* dirmngr/dirmngr.h: Include name-value.h
(struct server_control_s): Add rootdse and rootdse_tried.
* dirmngr/dirmngr.c (dirmngr_deinit_default_ctrl): Release them.
* dirmngr/ks-engine.h (KS_GET_FLAG_ROOTDSE): Add two new flags.
* dirmngr/ks-engine-ldap.c: Include ks-action.h
(struct ks_engine_ldap_local_s): Add scope.
(ks_ldap_new_state): Set a default scope.
(my_ldap_connect): Add flag generic.
(ks_ldap_get): Move some code out to ...
* dirmngr/ks-action.c (ks_action_parse_uri): Factored out from server.c
* dirmngr/server.c (make_keyserver_item): Factored most code out to
This command allows to query the Windows Active directory.
* tools/gpgtar.c (main): Don't allow logging via the Registry. Forbid
using stdout for status-fd in crypt mode.
Without that check a status output would be mixed up with the input to
the internal call of gpg.
Using the Registry key to enable logging is very annoying.
* g10/card-util.c (card_store_subkey): Add arg processed_keys.
* g10/keyedit.c (keyedit_menu): Delete secret key.
This used to work using the gpg-agent: learn we called at "save" time.
However, the recent change inhibited the creation of a shadow key by
learn if a regular key still exists. Now we do an explicit delete key
at save time. This syncs the behaviour with the description of the
* common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private
* scd/app-openpgp.c (do_writekey): Switch key attributes
The scd WRITEKEY command for OpenPGP cards missed proper support to
aautomagically switch key attributes based on the new key. We had
this only in GENKEY.
* agent/agent.h (opt): Remove enable_extended_key_format.
* agent/gpg-agent.c (enum cmd_and_opt_values): Turn
oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy
* agent/protect.c (do_encryption): Remove arg use_ocb and
(agent_protect): Ditto. Change all callers.
* agent/findkey.c (agent_write_private_key): Simplify due to the
removal of disable-extended-key-format.
(write_extended_private_key): Fold into agent_write_private_key.
This change is related to
but should have no visible effect except for the removal of
* dirmngr/server.c (cmd_getinfo): New sub-command "stats".
(dirmngr_status_helpf): Allow for a CTRL of NULL.
* dirmngr/certcache.c (cert_cache_print_stats): Add arg ctrl and use
dirmngr_status_helpf. Adjust all callers.
* dirmngr/domaininfo.c (domaininfo_print_stats): Ditto.
* sm/certchain.c (ask_marktrusted): Flush stdout before printing the
* dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New.
* dirmngr/crlcache.c (cache_isvalid): Set this status.
(crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
(crl_cache_reload_crl): Move diagnostic to ...
* dirmngr/crlfetch.c (crl_fetch): here.
* dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
* dirmngr/validate.c (check_revocations): Handle new status. Improve
* common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ.
* common/audit.c (proc_type_verify): Ditto.
This avoids repeated loading of CRLs in case of untrusted root
* dirmngr/crlcache.c (INVCRL_TOO_OLD): New.
(INVCRL_UNKNOWN_EXTN, INVCRL_GENERAL): New.
(open_dir, crl_cache_insert): Use the new constants.
(list_one_crl_entry): Make diagnostics robust for new INVCRL codes.
* common/ksba-io-support.c: Include tlv.h
(struct reader_cb_parm_s): Add new fields.
(simple_reader_cb): Handle stripping.
* common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New.
(gnupg_ksba_create_reader): Handle the new flag.
* sm/verify.c (gpgsm_verify): Use the new flag for detached
Note that this works only if --assume-binary is given. The use case
for the feature is PDF signature checking where the PDF specs require
that the detached signature is padded with zeroes.
* g10/free-packet.c (copy_public_key): Factor some code out to ...
* g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints.
* g10/packet.h (PUBKEY_USAGE_RENC): Fix value.
(SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c.
(PKT_public_key): Change pubkey_usage from byte to u16.
(PKT_user_id): Cosmetic fix: change help_key_usage from int to u16.
* g10/getkey.c (parse_key_usage): Make public.
