summaryrefslogtreecommitdiffstats
path: root/agent (follow)
Commit message (Collapse)AuthorAgeFilesLines
* agent: Allow arguments to "scd serialno" in restricted mode.Werner Koch2022-12-121-1/+1
| | | | | | | * agent/command.c (cmd_scd): Allow it. -- This is important because Scute uses "SCD SERIALNO --all".
* build: Remove Windows CE support.NIIBE Yutaka2022-12-091-7/+1
| | | | | | | | | | | | | | | | * agent/Makefile.am [HAVE_W32CE_SYSTEM]: Remove. * am/cmacros.am [HAVE_W32CE_SYSTEM]: Remove. * autogen.sh: Remove W32ce_ variables. * configure.ac: Likewise. * dirmngr/Makefile.am (extra_bin_ldflags): Remove. * g10/Makefile.am [HAVE_W32CE_SYSTEM]: Remove. * kbx/Makefile.am: Likewise. * sm/Makefile.am (extra_bin_ldflags): Remove. * tools/Makefile.am (extra_bin_ldflags): Remove. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: New export option "mode1003".Werner Koch2022-12-021-10/+26
| | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_export_key): Add option --mode1003. (command_has_option): Ditto. * g10/build-packet.c (do_key): Implement mode 1003. * g10/parse-packet.c (parse_key): Ditto. * g10/options.h (EXPORT_MODE1003): New.o * g10/call-agent.c (agent_export_key): Add arg mode1003. * g10/export.c (parse_export_options): Add "mode1003" (secret_key_to_mode1003): New. (receive_seckey_from_agent): Add arg mode1003. (do_export_one_keyblock): Pass option down. -- This option allows to export a secret key in GnuPG's native format. Thus no re-encryption is required and further the public key parameters are also authenticated if a protection passphrase has been used. Note that --import is not yet able to handle this new mode. Although old version of GnuPG will bail out with "invalid packet" if a mode1003 exported secret key is seen.
* agent: Fix import of protected v5 keys.Werner Koch2022-12-011-3/+4
| | | | | | | | * agent/cvt-openpgp.c (convert_from_openpgp_main): Take care of version 5 keys. -- GnuPG-bug-id: 6294
* tests: Support semihosted environment.NIIBE Yutaka2022-12-011-3/+4
| | | | | | | | | | | | * Makefile.am (check-all): Add EXEEXT. * agent/all-tests.scm: Append EXEEXT. * common/all-tests.scm: Likewise. * g10/all-tests.scm: Likewise. * g13/all-tests.scm: Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Allow trustlist on Windows in Unicode homedirs.Werner Koch2022-11-101-1/+1
| | | | * agent/trustlist.c (agent_marktrusted): Use gnupg_access.
* agent: Avoid blanks in the ssh key's comment.Werner Koch2022-11-021-0/+5
| | | | | | | | | | | | | | | | | | * agent/command-ssh.c (card_key_available): Replace blanks. -- For managing the authorized_key file of ssh it is convenient if the comment does not have any spaces. Thus we now return cardno:FFFE_50FF3D01 instead of cardno:FFFE 50FF3D01 Note that gpg --export-ssh-key uses the keyid as comment because it does not known the S/N of the card. Gpg-agent however does not know about OpenPGP and uses the s/n.
* agent: Automatically convert to extended key format by KEYATTR.NIIBE Yutaka2022-10-281-6/+15
| | | | | | | | | * agent/command.c (cmd_keyattr): Reject when disabled extended key format. Handle the case when key is in non-extended format. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument.NIIBE Yutaka2022-10-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/exechelp-posix.c (do_exec): Remove PREEXEC argument. (gnupg_spawn_process): Likewise. (gnupg_spawn_process_fd): Follow the change of do_exec. (gnupg_spawn_process_detached): Likewise. * common/exechelp-w32.c (gnupg_spawn_process): Remove PREEXEC. * common/exechelp.h (gnupg_spawn_process): Remove PREEXEC. * agent/genkey.c (do_check_passphrase_pattern): Follow the change. * common/exectool.c (gnupg_exec_tool_stream): Likewise. * dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise. * tests/gpgscm/ffi.c (do_spawn_process): Likewise. * tools/gpgconf-comp.c (gc_component_check_options): Likewise. (retrieve_options_from_program): Likewise. * tools/gpgconf.c (show_versions_via_dirmngr): Likewise. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. -- PREEXEC is not portable feature and it's not used. GnuPG-bug-id: 6249 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent,w32: Support Win32-OpenSSH emulation by gpg-agent.NIIBE Yutaka2022-10-143-35/+163
| | | | | | | | | | | | | | | | * agent/agent.h (start_command_handler_ssh_stream): New. * agent/command-ssh.c (start_command_handler_ssh_stream): New. * agent/gpg-agent.c (oWin32OpenSSHSupport): New. (W32_DEFAILT_AGENT_PIPE_NAME): New. (main): Add oWin32OpenSSHSupport support. (win32_openssh_thread): New. (handle_connections): Spawn win32_openssh_thread. * configure.ac (NEED_GPGRT_VERSION): Require libgpg-error 1.46. -- GnuPG-bug-id: 3883 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Introduce attribute "Remote-list" to KEYINFO.Werner Koch2022-10-122-22/+27
| | | | | | | * agent/command.c (do_one_keyinfo): Add arg list_mode. Check attribute Remote-list. (cmd_keyinfo): Change semantics to return nothing in restricted list mode.
