gnupg

Commit Graph

Author	SHA1	Message	Date
NIIBE Yutaka	424aa3543d	gpg,build: Fix message for newer gettext. * g10/keyserver.c (keyserver_refresh): Use ngettext. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2022-07-05 13:27:41 +09:00
Werner Koch	9579c77862	gpg: Let --fetch-key return an exit code on failure. * g10/keyserver.c (keyserver_fetch): Return an error code. * g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data. -- GnuPG-bug-id: 5376	2021-06-25 09:55:52 +02:00
Werner Koch	bebc71d229	gpg,sm: Simplify keyserver spec parsing. * common/keyserver.h: Remove. * sm/gpgsm.h (struct keyserver_spec): Remove. (opt): Change keyserver to a strlist_t. * sm/gpgsm.c (keyserver_list_free): Remove. (parse_keyserver_line): Remove. (main): Store keyserver in an strlist. * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid an ambiguity in dirmngr by adding a prefix if needed. * g10/options.h (struct keyserver_spec): Move definition from keyserver.h to here. Remove most fields. * g10/keyserver.c (free_keyserver_spec): Adjust. (cmp_keyserver_spec): Adjust. (parse_keyserver_uri): Simplify. (keyidlist): Remove fakev3 arg which does not make any sense because we don't even support v3 keys. -- We now rely on the dirmngr to parse the keyserver specs. Thus a bad specification will not be caught immediately. However, even before that dirmngr had stricter tests. Signed-off-by: Werner Koch <wk@gnupg.org> Ported-from: `9f586700ec`	2021-06-16 12:03:13 +02:00
Jakub Jelen	2af7bb2295	g10: Fix memory leaks * g10/card-util.c (change_pin): free answer on errors (ask_card_keyattr): free answer on error * g10/cpr.c (do_get_from_fd): free string * g10/gpg.c (check_permissions): free dir on weird error * g10/import.c (append_new_uid): release knode * g10/keyedit.c (menu_set_keyserver_url): free answer (menu_set_keyserver_url): free user * g10/keygen.c (print_status_key_not_created): move allocation after sanity check (ask_expire_interval): free answer (card_store_key_with_backup): goto leave instaed of return * g10/keyserver.c (parse_keyserver_uri): goto fail instead of return * g10/revoke.c (gen_desig_revoke): release kdbhd (gen_desig_revoke): free answer * g10/tofu.c (ask_about_binding): free sqerr and response * g10/trustdb.c (ask_ownertrust): free pk -- Signed-off-by: Jakub Jelen <jjelen@redhat.com> Further changes: * g10/card-util.c (change_pin): Do not set answer to NULL. * g10/keyedit.c(menu_set_keyserver_url): Use !func() pattern. Signed-off-by: Werner Koch <wk@gnupg.org> GnuPG-bug-id: 5393	2021-05-20 13:38:39 +02:00
Werner Koch	4fcfac6feb	gpg: Fix mailbox based search via AKL keyserver method. * g10/keyserver.c (keyserver_import_name): Rename to ... (keyserver_import_mbox): this. And use mail search mode. * g10/getkey.c (get_pubkey_byname): Change the two callers. -- In contrast to a search via keyserver_import_ntds the older keyserver_import_name used a full match of the provided name despite that it is only called with an addr-spec (mbox). Due to the mode the pattern send to dirmngr was prefixed with a '=' and thus dirmngr used an exact search;. This did only work for provided user ids like "foo@example.org" but not for "<foo@example.org>" or "Foo <foo@xample.org>". The old code dates back to 2010. Signed-off-by: Werner Koch <wk@gnupg.org>	2021-04-26 15:32:51 +02:00
Werner Koch	99db4b0c7f	gpg: Do not use import-clean for LDAP keyserver imports. * g10/options.h (opts): New field expl_import_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we don't clean the key anymore so that key certifications are kept even if the public key has not yet been imported. See-commit: `6c26e593df` GnuPG-bug-id: 5387	2021-04-26 14:15:21 +02:00
Werner Koch	ec36eca08c	gpg: Allow fingerprint based lookup with --locate-external-key. * g10/keyserver.c (keyserver_import_fprint_ntds): New. * g10/getkey.c (get_pubkey_byname): Detect an attempt to search by fingerprint in no_local mode. -- See the man page. For testing use gpg --auto-key-locate local,wkd,keyserver --locate-external-key \ FINGERPRINT with at least one LDAP keyserver given in dirmngr.conf. On Windows "ntds" may be used instead or in addtion to "keyserver". Signed-off-by: Werner Koch <wk@gnupg.org>	2021-04-21 18:32:21 +02:00
