1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

363 Commits

Author SHA1 Message Date
Werner Koch
959cd8903f
common: Add string operator gt,ge,le,lt to recsel.
* common/recsel.c (recsel_parse_expr): Add them.
(recsel_dump): Print them.
(recsel_select): Evaluate them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 09:52:04 +02:00
Werner Koch
2aa0701013
common: Add a default socket name feature.
* common/logging.c (log_set_socket_dir_cb): New.
(socket_dir_cb): New.
(set_file_fd): Allow "socket://".
(fun_writer): Implement default socket name.
* common/init.c (_init_common_subsystems): Register default socket.
--

This change allows the use of

log-file socket://

in any configuration file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-29 11:51:00 +02:00
Werner Koch
1b55e86442
gpg: Add import filter "drop-sig".
* g10/import.c (import_drop_sig): New variable.
(cleanup_import_globals): Release that.
(parse_and_set_import_filter): Add filter "drop-sig".
(filter_getval): Implement properties for drop-sig.
(apply_drop_sig_filter): New.
(import_one): Apply that filter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 16:15:49 +02:00
Werner Koch
d25db3c903
doc: Add comments on how to parse --list-colons output.
--

GnuPG-bug-id: 2437
2016-08-18 12:41:55 +02:00
Werner Koch
de6e3217cd
gpg: New option --sender
* g10/options.h (struct opt): Add field 'sender_list'.
* g10/gpg.c: Include mbox-util.h.
(oSender): New.
(opts): Add option "--sender".
(main): Parse option.
--

This option will eventually be used for more advanced purposes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 10:08:34 +02:00
Werner Koch
70b5d7c43a
gpg: New option --input-size-hint.
* g10/options.h: Include stdint.h.
(struct opt): Add field 'input_size_hint'.
* g10/gpg.c (oInputSizeHint): New.
(opts): Add --input-size-hint.
(main): Set opt.input_size_hint.
* g10/progress.c (write_status_progress): Use the hint.
--

This is a prerequisite to fix
GnuPG-bug-id: 2368

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-11 21:32:55 +02:00
Werner Koch
5b59999ce0
gpg: Remove tofu database format "split".
* g10/options.h (struct opt): Remove field tofu_db_format.
* g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and
tofu.batch_update_started.
* g10/gpg.c (parse_tofu_db_format): Remove.
(main): Make option --tofu-db-format obsolete.
* g10/tofu.c: Major rework.  Remove the pretty complicated and slower
split format and with that all the caching.  Use the dbs struct
directly.  Move global vars for batch update into CTRL.  Change
calling conventions of some function to take CTRL or DBS pointers
instead of  the former low-level database pointer.
--

The split database format might have been nice for use with Unison but
it bypasses the concept of a relational database by doing parts of
this itself and also risking deadlocks.  Working with the Tofu
database for debugging or experiments is also not possible with parts
of the database logic implemented in gpg.

The Tofu support is quite new and we can assume that it is not in real
use now.  Thus we better remove that now so that we do not need to
maintain it for all future.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-10 16:55:04 +02:00
Daniel Kahn Gillmor
c9387e41db
gpg: Avoid publishing the GnuPG version by default
* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version

--

The version of GnuPG in use is not particularly helpful.  It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.

Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.

It's probably better to take the more parsimonious approach to
metadata production by default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-05 12:23:04 +02:00
Werner Koch
54a1ed20e2
gpg: Always print the fingerprint in colons mode.
* g10/keylist.c (list_keyblock_colon): Remove arg FPR.  Always print
fingerprint records.  For secret keys always print keygrip records.
--

The fingerprint should always be used thus we should always print it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-04 15:01:52 +02:00
Daniel Kahn Gillmor
dc107b7850 More cleanup of "allow to".
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
  common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
  dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
  doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
  doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
  g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
  m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
  po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
  po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
  po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
  po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
  scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
  sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
  with clearer text.

In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something.  When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.

These changes should make the language a bit clearer.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-03 16:55:33 +02:00
Daniel Kahn Gillmor
cd45cf782b Fix spelling and grammar.
* agent/learncard.c: s/coccured/occurred/
* doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/,
  s/reponses/responses/i
* doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows
  to" to more conventional english usage.
* doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm,
  tests/openpgp/armor.test: s/occured/occurred/
* tools/gpgsplit.c: s/calcualting/calculating/
* sm/server.c: s/formated/formatted/

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-03 16:54:01 +02:00
Werner Koch
1e9bc66a9a
gpg: Remove options --print-dane-records and --print-pka-records.
* g10/gpg.c (main): Remove options but print a dedicated warning.
* g10/options.h (struct opt): Remove fields 'print_dane_records' and
'print_pka_records'.
* g10/keylist.c (list_keyblock): Do not call list_keyblock_pka.
(list_keyblock_pka): Remove.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 15:19:36 +02:00
Werner Koch
6cb373f37b
doc: Update import-export description.
--
2016-07-12 16:11:20 +02:00
Werner Koch
cbe467e794
gpg: Add export options "export-pka" and "export-dane".
* g10/options.h (EXPORT_PKA_FORMAT): New.
* g10/keylist.c (list_keyblock_pka): Do not use DANE flag.
* g10/export.c: Include zb32.h.
(parse_export_options): Add options "export-pka" and "export-dane".
(do_export): Do not armor if either of these option is set.
(print_pka_or_dane_records): New.
(do_export_stream): Implement new options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-07 17:35:20 +02:00
Werner Koch
a479804c86
gpg: New options --recipient-file and --hidden-recipient-file.
* g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New.
(opts): Add options --recipient-file and --hidden-recipient-file.
(main): Implement them.  Also remove duplicate code from similar
options.
* g10/keydb.h (PK_LIST_FROM_FILE): New.
(PK_LIST_SHIFT): Bump up.
* g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE.
(find_and_check_key): Add and implement arg FROM_FILE.
(build_pk_list): Pass new value for new arg.
* g10/getkey.c (get_pubkey_fromfile): New.
* g10/gpgv.c (read_key_from_file): New stub.
* g10/test-stubs.c (read_key_from_file): New stub.
* g10/server.c (cmd_recipient): Add flag --file.
* g10/import.c (read_key_from_file): New.

* tests/openpgp/defs.scm (key-file1): New.
(key-file2): New.
* tests/openpgp/setup.scm: Add their private keys and import the
key-file1.
* tests/openpgp/encrypt.scm: Add new test.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:35:19 +02:00
Werner Koch
073be51a86
gpg: New option --no-keyring.
* g10/gpg.c (oNoKeyring): New.
(opts): Add "--no-keyring".
(main): Do not register any keyring if the option is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:33:53 +02:00
Werner Koch
442efa9b3f
doc: Describe filter expressions.
* doc/gpg.texi: Remove some superfluous .E.
(FILTER EXPRESSIONS): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-02 16:18:50 +02:00
Werner Koch
7bfc86c938
gpg: New option --export-filter
* g10/gpg.c (oExportFilter): New.
(opts): Add --export-filter.
(main): Handle option.
* g10/export.c: Include recsel.h, init.h, and mbox-util.h.
(export_keep_uid): New global var.
(cleanup_export_globals): New.
(parse_and_set_export_filter): New.
(filter_getval): New.
(apply_keep_uid_filter): New.
(do_export_stream): Apply filter if set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-01 16:50:12 +02:00
Werner Koch
5137bf73cc
gpg: New option --import-filter
* g10/gpg.c (oImportFilter): New.
(opts): Add --import-filter.
(main): Handle option.
* g10/import.c: Include recsel.h, init.h, and mbox-util.h.
(import_keep_uid): New global var.
(cleanup_import_globals): New.
(parse_and_set_import_filter): New.
(filter_getval): New.
(apply_keep_uid_filter): New.
(import_one): Apply filter if set.
--

Funny new option.  It can for example be used to export a key with
only one user id:

  gpg --no-options --import --import-options import-export \
      --import-filter keep-uid='mbox=wk@gnupg.org'         \
     < full-key.pub > key-with-one-uid.pub

More features will eventually be added.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-01 16:28:29 +02:00
Daniel Kahn Gillmor
55d112eeb0
g10: Implement gpg --quick-revuid
* g10/revoke.c (get_default_uid_revocation_reason): New.
* g10/keyedit.c (menu_revuid): Break out creation of uid revocation
into new function core_revuid.
* g10/keyedit.c (keyedit_quick_revuid): New. Selects key and
uid, invokes core_revuid.
* g10/gpg.c (main): Handle --quick-revuid argument.
* doc/gpg.texi: Document --quick-revuid.

