1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

1036 Commits

Author SHA1 Message Date
Werner Koch
866667765f
gpg: Remove MDC options
* g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify.  MDC is now almost always used.
* g10/cipher.c (write_header): Include extra hint and make
translatable.
* g10/options.h (struct opt): Remove fields force_mdc and disable_mdc.

--

The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.

This is a stripped down version of commit
253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be
applied due to the AEAD mechanisms there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-31 12:08:22 +02:00
Werner Koch
3db1b48a2d
gpg: Hard fail on a missing MDC even for legacy algorithms.
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f)

Resolved Conflicts:
	g10/mainproc.c - Remove AEAD stuff.
2018-05-31 11:54:07 +02:00
Werner Koch
26c0d3a3fc
gpg: Turn --no-mdc-warn into a NOP.
* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/options.h (struct opt): Remove 'no_mdc_var'.
* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
* g10/mainproc.c (proc_encrypted): Ditto.
--

Users should not be allowed to suppress the warning that they are
shooting into their foot.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96350c5d5afcbc7f66c535e38b9fcc7355622855)
2018-05-31 11:47:07 +02:00
Ineiev
ed12a1daba
doc: Update description of displayed trust values.
* doc/trust-values.texi: New file.
* doc/Makefile.am (EXTRA_DIST): Add trust-values.texi.
* doc/gnupg.texi (Trust Values): New chapter.
* doc/gpg.texi (OpenPGP Key Management): Update the description
of how trust values are displayed, replace table with a reference
to Trust Values.
* doc/gpg.texi (GPG Examples): Add @mansect trust values.

--

Signed-off-by: Ineiev <ineiev@gnu.org>
2018-05-07 08:07:07 +02:00
Werner Koch
bb8894760f
dirmngr: Add the used TLS library to the debug output.
* dirmngr/http.c (send_request): Print the used TLS library in debug
mode.
--

We allow two different TLS libararies and thus it is useful to see
that in the debug output of bug reports.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 15:25:26 +02:00
Werner Koch
d2ad715441
doc: Update NEWS and add an example to gpg.texi.
--
2018-04-23 09:23:41 +02:00
Andre Heinecke
a44ed3d9a1
doc: Remove unneccesary empty flags in vsndf.prf
* doc/examples/vsnfd.prf (max-cache-ttl): Remove empty flags.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-04-20 11:00:00 +02:00
Werner Koch
69c3e7acb7
gpg: Extend the "sig" record in --list-mode.
* g10/getkey.c (get_user_id_string): Add arg R_NOUID.  Change call
callers.
(get_user_id): Add arg R_NOUID.  Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode.  Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--

Scripts used to rely on the "User ID not found" string even in the
--with-colons listing.  However, that is not a good idea because that
string is subject to translations etc.  Now we have an explicit way of
telling that a key is missing.  For example:

  gpg --list-sigs --with-colons | \
    awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'

Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 17:53:17 +02:00
Werner Koch
23a714598c
gpg: Extend the ERRSIG status line with a fingerprint.
* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR.  Use ISSUER_FPR_RAW.
Use write_status_printf.  Extend ERRSIG status.
--

Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature.  This is also useful in error messages and thus we add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 16:41:18 +02:00
Werner Koch
789d240cb4
gpg: New option --no-symkey-cache.
* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-11 20:35:40 +02:00
Werner Koch
7fa6f14814
doc: Typo fix in gpg.texi
--

Reported-by: Cody Brownstein
2018-04-09 19:46:54 +02:00
Werner Koch
519e4560e8
doc: Add an example for --default-new-key-algo
--
2018-04-09 10:51:28 +02:00
Werner Koch
a4e26f2ee8
doc: Document --key-edit:change-usage
* g10/keyedit.c (menu_changeusage): Make strings translatable.
--

GnuPG-bug-id: 3816
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 10:36:26 +02:00
Werner Koch
2cd35df5db
gpg,sm: New option --request-origin.
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 09:06:20 +01:00
Werner Koch
05c55ee260
agent: New OPTION pretend-request-origin
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--

This allows to pretend that a request originated from the extra or
browser socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 08:37:14 +01:00
NIIBE Yutaka
5400a5bb77 build: Fix the manual source field.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-23 15:16:16 +09:00
Werner Koch
165bc38cef
gpg: Implement --dry-run for --passwd.
* g10/keyedit.c (change_passphrase): Take care of --dry-run.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-22 10:23:35 +01:00
Ben McGinnes
7e40c5efbe
doc: man page grammar
--
Fixed two grammatical errors: their vs. there and oneself vs. one
(one's self would still be too stilted).
2018-03-07 10:00:28 +01:00
Werner Koch
f060cb5c63
agent: Also evict cached items via a timer.
* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--

This change mitigates the risk of having cached items in a post mortem
dump.

GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-06 16:22:42 +01:00
Werner Koch
641aae783e
doc: Fix recently introduced typo in gpgsm.texi.
--
2018-02-22 16:39:52 +01:00
Werner Koch
cf006cbf73
doc: Clarify -export-secret-key-p12
--

GnuPG-bug-id: 3788
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-22 10:24:24 +01:00
Werner Koch
c4d8efb894
doc: Add extra hint on unattended use of gpg.
--
2018-02-21 10:17:20 +01:00
Werner Koch
685a5e1558
wks: Add special mode to --install-key.
* tools/gpg-wks-client.c (get_key_status_parm_s)
(get_key_status_cb, get_key): Move to ...
* tools/wks-util.c: ...here.
(get_key): Rename to wks_get_key.
* tools/gpg-wks-server.c: Include userids.h.
(command_install_key): Allow use of a fingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-20 15:23:19 +01:00
Werner Koch
ee474856ec
wks: Implement server command --install-key.
* tools/wks-util.c (wks_filter_uid): Add arg 'binary'.
* tools/gpg-wks-server.c (main): Expect 2 args for --install-key.
(write_to_file): New.
(check_and_publish): Factor some code out to ...
(compute_hu_fname): ... new.
(command_install_key): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-20 11:45:58 +01:00
Andre Heinecke
e0658b19d9
doc: Add compliance de-vs to gpgsm in vsnfd.prf
* doc/examples/vsnfd.prf: Set complaince mode for gpgsm.
2018-02-09 09:45:28 +01:00
Werner Koch
91a3d15cee
doc: Note --quick-gen-key as an alias for --quick-generate-key
--
2018-01-25 15:14:37 +01:00
Andre Heinecke
6fb5713f4a
doc: Note pinentry-mode for passphrase opts
* doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
Note that pinentry-mode needs to be loopback.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-01-09 08:48:54 +01:00
Werner Koch
7449063b1a
wks: New server options --check, --with-dir, with-file.
* tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const.
(opts): New options --check, --with-dir, and --with-file.
(main): Call command_check_key.
(command_list_domains): Implement option --with-dir.
(fname_from_userid): New.
(command_check_key): New.
(command_remove_key): Implement existsing command.
(command_revoke_key): Call command_remove_key as a simple
implementation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-19 17:42:10 +01:00
Werner Koch
482e000b8a
conf: New option --status-fd.
* tools/gpgconf.c (oStatusFD): New const.
(opts): New option --status-fd.
(statusfp): New var.
(set_status_fd): New.
(gpgconf_write_status): New.
(gpgconf_failure): New.
(main): Set status fd and replace exit by gpgconf_failure.
* tools/gpgconf-comp.c: Repalce exit by gpgconf_failure.
(gc_process_gpgconf_conf): Print a few warning status messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-18 17:46:05 +01:00
Werner Koch
8c878ae4c9
sm: Allow explicit setting of the default --compliance=gnupg
* sm/gpgsm.c (main): Allow setting of the default compliance.
* tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance".
--

This is required so that we can use this option in in gpgconf.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-18 12:05:31 +01:00
Werner Koch
c81a447190
Change backlog from 5 to 64 and provide option --listen-backlog.
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--

GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 14:14:40 +01:00
Werner Koch
3e72143023
doc: Typo fix
--
2017-12-11 10:17:59 +01:00
Werner Koch
6391de3e62
doc: Fix Dijkstra
--

Edsger Wybe Dijkstra (1930 --2002)
  - Dutch computer scientist
2017-12-08 07:40:06 +01:00
Daniel Kahn Gillmor
8a2917345b doc: clarify that --encrypt refers to public key encryption
--

A simple read of gpg(1) is ambiguous about whether --encrypt could be
for either symmetric or pubkey encryption.  Closer inference suggests
that --encrypt is about pubkey encryption only.  Make that clearer on
a first read.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-11-30 10:21:58 -05:00
Werner Koch
18af15249d
agent: New option --auto-expand-secmem.
* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
(opts): New option --auto-expand-secmem.
(main): Implement that option.
--

Note that this option has an effect only if Libgcrypt >= 1.8.2 is
used.

