* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--
This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb. This also requires that
the tofu trust model is requested on the command line. If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,
GnuPG-bug-id: 4134
* g10/options.h (IMPORT_DROP_UIDS): New.
(EXPORT_DROP_UIDS): New.
* g10/import.c (parse_import_options): Add option "import-drop-uids".
(import_one): Don't bail out with that options and no uids found.
Also remove all uids.
(remove_all_uids): New.
* g10/export.c (parse_export_options): Add option "export-drop-uids".
(do_export_one_keyblock): Implement option.
--
These options are required for experiments with changes to the
keyserver infrastructure.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oKnownNotation): New const.
(opts): Add option --known-notation.
(main): Set option.
* g10/parse-packet.c (known_notations_list): New local var.
(register_known_notation): New.
(can_handle_critical_notation): Rewrite to handle the new feature.
Also print the name of unknown notations in verbose mode.
--
GnuPG-bug-id: 4060
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (impex_filter_getval): Add new "usage" property for
drop-subkey filter.
--
For example, this permits extraction of only encryption-capable
subkeys like so:
gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR
GnuPG-Bug-id: 4019
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (main): Set some list options.
--
The new command --show-keys is commonly used to check the content of a
file with keys. In this case it can be expected that all included
subkeys and uids are of interested, even when they are already expired
or have been revoked.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
* g10/import.c (import_keys_internal): Don't print stats in show-only
mode.
(import_one): Be silent in show-only mode.
--
Using
--import --import-options show-only
to look at a key is too cumbersome. Provide this shortcut and also
remove some diagnostic cruft in this case.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oAllowMultisigVerification)
(oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
(opts): Turn --allow-multisig-verification, --allow-multiple-messages
and --no-allow-multiple-messages into NOPs
* g10/options.h (struct opt): Remove flags.allow_multiple_messages.
* g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
false.
--
These options are very old compatibility hacks and should not be used
anymore. We keep them as dummy options in case someone has them in
the conf file.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c: Make --pgp6 an alias for --pgp7.
* common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6.
* g10/options.h (PGP6): Remove. Adjust all users.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used.
(use_aead): Ignore MDC options. Print warning for missing MDC feature
flags.
* g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
(warn_missing_aead_from_pklist): this and adjust.
--
The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/options.h (struct opt): Remove 'no_mdc_var'.
* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
* g10/mainproc.c (proc_encrypted): Ditto.
--
Users should not be allowed to suppress the warning that they are
shooting into their foot.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (opts): Add new option.
(opt_set_iobuf_size): New var.
(set_debug): Set the option.
* tests/openpgp/armor.scm: Use this option to revert the buffer size
to the one which used to exhibit the tested bugs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
Note that pinentry-mode needs to be loopback.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
--
A simple read of gpg(1) is ambiguous about whether --encrypt could be
for either symmetric or pubkey encryption. Closer inference suggests
that --encrypt is about pubkey encryption only. Make that clearer on
a first read.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
--
A simple read of gpg(1) is ambiguous about whether --encrypt could be
for either symmetric or pubkey encryption. Closer inference suggests
that --encrypt is about pubkey encryption only. Make that clearer on
a first read.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
--
Note that this will likely add the suffix '#' top "sec" because the
secret key has not yet (or will not be) imported. If the secret key
already exists locally another suffix might be printed. The upshot is
that the suffix has no usefulness.
GnuPG-bug-id: 3431
Signed-off-by: Werner Koch <wk@gnupg.org>
--
It seems people are using --list-sigs instead of --check-sigs and do
not realize that the signatures are not checked at all. We better
highlight the use of --check-sigs to avoid this UI problem.
Suggested-by: Andrew Gallagher
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--
This is a partial reversion of
7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it
earlier today, and came to the conclusion that:
* the risk of metadata leakage represented by a default
--auto-key-retrieve, both in e-mail (as a "web bug") and in other
contexts where GnuPG is used to verified signatures, is quite high.
* the advantages of --auto-key-retrieve (in terms of signature
verification) can sometimes be achieved in other ways, such as when
a signed message includes a copy of its own key.
* when those other ways are not useful, a graphical, user-facing
application can still offer the user the opportunity to choose to
fetch the key; or it can apply its own policy about when to set
--auto-key-retrieve, without needing to affect the defaults.
Note that --auto-key-retrieve is specifically about signature
verification. Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate. This change
does not touch the --auto-key-locate default of "local,wkd". The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc/gpg.texi: Document new option.
* g10/call-dirmngr.c (create_context): Fail if option is given.
* g10/gpg.c (cmd_and_opt_values): New value.
(opts): New option.
(gpgconf_list): Add new option.
(main): Handle new option.
* g10/options.h (struct opt): New field 'disable_dirmngr'.
* tools/gpgconf-comp.c (gc_options_gpg): New option.
GnuPG-bug-id: 3334
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
keyserver options. Set the default for --auto-key-locate to
"local,wkd". Reset that default iff --auto-key-locate has been given
in the option file or in the commandline.
* g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
--
GnuPG-bug-id: 3324
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (IMPORT_DRY_RUN): New.
* g10/import.c (parse_import_options): Add "show-only".
(import_one): use that as alternative to opt.dry_run.
--
This is just a convenience thing for
--import-options import-show --dry-run
Signed-off-by: Werner Koch <wk@gnupg.org>
--
dev.gnupg org is the development platform but the canonical bug
address is and has always been bugs.gnupg.org. We should keep on
using this address for the case that we switch the tracker again or
split it off the development system.
That is also the reason why we should keep on communicating a plain
bug number without the 'T' prefix.
Signed-off-by: Werner Koch <wk@gnupg.org>