summaryrefslogtreecommitdiffstats
path: root/kbx (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-12-03scd:nks: Fix caching keygrip (more).NIIBE Yutaka1-5/+7
* scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID. -- GnuPG-bug-id: 5150, 5161 Fixes-commit: 920154370834ad8d947aed19c9d914a27dde6baa Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-03scd: Fix KEYINFO command with --data option.NIIBE Yutaka1-4/+3
* scd/command.c (cmd_keyinfo): Handle --data option correctly. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-03scd:openpgp: Fix writing ECC key to card.NIIBE Yutaka1-6/+27
* scd/app-openpgp.c (build_privkey_template): Adding another argument of ecc_d_fixed_len to handle variable-size MPI. -- GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-02kbx: Better error message in case of a crippled Libgcrypt.Werner Koch1-2/+10
* kbx/keybox-openpgp.c (keygrip_from_keyparm): Detect missing curve.
2020-12-01doc: Add parameters for batch generation of ECC keys.Jens Meißner1-0/+8
* doc/gpg.texi: Add parameters for batch generation of ECC keys. -- There are parameters required for batch generation of ECC keys which weren't mentioned in the documentation. Signed-off-by: Jens Meißner <meissner@b1-systems.de>
2020-11-30scd:nks: Minor additions to the basic IDLM application support.Werner Koch1-15/+25
* scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys. (keygripstr_from_pk_file): Handle special value. (do_readcert): Ditto. (do_writecert): Ditto. -- This allows to get information about the keys from the card. However the do_readkey still requires a fallback to readcert. This does not work because there are no certificates yet on the card. The fix is to fully implement do_readkey.
2020-11-27card: Let the APDU command prints a description of the status word.Werner Koch3-1/+43
* tools/card-call-scd.c (scd_apdu_strerror): New. * tools/gpg-card.c (cmd_apdu): Print a description. -- Pretty convenient to explore smartcards.
2020-11-27scd: New getinfo sub-command apdu_strerror.Werner Koch2-15/+28
* scd/apdu.c (apdu_strerror): Add missing status codes. * scd/command.c (cmd_getinfo): New sub-command apdu_strerror. -- This is quite handy for gpg-card's APDU command and avoids that we need to duplicate the mapping table or put it into a shared file.
2020-11-27card: Netkey improvement for passwd.Werner Koch1-13/+22
* tools/gpg-card.c (cmd_passwd) [Netkey]: No Standard/QES menu if the card does not support it. Print no error in cases the user canceled.
2020-11-27scd:ccid-driver: Fix pinpad error handling for cancel/timeout.NIIBE Yutaka4-2/+17
* scd/apdu.h (SW_HOST_UI_CANCELLED, SW_HOST_UI_TIMEOUT): New. * scd/ccid-driver.h (CCID_DRIVER_ERR_UI_CANCELLED): New. (CCID_DRIVER_ERR_UI_TIMEOUT): New. * scd/ccid-driver.c (bulk_in): Handle PIN input cancel/timeout error. * scd/iso7816.c (map_sw): Support SW_HOST_UI_CANCELLED and SW_HOST_UI_TIMEOUT. -- GnuPG-bug-id: 4614 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-26agent: Fix YK s/n and prettify the request card prompt for YubikeysWerner Koch3-38/+39
* agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey prompt. * scd/app.c (app_munge_serialno): Fix Yubikey s/n munging. (card_get_dispserialno): Ditto. * scd/app-openpgp.c (get_disp_serialno): Remove. (get_prompt_info): Use app_get_dispserialno.-- --
2020-11-26scd: Do not try to use a non-enabled app after card switching.Werner Koch1-2/+19
* scd/app.c (app_dump_state): Also print the refcount. (maybe_switch_app): Make sure the app exists on the card. -- When switching the current card and the card does not support the same apps as the former, we now reset the app to the first one. Testcase is to use a standard OpenPGP card and a P15 card. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-26scd: Add special serialno compare for OpenPGP cards.Werner Koch3-10/+45
* scd/app.c (is_same_serialno): New. (check_application_conflict): Use this. (select_application): Ditto. (app_switch_current_card): Ditto. * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also compare case insensitive. -- This is required because we change what we emit as serialno of OpenPGP cards but existing keys still use the old form of the serial number (i.e. with a firmware version). See-commit: 3a8250c02031080c6c8eebd5dea03f5f87f9ddd7 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-26gpg: Report an error for receiving key from agent.NIIBE Yutaka1-0/+1
* g10/export.c (do_export_one_keyblock): Report an error. -- GnuPG-bug-id: 5151 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-26scd,nks: Fix caching keygrip.NIIBE Yutaka1-3/+4
* scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if available. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-25scd:p15: Print the internal card type.Werner Koch1-0/+8
* scd/app-p15.c (read_ef_tokeninfo): Print the internal card type.
