mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-31 11:41:32 +01:00
See ChangeLog: Tue Jan 12 11:17:18 CET 1999 Werner Koch
This commit is contained in:
parent
8ddca5a28a
commit
62957ff4e7
1
AUTHORS
1
AUTHORS
@ -36,6 +36,7 @@ md@linux.it
|
||||
TRANSLATIONS Gael Queri 1998-09-08
|
||||
Disclaimer. [fr]
|
||||
gqueri@mail.dotcom.fr
|
||||
Fixed a lot of typos.
|
||||
|
||||
|
||||
TRANSLATIONS Walter Koch 1998-09-08
|
||||
|
11
ChangeLog
11
ChangeLog
@ -1,3 +1,11 @@
|
||||
Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
* config.links (m68k-atari-mint): New
|
||||
|
||||
Tue Jan 12 09:17:19 CET 1999 Gaël Quéri <gqueri@mail.dotcom.fr>
|
||||
|
||||
* all: Fixed typos all over the place
|
||||
|
||||
Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
* configure.in: Add a way to statically link rndunix
|
||||
@ -24,7 +32,8 @@ Thu Dec 10 20:15:36 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
Tue Dec 8 15:09:29 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
* VERSION: Set to 0.4.5
|
||||
* VERSION: Set to 0.4.5
|
||||
|
||||
Wed Nov 25 12:38:29 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||
|
||||
* configure.in (USE_RNDLINUX): New.
|
||||
|
4
INSTALL
4
INSTALL
@ -79,9 +79,9 @@ should put this in your ~/.gnupg/options file:
|
||||
load-extension rndunix
|
||||
===>8====================
|
||||
This collector works by running a lot of tools which yields more or
|
||||
less unpredictable output and fedds this as entropy into the random
|
||||
less unpredictable output and feds this as entropy into the random
|
||||
generator - It should work reliable but you should check whether
|
||||
it produces good output for your kinf of Unix. There are some debug
|
||||
it produces good output for your kind of Unix. There are some debug
|
||||
options to help you (see cipher/rndunix.c).
|
||||
|
||||
|
||||
|
42
NEWS
42
NEWS
@ -1,3 +1,7 @@
|
||||
|
||||
* add some additional time warp checks.
|
||||
|
||||
|
||||
Noteworthy changes in version 0.9.1
|
||||
-----------------------------------
|
||||
|
||||
@ -24,7 +28,7 @@ Noteworthy changes in version 0.9.0
|
||||
-----------------------------------
|
||||
|
||||
* --export does now only exports rfc2440 compatible keys; the
|
||||
old behavious is available with --export-all.
|
||||
old behaviour is available with --export-all.
|
||||
Generation of v3 ElGamal (sign and encrypt) keys is not longer
|
||||
supported.
|
||||
|
||||
@ -87,7 +91,7 @@ Noteworthy changes in version 0.4.4
|
||||
you are put into normal mode unless you use "quit" or "save" as
|
||||
one of the commands. When in batch mode, the program quits after
|
||||
the last command, so you have to use "save" if you did some changes.
|
||||
It does not yet work completey, but may be used to list so the
|
||||
It does not yet work completely, but may be used to list so the
|
||||
keys etc.
|
||||
|
||||
|
||||
@ -111,7 +115,7 @@ Noteworthy changes in version 0.4.3
|
||||
the contrib directory of the FTP servers)
|
||||
|
||||
* commandline option processing now works as expected for GNU programs
|
||||
with the execption that you can't mix options and normal arguments.
|
||||
with the exception that you can't mix options and normal arguments.
|
||||
|
||||
* Now --list-key lists all matching keys. This is needed in some
|
||||
other places too.
|
||||
@ -138,7 +142,7 @@ Noteworthy changes in version 0.4.2
|
||||
prime product.
|
||||
|
||||
* --import now only looks for KEYBLOCK headers, so you can now simply
|
||||
remove the "- " in front of such a header if someone accdently signed
|
||||
remove the "- " in front of such a header if someone accidently signed
|
||||
such a message or the keyblock is part of a cleartext signed message.
|
||||
|
||||
* --with-colons now lists the key expiration time and not anymore
|
||||
@ -206,7 +210,7 @@ Noteworthy changes in version 0.3.5
|
||||
|
||||
* Fixed a bug with 5 byte length headers.
|
||||
|
||||
* --delete-[secret-]key is now also availabe in gpgm.
|
||||
* --delete-[secret-]key is now also available in gpgm.
|
||||
|
||||
* cleartext signatures are not anymore converted to LF only.
|
||||
|
||||
@ -230,21 +234,21 @@ Noteworthy changes in version 0.3.3
|
||||
-----------------------------------
|
||||
* IMPORTANT: I found yet another bug in the way the secret keys
|
||||
are encrypted - I did it the way pgp 2.x did it, but OpenPGP
|
||||
and pgp 5.x specifiy another (in some aspects simpler) method.
|
||||
and pgp 5.x specify another (in some aspects simpler) method.
|
||||
To convert your secret keys you have to do this:
|
||||
1. Build the new release but don't install it and keep
|
||||
a copy of the old program.
|
||||
2. Disable the network, make sure that you are the only
|
||||
user, be sure that there are no trojan horses etc ....
|
||||
user, be sure that there are no Trojan horses etc ....
|
||||
3. Use your old gpg (version 0.3.[12]) and set the
|
||||
passphrases of ALL your secret keys to empty!
|
||||
(gpg --change-passphrase your-user-id).
|
||||
4. Save your ownertrusts (see the next point)
|
||||
5. rm ~/.gnupg/trustd.gpg
|
||||
5. rm ~/.gnupg/trustdb.gpg
|
||||
6. install the new version of gpg (0.3.3)
|
||||
7. For every secret key call "gpg --edit-key your-user-id",
|
||||
enter "passwd" at the prompt, follow the instructions and
|
||||
change your passward back, enter "save" to store it.
|
||||
change your password back, enter "save" to store it.
|
||||
8. Restore the ownertrust (see next point).
|
||||
|
||||
* The format of the trust database has changed; you must delete
|
||||
@ -257,7 +261,7 @@ Noteworthy changes in version 0.3.3
|
||||
release and it does now only export defined ownertrusts.
|
||||
|
||||
* The command --edit-key now provides a commandline driven menu
|
||||
which can be used vor vaious tasks. --sign-key is only an
|
||||
which can be used for various tasks. --sign-key is only an
|
||||
an alias to --edit-key and maybe removed in future: use the
|
||||
command "sign" of this new menu - you can select which user ids
|
||||
you want to sign.
|
||||
@ -267,7 +271,7 @@ Noteworthy changes in version 0.3.3
|
||||
* Owner trust values can now be changed with --edit-key (trust)
|
||||
|
||||
* GNUPG can now run as a coprocess; this enables sophisticated
|
||||
frontends. tools/shmtest.c is a simple sample implemenation.
|
||||
frontends. tools/shmtest.c is a simple sample implementation.
|
||||
This needs some more work: all tty_xxx() are to be replaced
|
||||
by cpr_xxx() and some changes in the display logics is needed.
|
||||
|
||||
@ -306,7 +310,7 @@ Noteworthy changes in version 0.3.2
|
||||
* Now displays the trust status of a positive verified message.
|
||||
|
||||
* Keyrings are now scanned in the sequence they are added with
|
||||
--[secret-]keyring. Note that the default keyring is implictly
|
||||
--[secret-]keyring. Note that the default keyring is implicitly
|
||||
added as the very first one unless --no-default-keyring is used.
|
||||
|
||||
* Fixed setuid and dlopen bug.
|
||||
@ -346,7 +350,7 @@ Noteworthy changes in version 0.3.0
|
||||
|
||||
* A complete new structure for representing the key parameters.
|
||||
|
||||
* Removed most public key knowledge into the cipher libray.
|
||||
* Removed most public key knowledge into the cipher library.
|
||||
|
||||
* Support for dynamic loading of new algorithms.
|
||||
|
||||
@ -420,7 +424,7 @@ Noteworthy changes in version 0.2.17
|
||||
Noteworthy changes in version 0.2.16
|
||||
------------------------------------
|
||||
|
||||
* Add experimental support for the TIGER/192 message diigest algorithm.
|
||||
* Add experimental support for the TIGER/192 message digest algorithm.
|
||||
(But there is only a dummy ASN OID).
|
||||
|
||||
* Standard cipher is now Blowfish with 128 bit key in OpenPGP's CFB
|
||||
@ -451,7 +455,7 @@ Noteworthy changes in version 0.2.14
|
||||
|
||||
* Changed the internal handling of keyrings.
|
||||
|
||||
* Add support to list PGP 5 keyrings with supkeys
|
||||
* Add support to list PGP 5 keyrings with subkeys
|
||||
|
||||
* Timestamps of signatures are now verified.
|
||||
|
||||
@ -494,7 +498,7 @@ Noteworthy changes in version 0.2.11
|
||||
|
||||
* "--delete-key" works for public keys. What semantics shall I use
|
||||
when there is a secret key too? Delete the secret key or leave him
|
||||
and auto-regenerate the public key, netxt time the secret key is used?
|
||||
and auto-regenerate the public key, next time the secret key is used?
|
||||
|
||||
Noteworthy changes in version 0.2.10
|
||||
------------------------------------
|
||||
@ -507,7 +511,7 @@ Noteworthy changes in version 0.2.10
|
||||
|
||||
* Changed some configure options and add an option
|
||||
--disable-m-guard to remove the memory checking code
|
||||
and to compile everthing with optimization on.
|
||||
and to compile everything with optimization on.
|
||||
|
||||
* New environment variable GNUPGHOME, which can be used to set
|
||||
another homedir than ~/.gnupg. Changed default homedir for
|
||||
@ -584,7 +588,7 @@ Noteworthy changes in version 0.2.4
|
||||
|
||||
* backup copies of keyrings are created.
|
||||
|
||||
* assembler stuff for Pentium; gives about 15% better perfomance.
|
||||
* assembler stuff for Pentium; gives about 15% better performance.
|
||||
|
||||
* fixed a lot of bugs.
|
||||
|
||||
@ -610,7 +614,7 @@ Noteworthy changes in version 0.2.3
|
||||
|
||||
* added option "--status-fd": see g10/OPTIONS
|
||||
|
||||
* We have secure memeory on systems which support mlock().
|
||||
* We have secure memory on systems which support mlock().
|
||||
It is not complete yet, because we do not have signal handler
|
||||
which does a cleanup in very case.
|
||||
We should also check the ulimit for the user in the case
|
||||
|
8
PROJECTS
8
PROJECTS
@ -4,7 +4,7 @@
|
||||
(userid, or any other unique identification) on command line.
|
||||
--> NO: Use a script and --status-fd
|
||||
|
||||
* Change the internal represention of keyid into a struct which
|
||||
* Change the internal representation of keyid into a struct which
|
||||
can also hold the localid and extend the localid to hold information
|
||||
of the subkey number because two subkeys may have the same keyid.
