1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

355 Commits

Author SHA1 Message Date
Daniel Kahn Gillmor
8ede3ae29a
gpg: default-preference-list: prefer SHA512.
* g10/keygen.c (keygen_set_std_prefs): when producing default internal
personal-digest-preferences, keep the same order.  When publishing
external preferences, state preference for SHA512 first.

--

SHA-512 has a wider security margin than SHA-256.  It is also slightly
faster on most of the architectures on which GnuPG runs today.  New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.

Specifically, this changes --default-preference-list from:

   SHA256 SHA384 SHA512 SHA224

to:

   SHA512 SHA384 SHA256 SHA224

This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-12-12 15:07:43 +01:00
NIIBE Yutaka
680161647a
g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
* g10/keygen.c (pSUBKEYGRIP): New.
(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
(do_generate_keypair): Support pSUBKEYGRIP.

--

In the manual, it says "Key-Grip".  gpgsm also supports "Key-Grip".
Adding "Subkey-Grip" now, adding "Key-Grip" makes sense.

GnuPG-bug-id: 3478
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 6c63a04569)
2017-11-06 12:10:09 +01:00
Werner Koch
87b94e08d7
gpg: Remove trailing comma in an enum.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-01 18:14:26 +01:00
NIIBE Yutaka
6c63a04569 g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
* g10/keygen.c (pSUBKEYGRIP): New.
(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
(do_generate_keypair): Support pSUBKEYGRIP.

--

In the manual, it says "Key-Grip".  gpgsm also supports "Key-Grip".
Adding "Subkey-Grip" now, adding "Key-Grip" makes sense.

GnuPG-bug-id: 3478
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-01 10:19:35 +09:00
Werner Koch
f6ab97fd96
Merge branch 'STABLE-BRANCH-2-2' into master
--
Resolved Conflicts:
	configure.ac - Adjust due to new log_clock otions
2017-10-27 13:56:15 +02:00
Werner Koch
44fb3fbc85
gpg: Fix creating on-disk subkey with on-card primary key.
* g10/keygen.c (generate_subkeypair): Ignore error code issued for
trying to verify a card based key.
--

We try to verify the primary key and thus seed the passphrase cache
before generating the subkey.  However, the verification does not yet
work for on-card keys and thus the PASSWD --verify send to the agent
returns an error.  This patch detects this error and continues without
a seeded passphrase cache.  After all that pre-seeding is just a
convenience.

GnuPG-bug-id: 3280
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 18:10:37 +02:00
Werner Koch
cd2d758f3f
Merge branch 'STABLE-BRANCH-2-2' into master
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Conflicts:
	NEWS - include release info from 2.2.1
	configure.ac - keep master.
2017-09-26 12:00:03 +02:00
Werner Koch
8b5a2474f2
gpg: Fix "Fix key generation with only an email part".
* g10/keygen.c (proc_parameter_file): Don't check the result of
stpcpy.
--

Fixes-commit: 7089dcc540
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-12 14:38:44 +02:00
Werner Koch
7089dcc540
gpg: Fix key generation with only an email part.
* g10/keygen.c (proc_parameter_file): Special case the email only
case.
--

Using a parameter file like

  %ask-passphrase
  key-type:      RSA
  key-length:    2048
  key-usage:     sign
  subkey-type:   RSA
  subkey-length: 2048
  subkey-usage:  encrypt
  name-email:    foo@example.org

with "gpg --gen-key --patch" the result was this key

  pub   rsa2048 2017-09-11 [SC]
        63A8C1BA12CC289A0E8072C971C7F8D4A18CE0BE
  uid           [ultimate]  <foo@example.org>
  sub   rsa2048 2017-09-11 [E]

At least the the extra leading space the left angle bracket is wrong.
Further some mail providers reject keys which consist of more than
just a plain mail address.  Using just a mail address is anyway the
new new suggested content for a user id.  With this patch the key
will be

  pub   rsa2048 2017-09-11 [SC]
        B302343C20EA6DECDB6A155135352F2520397080
  uid           [ultimate] foo@example.org
  sub   rsa2048 2017-09-11 [E]

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-11 11:29:13 +02:00
Daniel Kahn Gillmor
909fbca196 gpg: default to 3072-bit RSA keys.
* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0015-gpg-default-to-3072-bit-RSA-keys.patch
2017-09-08 11:37:42 -04:00
Werner Koch
6d95611d01
indent: Wrap an overlong line.
--

