See ChangeLog: Wed Apr 28 13:03:03 CEST 1999 Werner Koch

NEWS

@@ -1,15 +1,14 @@
 
-    * Full Twofish support.  It is now statically linked by default.
-      The experimental 128 bit version is now disabled.
-   ---->   Hmmm, there is an internal conflict in the RFC
-   ---->   For now it is disabled
+    * Twofish is now statically linked by default. The experimental 128 bit
+      version is now disabled.	Full support will be available as soon as
+      the OpenPGP WG has decided on an interpretation of rfc2440.
 
     * Dropped support for the ancient Blowfish160 which is not OpenPGP.
 
     * Merged gpgm and gpg into one binary.
 
-    * Add revsig command to the edit menu.  It is now possible to
-      revoke signature.
+    * Add "revsig" and "revkey" commands to the edit menu.  It is now
+      possible to revoke signature and subkeys.
 
 
 Noteworthy changes in version 0.9.5

TODO

@@ -2,9 +2,9 @@
   * add some status output put for signing and encryption.
     replace the putc in primegen with some kind of status-fd outputs.
 
-  * Fix revocation and expire stuff.
+  * Fix revocation and expire stuff.  Subkey revocations are not detected.
 
-  * Check calculation of key validity.
+  * Speed up calculation of key validity.
 
   * See why we always get this "Hmmm, public key not anymore available"
 

configure.in

@@ -268,7 +268,7 @@ AC_SUBST(DYNLINK_MOD_CFLAGS)
 
 dnl Checks for header files.
 AC_HEADER_STDC
-AC_CHECK_HEADERS(unistd.h)
+AC_CHECK_HEADERS(unistd.h langinfo.h)
 
 
 dnl Checks for typedefs, structures, and compiler characteristics.
@@ -303,7 +303,7 @@ dnl Checks for library functions.
 AC_FUNC_VPRINTF
 AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mmap)
 AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit)
-AC_CHECK_FUNCS(memicmp atexit raise getpagesize strftime)
+AC_CHECK_FUNCS(memicmp atexit raise getpagesize strftime nl_langinfo)
 
 GNUPG_CHECK_MLOCK
 

doc/HACKING

@@ -23,11 +23,11 @@ don't complain. CVS may put a high load on a server, so please don't poll
 poll for new updates but wait for an announcement; to receive this you may
 want to subscribe to:
 
-    gnupg-commit-watchers@isil.d.shuttle.de
+    gnupg-commit-watchers@gnupg.org
 
-by sending a mail with "subscribe" in the body to
+by sending a mail with subject "subscribe" to
 
-    gnupg-commit-watchers-request@isil.d.shuttle.de
+    gnupg-commit-watchers-request@gnupg.org
 
 
 Please run scripts/autogen.sh to create some required files.

doc/gpg.1pod

@@ -120,6 +120,11 @@ B<--edit-key> I<name>
       non-exportbale and will therefore never be used
       by others.  This may be used to make keys valid
       only in the local environment.
+    B<revsig>
+      Revoke a signature.  GnuPG asks for every
+      every signature which has been done by one of
+      teh secret keys, whether a revocation
+      certificate should be generated.
     B<trust>
       Change the owner trust value. This updates the
       trust-db immediately and no save is required.
@@ -131,6 +136,8 @@ B<--edit-key> I<name>
        Add a subkey to this key.
     B<delkey>
        Remove a subkey.
+    B<revkey>
+       Revoke a subkey.
     B<expire>
        Change the key expiration time.  If a key is
        selected, the time of this key will be changed.

g10/ChangeLog

@@ -1,3 +1,9 @@
+Wed Apr 28 13:03:03 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* keyedit.c (keyedit_menu): Add new command revkey.
+	* (menu_revkey): New.
+
+
 Mon Apr 26 17:48:15 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 	* parse-packet.c (parse_signature): Add the MDC hack.

g10/export.c

@@ -204,4 +204,3 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
     return rc;
 }
 
