mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Preparing for a release candidate
This commit is contained in:
parent
00310b1aa8
commit
1e1b57a294
@ -9,6 +9,7 @@ for ciph in `all_cipher_algos`; do
|
||||
# *BSD's dd can't cope with a count of 0
|
||||
if test "$i" = "0"; then
|
||||
: >z
|
||||
my_chtag z
|
||||
else
|
||||
dd if=data-80000 of=z bs=1 count=$i 2>/dev/null
|
||||
fi
|
||||
|
@ -112,6 +112,17 @@ echo_n () {
|
||||
# cleanup_files="$cleanup_files $*"
|
||||
#}
|
||||
|
||||
|
||||
# Special function for zOS.
|
||||
my_chtag () {
|
||||
#FIXME: Is there an envvar to test for the OS or do we
|
||||
# need to resort to a configure test
|
||||
#if test "$FOO" = "bar"; then
|
||||
# chtag -tc ISO8859-1 $1
|
||||
#fi
|
||||
:
|
||||
}
|
||||
|
||||
have_pubkey_algo () {
|
||||
if ../g10/gpg --homedir . --version | grep "Pubkey:.*$1" >/dev/null
|
||||
then
|
||||
|
@ -1,3 +1,7 @@
|
||||
2009-08-13 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpgv.texi, gpg.texi: Udpate from GnuPG-2.
|
||||
|
||||
2008-04-30 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* gpg-zip.1: Add man page thanks to Colin Tuckley and Daniel
|
||||
|
274
doc/gpg.texi
274
doc/gpg.texi
@ -1,5 +1,5 @@
|
||||
@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
||||
@c 2007 Free Software Foundation, Inc.
|
||||
@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
|
||||
@c 2008, 2009 Free Software Foundation, Inc.
|
||||
@c This is part of the GnuPG manual.
|
||||
@c For copying conditions, see the file gnupg.texi.
|
||||
|
||||
@ -149,7 +149,7 @@ cannot abbreviate this command.
|
||||
@itemx -h
|
||||
@opindex help
|
||||
Print a usage message summarizing the most useful command line options.
|
||||
Not that you cannot abbreviate this command.
|
||||
Note that you cannot abbreviate this command.
|
||||
|
||||
@item --warranty
|
||||
@opindex warranty
|
||||
@ -175,18 +175,23 @@ abbreviate this command.
|
||||
@itemx -s
|
||||
@opindex sign
|
||||
Make a signature. This command may be combined with @option{--encrypt}
|
||||
(for a signed and encrypted message), @option{--symmetric} (for a signed
|
||||
and symmetrically encrypted message), or @option{--encrypt} and
|
||||
(for a signed and encrypted message), @option{--symmetric} (for a
|
||||
signed and symmetrically encrypted message), or @option{--encrypt} and
|
||||
@option{--symmetric} together (for a signed message that may be
|
||||
decrypted via a secret key or a passphrase).
|
||||
decrypted via a secret key or a passphrase). The key to be used for
|
||||
signing is chosen by default or can be set with the
|
||||
@option{--local-user} and @option{--default-key} options.
|
||||
|
||||
@item --clearsign
|
||||
@opindex clearsign
|
||||
Make a clear text signature. The content in a clear text signature is
|
||||
readable without any special software. OpenPGP software is only
|
||||
needed to verify the signature. Clear text signatures may modify
|
||||
end-of-line whitespace for platform independence and are not intended
|
||||
to be reversible.
|
||||
Make a clear text signature. The content in a clear text signature is
|
||||
readable without any special software. OpenPGP software is only needed
|
||||
to verify the signature. Clear text signatures may modify end-of-line
|
||||
whitespace for platform independence and are not intended to be
|
||||
reversible. The key to be used for signing is chosen by default or
|
||||
can be set with the @option{--local-user} and @option{--default-key}
|
||||
options.
|
||||
|
||||
|
||||
@item --detach-sign
|
||||
@itemx -b
|
||||
@ -221,8 +226,8 @@ Store only (make a simple RFC1991 literal data packet).
|
||||
@item --decrypt
|
||||
@itemx -d
|
||||
@opindex decrypt
|
||||
Decrypt the file given on the command line (or @code{stdin} if no file
|
||||
is specified) and write it to stdout (or the file specified with
|
||||
Decrypt the file given on the command line (or STDIN if no file
|
||||
is specified) and write it to STDOUT (or the file specified with
|
||||
@option{--output}). If the decrypted file is signed, the signature is also
|
||||
verified. This command differs from the default operation, as it never
|
||||
writes to the filename which is included in the file and it rejects
|
||||
@ -232,19 +237,19 @@ files which don't begin with an encrypted message.
|
||||
@opindex verify
|
||||
Assume that the first argument is a signed file or a detached signature
|
||||
and verify it without generating any output. With no arguments, the
|
||||
signature packet is read from stdin. If only a sigfile is given, it may
|
||||
signature packet is read from STDIN. If only a sigfile is given, it may
|
||||
be a complete signature or a detached signature, in which case the
|
||||
signed stuff is expected in a file without the ".sig" or ".asc"
|
||||
extension. With more than 1 argument, the first should be a detached
|
||||
signature and the remaining files are the signed stuff. To read the
|
||||
signed stuff from stdin, use @samp{-} as the second filename. For
|
||||
signed stuff from STDIN, use @samp{-} as the second filename. For
|
||||
security reasons a detached signature cannot read the signed material
|
||||
from stdin without denoting it in the above way.
|
||||
from STDIN without denoting it in the above way.
|
||||
|
||||
@item --multifile
|
||||
@opindex multifile
|
||||
This modifies certain other commands to accept multiple files for
|
||||
processing on the command line or read from stdin with each filename on
|
||||
processing on the command line or read from STDIN with each filename on
|
||||
a separate line. This allows for many files to be processed at
|
||||
once. @option{--multifile} may currently be used along with
|
||||
@option{--verify}, @option{--encrypt}, and @option{--decrypt}. Note that
|
||||
@ -291,6 +296,10 @@ secret key is not usable (for example, if it was created via
|
||||
@item --list-sigs
|
||||
@opindex list-sigs
|
||||
Same as @option{--list-keys}, but the signatures are listed too.
|
||||
@ifclear gpgone
|
||||
This command has the same effect as
|
||||
using @option{--list-keys} with @option{--with-sig-list}.