Folks, please set your editors to 80 columns to notice such flaws.
2017-07-27 11:41:40 +02:00
Marcus Brinkmann
94eea0ed2c g10: Make sure exactly one fingerprint is output with --quick-gen-key.
* g10/keygen.c (do_generate_keypair): Only set fpr in
list_keyblock_direct invocation if neither --fingerprint nor
--with-fingerprints are given.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2741
2017-07-26 18:10:21 +02:00
Justus Winter
badc1cdae5
gpg: Fix error handling.
* g10/keygen.c (generate_subkeypair): Handle errors from pinentry.
--

Previously, when generating a subkey, gpg would ask for the passphrase
of the primary key.  If that dialog is canceled, gpg would ask a
second time for a passphrase to protect the new subkey.

Fix this by handling the error.

GnuPG-bug-id: 3212
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-20 10:46:52 +02:00
NIIBE Yutaka
0ce94a9698 g10, sm, dirmngr, common: Add comment for fall through.
* common/b64dec.c (b64dec_proc): Comment to clarify.
* dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify.
* dirmngr/dirmngr-client.c (read_pem_certificate): Likewise.
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise.
* g10/armor.c (unarmor_pump): Likewise.
* g10/gpg.c (main): Likewise.
* g10/import.c (read_block): Likewise.
* g10/keygen.c (make_backsig): Likewise.
* g10/pkclist.c (check_signatures_trust):  Likewise.
* sm/gpgsm.c (main): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-10 11:13:12 +09:00
Werner Koch
8f2671d2cc
gpg: Pass CTRL to many more functions.
--

For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions.  Quite
a lot of changes but fortunately straightforward to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:07:20 +02:00
Werner Koch
afa8680908
gpg: Extend free_packet to handle a packet parser context.
* g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
FREE_LAST_PKT.
(init_parse_packet): Clear them.
(deinit_parse_packet): New macro.  Change all users if
init_parse_packet to also call this macro.
* g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
packet copies in the context.  Change all callers.
* g10/parse-packet.c (parse): Store certain packets in the parse
context.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-29 12:08:31 +02:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Justus Winter
0c4d0620d3
gpg: Always initialize the trust db when generating keys.
* g10/gpg.c (main): Always initialize the trust db when generating
keys.
* g10/keygen.c (do_generate_keypair): We can now assume that there is
a trust db.
--
It is important to mark keys we create as ultimately trusted.

Fixes-commit: 4735ab96aa
GnuPG-bug-id: 2695
Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-02 16:25:20 +01:00
Justus Winter
4735ab96aa
gpg: Fix (quick) key generation with --always-trust.
* g10/keygen.c (do_generate_keypair): Only update the ownertrust if we
do have a trust database.
* g10/trustdb.c (have_trustdb): New function.
* g10/trustdb.h (have_trustdb): New prototype.
* tests/openpgp/quick-key-manipulation.scm: Remove workaround.

GnuPG-bug-id: 2695
Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-02 14:50:23 +01:00
Werner Koch
2bbdeb8ee8
gpg: Allow creating keys using an existing ECC key.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Remove arg R_ALGO.
Change to return the algo id.  Reimplement using get_pk_algo_from_key.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Ditto.
--

GnuPG-bug-id: 2976
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-01 13:36:01 +01:00
Manish Goregaokar
64ec21bebd g10: fix typo
I already have copyright assignment with the FSF for GDB. I don't
think I'll need to do the DCO thing.

Signed-off-by: Manish Goregaokar <manish@mozilla.com>
2017-02-25 22:46:32 -08:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
NIIBE Yutaka
3fc69224b7 g10: Support primary key generation by keygrip.
* g10/keygen.c (para_name): Add pKEYGRIP.
(generate_keypair): Use pKEYGRIP for key generation.
(do_generate_keypair): Call do_create_from_keygrip with pKEYGRIP.

--

https://lists.gnupg.org/pipermail/gnupg-devel/2017-February/032591.html

Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
Suggested-by: Peter Lebbing <peter@digitalbrains.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-21 08:27:23 +09:00
Werner Koch
c99a09f111
gpg: Rename a var to avoid a shadowing warning.
* g10/keygen.c (keygen_set_std_prefs): Rename variable.
--

I consider it better not to use the name of a commonly used function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-12 10:40:43 +01:00
Justus Winter
09163a6390 g10: Spell out --full-gen-key.
* g10/gpg.c (opts): Spell out option.
(main): Likewise.
* g10/keygen.c (generate_keypair): Likewise.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:55 +01:00
Justus Winter
dd3dde07a9 g10: Create expiring keys in quick key generation mode.
* doc/gpg.texi: Document that fact.
* g10/keygen.c (quick_generate_keypair): Use a default value.
* tests/openpgp/quick-key-manipulation.scm: Test that fact.

GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 16:35:08 +01:00
Werner Koch
98433c7043
gpg: Fix memory leak in ecc key generation.
* g10/keygen.c (ecckey_from_sexp): Release curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-12 14:02:14 +01:00
Werner Koch
f1304ee9b2
gpg: Do not use a fixed string for --gpgconf-list:default_pubkey_algo.
* g10/keygen.c (get_default_pubkey_algo): New.
(parse_key_parameter_string): Use it.
* g10/gpg.c (gpgconf_list): Take value from new function.
--

Note that consumers of that gpgconf-list value may need to be adjusted
to that new value.  It should anyway only be used to display the
default algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-12 10:50:42 +01:00
Werner Koch
522e6f798d
gpg: Fix algo string parsing of --quick-addkey.
* g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1.
(parse_key_parameter_part): Use default key size if only "rsa", "dsa",
or "elg" is given.
--

The first change is the actual fix.  The second change avoids the
error "Invalid Curve" when only "rsa" instead of RSA2048 is given.

Fixes-commit: ce29272e24
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-12 10:13:06 +01:00
Justus Winter
d568a15616 g10: Create keys that expire in simple key generation mode.
* g10/keygen.c (default_expiration_interval): New variable.
(generate_keypair): Use the new default.
--
Cursory discussion on gnupg-devel@ suggested two years as a good
default expiration interval.

GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 14:38:31 +01:00
Werner Koch
ce29272e24
gpg: New option --default-new-key-algo.
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

This new option is intended to be used in the forthcoming
--set-profile command of gpgconf.  It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:47:40 +01:00
Werner Koch
b47603a0ac
gpg: Add new compliance mode "de-vs".
* g10/options.h (CO_DE_VS): New.
(GNUPG): Also allow CO_DE_VS.
* g10/gpg.c (oDE_VS): New.
(parse_compliance_option): Add "de-vs".
(set_compliance_option): Set "de-vs".
* g10/misc.c (compliance_option_string): Return a description string.
(compliance_failure): Ditto.
* g10/keygen.c (ask_algo): Take care of CO_DE_VS.
(get_keysize_range): Ditto.
(ask_curve): Add new field to CURVES and trun flags into bit flags.
Allow only Brainpool curves in CO_DE_VS mode.
--

As of now this compliance mode only restricts the set of algorithms
and curves which can be created.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 17:50:03 +01:00
Werner Koch
088d955bd8
gpg: Improve error message for --quick-gen-key.
* g10/keygen.c (parse_algo_usage_expire): Use a different error
message for an unknown algorithm name.
--

GnuPG-bug-id: 2832
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-10 12:18:33 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Werner Koch
9d6146d6f9
gpg: Replace two sprintf calls.
* g10/keygen.c (print_status_key_created): Use snprintf for now.
(ask_expire_interval): Replace xmalloc and sprintf by xasprintf.
--

Future updates: Replace code like

   r = xcalloc (1, sizeof *r + 20 );
   r->key = pKEYLENGTH;
   sprintf( r->u.value, "%u", info.key_attr[0].nbits);

by something like

   r = new_r_with_value ("%u", info.key_attr[0].nbits);
   r->key = pKEYLENGTH;

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-24 13:12:05 +02:00
NIIBE Yutaka
acef095164 g10: Fix card keygen for decryption.
* g10/keygen.c (do_generate_keypair): Fix arguments.

--

Reported-by: Grumpy
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-24 07:52:40 +09:00
NIIBE Yutaka
987bbb2276 g10: More card key generation change.
* g10/keygen.c (gen_card_key): Add back ALGO as the second argument.
Don't get ALGO by KEY-ATTR by this function.  It's caller to provide
ALGO.  Don't do that by both of caller and callee.
(generate_keypair): Only put paramerters needed.  Use parameters
for ALGO to call gen_card_key.
(generate_card_subkeypair): Get ALGO and call gen_card_key with it.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-22 08:45:35 +09:00
NIIBE Yutaka
d2653b1a6d g10,scd: Fix ECC keygen.
* g10/keygen.c (generate_keypair): For card key generation, fill
parameters by KEY-ATTR.

* scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
after its reference by OIDBUF is finished.
(ecc_writekey): Likewise.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 21:37:04 +09:00
NIIBE Yutaka
161cb22f13 g10: Support ECC for gen_card_key.
* g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
(do_generate_keypair, generate_card_subkeypair): Follow the change.

--
ALGO is determined by the key attribute of the card.

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 13:59:09 +09:00
NIIBE Yutaka
6e85ac77af Fix use cases of snprintf.
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 12:04:46 +09:00
NIIBE Yutaka
9a34e2142b agent, g10: Fix keygen.
* agent/command.c (cmd_readkey): Get length after card_readkey.
* g10/keygen.c (gen_card_key): Fix off-by-one error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 20:01:46 +09:00
NIIBE Yutaka
980c037bed g10: smartcard keygen change.
* g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove.
(scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS.
(agent_scd_genkey): Remove INFO argument.  CREATETIME is now in/out
argument.
(agent_readkey): Use READKEY --card instead of SCD READKEY.
* g10/keygen.c (gen_card_key): Use READKEY --card command of the agent
to retrieve public key information from card and let the agent make
a file for private key with shadow info.
--

This change removes gpg's KEY-DATA handling for SCD GENKEY.  Information
with KEY-DATA is simply not used.  Instead, it is read by READKEY --card
command of gpg-agent.  This can consolidate public key handling in a
single method by READKEY.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 13:30:47 +09:00
Werner Koch
0fd332bc1f
gpg: Allow use of "default" algo for--quick-addkey.
* g10/keygen.c (quick_generate_keypair): Write a status error.
(parse_algo_usage_expire): Set a default curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-14 09:46:10 +02:00
Werner Koch
30a011cfd6
gpg: Improve usability of --quick-gen-key.
* g10/keygen.c (FUTURE_STD_): New constants.
(parse_expire_string): Handle special keywords.
(parse_algo_usage_expire): Allow "future-default".  Simplify call to
parse_expire_string.
(quick_generate_keypair): Always allow an expiration date.  Replace
former "test-default" by "future-default".
--

Using an expiration date is pretty common, thus we now allow the
creation of a standard key with expiration date.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-13 11:30:54 +02:00
Werner Koch
d8bce478be
gpg: Make sure a user ID packet has always a terminating Nul in memory.
* g10/keygen.c (write_uid): Avoid overflow.
--

Also the actual length if the user ID is given by LEN, using NAME
diretcly is often more convenient.
2016-07-01 16:27:43 +02:00
Justus Winter
5fafd18d47 g10: Fix memory leak.
* g10/keygen.c (keygen_set_std_prefs): Fix memory leak.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-01 11:41:20 +02:00
Justus Winter
eb4cdbefb0 g10: Fix memory leak.
* g10/keygen.c (read_parameter_file): Free 'line'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-30 18:50:16 +02:00
Werner Koch
20ca075d96
gpg: Add hack to --quick-gen-key to create Curve25519 keys.
* g10/keygen.c (quick_generate_keypair): Add special algo string
"test-default".
--

Well, this is a hack to quickly create keys with the algorithms we
will eventually use as defaults.  Usage:

  gpg -v --quick-gen-key --passphrase '' --batch USERID test-default

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-28 15:53:59 +02:00
Werner Koch
09c6f71351
gpg: Do not print the validity after key generation.
* g10/keylist.c (struct keylist_context): Add field NO_VALIDITY.
(list_keyblock_print): Take care of it.
(list_keyblock_direct): Add arg NO_VALIDITY.
* g10/keygen.c (do_generate_keypair): Merge keyblock and print w/o
validity.
--

It will always be ultimate and by not printing it we avoid a lot of
garbage output due to the trustdb re-calculation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 20:01:15 +02:00
Werner Koch
334e993a71
gpg: Remove C-99ism, re-indent, and simplify one function.
* g10/call-agent.c (struct keyinfo_data): Rename to
keyinfo_data_parm_s.
(agent_get_keyinfo): Replace C-99 style init.
(keyinfo_status_cb): Use new fucntion split_fields.
* g10/export.c (match_curve_skey_pk): Add missings returns error
cases.
(cleartext_secret_key_to_openpgp): Better clear PK->PKEY first.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-11 20:42:28 +02:00
Daniel Kahn Gillmor
a3cb72af79
g10: Allow receiving cleartext secret keys from agent
* g10/export.c (match_curve_skey_pk): New function, testing whether an
OpenPGP public key and an S-expression use the same curve.
* g10/export.c (cleartext_secret_key_to_openpgp): New function,
filling in the secret key parameters of a PKT_public_key object from
a corresponding cleartext S-expression.
* g10/export.c, g10/main.h (receive_seckey_from_agent): Add cleartext
parameter, enabling retrieval of the secret key, unlocked.
* g10/export.c (do_export_stream): Send cleartext as 0, keeping current
behavior.
* g10/keygen.c (card_store_key_with_backup): Use cleartext=0 to ensure
that smartcard backups are all passphrase-locked.
--

