1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-24 15:17:02 +01:00

About to release 1.4.3

This commit is contained in:
Werner Koch 2006-04-03 10:13:23 +00:00
parent 4afa4eb10e
commit 256f67675f
43 changed files with 10662 additions and 10109 deletions

View File

@ -1,3 +1,7 @@
2006-04-03 Werner Koch <wk@g10code.com>
Released 1.4.3.
2006-03-30 David Shaw <dshaw@jabberwocky.com> 2006-03-30 David Shaw <dshaw@jabberwocky.com>
* README: Some more notes about building fat binaries. * README: Some more notes about building fat binaries.

2
NEWS
View File

@ -1,4 +1,4 @@
Noteworthy changes in version 1.4.3 Noteworthy changes in version 1.4.3 (2006-04-03)
------------------------------------------------ ------------------------------------------------
* If available, cURL-based keyserver helpers are built that can * If available, cURL-based keyserver helpers are built that can

1
THANKS
View File

@ -31,6 +31,7 @@ Christian Kurz shorty@debian.org
Christian von Roques roques@pond.sub.org Christian von Roques roques@pond.sub.org
Christopher Oliver oliver@fritz.traverse.net Christopher Oliver oliver@fritz.traverse.net
Christian Recktenwald chris@citecs.de Christian Recktenwald chris@citecs.de
Daiki Ueno ueno@unixuser.org
Dan Winship danw@helixcode.com Dan Winship danw@helixcode.com
Daniel Eisenbud eisenbud@cs.swarthmore.edu Daniel Eisenbud eisenbud@cs.swarthmore.edu
Daniel Koening dan@chaosdorf.de Daniel Koening dan@chaosdorf.de

View File

@ -26,7 +26,7 @@ min_automake_version="1.9.3"
# Remember to change the version number immediately *after* a release # Remember to change the version number immediately *after* a release
# and remove the "-cvs" or "rc" suffix immediately *before* a release. # and remove the "-cvs" or "rc" suffix immediately *before* a release.
AC_INIT(gnupg, 1.4.3-cvs, bug-gnupg@gnu.org) AC_INIT(gnupg, 1.4.3, bug-gnupg@gnu.org)
# Set development_version to yes if the minor number is odd or you # Set development_version to yes if the minor number is odd or you
# feel that the default check for a development version is not # feel that the default check for a development version is not
# sufficient. # sufficient.

View File

@ -422,6 +422,11 @@ more arguments in future versions.
END_ENCRYPTION END_ENCRYPTION
Mark the start and end of the actual encryption process. Mark the start and end of the actual encryption process.
BEGIN_SIGNING
Mark the start of the actual signing process. This may be used
as an indication that all requested secret keys are ready for
use.
DELETE_PROBLEM reason_code DELETE_PROBLEM reason_code
Deleting a key failed. Reason codes are: Deleting a key failed. Reason codes are:
1 - No such key 1 - No such key

View File

@ -1817,10 +1817,10 @@ $GNUPGHOME.
<varlistentry> <varlistentry>
<term>--pcsc-driver &ParmFile;</term> <term>--pcsc-driver &ParmFile;</term>
<listitem><para> <listitem><para>
Use &ParmFile; to access the smartcard reader. The current default Use &ParmFile; to access the smartcard reader. The current default is
is `libpcsclite.so'. Instead of using this option you might also `libpcsclite.so.1' for GLIBC based systems,
want to install a symbolic link to the default file name `/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
(e.g. from `libpcsclite.so.1'). `winscard.dll' for Windows and `libpcsclite.so' for other systems.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>

