bug fix release

NEWS

@@ -1,3 +1,11 @@
+Noteworthy changes in version 0.3.4
+-----------------------------------
+    * New options --comment and --set-filename; see g10/OPTIONS
+
+    * yes/no, y/n localized.
+
+    * Fixed some bugs.
+
 Noteworthy changes in version 0.3.3
 -----------------------------------
     * IMPORTANT: I found yet another bug in the way the secret keys

THANKS

@@ -4,6 +4,7 @@ code.  Here is a list of those people.	Help me keep it complete and free of
 errors.
 
 Anand Kumria		wildfire@progsoc.uts.edu.au
+Ariel T Glenn		ariel@columbia.edu
 Brian Warner		warner@lothar.com
 Caskey L. Dickson	caskey@technocage.com
 Charles Levert		charles@comm.polymtl.ca

TODO

@@ -26,9 +26,6 @@
 
     * rewrite --list-packets or put it into another tool.
 
-    * add usage arguments to get_key_byname or return a PKC_LIST with
-      all keys and add a selection.
-
     * Burn the buffers used by fopen(), or use read(2). Does this
       really make sense?
 
@@ -51,5 +48,9 @@
 
     * Is it okay to use gettext for the help system???
 
-    * There are still problems with old v3 keys after passphrase change.
+    * configure checks two times for gcc
+
+    * update gettext
+
+    * Add some stuff for DU cc
 

VERSION

@@ -1 +1 @@
-0.3.3
+0.3.4

checks/ChangeLog

@@ -1,3 +1,7 @@
+Mon Aug 10 21:33:38 1998  Werner Koch  (wk@(none))
+
+	* genkey1024.test: Ariel fixed this.
+
 Wed Jul  8 10:43:47 1998  Werner Koch  (wk@isil.d.shuttle.de)
 
 	* seat.test: New.

checks/genkey1024.test

@@ -2,59 +2,95 @@
 
 . defs.inc || exit 3
 
-info "This expect script does not yet work"
-info "Please, all those expect gurus, can you help me with it?"
-exit 0
-
 expect - <<EOF
-set timeout -1
+#set timeout -1
+set timeout 5
 match_max 100000
 spawn ../g10/gpg --no-batch --quick-random --homedir . --gen-key
-expect -exact "Please select the algorithm to use:\r
+expect { 
-   (1) ElGamal is the suggested one.\r
+    -exact "Please select what kind of key you want:\r
-   (2) DSA can only be used for signatures.\r
+   (1) DSA and ElGamal (default)\r
-Your selection? (1,2) "
+   (2) ElGamal (sign and encrypt)\r
-send -- "1\r"
+   (3) ElGamal (encrypt only)\r
-expect -exact "1\r
+   (4) DSA (sign only)\r
-\r			 \rAbout to generate a new ElGamal keypair.\r
+   (5) ElGamal in a v3 packet\r
-	      minimum keysize is  768 bits\r
+Your selection? "  { send -- "1\r" }
-	      default keysize is 1024 bits\r
+    timeout { exit 1 } }
+expect {
+    -exact "1\r
+\r                 \rDSA keypair will have 1024 bits.\r
+About to generate a new ELG-E keypair.\r
+              minimum keysize is  768 bits\r
+              default keysize is 1024 bits\r
     highest suggested keysize is 2048 bits\r
-What keysize do you want? (1024) "
+What keysize do you want? (1024) " { send -- "\r" }
-send -- "\r"
+    timeout { exit 1 } }
-expect -exact "\r
+expect {
-\r				   \rRequested keysize is 1024 bits\r
+    -exact "\r
-\r
+\r                                 \rRequested keysize is 1024 bits\r
+Please specify how long the key should be valid.\r
+         0 = key does not expire\r
+      <n>  = key expires in n days\r
+      <n>w = key expires in n weeks\r
+      <n>m = key expires in n months\r
+      <n>y = key expires in n years\r
+Key is valid for? (0) " { send -- "1\r" }
+    timeout { exit 1 } }
+expect {
+     -exact "1\r
+\r                       \rKey expires at " { }
+    timeout { exit 1 } }
+expect { 
+     -re "(.*)\r
+" {}
+    timeout { exit 1 } }
+expect {
+    -exact "Is this correct (y/n)? " { send -- "y\r" }
+    timeout { exit 1 } }
+expect {
+    -exact "y\r
+\r                        \r\r
 You need a User-ID to identify your key; the software constructs the user id\r
 from Real Name, Comment and Email Address in this form:\r
-    \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\r
+    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\r
 \r
-Real name: "
+Real name: " { send -- "Harry H.\r" }
-send -- "Harry H.\r"
+    timeout { exit 1 } }
-expect -exact "Harry H.\r
+expect {
-\r		     \rEmail address: "
+   -exact "Harry H.\r
-send -- "hh@ddorf.de\r"
+\r                   \rEmail address: " { send -- "hh@ddorf.de\r" }
-expect -exact "hh@ddorf.de\r
+    timeout { exit 1 } }
-\r			    \rComment: "
+expect {
-send -- "a test\r"
+   -exact "hh@ddorf.de\r
-expect -exact "a test\r
+\r                          \rComment: " { send -- "a test\r" }
-\r		 \rYou selected this USER-ID:\r
+    timeout { exit 1 } }
+expect {
+   -exact "a test\r
+\r               \rYou selected this USER-ID:\r
     \"Harry H. (a test) <hh@ddorf.de> (INSECURE!)\"\r
 \r
-Edit (N)ame, (C)omment, (E)mail or (O)kay? "
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? " { send -- "o\r" }
-send -- "o\r"
+    timeout { exit 1 } }
-expect -exact "o\r
-\r					      \rYou need a Passphrase to protect your secret key.\r
-\r
-Enter pass phrase: "
-send -- "abc\r"
-expect -ex "abc\r\n"
-expect -ex "\r                   \rRepeat pass phrase:\ "
-send -- "abc\r"
-expect -ex "abc\r\n"
 expect {
-    -ex "public and secret key created and signed.\r"
+   -exact "o\r
-    eof  abort
+\r                                                     \rYou need a Passphrase to protect your secret key.\r
+\r
+Enter pass phrase: " { sleep 1; send -- "abc\r" }
+    timeout { exit 1 } }
+expect {
+  -ex "\r                   \rRepeat pass phrase: " { sleep 1; send -- "abc\r" }
+    timeout { exit 1 } }
+expect { 
+  -ex "\r                    \rWe need to generate a lot of random bytes. It is a good idea to perform\r
+some other action (work in another window, move the mouse, utilize the\r
+network and the disks) during the prime generation; this gives the random\r
+number generator a better chance to gain enough entropy.\r" {}
+    timeout { exit 1 } }
+set timeout 120
+expect {
+    -ex "public and secret key created and signed.\r" { exit 0 }
+    eof  { exit 1 }
 }
+exit 1
 EOF
 

cipher/random.c

@@ -124,6 +124,8 @@ get_random_bits( size_t nbits, int level, int secure )
     byte *buf;
     size_t nbytes = (nbits+7)/8;
 
+    if( quick_test && level > 1 )
+	level = 1;
     MASK_LEVEL(level);
     buf = secure && secure_alloc ? m_alloc_secure( nbytes ) : m_alloc( nbytes );
     read_pool( buf, nbytes, level );

g10/ChangeLog

@@ -1,3 +1,48 @@
+Tue Aug 11 17:54:50 1998  Werner Koch  (wk@(none))
+
+	* build-packet.c (do_secret_key): Fixed handling of old keys.
+
+	* getkey.c (compare_name): Fixed exact and email matching
+
+	* openfile.c (open_outfile): Changed arguments and all callers.
+
+Tue Aug 11 09:14:35 1998  Werner Koch  (wk@(none))
+
+	* encode.c (encode_simple): Applied option set-filename and comment.
+	(encode_crypt): Ditto.
+	* sign.c (sign_file): Ditto.
+	* armor.c (armor_filter): Applied option comment.
+
+	* encode.c (encode_crypt): Moved init_packet to the begin.
+	(encode_simple): add an init_packet().
+
+	* comment (write_comment): Now enforces a hash sign as the 1st byte.
+
+	* import.c (import_one): Add explanation for "no user ids".
+
+	* compress.c (do_uncompress): Applied Brian Warner's patch to support
+	zlib 1.1.3 etc.
+
+	* trustdb.c (check_trust): Fixed a problem after inserting new keys.
+
+	* getkey (lookup): do not return the primary key if usage is given
+	(lookup_sk): Ditto and take usage into account.
+
+	* status.c (cpr_get_answer_is_yes): add display_help.
+
+Mon Aug 10 10:11:28 1998  Werner Koch  (wk@(none))
+
+	* getkey.c (lookup_sk): Now always returns the primary if arg
+	primary is true.
+	(lookup): Likewise.
+	(get_pubkey_byname): Now returns the primary key
+	(get_seckey_byname): Ditto.
+
+
+Mon Aug 10 08:34:03 1998  Werner Koch  (wk@(none))
+
+	* keyid.c (pubkey_letter): ELG_E is now a small g.
+
 Sat Aug  8 17:26:12 1998  Werner Koch  (wk@(none))
 
