security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-10 23:49:50 +02:00
Code Activity

* encode.c (encode_simple): Show cipher with --verbose.

Browse Source 
* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level.  If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.

* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
This commit is contained in:
David Shaw 2004-02-24 22:00:03 +00:00
parent 7164a0f754
commit ecb568502d
6 changed files with 187 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
g10/ChangeLog
View File

@ -1,3 +1,16 @@
2004-02-24 David Shaw <dshaw@jabberwocky.com>
* encode.c (encode_simple): Show cipher with --verbose.
* options.h, g10.c (main), keyedit.c (sign_keys): Add
--ask-cert-level option to enable cert level prompts during sigs.
Defaults to on. Simplify --default-cert-check-level to
--default-cert-level. If ask-cert-level is off, or batch is on,
use the default-cert-level as the cert level.
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs):
Simplify --min-cert-check-level to --min-cert-level.
2004-02-23 David Shaw <dshaw@jabberwocky.com>
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add

4
g10/encode.c
View File

@ -219,6 +219,10 @@ encode_simple( const char *filename, int mode, int use_seskey )
m_free( cfx.dek ); cfx.dek = dek;
}
if(opt.verbose)
log_info(_("using cipher %s\n"),
cipher_algo_to_string(cfx.dek->algo));
cfx.dek->use_mdc=use_mdc(NULL,cfx.dek->algo);
}

36
g10/g10.c
View File

@ -141,12 +141,14 @@ enum cmd_and_opt_values
oNoAskSigExpire,
oAskCertExpire,
oNoAskCertExpire,
oAskCertLevel,
oNoAskCertLevel,
oFingerprint,
oWithFingerprint,
oAnswerYes,
oAnswerNo,
oDefCertCheckLevel,
oMinCertCheckLevel,
oDefCertLevel,
oMinCertLevel,
oKeyring,
oSecretKeyring,
oShowKeyring,
@ -402,6 +404,8 @@ static ARGPARSE_OPTS opts[] = {
{ oNoAskSigExpire, "no-ask-sig-expire", 0, "@"},
{ oAskCertExpire, "ask-cert-expire", 0, "@"},
{ oNoAskCertExpire, "no-ask-cert-expire", 0, "@"},
{ oAskCertLevel, "ask-cert-level", 0, "@"},
{ oNoAskCertLevel, "no-ask-cert-level", 0, "@"},
{ oOutput, "output", 2, N_("use as output file")},
{ oMaxOutput, "max-output", 16|4, "@" },
{ oVerbose, "verbose", 0, N_("verbose") },
@ -532,8 +536,9 @@ static ARGPARSE_OPTS opts[] = {
{ oSkipVerify, "skip-verify",0, "@" },
{ oCompressKeys, "compress-keys",0, "@"},
{ oCompressSigs, "compress-sigs",0, "@"},
{ oDefCertCheckLevel, "default-cert-check-level", 1, "@"},
{ oMinCertCheckLevel, "min-cert-check-level", 1, "@"},
{ oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */
{ oDefCertLevel, "default-cert-level", 1, "@"},
{ oMinCertLevel, "min-cert-level", 1, "@"},
{ oAlwaysTrust, "always-trust", 0, "@"},
{ oTrustModel, "trust-model", 2, "@"},
{ oEmuChecksumBug, "emulate-checksum-bug", 0, "@"},
@ -1323,8 +1328,9 @@ main( int argc, char **argv )
EXPORT_INCLUDE_NON_RFC|EXPORT_INCLUDE_ATTRIBUTES;
opt.keyserver_options.include_subkeys=1;
opt.keyserver_options.include_revoked=1;
opt.mangle_dos_filenames = 1;
opt.min_cert_check_level=1;
opt.mangle_dos_filenames=1;
opt.ask_cert_level=1;
opt.min_cert_level=1;
#if defined (_WIN32)
set_homedir ( read_w32_registry_string( NULL,
"Software\\GNU\\GnuPG", "HomeDir" ));
@ -1597,8 +1603,8 @@ main( int argc, char **argv )
break;
case oNoArmor: opt.no_armor=1; opt.armor=0; break;
case oNoDefKeyring: default_keyring = 0; break;
case oDefCertCheckLevel: opt.def_cert_check_level=pargs.r.ret_int; break;
case oMinCertCheckLevel: opt.min_cert_check_level=pargs.r.ret_int; break;
case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
case oNoGreeting: nogreeting = 1; break;
case oNoVerbose: g10_opt_verbose = 0;
opt.verbose = 0; opt.list_sigs=0; break;
@ -1753,6 +1759,8 @@ main( int argc, char **argv )
case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
case oAskCertExpire: opt.ask_cert_expire = 1; break;
case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
case oAskCertLevel: opt.ask_cert_level = 1; break;
case oNoAskCertLevel: opt.ask_cert_level = 0; break;
case oUser: /* store the local users */
add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
break;
@ -2138,8 +2146,10 @@ main( int argc, char **argv )
log_error(_("marginals-needed must be greater than 1\n"));
if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
log_error(_("max-cert-depth must be in range 1 to 255\n"));
if( opt.min_cert_check_level < 1 || opt.min_cert_check_level > 3 )
log_error(_("min-cert-check-level must be in the range from 1 to 3\n"));
if(opt.def_cert_level<0 || opt.def_cert_level>3)
log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n"));
if( opt.min_cert_level < 1 || opt.min_cert_level > 3 )
log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
switch( opt.s2k_mode ) {
case 0:
log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n"));
@ -2149,16 +2159,14 @@ main( int argc, char **argv )
log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
}
if(opt.def_cert_check_level<0 || opt.def_cert_check_level>3)
log_error(_("invalid default-check-level; must be 0, 1, 2, or 3\n"));
/* This isn't actually needed, but does serve to error out if the
string is invalid. */
if(opt.def_preference_list &&
keygen_set_std_prefs(opt.def_preference_list,0))
log_error(_("invalid default preferences\n"));
/* We provide defaults for the personal digest list */
/* We provide defaults for the personal digest list. This is
SHA-1. */
if(!pers_digest_list)
pers_digest_list="h2";

