summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* scd: On a Yubikey re-select the last app after the use of APDU.Werner Koch2023-04-183-2/+22
| | | | | | | | | | | | | * scd/app-common.h (struct card_ctx_s): Add maybe_check_aid flag. * scd/command.c (cmd_apdu): Set it. * scd/app.c (check_external_interference): Consult this flag. (maybe_switch_app): Do a re-select if this flag is set. -- After the gpg-card tool has issued a Yubikey specific command the current application is not anymore correctly selected. This then results in all kind of errors. We detect this now and try to re-select the last app.
* ssh: Allow to prefer on-disk keys over active card keys.Werner Koch2023-04-184-7/+61
| | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Redefine the order of keys. -- GnuPG-bug-id: 6212
* gpgtar: Read common.conf for the log-file option.Werner Koch2023-04-183-1/+21
| | | | | | | | | | | | | | | * common/util.h (GNUPG_MODULE_NAME_GPGTAR): New. * common/homedir.c (gnupg_module_name): Add it. * tools/gpgtar.c: Include comopt.h. (enum cmd_and_opt_values): Add oDebug. (opts): Add --debug. (any_debug): New. (main): Parse common.conf. -- Having a way to see the output of gpgtar is often useful for debugging. The only effect of the debug option is to show whether common.conf was read.
* gpg: Allow overridden key import when stub exists.NIIBE Yutaka2023-04-181-1/+11
| | | | | | | | | | * g10/import.c (do_transfer): Force importing when it's card reference. -- GnuPG-bug-id: 3456 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: Curvenames may now compared case insensitive.Werner Koch2023-04-121-9/+12
| | | | | | | | | | | | * common/openpgp-oid.c (openpgp_curve_to_oid): Repalce strmcp by ascii_strcasecmp. (openpgp_oid_or_name_to_curve): Ditto. (openpgp_is_curve_supported): Ditto. (get_keyalgo_string): Ditto. -- It was just to hard to remember the correct capitalization of names like brainpoolP512r1.
* po: Fix in German translationEva Bolten2023-04-061-2/+2
| | | | --
* gpg: Fix handling of importing cv25519 secret key.NIIBE Yutaka2023-04-061-0/+1
| | | | | | | | | | | * g10/import.c (transfer_secret_keys): Only emit a warning when secret key is not encrypted. -- Fixing-commit: dbfb7f809b89cfe05bdacafdb91a2d485b9fe2e0 GnuPG-bug-id: 6322 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: New option --assert-signer.Werner Koch2023-04-0513-15/+216
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner. (opts): Add "assert-signer". (main): Set option. (assert_signer_true): New var. (g10_exit): Evaluate new var. * g10/main.h (assert_signer_true): Declare new var. * common/status.h (STATUS_ASSERT_SIGNER): New. * g10/options.h (opt): Add field assert_signer_list. * g10/verify.c (is_fingerprint): New. (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call that function. Clear assert_signer_true on a warning. * g10/gpgv.c: Add dummy function and vars. * g10/t-keydb-get-keyblock.c: Ditto. * g10/t-keydb.c: Ditto. * g10/t-stutter.c: Ditto. --
* speedo,w32: Remove removed profiles and temporary disable runonce.Werner Koch2023-04-052-7/+2
| | | | --
* build: Update gpg-error.m4.NIIBE Yutaka2023-04-051-23/+36
| | | | | | | | * m4/gpg-error.m4: Update from libgpg-error master. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common: Change allocation of the comopt symbol.Werner Koch2023-04-042-2/+7
| | | | | | * common/comopt.h (struct gnupg_comopt_s): New. * common/comopt.c (struct gnupg_comopt_s): Define here in the data segment.
* Use the keyboxd for a fresh installWerner Koch2023-04-048-18/+110
| | | | | | | | | | | | * common/homedir.c (gnupg_maybe_make_homedir): Also create a common.conf. * g10/keydb.c: Include comopt.h. (maybe_create_keyring_or_box): Detect the creation of a common.conf. * g10/gpg.c (main): Avoid adding more resources in this case. * sm/keydb.c: Include comopt.h. (maybe_create_keybox): Detect the creation of a common.conf. * common/comopt.h (comopt): Remove the conditional "extern".
