1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Commit Graph

352 Commits

Author SHA1 Message Date
Werner Koch
8d976a6b07
gpg: Add the fingerprint to KEY_CREATED for subkeys.
* g10/keygen.c (print_status_key_created): Make more robust by
allowing a NULL for PK.
(generate_subkeypair): Use print_status_key_created.
(generate_card_subkeypair): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 22:01:51 +02:00
Werner Koch
1b460f049e
gpg: Try to use the passphrase from the primary for --quick-addkey.
* agent/command.c (cmd_genkey): Add option --passwd-nonce.
(cmd_passwd): Return a PASSWD_NONCE in verify mode.
* g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
not send a RESET if given.
(agent_passwd): Add arg 'verify'.
* g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
(gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
(generate_subkeypair): Use sepeare hexgrip var for the to be created
for hexgrip feature.  Verify primary key first.  Make use of the
passwd nonce.  Allow for a static passphrase.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
Werner Koch
01285f909e
gpg: Extend the --quick-gen-key command.
* g10/keygen.c (quickgen_set_para): Add arg 'use'.
(quick_generate_keypair): Add args 'algostr', 'usagestr', and
'expirestr'.  Implement primary only key mode.
(parse_algo_usage_expire): Set NBITS for the default algo.
* g10/gpg.c (main): Extend --quick-gen-key command.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 18:38:10 +02:00
Werner Koch
dcc4cd8382
gpg: Improve the new parse_subkey_algostr_usagestr fucntion.
* g10/keygen.c (parse_usagestr): Allow "cert".
(generate_subkeypair): Factor expire parsing out to ...
(parse_subkey_algostr_usagestr): here.  Rename to ...
(parse_algo_usage_expire): this.  Add arg 'for_subkey'.  Set CERT for
primary key and check that it is not set for subkeys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 17:06:39 +02:00
Werner Koch
8f2a053a0f
gpg: New command --quick-addkey.
* g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
(ask_keysize): Factor code out to ...
(get_keysize_range, fixup_keysize): new.
(parse_parameter_usage): Factor parsing out to  ...
(parse_usagestr): new.  Allow use of "encr" as alias for "encrypt".
(parse_subkey_algostr_usagestr): New.
(generate_subkeypair): Add new args.  Implement unattended mode.

* g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
(find_by_primary_fpr): new.
(keyedit_quick_addkey): New.
* g10/gpg.c (aQuickAddKey): New.
(opts): Add --quick-addkey.
(main): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 16:01:48 +02:00
Werner Koch
64bfeafa52
gpg: Remove all assert.h and s/assert/log_assert/.
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-29 11:05:24 +02:00
Werner Koch
96bcd4220f
Now build "gpg" binary but install as "gpg2"
* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.

* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--

Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-04 18:40:25 +02:00
Werner Koch
fc30c079a3
gpg: Improve message when asking for key capabilities.
* g10/keygen.c (ask_key_flags): Improve message.
--

Because the curve is only selected after the capabilities are queried
we do not know whether ECDSA or EdDSA will eventually be used.  When
printing the possible capabilities we now use print "ECDSA/EdDSA" for
the algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-22 20:24:52 +01:00
Werner Koch
7f919063d3
gpg: Remove the extra prompt for Curve25519.
* g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
(ask_curve): Use a fixed table of curve names and reserve a slot for
Curve448.  Simplify CurveNNNN/EdNNNN switching.
(ask_curve): Remove the Curve25519 is non-standard prompt.
--

Given that ECC generation is only available in export mode and that
gpg will in any case support our current ed2559/cv25519 definition the
extra prompt does not make anymore sense.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-22 19:55:25 +01:00
Justus Winter
40f6529cee g10: Guard code against errors.
* g10/keygen.c (do_generate_keypair): Check for errors, in which case
'pri_psk' is NULL.

Fixes-commit: bf9d1248
Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-04 13:29:45 +01:00
Neal H. Walfield
10671c3a4c gpg: Use format_keyid rather than manually formatting the keyid.
* g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
manually formatting the keyid.
* g10/keygen.c (card_write_key_to_backup_file): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:02 +01:00
Neal H. Walfield
bf9d1248c8 gpg: Initialize the primary key when generating a key.
* g10/keygen.c (do_generate_keypair): Initialize
pri_psk->flags.primary, pri_psk->keyid and pri_psk->main_keyid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:01 +01:00
Werner Koch
9b28b82e7c
gpg: Add hidden key-edit subcommand "change-usage".
* g10/keyedit.c (cmdCHANGEUSAGE): New.
(cmds): Add command "change-usage".
(keyedit_menu): Handle that command.
(menu_changeusage): New.
* g10/keygen.c (keygen_add_key_flags): New.
(ask_key_flags): Add optional arg current.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-14 16:01:53 +01:00
Werner Koch
fc0c71dfe5
gpg: Allow new user ids with only the mail address.
* g10/keygen.c (ask_user_id): Allow empty name.
--

The --quick-gen-key command allows this and further some mail
providers require that a key has only the mail address to allow for
anonymous accounts.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-22 10:35:19 +01:00
Werner Koch
8a56a38387
gpg: Avoid warnings about possible NULL deref.
* g10/getkey.c (cache_public_key): Protect deref of CE which actually
can't happen.
* g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/.
* g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for
DB.
* g10/trustdb.c (update_min_ownertrust): Remove useless clearling of
ERR.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
008aa6e6d4
gpg: Fix warnings about useless assignments.
* g10/armor.c (parse_hash_header): Remove duplicate var assignment.
* g10/getkey.c (cache_user_id): Ditto.
* g10/keygen.c (ask_curve): Ditto.  This also fixes a small memory
leak.

