See ChangeLog: Mon Jul 12 18:45:57 CEST 1999 Werner Koch

BUGS

@@ -49,6 +49,7 @@ and after about half a day in the rsync snapshots.
 [ **] #19 1999-06-11
     "trustdb transaction too large" with about 500 signatures on a key
     FAEBD5FC.
+    FIX: 1999-07-12  (less memory requirement and increased the limit)
 
 
 Next #22

Makefile.am

@@ -23,7 +23,7 @@ dist-hook:
 	sed -e 's/@pkg_version@/$(VERSION)/g' \
 	    $(top_srcdir)/scripts/gnupg.spec.in \
 	    > $(distdir)/scripts/gnupg.spec
-	rm $(distdir)/gcrypt/*.[ch]
+	-rm $(distdir)/gcrypt/*.[ch]
 
 
 if MAINTAINER_MODE

NEWS

@@ -11,6 +11,9 @@
     * New script tools/lspgpot to help transferring assigned
       trustvalues from PGP to GnuPG.
 
+    * New commands --lsign-key and made --sign-key a shortcut for --edit
+      and sign.
+
 
 Noteworthy changes in version 0.9.8
 -----------------------------------

TODO

@@ -39,4 +39,5 @@ Nice to have
   * for messages created with "-t", it might make sense to append the
     verification status of the message to the output (i.e. write something to
     the --output file and not only to stderr.
+  * configure option where to find zlib
 

VERSION

@@ -1 +1 @@
-0.9.8a
+0.9.8b

doc/gpg.sgml

@@ -355,6 +355,19 @@ trust value.  Letters are used for the values:</para>
     </variablelist>
 </listitem></varlistentry>
 
+<varlistentry>
+<term>--sign-key &ParmName;</term>
+<listitem><para>
+Sign a public key with you secret key.	This is a shortcut version
+of the subcommand <term>sign</term> from --edit.
+</para></listitem></varlistentry>
+
+<varlistentry>
+<term>--lsign-key &ParmName;</term>
+<listitem><para>
+Sign a public key with you secret key but mark it as non-exportable.
+This is a shortcut version of the subcommand <term>lsign</term> from --edit.
+</para></listitem></varlistentry>
 
 <varlistentry>
 <term>--delete-key &ParmName;</term>

g10/ChangeLog

@@ -1,3 +1,9 @@
+Mon Jul 12 18:45:57 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+
+	* keyedit.c (keyedit_menu): Add arg sign_mode and changed callers
+	* g10.c (main): New command --lsign-key.
+
 Mon Jul 12 14:55:34 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 

g10/g10.c

@@ -70,6 +70,7 @@ enum cmd_and_opt_values { aNull = 0,
     aKeygen,
     aSignEncr,
     aSignKey,
+    aLSignKey,
     aListPackets,
     aEditKey,
     aDeleteKey,
@@ -190,9 +191,11 @@ static ARGPARSE_OPTS opts[] = {
     { aCheckKeys, "check-sigs",256, N_("check key signatures")},
     { oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")},
     { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
-    { aKeygen, "gen-key",   256, N_("generate a new key pair")},
+    { aKeygen,	   "gen-key",  256, N_("generate a new key pair")},
     { aDeleteKey, "delete-key",256, N_("remove key from the public keyring")},
-    { aEditKey, "edit-key"  ,256, N_("sign or edit a key")},
+    { aSignKey,  "sign-key"   ,256, N_("sign a key")},
+    { aLSignKey, "lsign-key"  ,256, N_("sign a key locally")},
+    { aEditKey,  "edit-key"   ,256, N_("sign or edit a key")},
     { aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")},
     { aExport, "export"           , 256, N_("export keys") },
     { aSendKeys, "send-keys"     , 256, N_("export keys to a key server") },
@@ -283,7 +286,6 @@ static ARGPARSE_OPTS opts[] = {
     { aListTrustPath, "list-trust-path",0, "@"},
     { oKOption, NULL,	 0, "@"},
     { oPasswdFD, "passphrase-fd",1, "@" },
-    { aSignKey, "sign-key"  ,256, "@" }, /* alias for edit-key */
     { aDeleteSecretKey, "delete-secret-key",0, "@" },
     { oQuickRandom, "quick-random", 0, "@"},
     { oNoVerbose, "no-verbose", 0, "@"},
@@ -662,6 +664,7 @@ main( int argc, char **argv )
 	  case aSign: set_cmd( &cmd, aSign );  break;
 	  case aKeygen: set_cmd( &cmd, aKeygen); break;
 	  case aSignKey: set_cmd( &cmd, aSignKey); break;
+	  case aLSignKey: set_cmd( &cmd, aLSignKey); break;
 	  case aStore: set_cmd( &cmd, aStore); break;
 	  case aEditKey: set_cmd( &cmd, aEditKey); break;
 	  case aClearsign: set_cmd( &cmd, aClearsign); break;
@@ -1044,26 +1047,43 @@ main( int argc, char **argv )
 
