1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

See ChangeLog: Tue Jan 12 11:17:18 CET 1999 Werner Koch

This commit is contained in:
Werner Koch 1999-01-12 10:20:24 +00:00
parent 8ddca5a28a
commit 62957ff4e7
34 changed files with 458 additions and 305 deletions

View File

@ -36,6 +36,7 @@ md@linux.it
TRANSLATIONS Gael Queri 1998-09-08
Disclaimer. [fr]
gqueri@mail.dotcom.fr
Fixed a lot of typos.
TRANSLATIONS Walter Koch 1998-09-08

View File

@ -1,3 +1,11 @@
Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* config.links (m68k-atari-mint): New
Tue Jan 12 09:17:19 CET 1999 Gaël Quéri <gqueri@mail.dotcom.fr>
* all: Fixed typos all over the place
Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* configure.in: Add a way to statically link rndunix
@ -25,6 +33,7 @@ Thu Dec 10 20:15:36 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
Tue Dec 8 15:09:29 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
* VERSION: Set to 0.4.5
Wed Nov 25 12:38:29 1998 Werner Koch (wk@isil.d.shuttle.de)
* configure.in (USE_RNDLINUX): New.

View File

@ -79,9 +79,9 @@ should put this in your ~/.gnupg/options file:
load-extension rndunix
===>8====================
This collector works by running a lot of tools which yields more or
less unpredictable output and fedds this as entropy into the random
less unpredictable output and feds this as entropy into the random
generator - It should work reliable but you should check whether
it produces good output for your kinf of Unix. There are some debug
it produces good output for your kind of Unix. There are some debug
options to help you (see cipher/rndunix.c).

42
NEWS
View File

@ -1,3 +1,7 @@
* add some additional time warp checks.
Noteworthy changes in version 0.9.1
-----------------------------------
@ -24,7 +28,7 @@ Noteworthy changes in version 0.9.0
-----------------------------------
* --export does now only exports rfc2440 compatible keys; the
old behavious is available with --export-all.
old behaviour is available with --export-all.
Generation of v3 ElGamal (sign and encrypt) keys is not longer
supported.
@ -87,7 +91,7 @@ Noteworthy changes in version 0.4.4
you are put into normal mode unless you use "quit" or "save" as
one of the commands. When in batch mode, the program quits after
the last command, so you have to use "save" if you did some changes.
It does not yet work completey, but may be used to list so the
It does not yet work completely, but may be used to list so the
keys etc.
@ -111,7 +115,7 @@ Noteworthy changes in version 0.4.3
the contrib directory of the FTP servers)
* commandline option processing now works as expected for GNU programs
with the execption that you can't mix options and normal arguments.
with the exception that you can't mix options and normal arguments.
* Now --list-key lists all matching keys. This is needed in some
other places too.
@ -138,7 +142,7 @@ Noteworthy changes in version 0.4.2
prime product.
* --import now only looks for KEYBLOCK headers, so you can now simply
remove the "- " in front of such a header if someone accdently signed
remove the "- " in front of such a header if someone accidently signed
such a message or the keyblock is part of a cleartext signed message.
* --with-colons now lists the key expiration time and not anymore
@ -206,7 +210,7 @@ Noteworthy changes in version 0.3.5
* Fixed a bug with 5 byte length headers.
* --delete-[secret-]key is now also availabe in gpgm.
* --delete-[secret-]key is now also available in gpgm.
* cleartext signatures are not anymore converted to LF only.
@ -230,21 +234,21 @@ Noteworthy changes in version 0.3.3
-----------------------------------
* IMPORTANT: I found yet another bug in the way the secret keys
are encrypted - I did it the way pgp 2.x did it, but OpenPGP
and pgp 5.x specifiy another (in some aspects simpler) method.
and pgp 5.x specify another (in some aspects simpler) method.
To convert your secret keys you have to do this:
1. Build the new release but don't install it and keep
a copy of the old program.
2. Disable the network, make sure that you are the only
user, be sure that there are no trojan horses etc ....
user, be sure that there are no Trojan horses etc ....
3. Use your old gpg (version 0.3.[12]) and set the
passphrases of ALL your secret keys to empty!
(gpg --change-passphrase your-user-id).
4. Save your ownertrusts (see the next point)
5. rm ~/.gnupg/trustd.gpg
5. rm ~/.gnupg/trustdb.gpg
6. install the new version of gpg (0.3.3)
7. For every secret key call "gpg --edit-key your-user-id",
enter "passwd" at the prompt, follow the instructions and
change your passward back, enter "save" to store it.
change your password back, enter "save" to store it.
8. Restore the ownertrust (see next point).
* The format of the trust database has changed; you must delete
@ -257,7 +261,7 @@ Noteworthy changes in version 0.3.3
release and it does now only export defined ownertrusts.
* The command --edit-key now provides a commandline driven menu
which can be used vor vaious tasks. --sign-key is only an
which can be used for various tasks. --sign-key is only an
an alias to --edit-key and maybe removed in future: use the
command "sign" of this new menu - you can select which user ids
you want to sign.
@ -267,7 +271,7 @@ Noteworthy changes in version 0.3.3
* Owner trust values can now be changed with --edit-key (trust)
* GNUPG can now run as a coprocess; this enables sophisticated
frontends. tools/shmtest.c is a simple sample implemenation.
frontends. tools/shmtest.c is a simple sample implementation.
This needs some more work: all tty_xxx() are to be replaced
by cpr_xxx() and some changes in the display logics is needed.
@ -306,7 +310,7 @@ Noteworthy changes in version 0.3.2
* Now displays the trust status of a positive verified message.
* Keyrings are now scanned in the sequence they are added with
--[secret-]keyring. Note that the default keyring is implictly
--[secret-]keyring. Note that the default keyring is implicitly
added as the very first one unless --no-default-keyring is used.
* Fixed setuid and dlopen bug.
@ -346,7 +350,7 @@ Noteworthy changes in version 0.3.0
* A complete new structure for representing the key parameters.
* Removed most public key knowledge into the cipher libray.
* Removed most public key knowledge into the cipher library.
* Support for dynamic loading of new algorithms.
@ -420,7 +424,7 @@ Noteworthy changes in version 0.2.17
Noteworthy changes in version 0.2.16
------------------------------------
* Add experimental support for the TIGER/192 message diigest algorithm.
* Add experimental support for the TIGER/192 message digest algorithm.
(But there is only a dummy ASN OID).
* Standard cipher is now Blowfish with 128 bit key in OpenPGP's CFB
@ -451,7 +455,7 @@ Noteworthy changes in version 0.2.14
* Changed the internal handling of keyrings.
* Add support to list PGP 5 keyrings with supkeys
* Add support to list PGP 5 keyrings with subkeys
* Timestamps of signatures are now verified.
@ -494,7 +498,7 @@ Noteworthy changes in version 0.2.11
* "--delete-key" works for public keys. What semantics shall I use
when there is a secret key too? Delete the secret key or leave him
and auto-regenerate the public key, netxt time the secret key is used?
and auto-regenerate the public key, next time the secret key is used?
Noteworthy changes in version 0.2.10
------------------------------------
@ -507,7 +511,7 @@ Noteworthy changes in version 0.2.10
* Changed some configure options and add an option
--disable-m-guard to remove the memory checking code
and to compile everthing with optimization on.
and to compile everything with optimization on.
* New environment variable GNUPGHOME, which can be used to set
another homedir than ~/.gnupg. Changed default homedir for
@ -584,7 +588,7 @@ Noteworthy changes in version 0.2.4
* backup copies of keyrings are created.
* assembler stuff for Pentium; gives about 15% better perfomance.
* assembler stuff for Pentium; gives about 15% better performance.
* fixed a lot of bugs.
@ -610,7 +614,7 @@ Noteworthy changes in version 0.2.3
* added option "--status-fd": see g10/OPTIONS
* We have secure memeory on systems which support mlock().
* We have secure memory on systems which support mlock().
It is not complete yet, because we do not have signal handler
which does a cleanup in very case.
We should also check the ulimit for the user in the case

View File

@ -4,7 +4,7 @@
(userid, or any other unique identification) on command line.
--> NO: Use a script and --status-fd
* Change the internal represention of keyid into a struct which
* Change the internal representation of keyid into a struct which
can also hold the localid and extend the localid to hold information
of the subkey number because two subkeys may have the same keyid.
@ -20,7 +20,7 @@
* Add a way to override the current cipher/md implementations
by others (using extensions)
* Not GnuPG replated: What about option completion in bash?
* Not GnuPG related: What about option completion in bash?
Can "--dump-options" be used for this or should we place the
options in a special ELF segment?
@ -34,9 +34,9 @@
* rewrite --list-packets or put it into another tool.
* We need a maintainence pass over the trustdb which flags
* We need a maintenance pass over the trustdb which flags
signatures as expired if the key used to make the signature has
expired. Maybe it is a good idea to store the exiration time
expired. Maybe it is a good idea to store the expiration time
in the key record of the trustdb.
* write a tool to extract selected keys from a file.

