diff --git a/AUTHORS b/AUTHORS index 55f4c85f2..bd1d528e3 100644 --- a/AUTHORS +++ b/AUTHORS @@ -16,7 +16,7 @@ List of Copyright holders ========================= Copyright (C) 1997-2019 Werner Koch - Copyright (C) 2003-2022 g10 Code GmbH + Copyright (C) 2003-2023 g10 Code GmbH Copyright (C) 1994-2021 Free Software Foundation, Inc. Copyright (C) 2002 Klarälvdalens Datakonsult AB Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper diff --git a/Makefile.am b/Makefile.am index 796255b5f..6a2508b11 100644 --- a/Makefile.am +++ b/Makefile.am @@ -24,7 +24,7 @@ # Location of the released tarball archives. This is prefixed by # the variable RELEASE_ARCHIVE in ~/.gnupg-autogen.rc. For example: # RELEASE_ARCHIVE=user@host:archive/tarballs -RELEASE_ARCHIVE_SUFFIX = gnupg/v2.3 +RELEASE_ARCHIVE_SUFFIX = gnupg/v2.4 # The variable RELEASE_SIGNKEY in ~/.gnupg-autogen.rc is used # to specify the key for signing. For example: # RELEASE_SIGNKEY=D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 @@ -238,11 +238,26 @@ release: ./autogen.sh --force; \ cd $(abs_top_builddir); \ rm -rf dist; mkdir dist ; cd dist ; \ + mkopt=""; \ + if [ -n "$$CUSTOM_SWDB" ]; then \ + mkopt="CUSTOM_SWB=1"; \ + x=$$(grep '^OVERRIDE_TARBALLS=' \ + $$HOME/.gnupg-autogen.rc|cut -d= -f2);\ + if [ -f "$$x/swdb.lst" ]; then \ + echo "/* Copying swdb.lst from the overrides directory */"; \ + cp "$$x/swdb.lst" . ; \ + cp "$$x/swdb.lst.sig" . ; \ + fi; \ + fi; \ + echo "/* Running configure */";\ $(abs_top_srcdir)/configure --enable-maintainer-mode; \ + echo "/* Running make distcheck */";\ $(MAKE) distcheck TESTFLAGS=--parallel; \ + echo "/* Unpacking release */";\ $(AMTAR) xjf $(RELEASE_NAME).tar.bz2 ;\ target=w32-release ;\ [ -n "$(WITH_MSI)" ] && target=w32-msi-release ;\ + echo "/* Running $(MAKE) -f $(RELEASE_NAME)/build-aux/speedo.mk $${target} */";\ $(MAKE) -f $(RELEASE_NAME)/build-aux/speedo.mk $${target} ;\ echo "/* Build finished at $$(date -uIseconds) */" ;\ echo "/*" ;\ diff --git a/NEWS b/NEWS index 47142e7e3..a2b63f851 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,74 @@ -Noteworthy changes in version 2.3.9 (unreleased) +Noteworthy changes in version 2.4.1 (unreleased) ------------------------------------------------ +Noteworthy changes in version 2.4.0 (2022-12-16) +------------------------------------------------ + + * gpg: New command --quick-update-pref. [rGd40d23b233] + + * gpg: New list-options show-pref and show-pref-verbose. + [rG811cfa34cb] + + * gpg: New option --list-filter to restrict key listings like + gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519' + [rG1324dc3490] + + * gpg: New --export-filter export-revocs. [rGc985b52e71] + + * gpg: Also import stray revocation certificates. [rG7aaedfb107] + + * gpg: Add a notation to encryption subkeys in de-vs mode. [T6279] + + * gpg: Improve signature verification speed by a factor of more than + four. Double detached signing speed. [T5826] + + * gpg: Allow only OCB for AEAD encryption. [rG5a2cef801d] + + * gpg: Fix trusted introducer for mbox only user-ids. [T6238] + + * gpg: Report an error via status-fd for receiving a key from the + agent. [T5151] + + * gpg: Make --require-compliance work without the --status-fd + option. [rG2aacd843ad] + + * gpg: Fix verification of cleartext signatures with overlong lines. + [T6272] + + * agent: Fix import of protected OpenPGP v5 keys. [T6294] + + * gpgsm: Change the default cipher algorithm from AES128 to AES256. + Also announce support for this in signatures. [rG2d8ac55d26] + + * gpgsm: Always use the chain validation model if the root-CA + requests this. [rG7fa1d3cc82] + + * gpgsm: Print OCSP revocation date and reason in cert listings. + [rGb6abaed2b5] + + * agent: Support Win32-OpenSSH emulation by gpg-agent. [T3883] + + * scd: Support the Telesec Signature Card v2.0. [T6252] + + * scd: Redact --debug cardio output of a VERIFY APDU. [T5085] + + * scd: Skip deleted pkcs#15 records in CARDOS 5. [rG061efac03f] + + * dirmngr: Fix build with no LDAP support. [T6239] + + * dirmngr: Fix verification of ECDSA signed CRLs. [rG868dabb402] + + * wkd: New option --add-revocs for gpg-wks-client. [rGc3f9f2d497] + + * wkd: Ignore expired user-ids in gpg-wks-client. [T6292] + + * card: New commands "gpg" and "gpgsm". [rG9c4691c73e] + + See-also: gnupg-announce/2022q4/000477.html + Release-info: https://dev.gnupg.org/T6303 + + Noteworthy changes in version 2.3.8 (2022-10-13) ------------------------------------------------ @@ -61,6 +128,7 @@ Noteworthy changes in version 2.3.8 (2022-10-13) GNUPG_EXEC_DEBUG_FLAGS is used. [rG4ef8516a79] Release-info: https://dev.gnupg.org/T6106 + See-also: gnupg-announce/2022q4/000476.html Noteworthy changes in version 2.3.7 (2022-07-11) @@ -142,6 +210,7 @@ Noteworthy changes in version 2.3.7 (2022-07-11) * gpgconf: New short options -V and -X Release-info: https://dev.gnupg.org/T5947 + See-also: gnupg-announce/2022q3/000474.html Noteworthy changes in version 2.3.6 (2022-04-25) @@ -1469,6 +1538,12 @@ Noteworthy changes in version 2.3.0 (2021-04-07) Release dates of 2.2 versions ----------------------------- +Version 2.2.40 (2022-10-10) https://dev.gnupg.org/T6181 +Version 2.2.39 (2022-09-02) https://dev.gnupg.org/T6175 +Version 2.2.38 (2022-09-01) https://dev.gnupg.org/T6159 +Version 2.2.37 (2022-08-24) https://dev.gnupg.org/T6105 +Version 2.2.36 (2022-07-06) https://dev.gnupg.org/T5949 +Version 2.2.35 (2022-04-25) https://dev.gnupg.org/T5928 Version 2.2.34 (2022-02-07) https://dev.gnupg.org/T5703 Version 2.2.33 (2021-11-23) https://dev.gnupg.org/T5641 Version 2.2.32 (2021-10-06) https://dev.gnupg.org/T5601 diff --git a/README b/README index 299bf1001..42eed238f 100644 --- a/README +++ b/README @@ -1,10 +1,10 @@ - The GNU Privacy Guard 2 - ========================= - Version 2.3 + The GNU Privacy Guard + ======================= + Version 2.4 Copyright 1997-2019 Werner Koch Copyright 1998-2021 Free Software Foundation, Inc. - Copyright 2003-2022 g10 Code GmbH + Copyright 2003-2023 g10 Code GmbH * INTRODUCTION @@ -27,7 +27,7 @@ * BUILD INSTRUCTIONS - GnuPG 2.3 depends on the following GnuPG related packages: + GnuPG 2.4 depends on the following GnuPG related packages: npth (https://gnupg.org/ftp/gcrypt/npth/) libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/) @@ -74,7 +74,7 @@ You may run - gpgconf --list-dirs + gpgconf -L to view the directories used by GnuPG. @@ -113,6 +113,31 @@ * RECOMMENDATIONS +** Key database daemon + + Since version 2.3.0 it is possible to store the keys in an SQLite + database instead of the keyring.kbx file. This is in particular + useful for large keyrings or if many instances of gpg and gpgsm may + run concurrently. This is implemented using another daemon process, + the "keyboxd". To enable the use of the keyboxd put the option + "use-keyboxd" into the configuration file ~/.gnupg/common.conf or the + global /etc/gnupg/common.conf. See also doc/examples/common.conf. + Only public keys and X.509 certificates are managed by the keyboxd; + private keys are still stored as separate files. + + Note that there is no automatic migration; if the use-keyboxd option + is enabled keys are not taken from pubring.kbx. To migrate existing + keys to the keyboxd do this: + + 1. Disable the keyboxd (remove use-keyboxd from common.conf) + 2. Export all public keys + gpg --export --export-options backup > allkeys.gpg + gpgsm --export --armor > allcerts.gpg + 3. Enable the keyboxd (add use-keyboxd to common.conf) + 4. Import all public keys + gpg --import --import-options restore < allkeys.gpg + gpgsm --import < allcerts.crt + ** Socket directory GnuPG uses Unix domain sockets to connect its components (on Windows @@ -203,8 +228,7 @@ offers see https://gnupg.org/service.html . Maintaining and improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH, a German company owned and headed by GnuPG's principal author Werner - Koch, is bearing the majority of these costs. To keep GnuPG in a - healthy state, they need your support. + Koch, is bearing the majority of these costs. # This file is Free Software; as a special exception the authors gives # unlimited permission to copy and/or distribute it, with or without diff --git a/agent/Makefile.am b/agent/Makefile.am index fe2d7d222..4da1ea9d8 100644 --- a/agent/Makefile.am +++ b/agent/Makefile.am @@ -19,10 +19,8 @@ bin_PROGRAMS = gpg-agent libexec_PROGRAMS = gpg-protect-tool -if !HAVE_W32CE_SYSTEM # fixme: Do no use simple-pwquery for preset-passphrase. libexec_PROGRAMS += gpg-preset-passphrase -endif noinst_PROGRAMS = $(TESTS) EXTRA_DIST = ChangeLog-2011 gpg-agent-w32info.rc all-tests.scm @@ -66,11 +64,7 @@ gpg_agent_SOURCES = \ common_libs = $(libcommon) commonpth_libs = $(libcommonpth) -if HAVE_W32CE_SYSTEM -pwquery_libs = -else pwquery_libs = ../common/libsimple-pwquery.a -endif gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) \ @@ -79,7 +73,7 @@ gpg_agent_LDADD = $(commonpth_libs) \ $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) \ $(resource_objs) -gpg_agent_LDFLAGS = $(extra_bin_ldflags) +gpg_agent_LDFLAGS = gpg_agent_DEPENDENCIES = $(resource_objs) gpg_protect_tool_SOURCES = \ diff --git a/agent/command.c b/agent/command.c index 8b5434bfb..c113caba7 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2624,7 +2624,7 @@ cmd_scd (assuan_context_t ctx, char *line) argc = split_fields (l, argv, DIM (argv)); /* These commands are allowed. */ - if ((argc == 1 && !strcmp (argv[0], "SERIALNO")) + if ((argc >= 1 && !strcmp (argv[0], "SERIALNO")) || (argc == 2 && !strcmp (argv[0], "GETINFO") && !strcmp (argv[1], "version")) diff --git a/am/cmacros.am b/am/cmacros.am index e71bc4e9d..d6d466fb6 100644 --- a/am/cmacros.am +++ b/am/cmacros.am @@ -57,19 +57,6 @@ if GNUPG_DIRMNGR_LDAP_PGM AM_CPPFLAGS += -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\"" endif -# Under Windows we use LockFileEx. WindowsCE provides this only on -# the WindowsMobile 6 platform and thus we need to use the coredll6 -# import library. We also want to use a stacksize of 256k instead of -# the 2MB which is the default with cegcc. 256k is the largest stack -# we use with pth. -if HAVE_W32CE_SYSTEM -extra_sys_libs = -lcoredll6 -extra_bin_ldflags = -Wl,--stack=0x40000 -else -extra_sys_libs = -extra_bin_ldflags = -endif - if HAVE_W32_SYSTEM .rc.o: $(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@" diff --git a/autogen.sh b/autogen.sh index 4b511bf95..0abf10342 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,6 +1,6 @@ #! /bin/sh # autogen.sh -# Copyright (C) 2003, 2014, 2017, 2018 g10 Code GmbH +# Copyright (C) 2003, 2014, 2017, 2018, 2022 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -15,7 +15,7 @@ # configure it for the respective package. It is maintained as part of # GnuPG and source copied by other packages. # -# Version: 2018-02-21 +# Version: 2022-12-09 configure_ac="configure.ac" @@ -137,8 +137,6 @@ extraoptions= # List of optional variables sourced from autogen.rc and ~/.gnupg-autogen.rc w32_toolprefixes= w32_extraoptions= -w32ce_toolprefixes= -w32ce_extraoptions= w64_toolprefixes= w64_extraoptions= amd64_toolprefixes= @@ -146,7 +144,6 @@ amd64_toolprefixes= # What follows are variables which are sourced but default to # environment variables or lacking them hardcoded values. #w32root= -#w32ce_root= #w64root= #amd64root= @@ -163,11 +160,6 @@ case "$1" in myhost="w32" shift ;; - --build-w32ce) - myhost="w32" - myhostsub="ce" - shift - ;; --build-w64) myhost="w32" myhostsub="64" @@ -274,12 +266,6 @@ fi # ****************** if [ "$myhost" = "w32" ]; then case $myhostsub in - ce) - w32root="$w32ce_root" - [ -z "$w32root" ] && w32root="$HOME/w32ce_root" - toolprefixes="$w32ce_toolprefixes arm-mingw32ce" - extraoptions="$extraoptions $w32ce_extraoptions" - ;; 64) w32root="$w64root" [ -z "$w32root" ] && w32root="$HOME/w64root" diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 1453a6187..56e317275 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -141,6 +141,10 @@ help-wixlib: @echo 'Afterwards w32-msi-release will also build a wixlib.' +# NB: we can't use +$(MAKE) here because we would need to define the +# dependencies of our packages. This does not make much sense given that +# we have a clear order in how they are build and concurrent builds +# would anyway clutter up the logs. SPEEDOMAKE := $(MAKE) -f $(SPEEDO_MK) UPD_SWDB=1 native: check-tools @@ -235,7 +239,7 @@ STATIC=0 # external packages. TARBALLS=$(shell pwd)/../tarballs -# Number of parallel make jobs +# Number of parallel make jobs for each package MAKE_J=3 # Name to use for the w32 installer and sources @@ -258,6 +262,8 @@ $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_CERTS)) $(eval $(call READ_AUTOGEN_template,OSSLSIGNCODE)) $(eval $(call READ_AUTOGEN_template,OSSLPKCS11ENGINE)) $(eval $(call READ_AUTOGEN_template,SCUTEMODULE)) +$(eval $(call READ_AUTOGEN_template,OVERRIDE_TARBALLS)) + # All files given in AUTHENTICODE_FILES are signed before # they are put into the installer. @@ -267,6 +273,7 @@ AUTHENTICODE_FILES= \ gpg-agent.exe \ gpg-connect-agent.exe \ gpg-preset-passphrase.exe \ + gpg-check-pattern.exe \ gpg-wks-client.exe \ gpg.exe \ gpgconf.exe \ @@ -884,14 +891,14 @@ endif # The playground area is our scratch area, where we unpack, build and # install the packages. $(stampdir)/stamp-directories: - $(MKDIR) $(root) || true - $(MKDIR) $(stampdir) || true - $(MKDIR) $(sdir) || true - $(MKDIR) $(bdir) || true - $(MKDIR) $(idir) || true + $(MKDIR) -p $(root) + $(MKDIR) -p $(stampdir) + $(MKDIR) -p $(sdir) + $(MKDIR) -p $(bdir) + $(MKDIR) -p $(idir) ifeq ($(TARGETOS),w32) - $(MKDIR) $(bdir6) || true - $(MKDIR) $(idir6) || true + $(MKDIR) -p $(bdir6) + $(MKDIR) -p $(idir6) endif touch $(stampdir)/stamp-directories @@ -1010,6 +1017,13 @@ $(stampdir)/stamp-$(1)-00-unpack: $(stampdir)/stamp-directories cd "$$$${pkg}"; \ AUTOGEN_SH_SILENT=1 ./autogen.sh; \ elif [ -n "$$$${tar}" ]; then \ + tar2="$(OVERRIDE_TARBALLS)/$$$$(basename $$$${tar})";\ + if [ -f "$$$${tar2}" ]; then \ + tar="$$$$tar2"; \ + echo "speedo: /*"; \ + echo "speedo: * Note: using an override"; \ + echo "speedo: */"; \ + fi; \ echo "speedo: unpacking $(1) from $$$${tar}"; \ case "$$$${tar}" in \ *.gz) pretar=zcat ;; \ @@ -1535,9 +1549,10 @@ endif # -# Check availibility of standard tools +# Check availibility of standard tools and prepare everything. # -check-tools: +check-tools: $(stampdir)/stamp-directories + # diff --git a/common/compliance.c b/common/compliance.c index 33a19fe06..59d94038d 100644 --- a/common/compliance.c +++ b/common/compliance.c @@ -83,7 +83,9 @@ gnupg_initialize_compliance (int gnupg_module_name) log_assert (! initialized); /* We accept both OpenPGP-style and gcrypt-style algorithm ids. - * Assert that they are compatible. */ + * Assert that they are compatible. At some places gcrypt ids are + * used which can't be encoded in an OpenPGP algo octet; we also + * assert this. */ log_assert ((int) GCRY_PK_RSA == (int) PUBKEY_ALGO_RSA); log_assert ((int) GCRY_PK_RSA_E == (int) PUBKEY_ALGO_RSA_E); log_assert ((int) GCRY_PK_RSA_S == (int) PUBKEY_ALGO_RSA_S); @@ -91,6 +93,9 @@ gnupg_initialize_compliance (int gnupg_module_name) log_assert ((int) GCRY_PK_DSA == (int) PUBKEY_ALGO_DSA); log_assert ((int) GCRY_PK_ECC == (int) PUBKEY_ALGO_ECDH); log_assert ((int) GCRY_PK_ELG == (int) PUBKEY_ALGO_ELGAMAL); + log_assert ((int) GCRY_PK_ECDSA > 255); + log_assert ((int) GCRY_PK_ECDH > 255); + log_assert ((int) GCRY_PK_EDDSA > 255); log_assert ((int) GCRY_CIPHER_NONE == (int) CIPHER_ALGO_NONE); log_assert ((int) GCRY_CIPHER_IDEA == (int) CIPHER_ALGO_IDEA); log_assert ((int) GCRY_CIPHER_3DES == (int) CIPHER_ALGO_3DES); @@ -159,6 +164,9 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo, case PUBKEY_ALGO_ECDH: case PUBKEY_ALGO_ECDSA: case PUBKEY_ALGO_EDDSA: + case GCRY_PK_ECDSA: + case GCRY_PK_ECDH: + case GCRY_PK_EDDSA: algotype = is_ecc; break; @@ -211,7 +219,9 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo, result = (curvename && (algo == PUBKEY_ALGO_ECDH - || algo == PUBKEY_ALGO_ECDSA) + || algo == PUBKEY_ALGO_ECDSA + || algo == GCRY_PK_ECDH + || algo == GCRY_PK_ECDSA) && (!strcmp (curvename, "brainpoolP256r1") || !strcmp (curvename, "brainpoolP384r1") || !strcmp (curvename, "brainpoolP512r1"))); @@ -292,6 +302,7 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance, break; case PUBKEY_ALGO_ECDH: + case GCRY_PK_ECDH: if (use == PK_USE_DECRYPTION) result = 1; else if (use == PK_USE_ENCRYPTION) @@ -316,6 +327,7 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance, break; case PUBKEY_ALGO_ECDSA: + case GCRY_PK_ECDSA: if (use == PK_USE_VERIFICATION) result = 1; else @@ -341,6 +353,10 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance, case PUBKEY_ALGO_EDDSA: + if (use == PK_USE_VERIFICATION) + result = 1; + else /* We may not create such signatures in de-vs mode. */ + result = 0; break; default: diff --git a/common/compliance.h b/common/compliance.h index 455efa544..ead11472c 100644 --- a/common/compliance.h +++ b/common/compliance.h @@ -45,7 +45,7 @@ enum gnupg_compliance_mode enum pk_use_case { PK_USE_ENCRYPTION, PK_USE_DECRYPTION, - PK_USE_SIGNING, PK_USE_VERIFICATION, + PK_USE_SIGNING, PK_USE_VERIFICATION }; /* Flags to distinguish public key algorithm variants. */ diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index e03c9fe0d..b29e2f124 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -1110,6 +1110,20 @@ spawn_detached (gnupg_process_t process, return 0; } +void +gnupg_spawn_helper (struct spawn_cb_arg *sca) +{ + int *user_except = sca->arg; +#ifdef HAVE_W32_SYSTEM + if (user_except[0] == -1) + sca->ask_inherit = 0; + else + sca->ask_inherit = 1; +#else + sca->except_fds = user_except; +#endif +} + gpg_err_code_t gnupg_process_spawn (const char *pgmname, const char *argv1[], unsigned int flags, diff --git a/common/exechelp.h b/common/exechelp.h index 6375d9d10..cd91d3e39 100644 --- a/common/exechelp.h +++ b/common/exechelp.h @@ -249,6 +249,9 @@ struct spawn_cb_arg { #define GNUPG_PROCESS_STREAM_NONBLOCK (1 << 16) +/* Spawn helper. */ +void gnupg_spawn_helper (struct spawn_cb_arg *sca); + /* Spawn PGMNAME. */ gpg_err_code_t gnupg_process_spawn (const char *pgmname, const char *argv[], unsigned int flags, diff --git a/common/exectool.c b/common/exectool.c index b7882b401..9a8e61c20 100644 --- a/common/exectool.c +++ b/common/exectool.c @@ -305,20 +305,6 @@ copy_buffer_flush (struct copy_buffer *c, estream_t sink) } -static void -setup_close_all (struct spawn_cb_arg *sca) -{ - int *user_except = sca->arg; -#ifdef HAVE_W32_SYSTEM - if (user_except[0] == -1) - sca->ask_inherit = 0; - else - sca->ask_inherit = 1; -#else - sca->except_fds = user_except; -#endif -} - /* Run the program PGMNAME with the command line arguments given in * the NULL terminates array ARGV. If INPUT is not NULL it will be * fed to stdin of the process. stderr is logged using log_info and @@ -433,7 +419,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[], : GNUPG_PROCESS_STDIN_NULL) | GNUPG_PROCESS_STDOUT_PIPE | GNUPG_PROCESS_STDERR_PIPE), - setup_close_all, exceptclose, &proc); + gnupg_spawn_helper, exceptclose, &proc); gnupg_process_get_streams (proc, GNUPG_PROCESS_STREAM_NONBLOCK, input? &infp : NULL, &outfp, &errfp); if (extrapipe[0] != -1) diff --git a/common/init.c b/common/init.c index 269119ff1..62a48f8c7 100644 --- a/common/init.c +++ b/common/init.c @@ -30,6 +30,9 @@ #include #ifdef HAVE_W32_SYSTEM +# if _WIN32_WINNT < 0x0600 +# define _WIN32_WINNT 0x0600 /* Required for SetProcessDEPPolicy. */ +# endif # ifdef HAVE_WINSOCK2_H # include # endif @@ -213,7 +216,21 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp) log_set_socket_dir_cb (gnupg_socketdir); #if HAVE_W32_SYSTEM - /* For Standard Windows we use our own parser for the command line + /* Make sure that Data Execution Prevention is enabled. */ + if (GetSystemDEPPolicy () >= 2) + { + DWORD flags; + BOOL perm; + + if (!GetProcessDEPPolicy (GetCurrentProcess (), &flags, &perm)) + log_info ("error getting DEP policy: %s\n", + w32_strerror (GetLastError())); + else if (!(flags & PROCESS_DEP_ENABLE) + && !SetProcessDEPPolicy (PROCESS_DEP_ENABLE)) + log_info ("Warning: Enabling DEP failed: %s (%d,%d)\n", + w32_strerror (GetLastError ()), (int)flags, (int)perm); + } + /* On Windows we use our own parser for the command line * so that we can return an array of utf-8 encoded strings. */ prepare_w32_commandline (argcp, argvp); #else diff --git a/common/iobuf.c b/common/iobuf.c index 86bb29641..62cde27f9 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -1,7 +1,7 @@ /* iobuf.c - File Handling for OpenPGP. * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2006, 2007, 2008, * 2009, 2010, 2011 Free Software Foundation, Inc. - * Copyright (C) 2015 g10 Code GmbH + * Copyright (C) 2015, 2023 g10 Code GmbH * * This file is part of GnuPG. * @@ -27,6 +27,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, see . + * SPDX-License-Identifier: (LGPL-3.0-or-later OR GPL-2.0-or-later) */ #include @@ -35,7 +36,6 @@ #include #include #include -#include #include #include #include @@ -95,6 +95,9 @@ typedef struct int eof_seen; int delayed_rc; int print_only_name; /* Flags indicating that fname is not a real file. */ + char peeked[32]; /* Read ahead buffer. */ + byte npeeked; /* Number of bytes valid in peeked. */ + byte upeeked; /* Number of bytes used from peeked. */ char fname[1]; /* Name of the file. */ } file_filter_ctx_t; @@ -207,7 +210,7 @@ fd_cache_invalidate (const char *fname) close_cache_t cc; int rc = 0; - assert (fname); + log_assert (fname); if (DBG_IOBUF) log_debug ("fd_cache_invalidate (%s)\n", fname); @@ -370,7 +373,7 @@ fd_cache_close (const char *fname, gnupg_fd_t fp) { close_cache_t cc; - assert (fp); + log_assert (fp); if (!fname || !*fname) { #ifdef HAVE_W32_SYSTEM @@ -411,7 +414,7 @@ fd_cache_open (const char *fname, const char *mode) { close_cache_t cc; - assert (fname); + log_assert (fname); for (cc = close_cache; cc; cc = cc->next) { if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname)) @@ -458,7 +461,16 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf, if (control == IOBUFCTRL_UNDERFLOW) { log_assert (size); /* We need a buffer. */ - if (a->eof_seen) + if (a->npeeked > a->upeeked) + { + nbytes = a->npeeked - a->upeeked; + if (nbytes > size) + nbytes = size; + memcpy (buf, a->peeked + a->upeeked, nbytes); + a->upeeked += nbytes; + *ret_len = nbytes; + } + else if (a->eof_seen) { rc = -1; *ret_len = 0; @@ -596,6 +608,73 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf, a->delayed_rc = 0; a->keep_open = 0; a->no_cache = 0; + a->npeeked = 0; + a->upeeked = 0; + } + else if (control == IOBUFCTRL_PEEK) + { + /* Peek on the input. */ +#ifdef HAVE_W32_SYSTEM + unsigned long nread; + + nbytes = 0; + if (!ReadFile (f, a->peeked, sizeof a->peeked, &nread, NULL)) + { + int ec = (int) GetLastError (); + if (ec != ERROR_BROKEN_PIPE) + { + rc = gpg_error_from_errno (ec); + log_error ("%s: read error: ec=%d\n", a->fname, ec); + } + a->npeeked = 0; + } + else if (!nread) + { + a->eof_seen = 1; + a->npeeked = 0; + } + else + { + a->npeeked = nread; + } + +#else /* Unix */ + + int n; + + peek_more: + do + { + n = read (f, a->peeked + a->npeeked, sizeof a->peeked - a->npeeked); + } + while (n == -1 && errno == EINTR); + if (n > 0) + { + a->npeeked += n; + if (a->npeeked < sizeof a->peeked) + goto peek_more; + } + else if (!n) /* eof */ + { + if (a->npeeked) + a->delayed_rc = -1; + else + a->eof_seen = 1; + } + else /* error */ + { + rc = gpg_error_from_syserror (); + if (gpg_err_code (rc) != GPG_ERR_EPIPE) + log_error ("%s: read error: %s\n", a->fname, gpg_strerror (rc)); + if (a->npeeked) + a->delayed_rc = rc; + } +#endif /* Unix */ + + size = a->npeeked < size? a->npeeked : size; + memcpy (buf, a->peeked, size); + *ret_len = size; + rc = 0; /* Return success - the user needs to check ret_len. */ } else if (control == IOBUFCTRL_DESC) { @@ -632,7 +711,7 @@ file_es_filter (void *opaque, int control, iobuf_t chain, byte * buf, if (control == IOBUFCTRL_UNDERFLOW) { - assert (size); /* We need a buffer. */ + log_assert (size); /* We need a buffer. */ if (a->eof_seen) { rc = -1; @@ -751,7 +830,7 @@ sock_filter (void *opaque, int control, iobuf_t chain, byte * buf, if (control == IOBUFCTRL_UNDERFLOW) { - assert (size); /* need a buffer */ + log_assert (size); /* need a buffer */ if (a->eof_seen) { rc = -1; @@ -846,7 +925,7 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer, size_t n = 0; p = buf; - assert (size); /* need a buffer */ + log_assert (size); /* need a buffer */ if (a->eof) /* don't read any further */ rc = -1; while (!rc && size) @@ -974,7 +1053,7 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer, { /* the complicated openpgp scheme */ size_t blen, n, nbytes = size + a->buflen; - assert (a->buflen <= OP_MIN_PARTIAL_CHUNK); + log_assert (a->buflen <= OP_MIN_PARTIAL_CHUNK); if (nbytes < OP_MIN_PARTIAL_CHUNK) { /* not enough to write a partial block out; so we store it */ @@ -998,12 +1077,12 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer, blen /= 2; c--; /* write the partial length header */ - assert (c <= 0x1f); /*;-) */ + log_assert (c <= 0x1f); /*;-) */ c |= 0xe0; iobuf_put (chain, c); if ((n = a->buflen)) { /* write stuff from the buffer */ - assert (n == OP_MIN_PARTIAL_CHUNK); + log_assert (n == OP_MIN_PARTIAL_CHUNK); if (iobuf_write (chain, a->buffer, n)) rc = gpg_error_from_syserror (); a->buflen = 0; @@ -1020,8 +1099,8 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer, /* store the rest in the buffer */ if (!rc && nbytes) { - assert (!a->buflen); - assert (nbytes < OP_MIN_PARTIAL_CHUNK); + log_assert (!a->buflen); + log_assert (nbytes < OP_MIN_PARTIAL_CHUNK); if (!a->buffer) a->buffer = xmalloc (OP_MIN_PARTIAL_CHUNK); memcpy (a->buffer, p, nbytes); @@ -1183,8 +1262,8 @@ iobuf_alloc (int use, size_t bufsize) iobuf_t a; static int number = 0; - assert (use == IOBUF_INPUT || use == IOBUF_INPUT_TEMP - || use == IOBUF_OUTPUT || use == IOBUF_OUTPUT_TEMP); + log_assert (use == IOBUF_INPUT || use == IOBUF_INPUT_TEMP + || use == IOBUF_OUTPUT || use == IOBUF_OUTPUT_TEMP); if (bufsize == 0) { log_bug ("iobuf_alloc() passed a bufsize of 0!\n"); @@ -1304,7 +1383,7 @@ iobuf_temp_with_content (const char *buffer, size_t length) int i; a = iobuf_alloc (IOBUF_INPUT_TEMP, length); - assert (length == a->d.size); + log_assert (length == a->d.size); /* memcpy (a->d.buf, buffer, length); */ for (i=0; i < length; i++) a->d.buf[i] = buffer[i]; @@ -1335,7 +1414,7 @@ do_open (const char *fname, int special_filenames, int fd; byte desc[MAX_IOBUF_DESC]; - assert (use == IOBUF_INPUT || use == IOBUF_OUTPUT); + log_assert (use == IOBUF_INPUT || use == IOBUF_OUTPUT); if (special_filenames /* NULL or '-'. */ @@ -1576,6 +1655,25 @@ iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval) return fd_cache_synchronize (ptrval); } } + else if (cmd == IOBUF_IOCTL_PEEK) + { + /* Peek at a justed opened file. Use this only directly after a + * file has been opened for reading. Don't use it after you did + * a seek. This works only if just file filter has been + * pushed. Expects a buffer wit size INTVAL at PTRVAL and returns + * the number of bytes put into the buffer. */ + if (DBG_IOBUF) + log_debug ("iobuf-%d.