1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

9482 Commits

Author SHA1 Message Date
NIIBE Yutaka
8ff3663027 scd: Clear PIN cache when changing key attributes.
* scd/app-openpgp.c (change_keyattr): Clear all PINs.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 13:13:29 +09:00
NIIBE Yutaka
f4c07fc3d3 scd: Clear caching PIN at KDF setup.
* scd/app-openpgp.c (do_setattr): Clear PINs.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 13:04:59 +09:00
NIIBE Yutaka
316a8cbc75 scd: Add better support for KDF feature.
* scd/app-openpgp.c (do_setattr): Handle kdf-seup "off" for Gnuk.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 12:58:30 +09:00
NIIBE Yutaka
8dfd0ebfd8 gpg,scd: Fix handling of KDF feature.
* g10/card-util.c (kdf_setup): Fix the default value.
* scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
Zeitcontrol.  Make sure Gnuk and Yubikey work well.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 12:49:20 +09:00
NIIBE Yutaka
6e51f2044a scd: Fix the use case of verify_chv2 by CHECKPIN.
* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
when needed.

--

Confusingly, verify_chv2 has two different purposes;  One for
verifying with CHV2 (in addition to CHV1), and the call by
CHECKPIN.  For the latter, we should check CHV1.

Fixes-commit: af189be481df02a77e088aa0a60a1fc02dfa12bf
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-15 15:31:23 +09:00
Werner Koch
fbc1b199fd
scd:piv: Avoid conflict when writing a cert.
* scd/app-piv.c (map_curve_name_to_oid): New.
(my_cmp_public_key): New.
(do_writecert): Replace simple memcmp by cmp_canon_sexp.
--

GnuPG-bug-id: 5061
2020-09-11 15:47:39 +02:00
Werner Koch
b6ba6a79ce
common: New function cmp_canon_sexp.
* common/sexputil.c (cmp_canon_sexp): New.
(cmp_canon_sexp_def_tcmp): New.
* common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
--

To be used to fix
GnuPG-bug-id: 5061

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-11 15:23:22 +02:00
Werner Koch
9a94db1f66
keyboxd: Implement lookup by short and long keyid.
* kbx/backend-sqlite.c: Change definition of column KID.
(kid_from_mem): Remove.
(kid_from_u32): Rewrite.
(run_sql_bind_int64): Remove.
(run_select_statement): Implement lookup by short keyid.  Fix lookup
by long keyid.
(store_into_fingerprint): Adjust kid arg.
--

The original idea of using an INTEGER, which has the required 64 bits,
didn't worked out due to problems with signed/unsigned mismatch and
the required truncation in a short keyid lookup.  Thus we change the
definition to a blob.

For a database currently in use the change can be done by hand:

  alter table fingerprint rename column kid to deletedkid;
  alter table fingerprint add column kid not null
        default X'0000000000000000';

  update fingerprint set kid = substr (fpr, 13);

The update does only work with 20 octet fingerprints; that is not with
the new v5 OpenPGP keys.  Note that sqlite does not allow to drip a
column, thus we rename it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-11 12:10:05 +02:00
Werner Koch
616c60d93d
keyboxd: Add ephemeral and revoked flag to the sqlite backend.
* kbx/backend-support.c (be_return_pubkey): Add args is_ephemeral and
is_revoked.  Adjust callers.
* kbx/backend-sqlite.c: Alter table pubkey to add new columns.
(run_select_statement): Add new column to all selects.
(be_sqlite_search): Return the new flags.
--

For existing test databases the new column can be added with:

  alter table pubkey add ephemeral integer not null default 0;
  alter table pubkey add revoked integer not null default 0;

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-11 12:10:05 +02:00
Andre Heinecke
d62797ebcc
doc: Update and extend module overview
* doc/gnupg-module-overview.svg: Add examples of GPGME aware
applications

