* g10/keygen.c (quick_generate_keypair): Add special algo string
"test-default".
--
Well, this is a hack to quickly create keys with the algorithms we
will eventually use as defaults. Usage:
gpg -v --quick-gen-key --passphrase '' --batch USERID test-default
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (parse_import_options): Add option "import-export".
(write_keyblock_to_output): New.
(import_one): Implement option.
--
We are now in the import export business.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keylist.c (struct keylist_context): Add field NO_VALIDITY.
(list_keyblock_print): Take care of it.
(list_keyblock_direct): Add arg NO_VALIDITY.
* g10/keygen.c (do_generate_keypair): Merge keyblock and print w/o
validity.
--
It will always be ultimate and by not printing it we avoid a lot of
garbage output due to the trustdb re-calculation.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New.
* g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and
insert the issuer fpr if needed.
* g10/sign.c (write_signature_packets): Pass signing key.
(make_keysig_packet): Ditto.
(update_keysig_packet): Ditto.
* g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr.
(parse_one_sig_subpkt): Detect issuer fpr.
(can_handle_critical): Add issuer fpr.
* g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint.
* g10/gpgv.c (keyserver_import_fprint): New stub.
* g10/test-stubs.c (keyserver_import_fprint): New stub.
--
This support is enabled with the --rfc4880bis option and intended to
test to recently proposed issuer fpr.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (struct opt): Add field flags.rfc4880bis.
* g10/gpg.c (oRFC4880bis): new.
(opts): add --rfc4880bis.
(main): Implement that and print a warning.
--
This is option enables experimental features which may be dropped or
changed with the next release.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tdbio.c (create_version_record): Call create_hashtable to always
make hashtable, together with the version record.
(get_trusthashrec): Remove call to create_hashtable.
--
GnuPG-bug-id: 1675
Thanks to Scott Moser for a reproducible script and patience.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keylist.c (list_keyblock_colon): Use PK2 for the subkey's curve.
--
Reported-by: mantorix at vollbio punkt de
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (get_trust): Factor code out to ...
(format_conflict_msg_part1): new and to ...
(ask_about_binding): new.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Remove deprecation warning.
--
Most options for the keyserver have been moved to dirmngr and thus it
does not make sense to favor "--keyserver-options auto-key-retrieve"
over the direct options --auto-key-retrieve and --no-auto-key-retrieve.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oDisableSignerUID): New.
(opts): New option '--disable-signer-uid'.
(main): Set option.
* g10/options.h (opt): Add field flags.disable_signer_uid.
* g10/sign.c: Include mbox-util.h.
(mk_notation_policy_etc): Embed the signer's uid.
* g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key
retrieval if --disable-signer-uid is used.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (PKT_signature): Add field 'signers_uid'.
* g10/parse-packet.c (parse_signature): Set this field.
* g10/free-packet.c (free_seckey_enc): Free field.
(copy_signature): Copy field.
* g10/mainproc.c (akl_has_wkd_method): New.
(check_sig_and_print): Extend NEWSIG status. If WKD is enabled try to
locate a missing key via the signature's Signer's User ID sub-packet.
Do this right before trying a keyserver lookup.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/export.c (do_export_stream): If a key is stored by the agent in
cleartext, then try to export it as cleartext.
* tests/openpgp/export.test: For secret keys that are stored in
cleartext, test should try to export without pinentry interaction.
--
This restores the behavior of GnuPG 2.0 and 1.4 when exporting
passphraseless secret keys, and fixes the test suite accordingly.
GnuPG-bug-id: 2070, 2324
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/export.c (match_curve_skey_pk): New function, testing whether an
OpenPGP public key and an S-expression use the same curve.
* g10/export.c (cleartext_secret_key_to_openpgp): New function,
filling in the secret key parameters of a PKT_public_key object from
a corresponding cleartext S-expression.
* g10/export.c, g10/main.h (receive_seckey_from_agent): Add cleartext
parameter, enabling retrieval of the secret key, unlocked.
* g10/export.c (do_export_stream): Send cleartext as 0, keeping current
behavior.
