1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

132 Commits

Author SHA1 Message Date
Werner Koch
9c380384da Remove support for the GPG_AGENT_INFO envvar.
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options.  Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--

The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
2014-10-03 11:58:58 +02:00
Werner Koch
be07ed65e1 Add new option --with-secret.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret.  Also move
the token string from the wrong field 14 to 15.
--

This option is useful for key managers which need to know whether a
key has a secret key.  This change allows to collect this information
in one pass.
2014-06-03 21:35:59 +02:00
Werner Koch
0beec2f0f2 gpgsm: New commands --export-secret-key-{p8,raw}
* sm/gpgsm.c: Add new commands.
* sm/minip12.c (build_key_sequence): Add arg mode.
(p12_raw_build): New.
* sm/export.c (export_p12): Add arg rawmode.  Call p12_raw_build.
(gpgsm_p12_export): Ditto.
(print_short_info): Print the keygrip.
2014-06-03 18:57:33 +02:00
Werner Koch
6dd5d99a61 gpg: Add option --dirmngr-program.
* g10/gpg.c: Add option --dirmngr-program.
* g10/options.h (struct opt): Add field dirmngr_program.
* g10/call-dirmngr.c (create_context): Use new var.

* dirmngr/dirmngr.c: Include gc-opt-flags.h.
(main): Remove GC_OPT_FLAG_*.
* tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ...
* common/gc-opt-flags.h: here.
2014-03-12 18:35:36 +01:00
Ian Abbott
2c3fc4719b doc: fix some Texinfo warnings.
* doc/gpg.texi: Fix syntax and add missing menu entries.
* doc/gpgsm.texi: Fix subsectioning.
--

These five patches fix some warnings from Texinfo 5 by adding some
missing nodes and changing some sections to subsections, and moving an
'@end ifset' to the start of a line.  I also noticed the 'Deprecated
options' subsection didn't appear in the GPG options menu, so I added
it.  (Texinfo never warned about it because it was after the last node
in the menu.)

1) doc/gpg.texi: move '@end ifset' to start of line
2) doc/gpg.texi: Add missing node for 'Compliance options' section.
3) doc/gpg.texi: add node for 'Deprecated options' subsection.
4) doc/gpg.texi: make 'Unattended key generation' a subsection
5) doc/gpgsm.texi: fix subsectioning for Unattended Usage

(all 5 merged into one patch by wk)

(cherry picked from commit 4d67f59a33)

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-07 21:25:27 +02:00
Werner Koch
ff6115227a doc: Formatting fixes.
* doc/Makefile.am (.fig.jpg): Correct to use -L jpeg.
* doc/gpg.texi: Fix cross reference for --options.
* doc/gpgsm.texi: Likewise.
* doc/gpl.texi: Fix enumerate and re-indent examples.
--

Reported-by: Ian Abbott
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-04-19 12:01:22 +02:00
Werner Koch
8a12a2000d gpgsm: Add new validation model "steed".
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute.  Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--

This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html .  The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known).  Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
2011-12-07 16:15:15 +01:00
Werner Koch
5cdad8ff00 gpgsm: Allow arbitrary extensions for cert creation.
* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
(read_parameters): Add new keywords.
(proc_parameters): Check values of new keywords.
(create_request): Add SubjectKeyId and extensions.
(parse_parameter_usage): Support "cert" and the encrypt alias "encr".
2011-12-06 19:57:27 +01:00
Werner Koch
d4fa82e688 Typo fix and remove of some colloquial terms 2011-10-18 16:47:12 +02:00
Werner Koch
5319aa952f Put more options into the options index
Also removed the single letter options from the index.
2011-10-12 17:36:56 +02:00
Werner Koch
663768f9af Minor doc updates v2.0 vs. v2.1) 2011-08-08 10:17:33 +02:00
Bernhard Reiter
f194773540 doc/gpgsm.texi com-certs.pem mini-fix
[[PGP Signed Part:Undecided]]
[1. text/plain]

