1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

847 Commits

Author SHA1 Message Date
David Shaw
1ae024ef81 * options.h, keyserver-internal.h, keyserver.c (keyserver_import_name),
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
2006-02-22 23:37:23 +00:00
David Shaw
305288b5f5 * options.h, keyserver.c (parse_keyserver_options): Remove
auto-cert-retrieve as it is no longer meaningful.  Add max-cert-size to
allow users to pick a max key size retrieved via CERT.
2006-02-22 20:34:48 +00:00
David Shaw
477defdb1b * options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.
2006-02-22 20:20:58 +00:00
David Shaw
7eab1846ca * options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate):
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
2006-02-22 19:06:23 +00:00
David Shaw
d038b36c8f * getkey.c (get_pubkey_byname): Fix minor security problem with PKA when
importing at -r time.  The URL in the PKA record may point to a key put in
by an attacker.  Fix is to use the fingerprint from the PKA record as the
recipient.  This ensures that the PKA record is followed.

* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
2006-02-21 22:23:35 +00:00
David Shaw
0eb4e93bd4 * gpgv.c: Stub keyserver_import_ldap.
* keyserver-internal.h, keyserver.c (keyserver_import_ldap): Import using
the PGP Universal trick of asking ldap://keys.(maildomain) for the key.
2006-02-21 16:09:09 +00:00
David Shaw
8a1bd087fc * keyserver.c (parse_keyserver_uri): Include the scheme in the uri
even when we've assumed "hkp" when there was no scheme.
2006-02-21 05:20:08 +00:00
Werner Koch
b121d029b5 about to release 1.4.3rc1 2006-02-14 16:28:34 +00:00
Werner Koch
966cd80d88 Fixed a wrong return code with gpg --verify 2006-02-14 10:17:57 +00:00
Werner Koch
2410941461 Lock random seed file 2006-02-09 12:54:41 +00:00
Werner Koch
4f34366389 Add support fro CardMan 4040 2006-02-06 16:34:20 +00:00
David Shaw
214a3a646e * keyserver.c (parse_keyserver_uri): If there is a path present, set the
direct_uri flag so the right keyserver helper is run.
2006-01-24 21:03:06 +00:00
David Shaw
4ff7d09040 * keyserver.c (keyserver_spawn): Include the EXEEXT so we can find
keyserver helpers on systems that use extensions.

* misc.c (path_access) [HAVE_DRIVE_LETTERS]: Do the right thing with
drive letter systems.
2006-01-22 21:40:20 +00:00
David Shaw
dbe415ea61 * keydb.h, passphrase.c (next_to_last_passphrase): New. "Touch" a
passphrase as if it was used (move from next_pw to last_pw).

* pubkey-enc.c (get_session_key): Use it here to handle the case where a
passphrase happens to be correct for a secret key, but yet that key isn't
the anonymous recipient (i.e. the secret key could be decrypted, but not
the session key).  This also handles the case where a secret key is
located on a card and a secret key with no passphrase.  Note this does not
fix bug 594 (anonymous recipients on smartcard do not work) - it just
prevents the anonymous search from stopping when the card is encountered.
2006-01-17 20:55:53 +00:00
David Shaw
7b978efef8 * keyserver.c (keyserver_refresh): Fix problem when more than one key
in a refresh batch has a preferred keyserver set.  Noted by Nicolas
Rachinsky.
2006-01-07 21:04:13 +00:00
David Shaw
1315171b07 * mainproc.c (check_sig_and_print), keyserver.c
(keyserver_import_pka), card-util.c (fetch_url): Always require a
scheme:// for keyserver URLs except when used as part of the
--keyserver command for backwards compatibility.
2006-01-01 18:12:57 +00:00
David Shaw
5bce704dd3 * sign.c (write_signature_packets): Lost a digest_algo line. 2006-01-01 17:59:57 +00:00
David Shaw
cbc5c947d5 * sign.c (hash_for): Add code to detect if the sk lives on a smart
card.  If it does, only allow 160-bit hashes, a la DSA.  This involves
passing the *sk in, so change all callers.  This is correct for today,
given the current 160-bit q in DSA, and the current SHA-1/RIPEMD160
support in the openpgp card.  It will almost certainly need changing
down the road.

* app-openpgp.c (do_sign): Give user error if hash algorithm is not
supported by the card.
2006-01-01 17:48:54 +00:00
David Shaw
846eefaa71 * keyserver.c (keyserver_import_pka): New. Moved from
getkey.c:get_pubkey_byname which was getting crowded.

* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records.  Can handle both the PGP (actual key) and IPGP (URL) CERT types.

* getkey.c (get_pubkey_byname): Call them both here.

* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
2005-12-23 22:17:11 +00:00
David Shaw
8b9c16ed0a * gpgv.c: Stub.
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keygerver_getname): New keyserver_getname function to fetch keys by name.

* getkey.c (get_pubkey_byname): Call it here to enable locating keys by
full mailbox from a keyserver a la PKA.  Try PKA first, though, as it is
likely to be faster.
2005-12-23 21:33:32 +00:00
Werner Koch
f1482aab4e Finished PKA feature 2005-12-20 20:19:16 +00:00
David Shaw
64fa7ea37e * getkey.c (merge_selfsigs_main): All primary keys can certify. 2005-12-19 22:10:20 +00:00
David Shaw
aebd3a04f3 * gpg.c (main): Restore convert-sk-to-pk as programs rely on it.
* keyid.c (usagestr_from_pk): Remove special PUBKEY_USAGE_CERT flag.
It's no longer needed.
2005-12-19 01:51:31 +00:00
David Shaw
26eeebf512 * gpg.c (main): Don't default to import-options convert-sk-to-pk. It
causes confusing warning messages when importing a PGP-exported key
that contains a secret key without selfsigs followed by the public
key.
2005-12-14 14:52:04 +00:00
David Shaw
735257ee1c * keyserver.c (keyserver_fetch): Switch on fast-import before we
--fetch-keys so we don't rebuild the trustdb after each fetch.
2005-12-08 15:37:26 +00:00
Werner Koch
0edfbba804 Made strings translatable. Minor fixes. 2005-12-08 07:42:41 +00:00
David Shaw
1d051e8ed5 * options.h, keyserver.c (curl_cant_handle, keyserver_spawn,
keyserver_fetch): Set a flag to indicate that we're doing a direct URI
fetch so we can differentiate between a keyserver operation and a URI
fetch for protocols like LDAP that can do either.
2005-12-08 05:52:41 +00:00
David Shaw
05193a2705 * keyserver.c (keyserver_spawn): Don't print "searching for key 00000000"
when fetching a URI.

* keyserver-internal.h, keyserver.c (keyserver_fetch): New.  Fetch an
arbitrary URI using the keyserver helpers.

* gpg.c (main): Call it from here for --fetch-keys.
2005-12-07 22:34:11 +00:00
David Shaw
28c12508c5 * main.h, keylist.c (print_revokers): New. Print the "rvk" designated
revoker record.  Moved from keyedit.c:show_key_with_all_names_colon.

* keylist.c (list_keyblock_colon): Use it here ...

* keyedit.c (show_key_with_all_names_colon): ... and here.
2005-11-20 15:02:03 +00:00
David Shaw
f7c138d9e7 * free-packet.c (copy_secret_key): Copy secret key into secure memory
since we may unprotect it.

* main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local user
support so users can use -u with --desig-revoke.  This bypasses the
interactive walk over the revocation keys.
2005-11-19 05:55:45 +00:00
David Shaw
eac8dbc9b7 * keyedit.c (keyedit_menu, menu_clean): Simplify clean options to just
"clean", and add "minimize".

* import.c (parse_import_options): Make help text match the export
versions of the options.

* options.h, export.c (parse_export_options, do_export_stream): Reduce
clean options to two: clean and minimize.

* trustdb.h, trustdb.c (clean_one_uid): New function that joins uid
and sig cleaning into one for a simple API outside trustdb.
2005-11-18 04:25:07 +00:00
David Shaw
9d49768999 * armor.c (parse_header_line): A fussy bit of 2440: header lines are
delimited with a colon-space pair.  Therefore a line such as "Comment:
" is actually legal, albeit not particularly useful.
2005-11-13 21:48:52 +00:00
David Shaw
40b9d5648d * trustdb.h, trustdb.c (clean_key): New function to handle key
cleaning from one convenient place.

* options.h, import.c (parse_import_options, clean_sigs_from_all_uids,
import_one): Reduce clean options to two: clean and minimize.

