1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-11 21:48:50 +01:00
Commit Graph

305 Commits

Author SHA1 Message Date
Werner Koch
36373798c0
Merge branch 'STABLE-BRANCH-2-2' into master
--
Fixed conflicts:
  NEWS            - keep master
  configure.ac    - merge
  g10/card-util.c - mostly 2.2
  g10/sig-check.c - 2.2
2018-04-10 10:14:30 +02:00
Werner Koch
7fa6f14814
doc: Typo fix in gpg.texi
--

Reported-by: Cody Brownstein
2018-04-09 19:46:54 +02:00
Werner Koch
519e4560e8
doc: Add an example for --default-new-key-algo
--
2018-04-09 10:51:28 +02:00
Werner Koch
a4e26f2ee8
doc: Document --key-edit:change-usage
* g10/keyedit.c (menu_changeusage): Make strings translatable.
--

GnuPG-bug-id: 3816
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 10:36:26 +02:00
Werner Koch
d4dc4245bf
Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
Werner Koch
2cd35df5db
gpg,sm: New option --request-origin.
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 09:06:20 +01:00
Werner Koch
165bc38cef
gpg: Implement --dry-run for --passwd.
* g10/keyedit.c (change_passphrase): Take care of --dry-run.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-22 10:23:35 +01:00
Ben McGinnes
7e40c5efbe
doc: man page grammar
--
Fixed two grammatical errors: their vs. there and oneself vs. one
(one's self would still be too stilted).
2018-03-07 10:00:28 +01:00
Werner Koch
20539ea5ca
Merge branch 'STABLE-BRANCH-2-2' 2018-02-22 16:19:56 +01:00
Werner Koch
c4d8efb894
doc: Add extra hint on unattended use of gpg.
--
2018-02-21 10:17:20 +01:00
Werner Koch
149369a92b
Merge branch 'STABLE-BRANCH-2-2' into master
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-25 16:58:29 +01:00
Werner Koch
91a3d15cee
doc: Note --quick-gen-key as an alias for --quick-generate-key
--
2018-01-25 15:14:37 +01:00
Werner Koch
db7661b5a2
gpg: New maintainer option --debug-set-iobuf-size.
* g10/gpg.c (opts): Add new option.
(opt_set_iobuf_size): New var.
(set_debug): Set the option.
* tests/openpgp/armor.scm: Use this option to revert the buffer size
to the one which used to exhibit the tested bugs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 18:38:20 +01:00
Werner Koch
f3ef8b0dca
gpg: New option --chunk-size.
* g10/gpg.c (opts): New option --chunk-size.
(oChunkSize): New const.
(build_list_aead_test_algo, build_list_aead_algo_name): New.
(my_strusage): List AEAD algos.
(main): Implement --chunk-size..
* g10/options.h (struct opt): Add field 'chunk_size'.
(DBG_IPC): Remove duplicated macro.
* g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version.
* g10/misc.c (openpgp_aead_test_algo): Ditto.

* g10/cipher-aead.c: Silence if not in debug mode.
* g10/decrypt-data.c: Ditto.
--

And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
Andre Heinecke
6fb5713f4a
doc: Note pinentry-mode for passphrase opts
* doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
Note that pinentry-mode needs to be loopback.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-01-09 08:48:54 +01:00
Daniel Kahn Gillmor
8a2917345b doc: clarify that --encrypt refers to public key encryption
--

A simple read of gpg(1) is ambiguous about whether --encrypt could be
for either symmetric or pubkey encryption.  Closer inference suggests
that --encrypt is about pubkey encryption only.  Make that clearer on
a first read.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-11-30 10:21:58 -05:00
Daniel Kahn Gillmor
91eb242d63 doc: clarify that --encrypt refers to public key encryption
--

A simple read of gpg(1) is ambiguous about whether --encrypt could be
for either symmetric or pubkey encryption.  Closer inference suggests
that --encrypt is about pubkey encryption only.  Make that clearer on
a first read.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-11-21 11:13:13 -05:00
Werner Koch
2c7dccca9b
gpg: Print sec/sbb with --import-option import-show or show-only.
* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
--

Note that this will likely add the suffix '#' top "sec" because the
secret key has not yet (or will not be) imported.  If the secret key
already exists locally another suffix might be printed.  The upshot is
that the suffix has no usefulness.

GnuPG-bug-id: 3431
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 17:12:36 +02:00
Werner Koch
e725c4d653
doc: Make --check-sigs more prominent.
--

It seems people are using --list-sigs instead of --check-sigs and do
not realize that the signatures are not checked at all.  We better
highlight the use of --check-sigs to avoid this UI problem.

Suggested-by: Andrew Gallagher
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-27 17:24:31 +02:00
Daniel Kahn Gillmor
e6f84116ab gpg: default to --no-auto-key-retrieve.
* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--

This is a partial reversion of
7e1fe791d1.  Werner and i discussed it
earlier today, and came to the conclusion that:

 * the risk of metadata leakage represented by a default
   --auto-key-retrieve, both in e-mail (as a "web bug") and in other
   contexts where GnuPG is used to verified signatures, is quite high.

