1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

9 Commits

Author SHA1 Message Date
Werner Koch
3bc004decd
Use gpgrt's new option parser for the tools.
* agent/preset-passphrase.c: Switch to the new option parser.
* agent/protect-tool.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
--

This is another part of changes.  A followup patch will address the
remaining daemons.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-21 20:28:47 +01:00
Werner Koch
0e8f6e2aa9
gpg: Use gpgrt's new option parser to provide a global conf file.
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h.  Do this also for all main modules which use our option
parser except for gpg.  Replace calls to strusage by calls to
gpgrt_strusage everywhere.

* g10/gpg.c (opts): Change type to gpgrt_opt_t.  Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t.  Rework the option
parser to make use of the new gpgrt_argparser.
--

This is not yet finished but a make check works.  gpg has the most
complex and oldest option handling and thus this is the first
migration target.  SE-Linux checks and version-ed config files are
missing and will be added later.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 11:13:32 +01:00
Daniel Kahn Gillmor
0904b8ef34 Spelling cleanup.
No functional changes, just fixing minor spelling issues.

---

Most of these were identified from the command line by running:

  codespell \
    --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
    --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
    doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
    NEWS README README.maint TODO

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 18:07:46 -05:00
NIIBE Yutaka
7c81e5cb97 tools: Fix gpg-pair-tool to follow new API.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-19 18:36:11 +09:00
NIIBE Yutaka
b928de70e0 tools: Don't prepare G in gpg-pair-tool.
* tools/gpg-pair-tool.c (create_dh_keypair): Use NULL for G.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-19 18:36:11 +09:00
NIIBE Yutaka
f22a004161 tools: Use new API of libgcrypt for gpg-pair-tool.
* tools/gpg-pair-tool.c (create_dh_keypair): Just use
gcry_random_bytes for secret.  Call gcry_ecc_mul_point
with G to get the public key.
(compute_master_secret): Use gcry_ecc_mul_point.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-09-19 18:36:11 +09:00
NIIBE Yutaka
d5287f43fd tools: Fix error handling for gpg-pair-tool.
* tools/gpg-pair-tool.c (read_message): Initialize ERR.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-20 11:29:27 +09:00
Werner Koch
40c307fa8d
Silence a few compiler warnings new with gcc 8.
* dirmngr/dns.c: Include gpgrt.h.  Silence -Warray-bounds also gcc.
* tools/gpg-pair-tool.c (command_respond): Init two vars to silence
gcc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-17 18:46:26 +01:00
Werner Koch
faf3c70c77
tools: Add experimental code for a pairing protocol
* configure.ac (GNUPG_CACHE_DIR): New const.
* tools/Makefile.am (libexec_PROGRAMS): Add gpg-pair-tool.
(gpg_pair_tool_SOURCES, gpg_pair_tool_CFLAGS)
(gpg_pair_tool_LDADD): New.
* tools/gpg-pair-tool.c: New.
--

This is a first try on a protocol to pair two devices so that they can
agree on a shared secret to exchange secret keys.  The idea is that if
you want to sync your secret keys to another machine (e.g. from
desktop to mobile) you have physical access to both devices and thus a
pairing protocol allows to authenitcate the connection using a short
string.  See the source for a protocol description.

How to test:

  $ gpg-pair-tool -va --homedir . --initiate >msg.commit
  $ gpg-pair-tool -va --homedir 2ndhome --respond  \
                                        <msg.commit >msg.dhpart1
  $ gpg-pair-tool -va --homedir . --respond \
                                        <msg.dhpart1 >msg.dhpart2
  $ gpg-pair-tool -va --homedir 2ndhome --respond \
                                        <msg.dhpart2 >msg.confirm

Now set the SAS as printed by the responder into SAS and run

  $ gpg-pair-tool -va --homedir . --respond --sas $SAS <msg.confirm

Storing the secret on disk is obviously not the right thing to do.
With the new PUT_SECRET and GET_SECRET commands of gpg-agent we can
change this to store it all in gpg-agent instead.  This will make it
also easier for gpg to access the secret and we won't need an option
to return it from gpg-pair-tool.  Thus gpg-pair-tool can be dedicated
to run the protocol and maybe to popup info dialogs.

Adding a second expiration time for running the protocol in addition
to the expiration of the secret is probably a better idea than just
that simple catch-all TTL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-05 09:40:35 +02:00