1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

156 Commits

Author SHA1 Message Date
Werner Koch
f0bca16ad3
doc: Explain that qualified.txt is a legacy method.
--
2024-11-22 13:44:43 +01:00
Werner Koch
33e571a74a
gpgsm: New option --assert-signer
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--

GnuPG-bug-id: 7286
2024-09-11 14:30:40 +02:00
Werner Koch
f9919bcc48
gpg,gpgsm: New option --disable-fd-translation.
* common/sysutils.c (no_translate_sys2libc_fd) [W32]: New global.
(disable_translate_sys2libc_fd): New.
(translate_sys2libc_fd): Make static and cobuild only for Windows.
(translate_sys2libc_fd_int): Use no_translate_sys2libc_fd flag.

* g10/gpg.c, sm/gpgsm.c (oDisableFdTranslation): New const.
(opts): Add option "disable-fd-translation".
(main): Set option.
--

GnuPG-bug-id: 7060
2024-03-26 15:46:56 +01:00
Werner Koch
4485930f9f
Merge branch 'STABLE-BRANCH-2-4'
--
Resolved conflicts:
	NEWS
	common/exechelp-w32.c
	configure.ac
2024-03-12 16:00:55 +01:00
Werner Koch
2ed1f68b48
doc: Fix spelling errors found by lintian.
--

Reported-by: Andreas Metzler <ametzler@debian.org>
2024-01-29 09:16:21 +01:00
Werner Koch
387ee7dcbd
Merge branch 'STABLE-BRANCH-2-4'
* common/b64dec.c (b64decode): Move to ...
* common/miscellaneous.c: here.

* common/t-b64.c: Re-inroduce and keep only the b64decode test code.
2023-11-07 20:38:27 +01:00
NIIBE Yutaka
337de21f4b
doc: Use the em dash to mark a break in a sentence.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-11-07 13:55:29 +09:00
NIIBE Yutaka
00da0e9f93
doc: Remove stray .RE in doc/gpgsm.texi.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-11-06 14:47:21 +09:00
NIIBE Yutaka
c2812a9bbc
doc: Fix to avoid using en-dash for command options.
--

GnuPG-bug-id: 6746
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-11-02 15:05:19 +09:00
NIIBE Yutaka
16b6b77532
Minor style fixes.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-10-05 14:00:46 +09:00
Werner Koch
776876ce1c
gpgsm: Add --always-trust feature.
* sm/gpgsm.h (opt): Re-purpose unused flag always_trust.
(struct server_control_s): Add "always_trust".
(VALIDATE_FLAG_BYPASS): New.
* sm/gpgsm.c (oAlwaysTrust): New.
(opts): Add "--always-trust"
(main): Set option.
* sm/server.c (option_handler): Add option "always-trust".
(reset_notify): Clear that option.
(cmd_encrypt): Ditto.
(cmd_getinfo): Add sub-command always-trust.
* sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS.
* sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients
in always-trust mode.
--

GnuPG-bug-id: 6559
2023-08-31 12:30:26 +02:00
Werner Koch
e9c337c0b9
gpgsm: New option --input-size-hint.
* sm/gpgsm.c (oInputSizeHint): New.
(opts): Add "--input-size-hint".
(main): Set option.
* sm/server.c (option_handler): Add option "input-size-hint".
* sm/gpgsm.h (struct server_control_s): Add field input_size_hint.
* sm/encrypt.c (gpgsm_encrypt): Set the toatl file size.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--

This option allows to set a value for the progress output line.  Note
that as of now there is no other way to set the file size.

GnuPG-bug-id: 6534
2023-06-15 12:28:55 +02:00
Werner Koch
89da4a32ab
doc: Replace remaining "gpg2" by "gpg".
--
2023-06-01 12:42:51 +02:00
Werner Koch
e4ac3e7dec
gpgsm: New option --no-pretty-dn
* sm/gpgsm.c (oNoPrettyDN): New.
(opts): Add --no-pretty-dn.
(main): Implement.
* sm/gpgsm.h (opt): Add no_pretty_dn.
* sm/certdump.c (gpgsm_es_print_name): Act upon.
2023-03-16 09:46:05 +01:00
Werner Koch
d2d1db8860
gpg,gpgsm: New option --log-time
* g10/gpg.c (oLogTime): New.
(opts): Add "log-time".
(opt_log_time): New var.
(main): Implement.
* sm/gpgsm.c (oLogTime): New.
(opts): Add "log-time".
(opt_log_time): New var.
(main): Implement.
2023-03-08 15:10:52 +01:00
Werner Koch
2a13f7f9dc
gpgsm: Strip trailing zeroes from detached signatures.
* common/ksba-io-support.c: Include tlv.h
(struct reader_cb_parm_s): Add new fields.
(starts_with_sequence): New.
(simple_reader_cb): Handle stripping.
* common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New.
(gnupg_ksba_create_reader): Handle the new flag.
* sm/verify.c (gpgsm_verify): Use the new flag for detached
signatures.
--