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
* Add a way to override the current cipher/md implementations
|
||||
by others (using extensions)
|
||||
|
||||
* Not GnuPG replated: What about option completion in bash?
|
||||
* Not GnuPG related: What about option completion in bash?
|
||||
Can "--dump-options" be used for this or should we place the
|
||||
options in a special ELF segment?
|
||||
|
||||
@ -34,9 +34,9 @@
|
||||
|
||||
* rewrite --list-packets or put it into another tool.
|
||||
|
||||
* We need a maintainence pass over the trustdb which flags
|
||||
* We need a maintenance pass over the trustdb which flags
|
||||
signatures as expired if the key used to make the signature has
|
||||
expired. Maybe it is a good idea to store the exiration time
|
||||
expired. Maybe it is a good idea to store the expiration time
|
||||
in the key record of the trustdb.
|
||||
* write a tool to extract selected keys from a file.
|
||||
|
||||
|
8
README
8
README
@ -34,7 +34,7 @@
|
||||
the word "subscribe" in the body to "g10-request@net.lut.ac.uk".
|
||||
This mailing list is a closed one (only subscribers are allowed
|
||||
to post) to avoid misuse by folks who don't know the Netiquette
|
||||
and trash you mailspool with commercial junk.
|
||||
and trash your mailspool with commercial junk.
|
||||
|
||||
See the file COPYING for copyright and warranty information.
|
||||
|
||||
@ -301,7 +301,7 @@
|
||||
user ID is the one with an email address you prefer - because
|
||||
you have no signatures on this email address it is easy to change
|
||||
this address. Remember: Your signators sign your public key (the
|
||||
primary one) together with one od your user IDs - so it is not possible
|
||||
primary one) together with one of your user IDs - so it is not possible
|
||||
to change the user ID later without voiding all the signatures.
|
||||
|
||||
Tip: If you hear about a key signing party on a computer conference
|
||||
@ -412,7 +412,7 @@
|
||||
The primary FTP site is "ftp://ftp.gnupg.org/pub/gcrypt/"
|
||||
The primary WWW page is "http://www.gnupg.org"
|
||||
|
||||
See http://www.gnugp.org/mirrors.html for a list of FTP mirrors
|
||||
See http://www.gnupg.org/mirrors.html for a list of FTP mirrors
|
||||
and use them if possible.
|
||||
|
||||
Please direct bug reports to <gnupg-bugs@gnu.org> or better
|
||||
@ -420,7 +420,7 @@
|
||||
closed list - subscribe before posting, see above (~line 33)).
|
||||
Please direct questions about GnuPG to the mailing list or
|
||||
one of the pgp newsgroups; this gives me more time to improve
|
||||
GnuPG. Commercial support for GnuPG will be availabe soon.
|
||||
GnuPG. Commercial support for GnuPG will be available soon.
|
||||
|
||||
Have fun and remember: Echelon is looking at you kid.
|
||||
|
||||
|
14
THOUGHTS
14
THOUGHTS
@ -14,6 +14,16 @@
|
||||
* What shall we do if we have a valid subkey revocation certificate
|
||||
but no subkey binding? Is this a valid but revoked key?
|
||||
|
||||
* use a mmaped file for secure memory if mlock does not work and
|
||||
make sure that this file is always wiped out. Is this really
|
||||
more secure than swapping out to the swap disk? I don't
|
||||
believe so because if an attacker has access to the physical
|
||||
box (and he needs this to look at the swap area) he can also
|
||||
leave a trojan horse which is far more easier than to analyze
|
||||
memory dumps. Question: Is it possible that a Unix pages
|
||||
an old (left over by some other process) swap page in for
|
||||
another process - this should be considered a serious design
|
||||
flow/bug.
|
||||
|
||||
Date: Mon, 4 Jan 1999 19:34:29 -0800 (PST)
|
||||
From: Matthew Skala <mskala@ansuz.sooke.bc.ca>
|
||||
@ -172,7 +182,7 @@ o Keep a blacklist of known bad signatures to minimize
|
||||
|
||||
o Should be fast - I currently designing a new storage
|
||||
system called keybox which takes advantage of the fact
|
||||
that the keyID is higly random and can be directly be
|
||||
that the keyID is highly random and can be directly be
|
||||
used as a hash value and this keyID is (for v4 keys)
|
||||
part of the fingerprint: So it is possible to use the
|
||||
fingerprint as key but do an lookup by the keyID.
|
||||
@ -186,7 +196,7 @@ o Use the HKS protocol and enhance it in a way that binary
|
||||
keyrings can be transmitted. (I already wrote some
|
||||
http server and client code which can be used for this)
|
||||
|
||||
o Keep a checkcsum (hash) of the entire keyblock so that a
|
||||
o Keep a checksum (hash) of the entire keyblock so that a
|
||||
client can easy check whether this keyblock has changed.
|
||||
(keyblock = the entire key with all certificates etc.)
|
||||
|
||||
|
26
TODO
26
TODO
@ -6,6 +6,8 @@ Bugs
|
||||
if the clearsign has been created by pgp263ia.
|
||||
Needs more investigation - anyone?
|
||||
|
||||
* clearsign bug Greg Troxel Jan 11.
|
||||
|
||||
Important
|
||||
----------
|
||||
* Check revocation and expire stuff. PLEASE: THIS MUST BE TESTED!
|
||||
@ -13,28 +15,25 @@ Important
|
||||
* Check calculation of key validity. PLEASE: IT IS IMPORTED THAT
|
||||
THIS GET TESTED.
|
||||
|
||||
* It has been reported that lockfiles are not removed in all cases.
|
||||
cleanup is done with atexit() and all signals trigger exit() -
|
||||
anything wrong with this? - ah yes: a signal while still in
|
||||
dotlock_make
|
||||
|
||||
* See why we always get this "Hmmm public key lost"
|
||||
|
||||
* print a warning when a revoked/expired secret key is used.
|
||||
|
||||
* Allow the use of a the faked RNG only for keys which are
|
||||
flagged as INSECURE.
|
||||
|
||||
> 0.9.1: I get some occasional segfaults during 'make check' unless I use
|
||||
> --with-included-zlib. It's strange, I have zlib-1.1.2 on one machine, and
|
||||
> zlib-1.1.3 on another, and both of them fail on occasion (maybe half of the
|
||||
|
||||
> gpg: /home/jam/.gnupg/pubring.gpg: can't open gdbm file: Can't be writer
|
||||
> gpg: keyblock resource `/home/jam/.gnupg/pubring.gpg': file open error
|
||||
> gpg: OOPS in close enum_keyblocks - ignored
|
||||
|
||||
|
||||
|
||||
Needed
|
||||
------
|
||||
* remove more "Fixmes"
|
||||
|
||||
* Replace Blowfish by Twofish and add the new encrypted packet typ
|
||||
* Replace Blowfish by Twofish and add the new encrypted packet type
|
||||
which has a MACing option (append SHA1 hash to the plaintext and
|
||||
encrypt this all) - We need an identifier for Twofish to put this
|
||||
one into the cipher preferences.
|
||||
@ -48,6 +47,12 @@ Needed
|
||||
Minor Bugs
|
||||
----------
|
||||
|
||||
* There is a race condition which leaves lock files after process
|
||||
termination (a signal while in make_dotlock). Change the dotlock
|
||||
implementaion to a create handle, make and release implemenation
|
||||
and use an atexit to cleanup all pending locks. This is also
|
||||
faster.
|
||||
|
||||
Nice to have
|
||||
------------
|
||||
* preferences of hash algorithms are not yet used.
|
||||
@ -59,5 +64,6 @@ Nice to have
|
||||
* Burn the buffers used by fopen(), or use read(2). Does this
|
||||
really make sense?
|
||||
* change the fake_data stuff to mpi_set_opaque
|
||||
|
||||
* How about letting something like 'gpg --version -v', list the
|
||||
effective options. Yep.
|
||||
|
||||
|
@ -1,3 +1,10 @@
|
||||
Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
* random.c (random_is_faked): New.
|
||||
|
||||
* tiger.c: Only compile if we have the u64 type
|
||||
|
||||
|
||||
Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
* rndunix.c (gather_random): check for setuid.
|
||||
|
@ -162,6 +162,13 @@ randomize_buffer( byte *buffer, size_t length, int level )
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
random_is_faked()
|
||||
{
|
||||
if( !is_initialized )
|
||||
initialize();
|
||||
return faked_rng || quick_test;
|
||||
}
|
||||
|
||||
/****************
|
||||
* Return a pointer to a randomized buffer of level 0 and LENGTH bits
|
||||
|
@ -25,6 +25,7 @@
|
||||
/*-- random.c --*/
|
||||
void secure_random_alloc(void);
|
||||
int quick_random_gen( int onoff );
|
||||
int random_is_faked(void);
|
||||
void randomize_buffer( byte *buffer, size_t length, int level );
|
||||
byte *get_random_bits( size_t nbits, int level, int secure );
|
||||
void fast_random_poll( void );
|
||||
|
@ -27,6 +27,11 @@
|
||||
#include "memory.h"
|
||||
|
||||
|
||||
#ifdef HAVE_U64_TYPEDEF
|
||||
|
||||
/* we really need it here, but as this is only experiment we
|
||||
* can live without Tiger */
|
||||
|
||||
typedef struct {
|
||||
u64 a, b, c;
|
||||
byte buf[64];
|
||||
@ -964,4 +969,5 @@ gnupgext_enum_func( int what, int *sequence, int *class, int *vers )
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* HAVE_U64_TYPEDEF */
|
||||
|
||||
|
22
doc/DETAILS
22
doc/DETAILS
@ -45,7 +45,7 @@ Format of the "--status-fd" output
|
||||
Every line is prefixed with "[GNUPG:] ", followed by a keyword with
|
||||
the type of the status line and a some arguments depending on the
|
||||
type (maybe none); an application should always be prepared to see
|
||||
more argumnents in future versions.
|
||||
more arguments in future versions.
|
||||
|
||||
|
||||
GOODSIG <long keyid> <username>
|
||||
@ -57,12 +57,12 @@ more argumnents in future versions.
|
||||
ERRSIG
|
||||
It was not possible to check the signature. This may be
|
||||
caused by a missing public key or an unsupported algorithm.
|
||||
No argumens yet.
|
||||
No argument yet.
|
||||
|
||||
VALIDSIG <fingerprint in hex>
|
||||
The signature with the keyid is good. This is the same
|
||||
as GOODSIG but has the fingerprint as the argument. Both
|
||||
status lines ere emmited for a good signature.
|
||||
status lines ere emitted for a good signature.
|
||||
|
||||
TRUST_UNDEFINED
|
||||
TRUST_NEVER
|
||||
@ -70,7 +70,7 @@ more argumnents in future versions.
|
||||
TRUST_FULLY
|
||||
TRUST_ULTIMATE
|
||||
For good signatures one of these status lines are emitted
|
||||
to indicate how trustworthy the signatur is. No arguments yet.
|
||||
to indicate how trustworthy the signature is. No arguments yet.
|
||||
|
||||
SIGEXPIRED
|
||||
The signature key has expired. No arguments yet.
|
||||
@ -158,7 +158,7 @@ Record type 1:
|
||||
1 u32 first free record
|
||||
1 u32 record number of shadow directory hash table
|
||||
It does not make sense to combine this table with the key table
|
||||
becuase the keyid is not in every case a part of the fingerprint.
|
||||
because the keyid is not in every case a part of the fingerprint.
|
||||
4 bytes reserved for version extension record
|
||||
|
||||
|
||||
@ -283,7 +283,7 @@ Record type 9: (cache record)
|
||||
20 bytes rmd160 hash value over the complete keyblock
|
||||
This is used to detect any changes of the keyblock with all
|
||||
CTBs and lengths headers. Calculation is easy if the keyblock
|
||||
is optained from a keyserver: simply create the hash from all
|
||||
is obtained from a keyserver: simply create the hash from all
|
||||
received data bytes.
|
||||
|
||||
1 byte number of untrusted signatures.
|
||||
@ -323,14 +323,14 @@ Record Type 10 (hash table)
|
||||
n = (reclen-2)/4 which yields 9 for the current record length
|
||||
of 40 bytes.
|
||||
|
||||
the total number of surch record which makes up the table is:
|
||||
the total number of such record which makes up the table is:
|
||||
m = (256+n-1) / n
|
||||
which is 29 for a record length of 40.