%d: ioctl '%s' peek\n", + a ? a->no : -1, a ? a->subno : -1, iobuf_desc (a, desc)); + if (a->filter == file_filter && ptrval && intval) + { + file_filter_ctx_t *fcx = a->filter_ov; + size_t len = intval; + + if (!file_filter (fcx, IOBUFCTRL_PEEK, NULL, ptrval, &len)) + return (int)len; + } + } return -1; @@ -1755,13 +1853,13 @@ iobuf_pop_filter (iobuf_t a, int (*f) (void *opaque, int control, if (a->use == IOBUF_INPUT_TEMP || a->use == IOBUF_OUTPUT_TEMP) { /* This should be the last filter in the pipeline. */ - assert (! a->chain); + log_assert (! a->chain); return 0; } if (!a->filter) { /* this is simple */ b = a->chain; - assert (b); + log_assert (b); xfree (a->d.buf); xfree (a->real_fname); memcpy (a, b, sizeof *a); @@ -1856,14 +1954,14 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) buffer. */ return -1; - assert (a->use == IOBUF_INPUT); + log_assert (a->use == IOBUF_INPUT); a->e_d.used = 0; /* If there is still some buffered data, then move it to the start of the buffer and try to fill the end of the buffer. (This is useful if we are called from iobuf_peek().) */ - assert (a->d.start <= a->d.len); + log_assert (a->d.start <= a->d.len); a->d.len -= a->d.start; if (a->d.len) memmove (a->d.buf, &a->d.buf[a->d.start], a->d.len); @@ -2027,7 +2125,7 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) } } - assert (a->d.start <= a->d.len); + log_assert (a->d.start <= a->d.len); if (a->e_d.used > 0) return 0; if (a->d.start < a->d.len) @@ -2107,7 +2205,7 @@ iobuf_readbyte (iobuf_t a) return -1; } - assert (a->d.start <= a->d.len); + log_assert (a->d.start <= a->d.len); if (a->nlimit && a->nbytes >= a->nlimit) return -1; /* forced EOF */ @@ -2119,7 +2217,7 @@ iobuf_readbyte (iobuf_t a) else if ((c = underflow (a, 1)) == -1) return -1; /* EOF */ - assert (a->d.start <= a->d.len); + log_assert (a->d.start <= a->d.len); /* Note: if underflow doesn't return EOF, then it returns the first byte that was read and advances a->d.start appropriately. */ @@ -2244,8 +2342,8 @@ iobuf_peek (iobuf_t a, byte * buf, unsigned buflen) { int n = 0; - assert (buflen > 0); - assert (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP); + log_assert (buflen > 0); + log_assert (a->use == IOBUF_INPUT || a->use == IOBUF_INPUT_TEMP); if (buflen > a->d.size) /* We can't peek more than we can buffer. */ @@ -2261,7 +2359,7 @@ iobuf_peek (iobuf_t a, byte * buf, unsigned buflen) /* Underflow consumes the first character (it's the return value). unget() it by resetting the "file position". */ - assert (a->d.start == 1); + log_assert (a->d.start == 1); a->d.start = 0; } @@ -2296,7 +2394,7 @@ iobuf_writebyte (iobuf_t a, unsigned int c) if ((rc=filter_flush (a))) return rc; - assert (a->d.len < a->d.size); + log_assert (a->d.len < a->d.size); a->d.buf[a->d.len++] = c; return 0; } @@ -2397,8 +2495,8 @@ iobuf_writestr (iobuf_t a, const char *buf) int iobuf_write_temp (iobuf_t dest, iobuf_t source) { - assert (source->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP); - assert (dest->use == IOBUF_OUTPUT || dest->use == IOBUF_OUTPUT_TEMP); + log_assert (source->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP); + log_assert (dest->use == IOBUF_OUTPUT || dest->use == IOBUF_OUTPUT_TEMP); iobuf_flush_temp (source); return iobuf_write (dest, source->d.buf, source->d.len); @@ -2782,7 +2880,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer, NUL character in the buffer. This requires at least 2 bytes. We don't complicate the code by handling the stupid corner case, but simply assert that it can't happen. */ - assert (!buffer || length >= 2 || maxlen >= 2); + log_assert (!buffer || length >= 2 || maxlen >= 2); if (!buffer || length <= 1) /* must allocate a new buffer */ @@ -2853,7 +2951,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer, /* p is pointing at the last byte in the buffer. We always terminate the line with "\n\0" so overwrite the previous byte with a \n. */ - assert (p > buffer); + log_assert (p > buffer); p[-1] = '\n'; /* Indicate truncation. */ diff --git a/common/iobuf.h b/common/iobuf.h index f527fbf16..c132c2f3c 100644 --- a/common/iobuf.h +++ b/common/iobuf.h @@ -106,6 +106,7 @@ enum IOBUFCTRL_FLUSH = 4, IOBUFCTRL_DESC = 5, IOBUFCTRL_CANCEL = 6, + IOBUFCTRL_PEEK = 7, IOBUFCTRL_USER = 16 }; @@ -116,7 +117,8 @@ typedef enum IOBUF_IOCTL_KEEP_OPEN = 1, /* Uses intval. */ IOBUF_IOCTL_INVALIDATE_CACHE = 2, /* Uses ptrval. */ IOBUF_IOCTL_NO_CACHE = 3, /* Uses intval. */ - IOBUF_IOCTL_FSYNC = 4 /* Uses ptrval. */ + IOBUF_IOCTL_FSYNC = 4, /* Uses ptrval. */ + IOBUF_IOCTL_PEEK = 5 /* Uses intval and ptrval. */ } iobuf_ioctl_t; enum iobuf_use diff --git a/common/mapstrings.c b/common/mapstrings.c index 172e198ea..9efe95c0d 100644 --- a/common/mapstrings.c +++ b/common/mapstrings.c @@ -154,6 +154,14 @@ map_static_macro_string (const char *string) membuf_t mb; char *p; + /* We use a hack if we don't use the fixed gpgrt 1.47 + * (commit 885a287a57cf060b4c5b441822c09d23b8dee2bd) */ +#if GPGRT_VERSION_NUMBER < 0x012f00 + if (string && !strncmp (string, "Project-Id-Version:", 19) + && strstr (string, "PO-Revision-Date:")) + return ""; +#endif + if ((s = already_mapped (string))) return s; s = string; diff --git a/common/miscellaneous.c b/common/miscellaneous.c index df6b68784..f19cc539d 100644 --- a/common/miscellaneous.c +++ b/common/miscellaneous.c @@ -418,7 +418,7 @@ decode_c_string (const char *src) /* Check whether (BUF,LEN) is valid header for an OpenPGP compressed * packet. LEN should be at least 6. */ static int -is_openpgp_compressed_packet (unsigned char *buf, size_t len) +is_openpgp_compressed_packet (const unsigned char *buf, size_t len) { int c, ctb, pkttype; int lenbytes; @@ -460,63 +460,64 @@ is_openpgp_compressed_packet (unsigned char *buf, size_t len) /* - * Check if the file is compressed. + * Check if the file is compressed. You need to pass the first bytes + * of the file as (BUF,BUFLEN). Returns true if the buffer seems to + * be compressed. */ int -is_file_compressed (const char *s, int *ret_rc) +is_file_compressed (const byte *buf, unsigned int buflen) { - iobuf_t a; - byte buf[6]; - int i; - int rc = 0; - int overflow; + int i; - struct magic_compress_s { - size_t len; - byte magic[4]; - } magic[] = { - { 3, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */ - { 3, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */ - { 4, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */ - }; + struct magic_compress_s + { + byte len; + byte extchk; + byte magic[5]; + } magic[] = + { + { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */ + { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */ + { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */ + { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */ + { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */ + { 5, 2, { 0x89, 'P','N','G', 0x0d} } /* Likely PNG */ + }; - if ( iobuf_is_pipe_filename (s) || !ret_rc ) - return 0; /* We can't check stdin or no file was given */ - - a = iobuf_open( s ); - if ( a == NULL ) { - *ret_rc = gpg_error_from_syserror (); - return 0; - } - iobuf_ioctl (a, IOBUF_IOCTL_NO_CACHE, 1, NULL); - - if ( iobuf_get_filelength( a, &overflow ) < 6 && !overflow) { - *ret_rc = 0; - goto leave; + if ( buflen < 6 ) + { + return 0; /* Too short to check - assume uncompressed. */ } - if ( iobuf_read( a, buf, 6 ) == -1 ) { - *ret_rc = a->error; - goto leave; - } - - for ( i = 0; i < DIM( magic ); i++ ) { - if ( !memcmp( buf, magic[i].magic, magic[i].len ) ) { - *ret_rc = 0; - rc = 1; - goto leave; + for ( i = 0; i < DIM (magic); i++ ) + { + if (!memcmp( buf, magic[i].magic, magic[i].len)) + { + switch (magic[i].extchk) + { + case 0: + return 1; /* Is compressed. */ + case 1: + if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5)) + return 1; /* JFIF: this likely a compressed JPEG. */ + break; + case 2: + if (buflen > 8 + && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a) + return 1; /* This is a PNG. */ + break; + default: + break; + } } } - if (is_openpgp_compressed_packet (buf, 6)) - { - *ret_rc = 0; - rc = 1; - } + if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen)) + { + return 1; /* Already compressed. */ + } - leave: - iobuf_close( a ); - return rc; + return 0; /* Not detected as compressed. */ } diff --git a/common/util.h b/common/util.h index 6978ab896..d80e4fb25 100644 --- a/common/util.h +++ b/common/util.h @@ -359,7 +359,7 @@ char *try_make_printable_string (const void *p, size_t n, int delim); char *make_printable_string (const void *p, size_t n, int delim); char *decode_c_string (const char *src); -int is_file_compressed (const char *s, int *ret_rc); +int is_file_compressed (const byte *buf, unsigned int buflen); int match_multistr (const char *multistr,const char *match); diff --git a/common/w32info-rc.h.in b/common/w32info-rc.h.in index 94f13b054..1e76b58a9 100644 --- a/common/w32info-rc.h.in +++ b/common/w32info-rc.h.in @@ -29,4 +29,4 @@ built on @BUILD_HOSTNAME@ at @BUILD_TIMESTAMP@\0" #define W32INFO_PRODUCTVERSION "@VERSION@\0" #define W32INFO_LEGALCOPYRIGHT "Copyright \xa9 \ -2021 g10 Code GmbH\0" +2023 g10 Code GmbH\0" diff --git a/configure.ac b/configure.ac index cef00fe84..c31ae026a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # configure.ac - for GnuPG 2.1 # Copyright (C) 1998-2019 Werner Koch # Copyright (C) 1998-2021 Free Software Foundation, Inc. -# Copyright (C) 2003-2021 g10 Code GmbH +# Copyright (C) 2003-2023 g10 Code GmbH # # This file is part of GnuPG. # @@ -28,8 +28,8 @@ min_automake_version="1.16.3" # another commit and push so that the git magic is able to work. m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) -m4_define([mym4_minor], [3]) -m4_define([mym4_micro], [9]) +m4_define([mym4_minor], [4]) +m4_define([mym4_micro], [1]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release @@ -52,6 +52,7 @@ AC_INIT([mym4_package],[mym4_version],[https://bugs.gnupg.org]) # When changing the SWDB tag please also adjust the hard coded tags in # build-aux/speedo.mk, build-aux/getswdb.sh, and Makefile.am +# As well as the source info for the man pages. AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg24", [swdb tag for this branch]) NEED_GPGRT_VERSION=1.46 @@ -63,7 +64,7 @@ NEED_LIBASSUAN_API=2 NEED_LIBASSUAN_VERSION=2.5.0 NEED_KSBA_API=1 -NEED_KSBA_VERSION=1.3.4 +NEED_KSBA_VERSION=1.6.3 NEED_NTBTLS_API=1 NEED_NTBTLS_VERSION=0.1.0 @@ -524,21 +525,7 @@ AH_BOTTOM([ #define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d" #define GNUPG_CACHE_DIR "cache.d" -/* GnuPG has always been a part of the GNU project and thus we have - * shown the FSF as holder of the copyright. We continue to do so for - * the reason that without the FSF the free software used all over the - * world would not have come into existence. However, under Windows - * we print a different copyright string with --version because the - * copyright assignments of g10 Code and Werner Koch were terminated - * many years ago, g10 Code is still the major contributor to the - * code, and Windows is not an FSF endorsed platform. Note that the - * actual list of copyright holders can be found in the AUTHORS file. */ -#ifdef HAVE_W32_SYSTEM -#define GNUPG_DEF_COPYRIGHT_LINE "Copyright (C) 2021 g10 Code GmbH" -#else -#define GNUPG_DEF_COPYRIGHT_LINE \ - "Copyright (C) 2021 Free Software Foundation, Inc." -#endif +#define GNUPG_DEF_COPYRIGHT_LINE "Copyright (C) 2023 g10 Code GmbH" /* For some systems (DOS currently), we hardcode the path here. For POSIX systems the values are constructed by the Makefiles, so that @@ -691,7 +678,6 @@ try_gettext=yes require_iconv=yes have_dosish_system=no have_w32_system=no -have_w32ce_system=no have_android_system=no use_simple_gettext=no mmap_needed=yes @@ -710,15 +696,7 @@ case "${host}" in have_w32_system=yes require_iconv=no require_pipe_to_unblock_pselect=no - case "${host}" in - *-mingw32ce*) - have_w32ce_system=yes - ;; - *) - AC_DEFINE(HAVE_DRIVE_LETTERS,1, - [Defined if the OS supports drive letters.]) - ;; - esac + AC_DEFINE(HAVE_DRIVE_LETTERS,1, [Defined if the OS supports drive letters.]) try_gettext="no" use_simple_gettext=yes mmap_needed=no @@ -803,13 +781,9 @@ AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes) if test "$have_w32_system" = yes; then AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system]) - if test "$have_w32ce_system" = yes; then - AC_DEFINE(HAVE_W32CE_SYSTEM,1,[Defined if we run on WindowsCE]) - fi AC_CHECK_HEADERS([winsock2.h]) fi AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) -AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes) if test "$have_android_system" = yes; then AC_DEFINE(HAVE_ANDROID_SYSTEM,1, [Defined if we build for an Android system]) @@ -1273,9 +1247,6 @@ AC_DEFINE_UNQUOTED(NAME_OF_SENDMAIL,"$SENDMAIL", # Construct a printable name of the OS # case "${host}" in - *-mingw32ce*) - PRINTABLE_OS_NAME="W32CE" - ;; *-mingw32*) PRINTABLE_OS_NAME="MingW32" ;; @@ -1575,11 +1546,7 @@ GNUPG_CHECK_GNUMAKE # requiring any network stuff but linking to code in libcommon which # tracks in winsock stuff (e.g. init_common_subsystems). if test "$have_w32_system" = yes; then - if test "$have_w32ce_system" = yes; then - W32SOCKLIBS="-lws2" - else - W32SOCKLIBS="-lws2_32" - fi + W32SOCKLIBS="-lws2_32" NETLIBS="${NETLIBS} ${W32SOCKLIBS}" fi @@ -2064,16 +2031,6 @@ if test "$have_ksba" = "no"; then *** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required). ***]]) fi -if test "$gnupg_have_ldap" = yes; then - if test "$have_w32ce_system" = yes; then - AC_MSG_NOTICE([[ -*** Note that CeGCC might be broken, a package fixing this is: -*** http://files.kolab.org/local/windows-ce/ -*** source/wldap32_0.1-mingw32ce.orig.tar.gz -*** binary/wldap32-ce-arm-dev_0.1-1_all.deb -***]]) - fi -fi if test "$have_npth" = "no"; then die=yes AC_MSG_NOTICE([[ diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 35fb1cf33..1c8065dbb 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -93,7 +93,7 @@ dirmngr_LDADD = $(libcommonpth) \ if USE_LDAP dirmngr_LDADD += $(ldaplibs) $(LBER_LIBS) endif -dirmngr_LDFLAGS = $(extra_bin_ldflags) +dirmngr_LDFLAGS = if USE_LDAP dirmngr_ldap_SOURCES = dirmngr_ldap.c ldap-misc.c ldap-misc.h $(ldap_url) @@ -108,7 +108,7 @@ dirmngr_client_SOURCES = dirmngr-client.c dirmngr_client_LDADD = $(libcommon) \ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBGCRYPT_LIBS) $(NETLIBS) $(LIBINTL) $(LIBICONV) -dirmngr_client_LDFLAGS = $(extra_bin_ldflags) +dirmngr_client_LDFLAGS = t_common_src = t-support.h t-support.c diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 977e7dd04..cbc693bd8 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -886,7 +886,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread) /* This function is called after option parsing to adjust some values * and call option setup functions. */ static void -post_option_parsing (void) +post_option_parsing (enum cmd_and_opt_values cmd) { /* It would be too surpirsing if the quick timeout is larger than * the standard value. */ @@ -894,6 +894,18 @@ post_option_parsing (void) opt.connect_quick_timeout = opt.connect_timeout; set_debug (); + /* For certain commands we do not want to set/test for Tor mode + * because that is somewhat expensive. */ + switch (cmd) + { + case aGPGConfList: + case aGPGConfTest: + case aGPGConfVersions: + break; + default: + set_tor_mode (); + break; + } } @@ -1214,12 +1226,7 @@ main (int argc, char **argv) log_printf ("\n"); } - /* Note that we do not run set_tor_mode in --gpgconf-list mode - * because it will attempt to connect to the tor client and that can - * be time consuming. */ - post_option_parsing (); - if (cmd != aGPGConfTest && cmd != aGPGConfList && cmd != aGPGConfVersions) - set_tor_mode (); + post_option_parsing (cmd); /* Get LDAP server list from file unless --ldapserver has been used. */ #if USE_LDAP @@ -1965,7 +1972,7 @@ reread_configuration (void) } gpgrt_argparse (NULL, &pargs, NULL); /* Release internal state. */ xfree (twopart); - post_option_parsing (); + post_option_parsing (0); finish: /* Get a default log file from common.conf. */ diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c index 7267d623e..483b6f32d 100644 --- a/dirmngr/ocsp.c +++ b/dirmngr/ocsp.c @@ -650,10 +650,13 @@ check_signature (ctrl_t ctrl, /* Check whether the certificate either given by fingerprint CERT_FPR or directly through the CERT object is valid by running an OCSP transaction. With FORCE_DEFAULT_RESPONDER set only the configured - default responder is used. */ + default responder is used. If R_REVOKED_AT or R_REASON are not + NULL and the certificat has been revoked the revocation time and + the reasons are stored there. */ gpg_error_t ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, - int force_default_responder) + int force_default_responder, ksba_isotime_t r_revoked_at, + const char **r_reason) { gpg_error_t err; ksba_ocsp_t ocsp = NULL; @@ -672,6 +675,12 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, char *oid; ksba_name_t name; fingerprint_list_t default_signer = NULL; + const char *sreason; + + if (r_revoked_at) + *r_revoked_at = 0; + if (r_reason) + *r_reason = NULL; /* Get the certificate. */ if (cert) @@ -842,8 +851,36 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, more important message than the failure of our cache. */ } - } + switch (reason) + { + case KSBA_CRLREASON_UNSPECIFIED: + sreason = "unspecified"; break; + case KSBA_CRLREASON_KEY_COMPROMISE: + sreason = "key compromise"; break; + case KSBA_CRLREASON_CA_COMPROMISE: + sreason = "CA compromise"; break; + case KSBA_CRLREASON_AFFILIATION_CHANGED: + sreason = "affiliation changed"; break; + case KSBA_CRLREASON_SUPERSEDED: + sreason = "superseded"; break; + case KSBA_CRLREASON_CESSATION_OF_OPERATION: + sreason = "cessation of operation"; break; + case KSBA_CRLREASON_CERTIFICATE_HOLD: + sreason = "certificate on hold"; break; + case KSBA_CRLREASON_REMOVE_FROM_CRL: + sreason = "removed from CRL"; break; + case KSBA_CRLREASON_PRIVILEGE_WITHDRAWN: + sreason = "privilege withdrawn"; break; + case KSBA_CRLREASON_AA_COMPROMISE: + sreason = "AA compromise"; break; + case KSBA_CRLREASON_OTHER: + sreason = "other"; break; + default: sreason = "?"; break; + } + } + else + sreason = ""; if (opt.verbose) { @@ -855,29 +892,19 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, this_update, next_update); if (status == KSBA_STATUS_REVOKED) log_info (_("certificate has been revoked at: %s due to: %s\n"), - revocation_time, - reason == KSBA_CRLREASON_UNSPECIFIED? "unspecified": - reason == KSBA_CRLREASON_KEY_COMPROMISE? "key compromise": - reason == KSBA_CRLREASON_CA_COMPROMISE? "CA compromise": - reason == KSBA_CRLREASON_AFFILIATION_CHANGED? - "affiliation changed": - reason == KSBA_CRLREASON_SUPERSEDED? "superseded": - reason == KSBA_CRLREASON_CESSATION_OF_OPERATION? - "cessation of operation": - reason == KSBA_CRLREASON_CERTIFICATE_HOLD? - "certificate on hold": - reason == KSBA_CRLREASON_REMOVE_FROM_CRL? - "removed from CRL": - reason == KSBA_CRLREASON_PRIVILEGE_WITHDRAWN? - "privilege withdrawn": - reason == KSBA_CRLREASON_AA_COMPROMISE? "AA compromise": - reason == KSBA_CRLREASON_OTHER? "other":"?"); + revocation_time, sreason); } if (status == KSBA_STATUS_REVOKED) - err = gpg_error (GPG_ERR_CERT_REVOKED); + { + err = gpg_error (GPG_ERR_CERT_REVOKED); + if (r_revoked_at) + gnupg_copy_time (r_revoked_at, revocation_time); + if (r_reason) + *r_reason = sreason; + } else if (status == KSBA_STATUS_UNKNOWN) err = gpg_error (GPG_ERR_NO_DATA); else if (status != KSBA_STATUS_GOOD) diff --git a/dirmngr/ocsp.h b/dirmngr/ocsp.h index cfab7dd6f..b3deeac93 100644 --- a/dirmngr/ocsp.h +++ b/dirmngr/ocsp.h @@ -23,7 +23,9 @@ #define OCSP_H gpg_error_t ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, - int force_default_responder); + int force_default_responder, + gnupg_isotime_t r_revoked_at, + const char **r_reason); /* Release the list of OCSP certificates hold in the CTRL object. */ void release_ctrl_ocsp_certs (ctrl_t ctrl); diff --git a/dirmngr/server.c b/dirmngr/server.c index 98f354300..fba2233d4 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -1310,6 +1310,9 @@ cmd_isvalid (assuan_context_t ctx, char *line) again: if (ocsp_mode) { + gnupg_isotime_t revoked_at; + const char *reason; + /* Note, that we currently ignore the supplied fingerprint FPR; * instead ocsp_isvalid does an inquire to ask for the cert. * The fingerprint may eventually be used to lookup the @@ -1317,7 +1320,12 @@ cmd_isvalid (assuan_context_t ctx, char *line) if (!opt.allow_ocsp) err = gpg_error (GPG_ERR_NOT_SUPPORTED); else - err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder); + err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder, + revoked_at, &reason); + + if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED) + dirmngr_status_printf (ctrl, "REVOCATIONINFO", "%s %s", + revoked_at, reason); if (gpg_err_code (err) == GPG_ERR_CONFIGURATION && gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR) @@ -1512,6 +1520,8 @@ cmd_checkocsp (assuan_context_t ctx, char *line) unsigned char fprbuffer[20], *fpr; ksba_cert_t cert; int force_default_responder; + gnupg_isotime_t revoked_at; + const char *reason; force_default_responder = has_option (line, "--force-default-responder"); line = skip_options (line); @@ -1547,12 +1557,18 @@ cmd_checkocsp (assuan_context_t ctx, char *line) goto leave; } - assert (cert); + log_assert (cert); if (!opt.allow_ocsp) err = gpg_error (GPG_ERR_NOT_SUPPORTED); else - err = ocsp_isvalid (ctrl, cert, NULL, force_default_responder); + err = ocsp_isvalid (ctrl, cert, NULL, force_default_responder, + revoked_at, &reason); + + if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED) + dirmngr_status_printf (ctrl, "REVOCATIONINFO", "%s %s", + revoked_at, reason); + leave: ksba_cert_release (cert); diff --git a/doc/Makefile.am b/doc/Makefile.am index 2d45f378e..390153c76 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -22,18 +22,9 @@ AM_CPPFLAGS = include $(top_srcdir)/am/cmacros.am examples = examples/README examples/scd-event examples/trustlist.txt \ - examples/VS-NfD.prf examples/Automatic.prf \ - examples/debug.prf examples/qualified.txt \ + examples/qualified.txt \ examples/common.conf \ examples/gpgconf.rnames examples/gpgconf.conf \ - examples/systemd-user/README \ - examples/systemd-user/dirmngr.service \ - examples/systemd-user/dirmngr.socket \ - examples/systemd-user/gpg-agent.service \ - examples/systemd-user/gpg-agent.socket \ - examples/systemd-user/gpg-agent-ssh.socket \ - examples/systemd-user/gpg-agent-browser.socket \ - examples/systemd-user/gpg-agent-extra.socket \ examples/pwpattern.list helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ @@ -44,8 +35,6 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \ help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt -profiles = - EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \ gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \ gnupg-module-overview.png gnupg-module-overview.pdf \ @@ -61,7 +50,7 @@ BUILT_SOURCES = gnupg-module-overview.png gnupg-module-overview.pdf \ info_TEXINFOS = gnupg.texi -dist_pkgdata_DATA = $(helpfiles) $(profiles) +dist_pkgdata_DATA = $(helpfiles) nobase_dist_doc_DATA = FAQ DETAILS HACKING DCO TRANSLATE OpenPGP KEYSERVER \ $(examples) @@ -85,7 +74,7 @@ DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips AM_MAKEINFOFLAGS = -I $(srcdir) --css-ref=/share/site.css YAT2M_OPTIONS = -I $(srcdir) \ - --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard 2.3" + --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard 2.4" myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \ dirmngr.texi scdaemon.texi tools.texi wks.texi \ diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index aaa30ec50..8e0979c3e 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -311,16 +311,16 @@ Use @var{name} as your keyserver. This is the server that @command{gpg} communicates with to receive keys, send keys, and search for keys. The format of the @var{name} is a URI: `scheme:[//]keyservername[:port]' The scheme is the type of keyserver: -"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP -keyservers, or "mailto" for the Graff email keyserver. Note that your -particular installation of GnuPG may have other keyserver types -available as well. Keyserver schemes are case-insensitive. After the -keyserver name, optional keyserver configuration options may be -provided. These are the same as the @option{--keyserver-options} of -@command{gpg}, but apply only to this particular keyserver. +"hkp" for the HTTP (or compatible) keyservers or "ldap" for the LDAP +keyservers. Note that your particular installation of GnuPG may have +other keyserver types available as well. Keyserver schemes are +case-insensitive. After the keyserver name, optional keyserver +configuration options may be provided. These are the same as the +@option{--keyserver-options} of @command{gpg}, but apply only to this +particular keyserver. -Most keyservers synchronize with each other, so there is generally no -need to send keys to more than one server. Somes keyservers use round +Some keyservers synchronize with each other, so there is not always a +need to send keys to more than one server. Some keyservers use round robin DNS to give a different keyserver each time you use it. If exactly two keyservers are configured and only one is a Tor hidden @@ -751,7 +751,7 @@ allow-ocsp To make sure that new options are read or that after the installation of a new GnuPG versions the right dirmngr version is running, you should kill an existing dirmngr so that a new instance is started as -needed by the otehr components: +needed by the other components: @example gpgconf --kill dirmngr diff --git a/doc/examples/README b/doc/examples/README index 67508c471..cd341ab57 100644 --- a/doc/examples/README +++ b/doc/examples/README @@ -8,8 +8,6 @@ trustlist.txt A list of trustworthy root certificates gpgconf.conf A sample configuration file for gpgconf. -systemd-user Sample files for a Linux-only init system. - qualified.txt Sample file for qualified.txt. common.conf Sample file for common options. diff --git a/doc/examples/VS-NfD.prf b/doc/examples/VS-NfD.prf deleted file mode 100644 index edb9e018e..000000000 --- a/doc/examples/VS-NfD.prf +++ /dev/null @@ -1,24 +0,0 @@ -# VS-NfD.prf - Configure options for the VS-NfD mode -*- conf -*- -# -# The options for each tool are configured in a section ("[TOOL]"); -# see the respective man page for a description of these options and -# the gpgconf manpage for a description of this file's syntax. - -[gpg] -compliance de-vs - -[gpgsm] -compliance de-vs -enable-crl-checks - -[gpg-agent] -default-cache-ttl 900 -max-cache-ttl 3600 -no-allow-mark-trusted -no-allow-external-cache -enforce-passphrase-constraints -min-passphrase-len 9 -min-passphrase-nonalpha 0 - -[dirmngr] -allow-ocsp diff --git a/doc/examples/debug.prf b/doc/examples/debug.prf deleted file mode 100644 index f635fc88e..000000000 --- a/doc/examples/debug.prf +++ /dev/null @@ -1,29 +0,0 @@ -# debug.prf - Configure options for easier debugging -*- conf -*- -# -# Note that the actual debug options for each component need to be set -# manually. Running the component with "--debug help" shows a list of -# supported values. To watch the logs this command can be used: -# -# watchgnupg --time-only --force $(gpgconf --list-dirs socketdir)/S.log -# - -[gpg] -log-file socket:// -verbose -#debug ipc - -[gpgsm] -log-file socket:// -verbose -#debug ipc - -[gpg-agent] -log-file socket:// -verbose -#debug ipc -#debug-pinentry - -[dirmngr] -log-file socket:// -verbose -#debug ipc,dns diff --git a/doc/examples/gpgconf.conf b/doc/examples/gpgconf.conf index a61d4d453..314b955b9 100644 --- a/doc/examples/gpgconf.conf +++ b/doc/examples/gpgconf.conf @@ -1,5 +1,9 @@ # gpgconf.conf - configuration for gpgconf #---------------------------------------------------------------------- +# +# === The use of this feature is deprecated === +# == Please use the more powerful global options. == +# # This file is read by gpgconf(1) to setup defaults for all or # specified users and groups. It may be used to change the hardwired # defaults in gpgconf and to enforce certain values for the various diff --git a/doc/examples/systemd-user/README b/doc/examples/systemd-user/README deleted file mode 100644 index 43122f568..000000000 --- a/doc/examples/systemd-user/README +++ /dev/null @@ -1,66 +0,0 @@ -Socket-activated dirmngr and gpg-agent with systemd -=================================================== - -When used on a GNU/Linux system supervised by systemd, you can ensure -that the GnuPG daemons dirmngr and gpg-agent are launched -automatically the first time they're needed, and shut down cleanly at -session logout. This is done by enabling user services via -socket-activation. - -System distributors -------------------- - -The *.service and *.socket files (from this directory) should be -placed in /usr/lib/systemd/user/ alongside other user-session services -and sockets. - -To enable socket-activated dirmngr for all accounts on the system, -use: - - systemctl --user --global enable dirmngr.socket - -To enable socket-activated gpg-agent for all accounts on the system, -use: - - systemctl --user --global enable gpg-agent.socket - -Additionally, you can enable socket-activated gpg-agent ssh-agent -emulation for all accounts on the system with: - - systemctl --user --global enable gpg-agent-ssh.socket - -You can also enable restricted ("--extra-socket"-style) gpg-agent -sockets for all accounts on the system with: - - systemctl --user --global enable gpg-agent-extra.socket - -Individual users ----------------- - -A user on a system with systemd where this has not been installed -system-wide can place these files in ~/.config/systemd/user/ to make -them available. - -If a given service isn't installed system-wide, or if it's installed -system-wide but not globally enabled, individual users will still need -to enable them. For example, to enable socket-activated dirmngr for -all future sessions: - - systemctl --user enable dirmngr.socket - -To enable socket-activated gpg-agent with ssh support, do: - - systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket - -These changes won't take effect until your next login after you've -fully logged out (be sure to terminate any running daemons before -logging out). - -If you'd rather try a socket-activated GnuPG daemon in an -already-running session without logging out (with or without enabling -it for all future sessions), kill any existing daemon and start the -user socket directly. For example, to set up socket-activated dirmgnr -in the current session: - - gpgconf --kill dirmngr - systemctl --user start dirmngr.socket diff --git a/doc/examples/systemd-user/dirmngr.service b/doc/examples/systemd-user/dirmngr.service deleted file mode 100644 index 3c060cde5..000000000 --- a/doc/examples/systemd-user/dirmngr.