diff --git a/ChangeLog b/ChangeLog index dc43552dd..42fe782af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2004-07-22 Werner Koch + + Released 1.9.10. + +2004-07-21 Werner Koch + + * configure.ac: Don't set DIE to no after it might has been set to + yes. + 2004-07-20 Werner Koch * Makefile.am (sm): Build kbx only if gpgsm is to be build. diff --git a/NEWS b/NEWS index 3d9b4ca34..74250b04a 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,12 @@ -Noteworthy changes in version 1.9.10 ------------------------------------------------- +Noteworthy changes in version 1.9.10 (2004-07-22) +------------------------------------------------- + + * Fixed a serious bug in the checking of trusted root certificates. + + * New configure option --enable-agent-pnly allows to build and + install just the agent. + + * Fixed a problem with the log file handling. Noteworthy changes in version 1.9.9 (2004-06-08) diff --git a/README b/README index 5b4a69027..8027b6960 100644 --- a/README +++ b/README @@ -9,6 +9,10 @@ GnuPG 2.0 release. Note that GnuPG 1.3 and 1.9 are not always in sync and thus features and bug fixes done in 1.3 are not necessary available in 1.9. +You should use this GnuPG version if you want to use the gpg-agent or +gpgsm (the S/MIME variant of gpg). Note that the gpg-agent is also +helpful when using the standard gpg versions (1.2.x or 1.3.x). + BUILD INSTRUCTIONS ================== @@ -20,7 +24,10 @@ GnuPG 1.9 depends on the following packages: libassuan (ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/) libksba (ftp://ftp.gnupg.org/gcrypt/alpha/libksba/) -You also need the pinentry package for most function of GnupG; however +If you use the configure option --enable-agent-only, libksba is not +required. + +You also need the pinentry package for most function of GnuPG; however it is not a build requirement. pinentry is available at ftp://ftp.gnupg.org/gcrypt/pinentry/ . @@ -28,7 +35,7 @@ You should get the latest versions of course, the GnuPG configure script complains if a version is not sufficient. After building and installing the above packages in the order as given -above, you may now continue with GnupG installation (you may also just +above, you may now continue with GnuPG installation (you may also just try to build GnuPG to see whether your already installed versions are sufficient). @@ -42,9 +49,9 @@ As with all packages, you just have to do If everything succeeds, you have a working GnuPG with support for S/MIME and smartcards. Note that there is no binary gpg but a gpg2 so -that this package won't confict with a GnuPG 1.2 or1.3 -installation. gpg2 behaves just like gpg and it is possible to symlink -oto gpg if you want to use gpg 1.9. +that this package won't confict with a GnuPG 1.2 or 1.3 +installation. gpg2 behaves just like gpg; it is however suggested to +keep using gpg 1.2.x or 1.3.x. In case of problem please ask on gpa-dev@gnupg.org for advise. Note that this release is only expected to build on GNU and *BSD systems. @@ -71,7 +78,7 @@ gpgsm: prepended before each block. -gpg2: +gpg2: (Note that these card commands are also available with gpg 1.3.x) ----- --card-status @@ -268,9 +275,10 @@ policies.txt trustlist.txt - A list of trusted certificates usually maintained by - gpg-agent. It can however be edited manually. The file will - be created automagically with some explaining comments. + A list of trusted certificates. The file will be created + automagically with some explaining comments. By using + gpg-agent's option --allow-mark-trusted, gpg-agent may add new + entries after user confirmation. random_seed @@ -436,7 +444,7 @@ modes for gpgsm, here is the entire list of ways to specify a key: *Heine -Please note that we have reused the hash mark indentifier which was +Please note that we have reused the hash mark identifier which was used in old GnuPG versions to indicate the so called local-id. It is not anymore used and there should be no conflict when used with X.509 stuff. @@ -456,7 +464,7 @@ file. gpgsm --import foo.p12 -This require that the gpg-agent is running. +This requires that the gpg-agent is running. HOW TO EXPORT A PRIVATE KEY @@ -482,8 +490,8 @@ however you must have build GnuPG with support for the OpenSC library. The build process automagically detects the presence of this library and will include support for these cards. -The other card we currently support is the Telesec NetKey card with -the NKS 2.0 card application. +The other cards we currently support are the Telesec NetKey card