|
||||
|
||||
To look up a key we use the first byte of the fingerprint to get
|
||||
the recnum from this hashtable and look up the addressed record:
|
||||
- If this record is another hashtable, we use 2nd byte
|
||||
to index this hast table and so on.
|
||||
to index this hash table and so on.
|
||||
- if this record is a hashlist, we walk all entries
|
||||
until we found one a matching one.
|
||||
- if this record is a key record, we compare the
|
||||
@ -398,12 +398,12 @@ There is one enhancement used with the old style packet headers:
|
||||
+
|
||||
+ It works like this: After the CTB (with a length field of 11) a
|
||||
+ marker field is used, which gives the length of the following datablock.
|
||||
+ This is a simple 2 byte field (MSB first) containig the amount of data
|
||||
+ This is a simple 2 byte field (MSB first) containing the amount of data
|
||||
+ following this field, not including this length field. After this datablock
|
||||
+ another length field follows, which gives the size of the next datablock.
|
||||
+ A value of 0 indicates the end of the packet. The maximum size of a
|
||||
+ data block is limited to 65534, thereby reserving a value of 0xffff for
|
||||
+ future extensions. These length markers must be insereted into the data
|
||||
+ future extensions. These length markers must be inserted into the data
|
||||
+ stream just before writing the data out.
|
||||
+
|
||||
+ This 2 byte filed is large enough, because the application must buffer
|
||||
@ -416,7 +416,7 @@ There is one enhancement used with the old style packet headers:
|
||||
|
||||
Usage of gdbm files for keyrings
|
||||
================================
|
||||
The key to store the keyblokc is it's fingerpint, other records
|
||||
The key to store the keyblock is it's fingerprint, other records
|
||||
are used for secondary keys. fingerprints are always 20 bytes
|
||||
where 16 bit fingerprints are appded with zero.
|
||||
The first byte of the key gives some information on the type of the
|
||||
|
34
doc/FAQ
34
doc/FAQ
@ -21,7 +21,7 @@
|
||||
public key, and he would only be able to decrypt it by having the secret
|
||||
key and putting in the password to use his secret key.
|
||||
|
||||
GNUPG is also usefull for signing things. Things that are encrypted with
|
||||
GNUPG is also useful for signing things. Things that are encrypted with
|
||||
the secret key can be decrypted with the public key. To sign something, a
|
||||
hash is taken of the data, and then the hash is in some form encoded
|
||||
with the secret
|
||||
@ -38,23 +38,23 @@
|
||||
You can 'conventionally' encrypt something by using the option 'gpg -c'.
|
||||
It is encrypted using a passphrase, and does not use public and secret
|
||||
keys. If the person you send the data to knows that passphrase, they can
|
||||
decrypt it. This is usually most usefull for encrypting things to
|
||||
decrypt it. This is usually most useful for encrypting things to
|
||||
yourself, although you can encrypt things to your own public key in the
|
||||
same way. It should be used for communication with partners you know and
|
||||
where it is easy to exchange the passphrases (e.g. with your boy friend or
|
||||
your wife). The advantage is that you can chnage the passphrase from time
|
||||
to time and decrease the risk, that many old messages may be decryptted by
|
||||
your wife). The advantage is that you can change the passphrase from time
|
||||
to time and decrease the risk, that many old messages may be decrypted by
|
||||
people who accidently got your passphrase.
|
||||
|
||||
You can add and copy keys to and from your keyring with the 'gpg --import'
|
||||
and 'gpg --export' option. 'gpg --export-secret-keys' will export secret
|
||||
keys. This is normally not usefull, but you can generate the key on one
|
||||
keys. This is normally not useful, but you can generate the key on one
|
||||
machine then move it to another machine.
|
||||
|
||||
Keys can be signed under the 'gpg --edit-key' option. When you sign a
|
||||
key, you are saying that you are certain that the key belongs to the
|
||||
person it says it comes from. You should be very sure that is really
|
||||
taht person: You should verify the key fingerprint
|
||||
that person: You should verify the key fingerprint
|
||||
|
||||
gpg --fingerprint user-id
|
||||
|
||||
@ -69,7 +69,7 @@
|
||||
|
||||
Oh yeah, this is important. By default all data is encrypted in some weird
|
||||
binary format. If you want to have things appear in ascii text that is
|
||||
readable, just add the '-a' option. But the preferred methos is to use
|
||||
readable, just add the '-a' option. But the preferred method is to use
|
||||
a MIME aware mail reader (Mutt, Pine and many more).
|
||||
|
||||
There is a small security glitch in the OpenPGP (and therefor GNUPG) system;
|
||||
@ -80,7 +80,7 @@
|
||||
Q: What is the recommended key size?
|
||||
A: 1024 bit for DSA signatures; even for plain ElGamal
|
||||
signatures this is sufficient as the size of the hash
|
||||
is probably the weakest link if the keyssize is larger
|
||||
is probably the weakest link if the keysize is larger
|
||||
than 1024 bits. Encryption keys may have greater sizes,
|
||||
but you should than check the fingerprint of this key.
|
||||
|
||||
@ -100,7 +100,7 @@
|
||||
at least for decryption). To be better interoperable, GNUPG
|
||||
(starting with version 0.3.3) now also uses type 16 for the
|
||||
ElGamal subkey which is created if the default key algorithm
|
||||
is choosen. You may add an type 16 ElGamal key to your public
|
||||
is chosen. You may add an type 16 ElGamal key to your public
|
||||
key which is easy as your key signatures are still valid.
|
||||
|
||||
Q: Why is PGP 5.x not able to verify my messages.
|
||||
@ -109,14 +109,14 @@
|
||||
data. Use the option "--force-v3-sigs" to generate V3 signatures
|
||||
for data.
|
||||
|
||||
Q: I can't delete a user id because it is already deleted on my
|
||||
Q: I can't delete an user id because it is already deleted on my
|
||||
public keyring.
|
||||
A: Because you can only select from the public key ring, there is
|
||||
no direct way to do this. However it is not so complicated
|
||||
do to it anyway: Create a new user id with exactly the same name,
|
||||
you will notice that there are two identical user ids on the
|
||||
secret ring now. Now select this user id and delete it; both
|
||||
user ids from the secret ring will be remoed.
|
||||
user ids from the secret ring will be removed.
|
||||
|
||||
Q: How can I encrypt a message in way pgp 2.x is able to decrypt it later?
|
||||
A: You can't do that because pgp 2.x normally uses IDEA which is not
|
||||
@ -175,7 +175,7 @@
|
||||
trustdb which holds a list of valid key signatures. If you are not
|
||||
running in batch mode you will be asked to assign a trust parameter
|
||||
(ownertrust) to a key. I have plans to use a cache for calculated
|
||||
trust values to speed up calcualtion.
|
||||
trust values to speed up calculation.
|
||||
|
||||
You can see the validity (calculated trust value) using this command:
|
||||
|
||||
@ -202,19 +202,19 @@
|
||||
the assigned value:
|
||||
|
||||
- = No Ownertrust value yet assigned.
|
||||
n = Never trust this keyholder to correctly verifiy others signatures.
|
||||
n = Never trust this keyholder to correctly verify others signatures.
|
||||
m = Have marginal trust in the keyholders capability to sign other keys.
|
||||
f = Assume that the key holder really knows how to sign keys.
|
||||
u = No need to trust ourself because we have the secret key.
|
||||
|
||||
Please keep these values confidential, as they express some opiones of
|
||||
Please keep these values confidential, as they express some opinions of
|
||||
you about others. PGP does store these information with the keyring, so
|
||||
it is not a good idea to publish the keyring instead of exporting the
|
||||
keyring - gnupg stores the trust in the trust-DB and therefor it is okay
|
||||
to give the keyring away (but we have a --export command too).
|
||||
|
||||
|
||||
Q: What is the differenc between options and commands?
|
||||
Q: What is the difference between options and commands?
|
||||
A: If you do a "gpg --help", you will get two separate lists. The first is a list
|
||||
of commands. The second is a list of options. Whenever you run GPG, you *must*
|
||||
pick exactly one command (**with one exception, see below). You *may* pick one
|
||||
@ -266,7 +266,7 @@
|
||||
|
||||
|
||||
Q: What kind of output is this: "key C26EE891.298, uid 09FB: ...."?
|
||||
A: This is the internal representaion of a user id in the trustdb.
|
||||
A: This is the internal representation of an user id in the trustdb.
|
||||
"C26EE891" is the keyid, "298" is the local id (a record number
|
||||
in the trustdb) and "09FB" are the last two bytes of a ripe-md-160
|
||||
hash of the user id for this key.
|
||||
@ -293,7 +293,7 @@
|
||||
"uid 12345678.3456/ACDE"
|
||||
This is about the user ID for the same key; to identify the
|
||||
user ID the last two bytes of a ripe-md-160 over the user ID
|
||||
tring is printed.
|
||||
ring is printed.
|
||||
"sig 12345678.3456/ACDE/9A8B7C6D"
|
||||
This is about the signature with key ID 9A8B7C6D for the
|
||||
above key and user ID, if it is a signature which is direct
|
||||
|
10
doc/HACKING
10
doc/HACKING
@ -20,7 +20,7 @@ archive use:
|
||||
This service is provided to help you in hunting bugs and not to deliver
|
||||
stable snapshots; it may happen that it even does not compile, so please
|
||||
don't complain. CVS may put a high load on a server, so please don't poll
|
||||
poll for new updates but wait for an anouncement; to receive this you may
|
||||
poll for new updates but wait for an announcement; to receive this you may
|
||||
want to subscribe to:
|
||||
|
||||
gnupg-commit-watchers@isil.d.shuttle.de
|
||||
@ -80,7 +80,7 @@ Directory Layout
|
||||
----------------
|
||||
./ Readme, configure
|
||||
./scripts Scripts needed by configure and others
|
||||
./doc Documentaion
|
||||
./doc Documentation
|
||||
./util General purpose utility function
|
||||
./mpi Multi precision integer library
|
||||
./cipher Cryptographic functions
|
||||
@ -121,7 +121,7 @@ Logging
|
||||
Option parsing
|
||||
---------------
|
||||
GNUPG does not use getopt or GNU getopt but functions of it's own. See
|
||||
util/argparse.c for details. The advantage of these funtions is that
|
||||
util/argparse.c for details. The advantage of these functions is that
|
||||
it is more easy to display and maintain the help texts for the options.
|
||||
The same option table is also used to parse resource files.
|
||||
|
||||
@ -129,7 +129,7 @@ The same option table is also used to parse resource files.
|
||||
|
||||
What is an iobuf
|
||||
----------------
|
||||
This is the data structure used for most I/O of gnupg. It is similiar
|
||||
This is the data structure used for most I/O of gnupg. It is similar
|
||||
to System V Streams but much simpler. It should be replaced by a cleaner
|
||||
and faster implementation. We are doing to much copying and the semantics
|
||||
of "filter" removing are not very clean. EOF handling is also a problem.
|
||||
@ -138,7 +138,7 @@ of "filter" removing are not very clean. EOF handling is also a problem.
|
||||
|
||||
How to use the message digest functions
|
||||
---------------------------------------
|
||||
cipher/md.c implements an interface to hash (message diesgt functions).
|
||||
cipher/md.c implements an interface to hash (message digest functions).
|
||||
|
||||
a) If you have a common part of data and some variable parts
|
||||
and you need to hash of the concatenated parts, you can use this:
|
||||
|
@ -26,7 +26,7 @@
|
||||
* (9.2) states that IDEA SHOULD be implemented. This is not done
|
||||
due to patent problems.
|
||||
|
||||
* (12.1) states that an implementaion MUST NOT use a symmetric
|
||||
* (12.1) states that an implementation MUST NOT use a symmetric
|
||||
algorithm which is not in the preference list. GnuPG has an
|
||||
option to override this.
