summaryrefslogtreecommitdiffstats
path: root/doc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* doc: fix spelling mistakesDaniel Kahn Gillmor2018-10-246-18/+18
| | | | Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* gpg: Don't take the a TOFU trust model from the trustdb,Werner Koch2018-10-101-1/+2
| | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model. (create_version_record): Don't init as TOFU. (tdbio_db_matches_options): Don't indicate a change in case TOFU is stored in an old trustdb file. -- This change allows to switch between a tofu and pgp or tofu+pgp trust model without an auto rebuild of the trustdb. This also requires that the tofu trust model is requested on the command line. If TOFU will ever be the default we need to tweak the model detection via TM_AUTO by also looking into the TOFU data base, GnuPG-bug-id: 4134
* gpg: New options import-drop-uids and export-drop-uids.Werner Koch2018-10-021-0/+10
| | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_DROP_UIDS): New. (EXPORT_DROP_UIDS): New. * g10/import.c (parse_import_options): Add option "import-drop-uids". (import_one): Don't bail out with that options and no uids found. Also remove all uids. (remove_all_uids): New. * g10/export.c (parse_export_options): Add option "export-drop-uids". (do_export_one_keyblock): Implement option. -- These options are required for experiments with changes to the keyserver infrastructure. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Minor additions to the gpg man pageWerner Koch2018-08-291-4/+10
| | | | | | | | | -- Includes a fix for GnuPG-bug-id: 3906 Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Show how to list envvars send to gpg-agent.Werner Koch2018-08-291-0/+9
| | | | | | | -- GnuPG-bug: 3353 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: New option --known-notation.Werner Koch2018-08-291-0/+7
| | | | | | | | | | | | | | * g10/gpg.c (oKnownNotation): New const. (opts): Add option --known-notation. (main): Set option. * g10/parse-packet.c (known_notations_list): New local var. (register_known_notation): New. (can_handle_critical_notation): Rewrite to handle the new feature. Also print the name of unknown notations in verbose mode. -- GnuPG-bug-id: 4060 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Use 128 MiB as default AEAD chunk size.Werner Koch2018-07-241-4/+10
| | | | | | | | | * g10/gpg.c (oDebugAllowLargeChunks): New. (opts): New option --debug-allow-large-chunks. (main): Implement that option. -- Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Print revocation reason for "rvs" records.Werner Koch2018-06-211-0/+9
| | | | | | | | | | | | | | | | | | | | * g10/import.c (get_revocation_reason): New. (list_standalone_revocation): Extend function. -- Note that this function extends the "rvs" field signature-class (field 11) with the revocation reason. GPGME does not yet parse this but it can be expected that the comma delimiter does not break other parsers. A new field is added to the "rvs" (and in future also the "rev") record to carry a record specific comment. Hopefully all parsers meanwhile learned the lesson from other new fields and don't bail out on more fields than they know about. This is partial solution to GnuPG-bug-id: 1173 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Let --show-keys print revocation certificates.Werner Koch2018-06-211-6/+8
| | | | | | | | | * g10/import.c (list_standalone_revocation): New. (import_revoke_cert): Call new function. -- GnuPG-bug-id: 4018 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Add new usage option for drop-subkey filters.Daniel Kahn Gillmor2018-06-121-0/+5
| | | | | | | | | | | | | | * g10/import.c (impex_filter_getval): Add new "usage" property for drop-subkey filter. -- For example, this permits extraction of only encryption-capable subkeys like so: gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR GnuPG-Bug-id: 4019 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* gpg: Set some list options with --show-keysWerner Koch2018-06-111-3/+5
| | | | | | | | | | | | * g10/gpg.c (main): Set some list options. -- The new command --show-keys is commonly used to check the content of a file with keys. In this case it can be expected that all included subkeys and uids are of interested, even when they are already expired or have been revoked. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Typo fixesWerner Koch2018-06-063-4/+4
| | | | | | | -- Reported-by: Claus Assmann <ca+gnupg-users@esmtp.org> Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: New command --show-keys.Werner Koch2018-06-061-1/+10
| | | | | | | | | | | | | | | | | | | * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Ignore the multiple message override options.Werner Koch2018-05-301-10/+1
| | | | | | | | | | | | | | | | | * g10/gpg.c (oAllowMultisigVerification) (oAllowMultipleMessages, oNoAllowMultipleMessages): Remove. (opts): Turn --allow-multisig-verification, --allow-multiple-messages and --no-allow-multiple-messages into NOPs * g10/options.h (struct opt): Remove flags.allow_multiple_messages. * g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is false. -- These options are very old compatibility hacks and should not be used anymore. We keep them as dummy options in case someone has them in the conf file. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Remove PGP6 compliance mode.Werner Koch2018-05-291-13/+6
