security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Expiration time works (I hope so)

This commit is contained in:
Werner Koch 1998-11-20 17:42:18 +00:00
parent f9d2bd8cb9
commit 47c61bafe3
35 changed files with 7147 additions and 2848 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
INSTALL
View File

@ -34,7 +34,8 @@ Problems
========
If you get unresolved externals "gettext" you should run configure again
with the option "--with-included-gettext".
with the option "--with-included-gettext"; this is version 0.10.35 which
is available at alpha.gnu.org.
If you have other compile problems, try the configure options
"--with-included-zlib" or "--disable-nls" (See ABOUT-NLS)

14
NEWS
View File

@ -1,6 +1,10 @@
This is NOT a released version!
-------------------------------
* Fixed the way the key expiration time is stored. If you have
an expiration time on your key you should fix it with --edit-key
and the command "expire". I apologize for this inconvenience.
* Add option --charset to support "koi8-r" encoding of user ids.
(Not yet tested).
@ -14,6 +18,16 @@ This is NOT a released version!
* Spanish translation by Urko Lusa.
* Patch files are from now on signed. See the man page
for the new option --not-dash-escaped.
* New syntax: --edit-key <userID> [<commands>]
If you run it without --batch the commands are executed and then
you are put into normal mode unless you use "quit" or "save" as
one of the commands. When in batch mode, the program quits after
the last command, so you have to use "save" if you did some changes.
It does not yet work completey, but may be used to list so the
keys etc.
Noteworthy changes in version 0.4.3

21
PROJECTS
View File

@ -1,22 +1,27 @@
* Urko Lusa <ulusa@lacueva.ddns.org> is working on es.po
* Check if an object (a message, detached sign, public key, or whatever)
is signed by definite user, i.e. define user
(userid, or any other unique identification) on command line.
* Change the internal represention of keyid into a struct which
can also hold the localid and extend the localid to hold information
of the subkey number because two subkeys may have the same keyid.
* signature verification is done duplicated on import: in import.c and
tehn in trustdb.c too. Maybe we can use a flag to skip the actual
verification process (this should work if we use the same keyblock,
but I'm not sure how to accomplish that). Another way is to allow
the import of bogus data and let trustdb mark these keys as invalid;
I see an advantage in this that it may help to prevent a DoS on a
keyserver by sending him a lot of bogus signatures which he has
to check - Needs further investigation.
* abstraction of the MPI
* Add a way to override the current cipher/md implementations
by others (using extensions)
* add a fast-import command which does not do the signature checks
of other keys (processing of the sdir hintlist). The signatures
may then be verified by a maintainence pass.
* Not GnupG replated: What about option completion in bash?
* Not GnuPG replated: What about option completion in bash?
Can "--dump-options" be used for this or should we place the
options in a special ELF segment?

34
TODO
View File

@ -4,9 +4,9 @@
* Check Berkeley BD - it is in glibc -any licensing problems?
* I noticed, that we sometimes have only 3 items in atrustrecord, but
* I noticed, that we sometimes have only 3 items in a trustrecord, but
a next pointer ro more records - check wehther the reuse code really
works. Maybe this is the reason for the "Hmmm puiblic key lost"
works. Maybe this is the reason for the "Hmmm public key lost"
* Update the keyring at ftp.guug.de
@ -14,9 +14,6 @@
* check support for mpi/powerpc
* add a note, that gettext 10.35 is needed (for gettext) - and install
it on tobold.
* use zlib 1.1.13 to avoid a bug with 13 bit windows
but there are more problems with large files
@ -24,12 +21,17 @@
#define USE_DYNAMIC_LINKING
#define HAVE_DL_DLOPEN
and the ld option -export-dynamic.
Why does autoconf not figure that out?
* clearsig: keep lineendings as they are. Remember that trailings
blanks are not hashed.
* Check revocation and expire stuff.
* Always use the latest key signature (import). This is needed, so
that we are able to chnage the expiration time or other info in the
selfsignature
* OpenBSD: dynamic loading with dlopen works on OpenBSD, but:
OpenBSD binaries are a.out, so every symbol begins with "_"
@ -58,8 +60,6 @@
* add some sanity checks to read_keyblock, so that we are sure that
the minimal requirements are met (?)
* decryption of message with multiple recipients does not work.
* preferences of hash algorithms are not yet used.
* rewrite --list-packets or put it into another tool.
@ -67,31 +67,19 @@
* Burn the buffers used by fopen(), or use read(2). Does this
really make sense?
* Change the buffering to a mbuf like scheme? Need it for PSST anyway.
* Change the buffering to a mbuf like scheme? Need it for PSST anyway;
see Michael's proposal.
* add checking of armor trailers
* remove all "Fixmes"
* Change the internal represention of keyid into a struct which
can also hold the localid and extend the localid to hold information
of the subkey number because two subkeys may have the same keyid.
* remove all "Fixmes" ;-)
* add an option to re-create a public key from a secret key; we
can do this in trustdb.c:verify_own_keys.
* signature verification is done duplicated on import: in import.c and
tehn in trustdb.c too. Maybe we can use a flag to skip the actual
verification process (this should work if we use the same keyblock,
but I'm not sure how to accomplish that). Another way is to allow
the import of bogus data and let trustdb mark these keys as invalid;
I see an advantage in this that it may help to prevent a DoS on a
keyserver by sending him a lot of bogus signatures which he has
to check - Needs further investigation.
* change the fake_data stuff to mpi_set_opaque
* Is it okay to use gettext for the help system?
* Add some stuff for DU cc
* Use "user ID", "trustdb" and "WARNING".
* Use "user ID", "trustdb", "NOTE" and "WARNING".

