mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
*** empty log message ***
This commit is contained in:
parent
41fa8a3345
commit
9a854f1010
6
NEWS
6
NEWS
@ -11,6 +11,12 @@ Noteworthy changes in version 0.4.1
|
||||
"--s2k-mode 3 --s2k-cipher-algo cast5 --s2k-digest-algo sha1"
|
||||
when changing a passphrase.
|
||||
|
||||
* doc/OpenPGP talks about OpenPGP compliance, doc/HACKING gives
|
||||
some hints about the internal structure.
|
||||
|
||||
* checked gnupg against the August 1998 draft (07) and I believe
|
||||
it is in compliance with this document (except one point).
|
||||
|
||||
|
||||
Noteworthy changes in version 0.4.0
|
||||
-----------------------------------
|
||||
|
9
TODO
9
TODO
@ -2,6 +2,15 @@
|
||||
* after creating a new uid, the preferences in the trustdb are not updated.
|
||||
We should always sync the trustdb in such cases.
|
||||
|
||||
* The critical bit of signature subpackets is not yet supported; i.e.
|
||||
it is ignored.
|
||||
|
||||
* Exportable Certification Flag is ignored
|
||||
|
||||
* Why does OpenPGP say: The algorithm byte is included in the
|
||||
checksum of an encoded key, but the actual implementaion does
|
||||
not do this but works??
|
||||
|
||||
* write a tool to extract selected keys from a file.
|
||||
|
||||
* new menu to delete signatures and list signature in menu
|
||||
|
@ -3,6 +3,8 @@
|
||||
(Some notes on GNUPG internals.)
|
||||
|
||||
|
||||
===> Under construction <=======
|
||||
|
||||
|
||||
Memory allocation
|
||||
-----------------
|
||||
|
@ -1,6 +1,6 @@
|
||||
## Process this file with automake to create Makefile.in
|
||||
|
||||
EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ HACKING
|
||||
EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ HACKING OpenPGP
|
||||
|
||||
man_MANS = gpg.1
|
||||
|
||||
|
129
doc/OpenPGP
Normal file
129
doc/OpenPGP
Normal file
@ -0,0 +1,129 @@
|
||||
GNUPG and OpenPGP
|
||||
=================
|
||||
|
||||
The current OpenPGP draft expires 1999-02.
|
||||
|
||||
OpenPGP is an Internet-Draft. Internet-Drafts are working
|
||||
documents of the Internet Engineering Task Force (IETF), its areas,
|
||||
and its working groups. Note that other groups may also distribute
|
||||
working documents as Internet-Drafts.
|
||||
|
||||
Internet-Drafts are draft documents valid for a maximum of six
|
||||
months and may be updated, replaced, or obsoleted by other documents
|
||||
at any time. It is inappropriate to use Internet-Drafts as
|
||||
reference material or to cite them other than as "work in progress."
|
||||
|
||||
To view the entire list of current Internet-Drafts, please check the
|
||||
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
|
||||
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
|
||||
Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
|
||||
Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
|
||||
|
||||
|
||||
Compatibility Notes
|
||||
===================
|
||||
GNUPG (>0.4) is in compliance with OpenPGP despite these exeptions:
|
||||
|
||||
* (5.1) The critical bit in signature subpackets is currently
|
||||
ignored. This will be fixed soon.
|
||||
|
||||
* (5.3) GNUPG has an option to use simple S2K for "Symmetric-Key
|
||||
Encrypted Session-Key Packets"; however a warning message is
|
||||
issued if this option is active.
|
||||
|
||||
* (5.5.2) states that an implementaion MUST NOT create a v3 key
|
||||
with an algorithm other than RSA. GNUPG has an option to
|
||||
create an ElGamal key in a v3 packet; the properties of such
|
||||
a key are as good as a v4 key. RFC1991 does not specifiy how
|
||||
to create fingerprints for algorithms other than RSA and so it
|
||||
is okay to choose a special format for ElGamal.
|
||||
|
||||
* (9.1) states that RSA SHOULD be implemented. This is not done
|
||||
(except with an extension, usable outside the U.S.) due to
|
||||
patent problems.
|
||||
|
||||
* (9.2) states that IDEA SHOULD be implemented. This is not done
|
||||
due to patent problems.
|
||||
|
||||
* (12.1) states that an implementaion MUST NOT use a symmetric
|
||||
algorithm which is not in the preference list. GNUPG has an
|
||||
option to override this.
