* g10/gpg.c (main): Remove note about rfc4880bis.
* g10/keygen.c (keygen_set_std_prefs): Use only OCB in the AEAD
preference list.
--
It is more than unlikely that EAX will ever be used in practice and
thus we remove it from the preference list.
* g10/misc.c (openpgp_cipher_algo_mode_name): New.
* g10/decrypt-data.c (decrypt_data): Use function here.
--
Note that openpgp_cipher_algo_mode_name is different from the version
2.2 becuase we append ".CFB" here.
Without this change we would see
gpg: cipher algorithm 'AES256' may not be used in
--compliance=de-vs mode
This is confusing because AES256 is compliant. Now we see
gpg: cipher algorithm 'AES256.OCB' may not be used in
--compliance=de-vs mode
which gives a hint on the problem.
* g10/decrypt-data.c (decrypt_data): Add arg compliance_error. Adjust
all callers. Fail on compliance error only in --require-compliance
mode. Make sure to return an error if the buffer is missing; actually
that should be an assert.
* g10/mainproc.c (proc_encrypted): Delay printing of the compliance
mode status. Consult the compliance error now returned by
decrypt_data.
--
The actual case here is that we fail hard if a message has been AEAD
encrypted with one AEAD capable key and also with one passphrase. In
general the preference system takes care of not using AEAD if one
recipient's key does not support it. However, if the sender uses her
own AEAD-capable key _and_ a passphrase the message will be AEAD
encrypted. This change allows to decrypt that anyway along with a
warning message.
Note that this does currently not work in 2.3 due to a non-compliant
libgcrypt. We will however, backport this to 2.2.
* g10/sign.c (sign_symencrypt_file): Insert correct version and AEAD
information into symkey packet.
--
GnuPG-bug-id: 5856
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* g10/options.h (opt): Add field flags.require_compliance.
* g10/gpg.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
(check_sig_and_print): Ditto.
* g10/encrypt.c (encrypt_crypt): Ditto.
--
Note that in the --encrypt and --verify cased other checks may kick in
earlier than this new --require-compliance controlled one.
* common/iobuf.c (filter_flush): Remove "src_len == 0" check.
* g10/compress-bz2.c (do_compress): Exit early if flush not
forced and input length is zero.
* g10/compress.c (do_compress): Likewise.
--
Remove "(src_len == 0)" check in filter_flush which was
introduced to fix compress failure caused by zero length
flush from iobuf_close. However this check broke enarmoring
file with length of zero. Patch instead fixes zero length
flush problem in compress filters.
GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/cipher-aead.c (do_hash): Add faster path for encrypting directly
from input buffer instead of memcpying then encrypting inplace.
--
When encrypting with AES256.OCB on AMD Ryzen 5800X, memcpy shows as
taking largest portion of computation time. Patch adds fast path for
AEAD encryption which largely eliminates need for memcpying when
doing AEAD encryption. AES256.OCB throughput increases from 2.2GB/s
to 4.2GB/s on said system (1.9x faster).
GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/decrypt-data.c (decrypt_data): Disable estream buffering for
output file.
--
Here estream is filled with iobuf_copy which already uses large buffers
so additional buffering in estream was just adding memory copy overhead.
GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/plaintext.c (handle_plaintext): Disable estream buffering in
binary modes.
--
Since in binary mode, large buffers are passed from source iobuf to
target estream, extra buffering in estream only causes extra memory
copying and overhead.
GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* common/iobuf.c (iobuf_copy): Use iobuf buffer size for temporary
buffers.
* g10/plaintext.c (handle_plaintext, do_hash): Likewise.
* g10/sign.c (sign_file): Likewise.
--
As iobuf will have zerocopy operation for read/write, it is better to
use same size buffers as iobuf for temporary copy buffers.
GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/sign.c (sign_file): Use iobuf_read instead of iobuf_get for
reading data from detached file.
--
This patch reduces iobuf_read per byte processing overhead and speeds
up detached signing.
Detached signing speed on AMD Ryzen 5800X (4.3GiB file, SHA256):
gpg process
user time
before: 3.951s
after: 1.898s (2.0x faster)
GnuPG-bug-id: T5826
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/plaintext.c (do_hash): Use iobuf_read instead of iobuf_get for
reading data; Use gcry_md_write instead of gcry_md_putc for hash data.
--
This patch reduces iobuf_read per byte processing overhead and speeds
up detached signature verifying.
Detached verifying speed on AMD Ryzen 5800X (4.3GiB file, SHA256):
gpg process
user time
before: 9.410s
after: 1.913s (4.9x faster)
GnuPG-bug-id: T5826
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/mainproc.c (proc_tree): Call ask_for_detached_datafile
with MD2=NULL.
--
Here, c->mfx.md2 is always NULL, in fact. But, text-wise
(when searching the use of "mfx.md2"), before the change, it used
mfx.md2, which is irrelevant in the handling of PKT_ONEPASS_SIG.
Note that: One-Pass Signature is not available in PGP2.
This fix removes (text-wise) unmatch of the calls of functions
hash_datafile_by_fd hash_datafiles, and ask_for_detached_datafile.
Fixes-commit: 88a916cdd4
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_mdc'.
(release_list): Clear 'seen_pkt_encrypted_mdc'.
