1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

513 Commits

Author SHA1 Message Date
Werner Koch
2b32eb15aa gpg: Disallow the use of v3 keys.
* g10/gpg.c: Add options --allow-v3-keys and --no-allow-v3-keys.
(main): Enable --allow-v3-keys in --pgp2 mode.
* g10/options.h (opt): Add field allow_v3_keys.
* g10/import.c (delete_v3_subkeys): New.
(import_one): Skip v3 keys and delete v3 subkeys.
(import_print_stats): Print stats on v3 keys and subkeys.
* g10/getkey.c (finish_lookup): Skip v3 keys.
--

This is a first take on disabling v3 keys.  We may need to add some
tweaks to make decryption using an existing v3 key easier.  There is
no need to disallow decryption.

Thanks to Georgi Guninski to put some pressure on us to finally do
what PGP 2 folks will probably don’t like.  See the discussion on
gnupg-devel starting 2012-06-22.
2012-06-25 16:27:04 +02:00
Werner Koch
096e7457ec Change all quotes in strings and comments to the new GNU standard.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems.  We now use two \x27 characters ('...').

The proper solution would be to use the correct Unicode symmetric
quotes here.  However this has the disadvantage that the system
requires Unicode support.  We don't want that today.  If Unicode is
available a generated po file can be used to output proper quotes.  A
simple sed script like the one used for en@quote is sufficient to
change them.

The changes have been done by applying

  sed -i "s/\`\([^'\`]*\)'/'\1'/g"

to most files and fixing obvious problems by hand.  The msgid strings in
the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
Werner Koch
fc00d3fcb2 Print the hash algorithm in colon mode key listing.
* g10/keylist.c (list_keyblock_colon): Print digest_algo.
2012-05-24 10:13:39 +02:00
Werner Koch
b4d9f8dbc8 Add tweaks for the not anymore patented IDEA algorithm.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove.  Also remove all callers.
* common/status.h (STATUS_RSA_OR_IDEA): Remove.  Do not emit this
status anymore.
--

To keep the number of actually used algorithms low, we want to support
IDEA only in a basically read-only way (unless --pgp2 is used during
key generation).  It does not make sense to suggest the use of this
old 64 bit blocksize algorithm.  However, there is old data available
where it might be helpful to have IDEA available.
2012-05-08 18:18:32 +02:00
Werner Koch
8eeaff0ef8 faq: Replace --list-ownerturst by --export-ownertrust.
--
2012-04-17 09:55:44 +02:00
Ben Kibbey
99fc61f1cf Mention status messages in the documentation.
Note INQUIRE_MAXLEN.
2012-04-04 11:56:59 +02:00
Ben Kibbey
a577f06c4a Document PASSWD --preset. 2012-04-04 11:56:55 +02:00
Ben Kibbey
108e8f622e Document GENKEY options. 2012-04-04 11:56:48 +02:00
Ben Kibbey
96e107fc29 Document PRESET_PASSPHRASE. 2012-04-04 11:56:35 +02:00
Ben Kibbey
26b59d78c4 Document CLEAR_PASSPHRASE.
And describe the --mode=normal option.
2012-04-04 11:56:29 +02:00
Werner Koch
c4b9a9b9f3 Typo fixes in de.po.
--
This is bug#1276 and http://bugs.debian.org/594343
2012-03-26 15:50:13 +02:00
Werner Koch
7441e622ff Add mksamplekeys script.
* doc/mksamplekeys: New.
--
Note that we have the same script in the 1.4 branch.  That should be
removed and only this one shall be used.
2012-03-26 15:48:47 +02:00
Werner Koch
2871422d9a gpg-connect-tool: Take the string "true" as a true condition.
* tools/gpg-connect-agent.c (main): Handle strings "true" and "yes" in
conditions as expected.
2012-01-27 15:40:24 +01:00
Jim Meyering
4402dc3f0a yat2m: don't dereference pointer to freed memory
* doc/yat2m.c (top_parse_file): Correct macrolist-freeing loop.
2012-01-16 11:50:28 +01:00
David Shaw
860861279b Refresh sample keys 2012-01-11 01:12:10 -05:00
Werner Koch
372fb4fc06 gpg: Allow use of a standard space separated fingerprint.
* common/userids.c (classify_user_id): Check for space separated GPG
fingerprint.
2012-01-06 13:36:47 +01:00
Werner Koch
8e47f1e576 Prepare for the beta3 release. 2011-12-20 15:55:43 +01:00
Werner Koch
fe2f182699 Add the STEED Self-Signing Nonthority certificate.
* doc/com-certs.pem: Install it when creating a keybox.
2011-12-20 15:35:42 +01:00
Werner Koch
779611494d faq: Add section on US export restrictions. 2011-12-20 11:13:40 +01:00
Werner Koch
dcd64131c6 scd: Add the "undefined" stub application.
* scd/app.c (select_application): Implement the "undefined"
application.
2011-12-14 17:00:50 +01:00
Werner Koch
00c760f628 scd: New option --debug-assuan-log-cats.
* scd/scdaemon.c (oDebugAssuanLogCats): New.
(opts): Add option --debug-assuan-log-cats.
(main): Implement option.
* common/asshelp.c (set_libassuan_log_cats): New.

