* g10/keygen.c (parse_expire_string_with_ct): Use new function
scan_secondsstr.
(parse_creation_string): Ditto.
--
Noet that we cap the seconds at the year 2106.
GnuPG-bug-id: 6736
Modelled after key_expires/key_expires_d.
This should be useful to detect upcoming certification expiry, so the
certifications can be renewed in advance of the expiry.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* g10/trustdb.c (tdb_clear_ownertrusts): Detect stale validity
records.
--
GnuPG-bug-id: 6399
This problem was introduced by an actually very useful patch
2002-12-13 David Shaw <dshaw@jabberwocky.com>
[...]
* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.
[the last part]
The bug exhibited itself only after signing a key, deleting that key
and then re-importing the original non-signed key.
* g10/keygen.c (parse_expire_string_with_ct): New function, optionally
supply the creation time.
(parse_expire_string): Use parse_expire_string_with_ct with no
creation time.
(proc_parameter_file): Use parse_expire_string_with_ct possibly with
the creation time.
--
Cherry-pick from master commit of:
b07b5144ff6a9208ea27fe1e1518270bd22b382c
GnuPG-bug-id: 5252
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/iobuf.c (iobuf_get_filelength): Change return type to
uint64_t and remove the overflow args. For Windows always use
GetFileSizeEx which is available since the long EOL-ed Windows XP.
* g10/sign.c (write_plaintext_packet): Adjust for changed
iobuf_get_filelength.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto.
* g10/photoid.c (generate_photo_id): Ditto. Also add an upper limit.
* g10/filter.h (progress_filter_context_t): Change amount values to
use uint64_t.
* g10/progress.c (write_status_progress): Change accordingly.
--
GnuPG-bug-id: 6534
* g10/import.c (impex_filter_getval): Support new filter properties.
--
Here is how to list all subkeys expiring in the year 2061:
gpg --list-keys --list-filter
'select= sub/key_expires_d -gt 2061-01-01 \
&& sub/key_expires_d -lt 2061-12-31'
To list all primary key expirations, use the "pub/" prefix and to list
all expiration dates use no prefix.
GnuPG-bug-id: 6509
* g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK.
* g10/getkey.c (finish_lookup): Skip ADKS keys.
--
If a key is searched by fingerprint or keyid and it happens that this
is an ADSK (subkey with the RENC usage), we need to skip this key
because it is not the key we actually want to encrypt to. The actual
ADSK key is taken later by looking at all subkeys of the actual
selected key.
This is related to
GnuPG-bug-id: 6504
* g10/keyedit.c (no_usable_encr_subkeys_warning): New.
(keyedit_menu): Call it after running an expire command.
* g10/import.c (import_one_real): Call it in the show_key case.
--
* kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k
(stream_buffers): New var.
(keybox_set_buffersize): New.
(_keybox_ll_open, _keybox_ll_close): Implement buffering.
* sm/gpgsm.c (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.
* g10/gpg.c: Include keybox.h.
* (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.
--
Running a test on Windows using a pubring.kbx with
Total number of blobs: 2098
openpgp: 1294
x509: 803
and a size of 42MiB with
gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul
gives these performance figures using procmon
| N(k) | file events | time(s) |
|------+-------------+---------|
| 0 | 4900000 | 86 |
| 16 | 2456000 | 58 |
| 32 | 1233000 | 43 |
| 64 | 622000 | 37 |
| 128 | 317000 | 32 |
| 256 | 164000 | 31 |
| 512 | 88000 | 30 |
Using _open instead of CreateFile give the same number of file events
but increased the time slight by one second for the measured buffer
size of 64k and 128k. Benchmarks for gpg have not been conducted.
* g10/import.c (do_transfer): Force the overridden key import
even when smartcard is available.
--
Fixes-commit: 2c1297055041b4657ea1a927acac978c2b09a483
GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/command.c (cmd_keytocard): Add new arg for ECDH params.
* scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to
compute the fingerprint.
* g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str.
* g10/keyid.c (ecdh_param_str_from_pk): New.
* g10/card-util.c (card_store_subkey): Pass ECDH params to writekey.
* g10/keygen.c (card_store_key_with_backup): Ditto.
* scd/app-openpgp.c (store_fpr): Add arg update.
(rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid
writing the fingerprint back to the card if not set.
(read_public_key): Also add arg meta_update.
(get_public_key): Do not pass it as true here...
(do_genkey): ... but here.
(rsa_write_key, ecc_writekey): Force string the fingerprint.
--
The problem showed up because in 2.4 we changed the standard ECDH
parameter some years ago. Now when trying to write an ECDH key
created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong
fingerprint and thus gpg was not able to find the key again by
fingerprint.
The patch also avoids updating the stored fingerprint in certain
situations.
This fix is somewhat related to
GnuPG-bug-id: 6378
* g10/card-util.c (current_card_status): Print a hint for fishy
outputs.
(enum cmdids): Add cmdOPENPGP.
(cmds): Add "openpgp".
(card_edit): Implement that command.
--
If a Yubikey has been used in PIV mode the initial listing does not
look correct. Although we explicitly switch to the OpenPGP app when
needed, we don't want to do this in listing mode. Instead we offer a
new command "openpgp" to force the openpgp mode. The ultimate goal
will be to enhance the gpg-card tool to completely take over the
--card-edit features. But we are not yet there.