(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
(have_seen_pkt_encrypted_aead): Rename to...
(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
'seen_pkt_encrypted_mdc'.
(proc_plaintext): Do not enable extra hash contexts when decrypting
MDC input.
--
Avoiding extra hash contexts speeds up CFB/MDC decryption quite
a lot. For example, decrypting symmetric-key AES-256 encrypted
4 GiB file from RAM to /dev/null sees ~3.4x speed increase on
AMD Ryzen 5800X:
AES256.CFB encryption: 783 MB/s
AES256.CFB decryption: 386 MB/s (before)
AES256.CFB encryption: 1.3 GB/s (after patch)
Note, AEAD is still significantly faster:
AES256.OCB encryption: 2.2 GB/s
AES256.OCB decryption: 3.0 GB/s
GnuPG-bug-id: T5820
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/cipher-aead.c (do_flush): Use PRIu64.
* g10/decrypt-data.c (aead_underflow): Likewise.
--
Even among LP64 data model machines, uint64_t type may differ;
unsigned long or unsigned long long.
Only portable way is use of PRIu64.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/filter.h (armor_filter_context_t): New fields dearmor_mode and
dearmor_state.
* g10/dearmor.c (dearmor_file): Set dearmor_mode.
* g10/armor.c (is_armor_header): Magic to switch to generic dearmor
mode.
(parse_header_line): Treat non OpenPGP armor in a special way.
(check_input): Ditto.
(radix64_read): Detect non OpenPGP armor END lines.
* g10/call-agent.c (learn_status_cb): Parse APPVERSION.
* g10/call-agent.h (struct agent_card_info_s): Add field appversion.
* g10/card-util.c (print_a_version): New.
(current_card_status): Print version from appversion.
--
This is a regression due to the PIV support. Note that the newer
gpg-card worked correctly.
GnuPG-bug-id: 5787
* g10/keygen.c (generate_subkeypair): On error, write error and
"key not created" message to status interface.
--
This change allows users of the status/command interface to detect
errors when adding a subkey to a key. Similar status messages are
output by do_generate_keypair.
GnuPG-bug-id: 5771
* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
* doc/help.txt (gpg.keygen.keygrip): New help text.
--
This change makes it possible to add an existing (sub)key to
another key via the status/command interface.
GnuPG-bug-id: 5771
* g10/pkglue.c (sexp_extract_param_sos_nlz): New.
* g10/pkglue.h: Add the declaration.
* g10/sign.c (do_sign): Use sexp_extract_param_sos_nlz for Ed25519.
--
Ed25519 signature in GnuPG 2.2 has no leading zeros.
GnuPG-bug-id: 5331
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/export.c (key_to_sshblob): Use put_membuf with length counted
beforehand, and use memcmp instead of strncmp.
--
GnuPG-bug-id: 5393
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (oForbidGenKey, opts): New option.
(mopt): New local struct
(gen_key_forbidden): New.
(main): Set and handle the option.
--
In large system installation it is sometimes useful to make it a bit
harder for users to generate their own keys. An example is a policy
to not use on-disk keys.
--
The last key is new. As usual the key is on a dedicated card with the
Admin PIN accessible to a few core hackers.
# ------------------------ >8 ------------------------
pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15]
5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key)
uid Andre Heinecke (Release Signing Key)
sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key)
sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <aheinecke@intevation.de>
pub ed25519 2020-08-24 [SC] [expires: 2030-06-30]
6DAA6E64A76D2840571B4902528897B826403ADA
uid Werner Koch (dist signing 2020)
sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020)
sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig)
sig 63113AE866587D0A 2020-08-24 wk@gnupg.org
sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing)
sig F2AD85AC1E42B367 2020-08-24 Werner Koch <wk@gnupg.org>
pub ed25519 2021-05-19 [SC] [expires: 2027-04-04]
AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
uid Niibe Yutaka (GnuPG Release Key)
sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key)
sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <gniibe@fsij.org>
sig E267B052364F028D 2021-09-14 NIIBE Yutaka <gniibe@fsij.org>
pub brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31]
02F38DFF731FF97CB039A1DA549E695E905BA208
uid GnuPG.com (Release Signing Key 2021)
sig 3 549E695E905BA208 2021-10-15 GnuPG.com (Release Signing Key 2021)
sig 528897B826403ADA 2021-10-15 Werner Koch (dist signing 2020)
sig E3FDFF218E45B72B 2021-10-15 Werner Koch (wheatstone commit signing)
* g10/tdbdump.c (export_ownertrust): Skip records marked with the
option --trusted-key.
(import_ownertrust): Clear the trusted-key flag.
* g10/tdbio.h (struct trust_record): Add field flags.
* g10/tdbio.c (tdbio_dump_record): Improve output.
(tdbio_read_record, tdbio_write_record): Handle flags.
* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
the flag for new --trusted-keys.
(tdb_update_ownertrust): Add arg as_trusted_key. Update callers.
--
GnuPG-bug-id: 5685
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (parse_revocation_key): Store the fingerprint length in
created structure.
--
GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* g10/gpg.c (oOverrideComplianceCheck): New.
(opts): Add new option.
(main): Set option and add check for batch mode.
* g10/options.h (opt): Add flags.override_compliance_check.
* g10/sig-check.c (check_signature2): Factor complaince checking out
to ...