* g10/keygen.c (card_store_key_with_backup): Use cleartext=0 to ensure
that smartcard backups are all passphrase-locked.
--
This sets up internal functionality to be capable of exporting
cleartext secret keys, but does not change any existing behavior.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
openpgp_protected flag.
* g10/export.c (receive_seckey_from_agent): Request openpgp_protected
secret keys from agent.
* agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
brief description of the effect of --openpgp.
--
The --openpgp flag for gpg-agent's EXPORT_KEY actually forces
encryption in a certain (RFC 4880-compatible format). This changeset
exposes that functionality in internal functions, and clarifies
functionality in the agent's help text.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add
r_cleartext parameter to report whether a key is stored without
passphrase protection.
* g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to
match new API.
* g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c,
g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet
need to know whether agent is passphrase-protected.
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (main): Add option "none" to --keyid-format.
* g10/options.h (KF_NONE): New.
* g10/keyid.c (format_keyid): Implement that.
(keystr): Use format "long" is KF_NONE is in use.
(keystr_with_sub): Ditto.
* g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE.
Factor some code out to ...
(print_key_line): new.
(print_fingerprint): Add mode 20.
* g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by
flags.primary in the PK. Fix putting a " revoked..." string into the
colons format.
* g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This
slightly changes the putput format.
* g10/revoke.c (gen_standard_revoke): Use print_key_line. This may
also put "expires: " into the output.
--
Due to user experience problems with the keyid and we better allow to
show the fingerprint instead. Note that we do not support v3 keys
anymore and thus there is no technical need for a user to know the
keyid.
GnuPG-bug-id: 2379
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (print_status_key_created): Make more robust by
allowing a NULL for PK.
(generate_subkeypair): Use print_status_key_created.
(generate_card_subkeypair): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_genkey): Add option --passwd-nonce.
(cmd_passwd): Return a PASSWD_NONCE in verify mode.
* g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
not send a RESET if given.
(agent_passwd): Add arg 'verify'.
* g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
(gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
(generate_subkeypair): Use sepeare hexgrip var for the to be created
for hexgrip feature. Verify primary key first. Make use of the
passwd nonce. Allow for a static passphrase.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (parse_usagestr): Allow "cert".
(generate_subkeypair): Factor expire parsing out to ...
(parse_subkey_algostr_usagestr): here. Rename to ...
(parse_algo_usage_expire): this. Add arg 'for_subkey'. Set CERT for
primary key and check that it is not set for subkeys.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
(ask_keysize): Factor code out to ...
(get_keysize_range, fixup_keysize): new.
(parse_parameter_usage): Factor parsing out to ...
(parse_usagestr): new. Allow use of "encr" as alias for "encrypt".
(parse_subkey_algostr_usagestr): New.
(generate_subkeypair): Add new args. Implement unattended mode.
* g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
(find_by_primary_fpr): new.
(keyedit_quick_addkey): New.
* g10/gpg.c (aQuickAddKey): New.
(opts): Add --quick-addkey.
(main): Implement.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/build-packet.c (write_fake_data): Check for non-opaque data.
* g10/seskey.c (do_encode_md): Return NULL instead of abort.
--
The first may happen if the usage flags of an algorithm do not match
the allowed usage. When writing a backsig this would lead to a
log_bug in libgcrypt due to the use of a regular MPI as opaque data.
The second may happen with all kind of invalid data. It is easy to
avoid an abort, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/progress.c (progress_filter): Factor status wrote out to...
(write_status_progress): New. Scale values down.
--
GnuPG-bug-id: 2368
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (get_trust): Add arg PK. Uses this instead of a an extra
lookup of the public key by fingerrpint.
(tofu_register): Pass PK to get_trust.
(tofu_get_validity): Ditto.
*g10/tofu.c (tofu_register): Remove unused FINGERPRINT_PP.
--
With my test keybox I see a speedup of 10 times (33s to 3.1s). The
reason for this was the extra key lookup which I hacked in at some
point to make the extraction of a keyid correct also for non v4 keys.
