1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

2309 Commits

Author SHA1 Message Date
Werner Koch
2b2f8a1a0c
gpg: Show just keyserver and port with --send-keys.
* g10/call-dirmngr.c (ks_status_cb): Mangle the keyserver url
2022-10-07 13:37:09 +02:00
Werner Koch
07c6743148
gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant.
* g10/encrypt.c (check_encryption_compliance): Check gcrypt compliance
before emitting an ENCRYPTION_COMPLIANCE_MODE status.
--

GnuPG-bug-id: 6221
2022-09-29 14:15:47 +02:00
Werner Koch
05b7e4a405
gpg: Don't consider unknown keys as non-compliant while decrypting.
* g10/mainproc.c (proc_encrypted):  Change compliance logic.
--

For the description of the proplem see
  https://dev.gnupg.org/T6205#163306

GnuPG-bug-id: 6205
2022-09-22 10:25:36 +02:00
Werner Koch
a95a31cd2f
gpg: Add descriptions for --auto-key-import and --include-key-import
--

Actually we once had them but they got lost at some point.  The German
translation is also up-to-date now.
2022-08-31 18:06:16 +02:00
Werner Koch
e05fb5ca37
gpg: Emit STATUS_FAILURE for --require-compliance errors
* g10/misc.c (compliance_failure): Do not fallback to CO_GNUPG.  Print
compliance failure error and status for CO_DE_VS.
* g10/mainproc.c (proc_encrypted): Call compliance_failure in the
require-compliance error case.
* g10/encrypt.c (check_encryption_compliance): Ditto.
2022-08-31 15:34:17 +02:00
Werner Koch
aa0c942521
gpg: Fix assertion failure due to errors in encrypt_filter.
* common/iobuf.c (iobuf_copy): Use log_assert.  Explicitly cast error
return value.
* g10/build-packet.c (do_plaintext): Check for iobuf_copy error.

* g10/encrypt.c (encrypt_filter): Immediately set header_okay.
--

Fixes-commit: 8066f8a3470f9d2f3682a28641a7b09eca29a105
which caused the assertion failure on error.

The second fix avoids repeated error message about non-compliant keys.

GnuPG-bug-id: 6174
2022-08-31 13:35:41 +02:00
Werner Koch
f88cb12f8e
gpg: Make --require-compliance work for -se
* g10/encrypt.c (encrypt_crypt, encrypt_filter): Factor common code
out to ...
(create_dek_with_warnings): new
(check_encryption_compliance): and new.

* g10/encrypt.c (encrypt_filter): Add the compliance check.
--

GnuPG-bug-id: 6174
2022-08-30 18:55:24 +02:00
Werner Koch
15cf36f6a8
gpg: Rename a function.
* g10/cipher.c (cipher_filter): Rename to cipher_file_cfb.
2022-08-29 13:13:45 +02:00
Werner Koch
5b24c41ba7
gpg: Very minor cleanup in decrypt_data.
* g10/decrypt-data.c (decrypt_data): Show also the aead algo with
--show-session-key.  Remove meanwhile superfluous NULL-ptr test.
2022-08-29 13:07:43 +02:00
Jussi Kivilinna
e92812a475
g10/decrypt-data: disable output estream buffering to reduce overhead
* g10/decrypt-data.c (decrypt_data): Disable estream buffering for
output file.
--

Here estream is filled with iobuf_copy which already uses large buffers
so additional buffering in estream was just adding memory copy overhead.

GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-08-29 12:12:31 +02:00
Werner Koch
914ee72475
gpg: Fix "generate" command in --card-edit.
* g10/card-util.c (get_info_for_key_operation): Get the APPTYPE before
testing for it.