(check_key_verify_compliance): this. Turn error into a warning in
override mode.
--
There is one important use case for this: For systems configured
globally to use de-vs mode, Ed25519 and other key types are not
allowed because they are not listred in the BSI algorithm catalog.
Now, our release signing keys happen to be Ed25519 and thus we need to
offer a way for users to check new versions even if the system is in
de-vs mode. This does on purpose not work in --batch mode so that
scripted solutions won't accidently pass a signature check.
GnuPG-bug-id: 5655
--
This is per OpenPGP WG design team decision from 2021-08-13
(raising a new wall after exactly 60 years ;-)
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_encrypted): Fix the condition to report
NO_SECKEY even when the key was not considered by get_session_key.
--
GnuPG-bug-id: 5562
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/keyserver.h: Remove.
* sm/gpgsm.h (struct keyserver_spec): Remove.
(opt): Change keyserver to a strlist_t.
* sm/gpgsm.c (keyserver_list_free): Remove.
(parse_keyserver_line): Remove.
(main): Store keyserver in an strlist.
* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid
an ambiguity in dirmngr by adding a prefix if needed.
* g10/options.h (struct keyserver_spec): Move definition from
keyserver.h to here. Remove most fields.
* g10/keyserver.c (free_keyserver_spec): Adjust.
(cmp_keyserver_spec): Adjust.
(parse_keyserver_uri): Simplify.
(keyidlist): Remove fakev3 arg which does not make any sense because
we don't even support v3 keys.
--
We now rely on the dirmngr to parse the keyserver specs. Thus a bad
specification will not be caught immediately. However, even before
that dirmngr had stricter tests.
Signed-off-by: Werner Koch <wk@gnupg.org>
Ported-from: 9f586700ec
* g10/openfile.c (overwrite_filep): Use gnupg_access.
--
As said, this is just an obvious but partial fix. We need to review
things for the output module.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_keyinfo): Factor some code out to ...
(get_keyinfo_on_cards): ... new.
(cmd_havekey): Add --list mode.
* g10/gpg.h (struct server_control_s): Add new caching vars.
* g10/gpg.c (gpg_deinit_default_ctrl): Release cache.
* g10/call-agent.c (agent_probe_any_secret_key): Init and try to use
the keygrip cache.
(agent_genkey): Clear the cache.
(agent_import_key): Ditto.
* g10/keylist.c (list_all, list_one): Pass ctrl to
agent_probe_any_secret_key.
* g10/getkey.c (lookup): Ditto.
--
With this change we first ask the agent for a list of all secret
keygrips and use that list instead of asking the agent for each public
key. Speeds up my "gpg -K" with a lot of secret and public keys by
more than 25%.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
(passphrase_to_dek_ext): Remove this obsolete prototype.
* g10/passphrase.c (passphrase_get): Add arg flags. Use new flag
value.
(passphrase_to_dek): Add arg flags and pass it on.
* g10/mainproc.c (proc_symkey_enc): Use new flag.
* sm/decrypt.c (pwri_decrypt): Use "passphrase".
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 03f83bcda5)
Note that we keep on using the term "passphrase" although "password"
would be better. There are however so many occurance of this and
given it is a bike shedding topic we fix that in the PO files.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command-ssh.c (ssh_handler_request_identities): Remove double
check of ERR.
* g10/getkey.c (get_pubkey_byname): Remove double use of break.
* g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
failed malloc.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyserver.c (keyserver_import_name): Rename to ...
(keyserver_import_mbox): this. And use mail search mode.
* g10/getkey.c (get_pubkey_byname): Change the two callers.
--
In contrast to a search via keyserver_import_ntds the older
keyserver_import_name used a full match of the provided name despite
that it is only called with an addr-spec (mbox). Due to the mode the
pattern send to dirmngr was prefixed with a '=' and thus dirmngr used
an exact search;. This did only work for provided user ids like
"foo@example.org" but not for "<foo@example.org>" or
"Foo <foo@xample.org>". The old code dates back to 2010.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (opts): New field expl_import_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--
I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are. Thus we
don't clean the key anymore so that key certifications are kept even
if the public key has not yet been imported.
See-commit: 6c26e593df
GnuPG-bug-id: 5387
* agent/command.c (cmd_readkey): Add option --no-data and special
handling for $SIGNKEYID and $AUTHKEYID.
* g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
output.
* g10/skclist.c (enum_secret_keys): Automagically get a missing public
key for the current card.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyserver.c (keyserver_import_fprint_ntds): New.
* g10/getkey.c (get_pubkey_byname): Detect an attempt to search by
fingerprint in no_local mode.
--
See the man page. For testing use
gpg --auto-key-locate local,wkd,keyserver --locate-external-key \
FINGERPRINT
with at least one LDAP keyserver given in dirmngr.conf. On Windows
"ntds" may be used instead or in addtion to "keyserver".
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/kbxserver.c (cmd_search): Use the openpgp hack for calling
classify_user_id.
* kbx/backend-sqlite.c (run_select_statement): Remove angle brackets
in exact addrspec mode.
* g10/call-keyboxd.c (keydb_search): Do not duplicate the left angle
bracket.
* sm/keydb.c (keydb_search): Ditto.
