[git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-17-gd332467
by Werner Koch
cvs at cvs.gnupg.org
Sat Sep 27 15:30:35 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via d33246700578cddd1cb8ed8164cfbba50aba4ef3 (commit)
via f3625bb018fa8d5bc754f982996f8788386f0a9d (commit)
from f16e76cfb8a1c872d1e01332b5d32022aa7b2fe8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d33246700578cddd1cb8ed8164cfbba50aba4ef3
Author: Werner Koch <wk at gnupg.org>
Date: Sat Sep 27 15:21:02 2014 +0200
gpg: Default to SHA-256 for all signature types on RSA keys.
* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
strict RFC or PGP modes.
* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
RSA key signatures.
* configure.ac: Do not allow to disable sha256.
diff --git a/configure.ac b/configure.ac
index a2f07cb..c627c27 100644
--- a/configure.ac
+++ b/configure.ac
@@ -254,7 +254,7 @@ GNUPG_GPG_DISABLE_ALGO([md5],[MD5 hash])
# SHA1 is a MUSt algorithm
GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash])
GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash])
-GNUPG_GPG_DISABLE_ALGO([sha256],[SHA-256 hash])
+# SHA256 is a MUST algorithm for GnuPG.
GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash])
GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash])
diff --git a/g10/main.h b/g10/main.h
index 17a050d..76541c7 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -38,7 +38,7 @@
# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES
#endif
-#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1
+#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1)
#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
#ifdef HAVE_ZIP
# define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP
diff --git a/g10/sign.c b/g10/sign.c
index c8139d7..bd78c17 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1499,7 +1499,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
(ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8);
}
else
- digest_algo = DIGEST_ALGO_SHA1;
+ digest_algo = DEFAULT_DIGEST_ALGO;
}
if ( gcry_md_open (&md, digest_algo, 0 ) )
commit f3625bb018fa8d5bc754f982996f8788386f0a9d
Author: Werner Koch <wk at gnupg.org>
Date: Sat Sep 27 15:14:13 2014 +0200
gpg: Simplify command --gen-key and add --full-gen-key.
* g10/gpg.c (aFullKeygen): New.
(opts): Add command --full-key-gen.
(main): Implement it.
* g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although
the value is identical.
(DEFAULT_STD_CURVE): New.
(DEFAULT_STD_SUBALGO): New.
(DEFAULT_STD_SUBKEYSIZE): New.
(DEFAULT_STD_SUBCURVE): New.
(quick_generate_keypair): Use new macros here.
(generate_keypair): Add arg "full" and fix call callers. Do not ask
for keysize in non-full node.
(ask_user_id): Add arg "full" and simplify for non-full mode.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 0472a4a..ea6851c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -622,12 +622,19 @@ force the creation of the key will show up.
@item --gen-key
@opindex gen-key
-Generate a new key pair. This command is normally only used
-interactively.
+Generate a new key pair using teh current default parameters. This is
+the standard command to create a new key.
+ at ifset gpgtwoone
+ at item --full-gen-key
+ at opindex gen-key
+Generate a new key pair with dialogs for all options. This is an
+extended version of @option{--gen-key}.
+
+ at end ifset
There is also a feature which allows you to create keys in batch
-mode. See the file @file{doc/DETAILS} in the source distribution on
-how to use this.
+mode. See the the manual section ``Unattended key generation'' on how
+to use this.
@item --gen-revoke @code{name}
@opindex gen-revoke
diff --git a/g10/card-util.c b/g10/card-util.c
index 84752eb..abf234f 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -1440,7 +1440,7 @@ generate_card_keys (ctrl_t ctrl)
the serialnumber and thus it won't harm. */
}
- generate_keypair (ctrl, NULL, info.serialno, want_backup);
+ generate_keypair (ctrl, 1, NULL, info.serialno, want_backup);
leave:
agent_release_card_info (&info);
diff --git a/g10/gpg.c b/g10/gpg.c
index 95a78d5..f586042 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -107,6 +107,7 @@ enum cmd_and_opt_values