View File

@ -43,27 +43,27 @@ a file containing keys is listed).
@table @asis @table @asis
@item -s, --sign @item -s, --sign
Make a signature. This command may be combined with --encrypt (for a Make a signature. This command may be combined with --encrypt (for a
signed and encrypted message), --symmetric (for a signed and signed and encrypted message), --symmetric (for a signed and
symmetrically encrypted message), or --encrypt and --symmetric symmetrically encrypted message), or --encrypt and --symmetric
together (for a signed message that may be decrypted via a secret key together (for a signed message that may be decrypted via a secret key
or a passphrase). or a passphrase).
@item --clearsign @item --clearsign
Make a clear text signature. Make a clear text signature.
@item -b, --detach-sign @item -b, --detach-sign
Make a detached signature. Make a detached signature.
@item -e, --encrypt @item -e, --encrypt
Encrypt data. This option may be combined with --sign (for a signed Encrypt data. This option may be combined with --sign (for a signed
and encrypted message), --symmetric (for a message that may be and encrypted message), --symmetric (for a message that may be
decrypted via a secret key or a passphrase), or --sign and --symmetric decrypted via a secret key or a passphrase), or --sign and --symmetric
together (for a signed message that may be decrypted via a secret key together (for a signed message that may be decrypted via a secret key
or a passphrase). or a passphrase).
@item -c, --symmetric @item -c, --symmetric
Encrypt with a symmetric cipher using a passphrase. The default Encrypt with a symmetric cipher using a passphrase. The default
symmetric cipher used is CAST5, but may be chosen with the symmetric cipher used is CAST5, but may be chosen with the
--cipher-algo option. This option may be combined with --sign (for a --cipher-algo option. This option may be combined with --sign (for a
@ -72,10 +72,10 @@ that may be decrypted via a secret key or a passphrase), or --sign and
--encrypt together (for a signed message that may be decrypted via a --encrypt together (for a signed message that may be decrypted via a
secret key or a passphrase). secret key or a passphrase).
@item --store @item --store
Store only (make a simple RFC1991 packet). Store only (make a simple RFC1991 packet).
@item --decrypt @item -d, --decrypt
Decrypt @code{file} (or stdin if no file is specified) and Decrypt @code{file} (or stdin if no file is specified) and
write it to stdout (or the file specified with write it to stdout (or the file specified with
--output). If the decrypted file is signed, the --output). If the decrypted file is signed, the
@ -317,9 +317,10 @@ preferences, without including any implied preferences.
@item showpref @item showpref
More verbose preferences listing for the selected user ID. This shows More verbose preferences listing for the selected user ID. This shows
the preferences in effect by including the implied preferences of the preferences in effect by including the implied preferences of 3DES
3DES (cipher), SHA-1 (digest), and Uncompressed (compression) if they (cipher), SHA-1 (digest), and Uncompressed (compression) if they are
are not already included in the preference list. not already included in the preference list. In addition, the
preferred keyserver and signature notations (if any) are shown.
@item setpref @code{string} @item setpref @code{string}
Set the list of user ID preferences to @code{string} for all (or just Set the list of user ID preferences to @code{string} for all (or just
@ -335,33 +336,37 @@ used by GnuPG.
@item keyserver @item keyserver
Set a preferred keyserver for the specified user ID(s). This allows Set a preferred keyserver for the specified user ID(s). This allows
other users to know where you prefer they get your key from. See other users to know where you prefer they get your key from. See
--keyserver-option honor-keyserver-url for more on how this works. --keyserver-options honor-keyserver-url for more on how this works.
Note that some versions of PGP interpret the presence of a keyserver Setting a value of "none" removes an existing preferred keyserver.
URL as an instruction to enable PGP/MIME mail encoding. Setting a
value of "none" removes a existing preferred keyserver. @item notation
Set a name=value notation for the specified user ID(s). See
--cert-notation for more on how this works. Setting a value of "none"
removes all notations, setting a notation prefixed with a minus sign
(-) removes that notation, and setting a notation name (without the
=value) prefixed with a minus sign removes all notations with that
name.
@item toggle @item toggle
Toggle between public and secret key listing. Toggle between public and secret key listing.
@item clean @item clean
Cleans keys by removing unusable pieces. This command can be used to
keep keys neat and clean, and it has no effect aside from that.
@table @asis
@item sigs
Remove any signatures that are not usable by the trust calculations.
For example, this removes any signature that does not validate. It
also removes any signature that is superceded by a later signature, or
signatures that were revoked.
@item uids
Compact (by removing all signatures except the selfsig) any user ID Compact (by removing all signatures except the selfsig) any user ID
that is no longer usable (e.g. revoked, or expired). that is no longer usable (e.g. revoked, or expired). Then, remove any
@end table signatures that are not usable by the trust calculations.
Specifically, this removes any signature that does not validate, any
signature that is superceded by a later signature, revoked signatures,
and signatures issued by keys that are not present on the keyring.
@noindent @item minimize
