2002-10-19 07:55:27 +00:00
|
|
|
-*- outline -*-
|
1998-10-18 15:21:22 +00:00
|
|
|
|
2005-04-18 10:44:46 +00:00
|
|
|
* IMPORTANT
|
|
|
|
Check that openpty and pty.h are available and build symcryptrun only
|
|
|
|
then. Run shred on the temporary files.
|
|
|
|
|
2004-06-28 07:42:33 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* src/base64
|
|
|
|
** Make parsing more robust
|
|
|
|
Currently we don't cope with overlong lines in the best way.
|
2000-10-11 17:26:49 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* sm/call-agent.c
|
|
|
|
** The protocol uses an incomplete S-expression
|
|
|
|
We should always use valid S-Exp and not just parts.
|
|
|
|
** Some code should go into import.c
|
|
|
|
** When we allow concurrent service request in gpgsm, we
|
|
|
|
might want to have an agent context for each service request
|
|
|
|
(i.e. Assuan context).
|
1999-12-08 21:03:03 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* sm/certreqgen.c
|
|
|
|
** Improve error reporting
|
|
|
|
** Do some basic checks on the supplied DNs
|
1999-12-08 21:03:03 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* sm/certchain.c
|
|
|
|
** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent.
|
|
|
|
** figure out how to auto retrieve a key by serialno+issuer.
|
|
|
|
Dirmngr is currently not able to parse more than the CN.
|
1999-12-08 21:03:03 +00:00
|
|
|
|
2004-08-18 14:37:22 +00:00
|
|
|
* sm/certlist.c
|
|
|
|
** ocspSigning usage is not fully implemented
|
|
|
|
We should review the entire CRL and OCSP validation system.
|
2004-11-23 17:09:51 +00:00
|
|
|
Okay. This has been fixed in dirmngr when running it in system
|
|
|
|
daemon mode.
|
2004-08-18 14:37:22 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* sm/decrypt.c
|
|
|
|
** replace leading zero in integer hack by a cleaner solution
|
1999-12-08 21:03:03 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* sm/gpgsm.c
|
2004-01-16 17:39:58 +00:00
|
|
|
** Support --output for all commands
|
2002-10-19 07:55:27 +00:00
|
|
|
** mark all unimplemented commands and options.
|
2003-12-23 10:23:16 +00:00
|
|
|
** Print a hint when MD2 is the cause for a problem.
|
2004-01-16 17:39:58 +00:00
|
|
|
** Implement --default-key
|
2004-02-25 08:58:46 +00:00
|
|
|
** Using --export-secret-key-p12 with a non-pth agent
|
|
|
|
This leads to a lockup because gpgsm is still accessing the agent
|
|
|
|
while gpg-protect-tool wants to pop up the pinentry. Solution is
|
|
|
|
to release the connection. This is not trivial, thus we are going
|
|
|
|
to do that while changing gpgsm to allow concurrent operations.
|
2004-08-17 15:26:22 +00:00
|
|
|
** support the anyPolicy semantic
|
|
|
|
** Check that we are really following the verification procedures in rfc3280.
|
1999-09-15 15:58:40 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* sm/keydb.c
|
|
|
|
** Check file permissions
|
|
|
|
** Check that all error code mapping is done.
|
|
|
|
** Remove the inter-module dependencies between gpgsm and keybox
|
2003-06-03 19:55:50 +00:00
|
|
|
** Add an source_of_key field
|
2002-06-29 14:15:02 +00:00
|
|
|
|
2004-01-28 16:22:25 +00:00
|
|
|
* agent/gpg-agent.c
|
|
|
|
** A SIGHUP should also restart the scdaemon
|
2004-08-17 15:26:22 +00:00
|
|
|
But do this only after all connections terminated. As of now we
|
|
|
|
only send a RESET.
|
2005-02-22 18:08:28 +00:00
|
|
|
** Watch the child process if not invoked as a daemon
|
|
|
|
and terminate after the child has terminated
|
2004-01-28 16:22:25 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* agent/command.c
|
|
|
|
** Make sure that secure memory is used where appropriate
|
2002-06-29 14:15:02 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* agent/pkdecrypt.c, agent/pksign.c
|
|
|
|
** Don't use stdio to return results.
|
2004-08-17 15:26:22 +00:00
|
|
|
** Support DSA
|
1999-08-31 15:30:12 +00:00
|
|
|
|
2004-01-29 20:16:59 +00:00
|
|
|
* agent/divert-scd.c
|
|
|
|
Remove the agent_reset_scd kludge.
|
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* Move pkcs-1 encoding into libgcrypt.
|
1999-09-02 14:50:38 +00:00
|
|
|
|
2005-01-13 18:00:46 +00:00
|
|
|
* Use a MAC to protect sensitive files.
|
|
|
|
The problem here is that we need yet another key and it is unlikely
|
|
|
|
that users are willing to remember that key too. It is possible to
|
|
|
|
do this with a smartcard, though.
|
1999-09-02 14:50:38 +00:00
|
|
|
|
2002-10-19 07:55:27 +00:00
|
|
|
* sm/export.c
|
|
|
|
** Return an error code or a status info per user ID.
|
1999-09-02 14:50:38 +00:00
|
|
|
|
2003-12-23 10:23:16 +00:00
|
|
|
* tests
|
|
|
|
** Makefile.am
|
|
|
|
We use printf(1) to setup the library path, this is not portable.
|
|
|
|
Furthermore LD_LIBRARY_PATH is not used on all systems. It doesn't
|
|
|
|
matter for now, because we use some GNU/*BSDish features anyway.
|
|
|
|
|
2004-02-20 13:46:21 +00:00
|
|
|
** Add a test to check the extkeyusage.
|
|
|
|
|
2004-07-22 09:37:36 +00:00
|
|
|
* doc/
|
|
|
|
** Explain how to setup a root CA key as trusted
|
|
|
|
** Explain how trustlist.txt might be managed.
|
2004-09-29 13:50:31 +00:00
|
|
|
** Write a script to generate man pages from texi.
|
2004-08-05 09:24:36 +00:00
|
|
|
|
|
|
|
* Requirements by the BSI
|
|
|
|
** Support authorityKeyIdentifier.keyIdentifier
|
|
|
|
This needs support in libksba/src/cert.c as well as in sm/*.c.
|
|
|
|
Need test certs as well. Same goes for CRL authorityKeyIdentifier.
|
|
|
|
|
2004-12-20 16:17:25 +00:00
|
|
|
|
|
|
|
* Windows port
|
|
|
|
** gpgsm's LISTKEYS does not yet work
|
|
|
|
Fix is to change everything to libestream
|
|
|
|
** Signals are not support
|
|
|
|
This means we can't reread a configuration
|
2004-12-21 10:03:00 +00:00
|
|
|
** No card status notifications.
|
|
|
|
|
2004-12-20 16:17:25 +00:00
|
|
|
|
2005-03-03 10:15:07 +00:00
|
|
|
* [scdaemon] release the card after use so that gpg 1.4 is abale to access it
|
|
|
|
|