 
       case aSignKey: /* sign the key given as argument */
+	if( argc != 1 )
+	    wrong_args(_("--sign-key user-id"));
+	username = make_username( fname );
+	keyedit_menu(fname, locusr, NULL, 1 );
+	m_free(username);
+	break;
+
+      case aLSignKey:
+	if( argc != 1 )
+	    wrong_args(_("--lsign-key user-id"));
+	username = make_username( fname );
+	keyedit_menu(fname, locusr, NULL, 2 );
+	m_free(username);
+	break;
+
       case aEditKey: /* Edit a key signature */
 	if( !argc )
-	    wrong_args(_("--edit-key username [commands]"));
+	    wrong_args(_("--edit-key user-id [commands]"));
+	username = make_username( fname );
 	if( argc > 1 ) {
 	    sl = NULL;
 	    for( argc--, argv++ ; argc; argc--, argv++ )
-		append_to_strlist2( &sl, *argv, utf8_strings );
-	    keyedit_menu( fname, locusr, sl );
+		append_to_strlist( &sl, *argv );
+	    keyedit_menu( username, locusr, sl, 0 );
 	    free_strlist(sl);
 	}
 	else
-	    keyedit_menu(fname, locusr, NULL );
+	    keyedit_menu(username, locusr, NULL, 0 );
+	m_free(username);
 	break;
 
       case aDeleteSecretKey:
 	if( argc != 1 )
-	    wrong_args(_("--delete-secret-key username"));
+	    wrong_args(_("--delete-secret-key user-id"));
       case aDeleteKey:
 	if( argc != 1 )
-	    wrong_args(_("--delete-key username"));
+	    wrong_args(_("--delete-key user-id"));
 	username = make_username( fname );
 	if( (rc = delete_key(username, cmd==aDeleteSecretKey)) )
 	    log_error("%s: delete key failed: %s\n", username, g10_errstr(rc) );
@@ -1290,7 +1310,7 @@ main( int argc, char **argv )
 
       case aListTrustPath:
 	if( !argc )
-	    wrong_args("--list-trust-path <usernames>");
+	    wrong_args("--list-trust-path <user-ids>");
 	for( ; argc; argc--, argv++ ) {
 	    username = make_username( *argv );
 	    list_trust_path( username );

g10/keyedit.c

@@ -538,13 +538,15 @@ fix_keyblock( KBNODE keyblock )
 }
 
 /****************
- * Menu driven key editor
+ * Menu driven key editor.  If sign_mode is true semi-automatical signing
+ * will be performed. commands are ignore in this case
  *
  * Note: to keep track of some selection we use node->mark MARKBIT_xxxx.
  */
 
