security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity
4,206 Commits 102 Branches 308 Tags 75 MiB
Commit Graph

485 Commits

Author SHA1 Message Date
Werner Koch
781e9746df Improve ssh card key diagnostic message. 
* command-ssh.c (card_key_available): Change wording of no key
diagnostic.
(ssh_handler_request_identities): Do not call card_key_available
if the scdaemon is disabled.
 2011-11-28 10:48:25 +01:00
Ben Kibbey
0dcf517700 Allow no protection in pinentry-mode=loopback. 
When the inquired passphrase has a 0 length then treat it as no
protection.
 2011-09-13 08:33:43 +02:00
Ben Kibbey
eb5709f554 Fixed invalid free. 2011-09-13 08:33:01 +02:00
Ben Kibbey
fb1cdd7b0e Handle pinentry-mode=loopback. 
When this mode is set an inquire will be sent to the client to retrieve
the passphrase. This adds a new inquire keyword "NEW_PASSPHRASE" that the
GENKEY and PASSWD commands use when generating a new key.
 2011-09-12 09:54:16 +02:00
Werner Koch
816bee1fa0 Fixed set but unused variable bugs 2011-08-10 14:11:30 +02:00
Ben Kibbey
28eac436bb Update option s2k-count to match the documentation. 
The option would previously return an error if its value was < 65536.
 2011-08-10 12:46:06 +02:00
Werner Koch
81389383a3 Made the KILLAGENT and KILLSCD commands working again. 
This requires that GnuPG is build with a newer version of Libassuan
(2.0.3).
 2011-08-10 11:47:04 +02:00
Werner Koch
809dfd70e3 Make the inquire cancel fix a little bit more robust. 2011-07-27 11:10:15 +02:00
Ben Kibbey
29af48840f Fixed gpg-agent SCD inquire command cancellation. 
Need to send the CANCEL command back to scdaemon otherwise the next SCD
command will fail.
 2011-07-27 10:58:52 +02:00
Werner Koch
6f86ee812f Fix crash while reading unsupported ssh keys. 
This bug was found by n-roeser at gmx.net
(gnupg-devel@, msgid 4DFC7298.4040509@gmx.net).
 2011-07-22 09:29:40 +02:00
Werner Koch
093ed70fbf Allow listing of ssh fingerprint with the agent's KEYINFO command. 2011-07-20 21:13:24 +02:00
Werner Koch
d479906991 Support a confirm flag for ssh. 
This implements the suggestion from bug#1349.  With this change the
fingerprint of the ssh key is also displayed in the pinentry prompts.
 2011-07-20 20:49:41 +02:00
Ben Kibbey
137e3a0fbc Added gpg-agent OPTION "s2k-count". 
When unset or 0, the calibrated count will be used.
 2011-06-29 13:17:25 +02:00
Marcus Brinkmann
1c684df5b8 Fix size_t vs int issues. 2011-06-01 21:43:30 +02:00
Werner Koch
f8285f9b00 Add fixme note regarding pth_kill 2011-04-29 16:44:28 +02:00
Werner Koch
817f07173c Fixed regression in OpenPGP secret key export. 
The protection used in the exported key used a different iteration
count than given in the S2K field.  Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again.  Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
 2011-04-26 20:39:09 +02:00
Werner Koch
4caa768f1d Add OPTION:cache-ttl-opt-preset to gpg-agent. 
This option may be used to change the default ttl values use with the
--preset option of GENKEY and PASSWD.
 2011-04-21 15:40:48 +02:00
Marcus Brinkmann
70b871abbc Fix gpg-agent secure memory leak in OpenPGP private key import. 
2011-04-20  Marcus Brinkmann  <mb@g10code.com>

