1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

797 Commits

Author SHA1 Message Date
Werner Koch
9546aa3cc8 tests: Speed up the genkey1024.test by using not so strong random.
* agent/gpg-agent.c (oDebugQuickRandom): New.
(opts): New option --debug-quick-random.
(main): Use new option.
* common/asshelp.c (start_new_gpg_agent): Add hack to pass an
additional argument for the agent name.
* tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
starting parameters.
* tests/openpgp/version.test: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-30 09:55:51 +01:00
Werner Koch
c9aadcb3a2 agent: Support pinentries with integrated repeat passphrase feature.
* agent/agent.h (struct pin_entry_info_s): Add fields repeat_okay and
with_repeat.
* agent/call-pinentry.c (close_button_status_cb): Rewrite and check
for PIN_REPEAT.  Change users to check only the relevant bit.
(agent_askpin): Support repeat logic of new Pinentries.

* agent/command-ssh.c (ssh_identity_register): Use the new repeat
feature.
* agent/genkey.c (agent_ask_new_passphrase): Ditto.

--

If we need to confirm a passphrase entry (e.g. for new passphrase) we
set a flag into the pinentry info block.  The we try to use the new
pinentry command SETREPEATERROR; if that fails, we continue as usual.
If that succeeds we ask the pinentry to show the repeat (confirmation)
prompt and on successful return we set another flag in the pinentry
info block so that the caller can skip its own confirmation check. A
new status line from the pinentry indicates that the feature is
actually supported (it may not be supported on certain systems for
example when using the ncurses backend).

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-24 20:40:12 +02:00
Werner Koch
54ffe2045a Use a unique capitalization for "Note:".
--
2014-10-10 15:29:42 +02:00
Werner Koch
9c380384da Remove support for the GPG_AGENT_INFO envvar.
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options.  Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--

The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
2014-10-03 11:58:58 +02:00
Werner Koch
f82a6e0f08 agent: Init a local variable in the error case.
* agent/pksign.c (do_encode_md): Init HASH on error.
2014-09-18 15:32:17 +02:00
Werner Koch
4f35ef499a agent: Remove left over debug output.
* agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug
output.
2014-09-18 15:28:40 +02:00
Werner Koch
ba6f8b3d9e agent: Silence compiler warning for a debug message.
* agent/call-pinentry.c (agent_query_dump_state): Use %p for
POPUP_TID.
2014-09-18 15:21:56 +02:00
Werner Koch
457bce5cd3 gpg: Improve passphrase caching.
* agent/cache.c (last_stored_cache_key): New.
(agent_get_cache): Allow NULL for KEY.
(agent_store_cache_hit): New.
* agent/findkey.c (unprotect): Call new function and try to use the
last stored key.

* g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
make_keysig_packet.
(gen_standard_revoke): Add arg CACHE_NONCE and pass to
create_revocation.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
cache nonce.
--

This patch adds two features:

1. The key for the last passphrase successfully used for unprotecting
a key is stored away.  On a cache miss the stored away passphrase is
tried as well.  This helps for the common GPG use case of having a
signing and encryption (sub)key with the same passphrase.  See the
code for more comments.

2. The now auto-generated revocation certificate does not anymore
popup a passphrase prompt.  Thus for standard key generation the
passphrase needs to be given only once (well, two with the
confirmation).
2014-09-17 15:12:08 +02:00
Werner Koch
afe85582dd agent: Fix import of OpenPGP EdDSA keys.
* agent/cvt-openpgp.c (get_keygrip): Special case EdDSA.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(apply_protection): Handle opaque MPIs.

(do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before
unpacking an opaque mpi.
--

The key transfer protocol between gpg and gpg-agent uses gcrypt
algorithm numbers which merge all ECC algorithms into one.  Thus it is
not possible to use the algorithm number to determine the EdDSA
algorithm.  We need to known that because Libgcrypt requires the
"eddsa" flag with the curve "Ed25519" to actually use the Ed25519
signature specification.

The last fix is for correctness; the first case won't be used anyway.
2014-09-02 11:22:07 +02:00
Werner Koch
c913e09ebd agent: Allow key unprotection using AES-256.
* agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for
clarity.
(do_decryption): Add args prot_cipher and prot_cipher_keylen.  USe
them instead of the hardwired values.
(agent_unprotect): Change to use a table of protection algorithms.
Add AES-256 variant.
--

This patch will make a possible future key protection algorithm
changes smoother.  AES-256 is also allowed although there is currently
no way to encrypt using it.
2014-09-01 10:15:21 +02:00
Werner Koch
3981ff15f3 agent: Return NO_SECKEY instead of ENONET for PKSIGN and others.
* agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY.
* agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.
2014-08-18 15:42:54 +02:00
Werner Koch
b3378b3a56 agent: Show just one warning with all failed passphrase constraints.
* agent/genkey.c (check_passphrase_constraints): Build a final warning
after all checks.
2014-07-23 19:51:52 +02:00
Werner Koch
a24510d53b agent: Only one confirmation prompt for an empty passphrase.
* agent/genkey.c (check_passphrase_constraints): Moev empty passphrase
check to the front.
2014-07-23 19:16:51 +02:00
Kristian Fiskerstrand
b51af333bd gpg: Spelling error 2014-07-03 11:04:23 +02:00
Werner Koch
a1dff86da8 agent: Adjust for changed npth_eselect under W32.
* agent/gpg-agent.c (handle_connections) [W32]: Make events_set an
unsigned int to match the changed prototype.
2014-06-27 19:19:24 +02:00
Yuri Chornoivan
e56a2d6a56 Fix typos in messages 2014-06-27 15:38:33 +02:00
Werner Koch
9a034acf8a agent: Fix export of RSA keys to OpenPGP.
* agent/cvt-openpgp.c (convert_transfer_key): Fix sexp build format
string.
2014-06-26 17:07:50 +02:00
Werner Koch
f4fcaa2936 gpg: Make export of ECC keys work again.
* agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead
of the curve parameters.
* g10/export.c (canon_pubkey_algo): Rename to ...
(canon_pk_algo): this.  Support ECC.
(transfer_format_to_openpgp): Expect curve name.
2014-06-20 14:54:01 +02:00
Werner Koch
4aeb02562c agent: Fix import of non-protected gpg keys.
* agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for
non-protected keys.
(convert_from_openpgp_main): Do not call agent_askpin for a
non-protected key.
2014-05-08 10:28:24 +02:00
Werner Koch
cb2aeb4e11 Make more use of *_NAME macros.
* configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New.
(GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New.
(DIRMNGR_DISP_NAME, G13_DISP_NAME): New.
(GPGCONF_DISP_NAME): New.
(SCDAEMON_SOCK_NAME): New.
* common/argparse.c (show_help): Map description string.
2014-05-08 10:28:23 +02:00
NIIBE Yutaka
fb24808db9 agent: Fix auth key comment handling.
* agent/command-ssh.c (ssh_send_key_public): Handle the case with no
comment.
2014-05-08 11:46:38 +09:00
Werner Koch
8fee6c1ce6 gpg: Finish experimental support for Ed25519.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey.  Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp):  Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.

* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
 "NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.

* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
2014-05-07 13:27:43 +02:00
Werner Koch
a63ed98758 agent: Remove greeting message.
* agent/gpg-agent.c (main): Remove greeting.  Make --no-greeting a
dummy.
2014-05-07 08:51:11 +02:00
NIIBE Yutaka
21dab64030 ECC Fixes.
* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
does not distinguish the detail.
(do_unprotect, convert_from_openpgp_main): Don't call
map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
not the value defined by OpenPGP.
(convert_to_openpgp): It's "ecc".
* agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
* g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
* g10/pubkey-enc.c (get_it): Fix swapping the fields error.
2014-04-28 10:36:16 +09:00
Werner Koch
fdd938a5bb gpg: Pass --homedir to gpg-agent.
* agent/gpg-agent.c (main): Make sure homedir is absolute.
* common/asshelp.c (lock_spawning): Create lock file with an absolute
name.
(start_new_gpg_agent): Use an absolute name for the socket and pass
option --homedir to the agent.
(start_new_dirmngr): Use an absolute name for the --homedir.
--

This patch makes gpg's --homedir option behave again like in older
versions.  This is done by starting a new agent for each different
home directory.  Note that this assumes --use-standard-socket is used
which is the default for 2.1.
2014-04-22 16:59:06 +02:00
Werner Koch
c4d983239a gpg: Fix regression in secret key export.
* agent/cvt-openpgp.c (convert_to_openpgp): Fix use
gcry_sexp_extract_param.
* g10/export.c (do_export_stream): Provide a proper prompt to the
agent.
--

NB: The export needs more work, in particular the ECC algorithms.
2014-04-15 19:44:42 +02:00
Werner Koch
e3a4ff89a0 agent: Add command DELETE_KEY.
* agent/command.c (cmd_delete_key): New.
* agent/findkey.c (modify_description): Add '%C' feature.
(remove_key_file): New.
(agent_delete_key): New.
* agent/command-ssh.c (search_control_file): Make arg R_DISABLE
optional.

* configure.ac: Require libgpg-error 1.13.
2014-04-15 17:03:54 +02:00
NIIBE Yutaka
5ff6d0c25e agent: Support EdDSA.
* agent/pksign.c (agent_pksign_do): Handle EdDSA signature.
2014-04-08 12:15:20 +09:00
NIIBE Yutaka
513c67b746 agent: EdDSA support for SSH.
* agent/command-ssh.c (ssh_signature_encoder_eddsa): Signature is
two 32-byte opaque data which should not be interpreted as number.
2014-04-04 16:33:00 +09:00
Werner Koch
5c2a50cdc9 agent: Replace es_mopen by es_fopenmem for ssh.
* agent/command-ssh.c (ssh_read_key_public_from_blob): Use
es_fopenmem.
(ssh_handler_request_identities): Ditto.
(ssh_request_process): Ditto.
--

es_fopenmem is easier to understand than the more general function
es_mopen.  Thus we better use the former for clarity.
2014-03-23 13:42:53 +01:00
Werner Koch
fc3e70c113 agent: Put ssh key type as comment into sshcontrol.
* agent/command-ssh.c (ssh_key_type_spec): Add field name.
(ssh_key_types): Add human readable names.
(add_control_entry): Add arg SPEC and print key type as comment.
(ssh_identity_register): Add arg SPEC.
(ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key.
2014-03-22 21:28:35 +01:00
Werner Koch
072432883e agent: Support the Ed25519 signature algorithm for ssh.
* agent/command-ssh.c (SPEC_FLAG_IS_EdDSA): New.
(ssh_key_types): Add entry for ssh-ed25519.
(ssh_identifier_from_curve_name): Move to the top.
(stream_read_skip): New.
(stream_read_blob): New.
(ssh_signature_encoder_rsa): Replace MPIS array by an s-exp and move
the s-exp parsing to here.
(ssh_signature_encoder_dsa): Ditto.
(ssh_signature_encoder_ecdsa): Ditto.
(ssh_signature_encoder_eddsa): New.
(sexp_key_construct): Rewrite.
(ssh_key_extract): Rename to ...
(ssh_key_to_blob): .. this and rewrite most of it.
(ssh_receive_key): Add case for EdDSA.
(ssh_convert_key_to_blob, key_secret_to_public): Remove.
(ssh_send_key_public): Rewrite.
(ssh_handler_request_identities): Simplify.
(data_sign): Add rename args.  Add new args HASH and HASHLEN.  Make
use of es_fopenmen and es_fclose_snatch.  Remove parsing into MPIs
which is now doe in the sgnature encoder functions.
(ssh_handler_sign_request): Take care of Ed25519.
(ssh_key_extract_comment): Rewrite using gcry_sexp_nth_string.
--

To make the code easier readable most of the Ed25591 work has been
done using a new explicit code path.  Warning: Libgcrypt 1.6.1 uses a
non optimized implementation for Ed25519 and timing attacks might be
possible.