2
VERSION
View File

@ -1 +1 @@
0.4.3b
0.4.3c

3
doc/OpenPGP
View File

@ -1,7 +1,8 @@
GnuPG and OpenPGP
=================
See RFC2440 for a description of OpenPGP.
See RFC2440 for a description of OpenPGP. I have an annotated version
of this RFC online: http://www.d.shuttle.de/isil/gnupg/rfc2440.html

10
doc/gpg.1pod
View File

@ -401,6 +401,16 @@ B<--throw-keyid>
against traffic analysis. It may slow down the decryption
process because all available secret keys are tried.
B<--not-dash-escaped>
This option changes the behaviour of cleartext signature
so that they can be used for patch files. You should not
send such an armored file via email because all spaces
and line endings are hashed too. You can not use this
option for data which has 5 dashes somewhere at the
beginning of a line - patch files don't have this.
A special armor header line tells GnuPG about this
cleartext signature framework.
B<--passphrase-fd> I<n>
Read the passphrase from file descriptor I<n>. If you use
0 for I<n>, the passphrase will be read from stdin. This

22
g10/ChangeLog
View File

@ -1,3 +1,25 @@
Fri Nov 20 16:54:52 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (main): New option --not-dash-escaped
* sign.c (write_dashed_escaped): Ditto.
* armor.c (find_header): Support for NotDashEscaped header.
Thu Nov 19 07:17:31 1998 Werner Koch <werner.koch@guug.de>
* parse-packet.c (dump_sig_subpkt): Fixed expire listing
* getkey.c (merge_keys_and_selfsig): Fixed expire calculation.
(merge_one_pk_and_selfsig): Ditto.
* keyedit.c (menu_expire). Ditto.
* keygen.c (keygen_add_key_expire): Ditto.
(ask_expire_interval): New and changed all local function to use
this instead.
(keygen_add_key_expire): Opaque should now be a public key;
changed all callers.
* parse.packet.c (parse): use skip_rest to skip packets.
* keyedit.c (keyedit_menu): New arg for cmdline cmds.
Wed Nov 18 20:33:50 1998 Werner Koch (wk@isil.d.shuttle.de)
* trustdb.c (check_trustdb): Now rechecks all gived userids.

67
g10/armor.c
View File

@ -1,4 +1,4 @@
/* armor.c - Armor filter
/* armor.c - Armor flter
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
@ -74,7 +74,10 @@ typedef enum {
fhdrENDClearsig,
fhdrENDClearsigHelp,
fhdrTESTSpaces,
fhdrCLEARSIGSimple,
fhdrCLEARSIGSimpleNext,
fhdrTEXT,
fhdrTEXTSimple,
fhdrERROR,
fhdrERRORShow,
fhdrEOF
@ -110,7 +113,7 @@ static fhdr_state_t find_header( fhdr_state_t state,
byte *buf, size_t *r_buflen,
IOBUF a, size_t n,
unsigned *r_empty, int *r_hashes,
int only_keyblocks );
int only_keyblocks, int *not_dashed );
static void
@ -262,7 +265,7 @@ parse_hash_header( const char *line )
static fhdr_state_t
find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
IOBUF a, size_t n, unsigned *r_empty, int *r_hashes,
int only_keyblocks )
int only_keyblocks, int *not_dashed )
{
int c=0, i;
const char *s;
@ -343,8 +346,15 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
putc('\n', stderr);
}
if( clearsig && !(hashes=parse_hash_header( buf )) ) {
log_error(_("invalid clearsig header\n"));
state = fhdrERROR;
if( strlen(buf) > 15
&& !memcmp( buf, "NotDashEscaped:", 15 ) ) {
*not_dashed = 1;
state = fhdrWAITHeader;
}
else {
log_error(_("invalid clearsig header\n"));
state = fhdrERROR;
}
}
else {
state = fhdrWAITHeader;
@ -449,6 +459,31 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
log_info(_("armor: %s\n"), head_strings[hdr_line]);
break;
case fhdrCLEARSIGSimple:
/* we are at the begin of a new line */
case fhdrCLEARSIGSimpleNext:
n = 0;
c = 0;
while( n < buflen && (c=iobuf_get(a)) != -1 ) {
buf[n++] = c;
if( c == '\n' )
break;
}
buf[n] = 0;
if( c == -1 )
state = fhdrEOF;
else if( state == fhdrCLEARSIGSimple
&& n > 15 && !memcmp(buf, "-----", 5 ) ) {
if( c == '\n' )
buf[n-1] = 0;
state = fhdrENDClearsig;
}
else if( c == '\n' )
state = fhdrCLEARSIGSimple;
else
state = fhdrCLEARSIGSimpleNext;
break;
case fhdrCLEARSIG:
case fhdrEMPTYClearsig:
case fhdrREADClearsig:
@ -472,6 +507,10 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
break;
case fhdrCHECKDashEscaped3:
if( *not_dashed ) {
state = fhdrTEXTSimple;
break;
}
if( !(n > 1 && buf[0] == '-' && buf[1] == ' ' ) ) {
state = fhdrTEXT;
break;
@ -501,7 +540,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
/* check the clearsig line */
if( n > 15 && !memcmp(buf, "-----", 5 ) )
state = fhdrENDClearsig;
else if( buf[0] == '-' && buf[1] == ' ' )
else if( buf[0] == '-' && buf[1] == ' ' && !*not_dashed )
state = fhdrCHECKDashEscaped;
else {
state = fhdrTESTSpaces;
@ -512,7 +551,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
/* check the clearsig line */
if( n > 15 && !memcmp(buf, "-----", 5 ) )
state = fhdrENDClearsig;
else if( buf[0] == '-' && buf[1] == ' ' )
else if( buf[0] == '-' && buf[1] == ' ' && !*not_dashed )
state = fhdrCHECKDashEscaped2;
else {
state = fhdrREADClearsig;
@ -591,6 +630,11 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
if( clearsig && state == fhdrTEXT )
state = fhdrCLEARSIG;
else if( clearsig && state == fhdrTEXTSimple ) {
state = fhdrCLEARSIGSimple;
buf[n] = '\n';
n++;
}
if( state == fhdrCLEARSIG || state == fhdrREADClearsig ) {
/* append CR,LF after removing trailing wspaces */
@ -631,7 +675,7 @@ check_input( armor_filter_context_t *afx, IOBUF a )
n = DIM(afx->helpbuf);
state = find_header( state, afx->helpbuf, &n, a,
afx->helplen, &emplines, &afx->hashes,
afx->only_keyblocks );
afx->only_keyblocks, &afx->not_dash_escaped );
switch( state ) {
case fhdrNOArmor:
afx->inp_checked = 1;
@ -649,6 +693,8 @@ check_input( armor_filter_context_t *afx, IOBUF a )
case fhdrNullClearsig:
case fhdrCLEARSIG: /* start fake package mode (for clear signatures) */
case fhdrCLEARSIGSimple:
case fhdrCLEARSIGSimpleNext:
afx->helplen = n;
afx->helpidx = 0;
afx->faked = 1;
@ -718,7 +764,8 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
state = find_header( state, afx->helpbuf, &n, a,
state == fhdrNullClearsig? afx->helplen:0,
&emplines, &afx->hashes,
afx->only_keyblocks );
afx->only_keyblocks,
&afx->not_dash_escaped );
switch( state) {
case fhdrERROR:
invalid_armor();
@ -733,6 +780,8 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
case fhdrREADClearsig:
case fhdrREADClearsigNext:
case fhdrCLEARSIGSimple:
case fhdrCLEARSIGSimpleNext:
afx->helplen = n;
break;