with +the NKS 2.0 card application and all generic DINSIG cards. Before GPGSM can make use of a new card it must gather some information, like the card's serial number, the public keys and the diff --git a/TODO b/TODO index cb58f907b..ce835d8ec 100644 --- a/TODO +++ b/TODO @@ -1,12 +1,5 @@ -*- outline -*- -* Keylisting -Add the keygrip to the dump output -Explain how to setup a root CA key as trusted -Look for new system-wide certificates -Explain how trustlist.txt might be managed. - - * src/base64 ** Make parsing more robust @@ -83,4 +76,6 @@ might want to have an agent context for each service request ** Add a test to check the extkeyusage. - +* doc/ +** Explain how to setup a root CA key as trusted +** Explain how trustlist.txt might be managed. diff --git a/agent/ChangeLog b/agent/ChangeLog index 929959d85..d616b1544 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,10 @@ +2004-07-22 Werner Koch + + * trustlist.c (read_list): Allow colons in the fingerprint. + (headerblurb): Rephrased. + + * gpg-agent.c (handle_connections): Increase the stack size ot 256k. + 2004-06-20 Moritz Schulte * gpg-agent.c: Include (build fix for BSD). diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 69a28e78b..f7e701bbc 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1158,7 +1158,7 @@ handle_connections (int listen_fd) tattr = pth_attr_new(); pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0); - pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 32*1024); + pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024); pth_attr_set (tattr, PTH_ATTR_NAME, "gpg-agent"); sigemptyset (&sigs ); diff --git a/agent/trustlist.c b/agent/trustlist.c index 16b7dc34e..a0b6b9861 100644 --- a/agent/trustlist.c +++ b/agent/trustlist.c @@ -32,15 +32,16 @@ #include /* fixme: need a way to avoid assuan calls here */ static const char headerblurb[] = -"# This is the list of trusted keys. Comments like this one and empty\n" -"# lines are allowed but keep in mind that the entire file is integrity\n" +"# This is the list of trusted keys. Comment lines, like this one, as\n" +"# well as empty lines are ignored. The entire file may be integrity\n" "# protected by the use of a MAC, so changing the file does not make\n" -"# much sense without the knowledge of the MAC key. Lines do have a\n" -"# length limit but this is not serious limitation as the format of the\n" +"# sense without the knowledge of the MAC key. Lines do have a length\n" +"# limit but this is not serious limitation as the format of the\n" "# entries is fixed and checked by gpg-agent: A non-comment line starts\n" -"# with optional white spaces, followed by exactly 40 hex character,\n" -"# optioanlly followed by a flag character which my either be 'P', 'S'\n" -"# or '*'. Additional data delimited with by a white space is ignored.\n" +"# with optional white spaces, followed by the SHA-1 fingerpint in hex,\n" +"# optionally followed by a flag character which my either be 'P', 'S'\n" +"# or '*'. Additional data, delimited by white space, is ignored.\n" +"#\n" "# NOTE: You should give the gpg-agent a HUP after editing this file.\n" "\n"; @@ -97,7 +98,7 @@ static int read_list (char *key, int *keyflag) { int rc; - int c, i; + int c, i, j; char *p, line[256]; if (!trustfp) @@ -125,16 +126,17 @@ read_list (char *key, int *keyflag) : GPG_ERR_INCOMPLETE_LINE); } - /* Allow for emty lines and spaces */ + /* Allow for empty lines and spaces */ for (p=line; spacep (p); p++) ; } while (!*p || *p == '\n' || *p == '#'); - for (i=0; hexdigitp (p+i) && i < 40; i++) - key[i] = p[i] >= 'a'? (p[i] & 0xdf): p[i]; - key[i] = 0; - if (i!=40 || !(spacep (p+i) || p[i] == '\n')) + for (i=j=0; (p[i] == ':' || hexdigitp (p+i)) && j < 40; i++) + if ( p[i] != ':' ) + key[j++] = p[i] >= 'a'? (p[i] & 0xdf): p[i]; + key[j] = 0; + if (j!=40 || !(spacep (p+i) || p[i] == '\n')) { log_error ("invalid formatted fingerprint in trustlist\n"); return gpg_error (GPG_ERR_BAD_DATA); diff --git a/configure.ac b/configure.ac index e0f9b720e..87c015033 100644 --- a/configure.ac +++ b/configure.ac @@ -24,7 +24,7 @@ min_automake_version="1.7.6" # Version number: Remember to change it immediately *after* a release. # Add a "-cvs" prefix for non-released code. -AC_INIT(gnupg, 1.9.10-cvs, gnupg-devel@gnupg.org) +AC_INIT(gnupg, 1.9.10, gnupg-devel@gnupg.org) # Set development_version to yes if the minor number is odd or you # feel that the default check for a development version is not # sufficient. @@ -1067,7 +1067,6 @@ if test "$have_libassuan" = "no"; then ***]]) fi if test "$have_ksba" = "no"; then - die=no AC_MSG_NOTICE([[ *** *** You need libksba to build this program. diff --git a/po/ChangeLog b/po/ChangeLog index 97e68c730..c1bcd81e1 100644 --- a/po/ChangeLog +++ b/po/ChangeLog @@ -1,3 +1,7 @@ +2004-07-22 Werner Koch + + * de.po: Updated. + 2004-04-06 Werner Koch * Makevars (DOMAIN): Init from PACKAGE_GT diff --git a/po/de.po b/po/de.po index 2cf41ddb0..4dbe66e8a 100644 --- a/po/de.po +++ b/po/de.po @@ -8,17 +8,17 @@ # msgid "" msgstr "" -"Project-Id-Version: gnupg2 1.9.7\n" +"Project-Id-Version: gnupg2 1.9.10\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"POT-Creation-Date: 2004-04-29 19:50+0200\n" -"PO-Revision-Date: 2004-04-06 11:47+0200\n" +"POT-Creation-Date: 2004-07-22 09:54+0200\n" +"PO-Revision-Date: 2004-07-22 10:05+0200\n" "Last-Translator: Werner Koch \n" "Language-Team: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: agent/gpg-agent.c:94 agent/protect-tool.c:92 scd/scdaemon.c:92 +#: agent/gpg-agent.c:96 agent/protect-tool.c:94 scd/scdaemon.c:92 msgid "" "@Options:\n" " " @@ -26,51 +26,59 @@ msgstr "" "@Optionen:\n" " " -#: agent/gpg-agent.c:96 scd/scdaemon.c:94 +#: agent/gpg-agent.c:98 scd/scdaemon.c:94 msgid "run in server mode (foreground)" msgstr "Im Server Modus ausführen" -#: agent/gpg-agent.c:97 scd/scdaemon.c:95 +#: agent/gpg-agent.c:99 scd/scdaemon.c:95 msgid "run in daemon mode (background)" msgstr "Im Daemon Modus ausführen" -#: agent/gpg-agent.c:98 kbx/kbxutil.c:73 scd/scdaemon.c:96 sm/gpgsm.c:312 +#: agent/gpg-agent.c:100 kbx/kbxutil.c:75 scd/scdaemon.c:96 sm/gpgsm.c:313 #: tools/gpgconf.c:62 msgid "verbose" msgstr "ausführlich" -#: agent/gpg-agent.c:99 kbx/kbxutil.c:74 scd/scdaemon.c:97 sm/gpgsm.c:313 +#: agent/gpg-agent.c:101 kbx/kbxutil.c:76 scd/scdaemon.c:97 sm/gpgsm.c:314 msgid "be somewhat more quiet" msgstr "etwas weniger Aussageb erzeugen" -#: agent/gpg-agent.c:100 scd/scdaemon.c:98 +#: agent/gpg-agent.c:102 scd/scdaemon.c:98 msgid "sh-style command output" msgstr "Ausgabe für /bin/sh" -#: agent/gpg-agent.c:101 scd/scdaemon.c:99 +#: agent/gpg-agent.c:103 scd/scdaemon.c:99 msgid "csh-style command output" msgstr "Ausgabe für /bin/csh" -#: agent/gpg-agent.c:102 +#: agent/gpg-agent.c:104 msgid "|FILE|read options from FILE" msgstr "|DATEI|Konfigurationsoptionen aus DATEI lesen" -#: agent/gpg-agent.c:107 scd/scdaemon.c:106 +#: agent/gpg-agent.c:109 scd/scdaemon.c:106 msgid "do not detach from the console" msgstr "Im Vordergrund laufen lassen" -#: agent/gpg-agent.c:108 +#: agent/gpg-agent.c:110 msgid "do not grab keyboard and mouse" msgstr "Tastatur und Maus nicht \"grabben\"" -#: agent/gpg-agent.c:109 scd/scdaemon.c:107 sm/gpgsm.c:315 +#: agent/gpg-agent.c:111 scd/scdaemon.c:107 sm/gpgsm.c:316 msgid "use a log file for the server" msgstr "Logausgaben in eine Datei umlenken" -#: agent/gpg-agent.c:110 +#: agent/gpg-agent.c:112 msgid "do not allow multiple connections" msgstr "Nicht mehr als eine Verbindung erlauben" +#: agent/gpg-agent.c:115 +msgid "|PGM|use PGM as the PIN-Entry program" +msgstr "|PGM|benutze PGM as PIN-Entry" + +#: agent/gpg-agent.c:117 +msgid "|PGM|use PGM as the SCdaemon program" +msgstr "|PGM|benutze PGM as SCdaemon" + #: agent/gpg-agent.c:124 msgid "ignore requests to change the TTY" msgstr "Ignoriere Anfragen, das TTY zu wechseln" @@ -79,21 +87,33 @@ msgstr "Ignoriere Anfragen, das TTY zu wechseln" msgid "ignore requests to change the X display" msgstr "Ignoriere Anfragen, das X-Display zu wechseln" -#: agent/gpg-agent.c:180 agent/protect-tool.c:124 scd/scdaemon.c:165 -#: sm/gpgsm.c:479 tools/gpgconf.c:85 +#: agent/gpg-agent.c:129 +msgid "|N|expire cached PINs after N seconds" +msgstr "|N|lasse PINs im Cache nach N Sekunden verfallen" + +#: agent/gpg-agent.c:131 +msgid "do not use the PIN cache when signing" +msgstr "benutze PINs im Cache nicht bem Signieren" + +#: agent/gpg-agent.c:133 +msgid "allow clients to mark keys as \"trusted\"" +msgstr "erlaube Aufrufern Schlüssel als \"vertrauenswürdig\" zu markieren" + +#: agent/gpg-agent.c:191 agent/protect-tool.c:127 scd/scdaemon.c:165 +#: sm/gpgsm.c:481 tools/gpgconf.c:85 msgid "Please report bugs to <" msgstr "Fehlerberichte bitte an <" -#: agent/gpg-agent.c:180 agent/protect-tool.c:124 scd/scdaemon.c:165 -#: sm/gpgsm.c:479 tools/gpgconf.c:85 +#: agent/gpg-agent.c:191 agent/protect-tool.c:127 scd/scdaemon.c:165 +#: sm/gpgsm.c:481 tools/gpgconf.c:85 msgid ">.\n" msgstr ">.