* agent,dirmngr,gpg,scd: Clean up for modern compiler.NIIBE Yutaka2022-09-141-0/+1
| | | | | | | | | | | | | | | | | | * agent/protect.c (agent_get_shadow_info_type): It's a write only variable, useful for debugging. * g10/key-check.c (key_check_all_keysigs): Likewise. * g10/keyedit.c (show_basic_key_info, menu_expire): Likewise. * scd/app-sc-hsm.c (read_ef_prkd): Likewise. * dirmngr/crlfetch.c (fetch_next_ksba_cert): Initialize the vars. * dirmngr/ks-action.c (ks_action_help): Remove unused variables. * dirmngr/server.c (make_keyserver_item): Likewise. * dirmngr/validate.c (check_cert_sig): Initialize the variable. * scd/app-p15.c (select_and_read_record): Likewise. * tests/gpgscm/scheme.c (scheme_init_new): A function with no args. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Don't start in --supervised mode if no-autostart is enabled.Werner Koch2022-09-071-0/+11
| | | | | * agent/gpg-agent.c (main): Print an error message if no-autostart is set in common.conf.
* doc: Update description of the key format.Werner Koch2022-08-162-11/+21
| | | | --
* agent: New option --need-attr for KEYINFO.Werner Koch2022-08-112-17/+73
| | | | | | | | | | | | | | * agent/command.c (do_one_keyinfo): New arg need_Attr. (cmd_keyinfo): New option --need-attr. * agent/findkey.c (public_key_from_file): Use nvc_get_boolean. -- This option makes it easier to list keys suitable only for certain purposes. The second patch makes if compliant to the description in keyformat.txt
* agent: Add description for "Prompt" field.NIIBE Yutaka2022-06-281-0/+6
| | | | | | -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:".NIIBE Yutaka2022-06-282-17/+3
| | | | | | | | | | * agent/command-ssh.c: Fix comments. * agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check. -- GnuPG-bug-id: 5996 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Do not consider --min-passphrase-len for the magic wand.Werner Koch2022-06-271-10/+11
| | | | | * agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets. * g10/gpg.c (main) <aGenRandom>: Add Level 30.
* agent: Flush before calling ftruncate.NIIBE Yutaka2022-06-231-0/+2
| | | | | | | | | | * agent/findkey.c (write_extended_private_key): Make sure it is flushed out. -- GnuPG-bug-id: 6035 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: KEYATTR only allows access to attribute.NIIBE Yutaka2022-06-231-0/+8
| | | | | | | | | * agent/command.c (cmd_keyattr): Check the ATTRNAME. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Fix KEYATTR command for --delete option.NIIBE Yutaka2022-06-231-1/+5
| | | | | | | | * agent/command.c (cmd_keyattr): Write the result. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Add KEYATTR command.NIIBE Yutaka2022-06-224-7/+139
| | | | | | | | | | | | | | | | | * agent/agent.h (agent_raw_key_from_file): Add R_KEYMETA argument. (agent_update_private_key): New. * agent/command-ssh.c (data_sign): Follow the change of the function agent_raw_key_from_file. * agent/command.c (do_one_keyinfo): Likewise. (cmd_keyattr): New. (register_commands): Add an entry of cmd_keyattr. * agent/findkey.c (agent_update_private_key): New. (agent_raw_key_from_file): Add R_KEYMETA argument. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent,gpg,tools: Fix use of log_get_fd.NIIBE Yutaka2022-06-222-10/+2
| | | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): Don't put file descriptor from log_get_fd to no_close_list. * agent/call-pinentry.c (start_pinentry): Likewise. * common/call-gpg.c (start_gpg): Likewise. * call-syshelp.c (start_syshelp): Likewise. * tools/gpg-connect-agent.c (main): Likewise. -- GnuPG-bug-id: 5921 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Improve "Insert the card" message.Werner Koch2022-06-171-1/+2
| | | | * agent/findkey.c (prompt_for_card): Don't print "(null").
