1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

5087 Commits

Author SHA1 Message Date
Werner Koch
7ff4ea2160 gpg: Add shortcut for setting key capabilities.
* g10/keygen.c (ask_key_flags): Add shortcut '='.
* doc/help.txt (gpg.keygen.flags): New.
2014-09-26 14:43:48 +02:00
Werner Koch
20c6da50d4 gpg: Do not always print dashes in obsolete_option.
* g10/gpg.c (main): Pass option names to obsolete_option without
double dash.
* g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double
dash only for command line options.
2014-09-25 22:14:30 +02:00
Daniel Kahn Gillmor
371c2b14b0 gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
* g10/gpg.c: Add config options that should belong in scdaemon.conf
* g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.

--

In gpg2, the following options are only relevant for scdaemon:

 reader-port
 ctapi-driver
 pcsc-driver
 disable-ccid

but in gpg1, they are options for gpg itself.

Some users of gpg1 might have these options in their
~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that
config file.

gpg2 should not fail hard, though giving a warning (and suggesting a
move to scdaemon.conf) seems OK.

This patch does *not* reintroduce any documentation for these options
in gpg.texi, even to indicate that they are "dummy" options, since
scdaemon.texi contains the appropriate documentation.

Debian-bug-id: 762844

- Program names factored out from obsolete_scdaemon_option to make
  reuse without new translations easier. -wk
2014-09-25 22:05:29 +02:00
Werner Koch
26592fbef3 build: Change urlbase of getswdb.sh.
--
2014-09-25 08:44:57 +02:00
Werner Koch
64c15a7e11 Reformat README and minor gpg.texi improvement.
--

The second thing is to explain the file names below under
~/.gnupg/openpgp-revocs.d/.
2014-09-24 14:40:11 +02:00
Werner Koch
fb223be97b Register DCO for Daniel Kahn Gillmor.
--
2014-09-24 14:37:48 +02:00
Werner Koch
59b6f6f16e speedo: Check that wget and gpgv are installed.
* build-aux/getswdb.sh: Check for required tools.
2014-09-22 14:38:55 +02:00
Werner Koch
2427bc5bc7 speedo: Autodetect sha1sum tools.
* build-aux/getswdb.sh: Add option --find-sha1sum.
* build-aux/speedo.mk (check-tools): New phony target.  Not yet used.
(SHA1SUM): New var.  Use it instead of sha1sum.
2014-09-22 13:51:35 +02:00
Werner Koch
bc2f5c1d1a gpg: Create default keyring with .kbx suffix.
* g10/keydb.c (maybe_create_keyring_or_box): Rename arg for clarity.
(keydb_add_resource): Fix order of args to maybe_create_keyring_or_box
and check and create .kbx.
2014-09-22 08:36:24 +02:00
Werner Koch
a4205d5ed0 doc: Fix --secret-keyring option for 2.1
--
2014-09-22 08:33:54 +02:00
Werner Koch
1d33d03f0b gpg: --delete-secret-key - check that a secret key exists.
* g10/delkey.c (do_delete_key): Check availibility of a secret key.
--

Actually we check that at least one secret subkey exists.
2014-09-20 16:27:16 +02:00
Werner Koch
cf648fc5c8 gpg: Make algorithm selection prompt for ECC more clear.
* g10/keygen.c (ask_algo): Change 9 to "ECC and ECC".
2014-09-20 15:17:11 +02:00
Werner Koch
72137a4522 Register DCO for Andre Heinecke.
--
2014-09-20 11:59:25 +02:00
Werner Koch
34a3e458d0 Post beta release update.
--
2014-09-18 18:28:40 +02:00
Werner Koch
93f158df38 Release 2.1.0-beta834. 2014-09-18 17:57:09 +02:00
Werner Koch
72a16d80d4 speedo: Distribute needed files.
* Makefile.am (EXTRA_DIST): Add speedo stuff.
2014-09-18 17:55:40 +02:00
Werner Koch
345a8374f3 build: Enable gpgtar by default. 2014-09-18 17:32:36 +02:00
Werner Koch
927db789c1 common: Do not build maintainer modules in non-maintainer mode.
* common/Makefile.am (module_maint_tests): Use only in maintainer
mode.
(t_common_cflags): New.
2014-09-18 17:03:06 +02:00
Werner Koch
cad181b5ec common: Remove superfluous statements.
* common/exechelp-posix.c: Remove weak pragmas.
* common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double
const.
--

