1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-29 19:48:43 +01:00
Commit Graph

2396 Commits

Author SHA1 Message Date
Werner Koch
ecda4b1e16
gpg: Add magic parameter "default" to --quick-add-adsk.
* g10/getkey.c (has_key_with_fingerprint): New.
* g10/keyedit.c (menu_addadsk): Replace code by new function.
(keyedit_quick_addadsk): Handle magic arg "default".
* g10/keygen.c (append_all_default_adsks): New.
--

GnuPG-bug-id: 6882
(cherry picked from commit 77afc9ee1c)
2024-09-26 10:38:27 +02:00
Werner Koch
45ae027ce4
gpg: New command --quick-add-adsk
* g10/gpg.c (enum cmd_and_opt_values): Add aQuickAddADSK.
(opts): Add --quick-add-adsk.
(main): Call the actual function.
* g10/keyedit.c (keyedit_quick_addadsk): New.
(menu_addadsk): Add arg adskfpr and change caller.
--

GnuPG-bug-id: 6395
(cherry picked from commit 9f27e448bf)
2024-09-26 10:38:25 +02:00
Werner Koch
eafe175320
gpg: New option --default-new-key-adsk and "addadsk" for edit-key.
* g10/free-packet.c (copy_public_key): Factor some code out to ...
(copy_public_key_basics): new.
* keygen.c (keygen_add_key_flags_and_expire): Rewrite and make public.
* g10/keyedit.c (enum cmdids): Add cmdADDADSK.
(keyedit_menu): Add command "addadsk".
(menu_addadsk): New.

* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new.  Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--

GnuPG-bug-id: 6882
(cherry picked from commit ed118e2ed5)
and modified to adjust to other code changes
2024-09-26 10:38:21 +02:00
Werner Koch
79ab52ff42
gpg: Exclude expired trusted keys from the key validation process.
* g10/trustdb.c (copy_key_item): New.
(validate_keys): Use a stripped down UTK list w/o expired keys.
--

This patch makes sure that an expired trusted key is not used for
trust computation.  The test case is to delete a trusted key from the
keyring, import a copy of that key which has already expired, check
that a signed key is not anymore fully trusted and finally import a
prolonged version of the trusted key and check that the signed key is
now again fully trusted.

GnuPG-bug-id: 7200
2024-09-25 15:15:51 +02:00
Werner Koch
23d4e7f0a7
gpg: Validate the trustdb after the import of a trusted key.
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--

The revalidation mark was only set if the imported key had a new key
signature.  This is in general correct but not if the imported key is
a trusted key.

GnuPG-bug-id: 7200
2024-09-25 14:31:46 +02:00
Werner Koch
3dd6887f13
gpg: Remove useless variable in validate_keys.
* g10/trustdb.c (store_validation_status): Remove arg  'stored'.
(validate_keys): Remove keyhashtable 'stored' which was never used.
--

This has been here since 2003.  The variable was never evaluated -
only stored.

Also added some comments.
2024-09-25 14:25:03 +02:00
Werner Koch
9e8e48e00b
gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--

This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.

Fixes-commit: 82b39fe254
GnuPG-bug-id: 7042
2024-09-19 10:00:24 +02:00
Werner Koch
b357ff2aa6
gpg: Don't bail out for unknown subkey packet versions.
* g10/import.c (read_block): Don't show a warning for unbnown version
also for non-primary-key packets.

* g10/parse-packet.c (parse_key): Use log_info for unsupported v5
packets.
--

This fixes the problem that 2.2 can't import keys with a v5 subkey.
This fix allows a gnupg 2.6. version to export a key with an
additional PQC subkey and 2.2 can still import the other subkeys.

The second patch avoids that gpg returns with an error code.

Updates-commit: de70a2f377
2024-09-12 11:06:09 +02:00
Werner Koch
5276a1373c
gpg: New option --proc-all-sigs
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (check_sig_and_print): Do not stop signature checking
if this new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
Backported-from-master: 1eb382fb1f
(cherry picked from commit cb739bb2a5)
2024-08-23 11:50:58 +02:00
Werner Koch
861dc01994
gpg: Improve decryption diagnostic for an ADSK key.
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_it): Print a note if an ADSK key was used.
Use the new get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--

This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
  "oops: public key not found for preference check\n"
  due to ADSK keys.  The error is mostly harmless but lets gpg return
  with an exit code of 2.

