summaryrefslogtreecommitdiffstats
path: root/kbx/keybox-blob.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* kbx: Let keydb_search skip unwanted blobs.Werner Koch2014-10-311-5/+5
| | | | | | | | | | | | | | | * kbx/keybox.h (keybox_blobtype_t): New. * kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*. * kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip non-matching blobs. * sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search. * g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search. -- Without this fix a listing of all keys would fail because the wrong blob type would be returned for the gpg or gpgsm. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Take care to use pubring.kbx if it has ever been used.Werner Koch2014-10-091-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp. * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header flag. * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp and set header flag. * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static and add arg for_openpgp. (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the former keybox_new. * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the openpgp header flags. * g10/keydb.c (rt_from_file): New. Factored out and extended from keydb_add_resource. (keydb_add_resource): Switch to the kbx file if it has the openpgp flag set. * kbx/keybox-dump.c (dump_header_blob): Print header flags. -- The problem was reported by dkg on gnupg-devel (2014-10-07): I just discovered a new problem, though, which will affect people on systems that have gpg and gpg2 coinstalled: 0) create a new keyring with gpg2, and use it exclusively with gpg2 for a while. 1) somehow (accidentally?) use gpg (1.4.x) again -- this creates ~/.gnupg/pubring.gpg 2) future runs of gpg2 now only look at pubring.gpg and ignore pubring.kbx -- the keys you had accumulated in the keybox are no longer listed in the output of gpg2 --list-keys Note that gpgsm has always used pubring.kbx and thus this file might already be there but without gpg ever inserted a key. The new flag in the KBX header gives us an indication whether a KBX file has ever been written by gpg >= 2.1. If that is the case we will use it instead of the default pubring.gpg. Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx: Make user id and signature data optional for OpenPGP.Werner Koch2014-08-181-11/+16
| | | | | | | | * kbx/keybox-blob.c (_keybox_create_openpgp_blob): Remove restriction. -- Although self-signature and key binding signatures are required by OpenPGP, we should not enforce that in the storage backend.
* Two minor code cleanups and one NULL deref on error fix.Werner Koch2014-04-161-2/+2
| | | | | | | | | | * common/estream.c (es_freopen): Remove useless check for STREAM. * kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check for BLOB. * tools/sockprox.c (run_proxy): Do not fclose(NULL). -- Found by Hans-Christoph Steiner with cppcheck.
* kbx: Implement update operation for OpenPGP keyblocks.Werner Koch2013-11-151-2/+3
| | | | | | | | | | | | | | | * kbx/keybox-update.c (keybox_update_keyblock): Implement. * kbx/keybox-search.c (get_blob_flags): Move to ... * kbx/keybox-defs.h (blob_get_type): here. * kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB. * g10/keydb.c (build_keyblock_image): Allow calling without R_SIGSTATUS. (keydb_update_keyblock): Implement for keybox. * kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed size. Print "does not expire" also on 64 bit platforms. Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx: Switch from MD5 to SHA-1 for the checksum.Werner Koch2013-01-081-7/+9
| | | | | | | | | | | | | | | | * kbx/keybox-blob.c (put_membuf): Use a NULL buf to store zero bytes. (create_blob_finish): Write just the needed space. (create_blob_finish): Switch to SHA-1. * kbx/keybox-dump.c (print_checksum): New. (_keybox_dump_blob): Print the checksum and the verification status. -- The checksum was never used in the past. Due to fast SHA-1 computations in modern CPUs we now use SHA-1. Eventually we will support a First blob flag to enable the use of a secret or public HMAC-SHA1. The first may be used for authentication of keyblocks and the latter to mitigate collission attacks on SHA-1. It is not clear whether this will be useful at all.
* kbx: Update blob specificationWerner Koch2013-01-081-86/+112
| | | | | | -- Mainly formatting updates. The only actual change is the checksum which is now declared as SHA-1.
