1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

695 Commits

Author SHA1 Message Date
David Shaw
dccd0d991b * app-openpgp.c (get_cached_data): Avoid mallocing zero since it breaks us
when using --enable-m-guard.
2004-09-11 03:30:48 +00:00
David Shaw
0f48ec7bba * ccid-driver.c (read_device_info): Fix segfault when usb device is not
accessible. (ccid_open_reader): Allow working with an even older version
of libusb (usb_busses global instead of usb_get_busses()).
2004-09-11 02:29:36 +00:00
Werner Koch
06853bbc4d * README: Doc --disable-card-support and --without-readline.
* configure.ac: Check for readline.  Make enable-card-support the
default.  New option --without-readline.  Allow the use of either
the development or the stable libusb.

* cardglue.h: Add members for CA fingerprints.
* cardglue.c (agent_release_card_info): Invalid them.
(learn_status_cb): Store them.

* app-common.h, app-openpgp.c, iso7816.c, iso7816.h
* apdu.c, apdu.h, ccid-driver.c, ccid-driver.h
* card-util.c: Updated from current gnupg-1.9.

* ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New.
* ccid-driver.c (ccid_open_reader): Support the stable 0.1 version
of libusb.
(ccid_get_atr): Handle short messages.
* apdu.c (my_rapdu_get_status): Implemented.
* apdu.c: Include <signal.h>.
* apdu.c (reader_table_s):  Add function pointers for the backends.
(apdu_close_reader, apdu_get_status, apdu_activate)
(send_apdu): Make use of them.
(new_reader_slot): Intialize them to NULL.
(dump_ccid_reader_status, ct_dump_reader_status): New.
(dump_pcsc_reader_status): New.
(open_ct_reader, open_pcsc_reader, open_ccid_reader)
(open_osc_reader, open_rapdu_reader): Intialize function pointers.
(ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu)
(error_string): Removed.  Replaced by apdu_strerror.
(get_ccid_error_string): Removed.
(ct_activate_card): Remove the unused loop.
(reset_ct_reader): Implemented.
(ct_send_apdu): Activate the card if not yet done.
(pcsc_send_apdu): Ditto.
* ccid-driver.h: Add error codes.
* ccid-driver.c: Implement more or less proper error codes all
over the place.
* apdu.c (apdu_send_direct): New.
(get_ccid_error_string): Add some error code mappings.
(send_apdu): Pass error codes along for drivers already supporting
them.
(host_sw_string): New.
(get_ccid_error_string): Use above.
(send_apdu_ccid): Reset the reader if it has not yet been done.
(open_ccid_reader): Don't care if the ATR can't be read.
(apdu_activate_card): New.
(apdu_strerror): New.
(dump_reader_status): Only enable it with opt.VERBOSE.
* iso7816.c (map_sw): Add mappings for the new error codes.
* apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader)
(reset_ccid_reader, open_osc_reader): Call dump_reader_status only
in verbose mode.
* app-openpgp.c (do_getattr): Fix for sending CA-FPR.
* app-openpgp.c (app_openpgp_readkey): Fixed check for valid
exponent.
* app-openpgp.c (do_setattr): Sync FORCE_CHV1.
* card-util.c (change_login): Kludge to allow reading data from a
file.
(card_edit): Pass ARG_STRING to change_login.
(card_status): Print CA fingerprints.
(change_cafpr): New.
(card_edit): New command CAFPR.

* errors.h (G10ERR_NO_CARD, G10ERR_CANCELED): New error codes.

* errors.c (g10_errstr): New error codes G10ERR_NO_CARD,
G10ERR_CANCELED.
2004-09-09 18:18:36 +00:00
Werner Koch
bfc45cc8bc * configure.ac: Check for readline.
* signal.c (got_fatal_signal): Do readline cleanup.  Print signal
number if we can't print the name. Use new autoconf macro
HAVE_DECL_SYS_SIGLIST.
(get_signal_name): Removed.

* ttyio.c (tty_get): Add readline support.
2004-09-09 17:04:44 +00:00
Werner Koch
87e3264f77 * photoid.c: Include ttyio.h.
* parse-packet.c (skip_rest): Removed.  Changed all callers to use
the new iobuf_skip_reset.  Orginal patch by Florian Weimer.

