diff --git a/AUTHORS b/AUTHORS index 94f47991f..6d1dfb14c 100644 --- a/AUTHORS +++ b/AUTHORS @@ -36,6 +36,7 @@ md@linux.it TRANSLATIONS Gael Queri 1998-09-08 Disclaimer. [fr] gqueri@mail.dotcom.fr +Fixed a lot of typos. TRANSLATIONS Walter Koch 1998-09-08 diff --git a/ChangeLog b/ChangeLog index 45630accd..715f16071 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +Tue Jan 12 11:17:18 CET 1999 Werner Koch + + * config.links (m68k-atari-mint): New + +Tue Jan 12 09:17:19 CET 1999 Gaël Quéri + + * all: Fixed typos all over the place + Sat Jan 9 16:02:23 CET 1999 Werner Koch * configure.in: Add a way to statically link rndunix @@ -24,7 +32,8 @@ Thu Dec 10 20:15:36 CET 1998 Werner Koch Tue Dec 8 15:09:29 CET 1998 Werner Koch - * VERSION: Set to 0.4.5 + * VERSION: Set to 0.4.5 + Wed Nov 25 12:38:29 1998 Werner Koch (wk@isil.d.shuttle.de) * configure.in (USE_RNDLINUX): New. diff --git a/INSTALL b/INSTALL index ac59f6115..769bfb339 100644 --- a/INSTALL +++ b/INSTALL @@ -79,9 +79,9 @@ should put this in your ~/.gnupg/options file: load-extension rndunix ===>8==================== This collector works by running a lot of tools which yields more or -less unpredictable output and fedds this as entropy into the random +less unpredictable output and feds this as entropy into the random generator - It should work reliable but you should check whether -it produces good output for your kinf of Unix. There are some debug +it produces good output for your kind of Unix. There are some debug options to help you (see cipher/rndunix.c). diff --git a/NEWS b/NEWS index 36bffa6de..b9635c92b 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ + + * add some additional time warp checks. + + Noteworthy changes in version 0.9.1 ----------------------------------- @@ -24,7 +28,7 @@ Noteworthy changes in version 0.9.0 ----------------------------------- * --export does now only exports rfc2440 compatible keys; the - old behavious is available with --export-all. + old behaviour is available with --export-all. Generation of v3 ElGamal (sign and encrypt) keys is not longer supported. @@ -87,7 +91,7 @@ Noteworthy changes in version 0.4.4 you are put into normal mode unless you use "quit" or "save" as one of the commands. When in batch mode, the program quits after the last command, so you have to use "save" if you did some changes. - It does not yet work completey, but may be used to list so the + It does not yet work completely, but may be used to list so the keys etc. @@ -111,7 +115,7 @@ Noteworthy changes in version 0.4.3 the contrib directory of the FTP servers) * commandline option processing now works as expected for GNU programs - with the execption that you can't mix options and normal arguments. + with the exception that you can't mix options and normal arguments. * Now --list-key lists all matching keys. This is needed in some other places too. @@ -138,7 +142,7 @@ Noteworthy changes in version 0.4.2 prime product. * --import now only looks for KEYBLOCK headers, so you can now simply - remove the "- " in front of such a header if someone accdently signed + remove the "- " in front of such a header if someone accidently signed such a message or the keyblock is part of a cleartext signed message. * --with-colons now lists the key expiration time and not anymore @@ -206,7 +210,7 @@ Noteworthy changes in version 0.3.5 * Fixed a bug with 5 byte length headers. - * --delete-[secret-]key is now also availabe in gpgm. + * --delete-[secret-]key is now also available in gpgm. * cleartext signatures are not anymore converted to LF only. @@ -230,21 +234,21 @@ Noteworthy changes in version 0.3.3 ----------------------------------- * IMPORTANT: I found yet another bug in the way the secret keys are encrypted - I did it the way pgp 2.x did it, but OpenPGP - and pgp 5.x specifiy another (in some aspects simpler) method. + and pgp 5.x specify another (in some aspects simpler) method. To convert your secret keys you have to do this: 1. Build the new release but don't install it and keep a copy of the old program. 2. Disable the network, make sure that you are the only - user, be sure that there are no trojan horses etc .... + user, be sure that there are no Trojan horses etc .... 3. Use your old gpg (version 0.3.[12]) and set the passphrases of ALL your secret keys to empty! (gpg --change-passphrase your-user-id). 4. Save your ownertrusts (see the next point) - 5. rm ~/.gnupg/trustd.gpg + 5. rm ~/.gnupg/trustdb.gpg 6. install the new version of gpg (0.3.3) 7. For every secret key call "gpg --edit-key your-user-id", enter "passwd" at the prompt, follow the instructions and - change your passward back, enter "save" to store it. + change your password back, enter "save" to store it. 8. Restore the ownertrust (see next point). * The format of the trust database has changed; you must delete @@ -257,7 +261,7 @@ Noteworthy changes in version 0.3.3 release and it does now only export defined ownertrusts. * The command --edit-key now provides a commandline driven menu - which can be used vor vaious tasks. --sign-key is only an + which can be used for various tasks. --sign-key is only an an alias to --edit-key and maybe removed in future: use the command "sign" of this new menu - you can select which user ids you want to sign. @@ -267,7 +271,7 @@ Noteworthy changes in version 0.3.3 * Owner trust values can now be changed with --edit-key (trust) * GNUPG can now run as a coprocess; this enables sophisticated - frontends. tools/shmtest.c is a simple sample implemenation. + frontends. tools/shmtest.c is a simple sample implementation. This needs some more work: all tty_xxx() are to be replaced by cpr_xxx() and some changes in the display logics is needed. @@ -306,7 +310,7 @@ Noteworthy changes in version 0.3.2 * Now displays the trust status of a positive verified message. * Keyrings are now scanned in the sequence they are added with - --[secret-]keyring. Note that the default keyring is implictly + --[secret-]keyring. Note that the default keyring is implicitly added as the very first one unless --no-default-keyring is used. * Fixed setuid and dlopen bug. @@ -346,7 +350,7 @@ Noteworthy changes in version 0.3.0 * A complete new structure for representing the key parameters. - * Removed most public key knowledge into the cipher libray. + * Removed most public key knowledge into the cipher library. * Support for dynamic loading of new algorithms. @@ -420,7 +424,7 @@ Noteworthy changes in version 0.2.17 Noteworthy changes in version 0.2.16 ------------------------------------ - * Add experimental support for the TIGER/192 message diigest algorithm. + * Add experimental support for the TIGER/192 message digest algorithm. (But there is only a dummy ASN OID). * Standard cipher is now Blowfish with 128 bit key in OpenPGP's CFB @@ -451,7 +455,7 @@ Noteworthy changes in version 0.2.14 * Changed the internal handling of keyrings. - * Add support to list PGP 5 keyrings with supkeys + * Add support to list PGP 5 keyrings with subkeys * Timestamps of signatures are now verified. @@ -494,7 +498,7 @@ Noteworthy changes in version 0.2.11 * "--delete-key" works for public keys. What semantics shall I use when there is a secret key too? Delete the secret key or leave him - and auto-regenerate the public key, netxt time the secret key is used? + and auto-regenerate the public key, next time the secret key is used? Noteworthy changes in version 0.2.10 ------------------------------------ @@ -507,7 +511,7 @@ Noteworthy changes in version 0.2.10 * Changed some configure options and add an option --disable-m-guard to remove the memory checking code - and to compile everthing with optimization on. + and to compile everything with optimization on. * New environment variable GNUPGHOME, which can be used to set another homedir than ~/.gnupg. Changed default homedir for @@ -584,7 +588,7 @@ Noteworthy changes in version 0.2.4 * backup copies of keyrings are created. - * assembler stuff for Pentium; gives about 15% better perfomance. + * assembler stuff for Pentium; gives about 15% better performance. * fixed a lot of bugs. @@ -610,7 +614,7 @@ Noteworthy changes in version 0.2.3 * added option "--status-fd": see g10/OPTIONS - * We have secure memeory on systems which support mlock(). + * We have secure memory on systems which support mlock(). It is not complete yet, because we do not have signal handler which does a cleanup in very case. We should also check the ulimit for the user in the case diff --git a/PROJECTS b/PROJECTS index c5eb71ffb..c5c445893 100644 --- a/PROJECTS +++ b/PROJECTS @@ -4,7 +4,7 @@ (userid, or any other unique identification) on command line. --> NO: Use a script and --status-fd - * Change