1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

1177 Commits

Author SHA1 Message Date
NIIBE Yutaka
40707c8bff
agent: Fix resource leak for PRIMARY_CTX.
* agent/call-daemon.c (wait_child_thread): Call assuan_release for
PRIMARY_CTX when it's kept for reuse.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-10-22 09:51:03 +09:00
Werner Koch
4275d5fa7a
agent: Add option --status to the LISTRUSTED command.
* agent/trustlist.c (istrusted_internal): Add arg listmode and print
new status line in this mode.  Adjust callers.
(agent_listtrusted): Add new args ctrl and status_mode.  Get all
trusted keys and then call is_trusted_internal for all of them.

* agent/command.c (cmd_listtrusted): Add new option --status.
--

This allows in a non-restricted connection to list all trusted keys in
one go.
2024-10-01 18:07:32 +02:00
Werner Koch
ca953ae5f7
agent: Replace hack for old Libgcrypt versions for auto-expand-secmem.
* agent/gpg-agent.c (main) <oAutoExpandSecmem>: Use Libgcrypt const.
2024-09-27 10:59:49 +02:00
Werner Koch
19871fa08c
agent: Better diagnostic for a failed key unprotection.
* agent/findkey.c (unprotect): Print a diagnostic if unprotection
failed.
--

GnuPG-bug-id: 6375
2024-09-27 10:55:45 +02:00
Werner Koch
6432d17385
agent: Fix detection of the trustflag de-vs.
* agent/trustlist.c (read_one_trustfile): Fix comparison.
--

Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f
GnuPG-bug-Id: 5079
2024-09-19 10:03:37 +02:00
NIIBE Yutaka
4a4c1efac5
agent: Fix KEYTOCARD for the use case with loopback pinentry.
* agent/command.c (cmd_keytocard): Copy LINE.

--

GnuPG-bug-id: 7283
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-03 14:06:48 +09:00
Werner Koch
1d18c143f4
agent: When diverting to a card show the name of unsupported algos.
* agent/divert-scd.c (divert_pkdecrypt): Improve error message.
2024-08-09 10:08:50 +02:00
Jakub Jelen
dd23441938
agent: Avoid memory leak when handling ssh keys.
* agent/command-ssh.c (ssh_send_available_keys): Close file and
directory on error paths.

--

GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-22 13:40:35 +09:00
Jakub Jelen
be40a33419
agent: Avoid memory leak when handling tpm2.
* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Free memory on
errors.

--

GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-22 13:40:00 +09:00
NIIBE Yutaka
2b19474aab
common: On Windows, we care about how PIPE handles are inherited.
* agent/gpg-agent.c (handle_connections): It's for POSIX.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/app.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
tpm2d/tpm2daemon.c (handle_connections): Ditto.
* tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH.
(do_inbound_pipe): Use GNUPG_PIPE_INBOUND.
(do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND.
* common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound.
(_gpg_decrypt): Likewise.
* common/exechelp-posix.c (gnupg_create_pipe): Add an argument.
* common/exechelp-w32.c (create_pipe_and_estream): Care about
how PIPE handles are inherited to child process.
(gnupg_create_pipe): Add an argument.
* common/exechelp.h: Add enum values.

--

Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 15:15:13 +09:00
NIIBE Yutaka
953dd67368
Use gpgrt_process_spawn API from libgpg-error.
* agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API.
* common/asshelp.c (start_new_service): Ditto.
* common/exechelp.h: Remove gnupg_process_spawn API.
* common/exechelp-posix.c: Remove gnupg_process_spawn implementation.
* common/exechelp-w32.c: Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API.
* common/t-exechelp.c (test_pipe_stream): Remove.
* dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use
the gpgrt API.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto.
* dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h.
* g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API.
* g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto.
* g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h.
* scd/apdu.c: No need to include exechelp.h.
* scd/app.c (report_change): Use the gpgrt API.
* sm/export.c, sm/import.c: No need to include exechelp.h.
* tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap)
(do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the
gpgrt API.
* tools/gpg-auth.c: No need to include exechelp.h.
* tools/gpg-card.c (cmd_gpg): Use the gpgrt API.
* tools/gpg-connect-agent.c: No need to include exechelp.h.
* tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage)
(start_gpg_encrypt): Use the gpgrt API.
* tools/gpgconf-comp.c (gpg_agent_runtime_change)
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Ditto.
* tools/gpgconf.c (show_versions_via_dirmngr): Ditto.
* tools/gpgtar-create.c (gpgtar_create): Ditto.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.

