gnupg

mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00

Author	SHA1	Message	Date
Werner Koch	9ee975d588	gpgsm: Replace all assert calls by log_assert. -- Signed-off-by: Werner Koch <wk@gnupg.org>	2020-07-08 14:40:34 +02:00
Werner Koch	7558128e16	sm: Fix recently introduced regression in CSR creation. * sm/certreqgen.c (create_request): Also set SIGKEYLEN. -- Fixes-commit: `44676819f2` Signed-off-by: Werner Koch <wk@gnupg.org>	2020-06-03 11:21:10 +02:00
Werner Koch	44676819f2	sm: Create ECC certificates with AKI and SKI by default. * sm/certreqgen.c (create_request): Create AKI and SKI by default. -- GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <wk@gnupg.org>	2020-05-19 14:30:24 +02:00
Werner Koch	6dc3846d78	sm: Support creation of EdDSA certificates. * sm/misc.c (transform_sigval): Support EdDSA. * sm/certreqgen.c (create_request): Support EdDSA cert creation. * sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to hash algos. * sm/call-agent.c (struct sethash_inq_parm_s): New. (sethash_inq_cb): New. (gpgsm_agent_pksign): Add mode to pass plain data for EdDSA. -- Tested using a parameter file Key-Type: EdDSA Key-Length: 1024 Key-Grip: 09D9AE3D494F7888C93BE5106AD8A734A87617F0 Key-Usage: sign Serial: random Name-DN: CN=dummy test ed25519 where the keygrip is from a gpg generated Ed25519 key. ECDSA was tested using Key-Type: ECDSA Key-Length: 1024 Key-Grip: 8E06A180EFFE4C65B812150CAF19BF30C0689A4C Key-Usage: sign Serial: random Name-DN: CN=dummy test nistp256 and RSA using Key-Type: RSA Key-Length: 2048 Key-Grip: C6A6390E9388CDBAD71EAEA698233FE5E04F001E Key-Usage: sign Serial: random Name-DN: CN=dummy test rsa The command used in all cases is gpgsm -v --gen-key --batch a.parm >a.crt gpgsm -v --import <a.crt More support, in particular in the user interface, is required and will follow soon. GnuPG-bug-id: 4888 Signed-off-by: Werner Koch <wk@gnupg.org>	2020-05-18 19:32:30 +02:00
Werner Koch	9c5c7c6f60	sm: Fix possible NULL deref in error messages of --gen-key. * sm/certreqgen.c: Protect printing the liniernur in case of !R. -- GnuPG-bug-id: 4895 Signed-off-by: Werner Koch <wk@gnupg.org>	2020-03-30 17:16:30 +02:00
NIIBE Yutaka	e06a8e3e87	gpgsm: Fix the previous commit. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2020-03-27 19:42:14 +09:00
NIIBE Yutaka	49ea53b755	gpgsm: Support key generation with ECC. * sm/certreqgen.c (pKEYCURVE): New. (read_parameters): Add pKEYCURVE handling. (proc_parameters): Support ECC key generation. GnuPG-bug-id: 4888 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2020-03-26 15:54:14 +09:00
NIIBE Yutaka	238707db8b	gpgsm: Remove restriction of key generation (only RSA). * sm/certreqgen.c (proc_parameters): Remove checking GCRY_PK_RSA. -- This is an initial change to support ECC key generation. GnuPG-bug-id: 4888 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2020-03-26 11:30:58 +09:00
Werner Koch	c1000c6738	sm: Fix certificate creation with key on card. * sm/certreqgen.c (create_request): Fix for certmode. -- When using an existing key from a card for certificate signing (in contrast to the default of generating a CSR), the code tried to use the same key for signing instead of the Signing-Key parameter. It is perfectly okay to use the regular signing path via gpg-agent for certificate creation - only self-signed certificates with a key on the card require the direct use of the card key (via "SCD PKSIGN"). Signed-off-by: Werner Koch <wk@gnupg.org>	2019-02-21 17:32:39 +01:00
Damien Goutte-Gattat via Gnupg-devel	3cbdf896e6	sm: Support generation of card-based ed25519 CSR. * sm/call-agent.c (gpgsm_scd_pksign): Allow SHA512. Create proper S-expression for EdDSA signature. * sm/certreqgen.c (create_request): Force use of SHA512 when using a ed25519 key. * sm/misc.c (transform_sigval): Insert OID for ed25519. -- GnuPG-bug-id: 4013 Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>	2019-02-18 11:33:20 +09:00
