* doc/gpgv.texi: Improve documentation for keyring choices
--
From the existing documentation, it's not clear whether the default
keyring will always be mixed into the set of keyrings, or whether it
will be skipped if a --keyring is present. The updated text here
attempts to describe the keyring selection logic more completely.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.
--
The -C option is pretty useful given that pattern are always relative
to the current directory. In contrast to GNU tar, the switching is
done only once.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oEnableExtendedKeyFormat): Re-introduce.
(parse_rereadable_options): Handle it in a special way.
* agent/protect.c (agent_protect): Be safe and set use_ocb only to 1
or 0.
* tools/gpgconf-comp.c: Add --enable-extended-key-format again.
--
This is required for backward compatible with profiles.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgtar.h (struct tarinfo_s): New.
* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
global vars more to the top.
(set_cmd): Rename 'cmd' to 'c'.
* tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
messages.
(read_header): Add arg 'info' and update counter.
(skip_data): Ditto.
(gpgtar_list): Pass info object to read functions.
(gpgtar_read_header): Add arg 'info'.
* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
(extract_regular): Add arg 'info' and update counter.
--
This now prints the block number of a header with error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(oEnableExtendedKeyFormat): Remove.
(opts): Make --enable-extended-key-format a dummy option. Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
--
Extended key format is supported since vesion 2.1.12 which should have
long been replaced by a newer version inh all installations. Thus for
2.3 we will make use of the extended-key-format by default.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-scd.c (start_scd): Acquire START_SCD_LOCK for
SCD_LOCAL_LIST. Move common case code to fast path.
Release START_SCD_LOCK before calling unlock_scd.
When new CTX is allocated, clear INVALID flag.
(agent_reset_scd): Serialize the access to SCD_LOCAL_LIST by
START_SCD_LOCK.
--
GnuPG-bug-id: 4377
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app.c (app_new_register): Set card version for Yubikeys.
(app_write_learn_status): Print CARDVERSION and APPVERSION.
* tools/card-call-scd.c (learn_status_cb): Detect them.
* tools/gpg-card.h (struct card_info_s): Add appversion and
cardversion.
* tools/gpg-card.c (list_openpgp): Remove version printing from serial
number.
(print_a_version): New.
(list_card): Print card and app version.
(cmd_generate): Do not allow broken Yubikeys.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--
This has been tested with gpgsm and RSA keys. For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey. Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm. However, this does not work completely.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keylist.c (print_key_line): Print a warning for invalid algos.
--
Non-OpenPGP compliant keys now show a warning flag on the sec or pub
line like in:
gpg: can't encode a 256 bit MD into a 88 bits frame, algo=8
sec cv25519 2019-01-30 [INVALID_ALGO]
4239F3D606A19258E7A88C3F9A3F4F909C5034C5
uid [ultimate] ffffff
Instead of showing the usage flags "[CE]". Without this patch only
the error message is printed and the reason for it was not immediately
obvious (cv25519 is encryption only but we always consider the primary
key as having the "C" flag).
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_keytocard): Make timestamp optional. Use
modern parser function.
* agent/call-scd.c (agent_card_writekey): Rename an arg and for
clarity return gpg_error_t instead of int.
* agent/divert-scd.c (divert_writekey): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
(OID_FLAG_HEX): New.
(print_hex_extn): New.
(list_cert_raw): Make use of that flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (do_readcert): Add hack to read Yubikey attestaions.
--
Use
gpg-card 'readcert PIV.ATST.9A >x.crt'
to store the attestation certificate for 9A into X.CRT.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-piv.c (do_readkey): Read the key from the cert here instead
of letting the upper layer do this.
(do_writecert): Check that the cert matches the key and that a key has
already been generated.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-card.c (cmd_passwd): Remove arg allow_admin.
(enum cmdids): Rename cmdAUTHENTICATE to cmdAUTH and cmdFACTORYRESET
to cmdFACTRST.
(cmds): Remove column 'admin_only'.
(interactive_loop): Remove admin_only stuff.
--
That command has always been an annoyance. Symbols have been renamed
for source cosmetics.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/keylist.c (print_compliance_flags): Also check the diges_also.
--
A certificate with algorithm sha1WithRSAEncryption can be de-vs
compliant (e.g. if the next in the chain used sha256WithRSAEncryption
to sign it and RSA is long enough) but flagging it as such is useless
because that certificate can't be used because it will create
signatures using the non-compliant SHA-1 algorithm.
Well, it could be used for encryption. But also evaluating the
key-usage flags here would make it harder for the user to understand
why certain certificates are listed as de-vs compliant and others are
not.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/pksign.c (agent_pksign_do):
--
It's best to keep same data format by libgcrypt.
For card (due to historical reasons), gpg-agent or scdaemon used to
prefix 0x00 when it starts 0x80, so that it can be parsed signed MPI
as well as unsigned MPI. It used to do nothing for preceding zeros.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-help.c (app_help_pubkey_from_cert): New.
* scd/command.c (cmd_readkey): Refactor to use that new function and
handle the --advanced flag only here.