--
Note that the openpgp hack flag of classify_user_id is actually a
misnomer because we actually hack a round a problem in gpgsm. And it
is only over there that we don't set it there. In keyboxd the flag
should be set. And we need to remove the angle brackets of course
because that is how we create the addrspec column values.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Don't use the default log file from common.conf.
* sm/gpgsm.c (main): Ditto.
--
That was acutally not intended and contradicts the description in
doc/example/common.conf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (show_prefs): Show 'AEAD' if flags.aead is set.
--
The terse 'pref' command in the key editor correctly shows '[aead]'
if the uid->flags.aead is set, but the more verbose 'showpref'
command does not, due to an inverted condition check.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* common/comopt.c, common/comopt.h: New.
* common/Makefile.am: Add them.
* g10/gpg.c: Include comopt.h.
(main): Also parse common.conf.
* sm/gpgsm.c: Include comopt.h.
(main): Set a flag for the --no-logfile option. Parse common.conf.
* tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
pseudo option "use_keyboxd".
(known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
(known_options_gpgsm): Remove "use-keyboxd".
* tests/openpgp/defs.scm (create-gpghome): Create common.conf.
* doc/examples/common.conf: New.
--
Note that --use-keybox still works but prints a warning. We will
eventually remove this option becuase it was marked as an experimental
feature anyway.
It would be too confusing if gpg and gpgsm use different key storages.
Further, other components (e.g. dirmngr or gpg-wks-client) which call
gpg or gpgsm need to be aware that the keyboxd is used and pass that
option on the command line. Now that common.conf is always read (even
if --no-options is used) those tools will work instantly.
* g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
key from the current card via LDAP.
* g10/call-dirmngr.c: Include keyserver-intetnal.h.
(gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the
new LDAP flag.
* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
Replace the use of the value 1 for the former quick arg.
(KEYSERVER_IMPORT_FLAG_LDAP): New.
* g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
length.
* dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
* dirmngr/server.c (cmd_ks_get): Add option --ldap.
--
This change makes it easy to start working with gnupg: Just insert the
smartcard or token provided to you and the first time you sign a
message the public key associated with the current card will be
imported and everything is set without any configuration.
This works only with an LDAP directory because it can be expected that
the public key has been put into the LDAP during card personalization.
Of course an LDAP server needs to be configured; in a Windows AD
domain this can be a mere "keyserver ldap:///" in dirmngr.conf. Other
configured keyservers are ignored.
Requirements for the card driver: The $SIGNKEYID attribute must exists
and a query for the KEY-FPR attribute needs to return the OpenPGP
fingerprint for that key. This is currently supported for OpenPGP
cards and certain PKCS#15 cards.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--
I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are. Thus we
can allow the import of key signature from LDAP keyservers by default.
GnuPG-bug-id: 5387
* tools/gpgconf-comp.c (known_pseudo_options_gpg): Add
"compliance_de_vs".
* g10/gpg.c (gpgconf_list): Returh that pseudo option.
--
Of course this will always return false for this version of gnupg.
But as soon as this version has been approved we have everything ready
for a runtime check.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
(main): Set it.
* g10/options.h (opt): New flag flags.force_sign_key.
* g10/keyedit.c (sign_uids): Use new flag.
--
GnuPG-bug-id: 4584
* agent/command.c (cmd_keytotpm): New.
(agent/command.c): Register new command KEYTOTPM.
* g10/call-agent.c (agent_keytotpm): New.
* g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm".
(keyedit_menu): Implement.
--
The plumbing is done in two parts: the agent is modified to understand
a KEYTOTPM assuan command taking the key grip as an argument. This
simply obtains the key s expression and calls the existing writeky
diversion to the tpm2daemon. The daemon reponds with the TPM
conversion of the key and that key is then stored in the keyfile as a
shadowed-private-key with "tpm2-v1" type.
To effect the conversion, all the user does from gpg --edit-key is
select which private key they wish to move (or move the primary if no
key is selected) and type keytotpm. The conversion to TPM form is
instantaneous and once converted, the actual key cannot be recovered,
meaning that if you want your gpg key to move to a new laptop you must
keep an unconverted backup copy in a safe location.
When you do a list command, all TPM keys show up as
card-no: TPM-Protected
The key is stored encrypted to the TPM2 storage seed and since each
TPM has a unique seed, only the single TPM contained in your laptop
can now read the key. This means you cannot simply copy the shadowed
key file over to a new laptop, you must copy over the backup copy and
then convert it to TPM form on the new laptop.
To decomission your laptop, execute a tssclear command which
regenerates the storage seed and effectively shreds all keys. Note
when you have done this *every* TPM2 shadowed private key becomes
unreadable by any TPM and all are effectively destroyed.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Very minor cosmetic changes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-w32.c (gnupg_spawn_process): Change to use
CreateProcessW.
(gnupg_spawn_process_fd): Ditto.
(gnupg_spawn_process_detached): Ditto.
* g10/exec.c (w32_system): Ditto.
--
GnuPG-bug-id: 4398
We do not use this weirdo CREATE_UNICODE_ENVIRONMENT flag because it
does not make any sense to have non-ASCII names in the environment. I
can't imagine why this should be used at all and rationale for this
API features is, well, sparse.
* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
UTF-8 for input and putput. Switch gettext to UTF-8.
* tools/gpgconf.c (main): Display the input and output codepage if
they differ.
* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
--
With this patch the former patch to use ReadConsoleW and WriteConsoleW
in ttyio.c are kind of superfluous because the ANSI version of these
functions are also able to read/write UTF-8 directly given the console
code page has been set correctly. However, this seems to work only
with recent versions of Windows-10.
GnuPG-bug-id: 4365
* g10/gpg.c (_dowildcard): Remove.
(my_strusage): Enable wildcards using our new system.
--
This patch actually removes the current globing using a mingw
feature. We are not able to use this because it does not handle
Unicode filenames. The plan is to implement this in init.c. This
patch merely configures gpg to request globing.
GnuPG-bug-id: 4398
* g10/photoid.c (get_default_photo_command): Change parameter for
xdg-open.
--
xdg-open spawns the user's preferred image viewer and then exits.
Therefore we must not remove the temp file when it exits,
otherwise by the time the actual image viewer is started the file
doesn't exist any more.
Signed-off-by: Nicolas Fella <nicolas.fella@gmx.de>
* g10/gpg.c: New option --allow-old-cipher-algos.
(set_compliance_option): Set --rfc4880bis explictly to SHA256 and
AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440.
* g10/options.h (opt): Add flags.allow_old_cipher_algos.
* g10/misc.c (print_sha1_keysig_rejected_note): Always print the note
unless in --quiet mode.
* g10/encrypt.c (setup_symkey): Disallow by default algos with a
blocklengt < 128.
(encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES.
* g10/pkclist.c (algo_available): Take care of old cipher also.
(select_algo_from_prefs): Use AES as implicit algorithm by default.
* tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos.
--
GnuPG-bug-id: 3415
* g10/gpg.c (oPrintPKARecords): Remove.
(opts): Remove --print-pka-records.
(main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff.
* g10/options.h (EXPORT_DANE_FORMAT): Remove.
(VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove.
(KEYSERVER_HONOR_PKA_RECORD): Remove.
* g10/packet.h (pka_info_t): Remove.
(PKT_signature): Remove flags.pka_tried and pka_info.
* g10/parse-packet.c (register_known_notation): Remove
"pka-address@gnupg.org".
* g10/pkclist.c (check_signatures_trust): Remove PKA stuff.
* g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove.
* g10/export.c (parse_export_options): Remove "export-pka".
(do_export): Adjust for this.
(write_keyblock_to_output): Ditto.
(do_export_stream): Ditto.
(print_pka_or_dane_records): Rename to ...
(print_dane_records): this and remove two args. Remove PKA printing.
* g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed
pka_info field.
* g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy.
* g10/keyserver.c: Remove "honor-pka-record".
(keyserver_import_pka): Remove.
* g10/mainproc.c (get_pka_address): Remove.
(pka_uri_from_sig): Remove.
(check_sig_and_print): Remove code for PKA.
--
PKA (Public Key Association) was a DNS based key discovery method
which looked up fingerprint by mail addresses in the DNS. This goes
back to the conference where DKIM was suggested to show that we
already had a better method for this available with PGP/MIME. PKA was
was later superseded by an experimental DANE method and is today not
anymore relevant. It is anyway doubtful whether PKA was ever widely
used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpgcompose.c: Remove
--
This tool duplicated a lot of code and was hard to maintain. IIRC, it
was part of some Univerity assignment and of no real use anymore.
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--
This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant. GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown
algorithm.
--
Trying to encrypt data created with
printf "\x8c\x49\x05\x0e\x0a\x03\x01"
fails in version 2.2.19 with
gpg: packet(3) with unknown version 5
but with later versions with
gpg: encrypted with unknown algorithm 14
gpg: Ohhhh jeeee: ... this is a bug \
([...]/passphrase.c:433:passphrase_to_dek)
so we better catch this case earlier.
Reported-by: Tavis Ormandy
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Require at least Libgcrypt 1.9.0. Remove all
GCRYPT_VERSION_NUMBER dependent code.
--
Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
* dirmngr/ks-engine-ldap.c (extract_attributes): Add args
extract-state and schemav2. Add data for the new schema version.
remove the legacy code to handle UIDs in the "pub" line.
(ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
pgpSignerID.
* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
--
The pgpSignerID has no use in the LDAP and thus don't store it.
David's idea back in 2004 was
/* This bit is really for the benefit of people who
store their keys in LDAP servers. It makes it easy
to do queries for things like "all keys signed by
Isabella". */
See-commit: 3ddd4410ae
I consider this dangerous because such a query is not able to validate
the signature, does not get revocation signatures, and also has no
information about the validity of the signatures. Further many keys
are spammed tehse days with faked signatures and it does not make
sense to blow up the LDAP with such garbage.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (quick_generate_keypair): Set pCARDKEY flag if algostr
is "card" or "card/...".
--
For keys stored on NetKey cards or PIV cards we do not necessarily
know the creation time. Therefore set the cardkey flag if the generation
of a key from the keys available on the currently inserted smartcard
is requested with the special algo "card" or, in case of the extended
unattended mode, with an algo like "card/sign".
GnuPG-bug-id: 5141
Signed-off-by: Ingo Klöcker <dev@ingo-kloecker.de>
* g10/keydb.h (pref_hint): Change from union to struct and add field
'exact'. Adjust callers.
