* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method. Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt): Add field 'with_wkd_hash'.
(AKL_WKD): New.
* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--
The Web Key Directory is an experimental feature to retrieve a key via
https. It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.
For example the URI to lookup the key for Joe.Doe@Example.ORG is:
https://example.org/.well-known/openpgpkey/
hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q
(line has been wrapped for rendering purposes). The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part. The
address wk@gnupg.org can be used for testing.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/build-packet.c (do_key): Do not use the header length specified
by the public key packet from the keyring, but let 'write_header2'
compute the required length.
--
Specifically exporting RSA keys of length 1024 failed, as the encoded
public key packet requires 141 bytes a length that fits into one byte,
but the secret key is significantly larger, making the export fail.
GnuPG-bug-id: 2307
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--
Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (opendb): Guard call to timeout function.
--
GnuPG-bug-id: 2294
Fix not tested but is pretty obvious.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (ask_key_flags): Improve message.
--
Because the curve is only selected after the capabilities are queried
we do not know whether ECDSA or EdDSA will eventually be used. When
printing the possible capabilities we now use print "ECDSA/EdDSA" for
the algorithm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
(ask_curve): Use a fixed table of curve names and reserve a slot for
Curve448. Simplify CurveNNNN/EdNNNN switching.
(ask_curve): Remove the Curve25519 is non-standard prompt.
--
Given that ECC generation is only available in export mode and that
gpg will in any case support our current ed2559/cv25519 definition the
extra prompt does not make anymore sense.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc.
(module_tests): Add t-stutter.
(t_stutter_SOURCES): New variable.
(t_stutter_LDADD): New variable.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Add a test to check that the Mister and Zuccerato attack described in
"An Attack on CFB Mode Encryption As Used by OpenPGP" works.
* g10/keygen.c (do_generate_keypair): Check for errors, in which case
'pri_psk' is NULL.
Fixes-commit: bf9d1248
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/packet.h: Include "util.h".
* g10/encrypt.c (encrypt_seskey): Don't mark as static.
* g10/gpgcompose.c: New file.
* g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose.
(gpg2_SOURCES): Split everything but gpg.c into...
(gpg_sources): ... this new variable.
(gpgcompose_SOURCES): New variable.
(gpgcompose_LDADD): Likewise.
(gpgcompose_LDFLAGS): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/encrypt.c (write_pubkey_enc_from_list): Split the body of this
function out into...
(write_pubkey_enc): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (do_plaintext): Change the semantics such that if
PT->BUF is NULL, it is the caller's responsibility to write the
content (and disable partial body length mode, if appropriate).
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (sig_to_notation): Break printing of binary
notations into...
(notation_value_to_human_readable_string): ... this new function.
Provide a small preview of the binary data substituting non-printable
characters with '?'.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/sig-check.c (check_key_signature2): If SIG->CLASS is
unsupported, show some debugging information. Don't use BUG to fail.
Just return GPG_ERR_BAD_SIGNATURE.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (write_header2): Make sure the length bits are
cleared. Fail if HDRLEN is set and the specified length can't be
encoded in the available space.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (do_plaintext): Use ctb_new_format_p to check the
packet's format.
(write_header2): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (sig_to_notation): Avoid an unnecessary copy of
the data: the size of the packet is fixed.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (do_symkey_enc): Use iobuf_write instead of
iobuf_put in a loop. Use iobuf_copy instead of iobuf_read and
iobuf_write in a loop. Move the memory wiping from here...
* common/iobuf.c (iobuf_copy): ... to here.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (sig_comparison): New function.
(fix_key_signature_order): Merge functionality into...
(check_all_keysigs): ... this function. Rewrite to eliminate
duplicates and use a systematic approach to detecting and moving
signatures that are out of order instead of a heuristic.
(fix_keyblock): Don't call fix_key_signature_order. Call
check_all_keysigs instead after collapsing the uids.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2236
* g10/sig-check.c (hash_uid_node): Rename from this...
(hash_uid_packet): ... to this. Take a PKT_user_id instead of a
KBNODE.
(check_key_signature2): Split the basic signature checking
functionality into...
(check_signature_over_key_or_uid): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (print_and_check_one_sig): Split the print
functionality into...
(print_one_sig): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/sig-check.c (check_signature_end): Break the basic signature
check into...
(check_signature_end_simple): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
manually formatting the keyid.
* g10/keygen.c (card_write_key_to_backup_file): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keydb.h (keyid_cmp): New function.
* g10/keyid.c (pk_keyid): New function.
(pk_main_keyid): New function.
(keyid_copy): New function.
(pk_keyid_str): New function.
* g10/packet.h (PKT_public_key): Update comments for main_keyid and
keyid.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk,
NULL) to ensure that pk->keyid is valid. Because it is easy to forget
to do this, these accessor functions take care of it.