While working on the code I realized that it could need more rework;
it is at some places quite baroque and more complicated than needed.
Given that we require Libgcrypt 1.6 anyway, we should make more use of
modern Libgcrypt functions.
2014-03-22 21:12:46 +01:00
Werner Koch
a77ed0f266 agent: Cleanups to prepare implementation of Ed25519.
* agent/cvt-openpgp.c: Remove.
(convert_to_openpgp): Use gcry_sexp_extract_param.
* agent/findkey.c (is_eddsa): New.
(agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA.
* agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and
OVERRIDEDATALEN.

* common/ssh-utils.c (is_eddsa): New.
(get_fingerprint): Take care or EdDSA.
2014-03-22 20:52:03 +01:00
NIIBE Yutaka
ac5a1a3ccb agent: API change of agent_key_from_file.
* agent/findkey.c (agent_key_from_file): Always return S-expression.
* agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO.
(cmd_export_key): Likewise.  Free SHADOW_INFO.
(cmd_keytocard): Likewise.  Release S_SKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Likewise.
* agent/pksign.c (agent_pksign_do): Likewise.  Use the S-expression to
know the key type.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-03-11 16:03:01 +09:00
Werner Koch
094aa2589e w32: Silence warnings about unused vars.
* agent/gpg-agent.c (main) [W32]: Mark unused vars.
* sm/gpgsm.c (run_protect_tool) [W32]: Ditto.
* g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto.
* scd/scdaemon.c (main) [W32]: Ditto.
(handle_connections) [W32]: Ditto.
(handle_signal) [W32]: Do not build the function at all.
* scd/apdu.c (pcsc_send_apdu_direct): Ditto.
(connect_pcsc_card): s/long/pcsc_dword_t/.
(open_pcsc_reader_direct): Remove var listlen.
2014-03-07 16:11:15 +01:00
Werner Koch
3032fc3ad7 Silence several warnings when building under Windows.
* agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
(start_pinentry): Ditto.
* common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
* common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
prototypes on Windows and some other platforms.
* common/logging.c (fun_writer): Declare addrbuf only if needed.
* g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
* g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
mode.
* g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
by -1 as temporary hack for Windows.
* g10/export.c (do_export): Ditto.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
* g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
* g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.
--

The gpg server mode is not actual working and thus we can avoid the
warnings by explicitly disabling the mode.  We keep it working under
Unix, though.
2014-03-07 16:06:35 +01:00
Werner Koch
cb0dcc3408 w32: Include winsock2.h to silence warnings. 2014-03-07 14:18:43 +01:00
Werner Koch
90688b29f3 agent: Fix UPDATESTARTUPTTY for ssh.
* agent/command-ssh.c (setup_ssh_env): Fix env setting.
--

gniibe reported this to gnupg-devel on 2012-07-04:

  [...]
  (2) UPDATESTARTUPTTY doesn't work to switch TTY for pinentry for
      SSH.

  [...]

  Current implementation:

      In the function start_command_handler_ssh, the logic puts
      priority on ctrl->session_env which is initialized by
      agent_init_default_ctrl.  There are always GPG_TTY and TERM
      defined, because lines around 968 in gpg-agent.c, it says:

  	/* Make sure that we have a default ttyname. */

      While UPDATESTARTUPTTY updates opt.startup_env, it doesn't
      affect at all.

  Here is a patch to point the issue.  Tested and works for me.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9f5578c29a)
2014-03-07 09:59:32 +01:00
Werner Koch
9942a149ff agent: Make --allow-mark-trusted the default.
* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
Put this option into the gpgconf-list.
(main): Enable opt.allow_mark_trusted by default.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
allow-mark-trusted by no-allow-mark-trusted.

* agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.

--

These changes have been in effect for the Gpg4win Windows version
since 2011-01-24 and thus first released with Gpg4win 2.1.0.  Given
the current state of PKIX it does not make any sense to lure the Unix
user into false security by making it harder to trust self-signed or
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 90b419f3e9)

Resolved conflicts:
	NEWS
	agent/gpg-agent.c
2014-03-07 09:48:26 +01:00
Werner Koch
5105c8d2d3 ssh: Add support for Putty.
* agent/gpg-agent.c [W32]: Include Several Windows header.
(opts): Change help text for enable-ssh-support.
(opts, main): Add option --enable-putty-support
(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
(agent_init_default_ctrl): Add and asssert call.
(putty_message_proc, putty_message_thread): New.
(handle_connections) [W32]: Start putty message thread.
* common/sysutils.c (w32_get_user_sid): New for W32 only
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
--enable-ssh-support and --enable-putty-support.  Make the
configuration group visible at basic level.
* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
--

This patch enables support for Putty.  It has been tested with Putty
0.62 using an Unix created ssh key copied to the private-keys-v1.d
directory on Windows and with a manually crafted sshcontrol file.  It
also works with a smartcard key.

May thanks to gniibe who implemented a proxy in Python to test the
putty/gpg-agent communication.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9f32499f99)

Resolved conflicts:
	NEWS
	agent/agent.h
	agent/gpg-agent.c: Convert from pth to npth.
	common/sysutils.c
	common/sysutils.h
2014-03-07 09:48:10 +01:00
Werner Koch
179012ddd4 agent: Fix binary vs. text mode problem in ssh.
* agent/command-ssh.c (file_to_buffer)
(ssh_handler_request_identities): Open streams in binary mode.
(start_command_handler_ssh): Factor some code out to ..
(setup_ssh_env): new function.
--

This is for now a theoretical fix because there is no ssh client yet
which uses the GnuPG style IPC.  OpenSSL for Cygwin uses only a quite
similar one.  gniibe suggested to implement that IPC style in
Libassuan so that a Cygwin version of OpenSSL may be used with GnuPG.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ed056d67c7)

Also fixed one typo.
2014-03-07 09:00:56 +01:00
Werner Koch
55c3e5f448 agent: Fixed unresolved symbol under Windows.
* agent/gpg-agent.c (main): s/ttyname/gnupg_ttyname/.
--

This was not triggered by the latest mingw runtime but that has other
problems and thus I reverted to the same we used for gpg4win 2.1 which
is Debian Wheezy.
2014-02-26 14:04:42 +01:00
Werner Koch
b7f8dec632 gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.

* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.

* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip):  Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--

This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones.  This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.

This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA.  As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF.  Note that EdDSA (Ed25519)
does not yet work and that more changes are required.

The ECC support is still broken right now.  Needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
Werner Koch
ea8a1685f7 gpg: Remove cipher.h and put algo ids into a common file.
* common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t)
(compress_algo_t): New.
* agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h.
* g10/cipher.h (DEK): Move to ...
* g10/dek.h: new file.
* g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA)
(PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC)
(PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT)
(PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to
* g10/packet.h: here.
* g10/cipher.h: Remove.  Remove from all files.
* g10/filter.h, g10/packet.h:  Include dek.h.
* g10/Makefile.am (common_source): Remove cipher.h.  Add dek.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-29 20:35:05 +01:00
Werner Koch
25b4c2acbd include: Remove this directory.
* include/cipher.h: Move to ...
* g10/cipher.h: here.
* agent/gpg-agent.c: Adjust header file name.

* include/host2net.h: Move to ...
* common/host2net.h: here.  Change license to LGPLv3/GPLv2.  Adjust
notices to reflect that only me worked on that file.

* include/types.h: Remove.
* common/types.h: Include inttypes.h.  Add byte typedef and comments
for __riscos__.
* common/iobuf.h: Adjust header file name.

* include/_regex.h: Remove this unused file.

* include/Makefile.am: Remove.
* Makefile.am (SUBDIRS): Remove "include".
* configure.ac (AC_CONFIG_FILES): Remove include/Makefile.
* include/ChangeLog-2011: Move to ...
* common/ChangeLog-2011.include: here.
* common/Makefile.am (EXTRA_DIST): Add file.

* include/zlib-riscos.h: Move this repo only file to ...
* g10/zlib-riscos.h: here.

* include/: Remove.
--

include/ was a leftover from GnuPG 1.x times.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-29 17:45:05 +01:00
NIIBE Yutaka
0ee66a6f66 agent: Not remove SSH socket when already running.
* agent/gpg-agent.c (main): Defer setting of socket_name_ssh to avoid
removal of the socket when it will die in create_server_socket for
socket_name.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-01-16 10:00:17 +09:00
NIIBE Yutaka
9c731bbedf agent: Fix agent_is_eddsa_key.
* agent/findkey.c (agent_is_eddsa_key): Implemented.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-01-16 09:07:11 +09:00
Werner Koch
cc9a0b69b6 Make use of the *_NAME etc macros.
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.

* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
2013-11-18 14:09:47 +01:00
Werner Koch
402aa0f948 gpg: Rework ECC support and add experimental support for Ed25519.
* agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
(agent_is_dsa_key): Ditto.
(agent_is_eddsa_key): New.  Not finished, though.
* agent/pksign.c (do_encode_eddsa): New.
(agent_pksign_do): Use gcry_log_debug functions.
* agent/protect.c (agent_protect): Parse a flags parameter.
* g10/keygen.c (gpg_curve_to_oid): Move to ...
* common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
(oid_ed25519): New.
(openpgp_oid_is_ed25519): New.
(openpgp_oid_to_curve): New.
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
* g10/build-packet.c (gpg_mpi_write): Write the length header also for
opaque MPIs.
(gpg_mpi_write_nohdr): New.
(do_key): Use gpg_mpi_write_nohdr depending on algorithm.
(do_pubkey_enc): Ditto.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
gpg_mpi_write_nohdr.
* g10/export.c (transfer_format_to_openpgp):
* g10/keygen.c (ecckey_from_sexp): Return the error.
(gen_ecc): Repalce arg NBITS by CURVE.
(read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
(ask_curve): New.
(generate_keypair, generate_subkeypair): Use ask_curve.
(do_generate_keypair): Also pass curve name.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
curve name.
* g10/parse-packet.c (mpi_read): Remove workaround for
Libcgrypt < 1.5.
(parse_key): Fix ECC case.  Print the curve name.
* g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
(pk_verify, pk_check_secret_key): Add special case for Ed25519.
* g10/seskey.c (encode_md_value): Ditto.
* g10/sign.c (do_sign, hash_for, sign_file): Ditto.
--

Be warned that this code is subject to further changes and that the
format will very likely change before a release.  There are also known
bugs and missing code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-15 09:01:11 +01:00
Werner Koch
b27161cd0c Require Libgcrypt 1.6
* agent/pksign.c (do_encode_dsa): Remove Libgcrypt version check
--

Now that we have decided on a release plan for Libgcrypt 1.6 and given
all the improvements it makes more sense to make use of these
improvements than to clutter the GnuPG code with workarounds for older
Libgcrypt versions.
2013-11-15 09:01:11 +01:00
Werner Koch
6466db10fb Switch to deterministic DSA.
* agent/pksign.c (rfc6979_hash_algo_string): New.
(do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979.
--

Now that we have a good (and not NSA/NIST demanded ;-) specification
on how to use DSA without a random nonce, we take advantage of it and
thus avoid pitfalls related to a misbehaving RNG during signature
creation.

Note that OpenPGP has the option of using a longer hash algorithm but
truncated to what is suitable for the used DSA key size.  The hash
used as input to RFC-6979 will also be one with an appropriate digest
length but not a truncated one.  This is allowed by RFC-6979.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-09-08 11:25:58 +02:00
Werner Koch
fdbf76eee6 Fix commit 04e2c83f.
* agent/command-ssh.c (stream_read_string): Do not assign to a NULL
ptr.
2013-08-28 17:58:43 +02:00
Werner Koch
780ba32336 gpg: Make decryption with the OpenPGP card work.
* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
* scd/app-openpgp.c (do_decipher): Add arg R_INFO.
* scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
* scd/app.c (app_decipher): Add arg R_INFO.
* scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
* agent/call-scd.c (padding_info_cb): New.
(agent_card_pkdecrypt): Add arg R_PADDING.
* agent/divert-scd.c (divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
* agent/command.c (cmd_pkdecrypt):  Print status line "PADDING".
* g10/call-agent.c (padding_info_cb): New.
(agent_pkdecrypt): Add arg R_PADDING.
* g10/pubkey-enc.c (get_it): Use padding info.
--

Decryption using a card never worked in gpg 2.1 because the
information whether the pkcs#1 padding needs to be removed was not
available.  Gpg < 2.1 too this info from the secret sub key but that
has gone in 2.1.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 17:40:32 +02:00
Werner Koch
04e2c83f18 agent: Fix two compiler warnings.
* agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu
in format string.
* scd/ccid-driver.c (ccid_get_atr): Ditto.
* agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to
avoid maybe_unitialized warning.
--

Actually the first one might have been a problem on big endian
machines.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 13:04:31 +02:00
Werner Koch
50c98c7ed6 agent: Extend cmd KEYINFO to return data from sshcontrol.
* agent/command-ssh.c (struct control_file_s): Rename to
ssh_control_file_s.
(ssh_open_control_file, ssh_close_control_file)
(ssh_read_control_file, ssh_search_control_file): New.
(control_file_t):  Rename and move to ...
* agent/agent.h (ssh_control_file_t): here.
* agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
and confirm. Rename unknown keytype indicator from '-' to 'X'.  Extend
output.
(cmd_keyinfo): Add options --ssh-list and --with-ssh.
--

This extension allows the development of frontends to manage the
sshcontrol file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-08 21:22:38 +02:00
Werner Koch
ef6a6d973c agent: Include missing prototype.
* agent/protect.c: Include cvt-openpgp.h.
2013-08-01 11:32:05 +02:00
Werner Koch
82c25e67a1 Modernize two format string file name quotes.
--
2013-06-27 09:28:43 +02:00
Werner Koch
136f190a2f Fix Makefile regression.
* agent/Makefile.am (gpg_agent_DEPENDENCIES): Remove cruft from wrong
resolve conflict 2013-04-25.
(gpg_agent_DEPENDENCIES): Remove obsolete gpg_agent_res_deps
(gpg_agent_LDFLAGS): Remove obsolete gpg_agent_res_ldflags.
--

This fixes 88e24341e5.  Thanks to
Christian Aistleitner for pinpointing this bug.  Am sorry for accusing
automake to have introduced this bug; I should have washed my own eyes.

GnuPG-bug-id: 1511
2013-06-26 23:23:18 +02:00
Werner Koch
7777e68d04 Implement unattended OpenPGP secret key import.
* agent/command.c (cmd_import_key): Add option --unattended.
* agent/cvt-openpgp.c (convert_transfer_key): New.
(do_unprotect): Factor some code out to ...
(prepare_unprotect): new function.
(convert_from_openpgp): Factor all code out to ...
(convert_from_openpgp_main): this.  Add arg 'passphrase'.  Implement
openpgp-native protection modes.
(convert_from_openpgp_native): New.
* agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion
* agent/protect-tool.c (convert_from_openpgp_native): Ditto.
* agent/protect.c (agent_unprotect): Add arg CTRL.  Adjust all
callers.  Support openpgp-native protection.
* g10/call-agent.c (agent_import_key): Add arg 'unattended'.
* g10/import.c (transfer_secret_keys): Use unattended in batch mode.
--

With the gpg-agent taking care of the secret keys, the user needs to
migrate existing keys from secring.gpg to the agent.  This and also
the standard import of secret keys required the user to unprotect the
secret keys first, so that gpg-agent was able to re-protected them
using its own scheme.  With many secret keys this is quite some
usability hurdle.  In particular if a passphrase is not instantly
available.

To make this migration smoother, this patch implements an unattended
key import/migration which delays the conversion to the gpg-agent
format until the key is actually used.  For example:

   gpg2 --batch --import mysecretkey.gpg

works without any user interaction due to the use of --batch.  Now if
a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent
has to ask for the passphrase anyway, converts the key from the
openpgp format to the internal format, signs, re-encrypts the key and
tries to store it in the gpg-agent format to the disk.  The next time,
the internal format of the key is used.

This patch has only been tested with the old demo keys, more tests
with other protection formats and no protection are needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 10:14:57 +02:00
Werner Koch
0f0e0559f9 agent: Fix length detection of canonical formatted openpgp keys.
* agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to
gcry_sexp_canon_len.
--

We used to pass KEYLEN to the gcry_sexp_canon_len for no good reason:
convert_from_openpgp is guaranteed to return a valid canonical
S-expression and KEYLEN would thus act only as an upper limit.  This
is not a problem because usually the original input key is longer than
the returned unprotected key.  A future patch may change this
assertion and thus we better fix this bug now.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 09:56:30 +02:00
Werner Koch
f2d8a14e1b agent: New option --disable-check-own-socket.
* agent/gpg-agent.c (oDisableCheckOwnSocket): New.
(disable_check_own_socket): New.
(parse_rereadable_options): Set new option.
(check_own_socket): Implement new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 09:56:05 +02:00
Werner Koch
88e24341e5 w32: Add icons and version information.
* common/gnupg.ico: New.  Take from artwork/gnupg-favicon-1.ico.
* agent/gpg-agent-w32info.rc: New.
* g10/gpg-w32info.rc: New.
* scd/scdaemon-w32info.rc: New.
* sm/gpgsm-w32info.rc: New.
* tools/gpg-connect-agent-w32info.rc: New.
* common/w32info-rc.h.in: New.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
(BUILD_HOSTNAME): New.
(AC_CONFIG_FILES): Add w32info-rc.h.
* am/cmacros.am (.rc.o): New rule.
* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
build resource files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from commit 049b3d9ca0)

Solved conflicts in:

	agent/Makefile.am
	common/Makefile.am
	g10/Makefile.am
	scd/Makefile.am
	sm/Makefile.am
	tools/Makefile.am
2013-05-07 21:35:48 +02:00
NIIBE Yutaka
ef1983d58b agent: pksign result conversion to sexp to upper layer.
* agent/agent.h (divert_pksign): Add R_SIGLEN argument.
* agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN.
* agent/call-scd.c (agent_card_pksign): Move composition of
S-expression to...
* agent/pksign.c (agent_pksign_do): ... here.
--

Composing S-expression would be better to be done by SCDaemon.
2013-02-28 11:17:47 +09:00
Werner Koch
585d5c62ee Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
Werner Koch
c6b8f05517 Remove some unused variables.
* tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused
used_components.
* agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg.
* g13/g13.c (main): Comment variable of yet unimplemented options.
2013-02-22 09:42:46 +01:00
NIIBE Yutaka
3c3648e720 agent: fix two bugs.
* agent/command.c (cmd_keytocard): Decrement KEYDATALEN.
* agent/findkey.c (agent_public_key_from_file): Increment for ELEMS.

--
For ECDSA and ECDH, there are 6 elements.
2013-02-22 12:55:11 +09:00
NIIBE Yutaka
30f8a3c873 agent: Add KEYTOCARD command.
* agent/agent.h (divert_writekey, agent_card_writekey): New.
* agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New.
* agent/command.c (cmd_keytocard, hlp_keytocard): New.
(register_commands): Add cmd_keytocard.
* agent/divert-scd.c (divert_writekey): New.
2013-02-12 14:19:12 +09:00
NIIBE Yutaka
7253093add scd: Rename 'keypad' to 'pinpad'.
* NEWS: Mention scd changes.

* agent/divert-scd.c (getpin_cb): Change message.

* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.

* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/iso7816.h (iso7816_check_pinpad): Rename.

* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.

* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.

* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.

* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.

* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.

* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.
2013-02-08 09:06:39 +09:00
Werner Koch
8b2b8dfe5c agent: Move a typedef to common and provide parse_pinentry_mode.
* common/agent-opt.c: New.
* common/shareddefs.h: New.
* common/Makefile.am: Add new files.
* agent/agent.h: Include shareddefs.h.
(pinentry_mode_t): Factor out to shareddefs.h.
* agent/command.c (option_handler): Use parse_pinentry_mode.
2013-02-06 12:56:19 +01:00
Werner Koch
4483a4f0ea agent: Return a better error code if no passphrase was given.
* agent/protect.c (hash_passphrase): Handle an empty passphrase.
--

This is mostly useful in loopback pinentry-mode.
2013-02-06 12:56:19 +01:00
NIIBE Yutaka
1999446644 agent: Fix a bug of handling return code from npth_join.
* agent/call-pinentry.c (agent_popup_message_stop): Fix npth_join
return code.
--
pth_join returns TRUE (1) on success.  But npth_join (and pthread_join)
returns 0 on success, returns error number on error.
2013-01-25 23:20:46 +09:00
Werner Koch
649b31c663 ssh: Support ECDSA keys.
* agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
(struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
(ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
(ssh_signature_encoder_t): Add arg spec and adjust all callers.
(ssh_signature_encoder_ecdsa): New.
(sexp_key_construct, sexp_key_extract, ssh_receive_key)
(ssh_convert_key_to_blob): Support ecdsa.
(ssh_identifier_from_curve_name): New.
(ssh_send_key_public): Retrieve and pass the curve_name.
(key_secret_to_public): Ditto.
(data_sign): Add arg SPEC and change callers to pass it.
(ssh_handler_sign_request): Get the hash algo from SPEC.
* common/ssh-utils.c (get_fingerprint): Support ecdsa.

* agent/protect.c (protect_info): Add flag ECC_HACK.
(agent_protect): Allow the use of the "curve" parameter.
* agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.

* agent/command-ssh.c (ssh_key_grip): Print a better error code.
--

The 3 standard curves are now supported in gpg-agent's ssh-agent
protocol implementation.  I tested this with all 3 curves and keys
generated by OpenSSH 5.9p1.

Using existing non-ssh generated keys will likely fail for now. To fix
this, the code should first undergo some more cleanup; then the fixes
are pretty straightforward.  And yes, the data structures are way too
complicated.
2012-12-12 18:47:21 +01:00
Werner Koch
f76a0312c3 ssh: Rewrite a function for better maintainability
* agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite.
--

Using es_fopenmem instead of a preallocated buffer is safer and easier
to read.
2012-12-11 14:50:34 +01:00
Werner Koch
d2777f84be ssh: Improve key lookup for many keys.
* agent/command-ssh.c: Remove dirent.h.
(control_file_s): Add struct item.
(rewind_control_file): New.
(search_control_file): Factor code out to ...
(read_control_file_item): New.
(ssh_handler_request_identities): Change to iterate over entries in
sshcontrol.
--

Formerly we scanned the private key directory for matches of entries
in sshcontrol.  This patch changes it to scan the sshcontrol file and
thus considers only keys configured there.  The rationale for this is
that it is common to have only a few ssh keys but many private keys.
Even if that assumption does not hold true, the scanning of the
sshcontrol file is faster than reading the directory and only then
scanning the ssh control for each directory entry.
2012-12-10 18:27:23 +01:00
Werner Koch
25fb53ab4a ssh: Cleanup sshcontrol file access code.
* agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace
the direct use of the string.
(struct control_file_s, control_file_t): New.
(open_control_file, close_control_file): New.  Use them instead of
using fopen/fclose directly.
2012-12-10 16:39:12 +01:00
Werner Koch
36ba784599 agent: Add envvar "gnupg_SSH_AUTH_SOCK_by"
* agent/gpg-agent.c (main): Pass new envar gnupg_SSH_AUTH_SOCK_by to
an invoked process.
--

This environment variable is useful for debugging if
--use-standard-socket is used (which is the default since 2.1).
Commonly you should have this in your init script (e.g. ~/.bashrc):

    unset GPG_AGENT_INFO
    unset SSH_AGENT_PID
    SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
    export SSH_AUTH_SOCK

The problem is that gpg-agent won't be able to override the
SSH_AUTH_SOCK envvar if gpg-agent has been invoked as

  gpg-agent --enable-ssh-support --daemon /bin/bash

To fix this you should instead use this code in the init script:

  unset GPG_AGENT_INFO
  unset SSH_AGENT_PID
  if [ ${gnupg_SSH_AUTH_SOCK_by:-0} -ne $$ ]; then
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
  fi

This will work in all cases and thus allows to start gpg-agent for
testing purposes with a different homedir and use this gpg-agent as an
ssh-agent.  Example:

  GNUPGHOME=$(pwd) gpg-agent --enable-ssh-support --daemon /bin/bash

gnupg_SSH_AUTH_SOCK_by is set to the PID of the exec-ed process and
thus will work safely if called recursively.
2012-12-10 14:45:26 +01:00
Werner Koch
835698b72b Do not use a broken ttyname.
* configure.ac (HAVE_BROKEN_TTYNAME): New ac_define set for Android
systems.
* common/util.h (gnupg_ttyname): New macro.  Change all callers of
ttyname to use this macro instead.
(ttyname) [W32]: Rename to _gnupg_ttyname and use also if
HAVE_BROKEN_TTYNAME is defined.
* common/simple-pwquery.c (agent_send_all_options): Keep on using
ttyname unless HAVE_BROKEN_TTYNAME is set.  This is because this file
may be used standalone.
2012-11-20 19:03:49 +01:00
Werner Koch
9f0e9ea80c agent: Use wipememory instead of memset in one place.
* agent/command.c (clear_outbuf): Use wipememory.  Suggested by Ben
Kibbey.
2012-11-06 18:51:47 +01:00
Werner Koch
905b6a36d3 Allow decryption with card keys > 3072 bits
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* agent/call-scd.c (agent_card_pkdecrypt): Use new option for long
data.

* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.

--

Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
2012-11-06 14:48:06 +01:00
NIIBE Yutaka
8f8c29d24c agent: Fix wrong use of gcry_sexp_build_array
* findkey.c (agent_public_key_from_file): Fix use of
gcry_sexp_build_array.

--
A test case leading to a segv in Libgcrypt is

  gpg-connect-agent \
    "READKEY 9277C5875C8AFFCB727661C18BE4E0A0DEED9260" /bye

The keygrip was created by "monkeysphere s", which has a comment.

gcry_sexp_build_array expects pointers to the arguments which is quite
surprising.  Probably ARG_NEXT was accidentally implemented wrongly.
Anyway, we can't do anything about it and thus need to fix the check
the users of this function.

Some-comments-by: Werner Koch <wk@gnupg.org>
2012-11-02 16:22:26 +01:00
David Prévot
ba591e2f14 Fix typos spotted during translations
* agent/genkey.c: s/to to/to/
* sm/*.c: s/failed to allocated/failed to allocate/
* sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/
* g10/seskey.c: missing closing parenthesis
* dirmngr/crlcache.c: s/may has/may have/

Consistency fix:

* g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
* dirmngr/dirmngr_ldap: no period in Syntax
* dirmngr/dirmngr-client.c: infinitive for option description:
	s/certificates are expected/expect certificates/
2012-08-24 09:44:33 +02:00
David Prévot
94e663885b Actually show translators comments in PO files
--
2012-08-24 09:42:31 +02:00
Werner Koch
096e7457ec Change all quotes in strings and comments to the new GNU standard.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems.  We now use two \x27 characters ('...').

The proper solution would be to use the correct Unicode symmetric
quotes here.  However this has the disadvantage that the system
requires Unicode support.  We don't want that today.  If Unicode is
available a generated po file can be used to output proper quotes.  A
simple sed script like the one used for en@quote is sufficient to
change them.

The changes have been done by applying

  sed -i "s/\`\([^'\`]*\)'/'\1'/g"

to most files and fixing obvious problems by hand.  The msgid strings in
the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
Werner Koch
0f02fba19d agent: Fix deadlock in trustlist due to the switch to npth.
* agent/trustlist.c (clear_trusttable): New.
(agent_reload_trustlist): Use new function.
(read_trustfiles): Require to be called with lock held.
(agent_istrusted): Factor all code out to ...
(istrusted_internal): new.  Add ALREADY_LOCKED arg.  Make sure the
table islocked.  Do not print TRUSTLISTFLAG stati if called internally.
(agent_marktrusted): Replace calls to agent_reload_trustlist by
explicit code.
--

In contrast to pth, npth does not use recursive mutexes by default.
However, the code in trustlist.c assumed recursive locks and thus we
had to rework it.
2012-04-30 14:37:36 +02:00
Werner Koch
de01c51ecb Print warning for arguments not considered an option.
GnuPG requires that options are given before other arguments.  This
can sometimes be confusing.  We now print a warning if we found an
argument looking alike a long option without being preceded by the
stop option.  This is bug#1343.

* common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New.
* common/argparse.c (arg_parse): Set new flag.
* g10/gpg.c (main): Print the warning.
* agent/gpg-agent.c (main): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
* g13/g13.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
2012-03-27 12:38:49 +02:00
Werner Koch
b817ae7df9 agent: Add pin length field to the shadowed private key format.
This is not yet fully implemented.  It will eventually allow to
support pinpad equipped readers which do not support variable length
pin lengths.
* agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and
parse pinlen info.  Change all callers to pass NULL for it.
2012-02-07 14:17:33 +01:00
Werner Koch
12ea5c904c Use new status printing functions.
* agent/command.c (cmd_geteventcounter): Get rid of static buffers.
* scd/command.c (cmd_serialno, cmd_learn): Simplify by using
print_assuan_status.
2012-02-07 13:52:31 +01:00
Werner Koch
e78585cd0f agent: New function agent_print_status.
* common/asshelp2.c (vprint_assuan_status): New.
(print_assuan_status): Re-implement using above func.
* agent/command.c (agent_print_status): New.
2012-02-07 12:46:32 +01:00
Werner Koch
7981cdd134 agent: Simplify printing of INQUIRE_MAXLEN.
* agent/command.c: Include asshelp.h.
(cmd_pkdecrypt, cmd_genkey, cmd_preset_passphrase)
(pinentry_loopback): Use print_assuan_status for INQUIRE_MAXLEN.
2012-02-06 21:04:22 +01:00
Werner Koch
eb0faef81d common: Add a global variable to for the default error source.
For the shared code parts it is cumbersome to pass an error sourse
variable to each function.  Its value is always a constant for a given
binary and thus a global variable makes things a lot easier than the
former macro stuff.
* common/init.c (default_errsource): New global var.
(init_common_subsystems): Rename to _init_common_subsystems.  Set
DEFAULT_ERRSOURCE.
* common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT.
(init_common_subsystems): New macro.
* common/util.h (default_errsource): Add declaration.
* kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.
2012-02-06 20:50:47 +01:00
Ben Kibbey
ecda65498a Also let GENKEY and PKDECRYPT send the INQUIRE_MAXLEN status message.
* agent/command.c (cmd_pkdecrypt): Send the INQUIRE_MAXLEN status
message before doing the inquire.
(cmd_genkey): Ditto.
2012-02-03 17:50:22 -05:00
Ben Kibbey
3f7788f2e0 Inform the client of the preset passphrase length.
* agent/command.c (cmd_preset_passphrase): Send the INQUIRE_MAXLEN
status message before inquiring the passphrase.
2012-02-01 21:38:13 -05:00
Ben Kibbey
cf748e8736 Return GPG_ERR_CARD_NOT_PRESENT when pinentry-mode=loopback.
Since there isn't a way to prompt the user to insert the smartcard when
pinentry-mode=loopback, return GPG_ERR_CARD_NOT_PRESENT instead of
GPG_ERR_NO_PIN_ENTRY.

