[git] GnuPG - branch, master, updated. gnupg-2.1.10-116-g99cdc15
by Werner Koch
cvs at cvs.gnupg.org
Thu Jan 14 11:06:31 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 99cdc15cf103cace11aa6eec9e13a3a8ecf13004 (commit)
via c7ca0f73dbe7c080b79f93f90f00ba2396fc4bd0 (commit)
from 9b6c91469a804c60289a2ed21334dfd856c294bb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 99cdc15cf103cace11aa6eec9e13a3a8ecf13004
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 14 11:01:14 2016 +0100
doc: Update whats-new-in-2.1 from gnupg-doc.
--
diff --git a/doc/whats-new-in-2.1.txt b/doc/whats-new-in-2.1.txt
index d20239f..6c46b04 100644
--- a/doc/whats-new-in-2.1.txt
+++ b/doc/whats-new-in-2.1.txt
@@ -6,7 +6,7 @@
━━━━━━━━━━━━━━━━━━━━━━━━━━━
- 2014-11-04
+ 2016-01-14
Table of Contents
@@ -28,8 +28,9 @@ Table of Contents
.. 1.13 Improved card support
.. 1.14 New format for key listings
.. 1.15 Support for Putty
-.. 1.16 Improved X.509 certificate creation
-.. 1.17 Scripts to create a Windows installer
+.. 1.16 Export of SSH public keys
+.. 1.17 Improved X.509 certificate creation
+.. 1.18 Scripts to create a Windows installer
A possibly revised version of this article can be found at:
@@ -91,6 +92,8 @@ https://gnupg.org/faq/whats-new-in-2.1.html
possible to export them directly in PKCS#8 and PEM format for use on
TLS servers.
+ • Export of /ssh/ keys has been integrated.
+
• The scripts to create a Windows installer are now part of GnuPG.
Now for the detailed description of these new features:
@@ -172,7 +175,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
This is best shown with an example:
- ╭────
+ ┌────
│ $ gpg2 --gen-key
│ gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc.
│ This is free software: you are free to change and redistribute it.
@@ -194,7 +197,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ Key fingerprint = 0290 5ABF 17C7 81FB C390 9B00 636A 1BBD 68FD 0088
│ uid [ultimate] Glenn Greenwald <glenn at example.org>
│ sub rsa2048/84439DCD 2014-11-03
- ╰────
+ └────
Thus only the name and the mail address are required. For all other
parameters the default values are used. Many graphical frontends
@@ -212,10 +215,10 @@ https://gnupg.org/faq/whats-new-in-2.1.html
options to create an ECC key.
For those who want to experiment with ECC or already want to prepare a
- key for future use, the command `--gen-full-key' along with the option
+ key for future use, the command `--full-gen-key' along with the option
`--expert' is the enabler:
- ╭────
+ ┌────
│ $ gpg2 --expert --full-gen-key
│ gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc.
│ This is free software: you are free to change and redistribute it.
@@ -264,7 +267,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ Key fingerprint = E630 27CF 3D68 22A7 6FF2 093E D179 9E72 3826 60E3
│ uid [ultimate] Edward Snowden <edward at example.org>
│ sub nistp256/48C9A997 2014-11-03 nistp256
- ╰────
+ └────
In this example we created a primary ECC key for signing and an subkey
for encryption. For both we use the NIST P-256 curve. The key may
@@ -284,7 +287,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
releases. Recall that an encryption subkey can be added to a key at
any time. If you want to create a signing key you may do it this way:
- ╭────
+ ┌────
│ $ gpg2 --expert --full-gen-key
│ gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc.
│ This is free software: you are free to change and redistribute it.
@@ -335,7 +338,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ pub ed25519/5C1AFC2A 2014-11-03
│ Key fingerprint = ED85 4D98 5D8F 502F C6C5 FFB2 AA81 319E 5C1A FC2A
│ uid [ultimate] Laura Poitras <laura at example.org>
- ╰────
+ └────
Support for ECC keys is available only on some keyservers but it is
expected that this will be fixed over the next few months.
