1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

1070 Commits

Author SHA1 Message Date
Werner Koch
db687d15e6
doc: Remove man page for symcryptrun.
--

The tool has no more configure option to build it and thus the man
page does not make sense.  We keep the actual file for reference,
though.

GnuPG-bug-id: 5290
2021-02-09 18:28:09 +01:00
Werner Koch
261fb98c6f
doc: Explain LDAP keyserver parameters 2020-12-21 17:24:41 +01:00
Werner Koch
559efd23e9
gpg: New AKL method "ntds"
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
support for KEYDB_SEARCH_MODE_MAIL.
(ks_ldap_get): Add a debug.
* g10/options.h (AKL_NTDS): New.
* g10/keyserver.c (keyserver_import_ntds): New.
(keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
* g10/getkey.c (parse_auto_key_locate): Support "ntds".
(get_pubkey_byname): Ditto.
2020-12-17 18:19:01 +01:00
Jens Meißner
a3f95a29b9
doc: Add parameters for batch generation of ECC keys.
* doc/gpg.texi: Add parameters for batch generation of ECC keys.

--

There are parameters required for batch generation of ECC keys which
weren't mentioned in the documentation.

Signed-off-by: Jens Meißner <meissner@b1-systems.de>
2020-12-01 09:58:32 +01:00
Gavin L. Rebeiro
563db31467
doc: Fix typos
--
GnuPG-bug-id: 5071

Also fixed one in keyformat.txt [wk].

(cherry picked from commit 572bcacc287d24d0a2cc56442f9fb6a9ac49e12d)
2020-11-23 12:13:52 +01:00
Werner Koch
7f765a98fd
card: Run factory-reset in locked stated.
* scd/command.c (reset_notify): Add option --keep-lock.
(do_reset): Add arg keep_lock.
(cmd_lock): Send progress status.
* g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs.
* g10/card-util.c (send_apdu): Ditto.
(factory_reset): Use lock commands.
--

This is required so that for example Kleopatra does not detect the
RESET and issues a SERIALNO of its own, thus conflicting with our
SERIALNO undefined.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09 13:04:38 +01:00
Werner Koch
a4fa4b5d4b
speedo,w32: Install gpg-check-pattern and example profiles.
* doc/examples/vsnfd.prf: Rename to VS-NfD.prf.
* doc/examples/Automatic.prf: New.
* doc/Makefile.am (examples): Adjust.
* build-aux/speedo/w32/inst.nsi: Install gpg-check-pattern.exe and 3
example files.
* build-aux/speedo/w32/wixlib.wxs: Add new files.
--

Note that we renamed the existing example profile so that kleopatra
shows a nicer name.  In fact the gpg4win installer just copies of
theses file but it is better to maintain them here.

gpg-check-pattern.exe can no be installed because we meanwhile have a
regex lib which works also on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-04 18:15:37 +01:00
Werner Koch
7ec56b0336
gpg: New command --quick-revoke-sig
* g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig.
(opts): Add --quick-revoke-sig.
(main): Implement.
* g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and
adjust all callers.
(keyedit_quick_revsig): new.
* g10/revoke.c (get_default_sig_revocation_reason): New.
* g10/keylist.c (cmp_signodes): New.
--

GnuPG-bug-id: 5093
Backported-from-master: 243f9176e799b2328f2e5bed93099bfc474fdc5a
2020-10-28 18:10:01 +01:00
Andre Heinecke
d833030f8c
doc: Remove enable-extended-key-format in vsnfd
* doc/examples/vsnfd.prf: Remove enable-extended-key-format

--
This is no longer a valid option for gpg-agent because it
is now the default.
2020-10-01 18:22:44 +02:00
Werner Koch
5b6cfef620
build: Fix recent commit for SOURCE_DATE_EPOCH.
--

Fixes-commit: 5ade2b68db231c78d8ecca0eb21db2153da958d2
which was recently pushed to make use of $SOURCE_DATE_EPOCH
as fallback.