1
g10/filter.h
View File

@ -45,6 +45,7 @@ typedef struct {
int inp_bypass; /* set if the input is not armored */
int any_data;
const char *hdrlines;
int not_dash_escaped;
} armor_filter_context_t;

17
g10/g10.c
View File

@ -146,6 +146,7 @@ enum cmd_and_opt_values { aNull = 0,
oS2KDigest,
oS2KCipher,
oCharset,
oNotDashEscaped,
aTest };
@ -294,6 +295,7 @@ static ARGPARSE_OPTS opts[] = {
{ oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
{ oSetFilename, "set-filename", 2, "@" },
{ oComment, "comment", 2, "@" },
{ oNotDashEscaped, "not-dash-escaped", 0, "@" },
{0} };
@ -767,6 +769,7 @@ main( int argc, char **argv )
log_error(_("%s is not a valid character set\n"),
pargs.r.ret_str);
break;
case oNotDashEscaped: opt.not_dash_escaped = 1; break;
default : pargs.err = configfp? 1:2; break;
}
@ -988,9 +991,17 @@ main( int argc, char **argv )
case aSignKey: /* sign the key given as argument */
case aEditKey: /* Edit a key signature */
if( argc != 1 )
wrong_args(_("--edit-key username"));
keyedit_menu(fname, locusr );
if( !argc )
wrong_args(_("--edit-key username [commands]"));
if( argc > 1 ) {
sl = NULL;
for( argc--, argv++ ; argc; argc--, argv++ )
append_to_strlist( &sl, *argv );
keyedit_menu( fname, locusr, sl );
free_strlist(sl);
}
else
keyedit_menu(fname, locusr, NULL );
break;
#endif /* IS_G10 */

12
g10/getkey.c
View File

@ -721,7 +721,7 @@ merge_one_pk_and_selfsig( KBNODE keyblock, KBNODE knode )
*/
const byte *p;
p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL );
pk->expiredate = p? buffer_to_u32(p):0;
pk->expiredate = p? pk->timestamp + buffer_to_u32(p):0;
/* fixme: add usage etc. to pk */
break;
}
@ -739,7 +739,7 @@ merge_keys_and_selfsig( KBNODE keyblock )
PKT_secret_key *sk = NULL;
PKT_signature *sig;
KBNODE k;
u32 kid[2];
u32 kid[2] = { 0, 0 };
for(k=keyblock; k; k = k->next ) {
if( k->pkt->pkttype == PKT_PUBLIC_KEY
@ -747,7 +747,7 @@ merge_keys_and_selfsig( KBNODE keyblock )
pk = k->pkt->pkt.public_key; sk = NULL;
if( pk->version < 4 )
pk = NULL; /* not needed for old keys */
else
else if( k->pkt->pkttype == PKT_PUBLIC_KEY )
keyid_from_pk( pk, kid );
}
else if( k->pkt->pkttype == PKT_SECRET_KEY
@ -755,7 +755,7 @@ merge_keys_and_selfsig( KBNODE keyblock )
pk = NULL; sk = k->pkt->pkt.secret_key;
if( sk->version < 4 )
sk = NULL;
else
else if( k->pkt->pkttype == PKT_SECRET_KEY )
keyid_from_sk( sk, kid );
}
else if( (pk || sk ) && k->pkt->pkttype == PKT_SIGNATURE
@ -770,12 +770,12 @@ merge_keys_and_selfsig( KBNODE keyblock )
const byte *p;
p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL );
if( pk ) {
pk->expiredate = p? buffer_to_u32(p):0;
pk->expiredate = p? pk->timestamp + buffer_to_u32(p):0;
/* fixme: add usage etc. */
pk = NULL; /* use only the first self signature */
}
else {
sk->expiredate = p? buffer_to_u32(p):0;
sk->expiredate = p? sk->timestamp + buffer_to_u32(p):0;
sk = NULL; /* use only the first self signature */
}
}