aClearsign,
aStore,
aQuickKeygen,
+ aFullKeygen,
aKeygen,
aSignEncr,
aSignEncrSym,
@@ -407,9 +408,12 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")),
ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")),
ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
- ARGPARSE_c (aQuickKeygen, "quick-gen-key" ,
+ ARGPARSE_c (aKeygen, "gen-key",
+ N_("generate a new key pair")),
+ ARGPARSE_c (aQuickKeygen, "quick-gen-key" ,
N_("quickly generate a new key pair")),
- ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")),
+ ARGPARSE_c (aFullKeygen, "full-gen-key" ,
+ N_("full featured key pair generation")),
ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
ARGPARSE_c (aDeleteKeys,"delete-keys",
N_("remove keys from the public keyring")),
@@ -2307,6 +2311,7 @@ main (int argc, char **argv)
break;
case aKeygen:
+ case aFullKeygen:
case aEditKey:
case aDeleteSecretKeys:
case aDeleteSecretAndPublicKeys:
@@ -3564,6 +3569,7 @@ main (int argc, char **argv)
case aDeleteSecretKeys:
case aDeleteSecretAndPublicKeys:
case aQuickKeygen:
+ case aFullKeygen:
case aKeygen:
case aImport:
case aExportSecret:
@@ -3859,12 +3865,27 @@ main (int argc, char **argv)
if( opt.batch ) {
if( argc > 1 )
wrong_args("--gen-key [parameterfile]");
- generate_keypair (ctrl, argc? *argv : NULL, NULL, 0);
+ generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
}
else {
if( argc )
wrong_args("--gen-key");
- generate_keypair (ctrl, NULL, NULL, 0);
+ generate_keypair (ctrl, 0, NULL, NULL, 0);
+ }
+ break;
+
+ case aFullKeygen: /* Generate a key with all options. */
+ if (opt.batch)
+ {
+ if (argc > 1)
+ wrong_args ("--full-gen-key [parameterfile]");
+ generate_keypair (ctrl, 1, argc? *argv : NULL, NULL, 0);
+ }
+ else
+ {
+ if (argc)
+ wrong_args("--full-gen-key");
+ generate_keypair (ctrl, 1, NULL, NULL, 0);
}
break;
diff --git a/g10/keygen.c b/g10/keygen.c
index 4ec7f50..17d7ce1 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -47,8 +47,12 @@
/* The default algorithms. If you change them remember to change them
also in gpg.c:gpgconf_list. You should also check that the value
is inside the bounds enforced by ask_keysize and gen_xxx. */
-#define DEFAULT_STD_ALGO GCRY_PK_RSA
-#define DEFAULT_STD_KEYSIZE 2048
+#define DEFAULT_STD_ALGO PUBKEY_ALGO_RSA
+#define DEFAULT_STD_KEYSIZE 2048
+#define DEFAULT_STD_CURVE NULL
+#define DEFAULT_STD_SUBALGO PUBKEY_ALGO_RSA
+#define DEFAULT_STD_SUBKEYSIZE 2048
+#define DEFAULT_STD_SUBCURVE NULL
/* Flag bits used during key generation. */
#define KEYGEN_FLAG_NO_PROTECTION 1
@@ -2435,9 +2439,9 @@ uid_from_string (const char *string)
/* Ask for a user ID. With a MODE of 1 an extra help prompt is
printed for use during a new key creation. If KEYBLOCK is not NULL
the function prevents the creation of an already existing user
- ID. */
+ ID. IF FULL is not set some prompts are not shown. */
static char *
-ask_user_id (int mode, KBNODE keyblock)
+ask_user_id (int mode, int full, KBNODE keyblock)
{
char *answer;
char *aname, *acomment, *amail, *uid;
@@ -2447,7 +2451,7 @@ ask_user_id (int mode, KBNODE keyblock)
/* TRANSLATORS: This is the new string telling the user what
gpg is now going to do (i.e. ask for the parts of the user
ID). Note that if you do not translate this string, a
- different string will be used used, which might still have
+ different string will be used, which might still have
a correct translation. */
const char *s1 =
N_("\n"
@@ -2515,7 +2519,8 @@ ask_user_id (int mode, KBNODE keyblock)
break;
}
}
- if( !acomment ) {
+ if (!acomment) {
+ if (full) {
for(;;) {
xfree(acomment);
acomment = cpr_get("keygen.comment",_("Comment: "));
@@ -2528,6 +2533,11 @@ ask_user_id (int mode, KBNODE keyblock)
else
break;
}
+ }
+ else {
+ xfree (acomment);
+ acomment = xstrdup ("");
+ }
}
@@ -2596,11 +2606,17 @@ ask_user_id (int mode, KBNODE keyblock)
answer = xstrdup (ansstr + (fail?8:6));
answer[1] = 0;
}
- else {
+ else if (full) {
answer = cpr_get("keygen.userid.cmd", fail?
_("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") :
_("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
cpr_kill_prompt();
+ }
+ else {
+ answer = cpr_get("keygen.userid.cmd", fail?
