gnupg

mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00

Author	SHA1	Message	Date
Werner Koch	330354972a	gpg: Autoload designated revoker key and ADSK when needed. * g10/options.h (opt): Move the definition of struct akl to global scope. * g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME. * g10/keygen.c (prepare_desig_revoker): Use it here. (prepare_adsk): and here. -- The revoker key is required before we create it along with a new key. This is because the we need to know the algo and also to make sure that the key really exists. GnuPG-bug-id: 7133 (cherry picked from commit `465ea9116d`)	2024-07-01 15:01:14 +02:00
Werner Koch	c6cecbd89a	gpg: New option --default-new-key-adsk. * g10/options.h (opt): Add field def_new_key_adsks. * g10/gpg.c (oDefaultNewKeyADSK): New. (opts): Add --default-new-key-adsk. (main): Parse option. * g10/keyedit.c (menu_addadsk): Factor some code out to ... (append_adsk_to_key): new. Add compliance check. * g10/keygen.c (pADSK): New. (para_data_s): Add adsk to the union. (release_parameter_list): Free the adsk. (prepare_adsk): New. (get_parameter_adsk): New. (get_parameter_revkey): Remove unneeded arg key and change callers. (proc_parameter_file): Prepare adsk parameter from the configured fingerprints. (do_generate_keypair): Create adsk. -- GnuPG-bug-id: 6882 (cherry picked from commit `ed118e2ed5`)	2024-07-01 15:00:16 +02:00
Werner Koch	234e9db3c3	gpg: Avoid a double free on error in the key generation. * g10/keygen.c (card_store_key_with_backup): Avoid double free and simplify error handling. -- This is part of GnuPG-bug-id: 7129 Co-authored-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `bcc002cd45`)	2024-05-29 11:46:48 +02:00
Werner Koch	0b1f7427b3	gpg: Do not allow to accidently set the RENC usage. * g10/keygen.c (print_key_flags): Print "RENC" if set. (ask_key_flags_with_mask): Remove RENC from the possible set of usages. Add a direct way to set it iff the key is encryption capable. -- This could be done by using "set your own capabilities" for an RSA key. In fact it was always set in this case. GnuPG-bug-id: 7072	2024-04-04 16:39:14 +02:00
Werner Koch	ead2982286	gpg: Use ephemeral mode for generating card keys. * g10/call-agent.c (agent_set_ephemeral_mode): New. * g10/keyedit.c (keyedit_menu) <bkuptocard>: Switch to ephemeral mode. * g10/keygen.c (do_generate_keypair): Switch to ephemeral mode for card keys with backup. -- GnuPG-bug-id: 6944	2024-01-22 16:52:22 +01:00
Werner Koch	ee56f71c8a	gpg: Add a communication object to the key generation code. * g10/keygen.c (struct common_gen_cb_parm_s): New. (common_gen): Add args common_gen_cb and common_gen_cb_parm. Adjust all callers. (do_generate_keypair): Clarify the code by using a better var name. -- We may eventually also replace the long arg list with that object. The immediate reason for this change is the followup commit.	2024-01-22 10:16:03 +01:00
Werner Koch	5402e6fb93	gpg: For v5 key generation for X448 also in parm file mode. * g10/keygen.c (curve_is_448): New. (do_create_from_keygrip): Pass arg keygen_flags byref so that it can be updated. Set v5 flag for X448. (gen_ecc): Ditto. (do_create): Change keygen_flags as above. For robustness change checking for Ed448. (do_generate_keypair): Change keygen_flags as above (generate_subkeypair): Ditto. (gen_card_key): Ditto. Support v5 keys. -- GnuPG-bug-id: 6942	2024-01-16 14:32:04 +01:00
