1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

931 Commits

Author SHA1 Message Date
Werner Koch
4cc5340206
gpgconf,w32: Print more registry diagnostics with --list-dirs.
* tools/gpgconf.c (list_dirs): Figure out classes with the key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-11 11:38:37 +02:00
NIIBE Yutaka
29d58e9de7 build: Simplify for string.h and getopt.h.
* configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h.
* dirmngr/ks-engine-ldap.c: Remove including getopt.h.
* tools/make-dns-cert.c: Likewise.

--

Checking string.h is supported by AC_HEADER_STDC.  Use of getopt.h
is only needed for getopt_long of GNU extention.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-05 14:01:14 +09:00
Werner Koch
73c03e0232
tools: Extend gpg-check-pattern.
* tools/gpg-check-pattern.c: Major rewrite.
--
Signed-off-by: Werner Koch <wk@gnupg.org>

Here is a simple pattern file:

====================
# Pattern to reject passwords which do not comply to
#   - at least 1 uppercase letter
#   - at least 1 lowercase letter
#   - at least one number
#   - at least one special character
# and a few extra things to show the reject mode

# Reject is the default mode, ignore case is the default
#[reject]
#[icase]

# If the password starts with "foo" (case insensitive) it is rejected.
/foo.*/

[case]

# If the password starts with "bar" (case sensitive) it is rejected.
/bar.*/

# Switch to accept mode: Only if all patterns up to the next "accept"
# or "reject" tag or EOF match, the password is accepted.  Otherwise
# the password is rejected.

[accept]

/[A-Z]+/
/[a-z]+/
/[0-9]+/
/[^A-Za-z0-9]+/
=================

Someone™ please write regression tests.
2021-07-29 11:33:24 +02:00
Werner Koch
95d707e093
tools: Tweak ccidmon output.
--
2021-06-25 09:55:52 +02:00
Werner Koch
2c6b62b357
tools: Extend ccidmon to print T=1 APDUs
* tools/ccidmon.c (print_as_ascii): New.
(print_t1_block): New.
(print_p2r_xfrblock): Print APDUs
(print_r2p_datablock): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-22 20:41:47 +02:00
Jiri Kerestes
755a5f1a0e
card: Fix typo in help message
--
Signed-off-by: Jiri Kerestes <jiri.kerestes@trustica.cz>
2021-06-12 18:33:32 +02:00
Werner Koch
14e36bdbe1
gpgtar,w32: Fix file size computation
* tools/gpgtar-create.c (fillup_entry_w32): Move parentheses.
--

Fixes-commit: 8b8925a2bd

The bug is so obvious that I wonder why it was not reported more often
on Windows. (Adding 1 to MAXDWORD (0xfffffff) always gives 0 for the
product).

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-09 20:03:20 +02:00
Werner Koch
31c0aa2ff3
gpgconf: Make runtime changes with different homedir work.
* tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir first.
2021-05-28 19:48:16 +02:00
Jakub Jelen
98c52aeb31
card: Intialize pointer to avoid double free
* tools/gpg-card.c (cmd_salut): Initialize data pointer

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
2021-05-20 14:49:02 +02:00
NIIBE Yutaka
97ba94e52b tools: Fix for --disable-tpm2d.
* tools/gpgconf-comp.c: Conditionalize with BUILD_WITH_TPM2D.

--

GnuPG-bug-id: 5408
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-04-23 11:10:04 +09:00
Werner Koch
2fce99d73a
card: New option --shadow for command list.
* tools/card-call-scd.c (scd_readkey): Add arg create_shadow.
* tools/gpg-card.c (list_one_kinfo): Add arg create_shadow and pass it
down to scd-readkey.  Change all callers to convey this arg.
(cmd_list): Add option --shadow.
2021-04-21 21:04:09 +02:00
Werner Koch
b657d6c3bd
gpgconf: Fix a diagnostic output.
* tools/gpgconf-comp.c (gc_component_launch): Fix diagnostic.
* doc/examples/common.conf: Fix example.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-20 10:27:04 +02:00
Werner Koch
5fe60576d5
build: Fix build problems on macOS for gpgsm tests and gpg-card.
* tools/gpg-card.c: Include ctype.h.
* sm/Makefile.am (t_common_ldadd): Add LIBICONV.
--

GnuPG-bug-id: 5400
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-19 20:17:39 +02:00
Werner Koch
d13c5bc244
gpg,gpgsm: Move use-keyboxd to the new conf file common.conf
* common/comopt.c, common/comopt.h: New.
* common/Makefile.am: Add them.
* g10/gpg.c: Include comopt.h.
(main): Also parse common.conf.
* sm/gpgsm.c: Include comopt.h.
(main): Set a flag for the --no-logfile option.  Parse common.conf.

* tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
pseudo option "use_keyboxd".
(known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
(known_options_gpgsm): Remove "use-keyboxd".

* tests/openpgp/defs.scm (create-gpghome): Create common.conf.

* doc/examples/common.conf: New.
--

Note that --use-keybox still works but prints a warning.  We will
eventually remove this option becuase it was marked as an experimental
feature anyway.

It would be too confusing if gpg and gpgsm use different key storages.
Further, other components (e.g. dirmngr or gpg-wks-client) which call
gpg or gpgsm need to be aware that the keyboxd is used and pass that
option on the command line.  Now that common.conf is always read (even
if --no-options is used) those tools will work instantly.
2021-04-19 11:33:19 +02:00
Jakub Jelen
4c8be54cc4 tools: Fix memory leaks.
* tools/gpgsplit.c (write_part): Free BLOB on error.

--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-04-13 14:26:15 +09:00
Werner Koch
a78475fbb7
gpgconf: Return a new pseudo option compliance_de_vs.
* tools/gpgconf-comp.c (known_pseudo_options_gpg): Add
"compliance_de_vs".
* g10/gpg.c (gpgconf_list): Returh that pseudo option.
--

Of course this will always return false for this version of gnupg.
But as soon as this version has been approved we have everything ready
for a runtime check.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-01 13:11:16 +02:00
Werner Koch
c727951a24
card: New flag --reread for LIST.
* tools/gpg-card.c (cmd_list): Add flag --reread.
* tools/card-call-scd.c (scd_learn): New arg reread.

* tools/card-call-scd.c (release_card_info): Fix releasing of the new
label var.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-01 10:34:06 +02:00
Werner Koch
0d6f276f61
card: Print the key's label if available.
* tools/gpg-card.h (struct key_info_s): Add field 'label'.
* tools/card-call-scd.c (learn_status_cb): Parse KEY-LABEL.
(scd_learn): Always request KEY-LABEL.
* tools/gpg-card.c (nullnone): New.
(list_one_kinfo, list_card): Use it.  Print the label.
--

PKCS#15 defines label which help to understand for what a key is
intended.  Print them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-30 17:28:45 +02:00
Werner Koch
18d884f841
gpgconf: Do not i18n an empty string to the PO files meta data.
* tools/gpgconf-comp.c (my_dgettext): Ignore empty strings.
--

GnuPG-bug-id: 5363
2021-03-28 10:38:42 +02:00
Werner Koch
057131159b
gpgconf: Fix another argv overflow if --homedir is used.
* tools/gpgconf-comp.c (gc_component_check_options): Increase array.
--

I missed to fix that one with the last patch.

Note that there was no problem in 2.2 at thismlocation - probably
because it had been manually backported once.

GnuPG-bug-id: 5366
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-26 16:51:35 +01:00
Werner Koch
d3d57a1bc8
gpgconf: Fix argv overflow if --homedir is used.
* tools/gpgconf-comp.c (gc_component_launch): Fix crasg due to too
small array.
(gpg_agent_runtime_change): Fix error message.
(scdaemon_runtime_change): Ditto.
(tpm2daemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
(keyboxd_runtime_change): Ditto.
--

GnuPG-bug-id: 5366
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-26 14:44:17 +01:00
Werner Koch
73bad368da
card: Add option --use-default-pin to command "login".
* tools/gpg-card.c (cmd_login): Add option.
2021-03-24 14:39:59 +01:00
Werner Koch
a107b24ddb
gpgconf: Fix listing of default_pubkey_algo.
* tools/gpgconf-comp.c (known_options_gpg, known_options_gpgsm): No
flags needed for pseudo options.
(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
(gc_component): Add field known_pseudo_options.
(struct read_line_wrapper_parm_s): New.
(read_line_wrapper): New.
(retrieve_options_from_program): Use read_line_wrapper to handle
pseudo options.
--

GnuPG-bug-id: 5341

Due to reading the list of options from the argparser of the
component, we had no more information about the pseudo options and
thus could not emit them.  Well, there is just one pseudo option right
now, but with this change we have a generalized concept for them:
Pseudo options are used to convey information from a component to
gpgconf; for example build-in values.
2021-03-23 12:16:37 +01:00
Werner Koch
1f5f08376d
gpgconf: Support use-keyboxd.
--

We flag this option as invisible so that it does not show up in a GUI
but it will be possible to grep for the option.
2021-03-22 19:41:44 +01:00
Werner Koch
475644e049
card: Support OpenPGP.1 and OpenPGP.2 for readcert and writecert.
* tools/gpg-card.c (cmd_writecert): Allow the other key references.
(cmd_readcert): Ditto.
--

See previous commit for testing info.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-19 18:28:00 +01:00
Werner Koch
1ac189f2df
card: Print PIN descriptions and fix number of printed retry counters.
* tools/gpg-card.h (struct card_info_s): Add fields nmaxlen, nchvinfo,
and chvlabels.
* tools/card-call-scd.c (release_card_info): Free chvlabels.
(learn_status_cb): Parse CHV-LABEL.  Set nmaxlen and nchvinfo.
* tools/gpg-card.c (list_retry_counter): Print CHV labels.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-18 11:29:31 +01:00
Werner Koch
e4c2d7be22
card: Generalize the CHV counter printing.
* tools/gpg-card.c (list_retry_counter): New.  Factored out from the
other functions.
(cmd_verify): Re-read the chv status.
2021-03-16 18:51:23 +01:00
James Bottomley
62a7854816
tpm2d: Add tpm2daemon code
* tpm2d: New directory.
* Makefile.am (SUBDIRS): Add directory.
* configure.ac: Detect libtss and decide whether to build tpm2d.
* am/cmacros.am: Add a define.
* util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* common/homedir.c (gnupg_module_name): Add tpm2d.
* common/mapstrings.c (macros): Add "TPM2DAEMON".
* tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
* tools/gpgconf-comp.c (known_options_tpm2daemon): New.
(gc_component): Add TPM2.
(tpm2daemon_runtime_change): New.
* tpm2d/Makefile.am: New.
* tpm2d/command.c: New.
* tpm2d/ibm-tss.h: New.
* tpm2d/tpm2.c: New.
* tpm2d/tpm2.h: New.
* tpm2d/tpm2daemon.c: New.
* tpm2d/tpm2daemon.h: New.