* agent/divert-scd.c (ask_for_card): Return GPG_ERR_CARD_NOT_PRESENT
when pinentry-mode=loopback.
2012-01-25 19:41:05 -05:00
Ben Kibbey
3da10eefcb Also check for GPG_ERR_ASS_CANCELED during an inquire.
Fix pinentry-mode=loopback when cancelling an inquire from scdaemon.
This is similar to commit 4f21f8d but for both protocol command
cancellation and pinentry cancellation.

* agent/call-scd.c (agent_card_pkdecrypt): Check for
GPG_ERR_ASS_CANCELED.
(agent_card_pksign): Ditto.
2012-01-25 19:40:58 -05:00
Werner Koch
2be7818c6d Fix strerror vs. gpg_strerror usage.
This bug was introduced by the migration to npth.
* agent/gpg-agent.c (handle_connections): Use strerror.
2012-01-25 14:59:01 +01:00
Werner Koch
15eddd217f Re-indent overlong lines.
--
2012-01-25 14:50:47 +01:00
Werner Koch
a55d2e16f1 Add missing variable.
* agent/gpg-agent.c (handle_connections) [!W32]: Add missing variable.
2012-01-25 14:50:47 +01:00
Marcus Brinkmann
4074f96627 Port LDAP wrapper to NPTH.
* agent/gpg-agent.c (handle_connections): Handle error.
* dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c: Port to NPTH.
2012-01-25 14:50:47 +01:00
Marcus Brinkmann
ccbb4c3652 Port Windows code to NPTH.
* agent/gpg-agent.c (get_agent_ssh_socket_name): Use
INVALID_HANDLE_VALUE instead of 0.
(handle_signal) [!HAVE_W32_SYSTEM]: Don't define.
(handle_connections): Port Windows code to NPTH.
* dirmngr/dirmngr.c (handle_connections): Port Windows code to NPTH.
* g13/g13.c (handle_connections): Port Windows code to NPTH.
* scd/scdaemon.c (handle_connections): Port Windows code to NPTH.
2012-01-25 14:50:47 +01:00
Marcus Brinkmann
7a7a597827 Port to npth.
* configure.ac: Don't check for PTH but for NPTH.
(AH_BOTTOM): Remove PTH_SYSCALL_SOFT.
(have_pth): Rename to ...
(have_npth): ... this.
(USE_GNU_NPTH): Rename to ...
(USE_GNU_PTH): ... this.
* m4/npth.m4: New file.
* agent/Makefile.am, agent/cache.c, agent/call-pinentry.c,
agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c,
agent/trustlist.c, common/Makefile.am, common/estream.c,
common/exechelp-posix.c, common/exechelp-w32.c,
common/exechelp-w32ce.c, common/http.c, common/init.c,
common/sysutils.c, dirmngr/Makefile.am, dirmngr/crlfetch.c,
dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c,
dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/Makefile.am,
g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/Makefile.am,
scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c,
scd/scdaemon.c, tools/Makefile.am: Port to npth.
2012-01-25 14:50:47 +01:00
Ben Kibbey
ae981dd8f4 Add the INQUIRE_MAXLEN status message.
This status message is used to inform the client of the maximum length
of an inquired passphrase and is used in pinentry-mode=loopback.

* agent/command.c (pinentry_loopback): Send the INQUIRE_MAXLEN status
message before doing the inquire.
2012-01-17 19:49:10 -05:00
Jim Meyering
37801918cb gpg-agent: fix lc-messages handling not to change Xauthority setting
* agent/gpg-agent.c (main): Supply omitted "break" statement for
lc-messages option.  Otherwise, control would fall through to the
following oXauthority case and use the same value there.
2012-01-16 11:49:38 +01:00
Werner Koch
75a402fc25 Fix indentation. 2012-01-15 12:37:33 +01:00
Ben Kibbey
4f21f8d6e1 Fix scdaemon pinentry inquire cancelation.
Similar to commit 29af488 but also fixes PKDECRYPT and PKSIGN.

* agent/call-scd.c (agent_card_pkdecrypt): Check for GPG_ERR_CANCELED
when returning from the PKDECRYPT operation of scdaemon and cancel the
inquire.
(agent_card_pksign): Ditto.
(cancel_inquire): New.
2012-01-14 10:29:35 -05:00
Werner Koch
d01d9ff11f Terminate csh commands with a semicolon.
Fixes bug#1386.

* agent/gpg-agent.c (main): Terminate csh style output with a semicolon.
* scd/scdaemon.c: Ditto.
2012-01-03 11:13:30 +01:00
Marcus Brinkmann
a2d9e48fcc Only set gcrypt thread callback for older version of gcrypt.
* agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c
(USE_GCRY_THREAD_CBS): New macro, defined if
GCRY_THREAD_OPTION_VERSION is 0.
(fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define.
(main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks.
2012-01-02 22:15:00 +01:00
Werner Koch
366512abe4 Require Libassuan 2.0.3
* configure.ac: Require Libassuan 2.0.3.
* agent/call-scd.c (ASSUAN_CONVEY_COMMENTS): Remove macro replacement.
* agent/command.c (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Remove
dependency.
(cmd_killagent) [ASSUAN_FORCE_CLOSE]: Ditto.
* scd/command.c (cmd_killscd) [ASSUAN_FORCE_CLOSE]: Ditto.
2011-12-20 11:12:21 +01:00
NIIBE Yutaka
f6251c0d0a Don't kill pinentry by SIGKILL but let it quit by SIGINT.
* agent/call-pinentry.c (agent_popup_message_stop): To pinentry, send
SIGINT (was: SIGKILL).
2011-12-16 09:09:41 +09:00
Werner Koch
45cf9de341 agent: Pass comment lines from scd verbatim thru gpg-agent.
* agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
* tools/gpg-connect-agent.c (help_cmd_p): New.
(main): Treat an "SCD HELP" the same as "HELP".
2011-12-14 15:42:28 +01:00
Werner Koch
9274d4d182 Fix last change.
* agent/command.c (start_command_handler): Remove use of removed var.
2011-12-05 15:14:47 +01:00
Werner Koch
477360e8cd Amend the agent code with more comments.
* agent/command.c (server_local_s): Remove unused field MESSAGE_FD.
2011-12-05 15:05:57 +01:00
Werner Koch
2336b09779 Generate the ChangeLog from commit logs.
* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.

Rename all ChangeLog files to ChangeLog-2011.
2011-12-01 11:09:02 +01:00
Werner Koch
781e9746df Improve ssh card key diagnostic message.
* command-ssh.c (card_key_available): Change wording of no key
diagnostic.
(ssh_handler_request_identities): Do not call card_key_available
if the scdaemon is disabled.
2011-11-28 10:48:25 +01:00
Ben Kibbey
0dcf517700 Allow no protection in pinentry-mode=loopback.
When the inquired passphrase has a 0 length then treat it as no
protection.
2011-09-13 08:33:43 +02:00
Ben Kibbey
eb5709f554 Fixed invalid free. 2011-09-13 08:33:01 +02:00
Ben Kibbey
fb1cdd7b0e Handle pinentry-mode=loopback.
When this mode is set an inquire will be sent to the client to retrieve
the passphrase. This adds a new inquire keyword "NEW_PASSPHRASE" that the
GENKEY and PASSWD commands use when generating a new key.
2011-09-12 09:54:16 +02:00
Werner Koch
816bee1fa0 Fixed set but unused variable bugs 2011-08-10 14:11:30 +02:00
Ben Kibbey
28eac436bb Update option s2k-count to match the documentation.
The option would previously return an error if its value was < 65536.
2011-08-10 12:46:06 +02:00
Werner Koch
81389383a3 Made the KILLAGENT and KILLSCD commands working again.
This requires that GnuPG is build with a newer version of Libassuan
(2.0.3).
2011-08-10 11:47:04 +02:00
Werner Koch
809dfd70e3 Make the inquire cancel fix a little bit more robust. 2011-07-27 11:10:15 +02:00
Ben Kibbey
29af48840f Fixed gpg-agent SCD inquire command cancellation.
Need to send the CANCEL command back to scdaemon otherwise the next SCD
command will fail.
2011-07-27 10:58:52 +02:00
Werner Koch
6f86ee812f Fix crash while reading unsupported ssh keys.
This bug was found by n-roeser at gmx.net
(gnupg-devel@, msgid 4DFC7298.4040509@gmx.net).
2011-07-22 09:29:40 +02:00
Werner Koch
093ed70fbf Allow listing of ssh fingerprint with the agent's KEYINFO command. 2011-07-20 21:13:24 +02:00
Werner Koch
d479906991 Support a confirm flag for ssh.
This implements the suggestion from bug#1349.  With this change the
fingerprint of the ssh key is also displayed in the pinentry prompts.
2011-07-20 20:49:41 +02:00
Ben Kibbey
137e3a0fbc Added gpg-agent OPTION "s2k-count".
When unset or 0, the calibrated count will be used.
2011-06-29 13:17:25 +02:00
Marcus Brinkmann
1c684df5b8 Fix size_t vs int issues. 2011-06-01 21:43:30 +02:00
Werner Koch
f8285f9b00 Add fixme note regarding pth_kill 2011-04-29 16:44:28 +02:00
Werner Koch
817f07173c Fixed regression in OpenPGP secret key export.
The protection used in the exported key used a different iteration
count than given in the S2K field.  Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again.  Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
2011-04-26 20:39:09 +02:00
Werner Koch
4caa768f1d Add OPTION:cache-ttl-opt-preset to gpg-agent.
This option may be used to change the default ttl values use with the
--preset option of GENKEY and PASSWD.
2011-04-21 15:40:48 +02:00
Marcus Brinkmann
70b871abbc Fix gpg-agent secure memory leak in OpenPGP private key import.
2011-04-20  Marcus Brinkmann  <mb@g10code.com>