Werner Koch	1a2c8267f5	gpg: When using a parm file w/o usage don't set the RENC usage. * g10/keygen.c (proc_parameter_file): Don't include RENC in the default usage. -- Testplan: $ gpg --gen-key --batch <<EOF Key-Type: EDDSA Key-Curve: ed448 Key-Usage: cert Name-Real: Meh Muh Name-Email: test-3@example.org Expire-Date: 2025-01-01 Passphrase: abc subkey-type: ecdh Subkey-curve: cv448 EOF and check that the R flag does not show up in the usage.	2024-01-16 14:02:42 +01:00
Werner Koch	8dfbad0c41	gpg: Fix regression in the Revoker keyword of the parmeter file. * g10/keygen.c (parse_revocation_key): Actually allow for v4 fingerprints. -- Note that the use of the parameter file is deprecated. GnuPG-bug-id: 6923	2024-01-11 09:08:54 +01:00
Werner Koch	95b9a31f81	gpg: Fix minor memory leak during certain smartcard operations. * g10/keygen.c (card_store_key_with_backup): Fix memory leak on error.	2023-10-27 14:20:47 +02:00
Werner Koch	a4fe307b55	gpg: Allow expiration time after 2038-01-19 on 32 bit Windows. * g10/keygen.c (parse_expire_string_with_ct): Use isotime2epoch_u64. (parse_creation_string): Ditto. -- GnuPG-bug-id: 6736	2023-10-26 12:45:50 +02:00
Werner Koch	606933dfb4	gpg: Allow to specify seconds since Epoch beyond 2038. * g10/keygen.c (parse_expire_string_with_ct): Use new function scan_secondsstr. (parse_creation_string): Ditto. -- Noet that we cap the seconds at the year 2106. GnuPG-bug-id: 6736	2023-10-14 17:23:42 +02:00
NIIBE Yutaka	96b69c1866	gpg: Add support for Subkey-Expire-Date. * g10/keygen.c (enum para_name): Add pSUBKEYEXPIREDATE. (proc_parameter_file): Add support for pSUBKEYEXPIREDATE. (read_parameter_file): Add "Subkey-Expire-Date". -- Cherry-pick from master commit of: `23bcb78d27` Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2023-07-25 11:15:22 +09:00
NIIBE Yutaka	2258bcded6	gpg: Fix expiration time when Creation-Date is specified. * g10/keygen.c (parse_expire_string_with_ct): New function, optionally supply the creation time. (parse_expire_string): Use parse_expire_string_with_ct with no creation time. (proc_parameter_file): Use parse_expire_string_with_ct possibly with the creation time. -- Cherry-pick from master commit of: `b07b5144ff` GnuPG-bug-id: 5252 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2023-07-25 11:14:43 +09:00
Werner Koch	baa8883215	gpg: Set default expiration date to 3 years. * g10/keygen.c (default_expiration_interval): Change. -- This is a revision of GnuPG-bug-id: 2701	2023-06-05 15:07:22 +02:00
Werner Koch	c03ba92576	gpg: Fix writing ECDH keys to OpenPGP smartcards. * agent/command.c (cmd_keytocard): Add new arg for ECDH params. * scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to compute the fingerprint. * g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str. * g10/keyid.c (ecdh_param_str_from_pk): New. * g10/card-util.c (card_store_subkey): Pass ECDH params to writekey. * g10/keygen.c (card_store_key_with_backup): Ditto. * scd/app-openpgp.c (store_fpr): Add arg update. (rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid writing the fingerprint back to the card if not set. (read_public_key): Also add arg meta_update. (get_public_key): Do not pass it as true here... (do_genkey): ... but here. (rsa_write_key, ecc_writekey): Force string the fingerprint. -- The problem showed up because in 2.4 we changed the standard ECDH parameter some years ago. Now when trying to write an ECDH key created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong fingerprint and thus gpg was not able to find the key again by fingerprint. The patch also avoids updating the stored fingerprint in certain situations. This fix is somewhat related to GnuPG-bug-id: 6378	2023-04-21 15:23:29 +02:00
