mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Merge branch 'STABLE-BRANCH-2-4'
-- Resolved conflicts: NEWS common/exechelp-w32.c configure.ac
This commit is contained in:
commit
4485930f9f
@ -1,2 +1,4 @@
|
||||
# indent: Modernize mem2str.
|
||||
6a80d6f9206eae2c867c45daa5cd3e7d6c6ad114
|
||||
# doc: Fix spelling errors found by lintian.
|
||||
2ed1f68b48db7b5503045386de0500fddf70077e
|
||||
|
10
Makefile.am
10
Makefile.am
@ -247,8 +247,8 @@ release:
|
||||
mkopt=""; \
|
||||
if [ -n "$$CUSTOM_SWDB" ]; then \
|
||||
mkopt="CUSTOM_SWB=1"; \
|
||||
x=$$(grep '^OVERRIDE_TARBALLS=' \
|
||||
$$HOME/.gnupg-autogen.rc|cut -d= -f2);\
|
||||
x=$$(grep '^[[:blank:]]*OVERRIDE_TARBALLS[[:blank:]]*=' \
|
||||
$$HOME/.gnupg-autogen.rc|cut -d= -f2|xargs);\
|
||||
if [ -f "$$x/swdb.lst" ]; then \
|
||||
echo "/* Copying swdb.lst from the overrides directory */"; \
|
||||
cp "$$x/swdb.lst" . ; \
|
||||
@ -275,13 +275,15 @@ release:
|
||||
sign-release:
|
||||
+(set -e; \
|
||||
test $$(pwd | sed 's,.*/,,') = dist || cd dist; \
|
||||
x=$$(grep '^RELEASE_ARCHIVE=' $$HOME/.gnupg-autogen.rc|cut -d= -f2);\
|
||||
x=$$(grep '^[[:blank:]]*RELEASE_ARCHIVE[[:blank:]]*=' \
|
||||
$$HOME/.gnupg-autogen.rc|cut -d= -f2|xargs);\
|
||||
if [ -z "$$x" ]; then \
|
||||
echo "error: RELEASE_ARCHIVE missing in ~/.gnupg-autogen.rc">&2; \
|
||||
exit 2;\
|
||||
fi;\
|
||||
myarchive="$$x/$(RELEASE_ARCHIVE_SUFFIX)";\
|
||||
x=$$(grep '^RELEASE_SIGNKEY=' $$HOME/.gnupg-autogen.rc|cut -d= -f2);\
|
||||
x=$$(grep '^[[:blank:]]*RELEASE_SIGNKEY[[:blank:]]*=' \
|
||||
$$HOME/.gnupg-autogen.rc|cut -d= -f2|xargs);\
|
||||
if [ -z "$$x" ]; then \
|
||||
echo "error: RELEASE_SIGNKEY missing in ~/.gnupg-autogen.rc">&2; \
|
||||
exit 2;\
|
||||
|
60
NEWS
60
NEWS
@ -1,6 +1,51 @@
|
||||
Noteworthy changes in version 2.5.0 (unreleased)
|
||||
------------------------------------------------
|
||||
|
||||
Changes also found in 2.4.5:
|
||||
|
||||
Noteworthy changes in version 2.4.5 (2024-03-07)
|
||||
------------------------------------------------
|
||||
|
||||
* gpg,gpgv: New option --assert-pubkey-algo. [T6946]
|
||||
|
||||
* gpg: Emit status lines for errors in the compression layer.
|
||||
[T6977]
|
||||
|
||||
* gpg: Fix invocation with --trusted-keys and --no-options. [T7025]
|
||||
|
||||
* gpgsm: Allow for a longer salt in PKCS#12 files. [T6757]
|
||||
|
||||
* gpgtar: Make --status-fd=2 work on Windows. [T6961]
|
||||
|
||||
* scd: Support for the ACR-122U NFC reader. [rG1682ca9f01]
|
||||
|
||||
* scd: Suport D-TRUST ECC cards. [T7000,T7001]
|
||||
|
||||
* scd: Allow auto detaching of kernel drivers; can be disabled with
|
||||
the new compatibility-flag ccid-no-auto-detach. [rGa1ea3b13e0]
|
||||
|
||||
* scd: Allow setting a PIN length of 6 also with a reset code for
|
||||
openpgp cards. [T6843]
|
||||
|
||||
* agent: Allow GET_PASSPHRASE in restricted mode. [rGadf4db6e20]
|
||||
|
||||
* dirmngr: Trust system's root CAs for checking CRL issuers.
|
||||
[T6963]
|
||||
|
||||
* dirmngr: Fix regression in 2.4.4 in fetching keys via hkps.
|
||||
[T6997]
|
||||
|
||||
* gpg-wks-client: Make option --mirror work properly w/o specifying
|
||||
domains. [rG37cc255e49]
|
||||
|
||||
* g13,gpg-wks-client: Allow command style options as in "g13 mount
|
||||
foo". [rGa09157ccb2]
|
||||
|
||||
* Allow tilde expansion for the foo-program options. [T7017]
|
||||
|
||||
* Make the getswdb.sh tool usable outside the GnuPG tree.
|
||||
|
||||
|
||||
Changes also found in 2.4.4:
|
||||
|
||||
* gpg: Do not keep an unprotected smartcard backup key on disk. See
|
||||
@ -178,6 +223,7 @@ Noteworthy changes in version 2.5.0 (unreleased)
|
||||
Release dates of 2.4 versions
|
||||
-----------------------------
|
||||
|
||||
Version 2.4.5 (2024-03-07) https://dev.gnupg.org/T6960
|
||||
Version 2.4.4 (2024-01-25) https://dev.gnupg.org/T6578
|
||||
Version 2.4.3 (2023-07-04) https://dev.gnupg.org/T6509
|
||||
Version 2.4.2 (2023-05-30) https://dev.gnupg.org/T6506
|
||||
@ -1392,7 +1438,7 @@ Noteworthy changes in version 2.3.0 (2021-04-07)
|
||||
Changes also found in 2.2.12:
|
||||
|
||||
* tools: New commands --install-key and --remove-key for
|
||||
gpg-wks-client. This allows to prepare a Web Key Directory on a
|
||||
gpg-wks-client. This allows one to prepare a Web Key Directory on a
|
||||
local file system for later upload to a web server.
|
||||
|
||||
* gpg: New --list-option "show-only-fpr-mbox". This makes the use
|
||||
@ -1436,7 +1482,7 @@ Noteworthy changes in version 2.3.0 (2021-04-07)
|
||||
query.
|
||||
|
||||
* gpg: Do not store the TOFU trust model in the trustdb. This
|
||||
allows to enable or disable a TOFO model without triggering a
|
||||
allows one to enable or disable a TOFO model without triggering a
|
||||
trustdb rebuild. [#4134]
|
||||
|
||||
* scd: Fix cases of "Bad PIN" after using "forcesig". [#4177]
|
||||
@ -1855,7 +1901,7 @@ Noteworthy changes in version 2.1.23 (2017-08-09)
|
||||
to your gpg.conf.
|
||||
|
||||
* agent: Option --no-grab is now the default. The new option --grab
|
||||
allows to revert this.
|
||||
allows one to revert this.
|
||||
|
||||
* gpg: New import option "show-only".
|
||||
|
||||
@ -2985,7 +3031,7 @@ Noteworthy changes in version 2.1.0 (2014-11-06)
|
||||
* gpg: Allow use of Brainpool curves.
|
||||
|
||||
* gpg: Accepts a space separated fingerprint as user ID. This
|
||||
allows to copy and paste the fingerprint from the key listing.
|
||||
allows one to copy and paste the fingerprint from the key listing.
|
||||
|
||||
* gpg: The hash algorithm is now printed for signature records in key
|
||||
listings.
|
||||
@ -3765,7 +3811,7 @@ Noteworthy changes in version 1.9.10 (2004-07-22)
|
||||
|
||||
* Fixed a serious bug in the checking of trusted root certificates.
|
||||
|
||||
* New configure option --enable-agent-pnly allows to build and
|
||||
* New configure option --enable-agent-only allows one to build and
|
||||
install just the agent.
|
||||
|
||||
* Fixed a problem with the log file handling.
|
||||
@ -4160,7 +4206,7 @@ Noteworthy changes in version 1.1.92 (2002-09-11)
|
||||
extension specified with --load-extension are checked, along
|
||||
with their enclosing directories.
|
||||
|
||||
* The configure option --with-static-rnd=auto allows to build gpg
|
||||
* The configure option --with-static-rnd=auto allows one to build gpg
|
||||
with all available entropy gathering modules included. At
|
||||
runtime the best usable one will be selected from the list
|
||||
linux, egd, unix. This is also the default for systems lacking
|
||||
@ -4543,7 +4589,7 @@ Noteworthy changes in version 1.0.2 (2000-07-12)
|
||||
* New command --export-secret-subkeys which outputs the
|
||||
the _primary_ key with it's secret parts deleted. This is
|
||||
useful for automated decryption/signature creation as it
|
||||
allows to keep the real secret primary key offline and
|
||||
allows one to keep the real secret primary key offline and
|
||||
thereby protecting the key certificates and allowing to
|
||||
create revocations for the subkeys. See the FAQ for a
|
||||
procedure to install such secret keys.
|
||||
|
@ -86,8 +86,8 @@ struct
|
||||
/* Enable pinentry debugging (--debug 1024 should also be used). */
|
||||
int debug_pinentry;
|
||||
|
||||
/* Filename of the program to start as pinentry. */
|
||||
const char *pinentry_program;
|
||||
/* Filename of the program to start as pinentry (malloced). */
|
||||
char *pinentry_program;
|
||||
|
||||
/* Filename of the program to handle daemon tasks. */
|
||||
const char *daemon_program[DAEMON_MAX_TYPE];
|
||||
|
@ -1988,9 +1988,6 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
|
||||
struct pin_entry_info_s *pi2 = NULL;
|
||||
int is_generated;
|
||||
|
||||
if (ctrl->restricted)
|
||||
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
|
||||
|
||||
opt_data = has_option (line, "--data");
|
||||
opt_check = has_option (line, "--check");
|
||||
opt_no_ask = has_option (line, "--no-ask");
|
||||
@ -2039,7 +2036,9 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
|
||||
if (!desc)
|
||||
return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
|
||||
|
||||
if (!strcmp (cacheid, "X"))
|
||||
/* The only limitation in restricted mode is that we don't consider
|
||||
* the cache. */
|
||||
if (ctrl->restricted || !strcmp (cacheid, "X"))
|
||||
cacheid = NULL;
|
||||
if (!strcmp (errtext, "X"))
|
||||
errtext = NULL;
|
||||
@ -2121,7 +2120,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
|
||||
entry_errtext = NULL;
|
||||
is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);
|
||||
|
||||
/* We don't allow an empty passpharse in this mode. */
|
||||
/* We don't allow an empty passphrase in this mode. */
|
||||
if (!is_generated
|
||||
&& check_passphrase_constraints (ctrl, pi->pin,
|
||||
pi->constraints_flags,
|
||||
|
@ -876,6 +876,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
|
||||
opt.debug = 0;
|
||||
opt.no_grab = 1;
|
||||
opt.debug_pinentry = 0;
|
||||
xfree (opt.pinentry_program);
|
||||
opt.pinentry_program = NULL;
|
||||
opt.pinentry_touch_file = NULL;
|
||||
xfree (opt.pinentry_invisible_char);
|
||||
@ -936,7 +937,10 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
|
||||
case oNoGrab: opt.no_grab |= 1; break;
|
||||
case oGrab: opt.no_grab |= 2; break;
|
||||
|
||||
case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
|
||||
case oPinentryProgram:
|
||||
xfree (opt.pinentry_program);
|
||||
opt.pinentry_program = make_filename_try (pargs->r.ret_str, NULL);
|
||||
break;
|
||||
case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
|
||||
case oPinentryInvisibleChar:
|
||||
xfree (opt.pinentry_invisible_char);
|
||||
|
@ -28,15 +28,24 @@ cvtver () {
|
||||
usage()
|
||||
{
|
||||
cat <<EOF
|
||||
Usage: $(basename $0) [OPTIONS]
|
||||
Usage: $(basename $0) [OPTIONS] [packages]
|
||||
Get the online version of the GnuPG software version database
|
||||
and optionally download packages and verify their signatures.
|
||||
|
||||
Options:
|
||||
--info Print only infos about packages
|
||||
--skip-download Assume download has already been done.
|
||||
--skip-verify Do not check signatures
|
||||
--skip-selfcheck Do not check GnuPG version
|
||||
(default if not used in the GnuPG tree)
|
||||
--find-sha1sum Print the name of the sha1sum utility
|
||||
--find-sha256sum Print the name of the sha256sum utility
|
||||
--help Print this help.
|
||||
|
||||
Example:
|
||||
|
||||
getswdb.sh gnupg24 gpgme libksba libassuan
|
||||
|
||||
EOF
|
||||
exit $1
|
||||
}
|
||||
@ -49,6 +58,9 @@ skip_verify=no
|
||||
skip_selfcheck=no
|
||||
find_sha1sum=no
|
||||
find_sha256sum=no
|
||||
info_mode=no
|
||||
packages=
|
||||
die=no
|
||||
while test $# -gt 0; do
|
||||
case "$1" in
|
||||
# Set up `optarg'.
|
||||
@ -79,13 +91,20 @@ while test $# -gt 0; do
|
||||
--find-sha256sum)
|
||||
find_sha256sum=yes
|
||||
;;
|
||||
*)
|
||||
--info)
|
||||
info_mode=yes
|
||||
;;
|
||||
--*)
|
||||
usage 1 1>&2
|
||||
;;
|
||||
*)
|
||||
packages="$packages $1"
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
|
||||
# Mac OSX has only a shasum and not sha1sum
|
||||
if [ ${find_sha1sum} = yes ]; then
|
||||
for i in sha1sum shasum ; do
|
||||
@ -114,16 +133,37 @@ if [ ${find_sha256sum} = yes ]; then
|
||||
fi
|
||||
|
||||
|
||||
if [ $skip_verify = no ]; then
|
||||
if [ ! -f "$distsigkey" ]; then
|
||||
distsigkey="/usr/local/share/gnupg/distsigkey.gpg"
|
||||
if [ ! -f "$distsigkey" ]; then
|
||||
distsigkey="/usr/share/gnupg/distsigkey.gpg"
|
||||
if [ ! -f "$distsigkey" ]; then
|
||||
echo "no keyring with release keys found!" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
echo "using release keys from $distsigkey" >&2
|
||||
skip_selfcheck=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
# Get GnuPG version from VERSION file. For a GIT checkout this means
|
||||
# that ./autogen.sh must have been run first. For a regular tarball
|
||||
# VERSION is always available.
|
||||
if [ ! -f "$srcdir/../VERSION" ]; then
|
||||
if [ $skip_selfcheck = no ]; then
|
||||
if [ ! -f "$srcdir/../VERSION" ]; then
|
||||
echo "VERSION file missing - run autogen.sh first." >&2
|
||||
exit 1
|
||||
fi
|
||||
version=$(cat "$srcdir/../VERSION")
|
||||
else
|
||||
version="0.0.0"
|
||||
fi
|
||||
version=$(cat "$srcdir/../VERSION")
|
||||
version_num=$(echo "$version" | cvtver)
|
||||
|
||||
|
||||
if [ $skip_verify = no ]; then
|
||||
if ! $GPGV --version >/dev/null 2>/dev/null ; then
|
||||
echo "command \"gpgv\" is not installed" >&2
|
||||
@ -164,7 +204,7 @@ else
|
||||
fi
|
||||
fi
|
||||
if [ $skip_verify = no ]; then
|
||||
if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then
|
||||
if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst 2>/dev/null; then
|
||||
echo "list of software versions is not valid!" >&2
|
||||
exit 1
|
||||
fi
|
||||
@ -188,3 +228,73 @@ if [ $skip_selfcheck = no ]; then
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
# Download a package and check its signature.
|
||||
download_pkg () {
|
||||
local url="$1"
|
||||
local file="${url##*/}"
|
||||
|
||||
if ! $WGET -q -O - "$url" >"${file}.tmp" ; then
|
||||
echo "download of $file failed." >&2
|
||||
[ -f "${file}.tmp" ] && rm "${file}.tmp"
|
||||
return 1
|
||||
fi
|
||||
if [ $skip_verify = no ]; then
|
||||
if ! $WGET -q -O - "${url}.sig" >"${file}.tmpsig" ; then
|
||||
echo "download of $file.sig failed." >&2
|
||||
[ -f "${file}.tmpsig" ] && rm "${file}.tmpsig"
|
||||
return 1
|
||||
fi
|
||||
if ! $GPGV -q --keyring "$distsigkey" \
|
||||
"${file}.tmpsig" "${file}.tmp" 2>/dev/null; then
|
||||
echo "signature of $file is not valid!" >&2
|
||||
return 1
|
||||
fi
|
||||
mv "${file}.tmpsig" "${file}.sig"
|
||||
else
|
||||
[ -f "${file}.sig" ] && rm "${file}.sig"
|
||||
fi
|
||||
mv "${file}.tmp" "${file}"
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
|
||||
baseurl=$(awk '$1=="gpgorg_base" {print $2; exit 0}' swdb.lst)
|
||||
for p in $packages; do
|
||||
pver=$(awk '$1=="'"$p"'_ver" {print $2}' swdb.lst)
|
||||
if [ -z "$pver" ]; then
|
||||
echo "package '$p' not found" >&2
|
||||
die=yes
|
||||
else
|
||||
pdir=$(awk '$1=="'"$p"'_dir" {print $2":"$3":"$4}' swdb.lst)
|
||||
if [ -n "$pdir" ]; then
|
||||
psuf=$(echo "$pdir" | cut -d: -f3)
|
||||
pname=$(echo "$pdir" | cut -d: -f2)
|
||||
pdir=$(echo "$pdir" | cut -d: -f1)
|
||||
else
|
||||
psuf=
|
||||
pdir="$p"
|
||||
pname="$p"
|
||||
fi
|
||||
if [ -z "$psuf" ]; then
|
||||
psuf=$(awk 'BEGIN {suf="bz2"};
|
||||
$1=="'"$p"'_sha1_gz" {suf="gz"; exit 0};
|
||||
$1=="'"$p"'_sha1_xz" {suf"xz"; exit 0};
|
||||
END {print suf}' swdb.lst)
|
||||
fi
|
||||
pfullname="$pname-$pver.tar.$psuf"
|
||||
if [ $info_mode = yes ]; then
|
||||
echo "$baseurl/$pdir/$pfullname"
|
||||
else
|
||||
echo "downloading $pfullname"
|
||||
download_pkg "$baseurl/$pdir/$pfullname" || die=yes
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ $die = yes ]; then
|
||||
echo "errors found!" >&2
|
||||
exit 1
|
||||
fi
|
||||
exit 0
|
||||
|
@ -51,10 +51,13 @@
|
||||
# # This is greped by the Makefile.
|
||||
# RELEASE_ARCHIVE=foo@somehost:tarball-archive
|
||||
#
|
||||
# # The key used to sign the released sources.
|
||||
# # The key used to sign the GnuPG sources.
|
||||
# # This is greped by the Makefile.
|
||||
# RELEASE_SIGNKEY=6DAA6E64A76D2840571B4902528897B826403ADA
|
||||
#
|
||||
# # The key used to sign the VERSION files of some MSI installers.
|
||||
# VERSION_SIGNKEY=02F38DFF731FF97CB039A1DA549E695E905BA208
|
||||
#
|
||||
# # For signing Windows binaries we need to employ a Windows machine.
|
||||
# # We connect to this machine via ssh and take the connection
|
||||
# # parameters via .ssh/config. For example a VM could be specified
|
||||
@ -74,6 +77,9 @@
|
||||
# # This is greped by the Makefile.
|
||||
# AUTHENTICODE_TOOL="C:\Program Files (x86)\Windows Kits\10\bin\signtool.exe"
|
||||
#
|
||||
# # The URL for the timestamping service
|
||||
# AUTHENTICODE_TSURL=http://rfc3161timestamp.globalsign.com/advanced
|
||||
#
|
||||
# # To use osslsigncode the follwing entries are required and
|
||||
# # an empty string must be given for AUTHENTICODE_SIGNHOST.
|
||||
# # They are greped by the Makefile.
|
||||
@ -238,10 +244,11 @@ PATCHELF := $(shell patchelf --version 2>/dev/null >/dev/null || echo "echo plea
|
||||
|
||||
# Read signing information from ~/.gnupg-autogen.rc
|
||||
define READ_AUTOGEN_template
|
||||
$(1) = $$(shell grep '^$(1)=' $$$$HOME/.gnupg-autogen.rc|cut -d= -f2)
|
||||
$(1) = $$(shell grep '^[[:blank:]]*$(1)[[:blank:]]*=' $$$$HOME/.gnupg-autogen.rc|cut -d= -f2|xargs)
|
||||
endef
|
||||
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_SIGNHOST))
|
||||
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TOOL))
|
||||
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TSURL))
|
||||
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_KEY))
|
||||
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_CERTS))
|
||||
$(eval $(call READ_AUTOGEN_template,OSSLSIGNCODE))
|
||||
@ -1350,7 +1357,7 @@ define AUTHENTICODE_sign
|
||||
scp $(1) "$(AUTHENTICODE_SIGNHOST):a.exe" ;\
|
||||
ssh "$(AUTHENTICODE_SIGNHOST)" '$(AUTHENTICODE_TOOL)' sign \
|
||||
/a /n '"g10 Code GmbH"' \
|
||||
/tr 'http://rfc3161timestamp.globalsign.com/advanced' /td sha256 \
|
||||
/tr '$(AUTHENTICODE_TSURL)' /td sha256 \
|
||||
/fd sha256 /du https://gnupg.org a.exe ;\
|
||||
scp "$(AUTHENTICODE_SIGNHOST):a.exe" $(2);\
|
||||
echo "speedo: signed file is '$(2)'" ;\
|
||||
@ -1361,13 +1368,13 @@ define AUTHENTICODE_sign
|
||||
-pkcs11module $(SCUTEMODULE) \
|
||||
-certs $(AUTHENTICODE_CERTS) \
|
||||
-h sha256 -n GnuPG -i https://gnupg.org \
|
||||
-ts http://rfc3161timestamp.globalsign.com/advanced \
|
||||
-ts $(AUTHENTICODE_TSURL) \
|
||||
-in $(1) -out $(2).tmp ; mv $(2).tmp $(2) ; \
|
||||
elif [ -e "$(AUTHENTICODE_KEY)" ]; then \
|
||||
echo "speedo: Signing using key $(AUTHENTICODE_KEY)";\
|
||||
osslsigncode sign -certs $(AUTHENTICODE_CERTS) \
|
||||
-pkcs12 $(AUTHENTICODE_KEY) -askpass \
|
||||
-ts "http://timestamp.globalsign.com/scripts/timstamp.dll" \
|
||||
-ts "$(AUTHENTICODE_TSURL)" \
|
||||
-h sha256 -n GnuPG -i https://gnupg.org \
|
||||
-in $(1) -out $(2) ;\
|
||||
else \
|
||||
|
@ -61,9 +61,12 @@ and then manually edited:
|
||||
<Component Id="cmp74961776CCC7B203F500FE261DC12F92" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="FBA2569C-554D-4C06-88FC-0FD6541B5B4B">
|
||||
<File Id="filB82A767EB9971018C006215A9FDE77EF" KeyPath="yes" Source="$(var.SourceDir)\bin\gpg-connect-agent.exe"/>
|
||||
</Component>
|
||||
<Component Id="cmp74961776CCC7B203F500FE261DC12F94" Directory="dirAA72FFDDFA224FB221D53750596B0144" Guid="FBA2569C-554D-4C06-88FC-0FD6541B5B4C">
|
||||
<Component Id="cmp74961776CCC7B203F500FE261DC12F94" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="FBA2569C-554D-4C06-88FC-0FD6541B5B4C">
|
||||
<File Id="filB82A767EB9971018C006215A9FDE77F1" KeyPath="yes" Source="$(var.SourceDir)\bin\gpg-card.exe"/>
|
||||
</Component>
|
||||
<Component Id="cmp74961776CCC7B203F500FE261DC12F95" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="3134BF55-46AF-4B76-A535-DC1EDDB0DBFD">
|
||||
<File Id="filB82A767EB9971018C006215A9FDE77F2" KeyPath="yes" Source="$(var.SourceDir)\libexec\keyboxd.exe"/>
|
||||
</Component>
|
||||
<Component Id="cmp6C1FB70721B208E33DB24296B93AB93F" Directory="dirAA72FFDDFA224FB221D53750596B0142" Guid="FE29D2AA-3151-4421-B8C0-355F69F267A1">
|
||||
<File Id="fil563D2C0464DCE7ECADE6E15C0FC65821" KeyPath="yes" Source="$(var.SourceDir)\libexec\gpg-preset-passphrase.exe"/>
|
||||
</Component>
|
||||
|
@ -41,7 +41,7 @@ static int initialized;
|
||||
static int module;
|
||||
|
||||
/* This value is used by DSA and RSA checks in addition to the hard
|
||||
* coded length checks. It allows to increase the required key length
|
||||
* coded length checks. It allows one to increase the required key length
|
||||
* using a confue file. */
|
||||
static unsigned int min_compliant_rsa_length;
|
||||
|
||||
|
@ -437,6 +437,7 @@ check_syscall_func (void)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
pre_syscall (void)
|
||||
{
|
||||
@ -444,6 +445,7 @@ pre_syscall (void)
|
||||
pre_syscall_func ();
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
post_syscall (void)
|
||||
{
|
||||
|
@ -54,6 +54,7 @@ enum
|
||||
STATUS_NEED_PASSPHRASE,
|
||||
STATUS_VALIDSIG,
|
||||
STATUS_ASSERT_SIGNER,
|
||||
STATUS_ASSERT_PUBKEY_ALGO,
|
||||
STATUS_SIG_ID,
|
||||
STATUS_ENC_TO,
|
||||
STATUS_NODATA,
|
||||
|
@ -31,6 +31,8 @@
|
||||
#ifndef GNUPG_COMMON_T_SUPPORT_H
|
||||
#define GNUPG_COMMON_T_SUPPORT_H 1
|
||||
|
||||
#ifndef LEAN_T_SUPPORT
|
||||
|
||||
#ifdef GCRYPT_VERSION
|
||||
#error The regression tests should not include with gcrypt.h
|
||||
#endif
|
||||
@ -45,11 +47,6 @@
|
||||
# define getenv(a) (NULL)
|
||||
#endif
|
||||
|
||||
#ifndef DIM
|
||||
# define DIM(v) (sizeof(v)/sizeof((v)[0]))
|
||||
# define DIMof(type,member) DIM(((type *)0)->member)
|
||||
#endif
|
||||
|
||||
|
||||
/* Replacement prototypes. */
|
||||
void *gcry_xmalloc (size_t n);
|
||||
@ -65,6 +62,12 @@ void gcry_free (void *a);
|
||||
#define xstrdup(a) gcry_xstrdup ( (a) )
|
||||
#define xfree(a) gcry_free ( (a) )
|
||||
|
||||
#endif /* LEAN_T_SUPPORT */
|
||||
|
||||
#ifndef DIM
|
||||
# define DIM(v) (sizeof(v)/sizeof((v)[0]))
|
||||
# define DIMof(type,member) DIM(((type *)0)->member)
|
||||
#endif
|
||||
|
||||
/* Macros to print the result of a test. */
|
||||
#define pass() do { ; } while(0)
|
||||
|
@ -152,7 +152,7 @@ find_tlv_unchecked (const unsigned char *buffer, size_t length,
|
||||
/* ASN.1 BER parser: Parse BUFFER of length SIZE and return the tag
|
||||
* and the length part from the TLV triplet. Update BUFFER and SIZE
|
||||
* on success. Note that this function does not check that the value
|
||||
* fits into the provided buffer; this allows to work on the TL part
|
||||
* fits into the provided buffer; this allows one to work on the TL part
|
||||
* of a TLV. */
|
||||
gpg_error_t
|
||||
parse_ber_header (unsigned char const **buffer, size_t *size,
|
||||
|
@ -2086,6 +2086,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
|
||||
|
||||
err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
|
||||
(VALIDATE_FLAG_TRUST_CONFIG
|
||||
| VALIDATE_FLAG_TRUST_SYSTEM
|
||||
| VALIDATE_FLAG_CRL
|
||||
| VALIDATE_FLAG_RECURSIVE),
|
||||
r_trust_anchor);
|
||||
|
@ -107,7 +107,7 @@ static gpgrt_opt_t opts[] = {
|
||||
" a record oriented format"},
|
||||
{ oProxy, "proxy", 2,
|
||||
"|NAME|ignore host part and connect through NAME"},
|
||||
{ oStartTLS, "starttls", 0, "use STARTLS for the conenction"},
|
||||
{ oStartTLS, "starttls", 0, "use STARTLS for the connection"},
|
||||
{ oLdapTLS, "ldaptls", 0, "use a TLS for the connection"},
|
||||
{ oNtds, "ntds", 0, "authenticate using AD"},
|
||||
{ oARecOnly, "areconly", 0, "do only an A record lookup"},
|
||||
|
@ -2362,7 +2362,6 @@ run_gnutls_handshake (http_t hd, const char *server)
|
||||
* NULL, decode the string and use this as input from teh server. On
|
||||
* success the final output token is stored at PROXY->OUTTOKEN and
|
||||
* OUTTOKLEN. IF the authentication succeeded OUTTOKLEN is zero. */
|
||||
#ifdef USE_TLS
|
||||
static gpg_error_t
|
||||
proxy_get_token (proxy_info_t proxy, const char *inputstring)
|
||||
{
|
||||
@ -2530,11 +2529,9 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring)
|
||||
|
||||
#endif /*!HAVE_W32_SYSTEM*/
|
||||
}
|
||||
#endif /*USE_TLS*/
|
||||
|
||||
|
||||
/* Use the CONNECT method to proxy our TLS stream. */
|
||||
#ifdef USE_TLS
|
||||
static gpg_error_t
|
||||
run_proxy_connect (http_t hd, proxy_info_t proxy,
|
||||
const char *httphost, const char *server,
|
||||
@ -2556,6 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
|
||||
* RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
|
||||
*/
|
||||
auth_basic = !!proxy->uri->auth;
|
||||
hd->keep_alive = !auth_basic; /* We may need to send more requests. */
|
||||
|
||||
/* For basic authentication we need to send just one request. */
|
||||
if (auth_basic
|
||||
@ -2577,16 +2575,15 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
|
||||
httphost ? httphost : server,
|
||||
port,
|
||||
authhdr ? authhdr : "",
|
||||
auth_basic? "" : "Connection: keep-alive\r\n");
|
||||
hd->keep_alive? "Connection: keep-alive\r\n" : "");
|
||||
if (!request)
|
||||
{
|
||||
err = gpg_error_from_syserror ();
|
||||
goto leave;
|
||||
}
|
||||
hd->keep_alive = !auth_basic; /* We may need to send more requests. */
|
||||
|
||||
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
|
||||
log_debug_with_string (request, "http.c:proxy:request:");
|
||||
log_debug_string (request, "http.c:proxy:request:");
|
||||
|
||||
if (!hd->fp_write)
|
||||
{
|
||||
@ -2610,16 +2607,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
|
||||
if (err)
|
||||
goto leave;
|
||||
|
||||
{
|
||||
unsigned long count = 0;
|
||||
|
||||
while (es_getc (hd->fp_read) != EOF)
|
||||
count++;
|
||||
if (opt_debug)
|
||||
log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
|
||||
count);
|
||||
}
|
||||
|
||||
/* Reset state. */
|
||||
es_clearerr (hd->fp_read);
|
||||
((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
|
||||
@ -2730,6 +2717,14 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
|
||||
}
|
||||
|
||||
leave:
|
||||
if (hd->keep_alive)
|
||||
{
|
||||
es_fclose (hd->fp_write);
|
||||
hd->fp_write = NULL;
|
||||
/* The close has released the cookie and thus we better set it
|
||||
* to NULL. */
|
||||
hd->write_cookie = NULL;
|
||||
}
|
||||
/* Restore flags, destroy stream, reset state. */
|
||||
hd->flags = saved_flags;
|
||||
es_fclose (hd->fp_read);
|
||||
@ -2743,7 +2738,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
|
||||
xfree (tmpstr);
|
||||
return err;
|
||||
}
|
||||
#endif /*USE_TLS*/
|
||||
|
||||
|
||||
/* Make a request string using a standard proxy. On success the
|
||||
@ -2882,7 +2876,7 @@ send_request (ctrl_t ctrl,
|
||||
|
||||
if (proxy && proxy->is_http_proxy)
|
||||
{
|
||||
use_http_proxy = 1; /* We want to use a proxy for the conenction. */
|
||||
use_http_proxy = 1; /* We want to use a proxy for the connection. */
|
||||
err = connect_server (ctrl,
|
||||
*proxy->uri->host ? proxy->uri->host : "localhost",
|
||||
proxy->uri->port ? proxy->uri->port : 80,
|
||||
@ -2903,7 +2897,6 @@ send_request (ctrl_t ctrl,
|
||||
goto leave;
|
||||
}
|
||||
|
||||
#if USE_TLS
|
||||
if (use_http_proxy && hd->uri->use_tls)
|
||||
{
|
||||
err = run_proxy_connect (hd, proxy, httphost, server, port);
|
||||
@ -2915,7 +2908,6 @@ send_request (ctrl_t ctrl,
|
||||
* clear the flag to indicate this. */
|
||||
use_http_proxy = 0;
|
||||
}
|
||||
#endif /* USE_TLS */
|
||||
|
||||
#if HTTP_USE_NTBTLS
|
||||
err = run_ntbtls_handshake (hd);
|
||||
@ -4411,7 +4403,7 @@ same_host_p (parsed_uri_t a, parsed_uri_t b)
|
||||
}
|
||||
|
||||
/* Also consider hosts the same if they differ only in a subdomain;
|
||||
* in both direction. This allows to have redirection between the
|
||||
* in both direction. This allows one to have redirection between the
|
||||
* WKD advanced and direct lookup methods. */
|
||||
for (i=0; i < DIM (subdomains); i++)
|
||||
{
|
||||
|
@ -607,7 +607,7 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
|
||||
* including whether to use TLS and the username and password (see
|
||||
* ldap_parse_uri for a description of the various fields). Be
|
||||
* default a PGP keyserver is assumed; if GENERIC is true a generic
|
||||
* ldap conenction is instead established.