* g10/keygen.c (proc_parameter_file): Remove useless assignment or
pointer increment.
(generate_keypair): Ditto.
* g10/getkey.c (finish_lookup, lookup): Ditto.
* g10/card-util.c (change_pin): Ditto.
* g10/gpg.c (main) <aVerify>: Ditto.
* g10/import.c (import): Ditto.
(print_import_check): Ditto
* g10/keyring.c (do_copy): Ditto.
* g10/tdbio.c (tdbio_read_record): Ditto.
* g10/trustdb.c (tdb_update_ownertrust): Ditto.
(update_validity): Ditto.

* g10/server.c (cmd_passwd): Remove useless call to skip_options.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
e70f7a54f2
gpg: Align notes about minimal keysize with actual checks.
* g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
export mode.  Improve readability.
--

GnuPG-bug-id: 2209
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-05 13:51:05 +01:00
Werner Koch
363ed2e892
gpg: Simplify status message code from commit b30c15bf.
* g10/keygen.c (card_write_key_to_backup_file): Simplify by using
hexfingerprint.
--

Note that the extra blank added to FPRBUF in the old code was not
needed because write_status_text_and_buffer already ensures that
there will be a space.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:46:05 +01:00
NIIBE Yutaka
aecf1a3c57 scd: Fix commit b30c15bf (again).
* g10/keygen.c (do_generate_keypair): Clear the variable S.

--

GnuPG-bug-id: 2201
2015-12-23 16:55:00 +09:00
Neal H. Walfield
5c759924fb gpg: Fix type.
* g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:07:51 +01:00
NIIBE Yutaka
72eaff1aa6 g10: Remove deprecated internal functions.
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.

--

Now, key generation is done by gpg-agent.  Asking passphrase is done
through pinentry invoked by gpg-agent.  It is done by
new internal function of card_store_key_with_backup.
2015-12-18 10:18:22 +09:00
NIIBE Yutaka
b30c15bf7c g10: Fix a regression for generating card key with backup.
* g10/main.h (receive_seckey_from_agent): Declare.
* g10/keygen.c (card_write_key_to_backup_file): New.
(card_store_key_with_backup): New.
(do_generate_keypair): Create a key on host for encryption key when
backup is requested.  Then, call card_store_key_with_backup.

--

GnuPG-bug-id: 2169
2015-12-18 10:02:38 +09:00
Werner Koch
a28ac99efe
gpg: Take care of keydb_new returning NULL.
* g10/keydb.c (keydb_new): Print an error message if needed.  Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.

* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.

* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--

Commit 04a6b903 changed keydb_new to return an error.  However the
error was not checked at most places which we fix with this patch.  To
make things easier keydb_new prints an error message itself.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:18:32 +01:00
Werner Koch
9fcc047d92
gpg: Change some error messages.
* g10/getkey.c (parse_def_secret_key): Change error message.  Replace
log_debug by log_info.
* g10/gpg.c (check_user_ids): Make function static.  Change error
messages.
(main): Change error messages.
* g10/revoke.c (gen_revoke): Ditto.
--

There are other smaller changes not described above.

This change tries to avoid new error messages so not to increase the
the number of translated strings or break too many existing
translations.  It also tries to use existing strings and changes the
quoting to the most common style used in gpg.

Key specifications should in general use double quotes.  Other values
should use single quotes.  However. sometimes it is not easy to
distinguish between values given on the command line and key
specifications.  According to old GNU coding standards diagnostics
should not start capitalized - whether this is a good idea is a
different thing but we used this rules for most strings.  However,
strings which are used interactively should be properly capitalized
and end with a dot.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:40:05 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Neal H. Walfield
a958ffd148 gpg: Indicate which characters are invalid.
* g10/keygen.c (ask_user_id): Indicate which characters are invalid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1143
2015-11-05 14:31:58 +01:00
Werner Koch
b6d621583f
gpg: Pass CTRL parameter to all key listing functions.
* g10/keylist.c (public_key_list): Add arg CTRL.
(secret_key_list): Ditto.
(list_all, list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_pka): Ditto.
(list_keyblock): Ditto.
(list_keyblock_direct): Ditto.
* g10/keygen.c (proc_parameter_file): Add arg CTRL.
(read_parameter_file): Ditto.
(quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
(generate_keypair): Pass arg CTRL.
* g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair.
--

This will help use to implement the --server mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 14:55:07 +02:00
Neal H. Walfield
0377db4b35 g10: Remove unused parameter.
* g10/keydb.h (keydb_locate_writable): Remove unused parameter
reserved.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:30:54 +02:00
NIIBE Yutaka
e5891a82c3 Curve25519 support.
* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.