Note that this works only if --assume-binary is given.  The use case
for the feature is PDF signature checking where the PDF specs require
that the detached signature is padded with zeroes.
2023-03-08 11:00:00 +01:00
Werner Koch
f0b373cec9
gpgsm: New option --compatibility-flags.
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.
2022-06-13 17:50:26 +02:00
Werner Koch
f8075257af
gpgsm: New option --require-compliance
* sm/gpgsm.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* sm/gpgsm.h (opt): Add field require_compliance.
(gpgsm_errors_seen): Declare.
* sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
--
2022-03-08 19:28:16 +01:00
Werner Koch
e23dc755fa
sm: New option --ignore-cert-with-oid.
* sm/gpgsm.c (oIgnoreCertWithOID): New.
(opts): Add option.
(main): Store its value.
* sm/call-agent.c (learn_cb): Test against that list.
2022-02-03 14:17:10 +01:00
Werner Koch
f2d1187fcd
gpgsm: Retire the new --ldapserver.
* sm/gpgsm.c (oKeyServer_deprecated): New.
(opts): Assign "ldapserver" to the new option and mark it as obsolete.
--

We want to use "ldapserver" in dirmngr but need to keep using
"keyserver" in gpgsm for existant versions of Kleopatra etc.

GnuPG-bug-id: 5801
2022-01-27 15:23:42 +01:00
Werner Koch
5f39db70c0
gpg,gpgsm: Add option --min-rsa-length.
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
2021-11-18 20:49:37 +01:00
Werner Koch
89df86157e
sm: New option --ldapserver as an alias for --keyserver.
* sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an
alias.
--

We should use "keyserver" for OpenPGP and thus it is better to allow
for "ldapserver" here - it is the same convention as now used in
dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093)
2021-06-16 13:04:34 +02:00
Werner Koch
51419d6341
sm: New command --show-certs
* sm/keylist.c (do_show_certs): New.
(gpgsm_show_certs): New.
* sm/gpgsm.c (aShowCerts): New.
(opts): Add --show-certs.
(main): Call gpgsm_show_certs.
--

I have been using libksba test programs for countless times to look at
certificates and I always wanted to add such a feature to gpgsm.  This
is simply much more convenient.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-20 09:37:56 +02:00
Werner Koch
d13c5bc244
gpg,gpgsm: Move use-keyboxd to the new conf file common.conf
* common/comopt.c, common/comopt.h: New.
* common/Makefile.am: Add them.
* g10/gpg.c: Include comopt.h.
(main): Also parse common.conf.
* sm/gpgsm.c: Include comopt.h.
(main): Set a flag for the --no-logfile option.  Parse common.conf.

* tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
pseudo option "use_keyboxd".
(known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
(known_options_gpgsm): Remove "use-keyboxd".

* tests/openpgp/defs.scm (create-gpghome): Create common.conf.

* doc/examples/common.conf: New.
--

Note that --use-keybox still works but prints a warning.  We will
eventually remove this option becuase it was marked as an experimental
feature anyway.

It would be too confusing if gpg and gpgsm use different key storages.
Further, other components (e.g. dirmngr or gpg-wks-client) which call
gpg or gpgsm need to be aware that the keyboxd is used and pass that
option on the command line.  Now that common.conf is always read (even
if --no-options is used) those tools will work instantly.
2021-04-19 11:33:19 +02:00
Gavin L. Rebeiro
572bcacc28
doc: Fix typos
--
GnuPG-bug-id: 5071

Also fixed one in keyformat.txt [wk].
2020-11-23 12:11:15 +01:00
Werner Koch
babd87f2da
doc: Some documentation updates.
--

Also fixed some typos and documented soon to be used OIDs
2020-09-21 09:20:47 +02:00
Werner Koch
646a30fd39
gpgsm: New option --chuid.
* sm/gpgsm.c (oChUid, opts): New option --chuid.
(main): Implement option.
--