-

g10/keyedit.c

@@ -57,6 +57,7 @@ static int count_keys_with_flag( KBNODE keyblock, unsigned flag );
 static int count_selected_uids( KBNODE keyblock );
 static int count_selected_keys( KBNODE keyblock );
 static int menu_revsig( KBNODE keyblock );
+static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
 
 #define CONTROL_D ('D' - 'A' + 1)
 
@@ -523,7 +524,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 {
     enum cmdids { cmdNONE = 0,
 	   cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
-	   cmdLSIGN, cmdREVSIG,
+	   cmdLSIGN, cmdREVSIG, cmdREVKEY,
 	   cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY,
 	   cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
 	   cmdNOP };
@@ -560,6 +561,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	{ N_("passwd")  , cmdPASSWD , 1, N_("change the passphrase") },
 	{ N_("trust")   , cmdTRUST , 0, N_("change the ownertrust") },
 	{ N_("revsig")  , cmdREVSIG , 0, N_("revoke signatures") },
+	{ N_("revkey")  , cmdREVKEY , 1, N_("revoke a secondary key") },
 
     { NULL, cmdNONE } };
     enum cmdids cmd;
@@ -830,6 +832,28 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	    }
 	    break;
 
+	  case cmdREVKEY: {
+		int n1;
+
+		if( !(n1=count_selected_keys( keyblock )) )
+		    tty_printf(_("You must select at least one key.\n"));
+		else if( sec_keyblock && !cpr_get_answer_is_yes(
+			    "keyedit.revoke.subkey.okay",
+		       n1 > 1?
+			_("Do you really want to revoke the selected keys? "):
+			_("Do you really want to revoke this key? ")
+		       ))
+		    ;
+		else {
+		    if( menu_revkey( keyblock, sec_keyblock ) ) {
+			modified = 1;
+			/*sec_modified = 1;*/
+		    }
+		    redisplay = 1;
+		}
+	    }
+	    break;
+
 	  case cmdEXPIRE:
 	    if( menu_expire( keyblock, sec_keyblock ) ) {
 		merge_keys_and_selfsig( sec_keyblock );
@@ -1663,4 +1687,56 @@ menu_revsig( KBNODE keyblock )
     return changed;
 }
 
+/****************
+ * Revoke some of the secondary keys.
+ * Hmmm: Should we add a revocation to the secret keyring too?
+ *	 Does its all make sense to duplicate most of the information?
+ */
+static int
+menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+    PKT_public_key *mainpk;
+    KBNODE node;
+    int changed = 0;
+    int upd_trust = 0;
+    int rc;
+
+  reloop: /* (better this way becuase we are modifing the keyring) */
+    mainpk = pub_keyblock->pkt->pkt.public_key;
+    for( node = pub_keyblock; node; node = node->next ) {
+	if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+	    && (node->flag & NODFLG_SELKEY) ) {
+	    PACKET *pkt;
+	    PKT_signature *sig;
+	    PKT_secret_key *sk;
+	    PKT_public_key *subpk = node->pkt->pkt.public_key;
+
+	    node->flag &= ~NODFLG_SELKEY;
+	    sk = copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key );
+	    rc = make_keysig_packet( &sig, mainpk, NULL, subpk, sk, 0x28, 0,
+				     NULL, NULL );
+	    free_secret_key(sk);
+	    if( rc ) {
+		log_error(_("signing failed: %s\n"), g10_errstr(rc));
+		return changed;
+	    }
+	    changed = 1; /* we changed the keyblock */
+	    upd_trust = 1;
+
+	    pkt = m_alloc_clear( sizeof *pkt );
+	    pkt->pkttype = PKT_SIGNATURE;
+	    pkt->pkt.signature = sig;
+	    insert_kbnode( node, new_kbnode(pkt), PKT_SIGNATURE );
+	    goto reloop;
+	}
+    }
+    commit_kbnode( &pub_keyblock );
+    /*commit_kbnode( &sec_keyblock );*/
+
+    if( upd_trust )
+	clear_trust_checked_flag( mainpk );
+
+    return changed;
+}
+
 

g10/keylist.c

@@ -329,6 +329,8 @@ list_keyblock( KBNODE keyblock, int secret )
 		    puts("[revoked]");
 		else if( sig->sig_class == 0x18 )
 		    puts("[key binding]");
+		else if( sig->sig_class == 0x28 )
+		    puts("[subkey revoked]");
 		else
 		    putchar('\n');
 		if( opt.fingerprint )
@@ -336,7 +338,8 @@ list_keyblock( KBNODE keyblock, int secret )
 		any=1;
 	    }
 