 	* openfile (overwrite_filep): Changed semantics and all callers.

g10/OPTIONS

@@ -50,3 +50,11 @@ run-as-shm-coprocess [request-locked-shm-size]
 # very special :-)
 # You will have to use "--status-fd" too
 
+
+set-filename <name>
+# Set <name> as the filename into the plaintext packet
+
+comment <string>
+# Add <string> as comment to the output
+
+

g10/armor.c

@@ -1002,8 +1002,25 @@ armor_filter( void *opaque, int control,
 	    iobuf_writestr(a, "-----\n");
 	    iobuf_writestr(a, "Version: GNUPG v"  VERSION " ("
 					    PRINTABLE_OS_NAME ")\n");
-	    iobuf_writestr(a,
+
-		"Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/\n");
+	    if( opt.comment_string ) {
+		const char *s = opt.comment_string;
+		iobuf_writestr(a, "Comment: " );
+		for( ; *s; s++ ) {
+		    if( *s == '\n' )
+			iobuf_writestr(a, "\\n" );
+		    else if( *s == '\r' )
+			iobuf_writestr(a, "\\r" );
+		    else if( *s == '\v' )
+			iobuf_writestr(a, "\\v" );
+		    else
+			iobuf_put(a, *s );
+		}
+		iobuf_put(a, '\n' );
+	    }
+	    else
+		iobuf_writestr(a,
+		    "Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/\n");
 	    if( afx->hdrlines )
 		iobuf_writestr(a, afx->hdrlines);
 	    iobuf_put(a, '\n');

g10/build-packet.c

@@ -291,7 +291,8 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
     for(i=0; i < npkey; i++ )
 	mpi_write(a, sk->skey[i] );
     if( sk->is_protected ) {
-	if( is_RSA(sk->pubkey_algo) && sk->version < 4 ) {
+	if( is_RSA(sk->pubkey_algo) && sk->version < 4
+				    && !sk->protect.s2k.mode ) {
 	    iobuf_put(a, sk->protect.algo );
 	    iobuf_write(a, sk->protect.iv, 8 );
 	}

g10/comment.c

@@ -44,9 +44,17 @@ write_comment( IOBUF out, const char *s )
     int rc=0;
 
     pkt.pkttype = PKT_COMMENT;
-    pkt.pkt.comment = m_alloc( sizeof *pkt.pkt.comment + n - 1 );
+    if( *s != '#' ) {
-    pkt.pkt.comment->len = n;
+       pkt.pkt.comment = m_alloc( sizeof *pkt.pkt.comment + n );
-    strcpy(pkt.pkt.comment->data, s);
+       pkt.pkt.comment->len = n+1;
+       *pkt.pkt.comment->data = '#';
+       strcpy(pkt.pkt.comment->data+1, s);
+    }
+    else {
+       pkt.pkt.comment = m_alloc( sizeof *pkt.pkt.comment + n - 1 );
+       pkt.pkt.comment->len = n;
+       strcpy(pkt.pkt.comment->data, s);
+    }
     if( (rc = build_packet( out, &pkt )) )
 	log_error("build_packet(comment) failed: %s\n", g10_errstr(rc) );
     free_packet( &pkt );

g10/compress.c

@@ -151,19 +151,23 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
 	if( DBG_FILTER )
 	    log_debug("call inflate: avail_in=%u, avail_out=%u\n",
 		    (unsigned)zs->avail_in, (unsigned)zs->avail_out);
+      #ifdef Z_SYNC_FLUSH
+	zrc = inflate( zs, Z_SYNC_FLUSH );
+      #else
 	zrc = inflate( zs, Z_PARTIAL_FLUSH );
+      #endif
 	if( DBG_FILTER )
 	    log_debug("inflate returned: avail_in=%u, avail_out=%u, zrc=%d\n",
 		   (unsigned)zs->avail_in, (unsigned)zs->avail_out, zrc);
 	if( zrc == Z_STREAM_END )
 	    rc = -1; /* eof */
-	else if( zrc != Z_OK ) {
+	else if( zrc != Z_OK && zrc != Z_BUF_ERROR ) {
 	    if( zs->msg )
 		log_fatal("zlib inflate problem: %s\n", zs->msg );
 	    else
 		log_fatal("zlib inflate problem: rc=%d\n", zrc );
 	}
-    } while( zs->avail_out && zrc != Z_STREAM_END );
+    } while( zs->avail_out && zrc != Z_STREAM_END  && zrc != Z_BUF_ERROR );
     *ret_len = zfx->outbufsize - zs->avail_out;
     if( DBG_FILTER )
 	log_debug("do_uncompress: returning %u bytes\n", (unsigned)*ret_len );

g10/dearmor.c

@@ -58,10 +58,9 @@ dearmor_file( const char *fname )
 
     iobuf_push_filter( inp, armor_filter, &afx );
 
-    if( !(out = open_outfile( fname, 0 )) ) {
+    if( (rc = open_outfile( fname, 0, &out )) )
-	rc = G10ERR_CREATE_FILE;
 	goto leave;
-    }
+
 
 
     while( (c = iobuf_get(inp)) != -1 )
@@ -100,10 +99,8 @@ enarmor_file( const char *fname )
     }
 
 
-    if( !(out = open_outfile( fname, 1 )) ) {
+    if( (rc = open_outfile( fname, 1, &out )) )
-	rc = G10ERR_CREATE_FILE;
 	goto leave;
-    }
 
     afx.what = 4;
     afx.hdrlines = "Comment: Use \"gpgm --dearmor\" for unpacking\n";

g10/encode.c

@@ -80,6 +80,7 @@ encode_simple( const char *filename, int mode )
     memset( &cfx, 0, sizeof cfx);
     memset( &afx, 0, sizeof afx);
     memset( &zfx, 0, sizeof zfx);
+    init_packet(&pkt);
 
     /* prepare iobufs */
     if( !(inp = iobuf_open(filename)) ) {
@@ -107,19 +108,21 @@ encode_simple( const char *filename, int mode )
 	}
     }
 
-    if( !(out = open_outfile( filename, opt.armor? 1:0 )) ) {
+    if( (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) {
 	iobuf_close(inp);
 	m_free(cfx.dek);
 	m_free(s2k);
-	return G10ERR_CREATE_FILE;  /* or user said: do not overwrite */
+	return rc;
     }
 
     if( opt.armor )
 	iobuf_push_filter( out, armor_filter, &afx );
-    else
+    else {
 	write_comment( out, "#created by GNUPG v" VERSION " ("
 					    PRINTABLE_OS_NAME ")");
-
+	if( opt.comment_string )
+	    write_comment( out, opt.comment_string );
+    }
     if( s2k && !opt.rfc1991 ) {
 	PKT_symkey_enc *enc = m_alloc_clear( sizeof *enc );
 	enc->version = 4;
@@ -133,18 +136,22 @@ encode_simple( const char *filename, int mode )
     }
 
     /* setup the inner packet */
-    if( filename ) {
+    if( filename || opt.set_filename ) {
-	pt = m_alloc( sizeof *pt + strlen(filename) - 1 );
+	const char *s = opt.set_filename ? opt.set_filename : filename;
-	pt->namelen = strlen(filename);
+	pt = m_alloc( sizeof *pt + strlen(s) - 1 );
-	memcpy(pt->name, filename, pt->namelen );
+	pt->namelen = strlen(s);
-	if( !(filesize = iobuf_get_filelength(inp)) )
+	memcpy(pt->name, s, pt->namelen );
-	    log_info(_("%s: warning: empty file\n"), filename );
     }
     else { /* no filename */
 	pt = m_alloc( sizeof *pt - 1 );
 	pt->namelen = 0;
-	filesize = 0; /* stdin */
     }
+    if( filename ) {
+	if( !(filesize = iobuf_get_filelength(inp)) )
+	    log_info(_("%s: warning: empty file\n"), filename );
+    }
+    else
+	filesize = 0; /* stdin */
     pt->timestamp = make_timestamp();
     pt->mode = 'b';
     pt->len = filesize;
@@ -194,6 +201,7 @@ encode_crypt( const char *filename, STRLIST remusr )
     memset( &cfx, 0, sizeof cfx);
     memset( &afx, 0, sizeof afx);
     memset( &zfx, 0, sizeof zfx);
+    init_packet(&pkt);
 
     if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
 	return rc;
@@ -208,16 +216,18 @@ encode_crypt( const char *filename, STRLIST remusr )
     else if( opt.verbose )
 	log_info(_("reading from '%s'\n"), filename? filename: "[stdin]");
 
