expand_groups), g10.c (main, add_group): Add new "group" command to allow
one name to expand into multiple keys. For simplicity, and to avoid
potential loops, we only expand once - you can't make an alias that points
to an alias.
* main.h, g10.c (main), keygen.c (build_personal_digest_list): Simplify
the default digest list - there is really no need for the other hashes
since they will never be used after SHA-1 in the list.
* options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
"x-broken-hkp" keyserver scheme into keyserver-option "broken-http-proxy".
Move honor_http_proxy into keyserver_options. Canonicalize the three
variations of "hkp", "x-hkp", and "x-broken-hkp" into "hkp".
default digest preference list consisting of SHA-1, followed by every
other installed digest except MD5. Note this is the same as having no
digest preference at all except for SHA-1 being favored.
* options.h, g10.c (main), keygen.c (keygen_set_std_prefs), pkclist.c
(select_algo_from_prefs): Split --personal-preference-list into three:
--personal-{cipher|digest|compress}-preferences. This allows a user to
set one without affecting another (i.e. setting only a digest pref doesn't
imply an empty cipher pref).
* exec.c (exec_read): This is a safer way of guessing the return value of
system(). Noted by Stefan Bellon.
in the prefs string to allow switching on and off the MDC feature. This
is needed to properly export a key from GnuPG for use on PGP which does
not support MDC - without this, MDC-capable implementations will still try
and generate MDCs which will break PGP.
* keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if it is
enabled.
* options.h, g10.c (main), cipher.c (write_header), keygen.c
(keygen_set_std_prefs): For consistency, allow the user to specify
mdc/no-mdc in the --personal-preference-list. If disabled, it acts just
like --disable-mdc.
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted. Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.
* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
signature (callable by make_keysig_packet). (write_direct_sig): Write a 1F
direct key signature. (parse_revocation_key): Parse a string in
algo:fpr:sensitive format into a revocation key. (get_parameter_revkey,
do_generate_keypair): Call above functions when prompted from a batch key
generation file.
* build-packet.c (build_sig_subpkt): Allow multiple revocation key
subpackets in a single sig.
* keydb.h, getkey.c (get_seckey_byfprint): Same as get_pubkey_byfprint,
except for secret keys. We only know the fingerprint of a revocation key,
so this is needed to retrieve the secret key needed to issue a revokation.
* packet.h, parse-packet.c (parse_signature, parse_revkeys): Split revkey
parsing off into a new function that can be used to reparse after
manipulating the revkey list.
* sign.c (make_keysig_packet): Ability to make 1F direct key signatures.
fingerprint, etc.)
Do not print uncheckable signatures (missing key..) in --check-sigs.
Print statistics (N missing keys, etc.) after --check-sigs.
When signing a key with an expiration date on it, the "Do you want your
signature to expire at the same time?" question should default to YES
v3 keys is a MUST NOT.
* getkey.c (finish_lookup): The --pgp6 "use the primary key" behavior
should only apply while data signing and not encryption. Noted by Roger
Sondermann.
at their expiration time and not one second later.
* keygen.c (proc_parameter_file): Allow specifying preferences string
(i.e. "s5 s2 z1 z2", etc) in a batchmode key generation file.
* keyedit.c (keyedit_menu): Print standard error message when signing a
revoked key (no new translation).
* getkey.c (merge_selfsigs): Get the default set of key prefs from the
real (not attribute) primary uid.
and unhashed area on update. (find_subpkt): No longer needed.
* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key with a v4
signature. As usual, --expert overrides. Try to tweak some strings to a
closer match so they can all be translated in one place. Use different
helptext keys to allow different help text for different questions.
* keygen.c (keygen_upd_std_prefs): Remove preferences from both hashed and
unhashed areas if they are not going to be used.
Properly initialize the user ID refcount for user and photo IDs.
Tweak a few prompts to change "y/n" to "y/N", which is how most other
prompts are written.
Warn the user if they are about to revoke an expired sig (not a problem,
but they should know).
Control-d escapes the keyserver search prompt.
If a subkey is considered revoked solely because the parent key is
revoked, print the revocation reason from the parent key.
Allow revocation/expiration to apply to a uid/key with no entry in the
trustdb.
When key signing with multiple keys at the same time, make sure each key
gets the sigclass prompt
Close the iobuf and FILE before trying to reap the child process to
encourage the child to exit
Disable cache-on-close of the fd iobuf (shouldn't all fd iobufs not be
cached?)
bits long (as RSA minimum is 1024)
Allow IDEA as a fake preference for v3 keys with v3 selfsigs when
verifying that a cipher is in preferences while decrypting
keys (this is in the RFC), so that they can be (sometimes) used along
OpenPGP keys. Do not force using IDEA on an OpenPGP key, as this may
violate its prefs.
Also, revise the help text for the sig class explanation.
used with the agent. Changed all callers.
(agent_get_passphrase): Likewise and send it to the agent
* seckey-cert.c (do_check): New arg tryagain_text.
(check_secret_key): Pass the string to do_check.
* keygen.c (ask_passphrase): Set the error text is required.
* keyedit.c (change_passphrase): Ditto.
* passphrase.c (agent_open): Disable opt.use_agent in case of a
problem with the agent.
(agent_get_passphrase): Ditto.
(passphrase_clear_cache): Ditto.
IDEA warning for pk messages encrypted with IDEA (symmetric is already done)
Print IDEA warning for each occurance except for secret key protection and
unknown cipher from an encrypted message.
pops up when the user uses "--cipher-algo idea", when setpref is used to
set a "S1" preference, and when a secret key protected with IDEA is used.
Tweak the --pgp2 mode to use this generic warning.
Offer to expire a key signature when the key the user is signing expires
Expired sigs cause an error return
If --expert is set, prompt for sig duration
