security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

release 0.2.14

Browse Source
This commit is contained in:
Werner Koch 1998-04-02 10:30:03 +00:00
parent 6b91e7762c
commit 303b1084d5
42 changed files with 824 additions and 518 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
NEWS
View File

@ -1,3 +1,19 @@
Noteworthy changes in version 0.2.14
------------------------------------
* Changed the internal handling of keyrings.
* Add support to list PGP 5 keyrings with supkeys
* Timestamps of signatures are now verified.
* A expiration time can now be specified during key generation.
* Some speedups for Blowfish and SHA-1, rewrote SHA-1 transform.
Reduced the amount of random bytes needed for key generation in
some cases.
Noteworthy changes in version 0.2.13
------------------------------------

2
THANKS
View File

@ -7,6 +7,7 @@ exempt of errors.
Anand Kumria wildfire@progsoc.uts.edu.au
Daniel Eisenbud eisenbud@cs.swarthmore.edu
Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
Ed Boraas ecxjo@esperanto.org
Ernst Molitor ernst.molitor@uni-bonn.de
Hendrik Buschkamp buschkamp@rheumanet.org
James Troup J.J.Troup@scm.brad.ac.uk
@ -23,6 +24,7 @@ Walter Koch walterk@ddorf.rhein-ruhr.de
Werner Koch werner.koch@guug.de
Wim Vandeputte bunbun@reptile.rug.ac.be
Thanks to the German Unix User Group for providing FTP space and
Martin Hamilton for hosting the mailing list.

11
TODO
View File

@ -2,7 +2,7 @@
* improve iobuf by reading more than one byte at once,
this shoud espceially done for the buffer in the chain.
Change the buffering to a mbuf like scheme? Need it for PSST anyway.
* add a way to difference between errors and eof in the underflow/flush
* add a way to distinguish between errors and eof in the underflow/flush
function of iobuf.
* add checking of armor trailers
* remove all "Fixmes"
@ -38,7 +38,14 @@
* remove key management stuff from sign.c.
* add fingerprint/keyid hashing. We need a new filed in PKC to
* add fingerprint/keyid hashing. We need a new field in PKC to
flag that we may have a cached signature for this (and use the address
of PKC to lookup the hash).
* change the misleading usage of public key certificate to public key data
or something like this.
* seckey_cert.c: merge all the check funtions into one.
* fix the problems with "\v" in gettext

2
VERSION
View File

@ -1 +1 @@
0.2.13a
0.2.14

3
checks/Makefile.am
View File

@ -8,7 +8,8 @@ TESTS = version.test decrypt.test clearsig.test armsigs.test \
TEST_FILES = pubring.asc secring.asc gnupg.asc plain-1 plain-2 plain-3o.asc \
plain-1.asc plain-2.asc plain-3.asc
plain-1.asc plain-2.asc plain-3.asc \
pubring.pkr.asc secring.skr.asc
DATA_FILES = data-500 data-9000 data-32000 data-80000

4
cipher/ChangeLog
View File

@ -1,3 +1,7 @@
Wed Apr 1 16:38:27 1998 Werner Koch (wk@isil.d.shuttle.de)
* elgamla.c (elg_generate): Faster generation of x in some cases.
Thu Mar 19 13:54:48 1998 Werner Koch (wk@isil.d.shuttle.de)
* blowfish.c (blowfish_decode_cfb): changed XOR operation

2
cipher/Makefile.am
View File

@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
INCLUDES = -I$(top_srcdir)/include
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
EXTRA_DIST = @CIPHER_EXTRA_DIST@
noinst_LIBRARIES = libcipher.a

2
cipher/Makefile.in
View File

@ -92,7 +92,7 @@ VERSION = @VERSION@
ZLIBS = @ZLIBS@
l = @l@
INCLUDES = -I$(top_srcdir)/include
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
EXTRA_DIST = @CIPHER_EXTRA_DIST@
noinst_LIBRARIES = libcipher.a

24
cipher/elgamal.c
View File

@ -126,6 +126,7 @@ elg_generate( ELG_public_key *pk, ELG_secret_key *sk,
MPI y;
MPI temp;
unsigned qbits;
byte *rndbuf;
p_min1 = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
temp = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
@ -145,22 +146,33 @@ elg_generate( ELG_public_key *pk, ELG_secret_key *sk,
/* select a random number which has these properties:
* 0 < x < p-1
* This must be a very good random number because this is the
* secret part. The prime is public and may be shared anyware,
* so a random generator level of 1 has been used for the prime
* secret part. The prime is public and may be shared anyway,
* so a random generator level of 1 is used for the prime.
*/
x = mpi_alloc_secure( nbits/BITS_PER_MPI_LIMB );
if( DBG_CIPHER )
log_debug("choosing a random x ");
rndbuf = NULL;
do {
byte *rndbuf;
if( DBG_CIPHER )
fputc('.', stderr);
rndbuf = get_random_bits( nbits, 2, 1 );
if( rndbuf ) { /* change only some of the higher bits */
if( nbits < 16 ) {/* should never happen ... */
m_free(rndbuf);
rndbuf = get_random_bits( nbits, 2, 1 );
}
else {
char *r = get_random_bits( 16, 2, 1 );
memcpy(rndbuf, r, 16 );
m_free(r);
}
}
else
rndbuf = get_random_bits( nbits, 2, 1 );
mpi_set_buffer( x, rndbuf, (nbits+7)/8, 0 );
m_free(rndbuf);
mpi_clear_highbit( x, nbits+1 );
log_mpidump(" x: ", x );
} while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) );
m_free(rndbuf);
y = mpi_alloc(nbits/BITS_PER_MPI_LIMB);
mpi_powm( y, g, x, p );

6
configure.in
View File

@ -99,9 +99,6 @@ dnl Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS(unistd.h)
G10_LOCALEDIR="$g10_prefix/$DATADIRNAME/locale"
AC_SUBST(G10_LOCALEDIR)
AC_DEFINE_UNQUOTED(G10_LOCALEDIR, "$G10_LOCALEDIR")
dnl Checks for typedefs, structures, and compiler characteristics.
@ -210,6 +207,9 @@ AC_SUBST(CIPHER_EXTRA_OBJS)
AC_SUBST(CIPHER_EXTRA_DIST)
AM_GNU_GETTEXT
G10_LOCALEDIR="$g10_prefix/$DATADIRNAME/locale"
AC_SUBST(G10_LOCALEDIR)
AC_DEFINE_UNQUOTED(G10_LOCALEDIR, "$G10_LOCALEDIR")
WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )
WK_DO_LINK_FILES

20
doc/Makefile.am
View File

@ -11,3 +11,23 @@ man_MANS = gpg.1
>$@,$$$$ && mv -f $@,$$$$ $@\
|| rm -f $@,$$$$
%.txt : %.sgml
sgml2txt -c latin $*
%.html : %.sgml
sgml2html -l deutsch -c latin $*
%.dvi : %.sgml
-rm $*.sgml.tmp
mv $*.sgml $*.sgml.tmp
sed -e '/<!entity/ s/"IGNORE">/"INCLUDE">/' $*.sgml.tmp >$*.sgml
sgml2latex -b -l deutsch -c latin $* ; mv $*.sgml.tmp $*.sgml
%.ps : %.sgml
-rm $*.sgml.tmp
mv $*.sgml $*.sgml.tmp
sed -e '/<!entity/ s/"IGNORE">/"INCLUDE">/' $*.sgml.tmp >$*.sgml
sgml2latex -b -l deutsch -c latin -o ps $* ; mv $*.sgml.tmp $*.sgml

21
g10/ChangeLog
View File

@ -1,3 +1,24 @@
Thu Apr 2 10:38:16 1998 Werner Koch (wk@isil.d.shuttle.de)
* keygen.c (generate_keypair): Add valid_days stuff.
* trustdb.c (check_trust): Add check for valid_days.
Wed Apr 1 16:15:58 1998 Werner Koch (wk@isil.d.shuttle.de)
* keygen.c (generate_keypair): Addional question whether the
selected large keysize is really needed.
Wed Apr 1 15:56:33 1998 Werner Koch (wk@isil.d.shuttle.de)
* seckey-cert.c (protect_secret_key): merged protect_xxx to here.
Wed Apr 1 10:34:46 1998 Werner Koch (wk@isil.d.shuttle.de)
* Makefile.am (g10maint.c): Changed creation rule, so that it works
on FreeBSD (missing CFLAGS).
* parse-packet.c (parse_subkey): Removed.
Thu Mar 19 15:22:36 1998 Werner Koch (wk@isil.d.shuttle.de)
* ringedit.c (keyring_enum): Fixed problem with reading too

4
g10/Makefile.am
View File

@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
INCLUDES = -I$(top_srcdir)/include
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
EXTRA_DIST = OPTIONS pubring.asc
OMIT_DEPENDENCIES = zlib.h zconf.h
BUILT_SOURCES = g10maint.c
@ -67,7 +67,7 @@ gpgm_SOURCES = g10maint.c \
LDADD = @INTLLIBS@ $(needed_libs) @ZLIBS@
g10maint.c : g10.c
$(CPP) $(DEFS) $(INCLUDES) -DIS_G10MAINT $< > $@ || rm $@
$(CPP) $(CFLAGS) $(DEFS) $(INCLUDES) -DIS_G10MAINT $< > $@ || rm $@
$(PROGRAMS): $(needed_libs)

4
g10/Makefile.in
View File

@ -92,7 +92,7 @@ VERSION = @VERSION@
ZLIBS = @ZLIBS@
l = @l@
INCLUDES = -I$(top_srcdir)/include
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
EXTRA_DIST = OPTIONS pubring.asc
OMIT_DEPENDENCIES = zlib.h zconf.h
BUILT_SOURCES = g10maint.c
@ -404,7 +404,7 @@ maintainer-clean-generic clean mostlyclean distclean maintainer-clean
g10maint.c : g10.c
$(CPP) $(DEFS) $(INCLUDES) -DIS_G10MAINT $< > $@ || rm $@
$(CPP) $(CFLAGS) $(DEFS) $(INCLUDES) -DIS_G10MAINT $< > $@ || rm $@
$(PROGRAMS): $(needed_libs)

2
g10/armor.c
View File

@ -653,8 +653,6 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
fhdr_state_t state = afx->parse_state;
unsigned emplines = afx->empty;
size = 100; /* FIXME: only used for testing (remove it) */
len = 2; /* reserve 2 bytes for the length header */
size -= 3; /* and 1 for empline handling and 2 for the term header */
while( !rc && len < size ) {

