1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

639 Commits

Author SHA1 Message Date
Werner Koch
b5e081973b
Release 2.1.7 2015-08-11 13:54:29 +02:00
Daniel Kahn Gillmor
1be2cebf7f drop long-deprecated gpgsm-gencert.sh
* tools/gpgsm-gencert.sh: remove deprecated script entirely.  It is
   fully replaced by gpgsm --gen-key
 * doc/tools.texi: remove gpgsm-gencert.sh documentation
 * .gitignore: no longer ignore gpgsm-gencert.sh manpage
 * doc/Makefile.am: quit making the manpage
 * tools/Makefile.am: quit distributing the script
 * doc/howto-create-a-server-cert.texi: overhaul documentation to use
   gpgsm --gen-key and tweak explanations

--

The commit deprecating gpgsm-gencert.sh
(81972ca7d53ff1996e0086702a09d4405bdc2a7e) dates back exactly 6 years.

 https://codesearch.debian.net/results/gpgsm-gencert.sh

suggests that in all of debian it is only referenced in documentation
(for poldi and scute) and example files (libept), and isn't actually
used directly anywhere.

Furthermore, trying to use gpgsm-gencert.sh to make a simple webserver
certificate-signing request failed for me, following the examples in
doc/howto-create-a-server-cert.texi exactly.

It's time we ripped off this band-aid :)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-07-03 22:21:52 +02:00
Werner Koch
279381b59e
Post release updates
--
2015-07-01 15:07:47 +02:00
Werner Koch
a499eeb6a6
Release 2.1.6 2015-07-01 14:16:40 +02:00
Werner Koch
b89a592a2e
Added release date of older versions to NEWS.
--
2015-06-15 14:12:43 +02:00
Werner Koch
ee438d6775
Post release updates.
--
2015-06-11 15:37:50 +02:00
Werner Koch
9b7bdfae82
Release 2.1.5 2015-06-11 14:43:57 +02:00
Werner Koch
43ea8f5d88
build: Make --disable-gpgsm work.
* Makefile.am: Always build kbx/
* g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS.
--

Note that "make check" still prints a warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-15 13:20:52 +02:00
Werner Koch
c9180ac628
Post release updates.
--
2015-05-12 15:40:09 +02:00
Werner Koch
a67ead6525
Release 2.1.4 2015-05-12 15:07:38 +02:00
Werner Koch
482b2f8b5d
Post release updates.
--
2015-04-11 13:33:41 +02:00
Werner Koch
b1e1959d59
Release 2.1.3. 2015-04-11 13:14:43 +02:00
Andre Heinecke
070d7bf940 dirmngr: Initialize cache from sysconfig dir
* dirmngr/certcache.c (cert_cache_init): Load certificates
from sysconfig dir instead of the homeidr.
* dirmngr/dirmngr.c (main): Removed parsing of obsolete
homedir_data option.
* dirmngr/dirmngr.h (opt): Removed homedir_data.
* doc/dirmngr.texi: Update and clarify certs directory doc.

--

Using the homedir for extra-certs and trusted-certs makes
little sense when dirmngr is used with a caller that
manages it's own store of certificates and can
provide those through the SENDCERT command.
You can use trusted-certs and extra-certs to provide
users with a base of locally available certificates that are
not already in store of the applications.
2015-02-12 13:02:53 +01:00
Werner Koch
b4c798b86e Post release updates.
--
2015-02-11 19:48:21 +01:00
Werner Koch
fc17562cc4 Release 2.1.2 2015-02-11 19:22:25 +01:00
Werner Koch
4d7c9b0e9a gpg: Support --passphrase with --quick-gen-key.
* g10/keygen.c: Include shareddefs.h.
(quick_generate_keypair): Support static passphrase.
(get_parameter_passphrase): New.
(do_generate_keypair): Use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 12:45:22 +01:00
Werner Koch
aa99ebde77 gpg: Re-enable the "Passphrase" parameter for batch key generation.
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
Werner Koch
7614014169 agent: Make sure --max-cache-ttl is >= --default-cache-ttl.
* agent/gpg-agent.c (finalize_rereadable_options): New.
(main, reread_configuration): Call it.
--

This change should help to avoid surprising behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-19 13:28:14 +01:00
Werner Koch
22168c8359 Post release updates
--
2014-12-16 17:00:45 +01:00
Werner Koch
08c00cd4fe Release 2.1.1 2014-12-16 15:53:28 +01:00
Werner Koch
63e7891f0f gpg: Allow import of large keys.
* g10/import.c (import): Skip too large keys.
* kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
--

The key which triggered the problem was 0x57930DAB0B86B067.  With this
patch it can be imported.  Keys larger than the now increased limit of
5MB will are skipped and the already existing not_imported counter is
bumped up.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-04 10:53:10 +01:00
Werner Koch
17b4662984 gpg: Remove option aliases --[no-]throw-keyid and --notation-data.
* g10/gpg.c (opts): Remove them.
* g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users.
--

