1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

2531 Commits

Author SHA1 Message Date
NIIBE Yutaka
7b0a7c7148 gpg: Support MPI(0) by sos_read and mpi_print.
* g10/misc.c (mpi_print): Handle the case for MPI(0).
* g10/parse-packet.c (sos_read): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-10-08 17:23:33 +09:00
NIIBE Yutaka
c450eb1ccb experiment: Try to support new 448 key and signature.
--

Keygrip computation is still wrong, need to fix soon.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-10-08 17:22:15 +09:00
NIIBE Yutaka
dd2e092339 gpg: Handle backsig for v5 signature.
* g10/getkey.c (merge_selfsigs_subkey): Check v5 signature correctly.

--

GnuPG-bug-id: 5628
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-09-29 11:30:00 +09:00
NIIBE Yutaka
86cb04a23d gpg: Ed448 and X448 are only for v5 (for subkey).
* g10/keygen.c (generate_subkeypair): Specify
KEYGEN_FLAG_CREATE_V5_KEY for Ed448 or X448 key.

--

Reported-by: William Holmes
Fixes-commit: 36355394d8
GnuPG-bug-id: 5609
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-09-29 09:56:58 +09:00
NIIBE Yutaka
cc6152b802 gpg: Skip the packet when not used for AEAD.
* g10/free-packet.c (free_packet): Add the case for case
PKT_ENCRYPTED_AEAD.

--

GnuPG-bug-id: 5464
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-09-28 14:49:21 +09:00
Werner Koch
dbfb7f809b
gpg: Print a warning when importing a bad cv25519 secret key.
* g10/import.c (transfer_secret_keys): Add simple check.
--

Note that the requirement for a set high bit is not yet checked.
GnuPG-bug-id: 5464
2021-09-14 13:00:40 +02:00
Werner Koch
18e94c7229
Update release signing keys.
--

These are now

# ------------------------ >8 ------------------------
pub   rsa3072 2017-03-17 [SC] [expires: 2027-03-15]
      5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
sig    R     BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
uid                      Andre Heinecke (Release Signing Key)
sig 3        BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
sig          1FDF723CF462B6B1 2017-03-17  Andre Heinecke <aheinecke@intevation.de>

pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
      6DAA6E64A76D2840571B4902528897B826403ADA
uid                      Werner Koch (dist signing 2020)
sig 3        528897B826403ADA 2020-08-24  Werner Koch (dist signing 2020)
sig          249B39D24F25E3B6 2020-08-24  Werner Koch (dist sig)
sig          63113AE866587D0A 2020-08-24  wk@gnupg.org
sig          E3FDFF218E45B72B 2020-08-24  Werner Koch (wheatstone commit signing)
sig          F2AD85AC1E42B367 2020-08-24  Werner Koch <wk@gnupg.org>

pub   ed25519 2021-05-19 [SC] [expires: 2027-04-04]
      AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
uid                      Niibe Yutaka (GnuPG Release Key)
sig 3        E98E9B2D19C6C8BD 2021-05-19  Niibe Yutaka (GnuPG Release Key)
sig          00B45EBD4CA7BABE 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>
sig          E267B052364F028D 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>
2021-09-14 10:15:20 +02:00
Werner Koch
fdb726f77d
gpg: Print a note about the obsolete option --secret-keyring.
--

GnuPG-bug-id: 2749
2021-08-28 18:34:26 +02:00
Werner Koch
ad3dabc9fb
gpg: Change default and max AEAD chunk size to 4 MiB
--

This is per OpenPGP WG design team decision from 2021-08-13
(raising a new wall after exactly 60 years ;-)

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-27 12:06:57 +02:00
NIIBE Yutaka
3ed5f566fc gpg: Report the status of NO_SECKEY for decryption.
* g10/mainproc.c (proc_encrypted): Fix the condition to report
NO_SECKEY even when the key was not considered by get_session_key.