(cherry picked from commit 61bb75d045a3709d1cba0084c95e991dfd52c8ee)
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-09 15:40:08 +02:00
Gavin L. Rebeiro
27652e0ca7
doc: Fix typos
--
2020-08-27 12:53:10 +02:00
Werner Koch
b5de213efe
doc: Add a remark about keyservers.
--
2020-08-27 12:51:12 +02:00
Werner Koch
60f08969e1
gpg: Set default keysize to rsa3072
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
(gen_rsa): Set fallback to 3072.
(get_keysize_range): Set default to 3072.
* doc/examples/vsnfd.prf: No more need for default-new-key-algo.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 13:08:25 +02:00
Werner Koch
5b927b7b27
agent: Default to extended key format.
* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(opts): Make --enable-extended-key-format a dummy option.  Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
* agent/protect.c (agent_protect): Be safe and set use_ocb either to
to 1 or 0.
--

Extended key format is supported since version 2.1.12 which should have
long been replaced by a newer version in all installations.  Thus for
2.2.22 we will make use of the extended-key-format by default.

This is a backport of the commits:
05eff1f6623c272fcabd4e238842afc832710324
91ae3e7fb66271691f6fe507262a62fc7e2663a3

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 15:10:08 +02:00
Werner Koch
843890663b
gpgtar,w32: Handle Unicode file names.
* tools/gpgtar.c (oUtf8Strings): New.
(opts): Add option --utf8-strings.
(parse_arguments): Set option.
* tools/gpgtar.h (opt): Add field utf8strings.
* tools/gpgtar-create.c (name_to_utf8): New.
(fillup_entry_w32): Use that.
(scan_directory): Ditto.
(scan_directory) [W32]: Convert file name to utf8.
(gpgtar_create): Convert pattern.
--

Note that this works only with file names read from a file or if the
specified files on the command line are plain ascii.  When recursing
into a directory Unicode file names work again.  This limitation is
due to  main(int, char**) which can't get the wchar version.  We could
fix that but is needs a bit more work in our init code.

GnuPG-bug-id: 4083
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:38:20 +02:00
Werner Koch
77f97eec49
doc: Describe the relation between pubring.gpg and pubring.kbx
--
GnuPG-bug-id: 4958
2020-08-20 10:16:10 +02:00
Werner Koch
a4d73b1c8e
gpg: Fix regression for non-default --passphrase-repeat option.
* agent/command.c (cmd_get_passphrase): Take care of --repeat with
--newsymkey.
--

GnuPG-bug-id: 4997
2020-08-20 09:35:58 +02:00
Werner Koch
9c57de75cf
sm: Also show the SHA-256 fingerprint.
* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
(list_cert_raw): Print the SHA2 fingerprint.
(list_cert_std): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: e7d70923901eeb6a2c26445aee9db7e78f6f7f3a

Here in 2.2 we keep the string "fingerprint:" and no not change it to
"sha1 fpr" as we did in master (2.3).
2020-08-04 11:15:47 +02:00
Werner Koch
5ade2b68db
doc: Minor enhancement for reproducibility.
* doc/Makefile.am (defsincdate): In no repo mode and with
SOURCE_DATE_EPOCH set, use that instead of blanking the date.
--

GnuPG-bug-id: 4947
2020-06-03 17:16:44 +02:00
Werner Koch
aec7d136e4
sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.
* sm/certchain.c (find_up): Disable external lookups in offline mode.
Always allow AKI lookup if CRLs are also enabled.
--

GnuPG-bug-id: 4898
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 19:07:36 +02:00
Werner Koch
1dfe71c62b
gpg: Support decryption of the new AEAD packet
* common/openpgpdefs.h (aead_algo_t): New.
(pkttype_t): Add PKT_ENCRYPTED_AEAD.
* g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
AEAD.
(aead_set_nonce_and_ad): New.
(aead_checktag): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/dek.h (DEK): Add field use_aead.  Turn use_mdc,
algo_info_printed, and symmetric into bit flags.
* g10/mainproc.c (struct mainproc_context): Add field
seen_pkt_encrypted_aead.
(release_list): Clear it.
(have_seen_pkt_encrypted_aead): New.
(symkey_decrypt_seskey): Support AEAD.
(proc_symkey_enc): Ditto.
(proc_encrypted): Ditto.
(proc_plaintext): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(openpgp_aead_algo_info): New.
* g10/packet.h (PKT_symkey_enc): Add field use_aead.
(PKT_user_id): Add field flags.aead
(PKT_public_key): Ditto.
(PKT_encrypted): Add fields for AEAD.
* g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
(parse_symkeyenc): Support AEAD.
(parse_encrypted): Ditto.
(dump_sig_subpkt): Dump AEAD preference packet.
(parse_encrypted_aead): New.
--

