security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

new release

Browse Source
This commit is contained in:
Werner Koch 1998-04-09 11:19:09 +00:00
parent 8b10a87908
commit 3c7368a33d
19 changed files with 324 additions and 1050 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
INSTALL
View File

@ -7,6 +7,9 @@ Configure options for GNUPG
--with-included-zlib Forces usage of the local zlib sources. Default is
to use the (shared) library of the system.
--with-included-gettext Forces usage of the local gettext sources instead of.
the one provided by your system.
--disable-nls Disable NLS support (See ABOUT-NLS)
--enable-m-debug Compile with the integrated malloc debugging stuff.
@ -26,8 +29,8 @@ Configure options for GNUPG
Problems
========
If you have compile problems, use the configure options "--with-zlib" and
"--disable-nls" (See ABOUT-NLS).
If you have compile problems, try the configure options "--with-included-zlib"
or "--disable-nls" (See ABOUT-NLS).
I cant check all assembler files; so if you have problems assembling them
(or the program crashes), simply delete the files in the mpi/<cpu> directory.

2
NEWS
View File

@ -9,7 +9,7 @@ Noteworthy changes in version 0.2.15
* CAST5 works (using the PGP's special CFB mode).
* Now more PGP 5 compatible.
* Again somewhat more PGP 5 compatible.
* Some new test cases

9
README
View File

@ -2,7 +2,7 @@
GNUPG - The GNU Privacy Guard
-------------------------------
THIS IS ALPHA SOFTWARE, EXPECT BUGS AND UNIMPLEMENTED STUFF.
THIS IS ALPHA SOFTWARE, YOU MAY ENCOUNTER SOOME BUGS.
On a Linux box (version 2.x.x, alpha or x86 CPU) it should
work reliable. You may create your key on such a machine and
@ -19,7 +19,6 @@
verify new releases. Because you verified the tar file containing
this file here, you can be sure that the above fingerprint is correct.
Please subscribe to g10@net.lut.ac.uk by sending a mail with
the word "subscribe" in the body to "g10-request@net.lut.ac.uk".
@ -31,7 +30,6 @@
the United States until Sep 20, 2000). I'm sorry about this, but
this is the world we have created (e.g. by using proprietary software).
Because the OpenPGP standard is still a draft, GNUPG is not yet
compatible to it (or PGP 5) - but it will. The data structures
used are compatible with PGP 2.x, so it can parse an list such files
@ -215,7 +213,7 @@
"01AB3FED1347A5612"
"0x234AABBCC34567C4"
* By a fingerprint (not yet implemented):
* By a fingerprint:
"1234343434343434C434343434343434"
"123434343434343C3434343434343734349A3434"
@ -268,7 +266,8 @@
-----------
GNUPG returns with an exit status of 1 if in batch mode and a bad signature
has been detected or 2 or higher for all other errors. You should parse
stderr to get detailed informations about the errors.
stderr or the output of the fd specified with --status-fd to get detailed
informations about the errors.
Esoteric commands

13
TODO
View File

@ -9,8 +9,6 @@
* enable a SIGSEGV handler while using zlib functions
* complete cipher/cast.c -- have to use the PGP CFBug
* key generation for dsa and subpacket support.
* Burn the buffers used by fopen(), or use read(2).
@ -32,11 +30,8 @@
them to your key and because the user id which is signed by others has
also be signed by you, all user-ids are bound together.
* add an option to re-create a public key from a secret key
* cleanup mainproc.c, much stuff is duplicated.
* remove key management stuff from sign.c.
* add an option to re-create a public key from a secret key. Think about
a backup system of only the secret part of the secret key.
* add fingerprint/keyid hashing. We need a new field in PKC to
flag that we may have a cached signature for this (and use the address
@ -45,11 +40,7 @@
* change the misleading usage of public key certificate to public key data
or something like this.
* seckey_cert.c: merge all the check funtions into one.
* fix the problems with "\v" in gettext
* replace getkey.c#enum_secret_keys

2
VERSION
View File

@ -1 +1 @@
0.2.14b
0.2.15

6
checks/defs.inc
View File

@ -19,10 +19,8 @@ dsa_usrname2="0xCB879DE9"
dsa_keyrings="--keyring ./pubring.pkr --secret-keyring ./secring.skr"
#plain_files="plain-1 plain-2 plain-3"
plain_files="plain-1"
#data_files="data-500 data-9000 data-32000 data-80000"
data_files="data-500"
plain_files="plain-1 plain-2 plain-3"
data_files="data-500 data-9000 data-32000 data-80000"
exp_files=""

12
g10/ChangeLog
View File

@ -1,3 +1,15 @@
Thu Apr 9 11:35:22 1998 Werner Koch (wk@isil.d.shuttle.de)
* seckey-cert.c (do_check): New; combines all the check functions
into one.
* sign.c: removed all key management functions
* keyedit.c: New.
Thu Apr 9 09:49:36 1998 Werner Koch (wk@isil.d.shuttle.de)
* import.c (chk_self_sigs): Changed an error message.
Wed Apr 8 16:19:39 1998 Werner Koch (wk@isil.d.shuttle.de)
* packet.h: packet structs now uses structs from the pubkey,

1
g10/Makefile.am
View File

@ -45,6 +45,7 @@ common_source = \
status.c \
status.h \
sign.c \
keyedit.c \
plaintext.c \
encr-data.c \
encode.c \

22
g10/Makefile.in
View File

@ -137,6 +137,7 @@ common_source = \
status.c \
status.h \
sign.c \
keyedit.c \
plaintext.c \
encr-data.c \
encode.c \
@ -174,9 +175,9 @@ gpg_OBJECTS = g10.o build-packet.o compress.o free-packet.o getkey.o \
pkclist.o skclist.o ringedit.o kbnode.o mainproc.o armor.o mdfilter.o \
textfilter.o cipher.o elg.o dsa.o rsa.o misc.o openfile.o keyid.o \
trustdb.o parse-packet.o passphrase.o pubkey-enc.o seckey-cert.o \
seskey.o import.o export.o comment.o status.o sign.o plaintext.o \
encr-data.o encode.o revoke.o keylist.o sig-check.o signal.o verify.o \
decrypt.o keygen.o
seskey.o import.o export.o comment.o status.o sign.o keyedit.o \
plaintext.o encr-data.o encode.o revoke.o keylist.o sig-check.o \
signal.o verify.o decrypt.o keygen.o
gpg_LDADD = $(LDADD)
gpg_DEPENDENCIES = ../cipher/libcipher.a ../mpi/libmpi.a \
../util/libutil.a
@ -186,8 +187,8 @@ getkey.o pkclist.o skclist.o ringedit.o kbnode.o mainproc.o armor.o \
mdfilter.o textfilter.o cipher.o elg.o dsa.o rsa.o misc.o openfile.o \
keyid.o trustdb.o parse-packet.o passphrase.o pubkey-enc.o \
seckey-cert.o seskey.o import.o export.o comment.o status.o sign.o \
plaintext.o encr-data.o encode.o revoke.o keylist.o sig-check.o \
signal.o
keyedit.o plaintext.o encr-data.o encode.o revoke.o keylist.o \
sig-check.o signal.o
gpgm_DEPENDENCIES = g10maint.o ../cipher/libcipher.a ../mpi/libmpi.a \
../util/libutil.a
gpgm_LDFLAGS =
@ -195,8 +196,9 @@ gpgd_OBJECTS = gpgd.o build-packet.o compress.o free-packet.o getkey.o \
pkclist.o skclist.o ringedit.o kbnode.o mainproc.o armor.o mdfilter.o \
textfilter.o cipher.o elg.o dsa.o rsa.o misc.o openfile.o keyid.o \
trustdb.o parse-packet.o passphrase.o pubkey-enc.o seckey-cert.o \
seskey.o import.o export.o comment.o status.o sign.o plaintext.o \
encr-data.o encode.o revoke.o keylist.o sig-check.o signal.o
seskey.o import.o export.o comment.o status.o sign.o keyedit.o \
plaintext.o encr-data.o encode.o revoke.o keylist.o sig-check.o \
signal.o
gpgd_LDADD = $(LDADD)
gpgd_DEPENDENCIES = ../cipher/libcipher.a ../mpi/libmpi.a \
../util/libutil.a
@ -215,9 +217,9 @@ DEP_FILES = .deps/armor.P .deps/build-packet.P .deps/cipher.P \
.deps/comment.P .deps/compress.P .deps/dearmor.P .deps/decrypt.P \
.deps/dsa.P .deps/elg.P .deps/encode.P .deps/encr-data.P .deps/export.P \
.deps/free-packet.P .deps/g10.P .deps/getkey.P .deps/gpgd.P \
.deps/import.P .deps/kbnode.P .deps/keygen.P .deps/keyid.P \
.deps/keylist.P .deps/mainproc.P .deps/mdfilter.P .deps/misc.P \
.deps/openfile.P .deps/parse-packet.P .deps/passphrase.P \
.deps/import.P .deps/kbnode.P .deps/keyedit.P .deps/keygen.P \
.deps/keyid.P .deps/keylist.P .deps/mainproc.P .deps/mdfilter.P \
.deps/misc.P .deps/openfile.P .deps/parse-packet.P .deps/passphrase.P \
.deps/pkclist.P .deps/plaintext.P .deps/pubkey-enc.P .deps/revoke.P \
.deps/ringedit.P .deps/rsa.P .deps/seckey-cert.P .deps/seskey.P \
.deps/sig-check.P .deps/sign.P .deps/signal.P .deps/skclist.P \

