1. 02 Mar, 2019 6 commits
  2. 01 Mar, 2019 1 commit
  3. 12 Feb, 2019 2 commits
  4. 11 Feb, 2019 7 commits
    • Werner Koch's avatar
      sm: In --gen-key with "key from card" show also the algorithm. · d1bee9d1
      Werner Koch authored
      * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo.
      --
      
      This extends the prompt to show something like
      
        Serial number of the card: FF020001008A77F6
        Available keys:
           (1) 4130F84FA3704F4645924AEC3FFA48AD26D33656 PIV.9A nistp384
           (2) AB2988FB8C227BCD5175BF92F66AA3A95AE83214 PIV.9E rsa2048
           (3) DB7DDAEAA88534BA45CCD7A9B761425103EA2090 PIV.9C rsa2048
           (4) BABB48C3D80ACCF9839F101DF2910966C8B988DF PIV.9D nistp256
        Your selection? 1
      
      Having the algorithm here is helpful in particular because right now
      we support only RSA with X.509.  Take care: PIV card based certificate
      creation does not yet work.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit 0328976c94adc2c518c7a7763a35319a0000c5e2)
      
      Note that 2.2 does not support PIV cards, but the feature also works
      also with other cards.
      d1bee9d1
    • Werner Koch's avatar
      common: Provide function to get public key algo names in our format. · d29d7326
      Werner Koch authored
      * common/sexputil.c (pubkey_algo_string): New.
      --
      
      The new gpg format for public key algorithms is useful at other places
      as well.  Thus we make this new function available.  Note that the
      code we use in gpg is not based on s-expressions and thus a new
      function was required.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit 03bf8e967adb2dd13329ba1089deb419d49e55c0)
      
      Not yet used in 2.2 but will likely be needed by future backports.
      d29d7326
    • Werner Koch's avatar
      common: New functions get_option_value and ascii_strupr. · ee8d1a9e
      Werner Koch authored
      * common/server-help.c (get_option_value): New.
      * common/stringhelp.c (ascii_strupr): New.
      --
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit e2f18023b3b3b7e55b35218f65e37448d1011172)
      
      This might come handy when we eventually backport other changes.
      ee8d1a9e
    • Werner Koch's avatar
      scd: Make app_genkey and supporting ISO function more flexible. · 14816c79
      Werner Koch authored
      * scd/app.c (app_genkey): Add arg keytype.
      * scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
      * scd/command.c (cmd_genkey): Adjust for change.
      * scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
      args p1 and p2.
      (iso7816_read_public_key): Adjust for this.
      (iso7816_generate_keypair): Add new args p1 and p2.
      * scd/app-openpgp.c (do_genkey): Adjust for changes.
      --
      
      The OpenPGP card creates keys according to parameters read from a data
      object.  Other cards we are about to implement require a direct
      specification of the requested keytype.  This patch implements the
      required changes.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c)
      14816c79
    • Werner Koch's avatar
      scd: Fix parameter name of app_change_key. · c075274a
      Werner Koch authored
      * scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
      * scd/app.c (app_change_pin): Rename arg reset_mode to flags and
      change from int to unsigned int.
      --
      
      This is basically a documentation fix.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit c26af8ac263ea006ed32e110a09271e4bfbf1f37)
      c075274a
    • Werner Koch's avatar
      scd: Allow standard keyref scheme for app-openpgp. · 6651a064
      Werner Koch authored
      * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
      "OPENPGP."
      --
      
      The generic keyref allows for better error detection in case a keyref
      is send to a wrong card.  This has been taken from master commit
      3231ecdafd71ac47b734469b07170756979ede72 which has additional changed
      for gpg-card-tool, which is only available there.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      6651a064
    • Werner Koch's avatar
      gpg: Emit an ERROR status if no key was found with --list-keys. · 14ea581a
      Werner Koch authored
      * g10/keylist.c (list_one): Emit status line.
      --
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit 140fda8c61422ec055c3f7e214cc35706c4320dd)
      14ea581a
  5. 06 Feb, 2019 3 commits
  6. 05 Feb, 2019 1 commit
  7. 31 Jan, 2019 1 commit
  8. 30 Jan, 2019 1 commit
  9. 29 Jan, 2019 3 commits
    • Werner Koch's avatar
      gpg: Implement searching keys via keygrip. · 5e5f3ca0
      Werner Koch authored
      * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip.
      * kbx/keybox-openpgp.c (struct keyparm_s): New.
      (keygrip_from_keyparm): New.
      (parse_key): Compute keygrip.
      * kbx/keybox-search.c (blob_openpgp_has_grip): New.
      (has_keygrip): Call it.
      --
      
      This has been marked for too long as not yet working.  However, it is
      a pretty useful feature and will come pretty handy when looking for
      all keys matching one keygrip.
      