See mails starting
 http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html
2014-12-03 11:28:10 +01:00
Werner Koch
0bfabe579d Update NEWS
--
2014-11-21 21:38:00 +01:00
Werner Koch
d280a52757 Post release updates.
--
2014-11-05 16:46:52 +01:00
Werner Koch
cf41763cdf Change a couple of files to use abbreviated copyright notes.
--

Also fixed some of my own copyright notices due to the termination of
my assignment.  The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
2014-11-04 16:28:03 +01:00
Werner Koch
28ae8ad70b gpg: Fix --rebuild-keydb-caches.
* g10/parse-packet.c (parse_key): Store even unsupported packet
versions.
* g10/keyring.c (keyring_rebuild_cache): Do not copy keys with
versions less than 4.
--

That function, which is implicitly called while checking the keydb, led
to corruption of v3 key packets in the keyring which would later spit
out "packet(6)too short" messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 10:31:11 +01:00
Werner Koch
436aa90be7 doc: Re-formated some NEWS entries and added update notes to some.
--
2014-10-26 20:07:16 +01:00
Werner Koch
cdd899e160 Update NEWS.
--
2014-10-26 12:48:34 +01:00
Werner Koch
6d9491842d dirmngr: Allow building without LDAP support.
* configure.ac: Add option --disable-ldap.
(USE_LDAP): New ac_define and am_conditional.
* dirmngr/Makefile.am: Take care of USE_LDAP.
* dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
and do not call any ldap function.
* dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
* dirmngr/crlfetch.c (!USE_LDAP): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 15:59:45 +02:00
Werner Koch
0c52bfa395 doc: Minor fix.
--

Due to todays reminder:

  On Tue 2014-04-22 18:46:15 -0400, Daniel Kahn Gillmor wrote:
  > With --trust-model=always, all keys and user IDs are considered
  > automatically valid; they are not automatically trusted (setting
  > universal ownertrust to anything other than "ultimate" would be
  > insufficient to acheive the effect of --trust-model=always, due to
  > --max-cert-depth and certificate path reachability).
  >
  > Thanks to Nicolai Josuttis for pointing out this documentation
  error.
2014-10-03 20:19:08 +02:00
Werner Koch
0943c7cc23 Release 2.1.0-beta864. 2014-10-03 15:45:32 +02:00
Werner Koch
34a3e458d0 Post beta release update.
--
2014-09-18 18:28:40 +02:00
Werner Koch
93f158df38 Release 2.1.0-beta834. 2014-09-18 17:57:09 +02:00
Werner Koch
01dd1601a4 Post beta release update.
--
2014-08-14 17:31:33 +02:00
Werner Koch
a13198d9bc Release 2.1.0-beta783 2014-08-14 17:16:21 +02:00
Werner Koch
2b8d8369d5 gpg: Remove options --pgp2 and --rfc1991.
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove.  Remove all users.
(RFC2440, PGP2): Remove.  Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--

The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5).  Thus we remove all support for
_creating_ PGP 2 compatible messages.
2014-08-14 11:03:55 +02:00
Werner Koch
97f887a0f5 Post beta release update
--
2014-07-03 11:51:52 +02:00
Werner Koch
5ae34f574b Release 2.1.0-beta751 2014-07-03 11:33:55 +02:00
Werner Koch
518d835380 Post beta release update.
--

656fef6454972cb91741c37a0fd19cd9ade9db9c  gnupg-2.1.0-beta442.tar.bz2
2014-06-05 17:05:33 +02:00
Werner Koch
27f4ce40e0 Release 2.1.0-beta442.
--

This beta is small contribution for today's Reset The Net campaign.

  It is a crying shame that the government of my country is not
  willing to offer Edward Snowden asylum and protect him from the evil
  institutions of those allies who once thankfully kicked out the most
  evil German powers.  Back in these dark years, many people had to
  ask for asylum over there and it was granted.  Now we have to fear
  their Blockwarts who are listening to the entire world.  It would be
  more than justified for us to help that brave guy.
2014-06-05 16:47:19 +02:00
Werner Koch
533ff0ab56 Update README file.
--

The copyright list in AUTHORS as been compiled from a distribution
tarball.
2014-06-05 16:20:44 +02:00
Werner Koch
be07ed65e1 Add new option --with-secret.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret.  Also move
the token string from the wrong field 14 to 15.
--

This option is useful for key managers which need to know whether a
key has a secret key.  This change allows to collect this information
in one pass.
2014-06-03 21:35:59 +02:00
Werner Koch
0beec2f0f2 gpgsm: New commands --export-secret-key-{p8,raw}
* sm/gpgsm.c: Add new commands.
* sm/minip12.c (build_key_sequence): Add arg mode.
(p12_raw_build): New.
* sm/export.c (export_p12): Add arg rawmode.  Call p12_raw_build.
(gpgsm_p12_export): Ditto.
(print_short_info): Print the keygrip.
2014-06-03 18:57:33 +02:00
Werner Koch
d8f0b83e4f gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(tdb_get_ownertrust): Ditto.
(tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts): Ditto.
(tdb_cache_disabled_value): Ditto.
(tdb_check_trustdb_stale): Ditto.
(tdb_get_validity_core): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e)

Resolved conflicts:
	NEWS
	g10/trustdb.c: Manually apply changes due to changed
                       function names.