* iobuf.c (iobuf_skip_rest): New.  Orginal patch by Florian
Weimer.  Added new argument PARTIAL.
2004-09-09 12:42:10 +00:00
Werner Koch
eda1b80760 (generate_photo_id): Use tty_printf and not just
printf.  Put _() around one string.
2004-09-07 16:49:10 +00:00
David Shaw
d4ca1e8cbc * keyserver.c (parse_keyrec): Force the 'e'xpired flag on as soon as we
know the key is definitely expired.  Some translatable string cleanup.
2004-09-03 22:06:36 +00:00
David Shaw
ea279f1bae * encode.c, exec.c, g10.c, sign.c: Some translatable string cleanup.
Change some "this" to `this'.
2004-08-27 17:32:31 +00:00
David Shaw
10eb272a73 * keyserver.c (keyserver_spawn): Show log line for what keyserver action
we are taking.

* keyid.c (keystr): If printing a keyid that lacks the high 4 bytes, print
the low 4 alone. (keystr_from_desc): Handle short keyids and warn on v3
fingerprints.
2004-08-23 19:20:17 +00:00
David Shaw
9d4327ba4d * keydb.h, getkey.c (get_user_id_printable): Rename to get_user_id_native
and remove the printable stuff since we're print-ifying valid utf8
characters.  Change all callers in import.c, sign.c, keylist.c, and
encode.c.
2004-08-23 17:55:49 +00:00
David Shaw
ba0ba64b85 * keyserver.c (keyserver_search_prompt): Make sure the search string is
converted from UTF-8 before display.
2004-08-23 14:39:48 +00:00
Werner Koch
bf256b9696 (encode_session_key): Changed the zero random byte
substituting code to actually do clever things.  Thanks to
Matthias Urlichs for noting the implementation problem.
2004-08-19 10:12:54 +00:00
Marcus Brinkmann
75ac082a76 2004-08-18 Marcus Brinkmann <marcus@g10code.de>
* passphrase.c (agent_get_passphrase):
2004-08-18 00:06:08 +00:00
David Shaw
5d98f7afe5 * plaintext.c (handle_plaintext): Bigger buffer for extra safety.
* g10.c (main): New alias --throw-keyid for --throw-keyids, so that it
continues to work in old configuration files.  Noted by Jens Adam.

* pkclist.c (algo_available): --pgp8 now allows blowfish, zlib, and bzip2.

* status.c (do_get_from_fd): Flush stdout if status isn't flushing it for
us.  This guarantees that any menus that were displayed before the prompt
don't get stuck in a buffer.  Noted by Peter Palfrader.  This is Debian
bug #254072.

* sign.c (update_keysig_packet): Revert change of 2004-05-18.  It is not
appropriate to strip policy and notations when remaking a sig.  That
should only happen when specifically requested by the user.
2004-08-08 13:28:04 +00:00
David Shaw
52a83025e9 * armor.c (radix64_read): No armor CRC is legal according to the spec (the
CRC is a MAY).
2004-08-05 20:18:44 +00:00
David Shaw
0d7aca863d * misc.c (argsplit): Properly split quoted args from the keyword and trim
whitespace afterwards.
2004-07-28 15:36:23 +00:00
David Shaw
a2e332cded * misc.c (optsep): Add the ability to understand keyword="quoted arg with
spaces" type options.
2004-07-28 04:12:50 +00:00
David Shaw
0aad41079e * keylist.c (list_keyblock_print): Always use the new listing format where
uids are always on a line for themselves.  Mark expired secret keys as
expired.

* options.h, g10.c (main): Rename list show-validity to show-uid-validity
as it only shows for uids.

* armor.c (armor_filter): Do not use padding to get us to 8 bytes of
header.  Rather, use 2+4 as two different chunks.  This avoids a fake
filename of "is".
2004-07-16 14:30:55 +00:00
David Shaw
673894ef48 * keyedit.c (sign_uids): Properly handle remaking a self-sig on revoked or
expired user IDs.  Also, once we've established that a given uid cannot or
will not be signed, don't continue to ask about each sig.

* mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check the S2K
hash algorithm before we try to generate a passphrase using it.  This
prevents hitting BUG() when generating a passphrase using a hash that we
don't have.

* sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign
--symmetric messages.
2004-07-15 21:16:54 +00:00
David Shaw
2cba999f22 * g10.c (main): Alias --charset as --display-charset to help avoid the
continuing confusion and make room for possible changes in devel.

* parse-packet.c (parse_plaintext): Show the hex value for the literal
packet mode since it may not be printable.