7
g10/import.c
View File

@ -501,8 +501,11 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
}
rc = check_key_signature( keyblock, n, NULL);
if( rc ) {
log_error("%s: key %08lX, invalid self-signature\n",
fname, (ulong)keyid[1]);
log_error( rc == G10ERR_PUBKEY_ALGO ?
"%s: key %08lX, unsupported public key algorithm\n":
"%s: key %08lX, invalid self-signature\n",
fname, (ulong)keyid[1]);
unode->flag |= 2; /* mark as invalid */
}
unode->flag |= 1; /* mark that user-id checked */

9
g10/main.h
View File

@ -54,17 +54,20 @@ int encrypt_filter( void *opaque, int control,
/*-- sign.c --*/
int complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md );
int sign_file( STRLIST filenames, int detached, STRLIST locusr,
int encrypt, STRLIST remusr, const char *outfile );
int clearsign_file( const char *fname, STRLIST locusr, const char *outfile );
/*-- sig-check.c --*/
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
/*-- keyedit.c --*/
int sign_key( const char *username, STRLIST locusr );
int edit_keysigs( const char *username );
int delete_key( const char *username, int secure );
int change_passphrase( const char *username );
/*-- sig-check.c --*/
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
/*-- keygen.c --*/
void generate_keypair(void);

2
g10/rsa.c
View File

@ -1,4 +1,4 @@
/* rsa.c
/* rsa.c - glue code for RSA cipher
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GNUPG.