Note that this also includes the fix for clear_ownertrust, see
GnuPG-bug-id: 1622.
2014-03-07 10:44:27 +01:00
Werner Koch
9942a149ff agent: Make --allow-mark-trusted the default.
* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
Put this option into the gpgconf-list.
(main): Enable opt.allow_mark_trusted by default.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
allow-mark-trusted by no-allow-mark-trusted.

* agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.

--

These changes have been in effect for the Gpg4win Windows version
since 2011-01-24 and thus first released with Gpg4win 2.1.0.  Given
the current state of PKIX it does not make any sense to lure the Unix
user into false security by making it harder to trust self-signed or
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 90b419f3e9d05e509348d047e05fcc79e87be6cf)

Resolved conflicts:
	NEWS
	agent/gpg-agent.c
2014-03-07 09:48:26 +01:00
Werner Koch
5105c8d2d3 ssh: Add support for Putty.
* agent/gpg-agent.c [W32]: Include Several Windows header.
(opts): Change help text for enable-ssh-support.
(opts, main): Add option --enable-putty-support
(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
(agent_init_default_ctrl): Add and asssert call.
(putty_message_proc, putty_message_thread): New.
(handle_connections) [W32]: Start putty message thread.
* common/sysutils.c (w32_get_user_sid): New for W32 only
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
--enable-ssh-support and --enable-putty-support.  Make the
configuration group visible at basic level.
* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
--

This patch enables support for Putty.  It has been tested with Putty
0.62 using an Unix created ssh key copied to the private-keys-v1.d
directory on Windows and with a manually crafted sshcontrol file.  It
also works with a smartcard key.

May thanks to gniibe who implemented a proxy in Python to test the
putty/gpg-agent communication.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9f32499f99a0817f63f7a73b09bdcebe60d4775d)

Resolved conflicts:
	NEWS
	agent/agent.h
	agent/gpg-agent.c: Convert from pth to npth.
	common/sysutils.c
	common/sysutils.h
2014-03-07 09:48:10 +01:00
Werner Koch
e951782e93 gpg: Change armor Version header to emit only the major version.
* g10/options.h (opt): Rename field no_version to emit_version.
* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
to bump up opt.emit_version.
* g10/armor.c (armor_filter): Implement different --emit-version
values.
--

GnuPG-bug-id: 1572
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-27 09:20:02 +01:00
Werner Koch
0899f6d4be gpg: Fix bug with deeply nested compressed packets.
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from
check_compressed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-02 09:11:43 +02:00
Werner Koch
780ba32336 gpg: Make decryption with the OpenPGP card work.
* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
* scd/app-openpgp.c (do_decipher): Add arg R_INFO.
* scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
* scd/app.c (app_decipher): Add arg R_INFO.
* scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
* agent/call-scd.c (padding_info_cb): New.
(agent_card_pkdecrypt): Add arg R_PADDING.
* agent/divert-scd.c (divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
* agent/command.c (cmd_pkdecrypt):  Print status line "PADDING".
* g10/call-agent.c (padding_info_cb): New.
(agent_pkdecrypt): Add arg R_PADDING.
* g10/pubkey-enc.c (get_it): Use padding info.
--

Decryption using a card never worked in gpg 2.1 because the
information whether the pkcs#1 padding needs to be removed was not
available.  Gpg < 2.1 too this info from the secret sub key but that
has gone in 2.1.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 17:40:32 +02:00
Werner Koch
9ff72e4e7e w32: Add code to support a portable use of GnuPG.
* common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
(check_portable_app) [W32]: New.
(standard_homedir, default_homedir) [W32]: Support the portable flag.
(w32_rootdir, w32_commondir) [W32]: Ditto.
(gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto.
* common/logging.h (JNLIB_LOG_NO_REGISTRY): New.
* common/logging.c (no_registry): New variable.
(log_set_prefix, log_get_prefix): Set/get that variable.
(do_logv): Do not check the registry if that variable is set.
--

Beware: This code has not been tested because it is not yet possible
to build GnuPG 2.1 for Windows.  However, the code will be the base
for an implementation in 2.0.

A portable use of GnuPG under Windows means that GnuPG uses a home
directory depending on the location of the actual binary.  No registry
variables are considered.  The portable mode is enabled if in the
installation directory of the the binary "gpgconf.exe" and a
file "gpgconf.ctl" are found.  The latter file is empty or consists
only of empty or '#' comment lines.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-01 11:20:48 +02:00
NIIBE Yutaka
7253093add scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.

* agent/divert-scd.c (getpin_cb): Change message.

* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.

* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/iso7816.h (iso7816_check_pinpad): Rename.

* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.

* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.

* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.

* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.

* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.

* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-08 09:06:39 +09:00
Werner Koch
21feecd48f gpg: Add pinentry-mode feature.
* g10/gpg.c: Include shareddefs.h.
(main): Add option --pinentry-mode.
* g10/options.h (struct opt): Add field pinentry_mode.
* g10/passphrase.c: Include shareddefs.h.
(have_static_passphrase): Take care of loopback pinentry_mode.
(read_passphrase_from_fd): Ditto.
(get_static_passphrase): New.
(passphrase_to_dek_ext): Factor some code out to ...
(emit_status_need_passphrase): new.
* g10/call-agent.c (start_agent): Send the pinentry mode.
(default_inq_cb): Take care of the PASSPHRASE inquiry.  Return a
proper error code.
(agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
(agent_pkdecrypt): Ditto.
* g10/pubkey-enc.c (get_it): Pass new args.
* g10/sign.c (do_sign): Pass new args.

* g10/call-agent.c (struct default_inq_parm_s): New.  Change all
similar structs to reference this one.  Change all users and inquire
callback to use this struct, instead of NULL or some undefined but not
used structs.  This change will help to eventually get rid of global
variables.
--

This new features allows to use gpg without a Pinentry.  As a
prerequisite the agent must be configured to allow the loopback
pinentry mode (option --allow-loopback-pinentry).  For example

  gpg2 --pinentry-mode=loopback FILE.gpg

may be used to decrypt FILE.gpg while entering the passphrase on the
tty.  If batch is used, --passphrase et al. may be used, if
--command-fd is used, the passphrase may be provided by another
process.  Note that there are no try-again prompts in case of a bad
passphrase.
2013-02-07 20:37:58 +01:00
Werner Koch
fc00d3fcb2 Print the hash algorithm in colon mode key listing.
* g10/keylist.c (list_keyblock_colon): Print digest_algo.
2012-05-24 10:13:39 +02:00
Werner Koch
508ffb4e02 Add an item to NEWS.
--
2012-02-07 10:20:12 +01:00
Werner Koch
001352077c nPth is now a hard requirement for GnuPG.
* configure.ac: Remove cruft to allow building without npth.
--

Previous versions of GnuPG allowed to build a subset of it without
support of Pth.  Meanwhile gpg-agent is a requirement even for gpg and
thus it does not make any sense to allow such a restricted build.
2012-01-25 15:51:08 +01:00
Werner Koch
372fb4fc06 gpg: Allow use of a standard space separated fingerprint.
* common/userids.c (classify_user_id): Check for space separated GPG
fingerprint.
2012-01-06 13:36:47 +01:00
Werner Koch
97d1c884e6 Post-release version number update 2011-12-20 17:10:28 +01:00
Werner Koch
8e47f1e576 Prepare for the beta3 release. 2011-12-20 15:55:43 +01:00
Werner Koch
45cf9de341 agent: Pass comment lines from scd verbatim thru gpg-agent.
* agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
* tools/gpg-connect-agent.c (help_cmd_p): New.
(main): Treat an "SCD HELP" the same as "HELP".
2011-12-14 15:42:28 +01:00
Werner Koch
81389383a3 Made the KILLAGENT and KILLSCD commands working again.
This requires that GnuPG is build with a newer version of Libassuan
(2.0.3).
2011-08-10 11:47:04 +02:00
Werner Koch
d479906991 Support a confirm flag for ssh.
This implements the suggestion from bug#1349.  With this change the
fingerprint of the ssh key is also displayed in the pinentry prompts.
2011-07-20 20:49:41 +02:00
Werner Koch
37228cfa05 Allow generation of card keys up to 4096 bit.
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg.  This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.

Note: the card key generation in gpg is currently broken.  The keys
are generated but it is not possible to create the self-signature
because at that time the gpg-agent does not yet know about the new
keys and thus can't divert the sign request to the card.  We either
need to run the learn command right after calling agent_scd_genkey or
implement a way to sign using the currently inserted card.  Another
option would be to get rid of agent_scd_genkey and implement the
feature directly in agent_genkey.
2011-06-16 14:27:33 +02:00
Werner Koch
817f07173c Fixed regression in OpenPGP secret key export.
The protection used in the exported key used a different iteration
count than given in the S2K field.  Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again.  Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
2011-04-26 20:39:09 +02:00
Werner Koch
87a6a1c3fe Post beta release updates 2011-03-08 14:00:04 +01:00
Werner Koch
444f2fe1cd Prepare for 1.5.0beta2 2011-03-08 12:56:45 +01:00
Werner Koch
28c157b55c Support X.509 certificate creation.
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.

Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file.  An example parameter file
is

    Key-Type: RSA
    Key-Length: 1024
    Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
    Key-Usage: sign, encrypt
    Serial: random
    Name-DN: CN=some test key
    Name-Email: foo@example.org
    Name-Email: bar@exmaple.org
    Hash-Algo: SHA384
    not-after: 2038-01-16 12:44

This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm.  The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
2011-03-01 14:42:56 +01:00
Werner Koch
0b5bcb40cf Finished ECC integration.
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week.  Adjusted my own ChangeLog
entries to be consistent with that entry.

Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future.  "git diff -b" is useful
to read the actual changes ;-).