* keygen.c (make_backsig): Make sure that the backsig was built
successfully before we try and use it.

* status.h, status.c (get_status_string), plaintext.c (handle_plaintext):
New status tags PLAINTEXT and PLAINTEXT_LENGTH.
2004-07-15 21:00:35 +00:00
Werner Koch
e9c4c8ac74 (copy_secret_key): Get last fix right. 2004-06-16 13:24:01 +00:00
Werner Koch
6bbcda7477 s/1/i/ 2004-06-16 09:15:21 +00:00
Werner Koch
5c9cc2e867 * free-packet.c (copy_secret_key): Fixed memory leak when D is not
NULL.

* passphrase.c (passphrase_to_dek): Added a few comments to the
code.
2004-06-16 09:09:31 +00:00
David Shaw
c88d037b6b * keyserver.c (keyserver_refresh): Keep track of keys already fetched so
we don't do a regular keyserver fetch if the preferred keyserver fetch has
exhausted the list.
2004-05-26 15:01:48 +00:00
David Shaw
79bb56aa56 * verify.c (verify_signatures): Verify multiple files in the same order in
which we hashed them when issuing the signature.  Noted by Nicholas Cole.

* pkclist.c (do_edit_ownertrust): Fix a kbnode leak and do another
keyid-format conversion.
2004-05-23 16:24:15 +00:00
Werner Koch
3624da002f some late minor fixes. 2004-05-22 11:33:47 +00:00
David Shaw
bc3f1a148f * mainproc.c (check_sig_and_print): If we're honoring preferred
keyservers, and auto-key-retrieve is set, try and get a missing key from
the preferred keyserver subpacket when we verify the sig.

* gpgv.c (parse_preferred_keyserver, free_keyserver_spec): Stubs.

* keyserver.c (keyidlist): Use new parse_preferred_keyserver function.
(keyserver_work): Use the passed-in keyserver spec rather than the options
global one.

* keyserver-internal.h, keyserver.c (parse_preferred_keyserver): New
function to take a sig and return a split out keyserver_spec.
(keyserver_import_keyid): Now takes a keyserver_spec.
2004-05-22 03:50:20 +00:00
David Shaw
086e589898 * keyserver.c (keyidlist): Go back to the old fast keyid lister. Only
merge selfsigs if we have to for honor-keyserver-url. (keyserver_refresh):
Keyserver URL handler moved here. (calculate_keyid_fpr): Removed.

* keydb.h, keyid.c (keystr_from_desc): Calculate a key string from a
KEYDB_SEARCH_DESC.
2004-05-21 17:32:30 +00:00
David Shaw
228e1a55a4 * keyserver.c (keyserver_spawn): Fix keyserver options on tempfile only
platforms.  Noted by Roger Sondermann.
2004-05-21 12:29:53 +00:00
David Shaw
18e96cb281 * keyserver.c (keyserver_work): Allow --refresh-keys with a preferred
keyserver to happen even if there is no global keyserver set.

* sig-check.c (do_check_messages): No need to check for Elgamal signatures
any longer. (do_check_messages, do_check, check_key_signature2):
--keyid-format conversion.

* pkclist.c (show_paths, edit_ownertrust): Remove some unused code.
2004-05-20 20:42:01 +00:00
David Shaw
cc383b6432 * options.h (ctrl): New for member IN_AUTO_KEY_RETRIEVE.
* mainproc.c (check_sig_and_print): track whether we are retrieving a key.

* status.c (status_currently_allowed): New. (write_status_text,
write_status_text_and_buffer): Use it here.

* g10.c: New command --gpgconf-list. (gpgconf_list): New.  From Werner on
stable branch.
2004-05-20 18:04:33 +00:00
David Shaw
d201b2a92d * g10.c: New command --gpgconf-list. (gpgconf_list): New. From Werner on
stable branch.
2004-05-20 17:06:34 +00:00
David Shaw
3cef407e06 * pubkey-enc.c (get_session_key, get_it), keyedit.c
(show_key_with_all_names, show_basic_key_info): --keyid-format conversion.
2004-05-20 02:51:23 +00:00
David Shaw
ef13cef29c * sign.c (update_keysig_packet): Policies and notations should be stripped
out when remaking a self-signature.  Noted by Atom Smasher.

