Werner Koch
37228cfa05
Allow generation of card keys up to 4096 bit.
...
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg. This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.
Note: the card key generation in gpg is currently broken. The keys
are generated but it is not possible to create the self-signature
because at that time the gpg-agent does not yet know about the new
keys and thus can't divert the sign request to the card. We either
need to run the learn command right after calling agent_scd_genkey or
implement a way to sign using the currently inserted card. Another
option would be to get rid of agent_scd_genkey and implement the
feature directly in agent_genkey.
2011-06-16 14:27:33 +02:00
Werner Koch
817f07173c
Fixed regression in OpenPGP secret key export.
...
The protection used in the exported key used a different iteration
count than given in the S2K field. Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again. Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
2011-04-26 20:39:09 +02:00
Werner Koch
87a6a1c3fe
Post beta release updates
2011-03-08 14:00:04 +01:00
Werner Koch
444f2fe1cd
Prepare for 1.5.0beta2
2011-03-08 12:56:45 +01:00
Werner Koch
28c157b55c
Support X.509 certificate creation.
...
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.
Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file. An example parameter file
is
Key-Type: RSA
Key-Length: 1024
Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
Key-Usage: sign, encrypt
Serial: random
Name-DN: CN=some test key
Name-Email: foo@example.org
Name-Email: bar@exmaple.org
Hash-Algo: SHA384
not-after: 2038-01-16 12:44
This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm. The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
2011-03-01 14:42:56 +01:00
Werner Koch
0b5bcb40cf
Finished ECC integration.
...
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week. Adjusted my own ChangeLog
entries to be consistent with that entry.
Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future. "git diff -b" is useful
to read the actual changes ;-).
The ECC-INTEGRATION-2-1 branch can be closed now.
2011-02-03 16:35:33 +01:00
Werner Koch
2b933ae8f6
Fix for bug#1313. de.po update.
2011-01-20 15:11:25 +01:00
Werner Koch
2732f2ff3f
Fix bug #1311 .
2011-01-10 11:37:57 +01:00
Werner Koch
5fd7ff3488
Tweaks for gpgconf.
...
Fixed dirmngr bug 1010.
2010-12-14 19:17:58 +00:00
Werner Koch
fcb5f7d08f
s/AES/AES128/ in diagnostics and --list-config
2010-12-02 15:49:02 +00:00
Werner Koch
b3f9e2130e
Change stack size for Wince.
...
Allow for a longer agent atartup under wince.
Print gpg output via estream.
2010-11-23 18:46:41 +00:00
Werner Koch
2c982dcf86
Fix bug where scdaemon kills a non-daemon gpg-agent.
2010-11-11 15:07:37 +00:00
Werner Koch
dc5150db78
Honor TMPDIR.
2010-10-27 07:37:52 +00:00
Werner Koch
0f721abddf
Update scripts etc.
2010-10-26 12:25:47 +00:00
Werner Koch
54591341a4
More agent support for gpg.
2010-10-13 15:57:08 +00:00
Werner Koch
002b30e75c
Import fixes.
...
new otion for watchgnupg
2010-10-06 11:29:10 +00:00
Werner Koch
bfbd80feb9
Exporting secret keys via gpg-agent is now basically supported.
...
A couple of forward ported changes.
Doc updates.
2010-10-01 20:33:53 +00:00
Werner Koch
daab9aff3a
Merge secret keys during import
2010-09-02 15:11:51 +00:00
Werner Koch
87fac99112
Import OpenPGP keys into the agent.
2010-08-31 15:58:39 +00:00
Werner Koch
15330f36a7
Reworked the posix and w32 exechelpers.
2010-08-20 12:18:38 +00:00
Werner Koch
7e752a4208
Auto-start dirmngr.
2010-08-16 11:03:43 +00:00
Werner Koch
a22c38baad
Some work on the dirmngr
2010-07-23 16:16:14 +00:00
Werner Koch
c3f08dcb72
Merged Dirmngr with GnuPG.