32
g10/build-packet.c
View File

@ -267,31 +267,31 @@ do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *skc )
mpi_write(a, skc->d.elg.p );
mpi_write(a, skc->d.elg.g );
mpi_write(a, skc->d.elg.y );
if( skc->d.elg.is_protected ) {
if( skc->is_protected ) {
iobuf_put(a, 0xff );
iobuf_put(a, skc->d.elg.protect.algo );
iobuf_put(a, skc->d.elg.protect.s2k );
iobuf_put(a, skc->d.elg.protect.hash );
if( skc->d.elg.protect.s2k == 1
|| skc->d.elg.protect.s2k == 3 )
iobuf_write(a, skc->d.elg.protect.salt, 8 );
if( skc->d.elg.protect.s2k == 3 )
iobuf_put(a, skc->d.elg.protect.count );
iobuf_write(a, skc->d.elg.protect.iv, 8 );
iobuf_put(a, skc->protect.algo );
iobuf_put(a, skc->protect.s2k );
iobuf_put(a, skc->protect.hash );
if( skc->protect.s2k == 1
|| skc->protect.s2k == 3 )
iobuf_write(a, skc->protect.salt, 8 );
if( skc->protect.s2k == 3 )
iobuf_put(a, skc->protect.count );
iobuf_write(a, skc->protect.iv, 8 );
}
else
iobuf_put(a, 0 );
mpi_write(a, skc->d.elg.x );
write_16(a, skc->d.elg.csum );
write_16(a, skc->csum );
}
else if( skc->pubkey_algo == PUBKEY_ALGO_RSA ) {
mpi_write(a, skc->d.rsa.rsa_n );
mpi_write(a, skc->d.rsa.rsa_e );
if( skc->d.rsa.is_protected ) {
assert( skc->d.rsa.protect_algo == CIPHER_ALGO_BLOWFISH );
iobuf_put(a, skc->d.rsa.protect_algo );
iobuf_write(a, skc->d.rsa.protect.blowfish.iv, 8 );
if( skc->is_protected ) {
assert( skc->protect.algo == CIPHER_ALGO_BLOWFISH );
iobuf_put(a, skc->protect.algo );
iobuf_write(a, skc->protect.iv, 8 );
}
else
iobuf_put(a, 0 );
@ -299,7 +299,7 @@ do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *skc )
mpi_write(a, skc->d.rsa.rsa_p );
mpi_write(a, skc->d.rsa.rsa_q );
mpi_write(a, skc->d.rsa.rsa_u );
write_16(a, skc->d.rsa.csum );
write_16(a, skc->csum );
}
else {
rc = G10ERR_PUBKEY_ALGO;

2
g10/cipher.c
View File

@ -48,7 +48,7 @@ cipher_filter( void *opaque, int control,
int rc=0;
if( control == IOBUFCTRL_UNDERFLOW ) { /* decrypt */
rc = -1; /* FIXME:*/
rc = -1; /* not yet used */
}
else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */
assert(a);

2
g10/compress.c
View File

@ -147,7 +147,7 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
log_debug("inflate returned: avail_in=%u, avail_out=%u, zrc=%d\n",
(unsigned)zs->avail_in, (unsigned)zs->avail_out, zrc);
if( zrc == Z_STREAM_END )
rc = -1; /* eof FIXME: return remaining bytes until EOF */
rc = -1; /* eof */
else if( zrc != Z_OK ) {
if( zs->msg )
log_fatal("zlib inflate problem: %s\n", zs->msg );

4
g10/g10.c
View File

@ -635,8 +635,10 @@ main( int argc, char **argv )
/* reading data and passphrase form stdin:
* we assume the first line is the passphrase, so
* we better should read it now.
*
* We should do it here, but for now it is not needed.
* Anyway, this password scheme is not quite good
*/
/* FIXME: doit */
}
}

8
g10/getkey.c
View File

@ -81,8 +81,6 @@ add_keyring( const char *name )
STRLIST sl;
int rc;
/* FIXME: check wether this one is available etc */
/* maybe we should do this later */
if( *name != '/' ) { /* do tilde expansion etc */
char *p ;
@ -101,7 +99,7 @@ add_keyring( const char *name )
sl->next = keyrings;
keyrings = sl;
/* FIXME: We should remove much out of this module and
/* fixme: We should remove much out of this module and
* combine it with the keyblock stuff from ringedit.c
* For now we will simple add the filename as keyblock resource
*/
@ -131,8 +129,6 @@ add_secret_keyring( const char *name )
STRLIST sl;
int rc;
/* FIXME: check wether this one is available etc */
/* my be we should do this later */
if( *name != '/' ) { /* do tilde expansion etc */
char *p ;
@ -151,7 +147,7 @@ add_secret_keyring( const char *name )
sl->next = secret_keyrings;
secret_keyrings = sl;
/* FIXME: We should remove much out of this mpdule and
/* fixme: We should remove much out of this mpdule and
* combine it with the keyblock stuff from ringedit.c
* For now we will simple add the filename as keyblock resource
*/

2
g10/import.c
View File

@ -580,7 +580,7 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
*
* o compare the signatures: If we already have this signature, check
* that they compare okay; if not, issue a warning and ask the user.
* FIXME: add the check, that we don` have duplicate signatures and the
* FIXME: add the check, that we don't have duplicate signatures and the
* warning in cases that the old/new signatures don't match.
* o Simply add the signature. Can't verify here because we may not have
* the signatures public key yet; verification is done when putting it

147
g10/keygen.c
View File

@ -34,11 +34,6 @@
#include "keydb.h"
#include "i18n.h"
#if 0
#define TEST_ALGO 1
#define TEST_NBITS 256
#define TEST_UID "Karl Test"
#endif
#if defined(HAVE_RSA_CIPHER) && 0
#define ENABLE_RSA_KEYGEN 1
@ -136,7 +131,7 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
static int
gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
byte *salt, PKT_secret_cert **ret_skc )
byte *salt, PKT_secret_cert **ret_skc, u16 valid_days )
{
int rc;
int i;
@ -152,7 +147,7 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
skc = m_alloc_clear( sizeof *skc );
pkc = m_alloc_clear( sizeof *pkc );
skc->timestamp = pkc->timestamp = make_timestamp();
skc->valid_days = pkc->valid_days = 0; /* fixme: make it configurable*/
skc->valid_days = pkc->valid_days = valid_days;
skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_ELGAMAL;
pkc->d.elg.p = pk.p;
pkc->d.elg.g = pk.g;
@ -161,19 +156,19 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
skc->d.elg.g = sk.g;
skc->d.elg.y = sk.y;
skc->d.elg.x = sk.x;
skc->d.elg.is_protected = 0;
skc->d.elg.protect.algo = 0;
skc->is_protected = 0;
skc->protect.algo = 0;
skc->d.elg.csum = checksum_mpi( skc->d.elg.x );
skc->csum = checksum_mpi( skc->d.elg.x );
/* return an unprotected version of the skc */
*ret_skc = copy_secret_cert( NULL, skc );
if( dek ) {
skc->d.elg.protect.algo = CIPHER_ALGO_BLOWFISH;
skc->d.elg.protect.s2k = 1;
skc->d.elg.protect.hash = DIGEST_ALGO_RMD160;
memcpy(skc->d.elg.protect.salt, salt, 8);
randomize_buffer(skc->d.elg.protect.iv, 8, 1);
skc->protect.algo = CIPHER_ALGO_BLOWFISH;
skc->protect.s2k = 1;
skc->protect.hash = DIGEST_ALGO_RMD160;
memcpy(skc->protect.salt, salt, 8);
randomize_buffer(skc->protect.iv, 8, 1);
rc = protect_secret_key( skc, dek );
if( rc ) {
log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
@ -206,7 +201,7 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
#ifdef ENABLE_RSA_KEYGEN
static int
gen_rsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
byte *salt, PKT_secret_cert **ret_skc )
byte *salt, PKT_secret_cert **ret_skc, u16 valid_days )
{
int rc;
PACKET *pkt;
@ -220,7 +215,7 @@ gen_rsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
skc = m_alloc_clear( sizeof *skc );
pkc = m_alloc_clear( sizeof *pkc );
skc->timestamp = pkc->timestamp = make_timestamp();
skc->valid_days = pkc->valid_days = 0; /* fixme: make it configurable*/
skc->valid_days = pkc->valid_days = valid_days;
skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_RSA;
memset(&pkc->mfx, 0, sizeof pkc->mfx);
pkc->d.rsa.rsa_n = pk.n;
@ -270,13 +265,41 @@ gen_rsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
static int
gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
byte *salt, PKT_secret_cert **ret_skc )
byte *salt, PKT_secret_cert **ret_skc, u16 valid_days )
{
return G10ERR_GENERAL;
}
/****************
* check valid days:
* return 0 on error or the multiplier
*/
static int
check_valid_days( const char *s )
{
if( !isdigit(*s) )
return 0;
for( s++; *s; s++)
if( !isdigit(*s) )
break;
if( !*s )
return 1;
if( s[1] )
return 0; /* e.g. "2323wc" */
if( *s == 'd' || *s == 'D' )
return 1;
if( *s == 'w' || *s == 'W' )
return 7;
if( *s == 'm' || *s == 'M' )
return 30;
if( *s == 'y' || *s == 'Y' )
return 365;
return 0;
}
/****************
* Generate a keypair
*/
@ -297,8 +320,8 @@ generate_keypair()
int algo;
const char *algo_name;
char *aname, *acomment, *amail;
int valid_days=0;
#ifndef TEST_ALGO
if( opt.batch || opt.answer_yes || opt.answer_no ) {
log_error(_("Key generation can only be used in interactive mode\n"));
return;
@ -310,21 +333,16 @@ generate_keypair()
#ifdef ENABLE_RSA_KEYGEN
tty_printf(_(" (3) RSA cannot be used in the U.S.\n"));
#endif
#endif
for(;;) {
#ifdef TEST_ALGO
algo = TEST_ALGO;
#ifdef ENABLE_RSA_KEYGEN
answer = tty_get(_("Your selection? (1,2,3) "));
#else
#ifdef ENABLE_RSA_KEYGEN
answer = tty_get(_("Your selection? (1,2,3) "));
#else
answer = tty_get(_("Your selection? (1,2) "));
#endif
answer = tty_get(_("Your selection? (1,2) "));
#endif
tty_kill_prompt();
algo = *answer? atoi(answer): 1;
m_free(answer);
#endif
if( algo == 1 ) {
algo = PUBKEY_ALGO_ELGAMAL;
algo_name = "ElGamal";
@ -333,7 +351,7 @@ generate_keypair()
else if( algo == 2 ) {
algo = PUBKEY_ALGO_DSA;
algo_name = "DSA";
tty_printf(_("Sorry; DSA is not yet supported.\n"));
tty_printf(_("Sorry; DSA key generation is not yet supported.\n"));
}
#ifdef ENABLE_RSA_KEYGEN
else if( algo == 3 ) {
@ -351,14 +369,10 @@ generate_keypair()
" default keysize is 1024 bits\n"
" highest suggested keysize is 2048 bits\n"), algo_name );
for(;;) {
#ifdef TEST_NBITS
nbits = TEST_NBITS;
#else
answer = tty_get(_("What keysize do you want? (1024) "));
tty_kill_prompt();
nbits = *answer? atoi(answer): 1024;
m_free(answer);
#endif
if( algo == PUBKEY_ALGO_DSA && (nbits < 512 || nbits > 1024) )
tty_printf(_("DSA does only allow keysizes from 512 to 1024\n"));
else if( nbits < 768 )
@ -377,6 +391,15 @@ generate_keypair()
}
m_free(answer);
}
else if( nbits > 1536 ) {
answer = tty_get(_("Do you really need such a large keysize? "));
tty_kill_prompt();
if( answer_is_yes(answer) ) {
m_free(answer);
break;
}
m_free(answer);
}
else
break;
}
@ -390,14 +413,53 @@ generate_keypair()
tty_printf(_("rounded up to %u bits\n"), nbits );
}
#ifdef TEST_UID
uid = m_alloc(strlen(TEST_UID)+1);
strcpy(uid, TEST_UID);
#else
tty_printf(_("Please specify how long the key should be valid.\n"
" 0 = key does not expire\n"
" <n> = key expires in n days\n"
" <n>w = key expires in n weeks\n"
" <n>m = key expires in n months\n"
" <n>y = key expires in n years\n"));
answer = NULL;
for(;;) {
int mult;
m_free(answer);
answer = tty_get(_("Key is valid for? (0) "));
tty_kill_prompt();
trim_spaces(answer);
if( !*answer )
valid_days = 0;
else if( (mult=check_valid_days(answer)) ) {
valid_days = atoi(answer) * mult;
if( valid_days < 0 || valid_days > 32767 )
valid_days = 0;
}
else {
tty_printf(_("invalid value\n"));
continue;
}
if( !valid_days )
tty_printf(_("Key does not expire at all\n"));
else {
tty_printf(_("Key expires at %s\n"), strtimestamp(
add_days_to_timestamp( make_timestamp(), valid_days )));
}
m_free(answer);
answer = tty_get(_("Is this correct (y/n)? "));
tty_kill_prompt();
if( answer_is_yes(answer) )
break;
}
m_free(answer);
tty_printf( _("\n"
"You need a User-ID to identify your key; the software constructs the user id\n"
"from Real Name, Comment and Email Address in this form:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n\n") );
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n\n") );
uid = NULL;
aname=acomment=amail=NULL;
for(;;) {
@ -469,6 +531,7 @@ generate_keypair()
tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
/* fixme: add a warning if this the user-id already exists */
for(;;) {
answer = tty_get(_("Edit (N)ame, (C)omment, (E)mail or (O)kay? "));
tty_kill_prompt();
@ -499,7 +562,6 @@ generate_keypair()
break;
m_free(uid); uid = NULL;
}
#endif
tty_printf(_("You need a Passphrase to protect your secret key.\n\n") );
@ -555,13 +617,13 @@ generate_keypair()
"number generator a better chance to gain enough entropy.\n") );
if( algo == PUBKEY_ALGO_ELGAMAL )
rc = gen_elg(nbits, pub_root, sec_root, dek, salt, &skc );
rc = gen_elg(nbits, pub_root, sec_root, dek, salt, &skc, valid_days );
#ifdef ENABLE_RSA_KEYGEN
else if( algo == PUBKEY_ALGO_RSA )
rc = gen_rsa(nbits, pub_root, sec_root, dek, salt, &skc );
rc = gen_rsa(nbits, pub_root, sec_root, dek, salt, &skc, valid_days );
#endif
else if( algo == PUBKEY_ALGO_DSA )
rc = gen_dsa(nbits, pub_root, sec_root, dek, salt, &skc );
rc = gen_dsa(nbits, pub_root, sec_root, dek, salt, &skc, valid_days );
else
BUG();
if( !rc ) {
@ -588,7 +650,6 @@ generate_keypair()
int rc2 = -1;
/* we can now write the certificates */
/* FIXME: should we check wether the user-id already exists? */
if( get_keyblock_handle( pub_fname, 0, &pub_kbpos ) ) {
if( add_keyblock_resource( pub_fname, 1, 0 ) ) {

