Added Cyg-Win

This commit is contained in:
Frank Harris 2026-06-06 18:46:40 -04:00
parent 82cbc206eb
commit 413c315806
10586 changed files with 3806249 additions and 0 deletions

View file

@ -0,0 +1,13 @@
Files in this directory:
scd-event A handler script used with scdaemon
trustlist.txt A list of trustworthy root certificates
(Please check yourself whether you actually trust them)
gpgconf.conf A sample configuration file for gpgconf.
qualified.txt Sample file for qualified.txt.
common.conf Sample file for common options.

View file

@ -0,0 +1,22 @@
# common.conf - common defaults for all components.
#
# This file may provide defaults as well as options which needs to be
# synchronized between components. As usual this file is read from
# the system wide config directory (e.g. /etc/gnupg/common.conf) as
# well as from the home directory (e.g. ~/.gnupg/common.conf).
# Uncomment to enable the use of the keybox daemon (keyboxd) by gpg
# and gpgsm.
#use-keyboxd
# For testing it is sometimes useful to use a different binary
# of keybox. This option can be used to specify this.
#keyboxd-program /foo/bar/keyboxd
# For the daemons (gpg-agent, scdaemon, dirmngr, keyboxd) it is often
# useful to define a shared logging destination. This is either the
# standard logging socket (socket://) or a tcp server (tcp://ip:port).
# If a file name is given the name of the component is internally
# appended.
#log-file socket://

View file

@ -0,0 +1,66 @@
# gpgconf.conf - configuration for gpgconf
#----------------------------------------------------------------------
#
# === The use of this feature is deprecated ===
# == Please use the more powerful global options. ==
#
# This file is read by gpgconf(1) to setup defaults for all or
# specified users and groups. It may be used to change the hardwired
# defaults in gpgconf and to enforce certain values for the various
# GnuPG related configuration files.
#
# NOTE: This is a legacy mechanism. The modern way is to use global
# configuration files like /etc/gnupg/gpg.conf which are more
# flexible and better integrated into the configuration system.
#
# Empty lines and comment lines, indicated by a hash mark as first non
# white space character, are ignored. The line is separated by white
# space into fields. The first field is used to match the user or
# group and must start at the first column, the file is processed
# sequential until a matching rule is found. A rule may contain
# several lines; continuation lines are indicated by a indenting them.
#
# Syntax of a line:
# <key>|WS <component> <option> ["["<flag>"]"] [<value>]
#
# Examples for the <key> field:
# foo - Matches the user "foo".
# foo: - Matches the user "foo".
# foo:staff - Matches the user "foo" or the group "staff".
# :staff - Matches the group "staff".
# * - Matches any user.
# All other variants are not defined and reserved for future use.
#
# <component> and <option> are as specified by gpgconf.
# <flag> may be one of:
# default - Delete the option so that the default is used.
# no-change - Mark the field as non changeable by gpgconf.
# change - Mark the field as changeable by gpgconf.
#
# Example file:
#==========
# :staff gpg-agent min-passphrase-len 6 [change]
#
# * gpg-agent min-passphrase-len [no-change] 8
# gpg-agent min-passphrase-nonalpha [no-change] 1
# gpg-agent max-passphrase-days [no-change] 700
# gpg-agent enable-passphrase-history [no-change]
# gpg-agent enforce-passphrase-constraints [default]
# gpg-agent enforce-passphrase-constraints [no-change]
# gpg-agent max-cache-ttl [no-change] 10800
# gpg-agent max-cache-ttl-ssh [no-change] 10800
# gpgsm enable-ocsp
# gpg compliance [no-change]
# gpgsm compliance [no-change]
#===========
# All users in the group "staff" are allowed to change the value for
# --allow-mark-trusted; gpgconf's default is not to allow a change
# through its interface. When "gpgconf --apply-defaults" is used,
# "allow-mark-trusted" will get enabled and "min-passphrase-len" set
# to 6. All other users are not allowed to change
# "min-passphrase-len" and "allow-mark-trusted". When "gpgconf
# --apply-defaults" is used for them, "min-passphrase-len" is set to
# 8, "allow-mark-trusted" deleted from the config file and
# "enable-ocsp" is put into the config file of gpgsm. The latter may
# be changed by any user.
#-------------------------------------------------------------------