 void
-keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
+keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
+						    int sign_mode )
 {
     enum cmdids { cmdNONE = 0,
 	   cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
@@ -552,44 +554,45 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	   cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY,
 	   cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
 	   cmdENABLEKEY, cmdDISABLEKEY,
-	   cmdNOP };
+	   cmdINVCMD, cmdNOP };
     static struct { const char *name;
 		    enum cmdids id;
 		    int need_sk;
+		    int signmode;
 		    const char *desc;
 		  } cmds[] = {
-	{ N_("quit")    , cmdQUIT   , 0, N_("quit this menu") },
-	{ N_("q")       , cmdQUIT   , 0, NULL   },
-	{ N_("save")    , cmdSAVE   , 0, N_("save and quit") },
-	{ N_("help")    , cmdHELP   , 0, N_("show this help") },
-	{    "?"        , cmdHELP   , 0, NULL   },
-	{ N_("fpr")     , cmdFPR    , 0, N_("show fingerprint") },
-	{ N_("list")    , cmdLIST   , 0, N_("list key and user ids") },
-	{ N_("l")       , cmdLIST   , 0, NULL   },
-	{ N_("uid")     , cmdSELUID , 0, N_("select user id N") },
-	{ N_("key")     , cmdSELKEY , 0, N_("select secondary key N") },
-	{ N_("check")   , cmdCHECK  , 0, N_("list signatures") },
-	{ N_("c")       , cmdCHECK  , 0, NULL },
-	{ N_("sign")    , cmdSIGN   , 0, N_("sign the key") },
-	{ N_("s")       , cmdSIGN   , 0, NULL },
-	{ N_("lsign")   , cmdLSIGN  , 0, N_("sign the key locally") },
-	{ N_("debug")   , cmdDEBUG  , 0, NULL },
-	{ N_("adduid")  , cmdADDUID , 1, N_("add a user id") },
-	{ N_("deluid")  , cmdDELUID , 0, N_("delete user id") },
-	{ N_("addkey")  , cmdADDKEY , 1, N_("add a secondary key") },
-	{ N_("delkey")  , cmdDELKEY , 0, N_("delete a secondary key") },
-	{ N_("delsig")  , cmdDELSIG , 0, N_("delete signatures") },
-	{ N_("expire")  , cmdEXPIRE , 1, N_("change the expire date") },
-	{ N_("toggle")  , cmdTOGGLE , 1, N_("toggle between secret "
-					    "and public key listing") },
-	{ N_("t"     )  , cmdTOGGLE , 1, NULL },
-	{ N_("pref")    , cmdPREF  , 0, N_("list preferences") },
-	{ N_("passwd")  , cmdPASSWD , 1, N_("change the passphrase") },
-	{ N_("trust")   , cmdTRUST , 0, N_("change the ownertrust") },
-	{ N_("revsig")  , cmdREVSIG , 0, N_("revoke signatures") },
-	{ N_("revkey")  , cmdREVKEY , 1, N_("revoke a secondary key") },
-	{ N_("disable") , cmdDISABLEKEY , 0, N_("disable a key") },
-	{ N_("enable")  , cmdENABLEKEY , 0, N_("enable a key") },
+	{ N_("quit")    , cmdQUIT      , 0,1, N_("quit this menu") },
+	{ N_("q")       , cmdQUIT      , 0,1, NULL   },
+	{ N_("save")    , cmdSAVE      , 0,1, N_("save and quit") },
+	{ N_("help")    , cmdHELP      , 0,1, N_("show this help") },
+	{    "?"        , cmdHELP      , 0,1, NULL   },
+	{ N_("fpr")     , cmdFPR       , 0,1, N_("show fingerprint") },
+	{ N_("list")    , cmdLIST      , 0,1, N_("list key and user ids") },
+	{ N_("l")       , cmdLIST      , 0,1, NULL   },
+	{ N_("uid")     , cmdSELUID    , 0,1, N_("select user id N") },
+	{ N_("key")     , cmdSELKEY    , 0,0, N_("select secondary key N") },
+	{ N_("check")   , cmdCHECK     , 0,1, N_("list signatures") },
+	{ N_("c")       , cmdCHECK     , 0,1, NULL },
+	{ N_("sign")    , cmdSIGN      , 0,1, N_("sign the key") },
+	{ N_("s")       , cmdSIGN      , 0,1, NULL },
+	{ N_("lsign")   , cmdLSIGN     , 0,1, N_("sign the key locally") },
+	{ N_("debug")   , cmdDEBUG     , 0,0, NULL },
+	{ N_("adduid")  , cmdADDUID    , 1,0, N_("add a user id") },
+	{ N_("deluid")  , cmdDELUID    , 0,0, N_("delete user id") },
+	{ N_("addkey")  , cmdADDKEY    , 1,0, N_("add a secondary key") },
+	{ N_("delkey")  , cmdDELKEY    , 0,0, N_("delete a secondary key") },
+	{ N_("delsig")  , cmdDELSIG    , 0,0, N_("delete signatures") },
+	{ N_("expire")  , cmdEXPIRE    , 1,0, N_("change the expire date") },
+	{ N_("toggle")  , cmdTOGGLE    , 1,0, N_("toggle between secret "
+						 "and public key listing") },
+	{ N_("t"     )  , cmdTOGGLE    , 1,0, NULL },
+	{ N_("pref")    , cmdPREF      , 0,0,  N_("list preferences") },
+	{ N_("passwd")  , cmdPASSWD    , 1,0, N_("change the passphrase") },
+	{ N_("trust")   , cmdTRUST     , 0,0,  N_("change the ownertrust") },
+	{ N_("revsig")  , cmdREVSIG    , 0,0, N_("revoke signatures") },
+	{ N_("revkey")  , cmdREVKEY    , 1,0, N_("revoke a secondary key") },
+	{ N_("disable") , cmdDISABLEKEY, 0,0, N_("disable a key") },
+	{ N_("enable")  , cmdENABLEKEY , 0,0, N_("enable a key") },
 
