1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

10222 Commits

Author SHA1 Message Date
Werner Koch
6bfb4a8d12
doc: Typo fixes and new notes in DETAILS
--
2023-03-03 08:50:08 +01:00
Werner Koch
ef5a48dd51
gpg: Actually encrypt to ADSKs.
* g10/getkey.c (get_pubkey_fromfile): Add optional arg r_keyblock.
* g10/pkclist.c (find_and_check_key): Also encrypt to RENC subkeys.
--

GnuPG-bug-id: 6395
2023-03-01 19:16:12 +01:00
Werner Koch
3a18378a92
gpg: Allow adding of Additional Decryption Subkeys.
* g10/free-packet.c (copy_public_key): Factor some code out to ...
(copy_public_key_basics): new.
* g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints.
* g10/packet.h (PUBKEY_USAGE_RENC): Fix value.
(SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c.
(SIGNHINT_ADSK): New.
(PKT_public_key): Change pubkey_usage from byte to u16.
(PKT_user_id): Cosmetic fix: change help_key_usage from int to u16.
* g10/getkey.c (parse_key_usage): Make public.
* g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in
account.
* g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK.
(make_keysig_packet): Ditto.
(do_sign): No time warp check in ADSK mode.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/keygen.c (struct opaque_data_usage_and_pk): Remove.
(write_keybinding): Do not use the removed struct.
(do_add_key_flags): Support PUBKEY_USAGE_RENC and others.
(keygen_add_key_flags_and_expire): Rewrite and make public.
* g10/keyedit.c (enum cmdids): Add cmdADDADSK.
(keyedit_menu): Add command "addadsk".
(menu_addadsk): New.
--

This makes use of a new encryption flag:

  The "restricted encryption key" (2nd,0x04) does not take part in any
  automatic selection of encryption keys.  It is only found on a
  subkey signature (type 0x18), one that refers to the key the flag
  applies to.

Followup patches will add encryption support and a --quick command.

GnuPG-bug-id: 6395
2023-03-01 17:22:20 +01:00
Werner Koch
1aaadede76
agent: Show "no secret key" instead of "card removed".
* agent/findkey.c (agent_key_from_file): Check the error of
read_key_file again.
* agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was
found.  Also remove useless condition.
--

The first patch fixes a likely merge error.  The second is about the
actual return code: If we have no smardcard but simply try to decrypt
with the current smartcard we should return the originla error code.

GnuPG-bug-id: 5170
Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
2023-03-01 16:49:40 +01:00
Werner Koch
523b3e1773
gpgconf: Print some standard envvars with -X
* tools/gpgconf.c (show_configs): Add a list of envvars and print
them.
--

Note that for simplicity we to not distinguish between Windows and
Linux here.
2023-02-28 14:41:20 +01:00
Werner Koch
5d96aab27d
gpgsm: Improve cert lookup callback from dirmngr.
* sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New.
(FIND_CERT_WITH_EPHEM): New.
* sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a
generic flags arg.  Implement the new flag FIND_CERT_WITH_EPHEM.
* sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked
certs.
--

The dirmngr may need to get a certificate from gpgsm's store in the
course of verifying a CRL.  In some cases the certificate is still
marked as epehemeral - this needs to be returned as well.

This _may_ also fix
GnuPG-bug-id: 4436
2023-02-26 19:14:22 +01:00
Andre Heinecke
1952a0e5e4
sm: Fix dirmngr loadcrl for intermediate certs
* sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
(inq_certificate): Distinguish unsupported inquiry error.

--
When loading a CRL through "gpgsm --call-dirmngr loadcrl foo"
dirmngr can ask gpgsm back if a certificate used ISTRUSTED, which
previously resulted in an error.

(cherry picked from commit 6b36c16f77722d17f4f317c788701cbc1e9552b2)
That commit was from the 2.2 branch and we forgot to forward port it.
2023-02-24 18:22:13 +01:00
Werner Koch
9de180c6d2
doc: Minor comment fixes.
--
2023-02-23 10:23:56 +01:00
Werner Koch
23b4c6e7c2
dirmngr: New debug flag "keeptmp".
* dirmngr/dirmngr.c (debug_flags): Add "keeptmp".
(set_debug): Don't set in with "guru".
* dirmngr/dirmngr.h (DBG_KEEPTMP_VALUE): New.
--

Note that flag is not yet used.
2023-02-23 10:21:07 +01:00
Werner Koch
71c11c20f4
gpg: Prepare to accept shorter OIDs for ed25519 and cv25519.
* common/openpgp-oid.c (oidtable): Add them.
(oid_ed25519_v5, oid_cv25519_v5): New.
(openpgp_oidbuf_is_ed25519): Take new OID in account.
(openpgp_oidbuf_is_cv25519): Ditto.
--

ed25519 is used in GnuPG and other implementations since 2015 and thus
we can't simply switch to the shorter OIDs.  However, we have not
widely used them with v5 keys (only ed448 forced the use of v5) and
thus it might be possible to use the new OIDs with v5 keys.