the internal represention of keyid into a struct which + * Change the internal representation of keyid into a struct which can also hold the localid and extend the localid to hold information of the subkey number because two subkeys may have the same keyid. @@ -20,7 +20,7 @@ * Add a way to override the current cipher/md implementations by others (using extensions) - * Not GnuPG replated: What about option completion in bash? + * Not GnuPG related: What about option completion in bash? Can "--dump-options" be used for this or should we place the options in a special ELF segment? @@ -34,9 +34,9 @@ * rewrite --list-packets or put it into another tool. - * We need a maintainence pass over the trustdb which flags + * We need a maintenance pass over the trustdb which flags signatures as expired if the key used to make the signature has - expired. Maybe it is a good idea to store the exiration time + expired. Maybe it is a good idea to store the expiration time in the key record of the trustdb. * write a tool to extract selected keys from a file. diff --git a/README b/README index 0e32ff251..2ca563391 100644 --- a/README +++ b/README @@ -34,7 +34,7 @@ the word "subscribe" in the body to "g10-request@net.lut.ac.uk". This mailing list is a closed one (only subscribers are allowed to post) to avoid misuse by folks who don't know the Netiquette - and trash you mailspool with commercial junk. + and trash your mailspool with commercial junk. See the file COPYING for copyright and warranty information. @@ -301,7 +301,7 @@ user ID is the one with an email address you prefer - because you have no signatures on this email address it is easy to change this address. Remember: Your signators sign your public key (the - primary one) together with one od your user IDs - so it is not possible + primary one) together with one of your user IDs - so it is not possible to change the user ID later without voiding all the signatures. Tip: If you hear about a key signing party on a computer conference @@ -412,7 +412,7 @@ The primary FTP site is "ftp://ftp.gnupg.org/pub/gcrypt/" The primary WWW page is "http://www.gnupg.org" - See http://www.gnugp.org/mirrors.html for a list of FTP mirrors + See http://www.gnupg.org/mirrors.html for a list of FTP mirrors and use them if possible. Please direct bug reports to or better @@ -420,7 +420,7 @@ closed list - subscribe before posting, see above (~line 33)). Please direct questions about GnuPG to the mailing list or one of the pgp newsgroups; this gives me more time to improve - GnuPG. Commercial support for GnuPG will be availabe soon. + GnuPG. Commercial support for GnuPG will be available soon. Have fun and remember: Echelon is looking at you kid. diff --git a/THOUGHTS b/THOUGHTS index 99766ce0f..38f67cba3 100644 --- a/THOUGHTS +++ b/THOUGHTS @@ -14,6 +14,16 @@ * What shall we do if we have a valid subkey revocation certificate but no subkey binding? Is this a valid but revoked key? + * use a mmaped file for secure memory if mlock does not work and + make sure that this file is always wiped out. Is this really + more secure than swapping out to the swap disk? I don't + believe so because if an attacker has access to the physical + box (and he needs this to look at the swap area) he can also + leave a trojan horse which is far more easier than to analyze + memory dumps. Question: Is it possible that a Unix pages + an old (left over by some other process) swap page in for + another process - this should be considered a serious design + flow/bug. Date: Mon, 4 Jan 1999 19:34:29 -0800 (PST) From: Matthew Skala @@ -172,7 +182,7 @@ o Keep a blacklist of known bad signatures to minimize o Should be fast - I currently designing a new storage system called keybox which takes advantage of the fact - that the keyID is higly random and can be directly be + that the keyID is highly random and can be directly be used as a hash value and this keyID is (for v4 keys) part of the fingerprint: So it is possible to use the fingerprint as key but do an lookup by the keyID. @@ -186,7 +196,7 @@ o Use the HKS protocol and enhance it in a way that binary keyrings can be transmitted. (I already wrote some http server and client code which can be used for this) -o Keep a checkcsum (hash) of the entire keyblock so that a +o Keep a checksum (hash) of the entire keyblock so that a client can easy check whether this keyblock has changed. (keyblock = the entire key with all certificates etc.) diff --git a/TODO b/TODO index 38e2ce719..a5df76e16 100644 --- a/TODO +++ b/TODO @@ -6,6 +6,8 @@ Bugs if the clearsign has been created by pgp263ia. Needs more investigation - anyone? + * clearsign bug Greg Troxel Jan 11. + Important ---------- * Check revocation and expire stuff. PLEASE: THIS MUST BE TESTED! @@ -13,28 +15,25 @@ Important * Check calculation of key validity. PLEASE: IT IS IMPORTED THAT THIS GET TESTED. - * It has been reported that lockfiles are not removed in all cases. - cleanup is done with atexit() and all signals trigger exit() - - anything wrong with this? - ah yes: a signal while still in - dotlock_make - * See why we always get this "Hmmm public key lost" * print a warning when a revoked/expired secret key is used. - * Allow the use of a the faked RNG only for keys which are - flagged as INSECURE. - > 0.9.1: I get some occasional segfaults during 'make check' unless I use > --with-included-zlib. It's strange, I have zlib-1.1.2 on one machine, and > zlib-1.1.3 on another, and both of them fail on occasion (maybe half of the +> gpg: /home/jam/.gnupg/pubring.gpg: can't open gdbm file: Can't be writer +> gpg: keyblock resource `/home/jam/.gnupg/pubring.gpg': file open error +> gpg: OOPS in close enum_keyblocks - ignored + + Needed ------ * remove more "Fixmes" - * Replace Blowfish by Twofish and add the new encrypted packet typ + * Replace Blowfish by Twofish and add the new encrypted packet type which has a MACing option (append SHA1 hash to the plaintext and encrypt this all) - We need an identifier for Twofish to put this one into the cipher preferences. @@ -48,6 +47,12 @@ Needed Minor Bugs ---------- + * There is a race condition which leaves lock files after process + termination (a signal while in make_dotlock). Change the dotlock + implementaion to a create handle, make and release implemenation + and use an atexit to cleanup all pending locks. This is also + faster. + Nice to have ------------ * preferences of hash algorithms are not yet used. @@ -59,5 +64,6 @@ Nice to have * Burn the buffers used by fopen(), or use read(2). Does this really make sense? * change the fake_data stuff to mpi_set_opaque - + * How about letting something like 'gpg --version -v', list the + effective options. Yep. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index ad7d6f83b..a17ed34b4 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,10 @@ +Tue Jan 12 11:17:18 CET 1999 Werner Koch + + * random.c (random_is_faked): New. + + * tiger.c: Only compile if we have the u64 type + + Sat Jan 9 16:02:23 CET 1999 Werner Koch * rndunix.c (gather_random): check for setuid. diff --git a/cipher/random.c b/cipher/random.c index 50e14aadc..b0bc832e6 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -162,6 +162,13 @@ randomize_buffer( byte *buffer, size_t length, int level ) } +int +random_is_faked() +{ + if( !is_initialized ) + initialize(); + return faked_rng || quick_test; +} /**************** * Return a pointer to a randomized buffer of level 0 and LENGTH bits diff --git a/cipher/random.h b/cipher/random.h index ca9ee3ab7..4b1d56d57 100644 --- a/cipher/random.h +++ b/cipher/random.h @@ -25,6 +25,7 @@ /*-- random.c --*/ void secure_random_alloc(void); int quick_random_gen( int onoff ); +int random_is_faked(void); void randomize_buffer( byte *buffer, size_t length, int level ); byte *get_random_bits( size_t nbits, int level, int secure ); void fast_random_poll( void ); diff --git a/cipher/tiger.c b/cipher/tiger.c index 51c6450c8..20d17cae0 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -27,6 +27,11 @@ #include "memory.h" +#ifdef HAVE_U64_TYPEDEF + +/* we really need it here, but as this is only experiment we + * can live without Tiger */ + typedef struct { u64 a, b, c; byte buf[64]; @@ -964,4 +969,5 @@ gnupgext_enum_func( int what, int *sequence, int *class, int *vers ) return ret; } +#endif /* HAVE_U64_TYPEDEF */ diff --git a/doc/DETAILS b/doc/DETAILS index 346e809af..5e765728d 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -45,7 +45,7 @@ Format of the "--status-fd" output Every line is prefixed with "[GNUPG:] ", followed by a keyword with the type of the status line and a some arguments depending on the type (maybe none); an application should always be prepared to see -more argumnents in future versions. +more arguments in future versions. GOODSIG @@ -57,12 +57,12 @@ more argumnents in future versions. ERRSIG It was not possible to check the signature. This may be caused by a missing public key or an unsupported algorithm. - No argumens yet. + No argument yet. VALIDSIG The signature with the keyid is good. This is the same as GOODSIG but has the fingerprint as the argument. Both - status lines ere emmited for a good signature. + status lines ere emitted for a good signature. TRUST_UNDEFINED TRUST_NEVER @@ -70,7 +70,7 @@ more argumnents in future versions. TRUST_FULLY TRUST_ULTIMATE For good signatures one of these status lines are emitted - to indicate how trustworthy the signatur is. No arguments yet. + to indicate how trustworthy the signature is. No arguments yet. SIGEXPIRED The signature key has expired. No arguments yet. @@ -158,7 +158,7 @@ Record type 1: 1 u32 first free record 1 u32 record number of shadow directory hash table It does not make sense to combine this table with the key table - becuase the keyid is not in every case a part of the fingerprint. + because the keyid is not in every case a part of the fingerprint. 