@@ -355,17 +358,17 @@ https://gnupg.org/faq/whats-new-in-2.1.html
parameter file or interactive prompts for generating a key or to sign
a key. This can now be accomplished with a few new commands:
- ╭────
+ ┌────
│ $ gpg2 --batch --quick-gen-key 'Daniel Ellsberg <ellsberg at example.org>'
│ gpg: key 911B90A9 marked as ultimately trusted
- ╰────
+ └────
If a key with that user id already exists, gpg bails out with an error
message. You can force creation using the option `--yes'. If you
want some more control, you may not use `--batch' and gpg will ask for
confirmation and show the resulting key:
- ╭────
+ ┌────
│ $ gpg2 --quick-gen-key 'Daniel Ellsberg <ellsberg at example.org>'
│ About to create a key for:
│ "Daniel Ellsberg <ellsberg at example.org>"
@@ -379,13 +382,13 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ Key fingerprint = 15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C
│ uid [ultimate] Daniel Ellsberg <ellsberg at example.org>
│ sub rsa2048/72A4D018 2014-11-04
- ╰────
+ └────
Another common operation is to sign a key. /gpg/ can do this directly
from the command line by giving the fingerprint of the to-be-signed
key:
- ╭────
+ ┌────
│ $ gpg2 --quick-sign-key '15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C'
│
│ pub rsa2048/BD19AC1C
@@ -394,13 +397,13 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ Primary key fingerprint: 15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C
│
│ Daniel Ellsberg <ellsberg at example.org>
- ╰────
+ └────
In case the key has already been signed, the command prints a note and
exits with success. In case you want to check that it really worked,
use `=--check-sigs' as usual:
- ╭────
+ ┌────
│ $ gpg2 --check-sigs '15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C'
│ gpg: checking the trustdb
│ gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
@@ -411,7 +414,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ sig! 68FD0088 2014-11-04 Glenn Greenwald <glenn at example.org>
│ sub rsa2048/72A4D018 2014-11-04
│ sig! BD19AC1C 2014-11-04 Daniel Ellsberg <ellsberg at example.org>
- ╰────
+ └────
The fingerprint may also be given without the spaces in which case
@@ -420,6 +423,20 @@ https://gnupg.org/faq/whats-new-in-2.1.html
To create a non-exportable key signature, use the command
`--quick-lsign-key' instead.
+ Since version 2.1.4 it possible to directly add another user id to an
+ existing key:
+
+ ┌────
+ │ $ gpg2 -k 8CFDE12197965A9A
+ │ pub ed25519/8CFDE12197965A9A 2014-08-19
+ │ uid [ unknown] EdDSA sample key 1
+ │ $ gpg2 --quick-adduid 8CFDE12197965A9A 'Sample 2 <me at example.org>'
+ │ $ gpg2 -k 8CFDE12197965A9A
+ │ pub ed25519/8CFDE12197965A9A 2014-08-19
+ │ uid [ unknown] Sample 2 <me at example.org>
+ │ uid [ unknown] EdDSA sample key 1
+ └────
+
1.6 Improved Pinentry support
─────────────────────────────
@@ -531,10 +548,10 @@ https://gnupg.org/faq/whats-new-in-2.1.html
dead so that it won’t be used in future. To interact with the
/dirmngr/ the `gpg-connect-agent' tool is used:
- ╭────
+ ┌────
│ $ gpg-connect-agent --dirmngr 'help keyserver' /bye
│ $ gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye
- ╰────
+ └────
The first command prints a help screen for the keyserver command and
the second command prints the current host table.
@@ -571,16 +588,23 @@ https://gnupg.org/faq/whats-new-in-2.1.html
keybox file.
To convert an existing `pubring.gpg' file to the keybox format, you
- first rename the file to (for example) `publickeys' so it won’t be
- recognized by any GnuPG version and then you run the command
-
- ╭────
- │ $ gpg2 --import publickeys
- ╰────
+ first backup the ownertrust values, then rename the file to (for
+ example) `publickeys', so it won’t be recognized by any GnuPG version,
+ then run import, and finally restore the ownertrust values:
+
+ ┌────
+ │ $ cd ~/.gnupg
+ │ $ gpg --export-ownertrust >otrust.lst
+ │ $ mv pubring.gpg publickeys
+ │ $ gpg2 --import-options import-local-sigs --import publickeys
+ │ $ gpg2 --import-ownertrust otrust.lst
+ └────
You may then rename the `publickeys' file back so that it can be used
by older GnuPG versions. Remember that in this case you have two
- independent copies of the public keys.
