1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

497 Commits

Author SHA1 Message Date
Werner Koch
8e47f1e576 Prepare for the beta3 release. 2011-12-20 15:55:43 +01:00
Werner Koch
fe2f182699 Add the STEED Self-Signing Nonthority certificate.
* doc/com-certs.pem: Install it when creating a keybox.
2011-12-20 15:35:42 +01:00
Werner Koch
779611494d faq: Add section on US export restrictions. 2011-12-20 11:13:40 +01:00
Werner Koch
dcd64131c6 scd: Add the "undefined" stub application.
* scd/app.c (select_application): Implement the "undefined"
application.
2011-12-14 17:00:50 +01:00
Werner Koch
00c760f628 scd: New option --debug-assuan-log-cats.
* scd/scdaemon.c (oDebugAssuanLogCats): New.
(opts): Add option --debug-assuan-log-cats.
(main): Implement option.
* common/asshelp.c (set_libassuan_log_cats): New.

--

The old way of setting the logging categories with an environment
variable is awkward if sdaemon is spawned from a running gpg-agent.
2011-12-13 17:59:00 +01:00
Werner Koch
8a12a2000d gpgsm: Add new validation model "steed".
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute.  Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--

This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html .  The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known).  Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
2011-12-07 16:15:15 +01:00
Werner Koch
5cdad8ff00 gpgsm: Allow arbitrary extensions for cert creation.
* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
(read_parameters): Add new keywords.
(proc_parameters): Check values of new keywords.
(create_request): Add SubjectKeyId and extensions.
(parse_parameter_usage): Support "cert" and the encrypt alias "encr".
2011-12-06 19:57:27 +01:00
Werner Koch
2336b09779 Generate the ChangeLog from commit logs.
* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.

Rename all ChangeLog files to ChangeLog-2011.
2011-12-01 11:09:02 +01:00
Werner Koch
31f548a18a Rewrite dns-cert.c to not use the gpg-only iobuf stuff.
* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert.  Remove MAX_SIZE arg.  Change
iobuf arg to a estream-t.  Rewrite function to make use of estream
instead of iobuf.  Require all parameters.  Return an gpg_error_t
error instead of the type.  Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.
2011-11-30 17:34:49 +01:00
Werner Koch
32118628a0 typo fixes 2011-11-02 18:29:47 +01:00
Werner Koch
d4fa82e688 Typo fix and remove of some colloquial terms 2011-10-18 16:47:12 +02:00
Werner Koch
5319aa952f Put more options into the options index
Also removed the single letter options from the index.
2011-10-12 17:36:56 +02:00
Werner Koch
b277bec250 Extend yat2m to allow indented tables.
Current makeinfo versions allow to indent the texinfo source.  However
yat2m had no support for this.  With this patch it is now possible to
use a simple indentation style while keeping man pages readable.
2011-10-12 15:52:13 +02:00
Werner Koch
4379c01a24 Beautified the online html manual 2011-08-12 14:40:47 +02:00
Werner Koch
7316b53426 Typo fix 2011-08-10 13:26:17 +02:00
Werner Koch
663768f9af Minor doc updates v2.0 vs. v2.1) 2011-08-08 10:17:33 +02:00
Werner Koch
d479906991 Support a confirm flag for ssh.
This implements the suggestion from bug#1349.  With this change the
fingerprint of the ssh key is also displayed in the pinentry prompts.
2011-07-20 20:49:41 +02:00
Werner Koch
550d94b011 Clarify documentation of --keyid-format.
Fixes bug#1354.
2011-07-18 10:38:14 +02:00
Werner Koch
92e66c70b6 Document OPTION s2k-count 2011-06-29 13:23:41 +02:00
Werner Koch
c9e473618f Fixed an URL typo in the FAQ. 2011-06-28 10:32:46 +02:00
Bernhard Reiter
f194773540 doc/gpgsm.texi com-certs.pem mini-fix
[[PGP Signed Part:Undecided]]
[1. text/plain]

Example path for com-certs.pem corrected.
[2. text/x-diff; doc.diff]
2011-06-27 16:12:35 +02:00
Werner Koch
7d68c6b0ec Add question "What are DH/DSS keys?"
... and the answer of course.
2011-06-27 15:56:47 +02:00
Werner Koch
d679b4d642 Require libgpg-error 1.10
This allows to remove some error code substitutes.
Fixed a typo in gpg.text.
2011-05-20 10:27:50 +02:00
Werner Koch
4caa768f1d Add OPTION:cache-ttl-opt-preset to gpg-agent.
This option may be used to change the default ttl values use with the
--preset option of GENKEY and PASSWD.
2011-04-21 15:40:48 +02:00
Werner Koch
b786f0e12b New agent option pinentry-mode.
This provides the framework and implements the ask, cancel and error.
loopback will be implemented later.
2011-03-03 18:35:08 +01:00
Werner Koch
2165925bae Fix doc/Makefile target online 2011-03-02 09:04:16 +01:00
Werner Koch
00f8b68505 Move parameter file description to the manual. 2011-03-01 17:08:49 +01:00
Werner Koch
28c157b55c Support X.509 certificate creation.
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.

Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file.  An example parameter file
is

    Key-Type: RSA
    Key-Length: 1024
    Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
    Key-Usage: sign, encrypt
    Serial: random
    Name-DN: CN=some test key
    Name-Email: foo@example.org
    Name-Email: bar@exmaple.org
    Hash-Algo: SHA384
    not-after: 2038-01-16 12:44

This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm.  The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
2011-03-01 14:42:56 +01:00
Werner Koch
7c03c8cc65 Lock scdaemon to CCID if once found.
This solves a problem where ccid was used, the card unplugged and then
scdaemon tries to find a new (plugged in) reader and thus will
eventually try PC/SC over and over again.

Also added an explicit --kill command to gpgconf.
2011-02-23 10:15:34 +01:00
Werner Koch
cd9614b81b Removed deprecated SIGEXPIRED status line. 2011-02-04 10:28:28 +01:00
Werner Koch
5667e33290 Add a DECRYPTION_INFO status.
DECRYPTION_INFO <mdc_method> <sym_algo>
        Print information about the symmetric encryption algorithm and
        the MDC method.  This will be emitted even if the decryption
        fails.
2011-02-03 20:59:01 +01:00
Werner Koch
52b9761c88 ifset parts which are not in GnuPG 2.0 2011-01-13 15:32:11 +01:00
Werner Koch
5379d3527d Describe new log facilities. 2010-12-02 14:10:44 +00:00
Werner Koch
0103a53aa6 Smartcard related updates 2010-11-17 13:21:24 +00:00
Werner Koch
b97aeb03d5 Update FAQ 2010-11-16 10:38:13 +00:00
David Shaw
b0b46f46cf * gpg.texi (GPG Configuration Options): Clarify that show-photos
doesn't work with --with-colons.  --personal-digest-preferences does
not have a default any longer.
2010-10-29 19:41:28 +00:00
Werner Koch
0f721abddf Update scripts etc. 2010-10-26 12:25:47 +00:00
Werner Koch
e9996e855e doc fix 2010-10-18 13:40:06 +00:00
Werner Koch
764e88d4df All tests work are again working 2010-10-14 16:34:31 +00:00
Werner Koch
54591341a4 More agent support for gpg. 2010-10-13 15:57:08 +00:00
Werner Koch
5a679857ef Describe %v and %V. 2010-10-11 12:36:27 +00:00
Werner Koch
a78335c9ce Add new option --with-keygrip 2010-10-08 11:11:08 +00:00
Werner Koch
002b30e75c Import fixes.
new otion for watchgnupg
2010-10-06 11:29:10 +00:00
Werner Koch
cc71376bce Don't set SSH_AGENTPID_INFO.
Doc fixes.
Allow TCP and local sockets in watchgnupg.
2010-10-05 19:05:43 +00:00
Werner Koch
aac728f33e Add a static FAQ.
Add rules to build and upload the faqs.
2010-10-05 13:56:25 +00:00
Werner Koch
adfa280d6f [w32ce] Do not print the faulty timezone info
Switch FAQ sources to org-mode
2010-10-04 21:08:34 +00:00
Werner Koch
bfbd80feb9 Exporting secret keys via gpg-agent is now basically supported.
A couple of forward ported changes.
Doc updates.
2010-10-01 20:33:53 +00:00
David Shaw
b8f9f9b1f6 Clarify that --force-v3-sigs disables (not enables) v4 options 2010-09-28 16:04:47 +00:00
Werner Koch
77d2908ce4 Add component pinentry as an easy way to figure out the default
pinentry.  Also allows to test whether pinentry is installed.
2010-08-19 09:53:55 +00:00
Werner Koch
34dde96669 Fix regression in logging.
Add a registry key to enable catch-all remote debugging for W32.
Replace more stdio stuff by estream.
2010-08-18 19:25:15 +00:00