GnuPG-bug-id: 3530
2017-11-24 10:30:25 +01:00
NIIBE Yutaka
e1984969ca build: BSD make support for yat2m.
* configure.ac (YAT2M): Only define when found.
* doc/Makefile.am: Portability fix.

--

This is not intended to apply to master, but 2.2 branch only.  When
new libgpg-error is required, installation of yat2m can be assumed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-20 11:33:26 +09:00
Werner Koch
1b6d1ac976
doc: Add man page for gpgtar
--

This also removes the documentation for gpg-zip which is not
distributed anymore.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-15 10:17:17 +01:00
Will Thompson
1faf8187f9
doc: fix NEWSIG documentation
--
08c82b1 introduced one optional argument for this status message. Due to
an apparent editing error, the sentence fragment "arguments are
currently defined." was left in the documentation.

Signed-off-by: Will Thompson <wjt@endlessm.com>
2017-11-15 08:59:41 +01:00
Will Thompson
49635b454b
doc: expand documentation of PROGRESS message
--
This answers two questions that I was only able to answer by examining
each site where PROGRESS messages are emitted, and fixes a typo.

Signed-off-by: Will Thompson <wjt@endlessm.com>
2017-11-15 08:59:12 +01:00
Werner Koch
30f21f8b0f
dirmngr: Reduce default LDAP timeout to 15 seconds.
* dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
* dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f)
GnuPG-bug-id: 3487
2017-11-07 10:05:18 +01:00
Werner Koch
3607ab2cf3
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856)
2017-11-06 15:11:24 +01:00
Werner Koch
78a6d0ce88
agent: New option --s2k-count.
* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--

This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e)
2017-11-06 15:11:13 +01:00
Werner Koch
9e3f2a7e0b
doc: Fix "SEE ALSO" section of gpgv.
--
2017-10-20 08:56:39 +02:00
Werner Koch
2c7dccca9b
gpg: Print sec/sbb with --import-option import-show or show-only.
* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
--

Note that this will likely add the suffix '#' top "sec" because the
secret key has not yet (or will not be) imported.  If the secret key
already exists locally another suffix might be printed.  The upshot is
that the suffix has no usefulness.

GnuPG-bug-id: 3431
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 17:12:36 +02:00
Werner Koch
e725c4d653
doc: Make --check-sigs more prominent.
--

It seems people are using --list-sigs instead of --check-sigs and do
not realize that the signatures are not checked at all.  We better
highlight the use of --check-sigs to avoid this UI problem.

Suggested-by: Andrew Gallagher
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-27 17:24:31 +02:00
Werner Koch
50c8b6c88f
wks: Create a new user id if provider wants mailbox-only.
* tools/gpg-wks-client.c (get_key): Add arg 'exact'.
(add_user_id): New.
(command_send): Create new user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-18 15:41:51 +02:00
Werner Koch
9d80fb8e00
Release 2.2.0 2017-08-28 11:18:26 +02:00
Daniel Kahn Gillmor
e6f84116ab gpg: default to --no-auto-key-retrieve.
* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--

This is a partial reversion of
7e1fe791d188b078398bf83c9af992cb1bd2a4b3.  Werner and i discussed it
earlier today, and came to the conclusion that:

 * the risk of metadata leakage represented by a default
   --auto-key-retrieve, both in e-mail (as a "web bug") and in other
   contexts where GnuPG is used to verified signatures, is quite high.

 * the advantages of --auto-key-retrieve (in terms of signature
   verification) can sometimes be achieved in other ways, such as when
   a signed message includes a copy of its own key.

 * when those other ways are not useful, a graphical, user-facing
   application can still offer the user the opportunity to choose to
   fetch the key; or it can apply its own policy about when to set
   --auto-key-retrieve, without needing to affect the defaults.