4 bytes reserved for version extension record @@ -283,7 +283,7 @@ Record type 9: (cache record) 20 bytes rmd160 hash value over the complete keyblock This is used to detect any changes of the keyblock with all CTBs and lengths headers. Calculation is easy if the keyblock - is optained from a keyserver: simply create the hash from all + is obtained from a keyserver: simply create the hash from all received data bytes. 1 byte number of untrusted signatures. @@ -323,14 +323,14 @@ Record Type 10 (hash table) n = (reclen-2)/4 which yields 9 for the current record length of 40 bytes. - the total number of surch record which makes up the table is: + the total number of such record which makes up the table is: m = (256+n-1) / n which is 29 for a record length of 40. To look up a key we use the first byte of the fingerprint to get the recnum from this hashtable and look up the addressed record: - If this record is another hashtable, we use 2nd byte - to index this hast table and so on. + to index this hash table and so on. - if this record is a hashlist, we walk all entries until we found one a matching one. - if this record is a key record, we compare the @@ -398,12 +398,12 @@ There is one enhancement used with the old style packet headers: + + It works like this: After the CTB (with a length field of 11) a + marker field is used, which gives the length of the following datablock. -+ This is a simple 2 byte field (MSB first) containig the amount of data ++ This is a simple 2 byte field (MSB first) containing the amount of data + following this field, not including this length field. After this datablock + another length field follows, which gives the size of the next datablock. + A value of 0 indicates the end of the packet. The maximum size of a + data block is limited to 65534, thereby reserving a value of 0xffff for -+ future extensions. These length markers must be insereted into the data ++ future extensions. These length markers must be inserted into the data + stream just before writing the data out. + + This 2 byte filed is large enough, because the application must buffer @@ -416,7 +416,7 @@ There is one enhancement used with the old style packet headers: Usage of gdbm files for keyrings ================================ - The key to store the keyblokc is it's fingerpint, other records + The key to store the keyblock is it's fingerprint, other records are used for secondary keys. fingerprints are always 20 bytes where 16 bit fingerprints are appded with zero. The first byte of the key gives some information on the type of the diff --git a/doc/FAQ b/doc/FAQ index c5202c028..b61bc5461 100644 --- a/doc/FAQ +++ b/doc/FAQ @@ -21,7 +21,7 @@ public key, and he would only be able to decrypt it by having the secret key and putting in the password to use his secret key. - GNUPG is also usefull for signing things. Things that are encrypted with + GNUPG is also useful for signing things. Things that are encrypted with the secret key can be decrypted with the public key. To sign something, a hash is taken of the data, and then the hash is in some form encoded with the secret @@ -38,23 +38,23 @@ You can 'conventionally' encrypt something by using the option 'gpg -c'. It is encrypted using a passphrase, and does not use public and secret keys. If the person you send the data to knows that passphrase, they can - decrypt it. This is usually most usefull for encrypting things to + decrypt it. This is usually most useful for encrypting things to yourself, although you can encrypt things to your own public key in the same way. It should be used for communication with partners you know and where it is easy to exchange the passphrases (e.g. with your boy friend or - your wife). The advantage is that you can chnage the passphrase from time - to time and decrease the risk, that many old messages may be decryptted by + your wife). The advantage is that you can change the passphrase from time + to time and decrease the risk, that many old messages may be decrypted by people who accidently got your passphrase. You can add and copy keys to and from your keyring with the 'gpg --import' and 'gpg --export' option. 'gpg --export-secret-keys' will export secret - keys. This is normally not usefull, but you can generate the key on one + keys. This is normally not useful, but you can generate the key on one machine then move it to another machine. Keys can be signed under the 'gpg --edit-key' option. When you sign a key, you are saying that you are certain that the key belongs to the person it says it comes from. You should be very sure that is really - taht person: You should verify the key fingerprint + that person: You should verify the key fingerprint gpg --fingerprint user-id @@ -69,7 +69,7 @@ Oh yeah, this is important. By default all data is encrypted in some weird binary format. If you want to have things appear in ascii text that is - readable, just add the '-a' option. But the preferred methos is to use + readable, just add the '-a' option. But the preferred method is to use a MIME aware mail reader (Mutt, Pine and many more). There is a small security glitch in the OpenPGP (and therefor GNUPG) system; @@ -80,7 +80,7 @@ Q: What is the recommended key size? A: 1024 bit for DSA signatures; even for plain ElGamal signatures this is sufficient as the size of the hash - is probably the weakest link if the keyssize is larger + is probably the weakest link if the keysize is larger than 1024 bits. Encryption keys may have greater sizes, but you should than check the fingerprint of this key. @@ -100,7 +100,7 @@ at least for decryption). To be better interoperable, GNUPG (starting with version 0.3.3) now also uses type 16 for the ElGamal subkey which is created if the default key algorithm - is choosen. You may add an type 16 ElGamal key to your public + is chosen. You may add an type 16 ElGamal key to your public key which is easy as your key signatures are still valid. Q: Why is PGP 5.x not able to verify my messages. @@ -109,14 +109,14 @@ data. Use the option "--force-v3-sigs" to generate V3 signatures for data. - Q: I can't delete a user id because it is already deleted on my + Q: I can't delete an user id because it is already deleted on my public keyring. A: Because you can only select from the public key ring, there is no direct way to do this. However it is not so complicated do to it anyway: Create a new user id with exactly the same name, you will notice that there are two identical user ids on the secret ring now. Now select this user id and delete it; both - user ids from the secret ring will be remoed. + user ids from the secret ring will be removed. Q: How can I encrypt a message in way pgp 2.x is able to decrypt it later? A: You can't do that because pgp 2.x normally uses IDEA which is not @@ -175,7 +175,7 @@ trustdb which holds a list of valid key signatures. If you are not running in batch mode you will be asked to assign a trust parameter (ownertrust) to a key. I have plans to use a cache for calculated - trust values to speed up calcualtion. + trust values to speed up calculation. You can see the validity (calculated trust value) using this command: @@ -202,19 +202,19 @@ the assigned value: - = No Ownertrust value yet assigned. - n = Never trust this keyholder to correctly verifiy others signatures. + n = Never trust this keyholder to correctly verify others signatures. m = Have marginal trust in the keyholders capability to sign other keys. f = Assume that the key holder really knows how to sign keys. u = No need to trust ourself because we have the secret key. - Please keep these values confidential, as they express some opiones of + Please keep these values confidential, as they express some opinions of you about others. PGP does store these information with the keyring, so it is not a good idea to publish the keyring instead of exporting the keyring - gnupg stores the trust in the trust-DB and therefor it is okay to give the keyring away (but we have a --export command too). - Q: What is the differenc between options and commands? + Q: What is the difference between options and commands? A: If you do a "gpg --help", you will get two separate lists. The first is a list of commands. The second is a list of options. Whenever you run GPG, you *must* pick exactly one command (**with one exception, see below). You *may* pick one @@ -266,7 +266,7 @@ Q: What kind of output is this: "key C26EE891.298, uid 09FB: ...."