The ECC-INTEGRATION-2-1 branch can be closed now.
2011-02-03 16:35:33 +01:00
Werner Koch
2b933ae8f6 Fix for bug#1313. de.po update. 2011-01-20 15:11:25 +01:00
Werner Koch
2732f2ff3f Fix bug #1311. 2011-01-10 11:37:57 +01:00
Werner Koch
5fd7ff3488 Tweaks for gpgconf.
Fixed dirmngr bug 1010.
2010-12-14 19:17:58 +00:00
Werner Koch
fcb5f7d08f s/AES/AES128/ in diagnostics and --list-config 2010-12-02 15:49:02 +00:00
Werner Koch
b3f9e2130e Change stack size for Wince.
Allow for a longer agent atartup under wince.
Print gpg output via estream.
2010-11-23 18:46:41 +00:00
Werner Koch
2c982dcf86 Fix bug where scdaemon kills a non-daemon gpg-agent. 2010-11-11 15:07:37 +00:00
Werner Koch
dc5150db78 Honor TMPDIR. 2010-10-27 07:37:52 +00:00
Werner Koch
0f721abddf Update scripts etc. 2010-10-26 12:25:47 +00:00
Werner Koch
54591341a4 More agent support for gpg. 2010-10-13 15:57:08 +00:00
Werner Koch
002b30e75c Import fixes.
new otion for watchgnupg
2010-10-06 11:29:10 +00:00
Werner Koch
bfbd80feb9 Exporting secret keys via gpg-agent is now basically supported.
A couple of forward ported changes.
Doc updates.
2010-10-01 20:33:53 +00:00
Werner Koch
daab9aff3a Merge secret keys during import 2010-09-02 15:11:51 +00:00
Werner Koch
87fac99112 Import OpenPGP keys into the agent. 2010-08-31 15:58:39 +00:00
Werner Koch
15330f36a7 Reworked the posix and w32 exechelpers. 2010-08-20 12:18:38 +00:00
Werner Koch
7e752a4208 Auto-start dirmngr. 2010-08-16 11:03:43 +00:00
Werner Koch
a22c38baad Some work on the dirmngr 2010-07-23 16:16:14 +00:00
Werner Koch
c3f08dcb72 Merged Dirmngr with GnuPG.
A few code changes to support dirmngr.
2010-06-09 16:53:51 +00:00
Werner Koch
51e2703abe Auto starting the agent does now work on CE. 2010-05-04 15:21:47 +00:00
Werner Koch
53c636c4c6 ./autogen.sh --build-w32ce does now succeed. 2010-04-14 14:39:16 +00:00
Werner Koch
2cf687cb3e First batch of changes to support W32CE.
Note that jnlib/w32-reg.c is not yet ready.
2010-02-26 18:44:36 +00:00
Werner Koch
4d693033ab Implement dynamic S2K count computation. 2009-12-14 20:12:56 +00:00
Werner Koch
a51675fabe Add option --cert-extension. 2009-12-10 13:00:30 +00:00
Werner Koch
9a96043be4 Unification of the search descriptor usage. 2009-12-08 16:30:33 +00:00
Werner Koch
85d778b9f6 Use ADNS for PKA and SRV records if no other resolver is available. 2009-12-07 15:52:27 +00:00
Werner Koch
49b00ffd67 allow for default algorithms in a gpg parameter file 2009-12-04 19:47:54 +00:00
Werner Koch
cb5491bfaf support numeric debug levels. 2009-12-03 18:04:40 +00:00
Werner Koch
9e83404751 More stuff for the audit-log. 2009-12-02 18:33:59 +00:00
Werner Koch
536b6ab09f Keep on hacking on g13. A simple --create and --mount does now work.
A hacked up encfs is required.
2009-10-13 19:17:24 +00:00
Werner Koch
b46c353318 Start a new development branch.
Translations are for now disabled.
2009-09-21 18:26:52 +00:00
Werner Koch
fd38b9227e Post release version bumb 2009-09-04 17:52:40 +00:00
Werner Koch
7d0f99aa91 preparae release 2009-09-04 13:38:16 +00:00
Werner Koch
25659d66f1 Ask to insert the right OpenPGP card. 2009-08-11 10:56:44 +00:00
Werner Koch
31084d6dc9 Support writing of existing keys with non-matching key sizes. 2009-07-09 14:54:18 +00:00
Werner Koch
e50cac1d84 Changed default hash algorithm preferences 2009-07-09 08:52:31 +00:00
Werner Koch
2193992559 Impleemned gpgsm's IMPORT --re-import feature.
Typo fix.
2009-07-07 16:52:12 +00:00
Werner Koch
f6f5430e50 Reworked passing of envars to Pinentry. 2009-07-07 10:02:41 +00:00
Werner Koch
81972ca7d5 Create a pkcs#10 request directly from a card.
Deprecate gpgsm-gencert.sh script.
2009-07-02 09:49:31 +00:00
Werner Koch
1925cb37f9 Alow batch ode for gpgsm --gen-key.
Allow CSR generation using an existing key with gpgsm.
2009-07-01 18:30:33 +00:00
Werner Koch
e05aeca87b Post release updates 2009-06-17 11:57:24 +00:00
Werner Koch
c998dd12a2 Preparing for 2.0.12. 2009-06-17 11:18:26 +00:00
Werner Koch
4fa261f8ec Fix possible system freeze on Mac OS X. 2009-05-19 22:39:45 +00:00
Werner Koch
5e208460a1 Improved smartcard robustness. 2009-05-13 17:12:00 +00:00
Werner Koch
f8b4cd7650 Import/export of pkcs#12 now uses the gpg-agent directly.
Removed duplicated code (percent unescaping).
2009-04-01 10:51:53 +00:00
Werner Koch
990585ad7d Signing using Netkey 3 cards does now work. 2009-03-26 19:27:04 +00:00
Werner Koch
458cd4a976 Preparing a snapshot. 2009-03-24 18:52:24 +00:00
Werner Koch
