summaryrefslogtreecommitdiffstats
path: root/doc/howtos.texi (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-03-04wks: Add option --realclean to gpg-wks-client.Werner Koch4-4/+12
* tools/gpg-wks-client.c (oRealClean): New. (opts): Add "realclean". (parse_arguments): Implement. (main): Take a copy of the module name to fix bad assignment from a former patch. * tools/gpg-wks-server.c (main): Ditto. * tools/gpg-wks.h (opt): Add field realclean. * tools/wks-util.c (wks_get_key): Call gpg with export-realclean depending on the new option. -- The default for gpg-wks-client is to install keys with all valid key signatures. The new option will eventually allow to install the keys only with key signatures done by trusted-keys. Also the export-option is in gpg, it requires one more gpg patch to make it actually work.
2024-03-04gpg: Prepare for a new export option export-realclean.Werner Koch11-46/+105
* g10/options.h (EXPORT_REALCLEAN): New. Also re-assign other values to keep them more in sync with the corresponding import values. * g10/export.c (parse_export_options): Add "export-realclean". (do_export_stream): Call clean_all_uids directly with the options arg. * g10/import.c (import_one_real): Change for direct use of options in clean_all_uids. * g10/key-clean.c (is_trusted_key_sig): New. Stub for now. (clean_sigs_from_uid): Re-purpose self_only to a general options arg. Implement EXPORT_REALCLEAN code path. (clean_one_uid): Re-purpose self_only to a general options arg. (clean_all_uids): Ditto. * g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple flag. (menu_clean): Re-purpose self_only to a general options arg. * g10/keyid.c (fpr20_from_pk): Factor code out to .... (fpr20_from_fpr): new. Remove useless case for ARRAY being NULL. * g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use fpr20_from_fpr if needed. (tdbio_search_trust_bypk): Pass 20 for the fingerprint length. -- Note that this code has no function yet. Another patch will follow to extract the trusted-keys flag from the trustdb.
2024-02-29build: Extend getswdb.sh to allow a verified downloadWerner Koch1-4/+92
--
2024-02-29build: Make getswdb.sh usable outside the GniPG tree.Werner Koch1-2/+24
--
2024-02-27gpg: Emit status lines for errors in the compression layer.Werner Koch2-15/+39
* g10/compress-bz2.c: Replace all log_fatal by log_error, write_status_error, and g10_exit. (do_uncompress): Ditto. -- This gives gpgme a better way to detect corrupted data in the compression layer. GnuPG-bug-id: 6977
2024-02-27Allow tilde expansion for the foo-program options.Werner Koch11-33/+70
* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try for opt.pinentry_program. Change definition accordingly. * g10/gpg.c (main): Use make_filename for agent_program, dirmngr_program, and keyboxd_program. Change definition accordingly. * sm/gpgsm.c (main): Ditto. * tools/gpg-card.c (parse_arguments): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpg-wks-client.c (parse_arguments): Likewise. Do it also for option --output. (process_confirmation_request): Print a note for a successful sent. -- GnuPG-bug-id: 7017
2024-02-25agent: Allow GET_PASSPHRASE in restricted mode.Werner Koch1-5/+4
* agent/command.c (cmd_get_passphrase): Allow use in restricted mode but ignore the cacheid. -- The use case is symmetric encryption via the extra-socket. To avoid that the gpg running on the server has access to the cache we set the cache id to NULL so that the cache is not used at all.
2024-02-21gpg: Fix gpg_mpi_write for the unused opaque case.Werner Koch1-1/+3
* g10/build-packet.c (gpg_mpi_write): Take care of the fact that get_opaque already returns a bit-exact value. -- Fixes-commit: ab17f7b6c392782718f57eaea94fc18a0ff49389 Reported-by: Falko Strenzke <falko.strenzke@mtg.de>
2024-02-21wks: Allow command style args for gpg-wks-client.Werner Koch2-11/+21
* tools/gpg-wks-client.c (wrong_args): Take two args. Change all callers. (main): Pass ARGPARSE_FLAG_COMMAND for recent gpgrt version. -- This requires gpgrt 1.48. Of course "gpg-wks-client --create ..." continues to work.
2024-02-20g13: Allow command line style "g13 mount foo".Werner Koch1-0/+3
* g13/g13.c (main): Set flag ARGPARSE_FLAG_COMMAND. -- This requires gpgrt 1.48. Of course "g13 --mount foo" continues to work.