Werner Koch	3a18378a92	gpg: Allow adding of Additional Decryption Subkeys. * g10/free-packet.c (copy_public_key): Factor some code out to ... (copy_public_key_basics): new. * g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints. * g10/packet.h (PUBKEY_USAGE_RENC): Fix value. (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c. (SIGNHINT_ADSK): New. (PKT_public_key): Change pubkey_usage from byte to u16. (PKT_user_id): Cosmetic fix: change help_key_usage from int to u16. * g10/getkey.c (parse_key_usage): Make public. * g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in account. * g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK. (make_keysig_packet): Ditto. (do_sign): No time warp check in ADSK mode. * g10/sig-check.c (check_signature_metadata_validity): Ditto. * g10/keygen.c (struct opaque_data_usage_and_pk): Remove. (write_keybinding): Do not use the removed struct. (do_add_key_flags): Support PUBKEY_USAGE_RENC and others. (keygen_add_key_flags_and_expire): Rewrite and make public. * g10/keyedit.c (enum cmdids): Add cmdADDADSK. (keyedit_menu): Add command "addadsk". (menu_addadsk): New. -- This makes use of a new encryption flag: The "restricted encryption key" (2nd,0x04) does not take part in any automatic selection of encryption keys. It is only found on a subkey signature (type 0x18), one that refers to the key the flag applies to. Followup patches will add encryption support and a --quick command. GnuPG-bug-id: 6395	2023-03-01 17:22:20 +01:00
Werner Koch	3d094e2bcf	gpg: New option --add-desig-revoker * g10/gpg.c (oAddDesigRevoker): New. (opts): Add new option. * g10/options.h (opt): Add field desig_revokers. * g10/keygen.c (get_parameter_idx): New. (get_parameter): Make use of get_parameter_idx. (prepare_desig_revoker): New. (get_parameter_revkey): Add arg idx. (proc_parameter_file): Add designated revokers. (do_generate_keypair): Write all designated revokers.	2023-02-16 18:10:03 +01:00
Werner Koch	1a85ee9a43	gpg: New export option "mode1003". * agent/command.c (cmd_export_key): Add option --mode1003. (command_has_option): Ditto. * g10/build-packet.c (do_key): Implement mode 1003. * g10/parse-packet.c (parse_key): Ditto. * g10/options.h (EXPORT_MODE1003): New.o * g10/call-agent.c (agent_export_key): Add arg mode1003. * g10/export.c (parse_export_options): Add "mode1003" (secret_key_to_mode1003): New. (receive_seckey_from_agent): Add arg mode1003. (do_export_one_keyblock): Pass option down. -- This option allows to export a secret key in GnuPG's native format. Thus no re-encryption is required and further the public key parameters are also authenticated if a protection passphrase has been used. Note that --import is not yet able to handle this new mode. Although old version of GnuPG will bail out with "invalid packet" if a mode1003 exported secret key is seen.	2022-12-02 10:09:58 +01:00
Werner Koch	1d88e14de7	gpg: Remove a mostly duplicated function. * g10/export.c (receive_seckey_from_agent): Add arg r_key. (do_export_one_keyblock): Pass NULL for new arg. (receive_raw_seckey_from_agent): Remove. (export_secret_ssh_key): Use receive_seckey_from_agent. * g10/keygen.c (card_store_key_with_backup): Pass NULL for new arg.	2022-12-02 10:09:58 +01:00
Werner Koch	4583f4fe2e	gpg: Merge --rfc4880bis features into --gnupg * g10/gpg.c (oRFC4880bis): Remove. (opts): Make --rfc4880bis a Noop. (compliance_options): Make rfc4880bis to gnupg. (set_compliance_option): Remove rfc4880bis stuff. (main): Ditto. Note that this now activates the --mimemode option. * g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection. (keygen_upd_std_prefs): Always announce support for v5 keys. (read_parameter_file): Activate the v4 and v5 keywords. --	2022-10-31 16:14:18 +01:00