12
g10/keyid.c
View File

@ -115,16 +115,16 @@ elg_fingerprint_md( PKT_public_cert *pkc )
unsigned nb1, nb3, nb4;
unsigned n;
nb1 = mpi_get_nbits(pkc->d.dsa.p);
p1 = buf1 = mpi_get_buffer( pkc->d.dsa.p, &n1, NULL );
nb1 = mpi_get_nbits(pkc->d.elg.p);
p1 = buf1 = mpi_get_buffer( pkc->d.elg.p, &n1, NULL );
for( ; !*p1 && n1; p1++, n1-- ) /* skip leading null bytes */
;
nb3 = mpi_get_nbits(pkc->d.dsa.g);
p3 = buf3 = mpi_get_buffer( pkc->d.dsa.g, &n3, NULL );
nb3 = mpi_get_nbits(pkc->d.elg.g);
p3 = buf3 = mpi_get_buffer( pkc->d.elg.g, &n3, NULL );
for( ; !*p3 && n3; p3++, n3-- )
;
nb4 = mpi_get_nbits(pkc->d.dsa.y);
p4 = buf4 = mpi_get_buffer( pkc->d.dsa.y, &n4, NULL );
nb4 = mpi_get_nbits(pkc->d.elg.y);
p4 = buf4 = mpi_get_buffer( pkc->d.elg.y, &n4, NULL );
for( ; !*p4 && n4; p4++, n4-- )
;

47
g10/keylist.c
View File

@ -111,19 +111,20 @@ list_one( const char *name )
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
if( !node ) {
log_error("Oops; public key not found anymore!\n");
log_error("Oops; public key lost!\n");
goto leave;
}
pkc = node->pkt->pkt.public_cert;
keyid_from_pkc( pkc, keyid );
if( opt.with_colons )
printf("pub::%u:%d:%08lX%08lX:%s:::",
printf("pub::%u:%d:%08lX%08lX:%s:%u:::",
/* fixme: add trust value here */
nbits_from_pkc( pkc ),
pkc->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
datestr_from_pkc( pkc )
datestr_from_pkc( pkc ),
(unsigned)pkc->valid_days
/* fixme: add LID and ownertrust here */
);
else
@ -136,7 +137,7 @@ list_one( const char *name )
if( node->pkt->pkttype == PKT_USER_ID ) {
if( any ) {
if( opt.with_colons )
printf("uid::::::::");
printf("uid:::::::::");
else
printf("uid%*s", 28, "");
}
@ -151,6 +152,34 @@ list_one( const char *name )
any = 1;
}
}
else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
u32 keyid2[2];
PKT_public_cert *pkc2 = node->pkt->pkt.public_cert;
if( !any ) {
putchar('\n');
if( opt.fingerprint )
fingerprint( pkc ); /* of the main key */
any = 1;
}
keyid_from_pkc( pkc2, keyid2 );
if( opt.with_colons )
printf("sub::%u:%d:%08lX%08lX:%s:%u:::\n",
/* fixme: add trust value here */
nbits_from_pkc( pkc2 ),
pkc2->pubkey_algo,
(ulong)keyid2[0],(ulong)keyid2[1],
datestr_from_pkc( pkc2 ),
(unsigned)pkc2->valid_days
/* fixme: add LID and ownertrust here */
);
else
printf("sub %4u%c/%08lX %s\n", nbits_from_pkc( pkc2 ),
pubkey_letter( pkc2->pubkey_algo ),
(ulong)keyid2[1],
datestr_from_pkc( pkc2 ) );
}
else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature;
int sigrc;
@ -169,11 +198,13 @@ list_one( const char *name )
fputs("rev", stdout);
else if( (sig->sig_class&~3) == 0x10 )
fputs("sig", stdout);
else if( sig->sig_class == 0x18 )
fputs("sig", stdout);
else {
if( opt.with_colons )
printf("sig:::::::::%02x:\n",sig->sig_class );
printf("sig::::::::::%02x:\n",sig->sig_class );
else
printf("sig "
printf("sig "
"[unexpected signature class 0x%02x]\n",sig->sig_class );
continue;
}
@ -195,7 +226,7 @@ list_one( const char *name )
putchar(':');
if( sigrc != ' ' )
putchar(sigrc);
printf(":::%08lX%08lX:%s:::", (ulong)sig->keyid[0],
printf(":::%08lX%08lX:%s::::", (ulong)sig->keyid[0],
(ulong)sig->keyid[1], datestr_from_sig(sig));
}
else
@ -235,7 +266,7 @@ fingerprint( PKT_public_cert *pkc )
p = array = fingerprint_from_pkc( pkc, &n );
if( opt.with_colons ) {
printf("fpr::::::::");
printf("fpr:::::::::");
for(i=0; i < n ; i++, p++ )
printf("%02X", *p );
putchar(':');

