5 years agodoc: Remove some stuff for the very incomplete instguide.
Werner Koch [Wed, 3 Sep 2014 07:45:20 +0000 (09:45 +0200)]
doc: Remove some stuff for the very incomplete instguide.


5 years agodoc: Typo fix
Werner Koch [Tue, 2 Sep 2014 14:01:25 +0000 (16:01 +0200)]
doc: Typo fix

Debian-bug-id: 760273

5 years agogpg: Fix export of NIST ECC keys.
Werner Koch [Tue, 2 Sep 2014 10:10:19 +0000 (12:10 +0200)]
gpg: Fix export of NIST ECC keys.

* common/openpgp-oid.c (struct oidtable): New.
(openpgp_curve_to_oid): Rewrite and allow OID as input.
(openpgp_oid_to_curve): Make use of the new table.

Due to the previous change we now usually store the OID with the
private key and not the name.  Thus during import we do not anymore
need to map the name to an oid but can use the oid directly.  We fix
that by extending openpgp_curve_to_oid to allow an oidstr as input.

5 years agoagent: Fix import of OpenPGP EdDSA keys.
Werner Koch [Tue, 2 Sep 2014 09:22:07 +0000 (11:22 +0200)]
agent: Fix import of OpenPGP EdDSA keys.

* agent/cvt-openpgp.c (get_keygrip): Special case EdDSA.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(apply_protection): Handle opaque MPIs.

(do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before
unpacking an opaque mpi.

The key transfer protocol between gpg and gpg-agent uses gcrypt
algorithm numbers which merge all ECC algorithms into one.  Thus it is
not possible to use the algorithm number to determine the EdDSA
algorithm.  We need to known that because Libgcrypt requires the
"eddsa" flag with the curve "Ed25519" to actually use the Ed25519
signature specification.

The last fix is for correctness; the first case won't be used anyway.

5 years agogpg: Fix export of ecc secret keys by adjusting check ordering.
Kyle Butt [Tue, 26 Aug 2014 21:11:47 +0000 (14:11 -0700)]
gpg: Fix export of ecc secret keys by adjusting check ordering.

* g10/export.c (transfer_format_to_openpgp): Move the check against
PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of

5 years agoagent: Allow key unprotection using AES-256.
Werner Koch [Mon, 1 Sep 2014 08:15:21 +0000 (10:15 +0200)]
agent: Allow key unprotection using AES-256.

* agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for
(do_decryption): Add args prot_cipher and prot_cipher_keylen.  USe
them instead of the hardwired values.
(agent_unprotect): Change to use a table of protection algorithms.
Add AES-256 variant.

This patch will make a possible future key protection algorithm
changes smoother.  AES-256 is also allowed although there is currently
no way to encrypt using it.

5 years agospeedo: Fix for non-Windows build of glib.
Werner Koch [Mon, 1 Sep 2014 08:10:30 +0000 (10:10 +0200)]
speedo: Fix for non-Windows build of glib.


5 years agogpg: Do not show "MD5" and triplicated "RSA" in --version.
Werner Koch [Thu, 28 Aug 2014 14:01:22 +0000 (16:01 +0200)]
gpg: Do not show "MD5" and triplicated "RSA" in --version.

* g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
(build_list_md_test_algo): Ignore MD5.

5 years agogpg: Remove CAST5 from the default prefs and order SHA-1 last.
Werner Koch [Tue, 26 Aug 2014 21:20:07 +0000 (23:20 +0200)]
gpg: Remove CAST5 from the default prefs and order SHA-1 last.

* g10/keygen.c (keygen_set_std_prefs): Update prefs.

5 years agoSwitch to the libgpg-error provided estream.
Werner Koch [Tue, 26 Aug 2014 15:47:22 +0000 (17:47 +0200)]
Switch to the libgpg-error provided estream.

