* g10/gpg.c (oOverrideSessionKeyFD): New.
(opts): Add option --override-session-key-fd.
(main): Handle that option.
(read_sessionkey_from_fd): New.
--
The override-session-key feature was designed to mitigate the effect
of the British RIP act by allowing to keep the private key private and
hand out only a session key. For that use case the leaking of the
session key would not be a problem. However there are other use
cases, for example fast re-decryption after an initial decryption,
which would benefit from concealing the session key from other users.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpgv.c (oEnableSpecialFilenames): New.
(opts): Add option --enable-special-filenames.
(main): Implement that option.
--
This is the same option we have in gpg. It allows to use commands
like
gpgv --enable-special-filenames -- '-&3' - <msg 3<msg.sig
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oCompliance): New.
(opts): Add "--compliance".
(parse_tofu_policy): Use a generic description string for "help".
(parse_compliance_option): New.
(main): Add option oCompliance. Factor out code for compliance
setting to ...
(set_compliance_option): new.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
These configuration files and instructions enable clean and simple
daemon supervision on machines that run systemd.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Removed the detailed ChangeLog entry because that is not needed for
doc changes.
- Added an entry to doc/examples/README.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
With commit d83ba4897bf217d1045c58d1b99e52bd31c58812 all system daemon
features have been removed and thus this should be reflected in the
man page.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c (query_swdb): Insert new field with the installed
version. Check that the supplied version does not contain a colon.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c (aQuerySWDB): New.
(opts): Add --query-swdb.
(valid_swdb_name_p): New.
(query_swdb): New.
(main): Implement command --query-swdb.
--
Right now this command is not very useful because dimngr has not yet
been changed to create the swdb.lst. For manual tests the swdb.lst
file from the Net can be used with these additional lines:
.filedate 20161102T130337
.verified 20161102T150000
There were several different variant spellings of "passphrase". This
should fix them all for all English text.
I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/dirmngr.c (main): Add new --supervised command, which is a
mode designed for running under a process supervision system like
systemd or runit.
* doc/dirmngr.texi: document --supervised option.
--
"dirmngr --supervised" is a way to invoke dirmngr such that a system
supervisor like systemd can provide socket-activated startup, log
management, and scheduled shutdown.
When running in this mode, dirmngr:
* Does not open its own listening socket; rather, it expects to be
given a listening socket on file descriptor 3.
* Does not detach from the invoking process, staying in the
foreground instead.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc/gpg-agent.texi: document "gpgconf --kill gpg-agent" for manual
agent termination.
This was requested in a side-comment in https://bugs.debian.org/840669
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/options.h (DBG_MPI): New.
* g10/gpg.c (set_debug): Use macro or extra parens for binary operator.
* g10/parse-packet.c (set_packet_list_mode): Use dbg macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (get_socket_path): Rename to ...
(get_socket_name): this. This is to comply with the GNU coding guide.
Use xtrymalloc instead of malloc. Do not build for W32.
(map_supervised_sockets): Use strtokenize and set the the socket names
here.
(main): Adjust for above change. Do not close the socket.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (get_socket_path): New function for POSIX systems
to return the path for a provided unix-domain socket.
(map_supervised_sockets): New function to inspect $LISTEN_FDS and
$LISTEN_FDNAMES and map them to the specific functionality offered by
the agent.
(main): Add --supervised command. When used, listen on already-open
file descriptors instead of opening our own.
* doc/gpg-agent.texi: Document --supervised option.
--
"gpg-agent --supervised" is a way to invoke gpg-agent such that a
system supervisor like systemd can provide socket-activated startup,
log management, and scheduled shutdown.
When running in this mode, gpg-agent:
* Does not open its own listening socket; rather, it expects to be
given a listening socket on incoming file descriptors.
* Does not detach from the invoking process, staying in the
foreground instead. Unless otherwise specified, logs are sent to
stderr.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
'browser-socket', enable ssh socket by default, but do not emit the
'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
* configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
* doc/gpg-agent.texi: Update documentation.
--
This change enables the restricted, browser, and ssh socket by
default. Note that in all cases, the user has to do some additional
configuration to her setup to make use of these features. Therefore,
this should not break any existing setups, but makes it simpler to
discover and use these features.
Signed-off-by: Justus Winter <justus@g10code.com>
--
The commands --help, --version, --dump-options are special in that
they can't be abbreciated on the command line. This is to avoid
problems with regular options with the same prefix.