111
g10/mainproc.c
View File

@ -93,22 +93,6 @@ add_onepass_sig( CTX c, PACKET *pkt )
}
static int
add_public_cert( CTX c, PACKET *pkt )
{
release_list( c );
c->list = new_kbnode( pkt );
return 1;
}
static int
add_secret_cert( CTX c, PACKET *pkt )
{
release_list( c );
c->list = new_kbnode( pkt );
return 1;
}
static int
add_user_id( CTX c, PACKET *pkt )
@ -121,6 +105,17 @@ add_user_id( CTX c, PACKET *pkt )
return 1;
}
static int
add_subkey( CTX c, PACKET *pkt )
{
if( !c->list ) {
log_error("subkey w/o mainkey\n" );
return 0;
}
add_kbnode( c->list, new_kbnode( pkt ) );
return 1;
}
static int
add_signature( CTX c, PACKET *pkt )
@ -309,30 +304,11 @@ do_check_sig( CTX c, KBNODE node )
md = md_open( 0, 0 ); /* signature_check() will enable the md*/
}
else if( (sig->sig_class&~3) == 0x10
|| sig->sig_class == 0x18
|| sig->sig_class == 0x20
|| sig->sig_class == 0x30 ) { /* classes 0x10..0x13,0x20,0x30 */
if( c->list->pkt->pkttype == PKT_PUBLIC_CERT ) {
#if 0
KBNODE n1;
if( sig->sig_class == 0x20 ) {
md = md_open( algo, 0 );
hash_public_cert( md, c->list->pkt->pkt.public_cert );
}
else if( (n1=find_prev_kbnode( c->list, node, PKT_USER_ID )) ) {
md = md_open( algo, 0 );
hash_public_cert( md, c->list->pkt->pkt.public_cert );
if( sig->sig_class != 0x20 )
md_write( md, n1->pkt->pkt.user_id->name,
n1->pkt->pkt.user_id->len);
}
else {
log_error("invalid parent packet for sigclass %02x\n",
sig->sig_class);
return G10ERR_SIG_CLASS;
}
#endif
if( c->list->pkt->pkttype == PKT_PUBLIC_CERT
|| c->list->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
return check_key_signature( c->list, node, NULL );
}
else {
@ -374,7 +350,7 @@ print_fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc )
p = array = skc? fingerprint_from_skc( skc, &n )
: fingerprint_from_pkc( pkc, &n );
if( opt.with_colons ) {
printf("fpr::::::::");
printf("fpr:::::::::");
for(i=0; i < n ; i++, p++ )
printf("%02X", *p );
putchar(':');
@ -409,26 +385,32 @@ static void
list_node( CTX c, KBNODE node )
{
int any=0;
int mainkey;
if( !node )
;
else if( node->pkt->pkttype == PKT_PUBLIC_CERT ) {
else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_CERT) )
|| node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
PKT_public_cert *pkc = node->pkt->pkt.public_cert;
if( opt.with_colons ) {
u32 keyid[2];
keyid_from_pkc( pkc, keyid );
printf("pub::%u:%d:%08lX%08lX:%s:::",
printf("%s::%u:%d:%08lX%08lX:%s:%u:::",
mainkey? "pub":"sub",
/* fixme: add trust value here */
nbits_from_pkc( pkc ),
pkc->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
datestr_from_pkc( pkc )
datestr_from_pkc( pkc ),
(unsigned)pkc->valid_days
/* fixme: add LID and ownertrust here */
);
}
else
printf("pub %4u%c/%08lX %s ", nbits_from_pkc( pkc ),
printf("%s %4u%c/%08lX %s ",
mainkey? "pub":"sub",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
(ulong)keyid_from_pkc( pkc, NULL ),
datestr_from_pkc( pkc ) );
@ -449,7 +431,7 @@ list_node( CTX c, KBNODE node )
if( any ) {
if( opt.with_colons )
printf("uid::::::::");
printf("uid:::::::::");
else
printf( "uid%*s", 28, "" );
}
@ -467,17 +449,29 @@ list_node( CTX c, KBNODE node )
}
any=2;
}
else if( mainkey && node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
if( !any ) {
putchar('\n');
any = 1;
}
list_node(c, node );
}
}
if( any != 2 )
if( any != 2 && mainkey )
printf("ERROR: no user id!\n");
else if( any != 2 )
putchar('\n');
}
else if( node->pkt->pkttype == PKT_SECRET_CERT ) {
else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_CERT) )
|| node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
PKT_secret_cert *skc = node->pkt->pkt.secret_cert;
printf("sec %4u%c/%08lX %s ", nbits_from_skc( skc ),
printf("%s %4u%c/%08lX %s ",
mainkey? "sec":"ssb",
nbits_from_skc( skc ),
pubkey_letter( skc->pubkey_algo ),
(ulong)keyid_from_skc( skc, NULL ),
datestr_from_skc( skc ) );
datestr_from_skc( skc ) );
/* and now list all userids */
while( (node = find_next_kbnode(node, PKT_USER_ID)) ) {
print_userid( node->pkt );
@ -486,8 +480,10 @@ list_node( CTX c, KBNODE node )
print_fingerprint( NULL, skc );
any=1;
}
if( !any )
if( !any && mainkey )
printf("ERROR: no user id!\n");
else if( !any )
putchar('\n');
}
else if( node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature;
@ -516,7 +512,7 @@ list_node( CTX c, KBNODE node )
putchar(':');
if( sigrc != ' ' )
putchar(sigrc);
printf(":::%08lX%08lX:%s:::", (ulong)sig->keyid[0],
printf(":::%08lX%08lX:%s::::", (ulong)sig->keyid[0],
(ulong)sig->keyid[1], datestr_from_sig(sig));
}
else
@ -638,8 +634,16 @@ do_proc_packets( CTX c, IOBUF a )
}
else {
switch( pkt->pkttype ) {
case PKT_PUBLIC_CERT: newpkt = add_public_cert( c, pkt ); break;
case PKT_SECRET_CERT: newpkt = add_secret_cert( c, pkt ); break;
case PKT_PUBLIC_CERT:
case PKT_SECRET_CERT:
release_list( c );
c->list = new_kbnode( pkt );
newpkt = 1;
break;
case PKT_PUBKEY_SUBCERT:
case PKT_SECKEY_SUBCERT:
newpkt = add_subkey( c, pkt );
break;
case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break;
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
@ -730,7 +734,8 @@ proc_tree( CTX c, KBNODE node )
if( opt.list_packets )
return;
if( node->pkt->pkttype == PKT_PUBLIC_CERT )
if( node->pkt->pkttype == PKT_PUBLIC_CERT
|| node->pkt->pkttype == PKT_PUBKEY_SUBCERT )
list_node( c, node );
else if( node->pkt->pkttype == PKT_SECRET_CERT )
list_node( c, node );

48
g10/packet.h
View File

@ -130,24 +130,24 @@ typedef struct {
byte hdrbytes; /* number of header bytes */
byte version;
byte pubkey_algo; /* algorithm used for public key scheme */
byte is_protected; /* The secret infos are protected and must */
/* be decrypteded before use, the protected */
/* MPIs are simply (void*) pointers to memory */
/* and should never be passed to a mpi_xxx() */
struct {
byte algo; /* cipher used to protect the secret informations*/
byte s2k;
byte hash;
byte salt[8];
byte count;
byte iv[8]; /* initialization vector for CFB mode */
} protect;
union {
struct {
MPI p; /* prime */
MPI g; /* group generator */
MPI y; /* g^x mod p */
MPI x; /* secret exponent */
u16 csum; /* checksum */
byte is_protected; /* The above infos are protected and must */
/* be decrypteded before use. */
struct {
byte algo; /* cipher used to protect the secret informations*/
byte s2k;
byte hash;
byte salt[8];
byte count;
byte iv[8]; /* initialization vector for CFB mode */
} protect; /* when protected, the MPIs above are pointers
* to plain storage */
} elg;
struct {
MPI p; /* prime */
@ -155,18 +155,6 @@ typedef struct {
MPI g; /* group generator */
MPI y; /* g^x mod p */
MPI x; /* secret exponent */
u16 csum; /* checksum */
byte is_protected; /* The above infos are protected and must */
/* be decrypteded before use. */
struct {
byte algo; /* cipher used to protect the secret informations*/
byte s2k;
byte hash;
byte salt[8];
byte count;
byte iv[8]; /* initialization vector for CFB mode */
} protect; /* when protected, the MPIs above are pointers
* to plain storage */
} dsa;
struct {
MPI rsa_n; /* public modulus */
@ -175,19 +163,9 @@ typedef struct {
MPI rsa_p; /* secret first prime number */
MPI rsa_q; /* secret second prime number */
MPI rsa_u; /* secret multiplicative inverse */
u16 csum; /* checksum */
byte is_protected; /* The above infos are protected and must */
/* be decrypteded before use */
byte protect_algo; /* cipher used to protect the secret informations*/
union { /* information for the protection */
struct {
byte iv[8]; /* initialization vector for CFB mode */
/* when protected, the MPIs above are pointers
* to plain storage */
} blowfish;
} protect;
} rsa;
} d;
u16 csum; /* checksum */
} PKT_secret_cert;

