in the prefs string to allow switching on and off the MDC feature. This
is needed to properly export a key from GnuPG for use on PGP which does
not support MDC - without this, MDC-capable implementations will still try
and generate MDCs which will break PGP.
* keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if it is
enabled.
* options.h, g10.c (main), cipher.c (write_header), keygen.c
(keygen_set_std_prefs): For consistency, allow the user to specify
mdc/no-mdc in the --personal-preference-list. If disabled, it acts just
like --disable-mdc.
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted. Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.
* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
* g10.c (main): --allow-freeform-uid should be implied by OpenPGP. Add
--no-allow-freeform-uid.
* keyedit.c (sign_uids): Issue a warning when signing a non-selfsigned
uid.
* getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
allow-non-selfsigned-uid is not set, still try and make the key valid by
checking all uids for a signature from an ultimately trusted key.
prefs for hash and compression as well as the cipher pref. Show assumed
prefs if there are no prefs at all on a v4 self-signed key.
* options.h, g10.c (main), sign.c (make_keysig_packet): New
--cert-digest-algo function to override the default key signing hash
algorithm.
clean as this function may be called more than once (e.g. from functions
in --edit).
* g10.c, encode.c (encode_crypt), sign.c (sign_file,
sign_symencrypt_file): Make --compress-algo work like the documentation
says. It should be like --cipher-algo and --digest-algo in that it can
override the preferences calculation and impose the setting the user
wants. No --compress-algo setting allows the usual preferences
calculation to take place.
* main.h, compress.c (compress_filter): use new DEFAULT_COMPRESS_ALGO
define, and add a sanity check for compress algo value.
(algo_available): --pgp7, identical to --pgp6 except that it permits a few
algorithms that PGP 7 added: AES128, AES192, AES256, and TWOFISH. Any
more of these --pgpX flags, and it'll be time to start looking at a
generic --emulate-pgp X option.
if it or any of its secret subkeys are protected with SHA1 while
simple_sk_checksum is set.
* parse-packet.c (parse_key): Show when the SHA1 protection is used in
--list-packets.
* options.h, build-packet.c (do_comment), g10.c (main): Rename
--no-comment as --sk-comments/--no-sk-comments (--no-comment still works)
and make the default be --no-sk-comments.
Split "--notation-data" into "--cert-notation" and "--sig-notation" so the
user can set different policies for key and data signing. For backwards
compatibility, "--notation-data" sets both, as before.
* g10.c, options.h: New options --display, --ttyname, --ttytype,
--lc-ctype, --lc-messages to be used with future versions of the
gpg-agent.
* passphrase.c (agent_send_option,agent_send_all_options): New.
(agent_open): Send options to the agent.
* trustdb.c (update_ownertrust, clear_ownertrust): Do an explicit
do_sync because revalidation_mark does it only if when the
timestamp actually changes.
/
* configure.ac: Check for locale.h and setlocale
non-revoked user id.
* hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options,
keyserver_spawn), options.h: Remove fast-import keyserver option (no
longer meaningful).
* g10.c (main), keyedit.c (sign_uids), options.h: Change
--default-check-level to --default-cert-check-level as it makes clear what
it operates on.
* g10.c (main): --pgp6 also implies --no-ask-sig-expire.
* delkey.c (do_delete_key): Comment.
menu_expire, menu_revsig, menu_revkey): Only force a trustdb check if we
did something that changes it.
* g10.c: add "--auto-check-trustdb" to override a
"--no-auto-check-trustdb"
for use with secret keys.
* seckey-cert.c (do_check): Always calculate the old checksum for
use after unprotection.
* g10.c, options.skel: New option --no-escape-from. Made
--escape-from and --force-v3-sigs the default and removed them
from the options skeleton.
draft-rfc2440-bis04.
* packet.h (PKT_secret_key): Add field sha1chk.
* seckey-cert.c (do_check): Check the SHA1 checksum
(protect_secret_key): And create it.
* build-packet.c (do_secret_key): Mark it as sha-1 protected.
* g10.c, options.h: New option --simple-sk-checksum.
"deprecated-use-keyexpired-instead" to SIGEXPIRED.
Start transition from SIGEXPIRED to KEYEXPIRED, since the actual event is
signature verification by an expired key and not an expired signature.
Rename do_signature_check as signature_check2, make public, and change all
callers.
Use status EXPSIG for an expired, but good, signature. Add the expiration
time (or 0) to the VALIDSIG status line. Use status KEYEXPSIG for a good
signature from an expired key.
Remove checks for no arguments now that argparse does it.