Fixes-commit: 0a27d8a57c4c990fcada4278a1ce2e6fc9043e9
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmgnr/cdblib.c: comment used unnecesary hyphenation
* dirmngr/crlcache.h: comment was iso-8859-1
* doc/contrib.text: list contributors using UTF-8 (now we can
acknowledge many more people using their preferred orthography)
At least one other files remains in a non-UTF-8 encoding, which i'm
not sure what to do with:
- build-aux/speedo/w32/inst.nsi is ISO-8859-1, but maybe Windows needs
it that way?
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/keygen.c (FUTURE_STD_): New constants.
(parse_expire_string): Handle special keywords.
(parse_algo_usage_expire): Allow "future-default". Simplify call to
parse_expire_string.
(quick_generate_keypair): Always allow an expiration date. Replace
former "test-default" by "future-default".
--
Using an expiration date is pretty common, thus we now allow the
creation of a standard key with expiration date.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
(oDisableCheckOwnSocket): New.
(opts): Add --disable-check-own-socket.
(disable_check_own_socket): New var.
(parse_rereadable_options): Set that var.
(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
(handle_connections) [HAVE_INOTIFY_INIT]: New.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c: Include "sqrtu32.h".
(struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to
get_trust_gather_signature_stats. Add new field
get_trust_gather_encryption_stats.
(initdb): Create the encryptions table.
(ask_about_binding): Show the encryption statistics too.
(tofu_register): Rename from this...
(tofu_register_signature): ... to this and update callers.
(tofu_register_encryption): New function.
(write_stats_status): Add parameters encryption_count,
encryption_first_done and encryption_most_recent. Update callers.
Compute the trust using the euclidean distance of the signature and
signature count. Compare with twice the threshold. Include
encryption count information in the TFS and TOFU_STATS lines.
(show_statistics): Also get information about the encrypted messages.
* g10/trustdb.c (tdb_get_validity_core): Use it.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/import.c (impex_filter_getval): Add properties for key packets.
* g10/export.c (export_drop_subkey): New var.
(cleanup_export_globals): Release that var.
(parse_and_set_export_filter): Add filter "drop-subkey".
(apply_drop_subkey_filter): New.
(do_export_stream): Run that filter.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oWithTofuInfo): New.
(opts): Add --with-tofu-info.
(main): Set opt.with_tofu_info.
* g10/options.h (struct opt): Add field WITH_TOFU_INFO.
* g10/tofu.c (show_statistics): Add optional arg OUTFP and enter
special mode if not NULL. Change all callers.
(tofu_write_tfs_record): New.
* g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as
part of the "uid" record. Print a new "tfs" record if the new option
is set.
* tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record.
--
A separate option is required to avoid slowing down key listings.
Foer example the current code takes for a keylisting in tofu+pgp mode
17 seconds while it takes more than 5 minutes if the option is used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (write_stats_status): Add arg FP to print a colon
formated line. Adjust for changed TOFU_STATS interface.
(show_statistics): Let the query return timestamps and use
gnupg_get-time to compute the "time ago" values.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this. Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature. Remove system dameon
feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--
We are now starting dirmngr as needed as a user daemon. The
deprecated system daemon mode does not anymore make sense. In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (struct opt): Add field 'sender_list'.
* g10/gpg.c: Include mbox-util.h.
(oSender): New.
(opts): Add option "--sender".
(main): Parse option.
--
This option will eventually be used for more advanced purposes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h: Include stdint.h.
(struct opt): Add field 'input_size_hint'.
* g10/gpg.c (oInputSizeHint): New.
(opts): Add --input-size-hint.
(main): Set opt.input_size_hint.
* g10/progress.c (write_status_progress): Use the hint.
--
This is a prerequisite to fix
GnuPG-bug-id: 2368
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (struct opt): Remove field tofu_db_format.
* g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and
tofu.batch_update_started.
* g10/gpg.c (parse_tofu_db_format): Remove.
(main): Make option --tofu-db-format obsolete.
* g10/tofu.c: Major rework. Remove the pretty complicated and slower
split format and with that all the caching. Use the dbs struct
directly. Move global vars for batch update into CTRL. Change
calling conventions of some function to take CTRL or DBS pointers
instead of the former low-level database pointer.
--
The split database format might have been nice for use with Unison but
it bypasses the concept of a relational database by doing parts of
this itself and also risking deadlocks. Working with the Tofu
database for debugging or experiments is also not possible with parts
of the database logic implemented in gpg.