Example path for com-certs.pem corrected.
[2. text/x-diff; doc.diff]
2011-06-27 16:12:35 +02:00
Werner Koch
00f8b68505 Move parameter file description to the manual. 2011-03-01 17:08:49 +01:00
Werner Koch
a78335c9ce Add new option --with-keygrip 2010-10-08 11:11:08 +00:00
Werner Koch
bfbd80feb9 Exporting secret keys via gpg-agent is now basically supported.
A couple of forward ported changes.
Doc updates.
2010-10-01 20:33:53 +00:00
Werner Koch
af935bd410 Implement --faked-systrem-time for gpg.
Typo and comment fixes.
2009-12-17 17:25:26 +00:00
Werner Koch
a51675fabe Add option --cert-extension. 2009-12-10 13:00:30 +00:00
Werner Koch
cb5491bfaf support numeric debug levels. 2009-12-03 18:04:40 +00:00
Werner Koch
97be197d31 [g13] Add RECIPEINT and CREATE command.
[sm] Chnage --include-certs default
2009-10-19 09:18:46 +00:00
Werner Koch
506aee32fd Typo fixes. Fixes bug#1093 2009-07-22 13:33:46 +00:00
Werner Koch
02e05e28e7 Give hints on files to backup. 2009-07-22 10:24:46 +00:00
Werner Koch
2193992559 Impleemned gpgsm's IMPORT --re-import feature.
Typo fix.
2009-07-07 16:52:12 +00:00
Werner Koch
f6f5430e50 Reworked passing of envars to Pinentry. 2009-07-07 10:02:41 +00:00
Werner Koch
1925cb37f9 Alow batch ode for gpgsm --gen-key.
Allow CSR generation using an existing key with gpgsm.
2009-07-01 18:30:33 +00:00
Werner Koch
990585ad7d Signing using Netkey 3 cards does now work. 2009-03-26 19:27:04 +00:00
Werner Koch
a9c317a95c New gpg-agent command to list key information.
Gpgsm does now print the S/N of cards.
Consider ephemeral keys during listing an export.
2009-03-06 17:31:27 +00:00
Werner Koch
53f1c11adf Small doc fixes. 2008-12-12 14:04:22 +00:00
Werner Koch
d0ca953014 SCD changes for PC/SC under W32. 2008-10-14 18:18:21 +00:00
Werner Koch
969dfd9890 Explain how to delete a secret X.509 key. 2008-10-13 09:29:20 +00:00
Werner Koch
201a348565 Fix !EROFS bug.
Doc updates
2008-08-01 10:51:11 +00:00
Werner Koch
f13c5a48fc Improve certificate chain construction.
Extend PKITS framework
2008-02-19 10:33:35 +00:00
Werner Koch
0819c1e8ca Always search missing certifcates using a running Dirmngr's cache. 2008-02-13 16:47:14 +00:00
Werner Koch
3d39e45a01 Typo and grammer fixes by Justin Pryzby. 2008-01-28 08:03:08 +00:00
Werner Koch
9d66580cff Allow verification of some broken S-TRUST generated signatures. 2007-12-13 15:45:40 +00:00
Werner Koch
e2aefc427e Add support for help stuff to audit.c 2007-12-06 19:02:42 +00:00
Werner Koch
c1270f06fe Document --auto-issuer-key-retrieve. 2007-11-19 16:32:05 +00:00
Werner Koch
d20d11a0ee Documentaion updates.
Support doe Dirmngr under W32.
Fixed a yat2m bug.
2007-08-14 16:50:27 +00:00
Werner Koch
74d344a521 Implemented the chain model for X.509 validation. 2007-08-10 16:52:05 +00:00
Werner Koch
11573b09c4 Typo fixes.
Made --default-key work for gpgsm
Add --default-key and --encrypt-to to gpgconf.
2007-07-17 18:11:24 +00:00
Werner Koch
0b66f30d66 Implemented the --gen-key command as we can't use the gpgsm-gencert.sh under Windows. 2007-06-21 18:44:48 +00:00
Werner Koch
0cfbfd6186 A whole bunch of changes to allow building for Windows.
See the ChangeLogs for details.
2007-06-14 17:05:07 +00:00
Werner Koch
5f3bca9682 Use estream_asprintf instead of the GNU asprintf. 2007-05-15 16:10:48 +00:00
Werner Koch
fd628ffda1 Allow setting of the passphrase encoding of pkcs#12 files.
New option --p12-charset.
2007-03-20 10:00:55 +00:00
Werner Koch
b861561e47 Included LIBICONV in all Makefiles.
g10/
	* passphrase.c (passphrase_get): Set the cancel flag on all error
	from the agent.  Fixes a bug reported by Tom Duerbusch.
sm/
	* gpgsm.c (main): Let --gen-key print a more informative error
	message.
2007-01-31 14:24:41 +00:00
Werner Koch
650293c4f6 sm/
* server.c (skip_options): Skip leading spaces.
(has_option): Honor "--".
(cmd_export): Add option --data to do an inline export.  Skip all
options.