|
||||
|
||||
* A special format of partial packet length exists for v3 packets
|
||||
which can be considered to be in compliance with RFC1991; this
|
||||
format is only created if a special option is active.
|
||||
|
||||
All MAY features are implemented with this exception:
|
||||
|
||||
* multi-part armored messages are not supported.
|
||||
MIME should be used instead.
|
||||
|
||||
|
||||
|
||||
|
||||
Some Notes on OpenPGP / PGP Compatibility:
|
||||
==========================================
|
||||
|
||||
* PGP 5.x does not accept V4 signatures for anything other than
|
||||
key material.
|
||||
|
||||
* PGP 5.x does not recognize the "five-octet" lengths in
|
||||
new-format headers or in signature subpacket lengths.
|
||||
|
||||
* PGP 5.0 rejects an encrypted session key if the keylength
|
||||
differs from the S2K symmetric algorithm. This is a bug in its
|
||||
validation function.
|
||||
|
||||
* PGP 5.0 does not handle multiple one-pass signature headers and
|
||||
trailers. Signing one will compress the one-pass signed literal
|
||||
and prefix a V3 signature instead of doing a nested one-pass
|
||||
signature.
|
||||
|
||||
* When exporting a private key, PGP 2.x generates the header
|
||||
"BEGIN PGP SECRET KEY BLOCK" instead of "BEGIN PGP PRIVATE KEY
|
||||
BLOCK". All previous versions ignore the implied data type, and
|
||||
look directly at the packet data type.
|
||||
|
||||
* In a clear-signed signature, PGP 5.0 will figure out the correct
|
||||
hash algorithm if there is no "Hash:" header, but it will reject
|
||||
a mismatch between the header and the actual algorithm used. The
|
||||
"standard" (i.e. Zimmermann/Finney/et al.) version of PGP 2.x
|
||||
rejects the "Hash:" header and assumes MD5. There are a number
|
||||
of enhanced variants of PGP 2.6.x that have been modified for
|
||||
SHA-1 signatures.
|
||||
|
||||
* PGP 5.0 can read an RSA key in V4 format, but can only recognize
|
||||
it with a V3 keyid, and can properly use only a V3 format RSA
|
||||
key.
|
||||
|
||||
* Neither PGP 5.x nor PGP 6.0 recognize Elgamal Encrypt and Sign
|
||||
keys. They only handle Elgamal Encrypt-only keys.
|
||||
|
||||
|
||||
Parts of this document are taken from:
|
||||
======================================
|
||||
|
||||
OpenPGP Message Format
|
||||
draft-ietf-openpgp-formats-07.txt
|
||||
|
||||
|
||||
Copyright 1998 by The Internet Society. All Rights Reserved.
|
||||
|
||||
This document and translations of it may be copied and furnished to
|
||||
others, and derivative works that comment on or otherwise explain it
|
||||
or assist in its implementation may be prepared, copied, published
|
||||
and distributed, in whole or in part, without restriction of any
|
||||
kind, provided that the above copyright notice and this paragraph
|
||||
are included on all such copies and derivative works. However, this
|
||||
document itself may not be modified in any way, such as by removing
|
||||
the copyright notice or references to the Internet Society or other
|
||||
Internet organizations, except as needed for the purpose of
|
||||
developing Internet standards in which case the procedures for
|
||||
copyrights defined in the Internet Standards process must be
|
||||
followed, or as required to translate it into languages other than
|
||||
English.
|
||||
|
||||
The limited permissions granted above are perpetual and will not be
|
||||
revoked by the Internet Society or its successors or assigns.
|
||||
|
||||
|
24
doc/gpg.1pod
24
doc/gpg.1pod
@ -75,7 +75,7 @@ B<-k> [I<username>] [I<keyring>]
|
||||
B<-kvc> List fingerprints
|
||||
B<-kvvc> List fingerprints and signatures
|
||||
|
||||
B<--list-keys> [I<names>]
|
||||
B<--list-keys> [I<names>]
|
||||
List all keys from the public keyrings, or just the
|
||||
ones given on the command line.
|
||||
|
||||
@ -83,7 +83,7 @@ B<--list-secret-keys> [I<names>]
|
||||
List all keys from the secret keyrings, or just the
|
||||
ones given on the command line.
