very first release

g10/Makefile.am

@@ -1,6 +1,7 @@
 ## Process this file with automake to produce Makefile.in
 
 INCLUDES = -I$(top_srcdir)/include
+EXTRA_DIST = OPTIONS
 
 bin_PROGRAMS = g10
 

g10/Makefile.in

@@ -39,6 +39,7 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@
 transform = @program_transform_name@
 
 INCLUDES = -I$(top_srcdir)/include
+EXTRA_DIST = OPTIONS
 
 bin_PROGRAMS = g10
 

g10/OPTIONS

@@ -0,0 +1,135 @@
+# This is a sample option file
+#
+# Unless you you specify which option file to use with the
+# commandline option "--options filename", g10 uses per
+# default the file ~/.g10/options.
+#
+# An option file can contain all long options which are
+# available in G10. If the first non white space character of
+# a line is a '#', this line is ignored.  Empty lines are also
+# ignored.
+#
+# Here is a list of all possible options. Not of all them make
+# sense in an option file; consider this as a complete option
+# reference
+
+add-key
+# add key to the public keyring
+
+armor
+# create ascii armored output
+
+
+batch
+# batch mode: never ask
+
+cache-all
+# hold everything in memory
+
+change-passphrase
+# change the passphrase of your secret keyring
+
+check
+# check a signature
+
+check-key
+# check signatures on a key in the keyring
+
+debug  value|hexvalue
+#  set debugging flags,
+
+debug-all
+# enable full debugging
+
+decrypt
+# decrypt data (default)
+
+delete-key
+# remove key from public keyring,
+
+detach-sign
+# make a detached signature,
+
+dry-run
+# don't make any changes
+
+encrypt
+# encrypt data
+
+fingerprint
+# show the fingerprints,
+
+gen-key
+# generate a new key pair,
+
+gen-prime
+# Generate a prime.
+# With one argument:  take it as the bitsize and make a simple prime of
+#		      this size
+# With two arguments: Generate a prime, usable for DL algorithms.
+# With three arguments: same as above, but a third argument indicates
+#			taht a generator should also be calculated.
+
+keyring  filename
+# add this filename to the list of keyrings
+
+local-user user-string
+#  use this user-string to sign or decrypt
+
+no
+# assume no on most questions
+
+no-armor
+# Assume the input data is not in ascii armored format.
+
+no-default-keyring
+# Do not add the default keyrings to the list of keyrings
+
+options filename
+#  Ignored in option files.
+
+output filename
+# use filename for output
+
+print-mds
+# print all message digests of all give filenames
+
+remote-user
+# use this user-id for encryption"
+
+
+secret-keyring filename
+# add filename to the list of secret keyrings
+
+sign
+# make a signature
+
+sign-key
+# make a signature on a key in the keyring
+# Argument is the userid of the key to sign.
+# This looks for the key, displays the key and checks all
+# existing signatures of this key. If the key is not yet signed
+# by the default user (or the users given with "-l"), the programm
+# displays the information of the key again, together with
+# it's fingerprint and asked wehter it should be signed. This question
+# is repeated for all users specified with "-l".  The key is then signed
+# and the keyring which contains the key is updated.
+
+store
+# simply packs the input data into a rfc1991 packet format
+
+symmetric
+# encrypt the input only with the symmetric (conventional) cipher.
+# This asks for a passphrase.
+
+test
+# Used for testing some parts of the program
+
+verbose
+# Give more informations suring processing. If used 2 times, the input data
+# is listed in detail.
+
+yes
+# assume yes on most questions
+
+

g10/g10.c

@@ -131,8 +131,9 @@ main( int argc, char **argv )
     { 515, "fingerprint", 0, "show the fingerprints"},
     { 516, "print-mds" , 0, "print all message digests"},
     { 517, "secret-keyring" ,2, "add this secret keyring to the list" },
-    { 518, "config"    , 2, "use this config file" },
+    { 518, "options"   , 2, "read options from file" },
     { 519, "no-armor",   0, "\r"},
+    { 520, "no-default-keyring", 0, "\r" },
 
     {0} };
     ARGPARSE_ARGS pargs;
@@ -155,9 +156,10 @@ main( int argc, char **argv )
     int parse_verbose = 0;
     int default_config =1;
     int errors=0;
+    int default_keyring = 1;
 
 
-    opt.compress = -1; /* defaults to default compression level */
+    opt.compress = 0; /* defaults to no compression level */
 
     /* check wether we have a config file on the commandline */
     orig_argc = argc;
@@ -212,10 +214,7 @@ main( int argc, char **argv )
 	  case 'z': opt.compress = pargs.r.ret_int; break;
 	  case 'a': opt.armor = 1; opt.no_armor=0; break;
 	  case 'c': action = aSym; break;
-	  case 'o': opt.outfile = pargs.r.ret_str;
-		    if( opt.outfile[0] == '-' && !opt.outfile[1] )
-			opt.outfile_is_stdout = 1;
-		    break;
+	  case 'o': opt.outfile = pargs.r.ret_str; break;
 	  case 'e': action = action == aSign? aSignEncr : aEncr; break;
 	  case 'b': detached_sig = 1;
 	       /* fall trough */
@@ -257,6 +256,7 @@ main( int argc, char **argv )
 	    }
 	    break;
 	  case 519: opt.no_armor=1; opt.armor=0; break;
+	  case 520: default_keyring = 0; break;
 	  default : errors++; pargs.err = configfp? 1:2; break;
 	}
     }
@@ -280,12 +280,12 @@ main( int argc, char **argv )
 	    fputs(s, stderr);
     }
 
