security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-16 00:29:50 +02:00
Code Activity
cb/T5215
gnupg/g10/main.h

322 lines
11 KiB
C
Raw Permalink Normal View History

initially checkin
1997-11-18 15:06:00 +01:00
/* main.h
* main.h, mainproc.c (check_sig_and_print), keylist.c (list_keyblock_print), pkclist.c (do_edit_ownertrust), keyedit.c (menu_showphoto), photoid.c (generate_photo_id, show_photos), misc.c (pct_expando): Add %v and %V expandos so that displaying photo IDs can show the attribute validity tag (%v) and string (%V). Originally by Daniel Gillmor.
2008-10-03 21:54:30 +02:00
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
* 2008 Free Software Foundation, Inc.
initially checkin
1997-11-18 15:06:00 +01:00
*
See ChangeLog: Wed Dec 23 13:34:22 CET 1998 Werner Koch
1998-12-23 13:41:40 +01:00
* This file is part of GnuPG.
initially checkin
1997-11-18 15:06:00 +01:00
*
See ChangeLog: Wed Dec 23 13:34:22 CET 1998 Werner Koch
1998-12-23 13:41:40 +01:00
* GnuPG is free software; you can redistribute it and/or modify
initially checkin
1997-11-18 15:06:00 +01:00
* it under the terms of the GNU General Public License as published by
Switched to GPLv3. Updated gettext.
2007-10-23 12:48:09 +02:00
* the Free Software Foundation; either version 3 of the License, or
initially checkin
1997-11-18 15:06:00 +01:00
* (at your option) any later version.
*
See ChangeLog: Wed Dec 23 13:34:22 CET 1998 Werner Koch
1998-12-23 13:41:40 +01:00
* GnuPG is distributed in the hope that it will be useful,
initially checkin
1997-11-18 15:06:00 +01:00
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Switched to GPLv3. Updated gettext.
2007-10-23 12:48:09 +02:00
* along with this program; if not, see <http://www.gnu.org/licenses/>.
initially checkin
1997-11-18 15:06:00 +01:00
*/
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
#ifndef G10_MAIN_H
#define G10_MAIN_H
#include "types.h"
IDEA removed, signing works
1997-11-24 12:04:11 +01:00
#include "iobuf.h"
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
#include "mpi.h"
#include "cipher.h"
added some stuff for signing keys
1997-12-16 20:15:09 +01:00
#include "keydb.h"
ElGamal funktioniert und ist default
1997-11-24 23:24:04 +01:00
* g10.c (add_notation_data): Disallow notation names that do not contain a '@', unless --expert is set. This is to help prevent people from polluting the (as yet unused) IETF namespace. * main.h: Comments about default algorithms. * photoid.c (image_type_to_string): Comments about 3-letter file extensions.
2002-11-24 02:49:32 +01:00
/* It could be argued that the default cipher should be 3DES rather
gpg: Change default cipher for --symmetric from CAST5 to AES-128. * g10/main.h (DEFAULT_CIPHER_ALGO): Change to AES or CAST5 or 3DES depending on configure options. * g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO. -- (cherry picked from commit 57df1121c18b004dd763b35eabf7b51fc9e8ec38) Signed-off-by: Werner Koch <wk@gnupg.org>
2014-08-18 11:45:00 +02:00
than AES128, and the default compression should be 0
* main.h: Create S2K_DIGEST_ALGO macro so we do not need to always set opt.s2k_digest_algo. This helps fix a problem with PGP 2.x encrypted symmetric messages. Change all callers (encode.c, g10.c, keyedit.c, keygen.c, passphrase.c, sign.c). * armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent in some more quoted strings. Always use 'user ID', not 'user id', "quotes" for user IDs, etc.
2004-09-24 22:34:38 +02:00
(i.e. uncompressed) rather than 1 (zip). However, the real world
issues of speed and size come into play here. */
gpg: Change default cipher for --symmetric from CAST5 to AES-128. * g10/main.h (DEFAULT_CIPHER_ALGO): Change to AES or CAST5 or 3DES depending on configure options. * g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO. -- (cherry picked from commit 57df1121c18b004dd763b35eabf7b51fc9e8ec38) Signed-off-by: Werner Koch <wk@gnupg.org>
2014-08-18 11:45:00 +02:00
#if USE_AES
# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES
#elif USE_CAST5
# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5
#else
# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES
#endif
* main.h: Create S2K_DIGEST_ALGO macro so we do not need to always set opt.s2k_digest_algo. This helps fix a problem with PGP 2.x encrypted symmetric messages. Change all callers (encode.c, g10.c, keyedit.c, keygen.c, passphrase.c, sign.c). * armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent in some more quoted strings. Always use 'user ID', not 'user id', "quotes" for user IDs, etc.
2004-09-24 22:34:38 +02:00
#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1
#define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP
#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
#define S2K_DIGEST_ALGO (opt.s2k_digest_algo?opt.s2k_digest_algo:DEFAULT_S2K_DIGEST_ALGO)
added more stuff
1998-01-02 21:40:10 +01:00
* g10.c (main): Add --symmetric --sign --encrypt. * main.h, encode.c (setup_symkey): New. Prompt for a passphrase and create a DEK for symmetric encryption. (write_symkey_enc): New. Write out symmetrically encrypted session keys. (encode_crypt, encrypt_filter): Use them here here when creating a message that can be decrypted with a passphrase or a pk. * sign.c (sign_file): Call setup_symkey if we are doing a --symmetric --sign --encrypt.
2003-11-13 03:54:12 +01:00
typedef struct
{
int header_okay;
PK_LIST pk_list;
DEK *symkey_dek;
STRING2KEY *symkey_s2k;
cipher_filter_context_t cfx;
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
} encrypt_filter_context_t;
See ChangeLog: Wed Dec 8 21:58:32 CET 1999 Werner Koch
1999-12-08 22:03:03 +01:00
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
struct groupitem
{
char *name;
STRLIST values;
struct groupitem *next;
};
added more stuff
1998-01-02 21:40:10 +01:00
gpg: Add option --weak-digest to gpg and gpgv. * g10/options.h: Add weak_digests linked list to opts. * g10/main.h: Declare weakhash linked list struct and additional_weak_digest() function to insert newly-declared weak digests into opts. * g10/misc.c: (additional_weak_digest): New function. (print_digest_algo_note): Check for deprecated digests. * g10/sig-check.c: (do_check): Reject all weak digests. * g10/gpg.c: Add --weak-digest option to gpg. * doc/gpg.texi: Document gpg --weak-digest option. * g10/gpgv.c: Add --weak-digest option to gpgv. * doc/gpgv.texi: Document gpgv --weak-digest option. -- gpg and gpgv treat signatures made over MD5 as unreliable, unless the user supplies --allow-weak-digests to gpg. Signatures over any other digest are considered acceptable. Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC 4880, the collision-resistance of SHA-1 is weaker than anyone would like it to be. Some operators of high-value targets that depend on OpenPGP signatures may wish to require their signers to use a stronger digest algorithm than SHA1, even if the OpenPGP ecosystem at large cannot deprecate SHA1 entirely today. This changeset adds a new "--weak-digest DIGEST" option for both gpg and gpgv, which makes it straightforward for anyone to treat any signature or certification made over the specified digest as unreliable. This option can be supplied multiple times if the operator wishes to deprecate multiple digest algorithms, and will be ignored completely if the operator supplies --allow-weak-digests (as before). MD5 is always considered weak, regardless of any further --weak-digest options supplied. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> (this is a rough cherry-pick of applying the following commits to STABLE-BRANCH-1-4: 76afaed65e3b0ddfa4923cb577ada43217dd4b18 b98939812abf6c643c752ce7c325f98039a1a9e2 91015d021b3dcbe21ad0e580a4f34c523abf9e72 )
2015-10-27 05:01:32 +01:00
struct weakhash
{
int algo;
int rejection_shown;
struct weakhash *next;
};
* options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data): Use it here for the various notation commands. * packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c (string_to_notation, sig_to_notation) (free_notation): New "one stop shopping" functions to handle notations and start removing some code duplication.
