* scd/command.c (cmd_apdu): Add new option --data-atr.
* tools/gpg-card.c (cmd_apdu): Use that here. Also fix the --exlen
option and do not print the statusword in atr mode.
* tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a
status word.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
flag for the arg parser only in --verbose mode.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c (aShowCodepages): New.
(opts): New command --show-codepages.
(main) [W32]: Implement
--
This is a Windows helper command to quickly check which code pages are
currently used. Useful for debugging. Has no effect on Unix.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgtar.c (oUtf8Strings): New.
(opts): Add option --utf8-strings.
(parse_arguments): Set option.
* tools/gpgtar.h (opt): Add field utf8strings.
* tools/gpgtar-create.c (name_to_utf8): New.
(fillup_entry_w32): Use that.
(scan_directory): Ditto.
(scan_directory) [W32]: Convert file name to utf8.
(gpgtar_create): Convert pattern.
--
Note that this works only with file names read from a file or if the
specified files on the command line are plain ascii. When recursing
into a directory Unicode file names work again. This limitation is
due to main(int, char**) which can't get the wchar version. We could
fix that but is needs a bit more work in our init code.
GnuPG-bug-id: 4083
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
null_names. Improve reading from a file.
* tools/gpgtar.c: Make global vars static.
(main): Remove tests for --files-from and --null option combinations.
Pass option variables to gpgtar_create.
--
GnuPG-bug-id: 5027
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid. Delay setting of homedir until the new
chuid is done.
* sm/gpgsm.c (main): Delay setting of homedir until the new chuid is
done.
* tools/gpg-card.c (oChUid): New.
(opts): Add --chuid.
(changeuser): New helper var.
(main): Implement --chuid.
* tools/gpg-connect-agent.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gpgrlhelp.c (read_write_history): New.
(gnupg_rl_initialize): Register new function.
* common/ttyio.c (my_rl_rw_history): New var.
(tty_private_set_rl_hooks): Add arg read_write_history.
(tty_read_history): New.
(tty_write_history): New.
* tools/gpg-card.c (HISTORYNAME): New.
(oNoHistory): New enum value.
(opts): New option --no-history.
(cmd_history): New.
(cmds): New command "history".
(interactive_loop): Read and save the history.
* tools/gpg-connect-agent.c (HISTORYNAME): New.
(opts): New option --no-history.
(main): Read and save the history. New command /history.
--
Yeah, finally we have stored history; I should have added this much
earlier.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/card-call-scd.c (scd_change_pin): Add arg 'nullpin'.
* tools/gpg-card.h (struct card_info_s): Add field 'card_removed'.
* tools/gpg-card.c (fixup_scd_errors): New.
(maybe_set_card_removed): New.
(list_one_kinfo): Change type of first arg to get access to INFO. Set
card_removed flag.
(list_all_kinfo): Improve label alignment.
(cmd_list): Check that the current card is still available.
(cmd_passwd): Add option --nullpin and menu to chnage TCOS PINs.
(dispatch_command): Handle card_removed flag.
(interactive_loop): Ditto.
--
Note that that I was not able to change the NullPIN of the standard
PIN using a Signature V2 Brainpool test card. Changing the NullPIN of
the QES PIN worked, though. I checked the commands send to scdaemon
and they were correct - I used the very same command with
gpg-connect-agent last week to set a Pin for a production Brainpool
Signature card. Thus this might be a problem with this specific test
card.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.h (gc_component_id_t): Align order with gc_component
array.
--
Fixes-commit: b4f1159a5b
gpgconf: Rewrite the gpgconf-comp module
from 2020-03-12
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-card.c: Include tlv.h.
(cmd_writecert): Add option --openpgp.
(cmd_readcert): Ditto.
--
We use the CERT object for this and encapsulate the key block in a CMS
object.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/card-call-scd.c (scd_apdu): Add optional arg 'options'.
* tools/gpg-card.c (cmd_apdu): New.
(enum cmdids): Add cmdAPDU.
(dispatch_command): Add command "apdu".
(interactive_loop): Ditto.
--
This command is hidden because it can be used to brick a card. The
command is basically the same as sending "scd apdu" in
gpg-connect-agent but here we do full decoding and printing in hex.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-card.c (cmd_list): Take care of the need_sn_cmd flag.
(cmd_factoryreset): Clear that flag.
(dispatch_command): Set flag after a reset and after a
CARD_NOT_PRESENT error.