Backported-from-master: 882ab7fef9
2024-08-12 15:31:25 +02:00
Werner Koch
e208ccc66c
gpg: Rename recently added import option no-seckeys to only-pubkeys.
* g10/import.c (parse_import_options): Rename option.
* g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS.
Change all users.
--

GnuPG-bug-id: 7146
2024-06-24 11:51:54 +02:00
Werner Koch
7788aba7d8
gpg: Add --import-option "no-seckeys".
* g10/import.c (parse_import_options): Add "no-seckeys".
--

GnuPG-bug-id: 7146
2024-06-11 15:57:01 +02:00
Werner Koch
c489bf7e7e
gpg: Do not bail out on secret keys with an unknown algo
* g10/getkey.c (lookup): Skip keys with unknown algos.
--

If the local store has private keys with an algorithm not supported by
thi version of gpg, gpg used to bail out.  Thus decryption of proper
messages was not possible.  This fix skips such secret keys.
2024-06-11 12:44:25 +02:00
Werner Koch
1d91252205
gpg: Do not show RENC if no key capabilities are found for a key.
* g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New.
* g10/getkey.c (merge_selfsigs_subkey): Mask the default.
(merge_selfsigs_main): Ditto.
--
2024-06-05 11:20:14 +02:00
Werner Koch
97b37db144
gpg,gpgsm: Remove compatibility_flags allow-ecc-encr and vsd-allow-encr.
* g10/options.h (COMPAT_VSD_ALLOW_OCB): Remove.
* g10/gpg.c (compatibility_flags): Remove "vsd-allow_ocb".
(main): Alwas set CO_EXTRA_INFO_VSD_ALLOW_OCB.
* g10/keygen.c (keygen_set_std_prefs): Always set OCB feature flag.
* g10/encrypt.c (use_aead): Always OCB also in de-vs mode.
* sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): Remove.
* sm/gpgsm.c (compatibility_flags): Remove "allow-ecc-encr".
* sm/encrypt.c (encrypt_dek): Always allow ecc encryption.
* sm/certreqgen.c (proc_parameters): Likewise.
--

Both feature are meanwhile approved in de-vs mode thus there is no
more need for the flags.
2024-05-06 14:34:48 +02:00
Werner Koch
1f31dc6200
gpg: Do not allow to accidently set the RENC usage.
* g10/keygen.c (print_key_flags): Print "RENC" if set.
(ask_key_flags_with_mask): Remove RENC from the possible set of
usages.  Add a direct way to set it iff the key is encryption capable.
--

This could be done by using "set your own capabilities" for an RSA
key.  In fact it was always set in this case.

GnuPG-bug-id: 7072
2024-04-04 16:49:50 +02:00
Werner Koch
82b39fe254
gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag.
* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--

GnuPG-bug-id: 7042

Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
2024-03-14 21:53:19 +01:00
Werner Koch
8cd920f6aa
gpg: Fix mixed invocation with --trusted-keys and --no-options.
* g10/trustdb.c: Move some definitions around.
(user_utk_list): Rename to trusted_key_list.  Change all users.
(any_trusted_key_seen): New.
(tdb_register_trusted_key): Set it here.  Handle the new value "none".
(verify_own_keys): Do not delete a trusted key from the trustdb if a
trusted-key option was not used.
--

GnuPG-bug-id: 7025
2024-03-04 15:24:40 +01:00
Werner Koch
3b69d8bf71
gpg: Fix leftover unprotected card backup key.
* agent/command.c (cmd_learn): Add option --reallyforce.
* agent/findkey.c (agent_write_private_key): Implement reallyforce.
Also add arg reallyforce and pass it along the call chain.

* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
special force value.
* g10/keygen.c (card_store_key_with_backup): Use that force value.
--

This was a regression in 2.2.42.  We took the easy path to fix it by
getting the behaviour back to what we did prior to 2.2.42.  With GnuPG
2.4.4 we use an entire different and safer approach by introducing an
ephemeral private key store.

