See ChangeLog: Wed Jan 5 11:51:17 CET 2000 Werner Koch

THANKS

@@ -39,6 +39,7 @@ Hendrik Buschkamp	   buschkamp@rheumanet.org
 Holger Schurig		   holger@d.om.org
 Hugh Daniel		   hugh@toad.com
 Ian McKellar		   imckellar@harvestroad.com.au
+Jan Krueger		   max@physics.otago.ac.nz
 Janusz A. Urbanowicz	   alex@bofh.torun.pl
 James Troup		   james@nocrew.org
 Jean-loup Gailly	   gzip@prep.ai.mit.edu

doc/ChangeLog

@@ -1,3 +1,7 @@
+Wed Jan  5 11:51:17 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* FAQ: Enhanced answer for the 3des-s2k bug.
+
 Sat Dec  4 12:30:28 CET 1999  Werner Koch  <wk@gnupg.de>
 
 	* gpg.sgml: Add section about the user ID

doc/DETAILS

@@ -190,6 +190,14 @@ more arguments in future versions.
 	Marks the end of a file processing which has been started
 	by FILE_START.
 
+    BEGIN_DECRYPTION
+    END_DECRYPTION
+	Mark the start and end of the actual decryption process.  These
+	are also emmited when in --list-only mode.
+
+    BEGIN_ENCRYPTION
+    END_ENCRYPTION
+	Mark the start and end of the actual encryption process.
 
 
 Key generation

doc/FAQ

@@ -350,12 +350,12 @@
      hash algorithm to use.
 
   Q: How can a get list of key IDs used to encrypt a message?
-  A: gpg --batch --decrypt --status-fd 1 2>/dev/null \
+  A: gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null \
 	      | awk '/^\[GNUPG:\] ENC_TO / { print $3 }'
 
 
   Q: PGP 5.x, 6.x does not like my secret key.
-  A: PGP probaly bails out on some private comment packets used by GnuPG.
+  A: PGP probably bails out on some private comment packets used by GnuPG.
      These packets are fully in compliance with OpenPGP; however PGP is not
      really OpenPGP aware.  A workaround is to eport the secret keys with
      this command:
@@ -364,10 +364,11 @@
 
   Q: I can't decrypt my symmetrical only (-c) encrypted message with
      a new version of GnuPG.
-  A: There used to be a bug in GnuPG < 1.0.1 which happens only if 3DES
-     was used for symmetric only encryption (this has never been the default).
+  A: There used to be a bug in GnuPG < 1.0.1 which happens only if 3DES or
+     Twofish has been used for symmetric only encryption (this has never been
+     the default).
      The bug has been fixed but to enable you to decrypt old messages, you
      should run gpg with the option "--emulate-3des-s2k-bug", decrypt the
      message and encrypt it again without this option.	The option will
-     be removed in 1.1, so better re/encrypt your message now.
+     be removed in 1.1, so better re-encrypt your message now.
 

doc/gpg.sgml

@@ -1104,7 +1104,8 @@ Reset all packet, cipher and digest options to OpenPGP
 behavior. Use this option to reset all previous
 options like --rfc1991, --force-v3-sigs, --s2k-*,
 --cipher-algo, --digest-algo and --compress-algo to
-OpenPGP compliant values.
+OpenPGP compliant values.  All PGP workarounds are also
+disabled.
 </para></listitem></varlistentry>
 
 
@@ -1232,6 +1233,15 @@ can get a faster listing.  The excact behaviour of this option may change
 in future versions.
 </para></listitem></varlistentry>
 
+<varlistentry>
+<term>--list-only</term>
+<listitem><para>
+Changes the behaviour of some commands.  This is like --dry-run but
+different in some cases.  The semantic of this command may be extended in
+the future.  Currently it does only skip the actual decryption pass and
+therefore enables a fast listing of the encryption keys.
+</para></listitem></varlistentry>
+
 <varlistentry>
 <term>--no-literal</term>
 <listitem><para>

g10/ChangeLog

@@ -1,3 +1,21 @@
+Wed Jan  5 11:51:17 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* g10.c (main): Reset new global flag opt.pgp2_workarounds
+	when --openpgp is used.
+	* mainproc.c (proc_plaintext): Do the PGP2,5 workarounds only
+	when the global falg is set.
+	(proc_tree): Ditto.
+	* textfilter.c (copy_clearsig_text): Ditto.
+	* armor.c (armor_filter): Ditto.
+
+	* g10.c: New option --list-only
+	* mainproc.c (proc_tree): Don't do it if opt.list_only is active.
+	(proc_pubkey_enc): Implement option.
+
+	* status.h, status.c ({BEGIN,END}_{EN,DE}CRYPTION): New.
+	* cipher.c (cipher_filter): New status outputs.
+	* mainproc.c (proc_encrypted): New status outputs.
+
 Fri Dec 31 14:08:15 CET 1999  Werner Koch  <wk@gnupg.de>
 