---
This commit adds and plumbs in a tpm2daemon to the build to mirror the
operation of scdaemon.  The architecture of the code is that
tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
updated function prefixes (this argues there could be some further
consolidation of the daemon handling code).  Note that although this
commit causes the daemon to be built and installed, nothing actually
starts it or uses it yet.

Command handling
----------------

command.c is copied from the command handler in scd.c except that the
command implementation is now done in terms of tpm2 commands and the
wire protocol is far simpler.  The tpm2daemon only responds to 4
commands

IMPORT:    import a standard s-expression private key and export it to
           TPM2 format.  This conversion cannot be undone and the
           private key now can *only* be used by the TPM2.  To anyone
           who gets hold of the private key now, it's just an
           encrypted binary blob.

PKSIGN:    create a signature from the tpm2 key.  The TPM2 form private
           key is retrieved by KEYDATA and the hash to be signed by
           EXTRA.  Note there is no hash specifier because the tpm2
           tss deduces the hash type from the length of the EXTRA
           data.  This is actually a limitation of the tpm2 command
           API and it will be interesting to see how this fares if the
           tpm2 ever supports say sha3-256 hashes.

PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
	   The tpm2 for private key is retrieved by KEYDATA and the
	   information used to create the symmetric key by EXTRA.

KILLTPM2D: stop the daemon

All the tpm2 primitives used by command.c are in tpm2.h and all the
tpm2 specific gunk is confined to tpm2.c, which is the only piece of
this that actually does calls into the tss library.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Changes from James' patch:

- gpgconf: The displayed name is "TPM" and not "TPM2".  That
  string is used by GUIs and should be something the user
  understands.  For example we also use "network" instead
  of "Dirmngr".
- Removed some commented includes.
- Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
- Silenced a C90 compiler warning and flags unused parameters.
- Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
  files so that make distcheck works.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-10 12:33:08 +01:00
Werner Koch
8c41b8aac3
w32: Always use Unicode for console input and output.
* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
UTF-8 for input and putput.  Switch gettext to UTF-8.
* tools/gpgconf.c (main): Display the input and output codepage if
they differ.
* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
--

With this patch the former patch to use ReadConsoleW and WriteConsoleW
in ttyio.c are kind of superfluous because the ANSI version of these
functions are also able to read/write UTF-8 directly given the console
code page has been set correctly.  However, this seems to work only
with recent versions of Windows-10.

GnuPG-bug-id: 4365
2021-03-05 15:33:40 +01:00
Werner Koch
c032066d6b
kbx: Log debug fixes
--
2021-02-25 17:02:49 +01:00
Werner Koch
54c1f2518e
tools,w32: Add resource and manifest files to all binaries.
--
2021-02-21 12:38:55 +01:00
Werner Koch
4da91414e7
wkd: Install gpg-wks-client under bin and add wrapper for libexec
--

gpg-wks-client is a pretty useful command on the command line.
Thus we now install it at bin and provide a compatibility wrapper.
2021-02-19 12:11:38 +01:00
Werner Koch
5573ab714b
build: Remove now obsolete HAVE_NEWER_LIBGCRYPT AM conditional.
* configure.ac (HAVE_NEWER_LIBGCRYPT): Remove conditional.
* tools/Makefile.am (gpg_pair_tool_SOURCES):  We build it always.
--

This is because we require libgcrypt 1.9 anyway.
2021-02-19 11:05:32 +01:00
Werner Koch
b770393b76
doc: Improve the gpg-card man page.
--
2021-02-11 12:15:49 +01:00
Werner Koch
209b7113f3
tools: Remove the symcryptrun tool.
* tools/symcryptrun.c: Remove.
* tools/Makefile.am: Ditto.
* doc/tools.texi: Remove man page.
* configure.ac: Remove build option and tests used only by this tool.
* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Do not build
symcryptrun.
--

symcryptrun is too ancient to be of any use and has not been tested in
many years.  Thus we should not distribute it anymore.
2021-02-09 18:42:25 +01:00
Werner Koch
a06c79b614
card: List keys of pkcs#15 cards.
* tools/gpg-card.c (list_p15): New.
(list_card): Call it.
2021-02-02 12:40:07 +01:00
Werner Koch
9500432b7a
Require Libgcrypt 1.9
* configure.ac: Require at least Libgcrypt 1.9.0.  Remove all
GCRYPT_VERSION_NUMBER dependent code.
--

Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-19 10:33:03 +01:00
Werner Koch
93d5d7ea2a
tools: Add option --clock to watchgnupg
* tools/watchgnupg.c (print_fd_and_time) [ENABLE_LOG_CLOCK]: Use
clock_gettime.
(print_version): New option --clock.
2021-01-12 09:31:20 +01:00
Werner Koch
c008e8d20e
wkd: Minor permission fix for created files.
* tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file.
(ensure_policy_file): No need to make the policy file group writable.
--

The policy file is rarely changed thus no need to g+w.  Setting +x on
a plain file does not make sense at all.

GnuPG-bug-id: 5214
2020-12-30 15:03:46 +01:00
Werner Koch
c7c88648b7
wks-client: Improve an error message
* tools/gpg-wks-client.c (read_confirmation_request): Print trust
letter.
--

The trust letter gives a hint on what's wrong with the key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-09 10:59:51 +01:00
NIIBE Yutaka
1cd615afe3 gpg,card: Allow no version information of Yubikey.
* g10/call-agent.c (learn_status_cb): Assume >= 2 when no version.
* tools/card-call-scd.c (learn_status_cb): Likewise.

--

GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-07 10:02:17 +09:00
Werner Koch
ad469609b1
card: Let the APDU command prints a description of the status word.
* tools/card-call-scd.c (scd_apdu_strerror): New.
* tools/gpg-card.c (cmd_apdu): Print a description.
--

Pretty convenient to explore smartcards.
2020-11-27 11:28:16 +01:00
Werner Koch
5804db1a13
card: Netkey improvement for passwd.
* tools/gpg-card.c (cmd_passwd) [Netkey]: No Standard/QES menu if the
card does not support it.  Print no error in cases the user canceled.
2020-11-27 10:00:21 +01:00
Werner Koch
e546cc78b7
gpgconf: Yet another fix for --apply-profile.
* tools/gpgconf.c (main): Use gnupg_homedir instead of
default_homedir.  Check for existance of the directory.
--

Fixes-commit: 7d95f2e7e7
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-12 13:09:32 +01:00
Werner Koch
12fd10791f
card: Run factory-reset in locked stated also in gpg-card.
* tools/card-call-scd.c (scd_apdu): Add more pseudo APDUs.
* tools/card-misc.c (send_apdu): Handle them.
* tools/gpg-card.c (cmd_factoryreset): Use lock commands.
--

This is port of the code used with gpg-card-edit.  Note that the
command "apdu" now also understands some extra keywords.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09 14:46:35 +01:00
Werner Koch
7d95f2e7e7
gpgconf: Make sure the homedir exists for --apply-profile.
* tools/gpgconf.c (main) <aApplyDefaults, aApplyProfile>: Create the
standard home directory.
--

This fixes a regression due to the fix for
GnuPG-bug-id: 4867
Before that change gpgsm implictly created the homedir while options
were collected.  It is important to have this so that a login script
can create config files for new users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-04 16:13:05 +01:00
Andre Heinecke
e2659f4bf6
w32: Add windows subsystem variant of gpgconf
* tools/Makefile.am (gpgconf-w32): New target. Builds gpgconf with
subsystem windows.
* build-aux/speedo/w32/wixlib.wxs: Package it.

--
This allows us to create scripts that call gpgconf without opening
a console. Using subsystem windows is better then to just close
the console after start as it avoids the console flashing up.

(cherry picked from commit c366e04958)
2020-11-04 13:50:13 +01:00
NIIBE Yutaka
157f1de64e gpg,tools: Fix detecting OpenPGP card by serialno.
* tools/gpg-card.c (list_openpgp): Use ->apptype to determine card's
APP.
* g10/card-util.c (get_info_for_key_operation): Likewise.
(current_card_status): Even if its SERIALNO is not like OpenPGP card,
it's OpenPGP card when app says so.

--

GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-26 13:49:23 +09:00
Werner Koch
7e22e08e2a
common: New functions gnupg_opendir et al.
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New.  Change all
callers of opendir, readdir, and closedir to use these functions.
--

GnuPG-bug-id: 5098
2020-10-21 17:00:32 +02:00
Werner Koch
18e5dd7b03
Replace all calls to stat by gnupg_stat.
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--

Yet another wrapper for Unicode support on Windows.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 16:38:06 +02:00
Werner Koch
4dcef0e178
Replace most calls to open by a new wrapper.
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New.  Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--

This is yet another step for full Unicode support on Windows.

GnuPG-bug-id: 5098
2020-10-20 14:08:35 +02:00
Werner Koch
390497ea11
Replace most of the remaining stdio calls by estream calls.
--

We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change.  At a
very few places we keep using stdio (for example due to the use of
popen).