--

This functionality is a counterpart to --quick-adduid, and will be
useful for projects that depend programmatically on gpg to revoke user
IDs (one such example is "monkeysphere-host revoke-servicename").

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

- Minor re-indentation work.
- Changed a "0 == memcmp" to "!memcmp"
- Removed tests/openpgp/quick-key-manipulation.test from the
  Makefile.  This test needs to be converted to gpgscm.
- Removed example from whats-new-in-2.1.txt because that is generated.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-30 11:45:13 +02:00
Werner Koch
7bca3be65e
gpg: New import option "import-export".
* g10/import.c (parse_import_options): Add option "import-export".
(write_keyblock_to_output): New.
(import_one): Implement option.
--

We are now in the import export business.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-24 13:11:37 +02:00
Werner Koch
1e5959ec05
gpg: New import option "import-show".
* g10/options.h (IMPORT_SHOW): New.
* g10/import.c (parse_import_options): Add "import-show".
(import_one): Implement that.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 20:01:15 +02:00
Werner Koch
ee2d9061d7
gpg: New option --rfc4880bis.
* g10/options.h (struct opt): Add field flags.rfc4880bis.
* g10/gpg.c (oRFC4880bis): new.
(opts): add --rfc4880bis.
(main): Implement that and print a warning.
--

This is option enables experimental features which may be dropped or
changed with the next release.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-20 23:59:18 +02:00
Werner Koch
aece9e87f3
doc: Add more strong hints towards --with-colons.
--
2016-06-16 19:53:14 +02:00
Werner Koch
2423238ee4
doc: Add files and envvars to a new index.
* doc/gnupg.texi: Define new index "ef".
(Environment Index): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-14 14:58:00 +02:00
Werner Koch
9e126af215
gpg: Un-deprecate option --auto-key-retrieve.
* g10/gpg.c (main): Remove deprecation warning.
--

Most options for the keyserver have been moved to dirmngr and thus it
does not make sense to favor "--keyserver-options auto-key-retrieve"
over the direct options --auto-key-retrieve and --no-auto-key-retrieve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 11:32:38 +02:00
Werner Koch
61e7fd68c0
gpg: New option --disable-signer-uid, create Signer's UID sub-packet.
* g10/gpg.c (oDisableSignerUID): New.
(opts): New option '--disable-signer-uid'.
(main): Set option.
* g10/options.h (opt): Add field flags.disable_signer_uid.
* g10/sign.c: Include mbox-util.h.
(mk_notation_policy_etc): Embed the signer's uid.
* g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key
retrieval if --disable-signer-uid is used.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 11:24:09 +02:00
Werner Koch
1d1cb86694
gpg: Add option --with-subkey-fingerprint.
* g10/gpg.c (oWithSubkeyFingerprint): New.
(opts): Add --with-subkey-fingerprint[s].
(main): Set that option.
* g10/options.h (struct opt): Add 'with_subkey_fingerprint'.
* g10/keylist.c (list_keyblock_print): Print subkey fingerprint.
(print_fingerprint): Tweak printing to use compact format if
desirable.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 16:56:18 +02:00
Werner Koch
b047388d57
gpg: Implement --keyid-format=none.
* g10/gpg.c (main): Add option "none" to --keyid-format.
* g10/options.h (KF_NONE): New.
* g10/keyid.c (format_keyid): Implement that.
(keystr): Use format "long" is KF_NONE is in use.
(keystr_with_sub): Ditto.
* g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE.
Factor some code out to ...
(print_key_line): new.
(print_fingerprint): Add mode 20.
* g10/mainproc.c (list_node): Use print_key_line.  Replace MAINKEY by
flags.primary in the PK.  Fix putting a " revoked..." string into the
colons format.
* g10/pkclist.c (do_edit_ownertrust): Use print_key_line.  This
slightly changes the putput format.
* g10/revoke.c (gen_standard_revoke): Use print_key_line.  This may
also put "expires: " into the output.
--

Due to user experience problems with the keyid and we better allow to
show the fingerprint instead.  Note that we do not support v3 keys
anymore and thus there is no technical need for a user to know the
keyid.

GnuPG-bug-id: 2379
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 16:03:22 +02:00
Werner Koch
01285f909e
gpg: Extend the --quick-gen-key command.
* g10/keygen.c (quickgen_set_para): Add arg 'use'.
(quick_generate_keypair): Add args 'algostr', 'usagestr', and
'expirestr'.  Implement primary only key mode.
(parse_algo_usage_expire): Set NBITS for the default algo.
* g10/gpg.c (main): Extend --quick-gen-key command.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 18:38:10 +02:00
Werner Koch
8f2a053a0f
gpg: New command --quick-addkey.
* g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
(ask_keysize): Factor code out to ...
(get_keysize_range, fixup_keysize): new.
(parse_parameter_usage): Factor parsing out to  ...
(parse_usagestr): new.  Allow use of "encr" as alias for "encrypt".
(parse_subkey_algostr_usagestr): New.
(generate_subkeypair): Add new args.  Implement unattended mode.

* g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
(find_by_primary_fpr): new.
(keyedit_quick_addkey): New.
* g10/gpg.c (aQuickAddKey): New.
(opts): Add --quick-addkey.
(main): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 16:01:48 +02:00
Werner Koch
ac9ff644b1
gpg: Allow unattended deletion of secret keys.
* agent/command.c (cmd_delete_key): Make the --force option depend on
--disallow-loopback-passphrase.
* g10/call-agent.c (agent_delete_key): Add arg FORCE.
* g10/delkey.c (do_delete_key): Pass opt.answer_yes to
agent_delete_key.
--

Unless the agent has been configured with
--disallow-loopback-passpharse an unattended deletion of a secret key
is now possible with gpg by using --batch _and_ --yes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
Werner Koch
300b227cf4
doc: Fix name of gpg's option --tofu-policy
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-29 11:05:55 +02:00
Werner Koch
87de9e19ed
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.
* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method.  Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt):  Add field 'with_wkd_hash'.
(AKL_WKD): New.

* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--

The Web Key Directory is an experimental feature to retrieve a key via
https.  It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.