      Can be optimized a lot by storing the keygrip in the meta data.  This
      will be done along with the upgrade of KBX for v5 fingerprints.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit c128667b3cba749dd14262e032d4c260a2b0acd3)
      5e5f3ca0
    • Werner Koch's avatar
      common: Provide some convenient OpenPGP related constants. · b78f293c
      Werner Koch authored
      * common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
      (OPENPGP_MAX_NSKEY): New.
      (OPENPGP_MAX_NSIG): New.
      (OPENPGP_MAX_NENC): New.
      * g10/packet.h: Define PUBKEY_MAX using the new consts.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)
      b78f293c
    • Werner Koch's avatar
      common: New helper functions for OpenPGP curve OIDs. · dddbb261
      Werner Koch authored
      * common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
      to ...
      (openpgp_oidbuf_to_str): new.
      (openpgp_oidbuf_is_ed25519): New.
      (openpgp_oidbuf_is_cv25519): New.
      --
      
      At some places it is more convenient (and faster) to directly work on
      buffers and avoid the way via opaque MPIs.  These 3 new functions
      allow for that.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit 4a1558d0c7190cf13d35385e47291a7aa121be3e)
      dddbb261
  10. 22 Jan, 2019 5 commits
    • Werner Koch's avatar
      doc: Mark keyserver-options timeout and http-proxy as obsolete. · 9fd6ba26
      Werner Koch authored
      --
      
      (cherry picked from commit 6c000d4b78b836686e5a2789cc88a41e465e4400)
      9fd6ba26
    • Werner Koch's avatar
      scd: Add option --clear to PASSWD. · d4082ff4
      Werner Koch authored
      * scd/command.c (cmd_passwd): Add option --clear.
      (send_status_printf): New.
      * scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
      * scd/app-nks.c (do_change_pin): Return an error if that option is
      used.
      * scd/app-openpgp.c (do_change_pin): Ditto.
      --
      
      Card application may support this option to clear the PIN verification
      status of a specific PIN.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit 29929e65521279eabc98a67c766fe485057405a9)
      d4082ff4
    • Werner Koch's avatar
      scd: One new and one improved 7816 function. · 9309175d
      Werner Koch authored
      * scd/apdu.c (apdu_send_direct): New arg R_SW.
      * scd/command.c (cmd_apdu): Ditto.
      * scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
      (iso7816_general_authenticate): New.
      * scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
      arg.
      --
      
      iso7816_general_authenticate will be used for the PIV card support.
      The new arg to iso7816_apdu_direct and apdu_send_direct allows to get
      the raw status word back without the need to handle an output buffer.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit 70bb5c7931598590b1acfae90bf4657f5911d2d3)
      9309175d
    • Werner Koch's avatar
      ssh: Simplify the curve name lookup. · 11a65159
      Werner Koch authored
      * agent/command-ssh.c (struct ssh_key_type_spec): Add field
      alt_curve_name.
      (ssh_key_types): Add some alternate curve names.
      (ssh_identifier_from_curve_name): Lookup also bey alternative names
      and return the canonical name.
      (ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve
      instead of the explicit mapping.
      (ssh_receive_key): Likewise.  Use ssh_identifier_from_curve_name to
      validate the curve name.  Remove the reverse mapping because since
      GnuPG-2.2 Libgcrypt 1.7 is required.
      (ssh_handler_request_identities): Log an error message.
      --
      
      This change will make it easier to support other curves, in particular
      those from tokens.  Libgcrypt has a large list of alias names which we
      now use to to make the mapping more flexible.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit d93797c8a7892fe26672c551017468e9f8099ef6)
      11a65159
    • Werner Koch's avatar
      gpg: Stop early when trying to create a primary Elgamal key. · f5d3b982
      Werner Koch authored
      * g10/misc.c (openpgp_pk_test_algo2): Add extra check.
      --
      
      The problem is that --key-gen --batch with a parameter file didn't
      detect that Elgamal is not capable of signing and so an error was only
      triggered at the time the self-signature was created.  See the code
      comment for details.
      
