* agent/command.c (cmd_genkey): Add option --passwd-nonce.
(cmd_passwd): Return a PASSWD_NONCE in verify mode.
* g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
not send a RESET if given.
(agent_passwd): Add arg 'verify'.
* g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
(gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
(generate_subkeypair): Use sepeare hexgrip var for the to be created
for hexgrip feature. Verify primary key first. Make use of the
passwd nonce. Allow for a static passphrase.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
(ask_keysize): Factor code out to ...
(get_keysize_range, fixup_keysize): new.
(parse_parameter_usage): Factor parsing out to ...
(parse_usagestr): new. Allow use of "encr" as alias for "encrypt".
(parse_subkey_algostr_usagestr): New.
(generate_subkeypair): Add new args. Implement unattended mode.
* g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
(find_by_primary_fpr): new.
(keyedit_quick_addkey): New.
* g10/gpg.c (aQuickAddKey): New.
(opts): Add --quick-addkey.
(main): Implement.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations.
(struct server_control_s): Add field tofu.dbs.
* g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by
by tofu_dbs_t.
(opendbs): Add arg CTRL. Cache the DBS in CTRL.
(closedbs): Rename to tofu_closedbs and make global. Add arg CTRL.
(tofu_register): Add arg CTRL. Change all callers. Do not call
closedbs.
(tofu_get_validity): Ditto.
(tofu_set_policy): Ditto.
(tofu_get_policy): Ditto.
(tofu_set_policy_by_keyid): Add arg CTRL.
* g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (sig_comparison): Actually compare the pubkey
algorithms.
--
This fixes two bugs: The first was a typo which led to us comparing A
with A. The second problem was the use of an assert at a place where
this can't be asserted: Two signature may have different algorithms;
they won't verify but after all it is about corrupted signatures.
Reported-by: Guilhem Moulin <guilhem@fripost.org>
GnuPG-bug-id: 2236
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (sig_comparison): New function.
(fix_key_signature_order): Merge functionality into...
(check_all_keysigs): ... this function. Rewrite to eliminate
duplicates and use a systematic approach to detecting and moving
signatures that are out of order instead of a heuristic.
(fix_keyblock): Don't call fix_key_signature_order. Call
check_all_keysigs instead after collapsing the uids.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2236
* g10/keyedit.c (print_and_check_one_sig): Split the print
functionality into...
(print_one_sig): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
manually formatting the keyid.
* g10/keygen.c (card_write_key_to_backup_file): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (change_passphrase): Remove useless init of ANY.
(keyedit_quick_adduid): Remove useless setting of ERR.
* g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
it has been checked before the loop.
(parse_plaintext): Remove useless init of PKTLEN.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.
--
GnuPG-bug-id: 2169
It was introduced by the commit 9e834047 in 2009. Then, we moved
private key handling to gpg-agent which broke this subcommand.
Note: This subcommand was not supported in 1.4 and 2.0.
* g10/keyedit.c: Print ownertrust in TOFU+PGP trust model.
--
The key editor currently prints out the ownertrust value assigned
to a key only when using the classic or PGP trust models; but
that value is also meaningful in the recently introduced TOFU+PGP
combined model.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* g10/keydb.c (keydb_new): Print an error message if needed. Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.
* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.
* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--
Commit 04a6b903 changed keydb_new to return an error. However the
error was not checked at most places which we fix with this patch. To
make things easier keydb_new prints an error message itself.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_def_secret_key): Change error message. Replace
log_debug by log_info.
* g10/gpg.c (check_user_ids): Make function static. Change error
messages.
(main): Change error messages.
* g10/revoke.c (gen_revoke): Ditto.
--
There are other smaller changes not described above.
This change tries to avoid new error messages so not to increase the
the number of translated strings or break too many existing
translations. It also tries to use existing strings and changes the
quoting to the most common style used in gpg.
Key specifications should in general use double quotes. Other values
should use single quotes. However. sometimes it is not easy to
distinguish between values given on the command line and key
specifications. According to old GNU coding standards diagnostics
should not start capitalized - whether this is a good idea is a
different thing but we used this rules for most strings. However,
strings which are used interactively should be properly capitalized
and end with a dot.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (menu_expire): Use only one prompt.
--
The old code was anyway not fully i18n because it did not used
ngettext. Further we ran into const char*/char* conflicts on Windows
where we use a different gettext implementation.
FWIW: A better pattern in the case of a static and a malloced string
w/o error return on malloc failure would be:
const char *s;
char *s_buf;
s_buf = xtryasprintf ("%d foo", n);
if (!s_buf)
s = "several foo";
else
s = s_buf;
bar (s);
xfree (s_buf);
* g10/keyedit.c (menu_select_key): Use spacep and hexdigitp instead of
inline tests. Don't compare P to the suffix of the fingerprint. If P
appears to be a keyid, do an exact compare against the keyid. If it
appears to be a fingerprint, do an exact compare against the
fingerprint.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (menu_expire): Allow updating the expiration time of
multiple subkeys at once.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1944
* g10/keyedit.c (menu_select_key): Take an additional argument, p.
