summaryrefslogtreecommitdiffstats
path: root/sm/import.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-01-23tests: Add two more sample p12 filesWerner Koch4-0/+14
-- GnuPG-bug-id: 6940
2024-01-23speedo: Minor fix to the install targetWerner Koch2-7/+7
--
2024-01-23sm: Fix ECDH encryption with dhSinglePass-stdDH-sha384kdf-scheme.NIIBE Yutaka1-1/+1
* sm/encrypt.c (ecdh_encrypt): Cipher is AES192 for id-aes192-wrap. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-01-22gpg: Use ephemeral mode for generating card keys.Werner Koch4-19/+104
* g10/call-agent.c (agent_set_ephemeral_mode): New. * g10/keyedit.c (keyedit_menu) <bkuptocard>: Switch to ephemeral mode. * g10/keygen.c (do_generate_keypair): Switch to ephemeral mode for card keys with backup. -- GnuPG-bug-id: 6944
2024-01-22agent: Add "ephemeral" Assuan option.Werner Koch11-207/+497
* agent/agent.h (struct ephemeral_private_key_s): New. (struct server_control_s): Add ephemeral_mode and ephemeral_keys. (GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New. * agent/genkey.c (clear_ephemeral_keys): New. (store_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_genkey): Replace args no_protection and preset by a generic new flags arg. * agent/findkey.c (wipe_and_fclose): New. (agent_write_private_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_update_private_key): Ditto (read_key_file): Ditto. (agent_key_available): Ditto. * agent/command-ssh.c (card_key_available): Do not update display s/n in ephemeral mode. This is however enver triggred. * agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral keys. * agent/command.c (cmd_genkey): Use the new flags instead of separate vars. (cmd_readkey): Create a shadow key only in non-ephemeral_mode. (cmd_getinfo): Add sub-command "ephemeral". (option_handler): Add option "ephemeral". -- The idea here that a session can be switched in an ephemeral mode which does not store or read keys from disk but keeps them local to the session. GnuPG-bug-id: 6944
2024-01-22doc: Fix description of gpg --unwrapWerner Koch1-6/+5
--
2024-01-22gpg: Add a communication object to the key generation code.Werner Koch1-22/+72
* g10/keygen.c (struct common_gen_cb_parm_s): New. (common_gen): Add args common_gen_cb and common_gen_cb_parm. Adjust all callers. (do_generate_keypair): Clarify the code by using a better var name. -- We may eventually also replace the long arg list with that object. The immediate reason for this change is the followup commit.
2024-01-22card: New subcommand "checkkeys".Werner Koch4-11/+265
* agent/command.c (cmd_havekey): Add new option --info. * tools/card-call-scd.c (scd_readkey): Allow using without result arg. (struct havekey_status_parm_s): New. (havekey_status_cb): New. (scd_havekey_info): New. (scd_delete_key): New. * tools/gpg-card.c (print_keygrip): Add arg with_lf. (cmd_checkkeys): New. (cmdCHECKKEYS): New. (cmds): Add command "checkkeys". (dispatch_command, interactive_loop): Call cmd_checkkeys. -- GnuPG-bug-id: 6943
2024-01-22doc: Document Backup-info in keyformat.txtWerner Koch1-0/+10
-- This name is used by Kleopatra for quite some time now but was missing a specification.
