* options.h, import.c (parse_import_options, import_one): Add
import-clean-uids option to automatically compact unusable uids when
importing. Like import-clean-sigs, this may nodify the local keyring.
* trustdb.c (clean_uids_from_key): Only allow selfsigs to be a
candidate for re-inclusion.
(agent_scd_writekey, inq_writekey_parms): New.
(agent_openpgp_storekey): Removed.
* cardglue.h: Add a few more error code mappings.
* keygen.c (copy_mpi): Removed.
(save_unprotected_key_to_card): Changed to use agent_scd_writekey.
* app-common.h, app-openpgp.c, tlv.c, tlv.h: Updated from newer
version in gnupg 1.9 CVS.
selfsig into both the pk and sk, so that someone importing their sk (which
will get an autoconvert to the pk) won't end up with two selfsigs.
(do_generate_keypair): Call it from here.
* parse-packet.c (can_handle_critical_notation): New. Check for
particular notation tags that we will accept when critical. Currently,
that's only preferred-email-encoding@pgp.com, since we know how to handle
it (pass it through to a mail program). (can_handle_critical): Call it
from here. (parse_one_sig_subpkt): Sanity check that notations are
well-formed in that the internal lengths add up to the size of the
subpacket.
(sign_file, clearsign_file, sign_symencrypt_file), g10.c (main), keyedit.c
(sign_uids): Use seconds rather than days internally to calculate
expiration. We no longer need the day-based code as we don't generate v3
keys.
(do_generate_keypair): Use it here rather than creating and deleting a
comment packet.
* keygen.c (gen_elg, gen_dsa): Do not put public factors in secret key as
a comment.
* options.h, encode.c (encode_simple, encode_crypt), keygen.c (do_create):
Remove disabled comment packet code.
--default-cert-expire options. Suggested by Florian Weimer.
* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.
* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
* mk-w32-dist: Check for patch files.
* w32installer.nsi: Translated a few more strings. Print a
warning if permssions are not suitable for the installation.
Add Uninstaller entries.
before the encryption key. This is a partial workaround for a PGP bug
(as of this writing, all versions including 8.1), that causes it to
try and encrypt to the most recent subkey regardless of whether that
subkey is actually an encryption type. In this case, the auth key is
an RSA key so it succeeds.
instead of 0x0000000000000000 for the invalid key ID since all-zeroes
is reserved for the anonymous recipient.
* keyedit.c (change_passphrase), keygen.c (generate_subkeypair): Fix a
string ;)
ask for the passphrase. Return an error if the primary key is a
plain stub.
* keyedit.c (change_passphrase): Don't ever change any stub key.
Print a note if a key consists of only stub keys. Reported by
Dany Nativel. These are bugs #401 and #402.
chosen selfsig so we don't accidentally promote an older selfsig to
chosen. Discovered by Simon Josefsson and 'Todd'.
* keygen.c (ask_expire_interval): Fix typo.
* passphrase.c: Don't check for __CYGWIN__, so it is treated as a
unix-like system.
* options.h, g10.c (main), textfilter.c (standard): Use new option
--rfc2440-text to determine whether to filter "<space>\t\r\n" or just
"\r\n" before canonicalizing text line endings. Default to
"<space>\t\r\n".
temporary user ID.
* keyedit.c (keyedit_menu): Merge updpref and setpref. Keep updpref as an
invisible alias. Add invisible alias for revphoto. Fix small memory leak
when using "setpref" (not all of the uid was freed). (menu_revkey):
Trigger a trust rebuild after revoking a key. Don't allow revoking an
already-revoked whole key. (menu_revsubkey): Don't allow revoking an
already-revoked subkey.
hardcoding key sizes. Bump default to 2048. Bump minimum down to 512,
where possible, but require --expert to get there. DSA is always 1024
unless --expert is given.
opt.s2k_digest_algo. This helps fix a problem with PGP 2.x encrypted
symmetric messages. Change all callers (encode.c, g10.c, keyedit.c,
keygen.c, passphrase.c, sign.c).
* armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent in some
more quoted strings. Always use 'user ID', not 'user id', "quotes" for
user IDs, etc.
error. However the backupfile has been created successfully.
* rsa.c (rsa_generate): Return the dummy list of factors only if
the caller asked for it.
* card_util.c (generate_card_keys): ask whether backup should be
created.
(card_store_subkey): Factored some code out to ..
* keygen.c (save_unprotected_key_to_card): .. new function.
(gen_card_key_with_backup): New.
(generate_raw_key): New.
(generate_keypair): New arg BACKUP_ENCRYPTION_DIR. Changed all
callers.
(do_generate_keypair): Divert to gen_card_key_with_backup when
desired.
* g10.c: Make -K an alias for --list-secret-keys.
* keylist.c (print_card_serialno): New. Taken from gnupg 1.9.11.
(list_keyblock_print): Make use of it.
* keyedit.c (show_key_with_all_names): Print the card S/N.
* keyedit.c (keyedit_menu): New command ADDCARDKEY.
* card-util.c (card_generate_subkey): New.
* keygen.c (generate_card_subkeypair): New.
(gen_card_key): New arg IS_PRIMARY; changed all callers.
* cardglue.c (open_card): Use shutdown code if possible.
(check_card_serialno): Ditto.
continuing confusion and make room for possible changes in devel.
* parse-packet.c (parse_plaintext): Show the hex value for the literal
packet mode since it may not be printable.
* keygen.c (make_backsig): Make sure that the backsig was built
successfully before we try and use it.
* status.h, status.c (get_status_string), plaintext.c (handle_plaintext):
New status tags PLAINTEXT and PLAINTEXT_LENGTH.
(list_one): Use const char* for i18n string helpers.
* keygen.c (do_generate_keypair, read_parameter_file): Really
close the files.
(do_generate_keypair): Create the secret key file using safe
permissions. Noted by Atom Smasher.
backsigs.
* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid. If DO_BACKSIGS is not defined, fake this as
always valid.
* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.
* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.
generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey. Do not overload the ret_sk. This is some early cleanup
to do backsigs for signing subkeys.
* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):
Keep track of the unprotected subkey secret key so we can make a backsig
with it.
* keygen.c (make_backsig): New function to add a backsig to a binding sig
of signing subkeys. Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.
* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).
* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.