|
||||
* ldap connection is instead established.
|
||||
*
|
||||
* Returns: The ldap connection handle in *LDAP_CONNP, R_BASEDN is set
|
||||
* to the base DN for the PGP key space, several flags will be stored
|
||||
|
@ -3325,7 +3325,7 @@ dirmngr_status_help (ctrl_t ctrl, const char *text)
|
||||
|
||||
|
||||
/* Print a help status line using a printf like format. The function
|
||||
* splits text at LFs. With CTRL beeing NULL, the function behaves
|
||||
* splits text at LFs. With CTRL being NULL, the function behaves
|
||||
* like log_info. */
|
||||
gpg_error_t
|
||||
dirmngr_status_helpf (ctrl_t ctrl, const char *format, ...)
|
||||
|
@ -532,6 +532,12 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
|
||||
--assert-signer is used. The fingerprint is printed with
|
||||
uppercase hex digits.
|
||||
|
||||
*** ASSERT_PUBKEY_ALGO <fingerprint> <state> <algostr>
|
||||
This is emitted when option --assert-pubkey-algo is used and the
|
||||
signing algorithms is accepted according to that list if state is
|
||||
1 or denied if state is 0. The fingerprint is printed with
|
||||
uppercase hex digits.
|
||||
|
||||
*** SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp>
|
||||
This is emitted only for signatures of class 0 or 1 which have
|
||||
been verified okay. The string is a signature id and may be used
|
||||
|
@ -172,7 +172,7 @@ socket.
|
||||
Set compatibility flags to work around certain problems or to emulate
|
||||
bugs. The @var{flags} are given as a comma separated list of flag
|
||||
names and are OR-ed together. The special flag "none" clears the list
|
||||
and allows to start over with an empty list. To get a list of
|
||||
and allows one to start over with an empty list. To get a list of
|
||||
available flags the sole word "help" can be used.
|
||||
|
||||
@item --faked-system-time @var{epoch}
|
||||
|
@ -302,7 +302,7 @@ debugging.
|
||||
@item --steal-socket
|
||||
@opindex steal-socket
|
||||
In @option{--daemon} mode, gpg-agent detects an already running
|
||||
gpg-agent and does not allow to start a new instance. This option can
|
||||
gpg-agent and does not allow one to start a new instance. This option can
|
||||
be used to override this check: the new gpg-agent process will try to
|
||||
take over the communication sockets from the already running process
|
||||
and start anyway. This option should in general not be used.
|
||||
@ -643,7 +643,7 @@ gpg-agent as a replacement for PuTTY's Pageant, the option
|
||||
In this mode of operation, the agent does not only implement the
|
||||
gpg-agent protocol, but also the agent protocol used by OpenSSH
|
||||
(through a separate socket or via Named Pipes) or the protocol used by
|
||||
PuTTY. Consequently, this allows to use the gpg-agent as a drop-in
|
||||
PuTTY. Consequently, this allows one to use the gpg-agent as a drop-in
|
||||
replacement for the ssh-agent.
|
||||
|
||||
SSH keys, which are to be used through the agent, need to be added to
|
||||
@ -693,7 +693,7 @@ The order in which keys are presented to ssh are:
|
||||
@item Negative Use-for-ssh values
|
||||
If a key file has the attribute "Use-for-ssh" and its value is
|
||||
negative, these keys are presented first to ssh. The negative
|
||||
values are capped at -999 with -999 beeing lower ranked than -1.
|
||||
values are capped at -999 with -999 being lower ranked than -1.
|
||||
These values can be used to prefer on-disk keys over keys taken
|
||||
from active cards.
|
||||
|
||||
|
@ -226,7 +226,7 @@ OpenPGP or X.509 keys.
|
||||
@item LOGIN [--clear] [< @var{file}]
|
||||
@opindex login
|
||||
Set the login data object of OpenPGP cards. If @var{file} is given
|
||||
the data is is read from that file. This allows to store binary data
|
||||
the data is is read from that file. This allows one to store binary data
|
||||
in the login field. The option @option{--clear} deletes the login
|
||||
data object.
|
||||
|
||||
|
137
doc/gpg.texi
137
doc/gpg.texi
@ -716,7 +716,7 @@ inserted smartcard, the special string ``card'' can be used for
|
||||
will figure them out and creates an OpenPGP key consisting of the
|
||||
usual primary key and one subkey. This works only with certain
|
||||
smartcards. Note that the interactive @option{--full-gen-key} command
|
||||
allows to do the same but with greater flexibility in the selection of
|
||||
allows one to do the same but with greater flexibility in the selection of
|
||||
the smartcard keys.
|
||||
|
||||
Note that it is possible to create a primary key and a subkey using
|
||||
@ -1290,19 +1290,22 @@ are usually found in the option file.
|
||||
|
||||
@item --default-key @var{name}
|
||||
@opindex default-key
|
||||
Use @var{name} as the default key to sign with. If this option is not
|
||||
used, the default key is the first key found in the secret keyring.
|
||||
Note that @option{-u} or @option{--local-user} overrides this option.
|
||||
This option may be given multiple times. In this case, the last key
|
||||
for which a secret key is available is used. If there is no secret
|
||||
key available for any of the specified values, GnuPG will not emit an
|
||||
error message but continue as if this option wasn't given.
|
||||
Use @var{name} as the default key to sign with. It is suggested to
|
||||
use a fingerprint or at least a long keyID for @var{name}. If this
|
||||
option is not used, the default key is the first key found in the
|
||||
secret keyring. Note that @option{-u} or @option{--local-user}
|
||||
overrides this option. This option may be given multiple times. In
|
||||
this case, the last key for which a secret key is available is used.
|
||||
If there is no secret key available for any of the specified values,
|
||||
GnuPG will not emit an error message but continue as if this option
|
||||
wasn't given.
|
||||
|
||||
|
||||
@item --default-recipient @var{name}
|
||||
@opindex default-recipient
|
||||
Use @var{name} as default recipient if option @option{--recipient} is
|
||||
not used and don't ask if this is a valid one. @var{name} must be
|
||||
non-empty.
|
||||
non-empty and it is suggested to use a fingerprint for @var{name}.
|
||||
|
||||
@item --default-recipient-self
|
||||
@opindex default-recipient-self
|
||||
@ -1773,7 +1776,9 @@ useful if you don't want to keep your secret keys (or one of them)
|
||||
online but still want to be able to check the validity of a given
|
||||
recipient's or signator's key. If the given key is not locally
|
||||
available but an LDAP keyserver is configured the missing key is
|
||||
imported from that server.
|
||||
imported from that server. The value "none" is explicitly allowed to
|
||||
distinguish between the use of any trusted-key option and no use of
|
||||
this option at all (e.g. due to the @option{--no-options} option).
|
||||
|
||||
@item --add-desig-revoker [sensitive:]@var{fingerprint}
|
||||
@opindex add-desig-revoker
|
||||
@ -1914,6 +1919,29 @@ is guaranteed to return with an exit code of 0 if and only if a
|
||||
signature has been encountered, is valid, and the key matches one of
|
||||
the fingerprints given by this option.
|
||||
|
||||
@item --assert-pubkey-algo @var{algolist}
|
||||
@opindex assert-pubkey-algo
|
||||
During data signature verification this options checks whether the
|
||||
used public key algorithm matches the algorithms given by
|
||||
@var{algolist}. This option can be given multiple times to
|
||||
concatenate more algorithms to the list; the delimiter of the list are
|
||||
either commas or spaces.
|
||||
|
||||
The algorithm names given in the list may either be verbatim names
|
||||
like "ed25519" with an optional leading single equal sign, or being
|
||||
prefixed with ">", ">=", "<=", or "<". That prefix operator is
|
||||
applied to the number part of the algorithm name; for example 2048 in
|
||||
"rsa2048" or 384 in "brainpoolP384r1". If the the leading non-digits
|
||||
in the name matches, the prefix operator is used to compare the number
|
||||
part, a trailing suffix is ignored in this case. For example an
|
||||
algorithm list ">rsa3000, >=brainpool384r1, =ed25519" allows RSA
|
||||
signatures with more that 3000 bits, Brainpool curves 384 and 512,
|
||||
and the ed25519 algorithm.
|
||||
|
||||
With this option gpg (and also gpgv) is guaranteed to return with an
|
||||
exit code of 0 if and only if all valid signatures on data are made
|
||||
using a matching algorithm from the given list.
|
||||
|
||||
|
||||
@item --auto-key-locate @var{mechanisms}
|
||||
@itemx --no-auto-key-locate
|
||||
@ -1947,20 +1975,20 @@ list. The default is "local,wkd".
|
||||
|
||||
@item ntds
|
||||
Locate the key using the Active Directory (Windows only). This
|
||||
method also allows to search by fingerprint using the command
|
||||
method also allows one to search by fingerprint using the command
|
||||
@option{--locate-external-key}. Note that this mechanism is
|
||||
actually a shortcut for the mechanism @samp{keyserver} but using
|
||||
"ldap:///" as the keyserver.
|
||||
|
||||
@item keyserver
|
||||
Locate a key using a keyserver. This method also allows to search
|
||||
Locate a key using a keyserver. This method also allows one to search
|
||||
by fingerprint using the command @option{--locate-external-key} if
|
||||
any of the configured keyservers is an LDAP server.
|
||||
|
||||
@item keyserver-URL
|
||||
In addition, a keyserver URL as used in the @command{dirmngr}
|
||||
configuration may be used here to query that particular keyserver.
|
||||
This method also allows to search by fingerprint using the command
|
||||
This method also allows one to search by fingerprint using the command
|
||||
@option{--locate-external-key} if the URL specifies an LDAP server.
|
||||
|
||||
@item local
|
||||
@ -2336,19 +2364,21 @@ the key in this file is fully valid.
|
||||
@opindex encrypt-to
|
||||
Same as @option{--recipient} but this one is intended for use in the
|
||||
options file and may be used with your own user-id as an
|
||||
"encrypt-to-self". These keys are only used when there are other
|
||||
recipients given either by use of @option{--recipient} or by the asked
|
||||
user id. No trust checking is performed for these user ids and even
|
||||
disabled keys can be used.
|
||||
"encrypt-to-self". It is suggested to use a fingerprint or at least a
|
||||
long keyID for @var{name}. These keys are only used when there are
|
||||
other recipients given either by use of @option{--recipient} or by the
|
||||
asked user id. No trust checking is performed for these user ids and
|
||||
even disabled keys can be used.
|
||||
|
||||
@item --hidden-encrypt-to @var{name}
|
||||
@opindex hidden-encrypt-to
|
||||
Same as @option{--hidden-recipient} but this one is intended for use in the
|
||||
options file and may be used with your own user-id as a hidden
|
||||
"encrypt-to-self". These keys are only used when there are other
|
||||
recipients given either by use of @option{--recipient} or by the asked user id.
|
||||
No trust checking is performed for these user ids and even disabled
|
||||
keys can be used.
|
||||
Same as @option{--hidden-recipient} but this one is intended for use
|
||||
in the options file and may be used with your own user-id as a hidden
|
||||
"encrypt-to-self". It is suggested to use a fingerprint or at least a
|
||||
long keyID for @var{name}. These keys are only used when there are
|
||||
other recipients given either by use of @option{--recipient} or by the
|
||||
asked user id. No trust checking is performed for these user ids and
|
||||
even disabled keys can be used.
|
||||
|
||||
@item --no-encrypt-to
|
||||
@opindex no-encrypt-to
|
||||
@ -2899,24 +2929,6 @@ done with @code{--with-colons}.
|
||||
|
||||
@table @gnupgtabopt
|
||||
|
||||
@item -t, --textmode
|
||||
@itemx --no-textmode
|
||||
@opindex textmode
|
||||
Treat input files as text and store them in the OpenPGP canonical text
|
||||
form with standard "CRLF" line endings. This also sets the necessary
|
||||
flags to inform the recipient that the encrypted or signed data is text
|
||||
and may need its line endings converted back to whatever the local
|
||||
system uses. This option is useful when communicating between two
|
||||
platforms that have different line ending conventions (UNIX-like to Mac,
|
||||
Mac to Windows, etc). @option{--no-textmode} disables this option, and
|
||||
is the default.
|
||||
|
||||
@item --force-v3-sigs
|
||||
@itemx --no-force-v3-sigs
|
||||
@item --force-v4-certs
|
||||
@itemx --no-force-v4-certs
|
||||
These options are obsolete and have no effect since GnuPG 2.1.
|
||||
|
||||
@item --force-ocb
|
||||
@itemx --force-aead
|
||||
@opindex force-ocb
|
||||
@ -3151,7 +3163,7 @@ Prompt before overwriting any files.
|
||||
Set compatibility flags to work around problems due to non-compliant
|
||||
keys or data. The @var{flags} are given as a comma separated
|
||||
list of flag names and are OR-ed together. The special flag "none"
|
||||
clears the list and allows to start over with an empty list. To get a
|
||||
clears the list and allows one to start over with an empty list. To get a
|
||||
list of available flags the sole word "help" can be used.
|
||||
|
||||
@item --debug-level @var{level}
|
||||
@ -3207,7 +3219,7 @@ and may thus be changed or removed at any time without notice.
|
||||
|
||||
@item --debug-allow-large-chunks
|
||||
@opindex debug-allow-large-chunks
|
||||
To facilitate software tests and experiments this option allows to
|
||||
To facilitate software tests and experiments this option allows one to
|
||||
specify a limit of up to 4 EiB (@code{--chunk-size 62}).
|
||||
|
||||
@item --debug-ignore-expiration
|
||||
@ -3378,9 +3390,23 @@ to display the message. This option overrides @option{--set-filename}.
|
||||
@itemx --no-use-embedded-filename
|
||||
@opindex use-embedded-filename
|
||||
Try to create a file with a name as embedded in the data. This can be
|
||||
a dangerous option as it enables overwriting files. Defaults to no.
|
||||
a dangerous option as it enables overwriting files by giving the
|
||||
sender control on how to store files. Defaults to no.
|
||||
Note that the option @option{--output} overrides this option.
|
||||
|
||||
A better approach than using this option is to decrypt to a temporary
|
||||
filename and then rename that file to the embedded file name after
|
||||
checking that the embedded filename is harmless. When using the
|
||||
@option{--status-fd} option gpg tells the filename as part of the
|
||||
PLAINTEXT status message. If the filename is important, the use of
|
||||
@command{gpgtar} is another option because gpgtar will never overwrite
|
||||
a file but decrypt the files to a new directory.
|
||||
|
||||
Note also that unless a modern version 5 signature is used the
|
||||
embedded filename is not part of the signed data.
|
||||
|
||||
|
||||
|
||||
@item --cipher-algo @var{name}
|
||||
@opindex cipher-algo
|
||||
Use @var{name} as cipher algorithm. Running the program with the
|
||||
@ -3646,7 +3672,7 @@ not need to be listed explicitly.
|
||||
@opindex allow-weak-key-signatures
|
||||
To avoid a minor risk of collision attacks on third-party key
|
||||
signatures made using SHA-1, those key signatures are considered
|
||||
invalid. This options allows to override this restriction.
|
||||
invalid. This options allows one to override this restriction.
|
||||
|
||||
@item --override-compliance-check
|
||||
This was a temporary introduced option and has no more effect.
|
||||
@ -3891,6 +3917,25 @@ all on Windows.
|
||||
|
||||
@table @gnupgtabopt
|
||||
|
||||
@item -t, --textmode
|
||||
@itemx --no-textmode
|
||||
@opindex textmode
|
||||
Treat input files as text and store them in the OpenPGP canonical text
|
||||
form with standard "CRLF" line endings. This also sets the necessary
|
||||
flags to inform the recipient that the encrypted or signed data is text
|
||||
and may need its line endings converted back to whatever the local
|
||||
system uses. This option was useful when communicating between two
|
||||
platforms with different line ending conventions (UNIX-like to Mac,
|
||||
Mac to Windows, etc). @option{--no-textmode} disables this option, and
|
||||
is the default. Note that this is a legacy option which should not
|
||||
anymore be used by any modern software.
|
||||
|
||||
@item --force-v3-sigs
|
||||
@itemx --no-force-v3-sigs
|
||||
@item --force-v4-certs
|
||||
@itemx --no-force-v4-certs
|
||||
These options are obsolete and have no effect since GnuPG 2.1.
|
||||
|
||||
@item --show-photos
|
||||
@itemx --no-show-photos
|
||||
@opindex show-photos
|
||||
@ -4111,7 +4156,7 @@ Operation is further controlled by a few environment variables:
|
||||
|
||||
@item GNUPG_EXEC_DEBUG_FLAGS
|
||||
@efindex GNUPG_EXEC_DEBUG_FLAGS
|
||||
This variable allows to enable diagnostics for process management.
|
||||
This variable allows one to enable diagnostics for process management.
|
||||
A numeric decimal value is expected. Bit 0 enables general
|
||||
diagnostics, bit 1 enables certain warnings on Windows.
|
||||
|
||||
|
@ -767,7 +767,7 @@ is given as fingerprint or keygrip.
|
||||
Set compatibility flags to work around problems due to non-compliant
|
||||
certificates or data. The @var{flags} are given as a comma separated
|
||||
list of flag names and are OR-ed together. The special flag "none"
|
||||
clears the list and allows to start over with an empty list. To get a
|
||||
clears the list and allows one to start over with an empty list. To get a
|
||||
list of available flags the sole word "help" can be used.
|
||||
|
||||
@item --debug-level @var{level}
|
||||
|
@ -140,6 +140,10 @@ This option enables a mode in which filenames of the form
|
||||
@file{-&n}, where n is a non-negative decimal number,
|
||||
refer to the file descriptor n and not to a file with that name.
|
||||
|
||||
@item --assert-pubkey-algo @var{algolist}
|
||||
@opindex assert-pubkey-algo
|
||||
This option works in the same way as described for @command{gpg}.
|
||||
|
||||
@end table
|
||||
|
||||
@mansect return value
|
||||
@ -198,4 +202,3 @@ the allowed keys, using a legacy format.
|
||||
@mansect see also
|
||||
@command{gpg}(1)
|
||||
@include see-also-note.texi
|
||||
|
||||
|
@ -309,7 +309,7 @@ with lower priority should be used by default.
|
||||
|
||||
@item --application-priority @var{namelist}
|
||||
@opindex application-priority
|
||||
This option allows to change the order in which applications of a card
|
||||
This option allows one to change the order in which applications of a card
|
||||
a tried if no specific application was requested. @var{namelist} is a
|
||||
space or comma delimited list of application names. Unknown names are
|
||||
simply skipped. Applications not mentioned in the list are put in the
|
||||
|
@ -400,7 +400,7 @@ expected in the current GnuPG home directory. This command is usually
|
||||
not required because GnuPG is able to detect and remove stale lock
|
||||
files. Before using the command make sure that the file protected by
|
||||
the lock file is actually not in use. The lock command may be used to
|
||||
lock an accidently removed lock file. Note that the commands have no
|
||||
lock an accidentally removed lock file. Note that the commands have no
|
||||
effect on Windows because the mere existence of a lock file does not
|
||||
mean that the lock is active.
|
||||
|
||||
|
@ -136,6 +136,8 @@ The command @option{--print-wkd-url} prints the URLs used to fetch the
|
||||
key for the given user-ids from WKD. The meanwhile preferred format
|
||||
with sub-domains is used here.
|
||||
|
||||
All commands may also be given without the two leading dashes.
