1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

156 Commits

Author SHA1 Message Date
Marcus Brinkmann
04e965c7fc sm/
2008-06-12  Marcus Brinkmann  <marcus@g10code.de>

	* gpgsm.h (struct keyserver_spec): New struct.
	(opt): Add member keyserver.
	* gpgsm.c (keyserver_list_free, parse_keyserver_line): New functions.
	(main): Implement --keyserver option.
	* call-dirmngr.c (prepare_dirmngr): Send LDAPSERVER commands.

tools/
2008-06-12  Marcus Brinkmann  <marcus@g10code.de>

	* gpgconf-comp.c (gc_options_gpgsm): Add option keyserver.
2008-06-12 14:24:46 +00:00
Werner Koch
f13c5a48fc Improve certificate chain construction.
Extend PKITS framework
2008-02-19 10:33:35 +00:00
Werner Koch
30a97e770c Poems for AllowSetForegroundWindow (W32) 2008-02-14 19:50:10 +00:00
Werner Koch
0819c1e8ca Always search missing certifcates using a running Dirmngr's cache. 2008-02-13 16:47:14 +00:00
Werner Koch
9d66580cff Allow verification of some broken S-TRUST generated signatures. 2007-12-13 15:45:40 +00:00
Werner Koch
bae4b256c7 Support DSA2.
Support Camellia for testing.
More audit stuff.
2007-12-12 10:28:30 +00:00
Werner Koch
55ba204bfa Started to implement the audit log feature.
Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry.
Improved support for the quality bar.
Minor internal restructuring.
Translation fixes.
2007-11-19 16:03:50 +00:00
Werner Koch
698ba5ae3c Add new features to kbxutil.
Fixed bug 829 (can't encrypt if duplicated certs are in the keybox)
2007-08-23 17:41:22 +00:00
Werner Koch
f81f521a72 Updated estream.
More changes for Windows.
2007-08-22 10:55:07 +00:00
Werner Koch
74d344a521 Implemented the chain model for X.509 validation. 2007-08-10 16:52:05 +00:00
Werner Koch
93d3811abc Changed to GPLv3.
Removed intl/.
2007-07-04 19:49:40 +00:00
Werner Koch
0b66f30d66 Implemented the --gen-key command as we can't use the gpgsm-gencert.sh under Windows. 2007-06-21 18:44:48 +00:00
Werner Koch
fd628ffda1 Allow setting of the passphrase encoding of pkcs#12 files.
New option --p12-charset.
2007-03-20 10:00:55 +00:00
Werner Koch
9e95c2dff6 Allow export to work on systems without funopen/fopencookie. 2007-03-19 15:44:59 +00:00
Werner Koch
12b661166c Changes to let the key listing use estream to help systems without
funopen.
2007-03-19 14:35:04 +00:00
Werner Koch
650293c4f6 sm/
* server.c (skip_options): Skip leading spaces.
(has_option): Honor "--".
(cmd_export): Add option --data to do an inline export.  Skip all
options.

* certdump.c (gpgsm_fpr_and_name_for_status): New.
* verify.c (gpgsm_verify): Use it to print correct status messages.

doc/
* gpgsm.texi (GPGSM EXPORT): Document changes.
2006-11-14 10:23:21 +00:00
Werner Koch
43825e9dae Allow pkcs#10 creation directkly from a smart card 2006-10-11 17:52:15 +00:00
Werner Koch
4b48bcacc9 Fix for bug 537 2006-10-02 11:54:35 +00:00
Werner Koch
d94faf4a3d New "relax" option for trustlist.txt 2006-09-25 18:29:20 +00:00
Werner Koch
eef036df23 The big Assuan error code removal. 2006-09-06 16:35:52 +00:00
Werner Koch
98c6970ad1 Various smaller changes 2006-06-27 14:32:34 +00:00
Werner Koch
f98537733a Updated FSF's address. 2006-06-20 17:21:37 +00:00
Werner Koch
6b19366e4e Add Kludge for RegTP sillyness. 2006-03-21 09:56:47 +00:00
Werner Koch
b8795bb823 Print a note that the software has not been approved for qualified signatures. 2005-11-23 09:05:45 +00:00
Werner Koch
b9633196f4 Added qualified signature features. 2005-11-13 19:07:06 +00:00
Werner Koch
a2d1673d66 * findkey.c (agent_public_key_from_file): Fixed array assignment.
This was the cause for random segvs.