 * the advantages of --auto-key-retrieve (in terms of signature
   verification) can sometimes be achieved in other ways, such as when
   a signed message includes a copy of its own key.

 * when those other ways are not useful, a graphical, user-facing
   application can still offer the user the opportunity to choose to
   fetch the key; or it can apply its own policy about when to set
   --auto-key-retrieve, without needing to affect the defaults.

Note that --auto-key-retrieve is specifically about signature
verification.  Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate.  This change
does not touch the --auto-key-locate default of "local,wkd".  The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-11 02:26:52 -04:00
Justus Winter
c4506f624e
gpg: Add option '--disable-dirmngr'.
* doc/gpg.texi: Document new option.
* g10/call-dirmngr.c (create_context): Fail if option is given.
* g10/gpg.c (cmd_and_opt_values): New value.
(opts): New option.
(gpgconf_list): Add new option.
(main): Handle new option.
* g10/options.h (struct opt): New field 'disable_dirmngr'.
* tools/gpgconf-comp.c (gc_options_gpg): New option.

GnuPG-bug-id: 3334
Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-08 11:43:22 +02:00
Daniel Kahn Gillmor
a611cba142 Fix spelling.
* doc/gpg.texi: s/occured/occurred/

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07 03:35:41 -04:00
Werner Koch
7e1fe791d1
gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.
* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
keyserver options.  Set the default for --auto-key-locate to
"local,wkd".  Reset that default iff --auto-key-locate has been given
in the option file or in the commandline.
* g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
--

GnuPG-bug-id: 3324
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 22:06:18 +02:00
Werner Koch
d9fabcc198
gpg: New import option show-only.
* g10/options.h (IMPORT_DRY_RUN): New.
* g10/import.c (parse_import_options): Add "show-only".
(import_one): use that as alternative to opt.dry_run.
--

This is just a convenience thing for

  --import-options import-show --dry-run

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 17:03:03 +02:00
Werner Koch
aa358ac78c
doc: Use @var for meta variables in gpg.texi
--

This results in more standrard man pages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 21:29:51 +02:00
Werner Koch
87b5421ca8
gpg: Extend --key-origin to take an optional URL arg.
* g10/getkey.c (parse_key_origin): Parse appended URL.
* g10/options.h (struct opt): Add field 'key_origin_url'.
* g10/gpg.c (main) <aImport>: Pass that option to import_keys.
* g10/import.c (apply_meta_data): Extend for file and url.
* g10/keyserver.c (keyserver_fetch): Pass the url to
import_keys_es_stream.
--

Example:

  gpg --key-origin url,myscheme://bla --import FILE

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 21:10:58 +02:00
Werner Koch
5dac85fba7
doc: Revert the bug reporting address to bugs.gnupg.org
--

dev.gnupg org is the development platform but the canonical bug
address is and has always been bugs.gnupg.org.  We should keep on
using this address for the case that we switch the tracker again or
split it off the development system.

That is also the reason why we should keep on communicating a plain
bug number without the 'T' prefix.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 10:43:27 +02:00
Werner Koch
b55b72bb81
gpg: Extend --quick-set-expire to allow subkey expiration setting.
* g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs.
(menu_expire): Rename arg force_mainkey to unattended and allow
unattended changing of subkey expiration.
* g10/gpg.c (main): Extend --quick-set-expire.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-21 18:15:01 +02:00
Marcus Brinkmann
cea4313644 doc: Clarify wording of export-attributes.
* doc/gpg.texi: Clarify wording of export-attributes.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2228
2017-07-20 19:12:06 +02:00
Werner Koch
165cdd8121
gpg: New option --with-key-origin.
* g10/getkey.c (parse_key_origin): Factor list out as ...
(key_origin_list): new struct.
(key_origin_string): New.
* g10/gpg.c (oWithKeyOrigin): New const.
(opts): New option --with-key-origin.
(main): Implement option.
* g10/options.h (struct opt): New flag with_key_origin.
* g10/keylist.c (list_keyblock_print): Print key origin info.
(list_keyblock_colon): Ditto.
2017-07-20 18:13:40 +02:00
Werner Koch
fa1155e89e
gpg: New option --key-origin.
* g10/keydb.h (KEYORG_): Rename to KEYORG_.
* g10/packet.h (PKT_user_id): Rename field keysrc to keyorg.  Adjust
users.
(PKT_public_key): Ditto.
(PKT_ring_trust): Ditto.
* g10/options.h (struct opt): Add field key_origin.
* g10/getkey.c (parse_key_origin): New.
* g10/gpg.c (oKeyOrigin): New.
(opts): Add "keys-origin".
(main): Set option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 18:29:01 +02:00
Neal H. Walfield
243b2a570c doc: Improve TOFU documentation.
* doc/gpg.texi: Improve TOFU documentation.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Teemu Likonen <tlikonen@iki.fi>
2017-07-06 21:17:31 +02:00
Justus Winter
4c3a59e9c0
doc: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-06 12:56:42 +02:00
Daniel Shahaf
4538f3cf8d doc: minor clarification
---
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-07-05 16:55:53 -04:00
Justus Winter
9b12b45aa5
gpg: Check and fix keys on import.
* doc/gpg.texi: Document the new import option.
* g10/gpg.c (main): Make the new option default to yes.
* g10/import.c (parse_import_options): Parse the new option.
(import_one): Act on the new option.
* g10/options.h (IMPORT_REPAIR_KEYS): New macro.

GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-14 09:36:28 +02:00
Daniel Kahn Gillmor
3713f67026 doc: Fix spellings.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-05-18 16:34:37 -04:00
Daniel Kahn Gillmor
705da1eb23 docs: Point to https://dev.gnupg.org/ .
Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/.  Since
the project has transitioned to a better workflow for supporting
contributions, we should ensure that our documentation points to the
right place.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-05-18 15:05:57 -04:00
Justus Winter
6fdeef5b61
doc: Fix documentation.
--
Fixes-commit: da4db172f6
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-08 12:18:19 +02:00
Daniel Kahn Gillmor
201f868030 g10: Remove skeleton options files.
* build-aux/speed/w32/inst.nsi: stop installing skeleton files.
* doc/gpg.texi: stop documenting skeleton files.
* g10/Makefile.am: stop installing skeleton files.
* g10/openfile.c (copy_options_file): Remove.
(try_make_homedir): do not call copy_options_file.

--

The defaults for gpg and dirmngr are good.  Both programs should work
fine for the simple case without any config file.  The skeleton config
files were being copied at first use (when the defaults are fine).
But when the user needs to fiddle with them (after they've become
sophisticated users), they're likely out of date because gpg has been
upgraded since then.  So they're used for documentation, but they're
stale documentation, which is probably worse than a clean empty file.

GnuPG-bug-id: 3086
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-05-02 18:55:32 +09:00
Werner Koch
9c9fde1495
doc: Explain the '>' in a key listing.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-07 10:26:55 +02:00
Werner Koch
74c1f30ad6
gpg: New command --quick-set-primary-uid.
* g10/gpg.c (aQuickSetPrimaryUid): New const.
(opts): New command --quick-set-primary-uid.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ...
(quick_find_keyblock): new func.
(keyedit_quick_revuid): Use quick_find_keyblock.
(keyedit_quick_set_primary): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 15:09:30 +01:00
Werner Koch
f0257b4a86
doc: Add a note to the trust model direct.
* doc/gpg.texi (GPG Configuration Options): Add note.  Chnage Index
from trust-mode:foo to trust-model:foo.
2017-03-08 11:35:53 +01:00
Werner Koch
1813f3be23
gpg: Add new variables to the import and export filters.
* g10/import.c (impex_filter_getval): Add new variables "expired",
"revoked", and "disabled".

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-03 09:22:40 +01:00
Werner Koch
891ab23411
gpg: Make --export-options work with --export-secret-keys.
* g10/export.c (export_seckeys): Add arg OPTIONS and pass it to
do_export.
(export_secsubkeys): Ditto.
* g10/gpg.c (main): Pass opt.export_options to export_seckeys and
export_secsubkeys
--

Back in the old days we did not used the export options for secret
keys export because of a lot of duplicated code and that the old
secring.gpg was anyway smaller that the pubring.gpg.  With 2.1 it was
pretty easy to enable it.

Reported-by: Peter Lebbing
GnuPG-bug-id: 2973
2017-03-01 14:41:47 +01:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Justus Winter
90d383f1eb
tests: Test and document other ways to create keys.
* doc/gpg.texi: Clarify usage and expiration arguments for key
generation.
* tests/openpgp/quick-key-manipulation.scm: Test all variants.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-15 15:51:09 +01:00
Daniel Kahn Gillmor
f2b276dffb doc: Clarify abbreviation of --help.
* doc/gpg.texi: clarify abbreviation of --help.

Debian-bug-id: 852979
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-04 01:30:55 -05:00
Werner Koch
953d4ec6af
gpg: New export and import options "backup" and "restore".
* g10/export.c (parse_export_options): Add "backup" and its alias
"export-backup".
(do_export_one_keyblock): Export ring trust packets in backup mode.
* g10/import.c (parse_import_options): Add "restore" and its alias
"import-restore".
(read_block): Import ring trust packets.
--

These options are intended to, well, backup and restore keys between
GnuPG implementations.  These options may eventually be enhanced to
backup and restore all public key related information.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 10:13:26 +01:00
Damien Goutte-Gattat
3daeef702b gpg: Allow to freeze faked system time.
* g10/gpg.c (main): If the parameter for --faked-system-time
ends with a '!', freeze time at the specified point.
* common/gettime.c (gnupg_set_time): Allow to freeze the time
at an arbitrary time instead of only the current time.
* doc/gpg.texi: Update documentation for --faked-system-time.
--

This patch allows the user to modify the behavior of the
--faked-system-time option: by appending a '!' to the parameter,
time in GnuPG will be frozen at the specified time, instead of
advancing normally from that time onward.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-01-19 10:39:06 +01:00
Werner Koch
353f6ff376
doc: Mention gpgv in the description of gpg --verify.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-05 20:43:40 +01:00