* certdump.c (gpgsm_fpr_and_name_for_status): New.
* verify.c (gpgsm_verify): Use it to print correct status messages.

doc/
* gpgsm.texi (GPGSM EXPORT): Document changes.
2006-11-14 10:23:21 +00:00
Werner Koch
7b8ea82ab6 . 2006-10-23 14:02:13 +00:00
Werner Koch
13e4f5c95c Made buliding w/o curl work 2006-09-26 14:35:24 +00:00
Werner Koch
43ab905823 Various updates 2006-09-21 13:30:45 +00:00
Werner Koch
f132e66f49 Ready for another release 2006-09-18 13:23:18 +00:00
Werner Koch
9577dd45ab Various fixes and new features.
Enhanced gpg-connect-agent.
2006-09-13 15:57:30 +00:00
Werner Koch
90af581b08 doc fixes 2006-09-08 17:02:06 +00:00
Werner Koch
2eb232778a Some fixes as needed by dirmngr man pages 2006-09-04 14:53:20 +00:00
Werner Koch
d8602648b8 See ChangeLogs 2006-08-29 16:18:30 +00:00
Werner Koch
368170215f More man pages. Added include files for 2 common paragraphs. 2006-08-18 13:05:39 +00:00
Werner Koch
e5be94ce45 include support and texi fixes 2006-08-17 19:58:28 +00:00
Werner Koch
6e3e2513d8 More man pages. 2006-08-17 18:01:25 +00:00
Werner Koch
2b587cbf91 Copied gpg.texi over from 1.4.5 and started to restructure it into a proper
documentation file.  Comment tags will eventually allow to build a man page.
The idea is to have more than just a reference manual for the commands and
options while still allowing to build a man page for reference.
2006-08-16 14:54:19 +00:00
Werner Koch
6ec4e8c6a1 Added documentation for qualified signatures 2006-02-14 13:34:23 +00:00
Werner Koch
a2d1673d66 * findkey.c (agent_public_key_from_file): Fixed array assignment.
This was the cause for random segvs.

* call-agent.c (gpgsm_agent_readkey): New.
2005-07-25 14:35:04 +00:00
Werner Koch
3ff9a743bf * configure.ac: Do not build gpg by default.
* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.

* certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates.  This is required because on signature
verification an expired key is fine whereas a revoked one is not.

* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
2005-04-21 09:33:07 +00:00
Werner Koch
cb1840720a (Agent Configuration): New section. 2005-04-20 18:46:51 +00:00
Werner Koch
cf8f6d3cef (stream_read_string): Removed call to abort on
memory error because the CVS version of libgcrypt makes sure
that ERRNO gets always set on error even with a faulty user
supplied function.
2005-02-22 18:08:28 +00:00
Werner Koch
01f3f25158 * preset-passphrase.c (preset_passphrase): Handle --passphrase.
* Makefile.am (gpg_preset_passphrase_LDADD): Reorder libs so that
pwquery may use stuff from jnlib.  Conditionally add -lwsock2
(gpg_protect_tool_LDADD): Ditto.

* preset-passphrase.c (main): Use default_homedir().
(main) [W32]: Initialize sockets.

* simple-pwquery.c (agent_open) [W32]: Implement for W32.
(readline) [W32]: Use recv instead of read.
(writen) [W32]: Use send instead of write.
(my_stpcpy): Define a stpcpy replacement so that this file
continues to be self-contained.
(agent_send_all_options) [W32]: Don't call ttyname.

* gnupg-badge-openpgp.eps, gnupg-badge-openpgp.jpg: New
* gnupg.texi: Add a logo.
* sysnotes.texi: New.

* gpgsm.c (main): Use default_homedir().
(main) [W32]: Default to disabled CRL checks.

* gpgconf-comp.c (get_config_pathname) [DOSISH]: Detect absolute
pathnames with a drive letter.
2004-12-21 19:05:15 +00:00
Werner Koch
581f5ddb17 * configure.ac: Add PATHSEP_C and PATHSEP_S. For W32 let all
directories default to c:/gnupg.  Require libassuan 0.6.9.

* gpg-agent.c (main) [W32]: Now that Mutexes work we can remove
the pth_init kludge.
(main): Add new options --[no-]use-standard-socket.
(check_for_running_agent): Check whether it is running on the
standard socket.

* sysutils.h [W32]: Define sleep.
* util.h: Add prototype for mkdtemp.

* call-agent.c (start_agent): Before starting a pipe server start
to connect to a server on the standard socket.  Use PATHSEP
* call-dirmngr.c (start_dirmngr): Use PATHSEP.

* import.c: Include unistd.h for dup and close.
2004-12-20 16:17:25 +00:00
Werner Koch
c7b97075aa * b64enc.c: Include stdio.h and string.h
* gpgsm.c: New option --prefer-system-dirmngr.
* call-dirmngr.c (start_dirmngr): Implement this option.