|
||||
@end ifclear
|
||||
|
||||
For each signature listed, there are several flags in between the "sig"
|
||||
tag and keyid. These flags give additional information about each
|
||||
@ -307,15 +316,31 @@ command "tsign").
|
||||
|
||||
@item --check-sigs
|
||||
@opindex check-sigs
|
||||
Same as @option{--list-sigs}, but the signatures are verified.
|
||||
Same as @option{--list-sigs}, but the signatures are verified. Note
|
||||
that for performance reasons the revocation status of a signing key is
|
||||
not shown.
|
||||
@ifclear gpgone
|
||||
This command has the same effect as
|
||||
using @option{--list-keys} with @option{--with-sig-check}.
|
||||
@end ifclear
|
||||
|
||||
The status of the verification is indicated by a flag directly following
|
||||
the "sig" tag (and thus before the flags described above for
|
||||
@option{--list-sigs}). A "!" indicates that the signature has been
|
||||
successfully verified, a "-" denotes a bad signature and a "%" is used
|
||||
if an error occured while checking the signature (e.g. a non supported
|
||||
if an error occurred while checking the signature (e.g. a non supported
|
||||
algorithm).
|
||||
|
||||
@ifclear gpgone
|
||||
@item --locate-keys
|
||||
@opindex locate-keys
|
||||
Locate the keys given as arguments. This command basically uses the
|
||||
same algorithm as used when locating keys for encryption or signing and
|
||||
may thus be used to see what keys @command{@gpgname} might use. In
|
||||
particular external methods as defined by @option{--auto-key-locate} may
|
||||
be used to locate a key. Only public keys are listed.
|
||||
@end ifclear
|
||||
|
||||
|
||||
@item --fingerprint
|
||||
@opindex fingerprint
|
||||
@ -369,7 +394,7 @@ removed first. In batch mode the key must be specified by fingerprint.
|
||||
@opindex export
|
||||
Either export all keys from all keyrings (default keyrings and those
|
||||
registered via option @option{--keyring}), or if at least one name is given,
|
||||
those of the given name. The new keyring is written to stdout or to the
|
||||
those of the given name. The new keyring is written to STDOUT or to the
|
||||
file given with option @option{--output}. Use together with
|
||||
@option{--armor} to mail those keys.
|
||||
|
||||
@ -379,7 +404,7 @@ Similar to @option{--export} but sends the keys to a keyserver.
|
||||
Fingerprints may be used instead of key IDs. Option @option{--keyserver}
|
||||
must be used to give the name of this keyserver. Don't send your
|
||||
complete keyring to a keyserver --- select only those keys which are new
|
||||
or changed by you.
|
||||
or changed by you. If no key IDs are given, @command{gpg} does nothing.
|
||||
|
||||
@item --export-secret-keys
|
||||
@itemx --export-secret-subkeys
|
||||
@ -400,7 +425,7 @@ Import/merge keys. This adds the given keys to the
|
||||
keyring. The fast version is currently just a synonym.
|
||||
|
||||
There are a few other options which control how this command works.
|
||||
Most notable here is the @option{--keyserver-options merge-only} option
|
||||
Most notable here is the @option{--import-options merge-only} option
|
||||
which does not insert new keys but does only the merging of new
|
||||
signatures, user-IDs and subkeys.
|
||||
|
||||
@ -460,16 +485,34 @@ For use with cron jobs, this command can be used together with
|
||||
a check is needed. To force a run even in batch mode add the option
|
||||
@option{--yes}.
|
||||
|
||||
@anchor{option --export-ownertrust}
|
||||
@item --export-ownertrust
|
||||
@opindex export-ownertrust
|
||||
Send the ownertrust values to stdout. This is useful for backup purposes
|
||||
Send the ownertrust values to STDOUT. This is useful for backup purposes
|
||||
as these values are the only ones which can't be re-created from a
|
||||
corrupted trust DB.
|
||||
corrupted trustdb. Example:
|
||||
@c man:.RS
|
||||
@example
|
||||
@gpgname{} --export-ownertrust > otrust.txt
|
||||
@end example
|
||||
@c man:.RE
|
||||
|
||||
|
||||
@item --import-ownertrust
|
||||
@opindex import-ownertrust
|
||||
Update the trustdb with the ownertrust values stored in @code{files} (or
|
||||
stdin if not given); existing values will be overwritten.
|
||||
STDIN if not given); existing values will be overwritten. In case of a
|
||||
severely damaged trustdb and if you have a recent backup of the
|
||||
ownertrust values (e.g. in the file @file{otrust.txt}, you may re-create
|
||||
the trustdb using these commands:
|
||||
@c man:.RS
|
||||
@example
|
||||
cd ~/.gnupg
|
||||
rm trustdb.gpg
|
||||
@gpgname{} --import-ownertrust < otrust.txt
|
||||
@end example
|
||||
@c man:.RE
|
||||
|
||||
|
||||
@item --rebuild-keydb-caches
|
||||
@opindex rebuild-keydb-caches
|
||||
@ -480,7 +523,7 @@ situations too.
|
||||
@item --print-md @code{algo}
|
||||
@itemx --print-mds
|
||||
@opindex print-md
|
||||
Print message digest of algorithm ALGO for all given files or stdin.
|
||||
Print message digest of algorithm ALGO for all given files or STDIN.
|
||||
With the second form (or a deprecated "*" as algo) digests for all
|
||||
available algorithms are printed.
|
||||
|
||||
@ -729,13 +772,24 @@ preferred keyserver and signature notations (if any) are shown.
|
||||
Set the list of user ID preferences to @code{string} for all (or just
|
||||
the selected) user IDs. Calling setpref with no arguments sets the
|
||||
preference list to the default (either built-in or set via
|
||||
@option{--default-preference-list}), and calling setpref with "none" as
|
||||
the argument sets an empty preference list. Use @command{@gpgname
|
||||
@option{--default-preference-list}), and calling setpref with "none"
|
||||
as the argument sets an empty preference list. Use @command{@gpgname
|
||||
--version} to get a list of available algorithms. Note that while you
|
||||
can change the preferences on an attribute user ID (aka "photo ID"),
|
||||
GnuPG does not select keys via attribute user IDs so these preferences
|
||||
will not be used by GnuPG.