* call-agent.c (gpgsm_agent_readkey): New.
2005-07-25 14:35:04 +00:00
Werner Koch
deeba405a9 gcc-4 defaults forced me to edit many many files to get rid of the
char * vs. unsigned char * warnings.  The GNU coding standards used to
say that these mismatches are okay and better than a bunch of casts.
Obviously this has changed now.
2005-06-16 08:12:03 +00:00
Werner Koch
3ff9a743bf * configure.ac: Do not build gpg by default.
* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.

* certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates.  This is required because on signature
verification an expired key is fine whereas a revoked one is not.

* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
2005-04-21 09:33:07 +00:00
Werner Koch
eff62d82bf * configure.ac: Require libksba 0.9.11.
sm/
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
* certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
this filter.  Changed all callers.

* certchain.c (find_up_search_by_keyid): New helper.
(find_up): Also try using the AKI.keyIdentifier.
(find_up_external): Ditto.
2005-04-18 10:44:46 +00:00
Werner Koch
3666a2859b Avoid the " map_to_assuan_status called with no error source" diagnostic. 2004-12-18 10:22:10 +00:00
Werner Koch
0ccb120f68 * call-dirmngr.c (isvalid_status_cb, lookup_status_cb)
(run_command_status_cb): Return cancel status if gpgsm_status
returned an error.

* server.c (gpgsm_status, gpgsm_status2)
(gpgsm_status_with_err_code): Return an error code.
(gpgsm_status2): Always call va_end().
2004-12-17 14:36:16 +00:00
Werner Koch
c7b97075aa * b64enc.c: Include stdio.h and string.h
* gpgsm.c: New option --prefer-system-dirmngr.
* call-dirmngr.c (start_dirmngr): Implement this option.

* gpgconf-comp.c <dirmngr>: Add the proxy options.
<gpgsm>: Add --prefer-system-daemon.
2004-11-23 17:09:51 +00:00
Werner Koch
048635bede * gpgv.c (i18n_init): Always use LC_ALL.
* kbxutil.c (i18n_init): Always use LC_ALL.

* gpgsm.c (i18n_init): Always use LC_ALL.

* certdump.c (gpgsm_format_name): Factored code out to ..
(gpgsm_format_name2): .. new.
(gpgsm_print_name): Factored code out to ..
(gpgsm_print_name2): .. new.
(print_dn_part): New arg TRANSLATE.  Changed all callers.
(print_dn_parts): Ditto.
(gpgsm_format_keydesc): Do not translate the SUBJECT; we require
it to stay UTF-8 but we still want to filter out bad control
characters.

* gpgconf.c (i18n_init): Always use LC_ALL.
2004-09-30 21:37:11 +00:00
Werner Koch
fc07b029ea * certlist.c (gpgsm_cert_use_ocsp_p): New.
(cert_usage_p): Support it here.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it here.
2004-08-18 14:38:47 +00:00
Werner Koch
066352a6a5 * import.c (check_and_store): Do a full validation if
--with-validation is set.

* certchain.c (gpgsm_basic_cert_check): Print more detailed error
messages.

* certcheck.c (do_encode_md): Partly support DSA.  Add new arg
PKALGO. Changed all callers to pass it.
(pk_algo_from_sexp): New.

tests/pkits: New directory
2004-08-17 15:26:22 +00:00
Werner Koch
f96ad015d8 * gpgsm.c: New option --with-ephemeral-keys.
* keylist.c (list_internal_keys): Set it here.
(list_cert_raw): And indicate those keys.  Changed all our callers
to pass the new arg HD through.
2004-08-06 16:14:10 +00:00
Werner Koch
fdb1933917 * sign.c (gpgsm_sign): Include the error source in the final error
message.
* decrypt.c (gpgsm_decrypt): Ditto.

* fingerprint.c (gpgsm_get_key_algo_info): New.
* sign.c (gpgsm_sign): Don't assume RSA in the status line.
* keylist.c (list_cert_colon): Really print the algorithm and key
length.
(list_cert_raw, list_cert_std): Ditto.