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 12:15:56 +02:00
Werner Koch
c94ee1386e
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
2020-10-20 12:15:55 +02:00
Werner Koch
210575d882
dirmngr: Add warning on the use of --add-servers.
* tools/gpgconf-comp.c (known_options_dirmngr): Degrade add-servers to
expert mode.
2020-10-05 17:25:24 +02:00
Werner Koch
357ad9ae29
gpgconf: New option --show-versions.
* tools/gpgconf.c: Include exechelp.h.  New option --show-versions.
(get_revision_from_blurb): New.
(show_version_gnupg): New.
(show_version_libgcrypt): New.
(show_version_gpgrt): New.
(show_versions_via_dirmngr): New.
(show_versions): New.
* tools/gpgconf-comp.c (GPGNAME): Remove unused macro.
* dirmngr/dirmngr.c (main): New internal option --gpgconf-versions.
(get_revision_from_blurb): New.
(gpgconf_versions): New.
--

This option should be helpful to gather information for debugging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-02 12:29:20 +02:00
Werner Koch
acaeba2dbd
keyboxd: Integrate into gpgconf.
* common/asshelp.c (lock_spawning): Use a dedicated name for keyboxd.
* common/homedir.c (keyboxd_socket_name): New.
(gnupg_module_name): Put keyboxd into libexecdir.
* tools/gpgconf-comp.c (known_options_keyboxd): New.
(gc_component): Add entry for keyboxd.
(keyboxd_runtime_change): New.
(gc_component_launch): Support keyboxd.
* tools/gpgconf.c (list_dirs): Emit new item keyboxd-socket.
(main): Also remove keyboxd socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 10:37:41 +02:00
NIIBE Yutaka
dfdcf14738 common,agent,dirmngr,g10,tools: Fix split_fields API.
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.

--

The strings in the ARRAY don't need to be released by caller, as those
are references.  It's easier to follow the code when it's explicitly
const *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 10:20:23 +09:00
Werner Koch
3cf9bb4d73
gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
* dirmngr/server.c (cmd_killdirmngr): Return 0.
* tools/gpg-connect-agent.c (main): Catch signals.
--

And we also print nicer diagnostics.  The reason we need this is that
for example "gpgconf --kill dirmngr" uses gpg-connect-agent to send a
command to dirmngr.  This may results in a SIGPIPE which in turn leads
to an annoying error message from gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 10:50:40 +02:00
NIIBE Yutaka
2bc1ec2944 gpg,tools: Add handling of supported algorithms by a card.
* g10/call-agent.h (struct agent_card_info_s): Add supported_keyalgo.
* g10/call-agent.c (learn_status_cb): Parse KEY-ATTR-INFO.
(agent_release_card_info): Release supported_keyalgo.
* tools/gpg-card.h (struct card_info_s): Add supported_keyalgo.
* tools/card-call-scd.c (learn_status_cb): Parse KEY-ATTR-INFO.
(release_card_info): Release supported_keyalgo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-08 15:34:42 +09:00
Werner Koch
2cd8bae23d
Use only one copy of the warn_server_mismatch function.
* common/asshelp.c (warn_server_version_mismatch): New.  Actually a
slightly modified version of warn_version_mismatch found in other
modules.
* common/status.c (gnupg_status_strings): New.
* g10/cpr.c (write_status_strings2): New.
* g10/call-agent.c (warn_version_mismatch): Use the new unified
warn_server_version_mismatch function.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* g10/call-keyboxd.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
* tools/card-call-scd.c (warn_version_mismatch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-01 20:43:57 +02:00
Werner Koch
a0a4744bd0
scd: New option to APDU command to return the ATR as data.
* scd/command.c (cmd_apdu): Add new option --data-atr.
* tools/gpg-card.c (cmd_apdu): Use that here.  Also fix the --exlen
option and do not print the statusword in atr mode.
* tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a
status word.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-27 11:55:37 +02:00
Werner Koch
ad1254b59d
gpgconf: Silence warnings from parsing the options files
* tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
flag for the arg parser only in --verbose mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 11:09:47 +02:00
Werner Koch
32021dfa5b
gpgconf,w32: New debug command --show-codepages.
* tools/gpgconf.c (aShowCodepages): New.
(opts): New command --show-codepages.
(main) [W32]: Implement
--

This is a Windows helper command to quickly check which code pages are
currently used.  Useful for debugging.  Has no effect on Unix.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 10:38:29 +02:00
Werner Koch
34e7703a96
gpgtar,w32: Handle Unicode file names.
* tools/gpgtar.c (oUtf8Strings): New.
(opts): Add option --utf8-strings.
(parse_arguments): Set option.
* tools/gpgtar.h (opt): Add field utf8strings.
* tools/gpgtar-create.c (name_to_utf8): New.
(fillup_entry_w32): Use that.
(scan_directory): Ditto.
(scan_directory) [W32]: Convert file name to utf8.
(gpgtar_create): Convert pattern.
--

Note that this works only with file names read from a file or if the
specified files on the command line are plain ascii.  When recursing
into a directory Unicode file names work again.  This limitation is
due to  main(int, char**) which can't get the wchar version.  We could
fix that but is needs a bit more work in our init code.

GnuPG-bug-id: 4083
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-21 21:28:28 +02:00
Werner Koch
ba873216ff
gpgtar: Add dummy option --tar
--
GnuPG-bug-id: 3772

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-20 16:11:58 +02:00
Werner Koch
e276f63e4a
gpgtar: Make --files-from and --null work as described.
* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
null_names.  Improve reading from a file.
* tools/gpgtar.c: Make global vars static.
(main): Remove tests for --files-from and --null option combinations.
Pass option variables to gpgtar_create.
--

GnuPG-bug-id: 5027
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-20 15:50:50 +02:00
Werner Koch
6bcb609e1b
Add --chuid to gpg, gpg-card, and gpg-connect-agent.
* g10/gpg.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.  Delay setting of homedir until the new
chuid is done.
* sm/gpgsm.c (main): Delay setting of homedir until the new chuid is
done.
* tools/gpg-card.c (oChUid): New.
(opts): Add --chuid.
(changeuser): New helper var.
(main): Implement --chuid.
* tools/gpg-connect-agent.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-14 12:19:11 +02:00
Werner Koch
d240b5ac27
tools: Install gpgsplit again
--

We will also set the gpgsplit from 1.4 to noninstall.

GnuPG-bug-id: 5023
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-13 11:00:23 +02:00
Werner Koch
d10f45184c
gpgconf: New option --chuid.
* tools/gpgconf.c (oChUid, opts): New option --chuid.
(main): Implement.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-06 16:03:57 +02:00
NIIBE Yutaka
d69f5570ee w32: Add link to $(NETLIB) for -lws2_32.
* dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS).
* sm/Makefile.am (gpgsm_LDADD): Ditto.
* tools/Makefile.am (gpg_wks_client_LDADD): Ditto.

--

GnuPG-bug-id: 4994
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-30 11:34:01 +09:00
NIIBE Yutaka
f484ac2b2d Use gpgrt's new option parser for symcryptrun.
* tools/symcryptrun.c: Follow API change of the new option parser.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-17 15:17:43 +09:00
NIIBE Yutaka
43000b0434 gpg-card: Fix type of historyname.
* tools/gpg-card.c (interactive_loop): Remove const qualifier.

--

Fixes-commit: d70b8769c8
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-17 09:05:26 +09:00
Werner Koch
d70b8769c8
Support a history file in gpg-card and gpg-connect-agent.
* common/gpgrlhelp.c (read_write_history): New.
(gnupg_rl_initialize): Register new function.
* common/ttyio.c (my_rl_rw_history): New var.
(tty_private_set_rl_hooks): Add arg read_write_history.
(tty_read_history): New.
(tty_write_history): New.
* tools/gpg-card.c (HISTORYNAME): New.
(oNoHistory): New enum value.
(opts): New option --no-history.
(cmd_history): New.
(cmds): New command "history".
(interactive_loop): Read and save the history.
* tools/gpg-connect-agent.c (HISTORYNAME): New.
(opts): New option --no-history.
(main): Read and save the history.  New command /history.
--

Yeah, finally we have stored history; I should have added this much
earlier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-02 15:48:55 +02:00
Werner Koch
fb10b6cba4
card: Better detect removed cards. Add TCOS PIN menu.
* tools/card-call-scd.c (scd_change_pin): Add arg 'nullpin'.
* tools/gpg-card.h (struct card_info_s): Add field 'card_removed'.
* tools/gpg-card.c (fixup_scd_errors): New.
(maybe_set_card_removed): New.
(list_one_kinfo): Change type of first arg to get access to INFO.  Set
card_removed flag.
(list_all_kinfo): Improve label alignment.
(cmd_list): Check that the current card is still available.
(cmd_passwd): Add option --nullpin and menu to chnage TCOS PINs.
(dispatch_command): Handle card_removed flag.
(interactive_loop): Ditto.
--

Note that that I was not able to change the NullPIN of the standard
PIN using a Signature V2 Brainpool test card.  Changing the NullPIN of
the QES PIN worked, though.  I checked the commands send to scdaemon
and they were correct - I used the very same command with
gpg-connect-agent last week to set a Pin for a production Brainpool
Signature card.  Thus this might be a problem with this specific test
card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-30 14:41:49 +02:00
Werner Koch
28c069db3b
card: Add password change menu for NKS cards.
* tools/gpg-card.c (cmd_passwd): Add menu for NKS.  Add option
--reset.
--

Note that the resetting does not yet work due to some bug in
app-scd.c
2020-06-25 11:24:35 +02:00
Werner Koch
2d8f060679
gpgconf: Fix regression in --launch and --kill from March
* tools/gpgconf.h (gc_component_id_t): Align order with gc_component
array.
--

Fixes-commit: b4f1159a5b
              gpgconf: Rewrite the gpgconf-comp module
              from 2020-03-12

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-24 12:33:26 +02:00
Werner Koch
4f6e0e12cb
card: Improve openpgp key writing in "writecert".
* tools/card-keys.c (struct export_key_status_parm_s): New.
(export_key_status_cb): New.
(get_minimal_openpgp_key): New.
* tools/gpg-card.c (cmd_writecert): Allow writing a keyblock directly
from an existing gpg key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 16:25:59 +02:00
Werner Koch
2d9592e78f
card: Allow to store and retrieve keyblocks in OpenPGP cards.
* tools/gpg-card.c: Include tlv.h.
(cmd_writecert): Add option --openpgp.
(cmd_readcert): Ditto.
--

