* g10/gpg.c (oForbidGenKey, opts): New option.
(mopt): New local struct
(gen_key_forbidden): New.
(main): Set and handle the option.
--
In large system installation it is sometimes useful to make it a bit
harder for users to generate their own keys. An example is a policy
to not use on-disk keys.
* g10/tdbdump.c (export_ownertrust): Skip records marked with the
option --trusted-key.
(import_ownertrust): Clear the trusted-key flag.
* g10/tdbio.h (struct trust_record): Add field flags.
* g10/tdbio.c (tdbio_dump_record): Improve output.
(tdbio_read_record, tdbio_write_record): Handle flags.
* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
the flag for new --trusted-keys.
(tdb_update_ownertrust): Add arg as_trusted_key. Update callers.
--
GnuPG-bug-id: 5685
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.
(create_server_socket): Implement option.
* dirmngr/dirmngr.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option. Add comment to eventually implement it.
--
Note that --steal-socket has currently no effect on dirmngr because
dirmngr does this anway.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (MYPROC_SELF_EXE): New.
(unix_rootdir): Use it here. Also support GNUPG_BUILD_ROOT as
fallback.
--
In addition this adds a fallback method for AIX etc which do not have
an easy way to get the info.
* tools/gpgconf-comp.c (munge_config_filename): New.
(change_options_program): Call it.
--
In case a system-wide config exists but no local file, the component
returns the name of the system-wide config file and gpgconf tried to
update this file. This fixes this by detecting the presense of a
system-wide config file.
This applies only to 2.2; the configuration system in 2.3 has been
heavily changed to better handle system-wide configuration files.
GnuPG-bug-id: 5650
* g10/gpg.c (oOverrideComplianceCheck): New.
(opts): Add new option.
(main): Set option and add check for batch mode.
* g10/options.h (opt): Add flags.override_compliance_check.
* g10/sig-check.c (check_signature2): Factor complaince checking out
to ...
(check_key_verify_compliance): new. Turn error into a warning in
override mode.
--
There is one important use case for this: For systems configured
globally to use de-vs mode, Ed25519 and other key types are not
allowed because they are not listred in the BSI algorithm catalog.
Now, our release signing keys happen to be Ed25519 and thus we need to
offer a way for users to check new versions even if the system is in
de-vs mode. This does on purpose not work in --batch mode so that
scripted solutions won't accidently pass a signature check.
GnuPG-bug-id: 5655
Backported-from-master: fb26e144adfd93051501d58f5d0d4f8826ddf436
* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.
--
This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
GnuPG-bug-id: 5639
Backported-from-master: 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d
* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
(MAX_GENPIN_TRIES): Remove.
* agent/call-pinentry.c (struct entry_parm_s):
(struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
(is_generated_pin): New.
(inq_cb): Suppress constraints checking for a generated passphrase.
No more need for several tries to generate the passphrase.
(do_getpin): Store a generated passphrase/pin in the status field.
(agent_askpin): Suppress constraints checking for a generated
passphrase.
(agent_get_passphrase): Ditto.
* agent/command.c (cmd_get_passphrase): Ditto.
--
A generated passphrase has enough entropy so that all kind of extra
checks would only reduce the actual available entropy. We thus detect
if a passphrase has been generated (and not changed) and skip all
passphrase constraints checking.
* common/recsel.c (recsel_parse_expr): Add flag -t.
* common/stringhelp.c (strtokenize): Factor code out to
do_strtokenize.
(strtokenize_nt): New.
(do_strtokenize): Add arg trim to support the strtokenize_nt.
* common/t-stringhelp.c (test_strtokenize_nt): New test cases.
* tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
flag -t.
--
This fixes a bug with user ids with leading spaces because:
wks-client lists all mail addresses from the key and matches them to the
requested mail address.
If there are several user-ids all with the same mail address
wks-client picks one of them and then extracts exactly that user id.
However, here it does not match by the mail address but by the full
user-id so that we can be sure that there will be only one user-id in
the final key.
The filter built expression unfortunately strips leading blanks but
requires a verbatim match. Thus it won't find the user id again and
errors out.
The new -t flag and a non-trimming strtokenize solves the problem.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg. Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing. Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constraints flag from the supplied pinentry
struct.
--
Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different. Thus a
the use of a different pattern file will be useful. Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.
GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 7c45a69eb988e9c0329d75900af0c5b1e47291b7
agent: New option --check-sym-passphrase-pattern.
* agent/agent.h (opt): Add field pinentry_formatted_passphrase.
* agent/call-pinentry.c (setup_formatted_passphrase): New.
(agent_get_passphrase): Pass option to pinentry.
* agent/gpg-agent.c (oPinentryFormattedPassphrase): New.
