1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

438 Commits

Author SHA1 Message Date
Werner Koch
21feecd48f gpg: Add pinentry-mode feature.
* g10/gpg.c: Include shareddefs.h.
(main): Add option --pinentry-mode.
* g10/options.h (struct opt): Add field pinentry_mode.
* g10/passphrase.c: Include shareddefs.h.
(have_static_passphrase): Take care of loopback pinentry_mode.
(read_passphrase_from_fd): Ditto.
(get_static_passphrase): New.
(passphrase_to_dek_ext): Factor some code out to ...
(emit_status_need_passphrase): new.
* g10/call-agent.c (start_agent): Send the pinentry mode.
(default_inq_cb): Take care of the PASSPHRASE inquiry.  Return a
proper error code.
(agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
(agent_pkdecrypt): Ditto.
* g10/pubkey-enc.c (get_it): Pass new args.
* g10/sign.c (do_sign): Pass new args.

* g10/call-agent.c (struct default_inq_parm_s): New.  Change all
similar structs to reference this one.  Change all users and inquire
callback to use this struct, instead of NULL or some undefined but not
used structs.  This change will help to eventually get rid of global
variables.
--

This new features allows to use gpg without a Pinentry.  As a
prerequisite the agent must be configured to allow the loopback
pinentry mode (option --allow-loopback-pinentry).  For example

  gpg2 --pinentry-mode=loopback FILE.gpg

may be used to decrypt FILE.gpg while entering the passphrase on the
tty.  If batch is used, --passphrase et al. may be used, if
--command-fd is used, the passphrase may be provided by another
process.  Note that there are no try-again prompts in case of a bad
passphrase.
2013-02-07 20:37:58 +01:00
Werner Koch
fc00d3fcb2 Print the hash algorithm in colon mode key listing.
* g10/keylist.c (list_keyblock_colon): Print digest_algo.
2012-05-24 10:13:39 +02:00
Werner Koch
508ffb4e02 Add an item to NEWS.
--
2012-02-07 10:20:12 +01:00
Werner Koch
001352077c nPth is now a hard requirement for GnuPG.
* configure.ac: Remove cruft to allow building without npth.
--

Previous versions of GnuPG allowed to build a subset of it without
support of Pth.  Meanwhile gpg-agent is a requirement even for gpg and
thus it does not make any sense to allow such a restricted build.
2012-01-25 15:51:08 +01:00
Werner Koch
372fb4fc06 gpg: Allow use of a standard space separated fingerprint.
* common/userids.c (classify_user_id): Check for space separated GPG
fingerprint.
2012-01-06 13:36:47 +01:00
Werner Koch
97d1c884e6 Post-release version number update 2011-12-20 17:10:28 +01:00
Werner Koch
8e47f1e576 Prepare for the beta3 release. 2011-12-20 15:55:43 +01:00
Werner Koch
45cf9de341 agent: Pass comment lines from scd verbatim thru gpg-agent.
* agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
* tools/gpg-connect-agent.c (help_cmd_p): New.
(main): Treat an "SCD HELP" the same as "HELP".
2011-12-14 15:42:28 +01:00
Werner Koch
81389383a3 Made the KILLAGENT and KILLSCD commands working again.
This requires that GnuPG is build with a newer version of Libassuan
(2.0.3).
2011-08-10 11:47:04 +02:00
Werner Koch
d479906991 Support a confirm flag for ssh.
This implements the suggestion from bug#1349.  With this change the
fingerprint of the ssh key is also displayed in the pinentry prompts.
2011-07-20 20:49:41 +02:00
Werner Koch
37228cfa05 Allow generation of card keys up to 4096 bit.
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg.  This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.

Note: the card key generation in gpg is currently broken.  The keys
are generated but it is not possible to create the self-signature
because at that time the gpg-agent does not yet know about the new
keys and thus can't divert the sign request to the card.  We either
need to run the learn command right after calling agent_scd_genkey or
implement a way to sign using the currently inserted card.  Another
option would be to get rid of agent_scd_genkey and implement the
feature directly in agent_genkey.
2011-06-16 14:27:33 +02:00
Werner Koch
817f07173c Fixed regression in OpenPGP secret key export.
The protection used in the exported key used a different iteration
count than given in the S2K field.  Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again.  Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
2011-04-26 20:39:09 +02:00
Werner Koch
87a6a1c3fe Post beta release updates 2011-03-08 14:00:04 +01:00
Werner Koch
444f2fe1cd Prepare for 1.5.0beta2 2011-03-08 12:56:45 +01:00
Werner Koch
28c157b55c Support X.509 certificate creation.
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.

Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file.  An example parameter file
is

    Key-Type: RSA
    Key-Length: 1024
    Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
    Key-Usage: sign, encrypt
    Serial: random
    Name-DN: CN=some test key
    Name-Email: foo@example.org
    Name-Email: bar@exmaple.org
    Hash-Algo: SHA384
    not-after: 2038-01-16 12:44

This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm.  The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
2011-03-01 14:42:56 +01:00
Werner Koch
0b5bcb40cf Finished ECC integration.
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week.  Adjusted my own ChangeLog
entries to be consistent with that entry.

Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future.  "git diff -b" is useful
to read the actual changes ;-).

The ECC-INTEGRATION-2-1 branch can be closed now.
2011-02-03 16:35:33 +01:00
Werner Koch
2b933ae8f6 Fix for bug#1313. de.po update. 2011-01-20 15:11:25 +01:00
Werner Koch
2732f2ff3f Fix bug #1311. 2011-01-10 11:37:57 +01:00
Werner Koch
5fd7ff3488 Tweaks for gpgconf.
Fixed dirmngr bug 1010.
2010-12-14 19:17:58 +00:00
Werner Koch
fcb5f7d08f s/AES/AES128/ in diagnostics and --list-config 2010-12-02 15:49:02 +00:00
Werner Koch
b3f9e2130e Change stack size for Wince.
Allow for a longer agent atartup under wince.
Print gpg output via estream.
2010-11-23 18:46:41 +00:00
Werner Koch
2c982dcf86 Fix bug where scdaemon kills a non-daemon gpg-agent. 2010-11-11 15:07:37 +00:00
Werner Koch
dc5150db78 Honor TMPDIR. 2010-10-27 07:37:52 +00:00
Werner Koch
0f721abddf Update scripts etc. 2010-10-26 12:25:47 +00:00
Werner Koch
54591341a4 More agent support for gpg. 2010-10-13 15:57:08 +00:00
Werner Koch
002b30e75c Import fixes.
new otion for watchgnupg
2010-10-06 11:29:10 +00:00
Werner Koch
bfbd80feb9 Exporting secret keys via gpg-agent is now basically supported.
A couple of forward ported changes.
Doc updates.
2010-10-01 20:33:53 +00:00
Werner Koch
daab9aff3a Merge secret keys during import 2010-09-02 15:11:51 +00:00
Werner Koch
87fac99112 Import OpenPGP keys into the agent. 2010-08-31 15:58:39 +00:00
Werner Koch
15330f36a7 Reworked the posix and w32 exechelpers. 2010-08-20 12:18:38 +00:00
Werner Koch
7e752a4208 Auto-start dirmngr. 2010-08-16 11:03:43 +00:00
Werner Koch
a22c38baad Some work on the dirmngr 2010-07-23 16:16:14 +00:00
Werner Koch
c3f08dcb72 Merged Dirmngr with GnuPG.
A few code changes to support dirmngr.
2010-06-09 16:53:51 +00:00
Werner Koch
51e2703abe Auto starting the agent does now work on CE. 2010-05-04 15:21:47 +00:00
Werner Koch
53c636c4c6 ./autogen.sh --build-w32ce does now succeed. 2010-04-14 14:39:16 +00:00
Werner Koch
2cf687cb3e First batch of changes to support W32CE.
Note that jnlib/w32-reg.c is not yet ready.
2010-02-26 18:44:36 +00:00
Werner Koch
4d693033ab Implement dynamic S2K count computation. 2009-12-14 20:12:56 +00:00
Werner Koch
a51675fabe Add option --cert-extension. 2009-12-10 13:00:30 +00:00
Werner Koch
9a96043be4 Unification of the search descriptor usage. 2009-12-08 16:30:33 +00:00
Werner Koch
85d778b9f6 Use ADNS for PKA and SRV records if no other resolver is available. 2009-12-07 15:52:27 +00:00
Werner Koch
49b00ffd67 allow for default algorithms in a gpg parameter file 2009-12-04 19:47:54 +00:00
Werner Koch
cb5491bfaf support numeric debug levels. 2009-12-03 18:04:40 +00:00
Werner Koch
9e83404751 More stuff for the audit-log. 2009-12-02 18:33:59 +00:00
Werner Koch
536b6ab09f Keep on hacking on g13. A simple --create and --mount does now work.
A hacked up encfs is required.
2009-10-13 19:17:24 +00:00
Werner Koch
b46c353318 Start a new development branch.
Translations are for now disabled.
2009-09-21 18:26:52 +00:00
Werner Koch
fd38b9227e Post release version bumb 2009-09-04 17:52:40 +00:00
Werner Koch
7d0f99aa91 preparae release 2009-09-04 13:38:16 +00:00
Werner Koch
25659d66f1 Ask to insert the right OpenPGP card. 2009-08-11 10:56:44 +00:00
Werner Koch
31084d6dc9 Support writing of existing keys with non-matching key sizes. 2009-07-09 14:54:18 +00:00
Werner Koch
e50cac1d84 Changed default hash algorithm preferences 2009-07-09 08:52:31 +00:00