* speedo: Remove deleted prf files from the Windows installerWerner Koch2023-04-041-4/+0
| | | | --
* speedo: Fix regression due to switching from gcc 8.3 to 10.2Werner Koch2023-04-041-1/+5
| | | | | | * build-aux/speedo.mk (speedo_pkg_zlib_make_args): Use -static-libgcc. (cherry picked from commit 04f1d9649cfb9163907fe97d20821ddd1be44f82)
* gpg: Set the default digest algo for S2K to SHA256.Werner Koch2023-04-042-3/+9
| | | | | | | * g10/main.h (DEFAULT_S2K_DIGEST_ALGO): Alias to DEFAULT_DIGEST_ALGO. -- GnuPG-bug-id: 6367
* dirmngr: Return modifyTimestamp and add server option --newer.Werner Koch2023-04-047-27/+195
| | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ks_get): Add option --newer. (cmd_ad_query): Ditto. * dirmngr/ldap-misc.c (isotime2rfc4517): New. (rfc4517toisotime): New. * dirmngr/ks-action.c (ks_action_get): Add arg newer and pass on. (ks_action_query): Ditto. * dirmngr/ks-engine-ldap.c (extract_keys): Print new "chg" record. (ks_ldap_get): Add arg newer. Modify filter with newer arg. (ks_ldap_search): Print the modifyTimestamp. (ks_ldap_query): Add arg newer. Modify filter with newer arg. -- Note that the modifyTimestamp is also available on Windows, where its value is more commonly known as whenChanged. Both are constructed attributes. Note that the --newer option is a bit of a misnomer because LDAP has only a greater-or-equal and no greater-than operator.
* agent: Add trustlist flag "de-vs".Werner Koch2023-04-035-3/+19
| | | | | | | | | | | | | | | | * agent/trustlist.c (struct trustitem_s): Add field de_vs. (read_one_trustfile): Parse it. (istrusted_internal): Emit TRUSTLISTFLAG status line. * sm/gpgsm.h (struct rootca_flags_s): Add field de_vs. * sm/call-agent.c (istrusted_status_cb): Detect the flags. * sm/sign.c (write_detached_signature): Remove unused vars. -- Right now this flag has no effect; we first need to specify the exact behaviour. GnuPG-bug-id: 5079
* gpgsm: Create binary detached sigs with definite form length octets.Werner Koch2023-04-032-9/+262
| | | | | | | | | * sm/sign.c: Include tlv.h. (write_detached_signature): New, (gpgsm_sign): Fixup binary detached signatures. -- This helps some other software to verify detached signatures.
* gpgsm: Remove conditional compilation for older libksba versions.Werner Koch2023-03-314-19/+31
| | | | | | | | | * sm/sign.c (add_signed_attribute): Return an error because the option --attribute is not yet working. -- We require libskba 1.6 anyway.
* agent: New option --restricted for PRESET_PASSPHRASE.Werner Koch2023-03-272-3/+19
| | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_preset_passphrase): Add option. * agent/preset-passphrase.c (oRestricted): New. (opts): Add option --restricted. (main): Set option. (preset_passphrase): Use option. -- We use a different cache for connections from the extra-socket. However, with gpg-preset-passphrase is only able to preset a passphrase into the regular cache. Further, a restricted connection may not use PRESET_PASSPHRASE. To solve this we add an new option to preset the passphrase into the "restricted" cache. For the gpg-preset-passphrase tool we also add the option --restricted. Note that this does not yet work with gpg-preset-passphrase --forget.
* gpg: New command --quick-add-adskWerner Koch2023-03-214-14/+120
| | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add aQuickAddADSK. (opts): Add --quick-add-adsk. (main): Call the actual function. * g10/keyedit.c (keyedit_quick_addadsk): New. (menu_addadsk): Add arg adskfpr and change caller. -- GnuPG-bug-id: 6395
* po: Fix German translation regarding the caching of PINs.Werner Koch2023-03-211-6/+6
| | | | | | | -- We do not actually cache PINs (but the card does this). Thus we now use a more clear message.