|
||||
|
||||
When setting preferences, you should list the algorithms in the order
|
||||
which you'd like to see them used by someone else when encrypting a
|
||||
message to your key. If you don't include 3DES, it will be
|
||||
automatically added at the end. Note that there are many factors that
|
||||
go into choosing an algorithm (for example, your key may not be the
|
||||
only recipient), and so the remote OpenPGP application being used to
|
||||
send to you may or may not follow your exact chosen order for a given
|
||||
message. It will, however, only choose an algorithm that is present
|
||||
on the preference list of every recipient key. See also the
|
||||
INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below.
|
||||
|
||||
@item keyserver
|
||||
@opindex keyedit:keyserver
|
||||
Set a preferred keyserver for the specified user ID(s). This allows
|
||||
@ -921,7 +975,12 @@ Try to be as quiet as possible.
|
||||
@opindex batch
|
||||
@opindex no-batch
|
||||
Use batch mode. Never ask, do not allow interactive commands.
|
||||
@option{--no-batch} disables this option.
|
||||
@option{--no-batch} disables this option. Note that even with a
|
||||
filename given on the command line, gpg might still need to read from
|
||||
STDIN (in particular if gpg figures that the input is a
|
||||
detached signature and no data file has been specified). Thus if you
|
||||
do not want to feed data via STDIN, you should connect STDIN to
|
||||
@file{/dev/null}.
|
||||
|
||||
@item --no-tty
|
||||
@opindex no-tty
|
||||
@ -1052,10 +1111,10 @@ validation. This option is only meaningful if pka-lookups is set.
|
||||
|
||||
@item --enable-dsa2
|
||||
@itemx --disable-dsa2
|
||||
Enables new-style DSA keys which (unlike the old style) may be larger
|
||||
than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note
|
||||
that very few programs currently support these keys and signatures
|
||||
from them.
|
||||
Enable hash truncation for all DSA keys even for old DSA Keys up to
|
||||
1024 bit. This is also the default with @option{--openpgp}. Note
|
||||
that older versions of GnuPG also required this flag to allow the
|
||||
generation of DSA larger than 1024 bit.
|
||||
|
||||
@item --photo-viewer @code{string}
|
||||
This is the command line that should be run to view a photo ID. "%i"
|
||||
@ -1068,7 +1127,7 @@ and "%%" for an actual percent sign. If neither %i or %I are present,
|
||||
then the photo will be supplied to the viewer on standard input.
|
||||
|
||||
The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
|
||||
stdin". Note that if your image viewer program is not secure, then
|
||||
STDIN". Note that if your image viewer program is not secure, then
|
||||
executing it from GnuPG does not make it secure.
|
||||
|
||||
@item --exec-path @code{string}
|
||||
@ -1305,29 +1364,42 @@ exists.
|
||||
GnuPG can automatically locate and retrieve keys as needed using this
|
||||
option. This happens when encrypting to an email address (in the
|
||||
"user@@example.com" form), and there are no user@@example.com keys on
|
||||
the local keyring. This option takes any number of the following
|
||||
arguments, in the order they are to be tried:
|
||||
the local keyring. This option takes any number of the following
|
||||
mechanisms, in the order they are to be tried:
|
||||
|
||||
@table @asis
|
||||
|
||||
@item cert
|
||||
locate a key using DNS CERT, as specified in 2538bis (currently in
|
||||
draft): http://www.josefsson.org/rfc2538bis/
|
||||
Locate a key using DNS CERT, as specified in rfc4398.
|
||||
|
||||
@item pka
|
||||
locate a key using DNS PKA.
|
||||
Locate a key using DNS PKA.
|
||||
|
||||
@item ldap
|
||||
locate a key using the PGP Universal method of checking
|
||||
"ldap://keys.(thedomain)".
|
||||
Using DNS Service Discovery, check the domain in question for any LDAP
|
||||
keyservers to use. If this fails, attempt to locate the key using the
|
||||
PGP Universal method of checking @samp{ldap://keys.(thedomain)}.
|
||||
|
||||
@item keyserver
|
||||
locate a key using whatever keyserver is defined using the
|
||||
Locate a key using whatever keyserver is defined using the
|
||||
@option{--keyserver} option.
|
||||
|
||||
@item (keyserver URL)
|
||||
In addition, a keyserver URL as used in the @option{--keyserver} option may be
|
||||
used here to query that particular keyserver.
|
||||
@item keyserver-URL
|
||||
In addition, a keyserver URL as used in the @option{--keyserver} option
|
||||
may be used here to query that particular keyserver.
|
||||
|
||||
@item local
|
||||
Locate the key using the local keyrings. This mechanism allows to
|
||||
select the order a local key lookup is done. Thus using
|
||||
@samp{--auto-key-locate local} is identical to
|
||||
@option{--no-auto-key-locate}.
|
||||
|
||||
@item nodefault
|
||||
This flag disables the standard local key lookup, done before any of the
|
||||
mechanisms defined by the @option{--auto-key-locate} are tried. The
|
||||
position of this mechanism in the list does not matter. It is not
|
||||
required if @code{local} is also used.
|
||||
|
||||
@end table
|
||||
|
||||
@item --keyid-format @code{short|0xshort|long|0xlong}
|
||||
@ -1352,7 +1424,7 @@ from below, but apply only to this particular keyserver.
|
||||
|
||||
Most keyservers synchronize with each other, so there is generally no
|
||||
need to send keys to more than one server. The keyserver
|
||||
@code{hkp://subkeys.pgp.net} uses round robin DNS to give a different
|
||||
@code{hkp://keys.gnupg.net} uses round robin DNS to give a different
|
||||
keyserver each time you use it.
|
||||
|
||||
@item --keyserver-options @code{name=value1 }
|
||||
@ -1437,6 +1509,12 @@ Set the proxy to use for HTTP and HKP keyservers. This overrides the
|
||||
@item max-cert-size
|
||||
When retrieving a key via DNS CERT, only accept keys up to this size.
|
||||
Defaults to 16384 bytes.
|
||||
|
||||
@item debug
|
||||
Turn on debug output in the keyserver helper program. Note that the
|
||||
details of debug output depends on which keyserver helper program is
|
||||
being used, and in turn, on any libraries that the keyserver helper
|
||||
program uses internally (libcurl, openldap, etc).
|
||||
@end table
|
||||
|
||||
@item --completes-needed @code{n}
|
||||
@ -1809,6 +1887,10 @@ source distribution.
|
||||
@opindex fixed-list-mode
|
||||
Do not merge primary user ID and primary key in @option{--with-colon}
|
||||
listing mode and print all timestamps as seconds since 1970-01-01.