|
||||
|
||||
@mansect options
|
||||
@noindent
|
||||
@command{gpg-wks-client} understands these options:
|
||||
|
@ -183,7 +183,7 @@ gpgv_LDFLAGS =
|
||||
|
||||
|
||||
t_common_ldadd =
|
||||
module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter
|
||||
module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter t-keyid
|
||||
t_rmd160_SOURCES = t-rmd160.c rmd160.c
|
||||
t_rmd160_LDADD = $(t_common_ldadd)
|
||||
t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source)
|
||||
@ -200,6 +200,10 @@ t_stutter_SOURCES = t-stutter.c test-stubs.c \
|
||||
t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
|
||||
$(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
|
||||
$(LIBICONV) $(t_common_ldadd)
|
||||
t_keyid_SOURCES = t-keyid.c test-stubs.c $(common_source)
|
||||
t_keyid_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
|
||||
$(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
|
||||
$(LIBICONV) $(t_common_ldadd)
|
||||
|
||||
|
||||
$(PROGRAMS): $(needed_libs) ../common/libgpgrl.a
|
||||
|
@ -306,7 +306,9 @@ gpg_mpi_write (iobuf_t out, gcry_mpi_t a, unsigned int *r_nwritten)
|
||||
p = gcry_mpi_get_opaque (a, &nbits);
|
||||
if (p)
|
||||
{
|
||||
/* Strip leading zero bits. */
|
||||
/* First get nbits back to full bytes. */
|
||||
nbits = ((nbits + 7) / 8) * 8;
|
||||
/* Then strip leading zero bits. */
|
||||
for (; nbits >= 8 && !*p; p++, nbits -= 8)
|
||||
;
|
||||
if (nbits >= 8 && !(*p & 0x80))
|
||||
|
@ -53,7 +53,11 @@ init_compress( compress_filter_context_t *zfx, bz_stream *bzs )
|
||||
}
|
||||
|
||||
if((rc=BZ2_bzCompressInit(bzs,level,0,0))!=BZ_OK)
|
||||
log_fatal("bz2lib problem: %d\n",rc);
|
||||
{
|
||||
log_error ("bz2lib problem: %d\n",rc);
|
||||
write_status_error ("bzip2.init", gpg_error (GPG_ERR_INTERNAL));
|
||||
g10_exit (2);
|
||||
}
|
||||
|
||||
zfx->outbufsize = 8192;
|
||||
zfx->outbuf = xmalloc( zfx->outbufsize );
|
||||
@ -80,7 +84,11 @@ do_compress(compress_filter_context_t *zfx, bz_stream *bzs, int flush, IOBUF a)
|
||||
if( zrc == BZ_STREAM_END && flush == BZ_FINISH )
|
||||
;
|
||||
else if( zrc != BZ_RUN_OK && zrc != BZ_FINISH_OK )
|
||||
log_fatal("bz2lib deflate problem: rc=%d\n", zrc );
|
||||
{
|
||||
log_error ("bz2lib deflate problem: rc=%d\n", zrc );
|
||||
write_status_error ("bzip2.deflate", gpg_error (GPG_ERR_INTERNAL));
|
||||
g10_exit (2);
|
||||
}
|
||||
|
||||
n = zfx->outbufsize - bzs->avail_out;
|
||||
if( DBG_FILTER )
|
||||
@ -91,7 +99,7 @@ do_compress(compress_filter_context_t *zfx, bz_stream *bzs, int flush, IOBUF a)
|
||||
|
||||
if( (rc=iobuf_write( a, zfx->outbuf, n )) )
|
||||
{
|
||||
log_debug("bzCompress: iobuf_write failed\n");
|
||||
log_error ("bzCompress: iobuf_write failed\n");
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
@ -106,7 +114,11 @@ init_uncompress( compress_filter_context_t *zfx, bz_stream *bzs )
|
||||
int rc;
|
||||
|
||||
if((rc=BZ2_bzDecompressInit(bzs,0,opt.bz2_decompress_lowmem))!=BZ_OK)
|
||||
log_fatal("bz2lib problem: %d\n",rc);
|
||||
{
|
||||
log_error ("bz2lib problem: %d\n",rc);
|
||||
write_status_error ("bzip2.init.un", gpg_error (GPG_ERR_INTERNAL));
|
||||
g10_exit (2);
|
||||
}
|
||||
|
||||
zfx->inbufsize = 2048;
|
||||
zfx->inbuf = xmalloc( zfx->inbufsize );
|
||||
@ -159,7 +171,11 @@ do_uncompress( compress_filter_context_t *zfx, bz_stream *bzs,
|
||||
if( zrc == BZ_STREAM_END )
|
||||
rc = -1; /* eof */
|
||||
else if( zrc != BZ_OK && zrc != BZ_PARAM_ERROR )
|
||||
log_fatal("bz2lib inflate problem: rc=%d\n", zrc );
|
||||
{
|
||||
log_error ("bz2lib inflate problem: rc=%d\n", zrc );
|
||||
write_status_error ("bzip2.inflate", gpg_error (GPG_ERR_BAD_DATA));
|
||||
g10_exit (2);
|
||||
}
|
||||
else if (zrc == BZ_OK && eofseen
|
||||
&& !bzs->avail_in && bzs->avail_out > 0)
|
||||
{
|
||||
|
@ -73,10 +73,12 @@ init_compress( compress_filter_context_t *zfx, z_stream *zs )
|
||||
-13, 8, Z_DEFAULT_STRATEGY)
|
||||
: deflateInit( zs, level )
|
||||
) != Z_OK ) {
|
||||
log_fatal("zlib problem: %s\n", zs->msg? zs->msg :
|
||||
log_error ("zlib problem: %s\n", zs->msg? zs->msg :
|
||||
rc == Z_MEM_ERROR ? "out of core" :
|
||||
rc == Z_VERSION_ERROR ? "invalid lib version" :
|
||||
"unknown error" );
|
||||
write_status_error ("zlib.init", gpg_error (GPG_ERR_INTERNAL));
|
||||
g10_exit (2);
|
||||
}
|
||||
|
||||
zfx->outbufsize = 8192;
|
||||
@ -104,9 +106,11 @@ do_compress( compress_filter_context_t *zfx, z_stream *zs, int flush, IOBUF a )
|
||||
;
|
||||
else if( zrc != Z_OK ) {
|
||||
if( zs->msg )
|
||||
log_fatal("zlib deflate problem: %s\n", zs->msg );
|
||||
log_error ("zlib deflate problem: %s\n", zs->msg );
|
||||
else
|
||||
log_fatal("zlib deflate problem: rc=%d\n", zrc );
|
||||
log_error ("zlib deflate problem: rc=%d\n", zrc );
|
||||
write_status_error ("zlib.deflate", gpg_error (GPG_ERR_INTERNAL));
|
||||
g10_exit (2);
|
||||
}
|
||||
n = zfx->outbufsize - zs->avail_out;
|
||||
if( DBG_FILTER )
|
||||
@ -116,7 +120,7 @@ do_compress( compress_filter_context_t *zfx, z_stream *zs, int flush, IOBUF a )
|
||||
(unsigned)n, zrc );
|
||||
|
||||
if( (rc=iobuf_write( a, zfx->outbuf, n )) ) {
|
||||
log_debug("deflate: iobuf_write failed\n");
|
||||
log_error ("deflate: iobuf_write failed\n");
|
||||
return rc;
|
||||
}
|
||||
} while( zs->avail_in || (flush == Z_FINISH && zrc != Z_STREAM_END) );
|
||||
@ -140,10 +144,12 @@ init_uncompress( compress_filter_context_t *zfx, z_stream *zs )
|
||||
*/
|
||||
if( (rc = zfx->algo == 1? inflateInit2( zs, -15)
|
||||
: inflateInit( zs )) != Z_OK ) {
|
||||
log_fatal("zlib problem: %s\n", zs->msg? zs->msg :
|
||||
log_error ("zlib problem: %s\n", zs->msg? zs->msg :
|
||||
rc == Z_MEM_ERROR ? "out of core" :
|
||||
rc == Z_VERSION_ERROR ? "invalid lib version" :
|
||||
"unknown error" );
|
||||
write_status_error ("zlib.init.un", gpg_error (GPG_ERR_INTERNAL));
|
||||
g10_exit (2);
|
||||
}
|
||||
|
||||
zfx->inbufsize = 2048;
|
||||
@ -198,9 +204,11 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
|
||||
rc = -1; /* eof */
|
||||
else if( zrc != Z_OK && zrc != Z_BUF_ERROR ) {
|
||||
if( zs->msg )
|
||||
log_fatal("zlib inflate problem: %s\n", zs->msg );
|
||||
log_error ("zlib inflate problem: %s\n", zs->msg );
|
||||
else
|
||||
log_fatal("zlib inflate problem: rc=%d\n", zrc );
|
||||
log_error ("zlib inflate problem: rc=%d\n", zrc );
|
||||
write_status_error ("zlib.inflate", gpg_error (GPG_ERR_BAD_DATA));
|
||||
g10_exit (2);
|
||||
}
|
||||
} while (zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR
|
||||
&& !leave);
|
||||
|
@ -129,6 +129,8 @@ parse_export_options(char *str,unsigned int *options,int noisy)
|
||||
N_("export revocation keys marked as \"sensitive\"")},
|
||||
{"export-clean",EXPORT_CLEAN,NULL,
|
||||
N_("remove unusable parts from key during export")},
|
||||
{"export-realclean",EXPORT_MINIMAL|EXPORT_REALCLEAN|EXPORT_CLEAN,NULL,
|
||||
NULL},
|
||||
{"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL,
|
||||
N_("remove as much as possible from key during export")},
|
||||
|
||||
@ -166,7 +168,7 @@ parse_export_options(char *str,unsigned int *options,int noisy)
|
||||
{
|
||||
*options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES
|
||||
| EXPORT_SENSITIVE_REVKEYS);
|
||||
*options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL
|
||||
*options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL | EXPORT_REALCLEAN
|
||||
| EXPORT_DANE_FORMAT);
|
||||
}
|
||||
|
||||
@ -643,7 +645,7 @@ canon_pk_algo (enum gcry_pk_algos algo)
|
||||
}
|
||||
|
||||
|
||||
/* Take an s-expression wit the public and private key and change the
|
||||
/* Take an s-expression with the public and private key and change the
|
||||
* parameter array in PK to include the secret parameters. */
|
||||
static gpg_error_t
|
||||
secret_key_to_mode1003 (gcry_sexp_t s_key, PKT_public_key *pk)
|
||||
@ -2366,8 +2368,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
|
||||
if ((options & EXPORT_CLEAN))
|
||||
{
|
||||
merge_keys_and_selfsig (ctrl, keyblock);
|
||||
clean_all_uids (ctrl, keyblock, opt.verbose,
|
||||
(options&EXPORT_MINIMAL), NULL, NULL);
|
||||
clean_all_uids (ctrl, keyblock, opt.verbose, options, NULL, NULL);
|
||||
clean_all_subkeys (ctrl, keyblock, opt.verbose,
|
||||
(options&EXPORT_MINIMAL)? KEY_CLEAN_ALL
|
||||
/**/ : KEY_CLEAN_AUTHENCR,
|
||||
|
@ -1921,7 +1921,7 @@ get_pubkey_byfprint_fast (ctrl_t ctrl, PKT_public_key * pk,
|
||||
* R_HD may be NULL. If LOCK is set the handle has been opend in
|
||||
* locked mode and keydb_disable_caching () has been called. On error
|
||||
* R_KEYBLOCK is set to NULL but R_HD must be released by the caller;
|
||||
* it may have a value of NULL, though. This allows to do an insert
|
||||
* it may have a value of NULL, though. This allows one to do an insert
|
||||
* operation on a locked keydb handle. */
|
||||
gpg_error_t
|
||||
get_keyblock_byfprint_fast (ctrl_t ctrl,
|
||||
|
56
g10/gpg.c
56
g10/gpg.c
@ -451,6 +451,7 @@ enum cmd_and_opt_values
|
||||
oCompatibilityFlags,
|
||||
oAddDesigRevoker,
|
||||
oAssertSigner,
|
||||
oAssertPubkeyAlgo,
|
||||
oKbxBufferSize,
|
||||
|
||||
oNoop
|
||||
@ -715,6 +716,7 @@ static gpgrt_opt_t opts[] = {
|
||||
#endif
|
||||
ARGPARSE_s_s (oAddDesigRevoker, "add-desig-revoker", "@"),
|
||||
ARGPARSE_s_s (oAssertSigner, "assert-signer", "@"),
|
||||
ARGPARSE_s_s (oAssertPubkeyAlgo,"assert-pubkey-algo", "@"),
|
||||
|
||||
ARGPARSE_header ("Input", N_("Options controlling the input")),
|
||||
|
||||
@ -753,7 +755,7 @@ static gpgrt_opt_t opts[] = {
|
||||
ARGPARSE_s_n (oNoEscapeFrom, "no-escape-from-lines", "@"),
|
||||
ARGPARSE_s_n (oMimemode, "mimemode", "@"),
|
||||
ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
|
||||
ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
|
||||
ARGPARSE_s_n (oTextmode, "textmode", "@"),
|
||||
ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
|
||||
ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
|
||||
ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
|
||||
@ -1045,9 +1047,12 @@ static struct compatibility_flags_s compatibility_flags [] =
|
||||
|
||||
/* Can be set to true to force gpg to return with EXIT_FAILURE. */
|
||||
int g10_errors_seen = 0;
|
||||
/* If opt.assert_signer_list is used and this variabale is not true
|
||||
/* If opt.assert_signer_list is used and this variable is not true
|
||||
* gpg will be forced to return EXIT_FAILURE. */
|
||||
int assert_signer_true = 0;
|
||||
/* If opt.assert_pubkey_algo is used and this variable is not true
|
||||
* gpg will be forced to return EXIT_FAILURE. */
|
||||
int assert_pubkey_algo_false = 0;
|
||||
|
||||
|
||||
static int utf8_strings =
|
||||
@ -3584,9 +3589,18 @@ main (int argc, char **argv)
|
||||
case oPersonalCompressPreferences:
|
||||
pers_compress_list=pargs.r.ret_str;
|
||||
break;
|
||||
case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
|
||||
case oKeyboxdProgram: opt.keyboxd_program = pargs.r.ret_str; break;
|
||||
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
|
||||
case oAgentProgram:
|
||||
xfree (opt.agent_program);
|
||||
opt.agent_program = make_filename (pargs.r.ret_str, NULL);
|
||||
break;
|
||||
case oKeyboxdProgram:
|
||||
xfree (opt.keyboxd_program);
|
||||
opt.keyboxd_program = make_filename (pargs.r.ret_str, NULL);
|
||||
break;
|
||||
case oDirmngrProgram:
|
||||
xfree (opt.dirmngr_program);
|
||||
opt.dirmngr_program = make_filename (pargs.r.ret_str, NULL);
|
||||
break;
|
||||
case oDisableDirmngr: opt.disable_dirmngr = 1; break;
|
||||
case oWeakDigest:
|
||||
additional_weak_digest(pargs.r.ret_str);
|
||||
@ -3767,6 +3781,18 @@ main (int argc, char **argv)
|
||||
add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str);
|
||||
break;
|
||||
|
||||
case oAssertPubkeyAlgo:
|
||||
if (!opt.assert_pubkey_algos)
|
||||
opt.assert_pubkey_algos = xstrdup (pargs.r.ret_str);
|
||||
else
|
||||
{
|
||||
char *tmp = opt.assert_pubkey_algos;
|
||||
opt.assert_pubkey_algos = xstrconcat (tmp, ",",
|
||||
pargs.r.ret_str, NULL);
|
||||
xfree (tmp);
|
||||
}
|
||||
break;
|
||||
|
||||
case oKbxBufferSize:
|
||||
keybox_set_buffersize (pargs.r.ret_ulong, 0);
|
||||
break;
|
||||
@ -5471,6 +5497,17 @@ emergency_cleanup (void)
|
||||
void
|
||||
g10_exit( int rc )
|
||||
{
|
||||
if (rc)
|
||||
;
|
||||
else if (log_get_errorcount(0))
|
||||
rc = 2;
|
||||
else if (g10_errors_seen)
|
||||
rc = 1;
|
||||
else if (opt.assert_signer_list && !assert_signer_true)
|
||||
rc = 1;
|
||||
else if (opt.assert_pubkey_algos && assert_pubkey_algo_false)
|
||||
rc = 1;
|
||||
|
||||
/* If we had an error but not printed an error message, do it now.
|
||||
* Note that write_status_failure will never print a second failure
|
||||
* status line. */
|
||||
@ -5495,15 +5532,6 @@ g10_exit( int rc )
|
||||
gnupg_block_all_signals ();
|
||||
emergency_cleanup ();
|
||||
|
||||
if (rc)
|
||||
;
|
||||
else if (log_get_errorcount(0))
|
||||
rc = 2;
|
||||
else if (g10_errors_seen)
|
||||
rc = 1;
|
||||
else if (opt.assert_signer_list && !assert_signer_true)
|
||||
rc = 1;
|
||||
|
||||
exit (rc);
|
||||
}
|
||||
|
||||
|
30
g10/gpgv.c
30
g10/gpgv.c
@ -68,6 +68,7 @@ enum cmd_and_opt_values {
|
||||
oWeakDigest,
|
||||
oEnableSpecialFilenames,
|
||||
oDebug,
|
||||
oAssertPubkeyAlgo,
|
||||
aTest
|
||||
};
|
||||
|
||||
@ -91,6 +92,7 @@ static gpgrt_opt_t opts[] = {
|
||||
N_("|ALGO|reject signatures made with ALGO")),
|
||||
ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
|
||||
ARGPARSE_s_s (oDebug, "debug", "@"),
|
||||
ARGPARSE_s_s (oAssertPubkeyAlgo,"assert-pubkey-algo", "@"),
|
||||
|
||||
ARGPARSE_end ()
|
||||
};
|
||||
@ -119,6 +121,7 @@ static struct debug_flags_s debug_flags [] =
|
||||
|
||||
int g10_errors_seen = 0;
|
||||
int assert_signer_true = 0;
|
||||
int assert_pubkey_algo_false = 0;
|
||||
|
||||
static char *
|
||||
make_libversion (const char *libname, const char *(*getfnc)(const char*))
|
||||
@ -251,6 +254,19 @@ main( int argc, char **argv )
|
||||
case oEnableSpecialFilenames:
|
||||
enable_special_filenames ();
|
||||
break;
|
||||
|
||||
case oAssertPubkeyAlgo:
|
||||
if (!opt.assert_pubkey_algos)
|
||||
opt.assert_pubkey_algos = xstrdup (pargs.r.ret_str);
|
||||
else
|
||||
{
|
||||
char *tmp = opt.assert_pubkey_algos;
|
||||
opt.assert_pubkey_algos = xstrconcat (tmp, ",",
|
||||
pargs.r.ret_str, NULL);
|
||||
xfree (tmp);
|
||||
}
|
||||
break;
|
||||
|
||||
default : pargs.err = ARGPARSE_PRINT_ERROR; break;
|
||||
}
|
||||
}
|
||||
@ -288,10 +304,18 @@ main( int argc, char **argv )
|
||||
|
||||
|
||||
void
|
||||
g10_exit( int rc )
|
||||
g10_exit (int rc)
|
||||
{
|
||||
rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
|
||||
exit(rc );
|
||||
if (rc)
|
||||
;
|
||||
else if (log_get_errorcount(0))
|
||||
rc = 2;
|
||||
else if (g10_errors_seen)
|
||||
rc = 1;
|
||||
else if (opt.assert_pubkey_algos && assert_pubkey_algo_false)
|
||||
rc = 1;
|
||||
|
||||
exit (rc);
|
||||
}
|
||||
|
||||
|
||||
|
@ -2081,7 +2081,9 @@ import_one_real (ctrl_t ctrl,
|
||||
{
|
||||
merge_keys_and_selfsig (ctrl, keyblock);
|
||||
clean_all_uids (ctrl, keyblock,
|
||||
opt.verbose, (options&IMPORT_MINIMAL), NULL, NULL);
|
||||
opt.verbose,
|
||||
(options&IMPORT_MINIMAL)? EXPORT_MINIMAL : 0,
|
||||
NULL, NULL);
|
||||
clean_all_subkeys (ctrl, keyblock, opt.verbose, KEY_CLEAN_NONE,
|
||||
NULL, NULL);
|
||||
}
|
||||
@ -2233,7 +2235,8 @@ import_one_real (ctrl_t ctrl,
|
||||
if ((options & IMPORT_CLEAN))
|
||||
{
|
||||
merge_keys_and_selfsig (ctrl, keyblock);
|
||||
clean_all_uids (ctrl, keyblock, opt.verbose, (options&IMPORT_MINIMAL),
|
||||
clean_all_uids (ctrl, keyblock, opt.verbose,
|
||||
(options&IMPORT_MINIMAL)? EXPORT_MINIMAL : 0,
|
||||
&n_uids_cleaned,&n_sigs_cleaned);
|
||||
clean_all_subkeys (ctrl, keyblock, opt.verbose, KEY_CLEAN_NONE,
|
||||
NULL, NULL);
|
||||
@ -2331,7 +2334,7 @@ import_one_real (ctrl_t ctrl,
|
||||
{
|
||||
merge_keys_and_selfsig (ctrl, keyblock_orig);
|
||||
clean_all_uids (ctrl, keyblock_orig, opt.verbose,
|
||||
(options&IMPORT_MINIMAL),
|
||||
(options&IMPORT_MINIMAL)? EXPORT_MINIMAL : 0,
|
||||
&n_uids_cleaned,&n_sigs_cleaned);
|
||||
clean_all_subkeys (ctrl, keyblock_orig, opt.verbose, KEY_CLEAN_NONE,
|
||||
NULL, NULL);
|
||||
|
@ -91,6 +91,7 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
|
||||
continue;
|
||||
}
|
||||
node->flag |= 1<<NF_CONSIDER;
|
||||
|
||||
}
|
||||
/* Reset the remaining flags. */
|
||||
for (; node; node = node->next)
|
||||
@ -215,9 +216,22 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
|
||||
}
|
||||
|
||||
|
||||
/* Return true if the signature at NODE has is from a key specified by
|
||||
* the --trusted-key option and is exportable. */
|
||||
static int
|
||||
is_trusted_key_sig (kbnode_t node)
|
||||
{
|
||||
if (!node->pkt->pkt.signature->flags.exportable)
|
||||
return 0;
|
||||
/* Not yet implemented. */
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Note: OPTIONS are from the EXPORT_* set. */
|
||||
static int
|
||||
clean_sigs_from_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
|
||||
int noisy, int self_only)
|
||||
int noisy, unsigned int options)
|
||||
{
|
||||
int deleted = 0;
|
||||
kbnode_t node;
|
||||
@ -256,8 +270,15 @@ clean_sigs_from_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
|
||||
{
|
||||
int keep;
|
||||
|
||||
keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
|
||||
&& node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
|
||||
if ((options & EXPORT_REALCLEAN))
|
||||
keep = ((node->pkt->pkt.signature->keyid[0] == keyid[0]
|
||||
&& node->pkt->pkt.signature->keyid[1] == keyid[1])
|
||||
|| is_trusted_key_sig (node));
|
||||
else if ((options & EXPORT_MINIMAL))
|
||||
keep = (node->pkt->pkt.signature->keyid[0] == keyid[0]
|
||||
&& node->pkt->pkt.signature->keyid[1] == keyid[1]);
|
||||
else
|
||||
keep = 1;
|
||||
|
||||
/* Keep usable uid sigs ... */
|
||||
if ((node->flag & (1<<NF_USABLE)) && keep)
|
||||
@ -364,10 +385,12 @@ clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
|
||||
}
|
||||
|
||||
|
||||
/* Needs to be called after a merge_keys_and_selfsig() */
|
||||
/* Needs to be called after a merge_keys_and_selfsig().
|
||||
* Note: OPTIONS are from the EXPORT_* set. */
|
||||
void
|
||||
clean_one_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
|
||||
int noisy, int self_only, int *uids_cleaned, int *sigs_cleaned)
|
||||
int noisy, unsigned int options,
|
||||
int *uids_cleaned, int *sigs_cleaned)
|
||||
{
|
||||
int dummy = 0;
|
||||
|
||||
@ -386,15 +409,15 @@ clean_one_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
|
||||
*uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
|
||||
if (!uidnode->pkt->pkt.user_id->flags.compacted)
|
||||
*sigs_cleaned += clean_sigs_from_uid (ctrl, keyblock, uidnode,
|
||||
noisy, self_only);
|
||||
noisy, options);
|
||||
}
|
||||
|
||||
|
||||
/* NB: This function marks the deleted nodes only and the caller is
|
||||
* responsible to skip or remove them. Needs to be called after a
|
||||
* merge_keys_and_selfsig(). */
|
||||
* merge_keys_and_selfsig. Note: OPTIONS are from the EXPORT_* set. */
|
||||
void
|
||||
clean_all_uids (ctrl_t ctrl, kbnode_t keyblock, int noisy, int self_only,
|
||||
clean_all_uids (ctrl_t ctrl, kbnode_t keyblock, int noisy, unsigned int options,
|
||||
int *uids_cleaned, int *sigs_cleaned)
|
||||
{
|
||||
kbnode_t node;
|
||||
@ -405,7 +428,7 @@ clean_all_uids (ctrl_t ctrl, kbnode_t keyblock, int noisy, int self_only,
|
||||
node = node->next)
|
||||
{
|
||||
if (node->pkt->pkttype == PKT_USER_ID)
|
||||
clean_one_uid (ctrl, keyblock, node, noisy, self_only,
|
||||
clean_one_uid (ctrl, keyblock, node, noisy, options,
|
||||
uids_cleaned, sigs_cleaned);
|
||||
}
|
||||
|
||||
|
@ -40,9 +40,10 @@ void mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
|
||||
u32 curtime, u32 *next_expire);
|
||||
|
||||
void clean_one_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
|
||||
int noisy, int self_only,
|
||||
int noisy, unsigned int options,
|
||||
int *uids_cleaned, int *sigs_cleaned);
|
||||
void clean_all_uids (ctrl_t ctrl, kbnode_t keyblock, int noisy, int self_only,
|
||||
void clean_all_uids (ctrl_t ctrl, kbnode_t keyblock,
|
||||
int noisy, unsigned int options,
|
||||
int *uids_cleaned,int *sigs_cleaned);
|
||||
void clean_all_subkeys (ctrl_t ctrl, kbnode_t keyblock,
|
||||
int noisy, int clean_level,
|
||||
|
@ -487,6 +487,7 @@ const char *key_origin_string (int origin);
|
||||
/*-- keyid.c --*/
|
||||
int pubkey_letter( int algo );
|
||||
char *pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize);
|
||||
int compare_pubkey_string (const char *astr, const char *bstr);
|
||||
#define PUBKEY_STRING_SIZE 32
|
||||
u32 v3_keyid (gcry_mpi_t a, u32 *ki);
|
||||
void hash_public_key( gcry_md_hd_t md, PKT_public_key *pk );
|
||||
@ -572,6 +573,7 @@ const char *colon_expirestr_from_sig (PKT_signature *sig);
|
||||
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
|
||||
byte *v5_fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len);
|
||||
void fpr20_from_pk (PKT_public_key *pk, byte array[20]);
|
||||
void fpr20_from_fpr (const byte *fpr, unsigned int fprlen, byte array[20]);
|
||||
char *hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen);
|
||||
char *v5hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen);
|
||||
char *format_hexfingerprint (const char *fingerprint,
|
||||
|
@ -70,7 +70,7 @@ static int menu_adduid (ctrl_t ctrl, kbnode_t keyblock,
|
||||
int photo, const char *photo_name, const char *uidstr);
|
||||
static void menu_deluid (KBNODE pub_keyblock);
|
||||
static int menu_delsig (ctrl_t ctrl, kbnode_t pub_keyblock);
|
||||
static int menu_clean (ctrl_t ctrl, kbnode_t keyblock, int self_only);
|
||||
static int menu_clean (ctrl_t ctrl, kbnode_t keyblock, unsigned int options);
|
||||
static void menu_delkey (KBNODE pub_keyblock);
|
||||
static int menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive);
|
||||
static int menu_addadsk (ctrl_t ctrl, kbnode_t pub_keyblock,
|
||||
@ -2258,7 +2258,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
||||
break;
|
||||
|
||||
case cmdMINIMIZE:
|
||||
if (menu_clean (ctrl, keyblock, 1))
|
||||
if (menu_clean (ctrl, keyblock, EXPORT_MINIMAL))
|
||||
redisplay = modified = 1;
|
||||
break;
|
||||
|
||||
@ -4543,11 +4543,13 @@ menu_delsig (ctrl_t ctrl, kbnode_t pub_keyblock)
|
||||
}
|
||||
|
||||
|
||||
/* Note: OPTIONS are from the EXPORT_* set. */
|
||||
static int
|
||||
menu_clean (ctrl_t ctrl, kbnode_t keyblock, int self_only)
|
||||
menu_clean (ctrl_t ctrl, kbnode_t keyblock, unsigned int options)
|
||||
{
|
||||
KBNODE uidnode;
|
||||
int modified = 0, select_all = !count_selected_uids (keyblock);
|
||||
int modified = 0;
|
||||
int select_all = !count_selected_uids (keyblock);
|
||||
|
||||
for (uidnode = keyblock->next;
|
||||
uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
|
||||
@ -4561,8 +4563,8 @@ menu_clean (ctrl_t ctrl, kbnode_t keyblock, int self_only)
|
||||
uidnode->pkt->pkt.user_id->len,
|
||||
0);
|
||||
|
||||
clean_one_uid (ctrl, keyblock, uidnode, opt.verbose, self_only, &uids,
|
||||
&sigs);
|
||||
clean_one_uid (ctrl, keyblock, uidnode, opt.verbose, options,
|
||||
&uids, &sigs);
|
||||
if (uids)
|
||||
{
|
||||
const char *reason;
|
||||
@ -4587,7 +4589,7 @@ menu_clean (ctrl_t ctrl, kbnode_t keyblock, int self_only)
|
||||
}
|
||||
else
|
||||
{
|
||||
tty_printf (self_only == 1 ?