2006-03-09 00:30:12 +01:00
/*-- gpg.c --*/
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
extern int g10_errors_seen;
Some bug fixes of the last release
1998-11-10 13:59:59 +01:00
version 0.2.1
1998-01-28 17:09:43 +01:00
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
void g10_exit(int rc) __attribute__ ((noreturn));
version 0.2.1
1998-01-28 17:09:43 +01:00
#else
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
void g10_exit(int rc);
version 0.2.1
1998-01-28 17:09:43 +01:00
#endif
See ChangeLog: Thu Dec 10 20:15:36 CET 1998 Werner Koch
1998-12-10 20:20:47 +01:00
void print_pubkey_algo_note( int algo );
void print_cipher_algo_note( int algo );
void print_digest_algo_note( int algo );
gpg: Add option --weak-digest to gpg and gpgv. * g10/options.h: Add weak_digests linked list to opts. * g10/main.h: Declare weakhash linked list struct and additional_weak_digest() function to insert newly-declared weak digests into opts. * g10/misc.c: (additional_weak_digest): New function. (print_digest_algo_note): Check for deprecated digests. * g10/sig-check.c: (do_check): Reject all weak digests. * g10/gpg.c: Add --weak-digest option to gpg. * doc/gpg.texi: Document gpg --weak-digest option. * g10/gpgv.c: Add --weak-digest option to gpgv. * doc/gpgv.texi: Document gpgv --weak-digest option. -- gpg and gpgv treat signatures made over MD5 as unreliable, unless the user supplies --allow-weak-digests to gpg. Signatures over any other digest are considered acceptable. Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC 4880, the collision-resistance of SHA-1 is weaker than anyone would like it to be. Some operators of high-value targets that depend on OpenPGP signatures may wish to require their signers to use a stronger digest algorithm than SHA1, even if the OpenPGP ecosystem at large cannot deprecate SHA1 entirely today. This changeset adds a new "--weak-digest DIGEST" option for both gpg and gpgv, which makes it straightforward for anyone to treat any signature or certification made over the specified digest as unreliable. This option can be supplied multiple times if the operator wishes to deprecate multiple digest algorithms, and will be ignored completely if the operator supplies --allow-weak-digests (as before). MD5 is always considered weak, regardless of any further --weak-digest options supplied. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> (this is a rough cherry-pick of applying the following commits to STABLE-BRANCH-1-4: 76afaed65e3b0ddfa4923cb577ada43217dd4b18 b98939812abf6c643c752ce7c325f98039a1a9e2 91015d021b3dcbe21ad0e580a4f34c523abf9e72 )
2015-10-27 05:01:32 +01:00
void additional_weak_digest (const char* digestname);
version 0.2.1
1998-01-28 17:09:43 +01:00
See ChangeLog: Fri Feb 26 17:55:41 CET 1999 Werner Koch
1999-02-26 17:59:48 +01:00
/*-- armor.c --*/
char *make_radix64_string( const byte *data, size_t len );
gpg: Print better diagnostics for keyserver operations. * g10/armor.c (parse_key_failed_line): New. (check_input): Watch out for gpgkeys_ error lines. * g10/filter.h (armor_filter_context_t): Add field key_failed_code. * g10/import.c (import): Add arg r_gpgkeys_err. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_errstr): New. (keyserver_spawn): Detect "KEY " lines while sending. Get gpgkeys_err while receiving keys. (keyserver_work): Add kludge for better error messages. -- GnuPG-bug-id: 1832 Note that these changes can be backported to 1.4 but they don't make sense for 2.1 due to the removal of the keyserver helpers. The error reporting could be improved even more but given that this is an old GnuPG branch it is not justified to put too much effort into it. Signed-off-by: Werner Koch <wk@gnupg.org> [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-02-22 05:10:34 +01:00
int parse_key_failed_line (const void *lineptr, unsigned int len);
See ChangeLog: Fri Feb 26 17:55:41 CET 1999 Werner Koch
1999-02-26 17:59:48 +01:00
cipher reorganisiert
1998-04-07 20:16:10 +02:00
/*-- misc.c --*/
new release
1998-05-15 20:49:19 +02:00
void trap_unaligned(void);
See ChangeLog: Mon Sep 18 16:35:45 CEST 2000 Werner Koch
2000-09-18 16:35:34 +02:00
int disable_core_dumps(void);
Added SELInux hacks and did some cleanups.
2004-10-13 20:10:06 +02:00
void register_secured_file (const char *fname);
void unregister_secured_file (const char *fname);
int is_secured_file (int fd);
* misc.c (is_secured_filename): New. * keydb.c (maybe_create_keyring) * tdbio.c (tdbio_set_dbname) * plaintext.c (handle_plaintext) * openfile.c (copy_options_file, open_outfile) * exec.c (exec_write) * keygen.c (do_generate_keypair, gen_card_key_with_backup) * sign.c (sign_file, clearsign_file) * keyring.c (create_tmp_file, do_copy): Check for secured files before creating them. * keygen.c (print_status_key_created): s/unsigned char/byte/ due to a strange typedef for RISC OS. Noted by Stefan.
2004-10-14 09:11:57 +02:00
int is_secured_filename (const char *fname);
cipher reorganisiert
1998-04-07 20:16:10 +02:00
u16 checksum_u16( unsigned n );
u16 checksum( byte *p, unsigned n );
u16 checksum_mpi( MPI a );
nearly ready for 0.3.0
1998-06-25 12:19:08 +02:00
u32 buffer_to_u32( const byte *buffer );
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
const byte *get_session_marker( size_t *rlen );
See ChangeLog: Tue Oct 26 14:10:21 CEST 1999 Werner Koch
1999-10-26 14:14:37 +02:00
int openpgp_cipher_test_algo( int algo );
See ChangeLog: Sat Nov 13 17:44:23 CET 1999 Werner Koch
1999-11-13 17:43:23 +01:00
int openpgp_pk_test_algo( int algo, unsigned int usage_flags );
See ChangeLog: Mon Sep 18 16:35:45 CEST 2000 Werner Koch
2000-09-18 16:35:34 +02:00
int openpgp_pk_algo_usage ( int algo );
See ChangeLog: Tue Oct 26 14:10:21 CEST 1999 Werner Koch
1999-10-26 14:14:37 +02:00
int openpgp_md_test_algo( int algo );
* g10.c (main): Accept "s1" in addition to "idea" to match the other ciphers. * main.h, misc.c (idea_cipher_warn): We don't need this if IDEA has been disabled.
2003-02-22 14:00:18 +01:00
2009-08-03 19:47:18 +02:00
void md5_digest_warn (int show);
void not_in_gpg1_notice (void);
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
struct expando_args
{
PKT_public_key *pk;
PKT_secret_key *sk;
byte imagetype;
* main.h, mainproc.c (check_sig_and_print), keylist.c (list_keyblock_print), pkclist.c (do_edit_ownertrust), keyedit.c (menu_showphoto), photoid.c (generate_photo_id, show_photos), misc.c (pct_expando): Add %v and %V expandos so that displaying photo IDs can show the attribute validity tag (%v) and string (%V). Originally by Daniel Gillmor.