We use the CERT object for this and encapsulate the key block in a CMS
object.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-28 15:55:54 +02:00
Werner Koch
ed0759f39b
card: New command "apdu"
* tools/card-call-scd.c (scd_apdu): Add optional arg 'options'.
* tools/gpg-card.c (cmd_apdu): New.
(enum cmdids): Add cmdAPDU.
(dispatch_command): Add command "apdu".
(interactive_loop): Ditto.
--

This command is hidden because it can be used to brick a card.  The
command is basically the same as sending "scd apdu" in
gpg-connect-agent but here we do full decoding and printing in hex.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-28 13:00:27 +02:00
Werner Koch
94d31660c6
card: Update card info after "generate".
* tools/gpg-card.c (cmd_generate): Re-read the card on success.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-27 13:48:20 +02:00
Werner Koch
08310849a2
card: Add command "bye"
* tools/gpg-card.c: Add command "bye" as alias for "quit".
* tools/gpg-connect-agent.c (main): Add "/quit" as alias for "/bye"
2020-05-27 11:43:14 +02:00
Werner Koch
46a3de4b5a
card: Take care of removed and re-inserted cards.
* tools/gpg-card.c (cmd_list): Take care of the need_sn_cmd flag.
(cmd_factoryreset): Clear that flag.
(dispatch_command): Set flag after a reset and after a
CARD_NOT_PRESENT error.
--
2020-05-27 11:27:32 +02:00
Werner Koch
c2a47475ba
card: Implement UID command and print capabilities.
* tools/card-call-scd.c (learn_status_cb): Return the full value for
UIF.  Add info about SM, MCL3, and PD.
* tools/gpg-card.h (struct card_info_s): Add corresponding fields.
* tools/gpg-card.c (list_openpgp): Print capabilities.  Print the
permanent flag for UIF.
(cmd_uif): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-26 16:24:12 +02:00
Werner Koch
9496634745
card: Allow listing of NKS cards.
* tools/card-call-scd.c (learn_status_cb): Always fill chvinfo.
* tools/gpg-card.h (struct card_info_s): Increase size of chvinfo and
chvmaxlen.
* tools/gpg-card.c (list_nks): New.
(print_a_version): Support single part version numbers.
(list_card): Call list_nks.
--

Note that chvmaxlen is not yet used with NKS.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 19:47:07 +02:00
Werner Koch
5ec1f66793
doc: Typo fix in code comment.
--
2020-04-07 16:03:21 +02:00
NIIBE Yutaka
7ee2a9687d tools: Use internal regexp routines.
* tools/gpg-check-pattern.c: Use jimregexp.h.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-04-06 09:38:13 +09:00
Werner Koch
15352b0eac
gpg,card: Use the new MANUFACTURER attribute.
* tools/gpg-card.h (struct card_info_s): Add manufacturer fields.
* tools/card-call-scd.c (release_card_info): Release them.
(learn_status_cb): Parse MANUFACTURER attribute.
* tools/gpg-card.c (get_manufacturer): Remove.
(list_card): Use the new attribute.
* g10/call-agent.h (struct agent_card_info_s): Add manufacturer fields.
* g10/call-agent.c (agent_release_card_info): Release them.
(learn_status_cb): Parse MANUFACTURER attribute.
* g10/card-util.c (get_manufacturer): Remove.
(current_card_status): Use new attribute.
--

This does away with the duplicated OpenPGP vendor tables; they are now
at a better place (app-openpgp.c).

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-03 10:44:32 +02:00
NIIBE Yutaka
ba247a114c gpg: Add regular expression support.
* AUTHORS, COPYING.other: Update.
* Makefile.am (SUBDIRS): Add regexp sub directory.
* configure.ac (DISABLE_REGEX): Remove.
* g10/Makefile.am (needed_libs): Add libregexp.a.
* g10/trustdb.c: Remove DISABLE_REGEX support.
* regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
  regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
* regexp/UnicodeData.txt: New from Unicode.
* regexp/Makefile.am, regexp/parse-unidata.awk: New.
* tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
* tools/Makefile.am: Remove DISABLE_REGEX support.

GnuPG-bug-id: 4843
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-04-03 15:30:08 +09:00
Werner Koch
c1844ca752
gpgconf: Take care of --homedir when reading/updating options.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
(gc_component_check_options): Pass --homedir if needed.
(retrieve_options_from_program): Take care of --homedir.
--

This is related to bug 4882 but different due all the code changes.

GnuPG-bug-id: 4882
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-19 12:43:08 +01:00
Werner Koch
451cd1b392
gpgconf: Further simplify the gpgconf option processing.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list.  Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--

There is no need to read the list of options from the components
unless they convey a default value.  It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed.   Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 19:12:41 +01:00
Werner Koch
6b306f45f4
gpg: New option --auto-key-import
* g10/gpg.c (opts): New options --auto-key-import,
--no-auto-key-import, and --no-include-key-block.
(gpgconf_list): Add them.
* g10/options.h (opt): Add field flags.auto_key_import.
* g10/mainproc.c (check_sig_and_print): Use flag to enable that
feature.
* tools/gpgconf-comp.c: Give the new options a Basic config level.
--

Note that the --no variants of the options are intended for easy
disabling at the command line.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:04:47 +01:00
Werner Koch
b4f1159a5b
gpgconf: Rewrite the gpgconf-comp module.
* tools/gpgconf.h (gc_component_t): Change type to ...
(gc_component_id_t): this.
(GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
directly.
* tools/gpgconf-comp.c: Major rework.
--

The primary reason for this rework is to support the global options.
A second reason is to clean up the code and simplify it so that we do
not anymore need to maintain a list of options in the components _and_
in gpgconf-comp.c.

What we do now is to

 1. Read the option tables directly from the components using
    the new generic --dump-option-table option.  This includes
    the header (group) descriptions.

 2. Read the default values from the components as before using
    --gpgconf-list and update gpgconf's internal tables with
    that info.

 3. Read the options using gpgrt_argparser in the same way as we do
    this in the components.

The changes also do away with the second level notion of backends;
they were only used for dirmngr's extra dirmngr_ldapservers.conf file.
We intend to remove that file and replace it with a regular option so
that it will be similar on how OpenPGP keyservers are specified.

The whole thing will currently be slower than before (in particular on
Windows) but we can optimize that by keeping a cached version of the
option tables and the default values in a per homedir cache file.

There is also some work planned to remove most of the data returned by
--gpgconf-list.  What can also be done is to replace the internal
tables, which list the gpgconf maintainable options, by a configuration
file so that admins are able to maintain the list of these options.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-12 10:16:56 +01:00
Werner Koch
41eb5108ce
gpg: Re-group the options in the --help output.
* g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
use ARGPARSE_ignore and remove the code in the option switch.
--

This looks better and is also required for further simplifications of
gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:18:27 +01:00
Werner Koch
4423e9dcde
gpgconf: Support reading global options (part 2).
* tools/gpgconf-comp.c: Remove all regular option descriptions.  They
are now read in from the component.  Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--

This second part removes all regular option descriptions because they
can be read from the components.  A few were missing in the components
and thus moved to there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 10:09:26 +01:00
Werner Koch
d2425d1495
gpgconf: Support reading global options (part 1).
* tools/gpgconf.c (main): Set the coinfig directories.
* tools/gpgconf-comp.c (gc_backend): Change the name of the config
files.
(struct gc_option): Add new field 'attr'.
(retrieve_options_from_program): Rewrite to use gpgrt_argparser.
--

We need to do larger changes to gpgconf so that it is possible to get
also global config options and their attributes.  The old code worked
along its own list of option and used a generic option file parser.
This has no support for global config files.  We now use
gpgrt_argparser so that we to do exactly the same as the component
does and thus delivers the actual option values as seen by the
component.

This is just a first step and we need to change more things.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-05 16:23:52 +01:00
Werner Koch
178b3772ff
gpgconf: Always use xmalloc.
* tools/gpgconf-comp.c: Fix spelling of "cannot".  Use log_assert
instead of a plain assert.
(gc_percent_escape, percent_deescape): Fail on malloc error.
--

It does not make sense to use xtryalloc and failing then anyway.  We
also should use our wrappers and not a plain realloc.  Everywhere
elese we use the non-formal "can't" so it is better to do the same
here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-03 14:22:10 +01:00
Werner Koch
a94daa6549
card: Add yet another vendor.
--
2020-03-03 13:37:28 +01:00
Werner Koch
3c4ab531eb
card: Add new vendor.
--
2020-03-03 11:55:08 +01:00
Werner Koch
3bc004decd
Use gpgrt's new option parser for the tools.
* agent/preset-passphrase.c: Switch to the new option parser.
* agent/protect-tool.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
--

This is another part of changes.  A followup patch will address the
remaining daemons.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-21 20:28:47 +01:00
Werner Koch
0e8f6e2aa9
gpg: Use gpgrt's new option parser to provide a global conf file.
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h.  Do this also for all main modules which use our option
parser except for gpg.  Replace calls to strusage by calls to
gpgrt_strusage everywhere.

* g10/gpg.c (opts): Change type to gpgrt_opt_t.  Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t.  Rework the option
parser to make use of the new gpgrt_argparser.
--

This is not yet finished but a make check works.  gpg has the most
complex and oldest option handling and thus this is the first
migration target.  SE-Linux checks and version-ed config files are
missing and will be added later.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 11:13:32 +01:00
Werner Koch
ee911df979
card: New option --info for command list and select by s/n.
* tools/gpg-card.c (cmd_list): add option --info.  Factor soem code
out to ...
(print_card_list): new.
--

This change allows to use the printed s/n to sleect another card
instead of using the index.  For example:

  gpg/card> l --cards
  0* D276000124010200FFFE50FF6E060000
  1  D2760001240102000005000000370000

Now select the second card but do not print the entire listing, just
the card index, s/n and applications.  We also select by s/n:

  gpg/card> l --info D2760001240102000005000000370000
  1* D2760001240102000005000000370000

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-19 08:48:55 +01:00
Daniel Kahn Gillmor
0904b8ef34 Spelling cleanup.
No functional changes, just fixing minor spelling issues.