        * command.c (cmd_import_key): Release key from failed import
        before converting openpgp private key in the openpgp-private-key
        case.
 2011-04-20 11:33:09 +02:00
Ben Kibbey
b5f585f7d7 Another PASSWD --preset fix. 
Check for an error before presetting the passphrase.
 2011-04-18 10:20:36 +02:00
Ben Kibbey
b3c71eb26b Fixed PASSWD --preset. 
The previous patch required that the keygrip be cached before adding the
new passphrase to the cache. No more.
 2011-04-13 14:15:21 +02:00
Werner Koch
f8c5395fbd Use macros for the 120 and 900s cache TTLs. 2011-04-12 18:20:46 +02:00
Ben Kibbey
a9edbfb3a3 Added PASSWD --preset. 2011-04-12 18:04:53 +02:00
Ben Kibbey
944bf8f5b5 Added GENKEY --preset to add the passphrase of the generated key to the cache. 2011-04-12 18:00:59 +02:00
Ben Kibbey
893b455a3d Added KEYINFO field to show the protection type of a key. This differs from the second field which shows the location of the key. 2011-04-12 17:59:27 +02:00
Werner Koch
b9bcc77d6c Make use of gcry_kdf_derive. 
Factoring common code out is always a Good Thing.  Also added a
configure test to print an error if gcry_kdf_derive is missing in
Libgcrypt.
 2011-03-10 18:39:34 +01:00
Werner Koch
327af90594 Require libgcrypt 1.5 
Without Libgcrypt 1.5 is was not possible to use ECC keys.  ECC is
major new feature and thus it does not make sense to allow building
with an older Libgcrypt without supporting ECC.

Also fixed a few missing prototypes.
 2011-03-08 12:23:59 +01:00
Ben Kibbey
3582e2efa4 Added option --inquire to PRESET_PASSPHRASE. Note that the inquired passphrase will be truncated to the first encountered null byte. 2011-03-04 09:39:39 +01:00
Werner Koch
b786f0e12b New agent option pinentry-mode. 
This provides the framework and implements the ask, cancel and error.
loopback will be implemented later.
 2011-03-03 18:35:08 +01:00
Werner Koch
1c09def22d Fix usage of SHA-2 algorithm with OpenPGP cards. 
This was a regression in 2.1 introduced due to having the agent do the
signing in contrast to the old "SCD PKSIGN" command which accesses the
scdaemon directly and passed the hash algorithm.  The hash algorithm
is used by app-openpgp.c only for a sanity check.
 2011-03-02 15:35:10 +01:00
Werner Koch
b7f74f5b46 Add comment to last patch. 2011-03-02 09:54:18 +01:00
Ben Kibbey
cb803a4b27 Added option --data to KEYINFO to return the result with a data response. 2011-03-02 09:45:31 +01:00
Ben Kibbey
fa58a834ff Let KEYINFO show the cached status of a key grip. 2011-03-02 09:32:35 +01:00
Werner Koch
528d77a0cc Rename Ben's new option. 2011-03-02 09:11:40 +01:00
Ben Kibbey
0706511b6d Added CLEAR_PASSPHRASE option --agent to search the cache for a cacheid with a mode of CACHE_MODE_NORMAL. These cache modes are created with PKDECRYPT. 2011-03-02 09:08:00 +01:00
Werner Koch
8a7336e0bf Fix ECDSA 521 bit signing. 
This fix also allows the creation and use of an 521 bit ECDH key which
used to fail while creating the binding signature.
 2011-02-07 14:38:39 +01:00
Werner Koch
b008274afd Nuked almost all trailing white space. 
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces.  In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much.  For future commits the pre-commit scripts
checks that this won't happen again.
 2011-02-04 12:57:53 +01:00
Werner Koch
0b5bcb40cf Finished ECC integration. 
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week.  Adjusted my own ChangeLog
entries to be consistent with that entry.

Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future.  "git diff -b" is useful
to read the actual changes ;-).

The ECC-INTEGRATION-2-1 branch can be closed now.
 2011-02-03 16:35:33 +01:00
Werner Koch
4659c923a0 Sample ECC keys and message do now work. 
Import and export of secret keys does now work.  Encryption has been
fixed to be compatible with the sample messages.

This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
 2011-02-02 15:48:54 +01:00
Werner Koch
328a642aa5 Fixed the ECC interface to Libgcrypt to be ABI compatible with the previous version. 
Quite some changes were needed but in the end we have less code than
before.  Instead of trying to do everything with MPIs and pass them
back and forth between Libgcrypt and GnuPG, we know use the
S-expression based interface and make heavy use of our opaque MPI
feature.

Encryption, decryption, signing and verification work with
self-generared keys.

Import and export does not yet work; thus it was not possible to check
the test keys at https://sites.google.com/site/brainhub/pgpecckeys .
 2011-01-31 15:44:24 +01:00
Werner Koch
0fb0bb8d9a Reworked the ECC changes to better fit into the Libgcrypt API. 
See ChangeLog for details.  Key generation, signing and verification works.
Encryption does not yet work.  Requires latest Libgcrypt changes.
 2011-01-31 09:27:06 +01:00
Werner Koch
c5e8a4c0fd Merge branch 'master' into ECC-INTEGRATION-2-1 2011-01-24 12:24:11 +01:00
Werner Koch
27929981fc Make most of the selftests work. 
Note that there is still a problem with tests/openpgp/sigs.test while
using the option --digest-algo SHA256.
 2011-01-21 15:22:41 +01:00
Werner Koch
90b0ff23b7 Editorial changes and allow building with old libgcrypts. 
Changed order of some conditional to make to put the special case into
the true branch.  Indentation changes.  Minor other changes to make the
ECC code more similar to the rest of our code.