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=GnuPG network certificate management daemon -Documentation=man:dirmngr(8) -Requires=dirmngr.socket - -[Service] -ExecStart=/usr/bin/dirmngr --supervised -ExecReload=/usr/bin/gpgconf --reload dirmngr diff --git a/doc/examples/systemd-user/dirmngr.socket b/doc/examples/systemd-user/dirmngr.socket deleted file mode 100644 index ebabf896a..000000000 --- a/doc/examples/systemd-user/dirmngr.socket +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=GnuPG network certificate management daemon -Documentation=man:dirmngr(8) - -[Socket] -ListenStream=%t/gnupg/S.dirmngr -SocketMode=0600 -DirectoryMode=0700 - -[Install] -WantedBy=sockets.target diff --git a/doc/examples/systemd-user/gpg-agent-browser.socket b/doc/examples/systemd-user/gpg-agent-browser.socket deleted file mode 100644 index bc8d344e1..000000000 --- a/doc/examples/systemd-user/gpg-agent-browser.socket +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=GnuPG cryptographic agent and passphrase cache (access for web browsers) -Documentation=man:gpg-agent(1) - -[Socket] -ListenStream=%t/gnupg/S.gpg-agent.browser -FileDescriptorName=browser -Service=gpg-agent.service -SocketMode=0600 -DirectoryMode=0700 - -[Install] -WantedBy=sockets.target diff --git a/doc/examples/systemd-user/gpg-agent-extra.socket b/doc/examples/systemd-user/gpg-agent-extra.socket deleted file mode 100644 index 5b87d09df..000000000 --- a/doc/examples/systemd-user/gpg-agent-extra.socket +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=GnuPG cryptographic agent and passphrase cache (restricted) -Documentation=man:gpg-agent(1) - -[Socket] -ListenStream=%t/gnupg/S.gpg-agent.extra -FileDescriptorName=extra -Service=gpg-agent.service -SocketMode=0600 -DirectoryMode=0700 - -[Install] -WantedBy=sockets.target diff --git a/doc/examples/systemd-user/gpg-agent-ssh.socket b/doc/examples/systemd-user/gpg-agent-ssh.socket deleted file mode 100644 index 798c1d967..000000000 --- a/doc/examples/systemd-user/gpg-agent-ssh.socket +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=GnuPG cryptographic agent (ssh-agent emulation) -Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1) - -[Socket] -ListenStream=%t/gnupg/S.gpg-agent.ssh -FileDescriptorName=ssh -Service=gpg-agent.service -SocketMode=0600 -DirectoryMode=0700 - -[Install] -WantedBy=sockets.target diff --git a/doc/examples/systemd-user/gpg-agent.service b/doc/examples/systemd-user/gpg-agent.service deleted file mode 100644 index a050fccdc..000000000 --- a/doc/examples/systemd-user/gpg-agent.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=GnuPG cryptographic agent and passphrase cache -Documentation=man:gpg-agent(1) -Requires=gpg-agent.socket - -[Service] -ExecStart=/usr/bin/gpg-agent --supervised -ExecReload=/usr/bin/gpgconf --reload gpg-agent diff --git a/doc/examples/systemd-user/gpg-agent.socket b/doc/examples/systemd-user/gpg-agent.socket deleted file mode 100644 index 4257c2c80..000000000 --- a/doc/examples/systemd-user/gpg-agent.socket +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=GnuPG cryptographic agent and passphrase cache -Documentation=man:gpg-agent(1) - -[Socket] -ListenStream=%t/gnupg/S.gpg-agent -FileDescriptorName=std -SocketMode=0600 -DirectoryMode=0700 - -[Install] -WantedBy=sockets.target diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 97abbed59..921522d53 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -175,7 +175,7 @@ listening sockets. This option is deprecated and not supported on Windows. If in @file{common.conf} the option @option{no-autostart} is set, any -start attemps will be ignored. +start attempts will be ignored. In --supervised mode, different file descriptors can be provided for use as different socket types (e.g. ssh, extra) as long as they are diff --git a/doc/gpg-card.texi b/doc/gpg-card.texi index c21516791..33cdbd96d 100644 --- a/doc/gpg-card.texi +++ b/doc/gpg-card.texi @@ -153,7 +153,7 @@ Command completion in the interactive mode is also supported. @item AUTHENTICATE [--setkey] [--raw] [< @var{file}]|@var{key}] @itemx AUTH @opindex authenticate -Authenticate to the card. Perform a mutual autentication either by +Authenticate to the card. Perform a mutual authentication either by reading the key from @var{file} or by taking it from the command line as @var{key}. Without the option @option{--raw} the key is expected to be hex encoded. To install a new administration key @@ -242,7 +242,7 @@ a @var{pinref} a menu is presented for certain cards." In non-interactive mode and without a @var{pinref} a default value i used for these cards. The option @option{--reset} is used with TCOS cards to reset the PIN using the PUK or vice versa; the option -@var{--nullpin} is used for these cards to set the intial PIN. +@var{--nullpin} is used for these cards to set the initial PIN. @item PRIVATEDO [--clear] @var{n} [< @var{file}] @opindex privatedo diff --git a/doc/gpg.texi b/doc/gpg.texi index 1a3cb9e25..47aa0a4d0 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -616,7 +616,7 @@ Emit @var{count} random bytes of the given quality level 0, 1 or 2. If @var{count} is not given or zero, an endless sequence of random bytes will be emitted. If used with @option{--armor} the output will be base64 encoded. The special level 16 uses a quality level of 1 and -outpust end endless stream of hex-encoded octets. The special level +outputs an endless stream of hex-encoded octets. The special level 30 outputs random as 30 zBase-32 characters. @item --gen-prime @var{mode} @var{bits} @@ -635,11 +635,11 @@ The @option{--dearmor} command can also be used to dearmor PEM armors. @item --unwrap @opindex unwrap -This command is similar to @option{--decrypt} with the change that the +This command is similar to @option{--decrypt} with the difference that the output is not the usual plaintext but the original message with the -decryption layer removed. Thus the output will be an OpenPGP data +encryption layer removed. Thus the output will be an OpenPGP data structure which often means a signed OpenPGP message. Note that this -command may or may not remove a compression layer which is often found +option may or may not remove a compression layer which is often found beneath the encryption layer. @item --tofu-policy @{auto|good|unknown|bad|ask@} @var{keys} @@ -860,9 +860,10 @@ line. @opindex keyedit:tsign Make a trust signature. This is a signature that combines the notions of certification (like a regular signature), and trust (like the - "trust" command). It is generally only useful in distinct communities - or groups. For more information please read the sections - ``Trust Signature'' and ``Regular Expression'' in RFC-4880. + "trust" command). It is generally useful in distinct communities + or groups to implement the concept of a Trusted Introducer. For + more information please read the sections ``Trust Signature'' and + ``Regular Expression'' in RFC-4880. @end table @c man:.RS @@ -1341,7 +1342,7 @@ Assume "no" on most questions. Should not be used in an option file. @item --list-filter @{select=@var{expr}@} @opindex list-filter A list filter can be used to output only certain keys during key -listsin command. For the availbale property names, see the description +listing commands. For the available property names, see the description of @option{--import-filter}. @@ -1658,6 +1659,16 @@ for the BZIP2 compression algorithm (defaulting to 6 as well). This is a different option from @option{--compress-level} since BZIP2 uses a significant amount of memory for each additional compression level. @option{-z} sets both. A value of 0 for @var{n} disables compression. +A value of -1 forces compression using the default level. + +Except for the @option{--store} command compression is always used +unless @command{gpg} detects that the input is already compressed. To +inhibit the use of compression use @option{-z0}; to force compression +use @option{-z-1} or option @option{z} with another compression level +than the default as indicated by -1. Note that this overriding of the +default deection works only with @option{z} and not with the long +variant of this option. + @item --bzip2-decompress-lowmem @opindex bzip2-decompress-lowmem @@ -1754,7 +1765,8 @@ Set what trust model GnuPG should follow. The models are: @item tofu @opindex trust-model:tofu @anchor{trust-model-tofu} - TOFU stands for Trust On First Use. In this trust model, the first + TOFU stands for Trust On First Use. In this experimental trust + model, the first time a key is seen, it is memorized. If later another key with a user id with the same email address is seen, both keys are marked as suspect. In that case, the next time either is used, a warning is @@ -1803,7 +1815,8 @@ Set what trust model GnuPG should follow. The models are: @item tofu+pgp @opindex trust-model:tofu+pgp - This trust model combines TOFU with the Web of Trust. This is done + This experimental trust model combines TOFU with the Web of Trust. + This is done by computing the trust level for each model and then taking the maximum trust level where the trust levels are ordered as follows: @code{unknown < undefined < marginal < fully < ultimate < expired < @@ -2048,7 +2061,7 @@ are available for all keyserver types, some common options are: The default list of options is: "self-sigs-only, import-clean, repair-keys, repair-pks-subkey-bug, export-attributes". However, if the actual used source is an LDAP server "no-self-sigs-only" is -assumed unless "self-sigs-only" has been explictly configured. +assumed unless "self-sigs-only" has been explicitly configured. @item --completes-needed @var{n} @@ -3546,13 +3559,7 @@ signatures made using SHA-1, those key signatures are considered invalid. This options allows to override this restriction. @item --override-compliance-check -@opindex --override-compliance-check -The signature verification only allows the use of keys suitable in the -current compliance mode. If the compliance mode has been forced by a -global option, there might be no way to check certain signature. This -option allows to override this and prints an extra warning in such a -case. This option is ignored in --batch mode so that no accidental -unattended verification may happen. +This was a temporary introduced option and has no more effect. @item --no-default-keyring @opindex no-default-keyring diff --git a/doc/wks.texi b/doc/wks.texi index a7805a34a..39e345f15 100644 --- a/doc/wks.texi +++ b/doc/wks.texi @@ -189,7 +189,9 @@ fields are (future versions may specify additional fields): @itemx -o @opindex output Write the created mail to @var{file} instead of stdout. Note that the -value @code{-} for @var{file} is the same as writing to stdout. +value @code{-} for @var{file} is the same as writing to stdout. If +this option is used with the @option{--check} command and a key was +found it is written to the given file. @item --status-fd @var{n} @opindex status-fd diff --git a/g10/Makefile.am b/g10/Makefile.am index 3fd38517b..80b5b8919 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -47,9 +47,7 @@ endif # NB: We use noinst_ for gpg and gpgv so that we can install them with # the install-hook target under the name gpg2/gpgv2. noinst_PROGRAMS = gpg -if !HAVE_W32CE_SYSTEM noinst_PROGRAMS += gpgv -endif noinst_PROGRAMS += $(module_tests) if DISABLE_TESTS TESTS = @@ -173,12 +171,12 @@ LDADD = $(needed_libs) ../common/libgpgrl.a \ $(ZLIBS) $(LIBINTL) $(CAPLIBS) gpg_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(resource_objs) $(extra_sys_libs) -gpg_LDFLAGS = $(extra_bin_ldflags) + $(LIBICONV) $(resource_objs) +gpg_LDFLAGS = gpgv_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(resource_objs) $(extra_sys_libs) -gpgv_LDFLAGS = $(extra_bin_ldflags) + $(LIBICONV) $(resource_objs) +gpgv_LDFLAGS = t_common_ldadd = diff --git a/g10/call-keyboxd.c b/g10/call-keyboxd.c index e2fede235..7f4d5f493 100644 --- a/g10/call-keyboxd.c +++ b/g10/call-keyboxd.c @@ -106,7 +106,7 @@ gpg_keyboxd_deinit_session_data (ctrl_t ctrl) err = assuan_transact (kbl->ctx, "TRANSACTION commit", NULL, NULL, NULL, NULL, NULL, NULL); if (err) - log_error ("error commiting last transaction: %s\n", + log_error ("error committing last transaction: %s\n", gpg_strerror (err)); in_transaction = 0; } diff --git a/g10/cipher-aead.c b/g10/cipher-aead.c index 8eea70372..640d8432f 100644 --- a/g10/cipher-aead.c +++ b/g10/cipher-aead.c @@ -295,9 +295,9 @@ do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size) size_t n1 = cfx->chunksize - (cfx->chunklen + cfx->buflen); finalize = 1; if (DBG_FILTER) - log_debug ("chunksize %"PRIu64" reached;" + log_debug ("chunksize %llu reached;" " cur buflen=%zu using %zu of %zu\n", - cfx->chunksize, cfx->buflen, + (unsigned long long)cfx->chunksize, cfx->buflen, n1, n); n = n1; } diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index bdc3e2214..86e208d01 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -675,8 +675,10 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) /* Decrypt the buffer. This first requires a loop to handle the * case when a chunk ends within the buffer. */ if (DBG_FILTER) - log_debug ("decrypt: chunklen=%"PRIu64" total=%"PRIu64" size=%zu len=%zu%s\n", - dfx->chunklen, dfx->total, size, len, + log_debug ("decrypt: chunklen=%llu total=%llu size=%zu len=%zu%s\n", + (unsigned long long)dfx->chunklen, + (unsigned long long)dfx->total, + size, len, dfx->eof_seen? " eof":""); while (len && dfx->chunklen + len >= dfx->chunksize) @@ -712,8 +714,8 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) len -= n; if (DBG_FILTER) - log_debug ("ndecrypted: %zu (nchunk=%"PRIu64") bytes left: %zu at off=%zu\n", - totallen, dfx->chunklen, len, off); + log_debug ("ndecrypted: %zu (nchunk=%llu) bytes left: %zu at off=%zu\n", + totallen, (unsigned long long)dfx->chunklen, len, off); /* Check the tag. */ if (len < 16) @@ -794,8 +796,8 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) dfx->chunklen += len; dfx->total += len; if (DBG_FILTER) - log_debug ("ndecrypted: %zu (nchunk=%"PRIu64")\n", - totallen, dfx->chunklen); + log_debug ("ndecrypted: %zu (nchunk=%llu)\n", + totallen, (unsigned long long)dfx->chunklen); } if (dfx->eof_seen) diff --git a/g10/encrypt.c b/g10/encrypt.c index 1151fd9a0..687b4344e 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -1,7 +1,7 @@ /* encrypt.c - Main encryption driver * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, * 2006, 2009 Free Software Foundation, Inc. - * Copyright (C) 2016 g10 Code GmbH + * Copyright (C) 2016, 2023 g10 Code GmbH * * This file is part of GnuPG. * @@ -17,6 +17,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, see . + * SPDX-License-Identifier: GPL-3.0-or-later */ #include @@ -409,6 +410,8 @@ encrypt_simple (const char *filename, int mode, int use_seskey) text_filter_context_t tfx; progress_filter_context_t *pfx; int do_compress = !!default_compress_algo(); + char peekbuf[32]; + int peekbuflen; if (!gnupg_rng_is_compliant (opt.compliance)) { @@ -445,6 +448,14 @@ encrypt_simple (const char *filename, int mode, int use_seskey) return rc; } + peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf); + if (peekbuflen < 0) + { + peekbuflen = 0; + if (DBG_FILTER) + log_debug ("peeking at input failed\n"); + } + handle_progress (pfx, inp, filename); if (opt.textmode) @@ -470,8 +481,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) if (use_seskey && s2k->mode != 1 && s2k->mode != 3) { use_seskey = 0; - log_info (_("can't use a SKESK packet" - "due to the S2K mode\n")); + log_info (_("can't use a SKESK packet due to the S2K mode\n")); } /* See whether we want to use AEAD. */ @@ -510,10 +520,11 @@ encrypt_simple (const char *filename, int mode, int use_seskey) if (do_compress && cfx.dek && (cfx.dek->use_mdc || cfx.dek->use_aead) - && is_file_compressed(filename, &rc)) + && !opt.explicit_compress_option + && is_file_compressed (peekbuf, peekbuflen)) { if (opt.verbose) - log_info(_("'%s' already compressed\n"), filename); + log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]"); do_compress = 0; } @@ -781,6 +792,8 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, progress_filter_context_t *pfx; PK_LIST pk_list; int do_compress; + char peekbuf[32]; + int peekbuflen; if (filefd != -1 && filename) return gpg_error (GPG_ERR_INV_ARG); /* Both given. */ @@ -853,6 +866,14 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, if (opt.verbose) log_info (_("reading from '%s'\n"), iobuf_get_fname_nonnull (inp)); + peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf); + if (peekbuflen < 0) + { + peekbuflen = 0; + if (DBG_FILTER) + log_debug ("peeking at input failed\n"); + } + handle_progress (pfx, inp, filename); if (opt.textmode) @@ -885,10 +906,11 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, * ciphertext attacks. */ if (do_compress && (cfx.dek->use_mdc || cfx.dek->use_aead) - && is_file_compressed (filename, &rc2)) + && !opt.explicit_compress_option + && is_file_compressed (peekbuf, peekbuflen)) { if (opt.verbose) - log_info(_("'%s' already compressed\n"), filename); + log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]"); do_compress = 0; } if (rc2) diff --git a/g10/export.c b/g10/export.c index cab00d10c..b3ad69718 100644 --- a/g10/export.c +++ b/g10/export.c @@ -2026,7 +2026,16 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, hexgrip, pk, NULL); if (err) { - if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) + /* If we receive a fully canceled error we stop + * immediately. If we receive a cancel for a public + * key we also stop immediately because a + * public/secret key is always required first + * (right, we could instead write a stub key but + * that is also kind of surprising). If we receive + * a subkey we skip to the next subkey. */ + if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED + || (node->pkt->pkttype == PKT_PUBLIC_KEY + && gpg_err_code (err) == GPG_ERR_CANCELED)) goto leave; write_status_error ("export_keys.secret", err); skip_until_subkey = 1; @@ -2455,8 +2464,8 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, keydb_release (kdbhd); if (err || !keyblock_out) release_kbnode( keyblock ); - if( !*any ) - log_info(_("WARNING: nothing exported\n")); + if( !*any && !opt.quiet) + log_info (_("WARNING: nothing exported\n")); return err; } diff --git a/g10/gpg.c b/g10/gpg.c index 68c0454ee..dd0bf0167 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -360,7 +360,6 @@ enum cmd_and_opt_values oShowSessionKey, oOverrideSessionKey, oOverrideSessionKeyFD, - oOverrideComplianceCheck, oNoRandomSeedFile, oAutoKeyRetrieve, oNoAutoKeyRetrieve, @@ -878,7 +877,6 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"), ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), - ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), ARGPARSE_header (NULL, N_("Options for unattended use")), @@ -972,6 +970,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oNoop, "aead-algo", "@"), ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), + ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), ARGPARSE_group (302, N_( @@ -3203,6 +3202,7 @@ main (int argc, char **argv) case oCompress: /* this is the -z command line option */ opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int; + opt.explicit_compress_option = 1; break; case oCompressLevel: opt.compress_level = pargs.r.ret_int; break; case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break; @@ -3665,10 +3665,6 @@ main (int argc, char **argv) opt.flags.allow_old_cipher_algos = 1; break; - case oOverrideComplianceCheck: - opt.flags.override_compliance_check = 1; - break; - case oFakedSystemTime: { size_t len = strlen (pargs.r.ret_str); @@ -3878,15 +3874,6 @@ main (int argc, char **argv) g10_exit(2); } - /* We allow overriding the compliance check only in non-batch mode - * so that the user has a chance to see the message. */ - if (opt.flags.override_compliance_check && opt.batch) - { - opt.flags.override_compliance_check = 0; - log_info ("Note: '%s' ignored due to batch mode\n", - "--override-compliance-check"); - } - set_debug (debug_level); if (opt.verbose) /* Print the compatibility flags. */ parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags); diff --git a/g10/mainproc.c b/g10/mainproc.c index 330ad10c5..4710386ea 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -2516,7 +2516,7 @@ check_sig_and_print (CTX c, kbnode_t node) } /* Compute compliance with CO_DE_VS. */ - if (pk && is_status_enabled () + if (pk && gnupg_gcrypt_is_compliant (CO_DE_VS) && gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey, nbits_from_pk (pk), NULL) diff --git a/g10/options.h b/g10/options.h index c10862687..74a6cdb16 100644 --- a/g10/options.h +++ b/g10/options.h @@ -98,6 +98,7 @@ struct int def_digest_algo; int cert_digest_algo; int compress_algo; + int explicit_compress_option; /* A compress option was explicitly given. */ int compress_level; int bz2_compress_level; int bz2_decompress_lowmem; @@ -244,7 +245,6 @@ struct unsigned int allow_old_cipher_algos:1; unsigned int allow_weak_digest_algos:1; unsigned int allow_weak_key_signatures:1; - unsigned int override_compliance_check:1; unsigned int large_rsa:1; unsigned int disable_signer_uid:1; unsigned int include_key_block:1; diff --git a/g10/sig-check.c b/g10/sig-check.c index 7c48c0601..7a2c934cd 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -78,17 +78,10 @@ check_key_verify_compliance (PKT_public_key *pk) NULL)) { /* Compliance failure. */ - log_info (_("key %s may not be used for signing in %s mode\n"), + log_error (_("key %s may not be used for signing in %s mode\n"), keystr_from_pk (pk), gnupg_compliance_option_string (opt.compliance)); - if (opt.flags.override_compliance_check) - log_info (_("continuing verification anyway due to option %s\n"), - "--override-compliance-failure"); - else - { - log_inc_errorcount (); /* We used log info above. */ - err = gpg_error (GPG_ERR_PUBKEY_ALGO); - } + err = gpg_error (GPG_ERR_PUBKEY_ALGO); } return err; diff --git a/g10/sign.c b/g10/sign.c index 385254987..a66410ebd 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1037,6 +1037,9 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, int multifile = 0; u32 duration=0; pt_extra_hash_data_t extrahash = NULL; + char peekbuf[32]; + int peekbuflen = 0; + pfx = new_progress_context (); afx = new_armor_context (); @@ -1095,6 +1098,14 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, goto leave; } + peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf); + if (peekbuflen < 0) + { + peekbuflen = 0; + if (DBG_FILTER) + log_debug ("peeking at input failed\n"); + } + handle_progress (pfx, inp, fname); } @@ -1251,8 +1262,14 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, { int compr_algo = opt.compress_algo; - /* If not forced by user */ - if (compr_algo==-1) + if (!opt.explicit_compress_option + && is_file_compressed (peekbuf, peekbuflen)) + { + if (opt.verbose) + log_info(_("'%s' already compressed\n"), fname? fname: "[stdin]"); + compr_algo = 0; + } + else if (compr_algo==-1) { /* If we're not encrypting, then select_algo_from_prefs * will fail and we'll end up with the default. If we are diff --git a/kbx/Makefile.am b/kbx/Makefile.am index f5fe341bc..66214fa5c 100644 --- a/kbx/Makefile.am +++ b/kbx/Makefile.am @@ -37,12 +37,6 @@ else libexec_PROGRAMS = endif -if HAVE_W32CE_SYSTEM -extra_libs = $(LIBASSUAN_LIBS) -else -extra_libs = -endif - common_libs = $(libcommon) commonpth_libs = $(libcommonpth) @@ -75,7 +69,7 @@ libkeybox509_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) -DKEYBOX kbxutil_SOURCES = kbxutil.c $(common_sources) kbxutil_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1 kbxutil_LDADD = $(common_libs) \ - $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(extra_libs) \ + $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS) \ $(NETLIBS) @@ -98,7 +92,7 @@ keyboxd_LDADD = $(commonpth_libs) \ $(SQLITE3_LIBS) $(GPG_ERROR_LIBS) \ $(LIBINTL) $(NETLIBS) $(LIBICONV) \ $(resource_objs) -keyboxd_LDFLAGS = $(extra_bin_ldflags) +keyboxd_LDFLAGS = keyboxd_DEPENDENCIES = $(resource_objs) diff --git a/po/ca.po b/po/ca.po index 116efbd98..831e84602 100644 --- a/po/ca.po +++ b/po/ca.po @@ -431,6 +431,14 @@ msgstr "" msgid "enable putty support" msgstr "no és suportat" +# Gènere? Nombre? ivb +# Werner FIXME: please add translator comment saying *what* is +# uncompressed so we know the gender. jm +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "no és suportat" + msgid "Options controlling the security" msgstr "" @@ -1921,8 +1929,9 @@ msgstr "AVÍS: %s és una opció desaconsellada.