The Tofu support is quite new and we can assume that it is not in real
use now. Thus we better remove that now so that we do not need to
maintain it for all future.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version
--
The version of GnuPG in use is not particularly helpful. It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.
Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.
It's probably better to take the more parsimonious approach to
metadata production by default.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/keylist.c (list_keyblock_colon): Remove arg FPR. Always print
fingerprint records. For secret keys always print keygrip records.
--
The fingerprint should always be used thus we should always print it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
with clearer text.
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* tools/gpgconf.c (main) <aListDir>: Factor code out to ...
(list_dirs): new. Rewrite to use a table. Allow selection of a
items. Add "agent-ssh-socket".
--
This change makes the use of gpgconf in scripts easier. For example,
to set the envvar with the name of the socket used by ssh, it is now
possible to do this:
SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
which guarantees that the right name is used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (EXPORT_PKA_FORMAT): New.
* g10/keylist.c (list_keyblock_pka): Do not use DANE flag.
* g10/export.c: Include zb32.h.
(parse_export_options): Add options "export-pka" and "export-dane".
(do_export): Do not armor if either of these option is set.
(print_pka_or_dane_records): New.
(do_export_stream): Implement new options.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/mkdefsinc.c (print_filename): New.
(main): Use it here.
--
Our Jenkins uses an @ in directory names and thus our builds break.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New.
(opts): Add options --recipient-file and --hidden-recipient-file.
(main): Implement them. Also remove duplicate code from similar
options.
* g10/keydb.h (PK_LIST_FROM_FILE): New.
(PK_LIST_SHIFT): Bump up.
* g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE.
(find_and_check_key): Add and implement arg FROM_FILE.
(build_pk_list): Pass new value for new arg.
* g10/getkey.c (get_pubkey_fromfile): New.
* g10/gpgv.c (read_key_from_file): New stub.
* g10/test-stubs.c (read_key_from_file): New stub.
* g10/server.c (cmd_recipient): Add flag --file.
* g10/import.c (read_key_from_file): New.
* tests/openpgp/defs.scm (key-file1): New.
(key-file2): New.
* tests/openpgp/setup.scm: Add their private keys and import the
key-file1.
* tests/openpgp/encrypt.scm: Add new test.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oNoKeyring): New.
(opts): Add "--no-keyring".
(main): Do not register any keyring if the option is used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oImportFilter): New.
(opts): Add --import-filter.
(main): Handle option.
* g10/import.c: Include recsel.h, init.h, and mbox-util.h.
(import_keep_uid): New global var.
(cleanup_import_globals): New.
(parse_and_set_import_filter): New.
(filter_getval): New.
(apply_keep_uid_filter): New.
(import_one): Apply filter if set.
--
Funny new option. It can for example be used to export a key with
only one user id:
gpg --no-options --import --import-options import-export \
--import-filter keep-uid='mbox=wk@gnupg.org' \
< full-key.pub > key-with-one-uid.pub
More features will eventually be added.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/revoke.c (get_default_uid_revocation_reason): New.
* g10/keyedit.c (menu_revuid): Break out creation of uid revocation
into new function core_revuid.
* g10/keyedit.c (keyedit_quick_revuid): New. Selects key and
uid, invokes core_revuid.
* g10/gpg.c (main): Handle --quick-revuid argument.
* doc/gpg.texi: Document --quick-revuid.
--
This functionality is a counterpart to --quick-adduid, and will be
useful for projects that depend programmatically on gpg to revoke user
IDs (one such example is "monkeysphere-host revoke-servicename").
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Minor re-indentation work.
- Changed a "0 == memcmp" to "!memcmp"
- Removed tests/openpgp/quick-key-manipulation.test from the
Makefile. This test needs to be converted to gpgscm.
- Removed example from whats-new-in-2.1.txt because that is generated.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/yat2m.c (ATTR_PRINTF, ATTR_NR_PRINTF, ATTR_MALLOC): New.
(die, err, inf, xmalloc, xcalloc): New prototypes with attributes.
(get_section_buffer): Take care of !N_SECTIONS.
(proc_texi_cmd): Cast precision format arg.
(proc_texi_buffer): Do not set IN_CMD when not used afterwards.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (parse_import_options): Add option "import-export".
(write_keyblock_to_output): New.
(import_one): Implement option.
--
We are now in the import export business.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/Makefile.am (dist_pkgdata_DATA): Move qualified.txt and
com-certs.pem to ...
(EXTRA_DIST): here.
--
With Let's Encrypt there is no more need to push CA Cert.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (struct opt): Add field flags.rfc4880bis.