\n" -#: agent/gpg-agent.c:183 +#: agent/gpg-agent.c:194 msgid "Usage: gpg-agent [options] (-h for help)" msgstr "Gebrauch: gpg-agent [Optionen] (-h für Hilfe)" -#: agent/gpg-agent.c:185 +#: agent/gpg-agent.c:196 msgid "" "Syntax: gpg-agent [options] [command [args]]\n" "Secret key management for GnuPG\n" @@ -101,55 +121,55 @@ msgstr "" "Syntax: gpg-agent [Optionen] [Kommando [Argumente]]\n" "Verwaltung von geheimen Schlüssel für GnuPG\n" -#: agent/gpg-agent.c:256 scd/scdaemon.c:239 sm/gpgsm.c:602 +#: agent/gpg-agent.c:267 scd/scdaemon.c:239 sm/gpgsm.c:604 #, c-format msgid "invalid debug-level `%s' given\n" msgstr "ungültige Debugebene `%s' angegeben\n" -#: agent/gpg-agent.c:414 agent/protect-tool.c:1035 kbx/kbxutil.c:230 -#: scd/scdaemon.c:352 sm/gpgsm.c:725 +#: agent/gpg-agent.c:439 agent/protect-tool.c:1040 kbx/kbxutil.c:232 +#: scd/scdaemon.c:352 sm/gpgsm.c:726 #, c-format msgid "libgcrypt is too old (need %s, have %s)\n" msgstr "" "Die Bibliothek \"libgcrypt\" is zu alt (benötigt wird %s, vorhanden ist %s)\n" -#: agent/gpg-agent.c:487 scd/scdaemon.c:432 sm/gpgsm.c:823 +#: agent/gpg-agent.c:512 scd/scdaemon.c:432 sm/gpgsm.c:824 #, c-format msgid "NOTE: no default option file `%s'\n" msgstr "Notiz: Voreingestellte Konfigurationsdatei `%s' fehlt\n" -#: agent/gpg-agent.c:492 agent/gpg-agent.c:955 scd/scdaemon.c:437 -#: sm/gpgsm.c:827 +#: agent/gpg-agent.c:517 agent/gpg-agent.c:983 scd/scdaemon.c:437 +#: sm/gpgsm.c:828 #, c-format msgid "option file `%s': %s\n" msgstr "Konfigurationsdatei `%s': %s\n" -#: agent/gpg-agent.c:500 scd/scdaemon.c:445 sm/gpgsm.c:834 +#: agent/gpg-agent.c:525 scd/scdaemon.c:445 sm/gpgsm.c:835 #, c-format msgid "reading options from `%s'\n" msgstr "Optionen werden aus `%s' gelesen\n" -#: agent/gpg-agent.c:641 scd/scdaemon.c:619 +#: agent/gpg-agent.c:668 scd/scdaemon.c:619 msgid "please use the option `--daemon' to run the program in the background\n" msgstr "" "Bitte die Option `--daemon' nutzen um das Programm im Hintergund " "auszuführen\n" -#: agent/gpg-agent.c:988 agent/gpg-agent.c:1022 +#: agent/gpg-agent.c:1016 agent/gpg-agent.c:1050 #, c-format msgid "can't create directory `%s': %s\n" msgstr "Das Verzeichniss `%s' kann nicht erstell werden: %s\n" -#: agent/gpg-agent.c:991 agent/gpg-agent.c:1027 +#: agent/gpg-agent.c:1019 agent/gpg-agent.c:1055 #, c-format msgid "directory `%s' created\n" msgstr "Verzeichniss `%s' wurde erstellt\n" -#: agent/protect-tool.c:127 +#: agent/protect-tool.c:130 msgid "Usage: gpg-protect-tool [options] (-h for help)\n" msgstr "Gebrauch: gpg-protect-tool [Optionen] (-h für Hilfe)\n" -#: agent/protect-tool.c:129 +#: agent/protect-tool.c:132 msgid "" "Syntax: gpg-protect-tool [options] [args]]\n" "Secret key maintenance tool\n" @@ -157,7 +177,7 @@ msgstr "" "Syntax: gpg-protect-tool [Optionen] [Argumente]\n" "Werkzeug zum Bearbeiten von geheimen Schlüsseln\n" -#: agent/protect-tool.c:1142 +#: agent/protect-tool.c:1148 msgid "" "Please enter the passphrase or the PIN\n" "needed to complete this operation." @@ -165,7 +185,7 @@ msgstr "" "Die Eingabe des Mantras (Passphrase) bzw. der PIN\n" "wird benötigt um diese Aktion auszuführen." -#: agent/protect-tool.c:1145 +#: agent/protect-tool.c:1151 msgid "Passphrase:" msgstr "Passphrase:" @@ -236,19 +256,19 @@ msgstr "Falsches Mantra (Passphrase)" msgid "Passphrase" msgstr "Mantra" -#: common/sysutils.c:84 +#: common/sysutils.c:87 #, c-format msgid "can't disable core dumps: %s\n" msgstr "" "Das Erstellen eines Speicherabzugs (core-dump) kann nicht verhindert werden: " "%s\n" -#: common/sysutils.c:159 +#: common/sysutils.c:182 #, c-format msgid "Warning: unsafe ownership on %s \"%s\"\n" msgstr "WARNUNG: Unsichere Besitzrechte für %s \"%s\"\n" -#: common/sysutils.c:191 +#: common/sysutils.c:214 #, c-format msgid "Warning: unsafe permissions on %s \"%s\"\n" msgstr "WARNUNG: Unsichere Zugriffsrechte für %s \"%s\"\n" @@ -287,12 +307,12 @@ msgstr "Vom Benutzer abgebrochen\n" msgid "problem with the agent\n" msgstr "Problem mit dem Agenten\n" -#: jnlib/logging.c:547 +#: jnlib/logging.c:555 #, c-format msgid "you found a bug ... (%s:%d)\n" msgstr "Sie haben einen Bug (Softwarefehler) gefunden ... (%s:%d)\n" -#: kbx/kbxutil.c:62 sm/gpgsm.c:223 tools/gpgconf.c:53 +#: kbx/kbxutil.c:63 sm/gpgsm.c:224 tools/gpgconf.c:53 msgid "" "@Commands:\n" " " @@ -300,7 +320,7 @@ msgstr "" "@Kommandos:\n" " " -#: kbx/kbxutil.c:68 sm/gpgsm.c:258 tools/gpgconf.c:59 +#: kbx/kbxutil.c:70 sm/gpgsm.c:259 tools/gpgconf.c:59 msgid "" "@\n" "Options:\n" @@ -310,39 +330,31 @@ msgstr "" "Optionen:\n" " " -#: kbx/kbxutil.c:70 sm/gpgsm.c:260 -msgid "create ascii armored