\n" msgid "error creating passphrase: %s\n" msgstr "error en la creació de la contrasenya: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "no es pot usar un paquet asimètric ESK al estar en mode S2K\n" #, fuzzy, c-format @@ -2008,9 +2017,18 @@ msgstr "la clau secreta és inusable" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "genera un certificat de revocació" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +msgid "export secret keys using the GnuPG format" +msgstr "s'està escrivint la clau secreta a «%s»\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2516,6 +2534,11 @@ msgstr "mostra en quin anell de claus està una clau llistada" msgid "show expiration dates during signature listings" msgstr "No hi ha cap signatura corresponent en l'anell secret\n" +#, fuzzy +#| msgid "set preference list" +msgid "show preferences" +msgstr "estableix la llista de preferències" + #, fuzzy, c-format msgid "unknown TOFU policy '%s'\n" msgstr "el destinatari predeterminat és desconegut «%s»\n" @@ -2678,11 +2701,6 @@ msgstr "s'està escrivint la clau secreta a «%s»\n" msgid "selected cipher algorithm is invalid\n" msgstr "l'algorisme de xifratge triat no és vàlid\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "l'algorisme de resum seleccionat no és vàlid\n" - #, fuzzy, c-format msgid "selected compression algorithm is invalid\n" msgstr "l'algorisme de xifratge triat no és vàlid\n" @@ -2728,11 +2746,6 @@ msgstr "les preferències per defecte són invàlides\n" msgid "invalid personal cipher preferences\n" msgstr "les preferències personals de xifrat són invàlides\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "les preferències personals de xifrat són invàlides\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "les preferències personals de digest són invàlides\n" @@ -2750,10 +2763,6 @@ msgstr "la mida de la clau és invàlida; s'hi usaran %u bits\n" msgid "%s does not yet work with %s\n" msgstr "%s encara no funciona amb %s\n" -#, fuzzy, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "no podeu usar l'algorisme de xifratge «%s» mentre esteu en mode %s\n" - #, fuzzy, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "no podeu usar l'algorisme de compressió %s mentre esteu en mode %s\n" @@ -3980,18 +3989,6 @@ msgstr "error: l'empremta digital és invàlida\n" msgid "subkey \"%s\" not found\n" msgstr "no s'ha trobat la clau «%s»: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Resum: " - -msgid "Features: " -msgstr "Funcionalitats: " - -msgid "Keyserver no-modify" -msgstr "" - msgid "Preferred keyserver: " msgstr "" @@ -4852,6 +4849,18 @@ msgstr "Crear realment? " msgid "never " msgstr "mai " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Resum: " + +msgid "Features: " +msgstr "Funcionalitats: " + +msgid "Keyserver no-modify" +msgstr "" + msgid "Critical signature policy: " msgstr "Política de signatura crítica: " @@ -9451,6 +9460,21 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "l'algorisme de resum seleccionat no és vàlid\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "les preferències personals de xifrat són invàlides\n" + +#, fuzzy +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "" +#~ "no podeu usar l'algorisme de xifratge «%s» mentre esteu en mode %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "forçar el xifrat asimètric %s (%d) viola les preferències del " @@ -11129,9 +11153,6 @@ msgstr "" #~ msgid "delete signatures" #~ msgstr "esborra signatures" -#~ msgid "set preference list" -#~ msgstr "estableix la llista de preferències" - #~ msgid "updated preferences" #~ msgstr "preferències actualitzades" diff --git a/po/cs.po b/po/cs.po index c03f35599..df6a29a48 100644 --- a/po/cs.po +++ b/po/cs.po @@ -28,6 +28,7 @@ # action → způsob užití (klíče) # administrator → správce # cache → keš +# compliance rules → pravidla normy # distribution point → místo distribuce # DP (distribution point (of CRL)) → DP # load → zavést @@ -37,9 +38,9 @@ # msgid "" msgstr "" -"Project-Id-Version: gnupg2 2.3.4\n" +"Project-Id-Version: gnupg2 2.3.8\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2022-02-20 16:09+01:00\n" +"PO-Revision-Date: 2022-11-13 14:21+01:00\n" "Last-Translator: Petr Pisar \n" "Language-Team: Czech \n" "Language: cs\n" @@ -296,10 +297,9 @@ msgstr "PIN nebyl zopakován správně; zkuste to znovu" msgid "Please enter the PIN%s%s%s to unlock the card" msgstr "Prosím, zadejte PIN%s%s%s, abyste odemkli kartu" -#, fuzzy, c-format -#| msgid "error writing to %s: %s\n" +#, c-format msgid "error writing to pipe: %s\n" -msgstr "chyba při zápisu do %s: %s\n" +msgstr "chyba při zápisu do roury: %s\n" msgid "Enter new passphrase" msgstr "Vložte nové heslo" @@ -417,6 +417,9 @@ msgstr "|ALGORITMUS|ukazovat otisky SSH pomocí ALGORITMU" msgid "enable putty support" msgstr "zapnout podporu pro PuTTY" +msgid "enable Win32-OpenSSH support" +msgstr "zapnout podporu pro Win32-OpenSSH" + msgid "Options controlling the security" msgstr "Volby ovlivňující bezpečnost" @@ -776,14 +779,9 @@ msgstr "Změním jej později" msgid "Please insert the card with serial number" msgstr "Prosím, vložte kartu se sériovým číslem" -#, fuzzy, c-format -#| msgid "" -#| "An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want " -#| "to allow this?" +#, c-format msgid "Requested the use of key%%0A %s%%0A %s%%0ADo you want to allow this?" -msgstr "" -"Proces SSH si vyžádal použití klíče%%0A %s%%0A (%s)%%0APřejete si to " -"povolit?" +msgstr "Vyžádáno použití klíče%%0A %s%%0A %s%%0APřejete si to povolit?" #, c-format msgid "" @@ -1810,7 +1808,7 @@ msgid "error creating passphrase: %s\n" msgstr "chyba při vytváření hesla: %s\n" #, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "v režimu S2K nelze použít symetrický ESK paket\n" #, c-format @@ -1849,10 +1847,9 @@ msgstr "zašifrováno pomocí %s/%s.%s pro: „%s“\n" msgid "option '%s' may not be used in %s mode\n" msgstr "volba „%s“ se nesmí používat v režimu %s\n" -#, fuzzy, c-format -#| msgid "%s.%s encrypted data\n" +#, c-format msgid "%s encrypted data\n" -msgstr "data zašifrovaná pomocí %s.%s\n" +msgstr "data zašifrovaná pomocí %s\n" #, c-format msgid "encrypted with unknown algorithm %d\n" @@ -1882,9 +1879,19 @@ msgstr "odstranit nepoužitelné části z klíče při exportu" msgid "remove as much as possible from key during export" msgstr "odstranit při exportu z klíče vše, co lze" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "vytvořit revokační certifikát" + msgid "use the GnuPG key backup format" msgstr "použít záložní formát klíče GnuPG" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "exportování tajného klíče není povoleno\n" + msgid " - skipped" msgstr " – přeskočeno" @@ -2329,6 +2336,11 @@ msgstr "ukazovat název souboru s klíči při výpisu klíčů" msgid "show expiration dates during signature listings" msgstr "ukazovat data expirace během výpisu podpisů" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "vypsat seznam předvoleb (pro experty)" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "neznámá TOFU politika „%s“\n" @@ -2484,10 +2496,6 @@ msgstr "nelze spustit s nebezpečnou pamětí vzhledem k %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "vybraný šifrovací algoritmus je neplatný\n" -#, c-format -msgid "selected AEAD algorithm is invalid\n" -msgstr "vybraný algoritmus AEAD je neplatný\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "vybraný kompresní algoritmus je neplatný\n" @@ -2536,10 +2544,6 @@ msgstr "neplatné implicitní předvolby\n" msgid "invalid personal cipher preferences\n" msgstr "neplatné uživatelské předvolby pro šifrování\n" -#, c-format -msgid "invalid personal AEAD preferences\n" -msgstr "neplatné uživatelské předvolby pro AEAD\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "neplatné uživatelské předvolby pro hashování\n" @@ -2556,10 +2560,6 @@ msgstr "neplatná velikost bloku – použije se %d\n" msgid "%s does not yet work with %s\n" msgstr "%s dosud není funkční s %s\n" -#, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "AEAD algoritmus „%s“ se nesmí používat v režimu %s\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "kompresní algoritmus „%s“ se nesmí používat v režimu %s\n" @@ -3683,18 +3683,6 @@ msgstr "„%s“ není řádný otisk\n" msgid "subkey \"%s\" not found\n" msgstr "podklíč „%s“ nenalezen\n" -msgid "AEAD: " -msgstr "AEAD: " - -msgid "Digest: " -msgstr "Hash: " - -msgid "Features: " -msgstr "Vlastnosti: " - -msgid "Keyserver no-modify" -msgstr "Keyserver bez modifikace" - msgid "Preferred keyserver: " msgstr "Preferovaný keyserver: " @@ -3793,10 +3781,8 @@ msgstr "Jste si jistý, že jej chcete stále přidat? (a/N) " msgid "You may not add a photo ID to a PGP2-style key.\n" msgstr "Neměli by jste přidávat fotografický ID k PGP2 klíči.\n" -#, fuzzy -#| msgid "Such a user ID already exists on this key!\n" msgid "Such a user ID already exists on this key!" -msgstr "Takový identifikátor uživatele již u tohoto klíče existuje!\n" +msgstr "Takový identifikátor uživatele již u tohoto klíče existuje!" msgid "Delete this good signature? (y/N/q)" msgstr "Smazat tento dobrý podpis? (a/N/u)" @@ -4494,6 +4480,18 @@ msgstr "Opravdu vytvořit? (a/N) " msgid "never " msgstr "nikdy " +msgid "AEAD: " +msgstr "AEAD: " + +msgid "Digest: " +msgstr "Hash: " + +msgid "Features: " +msgstr "Vlastnosti: " + +msgid "Keyserver no-modify" +msgstr "Keyserver bez modifikace" + msgid "Critical signature policy: " msgstr "Kritická podepisovací politika: " @@ -4759,7 +4757,7 @@ msgstr "dešifrování selhalo: %s\n" #, c-format msgid "operation forced to fail due to unfulfilled compliance rules\n" -msgstr "" +msgstr "operace byla přinucena selhat, protože nebyla splněna pravidla normy\n" #, c-format msgid "Note: sender requested \"for-your-eyes-only\"\n" @@ -6816,7 +6814,7 @@ msgid "error getting key usage information: %s\n" msgstr "chyba při zjišťování informací o použití klíče: %s\n" msgid "Tor might be in use - network access is limited" -msgstr "" +msgstr "Možná se používá Tor – přístup k síti je omezen" #, c-format msgid "validation model requested by certificate: %s" @@ -8070,11 +8068,8 @@ msgstr "volání crl_cache_insert přes vydavatele selhalo: %s\n" msgid "reader to file mapping table full - waiting\n" msgstr "tabulka mapování čtenáře na soubor je plná – čeká se\n" -# Poslední argument je název protokolu -#, fuzzy -#| msgid "CRL access not possible due to Tor mode\n" msgid "CRL access not possible due to Tor mode" -msgstr "Přístup k CRL není možný kvůli režimu Tor\n" +msgstr "Přístup k CRL není možný kvůli režimu Tor" # Poslední argument je název protokolu #, c-format @@ -8246,10 +8241,8 @@ msgstr "|URL|všechny HTTP požadavky přesměruje na URL" msgid "use system's HTTP proxy setting" msgstr "používat systémové nastavení HTTP proxy" -#, fuzzy -#| msgid "Configuration for HTTP servers" msgid "Configuration for OpenPGP servers" -msgstr "Nastavení HTTP serverů" +msgstr "Nastavení pro servery OpenPGP" msgid "|URL|use keyserver at URL" msgstr "|URL|používat server klíčů na URL" @@ -8257,10 +8250,8 @@ msgstr "|URL|používat server klíčů na URL" msgid "|FILE|use the CA certificates in FILE for HKP over TLS" msgstr "|SOUBOR|pro HKP přes TLS použije certifikáty CA ze SOUBORU" -#, fuzzy -#| msgid "Configuration for HTTP servers" msgid "Configuration for X.509 servers" -msgstr "Nastavení HTTP serverů" +msgstr "Nastavení pro servery X.509" msgid "inhibit the use of LDAP" msgstr "zakáže použití LDAP" @@ -8491,10 +8482,8 @@ msgstr "chyba při čtení z odpovídače: %s\n" msgid "response from server too large; limit is %d bytes\n" msgstr "odpověď serveru je příliš velká, limit je %d bajtů\n" -#, fuzzy -#| msgid "OCSP request not possible due to Tor mode\n" msgid "OCSP request not possible due to Tor mode" -msgstr "OCSP dotaz není možný kvůli režimu Tor\n" +msgstr "OCSP dotaz není možný kvůli režimu Tor" #, c-format msgid "OCSP request not possible due to disabled HTTP\n" @@ -8955,6 +8944,15 @@ msgstr "Příkazy pro správu Yubikey" msgid "manage the command history" msgstr "spravuje historii příkazů" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "vybraný algoritmus AEAD je neplatný\n" + +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "neplatné uživatelské předvolby pro AEAD\n" + +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "AEAD algoritmus „%s“ se nesmí používat v režimu %s\n" + #~ msgid "error writing to temporary file: %s\n" #~ msgstr "chyba při zápisu do dočasného souboru: %s\n" diff --git a/po/da.po b/po/da.po index f7ccaf618..e8bb98213 100644 --- a/po/da.po +++ b/po/da.po @@ -453,6 +453,11 @@ msgstr "" msgid "enable putty support" msgstr "" +#, fuzzy +#| msgid "enable ssh-agent emulation" +msgid "enable Win32-OpenSSH support" +msgstr "aktiver ssh-agent-emulering" + msgid "Options controlling the security" msgstr "Tilvalg der kontrollerer sikkerheden" @@ -1963,8 +1968,9 @@ msgstr "ADVARSEL: »%s« er en forældet indstilling - den har ingen effekt\n" msgid "error creating passphrase: %s\n" msgstr "fejl ved oprettelse af adgangsfrase: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "kan ikke bruge en symmetrisk ESK-pakke på grund af S2K-tilstanden\n" #, fuzzy, c-format @@ -2045,9 +2051,19 @@ msgstr "fjern nøgledele der ikke kan bruges under eksport" msgid "remove as much as possible from key during export" msgstr "fjern så meget som muligt fra nøglen under eksport" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "opret et tilbagekaldscertifikat" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "eksport af hemmelige nøgler er ikke tilladt\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2554,6 +2570,11 @@ msgstr "vis nøgleringsnavnet i nøglevisninger" msgid "show expiration dates during signature listings" msgstr "vis udløbsdatoer under underskriftvisninger" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "vis præferencer (ekspert)" + #, fuzzy, c-format #| msgid "unknown option `%s'\n" msgid "unknown TOFU policy '%s'\n" @@ -2718,11 +2739,6 @@ msgstr "vil ikke køre med usikker hukommelse på grund af %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "valgt chifferalgoritme er ugyldig\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "valgt sammendragsalgoritme er ugyldig\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "valgt komprimeringsalgoritme er ugyldig\n" @@ -2768,11 +2784,6 @@ msgstr "ugyldige standardpræferencer\n" msgid "invalid personal cipher preferences\n" msgstr "ugyldige præferencer for personlig chiffer\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "ugyldige præferencer for personlig chiffer\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "ugyldige præferencer for personlig sammendrag\n" @@ -2790,11 +2801,6 @@ msgstr "nøglestørrelse er ugyldig; bruger %u bit\n" msgid "%s does not yet work with %s\n" msgstr "%s virker endnu ikke med %s\n" -#, fuzzy, c-format -#| msgid "you may not use cipher algorithm `%s' while in %s mode\n" -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "du må ikke bruge chifferalgoritmen »%s« i tilstanden %s\n" - #, fuzzy, c-format #| msgid "you may not use compression algorithm `%s' while in %s mode\n" msgid "compression algorithm '%s' may not be used in %s mode\n" @@ -3999,18 +4005,6 @@ msgstr "ugyldig fingeraftryk" msgid "subkey \"%s\" not found\n" msgstr "nøglen »%s« blev ikke fundet: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Sammendrag: " - -msgid "Features: " -msgstr "Funktioner: " - -msgid "Keyserver no-modify" -msgstr "Nøgleserver no-modify" - msgid "Preferred keyserver: " msgstr "Fortrukken nøgleserver: " @@ -4863,6 +4857,18 @@ msgstr "Vil du virkelig oprette? (j/N) " msgid "never " msgstr "aldrig " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Sammendrag: " + +msgid "Features: " +msgstr "Funktioner: " + +msgid "Keyserver no-modify" +msgstr "Nøgleserver no-modify" + msgid "Critical signature policy: " msgstr "Kritisk underskriftspolitik: " @@ -9663,6 +9669,21 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "valgt sammendragsalgoritme er ugyldig\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "ugyldige præferencer for personlig chiffer\n" + +#, fuzzy +#~| msgid "you may not use cipher algorithm `%s' while in %s mode\n" +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "du må ikke bruge chifferalgoritmen »%s« i tilstanden %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "tvang for symmetrisk chiffer %s (%d) overtræder modtagerens præferencer\n" diff --git a/po/de.po b/po/de.po index d99de2afe..b0e3c43cd 100644 --- a/po/de.po +++ b/po/de.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-2.3.0\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2022-10-07 09:52+0200\n" +"PO-Revision-Date: 2022-12-16 16:11+0100\n" "Last-Translator: Werner Koch \n" "Language-Team: German \n" "Language: de\n" @@ -397,6 +397,9 @@ msgstr "Verwende ALGO für SSH Fingerabdrücke" msgid "enable putty support" msgstr "PuTTY Unterstützung einschalten" +msgid "enable Win32-OpenSSH support" +msgstr "Win32-OpenSSH Unterstützung einschalten" + msgid "Options controlling the security" msgstr "Optionen zur Einstellung der Sicherheit" @@ -1812,10 +1815,8 @@ msgid "error creating passphrase: %s\n" msgstr "Fehler beim Erzeugen des Passwortes: %s\n" #, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" -msgstr "" -"Aufgrund des S2K-Modus kann ein symmetrisches ESK Paket nicht benutzt " -"werden\n" +msgid "can't use a SKESK packet due to the S2K mode\n" +msgstr "Aufgrund des S2K-Modus kann ein SKESK Paket nicht benutzt werden\n" #, c-format msgid "using cipher %s.%s\n" @@ -1886,9 +1887,15 @@ msgstr "Unbrauchbare Teile des Schlüssel während des Exports entfernen" msgid "remove as much as possible from key during export" msgstr "Während des Exports soviel wie möglich vom Schlüssel entfernen" +msgid "export only revocation certificates" +msgstr "Nur Schlüsselwiderruf-Zertifikate exportieren" + msgid "use the GnuPG key backup format" msgstr "Das GnuPG Datensicherungsformat für Schlüssel benutzen" +msgid "export secret keys using the GnuPG format" +msgstr "Geheime Schlüssel im GnuPG Format exportieren" + msgid " - skipped" msgstr " - übersprungen" @@ -2335,6 +2342,9 @@ msgstr "Anzeigen des Schlüsselbundes, in dem ein Schlüssel drin ist" msgid "show expiration dates during signature listings" msgstr "Das Ablaufdatum mit den Signaturen anlisten" +msgid "show preferences" +msgstr "Voreinstellungen anzeigen" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "Unbekannte TOFU Regel '%s'\n" @@ -2492,10 +2502,6 @@ msgstr "Startet nicht mit unsicherem Speicher, wegen Option %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "Das ausgewählte Verschlüsselungsverfahren ist ungültig\n" -#, c-format -msgid "selected AEAD algorithm is invalid\n" -msgstr "Das ausgewählte AEAD-Verfahren ist ungültig\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "Das ausgewählte Komprimierungsverfahren ist ungültig\n" @@ -2540,10 +2546,6 @@ msgstr "ungültige Standard-Voreinstellungen\n" msgid "invalid personal cipher preferences\n" msgstr "ungültige private Verschlüsselungsvoreinstellungen\n" -#, c-format -msgid "invalid personal AEAD preferences\n" -msgstr "ungültige private AEAD-Voreinstellungen\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "ungültige private Hashvoreinstellungen\n" @@ -2560,10 +2562,6 @@ msgstr "Ungültige \"Chunk\"-Größe; %d wird verwendet\n" msgid "%s does not yet work with %s\n" msgstr "%s arbeitet noch nicht mit %s zusammen\n" -#, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "Das AEAD-Verfahren %s darf im %s Modus nicht verwendet werden.\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "" @@ -3716,18 +3714,6 @@ msgstr "\"%s\" ist kein gültiger Fingerabdruck\n" msgid "subkey \"%s\" not found\n" msgstr "Unterschlüssel \"%s\" nicht gefunden\n" -msgid "AEAD: " -msgstr "AEAD: " - -msgid "Digest: " -msgstr "Digest: " - -msgid "Features: " -msgstr "Eigenschaften: " - -msgid "Keyserver no-modify" -msgstr "Keyserver no-modify" - msgid "Preferred keyserver: " msgstr "Bevorzugter Schlüsselserver:" @@ -4534,6 +4520,18 @@ msgstr "Wirklich erzeugen? (j/N) " msgid "never " msgstr "niemals " +msgid "AEAD: " +msgstr "AEAD: " + +msgid "Digest: " +msgstr "Digest: " + +msgid "Features: " +msgstr "Eigenschaften: " + +msgid "Keyserver no-modify" +msgstr "Keyserver no-modify" + msgid "Critical signature policy: " msgstr "Entscheidende Beglaubigungsrichtlinie: " @@ -9070,6 +9068,15 @@ msgstr "Verwaltungskommandos für Yubikeys" msgid "manage the command history" msgstr "Verwaltung der Kommandohistorie" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "Das ausgewählte AEAD-Verfahren ist ungültig\n" + +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "ungültige private AEAD-Voreinstellungen\n" + +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "Das AEAD-Verfahren %s darf im %s Modus nicht verwendet werden.\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "Erzwungene Verwendung des symmetrischen Verschlüsselungsverfahren %s (%d) " diff --git a/po/el.po b/po/el.po index 746805e11..ce190ea7c 100644 --- a/po/el.po +++ b/po/el.po @@ -402,6 +402,11 @@ msgstr "" msgid "enable putty support" msgstr "δεν υποστηρίζεται" +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "δεν υποστηρίζεται" + msgid "Options controlling the security" msgstr "" @@ -1855,8 +1860,9 @@ msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: \"%s\" είναι μια μη συνειστ msgid "error creating passphrase: %s\n" msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "αδυναμία χρήσης ενός συμμετρικού πακέτου ESK λόγω της κατάστασης S2K\n" #, fuzzy, c-format @@ -1943,9 +1949,18 @@ msgstr "μη χρησιμοποιήσιμο μυστικό κλειδί" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "δημιουργία ενός πιστοποιητικού ανάκλησης" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +msgid "export secret keys using the GnuPG format" +msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2438,6 +2453,11 @@ msgstr "απεικόνιση της κλειδοθήκης στην οποία msgid "show expiration dates during signature listings" msgstr "Δεν βρέθηκε αντίστοιχη υπογραφή στη μυστική κλειδοθήκη\n" +#, fuzzy +#| msgid "set preference list" +msgid "show preferences" +msgstr "ορισμός απεικόνισης επιλογών" + #, fuzzy, c-format msgid "unknown TOFU policy '%s'\n" msgstr "άγνωστος προκαθορισμένος παραλήπτης `%s'\n" @@ -2598,11 +2618,6 @@ msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n" msgid "selected cipher algorithm is invalid\n" msgstr "ο επιλεγμένος αλγόριθμος κρυπτογράφησης δεν είναι έγκυρος\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "ο επιλεγμένος αλγόριθμος περίληψης δεν είναι έγκυρος\n" - #, fuzzy, c-format msgid "selected compression algorithm is invalid\n" msgstr "ο επιλεγμένος αλγόριθμος κρυπτογράφησης δεν είναι έγκυρος\n" @@ -2650,11 +2665,6 @@ msgstr "μη έγκυρες προεπιλογές\n" msgid "invalid personal cipher preferences\n" msgstr "μη έγκυρες προεπιλογές προσωπικού κρυπταλγόριθμου\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "μη έγκυρες προεπιλογές προσωπικού κρυπταλγόριθμου\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "μη έγκυρες προεπιλογές προσωπικού αλγόριθμου περίληψης\n" @@ -2672,10 +2682,6 @@ msgstr "μη έγκυρο μέγεθος κλειδιού, χρήση %u bits\n" msgid "%s does not yet work with %s\n" msgstr "το %s ακόμα δε λειτουργεί μαζί με το %s\n" -#, fuzzy, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "απαγορεύετε η χρήση του κρυπταλγόριθμου \"%s\" στην κατάσταση %s\n" - #, fuzzy, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "" @@ -3885,18 +3891,6 @@ msgstr "σφάλμα: μη έγκυρο αποτύπωμα\n" msgid "subkey \"%s\" not found\n" msgstr "το κλειδί '%s' δε βρέθηκε: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Περίληψη: " - -msgid "Features: " -msgstr "Δυνατότητε: " - -msgid "Keyserver no-modify" -msgstr "" - msgid "Preferred keyserver: " msgstr "" @@ -4746,6 +4740,18 @@ msgstr "Σίγουρα να δημιουργηθεί; " msgid "never " msgstr "ποτέ " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Περίληψη: " + +msgid "Features: " +msgstr "Δυνατότητε: " + +msgid "Keyserver no-modify" +msgstr "" + msgid "Critical signature policy: " msgstr "Πολιτική κρίσιμης υπογραφής: " @@ -9278,6 +9284,20 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "ο επιλεγμένος αλγόριθμος περίληψης δεν είναι έγκυρος\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "μη έγκυρες προεπιλογές προσωπικού κρυπταλγόριθμου\n" + +#, fuzzy +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "απαγορεύετε η χρήση του κρυπταλγόριθμου \"%s\" στην κατάσταση %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "ο εξαναγκασμός συμμετρικού αλγόριθμου %s (%d) παραβιάζει τις\n" @@ -10913,9 +10933,6 @@ msgstr "" #~ msgid "delete signatures" #~ msgstr "διαγραφή υπογραφών" -#~ msgid "set preference list" -#~ msgstr "ορισμός απεικόνισης επιλογών" - #~ msgid "updated preferences" #~ msgstr "αναωεωμένες επιλογές" diff --git a/po/eo.po b/po/eo.po index a43a50bb5..8144ae10e 100644 --- a/po/eo.po +++ b/po/eo.po @@ -403,6 +403,11 @@ msgstr "" msgid "enable putty support" msgstr "ne realigita" +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "ne realigita" + msgid "Options controlling the security" msgstr "" @@ -1851,7 +1856,7 @@ msgid "error creating passphrase: %s\n" msgstr "eraro dum kreado de pasfrazo: %s\n" #, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "" #, fuzzy, c-format @@ -1929,9 +1934,18 @@ msgstr "neuzebla sekreta ŝlosilo" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "krei revokatestilon" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +msgid "export secret keys using the GnuPG format" +msgstr "skribas sekretan ŝlosilon al '%s'\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2420,6 +2434,11 @@ msgstr "montri, en kiu ŝlosilaro estas listigita ŝlosilo" msgid "show expiration dates during signature listings" msgstr "Mankas responda subskribo en sekreta ŝlosilaro\n" +#, fuzzy +#| msgid "set preference list" +msgid "show preferences" +msgstr "agordi liston de preferoj" + #, fuzzy, c-format msgid "unknown TOFU policy '%s'\n" msgstr "nekonata implicita ricevonto '%s'\n" @@ -2580,11 +2599,6 @@ msgstr "skribas sekretan ŝlosilon al '%s'\n" msgid "selected cipher algorithm is invalid\n" msgstr "elektita ĉifrad-metodo ne validas\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "elektita kompendi-metodo ne validas\n" - #, fuzzy, c-format msgid "selected compression algorithm is invalid\n" msgstr "elektita ĉifrad-metodo ne validas\n" @@ -2630,10 +2644,6 @@ msgstr "nevalidaj preferoj\n" msgid "invalid personal cipher preferences\n" msgstr "nevalidaj preferoj\n" -#, fuzzy, c-format -msgid "invalid personal AEAD preferences\n" -msgstr "nevalidaj preferoj\n" - #, fuzzy, c-format msgid "invalid personal digest preferences\n" msgstr "nevalidaj preferoj\n" @@ -2651,10 +2661,6 @@ msgstr "ŝlosilgrando nevalida; uzas %u bitojn\n" msgid "%s does not yet work with %s\n" msgstr "%s ne havas sencon kun %s!\n" -#, fuzzy, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "Tiu komando ne eblas en la reĝimo %s.\n" - #, fuzzy, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "Tiu komando ne eblas en la reĝimo %s.\n" @@ -3862,18 +3868,6 @@ msgstr "%s: nevalida dosiero-versio %d\n" msgid "subkey \"%s\" not found\n" msgstr "ŝlosilo '%s' ne trovita: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "" - -msgid "Features: " -msgstr "" - -msgid "Keyserver no-modify" -msgstr "" - msgid "Preferred keyserver: " msgstr "" @@ -4706,6 +4700,18 @@ msgstr "Ĉu vere krei? " msgid "never " msgstr "" +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "" + +msgid "Features: " +msgstr "" + +msgid "Keyserver no-modify" +msgstr "" + #, fuzzy msgid "Critical signature policy: " msgstr "Subskribo-gvidlinioj: " @@ -9190,6 +9196,19 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "elektita kompendi-metodo ne validas\n" + +#, fuzzy +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "nevalidaj preferoj\n" + +#, fuzzy +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "Tiu komando ne eblas en la reĝimo %s.