* g10/pkclist.c (algo_available): Take care of the exact hint.
* g10/sign.c (sign_file): Rework the hash detection from
recipient prefs.
--
This fixes a encrypt+sign case like: One recipient key has SHA512 as
highest ranked hash preference but the the signing key is a 256 bit
curve. Because we don't want to use a truncated hash with ECDSA, we
need to have an exact match - this is in particular important for
smartcard which check that the hash matches the curves.
Signed-off-by: Werner Koch <wk@gnupg.org>
Ported-from-stable: aeed0b93ff
* tools/card-call-scd.c (scd_apdu): Add more pseudo APDUs.
* tools/card-misc.c (send_apdu): Handle them.
* tools/gpg-card.c (cmd_factoryreset): Use lock commands.
--
This is port of the code used with gpg-card-edit. Note that the
command "apdu" now also understands some extra keywords.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (reset_notify): Add option --keep-lock.
(do_reset): Add arg keep_lock.
(cmd_lock): Send progress status.
* g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs.
* g10/card-util.c (send_apdu): Ditto.
(factory_reset): Use lock commands.
--
This is required so that for example Kleopatra does not detect the
RESET and issues a SERIALNO of its own, thus conflicting with our
SERIALNO undefined.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (print_digest_rejected_note): Do not print in quiet mode.
(print_sha1_keysig_rejected_note): Ditto.
--
GnuPG-bug-id: 4893
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_CANCELED_BY_USER): New.
* g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
instead of STATUS_MISSING_PASSPHRASE when canceled is set.
--
This is to prevent further pinentry tries when the pinentry is canceled
by the user during symmetric decryption.
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
* g10/openfile.c (try_make_homedir): Move core of the code to ...
* common/homedir.c (gnupg_maybe_make_homedir): new.
* sm/keydb.c (try_make_homedir): Implement using new function.
* common/homedir.c: Include i18n.h.
* po/POTFILES.in: Add common/homedir.c.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs
mode.
* g10/encrypt.c (setup_symkey): Add extra compliance check.
(encrypt_simple): Avoid printing a second error oncplinace failure.
--
Because we used the RFC4880 mode as base for the de-vs mode we got
3DES as symmetric encryption algorithm. With the default gnupg mode
that was already used. The new extra compliance checks are added to
detect whether a --personal-cipher-preference or --cipher-algo option
tried to override the algorithms. They are still possible but now
non-compliant algorithms will throw an error.
Manual testing can be done with commands like this:
gpg --no-options --compliance=de-vs \
--personal-cipher-preferences "S1 S7" \
--pinentry-mode loopback -v --passphrase abc -ac </etc/motd
Here the command fails due to IDEA (S1) being the preferred cipher
algorithm. Using "--s2k-digest-algo SHA1" instead of
--personal-cipher-preferences will also fail.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (pct_expando): Catch special case of the empty string.
Also map a NULL to the empty string.
* g10/photoid.c (show_photos): Make an empty string used as command
fail.
--
This patch also fixes a segv when calling gpg wrongly like
gpg -N \-foo@example.org
GnuPG-bug-id: 5117
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (is_weak_digest): New.
(print_digest_algo_note): Use it here.
* g10/sig-check.c (check_signature_end_simple): Use it.
* g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
the least of weak digest algorithm.
--
If a message is signed and encrypted to several recipients, the to be
used digest algorithm is deduced from the preferences of the
recipient. This is so that all recipients are able to check the the
signature. However, if the sender has a declared an algorithm as
week, that algorithm shall not be used - in this case we fallback to
the standard way of selecting an algorithm.
Note that a smarter way of selecting the algo is to check this while
figuring out the algorithm - this needs more testing and thus we do it
the simple way.
Reported-by: Phil Pennock
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (parse_list_options): Add "sort-sigs".
(main): Make it the default.
* g10/options.h (LIST_SORT_SIGS): New.
* g10/keylist.c (cmp_signodes): New.
(list_keyblock_print): Sort signatures and factor signature printing
code out to ...
(list_signature_print): new.
--
In particular together with --full-timestamps this makes it easier to
see the history of key signatures and their revocations. The
self-signatures are also printed first. To disable this
--list-options no-sort-sigs
can be used.
Also don't print the annoying "no recocation reason specified"
message.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.c (agent_scd_serialno): Make sure that NULL is stored
on error at r_serialno.
* g10/card-util.c (card_status): Simplify freeing of seriaono.
(factory_reset): Ditto.
--
This pattern is what we use with other functions returning an
allocated string and thus less surprising.
* tools/gpg-card.c (list_openpgp): Use ->apptype to determine card's
APP.
* g10/card-util.c (get_info_for_key_operation): Likewise.
(current_card_status): Even if its SERIALNO is not like OpenPGP card,
it's OpenPGP card when app says so.
--
GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--
Yet another wrapper for Unicode support on Windows.
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New. Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--
This is yet another step for full Unicode support on Windows.
GnuPG-bug-id: 5098
--
We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change. At a
very few places we keep using stdio (for example due to the use of
popen).
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (gnupg_access): New. Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--
Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.
This is required to correctly handle non-ascii filenames on Windows.
GnuPG-bug-id: 5098
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future
default ago.
(ask_algo): Change default and also the way we indicate the default
algo in the list of algos.