--

When libgcrypt has Curve25519, GnuPG now supports Curve25519.
2015-08-06 17:00:41 +09:00
Werner Koch
740c4af703
doc: Updated HACKING.
--

Added used commit keywords.
Add some comments to the list of files.
2015-06-30 11:55:17 +02:00
Werner Koch
64e809b791
gpg: New command --quick-adduid.
* g10/keygen.c (ask_user_id): Factor some code out to ...
(uid_already_in_keyblock): new.
(generate_user_id): Add arg UIDSTR.  Fix leaked P.
* g10/keyedit.c (menu_adduid): Add new arg uidstring.  Adjust caller.
(keyedit_quick_adduid): New.
* g10/gpg.c (aQuickAddUid): New.
(opts):  Add command --quick-adduid.
(main): Implement that.
--

GnuPG-bug-id: 1956
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
Werner Koch
67a58118ab
gpg: Prepare to pass additional context to the list functions.
* g10/keylist.c (struct sig_stats): Rename to keylist_context and add
field check_sigs.
(keylist_context_release): New.
(list_all): Set listctx.check_sigs and call release func.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_print): Use .check_sigs field.  Repalce arg opaque by
listctx.
(list_keyblock): Ditto.  Make static.
(list_keyblock_direct): New.
* g10/keygen.c (do_generate_keypair): Replace list_keyblock by
list_keyblock_direct.
--

This is in preparation for the server mode and for a patch to speed up
--list-sigs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 19:46:25 +02:00
NIIBE Yutaka
f82c4a6d0d g10: Fix keytocard.
g10/call-agent.h (agent_scd_learn): Add FORCE option.
g10/call-agent.c (agent_scd_learn): Implement FORCE option.
g10/keygen.c (gen_card_key): Follow the change of option.
g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
g10/keyedit.c (keyedit_menu): Update private key storage by
agent_scd_learn.
--

This is not a perfect solution since there is a possibility user
unplug card before quitting 'gpg --keyedit' session.  Usually,
it works well.

GnuPG-bug-id: 1846
2015-04-03 17:39:59 +09:00
Werner Koch
9913253610
Move new mailbox.c source file to common/.
* g10/mailbox.c: Move to ...
* common/mbox-util.c: new file.
* common/mbox-util.h: New. Include where needed.
* g10/t-mailbox.c: Move to ...
* common/t-mbox-util.c: new file.
--

This will make it easier to use the code by other modules in common/.
2015-02-25 11:43:50 +01:00
Werner Koch
2183683bd6 Use inline functions to convert buffer data to scalars.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a388 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-11 10:28:25 +01:00
Werner Koch
b1d5ed6ac8 gpg: Allow predefined names as answer to the keygen.algo prompt.
* g10/keygen.c (ask_algo): Add list of strings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 09:12:36 +01:00
Werner Koch
6eebc56687 gpg: Fix segv introduced to commit 4d7c9b0.
* g10/keygen.c (get_parameter_passphrase): Take care of R == NULL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-27 09:11:58 +01:00
Werner Koch
297b1a0d15 gpg,sm: Remove unnecessary duplicated checks
--

Reported-by: Günther Noack <gnoack@google.com>
2015-01-23 15:30:03 +01:00
Werner Koch
11142e0ad7 gpg: Replace remaining old error code macros by GPG_ERR_.
* g10/gpg.h (g10_errstr): Remove macro and change all occurrences by
gpg_strerror.
(G10ERR_): Remove all macros and change all occurrences by their
GPG_ERR_ counterparts.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
Werner Koch
4d7c9b0e9a gpg: Support --passphrase with --quick-gen-key.
* g10/keygen.c: Include shareddefs.h.
(quick_generate_keypair): Support static passphrase.
(get_parameter_passphrase): New.
(do_generate_keypair): Use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 12:45:22 +01:00
Werner Koch
aa99ebde77 gpg: Re-enable the "Passphrase" parameter for batch key generation.
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
Werner Koch
616e511f27 gpg: Remove unused args from a function.
* g10/keyserver.c (parse_keyserver_uri): Remove args configname and
configlineno.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:15:36 +01:00
Werner Koch
f3f9f9b284 gpg: Let --card--status create a shadow key (card key stub).
* agent/command.c (cmd_learn): Add option --sendinfo.
* agent/learncard.c (agent_handle_learn): Add arg "send" andsend
certifciate only if that is set.
* g10/call-agent.c (agent_scd_learn): Use --sendinfo.  Make INFO
optional.
(agent_learn): Remove.
* g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
--

The requirement of using --card-status on the first use of card on a
new box is a bit annoying but the alternative of always checking
whether a card is available before a decryption starts does not sound
promising either.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 12:47:28 +01:00
Werner Koch
b716e6a699 gpg: Fix batch generation of ECC keys.
* g10/keygen.c (get_parameter_algo): Map ECC algorithm strings
directly.
--

Interactive generation of the keys uses the OpenPGP algorithms numbers
but batch generation allows the use of strings.