-    if( !(out = open_outfile( filename, opt.armor? 1:0 )) ) {
+    if( (rc = open_outfile( filename, opt.armor? 1:0, &out )) )
-	rc = G10ERR_CREATE_FILE;  /* or user said: do not overwrite */
 	goto leave;
-    }
+
 
     if( opt.armor )
 	iobuf_push_filter( out, armor_filter, &afx );
-    else
+    else {
 	write_comment( out, "#created by GNUPG v" VERSION " ("
 					    PRINTABLE_OS_NAME ")");
+	if( opt.comment_string )
+	    write_comment( out, opt.comment_string );
+    }
 
     /* create a session key */
     cfx.dek = m_alloc_secure( sizeof *cfx.dek );
@@ -237,24 +247,27 @@ encode_crypt( const char *filename, STRLIST remusr )
 	goto leave;
 
     /* setup the inner packet */
-    if( filename ) {
+    if( filename || opt.set_filename ) {
-	pt = m_alloc( sizeof *pt + strlen(filename) - 1 );
+	const char *s = opt.set_filename ? opt.set_filename : filename;
-	pt->namelen = strlen(filename);
+	pt = m_alloc( sizeof *pt + strlen(s) - 1 );
-	memcpy(pt->name, filename, pt->namelen );
+	pt->namelen = strlen(s);
-	if( !(filesize = iobuf_get_filelength(inp)) )
+	memcpy(pt->name, s, pt->namelen );
-	    log_info(_("%s: warning: empty file\n"), filename );
     }
     else { /* no filename */
 	pt = m_alloc( sizeof *pt - 1 );
 	pt->namelen = 0;
-	filesize = 0; /* stdin */
     }
+    if( filename ) {
+	if( !(filesize = iobuf_get_filelength(inp)) )
+	    log_info(_("%s: warning: empty file\n"), filename );
+    }
+    else
+	filesize = 0; /* stdin */
     pt->timestamp = make_timestamp();
     pt->mode = 'b';
     pt->len = filesize;
     pt->new_ctb = !pt->len && !opt.rfc1991;
     pt->buf = inp;
-    init_packet(&pkt);
     pkt.pkttype = PKT_PLAINTEXT;
     pkt.pkt.plaintext = pt;
     cfx.datalen = filesize && !opt.compress? calc_packet_length( &pkt ) : 0;

g10/export.c

@@ -71,10 +71,9 @@ do_export( STRLIST users, int secret )
     memset( &zfx, 0, sizeof zfx);
     init_packet( &pkt );
 
-    if( !(out = open_outfile( NULL, 0 )) ) {
+    if( (rc = open_outfile( NULL, 0, &out )) )
-	rc = G10ERR_CREATE_FILE;
 	goto leave;
-    }
+
 
     if( opt.armor ) {
 	afx.what = secret?5:1;

g10/g10.c

@@ -47,18 +47,68 @@
 #endif
 
 
+enum cmd_and_opt_values { aNull = 0,
+    oArmor	  = 'a',
+    aDetachedSign = 'b',
+    aSym	  = 'c',
+    aDecrypt	  = 'd',
+    aEncr	  = 'e',
+    oKOption	  = 'k',
+    oDryRun	  = 'n',
+    oOutput	  = 'o',
+    oRemote	  = 'r',
+    aSign	  = 's',
+    oTextmode	  = 't',
+    oUser	  = 'u',
+    oVerbose	  = 'v',
+    oCompress	  = 'z',
+    oBatch	  = 500,
+    aClearsign	  = 539,
+    aStore,
+    aKeygen,
+    aSignEncr,
+    aSignKey,
+    aListPackets,
+    aEditKey,
+    aDeleteKey,
+    aDeleteSecretKey,
+    aKMode,
+    aKModeC,
+    aImport,
+    aVerify,
+    aListKeys,
+    aListSigs,
+    aListSecretKeys,
+    aExport,
+    aExportSecret,
+    aCheckKeys,
+    aGenRevoke,
+    aPrimegen,
+    aPrintMD,
+    aPrintMDs,
+    aCheckTrustDB,
+    aListTrustDB,
+    aListTrustPath,
+    aExportOwnerTrust,
+    aImportOwnerTrust,
+    aDeArmor,
+    aEnArmor,
+    aGenRandom,
+aTest };
+
+
 static ARGPARSE_OPTS opts[] = {
 
     { 300, NULL, 0, N_("@Commands:\n ") },
 
   #ifdef IS_G10
-    { 's', "sign",      256, N_("|[file]|make a signature")},
+    { aSign, "sign",      256, N_("|[file]|make a signature")},
-    { 539, "clearsign", 256, N_("|[file]|make a clear text signature") },
+    { aClearsign, "clearsign", 256, N_("|[file]|make a clear text signature") },
-    { 'b', "detach-sign", 256, N_("make a detached signature")},
+    { aDetachedSign, "detach-sign", 256, N_("make a detached signature")},
-    { 'e', "encrypt",   256, N_("encrypt data")},
+    { aEncr, "encrypt",   256, N_("encrypt data")},
-    { 'c', "symmetric", 256, N_("encryption only with symmetric cipher")},
+    { aSym, "symmetric", 256, N_("encryption only with symmetric cipher")},
     { 507, "store",     256, N_("store only")},
-    { 'd', "decrypt",   256, N_("decrypt data (default)")},
+    { aDecrypt, "decrypt",   256, N_("decrypt data (default)")},
     { 550, "verify"   , 256, N_("verify a signature")},
   #endif
     { 551, "list-keys", 256, N_("list keys")},
@@ -93,17 +143,17 @@ static ARGPARSE_OPTS opts[] = {
 
     { 301, NULL, 0, N_("@\nOptions:\n ") },
 
-    { 'a', "armor",     0, N_("create ascii armored output")},
+    { oArmor, "armor",     0, N_("create ascii armored output")},
   #ifdef IS_G10
-    { 'u', "local-user",2, N_("use this user-id to sign or decrypt")},
+    { oUser, "local-user",2, N_("use this user-id to sign or decrypt")},
-    { 'r', "remote-user", 2, N_("use this user-id for encryption")},
+    { oRemote, "remote-user", 2, N_("use this user-id for encryption")},
-    { 'z', NULL,        1, N_("|N|set compress level N (0 disables)") },
+    { oCompress, NULL,	      1, N_("|N|set compress level N (0 disables)") },
-    { 't', "textmode",  0, N_("use canonical text mode")},
+    { oTextmode, "textmode",  0, N_("use canonical text mode")},
   #endif
-    { 'o', "output",    2, N_("use as output file")},
+    { oOutput, "output",    2, N_("use as output file")},
-    { 'v', "verbose",   0, N_("verbose") },
+    { oVerbose, "verbose",   0, N_("verbose") },
-    { 'n', "dry-run",   0, N_("do not make any changes") },
+ /* { oDryRun, "dry-run",   0, N_("do not make any changes") }, */
-    { 500, "batch",     0, N_("batch mode: never ask")},
+    { oBatch, "batch",     0, N_("batch mode: never ask")},
     { 501, "yes",       0, N_("assume yes on most questions")},
     { 502, "no",        0, N_("assume no on most questions")},
     { 509, "keyring"   ,2, N_("add this keyring to the list of keyrings")},
@@ -147,7 +197,7 @@ static ARGPARSE_OPTS opts[] = {
     { 533, "list-trust-path",0, "@"},
   #endif
   #ifdef IS_G10
-    { 'k', NULL,        0, "@"},
+    { oKOption, NULL,	 0, "@"},
     { 504, "delete-secret-key",0, "@" },
     { 524, "edit-sig"  ,0, "@"}, /* alias for edit-key */
     { 523, "passphrase-fd",1, "@" },
@@ -173,27 +223,18 @@ static ARGPARSE_OPTS opts[] = {
     { 559, "always-trust", 0, "@"},
     { 562, "emulate-checksum-bug", 0, "@"},
     { 554, "run-as-shm-coprocess", 4, "@" },
-     /* 568 unused */
+    { 568, "set-filename", 2, "@" },
+    { 569, "comment", 2, "@" },
 {0} };
 