14
g10/keyedit.c
View File

@ -627,8 +627,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
if(selfsig)
;
else if(opt.batch)
class=0x10+opt.def_cert_check_level;
else if(opt.batch || !opt.ask_cert_level)
class=0x10+opt.def_cert_level;
else
{
char *answer;
@ -638,13 +638,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
"above? If you don't know what to answer, enter \"0\".\n"));
tty_printf("\n");
tty_printf(_(" (0) I will not answer.%s\n"),
opt.def_cert_check_level==0?_(" (default)"):"");
opt.def_cert_level==0?_(" (default)"):"");
tty_printf(_(" (1) I have not checked at all.%s\n"),
opt.def_cert_check_level==1?_(" (default)"):"");
opt.def_cert_level==1?_(" (default)"):"");
tty_printf(_(" (2) I have done casual checking.%s\n"),
opt.def_cert_check_level==2?_(" (default)"):"");
opt.def_cert_level==2?_(" (default)"):"");
tty_printf(_(" (3) I have done very careful checking.%s\n"),
opt.def_cert_check_level==3?_(" (default)"):"");
opt.def_cert_level==3?_(" (default)"):"");
tty_printf("\n");
while(class==0)
@ -653,7 +653,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
"(enter '?' for more information): "));
if(answer[0]=='\0')
class=0x10+opt.def_cert_check_level; /* Default */
class=0x10+opt.def_cert_level; /* Default */
else if(ascii_strcasecmp(answer,"0")==0)
class=0x10; /* Generic */
else if(ascii_strcasecmp(answer,"1")==0)