* parse-packet.c (setup_user_id): Remove.  (parse_user_id,
parse_attribute): Just use xmalloc_clear instead.
2005-11-12 04:53:03 +00:00
David Shaw
fe30a112fb * trustdb.c (clean_uid_from_key, clean_uids_from_key): Significantly
simpler implementation.
2005-11-12 03:48:02 +00:00
David Shaw
a81633ca7d * keyedit.c (keyedit_menu, menu_clean_sigs_from_uids): Add "minimize"
command.
2005-11-10 23:25:20 +00:00
David Shaw
843d5719e7 * packet.h, keyedit.c (menu_clean_uids_from_key), trustdb.c
(clean_uids_from_key): Fix display bug where sigs cleaned for other
reasons caused a uid to appear as if it had been compacted.
2005-11-10 23:16:34 +00:00
David Shaw
ce1ce8910e * packet.h: Move some flags to a bitfield. Change all callers. 2005-11-10 22:50:46 +00:00
David Shaw
477ded81a4 * options.h, import.c (parse_import_options, clean_sigs_from_all_uids,
import_one): Add import-minimal option. Similar to export-minimal, except
it works on the way in.
2005-11-10 21:30:27 +00:00
David Shaw
debc169f88 * trustdb.h, trustdb.c (clean_sigs_from_uid): Add flag to remove all
non-selfsigs from key during cleaning.  Change all callers.

* export.c (do_export_stream): Use it here so we don't need additional
minimize code in the export path.
2005-11-10 21:18:49 +00:00
David Shaw
11c7699c45 * options.skel: Add a section for --encrypt-to. This is Debian bug
336211 by Javier Fernández-Sanguino Peña.
2005-11-06 15:45:00 +00:00
David Shaw
f48ef0f1f0 * Makefile.am: Include @LIBUSB_CPPFLAGS@ in our CPPFLAGS. Strictly
speaking this should be only in gpg_CPPFLAGS, but then we have to
compile everything twice for gpg and gpgv.

* apdu.c (open_pcsc_reader): Fix double free.

* gpg.c (main) [__APPLE__]: Default the PCSC driver to the OS X
location.  Suggested by Patty A. Hardy.
2005-11-06 04:32:54 +00:00
David Shaw
4e27a9f5da * trustdb.c (clean_sigs_from_uid): Include sigs from unavailable keys in
the sigs that are cleaned.  Suggested by Dirk Traulsen and many others.
2005-11-02 16:47:02 +00:00
David Shaw
19de04694e * import.c (import_one): Do collapse_uids() before we do any cleaning
so keyserver mangled keys with doubled user IDs can be properly
cleaned - possibly sigs on the different user IDs cancel each other
out.

* import.c (parse_import_options), export.c (parse_export_options):
List "xxx-clean" before the longer options so we don't end up with a
partial match on the longer options.

* trustdb.c (clean_uids_from_key): Return proper number of cleaned
user IDs.  Don't count user IDs as cleaned unless we actually delete
something.
2005-11-02 05:22:01 +00:00
David Shaw
b3ea683ac9 * keyedit.c (menu_addrevoker), getkey.c (finish_lookup): Fix problem with
adding a cert-only designated revoker.  Code was looking for a key with
sign ability, and not cert ability.  Noted by Timo Schulz.
2005-10-27 16:23:59 +00:00
Werner Koch
2b50f31435 cygwin fixes 2005-10-27 09:14:27 +00:00
David Shaw
b9f1815947 * keygen.c (proc_parameter_file): Default key and subkey usage flags to
algo capabilities if parameter file doesn't specify them. Noted by Timo
Schulz.
2005-10-26 16:09:23 +00:00
Werner Koch
c8571979ef Fixed minor card related bugs and enhanced status messages 2005-10-18 17:41:20 +00:00
Werner Koch
9b7f1f6976 exported subkeys are now merged into one output keyblock 2005-10-17 17:21:15 +00:00
David Shaw
6c4e740a59 * keyedit.c (keyedit_menu, menu_backsign): New "backsign" command to
add 0x19 backsigs to old keys that don't have them.

* misc.c (parse_options): Fix build warning.

* main.h, keygen.c (make_backsig): Make public.
2005-10-14 04:07:13 +00:00
David Shaw
094a7ab401 * options.h, getkey.c (merge_selfsigs_subkey), gpg.c (main), sig-check.c
(signature_check2): Add --require-backsigs and --no-require-backsigs.  
Currently defaults to --no-require-backsigs.
2005-10-12 20:44:24 +00:00