* agent,ssh: Fix for make not-inserted OpenPGP.3 keys available for SSH.Werner Koch2022-06-151-5/+8
| | | | | | | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Do not bump key_counter for ignored keys. Also use opt.debug instead of opt.verbose and fix a memory leak. -- The error shown by "ssh-add -l" before this fix was: error fetching identities: incomplete messag Fixes-commit: 193fcc2f7a8cca5240ce50499c54f99235a87e1c GnuPG-bug-id: 5996
* agent: New option --no-user-trustlist and --sys-trustlist-name.Werner Koch2022-06-143-9/+53
| | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New. (opts): Add new option names. (parse_rereadable_options): Parse options. (finalize_rereadable_options): Reset allow-mark-trusted for the new option. * agent/agent.h (opt): Add fields no_user_trustlist and sys_trustlist_name. * agent/trustlist.c (make_sys_trustlist_name): New. (read_one_trustfile): Use here. (read_trustfiles): Use here. Implement --no-user-trustlist. -- With the global options we can now avoid that a user changes the Root-CA trust by editing the trustlist.txt. However, to implement this we need a new option so that we don't need to rely on some magic like --no-allow-mark-trusted has been put into a force section. The second option makes system administration easier as it allows to keep the trustlist in a non-distributed file. GnuPG-bug-id: 5990
* Remove remaining support for WindowsCEWerner Koch2022-06-033-29/+9
| | | | --
* agent: Support --format=ssh option for READKEY.NIIBE Yutaka2022-06-021-13/+40
| | | | | | | | | | * agent/command.c (cmd_readkey): Handle --format=ssh to return key in SSH format. -- GnuPG-bug-id: 6012 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: New field "Prompt" to prevent asking card key insertion.NIIBE Yutaka2022-05-271-4/+21
| | | | | | | | | * agent/findkey.c (prompt_for_card): Add "Prompt" field handling. -- GnuPG-bug-id: 5987 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent,ssh: Support "Use-for-ssh" flag in private key.NIIBE Yutaka2022-05-261-10/+22
| | | | | | | | | | * agent/findkey.c (public_key_from_file): Support "Use-for-ssh" when it's in extended format. -- GnuPG-bug-id: 5985 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent,ssh: Make not-inserted OpenPGP.3 keys available for SSH.NIIBE Yutaka2022-05-263-85/+206
| | | | | | | | | | | | | | | | | | * agent/agent.h (agent_ssh_key_from_file): New. * agent/command-ssh.c (get_ssh_keyinfo_on_cards): New. (ssh_send_available_keys): Loop on the GNUPG_PRIVATE_KEYS_DIR. Support keys by agent_ssh_key_from_file. (ssh_handler_request_identities): Move card key handling to ssh_send_available_keys. * agent/findkey.c (public_key_from_file): New. Adding handling for SSH. (agent_public_key_from_file): Use public_key_from_file. (agent_ssh_key_from_file): New. -- GnuPG-bug-id: 5996 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Fix get_keyinfo_on_cards.NIIBE Yutaka2022-05-261-2/+5
| | | | | | | | | * agent/command.c (get_keyinfo_on_cards): Make it static. Don't return bogus value on error. Return NULL when scdaemon is disabled. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Handle USAGE information in KEYINFO.NIIBE Yutaka2022-05-262-4/+25
| | | | | | | | | | | * agent/agent.h (struct card_key_info_s): Add USAGE field. * agent/call-scd.c (card_keyinfo_cb): Parse USAGE field. Allow optional SERIALNO, IDSTR, and USAGE fields. Fix releasing on possible allocation error. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.NIIBE Yutaka2022-05-252-5/+21
| | | | | | | | | | | | | * agent/call-scd.c (inq_needpin): Call assuan_begin_confidential and assuan_end_confidential, and wipe the memory after use. * agent/command.c (cmd_preset_passphrase): Likewise. (cmd_put_secret): Likewise. * scd/command.c (pin_cb): Likewise. -- GnuPG-bug-id: 5977 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Add missing assuan_end_confidential call.NIIBE Yutaka2022-05-251-0/+1
| | | | | | | | * agent/command.c (send_back_passphrase): Fix. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Fix a bug accessing after release when opt.verbose.NIIBE Yutaka2022-05-201-4/+4
| | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Don't release KEY_PUBLIC too early. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Factor out handling scanning over ssh keys.NIIBE Yutaka2022-05-201-42/+48
| | | | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): New. (ssh_handler_request_identities): Use ssh_send_available_keys. -- GnuPG-bug-id: 5985 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Show "Label:" field of private key when prompt the insertion.NIIBE Yutaka2022-05-201-24/+27
