summaryrefslogtreecommitdiffstats
path: root/sm (follow)
Commit message (Collapse)AuthorAgeFilesLines
* build: New configure option --disable-testsWerner Koch2020-08-201-0/+4
| | | | | | | | * configure.ac: Add option --disable-tests. Print warnings in the summary. (DISABLE_TESTS): New am_conditional. -- GnuPG-bug-id: 4960
* gpg,gpgsm: Record the creation time of a private key.Werner Koch2020-08-191-3/+11
| | | | | | | | | | | | | | | | | * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option. (gpgsm_agent_import_key): Ditto. * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on. (agent_import_key): Ditto. * g10/import.c (transfer_secret_keys): Pass the creation date to the agent. * g10/keygen.c (common_gen): Ditto. -- Having the creation time in the private key file makes it a lot easier to re-create an OpenPGP public keyblock in case it was accidentally lost. Signed-off-by: Werner Koch <wk@gnupg.org>
* Silence compiler warnings.NIIBE Yutaka2020-08-191-1/+1
| | | | | | | | | | * common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum conversion. * dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from int to float. * sm/gpgsm.c (parse_keyserver_line): Initialize ERR. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Add --chuid to gpg, gpg-card, and gpg-connect-agent.Werner Koch2020-08-141-6/+10
| | | | | | | | | | | | | | | | | | | * g10/gpg.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. Delay setting of homedir until the new chuid is done. * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is done. * tools/gpg-card.c (oChUid): New. (opts): Add --chuid. (changeuser): New helper var. (main): Implement --chuid. * tools/gpg-connect-agent.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. -- Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgsm: New option --chuid.Werner Koch2020-08-061-1/+12
| | | | | | | | | | * sm/gpgsm.c (oChUid, opts): New option --chuid. (main): Implement option. -- This option will at least be useful for Scute. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Also show the SHA-256 fingerprint.Werner Koch2020-08-041-1/+13
| | | | | | | | * sm/keylist.c (list_cert_colon): Emit a new "fp2" record. (list_cert_raw): Print the SHA2 fingerprint. (list_cert_std): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
* w32: Add NETLIBS for sm/t-minip12.NIIBE Yutaka2020-07-301-1/+1
| | | | | | | | | * sm/Makefile.am (t_minip12_LDADD): Add NETLIBS. -- GnuPG-bug-id: 4944 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* w32: Add link to $(NETLIB) for -lws2_32.NIIBE Yutaka2020-07-301-1/+1
| | | | | | | | | | | * dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS). * sm/Makefile.am (gpgsm_LDADD): Ditto. * tools/Makefile.am (gpg_wks_client_LDADD): Ditto. -- GnuPG-bug-id: 4994 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Do not use the pinentry's qualitybarWerner Koch2020-07-081-1/+1
| | | | | | | | | | | | | | | | * agent/genkey.c (agent_ask_new_passphrase): No qualitybar. * g10/call-agent.c (agent_get_passphrase): Ditto. * sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto. -- The concept of a passphrase quality indicator is anyway questionable because user are smart enough to trick them out and they also tend to limit the actually used entropy. Except for the red/green switching (to show whether constraints are fulfilled) our qualitybar is pretty bad and thus worse than none. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgsm: Replace all assert calls by log_assert.Werner Koch2020-07-0819-44/+29
| | | | | | -- Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Exclude rsaPSS from de-vs compliance mode.Werner Koch2020-07-038-76/+145
| | | | | | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_RSAPSS): New. * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and test rsaPSS. Adjust all callers. (gnupg_pk_is_allowed): Ditto. * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function. (gpgsm_get_hash_algo_from_sigval): New. * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS. * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to also get the algo flags. Pass algo flags along. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Fix regression in Friday's commitWerner Koch2020-06-291-2/+2
| | | | | | | | * sm/gpgsm.c (main): Set ERR also for encrypt. -- Fixes-commit: ccbb0cfeefed096a9841b6557d10eef12d55b721 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Try not to output a partial new message after an error.Werner Koch2020-06-261-2/+19