? - A: This is the internal representaion of a user id in the trustdb. + A: This is the internal representation of an user id in the trustdb. "C26EE891" is the keyid, "298" is the local id (a record number in the trustdb) and "09FB" are the last two bytes of a ripe-md-160 hash of the user id for this key. @@ -293,7 +293,7 @@ "uid 12345678.3456/ACDE" This is about the user ID for the same key; to identify the user ID the last two bytes of a ripe-md-160 over the user ID - tring is printed. + ring is printed. "sig 12345678.3456/ACDE/9A8B7C6D" This is about the signature with key ID 9A8B7C6D for the above key and user ID, if it is a signature which is direct diff --git a/doc/HACKING b/doc/HACKING index 01627fe14..17ac7426f 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -20,7 +20,7 @@ archive use: This service is provided to help you in hunting bugs and not to deliver stable snapshots; it may happen that it even does not compile, so please don't complain. CVS may put a high load on a server, so please don't poll -poll for new updates but wait for an anouncement; to receive this you may +poll for new updates but wait for an announcement; to receive this you may want to subscribe to: gnupg-commit-watchers@isil.d.shuttle.de @@ -80,7 +80,7 @@ Directory Layout ---------------- ./ Readme, configure ./scripts Scripts needed by configure and others - ./doc Documentaion + ./doc Documentation ./util General purpose utility function ./mpi Multi precision integer library ./cipher Cryptographic functions @@ -121,7 +121,7 @@ Logging Option parsing --------------- GNUPG does not use getopt or GNU getopt but functions of it's own. See -util/argparse.c for details. The advantage of these funtions is that +util/argparse.c for details. The advantage of these functions is that it is more easy to display and maintain the help texts for the options. The same option table is also used to parse resource files. @@ -129,7 +129,7 @@ The same option table is also used to parse resource files. What is an iobuf ---------------- -This is the data structure used for most I/O of gnupg. It is similiar +This is the data structure used for most I/O of gnupg. It is similar to System V Streams but much simpler. It should be replaced by a cleaner and faster implementation. We are doing to much copying and the semantics of "filter" removing are not very clean. EOF handling is also a problem. @@ -138,7 +138,7 @@ of "filter" removing are not very clean. EOF handling is also a problem. How to use the message digest functions --------------------------------------- -cipher/md.c implements an interface to hash (message diesgt functions). +cipher/md.c implements an interface to hash (message digest functions). a) If you have a common part of data and some variable parts and you need to hash of the concatenated parts, you can use this: diff --git a/doc/OpenPGP b/doc/OpenPGP index 1ae4fedf8..e461df78d 100644 --- a/doc/OpenPGP +++ b/doc/OpenPGP @@ -26,7 +26,7 @@ * (9.2) states that IDEA SHOULD be implemented. This is not done due to patent problems. - * (12.1) states that an implementaion MUST NOT use a symmetric + * (12.1) states that an implementation MUST NOT use a symmetric algorithm which is not in the preference list. GnuPG has an option to override this. @@ -79,8 +79,8 @@ it with a V3 keyid, and can properly use only a V3 format RSA key. - * Neither PGP 5.x nor PGP 6.0 recognize Elgamal Encrypt and Sign - keys. They only handle Elgamal Encrypt-only keys. + * Neither PGP 5.x nor PGP 6.0 recognize ElGamal Encrypt and Sign + keys. They only handle ElGamal Encrypt-only keys. Parts of this document are taken from: diff --git a/doc/gpg.1pod b/doc/gpg.1pod index d4e4ab0b0..dcd107ef7 100644 --- a/doc/gpg.1pod +++ b/doc/gpg.1pod @@ -237,7 +237,7 @@ B<--trusted-key> I Assume that the key with the I (which must be a full (8 byte) keyid) is as trustworthy as one of your own secret keys. This may be used to make keys - valid which are not directly ceritified by you but + valid which are not directly certified by you but by a CA you trust. The advantage of this option is that it shortens the path of certification. @@ -392,7 +392,7 @@ B<--s2k-mode> I Selects how passphrases are mangled: A number of I<0> uses the plain passphrase (which is not recommended), a I<1> (default) adds a salt to the passphrase and - I<3> interates the whole process a couple of times. + I<3> iterates the whole process a couple of times. Unless -B<--rfc1991> is used, this mode is also used for conventional encryption. @@ -403,7 +403,7 @@ B<--compress-algo> I The default algorithm may give better results because the window size is not limited to 8K. If this is not used the OpenPGP behavior is used; i.e. - the compression algorith is selected from the preferences. + the compression algorithm is selected from the preferences. B<--digest-algo> I Use I as message digest algorithm. Running the @@ -444,7 +444,7 @@ B<--rfc1991> Try to be more RFC1991 (PGP 2.x) compliant. B<--force-v3-sigs> - OpenPGP states that a implemenation should generate + OpenPGP states that a implementation should generate v4 signatures but PGP 5.x does only recognize such signatures on key material. This options forces v3 signatures for signatures on data. diff --git a/doc/manual.sgml b/doc/manual.sgml index aec6090dc..2d02caae4 100644 --- a/doc/manual.sgml +++ b/doc/manual.sgml @@ -42,8 +42,8 @@ Introduction Feedback - Well, I'm german and I find it hard to express myself in - english. So if you find some phrases and/or words that I used + Well, I'm German and I find it hard to express myself in + English. So if you find some phrases and/or words that I used in a wrong way (and you will find them :-) ), please send me a mail, to let me correct this. Please send me notes about typos, too. @@ -51,7 +51,7 @@ - What is GBUPG + What is GNUPG GNUPG is a free data encryption and signing tool. @@ -81,7 +81,7 @@ options file name - is the GNUU tool for signing and exncryption + is the GNU tool for signing and encryption Description diff --git a/g10/ChangeLog b/g10/ChangeLog index d91abd1c9..9b9493a04 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +Tue Jan 12 11:17:18 CET 1999 Werner Koch + + * ringedit.c (find_keyblock_bysk): New. + + * skc_list.c (is_insecure): New. + (build_sk_list): usage check for insecure keys. + + * import.c (chk_self_sigs): Add handling for subkeys. + (delete_inv_parts): Skip unsigned subkeys + + * sig-check.c (do_check): Print info if the signature is older + than the key. + * keygen.c (generate_subkeypair): Fail on time warp. + * sign.c (do_sign): Ditto. + Sun Jan 10 15:10:02 CET 1999 Werner Koch * armor.c (fake_packet): Fixed not-dash-escaped bug. diff --git a/g10/helptext.c b/g10/helptext.c index 2e1bca94d..459f62ed7 100644 --- a/g10/helptext.c +++ b/g10/helptext.c @@ -36,7 +36,7 @@ * Translators should use the key as msgid, this is to keep the msgid short * and to allow for easy changing of the helptexts. * - * Mini gloassary: + * Mini glossary: * * "user ID", "trustdb", "NOTE" and "WARNING". */ @@ -60,14 +60,14 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = { }, { N_("pklist.user_id.enter"), -"Enter the user id of the addresse to whom you want to send the message." +"Enter the user id of the addressee to whom you want to send the message." }, { N_("keygen.algo"), "Select the algorithm to use.\n" "DSA (aka DSS) is the digital signature algorithm which can only be used\n" "for signatures. This is the suggested algorithm because verification of\n" -"DSA signatures are much faster than those of ElGamal\n" +"DSA signatures are much faster than those of ElGamal.\n" "ElGamal is a algorithm which can be used for signatures and encryption.