* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
"$SIGNKEYID".
* scd/app-nks.c (do_getattr): Add attributes too.
--
We already have $AUTHKEYID to locate the keyref of the key to be used
with ssh. It will also be useful to have default keyref for
encryption and signing. For example, this will allow us to replace
the use of "OPENPGP.2" by a app type specific keyref.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 2b1135cf92)
Removed changes for the non-existing app-piv.c.
Added support for NKS.
* g10/call-agent.c (agent_scd_readkey): New.
* g10/keygen.c (ask_key_flags): Factor code out to ..
(ask_key_flags_with_mask): new.
(ask_algo): New mode 14.
--
Note that this new menu 14 is always displayed. The usage flags can
be changed only in --expert mode, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit a480182f9d)
Removed stuff from gpg-card which does not exists in 2.2. No tests
yet done for this backport.
* common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f952226043)
Removed the changes in gpg-card which is not part of 2.2
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (opts): Add option.
(main): Set flag.
* g10/options.h: Add flags.use_only_openpgp_card.
* g10/call-agent.c (start_agent): Implement option.
--
With the previous patch we switch to autoselect an application
instead of requesting an openpgp card. This option allows to revert
this in case of use use cases which expected the former behaviour.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.c (start_agent): Use card app auto selection.
* g10/card-util.c (current_card_status): Print the Application type.
(card_status): Put empty line between card listings.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e47524c34a)
* g10/call-agent.c (scd_keypairinfo_status_cb)
(agent_scd_keypairinfo): New. Taken from gpgsm.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0fad61de15)
* g10/card-util.c (current_card_status): String changes.
(change_sex): Description change.
(cmds): Add "salutation"; keep "sex" as an alias.
--
Note that we can't change the used values or tags but at least the UI
should show reflect the real purpose of the field.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 166f3f9ec4)
* g10/call-agent.c (agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
--
Cherry-pick master commit of:
3ba091ab8c
GnuPG-bug-id: 4652
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
value as defined section 6.2.6 in CCID specification.
--
Backport master commit of:
996c497a86
For TPDU level transfer, it was handled. This is fix for APDU level
transfer.
GnuPG-bug-id: 4646
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
level transfer.
(ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
level transfer.
--
Backported master commit of:
858dc95643
GnuPG-bug-id: 4654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/import.c (read_block): Make sure KEYID is availabale also on a
pending packet.
--
Reported-by: Phil Pennock
Fixes-commit: adb120e663
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver. Remove keyserver lookup just by the
keyid. Try a WKD lookup before a keyserver lookup.
--
The use of the the keyid for lookups does not make much sense anymore
since for quite some time we do have the fingerprint as part of the
signature.
GnuPG-bug-id: 4595
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96bf8f4778)
* tools/wks-receive.c (decrypt_data): Change limit.
--
The former limit ~1MiB of was used during development.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b0e8724b10)
* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.
--
inspired by patch from Damien Goutte-Gattat <dgouttegattat@incenp.org>
GnuPG-Bug_id: 4566
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (main): Change default.
--
Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures. That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.
To revert to the old behavior add
keyserver-optiions no-self-sigs-only,no-import-clean
to gpg.conf.
GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 23c9786408)
* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
and skipped-local.
--
This change avoids error message like
gpg: error retrieving 'foo@example.org' via None: No public key
A 'None' mechanism is something internal.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 91a6ba3234)
* g10/gpg.c (aLocateExtKeys): New.
(opts): Add --locate-external-keys.
(main): Implement that.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
(get_best_pubkey_byname): Add arg 'mode' and pass on to
get_pubkey_byname. Change callers.
* g10/keylist.c (public_key_list): Add arg 'no_local'.
(locate_one): Ditto. Pass on to get_best_pubkey_byname.
--
This new command is a shortcut for
--auto-key-locate nodefault,clear,wkd,... --locate-key
and uses the default or configured AKL list but does so without local.
See also
GnuPG-bug-id: 4599
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d00c8024e5)
* g10/keydb.h (enum get_pubkey_modes): New.
* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
change all callers.
--
This change prepares the implementation of GET_PUBKEY_NO_LOCAL.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9980f81da7)
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
(handle_send_request_error): Use it for 503 and 504.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
extra_tries.
--
This is a pretty stupid fix but one which works without much risk of
regressions. We could have used the existing TRIES but in that case
the fallback to other host would have been too limited. With the used
value we can have several fallbacks to other hosts. Note that the
TRIES is still cumulative and not per host.
GnuPG-bug-id: 4600
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 8b113bb148)
* dirmngr/http.c (same_host_p): Consider certain subdomains to be the
same.
--
GnuPG-bug-id: 4603
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 37f0c55c7b)
* g10/import.c (import_one): Rename to ...
(import_one_real): this. Do not print and update stats on keyring
write errors.
(import_one): New. Add fallback code.
--
GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 3a403ab04e)
* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
* g10/import.c (parse_import_options): Add option "self-sigs-only".
(read_block): Handle that option.
--
This option is intended to help against importing keys with many bogus
key-signatures. It has obvious drawbacks and is not a bullet-proof
solution because a self-signature can also be faked and would be
detected only later.
GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 15a425a1df)
* g10/import.c: Change arg 'with_meta' to 'options'. Change callers.
--
This chnage allows to pass more options to read_block.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c (gc_component_kill): Reverse the order.
--
Cherry-picked from master commit:
7c877f942a
The order matters in a corner case; On a busy machine, there was a
race condition between gpg-agent's running KILLAGENT command and its
accepting incoming request on the socket. If a request by
gpg-connect-agent was accepted, it resulted an error by sudden
shutdown. This change of the order can remove such a race.
Here, we know backend=0 is none.
GnuPG-bug-id: 4577
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
* g13/server.c (cmd_getinfo): Ditto.
* sm/server.c (cmd_getinfo): Ditto.
--
GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require
a later version for gnupg 2. Thus we can switch to this more
descriptive code.
Signed-off-by: Werner Koch <wk@gnupg.org>