...
A few code changes to support dirmngr.
2010-06-09 16:53:51 +00:00
Werner Koch
51e2703abe
Auto starting the agent does now work on CE.
2010-05-04 15:21:47 +00:00
Werner Koch
53c636c4c6
./autogen.sh --build-w32ce does now succeed.
2010-04-14 14:39:16 +00:00
Werner Koch
2cf687cb3e
First batch of changes to support W32CE.
...
Note that jnlib/w32-reg.c is not yet ready.
2010-02-26 18:44:36 +00:00
Werner Koch
4d693033ab
Implement dynamic S2K count computation.
2009-12-14 20:12:56 +00:00
Werner Koch
a51675fabe
Add option --cert-extension.
2009-12-10 13:00:30 +00:00
Werner Koch
9a96043be4
Unification of the search descriptor usage.
2009-12-08 16:30:33 +00:00
Werner Koch
85d778b9f6
Use ADNS for PKA and SRV records if no other resolver is available.
2009-12-07 15:52:27 +00:00
Werner Koch
49b00ffd67
allow for default algorithms in a gpg parameter file
2009-12-04 19:47:54 +00:00
Werner Koch
cb5491bfaf
support numeric debug levels.
2009-12-03 18:04:40 +00:00
Werner Koch
9e83404751
More stuff for the audit-log.
2009-12-02 18:33:59 +00:00
Werner Koch
536b6ab09f
Keep on hacking on g13. A simple --create and --mount does now work.
...
A hacked up encfs is required.
2009-10-13 19:17:24 +00:00
Werner Koch
b46c353318
Start a new development branch.
...
Translations are for now disabled.
2009-09-21 18:26:52 +00:00
Werner Koch
fd38b9227e
Post release version bumb
2009-09-04 17:52:40 +00:00
Werner Koch
7d0f99aa91
preparae release
2009-09-04 13:38:16 +00:00
Werner Koch
25659d66f1
Ask to insert the right OpenPGP card.
2009-08-11 10:56:44 +00:00
Werner Koch
31084d6dc9
Support writing of existing keys with non-matching key sizes.
2009-07-09 14:54:18 +00:00
Werner Koch
e50cac1d84
Changed default hash algorithm preferences
2009-07-09 08:52:31 +00:00
Werner Koch
2193992559
Impleemned gpgsm's IMPORT --re-import feature.
...
Typo fix.
2009-07-07 16:52:12 +00:00
Werner Koch
f6f5430e50
Reworked passing of envars to Pinentry.
2009-07-07 10:02:41 +00:00
Werner Koch
81972ca7d5
Create a pkcs#10 request directly from a card.
...
Deprecate gpgsm-gencert.sh script.
2009-07-02 09:49:31 +00:00
Werner Koch
1925cb37f9
Alow batch ode for gpgsm --gen-key.
...
Allow CSR generation using an existing key with gpgsm.
2009-07-01 18:30:33 +00:00
Werner Koch
e05aeca87b
Post release updates
2009-06-17 11:57:24 +00:00
Werner Koch
c998dd12a2
Preparing for 2.0.12.
2009-06-17 11:18:26 +00:00
Werner Koch
4fa261f8ec
Fix possible system freeze on Mac OS X.
2009-05-19 22:39:45 +00:00
Werner Koch
5e208460a1
Improved smartcard robustness.
2009-05-13 17:12:00 +00:00
Werner Koch
f8b4cd7650
Import/export of pkcs#12 now uses the gpg-agent directly.
...
Removed duplicated code (percent unescaping).
2009-04-01 10:51:53 +00:00
Werner Koch
990585ad7d
Signing using Netkey 3 cards does now work.
2009-03-26 19:27:04 +00:00
Werner Koch
458cd4a976
Preparing a snapshot.
2009-03-24 18:52:24 +00:00
Werner Koch
f07e762d68
Better syncronization of several smartcard sessions.
