1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

2091 Commits

Author SHA1 Message Date
Werner Koch
f5d3b982e4
gpg: Stop early when trying to create a primary Elgamal key.
* g10/misc.c (openpgp_pk_test_algo2): Add extra check.
--

The problem is that --key-gen --batch with a parameter file didn't
detect that Elgamal is not capable of signing and so an error was only
triggered at the time the self-signature was created.  See the code
comment for details.

GnuPG-bug-id: 4329
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8)
2019-01-22 10:08:06 +01:00
Werner Koch
f7ff25edad
gpg: In search-keys return "Not found" instead of "No Data".
* g10/keyserver.c (keyserver_search): Check for NO_DATA.
--

GnuPG-bug-id: 3830
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e7252ae57f3c9da557f23295268f74dd25fee3a1)
2018-12-11 12:31:36 +01:00
NIIBE Yutaka
d4bc805152 scd: Make "learn" report about KDF data object.
* scd/app-openpgp.c (do_learn_status): Report KDF attr.
* g10/card-util.c (current_card_status): Output KDF for with_colons.

--

Backport of master commit: 05d163aebc04db109ec5e004eb04a4b3796f6421
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-12-06 17:11:55 +09:00
NIIBE Yutaka
751ff784e5 card: Display if KDF is enabled or not.
* g10/call-agent.h (kdf_do_enabled): New field.
* g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
* g10/card-util.c (current_card_status): Inform the availability.

--

Cherry pick of master commit: a5542a4a702c2210facf58a98bc8d3d16089b6ab
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-12-06 17:05:03 +09:00
NIIBE Yutaka
293001e2c6 g10: Fix memory leak for --card-status.
* g10/card-util.c (card_status): Release memory of serial number.

--

Cherry pick of master commit: fe8b6339542f3b1228b5fd56fc710ea3b07a3a2b
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-12-06 17:03:30 +09:00
NIIBE Yutaka
c5aba093b8
g10: Fix print_pubkey_info new line output.
* g10/keylist.c (print_pubkey_info): Reverse the condition.

--

This mistakes were introduced when replacing by estream.

It resulted 'gpg --card-status' from a process with no controlling
terminal fails.

Fixes-commit: fb2ba98963beea249474f5d6d7345cf9b4b7f570
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit e154fba30ba0d5f29040a33f5c1b5c25b441b69f)
2018-12-05 08:56:13 +01:00
Werner Koch
9b53845168
gpg: New list-option "show-only-fpr-mbox".
* g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
* g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
* g10/keylist.c (list_keyblock_simple): New.
(list_keyblock): Call it.
(list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49)

* g10/keylist.c (list_keyblock_simple): Remove optional arg from
mailbox_from_userid
2018-12-05 08:48:14 +01:00
Jussi Kivilinna
6008410e51
g10/mainproc: disable hash contexts when --skip-verify is used
* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
opt.skip_verify is set.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit 73e74de0e33bbb76300f96a4174024779047df06)
2018-12-05 08:26:09 +01:00
Werner Koch
edeebe0a6b
gpg: Improve error message about failed keygrip computation.
* g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc)
2018-12-05 08:13:16 +01:00
Werner Koch
6acca0e4d9
doc: Clarify use of clear and nodefault in the AKL.
--

(cherry picked from commit e5c3a6999a374813134a9e68744444c25c3017f6)
2018-11-21 09:22:00 +01:00
NIIBE Yutaka
627839ea88 g10: Fix print_keygrip for smartcard.
* g10/card-util.c (print_keygrip): Use tty_fprintf.