|
||||
@ifclear gpgone
|
||||
Since GnuPG 2.0.10, this mode is always used and thus this option is
|
||||
obsolete; it does not harm to use it though.
|
||||
@end ifclear
|
||||
|
||||
@item --with-fingerprint
|
||||
@opindex with-fingerprint
|
||||
@ -1886,7 +1968,7 @@ Set the list of personal digest preferences to @code{string}. Use
|
||||
and use @code{none} to set no preference at all. This allows the user
|
||||
to factor in their own preferred algorithms when algorithms are chosen
|
||||
via recipient key preferences. The most highly ranked digest
|
||||
algorithm in this list is algo used when signing without encryption
|
||||
algorithm in this list is also used when signing without encryption
|
||||
(e.g. @option{--clearsign} or @option{--sign}). The default value is
|
||||
SHA-1.
|
||||
|
||||
@ -1896,7 +1978,7 @@ Use @command{@gpgname --version} to get a list of available
|
||||
algorithms, and use @code{none} to set no preference at all. This
|
||||
allows the user to factor in their own preferred algorithms when
|
||||
algorithms are chosen via recipient key preferences. The most highly
|
||||
ranked compression algorithm in this list is algo used when there are
|
||||
ranked compression algorithm in this list is also used when there are
|
||||
no recipient keys to consider (e.g. @option{--symmetric}).
|
||||
|
||||
@item --s2k-cipher-algo @code{name}
|
||||
@ -1980,9 +2062,9 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
|
||||
available, but the MIT release is a good common baseline.
|
||||
|
||||
This option implies @option{--rfc1991 --disable-mdc
|
||||
--no-force-v4-certs --no-sk-comment --escape-from-lines
|
||||
--force-v3-sigs --cipher-algo IDEA --digest-algo MD5 --compress-algo
|
||||
ZIP}. It also disables @option{--textmode} when encrypting.
|
||||
--no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
|
||||
IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
|
||||
@option{--textmode} when encrypting.
|
||||
|
||||
@item --pgp6
|
||||
@opindex pgp6
|
||||
@ -1993,8 +2075,8 @@ compression algorithms none and ZIP. This also disables
|
||||
--throw-keyids, and making signatures with signing subkeys as PGP 6
|
||||
does not understand signatures made by signing subkeys.
|
||||
|
||||
This option implies @option{--disable-mdc --no-sk-comment
|
||||
--escape-from-lines --force-v3-sigs}.
|
||||
This option implies @option{--disable-mdc --escape-from-lines
|
||||
--force-v3-sigs}.
|
||||
|
||||
@item --pgp7
|
||||
@opindex pgp7
|
||||
@ -2066,11 +2148,13 @@ Same as @option{--status-fd}, except the status data is written to file
|
||||
@code{file}.
|
||||
|
||||
@item --logger-fd @code{n}
|
||||
Write log output to file descriptor @code{n} and not to stderr.
|
||||
Write log output to file descriptor @code{n} and not to STDERR.
|
||||
|
||||
@item --logger-file @code{file}
|
||||
@item --log-file @code{file}
|
||||
@itemx --logger-file @code{file}
|
||||
Same as @option{--logger-fd}, except the logger data is written to file
|
||||
@code{file}.
|
||||
@code{file}. Note that @option{--log-file} is only implemented for
|
||||
GnuPG-2.
|
||||
|
||||
@item --attribute-fd @code{n}
|
||||
Write attribute subpackets to the file descriptor @code{n}. This is most
|
||||
@ -2152,10 +2236,10 @@ file being encrypted.
|
||||
|
||||
@item --for-your-eyes-only
|
||||
@itemx --no-for-your-eyes-only
|
||||
Set the `for your eyes only' flag in the message. This causes GnuPG
|
||||
to refuse to save the file unless the @option{--output} option is given, and
|
||||
PGP to use the "secure viewer" with a Tempest-resistant font to
|
||||
display the message. This option overrides @option{--set-filename}.
|
||||
Set the `for your eyes only' flag in the message. This causes GnuPG to
|
||||
refuse to save the file unless the @option{--output} option is given,
|
||||
and PGP to use a "secure viewer" with a claimed Tempest-resistant font
|
||||
to display the message. This option overrides @option{--set-filename}.
|
||||
@option{--no-for-your-eyes-only} disables this option.
|
||||
|
||||
@item --use-embedded-filename
|
||||
@ -2221,12 +2305,15 @@ will still get disabled.
|
||||
|
||||
@item --throw-keyids
|
||||
@itemx --no-throw-keyids
|
||||
Do not put the recipient key IDs into encrypted messages. This helps
|
||||
to hide the receivers of the message and is a limited countermeasure
|
||||
against traffic analysis. On the receiving side, it may slow down the
|
||||
decryption process because all available secret keys must be tried.
|
||||
@option{--no-throw-keyids} disables this option. This option is essentially
|
||||
the same as using @option{--hidden-recipient} for all recipients.
|
||||
Do not put the recipient key IDs into encrypted messages. This helps to
|
||||
hide the receivers of the message and is a limited countermeasure
|
||||
against traffic analysis.@footnote{Using a little social engineering
|
||||
anyone who is able to decrypt the message can check whether one of the
|
||||
other recipients is the one he suspects.} On the receiving side, it may
|
||||
slow down the decryption process because all available secret keys must
|
||||
be tried. @option{--no-throw-keyids} disables this option. This option
|
||||
is essentially the same as using @option{--hidden-recipient} for all
|
||||
recipients.
|
||||
|
||||
@item --not-dash-escaped
|
||||
This option changes the behavior of cleartext signatures
|
||||
@ -2253,7 +2340,7 @@ passphrase. Defaults to 1 repetition.
|
||||
@item --passphrase-fd @code{n}
|
||||
Read the passphrase from file descriptor @code{n}. Only the first line
|
||||
will be read from file descriptor @code{n}. If you use 0 for @code{n},
|
||||
the passphrase will be read from stdin. This can only be used if only
|
||||
the passphrase will be read from STDIN. This can only be used if only
|
||||
one passphrase is supplied.
|
||||
@ifclear gpgone
|
||||
Note that this passphrase is only used if the option @option{--batch}
|
||||
@ -2415,11 +2502,15 @@ This is an obsolete option and is not used anywhere.