* g10/card-util.c (current_card_status): Always try to update the
shadow keys.
* g10/call-agent.c (agent_scd_getattr): Handle $AUTHKEYID.
--

The first part fixed a regression introduced today.
GnuPG-bug-id: 5100

The second part is usually not required because our ssh-agent code
anyway looks for the OpenPGP.3 key.  However, this helps to put the
Display S/N into the shadow key so that we get a better prompt to
insert the card.
2022-08-16 14:07:38 +02:00
Werner Koch
2d23a72690
gpg: Update shadow-keys with --card-status also for non-openpgp cards.
* agent/command.c (cmd_readkey): Also allow for $AUTHKEYID in card
mode.
* g10/call-agent.c (agent_update_shadow_keys): new.
* g10/card-util.c (current_card_status): Call it.
2022-08-16 13:02:25 +02:00
Werner Koch
8e393e2592
gpg: Fix --card-status to handle lowercase APPTYPEs
* g10/card-util.c (current_card_status): Use ascii_strcasecmp.
2022-08-16 11:21:39 +02:00
NIIBE Yutaka
27ae89db6e
gpg: Fix detecting OpenPGP card by serialno.
* g10/card-util.c (get_info_for_key_operation): Use ->apptype to
determine card's APP.
(current_card_status): Even if its SERIALNO is not like OpenPGP card,
it's OpenPGP card when app says so.
--

GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 157f1de64e437cecd75335e9f4077ba9835e3da0
2022-08-16 10:56:46 +02:00
Werner Koch
f2a81e3745
gpg: Fix wrong error message for keytocard.
* g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE.
--

GnuPG-bug-id: 6122
2022-08-04 12:44:19 +02:00
Werner Koch
e8011a7cec
gpg: Make symmetric + pubkey encryption de-vs compliant.
* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
de-vs compliant.

* g10/mainproc.c (struct symlist_item): New.
(struct mainproc_context): Add field symenc_list.
(release_list): Free that list.
(proc_symkey_enc): Record infos from symmetric session packet.
(proc_encrypted): Check symkey packet algos
--

The original check was too strong because it is in fact compliant to
encrypt with a symmetric key and and public key.  Thus decryption
should issue a compliance status.

In addition we now check that the cipher algorithms used to
symmetrically encrypt the session key are all compliant.  This is
similar to our check for all public key encrypted session key packets.

GnuPG-bug-id: 6119
Fixes-commit: b03fab09e188f7bb10237d4f20455e4026737e4e
2022-08-02 18:36:56 +02:00
Werner Koch
890e616593
gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
algorithm.
--

GnuPG-bug-id: 6043
2022-07-28 10:39:45 +02:00
Ingo Klöcker
abe69b2094
gpg: Look up user ID to revoke by UID hash
* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
(keyedit_quick_revuid): Use find_userid() instead of iterating over the
nodes of the keyblock.
* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
user ID specified by its hash.
--

This makes it possible to specify the user ID to revoke as UID hash when
calling --quick-revoke-uid.

GnuPG-bug-id: 5936
(cherry picked from commit 35b17550706c8b7479ae96654feb97c05263cfc9)
2022-07-27 16:35:59 +02:00
Ingo Klöcker
ee8f1c10a7
gpg: Request keygrip of key to add via command interface
* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
* doc/help.txt (gpg.keygen.keygrip): New help text.
--

This change makes it possible to add an existing (sub)key to
another key via the status/command interface.

GnuPG-bug-id: 5771
(cherry picked from commit 19b1a28621c614b81f596e363b1ce49dd9fae115)
2022-07-25 15:17:42 +02:00
Werner Koch
7b1db7192e
g10: Fix garbled status messages in NOTATION_DATA
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
--

Depending on the escaping and line wrapping the computed remaining
buffer length could be wrong.  Fixed by always using a break to
terminate the escape detection loop.  Might have happened for all
status lines which may wrap.

GnuPG-bug-id: T6027
2022-06-14 11:39:31 +02:00
Werner Koch
36a5509e11
gpg: Minor robustness fix.
* g10/parse-packet.c (mpi_read_detect_0_removal): Protect agains
failed gcry_mpi_scan.
--

Fixes-commit: 3fcef7371480cce392d690897d42955f1b19c12a
2022-05-05 14:02:02 +02:00
NIIBE Yutaka
3fcef73714 gpg: Handle leading-zeros private key for Ed25519.
* g10/parse-packet.c (mpi_read_detect_0_removal): New.
(parse_key): Use mpi_read_detect_0_removal for PUBKEY_ALGO_EDDSA
to tweak the checksum.