67
g10/keyedit.c
View File

@ -475,7 +475,7 @@ fix_keyblock( KBNODE keyblock )
*/
void
keyedit_menu( const char *username, STRLIST locusr )
keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
{
enum cmdids { cmdNONE = 0,
cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
@ -527,9 +527,10 @@ keyedit_menu( const char *username, STRLIST locusr )
int modified = 0;
int sec_modified = 0;
int toggle;
int have_commands = !!commands;
if( opt.batch ) {
if( opt.batch && !have_commands ) {
log_error(_("can't do that in batchmode\n"));
goto leave;
}
@ -574,8 +575,21 @@ keyedit_menu( const char *username, STRLIST locusr )
}
do {
m_free(answer);
answer = cpr_get(N_("keyedit.cmd"), _("Command> "));
cpr_kill_prompt();
if( have_commands ) {
if( commands ) {
answer = m_strdup( commands->d );
commands = commands->next;
}
else if( opt.batch ) {
answer = m_strdup("quit");
}
else
have_commands = 0;
}
if( !have_commands ) {
answer = cpr_get(N_("keyedit.cmd"), _("Command> "));
cpr_kill_prompt();
}
trim_spaces(answer);
} while( *answer == '#' );
@ -617,6 +631,8 @@ keyedit_menu( const char *username, STRLIST locusr )
break;
case cmdQUIT:
if( have_commands )
goto leave;
if( !modified && !sec_modified )
goto leave;
if( !cpr_get_answer_is_yes(N_("keyedit.save.okay"),
@ -1023,7 +1039,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock )
assert(pk && sk );
rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0,
keygen_add_std_prefs, sk );
keygen_add_std_prefs, pk );
free_secret_key( sk );
if( rc ) {
log_error("signing failed: %s\n", g10_errstr(rc) );
@ -1168,7 +1184,7 @@ menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
static int
menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
{
int n1, rc;
int n1, signumber, rc;
u32 expiredate;
int mainkey=0;
PKT_secret_key *sk; /* copy of the main sk */
@ -1195,26 +1211,24 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
}
expiredate = ask_expiredate();
/* fixme: check that expiredate is > key creation date */
/* get the secret key , make a copy and set the expiration time into
* that key (because keygen_add-key-expire expects it there)
*/
node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
sk->expiredate = expiredate;
/* Now we can actually change the self signature(s) */
main_pk = sub_pk = NULL;
uid = NULL;
signumber = 0;
for( node=pub_keyblock; node; node = node->next ) {
if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
main_pk = node->pkt->pkt.public_key;
keyid_from_pk( main_pk, keyid );
main_pk->expiredate = expiredate;
}
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
&& (node->flag & NODFLG_SELKEY ) )
&& (node->flag & NODFLG_SELKEY ) ) {
sub_pk = node->pkt->pkt.public_key;
sub_pk->expiredate = expiredate;
}
else if( node->pkt->pkttype == PKT_USER_ID )
uid = node->pkt->pkt.user_id;
else if( main_pk && node->pkt->pkttype == PKT_SIGNATURE ) {
@ -1222,16 +1236,31 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
&& ( (mainkey && uid && (sig->sig_class&~3) == 0x10)
|| (!mainkey && sig->sig_class == 0x18) ) ) {
/* this is a selfsignature which should be replaced */
/* this is a selfsignature which is to be replaced */
PKT_signature *newsig;
PACKET *newpkt;
KBNODE sn;
int signumber2 = 0;
signumber++;
if( (mainkey && main_pk->version < 4)
|| (!mainkey && sub_pk->version < 4 ) ) {
log_info(_(
"You can't change the expiration date of a v3 key\n"));
free_secret_key( sk );
return 0;
}
/* find the corresponding secret self-signature */
for( sn=sec_keyblock; sn; sn = sn->next ) {
if( sn->pkt->pkttype == PKT_SIGNATURE
&& !cmp_signatures( sn->pkt->pkt.signature, sig ) )
break;
if( sn->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *b = sn->pkt->pkt.signature;
if( keyid[0] == b->keyid[0] && keyid[1] == b->keyid[1]
&& sig->sig_class == b->sig_class
&& ++signumber2 == signumber )
break;
}
}
if( !sn )
log_info(_("No corresponding signature in secret ring\n"));
@ -1240,11 +1269,11 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
if( mainkey )
rc = make_keysig_packet( &newsig, main_pk, uid, NULL,
sk, 0x13, 0,
keygen_add_std_prefs, sk );
keygen_add_std_prefs, main_pk );
else
rc = make_keysig_packet( &newsig, main_pk, NULL, sub_pk,
sk, 0x18, 0,
keygen_add_key_expire, sk );
keygen_add_key_expire, sub_pk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n",
g10_errstr(rc));