     { NULL, cmdNONE } };
     enum cmdids cmd = 0;
@@ -612,18 +615,27 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	goto leave;
     }
 
-    /* first try to locate it as secret key */
-    rc = find_secret_keyblock_byname( &sec_keyblockpos, username );
-    if( !rc ) {
-	rc = read_keyblock( &sec_keyblockpos, &sec_keyblock );
-	if( rc ) {
-	    log_error("%s: secret keyblock read problem: %s\n",
-					    username, g10_errstr(rc));
-	    goto leave;
+    if( sign_mode ) {
+	commands = NULL;
+	append_to_strlist( &commands, sign_mode == 1? "sign":"lsign" );
+	have_commands = 1;
+    }
+
+
+    if( !sign_mode ) {
+	/* first try to locate it as secret key */
+	rc = find_secret_keyblock_byname( &sec_keyblockpos, username );
+	if( !rc ) {
+	    rc = read_keyblock( &sec_keyblockpos, &sec_keyblock );
+	    if( rc ) {
+		log_error("%s: secret keyblock read problem: %s\n",
+						username, g10_errstr(rc));
+		goto leave;
+	    }
+	    merge_keys_and_selfsig( sec_keyblock );
+	    if( fix_keyblock( sec_keyblock ) )
+		sec_modified++;
 	}
-	merge_keys_and_selfsig( sec_keyblock );
-	if( fix_keyblock( sec_keyblock ) )
-	    sec_modified++;
     }
 
     /* and now get the public key */
@@ -636,7 +648,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	modified++;
 
     if( sec_keyblock ) { /* check that they match */
-	/* FIXME: check that they both match */
+	/* fixme: check that they both match */
 	tty_printf(_("Secret key is available.\n"));
     }
 
@@ -689,10 +701,13 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 		arg_number = atoi(p);
 	    }
 
-	    for(i=0; cmds[i].name; i++ )
+	    for(i=0; cmds[i].name; i++ ) {
 		if( !stricmp( answer, cmds[i].name ) )
 		    break;
-	    if( cmds[i].need_sk && !sec_keyblock ) {
+	    }
+	    if( sign_mode && !cmds[i].signmode )
+		cmd = cmdINVCMD;
+	    else if( cmds[i].need_sk && !sec_keyblock ) {
 		tty_printf(_("Need the secret key to do this.\n"));
 		cmd = cmdNOP;
 	    }
@@ -702,53 +717,15 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	switch( cmd )  {
 	  case cmdHELP:
 	    for(i=0; cmds[i].name; i++ ) {
-		if( cmds[i].need_sk && !sec_keyblock )
+		if( sign_mode && !cmds[i].signmode )
+		    ;
+		else if( cmds[i].need_sk && !sec_keyblock )
 		    ; /* skip if we do not have the secret key */
 		else if( cmds[i].desc )
 		    tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
 	    }
 	    break;
 