output" -msgstr "Ausgabe mit ASCII Hülle wird erzeugt" - -#: kbx/kbxutil.c:72 sm/gpgsm.c:311 tools/gpgconf.c:61 -msgid "use as output file" -msgstr "als Ausgabedatei benutzen" - -#: kbx/kbxutil.c:75 sm/gpgsm.c:320 tools/gpgconf.c:64 +#: kbx/kbxutil.c:77 sm/gpgsm.c:321 tools/gpgconf.c:64 msgid "do not make any changes" msgstr "Keine Änderungen durchführen" -#: kbx/kbxutil.c:77 +#: kbx/kbxutil.c:79 msgid "set debugging flags" msgstr "Debug Flags setzen" -#: kbx/kbxutil.c:78 +#: kbx/kbxutil.c:80 msgid "enable full debugging" msgstr "Alle Debug Flags setzen" -#: kbx/kbxutil.c:99 +#: kbx/kbxutil.c:101 msgid "Please report bugs to " msgstr "Bite richten sie Berichte über Bugs (Softwarefehler) an " -#: kbx/kbxutil.c:99 +#: kbx/kbxutil.c:101 msgid ".\n" msgstr ".\n" -#: kbx/kbxutil.c:103 +#: kbx/kbxutil.c:105 msgid "Usage: kbxutil [options] [files] (-h for help)" msgstr "Gebrauch: kbxutil [Optionen] [Dateien] (-h für Hilfe)" -#: kbx/kbxutil.c:106 +#: kbx/kbxutil.c:108 msgid "" "Syntax: kbxutil [options] [files]\n" "list, export, import Keybox data\n" @@ -350,7 +362,7 @@ msgstr "" "Syntax: kbxutil [Optionen] [Dateien]\n" "Anlistem exportieren und Importieren von KeyBox Dateien\n" -#: scd/scdaemon.c:100 sm/gpgsm.c:332 +#: scd/scdaemon.c:100 sm/gpgsm.c:333 msgid "read options from file" msgstr "Konfigurationsoptionen aus Datei lesen" @@ -523,8 +535,8 @@ msgstr "Der Herausgeber wird von einer externen Stelle gesucht\n" msgid "number of issuers matching: %d\n" msgstr "Anzahl der übereinstimmenden Heruasgeber: %d\n" -#: sm/certchain.c:403 sm/certchain.c:561 sm/certchain.c:909 sm/decrypt.c:260 -#: sm/encrypt.c:341 sm/sign.c:324 sm/verify.c:107 +#: sm/certchain.c:403 sm/certchain.c:561 sm/certchain.c:912 sm/decrypt.c:260 +#: sm/encrypt.c:341 sm/sign.c:324 sm/verify.c:106 msgid "failed to allocated keyDB handle\n" msgstr "Ein keyDB Handle konnte nicht bereitgestellt werden\n" @@ -589,25 +601,25 @@ msgstr "Das Wurzelzertifikat wurde nun als vertrauensw msgid "checking the trust list failed: %s\n" msgstr "Fehler beim Prüfen der vertrauenswürdigen Zertifikate: %s\n" -#: sm/certchain.c:721 sm/import.c:145 +#: sm/certchain.c:724 sm/import.c:166 msgid "certificate chain too long\n" msgstr "Der Zertifikatkette ist zu lang\n" -#: sm/certchain.c:733 +#: sm/certchain.c:736 msgid "issuer certificate not found" msgstr "Herausgeberzertifikat nicht gefunden" -#: sm/certchain.c:766 +#: sm/certchain.c:769 msgid "certificate has a BAD signature" msgstr "Das Zertifikat hat eine FALSCHE Signatur" -#: sm/certchain.c:789 +#: sm/certchain.c:792 msgid "found another possible matching CA certificate - trying again" msgstr "" "Eine anderes möglicherweise passendes CA-Zertifikat gefunden - versuche " "nochmal" -#: sm/certchain.c:812 +#: sm/certchain.c:815 #, c-format msgid "certificate chain longer than allowed by CA (%d)" msgstr "Die Zertifikatkette ist länger als von der CA erlaubt (%d)" @@ -660,227 +672,235 @@ msgstr "Schwacher Schl msgid "no valid recipients given\n" msgstr "Keine gültigen Empfänger angegeben\n" -#: sm/gpgsm.c:225 +#: sm/gpgsm.c:226 msgid "|[FILE]|make a signature" msgstr "|[DATEI]|Erzeuge eine Signatur" -#: sm/gpgsm.c:226 +#: sm/gpgsm.c:227 msgid "|[FILE]|make a clear text signature" msgstr "|[DATEI]|Erzeuge eine Klartextsignatur" -#: sm/gpgsm.c:227 +#: sm/gpgsm.c:228 msgid "make a detached signature" msgstr "Erzeuge eine abgetrennte Signatur" -#: sm/gpgsm.c:228 +#: sm/gpgsm.c:229 msgid "encrypt data" msgstr "Verschlüssele die Daten" -#: sm/gpgsm.c:229 +#: sm/gpgsm.c:230 msgid "encryption only with symmetric cipher" msgstr "Verschlüsselung nur mit symmetrischem Algrithmus" -#: sm/gpgsm.c:230 +#: sm/gpgsm.c:231 msgid "decrypt data (default)" msgstr "Enschlüssele die Daten" -#: sm/gpgsm.c:231 +#: sm/gpgsm.c:232 msgid "verify a signature" msgstr "Überprüfen einer Signatur" -#: sm/gpgsm.c:233 +#: sm/gpgsm.c:234 msgid "list keys" msgstr "Schlüssel anzeigen" -#: sm/gpgsm.c:234 +#: sm/gpgsm.c:235 msgid "list external keys" msgstr "Externe Schlüssel anzeigen" -#: sm/gpgsm.c:235 +#: sm/gpgsm.c:236 msgid "list secret keys" msgstr "Geheime Schlüssel anzeigen" -#: sm/gpgsm.c:236 +#: sm/gpgsm.c:237 msgid "list certificate chain" msgstr "Schlüssel mit Zertifikatekette anzeigen" -#: sm/gpgsm.c:238 +#: sm/gpgsm.c:239 msgid "list keys and fingerprints" msgstr "Schlüssel und Fingerprint anzeigen" -#: sm/gpgsm.c:239 +#: sm/gpgsm.c:240 msgid "generate a new key pair" msgstr "Neues Schlüsselpaar erzeugen" -#: sm/gpgsm.c:240 +#: sm/gpgsm.c:241 msgid "remove key from the public