66
g10/keygen.c
View File

@ -54,12 +54,13 @@ write_uid( KBNODE root, const char *s )
int
keygen_add_key_expire( PKT_signature *sig, void *opaque )
{
PKT_secret_key *sk = opaque;
PKT_public_key *pk = opaque;
byte buf[8];
u32 u;
if( sk->expiredate ) {
u = sk->expiredate;
if( pk->expiredate ) {
u = pk->expiredate > pk->timestamp? pk->expiredate - pk->timestamp
: pk->timestamp;
buf[0] = (u >> 24) & 0xff;
buf[1] = (u >> 16) & 0xff;
buf[2] = (u >> 8) & 0xff;
@ -135,7 +136,7 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk )
/* and make the signature */
rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0,
keygen_add_std_prefs, sk );
keygen_add_std_prefs, pk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
return rc;
@ -176,7 +177,7 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk )
/* and make the signature */
rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0,
keygen_add_key_expire, sk );
keygen_add_key_expire, subpk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
return rc;
@ -192,7 +193,7 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk )
static int
gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
STRING2KEY *s2k, PKT_secret_key **ret_sk, u32 expiredate,
STRING2KEY *s2k, PKT_secret_key **ret_sk, u32 expireval,
int version )
{
int rc;
@ -214,9 +215,9 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
pk = m_alloc_clear( sizeof *pk );
sk->timestamp = pk->timestamp = make_timestamp();
sk->version = pk->version = version;
if( expiredate && expiredate < sk->timestamp )
expiredate = sk->timestamp; /* key generatio may take long */
sk->expiredate = pk->expiredate = expiredate;
if( expireval ) {
sk->expiredate = pk->expiredate = sk->timestamp + expireval;
}
sk->pubkey_algo = pk->pubkey_algo = algo;
pk->pkey[0] = mpi_copy( skey[0] );
pk->pkey[1] = mpi_copy( skey[1] );
@ -268,7 +269,7 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
*/
static int
gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
STRING2KEY *s2k, PKT_secret_key **ret_sk, u32 expiredate )
STRING2KEY *s2k, PKT_secret_key **ret_sk, u32 expireval )
{
int rc;
int i;
@ -291,9 +292,9 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
pk = m_alloc_clear( sizeof *pk );
sk->timestamp = pk->timestamp = make_timestamp();
sk->version = pk->version = 4;
if( expiredate && expiredate < pk->timestamp )
expiredate = pk->timestamp; /* key generation may take long */
sk->expiredate = pk->expiredate = expiredate;
if( expireval ) {
sk->expiredate = pk->expiredate = sk->timestamp + expireval;
}
sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA;
pk->pkey[0] = mpi_copy( skey[0] );
pk->pkey[1] = mpi_copy( skey[1] );
@ -481,12 +482,12 @@ ask_keysize( int algo )
}
u32
ask_expiredate()
static u32
ask_expire_interval()
{
char *answer;
int valid_days=0;
u32 expiredate = 0;
u32 interval = 0;
tty_printf(_("Please specify how long the key should be valid.\n"
" 0 = key does not expire\n"
@ -494,7 +495,7 @@ ask_expiredate()
" <n>w = key expires in n weeks\n"
" <n>m = key expires in n months\n"
" <n>y = key expires in n years\n"));
/* Note: The elgamal subkey for DSA has no exiration date because
/* Note: The elgamal subkey for DSA has no expiration date because
* it must be signed with the DSA key and this one has the expiration
* date */
@ -520,12 +521,13 @@ ask_expiredate()
if( !valid_days ) {
tty_printf(_("Key does not expire at all\n"));
expiredate = 0;
interval = 0;
}
else {
expiredate = make_timestamp() + valid_days * 86400L;
interval = valid_days * 86400L;
/* print the date when the key expires */
tty_printf(_("Key expires at %s\n"), asctimestamp(expiredate) );
tty_printf(_("Key expires at %s\n"),
asctimestamp(make_timestamp() + interval ) );
}
if( !cpr_enabled()
@ -534,9 +536,15 @@ ask_expiredate()
break;
}
m_free(answer);
return expiredate;
return interval;
}
u32
ask_expiredate()
{
u32 x = ask_expire_interval();
return x? make_timestamp() + x : 0;
}
static int
has_invalid_email_chars( const char *s )
@ -804,7 +812,7 @@ generate_keypair()
STRING2KEY *s2k;
int rc;
int algo;
u32 expiredate;
u32 expire;
int v4;
int both = 0;
@ -820,7 +828,7 @@ generate_keypair()
tty_printf(_("DSA keypair will have 1024 bits.\n"));
}
nbits = ask_keysize( algo );
expiredate = ask_expiredate();
expire = ask_expire_interval();
uid = ask_user_id(0);
if( !uid ) {
log_error(_("Key generation cancelled.\n"));
@ -847,10 +855,10 @@ generate_keypair()
if( both )
rc = do_create( PUBKEY_ALGO_DSA, 1024, pub_root, sec_root,
dek, s2k, &sk, expiredate, 1);
dek, s2k, &sk, expire, 1);
else
rc = do_create( algo, nbits, pub_root, sec_root,
dek, s2k, &sk, expiredate, v4);
dek, s2k, &sk, expire, v4);
if( !rc )
write_uid(pub_root, uid );
if( !rc )
@ -862,7 +870,7 @@ generate_keypair()
if( both ) {
rc = do_create( algo, nbits, pub_root, sec_root,
dek, s2k, NULL, expiredate, 1 );
dek, s2k, NULL, expire, 1 );
if( !rc )
rc = write_keybinding(pub_root, pub_root, sk);
if( !rc )
@ -951,7 +959,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
KBNODE node;
PKT_secret_key *sk = NULL; /* this is the primary sk */
int v4, algo;
u32 expiredate;
u32 expire;
unsigned nbits;
char *passphrase = NULL;
DEK *dek = NULL;
@ -988,7 +996,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
algo = ask_algo( &v4, 1 );
assert(algo);
nbits = ask_keysize( algo );
expiredate = ask_expiredate();
expire = ask_expire_interval();
if( !cpr_enabled() && !cpr_get_answer_is_yes(N_("keygen.sub.okay"),
_("Really create? ") ) )
goto leave;
@ -1002,7 +1010,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
}
rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,
dek, s2k, NULL, expiredate, v4 );
dek, s2k, NULL, expire, v4 );
if( !rc )
rc = write_keybinding(pub_keyblock, pub_keyblock, sk);
if( !rc )