* g10/gpg.c (oRFC4880bis): new.
(opts): add --rfc4880bis.
(main): Implement that and print a warning.
--
This is option enables experimental features which may be dropped or
changed with the next release.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Remove deprecation warning.
--
Most options for the keyserver have been moved to dirmngr and thus it
does not make sense to favor "--keyserver-options auto-key-retrieve"
over the direct options --auto-key-retrieve and --no-auto-key-retrieve.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oDisableSignerUID): New.
(opts): New option '--disable-signer-uid'.
(main): Set option.
* g10/options.h (opt): Add field flags.disable_signer_uid.
* g10/sign.c: Include mbox-util.h.
(mk_notation_policy_etc): Embed the signer's uid.
* g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key
retrieval if --disable-signer-uid is used.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (PKT_signature): Add field 'signers_uid'.
* g10/parse-packet.c (parse_signature): Set this field.
* g10/free-packet.c (free_seckey_enc): Free field.
(copy_signature): Copy field.
* g10/mainproc.c (akl_has_wkd_method): New.
(check_sig_and_print): Extend NEWSIG status. If WKD is enabled try to
locate a missing key via the signature's Signer's User ID sub-packet.
Do this right before trying a keyserver lookup.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Add option "none" to --keyid-format.
* g10/options.h (KF_NONE): New.
* g10/keyid.c (format_keyid): Implement that.
(keystr): Use format "long" is KF_NONE is in use.
(keystr_with_sub): Ditto.
* g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE.
Factor some code out to ...
(print_key_line): new.
(print_fingerprint): Add mode 20.
* g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by
flags.primary in the PK. Fix putting a " revoked..." string into the
colons format.
* g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This
slightly changes the putput format.
* g10/revoke.c (gen_standard_revoke): Use print_key_line. This may
also put "expires: " into the output.
--
Due to user experience problems with the keyid and we better allow to
show the fingerprint instead. Note that we do not support v3 keys
anymore and thus there is no technical need for a user to know the
keyid.
GnuPG-bug-id: 2379
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
(ask_keysize): Factor code out to ...
(get_keysize_range, fixup_keysize): new.
(parse_parameter_usage): Factor parsing out to ...
(parse_usagestr): new. Allow use of "encr" as alias for "encrypt".
(parse_subkey_algostr_usagestr): New.
(generate_subkeypair): Add new args. Implement unattended mode.
* g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
(find_by_primary_fpr): new.
(keyedit_quick_addkey): New.
* g10/gpg.c (aQuickAddKey): New.
(opts): Add --quick-addkey.
(main): Implement.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (AC_CHECK_FUNCS): Remove tests for funopen.
--
Meanwhile we are using the portable functions from libgpg-error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (show_statistics): Print TOFU STATS with formatting
characters.
--
We better leave the non-breaking space character in the status
messages so that the caller can make use of them.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_KEY_CONSIDERED): New.
* g10/getkey.c: Include status.h.
(LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
(finish_lookup): Add arg R_FLAGS. Count expired and revoked keys and
set flag. Check a requested usage before checking for expiraion or
revocation.
(print_status_key_considered): New.
(lookup): Print new status.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_delete_key): Make the --force option depend on
--disallow-loopback-passphrase.
* g10/call-agent.c (agent_delete_key): Add arg FORCE.
* g10/delkey.c (do_delete_key): Pass opt.answer_yes to
agent_delete_key.
--
Unless the agent has been configured with
--disallow-loopback-passpharse an unattended deletion of a secret key
is now possible with gpg by using --batch _and_ --yes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
(opts): Add --no-allow-loopback-pinentry. Hide
description of --allow-loopback-pinentry.
(parse_rereadable_options): Set opt.allow_loopback_pinentry by
default.
(main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
in the gpgconf list.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
--
Given that a user can anyway change that options in the gpg-agent.conf
file and that gpg needs to be invoked with --pinentry-mode=loopback
the former default does not make much sense - in that option is useful
at all. There was a discussion of this topic on gnupg-devel in April
without a clear result. So we try this new default and just in case
real problems are found for the majority of installations, we can
revert that. The new default is also aligned with GnuPG's policy to
make its use easier and only require users with very high security
standards to tweak certain options (those users have anyway modeled
their threat model and configured their software according to this).
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method. Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt): Add field 'with_wkd_hash'.
(AKL_WKD): New.
* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--
The Web Key Directory is an experimental feature to retrieve a key via
https. It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.