(opts): Add option.
(parse_rereadable_options): Set option.
--
GnuPG-bug-id: 5553, 5517
This is a squashed backport of two commits from master.
Backport-from-master: bf20a80f68449cc83b67c53ba9a0a84c45827ac4
Backport-from-master: 99601778f4a9dc1c9fee792361c959f5e0732cfd
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-check-pattern.c: Major rewrite.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 73c03e02322880c740310207dd2151cfd843792e
Here is a simple pattern file:
====================
# Pattern to reject passwords which do not comply to
# - at least 1 uppercase letter
# - at least 1 lowercase letter
# - at least one number
# - at least one special character
# and a few extra things to show the reject mode
# Reject is the default mode, ignore case is the default
#[reject]
#[icase]
# If the password starts with "foo" (case insensitive) it is rejected.
/foo.*/
[case]
# If the password starts with "bar" (case sensitive) it is rejected.
/bar.*/
# Switch to accept mode: Only if all patterns up to the next "accept"
# or "reject" tag or EOF match, the password is accepted. Otherwise
# the password is rejected.
[accept]
/[A-Z]+/
/[a-z]+/
/[0-9]+/
/[^A-Za-z0-9]+/
=================
* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
keyserver.ubuntu.com.
* dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/http.c (http_session_new): Ditto.
* dirmngr/server.c (make_keyserver_item): Use a different mapping for
the gnupg.net names.
--
Due to the unfortunate shutdown of the keyserver pool, the long term
defaults won't work anymore. Thus it is better to change them.
For https access keyserver.ubuntu.com is now used because it can be
expected that this server can stand the load from newer gnupg LTS
versions.
For http based access the Dutch Surfnet keyserver is used. However
due to a non-standard TLS certificate this server can not easily be
made the default for https.
Note: that the default server will be changed again as soon as a new
connected keyserver infrastructure has been established.
* sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an
alias.
--
We should use "keyserver" for OpenPGP and thus it is better to allow
for "ldapserver" here - it is the same convention as now used in
dirmngr.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
UTF-8 for input and putput. Switch gettext to UTF-8.
* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
--
With this patch the former patch to use ReadConsoleW and WriteConsoleW
in ttyio.c are kind of superfluous because the ANSI version of these
functions are also able to read/write UTF-8 directly given the console
code page has been set correctly. However, this seems to work only
with recent versions of Windows-10.
GnuPG-bug-id: 4365
(cherry picked from commit 8c41b8aac3efb78178fe1eaf52d8d1bbc44941a8)
Removed changes for "gpgconf --show-codepages" of the original patch.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT.
* dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ...
(parse_rereadable_options): here.
--
Note that this has not yet been tested. In fact a test with OpenLDAP
using a modified route got stuck in the connection attempt. Maybe it
works on Windows - will be tested later.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (opts): Add option --ldapserver.
(ldapserver_list_needs_reset): New var.
(parse_rereadable_options): Implement option.
(main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used.
* dirmngr/server.c (cmd_ldapserver): Add option --clear and list
configured servers if none are given.
--
This option allows to specify LDAP keyserver in dirmngr instead of
using gpgsm.conf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/keyserver.h: Remove.
* sm/gpgsm.h (struct keyserver_spec): Remove.
(opt): Change keyserver to a strlist_t.
* sm/gpgsm.c (keyserver_list_free): Remove.
(parse_keyserver_line): Remove.
(main): Store keyserver in an strlist.
* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid
an ambiguity in dirmngr by adding a prefix if needed.
* g10/options.h (struct keyserver_spec): Move definition from
keyserver.h to here. Remove most fields.
* g10/keyserver.c (free_keyserver_spec): Adjust.
(cmp_keyserver_spec): Adjust.
(parse_keyserver_uri): Simplify.
(keyidlist): Remove fakev3 arg which does not make any sense because
we don't even support v3 keys.
--
We now rely on the dirmngr to parse the keyserver specs. Thus a bad
specification will not be caught immediately. However, even before
that dirmngr had stricter tests.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_pubkey_with_ldap_fallback): New.
* g10/trustdb.c (verify_own_keys): Use it.
(cherry picked from commit 100037ac0f558e8959fc065d4703c85c2962489e)
* g10/keyserver.c (keyserver_import_fprint_ntds): New.
* g10/getkey.c (get_pubkey_byname): Detect an attempt to search by
fingerprint in no_local mode.
--
See the man page. For testing use
gpg --auto-key-locate local,wkd,keyserver --locate-external-key \
FINGERPRINT
with at least one LDAP keyserver given in dirmngr.conf. On Windows
"ntds" may be used instead or in addtion to "keyserver".