* (NEED_GPG_ERROR_VERSION): Reguire 1.14.
(estream_INIT): Remove.
* m4/estream.m4: Remove.
* common/estream-printf.c, common/estream-printf.h: Remove.
* common/estream.c, common/estream.h: Remove.
* common/init.c (_init_common_subsystems): Call gpgrt initialization.

5 years agogpg: Allow for positional parameters in the passphrase prompt.
Werner Koch [Tue, 26 Aug 2014 08:16:04 +0000 (10:16 +0200)]
gpg: Allow for positional parameters in the passphrase prompt.

* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.

Without that at least the French translation does not always work
because it requires positional parameters.  Windows for example does
not support them as they are not defined by C99 but by POSIX.

5 years agogpg: Fix "can't handle public key algorithm" warning.
Werner Koch [Wed, 20 Aug 2014 07:59:36 +0000 (09:59 +0200)]
gpg: Fix "can't handle public key algorithm" warning.

* g10/parse-packet.c (unknown_pubkey_warning): Check for encr/sign

5 years agospeedo: Get version numbers from online database.
Werner Koch [Tue, 19 Aug 2014 10:49:45 +0000 (12:49 +0200)]
speedo: Get version numbers from online database.

* build-aux/ New.
* build-aux/ Get release version numbers from swdb.lst.

This should make maintaining GnuPG installations easier.  Running

 make -f /foo/gnupg/build-aux/ TARGETOS=native WHAT=release

downloads all GnuPG related packages and builds them.  The gnupg
directory may be a GIT checkout but in that case please run
./ on it first.  Note that currently swdb.lst is always
downloaded from and thus monitoring the network or the gnupg
machine reveal information on who is currently building GnuPG.  If
there is an easy way to detect that TOR is enabled this can be changed
to directly download from the GnuPG hidden service.

5 years agobuild: Create VERSION file via autoconf.
Werner Koch [Tue, 19 Aug 2014 09:12:26 +0000 (11:12 +0200)]
build: Create VERSION file via autoconf.

* (dist-hook): Remove creation of VERSION.
* Let autoconf create VERSION.

5 years agogpg: Install the current release signing pubkey.
Werner Koch [Mon, 18 Aug 2014 14:38:13 +0000 (16:38 +0200)]
gpg: Install the current release signing pubkey.

* g10/distsigkey.gpg: New.

This might be useful to help installing updates.

5 years agoagent: Return NO_SECKEY instead of ENONET for PKSIGN and others.
Werner Koch [Mon, 18 Aug 2014 13:42:54 +0000 (15:42 +0200)]
agent: Return NO_SECKEY instead of ENONET for PKSIGN and others.

* agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY.
* agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.

5 years agotests: Re-enable OpenPGP ecc test.
Werner Koch [Mon, 18 Aug 2014 10:55:54 +0000 (12:55 +0200)]
tests: Re-enable OpenPGP ecc test.


5 years agokbx: Make user id and signature data optional for OpenPGP.
Werner Koch [Mon, 18 Aug 2014 10:55:29 +0000 (12:55 +0200)]
kbx: Make user id and signature data optional for OpenPGP.

* kbx/keybox-blob.c (_keybox_create_openpgp_blob): Remove restriction.

Although self-signature and key binding signatures are required by
OpenPGP, we should not enforce that in the storage backend.

5 years agogpg: Change default cipher for --symmetric from CAST5 to AES-128.
Werner Koch [Mon, 18 Aug 2014 09:45:00 +0000 (11:45 +0200)]
gpg: Change default cipher for --symmetric from CAST5 to AES-128.

* g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES
depending on configure option.
* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.

5 years agoyat2m: Support @set and @value.
Werner Koch [Mon, 18 Aug 2014 09:42:10 +0000 (11:42 +0200)]
yat2m: Support @set and @value.

* doc/yat2m.c (variablelist): New.
(set_variable): New.
(macro_set_p): Also check the variables.
(proc_texi_cmd): Support the @value command.
(parse_file): Support the @set command.
(top_parse_file): Release variablelist.