 
-enum cmd_values { aNull = 0,
-    aSym, aStore, aEncr, aKeygen, aSign, aSignEncr,
-    aSignKey, aClearsign, aListPackets, aEditKey, aDeleteKey, aDeleteSecretKey,
-    aKMode, aKModeC,  aImport, aVerify, aDecrypt, aListKeys,
-    aListSigs, aListSecretKeys, aExport, aExportSecret,
-    aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
-    aCheckTrustDB, aListTrustDB, aListTrustPath,
-    aExportOwnerTrust, aImportOwnerTrust,
-    aDeArmor, aEnArmor, aGenRandom,
-aTest };
 
 static int maybe_setuid = 1;
 
 static char *build_list( const char *text,
 			 const char *(*mapf)(int), int (*chkf)(int) );
-static void set_cmd( enum cmd_values *ret_cmd,
+static void set_cmd( enum cmd_and_opt_values *ret_cmd,
-			enum cmd_values new_cmd );
+			enum cmd_and_opt_values new_cmd );
 #ifdef IS_G10MAINT
 static void print_hex( byte *p, size_t n );
 static void print_mds( const char *fname, int algo );
@@ -337,9 +378,9 @@ set_debug(void)
 
 
 static void
-set_cmd( enum cmd_values *ret_cmd, enum cmd_values new_cmd )
+set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
 {
-    enum cmd_values cmd = *ret_cmd;
+    enum cmd_and_opt_values cmd = *ret_cmd;
 
     if( !cmd || cmd == new_cmd )
 	cmd = new_cmd;
@@ -383,7 +424,7 @@ main( int argc, char **argv )
     int errors=0;
     int default_keyring = 1;
     int greeting = 1;
-    enum cmd_values cmd = 0;
+    enum cmd_and_opt_values cmd = 0;
     const char *trustdb_name = NULL;
     char *def_cipher_string = NULL;
     char *def_digest_string = NULL;
@@ -478,27 +519,27 @@ main( int argc, char **argv )
 						&pargs, opts) ) {
 	switch( pargs.r_opt ) {
 
-	  case 'a': opt.armor = 1; opt.no_armor=0; break;
+	  case oArmor: opt.armor = 1; opt.no_armor=0; break;
 	#ifdef IS_G10
-	  case 'b': detached_sig = 1; set_cmd( &cmd, aSign ); break;
+	  case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
-	  case 'c': set_cmd( &cmd, aSym); break;
+	  case aSym: set_cmd( &cmd, aSym); break;
-	  case 'd': set_cmd( &cmd, aDecrypt); break;
+	  case aDecrypt: set_cmd( &cmd, aDecrypt); break;
-	  case 'e': set_cmd( &cmd, aEncr); break;
+	  case aEncr: set_cmd( &cmd, aEncr); break;
-	  case 'r': /* store the remote users */
+	  case oRemote: /* store the remote users */
 	    sl = m_alloc( sizeof *sl + strlen(pargs.r.ret_str));
 	    strcpy(sl->d, pargs.r.ret_str);
 	    sl->next = remusr;
 	    remusr = sl;
 	    break;
-	  case 's': set_cmd( &cmd, aSign );  break;
+	  case aSign: set_cmd( &cmd, aSign );  break;
-	  case 't': opt.textmode=1;  break;
+	  case oTextmode: opt.textmode=1;  break;
-	  case 'u': /* store the local users */
+	  case oUser: /* store the local users */
 	    sl = m_alloc( sizeof *sl + strlen(pargs.r.ret_str));
 	    strcpy(sl->d, pargs.r.ret_str);
 	    sl->next = locusr;
 	    locusr = sl;
 	    break;
-	  case 'z': opt.compress = pargs.r.ret_int; break;
+	  case oCompress: opt.compress = pargs.r.ret_int; break;
 	  case 503: set_cmd( &cmd, aKeygen); break;
 	  case 504: set_cmd( &cmd, aDeleteSecretKey); break;
 	  case 505: set_cmd( &cmd, aDeleteKey); break;
@@ -508,7 +549,7 @@ main( int argc, char **argv )
 	  case 524: set_cmd( &cmd, aEditKey); break;
 	  case 527: def_cipher_string = m_strdup(pargs.r.ret_str); break;
 	  case 529: def_digest_string = m_strdup(pargs.r.ret_str); break;
-	  case 539: set_cmd( &cmd, aClearsign); break;
+	  case aClearsign: set_cmd( &cmd, aClearsign); break;
 	  case 540: secmem_set_flags( secmem_get_flags() | 1 ); break;
 	  case 542: set_cmd( &cmd, aGenRevoke); break;
 	  case 550: set_cmd( &cmd, aVerify); break;
@@ -536,12 +577,12 @@ main( int argc, char **argv )
 	  case 525: set_cmd( &cmd, aImportOwnerTrust); break;
 	#endif /* IS_G10MAINT */
 
-	  case 'o': opt.outfile = pargs.r.ret_str; break;
+	  case oOutput: opt.outfile = pargs.r.ret_str; break;
-	  case 'v': g10_opt_verbose++;
+	  case oVerbose: g10_opt_verbose++;
 		    opt.verbose++; opt.list_sigs=1; break;
-	  case 'k': set_cmd( &cmd, aKMode ); break;
+	  case oKOption: set_cmd( &cmd, aKMode ); break;
 
-	  case 500: opt.batch = 1; greeting = 0; break;
+	  case oBatch: opt.batch = 1; greeting = 0; break;
 	  case 501: opt.answer_yes = 1; break;
 	  case 502: opt.answer_no = 1; break;
 	  case 508: set_cmd( &cmd, aCheckKeys); break;
@@ -598,6 +639,8 @@ main( int argc, char **argv )
 	    log_error("shared memory coprocessing is not available\n");
 	  #endif
 	    break;
+	  case 568: opt.set_filename = pargs.r.ret_str; break;
+	  case 569: opt.comment_string = pargs.r.ret_str; break;
 	  default : errors++; pargs.err = configfp? 1:2; break;
 	}
     }

g10/getkey.c

@@ -71,9 +71,9 @@ static int pk_cache_entries;   /* number of entries in pk cache */
 
 static int lookup( PKT_public_key *pk,
 		   int mode,  u32 *keyid, const char *name,
-		   KBNODE *ret_keyblock  );
+		   KBNODE *ret_keyblock, int primary  );
 static int lookup_sk( PKT_secret_key *sk,
-		   int mode,  u32 *keyid, const char *name );
+		   int mode,  u32 *keyid, const char *name, int primary );
 
 /* note this function may be called before secure memory is
  * available
@@ -263,7 +263,7 @@ get_pubkey( PKT_public_key *pk, u32 *keyid )
 
 
     /* do a lookup */
-    rc = lookup( pk, 11, keyid, NULL, NULL );
+    rc = lookup( pk, 11, keyid, NULL, NULL, 0 );
     if( !rc )
 	goto leave;
 
@@ -321,15 +321,13 @@ hextobyte( const byte *s )
  *   on the length a short or complete one.
  * - If the username starts with 32,33,40 or 41 hex-digits (the first one
  *   must be in the range 0..9), this is considered a fingerprint.
- *   (Not yet implemented)
  * - If the username starts with a left angle, we assume it is a complete
  *   email address and look only at this part.
  * - If the username starts with a '.', we assume it is the ending
  *   part of an email address
  * - If the username starts with an '@', we assume it is a part of an
  *   email address
- * - If the userid start with an '=' an exact compare is done; this may
+ * - If the userid start with an '=' an exact compare is done.
- *   also follow the keyid in which case both parts are matched.
  * - If the userid starts with a '*' a case insensitive substring search is
  *   done (This is also the default).
  */
@@ -436,16 +434,16 @@ key_byname( int secret,
 	    sk = m_alloc_clear( sizeof *sk );
 	    internal++;
 	}
-	rc = mode < 16? lookup_sk( sk, mode, keyid, name )
+	rc = mode < 16? lookup_sk( sk, mode, keyid, s, 1 )
-		      : lookup_sk( sk, mode, keyid, fprint );
+		      : lookup_sk( sk, mode, keyid, fprint, 1 );
     }
     else {
 	if( !pk ) {
 	    pk = m_alloc_clear( sizeof *pk );
 	    internal++;
 	}
-	rc = mode < 16? lookup( pk, mode, keyid, name, NULL )
+	rc = mode < 16? lookup( pk, mode, keyid, s, NULL, 1 )
-		      : lookup( pk, mode, keyid, fprint, NULL );
+		      : lookup( pk, mode, keyid, fprint, NULL, 1 );
     }
 