--

Reported-by: Joey Pabalinas <joeypabalinas@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-06 15:31:39 +09:00
Werner Koch
82cd7556fd
gpg: Don't take the a TOFU trust model from the trustdb,
* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--

This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb.  This also requires that
the tofu trust model is requested on the command line.  If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,

GnuPG-bug-id: 4134
(cherry picked from commit 150a33df41944d764621f037038683f3d605aa3f)
2018-11-05 09:17:03 +01:00
Werner Koch
e486fb2495
gpg: Add new card vendor
--

(cherry picked from commit 3c2ffd27f36dfe77005aa01005145904761d8743)
2018-11-05 09:15:17 +01:00
Werner Koch
ab7a907a18
dirmngr: Emit SOURCE status also on NO_DATA.
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
NO DATA error.
(ks_hkp_get): Ditto.
* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
also on error.
(gpg_dirmngr_ks_get): Ditto.
--

If a keyserver does not return any data it can be useful to know which
keyserver out of the pool answered.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit bee65edfbc8cc2c369e5941cc9d1a01a0519b388)
2018-11-05 09:13:39 +01:00
Werner Koch
b0d6e26bf3
gpg: Fix extra check for sign usage of a data signature.
* g10/sig-check.c (check_signature_end_simple):
--

Obviously we should not ignore a back signature here.

Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5
GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b6275f3bda8edff34274c5b921508567f491ab9c)
2018-10-22 19:27:24 +02:00
NIIBE Yutaka
91f8a9b33a g10: Fix memory leak.
* g10/import.c (read_block): Call free_packet to skip the packet.

--

Cherry-pick of master commit of:
	7c96cc67e108f3a9514a4222ffac2f9f9a2ab19e

Reported-by: Philippe Antoine
GnuPG-bug-id: 3916
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-07 13:05:17 +09:00
NIIBE Yutaka
f0fdee2e24 Fix use of strncpy, which is actually good to use memcpy.
* common/ssh-utils.c (get_fingerprint): Use memcpy.
* g10/build-packet.c (string_to_notation): Use memcpy.

--

Cherry-pick of master commit of:
	625ced6e672daa892d334323cce6b3d42a6f929f

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-06 11:46:20 +09:00
Werner Koch
a9931b3c05
gpg: Explain error message in key generation with --batch
* g10/keygen.c (generate_keypair): Show more info.
--

GnuPG-bug-id: 3912
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1bfe766bcf3959135333900934f1a15c9b96c3cf)
2018-08-29 15:14:50 +02:00
Werner Koch
719fc941b6
gpg: Remove unused function get_pubkeys.
* g10/getkey.c (get_pubkeys): Remove.
(pubkey_free): Remove and use code directly ...
(pubkeys_free): ... here.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ed8fe21e6612401846fc4af8631f0136dc633c67)
2018-08-29 11:57:44 +02:00
Werner Koch
a59a9962f4
gpg: New option --known-notation.
* g10/gpg.c (oKnownNotation): New const.
(opts): Add option --known-notation.
(main): Set option.
* g10/parse-packet.c (known_notations_list): New local var.
(register_known_notation): New.
(can_handle_critical_notation): Rewrite to handle the new feature.
Also print the name of unknown notations in verbose mode.
--

GnuPG-bug-id: 4060
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 3da835713fb6220112d988e1953f3d84beabbf6a)
2018-08-29 09:36:44 +02:00
Werner Koch
0709f358cd
gpg: Refresh expired keys originating from the WKD.
* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
(get_pubkey_byname): Set it.
(only_expired_enc_subkeys): New.
(get_best_pubkey_byname): Add support to refresh expired keys from the
WKD.
--

A little drawback of that code is that if the WKD has no update for an
expired key each access of the key will trigger a WKD lookup (unless
cached by the dirmngr).  To avoid this we need to record the last time
we have checked for an update but that would in turn require that we
update the keyring for each check.  We defer this until we have a
better key database which allows for fast updates of meta data.

Testing the code is currently a bit cumbersome because it requires to
update a key in the WKD several times.  Eventually we we need a
network emulation layer to provide sample data for the regression
tests.

GnuPG-bug-id: 2917
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 7f172404bfcf719b9b1af4a182d4803525ebff7c)
2018-08-28 15:26:36 +02:00
Werner Koch
11a9fe1c58
gpg: Remove unused arg from a function.
* g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
Change both callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit db67ccb759426c1173761574b14bdfe6a76394c2)
2018-08-28 15:26:29 +02:00
NIIBE Yutaka
822c633845 g10: Fix undefined behavior when EOF in parsing packet for S2K.
* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
(parse_key): Likewise.