| | | | | | | | * g10/gpg.c: Make --pgp6 an alias for --pgp7. * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6. * g10/options.h (PGP6): Remove. Adjust all users. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Add a hint about gpgsm and DECRYPTION_INFO.Werner Koch2018-05-291-1/+2
| | | | --
* gpg: Remove MDC optionsWerner Koch2018-05-291-14/+15
| | | | | | | | | | | | | | | | * g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc into NOPs. * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. (use_aead): Ignore MDC options. Print warning for missing MDC feature flags. * g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ... (warn_missing_aead_from_pklist): this and adjust. -- The MDC is now always used except with --rfc2440 which will lead to a a big fat warning. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Hard fail on a missing MDC even for legacy algorithms.Werner Koch2018-05-151-4/+5
| | | | | | | | * g10/mainproc.c (proc_encrypted): Require an MDC or AEAD * tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to allow testing with the current files. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Turn --no-mdc-warn into a NOP.Werner Koch2018-05-151-4/+0
| | | | | | | | | | | | | | | * g10/gpg.c (oNoMDCWarn): Remove. (opts): Make --no-mdc-warn a NOP. (main): Don't set var. * g10/options.h (struct opt): Remove 'no_mdc_var'. * g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false. * g10/mainproc.c (proc_encrypted): Ditto. -- Users should not be allowed to suppress the warning that they are shooting into their foot. Signed-off-by: Werner Koch <wk@gnupg.org>
* Merge branch 'STABLE-BRANCH-2-2' into masterWerner Koch2018-05-137-43/+112
|\ | | | | | | | | | | | | | | | | | | -- Resolved Conflicts: NEWS - removed configure.ac - removed Signed-off-by: Werner Koch <wk@gnupg.org>
| * doc: Update description of displayed trust values.Ineiev2018-05-074-32/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * doc/trust-values.texi: New file. * doc/Makefile.am (EXTRA_DIST): Add trust-values.texi. * doc/gnupg.texi (Trust Values): New chapter. * doc/gpg.texi (OpenPGP Key Management): Update the description of how trust values are displayed, replace table with a reference to Trust Values. * doc/gpg.texi (GPG Examples): Add @mansect trust values. -- Signed-off-by: Ineiev <ineiev@gnu.org>
| * dirmngr: Add the used TLS library to the debug output.Werner Koch2018-04-251-3/+4
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/http.c (send_request): Print the used TLS library in debug mode. -- We allow two different TLS libararies and thus it is useful to see that in the debug output of bug reports. Signed-off-by: Werner Koch <wk@gnupg.org>
| * doc: Update NEWS and add an example to gpg.texi.Werner Koch2018-04-231-1/+7
| | | | | | | | --
| * doc: Remove unneccesary empty flags in vsndf.prfAndre Heinecke2018-04-201-1/+1
| | | | | | | | | | | | * doc/examples/vsnfd.prf (max-cache-ttl): Remove empty flags. Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
| * gpg: Extend the "sig" record in --list-mode.Werner Koch2018-04-121-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call callers. (get_user_id): Add arg R_NOUID. Change call callers. * g10/mainproc.c (issuer_fpr_string): Make global. * g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key also in --list-mode. Print the "issuer fpr" field also if there is an issuer fingerprint subpacket. -- Scripts used to rely on the "User ID not found" string even in the --with-colons listing. However, that is not a good idea because that string is subject to translations etc. Now we have an explicit way of telling that a key is missing. For example: gpg --list-sigs --with-colons | \ awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}' Prints all keyids or fingerprint of signing keys for which we do not have the key in our local keyring. Signed-off-by: Werner Koch <wk@gnupg.org>
| * gpg: Extend the ERRSIG status line with a fingerprint.Werner Koch2018-04-121-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (issuer_fpr_raw): New. (issuer_fpr_string): Re-implement using issuer_fpr_rtaw. (check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW. Use write_status_printf. Extend ERRSIG status. -- Modern OpenPGP implementations put the ISSUER_FPR into the signature to make it easier to discover the, public needed to check the signature. This is also useful in error messages and thus we add it. Signed-off-by: Werner Koch <wk@gnupg.org>
| * gpg: New option --no-symkey-cache.Werner Koch2018-04-111-1/+10
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oNoSymkeyCache): New. (opts): Add that option. (main): Set var. * g10/options.h (struct opt): New field no_symkey_cache. * g10/passphrase.c (passphrase_to_dek): Implement that feature. Signed-off-by: Werner Koch <wk@gnupg.org>