2024-01-22Pass PINENTRY_GEOM_HINT environment variable to pinentryTobias Fella1-1/+2
* common/session-env.c: Add PINENTRY_GEOM_HINT to variables. -- GnuPG-Bug-ID: 6930
2024-01-16gpg: For v5 key generation for X448 also in parm file mode.Werner Koch1-56/+114
* g10/keygen.c (curve_is_448): New. (do_create_from_keygrip): Pass arg keygen_flags byref so that it can be updated. Set v5 flag for X448. (gen_ecc): Ditto. (do_create): Change keygen_flags as above. For robustness change checking for Ed448. (do_generate_keypair): Change keygen_flags as above (generate_subkeypair): Ditto. (gen_card_key): Ditto. Support v5 keys. -- GnuPG-bug-id: 6942
2024-01-16gpg: When using a parm file w/o usage don't set the RENC usage.Werner Koch1-2/+3
* g10/keygen.c (proc_parameter_file): Don't include RENC in the default usage. -- Testplan: $ gpg --gen-key --batch <<EOF Key-Type: EDDSA Key-Curve: ed448 Key-Usage: cert Name-Real: Meh Muh Name-Email: test-3@example.org Expire-Date: 2025-01-01 Passphrase: abc subkey-type: ecdh Subkey-curve: cv448 EOF and check that the R flag does not show up in the usage.
2024-01-15doc: Describe the ssh-agent protocol options for Windows.Werner Koch2-7/+18
-- Also fix a typo in a macro.
2024-01-15po: Update parts of the Polish translationJakub Bogusz1-256/+139
-- Jakub provided the translation in October but at this time it did cleanly apply anymore due to string changes. Thus only parts of his changes are here. -wk
2024-01-15gpgsm: Allow parsing of PKCS#12 files with two private keys.Werner Koch4-91/+133
* sm/minip12.c (struct p12_parse_ctx_s): Add privatekey2. (parse_shrouded_key_bag): Handle a second private key. (p12_parse_free_kparms): New. * sm/import.c (parse_p12): Factor some code out to ... (p12_to_skey): this. (parse_p12): Use p12_parse_free_kparms. -- Take care: We allow parsing of a second private key but we are not yet able to import the second private key. The whole things is required to at least import the certificates of current pkcs#12 files as created by the German Elster tax system. No test data, sorry.
2024-01-15gpgsm: Improve the status line for --verify errors.Werner Koch1-1/+6
* sm/verify.c (gpgsm_verify): Improve verify.leave status line. -- Suggested-by: Jakob Bohm
2024-01-15po: Fix indentation for key generation optionsMario Haustein20-101/+101
--
2024-01-12Prepare the NEWSWerner Koch1-2/+93
--
2024-01-12speedo: Add install target for Unix.Werner Koch2-13/+65
* build-aux/speedo.mk: Default to SELFCHECK=0. (install, install-speedo): New targets. -- GnuPG-bug-id: 6710
2024-01-12speedo: Patch ELF binaries to use built librariesWerner Koch7-216/+66
* build-aux/speedo.mk: Remove GUI stuff. Add patchelf feature. * Makefile.am (speedo): New target. -- GnuPG-bug-id: 6710
2024-01-11gpg: Improve error message for expired default keys.Werner Koch1-4/+22
* g10/getkey.c (parse_def_secret_key): Track reason for skipping keys. -- GnuPG-bug-id: 4704
2024-01-11doc: Document the gpgconf --unlock command.Werner Koch2-5/+16
* tools/gpgconf.c (main): Fix usage message. -- GnuPG-bug-id: 6838
2024-01-11gpg: Fix regression in the Revoker keyword of the parmeter file.Werner Koch2-4/+5
* g10/keygen.c (parse_revocation_key): Actually allow for v4 fingerprints. -- Note that the use of the parameter file is deprecated. GnuPG-bug-id: 6923
2024-01-10gpg: Allow to create revocations even with non-compliant algos.Werner Koch1-5/+7
* g10/sign.c (do_sign): Skip compliance check for revocation certs. -- It just does not make sense to inhibit the creation of revocations depending on the compliance mode. We do this only for key revocation but not for another kind of revocation because the rationale for uid or subkey revocation is more complicated to explain.
2024-01-10scd:p15: Allow signing for CVISION cardsWerner Koch1-4/+81
* scd/app-p15.c (do_sign): Add code for Starcos 3.2 and the CVISION product. -- The code for the Starcos cards has been implemented according to the 3.52 manual However, this does not work with my test cards. Protocol analysis shows that decryption can be used for the cryptovision product. Thus we do it the same for now.
