1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

699 Commits

Author SHA1 Message Date
Werner Koch
2aa42baaf3
Print warnings if old daemon versions are used.
* common/status.h (STATUS_WARNING): New.
* g10/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
* g10/call-dirmngr.c: Include status.h.
(warn_version_mismatch): New.
(create_context): Call warn function.
* sm/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
(gpgsm_agent_learn): Call warn function.
* sm/call-dirmngr.c (warn_version_mismatch): New.
(prepare_dirmngr): Call warn function.
--

We have seen too often bug reports which are due to still running old
versions of the daemons.  To catch this problematic use we now print
warning messages and also provide the warning via the status
interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 10:33:19 +01:00
Werner Koch
0f61599ed0
build: Avoid dependecy problems in "make distcheck".
* doc/Makefile.am (gnupg.texi): Depend on defs.inc.
--

Reported-by: Justus Winter
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 13:28:28 +01:00
Werner Koch
28e2513721
dirmngr: Switch to an onion address if Tor is running.
* dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
* dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
--keyserver options.
* dirmngr/server.c (server_local_s): Add field 'tor_state'.
(release_uri_item_list): New.
(release_ctrl_keyservers): Use it.
(start_command_handler): Release list of keyservers.
(is_tor_running): New.
(cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
(ensure_keyserver): Rewrite.
* g10/dirmngr-conf.skel: Add two keyserver options.
--

This feature is independent of --use-tor and automagically uses Tor if
available.  The dirmngr.conf file needs to specify two keyservers to
make this work.  For new installations this is done using the skeleton
file.  This feature requires the Libassuan 2.4.2 to work.

This patch also fixes a memory leak of opt.keyserver en passant.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 12:27:35 +01:00
Werner Koch
fdd2cc5f3b
doc: Clarify dirmngr's --keyserver option.
--
GnuPG-bug-id: 2165
2015-11-30 16:01:07 +01:00
Werner Koch
b2b079cb2f
doc: Typo fix.
--
2015-11-30 11:47:23 +01:00
Werner Koch
4ecb5db804
doc: Make make distcheck work again.
* doc/Makefile.am (DISTCLEANFILES): Add gpgkey2ssh.1

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-30 11:45:28 +01:00
Werner Koch
b4756a54a5
yat2m: Add keyword @url.
* doc/yat2m.c (proc_texi_cmd): Add keyword @url.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-30 11:32:00 +01:00
Werner Koch
081c902f16
doc: Build man pages with the same date as the info files.
* doc/Makefile.am (yat2m-stamp): Use option --date.
--

This changes allows reproducible builds.

Debian-bug-id: 806494
2015-11-30 11:27:30 +01:00
Werner Koch
75eb071354
yat2m: New option --date.
* doc/yat2m.c (opt_date): new.
(isodatestring): Use it if set.
(main): New option --date.
2015-11-30 11:25:37 +01:00
Neal H. Walfield
0b86c7463c gpg: Allow selecting subkeys using a keyid.
* g10/keyedit.c (menu_select_key): Take an additional argument, p.
Update callers.  If P is a hex string, then assume that P is a key id
or fingerprint and select subkeys with matching key ids or
fingerprints.
* doc/gpg.texi: Update documentation for the key subcommand.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1423
Debian-bug-id: 610336
2015-11-17 21:23:16 +01:00
Werner Koch
2038adf16d
gpg: Print a new EXPORTED status line.
* common/status.h (STATUS_EXPORTED): New.
* g10/export.c (print_status_exported): New.
(do_export_stream): Call that function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 17:02:18 +01:00
Werner Koch
e3c48335f9
gpg: Print export statistics to the status-fd.
* common/status.h (STATUS_EXPORT_RES): New.
* g10/main.h (export_stats_t): New.
* g10/export.c (export_stats_s): New.
(export_new_stats, export_release_stats): New.
(export_print_stats): New.
(export_pubkeys, export_seckeys, export_secsubkeys)
(export_pubkey_buffer, do_export): Add arg "stats".
(do_export_stream): Add arg stats and update it.
* g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create,
pass, and print a stats object to the export function calls.

