1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-05 12:31:50 +01:00

* options.h, mainproc.c (check_sig_and_print), gpg.c (main):

pka-lookups, not pka-lookup.

* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
This commit is contained in:
David Shaw 2006-03-08 02:40:42 +00:00
parent 07c48cf29e
commit 90d8377276
6 changed files with 27 additions and 14 deletions

View File

@ -1,5 +1,12 @@
2006-03-07 David Shaw <dshaw@jabberwocky.com> 2006-03-07 David Shaw <dshaw@jabberwocky.com>
* options.h, mainproc.c (check_sig_and_print), gpg.c (main):
pka-lookups, not pka-lookup.
* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
* options.h, gpg.c (main, parse_trust_model), pkclist.c * options.h, gpg.c (main, parse_trust_model), pkclist.c
(check_signatures_trust), mainproc.c (check_sig_and_print, (check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so

View File

@ -357,8 +357,8 @@ enum cmd_and_opt_values
octapiDriver, octapiDriver,
opcscDriver, opcscDriver,
oDisableCCID, oDisableCCID,
oRequireBacksigs, oRequireCrossCert,
oNoRequireBacksigs, oNoRequireCrossCert,
oAutoKeyLocate, oAutoKeyLocate,
oNoAutoKeyLocate, oNoAutoKeyLocate,
oAllowMultisigVerification, oAllowMultisigVerification,
@ -706,8 +706,10 @@ static ARGPARSE_OPTS opts[] = {
I'm returning the favor. */ I'm returning the favor. */
{ oLocalUser, "sign-with", 2, "@" }, { oLocalUser, "sign-with", 2, "@" },
{ oRecipient, "user", 2, "@" }, { oRecipient, "user", 2, "@" },
{ oRequireBacksigs, "require-backsigs", 0, "@"}, { oRequireCrossCert, "require-backsigs", 0, "@"},
{ oNoRequireBacksigs, "no-require-backsigs", 0, "@"}, { oRequireCrossCert, "require-cross-certification", 0, "@"},
{ oNoRequireCrossCert, "no-require-backsigs", 0, "@"},
{ oNoRequireCrossCert, "no-require-cross-certification", 0, "@"},
{ oAutoKeyLocate, "auto-key-locate", 2, "@"}, { oAutoKeyLocate, "auto-key-locate", 2, "@"},
{ oNoAutoKeyLocate, "no-auto-key-locate", 0, "@"}, { oNoAutoKeyLocate, "no-auto-key-locate", 0, "@"},
{0,NULL,0,NULL} {0,NULL,0,NULL}
@ -2462,7 +2464,7 @@ main (int argc, char **argv )
N_("show user ID validity during signature verification")}, N_("show user ID validity during signature verification")},
{"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL, {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
N_("show revoked and expired user IDs in signature verification")}, N_("show revoked and expired user IDs in signature verification")},
{"pka-lookup",VERIFY_PKA_LOOKUP,NULL, {"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
N_("validate signatures with PKA data")}, N_("validate signatures with PKA data")},
{"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL, {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
N_("elevate the trust of signatures with valid PKA data")}, N_("elevate the trust of signatures with valid PKA data")},
@ -2625,8 +2627,8 @@ main (int argc, char **argv )
opt.limit_card_insert_tries = pargs.r.ret_int; opt.limit_card_insert_tries = pargs.r.ret_int;
break; break;
case oRequireBacksigs: opt.require_backsigs=1; break; case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
case oNoRequireBacksigs: opt.require_backsigs=0; break; case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
case oAutoKeyLocate: case oAutoKeyLocate:
if(!parse_auto_key_locate(pargs.r.ret_str)) if(!parse_auto_key_locate(pargs.r.ret_str))

View File

@ -1363,6 +1363,7 @@ static struct
{ "key" , cmdSELKEY , 0, N_("select subkey N") }, { "key" , cmdSELKEY , 0, N_("select subkey N") },
{ "check" , cmdCHECK , 0, N_("check signatures") }, { "check" , cmdCHECK , 0, N_("check signatures") },
{ "c" , cmdCHECK , 0, NULL }, { "c" , cmdCHECK , 0, NULL },
{ "cross-certify", cmdBACKSIGN , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
{ "backsign", cmdBACKSIGN , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL }, { "backsign", cmdBACKSIGN , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
{ "sign" , cmdSIGN , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH, { "sign" , cmdSIGN , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
N_("sign selected user IDs [* see below for related commands]") }, N_("sign selected user IDs [* see below for related commands]") },

View File

@ -1866,7 +1866,7 @@ check_sig_and_print( CTX c, KBNODE node )
if (!rc) if (!rc)
{ {
if(opt.verify_options&VERIFY_PKA_LOOKUP) if(opt.verify_options&VERIFY_PKA_LOOKUPS)
pka_uri_from_sig (sig); /* Make sure PKA info is available. */ pka_uri_from_sig (sig); /* Make sure PKA info is available. */
rc = check_signatures_trust( sig ); rc = check_signatures_trust( sig );
} }

View File

@ -215,10 +215,13 @@ struct
int disable_ccid; /* Disable the use of the internal CCID driver. */ int disable_ccid; /* Disable the use of the internal CCID driver. */
#endif /*ENABLE_CARD_SUPPORT*/ #endif /*ENABLE_CARD_SUPPORT*/
/* If set, require an 0x19 backsig to be present on signatures made struct
by signing subkeys. If not set, a missing backsig is not an {
error (but an invalid backsig still is). */ /* If set, require an 0x19 backsig to be present on signatures
int require_backsigs; made by signing subkeys. If not set, a missing backsig is not
an error (but an invalid backsig still is). */
unsigned int require_cross_cert:1;
} flags;
/* Linked list of ways to find a key if the key isn't on the local /* Linked list of ways to find a key if the key isn't on the local
keyring. */ keyring. */
@ -314,7 +317,7 @@ struct {
#define VERIFY_SHOW_KEYSERVER_URLS (1<<4) #define VERIFY_SHOW_KEYSERVER_URLS (1<<4)
#define VERIFY_SHOW_UID_VALIDITY (1<<5) #define VERIFY_SHOW_UID_VALIDITY (1<<5)
#define VERIFY_SHOW_UNUSABLE_UIDS (1<<6) #define VERIFY_SHOW_UNUSABLE_UIDS (1<<6)
#define VERIFY_PKA_LOOKUP (1<<7) #define VERIFY_PKA_LOOKUPS (1<<7)
#define VERIFY_PKA_TRUST_INCREASE (1<<8) #define VERIFY_PKA_TRUST_INCREASE (1<<8)
#define KEYSERVER_USE_TEMP_FILES (1<<0) #define KEYSERVER_USE_TEMP_FILES (1<<0)

View File

@ -100,7 +100,7 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
have backsigs, change this to always give the warning, have backsigs, change this to always give the warning,
and have --require-backsigs enable or disable the and have --require-backsigs enable or disable the
G10ERR_GENERAL. */ G10ERR_GENERAL. */
if(pk->backsig==0 && opt.require_backsigs) if(pk->backsig==0 && opt.flags.require_cross_cert)
{ {
log_info(_("WARNING: signing subkey %s is not" log_info(_("WARNING: signing subkey %s is not"
" cross-certified\n"),keystr_from_pk(pk)); " cross-certified\n"),keystr_from_pk(pk));