summaryrefslogtreecommitdiffstats
path: root/doc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Spelling cleanup.Daniel Kahn Gillmor2020-02-197-8/+8
| | | | | | | | | | | | | | | | No functional changes, just fixing minor spelling issues. --- Most of these were identified from the command line by running: codespell \ --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \ --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \ doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \ NEWS README README.maint TODO Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc: Correction of typo in documentation of KEY_CONSIDEREDNick Piper2020-02-191-1/+1
| | | | Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* gpg: New option --full-timestrings.Werner Koch2020-02-131-0/+8
| | | | | | | | | | | | | | | | | | | | | * g10/options.h (opt): Add flags.full_timestrings. * g10/gpg.c (oFullTimestrings): New. (opts): New option. (main): Set new flag. * g10/keyid.c (dateonlystr_from_pk): New. (dateonlystr_from_sig): New. (datestr_from_pk): Divert to isotimestamp if requested. (datestr_from_sig): Ditto. (expirestr_from_pk): Ditto. (expirestr_from_sig): Ditto. (revokestr_from_pk): Ditto. * g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and dateonlystr_from_pk. -- Quite helpful for debugging keys. Signed-off-by: Werner Koch <wk@gnupg.org>
* scd:openpgp: Return key creation time as part of KEYPARIINFO.Werner Koch2020-02-131-0/+14
| | | | | | | | | | | | | * scd/app-openpgp.c (send_keypair_info): Reaturn the key creation time as part of a KEYPAIRINFO. (do_readkey): Do not return the KEY-TIME anymore. -- Sending the KEY_TIME status as part of a READKEY command was only recently added. It is better to merge that into the KEYPAIRINFO line. Another patch with chnage this for the consumers of that info. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Improve the warning section of the gpg man page.Werner Koch2020-02-101-10/+16
| | | | | | * doc/gpg.texi: Update return valeu and warning sections. Signed-off-by: Werner Koch <wk@gnupg.org>
* tools: Let watchgnupg determine the socket name via gpgconf.Werner Koch2020-01-201-11/+30
| | | | | | | | | | | | | | * tools/watchgnupg.c: Include sys/wait.h. (GNUPG_DEF_COPYRIGHT_LINE): Add a default value for standalone building. (get_logname): New. (main): Use a default socket name and add option --homedir. -- This is quite convenient and saves a lot of typing or shell alias definitions. Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx: Redefine the UBID which is now the primary fingerprint.Werner Koch2019-11-281-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/util.h (UBID_LEN): New. Use it at all places. * kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item. * kbx/keybox-dump.c (print_ubib): Remove. (_keybox_dump_blob): Do not print the now removed ubid flag. * kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants for the size of the ubid and grip. * kbx/keybox-search.c (blob_cmp_ubid): New. (has_ubid): Make it a simple wrapper around blob_cmp_ubid. (keybox_get_data): Add arg 'r_ubid'. * kbx/frontend.h (enum kbxd_store_modes): New. * kbx/kbxserver.c (cmd_store): Add new option --insert. * kbx/backend-cache.c (be_cache_initialize): New. (be_cache_add_resource): Call it here. * kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'. (be_kbx_search): Get the UBID from keybox_get_data. * kbx/backend-support.c (be_fingerprint_from_blob): Replace by ... (be_ubid_from_blob): new. Change all callers. * kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but use the new cache init function. (kbxd_store): Replace arg 'only_update' by 'mode'. Seek using the ubid. Take care of the mode. -- It turned out that using the hash of the entire blob was not helpful. Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint of the blob. In case this is a v5 OpenPGP key a left truncated version of the SHA-256 hash is used; in all other cases the full SHA-1 hash. Using a SHA-256 hash does not make sense because v4 keys are and will for some time be the majority of keys and thus padding them with zeroes won't make any difference. Even if fingerprint collisions can eventually be created we will assume that the keys are bogus and that it does not make sense to store its twin also in our key storage. We can also easily extend the update code to detect a collision and reject the update. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc,dirmngr: Clarify --standard-resolver.Werner Koch2019-11-231-1/+2