|
||||
tty_printf ((options & EXPORT_MINIMAL)?
|
||||
_("User ID \"%s\": already minimized\n") :
|
||||
_("User ID \"%s\": already clean\n"), user);
|
||||
}
|
||||
|
176
g10/keyid.c
176
g10/keyid.c
@ -145,6 +145,130 @@ pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize)
|
||||
}
|
||||
|
||||
|
||||
/* Helper for compare_pubkey_string. This skips leading spaces,
|
||||
* commas and optional condition operators and returns a pointer to
|
||||
* the first non-space character or NULL in case of an error. The
|
||||
* length of a prefix consisting of letters is then returned ar PFXLEN
|
||||
* and the value of the number (e.g. 384 for "brainpoolP384r1") at
|
||||
* NUMBER. R_LENGTH receives the entire length of the algorithm name
|
||||
* which is terminated by a space, nul, or a comma. If R_CONDITION is
|
||||
* not NULL, 0 is stored for a leading "=", 1 for a ">", 2 for a ">=",
|
||||
* -1 for a "<", and -2 for a "<=". If R_CONDITION is NULL no
|
||||
* condition prefix is allowed. */
|
||||
static const char *
|
||||
parse_one_algo_string (const char *str, size_t *pfxlen, unsigned int *number,
|
||||
size_t *r_length, int *r_condition)
|
||||
{
|
||||
int condition = 0;
|
||||
const char *result;
|
||||
|
||||
while (spacep (str) || *str ==',')
|
||||
str++;
|
||||
if (!r_condition)
|
||||
;
|
||||
else if (*str == '>' && str[1] == '=')
|
||||
condition = 2, str += 2;
|
||||
else if (*str == '>' )
|
||||
condition = 1, str += 1;
|
||||
else if (*str == '<' && str[1] == '=')
|
||||
condition = -2, str += 2;
|
||||
else if (*str == '<')
|
||||
condition = -1, str += 1;
|
||||
else if (*str == '=') /* Default. */
|
||||
str += 1;
|
||||
|
||||
if (!alphap (str))
|
||||
return NULL; /* Error. */
|
||||
|
||||
*pfxlen = 1;
|
||||
for (result = str++; alphap (str); str++)
|
||||
++*pfxlen;
|
||||
while (*str == '-' || *str == '+')
|
||||
str++;
|
||||
*number = atoi (str);
|
||||
while (*str && !spacep (str) && *str != ',')
|
||||
str++;
|
||||
|
||||
*r_length = str - result;
|
||||
if (r_condition)
|
||||
*r_condition = condition;
|
||||
return result;
|
||||
}
|
||||
|
||||
/* Helper for compare_pubkey_string. If BPARSED is set to 0 on
|
||||
* return, an error in ASTR or BSTR was found and further checks are
|
||||
* not possible. */
|
||||
static int
|
||||
compare_pubkey_string_part (const char *astr, const char *bstr_arg,
|
||||
size_t *bparsed)
|
||||
{
|
||||
const char *bstr = bstr_arg;
|
||||
size_t alen, apfxlen, blen, bpfxlen;
|
||||
unsigned int anumber, bnumber;
|
||||
int condition;
|
||||
|
||||
*bparsed = 0;
|
||||
astr = parse_one_algo_string (astr, &apfxlen, &anumber, &alen, &condition);
|
||||
if (!astr)
|
||||
return 0; /* Invalid algorithm name. */
|
||||
bstr = parse_one_algo_string (bstr, &bpfxlen, &bnumber, &blen, &condition);
|
||||
if (!bstr)
|
||||
return 0; /* Invalid algorithm name. */
|
||||
*bparsed = blen + (bstr - bstr_arg);
|
||||
if (apfxlen != bpfxlen || ascii_strncasecmp (astr, bstr, apfxlen))
|
||||
return 0; /* false. */
|
||||
switch (condition)
|
||||
{
|
||||
case 2: return anumber >= bnumber;
|
||||
case 1: return anumber > bnumber;
|
||||
case -1: return anumber < bnumber;
|
||||
case -2: return anumber <= bnumber;
|
||||
}
|
||||
|
||||
return alen == blen && !ascii_strncasecmp (astr, bstr, alen);
|
||||
}
|
||||
|
||||
|
||||
/* Check whether ASTR matches the constraints given by BSTR. ASTR may
|
||||
* be any algo string like "rsa2048", "ed25519" and BSTR may be a
|
||||
* constraint which is in the simplest case just another algo string.
|
||||
* BSTR may have more that one string in which case they are comma
|
||||
* separated and any match will return true. It is possible to prefix
|
||||
* BSTR with ">", ">=", "<=", or "<". That prefix operator is applied
|
||||
* to the number part of the algorithm, i.e. the first sequence of
|
||||
* digits found before end-of-string or a comma. Examples:
|
||||
*
|
||||
* | ASTR | BSTR | result |
|
||||
* |----------+----------------------+--------|
|
||||
* | rsa2048 | rsa2048 | true |
|
||||
* | rsa2048 | >=rsa2048 | true |
|
||||
* | rsa2048 | >rsa2048 | false |
|
||||
* | ed25519 | >rsa1024 | false |
|
||||
* | ed25519 | ed25519 | true |
|
||||
* | nistp384 | >nistp256 | true |
|
||||
* | nistp521 | >=rsa3072, >nistp384 | true |
|
||||
*/
|
||||
int
|
||||
compare_pubkey_string (const char *astr, const char *bstr)
|
||||
{
|
||||
size_t bparsed;
|
||||
int result;
|
||||
|
||||
while (*bstr)
|
||||
{
|
||||
result = compare_pubkey_string_part (astr, bstr, &bparsed);
|
||||
if (result)
|
||||
return 1;
|
||||
if (!bparsed)
|
||||
return 0; /* Syntax error in ASTR or BSTR. */
|
||||
bstr += bparsed;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* Hash a public key and allow to specify the to be used format.
|
||||
* Note that if the v5 format is requested for a v4 key, a 0x04 as
|
||||
* version is hashed instead of the 0x05. */
|
||||
@ -239,20 +363,16 @@ do_hash_public_key (gcry_md_hd_t md, PKT_public_key *pk, int use_v5)
|
||||
if (use_v5)
|
||||
{
|
||||
gcry_md_putc ( md, 0x9a ); /* ctb */
|
||||
gcry_md_putc ( md, n >> 24 ); /* 4 byte length header */
|
||||
gcry_md_putc ( md, n >> 24 ); /* 4 byte length header (upper bits) */
|
||||
gcry_md_putc ( md, n >> 16 );
|
||||
gcry_md_putc ( md, n >> 8 );
|
||||
gcry_md_putc ( md, n );
|
||||
/* Note that the next byte may either be 4 or 5. */
|
||||
gcry_md_putc ( md, pk->version );
|
||||
}
|
||||
else
|
||||
{
|
||||
gcry_md_putc ( md, 0x99 ); /* ctb */
|
||||
gcry_md_putc ( md, n >> 8 ); /* 2 byte length header */
|
||||
}
|
||||
gcry_md_putc ( md, n >> 8 ); /* lower bits of the length header. */
|
||||
gcry_md_putc ( md, n );
|
||||
gcry_md_putc ( md, pk->version );
|
||||
}
|
||||
gcry_md_putc ( md, pk->timestamp >> 24 );
|
||||
gcry_md_putc ( md, pk->timestamp >> 16 );
|
||||
gcry_md_putc ( md, pk->timestamp >> 8 );
|
||||
@ -260,7 +380,7 @@ do_hash_public_key (gcry_md_hd_t md, PKT_public_key *pk, int use_v5)
|
||||
|
||||
gcry_md_putc ( md, pk->pubkey_algo );
|
||||
|
||||
if (use_v5)
|
||||
if (use_v5) /* Hash the 32 bit length */
|
||||
{
|
||||
n -= 10;
|
||||
gcry_md_putc ( md, n >> 24 );
|
||||
@ -935,6 +1055,32 @@ v5_fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* This is the core of fpr20_from_pk which directly takes a
|
||||
* fingerprint and its length instead of the public key. See below
|
||||
* for details.
|
||||
*/
|
||||
void
|
||||
fpr20_from_fpr (const byte *fpr, unsigned int fprlen, byte array[20])
|
||||
{
|
||||
if (fprlen >= 32) /* v5 fingerprint (or larger) */
|
||||
{
|
||||
memcpy (array + 0, fpr + 20, 4);
|
||||
memcpy (array + 4, fpr + 24, 4);
|
||||
memcpy (array + 8, fpr + 28, 4);
|
||||
memcpy (array + 12, fpr + 0, 4); /* kid[0] */
|
||||
memcpy (array + 16, fpr + 4, 4); /* kid[1] */
|
||||
}
|
||||
else if (fprlen == 20) /* v4 fingerprint */
|
||||
memcpy (array, fpr, 20);
|
||||
else /* v3 or too short: fill up with zeroes. */
|
||||
{
|
||||
memset (array, 0, 20);
|
||||
memcpy (array, fpr, fprlen);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Get FPR20 for the given PK/SK into ARRAY.
|
||||
*
|
||||
@ -951,19 +1097,7 @@ fpr20_from_pk (PKT_public_key *pk, byte array[20])
|
||||
if (!pk->fprlen)
|
||||
compute_fingerprint (pk);
|
||||
|
||||
if (!array)
|
||||
array = xmalloc (pk->fprlen);
|
||||
|
||||
if (pk->fprlen == 32) /* v5 fingerprint */
|
||||
{
|
||||
memcpy (array + 0, pk->fpr + 20, 4);
|
||||
memcpy (array + 4, pk->fpr + 24, 4);
|
||||
memcpy (array + 8, pk->fpr + 28, 4);
|
||||
memcpy (array + 12, pk->fpr + 0, 4); /* kid[0] */
|
||||
memcpy (array + 16, pk->fpr + 4, 4); /* kid[1] */
|
||||
}
|
||||
else /* v4 fingerprint */
|
||||
memcpy (array, pk->fpr, 20);
|
||||
fpr20_from_fpr (pk->fpr, pk->fprlen, array);
|
||||
}
|
||||
|
||||
|
||||
|
@ -84,6 +84,7 @@ struct weakhash
|
||||
/*-- gpg.c --*/
|
||||
extern int g10_errors_seen;
|
||||
extern int assert_signer_true;
|
||||
extern int assert_pubkey_algo_false;
|
||||
|
||||
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
|
||||
void g10_exit(int rc) __attribute__ ((__noreturn__));
|
||||
@ -495,6 +496,7 @@ int verify_files (ctrl_t ctrl, int nfiles, char **files );
|
||||
int gpg_verify (ctrl_t ctrl, gnupg_fd_t sig_fd, gnupg_fd_t data_fd,
|
||||
estream_t out_fp);
|
||||
void check_assert_signer_list (const char *mainpkhex, const char *pkhex);
|
||||
void check_assert_pubkey_algo (const char *algostr, const char *pkhex);
|
||||
|
||||
/*-- decrypt.c --*/
|
||||
int decrypt_message (ctrl_t ctrl, const char *filename );
|
||||
|
@ -898,7 +898,7 @@ proc_encrypted (CTX c, PACKET *pkt)
|
||||
* encrypted packet. */
|
||||
literals_seen++;
|
||||
|
||||
/* The --require-compliance option allows to simplify decryption in
|
||||
/* The --require-compliance option allows one to simplify decryption in
|
||||
* de-vs compliance mode by just looking at the exit status. */
|
||||
if (opt.flags.require_compliance
|
||||
&& opt.compliance == CO_DE_VS
|
||||
@ -1876,6 +1876,8 @@ check_sig_and_print (CTX c, kbnode_t node)
|
||||
const void *extrahash = NULL;
|
||||
size_t extrahashlen = 0;
|
||||
kbnode_t included_keyblock = NULL;
|
||||
char pkstrbuf[PUBKEY_STRING_SIZE] = { 0 };
|
||||
|
||||
|
||||
if (opt.skip_verify)
|
||||
{
|
||||
@ -2409,8 +2411,14 @@ check_sig_and_print (CTX c, kbnode_t node)
|
||||
show_notation (sig, 0, 2, 0);
|
||||
}
|
||||
|
||||
/* Fill PKSTRBUF with the algostring in case we later need it. */
|
||||
if (pk)
|
||||
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
|
||||
|
||||
/* For good signatures print the VALIDSIG status line. */
|
||||
if (!rc && (is_status_enabled () || opt.assert_signer_list) && pk)
|
||||
if (!rc && (is_status_enabled ()
|
||||
|| opt.assert_signer_list
|
||||
|| opt.assert_pubkey_algos) && pk)
|
||||
{
|
||||
char pkhex[MAX_FINGERPRINT_LEN*2+1];
|
||||
char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
|
||||
@ -2432,6 +2440,8 @@ check_sig_and_print (CTX c, kbnode_t node)
|
||||
mainpkhex);
|
||||
/* Handle the --assert-signer option. */
|
||||
check_assert_signer_list (mainpkhex, pkhex);
|
||||
/* Handle the --assert-pubkey-algo option. */
|
||||
check_assert_pubkey_algo (pkstrbuf, pkhex);
|
||||
}
|
||||
|
||||
/* Print compliance warning for Good signatures. */
|
||||
@ -2464,13 +2474,6 @@ check_sig_and_print (CTX c, kbnode_t node)
|
||||
|
||||
if (opt.verbose)
|
||||
{
|
||||
char pkstrbuf[PUBKEY_STRING_SIZE];
|
||||
|
||||
if (pk)
|
||||
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
|
||||
else
|
||||
*pkstrbuf = 0;
|
||||
|
||||
log_info (_("%s signature, digest algorithm %s%s%s\n"),
|
||||
sig->sig_class==0x00?_("binary"):
|
||||
sig->sig_class==0x01?_("textmode"):_("unknown"),
|
||||
|
@ -126,9 +126,9 @@ struct
|
||||
int marginals_needed;
|
||||
int completes_needed;
|
||||
int max_cert_depth;
|
||||
const char *agent_program;
|
||||
const char *keyboxd_program;
|
||||
const char *dirmngr_program;
|
||||
char *agent_program;
|
||||
char *keyboxd_program;
|
||||
char *dirmngr_program;
|
||||
int disable_dirmngr;
|
||||
|
||||
const char *def_new_key_algo;
|
||||
@ -241,6 +241,10 @@ struct
|
||||
* modify to be uppercase if they represent a fingerrint */
|
||||
strlist_t assert_signer_list;
|
||||
|
||||
/* A single string with the comma delimited args from
|
||||
* --assert-pubkey_algo. */
|
||||
char *assert_pubkey_algos;
|
||||
|
||||
struct
|
||||
{
|
||||
/* If set, require an 0x19 backsig to be present on signatures
|
||||
@ -414,12 +418,13 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
|
||||
#define EXPORT_ATTRIBUTES (1<<1)
|
||||
#define EXPORT_SENSITIVE_REVKEYS (1<<2)
|
||||
#define EXPORT_RESET_SUBKEY_PASSWD (1<<3)
|
||||
#define EXPORT_MINIMAL (1<<4)
|
||||
#define EXPORT_CLEAN (1<<5)
|
||||
#define EXPORT_MINIMAL (1<<5)
|
||||
#define EXPORT_CLEAN (1<<6)
|
||||
#define EXPORT_DANE_FORMAT (1<<7)
|
||||
#define EXPORT_BACKUP (1<<10)
|
||||
#define EXPORT_REVOCS (1<<11)
|
||||
#define EXPORT_MODE1003 (1<<12)
|
||||
#define EXPORT_REALCLEAN (1<<13)
|
||||
|
||||
#define LIST_SHOW_PHOTOS (1<<0)
|
||||
#define LIST_SHOW_POLICY_URLS (1<<1)
|
||||
|
@ -67,12 +67,3 @@ do_test (int argc, char *argv[])
|
||||
release_kbnode (kb1);
|
||||
xfree (ctrl);
|
||||
}
|
||||
|
||||
int assert_signer_true = 0;
|
||||
|
||||
void
|
||||
check_assert_signer_list (const char *mainpkhex, const char *pkhex)
|
||||
{
|
||||
(void)mainpkhex;
|
||||
(void)pkhex;
|
||||
}
|
||||
|
@ -105,13 +105,3 @@ do_test (int argc, char *argv[])
|
||||
keydb_release (hd2);
|
||||
xfree (ctrl);
|
||||
}
|
||||
|
||||
|
||||
int assert_signer_true = 0;
|
||||
|
||||
void
|
||||
check_assert_signer_list (const char *mainpkhex, const char *pkhex)
|
||||
{
|
||||
(void)mainpkhex;
|
||||
(void)pkhex;
|
||||
}
|
||||
|
129
g10/t-keyid.c
Normal file
129
g10/t-keyid.c
Normal file
@ -0,0 +1,129 @@
|
||||
/* t-keyid.c - Tests for keyid.c.
|
||||
* Copyright (C) 2024 g10 Code GmbH
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
* GnuPG is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* GnuPG is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
||||
* SPDX-License-Identifier: GPL-3.0-or-later
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#define LEAN_T_SUPPORT 1
|
||||
|
||||
#define PGM "t-keyid"
|
||||
|
||||
#include "gpg.h"
|
||||
#include "keydb.h"
|
||||
#include "../common/t-support.h"
|
||||
|
||||
|
||||
|
||||
static int verbose;
|
||||
|
||||
|
||||
static void
|
||||
test_compare_pubkey_string (void)
|
||||
{
|
||||
static struct { const char *astr; const char *bstr; int expected; } t[] =
|
||||
{
|
||||
{ "rsa2048" , "rsa2048" , 1 },
|
||||
{ "rsa2048" , ">=rsa2048" , 1 },
|
||||
{ "rsa2048" , ">rsa2048" , 0 },
|
||||
{ "ed25519" , ">rsa1024" , 0 },
|
||||
{ "ed25519" , "ed25519" , 1 },
|
||||
{ "ed25519" , ",,,=ed25519" , 1 },
|
||||
{ "nistp384" , ">nistp256" , 1 },
|
||||
{ "nistp521" , ">=rsa3072, >nistp384", 1 },
|
||||
{ " nistp521" , ">=rsa3072, >nistp384 ", 1 },
|
||||
{ " nistp521 " , " >=rsa3072, >nistp384 ", 1 },
|
||||
{ " =nistp521 " , " >=rsa3072, >nistp384,,", 1 },
|
||||
{ "nistp384" , ">nistp384" , 0 },
|
||||
{ "nistp384" , ">=nistp384" , 1 },
|
||||
{ "brainpoolP384" , ">=brainpoolp256", 1 },
|
||||
{ "brainpoolP384" , ">brainpoolp384" , 0 },
|
||||
{ "brainpoolP384" , ">=brainpoolp384", 1 },
|
||||
{ "brainpoolP256r1", ">brainpoolp256r1", 0 },
|
||||
{ "brainpoolP384r1", ">brainpoolp384r1" , 0 },
|
||||
{ "brainpoolP384r1", ">=brainpoolp384r1", 1 },
|
||||
{ "brainpoolP384r1", ">=brainpoolp384" , 1 },
|
||||
{ "", "", 0}
|
||||
};
|
||||
int idx;
|
||||
int result;
|
||||
|
||||
for (idx=0; idx < DIM(t); idx++)
|
||||
{
|
||||
result = compare_pubkey_string (t[idx].astr, t[idx].bstr);
|
||||
if (result != t[idx].expected)
|
||||
{
|
||||
fail (idx);
|
||||
if (verbose)
|
||||
log_debug ("\"%s\", \"%s\" want %d got %d\n",
|
||||
t[idx].astr, t[idx].bstr, t[idx].expected, result);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
{
|
||||
int last_argc = -1;
|
||||
|
||||
no_exit_on_fail = 1;
|
||||
|
||||
if (argc)
|
||||
{ argc--; argv++; }
|
||||
while (argc && last_argc != argc )
|
||||
{
|
||||
last_argc = argc;
|
||||
if (!strcmp (*argv, "--"))
|
||||
{
|
||||
argc--; argv++;
|
||||
break;
|
||||
}
|
||||
else if (!strcmp (*argv, "--help"))
|
||||
{
|
||||
fputs ("usage: " PGM " [FILE]\n"
|
||||
"Options:\n"
|
||||
" --verbose Print timings etc.\n"
|
||||
" --debug Flyswatter\n"
|
||||
, stdout);
|
||||
exit (0);
|
||||
}
|
||||
else if (!strcmp (*argv, "--verbose"))
|
||||
{
|
||||
verbose++;
|
||||
argc--; argv++;
|
||||
}
|
||||
else if (!strcmp (*argv, "--debug"))
|
||||
{
|
||||
verbose += 2;
|
||||
argc--; argv++;
|
||||
}
|
||||
else if (!strncmp (*argv, "--", 2))
|
||||
{
|
||||
fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
|
||||
exit (1);
|
||||
}
|
||||
}
|
||||
|
||||
test_compare_pubkey_string ();
|
||||
|
||||
return !!errcount;
|
||||
}
|
@ -611,12 +611,3 @@ do_test (int argc, char *argv[])
|
||||
|
||||
xfree (filename);
|
||||
}
|
||||
|
||||
int assert_signer_true = 0;
|
||||
|
||||
void
|
||||
check_assert_signer_list (const char *mainpkhex, const char *pkhex)
|
||||
{
|
||||
(void)mainpkhex;
|
||||
(void)pkhex;
|
||||
}
|
||||
|
@ -190,7 +190,11 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
|
||||
while (fprlen < MAX_FINGERPRINT_LEN)
|
||||
fpr[fprlen++] = 0;
|
||||
|
||||
rc = tdbio_search_trust_byfpr (ctrl, fpr, &rec);
|
||||
/* FIXME: The intention is to save the special fpr20 as used
|
||||
* in the trustdb here. However, the above conversions seems
|
||||
* not to be aware of this. Or why does it allow up to
|
||||
* MAX_FINGERPRINT_LEN ? */
|
||||
rc = tdbio_search_trust_byfpr (ctrl, fpr, 20, &rec);
|
||||
if( !rc ) { /* found: update */
|
||||
if (rec.r.trust.ownertrust != otrust)
|
||||
{
|
||||
|
16
g10/tdbio.c
16
g10/tdbio.c
@ -1864,13 +1864,21 @@ cmp_trec_fpr ( const void *fpr, const TRUSTREC *rec )
|
||||
* Return: 0 if found, GPG_ERR_NOT_FOUND, or another error code.
|
||||
*/
|
||||
gpg_error_t
|
||||
tdbio_search_trust_byfpr (ctrl_t ctrl, const byte *fingerprint, TRUSTREC *rec)
|
||||
tdbio_search_trust_byfpr (ctrl_t ctrl, const byte *fpr, unsigned int fprlen,
|
||||
TRUSTREC *rec)
|
||||
{
|
||||
int rc;
|
||||
byte fingerprint[20];
|
||||
|
||||
if (fprlen != 20)
|
||||
{
|
||||
fpr20_from_fpr (fpr, fprlen, fingerprint);
|
||||
fpr = fingerprint;
|
||||
}
|
||||
|
||||
/* Locate the trust record using the hash table */
|
||||
rc = lookup_hashtable (get_trusthashrec (ctrl), fingerprint, 20,
|
||||
cmp_trec_fpr, fingerprint, rec );
|
||||
rc = lookup_hashtable (get_trusthashrec (ctrl), fpr, 20,
|
||||
cmp_trec_fpr, fpr, rec);
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -1887,7 +1895,7 @@ tdbio_search_trust_bypk (ctrl_t ctrl, PKT_public_key *pk, TRUSTREC *rec)
|
||||
byte fingerprint[20];
|
||||
|
||||
fpr20_from_pk (pk, fingerprint);
|
||||
return tdbio_search_trust_byfpr (ctrl, fingerprint, rec);
|
||||
return tdbio_search_trust_byfpr (ctrl, fingerprint, 20, rec);
|
||||
}
|
||||
|
||||
|
||||
|
@ -111,7 +111,8 @@ int tdbio_end_transaction(void);
|
||||
int tdbio_cancel_transaction(void);
|
||||
int tdbio_delete_record (ctrl_t ctrl, ulong recnum);
|
||||
ulong tdbio_new_recnum (ctrl_t ctrl);
|
||||
gpg_error_t tdbio_search_trust_byfpr (ctrl_t ctrl, const byte *fingerprint,
|
||||
gpg_error_t tdbio_search_trust_byfpr (ctrl_t ctrl,
|
||||
const byte *fpr, unsigned int fprlen,
|
||||
TRUSTREC *rec);
|
||||
gpg_error_t tdbio_search_trust_bypk (ctrl_t ctrl, PKT_public_key *pk,
|
||||
TRUSTREC *rec);
|
||||
|
@ -43,6 +43,9 @@
|
||||
#include "call-agent.h"
|
||||
|
||||
int g10_errors_seen;
|
||||
int assert_signer_true = 0;
|
||||
int assert_pubkey_algo_false = 0;
|
||||
|
||||
|
||||
|
||||
void
|
||||
@ -580,3 +583,18 @@ impex_filter_getval (void *cookie, const char *propname)
|
||||
(void)propname;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
check_assert_signer_list (const char *mainpkhex, const char *pkhex)
|
||||
{
|
||||
(void)mainpkhex;
|
||||
(void)pkhex;
|
||||
}
|
||||
|
||||
void
|
||||
check_assert_pubkey_algo (const char *algostr, const char *pkhex)
|
||||
{
|
||||
(void)algostr;
|
||||
(void)pkhex;
|
||||
}
|
||||
|
@ -15,6 +15,7 @@
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
||||
* SPDX-License-Identifier: GPL-3.0-or-later
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
|
110
g10/trustdb.c
110
g10/trustdb.c
@ -39,8 +39,52 @@
|
||||
#include "tofu.h"
|
||||
#include "key-clean.h"
|
||||
|
||||
|
||||
|
||||
typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
|
||||
|
||||
/*
|
||||
* Structure to keep track of keys, this is used as an array where the
|
||||
* item right after the last one has a keyblock set to NULL. Maybe we
|
||||
* can drop this thing and replace it by key_item
|
||||
*/
|
||||
struct key_array
|
||||
{
|
||||
KBNODE keyblock;
|
||||
};
|
||||
|
||||
|
||||
/* Control information for the trust DB. */
|
||||
static struct
|
||||
{
|
||||
int init;
|
||||
int level;
|
||||
char *dbname;
|
||||
int no_trustdb;
|
||||
} trustdb_args;
|
||||
|
||||
|
||||
/* Some globals. */
|
||||
static struct key_item *utk_list; /* all ultimately trusted keys */
|
||||
|
||||
/* A list used to temporary store trusted keys and a flag indicated
|
||||
* whether any --trusted-key option has been seen. */
|
||||
static struct key_item *trusted_key_list;
|
||||
static int any_trusted_key_seen;
|
||||
|
||||
/* Flag whether a trustdb check is pending. */
|
||||
static int pending_check_trustdb;
|
||||
|
||||
|
||||
|
||||
static void write_record (ctrl_t ctrl, TRUSTREC *rec);
|
||||
static void do_sync(void);
|
||||
static void do_sync (void);
|
||||
static int validate_keys (ctrl_t ctrl, int interactive);
|
||||
|
||||
|
||||
/**********************************************
|
||||
************* some helpers *******************
|
||||
**********************************************/
|
||||
|
||||
|
||||
|
||||
@ -54,7 +98,7 @@ keyid_from_fpr20 (ctrl_t ctrl, const byte *fpr, u32 *keyid)
|
||||
keyid = dummy_keyid;
|
||||
|
||||
/* Problem: We do only use fingerprints in the trustdb but
|
||||
* we need the keyID here to indetify the key; we can only
|
||||
* we need the keyID here to identify the key; we can only
|
||||
* use that ugly hack to distinguish between 16 and 20
|
||||
* bytes fpr - it does not work always so we better change
|
||||
* the whole validation code to only work with
|
||||
@ -88,40 +132,6 @@ keyid_from_fpr20 (ctrl_t ctrl, const byte *fpr, u32 *keyid)
|
||||
return keyid[1];
|
||||
}
|
||||
|
||||
typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
|
||||
|
||||
/*
|
||||
* Structure to keep track of keys, this is used as an array wherre
|
||||
* the item right after the last one has a keyblock set to NULL.
