key): Store the fingerprint length in
created structure.

--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-12 15:36:19 +09:00
NIIBE Yutaka
86cb04a23d gpg: Ed448 and X448 are only for v5 (for subkey).
* g10/keygen.c (generate_subkeypair): Specify
KEYGEN_FLAG_CREATE_V5_KEY for Ed448 or X448 key.

--

Reported-by: William Holmes
Fixes-commit: 36355394d865f5760075e62267d70f7a7d5dd671
GnuPG-bug-id: 5609
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-09-29 09:56:58 +09:00
NIIBE Yutaka
2b50f94267 gpg: Ed448 and X448 are only for v5 for --full-gen-key.
* g10/keygen.c (generate_keypair): Set pVERSION = 5, pSUBVERSION = 5,
when it's Ed448 or X448.

--

Fixes-commit: 36355394d865f5760075e62267d70f7a7d5dd671
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-27 17:03:49 +09:00
Jakub Jelen
fa0771f609
g10: Avoid memory leaks
* g10/call-agent.c (card_keyinfo_cb): free keyinfo.  Restructure to
avoid backward gotos.
* g10/keyedit.c (menu_set_keyserver_url): properly enclose the block
* g10/keygen.c (gen_card_key): free pk and pkt

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393

Additional changes:
- Restructure to avoid backward gotos.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-20 14:42:29 +02:00
Jakub Jelen
2af7bb2295
g10: Fix memory leaks
* g10/card-util.c (change_pin): free answer on errors
  (ask_card_keyattr): free answer on error
* g10/cpr.c (do_get_from_fd): free string
* g10/gpg.c (check_permissions): free dir on weird error
* g10/import.c (append_new_uid): release knode
* g10/keyedit.c (menu_set_keyserver_url): free answer
  (menu_set_keyserver_url): free user
* g10/keygen.c (print_status_key_not_created): move allocation after
  sanity check
  (ask_expire_interval): free answer
  (card_store_key_with_backup): goto leave instaed of return
* g10/keyserver.c (parse_keyserver_uri): goto fail instead of return
* g10/revoke.c (gen_desig_revoke): release kdbhd
  (gen_desig_revoke): free answer
* g10/tofu.c (ask_about_binding): free sqerr and response
* g10/trustdb.c (ask_ownertrust): free pk

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Further changes:

* g10/card-util.c (change_pin): Do not set answer to NULL.
* g10/keyedit.c(menu_set_keyserver_url): Use !func() pattern.

Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5393
2021-05-20 13:38:39 +02:00
Werner Koch
3cbc66410d
gpg: Replace an obsolete trustdb function.
* g10/trustdb.c (tdb_register_trusted_keyid): Make static.
(tdb_register_trusted_key): Replace register_trusted_keyid by
tdb_register_trusted_key.
* g10/keygen.c (do_generate_keypair): Ditto.
* g10/trust.c (register_trusted_keyid): Remove.
2021-04-23 20:45:25 +02:00
NIIBE Yutaka
36355394d8 gpg: Ed448 and X448 are only for v5.
* g10/keygen.c (parse_key_parameter_part): Generate with version 5
packet, when it's Ed448 or X448.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-04-08 16:49:20 +09:00
Werner Koch
1523b5f76f
gpg: New option --no-auto-trust-new-key.
* g10/gpg.c (oNoAutoTrustNewKey): New.
(opts): Add --no-auto-trust-new-key.
(main): Set it.
* g10/options.h (opt): Add flags.no_auto_trust_new_key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-15 10:47:19 +01:00
Ingo Klöcker
255d33d651 gpg: Make quick-gen-key with algo "card" work for keys without keytime
* g10/keygen.c (quick_generate_keypair): Set pCARDKEY flag if algostr
is "card" or "card/...".
--

For keys stored on NetKey cards or PIV cards we do not necessarily
know the creation time. Therefore set the cardkey flag if the generation
of a key from the keys available on the currently inserted smartcard
is requested with the special algo "card" or, in case of the extended
unattended mode, with an algo like "card/sign".

GnuPG-bug-id: 5141
Signed-off-by: Ingo Klöcker <dev@ingo-kloecker.de>
2020-12-07 15:15:10 +01:00
Werner Koch
ff31dde456
gpg: Switch to ed25519+cv25519 as default algo.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future
default ago.
(ask_algo): Change default and also the way we indicate the default
algo in the list of algos.
(ask_curve): Indicate the default curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-05 14:21:31 +02:00
Werner Koch
e824e27d36
gpg: Fix parameter parsing form ed448.
* g10/keygen.c (parse_key_parameter_part): Set algo also for 448.
--
Fixes-commit: a763bb2580b0d586a80b8ccd3654f41e49604f4f
2020-10-02 12:29:20 +02:00
Werner Koch
65eb156980
gpg: Initialize a parameter to silence valgrind.
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--

In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter.  Thus there should be no
problem because the assert call check s buffer first.  For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable.  That does not happen with our
log_assert.

Tested with gnupg 2.2.23 with gcc 8.3.0 and valgrind 3.14.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 11:32:47 +02:00
Werner Koch
4031c42bfd
gpg,gpgsm: Record the creation time of a private key.
* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
(gpgsm_agent_import_key): Ditto.
* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
(agent_import_key): Ditto.
* g10/import.c (transfer_secret_keys): Pass the creation date to the
agent.
* g10/keygen.c (common_gen): Ditto.
--

Having the creation time in the private key file makes it a lot easier
to re-create an OpenPGP public keyblock in case it was accidentally
lost.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-19 13:43:16 +02:00