--
* tools/card-call-scd.c (learn_status_cb): Return the full value for
UIF. Add info about SM, MCL3, and PD.
* tools/gpg-card.h (struct card_info_s): Add corresponding fields.
* tools/gpg-card.c (list_openpgp): Print capabilities. Print the
permanent flag for UIF.
(cmd_uif): Implement.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/card-call-scd.c (learn_status_cb): Always fill chvinfo.
* tools/gpg-card.h (struct card_info_s): Increase size of chvinfo and
chvmaxlen.
* tools/gpg-card.c (list_nks): New.
(print_a_version): Support single part version numbers.
(list_card): Call list_nks.
--
Note that chvmaxlen is not yet used with NKS.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-card.h (struct card_info_s): Add manufacturer fields.
* tools/card-call-scd.c (release_card_info): Release them.
(learn_status_cb): Parse MANUFACTURER attribute.
* tools/gpg-card.c (get_manufacturer): Remove.
(list_card): Use the new attribute.
* g10/call-agent.h (struct agent_card_info_s): Add manufacturer fields.
* g10/call-agent.c (agent_release_card_info): Release them.
(learn_status_cb): Parse MANUFACTURER attribute.
* g10/card-util.c (get_manufacturer): Remove.
(current_card_status): Use new attribute.
--
This does away with the duplicated OpenPGP vendor tables; they are now
at a better place (app-openpgp.c).
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
(gc_component_check_options): Pass --homedir if needed.
(retrieve_options_from_program): Take care of --homedir.
--
This is related to bug 4882 but different due all the code changes.
GnuPG-bug-id: 4882
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list. Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--
There is no need to read the list of options from the components
unless they convey a default value. It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed. Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (opts): New options --auto-key-import,
--no-auto-key-import, and --no-include-key-block.
(gpgconf_list): Add them.
* g10/options.h (opt): Add field flags.auto_key_import.
* g10/mainproc.c (check_sig_and_print): Use flag to enable that
feature.
* tools/gpgconf-comp.c: Give the new options a Basic config level.
--
Note that the --no variants of the options are intended for easy
disabling at the command line.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.h (gc_component_t): Change type to ...
(gc_component_id_t): this.
(GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
directly.
* tools/gpgconf-comp.c: Major rework.
--
The primary reason for this rework is to support the global options.
A second reason is to clean up the code and simplify it so that we do
not anymore need to maintain a list of options in the components _and_
in gpgconf-comp.c.
What we do now is to
1. Read the option tables directly from the components using
the new generic --dump-option-table option. This includes
the header (group) descriptions.
2. Read the default values from the components as before using
--gpgconf-list and update gpgconf's internal tables with
that info.
3. Read the options using gpgrt_argparser in the same way as we do
this in the components.
The changes also do away with the second level notion of backends;
they were only used for dirmngr's extra dirmngr_ldapservers.conf file.
We intend to remove that file and replace it with a regular option so
that it will be similar on how OpenPGP keyservers are specified.
The whole thing will currently be slower than before (in particular on
Windows) but we can optimize that by keeping a cached version of the
option tables and the default values in a per homedir cache file.
There is also some work planned to remove most of the data returned by
--gpgconf-list. What can also be done is to replace the internal
tables, which list the gpgconf maintainable options, by a configuration
file so that admins are able to maintain the list of these options.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
use ARGPARSE_ignore and remove the code in the option switch.
--
This looks better and is also required for further simplifications of
gpgconf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c: Remove all regular option descriptions. They
are now read in from the component. Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--
This second part removes all regular option descriptions because they
can be read from the components. A few were missing in the components
and thus moved to there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c (main): Set the coinfig directories.
* tools/gpgconf-comp.c (gc_backend): Change the name of the config
files.
(struct gc_option): Add new field 'attr'.
(retrieve_options_from_program): Rewrite to use gpgrt_argparser.
--
We need to do larger changes to gpgconf so that it is possible to get
also global config options and their attributes. The old code worked
along its own list of option and used a generic option file parser.
This has no support for global config files. We now use
gpgrt_argparser so that we to do exactly the same as the component
does and thus delivers the actual option values as seen by the
component.
This is just a first step and we need to change more things.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c: Fix spelling of "cannot". Use log_assert
instead of a plain assert.
(gc_percent_escape, percent_deescape): Fail on malloc error.
--
It does not make sense to use xtryalloc and failing then anyway. We
also should use our wrappers and not a plain realloc. Everywhere
elese we use the non-formal "can't" so it is better to do the same
here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h. Do this also for all main modules which use our option
parser except for gpg. Replace calls to strusage by calls to
gpgrt_strusage everywhere.