---

Most of these were identified from the command line by running:

  codespell \
    --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
    --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
    doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
    NEWS README README.maint TODO

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 18:07:46 -05:00
Werner Koch
e582d8f5b2
card: Fix openpgp subkey listing.
* tools/gpg-card.c (list_one_kinfo): Fix printing of the subkeys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:38:08 +01:00
Werner Koch
e63f8bee40
card: Take the key creation time from the KEYPAIRINFO
* tools/card-call-scd.c (learn_status_cb): Adjust for recent change.
--

This adjusts for the chnage in scdaemon.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 11:53:32 +01:00
Werner Koch
125c959677
card: Fix parsing of the received card_list.
* tools/card-call-scd.c (scd_cardlist): Allow for SERIALNO without any
apps.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-12 15:17:25 +01:00
Werner Koch
1abfce82bd
card: List more info for an OpenPGP key.
* tools/gpg-card.h (struct pubkey_s): Add field created.
* tools/card-keys.c (parse_key_record): Set that field.
* tools/gpg-card.c (print_shax_fpr): Print the fingerprint without
spaces for easier c+p.
(list_one_kinfo): Print the actual used fingerprint and creation date
from the keyblock.
--

A common problem with OpenPGP cards is that the fingerprint as stored
on the card does not match the actual fingerprint.  Print both values
to be able to investigate such issues.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-12 12:50:38 +01:00
Werner Koch
2c6092bc5d
card: New option --no-key-lookup.
* tools/gpg-card.h (opt): Add var no_key_lookup.
* tools/gpg-card.c (oNoKeyLookup): New const.
(opts): New option --no-key-lookup.
(list_one_kinfo): Add arg no_key_lookup and implement.
(list_all_kinfo): Add arg no_key_lookup.
(list_openpgp, list_piv, list_card): Ditto.
(cmd_list): New option --no-key-lookup.
--

Printing the OpenPGP and X.509 keys used for a specific card key can
be a lengthy operation.  The new command line option and option to
"list" allows to suppress that part of the output.
2020-02-12 11:16:41 +01:00
Werner Koch
6bc7318ef5
card: First code to actually create openpgp keys.
* tools/gpg-card.c (generate_all_openpgp_card_keys): Add demo key
generation.
(generate_key): Allow generatiing one OpenPGP key.
--

This does now allows to create a single OpenPGP key optioanlly with a
specified parameter.  For example to create an auth key:

  gpg-card generate --algo=ed25519 OPENPGP.3

Using option --force will overwrite and already existing key.
scdaemon does here take care of swicthing the key attributes before
generating the key.

TODO: We need to add some more stuff to app-openpgp so that the user
is not annoyed by beeing asked to enter the Admin-PIN twice (change
the key attributes clear the verification state).  gpg's key
generation also needs some tweaks for using an existing card key which
has no key stub in private-keys-v1.d.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-11 14:58:17 +01:00
Werner Koch
6aff8a1328
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 21d9bd8b87)

- Applied respective chnages also to gpg-card and keyboxd.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 16:50:47 +01:00
Werner Koch
438b7881ba
card: Remove command "key-attr" and hack on "generate".
* tools/gpg-card.h (struct key_attr): Remove.
(struct key_info_s): Remove key_attr.  Add keyalgo and keyalgo_id.
* tools/card-call-scd.c (learn_status_cb): Rework the key-attr info.
* tools/gpg-card.c (list_one_kinfo): Always show the algorithm; if
there is no key show the key attributes instead.
(list_openpgp): Do not print the "Key attributes".
(generate_key): Factor the repalce key pormpt out to ...
(ask_replace_keys): new.
(generate_openpgp): Rename to generate_all_openpgp_card_keys and add
an algo parameter.
(generate_generic): Rename to generate_key.  Prepare generation of a
single OpenPGP key.
(cmd_generate): Revamp.
(ask_card_rsa_keysize): Remove.
(ask_card_keyattr): Remove.
(do_change_keyattr): Remove.
(cmd_keyattr): Remove.
(enum cmdids): Remove cmdKEYATTR.
(cmds): Ditto.
(dispatch_command): Ditto.
(interactive_loop): Ditto.
--

This change shows the key attributes of an OpenPGP card instead of the
key's algorithm if no key exists.  It also remove the key-attr command
because for uniformity it is better to do this directly in
scd/app-openpgp.c At least for this new gpg-card tool.

There a couple of other changes but to the generate command but they
are not yet ready.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 14:12:36 +01:00
Werner Koch
9df9996b41
card: Support brainpool curves in the generate command.
* tools/gpg-card.c (cmd_generate): Add brainpool curves and dummy name
"help".

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-09 14:02:59 +01:00
Werner Koch
8bbc4f0d2c
card: Add new OpenPGP card vendor.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-28 15:49:18 +01:00
Werner Koch
da2ccfdbeb
card: Add new OpenPGP card vendor
--
2020-01-21 11:15:47 +01:00
Werner Koch
e0d9181ad1
tools: Let watchgnupg determine the socket name via gpgconf.
* tools/watchgnupg.c: Include sys/wait.h.
(GNUPG_DEF_COPYRIGHT_LINE): Add a default value for standalone
building.
(get_logname): New.
(main): Use a default socket name and add option --homedir.
--

This is quite convenient and saves a lot of typing or shell alias
definitions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-20 16:50:56 +01:00
Werner Koch
7f12fb55f9
gpgconf,w32: Print a warning for a suspicious homedir.
* tools/gpgconf.c (list_dirs): Check whether the homedir has been
taken from the registry.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-17 14:24:24 +01:00
Werner Koch
bd85f9232a
card: Allow switching of cards and applications.
* tools/card-call-scd.c (struct card_cardlist_parm_s): Add field
with_apps.
(card_cardlist_cb): Handle the new with_apps flag.
(scd_switchcard): New.
(scd_switchapp): New.
(scd_applist): New.
(scd_serialno): Pass --all also in --demand mode.

* tools/gpg-card.c (cmd_list): Simplify switching of cards.  Add
switching of alls.  Print a list of apps per card.
--

Note that the output format of "list --card" slightly changes: The
current card is indicated with an asterisk.  That should not harm any
robust parsers which might already be in use.  It is anyway a
development version.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-16 21:28:45 +01:00
Werner Koch
0e48aa0849
scd: Make SERIALNO --all work correctly and use it.
* scd/app.c (maybe_switch_app): Factor reselect code out to ...
(run_reselect): new.
(app_write_learn_status): Tweak diagnostics.
(app_do_with_keygrip): Run reselect if a card has more than one
switchable application.

* agent/call-scd.c (agent_card_serialno): Ditto.
* tools/card-call-scd.c (start_agent): Use option --all with SERIALNO.
(scd_serialno): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-13 12:12:57 +01:00
Werner Koch
50cd1a58f3
wkd: Let --install-key write a template policy file.
* tools/wks-util.c (ensure_policy_file): New.
(wks_cmd_install_key): Call it.
--

GnuPG-bug-id: 4753
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-23 13:49:27 +01:00
Werner Koch
9698761933
Merge branch 'switch-to-gpgk' into master
--
Resolved Conflicts:

* common/asshelp.c: Keep the new code in master for spawing under
Windows.
* g10/Makefile.am: Keep all new file.
* g10/photoid.c: Pass CTRL to pct_expando.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-27 15:44:23 +02:00
NIIBE Yutaka
bb5ed9fe1a build: Build gpg-pair-tool only when there is newer libgcrypt.
* configure.ac (HAVE_NEWER_LIBGCRYPT): New.
* tools/Makefile.am: Conditionalize build of gpg-pair-tool.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-20 14:19:18 +09:00
NIIBE Yutaka
7c81e5cb97 tools: Fix gpg-pair-tool to follow new API.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-19 18:36:11 +09:00
NIIBE Yutaka
b928de70e0 tools: Don't prepare G in gpg-pair-tool.
* tools/gpg-pair-tool.c (create_dh_keypair): Use NULL for G.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-19 18:36:11 +09:00
NIIBE Yutaka
f22a004161 tools: Use new API of libgcrypt for gpg-pair-tool.
* tools/gpg-pair-tool.c (create_dh_keypair): Just use
gcry_random_bytes for secret.  Call gcry_ecc_mul_point
with G to get the public key.
(compute_master_secret): Use gcry_ecc_mul_point.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-19 18:36:11 +09:00
Werner Koch
2a45800b2f
gpgconf: Suggest the use of --gpgconf-test on --launch problems.
* tools/gpgconf-comp.c (gc_component_launch): Change suggestion.
--

GnuPG-bug-id: 4668
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 10:43:53 +02:00
Werner Koch
b3226d91d0
gpg: Use modern spelling for the female salutation.
--
GnuPG-bug-id: 4682

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-22 10:24:16 +02:00
Werner Koch
0611f548bc
tools: New option --keyboxd for gpg-connect-agent.
* configure.ac: New option --keyboxd-pgm.
(KEYBOXD_NAME, KEYBOXD_DISP_NAME): New ac_defines.
* common/util.h: Add substitutes for new error codes.
(GNUPG_MODULE_NAME_KEYBOXD): New.
* common/homedir.c (gnupg_module_name): Support
GNUPG_MODULE_NAME_KEYBOXD.
* common/asshelp.c (SECS_TO_WAIT_FOR_KEYBOXD): New.
(wait_for_sock): Support keyboxd.
(start_new_service): Ditto.
(start_new_keyboxd): New.
* tools/gpg-connect-agent.c: New options --keyboxd and
--keyboxd-program.
(start_agent): Implement new option.
--

This change allows us to test the new keyboxd using our standard
helper.  It also provides the necessary code to start keyboxd on the
fly.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-06 14:57:07 +02:00
Werner Koch
b0e8724b10
wkd: Change client/server limit back to 64 KiB
* tools/wks-receive.c (decrypt_data): Change limit.
--

The former limit ~1MiB of was used during development.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-05 10:33:13 +02:00
NIIBE Yutaka
7c877f942a tools: gpgconf: Killing order is children-first.
* tools/gpgconf-comp.c (gc_component_kill): Reverse the order.