View file

@ -0,0 +1,12 @@
# gpgconf-rnames.lst
# Additional registry settings to be shown by "gpgconf -X".
#
# Example: HKCU\Software\GNU\GnuPG:FooBar
#
# HKCU := The class. Other supported classes are HKLM, HKCR, HKU,
# and HKCC. If no class is given and the string thus starts
# with a backslash HKCU with a fallback to HKLM is used.
# Software\GNU\GnuPG := The actual key.
# FooBar := The name of the item. if a name is not given the default
# value is used.
#

View file

@ -0,0 +1,48 @@
# pwpattern.list -*- default-generic -*-
#
# This is an example for a pattern file as used by gpg-check-pattern.
# The file is line based with comment lines beginning on the *first*
# position with a '#'. Empty lines and lines with just spaces are
# ignored. The other lines may be verbatim patterns and match as they
# are (trailing spaces are ignored) or extended regular expressions
# indicated by a / in the first column and terminated by another / or
# end of line. All comparisons are case insensitive.
# Reject the usual metavariables. Usual not required because
# gpg-agent can be used to reject all passphrases shorter than 8
# characters.
foo
bar
baz
# As well as very common passwords. Note that gpg-agent can be used
# to reject them due to missing non-alpha characters.
password
passwort
passphrase
mantra
test
abc
egal
# German number plates.
/^[A-Z]{1,3}[ ]*-[ ]*[A-Z]{1,2}[ ]*[0-9]+/
# Dates (very limited, only ISO dates). */
/^[012][0-9][0-9][0-9]-[012][0-9]-[0123][0-9]$/
# Arbitrary strings
the quick brown fox jumps over the lazy dogs back
no-password
no password
12345678
123456789
1234567890
87654321
987654321
0987654321
qwertyuiop
qwertzuiop
asdfghjkl
zxcvbnm