278
g10/options.h
View File

@ -38,149 +38,151 @@
#endif
EXTERN_UNLESS_MAIN_MODULE
struct {
int verbose;
int quiet;
unsigned debug;
int armor;
int compress;
char *outfile;
off_t max_output;
int dry_run;
int list_only;
int textmode;
int expert;
int ask_sig_expire;
int ask_cert_expire;
int batch; /* run in batch mode */
int answer_yes; /* answer yes on most questions */
int answer_no; /* answer no on most questions */
int check_sigs; /* check key signatures */
int with_colons;
int with_key_data;
int with_fingerprint; /* opt --with-fingerprint active */
int fingerprint; /* list fingerprints */
int list_sigs; /* list signatures */
int no_armor;
int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
int def_cipher_algo;
int force_v3_sigs;
int force_v4_certs;
int force_mdc;
int disable_mdc;
int def_digest_algo;
int cert_digest_algo;
int def_compress_algo;
const char *def_secret_key;
char *def_recipient;
int def_recipient_self;
int def_cert_check_level;
int min_cert_check_level;
int sk_comments;
int no_version;
int marginals_needed;
int completes_needed;
int max_cert_depth;
const char *homedir;
struct
{
int verbose;
int quiet;
unsigned debug;
int armor;
int compress;
char *outfile;
off_t max_output;
int dry_run;
int list_only;
int textmode;
int expert;
int ask_sig_expire;
int ask_cert_expire;
int batch; /* run in batch mode */
int answer_yes; /* answer yes on most questions */
int answer_no; /* answer no on most questions */
int check_sigs; /* check key signatures */
int with_colons;
int with_key_data;
int with_fingerprint; /* opt --with-fingerprint active */
int fingerprint; /* list fingerprints */
int list_sigs; /* list signatures */
int no_armor;
int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
int def_cipher_algo;
int force_v3_sigs;
int force_v4_certs;
int force_mdc;
int disable_mdc;
int def_digest_algo;
int cert_digest_algo;
int def_compress_algo;
const char *def_secret_key;
char *def_recipient;
int def_recipient_self;
int def_cert_level;
int min_cert_level;
int ask_cert_level;
int sk_comments;
int no_version;
int marginals_needed;
int completes_needed;
int max_cert_depth;
const char *homedir;
char *display; /* 5 options to be passed to the gpg-agent */
char *ttyname;
char *ttytype;
char *lc_ctype;
char *lc_messages;
char *display; /* 5 options to be passed to the gpg-agent */
char *ttyname;
char *ttytype;
char *lc_ctype;
char *lc_messages;
int skip_verify;
int compress_keys;
int compress_sigs;
int always_trust;
enum
{
CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8
} compliance;
int pgp2_workarounds;
unsigned int emulate_bugs; /* bug emulation flags EMUBUG_xxxx */
int shm_coprocess;
const char *set_filename;
const char *comment_string;
int throw_keyid;
int show_photos;
const char *photo_viewer;
int s2k_mode;
int s2k_digest_algo;
int s2k_cipher_algo;
int simple_sk_checksum; /* create the deprecated rfc2440 secret
key protection*/
int not_dash_escaped;
int escape_from;
int lock_once;
char *keyserver_uri;
char *keyserver_scheme;
char *keyserver_host;
char *keyserver_port;
char *keyserver_opaque;
struct
int skip_verify;
int compress_keys;
int compress_sigs;
int always_trust;
enum
{
int verbose;
int include_revoked;
int include_disabled;
int include_subkeys;
int honor_http_proxy;
int broken_http_proxy;
int use_temp_files;
int keep_temp_files;
int fake_v3_keyids;
int auto_key_retrieve;
unsigned int import_options;
unsigned int export_options;
STRLIST other;
} keyserver_options;
int exec_disable;
int exec_path_set;
CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8
} compliance;
int pgp2_workarounds;
unsigned int emulate_bugs; /* bug emulation flags EMUBUG_xxxx */
int shm_coprocess;
const char *set_filename;
const char *comment_string;
int throw_keyid;
int show_photos;
const char *photo_viewer;
int s2k_mode;
int s2k_digest_algo;
int s2k_cipher_algo;
int simple_sk_checksum; /* create the deprecated rfc2440 secret
key protection*/
int not_dash_escaped;
int escape_from;
int lock_once;
char *keyserver_uri;
char *keyserver_scheme;
char *keyserver_host;
char *keyserver_port;
char *keyserver_opaque;
struct
{
int verbose;
int include_revoked;
int include_disabled;
int include_subkeys;
int honor_http_proxy;
int broken_http_proxy;
int use_temp_files;
int keep_temp_files;
int fake_v3_keyids;
int auto_key_retrieve;
unsigned int import_options;
unsigned int export_options;
char *def_preference_list;
prefitem_t *personal_cipher_prefs;
prefitem_t *personal_digest_prefs;
prefitem_t *personal_compress_prefs;
int no_perm_warn;
int no_mdc_warn;
char *temp_dir;
int no_encrypt_to;
int interactive;
STRLIST sig_notation_data;
STRLIST cert_notation_data;
int show_notation;
STRLIST sig_policy_url;
STRLIST cert_policy_url;
int show_policy_url;
int use_embedded_filename;
int allow_non_selfsigned_uid;
int allow_freeform_uid;
int no_literal;
ulong set_filesize;
int fast_list_mode;
int fixed_list_mode;
int ignore_time_conflict;
int ignore_valid_from;
int ignore_crc_error;
int ignore_mdc_error;
int command_fd;
const char *override_session_key;
int show_session_key;
int use_agent;
const char *gpg_agent_info;
int merge_only;
int try_all_secrets;
int no_expensive_trust_checks;
int no_sig_cache;
int no_sig_create_check;
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
int show_keyring;
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
STRLIST other;
} keyserver_options;
int exec_disable;
int exec_path_set;
unsigned int import_options;
unsigned int export_options;
char *def_preference_list;
prefitem_t *personal_cipher_prefs;
prefitem_t *personal_digest_prefs;
prefitem_t *personal_compress_prefs;
int no_perm_warn;
int no_mdc_warn;
char *temp_dir;
int no_encrypt_to;
int interactive;
STRLIST sig_notation_data;
STRLIST cert_notation_data;
int show_notation;
STRLIST sig_policy_url;
STRLIST cert_policy_url;
int show_policy_url;
int use_embedded_filename;
int allow_non_selfsigned_uid;
int allow_freeform_uid;
int no_literal;
ulong set_filesize;
int fast_list_mode;
int fixed_list_mode;
int ignore_time_conflict;
int ignore_valid_from;
int ignore_crc_error;
int ignore_mdc_error;
int command_fd;
const char *override_session_key;
int show_session_key;
int use_agent;
const char *gpg_agent_info;
int merge_only;
int try_all_secrets;
int no_expensive_trust_checks;
int no_sig_cache;
int no_sig_create_check;
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
int show_keyring;
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
} opt;

2
g10/trustdb.c
View File

@ -1193,7 +1193,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
continue; /* we only look at these signature classes */
if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
sig->sig_class-0x10<opt.min_cert_check_level)
sig->sig_class-0x10<opt.min_cert_level)
continue;
if (!is_in_klist (klist, sig))
continue; /* no need to check it then */