--

GnuPG-bug-id: 5562
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-24 10:39:59 +09:00
Werner Koch
c1a23c3664
gpg: Return SUCCESS/FAILURE status also for --card-edit/name.
* g10/card-util.c (change_name): Call write_sc_op_status.
--

Reported-by: Joey Berkovitz
2021-08-19 14:09:27 +02:00
Werner Koch
9579c77862
gpg: Let --fetch-key return an exit code on failure.
* g10/keyserver.c (keyserver_fetch): Return an error code.
* g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data.
--

GnuPG-bug-id: 5376
2021-06-25 09:55:52 +02:00
Werner Koch
bebc71d229
gpg,sm: Simplify keyserver spec parsing.
* common/keyserver.h: Remove.
* sm/gpgsm.h (struct keyserver_spec): Remove.
(opt): Change keyserver to a strlist_t.
* sm/gpgsm.c (keyserver_list_free): Remove.
(parse_keyserver_line): Remove.
(main): Store keyserver in an strlist.
* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist.  Avoid
an ambiguity in dirmngr by adding a prefix if needed.

* g10/options.h (struct keyserver_spec): Move definition from
keyserver.h to here.  Remove most fields.
* g10/keyserver.c (free_keyserver_spec): Adjust.
(cmp_keyserver_spec): Adjust.
(parse_keyserver_uri): Simplify.
(keyidlist): Remove fakev3 arg which does not make any sense because
we don't even support v3 keys.
--

We now rely on the dirmngr to parse the keyserver specs.  Thus a bad
specification will not be caught immediately.  However, even before
that dirmngr had stricter tests.

Signed-off-by: Werner Koch <wk@gnupg.org>
Ported-from: 9f586700ec
2021-06-16 12:03:13 +02:00
NIIBE Yutaka
9668ee097a gpg: Support KEYGRIP search with traditional keyring.
* g10/keyring.c (keyring_search): Handle KEYDB_SEARCH_MODE_KEYGRIP.

--

GnuPG-bug-id: 5469
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-03 13:32:25 +09:00
NIIBE Yutaka
2b50f94267 gpg: Ed448 and X448 are only for v5 for --full-gen-key.
* g10/keygen.c (generate_keypair): Set pVERSION = 5, pSUBVERSION = 5,
when it's Ed448 or X448.

--

Fixes-commit: 36355394d8
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-27 17:03:49 +09:00
Werner Koch
30563ea297
gpg: Partial fix for Unicode problem in output files.
* g10/openfile.c (overwrite_filep): Use gnupg_access.
--

As said, this is just an obvious but partial fix.  We need to review
things for the output module.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-25 13:39:59 +02:00
Werner Koch
260bbb4ab2
common: Annotate leaked memory in homedir.c
* g10/trustdb.c (how_to_fix_the_trustdb): Use gnupg_homedir.
* common/homedir.c (standard_homedir): Annotate leaked memory.
(gnupg_daemon_rootdir): Ditto.
(gnupg_socketdir): Ditto.
(gnupg_sysconfdir): Ditto.
(gnupg_bindir): Ditto.
(gnupg_libdir): Ditto.
(gnupg_datadir): Ditto.
(gnupg_localedir): Ditto.
(gnupg_cachedir): Ditto.
(gpg_agent_socket_name): Ditto.
(dirmngr_socket_name): Ditto.
(keyboxd_socket_name): Ditto.
(get_default_pinentry_name): Ditto.
(gnupg_module_name): Ditto.
(default_homedir): Ditto.  Make static.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-21 09:23:04 +02:00
Jakub Jelen
fa0771f609
g10: Avoid memory leaks
* g10/call-agent.c (card_keyinfo_cb): free keyinfo.  Restructure to
avoid backward gotos.
* g10/keyedit.c (menu_set_keyserver_url): properly enclose the block
* g10/keygen.c (gen_card_key): free pk and pkt