--

The old way of setting the logging categories with an environment
variable is awkward if sdaemon is spawned from a running gpg-agent.
2011-12-13 17:59:00 +01:00
Werner Koch
8a12a2000d gpgsm: Add new validation model "steed".
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute.  Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--

This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html .  The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known).  Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
2011-12-07 16:15:15 +01:00
Werner Koch
5cdad8ff00 gpgsm: Allow arbitrary extensions for cert creation.
* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
(read_parameters): Add new keywords.
(proc_parameters): Check values of new keywords.
(create_request): Add SubjectKeyId and extensions.
(parse_parameter_usage): Support "cert" and the encrypt alias "encr".
2011-12-06 19:57:27 +01:00
Werner Koch
2336b09779 Generate the ChangeLog from commit logs.
* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.

Rename all ChangeLog files to ChangeLog-2011.
2011-12-01 11:09:02 +01:00
Werner Koch
31f548a18a Rewrite dns-cert.c to not use the gpg-only iobuf stuff.
* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert.  Remove MAX_SIZE arg.  Change
iobuf arg to a estream-t.  Rewrite function to make use of estream
instead of iobuf.  Require all parameters.  Return an gpg_error_t
error instead of the type.  Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.
2011-11-30 17:34:49 +01:00
Werner Koch
32118628a0 typo fixes 2011-11-02 18:29:47 +01:00
Werner Koch
d4fa82e688 Typo fix and remove of some colloquial terms 2011-10-18 16:47:12 +02:00
Werner Koch
5319aa952f Put more options into the options index
Also removed the single letter options from the index.
2011-10-12 17:36:56 +02:00
Werner Koch
b277bec250 Extend yat2m to allow indented tables.
Current makeinfo versions allow to indent the texinfo source.  However
yat2m had no support for this.  With this patch it is now possible to
use a simple indentation style while keeping man pages readable.
2011-10-12 15:52:13 +02:00
Werner Koch
4379c01a24 Beautified the online html manual 2011-08-12 14:40:47 +02:00
Werner Koch
7316b53426 Typo fix 2011-08-10 13:26:17 +02:00
Werner Koch
663768f9af Minor doc updates v2.0 vs. v2.1) 2011-08-08 10:17:33 +02:00
Werner Koch
d479906991 Support a confirm flag for ssh.
This implements the suggestion from bug#1349.  With this change the
fingerprint of the ssh key is also displayed in the pinentry prompts.
2011-07-20 20:49:41 +02:00
Werner Koch
550d94b011 Clarify documentation of --keyid-format.
Fixes bug#1354.
2011-07-18 10:38:14 +02:00
Werner Koch
92e66c70b6 Document OPTION s2k-count 2011-06-29 13:23:41 +02:00
Werner Koch
c9e473618f Fixed an URL typo in the FAQ. 2011-06-28 10:32:46 +02:00
Bernhard Reiter
f194773540 doc/gpgsm.texi com-certs.pem mini-fix
[[PGP Signed Part:Undecided]]
[1. text/plain]

Example path for com-certs.pem corrected.
[2. text/x-diff; doc.diff]
2011-06-27 16:12:35 +02:00
Werner Koch
7d68c6b0ec Add question "What are DH/DSS keys?"
... and the answer of course.
2011-06-27 15:56:47 +02:00
Werner Koch
d679b4d642 Require libgpg-error 1.10
This allows to remove some error code substitutes.
Fixed a typo in gpg.text.
2011-05-20 10:27:50 +02:00
Werner Koch
4caa768f1d Add OPTION:cache-ttl-opt-preset to gpg-agent.
This option may be used to change the default ttl values use with the
--preset option of GENKEY and PASSWD.
2011-04-21 15:40:48 +02:00
Werner Koch
b786f0e12b New agent option pinentry-mode.
This provides the framework and implements the ask, cancel and error.
loopback will be implemented later.
2011-03-03 18:35:08 +01:00
Werner Koch
2165925bae Fix doc/Makefile target online 2011-03-02 09:04:16 +01:00
Werner Koch
00f8b68505 Move parameter file description to the manual. 2011-03-01 17:08:49 +01:00
Werner Koch
28c157b55c Support X.509 certificate creation.
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.

Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file.  An example parameter file
is

    Key-Type: RSA
    Key-Length: 1024
    Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
    Key-Usage: sign, encrypt
    Serial: random
    Name-DN: CN=some test key
    Name-Email: foo@example.org
    Name-Email: bar@exmaple.org
    Hash-Algo: SHA384
    not-after: 2038-01-16 12:44

This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm.  The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
2011-03-01 14:42:56 +01:00
Werner Koch
7c03c8cc65 Lock scdaemon to CCID if once found.
This solves a problem where ccid was used, the card unplugged and then
scdaemon tries to find a new (plugged in) reader and thus will
eventually try PC/SC over and over again.

Also added an explicit --kill command to gpgconf.
2011-02-23 10:15:34 +01:00
Werner Koch
cd9614b81b Removed deprecated SIGEXPIRED status line. 2011-02-04 10:28:28 +01:00
Werner Koch
5667e33290 Add a DECRYPTION_INFO status.
DECRYPTION_INFO <mdc_method> <sym_algo>
        Print information about the symmetric encryption algorithm and
        the MDC method.  This will be emitted even if the decryption
        fails.
2011-02-03 20:59:01 +01:00
Werner Koch
52b9761c88 ifset parts which are not in GnuPG 2.0 2011-01-13 15:32:11 +01:00
Werner Koch
5379d3527d Describe new log facilities. 2010-12-02 14:10:44 +00:00
Werner Koch
0103a53aa6 Smartcard related updates 2010-11-17 13:21:24 +00:00