--
Whenever I used this overview I needed to explain what this
meant so giving examples might help a bit and also illustrate
the codesharing between GpgOL, Kleopatra and KMail.
2020-09-10 13:58:47 +02:00
Werner Koch
ed6ebb696e
sm: Implement initial support for keyboxd.
* sm/gpgsm.h (MAX_FINGERPRINT_LEN): New.
* sm/keydb.c (struct keydb_local_s): Change definition of
search_result.
(keydb_get_cert): Implement keyboxd mode.
(keydb_get_flags): Temporary hack for keyboxd mode.  Needs to be
fixed.
(struct store_parm_s, store_inq_cb): New.
(keydb_insert_cert): Implement keyboxd mode.
(keydb_locate_writable): Make static.
(keydb_search_reset): Implement keyboxd mode.
(search_status_cb): New.
(keydb_search): Implement keyboxd mode. Replace return code -1 by
GPG_ERR_NOT_FOUND.
(keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND.
* sm/keylist.c (list_cert_colon): Adjust for replacement of -1 by
GPG_ERR_NOT_FOUND.
(list_internal_keys): Ditto.
* sm/sign.c (add_certificate_list): Ditto.
* sm/certchain.c (find_up_search_by_keyid): Ditto.
(find_up_external, find_up, find_up_dirmngr): Ditto.
(gpgsm_walk_cert_chain): Ditto.
(get_regtp_ca_info): Ditto.
* sm/certlist.c (gpgsm_add_to_certlist): Ditto.
(gpgsm_find_cert): Ditto.
* sm/delete.c (delete_one): Ditto.
* sm/export.c (gpgsm_export): Ditto.
(gpgsm_p12_export): Ditto.
* sm/import.c (gpgsm_import_files): Ditto.
--

Note that keyboxd is not yet able to handle the ephemeral flag.  This
needs fixing here and in keyboxd.  Delete et al. is also not yet
implemented.  A basic key listing works, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 13:05:17 +02:00
Werner Koch
c9677d416e
keyboxd: Add basic support for X.509.
* kbx/keybox-blob.c (x509_email_kludge): Rename to ...
(_keybox_x509_email_kludge): this and make global.
* kbx/backend.h: Include ksba.h.
* kbx/backend-support.c (be_get_x509_serial): New.
(be_get_x509_keygrip): New.
* kbx/backend-sqlite.c (table_definitions): New table 'issuers'.
(run_select_statement): Implements modes ISSUER, ISSUER_SN, SUBJECT.
(store_into_userid): Add arg override_mbox.
(store_into_issuer): New.
(be_sqlite_store): Implement x509 part.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:50:45 +02:00
Werner Koch
6fcc263c18
keyboxd: Use D-lines instead of a separate thread.
* kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'.
* g10/call-keyboxd.c (open_context): Set DLINES to true.
* sm/keydb.c (open_context): Ditto.
--

This allows to compile time switch between the D-line and the
fd-passing data communication between gpg/gpgsm and keyboxd. A quick
test with about 3000 OpenPGP keys showed that D-lines are only 10%
slower than the fd-passing based implementation.  Given that the
thread adds extra complexity we go for now with the D-line approach.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:14:02 +02:00
Werner Koch
29977e21d1
keyboxd: Add options --openpgp and --x509 to SEARCH.
* kbx/keyboxd.h (struct server_control_s): Replace the two request
objects by just one.  Add filter flags.
* kbx/kbxserver.c (cmd_search): Add options --openpgp and --x509.
(cmd_killkeyboxd): Do not return GPG_ERR_EOF.
* kbx/frontend.c (kbxd_release_session_info): Adjust for the new
request object.
(kbxd_search, kbxd_store, kbxd_delete): Ditto.
* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add filter flags.
(run_sql_prepare): Add optional arg 'extra'.  Change callers.
(run_sql_bind_ntext): New.
(run_sql_bind_text): Just call run_sql_bind_ntext.
(run_select_statement): Add ctrl arg.  Implement the filter flags.