If invoked with no arguments, both `sigs' and `uids' are cleaned. Make the key as small as possible. This removes all signatures from
each user ID except for the most recent self-signature.
@item cross-certify
Add cross-certification signatures to signing subkeys that may not
currently have them. Cross-certification signatures protect against a
subtle attack against signing subkeys. See
--require-cross-certification.
@item save @item save
Save all changes to the key rings and quit. Save all changes to the key rings and quit.
@ -480,7 +485,7 @@ Import/merge keys. This adds the given keys to the
keyring. The fast version is currently just a synonym. keyring. The fast version is currently just a synonym.
There are a few other options which control how this command works. There are a few other options which control how this command works.
Most notable here is the --keyserver-option merge-only option which Most notable here is the --keyserver-options merge-only option which
does not insert new keys but does only the merging of new signatures, does not insert new keys but does only the merging of new signatures,
user-IDs and subkeys. user-IDs and subkeys.
@ -494,9 +499,9 @@ local keyring. This is useful for updating a key with the latest
signatures, user IDs, etc. Calling this with no arguments will signatures, user IDs, etc. Calling this with no arguments will
refresh the entire keyring. Option --keyserver must be used to give refresh the entire keyring. Option --keyserver must be used to give
the name of the keyserver for all keys that do not have preferred the name of the keyserver for all keys that do not have preferred
keyservers set (see --keyserver-option honor-keyserver-url). keyservers set (see --keyserver-options honor-keyserver-url).
@item --search-keys @item --search-keys @code{names}
Search the keyserver for the given names. Multiple names given here Search the keyserver for the given names. Multiple names given here
will be joined together to create the search string for the keyserver. will be joined together to create the search string for the keyserver.
Option --keyserver must be used to give the name of this keyserver. Option --keyserver must be used to give the name of this keyserver.
@ -505,6 +510,11 @@ syntax specified in "How to specify a user ID" below. Note that
different keyserver types support different search methods. Currently different keyserver types support different search methods. Currently
only LDAP supports them all. only LDAP supports them all.
@item --fetch-keys @code{URIs}
Retrieve keys located at the specified URIs. Note that different
installations of GnuPG may support different protocols (HTTP, FTP,
LDAP, etc.)
@item --update-trustdb @item --update-trustdb
Do trust database maintenance. This command iterates over all keys Do trust database maintenance. This command iterates over all keys
and builds the Web of Trust. This is an interactive command because it and builds the Web of Trust. This is an interactive command because it
@ -775,14 +785,15 @@ don't want to keep your secret keys (or one of them)
online but still want to be able to check the validity of a given online but still want to be able to check the validity of a given
recipient's or signator's key. recipient's or signator's key.
@item --trust-model @code{pgp|classic|always} @item --trust-model @code{pgp|classic|direct|always|auto}
Set what trust model GnuPG should follow. The models are: Set what trust model GnuPG should follow. The models are:
@table @asis @table @asis
@item pgp @item pgp
This is the Web of Trust combined with trust signatures as used in PGP This is the Web of Trust combined with trust signatures as used in PGP
5.x and later. This is the default trust model. 5.x and later. This is the default trust model when creating a new
trust database.
@item classic @item classic
This is the standard Web of Trust as used in PGP 2.x and earlier. This is the standard Web of Trust as used in PGP 2.x and earlier.
@ -793,38 +804,76 @@ Web of Trust.
@item always @item always
Skip key validation and assume that used keys are always fully Skip key validation and assume that used keys are always fully
trusted. You won't use this unless you have installed some external trusted. You generally won't use this unless you are using some
validation scheme. This option also suppresses the "[uncertain]" tag external validation scheme. This option also suppresses the
printed with signature checks when there is no evidence that the user "[uncertain]" tag printed with signature checks when there is no
ID is bound to the key. evidence that the user ID is bound to the key.
@item auto
Select the trust model depending on whatever the internal trust
database says. This is the default model if such a database already
exists.
@end table @end table
@item --always-trust @item --always-trust
Identical to `--trust-model always'. This option is deprecated. Identical to `--trust-model always'. This option is deprecated.
@item --auto-key-locate @code{parameters}
@itemx --no-auto-key-locate
GnuPG can automatically locate and retrieve keys as needed using this
option. This happens when encrypting to an email address (in the
"user@@example.com" form), and there are no user@@example.com keys on
the local keyring. This option takes any number of the following
arguments, in the order they are to be tried:
@table @asis
@item cert
locate a key using DNS CERT, as specified in 2538bis (currently in
draft): http://www.josefsson.org/rfc2538bis/
@item pka
locate a key using DNS PKA.
@item ldap
locate a key using the PGP Universal method of checking
"ldap://keys.(thedomain)".
@item keyserver
locate a key using whatever keyserver is defined using the --keyserver
option.
@item (keyserver URL)
In addition, a keyserver URL as used in the --keyserver option may be