2024-02-20scd:p15: Fix typo in a commentMario Haustein1-1/+1
2024-02-20scd:p15: Add ECC support for D-Trust Card 4.1/4.4Mario Haustein1-6/+4
* scd/app-p15.c (do_sign): Add MSE RESTORE parameters for D-Trust ECC cards. (do_decipher): Ditto.
2024-02-20scd:p15: Take derive usage into account for decryption (2).Werner Koch1-1/+2
* scd/app-p15.c (do_getattr): Yet another palce to fix. -- GnuPG-bug-id: 7000 Co-authored-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
2024-02-20scd:p15: Handle duplicate certificate ids.Werner Koch1-2/+44
* scd/app-p15.c (struct app_local_s): Add field cdf_dup_counter. (objid_in_cdflist_p): New. (read_p15_info): Clear the counter. (read_ef_cdf): Detect and fix duplicate IDs. -- GnuPG-bug-id: 7001 Reported-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
2024-02-20scd:p15: Take derive usage into account for decryption.Werner Koch1-15/+21
* scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'. (do_auth): Allow usageflags.sign_recover. (do_decipher): Allow usageflags.derive. (do_with_keygrip): Take usageflags.derive into account. (do_gettatr): Ditto. (do_decipher): Take a missing AODF for authentication not needed. -- This is required for D-Trust ECC cards. The AODF thing is unrelated but seems to be a good idea. GnuPG-bug-id: 7000
2024-02-16dirmngr: Fix keep-alive flag handling.NIIBE Yutaka1-1/+9
* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic Authentication. Fix resource leak of FP_WRITE. -- GnuPG-bug-id: 6997 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-16dirmngr: Fix the regression of use of proxy for TLS connection.NIIBE Yutaka1-12/+2
* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it causes resource leak of FP_WRITE. Don't try to read response body to fix the hang. -- GnuPG-bug-id: 6997 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-15speedo: Add config variable for the timestamp service.Werner Koch1-4/+11
--
2024-02-15dirmngr: Fix proxy with TLS.NIIBE Yutaka1-7/+1
* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always available regardless of USE_TLS. (run_proxy_connect): Use log_debug_string. (send_request): Remove USE_TLS. -- Since the commit of 1009e4e5f71347a1fe194e59a9d88c8034a67016 Building with TLS library is mandatory. GnuPG-bug-id: 6997 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-10gpg: Add option --assert-pubkey_algo.Werner Koch20-59/+425
* g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
2024-02-05doc: Suggest the use of a fingerprint for --default-key.Werner Koch1-18/+23
-- GnuPG-bug-id: 6975
2024-02-05doc: Improve warning for --use-embedded-filename.Werner Koch1-1/+15
-- GnuPG-bug-id: 6972
2024-02-05gpgsm: Increase salt size in pkcs#12 parser.Werner Koch1-1/+1
* sm/minip12.c (parse_bag_encrypted_data): Need 32 bytes. -- GnuPG-bug-id: 6757
2024-02-05gpgsm: cleanup on error pathsÁngel González1-19/+22
* sm/minip12.c (p12_parse): set err on the different error paths -- GnuPG-bug-id: 6973 Fixes-commit: 101433dfb42b333e48427baf9dd58ac4787c9786 Signed-off-by: Ángel González <angel@pgp.16bits.net>
2024-01-30scd:openpgp: Allow PIN length of 6 also with a reset code.Werner Koch1-2/+15
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b scd:openpgp: Allow PIN length of 6 also with a reset code. * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
2024-01-30w32, msi: Fix directory of gpg-card, add keyboxdAndre Heinecke1-1/+4
* build-aux/speedo/w32/wixlib.wxs: Fix gpg-card directory id. Add keyboxd.
2024-01-29po: update Polish translationJakub Bogusz1-548/+91
2024-01-29gpg: Minor code cleanup for fingerprint computation.Werner Koch1-9/+5
* g10/keyid.c (do_hash_public_key): Simplify code for clarity.
2024-01-29gpg: Hide --textmode from the help output.Werner Koch1-1/+1
--
2024-01-29doc: Mark --textmode as legacy option.Werner Koch2-18/+21
--
2024-01-29doc: Fix spelling errors found by lintian.Werner Koch20-36/+36
-- Reported-by: Andreas Metzler <ametzler@debian.org>
2024-01-26speedo: Improve parsing of the ~./.gnupg-autogen.rcWerner Koch2-5/+7
-- We now allow spaces around the variable name and the value.