2020-11-25scd:p15: Improve support for some CardOS based cards.Werner Koch3-14/+68
* scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and change callers. (iso7816_read_record): Factor all code out to ... (iso7816_read_record_ext): new. * scd/app-p15.c (select_and_read_binary): Fallback to record reading. (read_ef_aodf): Clear EOF error.
2020-11-25g13: Add missing headerWerner Koch1-0/+1
--
2020-11-25scd: Rework the handling of the displayed serial number.Werner Koch5-119/+178
* scd/app.c (app_new_register): Call app_munge_serialno for Yubikeys. (app_munge_serialno): Handle Yubikey serial numbers. (card_get_serialno): Remove special Yubikey treatment. Drop arg is_canonical. (app_get_serialno): Clear ERRNO on error. (card_get_dispserialno): New. Also change formatting of Yubikey and OpenPGP numbers to match those printed on the card. (app_get_dispserialno): New. * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno. (yubikey_get_serialno): Remove. * scd/app-piv.c (get_dispserialno): Remove. (do_getattr): Use app_get_dispserialno. -- This patch gets us back to a unique serial number for cards and provides a stable serial number as printed for Yubikeys. Because we use a slightly different serial number now for Yubikeys and cards only supporting OpenPGP card we need to come up with another change so that the version number of OpenPGP serial numbers are ignored when comparing card serial numbers. This is so that existing stub keys of gpg-agent will continue to work. GnuPG-bug-id: 5100 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-25scd: Fix an error return for READKEY.NIIBE Yutaka1-0/+3
* scd/command.c (cmd_readkey): Return when error. -- GnuPG-bug-id: 5150 Suggested-by: Ingo Klöcker Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-25scd,nks: Fix SEGV for learn for older card.NIIBE Yutaka1-0/+1
* scd/app-nks.c (keygripstr_from_pk_file): Set algostr. -- GnuPG-bug-id: 5144 Fixes-commit: 26da47ae53d51e16ae6867cd419ddbf124a94933 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-23doc: Fix typosGavin L. Rebeiro4-7/+7
-- GnuPG-bug-id: 5071 Also fixed one in keyformat.txt [wk].
2020-11-20gpg: Change API of agent_scd_serialno.NIIBE Yutaka3-21/+13
* g10/call-agent.c (agent_scd_serialno): Extend API to allow with R_SERIALNO == NULL. * g10/card-util.c (card_status): Use NULL for agent_scd_serialno. (factory_reset): Likewise. * g10/skclist.c (build_sk_list): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-20Fix the previous comment changes help doc string.NIIBE Yutaka3-3/+3
* scd/command.c (hlp_learn): Fix the doc string. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-20gpg,agent: Fix comments for KEYPAIRINFO status report.NIIBE Yutaka2-2/+2
-- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-19gpgconf: Also print revision of libksba.Werner Koch1-3/+4
* dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty string. (gpgconf_versions): Print ksba revision. -- The latest Libksba version support retrieving of the revision (commit) id. We now use that or print a question mark. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-19agent: Fix creating shadow key on card key generation.NIIBE Yutaka1-3/+3
* agent/command.c (cmd_readkey): Fix handling --card option. -- Fixes-commit: 9c719c9c1ff34cc06a0fef2bfe29cfd7182753eb Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-19gpg: Fix --card-edit command.NIIBE Yutaka1-1/+2
* g10/card-util.c (get_info_for_key_operation): Revert the change. -- Fixes-commit: 157f1de64e437cecd75335e9f4077ba9835e3da0 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-18build: Update to newer autoconf constructs.NIIBE Yutaka16-242/+264
* acinclude.m4 (GNUPG_CHECK_ENDIAN): Use AC_COMPILE_IFELSE instead of AC_TRY_COMPILE. Use AC_RUN_IFELSE instead of AC_TRY_RUN. (GNUPG_BUILD_PROGRAM): Use AS_HELP_STRING instead of AC_HELP_STRING. * configure.ac: Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE. Use AS_HELP_STRING instead of AC_HELP_STRING. (AC_ISC_POSIX): Replace by AC_SEARCH_LIBS. (AC_TYPE_SIGNAL): Remove. * m4/isc-posix.m4: Remove. * m4/codeset.m4: Update from gnulib. * m4/gettext.m4: Update from gnulib. * m4/lcmessage.m4: Update from gnulib. * m4/socklen.m4: Update from gnulib. * m4/ldap.m4: Use AS_HELP_STRING instead of AC_HELP_STRING. Use AC_LINK_IFELSE instead of AC_TRY_LINK. Use AC_RUN_IFELSE instead of AC_TRY_RUN. * m4/gpg-error.m4: Update from libgpg-error. * m4/readline.m4: Update from libgpg-error. * m4/npth.m4: Update from npth. * m4/libassuan.m4: Update from libassuan. * m4/libgcrypt.m4: Update from libgcrypt. * m4/ksba.m4: Update from libksba. * m4/ntbtls.m4: Update from ntbtls. * common/signal.c [!HAVE_DOSISH_SYSTEM] (init_one_signal): Replace RETSIGTYPE to void. [!HAVE_DOSISH_SYSTEM] (got_fatal_signal, got_usr_signal): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-18build: Use modern Autoconf check for types.NIIBE Yutaka2-17/+12