|
||||
|
||||
@item --allow-multiple-messages
|
||||
@item --no-allow-multiple-messages
|
||||
Allow processing of multiple OpenPGP messages contained in a single
|
||||
file or stream. Some programs that call GPG are not prepared to deal
|
||||
with multiple messages being processed together, so this option
|
||||
defaults to no. Note that versions of GPG prior to 1.4.7 always
|
||||
allowed multiple messages.
|
||||
Allow processing of multiple OpenPGP messages contained in a single file
|
||||
or stream. Some programs that call GPG are not prepared to deal with
|
||||
multiple messages being processed together, so this option defaults to
|
||||
no. Note that versions of GPG prior to 1.4.7 always allowed multiple
|
||||
messages.
|
||||
|
||||
Warning: Do not use this option unless you need it as a temporary
|
||||
workaround!
|
||||
|
||||
|
||||
@item --enable-special-filenames
|
||||
This options enables a mode in which filenames of the form
|
||||
@ -2542,12 +2633,12 @@ current home directory (@pxref{option --homedir}).
|
||||
@table @file
|
||||
|
||||
@item gpg.conf
|
||||
@cindex gpgsm.conf
|
||||
@cindex gpg.conf
|
||||
This is the standard configuration file read by @command{@gpgname} on
|
||||
startup. It may contain any valid long option; the leading two dashes
|
||||
may not be entered and the option may not be abbreviated. This default
|
||||
name may be changed on the command line (@pxref{option
|
||||
--options}).
|
||||
name may be changed on the command line (@pxref{option --options}).
|
||||
You should backup this file.
|
||||
|
||||
@end table
|
||||
|
||||
@ -2567,31 +2658,32 @@ files; They all live in in the current home directory (@pxref{option
|
||||
|
||||
@table @file
|
||||
@item ~/.gnupg/secring.gpg
|
||||
The secret keyring.
|
||||
The secret keyring. You should backup this file.
|
||||
|
||||
@item ~/.gnupg/secring.gpg.lock
|
||||
and the lock file
|
||||
The lock file for the secret keyring.
|
||||
|
||||
@item ~/.gnupg/pubring.gpg
|
||||
The public keyring
|
||||
The public keyring. You should backup this file.
|
||||
|
||||
@item ~/.gnupg/pubring.gpg.lock
|
||||
and the lock file
|
||||
The lock file for the public keyring.
|
||||
|
||||
@item ~/.gnupg/trustdb.gpg
|
||||
The trust database
|
||||
The trust database. There is no need to backup this file; it is better
|
||||
to backup the ownertrust values (@pxref{option --export-ownertrust}).
|
||||
|
||||
@item ~/.gnupg/trustdb.gpg.lock
|
||||
and the lock file
|
||||
The lock file for the trust database.
|
||||
|
||||
@item ~/.gnupg/random_seed
|
||||
used to preserve the internal random pool
|
||||
A file used to preserve the state of the internal random pool.
|
||||
|
||||
@item /usr[/local]/share/gnupg/options.skel
|
||||
Skeleton options file
|
||||
The skeleton options file.
|
||||
|
||||
@item /usr[/local]/lib/gnupg/
|
||||
Default location for extensions
|
||||
Default location for extensions.
|
||||
|
||||
@end table
|
||||
|
||||
@ -2619,7 +2711,7 @@ value. The option @option{--gpg-agent-info} can be used to override it.
|
||||
|
||||
@item PINENTRY_USER_DATA
|
||||
This value is passed via gpg-agent to pinentry. It is useful to convey
|
||||
extra information to a custom pinentry
|
||||
extra information to a custom pinentry.
|
||||
|
||||
@item COLUMNS
|
||||
@itemx LINES
|
||||
@ -2628,12 +2720,13 @@ Used to size some displays to the full size of the screen.
|
||||
|
||||
@item LANGUAGE
|
||||
Apart from its use by GNU, it is used in the W32 version to override the
|
||||
language selection done through the Registry. If used and set to a a
|
||||
language selection done through the Registry. If used and set to a
|
||||
valid and available language name (@var{langid}), the file with the
|
||||
translation is loaded from
|
||||
@code{@var{gpgdir}/gnupg.nls/@var{langid}.mo}. Here @var{gpgdir} is the
|
||||
directory out of which the gpg binary has been laoded. If it can't be
|
||||
loaded the Registry is tried as a fallback.
|
||||
directory out of which the gpg binary has been loaded. If it can't be
|
||||
loaded the Registry is tried and as last resort the native Windows
|
||||
locale system is used.
|
||||
|
||||
@end table
|
||||
|
||||
@ -2658,6 +2751,9 @@ make a clear text signature
|
||||
@item gpg -sb @code{file}
|
||||
make a detached signature
|
||||
|
||||
@item gpg -u 0x12345678 -sb @code{file}
|
||||
make a detached signature with the key 0x12345678
|
||||
|
||||
@item gpg --list-keys @code{user_ID}
|
||||
show keys
|
||||
|
||||
@ -2706,7 +2802,7 @@ is *very* easy to spy out your passphrase!
|
||||
|
||||
If you are going to verify detached signatures, make sure that the
|
||||
program knows about it; either give both filenames on the command line
|
||||
or use @samp{-} to specify stdin.
|
||||
or use @samp{-} to specify STDIN.
|
||||
|
||||
@mansect interoperability
|
||||
@chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
|
||||
|
@ -123,13 +123,14 @@ one signature was bad, and other error codes for fatal errors.
|
||||
@table @asis
|
||||
|
||||
@item @gpgvname @code{pgpfile}
|
||||
@itemx @gpgvname @code{sigfile}
|
||||
Verify the signature of the file. The second form
|
||||
is used for detached signatures, where @code{sigfile} is the detached
|
||||
signature (either ASCII-armored or binary) and are the signed
|
||||
data; if this is not given the name of the file holding the signed data is
|
||||
constructed by cutting off the extension (".asc", ".sig" or ".sign") from
|
||||
@code{sigfile}.
|
||||
@itemx @gpgvname @code{sigfile} [@code{datafile}]
|
||||
Verify the signature of the file. The second form is used for detached
|
||||
signatures, where @code{sigfile} is the detached signature (either
|
||||
ASCII-armored or binary) and @code{datafile} contains the signed data;
|
||||
if @code{datafile} is "-" the signed data is expected on
|
||||
@code{stdin}; if @code{datafile} is not given the name of the file
|
||||
holding the signed data is constructed by cutting off the extension
|
||||
(".asc", ".sig" or ".sign") from @code{sigfile}.
