* agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
(opts): Add --no-allow-loopback-pinentry. Hide
description of --allow-loopback-pinentry.
(parse_rereadable_options): Set opt.allow_loopback_pinentry by
default.
(main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
in the gpgconf list.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
--
Given that a user can anyway change that options in the gpg-agent.conf
file and that gpg needs to be invoked with --pinentry-mode=loopback
the former default does not make much sense - in that option is useful
at all. There was a discussion of this topic on gnupg-devel in April
without a clear result. So we try this new default and just in case
real problems are found for the majority of installations, we can
revert that. The new default is also aligned with GnuPG's policy to
make its use easier and only require users with very high security
standards to tweak certain options (those users have anyway modeled
their threat model and configured their software according to this).
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_TOFU_USER, STATUS_TOFU_STATS)
(STATUS_TOFU_STATS_SHORT, STATUS_TOFU_STATS_LONG): New.
* g10/tofu.c (NO_WARNING_THRESHOLD): New.
(record_binding, tofu_register): Take care of --dry-run.
(show_statistics): Print STATUS_TOFU_USER. Reformat some messages.
Fix the ngettext/strcmp thing. Use log_string instead of log_info.
Use NO_WARNING_THRESHOLD constant.
(get_trust): Use format_text and print a compact fingerprint.
--
The use of log_string makes long messages better readable; instead of
gpg: Warning: if you think you've seen more[...]
key, then this key might be a forgery! Car[...]
address for small variations. If the key i[...]
we now have
gpg: Warning: if you think you've seen more[...]
key, then this key might be a forgery![...]
address for small variations. If the [...]
We also put the key information after the message and not between the
user id and the last used info like here:
gpg: Verified 7 messages signed by "Werner Koch <werner@eifzilla.de>"
in the past 4 days, 16 hours.
The most recent message was verified 3 days, 13 hours ago.
(key: 8061 5870 F5BA D690 3336 [...] 1E42 B367, policy: auto)
This also makes the key info a separate translatable string.
Further a compact version of the fingerprint (hex w/o spaces) is
printed in some messages.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (string_to_long): New.
(string_to_ulong): New.
(get_single_unsigned_long_cb): Replace strtol/strtoul by new function.
(get_single_long_cb): Ditto.
(signature_stats_collect_cb): Ditto.
(get_policy): Ditto.
(show_statistics): Ditto. Uese es_free instead of free.
--
There is one minor semantic change: We now accept "nnn.0" always. The
old code did not checked for ".0: in show_statistics.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.c (bug_at): Do not i18n the string.
(_log_assert): New.
* common/logging.h (log_assert): Use new function and pass line
information.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method. Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt): Add field 'with_wkd_hash'.
(AKL_WKD): New.
* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--
The Web Key Directory is an experimental feature to retrieve a key via
https. It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.
For example the URI to lookup the key for Joe.Doe@Example.ORG is:
https://example.org/.well-known/openpgpkey/
hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q
(line has been wrapped for rendering purposes). The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part. The
address wk@gnupg.org can be used for testing.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New.
* dirmngr/http.c (http_session_new): Add arg "flags".
* dirmngr/ks-engine-hkp.c (send_request): Use new flag
HTTP_FLAG_TRUST_DEF for the new arg of http_session_new.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http.c (main): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/private-keys.c (my_error_from_syserror): New. Use it in
place of gpg_error_from_syserror.
(_pkc_add, pkc_lookup, pke_next_value): Use ascii_strcasecmp.
(pkc_parse): Use xtrystrdup and append_to_strlist_try as intended.
(_pkc_add): Add braces around if-statement.
--
We should have a macro so that we do not need to define a wrapper
function like my_error_from_syserror in files where it is needed. I
am not sure about a proper name, "my_" seems to be the easiest
replacement. Note that the global DEFAULT_ERRSOURCE is relatively new
to replace the need to convey the error source in function calls; we
want that function from common/ return the error source of the main
binary.
We require that a key is ASCII and thus we better use ascii_strcasecmp
to avoid problems with strange locales.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/miscellaneous.c (xoutofcore): New.
* common/strlist.c (append_to_strlist): Use instead of abort.
(append_to_strlist_try): Use xtrymalloc instead of xmalloc.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/findkey.c (write_extended_private_key): New function.
(agent_write_private_key): Detect if an existing file is in extended
format and update the key within if it is.