Werner Koch	d7e707170f	gpg: Lookup a missing public key of the current card via LDAP. * g10/getkey.c (get_seckey_default_or_card): Lookup a missing public key from the current card via LDAP. * g10/call-dirmngr.c: Include keyserver-intetnal.h. (gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the new LDAP flag. * g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New. Replace the use of the value 1 for the former quick arg. (KEYSERVER_IMPORT_FLAG_LDAP): New. * g10/keyserver.c (keyserver_get_chunk): Increase the reserved line length. * dirmngr/ks-action.c (ks_action_get): Add arg ldap_only. * dirmngr/server.c (cmd_ks_get): Add option --ldap. -- This change makes it easy to start working with gnupg: Just insert the smartcard or token provided to you and the first time you sign a message the public key associated with the current card will be imported and everything is set without any configuration. This works only with an LDAP directory because it can be expected that the public key has been put into the LDAP during card personalization. Of course an LDAP server needs to be configured; in a Windows AD domain this can be a mere "keyserver ldap:///" in dirmngr.conf. Other configured keyservers are ignored. Requirements for the card driver: The $SIGNKEYID attribute must exists and a query for the KEY-FPR attribute needs to return the OpenPGP fingerprint for that key. This is currently supported for OpenPGP cards and certain PKCS#15 cards. Signed-off-by: Werner Koch <wk@gnupg.org>	2021-04-16 20:21:23 +02:00
Werner Koch	6c26e593df	gpg: Do not use self-sigs-only for LDAP keyserver imports. * dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status. * g10/options.h (opts): New field expl_import_self_sigs_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we can allow the import of key signature from LDAP keyservers by default. GnuPG-bug-id: 5387	2021-04-13 14:33:50 +02:00
Werner Koch	7f3ce66ec5	gpg: Remove support for PKA. * g10/gpg.c (oPrintPKARecords): Remove. (opts): Remove --print-pka-records. (main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff. * g10/options.h (EXPORT_DANE_FORMAT): Remove. (VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove. (KEYSERVER_HONOR_PKA_RECORD): Remove. * g10/packet.h (pka_info_t): Remove. (PKT_signature): Remove flags.pka_tried and pka_info. * g10/parse-packet.c (register_known_notation): Remove "pka-address@gnupg.org". * g10/pkclist.c (check_signatures_trust): Remove PKA stuff. * g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove. * g10/export.c (parse_export_options): Remove "export-pka". (do_export): Adjust for this. (write_keyblock_to_output): Ditto. (do_export_stream): Ditto. (print_pka_or_dane_records): Rename to ... (print_dane_records): this and remove two args. Remove PKA printing. * g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed pka_info field. * g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy. * g10/keyserver.c: Remove "honor-pka-record". (keyserver_import_pka): Remove. * g10/mainproc.c (get_pka_address): Remove. (pka_uri_from_sig): Remove. (check_sig_and_print): Remove code for PKA. -- PKA (Public Key Association) was a DNS based key discovery method which looked up fingerprint by mail addresses in the DNS. This goes back to the conference where DKIM was suggested to show that we already had a better method for this available with PGP/MIME. PKA was was later superseded by an experimental DANE method and is today not anymore relevant. It is anyway doubtful whether PKA was ever widely used. Signed-off-by: Werner Koch <wk@gnupg.org>	2021-02-02 19:53:21 +01:00