\n" "OpenPGP distunguishs between two flavors of this algorithms: a encrypt only\n" "and a sign+encrypt; actually it is the same, but some parameters must be\n" @@ -75,7 +75,7 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = { "does this but other OpenPGP implemenations are not required to understand\n" "the signature+encryption flavor.\n" "The first (primary) key must always be a key which is capable of signing;\n" -"this is the reason why the ecrytion only ElGamal key is disabled in this." +"this is the reason why the encryption only ElGamal key is disabled in this." }, @@ -165,7 +165,7 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = { { N_("keyedit.remove.uid.okay"), "Answer \"yes\" if you really want to delete this user ID.\n" - "All ceritifcates are then also lost!" + "All certificates are then also lost!" }, { N_("keyedit.remove.subkey.okay"), diff --git a/g10/import.c b/g10/import.c index 734f9b06b..0b5fdf29b 100644 --- a/g10/import.c +++ b/g10/import.c @@ -661,12 +661,13 @@ import_revoke_cert( const char *fname, KBNODE node ) * loop over the keyblock and check all self signatures. * Mark all user-ids with a self-signature by setting flag bit 0. * Mark all user-ids with an invalid self-signature by setting bit 1. + * This works allso for subkeys, here the subkey is marked. */ static int chk_self_sigs( const char *fname, KBNODE keyblock, PKT_public_key *pk, u32 *keyid ) { - KBNODE n, unode; + KBNODE n; PKT_signature *sig; int rc; @@ -675,22 +676,50 @@ chk_self_sigs( const char *fname, KBNODE keyblock, continue; sig = n->pkt->pkt.signature; if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { - unode = find_prev_kbnode( keyblock, n, PKT_USER_ID ); - if( !unode ) { - log_error_f(fname, _("key %08lX: no user-id for signature\n"), - (ulong)keyid[1]); - return -1; /* the complete keyblock is invalid */ - } - rc = check_key_signature( keyblock, n, NULL); - if( rc ) { - log_error_f( fname, rc == G10ERR_PUBKEY_ALGO ? - _("key %08lX: unsupported public key algorithm\n"): - _("key %08lX: invalid self-signature\n"), - (ulong)keyid[1]); + if( (sig->sig_class&~3) == 0x10 ) { + KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID ); + if( !unode ) { + log_error_f(fname, + _("key %08lX: no user-id for signature\n"), + (ulong)keyid[1]); + return -1; /* the complete keyblock is invalid */ + } + rc = check_key_signature( keyblock, n, NULL); + if( rc ) { + log_error_f( fname, rc == G10ERR_PUBKEY_ALGO ? + _("key %08lX: unsupported public key algorithm\n"): + _("key %08lX: invalid self-signature\n"), + (ulong)keyid[1]); - unode->flag |= 2; /* mark as invalid */ + unode->flag |= 2; /* mark as invalid */ + } + unode->flag |= 1; /* mark that signature checked */ + } + else if( sig->sig_class == 0x18 ) { + KBNODE knode = find_prev_kbnode( keyblock, + n, PKT_PUBLIC_SUBKEY ); + if( !knode ) + knode = find_prev_kbnode( keyblock, + n, PKT_SECRET_SUBKEY ); + + if( !knode ) { + log_error_f(fname, + _("key %08lX: no subkey for key binding\n"), + (ulong)keyid[1]); + } + else { + rc = check_key_signature( keyblock, n, NULL); + if( rc ) { + log_error_f( fname, rc == G10ERR_PUBKEY_ALGO ? + _("key %08lX: unsupported public key algorithm\n"): + _("key %08lX: invalid subkey binding\n"), + (ulong)keyid[1]); + + knode->flag |= 2; /* mark as invalid */ + } + } + knode->flag |= 1; /* mark that signature checked */ } - unode->flag |= 1; /* mark that signature checked */ } } return 0; @@ -730,6 +759,22 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid ) else nvalid++; } + else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY ) { + if( (node->flag & 2) || !(node->flag & 1) ) { + if( opt.verbose ) { + log_info_f(fname, _("key %08lX: skipped subkey\n"), + (ulong)keyid[1]); + } + delete_kbnode( node ); /* the subkey */ + /* and all following signature packets */ + while( node->next + && node->next->pkt->pkttype == PKT_SIGNATURE ) { + delete_kbnode( node->next ); + node = node->next; + } + } + } else if( node->pkt->pkttype == PKT_SIGNATURE && check_pubkey_algo( node->pkt->pkt.signature->pubkey_algo) && node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA ) @@ -845,7 +890,7 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock, } } - /* merge subkey certifcates */ + /* merge subkey certificates */ for(onode=keyblock_orig->next; onode; onode=onode->next ) { if( !(onode->flag & 1) && ( onode->pkt->pkttype == PKT_PUBLIC_SUBKEY diff --git a/g10/keydb.h b/g10/keydb.h index 4a18b7ea0..73c2d5969 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -194,6 +194,7 @@ int locate_keyblock_by_keyid( KBPOS *kbpos, u32 *keyid, int find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos ); int find_keyblock_byname( KBPOS *kbpos, const char *username ); int find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk ); +int find_keyblock_bysk( KBPOS *kbpos, PKT_secret_key *sk ); int find_secret_keyblock_byname( KBPOS *kbpos, const char *username ); int lock_keyblock( KBPOS *kbpos ); void unlock_keyblock( KBPOS *kbpos ); diff --git a/g10/keygen.c b/g10/keygen.c index d66585295..2b5d34d3b 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -971,6 +971,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) char *passphrase = NULL; DEK *dek = NULL; STRING2KEY *s2k = NULL; + u32 cur_time; /* break out the primary secret key */ node = find_kbnode( sec_keyblock, PKT_SECRET_KEY ); @@ -981,6 +982,19 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) /* make a copy of the sk to keep the protected one in the keyblock */ sk = copy_secret_key( NULL, node->pkt->pkt.secret_key ); + + cur_time = make_timestamp(); + if( sk->timestamp > cur_time ) { + ulong d = sk->timestamp - cur_time; + log_info( d==1 ? _("key has been created %lu second " + "in future (time warp or clock problem)\n") + : _("key has been created %lu seconds " + "in future (time warp or clock problem)\n"), d ); + rc = G10ERR_TIME_CONFLICT; + goto leave; + } + + /* unprotect to get the passphrase */ switch( is_secret_key_protected( sk ) ) { case -1: diff --git a/g10/ringedit.c b/g10/ringedit.c index 10fea1eaf..4a97f78f8 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -480,6 +480,23 @@ find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk ) return rc; } +/**************** + * Combined function to search for a key and get the position + * of the keyblock. + */ +int +find_keyblock_bysk( KBPOS *kbpos, PKT_secret_key *sk ) +{ + PACKET pkt; + int rc; + + init_packet( &pkt ); + pkt.pkttype = PKT_SECRET_KEY; + pkt.pkt.secret_key = sk; + rc = search( &pkt, kbpos, 0 ); + return rc; +} + /**************** * Combined function to search for a username and get the position diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 5edebf782..7712036e4 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -1,4 +1,4 @@ -/* seckey-cert.c - secret key certifucate packet handling +/* seckey-cert.c - secret key certificate packet handling * Copyright (C) 1998 Free Software Foundation, Inc. * * This file is part of GnuPG. diff --git a/g10/sig-check.c b/g10/sig-check.c index 2460cd09a..0eb29eafb 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -157,15 +157,22 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) return G10ERR_PUBKEY_ALGO; } - if( pk->timestamp > sig->timestamp ) + if( pk->timestamp > sig->timestamp ) { + ulong d = pk->timestamp - sig->timestamp; + log_info( d==1 + ? _("public key is %lu second newer than the signature\n") + : _("public key is %lu seconds newer than the signature\n"), + d ); return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */ + } cur_time = make_timestamp(); if( pk->timestamp > cur_time ) { ulong d = pk->timestamp - cur_time; - log_info(_("public key created %lu %s " - "in future (time warp or clock problem)\n"), - d, d==1? _("second"):_("seconds") ); + log_info( d==1 ? _("key has been created %lu second " + "in future (time warp or clock problem)\n") + : _("key has been created %lu seconds " + "in future (time warp or clock problem)\n"), d ); return G10ERR_TIME_CONFLICT; } @@ -331,7 +338,6 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) keyid_from_pk( pk, keyid ); md = md_open( algo, 0 ); - /*md_start_debug(md, "check");*/ hash_public_key( md, pk ); hash_uid_node( unode, md, sig ); if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { diff --git a/g10/sign.c b/g10/sign.c index abb6e9d44..b011043b2 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -47,6 +47,16 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, byte *dp; int rc; + if( sk->timestamp > sig->timestamp ) { + ulong d = sk->timestamp - sig->timestamp; + log_info( d==1 ? _("key has been created %lu second " + "in future (time warp or clock problem)\n") + : _("key has been created %lu seconds " + "in future (time warp or clock problem)\n"), d ); + return G10ERR_TIME_CONFLICT; + } + + print_pubkey_algo_note(sk->pubkey_algo); if( !digest_algo ) diff --git a/g10/skclist.c b/g10/skclist.c index 8ae3fc15b..2c46d6699 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -32,6 +32,7 @@ #include "memory.h" #include "util.h" #include "i18n.h" +#include "cipher.h" void @@ -46,6 +47,19 @@ release_sk_list( SK_LIST sk_list ) } } + +/* Check that we are only using keys which don't have + * the string "(insecure!)" or "not secure" or "do not use" + * in one of the user ids + */ +static int +is_insecure( PKT_secret_key *sk ) +{ + + BUG(); +} + + int build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, unsigned usage ) @@ -66,10 +80,15 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, SK_LIST r; if( sk->version == 4 && (usage & PUBKEY_USAGE_SIG) && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { - log_error("this is a PGP generated " + log_info("this is a PGP generated " "ElGamal key which is NOT secure for signatures!