 
@@ -473,7 +471,7 @@ get_pubkey_byfprint( PKT_public_key *pk, const byte *fprint, size_t fprint_len)
     int rc;
 
     if( fprint_len == 20 || fprint_len == 16 )
-	rc = lookup( pk, fprint_len, NULL, fprint, NULL );
+	rc = lookup( pk, fprint_len, NULL, fprint, NULL, 0 );
     else
 	rc = G10ERR_GENERAL; /* Oops */
     return rc;
@@ -491,7 +489,7 @@ get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
     PKT_public_key *pk = m_alloc_clear( sizeof *pk );
 
     if( fprint_len == 20 || fprint_len == 16 )
-	rc = lookup( pk, fprint_len, NULL, fprint, ret_keyblock );
+	rc = lookup( pk, fprint_len, NULL, fprint, ret_keyblock, 0 );
     else
 	rc = G10ERR_GENERAL; /* Oops */
 
@@ -507,7 +505,7 @@ get_seckey( PKT_secret_key *sk, u32 *keyid )
 {
     int rc;
 
-    rc = lookup_sk( sk, 11, keyid, NULL );
+    rc = lookup_sk( sk, 11, keyid, NULL, 0 );
     if( !rc ) {
 	/* check the secret key (this may prompt for a passprase to
 	 * unlock the secret key
@@ -530,7 +528,7 @@ seckey_available( u32 *keyid )
     int rc;
 
     sk = m_alloc_clear( sizeof *sk );
-    rc = lookup_sk( sk, 11, keyid, NULL );
+    rc = lookup_sk( sk, 11, keyid, NULL, 0 );
     free_secret_key( sk );
     return rc;
 }
@@ -549,7 +547,7 @@ get_seckey_byname( PKT_secret_key *sk, const char *name, int unprotect )
     if( !name && opt.def_secret_key && *opt.def_secret_key )
 	rc = key_byname( 1, NULL, sk, opt.def_secret_key );
     else if( !name ) /* use the first one as default key */
-	rc = lookup_sk( sk, 15, NULL, NULL );
+	rc = lookup_sk( sk, 15, NULL, NULL, 1 );
     else
 	rc = key_byname( 1, NULL, sk, name );
     if( !rc && unprotect )
@@ -587,7 +585,7 @@ compare_name( const char *uid, size_t uidlen, const char *name, int mode )
 	    if( i < uidlen ) {
 		i = se - s;
 		if( mode == 3 ) { /* exact email address */
-		    if( strlen(name) == i && !memicmp( s, name, i) )
+		    if( strlen(name)-2 == i && !memicmp( s, name+1, i) )
 			return 0;
 		}
 		else if( mode == 4 ) {	/* email substring */
@@ -679,7 +677,7 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
  */
 static int
 lookup( PKT_public_key *pk, int mode,  u32 *keyid,
-	const char *name, KBNODE *ret_keyblock )
+	const char *name, KBNODE *ret_keyblock, int primary )
 {
     int rc;
     KBNODE keyblock = NULL;
@@ -705,7 +703,7 @@ lookup( PKT_public_key *pk, int mode,  u32 *keyid,
 		    && !compare_name( k->pkt->pkt.user_id->name,
 				      k->pkt->pkt.user_id->len, name, mode)) {
 		    /* we found a matching name, look for the key */
-		    for(kk=keyblock; kk; kk = kk->next )
+		    for(kk=keyblock; kk; kk = kk->next ) {
 			if( (	 kk->pkt->pkttype == PKT_PUBLIC_KEY
 			      || kk->pkt->pkttype == PKT_PUBLIC_SUBKEY )
 			    && ( !pk->pubkey_algo
@@ -716,7 +714,8 @@ lookup( PKT_public_key *pk, int mode,  u32 *keyid,
 				       kk->pkt->pkt.public_key->pubkey_algo,
 							   pk->pubkey_usage ))
 			  )
-			break;
+			    break;
+		    }
 		    if( kk ) {
 			u32 aki[2];
 			keyid_from_pk( kk->pkt->pkt.public_key, aki );
@@ -805,9 +804,17 @@ lookup( PKT_public_key *pk, int mode,  u32 *keyid,
 	if( k ) { /* found */
 	    assert(    k->pkt->pkttype == PKT_PUBLIC_KEY
 		    || k->pkt->pkttype == PKT_PUBLIC_SUBKEY );
-	    copy_public_key_new_namehash( pk, k->pkt->pkt.public_key,
+	    assert( keyblock->pkt->pkttype == PKT_PUBLIC_KEY );
-					  use_namehash? namehash:NULL);
+	    if( primary && !pk->pubkey_usage ) {
-	    add_stuff_from_selfsig( keyblock, k );
+		copy_public_key_new_namehash( pk, keyblock->pkt->pkt.public_key,
+					      use_namehash? namehash:NULL);
+		add_stuff_from_selfsig( keyblock, keyblock );
+	    }
+	    else {
+		copy_public_key_new_namehash( pk, k->pkt->pkt.public_key,
+					      use_namehash? namehash:NULL);
+		add_stuff_from_selfsig( keyblock, k );
+	    }
 	    if( ret_keyblock ) {
 		*ret_keyblock = keyblock;
 		keyblock = NULL;
@@ -833,7 +840,8 @@ lookup( PKT_public_key *pk, int mode,  u32 *keyid,
  * Ditto for secret keys
  */
 static int
-lookup_sk( PKT_secret_key *sk, int mode,  u32 *keyid, const char *name )
+lookup_sk( PKT_secret_key *sk, int mode,  u32 *keyid, const char *name,
+	   int primary )
 {
     int rc;
     KBNODE keyblock = NULL;
@@ -857,13 +865,19 @@ lookup_sk( PKT_secret_key *sk, int mode,  u32 *keyid, const char *name )
 		    && !compare_name( k->pkt->pkt.user_id->name,
 				      k->pkt->pkt.user_id->len, name, mode)) {
 		    /* we found a matching name, look for the key */
-		    for(kk=keyblock; kk; kk = kk->next )
+		    for(kk=keyblock; kk; kk = kk->next ) {
 			if( (	 kk->pkt->pkttype == PKT_SECRET_KEY
 			      || kk->pkt->pkttype == PKT_SECRET_SUBKEY )
 			    && ( !sk->pubkey_algo
 				 || sk->pubkey_algo
-				    == kk->pkt->pkt.secret_key->pubkey_algo))
+				    == kk->pkt->pkt.secret_key->pubkey_algo)
-			break;
+			    && ( !sk->pubkey_usage
+				 || !check_pubkey_algo2(
+				       kk->pkt->pkt.secret_key->pubkey_algo,
+							   sk->pubkey_usage ))
+			  )
+			    break;
+		    }
 		    if( kk ) {
 			u32 aki[2];
 			keyid_from_sk( kk->pkt->pkt.secret_key, aki );
@@ -936,7 +950,11 @@ lookup_sk( PKT_secret_key *sk, int mode,  u32 *keyid, const char *name )
 	if( k ) { /* found */
 	    assert(    k->pkt->pkttype == PKT_SECRET_KEY
 		    || k->pkt->pkttype == PKT_SECRET_SUBKEY );
-	    copy_secret_key( sk, k->pkt->pkt.secret_key );
+	    assert( keyblock->pkt->pkttype == PKT_SECRET_KEY );
+	    if( primary && !sk->pubkey_usage )
+		copy_secret_key( sk, keyblock->pkt->pkt.secret_key );
+	    else
+		copy_secret_key( sk, k->pkt->pkt.secret_key );
 	    break; /* enumeration */
 	}
 	release_kbnode( keyblock );

g10/import.c

@@ -246,6 +246,7 @@ import_one( const char *fname, KBNODE keyblock )
     KBPOS kbpos;
     u32 keyid[2];
     int rc = 0;
+    int new_key = 0;
 
     /* get the key and print some info about it */
     node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
@@ -279,6 +280,7 @@ import_one( const char *fname, KBNODE keyblock )
     if( !delete_inv_parts( fname, keyblock, keyid ) ) {
 	log_info_f( fname, _("key %08lX: no valid user ids\n"),
 						    (ulong)keyid[1]);
+	log_info(_("this may be caused by a missing self-signature\n"));
 	return 0;
     }
 