8
README
View File

@ -34,7 +34,7 @@
the word "subscribe" in the body to "g10-request@net.lut.ac.uk".
This mailing list is a closed one (only subscribers are allowed
to post) to avoid misuse by folks who don't know the Netiquette
and trash you mailspool with commercial junk.
and trash your mailspool with commercial junk.
See the file COPYING for copyright and warranty information.
@ -301,7 +301,7 @@
user ID is the one with an email address you prefer - because
you have no signatures on this email address it is easy to change
this address. Remember: Your signators sign your public key (the
primary one) together with one od your user IDs - so it is not possible
primary one) together with one of your user IDs - so it is not possible
to change the user ID later without voiding all the signatures.
Tip: If you hear about a key signing party on a computer conference
@ -412,7 +412,7 @@
The primary FTP site is "ftp://ftp.gnupg.org/pub/gcrypt/"
The primary WWW page is "http://www.gnupg.org"
See http://www.gnugp.org/mirrors.html for a list of FTP mirrors
See http://www.gnupg.org/mirrors.html for a list of FTP mirrors
and use them if possible.
Please direct bug reports to <gnupg-bugs@gnu.org> or better
@ -420,7 +420,7 @@
closed list - subscribe before posting, see above (~line 33)).
Please direct questions about GnuPG to the mailing list or
one of the pgp newsgroups; this gives me more time to improve
GnuPG. Commercial support for GnuPG will be availabe soon.
GnuPG. Commercial support for GnuPG will be available soon.
Have fun and remember: Echelon is looking at you kid.

View File

@ -14,6 +14,16 @@
* What shall we do if we have a valid subkey revocation certificate
but no subkey binding? Is this a valid but revoked key?
* use a mmaped file for secure memory if mlock does not work and
make sure that this file is always wiped out. Is this really
more secure than swapping out to the swap disk? I don't
believe so because if an attacker has access to the physical
box (and he needs this to look at the swap area) he can also
leave a trojan horse which is far more easier than to analyze
memory dumps. Question: Is it possible that a Unix pages
an old (left over by some other process) swap page in for
another process - this should be considered a serious design
flow/bug.
Date: Mon, 4 Jan 1999 19:34:29 -0800 (PST)
From: Matthew Skala <mskala@ansuz.sooke.bc.ca>
@ -172,7 +182,7 @@ o Keep a blacklist of known bad signatures to minimize
o Should be fast - I currently designing a new storage
system called keybox which takes advantage of the fact
that the keyID is higly random and can be directly be
that the keyID is highly random and can be directly be
used as a hash value and this keyID is (for v4 keys)
part of the fingerprint: So it is possible to use the
fingerprint as key but do an lookup by the keyID.
@ -186,7 +196,7 @@ o Use the HKS protocol and enhance it in a way that binary
keyrings can be transmitted. (I already wrote some
http server and client code which can be used for this)
o Keep a checkcsum (hash) of the entire keyblock so that a
o Keep a checksum (hash) of the entire keyblock so that a
client can easy check whether this keyblock has changed.
(keyblock = the entire key with all certificates etc.)

26
TODO
View File

@ -6,6 +6,8 @@ Bugs
if the clearsign has been created by pgp263ia.
Needs more investigation - anyone?
* clearsign bug Greg Troxel Jan 11.
Important
----------
* Check revocation and expire stuff. PLEASE: THIS MUST BE TESTED!
@ -13,28 +15,25 @@ Important
* Check calculation of key validity. PLEASE: IT IS IMPORTED THAT
THIS GET TESTED.
* It has been reported that lockfiles are not removed in all cases.
cleanup is done with atexit() and all signals trigger exit() -
anything wrong with this? - ah yes: a signal while still in
dotlock_make
* See why we always get this "Hmmm public key lost"
* print a warning when a revoked/expired secret key is used.
* Allow the use of a the faked RNG only for keys which are
flagged as INSECURE.
> 0.9.1: I get some occasional segfaults during 'make check' unless I use
> --with-included-zlib. It's strange, I have zlib-1.1.2 on one machine, and
> zlib-1.1.3 on another, and both of them fail on occasion (maybe half of the
> gpg: /home/jam/.gnupg/pubring.gpg: can't open gdbm file: Can't be writer
> gpg: keyblock resource `/home/jam/.gnupg/pubring.gpg': file open error
> gpg: OOPS in close enum_keyblocks - ignored
Needed
------
* remove more "Fixmes"
* Replace Blowfish by Twofish and add the new encrypted packet typ
* Replace Blowfish by Twofish and add the new encrypted packet type
which has a MACing option (append SHA1 hash to the plaintext and
encrypt this all) - We need an identifier for Twofish to put this
one into the cipher preferences.
@ -48,6 +47,12 @@ Needed
Minor Bugs
----------
* There is a race condition which leaves lock files after process
termination (a signal while in make_dotlock). Change the dotlock
implementaion to a create handle, make and release implemenation
and use an atexit to cleanup all pending locks. This is also
faster.
Nice to have
------------
* preferences of hash algorithms are not yet used.
@ -59,5 +64,6 @@ Nice to have
* Burn the buffers used by fopen(), or use read(2). Does this
really make sense?
* change the fake_data stuff to mpi_set_opaque
* How about letting something like 'gpg --version -v', list the
effective options. Yep.

View File

@ -1,3 +1,10 @@
Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* random.c (random_is_faked): New.
* tiger.c: Only compile if we have the u64 type
Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* rndunix.c (gather_random): check for setuid.

View File

@ -162,6 +162,13 @@ randomize_buffer( byte *buffer, size_t length, int level )
}
int
random_is_faked()
{
if( !is_initialized )
initialize();
return faked_rng || quick_test;
}
/****************
* Return a pointer to a randomized buffer of level 0 and LENGTH bits

View File

@ -25,6 +25,7 @@
/*-- random.c --*/
void secure_random_alloc(void);
int quick_random_gen( int onoff );
int random_is_faked(void);
void randomize_buffer( byte *buffer, size_t length, int level );
byte *get_random_bits( size_t nbits, int level, int secure );
void fast_random_poll( void );

View File

@ -27,6 +27,11 @@
#include "memory.h"
#ifdef HAVE_U64_TYPEDEF
/* we really need it here, but as this is only experiment we
* can live without Tiger */
typedef struct {
u64 a, b, c;
byte buf[64];
@ -964,4 +969,5 @@ gnupgext_enum_func( int what, int *sequence, int *class, int *vers )
return ret;
}
#endif /* HAVE_U64_TYPEDEF */

View File

@ -45,7 +45,7 @@ Format of the "--status-fd" output
Every line is prefixed with "[GNUPG:] ", followed by a keyword with
the type of the status line and a some arguments depending on the
type (maybe none); an application should always be prepared to see
more argumnents in future versions.
more arguments in future versions.
GOODSIG <long keyid> <username>
@ -57,12 +57,12 @@ more argumnents in future versions.
ERRSIG
It was not possible to check the signature. This may be
caused by a missing public key or an unsupported algorithm.
No argumens yet.
No argument yet.
VALIDSIG <fingerprint in hex>
The signature with the keyid is good. This is the same
as GOODSIG but has the fingerprint as the argument. Both
status lines ere emmited for a good signature.
status lines ere emitted for a good signature.
TRUST_UNDEFINED
TRUST_NEVER
@ -70,7 +70,7 @@ more argumnents in future versions.
TRUST_FULLY
TRUST_ULTIMATE
For good signatures one of these status lines are emitted
to indicate how trustworthy the signatur is. No arguments yet.
to indicate how trustworthy the signature is. No arguments yet.
SIGEXPIRED
The signature key has expired. No arguments yet.
@ -158,7 +158,7 @@ Record type 1:
1 u32 first free record
1 u32 record number of shadow directory hash table
It does not make sense to combine this table with the key table
becuase the keyid is not in every case a part of the fingerprint.
because the keyid is not in every case a part of the fingerprint.
4 bytes reserved for version extension record
@ -283,7 +283,7 @@ Record type 9: (cache record)
20 bytes rmd160 hash value over the complete keyblock
This is used to detect any changes of the keyblock with all
CTBs and lengths headers. Calculation is easy if the keyblock
is optained from a keyserver: simply create the hash from all
is obtained from a keyserver: simply create the hash from all
received data bytes.
1 byte number of untrusted signatures.
@ -323,14 +323,14 @@ Record Type 10 (hash table)
n = (reclen-2)/4 which yields 9 for the current record length
of 40 bytes.
the total number of surch record which makes up the table is:
the total number of such record which makes up the table is:
m = (256+n-1) / n
which is 29 for a record length of 40.
To look up a key we use the first byte of the fingerprint to get
the recnum from this hashtable and look up the addressed record:
- If this record is another hashtable, we use 2nd byte
to index this hast table and so on.
to index this hash table and so on.
- if this record is a hashlist, we walk all entries
until we found one a matching one.
- if this record is a key record, we compare the
@ -398,12 +398,12 @@ There is one enhancement used with the old style packet headers:
+
+ It works like this: After the CTB (with a length field of 11) a
+ marker field is used, which gives the length of the following datablock.
+ This is a simple 2 byte field (MSB first) containig the amount of data
+ This is a simple 2 byte field (MSB first) containing the amount of data
+ following this field, not including this length field. After this datablock
+ another length field follows, which gives the size of the next datablock.
+ A value of 0 indicates the end of the packet. The maximum size of a
+ data block is limited to 65534, thereby reserving a value of 0xffff for
+ future extensions. These length markers must be insereted into the data
+ future extensions. These length markers must be inserted into the data
+ stream just before writing the data out.
+
+ This 2 byte filed is large enough, because the application must buffer
@ -416,7 +416,7 @@ There is one enhancement used with the old style packet headers:
Usage of gdbm files for keyrings
================================
The key to store the keyblokc is it's fingerpint, other records
The key to store the keyblock is it's fingerprint, other records
are used for secondary keys. fingerprints are always 20 bytes
where 16 bit fingerprints are appded with zero.
The first byte of the key gives some information on the type of the

