before the encryption key. This is a partial workaround for a PGP bug
(as of this writing, all versions including 8.1), that causes it to
try and encrypt to the most recent subkey regardless of whether that
subkey is actually an encryption type. In this case, the auth key is
an RSA key so it succeeds.
instead of 0x0000000000000000 for the invalid key ID since all-zeroes
is reserved for the anonymous recipient.
* keyedit.c (change_passphrase), keygen.c (generate_subkeypair): Fix a
string ;)
ask for the passphrase. Return an error if the primary key is a
plain stub.
* keyedit.c (change_passphrase): Don't ever change any stub key.
Print a note if a key consists of only stub keys. Reported by
Dany Nativel. These are bugs #401 and #402.
the cache. Changed all callers.
(get_one_do): Bypass the cache if the value would have been read
directly for v1.1 cards.It makes things a bit slower but obnly for
1.0 cards and there are not that many cards out in the wild. This
is required to fix a caching bug when generating new keys; as a
side effect of the retrieval of the the C4 DO from the 6E DO the
chaced fingerprint will get updated to the old value and later
when signing the generated key the checking of the fingerprint
fails becuase it won't match the new one. Thanks to Moritz for
analyzing this problem.
(verify_chv3): Removed the CHV status reread logic because we
won't cache the C4 DO anymore.
* card-util.c (card_status): Create asecret key stub on the fly
and print more information about a card key.
* import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New.
* getkey.c (get_seckeyblock_byfprint): New.
* keylist.c (print_card_key_info): New.
initialization.
* gpgv.c (i18n_init) [W32]: Ditto.
* simple-gettext.c (set_gettext_file): Use MO files depending on
the installation directory. Add new arg REGKEY.
filter context instead of hardcoding '\n' or '\r\n'. If no eol string is
provided, default to '\n' or '\r\n' as appropriate. (is_armor_header):
Trim tabs in armor header lines as well.
* keyserver.c (keyserver_spawn): Use it here to force '\n' line endings
since the keyserver output file gets a LF->CRLF expansion on win32.
* armor.c (is_armor_header): Allow CR and LF (not just actual spaces) in
an armor header line (-----BEGIN etc). This is needed due to CRLF issues
on win32. As before, --openpgp makes it strict.
(scan_or_find_devices): Add new args to return endpoint info and
interface number.
(ccid_open_reader, ccid_shutdown_reader): Take care of these new
args.
(bulk_in, bulk_out): Use the correct endpoints.
(ccid_transceive_apdu_level): New.
(ccid_transceive): Divert to above.
(parse_ccid_descriptor): Allow APDU level exchange mode.
(do_close_reader): Pass the interface number to usb_release_interface.
common type (e.g. ldaps -> ldap). If we are building with curl, map both
http and ftp to curl.
* build-packet.c (build_sig_subpkt): Only allow one preferred keyserver
subpacket at a time.
chosen selfsig so we don't accidentally promote an older selfsig to
chosen. Discovered by Simon Josefsson and 'Todd'.
* keygen.c (ask_expire_interval): Fix typo.
passphrase still wrong. Roman Pavlik found such a case.
* mpicoder.c (mpi_read_from_buffer): Don't abort in case of an
invalid MPI but print a message and return NULL. Use log_info and
not log_error.
* passphrase.c: Don't check for __CYGWIN__, so it is treated as a
unix-like system.
* options.h, g10.c (main), textfilter.c (standard): Use new option
--rfc2440-text to determine whether to filter "<space>\t\r\n" or just
"\r\n" before canonicalizing text line endings. Default to
"<space>\t\r\n".
temporary user ID.
* keyedit.c (keyedit_menu): Merge updpref and setpref. Keep updpref as an
invisible alias. Add invisible alias for revphoto. Fix small memory leak
when using "setpref" (not all of the uid was freed). (menu_revkey):
Trigger a trust rebuild after revoking a key. Don't allow revoking an
already-revoked whole key. (menu_revsubkey): Don't allow revoking an
already-revoked subkey.
Revoke a whole key. (keyedit_menu): Call it here for when 'revkey' is used
without any subkeys selected. This is to be consistent with the other
functions which are "selected part if selected, whole key if not".
exit if it cannot lock memory. Also remove --nrsign-key and --nrlsign-key
since this can better be done via --edit-key.
* secmem.c (secmem_init): Return a flag to indicate whether we got the
lock.
* memory.h: Return a flag to indicate whether we got the lock.
(status_one_subpacket, print_one_subpacket): Fix some compiler warnings.
* g10.c (main): Fix --compression-algo to take a string argument like
--compress-algo.
* trustdb.c (uid_trust_string_fixed): For safety, check for a pk.
revoked.
* keyedit.c (show_key_with_all_names): Don't show validity for secret key
UIDs.
* keyedit.c (parse_sign_type): New. Figure out the flags (local,
nonrevoke, trust) for a signature. (keyedit_menu): Call it here so we can
mix and match flags, and don't need "nrltsign", "ltsign", "tnrsign", etc,
etc, etc.
(not used). (standard): 2440 says that textmode hashes should canonicalize
line endings to CRLF and remove spaces and tabs. 2440bis-12 says to just
canonicalize to CRLF. So, we default to the 2440bis-12 behavior, but
revert to the strict 2440 behavior if the user specifies --rfc2440. In
practical terms this makes no difference to any signatures in the real
world except for a textmode detached signature.
CUSTOM_DESCRIPTION. Changed all callers.
* app-openpgp.c (do_getattr, do_learn_status, do_setattr): Support
the new private DOs.
(do_change_pin): Add a "N" prefix to the strings so that the
callback can act accordingly for a new PIN. Unfortunately this
breaks existing translations but I see no wother way to overvome
this.
* cardglue.c (learn_status_cb): Ditto.
(agent_release_card_info): Ditto.
(struct pin_cb_info_s): Removed and changed all users.
(pin_cb): Reworked.
* card-util.c (card_status): Print them
(card_edit): New command PRIVATEDO.
(change_private_do): New.
hardcoding key sizes. Bump default to 2048. Bump minimum down to 512,
where possible, but require --expert to get there. DSA is always 1024
unless --expert is given.
Set PUBKEY_USAGE_UNKNOWN to handle flags that we don't understand.
(fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey): Call it from
here to remove duplicate code.