199
g10/parse-packet.c
View File

@ -52,7 +52,6 @@ static int parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
byte *hdr, int hdrlen, PACKET *packet );
static int parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet );
static void parse_subkey( IOBUF inp, int pkttype, unsigned long pktlen );
static int parse_comment( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet );
static void parse_trust( IOBUF inp, int pkttype, unsigned long pktlen );
@ -289,6 +288,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
rc = G10ERR_UNKNOWN_PACKET; /* default error */
switch( pkttype ) {
case PKT_PUBLIC_CERT:
case PKT_PUBKEY_SUBCERT:
pkt->pkt.public_cert = m_alloc_clear(sizeof *pkt->pkt.public_cert );
rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt );
break;
@ -311,9 +311,6 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
case PKT_USER_ID:
rc = parse_user_id(inp, pkttype, pktlen, pkt );
break;
case PKT_PUBKEY_SUBCERT:
parse_subkey(inp, pkttype, pktlen);
break;
case PKT_COMMENT:
rc = parse_comment(inp, pkttype, pktlen, pkt);
break;
@ -767,19 +764,37 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
int is_v4=0;
int rc=0;
if( pktlen < 12 ) {
log_error("packet(%d) too short\n", pkttype);
goto leave;
}
version = iobuf_get_noeof(inp); pktlen--;
if( version == 4 )
if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) {
/* early versions of G10 use old comments packets; luckily all those
* comments are started by a hash */
if( list_mode ) {
printf(":old comment packet: \"" );
for( ; pktlen; pktlen-- ) {
int c;
c = iobuf_get_noeof(inp);
if( c >= ' ' && c <= 'z' )
putchar(c);
else
printf("\\x%02x", c );
}
printf("\"\n");
}
skip_rest(inp, pktlen);
return 0;
}
else if( version == 4 )
is_v4=1;
else if( version != 2 && version != 3 ) {
log_error("packet(%d) with unknown version %d\n", pkttype, version);
goto leave;
}
if( pktlen < 11 ) {
log_error("packet(%d) too short\n", pkttype);
goto leave;
}
timestamp = read_32(inp); pktlen -= 4;
if( is_v4 )
valid_period = 0;
@ -795,7 +810,7 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
pkttype == PKT_PUBKEY_SUBCERT? "public sub" :
pkttype == PKT_SECKEY_SUBCERT? "secret sub" : "??",
version, timestamp, valid_period );
if( pkttype == PKT_SECRET_CERT ) {
if( pkttype == PKT_SECRET_CERT || pkttype == PKT_SECKEY_SUBCERT ) {
pkt->pkt.secret_cert->timestamp = timestamp;
pkt->pkt.secret_cert->valid_days = valid_period;
pkt->pkt.secret_cert->hdrbytes = hdrlen;
@ -824,7 +839,7 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
mpi_print(stdout, elg_y, mpi_print_mode );
putchar('\n');
}
if( pkttype == PKT_PUBLIC_CERT ) {
if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
pkt->pkt.public_cert->d.elg.p = elg_p;
pkt->pkt.public_cert->d.elg.g = elg_g;
pkt->pkt.public_cert->d.elg.y = elg_y;
@ -836,27 +851,27 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
pkt->pkt.secret_cert->d.elg.p = elg_p;
pkt->pkt.secret_cert->d.elg.g = elg_g;
pkt->pkt.secret_cert->d.elg.y = elg_y;
cert->d.elg.protect.algo = iobuf_get_noeof(inp); pktlen--;
if( cert->d.elg.protect.algo ) {
cert->d.elg.is_protected = 1;
cert->d.elg.protect.count = 0;
if( cert->d.elg.protect.algo == 255 ) {
cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
if( cert->protect.algo ) {
cert->is_protected = 1;
cert->protect.count = 0;
if( cert->protect.algo == 255 ) {
if( pktlen < 3 ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
cert->d.elg.protect.algo = iobuf_get_noeof(inp); pktlen--;
cert->d.elg.protect.s2k = iobuf_get_noeof(inp); pktlen--;
cert->d.elg.protect.hash = iobuf_get_noeof(inp); pktlen--;
switch( cert->d.elg.protect.s2k ) {
cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
cert->protect.s2k = iobuf_get_noeof(inp); pktlen--;
cert->protect.hash = iobuf_get_noeof(inp); pktlen--;
switch( cert->protect.s2k ) {
case 1:
case 3:
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
memcpy(cert->d.elg.protect.salt, temp, 8 );
memcpy(cert->protect.salt, temp, 8 );
break;
}
switch( cert->d.elg.protect.s2k ) {
switch( cert->protect.s2k ) {
case 0: if( list_mode ) printf( "\tsimple S2K" );
break;
case 1: if( list_mode ) printf( "\tsalted S2K" );
@ -866,30 +881,30 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
default:
if( list_mode )
printf( "\tunknown S2K %d\n",
cert->d.elg.protect.s2k );
cert->protect.s2k );
rc = G10ERR_INVALID_PACKET;
goto leave;
}
if( list_mode ) {
printf(", algo: %d, hash: %d",
cert->d.elg.protect.algo,
cert->d.elg.protect.hash );
if( cert->d.elg.protect.s2k == 1
|| cert->d.elg.protect.s2k == 3 ) {
cert->protect.algo,
cert->protect.hash );
if( cert->protect.s2k == 1
|| cert->protect.s2k == 3 ) {
printf(", salt: ");
for(i=0; i < 8; i++ )
printf("%02x", cert->d.elg.protect.salt[i]);
printf("%02x", cert->protect.salt[i]);
}
putchar('\n');
}
if( cert->d.elg.protect.s2k == 3 ) {
if( cert->protect.s2k == 3 ) {
if( !pktlen ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
cert->d.elg.protect.count = iobuf_get_noeof(inp);
cert->protect.count = iobuf_get_noeof(inp);
pktlen--;
}
@ -897,12 +912,12 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
else {
if( list_mode )
printf( "\tprotect algo: %d\n",
cert->d.elg.protect.algo);
cert->protect.algo);
/* old version, we don't have a S2K, so we fake one */
cert->d.elg.protect.s2k = 0;
cert->protect.s2k = 0;
/* We need this kludge to cope with old GNUPG versions */
cert->d.elg.protect.hash =
cert->d.elg.protect.algo == CIPHER_ALGO_BLOWFISH?
cert->protect.hash =
cert->protect.algo == CIPHER_ALGO_BLOWFISH?
DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
}
if( pktlen < 8 ) {
@ -917,20 +932,20 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
printf(" %02x", temp[i] );
putchar('\n');
}
memcpy(cert->d.elg.protect.iv, temp, 8 );
memcpy(cert->protect.iv, temp, 8 );
}
else
cert->d.elg.is_protected = 0;
cert->is_protected = 0;
/* It does not make sense to read it into secure memory.
* If the user is so careless, not to protect his secret key,
* we can assume, that he operates an open system :=(.
* So we put the key into secure memory when we unprotect him. */
n = pktlen; cert->d.elg.x = mpi_read(inp, &n, 0 ); pktlen -=n;
cert->d.elg.csum = read_16(inp); pktlen -= 2;
cert->csum = read_16(inp); pktlen -= 2;
if( list_mode ) {
printf("\t[secret value x is not shown]\n"
"\tchecksum: %04hx\n", cert->d.elg.csum);
"\tchecksum: %04hx\n", cert->csum);
}
/*log_mpidump("elg p=", cert->d.elg.p );
log_mpidump("elg g=", cert->d.elg.g );
@ -955,7 +970,7 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
mpi_print(stdout, dsa_y, mpi_print_mode );
putchar('\n');
}
if( pkttype == PKT_PUBLIC_CERT ) {
if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
pkt->pkt.public_cert->d.dsa.p = dsa_p;
pkt->pkt.public_cert->d.dsa.q = dsa_q;
pkt->pkt.public_cert->d.dsa.g = dsa_g;
@ -969,27 +984,27 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
pkt->pkt.secret_cert->d.dsa.q = dsa_q;
pkt->pkt.secret_cert->d.dsa.g = dsa_g;
pkt->pkt.secret_cert->d.dsa.y = dsa_y;
cert->d.dsa.protect.algo = iobuf_get_noeof(inp); pktlen--;
if( cert->d.dsa.protect.algo ) {
cert->d.dsa.is_protected = 1;
cert->d.dsa.protect.count = 0;
if( cert->d.dsa.protect.algo == 255 ) {
cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
if( cert->protect.algo ) {
cert->is_protected = 1;
cert->protect.count = 0;
if( cert->protect.algo == 255 ) {
if( pktlen < 3 ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
cert->d.dsa.protect.algo = iobuf_get_noeof(inp); pktlen--;
cert->d.dsa.protect.s2k = iobuf_get_noeof(inp); pktlen--;
cert->d.dsa.protect.hash = iobuf_get_noeof(inp); pktlen--;
switch( cert->d.dsa.protect.s2k ) {
cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
cert->protect.s2k = iobuf_get_noeof(inp); pktlen--;
cert->protect.hash = iobuf_get_noeof(inp); pktlen--;
switch( cert->protect.s2k ) {
case 1:
case 3:
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
memcpy(cert->d.dsa.protect.salt, temp, 8 );
memcpy(cert->protect.salt, temp, 8 );
break;
}
switch( cert->d.dsa.protect.s2k ) {
switch( cert->protect.s2k ) {
case 0: if( list_mode ) printf( "\tsimple S2K" );
break;
case 1: if( list_mode ) printf( "\tsalted S2K" );
@ -998,42 +1013,39 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
break;
default:
if( list_mode )
printf( "\tunknown S2K %d\n",
cert->d.dsa.protect.s2k );
printf( "\tunknown S2K %d\n", cert->protect.s2k );
rc = G10ERR_INVALID_PACKET;
goto leave;
}
if( list_mode ) {
printf(", algo: %d, hash: %d",
cert->d.dsa.protect.algo,
cert->d.dsa.protect.hash );
if( cert->d.dsa.protect.s2k == 1
|| cert->d.dsa.protect.s2k == 3 ) {
cert->protect.algo,
cert->protect.hash );
if( cert->protect.s2k == 1 || cert->protect.s2k == 3 ){
printf(", salt: ");
for(i=0; i < 8; i++ )
printf("%02x", cert->d.dsa.protect.salt[i]);
printf("%02x", cert->protect.salt[i]);
}
putchar('\n');
}
if( cert->d.dsa.protect.s2k == 3 ) {
if( cert->protect.s2k == 3 ) {
if( !pktlen ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
cert->d.dsa.protect.count = iobuf_get_noeof(inp);
cert->protect.count = iobuf_get_noeof(inp);
pktlen--;
}
}
else {
if( list_mode )
printf( "\tprotect algo: %d\n",
cert->d.dsa.protect.algo);
printf( "\tprotect algo: %d\n", cert->protect.algo);
/* old version, we don't have a S2K, so we fake one */
cert->d.dsa.protect.s2k = 0;
cert->d.dsa.protect.hash = DIGEST_ALGO_MD5;
cert->protect.s2k = 0;
cert->protect.hash = DIGEST_ALGO_MD5;
}
if( pktlen < 8 ) {
rc = G10ERR_INVALID_PACKET;
@ -1047,20 +1059,20 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
printf(" %02x", temp[i] );
putchar('\n');
}
memcpy(cert->d.dsa.protect.iv, temp, 8 );
memcpy(cert->protect.iv, temp, 8 );
}
else
cert->d.dsa.is_protected = 0;
cert->is_protected = 0;
/* It does not make sense to read it into secure memory.
* If the user is so careless, not to protect his secret key,
* we can assume, that he operates an open system :=(.
* So we put the key into secure memory when we unprotect him. */
n = pktlen; cert->d.dsa.x = mpi_read(inp, &n, 0 ); pktlen -=n;
cert->d.dsa.csum = read_16(inp); pktlen -= 2;
cert->csum = read_16(inp); pktlen -= 2;
if( list_mode ) {
printf("\t[secret value x is not shown]\n"
"\tchecksum: %04hx\n", cert->d.dsa.csum);
"\tchecksum: %04hx\n", cert->csum);
}
/*log_mpidump("dsa p=", cert->d.dsa.p );
log_mpidump("dsa q=", cert->d.dsa.q );
@ -1081,7 +1093,7 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
mpi_print(stdout, rsa_pub_exp, mpi_print_mode );
putchar('\n');
}
if( pkttype == PKT_PUBLIC_CERT ) {
if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
pkt->pkt.public_cert->d.rsa.rsa_n = rsa_pub_mod;
pkt->pkt.public_cert->d.rsa.rsa_e = rsa_pub_exp;
}
@ -1091,11 +1103,11 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
pkt->pkt.secret_cert->d.rsa.rsa_n = rsa_pub_mod;
pkt->pkt.secret_cert->d.rsa.rsa_e = rsa_pub_exp;
cert->d.rsa.protect_algo = iobuf_get_noeof(inp); pktlen--;
cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
if( list_mode )
printf( "\tprotect algo: %d\n", cert->d.rsa.protect_algo);
if( cert->d.rsa.protect_algo ) {
cert->d.rsa.is_protected = 1;
printf( "\tprotect algo: %d\n", cert->protect.algo);
if( cert->protect.algo ) {
cert->is_protected = 1;
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
if( list_mode ) {
@ -1104,21 +1116,21 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
printf(" %02x", temp[i] );
putchar('\n');
}
if( cert->d.rsa.protect_algo == CIPHER_ALGO_BLOWFISH )
memcpy(cert->d.rsa.protect.blowfish.iv, temp, 8 );
if( cert->protect.algo == CIPHER_ALGO_BLOWFISH )
memcpy(cert->protect.iv, temp, 8 );
}
else
cert->d.rsa.is_protected = 0;
cert->is_protected = 0;
/* (See comments at the code for elg keys) */
n = pktlen; cert->d.rsa.rsa_d = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; cert->d.rsa.rsa_p = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; cert->d.rsa.rsa_q = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; cert->d.rsa.rsa_u = mpi_read(inp, &n, 0 ); pktlen -=n;
cert->d.rsa.csum = read_16(inp); pktlen -= 2;
cert->csum = read_16(inp); pktlen -= 2;
if( list_mode ) {
printf("\t[secret values d,p,q,u are not shown]\n"
"\tchecksum: %04hx\n", cert->d.rsa.csum);
"\tchecksum: %04hx\n", cert->csum);
}
/* log_mpidump("rsa n=", cert->d.rsa.rsa_n );
log_mpidump("rsa e=", cert->d.rsa.rsa_e );
@ -1164,37 +1176,6 @@ parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
}
static void
parse_subkey( IOBUF inp, int pkttype, unsigned long pktlen )
{
int version;
version = iobuf_get_noeof(inp); pktlen--;
if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) {
/* early versions of G10 use old comments packets; luckily all those
* comments are started by a hash */
if( list_mode ) {
printf(":old comment packet: \"" );
for( ; pktlen; pktlen-- ) {
int c;
c = iobuf_get_noeof(inp);
if( c >= ' ' && c <= 'z' )
putchar(c);
else
printf("\\x%02x", c );
}
printf("\"\n");
}
skip_rest(inp, pktlen);
return;
}
if( list_mode )
printf(":public subkey packet: \"" );
skip_rest(inp, pktlen);
}
static int
parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )

6
g10/pkclist.c
View File

@ -202,7 +202,7 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
return do_we_trust( pkc, trustlevel );
case TRUST_EXPIRED:
log_info("trust has expired: NOT yet implemented\n");
log_info("key has expired\n");
return 0; /* no */
case TRUST_UNDEFINED:
@ -215,11 +215,11 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
if( rc )
log_fatal("trust check after add_ownertrust failed: %s\n",
g10_errstr(rc) );
/* FIXME: this is recursive; we better should unroll it */
/* fixme: this is recursive; we better should unroll it */
return do_we_trust( pkc, trustlevel );
}
}
return 0; /* no FIXME: add "Proceed anyway?" */
return 0;
case TRUST_NEVER:
log_info("We do NOT trust this key\n");

2
g10/revoke.c
View File

@ -89,7 +89,7 @@ gen_revoke( const char *uname )
goto leave;
}
/* FIXME: should make a function out of this stuff,
/* fixme: should make a function out of this stuff,
* it's used all over the source */
skc = node->pkt->pkt.secret_cert;
keyid_from_skc( skc, skc_keyid );

1
g10/ringedit.c
View File

@ -674,6 +674,7 @@ keyring_read( KBPOS *kbpos, KBNODE *ret_root )
rc = G10ERR_INV_KEYRING;
goto ready;
}
log_info("read_keyblock: read error: %s\n", g10_errstr(rc) );
kbpos->count++;
free_packet( pkt );
init_packet( pkt );

