1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-25 10:49:57 +01:00

1019 Commits

Author SHA1 Message Date
Werner Koch
2a9bd94734 * g10.c (add_group): Fixed group parsing to allow more than one
delimiter in a row and also allow tab as delimiter.
2003-01-14 09:35:31 +00:00
David Shaw
33d6f711cc * tdbio.c (tdbio_set_dbname): Fix assertion failure with
non-fully-qualified trustdb names.
2003-01-12 15:46:17 +00:00
David Shaw
7a5c4d215c * trustdb.c (get_validity_info, get_ownertrust_info, trust_letter):
Simplify by returning a ? for error directly.

* keyedit.c (show_key_with_all_names): Use get_validity_string and
get_ownertrust_string to show full word versions of trust (i.e. "full"
instead of 'f').

* trustdb.h, trustdb.c (get_ownertrust_string, get_validity_string): Same
as get_ownertrust_info, and get_validity_info, except returns a full
string.

* trustdb.c (get_ownertrust_with_min): New.  Same as 'get_ownertrust' but
takes the min_ownertrust value into account.
2003-01-11 21:13:41 +00:00
David Shaw
8b3b70499a * armor.c (armor_filter): Comment about PGP's end of line tab problem.
* trustdb.h, trustdb.c (trust_letter): Make static. (get_ownertrust_info,
get_validity_info): Don't mask the trust level twice.

* trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
keylist.c (list_keyblock_colon), keyedit.c (show_key_with_all_names_colon,
menu_revuid): Pass a user ID in rather than a namehash, so we only have to
do the hashing in one place.

* packet.h, pkclist.c (build_pk_list), free-packet.c
(release_public_key_parts): Remove unused namehash element for public
keys.
2003-01-11 03:57:00 +00:00
Werner Koch
29ef9bd0fb Updated from latest NewPG project 2003-01-09 13:15:07 +00:00
Werner Koch
c13b76ca6a Updated from latest NewPG project 2003-01-09 12:59:25 +00:00
David Shaw
254225ac37 * keygen.c (keygen_set_std_prefs): Warn when setting an IDEA preference
when IDEA is not available.
2003-01-07 15:30:02 +00:00
David Shaw
7b278538c7 * trustdb.c (get_validity_info): 'd' for disabled is not a validity value
any more.
2003-01-07 00:06:02 +00:00
David Shaw
39dd4d2b29 * gpgkeys_hkp.c (get_key): Use options=mr when getting a key so keyserver
doesn't attach the HTML header which we will just have to discard.
2003-01-06 23:05:39 +00:00
David Shaw
af6e3ef045 * packet.h, tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record),
trustdb.c (update_validity): Store temporary full & marginal counts in the
trustdb. (clear_validity, get_validity_counts): Return and clear temp
counts. (store_validation_status): Keep track of which keyids have been
stored. (validate_one_keyblock, validate_key_list): Use per-uid copies of
the full & marginal counts so they can be recalled for multiple levels.
(validate_keys): Only use unused keys for each new round.
(reset_unconnected_keys): Rename to reset_trust_records, and only skip
specifically excluded records.
2003-01-06 22:56:08 +00:00
David Shaw
fd6d6fd147 * DETAILS: Document disabled flag in capabilities field. 2003-01-06 21:12:34 +00:00
David Shaw
c974390d37 * keylist.c (print_capabilities): Show 'D' for disabled keys in
capabilities section.

* trustdb.c (is_disabled): Remove incorrect comment.
2003-01-06 21:01:44 +00:00
David Shaw
e247a0b3e0 * import.c (import_one): Only do the work to create the status display for
interactive import if status is enabled.

* keyring.c (keyring_search): skipfnc didn't work properly with non-keyid
searches.  Noted by Stefan Bellon.

* getkey.c (merge_selfsigs_main): Remove some unused code and make sure
that the pk selfsigversion member accounts for 1F direct sigs.
2003-01-03 21:41:53 +00:00
Werner Koch
842e690f54 * keydb.c (keydb_add_resource): Don't assume that try_make_homedir
terminates but check again for the existence of the directory and
continue then.
* openfile.c (copy_options_file): Print a warning if the skeleton
file has active options.
2003-01-02 18:28:29 +00:00
David Shaw
0bb73ee428 * getkey.c (merge_selfsigs_main), main.h, sig-check.c
(check_key_signature2): Pass the ultimately trusted pk directly to
check_key_signature2 to avoid going through the key selection mechanism.
This prevents a deadly embrace when two keys without selfsigs each sign
the other.
2002-12-29 15:58:44 +00:00
David Shaw
55eda4b4f8 * keyserver.c (keyserver_refresh): Don't print the "refreshing..." line if
there are no keys to refresh or if there is no keyserver set.

