| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
--
Jakub provided the translation in October but at this time it did
cleanly apply anymore due to string changes. Thus only parts of his
changes are here. -wk
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/minip12.c (struct p12_parse_ctx_s): Add privatekey2.
(parse_shrouded_key_bag): Handle a second private key.
(p12_parse_free_kparms): New.
* sm/import.c (parse_p12): Factor some code out to ...
(p12_to_skey): this.
(parse_p12): Use p12_parse_free_kparms.
--
Take care: We allow parsing of a second private key but we are not yet
able to import the second private key.
The whole things is required to at least import the certificates of
current pkcs#12 files as created by the German Elster tax system. No
test data, sorry.
|
| |
|
|
|
|
|
| |
* sm/verify.c (gpgsm_verify): Improve verify.leave status line.
--
Suggested-by: Jakob Bohm
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* build-aux/speedo.mk: Default to SELFCHECK=0.
(install, install-speedo): New targets.
--
GnuPG-bug-id: 6710
|
| |
|
|
|
|
|
|
| |
* build-aux/speedo.mk: Remove GUI stuff. Add patchelf feature.
* Makefile.am (speedo): New target.
--
GnuPG-bug-id: 6710
|
| |
|
|
|
|
|
| |
* g10/getkey.c (parse_def_secret_key): Track reason for skipping keys.
--
GnuPG-bug-id: 4704
|
| |
|
|
|
|
|
| |
* tools/gpgconf.c (main): Fix usage message.
--
GnuPG-bug-id: 6838
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (parse_revocation_key): Actually allow for v4
fingerprints.
--
Note that the use of the parameter file is deprecated.
GnuPG-bug-id: 6923
|
| |
|
|
|
|
|
|
|
|
| |
* g10/sign.c (do_sign): Skip compliance check for revocation certs.
--
It just does not make sense to inhibit the creation of revocations
depending on the compliance mode. We do this only for key revocation
but not for another kind of revocation because the rationale for uid
or subkey revocation is more complicated to explain.
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c (do_sign): Add code for Starcos 3.2 and the CVISION
product.
--
The code for the Starcos cards has been implemented according to the
3.52 manual However, this does not work with my test cards. Protocol
analysis shows that decryption can be used for the cryptovision
product. Thus we do it the same for now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g13/g13.c (oNoMount): New.
(opts): Add --no-mount.
(main): Implement this.
* g13/g13-common.h (opt): Add field no_mount.
* common/status.h (STATUS_PLAINDEV): New.
* g13/sh-cmd.c (has_option): Uncomment.
(cmd_mount): Add option --no-mount and pass down.
* g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Add arg nomount and
emit PLAINDEV status line.
(sh_dmcrypt_umount_container): Rund findmnt before umount.
--
This option can be used to decrypt a device but not to mount it. For
example to run fsck first. A command or option to run fsck before a
mount will eventually be added.
The use of findmnt is needed so that we can easily remove a device
which has not been mounted.
|
| |
|
|
|
|
|
|
| |
* g10/parse-packet.c (parse_key): Detect the SKI algo 253.
--
As long as we have not yet implemented this we should at least be
able to detect this case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c (CARD_PRODUCT_CVISION): New.
(IS_STARCOS_3): New.
(read_p15_info): Detect this product.
(prepare_verify_pin): Add special handling for this product.
(do_decipher): Use dedicated MSE for Starcos 3 cards.
--
To check the verification run
gpg-card verify User_PIN
For our test cards the "Benutzer-PIN" must be given. For decryption
tests gpgsm can be used; --always-trust helps to avoid chain issues.
|
| |
|
|
|
|
|
|
| |
* tools/gpgconf.c (show_version_gnupg): Read and parse the entire
VERSION file.
--
GnuPG-bug-id: 6918
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (copy_dir_with_fixup) [W32]: Fold double
backslashes.
--
This is in general no problem but when we hash or compare the directory
to test whether tit is the standard home directory, we may use a
different socket file and thus a second instance of a daemon.
GnuPG-bug-id: 6833
|
| |
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_quick_addkey): Emit a ERROR status line.
(keyedit_quick_addadsk): Ditto.
--
GnuPG-bug-id: 6880
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-common.h (CARDTYPE_SCE7): New.
* scd/app.c (strcardtype): Support it.
(atr_to_cardtype): New.
(app_new_register): Try to get the cardtype from atr_to_cardtype.
* scd/app-piv.c (app_select_piv): Tweak for SCE7. Add general method
to construct a S/N from the Card UUID.
--
The test cards I have are rsa2048 with X.509 certificates. I don't
have the entire chain but loading the certificates work. For testing
I created an OpenPGP key from the keys and tested signing and
decryption.
GnuPG-bug-id: 6919
|
| |
|
|
|
|
|
|
|
| |
* g10/call-agent.c (agent_probe_secret_key): Do not return an error
but 0.
* g10/getkey.c (finish_lookup): Improve the selection of secret keys.
--
GnuPG-bug-id: 6831
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keydb.c (keydb_add_resource): Check the FLAGS to call
keybox_compress.
--
GnuPG-bug-id: 6811
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* tools/gpgconf.c (opts): Use ARGPARSE macros.
--
GnuPG-bug-id: 6902
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (enum wantdir_values): New enums.
(unix_rootdir): Change arg to use the enums. Adjust all callers. Add
support for the socketdir keyword.
(_gnupg_socketdir_internal): Take care of the socketdir keyword in
gpgconf.ctl.
* doc/tools.texi (Files used by gpgconf): Briefly explain the
gpgconf.ctl syntax.
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_change_pin): Make sure new PIN length
is longer than MINLEN.