--

GnuPG-bug-id: 5120
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-28 15:12:01 +09:00
NIIBE Yutaka
3192939a10 Revert "gpg: Accept Ed25519 private key in SOS which reserves leading zeros."
This reverts commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830.
2022-04-28 11:09:44 +09:00
Werner Koch
86d84464ae
gpg: Avoid NULL ptr access due to corrupted packets.
* g10/parse-packet.c (parse_signature): Do not create an opaque MPI
with NULL and length > 0
(parse_key): Ditto.
--

GnuPG-bug-id: 5940, 5946
2022-04-25 15:29:11 +02:00
Werner Koch
f021ecd576
gpg: Emit an ERROR status as hint for a bad passphrase.
* g10/mainproc.c (proc_symkey_enc): Issue new error code.
(proc_encrypted): Ditto.
--

This allows GPGME to return a better error message than "bad session
key" to the user.  Technically we could get run into these errors also
in other cases but this more unlikley.  For the command line use we
don't do anything to not change the expected output of the command
line interface.

GnuPG-bug-id: 5943
2022-04-25 11:18:40 +02:00
Werner Koch
a5faaf8bee
w32: Do no use Registry item DefaultLogFile for the main tools.
* g10/gpg.c (main): Set LOG_NO_REGISTRY.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
(show_other_registry_entries): Print "DefaultLogFile".
--

The intention of this mostly forgotten registry entry was to allow for
easy debugging of the tools.  However, with the global config
files (and in 2.3 with common.conf) things are anyway better.  We
disable the use for the commonly used tools so that it does not look
like calling gpg on the command line seems to block with no output if
the log server (e.g. tcp://1.2.3.4:11111) is not reachable.
2022-04-20 09:20:35 +02:00
Werner Koch
c8c71fc716
gpg: Replace an assert by a log_fatal.
* g10/build-packet.c (do_signature): Use log_fatal.
--
GnuPG-bug-id: 5809
2022-04-14 13:53:55 +02:00
Werner Koch
15eda7ce78
gpg: Print info about the used AEAD algorithm.
* g10/misc.c (openpgp_cipher_algo_mode_name): New.
* g10/decrypt-data.c (decrypt_data): Use function here.
--

With out this change we would see

  gpg: cipher algorithm 'AES256' may not be used in
  --compliance=de-vs mode

This is confusing because AES256 is compliant.  Now we see

  gpg: cipher algorithm 'AES256.OCB' may not be used in
  --compliance=de-vs mode

which gives a hint on the problem.
2022-03-18 13:50:18 +01:00
Werner Koch
e081a601f7
gpg: Allow decryption of symencr even for non-compliant cipher.
* g10/decrypt-data.c (decrypt_data): Add arg compliance_error.  Adjust
all callers.  Fail on compliance error only in --require-compliance
mode.  Make sure to return an error if the buffer is missing; actually
that should be an assert.
* g10/mainproc.c (proc_encrypted): Delay printing of the compliance
mode status.  Consult the compliance error now returned by
decrypt_data.
--

The actual case here is that we fail hard if a message has been AEAD
encrypted with one AEAD capable key and also with one passphrase.  In
general the preference system takes care of not using AEAD if one
recipient's key does not support it.  However, if the sender uses her
own AEAD-capable key _and_ a passphrase the message will be AEAD
encrypted.  This change allows to decrypt that anyway along with a
warning message.