|
||||
|
||||
@ -79,8 +79,8 @@
|
||||
it with a V3 keyid, and can properly use only a V3 format RSA
|
||||
key.
|
||||
|
||||
* Neither PGP 5.x nor PGP 6.0 recognize Elgamal Encrypt and Sign
|
||||
keys. They only handle Elgamal Encrypt-only keys.
|
||||
* Neither PGP 5.x nor PGP 6.0 recognize ElGamal Encrypt and Sign
|
||||
keys. They only handle ElGamal Encrypt-only keys.
|
||||
|
||||
|
||||
Parts of this document are taken from:
|
||||
|
@ -237,7 +237,7 @@ B<--trusted-key> I<keyid>
|
||||
Assume that the key with the I<keyid> (which must be
|
||||
a full (8 byte) keyid) is as trustworthy as one of
|
||||
your own secret keys. This may be used to make keys
|
||||
valid which are not directly ceritified by you but
|
||||
valid which are not directly certified by you but
|
||||
by a CA you trust. The advantage of this option is
|
||||
that it shortens the path of certification.
|
||||
|
||||
@ -392,7 +392,7 @@ B<--s2k-mode> I<number>
|
||||
Selects how passphrases are mangled: A number of I<0>
|
||||
uses the plain passphrase (which is not recommended),
|
||||
a I<1> (default) adds a salt to the passphrase and
|
||||
I<3> interates the whole process a couple of times.
|
||||
I<3> iterates the whole process a couple of times.
|
||||
Unless -B<--rfc1991> is used, this mode is also used
|
||||
for conventional encryption.
|
||||
|
||||
@ -403,7 +403,7 @@ B<--compress-algo> I<number>
|
||||
The default algorithm may give better
|
||||
results because the window size is not limited to 8K.
|
||||
If this is not used the OpenPGP behavior is used; i.e.
|
||||
the compression algorith is selected from the preferences.
|
||||
the compression algorithm is selected from the preferences.
|
||||
|
||||
B<--digest-algo> I<name>
|
||||
Use I<name> as message digest algorithm. Running the
|
||||
@ -444,7 +444,7 @@ B<--rfc1991>
|
||||
Try to be more RFC1991 (PGP 2.x) compliant.
|
||||
|
||||
B<--force-v3-sigs>
|
||||
OpenPGP states that a implemenation should generate
|
||||
OpenPGP states that a implementation should generate
|
||||
v4 signatures but PGP 5.x does only recognize such
|
||||
signatures on key material. This options forces
|
||||
v3 signatures for signatures on data.
|
||||
|
@ -42,8 +42,8 @@
|
||||
<title>Introduction</title>
|
||||
<sect1 id="feedback">
|
||||
<title>Feedback</title>
|
||||
<para>Well, I'm german and I find it hard to express myself in
|
||||
english. So if you find some phrases and/or words that I used
|
||||
<para>Well, I'm German and I find it hard to express myself in
|
||||
English. So if you find some phrases and/or words that I used
|
||||
in a wrong way (and you will find them :-) ), please send me a
|
||||
mail, to let me correct this. Please send me notes about
|
||||
typos, too.</para>
|
||||
@ -51,7 +51,7 @@
|
||||
|
||||
|
||||
<sect1 id="whatis">
|
||||
<title>What is GBUPG</title>
|
||||
<title>What is GNUPG</title>
|
||||
<para>GNUPG is a free data encryption and signing tool.
|
||||
|
||||
<screen>
|
||||
@ -81,7 +81,7 @@
|
||||
<optional><parameter>options</parameter></optional>
|
||||
<replaceable class="parameter">file name</replaceable>
|
||||
</synopsis>
|
||||
<refpurpose>is the GNUU tool for signing and exncryption</>
|
||||
<refpurpose>is the GNU tool for signing and encryption</>
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
<para> </para>
|
||||
|
@ -1,3 +1,18 @@
|
||||
Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
* ringedit.c (find_keyblock_bysk): New.
|
||||
|
||||
* skc_list.c (is_insecure): New.
|
||||
(build_sk_list): usage check for insecure keys.
|
||||
|
||||
* import.c (chk_self_sigs): Add handling for subkeys.
|
||||
(delete_inv_parts): Skip unsigned subkeys
|
||||
|
||||
* sig-check.c (do_check): Print info if the signature is older
|
||||
than the key.
|
||||
* keygen.c (generate_subkeypair): Fail on time warp.
|
||||
* sign.c (do_sign): Ditto.
|
||||
|
||||
Sun Jan 10 15:10:02 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
* armor.c (fake_packet): Fixed not-dash-escaped bug.
|
||||
|
@ -36,7 +36,7 @@
|
||||
* Translators should use the key as msgid, this is to keep the msgid short
|
||||
* and to allow for easy changing of the helptexts.
|
||||
*
|
||||
* Mini gloassary:
|
||||
* Mini glossary:
|
||||
*
|
||||
* "user ID", "trustdb", "NOTE" and "WARNING".
|
||||
*/
|
||||
@ -60,14 +60,14 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
|
||||
},
|
||||
|
||||
{ N_("pklist.user_id.enter"),
|
||||
"Enter the user id of the addresse to whom you want to send the message."
|
||||
"Enter the user id of the addressee to whom you want to send the message."
|
||||
},
|
||||
|
||||
{ N_("keygen.algo"),
|
||||
"Select the algorithm to use.\n"
|
||||
"DSA (aka DSS) is the digital signature algorithm which can only be used\n"
|
||||
"for signatures. This is the suggested algorithm because verification of\n"
|
||||
"DSA signatures are much faster than those of ElGamal\n"
|
||||
"DSA signatures are much faster than those of ElGamal.\n"
|
||||
"ElGamal is a algorithm which can be used for signatures and encryption.\n"
|
||||
"OpenPGP distunguishs between two flavors of this algorithms: a encrypt only\n"
|
||||
"and a sign+encrypt; actually it is the same, but some parameters must be\n"
|
||||
@ -75,7 +75,7 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
|
||||
"does this but other OpenPGP implemenations are not required to understand\n"
|
||||
"the signature+encryption flavor.\n"
|
||||
"The first (primary) key must always be a key which is capable of signing;\n"
|
||||
"this is the reason why the ecrytion only ElGamal key is disabled in this."
|
||||
"this is the reason why the encryption only ElGamal key is disabled in this."
|
||||
},
|
||||
|
||||
|
||||
@ -165,7 +165,7 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
|
||||
|
||||
{ N_("keyedit.remove.uid.okay"),
|
||||
"Answer \"yes\" if you really want to delete this user ID.\n"
|
||||
"All ceritifcates are then also lost!"
|
||||
"All certificates are then also lost!"
|
||||
},
|
||||
|
||||
{ N_("keyedit.remove.subkey.okay"),
|
||||
|
77
g10/import.c
77
g10/import.c
@ -661,12 +661,13 @@ import_revoke_cert( const char *fname, KBNODE node )
|
||||
* loop over the keyblock and check all self signatures.
|
||||
* Mark all user-ids with a self-signature by setting flag bit 0.
|
||||
* Mark all user-ids with an invalid self-signature by setting bit 1.
|
||||
* This works allso for subkeys, here the subkey is marked.
|
||||
*/
|
||||
static int
|
||||
chk_self_sigs( const char *fname, KBNODE keyblock,
|
||||
PKT_public_key *pk, u32 *keyid )
|
||||
{
|
||||
KBNODE n, unode;
|
||||
KBNODE n;
|
||||
PKT_signature *sig;
|
||||
int rc;
|
||||
|
||||
@ -675,22 +676,50 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
||||
continue;
|
||||
sig = n->pkt->pkt.signature;
|
||||
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
|
||||
unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
|
||||
if( !unode ) {
|
||||
log_error_f(fname, _("key %08lX: no user-id for signature\n"),
|
||||
(ulong)keyid[1]);
|
||||
return -1; /* the complete keyblock is invalid */
|
||||
}
|
||||
rc = check_key_signature( keyblock, n, NULL);
|
||||
if( rc ) {
|
||||
log_error_f( fname, rc == G10ERR_PUBKEY_ALGO ?
|
||||
_("key %08lX: unsupported public key algorithm\n"):
|
||||
_("key %08lX: invalid self-signature\n"),
|
||||
(ulong)keyid[1]);
|
||||
if( (sig->sig_class&~3) == 0x10 ) {
|
||||
KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
|
||||
if( !unode ) {
|
||||
log_error_f(fname,
|
||||
_("key %08lX: no user-id for signature\n"),
|
||||
(ulong)keyid[1]);
|
||||
return -1; /* the complete keyblock is invalid */
|
||||
}
|
||||
rc = check_key_signature( keyblock, n, NULL);
|
||||
if( rc ) {
|
||||
log_error_f( fname, rc == G10ERR_PUBKEY_ALGO ?
|
||||
_("key %08lX: unsupported public key algorithm\n"):
|
||||
_("key %08lX: invalid self-signature\n"),
|
||||
(ulong)keyid[1]);
|
||||
|
||||
unode->flag |= 2; /* mark as invalid */
|
||||
unode->flag |= 2; /* mark as invalid */
|
||||
}
|
||||
unode->flag |= 1; /* mark that signature checked */
|
||||
}
|
||||
else if( sig->sig_class == 0x18 ) {
|
||||
KBNODE knode = find_prev_kbnode( keyblock,
|
||||
n, PKT_PUBLIC_SUBKEY );
|
||||
if( !knode )
|
||||
knode = find_prev_kbnode( keyblock,
|
||||
n, PKT_SECRET_SUBKEY );
|
||||
|
||||
if( !knode ) {
|
||||
log_error_f(fname,
|
||||
_("key %08lX: no subkey for key binding\n"),
|
||||
(ulong)keyid[1]);
|
||||
}
|
||||
else {
|
||||
rc = check_key_signature( keyblock, n, NULL);
|
||||
if( rc ) {
|
||||
log_error_f( fname, rc == G10ERR_PUBKEY_ALGO ?