For example the URI to lookup the key for Joe.Doe@Example.ORG is:

    https://example.org/.well-known/openpgpkey/
    hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q

(line has been wrapped for rendering purposes).  The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part.  The
address wk@gnupg.org can be used for testing.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-27 08:34:29 +02:00
Werner Koch
c3aeda82b8
dirmngr: Use system provided root CAs with KS_FETCH.
* dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-27 08:18:37 +02:00
Werner Koch
d02de6c0a4
gpg: Improve UID selction of --quick-sign-key.
* g10/keyedit.c (keyedit_quick_sign): Improve UID selection and print
error for non-found userids.
--

GnuPG-bug-id: 2315
2016-04-19 17:57:21 +02:00
Werner Koch
22b869adca
doc: Point to RFC-4880 for keyedit subcommand "tsign".
--

GnuPG-bug-id: 2283
2016-04-12 14:38:44 +02:00
Werner Koch
4dc4fb1c14
doc: Install gpg and gpgv man pages under the correct name.
* doc/mkdefsinc.c (main): Add double include guard.  Set variable
gpgtwohack. Define macros gpgname and gpgvname.
* doc/gpg.texi: Remove macro definition for gpgname.  Use Texinfo var
gpgtwohack to prepare the man pages.  Use @gpgname everywhere.
* doc/gpgv.texi: Likewise.
* doc/Makefile.am (myman_pages): Remove gpg2.1 and gpgv2.1 but add
them depending on USE_GPG2_HACK.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-05 15:15:28 +02:00
Neal H. Walfield
1dc7f55a40 doc: Improve documentation of --enable-large-rsa.
* doc/gpg.texi (--enable-large-rsa): Improve text.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Bernhard Reiter <bernhard@intevation.de>
2016-03-17 11:14:55 +01:00
Justus Winter
8daf9a027f doc: Drop superfluous 'is'.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-04 13:09:11 +01:00
Werner Koch
bb99b40bd1
gpg: Improve header text of the auto-created revocations.
* g10/revoke.c (gen_standard_revoke): Improve header text for the
file.  Add info output.
--

GnuPG-bug-id: 1724
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-21 18:30:51 +01:00
Werner Koch
c26d299ef6
doc: Typo fix.
--
2016-01-20 10:48:50 +01:00
Werner Koch
56275e4392
doc: Fix description of --s2k-* options to match gpg 2.1.
--

GnuPG-bug-id: 2220
2016-01-18 08:33:55 +01:00
Werner Koch
360534bde7
gpg: Make --list-options show-usage the default.
* g10/gpg.c (main): Add LIST_SHOW_USAGE.
--

The usage flags are often useful and they don't take away much space
in a key listing.  Thus it is better to have them enabled by default.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 12:22:33 +01:00
Werner Koch
eb9c021631
tools: Remove gpgkey2ssh.
* tools/gpgkey2ssh.c: Remove.
* tools/Makefile.am (bin_PROGRAMS): Ditto.
--

Also remove it form the docs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-09 11:28:42 +01:00
Neal H. Walfield
0b86c7463c gpg: Allow selecting subkeys using a keyid.
* g10/keyedit.c (menu_select_key): Take an additional argument, p.
Update callers.  If P is a hex string, then assume that P is a key id
or fingerprint and select subkeys with matching key ids or
fingerprints.
* doc/gpg.texi: Update documentation for the key subcommand.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1423
Debian-bug-id: 610336
2015-11-17 21:23:16 +01:00
Neal H. Walfield
a74aeb5dae gpg: Add new option --only-sign-text-ids.
* g10/options.h (opt): Add field only_sign_text_ids.
* g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
(opts): Handle oOnlySignTextIDs.
(main): Likewise.
* g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
select non-text based IDs automatically.
(keyedit_menu): Adapt the prompt asking to sign all user ids according
to OPT.ONLY_SIGN_TEXT_IDS.
* doc/gpg.texi: Document the new option --only-sign-text-ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1241
Debian-bug-id: 569702
2015-11-06 13:16:37 +01:00
Neal H. Walfield
de9b234015 gpg: Add --encrypt-to-default-key.
* g10/getkey.c (parse_def_secret_key): Drop the static qualifier and
export the function.
* g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey.
(opts): Handle oEncryptToDefaultKey.
(main): Likewise.
* g10/options.h (opt): Add field encrypt_to_default_key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 807
2015-11-04 13:19:54 +01:00
Neal H. Walfield
e16d7168c5 gpg: Allow multiple --default-key options. Take the last available key.
* g10/getkey.c (parse_def_secret_key): New function.
(get_seckey_default): Add parameter ctrl.  Update callers.  Use
parse_def_secret_key to get the default secret key, if any.
(getkey_byname): Likewise.
(enum_secret_keys): Likewise.
* g10/options.h (opt): Change def_secret_key's type from a char * to a
strlist_t.
* g10/gpg.c (main): When processing --default-key, add the key to
OPT.DEF_SECRET_KEY.
* g10/gpgv.c (get_session_key): Add parameter ctrl.  Update callers.
* g10/mainproc.c (proc_pubkey_enc): Likewise.
(do_proc_packets): Likewise.
* g10/pkclist.c (default_recipient): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sign.c (clearsign_file): Likewise.
(sign_symencrypt_file): Likewise.
* g10/skclist.c (build_sk_list): Likewise.
* g10/test-stubs.c (get_session_key): Likewise.

--
Signed-off-by: Neal H. Walield <neal@g10code.com>
GnuPG-bug-id: 806
2015-11-04 13:19:52 +01:00
Damien Goutte-Gattat
e095a3fcf2
doc: Document some changed default options.
* doc/gpg.texi: Update the description of some options which are
  now enabled by default.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2015-10-28 12:11:12 +01:00
Daniel Kahn Gillmor
76afaed65e
gpg: Add option --weak-digest to gpg and gpgv.
* g10/options.h: Add additional_weak_digests linked list to opts.
* g10/main.h: Declare weakhash linked list struct and
additional_weak_digest() function to insert newly-declared weak
digests into opts.
* g10/misc.c: (additional_weak_digest): New function.
(print_digest_algo_note): Check for deprecated digests; use proper
gcry_md_algos type.
* g10/sig-check.c: (do_check): Reject weak digests in addition to MD5.
* g10/gpg.c: Add --weak-digest option to gpg.
* doc/gpg.texi: Document gpg --weak-digest option.
* g10/gpgv.c: Add --weak-digest option to gpgv.
* doc/gpgv.texi: Document gpgv --weak-digest option.

--
gpg and gpgv treat signatures made over MD5 as unreliable, unless the
user supplies --allow-weak-digests to gpg.  Signatures over any other
digest are considered acceptable.

Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC
4880, the collision-resistance of SHA-1 is weaker than anyone would
like it to be.

Some operators of high-value targets that depend on OpenPGP signatures
may wish to require their signers to use a stronger digest algorithm
than SHA1, even if the OpenPGP ecosystem at large cannot deprecate
SHA1 entirely today.

This changeset adds a new "--weak-digest DIGEST" option for both gpg
and gpgv, which makes it straightforward for anyone to treat any
signature or certification made over the specified digest as
unreliable.

This option can be supplied multiple times if the operator wishes to
deprecate multiple digest algorithms, and will be ignored completely
if the operator supplies --allow-weak-digests (as before).

MD5 is still always considered weak, regardless of any further
--weak-digest options supplied.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Capitialized some comments, shorted a line in do_check, and changed
subject to name the option.  -wk
2015-10-19 14:24:27 +02:00
Neal H. Walfield
f77913e0ff g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask.  Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask.  Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask.  Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask.  If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level.  Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:45:40 +02:00
Werner Koch
d7b8e76f99
gpg: Add option --print-dane-records.
* g10/options.h (opt): Add field "print_dane_records".
* g10/gpg.c (oPrintDANERecords): new.
(opts): Add --print-dane-records.
(main): Set that option.
* g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling.
(do_export_stream): Add EXPORT_DANE_FORMAT handling.
* g10/keylist.c (list_keyblock_pka): Implement DANE record printing.