34
doc/FAQ
View File

@ -21,7 +21,7 @@
public key, and he would only be able to decrypt it by having the secret
key and putting in the password to use his secret key.
GNUPG is also usefull for signing things. Things that are encrypted with
GNUPG is also useful for signing things. Things that are encrypted with
the secret key can be decrypted with the public key. To sign something, a
hash is taken of the data, and then the hash is in some form encoded
with the secret
@ -38,23 +38,23 @@
You can 'conventionally' encrypt something by using the option 'gpg -c'.
It is encrypted using a passphrase, and does not use public and secret
keys. If the person you send the data to knows that passphrase, they can
decrypt it. This is usually most usefull for encrypting things to
decrypt it. This is usually most useful for encrypting things to
yourself, although you can encrypt things to your own public key in the
same way. It should be used for communication with partners you know and
where it is easy to exchange the passphrases (e.g. with your boy friend or
your wife). The advantage is that you can chnage the passphrase from time
to time and decrease the risk, that many old messages may be decryptted by
your wife). The advantage is that you can change the passphrase from time
to time and decrease the risk, that many old messages may be decrypted by
people who accidently got your passphrase.
You can add and copy keys to and from your keyring with the 'gpg --import'
and 'gpg --export' option. 'gpg --export-secret-keys' will export secret
keys. This is normally not usefull, but you can generate the key on one
keys. This is normally not useful, but you can generate the key on one
machine then move it to another machine.
Keys can be signed under the 'gpg --edit-key' option. When you sign a
key, you are saying that you are certain that the key belongs to the
person it says it comes from. You should be very sure that is really
taht person: You should verify the key fingerprint
that person: You should verify the key fingerprint
gpg --fingerprint user-id
@ -69,7 +69,7 @@
Oh yeah, this is important. By default all data is encrypted in some weird
binary format. If you want to have things appear in ascii text that is
readable, just add the '-a' option. But the preferred methos is to use
readable, just add the '-a' option. But the preferred method is to use
a MIME aware mail reader (Mutt, Pine and many more).
There is a small security glitch in the OpenPGP (and therefor GNUPG) system;
@ -80,7 +80,7 @@
Q: What is the recommended key size?
A: 1024 bit for DSA signatures; even for plain ElGamal
signatures this is sufficient as the size of the hash
is probably the weakest link if the keyssize is larger
is probably the weakest link if the keysize is larger
than 1024 bits. Encryption keys may have greater sizes,
but you should than check the fingerprint of this key.
@ -100,7 +100,7 @@
at least for decryption). To be better interoperable, GNUPG
(starting with version 0.3.3) now also uses type 16 for the
ElGamal subkey which is created if the default key algorithm
is choosen. You may add an type 16 ElGamal key to your public
is chosen. You may add an type 16 ElGamal key to your public
key which is easy as your key signatures are still valid.
Q: Why is PGP 5.x not able to verify my messages.
@ -109,14 +109,14 @@
data. Use the option "--force-v3-sigs" to generate V3 signatures
for data.
Q: I can't delete a user id because it is already deleted on my
Q: I can't delete an user id because it is already deleted on my
public keyring.
A: Because you can only select from the public key ring, there is
no direct way to do this. However it is not so complicated
do to it anyway: Create a new user id with exactly the same name,
you will notice that there are two identical user ids on the
secret ring now. Now select this user id and delete it; both
user ids from the secret ring will be remoed.
user ids from the secret ring will be removed.
Q: How can I encrypt a message in way pgp 2.x is able to decrypt it later?
A: You can't do that because pgp 2.x normally uses IDEA which is not
@ -175,7 +175,7 @@
trustdb which holds a list of valid key signatures. If you are not
running in batch mode you will be asked to assign a trust parameter
(ownertrust) to a key. I have plans to use a cache for calculated
trust values to speed up calcualtion.
trust values to speed up calculation.
You can see the validity (calculated trust value) using this command:
@ -202,19 +202,19 @@
the assigned value:
- = No Ownertrust value yet assigned.
n = Never trust this keyholder to correctly verifiy others signatures.
n = Never trust this keyholder to correctly verify others signatures.
m = Have marginal trust in the keyholders capability to sign other keys.
f = Assume that the key holder really knows how to sign keys.
u = No need to trust ourself because we have the secret key.
Please keep these values confidential, as they express some opiones of
Please keep these values confidential, as they express some opinions of
you about others. PGP does store these information with the keyring, so
it is not a good idea to publish the keyring instead of exporting the
keyring - gnupg stores the trust in the trust-DB and therefor it is okay
to give the keyring away (but we have a --export command too).
Q: What is the differenc between options and commands?
Q: What is the difference between options and commands?
A: If you do a "gpg --help", you will get two separate lists. The first is a list
of commands. The second is a list of options. Whenever you run GPG, you *must*
pick exactly one command (**with one exception, see below). You *may* pick one
@ -266,7 +266,7 @@
Q: What kind of output is this: "key C26EE891.298, uid 09FB: ...."?
A: This is the internal representaion of a user id in the trustdb.
A: This is the internal representation of an user id in the trustdb.
"C26EE891" is the keyid, "298" is the local id (a record number
in the trustdb) and "09FB" are the last two bytes of a ripe-md-160
hash of the user id for this key.
@ -293,7 +293,7 @@
"uid 12345678.3456/ACDE"
This is about the user ID for the same key; to identify the
user ID the last two bytes of a ripe-md-160 over the user ID
tring is printed.
ring is printed.
"sig 12345678.3456/ACDE/9A8B7C6D"
This is about the signature with key ID 9A8B7C6D for the
above key and user ID, if it is a signature which is direct

View File

@ -20,7 +20,7 @@ archive use:
This service is provided to help you in hunting bugs and not to deliver
stable snapshots; it may happen that it even does not compile, so please
don't complain. CVS may put a high load on a server, so please don't poll
poll for new updates but wait for an anouncement; to receive this you may
poll for new updates but wait for an announcement; to receive this you may
want to subscribe to:
gnupg-commit-watchers@isil.d.shuttle.de
@ -80,7 +80,7 @@ Directory Layout
----------------
./ Readme, configure
./scripts Scripts needed by configure and others
./doc Documentaion
./doc Documentation
./util General purpose utility function
./mpi Multi precision integer library
./cipher Cryptographic functions
@ -121,7 +121,7 @@ Logging
Option parsing
---------------
GNUPG does not use getopt or GNU getopt but functions of it's own. See
util/argparse.c for details. The advantage of these funtions is that
util/argparse.c for details. The advantage of these functions is that
it is more easy to display and maintain the help texts for the options.
The same option table is also used to parse resource files.
@ -129,7 +129,7 @@ The same option table is also used to parse resource files.
What is an iobuf
----------------
This is the data structure used for most I/O of gnupg. It is similiar
This is the data structure used for most I/O of gnupg. It is similar
to System V Streams but much simpler. It should be replaced by a cleaner
and faster implementation. We are doing to much copying and the semantics
of "filter" removing are not very clean. EOF handling is also a problem.
@ -138,7 +138,7 @@ of "filter" removing are not very clean. EOF handling is also a problem.
How to use the message digest functions
---------------------------------------
cipher/md.c implements an interface to hash (message diesgt functions).
cipher/md.c implements an interface to hash (message digest functions).
a) If you have a common part of data and some variable parts
and you need to hash of the concatenated parts, you can use this:

View File

@ -26,7 +26,7 @@
* (9.2) states that IDEA SHOULD be implemented. This is not done
due to patent problems.
* (12.1) states that an implementaion MUST NOT use a symmetric
* (12.1) states that an implementation MUST NOT use a symmetric
algorithm which is not in the preference list. GnuPG has an
option to override this.
@ -79,8 +79,8 @@
it with a V3 keyid, and can properly use only a V3 format RSA
key.
* Neither PGP 5.x nor PGP 6.0 recognize Elgamal Encrypt and Sign
keys. They only handle Elgamal Encrypt-only keys.
* Neither PGP 5.x nor PGP 6.0 recognize ElGamal Encrypt and Sign
keys. They only handle ElGamal Encrypt-only keys.
Parts of this document are taken from:

View File

@ -237,7 +237,7 @@ B<--trusted-key> I<keyid>
Assume that the key with the I<keyid> (which must be
a full (8 byte) keyid) is as trustworthy as one of
your own secret keys. This may be used to make keys
valid which are not directly ceritified by you but
valid which are not directly certified by you but
by a CA you trust. The advantage of this option is
that it shortens the path of certification.
@ -392,7 +392,7 @@ B<--s2k-mode> I<number>
Selects how passphrases are mangled: A number of I<0>
uses the plain passphrase (which is not recommended),
a I<1> (default) adds a salt to the passphrase and
I<3> interates the whole process a couple of times.
I<3> iterates the whole process a couple of times.
Unless -B<--rfc1991> is used, this mode is also used
for conventional encryption.
@ -403,7 +403,7 @@ B<--compress-algo> I<number>
The default algorithm may give better
results because the window size is not limited to 8K.
If this is not used the OpenPGP behavior is used; i.e.
the compression algorith is selected from the preferences.
the compression algorithm is selected from the preferences.
B<--digest-algo> I<name>
Use I<name> as message digest algorithm. Running the
@ -444,7 +444,7 @@ B<--rfc1991>
Try to be more RFC1991 (PGP 2.x) compliant.
B<--force-v3-sigs>
OpenPGP states that a implemenation should generate
OpenPGP states that a implementation should generate
v4 signatures but PGP 5.x does only recognize such
signatures on key material. This options forces
v3 signatures for signatures on data.

View File

@ -42,8 +42,8 @@
<title>Introduction</title>
<sect1 id="feedback">
<title>Feedback</title>
<para>Well, I'm german and I find it hard to express myself in
english. So if you find some phrases and/or words that I used
<para>Well, I'm German and I find it hard to express myself in
English. So if you find some phrases and/or words that I used
in a wrong way (and you will find them :-) ), please send me a
mail, to let me correct this. Please send me notes about
typos, too.</para>
@ -51,7 +51,7 @@
<sect1 id="whatis">
<title>What is GBUPG</title>
<title>What is GNUPG</title>
<para>GNUPG is a free data encryption and signing tool.
<screen>
@ -81,7 +81,7 @@
<optional><parameter>options</parameter></optional>
<replaceable class="parameter">file name</replaceable>
</synopsis>
<refpurpose>is the GNUU tool for signing and exncryption</>
<refpurpose>is the GNU tool for signing and encryption</>
<refsect1>
<title>Description</title>
<para> </para>

View File

@ -1,3 +1,18 @@
Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* ringedit.c (find_keyblock_bysk): New.
* skc_list.c (is_insecure): New.
(build_sk_list): usage check for insecure keys.
* import.c (chk_self_sigs): Add handling for subkeys.
(delete_inv_parts): Skip unsigned subkeys
* sig-check.c (do_check): Print info if the signature is older
than the key.
* keygen.c (generate_subkeypair): Fail on time warp.
* sign.c (do_sign): Ditto.
Sun Jan 10 15:10:02 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* armor.c (fake_packet): Fixed not-dash-escaped bug.

View File

@ -36,7 +36,7 @@
* Translators should use the key as msgid, this is to keep the msgid short
* and to allow for easy changing of the helptexts.
*
* Mini gloassary:
* Mini glossary:
*
* "user ID", "trustdb", "NOTE" and "WARNING".
*/
@ -60,14 +60,14 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
},
{ N_("pklist.user_id.enter"),
"Enter the user id of the addresse to whom you want to send the message."
"Enter the user id of the addressee to whom you want to send the message."
},
{ N_("keygen.algo"),
"Select the algorithm to use.\n"
"DSA (aka DSS) is the digital signature algorithm which can only be used\n"
"for signatures. This is the suggested algorithm because verification of\n"
"DSA signatures are much faster than those of ElGamal\n"
"DSA signatures are much faster than those of ElGamal.\n"
"ElGamal is a algorithm which can be used for signatures and encryption.\n"
"OpenPGP distunguishs between two flavors of this algorithms: a encrypt only\n"
"and a sign+encrypt; actually it is the same, but some parameters must be\n"
@ -75,7 +75,7 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
"does this but other OpenPGP implemenations are not required to understand\n"
"the signature+encryption flavor.\n"
"The first (primary) key must always be a key which is capable of signing;\n"
"this is the reason why the ecrytion only ElGamal key is disabled in this."
"this is the reason why the encryption only ElGamal key is disabled in this."
},
@ -165,7 +165,7 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
{ N_("keyedit.remove.uid.okay"),
"Answer \"yes\" if you really want to delete this user ID.\n"
"All ceritifcates are then also lost!"
"All certificates are then also lost!"
},
{ N_("keyedit.remove.subkey.okay"),

View File

@ -661,12 +661,13 @@ import_revoke_cert( const char *fname, KBNODE node )
* loop over the keyblock and check all self signatures.
* Mark all user-ids with a self-signature by setting flag bit 0.
* Mark all user-ids with an invalid self-signature by setting bit 1.
* This works allso for subkeys, here the subkey is marked.
*/
static int
chk_self_sigs( const char *fname, KBNODE keyblock,
PKT_public_key *pk, u32 *keyid )
{
KBNODE n, unode;
KBNODE n;
PKT_signature *sig;
int rc;
@ -675,9 +676,11 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
continue;
sig = n->pkt->pkt.signature;
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
if( (sig->sig_class&~3) == 0x10 ) {
KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
if( !unode ) {
log_error_f(fname, _("key %08lX: no user-id for signature\n"),
log_error_f(fname,
_("key %08lX: no user-id for signature\n"),
(ulong)keyid[1]);
return -1; /* the complete keyblock is invalid */
}
@ -692,6 +695,32 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
}
unode->flag |= 1; /* mark that signature checked */
}
else if( sig->sig_class == 0x18 ) {
KBNODE knode = find_prev_kbnode( keyblock,
n, PKT_PUBLIC_SUBKEY );
if( !knode )
knode = find_prev_kbnode( keyblock,
n, PKT_SECRET_SUBKEY );
if( !knode ) {
log_error_f(fname,
_("key %08lX: no subkey for key binding\n"),
(ulong)keyid[1]);
}
else {
rc = check_key_signature( keyblock, n, NULL);
if( rc ) {
log_error_f( fname, rc == G10ERR_PUBKEY_ALGO ?
_("key %08lX: unsupported public key algorithm\n"):
_("key %08lX: invalid subkey binding\n"),
(ulong)keyid[1]);
knode->flag |= 2; /* mark as invalid */
}
}
knode->flag |= 1; /* mark that signature checked */
}
}
}
return 0;
}
@ -730,6 +759,22 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
else
nvalid++;
}
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
if( (node->flag & 2) || !(node->flag & 1) ) {
if( opt.verbose ) {
log_info_f(fname, _("key %08lX: skipped subkey\n"),
(ulong)keyid[1]);
}
delete_kbnode( node ); /* the subkey */
/* and all following signature packets */
while( node->next
&& node->next->pkt->pkttype == PKT_SIGNATURE ) {
delete_kbnode( node->next );
node = node->next;
}
}
}
else if( node->pkt->pkttype == PKT_SIGNATURE
&& check_pubkey_algo( node->pkt->pkt.signature->pubkey_algo)
&& node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA )
@ -845,7 +890,7 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
}
}
/* merge subkey certifcates */
/* merge subkey certificates */
for(onode=keyblock_orig->next; onode; onode=onode->next ) {
if( !(onode->flag & 1)
&& ( onode->pkt->pkttype == PKT_PUBLIC_SUBKEY