Daniel Kahn Gillmor	7955262151	gpgsm: default to 3072-bit keys. * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update default to 3072 bits. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to 3072 bits. * sm/certreqgen.c (proc_parameters): update default to 3072 bits. * sm/gpgsm.c (main): print correct default_pubkey_algo. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Gbp-Pq: Topic update-defaults Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch	2017-09-08 11:37:42 -04:00
NIIBE Yutaka	70aca95d68	Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2017-03-07 20:25:54 +09:00
Werner Koch	e1dfd86236	common: Rename remaining symbols in ksba-io-support. * common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ... (gnupg_ksba_reader_eof_seen): this. Change all callers. (gpgsm_destroy_reader): Rename to ... (gnupg_ksba_destroy_reader): this. Change all callers. (gpgsm_finish_writer): Rename to ... (gnupg_ksba_finish_writer): this. Change all callers. (gpgsm_destroy_writer): Rename to ... (gnupg_ksba_destroy_writer): this. Change all callers. * common/ksba-io-support.c (struct base64_context_s): Rename to ... (gnupg_ksba_io_s): this. * common/ksba-io-support.h (base64_context_s): Ditto. (Base64Context): Rename this typedef to ... (gnupg_ksba_io_t): this. Change all users. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-02-16 17:21:05 +01:00
Werner Koch	28c31524be	common: Remove gpgsm dependencies from ksba-io-support. * common/ksba-io-support.c: Include ksba-io-support.h instead of ../sm/gpgsm.h. Include util.h. (writer_cb_parm_s): Remove const from 'pem_name'. (gpgsm_destroy_writer): Free 'pem_name'. (gpgsm_create_reader): Rename to ... (gnupg_ksba_create_reader): this. Replace args CTRL and ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate FLAGS. Change all callers to pass the FLAGS. (gpgsm_create_writer): Rename to ... (gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS. Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change all callers to pass the FLAGS and PEM_NAME. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-02-16 16:22:07 +01:00
Werner Koch	4d7dc432b5	Change all http://www.gnu.org in license notices to https:// --	2016-11-05 12:02:19 +01:00
NIIBE Yutaka	6e85ac77af	Fix use cases of snprintf. * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2016-10-21 12:04:46 +09:00
Werner Koch	8b6c83dcb0	sm: Allow combination of usage flags --gen-key. * sm/certreqgen.c (create_request): Re-implement building of the key-usage extension. -- GnuPG-bug-id: 2029 Signed-off-by: Werner Koch <wk@gnupg.org>	2015-10-28 18:57:53 +01:00
Werner Koch	1e4d8ddbe3	sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption). * sm/certreqgen.c (create_request): Change default hash algo. * sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change default bulk cipher algo. -- Signed-off-by: Werner Koch <wk@gnupg.org>	2015-03-25 10:12:11 +01:00
Werner Koch	34b2e8c7dc	sm: Silence compiler warnings. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I. * sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler warning.	2014-09-18 15:17:44 +02:00
Werner Koch	096e7457ec	Change all quotes in strings and comments to the new GNU standard. The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`$[^'\`]*$'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.	2012-06-05 19:29:22 +02:00
Werner Koch	596b84a4de	gpgsm: Allow specification of an AuthorityKeyIdentifier. * sm/certreqgen.c (pAUTHKEYID): New. (read_parameters): Add keyword Authority-Key-Id. (proc_parameters): Check its value. (create_request): Insert an Authority-Key-Id.	2011-12-06 21:43:18 +01:00
Werner Koch	5cdad8ff00	gpgsm: Allow arbitrary extensions for cert creation. * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New. (read_parameters): Add new keywords. (proc_parameters): Check values of new keywords. (create_request): Add SubjectKeyId and extensions. (parse_parameter_usage): Support "cert" and the encrypt alias "encr".	2011-12-06 19:57:27 +01:00
Werner Koch	3f284e4050	gpgsm: Fix storing of the serial number * sm/certreqgen.c (create_request): Fix hex-bin conversion.	2011-12-06 16:45:46 +01:00
Werner Koch	7c000f18de	Replace gcry_md_start_debug by gcry_md_debug. This is to allow building with Libgcrypt master (1.6) which has some cleanups in the API/ABI.	2011-09-20 09:54:27 +02:00