--
GnuPG-bug-id: 6843
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* tools/Makefile.am (libexec_PROGRAMS): Remove dotlock.
* tools/dotlock.c: Remove.
--
It's integrated into gpgconf (--lock/--unlock).
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
* scd/app-p15.c (do_sign): Add a diagnostic.
|
| |
|
|
|
|
|
|
|
| |
* scd/app-p15.c (CARD_PRODUCT_DTRUST4) New.
(app_select_p15): This cards uses a different AID for PKCS#15
application
(do_sign): The card doesn't support MSE SET, but requires MSE RESTORE to
a predefined template.
(do_decipher): Ditto.
|
| |
|
|
| |
* scd/app-p15.c (CARD_TYPE_CARDOS_54): New.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
| |
* tools/gpgconf.c (dotlock_tool): New.
(main): Add --lock and --unlock commands.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* tools/Makefile.am (libexec_PROGRAMS): Add dotlock.
* tools/dotlock.c: Finish the first implementation.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* common/dotlock.c (dotlock_destroy): Clean up the temporary file
created when it fails.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* common/dotlock.c (dotlock_destroy): Keep the lock
when DOTLOCK_LOCK_BY_PARENT.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* common/dotlock.c (dotlock_destroy_unix): Don't release ->TNAME here.
(dotlock_destroy): Release the memory unconditionally.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* common/homedir.c (unix_rootdir): Simplify.
--
This also relaxes the syntax in that the equal sign may now be
surrounded by any number of spaces.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/dotlock.h (DOTLOCK_LOCK_BY_PARENT, DOTLOCK_LOCKED): New.
* common/dotlock.c [HAVE_POSIX_SYSTEM]: Include <dirent.h>.
(dotlock_get_process_id, dotlock_detect_tname): New.
(dotlock_create_unix): Handle the case when no_write option is
specified. Not creating the lock file, but detect the the file of
tname.
(dotlock_create) [HAVE_POSIX_SYSTEM]: Add support of
DOTLOCK_LOCK_BY_PARENT and DOTLOCK_LOCKED for dotlock CLI util.
(dotlock_take_unix): Support the case of DOTLOCK_LOCK_BY_PARENT.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* kbx/keyboxd.c (create_directories): Following the behavior of
gpg-agent, call create_public_keys_directory after mkdir.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-keyboxd.c (keydb_default_status_cb): New.
(keydb_update_keyblock): Add new status callback.
(keydb_insert_keyblock): Ditto.
(keydb_delete_keyblock): Ditto.
(search_status_cb): Also try the new status callback.
* sm/keydb.c (keydb_default_status_cb): New.
(keydb_insert_cert): Add new status callback.
(keydb_delete): Ditto
(search_status_cb): Also try the new status callback.
--
GnuPG-bug-id: 6838
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* kbx/backend-sqlite.c (dblock_info_cb): New.
(create_or_open_database): Add arg ctrl. Add a 10 second timeout.
Avoid warning on error if not locked.
(be_sqlite_add_resource): Do not open the database here.
(be_sqlite_search): ... but do it here.
--
Note that we need to delay the initalization to the first use of the
database so that we actually have a recipient for the status messages.
GnuPG-bug-id: 6838
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/dotlock.h (enum dotlock_reasons): New.
(DOTLOCK_PREPARE_CREATE): New flag.
* common/dotlock.c (struct dotlock_handle): Add info_cb and
info_cb_value.
(dotlock_create): Support the new flag.
(dotlock_finish_create): New.
(read_lockfile): Silence in case of ENOENT.
(dotlock_set_info_cb): New. Use callback after all error and info
messages.
(dotlock_take_unix, dotlock_take_w32): Allow termination by callback.
|
| |
|
|
|
|
| |
* common/dotlock.c (dotlock_take_unix): Return a ETIMEDOUT insteaad of
EACCESS on timeout.
(dotlock_take_w32): Ditto.
|
| |
|
|
|
|
|
| |
--
GnuPG-bug-id: 6871
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
--
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
|
| |
|
|
|
|
|
|
|
|
| |
--
This commit log (with no ChangeLog entry) is written by gniibe,
following the practice; Translation update don't need a ChangeLog
entry in a commit log.
Signed-off-by: Daniel Cerqueira <dan.git@brilhante.top>
|
| |
|
|
|
|
|
|
| |
* sm/keylist.c (list_cert_colon): Map not_trusted to 'n' for non-root
certs like we do for root certs.
--
GnuPG-bug-id: 6841
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (ecc_writekey): Use default ECDH parameters and
remove the now useless check.
--
This seems to be better than bailing out. In almost all cases our
standard parameters are used and if not, well, the fingerprint will be
wrong.
GnuPG-bug-id: 6378
|
| |
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (read_key_file): Add optional arg r_orig_key_value
to return the old Key value. Change all callers.
(agent_write_private_key): Detect whether the Key entry was really
changed.
--
GnuPG-bug-id: 6829
|
| |
|
|
|
| |
* common/name-value.c (nvc_set): Factor code out to ...
(nve_set): here.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/name-value.c (struct name_value_container): Add flag
"modified".
(nvc_modified): New.
(nvc_new): Set flag.
(_nvc_add): Set flag.
(nvc_delete): Set flag.
(nvc_set): Set flag unless value did not change.
(nve_set): Add arg PK. Change the caller.
* agent/findkey.c (agent_write_private_key): Update only if modified.
--
This helps software which uses a file system watcher to track changes
to private keys. In particular smartcard triggered changes are a
problem for such software because this may at worst trigger another
smartcard read.
GnuPG-bug-id: 6829
|