For example the URI to lookup the key for Joe.Doe@Example.ORG is:
https://example.org/.well-known/openpgpkey/
hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q
(line has been wrapped for rendering purposes). The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part. The
address wk@gnupg.org can be used for testing.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/mkdefsinc.c (main): Add double include guard. Set variable
gpgtwohack. Define macros gpgname and gpgvname.
* doc/gpg.texi: Remove macro definition for gpgname. Use Texinfo var
gpgtwohack to prepare the man pages. Use @gpgname everywhere.
* doc/gpgv.texi: Likewise.
* doc/Makefile.am (myman_pages): Remove gpg2.1 and gpgv2.1 but add
them depending on USE_GPG2_HACK.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'.
* sm/Makefile.am (gpgsm_SOURCES): Add new files
* sm/call-agent.c (struct default_inq_parm_s): New definition.
(start_agent): Pass in the pinentry mode.
(default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries.
Adapt all call sites to the new callback cookie.
* sm/gpgsm.c (cmd_and_opt_values): Add new values.
(opts): Add new options.
(main): Handle new options.
* sm/gpgsm.h (struct opt): Add field 'pinentry_mode'.
* sm/passphrase.c: New file.
* sm/passphrase.h: Likewise.
GnuPG-bug-id: 1970
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpgsm.texi: Drop description.
* sm/gpgsm.c (cmd_and_opt_values): Drop enum value.
(opts): Drop argument.
(main): Drop argument handling.
* sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'.
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gnupg-module-overview.svg: New.
* doc/debugging.texi (Component interaction): New.
* doc/Makefile.am (EXTRA_DIST): Add PNG and PDF versions of
gnupg-module-overview.svg. Remove two eps files.
(BUILT_SOURCES): Add gnupg-module-overview.pdf and .png. Remove
gnupg-card-architecture.epsl
(gnupg_TEXINFOS): Add gnupg-module-overview.svg
(gnupg.dvi): New.
(DISTCLEANFILES): Remove build eps files.
--
Many thanks to Emanuel Schütze for helping with the redesign of the
module overview. The original file has been used by mere for years in
talks but was never a proper part of GnuPG.
The EPS files have been removed due to their size. Thus to build the
"dvi" target the convert tool is required.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/gpg-agent.texi (Agent Options): Add comment to the description
of --debug-quick-random that rngd can also be used to quickly generate
key.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/revoke.c (gen_standard_revoke): Improve header text for the
file. Add info output.
--
GnuPG-bug-id: 1724
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Add LIST_SHOW_USAGE.
--
The usage flags are often useful and they don't take away much space
in a key listing. Thus it is better to have them enabled by default.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_WARNING): New.
* g10/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
* g10/call-dirmngr.c: Include status.h.
(warn_version_mismatch): New.
(create_context): Call warn function.
* sm/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
(gpgsm_agent_learn): Call warn function.
* sm/call-dirmngr.c (warn_version_mismatch): New.
(prepare_dirmngr): Call warn function.
--
We have seen too often bug reports which are due to still running old
versions of the daemons. To catch this problematic use we now print
warning messages and also provide the warning via the status
interface.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
* dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
--keyserver options.
* dirmngr/server.c (server_local_s): Add field 'tor_state'.
(release_uri_item_list): New.
(release_ctrl_keyservers): Use it.
(start_command_handler): Release list of keyservers.
(is_tor_running): New.
(cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
(ensure_keyserver): Rewrite.
* g10/dirmngr-conf.skel: Add two keyserver options.
--
This feature is independent of --use-tor and automagically uses Tor if
available. The dirmngr.conf file needs to specify two keyservers to
make this work. For new installations this is done using the skeleton
file. This feature requires the Libassuan 2.4.2 to work.
This patch also fixes a memory leak of opt.keyserver en passant.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (menu_select_key): Take an additional argument, p.
Update callers. If P is a hex string, then assume that P is a key id
or fingerprint and select subkeys with matching key ids or
fingerprints.
* doc/gpg.texi: Update documentation for the key subcommand.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1423
Debian-bug-id: 610336
* g10/options.h (opt): Add field only_sign_text_ids.
* g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
(opts): Handle oOnlySignTextIDs.
(main): Likewise.
* g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
select non-text based IDs automatically.
(keyedit_menu): Adapt the prompt asking to sign all user ids according
to OPT.ONLY_SIGN_TEXT_IDS.
* doc/gpg.texi: Document the new option --only-sign-text-ids.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1241
Debian-bug-id: 569702