Werner Koch	5a2cef801d	gpg: Allow only OCB for AEAD encryption. * g10/gpg.c (opts): New option--force-ocb as alias for force-aead. Turn --aead-algo and --personal-aead-preferences into dummy options. (build_list_md_test_algo, build_list_aead_algo_name): Remove. (my_strusage): Remove output of AEAD algos. (main): Remove code from the --aead options. * g10/encrypt.c (encrypt_seskey): Make file local. (use_aead): Remove requirement for rfc4880bis. Always return AEAD_ALGO_OCB. * g10/main.h (DEFAULT_AEAD_ALGO): Removed unused macro. * g10/misc.c (default_aead_algo): Remove. * g10/pkclist.c (select_aead_from_pklist): Return AEAD_ALGO_OCB or 0. (select_algo_from_prefs): Remove personal AEAD algo setting. * g10/keygen.c (keygen_set_std_prefs): Remove AEAD preference option parsing. * g10/options.h (opt): Remove def_aead_algo and personal_aead_prefs. -- Due to the meanwhile expired patent on OCB there is no more reason for using EAX. Thus we forcefully use OCB if the AEAD feature flag is set on a key.	2022-10-31 15:51:21 +01:00
NIIBE Yutaka	87d4338ed1	gpg,common,scd,sm: Function prototype fixes for modern compiler. * common/gettime.c (gnupg_get_time): It has no arguments. * common/signal.c (gnupg_block_all_signals): Likewise. (gnupg_unblock_all_signals): Likewise. * common/utf8conv.c (get_native_charset): Likewise. * g10/cpr.c (is_status_enabled, cpr_enabled): Likewise. * g10/getkey.c (getkey_disable_caches): Likewise. * g10/keygen.c (ask_expiredate): Likewise. * g10/passphrase.c (have_static_passphrase): Likewise. (get_last_passphrase): Likewise. * g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise. (tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise. (tdbio_read_nextcheck): Likewise. * g10/trustdb.c (how_to_fix_the_trustdb): Likewise. * scd/scdaemon.c (scd_get_socket_name): Likewise. * sm/passphrase.c (have_static_passphrase): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2022-09-13 16:34:00 +09:00
Werner Koch	0988e49c45	gpg: Support key flags for RENC, TIME, and GROUP. * g10/packet.h (PUBKEY_USAGE_RENC): New. (PUBKEY_USAGE_TIME): New. (PUBKEY_USAGE_GROUP): New. * g10/getkey.c (parse_key_usage): Set the new key flags. * g10/keyedit.c (show_key_with_all_names_colon): Show the new key flags. * g10/keyid.c (usagestr_from_pk): Ditto * g10/keylist.c (print_capabilities): Ditto. * g10/keygen.c (parse_usagestr): Parse line and set new flags. (quickgen_set_para): Show flags. -- See draft-koch-openpgp-2015-rfc4880bis-00 for the current version. Actually these flags have been in the draft for years now. This patch is a first step to make use of them.	2022-09-07 11:54:23 +02:00
Werner Koch	1908fa8b83	gpg: Improve --edit-key setpref. * g10/keygen.c (keygen_set_std_prefs): Allow extra spaces before preference elements. Detect the bracketed versions of the strings. Ignore "aead". -- This allows to c+p the list shown by pref with out remove the brackets.	2022-08-12 11:46:30 +02:00
Jakub Jelen	4dbef2addc	keygen: Fix reading AEAD preference * g10/keygen.c (keygen_set_std_prefs): Use the right variable when reading AEAD preference string -- GnuPG-bug-id: 6019 Signed-off-by: Jakub Jelen <jjelen@redhat.com>	2022-06-14 15:37:15 +09:00