| | | | | | | | | | | | | | | | | * sm/gpgsm.c (main) <aSign,aEncr>: Uses gpgrt_fcancel on error. -- When creating a signature or encrypting and the respective key is not available or the user canceled the PIN entry gpgsm prints the initial part of the message due to internal buffering in gpgrt. By using gpgrt_fcancel we can avoid this at least as long as the data is less than the standard buffer size (which is currently 8k). If is not a complete solution but the best we can do easily. Outputting to the tty is anyway more of a testing aid than for real use. This makes use of the new gpgrt_fcancel API. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Print the serial number of a cert also in decimal.Werner Koch2020-06-263-3/+89
| | | | | | | | | | | | * sm/certdump.c: Include membuf.h. (gpgsm_print_serial_decimal): New. * sm/keylist.c (list_cert_raw): Print s/n also in decimal (list_cert_std): Ditto. -- Many CA's print the serial number in decimal on their cards. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Fix support verification of nistp521 signatures.Werner Koch2020-06-251-1/+1
| | | | | | | | * sm/certcheck.c (do_encode_md): Fix obvious bug. -- Fixes-commit: 596212e71abf33b30608348b782c093dace83110 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support verification of nistp521 signatures.Werner Koch2020-06-171-5/+8
| | | | | | | | | | | * sm/certcheck.c (do_encode_md): Take care of nistp521. -- That curve is a bit odd in that it does not match a common hash digest length. We fix that here for just this case instead of writing more general code to support all allowed cases (i.e. hash shorter than Q). Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Fix recently introduced regression in CSR creation.Werner Koch2020-06-031-1/+5
| | | | | | | | * sm/certreqgen.c (create_request): Also set SIGKEYLEN. -- Fixes-commit: 44676819f2873705b78849e7b2fd22214b691642 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Create ECC certificates with AKI and SKI by default.Werner Koch2020-05-191-31/+127
| | | | | | | | * sm/certreqgen.c (create_request): Create AKI and SKI by default. -- GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support creation of EdDSA certificates.Werner Koch2020-05-184-63/+183
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/misc.c (transform_sigval): Support EdDSA. * sm/certreqgen.c (create_request): Support EdDSA cert creation. * sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to hash algos. * sm/call-agent.c (struct sethash_inq_parm_s): New. (sethash_inq_cb): New. (gpgsm_agent_pksign): Add mode to pass plain data for EdDSA. -- Tested using a parameter file Key-Type: EdDSA Key-Length: 1024 Key-Grip: 09D9AE3D494F7888C93BE5106AD8A734A87617F0 Key-Usage: sign Serial: random Name-DN: CN=dummy test ed25519 where the keygrip is from a gpg generated Ed25519 key. ECDSA was tested using Key-Type: ECDSA Key-Length: 1024 Key-Grip: 8E06A180EFFE4C65B812150CAF19BF30C0689A4C Key-Usage: sign Serial: random Name-DN: CN=dummy test nistp256 and RSA using Key-Type: RSA Key-Length: 2048 Key-Grip: C6A6390E9388CDBAD71EAEA698233FE5E04F001E Key-Usage: sign Serial: random Name-DN: CN=dummy test rsa The command used in all cases is gpgsm -v --gen-key --batch a.parm >a.crt gpgsm -v --import <a.crt More support, in particular in the user interface, is required and will follow soon. GnuPG-bug-id: 4888 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support import and verification of EdDSA certificates.Werner Koch2020-05-133-17/+143
| | | | | | | | | | | | | | * sm/certdump.c (gpgsm_get_serial): New. * sm/certcheck.c (gpgsm_check_cert_sig): Support EdDSA signatures. -- Note that this does not work with the self-signed RFC-8410 sample certificate; see the code for comments. The Ed488 case has not been tested due to a lack of support in Libgcrypt. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support signing using ECDSA.Werner Koch2020-05-112-32/+54