Reported-by: Gaetan Bisson.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 11:56:49 +01:00
Werner Koch
587a0956b9 gpg: Print use --full-gen-key note using the installed name of gpg.
--
2014-11-04 10:53:12 +01:00
Werner Koch
a929f36693 gpg: Do not show an useless passphrase prompt in batch mode.
* g10/keygen.c: Remove unused PASSPHRASE related code.
(proc_parameter_file): Remove useless asking for a passphrase in batch
mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 15:43:52 +01:00
Werner Koch
1b8decc476 gpg: Make card key generation work again.
* g10/call-agent.c (agent_scd_learn): Rename from agent_learn.
(agent_learn): New.
* g10/keygen.c (gen_card_key): Call new agent-learn.
--

Without a shadow key we can't create the self-signatures.  Thus we
need to issue the learn command after each key generation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:09:04 +02:00
Werner Koch
8fd150b05b gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys.  Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.

* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto.  Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures.  Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.

* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--

v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys.  Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.

We have also kept support for v3 signatures until now.  With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures.  What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages.  These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 13:32:16 +02:00
Werner Koch
54ffe2045a Use a unique capitalization for "Note:".
--
2014-10-10 15:29:42 +02:00
Daniel Kahn Gillmor
6cabb7a2a1 gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.

--

This is a cherry-pick of 534e2876ac from
STABLE-BRANCH-1-4 against master

Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.

Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.

Debian-bug-id: 739424

Minor edits by wk.

GnuPG-bug-id: 1732
2014-10-10 13:40:38 +02:00
Werner Koch
bc8583f247 gpg: Allow creating a cert-only primary key.
* g10/keygen.c (ask_key_flags): Allow a 'c' in direct entry.
--

GnuPG-bug-id: 1726
2014-10-03 15:05:47 +02:00
Werner Koch
f3625bb018 gpg: Simplify command --gen-key and add --full-gen-key.
* g10/gpg.c (aFullKeygen): New.
(opts): Add command --full-key-gen.
(main): Implement it.
* g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although
the value is identical.
(DEFAULT_STD_CURVE): New.
(DEFAULT_STD_SUBALGO): New.
(DEFAULT_STD_SUBKEYSIZE): New.
(DEFAULT_STD_SUBCURVE): New.
(quick_generate_keypair): Use new macros here.
(generate_keypair): Add arg "full" and fix call callers. Do not ask
for keysize in non-full node.
(ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
Werner Koch
7ff4ea2160 gpg: Add shortcut for setting key capabilities.
* g10/keygen.c (ask_key_flags): Add shortcut '='.
* doc/help.txt (gpg.keygen.flags): New.
2014-09-26 14:43:48 +02:00
Werner Koch
cf648fc5c8 gpg: Make algorithm selection prompt for ECC more clear.
* g10/keygen.c (ask_algo): Change 9 to "ECC and ECC".
2014-09-20 15:17:11 +02:00
Werner Koch
457bce5cd3 gpg: Improve passphrase caching.
* agent/cache.c (last_stored_cache_key): New.
(agent_get_cache): Allow NULL for KEY.
(agent_store_cache_hit): New.
* agent/findkey.c (unprotect): Call new function and try to use the
last stored key.

* g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
make_keysig_packet.
(gen_standard_revoke): Add arg CACHE_NONCE and pass to
create_revocation.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
cache nonce.
--

This patch adds two features:

1. The key for the last passphrase successfully used for unprotecting
a key is stored away.  On a cache miss the stored away passphrase is
tried as well.  This helps for the common GPG use case of having a
signing and encryption (sub)key with the same passphrase.  See the
code for more comments.

2. The now auto-generated revocation certificate does not anymore
popup a passphrase prompt.  Thus for standard key generation the
passphrase needs to be given only once (well, two with the
confirmation).
2014-09-17 15:12:08 +02:00
Werner Koch
83c2d2396c gpg: Use algorithm id 22 for EdDSA.
* common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
* g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
--

In the hope that the IETF will eventually assign 22 for EdDSA using
the draft-koch-eddsa-for-openpgp-01 specs we start using this number.
2014-09-12 11:31:49 +02:00
Werner Koch
15cfd9a3bc gpg: Remove CAST5 from the default prefs and order SHA-1 last.
* g10/keygen.c (keygen_set_std_prefs): Update prefs.
2014-08-26 23:20:07 +02:00
Werner Koch
a13198d9bc Release 2.1.0-beta783 2014-08-14 17:16:21 +02:00
Werner Koch
2b8d8369d5 gpg: Remove options --pgp2 and --rfc1991.
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove.  Remove all users.
(RFC2440, PGP2): Remove.  Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--

The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5).  Thus we remove all support for
_creating_ PGP 2 compatible messages.
2014-08-14 11:03:55 +02:00
Werner Koch
557cc11a60 gpg: Switch to an EdDSA format with prefix byte.
* g10/keygen.c (gen_ecc): USe "comp" for EdDSA.
2014-07-25 08:25:06 +02:00
Werner Koch
ea186540db gpg: Add command --quick-gen-key
* g10/gpg.c (aQuickKeygen): New.
* g10/misc.c (is_valid_user_id): New stub.
* g10/keygen.c (quickgen_set_para): New.
(quick_generate_keypair): New.
--