keyring" msgstr "Schlüssel aus dem öffentlichen Schlüsselbund löschen" -#: sm/gpgsm.c:241 +#: sm/gpgsm.c:242 msgid "export keys to a key server" msgstr "Schlüssen an eine Schlüsselserver exportieren" -#: sm/gpgsm.c:242 +#: sm/gpgsm.c:243 msgid "import keys from a key server" msgstr "Schlüssel von einem Schlüsselserver importieren" -#: sm/gpgsm.c:243 +#: sm/gpgsm.c:244 msgid "import certificates" msgstr "Zertifikate importieren" -#: sm/gpgsm.c:244 +#: sm/gpgsm.c:245 msgid "export certificates" msgstr "Zertifikate exportieren" -#: sm/gpgsm.c:245 +#: sm/gpgsm.c:246 msgid "register a smartcard" msgstr "Smartcard registrieren" -#: sm/gpgsm.c:246 +#: sm/gpgsm.c:247 msgid "run in server mode" msgstr "Im Server Modus ausführen" -#: sm/gpgsm.c:247 +#: sm/gpgsm.c:248 msgid "pass a command to the dirmngr" msgstr "Das Kommand an den Dirmngr durchreichen" -#: sm/gpgsm.c:249 +#: sm/gpgsm.c:250 msgid "invoke gpg-protect-tool" msgstr "Rufe das gpg-protect-tool auf" -#: sm/gpgsm.c:250 +#: sm/gpgsm.c:251 msgid "change a passphrase" msgstr "Das Mantra (Passphrase) ändern" -#: sm/gpgsm.c:262 +#: sm/gpgsm.c:261 +msgid "create ascii armored output" +msgstr "Ausgabe mit ASCII Hülle wird erzeugt" + +#: sm/gpgsm.c:263 msgid "create base-64 encoded output" msgstr "Ausgabe im Basis-64 format erzeugen" -#: sm/gpgsm.c:264 +#: sm/gpgsm.c:265 msgid "assume input is in PEM format" msgstr "Eingabedaten sind im PEM Format" -#: sm/gpgsm.c:266 +#: sm/gpgsm.c:267 msgid "assume input is in base-64 format" msgstr "Eingabedaten sin im Basis-64 Format" -#: sm/gpgsm.c:268 +#: sm/gpgsm.c:269 msgid "assume input is in binary format" msgstr "Eingabedaten sind im Binärformat" -#: sm/gpgsm.c:270 +#: sm/gpgsm.c:271 msgid "|NAME|encrypt for NAME" msgstr "|NAME|Verschlüsseln für NAME" -#: sm/gpgsm.c:273 +#: sm/gpgsm.c:274 msgid "never consult a CRL" msgstr "Niemals eine CRL konsultieren" -#: sm/gpgsm.c:278 +#: sm/gpgsm.c:279 msgid "check validity using OCSP" msgstr "Die Gültigkeit mittels OCSP prüfen" -#: sm/gpgsm.c:281 +#: sm/gpgsm.c:282 msgid "|N|number of certificates to include" msgstr "|N|Sende N Zertifikate mit" -#: sm/gpgsm.c:284 +#: sm/gpgsm.c:285 msgid "|FILE|take policy information from FILE" msgstr "|DATEI|Richtlinieninformationen DATEI entnehmen" -#: sm/gpgsm.c:287 +#: sm/gpgsm.c:288 msgid "do not check certificate policies" msgstr "Zertikikatrichtlinien nicht überprüfen" -#: sm/gpgsm.c:291 +#: sm/gpgsm.c:292 msgid "fetch missing issuer certificates" msgstr "Fehlende Zertifikate automatisch holen" -#: sm/gpgsm.c:295 +#: sm/gpgsm.c:296 msgid "|NAME|use NAME as default recipient" msgstr "|NAME|Benutze NAME als voreingestellten Empfänger" -#: sm/gpgsm.c:297 +#: sm/gpgsm.c:298 msgid "use the default key as default recipient" msgstr "Benuzte voreingestellten Schlüssel als Standardempfänger" -#: sm/gpgsm.c:303 +#: sm/gpgsm.c:304 msgid "use this user-id to sign or decrypt" msgstr "Benuzte diese Benutzer ID zum Signieren oder Entschlüsseln" -#: sm/gpgsm.c:306 +#: sm/gpgsm.c:307 msgid "|N|set compress level N (0 disables)" msgstr "|N|Benutze Komprimierungsstufe N" -#: sm/gpgsm.c:308 +#: sm/gpgsm.c:309 msgid "use canonical text mode" msgstr "Kanonischen Textmodus benutzen" -#: sm/gpgsm.c:314 +#: sm/gpgsm.c:312 tools/gpgconf.c:61 +msgid "use as output file" +msgstr "als Ausgabedatei benutzen" + +#: sm/gpgsm.c:315 msgid "don't use the terminal at all" msgstr "Das Terminal überhaupt nicht benutzen" -#: sm/gpgsm.c:317 +#: sm/gpgsm.c:318 msgid "force v3 signatures" msgstr "Version 3 Signaturen erzwingen" -#: sm/gpgsm.c:318 +#: sm/gpgsm.c:319 msgid "always use a MDC for encryption" msgstr "Immer das MDC Verfahren zum verschlüsseln mitbenutzen" -#: sm/gpgsm.c:323 +#: sm/gpgsm.c:324 msgid "batch mode: never ask" msgstr "Stapelverarbeitungs Modus: Nie nachfragen" -#: sm/gpgsm.c:324 +#: sm/gpgsm.c:325 msgid "assume yes on most questions" msgstr "\"Ja\" auf die meisten Anfragen annehmen" -#: sm/gpgsm.c:325 +#: sm/gpgsm.c:326 msgid "assume no on most questions" msgstr "\"Nein\" auf die meisten Anfragen annehmen" -#: sm/gpgsm.c:327 +#: sm/gpgsm.c:328 msgid "add this keyring to the list of keyrings" msgstr "Diesen Keyring in die Liste der Keyrings aufnehmen" -#: sm/gpgsm.c:328 +#: sm/gpgsm.c:329 msgid "add this secret keyring to the list" msgstr "Diese geheimen Keyring in die Liste aufnehmen" -#: sm/gpgsm.c:329 +#: sm/gpgsm.c:330 msgid "|NAME|use NAME as default secret key" msgstr "|NAME|Benutze NAME als voreingestellten Schlüssel" -#: sm/gpgsm.c:330 +#: sm/gpgsm.c:331 msgid "|HOST|use this keyserver to