|
||||
|
||||
@end table
|
||||
|
||||
|
@ -1,3 +1,19 @@
|
||||
2009-08-13 Werner Koch <wk@g10code.com>
|
||||
|
||||
* cardglue.h: Add new error code mappings.
|
||||
|
||||
From GnuPG-2:
|
||||
* app-openpgp.c (change_keyattr_from_string): New.
|
||||
(do_setattr): Support KEY-ATTR.
|
||||
* ccid-driver.c (print_pr_data): Fix 64 bit compat problem.
|
||||
* ccid-driver.c (parse_ccid_descriptor): Enable hack for SCR 3320.
|
||||
* card-util.c (generate_card_keys): Remove special case for
|
||||
GnuPG-2. Ask for the keysize and change it.
|
||||
(card_generate_subkey): Ask for the keysize and change it.
|
||||
(get_info_for_key_operation): Read KEY-ATTR.
|
||||
(show_keysize_warning, ask_card_keysize): New.
|
||||
(do_change_keysize): New.
|
||||
|
||||
2009-08-11 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keyserver.c (keyserver_spawn): Try and detect mis-coded Latin1
|
||||
|
@ -214,6 +214,11 @@ static gpg_error_t do_auth (app_t app, const char *keyidstr,
|
||||
const void *indata, size_t indatalen,
|
||||
unsigned char **outdata, size_t *outdatalen);
|
||||
static void parse_algorithm_attribute (app_t app, int keyno);
|
||||
static gpg_error_t change_keyattr_from_string
|
||||
(app_t app,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *value, size_t valuelen);
|
||||
|
||||
|
||||
|
||||
@ -1793,6 +1798,7 @@ do_setattr (app_t app, const char *name,
|
||||
{ "CERT-3", 0x7F21, 3, 0, 1 },
|
||||
{ "SM-KEY-ENC", 0x00D1, 3, 0, 1 },
|
||||
{ "SM-KEY-MAC", 0x00D2, 3, 0, 1 },
|
||||
{ "KEY-ATTR", 0, 0, 3, 1 },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
int exmode;
|
||||
@ -1804,6 +1810,9 @@ do_setattr (app_t app, const char *name,
|
||||
if (table[idx].need_v2 && !app->app_local->extcap.is_v2)
|
||||
return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported. */
|
||||
|
||||
if (table[idx].special == 3)
|
||||
return change_keyattr_from_string (app, pincb, pincb_arg, value, valuelen);
|
||||
|
||||
switch (table[idx].need_chv)
|
||||
{
|
||||
case 2:
|
||||
@ -2404,6 +2413,45 @@ change_keyattr (app_t app, int keyno, unsigned int nbits,
|
||||
}
|
||||
|
||||
|
||||
/* Helper to process an setattr command for name KEY-ATTR. It expects
|
||||
a string "--force <keyno> <algo> <nbits>" in (VALUE,VALUELEN). */
|
||||
static gpg_error_t
|
||||
change_keyattr_from_string (app_t app,
|
||||
gpg_error_t (*pincb)(void*, const char *, char **),
|
||||
void *pincb_arg,
|
||||
const void *value, size_t valuelen)
|
||||
{
|
||||
gpg_error_t err;
|
||||
char *string;
|
||||
int keyno, algo;
|
||||
unsigned int nbits;
|
||||
|
||||
/* VALUE is expected to be a string but not guaranteed to be
|
||||
terminated. Thus copy it to an allocated buffer first. */
|
||||
string = xtrymalloc (valuelen+1);
|
||||
if (!string)
|
||||
return gpg_error_from_syserror ();
|
||||
memcpy (string, value, valuelen);
|
||||
string[valuelen] = 0;
|
||||
|
||||
/* Because this function deletes the key we require the string
|
||||
"--force" in the data to make clear that something serious might
|
||||
happen. */
|
||||
if (sscanf (string, " --force %d %d %u", &keyno, &algo, &nbits) != 3)
|
||||
err = gpg_error (GPG_ERR_INV_DATA);
|
||||
else if (keyno < 1 || keyno > 3)
|
||||
err = gpg_error (GPG_ERR_INV_ID);
|
||||
else if (algo != 1)
|
||||
err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Not RSA. */
|
||||
else if (nbits < 1024)
|
||||
err = gpg_error (GPG_ERR_TOO_SHORT);
|
||||
else
|
||||
err = change_keyattr (app, keyno-1, nbits, pincb, pincb_arg);
|
||||
|
||||
xfree (string);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
/* Handle the WRITEKEY command for OpenPGP. This function expects a
|
||||
canonical encoded S-expression with the secret key in KEYDATA and
|
||||
|
184
g10/card-util.c
184
g10/card-util.c
@ -23,6 +23,10 @@
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <assert.h>
|
||||
#ifdef HAVE_LIBREADLINE
|
||||
# define GNUPG_LIBREADLINE_H_INCLUDED
|
||||
# include <readline/readline.h>
|
||||
#endif /*HAVE_LIBREADLINE*/
|
||||
|
||||
#if GNUPG_MAJOR_VERSION != 1
|
||||
# include "gpg.h"
|
||||
@ -34,12 +38,8 @@
|
||||
#include "options.h"
|
||||
#include "main.h"
|
||||
#include "keyserver-internal.h"
|
||||
|
||||
#if GNUPG_MAJOR_VERSION == 1
|
||||
# ifdef HAVE_LIBREADLINE
|
||||
# define GNUPG_LIBREADLINE_H_INCLUDED
|
||||
# include <stdio.h>
|
||||
# include <readline/readline.h>
|
||||
# endif /*HAVE_LIBREADLINE*/
|
||||
# include "cardglue.h"
|
||||
#else /*GNUPG_MAJOR_VERSION!=1*/
|
||||
# include "call-agent.h"
|
||||
@ -1158,6 +1158,8 @@ get_info_for_key_operation (struct agent_card_info_s *info)
|
||||
rc = agent_scd_getattr ("DISP-NAME", info);
|
||||
if (!rc)
|
||||
rc = agent_scd_getattr ("EXTCAP", info);
|
||||
if (!rc)
|
||||
rc = agent_scd_getattr ("KEY-ATTR", info);
|
||||
if (rc)
|
||||
log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
|
||||
return rc;
|
||||
@ -1253,34 +1255,114 @@ replace_existing_key_p (struct agent_card_info_s *info, int keyno)
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
show_keysize_warning (void)
|
||||
{
|
||||
static int shown;
|
||||
|
||||
if (shown)
|
||||
return;
|
||||
shown = 1;
|
||||
tty_printf
|
||||
(_("NOTE: There is no guarantee that the card "
|
||||
"supports the requested size.\n"
|
||||
" If the key generation does not succeed, "
|
||||
"please check the\n"
|
||||
" documentation of your card to see what "
|
||||
"sizes are allowed.\n"));
|
||||
}
|
||||
|
||||
|
||||
/* Ask for the size of a card key. NBITS is the current size
|
||||
configured for the card. KEYNO is the number of the key used to
|
||||
select the prompt. Returns 0 to use the default size (i.e. NBITS)
|
||||
or the selected size. */
|
||||
static unsigned int
|
||||
ask_card_keysize (int keyno, unsigned int nbits)
|
||||
{
|
||||
unsigned int min_nbits = 1024;
|
||||
unsigned int max_nbits = 3072; /* GnuPG limit due to Assuan. */
|
||||
char *prompt, *answer;
|
||||
unsigned int req_nbits;
|
||||
|
||||
for (;;)
|
||||
{
|
||||
prompt = xasprintf
|
||||
(keyno == 0?