This patch allows to decrypt data encrypted using the new AEAD
mechanism as specified in rfc4880bis.  Although preferences are used
to enable this new mode, it is useful to have at least a decryption
option in case a user switches between GnuPG 2.2 and newer versions.

The new AEAD mechanism is much faster than the current CFB+MDC and
thus 2.2 will allow faster decryption of symmetric only decryption.

This patch is based on the current master (2.3) code base and includes
a few other patches.  In particular
commit 44be675b759d27bac310c2de8bae1b7882a26b65
(gpg: More check for symmetric key encryption.)
is included.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 08:25:55 +02:00
Werner Koch
9497d25c56
scd: Factor common PIN status check out.
* scd/iso7816.h (ISO7816_VERIFY_ERROR): New.
(ISO7816_VERIFY_NO_PIN): New.
(ISO7816_VERIFY_BLOCKED): New.
(ISO7816_VERIFY_NULLPIN): New.
(ISO7816_VERIFY_NOT_NEEDED): New.
* scd/iso7816.c (iso7816_verify_status): New.
* scd/app-nks.c (get_chv_status): Use new function.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master:
- Removed the non-existant app-piv.c patches.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:35:55 +02:00
Werner Koch
431b3e68e0
scd:openpgp: New attribute "MANUFACTURER".
* scd/app-openpgp.c (get_manufacturer): New..
(do_getattr): Add new attribute "MANUFACTURER".
(do_learn_status): Always print it.
--

This will make it easy to maintain the list of OpenPGP vendors at just
one place.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master:

.. or well in master and 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:16:05 +02:00
Werner Koch
1424c12e4c
sm: Consider certificates w/o CRL DP as valid.
* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
* sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
* sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.
--

If the issuer does not provide a DP and the user wants such an issuer,
we expect that a certificate does not need revocation checks.  The new
option --enable-issuer-based-crl-check can be used to revert to the
old behaviour which requires that a suitable LDAP server has been
configured to lookup a CRL by issuer.

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from master)
2020-03-27 21:20:13 +01:00
Daniel Kahn Gillmor
b6d89d1944
gpg: Update --trusted-key to accept fingerprint as well as long key id.
* g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well
as long key ID.
* doc/gpg.texi: document that --trusted-key can accept a fingerprint.
--

GnuPG-bug-id: 4855
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Fixed uses or return and kept the old string to avoid breaking
translations.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb)

Remove the test for FPRLEN which we do not have in 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-18 14:01:17 +01:00
Werner Koch
95b42278ca
gpg: New option --auto-key-import
* g10/gpg.c (opts): New options --auto-key-import,
--no-auto-key-import, and --no-include-key-block.
(gpgconf_list): Add them.
* g10/options.h (opt): Add field flags.auto_key_import.
* g10/mainproc.c (check_sig_and_print): Use flag to enable that
feature.
* tools/gpgconf-comp.c: Give the new options a Basic config level.
--

Note that the --no variants of the options are intended for easy
disabling at the command line.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 20:07:37 +01:00
Werner Koch
d79ebee64e
gpg: New option --include-key-block.
* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.
--

This patch adds support for a to be proposed OpenPGP ferature:

  Introduce the Key Block subpacket to align OpenPGP with CMS.

  This new subpacket may be used similar to the CertificateSet of
  CMS (RFC-5652) and thus allows to start encrypted communication
  after having received a signed message.  In practice a stripped down
  version of the key should be including having only the key material
  and the self-signatures which are really useful and shall be used by
  the recipient to reply encrypted.