* g10/gpgv.c (export_pubkey_buffer): New stub.
* g10/test-stubs.c (export_pubkey_buffer): New stub.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 15:40:53 +02:00
Werner Koch
9ac31f91b1
gpg: Add new --auto-key-locate mechanism "dane".
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
* g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
* g10/options.h (AKL_DANE): New.
* g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
(parse_auto_key_locate): Ditto.
--

To test this use

  gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 20:31:43 +02:00
Werner Koch
ae471fa978
gpg: Deprecate the --keyserver option.
* g10/keyserver.c (keyserver_refresh): Change return type to
gpg_error_t.  Use gpg_dirmngr_ks_list to print the name of the
keyserver to use.
(keyserver_search): Do not print the "no keyserver" error
message.  The same error is anyway returned from dirmngr.
* g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
(ks_status_cb): Handle other status keywords.
(gpg_dirmngr_ks_list): New.
* tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
(gc_options_dirmngr): Add "Keyserver" group and "keyserver".
--

Along with the corresponding dirmngr change this option allows to
configure the keyserver only in dirmngr.conf.  Existing
configurations will continue to work.  However, GUIs using gpgconf
now the keyserver option under the dirmngr (aka Key Acquirer) tab
unless they are in export mode in which the keyserver option is also
show for gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-05 17:52:28 +02:00
Werner Koch
13a3f65968
gpg: Add debug helper to --edit-keys's check sub-command.
* g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
print an asterisk for the chosen selfsig.
(check_all_keysigs): Add arg "only_selfsig"
(keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
--

Using "check selfsig" prints only the self-signatures and indicates
the chosen selfsig with an asterisk.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-01 16:24:59 +02:00
Werner Koch
f9c83d84e7
gpg: Remove option --no-sig-create-check.
* g10/gpg.c (opts): Remove --no-sig-create-check.
* g10/options.h (struct opt): Remove field no_sig_create_check.
* g10/sign.c (do_sign): Always check unless it is RSA and we are using
Libgcrypt 1.7.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-01 07:37:12 +02:00
Werner Koch
836a3e4315
Typo fixes
--
2015-09-01 07:37:11 +02:00
Werner Koch
9502d7f50a
doc: Document that gpg --edit-key's toggle is a nop.
--
2015-07-29 15:46:40 +02:00
Werner Koch
cb315d08e4
doc: Add a comment to --set-filename.
--
2015-07-22 16:41:22 +02:00
Daniel Kahn Gillmor
90f029e869
doc: Clarify constraints on who modifies files in ~/.gnupg
--
2015-07-22 12:57:17 +02:00
Werner Koch
4698e5b203
gpg: Allow debug flag names for --debug.
* g10/gpg.c (opts): Change arg for oDebug to a string.
(debug_flags): New; factored out from set_debug.
(set_debug): Remove "--debug-level help".  Use parse_debug_flag to
print the used flags.
(main): Use parse_debug_flag for oDebug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 21:01:10 +02:00
Werner Koch
663a31f1ea
gpg: Print available debug flags using "--debug-level help".
* g10/gpg.c (set_debug): Add "help" option and use a table for the
flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-19 14:56:46 +02:00
Werner Koch
25331bba55
doc: Do not used fixed file names in the manuals.
* doc/mkdefsinc.c: New.
* doc/Makefile.am: Include cmacros.am.
(EXTRA_DIST): Add mkdefsinc.c defsincdate.
(BUILT_SOURCES): Add defsincdate
(CLEANFILES): Add mkdefsinc and defs.inc.
(mkdefsinc): New rule.
(yat2m-stamp): Depend on defs.inc.
($(myman_pages) gnupg.7): Ditto.
(gnupg.texi): Remove rule to touch itself.
(dist-hook): New.
(defsincdate): New.
(defs.inc): New.
* doc/gnupg.texi: Remove inclusion of version.texi.  Include defs.inc.
Also include defs.inc in all files used to build man files.  Change
fixed directory names to those from defs.inc.
--

GnuPG-bug-id: 1661
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-09 21:29:15 +02:00
Werner Koch
abbefdd04d
doc: Change the manual source to be only for GnuPG 2.1
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-08 19:27:08 +02:00
Werner Koch
a7f7aa766f
doc: Replace "conventional encryption" by "symmetric encryption".
--

Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Ported from 2.0.
2015-06-02 17:53:41 +02:00
Werner Koch
64e809b791
gpg: New command --quick-adduid.
* g10/keygen.c (ask_user_id): Factor some code out to ...
(uid_already_in_keyblock): new.
(generate_user_id): Add arg UIDSTR.  Fix leaked P.
* g10/keyedit.c (menu_adduid): Add new arg uidstring.  Adjust caller.
(keyedit_quick_adduid): New.
* g10/gpg.c (aQuickAddUid): New.
(opts):  Add command --quick-adduid.
(main): Implement that.
--

GnuPG-bug-id: 1956
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
Werner Koch
727fe4f8d7
gpg: Do not use honor-keyserver-url sub-option by default. 2015-04-21 15:46:13 +02:00
Werner Koch
da1990bac7
gpg: Update sub-options of --keyserver-options
* g10/options.h (KEYSERVER_HTTP_PROXY): New.
(KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove.
(KEYSERVER_TIMEOUT): New.
* common/keyserver.h (KEYSERVER_TIMEOUT): Remove.
* g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files"
and "keep-temp-files". Add "http-proxy" and "timeout".
(parse_keyserver_options): Remove 1.2 compatibility option
"honor-http_proxy".  Remove "use-temp-files" and "keep-temp-files"
code.
--

Note that many of these options where implicitly used by passing any
unknown option down to the former keyserver helpers.  The don't exist
anymore thus we need to make them explicit.  Another patch will convey
them to dirmngr.  Temp files are not anymore used thus they can be
removed and will be ignored when used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-21 10:15:04 +02:00
Werner Koch
c581ed717a
gpg: Add new option --debug-iolbf.
* g10/gpg.c (oDebugIOLBF): new.
(opts): Add --debug-iolbf.
(main): Set option.
--

This option is convenient for debugging to make sure that debug output
to stderr is synced with output to stdout.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 14:07:50 +02:00
Werner Koch
bcc8250bc5
gpg: Allow printing of MPI values in --list-mode.
* g10/parse-packet.c (set_packet_list_mode): Set mpi_print_mode.
* g10/misc.c (mpi_print): Do not print an extra leading zero.
--

This was in older versions possible using "--debug 4" but that was
disabled in 2.1 due to a conflict using this values also for
Libgcrypt.  Now the values are dumped either with --debug 4 or using
--list-packets along with --verbose.

Because OpenPGP only uses unsigned integers an extra leading zero will
not be printed anymore.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-16 20:12:44 +01:00
Werner Koch
7b5b52f326
gpg: Change --print-pka-records into an option.
* g10/gpg.c (aPrintPKARecords): Rename to oPrintPKARecords and do not
use it as a command.
* g10/keylist.c (list_keyblock): List PKA rceords also for secret
keys.
--

An option allows to use it more flexible.  For example to select only
secret keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:37:16 +01:00
Werner Koch
14af2be022
gpg: Add --list-gcrypt-config and "curve" item for --list-config.
* common/openpgp-oid.c (curve_supported_p): New.
(openpgp_enum_curves): New.
* common/t-openpgp-oid.c (test_openpgp_enum_curves): New.
(main): Add option --verbose.
* g10/gpg.c (opts): Add --list-gcrypt-config.
(list_config): Add items "curve" and "curveoid".  Remove unused code.
--

GnuPG-bug-id: 1917
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:35:30 +01:00
Werner Koch
165094a445
doc: Fix name of keep-ownertrust.
--