This sets up internal functionality to be capable of exporting
cleartext secret keys, but does not change any existing behavior.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-11 11:16:19 +02:00
Daniel Kahn Gillmor
00f30cc01c
g10: report whether key in agent is passphrase-protected or not
* g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add
  r_cleartext parameter to report whether a key is stored without
  passphrase protection.
* g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to
  match new API.
* g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c,
  g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet
  need to know whether agent is passphrase-protected.

--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-11 11:09:09 +02:00
Werner Koch
22a7ef01aa
Replace use of opt.homedir by accessor functions.
* common/homedir.c (the_gnupg_homedir): New var.
(gnupg_set_homedir): New.
(gnupg_homedir): New.
* g10/options.h (struct opt): Remove 'homedir' and replace all users
by the new accessor functions.
* g13/g13-common.h (struct opt): Ditto.
* scd/scdaemon.h (struct opt): Ditto.
* sm/gpgsm.h (struct opt): Ditto.
* dirmngr/dirmngr.h (struct opt): Ditto.
* agent/preset-passphrase.c (opt_homedir): Ditto.
* agent/protect-tool.c (opt_homedir): Ditto.
--

This will make detection of a non-default homedir easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
Werner Koch
8d976a6b07
gpg: Add the fingerprint to KEY_CREATED for subkeys.
* g10/keygen.c (print_status_key_created): Make more robust by
allowing a NULL for PK.
(generate_subkeypair): Use print_status_key_created.
(generate_card_subkeypair): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 22:01:51 +02:00
Werner Koch
1b460f049e
gpg: Try to use the passphrase from the primary for --quick-addkey.
* agent/command.c (cmd_genkey): Add option --passwd-nonce.
(cmd_passwd): Return a PASSWD_NONCE in verify mode.
* g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
not send a RESET if given.
(agent_passwd): Add arg 'verify'.
* g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
(gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
(generate_subkeypair): Use sepeare hexgrip var for the to be created
for hexgrip feature.  Verify primary key first.  Make use of the
passwd nonce.  Allow for a static passphrase.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
Werner Koch
01285f909e
gpg: Extend the --quick-gen-key command.
* g10/keygen.c (quickgen_set_para): Add arg 'use'.
(quick_generate_keypair): Add args 'algostr', 'usagestr', and
'expirestr'.  Implement primary only key mode.
(parse_algo_usage_expire): Set NBITS for the default algo.
* g10/gpg.c (main): Extend --quick-gen-key command.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 18:38:10 +02:00
Werner Koch
dcc4cd8382
gpg: Improve the new parse_subkey_algostr_usagestr fucntion.
* g10/keygen.c (parse_usagestr): Allow "cert".
(generate_subkeypair): Factor expire parsing out to ...
(parse_subkey_algostr_usagestr): here.  Rename to ...
(parse_algo_usage_expire): this.  Add arg 'for_subkey'.  Set CERT for
primary key and check that it is not set for subkeys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 17:06:39 +02:00
Werner Koch
8f2a053a0f
gpg: New command --quick-addkey.
* g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
(ask_keysize): Factor code out to ...
(get_keysize_range, fixup_keysize): new.
(parse_parameter_usage): Factor parsing out to  ...
(parse_usagestr): new.  Allow use of "encr" as alias for "encrypt".
(parse_subkey_algostr_usagestr): New.
(generate_subkeypair): Add new args.  Implement unattended mode.

* g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
(find_by_primary_fpr): new.
(keyedit_quick_addkey): New.
* g10/gpg.c (aQuickAddKey): New.
(opts): Add --quick-addkey.
(main): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 16:01:48 +02:00
Werner Koch
64bfeafa52
gpg: Remove all assert.h and s/assert/log_assert/.
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-29 11:05:24 +02:00
Werner Koch
96bcd4220f
Now build "gpg" binary but install as "gpg2"
* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.

* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--

Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-04 18:40:25 +02:00
Werner Koch
fc30c079a3
gpg: Improve message when asking for key capabilities.
* g10/keygen.c (ask_key_flags): Improve message.
--

Because the curve is only selected after the capabilities are queried
we do not know whether ECDSA or EdDSA will eventually be used.  When
printing the possible capabilities we now use print "ECDSA/EdDSA" for
the algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-22 20:24:52 +01:00
Werner Koch
7f919063d3
gpg: Remove the extra prompt for Curve25519.
* g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
(ask_curve): Use a fixed table of curve names and reserve a slot for
Curve448.  Simplify CurveNNNN/EdNNNN switching.
(ask_curve): Remove the Curve25519 is non-standard prompt.
--

Given that ECC generation is only available in export mode and that
gpg will in any case support our current ed2559/cv25519 definition the
extra prompt does not make anymore sense.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-22 19:55:25 +01:00
Justus Winter
40f6529cee g10: Guard code against errors.
* g10/keygen.c (do_generate_keypair): Check for errors, in which case
'pri_psk' is NULL.

Fixes-commit: bf9d1248
Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-04 13:29:45 +01:00
Neal H. Walfield
10671c3a4c gpg: Use format_keyid rather than manually formatting the keyid.
* g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
manually formatting the keyid.
* g10/keygen.c (card_write_key_to_backup_file): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:02 +01:00
Neal H. Walfield
bf9d1248c8 gpg: Initialize the primary key when generating a key.
* g10/keygen.c (do_generate_keypair): Initialize
pri_psk->flags.primary, pri_psk->keyid and pri_psk->main_keyid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:01 +01:00
Werner Koch
9b28b82e7c
gpg: Add hidden key-edit subcommand "change-usage".
* g10/keyedit.c (cmdCHANGEUSAGE): New.
(cmds): Add command "change-usage".
(keyedit_menu): Handle that command.
(menu_changeusage): New.
* g10/keygen.c (keygen_add_key_flags): New.
(ask_key_flags): Add optional arg current.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-14 16:01:53 +01:00
Werner Koch
fc0c71dfe5
gpg: Allow new user ids with only the mail address.
* g10/keygen.c (ask_user_id): Allow empty name.
--

The --quick-gen-key command allows this and further some mail
providers require that a key has only the mail address to allow for
anonymous accounts.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-22 10:35:19 +01:00
Werner Koch
8a56a38387
gpg: Avoid warnings about possible NULL deref.
* g10/getkey.c (cache_public_key): Protect deref of CE which actually
can't happen.
* g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/.
* g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for
DB.
* g10/trustdb.c (update_min_ownertrust): Remove useless clearling of
ERR.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
008aa6e6d4
gpg: Fix warnings about useless assignments.
* g10/armor.c (parse_hash_header): Remove duplicate var assignment.
* g10/getkey.c (cache_user_id): Ditto.
* g10/keygen.c (ask_curve): Ditto.  This also fixes a small memory
leak.

* g10/keygen.c (proc_parameter_file): Remove useless assignment or
pointer increment.
(generate_keypair): Ditto.
* g10/getkey.c (finish_lookup, lookup): Ditto.
* g10/card-util.c (change_pin): Ditto.
* g10/gpg.c (main) <aVerify>: Ditto.
* g10/import.c (import): Ditto.
(print_import_check): Ditto
* g10/keyring.c (do_copy): Ditto.
* g10/tdbio.c (tdbio_read_record): Ditto.
* g10/trustdb.c (tdb_update_ownertrust): Ditto.
(update_validity): Ditto.

* g10/server.c (cmd_passwd): Remove useless call to skip_options.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
e70f7a54f2
gpg: Align notes about minimal keysize with actual checks.
* g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
export mode.  Improve readability.
--

GnuPG-bug-id: 2209
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-05 13:51:05 +01:00
Werner Koch
363ed2e892
gpg: Simplify status message code from commit b30c15bf.
* g10/keygen.c (card_write_key_to_backup_file): Simplify by using
hexfingerprint.
--

Note that the extra blank added to FPRBUF in the old code was not
needed because write_status_text_and_buffer already ensures that
there will be a space.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:46:05 +01:00
NIIBE Yutaka
aecf1a3c57 scd: Fix commit b30c15bf (again).
* g10/keygen.c (do_generate_keypair): Clear the variable S.

--

GnuPG-bug-id: 2201
2015-12-23 16:55:00 +09:00
Neal H. Walfield
5c759924fb gpg: Fix type.
* g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:07:51 +01:00
NIIBE Yutaka
72eaff1aa6 g10: Remove deprecated internal functions.
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.