|
||||
* Maybe we can drop this thing and replace it by key_item
|
||||
*/
|
||||
struct key_array
|
||||
{
|
||||
KBNODE keyblock;
|
||||
};
|
||||
|
||||
|
||||
/* Control information for the trust DB. */
|
||||
static struct
|
||||
{
|
||||
int init;
|
||||
int level;
|
||||
char *dbname;
|
||||
int no_trustdb;
|
||||
} trustdb_args;
|
||||
|
||||
/* Some globals. */
|
||||
static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */
|
||||
static struct key_item *utk_list; /* all ultimately trusted keys */
|
||||
|
||||
static int pending_check_trustdb;
|
||||
|
||||
static int validate_keys (ctrl_t ctrl, int interactive);
|
||||
|
||||
|
||||
/**********************************************
|
||||
************* some helpers *******************
|
||||
**********************************************/
|
||||
|
||||
static struct key_item *
|
||||
new_key_item (void)
|
||||
@ -245,11 +255,19 @@ tdb_register_trusted_keyid (u32 *keyid)
|
||||
k = new_key_item ();
|
||||
k->kid[0] = keyid[0];
|
||||
k->kid[1] = keyid[1];
|
||||
k->next = user_utk_list;
|
||||
user_utk_list = k;
|
||||
k->next = trusted_key_list;
|
||||
trusted_key_list = k;
|
||||
}
|
||||
|
||||
|
||||
/* This is called for the option --trusted-key to register these keys
|
||||
* for later syncing them into the trustdb. The special value "none"
|
||||
* may be used to indicate that there is a trusted-key option but no
|
||||
* key shall be inserted for it. This "none" value is helpful to
|
||||
* distinguish between changing the gpg.conf from a trusted-key to no
|
||||
* trusted-key options at all. Simply not specify the option would
|
||||
* not allow to distinguish this case from the --no-options case as
|
||||
* used for certain calls of gpg for example by gpg-wks-client. */
|
||||
void
|
||||
tdb_register_trusted_key (const char *string)
|
||||
{
|
||||
@ -257,6 +275,9 @@ tdb_register_trusted_key (const char *string)
|
||||
KEYDB_SEARCH_DESC desc;
|
||||
u32 kid[2];
|
||||
|
||||
any_trusted_key_seen = 1;
|
||||
if (!strcmp (string, "none"))
|
||||
return;
|
||||
err = classify_user_id (string, &desc, 1);
|
||||
if (!err)
|
||||
{
|
||||
@ -378,11 +399,12 @@ verify_own_keys (ctrl_t ctrl)
|
||||
if (!add_utk (kid))
|
||||
log_info (_("key %s occurs more than once in the trustdb\n"),
|
||||
keystr(kid));
|
||||
else if ((rec.r.trust.flags & 1))
|
||||
else if ((rec.r.trust.flags & 1)
|
||||
&& any_trusted_key_seen)
|
||||
{
|
||||
/* Record marked as inserted via --trusted-key. Is this
|
||||
* still the case? */
|
||||
for (k2 = user_utk_list; k2; k2 = k2->next)
|
||||
for (k2 = trusted_key_list; k2; k2 = k2->next)
|
||||
if (k2->kid[0] == kid[0] && k2->kid[1] == kid[1])
|
||||
break;
|
||||
if (!k2) /* No - clear the flag. */
|
||||
@ -406,7 +428,7 @@ verify_own_keys (ctrl_t ctrl)
|
||||
}
|
||||
|
||||
/* Put any --trusted-key keys into the trustdb */
|
||||
for (k = user_utk_list; k; k = k->next)
|
||||
for (k = trusted_key_list; k; k = k->next)
|
||||
{
|
||||
if ( add_utk (k->kid) )
|
||||
{ /* not yet in trustDB as ultimately trusted */
|
||||
@ -431,9 +453,9 @@ verify_own_keys (ctrl_t ctrl)
|
||||
}
|
||||
}
|
||||
|
||||
/* release the helper table table */
|
||||
release_key_items (user_utk_list);
|
||||
user_utk_list = NULL;
|
||||
/* Release the helper table. */
|
||||
release_key_items (trusted_key_list);
|
||||
trusted_key_list = NULL;
|
||||
return;
|
||||
}
|
||||
|
||||
|
33
g10/verify.c
33
g10/verify.c
@ -335,7 +335,7 @@ check_assert_signer_list (const char *mainpkhex, const char *pkhex)
|
||||
assert_signer_true = 1;
|
||||
write_status_text (STATUS_ASSERT_SIGNER, item->d);
|
||||
if (!opt.quiet)
|
||||
log_info ("signer '%s' matched\n", item->d);
|
||||
log_info ("asserted signer '%s'\n", item->d);
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
@ -390,7 +390,7 @@ check_assert_signer_list (const char *mainpkhex, const char *pkhex)
|
||||
assert_signer_true = 1;
|
||||
write_status_text (STATUS_ASSERT_SIGNER, p);
|
||||
if (!opt.quiet)
|
||||
log_info ("signer '%s' matched '%s', line %d\n",
|
||||
log_info ("asserted signer '%s' (%s:%d)\n",
|
||||
p, fname, lnr);
|
||||
goto leave;
|
||||
}
|
||||
@ -407,3 +407,32 @@ check_assert_signer_list (const char *mainpkhex, const char *pkhex)
|
||||
leave:
|
||||
es_fclose (fp);
|
||||
}
|
||||
|
||||
|
||||
/* This function shall be called with the signer's public key
|
||||
* algorithm ALGOSTR iff a signature is fully valid. If the option
|
||||
* --assert-pubkey-algo is active the functions checks whether the
|
||||
* signing key's algo is valid according to that list; in this case a
|
||||
* global flag is set. */
|
||||
void
|
||||
check_assert_pubkey_algo (const char *algostr, const char *pkhex)
|
||||
{
|
||||
if (!opt.assert_pubkey_algos)
|
||||
return; /* Nothing to do. */
|
||||
|
||||
if (compare_pubkey_string (algostr, opt.assert_pubkey_algos))
|
||||
{
|
||||
write_status_strings (STATUS_ASSERT_PUBKEY_ALGO,
|
||||
pkhex, " 1 ", algostr, NULL);
|
||||
if (!opt.quiet)
|
||||
log_info ("asserted signer '%s' with algo %s\n", pkhex, algostr);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!opt.quiet)
|
||||
log_info ("denied signer '%s' with algo %s\n", pkhex, algostr);
|
||||
assert_pubkey_algo_false = 1;
|
||||
write_status_strings (STATUS_ASSERT_PUBKEY_ALGO,
|
||||
pkhex, " 0 ", algostr, NULL);
|
||||
}
|
||||
}
|
||||
|
@ -455,6 +455,9 @@ main (int argc, char **argv)
|
||||
pargs.argv = &argv;
|
||||
pargs.flags |= (ARGPARSE_FLAG_RESET
|
||||
| ARGPARSE_FLAG_KEEP
|
||||
#if GPGRT_VERSION_NUMBER >= 0x013000 /* >= 1.48 */
|
||||
| ARGPARSE_FLAG_COMMAND
|
||||
#endif
|
||||
| ARGPARSE_FLAG_SYS
|
||||
| ARGPARSE_FLAG_USER);
|
||||
|
||||
|
8
po/ca.po
8
po/ca.po
@ -2303,9 +2303,6 @@ msgstr "crea eixida amb armadura ascii"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FITXER|carrega el mòdul d'extensió especificat"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "usa el mode de text canònic"
|
||||
|
||||
#, fuzzy
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|nivell de compressió N (0 no comprimeix)"
|
||||
@ -7132,7 +7129,7 @@ msgid "||Please enter the PIN"
|
||||
msgstr "canvia la contrasenya"
|
||||
|
||||
#, fuzzy
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "Seleccioneu la raó de la revocació:\n"
|
||||
|
||||
#, c-format
|
||||
@ -9505,6 +9502,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "usa el mode de text canònic"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
10
po/cs.po
10
po/cs.po
@ -2132,9 +2132,6 @@ msgstr "vytvořit výstup zapsaný v ASCII"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|SOUBOR|zapsat výstup do SOUBORU"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "použít kanonický textový režim"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|nastavit úroveň komprese na N (0 – žádná)"
|
||||
|
||||
@ -6707,7 +6704,9 @@ msgstr "přístup k příkazům správce není nakonfigurován\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Prosím, zadejte PIN"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Prosím, zadejte resetační kód karty"
|
||||
|
||||
#, c-format
|
||||
@ -8983,6 +8982,9 @@ msgstr "Příkazy pro správu Yubikey"
|
||||
msgid "manage the command history"
|
||||
msgstr "spravuje historii příkazů"
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "použít kanonický textový režim"
|
||||
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
#~ msgstr "vybraný algoritmus AEAD je neplatný\n"
|
||||
|
||||
|
10
po/da.po
10
po/da.po
@ -2334,9 +2334,6 @@ msgstr "opret ascii-pansrede uddata"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|skriv resultat til FIL"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "brug kanonisk teksttilstand"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|sæt komprimeringsniveauet til N (0 deaktiverer)"
|
||||
|
||||
@ -7175,7 +7172,9 @@ msgstr "adgang til administratorkommandoer er ikke konfigureret\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Indtast venligst PIN'en"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Indtast venligst nulstillingskoden for kortet"
|
||||
|
||||
#, c-format
|
||||
@ -9720,6 +9719,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "brug kanonisk teksttilstand"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
13
po/de.po
13
po/de.po
@ -9,7 +9,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg-2.4.1\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"PO-Revision-Date: 2024-01-24 14:05+0100\n"
|
||||
"PO-Revision-Date: 2024-03-07 13:56+0100\n"
|
||||
"Last-Translator: Werner Koch <wk@gnupg.org>\n"
|
||||
"Language-Team: German\n"
|
||||
"Language: de\n"
|
||||
@ -2142,9 +2142,6 @@ msgstr "Ausgabe mit ASCII-Hülle versehen"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|DATEI|Ausgabe auf DATEI schreiben"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "Textmodus benutzen"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|Kompressionsstufe auf N setzen (0=keine)"
|
||||
|
||||
@ -6801,8 +6798,8 @@ msgstr "Zugriff auf Admin-Befehle ist nicht eingerichtet\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Bitte die PIN eingeben"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgstr "Bitte geben Sie den Rückstellcode für diese Karte ein"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "|R|Bitte geben Sie den Rückstellcode für diese Karte ein"
|
||||
|
||||
#, c-format
|
||||
msgid "Reset Code is too short; minimum length is %d\n"
|
||||
@ -9116,6 +9113,9 @@ msgstr "Verwaltungskommandos für Yubikeys"
|
||||
msgid "manage the command history"
|
||||
msgstr "Verwaltung der Kommandohistorie"
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "Textmodus benutzen"
|
||||
|
||||
#~ msgid "continuing verification anyway due to option %s\n"
|
||||
#~ msgstr "Die Prüfung wird aufgrund der Option %s weiter durchgeführt\n"
|
||||
|
||||
@ -9298,7 +9298,6 @@ msgstr "Verwaltung der Kommandohistorie"
|
||||
#~ msgid "ldapserver missing"
|
||||
#~ msgstr "LDAP Server fehlt"
|
||||
|
||||
#, fuzzy
|
||||
#~ msgid "Suggest a random passphrase."
|
||||
#~ msgstr "Ein zufälliges Passwort vorschlagen"
|
||||
|
||||
|
8
po/el.po
8
po/el.po
@ -2232,9 +2232,6 @@ msgstr "δημιουργία ascii θωρακισμένης εξόδου"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|ΑΡΧΕΙΟ|φόρτωμα του αρθρώματος επέκτασης ΑΡΧΕΙΟ"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "χρήση κανονικής κατάστασης κειμένου"
|
||||
|
||||
#, fuzzy
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|καθορισμός επιπέδου συμπίεσης N (0 απενεργοποιεί)"
|
||||
@ -6997,7 +6994,7 @@ msgid "||Please enter the PIN"
|
||||
msgstr "αλλαγή της φράσης κλειδί"
|
||||
|
||||
#, fuzzy
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
|
||||
|
||||
#, c-format
|
||||
@ -9329,6 +9326,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "χρήση κανονικής κατάστασης κειμένου"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
8
po/eo.po
8
po/eo.po
@ -2215,9 +2215,6 @@ msgstr "krei eligon en askia kiraso"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "uzi tekstan reĝimon"
|
||||
|
||||
#, fuzzy
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|difini densig-nivelon N (0=nenia)"
|
||||
@ -6906,7 +6903,7 @@ msgid "||Please enter the PIN"
|
||||
msgstr "ŝanĝi la pasfrazon"
|
||||
|
||||
#, fuzzy
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "Kialo por revoko: "
|
||||
|
||||
#, c-format
|
||||
@ -9240,6 +9237,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "uzi tekstan reĝimon"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
10
po/es.po
10
po/es.po
@ -2201,9 +2201,6 @@ msgstr "crea una salida ascii con armadura"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|volcar salida en FICHERO"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "usa modo de texto canónico"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|nivel de compresión N (0 desactiva)"
|
||||
|
||||
@ -6848,7 +6845,9 @@ msgstr "el acceso a órdenes de administrador no está configurado\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Por favor introduzca PIN"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Por favor introduzca Código de Reinicio de la tarjeta"
|
||||
|
||||
#, c-format
|
||||
@ -9166,6 +9165,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "usa modo de texto canónico"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
8
po/et.po
8
po/et.po
@ -2223,9 +2223,6 @@ msgstr "loo ascii pakendis väljund"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FAIL|lae laiendusmoodul FAIL"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "kasuta kanoonilist tekstimoodi"
|
||||
|
||||
#, fuzzy
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|määra pakkimise tase N (0 blokeerib)"
|
||||
@ -6917,7 +6914,7 @@ msgid "||Please enter the PIN"
|
||||
msgstr "muuda parooli"
|
||||
|
||||
#, fuzzy
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "Palun valige tühistamise põhjus:\n"
|
||||
|
||||
#, c-format
|
||||
@ -9244,6 +9241,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "kasuta kanoonilist tekstimoodi"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
8
po/fi.po
8
po/fi.po
@ -2240,9 +2240,6 @@ msgstr "tuota ascii-koodattu tuloste"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "käytä tekstimuotoa"
|
||||
|
||||
#, fuzzy
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|aseta pakkausaste N (0 poistaa käytöstä)"
|
||||
@ -6980,7 +6977,7 @@ msgid "||Please enter the PIN"
|
||||
msgstr "muuta salasanaa"
|
||||
|
||||
#, fuzzy
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "Valitse mitätöinnin syy:\n"
|
||||
|
||||
#, c-format
|
||||
@ -9312,6 +9309,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "käytä tekstimuotoa"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
10
po/fr.po
10
po/fr.po
@ -2260,9 +2260,6 @@ msgstr "créer une sortie ASCII avec armure"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FICHIER|écrire la sortie dans le FICHIER"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "utiliser le mode texte canonique"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|niveau de compression N (0 désactive)"
|
||||
|
||||
@ -7116,7 +7113,9 @@ msgstr "l'accès aux commandes d'administration n'est pas configuré\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Veuillez entrer le code personnel"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Veuillez entrer le code de réinitialisation pour la carte"
|
||||
|
||||
#, c-format
|
||||
@ -9523,6 +9522,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "utiliser le mode texte canonique"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
8
po/gl.po
8
po/gl.po
@ -2231,9 +2231,6 @@ msgstr "crear saída con armadura en ascii"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "usar modo de texto canónico"
|
||||
|
||||
#, fuzzy
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|axusta-lo nivel de compresión a N (0 desactiva)"
|
||||
@ -6981,7 +6978,7 @@ msgid "||Please enter the PIN"
|
||||
msgstr "cambia-lo contrasinal"
|
||||
|
||||
#, fuzzy
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "Por favor, escolla o motivo da revocación:\n"
|
||||
|
||||
#, c-format
|
||||
@ -9324,6 +9321,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "usar modo de texto canónico"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
8
po/hu.po
8
po/hu.po
@ -2223,9 +2223,6 @@ msgstr "ascii páncélozott kimenet létrehozása"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|fájl|bővítő modul betöltése"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "kanonikus szöveges mód használata"
|
||||
|
||||
#, fuzzy
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|tömörítési szint beállítása N-re (0: tiltás)"
|
||||
@ -6943,7 +6940,7 @@ msgid "||Please enter the PIN"
|
||||
msgstr "jelszóváltoztatás"
|
||||
|
||||
#, fuzzy
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "Kérem, válassza ki a visszavonás okát:\n"
|
||||
|
||||
#, c-format
|
||||
@ -9271,6 +9268,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "kanonikus szöveges mód használata"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
8
po/id.po
8
po/id.po
@ -2227,9 +2227,6 @@ msgstr "ciptakan output ascii"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|muat modul ekstensi FILE"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "gunakan mode teks kanonikal"
|
||||
|
||||
#, fuzzy
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|set tingkat kompresi N (0 tidak ada)"
|
||||
@ -6942,7 +6939,7 @@ msgid "||Please enter the PIN"
|
||||
msgstr "ubah passphrase"
|
||||
|
||||
#, fuzzy
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "Silakan pilih alasan untuk pembatalan:\n"
|
||||
|
||||
#, c-format
|
||||
@ -9270,6 +9267,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "gunakan mode teks kanonikal"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
10
po/it.po
10
po/it.po
@ -2135,9 +2135,6 @@ msgstr "crea un output ascii con armatura"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|scrittura dell'output in FILE"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "usa il modo testo canonico"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|Impostare il livello di compressione su N (0 disabilita)"
|
||||
|
||||
@ -6762,7 +6759,9 @@ msgstr "l'accesso ai comandi di amministrazione non è configurato\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Inserisci il PIN"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Inserisci il Codice reset per la carta"
|
||||
|
||||
#, c-format
|
||||
@ -9078,6 +9077,9 @@ msgstr "Comandi di gestione Yubikey"
|
||||
msgid "manage the command history"
|
||||
msgstr "gestire la cronologia dei comandi"
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "usa il modo testo canonico"
|
||||
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
#~ msgstr "l'algoritmo AEAD selezionato non è valido\n"
|
||||
|
||||
|
12
po/ja.po
12
po/ja.po
@ -11,7 +11,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 2.4.3\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"PO-Revision-Date: 2024-01-25 09:06+0900\n"
|
||||
"PO-Revision-Date: 2024-03-07 13:59+0100\n"
|
||||
"Last-Translator: NIIBE Yutaka <gniibe@fsij.org>\n"
|
||||
"Language-Team: none\n"
|
||||
"Language: ja\n"
|
||||
@ -2086,9 +2086,6 @@ msgstr "ASCII形式の外装を作成"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|出力をFILEに書き出す"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "正準テキスト・モードを使用"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|圧縮レベルをNに設定 (0は非圧縮)"
|
||||
|
||||
@ -6484,8 +6481,8 @@ msgstr "管理コマンドへのアクセスが設定されていません\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||PINを入力してください"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgstr "||カードのリセット・コードを入力してください"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "|R|カードのリセット・コードを入力してください"
|
||||
|
||||
#, c-format
|
||||
msgid "Reset Code is too short; minimum length is %d\n"
|
||||
@ -8738,6 +8735,9 @@ msgstr "Yubikey管理コマンド"
|
||||
msgid "manage the command history"
|
||||
msgstr "コマンド履歴を管理する"
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "正準テキスト・モードを使用"
|
||||
|
||||
#~ msgid "continuing verification anyway due to option %s\n"
|
||||
#~ msgstr "オプション %sのため、検証を続けます\n"
|
||||
|
||||
|
10
po/nb.po
10
po/nb.po
@ -2171,9 +2171,6 @@ msgstr "lag ASCII-beskyttet utdata"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|skriv utdata til valgt FIL"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "bruk kanonisk tekstmodus"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|endre komprimeringsnivå til N (0 for å slå av)"
|
||||
|
||||
@ -6770,7 +6767,9 @@ msgstr "tilgang til admin-kommandoer er ikke konfigurert\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Skriv inn PIN-kode"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Skriv inn tilbakestillingskode for kortet"
|
||||
|
||||
#, c-format
|
||||
@ -9055,6 +9054,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "bruk kanonisk tekstmodus"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
