* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
SHA-1 based signatures.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4)
Adjusted for changed added arguments in a function.
* kbx/keybox-init.c (keybox_lock): Add arg TIMEOUT and change all
callers to pass -1.
* g10/keydb.c (keydb_add_resource): Call keybox_compress.
--
Note that here in the 2.2 branch the way we call the locking in gpgsm
is different from the one in gpg. So we could not cherry-pick from
master.
GnuPG-bug-id: 4644
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-dump.c (_keybox_dump_file): Take deleted records in
account.
--
This also changes the numbering of the records to reflect the real
record number.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5ef0d7a795cf2462314ea0cb72c7efa7243ab405)
* kbx/keybox-update.c (keybox_compress): Use make_timestamp.
--
We have implemented the same in master, albeit we needed two commits
for that.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (akl_empty_or_only_local): New.
* g10/gpg.c (DEFAULT_AKL_LIST): New.
(main): Use it here.
(main) <aLocateExtKeys>: Set default AKL if none is set.
--
This better matches the expectations of the user. The used list in
this case is the default list ("local,wkd") with local ignored by the
command anyway.
GnuPG-bug-id: 4662
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d058d80ed0d5edeff6d85108054b1dfd45ddad7d)
* g10/options.h (glo_ctrl): Add flag silence_parse_warnings.
* g10/keylist.c (list_all): Set that during secret key listsings.
* g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do
not print info message normally emitted inh verbose mode.
(can_handle_critical_notation, enum_sig_subpkt): Ditto.
(parse_signature, parse_key, parse_attribute_subpkts): Ditto.
--
Those messages are annoying because they might be emitted due to
parsing public keys which are latter not shows because the secret part
is missing. No functional regressions are expected because --verbose
should not change anything.
Note that this suppression is only done if no arguments are given to
the command; that is if a listing of the entire keyring is requested.
Thus to see the earnings anyway, a listing of a single or group of
keys can be requested.
GnuPG-bug-id: 4627
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d7aca1bef68589134b36395901b92496a7a37392)
* g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
flags.
* sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7)
* g10/call-agent.c (struct getattr_one_parm_s): New.
(getattr_one_status_cb): New.
(agent_scd_getattr_one): New.
* g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from
pkcs#1.
* g10/getkey.c (enum_secret_keys): Move to...
* g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4)
This commit also incorporates "g10: Move enum_secret_keys to
skclist.c." Which was started with
commit 03a8de7def4195b9accde47c1dcb84279361936d
on master about a year ago.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 4681
* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
"$SIGNKEYID".
* scd/app-nks.c (do_getattr): Add attributes too.
--
We already have $AUTHKEYID to locate the keyref of the key to be used
with ssh. It will also be useful to have default keyref for
encryption and signing. For example, this will allow us to replace
the use of "OPENPGP.2" by a app type specific keyref.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 2b1135cf920cf3d863813d60f032d476dcccfb58)
Removed changes for the non-existing app-piv.c.
Added support for NKS.
* g10/call-agent.c (agent_scd_readkey): New.
* g10/keygen.c (ask_key_flags): Factor code out to ..
(ask_key_flags_with_mask): new.
(ask_algo): New mode 14.
--
Note that this new menu 14 is always displayed. The usage flags can
be changed only in --expert mode, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit a480182f9d7ec316648cb64248f7a0cc8f681bc3)
Removed stuff from gpg-card which does not exists in 2.2. No tests
yet done for this backport.
* common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f952226043824cbbeb8517126b5266926121c4e8)
Removed the changes in gpg-card which is not part of 2.2
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (opts): Add option.
(main): Set flag.
* g10/options.h: Add flags.use_only_openpgp_card.
* g10/call-agent.c (start_agent): Implement option.
--
With the previous patch we switch to autoselect an application
instead of requesting an openpgp card. This option allows to revert
this in case of use use cases which expected the former behaviour.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.c (start_agent): Use card app auto selection.
* g10/card-util.c (current_card_status): Print the Application type.
(card_status): Put empty line between card listings.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e47524c34a2a9f53c2507f67a0b41b460cee78b7)
* g10/call-agent.c (scd_keypairinfo_status_cb)
(agent_scd_keypairinfo): New. Taken from gpgsm.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6)
* g10/card-util.c (current_card_status): String changes.
(change_sex): Description change.
(cmds): Add "salutation"; keep "sex" as an alias.
--
Note that we can't change the used values or tags but at least the UI
should show reflect the real purpose of the field.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 166f3f9ec40888e10cb0c51017944bfc57503fc1)
* g10/call-agent.c (agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
--
Cherry-pick master commit of:
3ba091ab8c93c87741a451f579d63dd500d7621d
GnuPG-bug-id: 4652
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
value as defined section 6.2.6 in CCID specification.
--
Backport master commit of:
996c497a864d820af06333014b2c5f74d1054866
For TPDU level transfer, it was handled. This is fix for APDU level
transfer.
GnuPG-bug-id: 4646
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
level transfer.
(ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
level transfer.
--
Backported master commit of:
858dc9564326e65e6d8771af160d4513aea1e4eb
GnuPG-bug-id: 4654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/import.c (read_block): Make sure KEYID is availabale also on a
pending packet.
--
Reported-by: Phil Pennock
Fixes-commit: adb120e663fc5e78f714976c6e42ae233c1990b0
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver. Remove keyserver lookup just by the
keyid. Try a WKD lookup before a keyserver lookup.
--
The use of the the keyid for lookups does not make much sense anymore
since for quite some time we do have the fingerprint as part of the
signature.
GnuPG-bug-id: 4595
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9)
* tools/wks-receive.c (decrypt_data): Change limit.
--
The former limit ~1MiB of was used during development.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b0e8724b102535c27a8c973ec038d340858a8eb8)
* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.
--
inspired by patch from Damien Goutte-Gattat <dgouttegattat@incenp.org>
GnuPG-Bug_id: 4566
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (main): Change default.
--
Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures. That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.
To revert to the old behavior add
keyserver-optiions no-self-sigs-only,no-import-clean
to gpg.conf.
GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 23c978640812d123eaffd4108744bdfcf48f7c93)