* gpg: Add signature cache support to the keybox.Werner Koch2012-12-281-3/+10
| | | | | | | | | | | | | | | | | | | * g10/keydb.c (parse_keyblock_image): Add arg SIGSTATUS. (keydb_get_keyblock): Handle it. (build_keyblock_image): Add arg SIGSTATUS. (keydb_insert_keyblock): Handle it. * kbx/keybox-blob.c (pgp_create_sig_part): Add arg SIGSTATUS. (_keybox_create_openpgp_blob): Ditto. * kbx/kbxutil.c (import_openpgp): Adjust for above change. * kbx/keybox.h (KEYBOX_FLAG_SIG_INFO): New. * kbx/keybox-search.c (_keybox_get_flag_location): Handle new flag. (keybox_get_keyblock): Add arg R_SIGSTATUS. * kbx/keybox-update.c (keybox_insert_keyblock): Add arg SIGSTATUS. -- With this change a key listing using the keybox format is now double as fast as using a keyring. The memory use dropped as well. Measured with about 1500 keys.
* gpg: First working support for keyboxes.Werner Koch2012-12-281-149/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_fast): Improve the assertion. * kbx/keybox.h: Include iobuf.h. * kbx/keybox-blob.c (keyboxblob_uid): Add field OFF. (KEYBOX_WITH_OPENPGP): Remove use of this macro. (pgp_create_key_part_single): New. (pgp_temp_store_kid): Change to use the keybox-openpgp parser. (pgp_create_key_part): Ditto. (pgp_create_uid_part): Ditto. (pgp_create_sig_part): Ditto. (pgp_create_blob_keyblock): Ditto. (_keybox_create_openpgp_blob): Ditto. * kbx/keybox-search.c (keybox_get_keyblock): New. * kbx/keybox-update.c (keybox_insert_keyblock): New. * g10/keydb.c (parse_keyblock_image): (keydb_get_keyblock): Support keybox. (build_keyblock_image): New. (keydb_insert_keyblock): Support keybox. * kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print a kbx file to stdout. * kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6 bytes. -- Import and key listing does now work with the keybox format. It is still quite slow and signature caching is completely missing. Increasing the maximum allowed length for a keyblock was required due to a 700k keyblock which inhibited kbxutil to list the file. kbxutil's option name --import-openpgp is not quite appropriate because it only creates KBX blobs from OpenPGP data.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-43/+43
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* fix reallocation bugWerner Koch2010-07-231-0/+1
|
* More changes on the way to remove secring.gpg.Werner Koch2010-04-211-14/+2
|
* Implement --faked-systrem-time for gpg.Werner Koch2009-12-171-0/+3
| | | | | Typo and comment fixes.
* Marked all unused args on non-W32 platforms.Werner Koch2008-10-201-1/+2
|
* Fixed bug#907.Werner Koch2008-05-061-6/+6
| | | | | Fixed a segv in keybox and made it more robust.
* Fixed an email/DN bug.Werner Koch2008-03-131-11/+23
| | | | | Changed pinentry prompts.
* Fixed a W32 crash in gpg2 when creating a new keyring.Werner Koch2008-01-291-1/+1
| | | | | Typo fixes.
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* kbx/Werner Koch2007-03-201-1/+1
| | | | | | | | | | | | | | | | | | | | * keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL): New. * keybox-update.c (keybox_compress): Use it here instead of a magic constant. sm/ * fingerprint.c (gpgsm_get_fingerprint): Add caching. (gpgsm_get_fingerprint_string): Use bin2hexcolon(). (gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only as much memory as required. (gpgsm_get_keygrip_hexstring): Use bin2hex. * certchain.c (gpgsm_validate_chain): Keep track of the certificate chain and reset the ephemeral flags. * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK. Changed caller to use a mask of ~0. Return a proper error code if the certificate is not available.
* Updated FSF's address.Werner Koch2006-06-201-1/+2
|
* Preparing an interim releaseWerner Koch2005-11-281-1/+1
|
* gcc-4 defaults forced me to edit many many files to get rid of theWerner Koch2005-06-161-21/+24
| | | | | | | char * vs. unsigned char * warnings. The GNU coding standards used to say that these mismatches are okay and better than a bunch of casts. Obviously this has changed now.
* The keybox gets now compressed after 3 hours and ephemeralWerner Koch2004-04-261-4/+23
| | | | | stored certificates are deleted after about a day.