* | Merge branch 'STABLE-BRANCH-2-2' into masterWerner Koch2018-04-102-5/+23
|\| | | | | | | | | | | | | | | | | -- Fixed conflicts: NEWS - keep master configure.ac - merge g10/card-util.c - mostly 2.2 g10/sig-check.c - 2.2
| * doc: Typo fix in gpg.texiWerner Koch2018-04-091-1/+1
| | | | | | | | | | | | -- Reported-by: Cody Brownstein
| * doc: Add an example for --default-new-key-algoWerner Koch2018-04-092-5/+14
| | | | | | | | --
| * doc: Document --key-edit:change-usageWerner Koch2018-04-091-0/+9
| | | | | | | | | | | | | | | | * g10/keyedit.c (menu_changeusage): Make strings translatable. -- GnuPG-bug-id: 3816 Signed-off-by: Werner Koch <wk@gnupg.org>
* | Merge branch 'STABLE-BRANCH-2-2' into masterWerner Koch2018-03-274-4/+45
|\|
| * gpg,sm: New option --request-origin.Werner Koch2018-03-232-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * g10/options.h (struct opt): Add field request_origin. * g10/call-agent.c (start_agent): Send option to the agent. * sm/gpgsm.c (oRequestOrigin): New const. (opts): New option --request-origin. (main): Parse that option. * sm/gpgsm.h (struct opt): Add field request_origin. * sm/call-agent.c (start_agent): Send option to the agent. Signed-off-by: Werner Koch <wk@gnupg.org>
| * agent: New OPTION pretend-request-originWerner Koch2018-03-231-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/shareddefs.h (request_origin_t): New. * common/agent-opt.c (parse_request_origin): New. (str_request_origin): New. * agent/command.c (option_handler): Implement new option. -- This allows to pretend that a request originated from the extra or browser socket. Signed-off-by: Werner Koch <wk@gnupg.org>
| * build: Fix the manual source field.NIIBE Yutaka2018-03-231-1/+1
| | | | | | | | Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
| * gpg: Implement --dry-run for --passwd.Werner Koch2018-03-221-1/+3
| | | | | | | | | | | | * g10/keyedit.c (change_passphrase): Take care of --dry-run. Signed-off-by: Werner Koch <wk@gnupg.org>
| * doc: man page grammarBen McGinnes2018-03-071-2/+2
| | | | | | | | | | | | -- Fixed two grammatical errors: their vs. there and oneself vs. one (one's self would still be too stilted).
* | Merge branch 'STABLE-BRANCH-2-2' into wk-masterWerner Koch2018-03-062-2/+5
|\|
| * agent: Also evict cached items via a timer.Werner Koch2018-03-061-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | * agent/cache.c (agent_cache_housekeeping): New func. * agent/gpg-agent.c (handle_tick): Call it. -- This change mitigates the risk of having cached items in a post mortem dump. GnuPG-bug-id: 3829 Signed-off-by: Werner Koch <wk@gnupg.org>
| * doc: Fix recently introduced typo in gpgsm.texi.Werner Koch2018-02-221-1/+1
| | | | | | | | --
* | Merge branch 'STABLE-BRANCH-2-2'Werner Koch2018-02-224-15/+31
|\|
| * doc: Clarify -export-secret-key-p12Werner Koch2018-02-221-3/+3
| | | | | | | | | | | | | | -- GnuPG-bug-id: 3788 Signed-off-by: Werner Koch <wk@gnupg.org>
| * doc: Add extra hint on unattended use of gpg.Werner Koch2018-02-211-0/+13
| | | | | | | | --
| * wks: Add special mode to --install-key.Werner Koch2018-02-201-10/+7
| | | | | | | | | | | | | | | | | | | | | | * tools/gpg-wks-client.c (get_key_status_parm_s) (get_key_status_cb, get_key): Move to ... * tools/wks-util.c: ...here. (get_key): Rename to wks_get_key. * tools/gpg-wks-server.c: Include userids.h. (command_install_key): Allow use of a fingerprint. Signed-off-by: Werner Koch <wk@gnupg.org>
| * wks: Implement server command --install-key.Werner Koch2018-02-201-4/+8
| | | | | | | | | | | | | | | | | | | | | | * tools/wks-util.c (wks_filter_uid): Add arg 'binary'. * tools/gpg-wks-server.c (main): Expect 2 args for --install-key. (write_to_file): New. (check_and_publish): Factor some code out to ... (compute_hu_fname): ... new. (command_install_key): Implement. Signed-off-by: Werner Koch <wk@gnupg.org>
| * doc: Add compliance de-vs to gpgsm in vsnfd.prfAndre Heinecke2018-02-091-0/+1
| | | | | | | | * doc/examples/vsnfd.prf: Set complaince mode for gpgsm.
* | Merge branch 'STABLE-BRANCH-2-2' into masterWerner Koch2018-01-253-10/+54
|\| | | | | | | Signed-off-by: Werner Koch <wk@gnupg.org>
| * doc: Note --quick-gen-key as an alias for --quick-generate-keyWerner Koch2018-01-251-0/+2
| | | | | | | | --
| * doc: Note pinentry-mode for passphrase optsAndre Heinecke2018-01-091-6/+11
| | | | | | | | | | | | | | * doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd): Note that pinentry-mode needs to be loopback. Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
| * wks: New server options --check, --with-dir, with-file.Werner Koch2017-12-191-4/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const. (opts): New options --check, --with-dir, and --with-file. (main): Call command_check_key. (command_list_domains): Implement option --with-dir. (fname_from_userid): New. (command_check_key): New. (command_remove_key): Implement existsing command. (command_revoke_key): Call command_remove_key as a simple implementation. Signed-off-by: Werner Koch <wk@gnupg.org>