2009-03-24 11:40:57 +00:00
Werner Koch
c2c3cf4be1
Changed order of the confirmation questions for root certificates
...
and stores negative answers in trustlist.txt.
2009-03-19 10:21:51 +00:00
Werner Koch
588a7c34bb
Make sure not to leak file descriptors if running gpg-agent with a
...
command. Restore the signal mask to solve a problem in Mono.
2009-03-19 07:09:31 +00:00
Werner Koch
a9c317a95c
New gpg-agent command to list key information.
...
Gpgsm does now print the S/N of cards.
Consider ephemeral keys during listing an export.
2009-03-06 17:31:27 +00:00
Werner Koch
59d7a54e72
New PIN Callback attributes in gpg-agent.
...
Common prompts for keypad and simple card reader.
More support for Netkey cards; PIN management works now.
2009-03-05 19:19:37 +00:00
Werner Koch
c20b3db108
Add --reload command to gpgconf.
...
Fix a problem in exechelp.c
Get ready for a release.
2009-03-03 09:02:58 +00:00
Werner Koch
ec4a3eb3c5
Fix a gpg2 problem with removed cards.
...
Allow runtime conf change for scdaemon.
New commands for scdaemon.
2009-02-27 14:36:59 +00:00
Werner Koch
943f783de7
New scd getinfo subcommand deny_admin
2009-02-12 17:45:40 +00:00
Werner Koch
d1c2e66fbc
Change default gpgsm cipher back to 3DES.
...
Typo fixes.
2009-02-09 10:25:41 +00:00
Werner Koch
b8ffa0d947
Make --allow-admin the default.
2009-01-28 14:18:40 +00:00
Werner Koch
367281480a
Post release updates
2009-01-12 10:56:52 +00:00
Werner Koch
4adb5c03e7
preparing a release
2009-01-12 09:18:27 +00:00
Werner Koch
82ab848ea4
Update spanish translation.
...
Cleanups.
Allow utf-8 in email addresses.
2009-01-08 15:48:51 +00:00
Werner Koch
6558568912
Make gpg not depend on the RIPE-MD160 implementaion in Libgcrypt.
...
Fix SIG_ID computation.
2008-12-11 17:44:52 +00:00
Werner Koch
382d2f8efb
Minor fixes.
2008-12-09 08:58:02 +00:00
Werner Koch
b7ff1109f9
Fixed a temporary file name collision between gpg and gpgsm under Windows.
2008-11-20 16:26:40 +00:00
Werner Koch
aec79fc731
Minor cleanups.
2008-11-11 08:22:06 +00:00
Werner Koch
8997c155e3
Check that the socket is well and served by us.
2008-10-29 17:24:27 +00:00
Werner Koch
b519a52cea
Made scdaemon more robust on Windows.
2008-10-15 13:23:10 +00:00
Werner Koch
7d63aa42e5
Remove hacks which are not anymore needed since we now require Libgcrypt 1.4
2008-09-29 15:02:55 +00:00
Werner Koch
96f16f736e
Finished support for v2 cards with the exception of secure messaging.
2008-09-25 10:06:02 +00:00
Werner Koch
5a8bf0bec6
Fix gpg-preset-passphrase bug.
...
Cleanups
2008-09-03 09:37:32 +00:00
Werner Koch
a6a9181818
Start support of TCOS 3 cards.
...
Support restriction attribute.
Fix utf-8 printing problems.
Use AES by default.
2008-06-26 19:09:07 +00:00
Werner Koch
aa68a60301
Add controlo statement %ask-passphrase
2008-06-16 15:48:33 +00:00
Werner Koch
8e37ee4099
[W32] Change location of /etc.
2008-06-16 13:55:01 +00:00
Werner Koch
035c838f71
Made --fixed-list-mode obsolete.
2008-06-11 08:07:54 +00:00
Werner Koch
138bf2dc15
Fixed segv in gpg-agent (command marktrusted).