Reported-by: Guilhem Moulin <guilhem@fripost.org>
(cherry picked from commit 0d286a11c857a8f84b084b6f4e8a38737adca034)
2015-02-26 17:59:29 +01:00
Werner Koch
ae09515b9d
gpg: Add option to print fingerprints in ICAO spelling.
* g10/gpg.c: Add option --with-icao-spelling.
* g10/options.h (struct opt): Add with_icao_spelling.
* g10/keylist.c (print_icao_hexdigit): New.
(print_fingerprint): Print ICAO spelling.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-23 17:54:05 +01:00
Werner Koch
1209ea4e07 doc: Add another use case for --show-session-key.
--
GnuPG-bug-id: 1835
2015-02-11 12:21:30 +01:00
Werner Koch
15fad6b1b9 doc: Change remaining http links to gnupg.org to https
--
GnuPG-bug-id: 1830
2015-02-11 12:10:39 +01:00
Werner Koch
da4db172f6 doc: Fix some typos and add missing options.
--

GnuPG-bug-id: 1602

I added options shown with --help but missing in the man page.
However, --help won't show everything listed in the man age and
frankly there are even more options not listed anywhere (to see them
use --dump-options).
2015-01-22 17:49:55 +01:00
Werner Koch
4d7c9b0e9a gpg: Support --passphrase with --quick-gen-key.
* g10/keygen.c: Include shareddefs.h.
(quick_generate_keypair): Support static passphrase.
(get_parameter_passphrase): New.
(do_generate_keypair): Use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 12:45:22 +01:00
Werner Koch
aa99ebde77 gpg: Re-enable the "Passphrase" parameter for batch key generation.
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
Werner Koch
7aee3579be Add option --no-autostart.
* g10/gpg.c: Add option --no-autostart.
* sm/gpgsm.c: Ditto.
* g10/options.h (opt): Add field autostart.
* sm/gpgsm.h (opt): Ditto.
* g10/call-agent.c (start_agent): Print note if agent was not
autostarted.
* sm/call-agent.c (start_agent): Ditto.
* g10/call-dirmngr.c (create_context): Likewise.
* sm/call-dirmngr.c (start_dirmngr_ext): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
Werner Koch
69384568f6 gpg: Make the use of "--verify FILE" for detached sigs harder.
* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--

Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0.  :-(

What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode.  This should exhibit
problems in scripts which use this insecure practice.  We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:

  gpgv: Good signature from "Werner Koch (dist sig)"
  gpgv: WARNING: not a detached signature; \
  file 'gnupg-2.1.0.tar.bz2' was NOT verified!

We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.

Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-13 17:39:31 +01:00
Werner Koch
ffc2307843 gpg: Add import options "keep-ownertrust".
* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
* g10/import.c (parse_import_options): Add "keep-ownertrust".
(import_one): Act upon new option.
--

This option is in particular useful to convert from a pubring.gpg to
the new pubring.kbx in GnuPG 2.1 or vice versa:

gpg1 --export | gpg2 --import-options keep-ownertrust --import
2014-11-12 09:56:40 +01:00
Werner Koch
7362c8c6e6 gpg: Remove warning message for non-implemented search modes.
* kbx/keybox-search.c (keybox_search): Silently ignore.
* doc/specify-user-id.texi: Docuement '@", '+', and '.' search
prefixes.
2014-11-07 18:42:37 +01:00
Werner Koch
a929f36693 gpg: Do not show an useless passphrase prompt in batch mode.
* g10/keygen.c: Remove unused PASSPHRASE related code.
(proc_parameter_file): Remove useless asking for a passphrase in batch
mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 15:43:52 +01:00
Werner Koch
9546aa3cc8 tests: Speed up the genkey1024.test by using not so strong random.
* agent/gpg-agent.c (oDebugQuickRandom): New.
(opts): New option --debug-quick-random.
(main): Use new option.
* common/asshelp.c (start_new_gpg_agent): Add hack to pass an
additional argument for the agent name.
* tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
starting parameters.
* tests/openpgp/version.test: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-30 09:55:51 +01:00
Werner Koch
8fd150b05b gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys.  Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.

* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto.  Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures.  Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.

* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--

v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys.  Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.

We have also kept support for v3 signatures until now.  With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures.  What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages.  These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 13:32:16 +02:00
Werner Koch
0df36db63e doc: Minor doc fix for --quick-lsign-key.
--
2014-10-15 16:22:03 +02:00
Daniel Kahn Gillmor
6cabb7a2a1 gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.

--

This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from
STABLE-BRANCH-1-4 against master

Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.

Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.

Debian-bug-id: 739424

Minor edits by wk.

GnuPG-bug-id: 1732
2014-10-10 13:40:38 +02:00
Werner Koch
0c52bfa395 doc: Minor fix.
--

Due to todays reminder:

  On Tue 2014-04-22 18:46:15 -0400, Daniel Kahn Gillmor wrote:
  > With --trust-model=always, all keys and user IDs are considered
  > automatically valid; they are not automatically trusted (setting
  > universal ownertrust to anything other than "ultimate" would be
  > insufficient to acheive the effect of --trust-model=always, due to
  > --max-cert-depth and certificate path reachability).
  >
  > Thanks to Nicolai Josuttis for pointing out this documentation
  error.
2014-10-03 20:19:08 +02:00
Werner Koch
9c380384da Remove support for the GPG_AGENT_INFO envvar.
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options.  Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--

The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
2014-10-03 11:58:58 +02:00
Werner Koch
edd191e5b0 doc: Remove GnuPG-1 related parts from gpg.texi.
* doc/Makefile.am (YAT2M_OPTIONS): Add 2.1 to the source info.
* doc/gpg.texi: Remove gpg1 related texts.
2014-09-29 11:49:50 +02:00
Werner Koch
f3625bb018 gpg: Simplify command --gen-key and add --full-gen-key.
* g10/gpg.c (aFullKeygen): New.
(opts): Add command --full-key-gen.
(main): Implement it.
* g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although
the value is identical.
(DEFAULT_STD_CURVE): New.
(DEFAULT_STD_SUBALGO): New.
(DEFAULT_STD_SUBKEYSIZE): New.
(DEFAULT_STD_SUBCURVE): New.
(quick_generate_keypair): Use new macros here.
(generate_keypair): Add arg "full" and fix call callers. Do not ask
for keysize in non-full node.
(ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
Werner Koch
64c15a7e11 Reformat README and minor gpg.texi improvement.
--

The second thing is to explain the file names below under
~/.gnupg/openpgp-revocs.d/.
2014-09-24 14:40:11 +02:00
Werner Koch
a4205d5ed0 doc: Fix --secret-keyring option for 2.1
--
2014-09-22 08:33:54 +02:00
Werner Koch
16ae4ca33e doc: Small grammar fix
--
2014-09-12 10:49:31 +02:00
Werner Koch
1449a22d2e doc: Typo fix
--
Debian-bug-id: 760273
2014-09-02 16:01:25 +02:00
Werner Koch
57df1121c1 gpg: Change default cipher for --symmetric from CAST5 to AES-128.
* g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES
depending on configure option.
* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.
2014-08-18 11:45:00 +02:00
Werner Koch
2b8d8369d5 gpg: Remove options --pgp2 and --rfc1991.
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove.  Remove all users.
(RFC2440, PGP2): Remove.  Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--

The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5).  Thus we remove all support for
_creating_ PGP 2 compatible messages.
2014-08-14 11:03:55 +02:00
Werner Koch
7d0492075e gpg: Add list-option "show-usage".
* g10/gpg.c (parse_list_options): Add "show-usage".
* g10/options.h (LIST_SHOW_USAGE): New.
* g10/keyid.c (usagestr_from_pk): Add arg FILL.  Change caller.
* g10/keylist.c (list_keyblock_print): Print usage info.
2014-08-13 10:11:36 +02:00
Werner Koch
ea186540db gpg: Add command --quick-gen-key
* g10/gpg.c (aQuickKeygen): New.
* g10/misc.c (is_valid_user_id): New stub.
* g10/keygen.c (quickgen_set_para): New.
(quick_generate_keypair): New.
--