5 years agoyat2m: Support the $* command for man page rendering.
Werner Koch [Mon, 18 Aug 2014 09:39:57 +0000 (11:39 +0200)]
yat2m: Support the $* command for man page rendering.

5 years agoestream: Change license from GPL to LPGL.
Werner Koch [Sun, 17 Aug 2014 13:24:48 +0000 (15:24 +0200)]
estream: Change license from GPL to LPGL.

* common/estream-printf.c, common/estream-printf.h: Change license.
* common/estream.c, common/estream.h: Ditto.

g10 Code is the sole copyright holder of Libestream and thus as CEO I
have the rights to to change the license.  This copy here in GnuPG is
currently the most current one thus the change is recorded in this
repository.  This change is also deemed valid for all older versions.

Signed-off-by: Werner Koch <>
5 years agoPost beta release update.
Werner Koch [Thu, 14 Aug 2014 15:15:04 +0000 (17:15 +0200)]
Post beta release update.


5 years agoRelease 2.1.0-beta783 gnupg-2.1.0-beta783
Werner Koch [Thu, 14 Aug 2014 15:08:03 +0000 (17:08 +0200)]
Release 2.1.0-beta783

5 years agopo: Update the German (de) translation
Werner Koch [Thu, 14 Aug 2014 15:15:04 +0000 (17:15 +0200)]
po: Update the German (de) translation

5 years agosm: Create homedir and lock empty keybox creation.
Werner Koch [Thu, 14 Aug 2014 15:14:21 +0000 (17:14 +0200)]
sm: Create homedir and lock empty keybox creation.

* sm/gpgsm.h (opt): Add field "no_homedir_creation".
* sm/gpgsm.c (main): Set it if --no-options is used.
* sm/keydb.c (try_make_homedir): New.  Similar to the one from
(maybe_create_keybox): New.  Similar to the one from g10/keydb.c.
(keydb_add_resource): Replace some code by maybe_create_keybox.

5 years agobuild: Yet another --find-version change.
Werner Koch [Thu, 14 Aug 2014 15:07:38 +0000 (17:07 +0200)]
build: Yet another --find-version change.


5 years agogpg: Screen keyserver responses.
Werner Koch [Thu, 14 Aug 2014 13:20:53 +0000 (15:20 +0200)]
gpg: Screen keyserver responses.

* g10/main.h (import_screener_t): New.
* g10/import.c (import): Add screener callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (struct ks_retrieval_screener_arg_s): New.
(keyserver_retrieval_screener): New.
(keyserver_get): Pass screener to import_keys_es_stream().
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring
that the keys fetched from the keyserver are in fact those selected by
the user beforehand.

Signed-off-by: Stefan Tomanek <>
This is an extended and fixed versions of Stefan's patch.  In addition
to the changes done in gnupg 2.0, namely the commits


the symbol names have been changed to "screener" to void mixing them
up with the iobuf filter feature and it has been changed to be used
with the dirmngr based keyserver lookup.

Signed-off-by: Werner Koch <>
5 years agoscd: Minor changes to app-sc-hsm.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
scd: Minor changes to app-sc-hsm.

* scd/app-sc-hsm.c: Re-indendet some parts and set some vars to NULL
after xfree for improbed robustness.
(read_ef_prkd): Replace serial operator by blocks for better
(apply_PKCS_padding): Rewrite for easier auditing.
(strip_PKCS15_padding): Ditto.  Add stricter check on SRCLEN.

Signed-off-by: Werner Koch <>
5 years agogpg: Disable an MD5 workaround for pgp2 by default.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
gpg: Disable an MD5 workaround for pgp2 by default.

* g10/sig-check.c (do_check): Move some code to ...
* g10/misc.c (print_md5_rejected_note): new function.
* g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround
only if option --allow-weak-digest-algos is used.

5 years agogpg: Remove options --pgp2 and --rfc1991.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
gpg: Remove options --pgp2 and --rfc1991.

* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove.  Remove all users.
(RFC2440, PGP2): Remove.  Remove all code only enabled by these
* tests/openpgp/clearsig.test: Remove --rfc1991 test.

The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5).  Thus we remove all support for
_creating_ PGP 2 compatible messages.

5 years agobuild: Fix base version hack.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
build: Fix base version hack.

* <find-version>: Fix.

5 years agogpg: Remove --compress-keys and --compress-sigs feature.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
gpg: Remove --compress-keys and --compress-sigs feature.

* g10/gpg.c (oCompressKeys, oCompressSigs): Remove.
(opts): Turn --compress-keys and --compress-signs in NOPs.
* g10/options.h (opt): Remove fields compress_keys and compress_sigs.
* g10/export.c (do_export): Remove compress_keys feature.
* g10/sign.c (sign_file): Remove compress_sigs feature.

These features are disabled in GnuPG since the very early days and
they fulfill no real purpose.  For now we keep the command line
options as dummys.

5 years agogpg: Add list-option "show-usage".
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
gpg: Add list-option "show-usage".

* g10/gpg.c (parse_list_options): Add "show-usage".
* g10/options.h (LIST_SHOW_USAGE): New.
* g10/keyid.c (usagestr_from_pk): Add arg FILL.  Change caller.
* g10/keylist.c (list_keyblock_print): Print usage info.

5 years agopo: Remove extra LF from ja.po
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
po: Remove extra LF from ja.po


5 years agogpg: Make --with-colons work again for --search-keys.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
gpg: Make --with-colons work again for --search-keys.

* g10/keyserver.c (search_line_handler): Replace log_debug by

5 years agospeedo: Comment typo fix
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
speedo: Comment typo fix


5 years agocommon: Fix typo in header inclusion protection macro.
Werner Koch [Mon, 11 Aug 2014 15:21:07 +0000 (17:21 +0200)]
common: Fix typo in header inclusion protection macro.

GnuPG-bug-id: 1669

5 years agopo: Update Japanese translation.
NIIBE Yutaka [Fri, 8 Aug 2014 01:00:46 +0000 (10:00 +0900)]
po: Update Japanese translation.

5 years agoscd: Minor and editorial changes to app-sc-hsm.c
Werner Koch [Thu, 24 Jul 2014 14:16:53 +0000 (16:16 +0200)]
scd: Minor and editorial changes to app-sc-hsm.c

* scd/app-sc-hsm.c (select_and_read_binary): Use SW_ macro.
(parse_certid): Remove useless test.
(send_certinfo, send_keypairinfo): Shrink malloc to the needed size.
(do_getattr): Ditto.
(verify_pin): Use SW_ macro.
(do_decipher): Replace OFS variable and extend comment.

Code parts which have not been audited are marked with a warning

5 years agoscd: Add a new status word code.
Werner Koch [Thu, 24 Jul 2014 14:16:53 +0000 (16:16 +0200)]
scd: Add a new status word code.

* scd/apdu.h (SW_REF_DATA_INV): New.
* scd/apdu.c (apdu_strerror): Add string.

5 years agoscd: Comment typo fixes.
Werner Koch [Thu, 24 Jul 2014 14:16:53 +0000 (16:16 +0200)]
scd: Comment typo fixes.


5 years agoscd: Support for SmartCard-HSM
Andreas Schwier [Fri, 18 Jul 2014 14:20:59 +0000 (16:20 +0200)]
scd: Support for SmartCard-HSM

* scd/app-sc-hsm.c: New.
* scd/app.c (select_application, get_supported_applications): Register
new app.

Add a read/only driver for scdaemon that provides access to keys and
certificates on a SmartCard-HSM (

The driver supports RSA and ECC keys on SmartCard-HSM cards and

The driver does not yet support the MicroSD edition.

ChangeLog and FSF copyright year fix by wk.