Werner Koch	4a3836e2b2	gpg: New AKL method "ntds" * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new support for KEYDB_SEARCH_MODE_MAIL. (ks_ldap_get): Add a debug. * g10/options.h (AKL_NTDS): New. * g10/keyserver.c (keyserver_import_ntds): New. (keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL. * g10/getkey.c (parse_auto_key_locate): Support "ntds". (get_pubkey_byname): Ditto.	2020-12-17 18:25:34 +01:00
Werner Koch	32493ce50a	gpg: Add property "fpr" for use by --export-filter. * g10/export.c (push_export_filters): New. (pop_export_filters): New. (export_pubkey_buffer): Add args prefix and prefixlen. Adjust callers. * g10/import.c (impex_filter_getval): Add property "fpr". * g10/main.h (struct impex_filter_parm_s): Add field hexfpr. -- The push and pop feature will help us to use the export filter internally in gpg. Same for the export_pubkey_buffer change. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>	2020-03-13 13:19:31 +01:00
Werner Koch	a605dbb430	gpg: Fix --recv-key in case of a given fingerprint. * g10/keyserver.c (keyserver_retrieval_screener): Compare against actual length. -- This was a long standing and annoying regression due to changes for v5 keys. Really simple to fix :-). Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-30 18:03:31 +02:00
Werner Koch	9698761933	Merge branch 'switch-to-gpgk' into master -- Resolved Conflicts: * common/asshelp.c: Keep the new code in master for spawing under Windows. * g10/Makefile.am: Keep all new file. * g10/photoid.c: Pass CTRL to pct_expando. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-27 15:44:23 +02:00
Werner Koch	aba82684fe	gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-09 15:01:47 +02:00
Werner Koch	d9c4c3776b	gpg: Make --quiet work on --send-keys. * g10/keyserver.c (keyserver_put): Act upon --quiet. -- Suggested-by: Robin H. Johnson <robbat2@gentoo.org> Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-06 16:48:53 +02:00
Werner Koch	e1d9be730c	gpg: Rework the signature subpacket iteration function. * g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args so that the entire signature packet is available. Change all callers. (parse_sig_subpkt): Ditto. -- This patch is a prerequisite to support the new attestation key signatures. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-05 20:38:23 +02:00
NIIBE Yutaka	7bfbb9fa7e	gpg: A little clean up. * g10/keyserver.c: Don't include exec.h. * g10/photoid.c (image_type_to_string): It's constant. * g10/photoid.h (image_type_to_string): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2019-07-23 12:04:21 +09:00
Werner Koch	96bf8f4778	gpg: With --auto-key-retrieve prefer WKD over keyservers. * g10/mainproc.c (check_sig_and_print): Print a hint on how to make use of the preferred keyserver. Remove keyserver lookup just by the keyid. Try a WKD lookup before a keyserver lookup. -- The use of the the keyid for lookups does not make much sense anymore since for quite some time we do have the fingerprint as part of the signature. GnuPG-bug-id: 4595 Signed-off-by: Werner Koch <wk@gnupg.org>	2019-07-05 10:33:13 +02:00
Werner Koch	7102d9b798	gpg: Do not print a hint to use the deprecated --keyserver option. * g10/keyserver.c (keyserver_search): Remove a specialized error message. -- Dirmngr comes with a default keyserver and the suggestion to use gpg --keyserver is not good because that option is deprecated. An error message "No keyserver available" is sufficient. GnuPG-bug-id: 4512 Signed-off-by: Werner Koch <wk@gnupg.org>	2019-05-14 07:56:10 +02:00
Werner Koch	1b1f649dea	gpg: Accept also armored data from the WKD. * g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR. -- We may even adjust the specs to allow that. It should not be a problem for any OpenPGP implementation because armored keys are very common and de-armoring code is de-facto a mandatory feature. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-04-11 09:55:27 +02:00