Marcus Brinkmann	1c684df5b8	Fix size_t vs int issues.	2011-06-01 21:43:30 +02:00
Werner Koch	00f8b68505	Move parameter file description to the manual.	2011-03-01 17:08:49 +01:00
Werner Koch	28c157b55c	Support X.509 certificate creation. Using "gpgsm --genkey" allows the creation of a self-signed certificate via a new prompt. Using "gpgsm --genkey --batch" should allow the creation of arbitrary certificates controlled by a parameter file. An example parameter file is Key-Type: RSA Key-Length: 1024 Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA Key-Usage: sign, encrypt Serial: random Name-DN: CN=some test key Name-Email: foo@example.org Name-Email: bar@exmaple.org Hash-Algo: SHA384 not-after: 2038-01-16 12:44 This creates a self-signed X.509 certificate using the key given by the keygrip and using SHA-384 as hash algorithm. The keyword signing-key can be used to sign the certificate with a different key. See sm/certreggen.c for details.	2011-03-01 14:42:56 +01:00
Werner Koch	b008274afd	Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.	2011-02-04 12:57:53 +01:00
Werner Koch	41a33e0c78	Remove superfluous parameter. Make self-check interval larger	2010-11-26 09:42:56 +00:00
Marcus Brinkmann	c86a59db74	2010-04-23 Marcus Brinkmann <marcus@g10code.de> * certreqgen.c (read_parameters): Use ascii_isspace instead of spacep to stop at newline, too.	2010-04-23 01:59:08 +00:00
Werner Koch	6216d33e8c	Removed almost al dup calls.	2010-03-08 18:19:21 +00:00
Werner Koch	cf2ec5673f	Add gpgconf related dummy options default_pubkey_algo. Add option --skip-hidden-recipients Comment updates.	2009-11-23 19:18:04 +00:00
Werner Koch	5741eace29	Change fallback keysize to 2048	2009-11-10 16:35:59 +00:00
Werner Koch	2e0ce7d97f	Fixed a bunch of little bugs as reported by Fabian Keil. Still one problem left; marked with a gcc #warning.	2009-06-24 14:03:09 +00:00
Werner Koch	5bc9948f69	Add a custom prompt for the CSR generation. Add a new percent escape fucntion.	2008-12-05 16:31:39 +00:00
Werner Koch	84efbe69c7	Fixed creation of private keys under W32. Minor code cleanups.	2007-08-22 20:36:33 +00:00
Werner Koch	f81f521a72	Updated estream. More changes for Windows.	2007-08-22 10:55:07 +00:00
Werner Koch	93d3811abc	Changed to GPLv3. Removed intl/.	2007-07-04 19:49:40 +00:00
Werner Koch	831cd76256	Fixed a problem in estream-printf.c. Changes for Windows (gpgsm -k does now work). Minor cleanups.	2007-06-25 11:54:43 +00:00
Werner Koch	0b66f30d66	Implemented the --gen-key command as we can't use the gpgsm-gencert.sh under Windows.	2007-06-21 18:44:48 +00:00
Werner Koch	9e95c2dff6	Allow export to work on systems without funopen/fopencookie.	2007-03-19 15:44:59 +00:00
Werner Koch	e50c5f39cc	No more warnings for AMD64 (at least when cross-compiling). Thus tehre is a good chance that gpg2 will now work. Other cleanups. Updated gettext.	2006-11-21 11:00:14 +00:00
Werner Koch	43825e9dae	Allow pkcs#10 creation directkly from a smart card	2006-10-11 17:52:15 +00:00
Werner Koch	eef036df23	The big Assuan error code removal.	2006-09-06 16:35:52 +00:00
Werner Koch	7b9fa9da99	Minor changes and typo fixes.	2006-09-06 11:53:24 +00:00
Werner Koch	b744f963d7	With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.	2006-08-16 10:47:53 +00:00
Werner Koch	4954c5f1c3	better reporting of bad DNs	2006-07-03 13:26:19 +00:00
Werner Koch	f98537733a	Updated FSF's address.	2006-06-20 17:21:37 +00:00
Werner Koch	a2d1673d66	* findkey.c (agent_public_key_from_file): Fixed array assignment. This was the cause for random segvs. * call-agent.c (gpgsm_agent_readkey): New.	2005-07-25 14:35:04 +00:00
Werner Koch	99f403b015	* gpgsm.c (main): New options --no-log-file and --debug-none. * certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg to allow enumeration. Changed all callers. (create_request): Process DNS and URI parameters. * gpgsm-gencert.sh: Reworked to allow for multiple email addresses as well as DNsanmes and URi. Present the parameter file before creating the certificate.	2005-07-21 18:29:13 +00:00

1 2

67 Commits