651
po/pl.po
651
po/pl.po
@ -2,13 +2,13 @@
|
||||
# Copyright (C) 1998, 1999, 2000, 2001, 2002,
|
||||
# 2007 Free Software Foundation, Inc.
|
||||
# Janusz A. Urbanowicz <alex@bofh.net.pl>, 1999, 2000, 2001, 2002, 2003-2004
|
||||
# Jakub Bogusz <qboosh@pld-linux.org>, 2003-2023.
|
||||
# Jakub Bogusz <qboosh@pld-linux.org>, 2003-2024.
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg-2.4.3\n"
|
||||
"Project-Id-Version: gnupg-2.4.4\n"
|
||||
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
|
||||
"PO-Revision-Date: 2023-10-20 21:29+0200\n"
|
||||
"PO-Revision-Date: 2024-03-07 14:00+0100\n"
|
||||
"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
|
||||
"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
|
||||
"Language: pl\n"
|
||||
@ -923,43 +923,35 @@ msgstr "OSTRZEŻENIE: „%s%s” jest przestarzałą opcją - nie ma efektu\n"
|
||||
msgid "unknown debug flag '%s' ignored\n"
|
||||
msgstr "nieznana flaga diagnostyczna „%s” zignorowana\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "waiting for the %s to come up ... (%ds)\n"
|
||||
#, c-format
|
||||
msgid "waiting for the dirmngr to come up ... (%ds)\n"
|
||||
msgstr "oczekiwanie na uruchomienie procesu %s... (%ds)\n"
|
||||
msgstr "oczekiwanie na uruchomienie procesu dirmngr... (%ds)\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "waiting for the %s to come up ... (%ds)\n"
|
||||
#, c-format
|
||||
msgid "waiting for the keyboxd to come up ... (%ds)\n"
|
||||
msgstr "oczekiwanie na uruchomienie procesu %s... (%ds)\n"
|
||||
msgstr "oczekiwanie na uruchomienie procesu keyboxd... (%ds)\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "waiting for the %s to come up ... (%ds)\n"
|
||||
#, c-format
|
||||
msgid "waiting for the agent to come up ... (%ds)\n"
|
||||
msgstr "oczekiwanie na uruchomienie procesu %s... (%ds)\n"
|
||||
msgstr "oczekiwanie na uruchomienie procesu agenta... (%ds)\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "connection to %s established\n"
|
||||
#, c-format
|
||||
msgid "connection to the dirmngr established\n"
|
||||
msgstr "ustanowiono połączenie z procesem %s\n"
|
||||
msgstr "ustanowiono połączenie z procesem dirmngr\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "connection to %s established\n"
|
||||
#, c-format
|
||||
msgid "connection to the keyboxd established\n"
|
||||
msgstr "ustanowiono połączenie z procesem %s\n"
|
||||
msgstr "ustanowiono połączenie z procesem keyboxd\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "connection to %s established\n"
|
||||
#, c-format
|
||||
msgid "connection to the agent established\n"
|
||||
msgstr "ustanowiono połączenie z procesem %s\n"
|
||||
msgstr "ustanowiono połączenie z procesem agenta\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "no running Dirmngr - starting '%s'\n"
|
||||
#, c-format
|
||||
msgid "no running %s - starting '%s'\n"
|
||||
msgstr "Dirmngr nie działa - uruchamianie „%s”\n"
|
||||
msgstr "brak działającego %s - uruchamianie „%s”\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "connection to agent is in restricted mode\n"
|
||||
#, c-format
|
||||
msgid "connection to the agent is in restricted mode\n"
|
||||
msgstr "połączenie z agentem jest w trybie ograniczonym\n"
|
||||
|
||||
@ -1332,10 +1324,11 @@ msgstr "problem z agentem: %s\n"
|
||||
msgid "no dirmngr running in this session\n"
|
||||
msgstr "brak działającego dirmngr w tej sesji\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "keyserver option \"%s\" may not be used in %s mode\n"
|
||||
#, c-format
|
||||
msgid "keyserver option \"honor-keyserver-url\" may not be used in Tor mode\n"
|
||||
msgstr "opcja serwera kluczy „%s” nie może być używana w trybie %s\n"
|
||||
msgstr ""
|
||||
"opcja serwera kluczy „honor-keyserver-url” nie może być używana w trybie "
|
||||
"Tor\n"
|
||||
|
||||
msgid "WKD uses a cached result"
|
||||
msgstr "WKD używa zapamiętanego wyniku"
|
||||
@ -1402,7 +1395,7 @@ msgstr "wymuszono"
|
||||
|
||||
#, c-format
|
||||
msgid "Please try command \"%s\" if the listing does not look correct\n"
|
||||
msgstr "Proszę spróbować polecenia ,,%s'', jeśli lista nie wygląda poprawnie\n"
|
||||
msgstr "Proszę spróbować polecenia „%s”, jeśli lista nie wygląda poprawnie\n"
|
||||
|
||||
msgid "Error: Only plain ASCII is currently allowed.\n"
|
||||
msgstr "Błąd: aktualnie dopuszczalne jest tylko czyste ASCII.\n"
|
||||
@ -1768,14 +1761,13 @@ msgstr ""
|
||||
"OSTRZEŻENIE: wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami "
|
||||
"adresata\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "cipher algorithm '%s' may not be used in %s mode\n"
|
||||
#, c-format
|
||||
msgid "cipher algorithm '%s' may not be used for encryption\n"
|
||||
msgstr "szyfr „%s” nie może być używany w trybie %s\n"
|
||||
msgstr "algorytm szyfru „%s” nie może być używany do szyfrowania\n"
|
||||
|
||||
#, c-format
|
||||
msgid "(use option \"%s\" to override)\n"
|
||||
msgstr ""
|
||||
msgstr "(opcją „%s” można to obejść)\n"
|
||||
|
||||
#, c-format
|
||||
msgid "cipher algorithm '%s' may not be used in %s mode\n"
|
||||
@ -1821,17 +1813,15 @@ msgstr ""
|
||||
"OSTRZEŻENIE: wymuszone użycie kompresji %s (%d) kłóci się z ustawieniami "
|
||||
"adresata\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "%s/%s encrypted for: \"%s\"\n"
|
||||
#, c-format
|
||||
msgid "%s/%s.%s encrypted for: \"%s\"\n"
|
||||
msgstr "%s/%s zaszyfrowany dla: „%s”\n"
|
||||
msgstr "%s/%s.%s zaszyfrowany dla: „%s”\n"
|
||||
|
||||
#, c-format
|
||||
msgid "option '%s' may not be used in %s mode\n"
|
||||
msgstr "opcja „%s” nie może być używana w trybie %s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "%s encrypted data\n"
|
||||
#, c-format
|
||||
msgid "%s encrypted data\n"
|
||||
msgstr "dane zaszyfrowano za pomocą %s\n"
|
||||
|
||||
@ -2101,9 +2091,6 @@ msgstr "opakowanie ASCII pliku wynikowego"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|PLIK|zapis wyjścia do PLIKU"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "kanoniczny format tekstowy"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|ustawienie poziomu kompresji N (0 - bez)"
|
||||
|
||||
@ -2798,12 +2785,11 @@ msgstr ""
|
||||
|
||||
#, c-format
|
||||
msgid " \"%s\": preference for cipher algorithm %s\n"
|
||||
msgstr " „%s”: preferowany szyfr %s\n"
|
||||
msgstr " „%s”: preferowany algorytm szyfru %s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " \"%s\": preference for cipher algorithm %s\n"
|
||||
#, c-format
|
||||
msgid " \"%s\": preference for AEAD algorithm %s\n"
|
||||
msgstr " „%s”: preferowany szyfr %s\n"
|
||||
msgstr " „%s”: preferowany algorytm AEAD %s\n"
|
||||
|
||||
#, c-format
|
||||
msgid " \"%s\": preference for digest algorithm %s\n"
|
||||
@ -3905,7 +3891,7 @@ msgstr "Czy podano odcisk podklucza?\n"
|
||||
|
||||
#, c-format
|
||||
msgid "key \"%s\" is already on this keyblock\n"
|
||||
msgstr "klucz ,,%s'' jest już w tym bloku kluczy\n"
|
||||
msgstr "klucz „%s” jest już w tym bloku kluczy\n"
|
||||
|
||||
msgid ""
|
||||
"Are you sure you want to change the expiration time for multiple subkeys? (y/"
|
||||
@ -4154,77 +4140,64 @@ msgstr " (%c) Przełączenie możliwości uwierzytelniania\n"
|
||||
msgid " (%c) Finished\n"
|
||||
msgstr " (%c) Zakończenie\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) RSA and RSA (default)\n"
|
||||
#, c-format
|
||||
msgid " (%d) RSA and RSA%s\n"
|
||||
msgstr " (%d) RSA i RSA (domyślne)\n"
|
||||
msgstr " (%d) RSA i RSA%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) DSA and Elgamal\n"
|
||||
#, c-format
|
||||
msgid " (%d) DSA and Elgamal%s\n"
|
||||
msgstr " (%d) DSA i Elgamala\n"
|
||||
msgstr " (%d) DSA i Elgamala%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) DSA (sign only)\n"
|
||||
#, c-format
|
||||
msgid " (%d) DSA (sign only)%s\n"
|
||||
msgstr " (%d) DSA (tylko do podpisywania)\n"
|
||||
msgstr " (%d) DSA (tylko do podpisywania)%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) RSA (sign only)\n"
|
||||
#, c-format
|
||||
msgid " (%d) RSA (sign only)%s\n"
|
||||
msgstr " (%d) RSA (tylko do podpisywania)\n"
|
||||
msgstr " (%d) RSA (tylko do podpisywania)%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) Elgamal (encrypt only)\n"
|
||||
#, c-format
|
||||
msgid " (%d) Elgamal (encrypt only)%s\n"
|
||||
msgstr " (%d) Elgamala (tylko do szyfrowania)\n"
|
||||
msgstr " (%d) Elgamala (tylko do szyfrowania)%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) RSA (encrypt only)\n"
|
||||
#, c-format
|
||||
msgid " (%d) RSA (encrypt only)%s\n"
|
||||
msgstr " (%d) RSA (tylko do szyfrowania)\n"
|
||||
msgstr " (%d) RSA (tylko do szyfrowania)%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) DSA (set your own capabilities)\n"
|
||||
#, c-format
|
||||
msgid " (%d) DSA (set your own capabilities)%s\n"
|
||||
msgstr " (%d) DSA (możliwości do ustawienia)\n"
|
||||
msgstr " (%d) DSA (możliwości do ustawienia)%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) RSA (set your own capabilities)\n"
|
||||
#, c-format
|
||||
msgid " (%d) RSA (set your own capabilities)%s\n"
|
||||
msgstr " (%d) RSA (możliwości do ustawienia)\n"
|
||||
msgstr " (%d) RSA (możliwości do ustawienia)%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) sign, encrypt\n"
|
||||
#, c-format
|
||||
msgid " (%d) ECC (sign and encrypt)%s\n"
|
||||
msgstr " (%d) podpisywanie, szyfrowanie\n"
|
||||
msgstr " (%d) ECC (podpisywanie i szyfrowanie)%s\n"
|
||||
|
||||
msgid " *default*"
|
||||
msgstr ""
|
||||
msgstr " *domyślne*"
|
||||
|
||||
#, c-format
|
||||
msgid " (%d) ECC (sign only)\n"
|
||||
msgstr " (%d) ECC (tylko do podpisywania)\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) ECC (set your own capabilities)\n"
|
||||
#, c-format
|
||||
msgid " (%d) ECC (set your own capabilities)%s\n"
|
||||
msgstr " (%d) ECC (możliwości do ustawienia)\n"
|
||||
msgstr " (%d) ECC (możliwości do ustawienia)%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) ECC (encrypt only)\n"
|
||||
#, c-format
|
||||
msgid " (%d) ECC (encrypt only)%s\n"
|
||||
msgstr " (%d) ECC (tylko do szyfrowania)\n"
|
||||
msgstr " (%d) ECC (tylko do szyfrowania)%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) Existing key\n"
|
||||
#, c-format
|
||||
msgid " (%d) Existing key%s\n"
|
||||
msgstr " (%d) Istniejący klucz\n"
|
||||
msgstr " (%d) Istniejący klucz%s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid " (%d) Existing key from card\n"
|
||||
#, c-format
|
||||
msgid " (%d) Existing key from card%s\n"
|
||||
msgstr " (%d) Istniejący klucz z karty\n"
|
||||
msgstr " (%d) Istniejący klucz z karty%s\n"
|
||||
|
||||
msgid "Enter the keygrip: "
|
||||
msgstr "Uchwyt klucza: "
|
||||
@ -5336,25 +5309,22 @@ msgstr ""
|
||||
"OSTRZEŻENIE: ten klucz mógł zostać unieważniony\n"
|
||||
" (brak klucza unieważniającego aby to sprawdzić)\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "user ID: \"%s\"\n"
|
||||
#, c-format
|
||||
msgid "checking User ID \"%s\"\n"
|
||||
msgstr "identyfikator użytkownika: „%s”\n"
|
||||
msgstr "sprawdzanie identyfikatora użytkownika: „%s”\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "option '%s' given, but option '%s' not given\n"
|
||||
#, c-format
|
||||
msgid "option %s given but issuer \"%s\" does not match\n"
|
||||
msgstr "podano opcję „%s”, ale nie podano opcji „%s”\n"
|
||||
msgstr "podano opcję %s, ale wystawca „%s” nie pasuje\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "key %s: doesn't match our copy\n"
|
||||
#, c-format
|
||||
msgid "issuer \"%s\" does not match any User ID\n"
|
||||
msgstr "klucz %s: nie zgadza się z lokalną kopią\n"
|
||||
msgstr "klucz „%s” nie pasuje do żadnego identyfikatora użytkownika\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "option '%s' given, but option '%s' not given\n"
|
||||
#, c-format
|
||||
msgid "option %s given but no matching User ID found\n"
|
||||
msgstr "podano opcję „%s”, ale nie podano opcji „%s”\n"
|
||||
msgstr ""
|
||||
"podano opcję %s, ale nie znaleziono pasującego identyfikatora użytkownika\n"
|
||||
|
||||
#, c-format
|
||||
msgid "WARNING: This key has been revoked by its designated revoker!\n"
|
||||
@ -6524,15 +6494,14 @@ msgstr "linia wejścia %u zbyt długa lub brak znaku LF\n"
|
||||
msgid "can't open fd %d: %s\n"
|
||||
msgstr "nie można otworzyć fd %d: %s\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "WARNING: message was not integrity protected\n"
|
||||
#, c-format
|
||||
msgid "WARNING: encrypting without integrity protection is dangerous\n"
|
||||
msgstr "OSTRZEŻENIE: wiadomość nie była zabezpieczona przed manipulacją\n"
|
||||
msgstr ""
|
||||
"OSTRZEŻENIE: szyfrowanie bez ochrony przed manipulacją jest niebezpieczne\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "ambiguous option '%s'\n"
|
||||
#, c-format
|
||||
msgid "Hint: Do not use option %s\n"
|
||||
msgstr "niejednoznaczna opcja „%s”\n"
|
||||
msgstr "Podpowiedź: nie używać opcji %s\n"
|
||||
|
||||
msgid "set debugging flags"
|
||||
msgstr "ustawienie flag diagnostycznych"
|
||||
@ -6774,8 +6743,8 @@ msgstr "dostęp do poleceń administratora nie został skonfigurowany\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Proszę wpisać PIN"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgstr "||Proszę wprowadzić kod resetujący dla karty"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "|R|Proszę wprowadzić kod resetujący dla karty"
|
||||
|
||||
#, c-format
|
||||
msgid "Reset Code is too short; minimum length is %d\n"
|
||||
@ -8553,7 +8522,7 @@ msgstr "%s:%u: podano hasło bez użytkownika\n"
|
||||
|
||||
#, c-format
|
||||
msgid "%s:%u: ignoring unknown flag '%s'\n"
|
||||
msgstr "%s:%u: zignorowano nieznaną flagę ,,%s''\n"
|
||||
msgstr "%s:%u: zignorowano nieznaną flagę „%s”\n"
|
||||
|
||||
#, c-format
|
||||
msgid "%s:%u: skipping this line\n"
|
||||
@ -8986,489 +8955,69 @@ msgstr ""
|
||||
"Składnia: gpg-check-pattern [opcje] plik-wzorców\n"
|
||||
"Sprawdzanie hasła ze standardowego wejścia względem pliku wzorców\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "Note: keys are already stored on the card!\n"
|
||||
#, c-format
|
||||
msgid "Note: key %s is already stored on the card!\n"
|
||||
msgstr "Uwaga: klucze są już zapisane na karcie!\n"
|
||||
msgstr "Uwaga: klucz %s jest już zapisany na karcie!\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "Note: keys are already stored on the card!\n"
|
||||
#, c-format
|
||||
msgid "Note: Keys are already stored on the card!\n"
|
||||
msgstr "Uwaga: klucze są już zapisane na karcie!\n"
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "Replace existing keys? (y/N) "
|
||||
#, c-format
|
||||
msgid "Replace existing key %s ? (y/N) "
|
||||
msgstr "Zastąpić istniejące klucze? (t/N) "
|
||||
msgstr "Zastąpić istniejące klucz %s? (t/N) "
|
||||
|
||||
#, fuzzy, c-format
|
||||
#| msgid "OpenPGP card no. %s detected\n"
|
||||
#, c-format
|
||||
msgid "%s card no. %s detected\n"
|
||||
msgstr "Wykryto kartę OpenPGP nr %s\n"
|
||||
msgstr "Wykryto kartę %s nr %s\n"
|
||||
|
||||
#, c-format
|
||||
msgid "User Interaction Flag is set to \"%s\" - can't change\n"
|
||||
msgstr ""
|
||||
"Flaga interakcji użytkownika (UIF) jest ustawiona na „%s” - nie można "
|
||||
"zmienić\n"
|
||||
|
||||
#, c-format
|
||||
msgid ""
|
||||
"Warning: Setting the User Interaction Flag to \"%s\"\n"
|
||||
" can only be reverted using a factory reset!\n"
|
||||
msgstr ""
|
||||
"Uwaga: ustawienie flagi interakcji użytkownika (UIF) na „%s”\n"
|
||||
" może być odwrócone tylko przez reset do ustawień fabrycznych!\n"
|
||||
|
||||
#, c-format
|
||||
msgid "Please use \"uif --yes %d %s\"\n"
|
||||
msgstr ""
|
||||
msgstr "Proszę użyć „uif --yes %d %s”\n"
|
||||
|
||||
#, fuzzy
|
||||
#| msgid "add a certificate to the cache"
|
||||
msgid "authenticate to the card"
|
||||
msgstr "dodanie certyfikatu do pamięci podręcznej"
|
||||
msgstr "uwierzytelnienie względem karty"
|
||||
|
||||
msgid "send a reset to the card daemon"
|
||||
msgstr ""
|
||||
msgstr "wysłanie resetu do demona kart"
|
||||
|
||||
msgid "setup KDF for PIN authentication"
|
||||
msgstr "ustawienie KDF do uwierzytelniania PIN-em"
|
||||
|
||||
msgid "change a private data object"
|
||||
msgstr ""
|
||||
msgstr "zmiana obiektu danych prywatnych"
|
||||
|
||||
#, fuzzy
|
||||
#| msgid "add a certificate to the cache"
|
||||
msgid "read a certificate from a data object"
|
||||
msgstr "dodanie certyfikatu do pamięci podręcznej"
|
||||
msgstr "odczyt certyfikatu z obiektu danych"
|
||||
|
||||
#, fuzzy
|
||||
#| msgid "add a certificate to the cache"
|
||||
msgid "store a certificate to a data object"
|
||||
msgstr "dodanie certyfikatu do pamięci podręcznej"
|
||||
msgstr "zapis certyfikatu w obiekcie danych"
|
||||
|
||||
msgid "store a private key to a data object"
|
||||
msgstr ""
|
||||
msgstr "zapis klucza prywatnego w obiekcie danych"
|
||||
|
||||
msgid "run various checks on the keys"
|
||||
msgstr ""
|
||||
msgstr "wykonanie różnych sprawdzeń kluczy"
|
||||
|
||||
msgid "Yubikey management commands"
|
||||
msgstr ""
|
||||
msgstr "polecenia zarządzające kluczami Yubikey"
|
||||
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
msgstr "zarządzanie historią poleceń"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
#~ msgstr "wybrany algorytm skrótów wiadomości jest niepoprawny\n"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "invalid personal cipher preferences\n"
|
||||
#~ msgid "invalid personal AEAD preferences\n"
|
||||
#~ msgstr "niewłaściwe ustawienia szyfrów\n"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "cipher algorithm '%s' may not be used in %s mode\n"
|
||||
#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
|
||||
#~ msgstr "szyfr „%s” nie może być używany w trybie %s\n"
|
||||
|
||||
#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
|
||||
#~ msgstr "wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami adresata\n"
|
||||
|
||||
#~ msgid "error writing to temporary file: %s\n"
|
||||
#~ msgstr "błąd zapisu do pliku tymczasowego: %s\n"
|
||||
|
||||
#~ msgid "run in supervised mode"
|
||||
#~ msgstr "uruchomienie w trybie dozorowanym"
|
||||
|
||||
#~ msgid "Name may not start with a digit\n"
|
||||
#~ msgstr "Imię lub nazwisko nie może zaczynać się od cyfry\n"
|
||||
|
||||
#~ msgid "Name must be at least 5 characters long\n"
|
||||
#~ msgstr "Imię i nazwisko muszą mieć co najmniej 5 znaków długości.\n"
|
||||
|
||||
#~ msgid "Configuration for Keyservers"
|
||||
#~ msgstr "Konfiguracja dla serwerów kluczy"
|
||||
|
||||
#~ msgid "Configuration of LDAP servers to use"
|
||||
#~ msgstr "Konfiguracja używanych serwerów LDAP"
|
||||
|
||||
#~ msgid "selfsigned certificate has a BAD signature"
|
||||
#~ msgstr "certyfikat z własnym podpisem ma BŁĘDNY podpis"
|
||||
|
||||
#~ msgid "requesting key %s from %s server %s\n"
|
||||
#~ msgstr "zapytanie o klucz %s z serwera %s %s\n"
|
||||
|
||||
#~ msgid "%s:%u: no hostname given\n"
|
||||
#~ msgstr "%s:%u: nie podano nazwy hosta\n"
|
||||
|
||||
#~ msgid "could not parse keyserver\n"
|
||||
#~ msgstr "niezrozumiały adres serwera kluczy\n"
|
||||
|
||||
#~ msgid "return all values in a record oriented format"
|
||||
#~ msgstr "zwrócenie wszystkich wartości w formacie rekordu"
|
||||
|
||||
#~ msgid "|NAME|ignore host part and connect through NAME"
|
||||
#~ msgstr "|NAZWA|zignorowanie części z hostem i połączenie poprzez NAZWĘ"
|
||||
|
||||
#~ msgid "|NAME|connect to host NAME"
|
||||
#~ msgstr "|NAZWA|połączenie z hostem NAZWA"
|
||||
|
||||
#~ msgid "|N|connect to port N"
|
||||
#~ msgstr "|N|połączenie z portem N"
|
||||
|
||||
#~ msgid "|NAME|use user NAME for authentication"
|
||||
#~ msgstr "|NAZWA|użycie NAZWY użytkownika do uwierzytelnienia"
|
||||
|
||||
#~ msgid "|PASS|use password PASS for authentication"
|
||||
#~ msgstr "|HASŁO|użycie HASŁA do uwierzytelnienia"
|
||||
|
||||
#~ msgid "take password from $DIRMNGR_LDAP_PASS"
|
||||
#~ msgstr "pobranie hasła z $DIRMNGR_LDAP_PASS"
|
||||
|
||||
#~ msgid "|STRING|query DN STRING"
|
||||
#~ msgstr "|ŁAŃCUCH|ŁAŃCUCH zapytania DN"
|
||||
|
||||
#~ msgid "|STRING|use STRING as filter expression"
|
||||
#~ msgstr "|ŁAŃCUCH|użycie ŁAŃCUCHA jako wyrażenia filtra"
|
||||
|
||||
#~ msgid "|STRING|return the attribute STRING"
|
||||
#~ msgstr "|ŁAŃCUCH|zwrócenie atrybutu ŁAŃCUCH"
|
||||
|
||||
#~ msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n"
|
||||
#~ msgstr "Składnia: dirmngr_ldap [opcje] [URL] (-h wyświetla pomoc)\n"
|
||||
|
||||
#~ msgid ""
|
||||
#~ "Syntax: dirmngr_ldap [options] [URL]\n"
|
||||
#~ "Internal LDAP helper for Dirmngr\n"
|
||||
#~ "Interface and options may change without notice\n"
|
||||
#~ msgstr ""
|
||||
#~ "Składnia: dirmngr_ldap [opcje] [URL]\n"
|
||||
#~ "Wewnętrzny program pomocniczy LDAP dla Dirmngr\n"
|
||||
#~ "Interfejs i opcje mogą się zmienić bez uprzedzenia\n"
|
||||
|
||||
#~ msgid "invalid port number %d\n"
|
||||
#~ msgstr "błędny numer portu %d\n"
|
||||
|
||||
#~ msgid "scanning result for attribute '%s'\n"
|
||||
#~ msgstr "przeszukiwanie wyniku pod kątem atrybutu „%s”\n"
|
||||
|
||||
#~ msgid "error writing to stdout: %s\n"
|
||||
#~ msgstr "błąd zapisu na standardowe wyjście: %s\n"
|
||||
|
||||
#~ msgid " available attribute '%s'\n"
|
||||
#~ msgstr " dostępny atrybut „%s”\n"
|
||||
|
||||
#~ msgid "attribute '%s' not found\n"
|
||||
#~ msgstr "nie znaleziono atrybutu „%s”\n"
|
||||
|
||||
#~ msgid "found attribute '%s'\n"
|
||||
#~ msgstr "znaleziono atrybut „%s”\n"
|
||||
|
||||
#~ msgid "processing url '%s'\n"
|
||||
#~ msgstr "przetwarzanie URL-a „%s”\n"
|
||||
|
||||
#~ msgid " user '%s'\n"
|
||||
#~ msgstr " użytkownik „%s”\n"
|
||||
|
||||
#~ msgid " pass '%s'\n"
|
||||
#~ msgstr " hasło „%s”\n"
|
||||
|
||||
#~ msgid " host '%s'\n"
|
||||
#~ msgstr " host „%s”\n"
|
||||
|
||||
#~ msgid " port %d\n"
|
||||
#~ msgstr " port %d\n"
|
||||
|
||||
#~ msgid " DN '%s'\n"
|
||||
#~ msgstr " DN „%s”\n"
|
||||
|
||||
#~ msgid " filter '%s'\n"
|
||||
#~ msgstr " filtr „%s”\n"
|
||||
|
||||
#~ msgid " attr '%s'\n"
|
||||
#~ msgstr " atrybut „%s”\n"
|
||||
|
||||
#~ msgid "no host name in '%s'\n"
|
||||
#~ msgstr "brak nazwy hosta w „%s”\n"
|
||||
|
||||
#~ msgid "no attribute given for query '%s'\n"
|
||||
#~ msgstr "nie podano atrybutu dla zapytania „%s”\n"
|
||||
|
||||
#~ msgid "WARNING: using first attribute only\n"
|
||||
#~ msgstr "OSTRZEŻENIE: użyto tylko pierwszego atrybutu\n"
|
||||
|
||||
#~ msgid "LDAP init to '%s:%d' failed: %s\n"
|
||||
#~ msgstr "nie udało się zainicjować LDAP na „%s:%d”: %s\n"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "LDAP init to '%s:%d' failed: %s\n"
|
||||
#~ msgid "LDAP init to '%s' failed: %s\n"
|
||||
#~ msgstr "nie udało się zainicjować LDAP na „%s:%d”: %s\n"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "LDAP init to '%s:%d' failed: %s\n"
|
||||
#~ msgid "LDAP init to '%s' done\n"
|
||||
#~ msgstr "nie udało się zainicjować LDAP na „%s:%d”: %s\n"
|
||||
|
||||
#~ msgid "binding to '%s:%d' failed: %s\n"
|
||||
#~ msgstr "dowiązanie do „%s:%d” nie powiodło się: %s\n"
|
||||
|
||||
#~ msgid "searching '%s' failed: %s\n"
|
||||
#~ msgstr "szukanie „%s” nie powiodło się: %s\n"
|
||||
|
||||
#~ msgid "start_cert_fetch: invalid pattern '%s'\n"
|
||||
#~ msgstr "start_cert_fetch: błędny wzorzec „%s”\n"
|
||||
|
||||
#~ msgid "ldapserver missing"
|
||||
#~ msgstr "brak pola ldapserver"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "change a passphrase"
|
||||
#~ msgid "Suggest a random passphrase."