\n"); free_secret_key( sk ); sk = NULL; } + else if( random_is_faked() && !is_insecure( sk ) ) { + log_info(_("key is not flagged as insecure - " + "can't use it with the faked RNG!\n")); + free_secret_key( sk ); sk = NULL; + } else { r = m_alloc( sizeof *r ); r->sk = sk; sk = NULL; @@ -102,6 +121,11 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, locusr->d ); free_secret_key( sk ); sk = NULL; } + else if( random_is_faked() && !is_insecure( sk ) ) { + log_info(_("key is not flagged as insecure - " + "can't use it with the faked RNG!\n")); + free_secret_key( sk ); sk = NULL; + } else { r = m_alloc( sizeof *r ); r->sk = sk; sk = NULL; diff --git a/include/errors.h b/include/errors.h index 4cc235e6a..af78b9d3e 100644 --- a/include/errors.h +++ b/include/errors.h @@ -62,8 +62,11 @@ #define G10ERR_TIME_CONFLICT 40 #define G10ERR_WR_PUBKEY_ALGO 41 /* unusabe pubkey algo */ #define G10ERR_FILE_EXISTS 42 -#define G10ERR_WEAK_KEY 43 /* NOTE: hardcoded intothe cipher modules */ -#define G10ERR_WRONG_KEYLEN 44 /* NOTE: hardcoded intothe cipher modules */ +#define G10ERR_WEAK_KEY 43 /* NOTE: hardcoded into the cipher modules */ +#define G10ERR_WRONG_KEYLEN 44 /* NOTE: hardcoded into the cipher modules */ +#define G10ERR_INV_ARG 45 +#define G10ERR_BAD_URI 46 /* syntax error in URI */ +#define G10ERR_INVALID_URI 47 /* e.g. unsupported scheme */ #ifndef HAVE_STRERROR diff --git a/mpi/config.links b/mpi/config.links index 7e3e865ff..63255a120 100644 --- a/mpi/config.links +++ b/mpi/config.links @@ -106,13 +106,17 @@ case "${target}" in m680[234]0*-*-linux* | m68k*-*-linux*) echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h - path="m68k/mc68020 m68k" ;; m68060*-*-linux*) echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h path="m68k" ;; + m68k-atari-mint) + echo '#define MIT_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h + path="m68k/mc68020 m68k" + ;; m68000*-*-* | m68060*-*-*) echo '#define MIT_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h diff --git a/po/ChangeLog b/po/ChangeLog index d3fc491fa..ac3391d27 100644 --- a/po/ChangeLog +++ b/po/ChangeLog @@ -1,3 +1,7 @@ +Tue Jan 12 11:17:18 CET 1999 Werner Koch + + * fr.po: Imported new version + Tue Dec 29 14:41:47 CET 1998 Werner Koch * pl.po: Janusz A. Urbanowicz contributed this one diff --git a/po/fr.po b/po/fr.po index e6ba658ff..45a1c1dbf 100644 --- a/po/fr.po +++ b/po/fr.po @@ -4,9 +4,9 @@ # msgid "" msgstr "" -"Project-Id-Version: gnupg 0.4.5a\n" -"POT-Creation-Date: 1999-01-09 18:31+0100\n" -"PO-Revision-Date: 1998-12-15 00:35+01:00\n" +"Project-Id-Version: gnupg 0.9.0a\n" +"POT-Creation-Date: 1999-01-11 02:14+0100\n" +"PO-Revision-Date: 1999-01-09 00:25+01:00\n" "Last-Translator: Gaël Quéri \n" "Language-Team: French \n" "MIME-Version: 1.0\n" @@ -26,219 +26,176 @@ msgid "yY" msgstr "oO" #: util/errors.c:54 -#, fuzzy msgid "general error" -msgstr "Erreur générale" +msgstr "erreur générale" #: util/errors.c:55 -#, fuzzy msgid "unknown packet type" -msgstr "Type de paquet inconnu" +msgstr "type de paquet inconnu" #: util/errors.c:56 -#, fuzzy msgid "unknown version" -msgstr "Version inconnue" +msgstr "version inconnue" #: util/errors.c:57 -#, fuzzy msgid "unknown pubkey algorithm" -msgstr "Algorithme de clé publique inconnu" +msgstr "algorithme à clé publique inconnu" #: util/errors.c:58 -#, fuzzy msgid "unknown digest algorithm" -msgstr "Algorithme de hachage inconnu" +msgstr "algorithme de hachage inconnu" #: util/errors.c:59 -#, fuzzy msgid "bad public key" -msgstr "Mauvaise clé publique" +msgstr "mauvaise clé publique" #: util/errors.c:60 -#, fuzzy msgid "bad secret key" -msgstr "Mauvaise clé secrète" +msgstr "mauvaise clé secrète" #: util/errors.c:61 -#, fuzzy msgid "bad signature" -msgstr "Mauvaise signature" +msgstr "mauvaise signature" #: util/errors.c:62 -#, fuzzy msgid "checksum error" -msgstr "Erreur de checksum" +msgstr "erreur de checksum" #: util/errors.c:63 -#, fuzzy msgid "bad passphrase" -msgstr "Mauvais mot de passe" +msgstr "mauvais mot de passe" #: util/errors.c:64 -#, fuzzy msgid "public key not found" -msgstr "Clé publique non trouvée" +msgstr "clé publique non trouvée" #: util/errors.c:65 -#, fuzzy msgid "unknown cipher algorithm" -msgstr "Algorithme de chiffrement inconnu" +msgstr "algorithme de chiffrement inconnu" #: util/errors.c:66 -#, fuzzy msgid "can't open the keyring" -msgstr "Ne peut ouvrir le porte-clés" +msgstr "ne peut ouvrir le porte-clés" #: util/errors.c:67 -#, fuzzy msgid "invalid packet" -msgstr "Paquet invalide" +msgstr "paquet invalide" #: util/errors.c:68 -#, fuzzy msgid "invalid armor" -msgstr "Armure invalide" +msgstr "armure invalide" #: util/errors.c:69 -#, fuzzy msgid "no such user id" -msgstr "Pas de tel utilisateur" +msgstr "pas de tel utilisateur" #: util/errors.c:70 -#, fuzzy msgid "secret key not available" -msgstr "La clé secrète n'est pas disponible" +msgstr "la clé secrète n'est pas disponible" #: util/errors.c:71 -#, fuzzy msgid "wrong secret key used" -msgstr "Mauvaise clé secrète utilisée" +msgstr "mauvaise clé secrète utilisée" #: util/errors.c:72 -#, fuzzy msgid "not supported" -msgstr "Non supporté" +msgstr "non supporté" #: util/errors.c:73 -#, fuzzy msgid "bad key" -msgstr "Mauvaise clé" +msgstr "mauvaise clé" #: util/errors.c:74 -#, fuzzy msgid "file read error" -msgstr "Erreur de lecture" +msgstr "erreur de lecture" #: util/errors.c:75 -#, fuzzy msgid "file write error" -msgstr "Erreur d'écriture" +msgstr "erreur d'écriture" #: util/errors.c:76 -#, fuzzy msgid "unknown compress algorithm" -msgstr "Algorithme de compression inconnu" +msgstr "algorithme de compression inconnu" #: util/errors.c:77 -#, fuzzy msgid "file open error" -msgstr "Erreur d'ouverture de fichier" +msgstr "erreur d'ouverture de fichier" #: util/errors.c:78 -#, fuzzy msgid "file create error" -msgstr "Erreur de création de fichier" +msgstr "erreur de création de fichier" #: util/errors.c:79 -#, fuzzy msgid "invalid passphrase" -msgstr "Mot de passe invalide" +msgstr "mot de passe invalide" #: util/errors.c:80 -#, fuzzy msgid "unimplemented pubkey algorithm" -msgstr "Algorithme de clé publique non implémenté" +msgstr "algorithme à clé publique non implémenté" #: util/errors.c:81 -#, fuzzy msgid "unimplemented cipher algorithm" -msgstr "Algorithme de chiffrement non implémenté" +msgstr "algorithme de chiffrement non implémenté" #: util/errors.c:82 -#, fuzzy msgid "unknown signature class" -msgstr "Classe de signature inconnue" +msgstr "classe de signature inconnue" #: util/errors.c:83 -#, fuzzy msgid "trust database error" -msgstr "Erreur dans la base de confiance" +msgstr "erreur dans la base de confiance" #: util/errors.c:84 -#, fuzzy msgid "bad MPI" -msgstr "Mauvais entier en précision multiple" +msgstr "mauvais entier en précision multiple (MPI)" #: util/errors.c:85 -#, fuzzy msgid "resource limit" -msgstr "Limite de ressources" +msgstr "limite de ressources atteinte" #: util/errors.c:86 -#, fuzzy msgid "invalid keyring" -msgstr "Porte-clés invalide" +msgstr "porte-clés invalide" #: util/errors.c:87 -#, fuzzy msgid "bad certificate" -msgstr "Mauvais certificat" +msgstr "mauvais certificat" #: util/errors.c:88 -#, fuzzy msgid "malformed user id" -msgstr "Nom d'utilisateur malformé" +msgstr "nom d'utilisateur malformé" #: util/errors.c:89 -#, fuzzy msgid "file close error" -msgstr "Erreur de fermeture de fichier" +msgstr "erreur de fermeture de fichier" #: util/errors.c:90 -#, fuzzy msgid "file rename error" -msgstr "Erreur pendant le changement de nom du fichier" +msgstr "erreur pendant le changement de nom du fichier" #: util/errors.c:91 -#, fuzzy msgid "file delete error" -msgstr "Erreur pendant