1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

95 Commits

Author SHA1 Message Date
Werner Koch
f98537733a Updated FSF's address. 2006-06-20 17:21:37 +00:00
Werner Koch
b9633196f4 Added qualified signature features. 2005-11-13 19:07:06 +00:00
Werner Koch
f289f433b6 * configure.ac: Require libksba 0.9.7.
* certreqgen.c (get_parameter_uint, create_request): Create
an extension for key usage when requested.

* gpgsm.c (main): Install emergency_cleanup also as an atexit
handler.

* verify.c (gpgsm_verify): Removed the separate error code
handling for KSBA.  We use shared error codes anyway.

* export.c (export_p12): Removed debugging code.

* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
2004-06-06 13:00:59 +00:00
Werner Koch
da89d93c77 * verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.
* certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do
not just warn if a cert is not suitable; bail out immediately.

* call-dirmngr.c (isvalid_status_cb): New.
(unhexify_fpr): New. Taken from ../g10/call-agent.c
(gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass
it thru.  Detect need to check the respondert cert and do that.
* certchain.c (gpgsm_validate_chain): Add new arg FLAGS.  Changed
all callers.
2004-04-05 17:25:21 +00:00
Werner Koch
45a817bf4a * gpgsm.c: New option --with-md5-fingerprint.
* keylist.c (list_cert_std): Print MD5 fpr.

* gpgsm.c: New options --with-validation.
* server.c (option_handler): New option "with-validation".
* keylist.c (list_cert_std, list_internal_keys): New args CTRL and
WITH_VALIDATION. Changed callers to set it.
(list_external_cb, list_external_keys): Pass CTRL to the callback.
(list_cert_colon): Add arg CTRL.  Check validation if requested.
* certchain.c (unknown_criticals, allowed_ca, check_cert_policy)
(gpgsm_validate_chain): New args LISTMODE and FP.
(do_list): New helper for info output.
(find_up): New arg FIND_NEXT.
(gpgsm_validate_chain): After a bad signature try again with other
CA certificates.

* import.c (print_imported_status): New arg NEW_CERT. Print
additional STATUS_IMPORT_OK becuase that is what gpgme expects.
(check_and_store): Always call above function after import.
* server.c (get_status_string): Added STATUS_IMPORT_OK.
2004-02-17 15:05:04 +00:00
Werner Koch
1a159fd8e3 * encrypt.c (init_dek): Check for too weak algorithms.
* import.c (parse_p12, popen_protect_tool): New.

* base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM.
Changed all callers.
(base64_reader_cb): Handle it here.
(gpgsm_reader_eof_seen): New.
(base64_reader_cb): Set a flag for EOF.
(simple_reader_cb): Ditto.
2004-02-13 12:40:23 +00:00
Werner Koch
cbd57643a7 Replaced deprecated type names.
* certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
(gpgsm_dump_serial): Ditto.

* decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
2003-12-17 12:28:24 +00:00
Werner Koch
c68eaa4b6b * gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp.
(gpgsm_init_default_ctrl): Set USE_OCSP to the default value.
* certchain.c (gpgsm_validate_chain): Handle USE_OCSP.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and
proceed accordingly.
2003-12-01 10:54:30 +00:00
Werner Koch
2f2eb1d202 * verify.c (gpgsm_verify): Fixed for changes API of gcry_md_info.
* certchain.c (unknown_criticals): Fixed an error code test.
2003-11-18 17:29:51 +00:00
Werner Koch
dba40e5e45 Mainly changes to adjust for the changed KSBA API. 2003-11-12 15:17:44 +00:00
Werner Koch
dd808fa15b * verify.c (strtimestamp_r, gpgsm_verify):
* sign.c (gpgsm_sign):

* keylist.c (print_time, list_cert_std, list_cert_colon):

* certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert):

* certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t.
2003-10-31 12:12:47 +00:00
Repo Admin
9ca4830a5b This commit was manufactured by cvs2svn to create branch
'GNUPG-1-9-BRANCH'.
2003-08-05 17:11:04 +00:00
Repo Admin
82a17c9fb3 This commit was manufactured by cvs2svn to create branch
'GNUPG-1-9-BRANCH'.
2002-10-19 07:55:27 +00:00
Werner Koch
e18e3875b7 * gpgsm.c (main): Use the log file only in server mode.
* import.c (print_imported_summary): New.
(check_and_store): Update the counters, take new argument.
(import_one): Factored out core of gpgsm_import.
(gpgsm_import): Print counters.
(gpgsm_import_files): New.
* gpgsm.c (main): Use the new function for import.
2002-08-20 13:09:53 +00:00
Werner Koch
47fc9f88a2 Made it compile. 2002-08-16 14:31:49 +00:00
Werner Koch
a8e9b350c0 * call-agent.c (learn_cb): Special treatment when the issuer
certificate is missing.
2002-08-16 13:55:03 +00:00
Werner Koch
9382b621ad * keylist.c (list_cert_colon): Print the short fingerprint in the
key ID field.
* fingerprint.c (gpgsm_get_short_fingerprint): New.
* verify.c (gpgsm_verify): Print more verbose info for a good
signature.
2002-08-10 09:14:21 +00:00
Werner Koch
850a4d5214 * gpgsm.c (emergency_cleanup): New.
(main): Initialize the signal handler.