|
||||
#~ msgstr "zmiana hasła"
|
||||
|
||||
#~ msgid "detected card with S/N: %s\n"
|
||||
#~ msgstr "wykryto kartę o numerze seryjnym: %s\n"
|
||||
|
||||
#~ msgid "no authentication key for ssh on card: %s\n"
|
||||
#~ msgstr "nie znaleziono klucza uwierzytelniającego dla ssh na karcie: %s\n"
|
||||
|
||||
#~ msgid "Please remove the current card and insert the one with serial number"
|
||||
#~ msgstr "Proszę wyjąć obecną kartę i włożyć kartę z numerem seryjnym"
|
||||
|
||||
#~ msgid "use a log file for the server"
|
||||
#~ msgstr "użycie pliku loga dla serwera"
|
||||
|
||||
#~ msgid "no running gpg-agent - starting '%s'\n"
|
||||
#~ msgstr "gpg-agent nie działa - uruchamianie „%s”\n"
|
||||
|
||||
#~ msgid "argument not expected"
|
||||
#~ msgstr "nieoczekiwany argument"
|
||||
|
||||
#~ msgid "read error"
|
||||
#~ msgstr "błąd odczytu"
|
||||
|
||||
#~ msgid "keyword too long"
|
||||
#~ msgstr "słowo kluczowe zbyt długie"
|
||||
|
||||
#~ msgid "missing argument"
|
||||
#~ msgstr "brak argumentu"
|
||||
|
||||
#~ msgid "invalid argument"
|
||||
#~ msgstr "niepoprawny argument"
|
||||
|
||||
#~ msgid "invalid command"
|
||||
#~ msgstr "błędne polecenie"
|
||||
|
||||
#~ msgid "invalid alias definition"
|
||||
#~ msgstr "błędna definicja aliasu"
|
||||
|
||||
#~ msgid "out of core"
|
||||
#~ msgstr "brak pamięci"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "invalid command"
|
||||
#~ msgid "invalid meta command"
|
||||
#~ msgstr "błędne polecenie"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "unknown command '%s'\n"
|
||||
#~ msgid "unknown meta command"
|
||||
#~ msgstr "nieznane polecenie „%s”\n"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "unexpected armor: "
|
||||
#~ msgid "unexpected meta command"
|
||||
#~ msgstr "nieoczekiwane opakowanie: "
|
||||
|
||||
#~ msgid "invalid option"
|
||||
#~ msgstr "błędna opcja"
|
||||
|
||||
#~ msgid "missing argument for option \"%.50s\"\n"
|
||||
#~ msgstr "brak argumentu dla opcji „%.50s”\n"
|
||||
|
||||
#~ msgid "option \"%.50s\" does not expect an argument\n"
|
||||
#~ msgstr "opcja „%.50s” nie może mieć argumentów\n"
|
||||
|
||||
#~ msgid "invalid command \"%.50s\"\n"
|
||||
#~ msgstr "błędne polecenie „%.50s”\n"
|
||||
|
||||
#~ msgid "option \"%.50s\" is ambiguous\n"
|
||||
#~ msgstr "opcja „%.50s” jest niejednoznaczna\n"
|
||||
|
||||
#~ msgid "command \"%.50s\" is ambiguous\n"
|
||||
#~ msgstr "polecenie „%.50s” jest niejednoznaczne\n"
|
||||
|
||||
#~ msgid "invalid option \"%.50s\"\n"
|
||||
#~ msgstr "błędna opcja „%.50s”\n"
|
||||
|
||||
#~ msgid "Note: no default option file '%s'\n"
|
||||
#~ msgstr "Uwaga: brak domyślnego pliku opcji „%s”\n"
|
||||
|
||||
#~ msgid "option file '%s': %s\n"
|
||||
#~ msgstr "plik opcji „%s”: %s\n"
|
||||
|
||||
#~ msgid "unable to execute program '%s': %s\n"
|
||||
#~ msgstr "nie można uruchomić programu „%s”: %s\n"
|
||||
|
||||
#~ msgid "unable to execute external program\n"
|
||||
#~ msgstr "nie można uruchomić zewnętrznego programu\n"
|
||||
|
||||
#~ msgid "unable to read external program response: %s\n"
|
||||
#~ msgstr "nie można odczytać odpowiedzi programu zewnętrznego: %s\n"
|
||||
|
||||
#~ msgid "validate signatures with PKA data"
|
||||
#~ msgstr "sprawdzanie podpisów z danymi PKA"
|
||||
|
||||
#~ msgid "elevate the trust of signatures with valid PKA data"
|
||||
#~ msgstr "zwiększenie zaufania podpisów z poprawnymi danymi PKA"
|
||||
|
||||
#~ msgid " (%d) ECC and ECC\n"
|
||||
#~ msgstr " (%d) ECC i ECC\n"
|
||||
|
||||
#~ msgid "honor the PKA record set on a key when retrieving keys"
|
||||
#~ msgstr "honorowanie rekordu PKA ustawionego w kluczu przy pobieraniu kluczy"
|
||||
|
||||
#~ msgid "Note: Verified signer's address is '%s'\n"
|
||||
#~ msgstr "Uwaga: Sprawdzony adres pospisującego to „%s”\n"
|
||||
|
||||
#~ msgid "Note: Signer's address '%s' does not match DNS entry\n"
|
||||
#~ msgstr "Uwaga: Adres podpisującego „%s” nie pasuje do wpisu DNS\n"
|
||||
|
||||
#~ msgid "trustlevel adjusted to FULL due to valid PKA info\n"
|
||||
#~ msgstr ""
|
||||
#~ "poziom zaufania poprawiony na PEŁNY ze względu na poprawne informacje "
|
||||
#~ "PKA\n"
|
||||
|
||||
#~ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
|
||||
#~ msgstr ""
|
||||
#~ "poziom zaufania poprawiony na ŻADEN ze względu na błędne informacje PKA\n"
|
||||
|
||||
#~ msgid "|FILE|write a server mode log to FILE"
|
||||
#~ msgstr "|PLIK|zapisanie logów trybu serwerowego do PLIKU"
|
||||
|
||||
#~ msgid "run without asking a user"
|
||||
#~ msgstr "działanie bez pytania użytkownika"
|
||||
|
||||
#~ msgid "allow PKA lookups (DNS requests)"
|
||||
#~ msgstr "zezwolenie na wyszukiwania PKA (żądania DNS)"
|
||||
|
||||
#~ msgid "Options controlling the format of the output"
|
||||
#~ msgstr "Opcje sterujące formatem wyjścia"
|
||||
|
||||
#~ msgid "Options controlling the use of Tor"
|
||||
#~ msgstr "Opcje sterujące użyciem Tora"
|
||||
|
||||
#~ msgid "LDAP server list"
|
||||
#~ msgstr "lista serwerów LDAP"
|
||||
|
||||
#~ msgid "Note: old default options file '%s' ignored\n"
|
||||
#~ msgstr "Uwaga: stary domyślny plik opcji „%s” został zignorowany\n"
|
||||
|
||||
#~ msgid ""
|
||||
#~ "@\n"
|
||||
#~ "Commands:\n"
|
||||
#~ " "
|
||||
#~ msgstr ""
|
||||
#~ "@\n"
|
||||
#~ "Polecenia:\n"
|
||||
#~ " "
|
||||
|
||||
#~ msgid "decryption modus"
|
||||
#~ msgstr "tryb rozszyfrowywania"
|
||||
|
||||
#~ msgid "encryption modus"
|
||||
#~ msgstr "tryb szyfrowania"
|
||||
|
||||
#~ msgid "tool class (confucius)"
|
||||
#~ msgstr "klasa narzędzia (confucius)"
|
||||
|
||||
#~ msgid "program filename"
|
||||
#~ msgstr "nazwa programu"
|
||||
|
||||
#~ msgid "secret key file (required)"
|
||||
#~ msgstr "plik klucza tajnego (wymagany)"
|
||||
|
||||
#~ msgid "input file name (default stdin)"
|
||||
#~ msgstr "nazwa pliku wejściowego (domyślnie standardowe wejście)"
|
||||
|
||||
#~ msgid "Usage: symcryptrun [options] (-h for help)"
|
||||
#~ msgstr "Składnia: symcryptrun [opcje] (-h wyświetla pomoc)"
|
||||
|
||||
#~ msgid ""
|
||||
#~ "Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
|
||||
#~ "[options...] COMMAND [inputfile]\n"
|
||||
#~ "Call a simple symmetric encryption tool\n"
|
||||
#~ msgstr ""
|
||||
#~ "Składnia: symcryptrun --class KLASA --program PROGRAM --keyfile "
|
||||
#~ "PLIK_KLUCZA [opcje...] POLECENIE [plik-weściowy]\n"
|
||||
#~ "Wywołanie prostego narzędzia do szyfrowania symetrycznego\n"
|
||||
|
||||
#~ msgid "%s on %s aborted with status %i\n"
|
||||
#~ msgstr "%s na %s przerwany ze stanem %i\n"
|
||||
|
||||
#~ msgid "%s on %s failed with status %i\n"
|
||||
#~ msgstr "%s na %s nie powiódł się ze stanem %i\n"
|
||||
|
||||
#~ msgid "can't create temporary directory '%s': %s\n"
|
||||
#~ msgstr "nie można utworzyć katalogu tymczasowego „%s”: %s\n"
|
||||
|
||||
#~ msgid "could not open %s for writing: %s\n"
|
||||
#~ msgstr "nie udało się otworzyć %s do zapisu: %s\n"
|
||||
|
||||
#~ msgid "error closing %s: %s\n"
|
||||
#~ msgstr "błąd zamykania %s: %s\n"
|
||||
|
||||
#~ msgid "no --program option provided\n"
|
||||
#~ msgstr "nie podano opcji --program\n"
|
||||
|
||||
#~ msgid "only --decrypt and --encrypt are supported\n"
|
||||
#~ msgstr "obsługiwane są tylko --decrypt i --encrypt\n"
|
||||
|
||||
#~ msgid "no --keyfile option provided\n"
|
||||
#~ msgstr "nie podano opcji --keyfile\n"
|
||||
|
||||
#~ msgid "cannot allocate args vector\n"
|
||||
#~ msgstr "nie można przydzielić wektora args\n"
|
||||
|
||||
#~ msgid "could not create pipe: %s\n"
|
||||
#~ msgstr "nie udało się utworzyć potoku: %s\n"
|
||||
|
||||
#~ msgid "could not create pty: %s\n"
|
||||
#~ msgstr "nie udało się utworzyć pty: %s\n"
|
||||
|
||||
#~ msgid "could not fork: %s\n"
|
||||
#~ msgstr "nie udało się wykonać fork: %s\n"
|
||||
|
||||
#~ msgid "execv failed: %s\n"
|
||||
#~ msgstr "execv nie powiodło się: %s\n"
|
||||
|
||||
#~ msgid "select failed: %s\n"
|
||||
#~ msgstr "select nie powiodło się: %s\n"
|
||||
|
||||
#~ msgid "read failed: %s\n"
|
||||
#~ msgstr "odczyt nie powiódł się: %s\n"
|
||||
|
||||
#~ msgid "pty read failed: %s\n"
|
||||
#~ msgstr "odczyt pty nie powiódł się: %s\n"
|
||||
|
||||
#~ msgid "waitpid failed: %s\n"
|
||||
#~ msgstr "waitpid nie powiodło się: %s\n"
|
||||
|
||||
#~ msgid "child aborted with status %i\n"
|
||||
#~ msgstr "potomek został przerwany ze stanem %i\n"
|
||||
|
||||
#~ msgid "cannot allocate infile string: %s\n"
|
||||
#~ msgstr "nie można przydzielić łańcucha pliku wejściowego: %s\n"
|
||||
|
||||
#~ msgid "cannot allocate outfile string: %s\n"
|
||||
#~ msgstr "nie można przydzielić łańcucha pliku wyjściowego: %s\n"
|
||||
|
||||
#~ msgid "either %s or %s must be given\n"
|
||||
#~ msgstr "musi być podane %s lub %s\n"
|
||||
|
||||
#~ msgid "no class provided\n"
|
||||
#~ msgstr "nie podano klasy\n"
|
||||
|
||||
#~ msgid "class %s is not supported\n"
|
||||
#~ msgstr "klasa %s nie jest obsługiwana\n"
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "kanoniczny format tekstowy"
|
||||
|
10
po/pt.po
10
po/pt.po
@ -2157,9 +2157,6 @@ msgstr "criar saída blindada ASCII"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|escrever saída em FILE"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "usar modo de texto canónico"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|definir nível de compressão para N (0 desabilita)"
|
||||
|
||||
@ -6726,7 +6723,9 @@ msgstr "o acesso aos comandos admin não está configurado\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Introduza o PIN"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Introduza o Código de Reset do cartão"
|
||||
|
||||
#, c-format
|
||||
@ -8997,6 +8996,9 @@ msgstr "comandos de gerir uma Yubikey"
|
||||
msgid "manage the command history"
|
||||
msgstr "gerir o histórico de comandos"
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "usar modo de texto canónico"
|
||||
|
||||
#, c-format
|
||||
#~ msgid "waiting for process to terminate failed: ec=%d\n"
|
||||
#~ msgstr "falha ao esperar que o processo terminasse: ec=%d\n"
|
||||
|
8
po/ro.po
8
po/ro.po
@ -2248,9 +2248,6 @@ msgstr "crează ieşire în armură ascii"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FIŞIER|încarcă modulul extensie FIŞIER"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "foloseşte modul text canonic"
|
||||
|
||||
#, fuzzy
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|setează nivel de compresie N (0 deactivează)"
|
||||
@ -7056,7 +7053,7 @@ msgid "||Please enter the PIN"
|
||||
msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
|
||||
|
||||
#, fuzzy
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
|
||||
|
||||
#, fuzzy, c-format
|
||||
@ -9415,6 +9412,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "foloseşte modul text canonic"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
10
po/ru.po
10
po/ru.po
@ -2158,9 +2158,6 @@ msgstr "вывод в текстовом формате"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|выводить данные в файл FILE"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "использовать канонический текстовый режим"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|установить уровень сжатия N (0 - без сжатия)"
|
||||
|
||||
@ -6836,7 +6833,9 @@ msgstr "доступ к командам управления не настро
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Введите PIN"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Введите код сброса для карты"
|
||||
|
||||
#, c-format
|
||||
@ -9156,6 +9155,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "использовать канонический текстовый режим"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
8
po/sk.po
8
po/sk.po
@ -2231,9 +2231,6 @@ msgstr "vytvor výstup zakódovaný pomocou ASCII"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|SÚBOR|nahrať rozširujúci modul SÚBOR"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "použiť kánonický textový mód"
|
||||
|
||||
#, fuzzy
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr ""
|
||||
@ -6969,7 +6966,7 @@ msgid "||Please enter the PIN"
|
||||
msgstr "zmeniť heslo"
|
||||
|
||||
#, fuzzy
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "Prosím výberte dôvod na revokáciu:\n"
|
||||
|
||||
#, c-format
|
||||
@ -9304,6 +9301,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "použiť kánonický textový mód"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
10
po/sv.po
10
po/sv.po
@ -2369,9 +2369,6 @@ msgstr "skapa utdata med ett ascii-skal"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FIL|skriv utdata till FIL"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "använd \"ursprunglig text\"-läget"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|ställ in komprimeringsnivån till N (0 för att inaktivera)"
|
||||
|
||||
@ -7294,7 +7291,9 @@ msgstr "åtkomst till administrationskommandon är inte konfigurerat\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Ange PIN-koden"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Ange nollställningskoden för kortet"
|
||||
|
||||
#, c-format
|
||||
@ -9860,6 +9859,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "använd \"ursprunglig text\"-läget"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
10
po/tr.po
10
po/tr.po
@ -2101,9 +2101,6 @@ msgstr "ascii zırhlı çıktı oluştur"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|çıktıyı FILE'a yaz"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "kurallı metin kipini kullan"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|sıkıştırma düzeyini N olarak ayarla (0 devre dışı bırakır)"
|
||||
|
||||
@ -6666,7 +6663,9 @@ msgstr "yönetici komutlarına erişim yapılandırılmamış\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Lütfen PIN'i giriniz"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
|
||||
|
||||
#, c-format
|
||||
@ -8918,3 +8917,6 @@ msgstr "Yubikey yönetim konsolu"
|
||||
|
||||
msgid "manage the command history"
|
||||
msgstr "komut geçmişini yönet"
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "kurallı metin kipini kullan"
|
||||
|
10
po/uk.po
10
po/uk.po
@ -2179,9 +2179,6 @@ msgstr "створити дані у форматі ASCII"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|записати дані до вказаного файла"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "використовувати канонічний текстовий режим"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|встановити рівень стиснення (0 — вимкнути)"
|
||||
|
||||
@ -6937,7 +6934,9 @@ msgstr "доступ до адміністративних команд не н
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||Вкажіть пінкод"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||Вкажіть код скидання коду картки"
|
||||
|
||||
#, c-format
|
||||
@ -9249,6 +9248,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "використовувати канонічний текстовий режим"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
10
po/zh_CN.po
10
po/zh_CN.po
@ -2075,9 +2075,6 @@ msgstr "创建 ASCII 字符封装的输出"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|FILE|写输出到 FILE"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "使用规范的文本模式"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|设置压缩等级为 N (0 为禁用)"
|
||||
|
||||
@ -6435,7 +6432,9 @@ msgstr "未配置到管理员命令的访问\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||请输入 PIN"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||请输入卡片的重置码"
|
||||
|
||||
#, c-format
|
||||
@ -8675,6 +8674,9 @@ msgstr "Yubikey 管理命令"
|
||||
msgid "manage the command history"
|
||||
msgstr "管理命令历史记录"
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "使用规范的文本模式"
|
||||
|
||||
#~ msgid "continuing verification anyway due to option %s\n"
|
||||
#~ msgstr "由于 %s 选项,验证仍在继续中\n"
|
||||
|
||||
|
10
po/zh_TW.po
10
po/zh_TW.po
@ -2189,9 +2189,6 @@ msgstr "建立以 ASCII 封裝過的輸出"
|
||||
msgid "|FILE|write output to FILE"
|
||||
msgstr "|檔案|將輸出寫入至指定檔案"
|
||||
|
||||
msgid "use canonical text mode"
|
||||
msgstr "使用標準的文字模式"
|
||||
|
||||
msgid "|N|set compress level to N (0 disables)"
|
||||
msgstr "|N|設定壓縮等級為 N (0 表示不壓縮)"
|
||||
|
||||
@ -6778,7 +6775,9 @@ msgstr "管理者指令存取權限尚未組態\n"
|
||||
msgid "||Please enter the PIN"
|
||||
msgstr "||請輸入個人識別碼 (PIN)"
|
||||
|
||||
msgid "||Please enter the Reset Code for the card"
|
||||
#, fuzzy
|
||||
#| msgid "||Please enter the Reset Code for the card"
|
||||
msgid "|R|Please enter the Reset Code for the card"
|
||||
msgstr "||請輸入卡片的重設碼"
|
||||
|
||||
#, c-format
|
||||
@ -9057,6 +9056,9 @@ msgstr ""
|
||||
msgid "manage the command history"
|
||||
msgstr ""
|
||||
|
||||
#~ msgid "use canonical text mode"
|
||||
#~ msgstr "使用標準的文字模式"
|
||||
|
||||
#, fuzzy
|
||||
#~| msgid "selected digest algorithm is invalid\n"
|
||||
#~ msgid "selected AEAD algorithm is invalid\n"
|
||||
|
@ -1613,7 +1613,7 @@ verify_pin (app_t app, int pwid, const char *desc,
|
||||
memset (&pininfo, 0, sizeof pininfo);
|
||||
pininfo.fixedlen = -1;
|
||||
|
||||
/* FIXME: TCOS allows to read the min. and max. values - do this. */
|
||||
/* FIXME: TCOS allows one to read the min. and max. values - do this. */
|
||||
if (app->appversion == 15)
|
||||
{
|
||||
if (app->app_local->active_nks_app == NKS_APP_NKS && pwid == 0x03)
|
||||
|
@ -3306,6 +3306,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
|
||||
char *pinvalue = NULL;
|
||||
int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET);
|
||||
int set_resetcode = 0;
|
||||
int use_resetcode = 0;
|
||||
pininfo_t pininfo;
|
||||
int use_pinpad = 0;
|
||||
int minlen = 6;
|
||||
@ -3458,7 +3459,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
|
||||
}
|
||||
|
||||
rc = pincb (pincb_arg,
|
||||
_("||Please enter the Reset Code for the card"),
|
||||
_("|R|Please enter the Reset Code for the card"),
|
||||
&resetcode);
|
||||
if (rc)
|
||||
{
|
||||
@ -3473,13 +3474,14 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
|
||||
rc = gpg_error (GPG_ERR_BAD_RESET_CODE);
|
||||
goto leave;
|
||||
}
|
||||
use_resetcode = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
rc = gpg_error (GPG_ERR_INV_ID);
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
} /* End version 2 cards. */
|
||||
|
||||
if (chvno == 3)
|
||||
app->did_chv3 = 0;
|
||||
@ -3511,6 +3513,17 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
else if (use_resetcode)
|
||||
{
|
||||
minlen = 6; /* Reset from the RC value to the PIN value. */
|
||||
if (strlen (pinvalue) < minlen)
|
||||
{
|
||||
log_info (_("PIN for CHV%d is too short;"
|
||||
" minimum length is %d\n"), 1, minlen);
|
||||
rc = gpg_error (GPG_ERR_BAD_PIN);
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (chvno == 3)
|
||||
|
@ -305,7 +305,7 @@ struct prkdf_object_s
|
||||
keyaccess_flags_t accessflags;
|
||||
|
||||
/* Extended key usage flags. Only used if .valid is set. This
|
||||
* information is computed from an associated certificate15. */
|
||||
* information is computed from an associated certificate. */
|
||||
struct {
|
||||
unsigned int valid:1;
|
||||
unsigned int sign:1;
|
||||
@ -520,6 +520,9 @@ struct app_local_s
|
||||
/* Information on all useful certificates. */
|
||||
cdf_object_t useful_certificate_info;
|
||||
|
||||
/* Counter to make object ids of certificates unique. */
|
||||
unsigned int cdf_dup_counter;
|
||||
|
||||
/* Information on all public keys. */
|
||||
prkdf_object_t public_key_info;
|
||||
|
||||
@ -2419,6 +2422,22 @@ read_ef_pukdf (app_t app, unsigned short fid, pukdf_object_t *result)
|
||||
}
|
||||
|
||||
|
||||
/* Return true id CDFLIST has the given object id. */
|
||||
static int
|
||||
objid_in_cdflist_p (cdf_object_t cdflist,
|
||||
const unsigned char *objid, size_t objidlen)
|
||||
{
|
||||
cdf_object_t cdf;
|
||||
|
||||
if (!objid || !objidlen)
|
||||
return 0;
|
||||
for (cdf = cdflist; cdf; cdf = cdf->next)
|
||||
if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Read and parse the Certificate Directory Files identified by FID.
|
||||
On success a newlist of CDF object gets stored at RESULT and the
|
||||
caller is then responsible of releasing this list. On error a
|
||||
@ -2464,6 +2483,7 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
|
||||
unsigned long ul;
|
||||
const unsigned char *objid;
|
||||
size_t objidlen;
|
||||
int objidextralen;
|
||||
|
||||
err = parse_ber_header (&p, &n, &class, &tag, &constructed,
|
||||
&ndef, &objlen, &hdrlen);
|
||||
@ -2588,8 +2608,19 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
|
||||
label = NULL;
|
||||
}
|
||||
|
||||
cdf->objidlen = objidlen;
|
||||
cdf->objid = xtrymalloc (objidlen);
|
||||
/* Card's have been found in the wild which do not have unique
|
||||
* IDs for their certificate objects. If we detect this we
|
||||
* append a counter to the ID. */
|
||||
objidextralen =
|
||||
(objid_in_cdflist_p (cdflist, objid, objidlen)
|
||||
|| objid_in_cdflist_p (app->app_local->certificate_info,
|
||||
objid, objidlen)
|
||||
|| objid_in_cdflist_p (app->app_local->trusted_certificate_info,
|
||||
objid, objidlen)
|
||||
|| objid_in_cdflist_p (app->app_local->useful_certificate_info,
|
||||
objid, objidlen));
|
||||
cdf->objidlen = objidlen + objidextralen;
|
||||
cdf->objid = xtrymalloc (objidlen + objidextralen);
|
||||
if (!cdf->objid)
|
||||
{
|
||||
err = gpg_error_from_syserror ();
|
||||
@ -2597,6 +2628,16 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result)
|
||||
goto leave;
|
||||
}
|
||||
memcpy (cdf->objid, objid, objidlen);
|
||||
if (objidextralen)
|
||||
{
|
||||
if (app->app_local->cdf_dup_counter == 255)
|
||||
{
|
||||
log_error ("p15: too many duplicate certificate ids\n");
|
||||
err = gpg_error (GPG_ERR_TOO_MANY);
|
||||
goto parse_error;
|
||||
}
|
||||
cdf->objid[objidlen] = ++app->app_local->cdf_dup_counter;
|
||||
}
|
||||
|
||||
cdf->pathlen = objlen/2;
|
||||
for (i=0; i < cdf->pathlen; i++, pp += 2, nn -= 2)
|
||||
@ -3664,6 +3705,7 @@ read_p15_info (app_t app)
|
||||
log_assert (!app->app_local->certificate_info);
|
||||
log_assert (!app->app_local->trusted_certificate_info);
|
||||
log_assert (!app->app_local->useful_certificate_info);
|
||||
app->app_local->cdf_dup_counter = 0;
|
||||
err = read_ef_cdf (app, app->app_local->odf.certificates, 'c',
|
||||
&app->app_local->certificate_info);
|
||||
if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
|
||||
@ -4214,7 +4256,8 @@ set_usage_string (char usage[5], prkdf_object_t prkdf)
|
||||
&& (!prkdf->extusage.valid || prkdf->extusage.sign))
|
||||
usage[usagelen++] = 'c';
|
||||
if ((prkdf->usageflags.decrypt
|
||||
|| prkdf->usageflags.unwrap)
|
||||
|| prkdf->usageflags.unwrap
|
||||
|| prkdf->usageflags.derive)
|
||||
&& (!prkdf->extusage.valid || prkdf->extusage.encr))
|
||||
usage[usagelen++] = 'e';
|
||||
if ((prkdf->usageflags.sign
|
||||
@ -4661,7 +4704,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
|
||||
|
||||
/* We return the ID of the first private key capable of the
|
||||
* requested action. If any gpgusage flag has been set for the
|
||||
* card we consult the gpgusage flags and not the regualr usage
|
||||
* card we consult the gpgusage flags and not the regular usage
|
||||
* flags.
|
||||
*/
|
||||
/* FIXME: This changed: Note that we do not yet return
|
||||
@ -4683,7 +4726,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
|
||||
if ((name[1] == 'A' && (prkdf->usageflags.sign
|
||||
|| prkdf->usageflags.sign_recover))
|
||||
|| (name[1] == 'E' && (prkdf->usageflags.decrypt
|
||||
|| prkdf->usageflags.unwrap))
|
||||
|| prkdf->usageflags.unwrap
|
||||
|| prkdf->usageflags.derive))
|
||||
|| (name[1] == 'S' && (prkdf->usageflags.sign
|
||||
|| prkdf->usageflags.sign_recover)))
|
||||
break;
|
||||
@ -4892,7 +4936,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
|
||||
}
|
||||
else
|
||||
{
|
||||
if (prkdf->usageflags.decrypt || prkdf->usageflags.unwrap)
|
||||
if (prkdf->usageflags.decrypt || prkdf->usageflags.unwrap
|
||||
|| prkdf->usageflags.derive)
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -5784,9 +5829,8 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
|
||||
{
|
||||
if (prkdf->is_ecc)
|
||||
{
|
||||
/* Not implemented due to lacking test hardware. */
|
||||
log_info ("Note: ECC is not yet implemented for DTRUST 4 cards\n");
|
||||
err = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
|
||||
err = iso7816_manage_security_env (app_get_slot (app),
|
||||
0xf3, 0x21, NULL, 0);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -5927,7 +5971,8 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
|
||||
err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
|
||||
if (err)
|
||||
return err;
|
||||
if (!(prkdf->usageflags.sign || prkdf->gpgusage.auth))
|
||||
if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover
|
||||
|| prkdf->gpgusage.auth))
|
||||
{
|
||||
log_error ("p15: key %s may not be used for authentication\n", keyidstr);
|
||||
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
||||
@ -5970,6 +6015,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
|
||||
return err;
|
||||
if (!(prkdf->usageflags.decrypt
|
||||
|| prkdf->usageflags.unwrap
|
||||
|| prkdf->usageflags.derive
|
||||
|| prkdf->gpgusage.encr ))
|
||||
{
|
||||
log_error ("p15: key %s may not be used for decryption\n", keyidstr);
|
||||
@ -5979,17 +6025,18 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
|
||||
/* Find the authentication object to this private key object. */
|
||||
if (!prkdf->authid)
|
||||
{
|
||||
log_error ("p15: no authentication object defined for %s\n", keyidstr);
|
||||
/* fixme: we might want to go ahead and do without PIN
|
||||
verification. */
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
|
||||
log_info ("p15: no authentication object defined for %s\n", keyidstr);
|
||||
aodf = NULL;
|
||||
}
|
||||
else
|
||||
{
|
||||
for (aodf = app->app_local->auth_object_info; aodf; aodf = aodf->next)
|
||||
if (aodf->objidlen == prkdf->authidlen
|
||||
&& !memcmp (aodf->objid, prkdf->authid, prkdf->authidlen))
|
||||
break;
|
||||
if (!aodf)
|
||||
log_info ("p15: no authentication for %s needed\n", keyidstr);
|
||||
}
|
||||
|
||||
/* We need some more info about the key - get the keygrip to
|
||||
* populate these fields. */
|
||||
@ -6042,9 +6089,8 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
|
||||
{
|
||||
if (prkdf->is_ecc)
|
||||
{
|
||||
/* Not implemented due to lacking test hardware. */
|
||||
log_info ("Note: ECC is not yet implemented for DTRUST 4 cards\n");
|
||||
err = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
|
||||
err = iso7816_manage_security_env (app_get_slot (app),
|
||||
0xF3, 0x39, NULL, 0);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -6274,7 +6320,8 @@ do_with_keygrip (app_t app, ctrl_t ctrl, int action,
|
||||
}
|
||||
else if (capability == GCRY_PK_USAGE_ENCR)
|
||||
{
|
||||
if (!(prkdf->usageflags.decrypt || prkdf->usageflags.unwrap))
|
||||
if (!(prkdf->usageflags.decrypt || prkdf->usageflags.unwrap
|
||||
|| prkdf->usageflags.derive))
|
||||
continue;
|
||||
}
|
||||
else if (capability == GCRY_PK_USAGE_AUTH)
|
||||
|
@ -298,6 +298,23 @@ static int send_escape_cmd (ccid_driver_t handle, const unsigned char *data,
|
||||
size_t resultmax, size_t *resultlen);
|
||||
|
||||
|
||||
static void
|
||||
my_npth_unprotect (void)
|
||||
{
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
my_npth_protect (void)
|
||||
{
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
map_libusb_error (int usberr)
|
||||
{
|
||||
@ -984,31 +1001,23 @@ get_escaped_usb_string (libusb_device_handle *idev, int idx,
|
||||
/* First get the list of supported languages and use the first one.