* g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t. Rework the option
parser to make use of the new gpgrt_argparser.
--
This is not yet finished but a make check works. gpg has the most
complex and oldest option handling and thus this is the first
migration target. SE-Linux checks and version-ed config files are
missing and will be added later.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-card.c (cmd_list): add option --info. Factor soem code
out to ...
(print_card_list): new.
--
This change allows to use the printed s/n to sleect another card
instead of using the index. For example:
gpg/card> l --cards
0* D276000124010200FFFE50FF6E060000
1 D2760001240102000005000000370000
Now select the second card but do not print the entire listing, just
the card index, s/n and applications. We also select by s/n:
gpg/card> l --info D2760001240102000005000000370000
1* D2760001240102000005000000370000
Signed-off-by: Werner Koch <wk@gnupg.org>
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* tools/card-call-scd.c (learn_status_cb): Adjust for recent change.
--
This adjusts for the chnage in scdaemon.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-card.h (struct pubkey_s): Add field created.
* tools/card-keys.c (parse_key_record): Set that field.
* tools/gpg-card.c (print_shax_fpr): Print the fingerprint without
spaces for easier c+p.
(list_one_kinfo): Print the actual used fingerprint and creation date
from the keyblock.
--
A common problem with OpenPGP cards is that the fingerprint as stored
on the card does not match the actual fingerprint. Print both values
to be able to investigate such issues.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-card.h (opt): Add var no_key_lookup.
* tools/gpg-card.c (oNoKeyLookup): New const.
(opts): New option --no-key-lookup.
(list_one_kinfo): Add arg no_key_lookup and implement.
(list_all_kinfo): Add arg no_key_lookup.
(list_openpgp, list_piv, list_card): Ditto.
(cmd_list): New option --no-key-lookup.
--
Printing the OpenPGP and X.509 keys used for a specific card key can
be a lengthy operation. The new command line option and option to
"list" allows to suppress that part of the output.
* tools/gpg-card.c (generate_all_openpgp_card_keys): Add demo key
generation.
(generate_key): Allow generatiing one OpenPGP key.
--
This does now allows to create a single OpenPGP key optioanlly with a
specified parameter. For example to create an auth key:
gpg-card generate --algo=ed25519 OPENPGP.3
Using option --force will overwrite and already existing key.
scdaemon does here take care of swicthing the key attributes before
generating the key.
TODO: We need to add some more stuff to app-openpgp so that the user
is not annoyed by beeing asked to enter the Admin-PIN twice (change
the key attributes clear the verification state). gpg's key
generation also needs some tweaks for using an existing card key which
has no key stub in private-keys-v1.d.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C. Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.
* g10/main.h: Put util.h before the local header files.
--
This change is required for use with gcc/ld's LTO feature which does
not allow common blocks. Further gcc 10 will make -fno-common the
default and thus this chnage is always needed. What a pitty.
Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 21d9bd8b87)
- Applied respective chnages also to gpg-card and keyboxd.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-card.h (struct key_attr): Remove.
(struct key_info_s): Remove key_attr. Add keyalgo and keyalgo_id.
* tools/card-call-scd.c (learn_status_cb): Rework the key-attr info.
* tools/gpg-card.c (list_one_kinfo): Always show the algorithm; if
there is no key show the key attributes instead.
(list_openpgp): Do not print the "Key attributes".
(generate_key): Factor the repalce key pormpt out to ...
(ask_replace_keys): new.
(generate_openpgp): Rename to generate_all_openpgp_card_keys and add
an algo parameter.
(generate_generic): Rename to generate_key. Prepare generation of a
single OpenPGP key.
(cmd_generate): Revamp.
(ask_card_rsa_keysize): Remove.
(ask_card_keyattr): Remove.
(do_change_keyattr): Remove.
(cmd_keyattr): Remove.
(enum cmdids): Remove cmdKEYATTR.
(cmds): Ditto.
(dispatch_command): Ditto.
(interactive_loop): Ditto.
--
This change shows the key attributes of an OpenPGP card instead of the
key's algorithm if no key exists. It also remove the key-attr command
because for uniformity it is better to do this directly in
scd/app-openpgp.c At least for this new gpg-card tool.
There a couple of other changes but to the generate command but they
are not yet ready.
Signed-off-by: Werner Koch <wk@gnupg.org>