|
||||
|
||||
B<--list-sigs> [I<names>]
|
||||
B<--list-sigs> [I<names>]
|
||||
Same as B<--list-keys>, but the signatures are listed
|
||||
too.
|
||||
|
||||
@ -201,7 +201,7 @@ B<--import-ownertrust> [I<filename>]
|
||||
|
||||
Long options can be put in an options file (default F<~/.gnupg/options>);
|
||||
do not write the 2 dashes, but simply the name of the option and any
|
||||
arguments if required. Lines with a hash as the first non-white-space
|
||||
arguments if required. Lines with a hash as the first non-white-space
|
||||
character are ignored. Commands may be put in this file too, but that
|
||||
does not make sense.
|
||||
|
||||
@ -322,7 +322,9 @@ B<--cipher-algo> I<name>
|
||||
B<--digest-algo> I<name>
|
||||
Use I<name> as message digest algorithm. Running the
|
||||
program with the option B<--verbose> yields a list of
|
||||
supported algorithms.
|
||||
supported algorithms. Please note that using this
|
||||
option may violate the OpenPGP requirement, that a
|
||||
160 bit hash is to be used for DSA.
|
||||
|
||||
B<--s2k-cipher-algo> I<name>
|
||||
Use I<name> as the cipher algorithm used to protect secret
|
||||
@ -411,11 +413,11 @@ a signature was bad and other errorcode for fatal errors.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
-se -r Bob [file] sign and encrypt for user Bob
|
||||
-sat [file] make a clear text signature
|
||||
-sb [file] make a detached signature
|
||||
-k [userid] show keys
|
||||
-kc [userid] show fingerprint
|
||||
-se -r Bob [file] sign and encrypt for user Bob
|
||||
-sat [file] make a clear text signature
|
||||
-sb [file] make a detached signature
|
||||
-k [userid] show keys
|
||||
-kc [userid] show fingerprint
|
||||
|
||||
=head1 ENVIRONMENT
|
||||
|
||||
@ -430,13 +432,13 @@ F<~/.gnupg/pubring.gpg> The public keyring
|
||||
|
||||
F<~/.gnupg/trustdb.gpg> The trust database
|
||||
|
||||
F<~/.gnupg/options> May contain options
|
||||
F<~/.gnupg/options> May contain options
|
||||
|
||||
F</usr[/local]/lib/gnupg/> Default location for extensions
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
gpg(1) gpgm(1)
|
||||
gpg(1) gpgm(1)
|
||||
|
||||
|
||||
=head1 WARNINGS
|
||||
|
@ -1,3 +1,8 @@
|
||||
Tue Sep 29 08:32:08 1998 me,,, (wk@tobold)
|
||||
|
||||
* mainproc.c (proc_plaintext): Display note for special filename.
|
||||
* plaintext.c (handle_plaintext): Suppress output of special file.
|
||||
|
||||
Mon Sep 28 12:57:12 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||
|
||||
* g10.c (verify_own_keys): Add warning if a key is not protected.
|
||||
|
11
g10/g10.c
11
g10/g10.c
@ -215,11 +215,11 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oMarginalsNeeded, "marginals-needed", 1, N_("(default is 3)")},
|
||||
{ oLoadExtension, "load-extension" ,2, N_("|file|load extension module")},
|
||||
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
|
||||
{ oS2KMode, "s2k-mode", 1, N_("|N| use passphrase mode N")},
|
||||
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
|
||||
{ oS2KDigest, "s2k-digest-algo",2,
|
||||
N_("|NAME| use message digest algorithm NAME for passphrases")},
|
||||
N_("|NAME|use message digest algorithm NAME for passphrases")},
|
||||
{ oS2KCipher, "s2k-cipher-algo",2,
|
||||
N_("|NAME| use cipher algorithm NAME for passphrases")},
|
||||
N_("|NAME|use cipher algorithm NAME for passphrases")},
|
||||
#ifdef IS_G10
|
||||
{ oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")},
|
||||
{ oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
|
||||
@ -789,7 +789,10 @@ main( int argc, char **argv )
|
||||
if( opt.marginals_needed < 2 )
|
||||
log_error(_("marginals-needed must be greater than 1\n"));
|
||||
switch( opt.s2k_mode ) {
|
||||
case 0: case 1: case 3: break;
|
||||
case 0:
|
||||
log_info(_("note: simple S2K mode (0) is strongly discouraged\n"));