This option will at least be useful for Scute.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-06 16:03:57 +02:00
Werner Koch
44676819f2
sm: Create ECC certificates with AKI and SKI by default.
* sm/certreqgen.c (create_request): Create AKI and SKI by default.
--
GnuPG-bug-id: 4098

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-19 14:30:24 +02:00
Werner Koch
bbb7edb880
sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.
* sm/certchain.c (find_up): Disable external lookups in offline mode.
Always allow AKI lookup if CRLs are also enabled.
--

GnuPG-bug-id: 4898
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 19:05:49 +02:00
Werner Koch
0b583a555e
sm: Consider certificates w/o CRL DP as valid.
* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
* sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
* sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.
--

If the issuer does not provide a DP and the user wants such an issuer,
we expect that a certificate does not need revocation checks.  The new
option --enable-issuer-based-crl-check can be used to revert to the
old behaviour which requires that a suitable LDAP server has been
configured to lookup a CRL by issuer.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-27 21:16:07 +01:00
Werner Koch
6e1c99bc39
gpgsm: Allow sepcification of ldaps servers.
* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.

* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.

* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--

There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option.  This
patch fixes this.  Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it.  For backward
compatibility we do not yet do that.

Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used.  Thus the
patch also detects an ldaps scheme and uses this.  That part has not
been tested, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-09 11:29:59 +01:00
Werner Koch
2b9d399cf0
doc: Document gpgsm's --keyserver option.
--

Also fix a few related entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 17:41:19 +01:00
Werner Koch
61ed02211a
doc: Update description of --debug
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 13:12:14 +02:00
Daniel Kahn Gillmor
b7793c3af3 doc: fix minor spelling and tense errors
* doc/{gpg,gpgsm,wks}.texi: minor orthographic cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-08-20 15:16:19 -04:00
Daniel Kahn Gillmor
6e46862abd fix up 6562de7475b21cd03c7b1a83a591fa563c589f5b
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-14 16:49:27 +01:00
Daniel Kahn Gillmor
6562de7475 doc/gpgsm: explain what "policy-file" refers to.
A new user who sees "policy-file" and searches naively through the
documentation to find it again won't be able to tell what this refers
to, since "policies.txt" doesn't otherwise match the search string
"policy".  This gives them a fighting chance at finding the
documentation.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-11 08:17:06 +01:00
Werner Koch
d4dc4245bf
Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
Werner Koch
2cd35df5db
gpg,sm: New option --request-origin.
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 09:06:20 +01:00
Werner Koch
f574aabeeb
Merge branch 'STABLE-BRANCH-2-2' into wk-master 2018-03-06 16:26:26 +01:00
Werner Koch
641aae783e
doc: Fix recently introduced typo in gpgsm.texi.
--
2018-02-22 16:39:52 +01:00
Werner Koch
20539ea5ca
Merge branch 'STABLE-BRANCH-2-2' 2018-02-22 16:19:56 +01:00
Werner Koch
cf006cbf73
doc: Clarify -export-secret-key-p12
--

GnuPG-bug-id: 3788
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-22 10:24:24 +01:00
Alon Bar-Lev
384a3748d9
sm: Move qualified.txt from datadir into sysconfdir
* doc/Makefile.am: Move qualified.txt into examples.
* doc/qualified.txt: Move into examples, remove trailing spaces.
* doc/examples/README: Document qualified.txt.
* doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
* sm/qualified.c (read_list): Move qualified.txt from datadir into
sysconfdir.
--

The qualified.txt is maintained by Administrator it is a configuration
file. In the past it was a hybrid, provided by package and controlled
by the Administrator, however, it is no longer maintained by package.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2017-09-11 12:42:53 +02:00
Daniel Kahn Gillmor
7955262151 gpgsm: default to 3072-bit keys.
* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
2017-09-08 11:37:42 -04:00
Marcus Brinkmann
7fb724c616 doc: Document obsolete option in gpgsm. Closes T2231.
* doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2231
2017-07-01 14:30:04 +02:00
Justus Winter
485b5a6e6d
doc: Improve documentation.
* doc/gpgsm.texi: Mention that '--with-key-data' implies
'--with-colons'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-31 17:38:16 +02:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Justus Winter
bc6b76ef26 doc: Add aliases of all changed options.
* doc/gpg.texi: Add the old version of every option that was updated
with the last change set.
* doc/gpgsm.texi: Likewise.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 12:44:52 +01:00
Justus Winter
c1c35fb887 g10,sm: Spell out --passwd.
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.
* doc/gpgsm.texi: Likewise.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:49:47 +01:00