350
g10/seckey-cert.c
View File

@ -34,19 +34,19 @@
static int
check_elg( PKT_secret_cert *cert )
do_check( PKT_secret_cert *cert )
{
byte *buffer;
u16 csum=0;
int res;
unsigned nbytes;
u32 keyid[2];
char save_iv[8];
if( cert->is_protected ) { /* remove the protection */
DEK *dek = NULL;
MPI test_x;
u32 keyid[2];
CIPHER_HANDLE cipher_hd=NULL;
PKT_secret_cert *save_cert;
char save_iv[8];
switch( cert->protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
@ -64,63 +64,137 @@ check_elg( PKT_secret_cert *cert )
cipher_setkey( cipher_hd, dek->key, dek->keylen );
cipher_setiv( cipher_hd, NULL );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
save_cert = copy_secret_cert( NULL, cert );
memcpy(save_iv, cert->protect.iv, 8 );
cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
mpi_set_secure(cert->d.elg.x );
/*fixme: maybe it is better to set the buffer secure with a
* new get_buffer_secure() function */
buffer = mpi_get_buffer( cert->d.elg.x, &nbytes, NULL );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
test_x = mpi_alloc_secure( mpi_get_nlimbs(cert->d.elg.x) );
mpi_set_buffer( test_x, buffer, nbytes, 0 );
csum = checksum_mpi( test_x );
m_free( buffer );
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL:
buffer = mpi_get_secure_buffer( cert->d.elg.x, &nbytes, NULL );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.elg.x, buffer, nbytes, 0 );
csum = checksum_mpi( cert->d.elg.x );
m_free( buffer );
break;
case PUBKEY_ALGO_DSA:
buffer = mpi_get_secure_buffer( cert->d.dsa.x, &nbytes, NULL );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.dsa.x, buffer, nbytes, 0 );
csum = checksum_mpi( cert->d.dsa.x );
m_free( buffer );
break;
#ifdef HAVE_RSA_CIPHER
case PUBKEY_ALGO_RSA:
csum = 0;
#define X(a) do { \
buffer = mpi_get_secure_buffer( cert->d.rsa.##a, \
&nbytes, NULL ); \
csum += checksum_u16( nbytes*8 ); \
cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); \
csum += checksum( buffer, nbytes ); \
mpi_set_buffer(cert->d.rsa.##a, buffer, nbytes, 0 ); \
m_free( buffer ); \
} while(0)
X(d);
X(p);
X(q);
X(u);
#undef X
break;
#endif /* HAVE_RSA_CIPHER */
default: BUG();
}
cipher_close( cipher_hd );
/* now let's see wether we have used the right passphrase */
if( csum != cert->csum ) {
/* very bad kludge to work around an early bug */
csum -= checksum_u16( mpi_get_nbits(test_x) );
nbytes = mpi_get_nlimbs(test_x) * 4;
csum += checksum_u16( nbytes*8 );
if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
/* very bad kludge to work around an early bug */
csum -= checksum_u16( mpi_get_nbits(cert->d.elg.x) );
nbytes = mpi_get_nlimbs(cert->d.elg.x) * 4;
csum += checksum_u16( nbytes*8 );
if( !opt.batch && csum == cert->csum )
log_info("Probably you have an old key - use "
"\"--change-passphrase\" to convert.\n");
}
if( csum != cert->csum ) {
mpi_free(test_x);
copy_secret_cert( cert, save_cert );
free_secret_cert( save_cert );
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
if( !opt.batch )
}
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL:
res = elg_check_secret_key( &cert->d.elg );
break;
case PUBKEY_ALGO_DSA:
res = dsa_check_secret_key( &cert->d.dsa );
break;
#ifdef HAVE_RSA_CIPHER
case PUBKEY_ALGO_RSA:
res = rsa_check_secret_key( &cert->d.rsa );
break;
#endif
default: BUG();
}
if( !res ) {
copy_secret_cert( cert, save_cert );
free_secret_cert( save_cert );
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
free_secret_cert( save_cert );
cert->is_protected = 0;
break;
default:
return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
}
}
else { /* not protected */
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL:
csum = checksum_mpi( cert->d.elg.x );
break;
case PUBKEY_ALGO_DSA:
csum = checksum_mpi( cert->d.dsa.x );
break;
#ifdef HAVE_RSA_CIPHER
case PUBKEY_ALGO_RSA:
csum =0;
buffer = mpi_get_buffer( cert->d.rsa.rsa_d, &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
buffer = mpi_get_buffer( cert->d.rsa.rsa_p, &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
buffer = mpi_get_buffer( cert->d.rsa.rsa_q, &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
buffer = mpi_get_buffer( cert->d.rsa.rsa_u, &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
break;
#endif
default: BUG();
}
if( csum != cert->csum ) {
if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
/* very bad kludge to work around an early bug */
csum -= checksum_u16( mpi_get_nbits(cert->d.elg.x) );
nbytes = mpi_get_nlimbs(cert->d.elg.x) * 4;
csum += checksum_u16( nbytes*8 );
if( !opt.batch && csum == cert->csum )
log_info("Probably you have an old key - use "
"\"--change-passphrase\" to convert.\n");
}
mpi_swap( cert->d.elg.x, test_x );
res = elg_check_secret_key( &cert->d.elg );
mpi_swap( cert->d.elg.x, test_x );
if( !res ) {
mpi_free(test_x);
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
mpi_set(cert->d.elg.x, test_x);
mpi_free(test_x);
cert->is_protected = 0;
break;
default:
return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
}
}
else { /* not protected */
csum = checksum_mpi( cert->d.elg.x );
if( csum != cert->csum ) {
/* very bad kludge to work around an early bug */
csum -= checksum_u16( mpi_get_nbits(cert->d.elg.x) );
nbytes = mpi_get_nlimbs(cert->d.elg.x) * 4;
csum += checksum_u16( nbytes*8 );
if( csum != cert->csum )
return G10ERR_CHECKSUM;
if( !opt.batch )
log_info("Probably you have an old key - use "
"\"--change-passphrase\" to convert.\n");
}
}
@ -128,171 +202,6 @@ check_elg( PKT_secret_cert *cert )
}
static int
check_dsa( PKT_secret_cert *cert )
{
byte *buffer;
u16 csum=0;
int res;
unsigned nbytes;
u32 keyid[2];
char save_iv[8];
if( cert->is_protected ) { /* remove the protection */
DEK *dek = NULL;
MPI test_x;
CIPHER_HANDLE cipher_hd=NULL;
switch( cert->protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
case CIPHER_ALGO_CAST:
keyid_from_skc( cert, keyid );
if( cert->protect.s2k == 1 || cert->protect.s2k == 3 )
dek = get_passphrase_hash( keyid, NULL,
cert->protect.salt );
else
dek = get_passphrase_hash( keyid, NULL, NULL );
cipher_hd = cipher_open( cert->protect.algo,
CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen );
cipher_setiv( cipher_hd, NULL );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
memcpy(save_iv, cert->protect.iv, 8 );
cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
mpi_set_secure(cert->d.dsa.x );
/*fixme: maybe it is better to set the buffer secure with a
* new get_buffer_secure() function */
buffer = mpi_get_buffer( cert->d.dsa.x, &nbytes, NULL );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
test_x = mpi_alloc_secure( mpi_get_nlimbs(cert->d.dsa.x) );
mpi_set_buffer( test_x, buffer, nbytes, 0 );
csum = checksum_mpi( test_x );
m_free( buffer );
cipher_close( cipher_hd );
/* now let's see wether we have used the right passphrase */
if( csum != cert->csum ) {
mpi_free(test_x);
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
mpi_swap( cert->d.dsa.x, test_x );
res = dsa_check_secret_key( &cert->d.dsa );
mpi_swap( cert->d.dsa.x, test_x );
if( !res ) {
mpi_free(test_x);
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
mpi_set(cert->d.dsa.x, test_x);
mpi_free(test_x);
cert->is_protected = 0;
break;
default:
return G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
}
}
else { /* not protected */
csum = checksum_mpi( cert->d.dsa.x );
if( csum != cert->csum )
return G10ERR_CHECKSUM;
}
return 0;
}
#ifdef HAVE_RSA_CIPHER
/****************
* FIXME: fix checksum stuff
*/
static int
check_rsa( PKT_secret_cert *cert )
{
byte *buffer;
u16 csum=0;
int res;
unsigned nbytes;
u32 keyid[2];
if( cert->is_protected ) { /* remove the protection */
DEK *dek = NULL;
BLOWFISH_context *blowfish_ctx=NULL;
switch( cert->protect.algo ) {
/* FIXME: use test variables to check for the correct key */
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
keyid_from_skc( cert, keyid );
dek = get_passphrase_hash( keyid, NULL, NULL );
blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx );
blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
blowfish_setiv( blowfish_ctx, NULL );
blowfish_decode_cfb( blowfish_ctx, cert->protect.iv,
cert->protect.iv, 8 );
csum = 0;
#define X(a) do { \
mpi_set_secure(cert->d.rsa.rsa_##a); \
buffer = mpi_get_buffer( cert->d.rsa.rsa_##a, &nbytes, NULL );\
csum += checksum_u16( nbytes*8 ); \
blowfish_decode_cfb( blowfish_ctx, buffer, buffer, nbytes ); \
csum += checksum( buffer, nbytes ); \
mpi_set_buffer(cert->d.rsa.rsa_##a, buffer, nbytes, 0 ); \
m_free( buffer ); \
} while(0)
X(d);
X(p);
X(q);
X(u);
#undef X
cert->is_protected = 0;
m_free( blowfish_ctx );
/* now let's see wether we have used the right passphrase */
if( csum != cert->csum )
return G10ERR_BAD_PASS;
res = rsa_check_secret_key( &cert->d.rsa );
if( !res )
return G10ERR_BAD_PASS;
break;
default:
return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
}
}
else { /* not protected */
csum =0;
buffer = mpi_get_buffer( cert->d.rsa.rsa_d, &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
buffer = mpi_get_buffer( cert->d.rsa.rsa_p, &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
buffer = mpi_get_buffer( cert->d.rsa.rsa_q, &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
buffer = mpi_get_buffer( cert->d.rsa.rsa_u, &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
if( csum != cert->csum )
return G10ERR_CHECKSUM;
}
return 0;
}
#endif /*HAVE_RSA_CIPHER*/
/****************
* Check the secret key certificate
@ -307,16 +216,13 @@ check_secret_key( PKT_secret_cert *cert )
for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) {
if( i )
log_error("Invalid passphrase; please try again ...\n");
if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL )
rc = check_elg( cert );
else if( cert->pubkey_algo == PUBKEY_ALGO_DSA )
rc = check_dsa( cert );
#ifdef HAVE_RSA_CIPHER
else if( cert->pubkey_algo == PUBKEY_ALGO_RSA )
rc = check_rsa( cert );
#endif
else
rc = G10ERR_PUBKEY_ALGO;
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL:
case PUBKEY_ALGO_DSA:
rc = do_check( cert );
break;
default: rc = G10ERR_PUBKEY_ALGO;
}
if( get_passphrase_fd() != -1 )
break;
}