5 years agogpg: Switch to an EdDSA format with prefix byte.
Werner Koch [Thu, 24 Jul 2014 14:16:53 +0000 (16:16 +0200)]
gpg: Switch to an EdDSA format with prefix byte.

* g10/keygen.c (gen_ecc): USe "comp" for EdDSA.

5 years agopo: Update the German (de) translation
Werner Koch [Wed, 23 Jul 2014 19:12:10 +0000 (21:12 +0200)]
po: Update the German (de) translation


5 years agoagent: Show just one warning with all failed passphrase constraints.
Werner Koch [Wed, 23 Jul 2014 17:51:52 +0000 (19:51 +0200)]
agent: Show just one warning with all failed passphrase constraints.

* agent/genkey.c (check_passphrase_constraints): Build a final warning
after all checks.

5 years agoagent: Only one confirmation prompt for an empty passphrase.
Werner Koch [Wed, 23 Jul 2014 17:16:51 +0000 (19:16 +0200)]
agent: Only one confirmation prompt for an empty passphrase.

* agent/genkey.c (check_passphrase_constraints): Moev empty passphrase
check to the front.

5 years agogpg: Add command --quick-gen-key
Werner Koch [Wed, 23 Jul 2014 13:12:43 +0000 (15:12 +0200)]
gpg: Add command --quick-gen-key

* g10/gpg.c (aQuickKeygen): New.
* g10/misc.c (is_valid_user_id): New stub.
* g10/keygen.c (quickgen_set_para): New.
(quick_generate_keypair): New.

Note that the validation of the specified user id has not yet been

5 years agocommon: Add cpr_get_answer_is_yes_def()
Werner Koch [Wed, 23 Jul 2014 12:35:22 +0000 (14:35 +0200)]
common: Add cpr_get_answer_is_yes_def()

* g10/cpr.c (cpr_get_answer_is_yes): Factor code out to ....

5 years agogpg: Make --quick-sign-key promote local key signatures.
Werner Koch [Wed, 23 Jul 2014 10:18:19 +0000 (12:18 +0200)]
gpg: Make --quick-sign-key promote local key signatures.

* g10/keyedit.c (sign_uids): Promote local sigs in quick mode.

5 years agoRegister DCO for Andreas Schwier
Werner Koch [Wed, 23 Jul 2014 06:52:10 +0000 (08:52 +0200)]
Register DCO for Andreas Schwier


5 years agoscd: Do not use the pcsc-wrapper.
Werner Koch [Tue, 22 Jul 2014 14:16:33 +0000 (16:16 +0200)]
scd: Do not use the pcsc-wrapper.

* scd/apdu.c (NEED_PCSC_WRAPPER): Do not define.
* scd/ (libexec_PROGRAMS): Remove gnupg-pcsc-wrapper
(gnupg_pcsc_wrapper_SOURCES): Remove.
(gnupg_pcsc_wrapper_LDADD): Remove.
(gnupg_pcsc_wrapper_CFLAGS): Remove.

5 years agogpg: Improve --list-packets output for faulty packets.
Werner Koch [Mon, 21 Jul 2014 12:37:13 +0000 (14:37 +0200)]
gpg: Improve --list-packets output for faulty packets.

* g10/parse-packet.c: Add list_mode output for certain failures.

5 years agogpg: Cap size of attribute packets at 16MB.
Werner Koch [Mon, 21 Jul 2014 11:50:36 +0000 (13:50 +0200)]
gpg: Cap size of attribute packets at 16MB.

* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.

Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload.  This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte.  The fix is

In addition we cap the size of attribute packets similar to what we do
with user id packets.  OpenPGP keys are not the proper way to store

5 years agoPost beta release update
Werner Koch [Wed, 25 Jun 2014 12:33:34 +0000 (14:33 +0200)]
Post beta release update


5 years agoRelease 2.1.0-beta751 gnupg-2.1.0-beta751
Werner Koch [Wed, 25 Jun 2014 12:33:34 +0000 (14:33 +0200)]
Release 2.1.0-beta751

5 years agopo: Auto-update
Werner Koch [Wed, 25 Jun 2014 12:33:34 +0000 (14:33 +0200)]
po: Auto-update


5 years agogpg: Make show-uid-validity the default.
Werner Koch [Tue, 24 Jun 2014 07:53:46 +0000 (09:53 +0200)]
gpg: Make show-uid-validity the default.