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393

Additional changes:
- Restructure to avoid backward gotos.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-20 14:42:29 +02:00
Jakub Jelen
2af7bb2295
g10: Fix memory leaks
* g10/card-util.c (change_pin): free answer on errors
  (ask_card_keyattr): free answer on error
* g10/cpr.c (do_get_from_fd): free string
* g10/gpg.c (check_permissions): free dir on weird error
* g10/import.c (append_new_uid): release knode
* g10/keyedit.c (menu_set_keyserver_url): free answer
  (menu_set_keyserver_url): free user
* g10/keygen.c (print_status_key_not_created): move allocation after
  sanity check
  (ask_expire_interval): free answer
  (card_store_key_with_backup): goto leave instaed of return
* g10/keyserver.c (parse_keyserver_uri): goto fail instead of return
* g10/revoke.c (gen_desig_revoke): release kdbhd
  (gen_desig_revoke): free answer
* g10/tofu.c (ask_about_binding): free sqerr and response
* g10/trustdb.c (ask_ownertrust): free pk

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Further changes:

* g10/card-util.c (change_pin): Do not set answer to NULL.
* g10/keyedit.c(menu_set_keyserver_url): Use !func() pattern.

Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5393
2021-05-20 13:38:39 +02:00
Werner Koch
40da61b89b
gpg: Improve speed of secret key listing.
* agent/command.c (cmd_keyinfo): Factor some code out to ...
(get_keyinfo_on_cards): ... new.
(cmd_havekey): Add --list mode.
* g10/gpg.h (struct server_control_s): Add new caching vars.
* g10/gpg.c (gpg_deinit_default_ctrl): Release cache.
* g10/call-agent.c (agent_probe_any_secret_key): Init and try to use
the keygrip cache.
(agent_genkey): Clear the cache.
(agent_import_key): Ditto.

* g10/keylist.c (list_all, list_one): Pass ctrl to
agent_probe_any_secret_key.
* g10/getkey.c (lookup): Ditto.
--

With this change we first ask the agent for a list of all secret
keygrips and use that list instead of asking the agent for each public
key.  Speeds up my "gpg -K" with a lot of secret and public keys by
more than 25%.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-19 02:42:35 +02:00
Werner Koch
b8e6e485ee
gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
* g10/call-dirmngr.c (record_output): Rewrite.
--

Thou shalt not percent-escape for C-unescaping.

Fixes-commit: 51341badb6
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-18 22:53:18 +02:00
Werner Koch
6dfae2f402
gpg: Use a more descriptive prompt for symmetric decryption.
* g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
(passphrase_to_dek_ext): Remove this obsolete prototype.
* g10/passphrase.c (passphrase_get): Add arg flags.  Use new flag
value.
(passphrase_to_dek): Add arg flags and pass it on.
* g10/mainproc.c (proc_symkey_enc): Use new flag.

* sm/decrypt.c (pwri_decrypt): Use "passphrase".
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 03f83bcda5)

Note that we keep on using the term "passphrase" although "password"
would be better.  There are however so many occurance of this and
given it is a bike shedding topic we fix that in the PO files.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-17 19:48:15 +02:00
Werner Koch
965bb0693c
A few minor code cleanups and typo fixes.
* agent/command-ssh.c (ssh_handler_request_identities): Remove double
check of ERR.
* g10/getkey.c (get_pubkey_byname): Remove double use of break.
* g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
failed malloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-11 09:06:34 +02:00
NIIBE Yutaka
ac731dbbbd gpg: Fix allocation for EXTRAHASH.
* g10/sign.c (clearsign_file): Fix the size to allocate.