However our caller already has the public key and thus can easily pass
it to get_trust along with the fingerprint.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/sqlite.c: Rename to gpgsql.c. Change function prefixes to
gpgsql_.
* g10/sqlite.h: Rename to gpgsql.h.
* g10/tofu.c: Adjust for changes.
--
We used for our own extensions symbols with an sqlite_ names prefix.
This may in theory lead to duplicated symbols but more important, it
is harder to understand what is from gpg and what is from libsqlite.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations.
(struct server_control_s): Add field tofu.dbs.
* g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by
by tofu_dbs_t.
(opendbs): Add arg CTRL. Cache the DBS in CTRL.
(closedbs): Rename to tofu_closedbs and make global. Add arg CTRL.
(tofu_register): Add arg CTRL. Change all callers. Do not call
closedbs.
(tofu_get_validity): Ditto.
(tofu_set_policy): Ditto.
(tofu_get_policy): Ditto.
(tofu_set_policy_by_keyid): Add arg CTRL.
* g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (show_statistics): Print TOFU STATS with formatting
characters.
--
We better leave the non-breaking space character in the status
messages so that the caller can make use of them.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_KEY_CONSIDERED): New.
* g10/getkey.c: Include status.h.
(LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
(finish_lookup): Add arg R_FLAGS. Count expired and revoked keys and
set flag. Check a requested usage before checking for expiraion or
revocation.
(print_status_key_considered): New.
(lookup): Print new status.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_delete_key): Make the --force option depend on
--disallow-loopback-passphrase.
* g10/call-agent.c (agent_delete_key): Add arg FORCE.
* g10/delkey.c (do_delete_key): Pass opt.answer_yes to
agent_delete_key.
--
Unless the agent has been configured with
--disallow-loopback-passpharse an unattended deletion of a secret key
is now possible with gpg by using --batch _and_ --yes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (sig_comparison): Actually compare the pubkey
algorithms.
--
This fixes two bugs: The first was a typo which led to us comparing A
with A. The second problem was the use of an assert at a place where
this can't be asserted: Two signature may have different algorithms;
they won't verify but after all it is about corrupted signatures.
Reported-by: Guilhem Moulin <guilhem@fripost.org>
GnuPG-bug-id: 2236
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_TOFU_USER, STATUS_TOFU_STATS)
(STATUS_TOFU_STATS_SHORT, STATUS_TOFU_STATS_LONG): New.
* g10/tofu.c (NO_WARNING_THRESHOLD): New.
(record_binding, tofu_register): Take care of --dry-run.
(show_statistics): Print STATUS_TOFU_USER. Reformat some messages.
Fix the ngettext/strcmp thing. Use log_string instead of log_info.
Use NO_WARNING_THRESHOLD constant.
(get_trust): Use format_text and print a compact fingerprint.
--
The use of log_string makes long messages better readable; instead of
gpg: Warning: if you think you've seen more[...]
key, then this key might be a forgery! Car[...]
address for small variations. If the key i[...]
we now have
gpg: Warning: if you think you've seen more[...]
key, then this key might be a forgery![...]
address for small variations. If the [...]
We also put the key information after the message and not between the
user id and the last used info like here:
gpg: Verified 7 messages signed by "Werner Koch <werner@eifzilla.de>"
in the past 4 days, 16 hours.
The most recent message was verified 3 days, 13 hours ago.
(key: 8061 5870 F5BA D690 3336 [...] 1E42 B367, policy: auto)
This also makes the key info a separate translatable string.
Further a compact version of the fingerprint (hex w/o spaces) is
printed in some messages.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (string_to_long): New.
(string_to_ulong): New.
(get_single_unsigned_long_cb): Replace strtol/strtoul by new function.
(get_single_long_cb): Ditto.
(signature_stats_collect_cb): Ditto.
(get_policy): Ditto.
(show_statistics): Ditto. Uese es_free instead of free.
--
There is one minor semantic change: We now accept "nnn.0" always. The
old code did not checked for ".0: in show_statistics.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method. Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt): Add field 'with_wkd_hash'.
(AKL_WKD): New.
* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--
The Web Key Directory is an experimental feature to retrieve a key via
https. It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.
For example the URI to lookup the key for Joe.Doe@Example.ORG is:
https://example.org/.well-known/openpgpkey/
hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q
(line has been wrapped for rendering purposes). The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part. The
address wk@gnupg.org can be used for testing.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/build-packet.c (do_key): Do not use the header length specified
by the public key packet from the keyring, but let 'write_header2'
compute the required length.
--
Specifically exporting RSA keys of length 1024 failed, as the encoded
public key packet requires 141 bytes a length that fits into one byte,
but the secret key is significantly larger, making the export fail.
GnuPG-bug-id: 2307
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--
Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (opendb): Guard call to timeout function.
--
GnuPG-bug-id: 2294
Fix not tested but is pretty obvious.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (ask_key_flags): Improve message.
--
Because the curve is only selected after the capabilities are queried
we do not know whether ECDSA or EdDSA will eventually be used. When
printing the possible capabilities we now use print "ECDSA/EdDSA" for
the algorithm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
(ask_curve): Use a fixed table of curve names and reserve a slot for
Curve448. Simplify CurveNNNN/EdNNNN switching.
(ask_curve): Remove the Curve25519 is non-standard prompt.
--
Given that ECC generation is only available in export mode and that
gpg will in any case support our current ed2559/cv25519 definition the
extra prompt does not make anymore sense.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc.
(module_tests): Add t-stutter.
(t_stutter_SOURCES): New variable.
(t_stutter_LDADD): New variable.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Add a test to check that the Mister and Zuccerato attack described in
"An Attack on CFB Mode Encryption As Used by OpenPGP" works.
* g10/keygen.c (do_generate_keypair): Check for errors, in which case
'pri_psk' is NULL.
Fixes-commit: bf9d1248
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/packet.h: Include "util.h".
* g10/encrypt.c (encrypt_seskey): Don't mark as static.
* g10/gpgcompose.c: New file.
* g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose.
(gpg2_SOURCES): Split everything but gpg.c into...
(gpg_sources): ... this new variable.
(gpgcompose_SOURCES): New variable.
(gpgcompose_LDADD): Likewise.
(gpgcompose_LDFLAGS): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/encrypt.c (write_pubkey_enc_from_list): Split the body of this
function out into...
(write_pubkey_enc): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (do_plaintext): Change the semantics such that if
PT->BUF is NULL, it is the caller's responsibility to write the
content (and disable partial body length mode, if appropriate).
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (sig_to_notation): Break printing of binary
notations into...
(notation_value_to_human_readable_string): ... this new function.
Provide a small preview of the binary data substituting non-printable
characters with '?'.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/sig-check.c (check_key_signature2): If SIG->CLASS is
unsupported, show some debugging information. Don't use BUG to fail.
Just return GPG_ERR_BAD_SIGNATURE.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (write_header2): Make sure the length bits are
cleared. Fail if HDRLEN is set and the specified length can't be
encoded in the available space.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (do_plaintext): Use ctb_new_format_p to check the
packet's format.
(write_header2): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (sig_to_notation): Avoid an unnecessary copy of
the data: the size of the packet is fixed.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (do_symkey_enc): Use iobuf_write instead of
iobuf_put in a loop. Use iobuf_copy instead of iobuf_read and
iobuf_write in a loop. Move the memory wiping from here...
* common/iobuf.c (iobuf_copy): ... to here.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (sig_comparison): New function.
(fix_key_signature_order): Merge functionality into...
(check_all_keysigs): ... this function. Rewrite to eliminate
duplicates and use a systematic approach to detecting and moving
signatures that are out of order instead of a heuristic.
(fix_keyblock): Don't call fix_key_signature_order. Call
check_all_keysigs instead after collapsing the uids.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2236
* g10/sig-check.c (hash_uid_node): Rename from this...
(hash_uid_packet): ... to this. Take a PKT_user_id instead of a
KBNODE.
(check_key_signature2): Split the basic signature checking
functionality into...
(check_signature_over_key_or_uid): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (print_and_check_one_sig): Split the print
functionality into...