Note that the validation of the specified user id has not yet been
implemented.
2014-07-23 15:12:43 +02:00
Werner Koch
17404b2fcc gpg: Make --quick-sign-key promote local key signatures.
* g10/keyedit.c (sign_uids): Promote local sigs in quick mode.
2014-07-23 12:18:19 +02:00
Werner Koch
03018ef9ee gpg: Auto-create revocation certificates.
* configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
* g10/revoke.c (create_revocation): Add arg "leadin".
(gen_standard_revoke): New.
* g10/openfile.c (get_openpgp_revocdir): New.
(open_outfile): Add MODE value 3.
* g10/keyid.c (hexfingerprint): New.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
--

GnuPG-bug-id: 1042
2014-06-30 16:40:55 +02:00
Werner Koch
f149e05427 doc: Update for modern makeinfo.
* doc/texi.css: Remove.
* doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.
2014-06-25 09:45:56 +02:00
Werner Koch
6295b6675e doc: Improve the description of gpg's --export commands.
--
GnuPG-bug-id: 1655
2014-06-24 12:21:54 +02:00
Werner Koch
2c8e00137a doc: Add conditionals for GnuPG-1 2014-06-24 11:43:47 +02:00
Werner Koch
4f0625889b gpg: Auto-migrate existing secring.gpg.
* g10/migrate.c: New.
* g10/import.c (import_old_secring): New.
(import_one): Add arg silent.
(transfer_secret_keys): Add arg batch.
(import_secret_one): Add args batch and for_migration.
* g10/gpg.c (main): Call migration function.
2014-06-05 11:19:59 +02:00
Werner Koch
be07ed65e1 Add new option --with-secret.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret.  Also move
the token string from the wrong field 14 to 15.
--

This option is useful for key managers which need to know whether a
key has a secret key.  This change allows to collect this information
in one pass.
2014-06-03 21:35:59 +02:00
Werner Koch
50cd3d40ae doc: Minor texi updates.
--
2014-06-03 08:58:20 +02:00
Werner Koch
60e2fc7d38 dirmngr: Add support for hkps keyservers.
* dirmngr/dirmngr.c: Include gnutls.h.
(opts): Add --gnutls-debug and --hkp-cacert.
(opt_gnutls_debug, my_gnutls_log): New.
(set_debug): Set gnutls log level.
(parse_rereadable_options): Register a CA file.
(main): Init GNUTLS.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps.
(send_request): Ditto.
2014-05-05 16:23:37 +02:00
Werner Koch
7adeae3ba3 gpg: Minor doc enhancement
--
2014-04-30 21:14:28 +02:00
Werner Koch
e184a11f94 gpg: New %U expando for the photo viewer.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--

This makes is possible to extract all photos ids from a key to
different files.
2014-04-17 21:44:09 +02:00
Werner Koch
b6786cc3ec gpg: Add commands --quick-sign-key and --quick-lsign-key.
* g10/gpg.c (main): Add commands --quick-sign-key and
--quick-lsign-key.
* g10/keyedit.c (sign_uids): Add args FP and QUICK.
(keyedit_quick_sign): New.
(show_key_with_all_names): Add arg NOWARN.
2014-03-27 16:33:40 +01:00
Werner Koch
f90cfe6b66 gpg: Reject signatures made with MD5.
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
2014-03-17 18:14:23 +01:00
Werner Koch
1d642d3ca8 gpg: New mechanism "clear" for --auto-key-locate.
* g10/getkey.c (parse_auto_key_locate): Implement "clear".
2014-03-17 15:36:15 +01:00
Werner Koch
6dd5d99a61 gpg: Add option --dirmngr-program.
* g10/gpg.c: Add option --dirmngr-program.
* g10/options.h (struct opt): Add field dirmngr_program.
* g10/call-dirmngr.c (create_context): Use new var.

* dirmngr/dirmngr.c: Include gc-opt-flags.h.
(main): Remove GC_OPT_FLAG_*.
* tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ...
* common/gc-opt-flags.h: here.
2014-03-12 18:35:36 +01:00
Werner Koch
2c814806d7 gpg: Change format for the key size in --list-key and --edit-key.
* g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode.
* g10/options.h (struct opt): Add field legacy_list_mode.
* g10/keydb.h (PUBKEY_STRING_SIZE): New.
* g10/keyid.c (pubkey_string): New.
* g10/import.c (import_one, import_secret_one): Use pubkey_string.
* g10/keylist.c (print_seckey_info): Ditto.
(print_pubkey_info, print_card_key_info): Ditto.
(list_keyblock_print): Ditto.
* g10/mainproc.c (list_node): Ditto.
* g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto.
* g10/keyedit.c (show_key_with_all_names): Ditto.  Also change the
format.
(show_basic_key_info): Ditto.
* common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519".
(openpgp_oid_to_curve): Downcase "ed25519"
--

For ECC it seems to be better to show the name of the curve and not
just the size of the prime field.  The curve name does not anymore fit
into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length
format does not work either.  Thus the new format uses

   "rsa2048"    - RSA with 2048 bit
   "elg1024"    - Elgamal with 1024 bit
   "ed25519"    - ECC using the curve Ed25519.
   "E_1.2.3.4"  - ECC using the unsupported curve with OID "1.2.3.4".

unless --legacy-list-mode is given.  In does not anymore line up
nicely in columns thus I expect further changes to this new format.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-02-05 10:37:59 +01:00
Werner Koch
e951782e93 gpg: Change armor Version header to emit only the major version.
* g10/options.h (opt): Rename field no_version to emit_version.
* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
to bump up opt.emit_version.
* g10/armor.c (armor_filter): Implement different --emit-version
values.
--

GnuPG-bug-id: 1572
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-27 09:20:02 +01:00
Werner Koch
7c5d2909dd doc: Some gpg and gpgv clarifications.
--
GnuPG-bug-id: 1486, 1537
2013-10-04 14:31:35 +02:00
Ian Abbott
2c3fc4719b doc: fix some Texinfo warnings.
* doc/gpg.texi: Fix syntax and add missing menu entries.
* doc/gpgsm.texi: Fix subsectioning.
--

These five patches fix some warnings from Texinfo 5 by adding some
missing nodes and changing some sections to subsections, and moving an
'@end ifset' to the start of a line.  I also noticed the 'Deprecated
options' subsection didn't appear in the GPG options menu, so I added
it.  (Texinfo never warned about it because it was after the last node
in the menu.)