* gpgsm.h (opt): Add member CONFIG_FILENAME.
* gpgsm.c (main): Use it here instead of the local var.
2004-05-11 15:36:48 +00:00
Werner Koch
d3184ce584 * gpgsm.h (opt): Add member CONFIG_FILENAME.
* gpgsm.c (main): Use it here instead of the local var.
* server.c (gpgsm_server): Print some additional information with
the hello in verbose mode.
2004-05-11 09:15:56 +00:00
Werner Koch
388218891b * call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt)
(gpgsm_agent_genkey, gpgsm_agent_istrusted)
(gpgsm_agent_marktrusted, gpgsm_agent_havekey)
(gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
(start_agent): New arg CTRL.  Send progress item when starting a
new agent.
* sign.c (gpgsm_get_default_cert, get_default_signer): New arg
CTRL to be passed down to the agent function.
* decrypt.c (prepare_decryption): Ditto.
* certreqgen.c (proc_parameters, read_parameters): Ditto.
* certcheck.c (gpgsm_create_cms_signature): Ditto.
2004-04-26 13:29:09 +00:00
Werner Koch
aaac5dd2dc * misc.c (setup_pinentry_env): New.
* import.c (popen_protect_tool): Call it.
* export.c (popen_protect_tool): Call it.
2004-04-13 09:45:35 +00:00
Werner Koch
c61c77b1b2 * gpgsm.c: New option --force-crl-refresh.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Pass option to dirmngr.
2004-04-07 17:59:18 +00:00
Werner Koch
da89d93c77 * verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.
* certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do
not just warn if a cert is not suitable; bail out immediately.

* call-dirmngr.c (isvalid_status_cb): New.
(unhexify_fpr): New. Taken from ../g10/call-agent.c
(gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass
it thru.  Detect need to check the respondert cert and do that.
* certchain.c (gpgsm_validate_chain): Add new arg FLAGS.  Changed
all callers.
2004-04-05 17:25:21 +00:00
Werner Koch
884483282f Preparing for a release 2004-03-06 20:11:19 +00:00
Werner Koch
0c224cadf3 * keylist.c (list_internal_keys): Return error codes.
(list_external_keys, gpgsm_list_keys): Ditto.
* server.c (do_listkeys): Ditto.

* gpgsm.c (main): Display a key description for --passwd.
* call-agent.c (gpgsm_agent_passwd): New arg DESC.
2004-02-21 13:05:52 +00:00
Werner Koch
aa0e38982a * gpgsm.c (main): New option --debug-ignore-expiration.
* certchain.c (gpgsm_validate_chain): Use it here.

* certlist.c (cert_usage_p): Apply extKeyUsage.
2004-02-20 13:46:21 +00:00
Werner Koch
a1b487a17a * protect-tool.c: New options --have-cert and --prompt.
(export_p12_file): Read a certificate from STDIN and pass it to
p12_build.  Detect a keygrip and construct the filename in that
case.  Unprotcet a key if needed.  Print error messages for key
formats we can't handle.
(release_passphrase): New.
(get_passphrase): New arg PROMPTNO. Return the allocated
string. Changed all callers.

* minip12.c: Revamped the build part.
(p12_build): New args CERT and CERTLEN.

* simple-pwquery.c (agent_open): Don't mangle INFOSTR.

* export.c (export_p12, popen_protect_tool)
(gpgsm_p12_export): New.
* gpgsm.c (main): New command --export-secret-key-p12.
2004-02-19 16:26:32 +00:00
Werner Koch
45a817bf4a * gpgsm.c: New option --with-md5-fingerprint.
* keylist.c (list_cert_std): Print MD5 fpr.

* gpgsm.c: New options --with-validation.
* server.c (option_handler): New option "with-validation".
* keylist.c (list_cert_std, list_internal_keys): New args CTRL and
WITH_VALIDATION. Changed callers to set it.
(list_external_cb, list_external_keys): Pass CTRL to the callback.
(list_cert_colon): Add arg CTRL.  Check validation if requested.
* certchain.c (unknown_criticals, allowed_ca, check_cert_policy)
(gpgsm_validate_chain): New args LISTMODE and FP.
(do_list): New helper for info output.
(find_up): New arg FIND_NEXT.
(gpgsm_validate_chain): After a bad signature try again with other
CA certificates.

* import.c (print_imported_status): New arg NEW_CERT. Print
additional STATUS_IMPORT_OK becuase that is what gpgme expects.
(check_and_store): Always call above function after import.
* server.c (get_status_string): Added STATUS_IMPORT_OK.
2004-02-17 15:05:04 +00:00
Werner Koch
01486117e8 * certcheck.c (gpgsm_create_cms_signature): Format a description
for use by the pinentry.
* decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP.
* certdump.c (format_name_cookie, format_name_writer)
(gpgsm_format_name): New.
(gpgsm_format_serial): New.
(gpgsm_format_keydesc): New.
* call-agent.c (gpgsm_agent_pksign): New arg DESC.
(gpgsm_agent_pkdecrypt): Ditto.
2004-02-13 17:06:50 +00:00
Werner Koch
1a159fd8e3 * encrypt.c (init_dek): Check for too weak algorithms.
* import.c (parse_p12, popen_protect_tool): New.