Werner Koch	bdda31a26b	kbx: Unify the fingerprint search modes. * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16) (KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove. Switch all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value. -- These search modes were added over time and there has until recently be no incentive to remove the cruft. With the change for v5 keys I finally went over all places and allowed the generic fingerprint mode along with a given length of the fingerprint at all places. Consequently the other modes can now be removed. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-03-14 14:55:06 +01:00
Werner Koch	f40e9d6a52	kbx: Add support for 32 byte fingerprints. * common/userids.c (classify_user_id): Support 32 byte fingerprints. * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New. (struct keydb_search_desc): Add field fprlen. * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field version and increase size of fpr to 32. * kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs. (struct keyboxblob_key): Add field fprlen and increase size of fpr. (pgp_create_key_part_single): Allow larger fingerprints. (create_blob_header): Implement blob version 2 and add arg want_fpr32. (_keybox_create_openpgp_blob): Detect the need for blob version 2. * kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte fingerprints. (blob_cmp_fpr): Ditto. (blob_cmp_fpr_part): Ditto. (has_fingerprint): Add arg fprlen and pass on. (keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for changed has_fingerprint. * kbx/keybox-openpgp.c (parse_key): Support version 5 keys. * kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2. * g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32. * g10/export.c (exact_subkey_match_p): Ditto. * g10/gpg.c (main): Ditto. * g10/getkey.c (get_pubkey_byfprint): Adjust for changed KEYDB_SEARCH_MODE_FPR. * g10/keydb.c (keydb_search_desc_dump): Support KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR. (keydb_search): Add new arg fprlen and change all callers. * g10/keyedit.c (find_by_primary_fpr): Ditto. * g10/keyid.c (keystr_from_desc): Ditto. * g10/keyring.c (keyring_search): Ditto. * g10/keyserver.c (print_keyrec): Ditto. (parse_keyrec): Ditto. (keyserver_export): Ditto. (keyserver_retrieval_screener): Ditto. (keyserver_import): Ditto. (keyserver_import_fprint): Ditto. (keyidlist): Ditto. (keyserver_get_chunk): Ditto. * g10/keydb.c (keydb_search): Add new arg fprlen and change all callers. * sm/keydb.c (keydb_search_fpr): Adjust for changed KEYDB_SEARCH_MODE_FPR. -- This prepares the support for OpenPGP v5 keys. The new version 2 blob format is needed for the longer fingerprints and we also use this opportunity to prepare for storing the keygrip in the blob for faster lookup by keygrip. Right now this is not yet functional. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-03-14 11:26:54 +01:00
Werner Koch	e7252ae57f	gpg: In search-keys return "Not found" instead of "No Data". * g10/keyserver.c (keyserver_search): Check for NO_DATA. -- GnuPG-bug-id: 3830 Signed-off-by: Werner Koch <wk@gnupg.org>	2018-12-11 12:29:58 +01:00
Werner Koch	6b9f772914	common: Prepare for parsing mail sub-addresses. * common/mbox-util.c (mailbox_from_userid): Add arg subaddress and implement. Change all callers to pass false for it. * common/t-mbox-util.c (run_mbox_no_sub_test): New. (run_filter): Add arg no_sub. (main): Call new test and add option --no-sub. -- Some stats: In the about 5300000 keys on the SKS servers we found 3055 unique mailboxes with a '+' in it. After removing leading and trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz") 2697 were left which seem to be valid sub-addresses. To filter mailboxes out from a line delimited list with user-ids (e.g. an SQL output), the command t-mbox-util --verbose --filter can be used; to output w/o sub-addresses add --no-sub. GnuPG-bug-id: 4200 Signed-off-by: Werner Koch <wk@gnupg.org>	2018-11-12 07:44:33 +01:00