View file

@ -0,0 +1,237 @@
# This is the list of root certificates used for qualified
# certificates. They are defined as certificates capable of creating
# legally binding signatures in the same way as a handwritten
# signatures are. Comments like this one and empty lines are allowed
# Lines do have a length limit but this is not a serious limitation as
# the format of the entries is fixed and checked by gpgsm: A
# non-comment line starts with optional whitespaces, followed by
# exactly 40 hex character, whitespace and a lowercased 2 letter
# country code. Additional data delimited with by a whitespace is
# current ignored but might late be used for other purposes.
#
#*******************************************
#
# Belgium
#
# Need to figure out a reliable source.
#*******************************************
#*******************************************
#
# Germany
#
# The information for Germany is available
# at http://www.bundesnetzagentur.de
#*******************************************
#Serial number: 32D18D
# Issuer: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
# fÈur Telekommunikation und Post/C=DE
# Subject: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
# fÈur Telekommunikation und Post/C=DE
# validity: 2001-02-01 09:52:17 through 2005-06-01 09:52:17
# key type: 1024 bit RSA
# key usage: certSign crlSign
#[checked: 2005-11-14]
EA:8D:99:DD:36:AA:2D:07:1A:3C:7B:69:00:9E:51:B9:4A:2E:E7:60 de
#Serial number: 00C48C8D
# Issuer: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
# fÈur Telekommunikation und Post/C=DE
# Subject: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
# fÈur Telekommunikation und Post/C=DE
# validity: 2001-10-15 11:15:15 through 2006-02-15 11:15:15
# key type: 1024 bit RSA
# key usage: certSign crlSign
#[checked: 2005-11-14]
DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B de
#Serial number: 01
# Issuer: /CN=8R-CA 1:PN/O=Regulierungsbehörde für
# Telekommunikation und Post/C=DE
# Subject: /CN=8R-CA 1:PN/O=Regulierungsbehörde für
# Telekommunikation und Post/C=DE
# validity: 2004-11-25 14:10:37 through 2007-12-31 14:04:03
# key type: 1024 bit RSA
# key usage: certSign
# policies: 1.3.36.8.1.1:N:
# chain length: unlimited
#[checked: 2005-11-14]
42:6A:F6:78:30:E9:CE:24:5B:EF:41:A2:C1:A8:51:DA:C5:0A:6D:F5 de
#Serial number: 02
# Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
# Telekommunikation und Post/C=DE
# Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
# Telekommunikation und Post/C=DE
# validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59
# key type: 1024 bit RSA
# key usage: certSign
# policies: 1.3.36.8.1.1:N:
# chain length: unlimited
#[checked: 2005-11-14]
75:9A:4A:CE:7C:DA:7E:89:1B:B2:72:4B:E3:76:EA:47:3A:96:97:24 de
#Serial number: 2A
# Issuer: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
# Subject: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
# validity: 2005-08-03 15:30:36 through 2007-12-31 15:09:23
# key type: 1024 bit RSA
# key usage: certSign
# policies: 1.3.36.8.1.1:N:
# chain length: unlimited
#[checked: 2005-11-14]
31:C9:D2:E6:31:4D:0B:CC:2C:1A:45:00:A6:6B:97:98:27:18:8E:CD de
#Serial number: 2D
# Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
# Subject: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
# validity: 2005-08-03 18:09:49 through 2007-12-31 18:04:28
# key type: 1024 bit RSA
# key usage: certSign
# policies: 1.3.36.8.1.1:N:
# chain length: unlimited
#[checked: 2005-11-14]
A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de
# ID: 0x5B4757B0
# S/N: 0139
# Issuer: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
# Subject: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
# validity: 2007-05-25 11:01:44 through 2012-05-25 10:56:07
# key type: 2048 bit RSA
# key usage: certSign
# policies: 1.3.36.8.1.1:N:
# chain length: unlimited
# [checked: 2008-06-25]
44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de
# ID: 0x46A2CC8A
# S/N: 013C
# Issuer: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
# Subject: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
# validity: 2007-05-29 11:02:37 through 2012-05-29 10:55:54
# key type: 2048 bit RSA
# key usage: certSign
# policies: 1.3.36.8.1.1:N:
# chain length: unlimited
# [checked: 2008-06-25]
AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de
#
# D-Trust root certificates. Probably by shifting a lot of Euros to
# laywer companies, German CAs achieved to get the permission to
# create their own legally binding root certificates - independent of
# the Bundesnetzagentur. The main problem with this is that it is
# hard to figure out what qualified root certificates are actually
# active. There is now no way to be sure whether a signature is a
# qualified one. A pettifogger's way of validating certificates.
#
#Serial number: 00B95F
# Issuer: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
# Subject: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
# aka: info@d-trust.net
# aka: (uri http://www.d-trust.net)
# validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
# key type: 2048 bit RSA
# key usage: certSign crlSign
# policies: 1.3.6.1.4.1.4788.2.30.1:N:
# chain length: unlimited
#[checked: 2007-01-31 by phone 030-259391-0 and callback by Mrs. Enke]
E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C de
#Serial number: 00B960
# Issuer: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
# Subject: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
# aka: info@d-trust.net
# aka: (uri http://www.d-trust.net)
# validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
# key type: 2048 bit RSA
# key usage: certSign crlSign
# policies: 1.3.6.1.4.1.4788.2.30.1:N:
# chain length: unlimited
#[checked: 2007-01-31 by phone 030-259391-0 and callback by Mrs. Enke]
98:2A:75:67:0F:F8:28:4A:94:E0:9D:23:D8:E7:62:C8:BD:A4:54:04 de
#
# S-Trust root certificates.
#
#Serial number: 00DF749F80AA51F0EDC0CB1FC183E97EE2
# Issuer: /CN=S-TRUST Qualified Root CA 2006-001:PN
# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
# /ST=Baden-Wuerttemberg (BW)/C=DE
# Subject: /CN=S-TRUST Qualified Root CA 2006-001:PN
# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
# /ST=Baden-Wuerttemberg (BW)/C=DE
# validity: 2006-01-01 00:00:00 through 2010-12-30 23:59:59
# key type: 2048 bit RSA
# key usage: certSign crlSign
# chain length: 1
#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer]
7D:DC:76:1C:FD:AF:4C:E0:3A:B5:3A:DD:C9:FA:13:35:19:A3:DE:C9 de
#Serial number: 00BC098E0402E92956B8D7DE74977E26F7
# Issuer: /CN=S-TRUST Qualified Root CA 2007-001:PN
# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
# /ST=Baden-Wuerttemberg (BW)/C=DE
# Subject: /CN=S-TRUST Qualified Root CA 2007-001:PN
# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
# /ST=Baden-Wuerttemberg (BW)/C=DE
# validity: 2007-01-01 00:00:00 through 2011-12-30 23:59:59
# key type: 2048 bit RSA
# key usage: certSign crlSign
# chain length: 1
#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer]
7A:3C:1B:60:2E:BD:A4:A1:E0:EB:AD:7A:BA:4F:D1:43:69:A9:39:FC de
# ID: 0xA8FEA3CA
# S/N: 00B3963E0E6C2D65125853E970665402E5
# Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN
# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
# Subject: /CN=S-TRUST Qualified Root CA 2008-001:PN
# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
# validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59
# key type: 2048 bit RSA
# key usage: certSign crlSign
# chain length: 1
#[checked: 2007-12-13 via received ZIP file with qualified signature from
# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg]
C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de
# ID: 0x3A7D979B
# S/N: 00C4216083F35C54F67B09A80C3C55FE7D
# Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN
# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
# Subject: /CN=S-TRUST Qualified Root CA 2008-002:PN
# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
# validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59
# key type: 2048 bit RSA
# key usage: certSign crlSign
# chain length: 1
#[checked: 2007-12-13 via received ZIP file with qualified signature from
# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"]
D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de
#*******************************************
#
# End of file
#
#*******************************************