GnuPG-bug-id: 6944
2024-01-24 11:45:31 +01:00
Werner Koch
89c7eccba5
gpg: Allow to create revocations even with non-compliant algos.
* g10/sign.c (do_sign): Skip compliance check for revocation certs.
--

It just does not make sense to inhibit the creation of revocations
depending on the compliance mode.  We do this only for key revocation
but not for another kind of revocation because the rationale for uid
or subkey revocation is more complicated to explain.
2024-01-10 17:18:58 +01:00
Werner Koch
e020b59ff6
po: Update po files
* g10/keyserver.c (keyserver_refresh): Use ngettext to avoid msgmerge
warnings.
2023-11-28 15:26:37 +01:00
Werner Koch
cdc28c59fe
gpg,gpgsm: Hide password in debug output also for asked passwords.
* g10/call-agent.c (agent_get_passphrase): Call
assuan_begin_confidential and assuan_end_confidential.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--

GnuPG-bug-id: 6654

The drawback of this solution is that we don't see any IPC lines from
the assuan_transact.  Everything else would require larger changes to
libassuan.
2023-11-14 15:08:20 +01:00
NIIBE Yutaka
3654fee3a4
gpg,sm: Set confidential in assuan communication for password.
* g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential
and assuan_end_confidential.
* sm/call-agent.c (default_inq_cb): Likewise.

--

Cherry pick from master commit of:
	ec1446f944

GnuPG-bug-id: 6654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-11-10 08:55:40 +01:00
Werner Koch
92af3f88a9
gpg: Pass ECDH parameters to OpenPGP smartcards
* g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str.
* g10/keyid.c (ecdh_param_str_from_pk): New.
* g10/card-util.c (card_store_subkey): Pass ECDH params to writekey.
* g10/keygen.c (card_store_key_with_backup): Ditto.
--

Backported from 2.4 - here the gpg part.

See-commit: c03ba92576
This is related to
GnuPG-bug-id: 6378
2023-10-27 13:56:02 +02:00
Werner Koch
5da8fe1c40
gpg: Allow expiration time after 2013-01-19 on 32 bit Windows.
* g10/keygen.c (parse_expire_string): Use isotime2epoch_u64.
(parse_creation_string): Ditto.
--

GnuPG-bug-id: 6736
2023-10-26 12:01:44 +02:00
Werner Koch
5eaf2e9266
gpg: Allow to specify seconds since Epoch beyond 2038.
* g10/keygen.c (parse_expire_string_with_ct): Use new function
scan_secondsstr.
(parse_creation_string): Ditto.
--

Noet that we cap the seconds at the year 2106.

GnuPG-bug-id: 6736
2023-10-14 17:27:38 +02:00
NIIBE Yutaka
8e3d4f5b63
gpg: Keep the integrity of the code for KEYINFO command.
* g10/call-agent.c (struct keyinfo_data_parm_s): Remove CARD_AVAILABLE
field.
(keyinfo_status_cb): Don't touch CARD_AVAILABLE field.
(agent_probe_secret_key); Don't check CARD_AVAILABLE field.
* g10/import.c (do_transfer): Check if it's card key or not.

--

In 2.2 branch, gpg-agent doesn't have a capability to report if card
is available or not by KEYINFO command.  Thus, this clean up.

GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-09-26 10:05:05 +09:00
NIIBE Yutaka
ff42ed0d69
gpg: Enhance agent_probe_secret_key to return bigger value.
* g10/call-agent.c (keyinfo_status_cb): Parse more fields.
(agent_probe_secret_key): Use KEYINFO and returns bigger value
representing the preference.

--

Backport the commit of:
	8748c50bfa

GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-09-25 13:24:35 +09:00
Werner Koch
de84c58d90
gpg: Fix --no-utf8-strings.
* g10/gpg.c (main): Ignore --no-utf8-strings only on Windows.
--

Fixes-commit: b912f07cdf
Reported-by: Ingo Klöcker
2023-09-18 11:29:21 +02:00
Werner Koch
6c9db01101
gpg: New option --add-desig-revoker
* g10/gpg.c (oAddDesigRevoker): New.
(opts): Add new option.
* g10/options.h (opt): Add field desig_revokers.
* g10/keygen.c (get_parameter_idx): New.
(get_parameter): Make use of get_parameter_idx.
(prepare_desig_revoker): New.
(get_parameter_revkey): Add arg idx.
(proc_parameter_file): Add designated revokers.
(do_generate_keypair): Write all designated revokers.
--

(cherry picked from commit 3d094e2bcf)

Support for v5 desig revokers has been removed.  However, we should
check whether we can add a longer v4 desig revoker fingerprint in
addition to the regular v4 desig revoker.
2023-09-07 19:05:39 +02:00
Werner Koch
80e442348d
gpg: Fix validity of re-imported keys.
* g10/trustdb.c (tdb_clear_ownertrusts): Detect stale validity
records.
--

GnuPG-bug-id: 6399

This problem was introduced by an actually very useful patch

  2002-12-13  David Shaw  <dshaw@jabberwocky.com>
  [...]
  * import.c (import_keys_internal): Used here so we don't rebuild
  the trustdb if it is still clean.
  (import_one, chk_self_sigs): Only mark trustdb dirty if the key
  that is being imported has any sigs other than self-sigs.
  Suggested by Adrian von Bidder.