It builds but many sefltests still fail.  Need to fix that before
using it with an ECDH enabled libgcrypt.

[/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP.
	(HAVE_GCRY_PK_ECDH): Add new test.

[agent/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New.

[include/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros
	because we now require libgcrypt 1.4.6.
	(GCRY_PK_ECDH): Add replacement.
 2011-01-21 12:00:57 +01:00
Werner Koch
13acd78a39 Fixed a CR/LF problem on Windows 2011-01-19 18:05:15 +01:00
Andrey Jivsov
b73d8ed06f Fixed key generation with P-521. Confirmed that signature generation and verification work. 2011-01-12 21:14:45 -08:00
Andrey Jivsov
e0972d3d96 Integrating http://code.google.com/p/gnupg-ecc/source/detail?r=15 . 
The following works:
   gpg2 --gen-key (ECC)
   gpg2 --list-keys
   gpg2 --list-packets ~/.gnupg/pubring.gpg
   gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys>

ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
 2011-01-05 17:33:17 -08:00
Werner Koch
64a786b2d9 Change timer tick interval under Wince 2010-12-02 18:40:03 +00:00
Werner Koch
fcb5f7d08f s/AES/AES128/ in diagnostics and --list-config 2010-12-02 15:49:02 +00:00
Werner Koch
6dda170e32 Remove recently added debug output 2010-12-02 13:53:18 +00:00
Werner Koch
3d9e25e072 Init cache encryption on the fly. 
add some debug code
 2010-11-29 06:49:44 +00:00
Werner Koch
41a33e0c78 Remove superfluous parameter. 
Make self-check interval larger
 2010-11-26 09:42:56 +00:00
Werner Koch
b3f9e2130e Change stack size for Wince. 
Allow for a longer agent atartup under wince.
Print gpg output via estream.
 2010-11-23 18:46:41 +00:00
Werner Koch
2c982dcf86 Fix bug where scdaemon kills a non-daemon gpg-agent. 2010-11-11 15:07:37 +00:00
Werner Koch
dc5150db78 Honor TMPDIR. 2010-10-27 07:37:52 +00:00
Werner Koch
02e4c3cb7e Re-implemented GPG's --passwd command and improved it. 2010-10-26 09:10:29 +00:00
Werner Koch
52cbcd94ac Re-enabled german translation 2010-10-18 14:56:52 +00:00
Werner Koch
6872919efe Fix a signing problem with the card 2010-10-18 12:59:19 +00:00
Werner Koch
764e88d4df All tests work are again working 2010-10-14 16:34:31 +00:00
Werner Koch
fd19a84c80 Some tweaks to the agent startup. 2010-10-14 08:32:55 +00:00
Werner Koch
54591341a4 More agent support for gpg. 2010-10-13 15:57:08 +00:00
Werner Koch
002b30e75c Import fixes. 
new otion for watchgnupg
 2010-10-06 11:29:10 +00:00
Werner Koch
cc71376bce Don't set SSH_AGENTPID_INFO. 
Doc fixes.
Allow TCP and local sockets in watchgnupg.
 2010-10-05 19:05:43 +00:00
Werner Koch
bfbd80feb9 Exporting secret keys via gpg-agent is now basically supported. 
A couple of forward ported changes.
Doc updates.
 2010-10-01 20:33:53 +00:00
Werner Koch
4fdd83b401 Fix standard directories for Wince. 
Typo fix.
 2010-09-13 10:17:04 +00:00
Werner Koch
90a4599c5e Obscure the cached passphrases. 2010-09-02 10:46:23 +00:00
Werner Koch
a0b9ebfb7d Even less prompts for a new key now. 2010-09-01 12:49:05 +00:00
Werner Koch
31bc3c8edd s/CACHE_MODE_IMPGEN/CACHE_MODE_NONCE/. 
Prepare for more use cases of the cache nonce.
 2010-09-01 11:07:16 +00:00
Werner Koch
9a9b3da58f Use passphrase caching for import and genkey. 2010-09-01 09:48:35 +00:00
Werner Koch
87fac99112 Import OpenPGP keys into the agent. 2010-08-31 15:58:39 +00:00
Werner Koch
a400cfe14e . 2010-08-26 08:47:42 +00:00