\n" + #, fuzzy #~ msgid "error writing to temporary file: %s\n" #~ msgstr "skribas al '%s'\n" @@ -10691,9 +10710,6 @@ msgstr "" #~ msgid "delete signatures" #~ msgstr "forviŝi subskribojn" -#~ msgid "set preference list" -#~ msgstr "agordi liston de preferoj" - #~ msgid "updated preferences" #~ msgstr "aktualigitaj preferoj" diff --git a/po/es.po b/po/es.po index 305352b07..41357a983 100644 --- a/po/es.po +++ b/po/es.po @@ -422,6 +422,11 @@ msgstr "|ALGO|usar ALGO para mostrar las huellas digitales de ssh" msgid "enable putty support" msgstr "habilitar soporte de putty" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "habilitar soporte de putty" + msgid "Options controlling the security" msgstr "Opciones que controlan la seguridad" @@ -1849,8 +1854,9 @@ msgstr "" msgid "error creating passphrase: %s\n" msgstr "error al crear frase contraseña: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "no puede usar un paquete simétrico ESK debido al modo S2K\n" #, fuzzy, c-format @@ -1925,9 +1931,19 @@ msgstr "borrar partes inutilizables de la clave al exportar" msgid "remove as much as possible from key during export" msgstr "borrar tanto como sea posible de la clave al exportar" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "genera un certificado de revocación" + msgid "use the GnuPG key backup format" msgstr "usar el formato de backup de claves GnuPG" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "no se permite exportar claves secretas\n" + msgid " - skipped" msgstr " - omitido" @@ -2382,6 +2398,11 @@ msgstr "mostrar nombre de los anillos de claves al listar claves" msgid "show expiration dates during signature listings" msgstr "mostrar fechas de caducidad al listar firmas" +#, fuzzy +#| msgid "showpref" +msgid "show preferences" +msgstr "verpref" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "política TOFU desconocida '%s'\n" @@ -2537,11 +2558,6 @@ msgstr "no se ejecutará en memoria insegura por %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "el algoritmo de cifrado seleccionado es inválido\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "el algoritmo de resumen seleccionado no inválido\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "el algoritmo de compresión seleccionado es inválido\n" @@ -2586,11 +2602,6 @@ msgstr "preferencias por defecto inválidas\n" msgid "invalid personal cipher preferences\n" msgstr "preferencias personales de cifrado inválidas\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "preferencias personales de cifrado inválidas\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "preferencias personales de algoritmo de resumen inválidas\n" @@ -2608,11 +2619,6 @@ msgstr "tamaño de clave incorrecto; se usarán %u bits\n" msgid "%s does not yet work with %s\n" msgstr "%s aún no funciona con %s\n" -#, fuzzy, c-format -#| msgid "cipher algorithm '%s' may not be used in %s mode\n" -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "no se puede usar el cifrado '%s' en modo %s\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "no puede usar la compresión '%s' en modo %s\n" @@ -3749,18 +3755,6 @@ msgstr "\"%s\" no es una huella digital válida\n" msgid "subkey \"%s\" not found\n" msgstr "subclave \"%s\" no encontrada\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Resumen: " - -msgid "Features: " -msgstr "Características: " - -msgid "Keyserver no-modify" -msgstr "Sevidor de claves no-modificar" - msgid "Preferred keyserver: " msgstr "Servidor de claves preferido: " @@ -4578,6 +4572,18 @@ msgstr "¿Crear de verdad? (s/N) " msgid "never " msgstr "nunca " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Resumen: " + +msgid "Features: " +msgstr "Características: " + +msgid "Keyserver no-modify" +msgstr "Sevidor de claves no-modificar" + msgid "Critical signature policy: " msgstr "Política de firmas críticas: " @@ -9099,6 +9105,21 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "el algoritmo de resumen seleccionado no inválido\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "preferencias personales de cifrado inválidas\n" + +#, fuzzy +#~| msgid "cipher algorithm '%s' may not be used in %s mode\n" +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "no se puede usar el cifrado '%s' en modo %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "forzar el cifrado simétrico %s (%d) viola las preferencias\n" @@ -11229,9 +11250,6 @@ msgstr "" #~ msgid "pref" #~ msgstr "pref" -#~ msgid "showpref" -#~ msgstr "verpref" - #~ msgid "setpref" #~ msgstr "estpref" diff --git a/po/et.po b/po/et.po index f35ad3c29..a06ce408e 100644 --- a/po/et.po +++ b/po/et.po @@ -399,6 +399,11 @@ msgstr "" msgid "enable putty support" msgstr "ei ole toetatud" +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "ei ole toetatud" + msgid "Options controlling the security" msgstr "" @@ -1849,8 +1854,9 @@ msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n" msgid "error creating passphrase: %s\n" msgstr "viga parooli loomisel: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "S2K moodi tõttu ei saa sümmeetrilist ESK paketti kasutada\n" #, fuzzy, c-format @@ -1934,9 +1940,18 @@ msgstr "mittekasutatav salajane võti" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "genereeri tühistamise sertifikaat" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +msgid "export secret keys using the GnuPG format" +msgstr "kirjutan salajase võtme faili `%s'\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2426,6 +2441,11 @@ msgstr "näita millisesse võtmehoidlasse näidatud võti kuulub" msgid "show expiration dates during signature listings" msgstr "Vastavat allkirja salajaste võtmete hoidlas pole\n" +#, fuzzy +#| msgid "set preference list" +msgid "show preferences" +msgstr "sea eelistuste nimekiri" + #, fuzzy, c-format msgid "unknown TOFU policy '%s'\n" msgstr "tundmatu vaikimisi saaja `%s'\n" @@ -2586,11 +2606,6 @@ msgstr "kirjutan salajase võtme faili `%s'\n" msgid "selected cipher algorithm is invalid\n" msgstr "valitud šifri algoritm ei ole lubatud\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "valitud lühendi algoritm ei ole lubatud\n" - #, fuzzy, c-format msgid "selected compression algorithm is invalid\n" msgstr "valitud šifri algoritm ei ole lubatud\n" @@ -2636,11 +2651,6 @@ msgstr "vigased vaikimisi eelistused\n" msgid "invalid personal cipher preferences\n" msgstr "vigased isikliku šifri eelistused\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "vigased isikliku šifri eelistused\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "vigased isikliku lühendi eelistused\n" @@ -2658,10 +2668,6 @@ msgstr "vigane võtme suurus; kasutan %u bitti\n" msgid "%s does not yet work with %s\n" msgstr "%s ei tööta veel koos %s-ga\n" -#, fuzzy, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "šifri algoritm \"%s\" ei ole moodis %s lubatud\n" - #, fuzzy, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "pakkimise algoritm \"%s\" ei ole moodis %s lubatud\n" @@ -3857,18 +3863,6 @@ msgstr "viga: vigane sõrmejälg\n" msgid "subkey \"%s\" not found\n" msgstr "võtit '%s' ei leitud: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Teatelühend: " - -msgid "Features: " -msgstr "Omadused: " - -msgid "Keyserver no-modify" -msgstr "" - msgid "Preferred keyserver: " msgstr "" @@ -4698,6 +4692,18 @@ msgstr "Loon tõesti? " msgid "never " msgstr "mitte kunagi" +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Teatelühend: " + +msgid "Features: " +msgstr "Omadused: " + +msgid "Keyserver no-modify" +msgstr "" + msgid "Critical signature policy: " msgstr "Kriitiline allkirja poliitika: " @@ -9193,6 +9199,20 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "valitud lühendi algoritm ei ole lubatud\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "vigased isikliku šifri eelistused\n" + +#, fuzzy +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "šifri algoritm \"%s\" ei ole moodis %s lubatud\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "sümmetrilise šifri %s (%d) kasutamine on vastuolus saaja eelistustega\n" @@ -10785,9 +10805,6 @@ msgstr "" #~ msgid "delete signatures" #~ msgstr "kustuta allkirjad" -#~ msgid "set preference list" -#~ msgstr "sea eelistuste nimekiri" - #~ msgid "updated preferences" #~ msgstr "uuendatud eelistused" diff --git a/po/fi.po b/po/fi.po index b0f3069df..33c75a214 100644 --- a/po/fi.po +++ b/po/fi.po @@ -415,6 +415,11 @@ msgstr "" msgid "enable putty support" msgstr "ei tuettu" +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "ei tuettu" + msgid "Options controlling the security" msgstr "" @@ -1867,8 +1872,9 @@ msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n" msgid "error creating passphrase: %s\n" msgstr "virhe luotaessa salasanaa: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "symmetristä ESK-pakettia ei voi käyttää S2K-tilan vuoksi\n" #, fuzzy, c-format @@ -1951,9 +1957,18 @@ msgstr "salaista avainta ei voi käyttää" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "luo mitätöintivarmenne" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +msgid "export secret keys using the GnuPG format" +msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2443,6 +2458,11 @@ msgstr "näytä mihin avainrenkaaseen tulostettu avain kuuluu" msgid "show expiration dates during signature listings" msgstr "Salaisesta avainrenkaasta ei löydy vastaavaa allekirjoitusta\n" +#, fuzzy +#| msgid "set preference list" +msgid "show preferences" +msgstr "näytä valinnat" + #, fuzzy, c-format msgid "unknown TOFU policy '%s'\n" msgstr "tuntematon oletusvastaanottaja \"%s\"\n" @@ -2603,11 +2623,6 @@ msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n" msgid "selected cipher algorithm is invalid\n" msgstr "valittu salausalgoritmi ei kelpaa\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "valittu tiivistealgoritmi ei kelpaa\n" - #, fuzzy, c-format msgid "selected compression algorithm is invalid\n" msgstr "valittu salausalgoritmi ei kelpaa\n" @@ -2654,11 +2669,6 @@ msgstr "virheelliset oletusarvoiset valinnat\n" msgid "invalid personal cipher preferences\n" msgstr "virheelliset henkilökohtaisen salaimen valinnat\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "virheelliset henkilökohtaisen salaimen valinnat\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "virheelliset henkilökohtaiset tiivisteen valinnat\n" @@ -2676,10 +2686,6 @@ msgstr "avaimen koko on virheellinen, käytetään %u bittiä\n" msgid "%s does not yet work with %s\n" msgstr "%s ja %s eivät vielä toimi yhdessä\n" -#, fuzzy, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "salausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n" - #, fuzzy, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "pakkausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n" @@ -3881,18 +3887,6 @@ msgstr "virhe: sormenjälki on väärä\n" msgid "subkey \"%s\" not found\n" msgstr "avainta \"%s\" ei löydy: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Tiiviste: " - -msgid "Features: " -msgstr "Ominaisuudet: " - -msgid "Keyserver no-modify" -msgstr "" - msgid "Preferred keyserver: " msgstr "" @@ -4732,6 +4726,18 @@ msgstr "Haluatko varmasti luoda? " msgid "never " msgstr "ei koskaan" +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Tiiviste: " + +msgid "Features: " +msgstr "Ominaisuudet: " + +msgid "Keyserver no-modify" +msgstr "" + msgid "Critical signature policy: " msgstr "Kriittinen allekirjoituskäytäntö: " @@ -9261,6 +9267,20 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "valittu tiivistealgoritmi ei kelpaa\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "virheelliset henkilökohtaisen salaimen valinnat\n" + +#, fuzzy +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "salausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "valittu symmetrinen salain %s (%d) ei ole vastaanottajan suosima\n" @@ -10889,9 +10909,6 @@ msgstr "" #~ msgid "delete signatures" #~ msgstr "poista allekirjoitus" -#~ msgid "set preference list" -#~ msgstr "näytä valinnat" - #~ msgid "updated preferences" #~ msgstr "päivitä valinnat" diff --git a/po/fr.po b/po/fr.po index bff201c2a..7581ee8b5 100644 --- a/po/fr.po +++ b/po/fr.po @@ -423,6 +423,11 @@ msgstr "" msgid "enable putty support" msgstr "activer la prise en charge de putty" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "activer la prise en charge de putty" + msgid "Options controlling the security" msgstr "Options contrôlant la sécurité" @@ -1900,8 +1905,9 @@ msgstr "Attention : « %s%s » est une option obsolète — non prise en com msgid "error creating passphrase: %s\n" msgstr "erreur de création de la phrase secrète : %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "impossible d'utiliser un paquet ESK symétrique en mode S2K\n" #, fuzzy, c-format @@ -1979,9 +1985,19 @@ msgstr "supprimer les parties inutilisables de la clef pendant l'exportation" msgid "remove as much as possible from key during export" msgstr "supprimer autant que possible de la clef pendant l'exportation" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "générer un certificat de révocation" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "il est interdit d'exporter les clefs secrètes\n" + msgid " - skipped" msgstr " — ignoré" @@ -2478,6 +2494,11 @@ msgstr "montrer le nom du porte-clefs en affichant les clefs" msgid "show expiration dates during signature listings" msgstr "montrer les dates d'expiration en affichant les signatures" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "afficher les préférences (expert)" + #, fuzzy, c-format #| msgid "unknown option '%s'\n" msgid "unknown TOFU policy '%s'\n" @@ -2640,11 +2661,6 @@ msgstr "ne sera pas exécuté avec une mémoire non sécurisée à cause de %s\n msgid "selected cipher algorithm is invalid\n" msgstr "l'algorithme de chiffrement sélectionné est incorrect\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "la fonction de hachage sélectionnée est incorrecte\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "l'algorithme de compression sélectionné est incorrect\n" @@ -2689,11 +2705,6 @@ msgstr "préférences par défaut incorrectes\n" msgid "invalid personal cipher preferences\n" msgstr "préférences personnelles de chiffrement incorrectes\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "préférences personnelles de chiffrement incorrectes\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "préférences personnelles de hachage incorrectes\n" @@ -2711,11 +2722,6 @@ msgstr "taille incorrecte ; utilisation de %u bits\n" msgid "%s does not yet work with %s\n" msgstr "%s ne fonctionne pas encore avec %s\n" -#, fuzzy, c-format -#| msgid "you may not use cipher algorithm '%s' while in %s mode\n" -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "impossible d'utiliser l'algorithme de chiffrement « %s » en mode %s.\n" - #, fuzzy, c-format #| msgid "you may not use compression algorithm '%s' while in %s mode\n" msgid "compression algorithm '%s' may not be used in %s mode\n" @@ -3886,18 +3892,6 @@ msgstr "« %s » n’est pas une empreinte\n" msgid "subkey \"%s\" not found\n" msgstr "clef « %s » introuvable : %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Hachage : " - -msgid "Features: " -msgstr "Fonctionnalités : " - -msgid "Keyserver no-modify" -msgstr "Serveur de clefs sans modification" - msgid "Preferred keyserver: " msgstr "Serveur de clefs favori : " @@ -4748,6 +4742,18 @@ msgstr "Faut-il vraiment la créer ? (o/N) " msgid "never " msgstr "jamais " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Hachage : " + +msgid "Features: " +msgstr "Fonctionnalités : " + +msgid "Keyserver no-modify" +msgstr "Serveur de clefs sans modification" + msgid "Critical signature policy: " msgstr "Politique de signature critique : " @@ -9465,6 +9471,22 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "la fonction de hachage sélectionnée est incorrecte\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "préférences personnelles de chiffrement incorrectes\n" + +#, fuzzy +#~| msgid "you may not use cipher algorithm '%s' while in %s mode\n" +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "" +#~ "impossible d'utiliser l'algorithme de chiffrement « %s » en mode %s.\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "forcer le chiffrement symétrique %s (%d) est en désaccord\n" diff --git a/po/gl.po b/po/gl.po index d1b3decce..c913afad8 100644 --- a/po/gl.po +++ b/po/gl.po @@ -402,6 +402,11 @@ msgstr "" msgid "enable putty support" msgstr "non está soportado" +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "non está soportado" + msgid "Options controlling the security" msgstr "" @@ -1860,8 +1865,9 @@ msgstr "AVISO: \"%s\" é unha opción a extinguir\n" msgid "error creating passphrase: %s\n" msgstr "erro ao crea-lo contrasinal: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "non se pode empregar un paquete simétrico ESK debido ao modo S2K\n" #, fuzzy, c-format @@ -1943,9 +1949,18 @@ msgstr "chave secreta non utilizable" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "xerar un certificado de revocación" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +msgid "export secret keys using the GnuPG format" +msgstr "gravando a chave secreta en `%s'\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2434,6 +2449,11 @@ msgstr "amosar en que chaveiro está unha chave listada" msgid "show expiration dates during signature listings" msgstr "Non hai unha sinatura correspondiente no chaveiro secreto\n" +#, fuzzy +#| msgid "set preference list" +msgid "show preferences" +msgstr "estabrece-la lista de preferencias" + #, fuzzy, c-format msgid "unknown TOFU policy '%s'\n" msgstr "destinatario por defecto `%s' descoñecido\n" @@ -2594,11 +2614,6 @@ msgstr "gravando a chave secreta en `%s'\n" msgid "selected cipher algorithm is invalid\n" msgstr "o algoritmo de cifrado seleccionado non é válido\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "o algoritmo de resumo seleccionado non é válido\n" - #, fuzzy, c-format msgid "selected compression algorithm is invalid\n" msgstr "o algoritmo de cifrado seleccionado non é válido\n" @@ -2644,11 +2659,6 @@ msgstr "preferencias por defecto non válidas\n" msgid "invalid personal cipher preferences\n" msgstr "preferencias de cifrado personais non válidas\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "preferencias de cifrado personais non válidas\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "preferencias de resumo personais non válidas\n" @@ -2666,10 +2676,6 @@ msgstr "tamaño de chave non válido; empregando %u bits\n" msgid "%s does not yet work with %s\n" msgstr "¡%s aínda non traballa con %s!\n" -#, fuzzy, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "non se pode empregar o algoritmo de cifrado \"%s\" no modo %s\n" - #, fuzzy, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "non se pode empregar o algoritmo de compresión \"%s\" no modo %s\n" @@ -3881,18 +3887,6 @@ msgstr "erro: pegada dactilar non válida\n" msgid "subkey \"%s\" not found\n" msgstr "non se atopou a chave `%s': %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Resumo: " - -msgid "Features: " -msgstr "Características: " - -msgid "Keyserver no-modify" -msgstr "" - msgid "Preferred keyserver: " msgstr "" @@ -4742,6 +4736,18 @@ msgstr "¿Crear realmente? " msgid "never " msgstr "nunca " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Resumo: " + +msgid "Features: " +msgstr "Características: " + +msgid "Keyserver no-modify" +msgstr "" + msgid "Critical signature policy: " msgstr "Normativa de sinaturas críticas: " @@ -9273,6 +9279,20 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "o algoritmo de resumo seleccionado non é válido\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "preferencias de cifrado personais non válidas\n" + +#, fuzzy +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "non se pode empregar o algoritmo de cifrado \"%s\" no modo %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "forza-la cifra simétrica %s (%d) viola as preferencias do destinatario\n" @@ -10911,9 +10931,6 @@ msgstr "" #~ msgid "delete signatures" #~ msgstr "borrar sinaturas" -#~ msgid "set preference list" -#~ msgstr "estabrece-la lista de preferencias" - #~ msgid "updated preferences" #~ msgstr "preferencias actualizadas" diff --git a/po/hu.po b/po/hu.po index c6fbbf11e..7918a3785 100644 --- a/po/hu.po +++ b/po/hu.po @@ -399,6 +399,11 @@ msgstr "" msgid "enable putty support" msgstr "nem támogatott" +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "nem támogatott" + msgid "Options controlling the security" msgstr "" @@ -1850,8 +1855,9 @@ msgstr "FIGYELEM: \"%s\" elavult opció!\n" msgid "error creating passphrase: %s\n" msgstr "Hiba a jelszó létrehozásakor: %s.\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "Nem tudok szimmetrikus ESK csomagot használni a S2K mód miatt!\n" #, fuzzy, c-format @@ -1934,9 +1940,18 @@ msgstr "használhatatlan titkos kulcs" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "visszavonási igazolás készítése" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +msgid "export secret keys using the GnuPG format" +msgstr "Írom a titkos kulcsot a %s állományba.\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2426,6 +2441,11 @@ msgstr "mutatja a kilistázott kulcs kulcskarikáját is" msgid "show expiration dates during signature listings" msgstr "Nincs megfelelő aláírás a titkoskulcs-karikán.\n" +#, fuzzy +#| msgid "set preference list" +msgid "show preferences" +msgstr "preferencialista beállítása" + #, fuzzy, c-format msgid "unknown TOFU policy '%s'\n" msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n" @@ -2586,11 +2606,6 @@ msgstr "Írom a titkos kulcsot a %s állományba.\n" msgid "selected cipher algorithm is invalid\n" msgstr "A kiválasztott rejtjelező algoritmus érvénytelen!\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "A kiválasztott kivonatoló algoritmus érvénytelen!\n" - #, fuzzy, c-format msgid "selected compression algorithm is invalid\n" msgstr "A kiválasztott rejtjelező algoritmus érvénytelen!\n" @@ -2636,11 +2651,6 @@ msgstr "Érvénytelen alapértelmezett preferenciák!\n" msgid "invalid personal cipher preferences\n" msgstr "Érvénytelen személyes rejtjelező-preferenciák!\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "Érvénytelen személyes rejtjelező-preferenciák!\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "Érvénytelen személyes kivonatolópreferenciák!\n" @@ -2658,11 +2668,6 @@ msgstr "Kulcsméret érvénytelen; %u bitet használok.\n" msgid "%s does not yet work with %s\n" msgstr "%s és %s egyelőre nem használható együtt!\n" -#, fuzzy, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "" -"Lehet, hogy nem használhatja \"%s\" rejtjelező algoritmust %s módban!\n" - #, fuzzy, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "Lehet, hogy nem használhatja \"%s\" tömörítő algoritmust %s módban!\n" @@ -3859,18 +3864,6 @@ msgstr "Hiba: Érvénytelen ujjlenyomat.\n" msgid "subkey \"%s\" not found\n" msgstr "\"%s\" kulcs nem található: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Kivonat: " - -msgid "Features: " -msgstr "Jellemzők: " - -msgid "Keyserver no-modify" -msgstr "" - msgid "Preferred keyserver: " msgstr "" @@ -4707,6 +4700,18 @@ msgstr "Valóban létrehozzam? " msgid "never " msgstr "soha " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Kivonat: " + +msgid "Features: " +msgstr "Jellemzők: " + +msgid "Keyserver no-modify" +msgstr "" + msgid "Critical signature policy: " msgstr "Kritikus aláírási eljárásmód: " @@ -9221,6 +9226,21 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "A kiválasztott kivonatoló algoritmus érvénytelen!\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "Érvénytelen személyes rejtjelező-preferenciák!\n" + +#, fuzzy +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "" +#~ "Lehet, hogy nem használhatja \"%s\" rejtjelező algoritmust %s módban!\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "A %s (%d) rejtjelező használata sérti a címzett preferenciáit!\n" @@ -10843,9 +10863,6 @@ msgstr "" #~ msgid "delete signatures" #~ msgstr "aláírások törlése" -#~ msgid "set preference list" -#~ msgstr "preferencialista beállítása" - #~ msgid "updated preferences" #~ msgstr "preferenciák frissítése" diff --git a/po/id.po b/po/id.po index 3ff28dfae..6285ddeb8 100644 --- a/po/id.po +++ b/po/id.po @@ -404,6 +404,11 @@ msgstr "" msgid "enable putty support" msgstr "tidak didukung" +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "tidak didukung" + msgid "Options controlling the security" msgstr "" @@ -1856,8 +1861,9 @@ msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n" msgid "error creating passphrase: %s\n" msgstr "kesalahan penciptaan passphrase: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "tidak dapat menggunakan paket simetri ESK karena mode S2K\n" #, fuzzy, c-format @@ -1940,9 +1946,18 @@ msgstr "kunci rahasia tidak dapat dipakai" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "buat sertifikat revokasi" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +msgid "export secret keys using the GnuPG format" +msgstr "menulis kunci rahasia ke `%s'\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2430,6 +2445,11 @@ msgstr "tampilkan keyring tempat kunci yang dipilih berada" msgid "show expiration dates during signature listings" msgstr "Tidak ada signature koresponden di ring rahasia\n" +#, fuzzy +#| msgid "set preference list" +msgid "show preferences" +msgstr "set daftar preferensi" + #, fuzzy, c-format msgid "unknown TOFU policy '%s'\n" msgstr "penerima baku tidak dikenal `%s'\n" @@ -2590,11 +2610,6 @@ msgstr "menulis kunci rahasia ke `%s'\n" msgid "selected cipher algorithm is invalid\n" msgstr "algoritma cipher yang dipilih tidak valid\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "algoritma digest yang dipilih tidak valid\n" - #, fuzzy, c-format msgid "selected compression algorithm is invalid\n" msgstr "algoritma cipher yang dipilih tidak valid\n" @@ -2640,11 +2655,6 @@ msgstr "preferensi baku tidak valid\n" msgid "invalid personal cipher preferences\n" msgstr "preferensi cipher personal tidak valid\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "preferensi cipher personal tidak valid\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "preferensi digest personal tidak valid\n" @@ -2662,11 +2672,6 @@ msgstr "keysize tidak valid; menggunakan %u bit\n" msgid "%s does not yet work with %s\n" msgstr "%s belum dapat dipakai dengan %s\n" -#, fuzzy, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "" -"anda tidak boleh menggunakan algoritma cipher \"%s\" saat dalam mode %s.\n" - #, fuzzy, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "" @@ -3865,18 +3870,6 @@ msgstr "kesalahan: fingerprint tidak valid\n" msgid "subkey \"%s\" not found\n" msgstr "kunci '%s' tidak ditemukan: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Digest: " - -msgid "Features: " -msgstr "Fitur: " - -msgid "Keyserver no-modify" -msgstr "" - msgid "Preferred keyserver: " msgstr "" @@ -4717,6 +4710,18 @@ msgstr "Ingin diciptakan? " msgid "never " msgstr "tidak pernah..." +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Digest: " + +msgid "Features: " +msgstr "Fitur: " + +msgid "Keyserver no-modify" +msgstr "" + msgid "Critical signature policy: " msgstr "Kebijakan signature kritis: " @@ -9220,6 +9225,21 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "algoritma digest yang dipilih tidak valid\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "preferensi cipher personal tidak valid\n" + +#, fuzzy +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "" +#~ "anda tidak boleh menggunakan algoritma cipher \"%s\" saat dalam mode %s.