...
Replaced almost all free by xfree.
Translation fixes.
2008-05-27 12:03:50 +00:00
Werner Koch
69ae16636c
Add command --locate-key.
...
Fix auto-key-locate processing of "nodefault".
2008-05-07 15:40:36 +00:00
Werner Koch
08a612f26e
W32 related keyserver fixes.
2008-04-21 19:13:36 +00:00
Werner Koch
97ec9aac2b
Enhanced --auto-key-locate.
2008-04-08 11:04:16 +00:00
Werner Koch
df4e131786
Add CVE number.
2008-03-28 09:21:59 +00:00
Werner Koch
20e5cf7cb6
Post release update
2008-03-26 11:01:06 +00:00
Werner Koch
a2ede07293
Preparing a release.
2008-03-26 09:20:40 +00:00
Werner Koch
9a8ee6e6be
Changed the way i18n files are located under Windows. The setting of the
...
Registry key is not anymore required. Helpfiles are not properly located.
2008-03-25 19:41:11 +00:00
Werner Koch
d7f0b3bd89
Fix bug 894.
...
Change default keyserver.
Allow key protection with Camellia.
2008-03-25 08:33:31 +00:00
Werner Koch
c2a8254be7
Fix a bug in the ambigious name detection.
...
Minor cleanups.
2008-03-20 15:31:43 +00:00
Werner Koch
f13c5a48fc
Improve certificate chain construction.
...
Extend PKITS framework
2008-02-19 10:33:35 +00:00
Werner Koch
57d9ea99d9
Preparing a test release
2008-02-15 09:58:01 +00:00
Werner Koch
0819c1e8ca
Always search missing certifcates using a running Dirmngr's cache.
2008-02-13 16:47:14 +00:00
Werner Koch
c3b9005ec3
Typo fixes.
...
Portability fix for asschk.c
2008-01-26 22:12:23 +00:00
Werner Koch
157d4479aa
Preparing a release.
2007-12-20 08:52:40 +00:00
Werner Koch
9d66580cff
Allow verification of some broken S-TRUST generated signatures.
2007-12-13 15:45:40 +00:00
Werner Koch
aeb5a65f7c
Allow type 20 keys only with option --rfc2440.
2007-12-12 17:41:05 +00:00
Werner Koch
bae4b256c7
Support DSA2.
...
Support Camellia for testing.
More audit stuff.
2007-12-12 10:28:30 +00:00
Werner Koch
89671cdd64
More code for the audit log.
2007-12-06 15:55:03 +00:00
Werner Koch
55ba204bfa
Started to implement the audit log feature.
...
Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry.
Improved support for the quality bar.
Minor internal restructuring.
Translation fixes.
2007-11-19 16:03:50 +00:00
Werner Koch
fca02368da
New option --list-config for gpgconf.
2007-10-23 18:13:27 +00:00
Werner Koch
259a40c830
Enhanced gpg-conect-agent scripting.
...
Typo fixes in comments.
2007-10-19 14:51:39 +00:00
Werner Koch
31c19d1d68
Use Assuan socket wrapper calls.
...
Made socket servers secure under Windows.
2007-10-01 14:48:39 +00:00
Werner Koch
c1adbec2a3
post release version bump
2007-09-10 16:38:04 +00:00
Werner Koch
782e1bc00b
Preparing 2.0.7
2007-09-10 15:40:29 +00:00
Werner Koch
b13587ef16
New command --check-programs for gpgconf.
2007-08-29 09:51:37 +00:00
Werner Koch
f268889b8f
Add more passphrase policy rules.
...
(--max-passphrase-days).
2007-08-28 17:48:13 +00:00
Werner Koch
15d0cb42a1
Implemented more gpg-agen options to support certain passphrase policies.
...
New tool gpg-check-pattern.
2007-08-27 18:10:27 +00:00
Werner Koch
503f91e0ae
tryu harder to ignore duplicate specified keyrings and -boxes.