View File

@ -194,6 +194,7 @@ int locate_keyblock_by_keyid( KBPOS *kbpos, u32 *keyid,
int find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos );
int find_keyblock_byname( KBPOS *kbpos, const char *username );
int find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk );
int find_keyblock_bysk( KBPOS *kbpos, PKT_secret_key *sk );
int find_secret_keyblock_byname( KBPOS *kbpos, const char *username );
int lock_keyblock( KBPOS *kbpos );
void unlock_keyblock( KBPOS *kbpos );

View File

@ -971,6 +971,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
char *passphrase = NULL;
DEK *dek = NULL;
STRING2KEY *s2k = NULL;
u32 cur_time;
/* break out the primary secret key */
node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
@ -981,6 +982,19 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
/* make a copy of the sk to keep the protected one in the keyblock */
sk = copy_secret_key( NULL, node->pkt->pkt.secret_key );
cur_time = make_timestamp();
if( sk->timestamp > cur_time ) {
ulong d = sk->timestamp - cur_time;
log_info( d==1 ? _("key has been created %lu second "
"in future (time warp or clock problem)\n")
: _("key has been created %lu seconds "
"in future (time warp or clock problem)\n"), d );
rc = G10ERR_TIME_CONFLICT;
goto leave;
}
/* unprotect to get the passphrase */
switch( is_secret_key_protected( sk ) ) {
case -1:

View File

@ -480,6 +480,23 @@ find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk )
return rc;
}
/****************
* Combined function to search for a key and get the position
* of the keyblock.
*/
int
find_keyblock_bysk( KBPOS *kbpos, PKT_secret_key *sk )
{
PACKET pkt;
int rc;
init_packet( &pkt );
pkt.pkttype = PKT_SECRET_KEY;
pkt.pkt.secret_key = sk;
rc = search( &pkt, kbpos, 0 );
return rc;
}
/****************
* Combined function to search for a username and get the position

View File

@ -1,4 +1,4 @@
/* seckey-cert.c - secret key certifucate packet handling
/* seckey-cert.c - secret key certificate packet handling
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GnuPG.

View File

@ -157,15 +157,22 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
return G10ERR_PUBKEY_ALGO;
}
if( pk->timestamp > sig->timestamp )
if( pk->timestamp > sig->timestamp ) {
ulong d = pk->timestamp - sig->timestamp;
log_info( d==1
? _("public key is %lu second newer than the signature\n")
: _("public key is %lu seconds newer than the signature\n"),
d );
return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */
}
cur_time = make_timestamp();
if( pk->timestamp > cur_time ) {
ulong d = pk->timestamp - cur_time;
log_info(_("public key created %lu %s "
"in future (time warp or clock problem)\n"),
d, d==1? _("second"):_("seconds") );
log_info( d==1 ? _("key has been created %lu second "
"in future (time warp or clock problem)\n")
: _("key has been created %lu seconds "
"in future (time warp or clock problem)\n"), d );
return G10ERR_TIME_CONFLICT;
}
@ -331,7 +338,6 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
keyid_from_pk( pk, keyid );
md = md_open( algo, 0 );
/*md_start_debug(md, "check");*/
hash_public_key( md, pk );
hash_uid_node( unode, md, sig );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {

View File

@ -47,6 +47,16 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
byte *dp;
int rc;
if( sk->timestamp > sig->timestamp ) {
ulong d = sk->timestamp - sig->timestamp;
log_info( d==1 ? _("key has been created %lu second "
"in future (time warp or clock problem)\n")
: _("key has been created %lu seconds "
"in future (time warp or clock problem)\n"), d );
return G10ERR_TIME_CONFLICT;
}
print_pubkey_algo_note(sk->pubkey_algo);
if( !digest_algo )

View File

@ -32,6 +32,7 @@
#include "memory.h"
#include "util.h"
#include "i18n.h"
#include "cipher.h"
void
@ -46,6 +47,19 @@ release_sk_list( SK_LIST sk_list )
}
}
/* Check that we are only using keys which don't have
* the string "(insecure!)" or "not secure" or "do not use"
* in one of the user ids
*/
static int
is_insecure( PKT_secret_key *sk )
{
BUG();
}
int
build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
unsigned usage )
@ -66,10 +80,15 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
SK_LIST r;
if( sk->version == 4 && (usage & PUBKEY_USAGE_SIG)
&& sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_error("this is a PGP generated "
log_info("this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n");
free_secret_key( sk ); sk = NULL;
}
else if( random_is_faked() && !is_insecure( sk ) ) {
log_info(_("key is not flagged as insecure - "
"can't use it with the faked RNG!\n"));
free_secret_key( sk ); sk = NULL;
}
else {
r = m_alloc( sizeof *r );
r->sk = sk; sk = NULL;
@ -102,6 +121,11 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
locusr->d );
free_secret_key( sk ); sk = NULL;
}
else if( random_is_faked() && !is_insecure( sk ) ) {
log_info(_("key is not flagged as insecure - "
"can't use it with the faked RNG!\n"));
free_secret_key( sk ); sk = NULL;
}
else {
r = m_alloc( sizeof *r );
r->sk = sk; sk = NULL;

View File

@ -64,6 +64,9 @@
#define G10ERR_FILE_EXISTS 42
#define G10ERR_WEAK_KEY 43 /* NOTE: hardcoded into the cipher modules */
#define G10ERR_WRONG_KEYLEN 44 /* NOTE: hardcoded into the cipher modules */
#define G10ERR_INV_ARG 45
#define G10ERR_BAD_URI 46 /* syntax error in URI */
#define G10ERR_INVALID_URI 47 /* e.g. unsupported scheme */
#ifndef HAVE_STRERROR

View File

@ -106,13 +106,17 @@ case "${target}" in
m680[234]0*-*-linux* | m68k*-*-linux*)
echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h
cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h
path="m68k/mc68020 m68k"
;;
m68060*-*-linux*)
echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h
cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h
path="m68k"
;;
m68k-atari-mint)
echo '#define MIT_SYNTAX' >>./mpi/asm-syntax.h
cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h
path="m68k/mc68020 m68k"
;;
m68000*-*-* | m68060*-*-*)
echo '#define MIT_SYNTAX' >>./mpi/asm-syntax.h
cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h

View File

@ -1,3 +1,7 @@
Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* fr.po: Imported new version
Tue Dec 29 14:41:47 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
* pl.po: Janusz A. Urbanowicz contributed this one