2008-10-03 21:54:30 +02:00
int validity_info;
const char *validity_string;
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
};
char *pct_expando(const char *string,struct expando_args *args);
void deprecated_warning(const char *configname,unsigned int configlineno,
const char *option,const char *repl1,const char *repl2);
* g10.c (main, add_notation_data, add_policy_url) (add_keyserver_url): Use isascii() to protect the isfoo macros and to replace direct tests. Possible problems noted by Christian Biere. * keyserver.c (parse_keyserver_uri): Ditto. * g10.c (main): Declare --pipemode deprecated. * misc.c (deprecated_command): New.
2005-04-11 20:24:09 +02:00
void deprecated_command (const char *name);
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
const char *compress_algo_to_string(int algo);
* keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the full algorithm name (CAST5, SHA1) rather than the short form (S3, H2). * main.h, keygen.c (keygen_get_std_prefs), keyedit.c (keyedit_menu): Return and use a fake uid packet rather than a string since we already have a nice parser/printer in keyedit.c:show_prefs. * main.h, misc.c (string_to_compress_algo): New.
2002-11-03 01:00:42 +01:00
int string_to_compress_algo(const char *string);
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
int check_compress_algo(int algo);
* main.h, misc.c (default_cipher_algo, default_compress_algo): New. Return the default algorithm by trying --cipher-algo/--compress-algo, then the first item in the pref list, then s2k-cipher-algo or ZIP. * sign.c (sign_file, sign_symencrypt_file), encode.c (encode_simple, encode_crypt): Call default_cipher_algo and default_compress_algo to get algorithms. * g10.c (main): Allow pref selection for compress algo with --openpgp.
2002-11-25 05:24:41 +01:00
int default_cipher_algo(void);
int default_compress_algo(void);
* packet.h, build-packet.c (build_sig_subpkt), export.c (do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old sig cache subpacket. This wasn't completely harmless as it caused subpacket 101 to disappear on import and export. * options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c, encode.c, getkey.c, revoke.c: The current flags for different levels of PGP-ness are massively complex. This is step one in simplifying them. No functional change yet, just use a macro to check for compliance level. * sign.c (sign_file): Fix bug that causes spurious compression preference warning. * sign.c (clearsign_file): Fix bug that prevents proper warning message from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key. * main.h, misc.c (compliance_option_string, compliance_string, compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file, clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New functions to put the "this message may not be usable...." warning in one place. * options.h, g10.c (main): Part two of the simplification. Use a single enum to indicate what we are compliant to (1991, 2440, PGPx, etc.) * g10.c (main): Show errors for failure in export, send-keys, recv-keys, and refresh-keys. * options.h, g10.c (main): Give algorithm warnings for algorithms chosen against the --pgpX and --openpgp rules. * keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp mode. * sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of 0.
2003-05-03 06:07:45 +02:00
const char *compliance_option_string(void);
* main.h, misc.c (parse_options): New general option line parser. Fix the bug in the old version that did not handle report syntax errors after a valid entry. * import.c (parse_import_options), export.c (parse_export_options): Call it here instead of duplicating the code.
2003-05-31 23:52:16 +02:00
void compliance_failure(void);
struct parse_options
{
char *name;
unsigned int bit;
* keyserver.c (argsep): Move to misc.c. * main.h, misc.c (parse_options), export.c (parse_export_options), import.c (parse_import_options), g10.c (main): Use it here to allow for options with optional arguments. Change all callers.
2004-02-14 06:03:45 +01:00
char **value;
* main.h, misc.c (parse_options): Add the ability to have help strings in xxx-options commands. * keyserver.c (keyserver_opts), import.c (parse_import_options), export.c (parse_export_options), g10.c (parse_list_options, main): Add help strings to xxx-options.
2005-09-15 00:31:21 +02:00
char *help;
* main.h, misc.c (parse_options): New general option line parser. Fix the bug in the old version that did not handle report syntax errors after a valid entry. * import.c (parse_import_options), export.c (parse_export_options): Call it here instead of duplicating the code.
2003-05-31 23:52:16 +02:00
};
* main.h, misc.c (optsep, argsplit, optlen, parse_options): Simplify code and properly handle a partial match against an option with an argument. * keyserver-internal.h, keyserver.c (parse_keyserver_options): Use new optsep and argsplit functions.
2004-04-16 17:19:35 +02:00
char *optsep(char **stringp);
char *argsplit(char *string);
* main.h, misc.c (parse_options): Add a "noisy" flag to enable and disable the messages about which option didn't match or matched ambiguously. Change all callers (g10.c, keyserver.c). * main.h, import.c (import_options), export.c (export_options): Pass the noisy flag through.
2003-12-28 04:46:43 +01:00
int parse_options(char *str,unsigned int *options,
struct parse_options *opts,int noisy);
* passphrase.c (ask_passphrase): Unescape the description string. * cardglue.c (unescape_status_string): Removed. Changed all caller to use ... * misc.c (unescape_percent_string): New.
2005-05-24 14:39:42 +02:00
char *unescape_percent_string (const unsigned char *s);
* g10.c (i18n_init) [W32]: Pass registry key to gettext initialization. * gpgv.c (i18n_init) [W32]: Ditto. * simple-gettext.c (set_gettext_file): Use MO files depending on the installation directory. Add new arg REGKEY.
2005-01-20 12:42:03 +01:00
char *default_homedir (void);
* configure.ac [W32]: Always set DISABLE_KEYSERVER_PATH. * export.c (parse_export_options): New option export-reset-subkey-passwd. (do_export_stream): Implement it. * misc.c (get_libexecdir): New. * keyserver.c (keyserver_spawn): Use it
2005-07-19 10:50:28 +02:00
const char *get_libexecdir (void);
* Makefile.am: No need to link with curl any longer. * main.h, misc.c (path_access): New. Same as access() but does a PATH search like execlp. * keyserver.c (curl_can_handle): Removed. Replaced by... (curl_cant_handle): We are now relying on curl as the handler of last resort. This is necessary because PGP LDAP and curl LDAP are apples and oranges. (keyserver_typemap): Only test for ldap and ldaps. (keyserver_spawn): If a given handler is unusable (as determined by path_access()) then try gpgkeys_curl.
2005-08-21 22:58:46 +02:00
int path_access(const char *file,int mode);
* g10.c (i18n_init) [W32]: Pass registry key to gettext initialization. * gpgv.c (i18n_init) [W32]: Ditto. * simple-gettext.c (set_gettext_file): Use MO files depending on the installation directory. Add new arg REGKEY.
2005-01-20 12:42:03 +01:00
See ChangeLog: Fri Nov 27 12:39:29 CET 1998 Werner Koch
1998-11-27 12:42:49 +01:00
/*-- helptext.c --*/
void display_online_help( const char *keyword );
initially checkin
1997-11-18 15:06:00 +01:00
/*-- encode.c --*/
* g10.c (main): Add --symmetric --sign --encrypt. * main.h, encode.c (setup_symkey): New. Prompt for a passphrase and create a DEK for symmetric encryption. (write_symkey_enc): New. Write out symmetrically encrypted session keys. (encode_crypt, encrypt_filter): Use them here here when creating a message that can be decrypted with a passphrase or a pk. * sign.c (sign_file): Call setup_symkey if we are doing a --symmetric --sign --encrypt.