lookup keys" msgstr "|HOST|Benutze HOST als Schlüsselserver" -#: sm/gpgsm.c:331 +#: sm/gpgsm.c:332 msgid "|NAME|set terminal charset to NAME" msgstr "|NAME|Den Zeichensatz für das Terminal auf NAME setzen" -#: sm/gpgsm.c:340 +#: sm/gpgsm.c:342 msgid "|FD|write status info to this FD" msgstr "|FD|Statusinformationen auf Dateidescriptor FD schreiben" -#: sm/gpgsm.c:347 +#: sm/gpgsm.c:349 msgid "|FILE|load extension module FILE" msgstr "|DATEI|Das Erweiterungsmodul DATEI laden" -#: sm/gpgsm.c:353 +#: sm/gpgsm.c:355 msgid "|NAME|use cipher algorithm NAME" msgstr "|NAME|Den Verhsclüsselungsalgrithmus NAME benutzen" -#: sm/gpgsm.c:355 +#: sm/gpgsm.c:357 msgid "|NAME|use message digest algorithm NAME" msgstr "|NAME|Den Hashalgorithmus NAME benutzen" -#: sm/gpgsm.c:357 +#: sm/gpgsm.c:359 msgid "|N|use compress algorithm N" msgstr "|N|Den Kompressionsalgorithmus Nummer N benutzen" -#: sm/gpgsm.c:365 +#: sm/gpgsm.c:367 msgid "" "@\n" "(See the man page for a complete listing of all commands and options)\n" @@ -888,7 +908,7 @@ msgstr "" "@\n" "(Die \"man\" Seite beschreibt alle Kommands und Optionen)\n" -#: sm/gpgsm.c:368 +#: sm/gpgsm.c:370 msgid "" "@\n" "Examples:\n" @@ -908,11 +928,11 @@ msgstr "" " --list-keys [Namen] Schlüssel anzeigenn\n" " --fingerprint [Namen] \"Fingerabdrücke\" anzeigen\\n\n" -#: sm/gpgsm.c:482 +#: sm/gpgsm.c:484 msgid "Usage: gpgsm [options] [files] (-h for help)" msgstr "Gebrauch: gpgsm [Optionen] [Dateien] (-h für Hilfe)" -#: sm/gpgsm.c:485 +#: sm/gpgsm.c:487 msgid "" "Syntax: gpgsm [options] [files]\n" "sign, check, encrypt or decrypt using the S/MIME protocol\n" @@ -921,7 +941,7 @@ msgstr "" "Gebrauch: gpgsm [Optionen] [Dateien]\n" "Signieren, prüfen, ver- und entschlüsseln mittels S/MIME protocol\n" -#: sm/gpgsm.c:492 +#: sm/gpgsm.c:494 msgid "" "\n" "Supported algorithms:\n" @@ -929,129 +949,144 @@ msgstr "" "\n" "Unterstützte Algorithmen:\n" -#: sm/gpgsm.c:573 +#: sm/gpgsm.c:575 msgid "usage: gpgsm [options] " msgstr "Gebrauch: gpgsm [Optionen] " -#: sm/gpgsm.c:639 +#: sm/gpgsm.c:641 msgid "conflicting commands\n" msgstr "Widersprechende Kommandos\n" -#: sm/gpgsm.c:655 +#: sm/gpgsm.c:657 #, c-format msgid "can't encrypt to `%s': %s\n" msgstr "Verschlüsseln für `%s' nicht möglich: %s\n" -#: sm/gpgsm.c:730 +#: sm/gpgsm.c:731 #, c-format msgid "libksba is too old (need %s, have %s)\n" msgstr "Die Bibliothek Libksba is nicht aktuell (benötige %s, habe %s)\n" -#: sm/gpgsm.c:1169 +#: sm/gpgsm.c:1175 msgid "WARNING: program may create a core file!\n" msgstr "WARNUNG: Programm könnte eine core-dump-Datei schreiben!\n" -#: sm/gpgsm.c:1181 +#: sm/gpgsm.c:1187 msgid "WARNING: running with faked system time: " msgstr "WARNUNG: Ausführung mit gefälschter Systemzeit: " -#: sm/gpgsm.c:1201 +#: sm/gpgsm.c:1213 msgid "selected cipher algorithm is invalid\n" msgstr "Das ausgewählte Verschlüsselungsverfahren ist ungültig\n" -#: sm/gpgsm.c:1209 +#: sm/gpgsm.c:1221 msgid "selected digest algorithm is invalid\n" msgstr "Das ausgewählte Hashverfahren ist ungültig\n" -#: sm/gpgsm.c:1239 +#: sm/gpgsm.c:1251 #, c-format msgid "can't sign using `%s': %s\n" msgstr "Signieren mit `%s' nicht möglich: %s\n" -#: sm/gpgsm.c:1406 +#: sm/gpgsm.c:1415 msgid "this command has not yet been implemented\n" msgstr "Diee Kommando wurde noch nicht implementiert\n" -#: sm/gpgsm.c:1629 sm/gpgsm.c:1662 +#: sm/gpgsm.c:1638 sm/gpgsm.c:1671 #, c-format msgid "can't open `%s': %s\n" msgstr "Datei `%s' kann nicht geöffnet werden: %s\n" -#: sm/import.c:114 +#: sm/import.c:118 #, c-format msgid "total number processed: %lu\n" msgstr "gesamte verarbeitete Anzahl: %lu\n" -#: sm/import.c:117 +#: sm/import.c:121 #, c-format msgid " imported: %lu" msgstr " importiert: %lu" -#: sm/import.c:121 +#: sm/import.c:125 #, c-format msgid " unchanged: %lu\n" msgstr " nicht geändert: %lu\n" -#: sm/import.c:123 +#: sm/import.c:127 +#, c-format +msgid " secret keys read: %lu\n" +msgstr " gelesene private Schlüssel: %lu\n" + +#: sm/import.c:129 +#, c-format +msgid " secret keys imported: %lu\n" +msgstr "importierte priv. Schlüssel: %lu\n" + +#: sm/import.c:131 +#, c-format +msgid " secret keys unchanged: %lu\n" +msgstr "ungeänderte priv. Schlüssel: %lu\n" + +#: sm/import.c:133 #, c-format msgid " not imported: %lu\n" msgstr " nicht importiert: %lu\n" -#: sm/import.c:204 +#: sm/import.c:229 msgid "error storing certificate\n" msgstr "Fehler beim speichern des Zertifikats\n" -#: sm/import.c:211 +#: sm/import.c:237 msgid "basic certificate checks failed - not imported\n" msgstr "Grundlegende