--

Now, key generation is done by gpg-agent.  Asking passphrase is done
through pinentry invoked by gpg-agent.  It is done by
new internal function of card_store_key_with_backup.
2015-12-18 10:18:22 +09:00
NIIBE Yutaka
b30c15bf7c g10: Fix a regression for generating card key with backup.
* g10/main.h (receive_seckey_from_agent): Declare.
* g10/keygen.c (card_write_key_to_backup_file): New.
(card_store_key_with_backup): New.
(do_generate_keypair): Create a key on host for encryption key when
backup is requested.  Then, call card_store_key_with_backup.

--

GnuPG-bug-id: 2169
2015-12-18 10:02:38 +09:00
Werner Koch
a28ac99efe
gpg: Take care of keydb_new returning NULL.
* g10/keydb.c (keydb_new): Print an error message if needed.  Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.

* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.

* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--

Commit 04a6b903 changed keydb_new to return an error.  However the
error was not checked at most places which we fix with this patch.  To
make things easier keydb_new prints an error message itself.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:18:32 +01:00
Werner Koch
9fcc047d92
gpg: Change some error messages.
* g10/getkey.c (parse_def_secret_key): Change error message.  Replace
log_debug by log_info.
* g10/gpg.c (check_user_ids): Make function static.  Change error
messages.
(main): Change error messages.
* g10/revoke.c (gen_revoke): Ditto.
--

There are other smaller changes not described above.

This change tries to avoid new error messages so not to increase the
the number of translated strings or break too many existing
translations.  It also tries to use existing strings and changes the
quoting to the most common style used in gpg.

Key specifications should in general use double quotes.  Other values
should use single quotes.  However. sometimes it is not easy to
distinguish between values given on the command line and key
specifications.  According to old GNU coding standards diagnostics
should not start capitalized - whether this is a good idea is a
different thing but we used this rules for most strings.  However,
strings which are used interactively should be properly capitalized
and end with a dot.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:40:05 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Neal H. Walfield
a958ffd148 gpg: Indicate which characters are invalid.
* g10/keygen.c (ask_user_id): Indicate which characters are invalid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1143
2015-11-05 14:31:58 +01:00
Werner Koch
b6d621583f
gpg: Pass CTRL parameter to all key listing functions.
* g10/keylist.c (public_key_list): Add arg CTRL.
(secret_key_list): Ditto.
(list_all, list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_pka): Ditto.
(list_keyblock): Ditto.
(list_keyblock_direct): Ditto.
* g10/keygen.c (proc_parameter_file): Add arg CTRL.
(read_parameter_file): Ditto.
(quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
(generate_keypair): Pass arg CTRL.
* g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair.
--

This will help use to implement the --server mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 14:55:07 +02:00
Neal H. Walfield
0377db4b35 g10: Remove unused parameter.
* g10/keydb.h (keydb_locate_writable): Remove unused parameter
reserved.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:30:54 +02:00
NIIBE Yutaka
e5891a82c3 Curve25519 support.
* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.

--

When libgcrypt has Curve25519, GnuPG now supports Curve25519.
2015-08-06 17:00:41 +09:00
Werner Koch
740c4af703
doc: Updated HACKING.
--

Added used commit keywords.
Add some comments to the list of files.
2015-06-30 11:55:17 +02:00
Werner Koch
64e809b791
gpg: New command --quick-adduid.
* g10/keygen.c (ask_user_id): Factor some code out to ...
(uid_already_in_keyblock): new.
(generate_user_id): Add arg UIDSTR.  Fix leaked P.
* g10/keyedit.c (menu_adduid): Add new arg uidstring.  Adjust caller.
(keyedit_quick_adduid): New.
* g10/gpg.c (aQuickAddUid): New.
(opts):  Add command --quick-adduid.
(main): Implement that.
--

GnuPG-bug-id: 1956
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
Werner Koch
67a58118ab
gpg: Prepare to pass additional context to the list functions.
* g10/keylist.c (struct sig_stats): Rename to keylist_context and add
field check_sigs.
(keylist_context_release): New.
(list_all): Set listctx.check_sigs and call release func.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_print): Use .check_sigs field.  Repalce arg opaque by
listctx.
(list_keyblock): Ditto.  Make static.
(list_keyblock_direct): New.
* g10/keygen.c (do_generate_keypair): Replace list_keyblock by
list_keyblock_direct.
--

This is in preparation for the server mode and for a patch to speed up
--list-sigs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 19:46:25 +02:00
NIIBE Yutaka
f82c4a6d0d g10: Fix keytocard.
g10/call-agent.h (agent_scd_learn): Add FORCE option.
g10/call-agent.c (agent_scd_learn): Implement FORCE option.
g10/keygen.c (gen_card_key): Follow the change of option.
g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
g10/keyedit.c (keyedit_menu): Update private key storage by
agent_scd_learn.
--

This is not a perfect solution since there is a possibility user
unplug card before quitting 'gpg --keyedit' session.  Usually,
it works well.