686
g10/sign.c
View File

@ -39,9 +39,7 @@
static int
int
complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md )
{
int rc=0;
@ -468,685 +466,3 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
static void
show_fingerprint( PKT_public_cert *pkc )
{
byte *array, *p;
size_t i, n;
p = array = fingerprint_from_pkc( pkc, &n );
tty_printf(" Fingerprint:");
if( n == 20 ) {
for(i=0; i < n ; i++, i++, p += 2 ) {
if( i == 10 )
tty_printf(" ");
tty_printf(" %02X%02X", *p, p[1] );
}
}
else {
for(i=0; i < n ; i++, p++ ) {
if( i && !(i%8) )
tty_printf(" ");
tty_printf(" %02X", *p );
}
}
tty_printf("\n");
m_free(array);
}
/****************
* Ask wether the user is willing to sign the key. Return true if so.
*/
static int
sign_it_p( PKT_public_cert *pkc, PKT_user_id *uid )
{
char *answer;
int yes;
tty_printf("\nAre you really sure that you want so sign this key:\n\n"
"%4u%c/%08lX %s ",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
(ulong)keyid_from_pkc( pkc, NULL ),
datestr_from_pkc( pkc ) );
tty_print_string( uid->name, uid->len );
tty_printf("\n");
show_fingerprint(pkc);
tty_printf("\n");
answer = tty_get("Sign this key? ");
tty_kill_prompt();
yes = answer_is_yes(answer);
m_free(answer);
return yes;
}
/****************
* Check the keysigs and set the flags to indicate errors.
* Usage of nodes flag bits:
* Bit 0 = bad signature
* 1 = no public key
* 2 = other error
* Returns true if error found.
*/
static int
check_all_keysigs( KBNODE keyblock )
{
KBNODE kbctx;
KBNODE node;
int rc;
int inv_sigs = 0;
int no_key = 0;
int oth_err = 0;
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
if( node->pkt->pkttype == PKT_SIGNATURE
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
PKT_signature *sig = node->pkt->pkt.signature;
int sigrc;
tty_printf("sig");
switch( (rc = check_key_signature( keyblock, node,NULL)) ) {
case 0: node->flag = 0; sigrc = '!'; break;
case G10ERR_BAD_SIGN: inv_sigs++; node->flag = 1; sigrc = '-'; break;
case G10ERR_NO_PUBKEY: no_key++; node->flag = 2; sigrc = '?'; break;
default: oth_err++; node->flag = 4; sigrc = '%'; break;
}
tty_printf("%c %08lX %s ",
sigrc, sig->keyid[1], datestr_from_sig(sig));
if( sigrc == '%' )
tty_printf("[%s] ", g10_errstr(rc) );
else if( sigrc == '?' )
;
else {
size_t n;
char *p = get_user_id( sig->keyid, &n );
tty_print_string( p, n > 40? 40 : n );
m_free(p);
}
tty_printf("\n");
/* FIXME: update the trustdb */
}
}
if( inv_sigs )
tty_printf("%d bad signatures\n", inv_sigs );
if( no_key )
tty_printf("No public key for %d signatures\n", no_key );
if( oth_err )
tty_printf("%d signatures not checked due to errors\n", oth_err );
return inv_sigs || no_key || oth_err;
}
/****************
* Ask and remove invalid signatures are to be removed.
*/
static int
remove_keysigs( KBNODE keyblock, u32 *keyid, int all )
{
KBNODE kbctx;
KBNODE node;
char *answer;
int yes;
int count;
count = 0;
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
if( ((node->flag & 7) || all )
&& node->pkt->pkttype == PKT_SIGNATURE
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
PKT_signature *sig = node->pkt->pkt.signature;
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
/* fixme: skip self-sig */
}
tty_printf("\n \"%08lX %s ",
sig->keyid[1], datestr_from_sig(sig));
if( node->flag & 6 )
tty_printf("[User name not available] ");
else {
size_t n;
char *p = get_user_id( sig->keyid, &n );
tty_print_string( p, n );
m_free(p);
}
tty_printf("\"\n");
if( node->flag & 1 )
tty_printf("This is a BAD signature!\n");
else if( node->flag & 2 )
tty_printf("Public key not available.\n");
else if( node->flag & 4 )
tty_printf("The signature could not be checked!\n");
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
continue; /* do not remove self-signatures */
answer = tty_get("\nRemove this signature? ");
tty_kill_prompt();
if( answer_is_yes(answer) ) {
node->flag |= 128; /* use bit 7 to mark this node */
count++;
}
m_free(answer);
}
}
if( !count )
return 0; /* nothing to remove */
answer = tty_get("Do you really want to remove the selected signatures? ");
tty_kill_prompt();
yes = answer_is_yes(answer);
m_free(answer);
if( !yes )
return 0;
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 1)) ; ) {
if( node->flag & 128)
delete_kbnode(node );
}
return 1;
}
/****************
* This functions signs the key of USERNAME with all users listed in
* LOCUSR. If LOCUSR is NULL the default secret certificate will
* be used. This works on all keyrings, so there is no armor or
* compress stuff here.
*/
int
sign_key( const char *username, STRLIST locusr )
{
md_filter_context_t mfx;
int rc = 0;
SKC_LIST skc_list = NULL;
SKC_LIST skc_rover = NULL;
KBNODE keyblock = NULL;
KBNODE kbctx, node;
KBPOS kbpos;
PKT_public_cert *pkc;
u32 pkc_keyid[2];
char *answer;
memset( &mfx, 0, sizeof mfx);
/* search the userid */
rc = find_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("user '%s' not found\n", username );
goto leave;
}
/* build a list of all signators */
rc=build_skc_list( locusr, &skc_list, 0, 1 );
if( rc )
goto leave;
/* read the keyblock */
rc = read_keyblock( &kbpos, &keyblock );
if( rc ) {
log_error("error reading the certificate: %s\n", g10_errstr(rc) );
goto leave;
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
if( !node ) {
log_error("Oops; public key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
pkc = node->pkt->pkt.public_cert;
keyid_from_pkc( pkc, pkc_keyid );
log_info("Checking signatures of this public key certificate:\n");
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
pkc_keyid[1], datestr_from_pkc(pkc) );
{
size_t n;
char *p = get_user_id( pkc_keyid, &n );
tty_print_string( p, n > 40? 40 : n );
m_free(p);
tty_printf("\n");
}
clear_kbnode_flags( keyblock );
if( check_all_keysigs( keyblock ) ) {
if( !opt.batch ) {
/* ask wether we really should do anything */
answer = tty_get("To you want to remove some of the invalid sigs? ");
tty_kill_prompt();
if( answer_is_yes(answer) )
remove_keysigs( keyblock, pkc_keyid, 0 );
m_free(answer);
}
}
/* check wether we have already signed it */
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
u32 akeyid[2];
keyid_from_skc( skc_rover->skc, akeyid );
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
if( node->pkt->pkttype == PKT_SIGNATURE
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
if( akeyid[0] == node->pkt->pkt.signature->keyid[0]
&& akeyid[1] == node->pkt->pkt.signature->keyid[1] ) {
log_info("Already signed by keyid %08lX\n",
(ulong)akeyid[1] );
skc_rover->mark = 1;
}
}
}
}
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
if( !skc_rover->mark )
break;
}
if( !skc_rover ) {
log_info("Nothing to sign\n");
goto leave;
}
/* Loop over all signers and all user ids and sign */
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
if( skc_rover->mark )
continue;
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
if( node->pkt->pkttype == PKT_USER_ID ) {
if( sign_it_p( pkc, node->pkt->pkt.user_id ) ) {
PACKET *pkt;
PKT_signature *sig;
rc = make_keysig_packet( &sig, pkc,
node->pkt->pkt.user_id,
skc_rover->skc,
0x10,
DIGEST_ALGO_RMD160 );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc));
goto leave;
}
pkt = m_alloc_clear( sizeof *pkt );
pkt->pkttype = PKT_SIGNATURE;
pkt->pkt.signature = sig;
insert_kbnode( node, new_kbnode(pkt), PKT_USER_ID );
}
}
}
}
rc = update_keyblock( &kbpos, keyblock );
if( rc ) {
log_error("update_keyblock failed: %s\n", g10_errstr(rc) );
goto leave;
}
leave:
release_kbnode( keyblock );