325
po/fr.po
View File

@ -4,9 +4,9 @@
#
msgid ""
msgstr ""
"Project-Id-Version: gnupg 0.4.5a\n"
"POT-Creation-Date: 1999-01-09 18:31+0100\n"
"PO-Revision-Date: 1998-12-15 00:35+01:00\n"
"Project-Id-Version: gnupg 0.9.0a\n"
"POT-Creation-Date: 1999-01-11 02:14+0100\n"
"PO-Revision-Date: 1999-01-09 00:25+01:00\n"
"Last-Translator: Gaël Quéri <gqueri@mail.dotcom.fr>\n"
"Language-Team: French <fr@li.org>\n"
"MIME-Version: 1.0\n"
@ -26,219 +26,176 @@ msgid "yY"
msgstr "oO"
#: util/errors.c:54
#, fuzzy
msgid "general error"
msgstr "Erreur générale"
msgstr "erreur générale"
#: util/errors.c:55
#, fuzzy
msgid "unknown packet type"
msgstr "Type de paquet inconnu"
msgstr "type de paquet inconnu"
#: util/errors.c:56
#, fuzzy
msgid "unknown version"
msgstr "Version inconnue"
msgstr "version inconnue"
#: util/errors.c:57
#, fuzzy
msgid "unknown pubkey algorithm"
msgstr "Algorithme de clé publique inconnu"
msgstr "algorithme à clé publique inconnu"
#: util/errors.c:58
#, fuzzy
msgid "unknown digest algorithm"
msgstr "Algorithme de hachage inconnu"
msgstr "algorithme de hachage inconnu"
#: util/errors.c:59
#, fuzzy
msgid "bad public key"
msgstr "Mauvaise clé publique"
msgstr "mauvaise clé publique"
#: util/errors.c:60
#, fuzzy
msgid "bad secret key"
msgstr "Mauvaise clé secrète"
msgstr "mauvaise clé secrète"
#: util/errors.c:61
#, fuzzy
msgid "bad signature"
msgstr "Mauvaise signature"
msgstr "mauvaise signature"
#: util/errors.c:62
#, fuzzy
msgid "checksum error"
msgstr "Erreur de checksum"
msgstr "erreur de checksum"
#: util/errors.c:63
#, fuzzy
msgid "bad passphrase"
msgstr "Mauvais mot de passe"
msgstr "mauvais mot de passe"
#: util/errors.c:64
#, fuzzy
msgid "public key not found"
msgstr "Clé publique non trouvée"
msgstr "clé publique non trouvée"
#: util/errors.c:65
#, fuzzy
msgid "unknown cipher algorithm"
msgstr "Algorithme de chiffrement inconnu"
msgstr "algorithme de chiffrement inconnu"
#: util/errors.c:66
#, fuzzy
msgid "can't open the keyring"
msgstr "Ne peut ouvrir le porte-clés"
msgstr "ne peut ouvrir le porte-clés"
#: util/errors.c:67
#, fuzzy
msgid "invalid packet"
msgstr "Paquet invalide"
msgstr "paquet invalide"
#: util/errors.c:68
#, fuzzy
msgid "invalid armor"
msgstr "Armure invalide"
msgstr "armure invalide"
#: util/errors.c:69
#, fuzzy
msgid "no such user id"
msgstr "Pas de tel utilisateur"
msgstr "pas de tel utilisateur"
#: util/errors.c:70
#, fuzzy
msgid "secret key not available"
msgstr "La clé secrète n'est pas disponible"
msgstr "la clé secrète n'est pas disponible"
#: util/errors.c:71
#, fuzzy
msgid "wrong secret key used"
msgstr "Mauvaise clé secrète utilisée"
msgstr "mauvaise clé secrète utilisée"
#: util/errors.c:72
#, fuzzy
msgid "not supported"
msgstr "Non supporté"
msgstr "non supporté"
#: util/errors.c:73
#, fuzzy
msgid "bad key"
msgstr "Mauvaise clé"
msgstr "mauvaise clé"
#: util/errors.c:74
#, fuzzy
msgid "file read error"
msgstr "Erreur de lecture"
msgstr "erreur de lecture"
#: util/errors.c:75
#, fuzzy
msgid "file write error"
msgstr "Erreur d'écriture"
msgstr "erreur d'écriture"
#: util/errors.c:76
#, fuzzy
msgid "unknown compress algorithm"
msgstr "Algorithme de compression inconnu"
msgstr "algorithme de compression inconnu"
#: util/errors.c:77
#, fuzzy
msgid "file open error"
msgstr "Erreur d'ouverture de fichier"
msgstr "erreur d'ouverture de fichier"
#: util/errors.c:78
#, fuzzy
msgid "file create error"
msgstr "Erreur de création de fichier"
msgstr "erreur de création de fichier"
#: util/errors.c:79
#, fuzzy
msgid "invalid passphrase"
msgstr "Mot de passe invalide"
msgstr "mot de passe invalide"
#: util/errors.c:80
#, fuzzy
msgid "unimplemented pubkey algorithm"
msgstr "Algorithme de clé publique non implémenté"
msgstr "algorithme à clé publique non implémenté"
#: util/errors.c:81
#, fuzzy
msgid "unimplemented cipher algorithm"
msgstr "Algorithme de chiffrement non implémenté"
msgstr "algorithme de chiffrement non implémenté"
#: util/errors.c:82
#, fuzzy
msgid "unknown signature class"
msgstr "Classe de signature inconnue"
msgstr "classe de signature inconnue"
#: util/errors.c:83
#, fuzzy
msgid "trust database error"
msgstr "Erreur dans la base de confiance"
msgstr "erreur dans la base de confiance"
#: util/errors.c:84
#, fuzzy
msgid "bad MPI"
msgstr "Mauvais entier en précision multiple"
msgstr "mauvais entier en précision multiple (MPI)"
#: util/errors.c:85
#, fuzzy
msgid "resource limit"
msgstr "Limite de ressources"
msgstr "limite de ressources atteinte"
#: util/errors.c:86
#, fuzzy
msgid "invalid keyring"
msgstr "Porte-clés invalide"
msgstr "porte-clés invalide"
#: util/errors.c:87
#, fuzzy
msgid "bad certificate"
msgstr "Mauvais certificat"
msgstr "mauvais certificat"
#: util/errors.c:88
#, fuzzy
msgid "malformed user id"
msgstr "Nom d'utilisateur malformé"
msgstr "nom d'utilisateur malformé"
#: util/errors.c:89
#, fuzzy
msgid "file close error"
msgstr "Erreur de fermeture de fichier"
msgstr "erreur de fermeture de fichier"
#: util/errors.c:90
#, fuzzy
msgid "file rename error"
msgstr "Erreur pendant le changement de nom du fichier"
msgstr "erreur pendant le changement de nom du fichier"
#: util/errors.c:91
#, fuzzy
msgid "file delete error"
msgstr "Erreur pendant la suppression du fichier"
msgstr "erreur pendant la suppression du fichier"
#: util/errors.c:92
#, fuzzy
msgid "unexpected data"
msgstr "Données inattendues"
msgstr "données inattendues"
#: util/errors.c:93
#, fuzzy
msgid "timestamp conflict"
msgstr "Conflit de dates"
msgstr "conflit de dates"
#: util/errors.c:94
#, fuzzy
msgid "unusable pubkey algorithm"
msgstr "Algorithme de clés publiques inutilisable"
msgstr "algorithme de clés publiques inutilisable"
#: util/errors.c:95
#, fuzzy
msgid "file exists"
msgstr "Le fichier existe"
msgstr "le fichier existe"
#: util/errors.c:96
#, fuzzy
msgid "weak key"
msgstr "Mauvaise clé"
msgstr "mauvaise clé"
#: util/logger.c:178
#, c-format
@ -524,7 +481,7 @@ msgstr "imiter le mode d
# FIXMOI : faudra trouver mieux ...
#: g10/g10.c:245
msgid "|N|use passphrase mode N"
msgstr "|N|utiliser le mode de mots de passe N"
msgstr "|N|utiliser le mode de codage des mots de passe N"
#: g10/g10.c:247
msgid "|NAME|use message digest algorithm NAME for passphrases"
@ -532,7 +489,7 @@ msgstr "|NOM|utiliser le hachage NOM pour les mots de passe"
#: g10/g10.c:249
msgid "|NAME|use cipher algorithm NAME for passphrases"
msgstr "|NOM|utiliser le chiffrement NOM pour les mots de passe"
msgstr "|NOM|utiliser le chiffre NOM pour les mots de passe"
#: g10/g10.c:251
msgid "|NAME|use cipher algorithm NAME"
@ -774,58 +731,55 @@ msgid "invalid clearsig header\n"
msgstr "en-tête de signature claire invalide\n"
#: g10/armor.c:414
#, fuzzy
msgid "nested clear text signatures\n"
msgstr "|[fichier]|faire une signature en texte clair"
msgstr "signatures en texte clair imbriquées\n"
#: g10/armor.c:530
#: g10/armor.c:533
msgid "invalid dash escaped line: "
msgstr "ligne de traits d'échappement invalide : "
#: g10/armor.c:538
#, fuzzy
#: g10/armor.c:541
msgid "unexpected armor:"
msgstr "Données inattendues"
msgstr "armure inattendue :"
#: g10/armor.c:624
#: g10/armor.c:627
#, c-format
msgid "invalid radix64 character %02x skipped\n"
msgstr "caractère %02x invalide en base 64 ignoré\n"
#: g10/armor.c:654