|
||||
break;
|
||||
case 1: case 3: break;
|
||||
default:
|
||||
log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
|
||||
}
|
||||
|
@ -247,6 +247,7 @@ import_one( const char *fname, KBNODE keyblock )
|
||||
u32 keyid[2];
|
||||
int rc = 0;
|
||||
int new_key = 0;
|
||||
int mod_key = 0;
|
||||
|
||||
/* get the key and print some info about it */
|
||||
node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
|
||||
@ -284,6 +285,7 @@ import_one( const char *fname, KBNODE keyblock )
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* do we have this key already in one of our pubrings ? */
|
||||
pk_orig = m_alloc_clear( sizeof *pk_orig );
|
||||
rc = get_pubkey( pk_orig, keyid );
|
||||
@ -350,6 +352,7 @@ import_one( const char *fname, KBNODE keyblock )
|
||||
if( rc )
|
||||
goto leave;
|
||||
if( n_uids || n_sigs || n_subk ) {
|
||||
mod_key = 1;
|
||||
/* keyblock_orig has been updated; write */
|
||||
if( opt.verbose > 1 )
|
||||
log_info_f(keyblock_resource_name(&kbpos),
|
||||
@ -394,6 +397,8 @@ import_one( const char *fname, KBNODE keyblock )
|
||||
log_error("key %08lX: trustdb insert failed: %s\n",
|
||||
(ulong)keyid[1], g10_errstr(rc) );
|
||||
}
|
||||
else if( mod_key )
|
||||
rc = update_trustdb( new_key? pk: pk_orig);
|
||||
else
|
||||
rc = clear_trust_checked_flag( new_key? pk : pk_orig );
|
||||
}
|
||||
|
@ -243,7 +243,9 @@ proc_plaintext( CTX c, PACKET *pkt )
|
||||
int any, clearsig, rc;
|
||||
KBNODE n;
|
||||
|
||||
if( opt.verbose )
|
||||
if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
|
||||
log_info(_("note: sender requested \"for-your-eyes-only\"\n"));
|
||||
else if( opt.verbose )
|
||||
log_info("original file name='%.*s'\n", pt->namelen, pt->name);
|
||||
free_md_filter_context( &c->mfx );
|
||||
c->mfx.md = md_open( 0, 0);
|
||||
|
@ -98,6 +98,10 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
|
||||
fname = m_alloc( strlen( opt.outfile ) + 1);
|
||||
strcpy(fname, opt.outfile );
|
||||
}
|
||||
else if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) {
|
||||
log_info(_("data not saved; use option \"--output\" to save it\n"));
|
||||
nooutput = 1;
|
||||
}
|
||||
else {
|
||||
fname = m_alloc( pt->namelen +1 );
|
||||
memcpy( fname, pt->name, pt->namelen );
|
||||
|
@ -909,15 +909,16 @@ update_sigs( TRUSTREC *dir )
|
||||
if( (sig->sig_class&~3) == 0x10 ) {
|
||||
rc = check_key_signature( keyblock, node, &i );
|
||||
if( rc == G10ERR_NO_PUBKEY ) {
|
||||
log_info("key %08lX.%lu, uid %02X%02X: "
|
||||
"no public key for signature %08lX\n",
|
||||
if( opt.verbose )
|
||||
log_info(_("key %08lX.%lu, uid %02X%02X: "
|
||||
"no public key for signature %08lX\n"),
|
||||
(ulong)keyid[1], lid, urec.r.uid.namehash[18],
|
||||
urec.r.uid.namehash[19], (ulong)sig->keyid[1] );
|
||||
miskey = 1;
|
||||
}
|
||||
else if( rc )
|
||||
log_error("key %08lX.%lu, uid %02X%02X: "
|
||||
"invalid %ssignature: %s\n",
|
||||
log_info(_("key %08lX.%lu, uid %02X%02X: "
|
||||
"invalid %ssignature: %s\n"),
|
||||
(ulong)keyid[1], lid, urec.r.uid.namehash[18],
|
||||
urec.r.uid.namehash[19],
|
||||
i?"self-":"",g10_errstr(rc));
|
||||
@ -1520,6 +1521,7 @@ list_trust_path( int max_depth, const char *username )
|
||||
|
||||
/****************
|
||||
* Check the complete trustdb or only the entries for the given username
|
||||
* FIXME: We need a mode which only looks at keys with the MISKEY flag set.
|
||||
*/
|
||||
void
|
||||
check_trustdb( const char *username )
|
||||
|
@ -1,5 +1,5 @@
|
||||
# Generated automatically from Makefile.in by configure.
|
||||
# Makefile.in generated automatically by automake 1.2f from Makefile.am
|
||||
# Makefile.in generated automatically by automake 1.3 from Makefile.am
|
||||
|
||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998 Free Software Foundation, Inc.