--

GnuPG-bug-id: 5430
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-05-11 14:49:06 +09:00
Werner Koch
4fcfac6feb
gpg: Fix mailbox based search via AKL keyserver method.
* g10/keyserver.c (keyserver_import_name): Rename to ...
(keyserver_import_mbox): this.  And use mail search mode.
* g10/getkey.c (get_pubkey_byname): Change the two callers.
--

In contrast to a search via keyserver_import_ntds the older
keyserver_import_name used a full match of the provided name despite
that it is only called with an addr-spec (mbox).  Due to the mode the
pattern send to dirmngr was prefixed with a '=' and thus dirmngr used
an exact search;.  This did only work for provided user ids like
"foo@example.org" but not for "<foo@example.org>" or
"Foo <foo@xample.org>".  The old code dates back to 2010.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-26 15:32:51 +02:00
Werner Koch
99db4b0c7f
gpg: Do not use import-clean for LDAP keyserver imports.
* g10/options.h (opts): New field expl_import_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--

I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are.  Thus we
don't clean the key anymore so that key certifications are kept even
if the public key has not yet been imported.

See-commit: 6c26e593df
GnuPG-bug-id: 5387
2021-04-26 14:15:21 +02:00
Werner Koch
100037ac0f
gpg: Auto import keys specified with --trusted-keys.
* g10/getkey.c (get_pubkey_with_ldap_fallback): New.
* g10/trustdb.c (verify_own_keys): Use it.
2021-04-25 20:03:07 +02:00
Werner Koch
3cbc66410d
gpg: Replace an obsolete trustdb function.
* g10/trustdb.c (tdb_register_trusted_keyid): Make static.
(tdb_register_trusted_key): Replace register_trusted_keyid by
tdb_register_trusted_key.
* g10/keygen.c (do_generate_keypair): Ditto.
* g10/trust.c (register_trusted_keyid): Remove.
2021-04-23 20:45:25 +02:00
Werner Koch
50293ec2eb
gpg: Allow decryption w/o public key but with correct card inserted.
* agent/command.c (cmd_readkey): Add option --no-data and special
handling for $SIGNKEYID and $AUTHKEYID.
* g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
output.
* g10/skclist.c (enum_secret_keys): Automagically get a missing public
key for the current card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-23 08:50:39 +02:00
Werner Koch
ec36eca08c
gpg: Allow fingerprint based lookup with --locate-external-key.
* g10/keyserver.c (keyserver_import_fprint_ntds): New.
* g10/getkey.c (get_pubkey_byname): Detect an attempt to search by
fingerprint in no_local mode.
--

See the man page.  For testing use

  gpg --auto-key-locate local,wkd,keyserver --locate-external-key  \
    FINGERPRINT

with at least one LDAP keyserver given in dirmngr.conf.  On Windows
"ntds" may be used instead or in addtion to "keyserver".

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-21 18:32:21 +02:00
Werner Koch
f79e9540ca
keyboxd: Fix searching for exact mail addresses.
* kbx/kbxserver.c (cmd_search): Use the openpgp hack for calling
classify_user_id.
* kbx/backend-sqlite.c (run_select_statement): Remove angle brackets
in exact addrspec mode.
* g10/call-keyboxd.c (keydb_search): Do not duplicate the left angle
bracket.
* sm/keydb.c (keydb_search): Ditto.
--

Note that the openpgp hack flag of classify_user_id is actually a
misnomer because we actually hack a round a problem in gpgsm.  And it
is only over there that we don't set it there.  In keyboxd the flag
should be set.  And we need to remove the angle brackets of course
because that is how we create the addrspec column values.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-21 14:40:08 +02:00
Werner Koch
d153e4936e
gpg,sm: Ignore the log-file option from common.conf.
* g10/gpg.c (main): Don't use the default log file from common.conf.
* sm/gpgsm.c (main): Ditto.
--

That was acutally not intended and contradicts the description in
doc/example/common.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-21 14:40:08 +02:00
Damien Goutte-Gattat via Gnupg-devel
86f446fd44
gpg: Fix showpref to list AEAD feature.
* g10/keyedit.c (show_prefs): Show 'AEAD' if flags.aead is set.
--

The terse 'pref' command in the key editor correctly shows '[aead]'
if the uid->flags.aead is set, but the more verbose 'showpref'
command does not, due to an inverted condition check.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2021-04-19 13:18:38 +02:00
Werner Koch
d13c5bc244
gpg,gpgsm: Move use-keyboxd to the new conf file common.conf
* common/comopt.c, common/comopt.h: New.
* common/Makefile.am: Add them.
* g10/gpg.c: Include comopt.h.
(main): Also parse common.conf.
* sm/gpgsm.c: Include comopt.h.
(main): Set a flag for the --no-logfile option.  Parse common.conf.

* tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
pseudo option "use_keyboxd".
(known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
(known_options_gpgsm): Remove "use-keyboxd".

* tests/openpgp/defs.scm (create-gpghome): Create common.conf.

* doc/examples/common.conf: New.
--

Note that --use-keybox still works but prints a warning.  We will
eventually remove this option becuase it was marked as an experimental
feature anyway.

It would be too confusing if gpg and gpgsm use different key storages.
Further, other components (e.g. dirmngr or gpg-wks-client) which call
gpg or gpgsm need to be aware that the keyboxd is used and pass that
option on the command line.  Now that common.conf is always read (even
if --no-options is used) those tools will work instantly.
2021-04-19 11:33:19 +02:00
Werner Koch
d7e707170f
gpg: Lookup a missing public key of the current card via LDAP.
* g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
key from the current card via LDAP.
* g10/call-dirmngr.c: Include keyserver-intetnal.h.
(gpg_dirmngr_ks_get): Rename arg quick into flags.  Take care of the
new LDAP flag.
* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
Replace the use of the value 1 for the former quick arg.
(KEYSERVER_IMPORT_FLAG_LDAP): New.
* g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
length.
* dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
* dirmngr/server.c (cmd_ks_get): Add option --ldap.
--

This change makes it easy to start working with gnupg: Just insert the
smartcard or token provided to you and the first time you sign a
message the public key associated with the current card will be
imported and everything is set without any configuration.

This works only with an LDAP directory because it can be expected that
the public key has been put into the LDAP during card personalization.
Of course an LDAP server needs to be configured; in a Windows AD
domain this can be a mere "keyserver ldap:///" in dirmngr.conf.  Other
configured keyservers are ignored.

Requirements for the card driver: The $SIGNKEYID attribute must exists
and a query for the KEY-FPR attribute needs to return the OpenPGP
fingerprint for that key.  This is currently supported for OpenPGP
cards and certain PKCS#15 cards.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-16 20:21:23 +02:00
Werner Koch
6c26e593df
gpg: Do not use self-sigs-only for LDAP keyserver imports.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--

I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are.  Thus we
can allow the import of key signature from LDAP keyservers by default.

GnuPG-bug-id: 5387
2021-04-13 14:33:50 +02:00
Werner Koch
d984de172c
gpg: Minor restructuring of a function.
--

This is for easier reading and future changing.
2021-04-12 17:50:17 +02:00
NIIBE Yutaka
36355394d8 gpg: Ed448 and X448 are only for v5.
* g10/keygen.c (parse_key_parameter_part): Generate with version 5
packet, when it's Ed448 or X448.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-04-08 16:49:20 +09:00
Werner Koch
c922a798a3
Release GnuPG 2.3.0 2021-04-07 19:04:46 +02:00
Werner Koch
a78475fbb7
gpgconf: Return a new pseudo option compliance_de_vs.
* tools/gpgconf-comp.c (known_pseudo_options_gpg): Add
"compliance_de_vs".
* g10/gpg.c (gpgconf_list): Returh that pseudo option.
--