@@ -307,6 +309,7 @@ import_one( const char *fname, KBNODE keyblock )
 	unlock_keyblock( &kbpos );
 	/* we are ready */
 	log_info_f( fname, _("key %08lX: public key imported\n"), (ulong)keyid[1]);
+	new_key = 1;
     }
     else { /* merge */
 	int n_uids, n_sigs, n_subk;
@@ -382,11 +385,11 @@ import_one( const char *fname, KBNODE keyblock )
 	    log_info_f(fname, _("key %08lX: not changed\n"), (ulong)keyid[1] );
     }
     if( !rc ) {
-	rc = query_trust_record( pk_orig );
+	rc = query_trust_record( new_key? pk : pk_orig );
 	if( rc && rc != -1 )
 	    log_error("trustdb error: %s\n", g10_errstr(rc) );
-	else if( rc == -1 ) {
+	else if( rc == -1 ) { /* not found trustdb */
-	    rc = insert_trust_record( pk_orig );
+	    rc = insert_trust_record( new_key? pk : pk_orig );
 	    if( rc )
 		log_error("key %08lX: trustdb insert failed: %s\n",
 					(ulong)keyid[1], g10_errstr(rc) );

g10/keyedit.c

@@ -264,15 +264,11 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified )
 	     "with your key: \""));
 	p = get_user_id( sk_keyid, &n );
 	tty_print_string( p, n );
+	m_free(p); p = NULL;
 	tty_printf("\"\n\n");
-	m_free(p);
+
-	p = cpr_get(N_("sign_uid.okay"), _("Really sign? "));
+	if( !cpr_get_answer_is_yes(N_("sign_uid.okay"), _("Really sign? ")) )
-	cpr_kill_prompt();
+	    continue;;
-	if( !answer_is_yes(p) ) {
-	    m_free(p);
-	    continue; /* No */
-	}
-	m_free(p);
 	/* now we can sign the user ids */
       reloop: /* (must use this, because we are modifing the list) */
 	primary_pk = NULL;
@@ -328,6 +324,7 @@ delete_key( const char *username, int secret )
     PKT_secret_key *sk = NULL;
     u32 keyid[2];
     int okay=0;
+    int yes;
 
     /* search the userid */
     rc = secret? find_secret_keyblock_byname( &kbpos, username )
@@ -376,11 +373,11 @@ delete_key( const char *username, int secret )
     if( rc )
 	rc = 0;
     else if( opt.batch && secret )
-	log_error(_("can't do that in batch-mode\n"));
+	log_error(_("can't do that in batchmode\n"));
     else if( opt.batch && opt.answer_yes )
 	okay++;
     else if( opt.batch )
-	log_error(_("can't do that in batch-mode without \"--yes\"\n"));
+	log_error(_("can't do that in batchmode without \"--yes\"\n"));
     else {
 	char *p;
 	size_t n;
@@ -400,23 +397,20 @@ delete_key( const char *username, int secret )
 	m_free(p);
 	tty_printf("\n\n");
 
-	p = cpr_get( secret? N_("delete_key.secret.okay")
+	yes = cpr_get_answer_is_yes( secret? N_("delete_key.secret.okay")
 			   : N_("delete_key.okay"),
 			      _("Delete this key from the keyring? "));
-	cpr_kill_prompt();
+	if( !cpr_enabled() && secret && yes ) {
-	if( !cpr_enabled() && secret && answer_is_yes(p)) {
 	    /* I think it is not required to check a passphrase; if
 	     * the user is so stupid as to let others access his secret keyring
 	     * (and has no backup) - it is up him to read some very
 	     * basic texts about security.
 	     */
-	    m_free(p);
+	    yes = cpr_get_answer_is_yes(N_("delete_key.secret.okay"),
-	    p = cpr_get(N_("delete_key.secret.okay"),
 			 _("This is a secret key! - really delete? "));
 	}
-	if( answer_is_yes(p) )
+	if( yes )
 	    okay++;
-	m_free(p);
     }
 
 
@@ -596,7 +590,7 @@ keyedit_menu( const char *username, STRLIST locusr )
 
 
     if( opt.batch ) {
-	log_error(_("can't do that in batch-mode\n"));
+	log_error(_("can't do that in batchmode\n"));
 	goto leave;
     }
 
@@ -735,7 +729,7 @@ keyedit_menu( const char *username, STRLIST locusr )
 
 	  case cmdSIGN: /* sign (only the public key) */
 	    if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
-		if( !cpr_get_answer_is_yes(N_("keyedit.signall.okay"),
+		if( !cpr_get_answer_is_yes(N_("keyedit.sign_all.okay"),
 					   _("Really sign all user ids? ")) ) {
 		    tty_printf(_("Hint: Select the user ids to sign\n"));
 		    break;

g10/keygen.c

@@ -444,8 +444,9 @@ ask_keysize( int algo )
 	else if( nbits < 768 )
 	    tty_printf(_("keysize too small; 768 is smallest value allowed.\n"));
 	else if( nbits > 2048 && !cpr_enabled() ) {
-	    tty_printf(_("Keysizes larger than 2048 are not suggested because "
+	    tty_printf(
-			 "computations take REALLY long!\n"));
+		_("Keysizes larger than 2048 are not suggested because\n"
+		  "computations take REALLY long!\n"));
 	    if( cpr_get_answer_is_yes(N_("keygen.size.huge.okay"),_(
 			"Are you sure that you want this keysize? ")) ) {
 		tty_printf(_("Okay, but keep in mind that your monitor "
@@ -625,8 +626,10 @@ ask_user_id( int mode )
 	tty_printf(_("You selected this USER-ID:\n    \"%s\"\n\n"), uid);
 	/* fixme: add a warning if this user-id already exists */
 	for(;;) {
-	    char *ansstr = N_("NnCcEeOoQq");
+	    char *ansstr = _("NnCcEeOoQq");
 
+	    if( strlen(ansstr) != 10 )
+		BUG();
 	    if( cpr_enabled() ) {
 		answer = m_strdup(ansstr+6);
 		answer[1] = 0;

g10/keyid.c

@@ -40,7 +40,7 @@ pubkey_letter( int algo )
       case PUBKEY_ALGO_RSA:	return 'R' ;
       case PUBKEY_ALGO_RSA_E:	return 'r' ;
       case PUBKEY_ALGO_RSA_S:	return 's' ;
-      case PUBKEY_ALGO_ELGAMAL_E:
+      case PUBKEY_ALGO_ELGAMAL_E: return 'g';
       case PUBKEY_ALGO_ELGAMAL: return 'G' ;
       case PUBKEY_ALGO_DSA:	return 'D' ;
       default: return '?';

g10/main.h

@@ -82,7 +82,7 @@ int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock );
 
 /*-- openfile.c --*/
 int overwrite_filep( const char *fname );
-IOBUF open_outfile( const char *fname, int mode );
+int   open_outfile( const char *iname, int mode, IOBUF *a );
 IOBUF open_sigfile( const char *iname );
 
 /*-- seskey.c --*/
@@ -124,5 +124,6 @@ int hash_datafiles( MD_HANDLE md, STRLIST files, const char *sigfilename,
 
 /*-- signal.c --*/
 void init_signals(void);
+void pause_on_sigusr( int which );
 
 #endif /*G10_MAIN_H*/

g10/openfile.c

@@ -65,19 +65,22 @@ overwrite_filep( const char *fname )
 
 /****************
  * Make an output filename for the inputfile INAME.
- * Returns an IOBUF
+ * Returns an IOBUF and an errorcode
  * Mode 0 = use ".gpg"
  *	1 = use ".asc"
  *	2 = use ".sig"
  */
-IOBUF
+int
-open_outfile( const char *iname, int mode )
+open_outfile( const char *iname, int mode, IOBUF *a )
 {
-    IOBUF a = NULL;
+    int rc = 0;
 
+    *a = NULL;
     if( (!iname || (*iname=='-' && !iname[1])) && !opt.outfile ) {
-	if( !(a = iobuf_create(NULL)) )
+	if( !(*a = iobuf_create(NULL)) ) {
 	    log_error("can't open [stdout]: %s\n", strerror(errno) );
+	    rc = G10ERR_CREATE_FILE;
+	}
 	else if( opt.verbose )
 	    log_info("writing to stdout\n");
     }
@@ -94,14 +97,18 @@ open_outfile( const char *iname, int mode )
 	    name = buf;
 	}
 	if( overwrite_filep( name ) ) {
-	    if( !(a = iobuf_create( name )) )
+	    if( !(*a = iobuf_create( name )) ) {
 		log_error("can't create %s: %s\n", name, strerror(errno) );
+		rc = G10ERR_CREATE_FILE;
+	    }
 	    else if( opt.verbose )
 		log_info("writing to '%s'\n", name );
 	}
+	else
+	    rc = G10ERR_FILE_EXISTS;
 	m_free(buf);
     }
-    return a;
+    return rc;
 }
 
 

g10/options.h

@@ -52,6 +52,8 @@ struct {
     int rfc1991;
     unsigned emulate_bugs; /* bug emulation flags EMUBUG_xxxx */
     int shm_coprocess;
+    const char *set_filename;
+    const char *comment_string;
 } opt;
 