(ask_curve): Indicate the default curve.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (IMPORT_BULK): New.
* g10/import.c (parse_import_options): Add "bulk-import".
* g10/call-keyboxd.c (in_transaction): New var.
(gpg_keyboxd_deinit_session_data): Run a commit if in bulk import
mode.
(create_new_context): Run a begin transaction if in bulk import mode.
--
Initial tests with this option are not very promising. Importing
about 3000 real world keys with --use-keyboxd and full logging took:
real 33m31.724s
user 19m54.265s
sys 2m49.662s
With bulk-import this saves a mere 12%:
real 29m36.542s
user 19m3.391s
sys 2m46.728s
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/kbx-client-util.c (kbx_client_data_simple): New.
* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add field descidx.
(be_sqlite_search): Use that.
* g10/call-keyboxd.c (keydb_search): Implement multi mode.
--
With that change the keyboxd is at par with the keybox code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb-private.h (struct keydb_handle_s): Add fields to return
the ordinals of the last found blob.
* g10/call-keyboxd.c (keydb_get_keyblock): Pass them to the keyblock
parser.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.
--
The strings in the ARRAY don't need to be released by caller, as those
are references. It's easier to follow the code when it's explicitly
const *.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/card-util.c (kdf_setup): Fix the default value.
* scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
Zeitcontrol. Make sure Gnuk and Yubikey work well.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'.
* g10/call-keyboxd.c (open_context): Set DLINES to true.
* sm/keydb.c (open_context): Ditto.
--
This allows to compile time switch between the D-line and the
fd-passing data communication between gpg/gpgsm and keyboxd. A quick
test with about 3000 OpenPGP keys showed that D-lines are only 10%
slower than the fd-passing based implementation. Given that the
thread adds extra complexity we go for now with the D-line approach.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keyboxd.h (struct server_control_s): Replace the two request
objects by just one. Add filter flags.
* kbx/kbxserver.c (cmd_search): Add options --openpgp and --x509.
(cmd_killkeyboxd): Do not return GPG_ERR_EOF.
* kbx/frontend.c (kbxd_release_session_info): Adjust for the new
request object.
(kbxd_search, kbxd_store, kbxd_delete): Ditto.
* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add filter flags.
(run_sql_prepare): Add optional arg 'extra'. Change callers.
(run_sql_bind_ntext): New.
(run_sql_bind_text): Just call run_sql_bind_ntext.
(run_select_statement): Add ctrl arg. Implement the filter flags.
* g10/call-keyboxd.c (keydb_search): Use the --openpgp option.
--
As soon as we implement X.509 we need to have a way to return only
openpgp or x.509 certificates. Gpg/gpgsm will then use the respective
flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--
In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter. Thus there should be no
problem because the assert call check s buffer first. For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable. That does not happen with our
log_assert.
Tested with gnupg 2.2.23 with gcc 8.3.0 and valgrind 3.14.0.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/kbx-client-util.c: New.
* kbx/kbx-client-util.h: New.
* kbx/Makefile.am (client_sources): New.
* g10/keydb.c (parse_keyblock_image): Rename to keydb_parse_keyblock
and make global.
* g10/call-keyboxd.c: Include kbx-client-util.h.
(struct keyboxd_local_s): Remove struct datastream. Add field kcd.
Remove per_session_init_done.
(lock_datastream, unlock_datastream): Remove.
(prepare_data_pipe, datastream_thread): Remove.
(keydb_get_keyblock_do_parse): Remove.
(gpg_keyboxd_deinit_session_data): Release the KCD object.
(open_context): Use of kbx_client_data_new.
(keydb_get_keyblock): Simplify.
(keydb_search): Use kbx_client_data_cmd and _wait.
--
The data specific part of the code has been moved from gpg to a new
module in kbx/ so that it can also be used by gpgsm. The OpenPGP
parsing while reading the data has been replaced by storing the data
in memory and parse it later. That makes a nice interface and
abstracts the fd-passing/D-lines handling away.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (IMPORT_COLLAPSE_UIDS): New.
(IMPORT_COLLAPSE_SUBKEYS): New.
* g10/gpg.c (main): Make them the default.
* g10/import.c (parse_import_options): New import options
"no-collapse-uids" and "no-collapse_subkeys".
(collapse_subkeys): New.
(import_one_real): Collapse subkeys and allow disabling the collapsing
using the new options.
(read_key_from_file_or_buffer): Always collapse subkeys.
* g10/keyedit.c (fix_keyblock): Call collapse_subkeys.
--
GnuPG-bug-id: 4421
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
(gpgsm_agent_import_key): Ditto.
* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
(agent_import_key): Ditto.
* g10/import.c (transfer_secret_keys): Pass the creation date to the
agent.
* g10/keygen.c (common_gen): Ditto.
--
Having the creation time in the private key file makes it a lot easier
to re-create an OpenPGP public keyblock in case it was accidentally
lost.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid. Delay setting of homedir until the new
chuid is done.
* sm/gpgsm.c (main): Delay setting of homedir until the new chuid is
done.
* tools/gpg-card.c (oChUid): New.
(opts): Add --chuid.
(changeuser): New helper var.
(main): Implement --chuid.
* tools/gpg-connect-agent.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.h (fpr20_from_pk): New.