We do not use Pth anymore and thus there is no more need for the weak
pragmas.
2014-09-18 16:01:11 +02:00
Werner Koch
6e7bcabd78 g13: Avoid segv after pipe creation failure.
* g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an
early error.
(gpg_decrypt_blob): Ditto.
2014-09-18 16:01:05 +02:00
Werner Koch
b17e8bbf20 scd: Fix int/short mismatch in format string of app-p15.c
* scd/app-p15.c (parse_certid): Use snprintf and cast value.
(send_certinfo): Ditto.
(send_keypairinfo): Ditto.
(do_getattr): Ditto.
2014-09-18 15:39:50 +02:00
Werner Koch
f82a6e0f08 agent: Init a local variable in the error case.
* agent/pksign.c (do_encode_md): Init HASH on error.
2014-09-18 15:32:17 +02:00
Werner Koch
4f35ef499a agent: Remove left over debug output.
* agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug
output.
2014-09-18 15:28:40 +02:00
Werner Koch
ba6f8b3d9e agent: Silence compiler warning for a debug message.
* agent/call-pinentry.c (agent_query_dump_state): Use %p for
POPUP_TID.
2014-09-18 15:21:56 +02:00
Werner Koch
34b2e8c7dc sm: Silence compiler warnings.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I.
* sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler
warning.
2014-09-18 15:17:44 +02:00
Werner Koch
6a0c3fa19c gpg: Silence a compiler warning.
* g10/parse-packet.c (enum_sig_subpkt): Replace hack.
2014-09-18 15:09:10 +02:00
Werner Koch
327134934d gpg: Replace a hash algo test function.
* g10/gpg.c (print_mds): Replace openpgp_md_test_algo.
--

This is actually not required because as of now the used OpenPGP and
Gcrypt hash algorithm numbers are identical.  But that might change in
the future.

This changes the behavior of GnuPG in case it has been build with
some algorithms disabled: If those algorithms are available in
Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
Werner Koch
0af533abd3 gpg: Re-indent a function.
--
2014-09-18 14:50:02 +02:00
Werner Koch
2f065d7ab6 speedo: Various fixes
* build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org.  Minor
other fixes.
2014-09-18 11:39:34 +02:00
Werner Koch
36125f9c30 speedo: Improve speedo Makefile.
--

Building for the native platform is now a mere

  make -f build-aux/speedo.mk native

You may also use "help" as target.
2014-09-17 22:16:53 +02:00
Werner Koch
3baf7a1652 po: Auto-update
--
2014-09-17 19:31:27 +02:00
Werner Koch
ae3d1bbb65 gpg: Print a warning if the subkey expiration may not be what you want.
* g10/keyedit.c (subkey_expire_warning): New.
(keyedit_menu): Call it when needed.
--
GnuPG-bug-id: 1715

The heuristic to detect a problem is not very advanced but it should
catch the most common cases.
2014-09-17 16:27:37 +02:00
Werner Koch
457bce5cd3 gpg: Improve passphrase caching.
* agent/cache.c (last_stored_cache_key): New.
(agent_get_cache): Allow NULL for KEY.
(agent_store_cache_hit): New.
* agent/findkey.c (unprotect): Call new function and try to use the
last stored key.

* g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
make_keysig_packet.
(gen_standard_revoke): Add arg CACHE_NONCE and pass to
create_revocation.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
cache nonce.
--

This patch adds two features:

1. The key for the last passphrase successfully used for unprotecting
a key is stored away.  On a cache miss the stored away passphrase is
tried as well.  This helps for the common GPG use case of having a
signing and encryption (sub)key with the same passphrase.  See the
code for more comments.