* common/types.h: Use HAVE_TYPE_BYTE, HAVE_USHORT_TYPEDEF, HAVE_ULONG_TYPEDEF, HAVE_U16_TYPEDEF, and HAVE_TYPE_U32. * configure.ac (byte, ushort, ulong, u16, u32): Use AC_CHECK_TYPES. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-13gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.Werner Koch4-36/+59
* g10/keydb.h (pref_hint): Change from union to struct and add field 'exact'. Adjust callers. * g10/pkclist.c (algo_available): Take care of the exact hint. * g10/sign.c (sign_file): Rework the hash detection from recipient prefs. -- This fixes a encrypt+sign case like: One recipient key has SHA512 as highest ranked hash preference but the the signing key is a 256 bit curve. Because we don't want to use a truncated hash with ECDSA, we need to have an exact match - this is in particular important for smartcard which check that the hash matches the curves. Signed-off-by: Werner Koch <wk@gnupg.org> Ported-from-stable: aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe
2020-11-12gpgconf: Yet another fix for --apply-profile.Werner Koch1-4/+4
* tools/gpgconf.c (main): Use gnupg_homedir instead of default_homedir. Check for existance of the directory. -- Fixes-commit: 7d95f2e7e7a09e3d433d449b117e3470f9dd38c7 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-11scd: Do not print reader status change with --debug cardio.Werner Koch1-1/+1
-- ... but use --debug reader for this. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit bd3b698d8ec427a02f2fa793777f2a88bc356f25)
2020-11-11w32: Replace some fopen by es_fopen.Werner Koch5-84/+43
* agent/protect-tool.c (read_file): Replace fopen by es_fopen. * dirmngr/dirmngr-client.c (read_pem_certificate): Ditto. (read_certificate): Ditto. * g10/keydb.c (rt_from_file): Ditto. * kbx/kbxutil.c (read_file): Ditto. * g10/plaintext.c (get_output_file) [__riscos__]: Remove code. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-11gpg: Fix the previous commit.NIIBE Yutaka1-1/+3
* g10/delkey.c (do_delete_key): Fix the condition for the error. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-10gpg: In batch mode, delete-secret-key is not okay without --yes.NIIBE Yutaka1-1/+6
* g10/delkey.c (do_delete_key): Emit an error when not --yes. -- GnuPG-bug-id: 4667 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-10gpg: Fix agent_delete_key interaction.NIIBE Yutaka1-0/+1
* g10/call-agent.c (agent_delete_key): Set up CTX. -- Fixes-commit: 20acc7c0226550530085a674ef1bb41ebfa39408 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-09card: Run factory-reset in locked stated also in gpg-card.Werner Koch4-12/+57
* tools/card-call-scd.c (scd_apdu): Add more pseudo APDUs. * tools/card-misc.c (send_apdu): Handle them. * tools/gpg-card.c (cmd_factoryreset): Use lock commands. -- This is port of the code used with gpg-card-edit. Note that the command "apdu" now also understands some extra keywords. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09card: Run factory-reset in locked stated.Werner Koch4-17/+58
* scd/command.c (reset_notify): Add option --keep-lock. (do_reset): Add arg keep_lock. (cmd_lock): Send progress status. * g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs. * g10/card-util.c (send_apdu): Ditto. (factory_reset): Use lock commands. -- This is required so that for example Kleopatra does not detect the RESET and issues a SERIALNO of its own, thus conflicting with our SERIALNO undefined. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09gpg: Do not print rejected digest algo notes with --quiet.Werner Koch1-1/+5
* g10/misc.c (print_digest_rejected_note): Do not print in quiet mode. (print_sha1_keysig_rejected_note): Ditto. -- GnuPG-bug-id: 4893 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09gpg: Fix SOS handling when exporting SSH key with libgcrypt 1.8.NIIBE Yutaka1-10/+35
* g10/export.c (key_to_sshblob): Fix SOS correctly. -- GnuPG-bug-id: 5116 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-09agent: Fix SOS handling with libgcrypt 1.8.NIIBE Yutaka1-2/+19