* g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in
* g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK.
(do_sign): No time warp check in ADSK mode.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/keygen.c (struct opaque_data_usage_and_pk): Remove.
(write_keybinding): Do not use the removed struct.
(do_add_key_flags): Support PUBKEY_USAGE_RENC and others.
(keygen_add_key_flags_and_expire): Rewrite and make public.
* g10/keyedit.c (enum cmdids): Add cmdADDADSK.
(keyedit_menu): Add command "addadsk".
This makes use of a new encryption flag:
The "restricted encryption key" (2nd,0x04) does not take part in any
automatic selection of encryption keys. It is only found on a
subkey signature (type 0x18), one that refers to the key the flag
Followup patches will add encryption support and a --quick command.
* agent/findkey.c (agent_key_from_file): Check the error of
* agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was
found. Also remove useless condition.
The first patch fixes a likely merge error. The second is about the
actual return code: If we have no smardcard but simply try to decrypt
with the current smartcard we should return the originla error code.
* sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New.
* sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a
generic flags arg. Implement the new flag FIND_CERT_WITH_EPHEM.
* sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked
The dirmngr may need to get a certificate from gpgsm's store in the
course of verifying a CRL. In some cases the certificate is still
marked as epehemeral - this needs to be returned as well.
This _may_ also fix
* sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
(inq_certificate): Distinguish unsupported inquiry error.
When loading a CRL through "gpgsm --call-dirmngr loadcrl foo"
dirmngr can ask gpgsm back if a certificate used ISTRUSTED, which
previously resulted in an error.
(cherry picked from commit 6b36c16f77)
That commit was from the 2.2 branch and we forgot to forward port it.
* common/openpgp-oid.c (oidtable): Add them.
(oid_ed25519_v5, oid_cv25519_v5): New.
(openpgp_oidbuf_is_ed25519): Take new OID in account.
ed25519 is used in GnuPG and other implementations since 2015 and thus
we can't simply switch to the shorter OIDs. However, we have not
widely used them with v5 keys (only ed448 forced the use of v5) and
thus it might be possible to use the new OIDs with v5 keys.
Note that Libgcrypt supports the new OIDs even in 1.8.
* g10/gpg.c (main): Replace setmode by es_set_binary and use only when
It is better to use our es_set_binary than to use a Windows specific
method which still worked but is fragile because estream might be
changed. We now set binary only when needed. Note that it does not
harm to call es_set_binary more often than needed.
* g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New.
* g10/gpg.c (parse_list_options): Add "show-unusable-sigs".
* g10/keydb.h (keyid_eq): New.
* g10/keylist.c (list_signature_print): Early return for weak key
signatures. Print "self-signature" instead of user-id.
(list_keyblock_print): Simplify and always set self-sig node flag.
This patch avoid the printing of often hundreds of "Invalid digest
algorithm" notices during key signature listings if those key
signatures were done with SHA1. The new option can be used to revert
We now also print "[self-signature]" with --check-sigs or --list-sigs
instead of the primary user id. This makes such listing easier to read.
* agent/findkey.c (public_key_from_file): Add arg r_sshorder.
* agent/command-ssh.c (struct key_collection_item_s): New.
(struct key_collection_s): New.
(search_control_file): Add art r_lnr.
(ssh_send_available_keys): Rewrite to return the keys in the user
We now first return the keys from active cards, followed by keys
listed in sshcontrol, finally from those with the "Use-for-ssh" key
attribute. Keys from active cards are returned sorted by their S/N.
Keys from sshcontrol are returned in the order they are given in that
file. Use-for-ssh keys are ordered by the value assigned to that key
attribute. The values for the latter are clamped at 99999.
* common/name-value.c (nvc_get_boolean): Rewrite.
The function may now return a positive or negative number instead of
just 1 for true. All callers were already prepared for this.
The profiles are not any longer useful because global options are way
more powerful (/etc/gnupg/gpg.conf et al.). The use of systemd is
deprecated because of additional complexity and the race between
systemd based autolaunching and the explicit gnupg based and lockfile
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key. The real fix is to handle the EdDSA algorithm in