* g10/keyid.c (fpr20_from_pk): New.
* g10/tdbio.c (tdbio_search_trust_byfpr): Use fpr20_from_pk.
* g10/trustdb.c (keyid_from_fpr20): New.
(verify_own_keys): Use keyid_from_fpr20.
(tdb_update_ownertrust): Use fpr20_from_pk.
(update_min_ownertrust): Likewise.
(update_validity): Likewise.
--
For the compatibility of existing implementation, we keep the format
of trustdb untouched. The format of trustdb uses 20-byte fingerprint
for the trust record entry. To handle both of v4key (with 20-byte
fingerprint) and v5 key (with 32-byte fingerprint), we introduce FPR20
fingerprint, internally. For v4key, FPR20 is as same as v4
fingerprint. For v5key, FPR20 is constructed from v5key fingerprint.
GnuPG-bug-id: 5000
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (main): Add that hack.
--
This is an yet undocumented hack to allow printing hex encoded random
number with gpg. The level is forced to be 1 which is is good for
almost all uses. Note that --armor is ignored.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/export.c (export_ssh_key): Do not close stdout.
--
stdout should never be closed; this fixes this minor bug.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pubkey-enc.c (get_session_key): Don't skip at no PUBKEY_USAGE_ENC.
Emit information the key has no 'encrypt' usage.
--
GnuPG-bug-id: 4246
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
It is a bit surprising that nothing happens if no key is specified to
--delete-key et al. Although this is common Unix behaviour the use
might have expected that it behaves like --export and deletes all
keys. Sure we don't do the latter, so a short notice will help.
GnuPG-bug-id: 4959
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
The concept of a passphrase quality indicator is anyway questionable
because user are smart enough to trick them out and they also tend to
limit the actually used entropy.
Except for the red/green switching (to show whether constraints are
fulfilled) our qualitybar is pretty bad and thus worse than none.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo. Fix error code.
(encrypt_simple): Use setup_symkey.
--
Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion. The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS. Adjust all callers.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags. Pass algo flags along.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/free-packet.c (is_mpi_copy_broken): New.
(my_mpi_copy): Mix gcry_mpi_copy.
--
Note that in this case it is better to do a runtime check.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pkclist.c (write_trust_status): Add arg mbox.
(check_signatures_trust): Appenmd mbox to the status lines.
--
GnuPG-bug-id: 4735
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pkglue.h (sexp_extract_param_sos): New.
* g10/build-packet.c (sos_write): New.
(do_key, do_pubkey_enc, do_signature): Use sos_write for ECC.
* g10/export.c (cleartext_secret_key_to_openpgp): Use
sexp_extract_param_sos.
(transfer_format_to_openpgp): Use opaque MPI for ECC.
* g10/keygen.c (ecckey_from_sexp): Use sexp_extract_param_sos.
* g10/keyid.c (hash_public_key): Handle opaque MPI for SOS.
* g10/parse-packet.c (sos_read): New.
(parse_pubkeyenc,parse_signature,parse_key): Use sos_read for ECC.
* g10/pkglue.c (sexp_extract_param_sos): New.
(pk_verify): Handle opaque MPI for SOS.
(pk_encrypt): Use sexp_extract_param_sos.
* g10/seskey.c (encode_session_key): Use opaque MPI.
* g10/sign.c (do_sign): Use sexp_extract_param_sos.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/mainproc.c (check_sig_and_print): Add failsafe check for PK.
Pass KEYBLOCK down do check_signatures_trust. Protect existsing error
ocde in case the signature expired.
* g10/pkclist.c (is_in_sender_list): New.
(check_signatures_trust): Add args keyblock and pk. Add new uid based
checking code.
* g10/test-stubs.c, g10/gpgv.c: Adjust stubs.
--
GnuPG-bug-id: 4735
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (ask_key_flags_with_mask): Allow more than ECDH for
legacy curves.
(ask_algo): Tweak mapping of ECC to OpenPGP algos
(parse_key_parameter_part): Ditto.
(generate_subkeypair): Create the subkey with the time stored on the
card.
--
This fixes two problems with generating keys from a card:
1. The key usage is now set correctly for brainpool curves.
2. The add-key and --quick-add-key commands now also take the creation
time from the time stored on the card. Without that we would need
to update the creation time and fingerprint already stored on the
card which is a no-go if another key has already been created using
that on-card key.
Note: To create a key on a card without an OpenPGP keyblock use
gpg-card.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Now, it's only for
encrytion.
(pk_ecdh_decrypt): Use prepare_ecdh_with_shared_point and move decrypt
code path in original pk_ecdh_encrypt_with_shared_point here.
* g10/pkglue.h (pk_ecdh_encrypt_with_shared_point): Change API.
* g10/pkglue.c (pk_encrypt): Follow the change.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/ecdh.c (build_kdf_params): New.
(pk_ecdh_encrypt_with_shared_point): Use build_kdf_params, and check
things before extract_secret_x.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/decrypt-data.c (decrypt_data): Move aead algo detection up.
--
Note that the AEAD modes are not yet approved for --compliance=de-vs
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/main.h (DEFAULT_AEAD_ALGO): Set to OCB.
--
With the old code and using libgcrypt 1.9 would have switched from the
high performance OCB to the ugly EAX mode. We are free software, we
are OCB.