\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "memaksa cipher simetrik %s (%d) melanggar preferensi penerima\n" @@ -10846,9 +10866,6 @@ msgstr "" #~ msgid "delete signatures" #~ msgstr "hapus signature" -#~ msgid "set preference list" -#~ msgstr "set daftar preferensi" - #~ msgid "updated preferences" #~ msgstr "perbarui preferensi" diff --git a/po/it.po b/po/it.po index e9b974a3a..3014cf11b 100644 --- a/po/it.po +++ b/po/it.po @@ -389,6 +389,11 @@ msgstr "|ALGO|usa ALGO per mostrare le impronte digitali ssh" msgid "enable putty support" msgstr "abilitare il supporto putty" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "abilitare il supporto putty" + msgid "Options controlling the security" msgstr "Opzioni che controllano la sicurezza" @@ -1797,8 +1802,9 @@ msgstr "AVVISO: la chiave %s non è adatta per la crittografia in modalità %s\n msgid "error creating passphrase: %s\n" msgstr "errore nella creazione della passhprase: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "" "impossibile usare un pacchetto ESK simmetrico a causa della modalità S2K\n" @@ -1873,9 +1879,19 @@ msgstr "rimuovere parti inutilizzabili dalla chiave durante l'esportazione" msgid "remove as much as possible from key during export" msgstr "rimuovere il più possibile dalla chiave durante l'esportazione" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "genera un certificato di revoca" + msgid "use the GnuPG key backup format" msgstr "utilizzare il formato di backup della chiave GnuPG" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "esportazione di chiavi segrete non consentita\n" + msgid " - skipped" msgstr " - saltato" @@ -2320,6 +2336,11 @@ msgstr "mostrare il nome del keyring negli elenchi delle chiavi" msgid "show expiration dates during signature listings" msgstr "mostra date di scadenza durante le inserzioni delle firme" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "elenca le preferenze (per esperti)" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "criterio TOFU sconosciuto '%s'\n" @@ -2476,10 +2497,6 @@ msgstr "non verrà eseguito con memoria non protetta a causa di %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "l'algoritmo di cifratura selezionato non è valido\n" -#, c-format -msgid "selected AEAD algorithm is invalid\n" -msgstr "l'algoritmo AEAD selezionato non è valido\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "algoritmo di compressione selezionato non valido\n" @@ -2524,10 +2541,6 @@ msgstr "preferenze predefinite non valide\n" msgid "invalid personal cipher preferences\n" msgstr "preferenze personali del cifrario non valide\n" -#, c-format -msgid "invalid personal AEAD preferences\n" -msgstr "preferenze AEAD personali non valide\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "preferenze personali del digest non valide\n" @@ -2544,10 +2557,6 @@ msgstr "dimensione del blocco non valida - utilizzando %d\n" msgid "%s does not yet work with %s\n" msgstr "%s non funziona ancora con %s\n" -#, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "L'algoritmo AEAD '%s' non può essere utilizzato %s modalità\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "" @@ -3690,18 +3699,6 @@ msgstr "\"%s\" non è un'impronta digitale corretta\n" msgid "subkey \"%s\" not found\n" msgstr "sottochiave \"%s\" non trovata\n" -msgid "AEAD: " -msgstr "AEAD: " - -msgid "Digest: " -msgstr "Digest: " - -msgid "Features: " -msgstr "Caratteristiche: " - -msgid "Keyserver no-modify" -msgstr "Keyserver no-modify" - msgid "Preferred keyserver: " msgstr "Server delle chiavi preferito: " @@ -4513,6 +4510,18 @@ msgstr "Davvero creare? (y/N) " msgid "never " msgstr "mai " +msgid "AEAD: " +msgstr "AEAD: " + +msgid "Digest: " +msgstr "Digest: " + +msgid "Features: " +msgstr "Caratteristiche: " + +msgid "Keyserver no-modify" +msgstr "Keyserver no-modify" + msgid "Critical signature policy: " msgstr "Politica critica di firma: " @@ -9014,6 +9023,15 @@ msgstr "Comandi di gestione Yubikey" msgid "manage the command history" msgstr "gestire la cronologia dei comandi" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "l'algoritmo AEAD selezionato non è valido\n" + +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "preferenze AEAD personali non valide\n" + +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "L'algoritmo AEAD '%s' non può essere utilizzato %s modalità\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "forzare il cifrario simmetrico %s (%d) viola le preferenze\n" diff --git a/po/ja.po b/po/ja.po index 140004b91..92902efe5 100644 --- a/po/ja.po +++ b/po/ja.po @@ -386,6 +386,11 @@ msgstr "|ALGO|ssh署名の表示にALGOを使う" msgid "enable putty support" msgstr "puttyサポートを有功にする" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "puttyサポートを有功にする" + msgid "Options controlling the security" msgstr "セキュリティを制御するオプション" @@ -1763,8 +1768,9 @@ msgstr "*警告*: 鍵%sは、%sモードでは、暗号化に適しません\n" msgid "error creating passphrase: %s\n" msgstr "パスフレーズの作成エラー: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "S2Kモードのため、共通鍵ESKパケットを使えません\n" #, c-format @@ -1834,9 +1840,19 @@ msgstr "エクスポートの際、利用できない部分を除去する" msgid "remove as much as possible from key during export" msgstr "エクスポートの際、できるだけ除去する" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "失効証明書を生成" + msgid "use the GnuPG key backup format" msgstr "GnuPGの鍵のバックアップフォーマットを使います" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "秘密鍵のエクスポートは認められません\n" + msgid " - skipped" msgstr " - スキップされました" @@ -2267,6 +2283,11 @@ msgstr "鍵の一覧に鍵リングの名前を表示する" msgid "show expiration dates during signature listings" msgstr "署名の一覧時に有効期限の日付を表示する" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "優先指定の一覧 (エキスパート)" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "不明のTOFUポリシー'%s'\n" @@ -2422,10 +2443,6 @@ msgstr "%s のため、セキュアでないメモリで実行しません\n" msgid "selected cipher algorithm is invalid\n" msgstr "選択された暗号アルゴリズムは無効です\n" -#, c-format -msgid "selected AEAD algorithm is invalid\n" -msgstr "選択されたAEADアルゴリズムは無効です\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "選択された圧縮アルゴリズムは無効です\n" @@ -2470,10 +2487,6 @@ msgstr "無効なデフォルトの優先指定\n" msgid "invalid personal cipher preferences\n" msgstr "無効な個人用暗号方式の優先指定\n" -#, c-format -msgid "invalid personal AEAD preferences\n" -msgstr "無効な個人用AEAD方式の優先指定\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "無効な個人用ダイジェストの優先指定\n" @@ -2490,10 +2503,6 @@ msgstr "無効なチャンク長 - %dビットにします\n" msgid "%s does not yet work with %s\n" msgstr "%sは%sではまだ機能しません\n" -#, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "AEADアルゴリズム'%s'を%sモードで使うことはできません\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "圧縮アルゴリズム'%s'を%sモードで使うことはできません\n" @@ -3595,18 +3604,6 @@ msgstr "\"%s\"は正しいフィンガープリントではありません\n" msgid "subkey \"%s\" not found\n" msgstr "副鍵\"%s\"が見つかりません\n" -msgid "AEAD: " -msgstr "AEAD: " - -msgid "Digest: " -msgstr "ダイジェスト: " - -msgid "Features: " -msgstr "機能: " - -msgid "Keyserver no-modify" -msgstr "鍵サーバ 修正しない" - msgid "Preferred keyserver: " msgstr "優先鍵サーバ: " @@ -4392,6 +4389,18 @@ msgstr "本当に作成しますか? (y/N) " msgid "never " msgstr "無期限 " +msgid "AEAD: " +msgstr "AEAD: " + +msgid "Digest: " +msgstr "ダイジェスト: " + +msgid "Features: " +msgstr "機能: " + +msgid "Keyserver no-modify" +msgstr "鍵サーバ 修正しない" + msgid "Critical signature policy: " msgstr "クリティカルな署名ポリシー: " @@ -8696,6 +8705,15 @@ msgstr "Yubikey管理コマンド" msgid "manage the command history" msgstr "コマンド履歴を管理する" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "選択されたAEADアルゴリズムは無効です\n" + +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "無効な個人用AEAD方式の優先指定\n" + +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "AEADアルゴリズム'%s'を%sモードで使うことはできません\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "共通鍵暗号方式 %s (%d) の強制が、受取人の優先指定をそむきます\n" diff --git a/po/nb.po b/po/nb.po index 3d54d7e28..6498e3651 100644 --- a/po/nb.po +++ b/po/nb.po @@ -402,6 +402,11 @@ msgstr "|ALGO|bruk valgt ALGOritme til å vise ssh-fingeravtrykk" msgid "enable putty support" msgstr "slå på støtte for putty" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "slå på støtte for putty" + msgid "Options controlling the security" msgstr "Sikkerhetsvalg" @@ -1827,8 +1832,9 @@ msgstr "ADVARSEL: nøkkel %s egner seg ikke for kryptering i %s-modus\n" msgid "error creating passphrase: %s\n" msgstr "feil under opprettelse av passordfrase: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "klarte ikke å bruke symmetrisk ESK-pakke på grunn av S2K-modus\n" #, fuzzy, c-format @@ -1904,9 +1910,19 @@ msgstr "fjern ubrukelige deler fra nøkkelen under eksportering" msgid "remove as much as possible from key during export" msgstr "fjern så mye som mulig fra nøkkelen under eksportering" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "lag opphevelsessertifikat" + msgid "use the GnuPG key backup format" msgstr "bruk GnuPG-format til sikkerhetskopiering av nøkkel" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "eksportering av hemmelige nøkler er ikke tillatt\n" + msgid " - skipped" msgstr ". Hoppet over" @@ -2351,6 +2367,11 @@ msgstr "vis nøkkelknippe-navn i nøkkelvisning" msgid "show expiration dates during signature listings" msgstr "vis utløpsdatoer i nøkkelvisning" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "vis innstillinger (avansert)" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "«%s» er et ukjent TOFU-regelverk\n" @@ -2507,11 +2528,6 @@ msgstr "lar være å kjøre med usikret minne på grunn av %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "valgt krypteringsalgoritme er ugyldig\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "valg kontrollsum-algoritme er ugyldig\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "valgt komprimeringsalgoritme er ugyldig\n" @@ -2556,11 +2572,6 @@ msgstr "ugyldig standardoppsett\n" msgid "invalid personal cipher preferences\n" msgstr "ugyldig personlig oppsett av krypteringsmetode\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "ugyldig personlig oppsett av krypteringsmetode\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "ugyldig personlig oppsett av kontrollsummetode\n" @@ -2578,11 +2589,6 @@ msgstr "ugyldig nøkkelstørrelse. Bruker %u bit\n" msgid "%s does not yet work with %s\n" msgstr "%s virker ikke enda med %s\n" -#, fuzzy, c-format -#| msgid "cipher algorithm '%s' may not be used in %s mode\n" -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "du kan ikke bruke algoritme «%s» i %s-modus\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "du kan ikke bruke komprimeringsalgoritme «%s» i %s-modus\n" @@ -3721,18 +3727,6 @@ msgstr "«%s» er et ugyldig fingeravtrykk\n" msgid "subkey \"%s\" not found\n" msgstr "fant ikke undernøkkel «%s»\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Kontrollsum: " - -msgid "Features: " -msgstr "Funksjoner: " - -msgid "Keyserver no-modify" -msgstr "Nøkkeltjener no-modify" - msgid "Preferred keyserver: " msgstr "Foretrukket nøkkeltjener: " @@ -4556,6 +4550,18 @@ msgstr "Er du sikker på at du vil fortsette? (j/N) " msgid "never " msgstr "aldri " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Kontrollsum: " + +msgid "Features: " +msgstr "Funksjoner: " + +msgid "Keyserver no-modify" +msgstr "Nøkkeltjener no-modify" + msgid "Critical signature policy: " msgstr "Regler for kritisk signatur: " @@ -8997,6 +9003,21 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "valg kontrollsum-algoritme er ugyldig\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "ugyldig personlig oppsett av krypteringsmetode\n" + +#, fuzzy +#~| msgid "cipher algorithm '%s' may not be used in %s mode\n" +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "du kan ikke bruke algoritme «%s» i %s-modus\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "tvungen bruk av krypt.metode %s (%d) bryter med mottakers oppsett\n" diff --git a/po/pl.po b/po/pl.po index 509a9076f..c32665ae4 100644 --- a/po/pl.po +++ b/po/pl.po @@ -396,6 +396,11 @@ msgstr "|ALGO|użycie ALGO do wyświetlania odcisków ssh" msgid "enable putty support" msgstr "włączenie obsługi putty" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "włączenie obsługi putty" + msgid "Options controlling the security" msgstr "Opcje sterujące bezpieczeństwem" @@ -1799,8 +1804,9 @@ msgstr "OSTRZEŻENIE: klucz %s nie nadaje się do szyfrowania w trybie %s\n" msgid "error creating passphrase: %s\n" msgstr "błąd podczas tworzenia hasła: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "" "ustawiony tryb S2K nie pozwala użyć pakietu ESK dla szyfru symetrycznego\n" @@ -1876,9 +1882,19 @@ msgstr "usunięcie bezużytecznych części z klucza przy eksporcie" msgid "remove as much as possible from key during export" msgstr "usunięcie jak największej części klucza przy eksporcie" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "tworzenie certyfikatu unieważnienia klucza" + msgid "use the GnuPG key backup format" msgstr "użycie formatu kopii zapasowej klucza GnuPG" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "eksport kluczy tajnych nie jest dozwolony\n" + msgid " - skipped" msgstr " - pominięty" @@ -2342,6 +2358,11 @@ msgstr "pokazywanie nazwy zbioru kluczy na listach kluczy" msgid "show expiration dates during signature listings" msgstr "pokazywanie dat wygaśnięcia przy wypisywaniu podpisów" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "ustawienia (zaawansowane)" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "nieznana polityka TOFU ,,%s''\n" @@ -2500,11 +2521,6 @@ msgstr "nie zadziała z niebezpieczną pamięcią z powodu %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "wybrany algorytm szyfrujący jest niepoprawny\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "wybrany algorytm skrótów wiadomości jest niepoprawny\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "wybrany algorytm kompresji jest niepoprawny\n" @@ -2551,11 +2567,6 @@ msgstr "niewłaściwe domyślne ustawienia\n" msgid "invalid personal cipher preferences\n" msgstr "niewłaściwe ustawienia szyfrów\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "niewłaściwe ustawienia szyfrów\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "niewłaściwe ustawienia skrótów\n" @@ -2573,11 +2584,6 @@ msgstr "niewłaściwa długość klucza; wykorzystano %u bitów\n" msgid "%s does not yet work with %s\n" msgstr "%s jeszcze nie działa z %s!\n" -#, fuzzy, c-format -#| msgid "cipher algorithm '%s' may not be used in %s mode\n" -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "szyfr ,,%s'' nie może być używany w trybie %s\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "algorytm kompresji ,,%s'' nie może być używany w trybie %s\n" @@ -3731,18 +3737,6 @@ msgstr ",,%s'' nie jest właściwym odciskiem\n" msgid "subkey \"%s\" not found\n" msgstr "podklucz ,,%s'' nie został odnaleziony\n" -msgid "AEAD: " -msgstr "AEAD: " - -msgid "Digest: " -msgstr "Skrót: " - -msgid "Features: " -msgstr "Ustawienia: " - -msgid "Keyserver no-modify" -msgstr "no-modify dla serwera kluczy" - msgid "Preferred keyserver: " msgstr "Preferowany serwer kluczy: " @@ -4575,6 +4569,18 @@ msgstr "Czy na pewno utworzyć? (t/N) " msgid "never " msgstr "nigdy " +msgid "AEAD: " +msgstr "AEAD: " + +msgid "Digest: " +msgstr "Skrót: " + +msgid "Features: " +msgstr "Ustawienia: " + +msgid "Keyserver no-modify" +msgstr "no-modify dla serwera kluczy" + msgid "Critical signature policy: " msgstr "Krytyczny regulamin podpisu: " @@ -9112,6 +9118,21 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "wybrany algorytm skrótów wiadomości jest niepoprawny\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "niewłaściwe ustawienia szyfrów\n" + +#, fuzzy +#~| msgid "cipher algorithm '%s' may not be used in %s mode\n" +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "szyfr ,,%s'' nie może być używany w trybie %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "wymuszone użycie szyfru %s (%d) kłóci się z ustawieniami adresata\n" diff --git a/po/pt.po b/po/pt.po index 2e6db3ad6..2f754d976 100644 --- a/po/pt.po +++ b/po/pt.po @@ -404,6 +404,11 @@ msgstr "" msgid "enable putty support" msgstr "não suportado" +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "não suportado" + msgid "Options controlling the security" msgstr "" @@ -1854,8 +1859,9 @@ msgstr "AVISO: \"%s\" é uma opção depreciada\n" msgid "error creating passphrase: %s\n" msgstr "erro na criação da frase secreta: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "não é possível utilizar o pacote ESK simétrico devido ao modo S2K\n" #, fuzzy, c-format @@ -1937,9 +1943,18 @@ msgstr "chave secreta não utilizável" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "gerar um certificado de revogação" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +msgid "export secret keys using the GnuPG format" +msgstr "a escrever chave privada para `%s'\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2431,6 +2446,11 @@ msgstr "mostrar em que porta-chave a chave está" msgid "show expiration dates during signature listings" msgstr "Nenhuma assinatura correspondente no porta-chaves secreto\n" +#, fuzzy +#| msgid "set preference list" +msgid "show preferences" +msgstr "configurar lista de preferências" + #, fuzzy, c-format msgid "unknown TOFU policy '%s'\n" msgstr "destinatário por omissão desconhecido `%s'\n" @@ -2591,11 +2611,6 @@ msgstr "a escrever chave privada para `%s'\n" msgid "selected cipher algorithm is invalid\n" msgstr "o algoritmo de cifragem selecionado é inválido\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "o algoritmo de \"digest\" selecionado é inválido\n" - #, fuzzy, c-format msgid "selected compression algorithm is invalid\n" msgstr "o algoritmo de cifragem selecionado é inválido\n" @@ -2641,11 +2656,6 @@ msgstr "preferências por omissão inválidas\n" msgid "invalid personal cipher preferences\n" msgstr "preferências pessoais de cifra inválidas\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "preferências pessoais de cifra inválidas\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "preferências pessoais de 'digest' inválidas\n" @@ -2663,10 +2673,6 @@ msgstr "tamanho de chave inválido; a utilizar %u bits\n" msgid "%s does not yet work with %s\n" msgstr "%s não faz sentido com %s!\n" -#, fuzzy, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "não pode utilizar %s enquanto estiver no modo %s\n" - #, fuzzy, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "não pode utilizar %s enquanto estiver no modo %s\n" @@ -3870,18 +3876,6 @@ msgstr "%s: versão de ficheiro inválida %d\n" msgid "subkey \"%s\" not found\n" msgstr "chave `%s' não encontrada: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "'Digest': " - -msgid "Features: " -msgstr "Características: " - -msgid "Keyserver no-modify" -msgstr "" - msgid "Preferred keyserver: " msgstr "" @@ -4721,6 +4715,18 @@ msgstr "Realmente criar? " msgid "never " msgstr "" +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "'Digest': " + +msgid "Features: " +msgstr "Características: " + +msgid "Keyserver no-modify" +msgstr "" + msgid "Critical signature policy: " msgstr "Politica de assinatura crítica: " @@ -9214,6 +9220,20 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "o algoritmo de \"digest\" selecionado é inválido\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "preferências pessoais de cifra inválidas\n" + +#, fuzzy +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "não pode utilizar %s enquanto estiver no modo %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "ao forçar a cifra simétrica %s (%d) viola as preferências do " @@ -10794,9 +10814,6 @@ msgstr "" #~ msgid "delete signatures" #~ msgstr "remove assinaturas" -#~ msgid "set preference list" -#~ msgstr "configurar lista de preferências" - #~ msgid "updated preferences" #~ msgstr "preferências actualizadas" diff --git a/po/ro.po b/po/ro.po index f3071d966..d0d4c32ce 100644 --- a/po/ro.po +++ b/po/ro.po @@ -409,6 +409,11 @@ msgstr "" msgid "enable putty support" msgstr "nu este suportat(ă)" +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "nu este suportat(ă)" + msgid "Options controlling the security" msgstr "" @@ -1878,8 +1883,9 @@ msgstr "AVERTISMENT: \"%s\" este o opţiune învechită\n" msgid "error creating passphrase: %s\n" msgstr "eroare la crearea frazei-parolă: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "nu pot crea un pachet ESK simetric datorită modului S2K\n" #, fuzzy, c-format @@ -1962,9 +1968,19 @@ msgstr "cheie secretă de nefolosit" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "generează un certificat de revocare" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "exportul cheilor secrete nu este permis\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2484,6 +2500,11 @@ msgstr "arată căruia dintre inelele de chei îi aparţine o cheie enumerată" msgid "show expiration dates during signature listings" msgstr "Nici o semnătură corespunzătoare în inelul secret\n" +#, fuzzy +#| msgid "showpref" +msgid "show preferences" +msgstr "showpref" + #, fuzzy, c-format #| msgid "unknown option `%s'\n" msgid "unknown TOFU policy '%s'\n" @@ -2649,11 +2670,6 @@ msgstr "nu va rula cu memorie neprotejată (insecure) pentru că %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "algoritm cifrare selectat este invalid\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "algoritm rezumat selectat este invalid\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "algoritm compresie selectat este invalid\n" @@ -2699,11 +2715,6 @@ msgstr "preferinţe implicite invalide\n" msgid "invalid personal cipher preferences\n" msgstr "preferinţe cifrare personale invalide\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "preferinţe cifrare personale invalide\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "preferinţe rezumat personale invalide\n" @@ -2721,11 +2732,6 @@ msgstr "lungime cheie invalidă; folosesc %u biţi\n" msgid "%s does not yet work with %s\n" msgstr "%s nu merge încă cu %s!\n" -#, fuzzy, c-format -#| msgid "you may not use cipher algorithm `%s' while in %s mode\n" -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "nu puteţi folosi algoritmul de cifrare `%s' câtă vreme în modul %s\n" - #, fuzzy, c-format #| msgid "you may not use compression algorithm `%s' while in %s mode\n" msgid "compression algorithm '%s' may not be used in %s mode\n" @@ -3917,18 +3923,6 @@ msgstr "amprentă invalidă" msgid "subkey \"%s\" not found\n" msgstr "cheia \"%s\" nu a fost găsită: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Rezumat: " - -msgid "Features: " -msgstr "Capabilităţi: " - -msgid "Keyserver no-modify" -msgstr "Server de chei no-modify" - msgid "Preferred keyserver: " msgstr "Server de chei preferat: " @@ -4777,6 +4771,18 @@ msgstr "Creaţi într-adevăr? (d/N) " msgid "never " msgstr "niciodată " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Rezumat: " + +msgid "Features: " +msgstr "Capabilităţi: " + +msgid "Keyserver no-modify" +msgstr "Server de chei no-modify" + msgid "Critical signature policy: " msgstr "Politică de semnături critică: " @@ -9363,6 +9369,22 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "algoritm rezumat selectat este invalid\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "preferinţe cifrare personale invalide\n" + +#, fuzzy +#~| msgid "you may not use cipher algorithm `%s' while in %s mode\n" +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "" +#~ "nu puteţi folosi algoritmul de cifrare `%s' câtă vreme în modul %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "forţând cifrul simetric %s (%d) violaţi preferinţele destinatarului\n" @@ -11320,9 +11342,6 @@ msgstr "" #~ msgid "pref" #~ msgstr "pref" -#~ msgid "showpref" -#~ msgstr "showpref" - #~ msgid "setpref" #~ msgstr "setpref" diff --git a/po/ru.po b/po/ru.po index 804a0ea6f..0c0807ff0 100644 --- a/po/ru.po +++ b/po/ru.po @@ -406,6 +406,11 @@ msgstr "|ALGO|использовать для отображения отпеч msgid "enable putty support" msgstr "включить поддержку putty" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "включить поддержку putty" + msgid "Options controlling the security" msgstr "Параметры, управляющие безопасностью" @@ -1812,8 +1817,9 @@ msgstr "Внимание: ключ %s не подходит для шифров msgid "error creating passphrase: %s\n" msgstr "ошибка при создании фразы-пароля: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "не могу использовать симметричный пакет ESK из-за режима S2K\n" #, fuzzy, c-format @@ -1888,9 +1894,19 @@ msgstr "удалить при экспорте непригодные части msgid "remove as much as possible from key during export" msgstr "при экспорте удалить из ключа как можно больше" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "создать сертификат отзыва" + msgid "use the GnuPG key backup format" msgstr "пользоваться архивным форматом ключей GnuPG" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "экспорт секретных ключей не разрешен\n" + msgid " - skipped" msgstr " - пропущено" @@ -2349,6 +2365,11 @@ msgstr "показывать в списке ключей название та msgid "show expiration dates during signature listings" msgstr "показывать в списке подписей сроки действия" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "список предпочтений (экспертам)" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "неизвестные правила TOFU '%s'\n" @@ -2508,11 +2529,6 @@ msgstr "отказываюсь работать с небезопасной па msgid "selected cipher algorithm is invalid\n" msgstr "выбран недопустимый алгоритм шифрования\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "выбрана недопустимая хеш-функция\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "выбран недопустимый алгоритм сжатия\n" @@ -2557,11 +2573,6 @@ msgstr "недопустимые предпочтения по умолчани msgid "invalid personal cipher preferences\n" msgstr "недопустимые личные предпочтения шифра\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "недопустимые личные предпочтения шифра\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "недопустимые личные предпочтения хеш-функции\n" @@ -2579,11 +2590,6 @@ msgstr "неверный размер ключа; использую %u бит\n msgid "%s does not yet work with %s\n" msgstr "%s пока не работает совместно с %s!