Note that --auto-key-retrieve is specifically about signature
verification.  Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate.  This change
does not touch the --auto-key-locate default of "local,wkd".  The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-11 02:26:52 -04:00
Werner Koch
0a8e20c4c6
sm: Always print the keygrip in colon mode.
* sm/keylist.c (list_cert_colon): Always print the keygrip as
described in the manual.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-08 13:05:50 +02:00
Justus Winter
c4506f624e
gpg: Add option '--disable-dirmngr'.
* doc/gpg.texi: Document new option.
* g10/call-dirmngr.c (create_context): Fail if option is given.
* g10/gpg.c (cmd_and_opt_values): New value.
(opts): New option.
(gpgconf_list): Add new option.
(main): Handle new option.
* g10/options.h (struct opt): New field 'disable_dirmngr'.
* tools/gpgconf-comp.c (gc_options_gpg): New option.

GnuPG-bug-id: 3334
Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-08 11:43:22 +02:00
Daniel Kahn Gillmor
81074c3b02 systemd-user: Drop redundant After=*.socket.
* doc/examples/systemd-user/*.service: Drop redundant After=*.socket
directive.

--

systemd.socket(5) says:

   Socket units will have a Before= dependency on the service which
   they trigger added implicitly.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07 08:01:18 -04:00
Daniel Kahn Gillmor
407da18254 systemd-user: Drop RefuseManualStart=true.
* doc/examples/systemd-user/*.service: drop RefuseManualStart=true

--

These user services can be safely started manually as long as at least
their primary sockets are available.  They'll just start with nothing
to do, which should be fine.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07 08:01:18 -04:00
Daniel Kahn Gillmor
a611cba142 Fix spelling.
* doc/gpg.texi: s/occured/occurred/

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07 03:35:41 -04:00
Werner Koch
7e1fe791d1
gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.
* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
keyserver options.  Set the default for --auto-key-locate to
"local,wkd".  Reset that default iff --auto-key-locate has been given
in the option file or in the commandline.
* g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
--

GnuPG-bug-id: 3324
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 22:06:18 +02:00
Werner Koch
3d78ae4d3d
agent: Make --no-grab the default.
* agent/gpg-agent.c (oGrab): New const.
(opts): New option --grab.  Remove description for --no-grab.
(parse_rereadable_options): Make --no-grab the default.
(finalize_rereadable_options): Allow --grab to override --no-grab.
(main) <gpgconflist>: Add "grab".
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 18:34:03 +02:00
Werner Koch
d9fabcc198
gpg: New import option show-only.
* g10/options.h (IMPORT_DRY_RUN): New.
* g10/import.c (parse_import_options): Add "show-only".
(import_one): use that as alternative to opt.dry_run.
--

This is just a convenience thing for

  --import-options import-show --dry-run

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 17:03:03 +02:00
Werner Koch
be636c3cfc
doc: Add man pages form gpg-wks-server and gpg-wks-client.
* doc/wks.texi: New.
* doc/gnupg.texi: Include wks.texi.
* doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi.
(myman_pages): Add new man pages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 17:53:00 +02:00
Andre Heinecke
4f569c6907
doc: Update vsnfd profile example
* doc/examples/vsnfd.prf: Use rsa3072

--
This brings it in line with the requested default for vsnfd.
2017-07-26 15:48:02 +02:00
Werner Koch
fd68bdb61e
dirmngr: Auto-enable Tor on startup or reload.
* dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility.
--

GnuPG-bug-id: 2935
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 10:58:15 +02:00
Werner Koch
aa358ac78c
doc: Use @var for meta variables in gpg.texi
--

This results in more standrard man pages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 21:29:51 +02:00
Werner Koch
87b5421ca8
gpg: Extend --key-origin to take an optional URL arg.
* g10/getkey.c (parse_key_origin): Parse appended URL.
* g10/options.h (struct opt): Add field 'key_origin_url'.
* g10/gpg.c (main) <aImport>: Pass that option to import_keys.
* g10/import.c (apply_meta_data): Extend for file and url.
* g10/keyserver.c (keyserver_fetch): Pass the url to
import_keys_es_stream.
--

Example:

  gpg --key-origin url,myscheme://bla --import FILE

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 21:10:58 +02:00
Werner Koch
5dac85fba7
doc: Revert the bug reporting address to bugs.gnupg.org
--

dev.gnupg org is the development platform but the canonical bug
address is and has always been bugs.gnupg.org.  We should keep on
using this address for the case that we switch the tracker again or
split it off the development system.