        * command.c (cmd_import_key): Release key from failed import
        before converting openpgp private key in the openpgp-private-key
        case.
2011-04-20 11:33:09 +02:00
Ben Kibbey
b5f585f7d7 Another PASSWD --preset fix.
Check for an error before presetting the passphrase.
2011-04-18 10:20:36 +02:00
Ben Kibbey
b3c71eb26b Fixed PASSWD --preset.
The previous patch required that the keygrip be cached before adding the
new passphrase to the cache. No more.
2011-04-13 14:15:21 +02:00
Werner Koch
f8c5395fbd Use macros for the 120 and 900s cache TTLs. 2011-04-12 18:20:46 +02:00
Ben Kibbey
a9edbfb3a3 Added PASSWD --preset. 2011-04-12 18:04:53 +02:00
Ben Kibbey
944bf8f5b5 Added GENKEY --preset to add the passphrase of the generated key to the cache. 2011-04-12 18:00:59 +02:00
Ben Kibbey
893b455a3d Added KEYINFO field to show the protection type of a key. This differs from the second field which shows the location of the key. 2011-04-12 17:59:27 +02:00
Werner Koch
b9bcc77d6c Make use of gcry_kdf_derive.
Factoring common code out is always a Good Thing.  Also added a
configure test to print an error if gcry_kdf_derive is missing in
Libgcrypt.
2011-03-10 18:39:34 +01:00
Werner Koch
327af90594 Require libgcrypt 1.5
Without Libgcrypt 1.5 is was not possible to use ECC keys.  ECC is
major new feature and thus it does not make sense to allow building
with an older Libgcrypt without supporting ECC.

Also fixed a few missing prototypes.
2011-03-08 12:23:59 +01:00
Ben Kibbey
3582e2efa4 Added option --inquire to PRESET_PASSPHRASE. Note that the inquired passphrase will be truncated to the first encountered null byte. 2011-03-04 09:39:39 +01:00
Werner Koch
b786f0e12b New agent option pinentry-mode.
This provides the framework and implements the ask, cancel and error.
loopback will be implemented later.
2011-03-03 18:35:08 +01:00
Werner Koch
1c09def22d Fix usage of SHA-2 algorithm with OpenPGP cards.
This was a regression in 2.1 introduced due to having the agent do the
signing in contrast to the old "SCD PKSIGN" command which accesses the
scdaemon directly and passed the hash algorithm.  The hash algorithm
is used by app-openpgp.c only for a sanity check.
2011-03-02 15:35:10 +01:00
Werner Koch
b7f74f5b46 Add comment to last patch. 2011-03-02 09:54:18 +01:00
Ben Kibbey
cb803a4b27 Added option --data to KEYINFO to return the result with a data response. 2011-03-02 09:45:31 +01:00
Ben Kibbey
fa58a834ff Let KEYINFO show the cached status of a key grip. 2011-03-02 09:32:35 +01:00
Werner Koch
528d77a0cc Rename Ben's new option. 2011-03-02 09:11:40 +01:00
Ben Kibbey
0706511b6d Added CLEAR_PASSPHRASE option --agent to search the cache for a cacheid with a mode of CACHE_MODE_NORMAL. These cache modes are created with PKDECRYPT. 2011-03-02 09:08:00 +01:00
Werner Koch
8a7336e0bf Fix ECDSA 521 bit signing.
This fix also allows the creation and use of an 521 bit ECDH key which
used to fail while creating the binding signature.
2011-02-07 14:38:39 +01:00
Werner Koch
b008274afd Nuked almost all trailing white space.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces.  In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much.  For future commits the pre-commit scripts
checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Werner Koch
0b5bcb40cf Finished ECC integration.
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week.  Adjusted my own ChangeLog
entries to be consistent with that entry.

Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future.  "git diff -b" is useful
to read the actual changes ;-).

The ECC-INTEGRATION-2-1 branch can be closed now.
2011-02-03 16:35:33 +01:00
Werner Koch
4659c923a0 Sample ECC keys and message do now work.
Import and export of secret keys does now work.  Encryption has been
fixed to be compatible with the sample messages.

This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
2011-02-02 15:48:54 +01:00
Werner Koch
328a642aa5 Fixed the ECC interface to Libgcrypt to be ABI compatible with the previous version.
Quite some changes were needed but in the end we have less code than
before.  Instead of trying to do everything with MPIs and pass them
back and forth between Libgcrypt and GnuPG, we know use the
S-expression based interface and make heavy use of our opaque MPI
feature.

Encryption, decryption, signing and verification work with
self-generared keys.

Import and export does not yet work; thus it was not possible to check
the test keys at https://sites.google.com/site/brainhub/pgpecckeys .
2011-01-31 15:44:24 +01:00
Werner Koch
0fb0bb8d9a Reworked the ECC changes to better fit into the Libgcrypt API.
See ChangeLog for details.  Key generation, signing and verification works.
Encryption does not yet work.  Requires latest Libgcrypt changes.
2011-01-31 09:27:06 +01:00
Werner Koch
c5e8a4c0fd Merge branch 'master' into ECC-INTEGRATION-2-1 2011-01-24 12:24:11 +01:00
Werner Koch
27929981fc Make most of the selftests work.
Note that there is still a problem with tests/openpgp/sigs.test while
using the option --digest-algo SHA256.
2011-01-21 15:22:41 +01:00
Werner Koch
90b0ff23b7 Editorial changes and allow building with old libgcrypts.
Changed order of some conditional to make to put the special case into
the true branch.  Indentation changes.  Minor other changes to make the
ECC code more similar to the rest of our code.

It builds but many sefltests still fail.  Need to fix that before
using it with an ECDH enabled libgcrypt.

[/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP.
	(HAVE_GCRY_PK_ECDH): Add new test.

[agent/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New.

[include/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros
	because we now require libgcrypt 1.4.6.
	(GCRY_PK_ECDH): Add replacement.
2011-01-21 12:00:57 +01:00
Werner Koch
13acd78a39 Fixed a CR/LF problem on Windows 2011-01-19 18:05:15 +01:00
Andrey Jivsov
b73d8ed06f Fixed key generation with P-521. Confirmed that signature generation and verification work. 2011-01-12 21:14:45 -08:00
Andrey Jivsov
e0972d3d96 Integrating http://code.google.com/p/gnupg-ecc/source/detail?r=15 .
The following works:
   gpg2 --gen-key (ECC)
   gpg2 --list-keys
   gpg2 --list-packets ~/.gnupg/pubring.gpg
   gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys>

ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
2011-01-05 17:33:17 -08:00
Werner Koch
64a786b2d9 Change timer tick interval under Wince 2010-12-02 18:40:03 +00:00
Werner Koch
fcb5f7d08f s/AES/AES128/ in diagnostics and --list-config 2010-12-02 15:49:02 +00:00
Werner Koch
6dda170e32 Remove recently added debug output 2010-12-02 13:53:18 +00:00
Werner Koch
3d9e25e072 Init cache encryption on the fly.
add some debug code
2010-11-29 06:49:44 +00:00
Werner Koch
41a33e0c78 Remove superfluous parameter.
Make self-check interval larger
2010-11-26 09:42:56 +00:00
Werner Koch
b3f9e2130e Change stack size for Wince.
Allow for a longer agent atartup under wince.
Print gpg output via estream.
2010-11-23 18:46:41 +00:00
Werner Koch
2c982dcf86 Fix bug where scdaemon kills a non-daemon gpg-agent. 2010-11-11 15:07:37 +00:00
Werner Koch
dc5150db78 Honor TMPDIR. 2010-10-27 07:37:52 +00:00
Werner Koch
02e4c3cb7e Re-implemented GPG's --passwd command and improved it. 2010-10-26 09:10:29 +00:00
Werner Koch
52cbcd94ac Re-enabled german translation 2010-10-18 14:56:52 +00:00
Werner Koch
6872919efe Fix a signing problem with the card 2010-10-18 12:59:19 +00:00
Werner Koch
764e88d4df All tests work are again working 2010-10-14 16:34:31 +00:00
Werner Koch
fd19a84c80 Some tweaks to the agent startup. 2010-10-14 08:32:55 +00:00
Werner Koch
54591341a4 More agent support for gpg. 2010-10-13 15:57:08 +00:00
Werner Koch
002b30e75c Import fixes.
new otion for watchgnupg
2010-10-06 11:29:10 +00:00
Werner Koch
cc71376bce Don't set SSH_AGENTPID_INFO.
Doc fixes.
Allow TCP and local sockets in watchgnupg.
2010-10-05 19:05:43 +00:00
Werner Koch
bfbd80feb9 Exporting secret keys via gpg-agent is now basically supported.
A couple of forward ported changes.
Doc updates.
2010-10-01 20:33:53 +00:00
Werner Koch
4fdd83b401 Fix standard directories for Wince.
Typo fix.
2010-09-13 10:17:04 +00:00
Werner Koch
90a4599c5e Obscure the cached passphrases. 2010-09-02 10:46:23 +00:00
Werner Koch
a0b9ebfb7d Even less prompts for a new key now. 2010-09-01 12:49:05 +00:00
Werner Koch
31bc3c8edd s/CACHE_MODE_IMPGEN/CACHE_MODE_NONCE/.
Prepare for more use cases of the cache nonce.
2010-09-01 11:07:16 +00:00
Werner Koch
9a9b3da58f Use passphrase caching for import and genkey. 2010-09-01 09:48:35 +00:00
Werner Koch
87fac99112 Import OpenPGP keys into the agent. 2010-08-31 15:58:39 +00:00
Werner Koch
a400cfe14e . 2010-08-26 08:47:42 +00:00
Werner Koch
34dde96669 Fix regression in logging.
Add a registry key to enable catch-all remote debugging for W32.
Replace more stdio stuff by estream.
2010-08-18 19:25:15 +00:00
Werner Koch
d4d61b87f1 Fix dirmngr problems on CE.
Add new dirmngr commands.
Minor other fixes.
2010-08-12 11:43:46 +00:00
Werner Koch
8a61c30207 Pass on comments from SCD. 2010-08-11 13:11:04 +00:00
Werner Koch
e52f93433c Support logging via TCP 2010-08-09 15:40:29 +00:00
Werner Koch
c8bafe218c Fix a regression from 2010-06-09. 2010-06-24 10:51:30 +00:00
Werner Koch
1e7b03ef25 Remove cruft. 2010-06-21 10:04:36 +00:00
Werner Koch
91056b1976 Implement export of pkcs#12 objects using a direct agent connection. 2010-06-21 10:01:24 +00:00
Werner Koch
006fd75aea Avoid using the protect-tool to import pkcs#12. 2010-06-17 15:44:44 +00:00
Werner Koch
c3f08dcb72 Merged Dirmngr with GnuPG.
A few code changes to support dirmngr.
2010-06-09 16:53:51 +00:00
Werner Koch
bbe388b5db Add unfinished gpgtar.
Collected changes and ports of bug fixes from stable.
2010-06-07 13:33:02 +00:00
Werner Koch
f5551672fb Update tests. 2010-05-11 18:00:31 +00:00
Werner Koch
51e2703abe Auto starting the agent does now work on CE. 2010-05-04 15:21:47 +00:00
Werner Koch
8524ac000c auto start the agent if --use-standard-socket is in use. 2010-05-03 15:23:10 +00:00
Werner Koch
5b341a9a47 Ignore a stale agent socket. 2010-04-26 14:51:38 +00:00
Werner Koch
a1412b05de More changes on the way to remove secring.gpg. 2010-04-21 16:26:17 +00:00
Werner Koch
08ee8adc45 Remove dependency to simple-pwquery. 2010-04-14 16:52:02 +00:00
Werner Koch
53c636c4c6 ./autogen.sh --build-w32ce does now succeed. 2010-04-14 14:39:16 +00:00
Werner Koch
31d7bdfe77 Whole lot of changes to support CE. 2010-04-14 11:24:02 +00:00
Werner Koch
e64038608b More chnages to use estream. Add a way to replace the standard
descriptors.
2010-03-22 12:46:05 +00:00
Werner Koch
37870234a1 Use a custom log handler for libassuan. 2010-03-11 12:34:11 +00:00
Werner Koch
d8b1099d01 Merged jnlib into common. 2010-03-10 12:24:58 +00:00
Werner Koch
0e018d7144 Some minor changes and typo fixes.
Started to implement a TCP option in gpg-connect-agent.
2010-02-26 10:52:05 +00:00
Werner Koch
01a571a16b Provide default strings for the pinentry. 2010-02-17 19:03:37 +00:00
Werner Koch
7e97da9127 Fixed a regression introduced with 2.0.14. 2010-01-26 16:15:12 +00:00
Werner Koch
be45bf3d54 Add dummu option --passwd for gpg.
Collected changes.
2010-01-08 19:18:49 +00:00
Werner Koch
34baa18187 Do not use the VMC C reserved word readonly. 2009-12-15 11:03:17 +00:00
Werner Koch
4d693033ab Implement dynamic S2K count computation. 2009-12-14 20:12:56 +00:00
Werner Koch
9a96043be4 Unification of the search descriptor usage. 2009-12-08 16:30:33 +00:00
Marcus Brinkmann
146a4665bb common/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD.