204
g10/seckey-cert.c
View File

@ -67,19 +67,18 @@ check_elg( PKT_secret_cert *cert )
ELG_secret_key skey;
char save_iv[8];
if( cert->d.elg.is_protected ) { /* remove the protection */
if( cert->is_protected ) { /* remove the protection */
DEK *dek = NULL;
MPI test_x;
BLOWFISH_context *blowfish_ctx=NULL;
switch( cert->d.elg.protect.algo ) {
switch( cert->protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
keyid_from_skc( cert, keyid );
if( cert->d.elg.protect.s2k == 1
|| cert->d.elg.protect.s2k == 3 )
if( cert->protect.s2k == 1 || cert->protect.s2k == 3 )
dek = get_passphrase_hash( keyid, NULL,
cert->d.elg.protect.salt );
cert->protect.salt );
else
dek = get_passphrase_hash( keyid, NULL, NULL );
@ -87,10 +86,9 @@ check_elg( PKT_secret_cert *cert )
blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
blowfish_setiv( blowfish_ctx, NULL );
memcpy(save_iv, cert->d.elg.protect.iv, 8 );
blowfish_decode_cfb( blowfish_ctx,
cert->d.elg.protect.iv,
cert->d.elg.protect.iv, 8 );
memcpy(save_iv, cert->protect.iv, 8 );
blowfish_decode_cfb( blowfish_ctx, cert->protect.iv,
cert->protect.iv, 8 );
mpi_set_secure(cert->d.elg.x );
/*fixme: maybe it is better to set the buffer secure with a
* new get_buffer_secure() function */
@ -103,9 +101,9 @@ check_elg( PKT_secret_cert *cert )
m_free( buffer );
m_free( blowfish_ctx );
/* now let's see wether we have used the right passphrase */
if( csum != cert->d.elg.csum ) {
if( csum != cert->csum ) {
mpi_free(test_x);
memcpy( cert->d.elg.protect.iv, save_iv, 8 );
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
@ -117,16 +115,16 @@ check_elg( PKT_secret_cert *cert )
memset( &skey, 0, sizeof skey );
if( !res ) {
mpi_free(test_x);
memcpy( cert->d.elg.protect.iv, save_iv, 8 );
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
mpi_set(cert->d.elg.x, test_x);
mpi_free(test_x);
cert->d.elg.is_protected = 0;
cert->is_protected = 0;
break;
default:
return G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
}
}
else { /* not protected */
@ -134,7 +132,7 @@ check_elg( PKT_secret_cert *cert )
csum = checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
if( csum != cert->d.elg.csum )
if( csum != cert->csum )
return G10ERR_CHECKSUM;
}
@ -142,39 +140,6 @@ check_elg( PKT_secret_cert *cert )
}
static int
protect_elg( PKT_secret_cert *cert, DEK *dek )
{
byte *buffer;
unsigned nbytes;
if( !cert->d.elg.is_protected ) { /* add the protection */
BLOWFISH_context *blowfish_ctx=NULL;
switch( cert->d.elg.protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx );
blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
blowfish_setiv( blowfish_ctx, NULL );
blowfish_encode_cfb( blowfish_ctx,
cert->d.elg.protect.iv,
cert->d.elg.protect.iv, 8 );
buffer = mpi_get_buffer( cert->d.elg.x, &nbytes, NULL );
blowfish_encode_cfb( blowfish_ctx, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.elg.x, buffer, nbytes, 0 );
m_free( buffer );
m_free( blowfish_ctx );
cert->d.elg.is_protected = 1;
break;
default:
return G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
}
}
return 0;
}
static int
check_dsa( PKT_secret_cert *cert )
{
@ -186,19 +151,18 @@ check_dsa( PKT_secret_cert *cert )
DSA_secret_key skey;
char save_iv[8];
if( cert->d.dsa.is_protected ) { /* remove the protection */
if( cert->is_protected ) { /* remove the protection */
DEK *dek = NULL;
MPI test_x;
BLOWFISH_context *blowfish_ctx=NULL;
switch( cert->d.dsa.protect.algo ) {
switch( cert->protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
keyid_from_skc( cert, keyid );
if( cert->d.dsa.protect.s2k == 1
|| cert->d.dsa.protect.s2k == 3 )
if( cert->protect.s2k == 1 || cert->protect.s2k == 3 )
dek = get_passphrase_hash( keyid, NULL,
cert->d.dsa.protect.salt );
cert->protect.salt );
else
dek = get_passphrase_hash( keyid, NULL, NULL );
@ -206,10 +170,10 @@ check_dsa( PKT_secret_cert *cert )
blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
blowfish_setiv( blowfish_ctx, NULL );
memcpy(save_iv, cert->d.dsa.protect.iv, 8 );
memcpy(save_iv, cert->protect.iv, 8 );
blowfish_decode_cfb( blowfish_ctx,
cert->d.dsa.protect.iv,
cert->d.dsa.protect.iv, 8 );
cert->protect.iv,
cert->protect.iv, 8 );
mpi_set_secure(cert->d.dsa.x );
/*fixme: maybe it is better to set the buffer secure with a
* new get_buffer_secure() function */
@ -222,9 +186,9 @@ check_dsa( PKT_secret_cert *cert )
m_free( buffer );
m_free( blowfish_ctx );
/* now let's see wether we have used the right passphrase */
if( csum != cert->d.dsa.csum ) {
if( csum != cert->csum ) {
mpi_free(test_x);
memcpy( cert->d.dsa.protect.iv, save_iv, 8 );
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
@ -237,12 +201,12 @@ check_dsa( PKT_secret_cert *cert )
memset( &skey, 0, sizeof skey );
if( !res ) {
mpi_free(test_x);
memcpy( cert->d.dsa.protect.iv, save_iv, 8 );
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
mpi_set(cert->d.dsa.x, test_x);
mpi_free(test_x);
cert->d.dsa.is_protected = 0;
cert->is_protected = 0;
break;
default:
@ -254,7 +218,7 @@ check_dsa( PKT_secret_cert *cert )
csum = checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
if( csum != cert->d.dsa.csum )
if( csum != cert->csum )
return G10ERR_CHECKSUM;
}
@ -262,39 +226,6 @@ check_dsa( PKT_secret_cert *cert )
}
static int
protect_dsa( PKT_secret_cert *cert, DEK *dek )
{
byte *buffer;
unsigned nbytes;
if( !cert->d.dsa.is_protected ) { /* add the protection */
BLOWFISH_context *blowfish_ctx=NULL;
switch( cert->d.dsa.protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx );
blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
blowfish_setiv( blowfish_ctx, NULL );
blowfish_encode_cfb( blowfish_ctx,
cert->d.dsa.protect.iv,
cert->d.dsa.protect.iv, 8 );
buffer = mpi_get_buffer( cert->d.dsa.x, &nbytes, NULL );
blowfish_encode_cfb( blowfish_ctx, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.dsa.x, buffer, nbytes, 0 );
m_free( buffer );
m_free( blowfish_ctx );
cert->d.dsa.is_protected = 1;
break;
default:
return G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
}
}
return 0;
}
#ifdef HAVE_RSA_CIPHER
static int
@ -307,11 +238,11 @@ check_rsa( PKT_secret_cert *cert )
u32 keyid[2];
RSA_secret_key skey;
if( cert->d.rsa.is_protected ) { /* remove the protection */
if( cert->is_protected ) { /* remove the protection */
DEK *dek = NULL;
BLOWFISH_context *blowfish_ctx=NULL;
switch( cert->d.rsa.protect_algo ) {
switch( cert->protect.algo ) {
/* FIXME: use test variables to check for the correct key */
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
@ -321,9 +252,8 @@ check_rsa( PKT_secret_cert *cert )
blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
blowfish_setiv( blowfish_ctx, NULL );
blowfish_decode_cfb( blowfish_ctx,
cert->d.rsa.protect.blowfish.iv,
cert->d.rsa.protect.blowfish.iv, 8 );
blowfish_decode_cfb( blowfish_ctx, cert->protect.iv,
cert->protect.iv, 8 );
csum = 0;
#define X(a) do { \
mpi_set_secure(cert->d.rsa.rsa_##a); \
@ -339,10 +269,10 @@ check_rsa( PKT_secret_cert *cert )
X(q);
X(u);
#undef X
cert->d.rsa.is_protected = 0;
cert->is_protected = 0;
m_free( blowfish_ctx );
/* now let's see wether we have used the right passphrase */
if( csum != cert->d.rsa.csum )
if( csum != cert->csum )
return G10ERR_BAD_PASS;
skey.d = cert->d.rsa.rsa_d;
@ -377,7 +307,7 @@ check_rsa( PKT_secret_cert *cert )
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
if( csum != cert->d.rsa.csum )
if( csum != cert->csum )
return G10ERR_CHECKSUM;
}
@ -424,16 +354,35 @@ check_secret_key( PKT_secret_cert *cert )
int
is_secret_key_protected( PKT_secret_cert *cert )
{
if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL )
return cert->d.elg.is_protected? cert->d.elg.protect.algo : 0;
else if( cert->pubkey_algo == PUBKEY_ALGO_DSA )
return cert->d.dsa.is_protected? cert->d.dsa.protect.algo : 0;
#ifdef HAVE_RSA_CIPHER
else if( cert->pubkey_algo == PUBKEY_ALGO_RSA )
return cert->d.rsa.is_protected? cert->d.rsa.protect_algo : 0;
#endif
else
return -1; /* unsupported */
return cert->is_protected? cert->protect.algo : 0;
}
static int
do_protect( void (*fnc)(void *, byte *, byte *, unsigned),
void *fncctx, PKT_secret_cert *cert )
{
byte *buffer;
unsigned nbytes;
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL:
buffer = mpi_get_buffer( cert->d.elg.x, &nbytes, NULL );
(*fnc)( fncctx, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.elg.x, buffer, nbytes, 0 );
m_free( buffer );
break;
case PUBKEY_ALGO_DSA:
buffer = mpi_get_buffer( cert->d.dsa.x, &nbytes, NULL );
(*fnc)( fncctx, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.dsa.x, buffer, nbytes, 0 );
m_free( buffer );
break;
default: return G10ERR_PUBKEY_ALGO;
}
return 0;
}
@ -443,14 +392,33 @@ is_secret_key_protected( PKT_secret_cert *cert )
int
protect_secret_key( PKT_secret_cert *cert, DEK *dek )
{
int rc=0;
if( !dek )
return 0;
if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL )
return protect_elg( cert, dek );
else if( cert->pubkey_algo == PUBKEY_ALGO_DSA )
return protect_dsa( cert, dek );
else
return G10ERR_PUBKEY_ALGO;
if( !cert->is_protected ) { /* okay, apply the protection */
BLOWFISH_context *blowfish_ctx=NULL;
switch( cert->protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx );
blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
blowfish_setiv( blowfish_ctx, NULL );
blowfish_encode_cfb( blowfish_ctx, cert->protect.iv,
cert->protect.iv, 8 );
if( !do_protect( (void (*)(void*,byte*,byte*,unsigned))
&blowfish_encode_cfb, blowfish_ctx, cert ) )
cert->is_protected = 1;
m_free( blowfish_ctx );
break;
default:
rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
break;
}
}
return rc;
}