+ independent copies of the public keys. The ownertrust values are kept
+ by all gpg versions in the file `trustdb.gpg' but the above
+ precautions need to be taken to keep them over an import.
1.12 Auto-generated revocation certificates
@@ -597,14 +621,17 @@ https://gnupg.org/faq/whats-new-in-2.1.html
──────────────────────────
The /scdaemon/, which is responsible for accessing smardcards and
- other tokens, has received may updates. In particular plugable USB
+ other tokens, has received many updates. In particular plugable USB
readers with a fixed card now work smoothless and similar to standard
- readers. The latest features of the /gnuk/ token are supported. Code
- for the HSM smartcard has been added. More card readers with a PIN
+ readers. The latest features of the [gnuk] token are supported. Code
+ for the SmartCard-HSM has been added. More card readers with a PIN
pad are supported. The internal CCID driver does now also work with
certain non-auto configuration equipped readers.
+ [gnuk] http://www.fsij.org/doc-gnuk/
+
+
1.14 New format for key listings
────────────────────────────────
@@ -616,11 +643,11 @@ https://gnupg.org/faq/whats-new-in-2.1.html
either use the algorithm name with appended key length or use the name
of the curve:
- ╭────
+ ┌────
│ pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31]
│ pub dsa2048/1E42B367 2007-12-31 [expires: 2018-12-31]
│ pub ed25519/0AA914C9 2014-10-18
- ╰────
+ └────
The first two lines show the same key in the old format and in the new
format. The third line shows an example of an ECC key using the
@@ -653,7 +680,18 @@ https://gnupg.org/faq/whats-new-in-2.1.html
[Putty] http://www.chiark.greenend.org.uk/~sgtatham/putty/
-1.16 Improved X.509 certificate creation
+1.16 Export of SSH public keys
+──────────────────────────────
+
+ The new command `--export-ssh-key' makes it easy to export an /ssh/
+ public key in the format used for ssh’s `authorized_keys' file. By
+ default the command exports the newest subkey with an authorization
+ usage flags. A special syntax can be used to export other subkeys.
+ This command is available since 2.1.11 and replaces the former debug
+ utility /gpgkey2ssh/.
+
+
+1.17 Improved X.509 certificate creation
────────────────────────────────────────
In addition to an improved certificate signing request menu, it is now
@@ -673,7 +711,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
and directly exported in a format suitable for OpenSSL based servers.
-1.17 Scripts to create a Windows installer
+1.18 Scripts to create a Windows installer
──────────────────────────────────────────
GnuPG now comes with the /speedo/ build system which may be used to
@@ -686,9 +724,9 @@ https://gnupg.org/faq/whats-new-in-2.1.html
and GpgEX as a Windows Explorer extension. GnuPG needs to be unpacked
and from the top source directory you run this command
- ╭────
+ ┌────
│ make -f build-aux/speedo.mk w32-installer
- ╰────
+ └────
This command downloads all direct dependencies, checks the signatures
using the GnuPG version from the build system (all Linux distros
@@ -696,12 +734,15 @@ https://gnupg.org/faq/whats-new-in-2.1.html
uses NSIS to create the installer. Although this sounds easy, some
experience in setting up a development machine is still required.
Some versions of the toolchain exhibit bugs and thus your mileage may
- vary. Support for keyserver access over TLS is currently not
- available but will be added with one of the next point releases.
+ vary. See the [Wiki] for more info.
+
+ Support for keyserver access over TLS is currently not available but
+ will be added with one of the next point releases.
+ [Wiki] https://wiki.gnupg.org/Build2.1_Windows
- # Copyright 2014 The GnuPG Project.
+ # Copyright 2014--2016 The GnuPG Project.
# This work is licensed under the Creative Commons
# Attribution-ShareAlike 4.0 International License. To view a copy of
# this license, visit http://creativecommons.org/licenses/by-sa/4.0/
commit c7ca0f73dbe7c080b79f93f90f00ba2396fc4bd0
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jan 13 15:08:42 2016 +0100
kbx: Change return type of search functions to gpg_error_t.