Werner Koch	8945f1aedf	gpg: Remove restrictions for the name part of a user-id. * g10/keygen.c (ask_user_id): Allow for the name to start with a digit. Allow names shorter than 5. -- The reason for this change is that we don't enforce these constraints in the --quick-gen-key interface. I added the constraints right in the beginning of gnupg to make sure that we have a uniform style for user-ids. However, this is all problematic with non-Latin names and we prefer to use mail addresses anyway.	2022-04-08 16:03:12 +02:00
Werner Koch	253fcb9777	gpg: Remove EAX from the preference list. * g10/gpg.c (main): Remove note about rfc4880bis. * g10/keygen.c (keygen_set_std_prefs): Use only OCB in the AEAD preference list. -- It is more than unlikely that EAX will ever be used in practice and thus we remove it from the preference list.	2022-03-28 15:25:55 +02:00
NIIBE Yutaka	4aeeaa65ad	gpg: Fix adding the list of ultimate trusted keys. * g10/keygen.c (do_generate_keypair): Remove another call to update_ownertrust. * g10/trust.c (update_ownertrust): Add call to tdb_update_utk. * g10/trustdb.c (tdb_update_utk): New. * g10/trustdb.h (tdb_update_utk): New. -- GnuPG-bug-id: 5742 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2022-01-12 13:34:31 +09:00
Ingo Klöcker	b66854ac93	gpg: Report failed generation of subkey pair via status interface * g10/keygen.c (generate_subkeypair): On error, write error and "key not created" message to status interface. -- This change allows users of the status/command interface to detect errors when adding a subkey to a key. Similar status messages are output by do_generate_keypair. GnuPG-bug-id: 5771	2022-01-11 10:12:07 +01:00
Ingo Klöcker	19b1a28621	gpg: Request keygrip of key to add via command interface * g10/keygen.c (ask_algo): Request keygrip via cpr_get. * doc/help.txt (gpg.keygen.keygrip): New help text. -- This change makes it possible to add an existing (sub)key to another key via the status/command interface. GnuPG-bug-id: 5771	2022-01-11 10:12:07 +01:00
Werner Koch	6105287252	gpg: Correctly set the ownertrust for a new key. * g10/keygen.c (do_generate_keypair): Use update_ownertrust. -- GnuPG-bug-id: 5742	2021-12-20 22:03:03 +01:00
Jakub Jelen	d24c5df52b	gpg: Avoid uninitialized revkey.fprlen. * g10/keygen.c (parse_revocation_key): Store the fingerprint length in created structure. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <jjelen@redhat.com>	2021-11-12 15:36:19 +09:00
NIIBE Yutaka	86cb04a23d	gpg: Ed448 and X448 are only for v5 (for subkey). * g10/keygen.c (generate_subkeypair): Specify KEYGEN_FLAG_CREATE_V5_KEY for Ed448 or X448 key. -- Reported-by: William Holmes Fixes-commit: `36355394d8` GnuPG-bug-id: 5609 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2021-09-29 09:56:58 +09:00
NIIBE Yutaka	2b50f94267	gpg: Ed448 and X448 are only for v5 for --full-gen-key. * g10/keygen.c (generate_keypair): Set pVERSION = 5, pSUBVERSION = 5, when it's Ed448 or X448. -- Fixes-commit: `36355394d8` Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2021-05-27 17:03:49 +09:00
Jakub Jelen	fa0771f609	g10: Avoid memory leaks * g10/call-agent.c (card_keyinfo_cb): free keyinfo. Restructure to avoid backward gotos. * g10/keyedit.c (menu_set_keyserver_url): properly enclose the block * g10/keygen.c (gen_card_key): free pk and pkt -- Signed-off-by: Jakub Jelen <jjelen@redhat.com> GnuPG-bug-id: 5393 Additional changes: - Restructure to avoid backward gotos. Signed-off-by: Werner Koch <wk@gnupg.org>	2021-05-20 14:42:29 +02:00