Note that Libgcrypt supports the new OIDs even in 1.8.
2023-02-21 12:14:31 +01:00
Werner Koch
3d094e2bcf
gpg: New option --add-desig-revoker
* g10/gpg.c (oAddDesigRevoker): New.
(opts): Add new option.
* g10/options.h (opt): Add field desig_revokers.
* g10/keygen.c (get_parameter_idx): New.
(get_parameter): Make use of get_parameter_idx.
(prepare_desig_revoker): New.
(get_parameter_revkey): Add arg idx.
(proc_parameter_file): Add designated revokers.
(do_generate_keypair): Write all designated revokers.
2023-02-16 18:10:03 +01:00
Werner Koch
49fe6a2821
doc: Put the Unattended Usage of GPG section also into the man page.
--
2023-02-16 15:07:40 +01:00
Werner Koch
f118e3b101
gpg: --gen-random code cleanup by using es_set_binary.
* g10/gpg.c (main): Replace setmode by es_set_binary and use only when
needed.
--

It is better to use our es_set_binary than to use a Windows specific
method which still worked but is fragile because estream might be
changed.  We now set binary only when needed.  Note that it does not
harm to call es_set_binary more often than needed.
2023-02-16 13:14:30 +01:00
Werner Koch
3ab6538433
tools: Return a better error message if sendmail is not usable.
* tools/send-mail.c: Include unistd.h
(run_sendmail): Check for bad sendmail.
--

GnuPG-bug-id: 6321
2023-02-08 08:23:31 +01:00
Werner Koch
103acfe9ca
gpg: New list-option --show-unusable-sigs.
* g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New.
* g10/gpg.c (parse_list_options): Add "show-unusable-sigs".
* g10/keydb.h (keyid_eq): New.
(pk_is_primary): New.
* g10/keylist.c (list_signature_print): Early return for weak key
signatures.  Print "self-signature" instead of user-id.
(list_keyblock_print): Simplify and always set self-sig node flag.
--

This patch avoid the printing of often hundreds of "Invalid digest
algorithm" notices during key signature listings if those key
signatures were done with SHA1.  The new option can be used to revert
the behaviour.

We now also print "[self-signature]" with --check-sigs or --list-sigs
instead of the primary user id.  This makes such listing easier to read.
2023-02-07 14:50:03 +01:00
Werner Koch
8b8a8b246c
ssh: Allow to define the order in which keys are returned.
* agent/findkey.c (public_key_from_file): Add arg r_sshorder.
(agent_ssh_key_from_file): Ditto.
* agent/command-ssh.c (struct key_collection_item_s): New.
(struct key_collection_s): New.
(search_control_file): Add art r_lnr.
(add_to_key_array): New.
(free_key_array): New.
(compare_key_collection_items): New.
(ssh_send_available_keys): Rewrite to return the keys in the user
given order.
--

GnuPG-bug-id: 6212

We now first return the keys from active cards, followed by keys
listed in sshcontrol, finally from those with the "Use-for-ssh" key
attribute.  Keys from active cards are returned sorted by their S/N.
Keys from sshcontrol are returned in the order they are given in that
file.  Use-for-ssh keys are ordered by the value assigned to that key
attribute.  The values for the latter are clamped at 99999.
2023-02-01 09:27:28 +01:00
Werner Koch
f9bcec6f8a
gpg: New pseudo option full-help for --list-options et al.
* g10/misc.c (parse_options): Implement "full-help".
--
2023-01-31 11:52:01 +01:00
Werner Koch
5a223303d7
gpg: Make "--list-options show-sig-subpackets=n,m" work again.
* g10/gpg.c (parse_list_options): Set value for show-sig-subpackets.
--