f07e762d68 Better syncronization of several smartcard sessions. 2009-03-24 11:40:57 +00:00
Werner Koch
c2c3cf4be1 Changed order of the confirmation questions for root certificates
and stores negative answers in trustlist.txt.
2009-03-19 10:21:51 +00:00
Werner Koch
588a7c34bb Make sure not to leak file descriptors if running gpg-agent with a
command.  Restore the signal mask to solve a problem in Mono.
2009-03-19 07:09:31 +00:00
Werner Koch
a9c317a95c New gpg-agent command to list key information.
Gpgsm does now print the S/N of cards.
Consider ephemeral keys during listing an export.
2009-03-06 17:31:27 +00:00
Werner Koch
59d7a54e72 New PIN Callback attributes in gpg-agent.
Common prompts for keypad and simple card reader.
More support for Netkey cards;  PIN management works now.
2009-03-05 19:19:37 +00:00
Werner Koch
c20b3db108 Add --reload command to gpgconf.
Fix a problem in exechelp.c
Get ready for a release.
2009-03-03 09:02:58 +00:00
Werner Koch
ec4a3eb3c5 Fix a gpg2 problem with removed cards.
Allow runtime conf change for scdaemon.
New commands for scdaemon.
2009-02-27 14:36:59 +00:00
Werner Koch
943f783de7 New scd getinfo subcommand deny_admin 2009-02-12 17:45:40 +00:00
Werner Koch
d1c2e66fbc Change default gpgsm cipher back to 3DES.
Typo fixes.
2009-02-09 10:25:41 +00:00
Werner Koch
b8ffa0d947 Make --allow-admin the default. 2009-01-28 14:18:40 +00:00
Werner Koch
367281480a Post release updates 2009-01-12 10:56:52 +00:00
Werner Koch
4adb5c03e7 preparing a release 2009-01-12 09:18:27 +00:00
Werner Koch
82ab848ea4 Update spanish translation.
Cleanups.
Allow utf-8 in email addresses.
2009-01-08 15:48:51 +00:00
Werner Koch
6558568912 Make gpg not depend on the RIPE-MD160 implementaion in Libgcrypt.
Fix SIG_ID computation.
2008-12-11 17:44:52 +00:00
Werner Koch
382d2f8efb Minor fixes. 2008-12-09 08:58:02 +00:00
Werner Koch
b7ff1109f9 Fixed a temporary file name collision between gpg and gpgsm under Windows. 2008-11-20 16:26:40 +00:00
Werner Koch
aec79fc731 Minor cleanups. 2008-11-11 08:22:06 +00:00
Werner Koch
8997c155e3 Check that the socket is well and served by us. 2008-10-29 17:24:27 +00:00
Werner Koch
b519a52cea Made scdaemon more robust on Windows. 2008-10-15 13:23:10 +00:00
Werner Koch
7d63aa42e5 Remove hacks which are not anymore needed since we now require Libgcrypt 1.4 2008-09-29 15:02:55 +00:00
Werner Koch
96f16f736e Finished support for v2 cards with the exception of secure messaging. 2008-09-25 10:06:02 +00:00
Werner Koch
5a8bf0bec6 Fix gpg-preset-passphrase bug.
Cleanups
2008-09-03 09:37:32 +00:00
Werner Koch
a6a9181818 Start support of TCOS 3 cards.
Support restriction attribute.
Fix utf-8 printing problems.
Use AES by default.
2008-06-26 19:09:07 +00:00
Werner Koch
aa68a60301 Add controlo statement %ask-passphrase 2008-06-16 15:48:33 +00:00
Werner Koch
8e37ee4099 [W32] Change location of /etc. 2008-06-16 13:55:01 +00:00
Werner Koch
035c838f71 Made --fixed-list-mode obsolete. 2008-06-11 08:07:54 +00:00
Werner Koch
138bf2dc15 Fixed segv in gpg-agent (command marktrusted).
Replaced almost all free by xfree.
Translation fixes.
2008-05-27 12:03:50 +00:00
Werner Koch
69ae16636c Add command --locate-key.
Fix auto-key-locate processing of "nodefault".
2008-05-07 15:40:36 +00:00
Werner Koch
08a612f26e W32 related keyserver fixes. 2008-04-21 19:13:36 +00:00
Werner Koch
97ec9aac2b Enhanced --auto-key-locate. 2008-04-08 11:04:16 +00:00
Werner Koch
df4e131786 Add CVE number. 2008-03-28 09:21:59 +00:00
Werner Koch
20e5cf7cb6 Post release update 2008-03-26 11:01:06 +00:00
Werner Koch
a2ede07293 Preparing a release. 2008-03-26 09:20:40 +00:00
Werner Koch
9a8ee6e6be Changed the way i18n files are located under Windows. The setting of the
Registry key is not anymore required.  Helpfiles are not properly located.
2008-03-25 19:41:11 +00:00
Werner Koch
d7f0b3bd89 Fix bug 894.
Change default keyserver.
Allow key protection with Camellia.
2008-03-25 08:33:31 +00:00
Werner Koch
c2a8254be7 Fix a bug in the ambigious name detection.
Minor cleanups.
2008-03-20 15:31:43 +00:00
Werner Koch
f13c5a48fc Improve certificate chain construction.
Extend PKITS framework
2008-02-19 10:33:35 +00:00
Werner Koch
57d9ea99d9 Preparing a test release 2008-02-15 09:58:01 +00:00
Werner Koch
0819c1e8ca Always search missing certifcates using a running Dirmngr's cache. 2008-02-13 16:47:14 +00:00
Werner Koch
c3b9005ec3 Typo fixes.
Portability fix for asschk.c
2008-01-26 22:12:23 +00:00
Werner Koch