* g10/export.c (export_pubkeys_stream): Remove unused function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 16:44:00 +01:00
Werner Koch
a2cc1d5755
dirmngr: New option --nameserver.
* dirmngr/dirmngr.c (oNameServer): New.
(opts): Add --nameserver.
(parse_rereadable_options): Act upon oNameServer.
* dirmngr/dns-stuff.c (DEFAULT_NAMESERVER): New.
(tor_nameserver): New.
(set_dns_nameserver): New.
(my_adns_init): Make name server configurable.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 13:20:18 +01:00
Neal H. Walfield
a74aeb5dae gpg: Add new option --only-sign-text-ids.
* g10/options.h (opt): Add field only_sign_text_ids.
* g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
(opts): Handle oOnlySignTextIDs.
(main): Likewise.
* g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
select non-text based IDs automatically.
(keyedit_menu): Adapt the prompt asking to sign all user ids according
to OPT.ONLY_SIGN_TEXT_IDS.
* doc/gpg.texi: Document the new option --only-sign-text-ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1241
Debian-bug-id: 569702
2015-11-06 13:16:37 +01:00
Neal H. Walfield
2b0e0a53b4 doc: Note that gpgkey2ssh is deprecated.
* doc/tools.texi (gpgkey2ssh): Note that gpgkey2ssh is deprecated.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-05 14:09:00 +01:00
Neal H. Walfield
2b27acc343 doc: Add documentation for gpgkey2ssh.
* doc/tools.texi: Add documentation for gpgkey2ssh.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Co-authored-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 1067
Debian-bug-id 380241
2015-11-05 13:57:32 +01:00
Neal H. Walfield
de9b234015 gpg: Add --encrypt-to-default-key.
* g10/getkey.c (parse_def_secret_key): Drop the static qualifier and
export the function.
* g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey.
(opts): Handle oEncryptToDefaultKey.
(main): Likewise.
* g10/options.h (opt): Add field encrypt_to_default_key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 807
2015-11-04 13:19:54 +01:00
Neal H. Walfield
e16d7168c5 gpg: Allow multiple --default-key options. Take the last available key.
* g10/getkey.c (parse_def_secret_key): New function.
(get_seckey_default): Add parameter ctrl.  Update callers.  Use
parse_def_secret_key to get the default secret key, if any.
(getkey_byname): Likewise.
(enum_secret_keys): Likewise.
* g10/options.h (opt): Change def_secret_key's type from a char * to a
strlist_t.
* g10/gpg.c (main): When processing --default-key, add the key to
OPT.DEF_SECRET_KEY.
* g10/gpgv.c (get_session_key): Add parameter ctrl.  Update callers.
* g10/mainproc.c (proc_pubkey_enc): Likewise.
(do_proc_packets): Likewise.
* g10/pkclist.c (default_recipient): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sign.c (clearsign_file): Likewise.
(sign_symencrypt_file): Likewise.
* g10/skclist.c (build_sk_list): Likewise.
* g10/test-stubs.c (get_session_key): Likewise.

--
Signed-off-by: Neal H. Walield <neal@g10code.com>
GnuPG-bug-id: 806
2015-11-04 13:19:52 +01:00
Werner Koch
965486031b
Use of some C99 features is now permitted.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-29 15:03:55 +01:00
NIIBE Yutaka
d25e29ad93 doc: Don't install gpg-zip.1.
* doc/Makefile.am (myman_pages): Remove gpg-zip.1.
(DISTCLEANFILES): Add gpg-zip.1.

--

Thanks to Thomas Klausner.

GnuPG-bug-id: 2095
2015-10-29 10:26:04 +09:00
Damien Goutte-Gattat
e095a3fcf2
doc: Document some changed default options.
* doc/gpg.texi: Update the description of some options which are
  now enabled by default.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2015-10-28 12:11:12 +01:00
Daniel Kahn Gillmor
1f872cb4ad
Fix typos
--
2015-10-28 10:20:17 +01:00
Werner Koch
9ffcb77e25
Change capitalization of TOR to Tor.
--
2015-10-21 18:14:24 +02:00
Daniel Kahn Gillmor
76afaed65e
gpg: Add option --weak-digest to gpg and gpgv.
* g10/options.h: Add additional_weak_digests linked list to opts.
* g10/main.h: Declare weakhash linked list struct and
additional_weak_digest() function to insert newly-declared weak
digests into opts.
* g10/misc.c: (additional_weak_digest): New function.
(print_digest_algo_note): Check for deprecated digests; use proper
gcry_md_algos type.
* g10/sig-check.c: (do_check): Reject weak digests in addition to MD5.
* g10/gpg.c: Add --weak-digest option to gpg.
* doc/gpg.texi: Document gpg --weak-digest option.
* g10/gpgv.c: Add --weak-digest option to gpgv.
* doc/gpgv.texi: Document gpgv --weak-digest option.

--
gpg and gpgv treat signatures made over MD5 as unreliable, unless the
user supplies --allow-weak-digests to gpg.  Signatures over any other
digest are considered acceptable.

Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC
4880, the collision-resistance of SHA-1 is weaker than anyone would
like it to be.

Some operators of high-value targets that depend on OpenPGP signatures
may wish to require their signers to use a stronger digest algorithm
than SHA1, even if the OpenPGP ecosystem at large cannot deprecate
SHA1 entirely today.