(print_one_sig): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/sig-check.c (check_signature_end): Break the basic signature
check into...
(check_signature_end_simple): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
manually formatting the keyid.
* g10/keygen.c (card_write_key_to_backup_file): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keydb.h (keyid_cmp): New function.
* g10/keyid.c (pk_keyid): New function.
(pk_main_keyid): New function.
(keyid_copy): New function.
(pk_keyid_str): New function.
* g10/packet.h (PKT_public_key): Update comments for main_keyid and
keyid.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk,
NULL) to ensure that pk->keyid is valid. Because it is easy to forget
to do this, these accessor functions take care of it.
* g10/keydb.h: Remove agent_open, agent_close declarations/
* g10/migrate.c: #include <unistd.h> for access()
--
agent_open() is only defined statically in common/simple-pw-query.c,
it is neither used nor referenced anywhere else. agent_close doesn't
exist anywhere. The removal of these declarations removes an
unecessary inclusion of libassuan.h.
migrate.c was relying on keydb.h -> libassuan.h -> unistd.h for the
declaration of access(), so we now handle that explicitly instead.
* g10/armor.c (radix64_read): If the = is followed by the string "3D",
check if the following four characters are valid radix 64 and are
followed by a new line. If so, warn and ignore the '3D'.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2250
* g10/build-packet.c (calc_header_length): Return the correct haeder
size when LEN is 0. Fix documentation.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2240
* g10/keyid.c (format_keyid): Return a char *, not a const char *. If
BUFFER is NULL, then set LEN to the static buffer's size.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE. Check
the directory and create it if none before calling take_write_lock.
--
Thanks to Marc Deslauriers for the bug report and his patch.
GnuPG-bug-id: 2246
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
Using "help" as value lists the options. Not having the current
options in the help text also makes it easier to keep translations
clean.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.c (learn_status_cb): Don't use NULL for strcmp.
--
With libgcrypt not supporting cv25519, gpg segfaults.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
Some of the options are too rarley used to deserve an entry in the
skeleton config file. Some are even the default for many years.
Added auto-key-locate because that is a very useful option.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (ask_user_id): Allow empty name.
--
The --quick-gen-key command allows this and further some mail
providers require that a key has only the mail address to allow for
anonymous accounts.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/revoke.c (gen_standard_revoke): Improve header text for the
file. Add info output.
--
GnuPG-bug-id: 1724
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
* g10/keyserver.c (keyserver_any_configured): New.
(keyserver_put): Remove arg keyserver because this will always receive
opt.keyserver which is anyway used when connecting dirmngr. Do not
check opt.keyserver.
(keyserver_import_cert): Replace opt.keyserver by
keyserver_any_configured.
* g10/mainproc.c (check_sig_and_print): Ditto.
* g10/import.c (revocation_present): Ditto.
* g10/getkey.c (get_pubkey_byname): Ditto.
* g10/gpgv.c (keyserver_any_configured): Add stub.
* g10/test-stubs.c (keyserver_any_configured): Add stub.
--
The keyserver should be configured in dirmngr.conf and thus we can't
use opt.keyserver in gpg to decide whether a keyserver has been
configured.
GnuPG-bug-id: 2147
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/trustdb.c (tdb_get_validity_core): Print message only in debug
mode.
--
This makes only sense for debugging.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c: Make use of print_further_info to reduce the number of
different error messages to be translated. Also streamline some
messages.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c: Include ttyio.h. Change many strings to help
translating. Make use of ngettext wehere needed.
(CONTROL_L): New.
(TIME_AGO_UNIT_SMALL_NAME): Remove this and all similar *_NAME macros.
(time_ago_unit): Remove.
(get_trust): Use tty_prints and cpr_get only for the actual prompt.
Add Ctrl-L hack.
(show_statistics): Use two English strings for singular and plural.
* po/POTFILES.in: Add tofu.c.
--
These changes are required for proper translation. More to changes
may be needed, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/sig-check.c (check_signature_metadata_validity): Use days if
useful.