|
||||
_("What keysize do you want for the Signature key? (%u) "):
|
||||
keyno == 1?
|
||||
_("What keysize do you want for the Encryption key? (%u) "):
|
||||
_("What keysize do you want for the Authentication key? (%u) "),
|
||||
nbits);
|
||||
answer = cpr_get ("cardedit.genkeys.size", prompt);
|
||||
cpr_kill_prompt ();
|
||||
req_nbits = *answer? atoi (answer): nbits;
|
||||
xfree (prompt);
|
||||
xfree (answer);
|
||||
|
||||
if (req_nbits != nbits && (req_nbits % 32) )
|
||||
{
|
||||
req_nbits = ((req_nbits + 31) / 32) * 32;
|
||||
tty_printf (_("rounded up to %u bits\n"), req_nbits);
|
||||
}
|
||||
|
||||
if (req_nbits == nbits)
|
||||
return 0; /* Use default. */
|
||||
|
||||
if (req_nbits < min_nbits || req_nbits > max_nbits)
|
||||
{
|
||||
tty_printf (_("%s keysizes must be in the range %u-%u\n"),
|
||||
"RSA", min_nbits, max_nbits);
|
||||
}
|
||||
else
|
||||
{
|
||||
tty_printf (_("The card will now be re-configured "
|
||||
"to generate a key of %u bits\n"), req_nbits);
|
||||
show_keysize_warning ();
|
||||
return req_nbits;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Change the size of key KEYNO (0..2) to NBITS and show an error
|
||||
message if that fails. */
|
||||
static gpg_error_t
|
||||
do_change_keysize (int keyno, unsigned int nbits)
|
||||
{
|
||||
gpg_error_t err;
|
||||
char args[100];
|
||||
|
||||
snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits);
|
||||
err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
|
||||
if (err)
|
||||
log_error (_("error changing size of key %d to %u bits: %s\n"),
|
||||
keyno+1, nbits, gpg_strerror (err));
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
generate_card_keys (void)
|
||||
{
|
||||
struct agent_card_info_s info;
|
||||
int forced_chv1;
|
||||
int want_backup;
|
||||
int keyno;
|
||||
|
||||
if (get_info_for_key_operation (&info))
|
||||
return;
|
||||
|
||||
if (info.extcap.ki)
|
||||
{
|
||||
#if GNUPG_MAJOR_VERSION == 1
|
||||
char *answer;
|
||||
|
||||
|
||||
answer = cpr_get ("cardedit.genkeys.backup_enc",
|
||||
_("Make off-card backup of encryption key? (Y/n) "));
|
||||
|
||||
want_backup=answer_is_yes_no_default(answer,1);
|
||||
cpr_kill_prompt();
|
||||
xfree(answer);
|
||||
#else
|
||||
want_backup = cpr_get_answer_is_yes
|
||||
( "cardedit.genkeys.backup_enc",
|
||||
_("Make off-card backup of encryption key? (Y/n) "));
|
||||
/*FIXME: we need answer_is_yes_no_default()*/
|
||||
#endif
|
||||
want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/);
|
||||
cpr_kill_prompt ();
|
||||
xfree (answer);
|
||||
}
|
||||
else
|
||||
want_backup = 0;
|
||||
@ -1290,16 +1372,19 @@ generate_card_keys (void)
|
||||
|| (info.fpr3valid && !fpr_is_zero (info.fpr3)))
|
||||
{
|
||||
tty_printf ("\n");
|
||||
log_info ("NOTE: keys are already stored on the card!\n");
|
||||
log_info (_("NOTE: keys are already stored on the card!\n"));
|
||||
tty_printf ("\n");
|
||||
if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_keys",
|
||||
_("Replace existing keys? (y/N) ")))
|
||||
if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys",
|
||||
_("Replace existing keys? (y/N) ")))
|
||||
{
|
||||
agent_release_card_info (&info);
|
||||
return;
|
||||
}
|
||||
}
|
||||
else if (!info.disp_name || !*info.disp_name)
|
||||
|
||||
/* If no displayed name has been set, we assume that this is a fresh
|
||||
card and print a hint about the default PINs. */
|
||||
if (!info.disp_name || !*info.disp_name)
|
||||
{
|
||||
tty_printf ("\n");
|
||||
tty_printf (_("Please note that the factory settings of the PINs are\n"
|
||||
@ -1311,9 +1396,31 @@ generate_card_keys (void)
|
||||
|
||||
if (check_pin_for_key_operation (&info, &forced_chv1))
|
||||
goto leave;
|
||||
|
||||
generate_keypair (NULL, info.serialno,
|
||||
want_backup? opt.homedir:NULL);
|
||||
|
||||
/* If the cards features changeable key attributes, we ask for the
|
||||
key size. */
|
||||
if (info.is_v2 && info.extcap.aac)
|
||||
{
|
||||
unsigned int nbits;
|
||||
|
||||
for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
|
||||
{
|
||||
nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits);
|
||||
if (nbits && do_change_keysize (keyno, nbits))
|
||||
{
|
||||
/* Error: Better read the default key size again. */
|
||||
agent_release_card_info (&info);
|
||||
if (get_info_for_key_operation (&info))
|
||||
goto leave;
|
||||
/* Ask again for this key size. */
|
||||
keyno--;
|
||||
}
|
||||
}
|
||||
/* Note that INFO has not be synced. However we will only use
|
||||
the serialnumber and thus it won't harm. */
|
||||
}
|
||||
|
||||