|
||||
_("key %08lX: unsupported public key algorithm\n"):
|
||||
_("key %08lX: invalid subkey binding\n"),
|
||||
(ulong)keyid[1]);
|
||||
|
||||
knode->flag |= 2; /* mark as invalid */
|
||||
}
|
||||
}
|
||||
knode->flag |= 1; /* mark that signature checked */
|
||||
}
|
||||
unode->flag |= 1; /* mark that signature checked */
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
@ -730,6 +759,22 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
|
||||
else
|
||||
nvalid++;
|
||||
}
|
||||
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|
||||
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
||||
if( (node->flag & 2) || !(node->flag & 1) ) {
|
||||
if( opt.verbose ) {
|
||||
log_info_f(fname, _("key %08lX: skipped subkey\n"),
|
||||
(ulong)keyid[1]);
|
||||
}
|
||||
delete_kbnode( node ); /* the subkey */
|
||||
/* and all following signature packets */
|
||||
while( node->next
|
||||
&& node->next->pkt->pkttype == PKT_SIGNATURE ) {
|
||||
delete_kbnode( node->next );
|
||||
node = node->next;
|
||||
}
|
||||
}
|
||||
}
|
||||
else if( node->pkt->pkttype == PKT_SIGNATURE
|
||||
&& check_pubkey_algo( node->pkt->pkt.signature->pubkey_algo)
|
||||
&& node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA )
|
||||
@ -845,7 +890,7 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
|
||||
}
|
||||
}
|
||||
|
||||
/* merge subkey certifcates */
|
||||
/* merge subkey certificates */
|
||||
for(onode=keyblock_orig->next; onode; onode=onode->next ) {
|
||||
if( !(onode->flag & 1)
|
||||
&& ( onode->pkt->pkttype == PKT_PUBLIC_SUBKEY
|
||||
|
@ -194,6 +194,7 @@ int locate_keyblock_by_keyid( KBPOS *kbpos, u32 *keyid,
|
||||
int find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos );
|
||||
int find_keyblock_byname( KBPOS *kbpos, const char *username );
|
||||
int find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk );
|
||||
int find_keyblock_bysk( KBPOS *kbpos, PKT_secret_key *sk );
|
||||
int find_secret_keyblock_byname( KBPOS *kbpos, const char *username );
|
||||
int lock_keyblock( KBPOS *kbpos );
|
||||
void unlock_keyblock( KBPOS *kbpos );
|
||||
|
14
g10/keygen.c
14
g10/keygen.c
@ -971,6 +971,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
||||
char *passphrase = NULL;
|
||||
DEK *dek = NULL;
|
||||
STRING2KEY *s2k = NULL;
|
||||
u32 cur_time;
|
||||
|
||||
/* break out the primary secret key */
|
||||
node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
|
||||
@ -981,6 +982,19 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
||||
|
||||
/* make a copy of the sk to keep the protected one in the keyblock */
|
||||
sk = copy_secret_key( NULL, node->pkt->pkt.secret_key );
|
||||
|
||||
cur_time = make_timestamp();
|
||||
if( sk->timestamp > cur_time ) {
|
||||
ulong d = sk->timestamp - cur_time;
|
||||
log_info( d==1 ? _("key has been created %lu second "
|
||||
"in future (time warp or clock problem)\n")
|
||||
: _("key has been created %lu seconds "
|
||||
"in future (time warp or clock problem)\n"), d );
|
||||
rc = G10ERR_TIME_CONFLICT;
|
||||
goto leave;
|
||||
}
|
||||
|
||||
|
||||
/* unprotect to get the passphrase */
|
||||
switch( is_secret_key_protected( sk ) ) {
|
||||
case -1:
|
||||
|
@ -480,6 +480,23 @@ find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk )
|
||||
return rc;
|
||||
}
|
||||
|
||||
/****************
|
||||
* Combined function to search for a key and get the position
|
||||
* of the keyblock.
|
||||
*/
|
||||
int
|
||||
find_keyblock_bysk( KBPOS *kbpos, PKT_secret_key *sk )
|
||||
{
|
||||
PACKET pkt;
|
||||
int rc;
|
||||
|
||||
init_packet( &pkt );
|
||||
pkt.pkttype = PKT_SECRET_KEY;
|
||||
pkt.pkt.secret_key = sk;
|
||||
rc = search( &pkt, kbpos, 0 );
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Combined function to search for a username and get the position
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* seckey-cert.c - secret key certifucate packet handling
|
||||
/* seckey-cert.c - secret key certificate packet handling
|
||||
* Copyright (C) 1998 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
|
@ -157,15 +157,22 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
|
||||
return G10ERR_PUBKEY_ALGO;
|
||||
}
|
||||
|
||||
if( pk->timestamp > sig->timestamp )
|
||||
if( pk->timestamp > sig->timestamp ) {
|
||||
ulong d = pk->timestamp - sig->timestamp;
|
||||
log_info( d==1
|
||||
? _("public key is %lu second newer than the signature\n")
|
||||
: _("public key is %lu seconds newer than the signature\n"),
|
||||
d );
|
||||
return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */
|
||||
}
|
||||
|
||||
cur_time = make_timestamp();
|
||||
if( pk->timestamp > cur_time ) {
|
||||
ulong d = pk->timestamp - cur_time;
|
||||
log_info(_("public key created %lu %s "
|
||||
"in future (time warp or clock problem)\n"),
|
||||
d, d==1? _("second"):_("seconds") );
|
||||
log_info( d==1 ? _("key has been created %lu second "
|
||||
"in future (time warp or clock problem)\n")
|
||||
: _("key has been created %lu seconds "
|
||||
"in future (time warp or clock problem)\n"), d );
|
||||
return G10ERR_TIME_CONFLICT;
|
||||
}
|
||||
|
||||
@ -331,7 +338,6 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
|
||||
|
||||
keyid_from_pk( pk, keyid );
|
||||
md = md_open( algo, 0 );
|
||||
/*md_start_debug(md, "check");*/
|
||||
hash_public_key( md, pk );
|
||||
hash_uid_node( unode, md, sig );
|
||||
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
|
||||
|
10
g10/sign.c
10
g10/sign.c
@ -47,6 +47,16 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
|
||||
byte *dp;
|
||||
int rc;
|
||||
|
||||
if( sk->timestamp > sig->timestamp ) {
|
||||
ulong d = sk->timestamp - sig->timestamp;
|
||||
log_info( d==1 ? _("key has been created %lu second "
|
||||
"in future (time warp or clock problem)\n")
|
||||
: _("key has been created %lu seconds "
|
||||
"in future (time warp or clock problem)\n"), d );
|
||||
return G10ERR_TIME_CONFLICT;
|
||||
}
|
||||
|
||||
|
||||
print_pubkey_algo_note(sk->pubkey_algo);
|
||||
|
||||
if( !digest_algo )
|
||||
|
@ -32,6 +32,7 @@
|
||||
#include "memory.h"
|
||||
#include "util.h"
|
||||
#include "i18n.h"
|
||||
#include "cipher.h"
|
||||
|
||||
|
||||
void
|
||||
@ -46,6 +47,19 @@ release_sk_list( SK_LIST sk_list )
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Check that we are only using keys which don't have
|
||||
* the string "(insecure!)" or "not secure" or "do not use"
|
||||
* in one of the user ids
|
||||
*/
|
||||
static int
|
||||
is_insecure( PKT_secret_key *sk )
|
||||
{
|
||||
|
||||
BUG();
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
|
||||
unsigned usage )
|
||||
@ -66,10 +80,15 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
|
||||
SK_LIST r;
|
||||
if( sk->version == 4 && (usage & PUBKEY_USAGE_SIG)
|
||||
&& sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
|
||||
log_error("this is a PGP generated "
|
||||
log_info("this is a PGP generated "
|
||||
"ElGamal key which is NOT secure for signatures!\n");
|
||||
free_secret_key( sk ); sk = NULL;
|
||||
}
|
||||
else if( random_is_faked() && !is_insecure( sk ) ) {
|
||||
log_info(_("key is not flagged as insecure - "
|
||||
"can't use it with the faked RNG!\n"));
|
||||
free_secret_key( sk ); sk = NULL;
|
||||
}
|
||||
else {
|
||||
r = m_alloc( sizeof *r );
|
||||
r->sk = sk; sk = NULL;
|
||||
@ -102,6 +121,11 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
|
||||
locusr->d );
|
||||
free_secret_key( sk ); sk = NULL;
|
||||
}
|
||||
else if( random_is_faked() && !is_insecure( sk ) ) {
|
||||
log_info(_("key is not flagged as insecure - "
|
||||
"can't use it with the faked RNG!\n"));
|
||||
free_secret_key( sk ); sk = NULL;
|
||||
}
|
||||
else {
|
||||
r = m_alloc( sizeof *r );
|
||||
r->sk = sk; sk = NULL;
|
||||
|
@ -62,8 +62,11 @@
|
||||
#define G10ERR_TIME_CONFLICT 40
|
||||
#define G10ERR_WR_PUBKEY_ALGO 41 /* unusabe pubkey algo */
|
||||
#define G10ERR_FILE_EXISTS 42
|
||||
#define G10ERR_WEAK_KEY 43 /* NOTE: hardcoded intothe cipher modules */
|
||||
#define G10ERR_WRONG_KEYLEN 44 /* NOTE: hardcoded intothe cipher modules */
|
||||
#define G10ERR_WEAK_KEY 43 /* NOTE: hardcoded into the cipher modules */
|
||||
#define G10ERR_WRONG_KEYLEN 44 /* NOTE: hardcoded into the cipher modules */
|
||||
#define G10ERR_INV_ARG 45
|
||||
#define G10ERR_BAD_URI 46 /* syntax error in URI */
|
||||
#define G10ERR_INVALID_URI 47 /* e.g. unsupported scheme */
|
||||
|
||||
|
||||
#ifndef HAVE_STRERROR
|
||||
|
@ -106,13 +106,17 @@ case "${target}" in
|
||||
m680[234]0*-*-linux* | m68k*-*-linux*)
|
||||
echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h
|
||||
cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h
|
||||
path="m68k/mc68020 m68k"
|
||||
;;
|
||||
m68060*-*-linux*)
|
||||
echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h
