* agent/call-scd.c (cancel_inquire): Remove.
(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
(agent_card_scd): Don't call cancel_inquire.
--
Since libassuan 2.1.0, cancellation command "CAN" is handled within
the library, by assuan_transact. So, cancel_inquire just caused
spurious "CAN" command to scdaemon which resulted an error.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/gettime.c (isotime_p): Accept the Z suffix.
--
The intention is use for human interface.
GnuPG-bug-id: 3278
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
even if we already see an error.
--
The value stored by waitpid for exit code is encoded; It requires
decoded by WEXITSTATUS macro, regardless of an error.
For example, when one of processes is already exited and another is
still running, it resulted wrong value of in r_exitcodes[n].
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/certcache.c (any_cert_of_class): New var.
(put_cert): Set it.
(cert_cache_deinit): Clear it.
(cert_cache_any_in_class): New func.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to
override empty list of HKP certs.
--
This patch carries the changes for GNUTLS from commit
7c1613d415 over to NTBTLS. NTBTLS works
quite different and thus we need to do it this way.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/wks-util.c (list_key_status_cb): Rename to key_status_cb.
(wks_filter_uid): New.
(wks_list_key): Allow FPR to be NULL. Return an error if no
fingerprint was found.
* tools/gpg-wks-server.c (process_new_key)
(check_and_publish): Remove now useless extra check for FPR.
* tools/gpg-wks-client.c (command_check): Ditto.
(command_send): Filter out the newest uid.
--
This fixes the case of having several userids with all the the same
mailbox. Now we use the latest user id created. This patch is also a
prerequisite to automatically create a new user id for providers with
the mailbox-only policy.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpgv.c (main): Call gnupg_initialize_compliance.
--
The compliance checker needs to be initialize so that it won't let
spit out a "not suitable" message. We use the module name of gpg.
Because there is no option to change the compliance mode in gpgv we
will always be in the default (CO_GNUPG) mode. It also does not make
much sense to have it here because gpgv expects a "curated" keyring.
GnuPG-bug-id: 3404
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-wks-client.c (command_send): Allow sending in draft-1
mode.
--
Obviously Posteo did not implement the current draft and thus it was
not possible to send a request to them. This hack uses the old method
for posteo.de. Not sending it encrypted is okay here because they use
authenticated sending anyway.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/Makefile.am: Move qualified.txt into examples.
* doc/qualified.txt: Move into examples, remove trailing spaces.
* doc/examples/README: Document qualified.txt.
* doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
* sm/qualified.c (read_list): Move qualified.txt from datadir into
sysconfdir.
--
The qualified.txt is maintained by Administrator it is a configuration
file. In the past it was a hybrid, provided by package and controlled
by the Administrator, however, it is no longer maintained by package.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
comparison.
--
This is a bug fix for Amelia Earhart who is probably in UTC-12.
When expiration date is specified, GnuPG interprets it as noon of the
date in local time.
Before this fix, the test compared the value by 2145916800 which is
2038-01-01 00:00:00 in UTC with allowance of 1 day. When the test
was ran in UTC-12 timezone, it failed because of noon in the timezone
is midnight of the next day in UTC.
GnuPG-bug-id: 3393
Reported-by: Daniel Kahn Gillmor
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keygen.c (proc_parameter_file): Special case the email only
case.
--
Using a parameter file like
%ask-passphrase
key-type: RSA
key-length: 2048
key-usage: sign
subkey-type: RSA
subkey-length: 2048
subkey-usage: encrypt
name-email: foo@example.org
with "gpg --gen-key --patch" the result was this key
pub rsa2048 2017-09-11 [SC]
63A8C1BA12CC289A0E8072C971C7F8D4A18CE0BE
uid [ultimate] <foo@example.org>
sub rsa2048 2017-09-11 [E]
At least the the extra leading space the left angle bracket is wrong.
Further some mail providers reject keys which consist of more than
just a plain mail address. Using just a mail address is anyway the
new new suggested content for a user id. With this patch the key
will be
pub rsa2048 2017-09-11 [SC]
B302343C20EA6DECDB6A155135352F2520397080
uid [ultimate] foo@example.org
sub rsa2048 2017-09-11 [E]
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.
--
It's 2017, and pretty much everyone has AES-256 available. Symmetric
crypto is also rarely the bottleneck (asymmetric crypto is much more
expensive). AES-256 provides some level of protection against
large-scale decryption efforts, and longer key lengths provide a hedge
against unforseen cryptanalysis.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.
--
3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0015-gpg-default-to-3072-bit-RSA-keys.patch
* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.
--
3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
comparison.
--
This is a bug fix for Amelia Earhart who is probably in UTC-12.
When expiration date is specified, GnuPG interprets it as noon of the
date in local time.
