subpacket types (notation, policy url, exportable, revocable). keyedit.c
(sign_mk_attrib): Flags no longer need to be set here.
* packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c
(build_sig_subpkt): Call parse_one_sig_subpkt to sanity check buffer
lengths before building a sig subpacket.
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted. Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.
* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
* g10.c (main): --allow-freeform-uid should be implied by OpenPGP. Add
--no-allow-freeform-uid.
* keyedit.c (sign_uids): Issue a warning when signing a non-selfsigned
uid.
* getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
allow-non-selfsigned-uid is not set, still try and make the key valid by
checking all uids for a signature from an ultimately trusted key.
photo. Use the short keyid as the filename on 8.3 systems.
* exec.h, exec.c (make_tempdir, exec_write, exec_finish): Allow caller to
specify filename. This should make things easier on windows and macs
where the file extension is required, but a whole filename is even better.
* keyedit.c (show_key_with_all_names, show_prefs): Show proper prefs for a
v4 key uid with no selfsig at all.
* misc.c (check_permissions): Don't check permissions on non-normal files
(pipes, character devices, etc.)
prefs for hash and compression as well as the cipher pref. Show assumed
prefs if there are no prefs at all on a v4 self-signed key.
* options.h, g10.c (main), sign.c (make_keysig_packet): New
--cert-digest-algo function to override the default key signing hash
algorithm.
about sig level or expiration, and include the usual preferences and such
for v4 self-sigs. (menu_set_preferences): Convert uids from UTF8 to
native before printing.
functions to return data about an image.
* packet.h, parse-packet.c (make_attribute_uidname,
parse_attribute_subpkts, parse_attribute), photoid.h, photoid.c
(show_photos): Handle multiple images in a single attribute packet.
* main.h, misc.c (pct_expando), sign.c (mk_notation_and_policy), photoid.c
(show_photos): Simpler expando code that does not require using
compile-time string sizes. Call image_type_to_string to get image strings
(i.e. "jpg", "image/jpeg"). Change all callers.
* keyedit.c (menu_showphoto), keylist.c (list_keyblock_print): Allow
viewing multiple images within a single attribute packet.
* gpgv.c: Various stubs for link happiness.
Split "--notation-data" into "--cert-notation" and "--sig-notation" so the
user can set different policies for key and data signing. For backwards
compatibility, "--notation-data" sets both, as before.
on a given key are legal.
* keyserver.c (keyserver_refresh): the fake v3 keyid hack applies to
"mailto" URLs as well since they are also served by pksd.
fingerprint, etc.)
Do not print uncheckable signatures (missing key..) in --check-sigs.
Print statistics (N missing keys, etc.) after --check-sigs.
When signing a key with an expiration date on it, the "Do you want your
signature to expire at the same time?" question should default to YES
non-revoked user id.
* hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options,
keyserver_spawn), options.h: Remove fast-import keyserver option (no
longer meaningful).
* g10.c (main), keyedit.c (sign_uids), options.h: Change
--default-check-level to --default-cert-check-level as it makes clear what
it operates on.
* g10.c (main): --pgp6 also implies --no-ask-sig-expire.
* delkey.c (do_delete_key): Comment.
menu_expire, menu_revsig, menu_revkey): Only force a trustdb check if we
did something that changes it.
* g10.c: add "--auto-check-trustdb" to override a
"--no-auto-check-trustdb"
stamp was actually changed.
* trustdb.c (revalidation_mark): Sync the changes. Removed the
sync operation done by its callers.
(get_validity): Add logic for maintaining a pending_check flag.
(clear_ownertrust): New.
* keyedit.c (sign_uids): Don't call revalidation_mark depending on
primary_pk.
(keyedit_menu): Call revalidation_mark after "trust".
(show_key_with_all_names): Print a warning on the wrong listed key
validity.
* delkey.c (do_delete_key): Clear the owenertrust information when
deleting a public key.
at their expiration time and not one second later.
* keygen.c (proc_parameter_file): Allow specifying preferences string
(i.e. "s5 s2 z1 z2", etc) in a batchmode key generation file.
* keyedit.c (keyedit_menu): Print standard error message when signing a
revoked key (no new translation).
* getkey.c (merge_selfsigs): Get the default set of key prefs from the
real (not attribute) primary uid.
twice in batch mode if one instance was the default recipient and the
other was an encrypt-to. Noted by Stefan Bellon.
* parse-packet.c (dump_sig_subpkt): Show data in trust and regexp sig
subpackets.
* keyedit.c (keyedit_menu): Use new function real_uids_left to prevent
deleting the last real (i.e. non-attribute) uid. Again, according to the
attribute draft. (menu_showphoto): Make another string translatable.
and unhashed area on update. (find_subpkt): No longer needed.
* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key with a v4
signature. As usual, --expert overrides. Try to tweak some strings to a
closer match so they can all be translated in one place. Use different
helptext keys to allow different help text for different questions.
* keygen.c (keygen_upd_std_prefs): Remove preferences from both hashed and
unhashed areas if they are not going to be used.
ID (in this version, it's always "jpeg"). Also tweak string expansion
loop to minimize reallocs.
* mainproc.c (do_check_sig): Variable type fix.