| | | | | | | | | | * sm/gpgsm.h (struct certlist_s): Add helper field pk_algo. * sm/sign.c (gpgsm_sign): Store the public key algo. Take the hash algo from the curve. Improve diagnostic output in verbose mode. -- GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.Werner Koch2020-05-084-67/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/decrypt.c (ecdh_decrypt): Support dhSinglePass-stdDH-sha1kdf-scheme. Factor key derive code out to ... (ecdh_derive_kek): new global function. Allow for hashs shorter than the key. (hash_ecc_cms_shared_info): Make file-only. * sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the new ecdh_derive_kek. Add test code to create data using dhSinglePass-stdDH-sha1kdf-scheme. * sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf. * sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf. -- I did some test against Governikus_Signer: 2.9.2.0 MCard security Provider: 2.4.0 Algorithm catalog from: 05.12.2019 using a Signature Card v2.0 and a nistp256 certificate. Encrypting with Governikus used the stdDH-sha1kdf scheme which we can now decrypt. Encrypting with GPGSM uses for that curve the recommended scheme sha256kdf but Governikus was not able to decrypt this (no usable error message). Encrypting using stdDH-sha1kdf with GPGSM by using the new --debug-force-ecdh-sha1kdf option showed that Governikus was able to decrypt this. FWIW: RFC5753 (Use of Elliptic Curve Cryptography (ECC) Algorithms) has this requirement: Implementations that support EnvelopedData with the ephemeral-static ECDH standard primitive: - MUST support the dhSinglePass-stdDH-sha256kdf-scheme key agreement algorithm, the id-aes128-wrap key wrap algorithm, and the id-aes128-cbc content encryption algorithm; and which Governikus seems not to fulfill. GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Print algorithm infos in data decryption mode.Werner Koch2020-05-081-0/+13
| | | | | | | | * common/sexputil.c (cipher_mode_to_string): New. * sm/decrypt.c (prepare_decryption): Show cipher algo and mode. (gpgsm_decrypt): Show key algo and fingerprint Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.Werner Koch2020-05-084-8/+13
| | | | | | | | | | | * common/sexputil.c (pubkey_algo_to_string): New. * sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC. * sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms. * sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA. * sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA. Use new pubkey algo name function Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Improve readability of the data verification output.Werner Koch2020-05-081-35/+66
| | | | | | | | | | * sm/verify.c (gpgsm_verify): Print the used algorithms. -- Note that we now use the full fingerprint instead of the certificate id. This better aligns with what we do in gpg. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Fix annoying warning about not yet implemented --attribute.Werner Koch2020-05-071-1/+2
| | | | | | -- Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Print the key types as standard key algorithm strings.Werner Koch2020-05-073-14/+84
| | | | | | | | | | | | | | | | * sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ... (gpgsm_get_key_algo_info2): new. (gpgsm_pubkey_algo_string): New. * sm/keylist.c (list_cert_colon): Put curve into field 17 (list_cert_raw): Print the unified key algotithm string instead of the algo and size. (list_cert_std): Ditto. -- It is important to known whether a 256 bit ECC uses a NIST or a Brainpool curve. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support decryption of ECDH data using a smartcard.Werner Koch2020-05-071-8/+11
| | | | | | | | | | * sm/decrypt.c (ecdh_decrypt): Add arg nbits and detect bare secret. (prepare_decryption): Add arg nbits and pass on. (gpgsm_decrypt): Pass size of curve to prepare_decryption. -- GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support encryption using ECDH keys.Werner Koch2020-05-043-13/+313
| | | | | | | | | | | | | | * sm/decrypt.c (hash_ecc_cms_shared_info): Make global. * sm/encrypt.c (ecdh_encrypt): New. (encrypt_dek): Add arg PK_ALGO and support ECDH. (gpgsm_encrypt): Pass PK_ALGO. -- Note: This has only been tested with a messages created and decrypted by GnuPG. GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Typo fixes in code commentsWerner Koch2020-05-041-1/+1
| | | | | | -- Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Add support to export ECC private keys.Werner Koch2020-04-274-211/+559
| | | | | | | | | | | | | | | | | | | * sm/minip12.c [TEST]: Remove test code. Include util.h, tlv.h. and openpgpdefs.h. Remove the class and tag constants and replace them by those from tlv.h. (builder_add_oid, builder_add_mpi): New. (build_key_sequence): Rename to ... (build_rsa_key_sequence): this. (build_ecc_key_sequence): New. (p12_build): Call RSA or ECC builder. (p12_raw_build): Ditto. * sm/export.c (gpgsm_p12_export): Use correct armor header for ECC. (sexp_to_kparms): Support ECC. * sm/t-minip12.c: New to replace the former TEST code in minip12.h. -- GnuPG-bug-id: 4921