|
||||
cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h
|
||||
path="m68k"
|
||||
;;
|
||||
m68k-atari-mint)
|
||||
echo '#define MIT_SYNTAX' >>./mpi/asm-syntax.h
|
||||
cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h
|
||||
path="m68k/mc68020 m68k"
|
||||
;;
|
||||
m68000*-*-* | m68060*-*-*)
|
||||
echo '#define MIT_SYNTAX' >>./mpi/asm-syntax.h
|
||||
cat $srcdir/mpi/m68k/syntax.h >>./mpi/asm-syntax.h
|
||||
|
@ -1,3 +1,7 @@
|
||||
Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
* fr.po: Imported new version
|
||||
|
||||
Tue Dec 29 14:41:47 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
* pl.po: Janusz A. Urbanowicz contributed this one
|
||||
|
329
po/fr.po
329
po/fr.po
@ -4,9 +4,9 @@
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: gnupg 0.4.5a\n"
|
||||
"POT-Creation-Date: 1999-01-09 18:31+0100\n"
|
||||
"PO-Revision-Date: 1998-12-15 00:35+01:00\n"
|
||||
"Project-Id-Version: gnupg 0.9.0a\n"
|
||||
"POT-Creation-Date: 1999-01-11 02:14+0100\n"
|
||||
"PO-Revision-Date: 1999-01-09 00:25+01:00\n"
|
||||
"Last-Translator: Gaël Quéri <gqueri@mail.dotcom.fr>\n"
|
||||
"Language-Team: French <fr@li.org>\n"
|
||||
"MIME-Version: 1.0\n"
|
||||
@ -26,219 +26,176 @@ msgid "yY"
|
||||
msgstr "oO"
|
||||
|
||||
#: util/errors.c:54
|
||||
#, fuzzy
|
||||
msgid "general error"
|
||||
msgstr "Erreur générale"
|
||||
msgstr "erreur générale"
|
||||
|
||||
#: util/errors.c:55
|
||||
#, fuzzy
|
||||
msgid "unknown packet type"
|
||||
msgstr "Type de paquet inconnu"
|
||||
msgstr "type de paquet inconnu"
|
||||
|
||||
#: util/errors.c:56
|
||||
#, fuzzy
|
||||
msgid "unknown version"
|
||||
msgstr "Version inconnue"
|
||||
msgstr "version inconnue"
|
||||
|
||||
#: util/errors.c:57
|
||||
#, fuzzy
|
||||
msgid "unknown pubkey algorithm"
|
||||
msgstr "Algorithme de clé publique inconnu"
|
||||
msgstr "algorithme à clé publique inconnu"
|
||||
|
||||
#: util/errors.c:58
|
||||
#, fuzzy
|
||||
msgid "unknown digest algorithm"
|
||||
msgstr "Algorithme de hachage inconnu"
|
||||
msgstr "algorithme de hachage inconnu"
|
||||
|
||||
#: util/errors.c:59
|
||||
#, fuzzy
|
||||
msgid "bad public key"
|
||||
msgstr "Mauvaise clé publique"
|
||||
msgstr "mauvaise clé publique"
|
||||
|
||||
#: util/errors.c:60
|
||||
#, fuzzy
|
||||
msgid "bad secret key"
|
||||
msgstr "Mauvaise clé secrète"
|
||||
msgstr "mauvaise clé secrète"
|
||||
|
||||
#: util/errors.c:61
|
||||
#, fuzzy
|
||||
msgid "bad signature"
|
||||
msgstr "Mauvaise signature"
|
||||
msgstr "mauvaise signature"
|
||||
|
||||
#: util/errors.c:62
|
||||
#, fuzzy
|
||||
msgid "checksum error"
|
||||
msgstr "Erreur de checksum"
|
||||
msgstr "erreur de checksum"
|
||||
|
||||
#: util/errors.c:63
|
||||
#, fuzzy
|
||||
msgid "bad passphrase"
|
||||
msgstr "Mauvais mot de passe"
|
||||
msgstr "mauvais mot de passe"
|
||||
|
||||
#: util/errors.c:64
|
||||
#, fuzzy
|
||||
msgid "public key not found"
|
||||
msgstr "Clé publique non trouvée"
|
||||
msgstr "clé publique non trouvée"
|
||||
|
||||
#: util/errors.c:65
|
||||
#, fuzzy
|
||||
msgid "unknown cipher algorithm"
|
||||
msgstr "Algorithme de chiffrement inconnu"
|
||||
msgstr "algorithme de chiffrement inconnu"
|
||||
|
||||
#: util/errors.c:66
|
||||
#, fuzzy
|
||||
msgid "can't open the keyring"
|
||||
msgstr "Ne peut ouvrir le porte-clés"
|
||||
msgstr "ne peut ouvrir le porte-clés"
|
||||
|
||||
#: util/errors.c:67
|
||||
#, fuzzy
|
||||
msgid "invalid packet"
|
||||
msgstr "Paquet invalide"
|
||||
msgstr "paquet invalide"
|
||||
|
||||
#: util/errors.c:68
|
||||
#, fuzzy
|
||||
msgid "invalid armor"
|
||||
msgstr "Armure invalide"
|
||||
msgstr "armure invalide"
|
||||
|
||||
#: util/errors.c:69
|
||||
#, fuzzy
|
||||
msgid "no such user id"
|
||||
msgstr "Pas de tel utilisateur"
|
||||
msgstr "pas de tel utilisateur"
|
||||
|
||||
#: util/errors.c:70
|
||||
#, fuzzy
|
||||
msgid "secret key not available"
|
||||
msgstr "La clé secrète n'est pas disponible"
|
||||
msgstr "la clé secrète n'est pas disponible"
|
||||
|
||||
#: util/errors.c:71
|
||||
#, fuzzy
|
||||
msgid "wrong secret key used"
|
||||
msgstr "Mauvaise clé secrète utilisée"
|
||||
msgstr "mauvaise clé secrète utilisée"
|
||||
|
||||
#: util/errors.c:72
|
||||
#, fuzzy
|
||||
msgid "not supported"
|
||||
msgstr "Non supporté"
|
||||
msgstr "non supporté"
|
||||
|
||||
#: util/errors.c:73
|
||||
#, fuzzy
|
||||
msgid "bad key"
|
||||
msgstr "Mauvaise clé"
|
||||
msgstr "mauvaise clé"
|
||||
|
||||
#: util/errors.c:74
|
||||
#, fuzzy
|
||||
msgid "file read error"
|
||||
msgstr "Erreur de lecture"
|
||||
msgstr "erreur de lecture"
|
||||
|
||||
#: util/errors.c:75
|
||||
#, fuzzy
|
||||
msgid "file write error"
|
||||
msgstr "Erreur d'écriture"
|
||||
msgstr "erreur d'écriture"
|
||||
|
||||
#: util/errors.c:76
|
||||
#, fuzzy
|
||||
msgid "unknown compress algorithm"
|
||||
msgstr "Algorithme de compression inconnu"
|
||||
msgstr "algorithme de compression inconnu"
|
||||
|
||||
#: util/errors.c:77
|
||||
#, fuzzy
|
||||
msgid "file open error"
|
||||
msgstr "Erreur d'ouverture de fichier"
|
||||
msgstr "erreur d'ouverture de fichier"
|
||||
|
||||
#: util/errors.c:78
|
||||
#, fuzzy
|
||||
msgid "file create error"
|
||||
msgstr "Erreur de création de fichier"
|
||||
msgstr "erreur de création de fichier"
|
||||
|
||||
#: util/errors.c:79
|
||||
#, fuzzy
|
||||
msgid "invalid passphrase"
|
||||
msgstr "Mot de passe invalide"
|
||||
msgstr "mot de passe invalide"
|
||||
|
||||
#: util/errors.c:80
|
||||
#, fuzzy
|
||||
msgid "unimplemented pubkey algorithm"
|
||||
msgstr "Algorithme de clé publique non implémenté"
|
||||
msgstr "algorithme à clé publique non implémenté"
|
||||
|
||||
#: util/errors.c:81
|
||||
#, fuzzy
|
||||
msgid "unimplemented cipher algorithm"
|
||||
msgstr "Algorithme de chiffrement non implémenté"
|
||||
msgstr "algorithme de chiffrement non implémenté"
|
||||
|
||||
#: util/errors.c:82
|
||||
#, fuzzy
|
||||
msgid "unknown signature class"
|
||||
msgstr "Classe de signature inconnue"
|
||||
msgstr "classe de signature inconnue"
|
||||
|
||||
#: util/errors.c:83
|
||||
#, fuzzy
|
||||
msgid "trust database error"
|
||||
msgstr "Erreur dans la base de confiance"
|
||||
msgstr "erreur dans la base de confiance"
|
||||
|
||||
#: util/errors.c:84
|
||||
#, fuzzy
|
||||
msgid "bad MPI"
|
||||
msgstr "Mauvais entier en précision multiple"
|
||||
msgstr "mauvais entier en précision multiple (MPI)"
|
||||
|
||||
#: util/errors.c:85
|
||||
#, fuzzy
|
||||
msgid "resource limit"
|
||||
msgstr "Limite de ressources"
|
||||
msgstr "limite de ressources atteinte"
|
||||
|
||||
#: util/errors.c:86
|
||||
#, fuzzy
|
||||
msgid "invalid keyring"
|
||||
msgstr "Porte-clés invalide"
|
||||
msgstr "porte-clés invalide"
|
||||
|
||||
#: util/errors.c:87
|
||||
#, fuzzy
|
||||
msgid "bad certificate"
|
||||
msgstr "Mauvais certificat"
|
||||
msgstr "mauvais certificat"
|
||||
|
||||
#: util/errors.c:88
|
||||
#, fuzzy
|
||||
msgid "malformed user id"
|
||||
msgstr "Nom d'utilisateur malformé"
|
||||
msgstr "nom d'utilisateur malformé"
|
||||
|
||||
#: util/errors.c:89
|
||||
#, fuzzy
|
||||
msgid "file close error"
|
||||
msgstr "Erreur de fermeture de fichier"
|
||||
msgstr "erreur de fermeture de fichier"
|
||||
|
||||
#: util/errors.c:90
|
||||
#, fuzzy
|
||||
msgid "file rename error"
|
||||
msgstr "Erreur pendant le changement de nom du fichier"
|
||||
msgstr "erreur pendant le changement de nom du fichier"
|
||||
|
||||
#: util/errors.c:91
|
||||
#, fuzzy
|
||||
msgid "file delete error"
|
||||
msgstr "Erreur pendant la suppression du fichier"
|
||||
msgstr "erreur pendant la suppression du fichier"
|
||||
|
||||
#: util/errors.c:92
|
||||
#, fuzzy
|
||||
msgid "unexpected data"
|
||||
msgstr "Données inattendues"
|
||||
msgstr "données inattendues"
|
||||
|
||||
#: util/errors.c:93
|
||||
#, fuzzy
|
||||
msgid "timestamp conflict"
|
||||
msgstr "Conflit de dates"
|
||||
msgstr "conflit de dates"
|
||||
|
||||
#: util/errors.c:94
|
||||
#, fuzzy
|
||||
msgid "unusable pubkey algorithm"
|
||||
msgstr "Algorithme de clés publiques inutilisable"
|
||||
msgstr "algorithme de clés publiques inutilisable"
|
||||
|
||||
#: util/errors.c:95
|
||||
#, fuzzy
|
||||
msgid "file exists"
|
||||
msgstr "Le fichier existe"
|
||||
msgstr "le fichier existe"
|
||||
|
||||
#: util/errors.c:96
|
||||
#, fuzzy
|
||||
msgid "weak key"
|
||||
msgstr "Mauvaise clé"
|
||||
msgstr "mauvaise clé"
|
||||
|
||||
#: util/logger.c:178
|
||||
#, c-format
|
||||
@ -511,7 +468,7 @@ msgstr "(3 par d
|
||||
|
||||
#: g10/g10.c:242
|
||||
msgid "|KEYID|ulimately trust this key"
|
||||
msgstr "|IDCLE|donner une confiance totale à cette clé"
|
||||
msgstr "|ID CLE|donner une confiance totale à cette clé"
|
||||
|
||||
#: g10/g10.c:243
|
||||
msgid "|FILE|load extension module FILE"