 

g10/parse-packet.c

@@ -1068,15 +1068,14 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 		    sk->protect.s2k.count = iobuf_get(inp);
 		    pktlen--;
 		}
-
 	    }
 	    else { /* old version; no S2K, so we set mode to 0, hash MD5 */
 		sk->protect.s2k.mode = 0;
 		/* We need a kludge to cope with old GNUPG versions */
 		sk->protect.s2k.hash_algo =
-			 ( sk->protect.algo == CIPHER_ALGO_BLOWFISH160
+			     ( sk->protect.algo == CIPHER_ALGO_BLOWFISH160
-			   && algorithm == PUBKEY_ALGO_ELGAMAL_E ) ?
+			       && algorithm == PUBKEY_ALGO_ELGAMAL_E ) ?
-				  DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
+				      DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
 		if( list_mode )
 		    printf(  "\tprotect algo: %d  (hash algo: %d)\n",
 			 sk->protect.algo, sk->protect.s2k.hash_algo );

g10/passphrase.c

@@ -223,8 +223,9 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
 	    count -= len2;
 	}
 	if( count ) {
-	    if( count < 8 )
+	    if( count < 8 ) {
 		md_write( md, s2k->salt, count );
+	    }
 	    else {
 		md_write( md, s2k->salt, 8 );
 		count -= 8;

g10/pkclist.c

@@ -81,9 +81,17 @@ edit_ownertrust( ulong lid, int mode )
 " 2 = I do NOT trust\n"
 " 3 = I trust marginally\n"
 " 4 = I trust fully\n"
-" s = please show me more information\n\n") );
+" s = please show me more information\n") );
+    if( mode )
+	tty_printf(_(" m = back to the main menu\n"));
+    tty_printf("\n");
 
     for(;;) {
+	/* a string with valid answers */
+	char *ans = _("sSmM");
+
+	if( strlen(ans) != 4 )
+	    BUG();
 	p = cpr_get(N_("edit_ownertrust.value"),_("Your decision? "));
 	trim_spaces(p);
 	cpr_kill_prompt();
@@ -102,9 +110,12 @@ edit_ownertrust( ulong lid, int mode )
 		changed++;
 	    break;
 	}
-	else if( *p == 's' || *p == 'S' ) {
+	else if( *p == ans[0] || *p == ans[1] ) {
 	    tty_printf(_("You will see a list of signators etc. here\n"));
 	}
+	else if( mode && (*p == ans[2] || *p == ans[3]) ) {
+	    break ; /* back to the menu */
+	}
 	m_free(p); p = NULL;
     }
     m_free(p);

g10/revoke.c

@@ -142,10 +142,8 @@ gen_revoke( const char *uname )
     if( !opt.armor )
 	tty_printf("ASCII armored output forced.\n");
 
-    if( !(out = open_outfile( NULL, 0 )) ) {
+    if( (rc = open_outfile( NULL, 0, &out )) )
-	rc = G10ERR_CREATE_FILE;
 	goto leave;
-    }
 
     afx.what = 1;
     afx.hdrlines = "Comment: A revocation certificate should follow\n";

g10/seckey-cert.c

@@ -51,10 +51,12 @@ do_check( PKT_secret_key *sk )
 
 	if( sk->protect.algo == CIPHER_ALGO_NONE )
 	    BUG();
-	if( check_cipher_algo( sk->protect.algo ) )
+	if( check_cipher_algo( sk->protect.algo )
-	    return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
+	    || cipher_get_blocksize( sk->protect.algo  ) != 8 ) {
-	if( cipher_get_blocksize( sk->protect.algo ) != 8 )
+	    log_info(_("protection algorithm %d is not supported\n"),
-	    return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
+			sk->protect.algo );
+	    return G10ERR_CIPHER_ALGO;
+	}
 	keyid_from_sk( sk, keyid );
 	dek = passphrase_to_dek( keyid, sk->protect.algo,
 				 &sk->protect.s2k, 0 );
@@ -164,21 +166,6 @@ check_secret_key( PKT_secret_key *sk )
 	if( i )
 	    log_error(_("Invalid passphrase; please try again ...\n"));
 	rc = do_check( sk );
-      #if 0 /* set to 1 to enable the workaround */
-	if( rc == G10ERR_BAD_PASS && sk->is_protected
-	    && sk->protect.algo == CIPHER_ALGO_BLOWFISH
-	    && sk->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
-	    /* Workaround for a bug in 0.2.16 which still used
-	     * a 160 bit key for BLOWFISH. */
-	    log_info("trying workaround for 0.2.16 passphrase bug ...\n");
-	    log_info("If you don't need this, uncomment it in g10/seckey-cert.c\n\n");
-	    sk->protect.algo = CIPHER_ALGO_BLOWFISH160;
-	    rc = do_check( sk );
-	    if( rc )
-		rc = G10ERR_BAD_PASS;
-	    sk->protect.algo = CIPHER_ALGO_BLOWFISH;
-	}
-      #endif
 	if( get_passphrase_fd() != -1 )
 	    break;
     }

g10/sign.c

@@ -156,6 +156,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
     int compr_algo = -1; /* unknown */
 
 
+
     memset( &afx, 0, sizeof afx);
     memset( &zfx, 0, sizeof zfx);
     memset( &mfx, 0, sizeof mfx);
@@ -203,10 +204,8 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	else if( opt.verbose )
 	    log_info("writing to '%s'\n", outfile );
     }
-    else if( !(out = open_outfile( fname, opt.armor? 1: detached? 2:0 )) ) {
+    else if( (rc = open_outfile( fname, opt.armor? 1: detached? 2:0, &out )))
-	rc = G10ERR_CREATE_FILE;
 	goto leave;
-    }
 
     /* prepare to calculate the MD over the input */
     if( opt.textmode && !outfile )
@@ -223,9 +222,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 
     if( opt.armor && !outfile  )
 	iobuf_push_filter( out, armor_filter, &afx );
-    else
+    else {
 	write_comment( out, "#created by GNUPG v" VERSION " ("
 					    PRINTABLE_OS_NAME ")");
+	if( opt.comment_string )
+	    write_comment( out, opt.comment_string );
+    }
     if( encrypt ) {
 	efx.pk_list = pk_list;
 	/* fixme: set efx.cfx.datalen if known */
@@ -312,10 +314,17 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	}
     }
     else {
+	if( fname || opt.set_filename ) {
+	    const char *s = opt.set_filename ? opt.set_filename : fname;
+	    pt = m_alloc( sizeof *pt + strlen(s) - 1 );
+	    pt->namelen = strlen(s);
+	    memcpy(pt->name, s, pt->namelen );
+	}
+	else { /* no filename */
+	    pt = m_alloc( sizeof *pt - 1 );
+	    pt->namelen = 0;
+	}
 	if( fname ) {
-	    pt = m_alloc( sizeof *pt + strlen(fname) - 1 );
-	    pt->namelen = strlen(fname);
-	    memcpy(pt->name, fname, pt->namelen );
 	    if( !(filesize = iobuf_get_filelength(inp)) )
 		log_info("warning: '%s' is an empty file\n", fname );
 
@@ -329,11 +338,8 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	    if( opt.textmode && !outfile )
 		filesize = 0;
 	}
-	else { /* no filename */
+	else
-	    pt = m_alloc( sizeof *pt - 1 );
-	    pt->namelen = 0;
 	    filesize = 0; /* stdin */
-	}
 	pt->timestamp = make_timestamp();
 	pt->mode = opt.textmode && !outfile ? 't':'b';
 	pt->len = filesize;
@@ -533,10 +539,8 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
 	else if( opt.verbose )
 	    log_info("writing to '%s'\n", outfile );
     }
-    else if( !(out = open_outfile( fname, 1 )) ) {
+    else if( (rc = open_outfile( fname, 1, &out )) )
-	rc = G10ERR_CREATE_FILE;
 	goto leave;
-    }
 
     iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----\n" );
 

g10/status.c

@@ -286,10 +286,26 @@ cpr_kill_prompt(void)
 int
 cpr_get_answer_is_yes( const char *keyword, const char *prompt )
 {
+    int yes;
+    char *p;
+
   #ifdef USE_SHM_COPROCESSING
     if( opt.shm_coprocess )
 	return !!do_shm_get( keyword, 0, 1 );
   #endif
-    return tty_get_answer_is_yes( prompt );
+    for(;;) {
+	p = tty_get( prompt );
+	trim_spaces(p); /* it is okay to do this here */
+	if( *p == '?' && !p[1] ) {
+	    m_free(p);
+	    display_help( keyword );
+	}
+	else {
+	    tty_kill_prompt();
+	    yes = answer_is_yes(p);
+	    m_free(p);
+	    return yes;
+	}
+    }
 }
 

g10/trustdb.c

@@ -1617,6 +1617,11 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
 	    }
 	    log_info(_("key %08lX.%lu: inserted into trustdb\n"),
 					  keyid[1], pk->local_id );
+	    /* and re-read the dir record */
+	    if( tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
+		log_error("check_trust: reread dir record failed\n");
+		return G10ERR_TRUSTDB;
+	    }
 	}
     }
     cur_time = make_timestamp();

include/errors.h

@@ -61,6 +61,7 @@
 #define G10ERR_UNEXPECTED     39
 #define G10ERR_TIME_CONFLICT  40
 #define G10ERR_WR_PUBKEY_ALGO 41 /* unusabe pubkey algo */
+#define G10ERR_FILE_EXISTS    42
 