2024-01-09g13: New option --no-mount.Werner Koch8-43/+76
* g13/g13.c (oNoMount): New. (opts): Add --no-mount. (main): Implement this. * g13/g13-common.h (opt): Add field no_mount. * common/status.h (STATUS_PLAINDEV): New. * g13/sh-cmd.c (has_option): Uncomment. (cmd_mount): Add option --no-mount and pass down. * g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Add arg nomount and emit PLAINDEV status line. (sh_dmcrypt_umount_container): Rund findmnt before umount. -- This option can be used to decrypt a device but not to mount it. For example to run fsck first. A command or option to run fsck before a mount will eventually be added. The use of findmnt is needed so that we can easily remove a device which has not been mounted.
2024-01-09gpg: Print a useful error id SKI algo 253 is found.Werner Koch1-1/+10
* g10/parse-packet.c (parse_key): Detect the SKI algo 253. -- As long as we have not yet implemented this we should at least be able to detect this case.
2024-01-09scd:p15: Allow PIN verification and decryption for CVISION cards.Werner Koch1-15/+55
* scd/app-p15.c (CARD_PRODUCT_CVISION): New. (IS_STARCOS_3): New. (read_p15_info): Detect this product. (prepare_verify_pin): Add special handling for this product. (do_decipher): Use dedicated MSE for Starcos 3 cards. -- To check the verification run gpg-card verify User_PIN For our test cards the "Benutzer-PIN" must be given. For decryption tests gpgsm can be used; --always-trust helps to avoid chain issues.
2024-01-09gpgconf: Adjust -X command for the new VERSION file formatWerner Koch1-10/+38
* tools/gpgconf.c (show_version_gnupg): Read and parse the entire VERSION file. -- GnuPG-bug-id: 6918
2024-01-09common,w32: Remove duplicated backslashes when setting the homedir.Werner Koch2-0/+30
* common/homedir.c (copy_dir_with_fixup) [W32]: Fold double backslashes. -- This is in general no problem but when we hash or compare the directory to test whether tit is the standard home directory, we may use a different socket file and thus a second instance of a daemon. GnuPG-bug-id: 6833
2024-01-05gpg: Improve error return for --quick-add-subkey and -add-adsk.Werner Koch1-2/+8
* g10/keyedit.c (keyedit_quick_addkey): Emit a ERROR status line. (keyedit_quick_addadsk): Ditto. -- GnuPG-bug-id: 6880
2024-01-04scd: Add support for SCE 7.0Werner Koch4-6/+109
* scd/app-common.h (CARDTYPE_SCE7): New. * scd/app.c (strcardtype): Support it. (atr_to_cardtype): New. (app_new_register): Try to get the cardtype from atr_to_cardtype. * scd/app-piv.c (app_select_piv): Tweak for SCE7. Add general method to construct a S/N from the Card UUID. -- The test cards I have are rsa2048 with X.509 certificates. I don't have the entire chain but loading the certificates work. For testing I created an OpenPGP key from the keys and tested signing and decryption. GnuPG-bug-id: 6919
2024-01-02gpg: Choose key from inserted card over a non-inserted cardWerner Koch2-3/+17
* g10/call-agent.c (agent_probe_secret_key): Do not return an error but 0. * g10/getkey.c (finish_lookup): Improve the selection of secret keys. -- GnuPG-bug-id: 6831
2023-12-29gpg: Don't call keybox_compress when KEYDB_RESOURCE_FLAG_READONLY.NIIBE Yutaka1-12/+14
* g10/keydb.c (keydb_add_resource): Check the FLAGS to call keybox_compress. -- GnuPG-bug-id: 6811 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-25tools: Fix argparse table of gpgconf.NIIBE Yutaka1-35/+37
* tools/gpgconf.c (opts): Use ARGPARSE macros. -- GnuPG-bug-id: 6902 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-22doc: Explain why socket activation is a problemWerner Koch1-0/+30
--
2023-12-22common: Add keyword socketdir to gpgconf.ctlWerner Koch3-55/+118
* common/homedir.c (enum wantdir_values): New enums. (unix_rootdir): Change arg to use the enums. Adjust all callers. Add support for the socketdir keyword. (_gnupg_socketdir_internal): Take care of the socketdir keyword in gpgconf.ctl. * doc/tools.texi (Files used by gpgconf): Briefly explain the gpgconf.ctl syntax.