(read_key_file): Handle the new format.
* agent/keyformat.txt: Document the new format.
* common/Makefile.am: Add the new files.
* common/private-keys.c: New file.
* common/private-keys.h: Likewise.
* common/t-private-keys.c: Likewise.
* common/util.h (alphap, alnump): New macros.
* tests/migrations: Add test demonstrating that we can cope with the
new format.
--
GnuPG 2.3+ will use a new format to store private keys that is both
more flexible and easier to read and edit by human beings. The new
format stores name,value-pairs using the common mail and http header
convention.
This patch adds the parser and support code and prepares GnuPG 2.1 for
the new format.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/strlist.c (append_to_strlist): Use the new function.
(append_to_strlist_try): New function.
* common/strlist.h (append_to_strlist_try): New prototype.
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac: Do nor require libiconv for W32.
* common/utf8conv.c [W32]: Do not incluce iconv.h. Request
libgpg-error iconv macros.
(jnlib_iconv): Use ICONV_CONST macro.
* build-aux/speedo/w32/inst.nsi [!WITH_GUI]: Do not install libiconv.
* build-aux/speedo.mk (speedo_spkgs) [!WITH_GUI]: Likewise.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (create_private_keys_directory): Set permissions.
* common/sysutils.c (modestr_to_mode): New function.
(gnupg_mkdir): Use new function.
(gnupg_chmod): New function.
* common/sysutils.h (gnupg_chmod): New prototype.
* tests/migrations/from-classic.test: Test migration with existing
directory.
GnuPG-bug-id: 2312
Signed-off-by: Justus Winter <justus@g10code.com>
* build-aux/speedo.mk: Change sqlite to use our mirror and the
swdb.lst file.
* build-aux/speedo/w32/inst.nsi: gpg is now build and installed as
gpg.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-http.c (ks_hkp_help): Only print https if tls
is supported.
--
Wrong reporting was pointed out by K_F. Check is the same as
in ks-engine-hkp.c
--
With commit b3378b3a56 from July 2014 we
use strconcat instead of sprintf for the string and thus we need to
remove one level of percent escaping.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/protect.c (do_encryption): Fix CBC hashing.
--
The buggy code included an extra closing parenthesis before
the (protected-at) term in the CBC hashing. We now do it by
explicitly hashing the protected stuff and append the rest of the
expression instead of a fixed closing parenthesis. Note that the OCB
hashing only differs that it does no include the protected part.
Fixes-commit: 4159567f7e
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
agent_unprotect.
(main): Allocate a simple CTRL object and pass it to
read_and_unprotect.
(convert_from_openpgp_native): Remove stub.
(agent_key_available, agent_get_cache): New stubs.
(agent_askpin): New emulation for the one in call-pinentry.c.
(agent_write_private_key): New to dump key.
* agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/protect.c (agent_protect): Add arg use_ocb. Change all caller
to pass -1 for default.
* agent/protect-tool.c: New option --debug-use-ocb.
(oDebugUseOCB): New.
(opt_debug_use_ocb): New.
(main): Set option.
(read_and_protect): Implement option.
* agent/protect.c (OCB_MODE_SUPPORTED): New macro.
(PROT_DEFAULT_TO_OCB): New macro.
(do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
and timestamp_exp_len. Implement OCB.
(agent_protect): Change to support OCB.
(do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
Implement OCB.
(merge_lists): Allow NULL for sha1hash.
(agent_unprotect): Change to support OCB.
(agent_private_key_type): Remove debug output.
--
Instead of using the old OpenPGP way of appending a hash of the
plaintext and encrypt that along with the plaintext, the new scheme
uses a proper authenticated encryption mode. See keyformat.txt for a
description. Libgcrypt 1.7 is required.
This mode is not yet enabled because there would be no way to return
to an older GnuPG version. To test the new scheme use
gpg-protect-tool:
./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key
./gpg-protect-tool -av -P abc -u <prot.key
Any key from the private key storage should work.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/build-packet.c (do_key): Do not use the header length specified
by the public key packet from the keyring, but let 'write_header2'
compute the required length.
--
Specifically exporting RSA keys of length 1024 failed, as the encoded
public key packet requires 141 bytes a length that fits into one byte,
but the secret key is significantly larger, making the export fail.
GnuPG-bug-id: 2307
Signed-off-by: Justus Winter <justus@g10code.com>