Note that the validation of the specified user id has not yet been
implemented.
2014-07-23 15:12:43 +02:00
Werner Koch
03018ef9ee gpg: Auto-create revocation certificates.
* configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
* g10/revoke.c (create_revocation): Add arg "leadin".
(gen_standard_revoke): New.
* g10/openfile.c (get_openpgp_revocdir): New.
(open_outfile): Add MODE value 3.
* g10/keyid.c (hexfingerprint): New.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
--

GnuPG-bug-id: 1042
2014-06-30 16:40:55 +02:00
Werner Koch
c434de4d83 gpg: Create exported secret files and revocs with mode 700.
* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM.  Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--

GnuPG-bug-id: 1653.

Note that this works only if --output has been used.
2014-06-30 09:12:48 +02:00
Werner Koch
03f0b51fe4 gpg: Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--

It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
2014-06-26 21:53:38 +02:00
Werner Koch
9c9e26d41e gpg: Require confirmation for --gen-key with experimental curves.
* g10/keygen.c (ask_curve): Add arg both.  Require confirmation for
Curve25519.
2014-06-05 12:03:27 +02:00
Werner Koch
be07ed65e1 Add new option --with-secret.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret.  Also move
the token string from the wrong field 14 to 15.
--

This option is useful for key managers which need to know whether a
key has a secret key.  This change allows to collect this information
in one pass.
2014-06-03 21:35:59 +02:00
Werner Koch
b2945c451d gpg: Fix glitch entering a full expiration time.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--

This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.

GnuPG-bug-id: 1639
2014-05-14 08:56:36 +02:00
Werner Koch
8fee6c1ce6 gpg: Finish experimental support for Ed25519.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey.  Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp):  Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.

* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
 "NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.

* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
2014-05-07 13:27:43 +02:00
NIIBE Yutaka
40c3b0741e g10: EdDSA support.
* g10/keyid.c (keygrip_from_pk): Compute keygrip of EdDSA key.
* g10/keygen.c (generate_subkeypair): Ed25519 is for EdDSA.
* common/openpgp-oid.c (oid_ed25519): Update.
2014-04-08 11:59:39 +09:00
Werner Koch
47e6b6bad1 gpg: Silent more compiler warnings due to some configure options.
* g10/keygen.c (generate_keypair, gen_card_key)
(gen_card_key_with_backup) [!ENABLE_CARD_SUPPORT]: Mark unused args.
2014-02-10 23:15:34 +01:00
Werner Koch
357b142e72 gpg: List only available algos in --gen-key.
* g10/keygen.c (ask_algo, ask_curve): Take care of GPG_USE_<algo>.
2014-02-07 13:45:11 +01:00
Werner Koch
b7f8dec632 gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.

* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.

* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip):  Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--

This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones.  This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.

This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA.  As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF.  Note that EdDSA (Ed25519)
does not yet work and that more changes are required.

The ECC support is still broken right now.  Needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
Werner Koch
ea8a1685f7 gpg: Remove cipher.h and put algo ids into a common file.
* common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t)
(compress_algo_t): New.
* agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h.
* g10/cipher.h (DEK): Move to ...
* g10/dek.h: new file.
* g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA)
(PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC)
(PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT)
(PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to
* g10/packet.h: here.
* g10/cipher.h: Remove.  Remove from all files.
* g10/filter.h, g10/packet.h:  Include dek.h.
* g10/Makefile.am (common_source): Remove cipher.h.  Add dek.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-29 20:35:05 +01:00
NIIBE Yutaka
c5e41f539b Add secp256k1.
* common/openpgp-oid.c (openpgp_curve_to_oid): Add secp256k1.
(openpgp_oid_to_curve): Likewise.

* g10/keygen.c (ask_curve): Add secp256k1.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-01-15 15:00:24 +09:00
Werner Koch
cc9a0b69b6 Make use of the *_NAME etc macros.
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.

* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
2013-11-18 14:09:47 +01:00
Werner Koch
402aa0f948 gpg: Rework ECC support and add experimental support for Ed25519.
* agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
(agent_is_dsa_key): Ditto.
(agent_is_eddsa_key): New.  Not finished, though.
* agent/pksign.c (do_encode_eddsa): New.
(agent_pksign_do): Use gcry_log_debug functions.
* agent/protect.c (agent_protect): Parse a flags parameter.
* g10/keygen.c (gpg_curve_to_oid): Move to ...
* common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
(oid_ed25519): New.
(openpgp_oid_is_ed25519): New.
(openpgp_oid_to_curve): New.
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
* g10/build-packet.c (gpg_mpi_write): Write the length header also for
opaque MPIs.
(gpg_mpi_write_nohdr): New.
(do_key): Use gpg_mpi_write_nohdr depending on algorithm.
(do_pubkey_enc): Ditto.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
gpg_mpi_write_nohdr.
* g10/export.c (transfer_format_to_openpgp):
* g10/keygen.c (ecckey_from_sexp): Return the error.
(gen_ecc): Repalce arg NBITS by CURVE.
(read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
(ask_curve): New.
(generate_keypair, generate_subkeypair): Use ask_curve.
(do_generate_keypair): Also pass curve name.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
curve name.
* g10/parse-packet.c (mpi_read): Remove workaround for
Libcgrypt < 1.5.
(parse_key): Fix ECC case.  Print the curve name.
* g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
(pk_verify, pk_check_secret_key): Add special case for Ed25519.
* g10/seskey.c (encode_md_value): Ditto.
* g10/sign.c (do_sign, hash_for, sign_file): Ditto.
--

