* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
* g10/import.c (import_keys_internal): Don't print stats in show-only
mode.
(import_one): Be silent in show-only mode.
--
Using
--import --import-options show-only
to look at a key is too cumbersome. Provide this shortcut and also
remove some diagnostic cruft in this case.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 257661d6ae)
* g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used.
* g10/cipher.c (write_header): Include extra hint and make
translatable.
* g10/options.h (struct opt): Remove fields force_mdc and disable_mdc.
--
The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.
This is a stripped down version of commit
253e8bdd90 which could not directly be
applied due to the AEAD mechanisms there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d1431901f0)
Resolved Conflicts:
g10/mainproc.c - Remove AEAD stuff.
* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/options.h (struct opt): Remove 'no_mdc_var'.
* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
* g10/mainproc.c (proc_encrypted): Ditto.
--
Users should not be allowed to suppress the warning that they are
shooting into their foot.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96350c5d5a)
* dirmngr/http.c (send_request): Print the used TLS library in debug
mode.
--
We allow two different TLS libararies and thus it is useful to see
that in the debug output of bug reports.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call
callers.
(get_user_id): Add arg R_NOUID. Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode. Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--
Scripts used to rely on the "User ID not found" string even in the
--with-colons listing. However, that is not a good idea because that
string is subject to translations etc. Now we have an explicit way of
telling that a key is missing. For example:
gpg --list-sigs --with-colons | \
awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'
Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW.
Use write_status_printf. Extend ERRSIG status.
--
Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature. This is also useful in error messages and thus we add it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--
This allows to pretend that a request originated from the extra or
browser socket.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--
This change mitigates the risk of having cached items in a post mortem
dump.
GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-wks-client.c (get_key_status_parm_s)
(get_key_status_cb, get_key): Move to ...
* tools/wks-util.c: ...here.
(get_key): Rename to wks_get_key.
* tools/gpg-wks-server.c: Include userids.h.
(command_install_key): Allow use of a fingerprint.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
Note that pinentry-mode needs to be loopback.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* tools/gpgconf.c (oStatusFD): New const.
(opts): New option --status-fd.
(statusfp): New var.
(set_status_fd): New.
(gpgconf_write_status): New.
(gpgconf_failure): New.
(main): Set status fd and replace exit by gpgconf_failure.
* tools/gpgconf-comp.c: Repalce exit by gpgconf_failure.
(gc_process_gpgconf_conf): Print a few warning status messages.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/gpgsm.c (main): Allow setting of the default compliance.
* tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance".
--
This is required so that we can use this option in in gpgconf.conf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--
GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
--
A simple read of gpg(1) is ambiguous about whether --encrypt could be
for either symmetric or pubkey encryption. Closer inference suggests
that --encrypt is about pubkey encryption only. Make that clearer on
a first read.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
(opts): New option --auto-expand-secmem.
(main): Implement that option.
--
Note that this option has an effect only if Libgcrypt >= 1.8.2 is
used.
GnuPG-bug-id: 3530
* configure.ac (YAT2M): Only define when found.
* doc/Makefile.am: Portability fix.
--
This is not intended to apply to master, but 2.2 branch only. When
new libgpg-error is required, installation of yat2m can be assumed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
08c82b1 introduced one optional argument for this status message. Due to
an apparent editing error, the sentence fragment "arguments are
currently defined." was left in the documentation.
Signed-off-by: Will Thompson <wjt@endlessm.com>
--
This answers two questions that I was only able to answer by examining
each site where PROGRESS messages are emitted, and fixes a typo.
Signed-off-by: Will Thompson <wjt@endlessm.com>
* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 52d41c8b0f)
* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--
This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f7212f1d11)
* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
--
Note that this will likely add the suffix '#' top "sec" because the
secret key has not yet (or will not be) imported. If the secret key
already exists locally another suffix might be printed. The upshot is
that the suffix has no usefulness.
GnuPG-bug-id: 3431
Signed-off-by: Werner Koch <wk@gnupg.org>
--
It seems people are using --list-sigs instead of --check-sigs and do
not realize that the signatures are not checked at all. We better
highlight the use of --check-sigs to avoid this UI problem.
Suggested-by: Andrew Gallagher
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--
This is a partial reversion of
7e1fe791d1. Werner and i discussed it
earlier today, and came to the conclusion that:
* the risk of metadata leakage represented by a default
--auto-key-retrieve, both in e-mail (as a "web bug") and in other
contexts where GnuPG is used to verified signatures, is quite high.
* the advantages of --auto-key-retrieve (in terms of signature
verification) can sometimes be achieved in other ways, such as when
a signed message includes a copy of its own key.
* when those other ways are not useful, a graphical, user-facing
application can still offer the user the opportunity to choose to
fetch the key; or it can apply its own policy about when to set
--auto-key-retrieve, without needing to affect the defaults.
Note that --auto-key-retrieve is specifically about signature
verification. Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate. This change
does not touch the --auto-key-locate default of "local,wkd". The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Werner Koch