* sm: Minor debug output format changes.Werner Koch2020-04-233-3/+3
| | | | --
* sm: Support decryption of ECDH data.Werner Koch2020-04-231-37/+365
| | | | | | | | | | | | | | | | | * sm/decrypt.c: Include tlv.h. (string_from_gcry_buffer): New. (hash_ecc_cms_shared_info): New. (ecdh_decrypt): New. (prepare_decryption): Support ECDH. Add arg pk_algo. (gpgsm_decrypt): Lift some variables from an inner code block. -- Note: This has only been tested with a single messages created by OpenSSL and taken from the Mozilla bug tracker. In particular the code to included UserKeyingMaterial (ukm) has not been tested. GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support import of PKCS#12 encoded ECC private keys.Werner Koch2020-04-213-62/+198
| | | | | | | | | | | | | * sm/minip12.c: Include ksba.h. (oid_pcPublicKey): New const. (parse_bag_data): Add arg 'r-curve'. Support parsing of ECC private keys. (p12_parse): Add arg 'r_curve'. * sm/import.c (parse_p12): Support ECC import. -- GnuPG-bug-id: 4921 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Replace some debug message by log_error or log_infoWerner Koch2020-04-212-8/+10
| | | | | | -- Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.Werner Koch2020-04-161-6/+11
| | | | | | | | | * sm/certchain.c (find_up): Disable external lookups in offline mode. Always allow AKI lookup if CRLs are also enabled. -- GnuPG-bug-id: 4898 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Lookup missing issuers first using authorityInfoAccess.Werner Koch2020-04-164-26/+180
| | | | | | | | | | | | | | | | * sm/call-dirmngr.c (gpgsm_dirmngr_lookup): Add optional arg URL and adjust all callers. * sm/certchain.c (oidstr_caIssuers): New. (struct find_up_store_certs_s): Add additional fields. (find_up_store_certs_cb): Store the fingerprint. (find_up_via_auth_info_access): New. (find_up): Try the AIA URI first. -- Note that --auto-issuer-key-retrieve is required to use that. GnuPG-bug-id: 4898 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm,dirmngr: Restrict allowed parameters used with rsaPSS.Werner Koch2020-04-151-1/+39
| | | | | | | | | | | | | | | * sm/certcheck.c (extract_pss_params): Check the used PSS params. * dirmngr/crlcache.c (finish_sig_check): Ditto. * dirmngr/validate.c (check_cert_sig): Ditto. -- GnuPG-bug-id: 4538 # ------------------------ >8 ------------------------ See https://www.metzdowd.com/pipermail/cryptography/2019-November/035449.html Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support rsaPSS verification also for CMS signatures.Werner Koch2020-04-142-40/+112
| | | | | | | | | * sm/certcheck.c (gpgsm_check_cert_sig): Factor PSS parsing out to ... (extract_pss_params): new. (gpgsm_check_cms_signature): Implement PSS. -- GnuPG-bug-id: 4538
* dirmngr: Support rsaPSS also in the general validate module.Werner Koch2020-04-091-1/+5
| | | | | | | | | | | | | | | | | | * dirmngr/validate.c (hash_algo_from_buffer): New. (uint_from_buffer): New. (check_cert_sig): Support rsaPSS. * sm/certcheck.c (gpgsm_check_cert_sig): Fix small memory leak on error. -- Yes, I know that there is a lot of code duplication. In fact some of the code is ugly and it would be better if we enhance Libgcrypt to guarantee that returned memory buffers via gcry_sexp_extract_param are allways Nul terminated and we should also enhance that function to directly extract into an unsigned int or char *. GnuPG-bug-id: 4538 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm,dirmngr: Support rsaPSS signature verification.Werner Koch2020-04-091-45/+145
| | | | | | | | | | | | | | | | * sm/certcheck.c (hash_algo_from_buffer): New. (uint_from_buffer): New. (gpgsm_check_cert_sig): Handle PSS. * dirmngr/crlcache.c (hash_algo_from_buffer): New. (uint_from_buffer): New. (start_sig_check): Detect PSS and extract hash algo. New arg to return a PSS flag. (finish_sig_check): New arg use_pss. Extract PSS args and use them. (crl_parse_insert): Pass use_pss flag along. -- GnuPG-bug-id: 4538 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Fix a warning in an es_fopencooie function.Werner Koch2020-04-011-0/+4
