1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

191 Commits

Author SHA1 Message Date
Werner Koch
930e910ad7 Update key generation menu to match gnupg 2.0.
Changes default preferences and key algorithms.
2009-07-29 10:06:56 +00:00
Werner Koch
3459c6b015 First set of changes to backport the new card code from 2.0.
For compatibility reasons a few new files had to be added.
Also added estream-printf as this is now used in app-openpgp.c and provides
a better and generic asprintf implementation than the hack we used for the
W32 code in ttyio.c.  Card code is not yet finished.
2009-07-21 14:30:13 +00:00
Werner Koch
631a0de335 Backport of Creation-Date parameter for unattended key generation. 2009-05-05 11:44:56 +00:00
Werner Koch
0ad3411b07 Check algo usage. 2008-12-09 10:43:22 +00:00
Werner Koch
64a47d54c4 Fix bug #947 (expire time overflow) 2008-08-11 08:19:48 +00:00
Werner Koch
aa9aec7068 Comment typ fixes.
Workaround for bad translations of the capability menu.
2007-12-03 14:41:38 +00:00
Werner Koch
9a2a818887 Switched to GPLv3.
Updated gettext.
2007-10-23 10:48:09 +00:00
David Shaw
e0dbc52cfc Missed one caller. 2007-02-01 20:51:15 +00:00
David Shaw
ef8f2e2f6f * main.h, keygen.c (ask_expire_interval, parse_expire_string): Pass in
the time to use to calculate the expiration offset, rather than
querying it internally.  Change all callers.
2007-02-01 19:32:16 +00:00
David Shaw
ef9e1b5fbc * keygen.c (do_generate_keypair, proc_parameter_file,
generate_keypair, generate_subkeypair): Pass a timestamp through to
all the gen_xxx functions.
2007-01-31 21:39:26 +00:00
David Shaw
efef00aed3 * main.h, keygen.c (ask_expiredate), keyedit.c (menu_expire): Remove
the need for ask_expiredate().
2007-01-31 19:42:48 +00:00
David Shaw
e2fdff56fc * keygen.c (make_backsig, write_direct_sig, write_selfsigs)
(write_keybinding): Have the various selfsigs created during key
generation use the timestamp of their parent key.  This helps avoid
leaking information about the performance of the machine where the
keys were generated.  Noted by Christian Danner.
2007-01-30 21:19:45 +00:00
Werner Koch
9e4a5071a6 * parse-packet.c (read_protected_v3_mpi): Make sure to stop
reading even for corrupted packets.
	* keygen.c (generate_user_id): Need to allocate one byte more.
	Reported by Felix von Leitner.
2007-01-15 19:30:33 +00:00
Werner Koch
ccd5fc4758 Fixed memory allocation bug and typos. 2006-07-26 11:25:36 +00:00
David Shaw
00db922029 * options.h, gpg.c (main), keygen.c (keygen_upd_std_prefs,
keygen_add_std_prefs, proc_parameter_file): Add --default-keyserver-url to
specify a keyserver URL at key generation time, and "Keyserver:" keyword
for doing the same through a batch file.
2006-06-22 22:56:54 +00:00
David Shaw
7211ee589a * keygen.c (gen_card_key): Add optional argument to return a pointer
(not a copy) of the stub secret key for the secret key we just
generated on the card.  (generate_card_subkeypair): Use it here so
that the signing key on the card can use the card to generate the 0x19
backsig on the primary key.  Noted by Janko Heilgeist and Jonas Oberg.
2006-06-10 04:11:05 +00:00
David Shaw
05a2a2f39a * keygen.c (gen_dsa): Allow generating DSA2 keys (allow specifying sizes >
1024 when --enable-dsa2 is set).  The size of q is set automatically based
on the key size. (ask_keysize, generate_keypair): Ask for DSA size when
--enable-dsa2 is set.
2006-05-25 19:39:03 +00:00
David Shaw
197c7a3e47 * parse-packet.c (dump_sig_subpkt, parse_signature), build-packet.c
(build_sig_subpkt_from_sig), getkey.c (fixup_uidnode,
merge_selfsigs_main, merge_selfsigs_subkey), keygen.c
(keygen_add_key_expire): Fix meaning of key expiration and sig
expiration subpackets - zero means "never expire" according to 2440,
not "expire instantly".
2006-05-23 03:58:53 +00:00
David Shaw
0f7b4371b2 * packet.h, build-packet.c (sig_to_notation), keygen.c
(keygen_add_notations): Provide printable text for non-human-readable
notation values.
2006-03-09 01:15:18 +00:00
David Shaw
889c4afd78 * packet.h, build-packet.c (sig_to_notation), keygen.c
(keygen_add_notations): Tweak to handle non-human-readable notation
values.
2006-03-08 23:42:45 +00:00
David Shaw
4fea8fdbbb * options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data):
Use it here for the various notation commands.

* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.
2006-03-08 23:30:12 +00:00
David Shaw
ce1ce8910e * packet.h: Move some flags to a bitfield. Change all callers. 2005-11-10 22:50:46 +00:00
David Shaw
b9f1815947 * keygen.c (proc_parameter_file): Default key and subkey usage flags to
algo capabilities if parameter file doesn't specify them. Noted by Timo
Schulz.
2005-10-26 16:09:23 +00:00
Werner Koch
c8571979ef Fixed minor card related bugs and enhanced status messages 2005-10-18 17:41:20 +00:00
David Shaw
6c4e740a59 * keyedit.c (keyedit_menu, menu_backsign): New "backsign" command to
add 0x19 backsigs to old keys that don't have them.

* misc.c (parse_options): Fix build warning.

* main.h, keygen.c (make_backsig): Make public.
2005-10-14 04:07:13 +00:00
David Shaw
47433adaa5 * getkey.c (merge_selfsigs_subkey), sig-check.c (signature_check2),
keygen.c (make_backsig): Did some backsig interop testing with the PGP
folks.  All is well, so I'm turning generation of backsigs on for new
keys.  Checking for backsigs on verification is still off.
2005-10-11 22:13:49 +00:00
David Shaw
f74282bee0 * misc.c (openpgp_pk_algo_usage): Default to allowing CERT for signing
algorithms.

* keyedit.c (sign_uids): Don't request a signing key to make a
certification.

* keygen.c (do_add_key_flags): Force the certify flag on for all
primary keys, as the spec requires primary keys must be able to
certify (if nothing else, which key is going to issue the user ID
signature?)  (print_key_flags): Show certify flag.  (ask_key_flags,
ask_algo): Don't allow setting the C flag for subkeys.
	
* keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): Distinguish
between a sign/certify key and a certify-only key.
2005-08-27 03:09:40 +00:00
Werner Koch
2ce542ad52 auto retrieve keys from PKA. Thsi allows to specify an email address
so that gpg can get the key from DNS.  This helps with opportunistic
encryption.  No integration with the trust modell yet.
2005-08-05 14:46:59 +00:00
David Shaw
533bc3e813 * keygen.c (proc_parameter_file): Sanity check items in keygen batch
file.  Noted by Michael Schierl.
2005-08-05 03:30:13 +00:00
David Shaw
a4563ecd19 * keygen.c (write_keyblock): Don't try and build deleted kbnodes since
we start our tree with one.
2005-08-04 21:41:11 +00:00
David Shaw
5ce7563171 Revert bad patch. 2005-08-04 21:39:43 +00:00
David Shaw
bf4728992f * keygen.c (start_tree): Need to use an actual packet type (which we
can then delete) to start the tree.
2005-08-04 20:48:13 +00:00
Werner Koch
986a137c58 Implemented PKA trust model 2005-07-28 18:59:36 +00:00
Werner Koch
a1cdf3c75f Converted all m_free to xfree etc. 2005-07-27 18:10:56 +00:00
David Shaw
c66eeec3c6 * keygen.c (save_unprotected_key_to_card): Better fix for gcc4 warning. 2005-06-20 17:32:09 +00:00
David Shaw
07e9d532b1 * keygen.c (save_unprotected_key_to_card): Fix gcc4 warning.
* options.h, import.c (parse_import_options, import_one): Add
import-clean-uids option to automatically compact unusable uids when
importing.  Like import-clean-sigs, this may nodify the local keyring.

* trustdb.c (clean_uids_from_key): Only allow selfsigs to be a
candidate for re-inclusion.
2005-06-14 03:55:19 +00:00
Werner Koch
7d4043ca57 Updated FSF street address and preparations for a release candidate. 2005-05-31 08:39:18 +00:00
Werner Koch
be2aa37dbf * cardglue.c (send_status_info): Make CTRL optional.
(agent_scd_writekey, inq_writekey_parms): New.
(agent_openpgp_storekey): Removed.
* cardglue.h: Add a few more error code mappings.
* keygen.c (copy_mpi): Removed.
(save_unprotected_key_to_card): Changed to use agent_scd_writekey.
* app-common.h, app-openpgp.c, tlv.c, tlv.h: Updated from newer
version in gnupg 1.9 CVS.
2005-05-21 14:04:32 +00:00
David Shaw
e81d88b265 * keygen.c (write_selfsigs): Rename from write_selfsig. Write the same
selfsig into both the pk and sk, so that someone importing their sk (which
will get an autoconvert to the pk) won't end up with two selfsigs.
(do_generate_keypair): Call it from here.