* keyserver.c (parse_keyserver_uri): Fix compiler warnings.
2004-05-19 03:11:22 +00:00
David Shaw
0aba5ff41b * options.h, keyserver-internal.h, keyserver.c (parse_keyserver_uri):
Improved URI parser that keeps track of the path information and doesn't
modify the input string. (keyserver_spawn): Tell keyserver plugins about
the path.
2004-05-11 19:36:44 +00:00
Werner Koch
536841ecae * keylist.c (show_policy_url, show_keyserver_url, show_notation)
(list_one): Use const char* for i18n string helpers.

* keygen.c (do_generate_keypair, read_parameter_file): Really
close the files.
(do_generate_keypair): Create the secret key file using safe
permissions.  Noted by Atom Smasher.
2004-05-11 07:43:19 +00:00
David Shaw
69df506b84 * options.h, mainproc.c (symkey_decrypt_seskey), keyserver.c (struct
keyrec, parse_keyrec, keyserver_search_prompt), keyedit.c (keyedit_menu),
g10.c (add_keyserver_url, add_policy_url): Fix some compiler warnings.
2004-05-10 21:46:00 +00:00
David Shaw
614304a543 * keyedit.c (keyedit_menu, menu_set_keyserver_url): Allow passing
preferred keyserver on "keyserver" command line.  Sanity check keyserver
URL before accepting it.

* keyserver-internal.h, g10.c (main), keyserver.c (parse_keyserver_uri):
Add an option to require the scheme:// and change all callers.
(free_keyserver_spec): Make public.
2004-05-08 13:51:14 +00:00
Werner Koch
135946bb02 (write_plaintext_packet): Fixed the detection of too
large files in the same way as in encode.c.
2004-05-07 09:31:29 +00:00
David Shaw
f106448a7d * keylist.c (show_notation): Use bits to select which sort of notation to
show.  Don't allow a not-shown notation to prevent us from issuing the
proper --status-fd message.

* options.h, g10.c (main): Add show-std/standard-notations and
show-user-notations.  show-notations is both.  Default is to show standard
notations only during verify.  Change all callers.
2004-05-05 02:40:27 +00:00
David Shaw
0842905be3 * main.h, keylist.c (show_notation): Add argument to show only user
notations, only standard notations, or both.  Change all callers.

* keyserver.c (keyserver_spawn): We still need EXEC_TEMPFILE_ONLY.
2004-04-29 03:42:54 +00:00
Werner Koch
75f14e8571 * card-util.c (card_edit): Require PIN only for generate.
* app-openpgp.c (do_setattr): Sync FORCE_CHV1.
2004-04-28 11:55:46 +00:00
Werner Koch
2900ffbff7 (keyserver_spawn) [EXEC_TEMPFILE_ONLY]: Removed
setting use_temp_file because this option has been removed.
2004-04-27 10:20:38 +00:00
Werner Koch
577d9c2342 A bunch of changes for the openpgp card. 2004-04-27 08:23:45 +00:00
David Shaw
0c67c75cbe * getkey.c (get_seckey_byname2): Significantly simplify this function by
using key_byname to do the heavy lifting.  Note that this also fixes an
old problem when the first key on the secret keyring has an unusable stub
primary, but is still chosen.
2004-04-26 01:20:03 +00:00
David Shaw
7d74743c0e * getkey.c (key_byname): If namelist is NULL, return the first key in the
keyring.
2004-04-26 00:36:01 +00:00
David Shaw
732f049817 * keygen.c (make_backsig): If DO_BACKSIGS is not defined, do not create
backsigs.

* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid.  If DO_BACKSIGS is not defined, fake this as
always valid.

* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.

* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.
2004-04-23 03:25:58 +00:00
David Shaw
2bdb01e2e7 * parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
can_handle_critical): Parse and display 0x19 signatures.
2004-04-22 00:54:30 +00:00
David Shaw
36e6975ac9 * keyserver.c (parse_keyserver_uri): Do not accept "http" as an alias for
"hkp".  They are not the same thing.
2004-04-20 20:17:38 +00:00
David Shaw
3ec6fecade * options.h, g10.c (main): Add keyserver-option honor-keyserver-url.
parse_keyserver_options now returns a success code.