| | | | | | -- Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr,gpg: Better diagnostic in case of bad TLS certificates.Werner Koch2019-11-181-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | * doc/DETAILS: Specify new status code "NOTE". * dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a bad TLS certificate. * g10/call-dirmngr.c (ks_status_cb): Detect this status. -- For example a gpg -v --locate-external-keys dd9jn@posteo.net now yields gpg: Note: server uses an invalid certificate gpg: (further info: bad cert for 'posteo.net': \ Hostname does not match the certificate) gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name gpg: error reading key: Wrong name (without -v the "further info" line is not shown). Note that even after years Posteo is not able to provide a valid certificate for their .net addresses. Anyway, this help to show the feature. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgsm: Allow sepcification of ldaps servers.Werner Koch2019-11-092-3/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps. * sm/gpgsm.c (parse_keyserver_line): Parse flags. * sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr. * dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags. * dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls. * dirmngr/dirmngr_ldap.c: New option --tls. (fetch_ldap): Make use of that option. -- There was no way to specify an LDAPS server in dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This patch fixes this. Eventually we should allow to replace host and port by a partial URI in the same way ldap_initialize does it. For backward compatibility we do not yet do that. Although the dirmngr code accepts an URL (eg. taken from a certificate), I can't see how the scheme was ever used. Thus the patch also detects an ldaps scheme and uses this. That part has not been tested, though. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Document gpgsm's --keyserver option.Werner Koch2019-11-072-3/+20
| | | | | | | | -- Also fix a few related entries. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Improved description of status PLAINTEXT_LENGTH.Werner Koch2019-11-071-1/+4
| | | | | | -- GnuPG-bug-id: 4741
* gpg: Fix a potential loss of key sigs during import with self-sigs-only.Werner Koch2019-11-071-6/+8
| | | | | | | | | | | * g10/import.c (import_one_real): Don't do the final clean in the merge case. -- This fixes a regression introduced with self-sigs-only. GnuPG-bug-id: 4628 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Add option --allow-weak-key-signatures.Werner Koch2019-11-071-5/+14
| | | | | | | | | | | | * g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Make clear that by default RFC-4880bis features are used.Werner Koch2019-11-071-12/+8
| | | | --
* doc: Document the --unwrap command.Werner Koch2019-11-061-0/+9
| | | | | | -- Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Fix documentation about --locate-keys.NIIBE Yutaka2019-10-171-7/+7
| | | | | | | | | * doc/gpg.texi (--locate-keys): Remove mentioning signing keys. -- GnuPG-bug-id: 4713 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* doc: Fix c+p bug in the examples for --import-filter.Werner Koch2019-10-121-5/+5
| | | | | | | -- Reported-by: Steve McIntyre Signed-off-by: Werner Koch <wk@gnupg.org>
* Merge branch 'switch-to-gpgk' into masterWerner Koch2019-09-272-0/+23
|\ | | | | | | | | | | | | | | | | | | | | | | -- Resolved Conflicts: * common/asshelp.c: Keep the new code in master for spawing under Windows. * g10/Makefile.am: Keep all new file. * g10/photoid.c: Pass CTRL to pct_expando. Signed-off-by: Werner Koch <wk@gnupg.org>
| * kbx,gpg: Allow lookup using a UBID.Werner Koch2019-09-271-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | * common/userids.c (classify_user_id): Detect UBIDs. * kbx/backend-cache.c (blob_table_put): Store the public key type. (be_cache_search): Add search mode for UBIDs. * kbx/backend.h (struct db_request_part_s): Add cache.seqno_ubid. * g10/keydb.c (keydb_search_desc_dump): Fix printing of keygrip. Add ubid printing. * g10/call-keyboxd.c (keydb_search): Support search by UBID. Signed-off-by: Werner Koch <wk@gnupg.org>
| * doc: Minor doc updates and a typo fix.Werner Koch2019-09-251-6/+6
| | | | | | | | --
| * kbx: Add framework for the SEARCH commandWerner Koch2019-08-061-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/backend-kbx.c: New. * kbx/backend-support.c: New. * kbx/backend.h: New. * kbx/frontend.c: New. * kbx/frontend.h: New. * kbx/kbxserver.c: Implement SEARCH and NEXT command. * kbx/keybox-search-desc.h (enum pubkey_types): New. * kbx/keybox-search.c (keybox_get_data): New. * kbx/keyboxd.c (main): Add a standard resource. Signed-off-by: Werner Koch <wk@gnupg.org>
| * tools: New option --keyboxd for gpg-connect-agent.Werner Koch2019-08-061-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac: New option --keyboxd-pgm. (KEYBOXD_NAME, KEYBOXD_DISP_NAME): New ac_defines. * common/util.h: Add substitutes for new error codes. (GNUPG_MODULE_NAME_KEYBOXD): New. * common/homedir.c (gnupg_module_name): Support GNUPG_MODULE_NAME_KEYBOXD. * common/asshelp.c (SECS_TO_WAIT_FOR_KEYBOXD): New. (wait_for_sock): Support keyboxd. (start_new_service): Ditto. (start_new_keyboxd): New. * tools/gpg-connect-agent.c: New options --keyboxd and --keyboxd-program. (start_agent): Implement new option. -- This change allows us to test the new keyboxd using our standard helper. It also provides the necessary code to start keyboxd on the fly. Signed-off-by: Werner Koch <wk@gnupg.org>
* | doc: Fix distchek for generated eps fileAndre Heinecke2019-09-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | * doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Add gnupg-module-overview.eps, gnupg-card-architecture.eps (DISTCLEANFILES): Remove them. -- The files needs to be added so that it is properly included in the dist tarball. As the rule for it was moved into maintainer mode by 58bab1a.