* agent/cvt-openpgp.c (apply_protection): Handle opaque MPI. -- GnuPG-bug-id: 5116 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-06agent: Minor tweaks to the new genpin inquiry.Werner Koch1-43/+53
* agent/call-pinentry.c (generate_pin): Use STRING random which is sufficient for a passphrase. (inq_cb): s/rc/err/. Do not print two errors in case generate_pin fails. Lowercase strings as per GNU standards. (setup_genpin): Fix translation test. (setup_qualitybar): Ditto. -- Our policy is to use VERY_STRONG for a long term public key but not for symmetric keys. The GNU standards to demand that strings start with a lowercase because that seems to be needed if it follows a prefix of for example "gpg:". I don't actually like this becuase we need different strings in interactive and standard mode but the majory of strings in GnuPGare written this way. If a translation is necessary it can be done with an en_GB or so locale. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-06agent: Add genpin inquiry for pinentryAndre Heinecke1-8/+116
* agent/call-pinentry.c (agent_get_passphrase): Setup genpin. (do_getpin): Update with new name for inquire callback. (inq_quality): Rename to inq_cb and add genpin support. (inq_cb): Renamed form inq_quality. (generate_pin): New helper to generate a pin. (agent_askpin): Fix some typos. (setup_genpin): Provide new strings for pinentry. -- This implements the gpg-agent side for generating a pin especially for symmetric encryption using libgcrypt randomness and checking it against the gpg-agent constraints.
2020-11-05gpg: Add canceled status message.Ben Kibbey2-1/+2
* common/status.h (STATUS_CANCELED_BY_USER): New. * g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER instead of STATUS_MISSING_PASSPHRASE when canceled is set. -- This is to prevent further pinentry tries when the pinentry is canceled by the user during symmetric decryption. Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2020-11-05scd: Use lock_slot for apdu_send_direct.NIIBE Yutaka1-1/+1
* scd/apdu.c (apdu_send_direct): Use lock_slot. -- With trylock_slot, it may return SW_HOST_BUSY. This may occur when apdu_get_status is called by scd_update_reader_status_file. Simply using lock_slot is much easier for user of apdu_send_direct. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-05scd: Internal CCID driver: Fix a race condition on close.NIIBE Yutaka1-12/+25
* scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader, return 0 only at the initial call. (bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking the loop, to invoke scd_update_reader_status_file, which calls ccid_slot_status again. (ccid_slot_status): Move the call of ccid_vendor_specific_setup to... (ccid_get_atr): ... here. -- For readers with interrupt transfer support, it is only intr_cb which sets handle->powered_off to 1. Keeping this condition makes no race. The function ccid_slot_status can also detect a communication error, which causes apdu_close_reader (but not setting ->powered_off). GnuPG-bug-id: 5121 Fixes-commit: 920f258eb6018ecec1d63bad6a0fb0772f72affa Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-04speedo,w32: Install gpg-check-pattern and example profiles.Werner Koch5-3/+40
* doc/examples/vsnfd.prf: Rename to VS-NfD.prf. * doc/examples/Automatic.prf: New. * doc/Makefile.am (examples): Adjust. * build-aux/speedo/w32/inst.nsi: Install gpg-check-pattern.exe and 3 example files. * build-aux/speedo/w32/wixlib.wxs: Add new files. -- Note that we renamed the existing example profile so that kleopatra shows a nicer name. In fact the gpg4win installer just copies of theses file but it is better to maintain them here. gpg-check-pattern.exe can no be installed because we meanwhile have a regex lib which works also on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-04g13: Include a now missing header file.Werner Koch1-0/+1
* g13/create.c: Include sysutuls.h -- This is needed due to the recent switch from stat to gnupg_stat. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-04gpgconf: Make sure the homedir exists for --apply-profile.Werner Koch1-0/+4
* tools/gpgconf.c (main) <aApplyDefaults, aApplyProfile>: Create the standard home directory. -- This fixes a regression due to the fix for GnuPG-bug-id: 4867 Before that change gpgsm implictly created the homedir while options were collected. It is important to have this so that a login script can create config files for new users. Signed-off-by: Werner Koch <wk@gnupg.org>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 17:09:07 +0100