* g10/call-keyboxd.c (keydb_search): Use the --openpgp option.
--

As soon as we implement X.509 we need to have a way to return only
openpgp or x.509 certificates.  Gpg/gpgsm will then use the respective
flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:08:48 +02:00
Werner Koch
3cf9bb4d73
gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
* dirmngr/server.c (cmd_killdirmngr): Return 0.
* tools/gpg-connect-agent.c (main): Catch signals.
--

And we also print nicer diagnostics.  The reason we need this is that
for example "gpgconf --kill dirmngr" uses gpg-connect-agent to send a
command to dirmngr.  This may results in a SIGPIPE which in turn leads
to an annoying error message from gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 10:50:40 +02:00
Werner Koch
5a87011c46
dirmngr: Fix the pool keyserver case for a single host in the pool.
* dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for
localhost and if there is no pool.
2020-09-10 10:50:40 +02:00
Werner Koch
faabc49797
dirmngr: Align the gnutls use of CAs with the ntbtls code.
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--

The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate.  This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 10:50:39 +02:00
NIIBE Yutaka
d4cb774ddd scd: Flush KDF DO (0x00F9) when it's being set.
* scd/app-openpgp.c (do_setattr): Call flush_cache_item always.

--

Only it was called when there was an object with KDF_DATA_LENGTH_MAX.
No matter the VALUELEN, it should be flushed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-10 15:20:01 +09:00
Werner Koch
8ed85ef3de
agent: Keep some permissions of private-keys-v1.d.
* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--

GnuPG-bug-id: 2312
2020-09-09 20:34:59 +02:00
Werner Koch
adec6a84f6
kbx: Change X.509 S/N search definition.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload
SNLLEN with a hex flag.  Add SNHEX.
* kbx/keybox-search.c (keybox_search): Adjust.
* common/userids.c (classify_user_id): Adjust.
* sm/keydb.c (keydb_search_desc_dump): Adjust.
* g10/keydb.c (keydb_search_desc_dump): Adjust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-09 20:34:59 +02:00
NIIBE Yutaka
2bc1ec2944 gpg,tools: Add handling of supported algorithms by a card.
* g10/call-agent.h (struct agent_card_info_s): Add supported_keyalgo.
* g10/call-agent.c (learn_status_cb): Parse KEY-ATTR-INFO.
(agent_release_card_info): Release supported_keyalgo.
* tools/gpg-card.h (struct card_info_s): Add supported_keyalgo.
* tools/card-call-scd.c (learn_status_cb): Parse KEY-ATTR-INFO.
(release_card_info): Release supported_keyalgo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-08 15:34:42 +09:00
NIIBE Yutaka
0db9c83555 scd: Add a workaround for Yubikey.
* scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.

--

Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n
610616049 returns 0x6581, where 0x6a88 is expected.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-08 11:41:33 +09:00
NIIBE Yutaka
270c49b8c6 scd: Fix handling 0x00FA to support OpenPGP card 3.4.
* scd/app-openpgp.c (data_objects): It may be longer.

Fixes-commit: 90d0072165cc5c6888f14462392a211de0c4b232
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-07 14:24:48 +09:00
Werner Koch
0e721b635d
scd: Increase the number of supported readers from 4 to 16.
--

The limit on 4 readers I introduced in 2003 is too low for some of our
use cases.  16 looks better.   TODO: Return a useful error message in
gpg-card if the limit has been reached.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 12:51:54 +02:00
Werner Koch
65eb156980
gpg: Initialize a parameter to silence valgrind.
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--

In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter.  Thus there should be no
problem because the assert call check s buffer first.  For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable.  That does not happen with our
log_assert.

Tested with gnupg 2.2.23 with gcc 8.3.0 and valgrind 3.14.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 11:32:47 +02:00
Werner Koch
b7f56ba5e3
tests: New test run envvar to run gpg under valgrind.
--