This changeset adds a new "--weak-digest DIGEST" option for both gpg
and gpgv, which makes it straightforward for anyone to treat any
signature or certification made over the specified digest as
unreliable.

This option can be supplied multiple times if the operator wishes to
deprecate multiple digest algorithms, and will be ignored completely
if the operator supplies --allow-weak-digests (as before).

MD5 is still always considered weak, regardless of any further
--weak-digest options supplied.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Capitialized some comments, shorted a line in do_check, and changed
subject to name the option.  -wk
2015-10-19 14:24:27 +02:00
Werner Koch
6983fd131f
dirmngr: Make --use-tor work - still leaks DNS.
* dirmngr/dirmngr.c (set_tor_mode): New.
(main, reread_configuration): Call it.
* dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
mode is enabled if the FORCE_TOR flag is given.
--

The patch for http.c is a sanity check because tor mode is anyway
global as long as the Assuan socket wrappers are used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-19 13:17:58 +02:00
Neal H. Walfield
f77913e0ff g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask.  Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask.  Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask.  Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask.  If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level.  Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:45:40 +02:00
Werner Koch
d7b8e76f99
gpg: Add option --print-dane-records.
* g10/options.h (opt): Add field "print_dane_records".
* g10/gpg.c (oPrintDANERecords): new.
(opts): Add --print-dane-records.
(main): Set that option.
* g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling.
(do_export_stream): Add EXPORT_DANE_FORMAT handling.
* g10/keylist.c (list_keyblock_pka): Implement DANE record printing.

* g10/gpgv.c (export_pubkey_buffer): New stub.
* g10/test-stubs.c (export_pubkey_buffer): New stub.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 15:40:53 +02:00
Werner Koch
9ac31f91b1
gpg: Add new --auto-key-locate mechanism "dane".
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
* g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
* g10/options.h (AKL_DANE): New.
* g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
(parse_auto_key_locate): Ditto.
--

To test this use

  gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 20:31:43 +02:00
Werner Koch
9db6547a00
dirmngr: Do tilde expansion for --hkp-cacert.
* dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
check for cert file existance in option --hkp-cacert.
--

GnuPG-bug-id: 2120
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 13:10:26 +02:00
Werner Koch
ae471fa978
gpg: Deprecate the --keyserver option.
* g10/keyserver.c (keyserver_refresh): Change return type to
gpg_error_t.  Use gpg_dirmngr_ks_list to print the name of the
keyserver to use.
(keyserver_search): Do not print the "no keyserver" error
message.  The same error is anyway returned from dirmngr.
* g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
(ks_status_cb): Handle other status keywords.
(gpg_dirmngr_ks_list): New.
* tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
(gc_options_dirmngr): Add "Keyserver" group and "keyserver".
--

Along with the corresponding dirmngr change this option allows to
configure the keyserver only in dirmngr.conf.  Existing
configurations will continue to work.  However, GUIs using gpgconf
now the keyserver option under the dirmngr (aka Key Acquirer) tab
unless they are in export mode in which the keyserver option is also
show for gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-05 17:52:28 +02:00
Werner Koch
a48e6de603
dirmngr: Add option --keyserver.
* dirmngr/dirmngr.c (oKeyServer): New.
(opts): Add "keyserver".
(parse_rereadable_options): Parse that options
(main): Add option to the gpgconf list.
* dirmngr/dirmngr.h (opt): Add field "keyserver".
* dirmngr/server.c (ensure_keyserver): New.
(make_keyserver_item): New.  Factored out from
(cmd_keyserver): here.  Call ensure_keyserver.
(cmd_ks_search): Call ensure_keyserver.
(cmd_ks_get): Ditto.
(cmd_ks_fetch): Ditto.
(cmd_ks_put): Ditto.
--

This option specifies the keyserver to be used if the client does not
set another keyserver.  We want to fade out the use of --keyserver in
gpg.conf in favor of specifying it here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-05 17:44:20 +02:00
Werner Koch
438730323a
dirmngr: Make clear that --use-tor is not yet ready for use.
* dirmngr/dirmngr.c (main): Print a warning if --use-tor has been
given.
* tools/gpgconf-comp.c (gc_options_dirmngr): Make --use-tor invisible.
2015-10-05 11:31:31 +02:00
Werner Koch
13a3f65968
gpg: Add debug helper to --edit-keys's check sub-command.
* g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
print an asterisk for the chosen selfsig.
(check_all_keysigs): Add arg "only_selfsig"
(keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
--