|
||||
If we do don't find it we try to use English. Note that this is
|
||||
all in a 2 bute Unicode encoding using little endian. */
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN,
|
||||
LIBUSB_REQUEST_GET_DESCRIPTOR,
|
||||
(LIBUSB_DT_STRING << 8), 0,
|
||||
buf, sizeof buf, 1000 /* ms timeout */);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
if (rc < 4)
|
||||
langid = 0x0409; /* English. */
|
||||
else
|
||||
langid = (buf[3] << 8) | buf[2];
|
||||
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN,
|
||||
LIBUSB_REQUEST_GET_DESCRIPTOR,
|
||||
(LIBUSB_DT_STRING << 8) + idx, langid,
|
||||
buf, sizeof buf, 1000 /* ms timeout */);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
if (rc < 2 || buf[1] != LIBUSB_DT_STRING)
|
||||
return NULL; /* Error or not a string. */
|
||||
len = buf[0];
|
||||
@ -1345,13 +1354,9 @@ ccid_vendor_specific_setup (ccid_driver_t handle)
|
||||
{
|
||||
if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532)
|
||||
{
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
libusb_clear_halt (handle->idev, handle->ep_intr);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@ -1660,13 +1665,9 @@ ccid_usb_thread (void *arg)
|
||||
|
||||
while (ccid_usb_thread_is_alive)
|
||||
{
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
libusb_handle_events_completed (ctx, NULL);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
}
|
||||
|
||||
return NULL;
|
||||
@ -1776,36 +1777,42 @@ ccid_open_usb_reader (const char *spec_reader_name,
|
||||
goto leave;
|
||||
}
|
||||
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
if (!(opt.compat_flags & COMPAT_CCID_NO_AUTO_DETACH))
|
||||
{
|
||||
rc = libusb_set_auto_detach_kernel_driver (idev, 1);
|
||||
if (rc)
|
||||
{
|
||||
my_npth_protect ();
|
||||
DEBUGOUT_1 ("note: set_auto_detach_kernel_driver failed: %d\n", rc);
|
||||
my_npth_unprotect ();
|
||||
}
|
||||
}
|
||||
rc = libusb_claim_interface (idev, ifc_no);
|
||||
if (rc)
|
||||
{
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
|
||||
rc = map_libusb_error (rc);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
/* Submit SET_INTERFACE control transfer which can reset the device. */
|
||||
if ((*handle)->id_vendor == VENDOR_ACR && (*handle)->id_product == ACR_122U)
|
||||
rc = 0; /* Not supported by this reader. */
|
||||
else
|
||||
rc = libusb_set_interface_alt_setting (idev, ifc_no, set_no);
|
||||
if (rc)
|
||||
{
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
DEBUGOUT_1 ("usb_set_interface_alt_setting failed: %d\n", rc);
|
||||
rc = map_libusb_error (rc);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
|
||||
/* Perform any vendor specific intialization. */
|
||||
rc = ccid_vendor_specific_init (*handle);
|
||||
|
||||
leave:
|
||||
@ -1939,13 +1946,9 @@ do_close_reader (ccid_driver_t handle)
|
||||
while (!handle->powered_off)
|
||||
{
|
||||
DEBUGOUT ("libusb_handle_events_completed\n");
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
libusb_handle_events_completed (NULL, &handle->powered_off);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
}
|
||||
}
|
||||
|
||||
@ -2076,15 +2079,11 @@ bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen,
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out,
|
||||
msg, msglen, &transferred,
|
||||
5000 /* ms timeout */);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
if (rc == 0 && transferred == msglen)
|
||||
return 0;
|
||||
|
||||
@ -2124,14 +2123,10 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
|
||||
memset (buffer, 0, length);
|
||||
retry:
|
||||
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in,
|
||||
buffer, length, &msglen, bwi*timeout);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
if (rc)
|
||||
{
|
||||
DEBUGOUT_1 ("usb_bulk_read error: %s\n", libusb_error_name (rc));
|
||||
@ -2280,9 +2275,7 @@ abort_cmd (ccid_driver_t handle, int seqno, int init)
|
||||
/* Send the abort command to the control pipe. Note that we don't
|
||||
need to keep track of sent abort commands because there should
|
||||
never be another thread using the same slot concurrently. */
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
rc = libusb_control_transfer (handle->idev,
|
||||
0x21,/* bmRequestType: host-to-device,
|
||||
class specific, to interface. */
|
||||
@ -2291,9 +2284,7 @@ abort_cmd (ccid_driver_t handle, int seqno, int init)
|
||||
handle->ifc_no,
|
||||
dummybuf, 0,
|
||||
1000 /* ms timeout */);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
if (rc)
|
||||
{
|
||||
DEBUGOUT_1 ("usb_control_msg error: %s\n", libusb_error_name (rc));
|
||||
@ -2319,15 +2310,11 @@ abort_cmd (ccid_driver_t handle, int seqno, int init)
|
||||
msglen = 10;
|
||||
set_msg_len (msg, 0);
|
||||
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out,
|
||||
msg, msglen, &transferred,
|
||||
init? 100: 5000 /* ms timeout */);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
if (rc == 0 && transferred == msglen)
|
||||
rc = 0;
|
||||
else if (rc)
|
||||
@ -2337,15 +2324,11 @@ abort_cmd (ccid_driver_t handle, int seqno, int init)
|
||||
if (rc)
|
||||
return map_libusb_error (rc);
|
||||
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in,
|
||||
msg, sizeof msg, &msglen,
|
||||
init? 100: 5000 /*ms timeout*/);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
if (rc)
|
||||
{
|
||||
DEBUGOUT_1 ("usb_bulk_read error in abort_cmd: %s\n",
|
||||
@ -2559,14 +2542,10 @@ ccid_slot_status (ccid_driver_t handle, int *statusbits, int on_wire)
|
||||
if (!retries)
|
||||
{
|
||||
DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n");
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
libusb_clear_halt (handle->idev, handle->ep_bulk_in);
|
||||
libusb_clear_halt (handle->idev, handle->ep_bulk_out);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
}
|
||||
else
|
||||
DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n");
|
||||
@ -3335,13 +3314,9 @@ ccid_transceive (ccid_driver_t handle,
|
||||
|
||||
if (tpdulen < 4)
|
||||
{
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
libusb_clear_halt (handle->idev, handle->ep_bulk_in);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
return CCID_DRIVER_ERR_ABORTED;
|
||||
}
|
||||
|
||||
@ -3793,13 +3768,9 @@ ccid_transceive_secure (ccid_driver_t handle,
|
||||
|
||||
if (tpdulen < 4)
|
||||
{
|
||||
#ifdef USE_NPTH
|
||||
npth_unprotect ();
|
||||
#endif
|
||||
my_npth_unprotect ();
|
||||
libusb_clear_halt (handle->idev, handle->ep_bulk_in);
|
||||
#ifdef USE_NPTH
|
||||
npth_protect ();
|
||||
#endif
|
||||
my_npth_protect ();
|
||||
return CCID_DRIVER_ERR_ABORTED;
|
||||
}
|
||||
if (debug_level > 1)
|
||||
|
@ -70,6 +70,7 @@ enum {
|
||||
VENDOR_FSIJ = 0x234b,
|
||||
VENDOR_VASCO = 0x1a44,
|
||||
VENDOR_NXP = 0x1fc9,
|
||||
VENDOR_ACR = 0x072f
|
||||
};
|
||||
|
||||
|
||||
@ -88,6 +89,7 @@ enum {
|
||||
#define VEGA_ALPHA 0x0008
|
||||
#define CYBERJACK_GO 0x0504
|
||||
#define CRYPTOUCAN 0x81e6
|
||||
#define ACR_122U 0x2200 /* NFC Reader */
|
||||
|
||||
#endif /*CCID_DRIVER_INCLUDE_USB_IDS*/
|
||||
|
||||
|
@ -104,6 +104,7 @@ enum cmd_and_opt_values
|
||||
oDisableApplication,
|
||||
oApplicationPriority,
|
||||
oEnablePinpadVarlen,
|
||||
oCompatibilityFlags,
|
||||
oListenBacklog
|
||||
};
|
||||
|
||||
@ -172,6 +173,7 @@ static gpgrt_opt_t opts[] = {
|
||||
ARGPARSE_s_s (oDisableApplication, "disable-application", "@"),
|
||||
ARGPARSE_s_s (oApplicationPriority, "application-priority",
|
||||
N_("|LIST|change the application priority to LIST")),
|
||||
ARGPARSE_s_s (oCompatibilityFlags, "compatibility-flags", "@"),
|
||||
ARGPARSE_s_i (oListenBacklog, "listen-backlog", "@"),
|
||||
|
||||
|
||||
@ -204,6 +206,14 @@ static struct debug_flags_s debug_flags [] =
|
||||
};
|
||||
|
||||
|
||||
/* The list of compatibility flags. */
|
||||
static struct compatibility_flags_s compatibility_flags [] =
|
||||
{
|
||||
{ COMPAT_CCID_NO_AUTO_DETACH, "ccid-no-auto-detach" },
|
||||
{ 0, NULL }
|
||||
};
|
||||
|
||||
|
||||
/* The card driver we use by default for PC/SC. */
|
||||
#if defined(HAVE_W32_SYSTEM) || defined(__CYGWIN__)
|
||||
#define DEFAULT_PCSC_DRIVER "winscard.dll"
|
||||
@ -628,6 +638,15 @@ main (int argc, char **argv )
|
||||
|
||||
case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break;
|
||||
|
||||
case oCompatibilityFlags:
|
||||
if (parse_compatibility_flags (pargs.r.ret_str, &opt.compat_flags,
|
||||
compatibility_flags))
|
||||
{
|
||||
pargs.r_opt = ARGPARSE_INVALID_ARG;
|
||||
pargs.err = ARGPARSE_PRINT_WARNING;
|
||||
}
|
||||
break;
|
||||
|
||||
case oListenBacklog:
|
||||
listen_backlog = pargs.r.ret_int;
|
||||
break;
|
||||
|
@ -67,6 +67,9 @@ struct
|
||||
want to use. */
|
||||
unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */
|
||||
int debug_allow_pin_logging; /* Allow PINs in debug output. */
|
||||
|
||||
/* Compatibility flags (COMPAT_FLAG_xxxx). */
|
||||
unsigned int compat_flags;
|
||||
} opt;
|
||||
|
||||
|
||||
@ -92,6 +95,11 @@ struct
|
||||
#define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE)
|
||||
#define DBG_READER (opt.debug & DBG_READER_VALUE)
|
||||
|
||||
|
||||
#define COMPAT_CCID_NO_AUTO_DETACH 1
|
||||
|
||||
|
||||
|
||||
struct server_local_s;
|
||||
struct card_ctx_s;
|
||||
struct app_ctx_s;
|
||||
|
16
sm/gpgsm.c
16
sm/gpgsm.c
@ -1330,8 +1330,19 @@ main ( int argc, char **argv)
|
||||
|
||||
case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
|
||||
case oChUid: break; /* Command line only (see above). */
|
||||
case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
|
||||
case oKeyboxdProgram: opt.keyboxd_program = pargs.r.ret_str; break;
|
||||
|
||||
case oAgentProgram:
|
||||
xfree (opt.agent_program);
|
||||
opt.agent_program = make_filename (pargs.r.ret_str, NULL);
|
||||
break;
|
||||
case oKeyboxdProgram:
|
||||
xfree (opt.keyboxd_program);
|
||||
opt.keyboxd_program = make_filename (pargs.r.ret_str, NULL);
|
||||
break;
|
||||
case oDirmngrProgram:
|
||||
xfree (opt.dirmngr_program);
|
||||
opt.dirmngr_program = make_filename (pargs.r.ret_str, NULL);
|
||||
break;
|
||||
|
||||
case oDisplay:
|
||||
set_opt_session_env ("DISPLAY", pargs.r.ret_str);
|
||||
@ -1349,7 +1360,6 @@ main ( int argc, char **argv)
|
||||
case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break;
|
||||
case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
|
||||
|
||||
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
|
||||
case oDisableDirmngr: opt.disable_dirmngr = 1; break;
|
||||
case oPreferSystemDirmngr: /* Obsolete */; break;
|
||||
case oProtectToolProgram:
|
||||
|
@ -60,16 +60,16 @@ struct
|
||||
int use_keyboxd; /* Use the external keyboxd as storage backend. */
|
||||
|
||||
const char *config_filename; /* Name of the used config file. */
|
||||
const char *agent_program;
|
||||
char *agent_program;
|
||||
|
||||
const char *keyboxd_program;
|
||||
char *keyboxd_program;
|
||||
|
||||
session_env_t session_env;
|
||||
char *lc_ctype;
|
||||
char *lc_messages;
|
||||
|
||||
int autostart;
|
||||
const char *dirmngr_program;
|
||||
char *dirmngr_program;
|
||||
int disable_dirmngr; /* Do not do any dirmngr calls. */
|
||||
const char *protect_tool_program;
|
||||
char *outfile; /* name of output file */
|
||||
|
47
sm/minip12.c
47
sm/minip12.c
@ -677,7 +677,7 @@ parse_bag_encrypted_data (struct p12_parse_ctx_s *ctx, tlv_parser_t tlv)
|
||||
const unsigned char *data;
|
||||
size_t datalen;
|
||||
int intval;
|
||||
char salt[20];
|
||||
char salt[32];
|
||||
size_t saltlen;
|
||||
char iv[16];
|
||||
unsigned int iter;
|
||||
@ -1945,43 +1945,46 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
|
||||
}
|
||||
|
||||
where = "pfx";
|
||||
if (tlv_next (tlv))
|
||||
if ((err = tlv_next (tlv)))
|
||||
goto bailout;
|
||||
if (tlv_expect_sequence (tlv))
|
||||
if ((err = tlv_expect_sequence (tlv)))
|
||||
goto bailout;
|
||||
|
||||
where = "pfxVersion";
|
||||
if (tlv_next (tlv))
|
||||
if ((err = tlv_next (tlv)))
|
||||
goto bailout;
|
||||
if (tlv_expect_integer (tlv, &intval) || intval != 3)
|
||||
if ((err = tlv_expect_integer (tlv, &intval)) || intval != 3)
|
||||
goto bailout;
|
||||
|
||||
where = "authSave";
|
||||
if (tlv_next (tlv))
|
||||
if ((err = tlv_next (tlv)))
|
||||
goto bailout;
|
||||
if (tlv_expect_sequence (tlv))
|
||||
if ((err = tlv_expect_sequence (tlv)))
|
||||
goto bailout;
|
||||
|
||||
if (tlv_next (tlv))
|
||||
if ((err = tlv_next (tlv)))
|
||||
goto bailout;
|
||||
if (tlv_expect_object_id (tlv, &oid, &oidlen))
|
||||
if ((err = tlv_expect_object_id (tlv, &oid, &oidlen)))
|
||||
goto bailout;
|
||||
if (oidlen != DIM(oid_data) || memcmp (oid, oid_data, DIM(oid_data)))
|
||||
{
|
||||
err = gpg_error (GPG_ERR_INV_OBJ);
|
||||
goto bailout;
|
||||
}
|
||||
|
||||
if ((err = tlv_next (tlv)))
|
||||
goto bailout;
|
||||
if ((err = tlv_expect_context_tag (tlv, &intval)) || intval != 0 )
|
||||
goto bailout;
|
||||
|
||||
if (tlv_next (tlv))
|
||||
if ((err = tlv_next (tlv)))
|
||||
goto bailout;
|
||||
if (tlv_expect_context_tag (tlv, &intval) || intval != 0 )
|
||||
goto bailout;
|
||||
|
||||
if (tlv_next (tlv))
|
||||
goto bailout;
|
||||
if (tlv_expect_octet_string (tlv, 1, NULL, NULL))
|
||||
if ((err = tlv_expect_octet_string (tlv, 1, NULL, NULL)))
|
||||
goto bailout;
|
||||
|
||||
if (tlv_peek (tlv, CLASS_UNIVERSAL, TAG_OCTET_STRING))
|
||||
{
|
||||
if (tlv_next (tlv))
|
||||
if ((err = tlv_next (tlv)))
|
||||
goto bailout;
|
||||
err = tlv_expect_octet_string (tlv, 1, NULL, NULL);
|
||||
if (err)
|
||||
@ -1989,9 +1992,9 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
|
||||
}
|
||||
|
||||
where = "bags";
|
||||
if (tlv_next (tlv))
|
||||
if ((err = tlv_next (tlv)))
|
||||
goto bailout;
|
||||
if (tlv_expect_sequence (tlv))
|
||||
if ((err = tlv_expect_sequence (tlv)))
|
||||
goto bailout;
|
||||
|
||||
startlevel = tlv_parser_level (tlv);
|
||||
@ -2000,12 +2003,12 @@ p12_parse (const unsigned char *buffer, size_t length, const char *pw,
|
||||
{
|
||||
where = "bag-sequence";
|
||||
tlv_parser_dump_state (where, NULL, tlv);
|
||||
if (tlv_expect_sequence (tlv))
|
||||
if ((err = tlv_expect_sequence (tlv)))
|
||||
goto bailout;
|
||||
|
||||
if (tlv_next (tlv))
|
||||
if ((err = tlv_next (tlv)))
|
||||
goto bailout;
|
||||
if (tlv_expect_object_id (tlv, &oid, &oidlen))
|
||||
if ((err = tlv_expect_object_id (tlv, &oid, &oidlen)))
|
||||
goto bailout;
|
||||
|
||||
if (oidlen == DIM(oid_encryptedData)
|
||||
|
@ -99,7 +99,7 @@ suite.
|
||||
This envvar gives the root directory of the build tree. See
|
||||
tests/gpgconf.ctl.in for the way we tell the GnuPG components this
|
||||
location. Note that we can't use that envvar directly because this
|
||||
would allow user scripts and other software to accidently mess up the
|
||||
would allow user scripts and other software to accidentally mess up the
|
||||
used components.
|
||||
**** argv[0]
|
||||
run-tests.scm depends on being able to re-exec gpgscm. It uses
|
||||
|
@ -220,9 +220,15 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
|
||||
}
|
||||
break;
|
||||
|
||||
case oGpgProgram: opt.gpg_program = pargs->r.ret_str; break;
|
||||
case oGpgsmProgram: opt.gpgsm_program = pargs->r.ret_str; break;
|
||||
case oAgentProgram: opt.agent_program = pargs->r.ret_str; break;
|
||||
case oGpgProgram:
|
||||
opt.gpg_program = make_filename (pargs->r.ret_str, NULL);
|
||||
break;
|
||||
case oGpgsmProgram:
|
||||
opt.gpgsm_program = make_filename (pargs->r.ret_str, NULL);
|
||||
break;
|
||||
case oAgentProgram:
|
||||
opt.agent_program = make_filename (pargs->r.ret_str, NULL);
|
||||
break;
|
||||
|
||||
case oStatusFD:
|
||||
gnupg_set_status_fd (translate_sys2libc_fd_int (pargs->r.ret_int, 1));
|
||||
@ -402,7 +408,7 @@ nullnone (const char *s)
|
||||
* success returns 0 and stores the number of bytes read at R_BUFLEN
|
||||
* and the address of a newly allocated buffer at R_BUFFER. A
|
||||
* complementary nul byte is always appended to the data but not
|
||||
* counted; this allows to pass NULL for R-BUFFER and consider the
|
||||
* counted; this allows one to pass NULL for R-BUFFER and consider the
|
||||
* returned data as a string. */
|
||||
static gpg_error_t
|
||||
get_data_from_file (const char *fname, char **r_buffer, size_t *r_buflen)
|
||||
|
@ -34,9 +34,9 @@ struct
|
||||
unsigned int debug;
|
||||
int quiet;
|
||||
int with_colons;
|
||||
const char *gpg_program;
|
||||
const char *gpgsm_program;
|
||||
const char *agent_program;
|
||||
char *gpg_program;
|
||||
char *gpgsm_program;
|
||||
char *agent_program;
|
||||
int autostart;
|
||||
|
||||
int no_key_lookup; /* Assume --no-key-lookup for "list". */
|
||||
|
@ -126,9 +126,9 @@ struct
|
||||
int quiet; /* Be extra quiet. */
|
||||
int autostart; /* Start the server if not running. */
|
||||
const char *homedir; /* Configuration directory name */
|
||||
const char *agent_program; /* Value of --agent-program. */
|
||||
const char *dirmngr_program; /* Value of --dirmngr-program. */
|
||||
const char *keyboxd_program; /* Value of --keyboxd-program. */
|
||||
char *agent_program; /* Value of --agent-program. */
|
||||
char *dirmngr_program; /* Value of --dirmngr-program. */
|
||||
char *keyboxd_program; /* Value of --keyboxd-program. */
|
||||
int hex; /* Print data lines in hex format. */
|
||||
int decode; /* Decode received data lines. */
|
||||
int use_dirmngr; /* Use the dirmngr and not gpg-agent. */
|
||||
@ -1269,9 +1269,15 @@ main (int argc, char **argv)
|
||||
case oVerbose: opt.verbose++; break;
|
||||
case oNoVerbose: opt.verbose = 0; break;
|
||||
case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
|
||||
case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
|
||||
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
|
||||
case oKeyboxdProgram: opt.keyboxd_program = pargs.r.ret_str; break;
|
||||
case oAgentProgram:
|
||||
opt.agent_program = make_filename (pargs.r.ret_str, NULL);
|
||||
break;
|
||||
case oDirmngrProgram:
|
||||
opt.dirmngr_program = make_filename (pargs.r.ret_str, NULL);
|
||||
break;
|
||||
case oKeyboxdProgram:
|
||||
opt.keyboxd_program = make_filename (pargs.r.ret_str, NULL);
|
||||
break;
|
||||
case oNoAutostart: opt.autostart = 0; break;
|
||||
case oNoHistory: opt.no_history = 1; break;
|
||||
case oHex: opt.hex = 1; break;
|
||||
|
@ -78,6 +78,7 @@ enum cmd_and_opt_values
|
||||
oNoAutostart,
|
||||
oAddRevocs,
|
||||
oNoAddRevocs,
|
||||
oRealClean,
|
||||
|
||||
oDummy
|
||||
};
|
||||
@ -121,8 +122,9 @@ static gpgrt_opt_t opts[] = {
|
||||
ARGPARSE_s_n (oWithColons, "with-colons", "@"),
|
||||
ARGPARSE_s_s (oBlacklist, "blacklist", "@"),
|
||||
ARGPARSE_s_s (oDirectory, "directory", "@"),
|
||||
ARGPARSE_s_n (oAddRevocs, "add-revocs", "add revocation certificates"),
|
||||
ARGPARSE_s_n (oAddRevocs, "add-revocs", "@"),
|
||||
ARGPARSE_s_n (oNoAddRevocs, "no-add-revocs", "do not add revocation certificates"),
|
||||
ARGPARSE_s_n (oRealClean, "realclean", "remove most key signatures"),
|
||||
|
||||
ARGPARSE_s_s (oFakeSubmissionAddr, "fake-submission-addr", "@"),
|
||||
|
||||
@ -154,7 +156,7 @@ static char **blacklist_array;
|
||||
static size_t blacklist_array_len;
|
||||
|
||||
|
||||
static void wrong_args (const char *text) GPGRT_ATTR_NORETURN;
|
||||
static void wrong_args (const char *t1, const char *t2) GPGRT_ATTR_NORETURN;
|
||||
static void add_blacklist (const char *fname);
|
||||
static gpg_error_t proc_userid_from_stdin (gpg_error_t (*func)(const char *),
|
||||
const char *text);
|
||||
@ -204,10 +206,15 @@ my_strusage( int level )
|
||||
|
||||
|
||||
static void
|
||||
wrong_args (const char *text)
|
||||
wrong_args (const char *text, const char *text2)
|
||||
{
|
||||
es_fprintf (es_stderr, _("usage: %s [options] %s\n"),
|
||||
gpgrt_strusage (11), text);
|
||||
#if GPGRT_VERSION_NUMBER >= 0x013000 /* >= 1.48 */
|
||||
/* Skip the leading dashes if build with command support. */
|
||||
if (text[0] == '-' && text[1] == '-' && text[2])
|
||||
text += 2;
|
||||
#endif
|
||||
es_fprintf (es_stderr, _("usage: %s %s [options] %s\n"),
|
||||
gpgrt_strusage (11), text, text2);
|
||||
exit (2);
|
||||
}
|
||||
|
||||
@ -235,16 +242,16 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
|
||||
break;
|
||||
|
||||
case oGpgProgram:
|
||||
opt.gpg_program = pargs->r.ret_str;
|
||||
opt.gpg_program = make_filename (pargs->r.ret_str, NULL);
|
||||
break;
|
||||
case oDirectory:
|
||||
opt.directory = pargs->r.ret_str;
|
||||
opt.directory = make_filename (pargs->r.ret_str, NULL);
|
||||
break;
|
||||
case oSend:
|
||||
opt.use_sendmail = 1;
|
||||
break;
|
||||
case oOutput:
|
||||
opt.output = pargs->r.ret_str;
|
||||
opt.output = make_filename (pargs->r.ret_str, NULL);
|
||||
break;
|
||||
case oFakeSubmissionAddr:
|
||||
fake_submission_addr = pargs->r.ret_str;
|
||||
@ -268,6 +275,10 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
|
||||
opt.add_revocs = 0;
|
||||
break;
|
||||
|
||||
case oRealClean:
|
||||
opt.realclean = 1;
|
||||
break;
|
||||
|
||||
case aSupported:
|
||||
case aCreate:
|
||||
case aReceive:
|
||||
@ -315,6 +326,9 @@ main (int argc, char **argv)
|
||||
pargs.argc = &argc;
|
||||
pargs.argv = &argv;
|
||||
pargs.flags = ARGPARSE_FLAG_KEEP;
|
||||
#if GPGRT_VERSION_NUMBER >= 0x013000 /* >= 1.48 */
|
||||
pargs.flags |= ARGPARSE_FLAG_COMMAND;
|
||||
#endif
|
||||
cmd = parse_arguments (&pargs, opts);
|
||||
gpgrt_argparse (NULL, &pargs, NULL);
|
||||
|
||||
@ -350,7 +364,7 @@ main (int argc, char **argv)
|
||||
|
||||
/* Set defaults for non given options. */
|
||||
if (!opt.gpg_program)
|
||||
opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
|
||||
opt.gpg_program = xstrdup (gnupg_module_name (GNUPG_MODULE_NAME_GPG));
|
||||
|
||||
if (!opt.directory)
|
||||
opt.directory = "openpgpkey";
|
||||
@ -394,7 +408,7 @@ main (int argc, char **argv)
|
||||
else
|
||||
{
|
||||
if (argc != 1)
|
||||
wrong_args ("--supported DOMAIN");
|
||||
wrong_args ("--supported", "DOMAIN");
|
||||
err = command_supported (argv[0]);
|
||||
if (err && gpg_err_code (err) != GPG_ERR_FALSE)
|
||||
log_error ("checking support failed: %s\n", gpg_strerror (err));
|
||||
@ -403,7 +417,7 @@ main (int argc, char **argv)
|
||||
|
||||
case aCreate:
|
||||
if (argc != 2)
|
||||
wrong_args ("--create FINGERPRINT USER-ID");
|
||||
wrong_args ("--create", "FINGERPRINT USER-ID");
|
||||
err = command_create (argv[0], argv[1]);
|
||||
if (err)
|
||||
log_error ("creating request failed: %s\n", gpg_strerror (err));
|
||||
@ -411,7 +425,7 @@ main (int argc, char **argv)
|
||||
|
||||
case aReceive:
|
||||
if (argc)
|
||||
wrong_args ("--receive < MIME-DATA");
|
||||
wrong_args ("--receive", "< MIME-DATA");
|
||||
err = wks_receive (es_stdin, command_receive_cb, NULL);
|
||||
if (err)
|
||||
log_error ("processing mail failed: %s\n", gpg_strerror (err));
|
||||
@ -419,7 +433,7 @@ main (int argc, char **argv)
|
||||
|
||||
case aRead:
|
||||
if (argc)
|
||||
wrong_args ("--read < WKS-DATA");
|
||||
wrong_args ("--read", "< WKS-DATA");
|
||||
err = read_confirmation_request (es_stdin);
|
||||
if (err)
|
||||
log_error ("processing mail failed: %s\n", gpg_strerror (err));
|
||||
@ -427,7 +441,7 @@ main (int argc, char **argv)
|
||||
|
||||
case aCheck:
|
||||
if (argc != 1)
|
||||
wrong_args ("--check USER-ID");
|
||||
wrong_args ("--check", "USER-ID");
|
||||
err = command_check (argv[0]);
|
||||
break;
|
||||
|
||||
@ -444,12 +458,12 @@ main (int argc, char **argv)
|
||||
else if (argc == 2)
|
||||
err = wks_cmd_install_key (*argv, argv[1]);
|
||||
else
|
||||
wrong_args ("--install-key [FILE|FINGERPRINT USER-ID]");
|
||||
wrong_args ("--install-key", "[FILE|FINGERPRINT USER-ID]");
|
||||
break;
|
||||
|
||||
case aRemoveKey:
|
||||
if (argc != 1)
|
||||
wrong_args ("--remove-key USER-ID");
|
||||
wrong_args ("--remove-key", "USER-ID");
|
||||
err = wks_cmd_remove_key (*argv);
|
||||
break;
|
||||
|
||||
@ -1779,6 +1793,8 @@ process_confirmation_request (estream_t msg, const char *mainfpr)
|
||||
log_info ("no encryption key found - sending response in the clear\n");
|
||||
err = send_confirmation_response (sender, address, nonce, 0, NULL);
|
||||
}
|
||||
if (!err)
|
||||
log_info ("response sent to '%s' for '%s'\n", sender, address);
|
||||
|
||||
leave:
|
||||
nvc_release (nvc);
|
||||
@ -1903,7 +1919,7 @@ domain_matches_mbox (const char *domain, const char *mbox)
|
||||
* so that for a key with
|
||||
* uid: Joe Someone <joe@example.org>
|
||||
* uid: Joe <joe@example.org>
|
||||
* only the news user id (and thus its self-signature) is used.
|
||||
* only the newest user id (and thus its self-signature) is used.
|
||||
* UIDLIST is nodified to set all MBOX fields to NULL for a processed
|
||||
* user id. FPR is the fingerprint of the key.
|
||||
*/
|
||||
@ -2010,7 +2026,7 @@ mirror_one_key (estream_t key)
|
||||
continue; /* No mail box or already processed. */
|
||||
if (uid->expired)
|
||||
continue;
|
||||
if (!domain_matches_mbox (domain, uid->mbox))
|
||||
if (*domain && !domain_matches_mbox (domain, uid->mbox))
|
||||
continue; /* We don't want this one. */
|
||||
if (is_in_blacklist (uid->mbox))
|
||||
continue;
|
||||
|
@ -308,7 +308,7 @@ main (int argc, char **argv)
|
||||
|
||||
/* Set defaults for non given options. */
|
||||
if (!opt.gpg_program)
|
||||
opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
|
||||
opt.gpg_program = xstrdup (gnupg_module_name (GNUPG_MODULE_NAME_GPG));
|
||||
|
||||
if (!opt.directory)
|
||||
opt.directory = "/var/lib/gnupg/wks";
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user