Note that this does currently not work in 2.3 due to a non-compliant
libgcrypt.  We will however, backport this to 2.2.
2022-03-18 11:55:17 +01:00
Werner Koch
17890d4318
gpg: New option --require-compliance.
* g10/options.h (opt): Add field flags.require_compliance.
* g10/gpg.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
(check_sig_and_print): Ditto.
* g10/encrypt.c (encrypt_crypt): Ditto.
--

Note that in the --encrypt and --verify cased other checks may kick in
earlier than this new --require-compliance controlled one.
2022-03-08 18:19:38 +01:00
Werner Koch
c11292fe73
gpg: Give Libgcrypt CFLAGS a higher priority than SQlite.
* g10/Makefile.am (AM_CFLAGS): Reorder.
--

The more specific CLFAGS should come first so these are picked up
first.  We really should improve the build system to enforce this
rule.  In particular /usr/local/include should come after any more
specific location.
2022-03-08 10:13:06 +01:00
Jussi Kivilinna
9116fd1e9a
g10: Avoid extra hash contexts when decrypting MDC input
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_mdc'.
(release_list): Clear 'seen_pkt_encrypted_mdc'.
(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
(have_seen_pkt_encrypted_aead): Rename to...
(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
'seen_pkt_encrypted_mdc'.
(proc_plaintext): Do not enable extra hash contexts when decrypting
MDC input.
--

Avoiding extra hash contexts speeds up CFB/MDC decryption quite
a lot. For example, decrypting symmetric-key AES-256 encrypted
4 GiB file from RAM to /dev/null sees ~3.4x speed increase on
AMD Ryzen 5800X:

 AES256.CFB encryption: 783 MB/s
 AES256.CFB decryption: 386 MB/s (before)
 AES256.CFB encryption: 1.3 GB/s (after patch)

Note, AEAD is still significantly faster:

 AES256.OCB encryption: 2.2 GB/s
 AES256.OCB decryption: 3.0 GB/s

GnuPG-bug-id: T5820
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit ab177eed514f7f3432d78e7e6521ad24cc0f4762)

Even 2.2 with the older Libgcrypt 1.8 gets a threefold speedup; see
https://dev.gnupg.org/T5820#155447 (AES-128 vs. AES-256 does not make
a substanial difference)

Signed-off-by: Werner Koch <wk@gnupg.org>
2022-02-24 14:14:48 +01:00
Werner Koch
d426ed66ac
gpg: Set --verbose and clear --quiet in debug mode.
* g10/gpg.c (set_debug): Tweak options.
--
2022-02-01 15:17:52 +01:00
Werner Koch
85300587cc
gpgconf: Fix --list-options for forced options
* tools/gpgconf-comp.c: Remove assert.h and replace all assert calls
by log_assert.
(known_options_gpg): Add "keyserver" as invisible.  Remove "options".
(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
(gc_component): Add field known_pseudo_options.
(struct read_line_wrapper_parm_s): New.
(read_line_wrapper): New.
(retrieve_options_from_program): Use read_line_wrapper to handle
pseudo options.
(retrieve_options_from_program): Ignore to be ignored options.  Add
failsafe code to avoid calling percent_escape with NULL.
--

GnuPG-bug-id: 5341,5800

Due to reading the list of options from the argparser of the
component, we had no more information about the pseudo options and
thus could not emit them.  Well, there is just one pseudo option right
now, but with this change we have a generalized concept for them:
Pseudo options are used to convey information from a component to
gpgconf; for example build-in values.

This is a combined backport of patches to master.
2022-01-26 13:32:17 +01:00
NIIBE Yutaka
4cc724639c gpg: Fix adding the list of ultimate trusted keys.
* g10/keygen.c (do_generate_keypair): Remove call to
register_trusted_keyid for updating user_utk_list.
* g10/trust.c (register_trusted_keyid): Remove.
(update_ownertrust): Add call to tdb_update_utk.
* g10/trustdb.c (tdb_register_trusted_keyid): Make it internal
function by adding "static" qualifier.
Replace calls of register_trusted_keyid to tdb_register_trusted_keyid.
(tdb_update_utk): New.
* g10/trustdb.h (tdb_update_utk): New.