* keyedit.c (menu_set_primary_uid): Differentiate between true user IDs
and attribute user IDs when making one of them primary. That is, if we are
making a user ID primary, we alter user IDs. If we are making an attribute
packet primary, we alter attribute packets. This matches the language in
the latest attribute packet draft.
* keyedit.c (sign_uids): No need for the empty string hack.
* getkey.c (fixup_uidnode): Only accept preferences from the hashed
segment of the self-sig.
Properly initialize the user ID refcount for user and photo IDs.
Tweak a few prompts to change "y/n" to "y/N", which is how most other
prompts are written.
Warn the user if they are about to revoke an expired sig (not a problem,
but they should know).
Control-d escapes the keyserver search prompt.
If a subkey is considered revoked solely because the parent key is
revoked, print the revocation reason from the parent key.
Allow revocation/expiration to apply to a uid/key with no entry in the
trustdb.
If none of the uids are primary (because none are valid) then pick the
first to be primary (but still invalid). This is for cosmetics in case
some display needs to print a user ID from a non-selfsigned key. Also use
--allow-non-selfsigned-uid to make such a key valid and not
--always-trust. The key is *not* automatically trusted via
--allow-non-selfsigned-uid.
Make sure non-selfsigned uids print [uncertain] on verification even
though one is primary now.
If the main key is not valid, then neither are the subkeys.
Allow --allow-non-selfsigned-uid to work on completely unsigned keys.
Print the uids in UTF8. Remove mark_non_selfsigned_uids_valid()
Show revocation key as UTF8.
Allow --not-dash-escaped to work with v3 keys.
do not prompt for revocation reason for v3 revocations (unless
force-v4-certs is on) since they wouldn't be used anyway.
show the status of the sigs (exportable? revocable?) to the user before
prompting for which sig to revoke. Also, make sure that local signatures
get local revocations.
Add "exec-path" variable to override PATH for execing programs.
properly check return code from classify_user_id to catch unclassifiable
keys.
support. That is, it handles all the data to mark a key as revoked if it
has been revoked by a designated revoker. The second half (coming
later) will contain the code to make someones key your designated revoker
and to issue revocations for someone else.
Note that this is written so that a revoked revoker can still issue
revocations: i.e. If A revokes B, but A is revoked, B is still revoked.
I'm not completely convinced this is the proper behavior, but it matches
how PGP does it. It does at least have the advantage of much simpler code
- my first version of this had lots of loop maintaining code so you could
chain revokers many levels deep and if D was revoked, C was not, which
meant that B was, and so on. It was sort of scary, actually.
This also changes importing to allow bringing in more revocation keys, and
exporting to not export revocation keys marked "sensitive".
The --edit menu information will show if a revocation key is present.
is a cert. A sig has sigclass 0x00, 0x01, 0x02, or 0x40, and everything
else is a cert.
Add a "nrlsign" for nonrevocable and local key signatures.
Add a --no-force-mdc to undo --force-mdc.
Add a knob to force --disable-mdc/--no-disable-mdc. Off by default, of
course, but is used in --pgp2 and --pgp6 modes.
Allow specifying multiple users in the "Enter the user ID" loop. Enter a
blank line to stop. Show each key+id as it is added.
It is not illegal (though possibly silly) to have multiple policy URLs in
a given signature, so print all that are present.
More efficient implementation of URL-ifying code for --search on an HKP
keyserver.
"http://notary.jabberwocky.com/keysign/%K" to create a per-signature
policy URL. Use the new generic %-handler for the photo ID stuff as well.
Display policy URLs and notations during signature generation if
--show-policy-url/--show-notation is set.
When key signing with multiple keys at the same time, make sure each key
gets the sigclass prompt
Close the iobuf and FILE before trying to reap the child process to
encourage the child to exit
Disable cache-on-close of the fd iobuf (shouldn't all fd iobufs not be
cached?)
used with the agent. Changed all callers.
(agent_get_passphrase): Likewise and send it to the agent
* seckey-cert.c (do_check): New arg tryagain_text.
(check_secret_key): Pass the string to do_check.
* keygen.c (ask_passphrase): Set the error text is required.
* keyedit.c (change_passphrase): Ditto.
* passphrase.c (agent_open): Disable opt.use_agent in case of a
problem with the agent.
(agent_get_passphrase): Ditto.
(passphrase_clear_cache): Ditto.
change default compression to 1
add ask-sig-expire and ask-cert-expire (--expert was getting absurdly
overloaded)
permit v3 subkeys
use --expert to protect adding multiple photo ids and adding photos to a
v3 key
declaration due to shadowing warnings.
* build-packet.c (build_attribute_subpkt): s/index/idx/ to avoid
compiler warnig due to index(3).
* getkey.c (get_ctx_handle): Use KEYDB_HANDLE as return value.
* keylist.c (list_one): Made resname const.
* keyedit.c (keyedit_menu): Allow "addphoto" only when --openpgp is
not used.
* options.skel: Changed one example photo viewer to qiv.
Offer to expire a key signature when the key the user is signing expires
Expired sigs cause an error return
If --expert is set, prompt for sig duration
Do not allow signing a revoked UID unless --expert is set, and ask even then.
Do not allow signing a revoked key unless --expert is set, and ask even then.