agent/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* call-pinentry.c (start_pinentry): Convert posix fd to assuan fd.
	* call-scd.c (start_scd): Likewise.

sm/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* call-dirmngr.c (start_dirmngr_ext): Convert posix fd to assuan fd.

tools/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (main): Convert posix fd to assuan fd.
2009-12-08 04:43:15 +00:00
Werner Koch
cb5491bfaf support numeric debug levels. 2009-12-03 18:04:40 +00:00
Werner Koch
edd95da365 Fix usage of realloc. 2009-12-02 19:00:10 +00:00
Marcus Brinkmann
e1172f00be 2009-11-27 Marcus Brinkmann <marcus@g10code.de>
* command.c (start_command_handler): Do not call
	assuan_set_log_stream anymore.
	* gpg-agent.c (main): But call assuan_set_assuan_log_stream here.
2009-11-27 19:13:02 +00:00
Marcus Brinkmann
18bdcc0881 agent/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (start_command_handler): Use assuan_fd_t and
	assuan_fdopen on fds.

scd/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (scd_command_handler): Use assuan_fd_t and
	assuan_fdopen on fds.

sm/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on
	fds.

g10/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (gpg_server): Use assuan_fd_t and assuan_fdopen on fds.
2009-11-25 17:58:26 +00:00
Marcus Brinkmann
1d3c39fd7b agent/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not
	assuan_pipe_connect_ext.
	* command.c (start_command_handler): Change
	assuan_init_socket_server_ext into assuan_init_socket_server.
	* call-scd.c (start_scd): Update use of assuan_socket_connect and
	assuan_pipe_connect.
	* gpg-agent.c (check_own_socket_thread, check_for_running_agent):
	Update use of assuan_socket_connect.

common/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent): Update use of
	assuan_socket_connect and assuan_pipe_connect.

scd/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (scd_command_handler): Call assuan_init_socket_server,
	not assuan_init_socket_server_ext.

sm/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* call-dirmngr.c (start_dirmngr_ext): Update use of
	assuan_pipe_connect and assuan_socket_connect.

tools/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (start_agent): Update use of
	assuan_socket_connect and assuan_pipe_connect.
2009-11-05 12:06:45 +00:00
Werner Koch
0781afbd9e Add help strings for all commands. 2009-11-04 11:58:06 +00:00
Werner Koch
8e8368b00e Adjust for assuan_register_command change. 2009-11-04 10:06:38 +00:00
Marcus Brinkmann
717c38381a agent/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (reset_notify): Take LINE arg and return error.
	(register_commands): Use assuan_handler_t type.

common/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
	type to gpg_error_t.

g10/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (reset_notify, input_notify, output_notify): Update to
	new assuan interface.
	(register_commands): Use assuan_handler_t.

scd/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (reset_notify): Take LINE arg and return error.
	(register_commands): Use assuan_handler_t type.

sm/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (reset_notify, input_notify, output_notify): Update to
	new assuan interface.
	(register_commands): Use assuan_handler_t.
	* call-agent.c (membuf_data_cb, default_inq_cb)
	(inq_ciphertext_cb, scd_serialno_status_cb)
	(scd_keypairinfo_status_cb, istrusted_status_cb)
	(learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.
2009-11-02 17:47:11 +00:00
Marcus Brinkmann
de563fdeb5 2009-10-16 Marcus Brinkmann <marcus@g10code.com>
* configure.ac: Check for libassuan instead of libassuan-pth.

common/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead
	of LIBASSUAN_PTH_CFLAGS.

scd/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* AM_CFLAGS, scdaemon_LDADD: Use libassuan instead of libassuan-pth.
	* scdaemon.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
	(main): Call assuan_set_system_hooks and assuan_sock_init.

g13/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* AM_CFLAGS, g13_LDADD: Use libassuan instead of libassuan-pth.
	* g13.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
	(main): Call assuan_set_system_hooks.

agent/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* gpg_agent_CFLAGS, gpg_agent_LDADD: Use libassuan instead of
	libassuan-pth.
	* gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
	(main): Call assuan_set_system_hooks and assuan_sock_init.
	Fix invocation of assuan_socket_connect.
2009-10-16 18:35:03 +00:00
Werner Koch
1d0e9816e4 s/DOTLOCK/dotlock_t/.
Add some stuff for g13.
2009-09-23 10:28:41 +00:00
Marcus Brinkmann
3974488cd1 2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
	Update to new API (2, 1.1.0).

agent/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-agent.c (parse_rereadable_options): Don't set global assuan
	log file (there ain't one anymore).
	(main): Update to new API.
	(check_own_socket_pid_cb): Return gpg_error_t instead of int.
	(check_own_socket_thread, check_for_running_agent): Create assuan
	context before connecting to server.
	* command.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(write_and_clear_outbuf): Use gpg_error_t instead of
	assuan_error_t.
	(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
	(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
	(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
	(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
	(cmd_get_confirmation, cmd_learn, cmd_passwd)
	(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
	(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
	(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
	(post_cmd_notify): Change type of ERR to gpg_error_t from int.
	(io_monitor): Add hook argument.  Use symbols for constants.
	(register_commands): Change return type of HANDLER to gpg_error_t.
	(start_command_handler): Allocate assuan context before starting
	server.
	* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
	of GPG_ERR_SOURCE_DEFAULT check.
	(unlock_pinentry): Call assuan_release instead of
	assuan_disconnect.
	(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
	(start_pinentry): Allocate assuan context before connecting to
	server.
	* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
	(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
	(pass_data_thru): Change return type to gpg_error_t.
	(start_scd): Allocate assuan context before connecting to server.

common/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent): Allocate assuan context before
	starting server.

g10/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
	(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
	(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
	int.
	* gpg.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(main): Update to new Assuan API.
	* server.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
	(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
	(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
	(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
	instead of int.
	(register_commands): Allocate assuan context before starting
	server.
	(gpg_server): Allocate assuan_context before starting server.

scd/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* command.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
	(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
	(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
	(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
	(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
	(cmd_killscd): Return gpg_error_t instead of int.
	(scd_command_handler): Allocate assuan context before starting server.
	* scdaemon.c (main): Update to new Assuan API.

sm/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpgsm.c (main): Update to new assuan API.
	* server.c: Include "gpgsm.h" before <assuan.h> due to check for
	GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
	(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
	(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
	(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
	(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
	(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
	(register_commands): Same for member HANDLER in table.
	(gpgsm_server): Allocate assuan context before starting server.
	* sm/call-dirmngr.c:
	* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
	setting LDAPSERVER.
	(start_dirmngr_ext): Allocate assuan context before starting
	server.
	(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
	(run_command_cb, run_command_inq_cb, run_command_status_cb):
	Return gpg_error_t instead of int.