used here to query that particular keyserver.
@end table
@item --keyid-format @code{short|0xshort|long|0xlong} @item --keyid-format @code{short|0xshort|long|0xlong}
Select how to display key IDs. "short" is the traditional 8-character Select how to display key IDs. "short" is the traditional 8-character
key ID. "long" is the more accurate (but less convenient) key ID. "long" is the more accurate (but less convenient)
16-character key ID. Add an "0x" to either to include an "0x" at the 16-character key ID. Add an "0x" to either to include an "0x" at the
beginning of the key ID, as in 0x99242560. beginning of the key ID, as in 0x99242560.
@item --keyserver @code{name} @item --keyserver @code{name}
Use @code{name} as your keyserver. This is the server that Use @code{name} as your keyserver. This is the server that
--recv-keys, --send-keys, and --search-keys will communicate with to --recv-keys, --send-keys, and --search-keys will communicate with to
receive keys from, send keys to, and search for keys on. The format receive keys from, send keys to, and search for keys on. The format
of the @code{name} is a URI: `scheme:[//]keyservername[:port]' The of the @code{name} is a URI: `scheme:[//]keyservername[:port]' The
scheme is the type of keyserver: "hkp" for the HTTP (or compatible) scheme is the type of keyserver: "hkp" for the HTTP (or compatible)
keyservers, "ldap" for the NAI LDAP keyserver, or "mailto" for the keyservers, "ldap" for the LDAP keyservers, or "mailto" for the Graff
Graff email keyserver. Note that your particular installation of email keyserver. Note that your particular installation of GnuPG may
GnuPG may have other keyserver types available as well. Keyserver have other keyserver types available as well. Keyserver schemes are
schemes are case-insensitive. case-insensitive. After the keyserver name, optional keyserver
configuration options may be provided. These are the same as the
global --keyserver-options from below, but apply only to this
particular keyserver.
Most keyservers synchronize with each other, so there is generally no Most keyservers synchronize with each other, so there is generally no
need to send keys to more than one server. The keyserver need to send keys to more than one server. The keyserver
"hkp://subkeys.pgp.net" uses round robin DNS to give a different "hkp://subkeys.pgp.net" uses round robin DNS to give a different
keyserver each time you use it. keyserver each time you use it.
@item --keyserver-options @code{parameters} @item --keyserver-options @code{name=value1 }
This is a space or comma delimited string that gives options for the This is a space or comma delimited string that gives options for the
keyserver. Options can be prepended with a `no-' to give the opposite keyserver. Options can be prepended with a `no-' to give the opposite
meaning. Valid import-options or export-options may be used here as meaning. Valid import-options or export-options may be used here as
@ -841,17 +890,35 @@ differentiate between revoked and unrevoked keys, and for such
keyservers this option is meaningless. Note also that most keyservers keyservers this option is meaningless. Note also that most keyservers
do not have cryptographic verification of key revocations, and so do not have cryptographic verification of key revocations, and so
turning this option off may result in skipping keys that are turning this option off may result in skipping keys that are
incorrectly marked as revoked. Defaults to on. incorrectly marked as revoked.
@item include-disabled @item include-disabled
When searching for a key with --search-keys, include keys that are When searching for a key with --search-keys, include keys that are
marked on the keyserver as disabled. Note that this option is not marked on the keyserver as disabled. Note that this option is not
used with HKP keyservers. used with HKP keyservers.
@item auto-key-retrieve
This option enables the automatic retrieving of keys from a keyserver
when verifying signatures made by keys that are not on the local
keyring.
Note that this option makes a "web bug" like behavior possible.
Keyserver operators can see which keys you request, so by sending you
a message signed by a brand new key (which you naturally will not have
on your local keyring), the operator can tell both your IP address and
the time when you verified the signature.
@item honor-keyserver-url @item honor-keyserver-url
When using --refresh-keys, if the key in question has a preferred When using --refresh-keys, if the key in question has a preferred
keyserver set, then use that preferred keyserver to refresh the key keyserver URL, then use that preferred keyserver to refresh the key
from. Defaults to yes. from. In addition, if auto-key-retrieve is set, and the signature
being verified has a preferred keyserver URL, then use that preferred
keyserver to fetch the key from. Defaults to yes.
@item honor-pka-record
If auto-key-retrieve is set, and the signature being verified has a
PKA record, then use the PKA information to fetch the key. Defaults
to yes.
@item include-subkeys @item include-subkeys
When receiving a key, include subkeys as potential targets. Note that When receiving a key, include subkeys as potential targets. Note that
@ -885,19 +952,12 @@ timeout applies separately to each key retrieval, and not to the
For HTTP-like keyserver schemes that (such as HKP and HTTP itself), For HTTP-like keyserver schemes that (such as HKP and HTTP itself),
try to access the keyserver over a proxy. If a @code{value} is try to access the keyserver over a proxy. If a @code{value} is
specified, use this as the HTTP proxy. If no @code{value} is specified, use this as the HTTP proxy. If no @code{value} is
specified, try to use the value of the environment variable specified, the value of the environment variable "http_proxy", if any,