* scd/app.c (app_readkey): Remove parm advanced.
* scd/app-common.h (struct app_ctx_s): Remove parm advanced from the
readkey member.
* scd/app-nks.c (do_readkey): Adjust for removed parm.
* scd/app-piv.c (do_readkey): Ditto.
* scd/app-openpgp.c (do_readkey): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
* tools/gpgconf.h: here.
* tools/gpgconf.c (oShowSocket): New.
(opts): Add new option.
(main): Implement new option.
--
This is a convenience options for software which directly connects to
gpg-agent and thus needs to new the socket. By using --show-socket
along with --launch that software can also autostart the agent or the
dirmngr. Without this two calls to gpgconf would be required.
Actually the same behaviour can be achieved by running
gpg-connect-agent to query the running gpg-agent's socket via GETINFO.
The gpg-connect also makes sure that the agent is started. This is
not anymore suggested because gpgconf shall in future be used for all
such things.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns.h (dns_quietinit): Remove.
(dns_hints_i_new): Remove.
--
Even before our change, dns_quietinit was questionable macro; There
was no place in dns.c which requires overrides in initializer list.
Only redundant zero were.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
automatic variable for opts.
* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
Likewise.
--
In fact, DNS_OPTS_INIT was only needed when args are none. With
partially specified initialization, C99 guarantees zero-ed other
members just like static object.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
Call dns_rr_grep with NULL.
* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.
--
Here we still use C99 feature of struct member initialization in
dns_rr_foreach, for struct dns_rr_i. Note that in C99, it guarantees
non-specified member fields are initialized by zero. So, there's no
need to use dns_rr_i_new at all.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
variables.
(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.
--
Compound literals is a feature of C99. Because we only use C90 plus
some limited features, in the project, it's better to avoid it.
Besides, we make sure when it's read-only.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/card-tool-keys.c: Rename to card-keys.c.
* tools/card-tool-misc.c: Rename to card-misc.c.
* tools/card-tool-yubikey.c: Rename to card-yubikey.c.
* tools/card-tool.h: Rename to gpg-card.h.
* tools/gpg-card-tool-w32info.rc: Rename to gpg-card-w32info.rc
* doc/card-tool.texi: Rename top gpg-card.texi
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
--
The libgcrypt docs say that a "flags" parameter should always be used
in the input of pkdecrypt. Thus we should allow that parameter also
when parsing an s-expression to figure out the algorithm for use with
scdaemon.
Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.
--
Picked from libgpg-error commit of:
8a9397896fd202dcfb3fb46259e43bc05a0ddd2e
In some build environment, NDEBUG is defined (although it's
bad practice). This change supports such a situation.
GnuPG-bug-id: 3959
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
control transfer.
--
This handling is not mondatory, but it's better to do so, because
there are card reader with pinpad and token with ack button, which
support user interaction.
User interaction status should be reset at open time. The status
should be reset when the session is closed/stopped. In practice,
since cleanup routine in a driver may not be called properly, it's
good to submit SET_INTERFACE at open time.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm/certreqgen.c (create_request): Fix for certmode.
--
When using an existing key from a card for certificate signing (in
contrast to the default of generating a CSR), the code tried to use
the same key for signing instead of the Signing-Key parameter. It is
perfectly okay to use the regular signing path via gpg-agent for
certificate creation - only self-signed certificates with a key on the
card require the direct use of the card key (via "SCD PKSIGN").
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-card-tool.c (list_one_kinfo): Print the keyref.
--
The named keys are nice but knowing the actual keyref mapping to them
is also useful.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/misc.c (transform_sigval): Allow for larger values of MDALGO and
PKALGO.
--
Libgcrypt already defines larger values for them, so we should be
prepared in case we use them in the future.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/defs.scm: Add "disable-scdaemon". Remove
"scdaemon-program".
* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"
--
Before this change, running "make check" accesses USB device by
scdaemon on host computer. If there is any smartcard/token available,
it may affect test results. Because default key choice depends on
smartcard/token availability now and existing tests have nothing about
testing smartcard/token, disabling scdaemon is good.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/call-pinentry.c (watch_sock): New.
(do_getpin): Spawn the watching thread.
--
While we don't have npth_cancel (and it's difficult to implement it
correctly), this is a kind of best compromise allowing a thread's
polling when pinentry is active.
GnuPG-bug-id: 2011
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm/call-agent.c (gpgsm_scd_pksign): Allow SHA512. Create proper
S-expression for EdDSA signature.
* sm/certreqgen.c (create_request): Force use of SHA512 when
using a ed25519 key.
* sm/misc.c (transform_sigval): Insert OID for ed25519.
--
GnuPG-bug-id: 4013
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* sm/call-agent.c (gpgsm_scd_pksign): Identify type of signing key
and format resulting S-expression accordingly.
* sm/misc.c (transform_sigval): Support ECDSA signatures.
--
Current GpgSM implementation assumes card-based keys are RSA keys.
This patch introduces support for ECDSA keys.
By itself this patch is not sufficient, we also need support
from libksba.
GnuPG-bug-id: 4092
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Daniel Kahn Gillmor