Zertifikatprüfungen fehlgeschlagen - nicht importiert\n" -#: sm/import.c:396 sm/import.c:428 +#: sm/import.c:423 sm/import.c:455 #, c-format msgid "error importing certificate: %s\n" msgstr "Fehler beim Importieren des Zertifikats: %s\n" -#: sm/import.c:457 +#: sm/import.c:484 #, c-format msgid "error creating a pipe: %s\n" msgstr "Fehler beim Erzeugen einer \"Pipe\": %s\n" -#: sm/import.c:465 +#: sm/import.c:492 #, c-format msgid "error forking process: %s\n" msgstr "Fehler beim \"Forken\" des Prozess: %s\n" -#: sm/import.c:562 sm/import.c:587 +#: sm/import.c:590 sm/import.c:615 #, c-format msgid "error creating temporary file: %s\n" msgstr "Fehler beim Erstellen einer temporären Datei: %s\n" -#: sm/import.c:570 +#: sm/import.c:598 #, c-format msgid "error writing to temporary file: %s\n" msgstr "Fehler beim Schreiben auf eine temporäre Datei: %s\n" -#: sm/import.c:579 +#: sm/import.c:607 #, c-format msgid "error reading input: %s\n" msgstr "Fehler beim Lesen der Eingabe: %s\n" -#: sm/import.c:649 +#: sm/import.c:703 #, c-format msgid "waiting for protect-tool to terminate failed: %s\n" msgstr "" "Das Warten auf die Beendigung des protect-tools ist fehlgeschlagen: %s\n" -#: sm/import.c:652 +#: sm/import.c:706 #, c-format msgid "error running `%s': probably not installed\n" msgstr "Feler bei Ausführung von `%s': wahrscheinlich nicht installiert\n" -#: sm/import.c:654 +#: sm/import.c:708 #, c-format msgid "error running `%s': exit status %d\n" msgstr "Fehler bei Ausführung von `%s': Endestatus %d\n" -#: sm/import.c:657 +#: sm/import.c:711 #, c-format msgid "error running `%s': terminated\n" msgstr "Fehler beim Ausführen von `%s': beendet\n" @@ -1113,24 +1148,24 @@ msgstr "Fehler beim Holen der gespeicherten Flags: %s\n" msgid "error storing flags: %s\n" msgstr "Fehler beim Speichern der Flags: %s\n" -#: sm/verify.c:387 +#: sm/verify.c:381 msgid "Signature made " msgstr "Signatur erzeugt am " -#: sm/verify.c:391 +#: sm/verify.c:385 msgid "[date not given]" msgstr "[Datum nicht vorhanden]" -#: sm/verify.c:392 +#: sm/verify.c:386 #, c-format msgid " using certificate ID %08lX\n" msgstr "mittels Zertifikat ID %08lX\n" -#: sm/verify.c:505 +#: sm/verify.c:499 msgid "Good signature from" msgstr "Korrekte Signatur von" -#: sm/verify.c:506 +#: sm/verify.c:500 msgid " aka" msgstr " alias" @@ -1188,6 +1223,3 @@ msgstr "Komponente nicht gefunden" #~ msgstr "" #~ "Schlüsselverwendungszweck nicht vorhanden - wird zum Verschlüsseln " #~ "akzeptiert\n" - -#~ msgid " skipped new keys: %lu\n" -#~ msgstr " übersprungene Schlüssel: %lu\n" diff --git a/scd/ChangeLog b/scd/ChangeLog index 1d3cff257..3a634b92b 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,7 @@ +2004-07-22 Werner Koch + + * scdaemon.c (main): Bumbed thread stack size up to 512k. + 2004-07-16 Werner Koch * apdu.c (reader_table_s): Add function pointers for the backends. diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 5e9737ae4..b0038de16 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -603,7 +603,7 @@ main (int argc, char **argv ) tattr = pth_attr_new(); pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0); - pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 64*1024); + pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 512*1024); pth_attr_set (tattr, PTH_ATTR_NAME, "ticker"); if (!pth_spawn (tattr, ticker_thread, NULL)) diff --git a/sm/ChangeLog b/sm/ChangeLog index 5571540be..b9780cc90 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,7 @@ +2004-07-22 Werner Koch + + * keylist.c (list_cert_raw): Print the keygrip. + 2004-07-20 Werner Koch * certchain.c (gpgsm_validate_chain): The trust check didn't diff --git a/sm/keylist.c b/sm/keylist.c index 27c67ded3..0fd06ca13 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -500,7 +500,7 @@ print_names_raw (FILE *fp, int indent, ksba_name_t name) /* List one certificate in raw mode useful to have a closer look at - the certificate. This one does not beautification and only minimal + the certificate. This one does no beautification and only minimal output sanitation. It is mainly useful for debugging. */ static void list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret, @@ -559,6 +559,10 @@ list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret, fprintf (fp, " md5_fpr: %s\n", dn?dn:"error"); xfree (dn); + dn = gpgsm_get_keygrip_hexstring (cert); + fprintf (fp, " keygrip: %s\n", dn?dn:"error"); + xfree (dn); + ksba_cert_get_validity (cert, 0, t); fputs (" notBefore: ", fp); gpgsm_print_time (fp, t);