#: g10/armor.c:657
msgid "premature eof (no CRC)\n"
msgstr "fin de fichier prématurée (pas de CRC)\n"
#: g10/armor.c:671
#: g10/armor.c:674
msgid "premature eof (in CRC)\n"
msgstr "fin de fichier prématurée (dans le CRC)\n"
#: g10/armor.c:675
#: g10/armor.c:678
msgid "malformed CRC\n"
msgstr "CRC malformé\n"
#: g10/armor.c:679
#: g10/armor.c:682
#, c-format
msgid "CRC error; %06lx - %06lx\n"
msgstr "Erreur de CRC ; %06lx - %06lx\n"
#: g10/armor.c:696
#: g10/armor.c:699
msgid "premature eof (in Trailer)\n"
msgstr "fin de fichier prématurée (dans la remorque)\n"
#: g10/armor.c:700
#: g10/armor.c:703
msgid "error in trailer line\n"
msgstr "erreur dans la ligne de remorque\n"
#: g10/armor.c:961
#, fuzzy
#: g10/armor.c:964
msgid "no valid OpenPGP data found.\n"
msgstr "pas de donnée RFC1991 ou OpenPGP valide trouvée.\n"
msgstr "aucune de donnée OpenPGP valide n'a été trouvée.\n"
#: g10/armor.c:963
#: g10/armor.c:966
#, c-format
msgid "invalid armor: line longer than %d characters\n"
msgstr ""
msgstr "armure invalide : ligne plus longue que %d caractères\n"
#: g10/pkclist.c:138
#, c-format
@ -864,11 +818,10 @@ msgstr " m = retour au menu principal\n"
#: g10/pkclist.c:159
msgid " q = quit\n"
msgstr ""
msgstr " q = quitter\n"
#. a string with valid answers
#: g10/pkclist.c:164
#, fuzzy
msgid "sSmMqQ"
msgstr "sSmMqQ"
@ -1126,7 +1079,7 @@ msgid ""
"computations take REALLY long!\n"
msgstr ""
"Les tailles supérieures à 2048 ne sont pas conseillées car\n"
"les calculs sont VRAIMENT longs!\n"
"les calculs prennent VRAIMENT beaucoup de temps !\n"
#: g10/keygen.c:464
msgid "Are you sure that you want this keysize? "
@ -1137,7 +1090,7 @@ msgid ""
"Okay, but keep in mind that your monitor and keyboard radiation is also very "
"vulnerable to attacks!\n"
msgstr ""
"D'accord, mais n'oubliez pas que votre écran et les radiations du clavier "
"D'accord, mais n'oubliez pas que votre écran et les radiations du clavier\n"
"sont aussi très vulnérables aux attaques!\n"
#: g10/keygen.c:473
@ -1291,11 +1244,11 @@ msgid ""
"network and the disks) during the prime generation; this gives the random\n"
"number generator a better chance to gain enough entropy.\n"
msgstr ""
"Beaucoup d'octets aléatoires doivent être générés. Vous devriez\n"
"faire quelque-chose d'autre (travailler dans une autre fenêtre, bouger la\n"
"Un grand nombre d'octets aléatoires doit être généré. Vous devriez\n"
"faire autre-chose (travailler dans une autre fenêtre, déplacer la\n"
"souris, utiliser le réseau et les disques) pendant la génération de nombres\n"
"premiers ; cela permet au générateur de nombres aléatoires d'obtenir une\n"
"entropie suffisante plus facilement.\n"
"premiers ; cela donne au générateur de nombres aléatoires une meilleure\n"
"chance d'avoir assez d'entropie.\n"
#: g10/keygen.c:827
msgid "Key generation can only be used in interactive mode\n"
@ -1981,7 +1934,7 @@ msgid "Key not changed so no update needed.\n"
msgstr "La clé n'a pas changé donc la mise à jour est inutile.\n"
#: g10/keyedit.c:669 g10/keyedit.c:727
#, fuzzy, c-format
#, c-format
msgid "update of trustdb failed: %s\n"
msgstr "la mise à jour de la base de confiance a échoué : %s\n"
@ -2060,7 +2013,6 @@ msgid "No secondary key with index %d\n"
msgstr "Pas de clé secondaire avec l'index %d\n"
#: g10/mainproc.c:198
#, fuzzy
msgid "public key encrypted data: good DEK\n"
msgstr "données chiffrées avec la clé publique : bonne clé de chiffrement\n"
@ -2123,9 +2075,8 @@ msgid "can't disable core dumps: %s\n"
msgstr "ne peut empêcher la génération de fichiers core : %s\n"
#: g10/misc.c:93
#, fuzzy
msgid "WARNING: program may create a core file!\n"
msgstr "ATTENTION : Le programme peut créer un fichier core !\n"
msgstr "ATTENTION : Le programme peut créer un fichier « core » !\n"
#: g10/misc.c:200
msgid "Experimental algorithms should not be used!\n"
@ -2140,7 +2091,6 @@ msgstr ""
"et l'utiliser dans l'avenir\n"
#: g10/misc.c:235
#, fuzzy
msgid "this cipher algorithm is depreciated; please use a more standard one!\n"
msgstr ""
"Cet algorithme de chiffrement est déconseillé ; utilisez-en un\n"
@ -2167,14 +2117,14 @@ msgstr ""
"l'utilisateur: \""
#: g10/passphrase.c:150
#, fuzzy, c-format
#, c-format
msgid "%u-bit %s key, ID %08lX, created %s"
msgstr "(clé de %u bits %s, ID %08lX, créée le %s)\n"
msgstr "clé de %u bits %s, ID %08lX, créée le %s"
#: g10/passphrase.c:155
#, c-format
msgid " (main key ID %08lX)"
msgstr ""
msgstr " (ID clé principale %08lX)"
#: g10/passphrase.c:183
msgid "Enter passphrase: "
@ -2209,9 +2159,8 @@ msgid "anonymous receiver; trying secret key %08lX ...\n"
msgstr "destinataire anonyme ; essai de la clé secrète %08lX ...\n"
#: g10/pubkey-enc.c:84
#, fuzzy
msgid "okay, we are the anonymous recipient.\n"
msgstr "d'accord, nous sommes le destinataire anonyme.\n"
msgstr "d'accord, nous sommes le récipient anonyme.\n"
#: g10/pubkey-enc.c:136
msgid "old encoding of the DEK is not supported\n"
@ -2245,19 +2194,18 @@ msgstr ""
"signatures!\n"
#: g10/sig-check.c:166
#, fuzzy, c-format
#, c-format
msgid "public key created %lu %s in future (time warp or clock problem)\n"
msgstr ""
"clé publique créée dans le futur (voyage dans le temps ou problème\n"
"d'horloge)\n"
"clé publique créée %lu %s dans le futur\n"
#: g10/sig-check.c:168
msgid "second"
msgstr ""
msgstr "seconde"
#: g10/sig-check.c:168
msgid "seconds"
msgstr ""
msgstr "secondes"
#: g10/sig-check.c:173
#, c-format
@ -2302,7 +2250,6 @@ msgstr ""
"%s\n"
#: g10/tdbio.c:232
#, fuzzy
msgid "trustdb transaction too large\n"
msgstr "transaction de base de confiance trop volumineuse\n"
@ -2337,17 +2284,17 @@ msgid "%s: failed to create version record: %s"
msgstr "%s : n'a pas pu créer un enregistrement de version : %s"
#: g10/tdbio.c:477
#, fuzzy, c-format
#, c-format
msgid "%s: invalid trustdb created\n"
msgstr "%s : base de confiance invalide créée\n"
#: g10/tdbio.c:479
#, fuzzy, c-format
#, c-format
msgid "%s: trustdb created\n"
msgstr "%s : base de confiance créée\n"
#: g10/tdbio.c:512
#, fuzzy, c-format
#, c-format
msgid "%s: invalid trustdb\n"
msgstr "%s : base de confiance invalide\n"
@ -2421,10 +2368,9 @@ msgid "%s: failed to append a record: %s\n"
msgstr "%s : n'a pas pu ajouter un enregistrement : %s\n"
#: g10/trustdb.c:142
#, fuzzy
msgid "The trustdb is corrupted; please run \"gpgm --fix-trustdb\".\n"
msgstr ""
"La base de confiance est corrompue ; exécutez « gpgm --fix-trust-db ».\n"
"La base de confiance est corrompue ; exécutez « gpgm --fix-trustdb ».\n"
#: g10/trustdb.c:155
#, c-format
@ -2444,9 +2390,9 @@ msgid "trust record %lu: delete failed: %s\n"
msgstr "enregistrement de confiance %lu : la suppression a échoué : %s\n"
#: g10/trustdb.c:198
#, fuzzy, c-format
#, c-format
msgid "trustdb: sync failed: %s\n"
msgstr "base de confiance a échoué : la synchronisation a échoué : %s\n"
msgstr "base de confiance : la synchronisation a échoué : %s\n"
#: g10/trustdb.c:327
#, c-format
@ -2476,9 +2422,9 @@ msgid "chained sigrec %lu has a wrong owner\n"
msgstr "l'enregistrement de signature %lu a un mauvais propriétaire\n"
#: g10/trustdb.c:463
#, fuzzy, c-format
#, c-format
msgid "'%s' is not a valid long keyID\n"
msgstr "`%s' n'est pas une identification longue de clé valide\n"