--

GnuPG-bug-id: 7192
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 10:04:16 +09:00
NIIBE Yutaka
c4ff9c5def
agent: Require use of "SCD DEVINFO --watch" command with socket.
* agent/call-scd.c (agent_card_devinfo): Check if client connects
by a socket.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-28 13:51:22 +09:00
NIIBE Yutaka
14400b2fb3
agent: Initialize thread_startup.fd for pipe connection.
* agent/gpg-agent.c (main): Let it have defined value.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-28 13:48:04 +09:00
NIIBE Yutaka
b3f1f2cd19
agent: Handle SCD DEVINFO --watch command in a special way.
* agent/call-scd.c (devinfo_watch_thread): New.
(agent_card_devinfo): New.
(agent_card_scd): Call agent_card_devinfo when it's
DEVINFO_WATCH_COMMAND.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-27 15:29:01 +09:00
NIIBE Yutaka
5d980802ac
agent:daemon: Add an argument to specify requiring socket connection.
* agent/agent.h (daemon_start): Add REQ_SOCK argument.
* agent/call-daemon.c (daemon_start): Support specifying a socket
connection.
* agent/call-scd.c (start_scd): Connection don't care.
* agent/call-tpm2d.c (start_tpm2d): Likewise.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-27 15:26:25 +09:00
NIIBE Yutaka
55559c8b66
agent: Clean up for scdaemon handling.
* agent/call-daemon.c (struct daemon_local_s): Remove G field.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-11 15:36:17 +09:00
NIIBE Yutaka
563bfbb0be
agent: Fix a race condition which results accessing finished scd.
* agent/call-daemon.c (daemon_start): Decision of connection/reuse of
CTX and assignment to ->ctx should be done with the lock.

--

When scdaemon is exiting and agent tries to spawn/connect/reconnect,
there is a race condition between detecting finish of scd and
spawn/connect/reconnect.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-11 15:21:19 +09:00
Werner Koch
fee890a2ab
agent: Silence debug output from the PIN caching.
* agent/call-scd.c (handle_pincache_put): Use log_debug only in cache
debug mode.
2024-06-06 11:59:22 +02:00
Daniel Kahn Gillmor
42b0e9558a
indent: Fix spelling
--

These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.

With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.

GnuPG-bug-id: 7116
2024-05-31 12:28:32 +02:00
NIIBE Yutaka
fc3fde1bde
spawn: Remove spawn callback, introduce gnupg_spawn_actions.
* common/exechelp-posix.c (call_spawn_cb): Remove.
(gnupg_spawn_actions_new, gnupg_spawn_actions_release)
(gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork)
(gnupg_spawn_actions_set_redirect)
(gnupg_spawn_actions_set_inherit_fds): New.
(my_exec, spawn_detached): Use spawn actions.
(gnupg_spawn_helper): Remove.
(gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions.
* common/exechelp-w32.c: Ditto.
* common/exechelp.h: Ditto.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change of
gnupg_process_spawn API.
* common/asshelp.c (start_new_service): Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* common/t-exechelp.c (test_pipe_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Likewise.
* scd/app.c (report_change): Likewise.
* tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd):
Likewise.
* tools/gpg-card.c (cmd_gpg): Likewise.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise.
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-31 15:36:39 +09:00
Jakub Jelen
379fc5569d
agent: Avoid uninitialized access in GENKEY command on parameter error.
* agent/command.c (cmd_genkey): Moved init_membuf to the top.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

This is part of
GnuPG-bug-id: 7129
2024-05-28 16:50:59 +02:00
Werner Koch
bdbf5cee2f
agent: Avoid double free of empty string in the PIN caching.
* agent/call-scd.c (handle_pincache_get): Set PIN to NULL.  Also add
DBG_CACHE conditionals and don't return the pin in the debug output.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
2024-05-28 16:44:18 +02:00
Werner Koch
fdc5003956
agent: Make sure to return success in ephemeral store mode.
* agent/genkey.c (store_key): Clear ERR on success.
--

This fixes a real problem which might let ephemeral store mode fail
randomly.

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
2024-05-28 16:37:25 +02:00
NIIBE Yutaka
9128d81bb7
agent:kem:ecc: Support a key on smartcard.
* agent/agent.h (agent_card_ecc_kem): New.
* agent/divert-scd.c (agent_card_ecc_kem): New.
* agent/pkdecrypt.c (ecc_extract_pk_from_key): New.
(ecc_extract_sk_from_key): New.
(ecc_raw_kem, get_cardkey, ecc_get_curve): New.
(ecc_pgp_kem_decrypt): Support a key on smartcard for ECC.
(composite_pgp_kem_decrypt): Handle a case of a key on smartcard.
* common/sexputil.c (get_ecc_curve_from_key): New.
* common/util.h (get_ecc_curve_from_key): New.