"http_proxy". will be used.
@item auto-key-retrieve @item max-cert-size
This option enables the automatic retrieving of keys from a keyserver When retrieving a key via DNS CERT, only accept keys up to this size.
when verifying signatures made by keys that are not on the local Defaults to 16384 bytes.
keyring.
Note that this option makes a "web bug" like behavior possible.
Keyserver operators can see which keys you request, so by sending you
a message signed by a brand new key (which you naturally will not have
on your local keyring), the operator can tell both your IP address and
the time when you verified the signature.
@end table @end table
@item --import-options @code{parameters} @item --import-options @code{parameters}
@ -924,18 +984,19 @@ yes for keyserver --recv-keys.
During import, allow key updates to existing keys, but do not allow During import, allow key updates to existing keys, but do not allow
any new keys to be imported. Defaults to no. any new keys to be imported. Defaults to no.
@item import-clean-sigs
After import, remove any signatures from the new key that are not
usable. This is the same as running the --edit-key command "clean
sigs" after import. Defaults to no.
@item import-clean-uids
After import, compact (remove all signatures from) any user IDs from
the new key that are not usable. This is the same as running the
--edit-key command "clean uids" after import. Defaults to no.
@item import-clean @item import-clean
Identical to "import-clean-sigs import-clean-uids". After import, compact (remove all signatures except the
self-signature) any user IDs from the new key that are not usable.
Then, remove any signatures from the new key that are not usable.
This includes signatures that were issued by keys that are not present
on the keyring. This option is the same as running the --edit-key
command "clean" after import. Defaults to no.
@item import-minimal
Import the smallest key possible. This removes all signatures except
the most recent self-signature on each user ID. This option is the
same as running the --edit-key command "minimize" after import.
Defaults to no.
@end table @end table
@item --export-options @code{parameters} @item --export-options @code{parameters}
@ -959,25 +1020,26 @@ program that does not accept attribute user IDs. Defaults to yes.
Include designated revoker information that was marked as Include designated revoker information that was marked as
"sensitive". Defaults to no. "sensitive". Defaults to no.
@item export-minimal
Export the smallest key possible. Currently this is done by leaving
out any signatures that are not self-signatures. Defaults to no.
@item export-clean-sigs
Do not export any signatures that are not usable. This is the same as
running the --edit-key command "clean sigs" before export. Defaults
to no.
@item export-clean-uids
Compact (remove all signatures from) user IDs on the key being
exported if the user IDs are not usable. This is the same as running
the --edit-key command "clean uids" before export. Defaults to no.
@item export-reset-subkey-passwd @item export-reset-subkey-passwd
When using the "--export-secret-subkeys" command, this option resets When using the "--export-secret-subkeys" command, this option resets
the passphrases for all exported subkeys to empty. This is useful the passphrases for all exported subkeys to empty. This is useful
when the exported subkey is to be used on an unattended machine where when the exported subkey is to be used on an unattended machine where
a passphrase doesn't necessarily make sense. Defaults to no. a passphrase doesn't necessarily make sense. Defaults to no.
@item export-clean
Compact (remove all signatures from) user IDs on the key being
exported if the user IDs are not usable. Also, do not export any
signatures that are not usable. This includes signatures that were
issued by keys that are not present on the keyring. This option is
the same as running the --edit-key command "clean" before export
except that the local copy of the key is not modified. Defaults to
no.
@item export-minimal
Export the smallest key possible. This removes all signatures except
the most recent self-signature on each user ID. This option is the
same as running the --edit-key command "minimize" before export except
that the local copy of the key is not modified. Defaults to no.
@end table @end table
@item --list-options @code{parameters} @item --list-options @code{parameters}
@ -1065,6 +1127,17 @@ the signature. Defaults to no.
@item show-unusable-uids @item show-unusable-uids
Show revoked and expired user IDs during signature verification. Show revoked and expired user IDs during signature verification.
Defaults to no. Defaults to no.
@item pka-lookups
Enable PKA lookups to verify sender addresses. Note that PKA is based
on DNS, and so enabling this option may disclose information on when
and what signatures are verified or to whom data is encrypted. This
is similar to the "web bug" described for the auto-key-retrieve
feature.
@item pka-trust-increase
Raise the trust in a signature to full if the signature passes PKA
validation. This option is only meaningful if pka-lookups is set.
@end table @end table
@item --show-photos @item --show-photos
@ -1135,10 +1208,10 @@ a options file. This also overrides the environment variable
$GNUPGHOME. $GNUPGHOME.
@item --pcsc-driver @code{file} @item --pcsc-driver @code{file}
Use @code{file} to access the smartcard reader. The current default Use @code{file} to access the smartcard reader. The current default is
is `libpcsclite.so'. Instead of using this option you might also `libpcsclite.so.1' for GLIBC based systems,
want to install a symbolic link to the default file name `/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