...
Documentation updates.
2007-08-24 09:34:39 +00:00
Werner Koch
a5743d1017
Post release version number bump
2007-08-16 10:57:35 +00:00
Werner Koch
ed801e3771
About to do a release
2007-08-16 10:42:06 +00:00
Werner Koch
d20d11a0ee
Documentaion updates.
...
Support doe Dirmngr under W32.
Fixed a yat2m bug.
2007-08-14 16:50:27 +00:00
Werner Koch
74d344a521
Implemented the chain model for X.509 validation.
2007-08-10 16:52:05 +00:00
Werner Koch
11573b09c4
Typo fixes.
...
Made --default-key work for gpgsm
Add --default-key and --encrypt-to to gpgconf.
2007-07-17 18:11:24 +00:00
Werner Koch
e6c6a66450
Post release updates
2007-07-05 20:29:14 +00:00
Werner Koch
d0d7c3f053
Prearing a release
2007-07-05 18:59:50 +00:00
Werner Koch
4631bc8ddf
Fixed card key generation of gpg2.
...
Reveal less information about timings while generating a key.
2007-07-05 16:58:19 +00:00
Werner Koch
93d3811abc
Changed to GPLv3.
...
Removed intl/.
2007-07-04 19:49:40 +00:00
Werner Koch
0b66f30d66
Implemented the --gen-key command as we can't use the gpgsm-gencert.sh under Windows.
2007-06-21 18:44:48 +00:00
Werner Koch
0cfbfd6186
A whole bunch of changes to allow building for Windows.
...
See the ChangeLogs for details.
2007-06-14 17:05:07 +00:00
Werner Koch
c2b08ff908
Print passphrase encoding info only in PEM mode.
2007-05-29 20:11:17 +00:00
Werner Koch
5f3bca9682
Use estream_asprintf instead of the GNU asprintf.
2007-05-15 16:10:48 +00:00
Werner Koch
edb3dc99e9
Preparing 2.0.4
2007-05-09 11:01:33 +00:00
Werner Koch
b89d98e335
Improved logging for error orginating from libgcrypt.
2007-04-20 16:59:37 +00:00
Werner Koch
fd628ffda1
Allow setting of the passphrase encoding of pkcs#12 files.
...
New option --p12-charset.
2007-03-20 10:00:55 +00:00
Werner Koch
083010a53d
* PKCS#12 import now tries several encodings in case the passphrase
...
was not utf-8 encoded.
2007-03-19 18:54:34 +00:00
Werner Koch
12b661166c
Changes to let the key listing use estream to help systems without
...
funopen.
2007-03-19 14:35:04 +00:00
Werner Koch
95b41996eb
Post release version number bump
2007-03-08 14:54:33 +00:00
Werner Koch
e0bbbb8a7f
Preparing the 2.0.3 release
2007-03-08 14:16:15 +00:00
Werner Koch
634b4c31d2
The Cherry XX44 keyboard's PINpad does now work.
...
DINSIG and NKS card applications are now also PIN pad aware.
2007-03-07 20:55:14 +00:00
Werner Koch
ed84b0f787
Support for a global gpgconf configuration file.
2007-03-06 20:44:41 +00:00
Werner Koch
9491ab44c5
Ported multiple-messages protection.
2007-03-05 14:56:31 +00:00
Werner Koch
f6243073a8
Add new SVN only file README.maint
...
doc/
* gpg.texi (GPG Configuration): Document envvar LANGUAGE.
(GPG Configuration Options): Document show-primary-uid-only.
g10/
* gpg.c (main): Add verify option show-primary-uid-only.
* options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New.
* mainproc.c (check_sig_and_print): Implement it.
* encr-data.c (decrypt_data): Correctly test for unknown algorithm.
* import.c (check_prefs): Ditto.
* keyedit.c (show_prefs): Ditto.
* mainproc.c (proc_symkey_enc): Ditto.