Werner Koch	87b5421ca8	gpg: Extend --key-origin to take an optional URL arg. * g10/getkey.c (parse_key_origin): Parse appended URL. * g10/options.h (struct opt): Add field 'key_origin_url'. * g10/gpg.c (main) <aImport>: Pass that option to import_keys. * g10/import.c (apply_meta_data): Extend for file and url. * g10/keyserver.c (keyserver_fetch): Pass the url to import_keys_es_stream. -- Example: gpg --key-origin url,myscheme://bla --import FILE Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 21:10:58 +02:00
Werner Koch	2ca0381d07	gpg: Store key origin info for new keys from a keyserver * g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was done by fingerprint. * g10/import.c (apply_meta_data): Implement that. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 20:47:41 +02:00
Werner Koch	e7068bf92e	gpg: Store key origin info for new DANE and WKD retrieved keys. * g10/import.c (apply_meta_data): Remove arg 'merge'. Add arg 'url'. Implement WKD and DANE key origin. (import_keys_internal): Add arg 'url' and change all callers. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. * g10/keylist.c (list_keyblock_print): Fix update URL printing. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return the SOURCE. Pass ks_status_cb to assuan_transact. * g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to the import function. -- Note that this only for new keys. Merging this info will be added soon. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 20:09:52 +02:00
Werner Koch	f6f0dd4d5e	gpg: Filter keys received via DANE * g10/keyserver.c (keyserver_import_cert): Use an import filter in DANE mode. -- We only want to see the user ids requested via DANE and not any additional ids. This filter enables this in the same way we do this in WKD. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 20:09:52 +02:00
Werner Koch	330212efb9	gpg: Pass key origin values to import functions. * g10/import.c (import_keys_stream): Remove this unused function. (import_keys_internal): Add arg origin. (import_keys): Ditto. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. (apply_meta_data): New stub. (import_secret_one): Pass 0 for ORIGIN. * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN. (keyserver_fetch): Add arg origin. (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN. (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN. * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and keyserver_fetch. * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN. -- This is just the framework; applying the meta data will be done in another commit. GnuPG-bug-id: 3252 Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-13 18:29:01 +02:00
Werner Koch	8f2671d2cc	gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-03-31 20:07:20 +02:00
Justus Winter	2649fdfff5	g10: Move more flags into the flag bitfield. * g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and 'is_expired' into the flags bitfield, and drop the prefix. * g10/call-dirmngr.c: Adapt accordingly. * g10/export.c: Likewise. * g10/getkey.c: Likewise. * g10/import.c: Likewise. * g10/kbnode.c: Likewise. * g10/keyedit.c: Likewise. * g10/keylist.c: Likewise. * g10/keyserver.c: Likewise. * g10/mainproc.c: Likewise. * g10/pkclist.c: Likewise. * g10/pubkey-enc.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. -- This patch has been created by applying the following semantic patch: @@ expression E; @@ -E->is_expired +E->flags.expired @@ expression E; @@ -E->is_primary +E->flags.primary @@ expression E; @@ -E->is_revoked +E->flags.revoked Signed-off-by: Justus Winter <justus@g10code.com>	2017-03-08 13:31:10 +01:00
NIIBE Yutaka	70aca95d68	Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2017-03-07 20:25:54 +09:00
Werner Koch	86efc3ee53	gpg: Let only Dirmngr decide whether CERT is supported. * g10/getkey.c (parse_auto_key_locate): Do not build parts depending on USE_DNS_CERT. -- This also removes USE_DNS_SRV from commented code. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-12-01 16:40:32 +01:00
Werner Koch	4d7dc432b5	Change all http://www.gnu.org in license notices to https:// --	2016-11-05 12:02:19 +01:00