--

The order matters in a corner case; On a busy machine, there was a
race condition between gpg-agent's running KILLAGENT command and its
accepting incoming request on the socket.  If a request by
gpg-connect-agent was accepted, it resulted an error by sudden
shutdown.  This change of the order can remove such a race.

Here, we know backend=0 is none.

GnuPG-bug-id: 4577
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-01 13:07:22 +09:00
NIIBE Yutaka
d5287f43fd tools: Fix error handling for gpg-pair-tool.
* tools/gpg-pair-tool.c (read_message): Initialize ERR.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-20 11:29:27 +09:00
NIIBE Yutaka
1e9d61fb95 gpgparsemail: Die on parse error, printing errno thing.
* tools/gpgparsemail.c (parse_message): Revert the change.
* tools/rfc822parse.c (transition_to_body): Set ERRNO.
(transition_to_header, insert_header): Likewise.

--

In the comment of rfc822parse_* functions, it explicitly explained
setting ERRNO on error.  For parser errors, it may not have
appropriate ERRNO, in such a case, use ENOENT.

Fixes-commit: c13e459ffe
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-07 13:28:07 +09:00
NIIBE Yutaka
c13e459ffe gpgparsemail: Die on parse error (not abort).
* tools/gpgparsemail.c (parse_message): Don't use ERRNO.
* tools/rfc822parse.c (transition_to_body): Return -1.
(transition_to_header, insert_header): Likewise.

--

GnuPG-bug-id: 1977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-06 09:32:58 +09:00
Werner Koch
50c2f76ae6
gpgconf: Before --launch check that the config file is fine.
* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
* tools/gpgconf.c (gpgconf_failure): Call log_flush.
--
GnuPG-bug-id: 4497
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-16 12:25:07 +02:00
Werner Koch
a4be077abd
gpgconf: Support --homedir for --launch.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
gnupg_homedir already returns abd absolute name.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
(gc_component_launch): Support --homedir.
--

GnuPG-bug-id: 4496
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-15 08:52:21 +02:00
Werner Koch
5ed2275892
tools: Some changes to the ccidmon.c debug helper.
--
2019-04-30 08:28:54 +02:00
Daniel Kahn Gillmor
ea7d85ff65 gpgconf: correct capitalization of "Tor"
* tools/gpgconf-comp.cb (gc_options_dirmngr): correct capitalization
of Tor.

--

https://www.torproject.org/docs/faq.html.en#WhyCalledTor says:

> Note: even though it originally came from an acronym, Tor is not
> spelled "TOR". Only the first letter is capitalized. In fact, we can
> usually spot people who haven't read any of our website (and have
> instead learned everything they know about Tor from news articles) by
> the fact that they spell it wrong.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-04-19 11:08:09 -04:00
Werner Koch
bcca3acb87
card: Allow card selection with LIST.
* tools/card-call-scd.c (start_agent): Request serialno only whean
started.
(scd_serialno): Allow NULL for r_serialno.
* tools/gpg-card.c (cmd_factoryreset): Use changed scd_serialno.
(cmd_list): New.
(dispatch_command): Use cmd_list for cmdLIST.
(interactive_loop): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-03 10:27:08 +02:00
Werner Koch
f952226043
common: Extend function pubkey_algo_string.
* common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.
* tools/gpg-card.c (list_one_kinfo): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 18:50:55 +02:00
Werner Koch
97feef8ee9
scd: New option --application-priority.
* scd/scdaemon.c (oApplicationPriority): New.
(opts): Add "application_priority".
(main): Process option.
* scd/app.c (app_update_priority_list): New.
(get_supported_applications): Take apps from global list.

* tools/gpgconf-comp.c (gc_options_scdaemon): Add option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-28 17:38:05 +01:00
Werner Koch
80c069b5e1
card: For passwd add a PIV menu and make the OpenPGP menu optional.
* tools/gpg-card.c (get_selection): New.
(cmd_passwd): Reworked.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-28 14:46:05 +01:00
Werner Koch
2f761251c5
card: Allow "yubikey disable" only for Yubikey-5 and later.
* tools/card-yubikey.c (yubikey_commands): Add new arg INFO and test
for Yubikey-5.
* tools/gpg-card.c (cmd_yubikey): Pass info to yubikey_commands.
--

The configuration can be read from a Yubikey-4 but not be written.
The mode command is also not useful because it allows only the
selection of transports.  It does not allow to disable single
applications based on one transport (like OPGP and PIV).  Thsi patch
shows an appropriate error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-28 10:57:27 +01:00
Werner Koch
70c97a862a
wkd: New command --print-wkd-url for gpg-wks-client.
* tools/gpg-wks-client.c (aPrintWKDURL): New.
(opts): Add option.
(main): Implement.
* tools/wks-util.c (wks_cmd_print_wkd_url): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-25 15:13:59 +01:00
Werner Koch
e847cf1df7
wkd: New command --print-wkd-hash for gpg-wks-client.
* tools/gpg-wks-client.c (aPrintWKDHash): New.
(opts) : Add "--print-wkd-hash".
(main): Implement that command.
(proc_userid_from_stdin): New.
* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
(wks_cmd_print_wkd_hash): New.
--

GnuPG-bug-id: 4418
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-22 11:42:55 +01:00
Werner Koch
bdda31a26b
kbx: Unify the fingerprint search modes.
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
(KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove.  Switch
all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
--

These search modes were added over time and there has until recently
be no incentive to remove the cruft.  With the change for v5 keys I
finally went over all places and allowed the generic fingerprint mode
along with a given length of the fingerprint at all places.
Consequently the other modes can now be removed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 14:55:06 +01:00
Werner Koch
b3a7a51407
gpgtar: Make option -C work for archive creation.
* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.
--

The -C option is pretty useful given that pattern are always relative
to the current directory.  In contrast to GNU tar, the switching is
done only once.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-06 20:08:26 +01:00
Werner Koch
91ae3e7fb6
agent: Re-introduce --enable-extended-key-format.
* agent/gpg-agent.c (oEnableExtendedKeyFormat): Re-introduce.
(parse_rereadable_options): Handle it in a special way.
* agent/protect.c (agent_protect): Be safe and set use_ocb only to 1
or 0.
* tools/gpgconf-comp.c: Add --enable-extended-key-format again.
--

This is required for backward compatible with profiles.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-06 17:58:39 +01:00
Werner Koch
72feb8fa82
gpgtar: Improve error messages.
* tools/gpgtar.h (struct tarinfo_s): New.
* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
global vars more to the top.
(set_cmd): Rename 'cmd' to 'c'.
* tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
messages.
(read_header): Add arg 'info' and update counter.
(skip_data): Ditto.
(gpgtar_list): Pass info object to read functions.
(gpgtar_read_header): Add arg 'info'.
* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
(extract_regular): Add arg 'info' and update counter.
--

This now prints the block number of a header with error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-06 17:46:40 +01:00
Werner Koch
05eff1f662
agent: Default to extended key format.
* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(oEnableExtendedKeyFormat): Remove.
(opts): Make --enable-extended-key-format a dummy option.  Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
--

Extended key format is supported since vesion 2.1.12 which should have
long been replaced by a newer version inh all installations.  Thus for
2.3 we will make use of the extended-key-format by default.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-06 14:09:57 +01:00
Werner Koch
4e1f04a4cd
card: Allow PEM encoded certificates in "writecert".
* tools/gpg-card.c (cmd_writecert): Convert from base64.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-06 12:40:45 +01:00
Werner Koch
772bba34ea
card: Print the keyref also for non-initialized slots.
* tools/gpg-card.c (list_one_kinfo): Add arg label_keyref and change
callers.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-06 10:25:31 +01:00
Werner Koch
8d4af54ddd
card: Print card version. Check for bad Yubikeys.
* scd/app.c (app_new_register): Set card version for Yubikeys.
(app_write_learn_status): Print CARDVERSION and APPVERSION.
* tools/card-call-scd.c (learn_status_cb): Detect them.
* tools/gpg-card.h (struct card_info_s): Add appversion and
cardversion.
* tools/gpg-card.c (list_openpgp): Remove version printing from serial
number.
(print_a_version): New.
(list_card): Print card and app version.
(cmd_generate): Do not allow broken Yubikeys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-05 17:40:08 +01:00
Werner Koch
e897e1e255
scd:piv: Implement import of private keys for Yubikeys.
* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
 callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--

This has been tested with gpgsm and RSA keys.  For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey.  Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm.  However, this does not work completely.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-05 15:49:20 +01:00
Werner Koch
280baee72d
card: Remove the "admin" command.
* tools/gpg-card.c (cmd_passwd): Remove arg allow_admin.
(enum cmdids): Rename cmdAUTHENTICATE to cmdAUTH and cmdFACTORYRESET
to cmdFACTRST.
(cmds): Remove column 'admin_only'.
(interactive_loop): Remove admin_only stuff.
--

That command has always been an annoyance.  Symbols have been renamed
for source cosmetics.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-01 12:20:24 +01:00
Werner Koch
ac485b4f25
conf: New option --show-socket.
* tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
* tools/gpgconf.h: here.
* tools/gpgconf.c (oShowSocket): New.
(opts): Add new option.
(main): Implement new option.
--

This is a convenience options for software which directly connects to
gpg-agent and thus needs to new the socket.  By using --show-socket
along with --launch that software can also autostart the agent or the
dirmngr.  Without this two calls to gpgconf would be required.