1) doc/gpg.texi: move '@end ifset' to start of line
2) doc/gpg.texi: Add missing node for 'Compliance options' section.
3) doc/gpg.texi: add node for 'Deprecated options' subsection.
4) doc/gpg.texi: make 'Unattended key generation' a subsection
5) doc/gpgsm.texi: fix subsectioning for Unattended Usage

(all 5 merged into one patch by wk)

(cherry picked from commit 4d67f59a336bfa0ff19fc23209940724196fd886)

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-07 21:25:27 +02:00
Werner Koch
ff6115227a doc: Formatting fixes.
* doc/Makefile.am (.fig.jpg): Correct to use -L jpeg.
* doc/gpg.texi: Fix cross reference for --options.
* doc/gpgsm.texi: Likewise.
* doc/gpl.texi: Fix enumerate and re-indent examples.
--

Reported-by: Ian Abbott
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-04-19 12:01:22 +02:00
Werner Koch
e1f7f61d1e Fix doc for the Expire-Date key generation parameter.
--
2013-04-04 14:26:39 +02:00
Daniel Kahn Gillmor
5132ea8a0d Update RFC references to RFC 4880
--
2013-03-05 11:00:46 +01:00
Werner Koch
21feecd48f gpg: Add pinentry-mode feature.
* g10/gpg.c: Include shareddefs.h.
(main): Add option --pinentry-mode.
* g10/options.h (struct opt): Add field pinentry_mode.
* g10/passphrase.c: Include shareddefs.h.
(have_static_passphrase): Take care of loopback pinentry_mode.
(read_passphrase_from_fd): Ditto.
(get_static_passphrase): New.
(passphrase_to_dek_ext): Factor some code out to ...
(emit_status_need_passphrase): new.
* g10/call-agent.c (start_agent): Send the pinentry mode.
(default_inq_cb): Take care of the PASSPHRASE inquiry.  Return a
proper error code.
(agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
(agent_pkdecrypt): Ditto.
* g10/pubkey-enc.c (get_it): Pass new args.
* g10/sign.c (do_sign): Pass new args.

* g10/call-agent.c (struct default_inq_parm_s): New.  Change all
similar structs to reference this one.  Change all users and inquire
callback to use this struct, instead of NULL or some undefined but not
used structs.  This change will help to eventually get rid of global
variables.
--

This new features allows to use gpg without a Pinentry.  As a
prerequisite the agent must be configured to allow the loopback
pinentry mode (option --allow-loopback-pinentry).  For example

  gpg2 --pinentry-mode=loopback FILE.gpg

may be used to decrypt FILE.gpg while entering the passphrase on the
tty.  If batch is used, --passphrase et al. may be used, if
--command-fd is used, the passphrase may be provided by another
process.  Note that there are no try-again prompts in case of a bad
passphrase.
2013-02-07 20:37:58 +01:00
Werner Koch
4ea37fe4b2 Fix incorrect description of --delete-secret-key
--

This is bug#1429.
2012-08-09 14:45:18 +02:00
Werner Koch
c4b9a9b9f3 Typo fixes in de.po.
--
This is bug#1276 and http://bugs.debian.org/594343
2012-03-26 15:50:13 +02:00
Werner Koch
31f548a18a Rewrite dns-cert.c to not use the gpg-only iobuf stuff.
* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert.  Remove MAX_SIZE arg.  Change
iobuf arg to a estream-t.  Rewrite function to make use of estream
instead of iobuf.  Require all parameters.  Return an gpg_error_t
error instead of the type.  Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.
2011-11-30 17:34:49 +01:00
Werner Koch
32118628a0 typo fixes 2011-11-02 18:29:47 +01:00
Werner Koch
5319aa952f Put more options into the options index
Also removed the single letter options from the index.
2011-10-12 17:36:56 +02:00
Werner Koch
550d94b011 Clarify documentation of --keyid-format.
Fixes bug#1354.
2011-07-18 10:38:14 +02:00
Werner Koch
d679b4d642 Require libgpg-error 1.10
This allows to remove some error code substitutes.
Fixed a typo in gpg.text.
2011-05-20 10:27:50 +02:00
Werner Koch
00f8b68505 Move parameter file description to the manual. 2011-03-01 17:08:49 +01:00
David Shaw
b0b46f46cf * gpg.texi (GPG Configuration Options): Clarify that show-photos
doesn't work with --with-colons.  --personal-digest-preferences does
not have a default any longer.
2010-10-29 19:41:28 +00:00
Werner Koch
54591341a4 More agent support for gpg. 2010-10-13 15:57:08 +00:00
Werner Koch
5a679857ef Describe %v and %V. 2010-10-11 12:36:27 +00:00
Werner Koch
a78335c9ce Add new option --with-keygrip 2010-10-08 11:11:08 +00:00
Werner Koch
bfbd80feb9 Exporting secret keys via gpg-agent is now basically supported.
A couple of forward ported changes.
Doc updates.
2010-10-01 20:33:53 +00:00
David Shaw
b8f9f9b1f6 Clarify that --force-v3-sigs disables (not enables) v4 options 2010-09-28 16:04:47 +00:00
Werner Koch
8b8925a2bd Some work on porting dirmngr (unfinished)
Ported gpgtar to W32.
2010-07-16 13:19:45 +00:00
Werner Koch
bbe388b5db Add unfinished gpgtar.
Collected changes and ports of bug fixes from stable.
2010-06-07 13:33:02 +00:00
Werner Koch
299aeda4b0 Link to the bug tracker in the gpg man page. 2010-02-11 11:30:07 +00:00
Werner Koch
8459bcf95a Various changes to eventually support openpgp keys in pgp-agent.
Comment fixes.
Minor chnages in preparation of a W32CE port.
2010-02-02 14:06:19 +00:00
Werner Koch
af935bd410 Implement --faked-systrem-time for gpg.
Typo and comment fixes.
2009-12-17 17:25:26 +00:00
Werner Koch
cb5491bfaf support numeric debug levels. 2009-12-03 18:04:40 +00:00
Werner Koch
cf2ec5673f Add gpgconf related dummy options default_pubkey_algo.
Add option --skip-hidden-recipients
Comment updates.
2009-11-23 19:18:04 +00:00
David Shaw
61b351854b * gpg.texi (GPG Configuration Options): Clarify that ca-cert-file is a
generic store, the details of which depend on the underlying
libraries.
2009-10-20 05:03:16 +00:00
Werner Koch
999a909708 Allow uid sand key election using a '*'. 2009-09-04 11:52:03 +00:00
David Shaw
fa4a237b6c * gpg.text: Suggested new ordering for --edit-key. 2009-08-24 22:21:39 +00:00
David Shaw
38a3e20952 * gpg.texi (OpenPGP Options): Clarify that personal-foo-preferences
overrides recipient preferences (safely).
2009-08-17 16:48:49 +00:00
David Shaw
1b61770848 * gpg.texi (GPG Configuration Options): Document keyserver options
check-cert and ca-cert-file.
2009-08-14 19:43:26 +00:00
David Shaw
9df29b446d * gpg.texi (OpenPGP Options): Don't mention --no-sk-comment (doesn't
exist any longer).
2009-07-31 14:36:22 +00:00
David Shaw
ab9a918bc2 Try a DNS-SD lookup to find a domain-specific LDAP server before
resorting to keys.{domain}.
2009-07-23 18:28:54 +00:00
Werner Koch
506aee32fd Typo fixes. Fixes bug#1093 2009-07-22 13:33:46 +00:00
Werner Koch
02e05e28e7 Give hints on files to backup. 2009-07-22 10:24:46 +00:00
Werner Koch
d56084296c Fix bug 1090. 2009-07-20 10:42:45 +00:00
Werner Koch
556d4ed983 Allow generation of DSA2 keys without --enable-dsa2. 2009-05-20 09:57:10 +00:00
Werner Koch
8e7e6f124b Doc fixes. 2009-05-08 15:08:37 +00:00
David Shaw
a50a274d20 * gpg.texi (GPG Configuration Options): Document keyserver-options
debug.
2009-03-16 18:45:46 +00:00
Werner Koch
59d7a54e72 New PIN Callback attributes in gpg-agent.
Common prompts for keypad and simple card reader.
More support for Netkey cards;  PIN management works now.
2009-03-05 19:19:37 +00:00
Werner Koch
53f1c11adf Small doc fixes. 2008-12-12 14:04:22 +00:00
Werner Koch
78ff45c49e Align ticker to the full or half second. 2008-12-08 19:10:42 +00:00
David Shaw
bb39c59728 * gpg.texi (OpenPGP Key Management): Clarify setpref a bit. 2008-09-23 19:18:52 +00:00
Werner Koch
f899b9683b Support the Certifciate DO of the v2 OpenPGP cards. 2008-09-23 09:57:45 +00:00
Werner Koch
d92f06e882 Add a warning nite to --throw-keyds. 2008-08-28 14:57:25 +00:00
Werner Koch
7d1b0d8626 Add a warning note to --allow-multiple-messages.
s/Sylpeed-Claws/Claws-Mail/.
2008-08-07 07:46:52 +00:00
Werner Koch
035c838f71 Made --fixed-list-mode obsolete. 2008-06-11 08:07:54 +00:00
Marcus Brinkmann
102b285a2d 2008-05-15 Marcus Brinkmann <marcus@g10code.de>
* gpg.texi (Operational GPG Commands): Mention the way to change
	the default signing key.
2008-05-15 10:59:35 +00:00
Werner Koch
d9405f0c49 Updated German translation.
Fix in gpgconf for W32.
2008-05-09 09:54:35 +00:00
Werner Koch
69ae16636c Add command --locate-key.
Fix auto-key-locate processing of "nodefault".
2008-05-07 15:40:36 +00:00
Werner Koch
97ec9aac2b Enhanced --auto-key-locate. 2008-04-08 11:04:16 +00:00
Werner Koch
9a8ee6e6be Changed the way i18n files are located under Windows. The setting of the
Registry key is not anymore required.  Helpfiles are not properly located.
2008-03-25 19:41:11 +00:00
Werner Koch
e751bcdd04 Add IF command and new variable functions to gpg-connect-agent. 2008-03-05 10:08:10 +00:00
David Shaw
9c42222a7a * gpg.texi (GPG Esoteric Options): Tweak mention of Tempest font to
add a "claimed" in there.
2008-02-05 19:42:12 +00:00
Werner Koch
1e46b20f48 Add missing country tag to qualified.txt.
Typo fixes.
2008-01-10 08:13:14 +00:00
Werner Koch
9d66580cff Allow verification of some broken S-TRUST generated signatures. 2007-12-13 15:45:40 +00:00
Werner Koch
598a3d0ab4 [W32] Changed default socket for dirmngr.
[W32] Add some code for event notifications 
      between scdaemon and gpg-agent.
2007-11-27 08:01:19 +00:00
Werner Koch
55ba204bfa Started to implement the audit log feature.
Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry.
Improved support for the quality bar.
Minor internal restructuring.
Translation fixes.
2007-11-19 16:03:50 +00:00
David Shaw
dbdea101fe * gpg.texi: Document --rfc4880 (the new --openpgp). 2007-10-27 14:09:36 +00:00
David Shaw
92cc7c2d34 * gpg.texi: Clarify --force-v3-sigs, --pgp2, and --pgp6 a bit. 2007-10-26 04:16:42 +00:00
Werner Koch
831cd76256 Fixed a problem in estream-printf.c.
Changes for Windows (gpgsm -k does now work).
Minor cleanups.
2007-06-25 11:54:43 +00:00
David Shaw
2be1afb5aa * gpg.texi (OpenPGP Options): Update the personal-foo-preferences
documentation a bit.
2007-04-15 05:01:22 +00:00
Werner Koch
6ae6e18d5f g10/ and sm/
* call-agent.c (start_agent): Don't use log_error when using the
	fallback hack to start the agent.  This is bug 782.
scripts/
	* mail-to-translators: Copied from 1.4. and adjusted.
tools/
	* gpgconf-comp.c: Allow changing of --allow-mark-trusted.