Jakub Jelen	2af7bb2295	g10: Fix memory leaks * g10/card-util.c (change_pin): free answer on errors (ask_card_keyattr): free answer on error * g10/cpr.c (do_get_from_fd): free string * g10/gpg.c (check_permissions): free dir on weird error * g10/import.c (append_new_uid): release knode * g10/keyedit.c (menu_set_keyserver_url): free answer (menu_set_keyserver_url): free user * g10/keygen.c (print_status_key_not_created): move allocation after sanity check (ask_expire_interval): free answer (card_store_key_with_backup): goto leave instaed of return * g10/keyserver.c (parse_keyserver_uri): goto fail instead of return * g10/revoke.c (gen_desig_revoke): release kdbhd (gen_desig_revoke): free answer * g10/tofu.c (ask_about_binding): free sqerr and response * g10/trustdb.c (ask_ownertrust): free pk -- Signed-off-by: Jakub Jelen <jjelen@redhat.com> Further changes: * g10/card-util.c (change_pin): Do not set answer to NULL. * g10/keyedit.c(menu_set_keyserver_url): Use !func() pattern. Signed-off-by: Werner Koch <wk@gnupg.org> GnuPG-bug-id: 5393	2021-05-20 13:38:39 +02:00
Werner Koch	3cbc66410d	gpg: Replace an obsolete trustdb function. * g10/trustdb.c (tdb_register_trusted_keyid): Make static. (tdb_register_trusted_key): Replace register_trusted_keyid by tdb_register_trusted_key. * g10/keygen.c (do_generate_keypair): Ditto. * g10/trust.c (register_trusted_keyid): Remove.	2021-04-23 20:45:25 +02:00
NIIBE Yutaka	36355394d8	gpg: Ed448 and X448 are only for v5. * g10/keygen.c (parse_key_parameter_part): Generate with version 5 packet, when it's Ed448 or X448. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2021-04-08 16:49:20 +09:00
Werner Koch	1523b5f76f	gpg: New option --no-auto-trust-new-key. * g10/gpg.c (oNoAutoTrustNewKey): New. (opts): Add --no-auto-trust-new-key. (main): Set it. * g10/options.h (opt): Add flags.no_auto_trust_new_key. Signed-off-by: Werner Koch <wk@gnupg.org>	2021-03-15 10:47:19 +01:00
Ingo Klöcker	255d33d651	gpg: Make quick-gen-key with algo "card" work for keys without keytime * g10/keygen.c (quick_generate_keypair): Set pCARDKEY flag if algostr is "card" or "card/...". -- For keys stored on NetKey cards or PIV cards we do not necessarily know the creation time. Therefore set the cardkey flag if the generation of a key from the keys available on the currently inserted smartcard is requested with the special algo "card" or, in case of the extended unattended mode, with an algo like "card/sign". GnuPG-bug-id: 5141 Signed-off-by: Ingo Klöcker <dev@ingo-kloecker.de>	2020-12-07 15:15:10 +01:00
Werner Koch	ff31dde456	gpg: Switch to ed25519+cv25519 as default algo. * g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future default ago. (ask_algo): Change default and also the way we indicate the default algo in the list of algos. (ask_curve): Indicate the default curve. Signed-off-by: Werner Koch <wk@gnupg.org>	2020-10-05 14:21:31 +02:00
Werner Koch	e824e27d36	gpg: Fix parameter parsing form ed448. * g10/keygen.c (parse_key_parameter_part): Set algo also for 448. -- Fixes-commit: `a763bb2580`	2020-10-02 12:29:20 +02:00
Werner Koch	65eb156980	gpg: Initialize a parameter to silence valgrind. * g10/keygen.c (read_parameter_file): Initialize nline. * g10/textfilter.c (copy_clearsig_text): Initialize bufsize. -- In iobuf_read_line the parameter to pass and return the current buffer length is controlled by the buffer parameter. Thus there should be no problem because the assert call check s buffer first. For yet unknown reasons when using the standard GNU libc assert valgrind complains about an uninitialized variable. That does not happen with our log_assert. Tested with gnupg 2.2.23 with gcc 8.3.0 and valgrind 3.14.0. Signed-off-by: Werner Koch <wk@gnupg.org>	2020-09-04 11:32:47 +02:00