[the last part]

The bug exhibited itself only after signing a key, deleting that key
and then re-importing the original non-signed key.
2023-09-06 12:09:55 +02:00
NIIBE Yutaka
8a1e123a36
gpg: Fix for overridden key import.
* g10/import.c (do_transfer): Force the overridden key import
even when smartcard is available.

--

Cherry picked from 2.4 branch:
	0ec10fbd0d

Fixes-commit: 2c12970550
GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-09-06 09:27:11 +09:00
NIIBE Yutaka
383d524239
gpg: Allow overridden key import when stub exists.
* g10/import.c (do_transfer): Force importing when it's card
reference.

--

Cherry-picked from 2.4 branch:
	2c12970550

GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-09-06 09:26:16 +09:00
NIIBE Yutaka
4817825511
gpg: Prepare enhancement of agent_probe_secret_key.
* g10/call-agent.c (agent_probe_secret_key): Change semantics of
return value.
* g10/call-agent.h (agent_probe_secret_key): Change comment.
* g10/delkey.c (do_delete_key): Follow the change.
* g10/getkey.c (get_seckey, parse_def_secret_key): Likewise.
(finish_lookup, have_secret_key_with_kid): Likewise.
* g10/gpgv.c (agent_probe_secret_key): Likewise.
* g10/keyedit.c (keyedit_menu, quick_find_keyblock): Likewise.
(show_key_with_all_names_colon): Likewise.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Likewise
* g10/test-stubs.c (agent_probe_secret_key): Likewise.

--

Cherry picked from 2.4 branch of:
	853d5b7677

GnuPG-bug-id: 3416
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-09-06 09:24:35 +09:00
NIIBE Yutaka
dccc471de4
gpg: Fix format_keyid.
* g10/keyid.c (format_keyid): Allocate buffer earlier.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit a9be9f4e6e)
2023-08-28 08:42:13 +02:00
Werner Koch
3dc39add6a
gpg: Do not continue the export after a cancel for the primary key.
* g10/export.c (do_export_one_keyblock): Handle a cancel for the
primary key special.
--

GnuPG-bug-id: 6093
(cherry picked from commit 49d16f4f6e)
2023-08-25 15:37:16 +02:00
Werner Koch
944479e21d
gpg: Return ERROR status for --quick-sign-key.
* g10/keyedit.c (keyedit_quick_sign): Return an error status line.
--
2023-07-05 14:51:13 +02:00
Werner Koch
0bed46cae2
gpg: New option --no-compress as alias for -z0. 2023-07-05 12:05:35 +02:00
Werner Koch
1b60aab2c4
gpg: Make progress work for large files on Windows.
* common/iobuf.c (iobuf_get_filelength): Change return type to
uint64_t and remove the overflow args.  For Windows always use
GetFileSizeEx which is available since the long EOL-ed Windows XP.

* g10/sign.c (write_plaintext_packet): Adjust for changed
iobuf_get_filelength.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto.
* g10/photoid.c (generate_photo_id): Ditto.  Also add an upper limit.

* g10/filter.h (progress_filter_context_t): Change amount values to
use uint64_t.
* g10/progress.c (write_status_progress): Change accordingly.

--
GnuPG-bug-id: 6534

Backported-from: 808494b485
2023-07-05 11:30:16 +02:00
Werner Koch
8425cdcc8e
gpg: Print status line and proper diagnostics for write errors.
* common/iobuf.c (file_filter): Improve diagnostics.
* g10/build-packet.c (do_plaintext): Make sure to cache all error
cases.
--

GnuPG-bug-id: 6528
2023-07-05 11:15:55 +02:00
Werner Koch
8613230602
gpg: Set default expiration date to 3 years.
* g10/keygen.c (default_expiration_interval): Change.
--

This is a revision of
GnuPG-bug-id: 2701
2023-07-05 11:12:56 +02:00
zhangguangzhi
96e3579f6d
delete redundant characters
--

GnuPG-bug-id: 6482
Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com>
2023-06-20 09:06:30 +09:00
Werner Koch
a391d8f4be
gpg: Skip keys found via ADSKs.
* g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK.
* g10/getkey.c (finish_lookup): Skip ADKS keys.
--

If a key is searched by fingerprint or keyid and it happens that this
is an ADSK (subkey with the RENC usage), we need to skip this key
because it is not the key we actually want to encrypt to.  The actual
ADSK key is taken later by looking at all subkeys of the actual
selected key.