* keyserver.c (parse_keyserver_options): Return error on failure to parse.
Currently there is no way to fail as any unrecognized options get saved to
be sent to the keyserver plugins later. Check length of keyserver option
tokens since with =arguments we must only match the prefix.
(free_keyserver_spec): Moved code from parse_keyserver_url.
(keyserver_work, keyserver_spawn): Pass in a struct keyserver_spec rather
than using the global keyserver option. (calculate_keyid_fpr): New.
Fills in a KEYDB_SEARCH_DESC for a key. (keyidlist): New implementation
using get_pubkey_bynames rather than searching the keydb directly.  If
honor-keyserver-url is set, make up a keyserver_spec and try and fetch
that key directly.  Do not include it in the returned keyidlist in that
case.
2004-04-19 16:02:11 +00:00
David Shaw
d49a7e1a7a * plaintext.c (handle_plaintext): Accept 'u' as a plaintext mode that
requires end of line conversion.  This is being considered for a UTF8 text
packet.  If this doesn't take place, no major harm done.  If it does take
place, we'll get a jump on starting the changeover.

* g10.c (main): --no-use-embedded-filename.

* build-packet.c (calc_plaintext, do_plaintext): Do not create illegal
(packet header indicates a size larger than the actual packet) encrypted
data packets when not compressing and using a filename longer than 255
characters.

* keyedit.c (no_primary_warning): Cleanup. (menu_expire): Don't give
primary warning for subkey expiration changes.  These cannot reorder
primaries.
2004-04-16 16:31:19 +00:00
David Shaw
4420275b83 * keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, do_generate_keypair,
generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey.  Do not overload the ret_sk.  This is some early cleanup
to do backsigs for signing subkeys.

* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):
Keep track of the unprotected subkey secret key so we can make a backsig
with it.

* keygen.c (make_backsig): New function to add a backsig to a binding sig
of signing subkeys.  Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.

* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).

* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.
2004-04-16 16:07:07 +00:00
David Shaw
0a17966a21 * main.h, misc.c (optsep, argsplit, optlen, parse_options): Simplify code
and properly handle a partial match against an option with an argument.

* keyserver-internal.h, keyserver.c (parse_keyserver_options): Use new
optsep and argsplit functions.
2004-04-16 15:19:35 +00:00
David Shaw
2936e539cc * main.h, misc.c (argsplit): Refactor argsep into argsplit and argsep so
they can be called separately.
2004-04-16 02:57:20 +00:00
David Shaw
d20a79dd07 * options.h, keyserver.c (parse_keyserver_options): Remove duplicate code
from parse_keyserver_options by calling the generic parse_options.

* keyserver.c (keyserver_spawn, keyserver_refresh), g10.c (main), gpgv.c
(main), mainproc.c (check_sig_and_print), import.c (revocation_present):
Change all callers.
2004-04-15 18:16:17 +00:00
David Shaw
8c4607568d * packet.h, getkey.c (fixup_uidnode, merge_selfsigs_subkey): Keep track of
which self-sig we actually chose.

* keyedit.c (menu_expire, menu_set_primary_uid, menu_set_preferences): Use
it here to avoid updating non-used self-sigs and possibly promoting an old
self-sig into consideration again.
2004-04-15 00:30:05 +00:00
David Shaw
a9b00b06d1 * options.h, import.c, keyserver-internal.h, g10.c, mainproc.c,
keyserver.c (parse_keyserver_uri): Parse keyserver URI into a structure.
Cleanup for new "guess my keyserver" functionality, as well as refreshing
via a preferred keyserver subpacket.
2004-04-14 21:33:45 +00:00
David Shaw
2286674b9e * options.h: Encapsulate keyserver details. Change all callers. 2004-04-14 17:56:23 +00:00
David Shaw
cabb6cd30e * keyedit.c (keyedit_menu): Request a trustdb update when adding a new
user ID so the new ID gets validity set.  Reported by Owen Taylor.
2004-03-28 05:33:00 +00:00
David Shaw
80c8b0c3a4 * options.h, g10.c (main), compress-bz2.c (init_uncompress): Rename
--bzip2-compress-lowmem to --bzip2-decompress-lowmem since it applies to
decompression, not compression.
2004-03-25 22:43:51 +00:00
David Shaw
618779fec2 * keyedit.c (sign_uids, show_key_and_fingerprint, ask_revoke_sig,
menu_revsig, menu_showphoto): --keyid-format conversion.
(menu_addrevoker): Use print_pubkey_info() rather than duplicating code.
2004-03-24 17:34:57 +00:00
David Shaw
36a5e54e54 * trustdb.c (update_min_ownertrust, validate_keys): Do not use keystr
functions in log_debug.

* import.c (import_one): Try and collapse user IDs when importing a key
for the first time.