* doc: Suggest the use of out-of-source builds.Werner Koch2023-03-212-14/+21
| | | | | | -- GnuPG-bug-id: 6313
* dirmngr: New command AD_QUERY.Werner Koch2023-03-208-138/+758
| | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h: Include name-value.h (struct server_control_s): Add rootdse and rootdse_tried. * dirmngr/dirmngr.c (dirmngr_deinit_default_ctrl): Release them. * dirmngr/ks-engine.h (KS_GET_FLAG_ROOTDSE): Add two new flags. * dirmngr/ks-engine-ldap.c: Include ks-action.h (SERVERINFO_GENERIC): New. (struct ks_engine_ldap_local_s): Add scope. (ks_ldap_new_state): Set a default scope. (ks_ldap_clear_state): Ditto. (my_ldap_connect): Add flag generic. (return_all_attributes): New. (fetch_rootdse): New. (basedn_from_rootdse): New. (ks_ldap_get): Move some code out to ... (ks_ldap_prepare_my_state): New. (ks_ldap_query): New. * dirmngr/ks-action.c (ks_action_parse_uri): Factored out from server.c (ks_action_query): New. * dirmngr/server.c (make_keyserver_item): Factored most code out to ks_action_parse_uri. (cmd_ad_query): New. -- This command allows to query the Windows Active directory.
* dirmngr: Add framework to implement a fake CRL feature.Werner Koch2023-03-166-2/+87
| | | | | | | | | * dirmngr/fakecrl.c: New. * dirmngr/dirmngr.h (opt): Add fake_crl. * dirmngr/dirmngr.c (enum cmd_and_opt_values): Add oFakeCRL. (opts): Add "fake-crl" (parse_rereadable_options): Set opt.fake_crl. * dirmngr/server.c (cmd_isvalid): Take care of fakce CRLs.
* gpgsm: New option --no-pretty-dnWerner Koch2023-03-164-2/+25
| | | | | | | | * sm/gpgsm.c (oNoPrettyDN): New. (opts): Add --no-pretty-dn. (main): Implement. * sm/gpgsm.h (opt): Add no_pretty_dn. * sm/certdump.c (gpgsm_es_print_name): Act upon.
* gpgtar: Do not allow the use of stdout for --status-fdWerner Koch2023-03-151-2/+6
| | | | | | | | | | | * tools/gpgtar.c (main): Don't allow logging via the Registry. Forbid using stdout for status-fd in crypt mode. -- Without that check a status output would be mixed up with the input to the internal call of gpg. Using the Registry key to enable logging is very annoying.
* gpgtar: Print a result status with skiupped files.Werner Koch2023-03-153-10/+69
| | | | | | | * tools/gpgtar.h (struct tarinfo_s): Add new fields. * tools/gpgtar-extract.c (check_suspicious_name): Add arg info. (extract_regular): Count files. (gpgtar_extract): Print stats.
* gpg: Delete secret key after "keytocard".Werner Koch2023-03-153-9/+48
| | | | | | | | | | | | | | * g10/card-util.c (card_store_subkey): Add arg processed_keys. * g10/keyedit.c (keyedit_menu): Delete secret key. -- This used to work using the gpg-agent: learn we called at "save" time. However, the recent change inhibited the creation of a shadow key by learn if a regular key still exists. Now we do an explicit delete key at save time. This syncs the behaviour with the description of the man page. GnuPG-bug-id: 6378
* scd,openpgp: Switch key attributes between RSA and ECC in writekey.Werner Koch2023-03-152-6/+34
| | | | | | | | | | | | | | * common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private keys. (pubkey_algo_string): Ditto. * scd/app-openpgp.c (do_writekey): Switch key attributes -- The scd WRITEKEY command for OpenPGP cards missed proper support to aautomagically switch key attributes based on the new key. We had this only in GENKEY. GnuPG-bug-id: 6378
* agent: Make --disable-extended-key-format a dummy option.Werner Koch2023-03-1311-285/+157
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): Remove enable_extended_key_format. * agent/gpg-agent.c (enum cmd_and_opt_values): Turn oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy options. * agent/protect.c (do_encryption): Remove arg use_ocb and corresponding code. (agent_protect): Ditto. Change all callers. * agent/findkey.c (agent_write_private_key): Simplify due to the removal of disable-extended-key-format. (write_extended_private_key): Fold into agent_write_private_key. -- This change is related to GnuPG-bug-id: 6386 but should have no visible effect except for the removal of option --disable-extended-key-format.