|
||||
@ -524,7 +481,7 @@ msgstr "imiter le mode d
|
||||
# FIXMOI : faudra trouver mieux ...
|
||||
#: g10/g10.c:245
|
||||
msgid "|N|use passphrase mode N"
|
||||
msgstr "|N|utiliser le mode de mots de passe N"
|
||||
msgstr "|N|utiliser le mode de codage des mots de passe N"
|
||||
|
||||
#: g10/g10.c:247
|
||||
msgid "|NAME|use message digest algorithm NAME for passphrases"
|
||||
@ -532,7 +489,7 @@ msgstr "|NOM|utiliser le hachage NOM pour les mots de passe"
|
||||
|
||||
#: g10/g10.c:249
|
||||
msgid "|NAME|use cipher algorithm NAME for passphrases"
|
||||
msgstr "|NOM|utiliser le chiffrement NOM pour les mots de passe"
|
||||
msgstr "|NOM|utiliser le chiffre NOM pour les mots de passe"
|
||||
|
||||
#: g10/g10.c:251
|
||||
msgid "|NAME|use cipher algorithm NAME"
|
||||
@ -774,58 +731,55 @@ msgid "invalid clearsig header\n"
|
||||
msgstr "en-tête de signature claire invalide\n"
|
||||
|
||||
#: g10/armor.c:414
|
||||
#, fuzzy
|
||||
msgid "nested clear text signatures\n"
|
||||
msgstr "|[fichier]|faire une signature en texte clair"
|
||||
msgstr "signatures en texte clair imbriquées\n"
|
||||
|
||||
#: g10/armor.c:530
|
||||
#: g10/armor.c:533
|
||||
msgid "invalid dash escaped line: "
|
||||
msgstr "ligne de traits d'échappement invalide : "
|
||||
|
||||
#: g10/armor.c:538
|
||||
#, fuzzy
|
||||
#: g10/armor.c:541
|
||||
msgid "unexpected armor:"
|
||||
msgstr "Données inattendues"
|
||||
msgstr "armure inattendue :"
|
||||
|
||||
#: g10/armor.c:624
|
||||
#: g10/armor.c:627
|
||||
#, c-format
|
||||
msgid "invalid radix64 character %02x skipped\n"
|
||||
msgstr "caractère %02x invalide en base 64 ignoré\n"
|
||||
|
||||
#: g10/armor.c:654
|
||||
#: g10/armor.c:657
|
||||
msgid "premature eof (no CRC)\n"
|
||||
msgstr "fin de fichier prématurée (pas de CRC)\n"
|
||||
|
||||
#: g10/armor.c:671
|
||||
#: g10/armor.c:674
|
||||
msgid "premature eof (in CRC)\n"
|
||||
msgstr "fin de fichier prématurée (dans le CRC)\n"
|
||||
|
||||
#: g10/armor.c:675
|
||||
#: g10/armor.c:678
|
||||
msgid "malformed CRC\n"
|
||||
msgstr "CRC malformé\n"
|
||||
|
||||
#: g10/armor.c:679
|
||||
#: g10/armor.c:682
|
||||
#, c-format
|
||||
msgid "CRC error; %06lx - %06lx\n"
|
||||
msgstr "Erreur de CRC ; %06lx - %06lx\n"
|
||||
|
||||
#: g10/armor.c:696
|
||||
#: g10/armor.c:699
|
||||
msgid "premature eof (in Trailer)\n"
|
||||
msgstr "fin de fichier prématurée (dans la remorque)\n"
|
||||
|
||||
#: g10/armor.c:700
|
||||
#: g10/armor.c:703
|
||||
msgid "error in trailer line\n"
|
||||
msgstr "erreur dans la ligne de remorque\n"
|
||||
|
||||
#: g10/armor.c:961
|
||||
#, fuzzy
|
||||
#: g10/armor.c:964
|
||||
msgid "no valid OpenPGP data found.\n"
|
||||
msgstr "pas de donnée RFC1991 ou OpenPGP valide trouvée.\n"
|
||||
msgstr "aucune de donnée OpenPGP valide n'a été trouvée.\n"
|
||||
|
||||
#: g10/armor.c:963
|
||||
#: g10/armor.c:966
|
||||
#, c-format
|
||||
msgid "invalid armor: line longer than %d characters\n"
|
||||
msgstr ""
|
||||
msgstr "armure invalide : ligne plus longue que %d caractères\n"
|
||||
|
||||
#: g10/pkclist.c:138
|
||||
#, c-format
|
||||
@ -864,11 +818,10 @@ msgstr " m = retour au menu principal\n"
|
||||
|
||||
#: g10/pkclist.c:159
|
||||
msgid " q = quit\n"
|
||||
msgstr ""
|
||||
msgstr " q = quitter\n"
|
||||
|
||||
#. a string with valid answers
|
||||
#: g10/pkclist.c:164
|
||||
#, fuzzy
|
||||
msgid "sSmMqQ"
|
||||
msgstr "sSmMqQ"
|
||||
|
||||
@ -1126,7 +1079,7 @@ msgid ""
|
||||
"computations take REALLY long!\n"
|
||||
msgstr ""
|
||||
"Les tailles supérieures à 2048 ne sont pas conseillées car\n"
|
||||
"les calculs sont VRAIMENT longs!\n"
|
||||
"les calculs prennent VRAIMENT beaucoup de temps !\n"
|
||||
|
||||
#: g10/keygen.c:464
|
||||
msgid "Are you sure that you want this keysize? "
|
||||
@ -1137,7 +1090,7 @@ msgid ""
|
||||
"Okay, but keep in mind that your monitor and keyboard radiation is also very "
|
||||
"vulnerable to attacks!\n"
|
||||
msgstr ""
|
||||
"D'accord, mais n'oubliez pas que votre écran et les radiations du clavier "
|
||||
"D'accord, mais n'oubliez pas que votre écran et les radiations du clavier\n"
|
||||
"sont aussi très vulnérables aux attaques!\n"
|
||||
|
||||
#: g10/keygen.c:473
|
||||
@ -1291,11 +1244,11 @@ msgid ""
|
||||
"network and the disks) during the prime generation; this gives the random\n"
|
||||
"number generator a better chance to gain enough entropy.\n"
|
||||
msgstr ""
|
||||
"Beaucoup d'octets aléatoires doivent être générés. Vous devriez\n"
|
||||
"faire quelque-chose d'autre (travailler dans une autre fenêtre, bouger la\n"
|
||||
"Un grand nombre d'octets aléatoires doit être généré. Vous devriez\n"
|
||||
"faire autre-chose (travailler dans une autre fenêtre, déplacer la\n"
|
||||
"souris, utiliser le réseau et les disques) pendant la génération de nombres\n"
|
||||
"premiers ; cela permet au générateur de nombres aléatoires d'obtenir une\n"
|
||||
"entropie suffisante plus facilement.\n"
|
||||
"premiers ; cela donne au générateur de nombres aléatoires une meilleure\n"
|
||||
"chance d'avoir assez d'entropie.\n"
|
||||
|
||||
#: g10/keygen.c:827
|
||||
msgid "Key generation can only be used in interactive mode\n"
|
||||
@ -1981,7 +1934,7 @@ msgid "Key not changed so no update needed.\n"
|
||||
msgstr "La clé n'a pas changé donc la mise à jour est inutile.\n"
|
||||
|
||||
#: g10/keyedit.c:669 g10/keyedit.c:727
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "update of trustdb failed: %s\n"
|
||||
msgstr "la mise à jour de la base de confiance a échoué : %s\n"
|
||||
|
||||
@ -2060,7 +2013,6 @@ msgid "No secondary key with index %d\n"
|
||||
msgstr "Pas de clé secondaire avec l'index %d\n"
|
||||
|
||||
#: g10/mainproc.c:198
|
||||
#, fuzzy
|
||||
msgid "public key encrypted data: good DEK\n"
|
||||
msgstr "données chiffrées avec la clé publique : bonne clé de chiffrement\n"
|
||||
|
||||
@ -2123,9 +2075,8 @@ msgid "can't disable core dumps: %s\n"
|
||||
msgstr "ne peut empêcher la génération de fichiers core : %s\n"
|
||||
|
||||
#: g10/misc.c:93
|
||||
#, fuzzy
|
||||
msgid "WARNING: program may create a core file!\n"
|
||||
msgstr "ATTENTION : Le programme peut créer un fichier core !\n"
|
||||
msgstr "ATTENTION : Le programme peut créer un fichier « core » !\n"
|
||||
|
||||
#: g10/misc.c:200
|
||||
msgid "Experimental algorithms should not be used!\n"
|
||||
@ -2140,11 +2091,10 @@ msgstr ""
|
||||
"et l'utiliser dans l'avenir\n"
|
||||
|
||||
#: g10/misc.c:235
|
||||
#, fuzzy
|
||||
msgid "this cipher algorithm is depreciated; please use a more standard one!\n"
|
||||
msgstr ""
|
||||
"Cet algorithme de chiffrement est déconseillé ; utilisez-en un\n"
|
||||
"plus standard!\n"
|
||||
"plus standard !\n"
|
||||
|
||||
#: g10/parse-packet.c:113
|
||||
#, c-format
|
||||
@ -2167,14 +2117,14 @@ msgstr ""
|
||||
"l'utilisateur: \""
|
||||
|
||||
#: g10/passphrase.c:150
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "%u-bit %s key, ID %08lX, created %s"
|
||||
msgstr "(clé de %u bits %s, ID %08lX, créée le %s)\n"
|
||||
msgstr "clé de %u bits %s, ID %08lX, créée le %s"
|
||||
|
||||
#: g10/passphrase.c:155
|
||||
#, c-format
|
||||
msgid " (main key ID %08lX)"
|
||||
msgstr ""
|
||||
msgstr " (ID clé principale %08lX)"
|
||||
|
||||
#: g10/passphrase.c:183
|
||||
msgid "Enter passphrase: "
|
||||
@ -2209,9 +2159,8 @@ msgid "anonymous receiver; trying secret key %08lX ...\n"
|
||||
msgstr "destinataire anonyme ; essai de la clé secrète %08lX ...\n"
|
||||
|
||||
#: g10/pubkey-enc.c:84
|
||||
#, fuzzy
|
||||
msgid "okay, we are the anonymous recipient.\n"
|
||||
msgstr "d'accord, nous sommes le destinataire anonyme.\n"
|
||||
msgstr "d'accord, nous sommes le récipient anonyme.\n"
|
||||
|
||||
#: g10/pubkey-enc.c:136
|
||||
msgid "old encoding of the DEK is not supported\n"
|
||||
@ -2245,19 +2194,18 @@ msgstr ""
|
||||
"signatures!\n"
|
||||
|
||||
#: g10/sig-check.c:166
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "public key created %lu %s in future (time warp or clock problem)\n"
|
||||
msgstr ""
|
||||
"clé publique créée dans le futur (voyage dans le temps ou problème\n"
|
||||
"d'horloge)\n"
|
||||
"clé publique créée %lu %s dans le futur\n"
|
||||
|
||||
#: g10/sig-check.c:168
|
||||
msgid "second"
|
||||
msgstr ""
|
||||
msgstr "seconde"
|
||||
|
||||
#: g10/sig-check.c:168
|
||||
msgid "seconds"
|
||||
msgstr ""
|
||||
msgstr "secondes"
|
||||
|
||||
#: g10/sig-check.c:173
|
||||
#, c-format
|
||||
@ -2302,7 +2250,6 @@ msgstr ""
|
||||
"%s\n"
|
||||
|
||||
#: g10/tdbio.c:232
|
||||
#, fuzzy
|
||||
msgid "trustdb transaction too large\n"
|
||||
msgstr "transaction de base de confiance trop volumineuse\n"
|
||||
|
||||
@ -2337,17 +2284,17 @@ msgid "%s: failed to create version record: %s"
|
||||
msgstr "%s : n'a pas pu créer un enregistrement de version : %s"
|
||||
|
||||
#: g10/tdbio.c:477
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "%s: invalid trustdb created\n"
|
||||
msgstr "%s : base de confiance invalide créée\n"
|
||||
|
||||
#: g10/tdbio.c:479
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "%s: trustdb created\n"
|
||||
msgstr "%s : base de confiance créée\n"
|
||||
|
||||
#: g10/tdbio.c:512
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "%s: invalid trustdb\n"
|
||||
msgstr "%s : base de confiance invalide\n"
|
||||
|
||||
@ -2421,10 +2368,9 @@ msgid "%s: failed to append a record: %s\n"
|
||||
msgstr "%s : n'a pas pu ajouter un enregistrement : %s\n"
|
||||
|
||||
#: g10/trustdb.c:142
|
||||
#, fuzzy
|
||||
msgid "The trustdb is corrupted; please run \"gpgm --fix-trustdb\".\n"
|
||||
msgstr ""
|
||||
"La base de confiance est corrompue ; exécutez « gpgm --fix-trust-db ».\n"
|
||||
"La base de confiance est corrompue ; exécutez « gpgm --fix-trustdb ».\n"
|
||||
|
||||
#: g10/trustdb.c:155
|
||||
#, c-format
|
||||