2003-11-13 03:54:12 +01:00
int setup_symkey(STRING2KEY **symkey_s2k,DEK **symkey_dek);
initially checkin
1997-11-18 15:06:00 +01:00
int encode_symmetric( const char *filename );
int encode_store( const char *filename );
* g10.c (main): Add --symmetric --encrypt command. This generates a message that can be decrypted via a passphrase or public key system. * main.h, encode.c (encode_seskey): Allow passing in an already-created session key dek. (encode_simple): Use the actual symmetric cipher when encrypting a session key for a symmetric message. (encode_crypt): Add a flag to trigger a hybrid mode that can be decrypted via a passphrase or a pk. Change all callers. * mainproc.c (symkey_decrypt_sesskey): There is no way to tell the difference here between a bad passphrase and a cipher algorithm that we don't have, so use a error message that makes that clear. Use the actual list of ciphers when checking whether a cipher is invalid. Return error if the decrypted cipher algorithm is invalid. (proc_symkey_enc): In a mixed passphrase/pk message, if a valid dek already exists from decrypting via pk, do not try to process the passphrase. (proc_symkey_enc): Indicate when we're decrypting a session key as opposed to decrypting data. If a passphrase is invalid, discard the dek so we'll keep trying.
2003-10-26 04:26:14 +01:00
int encode_crypt( const char *filename, STRLIST remusr, int use_symkey );
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
void encode_crypt_files(int nfiles, char **files, STRLIST remusr);
added more stuff
1998-01-02 21:40:10 +01:00
int encrypt_filter( void *opaque, int control,
IOBUF a, byte *buf, size_t *ret_len);
initially checkin
1997-11-18 15:06:00 +01:00
IDEA removed, signing works
1997-11-24 12:04:11 +01:00
/*-- sign.c --*/
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
int complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md );
*** empty log message ***
1998-01-13 20:04:23 +01:00
int sign_file( STRLIST filenames, int detached, STRLIST locusr,
See ChangeLog: Tue Feb 16 14:10:02 CET 1999 Werner Koch
1999-02-16 14:16:33 +01:00
int do_encrypt, STRLIST remusr, const char *outfile );
armor rewritten, but still buggy
1998-02-04 19:54:31 +01:00
int clearsign_file( const char *fname, STRLIST locusr, const char *outfile );
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
int sign_symencrypt_file (const char *fname, STRLIST locusr);
new release
1998-04-09 13:19:09 +02:00
/*-- sig-check.c --*/
Import from stable branch. 2002-09-13 David Shaw <dshaw@jabberwocky.com> * getkey.c (check_revocation_keys): Move.... * main.h, sig-check.c (check_revocation_keys): to here. Also return the signature_check error code rather than 0/1 and cache the sig result. * sig-check.c (check_key_signature2): Divert to check_revocation_keys if a revocation sig is made by someone other than the pk owner. * getkey.c (merge_selfsigs_main): Tidy. 2002-09-13 Werner Koch <wk@gnupg.org> * g10.c (main) [__MINGW32__]: Activate oLoadExtension.
2002-09-13 14:59:31 +02:00
int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig);
* keygen.c (make_backsig): If DO_BACKSIGS is not defined, do not create backsigs. * getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs and verify they are valid. If DO_BACKSIGS is not defined, fake this as always valid. * packet.h, parse-packet.c (parse_signature): Make parse_signature non-static so we can parse 0x19s in self-sigs. * main.h, sig-check.c (check_backsig): Check a 0x19 signature. (signature_check2): Give a backsig warning if there is no or a bad 0x19 with signatures from a subkey.
2004-04-23 05:25:58 +02:00
int check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
PKT_signature *backsig);
new release
1998-04-09 13:19:09 +02:00
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
* getkey.c (merge_selfsigs_main), main.h, sig-check.c (check_key_signature2): Pass the ultimately trusted pk directly to check_key_signature2 to avoid going through the key selection mechanism. This prevents a deadly embrace when two keys without selfsigs each sign the other.
2002-12-29 16:58:44 +01:00
int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
* packet.h, main.h, sig-check.c (signature_check2, check_key_signature2, do_check): If ret_pk is set, fill in the pk used to verify the signature. Change all callers in getkey.c, mainproc.c, and sig-check.c. * keylist.c (list_keyblock_colon): Use the ret_pk from above to put the fingerprint of the signing key in "sig" records during a --with-colons --check-sigs. This requires --no-sig-cache as well since we don't cache fingerprints.
2003-07-20 02:10:13 +02:00
PKT_public_key *ret_pk, int *is_selfsig,
u32 *r_expiredate, int *r_expired );
new release
1998-04-09 13:19:09 +02:00
*** empty log message ***
1998-09-11 07:47:32 +02:00
/*-- delkey.c --*/
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
int delete_keys( STRLIST names, int secret, int allow_both );
*** empty log message ***
1998-09-11 07:47:32 +02:00
/*-- keyedit.c --*/
* main.h, keyedit.c (keyedit_menu): Remove sign_mode and enhance the more general command list functionality to replace it. * g10.c (main): Use the general command functionality to implement --sign-key, --lsign-key, --nrsign-key, and --nrlsign-key.
2004-02-12 19:32:09 +01:00
void keyedit_menu( const char *username, STRLIST locusr,
STRLIST commands, int quiet, int seckey_check );
* getkey.c (get_user_id_native): Renamed to .. (get_user_id_printable): this. Filter out all dangerous characters. Checked all usages. (get_user_id_string_native): Renamed to.. (get_user_id_string_printable): this. Filter out all dangerous characters. Checked all usages. * keyedit.c (show_basic_key_info): New. * keylist.c (print_fingerprint): New mode 3. * import.c (import_one): Use new function to display the user ID.
2002-08-19 10:28:00 +02:00
void show_basic_key_info (KBNODE keyblock);
IDEA removed, signing works
1997-11-24 12:04:11 +01:00
initially checkin
1997-11-18 15:06:00 +01:00
/*-- keygen.c --*/
* main.h, keygen.c (ask_expire_interval, parse_expire_string): Pass in the time to use to calculate the expiration offset, rather than querying it internally. Change all callers.
2007-02-01 20:32:16 +01:00
u32 parse_expire_string(u32 timestamp,const char *string);
u32 ask_expire_interval(u32 timestamp,int object,const char *def_expire);
Note: I have not fully tested the new key creation due to a pc/sc error. However the backupfile has been created successfully. * rsa.c (rsa_generate): Return the dummy list of factors only if the caller asked for it. * card_util.c (generate_card_keys): ask whether backup should be created. (card_store_subkey): Factored some code out to .. * keygen.c (save_unprotected_key_to_card): .. new function. (gen_card_key_with_backup): New. (generate_raw_key): New. (generate_keypair): New arg BACKUP_ENCRYPTION_DIR. Changed all callers. (do_generate_keypair): Divert to gen_card_key_with_backup when desired.
2004-09-23 21:34:45 +02:00
void generate_keypair( const char *fname, const char *card_serialno,
const char *backup_encryption_dir );
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
int keygen_set_std_prefs (const char *string,int personal);
* keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the full algorithm name (CAST5, SHA1) rather than the short form (S3, H2). * main.h, keygen.c (keygen_get_std_prefs), keyedit.c (keyedit_menu): Return and use a fake uid packet rather than a string since we already have a nice parser/printer in keyedit.c:show_prefs. * main.h, misc.c (string_to_compress_algo): New.
2002-11-03 01:00:42 +01:00
PKT_user_id *keygen_get_std_prefs (void);
* main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) change. Minimal isn't always best. * sign.c (update_keysig_packet): Use the current time rather then a modification of the original signature time. Make sure that this doesn't cause a time warp. * keygen.c (keygen_add_key_expire): Properly handle a key expiration date in the past (use a duration of 0). * keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets are maintained during the update. * build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle making an expiration subpacket from a sig that has already expired (use a duration of 0). * packet.h, sign.c (update_keysig_packet), keyedit.c (menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18 subkey binding sigs to update_keysig_packet and change all callers.