msgstr "'%s' n'est pas une identification longue de clé valide\n"
#: g10/trustdb.c:498
#, c-format
@ -2559,29 +2505,29 @@ msgid "Ooops, no user ids\n"
msgstr "Ooops, pas de nom d'utilisateur\n"
#: g10/trustdb.c:1088 g10/trustdb.c:1106
#, fuzzy, c-format
#, c-format
msgid "user '%s' read problem: %s\n"
msgstr "problème de lecture de l'utilisateur `%s' : %s\n"
msgstr "problème de lecture de l'utilisateur '%s' : %s\n"
#: g10/trustdb.c:1091 g10/trustdb.c:1109
#, fuzzy, c-format
#, c-format
msgid "user '%s' list problem: %s\n"
msgstr "problème de liste à l'utilisateur `%s' : %s\n"
msgstr "problème de liste à l'utilisateur '%s' : %s\n"
#: g10/trustdb.c:1099 g10/trustdb.c:1346
#, fuzzy, c-format
#, c-format
msgid "user '%s' not found: %s\n"
msgstr "l'utilisateur `%s' n'a pas été trouvé : %s\n"
msgstr "l'utilisateur '%s' n'a pas été trouvé : %s\n"
#: g10/trustdb.c:1101 g10/trustdb.c:1348
#, fuzzy, c-format
#, c-format
msgid "problem finding '%s' in trustdb: %s\n"
msgstr "problème de recherche de `%s' dans la base de confiance : %s\n"
msgstr "problème de recherche de '%s' dans la base de confiance : %s\n"
#: g10/trustdb.c:1104
#, fuzzy, c-format
#, c-format
msgid "user '%s' not in trustdb\n"
msgstr "l'utilisateur `%s' n'est pas dans la base de confiance\n"
msgstr "l'utilisateur '%s' n'est pas dans la base de confiance\n"
#: g10/trustdb.c:1139
#, c-format
@ -2643,14 +2589,14 @@ msgid "error finding dir record: %s\n"
msgstr "erreur pendant la recherche de l'enregistrement de répertoire : %s\n"
#: g10/trustdb.c:1351
#, fuzzy, c-format
#, c-format
msgid "user '%s' not in trustdb - inserting\n"
msgstr "l'utilisateur `%s' n'est pas dans la base de confiance - insertion\n"
msgstr "l'utilisateur '%s' n'est pas dans la base de confiance - insertion\n"
#: g10/trustdb.c:1354
#, fuzzy, c-format
#, c-format
msgid "failed to put '%s' into trustdb: %s\n"
msgstr "n'a pas pu insérer `%s' dans la base de confiance : %s\n"
msgstr "n'a pas pu insérer '%s' dans la base de confiance : %s\n"
#: g10/trustdb.c:1404
#, c-format
@ -3035,7 +2981,6 @@ msgid "encrypted with unknown algorithm %d\n"
msgstr "chiffré avec l'algorithme inconnu %d\n"
#: g10/encr-data.c:74
#, fuzzy
msgid ""
"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
msgstr ""
@ -3058,9 +3003,9 @@ msgstr ""
msgid "edit_ownertrust.value"
msgstr ""
"C'est à vous d'assigner une valeur ici ; cette valeur ne sera jamais\n"
"exportée à une tierce personne. Nous en avons besoin pour créer le\n"
"einvoyée à une tierce personne. Nous en avons besoin pour créer le\n"
"réseau de confiance (web-of-trust) ; cela n'a rien à voir avec le\n"
"réseau de certificats (créé implicitement)"
"réseau des certificats (créé implicitement)"
#: g10/helptext.c:54
msgid "revoked_key.override"
@ -3078,7 +3023,22 @@ msgstr "Entrez l'adresse de la personne
#: g10/helptext.c:66
msgid "keygen.algo"
msgstr "Sélectionnez l'algorithme à utiliser:"
msgstr ""
"Sélectionnez l'algorithme à utiliser.\n"
"DSA (alias DSS) est l'algorithme de signatures électroniques qui ne peut\n"
"être utilisé que pour les signatures. C'est l'algorithme recommandé car\n"
"la vérification des signatures DSA est beaucoup plus rapide que celle des\n"
"signatures ElGamal.\n"
"ElGamal est un algorithme pouvant à la fois être utilisé pour les\n"
"signatures et le chiffrement. OpenPGP en distingue deux sortes :\n"
"l'une destinée uniquement au chiffrement et l'autre pouvant aussi bien\n"
"servir aux signatures ; elles sont en fait identiques mais certains\n"
"paramètres doivent être spécialement choisis pour que la clé génère des\n"
"signatures sures : ce programme est capable de le faire mais les autres\n"
"implémentaions de OpenPGP ne sont pas obligées d'accepter cette forme de\n"
"clé.\n"
"La première clé (clé principale) doit toujours être capable de signer ;\n"
"c'est pourquoi la clé ElGamal de chiffrement seul est alors désactivée."
#: g10/helptext.c:82
msgid "keygen.algo.elg_se"
@ -3089,35 +3049,35 @@ msgstr ""
#: g10/helptext.c:89
msgid "keygen.size"
msgstr ""
msgstr "Entrez la taille de la clé"
#: g10/helptext.c:93
msgid "keygen.size.huge.okay"
msgstr ""
msgstr "Répondez « oui » ou « non »"
#: g10/helptext.c:98
msgid "keygen.size.large.okay"
msgstr ""
msgstr "Répondez « oui » ou « non »"
#: g10/helptext.c:103
msgid "keygen.valid"
msgstr ""
msgstr "Entrez la valeur demandée"
#: g10/helptext.c:107
msgid "keygen.valid.okay"
msgstr ""
msgstr "Répondez « oui » ou « non »"
#: g10/helptext.c:112
msgid "keygen.name"
msgstr ""
msgstr "Entrez le nom du propriétaire de la clé"
#: g10/helptext.c:117
msgid "keygen.email"
msgstr ""
msgstr "Entrez une adresse e-mail optionnelle mais hautement recommandée"
#: g10/helptext.c:121
msgid "keygen.comment"
msgstr ""
msgstr "Entrez un commentaire optionnel"
#: g10/helptext.c:126
msgid "keygen.userid.cmd"
@ -3134,35 +3094,37 @@ msgstr "R
#: g10/helptext.c:139
msgid "sign_uid.okay"
msgstr ""
msgstr "Répondez « oui » ou « non »"
#: g10/helptext.c:144
msgid "change_passwd.empty.okay"
msgstr ""
msgstr "Répondez « oui » ou « non »"
#: g10/helptext.c:149
msgid "keyedit.cmd"
msgstr "Entrez « aide » pour voir la liste des commandes."
msgstr "Entrez « help » pour voir la liste des commandes."
#: g10/helptext.c:153
msgid "keyedit.save.okay"
msgstr ""
msgstr "Répondez « oui » ou « non »"
#: g10/helptext.c:158
msgid "keyedit.cancel.okay"
msgstr ""
msgstr "Répondez « oui » ou « non »"
#: g10/helptext.c:162
msgid "keyedit.sign_all.okay"
msgstr ""
msgstr "Répondez « oui » si vous voulez signer TOUS les noms d'utilisateurs"
#: g10/helptext.c:166
msgid "keyedit.remove.uid.okay"
msgstr ""
"Répondez « oui » si vous voulez vraiment supprimer ce nom\n"
"d'utilisateur. Tous les certificats seront alors perdus en même temps !"
#: g10/helptext.c:171
msgid "keyedit.remove.subkey.okay"
msgstr ""
msgstr "Entrez « oui » s'il faut vraiment supprimer la sous-clé"
#: g10/helptext.c:175
msgid "passphrase.enter"
@ -3177,11 +3139,11 @@ msgstr ""
#: g10/helptext.c:186
msgid "detached_signature.filename"
msgstr ""
msgstr "Donnez le nom du fichier auquel la signature se rapporte"
#: g10/helptext.c:190
msgid "openfile.overwrite.okay"
msgstr ""
msgstr "Entrez « oui » s'il faut vraiment réécrire le fichier"
#: g10/helptext.c:204
msgid "No help available"
@ -3191,12 +3153,3 @@ msgstr "Pas d'aide disponible"
#, c-format
msgid "No help available for `%s'"
msgstr "Pas d'aide disponible pour `%s'"
#~ msgid "invalid clear text header: "
#~ msgstr "en-tête de texte clair invalide : "
#~ msgid "LID %lu: changing trust from %u to %u\n"
#~ msgstr "LID %lu : changement de la confiance de %u vers %u\n"
#~ msgid "LID %lu: setting trust to %u\n"
#~ msgstr "LID %lu : la confiance est maintenant %u\n"

View File

@ -138,6 +138,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
atari*:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
atari*:[Mm]i[Nn][Tt]:*:*)
echo m68k-atari-mint
exit 0 ;;
sun3*:NetBSD:*:*)
echo m68k-sun-netbsd${UNAME_RELEASE}
exit 0 ;;

View File

@ -94,6 +94,9 @@ g10_errstr( int err )
X(WR_PUBKEY_ALGO ,N_("unusable pubkey algorithm"))
X(FILE_EXISTS ,N_("file exists"))
X(WEAK_KEY ,N_("weak key"))
X(INV_ARG ,N_("invalid argument"))
X(BAD_URI ,N_("bad URI"))
X(INVALID_URI ,N_("unsupported URI"))
default: p = buf; sprintf(buf, "g10err=%d", err); break;
}
#undef X