5 years agotests: Fix end-of-all-ticks test for Western locales.
Werner Koch [Wed, 25 Jun 2014 12:33:34 +0000 (14:33 +0200)]
tests: Fix end-of-all-ticks test for Western locales.

* common/t-timestuff.c (test_timegm): Use timegm if available.
(main): Set TX to UTC if timegm is not available.

On OpenBSD 5.3 i386 that test failed due to the use of mktime.

Reported-by: Claus Assmann
5 years agogpg: Spelling error
Kristian Fiskerstrand [Wed, 2 Jul 2014 11:32:23 +0000 (13:32 +0200)]
gpg: Spelling error

5 years agospeedo: Update w32 installer
Werner Koch [Wed, 25 Jun 2014 12:33:34 +0000 (14:33 +0200)]
speedo: Update w32 installer


5 years agodoc: Add gnupg-logo.pdf
Werner Koch [Wed, 25 Jun 2014 12:33:34 +0000 (14:33 +0200)]
doc: Add gnupg-logo.pdf


5 years agogpg: Auto-create revocation certificates.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
gpg: Auto-create revocation certificates.

* (GNUPG_OPENPGP_REVOC_DIR): New config define.
* g10/revoke.c (create_revocation): Add arg "leadin".
(gen_standard_revoke): New.
* g10/openfile.c (get_openpgp_revocdir): New.
(open_outfile): Add MODE value 3.
* g10/keyid.c (hexfingerprint): New.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.

GnuPG-bug-id: 1042

5 years agoestream: Fix minor glitch in "%.*s" format.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
estream: Fix minor glitch in "%.*s" format.

* common/estream-printf.c (pr_string): Take care of non-nul terminated

5 years agogpg: Rearrange code in gen_revoke.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
gpg: Rearrange code in gen_revoke.

* g10/revoke.c (gen_revoke): Factor some code out to ...
(create_revocation): new.

5 years agogpg: Create exported secret files and revocs with mode 700.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
gpg: Create exported secret files and revocs with mode 700.

* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM.  Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
* g10/export.c (do_export): Pass true for new arg if SECRET is true.

GnuPG-bug-id: 1653.

Note that this works only if --output has been used.

5 years agocommon: Minor code cleanup for a legacy OS.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
common: Minor code cleanup for a legacy OS.

* common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals.

5 years agospeedo: Fix the w32 installer name
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
speedo: Fix the w32 installer name

5 years agopo: Auto-update
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
po: Auto-update


5 years agopo: Update some strings of the French (fr) translation.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
po: Update some strings of the French (fr) translation.

5 years agopo: Update the German (de) translation
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
po: Update the German (de) translation

5 years agoagent: Adjust for changed npth_eselect under W32.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
agent: Adjust for changed npth_eselect under W32.

* agent/gpg-agent.c (handle_connections) [W32]: Make events_set an
unsigned int to match the changed prototype.

5 years agodirmngr: Use the homedir based socket also under W32.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
dirmngr: Use the homedir based socket also under W32.

* common/homedir.c (dirmngr_user_socket_name): Use same code for all

5 years agopo: Update and enable Ukrainian (uk) translation.
Yuri Chornoivan [Fri, 27 Jun 2014 13:42:27 +0000 (15:42 +0200)]
po: Update and enable Ukrainian (uk) translation.

5 years agoFix typos in messages
Yuri Chornoivan [Sun, 22 Jun 2014 14:33:04 +0000 (17:33 +0300)]
Fix typos in messages

5 years agobuild: Remove unused options.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
build: Remove unused options.