* base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM.
Changed all callers.
(base64_reader_cb): Handle it here.
(gpgsm_reader_eof_seen): New.
(base64_reader_cb): Set a flag for EOF.
(simple_reader_cb): Ditto.
2004-02-13 12:40:23 +00:00
Werner Koch
711c4853d6 * server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.
(cmd_encrypt): Add all enrypt-to marked certs to the list.
* encrypt.c (gpgsm_encrypt): Check that real recipients are
available.
* gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to
options work.  Pass the list of recients to gpgsm_server.
* gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO.
(opt): Add NO_ENCRYPT_TO.
* certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO.
Changed all callers and ignore duplicate entries.
(is_cert_in_certlist): New.
(gpgsm_add_cert_to_certlist): New.
2003-12-17 17:12:14 +00:00
Werner Koch
cbd57643a7 Replaced deprecated type names.
* certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
(gpgsm_dump_serial): Ditto.

* decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
2003-12-17 12:28:24 +00:00
Werner Koch
c68eaa4b6b * gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp.
(gpgsm_init_default_ctrl): Set USE_OCSP to the default value.
* certchain.c (gpgsm_validate_chain): Handle USE_OCSP.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and
proceed accordingly.
2003-12-01 10:54:30 +00:00
Werner Koch
dd808fa15b * verify.c (strtimestamp_r, gpgsm_verify):
* sign.c (gpgsm_sign):

* keylist.c (print_time, list_cert_std, list_cert_colon):

* certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert):

* certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t.
2003-10-31 12:12:47 +00:00
Repo Admin
9ca4830a5b This commit was manufactured by cvs2svn to create branch
'GNUPG-1-9-BRANCH'.
2003-08-05 17:11:04 +00:00
Repo Admin
82a17c9fb3 This commit was manufactured by cvs2svn to create branch
'GNUPG-1-9-BRANCH'.
2002-10-19 07:55:27 +00:00
Werner Koch
e18e3875b7 * gpgsm.c (main): Use the log file only in server mode.
* import.c (print_imported_summary): New.
(check_and_store): Update the counters, take new argument.
(import_one): Factored out core of gpgsm_import.
(gpgsm_import): Print counters.
(gpgsm_import_files): New.
* gpgsm.c (main): Use the new function for import.
2002-08-20 13:09:53 +00:00
Werner Koch
5776c03b4c * certpath.c: Renamed to ..
* certchain.c: this. Renamed all all other usages of "path" in the
context of certificates to "chain".
2002-08-16 14:09:23 +00:00
Werner Koch
a8e9b350c0 * call-agent.c (learn_cb): Special treatment when the issuer
certificate is missing.
2002-08-16 13:55:03 +00:00
Werner Koch
9382b621ad * keylist.c (list_cert_colon): Print the short fingerprint in the
key ID field.
* fingerprint.c (gpgsm_get_short_fingerprint): New.
* verify.c (gpgsm_verify): Print more verbose info for a good
signature.
2002-08-10 09:14:21 +00:00
Werner Koch
850a4d5214 * gpgsm.c (emergency_cleanup): New.
(main): Initialize the signal handler.

* sign.c (gpgsm_sign): Reset the hash context for subsequent
signers and release it at the end.
2002-08-09 18:12:22 +00:00
Werner Koch
9f8fef65ca * delete.c: New.
* gpgsm.c: Made --delete-key work.
* server.c (cmd_delkeys): New.
(register_commands): New command DELKEYS.

* decrypt.c (gpgsm_decrypt): Print a convenience note when RC2 is
used and a STATUS_ERROR with the algorithm oid.
2002-07-22 10:23:10 +00:00
Werner Koch
df58e024e7 * gpgsm.c: New option --auto-issuer-key-retrieve.
* certpath.c (find_up): Try to retrieve an issuer key from an
external source and from the ephemeral key DB.
(find_up_store_certs_cb): New.

* keydb.c (keydb_set_ephemeral): Does now return the old
state.  Call the backend only when required.