--

GnuPG-bug-id: 7097
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 14:18:03 +09:00
NIIBE Yutaka
02b056ef77
agent:kem: Fix memory leaks.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info
memory.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 13:51:47 +09:00
NIIBE Yutaka
2593dcbceb
agent: Allow NULL for R_PADDING, when calling scd and tpm2d.
* agent/call-scd.c (padding_info_cb): Allow NULL.
(agent_card_pkdecrypt): Likewise.
* agent/divert-scd.c (divert_pkdecrypt): Likewise.
* agent/divert-tpm2.c (divert_tpm2_pkdecrypt): Likewise.

--

It's for RSA PKCD#1 encoding if the decrypt operation removes padding
or not.  When caller knows it's not RSA, this information is no use
and it is better to allow NULL with the variable R_PADDING.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 13:13:04 +09:00
NIIBE Yutaka
a45243548e
agent:kem: Factor out ECC KEM operation from composite KEM.
* agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New.
(composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 15:08:41 +09:00
NIIBE Yutaka
d1f8caafb4
agent: Simplify diverting operation to the smartcard.
* agent/pkdecrypt.c (agent_pkdecrypt): Remove no_shadow_info variable.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 14:01:41 +09:00
Werner Koch
dd650b2c7b
gpg: Support Kyber with Brainpool512r1.
* common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512.
* agent/pkdecrypt.c (ecc_table): Support bp512
* g10/pkglue.c (do_encrypt_kem): Ditto.

* tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384,
and bp512.
* tests/openpgp/privkeys: Add corresponding private keys.
* tests/openpgp/samplemsgs:  Add sample messages for those keys.
--

GnuPG-bug-id: 6815
2024-04-23 17:41:28 +02:00
Werner Koch
f305e703d5
Require Libgcrypt 1.11.0
* configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0
* agent/pkdecrypt.c (struct ecc_params): Move constants to the top.
--

It does not make anymore sense to allow building with older Libgcrypt
versions.  After all PQ key support is a major feature and for this we
need Libgcrypt.
2024-04-23 11:09:40 +02:00
NIIBE Yutaka
af98a3e5fa
agent:kem: More fix for PQC KEM with X448.
* agent/pkdecrypt.c (struct ecc_params): Remove NAME_LEN field.
(ecc_table): Update.
(get_ecc_params): Use strcmp.
(composite_pgp_kem_decrypt): Fix the call of gnupg_kem_combiner.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 16:09:02 +09:00
NIIBE Yutaka
65833eefb2
agent:kem: Support other ML-KEM variants.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about
ML-KEM 512 and 1024.

--

Co-authored-by: Werner Koch <wk@gnupg.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 14:40:27 +09:00
NIIBE Yutaka
d5c6b52e59
agent:kem: Support other ECC curves.
* agent/pkdecrypt.c (ecc_table): New.
(get_ecc_params): New.
(composite_pgp_kem_decrypt): Support other curves.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 14:23:27 +09:00
Werner Koch
61717fb0a7
agent: Add more diagnostics to PQC decryption.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for
correctness.  Add error diagnostics and one extra check.
--

GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
NIIBE Yutaka
f2fd4f1a9e
agent: Rename the function using the word "composite"
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Rename.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-11 15:30:27 +09:00
NIIBE Yutaka
172d53d636
agent: Fix PQC decryption.
* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Change the format
of SEXP in the protocol for symmetric cipher algorithm identifier.

--

GnuPG-bug-id: 7014
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-11 15:30:16 +09:00
Werner Koch
6737e07a9b
doc: Move keyformat.txt to here.
--
2024-04-11 08:27:53 +02:00
Todd Zullinger via Gnupg-devel
87025e5da6
doc: Fix a few typos in agent/keyformat.txt
--

Signed-off-by: Todd Zullinger <tmz@pobox.com>
2024-04-11 08:17:20 +02:00
NIIBE Yutaka
c21237ac27
agent:kem: Externalize FIXED_INFO.
* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code
the value of FIXED_INFO.  Get it from frontend.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 12:52:13 +09:00
NIIBE Yutaka
04b81ec236
common,agent: Factor out KEM functions into common/kem.c.
* common/util.h (compute_kmac256): Remove.
(gnupg_ecc_kem_kdf, gnupg_kem_combiner): New.
* common/kmac.c (compute_kmac256): Don't expose.
(gnupg_ecc_kem_kdf, gnupg_kem_combiner): New.
* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use
gnupg_ecc_kem_kdf and gnupg_kem_combiner.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 11:09:29 +09:00
Werner Koch
03d53c88cc
gpg: Allow to create a Kyber key from keygrips.
* agent/cvt-openpgp.c (extract_private_key): Support Kyber algorithms.
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map KEM to Kyber.
* common/sexputil.c (get_pk_algo_from_key): Increase buffer for use
with "kyber1024".
* g10/call-agent.c (agent_get_keyinfo): Fix warning.
* g10/keygen.c (do_create_from_keygrip): Support Kyber.
(ask_algo): Ditto.
--

To test create a standard key and the use --edit-key and "addkey" with
selection 13 and use the comma delimited keygrips.