| | | | | | | | | | * agent/findkey.c (prompt_for_card): Use "Label:" field. (agent_key_from_file): Use KEYMETA. -- GnuPG-bug-id: 5986 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Move confirmation handling into findkey.c.NIIBE Yutaka2022-05-206-165/+151
| | | | | | | | | | | | | | | | | | * agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API. (divert_pksign, divert_pkdecrypt): Likewise. * agent/divert-scd.c (ask_for_card): Remove. (divert_pksign, divert_pkdecrypt): Don't call ask_for_card. * agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Remove DESC_TEXT argument. * agent/findkey.c (prompt_for_card): New (was: ask_for_card). (agent_key_from_file): Call prompt_for_card when it's a key on card. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API. * agent/pksign.c (agent_pksign_do): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Pop up dialog window for confirmation, when specified so.NIIBE Yutaka2022-05-192-0/+46
| | | | | | | | | * agent/findkey.c (agent_key_from_file): Support "Confirm:". -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Supply GRIP=NULL for agent_key_from_file, for real use.NIIBE Yutaka2022-05-193-18/+19
| | | | | | | | | | | | * agent/findkey.c (agent_key_from_file): Change the semantics of GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH. * agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL. * agent/pksign.c (agent_pksign_do): Likewise. -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests: Use module_tests for testing agent/.NIIBE Yutaka2022-04-262-2/+4
| | | | | | | | | * agent/Makefile.am (module_test): New. * agent/all-tests.scm: Use module_tests instead of TESTS. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Deprecate the --supervised options.Werner Koch2022-04-251-1/+4
| | | | | | | | * agent/gpg-agent.c (main): Mark --supervised as deprecated. * dirmngr/dirmngr.c (main): Ditto. -- The supervised thing causes more trouble than it pretends to solve.
* agent: Not writing password into file.NIIBE Yutaka2022-04-221-35/+20
| | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke pattern check program. -- GnuPG-bug-id: 5917 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* ssh: Returned faked response for the new session-bind extension.Werner Koch2022-04-141-0/+14
| | | | | | | | | | | | | | | | * agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New. (SSH_OPT_CONSTRAIN_EXTENSION): New. (ssh_handler_add_identity): Ignore them. (ssh_handler_extension): Take success for session-bind. -- OpenSSH 8.9 does not gracefully allow communication with older agent implementations. Until this new OpenSSH feature has been settled we return a faked response. Code has not yet been tested. GnuPG-bug-id: 5931
* agent: Ignore MD5 Fingerprints for ssh keysJakub Jelen2022-04-141-2/+4
| | | | | | | | -- * agent/command-ssh.c (add_control_entry): Ignore failure of the MD5 digest Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* agent: Fix for possible support of Cygwin OpenSSH.NIIBE Yutaka2022-04-071-1/+5
| | | | | | | | | | | * agent/command-ssh.c (start_command_handler_ssh): Use es_sysopen. -- With new (not-yet-released) libgpg-error, gpg-agent should be able to handle connection from Cygwin version of OpenSSH. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent:w32: Fix for use of socket.NIIBE Yutaka2022-04-041-7/+7
| | | | | | | | | | * agent/command-ssh.c (get_client_info): Use type gnupg_fd_t for socket, until call of socket API. (start_command_handler_ssh): Don't convert here. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: KEYTOCARD prefers to specified time.NIIBE Yutaka2022-03-281-12/+11
| | | | | | | | | | * agent/command.c (cmd_keytocard): Timestamp at "Created:" field is only used when time is not specified. -- Fixes-commit: c795be79c14fac01b984bdc2e2041d2141f27612 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Use "Created:" field for creation time.NIIBE Yutaka2022-03-255-21/+36
| | | | | | | | | | | | | | * agent/agent.h (agent_key_from_file): Change the declaration. * agent/findkey.c (agent_key_from_file): Return timestamp. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change. * agent/pksign.c (agent_pkdecrypt): Likewise. * agent/command.c (cmd_passwd, cmd_export_key): Likewise. (cmd_keytocard): Use timestamp in private key file in "Created:". -- GnuPG-bug-id: 5538 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-21 06:42:28 +0100