* call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR.
(lookup_status_cb): Issue status only when CTRL is not NULL.
(gpgsm_dirmngr_lookup): Document that CTRL is optional.

* call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT.
2002-06-29 14:01:53 +00:00
Werner Koch
640688c4e2 * gpgsm.c, gpgsm.h: New option --debug-no-path-validation.
* certpath.c (gpgsm_validate_path): Use it here instead of the
debug flag hack.

* certpath.c (check_cert_policy): Return No_Policy_Match if the
policy file could not be opened.
2002-06-24 14:34:52 +00:00
Werner Koch
42cf865350 * certlist.c (gpgsm_add_to_certlist): Fixed locating of a
certificate with the required key usage.

* gpgsm.c (main): Fixed a segv when using --outfile without an
argument.

* keylist.c (print_capabilities): Also check for non-repudiation
and data encipherment.
* certlist.c (cert_usage_p): Test for signing and encryption was
swapped.  Add a case for certification usage, handle
non-repudiation and data encipherment.
(gpgsm_cert_use_cert_p): New.
(gpgsm_add_to_certlist): Added a CTRL argument and changed all
callers to pass it.
* certpath.c (gpgsm_validate_path): Use it here to print a status
message. Added a CTRL argument and changed all callers to pass it.
* decrypt.c (gpgsm_decrypt): Print a status message for wrong key
usage.
* verify.c (gpgsm_verify): Ditto.
* keydb.c (classify_user_id): Allow a colon delimited fingerprint.
2002-06-20 10:43:02 +00:00
Werner Koch
312ee41ff7 * call-dirmngr.c (lookup_status_cb): New.
(gpgsm_dirmngr_lookup): Use the status CB.  Add new arg CTRL and
changed caller to pass it.
2002-06-12 14:35:41 +00:00
Werner Koch
c6416080a2 * gpgsm.c (main): New command --list-sigs
* keylist.c (list_cert_std): New.  Use it whenever colon mode is
not used.
(list_cert_chain): New.
2002-06-04 09:41:59 +00:00
Werner Koch
ad6abe7913 * keylist.c (list_internal_keys): Renamed from gpgsm_list_keys.
(list_external_keys): New.
(gpgsm_list_keys): Dispatcher for above.
* call-dirmngr.c (lookup_cb,pattern_from_strlist)
(gpgsm_dirmngr_lookup): New.
* server.c (option_handler): Handle new option --list-mode.
(do_listkeys): Handle options and actually use the mode argument.
(get_status_string): New code TRUNCATED.
2002-05-21 19:20:40 +00:00
Werner Koch
a64b3686b4 * certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed
all callers.
* verify.c (gpgsm_verify): Tweaked usage of log_debug and
log_error.  Return EXPSIG status and add expiretime to VALIDSIG.
2002-05-03 20:18:54 +00:00
Werner Koch
0ec648b71f Debug message cleanups. 2002-04-27 13:50:16 +00:00
Marcus Brinkmann
898dda02e4 2002-04-25 Marcus Brinkmann <marcus@g10code.de>
* server.c (option_handler): Accept display, ttyname, ttytype,
	lc_ctype and lc_messages options.
	* gpgsm.c (main): Allocate memory for these options.
	* gpgsm.h (struct opt): Make corresponding members non-const.
2002-04-24 22:08:35 +00:00
Marcus Brinkmann
ee6bb32a8b 2002-04-24 Marcus Brinkmann <marcus@g10code.de>
* configure.ac: Check for locale.h.

agent/
2002-04-24  Marcus Brinkmann  <marcus@g10code.de>

	* agent.h (struct opt): Add members display, ttyname, ttytype,
	lc_ctype, and lc_messages.
	* gpg-agent.c (enum cmd_and_opt_values): Add oDisplay, oTTYname,
	oTTYtype, oLCctype, and LCmessages.
	(main): Handle these options.
	* command.c (option_handler): New function.
	(register_commands): Register option handler.
	* query.c (start_pinentry): Pass the various display and tty
	options to the pinentry.