2002-12-04 19:50:10 +01:00
int keygen_add_key_expire( PKT_signature *sig, void *opaque );
edit-key is now complete
1998-07-29 21:35:05 +02:00
int keygen_add_std_prefs( PKT_signature *sig, void *opaque );
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
int keygen_upd_std_prefs( PKT_signature *sig, void *opaque );
* main.h, keygen.c (keygen_add_keyserver_url): Signature callback for adding a keyserver URL. * keyedit.c (keyedit_menu, menu_set_keyserver_url): New command to set preferred keyserver to specified (or all) user IDs. * build-packet.c (build_sig_subpkt): Set preferred keyserver flag while building a preferred keyserver subpacket. * keylist.c (show_policy_url): Policy URLs might be UTF8. * keyedit.c (menu_addrevoker): Fix leaking a few bytes.
2003-08-31 05:45:41 +02:00
int keygen_add_keyserver_url(PKT_signature *sig, void *opaque);
* options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data): Use it here for the various notation commands. * packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c (string_to_notation, sig_to_notation) (free_notation): New "one stop shopping" functions to handle notations and start removing some code duplication.
2006-03-09 00:30:12 +01:00
int keygen_add_notations(PKT_signature *sig,void *opaque);
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
int keygen_add_revkey(PKT_signature *sig, void *opaque);
* keyedit.c (keyedit_menu, menu_backsign): New "backsign" command to add 0x19 backsigs to old keys that don't have them. * misc.c (parse_options): Fix build warning. * main.h, keygen.c (make_backsig): Make public.
2005-10-14 06:07:13 +02:00
int make_backsig(PKT_signature *sig,PKT_public_key *pk,
First set of changes to backport the new card code from 2.0. For compatibility reasons a few new files had to be added. Also added estream-printf as this is now used in app-openpgp.c and provides a better and generic asprintf implementation than the hack we used for the W32 code in ttyio.c. Card code is not yet finished.
2009-07-21 16:30:13 +02:00
PKT_public_key *sub_pk,PKT_secret_key *sub_sk,
u32 timestamp);
edit-key is now complete
1998-07-29 21:35:05 +02:00
int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock );
* gpg.sgml: Document -K. * g10.c: Make -K an alias for --list-secret-keys. * keylist.c (print_card_serialno): New. Taken from gnupg 1.9.11. (list_keyblock_print): Make use of it. * keyedit.c (show_key_with_all_names): Print the card S/N. * keyedit.c (keyedit_menu): New command ADDCARDKEY. * card-util.c (card_generate_subkey): New. * keygen.c (generate_card_subkeypair): New. (gen_card_key): New arg IS_PRIMARY; changed all callers. * cardglue.c (open_card): Use shutdown code if possible. (check_card_serialno): Ditto.
2004-09-20 20:38:39 +02:00
#ifdef ENABLE_CARD_SUPPORT
int generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
int keyno, const char *serialno);
Note: I have not fully tested the new key creation due to a pc/sc error. However the backupfile has been created successfully. * rsa.c (rsa_generate): Return the dummy list of factors only if the caller asked for it. * card_util.c (generate_card_keys): ask whether backup should be created. (card_store_subkey): Factored some code out to .. * keygen.c (save_unprotected_key_to_card): .. new function. (gen_card_key_with_backup): New. (generate_raw_key): New. (generate_keypair): New arg BACKUP_ENCRYPTION_DIR. Changed all callers. (do_generate_keypair): Divert to gen_card_key_with_backup when desired.
2004-09-23 21:34:45 +02:00
int save_unprotected_key_to_card (PKT_secret_key *sk, int keyno);
* gpg.sgml: Document -K. * g10.c: Make -K an alias for --list-secret-keys. * keylist.c (print_card_serialno): New. Taken from gnupg 1.9.11. (list_keyblock_print): Make use of it. * keyedit.c (show_key_with_all_names): Print the card S/N. * keyedit.c (keyedit_menu): New command ADDCARDKEY. * card-util.c (card_generate_subkey): New. * keygen.c (generate_card_subkeypair): New. (gen_card_key): New arg IS_PRIMARY; changed all callers. * cardglue.c (open_card): Use shutdown code if possible. (check_card_serialno): Ditto.
2004-09-20 20:38:39 +02:00
#endif
initially checkin
1997-11-18 15:06:00 +01:00
IDEA removed, signing works
1997-11-24 12:04:11 +01:00
/*-- openfile.c --*/
initially checkin
1997-11-18 15:06:00 +01:00
int overwrite_filep( const char *fname );
See ChangeLog: Tue Jun 1 16:01:46 CEST 1999 Werner Koch
1999-06-01 16:08:57 +02:00
char *make_outfile_name( const char *iname );
See ChangeLog: Thu Jul 1 12:47:31 CEST 1999 Werner Koch
1999-07-01 12:53:35 +02:00
char *ask_outfile_name( const char *name, size_t namelen );
bug fix release
1998-08-11 19:29:34 +02:00
int open_outfile( const char *iname, int mode, IOBUF *a );
gpg: Make the use of "--verify FILE" for detached sigs harder. * g10/openfile.c (open_sigfile): Factor some code out to ... (get_matching_datafile): new function. * g10/plaintext.c (hash_datafiles): Do not try to find matching file in batch mode. * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly matching data file is not used by a standard signatures. -- Allowing to use the abbreviated form for detached signatures is a long standing bug which has only been noticed by the public with the release of 2.1.0. :-( What we do is to remove the ability to check detached signature in --batch using the one file abbreviated mode. This should exhibit problems in scripts which use this insecure practice. We also print a warning if a matching data file exists but was not considered because the detached signature was actually a standard signature: gpgv: Good signature from "Werner Koch (dist sig)" gpgv: WARNING: not a detached signature; \ file 'gnupg-2.1.0.tar.bz2' was NOT verified! We can only print a warning because it is possible that a standard signature is indeed to be verified but by coincidence a file with a matching name is stored alongside the standard signature. Reported-by: Simon Nicolussi (to gnupg-users on Nov 7) Signed-off-by: Werner Koch <wk@gnupg.org> (backported from commit 69384568f66a48eff3968bb1714aa13925580e9f) Updated doc/gpg.texi.
2014-11-14 09:36:19 +01:00
char *get_matching_datafile (const char *sigfilename);
* Makefile.am (AM_CFLAGS): Make use of AM_CFLAGS and AM_LDFLAGS. * g10.c, options.h: New option --enable-progress-filter. * progress.c (handle_progress): Make use of it.
2003-04-15 17:46:13 +02:00
IOBUF open_sigfile( const char *iname, progress_filter_context_t *pfx );
See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner Koch
2000-07-14 19:34:53 +02:00
void try_make_homedir( const char *fname );
initially checkin
1997-11-18 15:06:00 +01:00
ElGamal funktioniert und ist default
1997-11-24 23:24:04 +01:00
/*-- seskey.c --*/
void make_session_key( DEK *dek );
MPI encode_session_key( DEK *dek, unsigned nbits );
* sig-check.c (do_check): Code to try both the incorrect and correct SHA-224 DER prefixes when verifying a signature. See the change itself for more discussion. * main.h, seskey.c (do_encode_md): Rename to pkcs1_encode_md and make non-static.
2007-11-29 00:08:35 +01:00
MPI pkcs1_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
const byte *asn, size_t asnlen );
* main.h, seskey.c (encode_md_value): Modify to allow a q size greater than 160 bits as per DSA2. This will allow us to verify and issue DSA2 signatures for some backwards compatibility once we start generating DSA2 keys. * sign.c (do_sign), sig-check.c (do_check): Change all callers. * sign.c (do_sign): Enforce the 160-bit check for new signatures here since encode_md_value can handle non-160-bit digests now. This will need to come out once the standard for DSA2 is firmed up.