--
Using days instead of a high number of seconds is for the majority of
users a better measurement.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyring.c (keyring_lock) [W32]: Flush the close cache before
locking.
* kbx/keybox-init.c (keybox_lock) [W32]: Close the file before
locking.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-update.c (create_tmp_file): Move some code to...
* kbx/keybox-util.c (keybox_tmp_names): new.
* g10/keyring.c: Include keybox.h.
(create_tmp_file): Replace parts by keybox_tmp_names.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Add LIST_SHOW_USAGE.
--
The usage flags are often useful and they don't take away much space
in a key listing. Thus it is better to have them enabled by default.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-init.c (keybox_register_file): Change interface to return
the token even if the file has already been registered.
* g10/keydb.c (primary_keyring): Rename to primary_keydb.
(maybe_create_keyring_or_box): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Mark an already registered as primary.
* sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Adjust for changed keybox_register_file.
--
This change aligns the registering of keyboxes with those of
keyrings. This fixes a potential bug:
gpg --keyring foo.kbx --keyring bar.gpg --keyring foo.kbx
would have marked bar.gpg as primary resource and thus inserting new
keys there. The correct and now fixed behavior is to insert to
foo.kbx.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
I am considering some changes and thus better start off by switching
to standard GNU indentation. This patch also changes comment lines
like
if (foo)
/* Comment on foo. */
{
to
if (foo)
{ /* Comment on foo. */
or
if (foo) /* Comment on foo. */
{
to make the brace of the opening block stand out immediately.
Further stars on the left are added to longer comments because that
makes the code easier to read by disabled hackers, when reading
without font locking, and for reading black-white printouts.
--
When using tags (e.g. GNU global) to navigate the source code it is
way easier to have the documentation close to the function we are
looking at. Having the documentation in the header file would require
an extra manual lookup to understand the function.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL.
--
This change adds the expected behavior for the getkey_next function
to fix this NULL de-ref.
GnuPG-bug-id: 2212
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/export.c: Include membuf.h and host2net.h.
(key_to_sshblob): New.
(export_ssh_key): New.
* g10/gpg.c (aExportSshKey): New.
(opts): Add command.
(main): Implement that command.
--
GnuPG-bug-id: 2212
I have done only a few tests rights now and the ECDSA curves do not
yet work. However ssh-keygen -l accept RSA and ed25519 keys exported
using this command.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_WARNING): New.
* g10/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
* g10/call-dirmngr.c: Include status.h.
(warn_version_mismatch): New.
(create_context): Call warn function.
* sm/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
(gpgsm_agent_learn): Call warn function.
* sm/call-dirmngr.c (warn_version_mismatch): New.
(prepare_dirmngr): Call warn function.
--
We have seen too often bug reports which are due to still running old
versions of the daemons. To catch this problematic use we now print
warning messages and also provide the warning via the status
interface.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp.c: Include membuf.h.
(get_assuan_server_version): New.
* g10/call-agent.c (agent_get_version): Use new function.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyid.c (keygrip_from_pk): Return an error code.
--
The error was show but the function did not return it. This change
should improve error messages for unknown algorithms.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL
param. The old code was entirely buggy (c+p error).
--
Fixes-commit: 154f3ed2
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset,
default to KF_SHORT.
(format_keyid): Default to KF_SHORT, not KF_0xLONG.
--
Without this fix, gpgv2 fails with:
gpgv: Ohhhh jeeee: ... this is a bug (keyid.c:342:keystrlen)
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/parse-packet.c (parse_key): Check for premature end of salt.
--
This has no security implications because an arbitrary salt could have
also been inset by an attacker.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (change_passphrase): Remove useless init of ANY.
(keyedit_quick_adduid): Remove useless setting of ERR.
* g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
it has been checked before the loop.
(parse_plaintext): Remove useless init of PKTLEN.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
export mode. Improve readability.
--
GnuPG-bug-id: 2209
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_pubkeys): Fix double free.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 7195b943
Note: this error is not a security problem, because this code path is
currently never executed.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Werner pointed out that a special error message is not needed: the
error code (as displayed by gpg_strerror) will indicate what went
wrong.
* g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.