Werner Koch	a15ed5a1fd	gpg: Convey --quick option to dirmngr for --auto-key-retrieve. * g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'. (gpg_dirmngr_wkd_get): Ditto. * g10/keyserver.c (keyserver_get): Add arg 'quick'. (keyserver_get_chunk): Add arg 'quick'. (keyserver_import_fprint): Ditto. Change callers to pass 0 for it. (keyserver_import_keyid): Ditto. (keyserver_import_wkd): Ditto. * g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with QUICK set. -- Note that this option has not yet been implemented by dirmngr. Dirmngr will simply ignore it for now. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-10-27 09:06:10 +02:00
Werner Koch	cbf2ac6669	gpg: Improve WKD by importing only the requested UID. * g10/keyserver.c: Include mbox-util.h. (keyserver_import_wkd): Do not use the global import options but employ an import filter. -- We also make sure that an mbox has been passed to keyserver_import_wkd so it may also be called with a complete user id (which is currently not the case). Signed-off-by: Werner Koch <wk@gnupg.org>	2016-09-28 15:35:31 +02:00
Justus Winter	78aeb236fe	g10: Fix memory leak. * g10/keyserver.c (parse_keyserver_uri): Free URI. Signed-off-by: Justus Winter <justus@g10code.com>	2016-07-01 14:16:18 +02:00
Werner Koch	5ddccf4fc6	doc: Consistently use 'keyserver'. -- GnuPG-bug-id: 2383 Signed-off-by: Werner Koch <wk@gnupg.org>	2016-06-14 09:06:44 +02:00
Werner Koch	027c4e5552	gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>	2016-05-21 11:41:49 +02:00
Werner Koch	64bfeafa52	gpg: Remove all assert.h and s/assert/log_assert/. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-04-29 11:05:24 +02:00
Werner Koch	87de9e19ed	gpg: Add experimental AKL method "wkd" and option --with-wkd-hash. * g10/getkey.c (parse_auto_key_locate): Add method "wkd". (get_pubkey_byname): Implement that method. Also rename a variable. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. * g10/keyserver.c (keyserver_import_wkd): New. * g10/test-stubs.c (keyserver_import_wkd): Add stub. * g10/gpgv.c (keyserver_import_wkd): Ditto. * g10/options.h (opt): Add field 'with_wkd_hash'. (AKL_WKD): New. * g10/gpg.c (oWithWKDHash): New. (opts): Add option --with-wkd-hash. (main): Set that option. * g10/keylist.c (list_keyblock_print): Implement that option. -- The Web Key Directory is an experimental feature to retrieve a key via https. It is similar to OpenPGP DANE but also uses an encryption to reveal less information about a key lookup. For example the URI to lookup the key for Joe.Doe@Example.ORG is: https://example.org/.well-known/openpgpkey/ hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q (line has been wrapped for rendering purposes). The hash is a z-Base-32 encoded SHA-1 hash of the mail address' local-part. The address wk@gnupg.org can be used for testing. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-04-27 08:34:29 +02:00
Werner Koch	09117e769a	gpg: Make --auto-key-retrieve work with dirmngr configured server. * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional. * g10/keyserver.c (keyserver_any_configured): New. (keyserver_put): Remove arg keyserver because this will always receive opt.keyserver which is anyway used when connecting dirmngr. Do not check opt.keyserver. (keyserver_import_cert): Replace opt.keyserver by keyserver_any_configured. * g10/mainproc.c (check_sig_and_print): Ditto. * g10/import.c (revocation_present): Ditto. * g10/getkey.c (get_pubkey_byname): Ditto. * g10/gpgv.c (keyserver_any_configured): Add stub. * g10/test-stubs.c (keyserver_any_configured): Add stub. -- The keyserver should be configured in dirmngr.conf and thus we can't use opt.keyserver in gpg to decide whether a keyserver has been configured. GnuPG-bug-id: 2147 Signed-off-by: Werner Koch <wk@gnupg.org>	2016-01-21 11:49:27 +01:00