\n" -#, fuzzy, c-format -#| msgid "cipher algorithm '%s' may not be used in %s mode\n" -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "алгоритм шифрования '%s' нельзя использовать в режиме %s\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "алгоритм сжатия '%s' нельзя использовать в режиме %s\n" @@ -3729,18 +3735,6 @@ msgstr "\"%s\" - не правильный отпечаток\n" msgid "subkey \"%s\" not found\n" msgstr "подключ \"%s\" не найден\n" -msgid "AEAD: " -msgstr "AEAD: " - -msgid "Digest: " -msgstr "Хеш: " - -msgid "Features: " -msgstr "Характеристики: " - -msgid "Keyserver no-modify" -msgstr "Не изменять на сервере" - msgid "Preferred keyserver: " msgstr "Предпочтительный сервер ключей: " @@ -4565,6 +4559,18 @@ msgstr "Действительно создать? (y/N) " msgid "never " msgstr "никогда " +msgid "AEAD: " +msgstr "AEAD: " + +msgid "Digest: " +msgstr "Хеш: " + +msgid "Features: " +msgstr "Характеристики: " + +msgid "Keyserver no-modify" +msgstr "Не изменять на сервере" + msgid "Critical signature policy: " msgstr "Критические правила подписи: " @@ -9095,6 +9101,21 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "выбрана недопустимая хеш-функция\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "недопустимые личные предпочтения шифра\n" + +#, fuzzy +#~| msgid "cipher algorithm '%s' may not be used in %s mode\n" +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "алгоритм шифрования '%s' нельзя использовать в режиме %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "принудительное использование симметричного шифра %s (%d) нарушает " diff --git a/po/sk.po b/po/sk.po index 7ca5b6894..4b695b888 100644 --- a/po/sk.po +++ b/po/sk.po @@ -402,6 +402,11 @@ msgstr "" msgid "enable putty support" msgstr "nepodporované" +#, fuzzy +#| msgid "not supported" +msgid "enable Win32-OpenSSH support" +msgstr "nepodporované" + msgid "Options controlling the security" msgstr "" @@ -1856,8 +1861,9 @@ msgstr "VAROVÁNÍ: použitie parametra \"%s\" sa neodporúča\n" msgid "error creating passphrase: %s\n" msgstr "chyba pri vytváraní hesla: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "v móde S2K nemožno použiť symetrický ESK paket\n" #, fuzzy, c-format @@ -1942,9 +1948,18 @@ msgstr "nepoužiteľný tajný kľúč" msgid "remove as much as possible from key during export" msgstr "" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "vytvoriť revokačný certifikát" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +msgid "export secret keys using the GnuPG format" +msgstr "zapisujem tajný kľúč do `%s'\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2442,6 +2457,11 @@ msgstr "ukáž v ktorom súbore kľúčov je vypísaný kľúč" msgid "show expiration dates during signature listings" msgstr "V súbore tajných kľúčov chýba zodpovedajúci podpis\n" +#, fuzzy +#| msgid "set preference list" +msgid "show preferences" +msgstr "nastaviť zoznam predvolieb" + #, fuzzy, c-format msgid "unknown TOFU policy '%s'\n" msgstr "neznámy implicitný adresát `%s'\n" @@ -2602,11 +2622,6 @@ msgstr "zapisujem tajný kľúč do `%s'\n" msgid "selected cipher algorithm is invalid\n" msgstr "vybraný šifrovací algoritmus je neplatný\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "vybraný hashovací algoritmus je neplatný\n" - #, fuzzy, c-format msgid "selected compression algorithm is invalid\n" msgstr "vybraný šifrovací algoritmus je neplatný\n" @@ -2652,11 +2667,6 @@ msgstr "neplatné defaultné predvoľby\n" msgid "invalid personal cipher preferences\n" msgstr "neplatné užívateľské predvoľby pre šifrovanie\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "neplatné užívateľské predvoľby pre šifrovanie\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "neplatné užívateľské predvoľby pre hashovanie\n" @@ -2674,10 +2684,6 @@ msgstr "neplatná dĺžka kľúča; použijem %u bitov\n" msgid "%s does not yet work with %s\n" msgstr "%s ešte nepracuje s %s\n" -#, fuzzy, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "nemôžete použiť šifrovací algoritmus \"%s\" v móde %s\n" - #, fuzzy, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "nemôžete použiť kompresný algoritmus \"%s\" v móde %s\n" @@ -3884,18 +3890,6 @@ msgstr "chyba: neplatný odtlačok\n" msgid "subkey \"%s\" not found\n" msgstr "kľúč `%s' nebol nájdený: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Digest: " - -msgid "Features: " -msgstr "Charakteristiky: " - -msgid "Keyserver no-modify" -msgstr "" - msgid "Preferred keyserver: " msgstr "" @@ -4728,6 +4722,18 @@ msgstr "Skutočne vytvoriť? " msgid "never " msgstr "nikdy " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Digest: " + +msgid "Features: " +msgstr "Charakteristiky: " + +msgid "Keyserver no-modify" +msgstr "" + msgid "Critical signature policy: " msgstr "Kritická podpisová politika: " @@ -9253,6 +9259,20 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "vybraný hashovací algoritmus je neplatný\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "neplatné užívateľské predvoľby pre šifrovanie\n" + +#, fuzzy +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "nemôžete použiť šifrovací algoritmus \"%s\" v móde %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "vyžiadaná symetrická šifra %s (%d) nevyhovuje predvoľbám príjemcu\n" @@ -10871,9 +10891,6 @@ msgstr "" #~ msgid "delete signatures" #~ msgstr "zmazať podpisy" -#~ msgid "set preference list" -#~ msgstr "nastaviť zoznam predvolieb" - #~ msgid "updated preferences" #~ msgstr "aktualizovať predvoľby" diff --git a/po/sv.po b/po/sv.po index d1db7ab78..d096cc878 100644 --- a/po/sv.po +++ b/po/sv.po @@ -463,6 +463,11 @@ msgstr "" msgid "enable putty support" msgstr "" +#, fuzzy +#| msgid "enable ssh-agent emulation" +msgid "enable Win32-OpenSSH support" +msgstr "aktivera ssh-agent-emulering" + msgid "Options controlling the security" msgstr "Flaggor som kontrollerar säkerheten" @@ -1994,8 +1999,9 @@ msgstr "VARNING: \"%s\" är en föråldrad flagga - den har ingen effekt\n" msgid "error creating passphrase: %s\n" msgstr "fel när lösenfras skapades: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "kan inte använda symmetriska ESK-paket pga S2K-läge\n" #, fuzzy, c-format @@ -2078,9 +2084,19 @@ msgstr "ta bort oanvändbara delar från nyckeln under exportering" msgid "remove as much as possible from key during export" msgstr "ta bort så mycket som möjligt från nyckeln under exportering" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "generera ett spärrcertifikat" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "export av hemliga nycklar tillåts inte\n" + #, fuzzy #| msgid "%s: skipped: %s\n" msgid " - skipped" @@ -2599,6 +2615,11 @@ msgstr "visa nyckelringens namn i nyckellistningar" msgid "show expiration dates during signature listings" msgstr "visa utgångsdatum under signaturlistningar" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "lista inställningar (expertläge)" + #, fuzzy, c-format #| msgid "unknown option `%s'\n" msgid "unknown TOFU policy '%s'\n" @@ -2764,11 +2785,6 @@ msgstr "kommer inte att köra med osäkert minne på grund av %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "den valda chifferalgoritmen är ogiltig\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "vald sammandragsalgoritm är ogiltig\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "vald komprimeringsalgoritm är ogiltig\n" @@ -2822,12 +2838,6 @@ msgstr "ogiltiga standardinställningar\n" msgid "invalid personal cipher preferences\n" msgstr "ogiltig inställning av personligt chiffer\n" -# Du kan ange de algoritmer du föredrar i prioritetsordning. Då avgör inte enbart standard (symmetrisk kryptering) eller mottagarens preferenser (kryptering till öppen nyckel). -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "ogiltig inställning av personligt chiffer\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "ogiltig inställning av föredragna kontrollsummealgoritmer\n" @@ -2845,11 +2855,6 @@ msgstr "ogiltig nyckelstorlek; använder %u bitar\n" msgid "%s does not yet work with %s\n" msgstr "%s fungerar ännu inte med %s\n" -#, fuzzy, c-format -#| msgid "you may not use cipher algorithm `%s' while in %s mode\n" -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "du får inte använda chifferalgoritmen \"%s\" när du är i %s-läget\n" - #, fuzzy, c-format #| msgid "you may not use compression algorithm `%s' while in %s mode\n" msgid "compression algorithm '%s' may not be used in %s mode\n" @@ -4062,18 +4067,6 @@ msgstr "ogiltigt fingeravtryck" msgid "subkey \"%s\" not found\n" msgstr "nyckeln \"%s\" hittades inte: %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Sammandrag: " - -msgid "Features: " -msgstr "Funktioner: " - -msgid "Keyserver no-modify" -msgstr "Nyckelserver no-modify" - msgid "Preferred keyserver: " msgstr "Föredragen nyckelserver: " @@ -4939,6 +4932,18 @@ msgstr "Verkligen skapa? (j/N) " msgid "never " msgstr "aldrig" +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Sammandrag: " + +msgid "Features: " +msgstr "Funktioner: " + +msgid "Keyserver no-modify" +msgstr "Nyckelserver no-modify" + msgid "Critical signature policy: " msgstr "Viktig signaturpolicy: " @@ -9804,6 +9809,22 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "vald sammandragsalgoritm är ogiltig\n" + +# Du kan ange de algoritmer du föredrar i prioritetsordning. Då avgör inte enbart standard (symmetrisk kryptering) eller mottagarens preferenser (kryptering till öppen nyckel). +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "ogiltig inställning av personligt chiffer\n" + +#, fuzzy +#~| msgid "you may not use cipher algorithm `%s' while in %s mode\n" +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "du får inte använda chifferalgoritmen \"%s\" när du är i %s-läget\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "tvinga symmetriskt chiffer med %s (%d) strider mot " diff --git a/po/tr.po b/po/tr.po index 1dfa75654..9effccfe8 100644 --- a/po/tr.po +++ b/po/tr.po @@ -388,6 +388,11 @@ msgstr "|ALGO|ssh parmak izlerini göstermek için ALGO kullan" msgid "enable putty support" msgstr "putty desteğini etkinleştir" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "putty desteğini etkinleştir" + msgid "Options controlling the security" msgstr "Güvenliği denetleyen seçenekler" @@ -1778,8 +1783,9 @@ msgstr "UYARI: %s anahtarı, %s kipinde şifreleme için uygun değil\n" msgid "error creating passphrase: %s\n" msgstr "anahtar parolası oluşturulurken hata: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "S2K kipi sayesinde bir simetrik ESK paketi kullanılamıyor\n" #, c-format @@ -1851,9 +1857,19 @@ msgstr "dışa aktarım sırasında anahtardan kullanışsız parçaları kaldı msgid "remove as much as possible from key during export" msgstr "dışa aktarım sırasında anahtardan olabildiğince çok şey kaldır" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "bir yürürlükten kaldırma sertifikası üret" + msgid "use the GnuPG key backup format" msgstr "GnuPG yedekleme biçimini kullan" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "gizli anahtarların dışa aktarımına izin verilmez\n" + msgid " - skipped" msgstr " - atlandı" @@ -2293,6 +2309,11 @@ msgstr "anahtar zinciri adını anahtar listelerinde göster" msgid "show expiration dates during signature listings" msgstr "imza listelemesi sırasında zaman aşımı tarihleri göster" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "tercihleri listele (uzman)" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "bilinmeyen TOFU poliçesi '%s'\n" @@ -2451,10 +2472,6 @@ msgstr "%s olmasından dolayı güvensiz bellekle çalıştırılmayacak\n" msgid "selected cipher algorithm is invalid\n" msgstr "seçilen şifre algoritması geçersiz\n" -#, c-format -msgid "selected AEAD algorithm is invalid\n" -msgstr "seçili AEAD algoritması geçersiz\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "seçili sıkıştırma algoritması geçersiz\n" @@ -2499,10 +2516,6 @@ msgstr "geçersiz öntanımlı tercihler\n" msgid "invalid personal cipher preferences\n" msgstr "geçersiz kişisel şifre tercihleri\n" -#, c-format -msgid "invalid personal AEAD preferences\n" -msgstr "geçersiz kişisel AEAD tercihler\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "geçersiz kişisel özet tercihleri\n" @@ -2519,10 +2532,6 @@ msgstr "parça boyutu geçersiz - %d kullanılıyor\n" msgid "%s does not yet work with %s\n" msgstr "%s, %s ile henüz çalışmıyor\n" -#, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "'%s' AEAD algoritması, %s kipinde kullanılamayabilir\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "'%s' sıkıştırma algoritması, %s kipinde kullanılamayabilir\n" @@ -3665,18 +3674,6 @@ msgstr "\"%s\", düzgün bir parmak izi değil\n" msgid "subkey \"%s\" not found\n" msgstr "yardımcı anahtar \"%s\" bulunamadı\n" -msgid "AEAD: " -msgstr "AEAD: " - -msgid "Digest: " -msgstr "Özet: " - -msgid "Features: " -msgstr "Özellikler: " - -msgid "Keyserver no-modify" -msgstr "Anahtar sunucusu değişmez" - msgid "Preferred keyserver: " msgstr "Tercih edilen anahtar sunucusu: " @@ -4488,6 +4485,18 @@ msgstr "Gerçekten üretilsin mi? (e/H) " msgid "never " msgstr "asla " +msgid "AEAD: " +msgstr "AEAD: " + +msgid "Digest: " +msgstr "Özet: " + +msgid "Features: " +msgstr "Özellikler: " + +msgid "Keyserver no-modify" +msgstr "Anahtar sunucusu değişmez" + msgid "Critical signature policy: " msgstr "Kritik imza guvencesi: " @@ -8879,6 +8888,15 @@ msgstr "Yubikey yönetim konsolu" msgid "manage the command history" msgstr "komut geçmişini yönet" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "seçili AEAD algoritması geçersiz\n" + +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "geçersiz kişisel AEAD tercihler\n" + +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "'%s' AEAD algoritması, %s kipinde kullanılamayabilir\n" + #~ msgid "run in supervised mode" #~ msgstr "yönetilen kipte çalıştır" diff --git a/po/uk.po b/po/uk.po index 7c51ddb06..e83cc8ef9 100644 --- a/po/uk.po +++ b/po/uk.po @@ -403,6 +403,11 @@ msgstr "|АЛГО|використати алгоритм АЛГО для пок msgid "enable putty support" msgstr "увімкнути підтримку putty" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "увімкнути підтримку putty" + msgid "Options controlling the security" msgstr "Параметри керування захистом" @@ -1829,8 +1834,9 @@ msgstr "УВАГА: ключ %s не можна використовувати msgid "error creating passphrase: %s\n" msgstr "помилка під час спроби створення пароля: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "не можна використовувати симетричний пакет ESK через режим S2K\n" #, fuzzy, c-format @@ -1910,9 +1916,19 @@ msgstr "вилучити невикористовувані частини кл msgid "remove as much as possible from key during export" msgstr "вилучити максимум частин з ключа під час експортування" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "створити сертифікат відкликання" + msgid "use the GnuPG key backup format" msgstr "використовувати формат резервних копій ключів GnuPG" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "експортування закритих ключів заборонено\n" + msgid " - skipped" msgstr " - пропущено" @@ -2380,6 +2396,11 @@ msgstr "показувати назву сховища ключів у спис msgid "show expiration dates during signature listings" msgstr "показувати дати завершення строків дії у списку підписів" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "список переваг (експертний)" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "невідомі правила TOFU «%s»\n" @@ -2540,11 +2561,6 @@ msgstr "не буде запущено з помилками у захисті msgid "selected cipher algorithm is invalid\n" msgstr "вибраний алгоритм шифрування є некоректним\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "вибраний алгоритм побудови контрольних сум є некоректним\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "вибраний алгоритм стискання є некоректним\n" @@ -2592,11 +2608,6 @@ msgstr "некоректні типові параметри\n" msgid "invalid personal cipher preferences\n" msgstr "некоректні особисті параметри шифрування\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "некоректні особисті параметри шифрування\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "некоректні особисті параметри контрольної суми\n" @@ -2614,11 +2625,6 @@ msgstr "некоректний розмір ключа; використовує msgid "%s does not yet work with %s\n" msgstr "%s ще не може працювати разом з %s\n" -#, fuzzy, c-format -#| msgid "cipher algorithm '%s' may not be used in %s mode\n" -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "алгоритм шифрування «%s» не можна використовувати у режимі %s\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "алгоритм стискання «%s» не можна використовувати у режимі %s\n" @@ -3774,18 +3780,6 @@ msgstr "«%s» не є належним відбитком\n" msgid "subkey \"%s\" not found\n" msgstr "не знайдено підключ «%s»\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "Контрольна сума: " - -msgid "Features: " -msgstr "Можливості: " - -msgid "Keyserver no-modify" -msgstr "Сервер ключів без можливості зміни" - msgid "Preferred keyserver: " msgstr "Основний сервер ключів: " @@ -4618,6 +4612,18 @@ msgstr "Створити? (y/N або т/Н) " msgid "never " msgstr "ніколи " +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "Контрольна сума: " + +msgid "Features: " +msgstr "Можливості: " + +msgid "Keyserver no-modify" +msgstr "Сервер ключів без можливості зміни" + msgid "Critical signature policy: " msgstr "Критичні правила підпису: " @@ -9191,6 +9197,21 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "вибраний алгоритм побудови контрольних сум є некоректним\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "некоректні особисті параметри шифрування\n" + +#, fuzzy +#~| msgid "cipher algorithm '%s' may not be used in %s mode\n" +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "алгоритм шифрування «%s» не можна використовувати у режимі %s\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "" #~ "примусове використання симетричного шифру %s (%d) не відповідає " diff --git a/po/zh_CN.po b/po/zh_CN.po index 1f6c472ac..9b69aeb45 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -376,6 +376,11 @@ msgstr "|ALGO|使用 ALGO 显示 ssh 指纹" msgid "enable putty support" msgstr "启用 putty 支持" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "启用 putty 支持" + msgid "Options controlling the security" msgstr "控制安全的选项" @@ -1744,8 +1749,9 @@ msgstr "警告: 密钥 %s 在 %s 模式下不适用于加密\n" msgid "error creating passphrase: %s\n" msgstr "创建密码时出现错误:%s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "由于在 S2K 模式,不能使用一个对称的 ESK 封包\n" #, c-format @@ -1814,9 +1820,19 @@ msgstr "导出时移除密钥中未使用的部分" msgid "remove as much as possible from key during export" msgstr "导出时尽可能移除密钥中的可选部分" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "生成一份吊销证书" + msgid "use the GnuPG key backup format" msgstr "使用 GnuPG 密钥备份格式" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "不允许导出私钥\n" + msgid " - skipped" msgstr " - 已跳过" @@ -2245,6 +2261,11 @@ msgstr "列出密钥时显示钥匙环的名称" msgid "show expiration dates during signature listings" msgstr "列出签名时显示过期日期" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "列出偏好设置(专家模式)" + #, c-format msgid "unknown TOFU policy '%s'\n" msgstr "未知的 TOFU 政策‘%s’\n" @@ -2400,10 +2421,6 @@ msgstr "不会在内存不安全的情况下运行,原因是 %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "所选的密文算法无效\n" -#, c-format -msgid "selected AEAD algorithm is invalid\n" -msgstr "所选择的 AEAD 算法无效\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "所选的压缩算法无效\n" @@ -2448,10 +2465,6 @@ msgstr "无效的默认偏好设置\n" msgid "invalid personal cipher preferences\n" msgstr "无效的个人密文偏好设置\n" -#, c-format -msgid "invalid personal AEAD preferences\n" -msgstr "无效的个人 AEAD 偏好设置\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "无效的个人摘要算法偏好设置\n" @@ -2468,10 +2481,6 @@ msgstr "块大小无效 - 使用 %d\n" msgid "%s does not yet work with %s\n" msgstr "%s 尚不能和 %s 并用\n" -#, c-format -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "AEAD 算法‘%s’不能在 %s 模式下使用\n" - #, c-format msgid "compression algorithm '%s' may not be used in %s mode\n" msgstr "压缩算法‘%s’不能在 %s 模式下使用\n" @@ -3561,18 +3570,6 @@ msgstr "“%s” 不是一个正确的指纹\n" msgid "subkey \"%s\" not found\n" msgstr "子密钥 “%s” 未找到\n" -msgid "AEAD: " -msgstr "AEAD: " - -msgid "Digest: " -msgstr "摘要: " - -msgid "Features: " -msgstr "特点: " - -msgid "Keyserver no-modify" -msgstr "公钥服务器不可修改" - msgid "Preferred keyserver: " msgstr "首选公钥服务器: " @@ -4351,6 +4348,18 @@ msgstr "真的要创建吗?(y/N) " msgid "never " msgstr "永不 " +msgid "AEAD: " +msgstr "AEAD: " + +msgid "Digest: " +msgstr "摘要: " + +msgid "Features: " +msgstr "特点: " + +msgid "Keyserver no-modify" +msgstr "公钥服务器不可修改" + msgid "Critical signature policy: " msgstr "紧急签名策略: " @@ -8612,6 +8621,15 @@ msgstr "Yubikey 管理命令" msgid "manage the command history" msgstr "管理命令历史记录" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "所选择的 AEAD 算法无效\n" + +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "无效的个人 AEAD 偏好设置\n" + +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "AEAD 算法‘%s’不能在 %s 模式下使用\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "强行对称密文算法 %s (%d) 与接收者的偏好设置冲突\n" diff --git a/po/zh_TW.po b/po/zh_TW.po index 5d0a120d0..92470d47e 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -405,6 +405,11 @@ msgstr "" msgid "enable putty support" msgstr "啟用 putty 支援" +#, fuzzy +#| msgid "enable putty support" +msgid "enable Win32-OpenSSH support" +msgstr "啟用 putty 支援" + msgid "Options controlling the security" msgstr "控制著安全性的選項" @@ -1837,8 +1842,9 @@ msgstr "警告: \"%s%s\" 是已廢棄的選項 - 沒有效果\n" msgid "error creating passphrase: %s\n" msgstr "建立密語時出錯: %s\n" -#, c-format -msgid "can't use a symmetric ESK packet due to the S2K mode\n" +#, fuzzy, c-format +#| msgid "can't use a symmetric ESK packet due to the S2K mode\n" +msgid "can't use a SKESK packet due to the S2K mode\n" msgstr "因處於 S2K 模式下而無法使用對稱式 ESK 封包\n" #, fuzzy, c-format @@ -1912,9 +1918,19 @@ msgstr "匯出時從金鑰中移除無法使用的部分" msgid "remove as much as possible from key during export" msgstr "匯出時盡可能地從金鑰中移除" +#, fuzzy +#| msgid "generate a revocation certificate" +msgid "export only revocation certificates" +msgstr "產生撤銷憑證" + msgid "use the GnuPG key backup format" msgstr "" +#, fuzzy +#| msgid "exporting secret keys not allowed\n" +msgid "export secret keys using the GnuPG format" +msgstr "不允許匯出私鑰\n" + msgid " - skipped" msgstr " - 已跳過" @@ -2379,6 +2395,11 @@ msgstr "在金鑰清單中顯示鑰匙圈名稱" msgid "show expiration dates during signature listings" msgstr "列出簽章時顯示有效期限" +#, fuzzy +#| msgid "list preferences (expert)" +msgid "show preferences" +msgstr "列出偏好 (專家模式)" + #, fuzzy, c-format #| msgid "unknown option '%s'\n" msgid "unknown TOFU policy '%s'\n" @@ -2538,11 +2559,6 @@ msgstr "因為 %s 而不會在不安全的記憶體中執行\n" msgid "selected cipher algorithm is invalid\n" msgstr "所選的編密演算法無效\n" -#, fuzzy, c-format -#| msgid "selected digest algorithm is invalid\n" -msgid "selected AEAD algorithm is invalid\n" -msgstr "所選的摘要演算法無效\n" - #, c-format msgid "selected compression algorithm is invalid\n" msgstr "所選的壓縮演算法無效\n" @@ -2587,11 +2603,6 @@ msgstr "無效的預設偏好\n" msgid "invalid personal cipher preferences\n" msgstr "無效的個人編密法偏好\n" -#, fuzzy, c-format -#| msgid "invalid personal cipher preferences\n" -msgid "invalid personal AEAD preferences\n" -msgstr "無效的個人編密法偏好\n" - #, c-format msgid "invalid personal digest preferences\n" msgstr "無效的個人摘要偏好\n" @@ -2609,11 +2620,6 @@ msgstr "金鑰尺寸無效; 改用 %u 位元\n" msgid "%s does not yet work with %s\n" msgstr "%s 還沒辦法跟 %s 一起運作\n" -#, fuzzy, c-format -#| msgid "you may not use cipher algorithm '%s' while in %s mode\n" -msgid "AEAD algorithm '%s' may not be used in %s mode\n" -msgstr "你不該將 '%s' 編密演算法用於 %s 模式\n" - #, fuzzy, c-format #| msgid "you may not use compression algorithm '%s' while in %s mode\n" msgid "compression algorithm '%s' may not be used in %s mode\n" @@ -3752,18 +3758,6 @@ msgstr "\"%s\" 不是指紋\n" msgid "subkey \"%s\" not found\n" msgstr "找不到金鑰 \"%s\": %s\n" -msgid "AEAD: " -msgstr "" - -msgid "Digest: " -msgstr "摘要: " - -msgid "Features: " -msgstr "特點: " - -msgid "Keyserver no-modify" -msgstr "金鑰伺服器無修改" - msgid "Preferred keyserver: " msgstr "偏好的金鑰伺服器: " @@ -4578,6 +4572,18 @@ msgstr "真的要建立嗎? (y/N) " msgid "never " msgstr "永遠不過期" +msgid "AEAD: " +msgstr "" + +msgid "Digest: " +msgstr "摘要: " + +msgid "Features: " +msgstr "特點: " + +msgid "Keyserver no-modify" +msgstr "金鑰伺服器無修改" + msgid "Critical signature policy: " msgstr "關鍵簽章原則: " @@ -8999,6 +9005,21 @@ msgstr "" msgid "manage the command history" msgstr "" +#, fuzzy +#~| msgid "selected digest algorithm is invalid\n" +#~ msgid "selected AEAD algorithm is invalid\n" +#~ msgstr "所選的摘要演算法無效\n" + +#, fuzzy +#~| msgid "invalid personal cipher preferences\n" +#~ msgid "invalid personal AEAD preferences\n" +#~ msgstr "無效的個人編密法偏好\n" + +#, fuzzy +#~| msgid "you may not use cipher algorithm '%s' while in %s mode\n" +#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n" +#~ msgstr "你不該將 '%s' 編密演算法用於 %s 模式\n" + #~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" #~ msgstr "強迫使用 %s (%d) 對稱式編密法會違反收件者偏好設定\n" diff --git a/scd/app-p15.c b/scd/app-p15.c index 0e92edf56..bfd693466 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -744,7 +744,15 @@ select_and_read_record (app_t app, unsigned short efid, int recno, /* On CardOS with a Linear TLV file structure the records starts * with some tag (often the record number) followed by the length * byte for this record. Detect and remove this prefix. */ - if (*buflen > 2 && (*buffer)[0] != 0x30 && (*buffer)[1] == *buflen - 2) + if (*buflen == 2 && !(*buffer)[0] && !(*buffer)[1]) + ; /* deleted record. */ + else if (*buflen > 3 && (*buffer)[0] == 0xff + && buf16_to_uint ((*buffer)+1) == *buflen - 3) + { + memmove (*buffer, *buffer + 3, *buflen - 3); + *buflen = *buflen - 3; + } + else if (*buflen > 2 && (*buffer)[0] != 0x30 && (*buffer)[1] == *buflen - 2) { memmove (*buffer, *buffer + 2, *buflen - 2); *buflen = *buflen - 2; @@ -1771,6 +1779,9 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result) starting with 0x00 or 0xff as these values are commonly used to pad data blocks and are no valid ASN.1 encoding. Note the special handling for record mode at the end of the loop. */ + if (record_mode && buflen == 2 && !buffer[0] && !buffer[1]) + goto next_record; /* Deleted record - continue with next */ + while (n && *p && *p != 0xff) { const unsigned char *pp; @@ -2028,6 +2039,8 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result) err = 0; goto leave; } + if (buflen == 2 && !buffer[0] && !buffer[1]) + goto next_record; /* Deleted record - continue with next */ p = buffer; n = buflen; } @@ -2077,6 +2090,9 @@ read_ef_pukdf (app_t app, unsigned short fid, pukdf_object_t *result) * starting with 0x00 or 0xff as these values are commonly used to * pad data blocks and are no valid ASN.1 encoding. Note the * special handling for record mode at the end of the loop. */ + if (record_mode && buflen == 2 && !buffer[0] && !buffer[1]) + goto next_record; /* Deleted record - continue with next */ + while (n && *p && *p != 0xff) { const unsigned char *pp; @@ -2354,6 +2370,8 @@ read_ef_pukdf (app_t app, unsigned short fid, pukdf_object_t *result) err = 0; goto leave; } + if (buflen == 2 && !buffer[0] && !buffer[1]) + goto next_record; /* Deleted record - continue with next */ p = buffer; n = buflen; } @@ -2404,6 +2422,9 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result) starting with 0x00 or 0xff as these values are commonly used to pad data blocks and are no valid ASN.1 encoding. Note the special handling for record mode at the end of the loop. */ + if (record_mode && buflen == 2 && !buffer[0] && !buffer[1]) + goto next_record; /* Deleted record - continue with next */ + while (n && *p && *p != 0xff) { const unsigned char *pp; @@ -2625,8 +2646,8 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result) err = 0; next_record: - xfree (authid); - xfree (label); + xfree (authid); authid = NULL; + xfree (label); label = NULL; /* If the card uses a record oriented file structure, read the * next record. Otherwise we keep on parsing the current buffer. */ recno++; @@ -2635,11 +2656,14 @@ read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result) xfree (buffer); buffer = NULL; err = select_and_read_record (app, 0, recno, "CDF", &buffer, &buflen, NULL); - if (err) { - if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) - err = 0; - goto leave; - } + if (err) + { + if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) + err = 0; + goto leave; + } + if (buflen == 2 && !buffer[0] && !buffer[1]) + goto next_record; /* Deleted record - continue with next */ p = buffer; n = buflen; } @@ -2728,6 +2752,9 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result) starting with 0x00 or 0xff as these values are commonly used to pad data blocks and are no valid ASN.1 encoding. Note the special handling for record mode at the end of the loop. */ + if (record_mode && buflen == 2 && !buffer[0] && !buffer[1]) + goto next_record; /* Deleted record - continue with next */ + while (n && *p && *p != 0xff) { const unsigned char *pp; @@ -3299,6 +3326,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result) err = 0; goto leave; } + if (buflen == 2 && !buffer[0] && !buffer[1]) + goto next_record; /* Deleted record - continue with next */ p = buffer; n = buflen; } diff --git a/sm/Makefile.am b/sm/Makefile.am index c676adac9..cfcc36c63 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -70,8 +70,8 @@ common_libs = ../kbx/libkeybox509.a $(libcommonpth) gpgsm_LDADD = $(common_libs) ../common/libgpgrl.a \ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \ $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(LIBREADLINE) $(LIBINTL) \ - $(LIBICONV) $(resource_objs) $(extra_sys_libs) $(NETLIBS) -gpgsm_LDFLAGS = $(extra_bin_ldflags) + $(LIBICONV) $(resource_objs) $(NETLIBS) +gpgsm_LDFLAGS = module_tests = diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 5dd8a3938..cc958ccf8 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -64,6 +64,8 @@ struct isvalid_status_parm_s { ctrl_t ctrl; int seen; unsigned char fpr[20]; + gnupg_isotime_t revoked_at; + char *revocation_reason; /* malloced or NULL */ }; @@ -491,6 +493,19 @@ isvalid_status_cb (void *opaque, const char *line) if (!