That is also the reason why we should keep on communicating a plain
bug number without the 'T' prefix.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 10:43:27 +02:00
Werner Koch
b55b72bb81
gpg: Extend --quick-set-expire to allow subkey expiration setting.
* g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs.
(menu_expire): Rename arg force_mainkey to unattended and allow
unattended changing of subkey expiration.
* g10/gpg.c (main): Extend --quick-set-expire.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-21 18:15:01 +02:00
Marcus Brinkmann
cea4313644 doc: Clarify wording of export-attributes.
* doc/gpg.texi: Clarify wording of export-attributes.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2228
2017-07-20 19:12:06 +02:00
Werner Koch
165cdd8121
gpg: New option --with-key-origin.
* g10/getkey.c (parse_key_origin): Factor list out as ...
(key_origin_list): new struct.
(key_origin_string): New.
* g10/gpg.c (oWithKeyOrigin): New const.
(opts): New option --with-key-origin.
(main): Implement option.
* g10/options.h (struct opt): New flag with_key_origin.
* g10/keylist.c (list_keyblock_print): Print key origin info.
(list_keyblock_colon): Ditto.
2017-07-20 18:13:40 +02:00
Werner Koch
33ecb541fc
doc: Comment fixes and one trailing comma fix.
--
2017-07-20 18:13:40 +02:00
Werner Koch
fa1155e89e
gpg: New option --key-origin.
* g10/keydb.h (KEYORG_): Rename to KEYORG_.
* g10/packet.h (PKT_user_id): Rename field keysrc to keyorg.  Adjust
users.
(PKT_public_key): Ditto.
(PKT_ring_trust): Ditto.
* g10/options.h (struct opt): Add field key_origin.
* g10/getkey.c (parse_key_origin): New.
* g10/gpg.c (oKeyOrigin): New.
(opts): Add "keys-origin".
(main): Set option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 18:29:01 +02:00
Marcus Brinkmann
877a321d01 doc: Document gnupg version requirement for gpg-preset-passphrase.
Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2331
2017-07-13 17:12:42 +02:00
Neal H. Walfield
243b2a570c doc: Improve TOFU documentation.
* doc/gpg.texi: Improve TOFU documentation.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Teemu Likonen <tlikonen@iki.fi>
2017-07-06 21:17:31 +02:00
Justus Winter
4c3a59e9c0
doc: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-06 12:56:42 +02:00
Daniel Shahaf
4538f3cf8d doc: minor clarification
---
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-07-05 16:55:53 -04:00
Werner Koch
139de02b93
doc: Update yat2m to take care of SOURCE_DATE_EPOCH.
* doc/yat2m.c (main): Set a default for OPT_DATE.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-05 11:01:36 +02:00
Werner Koch
f6faa05874
doc: Prefer an installed version of yat2m
* configure.ac (YAT2M): Check for tool.
* doc/Makefile.am (yat2m-stamp): Use installed tool if possible.
--
2017-07-05 11:01:36 +02:00
Marcus Brinkmann
7fb724c616 doc: Document obsolete option in gpgsm. Closes T2231.
* doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2231
2017-07-01 14:30:04 +02:00
Werner Koch
f31dc2540a
gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.
* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--

This status code allows to report whether an encryption operation was
compliant to de-vs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-23 12:01:20 +02:00
Justus Winter
9b12b45aa5
gpg: Check and fix keys on import.
* doc/gpg.texi: Document the new import option.
* g10/gpg.c (main): Make the new option default to yes.
* g10/import.c (parse_import_options): Parse the new option.
(import_one): Act on the new option.
* g10/options.h (IMPORT_REPAIR_KEYS): New macro.

GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-14 09:36:28 +02:00
Werner Koch
9b43220b8a
dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.
* dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New
enums.
(opts): New options --connect-timeout and --connect-quick-timeout.
(DEFAULT_CONNECT_TIMEOUT): New.
(DEFAULT_CONNECT_QUICK_TIMEOUT): New.
(parse_rereadable_options): Handle new options.
(post_option_parsing): New.  Use instead of direct calls to
set_debug() and set_tor_mode ().
(main): Setup default timeouts.
(dirmngr_init_default_ctrl): Set standard connect timeout.
* dirmngr/dirmngr.h (opt): New fields connect_timeout and
connect_quick_timeout.
(server_control_s): New field timeout.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to
http_raw_connect.
* dirmngr/ks-engine-hkp.c (send_request): Call
http_session_set_timeout.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get)
(cmd_ks_fetch): Implement --quick option.
--

The standard connect timeouts are way to long so we add a timeout to
the connect calls.  Also implement the --quick option which is already
used by gpg for non-important requests (e.g. looking up a key for
verification).