* parse-packet.c (can_handle_critical_notation): New.  Check for
particular notation tags that we will accept when critical. Currently,
that's only preferred-email-encoding@pgp.com, since we know how to handle
it (pass it through to a mail program). (can_handle_critical): Call it
from here. (parse_one_sig_subpkt): Sanity check that notations are
well-formed in that the internal lengths add up to the size of the
subpacket.
2005-05-11 19:31:53 +00:00
David Shaw
89c844bd3a * main.h, keygen.c (parse_expire_string, ask_expire_interval), sign.c
(sign_file, clearsign_file, sign_symencrypt_file), g10.c (main), keyedit.c
(sign_uids): Use seconds rather than days internally to calculate
expiration.  We no longer need the day-based code as we don't generate v3
keys.
2005-05-06 19:25:19 +00:00
David Shaw
da0c60a987 * keygen.c (start_tree): New function to "prime" a KBNODE list.
(do_generate_keypair): Use it here rather than creating and deleting a
comment packet.

* keygen.c (gen_elg, gen_dsa): Do not put public factors in secret key as
a comment.

* options.h, encode.c (encode_simple, encode_crypt), keygen.c (do_create):
Remove disabled comment packet code.
2005-05-05 22:08:37 +00:00
David Shaw
08bd93f7dc * keygen.c (keygen_set_std_prefs): Add SHA256 and BZip2 to default
preferences.
2005-05-05 21:18:47 +00:00
David Shaw
c71639cfff * options.h, g10.c (main): Add new --default-sig-expire and
--default-cert-expire options.  Suggested by Florian Weimer.

* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.

* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
2005-05-05 19:21:40 +00:00
Werner Koch
c43423f0bd (keygen_set_std_prefs): Explain the chosen order of
AES key sizes.
2005-04-01 09:03:15 +00:00
Werner Koch
a043c14d22 * cardglue.c (pin_cb): Disable debug output.
* mk-w32-dist: Check for patch files.
* w32installer.nsi: Translated a few more strings.  Print a
warning if permssions are not suitable for the installation.
Add Uninstaller entries.
2005-03-14 19:19:21 +00:00
Werner Koch
bb71180d07 * gpg.sgml: Add bkuptocard command for --edit-key.
* passphrase.c (agent_get_passphrase): Don't call free_public_key
if PK is NULL.
(passphrase_clear_cache): Ditto. Removed debug output.
(passphrase_to_dek): Ditto.
2005-02-15 11:02:32 +00:00
David Shaw
c49620a720 * keygen.c (do_generate_keypair): Write the auth key to the card
before the encryption key.  This is a partial workaround for a PGP bug
(as of this writing, all versions including 8.1), that causes it to
try and encrypt to the most recent subkey regardless of whether that
subkey is actually an encryption type.  In this case, the auth key is
an RSA key so it succeeds.
2005-02-01 05:26:25 +00:00
David Shaw
df42d339d9 * keyid.c (keyid_from_sk, keyid_from_pk): Use 0xFFFFFFFFFFFFFFFF
instead of 0x0000000000000000 for the invalid key ID since all-zeroes
is reserved for the anonymous recipient.

* keyedit.c (change_passphrase), keygen.c (generate_subkeypair): Fix a
string ;)
2005-01-28 00:50:10 +00:00
Werner Koch
d96f816f89 * keygen.c (generate_subkeypair): Detect primary key on-card and
ask for the passphrase.  Return an error if the primary key is a
plain stub.

* keyedit.c (change_passphrase): Don't ever change any stub key.
Print a note if a key consists of only stub keys.  Reported by
Dany Nativel.  These are bugs #401 and #402.
2005-01-27 11:48:33 +00:00
Werner Koch
aa62bf505d (do_generate_keypair): Don't continue after an error;
fixed at two places. Why at all didn't I used a goto to cleanup,
tsss?
2005-01-25 14:34:51 +00:00