sm/
2002-04-24  Marcus Brinkmann  <marcus@g10code.de>

	* gpgsm.h (struct opt): New members display, ttyname, ttytype,
	lc_ctype, lc_messages.
	* gpgsm.c (enum cmd_and_opt_values): New members oDisplay,
	oTTYname, oTTYtype, oLCctype, oLCmessages.
	(opts): New entries for these options.
	(main): Handle these new options.
	* call-agent.c (start_agent): Set the various display and tty
	parameter after resetting.
2002-04-24 21:52:47 +00:00
Werner Koch
7e07a397a0 * certlist.c (cert_usable_p): New.
(gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New.
(gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New.
(gpgsm_add_to_certlist): Check the key usage.
* sign.c (gpgsm_sign): Ditto.
* verify.c (gpgsm_verify): Print a message wehn an unsuitable
certificate was used.
* decrypt.c (gpgsm_decrypt): Ditto
* keylist.c (print_capabilities): Determine values from the cert.
2002-04-12 18:54:34 +00:00
Werner Koch
208b08af79 * export.c: New.
* gpgsm.c: Add command --export.
* server.c (cmd_export): New.
2002-03-21 14:42:14 +00:00
Werner Koch
8337455483 * verify.c (gpgsm_verify): Detect certs-only message. 2002-03-12 13:36:29 +00:00
Werner Koch
4e637f2285 sm/
* gpgsm.c: New command --learn-card
* call-agent.c (learn_cb,gpgsm_agent_learn): New.
* gpgsm.c (main): Print error messages for non-implemented commands.
agent/
* learncard.c: New.
* divert-scd.c (ask_for_card): The serial number is binary so
convert it to hex here.
* findkey.c (agent_write_private_key): New.
* genkey.c (store_key): And use it here.
scd/
* pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done.
* divert-scd.c (divert_pkdecrypt): Changed interface and
implemented it.
2002-03-06 14:16:37 +00:00
Werner Koch
c8454f792d * gpgsm.c, gpgsm.h: Add local_user.
* sign.c (gpgsm_get_default_cert): New.
(get_default_signer): Use the new function if local_user is not
set otherwise used that value.
* encrypt.c (get_default_recipient): Removed.
(gpgsm_encrypt): Use gpgsm_get_default_cert.
* verify.c (gpgsm_verify): Better error text for a bad signature
found by comparing the hashs.
2002-03-05 15:56:46 +00:00
Werner Koch
04f49d973b * server.c (option_handler): Allow to use -2 for "send all certs
except the root cert".
* sign.c (add_certificate_list): Implement it here.
* certpath.c (gpgsm_is_root_cert): New.
2002-02-25 18:18:40 +00:00
Werner Koch
488243f56e * certpath.c (check_cert_policy): New.
(gpgsm_validate_path): And call it from here.
* gpgsm.c (main): New options --policy-file,
--disable-policy-checks and --enable-policy-checks.
* gpgsm.h (opt): Added policy_file, no_policy_checks.
2002-02-19 17:39:05 +00:00
Werner Koch
cd30feaa8e * call-agent.c (gpgsm_agent_havekey): New.
* keylist.c (list_cert_colon): New arg HAVE_SECRET, print "crs"
when we know that the secret key is available.
(gpgsm_list_keys): New arg MODE, check whether a secret key is
available.  Changed all callers.
* gpgsm.c (main): New command --list-secret-keys.
* server.c (cmd_listsecretkeys): New.
(cmd_listkeys): Return secret keys with "crs" record.
2002-01-29 10:05:24 +00:00
Werner Koch
151deac0df * gpgsm.c (main): Disable core dumps.
* sign.c (add_certificate_list): New.
(gpgsm_sign): Add the certificates to the CMS object.
* certpath.c (gpgsm_walk_cert_chain): New.
* gpgsm.h (server_control_s): Add included_certs.
* gpgsm.c: Add option --include-certs.
(gpgsm_init_default_ctrl): New.
(main): Call it.
* server.c (gpgsm_server): Ditto.
(option_handler): Support --include-certs.
2002-01-25 16:41:13 +00:00
Werner Koch
d9a4ccf94e * certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.
* certdump.c (gpgsm_dump_string): New.
(print_dn): Replaced by above.
2002-01-23 13:40:38 +00:00
Werner Koch
a9979e26a5 * import.c (gpgsm_import): Just do a basic cert check before
storing it.
* certpath.c (gpgsm_basic_cert_check): New.

* keydb.c (keydb_store_cert): New.
* import.c (store_cert): Removed and change all caller to use
the new function.
* verify.c (store_cert): Ditto.