Be warned that this code is subject to further changes and that the
format will very likely change before a release.  There are also known
bugs and missing code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-15 09:01:11 +01:00
Werner Koch
4c3b35b067 gpg: Use 2048 as the default keysize in batch mode.
* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 10:27:21 +02:00
Daniel Kahn Gillmor
b693ec02c4 gpg: Allow setting of all zero key flags
* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
2013-03-19 17:26:42 +01:00
Werner Koch
161674118d gpg: Fix a memory leak in batch key generation
* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.

* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--

Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released.  If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.
2013-02-22 09:30:07 +01:00
Werner Koch
096e7457ec Change all quotes in strings and comments to the new GNU standard.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems.  We now use two \x27 characters ('...').

The proper solution would be to use the correct Unicode symmetric
quotes here.  However this has the disadvantage that the system
requires Unicode support.  We don't want that today.  If Unicode is
available a generated po file can be used to output proper quotes.  A
simple sed script like the one used for en@quote is sufficient to
change them.

The changes have been done by applying

  sed -i "s/\`\([^'\`]*\)'/'\1'/g"

to most files and fixing obvious problems by hand.  The msgid strings in
the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
Werner Koch
b4d9f8dbc8 Add tweaks for the not anymore patented IDEA algorithm.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove.  Also remove all callers.
* common/status.h (STATUS_RSA_OR_IDEA): Remove.  Do not emit this
status anymore.
--

To keep the number of actually used algorithms low, we want to support
IDEA only in a basically read-only way (unless --pgp2 is used during
key generation).  It does not make sense to suggest the use of this
old 64 bit blocksize algorithm.  However, there is old data available
where it might be helpful to have IDEA available.
2012-05-08 18:18:32 +02:00
Werner Koch
958f29d225 Allow creating subkeys using an existing key
This works by specifying the keygrip instead of an algorithm (section
number 13) and requires that the option -expert has been used.  It
will be easy to extend this to the primary key.
2011-11-06 17:01:31 +01:00
Werner Koch
d9e2dcc1a9 Extend algo selection menu.
This allows to add an ECC key and to set the capabilities of an ECDSA
key.

Fix printing of the ECC algorithm when creating a signature.
2011-02-03 17:40:43 +01:00
Werner Koch
0b5bcb40cf Finished ECC integration.
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week.  Adjusted my own ChangeLog
entries to be consistent with that entry.

Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future.  "git diff -b" is useful
to read the actual changes ;-).

The ECC-INTEGRATION-2-1 branch can be closed now.
2011-02-03 16:35:33 +01:00
Werner Koch
4659c923a0 Sample ECC keys and message do now work.
Import and export of secret keys does now work.  Encryption has been
fixed to be compatible with the sample messages.

This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
2011-02-02 15:48:54 +01:00
Werner Koch
0fb0bb8d9a Reworked the ECC changes to better fit into the Libgcrypt API.
See ChangeLog for details.  Key generation, signing and verification works.
Encryption does not yet work.  Requires latest Libgcrypt changes.
2011-01-31 09:27:06 +01:00
Werner Koch
302c5a826c More ECDH code cleanups 2011-01-25 17:48:51 +01:00
Werner Koch
638dca5dbc Editorial cleanups of keygen.c
Also fixed a regression introduced by me in pubkey_enc.c.
Added extra checks.  Removed unused code.
2011-01-25 16:54:18 +01:00
Werner Koch
90b0ff23b7 Editorial changes and allow building with old libgcrypts.
Changed order of some conditional to make to put the special case into
the true branch.  Indentation changes.  Minor other changes to make the
ECC code more similar to the rest of our code.

It builds but many sefltests still fail.  Need to fix that before
using it with an ECDH enabled libgcrypt.

[/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP.
	(HAVE_GCRY_PK_ECDH): Add new test.

[agent/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New.

[include/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros
	because we now require libgcrypt 1.4.6.
	(GCRY_PK_ECDH): Add replacement.
2011-01-21 12:00:57 +01:00
Andrey Jivsov
e0972d3d96 Integrating http://code.google.com/p/gnupg-ecc/source/detail?r=15 .
The following works:
   gpg2 --gen-key (ECC)
   gpg2 --list-keys
   gpg2 --list-packets ~/.gnupg/pubring.gpg
   gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys>

ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
2011-01-05 17:33:17 -08:00
Werner Koch
0103a53aa6 Smartcard related updates 2010-11-17 13:21:24 +00:00
Werner Koch
2e82b095cd Better support unsigned time_t 2010-10-27 11:26:53 +00:00
Werner Koch
764e88d4df All tests work are again working 2010-10-14 16:34:31 +00:00
Werner Koch
54591341a4 More agent support for gpg. 2010-10-13 15:57:08 +00:00
Werner Koch
bfbd80feb9 Exporting secret keys via gpg-agent is now basically supported.
A couple of forward ported changes.
Doc updates.
2010-10-01 20:33:53 +00:00
Werner Koch
a0b9ebfb7d Even less prompts for a new key now. 2010-09-01 12:49:05 +00:00
Werner Koch
9a9b3da58f Use passphrase caching for import and genkey. 2010-09-01 09:48:35 +00:00
Werner Koch
31bbe71ad6 Fix preference setting in new keys 2010-04-26 11:53:14 +00:00
Werner Koch
a1412b05de More changes on the way to remove secring.gpg. 2010-04-21 16:26:17 +00:00
Werner Koch
21b0a955be Generating an OpenPGP key cia gpg-agent basically works. 2010-04-20 17:57:50 +00:00
Werner Koch
53c636c4c6 ./autogen.sh --build-w32ce does now succeed. 2010-04-14 14:39:16 +00:00
Werner Koch
f3839fe81d Use gpg_err_set_errno to assign values to ERRNO. 2010-04-01 13:24:55 +00:00
Werner Koch
40a78fab0c Use macros for iobuf ioctls. 2010-03-08 17:05:37 +00:00
Werner Koch
1b7c791186 Fix bug#1186. 2010-02-17 10:23:42 +00:00
Werner Koch
be45bf3d54 Add dummu option --passwd for gpg.
Collected changes.
2010-01-08 19:18:49 +00:00
Werner Koch
49b00ffd67 allow for default algorithms in a gpg parameter file 2009-12-04 19:47:54 +00:00
Werner Koch
cf2ec5673f Add gpgconf related dummy options default_pubkey_algo.
Add option --skip-hidden-recipients
Comment updates.
2009-11-23 19:18:04 +00:00
Werner Koch
35ab964c86 Fix bug#1122.
Note that msgmerge 0.17 is completely broken as it always
prepends a fuzzy null entry to all po files.
2009-09-03 20:51:55 +00:00
Werner Koch
830dae2873 Print status of CRL checks in the audit log. 2009-07-23 15:18:58 +00:00
Werner Koch
7ae15f0027 Fix bug 1091.
Doc fixes.
Replace assert by error message.
2009-07-20 11:02:20 +00:00
Werner Koch
e50cac1d84 Changed default hash algorithm preferences 2009-07-09 08:52:31 +00:00
Werner Koch
556d4ed983 Allow generation of DSA2 keys without --enable-dsa2. 2009-05-20 09:57:10 +00:00
Werner Koch
ad6326185e Fix bug#1056. 2009-05-20 09:08:48 +00:00
Werner Koch
f61e15670a Changed default algo and size. 2009-05-17 13:08:18 +00:00
Werner Koch
c4e92c3344 Made card key generate with backup key work for 2048 bit.
Improved card key generation prompts.
2009-05-15 19:26:46 +00:00
Werner Koch
a766a37290 Print keyid in gpg --list-packets.
Add some not yet code to app-nks.c
Changed batch mode expiration time computation
2009-05-13 11:42:34 +00:00
Werner Koch
82ab848ea4 Update spanish translation.
Cleanups.
Allow utf-8 in email addresses.
2009-01-08 15:48:51 +00:00
Werner Koch
6558568912 Make gpg not depend on the RIPE-MD160 implementaion in Libgcrypt.
Fix SIG_ID computation.
2008-12-11 17:44:52 +00:00
Werner Koch
9874c62a10 Flush keyserver search output.
Add trustdb chnages from 1.4.
Check algo usage for batch key generation.
2008-12-09 10:46:29 +00:00
Werner Koch
0a5f742466 Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
Werner Koch
ac5c3fab30 Cehck for expire date overflows. 2008-08-11 08:08:08 +00:00
Werner Koch
aa68a60301 Add controlo statement %ask-passphrase 2008-06-16 15:48:33 +00:00
Werner Koch
49b2db7636 Changes the header presented before requesting the user ID. 2008-06-01 19:44:05 +00:00
Werner Koch
8c20500a5d Allow configuraton of pinentry tooltip.
Other minor buf fixes.
2007-12-04 11:23:31 +00:00
Werner Koch
4631bc8ddf Fixed card key generation of gpg2.
Reveal less information about timings while generating a key.
2007-07-05 16:58:19 +00:00
Werner Koch
93d3811abc Changed to GPLv3.
Removed intl/.
2007-07-04 19:49:40 +00:00
Werner Koch
b861561e47 Included LIBICONV in all Makefiles.
g10/
	* passphrase.c (passphrase_get): Set the cancel flag on all error
	from the agent.  Fixes a bug reported by Tom Duerbusch.
sm/
	* gpgsm.c (main): Let --gen-key print a more informative error
	message.
2007-01-31 14:24:41 +00:00
Werner Koch
006c5af165 * parse-packet.c (read_protected_v3_mpi): Make sure to stop
reading even for corrupted packets.
	* keygen.c (generate_user_id): Need to allocate one byte more.
	Reported by Felix von Leitner.
2007-01-15 19:31:24 +00:00
Werner Koch
0173cd5a98 Fixes for CVE-2006-6235 2006-12-06 10:16:50 +00:00
Werner Koch
13e646d938 Final fix which should now pass all tests. 2006-11-21 19:33:04 +00:00
Werner Koch
e50c5f39cc No more warnings for AMD64 (at least when cross-compiling). Thus tehre is a
good chance that gpg2 will now work. 
Other cleanups.
Updated gettext.
2006-11-21 11:00:14 +00:00
Werner Koch
df52700f5c Fixes 2006-10-19 14:22:06 +00:00
Werner Koch
03d3322e5f Take advantage of newer gpg-error features. 2006-09-14 16:50:33 +00:00
Werner Koch
0ebd23fa76 Migrated more stuff to doc/
Migrated the gpg regression tests.
Some changes tp the gpg code to fix bugs and
for the use in testing. 
make distcheck works now with gpg enabled.
2006-08-21 20:20:23 +00:00
Werner Koch
b744f963d7 With --enable-gpg the keyservers are now build and a first test using gpg2
shows no prblems.   Needs more testing of course.
2006-08-16 10:47:53 +00:00
Werner Koch
6c208fea32 A couple of fixes. gpg2's key generation does now work. 2006-06-30 09:42:08 +00:00
Werner Koch
f081ad529d Ported patches from 1.4.x 2006-06-27 14:30:59 +00:00
Werner Koch
b61df862a7 Still making gpg2 work.
At least the keyids are now correctly computed again.
2006-05-24 11:12:28 +00:00
Werner Koch
fbe4ac37f6 g10/ does build again. 2006-05-23 16:19:43 +00:00
Werner Koch
00ffc478de Merged recent changes from 1.4 2006-04-28 14:31:29 +00:00
Werner Koch
d0907e64f4 Continued with merging.
Still does not build.
2006-04-19 13:24:36 +00:00
Werner Koch
29b23dea97 Merged with gpg 1.4.3 code.
The gpg part does not yet build.
2006-04-19 11:26:11 +00:00
Moritz Schulte
af41684669 2004-01-19 Moritz Schulte <mo@g10code.com>
* keygen.c (do_generate_keypair): Don't try to execute certain pieces of code
	in case an error occured.
	(gen_card_key): Don't print out a message, which is already
	printed by do_generate_keypair().
2004-01-19 01:48:17 +00:00
Moritz Schulte
7739d95804 2004-01-19 Moritz Schulte <mo@g10code.com>
* keygen.c (do_generate_keypair): Print member fname, instead of
	newfname, again.
2004-01-19 01:07:46 +00:00
Moritz Schulte
36cbfed6fc 2004-01-18 Moritz Schulte <mo@g10code.com>
* keygen.c (do_generate_keypair): Print member fname, instead of
	newfname.
2004-01-18 22:48:49 +00:00
Werner Koch
30342b06ef * call-agent.c (agent_scd_getattr): Don't clear the passed info
structure, so that it can indeed be updated.