* sign.c (gpgsm_sign): Reset the hash context for subsequent
signers and release it at the end.
2002-08-09 18:12:22 +00:00
Werner Koch
6aaa48054b * verify.c (gpgsm_verify): Extend the STATUS_BADSIG line with
the fingerprint.
2002-07-02 19:38:14 +00:00
Werner Koch
5795c02b09 * keydb.c (keydb_store_cert): Add optional ar EXISTED and changed
all callers.
* call-agent.c (learn_cb): Print info message only for real imports.

* import.c (gpgsm_import): Moved duplicated code to ...
(check_and_store): new function.  Added magic to import the entire
chain. Print status only for real imports and moved printing code
to ..
(print_imported_status): New.
2002-07-02 10:40:12 +00:00
Werner Koch
42cf865350 * certlist.c (gpgsm_add_to_certlist): Fixed locating of a
certificate with the required key usage.

* gpgsm.c (main): Fixed a segv when using --outfile without an
argument.

* keylist.c (print_capabilities): Also check for non-repudiation
and data encipherment.
* certlist.c (cert_usage_p): Test for signing and encryption was
swapped.  Add a case for certification usage, handle
non-repudiation and data encipherment.
(gpgsm_cert_use_cert_p): New.
(gpgsm_add_to_certlist): Added a CTRL argument and changed all
callers to pass it.
* certpath.c (gpgsm_validate_path): Use it here to print a status
message. Added a CTRL argument and changed all callers to pass it.
* decrypt.c (gpgsm_decrypt): Print a status message for wrong key
usage.
* verify.c (gpgsm_verify): Ditto.
* keydb.c (classify_user_id): Allow a colon delimited fingerprint.
2002-06-20 10:43:02 +00:00
Werner Koch
52146943d1 * call-agent.c (learn_cb): Use log_info instead of log_error on
successful import.

* keydb.c (keydb_set_ephemeral): New.
(keydb_store_cert): New are ephemeral, changed all callers.
* keylist.c (list_external_cb): Store cert as ephemeral.
* export.c (gpgsm_export): Kludge to export epehmeral certificates.

* gpgsm.c (main): New command --list-external-keys.
2002-06-19 08:30:10 +00:00
Werner Koch
0dec11fbe7 * sign.c (hash_and_copy_data): New.
(gpgsm_sign): Implemented normal (non-detached) signatures.
* gpgsm.c (main): Ditto.

* certpath.c (gpgsm_validate_path): Special error handling for
no policy match.

* configure.ac (NEED_LIBKSBA_VERSION): We need 0.4.3 now.
2002-06-12 09:54:57 +00:00
Werner Koch
a64b3686b4 * certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed
all callers.
* verify.c (gpgsm_verify): Tweaked usage of log_debug and
log_error.  Return EXPSIG status and add expiretime to VALIDSIG.
2002-05-03 20:18:54 +00:00
Werner Koch
7e07a397a0 * certlist.c (cert_usable_p): New.
(gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New.
(gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New.
(gpgsm_add_to_certlist): Check the key usage.
* sign.c (gpgsm_sign): Ditto.
* verify.c (gpgsm_verify): Print a message wehn an unsuitable
certificate was used.
* decrypt.c (gpgsm_decrypt): Ditto
* keylist.c (print_capabilities): Determine values from the cert.
2002-04-12 18:54:34 +00:00
Werner Koch
8337455483 * verify.c (gpgsm_verify): Detect certs-only message. 2002-03-12 13:36:29 +00:00
Werner Koch
c8454f792d * gpgsm.c, gpgsm.h: Add local_user.
* sign.c (gpgsm_get_default_cert): New.
(get_default_signer): Use the new function if local_user is not
set otherwise used that value.
* encrypt.c (get_default_recipient): Removed.
(gpgsm_encrypt): Use gpgsm_get_default_cert.
* verify.c (gpgsm_verify): Better error text for a bad signature
found by comparing the hashs.
2002-03-05 15:56:46 +00:00
Werner Koch
2a28f5d0ae * certlist.c (gpgsm_add_to_certlist): Check that the specified
name identifies a certificate unambiguously.
(gpgsm_find_cert): Ditto.
* server.c (cmd_listkeys): Check that the data stream is available.
(cmd_listsecretkeys): Ditto.
(has_option): New.
(cmd_sign): Fix ambiguousity in option recognition.
* gpgsm.c (main): Enable --logger-fd.
* encrypt.c (gpgsm_encrypt): Increased buffer size for better
performance.
* call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from
the agent.
* keylist.c (list_cert_colon): Filter out control characters.
2002-02-07 18:43:22 +00:00
Werner Koch
a9979e26a5 * import.c (gpgsm_import): Just do a basic cert check before
storing it.
* certpath.c (gpgsm_basic_cert_check): New.