la suppression du fichier" +msgstr "erreur pendant la suppression du fichier" #: util/errors.c:92 -#, fuzzy msgid "unexpected data" -msgstr "Données inattendues" +msgstr "données inattendues" #: util/errors.c:93 -#, fuzzy msgid "timestamp conflict" -msgstr "Conflit de dates" +msgstr "conflit de dates" #: util/errors.c:94 -#, fuzzy msgid "unusable pubkey algorithm" -msgstr "Algorithme de clés publiques inutilisable" +msgstr "algorithme de clés publiques inutilisable" #: util/errors.c:95 -#, fuzzy msgid "file exists" -msgstr "Le fichier existe" +msgstr "le fichier existe" #: util/errors.c:96 -#, fuzzy msgid "weak key" -msgstr "Mauvaise clé" +msgstr "mauvaise clé" #: util/logger.c:178 #, c-format @@ -511,7 +468,7 @@ msgstr "(3 par d #: g10/g10.c:242 msgid "|KEYID|ulimately trust this key" -msgstr "|IDCLE|donner une confiance totale à cette clé" +msgstr "|ID CLE|donner une confiance totale à cette clé" #: g10/g10.c:243 msgid "|FILE|load extension module FILE" @@ -524,7 +481,7 @@ msgstr "imiter le mode d # FIXMOI : faudra trouver mieux ... #: g10/g10.c:245 msgid "|N|use passphrase mode N" -msgstr "|N|utiliser le mode de mots de passe N" +msgstr "|N|utiliser le mode de codage des mots de passe N" #: g10/g10.c:247 msgid "|NAME|use message digest algorithm NAME for passphrases" @@ -532,7 +489,7 @@ msgstr "|NOM|utiliser le hachage NOM pour les mots de passe" #: g10/g10.c:249 msgid "|NAME|use cipher algorithm NAME for passphrases" -msgstr "|NOM|utiliser le chiffrement NOM pour les mots de passe" +msgstr "|NOM|utiliser le chiffre NOM pour les mots de passe" #: g10/g10.c:251 msgid "|NAME|use cipher algorithm NAME" @@ -774,58 +731,55 @@ msgid "invalid clearsig header\n" msgstr "en-tête de signature claire invalide\n" #: g10/armor.c:414 -#, fuzzy msgid "nested clear text signatures\n" -msgstr "|[fichier]|faire une signature en texte clair" +msgstr "signatures en texte clair imbriquées\n" -#: g10/armor.c:530 +#: g10/armor.c:533 msgid "invalid dash escaped line: " msgstr "ligne de traits d'échappement invalide : " -#: g10/armor.c:538 -#, fuzzy +#: g10/armor.c:541 msgid "unexpected armor:" -msgstr "Données inattendues" +msgstr "armure inattendue :" -#: g10/armor.c:624 +#: g10/armor.c:627 #, c-format msgid "invalid radix64 character %02x skipped\n" msgstr "caractère %02x invalide en base 64 ignoré\n" -#: g10/armor.c:654 +#: g10/armor.c:657 msgid "premature eof (no CRC)\n" msgstr "fin de fichier prématurée (pas de CRC)\n" -#: g10/armor.c:671 +#: g10/armor.c:674 msgid "premature eof (in CRC)\n" msgstr "fin de fichier prématurée (dans le CRC)\n" -#: g10/armor.c:675 +#: g10/armor.c:678 msgid "malformed CRC\n" msgstr "CRC malformé\n" -#: g10/armor.c:679 +#: g10/armor.c:682 #, c-format msgid "CRC error; %06lx - %06lx\n" msgstr "Erreur de CRC ; %06lx - %06lx\n" -#: g10/armor.c:696 +#: g10/armor.c:699 msgid "premature eof (in Trailer)\n" msgstr "fin de fichier prématurée (dans la remorque)\n" -#: g10/armor.c:700 +#: g10/armor.c:703 msgid "error in trailer line\n" msgstr "erreur dans la ligne de remorque\n" -#: g10/armor.c:961 -#, fuzzy +#: g10/armor.c:964 msgid "no valid OpenPGP data found.\n" -msgstr "pas de donnée RFC1991 ou OpenPGP valide trouvée.\n" +msgstr "aucune de donnée OpenPGP valide n'a été trouvée.\n" -#: g10/armor.c:963 +#: g10/armor.c:966 #, c-format msgid "invalid armor: line longer than %d characters\n" -msgstr "" +msgstr "armure invalide : ligne plus longue que %d caractères\n" #: g10/pkclist.c:138 #, c-format @@ -864,11 +818,10 @@ msgstr " m = retour au menu principal\n" #: g10/pkclist.c:159 msgid " q = quit\n" -msgstr "" +msgstr " q = quitter\n" #. a string with valid answers #: g10/pkclist.c:164 -#, fuzzy msgid "sSmMqQ" msgstr "sSmMqQ" @@ -1126,7 +1079,7 @@ msgid "" "computations take REALLY long!\n" msgstr "" "Les tailles supérieures à 2048 ne sont pas conseillées car\n" -"les calculs sont VRAIMENT longs!\n" +"les calculs prennent VRAIMENT beaucoup de temps !\n" #: g10/keygen.c:464 msgid "Are you sure that you want this keysize? " @@ -1137,7 +1090,7 @@ msgid "" "Okay, but keep in mind that your monitor and keyboard radiation is also very " "vulnerable to attacks!\n" msgstr "" -"D'accord, mais n'oubliez pas que votre écran et les radiations du clavier " +"D'accord, mais n'oubliez pas que votre écran et les radiations du clavier\n" "sont aussi très vulnérables aux attaques!\n" #: g10/keygen.c:473 @@ -1291,11 +1244,11 @@ msgid "" "network and the disks) during the prime generation; this gives the random\n" "number generator a better chance to gain enough entropy.\n" msgstr "" -"Beaucoup d'octets aléatoires doivent être générés. Vous devriez\n" -"faire quelque-chose d'autre (travailler dans une autre fenêtre, bouger la\n" +"Un grand nombre d'octets aléatoires doit être généré. Vous devriez\n" +"faire autre-chose (travailler dans une autre fenêtre, déplacer la\n" "souris, utiliser le réseau et les disques) pendant la génération de nombres\n" -"premiers ; cela permet au générateur de nombres aléatoires d'obtenir une\n" -"entropie suffisante plus facilement.\n" +"premiers ; cela donne au générateur de nombres aléatoires une meilleure\n" +"chance d'avoir assez d'entropie.\n" #: g10/keygen.c:827 msgid "Key generation can only be used in interactive mode\n" @@ -1981,7 +1934,7 @@ msgid "Key not changed so no update needed.\n" msgstr "La clé n'a pas changé donc la mise à jour est inutile.\n" #: g10/keyedit.c:669 g10/keyedit.c:727 -#, fuzzy, c-format +#, c-format msgid "update of trustdb failed: %s\n" msgstr "la mise à jour de la base de confiance a échoué : %s\n" @@ -2060,7 +2013,6 @@ msgid "No secondary key with index %d\n" msgstr "Pas de clé secondaire avec l'index %d\n" #: g10/mainproc.c:198 -#, fuzzy msgid "public key encrypted data: good DEK\n" msgstr "données chiffrées avec la clé publique : bonne clé de chiffrement\n" @@ -2123,9 +2075,8 @@ msgid "can't disable core dumps: %s\n" msgstr "ne peut empêcher la génération de fichiers core : %s\n" #: g10/misc.c:93 -#, fuzzy msgid "WARNING: program may create a core file!\n" -msgstr "ATTENTION : Le programme peut créer un fichier core !\n" +msgstr "ATTENTION : Le programme peut créer un fichier « core » !\n" #: g10/misc.c:200 msgid "Experimental algorithms should not be used!\n" @@ -2140,11 +2091,10 @@ msgstr "" "et l'utiliser dans l'avenir\n" #: g10/misc.c:235 -#, fuzzy msgid "this cipher algorithm is depreciated; please use a more standard one!\n" msgstr "" "Cet algorithme de chiffrement est déconseillé ; utilisez-en un\n" -"plus standard!\n" +"plus standard !\n" #: g10/parse-packet.c:113 #, c-format @@ -2167,14 +2117,14 @@ msgstr "" "l'utilisateur: \"" #: g10/passphrase.c:150 -#, fuzzy, c-format +#, c-format msgid "%u-bit %s key, ID %08lX, created %s" -msgstr "(clé de %u bits %s, ID %08lX, créée le %s)\n" +msgstr "clé de %u bits %s, ID %08lX, créée le %s" #: g10/passphrase.c:155 #, c-format msgid " (main key ID %08lX)" -msgstr "" +msgstr " (ID clé principale %08lX)" #: g10/passphrase.c:183 msgid "Enter passphrase: " @@ -2209,9 +2159,8 @@ msgid "anonymous receiver; trying secret key %08lX ...\n" msgstr "destinataire anonyme ; essai de la clé secrète %08lX ...\n" #: g10/pubkey-enc.c:84 -#, fuzzy msgid "okay, we are the anonymous recipient.\n" -msgstr "d'accord, nous sommes le destinataire anonyme.\n" +msgstr "d'accord, nous sommes le récipient anonyme.\n" #: g10/pubkey-enc.c:136 msgid "old encoding of the DEK is not supported\n" @@ -2245,19 +2194,18 @@ msgstr "" "signatures!\n" #: g10/sig-check.c:166 -#, fuzzy, c-format +#, c-format msgid "public key created %lu %s in future (time warp or clock problem)\n" msgstr "" -"clé publique créée dans le futur (voyage dans le temps ou problème\n" -"d'horloge)\n" +"clé publique créée %lu %s dans le futur\n" #: g10/sig-check.c:168 msgid "second" -msgstr "" +msgstr "seconde" #: g10/sig-check.c:168 msgid "seconds" -msgstr "" +msgstr "secondes" #: g10/sig-check.c:173 #, c-format @@ -2302,7 +2250,6 @@ msgstr "" "%s\n" #: g10/tdbio.c:232 -#, fuzzy msgid "trustdb transaction too large\n" msgstr "transaction de base de confiance trop volumineuse\n" @@ -2337,17 +2284,17 @@ msgid "%s: failed to create version record: %s" msgstr "%s : n'a pas pu créer un enregistrement de version : %s" #: g10/tdbio.c:477 -#, fuzzy, c-format +#, c-format msgid "%s: invalid trustdb created\n" msgstr "%s : base de confiance invalide créée\n" #: g10/tdbio.c:479 -#, fuzzy, c-format +#, c-format msgid "%s: trustdb created\n" msgstr "%s : base de confiance créée\n" #: g10/tdbio.c:512 -#, fuzzy, c-format +#, c-format msgid "%s: invalid trustdb\n" msgstr "%s : base de confiance invalide\n" @@ -2421,10 +2368,9 @@ msgid "%s: failed to append a record: %s\n" msgstr "%s : n'a pas pu ajouter un enregistrement : %s\n" #: g10/trustdb.c:142 -#, fuzzy msgid "The trustdb is corrupted; please run \"gpgm --fix-trustdb\".