* card-util.c (fpr_is_zero): New.
(generate_card_keys): New.
(card_edit): New command "generate".
* keygen.c (generate_keypair): New arg CARD_SERIALNO, removed call
to check_smartcard.
(check_smartcard,show_smartcard): Removed.
(show_sha1_fpr,fpr_is_zero): Removed.

* app-openpgp.c (do_getattr): Support SERIALNO and AID.
2003-10-08 10:46:58 +00:00
Werner Koch
4c66e94ff9 Merged most of David Shaw's changes in 1.3 since 2003-06-03. 2003-09-23 17:48:33 +00:00
Werner Koch
918eee7195 * g10.c: New command --card-edit.
* card-util.c (card_status): Use tty_fprintf for all output.
(print_sha1_fpr, print_isoname): Ditto.
(get_one_name,change_name, change_url, change_login,change_lang)
(change_sex): New; taken from keygen.c.
* keygen.c (smartcard_get_one_name, smartcard_change_name)
(smartcard_change_url, smartcard_change_login_data)
(smartcard_change_lang, smartcard_change_sex): Removed.
(check_smartcard): Removed most menu items.
2003-09-18 15:51:18 +00:00
Werner Koch
be034cf34c * configure.ac: Required newer versions of some libraries.
* misc.c (openpgp_pk_algo_usage): Allow AUTH where SIGN is allowed.

* keygen.c (ask_passphrase): No need to allocated S2K in secure
memory.

* scdaemon.c (main): --pcsc-driver again defaults to pcsclite.
David Corcoran was so kind to remove the GPL incompatible
advertisng clause from pcsclite.
* apdu.c (apdu_open_reader): Actually make pcsc-driver option work.
2003-09-06 13:23:48 +00:00
Werner Koch
3598504854 * keygen.c (do_add_key_flags, parse_parameter_usage)
(do_generate_keypair): Add support the proposed AUTH key flag.
* getkey.c (fixup_uidnode, merge_selfsigs_main)
(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
* keylist.c (print_capabilities): Ditto.
2003-09-05 07:40:18 +00:00