-	    if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
+	    if( sig->sig_class == 0x20 || sig->sig_class == 0x28
+				       || sig->sig_class == 0x30 )
 		fputs("rev", stdout);
 	    else if( (sig->sig_class&~3) == 0x10 )
 		fputs("sig", stdout);

g10/mainproc.c

@@ -307,7 +307,7 @@ proc_plaintext( CTX c, PACKET *pkt )
 	md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
 	md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
     }
-  #if 0
+  #if 1
     #warning md_start_debug is enabled
     md_start_debug( c->mfx.md, "verify" );
   #endif

g10/sign.c

@@ -656,7 +656,8 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
     MD_HANDLE md;
 
     assert( (sigclass >= 0x10 && sigclass <= 0x13)
-	    || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x30 );
+	    || sigclass == 0x20 || sigclass == 0x18
+	    || sigclass == 0x30 || sigclass == 0x28 );
     if( !digest_algo ) {
 	switch( sk->pubkey_algo ) {
 	  case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break;
@@ -669,7 +670,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 
     /* hash the public key certificate and the user id */
     hash_public_key( md, pk );
-    if( sigclass == 0x18 ) { /* subkey binding */
+    if( sigclass == 0x18 || sigclass == 0x28 ) { /* subkey binding/revocation*/
 	hash_public_key( md, subpk );
     }
     else if( sigclass != 0x20 ) {

util/ChangeLog

@@ -1,3 +1,7 @@
+Wed Apr 28 13:03:03 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* miscutil.c (asctimestamp): Use nl_langinfo (Gaël Quéri).
+
 Sun Apr 18 10:11:28 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 	* argparse.c (store_alias): Disabled becuase it is not used.

util/miscutil.c

@@ -1,5 +1,5 @@
 /* miscutil.c -  miscellaneous utilities
- *	Copyright (C) 1998 Free Software Foundation, Inc.
+ *	Copyright (C) 1998, 1999 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -23,6 +23,9 @@
 #include <string.h>
 #include <time.h>
 #include <ctype.h>
+#ifdef HAVE_LANGINFO_H
+  #include <langinfo.h>
+#endif
 #include "types.h"
 #include "util.h"
 #include "i18n.h"
@@ -91,16 +94,26 @@ const char *
 asctimestamp( u32 stamp )
 {
     static char buffer[50];
+    #if defined (HAVE_STRFTIME) && defined (HAVE_NL_LANGINFO)
+      static char fmt[50];
+    #endif
     struct tm *tp;
     time_t atime = stamp;
 
     tp = localtime( &atime );
   #ifdef HAVE_STRFTIME
-    /* fixme: we should check whether the locale apppends a " %Z"
-     * These locales from glibc don't put the " %Z":
-     * fi_FI hr_HR ja_JP lt_LT lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN
-     */
-    strftime( buffer, DIM(buffer)-1, "%c %Z", tp );
+    #if defined(HAVE_NL_LANGINFO)
+      mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt) );
+      if( strstr( fmt, "%Z" ) == NULL )
+	strcat( fmt, " %Z");
+      strftime( buffer, DIM(buffer)-1, fmt, tp );
+    #else
+      /* fixme: we should check whether the locale appends a " %Z"
+       * These locales from glibc don't put the " %Z":
+       * fi_FI hr_HR ja_JP lt_LT lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN
+       */
+      strftime( buffer, DIM(buffer)-1, "%c %Z", tp );
+    #endif
     buffer[DIM(buffer)-1] = 0;
   #else
     mem2str( buffer, asctime(tp), DIM(buffer) );