* * keybox.h (keybox_flag_t): New.Werner Koch2004-02-021-4/+7
| | | | | | | | | | | | | | | | | | | | | * keybox-search.c (get_flag_from_image, keybox_get_flags): New. (_keybox_get_flag_location): New. * certchain.c (gpgsm_validate_chain): Mark revoked certs in the keybox. * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a revoked flag. (list_internal_keys): Retrieve validity flag. (list_external_cb): Pass 0 as validity flag. * keydb.c (keydb_get_flags, keydb_set_flags): New. (keydb_set_cert_flags): New. (lock_all): Return a proper error code. (keydb_lock): New. (keydb_delete): Don't lock but check that it has been locked. (keydb_update_keyblock): Ditto. * delete.c (delete_one): Take a lock.
* comment typo fixes.Werner Koch2004-01-161-2/+2
|
* Replaced deprecated type namesWerner Koch2003-12-171-2/+2
|
* Mainly changes to adjust for the changed KSBA API.Werner Koch2003-11-121-0/+1
|
* This commit was manufactured by cvs2svn to create branchRepo Admin2003-08-051-0/+1008
| | | | 'GNUPG-1-9-BRANCH'.
* This commit was manufactured by cvs2svn to create branchRepo Admin2002-10-191-1007/+0
| | | | 'GNUPG-1-9-BRANCH'.
* * keybox-defs.h: New BLOBTYPTE_EMPTY.Werner Koch2002-07-221-3/+12
| | | | | | | | | | * keybox-dump.c (_keybox_dump_blob): Handle new type. * keybox-file.c (_keybox_read_blob): Skip over empty blobs. Store the file offset. * keybox-blob.c (_keybox_new_blob): Add new arg OFF. (_keybox_get_blob_fileoffset): New. * keybox-update.c (keybox_delete): Implemented.
* * keybox-init.c (keybox_set_ephemeral): New.Werner Koch2002-06-191-8/+9
| | | | | | | | | | | * keybox-blob.c (create_blob_header): Store epheermal flag. (_keybox_create_x509_blob): Pass epheermal flag on. * keybox-update.c (keybox_insert_cert): Ditto. * keybox-search.c (blob_get_blob_flags): New. (keybox_search): Ignore ephemeral blobs when not in ephemeral mode. * keybox-dump.c (_keybox_dump_blob): Print blob flags as strings.
* * keybox-blob.c (_keybox_create_x509_blob): Skip the leadingWerner Koch2001-12-201-7/+13
| | | | | | | parenthesis of the serial number's S-exp. (_keybox_create_x509_blob): And fixed length calculation. (create_blob_header): Don't add an offset when writing the serial.
* * keybox-blob.c (_keybox_create_x509_blob): Skip the leadingWerner Koch2001-12-201-1/+5
| | | | | parenthesis of the serial number's S-exp.
* Changes to be used with the new libksba interface.Werner Koch2001-12-181-3/+11
| | | | | libgcrypt-1.1.5 is required (cvs or tarball)
* * keybox-blob.c (x509_email_kludge): New.Werner Koch2001-12-141-14/+22
| | | | | | | (_keybox_create_x509_blob): Insert an extra email address if the subject's DN has an email part. * keybox-defs.h: Added the xtoi_2 and digitp macros.
* * util.h (digitp, hexdigitp): New ctype like macros.Werner Koch2001-12-141-1/+28
| | | | | | | | (atoi_1,atoi_2,atoi_4,xtoi_1,xtoi_2): New. * command.c: Removed the conversion macros as they are now in ../common/util.h.
* * keybox-search.c (blob_cmp_name): Kludge to allow searching forWerner Koch2001-12-131-18/+55
| | | | | | | | | | | | more than one name. (has_subject_or_alt): New. (blob_cmp_mail): New. (has_mail): New. (keybox_search): Implemented exact search and exact mail search. * kbx/keybox-blob.c (_keybox_create_x509_blob): Insert alternate names.
* We have reached a state where we are able to import certs andWerner Koch2001-11-131-81/+233
| | | | | check the certification path.
* Started with keybox implementation by basing it on code from the GnuPGWerner Koch2001-11-101-0/+755
devel branch.