Using "check selfsig" prints only the self-signatures and indicates
the chosen selfsig with an asterisk.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-01 16:24:59 +02:00
Werner Koch
348acbe18a
doc,w32: Fix compiler warnings.
--
2015-09-28 18:40:38 +02:00
Werner Koch
93d257c819
agent: New option --pinentry-invisible-char.
* agent/gpg-agent.c (oPinentryInvisibleChar): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* agent/agent.h (opt): Add field pinentry_invisible_char.
* agent/call-pinentry.c (start_pinentry): Pass option to pinentry.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 21:24:14 +02:00
Werner Koch
f9c83d84e7
gpg: Remove option --no-sig-create-check.
* g10/gpg.c (opts): Remove --no-sig-create-check.
* g10/options.h (struct opt): Remove field no_sig_create_check.
* g10/sign.c (do_sign): Always check unless it is RSA and we are using
Libgcrypt 1.7.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-01 07:37:12 +02:00
Werner Koch
836a3e4315
Typo fixes
--
2015-09-01 07:37:11 +02:00
Werner Koch
9cdff09743
gpg: Print a new FAILURE status after most commands.
* common/status.h (STATUS_FAILURE): New.
* g10/cpr.c (write_status_failure): New.
* g10/gpg.c (main): Call write_status_failure for all commands which
print an error message here.
* g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't
set the pinentry mode.
--

This status line can be used similar to the error code returned by
commands send over the Assuan interface in gpgsm.  We don't emit them
in gpgsm because there we already have that Assuan interface to return
proper error code.  This change helps GPGME to return better error
codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 15:26:33 +02:00
Werner Koch
b8adfc4186
doc: Remove C++ style comments and update HACKING.
--
2015-08-20 17:42:55 +02:00
Werner Koch
0d5a4138f2
po: Add lost translation of validity strings.
* po/POTFILES.in (trust.c): Add missing file.
* po/de.po: Changed German validity strings.
* doc/help.de.txt: Ditto.
--

Note that I replaced "uneingeschränkt" in de.po to "ultimativ" to
make the output better readable.
2015-08-20 16:58:30 +02:00
Daniel Kahn Gillmor
79b90039a8
doc: Improve documentation of VALIDSIG
--
2015-08-11 12:14:20 +02:00
Werner Koch
5b7a80b1ab
gpg: Allow gpgv to work with a trustedkeys.kbx file.
* g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New.
* g10/keydb.c (keydb_add_resource): Take care of new flag.
* g10/gpgv.c (main): Use new flag.
--

GnuPG-bug-id: 2025
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-07 15:53:56 +02:00
Hugo Roy
d22be79d9b
doc: Two typo fixes.
--
2015-08-03 12:34:15 +02:00
Werner Koch
9502d7f50a
doc: Document that gpg --edit-key's toggle is a nop.
--
2015-07-29 15:46:40 +02:00
Werner Koch
18f1e627c6
w32: Try more places to find an installed Pinentry.
* common/homedir.c (get_default_pinentry_name): Re-implement to
support several choices for Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-07-28 13:52:12 +02:00
Werner Koch
4ee4b99837
doc: Document scissor line for commit logs
--
2015-07-23 15:03:44 +02:00
Werner Koch
cb315d08e4
doc: Add a comment to --set-filename.
--
2015-07-22 16:41:22 +02:00
Daniel Kahn Gillmor
194c25d59f
doc: Improve documentation about VALIDSIG
--

The claim that VALIDSIG is the same as GOODSIG is simply wrong.
Attempt to clarify it.  Also, the paragraph about primary-key-fpr and
sig-version was weirdly re-ordered during the org-mode conversion in
65eb98966a569a91c97d0c23ba5582a9a7558de0; repair it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-07-22 12:59:02 +02:00
Daniel Kahn Gillmor
90f029e869
doc: Clarify constraints on who modifies files in ~/.gnupg
--
2015-07-22 12:57:17 +02:00
Daniel Kahn Gillmor
1be2cebf7f drop long-deprecated gpgsm-gencert.sh
* tools/gpgsm-gencert.sh: remove deprecated script entirely.  It is
   fully replaced by gpgsm --gen-key
 * doc/tools.texi: remove gpgsm-gencert.sh documentation
 * .gitignore: no longer ignore gpgsm-gencert.sh manpage
 * doc/Makefile.am: quit making the manpage
 * tools/Makefile.am: quit distributing the script
 * doc/howto-create-a-server-cert.texi: overhaul documentation to use
   gpgsm --gen-key and tweak explanations

--

The commit deprecating gpgsm-gencert.sh
(81972ca7d53ff1996e0086702a09d4405bdc2a7e) dates back exactly 6 years.

 https://codesearch.debian.net/results/gpgsm-gencert.sh

suggests that in all of debian it is only referenced in documentation
(for poldi and scute) and example files (libept), and isn't actually
used directly anywhere.

Furthermore, trying to use gpgsm-gencert.sh to make a simple webserver
certificate-signing request failed for me, following the examples in
doc/howto-create-a-server-cert.texi exactly.

It's time we ripped off this band-aid :)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-07-03 22:21:52 +02:00