generate_keypair (NULL, info.serialno, want_backup? opt.homedir:NULL);
|
||||
|
||||
leave:
|
||||
agent_release_card_info (&info);
|
||||
@ -1365,6 +1472,26 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
|
||||
if (check_pin_for_key_operation (&info, &forced_chv1))
|
||||
goto leave;
|
||||
|
||||
/* If the cards features changeable key attributes, we ask for the
|
||||
key size. */
|
||||
if (info.is_v2 && info.extcap.aac)
|
||||
{
|
||||
unsigned int nbits;
|
||||
|
||||
ask_again:
|
||||
nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
|
||||
if (nbits && do_change_keysize (keyno-1, nbits))
|
||||
{
|
||||
/* Error: Better read the default key size again. */
|
||||
agent_release_card_info (&info);
|
||||
if (get_info_for_key_operation (&info))
|
||||
goto leave;
|
||||
goto ask_again;
|
||||
}
|
||||
/* Note that INFO has not be synced. However we will only use
|
||||
the serialnumber and thus it won't harm. */
|
||||
}
|
||||
|
||||
okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
|
||||
keyno, info.serialno);
|
||||
|
||||
@ -1577,7 +1704,7 @@ static struct
|
||||
};
|
||||
|
||||
|
||||
#if GNUPG_MAJOR_VERSION == 1 && defined (HAVE_LIBREADLINE)
|
||||
#ifdef HAVE_LIBREADLINE
|
||||
|
||||
/* These two functions are used by readline for command completion. */
|
||||
|
||||
@ -1610,6 +1737,7 @@ command_generator(const char *text,int state)
|
||||
static char **
|
||||
card_edit_completion(const char *text, int start, int end)
|
||||
{
|
||||
(void)end;
|
||||
/* If we are at the start of a line, we try and command-complete.
|
||||
If not, just do nothing for now. */
|
||||
|
||||
@ -1620,7 +1748,7 @@ card_edit_completion(const char *text, int start, int end)
|
||||
|
||||
return NULL;
|
||||
}
|
||||
#endif /* GNUPG_MAJOR_VERSION == 1 && HAVE_LIBREADLINE */
|
||||
#endif /*HAVE_LIBREADLINE*/
|
||||
|
||||
/* Menu to edit all user changeable values on an OpenPGP card. Only
|
||||
Key creation is not handled here. */
|
||||
@ -1688,15 +1816,11 @@ card_edit (strlist_t commands)
|
||||
|
||||
if (!have_commands)
|
||||
{
|
||||
#if GNUPG_MAJOR_VERSION == 1
|
||||
tty_enable_completion (card_edit_completion);
|
||||
#endif
|
||||
answer = cpr_get_no_help("cardedit.prompt", _("Command> "));
|
||||
cpr_kill_prompt();
|
||||
#if GNUPG_MAJOR_VERSION == 1
|
||||
tty_disable_completion ();
|
||||
#endif
|
||||
}
|
||||
}
|
||||
trim_spaces(answer);
|
||||
}
|
||||
while ( *answer == '#' );
|
||||
|
@ -134,6 +134,11 @@ typedef struct ctrl_ctx_s *ctrl_t;
|
||||
#define GPG_ERR_ENODEV G10ERR_GENERAL
|
||||
#define GPG_ERR_CANCELED G10ERR_CANCELED
|
||||
|
||||
#define GPG_ERR_INV_DATA G10ERR_GENERAL
|
||||
#define GPG_ERR_PUBKEY_ALGO G10ERR_PUBKEY_ALGO
|
||||
#define GPG_ERR_TOO_SHORT G10ERR_INV_ARG
|
||||
|
||||
|
||||
typedef int gpg_error_t;
|
||||
typedef int gpg_err_code_t;
|
||||
|
||||
|
@ -413,7 +413,7 @@ print_pr_data (const unsigned char *data, size_t datalen, size_t off)
|
||||
{
|
||||
if (any)
|
||||
DEBUGOUT_LF ();
|
||||
DEBUGOUT_1 (" [%04d] ", off);
|
||||
DEBUGOUT_1 (" [%04lu] ", (unsigned long) off);
|
||||
}
|
||||
DEBUGOUT_CONT_1 (" %02X", data[off]);
|
||||
any = 1;
|
||||
@ -944,6 +944,11 @@ parse_ccid_descriptor (ccid_driver_t handle,
|
||||
0x5111 - SCR 331-DI
|
||||
0x5115 - SCR 335
|
||||
0xe003 - SPR 532
|
||||
The
|
||||
0x5117 - SCR 3320 USB ID-000 reader
|
||||
seems to be very slow but enabling this workaround boosts the
|
||||
performance to a a more or less acceptable level (tested by David).
|
||||
|
||||
*/
|
||||
if (handle->id_vendor == VENDOR_SCM
|
||||
&& handle->max_ifsd > 48
|
||||
@ -951,6 +956,7 @@ parse_ccid_descriptor (ccid_driver_t handle,
|
||||
||(handle->id_product == 0x5111 && handle->bcd_device < 0x0620)
|
||||
||(handle->id_product == 0x5115 && handle->bcd_device < 0x0514)
|
||||
||(handle->id_product == 0xe003 && handle->bcd_device < 0x0504)
|
||||
||(handle->id_product == 0x5117 && handle->bcd_device < 0x0522)
|
||||
))
|
||||
{
|
||||
DEBUGOUT ("enabling workaround for buggy SCM readers\n");
|
||||
|
@ -1,3 +1,8 @@
|
||||
2009-07-14 Werner Koch <wk@g10code.com>
|
||||
|
||||
* de.po: s/nicht-exportfähig/unwiderrufbar/. Reported by Simon
|
||||
Richter.
|
||||
|
||||
2009-07-13 Werner Koch <wk@g10code.com>
|
||||
|
||||
* nl.po: Applied a small fix by Jeroen Leeuwestein. Fixes bug#1085.
|
||||
|
1688
po/pt_BR.po
1688
po/pt_BR.po
File diff suppressed because it is too large
Load Diff
1659
po/zh_CN.po
1659
po/zh_CN.po
File diff suppressed because it is too large
Load Diff
2215
po/zh_TW.po
2215
po/zh_TW.po
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user