release_skc_list( skc_list );
md_close( mfx.md );
return rc;
}
int
edit_keysigs( const char *username )
{
int rc = 0;
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
PKT_public_cert *pkc;
u32 pkc_keyid[2];
/* search the userid */
rc = find_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("%s: user not found\n", username );
goto leave;
}
/* read the keyblock */
rc = read_keyblock( &kbpos, &keyblock );
if( rc ) {
log_error("%s: certificate read problem: %s\n", username, g10_errstr(rc) );
goto leave;
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
if( !node ) {
log_error("Oops; public key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
pkc = node->pkt->pkt.public_cert;
keyid_from_pkc( pkc, pkc_keyid );
log_info("Checking signatures of this public key certificate:\n");
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
pkc_keyid[1], datestr_from_pkc(pkc) );
{
size_t n;
char *p = get_user_id( pkc_keyid, &n );
tty_print_string( p, n > 40? 40 : n );
m_free(p);
tty_printf("\n");
}
clear_kbnode_flags( keyblock );
check_all_keysigs( keyblock );
if( remove_keysigs( keyblock, pkc_keyid, 1 ) ) {
rc = update_keyblock( &kbpos, keyblock );
if( rc ) {
log_error("update_keyblock failed: %s\n", g10_errstr(rc) );
goto leave;
}
}
leave:
release_kbnode( keyblock );
return rc;
}
/****************
* Delete a public or secret key from a keyring.
*/
int
delete_key( const char *username, int secret )
{
int rc = 0;
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
PKT_public_cert *pkc = NULL;
PKT_secret_cert *skc = NULL;
u32 keyid[2];
int okay=0;
/* search the userid */
rc = secret? find_secret_keyblock_byname( &kbpos, username )
: find_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("%s: user not found\n", username );
goto leave;
}
/* read the keyblock */
rc = read_keyblock( &kbpos, &keyblock );
if( rc ) {
log_error("%s: read problem: %s\n", username, g10_errstr(rc) );
goto leave;
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, secret? PKT_SECRET_CERT:PKT_PUBLIC_CERT );
if( !node ) {
log_error("Oops; key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
if( secret ) {
skc = node->pkt->pkt.secret_cert;
keyid_from_skc( skc, keyid );
}
else {
pkc = node->pkt->pkt.public_cert;
keyid_from_pkc( pkc, keyid );
rc = seckey_available( keyid );
if( !rc ) {
log_error(_(
"there is a secret key for this public key!\n"));
log_info(_(
"use option \"--delete-secret-key\" to delete it first.\n"));
rc = -1;
}
else if( rc != G10ERR_NO_SECKEY )
log_error("%s: get secret key: %s\n", username, g10_errstr(rc) );
else
rc = 0;
}
if( rc )
rc = 0;
else if( opt.batch && secret )
log_error(_("can't do that in batch-mode\n"));
else if( opt.batch && opt.answer_yes )
okay++;
else if( opt.batch )
log_error(_("can't do that in batch-mode without \"--yes\"\n"));
else {
char *p;
size_t n;
if( secret )
tty_printf("sec %4u%c/%08lX %s ",
nbits_from_skc( skc ),
pubkey_letter( skc->pubkey_algo ),
keyid[1], datestr_from_skc(skc) );
else
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
keyid[1], datestr_from_pkc(pkc) );
p = get_user_id( keyid, &n );
tty_print_string( p, n );
m_free(p);
tty_printf("\n\n");
p = tty_get(_("Delete this key from the keyring? "));
tty_kill_prompt();
if( secret && answer_is_yes(p)) {
/* I think it is not required to check a passphrase; if
* the user is so stupid to let others access his secret keyring
* (and has no backup) - it is up him to read some very
* basic texts about security.
*/
m_free(p);
p = tty_get(_("This is a secret key! - really delete? "));
}
if( answer_is_yes(p) )
okay++;
m_free(p);
}
if( okay ) {
rc = delete_keyblock( &kbpos );
if( rc ) {
log_error("delete_keyblock failed: %s\n", g10_errstr(rc) );
goto leave;
}
}
leave:
release_kbnode( keyblock );
return rc;
}
int
change_passphrase( const char *username )
{
int rc = 0;
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
PKT_secret_cert *skc;
u32 skc_keyid[2];
char *answer;
int changed=0;
/* search the userid */
rc = find_secret_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("secret key for user '%s' not found\n", username );
goto leave;
}
/* read the keyblock */
rc = read_keyblock( &kbpos, &keyblock );
if( rc ) {
log_error("error reading the certificate: %s\n", g10_errstr(rc) );
goto leave;
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, PKT_SECRET_CERT );
if( !node ) {
log_error("Oops; secret key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
skc = node->pkt->pkt.secret_cert;
keyid_from_skc( skc, skc_keyid );
tty_printf("sec %4u%c/%08lX %s ",
nbits_from_skc( skc ),
pubkey_letter( skc->pubkey_algo ),
skc_keyid[1], datestr_from_skc(skc) );
{
size_t n;
char *p = get_user_id( skc_keyid, &n );
tty_print_string( p, n );
m_free(p);
tty_printf("\n");
}
clear_kbnode_flags( keyblock );
switch( is_secret_key_protected( skc ) ) {
case -1:
rc = G10ERR_PUBKEY_ALGO;
break;
case 0:
tty_printf("This key is not protected.\n");
break;
default:
tty_printf("Key is protected.\n");
rc = check_secret_key( skc );
break;
}
if( rc )
tty_printf("Can't edit this key: %s\n", g10_errstr(rc));
else {
DEK *dek = m_alloc_secure( sizeof *dek + 8 );
byte *salt = (byte*)dek + sizeof( *dek );
tty_printf( "Enter the new passphrase for this secret key.\n\n" );
for(;;) {
dek->algo = CIPHER_ALGO_BLOWFISH;
randomize_buffer(salt, 8, 1);
rc = make_dek_from_passphrase( dek , 2, salt );
if( rc == -1 ) {
rc = 0;
tty_printf( "You don't want a passphrase -"
" this is probably a *bad* idea!\n\n");
answer = tty_get("Do you really want to do this? ");
tty_kill_prompt();
if( answer_is_yes(answer) )
changed++;
m_free(answer);
break;
}
else if( rc == G10ERR_PASSPHRASE ) {
tty_printf("passphrase not correctly repeated; try again.\n");
}
else if( rc ) {
m_free(dek); dek = NULL;
log_error("Error getting the passphrase: %s\n", g10_errstr(rc));
break;
}
else { /* okay */
skc->protect.algo = CIPHER_ALGO_BLOWFISH;
skc->protect.s2k = 1;
skc->protect.hash = DIGEST_ALGO_RMD160;
memcpy(skc->protect.salt, salt, 8);
randomize_buffer(skc->protect.iv, 8, 1);
rc = protect_secret_key( skc, dek );
if( rc )
log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
else
changed++;
break;
}
}
m_free(dek);
}
if( changed ) {
rc = update_keyblock( &kbpos, keyblock );
if( rc ) {
log_error("update_keyblock failed: %s\n", g10_errstr(rc) );
goto leave;
}
}
leave:
release_kbnode( keyblock );
return rc;
}
/****************
* Create a signature packet for the given public key certificate
* and the user id and return it in ret_sig. User signature class SIGCLASS
* user-id is not used (and may be NULL if sigclass is 0x20)
*/
int
make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
PKT_user_id *uid, PKT_secret_cert *skc,
int sigclass, int digest_algo )
{
PKT_signature *sig;
int rc=0;
MD_HANDLE md;
assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x20 );
md = md_open( digest_algo, 0 );
/* hash the public key certificate and the user id */
hash_public_cert( md, pkc );
if( sigclass != 0x20 )
md_write( md, uid->name, uid->len );
/* and make the signature packet */
sig = m_alloc_clear( sizeof *sig );
sig->pubkey_algo = skc->pubkey_algo;
sig->timestamp = make_timestamp();
sig->sig_class = sigclass;
md_putc( md, sig->sig_class );
{ u32 a = sig->timestamp;
md_putc( md, (a >> 24) & 0xff );
md_putc( md, (a >> 16) & 0xff );
md_putc( md, (a >> 8) & 0xff );
md_putc( md, a & 0xff );
}
md_final(md);
rc = complete_sig( sig, skc, md );
md_close( md );
if( rc )
free_seckey_enc( sig );
else
*ret_sig = sig;
return rc;
}

