gnupg/TODO

                                                              -*- outline -*-

* src/base64
** Make parsing more robust
Currently we don't cope with overlong lines in the best way.

* sm/call-agent.c
** The protocol uses an incomplete S-expression
We should always use valid S-Exp and not just parts.
** Some code should go into import.c
** When we allow concurrent service request in gpgsm, we
might want to have an agent context for each service request
(i.e. Assuan context).

* sm/certreqgen.c
** Improve error reporting
** Do some basic checks on the supplied DNs

* sm/certchain.c
** When a certificate chain was sucessfully verified, make ephemeral certs used  in this chain permanent.
** figure out how to auto retrieve a key by serialno+issuer.
   Dirmngr is currently not able to parse more than the CN.
** Try all available root certs in case we have several of them in our keybox.
 For example TC TrustCenter Class 1 CA certs are ambiguous becuase
 user certs don't come with a authorityKeyIdentifier.

* sm/decrypt.c
** replace leading zero in integer hack by a cleaner solution

* sm/sign.c
** Don't hardcode the use of RSA.

* sm/gpgsm.c
** Support --output
** mark all unimplemented commands and options.
** Print a hint when MD2 is the cause for a problem.

* sm/keydb.c
** Check file permissions
** Write a keybox header and check for that magic value.
** Check that all error code mapping is done.
** Remove the inter-module dependencies between gpgsm and keybox
** Add an source_of_key field

* agent/command.c
** Make sure that secure memory is used where appropriate

* agent/pkdecrypt.c, agent/pksign.c
** Don't use stdio to return results.

* agent/protect-tool.c
** Export and import certificates along with the secret key.
** Make it more comfortable; i.e. copy files to the correct place.

* Move pkcs-1 encoding into libgcrypt.

* Use a MAC to protect some files.

* sm/export.c
** Return an error code or a status info per user ID.

* scd/apdu.c
** We need close_reader functionality

* ALL
** Return IMPORT_OK status.

* Where is http.c, regcomp.c, srv.c, w32reg.c  ?

* scd/sc-investigate
** Enhance with card compatibility check

* scd/app-openpgp
  Must check that the fingerprint used is not the one of the
  authentication key.  Old GnuPG versions seem to encode the wrong
  keyID.

* Store the revocation status directly in the Keybox

* tests
** Makefile.am
  We use printf(1) to setup the library path, this is not portable.
  Furthermore LD_LIBRARY_PATH is not used on all systems.  It doesn't
  matter for now, because we use some GNU/*BSDish features anyway.