2006-03-30 21:20:59 +02:00
MPI encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
MD_HANDLE md, int hash_algo );
ElGamal funktioniert und ist default
1997-11-24 23:24:04 +01:00
added some trust model stuff
1998-01-16 22:15:24 +01:00
/*-- import.c --*/
Screen keyserver responses. * g10/main.h: Typedef import_filter for filter callbacks. * g10/import.c (import): Add filter callbacks to param list. (import_one): Ditto. (import_secret_one): Ditto. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_retrieval_filter): New. (keyserver_spawn): Pass filter to import_keys_stream() -- These changes introduces import functions that apply a constraining filter to imported keys. These filters can verify the fingerprints of the keys returned before importing them into the keyring, ensuring that the keys fetched from the keyserver are in fact those selected by the user beforehand. Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de> Re-indention and minor changes by wk.
2014-01-30 00:57:43 +01:00
gpg: Fix regression due to the keyserver import filter. * g10/keyserver.c (keyserver_retrieval_filter): Change args. Rewrite to take subpakets in account. * g10/import.c (import_one, import_secret_one): Pass keyblock to filter. -- GnuPG-bug-id: 1680 Resolved conflicts: g10/main.h - s/import_filter/import_filter_t/g
2014-08-06 17:11:21 +02:00
typedef int (*import_filter_t)(kbnode_t keyblock, void *arg);
Screen keyserver responses. * g10/main.h: Typedef import_filter for filter callbacks. * g10/import.c (import): Add filter callbacks to param list. (import_one): Ditto. (import_secret_one): Ditto. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_retrieval_filter): New. (keyserver_spawn): Pass filter to import_keys_stream() -- These changes introduces import functions that apply a constraining filter to imported keys. These filters can verify the fingerprints of the keys returned before importing them into the keyring, ensuring that the keys fetched from the keyserver are in fact those selected by the user beforehand. Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de> Re-indention and minor changes by wk.
2014-01-30 00:57:43 +01:00
* main.h, misc.c (parse_options): Add a "noisy" flag to enable and disable the messages about which option didn't match or matched ambiguously. Change all callers (g10.c, keyserver.c). * main.h, import.c (import_options), export.c (export_options): Pass the noisy flag through.
2003-12-28 04:46:43 +01:00
int parse_import_options(char *str,unsigned int *options,int noisy);
added fast-import to import-options
2002-09-23 15:03:52 +02:00
void import_keys( char **fnames, int nnames,
* main.h, import.c (parse_import_options, fix_hkp_corruption, import_one, delete_inv_parts), g10.c (main): New import-option "repair-hkp-subkey-bug", which repairs as much as possible the HKP mangling multiple subkeys bug. It is on by default for keyserver receives, and off by default for regular --import. * main.h, import.c (import, import_one, delete_inv_parts), hkp.c (hkp_ask_import), keyserver.c (keyserver_spawn): Use keyserver import options when doing keyserver receives.
2002-07-24 23:17:19 +02:00
void *stats_hd, unsigned int options );
Screen keyserver responses. * g10/main.h: Typedef import_filter for filter callbacks. * g10/import.c (import): Add filter callbacks to param list. (import_one): Ditto. (import_secret_one): Ditto. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_retrieval_filter): New. (keyserver_spawn): Pass filter to import_keys_stream() -- These changes introduces import functions that apply a constraining filter to imported keys. These filters can verify the fingerprints of the keys returned before importing them into the keyring, ensuring that the keys fetched from the keyserver are in fact those selected by the user beforehand. Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de> Re-indention and minor changes by wk.
2014-01-30 00:57:43 +01:00
int import_keys_stream (IOBUF inp,void *stats_hd,unsigned char **fpr,
size_t *fpr_len,unsigned int options,
gpg: Print better diagnostics for keyserver operations. * g10/armor.c (parse_key_failed_line): New. (check_input): Watch out for gpgkeys_ error lines. * g10/filter.h (armor_filter_context_t): Add field key_failed_code. * g10/import.c (import): Add arg r_gpgkeys_err. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_errstr): New. (keyserver_spawn): Detect "KEY " lines while sending. Get gpgkeys_err while receiving keys. (keyserver_work): Add kludge for better error messages. -- GnuPG-bug-id: 1832 Note that these changes can be backported to 1.4 but they don't make sense for 2.1 due to the removal of the keyserver helpers. The error reporting could be improved even more but given that this is an old GnuPG branch it is not justified to put too much effort into it. Signed-off-by: Werner Koch <wk@gnupg.org> [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-02-22 05:10:34 +01:00
import_filter_t filter, void *filter_arg,
int *r_gpgkeys_err);
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
void *import_new_stats_handle (void);
void import_release_stats_handle (void *p);
void import_print_stats (void *hd);
See ChangeLog: Sat May 22 22:47:26 CEST 1999 Werner Koch
1999-05-22 22:54:54 +02:00
int collapse_uids( KBNODE *keyblock );
See ChangeLog: Tue Jan 19 19:34:58 CET 1999 Werner Koch
1999-01-19 19:37:41 +01:00
Support the not anymore patented IDEA cipher algorithm. * cipher/idea.c: New. Take from Libgcrypt master and adjust for direct use in GnuPG. * cipher/idea-stub.c: Remove. * cipher/Makefile.am: Add idea.c and remove idea-stub.c rules. * configure.ac: Remove idea-stub code. * g10/gpg.c (check_permissions): Remove code path for ITEM==2. (main): Make --load-extension a dummy option. * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 compatibility mode. * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. * g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA. * g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA. * g10/status.h (STATUS_RSA_OR_IDEA): Remove. -- To keep the number of actually used algorithms low, we support IDEA only in a basically read-only way (unless --pgp2 is used during key generation). It does not make sense to suggest the use of this old 64 bit blocksize algorithm. However, there is old data available where it might be helpful to have IDEA available.
2012-11-08 13:25:02 +01:00
int auto_create_card_key_stub ( const char *serialnostr,
* gpgv.c (tty_fprintf): New stub. * card-util.c (card_status): Create asecret key stub on the fly and print more information about a card key. * import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New. * getkey.c (get_seckeyblock_byfprint): New. * keylist.c (print_card_key_info): New.
2005-01-20 18:21:40 +01:00
const unsigned char *fpr1,
const unsigned char *fpr2,
const unsigned char *fpr3);
added initial i18n stuff
1998-01-26 23:09:01 +01:00
/*-- export.c --*/
* main.h, misc.c (parse_options): Add a "noisy" flag to enable and disable the messages about which option didn't match or matched ambiguously. Change all callers (g10.c, keyserver.c). * main.h, import.c (import_options), export.c (export_options): Pass the noisy flag through.
2003-12-28 04:46:43 +01:00
int parse_export_options(char *str,unsigned int *options,int noisy);
* options.h, main.h, export.c (parse_export_options, do_export_stream), g10.c (main): add new --export-options option. Current flags are "include-non-rfc", "include-local-sigs", "include-attributes", and "include-sensitive-revkeys". * options.h, hkp.c (hkp_export), keyserver.c (parse_keyserver_options, keyserver_spawn): try passing unknown keyserver options to export options, and if successful, use them when doing a keyserver --send-key. * build-packet.c (build_sig_subpkt): We do not generate SIGSUBPKT_PRIV_VERIFY_CACHE anymore.
2002-07-22 21:07:21 +02:00
int export_pubkeys( STRLIST users, unsigned int options );
* keyserver.c (keyserver_spawn): Include various pieces of information about the key in the data sent to the keyserver helper. This allows the helper to use it in instructing a remote server which may not have any actual OpenPGP smarts in parsing keys. * main.h, export.c (export_pubkeys_stream, do_export_stream): Add ability to return only the first match in an exported keyblock for keyserver usage. This should be replaced at some point with a more flexible solution where each key can be armored seperately.