* dirmngr: Add command "GETINFO stats".Werner Koch2023-03-108-35/+59
| | | | | | | | | | | * dirmngr/server.c (cmd_getinfo): New sub-command "stats". (dirmngr_status_helpf): Allow for a CTRL of NULL. * dirmngr/certcache.c (cert_cache_print_stats): Add arg ctrl and use dirmngr_status_helpf. Adjust all callers. * dirmngr/domaininfo.c (domaininfo_print_stats): Ditto. * sm/certchain.c (ask_marktrusted): Flush stdout before printing the fingerprint.
* agent: Try to SETREPEATOK if the pinentry supports it.Ben Kibbey2023-03-101-0/+21
| | | | | | | * agent/call-pinentry.c (agent_get_passphrase): Do SETREPEATOK. (agent_askpin): Ditto. Signed-off-by: Ben Kibbey <bjk@luxsci.net>
* dirmngr: Distinguish between "no crl" and "crl not trusted".Werner Koch2023-03-098-12/+33
| | | | | | | | | | | | | | | | | * dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New. * dirmngr/crlcache.c (cache_isvalid): Set this status. (crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED. (crl_cache_reload_crl): Move diagnostic to ... * dirmngr/crlfetch.c (crl_fetch): here. * dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED. * dirmngr/validate.c (check_revocations): Handle new status. Improve diagnostics. * common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ. * common/audit.c (proc_type_verify): Ditto. -- This avoids repeated loading of CRLs in case of untrusted root certificates.
* keyboxd: Allow import of v0 certificates.Werner Koch2023-03-081-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/backend-support.c (be_is_x509_blob): Loose detection. -- Here is a sample v0 cert: -----BEGIN CERTIFICATE----- MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn jBJ7xUS0rg== -----END CERTIFICATE-----
* gpg,gpgsm: New option --log-timeWerner Koch2023-03-084-0/+27
| | | | | | | | | | | * g10/gpg.c (oLogTime): New. (opts): Add "log-time". (opt_log_time): New var. (main): Implement. * sm/gpgsm.c (oLogTime): New. (opts): Add "log-time". (opt_log_time): New var. (main): Implement.
* dirmngr: Minor code cleanup in the CRL cache.Werner Koch2023-03-081-10/+25
| | | | | | | * dirmngr/crlcache.c (INVCRL_TOO_OLD): New. (INVCRL_UNKNOWN_EXTN, INVCRL_GENERAL): New. (open_dir, crl_cache_insert): Use the new constants. (list_one_crl_entry): Make diagnostics robust for new INVCRL codes.
* gpgsm: Strip trailing zeroes from detached signatures.Werner Koch2023-03-085-7/+120
| | | | | | | | | | | | | | | | * common/ksba-io-support.c: Include tlv.h (struct reader_cb_parm_s): Add new fields. (starts_with_sequence): New. (simple_reader_cb): Handle stripping. * common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New. (gnupg_ksba_create_reader): Handle the new flag. * sm/verify.c (gpgsm_verify): Use the new flag for detached signatures. -- Note that this works only if --assume-binary is given. The use case for the feature is PDF signature checking where the PDF specs require that the detached signature is padded with zeroes.