Werner Koch	4031c42bfd	gpg,gpgsm: Record the creation time of a private key. * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option. (gpgsm_agent_import_key): Ditto. * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on. (agent_import_key): Ditto. * g10/import.c (transfer_secret_keys): Pass the creation date to the agent. * g10/keygen.c (common_gen): Ditto. -- Having the creation time in the private key file makes it a lot easier to re-create an OpenPGP public keyblock in case it was accidentally lost. Signed-off-by: Werner Koch <wk@gnupg.org>	2020-08-19 13:43:16 +02:00
NIIBE Yutaka	45398518fb	ecc: Support Ed448/X448 key generation. * g10/keygen.c (ask_curve): Support Ed448/X448 keys. (generate_keypair): Support switch to X448 key. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2020-06-30 14:20:31 +09:00
NIIBE Yutaka	a763bb2580	gpg,agent: Support Ed448 signing. * agent/pksign.c (do_encode_eddsa): First argument is NBITs, so that it can support Ed448, as well as Ed25519. (agent_pksign_do): Follow the change. * agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed for Ed448, it's only for classic curves. * common/openpgp-oid.c (oidtable): Add Ed448. * common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA. * g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA. * g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448". (ask_algo, parse_key_parameter_part): Handle "ed448". * g10/pkglue.c (pk_verify): Support Ed448. (pk_check_secret_key): Support Ed448. * g10/sign.c (hash_for): Defaults to SHA512 for Ed448. (make_keysig_packet): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2020-06-24 10:05:03 +09:00
NIIBE Yutaka	c94eea15d6	ecc: Use "cv448" to specify key using X448. * common/openpgp-oid.c (oidtable): Use "cv448". (oid_cv448): Rename from oid_x448. (openpgp_oidbuf_is_cv448, openpgp_oid_is_cv448): Likewise. * common/util.h (openpgp_oid_is_cv448): Follow the change. * g10/ecdh.c (pk_ecdh_generate_ephemeral_key): Likewise. * g10/keygen.c (gen_ecc, ask_algo): Use "cv448". (parse_key_parameter_part): Likewise. * g10/pkglue.c (get_data_from_sexp): Fix for debug output. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2020-06-23 10:10:29 +09:00
NIIBE Yutaka	e9760eb9e7	gpg: Add X448 support. * common/openpgp-oid.c (oidtable): Add X448. (oid_x448,openpgp_oidbuf_is_x448,openpgp_oid_is_x448): New. * common/util.h (openpgp_oid_is_x448): New. * g10/ecdh.c (gen_k): Add handling of opaque MPI and support endianness. (pk_ecdh_generate_ephemeral_key): X448 requires opaque MPI. * g10/keygen.c (gen_ecc): Add support for X448. (ask_algo, parse_key_parameter_part): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2020-06-09 14:56:50 +09:00
NIIBE Yutaka	f5bc945554	gpg,ecc: Handle external representation as SOS with opaque MPI. * g10/pkglue.h (sexp_extract_param_sos): New. * g10/build-packet.c (sos_write): New. (do_key, do_pubkey_enc, do_signature): Use sos_write for ECC. * g10/export.c (cleartext_secret_key_to_openpgp): Use sexp_extract_param_sos. (transfer_format_to_openpgp): Use opaque MPI for ECC. * g10/keygen.c (ecckey_from_sexp): Use sexp_extract_param_sos. * g10/keyid.c (hash_public_key): Handle opaque MPI for SOS. * g10/parse-packet.c (sos_read): New. (parse_pubkeyenc,parse_signature,parse_key): Use sos_read for ECC. * g10/pkglue.c (sexp_extract_param_sos): New. (pk_verify): Handle opaque MPI for SOS. (pk_encrypt): Use sexp_extract_param_sos. * g10/seskey.c (encode_session_key): Use opaque MPI. * g10/sign.c (do_sign): Use sexp_extract_param_sos. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2020-06-09 10:32:47 +09:00

1 2 3 4 5 ...

386 Commits