* certlist.c (gpgsm_add_to_certlist): Validate the path

* certpath.c (gpgsm_validate_path): Check the trust list.
* call-agent.c (gpgsm_agent_istrusted): New.
2002-01-15 13:02:47 +00:00
Werner Koch
438b2bcb8c * call-dirmngr.c (inq_certificate): Changed for new interface semantic.
* certlist.c (gpgsm_find_cert): New.

DirMngr should now work.  Remember that there is a --disable-crl-check
option in gpgsm to be used when there is a problem with the dirmngr
communication or you want to do faster tests.
2002-01-14 12:15:30 +00:00
Werner Koch
6af7631e54 * call-dirmngr.c: New.
* certpath.c (gpgsm_validate_path): Check the CRL here.
* fingerprint.c (gpgsm_get_certid): New.
* gpgsm.c: New options --dirmngr-program and --disable-crl-checks.
2002-01-11 17:07:51 +00:00
Werner Koch
dc37fe1849 * base64.c (gpgsm_create_writer): Allow to set the object name
* server.c (cmd_genkey): New.
* certreqgen.c: New.  The parameter handling code has been taken
from gnupg/g10/keygen.c version 1.0.6.
* call-agent.c (gpgsm_agent_genkey): New.
2002-01-10 19:47:20 +00:00
Werner Koch
3b8cf6e497 * verify.c (gpgsm_verify): Implemented non-detached signature
verification.  Add OUT_FP arg, initialize a writer and changed all
callers.
* server.c (cmd_verify): Pass an out_fp if one has been set.
2001-12-20 16:51:06 +00:00
Werner Koch
5f116e9540 * base64.c (base64_reader_cb): Try to detect an S/MIME body part.
* certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made
global.
(print_time): Renamed to gpgsm_dump_time, made global.
(gpgsm_dump_serial): Take a real S-Expression as argument and
print the first item.
* keylist.c (list_cert_colon): Ditto.
* keydb.c (keydb_search_issuer_sn): Ditto.
* decrypt.c (print_integer_sexp): Removed and made callers
use gpgsm_dump_serial.
* verify.c (print_time): Removed, made callers use gpgsm_dump_time.
2001-12-20 13:25:08 +00:00
Werner Koch
56172ce393 Changes to be used with the new libksba interface.
libgcrypt-1.1.5 is required (cvs or tarball)
2001-12-18 17:37:48 +00:00
Werner Koch
6a8c47bd29 Implemented encryption in server mode.
Allow to specify a recipient on the commandline
There is still a default hardwired recipient if none has been set.
2001-12-11 12:31:04 +00:00
Werner Koch
ce32f6b6c8 Decryption does now work 2001-12-06 20:48:10 +00:00
Werner Koch
e8676a0871 Started with decryption stuff 2001-12-05 23:48:01 +00:00
Werner Koch
95e6da1b07 --armor does now produce PEM format. 2001-11-27 18:38:59 +00:00
Werner Koch
944fee70bc * base64.c: New. Changed all other functions to use this instead
of direct creation of ksba_reader/writer.
* gpgsm.c (main): Set ctrl.auto_encoding unless --no-armor is used.
This way we can feed PEM encoded stuff to --verify.
2001-11-27 17:40:09 +00:00
Werner Koch
d9aecd9eb7 * gpgsm.c: New option --agent-program
* call-agent.c (start_agent): Allow to override the default path
to the agent.
2001-11-26 17:54:49 +00:00
Werner Koch
0e36c4c6a7 The agent does now work and read the secret keys from the directory
~/.gnupg-test/private-keys-v1.d/<keygrip-as-20-byte-hex-number>. I
will post a sample key to gpa-dev.
2001-11-25 18:23:06 +00:00
Werner Koch
f60dc501d2 Introduced the keygrip 2001-11-24 22:20:38 +00:00
Werner Koch
bab7fa0b29 Added new directory common to enable sharing of some code and error
numbers between gpg, gpgsm and gpg-agent.  Move some files and code to
there.
2001-11-24 17:43:43 +00:00
Werner Koch
8e58435312 Signing does now work. There is no secret key management yet, so you
should set GPGSM_FAKE_KEY=1 before you try to verify a signature
created by gpgsm --sign or the SIGN server command.
2001-11-24 14:26:27 +00:00
Werner Koch
757c13a171 Just a Backup. We can now write out a basic signature which in turn
exhibits a bug in --verify.
2001-11-23 17:12:37 +00:00
Werner Koch
a413066de1 Added basic code for keylisting.
New Assuan command LISTKEYS.
2001-11-19 16:17:43 +00:00