18
g10/sig-check.c
View File

@ -251,7 +251,6 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
int
check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
{
KBNODE unode;
MD_HANDLE md;
PKT_public_cert *pkc;
PKT_signature *sig;
@ -283,8 +282,23 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
rc = do_check( pkc, sig, md );
md_close(md);
}
else if( sig->sig_class == 0x18 ) {
KBNODE snode = find_prev_kbnode( root, node, PKT_PUBKEY_SUBCERT );
if( snode ) {
md = md_open( algo, 0 );
hash_public_cert( md, pkc );
hash_public_cert( md, snode->pkt->pkt.public_cert );
rc = do_check( pkc, sig, md );
md_close(md);
}
else {
log_error("no subkey for key signature packet\n");
rc = G10ERR_SIG_CLASS;
}
}
else {
unode = find_prev_kbnode( root, node, PKT_USER_ID );
KBNODE unode = find_prev_kbnode( root, node, PKT_USER_ID );
if( unode ) {
PKT_user_id *uid = unode->pkt->pkt.user_id;

14
g10/sign.c
View File

@ -57,7 +57,8 @@ complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md )
else
BUG();
/* fixme: should we check wether the signature is okay? */
/* fixme: should we check wether the signature is okay?
* maybe by using an option */
return rc;
}
@ -1072,12 +1073,11 @@ change_passphrase( const char *username )
break;
}
else { /* okay */
/* FIXME: what about dsa */
skc->d.elg.protect.algo = CIPHER_ALGO_BLOWFISH;
skc->d.elg.protect.s2k = 1;
skc->d.elg.protect.hash = DIGEST_ALGO_RMD160;
memcpy(skc->d.elg.protect.salt, salt, 8);
randomize_buffer(skc->d.elg.protect.iv, 8, 1);
skc->protect.algo = CIPHER_ALGO_BLOWFISH;
skc->protect.s2k = 1;
skc->protect.hash = DIGEST_ALGO_RMD160;
memcpy(skc->protect.salt, salt, 8);
randomize_buffer(skc->protect.iv, 8, 1);
rc = protect_secret_key( skc, dek );
if( rc )
log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );

4
g10/signal.c
View File

@ -35,7 +35,7 @@
#include "ttyio.h"
#if 0
static RETSIGTYPE
print_and_exit( int sig )
{
@ -53,7 +53,7 @@ print_and_exit( int sig )
secmem_term();
exit(2); /* not correct but .. */
}
#endif
void
init_signals()

23
g10/trustdb.c
View File

@ -38,6 +38,7 @@
#include "options.h"
#include "packet.h"
#include "main.h"
#include "i18n.h"
#define TRUST_RECORD_LEN 40
@ -1708,6 +1709,7 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
TRUSTREC rec;
unsigned trustlevel = TRUST_UNKNOWN;
int rc=0;
int cur_time;
if( DBG_TRUST )
log_info("check_trust() called.\n");
@ -1736,16 +1738,25 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
pkc->local_id );
}
}
if( pkc->timestamp > make_timestamp() ) {
cur_time = make_timestamp();
if( pkc->timestamp > cur_time ) {
log_info("public key created in future (time warp or clock problem)\n");
return G10ERR_TIME_CONFLICT;
}
rc = do_check( pkc->local_id, &rec, &trustlevel );
if( rc ) {
log_error("check_trust: do_check failed: %s\n", g10_errstr(rc));
return rc;
if( pkc->valid_days && add_days_to_timestamp(pkc->timestamp,
pkc->valid_days) < cur_time ) {
log_info(_("key expiration date is %s\n"), strtimestamp(
add_days_to_timestamp(pkc->timestamp,
pkc->valid_days)));
trustlevel = TRUST_EXPIRED;
}
else {
rc = do_check( pkc->local_id, &rec, &trustlevel );
if( rc ) {
log_error("check_trust: do_check failed: %s\n", g10_errstr(rc));
return rc;
}
}