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
@ -37,6 +37,8 @@ mandir = ${prefix}/man
|
||||
includedir = ${prefix}/include
|
||||
oldincludedir = /usr/include
|
||||
|
||||
DISTDIR =
|
||||
|
||||
pkgdatadir = $(datadir)/gnupg
|
||||
pkglibdir = $(libdir)/gnupg
|
||||
pkgincludedir = $(includedir)/gnupg
|
||||
@ -93,7 +95,7 @@ RANLIB = ranlib
|
||||
USE_INCLUDED_LIBINTL = no
|
||||
USE_NLS = no
|
||||
VERSION = 0.4.0a
|
||||
ZLIBS =
|
||||
ZLIBS = ../zlib/libzlib.a
|
||||
l =
|
||||
|
||||
CFLAGS = -O -Wall
|
||||
@ -103,7 +105,7 @@ EXTRA_DIST = README algorithm.doc ChangeLog example.c
|
||||
# I found no other easy way to use this only if zlib is neede
|
||||
# doing this with SUBDIR = @xxx@ in the top Makefile.am does not
|
||||
# work because automake doesn't scan this Makefile.am here.
|
||||
#noinst_LIBRARIES = libzlib.a
|
||||
noinst_LIBRARIES = libzlib.a
|
||||
|
||||
libzlib_a_SOURCES = adler32.c compress.c crc32.c gzio.c \
|
||||
uncompr.c deflate.c trees.c zutil.c \
|
||||
@ -122,7 +124,7 @@ LIBRARIES = $(noinst_LIBRARIES)
|
||||
DEFS = -DHAVE_CONFIG_H -I. -I$(srcdir) -I..
|
||||
CPPFLAGS =
|
||||
LDFLAGS =
|
||||
LIBS = -ldl -lz
|
||||
LIBS = -ldl
|
||||
libzlib_a_LIBADD =
|
||||
libzlib_a_OBJECTS = adler32.o compress.o crc32.o gzio.o uncompr.o \
|
||||
deflate.o trees.o zutil.o inflate.o infblock.o inftrees.o infcodes.o \
|
||||
@ -144,14 +146,14 @@ DEP_FILES = .deps/adler32.P .deps/compress.P .deps/crc32.P \
|
||||
SOURCES = $(libzlib_a_SOURCES)
|
||||
OBJECTS = $(libzlib_a_OBJECTS)
|
||||
|
||||
default: all
|
||||
all: Makefile $(LIBRARIES)
|
||||
|
||||
.SUFFIXES:
|
||||
.SUFFIXES: .S .c .o .s
|
||||
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
|
||||
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
|
||||
cd $(top_srcdir) && $(AUTOMAKE) --gnu zlib/Makefile
|
||||
|
||||
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES)
|
||||
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES)
|
||||
cd $(top_builddir) \
|
||||
&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
|
||||
|
||||
@ -267,8 +269,6 @@ install: install-exec install-data all
|
||||
|
||||
uninstall:
|
||||
|
||||
all: Makefile $(LIBRARIES)
|
||||
|
||||
install-strip:
|
||||
$(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' INSTALL_SCRIPT='$(INSTALL_PROGRAM)' install
|
||||
installdirs:
|
||||
@ -305,7 +305,7 @@ maintainer-clean: maintainer-clean-noinstLIBRARIES \
|
||||
@echo "This command is intended for maintainers to use;"
|
||||
@echo "it deletes files that may require special tools to rebuild."
|
||||
|
||||
.PHONY: default mostlyclean-noinstLIBRARIES distclean-noinstLIBRARIES \
|
||||
.PHONY: mostlyclean-noinstLIBRARIES distclean-noinstLIBRARIES \
|
||||
clean-noinstLIBRARIES maintainer-clean-noinstLIBRARIES \
|
||||
mostlyclean-compile distclean-compile clean-compile \
|
||||
maintainer-clean-compile tags mostlyclean-tags distclean-tags \
|
||||
|
Loading…
x
Reference in New Issue
Block a user