Fixes-commit: 811cfa34cb3e7166f0cf1f94565504dee21cd9f5
and thus a regression in 2.4.0
2023-01-31 11:32:41 +01:00
Werner Koch
d11d3cf85b
gpg: For readibility use macro instead of integers in key-clean.
* g10/key-clean.c (NF_USABLE, NF_CONSIDER): New.
(NF_PROCESSED, NF_REVOC, NF_NOKEY): New.
2023-01-30 15:59:15 +01:00
Werner Koch
851ac88bde
gpgtar: Fix new --status-fd handling.
--

Fixes-commit: f84264e8acf742793c73ce78491cab61fac37051
2023-01-30 15:56:11 +01:00
Werner Koch
f84264e8ac
gpgtar: Emit progress status lines in create mode.
* tools/gpgtar.h (opt): Add field status_stream.
* tools/gpgtar.c (main): Set status_stream.
* tools/gpgtar-create.c (global_header_count): Rename to
global_total_files.
(global_written_files): New.
(global_total_data, global_written_data): New.
(struct scanctrl_s): Add field file_count.
(write_progress): New.
(write_file): Add arg skipped_open. Don't bail out immediatly on open
error.  Write progress lines.
(gpgtar_create): Write progress lines.  Print info aout skipped files.
--

GnuPG-bug-id: 6363
2023-01-30 15:23:38 +01:00
Werner Koch
d5fe8ba721
gpgtar: Fix parent directory creation bug
* tools/gpgtar-extract.c (extract_directory): Ignore EEXIST on parent
directory creation.
2023-01-26 11:54:44 +01:00
Werner Koch
1ab21c82c3
gpgtar: Allow decryption from stdin.
* tools/gpgtar.c (main): Revamp switch and fix usage test for aDecrypt
and aList.
--

GnuPG-bug-id: 6355
2023-01-26 11:40:10 +01:00
NIIBE Yutaka
3de5e00d04
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-01-26 15:24:24 +09:00
Werner Koch
f35e7dbf9e
common: Slight redefinition of nvc_get_boolean.
* common/name-value.c (nvc_get_boolean): Rewrite.
--

The function may now return a positive or negative number instead of
just 1 for true.  All callers were already prepared for this.

GnuPG-bug-id: 6212
2023-01-24 10:07:02 +01:00
Werner Koch
eae28f1bd4
doc: Remove profile and systemd example files.
--

The profiles are not any longer useful because global options are way
more powerful (/etc/gnupg/gpg.conf et al.).  The use of systemd is
deprecated because of additional complexity and the race between
systemd based autolaunching and the explicit gnupg based and lockfile
protected autolaunching.

GnuPG-bug-id: 6336
2023-01-23 16:35:12 +01:00
Werner Koch
d98bf02a03
gpg: Replace --override-compliance-check by a real fix.
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--

The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key.  The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.

Fixes-commit: fb26e144adfd93051501d58f5d0d4f8826ddf436
GnuPG-bug-id: 5655
2023-01-20 11:03:40 +01:00
Werner Koch
b9528830d6
gpg: Do not require --status-fd along with --require-compliance.
* g10/mainproc.c (check_sig_and_print): Do not check whether status is
enabled when checking compliance.
2023-01-20 09:23:27 +01:00
Werner Koch
c0a6b6b2d7
doc: Update copyright notices.
--

Note that we now print Copyright g10 Code instead of FSF.
2023-01-20 09:07:20 +01:00
Werner Koch
33b6ee5047
wkd: Support option --output for command --check.
* tools/wks-util.c (write_to_file): Rename to ...
(wks_write_to_file): this, make global, and support NULL for fname.
* tools/gpg-wks-client.c (command_check): Write to key.
2023-01-20 09:00:31 +01:00
Werner Koch
e28b6c301d
doc: Revert last change the gpg --unwrap description
--

Note that --unwrap is an option and not a command.  Thus it modifies
the behaviour of the default operation or of -d.
2023-01-19 16:31:05 +01:00
Werner Koch
9a50be0d05
common: Detect PNG and JPEG file formats.
* common/miscellaneous.c (is_file_compressed): Add detect code.
--

GnuPG-bug-id: 6332
2023-01-19 11:27:25 +01:00
Werner Koch
227c78ce0e
wkd: Let gpg-wks-client --supported print some diagnostics.
* tools/call-dirmngr.c (wkd_get_status_cb): Deetect and output warning
and note stati from dirmngr.
--

This is in particular helpful to check for non-proper TLS
certificates.
2023-01-19 10:52:43 +01:00
Werner Koch
60963d98cf
gpg: Detect already compressed data also when using a pipe.
* common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature.
(file_filter): Implement peeking.
(iobuf_ioctl): Add new IOBUF_IOCTL_PEEK.
* common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New.
* common/miscellaneous.c (is_file_compressed): Rewrite.  Detect PDF.
* g10/encrypt.c (encrypt_simple): Peek before detecting compression.
(encrypt_crypt): Ditto.
* g10/sign.c (sign_file): Also detect already compressed data.