295
po/de.po
View File

@ -45,6 +45,16 @@ msgstr ""
"BENUTZEN SIE DIE DURCH DIESES PROGRAMM ERZEUGTEN DATEN NICHT!\n"
"\n"
#: g10/g10.c:214
msgid ""
"Syntax: gpgm [options] [files]\n"
"GNUPG maintenance utility\n"
msgstr ""
"Syntax: gpgm [options] [files]\n"
"GNUPG Wartungs Hilfsmittel\n"
#: g10/g10.c:72
msgid ""
"Syntax: gpg [options] [files]\n"
@ -55,18 +65,44 @@ msgstr ""
"Signieren, prüfen, verschlüsseln, entschlüsseln\n"
"Die voreingestellte Operation ist abhängig von den Eingabedaten\n"
#: g10/g10.c:77
msgid "Please report bugs to <gnupg-bugs@isil.d.shuttle.de>.\n"
msgstr "Berichte über Wanzen bitte an <gnupg-bugs@isil.d.shuttle.de>.\n"
#: g10/g10.c:116
msgid "Usage: g10 [options] "
msgstr "Aufruf: g10 [Opeionen] "
#: g10/g10.c:207
msgid "Usage: gpgm [options] [files] (-h for help)"
msgstr "Aufruf: gpgm [Optionen] [Dateien] (-h für Hilfe)"
#: g10/g10.c:209
msgid "Usage: gpg [options] [files] (-h for help)"
msgstr "Aufruf: gpg [Optionen] [Dateien] (-h für Hilfe)"
#: g10/g10.c:152
msgid "conflicting commands\n"
msgstr "Widersprechende Kommandos\n"
#: g10/g10.c:57
msgid ""
"\\vCommands:\n"
" "
msgstr ""
"\\vKommandos:\n"
" "
#: g10/g10.c:92
msgid ""
"\\v\n"
"Options:\n"
" "
msgstr ""
"\\v\n"
"Optionen:\n"
" "
#: g10/g10.c:164
msgid "create ascii armored output"
msgstr "Ausgabe mit ASCII Armor versehen"
@ -80,7 +116,7 @@ msgid "set compress level (0 disables)"
msgstr "Kompressionspegel sethen (aussschalten mit 0)"
#: g10/g10.c:167
msgid "don't make any changes"
msgid "do not make any changes"
msgstr "Keine wirklichen Änderungen durchführen"
#: g10/g10.c:168
@ -107,25 +143,25 @@ msgstr "\"Nein\" als Standard Antwort annehmen"
msgid "generate a new key pair"
msgstr "Ein neues Schlüsselpaar erzeugen"
#: g10/g10.c:174
msgid "add key to the public keyring"
msgstr ""
#: g10/g10.c:76
msgid "remove key from the public keyring"
msgstr "Schlüssel entfernen"
#: g10/g10.c:175
msgid "remove key from public keyring"
msgstr "Key entfernen"
#: g10/g10.c:79
msgid "generate a revocation certificate"
msgstr "Ein \"Revocation\" Zertifikat erzeugen"
#: g10/g10.c:176
msgid "make a signature on a key in the keyring"
msgstr "key signieren"
msgstr "Schlüssel signieren"
#: g10/g10.c:177
msgid "store only"
msgstr ""
msgstr "nur speichern"
#: g10/g10.c:178
msgid "check signatures on a key in the keyring"
msgstr " "
msgstr "Schlüssel Signaturen prüfen"
#: g10/g10.c:179
msgid "add this keyring to the list of keyrings"
@ -133,149 +169,264 @@ msgstr ""
#: g10/g10.c:180
msgid "make a signature"
msgstr ""
msgstr "Eine Signatur erzeugen"
#: g10/g10.c:61
msgid "make a clear text signature"
msgstr "Eine Klartext Signatur erzeugen"
#: g10/g10.c:181
msgid "use canonical text mode"
msgstr ""
msgstr "Text Modus benutzen"
#: g10/g10.c:182
msgid "make a detached signature"
msgstr ""
msgstr "Eine abgetrennte Signatur erzeugen"
#: g10/g10.c:183
msgid "encrypt data"
msgstr ""
msgstr "Daten verschlüsseln"
#: g10/g10.c:64
msgid "encryption only with symmetric cipher"
msgstr "Daten nur symmetrisch verschlüsseln"
#: g10/g10.c:184
msgid "decrypt data (default)"
msgstr ""
msgstr "Daten enschlüsseln"
#: g10/g10.c:67
msgid "verify a signature"
msgstr "Signatur prüfen"
#: g10/g10.c:185
msgid "use this user-id to sign or decrypt"
msgstr ""
msgstr "Mit dieser User-ID signieren"
#: g10/g10.c:186
msgid "use this user-id for encryption"
msgstr ""
msgstr "Verschlüsseln für diese User-ID"
#: g10/g10.c:187
msgid "list keys"
msgstr ""
msgstr "Liste der Schlüssel"
#: g10/g10.c:70
msgid "list keys and signatures"
msgstr "Liste der Schlüssel und deren Signaturen"
#: g10/g10.c:71
msgid "check key signatures"
msgstr "Signaturen der Schlüssel prüfen"
#: g10/g10.c:72
msgid "list keys and fingerprints"
msgstr "Liste der Schlüssel und deren \"Fingerprints\""
#: g10/g10.c:188
msgid "set debugging flags"
msgstr ""
msgstr "Debug-Flags einschalten"
#: g10/g10.c:189
msgid "enable full debugging"
msgstr ""
#: g10/g10.c:193
msgid "show the fingerprints"
msgstr ""
msgstr "Alle Debug-Flags einschalten"
#: g10/g10.c:194
msgid "print all message digests"
msgstr ""
msgstr "Message-Digests für die Eingabedaten ausgeben"
#: g10/g10.c:195
msgid "add this secret keyring to the list"
msgstr ""
msgstr "Den geheimen Schlüsselring mitbenutzen"
#: g10/g10.c:196
msgid "read options from file"
msgstr ""
msgstr "Optionen aus der Datei lesen"
#: g10/g10.c:199
msgid "list only the sequence of packets"
msgstr ""
msgstr "Lediglich die Struktur der Daten Packete anzeigen"
#: g10/g10.c:202
msgid "edit a key signature"
msgstr ""
msgstr "Editieren de Schlüssel Signaturen"
#: g10/g10.c:203
msgid "change the passphrase of your secret keyring"
msgstr ""
msgstr "Die \"Passphrase\" des geheimen Schlüssels ändern"
#: g10/g10.c:205
msgid "select default cipher algorithm"
msgstr ""
msgstr "Den Cipher Algorithmus auswählen"
#: g10/g10.c:206
msgid "select default puplic key algorithm"
msgstr ""
msgstr "Den Public-Key Algorithmus auswählen"
#: g10/g10.c:207
msgid "select default message digest algorithm"
msgstr ""
msgstr "Den Message-Digest Algorithmus auswählen"
#: g10/g10.c:208
msgid "put public keys into the trustdb"
msgstr ""
#: g10/g10.c:212
msgid "do not write comment packets"
msgstr ""
msgstr "Keine Kommentarpackete schreiben"
#: g10/g10.c:213
msgid "(default is 1)"
msgstr ""
msgstr "(voreingestellt ist 1)"
#: g10/g10.c:214
msgid "(default is 3)"
msgstr ""
msgstr "(voreingestellt ist 3)"
#: g10/g10.c:81
msgid "export keys"
msgstr "Schlüssel exportieren"
#: g10/g10.c:82
msgid "import/merge keys"
msgstr "Schlüssel importieren/kombinieren"
#: g10/g10.c:85
msgid "De-Armor a file or stdin"
msgstr "\"De-Armor\" einer Datei oder stdin"
#: g10/g10.c:86
msgid "En-Armor a file or stdin"
msgstr "\"En-Armor\" einer Datei oder stdin"
#: g10/g10.c:215
msgid "export all or the given keys"
msgstr ""
#: g10/g10.c:282
msgid "note: no default option file '%s'\n"
msgstr ""
msgstr "Notiz: Keine voreingestellte Optionen Datei '%s' vorhanden\n"
#: g10/g10.c:285
msgid "option file '%s': %s\n"
msgstr ""
msgstr "Opionen Datei '%s': %s\n"
#: g10/g10.c:290
msgid "reading options from '%s'\n"
msgstr ""
msgstr "Optionen werden von '%s' gelesen\n"
#: g10/g10.c:382
msgid "selected cipher algorithm is invalid\n"
msgstr ""
msgstr "Der ausgewählte Cipher Algorithmus ist ungültig\n"
#: g10/g10.c:386
msgid "selected pubkey algorithm is invalid\n"
msgstr ""
msgstr "Der ausgewählte Public-Key Algorithmus ist ungültig\n"
#: g10/g10.c:390
msgid "selected digest algorithm is invalid\n"
msgstr ""
msgstr "Der ausgewählte Message-Digest Algorithmus ist ungültig\n"
#: g10/g10.c:394
msgid "completes-needed must be greater than 0\n"
msgstr ""
msgstr "completes-needed müßen größer als 0 sein\n"
#: g10/g10.c:398
msgid "marginals-needed must be greater than 1\n"
msgstr ""
msgstr "marginals-needed müßen größer als 1 sein\n"
#: g10/g10.c:462
msgid "failed to initialize the TrustDB: %s\n"
msgstr ""
msgstr "Die Trust-DB kann nicht initialisiert werden: %s\n"
#: g10/g10.c:554 g10/g10.c:571 g10/g10.c:660
msgid "can't open '%s'\n"
msgstr "Datei '%s' kann nicht geöffnet werden\n"
#: g10/g10.c:113
msgid "write status info to this fd"
msgstr "Status Informationen auf diesen FD schreiben"
#: g10/g10.c:124
msgid ""
"\\v\n"
"Examples:\n"
"\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
" -sat [file] make a clear text signature\n"
" -sb [file] make a detached signature\n"
" -k [userid] show keys\n"
" -kc [userid] show fingerprint\n"
msgstr ""
"\\v\n"
"Beispiele:\n"
"\n"
" -se -r Bob [file] Signieren und verschlüsseln für Benutzer Bob\n"
" -sat [file] Eine Klartext Signatur erzeugen\n"
" -sb [file] Eine abgetrennte Signatur erzeugen\n"
" -k [userid] Die Schllüssel anzeigen\n"
" -kc [userid] Die \"Fingerprints\" anzeigen\n"
#: g10/g10.c:666
msgid "--store [filename]"
msgstr "--store [Dateiname]"
#. encrypt the given file only with the symmetric cipher
#: g10/g10.c:674
msgid "--symmetric [filename]"
msgstr "--symmetric [Dateiname]"
#: g10/g10.c:682
msgid "--encrypt [filename]"
msgstr "--encrypt [Dateiname]"
#: g10/g10.c:695
msgid "--sign [filename]"
msgstr "--sign [Dateiname]"
#: g10/g10.c:708
msgid "--sign --encrypt [filename]"
msgstr "--sign --encrypt [Dateiname]"
#. make a clearsig
#: g10/g10.c:722
msgid "--clearsign [filename]"
msgstr "--clearsign [Dateiname]"
#: g10/g10.c:734
msgid "--decrypt [filename]"
msgstr "--decrypt [Dateiname]"
#: g10/g10.c:742
msgid "--sign-key username"
msgstr "--sign-key Benutzername"
#: g10/g10.c:750
msgid "--edit-sig username"
msgstr "--edit-sig Benutzername"
#: g10/g10.c:758
msgid "--delete-secret-key username"
msgstr "--delete-secret-key Benutzername"
#: g10/g10.c:761
msgid "--delete-key username"
msgstr "--delete-key Benutzername"
#. no arg: use default, 1 arg use this one
#: g10/g10.c:769
msgid "--change-passphrase [username]"
msgstr "--change-passphrase [Benutzername]"
#: g10/pkclist.c:65
msgid ""
"No ownertrust defined for %lu:\n"
"%4u%c/%08lX %s \""
msgstr ""
"Es ist kein \"Ownertrust\" für %lu definiert:\n"
"%4u%c/%08lX %s \""
#: g10/pkclist.c:72
msgid ""
@ -318,7 +469,7 @@ msgstr ""
#: g10/pkclist.c:108
msgid "You will see a list of signators etc. here\n"
msgstr ""
msgstr "Sie sollten hier eigentlich eine Liste der Signierer sehen.\n"
#: g10/pkclist.c:132
msgid ""
@ -332,11 +483,11 @@ msgstr ""
#: g10/keygen.c:109
msgid "writing self signature\n"
msgstr ""
msgstr "Die Selbst-Signatur wird geschrieben\n"
#: g10/keygen.c:299
msgid "Key generation can only be used in interactive mode\n"
msgstr ""
msgstr "Die Schlüsselerzeugung kann nur im interaktiven Modus benutzt werden\n"
#: g10/keygen.c:301
msgid ""
@ -344,22 +495,25 @@ msgid ""
" (1) ElGamal is the suggested one.\n"
" (2) DSA can only be used for signatures.\n"
msgstr ""
"Bitte wählen Sie den zu benutzenden Algorithmus aus:\n"
" (1) ElGamal wird empfohlen.\n"
" (2) DSA kann nur für Signaturen verwendet werden.\n"
#: g10/keygen.c:305
msgid " (3) RSA cannot be used in the U.S.\n"
msgstr ""
msgstr " (3) RSA darf in den USA nicht benutzt werden\n"
#: g10/keygen.c:314
msgid "Your selection? (1,2,3) "
msgstr ""
msgstr "Ihre Auswahl? (1,2,3) "
#: g10/keygen.c:316
msgid "Your selection? (1,2) "
msgstr ""
msgstr "Ihre Auswahl? (1,2) "
#: g10/keygen.c:330
msgid "Sorry; DSA is not yet supported.\n"
msgstr ""
msgstr "Pardon; DSA wird noch nicht unterstützt.\n"
#: g10/keygen.c:343
msgid ""
@ -402,25 +556,25 @@ msgstr "Gut, aber bitte denken Sie auch daran, da
#: g10/keygen.c:377
msgid "Requested keysize is %u bits\n"
msgstr ""
msgstr "Die verlangte Schlüssellänge ist %u Bits\n"
#: g10/keygen.c:380 g10/keygen.c:384
msgid "rounded up to %u bits\n"
msgstr ""
msgstr "aufgerundet auf %u Bits\n"
#: g10/keygen.c:391
msgid ""
"\n"
"You need a User-ID to identify your key; the software constructs the user id\n"
"from Real Name, Comment and Email Address in this form:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
"\n"
msgstr ""
"\n"
"Sie benötigen einen User-ID um Ihren Schlüssel eindeutig zu machen; das\n"
"Programm baut diese User-ID aus Ihrem echten Namen, einem Kommentar und\n"
"Ihrer Email Adresse in dieser Form auf:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
"\n"
@ -500,11 +654,11 @@ msgstr "\"passphrase\" nicht richtig wiederholt; noch einmal.\n"
#: g10/keygen.c:531
msgid "writing public certificate to '%s'\n"
msgstr ""
msgstr "schreiben des öffentlichen Schlüssels nach '%s'\n"
#: g10/keygen.c:532
msgid "writing secret certificate to '%s'\n"
msgstr ""
msgstr "schreiben des geheimen Schlüssels nach '%s'\n"
#: g10/keygen.c:544
msgid ""
@ -523,4 +677,9 @@ msgstr "
#: g10/keygen.c:622
msgid "Key generation failed: %s\n"
msgstr ""
msgstr "Schlüssel-Erzeugung fehlgeschlagen: %s\n"

12
po/it.po
View File

@ -452,8 +452,8 @@ msgstr ""
"\"\n"
"\n"
"Per favore decidi fino a quanto hai fiducia di questo utente perchè\n"
firmi correttamente le chiavi di altri utenti (guardando il suo\n"
passaporto, controllando le impronte digitali da diverse fonti ...)?\n"
"firmi correttamente le chiavi di altri utenti (guardando il suo\n"
"passaporto, controllando le impronte digitali da diverse fonti ...)?\n"
"\n"
" 1 = Non lo so\n"
" 2 = NON mi fido\n"
@ -474,8 +474,8 @@ msgid ""
msgstr ""
"È compito tuo assegnare qui un valore; questo valore non sarà mai esportato\n"
"ad alcuna terza persona. Ci serve per implementare la ragnatela-di-fiducia;\n"
"non ha nulla a che fare con la ragnatela-di-certificati (creata
implicitamente).\n"
"non ha nulla a che fare con la ragnatela-di-certificati (creata"
"implicitamente).\n"
#: g10/pkclist.c:108
msgid "You will see a list of signators etc. here\n"
@ -616,14 +616,14 @@ msgid ""
"You need a User-ID to identify your key; the software constructs the user "
"id\n"
"from Real Name, Comment and Email Address in this form:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
"\n"
msgstr ""
"\n"
"Ti serve un User ID per identificare la tua chiave; il software costruisce "
"l'user id a partire da Nome e Cognome, Commento e Indirizzo di Email "
"indicati in questo modulo:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
"\n"
#: g10/keygen.c:409

2
tools/Makefile.am
View File

@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
INCLUDES = -I$(top_srcdir)/include
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
needed_libs = ../cipher/libcipher.a ../util/libutil.a ../mpi/libmpi.a ../util/libutil.a
noinst_PROGRAMS = mpicalc bftest clean-sat

2
tools/Makefile.in
View File

@ -92,7 +92,7 @@ VERSION = @VERSION@
ZLIBS = @ZLIBS@
l = @l@
INCLUDES = -I$(top_srcdir)/include
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
needed_libs = ../cipher/libcipher.a ../util/libutil.a ../mpi/libmpi.a ../util/libutil.a
noinst_PROGRAMS = mpicalc bftest clean-sat

2
util/Makefile.am
View File

@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
INCLUDES = -I$(top_srcdir)/include
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
noinst_LIBRARIES = libutil.a

2
util/Makefile.in
View File

@ -92,7 +92,7 @@ VERSION = @VERSION@
ZLIBS = @ZLIBS@
l = @l@
INCLUDES = -I$(top_srcdir)/include
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
noinst_LIBRARIES = libutil.a

18
util/miscutil.c
View File

@ -32,6 +32,24 @@ make_timestamp()
return time(NULL);
}
u32
add_days_to_timestamp( u32 stamp, u16 days )
{
return stamp + days*86400L;
}
const char *
strtimestamp( u32 stamp )
{
static char buffer[11+5];
struct tm *tp;
time_t atime = stamp;
tp = gmtime( &atime );
sprintf(buffer,"%04d-%02d-%02d",
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
return buffer;
}
/****************
* Print a string to FP, but filter all control characters out.