GnuPG-bug-id: 6462
* g10/call-agent.c (agent_scd_switchapp): New.
* g10/card-util.c (get_info_for_key_operation): Call it.
--
It may happen that the active card was last used for PIV and in that
case certain commands will fail because they assume the OpenPGP app.
Fortunately we have a pretty central place to assure that the right
app has been selected.
The bug can be easily noticed on Windows.
GnuPG-bug-id: 6378
* g10/import.c (transfer_secret_keys): Only emit a warning when secret
key is not encrypted.
--
Fixing-commit: dbfb7f809b89cfe05bdacafdb91a2d485b9fe2e0
GnuPG-bug-id: 6322
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/homedir.c (gnupg_maybe_make_homedir): Also create a
common.conf.
* g10/keydb.c: Include comopt.h.
(maybe_create_keyring_or_box): Detect the creation of a common.conf.
* g10/gpg.c (main): Avoid adding more resources in this case.
* sm/keydb.c: Include comopt.h.
(maybe_create_keybox): Detect the creation of a common.conf.
* common/comopt.h (comopt): Remove the conditional "extern".
* g10/card-util.c (card_store_subkey): Add arg processed_keys.
* g10/keyedit.c (keyedit_menu): Delete secret key.
--
This used to work using the gpg-agent: learn we called at "save" time.
However, the recent change inhibited the creation of a shadow key by
learn if a regular key still exists. Now we do an explicit delete key
at save time. This syncs the behaviour with the description of the
man page.
GnuPG-bug-id: 6378
* g10/free-packet.c (copy_public_key): Factor some code out to ...
(copy_public_key_basics): new.
* g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints.
* g10/packet.h (PUBKEY_USAGE_RENC): Fix value.
(SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c.
(SIGNHINT_ADSK): New.
(PKT_public_key): Change pubkey_usage from byte to u16.
(PKT_user_id): Cosmetic fix: change help_key_usage from int to u16.
* g10/getkey.c (parse_key_usage): Make public.
* g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in
account.
* g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK.
(make_keysig_packet): Ditto.
(do_sign): No time warp check in ADSK mode.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/keygen.c (struct opaque_data_usage_and_pk): Remove.
(write_keybinding): Do not use the removed struct.
(do_add_key_flags): Support PUBKEY_USAGE_RENC and others.
(keygen_add_key_flags_and_expire): Rewrite and make public.
* g10/keyedit.c (enum cmdids): Add cmdADDADSK.
(keyedit_menu): Add command "addadsk".
(menu_addadsk): New.
--
This makes use of a new encryption flag:
The "restricted encryption key" (2nd,0x04) does not take part in any
automatic selection of encryption keys. It is only found on a
subkey signature (type 0x18), one that refers to the key the flag
applies to.
Followup patches will add encryption support and a --quick command.
GnuPG-bug-id: 6395
* g10/gpg.c (main): Replace setmode by es_set_binary and use only when
needed.
--
It is better to use our es_set_binary than to use a Windows specific
method which still worked but is fragile because estream might be
changed. We now set binary only when needed. Note that it does not
harm to call es_set_binary more often than needed.
* g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New.
* g10/gpg.c (parse_list_options): Add "show-unusable-sigs".
* g10/keydb.h (keyid_eq): New.
(pk_is_primary): New.
* g10/keylist.c (list_signature_print): Early return for weak key
signatures. Print "self-signature" instead of user-id.
(list_keyblock_print): Simplify and always set self-sig node flag.
--
This patch avoid the printing of often hundreds of "Invalid digest
algorithm" notices during key signature listings if those key
signatures were done with SHA1. The new option can be used to revert
the behaviour.
We now also print "[self-signature]" with --check-sigs or --list-sigs
instead of the primary user id. This makes such listing easier to read.
* g10/gpg.c (parse_list_options): Set value for show-sig-subpackets.
--
Fixes-commit: 811cfa34cb3e7166f0cf1f94565504dee21cd9f5
and thus a regression in 2.4.0
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--
The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key. The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.
Fixes-commit: fb26e144adfd93051501d58f5d0d4f8826ddf436
GnuPG-bug-id: 5655
* common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature.
(file_filter): Implement peeking.
(iobuf_ioctl): Add new IOBUF_IOCTL_PEEK.
* common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New.
* common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF.
* g10/encrypt.c (encrypt_simple): Peek before detecting compression.
(encrypt_crypt): Ditto.
* g10/sign.c (sign_file): Also detect already compressed data.
* g10/options.h (opt): Add explicit_compress_option.
* g10/gpg.c (main): Set opt.explicit_compress_option for -z.
--
Note that this patch also introduces a compression check for signing
which was never done in the past.
GnuPG-bug-id: 6332
* g10/cipher-aead.c (do_flush): Use %llu and a cast.
* g10/decrypt-data.c (aead_underflow): Ditto.
--
Fixes-commit: b2cedc108d5cabb07f496c31c11c9cba6f328f76
We don't use the system's printf but the one implemented by
us (gpgrt's estream-printf) thus the PRIu64 may or may not be correct.
We can't do much about the -Wformat errors due to our different
implementation.