tools/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
	(main): Update to new Assuan API.
2009-09-23 00:01:25 +00:00
Marcus Brinkmann
8cdc6e85ec 2009-09-04 Marcus Brinkmann <marcus@g10code.com>
* command.c (start_command_handler): Add comment about gap in
	implementation (in dead code), for future reference.
2009-09-04 17:39:50 +00:00
Werner Koch
25659d66f1 Ask to insert the right OpenPGP card. 2009-08-11 10:56:44 +00:00
Werner Koch
0792525d22 Make bug reporting address easier changeable. 2009-07-21 14:21:05 +00:00
Werner Koch
2193992559 Impleemned gpgsm's IMPORT --re-import feature.
Typo fix.
2009-07-07 16:52:12 +00:00
Werner Koch
f6f5430e50 Reworked passing of envars to Pinentry. 2009-07-07 10:02:41 +00:00
Werner Koch
2e0ce7d97f Fixed a bunch of little bugs as reported by Fabian Keil.
Still one problem left; marked with a gcc #warning.
2009-06-24 14:03:09 +00:00
Werner Koch
e05aeca87b Post release updates 2009-06-17 11:57:24 +00:00
Werner Koch
aa03d8f184 Use cancel button in confirmation only if requested. 2009-06-17 10:19:50 +00:00
Werner Koch
bdbeb0ac2b app-openpgp changes 2009-06-09 19:11:28 +00:00
Werner Koch
227d6626b0 Fix last change 2009-06-05 20:51:52 +00:00
Werner Koch
dac70ca2fd Fixed an fopen problem on Windows Vista. 2009-06-03 17:24:24 +00:00
Werner Koch
323cca8041 Fix for bug#1066.
A couple of minor changes.
2009-06-02 15:46:59 +00:00
Werner Koch
4fa261f8ec Fix possible system freeze on Mac OS X. 2009-05-19 22:39:45 +00:00
Werner Koch
002f51031a Fix bug #1053
Add option --qualitybar to command GET_PASSPHRASE.
2009-05-15 11:16:28 +00:00
Marcus Brinkmann
6763dd76e0 2009-04-14 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (agent_get_confirmation): Try SETNOTOK command
	with pinentry.
2009-04-14 20:36:14 +00:00
Werner Koch
0b99639624 Ported changes from 1.4. 2009-04-01 13:23:27 +00:00
Werner Koch
f8b4cd7650 Import/export of pkcs#12 now uses the gpg-agent directly.
Removed duplicated code (percent unescaping).
2009-04-01 10:51:53 +00:00
Werner Koch
98e1a75e20 Implement decryption for TCOS 3 cards. 2009-03-30 12:46:06 +00:00
Werner Koch
990585ad7d Signing using Netkey 3 cards does now work. 2009-03-26 19:27:04 +00:00
Werner Koch
6e63e54b00 Fixed a trustlist update problem.
Pretty format the marktrusted pinentry prompt.
2009-03-26 11:33:53 +00:00
Werner Koch
ceb42db4dd Print NO_SECKEY status line in gpgsm.
This fixes bug#1020.
2009-03-25 16:05:16 +00:00
Werner Koch
6dc17a2b4d log file fixes. 2009-03-25 14:58:31 +00:00
Werner Koch
36d681d98e Fix keygrip computation for TCOS 3 cards.
Emit PROGRESS status lines during --learn-card.
2009-03-20 19:04:47 +00:00
Werner Koch
c2c3cf4be1 Changed order of the confirmation questions for root certificates
and stores negative answers in trustlist.txt.
2009-03-19 10:21:51 +00:00
Werner Koch
588a7c34bb Make sure not to leak file descriptors if running gpg-agent with a
command.  Restore the signal mask to solve a problem in Mono.
2009-03-19 07:09:31 +00:00
Werner Koch
370f841a01 Enhanced last patch. 2009-03-17 17:59:36 +00:00
Werner Koch
6e7c855d98 Move password repetition from gpg to gpg-agent. 2009-03-17 12:13:32 +00:00
Werner Koch
a9c317a95c New gpg-agent command to list key information.
Gpgsm does now print the S/N of cards.
Consider ephemeral keys during listing an export.
2009-03-06 17:31:27 +00:00
Werner Koch
59d7a54e72 New PIN Callback attributes in gpg-agent.
Common prompts for keypad and simple card reader.
More support for Netkey cards;  PIN management works now.
2009-03-05 19:19:37 +00:00
Werner Koch
c20b3db108 Add --reload command to gpgconf.
Fix a problem in exechelp.c
Get ready for a release.
2009-03-03 09:02:58 +00:00
Werner Koch
b61b2f542a Add missing option strings. 2009-03-02 12:32:54 +00:00
Werner Koch
596a2237c7 Fix bug#1003. 2009-03-02 10:26:37 +00:00
Werner Koch
618afc4231 Fixed a nasty bug in scdaemon which led to a card reset if the card was
inserted  during scdaemon startup and a connection was made before the
ticker had a chance to run.  Add some stuff for better debugging.
2009-02-25 10:58:56 +00:00
Werner Koch
7bd2e417d1 Fixed some card related problems. 2008-12-18 16:34:28 +00:00
Werner Koch
6a09ba60cc Fix signal handling race condition. 2008-12-17 19:42:17 +00:00
Werner Koch
c3752d1057 Add option --no-ask for GET_PASSPHRASE. 2008-12-10 12:41:15 +00:00
Werner Koch
de9cc953af Preparing a release candidate. 2008-12-09 11:54:40 +00:00
Werner Koch
382d2f8efb Minor fixes. 2008-12-09 08:58:02 +00:00
Werner Koch
78ff45c49e Align ticker to the full or half second. 2008-12-08 19:10:42 +00:00
Werner Koch
041c764672 Add option --card-timeout.
Add a new attribyte to app-openpgp.c
Fix two portability bugs.
Have gpg-connect-agent autostart gpg-agent on W32.
2008-12-05 12:01:01 +00:00
Werner Koch
5dc1c18c3a Print library versions according to GNU standards. 2008-11-18 18:01:03 +00:00
Werner Koch
aec79fc731 Minor cleanups. 2008-11-11 08:22:06 +00:00
Werner Koch
8997c155e3 Check that the socket is well and served by us. 2008-10-29 17:24:27 +00:00
Werner Koch
0a5f742466 Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
Werner Koch
0698c5169f Use more warning options with modern GCCs.
Other minor changes.
2008-10-17 19:18:46 +00:00
Werner Koch
b519a52cea Made scdaemon more robust on Windows. 2008-10-15 13:23:10 +00:00
Werner Koch
d0ca953014 SCD changes for PC/SC under W32. 2008-10-14 18:18:21 +00:00
Werner Koch
7d63aa42e5 Remove hacks which are not anymore needed since we now require Libgcrypt 1.4 2008-09-29 15:02:55 +00:00
Werner Koch
96f16f736e Finished support for v2 cards with the exception of secure messaging. 2008-09-25 10:06:02 +00:00
Werner Koch
f899b9683b Support the Certifciate DO of the v2 OpenPGP cards. 2008-09-23 09:57:45 +00:00
Werner Koch
5a8bf0bec6 Fix gpg-preset-passphrase bug.
Cleanups
2008-09-03 09:37:32 +00:00
Werner Koch
49b2db7636 Changes the header presented before requesting the user ID. 2008-06-01 19:44:05 +00:00
Werner Koch
138bf2dc15 Fixed segv in gpg-agent (command marktrusted).
Replaced almost all free by xfree.
Translation fixes.
2008-05-27 12:03:50 +00:00
Werner Koch
c2a8254be7 Fix a bug in the ambigious name detection.
Minor cleanups.
2008-03-20 15:31:43 +00:00
Werner Koch
30a97e770c Poems for AllowSetForegroundWindow (W32) 2008-02-14 19:50:10 +00:00
Marcus Brinkmann
a8fb3559b1 2008-01-15 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (start_pinentry): Start pinentry in detached
	mode.
2008-01-15 16:06:08 +00:00
Werner Koch
63ec0b271c Created help files form the current po entries. 2007-12-04 15:00:14 +00:00
Werner Koch
8c20500a5d Allow configuraton of pinentry tooltip.
Other minor buf fixes.
2007-12-04 11:23:31 +00:00
Werner Koch
5887cffd60 Fixed testing for an alive ssh standard socket. 2007-12-03 14:02:06 +00:00
Werner Koch
598a3d0ab4 [W32] Changed default socket for dirmngr.
[W32] Add some code for event notifications 
      between scdaemon and gpg-agent.
2007-11-27 08:01:19 +00:00
Werner Koch
55ba204bfa Started to implement the audit log feature.
Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry.
Improved support for the quality bar.
Minor internal restructuring.
Translation fixes.
2007-11-19 16:03:50 +00:00
Werner Koch
fd5e7d44f3 Changed wording of passphrase checking messages.
Fixed a segv in gpg-connect-agent.
2007-10-24 08:06:16 +00:00
Werner Koch
c12ce55b25 Factored utf8 switching code out to i18n.c. 2007-10-19 15:58:38 +00:00
Werner Koch
917ee1d5fd 2007-10-15 Daiki Ueno <ueno@unixuser.org> (wk)
* command-ssh.c (reenter_compare_cb): New function; imported from
	genkey.c.
	(ssh_identity_register): Ask initial passphrase twice.
2007-10-15 14:50:07 +00:00
Werner Koch
ed7d2d72c6 Extended gpg-connect-agent.
New "GETINFO pid" command for scdaemon and gpg-agent.
2007-10-02 16:30:58 +00:00
Werner Koch
31c19d1d68 Use Assuan socket wrapper calls.
Made socket servers secure under Windows.
2007-10-01 14:48:39 +00:00
Werner Koch
a6b11ea482 Support the SETQUALITYBAR command of recent pinentries. 2007-09-18 11:40:09 +00:00
Marcus Brinkmann
58278955a7 2007-09-14 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (agent_popup_message_stop): Implement kill for
	Windows.
2007-09-14 14:25:02 +00:00
Werner Koch
19009f9959 Print used library version with --version.
Typo fixes
2007-09-14 13:38:36 +00:00
Werner Koch
b13587ef16 New command --check-programs for gpgconf. 2007-08-29 09:51:37 +00:00
Werner Koch
f268889b8f Add more passphrase policy rules.
(--max-passphrase-days).
2007-08-28 17:48:13 +00:00
Werner Koch
15d0cb42a1 Implemented more gpg-agen options to support certain passphrase policies.
New tool gpg-check-pattern.
2007-08-27 18:10:27 +00:00
Werner Koch
84efbe69c7 Fixed creation of private keys under W32.
Minor code cleanups.
2007-08-22 20:36:33 +00:00
Werner Koch
f81f521a72 Updated estream.
More changes for Windows.
2007-08-22 10:55:07 +00:00
Werner Koch
74d344a521 Implemented the chain model for X.509 validation. 2007-08-10 16:52:05 +00:00
Werner Koch
ebd36b6344 Factored common gpgconf constants out
Fixed W32 compare_filenames
2007-08-02 18:12:43 +00:00
Werner Koch
11573b09c4 Typo fixes.
Made --default-key work for gpgsm
Add --default-key and --encrypt-to to gpgconf.
2007-07-17 18:11:24 +00:00
Werner Koch
bce4ea798a Properly close files opened by es_fopen.
Allow setting of an empty passphrase.
Assorted W32 changes.
2007-07-16 09:53:47 +00:00