1
include/mpi.h
View File

@ -99,6 +99,7 @@ int mpi_fromstr(MPI val, const char *str);
int mpi_print( FILE *fp, MPI a, int mode );
u32 mpi_get_keyid( MPI a, u32 *keyid );
byte *mpi_get_buffer( MPI a, unsigned *nbytes, int *sign );
byte *mpi_get_secure_buffer( MPI a, unsigned *nbytes, int *sign );
void mpi_set_buffer( MPI a, const byte *buffer, unsigned nbytes, int sign );
/*-- mpi-add.c --*/

4
mpi/ChangeLog
View File

@ -1,3 +1,7 @@
Thu Apr 9 11:31:36 1998 Werner Koch (wk@isil.d.shuttle.de)
* mpicoder.c (mpi_get_secure_buffer): New.
Wed Apr 8 09:44:33 1998 Werner Koch (wk@isil.d.shuttle.de)
* config.links: Applied small fix from Ulf Möller.

20
mpi/mpicoder.c
View File

@ -268,8 +268,8 @@ mpi_get_keyid( MPI a, u32 *keyid )
* set to zero if the value of A is zero. If sign is not NULL, it will
* be set to the sign of the A.
*/
byte *
mpi_get_buffer( MPI a, unsigned *nbytes, int *sign )
static byte *
do_get_buffer( MPI a, unsigned *nbytes, int *sign, int force_secure )
{
byte *p, *buffer;
mpi_limb_t alimb;
@ -278,7 +278,8 @@ mpi_get_buffer( MPI a, unsigned *nbytes, int *sign )
if( sign )
*sign = a->sign;
*nbytes = a->nlimbs * BYTES_PER_MPI_LIMB;
p = buffer = a->secure ? m_alloc_secure( *nbytes) : m_alloc( *nbytes );
p = buffer = force_secure || a->secure ? m_alloc_secure( *nbytes)
: m_alloc( *nbytes );
for(i=a->nlimbs-1; i >= 0; i-- ) {
alimb = a->d[i];
@ -310,6 +311,19 @@ mpi_get_buffer( MPI a, unsigned *nbytes, int *sign )
return buffer;
}
byte *
mpi_get_buffer( MPI a, unsigned *nbytes, int *sign )
{
return do_get_buffer( a, nbytes, sign, 0 );
}
byte *
mpi_get_secure_buffer( MPI a, unsigned *nbytes, int *sign )
{
return do_get_buffer( a, nbytes, sign, 1 );
}
/****************
* Use BUFFER to update MPI.
*/

4
po/ChangeLog
View File

@ -1,3 +1,7 @@
Thu Apr 9 10:03:14 1998 Werner Koch (wk@isil.d.shuttle.de)
* it.po: New version from Marco
Fri Mar 13 09:43:19 1998 Werner Koch (wk@isil.d.shuttle.de)
* it.po: New