Werner Koch	437965e562	Use ngettext for some strings. * scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for some diagnostics. (do_genkey): Ditto. * g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto. * g10/keylist.c (print_signature_stats): Ditto. * g10/keyserver.c (keyserver_refresh): Ditto. * g10/sig-check.c (check_signature_metadata_validity): Ditto. * g10/sign.c (do_sign): Ditto. * g10/trustdb.c (reset_trust_records): Ditto. (validate_keys): Use a table like diagnostic output. -- Suggested-by: Ineiev <ineiev@gnu.org> Signed-off-by: Werner Koch <wk@gnupg.org>	2016-01-18 11:20:15 +01:00
Werner Koch	4d3395ef1f	gpg: Use a regular type instead of a void* for import stats. * g10/import.c (struct stats_s): Rename to import_stats_s. Change all users. * g10/main.h (import_stats_t): New. Change fucntions to use this instead of a void pointer. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-12-12 18:19:35 +01:00
Werner Koch	50a568e738	gpg: Make keyidlist more robust in case of errors. * g10/keyserver.c (keyidlist): Clear *KLIST on error. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-12-03 12:19:30 +01:00
Werner Koch	a28ac99efe	gpg: Take care of keydb_new returning NULL. * g10/keydb.c (keydb_new): Print an error message if needed. Also use xtrycalloc because we return an error anyway. * g10/delkey.c (do_delete_key): Handle error retruned by keydb_new. * g10/export.c (do_export_stream): Ditto. * g10/getkey.c (get_pubkey): Ditto. (get_pubkey_fast): Ditto. (get_pubkeyblock): Ditto. (get_seckey): Ditto. (key_byname): Ditto. (get_pubkey_byfprint): Ditto. (get_pubkey_byfprint_fast): Ditto. (parse_def_secret_key): Ditto. (have_secret_key_with_kid): Ditto. * g10/import.c (import_one): Ditto. (import_revoke_cert): Ditto. * g10/keyedit.c (keyedit_quick_adduid): Ditto. * g10/keygen.c (quick_generate_keypair): Ditto. (do_generate_keypair): Ditto. * g10/trustdb.c (validate_keys): Ditto. * g10/keyserver.c (keyidlist): Ditto. * g10/revoke.c (gen_desig_revoke): Ditto. (gen_revoke): Ditto. * g10/gpg.c (check_user_ids): Ditto. (main): Do not print an error message for keydb_new error. * g10/keylist.c (list_all): Use actual error code returned by keydb_new. * g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error. * g10/t-keydb.c (do_test): Ditto. * g10/keyring.c (keyring_new): Actually return an error so that the existing keydb_new error checking makes sense for a keyring resource. (keyring_rebuild_cache): Take care of keyring_new returning an error. -- Commit `04a6b903` changed keydb_new to return an error. However the error was not checked at most places which we fix with this patch. To make things easier keydb_new prints an error message itself. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-12-03 12:18:32 +01:00
Neal H. Walfield	58e4a492e2	gpg: Change keydb_search to not return legacy keys. * g10/keyring.c (keyring_search): Take new argument, ignore_legacy. If set, skip any legacy keys. Update callers. * g10/keydb.c (keydb_search): Skip any legacy keys. (keydb_search_first): Don't skip legacy keys. Treat them as an error. (keydb_search_next): Likewise. (keydb_search_fpr): Likewise. * g10/export.c (do_export_stream): Likewise. * g10/getkey.c (lookup): Likewise. (have_secret_key_with_kid): Likewise. * g10/keylist.c (list_all): Likewise. (keyring_rebuild_cache): Likewise. * g10/keyserver.c (keyidlist): Likewise. * g10/trustdb.c (validate_key_list): Likewise. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>	2015-11-17 14:53:05 +01:00
Werner Koch	e3c48335f9	gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-11-12 16:44:00 +01:00
Werner Koch	41bb01ae79	Move SRV RR code from common/ to dirmngr/. * common/srv.c: Merge into dirmngr/dns-stuff.c. Delete file. * common/srv.h: Merge into dirmngr/dns-stuff.h. Delete file. * common/Makefile.am (common_sources): Remove srv.c and srv.h. * g10/keyserver.c: Do not include srv.h. The code using it is anyway disabled. * dirmngr/http.c: Remove header srv.h and stubs. * dirmngr/t-dns-stuff.c: Add option --srv. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-10-22 09:22:41 +02:00

1 2 3

139 Commits