--

Backport of master commit of:
	4aeeaa65ad09fa72ee21c5597b1ce6255ec7dfa8

GnuPG-bug-id: 5742
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-01-17 13:58:58 +09:00
Werner Koch
f7bde071cc
gpg: Re-group the options in the --help output.
* g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
use ARGPARSE_ignore and remove the code in the option switch.
--

This looks better and is also required for further simplifications of
gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 41eb5108ce59244d961df43bbf73b8aa6e95e9cd)
2021-12-29 22:52:38 +01:00
Werner Koch
5f890f417f
gpgconf: Support reading global options (part 2).
* tools/gpgconf-comp.c: Remove all regular option descriptions.  They
are now read in from the component.  Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--

This second part removes all regular option descriptions because they
can be read from the components.  A few were missing in the components
and thus moved to there.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from master (2.3).
2021-12-29 09:42:45 +01:00
NIIBE Yutaka
14de7b1e59 gpg: Accept Ed25519 private key in SOS which reserves leading zeros.
* g10/parse-packet.c (sos_read): Backport from 2.3.
(parse_key): Use sos_read for Ed25519 private key.

--

Note that we keep the code of sos_read as same as 2.3.  Even it is
set, the GCRYMPI_FLAG_USER2 flag is not used.

GnuPG-bug-id: 5120
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-07 15:37:55 +09:00
Werner Koch
985fb25c46
gpg: New option --forbid-gen-key.
* g10/gpg.c (oForbidGenKey, opts): New option.
(mopt): New local struct
(gen_key_forbidden): New.
(main): Set and handle the option.
--

In large system installation it is sometimes useful to make it a bit
harder for users to generate their own keys.  An example is a policy
to not use on-disk keys.
2021-11-22 21:05:16 +01:00
Werner Koch
6ee01c1d26
gpg,gpgsm: Add option --min-rsa-length.
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
2021-11-18 21:11:10 +01:00
Werner Koch
d2b2dc4549
Update release signing keys
--

The last key is new.  As usual the key is on a dedicated card with the
Admin PIN accessible to a few core hackers.

# ------------------------ >8 ------------------------

pub   rsa3072 2017-03-17 [SC] [expires: 2027-03-15]
      5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
sig    R     BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
uid                      Andre Heinecke (Release Signing Key)
sig 3        BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
sig          1FDF723CF462B6B1 2017-03-17  Andre Heinecke <aheinecke@intevation.de>

pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
      6DAA6E64A76D2840571B4902528897B826403ADA
uid                      Werner Koch (dist signing 2020)
sig 3        528897B826403ADA 2020-08-24  Werner Koch (dist signing 2020)
sig          249B39D24F25E3B6 2020-08-24  Werner Koch (dist sig)
sig          63113AE866587D0A 2020-08-24  wk@gnupg.org
sig          E3FDFF218E45B72B 2020-08-24  Werner Koch (wheatstone commit signing)
sig          F2AD85AC1E42B367 2020-08-24  Werner Koch <wk@gnupg.org>

pub   ed25519 2021-05-19 [SC] [expires: 2027-04-04]
      AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
uid                      Niibe Yutaka (GnuPG Release Key)
sig 3        E98E9B2D19C6C8BD 2021-05-19  Niibe Yutaka (GnuPG Release Key)
sig          00B45EBD4CA7BABE 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>
sig          E267B052364F028D 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>

pub   brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31]
      02F38DFF731FF97CB039A1DA549E695E905BA208
uid                      GnuPG.com (Release Signing Key 2021)
sig 3        549E695E905BA208 2021-10-15  GnuPG.com (Release Signing Key 2021)
sig          528897B826403ADA 2021-10-15  Werner Koch (dist signing 2020)
sig          E3FDFF218E45B72B 2021-10-15  Werner Koch (wheatstone commit signing)
2021-11-13 21:02:22 +01:00
Werner Koch
bc6d56282e
gpg: Remove stale ultimately trusted keys from the trustdb.
* g10/tdbdump.c (export_ownertrust): Skip records marked with the
option --trusted-key.
(import_ownertrust): Clear the trusted-key flag.
* g10/tdbio.h (struct trust_record): Add field flags.
* g10/tdbio.c (tdbio_dump_record): Improve output.
(tdbio_read_record, tdbio_write_record): Handle flags.
* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
the flag for new --trusted-keys.
(tdb_update_ownertrust): Add arg as_trusted_key.  Update callers.
--