* | doc: Update description of --debugWerner Koch2019-09-055-81/+23
| | | | | | | | | | | | -- Signed-off-by: Werner Koch <wk@gnupg.org>
* | doc: Fix grammar error.Werner Koch2019-08-301-1/+1
| | | | | | | | | | -- GnuPG-bug-id: 4691
* | gpg: Extend --quick-gen-key for creating keys from a card.Werner Koch2019-08-221-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and support the special algo "card". (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP. Handle the "card" algo. Adjust callers. (parse_algo_usage_expire): Add arg R_KEYGRIP. (quickgen_set_para): Add arg KEYGRIP and put it into the parameter list. (quick_generate_keypair): Handle algo "card". (generate_keypair): Also handle the keygrips as returned by parse_key_parameter_string. (ask_algo): Support ed25519 from a card. -- Note that this allows to create a new OpenPGP key from an initialized OpenPGP card or from any other supported cards. It has been tested with the TCOS Netkey card. Right now a stub file for the cards might be needed; this can be achieved by running "gpgsm --learn" with the card plugged in. Example: gpg --quick-gen-key foo@example.org card Signed-off-by: Werner Koch <wk@gnupg.org>
* | gpg: In a list of card keys show the standard keys.Werner Koch2019-08-211-0/+8
| | | | | | | | | | | | | | | | | | | | * g10/keygen.c (ask_algo): Identify the standard keys. -- The asterisks mark the usages of a key as retruned by scd via the $AUTHKEYID et al. attributes. Signed-off-by: Werner Koch <wk@gnupg.org>
* | gpg: New option --use-only-openpgp-cardWerner Koch2019-08-211-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (opts): Add option. (main): Set flag. * g10/options.h: Add flags.use_only_openpgp_card. * g10/call-agent.c (start_agent): Implement option. -- With the previous patch we switch to autoselect an application instead of requesting an openpgp card. This option allows to revert this in case of use use cases which expected the former behaviour. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit c185f6dfbd1bfd809369da789239a371e9d1610e) This was first added to the 2.2 branch.
* | doc: fix minor spelling and tense errorsDaniel Kahn Gillmor2019-08-203-6/+6
| | | | | | | | | | | | * doc/{gpg,gpgsm,wks}.texi: minor orthographic cleanup. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* | doc: clarify CARD event counter.Daniel Kahn Gillmor2019-08-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | * doc/gpg-agent.texi: improve documentation of CARD entry in GETEVENTCOUNTER description. -- "stati" is unclear and confusing, and describing something in the singular is almost always less ambiguous than leaving it in the plural. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* | doc: Fix a debug hint on the keybox format.Werner Koch2019-07-181-6/+2
| | | | | | | | --
* | doc: Fix description of the field 11.NIIBE Yutaka2019-07-161-2/+3
|/ | | | | | | * doc/DETAILS: Fix. GnuPG-bug-id: 4105 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* doc: Dependencies for figures are only for maintainers.NIIBE Yutaka2019-07-121-0/+2
| | | | | | | | * doc/Makefile.am [MAINTAINER_MODE] (.svg.eps, etc.): Enable only when maintainer-mode. GnuPG-bug-id: 4280 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: With --auto-key-retrieve prefer WKD over keyservers.Werner Koch2019-07-051-4/+20
| | | | | | | | | | | | | | * g10/mainproc.c (check_sig_and_print): Print a hint on how to make use of the preferred keyserver. Remove keyserver lookup just by the keyid. Try a WKD lookup before a keyserver lookup. -- The use of the the keyid for lookups does not make much sense anymore since for quite some time we do have the fingerprint as part of the signature. GnuPG-bug-id: 4595 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.Werner Koch2019-07-041-0/+5
| | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): Change default. -- Due to the DoS attack on the keyeservers we do not anymore default to import key signatures. That makes the keyserver unsuable for getting keys for the WoT but it still allows to retriev keys - even if that takes long to download the large keyblocks. To revert to the old behavior add keyserver-optiions no-self-sigs-only,no-import-clean to gpg.conf. GnuPG-bug-id: 4607 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: New command --locate-external-key.Werner Koch2019-07-041-4/+9
| | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <wk@gnupg.org>
* Mention --sender in documentationPeter Lebbing2019-07-021-5/+5
|
* gpg: New import and keyserver option "self-sigs-only"Werner Koch2019-07-011-0/+8
| | | | | | | | | | | | | | | * g10/options.h (IMPORT_SELF_SIGS_ONLY): New. * g10/import.c (parse_import_options): Add option "self-sigs-only". (read_block): Handle that option. -- This option is intended to help against importing keys with many bogus key-signatures. It has obvious drawbacks and is not a bullet-proof solution because a self-signature can also be faked and would be detected only later. GnuPG-bug-id: 4591 Signed-off-by: Werner Koch <wk@gnupg.org>