* keyedit.c (menu_addrevoker): Allow appointing a subkey as a designated
revoker if the user forces it via keyid!, so long as the subkey can
certify.  Also use the proper date string when prompting for confirmation.

* g10.c (main): Maintain ordering of multiple Comment lines. Requested by
Peter Hyman.
2004-03-19 23:15:27 +00:00
David Shaw
ba3f9044d3 * mainproc.c (proc_pubkey_enc, print_pkenc_list, list_node):
--keyid-format conversion.
2004-03-18 02:56:41 +00:00
David Shaw
f0e0c301b2 * getkey.c (skip_unusable, merge_selfsigs_main,
premerge_public_with_secret, lookup, get_user_id_string): --keyid-format
conversion.
2004-03-16 22:47:45 +00:00
David Shaw
f16d78e14d * trustdb.c (add_utk, verify_own_keys, update_min_ownertrust,
get_validity, ask_ownertrust, validate_keys): --keyid-format conversion.
2004-03-15 23:15:57 +00:00
David Shaw
309273f869 * import.c (check_prefs_warning, check_prefs): --keyid-format conversion
and a little better text. (import_one, import_secret_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, merge_blocks): Still
more --keyid-format conversions.
2004-03-15 20:00:42 +00:00
David Shaw
a5208f2e1d * keylist.c (print_seckey_info, print_pubkey_info): --keyid-format
conversion. (list_keyblock_print): 0xshort should not push us into the new
list format since it is not much longer than regular 8-character short
keyids.
2004-03-06 20:45:44 +00:00
David Shaw
b8cd31217e * keydb.h, keyid.c (keystr_from_pk, keystr_from_sk): New functions to pull
a key string from a key in one step.  This isn't faster than before, but
makes for neater code.

* keylist.c (list_keyblock_print): Use keystr_from_xx here.
(print_key_data): No need to pass a keyid in.
2004-03-06 17:12:44 +00:00
David Shaw
efec599797 * keyid.c (keyid_from_sk): Minor performance boost by caching secret key
keyids so we don't have to calculate them each time.
2004-03-06 04:08:06 +00:00
David Shaw
ea73c94bc6 * getkey.c (merge_selfsigs_subkey): Do not mark subkeys valid if we do not
support their pk algorithm.  This allows for early (during get_*)
rejection of a subkey, and selection of another.

* passphrase.c (passphrase_to_dek): Give a little more information when we
have room to do so.
2004-03-05 13:34:56 +00:00
David Shaw
1e01514529 * revoke.c (export_minimal_pk), export.c (do_export_stream), passphrase.c
(passphrase_to_dek), keyserver.c (print_keyrec): A few more places to use
--keyid-format.

* options.h, g10.c (main), export.c (parse_export_options,
do_export_stream): Remove --export-all and the "include-non-rfc"
export-option as they are no longer meaningful with the removal of v3
Elgamal keys.
2004-03-05 00:01:25 +00:00
David Shaw
64e3f5a313 * armor.c (fake_packet, armor_filter): Use the 2440 partial length
encoding for the faked plaintext packet.
2004-03-04 20:40:12 +00:00
David Shaw
c562c9e837 * options.h, g10.c (main), mainproc.c (check_sig_and_print): Remove
verify-option show-long-keyids and replace with the more general
keyid-format.
2004-03-03 20:54:03 +00:00
David Shaw
56a6945261 * build-packet.c (write_header2): Remove call to start old gpg partial
length mode and change all callers. (do_plaintext): Turn off partial
length encoding now that we're done writing the packet. (do_comment,
do_user_id): Try for a headerlen of 2 since that's the smallest and most
likely encoding for these packets.

* parse-packet.c (parse): Remove call to start old gpg partial length
mode.
2004-03-03 16:38:34 +00:00
David Shaw
2d7fe1d3a1 * options.h, g10.c (main): Add a more flexible --keyid-format option to
replace the list-option (and eventually verify-option) show-long-keyids.
The format can be short, long, 0xshort, and 0xlong.

* keydb.h, keyid.c (keystr, keystrlen): New functions to generate a
printable keyid.