2. The now auto-generated revocation certificate does not anymore
popup a passphrase prompt.  Thus for standard key generation the
passphrase needs to be given only once (well, two with the
confirmation).
2014-09-17 15:12:08 +02:00
Werner Koch
83c2d2396c gpg: Use algorithm id 22 for EdDSA.
* common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
* g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
--

In the hope that the IETF will eventually assign 22 for EdDSA using
the draft-koch-eddsa-for-openpgp-01 specs we start using this number.
2014-09-12 11:31:49 +02:00
Werner Koch
3a896db26d build: Require libgpg-error 1.15
--

1.14 had a problem in its ABI and was thus remove from the FTP Server
after 3 days. 1.15 fixes this.
2014-09-12 10:57:49 +02:00
Werner Koch
16ae4ca33e doc: Small grammar fix
--
2014-09-12 10:49:31 +02:00
Werner Koch
3d250d21d3 gpg: Stop early on bogus old style comment packets.
* g10/parse-packet.c (parse_key): Take care of too short packets for
old style commet packets.
--

GnuPG-bug-id: 1714
2014-09-11 16:40:45 +02:00
Werner Koch
84419f42da dirmngr: Support https for KS_FETCH.
* dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
* dirmngr/misc.c (cert_log_cb): here.
* dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
and https.
--

Note that this requires that the root certificates are registered using
the --hkp-cacert option.  Eventually we may introduce a separate
option to allow using different CAs for KS_FETCH and keyserver based
requests.
2014-09-10 10:37:48 +02:00
Werner Koch
3b20cc21de dirmngr: Fix the ks_fetch command for the http scheme.
* common/http.c (http_session_ref): Allow for NULL arg.
--

We always test for a an existing session and thus passing NULL as
session object should be allowed.

Reported-by: Jens Lechtenboerger
2014-09-10 09:29:52 +02:00
Werner Koch
64329cce9a Merge branch 'wk/test-gpgrt-estream' 2014-09-08 19:26:02 +02:00
Werner Koch
98f65291d7 gpg: Fix memory leak in ECC encryption.
* g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error
handling.
2014-09-08 18:25:06 +02:00
Werner Koch
a94674c54e doc: Remove some stuff for the very incomplete instguide.
--
2014-09-03 09:45:20 +02:00
Werner Koch
1449a22d2e doc: Typo fix
--
Debian-bug-id: 760273
2014-09-02 16:01:25 +02:00
Werner Koch
bf2fc12b83 gpg: Fix export of NIST ECC keys.
* common/openpgp-oid.c (struct oidtable): New.
(openpgp_curve_to_oid): Rewrite and allow OID as input.
(openpgp_oid_to_curve): Make use of the new table.
--

Due to the previous change we now usually store the OID with the
private key and not the name.  Thus during import we do not anymore
need to map the name to an oid but can use the oid directly.  We fix
that by extending openpgp_curve_to_oid to allow an oidstr as input.
2014-09-02 12:10:19 +02:00
Werner Koch
afe85582dd agent: Fix import of OpenPGP EdDSA keys.
* agent/cvt-openpgp.c (get_keygrip): Special case EdDSA.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(apply_protection): Handle opaque MPIs.

(do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before
unpacking an opaque mpi.
--

The key transfer protocol between gpg and gpg-agent uses gcrypt
algorithm numbers which merge all ECC algorithms into one.  Thus it is
not possible to use the algorithm number to determine the EdDSA
algorithm.  We need to known that because Libgcrypt requires the
"eddsa" flag with the curve "Ed25519" to actually use the Ed25519
signature specification.

The last fix is for correctness; the first case won't be used anyway.
2014-09-02 11:22:07 +02:00
Kyle Butt
4054d86abc gpg: Fix export of ecc secret keys by adjusting check ordering.
* g10/export.c (transfer_format_to_openpgp): Move the check against
PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of
parameters.
2014-09-01 10:20:17 +02:00
Werner Koch
c913e09ebd agent: Allow key unprotection using AES-256.
* agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for
clarity.
(do_decryption): Add args prot_cipher and prot_cipher_keylen.  USe
them instead of the hardwired values.
(agent_unprotect): Change to use a table of protection algorithms.
Add AES-256 variant.
--

This patch will make a possible future key protection algorithm
changes smoother.  AES-256 is also allowed although there is currently
no way to encrypt using it.
2014-09-01 10:15:21 +02:00
Werner Koch
b6386367ac speedo: Fix for non-Windows build of glib.
--
2014-09-01 10:10:30 +02:00
Werner Koch
be98b5960e gpg: Do not show "MD5" and triplicated "RSA" in --version.
* g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
(build_list_md_test_algo): Ignore MD5.
2014-08-28 16:02:04 +02:00
Werner Koch
40ad42dbe3 gpg: Do not show "MD5" and triplicated "RSA" in --version.
* g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
(build_list_md_test_algo): Ignore MD5.
2014-08-28 16:01:22 +02:00