217
po/it.po
View File

@ -1,5 +1,6 @@
msgid ""
msgstr ""
"POT-Creation-Date: 1998-03-12 23:23+0100\n"
"Content-Type: text/plain; charset=iso-8859-1\n"
"Date: 1998-03-07 12:16:14+0100\n"
"From: Marco d'Itri <md@linux.it>\n"
@ -12,6 +13,7 @@ msgid "Warning: using insecure memory!\n"
msgstr "Attenzione: si sta usando memoria insicura!\n"
#: cipher/random.c:419
#, c-format
msgid ""
"\n"
"Not enough random bytes available. Please do some other work to give\n"
@ -19,7 +21,7 @@ msgid ""
msgstr ""
"\n"
"Non ci sono abbastanza byte casuali disponibili. Per favore fai\n"
"qualche altro lavoro per dare al sistema operativo un'occasione per\n"
"qualche altro lavoro per dare al sistema operativo la possibilità di\n"
"raccogliere altra entropia! (Servono ancora %d byte)\n"
#: cipher/random.c:459
@ -41,7 +43,7 @@ msgstr ""
"NON USARE ALCUN DATO GENERATO DA QUESTO PROGRAMMA!!\n"
"\n"
#: g10/g10.c:56
#: g10/g10.c:57
msgid ""
"\\vCommands:\n"
" "
@ -49,103 +51,103 @@ msgstr ""
"\\vComandi:\n"
" "
#: g10/g10.c:59
#: g10/g10.c:60
msgid "make a signature"
msgstr "fai una firma"
#: g10/g10.c:60
msgid "make a clear text signature"
msgstr "fai una firma al testo in chiaro"
#: g10/g10.c:61
msgid "make a clear text signature"
msgstr "fai una firma mantenendo il testo in chiaro"
#: g10/g10.c:62
msgid "make a detached signature"
msgstr "fai una firma separata"
#: g10/g10.c:62
#: g10/g10.c:63
msgid "encrypt data"
msgstr "cifra dati"
#: g10/g10.c:63
#: g10/g10.c:64
msgid "encryption only with symmetric cipher"
msgstr "cifra solo con un cifrario simmetrico"
#: g10/g10.c:64
msgid "store only"
msgstr "immagazzina solo"
#: g10/g10.c:65
msgid "store only"
msgstr "immagazzina soltanto"
#: g10/g10.c:66
msgid "decrypt data (default)"
msgstr "decifra dati (predefinito)"
#: g10/g10.c:66
#: g10/g10.c:67
msgid "verify a signature"
msgstr "verifica una firma"
#: g10/g10.c:68
#: g10/g10.c:69
msgid "list keys"
msgstr "elenca le chiavi"
#: g10/g10.c:69
#: g10/g10.c:70
msgid "list keys and signatures"
msgstr "elenca le chiavi e le firme"
#: g10/g10.c:70
#: g10/g10.c:71
msgid "check key signatures"
msgstr "controlla le firme delle chiavi"
#: g10/g10.c:71
#: g10/g10.c:72
msgid "list keys and fingerprints"
msgstr "elenca le chiavi e le impronte digitali"
#: g10/g10.c:73
#: g10/g10.c:74
msgid "generate a new key pair"
msgstr "genera una nuova coppia di chiavi"
#: g10/g10.c:74
#: g10/g10.c:75
msgid "make a signature on a key in the keyring"
msgstr "firma una chiave nel portachiavi"
#: g10/g10.c:75
msgid "remove key from the public keyring"
msgstr "rimuovi una chiave dal portachiavi pubblico"
#: g10/g10.c:76
msgid "remove key from the public keyring"
msgstr "rimuove una chiave dal portachiavi pubblico"
#: g10/g10.c:77
msgid "edit a key signature"
msgstr "modifica la firma di una chiave"
#: g10/g10.c:77
#: g10/g10.c:78
msgid "change the passphrase of your secret keyring"
msgstr "cambia la passphrase del tuo portachiavi segreto"
#: g10/g10.c:78
#: g10/g10.c:79
msgid "generate a revocation certificate"
msgstr "genera un certificato di revoca"
#: g10/g10.c:80
#: g10/g10.c:81
msgid "export keys"
msgstr "esporta delle chiavi"
#: g10/g10.c:81
#: g10/g10.c:82
msgid "import/merge keys"
msgstr "importa/aggiungi delle chiavi"
#: g10/g10.c:82
#: g10/g10.c:83
msgid "list only the sequence of packets"
msgstr "elenca solo la sequenza dei pacchetti"
#: g10/g10.c:84
#: g10/g10.c:85
msgid "De-Armor a file or stdin"
msgstr "rimuovi l'armatura a un file o a stdin"
#: g10/g10.c:85
#: g10/g10.c:86
msgid "En-Armor a file or stdin"
msgstr "crea l'armatura a un file o a stdin"
#: g10/g10.c:86
#: g10/g10.c:87
msgid "print all message digests"
msgstr "stampa tutti i message digests"
#: g10/g10.c:91
#: g10/g10.c:92
msgid ""
"\\v\n"
"Options:\n"
@ -155,99 +157,99 @@ msgstr ""
"Opzioni:\n"
" "
#: g10/g10.c:94
#: g10/g10.c:95
msgid "create ascii armored output"
msgstr "crea un output ascii con armatura"
#: g10/g10.c:95
#: g10/g10.c:96
msgid "use this user-id to sign or decrypt"
msgstr "usa questo user-id per firmare o decifrare"
#: g10/g10.c:96
#: g10/g10.c:97
msgid "use this user-id for encryption"
msgstr "usa questo user-id per cifrare"
#: g10/g10.c:97
#: g10/g10.c:98
msgid "set compress level (0 disables)"
msgstr "imposta il livello di compressione (0 disabilita)"
#: g10/g10.c:98
#: g10/g10.c:99
msgid "use canonical text mode"
msgstr "usa il modo testo canonico"
#: g10/g10.c:100
msgid "use as output file"
msgstr "usa come un file di output"
#: g10/g10.c:101
msgid "use as output file"
msgstr "usa come file di output"
#: g10/g10.c:102
msgid "verbose"
msgstr "prolisso"
#: g10/g10.c:102
msgid "don't make any changes"
#: g10/g10.c:103
msgid "do not make any changes"
msgstr "non fare cambiamenti"
#: g10/g10.c:103
#: g10/g10.c:104
msgid "batch mode: never ask"
msgstr "modo batch: non fare domande"
#: g10/g10.c:104
msgid "assume yes on most questions"
msgstr "assumi \"si\" a quasi tutte le domande"
#: g10/g10.c:105
msgid "assume yes on most questions"
msgstr "assumi \"sì\" a quasi tutte le domande"
#: g10/g10.c:106
msgid "assume no on most questions"
msgstr "assumi \"no\" a quasi tutte le domande"
#: g10/g10.c:106
msgid "add this keyring to the list of keyrings"
msgstr "aggiungi questo portachiavi alla lista dei portachiavi"
#: g10/g10.c:107
msgid "add this keyring to the list of keyrings"
msgstr "aggiungi questo portachiavi alla lista"
#: g10/g10.c:108
msgid "add this secret keyring to the list"
msgstr "aggiungi questo portachiavi segreto alla lista"
#: g10/g10.c:108
#: g10/g10.c:109
msgid "read options from file"
msgstr "leggi le opzioni dal file"
#: g10/g10.c:110
msgid "set debugging flags"
msgstr "imposa i flag di debugging"
#: g10/g10.c:111
msgid "set debugging flags"
msgstr "imposta i flag di debugging"
#: g10/g10.c:112
msgid "enable full debugging"
msgstr "abilita il debugging completo"
#: g10/g10.c:112
#: g10/g10.c:113
msgid "write status info to this fd"
msgstr "scrivi le informazioni di stato su questo fd"
#: g10/g10.c:113
#: g10/g10.c:114
msgid "do not write comment packets"
msgstr "non scrivere pacchetti di commento"
#: g10/g10.c:114
#: g10/g10.c:115
msgid "(default is 1)"
msgstr "(predefinito è 1)"
#: g10/g10.c:115
#: g10/g10.c:116
msgid "(default is 3)"
msgstr "(predefinito è 3)"
#: g10/g10.c:117
#: g10/g10.c:118
msgid "select default cipher algorithm"
msgstr "seleziona l'algoritmo di cifratura predefinito"
#: g10/g10.c:118
#: g10/g10.c:119
msgid "select default puplic key algorithm"
msgstr "seleziona l'algoritmo a chiave pubblica predefinito"
#: g10/g10.c:119
#: g10/g10.c:120
msgid "select default message digest algorithm"
msgstr "seleziona l'algoritmo di message digest predefinito"
#: g10/g10.c:123
#: g10/g10.c:124
msgid ""
"\\v\n"
"Examples:\n"
@ -262,7 +264,7 @@ msgstr ""
"Esempi:\n"
"\n"
" -se -r Bob [file] firma e cifra per l'utente Bob\n"
" -sat [file] fai una firma al testo in chiaro\n"
" -sat [file] fai una firma mantenendo il testo in chiaro\n"
" -sb [file] fai una firma separata\n"
" -k [userid] mostra le chiavi\n"
" -kc [userid] mostra le impronte digitali\n"
@ -330,18 +332,22 @@ msgid "marginals-needed must be greater than 1\n"
msgstr "marginals-needed deve essere maggiore di 1\n"
#: g10/g10.c:450
#, c-format
msgid "note: no default option file '%s'\n"
msgstr "nota: nessun file con opzioni predefinite '%s'\n"
#: g10/g10.c:454
#, c-format
msgid "option file '%s': %s\n"
msgstr "file con opzioni predefinite '%s': %s\n"
#: g10/g10.c:461
#, c-format
msgid "reading options from '%s'\n"
msgstr "lettura delle opzioni da '%s'\n"
#: g10/g10.c:657
#, c-format
msgid "failed to initialize the TrustDB: %s\n"
msgstr "inizializzazione del TrustDB fallita: %s\n"
@ -349,10 +355,9 @@ msgstr "inizializzazione del TrustDB fallita: %s\n"
msgid "--store [filename]"
msgstr "--store [nomefile]"