GnuPG-bug-id: 7014
2024-04-05 16:16:53 +02:00
Werner Koch
68d9bc9c35
agent: Fix error handling of READKEY.
* agent/command.c (cmd_readkey): Jump to leave on reading error.
--

Fixes-commit: d7a3c455c5e29b19b66772f86dda925064e34896
2024-04-05 14:47:02 +02:00
Werner Koch
ce8b25270b
agent: Make "PKDECRYPT --kem" with optional value work.
* agent/command.c (cmd_pkdecrypt): Fix comparison.

* agent/agent.h (enum kemids): Rename type and strip trailing comma.

* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Allow building
with Libgcrypt < 1.11
--

Eventually we should change the libgcrypt requirement in configure.
2024-04-05 11:22:38 +02:00
NIIBE Yutaka
131dd2a351
agent: Add initial support for hybrid ECC+PQC decryption with KEM.
* agent/agent.h (enum kemid): New.
(agent_kem_decrypt): New.
* agent/command.c (cmd_pkdecrypt): Support --kem option to call
agent_kem_decrypt.
* agent/pkdecrypt.c (reverse_buffer): New.
(agent_hybrid_pgp_kem_decrypt): New.
(agent_kem_decrypt): New.

--

Now, it only supports X25519 + ML-KEM.

GnuPG-bug-id: 7014
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 14:17:25 +09:00
NIIBE Yutaka
c69363e8c7
agent: Add --another option for hybrid crypto.
* agent/agent.h (struct server_control_s): Add have_keygrip1.
* agent/command.c (reset_notify): Clear have_keygrip1 field.
(cmd_havekey): Add --another option handling.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-01 14:38:51 +09:00
Werner Koch
4485930f9f
Merge branch 'STABLE-BRANCH-2-4'
--
Resolved conflicts:
	NEWS
	common/exechelp-w32.c
	configure.ac
2024-03-12 16:00:55 +01:00
Werner Koch
962058f704
Allow tilde expansion for the foo-program options.
* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try
for opt.pinentry_program.  Change definition accordingly.
* g10/gpg.c (main): Use make_filename for agent_program,
dirmngr_program, and keyboxd_program. Change definition accordingly.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-card.c (parse_arguments): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpg-wks-client.c (parse_arguments): Likewise.  Do it also for
option --output.
(process_confirmation_request): Print a note for a successful sent.
--

GnuPG-bug-id: 7017
2024-02-27 10:36:22 +01:00
Werner Koch
adf4db6e20
agent: Allow GET_PASSPHRASE in restricted mode.
* agent/command.c (cmd_get_passphrase): Allow use in restricted mode
but ignore the cacheid.
--

The use case is symmetric encryption via the extra-socket.  To avoid
that the gpg running on the server has access to the cache we set the
cache id to NULL so that the cache is not used at all.
2024-02-25 16:03:54 +01:00
Werner Koch
dfa60c09f5
Merge branch 'STABLE-BRANCH-2-4'
--
Fixed conflicts:
	NEWS
	configure.ac
	doc/gpg.texi
2024-01-26 09:41:00 +01:00
Werner Koch
434a641d40
agent: Add "ephemeral" Assuan option.
* agent/agent.h (struct ephemeral_private_key_s): New.
(struct server_control_s): Add ephemeral_mode and ephemeral_keys.
(GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New.
* agent/genkey.c (clear_ephemeral_keys): New.
(store_key): Add arg ctrl and implement ephemeral_mode.  Change all
callers.
(agent_genkey): Replace args no_protection and preset by a generic new
flags arg.
* agent/findkey.c (wipe_and_fclose): New.
(agent_write_private_key): Add arg ctrl and implement ephemeral_mode.
Change all callers.
(agent_update_private_key): Ditto
(read_key_file): Ditto.
(agent_key_available): Ditto.
* agent/command-ssh.c (card_key_available): Do not update display s/n
in ephemeral mode.  This is however enver triggred.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral
keys.
* agent/command.c (cmd_genkey): Use the new flags instead of separate
vars.
(cmd_readkey): Create a shadow key only in non-ephemeral_mode.
(cmd_getinfo): Add sub-command "ephemeral".
(option_handler): Add option "ephemeral".
--

The idea here that a session can be switched in an ephemeral mode
which does not store or read keys from disk but keeps them local to
the session.

GnuPG-bug-id: 6944
2024-01-22 16:49:54 +01:00