Of course this will always return false for this version of gnupg.
But as soon as this version has been approved we have everything ready
for a runtime check.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-01 13:11:16 +02:00
Werner Koch
f129b0e977
gpg: Allow ECDH with a smartcard returning just the x-ccordinate.
* g10/ecdh.c (extract_secret_x): Add extra safety check. Allow for
x-only coordinate.
2021-03-29 14:36:52 +02:00
Werner Koch
5346da61c1
gpg: No warning in quiet mode for S2K mode 0.
--
2021-03-24 12:27:35 +01:00
NIIBE Yutaka
14ef703ad6 gpg: Fix v5 signature for clearsign.
* g10/sign.c (clearsign_file): Prepare EXTRAHASH.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-03-24 15:50:12 +09:00
NIIBE Yutaka
90a5b4e648 gpg: Support ECDH with v5 key.
* g10/ecdh.c (build_kdf_params): Use the first 20 octets.
* g10/pkglue.c (pk_encrypt): Remove length check to 20.
* g10/pubkey-enc.c (get_it): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-03-24 14:51:42 +09:00
NIIBE Yutaka
1524a942b6 gpg: Support exporting Ed448 SSH key.
* common/openpgp-oid.c (oid_ed448, openpgp_oidbuf_is_ed448): New.
(openpgp_oid_is_ed448): New.
* common/util.h (openpgp_oid_is_ed448): New.
* g10/export.c (export_one_ssh_key): Support Ed448 key.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-03-22 16:57:18 +09:00
NIIBE Yutaka
0b45c5a994 gpg: Fix exporting SSH key.
* g10/export.c (export_one_ssh_key): Finish base 64 encoder before
writing out the comment string.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-03-22 16:55:29 +09:00
Werner Koch
1523b5f76f
gpg: New option --no-auto-trust-new-key.
* g10/gpg.c (oNoAutoTrustNewKey): New.
(opts): Add --no-auto-trust-new-key.
(main): Set it.
* g10/options.h (opt): Add flags.no_auto_trust_new_key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-15 10:47:19 +01:00
NIIBE Yutaka
cfc1497efa gpg: Fix compute_fingerprint for ECC with SOS.
* g10/keyid.c (hash_public_key): Tweak NBITS just as sos_write does.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-03-12 16:15:04 +09:00
Werner Koch
fe02ef0450
gpg: New option --force-sign-key
* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
(main): Set it.
* g10/options.h (opt): New flag flags.force_sign_key.
* g10/keyedit.c (sign_uids): Use new flag.
--

GnuPG-bug-id: 4584
2021-03-11 11:27:07 +01:00
James Bottomley
92b601fcee
gpg: Add new command keytotpm to convert a private key to TPM format
* agent/command.c (cmd_keytotpm): New.
(agent/command.c): Register new command KEYTOTPM.
* g10/call-agent.c (agent_keytotpm): New.
* g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm".
(keyedit_menu): Implement.

--

The plumbing is done in two parts: the agent is modified to understand
a KEYTOTPM assuan command taking the key grip as an argument.  This
simply obtains the key s expression and calls the existing writeky
diversion to the tpm2daemon.  The daemon reponds with the TPM
conversion of the key and that key is then stored in the keyfile as a
shadowed-private-key with "tpm2-v1" type.

To effect the conversion, all the user does from gpg --edit-key is
select which private key they wish to move (or move the primary if no
key is selected) and type keytotpm.  The conversion to TPM form is
instantaneous and once converted, the actual key cannot be recovered,
meaning that if you want your gpg key to move to a new laptop you must
keep an unconverted backup copy in a safe location.

When you do a list command, all TPM keys show up as

     card-no: TPM-Protected

The key is stored encrypted to the TPM2 storage seed and since each
TPM has a unique seed, only the single TPM contained in your laptop
can now read the key.  This means you cannot simply copy the shadowed
key file over to a new laptop, you must copy over the backup copy and
then convert it to TPM form on the new laptop.

To decomission your laptop, execute a tssclear command which
regenerates the storage seed and effectively shreds all keys.  Note
when you have done this *every* TPM2 shadowed private key becomes
unreadable by any TPM and all are effectively destroyed.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Very minor cosmetic changes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-10 13:34:18 +01:00