Before this fix, the test compared the value by 2145916800 which is
2038-01-01 00:00:00 in UTC with allowance of 1 day. When the test
was ran in UTC-12 timezone, it failed because of noon in the timezone
is midnight of the next day in UTC.
GnuPG-bug-id: 3393
Reported-by: Daniel Kahn Gillmor
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (determine_rsa_response): Round bits up.
--
Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Arnaud wrote:
Actually, when the incorrect expected response length (i.e. Le
field) is transmitted to the card, the card's answer is missing a
byte (i.e. ... 6101) so an additional command has to be sent to the
card to retrieve the last byte. Using the correct length avoids to
send the additional command to retrieve the missing byte, when the
computed length is wrong.
Note that an value of 65537 for E is pretty standard and thus we can
avoid the 6101 return code inmost cases.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
condition. Actually free when SIGNER was allocated by us.
--
SIGNER_ALLOCATED never received a value of -1 but that was tested.
IF SIGNER_ALLOCATED was 2 the memory was never freed:
if (signer_allocated == 1)
if (signer_allocated == 2)
free()
Fixes-commit: 44cdb9d73f
This function needs to be audited more thoroughly.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
This is to make those function better readable.
if (foo)
/* Comment */
{
}
is bad style because it requires extra time to notice the begin of the
block and vice versa when noticing the block it is not clear whether
this is an conditioned or unconditioned block.
Having asterisks on the left is better for view impaired people and
for b/w printouts.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve".
(main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE.
* tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible. Make
"auto-key-retrieve" an expert option.
--
This basically reverts 9bb13a0e81
because --no-auto-key-retrieve is again the default. Note that we
allow both options for the sake of profiles.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/Makefile.am (XTESTS): Remove test.
(EXTRA_DIST): Add test file.
--
There are two problems with this test: First a syntax error in the
file name so that the test was not used at all. Second the test
currently returns FAIL.
Fixes-commit: c23a69970b
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (GNUPG_SWDB_TAG): New ac_define. Set it to "gnupg22".
* tools/gpgconf.c (query_swdb): Use it.
* build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
* Makefile.am (distcheck-hook): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/agent.h (L_): Define agent_Lunderscore when simple
gettext is used.
--
This fixes a regression introduced by b3286af3 ENABLE_NLS
is not defined if we use simple gettext and not gettext.
GnuPG-Bug-Id: T3364
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* tests/openpgp/trust-pgp-1.scm: New file.
* tests/openpgp/trust-pgp-2.scm: New file.
* tests/openpgp/trust-pgp-3.scm: New file.
* tests/openpgp/trust-pgp-4.scm: New file.
* tests/openpgp/trust-pgp/common.scm: New file.
* tests/openpgp/trust-pgp/scenario1.asc: New file.
* tests/openpgp/trust-pgp/scenario2.asc: New file.
* tests/openpgp/trust-pgp/scenario3.asc: New file.
* tests/openpgp/trust-pgp/scenario4.asc: New file.
* tests/openpgp/trust-pgp/alice.sec.asc: New file.
* tests/openpgp/trust-pgp/bobby.sec.asc: New file.
* tests/openpgp/trust-pgp/carol.sec.asc: New file.
* tests/openpgp/trust-pgp/david.sec.asc: New file.
* tests/openpgp/trust-pgp/frank.sec.asc: New file.
* tests/openpgp/trust-pgp/grace.sec.asc: New file.
* tests/openpgp/trust-pgp/heidi.sec.asc: New file.
* tests/openpgp/Makefile.am (XTESTS): Add new tests.
(TEST_FILES): Add new files.
(EXTRA_DIST): Add new common file.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
module.
(checktrust): Likewise.
* tests/openpgp/defs.scm (gettrust): New function.
(checktrust): Likewise.
--
These functions will be re-used by the tests for the PGP trust
model.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
completes-needed, and marginals-needed options.
* g10/gpg.c (gpgconf_list): Likewise.
--
Some tests to come for the PGP trust model will need to manipulate
these parameters.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement
is at the front.
(Eval_Cycle): Improve fallthrough annotations.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--
This is a partial reversion of
7e1fe791d1. Werner and i discussed it
earlier today, and came to the conclusion that:
* the risk of metadata leakage represented by a default
--auto-key-retrieve, both in e-mail (as a "web bug") and in other
contexts where GnuPG is used to verified signatures, is quite high.
* the advantages of --auto-key-retrieve (in terms of signature
verification) can sometimes be achieved in other ways, such as when
a signed message includes a copy of its own key.
* when those other ways are not useful, a graphical, user-facing
application can still offer the user the opportunity to choose to
fetch the key; or it can apply its own policy about when to set
--auto-key-retrieve, without needing to affect the defaults.
Note that --auto-key-retrieve is specifically about signature
verification. Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate. This change
does not touch the --auto-key-locate default of "local,wkd". The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>