	* gpg-connect-agent.c (main): New option --decode and commands
	decode and undecode.
	(read_and_print_response): Implement option.
2007-04-13 11:45:05 +00:00
Werner Koch
9491ab44c5 Ported multiple-messages protection. 2007-03-05 14:56:31 +00:00
Werner Koch
f6243073a8 Add new SVN only file README.maint
doc/
	* gpg.texi (GPG Configuration): Document envvar LANGUAGE.
	(GPG Configuration Options): Document show-primary-uid-only.
g10/
	* gpg.c (main): Add verify option show-primary-uid-only.
	* options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New.
	* mainproc.c (check_sig_and_print): Implement it.

	* encr-data.c (decrypt_data): Correctly test for unknown algorithm.
	* import.c (check_prefs): Ditto.
	* keyedit.c (show_prefs): Ditto.
	* mainproc.c (proc_symkey_enc): Ditto.
2007-02-26 20:24:29 +00:00
Werner Koch
fedae25efd doc/
* gpg.texi (GPG Esoteric Options): No card reader options for gpg2. 
scd/
	* scdaemon.c (DEFAULT_PCSC_DRIVER): Add a default for OS X.
2007-02-18 13:48:03 +00:00
Werner Koch
b861561e47 Included LIBICONV in all Makefiles.
g10/
	* passphrase.c (passphrase_get): Set the cancel flag on all error
	from the agent.  Fixes a bug reported by Tom Duerbusch.
sm/
	* gpgsm.c (main): Let --gen-key print a more informative error
	message.
2007-01-31 14:24:41 +00:00
Werner Koch
7eec2efa66 Added LIBINTL to more Makefile targets.
doc/
	* com-certs.pem: Added the current root certifcates of D-Trust and
	S-Trust.

g10/
	* status.c (write_status_begin_signing): New.
	* sign.c (sign_file, sign_symencrypt_file): Call it.
	* textfilter.c (copy_clearsig_text): Call it.

	* call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if
	required.

	* gpg.c (main): Let --no-use-agent and --gpg-agent-info print a
	warning.  
	* misc.c (obsolete_option): New.
2007-01-30 20:16:28 +00:00
David Shaw
09bc5abc92 * gpg.texi, specify-user-id.texi: Only some of the mentions of
exclamation marks have an example.  Give examples to the rest.
2007-01-18 18:52:24 +00:00
David Shaw
1d4b3d7c3b * gpg.texi (GPG Configuration Options): Make http_proxy option
documentation match reality.  (BUGS): Warn about
hibernate/safe-sleep/etc writing main RAM to disk, despite locking.
2007-01-17 23:38:56 +00:00
Werner Koch
0173cd5a98 Fixes for CVE-2006-6235 2006-12-06 10:16:50 +00:00
David Shaw
5b636f40ef * gpg.texi (GPG Esoteric Options): Document --passphrase-repeat. 2006-12-03 04:48:42 +00:00
David Shaw
88439e2783 * gpg.texi: Reference to --s2k-count in --s2k-mode. 2006-11-06 03:22:13 +00:00
Werner Koch
a2786169f2 Preparing another release 2006-10-24 14:45:34 +00:00
Werner Koch
7b8ea82ab6 . 2006-10-23 14:02:13 +00:00
David Shaw
694dcf5d35 * gpg.texi: Document --s2k-count. 2006-10-13 04:09:56 +00:00
Werner Koch
3b1f186c87 Re-enabled --passphrase-fd 2006-10-04 17:22:24 +00:00
Werner Koch
8684a78518 Fixed agent access for gpg. 2006-10-04 16:45:04 +00:00
Werner Koch
ecf7ad43f6 Preparing a new release 2006-10-04 10:22:56 +00:00
Werner Koch
d94faf4a3d New "relax" option for trustlist.txt 2006-09-25 18:29:20 +00:00
Werner Koch
c9f8a69f0f Improved yat2m.
Tweaked gpg.texti to be used for gpg1 and gpg2.
2006-09-22 14:38:38 +00:00