2
g10/keyid.c
View File

@ -310,7 +310,7 @@ expirestr_from_pk( PKT_public_key *pk )
if( !pk->expiredate )
return "never ";
atime = pk->expiredate;
atime = pk->expiredate;
tp = gmtime( &atime );
sprintf(buffer,"%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
return buffer;

2
g10/main.h
View File

@ -77,7 +77,7 @@ int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
int delete_key( const char *username, int secure );
/*-- keyedit.c --*/
void keyedit_menu( const char *username, STRLIST locusr );
void keyedit_menu( const char *username, STRLIST locusr, STRLIST cmds );
/*-- keygen.c --*/
u32 ask_expiredate(void);

8
g10/mainproc.c
View File

@ -278,13 +278,7 @@ proc_plaintext( CTX c, PACKET *pkt )
md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
}
#if 0
if( c->mfx.md ) {
m_check(c->mfx.md);
if( c->mfx.md->list )
m_check( c->mfx.md->list );
}
#endif
rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
if( rc == G10ERR_CREATE_FILE && !c->sigs_only) {
/* can't write output but we hash it anyway to

1
g10/options.h
View File

@ -64,6 +64,7 @@ struct {
int s2k_mode;
int s2k_digest_algo;
int s2k_cipher_algo;
int not_dash_escaped;
} opt;

8
g10/parse-packet.c
View File

@ -288,7 +288,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
}
if( do_skip || !pkttype || (reqtype && pkttype != reqtype) ) {
skip_packet(inp, pkttype, pktlen);
skip_rest(inp, pktlen);
*skip = 1;
rc = 0;
goto leave;
@ -636,7 +636,8 @@ dump_sig_subpkt( int hashed, int type, int critical,
break;
case SIGSUBPKT_SIG_EXPIRE:
if( length >= 4 )
printf("sig expires %s", strtimestamp( buffer_to_u32(buffer) ) );
printf("sig expires after %s",
strtimevalue( buffer_to_u32(buffer) ) );
break;
case SIGSUBPKT_EXPORTABLE:
if( length )
@ -653,7 +654,8 @@ dump_sig_subpkt( int hashed, int type, int critical,
break;
case SIGSUBPKT_KEY_EXPIRE:
if( length >= 4 )
printf("key expires %s", strtimestamp( buffer_to_u32(buffer) ) );
printf("key expires after %s",
strtimevalue( buffer_to_u32(buffer) ) );
break;
case SIGSUBPKT_ARR:
p = "additional recipient request";