* fix up 6562de7475b21cd03c7b1a83a591fa563c589f5bDaniel Kahn Gillmor2019-06-141-1/+1
| | | | Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* doc/gpgsm: explain what "policy-file" refers to.Daniel Kahn Gillmor2019-06-111-1/+2
| | | | | | | | | | A new user who sees "policy-file" and searches naively through the documentation to find it again won't be able to tell what this refers to, since "policies.txt" doesn't otherwise match the search string "policy". This gives them a fighting chance at finding the documentation. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* scd: Bring back --card-timeout option as deprecated.NIIBE Yutaka2019-06-061-0/+6
| | | | | | | | | | | * doc/scdaemon.texi (card-timeout): Add. * scd/scdaemon.c (main): Revert the change. -- GnuPG-bug-id: 3383 Fixes-commit: 4262933ef6f7530b4ad55646250a6763de9bf103 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd: Remove unsupported --card-timeout option.NIIBE Yutaka2019-06-041-14/+0
| | | | | | | | | | | | | | | | | | * doc/scdaemon.texi (card-timeout): Remove. * scd/scdaemon.c (main): Remove oCardTimeout handling. -- There was the card-timeout option in GnuPG 2.0, but it was never implemented correctly. The intention of this option was to allow sharing smartcard among multiple applications, but this didn't work well as user's expectation (it only worked with DISCONNECT command). This is because other parts of scdaemon assumes exclusive access. In GnuPG 2.1, the support of the option was removed, improving "DISCONNECT" command always works well without this option. GnuPG-bug-id: 3383 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* doc: Add a section for gpg-check-pattern.NIIBE Yutaka2019-06-042-1/+49
| | | | | | | | | | * doc/Makefile.am: Add gpg-check-pattern.1. * doc/tools.texi (GPG-CHECK-PATTERN): New. -- GnuPG-bug-id: 4031 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: Allow deletion of subkeys with --delete-[secret-]key.Werner Koch2019-05-271-2/+8
| | | | | | | | | | * common/userids.c (classify_user_id): Do not set the EXACT flag in the default case. * g10/export.c (exact_subkey_match_p): Make static, * g10/delkey.c (do_delete_key): Implement subkey only deleting. -- GnuPG-bug-id: 4457
* gpg: Fix using --decrypt along with --use-embedded-filename.Werner Koch2019-05-171-1/+2
| | | | | | | | | | | | | | | | | * g10/options.h (opt): Add flags.dummy_outfile. * g10/decrypt.c (decrypt_message): Set this global flag instead of the fucntion local flag. * g10/plaintext.c (get_output_file): Ignore opt.output if that was used as a dummy option aslong with --use-embedded-filename. -- The problem here was that an explicit specified --decrypt, as meanwhile suggested, did not work with that dangerous --use-embedded-filename. In contrast it worked when gpg decrypted as a side-effect of parsing the data. GnuPG-bug-id: 4500 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Improve the photo image viewer selection.Werner Koch2019-05-171-9/+14
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/exec.c (w32_system): Add "!ShellExecute" special. * g10/photoid.c (get_default_photo_command): Use the new ShellExecute under Windows and fallbac to 'display' and 'xdg-open' in the Unix case. (show_photos): Flush stdout so that the output is shown before the image pops up. -- For Unix this basically syncs the code with what we have in gpg 1.4. Note that xdg-open may not be used when running as root which we support here. For Windows we now use ShellExecute as this seems to be preferred over "cmd /c start"; however this does not solve the actual problem we had in the bug report. To solve that problem we resort to a wait parameter which defaults to 400ms. This works on my Windows-10 virtualized test box. If we can figure out which simple viewers are commonly installed on Windows we should enhance this patch to test for them. GnuPG-bug-id: 4334 Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Do not mention gpg's deprecated --keyserver option.Werner Koch2019-05-151-19/+15
| | | | | -- GnuPG-bug-id: 4466
* gpgconf: Support --homedir for --launch.Werner Koch2019-05-151-0/+2
| | | | | | | | | | | | * tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because gnupg_homedir already returns abd absolute name. (scdaemon_runtime_change): Ditto. (dirmngr_runtime_change): Ditto. (gc_component_launch): Support --homedir. -- GnuPG-bug-id: 4496 Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Minor edit for a gpg option.Werner Koch2019-05-141-2/+2
| | | | | -- GnuPG-bug-id: 4507
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 17:24:19 +0100