GnuPG-bug-id: 5685
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-11-13 20:59:17 +01:00
Werner Koch
918e921800
gpg: Fix printing of binary notations.
* g10/keylist.c (show_notation): Print binary notation from BDAT.
--

GnuPG-bug-id: 5667
2021-10-22 16:33:40 +02:00
Werner Koch
773b8fbbe9
gpg: New option --override-compliance-check
* g10/gpg.c (oOverrideComplianceCheck): New.
(opts): Add new option.
(main): Set option and add check for batch mode.
* g10/options.h (opt): Add flags.override_compliance_check.

* g10/sig-check.c (check_signature2): Factor complaince checking out
to ...
(check_key_verify_compliance): new.  Turn error into a warning in
override mode.
--

There is one important use case for this: For systems configured
globally to use de-vs mode, Ed25519 and other key types are not
allowed because they are not listred in the BSI algorithm catalog.
Now, our release signing keys happen to be Ed25519 and thus we need to
offer a way for users to check new versions even if the system is in
de-vs mode.  This does on purpose not work in --batch mode so that
scripted solutions won't accidently pass a signature check.

GnuPG-bug-id: 5655
Backported-from-master: fb26e144adfd93051501d58f5d0d4f8826ddf436
2021-10-13 17:34:12 +02:00
NIIBE Yutaka
a17f1b6074
gpg: Skip the packet when not used for AEAD.
* g10/free-packet.c (free_packet): Add the case for case
PKT_ENCRYPTED_AEAD.
--

GnuPG-bug-id: 5584
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(bug id fixed in this backport)
2021-10-06 20:03:34 +02:00
Werner Koch
13e4e322eb
Update release signing keys.
--

These are now

# ------------------------ >8 ------------------------
pub   rsa3072 2017-03-17 [SC] [expires: 2027-03-15]
      5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
sig    R     BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
uid                      Andre Heinecke (Release Signing Key)
sig 3        BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
sig          1FDF723CF462B6B1 2017-03-17  Andre Heinecke <aheinecke@intevation.de>

pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
      6DAA6E64A76D2840571B4902528897B826403ADA
uid                      Werner Koch (dist signing 2020)
sig 3        528897B826403ADA 2020-08-24  Werner Koch (dist signing 2020)
sig          249B39D24F25E3B6 2020-08-24  Werner Koch (dist sig)
sig          63113AE866587D0A 2020-08-24  wk@gnupg.org
sig          E3FDFF218E45B72B 2020-08-24  Werner Koch (wheatstone commit signing)
sig          F2AD85AC1E42B367 2020-08-24  Werner Koch <wk@gnupg.org>

pub   ed25519 2021-05-19 [SC] [expires: 2027-04-04]
      AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
uid                      Niibe Yutaka (GnuPG Release Key)
sig 3        E98E9B2D19C6C8BD 2021-05-19  Niibe Yutaka (GnuPG Release Key)
sig          00B45EBD4CA7BABE 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>
sig          E267B052364F028D 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>
2021-09-14 13:50:47 +02:00
Werner Koch
1f726b4123
gpg: Print a note about the obsolete option --secret-keyring.
--

GnuPG-bug-id: 2749
2021-08-28 18:37:41 +02:00
Werner Koch
6685696ada
gpg: Return SUCCESS/FAILURE status also for --card-edit/name.
* g10/card-util.c (change_name): Call write_sc_op_status.
--

Reported-by: Joey Berkovitz
2021-08-20 09:54:00 +02:00
Werner Koch
5fe4b97887
gpg: Let --fetch-key return an exit code on failure.
* g10/keyserver.c (keyserver_fetch): Return an error code.
* g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data.
--

GnuPG-bug-id: 5376
2021-06-25 10:35:24 +02:00
Werner Koch
845711d142
gpg: Partial fix for Unicode problem in output files.
* g10/openfile.c (overwrite_filep): Use gnupg_access.
--

As said, this is just an obvious but partial fix.  We need to review
things for the output module.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-10 12:44:30 +02:00