19
g10/pubring.asc
View File

@ -1,18 +1,19 @@
pub 1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>
Key fingerprint = 6BD9 050F D8FC 941B 4341 2DCC 68B7 AB89 5754 8DCD
pub 1024D/621CC013 1998-07-07 Werner Koch <werner.koch@guug.de>
Key fingerprint = ECAF 7590 EB34 43B5 C7CF 3ACB 6C7E E1B8 621C C013
sub 1536G/B5A18FF4 1998-07-07
pub 768R/0C9857A5 1995-09-30 Werner Koch <werner.koch@guug.de>
Key fingerprint = 62 9E 97 C0 D5 55 76 3B 90 5A FA E9 81 1C 64 09
uid Werner Koch (mein alter key) <wk@computer.org>
pub 768g/E1D81275 1998-02-09 werner <dd9jn@amsat.org>
Key fingerprint = 86E2 6681 6C0B 6DD5 4C06 BA6C E113 9763 E1D8 1275
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GNUPG v0.4.3b (GNU/Linux)
Version: GnuPG v0.4.3c (GNU/Linux)
Comment: For info finger gcrypt@ftp.guug.de
mQGiBDWiHh4RBAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUnTwpMIR2kIA9pT4
@ -24,9 +25,9 @@ TR641BceGHNdYiR/PiDBJsGQ3ac7n7pwhV4qex3IViRDJWz5Dzr88x+Oju63KtxY
urUIBACi7d1rUlHr4ok7iBRlWHYXU2hpUIQ8C+UOE1XXT+HB7mZLSRONQnWMyXnq
bAAW+EUUX2xpb54CevAg4eOilt0es8GZMmU6c0wdUsnMWWqOKHBFFlDIvyI27aZ9
quf0yvby63kFCanQKc0QnqGXQKzuXbFqBYW2UQrYgjXji8rd8bQnV2VybmVyIEtv
Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iF0EExECAB0FAjYp/BsFCTns
YxYDCwQDBRUDAgYBAxYCAQIXgAAKCRBot6uJV1SNzUUWAJ452cFtgpR+KSYpF7xI
uTv/g2jE/QCfbggYOCUK9h4d6JNOuuI2ptbeUl6JAV8DBRA1oh5DA28RuP8+qgsQ
Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iF0EExECAB0FAjZVoKYFCQht
DIgDCwQDBRUDAgYBAxYCAQIXgAAKCRBot6uJV1SNzS4+AKCHdeYHMmKQV9mC7REE
5Vz6d5rRBgCfVMcyRP7dxBwhytmwCDpAcCFvCLSJAV8DBRA1oh5DA28RuP8+qgsQ
A2MyBR0eiPUovYMz0DUXBbNs5606eaVeTJOn9WqkYGcS9xOKlGd8Xj0IcAKN30st
5AsC5hRqr82rrUjB5/CuVdbvk+Qkh6ixWCqo+RRrbgf8cKCg1x+lDj9PpeSD/B9U
U45ntxYamoXnPszxtzU+e73Nkbtrej5rgMK8tgTLkhTAbO8M15Mgtw2yOeDFfiCj
@ -45,8 +46,8 @@ eUQrRDD9MTQ+XxcvEN0IpAj4kBJe9bR6HzAD/iecCmGwSlHUZZrgqWzv78o79XxD
dcuLdl4i2fL7kwEOf9jsDe7hGs27yrdJEmAG9QF9TOF9LJFmE1CqkgW+EpKxsY01
Wjm0BFJB1R7iPUaUtFRZxYqfgXarmPjql2iBi+cVjLzGu+4BSojVAPgP/hhcnIow
f4M4edPiICMP1GVjtCFXZXJuZXIgS29jaCA8d2VybmVyLmtvY2hAZ3V1Zy5kZT6I
XQQTEQIAHQUCNin7pQUJO82WDAMLBAMFFQMCBgEDFgIBAheAAAoJEGx+4bhiHMAT
k1QAn1vonMj+ydyZK020qCf40h6Ig2MTAJ9LehZbevQB1mZJud2MnXqiNxs65IkA
XQQTEQIAHQUCNlWgGQUJCDhNJgMLBAMFFQMCBgEDFgIBAheAAAoJEGx+4bhiHMAT
vRgAoJc50QYEJmqS7No1oKy1s1g2XuY3AJ9QekKaTlaTdxcrNRMb7tGFiLc//YkA
dQMFEDWjdxQdGfTBDJhXpQEBPfMC/0cxo+4xYVAplFO0nIYyjQgP7D8O0ufzPsIw
F3kvb7b5FNNjfp+DAhN6G0HOIgkL3GsWtCfH5UHali+mtNFIKDpTtr+F/lPpZP3O
PzzsLZS4hYTqmMs1O/ACq8axKgAilYkBXwMFEDWiJw4DbxG4/z6qCxADB9wFH0i6
@ -184,6 +185,6 @@ o/ZDQfya+BlmbUbjNaEp0qr2BR4ypoz5jQSiQPUFN3I0RLRzR6bS+a1pUVucNMXQ
uu5GsvJpQW47DznFDDteZcpf+QaiKKcMfpUtbWOIIlWhMAtIAodBJxCqrgGWbVGE
kGtcrK7IW8NUDfpe/+KLcFzvx2XPo8+RHWrTlgf1RhEXdNx2up7gbuiHf+CD8kAB
zkINfmdYizmD1/JE8+DO8gCMopcY2hYmStG4E2lUCq79qCCBeORg5A==
=ahHm
=7eJ9
-----END PGP PUBLIC KEY BLOCK-----

25
g10/sign.c
View File

@ -458,6 +458,22 @@ write_dash_escaped( IOBUF inp, IOBUF out, MD_HANDLE md )
int lastlf = 1;
int state = 0;
if( opt.not_dash_escaped ) {
lastlf = 0;
while( (c = iobuf_get(inp)) != -1 ) {
md_putc(md, c );
iobuf_put( out, c );
lastlf = c;
}
if( lastlf != '\n' ) {
/* add a missing trailing LF */
md_putc(md, '\n' );
iobuf_put( out, '\n' );
}
return 0;
}
while( (c = iobuf_get(inp)) != -1 ) {
/* Note: We don't escape "From " because the MUA should cope with it */
if( lastlf ) {
@ -579,7 +595,11 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
}
}
assert(any);
iobuf_writestr(out, "\n\n" );
iobuf_writestr(out, "\n" );
if( opt.not_dash_escaped )
iobuf_writestr( out,
"NotDashEscaped: You need GnuPG to verify this message\n" );
iobuf_writestr(out, "\n" );
}
@ -588,7 +608,8 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
PKT_secret_key *sk = sk_rover->sk;
md_enable(textmd, hash_for(sk->pubkey_algo));
}
iobuf_push_filter( inp, text_filter, &tfx );
if( !opt.not_dash_escaped )
iobuf_push_filter( inp, text_filter, &tfx );
rc = write_dash_escaped( inp, out, textmd );
if( rc )
goto leave;

1
include/util.h
View File

@ -137,6 +137,7 @@ const char *print_fname_stdout( const char *s );
/*-- miscutil.c --*/
u32 make_timestamp(void);
u32 add_days_to_timestamp( u32 stamp, u16 days );
const char *strtimevalue( u32 stamp );
const char *strtimestamp( u32 stamp ); /* GMT */
const char *asctimestamp( u32 stamp ); /* localized */
void print_string( FILE *fp, byte *p, size_t n, int delim );

5
po/ChangeLog
View File

@ -1,3 +1,8 @@
Fri Nov 20 11:46:22 1998 Werner Koch (wk@isil.d.shuttle.de)
* de.po: Imported new version
* de.glo: Glossary used for de.po.
Sat Nov 14 10:16:59 1998 Werner Koch (wk@isil.d.shuttle.de)
* es_ES.po: New translation by Urko Lusa.