GnuPG-bug-id: 1846
2015-04-03 17:39:59 +09:00
Werner Koch
9913253610
Move new mailbox.c source file to common/.
* g10/mailbox.c: Move to ...
* common/mbox-util.c: new file.
* common/mbox-util.h: New. Include where needed.
* g10/t-mailbox.c: Move to ...
* common/t-mbox-util.c: new file.
--

This will make it easier to use the code by other modules in common/.
2015-02-25 11:43:50 +01:00
Werner Koch
2183683bd6 Use inline functions to convert buffer data to scalars.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a388 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-11 10:28:25 +01:00
Werner Koch
b1d5ed6ac8 gpg: Allow predefined names as answer to the keygen.algo prompt.
* g10/keygen.c (ask_algo): Add list of strings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 09:12:36 +01:00
Werner Koch
6eebc56687 gpg: Fix segv introduced to commit 4d7c9b0.
* g10/keygen.c (get_parameter_passphrase): Take care of R == NULL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-27 09:11:58 +01:00
Werner Koch
297b1a0d15 gpg,sm: Remove unnecessary duplicated checks
--

Reported-by: Günther Noack <gnoack@google.com>
2015-01-23 15:30:03 +01:00
Werner Koch
11142e0ad7 gpg: Replace remaining old error code macros by GPG_ERR_.
* g10/gpg.h (g10_errstr): Remove macro and change all occurrences by
gpg_strerror.
(G10ERR_): Remove all macros and change all occurrences by their
GPG_ERR_ counterparts.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
Werner Koch
4d7c9b0e9a gpg: Support --passphrase with --quick-gen-key.
* g10/keygen.c: Include shareddefs.h.
(quick_generate_keypair): Support static passphrase.
(get_parameter_passphrase): New.
(do_generate_keypair): Use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 12:45:22 +01:00
Werner Koch
aa99ebde77 gpg: Re-enable the "Passphrase" parameter for batch key generation.
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
Werner Koch
616e511f27 gpg: Remove unused args from a function.
* g10/keyserver.c (parse_keyserver_uri): Remove args configname and
configlineno.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:15:36 +01:00
Werner Koch
f3f9f9b284 gpg: Let --card--status create a shadow key (card key stub).
* agent/command.c (cmd_learn): Add option --sendinfo.
* agent/learncard.c (agent_handle_learn): Add arg "send" andsend
certifciate only if that is set.
* g10/call-agent.c (agent_scd_learn): Use --sendinfo.  Make INFO
optional.
(agent_learn): Remove.
* g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
--

The requirement of using --card-status on the first use of card on a
new box is a bit annoying but the alternative of always checking
whether a card is available before a decryption starts does not sound
promising either.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 12:47:28 +01:00
Werner Koch
b716e6a699 gpg: Fix batch generation of ECC keys.
* g10/keygen.c (get_parameter_algo): Map ECC algorithm strings
directly.
--

Interactive generation of the keys uses the OpenPGP algorithms numbers
but batch generation allows the use of strings.

Reported-by: Gaetan Bisson.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 11:56:49 +01:00
Werner Koch
587a0956b9 gpg: Print use --full-gen-key note using the installed name of gpg.
--
2014-11-04 10:53:12 +01:00
Werner Koch
a929f36693 gpg: Do not show an useless passphrase prompt in batch mode.
* g10/keygen.c: Remove unused PASSPHRASE related code.
(proc_parameter_file): Remove useless asking for a passphrase in batch
mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 15:43:52 +01:00
Werner Koch
1b8decc476 gpg: Make card key generation work again.
* g10/call-agent.c (agent_scd_learn): Rename from agent_learn.
(agent_learn): New.
* g10/keygen.c (gen_card_key): Call new agent-learn.
--

Without a shadow key we can't create the self-signatures.  Thus we
need to issue the learn command after each key generation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:09:04 +02:00