View file

@ -0,0 +1,102 @@
#!/bin/sh
# Sample script for scdaemon event mechanism.
#exec >>/tmp/scd-event.log
PGM=scd-event
reader_port=
old_code=0x0000
new_code=0x0000
status=
tick='`'
prev=
while [ $# -gt 0 ]; do
arg="$1"
case $arg in
-*=*) optarg=$(echo "X$arg" | sed -e '1s/^X//' -e 's/[-_a-zA-Z0-9]*=//')
;;
*) optarg=
;;
esac
if [ -n "$prev" ]; then
eval "$prev=\$arg"
prev=
shift
continue
fi
case $arg in
--help|-h)
cat <<EOF
Usage: $PGM [options]
$PGM is called by scdaemon on card reader status changes
Options:
--reader-port N Reports change for port N
--old-code 0xNNNN Previous status code
--old-code 0xNNNN Current status code
--status USABLE|ACTIVE|PRESENT|NOCARD
Human readable status code
Environment:
GNUPGHOME=DIR Set to the active homedir
EOF
exit 0
;;
--reader-port)
prev=reader_port
;;
--reader-port=*)
reader_port="$optarg"
;;
--old-code)
prev=old_code
;;
--old-code=*)
old_code="$optarg"
;;
--new-code)
prev=new_code
;;
--new-code=*)
new_code="$optarg"
;;
--status)
prev=status
;;
--new-code=*)
status="$optarg"
;;
-*)
echo "$PGM: invalid option $tick$arg'" >&2
exit 1
;;
*)
break
;;
esac
shift
done
if [ -n "$prev" ]; then
echo "$PGM: argument missing for option $tick$prev'" >&2
exit 1
fi
cat <<EOF
========================
port: $reader_port
old-code: $old_code
new-code: $new_code
status: $status
EOF
if [ x$status = xUSABLE ]; then
gpg --batch --card-status 2>&1
fi

View file

@ -0,0 +1,64 @@
# This is the global list of trusted keys. Comment lines, like this
# one, as well as empty lines are ignored. Lines have a length limit
# but this is not serious limitation as the format of the entries is
# fixed and checked by gpg-agent. A non-comment line starts with
# optional white space, followed by the SHA-1 fingerprint in hex,
# optionally followed by a flag character which my either be 'P', 'S'
# or '*'. This file will be read by gpg-agent if no local trustlist
# is available or if the statement "include-default" is used in the
# local list. You should give the gpg-agent(s) a HUP after editing
# this file.
#Serial number: 32D18D
# Issuer: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
# fÈur Telekommunikation und Post/C=DE
EA:8D:99:DD:36:AA:2D:07:1A:3C:7B:69:00:9E:51:B9:4A:2E:E7:60 S
#Serial number: 00C48C8D
# Issuer: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
# fÈur Telekommunikation und Post/C=DE
DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B S
#Serial number: 01
# Issuer: /CN=8R-CA 1:PN/O=Regulierungsbehörde für
# Telekommunikation und Post/C=DE
42:6A:F6:78:30:E9:CE:24:5B:EF:41:A2:C1:A8:51:DA:C5:0A:6D:F5 S
#Serial number: 02
# Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
# Telekommunikation und Post/C=DE
75:9A:4A:CE:7C:DA:7E:89:1B:B2:72:4B:E3:76:EA:47:3A:96:97:24 S
#Serial number: 2A
# Issuer: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
31:C9:D2:E6:31:4D:0B:CC:2C:1A:45:00:A6:6B:97:98:27:18:8E:CD S
#Serial number: 2D
# Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D S
# S/N: 0139
# Issuer: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 S
# S/N: 013C
# Issuer: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A S
# S/N: 00B3963E0E6C2D65125853E970665402E5
# Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN
# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA S
# S/N: 00C4216083F35C54F67B09A80C3C55FE7D
# Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN
# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B S
#Serial number: 00
# Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.
# cacert.org/O=Root CA/EMail=support@cacert.org
13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 S