#. encrypt the given file only with the symmetric cipher
#: g10/g10.c:671
msgid "--symmetric [filename]"
msgstr " [nomefile]"
msgstr "--symmetric [nomefile]"
#: g10/g10.c:679
msgid "--encrypt [filename]"
@ -366,7 +371,6 @@ msgstr "--sign [nomefile]"
msgid "--sign --encrypt [filename]"
msgstr "--sign --encrypt [nomefile]"
#. make a clearsig
#: g10/g10.c:719
msgid "--clearsign [filename]"
msgstr "--clearsign [nomefile]"
@ -391,12 +395,14 @@ msgstr ""
msgid "--delete-key username"
msgstr ""
#. Change the passphrase
#. no arg: use default, 1 arg use this one
#: g10/g10.c:766
msgid "--change-passphrase [username]"
msgstr ""
#: g10/g10.c:787
#, c-format
msgid "can't open %s: %s\n"
msgstr "impossibile aprire '%s': %s\n"
@ -409,24 +415,27 @@ msgid "--gen-key"
msgstr ""
#: g10/g10.c:845
#, c-format
msgid "dearmoring failed: %s\n"
msgstr "rimozione dell'armatura fallita: %s\n"
#: g10/g10.c:853
#, c-format
msgid "enarmoring failed: %s\n"
msgstr "creazione dell'armatura fallita: %s\n"
#. fixme: g10maint should to regular maintenace tasks here
#: g10/g10.c:934
msgid "[filename]"
msgstr "[nomefile]"
#: g10/g10.c:936
#, c-format
msgid "can't open '%s'\n"
msgstr "impossibile aprire '%s'"
# #### Md ???
#: g10/pkclist.c:65
#, c-format
msgid ""
"No ownertrust defined for %lu:\n"
"%4u%c/%08lX %s \""
@ -451,9 +460,9 @@ msgid ""
msgstr ""
"\"\n"
"\n"
"Per favore decidi fino a quanto hai fiducia di questo utente perchè\n"
"firmi correttamente le chiavi di altri utenti (guardando il suo\n"
"passaporto, controllando le impronte digitali da diverse fonti ...)?\n"
"Per favore decidi quanto hai fiducia di questo utente perchè firmi\n"
"correttamente le chiavi di altri utenti (guardando il suo passaporto,\n"
"controllando le impronte digitali da diverse fonti ...)?\n"
"\n"
" 1 = Non lo so\n"
" 2 = NON mi fido\n"
@ -464,7 +473,7 @@ msgstr ""
#: g10/pkclist.c:83
msgid "Your decision? "
msgstr "La tua decisione? "
msgstr "Cosa hai deciso? "
#: g10/pkclist.c:90
msgid ""
@ -473,13 +482,14 @@ msgid ""
"to do with the (implicitly created) web-of-certificates.\n"
msgstr ""
"È compito tuo assegnare qui un valore; questo valore non sarà mai esportato\n"
"ad alcuna terza persona. Ci serve per implementare la ragnatela-di-fiducia;\n"
"non ha nulla a che fare con la ragnatela-di-certificati (creata"
"ad alcuna terza persona. Serve per implementare la ragnatela-di-fiducia; "
"non\n"
"ha nulla a che fare con la ragnatela-di-certificati (creata "
"implicitamente).\n"
#: g10/pkclist.c:108
msgid "You will see a list of signators etc. here\n"
msgstr "Qui vedrai una lista di firmatari, ecc...\n"
msgstr "Qui vedrai una lista di firmatari, ecc.\n"
#: g10/pkclist.c:132
msgid ""
@ -499,15 +509,15 @@ msgstr ""
"Nessun valore di fiducia del proprietario modificato.\n"
"\n"
#: g10/pkclist.c:267
msgid ""
"It is NOT certain, that the key belongs to his owner.\n"
"If you *really* know what you are doing, you may answer\n"
"the next question with yes\n"
"\n"
msgstr "NON è sicuro che la chiave appartenga al suo proprietario.\n"
"Se *veramente* sai cosa stai facendo, puoi rispondere si alla\n"
msgstr ""
"NON è sicuro che la chiave appartenga al suo proprietario.\n"
"Se *veramente* sai cosa stai facendo, puoi rispondere sì alla\n"
"prossima domanda.\n"
"\n"
@ -519,7 +529,6 @@ msgstr ""
"Non hai specificato un user ID. (puoi usare \"-r\")\n"
"\n"
#: g10/pkclist.c:308
msgid "Enter the user ID: "
msgstr "Inserisci l'user ID: "
@ -548,17 +557,18 @@ msgstr " (3) RSA non pu
#: g10/keygen.c:320
msgid "Your selection? (1,2,3) "
msgstr "La tua scelta? (1,2,3) "
msgstr "Cosa scegli? (1,2,3) "
#: g10/keygen.c:322
msgid "Your selection? (1,2) "
msgstr "La tua scelta? (1,2) "
msgstr "Cosa scegli? (1,2) "
#: g10/keygen.c:336
msgid "Sorry; DSA is not yet supported.\n"
msgstr "Mi spiace, DSA non è gestito.\n"
#: g10/keygen.c:349
#, c-format
msgid ""
"About to generate a new %s keypair.\n"
" minimum keysize is 768 bits\n"
@ -580,16 +590,15 @@ msgstr "DSA permette solo chiavi di dimensioni da 512 a 1024\n"
#: g10/keygen.c:365
msgid "keysize too small; 768 is smallest value allowed.\n"
msgstr "le dimensioni della chiave sono troppo piccole; 768 è il\n"
"più piccolo valore permesso.\n"
msgstr "la chiave è troppo corta; 768 è il minimo valore permesso.\n"
#: g10/keygen.c:367
msgid ""
"Keysizes larger than 2048 are not suggested, because computations take "
"REALLY long!\n"
msgstr ""
"Chiavi di dimensioni maggiori di 2048 non sono consigliate, perchè i "
"calcoli sono VERAMENTE lunghi!\n"
"Chiavi più lunghe di 2048 non sono consigliate, perchè i calcoli sono "
"VERAMENTE lunghi!\n"
#: g10/keygen.c:369
msgid "Are you sure, that you want this keysize? "
@ -599,14 +608,17 @@ msgstr "Sei sicuro che vuoi una chiave di queste dimensioni? "
msgid ""
"Okay, but keep in mind that your monitor and keyboard radiation is also very "
"vulnerable to attacks!\n"
msgstr "Va bene, ma ricordati che anche le radiazioni emesse dal tuo monitor "
"e dalla tua tastiera sono molto vulnerabili ad attacchi!\n"
msgstr ""
"Va bene, ma ricordati che anche le radiazioni emesse dal tuo monitor e dalla "
"tua tastiera sono molto vulnerabili ad attacchi!\n"
#: g10/keygen.c:383
#, c-format
msgid "Requested keysize is %u bits\n"
msgstr "Le dimensioni della chiave richieste sono %u bit\n"
#: g10/keygen.c:386 g10/keygen.c:390
#, c-format
msgid "rounded up to %u bits\n"
msgstr "arrotondate a %u bit"
@ -616,14 +628,14 @@ msgid ""
"You need a User-ID to identify your key; the software constructs the user "
"id\n"
"from Real Name, Comment and Email Address in this form:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n"
"\n"
msgstr ""
"\n"
"Ti serve un User ID per identificare la tua chiave; il software costruisce "
"l'user id a partire da Nome e Cognome, Commento e Indirizzo di Email "
"indicati in questo modulo:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
"indicati in questa forma:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n"
"\n"
#: g10/keygen.c:409
@ -648,7 +660,7 @@ msgstr "Indirizzo di Email: "
#: g10/keygen.c:437
msgid "Not a valid email address\n"
msgstr "Non è un indirizzo di email valido\n"
msgstr "L'indirizzo di email non è valido\n"
#: g10/keygen.c:445
msgid "Comment: "
@ -659,6 +671,7 @@ msgid "Invalid character in comment\n"
msgstr "Carattere non valido nel commento\n"
#: g10/keygen.c:471
#, c-format
msgid ""
"You selected this USER-ID:\n"
" \"%s\"\n"
@ -697,10 +710,12 @@ msgid "passphrase not correctly repeated; try again.\n"
msgstr "passphrase non ripetuta correttamente; riprova.\n"
#: g10/keygen.c:539
#, c-format
msgid "writing public certificate to '%s'\n"
msgstr "scrittura del certificato pubblico in '%s'\n"
#: g10/keygen.c:540
#, c-format
msgid "writing secret certificate to '%s'\n"
msgstr "scrittura del certificato privato in '%s'\n"
@ -712,15 +727,17 @@ msgid ""
"number generator a better chance to gain enough entropy.\n"
msgstr ""
"Dobbiamo generare un mucchio di byte casuali. È una buona idea eseguire\n"
"qualche altra azione (lavorare in un'altra finestra, muovere il mouse, usare\n"
"la rete e i dischi) durante la generazione dei numeri primi; questo da al\n"
"generatore di numeri casuali una maggiore possibilità di raccogliere\n"
"abbastanza entropia.\n"
"qualche altra azione (lavorare in un'altra finestra, muovere il mouse, "
"usare\n"
"la rete e i dischi) durante la generazione dei numeri primi; questo dà al\n"
"generatore di numeri casuali la possibilità di raccogliere abbastanza\n"
"entropia.\n"
#: g10/keygen.c:627
#: g10/keygen.c:688
msgid "public and secret key created and signed.\n"
msgstr "chiavi pubbliche e segrete create e firmate.\n"
#: g10/keygen.c:638
#: g10/keygen.c:699
#, c-format
msgid "Key generation failed: %s\n"
msgstr "Generazione della chiave fallita: %s\n"