2003-02-26 18:11:24 +01:00
int export_pubkeys_stream( IOBUF out, STRLIST users,
KBNODE *keyblock_out, unsigned int options );
textual changes
1998-06-29 14:30:57 +02:00
int export_seckeys( STRLIST users );
See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner Koch
2000-07-14 19:34:53 +02:00
int export_secsubkeys( STRLIST users );
textual changes
1998-06-29 14:30:57 +02:00
some import functionality
1998-02-16 21:05:02 +01:00
/* dearmor.c --*/
int dearmor_file( const char *fname );
import works
1998-02-17 21:48:52 +01:00
int enarmor_file( const char *fname );
added some trust model stuff
1998-01-16 22:15:24 +01:00
some import functionality
1998-02-16 21:05:02 +01:00
/*-- revoke.c --*/
See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner Koch
2000-07-14 19:34:53 +02:00
struct revocation_reason_info;
some import functionality
1998-02-16 21:05:02 +01:00
int gen_revoke( const char *uname );
* free-packet.c (copy_secret_key): Copy secret key into secure memory since we may unprotect it. * main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local user support so users can use -u with --desig-revoke. This bypasses the interactive walk over the revocation keys.
2005-11-19 06:55:45 +01:00
int gen_desig_revoke( const char *uname, STRLIST locusr);
See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner Koch
2000-07-14 19:34:53 +02:00
int revocation_reason_build_cb( PKT_signature *sig, void *opaque );
struct revocation_reason_info *
ask_revocation_reason( int key_rev, int cert_rev, int hint );
void release_revocation_reason_info( struct revocation_reason_info *reason );
Sylvester Version
1997-12-31 13:32:54 +01:00
removed g10maint.c
1998-03-05 10:22:13 +01:00
/*-- keylist.c --*/
See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner Koch
2000-07-14 19:34:53 +02:00
void public_key_list( STRLIST list );
void secret_key_list( STRLIST list );
* main.h, keylist.c (print_subpackets_colon): Make a public function. * keyedit.c (print_and_check_one_sig_colon): New. Print a with-colons version of the sig record. (menu_delsig): Call it here for a with-colons delsig.
2004-09-13 14:31:25 +02:00
void print_subpackets_colon(PKT_signature *sig);
* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list), pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode. This is basically identical to --pgp7 in all ways except that signing subkeys, v4 data sigs (including expiration), and SK comments are allowed. * getkey.c (finish_lookup): Comment. * main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder user ID display in the --edit-key menu to match that of the --list-keys display. * g10.c (add_notation_data): Fix initialization.
2002-12-04 00:31:48 +01:00
void reorder_keyblock (KBNODE keyblock);
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
* main.h, keylist.c (print_revokers): New. Print the "rvk" designated revoker record. Moved from keyedit.c:show_key_with_all_names_colon. * keylist.c (list_keyblock_colon): Use it here ... * keyedit.c (show_key_with_all_names_colon): ... and here.
2005-11-20 16:02:03 +01:00
void print_revokers(PKT_public_key *pk);
* mainproc.c (check_sig_and_print), main.h, keylist.c (show_policy, show_notation): Collapse the old print_notation_data into show_policy() and show_notation() so there is only one function to print notations and policy URLs. * options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig), keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust), sign.c (mk_notation_and_policy): New "list-options" and "verify-options" commands. These replace the existing --show-photos/--no-show-photos, --show-notation/--no-show-notation, --show-policy-url/--no-show-policy-url, and --show-keyring options. The new method is more flexible since a user can specify (for example) showing photos during sig verification, but not in key listings. The old options are emulated.
2003-06-01 01:23:19 +02:00
void show_policy_url(PKT_signature *sig,int indent,int mode);
* options.skel: Use new hkp://subkeys.pgp.net as sample keyserver since they at least handle subkeys correctly. * options.h, g10.c (main), main.h, keylist.c (show_keyserver_url), mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt, can_handle_critical): Add read-only support for preferred keyserver subpackets. They're basically policy URLs with a different name. Add a verify-option "show-preferred-keyserver" to turn them on and off (on by default, as per stable branch). * g10.c (main): Add "--set-notation" as alias to "--notation-data" this is to make things consistent with --set-policy-url meaning both sigs and certs.
2003-06-05 04:06:12 +02:00
void show_keyserver_url(PKT_signature *sig,int indent,int mode);
* main.h, keylist.c (show_notation): Add argument to show only user notations, only standard notations, or both. Change all callers. * keyserver.c (keyserver_spawn): We still need EXEC_TEMPFILE_ONLY.
2004-04-29 05:42:54 +02:00
void show_notation(PKT_signature *sig,int indent,int mode,int which);
* trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename is_disabled to cache_disabled_value, which now takes a pk and not just the keyid. This is for speed since there is no need to re-fetch a key when we already have that key handy. Cache the result of the check so we don't need to hit the trustdb more than once. * getkey.c (skip_disabled): New function to get a pk and call is_disabled on it. (key_byname): Use it here. * packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New "pk_is_disabled" macro to retrieve the cached disabled value if available, and fill it in via cache_disabled_value if not available. * trustdb.c (get_validity): Cache the disabled value since we have it handy and it might be useful later. * parse-packet.c (parse_key): Clear disabled flag when parsing a new key. Just in case someone forgets to clear the whole key. * getkey.c (merge_selfsigs_main): Add an "if all else fails" path for setting a single user ID primary when there are multiple set primaries all at the same second, or no primaries set and the most recent user IDs are at the same second, or no signed user IDs at all. This is arbitrary, but deterministic. * exec.h, photoid.h: Add copyright message. * keylist.c (list_keyblock_print): Don't dump attribs for revoked/expired/etc uids for non-colon key listings. This is for consistency with --show-photos. * main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump attribs if --attrib-fd is set when verifying signatures. * g10.c (main): New --gnupg option to disable the various --openpgp, --pgpX, etc. options. This is the same as --no-XXXX for those options. * revoke.c (ask_revocation_reason): Clear old reason if user elects to repeat question. This is bug 153. * keyedit.c (sign_uids): Show keyid of the key making the signature.
2003-05-21 18:42:22 +02:00
void dump_attribs(const PKT_user_id *uid,
PKT_public_key *pk,PKT_secret_key *sk);
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
void set_attrib_fd(int fd);
2002-10-18 Timo Schulz <ts@winpt.org> * keylist.c: (print_pubkey_info): New. (print_seckey_info): New. * main.h: Prototypes for the new functions. * delkey.c (do_delete_key): Use it here. * revoke.c (gen_desig_revoke): Ditto.
2002-10-18 17:41:33 +02:00
void print_seckey_info (PKT_secret_key *sk);
* cardglue.c (learn_status_cb): Release values before assignment so that it can be used by getattr to update the structure. (agent_scd_getattr): New. * keylist.c (print_pubkey_info): Add FP arg for optional printing to a stream. Changed all callers.
2003-10-02 12:20:12 +02:00
void print_pubkey_info (FILE *fp, PKT_public_key *pk);
* gpgv.c (tty_fprintf): New stub. * card-util.c (card_status): Create asecret key stub on the fly and print more information about a card key. * import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New. * getkey.c (get_seckeyblock_byfprint): New. * keylist.c (print_card_key_info): New.