  #### Key Block

  (1 octet with value 0, N octets of key data)

  This subpacket MAY be used to convey key data along with a signature
  of class 0x00, 0x01, or 0x02.  It MUST contain the key used to create
  the signature; either as the primary key or as a subkey.  The key
  SHOULD contain a primary or subkey capable of encryption and the
  entire key must be a valid OpenPGP key including at least one User ID
  packet and the corresponding self-signatures.

  Implementations MUST ignore this subpacket if the first octet does not
  have a value of zero or if the key data does not represent a valid
  transferable public key.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 19:38:09 +01:00
Werner Koch
2baa00ea18
gpg: Add property "fpr" for use by --export-filter.
* g10/export.c (push_export_filters): New.
(pop_export_filters): New.
(export_pubkey_buffer): Add args prefix and prefixlen.  Adjust
callers.
* g10/import.c (impex_filter_getval): Add property "fpr".
* g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
--

The push and pop feature will help us to use the export filter
internally in gpg.  Same for the export_pubkey_buffer change.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 19:15:00 +01:00
Nick Piper
60dbe08294 doc: Correction of typo in documentation of KEY_CONSIDERED
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 0e1cbabc0ad4fe2ca9644fffb5cf27b1a8a1509f)
2020-02-18 18:12:01 -05:00
Werner Koch
146dacd3b1
doc: Improve the warning section of the gpg man page.
* doc/gpg.texi: Update return value and warning sections.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 113a8288b85725f7726bb2952431deea745997d8)
2020-02-10 17:14:43 +01:00
Werner Koch
b966d05837
doc: Removed the footnote that OpenPGP is not used with the keybox
--
GnuPG-bug-id: 4799
2020-01-08 13:32:23 +01:00
Werner Koch
dd373d4a27
doc,dirmngr: Clarify --standard-resolver.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c21267e1c7aab332ebcd26f27f7f9724839a8e3a)
GnuPG-bug-id: 4547
2019-11-23 20:30:22 +01:00
Werner Koch
499cd4d2eb
doc: Clarify how to use --log-file in gpg.
--

Note that in 2.3 --batch is not anymore required.
2019-11-18 18:51:36 +01:00
Werner Koch
3efc94f1eb
dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--

For example a

  gpg -v --locate-external-keys dd9jn@posteo.net

now yields

  gpg: Note: server uses an invalid certificate
  gpg: (further info: bad cert for 'posteo.net': \
                      Hostname does not match the certificate)
  gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
  gpg: error reading key: Wrong name

(without -v the "further info" line is not shown).  Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses.  Anyway, this help to show the feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:44:36 +01:00
Werner Koch
3b1fcf6523
gpg: Add option --allow-weak-key-signatures.
* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
* g10/misc.c (print_sha1_keysig_rejected_note): New.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e624c41dbafd33af82c1153188d14de72fcc7cd8)
2019-11-11 12:29:18 +01:00
Werner Koch
1d83f92fa9
doc: Improved description of status PLAINTEXT_LENGTH.
--

GnuPG-bug-id: 4741
2019-11-07 15:46:00 +01:00
Werner Koch
2975868ede
gpg: Fix a potential loss of key sigs during import with self-sigs-only.
* g10/import.c (import_one_real): Don't do the final clean in the
merge case.
--

This fixes a regression introduced with self-sigs-only.

GnuPG-bug-id: 4628
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6701a38f8e4a35ba715ad37743b8505bfd089541)
2019-11-07 15:13:13 +01:00
Werner Koch
76d606d95d
doc: Typo fix for gpg.texi in desc of --local-sigs.
--

(Already fixed in master in January)
2019-10-17 16:40:46 +02:00
Werner Koch
652ca4b2bf
gpg: Extend --quick-gen-key for creating keys from a card.
* g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
support the special algo "card".
(parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
Handle the "card" algo.  Adjust callers.
(parse_algo_usage_expire): Add arg R_KEYGRIP.
(quickgen_set_para): Add arg KEYGRIP and put it into the parameter
list.
(quick_generate_keypair): Handle algo "card".
(generate_keypair): Also handle the keygrips as returned by
parse_key_parameter_string.
(ask_algo): Support ed25519 from a card.
--

Note that this allows to create a new OpenPGP key from an initialized
OpenPGP card or from any other supported cards.  It has been tested
with the TCOS Netkey card.  Right now a stub file for the cards might
be needed; this can be achieved by running "gpgsm --learn" with the
card plugged in.