2023-12-22scd:openpgp: Add the length check for new PIN.NIIBE Yutaka1-16/+32
* scd/app-openpgp.c (do_change_pin): Make sure new PIN length is longer than MINLEN. -- GnuPG-bug-id: 6843 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-21tools: Remove the dotlock tool.NIIBE Yutaka2-122/+1
* tools/Makefile.am (libexec_PROGRAMS): Remove dotlock. * tools/dotlock.c: Remove. -- It's integrated into gpgconf (--lock/--unlock). Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20scd:p15: Add a diagnostic for unsupported DTRUST4 features.Werner Koch1-1/+4
* scd/app-p15.c (do_sign): Add a diagnostic.
2023-12-20scd:p15: Add support for D-Trust Card 4.1/4.4Mario Haustein via Gnupg-devel1-9/+71
* scd/app-p15.c (CARD_PRODUCT_DTRUST4) New. (app_select_p15): This cards uses a different AID for PKCS#15 application (do_sign): The card doesn't support MSE SET, but requires MSE RESTORE to a predefined template. (do_decipher): Ditto.
2023-12-20scd:p15: Add support for CardOS 5.4Mario Haustein via Gnupg-devel1-2/+8
* scd/app-p15.c (CARD_TYPE_CARDOS_54): New.
2023-12-20doc: Explain what to put into mailcap for gpg-wks-client.Werner Koch1-0/+15
--
2023-12-20tools: Integrate the dotlock tool into gpgconf.NIIBE Yutaka1-1/+69
* tools/gpgconf.c (dotlock_tool): New. (main): Add --lock and --unlock commands. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20common: Add dotlock util under libexec.NIIBE Yutaka2-31/+65
* tools/Makefile.am (libexec_PROGRAMS): Add dotlock. * tools/dotlock.c: Finish the first implementation. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20common: Clean up the temporary file at dotlock_destroy.NIIBE Yutaka1-0/+6
* common/dotlock.c (dotlock_destroy): Clean up the temporary file created when it fails. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20common: Support not-removing the lockfile by dotlock_destroy.NIIBE Yutaka1-1/+4
* common/dotlock.c (dotlock_destroy): Keep the lock when DOTLOCK_LOCK_BY_PARENT. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20common: Fix a possible resource leak for dotlock.NIIBE Yutaka1-2/+5
* common/dotlock.c (dotlock_destroy_unix): Don't release ->TNAME here. (dotlock_destroy): Release the memory unconditionally. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-19common: Improve the parsing of gpgconf.ctl variables.Werner Koch1-30/+27
* common/homedir.c (unix_rootdir): Simplify. -- This also relaxes the syntax in that the equal sign may now be surrounded by any number of spaces.
2023-12-19common: Enhance dotlock, so that we can have a CLI util.NIIBE Yutaka2-11/+138
* common/dotlock.h (DOTLOCK_LOCK_BY_PARENT, DOTLOCK_LOCKED): New. * common/dotlock.c [HAVE_POSIX_SYSTEM]: Include <dirent.h>. (dotlock_get_process_id, dotlock_detect_tname): New. (dotlock_create_unix): Handle the case when no_write option is specified. Not creating the lock file, but detect the the file of tname. (dotlock_create) [HAVE_POSIX_SYSTEM]: Add support of DOTLOCK_LOCK_BY_PARENT and DOTLOCK_LOCKED for dotlock CLI util. (dotlock_take_unix): Support the case of DOTLOCK_LOCK_BY_PARENT. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>