2007-02-26 20:24:29 +00:00
Werner Koch
fedae25efd
doc/
...
* gpg.texi (GPG Esoteric Options): No card reader options for gpg2.
scd/
* scdaemon.c (DEFAULT_PCSC_DRIVER): Add a default for OS X.
2007-02-18 13:48:03 +00:00
Werner Koch
b861561e47
Included LIBICONV in all Makefiles.
...
g10/
* passphrase.c (passphrase_get): Set the cancel flag on all error
from the agent. Fixes a bug reported by Tom Duerbusch.
sm/
* gpgsm.c (main): Let --gen-key print a more informative error
message.
2007-01-31 14:24:41 +00:00
Werner Koch
7eec2efa66
Added LIBINTL to more Makefile targets.
...
doc/
* com-certs.pem: Added the current root certifcates of D-Trust and
S-Trust.
g10/
* status.c (write_status_begin_signing): New.
* sign.c (sign_file, sign_symencrypt_file): Call it.
* textfilter.c (copy_clearsig_text): Call it.
* call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if
required.
* gpg.c (main): Let --no-use-agent and --gpg-agent-info print a
warning.
* misc.c (obsolete_option): New.
2007-01-30 20:16:28 +00:00
Werner Koch
6cee3e66c2
agent/
...
* protect-tool.c (get_passphrase): New arg OPT_CHECK.
(get_new_passphrase): Enable OTP_CHECK on the first call.
* command.c (cmd_get_passphrase): Implement option --check.
* gpg-agent.c (MIN_PASSPHRASE_LEN): New
(parse_rereadable_options): New option --min-passphrase-len.
* genkey.c (check_passphrase_constraints): New.
(agent_genkey, agent_protect_and_store): Call new function. Fix
memory leak.
* call-pinentry.c (agent_askpin): Allow translation of the displayed
error message.
(agent_popup_message_start): Remove arg CANCEL_BTN.
(popup_message_thread): Use --one-button option.
* command.c (cmd_passwd): Now that we don't distinguish between
assuan and regular error codes we can jump to the end on error.
common/
* simple-pwquery.c (simple_pwquery): New arg OPT_CHECK.
2007-01-25 08:30:47 +00:00
Werner Koch
0173cd5a98
Fixes for CVE-2006-6235
2006-12-06 10:16:50 +00:00
Werner Koch
252b668814
Preparing 2.0.1
2006-11-28 16:36:02 +00:00
Werner Koch
218380395e
Preparing 2.0.1rc1
2006-11-23 09:53:17 +00:00
Werner Koch
5885142c83
Made some PIN pads work.
...
Some cleanups for 64 bit CPUs.
2006-11-20 16:49:41 +00:00
Werner Koch
f48d38e7df
Post release update
2006-11-11 14:41:22 +00:00
Werner Koch
b5a8d7d268
.
2006-11-11 14:17:09 +00:00
Werner Koch
fac4babd9d
post release updates
2006-11-06 10:26:55 +00:00
Werner Koch
3608141f33
Preparing another release
2006-11-06 09:44:28 +00:00
Werner Koch
1e9f026d29
Post release update
2006-10-24 15:01:23 +00:00
Werner Koch
a2786169f2
Preparing another release
2006-10-24 14:45:34 +00:00
Werner Koch
7b8ea82ab6
.
2006-10-23 14:02:13 +00:00
Werner Koch
58785c880d
Allow to select X.509 certificates using the keygrip.
2006-10-20 11:38:48 +00:00
Werner Koch
df52700f5c
Fixes
2006-10-19 14:22:06 +00:00
Werner Koch
0f49adb44e
Preparing a release
2006-10-18 17:19:08 +00:00
Werner Koch
be410be660
Pth tweaks and improved estream.c
2006-10-17 14:34:42 +00:00
Werner Koch
43825e9dae
Allow pkcs#10 creation directkly from a smart card
2006-10-11 17:52:15 +00:00