* kbx/keybox-search.c (keybox_search_reset): Change return type to
gpg_error_t.
(keybox_search): Ditto. Also handle GPG_ERR_EOF.
* sm/keydb.c (keydb_search_reset): Ditto.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index 1edb4ae..681d5c0 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -732,7 +732,7 @@ release_sn_array (struct sn_array_s *array, size_t size)
*/
-int
+gpg_error_t
keybox_search_reset (KEYBOX_HANDLE hd)
{
if (!hd)
@@ -760,12 +760,12 @@ keybox_search_reset (KEYBOX_HANDLE hd)
If WANT_BLOBTYPE is not 0 only blobs of this type are considered.
The value at R_SKIPPED is updated by the number of skipped long
records (counts PGP and X.509). */
-int
+gpg_error_t
keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
keybox_blobtype_t want_blobtype,
size_t *r_descindex, unsigned long *r_skipped)
{
- int rc;
+ gpg_error_t rc;
size_t n;
int need_words, any_skip;
KEYBOXBLOB blob = NULL;
@@ -1021,7 +1021,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
hd->found.pk_no = pk_no;
hd->found.uid_no = uid_no;
}
- else if (rc == -1)
+ else if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
{
_keybox_release_blob (blob);
hd->eof = 1;
diff --git a/kbx/keybox.h b/kbx/keybox.h
index 9f91c53..3c60971 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -91,10 +91,11 @@ int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert);
#endif /*KEYBOX_WITH_X509*/
int keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value);
-int keybox_search_reset (KEYBOX_HANDLE hd);
-int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
- keybox_blobtype_t want_blobtype,
- size_t *r_descindex, unsigned long *r_skipped);
+gpg_error_t keybox_search_reset (KEYBOX_HANDLE hd);
+gpg_error_t keybox_search (KEYBOX_HANDLE hd,
+ KEYBOX_SEARCH_DESC *desc, size_t ndesc,
+ keybox_blobtype_t want_blobtype,
+ size_t *r_descindex, unsigned long *r_skipped);
off_t keybox_offset (KEYBOX_HANDLE hd);
gpg_error_t keybox_seek (KEYBOX_HANDLE hd, off_t offset);
diff --git a/sm/keydb.c b/sm/keydb.c
index 0ef3c8f..f5705cb 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -928,10 +928,11 @@ keydb_rebuild_caches (void)
/*
* Start the next search on this handle right at the beginning
*/
-int
+gpg_error_t
keydb_search_reset (KEYDB_HANDLE hd)
{
- int i, rc = 0;
+ int i;
+ gpg_error_t rc = 0;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -950,8 +951,7 @@ keydb_search_reset (KEYDB_HANDLE hd)
break;
}
}
- return rc; /* fixme: we need to map error codes or share them with
- all modules*/
+ return rc;
}
/*
@@ -980,8 +980,10 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
NULL, &skipped);
break;
}
- if (rc == -1) /* EOF -> switch to next resource */
- hd->current++;
+ if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
+ { /* EOF -> switch to next resource */
+ hd->current++;
+ }
else if (!rc)
hd->found = hd->current;
}
diff --git a/sm/keydb.h b/sm/keydb.h
index 03de1c6..3c0f2d6 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -54,7 +54,7 @@ int keydb_delete (KEYDB_HANDLE hd, int unlock);
int keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved);
void keydb_rebuild_caches (void);
-int keydb_search_reset (KEYDB_HANDLE hd);
+gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
int keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc);
int keydb_search_first (KEYDB_HANDLE hd);
int keydb_search_next (KEYDB_HANDLE hd);
-----------------------------------------------------------------------
Summary of changes:
doc/whats-new-in-2.1.txt | 119 +++++++++++++++++++++++++++++++----------------
kbx/keybox-search.c | 8 ++--
kbx/keybox.h | 9 ++--
sm/keydb.c | 14 +++---
sm/keydb.h | 2 +-
5 files changed, 98 insertions(+), 54 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list