--

Cherry picked from master commit:
    1b309d9f6199a91caa0ca0b97b92d599e00b736e

When EOF comes at parsing s2k.count, it is possible the value will
be (unsigned long)-1.  Then, the result of S2K_DECODE_COUNT will be
undefined.  This patch fixes undefined behavior.

Reported-by: Philippe Antoine
GnuPG-bug-id: 4093
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-10 15:38:57 +09:00
Werner Koch
f1c0d9bb65
gpg: Set a limit for a WKD import of 256 KiB.
* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
(gpg_dirmngr_wkd_get): Use it.
--

WKD should return only a single key with just one UID.  For key
rollover 2 keys may be send.  A total of 256 KiB seems to be a
generous limit here.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e88f56f1937ac92f6a3b94e50b6db2649ec0be41)
2018-07-29 18:40:01 +02:00
Werner Koch
61562fe000
gpg: Remove multiple subkey bindings during export-clean.
* g10/key-clean.c (clean_one_subkey_dupsigs): New.
(clean_all_subkeys): Call it.
--

GnuPG-bug-id: 3804
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 76989d5bd89ed11f5b3656dc4748fcfc939a46dc)
2018-07-09 12:07:24 +02:00
Werner Koch
8055f186a3
gpg: Let export-clean remove expired subkeys.
* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
* g10/key-clean.c (clean_one_subkey): New.
(clean_all_subkeys): Add arg CLEAN_LEVEL.
* g10/import.c (import_one): Call clean_all_subkeys with
KEY_CLEAN_NONE.
* g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
the export clean options.
--

GnuPG-bug-id: 3622
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c2fd65ec8498a08ee36ca52d99b6b014f6db8d93)
2018-07-09 10:25:06 +02:00
Werner Koch
046276db3a
gpg: Split key cleaning function for clarity.
* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
subkey cleaning into ...
(clean_all_subkeys): new.  Call that always after the former clean_key
invocations.
--

Note that the clean_all_subkeys function will later be extended.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6c3567196f7e72552f326ce07dccbcce31926e5d)
2018-07-09 10:24:53 +02:00
Werner Koch
40bf383f72
gpg: Move key cleaning functions to a separate file.
* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
* g10/key-clean.c: new file.
* g10/key-clean.h: New.
* g10/Makefile.am (gpg_sources): Add new files.
* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
new header.
* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
* g10/keydb.h: here.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 135e46ea480d749b8a9692f71d4d0bfdadd8ee2f)
2018-07-09 10:24:37 +02:00
Werner Koch
b4599a0449
gpg: Allow decryption using several passphrases in may cases.
* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algorithm.
(proc_symkey_enc): Clear passpharse on error from above function.
--

This does not work reliable as stated in bug 3795 but we can try to
fix ~95% of all cases.  The real fix is to use AEAD which will come
with 2.3

GnuPG-bug-id: 3795, 4050
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-06 08:24:57 +02:00
Werner Koch
221af19351
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--

GnuPG-bug-id: 4046

The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f7526c7bc754acf68bde0b79c785e875a9365d60)
2018-07-05 21:41:02 +02:00
Werner Koch
cb6b925f94
gpg: Ignore too large user ids during import.
* g10/import.c (read_block): Add special treatment for bad user ids
and comment packets.
--

See
GnuPG-bug-id: 4022
for an example of a bogus user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 01cd66f9faf1623833e6afac84164de5a136ecff)
2018-07-04 10:08:36 +02:00
Werner Koch
5b47b46132
indent: Fix indentation of read_block in g10/import.c
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 60e7e102a153a246d7e887a64e30dbb4c4f7b6dd)
2018-07-04 10:08:25 +02:00
Werner Koch
ef50fdf82a
gpg: Extra check for sign usage when verifying a data signature.
* g10/sig-check.c (check_signature_end_simple): Check sign usage.
--

Without this patch the signature verification fails only due to the
missing back signature.  This check better explains what went wrong.

GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 214b0077264e35c079e854a8b6374704aea45cd5)
2018-07-04 09:01:52 +02:00
Werner Koch
04fb76684d
gpg: Print revocation reason for "rev" records.
* g10/main.h: Add prototype.
* g10/keylist.c (list_keyblock_print): Print revocation info.
(list_keyblock_colon): Ditto.

* g10/test-stubs.c (get_revocation_reason): New stub.
* g10/gpgv.c (get_revocation_reason): New stub.
--

GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 592deeddb9bf4ae9b3e236b439e2f39644eb6d46)
2018-07-03 11:56:18 +02:00
Werner Koch
a8e24addcc
gpg: Print revocation reason for "rvs" records.
* g10/import.c (get_revocation_reason): New.
(list_standalone_revocation): Extend function.
--

Note that this function extends the "rvs" field signature-class (field
11) with the revocation reason.  GPGME does not yet parse this but it
can be expected that the comma delimiter does not break other parsers.

A new field is added to the "rvs" (and in future also the "rev")
record to carry a record specific comment.  Hopefully all parsers
meanwhile learned the lesson from other new fields and don't bail out
on more fields than they know about.

This is partial solution to
GnuPG-bug-id: 1173

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b7cd2c2093ae1b47645be50fa1d431a028187cad)
2018-07-03 11:56:04 +02:00
Werner Koch
5c67ee160d
gpg: Let --show-keys print revocation certificates.
* g10/import.c (list_standalone_revocation): New.
(import_revoke_cert): Call new function.
--

GnuPG-bug-id: 4018
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 386b9c4f25b28fd769d7563f2d86ac3a19cc3011)
2018-07-03 11:55:41 +02:00
NIIBE Yutaka
2809be1f97 g10: Fix memory leak for PKT_signature.
* g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
* g10/gpgcompose.c (signature): Likewise.
* g10/sign.c (write_signature_packets): Likewise.

--

Cherry picked from master commit:
    996febbab21eb9283b0634e51303a36b318734a6

Reported-by: Philippe Antoine
GnuPG-bug-id: 4047
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-07-03 09:21:12 +09:00
Werner Koch
e8f439e054
gpg: Do not import revocations with --show-keys.
* g10/import.c (import_revoke_cert): Add arg 'options'.  Take care of
IMPORT_DRY_RUN.
--

GnuPG-bug-id: 4017
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6c9e37b2e541e96e7c65e1679982a614b4863fdb)
2018-06-12 09:04:36 +02:00
Daniel Kahn Gillmor
86b64876be
gpg: Add new usage option for drop-subkey filters.
* g10/import.c (impex_filter_getval): Add new "usage" property for
drop-subkey filter.
--

For example, this permits extraction of only encryption-capable
subkeys like so:

    gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR

GnuPG-Bug-id: 4019
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 2ddfb5bef920919443309ece9fa2930282bbce85)
2018-06-12 09:04:13 +02:00
Werner Koch
cbb84b3361
gpg: Set some list options with --show-keys
* g10/gpg.c (main): Set some list options.
--

The new command --show-keys is commonly used to check the content of a
file with keys.  In this case it can be expected that all included
subkeys and uids are of interested, even when they are already expired
or have been revoked.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d2bc66f241a66cc95140cbb3a07555f6301290ed)
2018-06-11 08:49:32 +02:00
Werner Koch
18274db32b
gpg: Allow building with older libgpg-error.
* g10/mainproc.c (proc_encrypted): Use constant from logging.h
--

Because the log levels are enums I had to change there names in
libgpg-error to avoid clashes.  Master uses the new names but 2.2
needs to stick to the old names.

Fixes-commit: 825909e9cd5f344ece6c0b0ea3a9475df1d643de
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-08 22:01:10 +02:00
Werner Koch
210e402acd
gpg: Sanitize diagnostic with the original file name.
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--

This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic.  The mention CVE is about using this to inject
status-fd lines into the stderr output.  Other harm good as well be
done.  Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.

CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012
(cherry picked from commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b)
2018-06-08 10:46:42 +02:00
Werner Koch
6a87a0bd25
gpg: Improve import's repair-key duplicate signature detection.
* g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
(remove_duplicate_sigs): new.
(key_check_all_keysigs): Call remove_duplicate_sigs again after
reordering.
--

This is a follupup for commit 26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba
to cleanup the code and to add a second de-duplicate step when needed.

GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 26746fe65d14a00773473c2d0d271406a5105bca)
2018-06-07 18:43:17 +02:00
Werner Koch
cedd754fcb
gpg: Fix import's repair-key duplicate signature detection.
* g10/packet.h (PKG_siganture): Add field 'help_counter'.
* g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
(key_check_all_keysigs): De-duplicate on a per-block base.
--

The key_check_all_keysigs first does a detection of duplicate
signature.  This is done over all signatures at once.  The problem
here is for example:

   key
   uid_1
     sig_uid_1.1
     sig_uid_1.2
   subkey_1
     sig_sub_1.1
   subkey_2
     sig_sub_2.1
     sig_sub_2.2  (duplicate of sig_sub_1.1)

Now the de-duplication deletes the first signature and keeps the
second.  That works in most cases for foreign signature on userids but
in the above constellation the code simply removes sig_sub_1.1 so that
subkey_1 has no binding signature anymore.  In a later step during
import the missing binding is detected and subkey_1 is removed because
it is not anymore valid.  The sig_sub_2.2 will also be removed later
because it does not check out for subkey_2 (that is as expected).

The fix is to let the de-duplication work only on blocks (ie. within
the signatures of a user id or a subkey).  This will not detect all
duplicates but that does not harm because later steps will detect and
remove them.

In the above case (with this patch applied) the second phase of
key_check_all_keysigs will reorder key signatures and move the
duplicate sig_sub_2.2 directly after sig_sub_1.1.  This duplicates the
signature and for cleanness we should kick the de-duplication process
again.  This will be done with a followup patch.

GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba)
2018-06-07 18:43:04 +02:00
Werner Koch
36cc730fa5
gpg: Improve verbose output during import.
* g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
keyid.
(delete_inv_parts): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20)
2018-06-07 18:42:32 +02:00
Werner Koch
054a187f24
gpg: Also detect a plaintext packet before an encrypted packet.
* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
--

Note that when this error is triggered the plaintext from the literal
data packet has already been outputted before the BEGIN_DECRYPTION
status line.  We fail only later to get more information.  Callers
need to check and act upon the decryption error code anyway.

Thanks to Marcus for pointing out this case.

GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 344b548dc71657d0285d93f78f17a2663b5e586f)
2018-06-06 15:49:00 +02:00
Werner Koch
dc87a3341f
gpg: New command --show-keys.
* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
* g10/import.c (import_keys_internal): Don't print stats in show-only
mode.
(import_one): Be silent in show-only mode.
--

Using

  --import --import-options show-only

to look at a key is too cumbersome.  Provide this shortcut and also
remove some diagnostic cruft in this case.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 257661d6ae0ca376df758c38fabab2316d10e3a9)
2018-06-06 11:59:06 +02:00
Werner Koch
825909e9cd
gpg: Print a hint on how to decrypt a non-mdc message anyway.
* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
MDC.  Also print a dedicated status error code

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 874e391665405fc413a69f2ffacdb94bb08da7ff)
2018-05-31 13:04:22 +02:00
Werner Koch
2f2b1d1da9
gpg: Detect multiple literal plaintext packets more reliable.
* g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
--

GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 97183b5c0fae05fcda942caa7df14ee6a133d846)
2018-05-31 12:10:54 +02:00
Werner Koch
866667765f
gpg: Remove MDC options
* g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify.  MDC is now almost always used.
* g10/cipher.c (write_header): Include extra hint and make
translatable.
* g10/options.h (struct opt): Remove fields force_mdc and disable_mdc.

--

The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.

This is a stripped down version of commit
253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be
applied due to the AEAD mechanisms there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-31 12:08:22 +02:00