+ _("Change (N)ame, (E)mail, or (Q)uit? ") :
+ _("Change (N)ame, (E)mail, or (O)kay/(Q)uit? "));
+ cpr_kill_prompt();
}
if( strlen(answer) > 1 )
;
@@ -2745,7 +2761,7 @@ generate_user_id (KBNODE keyblock)
{
char *p;
- p = ask_user_id (1, keyblock);
+ p = ask_user_id (1, 1, keyblock);
if (!p)
return NULL; /* Canceled. */
return uid_from_string (p);
@@ -2822,7 +2838,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key,
i = atoi( r->u.value );
else if (!strcmp (r->u.value, "ELG-E")
|| !strcmp (r->u.value, "ELG"))
- i = GCRY_PK_ELG_E;
+ i = PUBKEY_ALGO_ELGAMAL_E;
else
i = map_pk_gcry_to_openpgp (gcry_pk_map_name (r->u.value));
@@ -3528,10 +3544,12 @@ quick_generate_keypair (const char *uid)
}
}
- para = quickgen_set_para (para, 0, PUBKEY_ALGO_RSA, 2048, NULL);
- para = quickgen_set_para (para, 1, PUBKEY_ALGO_RSA, 2048, NULL);
- /* para = quickgen_set_para (para, 0, PUBKEY_ALGO_EDDSA, 0, "Ed25519"); */
- /* para = quickgen_set_para (para, 1, PUBKEY_ALGO_ECDH, 0, "Curve25519"); */
+ para = quickgen_set_para (para, 0,
+ DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
+ DEFAULT_STD_CURVE);
+ para = quickgen_set_para (para, 1,
+ DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
+ DEFAULT_STD_SUBCURVE);
proc_parameter_file (para, "[internal]", &outctrl, 0);
leave:
@@ -3544,11 +3562,13 @@ quick_generate_keypair (const char *uid)
* CARD_SERIALNO is not NULL the function will create the keys on an
* OpenPGP Card. If CARD_BACKUP_KEY has been set and CARD_SERIALNO is
* NOT NULL, the encryption key for the card is generated on the host,
- * imported to the card and a backup file created by gpg-agent.
+ * imported to the card and a backup file created by gpg-agent. If
+ * FULL is not set only the basic prompts are used (except for batch
+ * mode).
*/
void
-generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno,
- int card_backup_key)
+generate_keypair (ctrl_t ctrl, int full, const char *fname,
+ const char *card_serialno, int card_backup_key)
{
unsigned int nbits;
char *uid = NULL;
@@ -3628,7 +3648,7 @@ generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno,
}
#endif /*ENABLE_CARD_SUPPORT*/
}
- else
+ else if (full) /* Full featured key generation. */
{
int subkey_algo;
char *curve = NULL;
@@ -3764,34 +3784,47 @@ generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno,
xfree (curve);
}
+ else /* Default key generation. */
+ {
+ tty_printf ( _("Note: Use \"%s %s\""
+ " for a full featured key generation dialog.\n"),
+ GPG_NAME, "--full-gen-key" );
+ para = quickgen_set_para (para, 0,
+ DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
+ DEFAULT_STD_CURVE);
+ para = quickgen_set_para (para, 1,
+ DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
+ DEFAULT_STD_SUBCURVE);
+ }
+
- expire = ask_expire_interval(0,NULL);
- r = xmalloc_clear( sizeof *r + 20 );
+ expire = full? ask_expire_interval (0, NULL) : 0;
+ r = xcalloc (1, sizeof *r + 20);
r->key = pKEYEXPIRE;
r->u.expire = expire;
r->next = para;
para = r;
- r = xmalloc_clear( sizeof *r + 20 );
+ r = xcalloc (1, sizeof *r + 20);
r->key = pSUBKEYEXPIRE;
r->u.expire = expire;
r->next = para;
para = r;
- uid = ask_user_id (0, NULL);
- if( !uid )
+ uid = ask_user_id (0, full, NULL);
+ if (!uid)
{
log_error(_("Key generation canceled.\n"));
release_parameter_list( para );
return;
}
- r = xmalloc_clear( sizeof *r + strlen(uid) );
+ r = xcalloc (1, sizeof *r + strlen (uid));
r->key = pUSERID;
- strcpy( r->u.value, uid );
+ strcpy (r->u.value, uid);
r->next = para;
para = r;
- proc_parameter_file( para, "[internal]", &outctrl, !!card_serialno);
- release_parameter_list( para );
+ proc_parameter_file (para, "[internal]", &outctrl, !!card_serialno);
+ release_parameter_list (para);
}
diff --git a/g10/main.h b/g10/main.h
index ad528b4..17a050d 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -259,7 +259,7 @@ u32 parse_expire_string(const char *string);
u32 ask_expire_interval(int object,const char *def_expire);
u32 ask_expiredate(void);
void quick_generate_keypair (const char *uid);
-void generate_keypair (ctrl_t ctrl, const char *fname,
+void generate_keypair (ctrl_t ctrl, int full, const char *fname,
const char *card_serialno, int card_backup_key);
int keygen_set_std_prefs (const char *string,int personal);
PKT_user_id *keygen_get_std_prefs (void);
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 2 +-
doc/gpg.texi | 15 +++++++---
g10/card-util.c | 2 +-
g10/gpg.c | 29 ++++++++++++++++---
g10/keygen.c | 85 ++++++++++++++++++++++++++++++++++++++-----------------
g10/main.h | 4 +--
g10/sign.c | 2 +-
7 files changed, 100 insertions(+), 39 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list