2
po/Makefile.in.in
View File

@ -44,7 +44,7 @@ INCLUDES = -I.. -I$(top_srcdir)/intl
COMPILE = $(CC) -c $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(XCFLAGS)
SOURCES = cat-id-tbl.c
SOURCES = cat-id-tbl.c de.glo
POFILES = @POFILES@
GMOFILES = @GMOFILES@
DISTFILES = ChangeLog Makefile.in.in POTFILES.in $(PACKAGE).pot \

51
po/de.glo Normal file
View File

@ -0,0 +1,51 @@
algorithm Verfahren
anonymous ungenannter
armor ASCII-Hülle
bug Wanze (Programmfehler)
certificate Zertifikat
checksum Prüfsumme
cipher algorithm Verschlüsselungsverfahren
compress algorithm Komprimierverfahren
corrupted beschädigter
digest algorithm Hashmethode
expire date Verfallsdatum
generated erzeugter
Good certificate Korrektes Zertifikat
hint Tip
key-ID Schlüssel-ID
keyring Schlüsselring -> Schlüsselbund
malformed Ungünstig aufgebaute
message Botschaft
note Hinweis
ownertrust \"Owner trust\"
packet Paket
packet type Pakettyp
passphrase \"Passphrase\"
preferences bevorzugt
primary keys Hauptschlüssel
protection algorithm Schutzmethode
pubkey algorithm Public-Key Verfahren (*1)
public key öffentlicher Schüssel
........ Authentisierung
retry ????
revo... Widerruf
secondary key Zweitschlüssel
secret key geheimer Schlüssel
self-signature Eigensignatur
sender Absender
sign user id User-ID beglaubigen
throw verwerfe
Timestamp conflict Zeitangaben differieren
Trust-DB 'Trust'-Datenbank
trying Versuch
update
user ID User-ID
user IDs User-IDs
weak key unsicherer Schlüssel
(*1) Uneinheitlich verwendet
--
Walter Koch Hochdahl am Neandertal
walterk@mail.dip.de ham:dg9ep@db0iz
http://home.pages.de/~dg9ep/ qrv:db0iz-9

1939
po/de.po
View File

File diff suppressed because it is too large Load Diff

1447
po/en.po
View File

File diff suppressed because it is too large Load Diff

1864
po/es_ES.po
View File

File diff suppressed because it is too large Load Diff

1419
po/fr.po
View File

File diff suppressed because it is too large Load Diff

1408
po/it.po
View File

File diff suppressed because it is too large Load Diff

1405
po/ru.po
View File

File diff suppressed because it is too large Load Diff

4
scripts/ChangeLog
View File

@ -1,3 +1,7 @@
Fri Nov 20 12:01:57 1998 Werner Koch (wk@isil.d.shuttle.de)
* mkdiff: signs the pacth file
Sat Oct 17 16:10:16 1998 Werner Koch (wk@isil.d.shuttle.de)
* autogen.sh: New.

13
scripts/mkdiff
View File

@ -33,6 +33,10 @@ cat <<EOF > $diff_name
This is a patch file against $prev_ver.
Please check the signature of this patch file:
zcat somepath/gnupg-$curr_ver.diff.gz | gpg --verify
Change to directory gnupg-$prev_ver (or however you renamed it)
and give this command:
@ -52,8 +56,9 @@ sed -e '/^diff.*VERSION/,/^+[0-9][0-9]*/ d' $tmp_name >> $diff_name
rm $tmp_name
echo "Compressing patch file"
gzip -9 $diff_name
echo "Signing and compressing patch file"
../gnupg/g10/gpg --clearsign --not-dash-escaped -u "(gnupg sig)" \
< $diff_name | gzip --best > $diff_name.gz
echo "Checking patch file"
cd gnupg-$prev_ver
@ -66,6 +71,10 @@ if ! diff -urN "gnupg-$prev_ver/" "gnupg-$curr_ver/" >/dev/null ; then
exit 1
fi
if ! zcat $diff_name.gz | ../gnupg/g10/gpg --batch --verify ; then
exit 1
fi
echo "cleaning up"

4
util/ChangeLog
View File

@ -1,3 +1,7 @@
Thu Nov 19 07:09:55 1998 Werner Koch <werner.koch@guug.de>
* miscutil.c (strtimevalue): New.
Tue Nov 10 10:01:53 1998 Werner Koch (wk@isil.d.shuttle.de)
* strgutil.c (set_native_charset): New.

29
util/miscutil.c
View File

@ -39,6 +39,35 @@ add_days_to_timestamp( u32 stamp, u16 days )
return stamp + days*86400L;
}
/****************
* Return a string with a time value in the form: x Y, n D, n H
*/
const char *
strtimevalue( u32 value )
{
static char buffer[30];
unsigned int years, days, hours, minutes;
value /= 60;
minutes = value % 60;
value /= 60;
hours = value % 24;
value /= 24;
days = value % 365;
value /= 365;
years = value;
sprintf(buffer,"%uy%ud%uh%um", years, days, hours, minutes );
if( years )
return buffer;
if( days )
return strchr( buffer, 'y' ) + 1;
return strchr( buffer, 'd' ) + 1;
}
/****************
* Note: this function returns GMT
*/