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 09:37:36 +02:00
Justus Winter
be8ca88526
gpg: Report compliance with CO_DE_VS.
* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD.  This information will be picked up by the frontend and
presented to the user.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 13:16:18 +02:00
Justus Winter
485b5a6e6d
doc: Improve documentation.
* doc/gpgsm.texi: Mention that '--with-key-data' implies
'--with-colons'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-31 17:38:16 +02:00
Justus Winter
525f2c482a
agent: Make digest algorithms for ssh fingerprints configurable.
* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--

OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256.  This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-24 18:09:07 +02:00
Daniel Kahn Gillmor
3713f67026 doc: Fix spellings.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-05-18 16:34:37 -04:00
Daniel Kahn Gillmor
705da1eb23 docs: Point to https://dev.gnupg.org/ .
Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/.  Since
the project has transitioned to a better workflow for supporting
contributions, we should ensure that our documentation points to the
right place.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-05-18 15:05:57 -04:00
Justus Winter
3a8c94e522
doc: Fix name of program.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-11 17:41:00 +02:00
Justus Winter
6fdeef5b61
doc: Fix documentation.
--
Fixes-commit: da4db172f6f8fb254b770e59770c531a488e2400
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-08 12:18:19 +02:00
Daniel Kahn Gillmor
201f868030 g10: Remove skeleton options files.
* build-aux/speed/w32/inst.nsi: stop installing skeleton files.
* doc/gpg.texi: stop documenting skeleton files.
* g10/Makefile.am: stop installing skeleton files.
* g10/openfile.c (copy_options_file): Remove.
(try_make_homedir): do not call copy_options_file.

--

The defaults for gpg and dirmngr are good.  Both programs should work
fine for the simple case without any config file.  The skeleton config
files were being copied at first use (when the defaults are fine).
But when the user needs to fiddle with them (after they've become
sophisticated users), they're likely out of date because gpg has been
upgraded since then.  So they're used for documentation, but they're
stale documentation, which is probably worse than a clean empty file.

GnuPG-bug-id: 3086
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-05-02 18:55:32 +09:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
Werner Koch
9c9fde1495
doc: Explain the '>' in a key listing.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-07 10:26:55 +02:00
Werner Koch
3533b85440
dirmngr: New option --disable-ipv6
* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
* dirmngr/dirmngr.c (oDisableIPv6): New const.
(opts): New option --disable-ipv6.
(parse_rereadable_options): Set that option.
* dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
(set_dns_disable_ipv6): New.
(resolve_name_standard): Make use of it.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
OPT.DISABLE_IPV6.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:56:12 +02:00
Werner Koch
608124af2c
doc: Add two example profiles.
--
2017-04-03 16:54:43 +02:00
Werner Koch
d24375271b
agent: Use OCB for key protection with --enable-extended-key-format.
* agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
(agent_protect): Make the default protection mode depend on the extend
key format option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-02 20:02:55 +02:00
Werner Koch
a8895c99a7
gpg: Revamp reading and writing of ring trust packets.
* g10/parse-packet.c (parse_trust): Rename to ...
(parse_ring_trust): this.  Change args and implement new ring trust
packet format.
(parse): Add special ring trust packet handling.
* g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
KEYSRC.
(PKT_public_key): Ditto.
(RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
(PKT_ring_trust): New.
(struct packet_struct): Remove member RING_TRUST.
(strcu parse_packet_ctx_s): Add field SKIP_META.
(init_parse_packet): Init SKIPT_META.
* g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
(free_user_id): Ditto.
* g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
lines.
* g10/build-packet.c (build_packet_and_meta): New.
(do_ring_trust): New.
* g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
in backup mode.
(do_export_one_keyblock): Ditto.
* g10/import.c (read_block): Add arg WITH_META.  Skip ring trust
packets if that ism not set.
(import): Call read_block WITH_META in restore mode.
* g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
(KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants.  They are not
yet used, though.
* g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
(build_keyblock_image): Ditto.  Use build_packet_and_meta.
* g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
ring trust packets.
(write_keyblock): Use build_packet_and_meta.  Remove special treatment
of ring trust packets and initialization of the signature caches.
--

This patch introduced the framework to store meta data for keys and
user ids in the keyrings/keyboxes.  Ring trust packets are
implementation defined and have always been used in gpg to cache the
signature verification status.