* scd: Fix checking memory allocation.NIIBE Yutaka2023-03-081-1/+1
| | | | | | | | * scd/app-openpgp.c (read_public_key): Fix the memory. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* doc: Typo fixes and new notes in DETAILSWerner Koch2023-03-032-1/+7
| | | | --
* gpg: Actually encrypt to ADSKs.Werner Koch2023-03-013-14/+39
| | | | | | | | * g10/getkey.c (get_pubkey_fromfile): Add optional arg r_keyblock. * g10/pkclist.c (find_and_check_key): Also encrypt to RENC subkeys. -- GnuPG-bug-id: 6395
* gpg: Allow adding of Additional Decryption Subkeys.Werner Koch2023-03-0113-78/+280
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/free-packet.c (copy_public_key): Factor some code out to ... (copy_public_key_basics): new. * g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints. * g10/packet.h (PUBKEY_USAGE_RENC): Fix value. (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c. (SIGNHINT_ADSK): New. (PKT_public_key): Change pubkey_usage from byte to u16. (PKT_user_id): Cosmetic fix: change help_key_usage from int to u16. * g10/getkey.c (parse_key_usage): Make public. * g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in account. * g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK. (make_keysig_packet): Ditto. (do_sign): No time warp check in ADSK mode. * g10/sig-check.c (check_signature_metadata_validity): Ditto. * g10/keygen.c (struct opaque_data_usage_and_pk): Remove. (write_keybinding): Do not use the removed struct. (do_add_key_flags): Support PUBKEY_USAGE_RENC and others. (keygen_add_key_flags_and_expire): Rewrite and make public. * g10/keyedit.c (enum cmdids): Add cmdADDADSK. (keyedit_menu): Add command "addadsk". (menu_addadsk): New. -- This makes use of a new encryption flag: The "restricted encryption key" (2nd,0x04) does not take part in any automatic selection of encryption keys. It is only found on a subkey signature (type 0x18), one that refers to the key the flag applies to. Followup patches will add encryption support and a --quick command. GnuPG-bug-id: 6395
* agent: Show "no secret key" instead of "card removed".Werner Koch2023-03-012-4/+20
| | | | | | | | | | | | | | | * agent/findkey.c (agent_key_from_file): Check the error of read_key_file again. * agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was found. Also remove useless condition. -- The first patch fixes a likely merge error. The second is about the actual return code: If we have no smardcard but simply try to decrypt with the current smartcard we should return the originla error code. GnuPG-bug-id: 5170 Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
* gpgconf: Print some standard envvars with -XWerner Koch2023-02-281-0/+10
| | | | | | | | | * tools/gpgconf.c (show_configs): Add a list of envvars and print them. -- Note that for simplicity we to not distinguish between Windows and Linux here.
* gpgsm: Improve cert lookup callback from dirmngr.Werner Koch2023-02-263-5/+13
| | | | | | | | | | | | | | | | | * sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New. (FIND_CERT_WITH_EPHEM): New. * sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a generic flags arg. Implement the new flag FIND_CERT_WITH_EPHEM. * sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked certs. -- The dirmngr may need to get a certificate from gpgsm's store in the course of verifying a CRL. In some cases the certificate is still marked as epehemeral - this needs to be returned as well. This _may_ also fix GnuPG-bug-id: 4436
* sm: Fix dirmngr loadcrl for intermediate certsAndre Heinecke2023-02-241-2/+26
| | | | | | | | | | | | | * sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED. (inq_certificate): Distinguish unsupported inquiry error. -- When loading a CRL through "gpgsm --call-dirmngr loadcrl foo" dirmngr can ask gpgsm back if a certificate used ISTRUSTED, which previously resulted in an error. (cherry picked from commit 6b36c16f77722d17f4f317c788701cbc1e9552b2) That commit was from the 2.2 branch and we forgot to forward port it.
* doc: Minor comment fixes.Werner Koch2023-02-232-2/+3
| | | | --
* dirmngr: New debug flag "keeptmp".Werner Koch2023-02-232-1/+4
| | | | | | | | | * dirmngr/dirmngr.c (debug_flags): Add "keeptmp". (set_debug): Don't set in with "guru". * dirmngr/dirmngr.h (DBG_KEEPTMP_VALUE): New. -- Note that flag is not yet used.
* gpg: Prepare to accept shorter OIDs for ed25519 and cv25519.Werner Koch2023-02-211-6/+20
| | | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add them. (oid_ed25519_v5, oid_cv25519_v5): New. (openpgp_oidbuf_is_ed25519): Take new OID in account. (openpgp_oidbuf_is_cv25519): Ditto. -- ed25519 is used in GnuPG and other implementations since 2015 and thus we can't simply switch to the shorter OIDs. However, we have not widely used them with v5 keys (only ed448 forced the use of v5) and thus it might be possible to use the new OIDs with v5 keys. Note that Libgcrypt supports the new OIDs even in 1.8.
* gpg: New option --add-desig-revokerWerner Koch2023-02-166-11/+132
| | | | | | | | | | | | * g10/gpg.c (oAddDesigRevoker): New. (opts): Add new option. * g10/options.h (opt): Add field desig_revokers. * g10/keygen.c (get_parameter_idx): New. (get_parameter): Make use of get_parameter_idx. (prepare_desig_revoker): New. (get_parameter_revkey): Add arg idx. (proc_parameter_file): Add designated revokers. (do_generate_keypair): Write all designated revokers.