\n" msgstr "" -"La base de confiance est corrompue ; exécutez « gpgm --fix-trust-db ».\n" +"La base de confiance est corrompue ; exécutez « gpgm --fix-trustdb ».\n" #: g10/trustdb.c:155 #, c-format @@ -2444,9 +2390,9 @@ msgid "trust record %lu: delete failed: %s\n" msgstr "enregistrement de confiance %lu : la suppression a échoué : %s\n" #: g10/trustdb.c:198 -#, fuzzy, c-format +#, c-format msgid "trustdb: sync failed: %s\n" -msgstr "base de confiance a échoué : la synchronisation a échoué : %s\n" +msgstr "base de confiance : la synchronisation a échoué : %s\n" #: g10/trustdb.c:327 #, c-format @@ -2476,9 +2422,9 @@ msgid "chained sigrec %lu has a wrong owner\n" msgstr "l'enregistrement de signature %lu a un mauvais propriétaire\n" #: g10/trustdb.c:463 -#, fuzzy, c-format +#, c-format msgid "'%s' is not a valid long keyID\n" -msgstr "`%s' n'est pas une identification longue de clé valide\n" +msgstr "'%s' n'est pas une identification longue de clé valide\n" #: g10/trustdb.c:498 #, c-format @@ -2559,29 +2505,29 @@ msgid "Ooops, no user ids\n" msgstr "Ooops, pas de nom d'utilisateur\n" #: g10/trustdb.c:1088 g10/trustdb.c:1106 -#, fuzzy, c-format +#, c-format msgid "user '%s' read problem: %s\n" -msgstr "problème de lecture de l'utilisateur `%s' : %s\n" +msgstr "problème de lecture de l'utilisateur '%s' : %s\n" #: g10/trustdb.c:1091 g10/trustdb.c:1109 -#, fuzzy, c-format +#, c-format msgid "user '%s' list problem: %s\n" -msgstr "problème de liste à l'utilisateur `%s' : %s\n" +msgstr "problème de liste à l'utilisateur '%s' : %s\n" #: g10/trustdb.c:1099 g10/trustdb.c:1346 -#, fuzzy, c-format +#, c-format msgid "user '%s' not found: %s\n" -msgstr "l'utilisateur `%s' n'a pas été trouvé : %s\n" +msgstr "l'utilisateur '%s' n'a pas été trouvé : %s\n" #: g10/trustdb.c:1101 g10/trustdb.c:1348 -#, fuzzy, c-format +#, c-format msgid "problem finding '%s' in trustdb: %s\n" -msgstr "problème de recherche de `%s' dans la base de confiance : %s\n" +msgstr "problème de recherche de '%s' dans la base de confiance : %s\n" #: g10/trustdb.c:1104 -#, fuzzy, c-format +#, c-format msgid "user '%s' not in trustdb\n" -msgstr "l'utilisateur `%s' n'est pas dans la base de confiance\n" +msgstr "l'utilisateur '%s' n'est pas dans la base de confiance\n" #: g10/trustdb.c:1139 #, c-format @@ -2643,14 +2589,14 @@ msgid "error finding dir record: %s\n" msgstr "erreur pendant la recherche de l'enregistrement de répertoire : %s\n" #: g10/trustdb.c:1351 -#, fuzzy, c-format +#, c-format msgid "user '%s' not in trustdb - inserting\n" -msgstr "l'utilisateur `%s' n'est pas dans la base de confiance - insertion\n" +msgstr "l'utilisateur '%s' n'est pas dans la base de confiance - insertion\n" #: g10/trustdb.c:1354 -#, fuzzy, c-format +#, c-format msgid "failed to put '%s' into trustdb: %s\n" -msgstr "n'a pas pu insérer `%s' dans la base de confiance : %s\n" +msgstr "n'a pas pu insérer '%s' dans la base de confiance : %s\n" #: g10/trustdb.c:1404 #, c-format @@ -3035,7 +2981,6 @@ msgid "encrypted with unknown algorithm %d\n" msgstr "chiffré avec l'algorithme inconnu %d\n" #: g10/encr-data.c:74 -#, fuzzy msgid "" "WARNING: message was encrypted with a weak key in the symmetric cipher.\n" msgstr "" @@ -3058,9 +3003,9 @@ msgstr "" msgid "edit_ownertrust.value" msgstr "" "C'est à vous d'assigner une valeur ici ; cette valeur ne sera jamais\n" -"exportée à une tierce personne. Nous en avons besoin pour créer le\n" +"einvoyée à une tierce personne. Nous en avons besoin pour créer le\n" "réseau de confiance (web-of-trust) ; cela n'a rien à voir avec le\n" -"réseau de certificats (créé implicitement)" +"réseau des certificats (créé implicitement)" #: g10/helptext.c:54 msgid "revoked_key.override" @@ -3078,7 +3023,22 @@ msgstr "Entrez l'adresse de la personne #: g10/helptext.c:66 msgid "keygen.algo" -msgstr "Sélectionnez l'algorithme à utiliser:" +msgstr "" +"Sélectionnez l'algorithme à utiliser.\n" +"DSA (alias DSS) est l'algorithme de signatures électroniques qui ne peut\n" +"être utilisé que pour les signatures. C'est l'algorithme recommandé car\n" +"la vérification des signatures DSA est beaucoup plus rapide que celle des\n" +"signatures ElGamal.\n" +"ElGamal est un algorithme pouvant à la fois être utilisé pour les\n" +"signatures et le chiffrement. OpenPGP en distingue deux sortes :\n" +"l'une destinée uniquement au chiffrement et l'autre pouvant aussi bien\n" +"servir aux signatures ; elles sont en fait identiques mais certains\n" +"paramètres doivent être spécialement choisis pour que la clé génère des\n" +"signatures sures : ce programme est capable de le faire mais les autres\n" +"implémentaions de OpenPGP ne sont pas obligées d'accepter cette forme de\n" +"clé.\n" +"La première clé (clé principale) doit toujours être capable de signer ;\n" +"c'est pourquoi la clé ElGamal de chiffrement seul est alors désactivée." #: g10/helptext.c:82 msgid "keygen.algo.elg_se" @@ -3089,35 +3049,35 @@ msgstr "" #: g10/helptext.c:89 msgid "keygen.size" -msgstr "" +msgstr "Entrez la taille de la clé" #: g10/helptext.c:93 msgid "keygen.size.huge.okay" -msgstr "" +msgstr "Répondez « oui » ou « non »" #: g10/helptext.c:98 msgid "keygen.size.large.okay" -msgstr "" +msgstr "Répondez « oui » ou « non »" #: g10/helptext.c:103 msgid "keygen.valid" -msgstr "" +msgstr "Entrez la valeur demandée" #: g10/helptext.c:107 msgid "keygen.valid.okay" -msgstr "" +msgstr "Répondez « oui » ou « non »" #: g10/helptext.c:112 msgid "keygen.name" -msgstr "" +msgstr "Entrez le nom du propriétaire de la clé" #: g10/helptext.c:117 msgid "keygen.email" -msgstr "" +msgstr "Entrez une adresse e-mail optionnelle mais hautement recommandée" #: g10/helptext.c:121 msgid "keygen.comment" -msgstr "" +msgstr "Entrez un commentaire optionnel" #: g10/helptext.c:126 msgid "keygen.userid.cmd" @@ -3134,35 +3094,37 @@ msgstr "R #: g10/helptext.c:139 msgid "sign_uid.okay" -msgstr "" +msgstr "Répondez « oui » ou « non »" #: g10/helptext.c:144 msgid "change_passwd.empty.okay" -msgstr "" +msgstr "Répondez « oui » ou « non »" #: g10/helptext.c:149 msgid "keyedit.cmd" -msgstr "Entrez « aide » pour voir la liste des commandes." +msgstr "Entrez « help » pour voir la liste des commandes." #: g10/helptext.c:153 msgid "keyedit.save.okay" -msgstr "" +msgstr "Répondez « oui » ou « non »" #: g10/helptext.c:158 msgid "keyedit.cancel.okay" -msgstr "" +msgstr "Répondez « oui » ou « non »" #: g10/helptext.c:162 msgid "keyedit.sign_all.okay" -msgstr "" +msgstr "Répondez « oui » si vous voulez signer TOUS les noms d'utilisateurs" #: g10/helptext.c:166 msgid "keyedit.remove.uid.okay" msgstr "" +"Répondez « oui » si vous voulez vraiment supprimer ce nom\n" +"d'utilisateur. Tous les certificats seront alors perdus en même temps !" #: g10/helptext.c:171 msgid "keyedit.remove.subkey.okay" -msgstr "" +msgstr "Entrez « oui » s'il faut vraiment supprimer la sous-clé" #: g10/helptext.c:175 msgid "passphrase.enter" @@ -3177,11 +3139,11 @@ msgstr "" #: g10/helptext.c:186 msgid "detached_signature.filename" -msgstr "" +msgstr "Donnez le nom du fichier auquel la signature se rapporte" #: g10/helptext.c:190 msgid "openfile.overwrite.okay" -msgstr "" +msgstr "Entrez « oui » s'il faut vraiment réécrire le fichier" #: g10/helptext.c:204 msgid "No help available" @@ -3191,12 +3153,3 @@ msgstr "Pas d'aide disponible" #, c-format msgid "No help available for `%s'" msgstr "Pas d'aide disponible pour `%s'" - -#~ msgid "invalid clear text header: " -#~ msgstr "en-tête de texte clair invalide : " - -#~ msgid "LID %lu: changing trust from %u to %u\n" -#~ msgstr "LID %lu : changement de la confiance de %u vers %u\n" - -#~ msgid "LID %lu: setting trust to %u\n" -#~ msgstr "LID %lu : la confiance est maintenant %u\n" diff --git a/scripts/config.guess b/scripts/config.guess index a33e7a5f1..6413fa44f 100755 --- a/scripts/config.guess +++ b/scripts/config.guess @@ -138,6 +138,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in atari*:OpenBSD:*:*) echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; + atari*:[Mm]i[Nn][Tt]:*:*) + echo m68k-atari-mint + exit 0 ;; sun3*:NetBSD:*:*) echo m68k-sun-netbsd${UNAME_RELEASE} exit 0 ;; diff --git a/util/errors.c b/util/errors.c index af182f2fd..84f8d2bd7 100644 --- a/util/errors.c +++ b/util/errors.c @@ -94,6 +94,9 @@ g10_errstr( int err ) X(WR_PUBKEY_ALGO ,N_("unusable pubkey algorithm")) X(FILE_EXISTS ,N_("file exists")) X(WEAK_KEY ,N_("weak key")) + X(INV_ARG ,N_("invalid argument")) + X(BAD_URI ,N_("bad URI")) + X(INVALID_URI ,N_("unsupported URI")) default: p = buf; sprintf(buf, "g10err=%d", err); break; } #undef X