2024-01-26dirmngr: For CRL issuer verification trust the system's root CA.Werner Koch1-0/+1
* dirmngr/crlcache.c (crl_parse_insert): Add VALIDATE_FLAG_TRUST_SYSTEM. -- GnuPG-bug-id: 6963
2024-01-26common,w32: Fix use of GNUPG_SPAWN_KEEP_STDERR.Werner Koch1-1/+1
* common/exechelp-w32.c (gnupg_spawn_process): Fix macro. -- Fixes-commit: 6d6438a361d25f3b269f702e017f5e39fd1f5c38 GnuPG-bug-id: 6961
2024-01-25Post release updatesWerner Koch2-1/+8
--
2024-01-25Release 2.4.4gnupg-2.4.4Werner Koch1-2/+9
2024-01-25po: msgmergeWerner Koch24-256/+353
--
2024-01-25card: Tweak the checkcmds sub-command.Werner Koch2-5/+42
* tools/gpg-card.c (cmd_checkkeys): Skip not found keys.
2024-01-25po: Update Japanese Translation.NIIBE Yutaka1-2/+5
-- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-01-24gpg: Add sub-option ignore-attributes to --import-options.Werner Koch3-0/+17
* g10/options.h (IMPORT_IGNORE_ATTRIBUTES): New. * g10/import.c (parse_import_options): Add new sub-option. (read_block): Implement sub-option. -- Suggested-by: Robin H. Johnson Tested using the import-export feature: gpg --export KEY_WITH_PICTURE \ | gpg --import --import-options import-export,ignore-attributes \ | gpg --show-key
2024-01-24po: Update German translation.Werner Koch1-16/+20
-- Just the new string for gpg-card's checkkeys.
2024-01-24speedo: Build zlib, bzip2 and sqlite also on Unix.Werner Koch1-9/+4
-- This avoids extra build dependencies. Note that bzip2 is not necessary statically linked but an existing bzip2 SO might be used. We would need to fix the bzip2 SO building and also provide a gnupg configure option to build statically against bzip2.
2024-01-24card: flush stdout to get checkcmd's info messages in order.Werner Koch1-0/+1
* tools/gpg-card.c (cmd_checkkeys): Insert an fflush.
2024-01-23speedo: Add a hint to run ldconfigWerner Koch3-1/+4
--
2024-01-23tests: Add two more sample p12 filesWerner Koch4-0/+14
-- GnuPG-bug-id: 6940
2024-01-23speedo: Minor fix to the install targetWerner Koch2-7/+7
--
2024-01-23sm: Fix ECDH encryption with dhSinglePass-stdDH-sha384kdf-scheme.NIIBE Yutaka1-1/+1
* sm/encrypt.c (ecdh_encrypt): Cipher is AES192 for id-aes192-wrap. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-01-22gpg: Use ephemeral mode for generating card keys.Werner Koch4-19/+104
* g10/call-agent.c (agent_set_ephemeral_mode): New. * g10/keyedit.c (keyedit_menu) <bkuptocard>: Switch to ephemeral mode. * g10/keygen.c (do_generate_keypair): Switch to ephemeral mode for card keys with backup. -- GnuPG-bug-id: 6944
2024-01-22agent: Add "ephemeral" Assuan option.Werner Koch11-207/+497
* agent/agent.h (struct ephemeral_private_key_s): New. (struct server_control_s): Add ephemeral_mode and ephemeral_keys. (GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New. * agent/genkey.c (clear_ephemeral_keys): New. (store_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_genkey): Replace args no_protection and preset by a generic new flags arg. * agent/findkey.c (wipe_and_fclose): New. (agent_write_private_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_update_private_key): Ditto (read_key_file): Ditto. (agent_key_available): Ditto. * agent/command-ssh.c (card_key_available): Do not update display s/n in ephemeral mode. This is however enver triggred. * agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral keys. * agent/command.c (cmd_genkey): Use the new flags instead of separate vars. (cmd_readkey): Create a shadow key only in non-ephemeral_mode. (cmd_getinfo): Add sub-command "ephemeral". (option_handler): Add option "ephemeral". -- The idea here that a session can be switched in an ephemeral mode which does not store or read keys from disk but keeps them local to the session. GnuPG-bug-id: 6944
2024-01-22doc: Fix description of gpg --unwrapWerner Koch1-6/+5
--