Take care: Running under valgrind takes loooong and in some case you
may run into an valgrind internal error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 11:31:43 +02:00
NIIBE Yutaka
43bbc25b0f scd: Support GET DATA response with no header for DO 0x00FA.
* scd/app-openpgp.c (do_getattr): Support Gnuk, as well.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-04 17:16:59 +09:00
NIIBE Yutaka
eba2563dab scd: Parse "Algorithm Information" data object in scdaemon.
* scd/app-openpgp.c (data_objects): 0x00FA for binary data.
(do_getattr): Parse the data and send it in status lines.
(get_algorithm_attribute_string): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-04 13:12:57 +09:00
Werner Koch
046f419f80
sm: New options to prepare the use of keyboxd.
* sm/Makefile.am (AM_CFLAGS): Add npth flags.
(common_libs): Use npth version of the lib.
(gpgsm_LDADD): Add npth libs.
* sm/gpgsm.c (oUseKeyboxd, oKeyboxdProgram): New.
(opts): New options --use-keyboxd and --keyboxd-program.
(main): Set them.
(gpgsm_deinit_default_ctrl): New.
(main): Call it.
* sm/server.c (gpgsm_server): Ditto.
* sm/gpgsm.h (opt): Add fields use_keyboxd and keyboxd_program.
(keydb_local_s): New type.
(struct server_control_s): Add field keybd_local.
* sm/keydb.c: Include assuan.h, asshelp.h, and kbx-client-util.h.
(struct keydb_local_s): New.
(struct keydb_handle): Add fields for keyboxd use.
(gpgsm_keydb_deinit_session_data): New.
(warn_version_mismatch): New.
(create_new_context): New.
(open_context): New.
(keydb_new): Implement keyboxd mode.
(keydb_release): Ditto.
(keydb_get_resource_name): Ditto.

* sm/keydb.c: Add stub support for all other functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-03 13:49:20 +02:00
Werner Koch
a7d006293e
sm: Add arg ctrl to keydb_new.
* sm/keydb.c (keydb_new): Add arg and change all callers.
--

This will be used later.
2020-09-03 13:49:20 +02:00
NIIBE Yutaka
90d0072165 scd: Add handling of "Algorithm Information" DO.
* cd/app-openpgp.c (data_objects): Add 0x00FA.
(do_getattr): Add KEY-ATTR-INFO.

--

See the section 4.4.3.11 Algorithm Information in the OpenPGP card
functional specification version 3.4.1.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-03 19:58:10 +09:00
Werner Koch
8ec9573e57
gpg: Fix segv importing certain keys.
* g10/key-check.c (key_check_all_keysigs): Initialize issuer.
--

Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035
from 2017

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-02 15:30:44 +02:00
Werner Koch
497db0b5bc
keyboxd: Restructure client access code.
* kbx/kbx-client-util.c: New.
* kbx/kbx-client-util.h: New.
* kbx/Makefile.am (client_sources): New.
* g10/keydb.c (parse_keyblock_image): Rename to keydb_parse_keyblock
and make global.
* g10/call-keyboxd.c: Include kbx-client-util.h.
(struct keyboxd_local_s): Remove struct datastream.  Add field kcd.
Remove per_session_init_done.
(lock_datastream, unlock_datastream): Remove.
(prepare_data_pipe, datastream_thread): Remove.
(keydb_get_keyblock_do_parse): Remove.
(gpg_keyboxd_deinit_session_data): Release the KCD object.
(open_context): Use of kbx_client_data_new.
(keydb_get_keyblock): Simplify.
(keydb_search): Use kbx_client_data_cmd and _wait.
--

The data specific part of the code has been moved from gpg to a new
module in kbx/ so that it can also be used by gpgsm.  The OpenPGP
parsing while reading the data has been replaced by storing the data
in memory and parse it later.  That makes a nice interface and
abstracts the fd-passing/D-lines handling away.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-02 15:16:29 +02:00
Werner Koch
4d839f5a80
keyboxd: Fix user id based queries
* kbx/backend-sqlite.c (run_select_statement): Add the missing join
for user id bases queries.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-02 14:50:59 +02:00
Werner Koch
2042f5a464
common: New helper function gnupg_close_pipe.
* common/exechelp-posix.c (gnupg_close_pipe): New.
* common/exechelp-w32.c (gnupg_close_pipe): New.
--

