This adds scdaemon "OPTION pin-prompt" and "OPTION pin-admin-prompt"
along with special escapes to replace in the prompt string to inform the
user of a signature count and admin PIN attempts remaining.
It also adds another "standard" pinentry escape "|I|" to ignore the
default pinentry prompt from gpg-agent and use the supplied 'info'
parameter unmodified (cannot be used with other pinentry flags).
* agent/divert-scd.c (getpin_cb): Add |I| pinentry flag to ignore the
default prompt and use the 'info' parameter as the entire prompt.
* scd/app-common.h (PIN_PROMPT_NONE, PIN_SIGN_PROMPT, PIN_ADMIN_PROMPT):
New enumeration.
(set_pin_prompt): New application callback to set a user-defined
pinentry prompt.
* scd/app-openpgp.c (verify_a_chv): Expand a user-defined pinentry
prompt.
(build_enter_admin_pin_prompt): Ditto.
(do_change_pin): Ditto.
(do_set_pin_prompt): New.
* scd/app.c (expand_pin_prompt): New.
(app_set_pin_prompt): Ditto.
* scd/command.c (set_pinentry_prompt): New.
(option_handler): Add option 'pin-prompt' and 'pin-admin-prompt'.
(open_card): Set the user-defined pinentry prompts after selecting an
application.
* agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c
(USE_GCRY_THREAD_CBS): New macro, defined if
GCRY_THREAD_OPTION_VERSION is 0.
(fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define.
(main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks.
* agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
* tools/gpg-connect-agent.c (help_cmd_p): New.
(main): Treat an "SCD HELP" the same as "HELP".
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
* command-ssh.c (card_key_available): Change wording of no key
diagnostic.
(ssh_handler_request_identities): Do not call card_key_available
if the scdaemon is disabled.
When this mode is set an inquire will be sent to the client to retrieve
the passphrase. This adds a new inquire keyword "NEW_PASSPHRASE" that the
GENKEY and PASSWD commands use when generating a new key.
The protection used in the exported key used a different iteration
count than given in the S2K field. Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again. Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
2011-04-20 Marcus Brinkmann <mb@g10code.com>
* command.c (cmd_import_key): Release key from failed import
before converting openpgp private key in the openpgp-private-key
case.
Without Libgcrypt 1.5 is was not possible to use ECC keys. ECC is
major new feature and thus it does not make sense to allow building
with an older Libgcrypt without supporting ECC.
Also fixed a few missing prototypes.
This was a regression in 2.1 introduced due to having the agent do the
signing in contrast to the old "SCD PKSIGN" command which accesses the
scdaemon directly and passed the hash algorithm. The hash algorithm
is used by app-openpgp.c only for a sanity check.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week. Adjusted my own ChangeLog
entries to be consistent with that entry.
Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future. "git diff -b" is useful
to read the actual changes ;-).
The ECC-INTEGRATION-2-1 branch can be closed now.
Import and export of secret keys does now work. Encryption has been
fixed to be compatible with the sample messages.
This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
Quite some changes were needed but in the end we have less code than
before. Instead of trying to do everything with MPIs and pass them
back and forth between Libgcrypt and GnuPG, we know use the
S-expression based interface and make heavy use of our opaque MPI
feature.
Encryption, decryption, signing and verification work with
self-generared keys.
Import and export does not yet work; thus it was not possible to check
the test keys at https://sites.google.com/site/brainhub/pgpecckeys .