Ring trust packets are only exported with the export option "backup"
and only imported with the import option "restore".

The new code uses a cleaner way to handle the ring trust packets: When
the parser reads a ring trust packet and the previously read packet
matches the type of that ring trust packet, the information is stored
in that previously read packet (signature, user id, or primary key)
and the next packet is read immediately.  Thus only the parser sees
the ring trust packets.  Ring trust packets are written by using the
new function build_packet_and_meta instead of build_packet.  That
function writes a ring trust packet when the needed information is
available.

As a side-effect of this patch the signature status cache works again
and "gpg --check-sigs" is thus much faster.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 09:07:02 +02:00
Werner Koch
4af389c972
gpg: Prepare for listing last_update and key origin data.
* g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20.

--

We add them now to early catch error in parsers which arbitrary limit
the number of fields in --with-colon listings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-28 12:32:05 +02:00
Werner Koch
2c237c1362
agent: New option --enable-extended-key-format.
* agent/gpg-agent.c (oEnableExtendedKeyFormat): New const.
(opts): New option --enable-extended-key-format.
(parse_rereadable_options): Set option
* agent/findkey.c (write_extended_private_key): Add arg 'update'.
(agent_write_private_key): Implement new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-24 10:35:36 +01:00
Werner Koch
74c1f30ad6
gpg: New command --quick-set-primary-uid.
* g10/gpg.c (aQuickSetPrimaryUid): New const.
(opts): New command --quick-set-primary-uid.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ...
(quick_find_keyblock): new func.
(keyedit_quick_revuid): Use quick_find_keyblock.
(keyedit_quick_set_primary): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 15:09:30 +01:00
Werner Koch
fe0b37e123
gpg: Add new field no 18 to the colon listing.
* g10/misc.c (gnupg_pk_is_compliant): New.
* g10/keylist.c (print_compliance_flags): New.
(list_keyblock_colon): Call it here.
* sm/keylist.c (print_compliance_flags): New.
(list_cert_colon): Call it here.
--

This patch is to convey information about DE_VS compliant keys to the
caller.  The double digit value is used so that parsers do the right
thing and don't just look for a single digit.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-20 10:09:40 +01:00
Werner Koch
e2c63a13e2
gpg: Remove unused stuff.
* g10/OPTIONS: Remove.
* g10/options.h (struct opt): Remove 'shm_coprocess'.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-20 08:40:21 +01:00
Werner Koch
f0257b4a86
doc: Add a note to the trust model direct.
* doc/gpg.texi (GPG Configuration Options): Add note.  Chnage Index
from trust-mode:foo to trust-model:foo.
2017-03-08 11:35:53 +01:00
Werner Koch
1813f3be23
gpg: Add new variables to the import and export filters.
* g10/import.c (impex_filter_getval): Add new variables "expired",
"revoked", and "disabled".

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-03 09:22:40 +01:00
Werner Koch
891ab23411
gpg: Make --export-options work with --export-secret-keys.
* g10/export.c (export_seckeys): Add arg OPTIONS and pass it to
do_export.
(export_secsubkeys): Ditto.
* g10/gpg.c (main): Pass opt.export_options to export_seckeys and
export_secsubkeys
--

Back in the old days we did not used the export options for secret
keys export because of a lot of duplicated code and that the old
secring.gpg was anyway smaller that the pubring.gpg.  With 2.1 it was
pretty easy to enable it.

Reported-by: Peter Lebbing
GnuPG-bug-id: 2973
2017-03-01 14:41:47 +01:00
Werner Koch
7af5d61c6e
gpgv: New options --log-file and --debug
* g10/gpgv.c (oLoggerFile, oDebug): New consts.
(opts): Add options --log-file and --debug.
(main): Implement options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-24 13:23:16 +01:00