* g10/options.h (opt): Add explicit_compress_option.
* g10/gpg.c (main): Set opt.explicit_compress_option for -z.

--

Note that this patch also introduces a compression check for signing
which was never done in the past.

GnuPG-bug-id: 6332
2023-01-19 10:45:54 +01:00
Werner Koch
94ae43be36
common: Replace all assert by log_assert.
--
2023-01-18 12:17:02 +01:00
Werner Koch
f79d9b9310
gpgtar: Make --status-fd option for fds > 2 work
* tools/gpgtar-create.c (gpgtar_create): Do not close the status_fd in
spawn.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--

Note that this fix does not handle file descripotors passed via the
--gpg-args options.

GnuPG-bug-id: 6348
2023-01-18 10:42:53 +01:00
Werner Koch
338a5ecaa1
sm: Fix compliance checking for ECC signature verification.
* common/compliance.c (gnupg_pk_is_compliant): Also consider the
gcrypt vids for ECDSA et al.
(gnupg_pk_is_allowed): Ditto.
* sm/verify.c (gpgsm_verify): Consider the curve.  Print a compliance
notice for a non-compliant key.

* sm/certchain.c (gpgsm_validate_chain): Silence the "switching to
chain model".
2023-01-12 20:52:27 +01:00
Werner Koch
b58cf129f4
dirmngr: Cleanup of the no-Tor check with --gpgconf-* commands
* dirmngr/dirmngr.c (post_option_parsing): Add arg CMD.
(main): Pass the current command.
--

Updates-commit: 9f37e93dd741a5436ff412955628806ae84725ca
2023-01-11 11:40:18 +01:00
Werner Koch
d1298fa287
w32: Make sure DEP is enabled.
* common/init.c (_init_common_subsystems): Test and set the DEP
Policy.
--

Note that this change will now definitely require Windows XP SP3.
2023-01-11 11:33:26 +01:00
Werner Koch
1f7a88ec5e
doc: Minor fix of the --keyserver option.
--

Unfortunately the a reflow took place.
2023-01-11 11:32:50 +01:00
NIIBE Yutaka
e89d57a2cb
tests: Fix tests/gpgme for in-source-tree builds.
* tests/gpgme/Makefile.am: Don't use setup.scm/ dir.
* tests/gpgme/all-tests.scm: Fix the name of the environment.

--

GnuPG-bug-id: 6313
Fixes-commit: c19ea75f10d6278569619f90977ce7c820e9319d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-21 10:52:24 +09:00
Werner Koch
9610faad90
Post release updates
--
2022-12-16 18:30:15 +01:00
Werner Koch
c0556edb80
Release 2.4.0 gnupg-2.4.0 2022-12-16 17:38:03 +01:00
Werner Koch
ca60c02d92
po: update-po
--
2022-12-16 17:37:33 +01:00
Werner Koch
e09750cd39
po: Fixed two new fuzzies in the Czech translation.
--

They were obvious.
2022-12-16 17:36:25 +01:00
Petr Pisar
c6e742dffe
po: Update Czech translation
--
2022-12-16 17:31:44 +01:00
Werner Koch
30a98b0b21
common: Fix translations in --help for gpgrt < 1.47
* common/mapstrings.c (map_static_macro_string): Add hack.
--
2022-12-16 17:29:12 +01:00
Werner Koch
7d1010256b
po: Update German translation
--
2022-12-16 16:26:07 +01:00
Werner Koch
548c3701e5
gpg: Fix a typo in a rarely shown diagnostic
--
2022-12-16 16:25:20 +01:00
Werner Koch
49d16f4f6e
gpg: Do not continue the export after a cancel for the primary key.
* g10/export.c (do_export_one_keyblock): Handle a cancel for the
primary key special.
--

GnuPG-bug-id: 6093
2022-12-16 15:34:41 +01:00