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ec36eca08cdbf6653e7362e8e0e6c5f2c75b4a60)
* scd/scdaemon.h (opt): Add field opcsc_shared.
* scd/scdaemon.c (opcscShared): New.
(opts): Add "--pcsc-shared".
(main): Set flag.
* scd/apdu.c (connect_pcsc_card): Use it.
(pcsc_get_status): Take flag in account.
* scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared
mode.
--
This option should in general not be used. The patch tries to limit
bad effects but using shared mode is somewhat dangerous depending on
the other PC/SC users.
(cherry picked from commit 5732e7a8e97cebf8e850c472e644e2a9b040836f)
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--
I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are. Thus we
can allow the import of key signature from LDAP keyservers by default.
GnuPG-bug-id: 5387
* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
(main): Set it.
* g10/options.h (opt): New flag flags.force_sign_key.
* g10/keyedit.c (sign_uids): Use new flag.
--
GnuPG-bug-id: 4584
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
extension.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
hostname - which is NULL and thus the same if not given. Fix minor
error in error code handling.
--
Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet
been officially regisetered. Thus for correctness the OID can be
used:
1.3.6.1.4.1.11591.2.5 LDAP URL extensions
1.3.6.1.4.1.11591.2.5.1 gpgNtds=1 (auth. with current user)
Note that the value must be 1; all other values won't enable AD
authentication and are resevered for future use.
--
The tool has no more configure option to build it and thus the man
page does not make sense. We keep the actual file for reference,
though.
GnuPG-bug-id: 5290
* doc/gpg.texi: Add parameters for batch generation of ECC keys.
--
There are parameters required for batch generation of ECC keys which
weren't mentioned in the documentation.
Signed-off-by: Jens Meißner <meissner@b1-systems.de>
* scd/command.c (reset_notify): Add option --keep-lock.
(do_reset): Add arg keep_lock.
(cmd_lock): Send progress status.
* g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs.
* g10/card-util.c (send_apdu): Ditto.
(factory_reset): Use lock commands.
--
This is required so that for example Kleopatra does not detect the
RESET and issues a SERIALNO of its own, thus conflicting with our
SERIALNO undefined.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/examples/vsnfd.prf: Rename to VS-NfD.prf.
* doc/examples/Automatic.prf: New.
* doc/Makefile.am (examples): Adjust.
* build-aux/speedo/w32/inst.nsi: Install gpg-check-pattern.exe and 3
example files.
* build-aux/speedo/w32/wixlib.wxs: Add new files.
--
Note that we renamed the existing example profile so that kleopatra
shows a nicer name. In fact the gpg4win installer just copies of
theses file but it is better to maintain them here.
gpg-check-pattern.exe can no be installed because we meanwhile have a
regex lib which works also on Windows.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Fixes-commit: 5ade2b68db231c78d8ecca0eb21db2153da958d2
which was recently pushed to make use of $SOURCE_DATE_EPOCH
as fallback.
(cherry picked from commit 61bb75d045a3709d1cba0084c95e991dfd52c8ee)
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
(gen_rsa): Set fallback to 3072.
(get_keysize_range): Set default to 3072.
* doc/examples/vsnfd.prf: No more need for default-new-key-algo.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(opts): Make --enable-extended-key-format a dummy option. Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
* agent/protect.c (agent_protect): Be safe and set use_ocb either to
to 1 or 0.
--
Extended key format is supported since version 2.1.12 which should have
long been replaced by a newer version in all installations. Thus for
2.2.22 we will make use of the extended-key-format by default.
This is a backport of the commits:
05eff1f6623c272fcabd4e238842afc832710324
91ae3e7fb66271691f6fe507262a62fc7e2663a3
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgtar.c (oUtf8Strings): New.
(opts): Add option --utf8-strings.
(parse_arguments): Set option.
* tools/gpgtar.h (opt): Add field utf8strings.
* tools/gpgtar-create.c (name_to_utf8): New.
(fillup_entry_w32): Use that.
(scan_directory): Ditto.
(scan_directory) [W32]: Convert file name to utf8.
(gpgtar_create): Convert pattern.
--
Note that this works only with file names read from a file or if the
specified files on the command line are plain ascii. When recursing
into a directory Unicode file names work again. This limitation is
due to main(int, char**) which can't get the wchar version. We could
fix that but is needs a bit more work in our init code.
GnuPG-bug-id: 4083
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
(list_cert_raw): Print the SHA2 fingerprint.
(list_cert_std): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: e7d70923901eeb6a2c26445aee9db7e78f6f7f3a
Here in 2.2 we keep the string "fingerprint:" and no not change it to
"sha1 fpr" as we did in master (2.3).