Update callers. If P is a hex string, then assume that P is a key id
or fingerprint and select subkeys with matching key ids or
fingerprints.
* doc/gpg.texi: Update documentation for the key subcommand.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1423
Debian-bug-id: 610336
* g10/options.h (opt): Add field only_sign_text_ids.
* g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
(opts): Handle oOnlySignTextIDs.
(main): Likewise.
* g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
select non-text based IDs automatically.
(keyedit_menu): Adapt the prompt asking to sign all user ids according
to OPT.ONLY_SIGN_TEXT_IDS.
* doc/gpg.texi: Document the new option --only-sign-text-ids.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1241
Debian-bug-id: 569702
* configure.ac: Add option --dsiable-tofu and --disable-sqlite.
(NEED_SQLITE_VERSION): New var.
(USE_TOFU): New ac_define and am_conditional.
* autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
pkg-config find the correct .pc file.
* g10/Makefile.am (tofu_source): New. Build only if enabled.
* g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
(parse_tofu_policy)[!USE_TOFU]: Disable all.
(parse_tofu_db_format)[!USE_TOFU]: Disable all.
(main) <aTOFUPolicy>[!USE_TOFU]: Skip.
* g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
call tofu functions.
* g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
* g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
processing.
--
This allows to build a minimal version of GnuPG. It is also currently
required to build for Windows.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
print an asterisk for the chosen selfsig.
(check_all_keysigs): Add arg "only_selfsig"
(keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
--
Using "check selfsig" prints only the self-signatures and indicates
the chosen selfsig with an asterisk.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (keyedit_menu): When complaining that a user ID or key
must be selected, indicate what command to use to do this.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/keyedit.c (sign_uids): Write an ERROR status for a signing
failure.
(menu_adduid, menu_addrevoker, menu_revsig): Ditto.
(menu_revuid, menu_revkey, menu_revsubkey): Ditto.
--
This change helps GPA to show better error messages.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (sign_uids): Add arg "ctrl".
(show_key_with_all_names_colon): Ditto.
(show_key_with_all_names): Ditto.
* g10/keyedit.c (show_key_with_all_names): Print key record
indicators by checking with gpg-agent.
(show_key_with_all_names): Ditto. May now also print sec/sbb.
--
This also fixes a problem in the --with-colons mode. Before this
patch the --with-colons output of --edit-key always showed pub/sub
regardless of the old toogle state. Now it also prints sec/sbb.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (cmds): Remove helptext from "toggle".
(keyedit_menu): Remove "toggle" var and remove the sub/pub check
against toggle.
--
Because it is now easily possible to have only secret keys for some of
the main/subkeys the current check on whether any secret is available
is not really useful. A finer grained check should eventually be
implemented.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order.
(fix_keyblock): New. Call fix_key_signature_order and other fix
functions.
(keyedit_menu): Factor code out to new fix_keyblock.
(keyedit_quick_sign): Ditto. Check for primary fpr before calling
fix_keyblock.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
* common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
--
JNLIB has no more meaning. Thus we switch to a GPGRT_ prefix in
anticipation that some code may eventually be moved to libgpg-error.
Signed-off-by: Werner Koch <wk@gnupg.org>
g10/call-agent.h (agent_scd_learn): Add FORCE option.
g10/call-agent.c (agent_scd_learn): Implement FORCE option.
g10/keygen.c (gen_card_key): Follow the change of option.
g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
g10/keyedit.c (keyedit_menu): Update private key storage by
agent_scd_learn.
--
This is not a perfect solution since there is a possibility user
unplug card before quitting 'gpg --keyedit' session. Usually,
it works well.
GnuPG-bug-id: 1846
* g10/sign.c (sign_file): Use log_printf instead of stderr.
* g10/tdbdump.c (export_ownertrust): Use estream fucntions.
(import_ownertrust): Ditto.
* g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t.
--
Reported-by: Guilhem Moulin <guilhem@fripost.org>
Needed for unattended key edits with --status-fd, because since 2.1
status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd)
not fflush(3), so the standard output may not be flushed before each
prompt. (Which breaks scripts using select(2) to multiplex between
the standard and status outputs.)
His patch only affected print_and_check_one_sig_colon() but there are
many more places where stdio and estream are mixed. This patch now
replaces most of them in g10/. At some places stdio is still used,
but that is local to a function and should not have side effects.
Signed-off-by: Werner Koch <wk@gnupg.org>