* keyedit.c (print_and_check_one_sig, show_key_with_all_names), keylist.c
(list_keyblock_print): Use new keystr() function here to print keyids.
2004-03-03 05:47:51 +00:00
David Shaw
c57262fd57 * packet.h, free-packet.c (free_encrypted, free_plaintext), parse-packet.c
(copy_packet, skip_packet, skip_rest, read_rest, parse_plaintext,
parse_encrypted, parse_gpg_control): Use a flag to indicate partial or
indeterminate encoding.  This is the first step in some minor surgery to
remove the old gpg partial length encoding.
2004-03-03 00:09:16 +00:00
David Shaw
9eb128ef9b * parse-packet.c (parse): Only data-type packets are allowed to use
OpenPGP partial length encoding.
2004-03-01 23:10:35 +00:00
David Shaw
f2148f03c5 * delkey.c (do_delete_key): Allow deleting a public key with a secret
present if --expert is set.

* plaintext.c (handle_plaintext): Make bytecount static so it works with
multiple literal packets inside a message.

* encode.c, helptext.c (keygen.algo, keygen.algo.elg_se), keygen.c
(ask_algo), sig-check.c (do_check_messages), skclist.c (build_sk_list):
Rename "ElGamal" to "Elgamal" as that is the proper spelling nowadays.
Suggested by Jon Callas.
2004-02-26 02:03:27 +00:00
David Shaw
a84fe549da * plaintext.c: Copyright.
* encode.c (encode_simple): Show cipher with --verbose.

* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level.  If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.

* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
2004-02-24 23:37:18 +00:00
David Shaw
643665c963 * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
--min-cert-check-level option to specify minimum cert check level.
Defaults to 2 (so 0x11 sigs are ignored).  0x10 sigs cannot be ignored.
2004-02-23 04:00:51 +00:00
David Shaw
d8590475fe * plaintext.c (handle_plaintext): Properly handle a --max-output of zero
(do not limit output at all).
2004-02-22 04:16:31 +00:00
David Shaw
3ddd4410ae * keyserver.c (keyserver_spawn): Use the full 64-bit keyid in the INFO
header lines, and include "sig:" records for the benefit of people who
store their keys in LDAP servers.  It makes it easy to do queries for
things like "all keys signed by Isabella".
2004-02-22 00:36:34 +00:00
David Shaw
93b5a811ef * main.h, misc.c (hextobyte): Removed. It's in libutil.a now. 2004-02-21 22:11:23 +00:00
David Shaw
34ccced8dc * keyserver.c (keyserver_export): Disallow user strings that aren't key
IDs. (keyserver_import): Clarify error message. (keyserver_spawn):
Properly handle 8 bit characters in user IDs in the info lines during
SEND.
2004-02-20 20:18:49 +00:00
David Shaw
e867829de7 * mkdtemp.c: Removed.
* Makefile.am: We get mkdtemp.c from libutil.a now, so don't link with
@LIBOBJS@.

* keyserver.c (keyserver_spawn): Pass the scheme to the keyserver helper.
2004-02-20 15:04:56 +00:00
David Shaw
6c13b96a1d * options.h, g10.c (main), plaintext.c (handle_plaintext): Add
--max-output option to help people deal with decompression bombs.
2004-02-18 23:09:27 +00:00
David Shaw
2ecb28c51b * build-packet.c (do_user_id): Do not force a header for attribute packets
as they require a new CTB, and we don't support forced headers for new
CTBs yet.
2004-02-15 15:54:02 +00:00
David Shaw
95d05215c3 * build-packet.c (write_header2): If a suggested header length is provided
along with a zero length, interpret this as an actual zero length packet
and not as an indeterminate length packet. (do_comment, do_user_id): Use
it here as these packets might be naturally zero length.

* parse-packet.c (parse): Show packet type when failing due to an
indeterminate length packet.

* misc.c (parse_options): Only provide args for the true (i.e. not
"no-xxx") form of options.
2004-02-15 00:04:32 +00:00
David Shaw
c9aa5000d7 * keyserver.c (argsep): Move to misc.c.
* main.h, misc.c (parse_options), export.c (parse_export_options),
import.c (parse_import_options), g10.c (main): Use it here to allow for
options with optional arguments.  Change all callers.
2004-02-14 05:03:45 +00:00
David Shaw
f407bb6a97 * import.c (check_prefs): Some language fixes. (sec_to_pub_keyblock,
import_secret_one): Without knowing the number of MPIs there are, we
cannot try and sk-to-pk-ize a key.
2004-02-14 01:54:12 +00:00
David Shaw
cefe95dc77 * import.c (check_prefs): New function to check preferences on a public
key to ensure that it does not advertise any that we cannot fulfill.  Use
the keyedit command list function to optionally rewrite the prefs.
(import_one, import_secret_one): Use it here when importing a public key
that we have the secret half of, or when importing a secret key that we
have the public half of.
2004-02-12 19:18:27 +00:00
David Shaw
76f579b233 * main.h, keyedit.c (keyedit_menu): Remove sign_mode and enhance the more
general command list functionality to replace it.