* getkey.c (merge_selfsigs_main): Any valid user ID should make a key
valid, not just the last one.  This also fixes Debian bug #174276.
2002-12-27 23:46:51 +00:00
David Shaw
98ef43987a * gpg.sgml: Clarify --no-permission-warning to note that the permission
warnings are not intended to be the be-all and end-all in security checks.
Add note to --group that when used on the command line, it may be
necessary to quote the argument so it is not treated as multiple
arguments.  Noted by Stefan Bellon.
2002-12-27 23:44:29 +00:00
David Shaw
61db74e2f4 * NEWS: Add note about convert-from-106 script. 2002-12-27 23:40:03 +00:00
Stefan Bellon
54a7e71a36 fixed type problem 2002-12-27 22:17:25 +00:00
David Shaw
eff3b562ae * keyedit.c (keyedit_menu, menu_revuid): Add "revuid" feature to revoke a
user ID.  This is the same as issuing a revocation for the self-signature,
but a much simpler interface to do it.
2002-12-27 13:41:17 +00:00
David Shaw
f3f1015f6a * keydb.h, getkey.c (key_byname): Flag to enable or disable including
disabled keys.  Keys specified via keyid (i.e. 0x...) are always included.

* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.

* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt.  Do include disabled keys for the default key and
--encrypt-to.

* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.

* gpgv.c (is_disabled): Stub.

* keygen.c (keygen_add_key_expire): Properly handle updating a key
expiration to a no-expiration value.

* keyedit.c (enable_disable_key): Comment.

* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.
2002-12-26 22:22:50 +00:00
David Shaw
7282f79c2e * iobuf.c (iobuf_flush): Only print debug info if debugging is on. 2002-12-26 20:58:23 +00:00
Werner Koch
005ac4d068 Simple script to create samplekeys.asc. CVS only. 2002-12-23 15:48:50 +00:00
Werner Koch
5356c28be9 * samplekeys.asc: Updated. 2002-12-23 15:47:53 +00:00
Timo Schulz
15a2a3cd1f 2002-12-22 Timo Schulz <ts@winpt.org>
* import.c (print_import_check): New.
        (import_one): Use it here.
        Use merge_keys_and_selfsig in the interactive mode to avoid
        wrong key information.
        * status.h: Add new status code.
        * status.c: Ditto.
2002-12-22 20:53:20 +00:00
David Shaw
6a4bd944a8 * pkclist.c (do_we_trust): Tweak language to refer to the "named
user" rather than "owner".  Noted by Stefan Bellon.

* trustdb.h, trustdb.c (trustdb_pending_check): New function to
check if the trustdb needs a check.

* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.

* options.skel: Include the required '=' sign in the sample
'group' option.  Noted by Stefan Bellon.

* import.c (chk_self_sigs): Don't try and check a subkey as if it
was a signature.
2002-12-13 21:10:53 +00:00
David Shaw
eb9607707e * tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
RECTYPE_TRUST records a bit.

* g10.c (main): Comment out --list-trust-path until it can be implemented.

* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich
cache.

* keygen.c (ask_algo): Make the Elgamal sign+encrypt warning stronger, and
remove the RSA sign+encrypt warning.
2002-12-11 17:50:38 +00:00
David Shaw
488b8dadba * gpg.sgml: Clarify include-revoked and include-disabled so they match
what the program actually does.  Noted by Dick Gevers.

* gpg.sgml: Document %-expandos for policy URLs and notations.

* gpg.sgml: Document --pgp8.  Clarify that --pgp6 and --pgp7 disable
--throw-keyid.
2002-12-11 03:47:03 +00:00
Stefan Bellon
ea86ca6565 fixed typo 2002-12-06 00:38:43 +00:00
Werner Koch
fce148aa0e * gpg.sgml: Document --no-mangle-dos-filenames. 2002-12-05 15:25:46 +00:00
Werner Koch
036fbb22a7 * g10.c: New options --[no-]mangle-dos-filenames.
* options.h (opt): Added mangle-dos-filenames.
* openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
filename only when this option is set; this is the default.
2002-12-05 15:25:16 +00:00
David Shaw
1aec20776c * main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) change.
Minimal isn't always best.

* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time.  Make sure that this doesn't
cause a time warp.

* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).

* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.

* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).

* packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.
2002-12-04 18:50:10 +00:00
David Shaw
60fce379da * trustdb.c (validate_keys): Show trust parameters when building trustdb,
and make sure that the version record update was successful.
(init_trustdb): If the current parameters aren't what was used for
building the trustdb, the trustdb is invalid.

* tbio.c (tdbio_db_matches_options): Update to work with new trustdbs.
2002-12-04 06:06:56 +00:00
David Shaw
3b7ca1faa5 * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store trust
model in the trustdb version record. (tdbio_update_version_record): New
function to update version record values during a trustdb check or update.
(tdbio_dump_record): Show trust model in dump.

* trustdb.c (validate_keys): Call tdbio_update_version_record on success
so that the correct options are stored in the trustdb.