* gpgconf-comp.c <dirmngr>: Add the proxy options.
<gpgsm>: Add --prefer-system-daemon.
2004-11-23 17:09:51 +00:00
Werner Koch
5fe61f65dd * gpg.texi: New.
* gnupg.texi: Include gpg.texi

* tools.texi: Add a few @command markups.
* gpgsm.texi: Ditto
* gpg-agent.texi: Ditto.
* scdaemon.texi: Ditto.
2004-09-30 08:38:32 +00:00
Werner Koch
e4ce12abd1 * gpgsm.texi (Configuration Options): Add --log-file.
* gpgconf-comp.c: Made the entries fro GROUPs translatable.
Include i18n.h.
(my_dgettext): Hack to use the gnupg2 domain.
2004-09-29 16:16:47 +00:00
Werner Koch
fc07b029ea * certlist.c (gpgsm_cert_use_ocsp_p): New.
(cert_usage_p): Support it here.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it here.
2004-08-18 14:38:47 +00:00
Werner Koch
066352a6a5 * import.c (check_and_store): Do a full validation if
--with-validation is set.

* certchain.c (gpgsm_basic_cert_check): Print more detailed error
messages.

* certcheck.c (do_encode_md): Partly support DSA.  Add new arg
PKALGO. Changed all callers to pass it.
(pk_algo_from_sexp): New.

tests/pkits: New directory
2004-08-17 15:26:22 +00:00
Werner Koch
f96ad015d8 * gpgsm.c: New option --with-ephemeral-keys.
* keylist.c (list_internal_keys): Set it here.
(list_cert_raw): And indicate those keys.  Changed all our callers
to pass the new arg HD through.
2004-08-06 16:14:10 +00:00
Werner Koch
7158c4db92 Added glossary 2004-06-29 07:16:40 +00:00
Werner Koch
ac791c0a9a * sysutils.c (disable_core_dumps): Only set the current limit.
(enable_core_dumps): New.

* gpgsm.texi (Esoteric Options): Add --debug-allow-core-dump.

* gpgsm.c: New option --debug-allow-core-dump.

* gpgsm.h (opt): Add member CONFIG_FILENAME.
* gpgsm.c (main): Use it here instead of the local var.

* server.c (gpgsm_server): Print some additional information with
the hello in verbose mode.
2004-05-11 09:54:52 +00:00
Werner Koch
236d241aed * gpgsm.c: New command --keydb-clear-some-cert-flags.
* keydb.c (keydb_clear_some_cert_flags): New.
(keydb_update_keyblock, keydb_set_flags): Change error code
CONFLICT to NOT_LOCKED.
2004-04-28 08:59:34 +00:00
Werner Koch
6aaceac7fe The keybox gets now compressed after 3 hours and ephemeral
stored certificates are deleted after about a day.
2004-04-26 08:09:25 +00:00
Werner Koch
bd2d99c4e7 Documented --force-crl-refresh 2004-04-07 18:02:56 +00:00
Werner Koch
aa0e38982a * gpgsm.c (main): New option --debug-ignore-expiration.
* certchain.c (gpgsm_validate_chain): Use it here.

* certlist.c (cert_usage_p): Apply extKeyUsage.
2004-02-20 13:46:21 +00:00
Werner Koch
a1b487a17a * protect-tool.c: New options --have-cert and --prompt.
(export_p12_file): Read a certificate from STDIN and pass it to
p12_build.  Detect a keygrip and construct the filename in that
case.  Unprotcet a key if needed.  Print error messages for key
formats we can't handle.
(release_passphrase): New.
(get_passphrase): New arg PROMPTNO. Return the allocated
string. Changed all callers.

* minip12.c: Revamped the build part.
(p12_build): New args CERT and CERTLEN.

* simple-pwquery.c (agent_open): Don't mangle INFOSTR.

* export.c (export_p12, popen_protect_tool)
(gpgsm_p12_export): New.
* gpgsm.c (main): New command --export-secret-key-p12.
2004-02-19 16:26:32 +00:00
Werner Koch
6c9c5accd1 Described new options 2004-02-18 16:58:29 +00:00
Werner Koch
a5fc1f40c3 Added new options 2004-02-17 15:04:49 +00:00
Werner Koch
cfb33014ae Fixed a build bug (straw letter in sm/import.c) and updated the documentation. 2004-02-04 19:13:16 +00:00
Werner Koch
6b7af47bcc (Certificate Options): Add --{enable,disable}-ocsp. 2003-12-01 10:53:40 +00:00
Werner Koch
e917719928 Taken from NewPG 2003-01-09 13:24:01 +00:00