-    if( !sec_nrings ) { /* add default secret rings */
+    if( !sec_nrings || default_keyring ) { /* add default secret rings */
 	char *p = make_filename("~/.g10", "secring.g10", NULL );
 	add_secret_keyring(p);
 	m_free(p);
     }
-    if( !nrings ) { /* add default ring */
+    if( !nrings || default_keyring ) { /* add default ring */
 	char *p = make_filename("~/.g10", "pubring.g10", NULL );
 	add_keyring(p);
 	m_free(p);
@@ -331,6 +331,7 @@ main( int argc, char **argv )
 
 
       case aSignEncr: /* sign and encrypt the given file */
+	log_fatal("signing and encryption is not yet implemented\n");
 	usage(1);  /* FIXME */
 	break;
 

g10/keygen.c

@@ -39,17 +39,6 @@
 #endif
 
 
-static int
-answer_is_yes( const char *s )
-{
-    if( !stricmp(s, "yes") )
-	return 1;
-    if( *s == 'y' && !s[1] )
-	return 1;
-    if( *s == 'Y' && !s[1] )
-	return 1;
-    return 0;
-}
 
 
 static u16
@@ -356,7 +345,7 @@ generate_keypair()
 	else if( algo == 3 ) {
 	    algo = PUBKEY_ALGO_DSA;
 	    algo_name = "DSA";
-	    break;
+	    tty_printf("Sorry; DSA is not yet supported.\n");
 	}
     }
 
@@ -380,8 +369,8 @@ generate_keypair()
       #endif
 	if( algo == PUBKEY_ALGO_DSA && (nbits < 512 || nbits > 1024) )
 	    tty_printf("DSA does only allow keysizes from 512 to 1024\n");
-	else if( nbits < 128 ) /* FIXME: change this to 768 */
-	    tty_printf("keysize too small; please select a larger one\n");
+	else if( nbits < 768 )
+	    tty_printf("keysize too small; 768 is smallest value allowed.\n");
 	else if( nbits > 2048 ) {
 	    tty_printf("Keysizes larger than 2048 are not suggested, because "
 		       "computations take REALLY long!\n");
@@ -441,20 +430,28 @@ generate_keypair()
     tty_printf( "You need a Passphrase to protect your secret key.\n\n" );
 
     dek = m_alloc_secure( sizeof *dek );
-    dek->algo = CIPHER_ALGO_BLOWFISH;
-    rc = make_dek_from_passphrase( dek , 2 );
-    if( rc == -1 ) {
-	m_free(dek); dek = NULL;
-	tty_printf(
+    for(;;) {
+	dek->algo = CIPHER_ALGO_BLOWFISH;
+	rc = make_dek_from_passphrase( dek , 2 );
+	if( rc == -1 ) {
+	    m_free(dek); dek = NULL;
+	    tty_printf(
 	    "You don't what a passphrase - this is probably a *bad* idea!\n"
 	    "I will do it anyway.  You can change your passphrase at anytime,\n"
 	    "using this program with the option \"--change-passphrase\"\n\n" );
-    }
-    else if( rc ) {
-	m_free(dek); dek = NULL;
-	m_free(uid);
-	log_error("Error getting the passphrase: %s\n", g10_errstr(rc) );
-	return;
+	    break;
+	}
+	else if( rc == G10ERR_PASSPHRASE ) {
+	    tty_printf("passphrase not correctly repeated; try again.\n");
+	}
+	else if( rc ) {
+	    m_free(dek); dek = NULL;
+	    m_free(uid);
+	    log_error("Error getting the passphrase: %s\n", g10_errstr(rc) );
+	    return;
+	}
+	else
+	    break; /* okay */
     }
 
 
@@ -474,6 +471,12 @@ generate_keypair()
     pub_root = make_comment_node("#created by G10 pre-release " VERSION );
     sec_root = make_comment_node("#created by G10 pre-release " VERSION );
 
+    tty_printf(
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (work in another window, move the mouse, utilize the\n"
+"network and the disks) during the prime generation; this gives the random\n"
+"number generator a better chance to gain enough entropy.\n" );
+
     if( algo == PUBKEY_ALGO_ELGAMAL )
 	rc = gen_elg(nbits, pub_root, sec_root, dek, &skc );
   #ifdef HAVE_RSA_CIPHER

g10/main.h

@@ -37,6 +37,9 @@ int encode_crypt( const char *filename, STRLIST remusr );
 int sign_file( const char *filename, int detached, STRLIST locusr );
 int sign_key( const char *username, STRLIST locusr );
 