* Remove option --build-agent-only.
(FAKE_CURL, GPGKEYS_CURL): Remove check for cURL
(GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused
(GPGKEYS_KDNS): Remove ac_subst.
* autogen.rc (final_info): Remove suggestion to use the removed option

5 years agoscd: Add pinpad support for REINER SCT cyberJack go
NIIBE Yutaka [Tue, 23 Apr 2013 23:36:31 +0000 (08:36 +0900)]
scd: Add pinpad support for REINER SCT cyberJack go

* scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New.
* scd/ccid-driver.c (ccid_transceive_secure): Handle the case for
VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change).

This is revised version which adapts changes of ccid-driver and was
later ported from branch-2.0 to master (2.1)

5 years agoscd: Support reader Gemalto IDBridge CT30
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
scd: Support reader Gemalto IDBridge CT30

* scd/ccid-driver.h (GEMPC_CT30): New product id.
* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that

GnuPG-bug-id: 1638

5 years agogpg: Limit keysize for unattended key generation to useful values.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
gpg: Limit keysize for unattended key generation to useful values.

* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.

It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"

5 years agoEnable DNS SRV records again.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
Enable DNS SRV records again.

* (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst.
(use_dns_srv): Make test work.

5 years agoagent: Fix export of RSA keys to OpenPGP.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
agent: Fix export of RSA keys to OpenPGP.

* agent/cvt-openpgp.c (convert_transfer_key): Fix sexp build format

5 years agogpg,gpgsm: Simplify wrong_args function.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
gpg,gpgsm: Simplify wrong_args function.

5 years agospeedo: "make clean-gnupg" may not remove the source.
Werner Koch [Wed, 25 Jun 2014 17:44:28 +0000 (19:44 +0200)]
speedo: "make clean-gnupg" may not remove the source.

* build-aux/ (clean-$(1)): Take care of gnupg.

I learned it the hard way and lost a bunch of stashed changes.

5 years agogpgsm: Fix default config name.
Werner Koch [Wed, 25 Jun 2014 17:26:33 +0000 (19:26 +0200)]
gpgsm: Fix default config name.

5 years agodoc: Improve the rendering of the manual
Werner Koch [Wed, 25 Jun 2014 09:15:45 +0000 (11:15 +0200)]
doc: Improve the rendering of the manual

5 years agodoc: Update for modern makeinfo.
Werner Koch [Tue, 3 Jun 2014 11:34:24 +0000 (13:34 +0200)]
doc: Update for modern makeinfo.

* doc/texi.css: Remove.
* doc/ (AM_MAKEINFOFLAGS): Use --css-ref.

5 years agogpg: Allow key-to-card upload for cert-only keys
Werner Koch [Tue, 24 Jun 2014 07:13:38 +0000 (09:13 +0200)]
gpg: Allow key-to-card upload for cert-only keys

* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.

Suggested-by: Dominik Heidler <>
5 years agodoc: Add note regarding gpg-preset-passphrase and --max-cache-ttl.
Werner Koch [Tue, 24 Jun 2014 11:46:52 +0000 (13:46 +0200)]
doc: Add note regarding gpg-preset-passphrase and --max-cache-ttl.

GnuPG-bug-id: 1615

5 years agodoc: Improve the description of gpg's --export commands.
Werner Koch [Tue, 24 Jun 2014 10:21:54 +0000 (12:21 +0200)]
doc: Improve the description of gpg's --export commands.

GnuPG-bug-id: 1655

5 years agoRegister DCO for Stefan Tomanek.
Werner Koch [Tue, 24 Jun 2014 09:47:51 +0000 (11:47 +0200)]
Register DCO for Stefan Tomanek.