*s || !unhexify_fpr (s, parm->fpr)) parm->seen++; /* Bump it to indicate an error. */ } + else if ((s = has_leading_keyword (line, "REVOCATIONINFO"))) + { + if (*s && strlen (s) >= 15) + { + memcpy (parm->revoked_at, s, 15); + parm->revoked_at[15] = 0; + } + s += 15; + while (*s && spacep (s)) + s++; + xfree (parm->revocation_reason); + parm->revocation_reason = *s? xtrystrdup (s) : NULL; + } else if (warning_and_note_printer (line)) { } @@ -510,12 +525,17 @@ isvalid_status_cb (void *opaque, const char *line) Values for USE_OCSP: 0 = Do CRL check. - 1 = Do an OCSP check but fallback to CRL unless CRLS are disabled. - 2 = Do only an OCSP check using only the default responder. + 1 = Do an OCSP check but fallback to CRL unless CRLs are disabled. + 2 = Do only an OCSP check (used for the chain model). + + If R_REVOKED_AT pr R_REASON are not NULL and the certificate has + been revoked the revocation time and the reason are copied to there. + The caller needs to free R_REASON. */ -int +gpg_error_t gpgsm_dirmngr_isvalid (ctrl_t ctrl, - ksba_cert_t cert, ksba_cert_t issuer_cert, int use_ocsp) + ksba_cert_t cert, ksba_cert_t issuer_cert, int use_ocsp, + gnupg_isotime_t r_revoked_at, char **r_reason) { static int did_options; int rc; @@ -524,6 +544,11 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, struct inq_certificate_parm_s parm; struct isvalid_status_parm_s stparm; + if (r_revoked_at) + *r_revoked_at = 0; + if (r_reason) + *r_reason = NULL; + rc = start_dirmngr (ctrl); if (rc) return rc; @@ -553,6 +578,8 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, stparm.ctrl = ctrl; stparm.seen = 0; memset (stparm.fpr, 0, 20); + stparm.revoked_at[0] = 0; + stparm.revocation_reason = NULL; /* It is sufficient to send the options only once because we have * one connection per process only. */ @@ -563,9 +590,8 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, NULL, NULL, NULL, NULL, NULL, NULL); did_options = 1; } - snprintf (line, DIM(line), "ISVALID%s%s %s%s%s", - use_ocsp == 2 || opt.no_crl_check ? " --only-ocsp":"", - use_ocsp == 2? " --force-default-responder":"", + snprintf (line, DIM(line), "ISVALID%s %s%s%s", + (use_ocsp == 2 || opt.no_crl_check) ? " --only-ocsp":"", certid, use_ocsp? " ":"", use_ocsp? certfpr:""); @@ -578,6 +604,19 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, if (opt.verbose > 1) log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay"); + if (gpg_err_code (rc) == GPG_ERR_CERT_REVOKED + && !check_isotime (stparm.revoked_at)) + { + if (r_revoked_at) + gnupg_copy_time (r_revoked_at, stparm.revoked_at); + if (r_reason) + { + *r_reason = stparm.revocation_reason; + stparm.revocation_reason = NULL; + } + + } + if (!rc && stparm.seen) { /* Need to also check the certificate validity. */ @@ -635,7 +674,9 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, ksba_cert_release (rspcert); } } + release_dirmngr (ctrl); + xfree (stparm.revocation_reason); return rc; } diff --git a/sm/certchain.c b/sm/certchain.c index 4050680e8..cbb6e1127 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -350,7 +350,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist) /* With no critical policies this is only a warning */ if (!any_critical) { - if (!opt.quiet) + if (opt.verbose) do_list (0, listmode, fplist, _("Note: non-critical certificate policy not allowed")); return 0; @@ -380,7 +380,8 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist) /* With no critical policies this is only a warning */ if (!any_critical) { - do_list (0, listmode, fplist, + if (opt.verbose) + do_list (0, listmode, fplist, _("Note: non-critical certificate policy not allowed")); return 0; } @@ -1187,11 +1188,13 @@ gpgsm_is_root_cert (ksba_cert_t cert) /* This is a helper for gpgsm_validate_chain. */ static gpg_error_t -is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp, +is_cert_still_valid (ctrl_t ctrl, int chain_model, int lm, estream_t fp, ksba_cert_t subject_cert, ksba_cert_t issuer_cert, int *any_revoked, int *any_no_crl, int *any_crl_too_old) { gpg_error_t err; + gnupg_isotime_t revoked_at; + char *reason; if (ctrl->offline || (opt.no_crl_check && !ctrl->use_ocsp)) { @@ -1201,7 +1204,7 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp, } - if (!(force_ocsp || ctrl->use_ocsp) + if (!(chain_model || ctrl->use_ocsp) && !opt.enable_issuer_based_crl_check) { err = ksba_cert_get_crl_dist_point (subject_cert, 0, NULL, NULL, NULL); @@ -1220,7 +1223,20 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp, err = gpgsm_dirmngr_isvalid (ctrl, subject_cert, issuer_cert, - force_ocsp? 2 : !!ctrl->use_ocsp); + chain_model? 2 : !!ctrl->use_ocsp, + revoked_at, &reason); + if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED) + { + gnupg_copy_time (ctrl->revoked_at, revoked_at); + xfree (ctrl->revocation_reason); + ctrl->revocation_reason = reason; + reason = NULL; + } + else + { + xfree (reason); + reason = (NULL); + } audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err); if (err) @@ -1230,7 +1246,22 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp, switch (gpg_err_code (err)) { case GPG_ERR_CERT_REVOKED: - do_list (1, lm, fp, _("certificate has been revoked")); + if (!check_isotime (ctrl->revoked_at)) + { + char *tmpstr; + const unsigned char *t = ctrl->revoked_at; + + tmpstr = xtryasprintf ("%.4s-%.2s-%.2s %.2s:%.2s:%s (%s)", + t, t+4, t+6, t+9, t+11, t+13, + ctrl->revocation_reason? + ctrl->revocation_reason : ""); + + do_list (1, lm, fp, "%s: %s", + _("certificate has been revoked"), tmpstr); + xfree (tmpstr); + } + else + do_list (1, lm, fp, _("certificate has been revoked")); *any_revoked = 1; /* Store that in the keybox so that key listings are able to return the revoked flag. We don't care about error, @@ -2158,11 +2189,14 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime, { *retflags |= VALIDATE_FLAG_STEED; } - else if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED - && !(flags & VALIDATE_FLAG_CHAIN_MODEL) - && (rootca_flags.valid && rootca_flags.chain_model)) + else if (!(flags & VALIDATE_FLAG_CHAIN_MODEL) + && (rootca_flags.valid && rootca_flags.chain_model)) { - do_list (0, listmode, listfp, _("switching to chain model")); + /* The root CA indicated that the chain model is to be used but + * we have not yet used it. Thus do the validation again using + * the chain model. */ + if (opt.verbose) + do_list (0, listmode, listfp, _("switching to chain model")); rc = do_validate_chain (ctrl, cert, checktime, r_exptime, listmode, listfp, (flags |= VALIDATE_FLAG_CHAIN_MODEL), diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 3247a0f2e..f8b3856c2 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -2228,6 +2228,8 @@ gpgsm_init_default_ctrl (struct server_control_s *ctrl) ctrl->use_ocsp = opt.enable_ocsp; ctrl->validation_model = default_validation_model; ctrl->offline = opt.disable_dirmngr; + ctrl->revoked_at[0] = 0; + ctrl->revocation_reason = NULL; } @@ -2237,6 +2239,8 @@ void gpgsm_deinit_default_ctrl (ctrl_t ctrl) { gpgsm_keydb_deinit_session_data (ctrl); + xfree (ctrl->revocation_reason); + ctrl->revocation_reason = NULL; } diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 9fbb53a29..ced2d679f 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -264,6 +264,10 @@ struct server_control_s /* The current time. Used as a helper in certchain.c. */ ksba_isotime_t current_time; + + /* The revocation info. Used as a helper inc ertchain.c */ + gnupg_isotime_t revoked_at; + char *revocation_reason; }; @@ -494,9 +498,11 @@ gpg_error_t gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, size_t *r_resultlen); /*-- call-dirmngr.c --*/ -int gpgsm_dirmngr_isvalid (ctrl_t ctrl, - ksba_cert_t cert, ksba_cert_t issuer_cert, - int use_ocsp); +gpg_error_t gpgsm_dirmngr_isvalid (ctrl_t ctrl, + ksba_cert_t cert, ksba_cert_t issuer_cert, + int use_ocsp, + gnupg_isotime_t r_revoked_at, + char **r_reason); int gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, const char *uri, int cache_only, void (*cb)(void*, ksba_cert_t), void *cb_value); diff --git a/sm/keydb.c b/sm/keydb.c index 5b28df7ab..fbe28f2b9 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -2027,7 +2027,7 @@ keydb_set_cert_flags (ctrl_t ctrl, ksba_cert_t cert, int ephemeral, err = keydb_search_fpr (ctrl, kh, fpr); if (err) { - if (gpg_err_code (err) != gpg_error (GPG_ERR_NOT_FOUND)) + if (gpg_err_code (err) != GPG_ERR_NOT_FOUND) log_error (_("problem re-searching certificate: %s\n"), gpg_strerror (err)); keydb_release (kh); diff --git a/sm/keylist.c b/sm/keylist.c index fb2c3bad5..fabd82224 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -1201,6 +1201,15 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd, { err = gpgsm_validate_chain (ctrl, cert, GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL); + if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED + && !check_isotime (ctrl->revoked_at)) + { + es_fputs (" revoked: ", fp); + gpgsm_print_time (fp, ctrl->revoked_at); + if (ctrl->revocation_reason) + es_fprintf (fp, " (%s)", ctrl->revocation_reason); + es_putc ('\n', fp); + } if (!err) es_fprintf (fp, " [certificate is good]\n"); else @@ -1451,6 +1460,15 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret, err = gpgsm_validate_chain (ctrl, cert, GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL); + if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED + && !check_isotime (ctrl->revoked_at)) + { + es_fputs (" revoked: ", fp); + gpgsm_print_time (fp, ctrl->revoked_at); + if (ctrl->revocation_reason) + es_fprintf (fp, " (%s)", ctrl->revocation_reason); + es_putc ('\n', fp); + } tmperr = ksba_cert_get_user_data (cert, "is_qualified", &buffer, sizeof (buffer), &buflen); if (!tmperr && buflen) diff --git a/sm/verify.c b/sm/verify.c index 2e40c021f..9f1216f83 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -299,6 +299,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) unsigned int nbits; int pkalgo; char *pkalgostr = NULL; + char *pkcurve = NULL; char *pkfpr = NULL; unsigned int pkalgoflags, verifyflags; @@ -457,7 +458,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); pkalgostr = gpgsm_pubkey_algo_string (cert, NULL); - pkalgo = gpgsm_get_key_algo_info (cert, &nbits); + pkalgo = gpgsm_get_key_algo_info2 (cert, &nbits, &pkcurve); /* Remap the ECC algo to the algo we use. Note that EdDSA has * already been mapped. */ if (pkalgo == GCRY_PK_ECC) @@ -513,9 +514,19 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) goto next_signer; } + /* Print compliance warning for the key. */ + if (!opt.quiet + && !gnupg_pk_is_compliant (opt.compliance, pkalgo, pkalgoflags, + NULL, nbits, pkcurve)) + { + log_info (_("WARNING: This key is not suitable for signing" + " in %s mode\n"), + gnupg_compliance_option_string (opt.compliance)); + } + /* Check compliance with CO_DE_VS. */ if (gnupg_pk_is_compliant (CO_DE_VS, pkalgo, pkalgoflags, - NULL, nbits, NULL) + NULL, nbits, pkcurve) && gnupg_gcrypt_is_compliant (CO_DE_VS) && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo)) gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE, @@ -528,7 +539,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) gpgsm_errors_seen = 1; } - /* Now we can check the signature. */ if (msgdigest) { /* Signed attributes are available. */ @@ -715,6 +725,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) gcry_sexp_release (sigval); xfree (msgdigest); xfree (pkalgostr); + xfree (pkcurve); xfree (pkfpr); ksba_cert_release (cert); cert = NULL; diff --git a/tests/gpgme/Makefile.am b/tests/gpgme/Makefile.am index fe3d58007..ae98db4a0 100644 --- a/tests/gpgme/Makefile.am +++ b/tests/gpgme/Makefile.am @@ -47,6 +47,7 @@ check: xcheck .PHONY: xcheck xcheck: + @$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests $(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \ $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS) @@ -57,3 +58,6 @@ CLEANFILES = *.log report.xml # We need to depend on a couple of programs so that the tests don't # start before all programs are built. all-local: $(required_pgms) + +clean-local: + -rm -rf tests lang diff --git a/tests/gpgme/all-tests.scm b/tests/gpgme/all-tests.scm index 1746c4ee1..aef7d6a21 100644 --- a/tests/gpgme/all-tests.scm +++ b/tests/gpgme/all-tests.scm @@ -41,7 +41,7 @@ (test::scm #f #f - (path-join "tests" "gpgme" "setup.scm" "tests" "gpg") + (path-join "tests" "gpgme" "tests" "gpg") (in-srcdir "tests" "gpgme" "setup.scm") "--" "tests" "gpg"))) (define setup-py @@ -49,7 +49,7 @@ (test::scm #f #f - (path-join "tests" "gpgme" "setup.scm" "lang" "python" "tests") + (path-join "tests" "gpgme" "lang" "python" "tests") (in-srcdir "tests" "gpgme" "setup.scm") "--" "lang" "python" "tests"))) diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 32b75d427..7998d2ab9 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -245,9 +245,9 @@ sample_msgs = samplemsgs/clearsig-1-key-1.asc \ samplemsgs/clearsig-2-keys-1.asc \ samplemsgs/clearsig-2-keys-2.asc \ samplemsgs/enc-sym-cfb-1.asc \ - samplemsgs/enc-sym-cfb-1.asc \ - samplemsgs/enc-sym-ocb-1.asc \ + samplemsgs/enc-sym-cfb-2.asc \ samplemsgs/enc-sym-ocb-1.asc \ + samplemsgs/enc-sym-ocb-2.asc \ samplemsgs/enc-1-key-1.asc \ samplemsgs/enc-1-key-2.asc \ samplemsgs/enc-2-keys-1.asc \ diff --git a/tools/Makefile.am b/tools/Makefile.am index a3fe6e31c..39374e42a 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -98,7 +98,7 @@ gpgconf_LDADD = $(common_libs) \ $(LIBINTL) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ $(LIBICONV) $(W32SOCKLIBS) \ $(gpgconf_rc_objs) -gpgconf_LDFLAGS = $(extra_bin_ldflags) +gpgconf_LDFLAGS = gpgconf_w32_SOURCES = $(gpgconf_SOURCES) gpgconf_w32_LDADD = $(gpgconf_LDADD) diff --git a/tools/call-dirmngr.c b/tools/call-dirmngr.c index 4eef9b264..c0ddcf568 100644 --- a/tools/call-dirmngr.c +++ b/tools/call-dirmngr.c @@ -124,10 +124,54 @@ wkd_get_status_cb (void *opaque, const char *line) { struct wkd_get_parm_s *parm = opaque; gpg_error_t err = 0; + const char *s, *s2; + const char *warn = NULL; + int is_note = 0; - (void)line; (void)parm; + /* Note: The code below is mostly duplicated from g10/call-dirmngr.c */ + if ((s = has_leading_keyword (line, "WARNING")) + || (is_note = !!(s = has_leading_keyword (line, "NOTE")))) + { + if ((s2 = has_leading_keyword (s, "wkd_cached_result"))) + { + if (opt.verbose) + warn = _("WKD uses a cached result"); + } + else if ((s2 = has_leading_keyword (s, "tor_not_running"))) + warn = _("Tor is not running"); + else if ((s2 = has_leading_keyword (s, "tor_config_problem"))) + warn = _("Tor is not properly configured"); + else if ((s2 = has_leading_keyword (s, "dns_config_problem"))) + warn = _("DNS is not properly configured"); + else if ((s2 = has_leading_keyword (s, "http_redirect"))) + warn = _("unacceptable HTTP redirect from server"); + else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup"))) + warn = _("unacceptable HTTP redirect from server was cleaned up"); + else if ((s2 = has_leading_keyword (s, "tls_cert_error"))) + warn = _("server uses an invalid certificate"); + else + warn = NULL; + + if (warn) + { + if (is_note) + log_info (_("Note: %s\n"), warn); + else + log_info (_("WARNING: %s\n"), warn); + if (s2 && opt.verbose) + { + while (*s2 && !spacep (s2)) + s2++; + while (*s2 && spacep (s2)) + s2++; + if (*s2) + log_info ("(%s)\n", s2); + } + } + } + return err; } diff --git a/tools/gpg-card.c b/tools/gpg-card.c index 9af760d86..3034a14c5 100644 --- a/tools/gpg-card.c +++ b/tools/gpg-card.c @@ -1243,7 +1243,7 @@ cmd_list (card_info_t info, char *argstr) if (!info->serialno || info->need_sn_cmd) { - /* This is probably the first call or was explictly requested. + /* This is probably the first call or was explicitly requested. * We need to send a SERIALNO command to scdaemon so that our * session knows all cards. */ err = scd_serialno (NULL, NULL); @@ -2740,7 +2740,7 @@ cmd_passwd (card_info_t info, char *argstr) "in non-interactive and without a PINREF a default value is\n" "used for these cards. The option --reset is used with TCOS\n" "cards to reset the PIN using the PUK or vice versa; --nullpin\n" - "is used for these cards to set the intial PIN.", + "is used for these cards to set the initial PIN.", 0); if (opt.interactive || opt.verbose) @@ -2939,7 +2939,7 @@ cmd_passwd (card_info_t info, char *argstr) else if (!ascii_strcasecmp (pinref, "OPENPGP.3")) log_info ("Admin PIN changed.\n"); else if (reset_mode) - log_info ("PIN resetted.\n"); + log_info ("PIN reset.\n"); else log_info ("PIN changed.\n"); diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index c3cb392c4..521222631 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -1115,6 +1115,9 @@ command_check (char *userid) log_info (" created: %s\n", asctimestamp (sl->created)); if (sl->mbox) log_info (" addr-spec: %s\n", sl->mbox); + if (sl->expired || sl->revoked) + log_info (" flags:%s%s\n", + sl->expired? " expired":"", sl->revoked?" revoked":""); } } if (!found) @@ -1123,6 +1126,19 @@ command_check (char *userid) addrspec); err = gpg_error (GPG_ERR_CERT_REVOKED); } + else if (opt.output) + { + /* Save to file. */ + const char *fname = opt.output; + + if (*fname == '-' && !fname[1]) + fname = NULL; + es_rewind (key); + err = wks_write_to_file (key, fname); + if (err) + log_error ("writing key to '%s' failed: %s\n", + fname? fname : "[stdout]", gpg_strerror (err)); + } leave: xfree (fpr); @@ -1153,6 +1169,7 @@ command_send (const char *fingerprint, const char *userid) uidinfo_list_t uidlist = NULL; uidinfo_list_t uid, thisuid; time_t thistime; + int any; if (classify_user_id (fingerprint, &desc, 1) || desc.mode != KEYDB_SEARCH_MODE_FPR) @@ -1213,12 +1230,20 @@ command_send (const char *fingerprint, const char *userid) } thistime = 0; thisuid = NULL; + any = 0; for (uid = uidlist; uid; uid = uid->next) { if (!uid->mbox) continue; /* Should not happen anyway. */ if (policy->mailbox_only && ascii_strcasecmp (uid->uid, uid->mbox)) continue; /* UID has more than just the mailbox. */ + if (uid->expired) + { + if (opt.verbose) + log_info ("ignoring expired user id '%s'\n", uid->uid); + continue; + } + any = 1; if (uid->created > thistime) { thistime = uid->created; @@ -1227,6 +1252,14 @@ command_send (const char *fingerprint, const char *userid) } if (!thisuid) thisuid = uidlist; /* This is the case for a missing timestamp. */ + if (!any) + { + log_error ("public key %s has no mail address '%s'\n", + fingerprint, addrspec); + err = gpg_error (GPG_ERR_INV_USER_ID); + goto leave; + } + if (opt.verbose) log_info ("submitting key with user id '%s'\n", thisuid->uid); @@ -1968,6 +2001,8 @@ mirror_one_key (estream_t key) { if (!uid->mbox || (uid->flags & 1)) continue; /* No mail box or already processed. */ + if (uid->expired) + continue; if (!domain_matches_mbox (domain, uid->mbox)) continue; /* We don't want this one. */ if (is_in_blacklist (uid->mbox)) diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h index 59a0aca74..93039c1e8 100644 --- a/tools/gpg-wks.h +++ b/tools/gpg-wks.h @@ -81,6 +81,8 @@ struct uidinfo_list_s time_t created; /* Time the userid was created. */ char *mbox; /* NULL or the malloced mailbox from UID. */ unsigned int flags; /* These flags are cleared on creation. */ + unsigned int expired:1; + unsigned int revoked:1; char uid[1]; }; typedef struct uidinfo_list_s *uidinfo_list_t; @@ -104,6 +106,7 @@ gpg_error_t wks_send_mime (mime_maker_t mime); gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream, int ignore_unknown); void wks_free_policy (policy_flags_t policy); +gpg_error_t wks_write_to_file (estream_t src, const char *fname); gpg_error_t wks_fname_from_userid (const char *userid, int hash_only, char **r_fname, char **r_addrspec); diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index c933deefe..ebcfc5229 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -1141,6 +1141,7 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names, { strlist_t arg; ccparray_t ccp; + int except[2] = { -1, -1 }; const char **argv; /* '--encrypt' may be combined with '--symmetric', but 'encrypt' @@ -1164,6 +1165,7 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names, snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd); ccparray_put (&ccp, tmpbuf); + except[0] = opt.status_fd; } ccparray_put (&ccp, "--output"); @@ -1196,7 +1198,8 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names, } err = gnupg_process_spawn (opt.gpg_program, argv, - GNUPG_PROCESS_STDIN_PIPE, NULL, NULL, &proc); + GNUPG_PROCESS_STDIN_PIPE, + gnupg_spawn_helper, except, &proc); xfree (argv); if (err) goto leave; diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index 49e836d0f..9d5abd33d 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -369,6 +369,7 @@ gpgtar_extract (const char *filename, int decrypt) { strlist_t arg; ccparray_t ccp; + int except[2] = { -1, -1 }; const char **argv; ccparray_init (&ccp, 0); @@ -382,6 +383,7 @@ gpgtar_extract (const char *filename, int decrypt) snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd); ccparray_put (&ccp, tmpbuf); + except[0] = opt.status_fd; } if (opt.with_log) { @@ -411,7 +413,7 @@ gpgtar_extract (const char *filename, int decrypt) err = gnupg_process_spawn (opt.gpg_program, argv, ((filename ? GNUPG_PROCESS_STDIN_NULL : 0) | GNUPG_PROCESS_STDOUT_PIPE), - NULL, NULL, &proc); + gnupg_spawn_helper, except, &proc); xfree (argv); if (err) goto leave; diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c index f773e9d10..6d824d35c 100644 --- a/tools/gpgtar-list.c +++ b/tools/gpgtar-list.c @@ -468,6 +468,7 @@ gpgtar_list (const char *filename, int decrypt) { strlist_t arg; ccparray_t ccp; + int except[2] = { -1, -1 }; const char **argv; ccparray_init (&ccp, 0); @@ -481,6 +482,7 @@ gpgtar_list (const char *filename, int decrypt) snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd); ccparray_put (&ccp, tmpbuf); + except[0] = opt.status_fd; } ccparray_put (&ccp, "--output"); ccparray_put (&ccp, "-"); @@ -504,7 +506,7 @@ gpgtar_list (const char *filename, int decrypt) err = gnupg_process_spawn (opt.gpg_program, argv, ((filename ? GNUPG_PROCESS_STDIN_NULL : 0) | GNUPG_PROCESS_STDOUT_PIPE), - NULL, NULL, &proc); + gnupg_spawn_helper, except, &proc); xfree (argv); if (err) goto leave; diff --git a/tools/wks-util.c b/tools/wks-util.c index 1472f7035..0aeb94b1d 100644 --- a/tools/wks-util.c +++ b/tools/wks-util.c @@ -101,7 +101,8 @@ wks_write_status (int no, const char *format, ...) * updated. C-style escaping is removed from UID. On error ERRNO is * set and NULL returned. */ static uidinfo_list_t -append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created) +append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created, + int expired, int revoked) { uidinfo_list_t r, sl; char *plainuid; @@ -121,6 +122,8 @@ append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created) sl->created = created; sl->flags = 0; sl->mbox = mailbox_from_userid (plainuid, 0); + sl->expired = !!expired; + sl->revoked = !!revoked; sl->next = NULL; if (!*list) *list = sl; @@ -296,6 +299,22 @@ key_status_cb (void *opaque, const char *keyword, char *args) } +/* Parse field 1 and set revoked and expired on return. */ +static void +set_expired_revoked (const char *string, int *expired, int *revoked) +{ + *expired = *revoked = 0; + /* Look at letters and stop at the first digit. */ + for ( ;*string && !digitp (string); string++) + { + if (*string == 'e') + *expired = 1; + else if (*string == 'r') + *revoked = 1; + } +} + + /* Run gpg on KEY and store the primary fingerprint at R_FPR and the * list of mailboxes at R_MBOXES. Returns 0 on success; on error NULL * is stored at R_FPR and R_MBOXES and an error code is returned. @@ -316,6 +335,7 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes) int lnr; char *fpr = NULL; uidinfo_list_t mboxes = NULL; + int expired, revoked; if (r_fpr) *r_fpr = NULL; @@ -364,6 +384,7 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes) es_rewind (listing); lnr = 0; + expired = revoked = 0; maxlen = 2048; /* Set limit. */ while ((len = es_read_line (listing, &line, &length_of_line, &maxlen)) > 0) { @@ -408,12 +429,20 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes) err = gpg_error (GPG_ERR_INV_ENGINE); goto leave; } - if (lnr > 1 && !strcmp (fields[0], "pub")) + if (!strcmp (fields[0], "pub")) { - /* More than one public key. */ - err = gpg_error (GPG_ERR_TOO_MANY); - goto leave; + if (lnr > 1) + { + /* More than one public key. */ + err = gpg_error (GPG_ERR_TOO_MANY); + goto leave; + } + if (nfields > 1) + set_expired_revoked (fields[1], &expired, &revoked); + else + expired = revoked = 0; } + if (!strcmp (fields[0], "sub") || !strcmp (fields[0], "ssb")) break; /* We can stop parsing here. */ @@ -428,8 +457,13 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes) } else if (!strcmp (fields[0], "uid") && nfields > 9) { + int uidexpired, uidrevoked; + + set_expired_revoked (fields[1], &uidexpired, &uidrevoked); if (!append_to_uidinfo_list (&mboxes, fields[9], - parse_timestamp (fields[5], NULL))) + parse_timestamp (fields[5], NULL), + expired || uidexpired, + revoked || uidrevoked)) { err = gpg_error_from_syserror (); goto leave; @@ -858,18 +892,27 @@ wks_free_policy (policy_flags_t policy) } -/* Write the content of SRC to the new file FNAME. */ -static gpg_error_t -write_to_file (estream_t src, const char *fname) +/* Write the content of SRC to the new file FNAME. If FNAME is NULL + * SRC is written to stdout. */ +gpg_error_t +wks_write_to_file (estream_t src, const char *fname) { gpg_error_t err; estream_t dst; char buffer[4096]; size_t nread, written; - dst = es_fopen (fname, "wb"); - if (!dst) - return gpg_error_from_syserror (); + if (!fname) + { + dst = es_stdout; + es_set_binary (es_stdout); + } + else + { + dst = es_fopen (fname, "wb"); + if (!dst) + return gpg_error_from_syserror (); + } do { @@ -884,12 +927,15 @@ write_to_file (estream_t src, const char *fname) if (!es_feof (src) || es_ferror (src) || es_ferror (dst)) { err = gpg_error_from_syserror (); - es_fclose (dst); - gnupg_remove (fname); + if (dst != es_stdout) + { + es_fclose (dst); + gnupg_remove (fname); + } return err; } - if (es_fclose (dst)) + if (dst != es_stdout && es_fclose (dst)) { err = gpg_error_from_syserror (); log_error ("error closing '%s': %s\n", fname, gpg_strerror (err)); @@ -1191,7 +1237,7 @@ wks_install_key_core (estream_t key, const char *addrspec) goto leave; /* Publish. */ - err = write_to_file (key, huname); + err = wks_write_to_file (key, huname); if (err) { log_error ("copying key to '%s' failed: %s\n", huname,gpg_strerror (err)); @@ -1279,6 +1325,12 @@ wks_cmd_install_key (const char *fname, const char *userid) continue; /* Should not happen anyway. */ if (ascii_strcasecmp (uid->mbox, addrspec)) continue; /* Not the requested addrspec. */ + if (uid->expired) + { + if (opt.verbose) + log_info ("ignoring expired user id '%s'\n", uid->uid); + continue; + } any = 1; if (uid->created > thistime) {