-	  case cmdQUIT:
-	    if( have_commands )
-		goto leave;
-	    if( !modified && !sec_modified )
-		goto leave;
-	    if( !cpr_get_answer_is_yes("keyedit.save.okay",
-					_("Save changes? ")) ) {
-		if( cpr_enabled()
-		    || cpr_get_answer_is_yes("keyedit.cancel.okay",
-					     _("Quit without saving? ")) )
-		    goto leave;
-		break;
-	    }
-	    /* fall thru */
-	  case cmdSAVE:
-	    if( modified || sec_modified  ) {
-		if( modified ) {
-		    rc = update_keyblock( &keyblockpos, keyblock );
-		    if( rc ) {
-			log_error(_("update failed: %s\n"), g10_errstr(rc) );
-			break;
-		    }
-		}
-		if( sec_modified ) {
-		    rc = update_keyblock( &sec_keyblockpos, sec_keyblock );
-		    if( rc ) {
-			log_error(_("update secret failed: %s\n"),
-							    g10_errstr(rc) );
-			break;
-		    }
-		}
-	    }
-	    else
-		tty_printf(_("Key not changed so no update needed.\n"));
-	    rc = update_trust_record( keyblock, 0, NULL );
-	    if( rc )
-		log_error(_("update of trustdb failed: %s\n"),
-			    g10_errstr(rc) );
-	    goto leave;
-
 	  case cmdLIST:
 	    redisplay = 1;
 	    break;
@@ -783,7 +760,9 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 		    break;
 		}
 	    }
-	    sign_uids( keyblock, locusr, &modified, cmd == cmdLSIGN );
+	    if( !sign_uids( keyblock, locusr, &modified, cmd == cmdLSIGN )
+		&& sign_mode )
+		goto do_cmd_save;
 	    break;
 
 	  case cmdDEBUG:
@@ -944,6 +923,53 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	    }
 	    break;
 
+	  case cmdQUIT:
+	    if( have_commands )
+		goto leave;
+	    if( !modified && !sec_modified )
+		goto leave;
+	    if( !cpr_get_answer_is_yes("keyedit.save.okay",
+					_("Save changes? ")) ) {
+		if( cpr_enabled()
+		    || cpr_get_answer_is_yes("keyedit.cancel.okay",
+					     _("Quit without saving? ")) )
+		    goto leave;
+		break;
+	    }
+	    /* fall thru */
+	  case cmdSAVE:
+	  do_cmd_save:
+	    if( modified || sec_modified  ) {
+		if( modified ) {
+		    rc = update_keyblock( &keyblockpos, keyblock );
+		    if( rc ) {
+			log_error(_("update failed: %s\n"), g10_errstr(rc) );
+			break;
+		    }
+		}
+		if( sec_modified ) {
+		    rc = update_keyblock( &sec_keyblockpos, sec_keyblock );
+		    if( rc ) {
+			log_error(_("update secret failed: %s\n"),
+							    g10_errstr(rc) );
+			break;
+		    }
+		}
+	    }
+	    else
+		tty_printf(_("Key not changed so no update needed.\n"));
+	    /* TODO: we should keep track whether we have changed
+	     *	     something relevant to the trustdb */
+	    if( !modified && sign_mode )
+		rc = 0; /* we can skip at least in this case */
+	    else
+		rc = update_trust_record( keyblock, 0, NULL );
+	    if( rc )
+		log_error(_("update of trustdb failed: %s\n"),
+			    g10_errstr(rc) );
+	    goto leave;
+
+	  case cmdINVCMD:
 	  default:
 	    tty_printf("\n");
 	    tty_printf(_("Invalid command  (try \"help\")\n"));

g10/main.h

@@ -87,7 +87,8 @@ int check_key_signature2( KBNODE root, KBNODE node,
 int delete_key( const char *username, int secure );
 
 /*-- keyedit.c --*/
-void keyedit_menu( const char *username, STRLIST locusr, STRLIST cmds );
+void keyedit_menu( const char *username, STRLIST locusr, STRLIST cmds,
+							    int sign_mode );
 
 /*-- keygen.c --*/
 u32 ask_expiredate(void);

g10/sig-check.c

@@ -433,9 +433,11 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
     sig = node->pkt->pkt.signature;
     algo = sig->digest_algo;
 
+  #if 0 /* I am not sure whether this is a good thing to do */
     if( sig->flags.checked )
 	log_debug("check_key_signature: already checked: %s\n",
 		      sig->flags.valid? "good":"bad" );
+  #endif
 
     if( (rc=check_digest_algo(algo)) )
 	return rc;