5 years agodoc: Add conditionals for GnuPG-1
Werner Koch [Mon, 23 Jun 2014 14:09:34 +0000 (16:09 +0200)]
doc: Add conditionals for GnuPG-1

5 years agogpg: Make export of ECC keys work again.
Werner Koch [Fri, 20 Jun 2014 12:54:01 +0000 (14:54 +0200)]
gpg: Make export of ECC keys work again.

* agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead
of the curve parameters.
* g10/export.c (canon_pubkey_algo): Rename to ...
(canon_pk_algo): this.  Support ECC.
(transfer_format_to_openpgp): Expect curve name.

5 years agogpg: Avoid infinite loop in uncompressing garbled packets.
Werner Koch [Fri, 20 Jun 2014 08:39:26 +0000 (10:39 +0200)]
gpg: Avoid infinite loop in uncompressing garbled packets.

* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.

A packet like (a3 01 5b ff) leads to an infinite loop.  Using
--max-output won't help if it is a partial packet.  This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.

Thanks to Olivier Levillain and Florian Maury for their detailed

5 years agogpg: Fix a couple of spelling errors
Kristian Fiskerstrand [Thu, 12 Jun 2014 14:12:28 +0000 (16:12 +0200)]
gpg: Fix a couple of spelling errors

5 years agospeedo: Support building from dist-source generated tarball.
Werner Koch [Mon, 16 Jun 2014 21:25:44 +0000 (23:25 +0200)]
speedo: Support building from dist-source generated tarball.

5 years agohttp: Print human readable GNUTLS status.
Werner Koch [Fri, 13 Jun 2014 17:39:48 +0000 (19:39 +0200)]
http: Print human readable GNUTLS status.

* common/http.c (send_gnutls_bye): Take care of EAGAIN et al.
(http_verify_server_credentials): Print a human readable status.

5 years agogpg: Improve the output of --list-packets
Werner Koch [Thu, 12 Jun 2014 12:41:40 +0000 (14:41 +0200)]
gpg: Improve the output of --list-packets

* g10/parse-packet.c (parse): Print packet meta info in list mode.

In particular having the file offset of the packets is often useful.

5 years agospeedo: Improve building of the w32 installer.
Werner Koch [Wed, 11 Jun 2014 13:45:29 +0000 (15:45 +0200)]
speedo: Improve building of the w32 installer.

* build-aux/ Change name of build directory to PLAY.
Improve the dist-source target.
* build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank
line (plus comment).
* build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*.
Install more tools.

gdk-pixbuf-loaders.cache needs to end with an extra LF or the
gdk-pixbuf is not able to read the last entry.  The final comment is
to make our git sanity checks happy.


 make -f build-aux/ \
      TARGETOS=w32 TARBALLS=~/tarballs installer

does now create a working installer.  After removing dirmngr from the
installation GPA kind of works.  There are remaining problems with
dirmngr and scdaemon which will be fixed soon.


 make -f build-aux/ \
      TARGETOS=w32 TARBALLS=~/tarballs dist-source

creates an xz compressed tarball with all the sources used to build
the installer.  Distributing this tarball along with the installer is
sufficient to comply with the GPL.  Well, some more instructions
should be given in the readme files.

5 years agospeedo: Revamped speedo and include a w32 installer.
Werner Koch [Tue, 10 Jun 2014 17:42:34 +0000 (19:42 +0200)]
speedo: Revamped speedo and include a w32 installer.

* build-aux/speedo/: New.
* build-aux/speedo/w32/: New.

The new installer uses some code from Gpg4win but is much smaller and
easier to maintain.  To build an installer, unpack GnuPG and then run

  make -f build-aux/  TARBALLS=~/mytarballs installer

~/mytarballs is a directory with tarballs of external libraries.  See for a list of them.

WARNING: The installed W32 version does not correctly work right now.

5 years agobuild: Add more options to
Werner Koch [Tue, 10 Jun 2014 14:21:00 +0000 (16:21 +0200)]
build: Add more options to

* Add options --print-host and --print-build.

Being able to know the build system and the host as used by GnuPG is
useful to build other packages.