 	* armor.c (armor_filter): Made the "Comment:" header translatable.

g10/armor.c

@@ -837,7 +837,8 @@ armor_filter( void *opaque, int control,
 		hashes &= 1|2|4|8;
 		if( !hashes ) {
 		    hashes |= 4;  /* default to MD 5 */
-		    afx->pgp2mode = 1;
+		    if( opt.pgp2_workarounds )
+			afx->pgp2mode = 1;
 		}
 		n=0;
 		do {

g10/cipher.c

@@ -33,6 +33,7 @@
 #include "packet.h"
 #include "options.h"
 #include "main.h"
+#include "status.h"
 
 
 #define MIN_PARTIAL_SIZE 512
@@ -54,7 +55,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
     if( use_mdc ) {
 	ed.mdc_method = DIGEST_ALGO_SHA1;
 	cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 );
-	md_start_debug( cfx->mdc_hash, "mdccreat" );
+	/*md_start_debug( cfx->mdc_hash, "mdccreat" );*/
     }
     init_packet( &pkt );
     pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
@@ -101,6 +102,7 @@ cipher_filter( void *opaque, int control,
     else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */
 	assert(a);
 	if( !cfx->header ) {
+	    write_status( STATUS_BEGIN_ENCRYPTION );
 	    write_header( cfx, a );
 	}
 	if( cfx->mdc_hash )
@@ -121,6 +123,7 @@ cipher_filter( void *opaque, int control,
 	    md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL;
 	}
 	cipher_close(cfx->cipher_hd);
+	write_status( STATUS_END_ENCRYPTION );
     }
     else if( control == IOBUFCTRL_DESC ) {
 	*(char**)buf = "cipher_filter";

g10/g10.c

@@ -180,6 +180,7 @@ enum cmd_and_opt_values { aNull = 0,
     oSetFilesize,
     oHonorHttpProxy,
     oFastListMode,
+    oListOnly,
     oEmu3DESS2KBug,  /* will be removed in 1.1 */
 aTest };
 
@@ -350,6 +351,7 @@ static ARGPARSE_OPTS opts[] = {
     { oSetFilesize, "set-filesize", 20, "@" },
     { oHonorHttpProxy,"honor-http-proxy", 0, "@" },
     { oFastListMode,"fast-list-mode", 0, "@" },
+    { oListOnly, "list-only", 0, "@"},
     { oEmu3DESS2KBug,  "emulate-3des-s2k-bug", 0, "@"},
 {0} };
 
@@ -592,6 +594,7 @@ main( int argc, char **argv )
     opt.completes_needed = 1;
     opt.marginals_needed = 3;
     opt.max_cert_depth = 5;
+    opt.pgp2_workarounds = 1;
   #ifdef __MINGW32__
     opt.homedir = read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" );
   #else
@@ -700,7 +703,9 @@ main( int argc, char **argv )
 
 	  case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
 	  case aSym: set_cmd( &cmd, aSym); break;
+
 	  case aDecrypt: set_cmd( &cmd, aDecrypt); break;
+
 	  case aEncr: set_cmd( &cmd, aEncr); break;
 	  case aSign: set_cmd( &cmd, aSign );  break;
 	  case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break;
@@ -804,6 +809,7 @@ main( int argc, char **argv )
 	    break;
 	  case oOpenPGP:
 	    opt.rfc1991 = 0;
+	    opt.pgp2_workarounds = 0;
 	    opt.escape_from = 0;
 	    opt.force_v3_sigs = 0;
 	    opt.compress_keys = 0;	    /* not mandated  but we do it */
@@ -880,6 +886,7 @@ main( int argc, char **argv )
 	  case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
 	  case oHonorHttpProxy: opt.honor_http_proxy = 1; break;
 	  case oFastListMode: opt.fast_list_mode = 1; break;
+	  case oListOnly: opt.list_only=1; break;
 
 	  default : pargs.err = configfp? 1:2; break;
 	}

g10/mainproc.c

@@ -225,10 +225,14 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
 	|| is_RSA(enc->pubkey_algo)  ) {
 	if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
 			  || !seckey_available( enc->keyid )) ) {
-	    c->dek = m_alloc_secure( sizeof *c->dek );
-	    if( (result = get_session_key( enc, c->dek )) ) {
-		/* error: delete the DEK */
-		m_free(c->dek); c->dek = NULL;
+	    if( opt.list_only )
+		result = -1;
+	    else {
+		c->dek = m_alloc_secure( sizeof *c->dek );
+		if( (result = get_session_key( enc, c->dek )) ) {
+		    /* error: delete the DEK */
+		    m_free(c->dek); c->dek = NULL;
+		}
 	    }
 	}
 	else
@@ -312,10 +316,14 @@ proc_encrypted( CTX c, PACKET *pkt )
 
     print_failed_pkenc( c->failed_pkenc );
 