Example:

  gpg --quick-gen-key foo@example.org card

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master d3f5d8544fdb43082ff34b106122bbf0619a0ead
which required to remove the extra key version args.

GnuPG-bug-id: 4681
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-15 12:11:02 +02:00
Werner Koch
beeab41e47
doc: Fix c+p bug in the examples for --import-filter.
--

Reported-by: Steve McIntyre
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-12 12:33:33 +02:00
Werner Koch
b96b48d2bf
doc: Fix grammar error.
--
GnuPG-bug-id: 4691
2019-08-30 08:32:57 +02:00
Werner Koch
fbed618a36
gpg: Allow direct key generation from card with --full-gen-key.
* g10/call-agent.c (agent_scd_readkey): New.
* g10/keygen.c (ask_key_flags): Factor code out to ..
(ask_key_flags_with_mask): new.
(ask_algo): New mode 14.
--

Note that this new menu 14 is always displayed.  The usage flags can
be changed only in --expert mode, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit a480182f9d7ec316648cb64248f7a0cc8f681bc3)

Removed stuff from gpg-card which does not exists in 2.2.  No tests
yet done for this backport.
2019-08-21 10:37:01 +02:00
Daniel Kahn Gillmor
d10bb027e4 doc: fix spelling
* doc/tools.texi: fix a handful of minor spelling errors.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-07-11 21:27:59 -04:00
Werner Koch
3242837d20
gpg: With --auto-key-retrieve prefer WKD over keyservers.
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver.  Remove keyserver lookup just by the
keyid.  Try a WKD lookup before a keyserver lookup.
--

The use of the the keyid for lookups does not make much sense anymore
since for quite some time we do have the fingerprint as part of the
signature.

GnuPG-bug-id: 4595
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9)
2019-07-05 10:43:55 +02:00
Werner Koch
2b7151b0a5
gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
* g10/gpg.c (main): Change default.
--

Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures.  That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.

To revert to the old behavior add

  keyserver-optiions  no-self-sigs-only,no-import-clean

to gpg.conf.

GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 23c978640812d123eaffd4108744bdfcf48f7c93)
2019-07-04 15:59:14 +02:00
Werner Koch
46f3283b34
gpg: New command --locate-external-key.
* g10/gpg.c (aLocateExtKeys): New.
(opts): Add --locate-external-keys.
(main): Implement that.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
(get_best_pubkey_byname): Add arg 'mode' and pass on to
get_pubkey_byname.  Change callers.
* g10/keylist.c (public_key_list): Add arg 'no_local'.
(locate_one): Ditto.  Pass on to get_best_pubkey_byname.
--

This new command is a shortcut for

  --auto-key-locate nodefault,clear,wkd,... --locate-key

and uses the default or configured AKL list but does so without local.

See also
GnuPG-bug-id: 4599

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d00c8024e58822e0623b3fad99248ce68a8b7725)
2019-07-04 15:14:43 +02:00
Peter Lebbing
37b549dfe0
Mention --sender in documentation 2019-07-03 16:21:32 +02:00
Werner Koch
adb120e663
gpg: New import and keyserver option "self-sigs-only"
* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
* g10/import.c (parse_import_options): Add option "self-sigs-only".
(read_block): Handle that option.
--

This option is intended to help against importing keys with many bogus
key-signatures.  It has obvious drawbacks and is not a bullet-proof
solution because a self-signature can also be faked and would be
detected only later.

GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0)
2019-07-01 15:23:23 +02:00
Daniel Kahn Gillmor
175d194b5d doc/wks.texi: fix typo
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-28 21:09:13 -04:00
Werner Koch
d9b31d3a20
gpg: Allow deletion of subkeys with --delete-[secret-]key.
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--

GnuPG-bug-id: 4457
2019-05-27 11:41:35 +02:00