(e.g. from `libpcsclite.so.1'). `winscard.dll' for Windows and `libpcsclite.so' for other systems.
@item --ctapi-driver @code{file} @item --ctapi-driver @code{file}
Use @code{file} to access the smartcard reader. The current default Use @code{file} to access the smartcard reader. The current default
@ -1485,21 +1558,21 @@ signature. Note that all other PGP versions do it this way too.
Enabled by default. --no-escape-from-lines disables this option. Enabled by default. --no-escape-from-lines disables this option.
@item --passphrase-fd @code{n} @item --passphrase-fd @code{n}
Read the passphrase from file descriptor @code{n}. If you use Read the passphrase from file descriptor @code{n}. If you use 0 for
0 for @code{n}, the passphrase will be read from stdin. This @code{n}, the passphrase will be read from stdin. This can only be
can only be used if only one passphrase is supplied. used if only one passphrase is supplied.
Don't use this option if you can avoid it.
@item --passphrase-file @code{file} @item --passphrase-file @code{file}
Read the passphrase from file @code{file}. This can only be used if Read the passphrase from file @code{file}. This can only be used if
only one passphrase is supplied. Obviously, a passphrase stored in a only one passphrase is supplied. Obviously, a passphrase stored in a
file is of questionable security. Don't use this option if you can file is of questionable security if other users can read this file.
avoid it. Don't use this option if you can avoid it.
@item --passphrase @code{string} @item --passphrase @code{string}
Use @code{string} as the passphrase. This can only be used if only one Use @code{string} as the passphrase. This can only be used if only one
passphrase is supplied. Obviously, this is of very questionable passphrase is supplied. Obviously, this is of very questionable
security. Don't use this option if you can avoid it. security on a multi-user system. Don't use this option if you can
avoid it.
@item --command-fd @code{n} @item --command-fd @code{n}
This is a replacement for the deprecated shared-memory IPC mode. This is a replacement for the deprecated shared-memory IPC mode.
@ -1788,19 +1861,29 @@ of one specific message without compromising all messages ever
encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY
FORCED TO DO SO. FORCED TO DO SO.
@item --override-session-key @code{string} @item --override-session-key @code{string}
Don't use the public key but the session key @code{string}. The format of this Don't use the public key but the session key @code{string}. The format of this
string is the same as the one printed by --show-session-key. This option string is the same as the one printed by --show-session-key. This option
is normally not used but comes handy in case someone forces you to reveal the is normally not used but comes handy in case someone forces you to reveal the
content of an encrypted message; using this option you can do this without content of an encrypted message; using this option you can do this without
handing out the secret key. handing out the secret key.
@item --require-cross-certification
@itemx --no-require-certification
When verifying a signature made from a subkey, ensure that the cross
certification "back signature" on the subkey is present and valid.
This protects against a subtle attack against subkeys that can sign.
Currently defaults to --no-require-cross-certification, but will be
changed to --require-cross-certification in the future.
@item --ask-sig-expire @item --ask-sig-expire
@itemx --no-ask-sig-expire @itemx --no-ask-sig-expire
When making a data signature, prompt for an expiration time. If this When making a data signature, prompt for an expiration time. If this
option is not specified, the expiration time set via option is not specified, the expiration time set via
--default-sig-expire is used. --no-ask-sig-expire disables this --default-sig-expire is used. --no-ask-sig-expire disables this
option. option. Note that by default, --force-v3-sigs is set which also
disables this option. If you want signature expiration, you must set
--no-force-v3-sigs as well as turning --ask-sig-expire on.
@item --default-sig-expire @item --default-sig-expire
The default expiration time to use for signature expiration. Valid The default expiration time to use for signature expiration. Valid
@ -1843,6 +1926,12 @@ behaviour as used by anonymous recipients (created by using
--throw-keyids) and might come handy in case where an encrypted --throw-keyids) and might come handy in case where an encrypted
message contains a bogus key ID. message contains a bogus key ID.
@item --allow-multisig-verification
Allow verification of concatenated signed messages. This will run a
signature verification for each data+signature block. There are some
security issues with this option thus it is off by default. Note that
versions of gpg rpior to version 1.4.3 implicityly allowed for this.
@item --enable-special-filenames @item --enable-special-filenames
This options enables a mode in which filenames of the form This options enables a mode in which filenames of the form
@file{-&n}, where n is a non-negative decimal number, @file{-&n}, where n is a non-negative decimal number,
@ -2017,10 +2106,6 @@ starting the gpg-agent as described in its documentation, this
variable is set to the correct value. The option --gpg-agent-info can variable is set to the correct value. The option --gpg-agent-info can
be used to override it. be used to override it.
@item http_proxy
Only honored when the keyserver-option
honor-http-proxy is set.
@item COLUMNS @item COLUMNS
@itemx LINES @itemx LINES
Used to size some displays to the full size of the screen. Used to size some displays to the full size of the screen.