2005-01-20 18:21:40 +01:00
void print_card_key_info (FILE *fp, KBNODE keyblock);
partial DSA support
1998-03-09 22:44:06 +01:00
/*-- verify.c --*/
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
void print_file_status( int status, const char *name, int what );
partial DSA support
1998-03-09 22:44:06 +01:00
int verify_signatures( int nfiles, char **files );
See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner Koch
2000-07-14 19:34:53 +02:00
int verify_files( int nfiles, char **files );
partial DSA support
1998-03-09 22:44:06 +01:00
/*-- decrypt.c --*/
int decrypt_message( const char *filename );
* getkey.c: Set MAX_PK_CACHE_ENTRIES and MAX_UID_CACHE_ENTRIES to PK_UID_CACHE_SIZE (set in ./configure). * getkey.c (get_pubkey): When reading key data into the cache, properly handle keys that are partially (pk, no UIDs) cached already. This is Debian bug #176425 and #229549. * compress.c (init_compress, push_compress_filter2): Do the right thing (i.e. nothing) with compress algo 0. * main.h, decrypt.c (decrypt_messages): Accept filenames to decrypt on stdin. This is bug #253.
2004-01-28 02:04:30 +01:00
void decrypt_messages(int nfiles, char *files[]);
partial DSA support
1998-03-09 22:44:06 +01:00
/*-- plaintext.c --*/
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
int hash_datafiles( MD_HANDLE md, MD_HANDLE md2,
See ChangeLog: Wed May 19 16:04:30 CEST 1999 Werner Koch
1999-05-19 16:12:26 +02:00
STRLIST files, const char *sigfilename, int textmode );
* gpg.c (print_mds), armor.c (armor_filter, parse_hash_header): Add SHA-224. * sign.c (write_plaintext_packet), encode.c (encode_simple): Factor common literal packet setup code from here, to... * main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure the literal packet filename field is UTF-8 encoded. * options.h, gpg.c (main): Make sure --set-filename is UTF-8 encoded and note when filenames are already UTF-8.
2006-04-20 04:36:05 +02:00
PKT_plaintext *setup_plaintext_name(const char *filename,IOBUF iobuf);
removed g10maint.c
1998-03-05 10:22:13 +01:00
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
/*-- pipemode.c --*/
void run_in_pipemode (void);
some cleanups
1998-03-19 16:27:29 +01:00
/*-- signal.c --*/
void init_signals(void);
bug fix release
1998-08-11 19:29:34 +02:00
void pause_on_sigusr( int which );
ready to release 0.4.3
1998-11-08 18:23:14 +01:00
void block_all_signals(void);
void unblock_all_signals(void);
some cleanups
1998-03-19 16:27:29 +01:00
(ccid_transceive): Arghhh. The seqno is another bit in the R-block than in the I block, this was wrong at one place. Fixes bug #419 and hopefully several others.
2005-05-20 22:37:08 +02:00
* cardglue.c (pin_cb): Detect whether an admin or regular PIN is requested. (genkey_status_cb): New. (agent_scd_genkey): Implemented. * keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare parameters for on card key generation. Changed all callers. (do_generate_keypair): Add new arg card and merged casrd specific changes from 1.9. (proc_parameter_file): New arg card, apss it down to do_generate_keypair and changed all callers. (gen_card_key): New. * g10.c: Include cardclue.h. (main): s/app_set_default_reader_port/card_set_reader_port/. * cardglue.c (card_set_reader_port): New to address include file issues.
2003-10-08 17:21:20 +02:00
#ifdef ENABLE_CARD_SUPPORT
/*-- card-util.c --*/
* main.h, g10.c (main), card-util.c (change_pin): If "admin" has not been issued, skip right to the CHV1/CHV2 PIN change. No need to show the unblock or admin PIN change option. (card_edit): Add "admin" command to add admin commands to the menu. Do not allow admin commands until "admin" is given. * app-openpgp.c (verify_chv3): Show a countdown of how many wrong admin PINs can be entered before the card is locked. * options.h, g10.c (main), app-openpgp.c (verify_chv3): Remove --allow-admin.
2004-09-25 15:04:55 +02:00
void change_pin (int no, int allow_admin);
* passphrase.c (ask_passphrase): Add optional promptid arg. Changed all callers. * cardglue.c (pin_cb): Use it here, so the machine interface can tell whether the Admin PIN is requested. * cardglue.c (agent_scd_checkpin): New. * misc.c (openpgp_pk_algo_usage): Added AUTH usage. * app-openpgp.c (check_against_given_fingerprint): New. Factored out that code elsewhere. (do_check_pin): New. * card-util.c (card_edit): New command "passwd". Add logic to check the PIN in advance. (card_status): Add new args to return the serial number. Changed all callers.
2003-10-21 20:22:21 +02:00
void card_status (FILE *fp, char *serialno, size_t serialnobuflen);
* cardglue.c (pin_cb): Detect whether an admin or regular PIN is requested. (genkey_status_cb): New. (agent_scd_genkey): Implemented. * keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare parameters for on card key generation. Changed all callers. (do_generate_keypair): Add new arg card and merged casrd specific changes from 1.9. (proc_parameter_file): New arg card, apss it down to do_generate_keypair and changed all callers. (gen_card_key): New. * g10.c: Include cardclue.h. (main): s/app_set_default_reader_port/card_set_reader_port/. * cardglue.c (card_set_reader_port): New to address include file issues.
2003-10-08 17:21:20 +02:00
void card_edit (STRLIST commands);
* gpg.sgml: Document -K. * g10.c: Make -K an alias for --list-secret-keys. * keylist.c (print_card_serialno): New. Taken from gnupg 1.9.11. (list_keyblock_print): Make use of it. * keyedit.c (show_key_with_all_names): Print the card S/N. * keyedit.c (keyedit_menu): New command ADDCARDKEY. * card-util.c (card_generate_subkey): New. * keygen.c (generate_card_subkeypair): New. (gen_card_key): New arg IS_PRIMARY; changed all callers. * cardglue.c (open_card): Use shutdown code if possible. (check_card_serialno): Ditto.
2004-09-20 20:38:39 +02:00
int card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock);
* gpg.sgml: Document "addcardkey" and "keytocard". * apdu.c (open_pcsc_reader): Do not print empty reader string. * keygen.c (ask_algo): Allow creation of AUTH keys. * keyid.c (usagestr_from_pk): New. * app-openpgp.c (app_openpgp_storekey): Call flush_cache. * keyedit.c (keyedit_menu): New command "keytocard" (keyedit_menu): Bad hack for the not_with_sk element. (show_key_with_all_names): Print the usage. (find_pk_from_sknode): New. * card-util.c (card_store_subkey): New. (copy_mpi): New. * cardglue.c (agent_openpgp_storekey): New.
2004-09-23 15:32:31 +02:00
int card_store_subkey (KBNODE node, int use);
* cardglue.c (pin_cb): Detect whether an admin or regular PIN is requested. (genkey_status_cb): New. (agent_scd_genkey): Implemented. * keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare parameters for on card key generation. Changed all callers. (do_generate_keypair): Add new arg card and merged casrd specific changes from 1.9. (proc_parameter_file): New arg card, apss it down to do_generate_keypair and changed all callers. (gen_card_key): New. * g10.c: Include cardclue.h. (main): s/app_set_default_reader_port/card_set_reader_port/. * cardglue.c (card_set_reader_port): New to address include file issues.
2003-10-08 17:21:20 +02:00
#endif
* parse-packet.c (parse_symkeyenc): Show the unpacked as well as the packed s2k iteration count. * main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c (hash_passphrase): Add --s2k-count option to specify the number of s2k hash iterations.
2006-10-13 05:44:34 +02:00
#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
Update head to match stable 1.0
2002-06-29 15:46:34 +02:00
#endif /*G10_MAIN_H*/
Copy Permalink