157d4479aa Preparing a release. 2007-12-20 08:52:40 +00:00
Werner Koch
9d66580cff Allow verification of some broken S-TRUST generated signatures. 2007-12-13 15:45:40 +00:00
Werner Koch
aeb5a65f7c Allow type 20 keys only with option --rfc2440. 2007-12-12 17:41:05 +00:00
Werner Koch
bae4b256c7 Support DSA2.
Support Camellia for testing.
More audit stuff.
2007-12-12 10:28:30 +00:00
Werner Koch
89671cdd64 More code for the audit log. 2007-12-06 15:55:03 +00:00
Werner Koch
55ba204bfa Started to implement the audit log feature.
Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry.
Improved support for the quality bar.
Minor internal restructuring.
Translation fixes.
2007-11-19 16:03:50 +00:00
Werner Koch
fca02368da New option --list-config for gpgconf. 2007-10-23 18:13:27 +00:00
Werner Koch
259a40c830 Enhanced gpg-conect-agent scripting.
Typo fixes in comments.
2007-10-19 14:51:39 +00:00
Werner Koch
31c19d1d68 Use Assuan socket wrapper calls.
Made socket servers secure under Windows.
2007-10-01 14:48:39 +00:00
Werner Koch
c1adbec2a3 post release version bump 2007-09-10 16:38:04 +00:00
Werner Koch
782e1bc00b Preparing 2.0.7 2007-09-10 15:40:29 +00:00
Werner Koch
b13587ef16 New command --check-programs for gpgconf. 2007-08-29 09:51:37 +00:00
Werner Koch
f268889b8f Add more passphrase policy rules.
(--max-passphrase-days).
2007-08-28 17:48:13 +00:00
Werner Koch
15d0cb42a1 Implemented more gpg-agen options to support certain passphrase policies.
New tool gpg-check-pattern.
2007-08-27 18:10:27 +00:00
Werner Koch
503f91e0ae tryu harder to ignore duplicate specified keyrings and -boxes.
Documentation updates.
2007-08-24 09:34:39 +00:00
Werner Koch
a5743d1017 Post release version number bump 2007-08-16 10:57:35 +00:00
Werner Koch
ed801e3771 About to do a release 2007-08-16 10:42:06 +00:00
Werner Koch
d20d11a0ee Documentaion updates.
Support doe Dirmngr under W32.
Fixed a yat2m bug.
2007-08-14 16:50:27 +00:00
Werner Koch
74d344a521 Implemented the chain model for X.509 validation. 2007-08-10 16:52:05 +00:00
Werner Koch
11573b09c4 Typo fixes.
Made --default-key work for gpgsm
Add --default-key and --encrypt-to to gpgconf.
2007-07-17 18:11:24 +00:00
Werner Koch
e6c6a66450 Post release updates 2007-07-05 20:29:14 +00:00
Werner Koch
d0d7c3f053 Prearing a release 2007-07-05 18:59:50 +00:00
Werner Koch
4631bc8ddf Fixed card key generation of gpg2.
Reveal less information about timings while generating a key.
2007-07-05 16:58:19 +00:00
Werner Koch
93d3811abc Changed to GPLv3.
Removed intl/.
2007-07-04 19:49:40 +00:00
Werner Koch
0b66f30d66 Implemented the --gen-key command as we can't use the gpgsm-gencert.sh under Windows. 2007-06-21 18:44:48 +00:00
Werner Koch
0cfbfd6186 A whole bunch of changes to allow building for Windows.
See the ChangeLogs for details.
2007-06-14 17:05:07 +00:00
Werner Koch
c2b08ff908 Print passphrase encoding info only in PEM mode. 2007-05-29 20:11:17 +00:00
Werner Koch
5f3bca9682 Use estream_asprintf instead of the GNU asprintf. 2007-05-15 16:10:48 +00:00
Werner Koch
edb3dc99e9 Preparing 2.0.4 2007-05-09 11:01:33 +00:00
Werner Koch
b89d98e335 Improved logging for error orginating from libgcrypt. 2007-04-20 16:59:37 +00:00
Werner Koch
fd628ffda1 Allow setting of the passphrase encoding of pkcs#12 files.
New option --p12-charset.
2007-03-20 10:00:55 +00:00
Werner Koch
083010a53d * PKCS#12 import now tries several encodings in case the passphrase
was not utf-8 encoded.
2007-03-19 18:54:34 +00:00
Werner Koch
12b661166c Changes to let the key listing use estream to help systems without
funopen.
2007-03-19 14:35:04 +00:00
Werner Koch
95b41996eb Post release version number bump 2007-03-08 14:54:33 +00:00
Werner Koch
e0bbbb8a7f Preparing the 2.0.3 release 2007-03-08 14:16:15 +00:00
Werner Koch
634b4c31d2 The Cherry XX44 keyboard's PINpad does now work.
DINSIG and NKS card applications are now also PIN pad aware.
2007-03-07 20:55:14 +00:00
Werner Koch
ed84b0f787 Support for a global gpgconf configuration file. 2007-03-06 20:44:41 +00:00
Werner Koch
9491ab44c5 Ported multiple-messages protection. 2007-03-05 14:56:31 +00:00
Werner Koch
f6243073a8 Add new SVN only file README.maint
doc/
	* gpg.texi (GPG Configuration): Document envvar LANGUAGE.
	(GPG Configuration Options): Document show-primary-uid-only.
g10/
	* gpg.c (main): Add verify option show-primary-uid-only.
	* options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New.
	* mainproc.c (check_sig_and_print): Implement it.