* options.h: rearrange trust models so that CLASSIC is 0 and OPENPGP is 1.
2002-12-04 00:05:11 +00:00
David Shaw
e357092285 * options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode.  This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.

* getkey.c (finish_lookup): Comment.

* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder
user ID display in the --edit-key menu to match that of the --list-keys
display.

* g10.c (add_notation_data): Fix initialization.
2002-12-03 23:31:48 +00:00
Werner Koch
768ded7c03 Marked unused slots in the trustdb. 2002-12-03 08:12:53 +00:00
David Shaw
d37aad469c * gpg.sgml: Point out that if the user absolutely must, it's better to use
--pgpX than forcing an algorithm manually.  Better still not to use
anything, of course. CVS:
----------------------------------------------------------------------
gpg.sgml CVS:
----------------------------------------------------------------------
2002-12-01 21:06:13 +00:00
David Shaw
8dfe1d4348 * distfiles, gnupg.spec.in: Include convert-from-106.
* convert-from-106: Script to automate the 1.0.6->later conversion.  It
marks all secret keys as ultimately trusted, adds the signature caches,
and checks the trustdb.
2002-12-01 21:04:07 +00:00
David Shaw
db9195c10b * keyedit.c (menu_expire): Don't lose key flags when changing the
expiration date of a subkey.  This is not the most optimal solution, but
it is minimal change on the stable branch.

* main.h, keygen.c (do_copy_key_flags): New function to copy key flags, if
any, from one sig to another. (do_add_key_expire): New function to add key
expiration to a sig. (keygen_copy_flags_add_expire): New version of
keygen_add_key_expire that also copies key flags.
(keygen_add_key_flags_and_expire): Use do_add_key_expire.

* import.c (fix_hkp_corruption): Comment.
2002-12-01 20:59:04 +00:00
David Shaw
98708e1770 * NEWS: Add notes about notation names and '@', the --trust-model option,
default algorithms from --personal-xxxx, --primary-keyring, changes with
--s2k-digest-algo, the new anonymous recipient improvements, and
non-optimized memory wiping.
2002-11-26 04:02:58 +00:00
David Shaw
29c83f1c60 * gpg.sgml: Document --primary-keyring. Clarify --s2k-cipher-algo,
--s2k-digest-algo, --personal-cipher-preferences,
--personal-digest-preferences, and --personal-compress-preferences.
2002-11-26 04:00:28 +00:00
David Shaw
6122c65b61 * gpg.sgml: Document --sig-policy-url, --cert-policy-url, --sig-notation,
--cert-notation.  Clarify --show-notation and --show-policy-url that
policy URLs and notations can be used in data signatures as well.  Add
note about '@' being a required character in notation names.
2002-11-25 14:34:08 +00:00
Stefan Bellon
1289ab78e1 no RISC OS filetype needed for nooutput 2002-11-25 13:30:34 +00:00
David Shaw
0819797911 * main.h, misc.c (default_cipher_algo, default_compress_algo): New.
Return the default algorithm by trying --cipher-algo/--compress-algo, then
the first item in the pref list, then s2k-cipher-algo or ZIP.

* sign.c (sign_file, sign_symencrypt_file), encode.c (encode_simple,
encode_crypt): Call default_cipher_algo and default_compress_algo to get
algorithms.

* g10.c (main): Allow pref selection for compress algo with --openpgp.
2002-11-25 04:24:41 +00:00
David Shaw
bd23076c5e * mainproc.c (proc_encrypted): Use --s2k-digest-algo for passphrase
mangling rather than --digest-algo.
2002-11-25 04:11:02 +00:00
David Shaw
8b9e9d33c1 * sign.c (hash_for): If --digest-algo is not set, but
--personal-digest-preferences is, then use the first hash algorithm in the
personal list.  If the signing algorithm is DSA, then use the first
160-bit hash algorithm in the personal list. If --pgp2 is set and it's a
v3 RSA key, use MD5.
2002-11-25 04:06:04 +00:00
David Shaw
ce4ddd144c * g10.c (main), keydb.c (keydb_add_resource, keydb_locate_writable):
Rename --default-keyring as --primary-keyring.  Stefan wins the naming
contest.
2002-11-25 03:18:48 +00:00
David Shaw
a5b9770a8b * g10.c (add_notation_data): Disallow notation names that do not contain a
'@', unless --expert is set.  This is to help prevent people from
polluting the (as yet unused) IETF namespace.

* main.h: Comments about default algorithms.

* photoid.c (image_type_to_string): Comments about 3-letter file
extensions.
2002-11-24 01:49:32 +00:00
David Shaw
0cd879cd9c * encode.c (encode_simple), passphrase.c (passphrase_to_dek), sign.c
(sign_symencrypt_file): Use --s2k-digest-algo for passphrase mangling
rather than --digest-algo.
2002-11-24 00:50:14 +00:00
David Shaw
2bb29764af * gpg.sgml: Add an interoperability section. 2002-11-22 03:53:53 +00:00