Actually the same behaviour can be achieved by running
gpg-connect-agent to query the running gpg-agent's socket via GETINFO.
The gpg-connect also makes sure that the agent is started.  This is
not anymore suggested because gpgconf shall in future be used for all
such things.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-26 13:13:08 +01:00
Werner Koch
28de5c0ea5
card: Rename gpg-card-tool to gpg-card.
* tools/card-tool-keys.c: Rename to card-keys.c.
* tools/card-tool-misc.c: Rename to card-misc.c.
* tools/card-tool-yubikey.c: Rename to card-yubikey.c.
* tools/card-tool.h: Rename to gpg-card.h.
* tools/gpg-card-tool-w32info.rc: Rename to gpg-card-w32info.rc
* doc/card-tool.texi: Rename top gpg-card.texi

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-25 09:34:30 +01:00
Werner Koch
7317aeb3f4
card: Print usage info for each key.
* tools/card-call-scd.c (learn_status_cb): Handle extended
KEYPARIRINFO.
* tools/card-tool.h (struct key_info_s): Add field 'usage'.
* tools/gpg-card-tool.c (list_one_kinfo): Show usage flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-21 12:43:07 +01:00
Werner Koch
3384ba6c1c
card: Print the keyref in the listing.
* tools/gpg-card-tool.c (list_one_kinfo): Print the keyref.
--

The named keys are nice but knowing the actual keyref mapping to them
is also useful.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-21 08:51:54 +01:00
Werner Koch
7e1cd2cd41
card: New command "yubikey".
* tools/card-tool-yubikey.c: New.
* tools/Makefile.am (gpg_card_tool_SOURCES): Add it.
* tools/card-call-scd.c (scd_apdu): Allow returning data.
* tools/card-tool-misc.c (send_apdu): New.  Move from gpg-card-tool.c
and let it return data.  Change all callers.

* tools/gpg-card-tool.c (cmd_writecert): Prepend the certref with the
current application type.
(cmd_yubikey): New.
--

This command allows listing of active applications and to enable or
disable selected applications.  This is in particular useful to
disable the OpenPGP application so that the PIV support can easily be
tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-13 09:49:07 +01:00
Werner Koch
03bf8e967a
common: Provide function to get public key algo names in our format.
* tools/card-tool-misc.c (pubkey_algo_string): Move to  ...
* common/sexputil.c (pubkey_algo_string): here.
--

The new gpg format for public key algorithms is useful at other places
as well.  Thus we make this new function available.  Note that the
code we use in gpg is not based on s-expressions and thus a new
function was required.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-08 12:10:45 +01:00
Werner Koch
a1cb4a940f
card: Make "generate" work for PIV cards.
* tools/card-call-scd.c (scd_genkey_cb): Make createtime optional.
(scd_genkey_cb):  Ditto.  Add arg algo.
* tools/gpg-card-tool.c (cmd_generate): Add options and factor card
specific code out to ...
(generate_openpgp, generate_generic): new functions.
--

This patch keeps the interactive OpenPGP mode but adds a pure command
line mode for other cards; in particular PIV cards.  What we still
need to do is:
 a) Add an interactive mode for PIV cards
 b) Add a command line mode for OpenPGP cards.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-08 11:58:27 +01:00
Werner Koch
b79bc877f2
card: Print the used algorithm of all keys.
* tools/card-call-scd.c (scd_readkey): New.
* tools/card-tool-misc.c (pubkey_algo_string): New.
* tools/gpg-card-tool.c (list_one_kinfo): Print the algo.
--

It is convenient to see the actual algorithm of keys even if no
certificate has yet been created.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-07 20:28:43 +01:00
Werner Koch
df6ba6dfd2
card: Fix a NULL-ptr deref in key listings.
* tools/card-tool-keys.c (get_matching_keys): Fix segv.
* tools/gpg-card-tool.c (main): Init info.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-07 16:28:03 +01:00
Werner Koch
fcec5b40e5
card: Support reading and writing PIV certificates
* scd/app-piv.c (add_tlv): New.
(put_data): New.
(do_writecert): New.
(do_setattr): Remove usused special mode 0.
* tools/gpg-card-tool.c (cmd_writecert): Allow other cards than
OPENPGP.
(cmd_readcert): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-07 11:05:22 +01:00
Werner Koch
090b5f804a
card: Add readline completion for help arguments
--
2019-02-07 08:16:02 +01:00
Werner Koch
e9e876cb55
scd: Implement PIN changing and unblocking for PIV cards.
* scd/app-piv.c: Some refactoring
(do_change_chv): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-06 09:46:23 +01:00
Werner Koch
3231ecdafd
scd: Allow standard keyref scheme for app-openpgp.
* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
"OPENPGP."
* tools/card-call-scd.c (scd_change_pin): Change API to use strings.
* tools/gpg-card-tool.c (cmd_passwd): Adjust for change.
(cmd_unblock): Ditto.
--

The generic keyref allows for better error detection in case a keyref
is send to a wrong card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-05 15:01:45 +01:00
Werner Koch
1c0fa3e6f7
card: Implement non-interactive mode.
* tools/card-tool.h (opt): Add field 'initialized'.
* tools/card-call-scd.c (scd_learn): Set it.
* tools/gpg-card-tool.c (main): Reworked.
(dispatch_command): New.
--

This work is not yet finished because most commands need some tweaks
for non-interactive work.  What you already can do are things like:

 $ gpg-card-tool list -- 'auth <oldkey' \
   -- auth --setkey --raw 123456781234567812345678 -- help auth

Which will list the current card, authenticate using a hex encoded key
from the file "oldkey", set the new admin key to "123...78", and print
help for the auth command.  Note that the -- acts as a delimiter
between commands.  To use a double dash as argument to a command the
entire command must be quoted.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-31 18:57:16 +01:00
Werner Koch
da38325740
card: New command 'authenticate'.
* tools/card-tool-misc.c (hex_to_buffer): New.
* tools/gpg-card-tool.c (get_data_from_file): Change to allow returning
a string.
(cmd_authenticate): New.
(cmds): Add command "authenticate".

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-31 16:06:47 +01:00
Werner Koch
0107984f9f
card: Cache the results from gpg and gpgsm.
* tools/card-tool-keys.c (keyblock_cache): New var.
(release_keyblock): Factor code out to a new do_release_keyblock.  Add
a cache.
(flush_keyblock_cache): New.
(get_matching_keys): Use the cache.
* tools/gpg-card-tool.c (cmds): Add command "reset".
(interactive_loop): Implement reset.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-30 17:51:32 +01:00
Werner Koch
833f27a6a7
card: Print matching OpenPGP and X.509 data.
* tools/card-tool-keys.c: New.
* tools/Makefile.am (gpg_card_tool_SOURCES): Add file.
* tools/card-tool.h (struct pubkey_s, pubkey_t): New.
(struct userid_s, userid_t): New.
(struct keyblock_s, keyblock_t): New.
* common/util.h (GNUPG_PROTOCOL_): New const
* tools/gpg-card-tool.c (aTest): Add temporary command.
(list_one_kinfo): Print info from gpg and gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-30 15:01:34 +01:00
Werner Koch
79bed504e5
card: Support factory reset for Yubikey PIV application.
* scd/app-common.h (struct app_ctx_s): Add field cardtype.
* scd/app.c (app_new_register): Set cardtype for yubikey.
(app_getattr): Add CARDTYPE.
(app_write_learn_status): Emit new attribute.
* scd/app-piv.c (do_getattr): Add CHV-USAGE.
(do_learn_status): Emit it.
* tools/card-tool.h (struct card_info_s): Add field cardtype.
* tools/card-call-scd.c (learn_status_cb): Parse "CARDTYPE".

* tools/gpg-card-tool.c (list_piv): Print PIN usage policy.
(list_card): Print card type.
(cmd_factoryreset): Implement for Yubikey with PIV.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-29 13:46:52 +01:00
Werner Koch
9325c92284
card: Print keyinfo for PIV cards.
* scd/app-piv.c (do_learn_status): Print CHV-STATUS.
* tools/card-tool.h (struct card_info_s): Rename chvretry to chvinfo.
* tools/card-call-scd.c (learn_status_cb): Depend CHV-STATUS on app
type.
* tools/gpg-card-tool.c (list_piv): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-29 09:32:20 +01:00
Werner Koch
237880175f
card: Make printing of key information more flexible.
* tools/card-tool-misc.c: New.
* tools/card-tool.h: Rewored data structures for key infos.
* tools/gpg-card-tool.c: Ditto.
* tools/card-call-scd.c: Ditto.
--

Note that this also changes the way the key information is printed.
Formerly we printed it like:

  Signature key ....: <openpgp-fingerprint>
        created ....: <timestamp>
        keygrip ... : <keygrip>

now we do:

  Signature key ....: <keygrip>
        fingerprint : <openpgp-fingerprint>
        created ....: <timestamp>

This is because a keygrip is always available but a fingerprint and
the creation date are properties of an OpenPGP card.  A standard way
of listing keys is better than one depending on the type of card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-29 09:32:20 +01:00
Werner Koch
1c92510045
card: Implement the bulk of OpenPGP stuff into gpg-card-tool.
* tools/card-call-scd.c: New.
* tools/card-tool.h: new.
* tools/gpg-card-tool.c: Largely extended.
--

gpg-card-tool will eventually replace the --card-edit command of gpg
because it makes more sense to have a multi-protocol aware tool and
not just one for OpenPGP cards.  Most OpenPGP card things works now
but a few, those which require close interaction with gpg, still need
to be implemented.  And of course the whole planned non-interactive
stuff needs to be written.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-27 20:12:00 +01:00
Werner Koch
e6d613711a
card-tool: Add skeleton for new tool
* tools/gpg-card-tool.c: New.
* tools/gpg-card-tool-w32info.rc: New.
* tools/Makefile.am: Add new tool.
--

To support more cards than the OpenPGP card it is useful to have a
separate tool.  It will have have the "gpg --card-edit" style
interactive interface as well as direct command line options for all
commands.  In a first step the OpenPGP card will be supported, to
allow its use as an alternative to the gpg command, and the
forthcoming PIV card support.

The tool can be though as a direct interface to scdaemon.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-22 09:07:24 +01:00
Werner Koch
70a8db0333
wks: Do not use compression for the encrypted data.
* tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
* tools/gpg-wks-server.c (encrypt_stream): Ditto.
--

If for example a server was built without the development packages of
the compression libraries installed, the server will not be able to
decrypt a request.  In theory this can't happen due to the preference
system but it is just to easy to create the server's key using a
different version of gpg and then use gpg-wks-server built
differently.