This is related to
GnuPG-bug-id: 6504
2023-05-25 16:54:29 +02:00
Werner Koch
625fb54899
w32: Add missing manifests and set a requestedExecutionLevel.
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--

This avoids the use of the VirtualStore uner Windows.

GnuPG-bug-id: 6503

Backported from 2.4; some manifest files already existed in 2.2 but
not in 2.4
2023-05-25 11:10:21 +02:00
Werner Koch
69b0fa55f6
kbx: Use custom estream buffering
* kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k
(stream_buffers): New var.
(keybox_set_buffersize): New.
(_keybox_ll_open, _keybox_ll_close): Implement buffering.

* sm/gpgsm.c (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.

* g10/gpg.c: Include keybox.h.
* (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.
--

Commit message from 2.4:

Running a test on Windows using a pubring.kbx with
Total number of blobs:     2098
              openpgp:     1294
                 x509:      803
and a size of 42MiB with

gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul

gives these performance figures using procmon

| N(k) | file events | time(s) |
|------+-------------+---------|
|    0 |     4900000 |      86 |
|   16 |     2456000 |      58 |
|   32 |     1233000 |      43 |
|   64 |      622000 |      37 |
|  128 |      317000 |      32 |
|  256 |      164000 |      31 |
|  512 |       88000 |      30 |

Using _open instead of CreateFile give the same number of file events
but increased the time slight by one second for the measured buffer
size of 64k and 128k.   Benchmarks for gpg have not been conducted.
2023-05-10 10:07:32 +02:00
Werner Koch
b349ceedfc
gpg: Take care not to encrypt with OCB in de-vs mode
* g10/encrypt.c (use_aead): In de-vs mode use OCB only if the
compatibility flag ist set.
2023-04-06 09:21:33 +02:00
Werner Koch
fc351de879
gpg,gpgsm: Extend the use of allow-ecc-encr and vsd-allow-ocb
* g10/keygen.c (keygen_set_std_prefs): Set OCB only with VSD
compatibility flag.
* sm/certreqgen.c (proc_parameters): All ECC generation only with
allow-ecc-encr.
--
2023-03-24 13:50:37 +01:00
Werner Koch
706d557a64
gpg: Delete secret key after "keytocard".
* g10/card-util.c (card_store_subkey): Add arg processed_keys.
* g10/keyedit.c (keyedit_menu): Delete secret key.
--

This used to work using the gpg-agent: learn we called at "save" time.
However, the recent change inhibited the creation of a shadow key by
learn if a regular key still exists.  Now we do an explicit delete key
at save time.  This syncs the behaviour with the description of the
man page.

GnuPG-bug-id: 6378
2023-03-15 09:36:36 +01:00
Werner Koch
08cc349114
gpg: Allow no version information of Yubikey
* g10/call-agent.c (learn_status_cb): Set is_v2 always for Yubikeys.
--

GnuPG-bug-id: 5100, 6378
Backported-from-master: 1cd615afe3
2023-03-14 11:28:41 +01:00
Werner Koch
e4f61df850
gpg: Implement encryption to ADSKs.
* g10/getkey.c (get_pubkey_fromfile): Add optional arg r_keyblock.
* g10/pkclist.c (find_and_check_key): Also encrypt to RENC subkeys.
* g10/getkey.c (parse_key_usage): Make public.
* g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in
account.
* g10/packet.h (PKT_public_key): Change pubkey_usage from byte to u16.
(PKT_user_id): Cosmetic fix: change help_key_usage from int to u16.
* g10/sig-check.c (check_signature_metadata_validity): Handle time
conflict for ADSKs.
--

GnuPG-bug-id: 6395

This patch handles ADSK keys and encrypts to them.  It does not yet
allow the creation of them.  We backport this from master early to get
this part of the code out into the field.
2023-03-03 10:09:47 +01:00