+/*-- sig-check.c --*/
+int check_key_signature( KBNODE root, KBNODE node );
+
 /*-- keygen.c --*/
 void generate_keypair(void);
 

g10/openfile.c

@@ -87,7 +87,7 @@ open_outfile( const char *iname )
     IOBUF a = NULL;
     int rc;
 
-    if( (!iname && !opt.outfile) || opt.outfile_is_stdout ) {
+    if( !iname && !opt.outfile ) {
 	if( !(a = iobuf_create(NULL)) )
 	    log_error("can't open [stdout]: %s\n", strerror(errno) );
 	else if( opt.verbose )

g10/options.h

@@ -26,7 +26,7 @@ struct {
     int armor;
     int compress;
     char *outfile;
-    int outfile_is_stdout;
+    int reserved0;
     int batch;	    /* run in batch mode */
     int answer_yes; /* answer yes on most questions */
     int answer_no;  /* answer no on most questions */

g10/passphrase.c

@@ -27,6 +27,7 @@
 #include "memory.h"
 #include "ttyio.h"
 #include "cipher.h"
+#include "keydb.h"
 
 
 static int hash_passphrase( DEK *dek, char *pw );
@@ -44,8 +45,14 @@ get_passphrase_hash( u32 *keyid, char *text )
     DEK *dek;
 
     if( keyid ) {
+	char *ustr;
 	tty_printf("\nNeed a pass phrase to unlock the secret key!\n");
-	tty_printf("KeyID: %08lX\n\n",  keyid[1] );
+	tty_printf("KeyID: " );
+	ustr = get_user_id_string( keyid );
+	tty_print_string( ustr, strlen(ustr) );
+	m_free(ustr);
+	tty_printf("\n\n");
+
     }
     if( keyid && (p=getenv("G10PASSPHRASE")) ) {
 	pw = m_alloc_secure(strlen(p)+1);

g10/plaintext.c

@@ -56,13 +56,8 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx )
 	fname[pt->namelen] = 0;
     }
 
-    if( !*fname ) { /* no filename given */
-	if( opt.outfile_is_stdout )
-	    fp = stdout;
-	else {
-	    log_error("no outputfile given\n");
-	    goto leave;
-	}
+    if( !*fname ) { /* no filename given; write to stdout */
+	fp = stdout;
     }
     else if( overwrite_filep( fname ) )
 	goto leave;

g10/ringedit.c

@@ -558,7 +558,7 @@ keyring_delete( KBPOS *kbpos )
     }
 
     len = kbpos->length;
-    log_debug("writing a dummy packet of length %lu\n", (ulong)len);
+    /*log_debug("writing a dummy packet of length %lu\n", (ulong)len);*/
 
     if( len < 2 )
 	log_bug(NULL);

g10/sig-check.c

@@ -198,8 +198,8 @@ signature_check( PKT_signature *sig, MD_HANDLE *digest )
     }
   #endif/*HAVE_RSA_CIPHER*/
     else {
-	log_debug("signature_check: unsupported pubkey algo %d\n",
-			pkc->pubkey_algo );
+	/*log_debug("signature_check: unsupported pubkey algo %d\n",
+			pkc->pubkey_algo );*/
 	rc = G10ERR_PUBKEY_ALGO;
 	goto leave;
     }
@@ -219,13 +219,46 @@ signature_check( PKT_signature *sig, MD_HANDLE *digest )
 int
 check_key_signature( KBNODE root, KBNODE node )
 {
+    KBNODE unode;
+    MD_HANDLE *md;
+    PKT_public_cert *pkc;
+    PKT_signature *sig;
+    int algo;
+    int rc;
+
     assert( node->pkt->pkttype == PKT_SIGNATURE );
     assert( (node->pkt->pkt.signature->sig_class&~3) == 0x10 );
     assert( root->pkt->pkttype == PKT_PUBLIC_CERT );
 
-    /*FIXME!!!!!!*/
+    pkc = root->pkt->pkt.public_cert;
+    sig = node->pkt->pkt.signature;
 
-    return 0;
+    if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL )
+	algo = sig->d.elg.digest_algo;
+    else if(sig->pubkey_algo == PUBKEY_ALGO_RSA )
+	algo = sig->d.rsa.digest_algo;
+    else
+	return G10ERR_PUBKEY_ALGO;
+    if( (rc=md_okay(algo)) )
+	return rc;
+
+    unode = find_kbparent( root, node );
+
+    if( unode && unode->pkt->pkttype == PKT_USER_ID ) {
+	PKT_user_id *uid = unode->pkt->pkt.user_id;
+
+	md = md_open( algo, 0 );
+	hash_public_cert( md, pkc );
+	md_write( md, uid->name, uid->len );
+	rc = signature_check( sig, md );
+	md_close(md);
+    }
+    else {
+	log_error("no user id for key signature packet\n");
+	rc = G10ERR_SIG_CLASS;
+    }
+
+    return rc;
 }