View File

@ -1,3 +1,15 @@
2006-04-03 Werner Koch <wk@g10code.com>
* import.c (check_prefs_warning): Merged strings for better
translation.
* gpg.c (main) [__GLIBC__]: Default to libpcsclite.so.1.
* status.h, status.c (STATUS_BEGIN_SIGNING): New. Suggested by
Daiki Ueno.
* textfilter.c (copy_clearsig_text): Issue new status code.
* sign.c (sign_file, sign_symencrypt_file): Ditto.
2006-03-31 David Shaw <dshaw@jabberwocky.com> 2006-03-31 David Shaw <dshaw@jabberwocky.com>
* getkey.c (get_pubkey_byname): Fix missing auto_key_retrieve * getkey.c (get_pubkey_byname): Fix missing auto_key_retrieve
@ -17,6 +29,11 @@
This will need to come out once the standard for DSA2 is firmed This will need to come out once the standard for DSA2 is firmed
up. up.
2006-03-28 Werner Koch <wk@g10code.com>
* openfile.c (overwrite_filep): Fix small cpr issue. Noted by
Daiki Ueno.
2006-03-22 David Shaw <dshaw@jabberwocky.com> 2006-03-22 David Shaw <dshaw@jabberwocky.com>
* getkey.c (parse_auto_key_locate): Silently strip out duplicates * getkey.c (parse_auto_key_locate): Silently strip out duplicates

View File

@ -1726,6 +1726,8 @@ main (int argc, char **argv )
opt.pcsc_driver = "winscard.dll"; opt.pcsc_driver = "winscard.dll";
#elif defined(__APPLE__) #elif defined(__APPLE__)
opt.pcsc_driver = "/System/Library/Frameworks/PCSC.framework/PCSC"; opt.pcsc_driver = "/System/Library/Frameworks/PCSC.framework/PCSC";
#elif defined(__GLIBC__)
opt.pcsc_driver = "libpcsclite.so.1";
#else #else
opt.pcsc_driver = "libpcsclite.so"; opt.pcsc_driver = "libpcsclite.so";
#endif #endif

View File

@ -563,9 +563,8 @@ print_import_check (PKT_public_key * pk, PKT_user_id * id)
static void static void
check_prefs_warning(PKT_public_key *pk) check_prefs_warning(PKT_public_key *pk)
{ {
log_info(_("WARNING: key %s contains preferences for unavailable\n"), log_info(_("WARNING: key %s contains preferences for unavailable\n"
keystr_from_pk(pk)); "algorithms on these user IDs:\n"), keystr_from_pk(pk));
log_info(_("algorithms on these user IDs:\n"));
} }
static void static void

View File

@ -84,6 +84,8 @@ overwrite_filep( const char *fname )
return 0; /* do not overwrite */ return 0; /* do not overwrite */
tty_printf(_("File `%s' exists. "), fname); tty_printf(_("File `%s' exists. "), fname);
if( cpr_enabled () )
tty_printf ("\n");
if( cpr_get_answer_is_yes("openfile.overwrite.okay", if( cpr_get_answer_is_yes("openfile.overwrite.okay",
_("Overwrite? (y/N) ")) ) _("Overwrite? (y/N) ")) )
return 1; return 1;

View File

@ -917,7 +917,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
goto leave; goto leave;
} }
/* setup the inner packet */ write_status (STATUS_BEGIN_SIGNING);
/* Setup the inner packet. */
if( detached ) { if( detached ) {
if( multifile ) { if( multifile ) {
STRLIST sl; STRLIST sl;
@ -1283,6 +1285,8 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
goto leave; goto leave;
} }
write_status (STATUS_BEGIN_SIGNING);
/* Pipe data through all filters; i.e. write the signed stuff */ /* Pipe data through all filters; i.e. write the signed stuff */
/*(current filters: zip - encrypt - armor)*/ /*(current filters: zip - encrypt - armor)*/
rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b'); rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b');