| | | | | | | | | | | | | | * sm/certdump.c (format_name_writer): Take care of a flush request. -- We won't see a flush here so that fix does not solve a real bug but we want to be correct. Note that this function seems to predate the es_fopenmem function and thus in master (2.3) we should replace it entirely. GnuPG-bug-id: 4495 Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from 2.2 commit 8d0d61aca3d2713df8a33444af3658b859d72be8)
* sm: Fix possible NULL deref in error messages of --gen-key.Werner Koch2020-03-301-20/+20
| | | | | | | | * sm/certreqgen.c: Protect printing the liniernur in case of !R. -- GnuPG-bug-id: 4895 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Consider certificates w/o CRL DP as valid.Werner Koch2020-03-273-0/+25
| | | | | | | | | | | | | | | | | | | * sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP. * common/audit.c (proc_type_verify): Print "n/a" if a cert has no distribution point. * sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check. * sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New. (opts): Add option --enable-issuer-based-crl-check. (main): Set option. -- If the issuer does not provide a DP and the user wants such an issuer, we expect that a certificate does not need revocation checks. The new option --enable-issuer-based-crl-check can be used to revert to the old behaviour which requires that a suitable LDAP server has been configured to lookup a CRL by issuer. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgsm: Fix the previous commit.NIIBE Yutaka2020-03-271-5/+5
| | | | Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpgsm: Support key generation with ECC.NIIBE Yutaka2020-03-261-5/+37
| | | | | | | | | * sm/certreqgen.c (pKEYCURVE): New. (read_parameters): Add pKEYCURVE handling. (proc_parameters): Support ECC key generation. GnuPG-bug-id: 4888 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpgsm: Remove restriction of key generation (only RSA).NIIBE Yutaka2020-03-261-8/+9
| | | | | | | | | | | * sm/certreqgen.c (proc_parameters): Remove checking GCRY_PK_RSA. -- This is an initial change to support ECC key generation. GnuPG-bug-id: 4888 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpgconf: Further simplify the gpgconf option processing.Werner Koch2020-03-141-18/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ... * tools/gpgconf-comp.c: here. (known_options_scdaemon): Remove "options". (known_options_dirmngr): Remove "options". (known_options_gpgsm): Remove "options". (known_options_gpg): Remove "options" and "keyserver". (struct gc_option_s): Rename active t gpgconf_list. (gc_component_list_options): Do not act upon active. (option_check_validity): Ditto. (is_known_option): Make it work correctly for unknown options. (retrieve_options_from_program): Use renamed flag gpgconf_list only to detect duplicated items from --gpgconf-list. Do not set runtime. Only e set the options if set by --gpgconf-list; never clear them. * agent/gpg-agent.c: Simplify the --gpgconf-list output. * dirmngr/dirmngr.c: Ditto. * g10/gpg.c: Ditto. * kbx/keyboxd.c: Ditto. * scd/scdaemon.c: Ditto. * sm/gpgsm.c: Ditto. * tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver" for the string arg test. -- There is no need to read the list of options from the components unless they convey a default value. It is better to consult only the list we have in gpgconf-comp.c to decide on whether an option should be displayed. Right, this might mess up thing if a newer gpgconf version is used with an older component, but we already print warnings in this case and in general we do not want to support this anymore - the times of gpg 1.4. and 2.0 are long over now. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgsm: Re-group the options in the --help output.Werner Koch2020-03-061-112/+127
| | | | | | | | | -- This looks better and is also required for further simplifications of gpgconf. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgconf: Support reading global options (part 2).Werner Koch2020-03-061-5/+9
| | | | | | | | | | | | | | | | | | | * tools/gpgconf-comp.c: Remove all regular option descriptions. They are now read in from the component. Also remove a few meanwhile obsolete options. * agent/gpg-agent.c: Add option description which were only set in gpgconf-comp.c. * dirmngr/dirmngr.c: Ditto. * scd/scdaemon.c: Ditto. * sm/gpgsm.c: Ditto. * g10/gpg.c: Ditto. -- This second part removes all regular option descriptions because they can be read from the components. A few were missing in the components and thus moved to there. Signed-off-by: Werner Koch <wk@gnupg.org>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-07 17:20:47 +0100