@ -2444,9 +2390,9 @@ msgid "trust record %lu: delete failed: %s\n"
|
||||
msgstr "enregistrement de confiance %lu : la suppression a échoué : %s\n"
|
||||
|
||||
#: g10/trustdb.c:198
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "trustdb: sync failed: %s\n"
|
||||
msgstr "base de confiance a échoué : la synchronisation a échoué : %s\n"
|
||||
msgstr "base de confiance : la synchronisation a échoué : %s\n"
|
||||
|
||||
#: g10/trustdb.c:327
|
||||
#, c-format
|
||||
@ -2476,9 +2422,9 @@ msgid "chained sigrec %lu has a wrong owner\n"
|
||||
msgstr "l'enregistrement de signature %lu a un mauvais propriétaire\n"
|
||||
|
||||
#: g10/trustdb.c:463
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "'%s' is not a valid long keyID\n"
|
||||
msgstr "`%s' n'est pas une identification longue de clé valide\n"
|
||||
msgstr "'%s' n'est pas une identification longue de clé valide\n"
|
||||
|
||||
#: g10/trustdb.c:498
|
||||
#, c-format
|
||||
@ -2559,29 +2505,29 @@ msgid "Ooops, no user ids\n"
|
||||
msgstr "Ooops, pas de nom d'utilisateur\n"
|
||||
|
||||
#: g10/trustdb.c:1088 g10/trustdb.c:1106
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "user '%s' read problem: %s\n"
|
||||
msgstr "problème de lecture de l'utilisateur `%s' : %s\n"
|
||||
msgstr "problème de lecture de l'utilisateur '%s' : %s\n"
|
||||
|
||||
#: g10/trustdb.c:1091 g10/trustdb.c:1109
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "user '%s' list problem: %s\n"
|
||||
msgstr "problème de liste à l'utilisateur `%s' : %s\n"
|
||||
msgstr "problème de liste à l'utilisateur '%s' : %s\n"
|
||||
|
||||
#: g10/trustdb.c:1099 g10/trustdb.c:1346
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "user '%s' not found: %s\n"
|
||||
msgstr "l'utilisateur `%s' n'a pas été trouvé : %s\n"
|
||||
msgstr "l'utilisateur '%s' n'a pas été trouvé : %s\n"
|
||||
|
||||
#: g10/trustdb.c:1101 g10/trustdb.c:1348
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "problem finding '%s' in trustdb: %s\n"
|
||||
msgstr "problème de recherche de `%s' dans la base de confiance : %s\n"
|
||||
msgstr "problème de recherche de '%s' dans la base de confiance : %s\n"
|
||||
|
||||
#: g10/trustdb.c:1104
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "user '%s' not in trustdb\n"
|
||||
msgstr "l'utilisateur `%s' n'est pas dans la base de confiance\n"
|
||||
msgstr "l'utilisateur '%s' n'est pas dans la base de confiance\n"
|
||||
|
||||
#: g10/trustdb.c:1139
|
||||
#, c-format
|
||||
@ -2643,14 +2589,14 @@ msgid "error finding dir record: %s\n"
|
||||
msgstr "erreur pendant la recherche de l'enregistrement de répertoire : %s\n"
|
||||
|
||||
#: g10/trustdb.c:1351
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "user '%s' not in trustdb - inserting\n"
|
||||
msgstr "l'utilisateur `%s' n'est pas dans la base de confiance - insertion\n"
|
||||
msgstr "l'utilisateur '%s' n'est pas dans la base de confiance - insertion\n"
|
||||
|
||||
#: g10/trustdb.c:1354
|
||||
#, fuzzy, c-format
|
||||
#, c-format
|
||||
msgid "failed to put '%s' into trustdb: %s\n"
|
||||
msgstr "n'a pas pu insérer `%s' dans la base de confiance : %s\n"
|
||||
msgstr "n'a pas pu insérer '%s' dans la base de confiance : %s\n"
|
||||
|
||||
#: g10/trustdb.c:1404
|
||||
#, c-format
|
||||
@ -3035,7 +2981,6 @@ msgid "encrypted with unknown algorithm %d\n"
|
||||
msgstr "chiffré avec l'algorithme inconnu %d\n"
|
||||
|
||||
#: g10/encr-data.c:74
|
||||
#, fuzzy
|
||||
msgid ""
|
||||
"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
|
||||
msgstr ""
|
||||
@ -3058,9 +3003,9 @@ msgstr ""
|
||||
msgid "edit_ownertrust.value"
|
||||
msgstr ""
|
||||
"C'est à vous d'assigner une valeur ici ; cette valeur ne sera jamais\n"
|
||||
"exportée à une tierce personne. Nous en avons besoin pour créer le\n"
|
||||
"einvoyée à une tierce personne. Nous en avons besoin pour créer le\n"
|
||||
"réseau de confiance (web-of-trust) ; cela n'a rien à voir avec le\n"
|
||||
"réseau de certificats (créé implicitement)"
|
||||
"réseau des certificats (créé implicitement)"
|
||||
|
||||
#: g10/helptext.c:54
|
||||
msgid "revoked_key.override"
|
||||
@ -3078,7 +3023,22 @@ msgstr "Entrez l'adresse de la personne
|
||||
|
||||
#: g10/helptext.c:66
|
||||
msgid "keygen.algo"
|
||||
msgstr "Sélectionnez l'algorithme à utiliser:"
|
||||
msgstr ""
|
||||
"Sélectionnez l'algorithme à utiliser.\n"
|
||||
"DSA (alias DSS) est l'algorithme de signatures électroniques qui ne peut\n"
|
||||
"être utilisé que pour les signatures. C'est l'algorithme recommandé car\n"
|
||||
"la vérification des signatures DSA est beaucoup plus rapide que celle des\n"
|
||||
"signatures ElGamal.\n"
|
||||
"ElGamal est un algorithme pouvant à la fois être utilisé pour les\n"
|
||||
"signatures et le chiffrement. OpenPGP en distingue deux sortes :\n"
|
||||
"l'une destinée uniquement au chiffrement et l'autre pouvant aussi bien\n"
|
||||
"servir aux signatures ; elles sont en fait identiques mais certains\n"
|
||||
"paramètres doivent être spécialement choisis pour que la clé génère des\n"
|
||||
"signatures sures : ce programme est capable de le faire mais les autres\n"
|
||||
"implémentaions de OpenPGP ne sont pas obligées d'accepter cette forme de\n"
|
||||
"clé.\n"
|
||||
"La première clé (clé principale) doit toujours être capable de signer ;\n"
|
||||
"c'est pourquoi la clé ElGamal de chiffrement seul est alors désactivée."
|
||||
|
||||
#: g10/helptext.c:82
|
||||
msgid "keygen.algo.elg_se"
|
||||
@ -3089,35 +3049,35 @@ msgstr ""
|
||||
|
||||
#: g10/helptext.c:89
|
||||
msgid "keygen.size"
|
||||
msgstr ""
|
||||
msgstr "Entrez la taille de la clé"
|
||||
|
||||
#: g10/helptext.c:93
|
||||
msgid "keygen.size.huge.okay"
|
||||
msgstr ""
|
||||
msgstr "Répondez « oui » ou « non »"
|
||||
|
||||
#: g10/helptext.c:98
|
||||
msgid "keygen.size.large.okay"
|
||||
msgstr ""
|
||||
msgstr "Répondez « oui » ou « non »"
|
||||
|
||||
#: g10/helptext.c:103
|
||||
msgid "keygen.valid"
|
||||
msgstr ""
|
||||
msgstr "Entrez la valeur demandée"
|
||||
|
||||
#: g10/helptext.c:107
|
||||
msgid "keygen.valid.okay"
|
||||
msgstr ""
|
||||
msgstr "Répondez « oui » ou « non »"
|
||||
|
||||
#: g10/helptext.c:112
|
||||
msgid "keygen.name"
|
||||
msgstr ""
|
||||
msgstr "Entrez le nom du propriétaire de la clé"
|
||||
|
||||
#: g10/helptext.c:117
|
||||
msgid "keygen.email"
|
||||
msgstr ""
|
||||
msgstr "Entrez une adresse e-mail optionnelle mais hautement recommandée"
|
||||
|
||||
#: g10/helptext.c:121
|
||||
msgid "keygen.comment"
|
||||
msgstr ""
|
||||
msgstr "Entrez un commentaire optionnel"
|
||||
|
||||
#: g10/helptext.c:126
|
||||
msgid "keygen.userid.cmd"
|
||||
@ -3134,35 +3094,37 @@ msgstr "R
|
||||
|
||||
#: g10/helptext.c:139
|
||||
msgid "sign_uid.okay"
|
||||
msgstr ""
|
||||
msgstr "Répondez « oui » ou « non »"
|
||||
|
||||
#: g10/helptext.c:144
|
||||
msgid "change_passwd.empty.okay"
|
||||
msgstr ""
|
||||
msgstr "Répondez « oui » ou « non »"
|
||||
|
||||
#: g10/helptext.c:149
|
||||
msgid "keyedit.cmd"
|
||||
msgstr "Entrez « aide » pour voir la liste des commandes."
|
||||
msgstr "Entrez « help » pour voir la liste des commandes."
|
||||
|
||||
#: g10/helptext.c:153
|
||||
msgid "keyedit.save.okay"
|
||||
msgstr ""
|
||||
msgstr "Répondez « oui » ou « non »"
|
||||
|
||||
#: g10/helptext.c:158
|
||||
msgid "keyedit.cancel.okay"
|
||||
msgstr ""
|
||||
msgstr "Répondez « oui » ou « non »"
|
||||
|
||||
#: g10/helptext.c:162
|
||||
msgid "keyedit.sign_all.okay"
|
||||
msgstr ""
|
||||
msgstr "Répondez « oui » si vous voulez signer TOUS les noms d'utilisateurs"
|
||||
|
||||
#: g10/helptext.c:166
|
||||
msgid "keyedit.remove.uid.okay"
|
||||
msgstr ""
|
||||
"Répondez « oui » si vous voulez vraiment supprimer ce nom\n"
|
||||
"d'utilisateur. Tous les certificats seront alors perdus en même temps !"
|
||||
|
||||
#: g10/helptext.c:171
|
||||
msgid "keyedit.remove.subkey.okay"
|
||||
msgstr ""
|
||||
msgstr "Entrez « oui » s'il faut vraiment supprimer la sous-clé"
|
||||
|
||||
#: g10/helptext.c:175
|
||||
msgid "passphrase.enter"
|
||||
@ -3177,11 +3139,11 @@ msgstr ""
|
||||
|
||||
#: g10/helptext.c:186
|
||||
msgid "detached_signature.filename"
|
||||
msgstr ""
|
||||
msgstr "Donnez le nom du fichier auquel la signature se rapporte"
|
||||
|
||||
#: g10/helptext.c:190
|
||||
msgid "openfile.overwrite.okay"
|
||||
msgstr ""
|
||||
msgstr "Entrez « oui » s'il faut vraiment réécrire le fichier"
|
||||
|
||||
#: g10/helptext.c:204
|
||||
msgid "No help available"
|
||||
@ -3191,12 +3153,3 @@ msgstr "Pas d'aide disponible"
|
||||
#, c-format
|
||||
msgid "No help available for `%s'"
|
||||
msgstr "Pas d'aide disponible pour `%s'"
|
||||
|
||||
#~ msgid "invalid clear text header: "
|
||||
#~ msgstr "en-tête de texte clair invalide : "
|
||||
|
||||
#~ msgid "LID %lu: changing trust from %u to %u\n"
|
||||
#~ msgstr "LID %lu : changement de la confiance de %u vers %u\n"
|
||||
|
||||
#~ msgid "LID %lu: setting trust to %u\n"
|
||||
#~ msgstr "LID %lu : la confiance est maintenant %u\n"
|
||||
|
3
scripts/config.guess
vendored
3
scripts/config.guess
vendored
@ -138,6 +138,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
atari*:OpenBSD:*:*)
|
||||
echo m68k-unknown-openbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
atari*:[Mm]i[Nn][Tt]:*:*)
|
||||
echo m68k-atari-mint
|
||||
exit 0 ;;
|
||||
sun3*:NetBSD:*:*)
|
||||
echo m68k-sun-netbsd${UNAME_RELEASE}
|
||||
exit 0 ;;
|
||||
|
@ -94,6 +94,9 @@ g10_errstr( int err )
|
||||
X(WR_PUBKEY_ALGO ,N_("unusable pubkey algorithm"))
|
||||
X(FILE_EXISTS ,N_("file exists"))
|
||||
X(WEAK_KEY ,N_("weak key"))
|
||||
X(INV_ARG ,N_("invalid argument"))
|
||||
X(BAD_URI ,N_("bad URI"))
|
||||
X(INVALID_URI ,N_("unsupported URI"))
|
||||
default: p = buf; sprintf(buf, "g10err=%d", err); break;
|
||||
}
|
||||
#undef X
|
||||
|
Loading…
x
Reference in New Issue
Block a user