* g10.c (main): Use the general command functionality to implement
--sign-key, --lsign-key, --nrsign-key, and --nrlsign-key.
2004-02-12 18:32:09 +00:00
David Shaw
8765757006 * import.c (import_one): Do the revocation check even in the case when a
key, a revocation key set in a direct key signature, and a revocation from
that revocation key, all arrive piecemeal. Needless to say, this is pretty
obscure.
2004-02-12 16:31:07 +00:00
David Shaw
aa5f1940ff * options.h, g10.c (main), keylist.c (list_keyblock_print): Add
"show-unusable-subkeys" list-option to show revoked and/or expired
subkeys.
2004-02-11 13:46:23 +00:00
David Shaw
7198879ca8 * keyedit.c (keyedit_menu): Prompt for subkey removal for both secret and
public subkeys.

* keylist.c (list_keyblock_print), keyedit.c (show_key_with_all_names):
Show the revocation date of a key/subkey, and general formatting work.

* packet.h, getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
merge_selfsigs): Keep track of the revocation date of a key.

* keydb.h, keyid.c (revokestr_from_pk): New function to print the
revocation date of a key.
2004-02-11 04:32:52 +00:00
David Shaw
9842d84da0 * keygen.c (keygen_set_std_prefs): Build the default preferences list at
runtime as it properly handles algorithms disabled at build or run time.

* getkey.c (merge_selfsigs_main): Properly handle expired user IDs when
the expired self-sig is not the only self-sig.

* misc.c (compress_algo_to_string): Return NULL on failure like all of the
other xxxx_algo_to_string() functions.

* mainproc.c (list_node): Minor spacing tweak to match --list-keys output.

* keylist.c (list_keyblock_print), mainproc.c (list_node): Mark revoked
subkeys as revoked.  Requested by Matthew Wilcox.  Revoked overrides
expiration when both apply.

* keyedit.c (show_prefs): Use compress algo constants.
(show_basic_key_info): Make revoked and expired tags translatable.

* g10.c (rm_group): Properly ungroup from a list of groups.
2004-02-10 22:42:34 +00:00
David Shaw
0030198cad * g10.c (main, rm_group): Add --ungroup command to remove a particular
group. (add_group): When adding a group with the same name as an already
existing group, merge the two groups. (list_config): Show an error message
when listing a config item that doesn't exist. (main): Replace -z0 trick
for no compression.

* packet.h, keyedit.c (show_key_with_all_names_colon), keylist.c
(list_keyblock_colon), mainproc.c (list_node, proc_tree): Minor cleanup to
remove local_id, which is no longer used.
2004-01-30 16:49:28 +00:00
David Shaw
654ba16db5 * getkey.c: Set MAX_PK_CACHE_ENTRIES and MAX_UID_CACHE_ENTRIES to
PK_UID_CACHE_SIZE (set in ./configure).

* getkey.c (get_pubkey): When reading key data into the cache, properly
handle keys that are partially (pk, no UIDs) cached already.  This is
Debian bug #176425 and #229549.

* compress.c (init_compress, push_compress_filter2): Do the right thing
(i.e. nothing) with compress algo 0.

* main.h, decrypt.c (decrypt_messages): Accept filenames to decrypt on
stdin.  This is bug #253.
2004-01-28 01:04:30 +00:00
David Shaw
385a19bd7b * mainproc.c (list_node): Show sigs with --verbose.
* options.h, g10.c (set_screen_dimensions): New function to look at
COLUMNS and LINES.

* keyserver.c (parse_keyrec, keyserver_search_prompt), keyedit.c
(print_and_check_one_sig): Use new screen dimension variables.
2004-01-24 00:47:45 +00:00
David Shaw
f7447eabea * g10.c (list_config): New function to dump config options to stdout.
Currently requires --with-colons. (collapse_args): New function to turn
argc/argv into a single string. (main): Use it here to pass list_config()
more than one argument as a single string. (print_algo_numbers): Helper to
print algorithm number for --list-config "pubkey", "cipher",
"hash"/"digest", and "compress" config options.
2004-01-22 03:47:05 +00:00