      GnuPG-bug-id: 4329
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8)
      f5d3b982
  11. 16 Jan, 2019 1 commit
    • NIIBE Yutaka's avatar
      scd: Fix for USB INTERRUPT transfer. · 9dc76d59
      NIIBE Yutaka authored
      * scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
      just handle this event as failure.
      
      --
      
      Cherry-picked from master commit:
      
      	5ab3bc422a5cc1a646c168b547f2b6538b3a4ffa
      
      It used to try another interrupt transfer request to make sure
      if it fails again.
      
      GnuPG-bug-id: 4308
      Signed-off-by: NIIBE Yutaka's avatarNIIBE Yutaka <gniibe@fsij.org>
      9dc76d59
  12. 19 Dec, 2018 1 commit
  13. 18 Dec, 2018 5 commits
    • Werner Koch's avatar
      Silence compiler warnings new with gcc 8. · 21fc0891
      Werner Koch authored
      * dirmngr/dns.c: Include gpgrt.h.  Silence -Warray-bounds also gcc.
      * tests/gpgscm/scheme.c: Include gpgrt.h.
      (Eval_Cycle): Ignore -Wimplicit-fallthrough.
      --
      
      The funny use of case and labels in the CASE macro seems confuse the
      fallthrough detection.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      21fc0891
    • Werner Koch's avatar
      wks: Do not use compression for the encrypted data. · 16424d8a
      Werner Koch authored
      * tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
      * tools/gpg-wks-server.c (encrypt_stream): Ditto.
      --
      
      If for example a server was built without the development packages of
      the compression libraries installed, the server will not be able to
      decrypt a request.  In theory this can't happen due to the preference
      system but it is just to easy to create the server's key using a
      different version of gpg and then use gpg-wks-server built
      differently.
      
      For the short messages we exchange compression is not really required
      and thus we better do without to make the system more robust.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
      (cherry picked from commit 70a8db0333e3c22403b3647f8b5f924f6dace719)
      16424d8a
    • NIIBE Yutaka's avatar
      po: Update Japanese translation. · ae9159e0
      NIIBE Yutaka authored
      Signed-off-by: NIIBE Yutaka's avatarNIIBE Yutaka <gniibe@fsij.org>
      ae9159e0
    • NIIBE Yutaka's avatar
      scd: Support "acknowledge button" feature. · ffe31f40
      NIIBE Yutaka authored
      * scd/apdu.c (set_prompt_cb): New member function.
      (set_prompt_cb_ccid_reader): New function.
      (open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
      (apdu_set_prompt_cb): New.
      * scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
      * ccid-driver.c (ccid_set_prompt_cb): New.
      (bulk_in): Call ->prompt_cb when timer extension.
      * scd/command.c (popup_prompt): New.
      
      --
      
      Cherry-picked master commit of:
      	7a5a4c4cac8709f7c413e94cd0b40f4123baa1e5
      Signed-off-by: NIIBE Yutaka's avatarNIIBE Yutaka <gniibe@fsij.org>
      ffe31f40
    • NIIBE Yutaka's avatar
      agent: Support --ack option for POPUPPINPADPROMPT. · e6be36ee
      NIIBE Yutaka authored
      * agent/divert-scd.c (getpin_cb): Support --ack option.
      
      --
      
      Cherry-picked master commit of:
      	827529339a4854886dbb5625238e7e01013efdcd
      
      We are now introducing "acknowledge button" feature to scdaemon,
      so that we can support OpenPGPcard User Interaction Flag.
      
      We will (re)use the mechanism of POPUPPINPADPROMPT for this.  Perhaps,
      we will change the name of POPUPPINPADPROMPT, since it will be no
      longer for PINPAD only.
      Signed-off-by: NIIBE Yutaka's avatarNIIBE Yutaka <gniibe@fsij.org>
      e6be36ee
  14. 15 Dec, 2018 3 commits