+    write_status( STATUS_BEGIN_DECRYPTION );
+
     /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
-    if( !c->dek && !c->last_was_session_key ) {
+    if( opt.list_only )
+	result = -1;
+    else if( !c->dek && !c->last_was_session_key ) {
 	/* assume this is old conventional encrypted data
-	 * Actually we should use IDEA and MD5 in this case, but becuase
+	 * Actually we should use IDEA and MD5 in this case, but because
 	 * IDEA is patented we can't do so */
 	c->dek = passphrase_to_dek( NULL, 0,
 		    opt.def_cipher_algo ? opt.def_cipher_algo
@@ -347,6 +355,7 @@ proc_encrypted( CTX c, PACKET *pkt )
     }
     free_packet(pkt);
     c->last_was_session_key = 0;
+    write_status( STATUS_END_DECRYPTION );
 }
 
 
@@ -406,7 +415,7 @@ proc_plaintext( CTX c, PACKET *pkt )
 	md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
 	md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
     }
-    if( only_md5 && !opt.skip_verify ) {
+    if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
 	/* This is a kludge to work around a bug in pgp2.  It does only
 	 * catch those mails which are armored.  To catch the non-armored
 	 * pgp mails we could see whether there is the signature packet
@@ -1142,7 +1151,7 @@ proc_tree( CTX c, KBNODE node )
     KBNODE n1;
     int rc;
 
-    if( opt.list_packets )
+    if( opt.list_packets || opt.list_only )
 	return;
 
     c->local_id = 0;
@@ -1194,8 +1203,10 @@ proc_tree( CTX c, KBNODE node )
 	    /* detached signature */
 	    free_md_filter_context( &c->mfx );
 	    c->mfx.md = md_open(sig->digest_algo, 0);
-	    if( sig->digest_algo == DIGEST_ALGO_MD5
-		&& is_RSA( sig->pubkey_algo ) ) {
+	    if( !opt.pgp2_workarounds )
+		;
+	    else if( sig->digest_algo == DIGEST_ALGO_MD5
+		     && is_RSA( sig->pubkey_algo ) ) {
 		/* enable a workaround for a pgp2 bug */
 		c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0 );
 	    }

g10/options.h

@@ -33,6 +33,7 @@ struct {
     int compress;
     char *outfile;
     int dry_run;
+    int list_only;
     int textmode;
     int batch;	    /* run in batch mode */
     int answer_yes; /* answer yes on most questions */
@@ -63,6 +64,7 @@ struct {
     int compress_sigs;
     int always_trust;
     int rfc1991;
+    int pgp2_workarounds;
     unsigned emulate_bugs; /* bug emulation flags EMUBUG_xxxx */
     int shm_coprocess;
     const char *set_filename;

g10/status.c

@@ -120,6 +120,10 @@ write_status_text ( int no, const char *text)
       case STATUS_FILE_START	 : s = "FILE_START\n"; break;
       case STATUS_FILE_DONE	 : s = "FILE_DONE\n"; break;
       case STATUS_FILE_ERROR	 : s = "FILE_ERROR\n"; break;
+      case STATUS_BEGIN_DECRYPTION:s = "BEGIN_DECRYPTION\n"; break;
+      case STATUS_END_DECRYPTION : s = "END_DECRYPTION\n"; break;
+      case STATUS_BEGIN_ENCRYPTION:s = "BEGIN_ENCRYPTION\n"; break;
+      case STATUS_END_ENCRYPTION : s = "END_ENCRYPTION\n"; break;
       default: s = "?\n"; break;
     }
 

g10/status.h

@@ -69,6 +69,11 @@
 #define STATUS_FILE_DONE	39
 #define STATUS_FILE_ERROR	40
 
+#define STATUS_BEGIN_DECRYPTION 41
+#define STATUS_END_DECRYPTION	42
+#define STATUS_BEGIN_ENCRYPTION 43
+#define STATUS_END_ENCRYPTION	44
+
 
 /*-- status.c --*/
 void set_status_fd ( int fd );

g10/textfilter.c

@@ -31,6 +31,7 @@
 #include "util.h"
 #include "filter.h"
 #include "i18n.h"
+#include "options.h"
 
 #ifdef HAVE_DOSISH_SYSTEM
   #define LF "\r\n"
@@ -156,6 +157,9 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
     int truncated = 0;
     int pending_lf = 0;
 
+    if( !opt.pgp2_workarounds )
+	pgp2mode = 0;
+
     if( !escape_dash )
 	escape_from = 0;