--
GnuPG-bug-id: 2169
It was introduced by the commit 9e834047 in 2009. Then, we moved
private key handling to gpg-agent which broke this subcommand.
Note: This subcommand was not supported in 1.4 and 2.0.
--
I must have mixed the up during testing. The old one is just one
keyserver and the new one is the OnionBalance hidden service. See
https://sks-keyservers.net/overview-of-pools.php
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.h (struct pubkey): Rename to pubkey_s.
(pubkey_t): New. Change all struct pubkey_s to use this type.
* g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
--
It is common in GnuPG to use a suffix of _s for struct names. There
is no technical need for this (actually this pattern comes from pre
ANSI C compilers which had no separate namespaces) but it avoid
surprises when reading the code.
Adding the pubkey_t type is mainly to improve font locking by using
the common suffix _t for a typedefed type.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (card_write_key_to_backup_file): Simplify by using
hexfingerprint.
--
Note that the extra blank added to FPRBUF in the old code was not
needed because write_status_text_and_buffer already ensures that
there will be a space.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_def_secret_key): Do not make strings passed to
log_debug translatable.
--
Debug output is intended to be used along with the source or to be
send to the developers. Thus translations are at best not helpful.
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here. Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here. Update users. Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e8c53fc
This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks. The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic. Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality. Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/pkclist.c (build_pk_list): Remove parameter use, which is always
called set to PUBKEY_USAGE_ENC. Update callers.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
encryption-only keys when a signing key is needed and vice-versa.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
current offset. After taking the lock, extract the fingerprint from
the keyblock, find it and then replace it.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2193
Between locating the record to update and actually updating the
keyblock, it is possible that another process modifies the keyring,
which causes the update to corrupt the keyring. This is due to a time
of check to time of use bug. The fix is straightforward: both
operations must be done while holding the lock. This changes the
semantics of the function slightly, but no callers need to be
modified. Further, it now becomes impossible to replace key A with B;
this function will only ever update B.
* g10/getkey.c (parse_def_secret_key): Display the key that is
invalid, not the search description.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (main): When --default-key or --encrypt-to-default-key is
taken from the config file, note this.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 28311d1
* g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum.
(PK_LIST_HIDDEN): Likewise.
(PK_LIST_CONFIG): Likewise.
(PK_LIST_SHIFT): Likewise.n
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Using an enum has the advantage that the symbol can be used in gdb.
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.
--
Now, key generation is done by gpg-agent. Asking passphrase is done
through pinentry invoked by gpg-agent. It is done by
new internal function of card_store_key_with_backup.
* g10/export.c (receive_seckey_from_agent): New.
(do_export_stream): Use it.
--
Also fixed a memory leak of WRAPPEDKEY on a successful path of
build_packet.
In the log message, key is now by a hexgrip instead of a format by
keystr_with_sub.
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
disabled, revoked and expired keys (if appropriate for the provided
option).
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2186
* g10/getkey.c (parse_def_secret_key): Do not make debug messages
translatable. Make use of print_reported_error.
--
This patch also passes all required arguments to log_debug ;-).
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (print_reported_error): New.
--
Often the user is only interested in a catch all error code like "not
found" but sometimes it is useful to also see the real reason. By
this function this can easily be achieved. Example:
err = search_for_key (keyid)
if (err)
{
log_info ("error locating key '%s': %s\n",
keyid, gpg_strerror (GPG_ERR_NOT_FOUND));
print_reported_error (err, GPG_ERR_NOT_FOUND);
}
results in
gpg: error locating key 'foobar': not found
gpg: (reported error: no keyring <keybox>)
where the second line is only printed in verbose mode and if ERR is
not GPG_ERR_NOT_FOUND.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-search.c (keybox_seek): New function.
* g10/keydb.c (keydb_search): When reading from the cache, seek to
just after the cached record.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* kbx/keybox-search.c (keybox_offset): New function.
* g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
HD->KEYBLOCK_CACHE.OFFSET.
(keydb_search): Don't use the cached result if it comes before the
current file position. When caching an entry, also record the
position at which it was found.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2187