For the short messages we exchange compression is not really required
and thus we better do without to make the system more robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-18 08:21:03 +01:00
Werner Koch
40c307fa8d
Silence a few compiler warnings new with gcc 8.
* dirmngr/dns.c: Include gpgrt.h.  Silence -Warray-bounds also gcc.
* tools/gpg-pair-tool.c (command_respond): Init two vars to silence
gcc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-17 18:46:26 +01:00
Tomi Leppänen
2c35e67e34
tools: Use POSIX compatible arguments for find
* tools/addgnupghome (filelist): Remove bashism.
2018-12-11 08:42:33 +01:00
Werner Koch
0c36ec241d
wks: Fix filter expression syntax flaw.
* tools/wks-util.c (wks_get_key, wks_filter_uid): The filter
expression needs a space before the value.
(install_key_from_spec_file): Replace es_getline by es_read_line and
remove debug output.
--

A value of starting with '<' was considered an invalid operator due to
our tokenization method.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-04 16:28:27 +01:00
Werner Koch
ba46a359b9
wks: Allow reading of --install-key arguments from stdin.
* tools/wks-util.c (install_key_from_spec_file): New.
(wks_cmd_install_key): Call it.
* tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
* tools/gpg-wks-server.c (main): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-04 15:31:41 +01:00
Werner Koch
73e5b0ec9b
wks: Create sub-directories
* tools/wks-util.c (wks_compute_hu_fname): Stat and create directory
if needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-04 15:31:41 +01:00
Werner Koch
602b190963
wks: Add new commands --install-key and --remove-key to the client.
* tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New.
(opts): Add "--install-key", "--remove-key" and "-C".
(parse_arguments): Parse them.
(main): Check that the given directory exists.  Implement the new
commands.
--

These commands maybe useful to prepare a WKD directory on a non-Unix
box using the standard wks client.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-04 15:31:41 +01:00
Werner Koch
99094c992c
wks: Move a few server functions to wks-util.
* tools/gpg-wks-server.c (write_to_file): Move to ...
* tools/wks-util.c: here.
* tools/gpg-wks-server.c (compute_hu_fname): Move to ...
* tools/wks-util.c (wks_compute_hu_fname): here.
* tools/gpg-wks-server.c (fname_from_userid): Move to ...
* tools/wks-util.c (wks_fname_from_userid): here.
* tools/gpg-wks-server.c (command_install_key): Move to ...
* tools/wks-util.c (wks_cmd_install_key): here and change caller.
* tools/gpg-wks-server.c (command_remove_key): Move to ...
* tools/wks-util.c (wks_cmd_remove_key): here and change callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-04 15:31:41 +01:00
Andre Heinecke
f12fcd9079
w32: Fix linkage of gpg-pair-tool
* tools/Makefile.am (gpg_pair_tool_LDADD): Add W32SOCKLIBS.

--
This is required because parts of libcommon depend on ws2_32.
2018-11-26 13:07:19 +01:00
Werner Koch
56022fb304
Merge branch 'seckey-sync-work' into master
--
2018-11-14 13:37:41 +01:00
Werner Koch
8b8ea802ca
Remove the gpg-zip script.
* tools/gpg-zip.in: Remove.
* m4/tar-ustar.m4: Remove.
--

Note that the script was even not anymore installed.  See also
GnuPG-bug-id: 4252

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-14 13:31:39 +01:00
Werner Koch
6b9f772914
common: Prepare for parsing mail sub-addresses.
* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
implement.  Change all callers to pass false for it.

* common/t-mbox-util.c (run_mbox_no_sub_test): New.
(run_filter): Add arg no_sub.
(main): Call new test and add option --no-sub.
--

Some stats: In the about 5300000 keys on the SKS servers we found 3055
unique mailboxes with a '+' in it.  After removing leading and
trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz")
2697 were left which seem to be valid sub-addresses.

To filter mailboxes out from a line delimited list with
user-ids (e.g. an SQL output), the command

   t-mbox-util --verbose --filter

can be used; to output w/o sub-addresses add --no-sub.

GnuPG-bug-id: 4200
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-12 07:44:33 +01:00
Werner Koch
e3a1e80d13
wks: New option --with-colons for gpg-wks-client.
* tools/gpg-wks.h (opt): Add field with_colons.
* tools/gpg-wks-client.c (oWithColons): New const.
(opts, parse_arguments): Add option --with-colons.
(main): Change aSupported to take several domains in --with-colons
mode.
(command_send): Factor policy getting code out to ...
(get_policy_and_sa): New function.
(command_supported): Make use of new function.
--

In addition to this the --create command now also supports a
submission address only in the policy file.  That means the
submission-address file is not anymore required and can be replaced by
the policy file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-05 20:58:27 +01:00
Werner Koch
f248416bc9
wkd: Add option --directory to the server.
* tools/gpg-wks-server.c (opts): Add '--directory',
(main): Explain how to set correct permissions.
(command_list_domains): Create an empty policy file and remove the
warning for an empty policy file.
--

Note that a policy file is meanwhile required and thus is is useful to
create it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-26 14:56:59 +02:00
Daniel Kahn Gillmor
a7c5d65eb5 all: fix more spelling errors 2018-10-25 16:53:05 -04:00
Daniel Kahn Gillmor
b39ece7d35 headers: fix spelling
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-25 16:53:05 -04:00
Daniel Kahn Gillmor
54eb375ff1 all: fix spelling and typos
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24 15:56:18 -04:00
Werner Koch
378719f25f
tools: Fix FILE memory leak in gpg-connect-agent.
* tools/gpg-connect-agent.c (do_open): dup the fileno and close the
stream.

GnuPG-bug-id: 4220
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 20:04:52 +02:00
Werner Koch
f03928b16c
tools: Replace duplicated code in mime-maker.
* tools/rfc822parse.c (HEADER_NAME_CHARS): New.  Taken from
mime-maker.c.
(rfc822_valid_header_name_p): New.  Based on code from mime-maker.c.
(rfc822_capitalize_header_name): New.  Copied from mime-maker.c.
(capitalize_header_name): Remove.  Replace calls by new func.
(my_toupper, my_strcasecmp): New.
* tools/mime-maker.c: Include rfc822parse.h.
(HEADER_NAME_CHARS, capitalize_header_name): Remove.
(add_header): Replace check and capitalization by new functions.
--

This is a straightforward change with two minor chnages:

- In rfc822parse.c the capitalization handles MIME-Version special.
- The check in mime-maker bow detects a zero-length name as invalid.

my_toupper and my_strcasecmp are introduced to allow standalone use
of that file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-15 11:45:14 +02:00
Werner Koch
faf3c70c77
tools: Add experimental code for a pairing protocol
* configure.ac (GNUPG_CACHE_DIR): New const.
* tools/Makefile.am (libexec_PROGRAMS): Add gpg-pair-tool.
(gpg_pair_tool_SOURCES, gpg_pair_tool_CFLAGS)
(gpg_pair_tool_LDADD): New.
* tools/gpg-pair-tool.c: New.
--

This is a first try on a protocol to pair two devices so that they can
agree on a shared secret to exchange secret keys.  The idea is that if
you want to sync your secret keys to another machine (e.g. from
desktop to mobile) you have physical access to both devices and thus a
pairing protocol allows to authenitcate the connection using a short
string.  See the source for a protocol description.

How to test:

  $ gpg-pair-tool -va --homedir . --initiate >msg.commit
  $ gpg-pair-tool -va --homedir 2ndhome --respond  \
                                        <msg.commit >msg.dhpart1
  $ gpg-pair-tool -va --homedir . --respond \
                                        <msg.dhpart1 >msg.dhpart2
  $ gpg-pair-tool -va --homedir 2ndhome --respond \
                                        <msg.dhpart2 >msg.confirm

Now set the SAS as printed by the responder into SAS and run

  $ gpg-pair-tool -va --homedir . --respond --sas $SAS <msg.confirm

Storing the secret on disk is obviously not the right thing to do.
With the new PUT_SECRET and GET_SECRET commands of gpg-agent we can
change this to store it all in gpg-agent instead.  This will make it
also easier for gpg to access the secret and we won't need an option
to return it from gpg-pair-tool.  Thus gpg-pair-tool can be dedicated
to run the protocol and maybe to popup info dialogs.

Adding a second expiration time for running the protocol in addition
to the expiration of the secret is probably a better idea than just
that simple catch-all TTL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-05 09:40:35 +02:00
Werner Koch
08147f8bbd
wks: Take name of sendmail from configure.
* configure.ac (NAME_OF_SENDMAIL): New ac_define.
* tools/send-mail.c (run_sendmail): Use it.
--

We used to ac_subst the SENDMAIL in the old keyserver via mail script.
We cab reuse this to avoid a fixed name for sendmail in the
send-mail.c helper.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-19 08:07:59 +02:00
Werner Koch
cb52eb76b3
Some preparations to eventuallt use gpgrt_argparse.
* configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New.
* tools/watchgnupg.c (print_version): USe this macro.
* common/init.c (_init_common_subsystems): Register argparse
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-12 16:11:19 +02:00
Werner Koch
f574aabeeb
Merge branch 'STABLE-BRANCH-2-2' into wk-master 2018-03-06 16:26:26 +01:00
Andre Heinecke
e43844c3b0
gpgconf, w32: Allow UNC paths
* tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.

--
The homedir of GnuPG on Windows can be on a network share
e.g. if %APPDATA% is redirected to a network share. The
file API calls work and GnuPG itself works nicely
with such paths so gpgconf should work with them, too.

GnuPG-Bug-Id: T3818
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-02-28 16:33:23 +01:00
Werner Koch
20539ea5ca
Merge branch 'STABLE-BRANCH-2-2' 2018-02-22 16:19:56 +01:00
Werner Koch
685a5e1558
wks: Add special mode to --install-key.
* tools/gpg-wks-client.c (get_key_status_parm_s)
(get_key_status_cb, get_key): Move to ...
* tools/wks-util.c: ...here.
(get_key): Rename to wks_get_key.
* tools/gpg-wks-server.c: Include userids.h.
(command_install_key): Allow use of a fingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-20 15:23:19 +01:00