Werner Koch
34dde96669 Fix regression in logging. 
Add a registry key to enable catch-all remote debugging for W32.
Replace more stdio stuff by estream.
 2010-08-18 19:25:15 +00:00
Werner Koch
d4d61b87f1 Fix dirmngr problems on CE. 
Add new dirmngr commands.
Minor other fixes.
 2010-08-12 11:43:46 +00:00
Werner Koch
8a61c30207 Pass on comments from SCD. 2010-08-11 13:11:04 +00:00
Werner Koch
e52f93433c Support logging via TCP 2010-08-09 15:40:29 +00:00
Werner Koch
c8bafe218c Fix a regression from 2010-06-09. 2010-06-24 10:51:30 +00:00
Werner Koch
1e7b03ef25 Remove cruft. 2010-06-21 10:04:36 +00:00
Werner Koch
91056b1976 Implement export of pkcs#12 objects using a direct agent connection. 2010-06-21 10:01:24 +00:00
Werner Koch
006fd75aea Avoid using the protect-tool to import pkcs#12. 2010-06-17 15:44:44 +00:00
Werner Koch
c3f08dcb72 Merged Dirmngr with GnuPG. 
A few code changes to support dirmngr.
 2010-06-09 16:53:51 +00:00
Werner Koch
bbe388b5db Add unfinished gpgtar. 
Collected changes and ports of bug fixes from stable.
 2010-06-07 13:33:02 +00:00
Werner Koch
f5551672fb Update tests. 2010-05-11 18:00:31 +00:00
Werner Koch
51e2703abe Auto starting the agent does now work on CE. 2010-05-04 15:21:47 +00:00
Werner Koch
8524ac000c auto start the agent if --use-standard-socket is in use. 2010-05-03 15:23:10 +00:00
Werner Koch
5b341a9a47 Ignore a stale agent socket. 2010-04-26 14:51:38 +00:00
Werner Koch
a1412b05de More changes on the way to remove secring.gpg. 2010-04-21 16:26:17 +00:00
Werner Koch
08ee8adc45 Remove dependency to simple-pwquery. 2010-04-14 16:52:02 +00:00
Werner Koch
53c636c4c6 ./autogen.sh --build-w32ce does now succeed. 2010-04-14 14:39:16 +00:00
Werner Koch
31d7bdfe77 Whole lot of changes to support CE. 2010-04-14 11:24:02 +00:00
Werner Koch
e64038608b More chnages to use estream. Add a way to replace the standard 
descriptors.
 2010-03-22 12:46:05 +00:00
Werner Koch
37870234a1 Use a custom log handler for libassuan. 2010-03-11 12:34:11 +00:00
Werner Koch
d8b1099d01 Merged jnlib into common. 2010-03-10 12:24:58 +00:00
Werner Koch
0e018d7144 Some minor changes and typo fixes. 
Started to implement a TCP option in gpg-connect-agent.
 2010-02-26 10:52:05 +00:00
Werner Koch
01a571a16b Provide default strings for the pinentry. 2010-02-17 19:03:37 +00:00
Werner Koch
7e97da9127 Fixed a regression introduced with 2.0.14. 2010-01-26 16:15:12 +00:00
Werner Koch
be45bf3d54 Add dummu option --passwd for gpg. 
Collected changes.
 2010-01-08 19:18:49 +00:00
Werner Koch
34baa18187 Do not use the VMC C reserved word readonly. 2009-12-15 11:03:17 +00:00
Werner Koch
4d693033ab Implement dynamic S2K count computation. 2009-12-14 20:12:56 +00:00
Werner Koch
9a96043be4 Unification of the search descriptor usage. 2009-12-08 16:30:33 +00:00
Marcus Brinkmann
146a4665bb common/ 
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD.

agent/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* call-pinentry.c (start_pinentry): Convert posix fd to assuan fd.
	* call-scd.c (start_scd): Likewise.

sm/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* call-dirmngr.c (start_dirmngr_ext): Convert posix fd to assuan fd.

tools/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (main): Convert posix fd to assuan fd.
 2009-12-08 04:43:15 +00:00
Werner Koch
cb5491bfaf support numeric debug levels. 2009-12-03 18:04:40 +00:00