--allow-non-selfsigned-uid allows for completey unsigned uids).
Do not choose an attribute packet (i.e. photo) as primary uid. This
prevents oddities like "Good signature from [image of size 2671]". This
is still not perfect (one can still select an attribute packet as primary
in --edit), but is closer to the way the draft is going.
The algorithms list should include #110.
--pgp2 implies --no-ask-sig-expire and --no-ask-cert-expire as those would
cause a v4 sig/cert.
Be more lenient in what constitutes a valid armor header (i.e. -----BEGIN
blah blah-----) as some Windows programs seem to add spaces at the end.
--openpgp makes it strict again
If none of the uids are primary (because none are valid) then pick the
first to be primary (but still invalid). This is for cosmetics in case
some display needs to print a user ID from a non-selfsigned key. Also use
--allow-non-selfsigned-uid to make such a key valid and not
--always-trust. The key is *not* automatically trusted via
--allow-non-selfsigned-uid.
Make sure non-selfsigned uids print [uncertain] on verification even
though one is primary now.
If the main key is not valid, then neither are the subkeys.
Allow --allow-non-selfsigned-uid to work on completely unsigned keys.
Print the uids in UTF8. Remove mark_non_selfsigned_uids_valid()
Show revocation key as UTF8.
Allow --not-dash-escaped to work with v3 keys.
that has been revoked by designated revoker, but the designated revoker is
not present to verify the revocation (whew!). This applies to all ways to
get a key into the system: --import --recv-keys, and --search-keys. If
auto-key-retrieve is set, try and retrieve the revocation key.
Also, auto-key-retrieve is now a keyserver-option.
do not prompt for revocation reason for v3 revocations (unless
force-v4-certs is on) since they wouldn't be used anyway.
show the status of the sigs (exportable? revocable?) to the user before
prompting for which sig to revoke. Also, make sure that local signatures
get local revocations.
Add "exec-path" variable to override PATH for execing programs.
properly check return code from classify_user_id to catch unclassifiable
keys.
unknown and undefined trust. Removed the did_add cruft. Reported
by Janusz A. Urbanowicz.
* g10.c: New option --no-use-agent.
Hmmm, is this a a good name? --do-not-use-agent seems a bit to long.
is a cert. A sig has sigclass 0x00, 0x01, 0x02, or 0x40, and everything
else is a cert.
Add a "nrlsign" for nonrevocable and local key signatures.
Add a --no-force-mdc to undo --force-mdc.
Add a knob to force --disable-mdc/--no-disable-mdc. Off by default, of
course, but is used in --pgp2 and --pgp6 modes.
Allow specifying multiple users in the "Enter the user ID" loop. Enter a
blank line to stop. Show each key+id as it is added.
It is not illegal (though possibly silly) to have multiple policy URLs in
a given signature, so print all that are present.
More efficient implementation of URL-ifying code for --search on an HKP
keyserver.
turns off force_mdc, turns on no_comment, escape_from, and force_v3_sigs,
and sets compression to 1. It also restricts the user to IDEA (if
present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. See the comments above
algo_available() for lots of discussion on why you would want to do this.
* passphrase.c (agent_open): Let it override the environment info.
* seckey-cert.c (check_secret_key): Always try 3 times when the
agent is enabled.
* options.skel: Describe --use-agent.
keys (this is in the RFC), so that they can be (sometimes) used along
OpenPGP keys. Do not force using IDEA on an OpenPGP key, as this may
violate its prefs.
Also, revise the help text for the sig class explanation.
Remove get_temp_dir (it's in exec.c now)
Allow --delete-key (now --delete-keys, though --delete-key still works) to
delete multiple keys in one go. This applies to
--delete-secret-key(s) and --delete-secret-and-public-key(s) as well
change default compression to 1
add ask-sig-expire and ask-cert-expire (--expert was getting absurdly
overloaded)
permit v3 subkeys
use --expert to protect adding multiple photo ids and adding photos to a
v3 key
Warn with pgp2 and non-detached signatures
Use the actual filesize rather than partial length packets in
symmetric messages (see ChangeLog or NEWS for discussion).
that live there for safe permission/ownership (--no-permission-warning to
disable)
The newer glibcs print scary warnings about using mktemp(). The use here
was actually safe, but the warning was bound to confuse people, so here is
an arguably better tempname creator that pulls random bits from the pool.
IDEA warning for pk messages encrypted with IDEA (symmetric is already done)
Print IDEA warning for each occurance except for secret key protection and
unknown cipher from an encrypted message.