 
 #ifndef HAVE_STRERROR

po/ChangeLog

@@ -1,3 +1,7 @@
+Tue Aug 11 12:28:11 1998  Werner Koch  (wk@(none))
+
+	* it.po: New file from Marco.
+
 Thu Jul  9 21:14:51 1998  Werner Koch  (wk@isil.d.shuttle.de)
 
 	* de.po: Fixed typos and added new translations.

po/POTFILES.in

@@ -4,6 +4,7 @@
 # utility
 util/secmem.c
 util/argparse.c
+util/miscutil.c
 
 # cipher
 cipher/random.c
@@ -32,6 +33,6 @@ g10/trustdb.c
 g10/verify.c
 g10/status.c
 g10/pubkey-enc.c
-
+g10/openfile.c
 
 #---end--

po/de.po

@@ -13,6 +13,15 @@ msgstr ""
 "(Um dies zu vermeiden, kann das Programm suid(root) installiert werden;\n"
 " bitte wenden Sie sich hierzu an den Systemadministrator.)\n"
 
+#: util/miscutil.c:87
+msgid  "yes"
+msgstr "ja"
+
+#: util/miscutil.c:88
+msgid  "yY"
+msgstr "jJ"
+
+
 #: cipher/rand-dummy.c:106
 msgid "warning: using insecure random number generator!!\n"
 msgstr "Der Zufallszahlengenerator erzeugt keine sicheren Zufallszahlen!\n"
@@ -467,7 +476,6 @@ msgid ""
 " 3 = I trust marginally\n"
 " 4 = I trust fully\n"
 " s = please show me more information\n"
-"\n"
 msgstr ""
 "\"\n"
 "\n"
@@ -480,7 +488,14 @@ msgstr ""
 " 3 = Ich vertraue ihm normalerweise\n"
 " 4 = Ich vertraue ihm immer\n"
 " s = Bitte weitere Information anzeigen\n"
-"\n"
+
+msgid  " m = back to the main menu\n"
+msgstr " m = Zurück zum Menü\n"
+
+# valid user replies (not including 1..4)
+msgid  "sSmM"
+msgstr "sSmM"
+
 
 #: g10/pkclist.c:84
 msgid "Your decision? "
@@ -517,6 +532,11 @@ msgid ""
 "\n"
 msgstr "Keine \"Owner trust\" Werte ge\344ndert.\n"
 
+#: g10/pkclist.c:186 g10/pkclist.c:273
+msgid "Use this key anyway? "
+msgstr "Den Schlüssel trotzdem benutzen?"
+
+
 #: g10/pkclist.c:268
 msgid ""
 "It is NOT certain that the key belongs to its owner.\n"
@@ -719,7 +739,7 @@ msgstr "Der Schl\374ssel verf\344llt am %s\n"
 
 #: g10/keygen.c:528
 msgid "Is this correct (y/n)? "
-msgstr "Ist dies richtig? (y/n) "
+msgstr "Ist dies richtig? (j/n) "
 
 #: g10/keygen.c:557
 msgid ""
@@ -923,7 +943,7 @@ msgstr "Sch\374ssel %08lX: \326ffentlicher Schl
 
 #: g10/import.c:317
 msgid "key %08lX: doesn't match our copy\n"
-msgstr "Sch\374ssel %08lX: Stimmt nicht mit unserer Kopie \374berein"
+msgstr "Sch\374ssel %08lX: Stimmt nicht mit unserer Kopie \374berein\n"
 
 #: g10/import.c:330 g10/import.c:501
 msgid "key %08lX: can't locate original keyblock: %s\n"
@@ -1116,11 +1136,11 @@ msgid "use option \"--delete-secret-key\" to delete it first.\n"
 msgstr "Benutzen Sie das Kommando \"--delete-decret-key\", um ihn vorab zu entfernen.\n"
 
 #: g10/keyedit.c:508
-msgid "can't do that in batch-mode\n"
+msgid "can't do that in batchmode\n"
 msgstr "Dies kann im Batchmodus nicht durchgef\374hrt werden.\n"
 
 #: g10/keyedit.c:512
-msgid "can't do that in batch-mode without \"--yes\"\n"
+msgid "can't do that in batchmode without \"--yes\"\n"
 msgstr "Dies kann im Batchmodus ohne \"--yes\" nicht durchgef\374hrt werden.\n"
 
 #: g10/keyedit.c:532
@@ -1287,3 +1307,29 @@ msgstr ""
 msgid "keyedit.cmd"
 msgstr "Geben Sie bitte \"help\" ein."
 
+#: g10/status.c:207
+msgid "No help available"
+msgstr "Keine Hilfe vorhanden."
+
+#: g10/status.c:213
+msgid "No help available for '%s'"
+msgstr "Keine Hilfe für '%s' vorhanden."
+
+#: g10/pubkey-enc.c:138
+msgid "note: cipher algorithm %d not found in preferences\n"
+msgstr ""
+"Hinweis: Algorithmus %d ist kein bevorzugtes Verschlüsselungsverfahren\n"
+
+
+#: g10/openfile.c:58
+msgid "File '%s' exists. "
+msgstr "Datei '%s' exsitier bereits. "
+
+#: g10/openfile.c:59
+msgid "openfile.overwrite.okay"
+msgstr "Geben Sie \"ja\" ein, wenn Sie die Datei überschreiben möchten"
+
+#: g10/openfile.c:60
+msgid "Overwrite (y/N)? "
+msgstr "Überschreiben (j/N)? "
+

po/en.po

@@ -104,7 +104,7 @@ msgid "keyedit.cancel.okay"
 msgstr ""
 
 #: g10/keyedit.c:738
-msgid "keyedit.signall.okay"
+msgid "keyedit.sign_all.okay"
 msgstr ""
 
 #: g10/keyedit.c:772

util/ChangeLog

@@ -1,3 +1,7 @@
+Tue Aug 11 15:12:35 1998  Werner Koch  (wk@(none))
+
+	* miscutil.c (answer_is_yes): i18ned
+
 Sat Aug  8 18:35:00 1998  Werner Koch  (wk@(none))
 
 	* ttyio.c (cleanup): New.

util/errors.c

@@ -91,7 +91,7 @@ g10_errstr( int err )
       X(UNEXPECTED     ,"Unexpected data")
       X(TIME_CONFLICT  ,"Timestamp conflict")
       X(WR_PUBKEY_ALGO ,"Unusable pubkey algorithm")
-
+      X(FILE_EXISTS    ,"File exists")
       default: p = buf; sprintf(buf, "g10err=%d", err); break;
     }
   #undef X

util/miscutil.c

@@ -25,6 +25,7 @@
 #include <ctype.h>
 #include "types.h"
 #include "util.h"
+#include "i18n.h"
 
 u32
 make_timestamp()
@@ -79,14 +80,16 @@ print_string( FILE *fp, byte *p, size_t n, int delim )
 	    putc(*p, fp);
 }
 
+
 int
 answer_is_yes( const char *s )
 {
-    if( !stricmp(s, "yes") )
+    char *long_yes = _("yes");
+    char *short_yes = _("yY");
+
+    if( !stricmp(s, long_yes ) )
 	return 1;
-    if( *s == 'y' && !s[1] )
+    if( strchr( short_yes, *s ) && !s[1] )
-	return 1;
-    if( *s == 'Y' && !s[1] )
 	return 1;
     return 0;
 }

zlib/Makefile

@@ -92,7 +92,7 @@ POSUB = po
 RANLIB = ranlib
 USE_INCLUDED_LIBINTL = yes
 USE_NLS = yes
-VERSION = 0.3.3
+VERSION = 0.3.4
 ZLIBS = 
 l =