This function is mainly for documentation purposes and should be used
along with gnupg_create_pipe.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-02 14:49:24 +02:00
Werner Koch
2cd8bae23d
Use only one copy of the warn_server_mismatch function.
* common/asshelp.c (warn_server_version_mismatch): New.  Actually a
slightly modified version of warn_version_mismatch found in other
modules.
* common/status.c (gnupg_status_strings): New.
* g10/cpr.c (write_status_strings2): New.
* g10/call-agent.c (warn_version_mismatch): Use the new unified
warn_server_version_mismatch function.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* g10/call-keyboxd.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
* tools/card-call-scd.c (warn_version_mismatch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-01 20:43:57 +02:00
Werner Koch
16c1d8a14e
sm: Fix a bug in the rfc2253 parser
* sm/certdump.c (parse_dn_part): Fix parser flaw.
--

This could in theory result in reading bytes after a after Nul in a
string and thus possible segv on unallocated memory or reading other
parts of the memory.  However, it is harmless because the rfc2253
strings have been constructed by libksba.

GnuPG-bug-id: 5037
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-28 09:09:05 +02:00
Gavin L. Rebeiro
d45e92cf88
doc: Fix typos
--
2020-08-28 09:09:05 +02:00
NIIBE Yutaka
393dcdd61c common: Fix fallback handling to utf-8.
* common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION.

--

GnuPG-bug-id: 5038
Fixes-commit: 99c9bf7defd6c1ac9cc49c84e6c78eeb886a6952
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-28 15:18:00 +09:00
Werner Koch
cde92d3e23
doc: Add a remark about keyservers.
--
2020-08-27 12:50:33 +02:00
Werner Koch
a0a4744bd0
scd: New option to APDU command to return the ATR as data.
* scd/command.c (cmd_apdu): Add new option --data-atr.
* tools/gpg-card.c (cmd_apdu): Use that here.  Also fix the --exlen
option and do not print the statusword in atr mode.
* tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a
status word.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-27 11:55:37 +02:00
Werner Koch
95b5a852e2
scd: Fix reading of the ATR for card type detection.
* scd/app.c (app_new_register): Do not use apdu_get_slot.
--

apdu_get_slot() may only be used after the APP has been initialized.
Thus we need to pass teh slot here directly.

Fixes-commit: 9f148360a2bf04672b43ef7cec48e21d44b06ae1
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-27 11:53:06 +02:00
Werner Koch
05358d7384
dirmngr: Print the last alert message returned by NTBTLS.
* dirmngr/http.c (send_request): Print the last TLS alert.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-27 09:02:21 +02:00
NIIBE Yutaka
9f148360a2 scd: Add heuristics to identify cardtype.
* scd/app-common.h (cardtype_t): Add CARDTYPE_GNUK and
CARDTYPE_ZEITCONTROL.
* scd/app.c (strcardtype): Handle CARDTYPE_GNUK and
CARDTYPE_ZEITCONTROL.
(app_new_register): Detect Gnuk and Zeit Control implementation
by examining its ATR string.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-27 14:32:04 +09:00
NIIBE Yutaka
af189be481 scd: Add condition for VERIFY with 0x82.
* scd/app-openpgp.c (verify_chv2): Check availability of keys in
question.

--

With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available,
it fails decrementing the signature error counter.  This change
can avoid the issue.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-27 10:41:51 +09:00
Werner Koch
90a87d96ea
build: Silence gcc warning -Wformat-zero-length
* configure.ac: Avoid useless gcc warning.  We use an empty string
quite often, for example in log_printhex.
2020-08-26 15:15:34 +02:00
Werner Koch
4699911f04
speedo: Allow customizing the release process
--
2020-08-26 13:57:14 +02:00
Werner Koch
fc1a185755
gpg: Remove left over debug output from recent change.
* g10/import.c (collapse_subkeys): Remove debug out.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 15:20:28 +02:00
Werner Koch
40acc5ef3e
examples: Simplify vsnfd.prf
* doc/examples/vsnfd.prf: Remove default-new-key-algo option.
2020-08-25 13:10:36 +02:00
Werner Koch
e7677da479
sm: Do not require a default keyring for --gpgconf-list.
* sm/gpgsm.c (main): No default keyring for gpgconf mode.
--

GnuPG-bug-id: 4867
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 11:36:12 +02:00