* keydb.c (keydb_store_cert): New.
* import.c (store_cert): Removed and change all caller to use
the new function.
* verify.c (store_cert): Ditto.

* certlist.c (gpgsm_add_to_certlist): Validate the path

* certpath.c (gpgsm_validate_path): Check the trust list.
* call-agent.c (gpgsm_agent_istrusted): New.
2002-01-15 13:02:47 +00:00
Werner Koch
3b8cf6e497 * verify.c (gpgsm_verify): Implemented non-detached signature
verification.  Add OUT_FP arg, initialize a writer and changed all
callers.
* server.c (cmd_verify): Pass an out_fp if one has been set.
2001-12-20 16:51:06 +00:00
Werner Koch
5f116e9540 * base64.c (base64_reader_cb): Try to detect an S/MIME body part.
* certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made
global.
(print_time): Renamed to gpgsm_dump_time, made global.
(gpgsm_dump_serial): Take a real S-Expression as argument and
print the first item.
* keylist.c (list_cert_colon): Ditto.
* keydb.c (keydb_search_issuer_sn): Ditto.
* decrypt.c (print_integer_sexp): Removed and made callers
use gpgsm_dump_serial.
* verify.c (print_time): Removed, made callers use gpgsm_dump_time.
2001-12-20 13:25:08 +00:00
Werner Koch
56172ce393 Changes to be used with the new libksba interface.
libgcrypt-1.1.5 is required (cvs or tarball)
2001-12-18 17:37:48 +00:00
Werner Koch
6d27c940b2 * verify.c (gpgsm_verify): Add hash debug helpers
* sign.c (gpgsm_sign): Ditto.

* base64.c (base64_reader_cb): Reset the linelen when we need to
skip the line and adjusted test; I somehow forgot about DeMorgan.

* server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify)
(cmd_import): Close the FDs on success.
(close_message_fd): New.
(input_notify): Setting autodetect_encoding to 0 after initializing
it to 0 is pretty pointless.  Easy to fix.
2001-12-14 19:36:33 +00:00
Werner Koch
6a8c47bd29 Implemented encryption in server mode.
Allow to specify a recipient on the commandline
There is still a default hardwired recipient if none has been set.
2001-12-11 12:31:04 +00:00
Werner Koch
f312047a67 --encrypt does now work for a hardwired key. 2001-12-10 19:18:27 +00:00
Werner Koch
944fee70bc * base64.c: New. Changed all other functions to use this instead
of direct creation of ksba_reader/writer.
* gpgsm.c (main): Set ctrl.auto_encoding unless --no-armor is used.
This way we can feed PEM encoded stuff to --verify.
2001-11-27 17:40:09 +00:00
Werner Koch
99829ef5fb * keydb.c (keydb_add_resource): Create keybox
* keylist.c (gpgsm_list_keys): Fixed non-server keylisting.
* server.c (rc_to_assuan_status): New.  Use it for all commands.
2001-11-26 13:08:36 +00:00
Werner Koch
0e36c4c6a7 The agent does now work and read the secret keys from the directory
~/.gnupg-test/private-keys-v1.d/<keygrip-as-20-byte-hex-number>. I
will post a sample key to gpa-dev.
2001-11-25 18:23:06 +00:00
Werner Koch
bab7fa0b29 Added new directory common to enable sharing of some code and error
numbers between gpg, gpgsm and gpg-agent.  Move some files and code to
there.
2001-11-24 17:43:43 +00:00
Werner Koch
8e58435312 Signing does now work. There is no secret key management yet, so you
should set GPGSM_FAKE_KEY=1 before you try to verify a signature
created by gpgsm --sign or the SIGN server command.
2001-11-24 14:26:27 +00:00
Werner Koch
757c13a171 Just a Backup. We can now write out a basic signature which in turn
exhibits a bug in --verify.
2001-11-23 17:12:37 +00:00
Werner Koch
aa4f78a45a Map Libksba's OIDs to Libgcrypt digest algo numbers.
The latest Libgcrypt CVS version is needed.
2001-11-20 18:28:53 +00:00
Werner Koch
0b17666145 Write status output, make verify work in server mode. 2001-11-19 12:42:01 +00:00
Werner Koch
2b99de5a5d gpgsm --verify does now work like gpg including the
--enable-special-filenames option.
2001-11-19 10:25:00 +00:00
Werner Koch
0f26760d9f Base code for gpgsm --verify does work 2001-11-16 17:56:23 +00:00