	* encr-data.c (decrypt_data): Correctly test for unknown algorithm.
	* import.c (check_prefs): Ditto.
	* keyedit.c (show_prefs): Ditto.
	* mainproc.c (proc_symkey_enc): Ditto.
2007-02-26 20:24:29 +00:00
Werner Koch
fedae25efd doc/
* gpg.texi (GPG Esoteric Options): No card reader options for gpg2. 
scd/
	* scdaemon.c (DEFAULT_PCSC_DRIVER): Add a default for OS X.
2007-02-18 13:48:03 +00:00
Werner Koch
b861561e47 Included LIBICONV in all Makefiles.
g10/
	* passphrase.c (passphrase_get): Set the cancel flag on all error
	from the agent.  Fixes a bug reported by Tom Duerbusch.
sm/
	* gpgsm.c (main): Let --gen-key print a more informative error
	message.
2007-01-31 14:24:41 +00:00
Werner Koch
7eec2efa66 Added LIBINTL to more Makefile targets.
doc/
	* com-certs.pem: Added the current root certifcates of D-Trust and
	S-Trust.

g10/
	* status.c (write_status_begin_signing): New.
	* sign.c (sign_file, sign_symencrypt_file): Call it.
	* textfilter.c (copy_clearsig_text): Call it.

	* call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if
	required.

	* gpg.c (main): Let --no-use-agent and --gpg-agent-info print a
	warning.  
	* misc.c (obsolete_option): New.
2007-01-30 20:16:28 +00:00
Werner Koch
6cee3e66c2 agent/
* protect-tool.c (get_passphrase): New arg OPT_CHECK.
	(get_new_passphrase): Enable OTP_CHECK on the first call.
	* command.c (cmd_get_passphrase): Implement option --check.

	* gpg-agent.c (MIN_PASSPHRASE_LEN): New
	(parse_rereadable_options): New option 	--min-passphrase-len.
	* genkey.c (check_passphrase_constraints): New.
	(agent_genkey, agent_protect_and_store): Call new function.  Fix
	memory leak.

	* call-pinentry.c (agent_askpin): Allow translation of the displayed
	error message.
	(agent_popup_message_start): Remove arg CANCEL_BTN.
	(popup_message_thread): Use --one-button option.

	* command.c (cmd_passwd): Now that we don't distinguish between
	assuan and regular error codes we can jump to the end on error.

common/
	* simple-pwquery.c (simple_pwquery): New arg OPT_CHECK.
2007-01-25 08:30:47 +00:00
Werner Koch
0173cd5a98 Fixes for CVE-2006-6235 2006-12-06 10:16:50 +00:00
Werner Koch
252b668814 Preparing 2.0.1 2006-11-28 16:36:02 +00:00
Werner Koch
218380395e Preparing 2.0.1rc1 2006-11-23 09:53:17 +00:00
Werner Koch
5885142c83 Made some PIN pads work.
Some cleanups for 64 bit CPUs.
2006-11-20 16:49:41 +00:00
Werner Koch
f48d38e7df Post release update 2006-11-11 14:41:22 +00:00