View File

@ -165,6 +165,7 @@ get_status_string ( int no )
case STATUS_BACKUP_KEY_CREATED:s="BACKUP_KEY_CREATED"; break; case STATUS_BACKUP_KEY_CREATED:s="BACKUP_KEY_CREATED"; break;
case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break; case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break;
case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break; case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break;
case STATUS_BEGIN_SIGNING : s = "BEGIN_SIGNING"; break;
default: s = "?"; break; default: s = "?"; break;
} }
return s; return s;

View File

@ -118,6 +118,8 @@
#define STATUS_PKA_TRUST_BAD 82 #define STATUS_PKA_TRUST_BAD 82
#define STATUS_PKA_TRUST_GOOD 83 #define STATUS_PKA_TRUST_GOOD 83
#define STATUS_BEGIN_SIGNING 84
/*-- status.c --*/ /*-- status.c --*/
void set_status_fd ( int fd ); void set_status_fd ( int fd );

View File

@ -33,6 +33,7 @@
#include "filter.h" #include "filter.h"
#include "i18n.h" #include "i18n.h"
#include "options.h" #include "options.h"
#include "status.h"
#ifdef HAVE_DOSISH_SYSTEM #ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n" #define LF "\r\n"
@ -177,6 +178,8 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
if( !escape_dash ) if( !escape_dash )
escape_from = 0; escape_from = 0;
write_status (STATUS_BEGIN_SIGNING);
for(;;) { for(;;) {
maxlen = MAX_LINELEN; maxlen = MAX_LINELEN;
n = iobuf_read_line( inp, &buffer, &bufsize, &maxlen ); n = iobuf_read_line( inp, &buffer, &bufsize, &maxlen );

777
po/be.po

File diff suppressed because it is too large Load Diff

782
po/ca.po

File diff suppressed because it is too large Load Diff

782
po/cs.po

File diff suppressed because it is too large Load Diff

768
po/da.po

File diff suppressed because it is too large Load Diff

853
po/de.po

File diff suppressed because it is too large Load Diff

786
po/el.po

File diff suppressed because it is too large Load Diff

782
po/eo.po

File diff suppressed because it is too large Load Diff

785
po/es.po

File diff suppressed because it is too large Load Diff

782
po/et.po

File diff suppressed because it is too large Load Diff

783
po/fi.po

File diff suppressed because it is too large Load Diff

781
po/fr.po

File diff suppressed because it is too large Load Diff

785
po/gl.po

File diff suppressed because it is too large Load Diff

785
po/hu.po

File diff suppressed because it is too large Load Diff

786
po/id.po

File diff suppressed because it is too large Load Diff

786
po/it.po

File diff suppressed because it is too large Load Diff

779
po/ja.po

File diff suppressed because it is too large Load Diff

783
po/pl.po

File diff suppressed because it is too large Load Diff

782
po/pt.po

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

786
po/ro.po

File diff suppressed because it is too large Load Diff

779
po/ru.po

File diff suppressed because it is too large Load Diff

785
po/sk.po

File diff suppressed because it is too large Load Diff

782
po/sv.po

File diff suppressed because it is too large Load Diff

788
po/tr.po

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,7 @@
2006-04-03 Werner Koch <wk@g10code.com>
* autogen.sh: Unsupport mingw32/cpd.
2006-03-09 Werner Koch <wk@g10code.com> 2006-03-09 Werner Koch <wk@g10code.com>
* config.sub, config.guess: Updated. * config.sub, config.guess: Updated.

View File

@ -63,15 +63,17 @@ if test "$1" = "--build-w32"; then
echo "We need at least version 0.3 of MingW32/CPD" >&2 echo "We need at least version 0.3 of MingW32/CPD" >&2
exit 1 exit 1
fi fi
crossbindir=`mingw32 --install-dir`/bin echo "MingW32/CPD is no longer supported" >&2
# Old autoconf version required us to setup the environment exit 1
# with the proper tool names. # crossbindir=`mingw32 --install-dir`/bin
CC=`mingw32 --get-path gcc` # # Old autoconf version required us to setup the environment
CPP=`mingw32 --get-path cpp` # # with the proper tool names.
AR=`mingw32 --get-path ar` # CC=`mingw32 --get-path gcc`
RANLIB=`mingw32 --get-path ranlib` # CPP=`mingw32 --get-path cpp`
export CC CPP AR RANLIB # AR=`mingw32 --get-path ar`
conf_CC="" # RANLIB=`mingw32 --get-path ranlib`
# export CC CPP AR RANLIB
# conf_CC=""
fi fi
if [ -f "$tsdir/config.log" ]; then if [ -f "$tsdir/config.log" ]; then