1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

163 Commits

Author SHA1 Message Date
Werner Koch
23ad4bd73b Fix for bug#1034. 2009-05-06 09:31:15 +00:00
Werner Koch
e850b7fc22 Ignore gpg2 introduced keywords for --auto-key-locate.
Minor W32 installer fix.
2008-04-30 11:46:35 +00:00
David Shaw
9fbb6f402c * getkey.c (merge_selfsigs_subkey): If there are multiple 0x19
backsigs, take the most recent one.
2008-04-13 01:56:01 +00:00
Werner Koch
81685cc799 Updated ZH po file.
Allow de/encryption using legacy type 20 keys.
Updated config.{sub,guess}
2007-12-12 18:26:25 +00:00
Werner Koch
9a2a818887 Switched to GPLv3.
Updated gettext.
2007-10-23 10:48:09 +00:00
David Shaw
57591eb76f * keyedit.c (keyedit_menu): If we modify the keyblock (via
fix_keyblock() or collapse_uids()) make sure we reprocess the keyblock
so the flags are correct.  Noted by Robin H. Johnson.

* getkey.c (fixup_uidnode): Properly clear flags that don't apply to
us (revoked, expired) so that we can reprocess a uid.
2007-03-06 06:39:38 +00:00
David Shaw
6b086c1fe3 * parse-packet.c (parse_signature): It's hex.
* getkey.c (merge_selfsigs_subkey): Avoid listing the contents of a
backsig when list mode is on.  Noted by Timo Schulz.
2007-02-14 03:41:24 +00:00
David Shaw
197c7a3e47 * parse-packet.c (dump_sig_subpkt, parse_signature), build-packet.c
(build_sig_subpkt_from_sig), getkey.c (fixup_uidnode,
merge_selfsigs_main, merge_selfsigs_subkey), keygen.c
(keygen_add_key_expire): Fix meaning of key expiration and sig
expiration subpackets - zero means "never expire" according to 2440,
not "expire instantly".
2006-05-23 03:58:53 +00:00
David Shaw
7596ae1f6a * getkey.c (get_pubkey_byname), import.c (import_one): Fix key selection
problem when auto-key-locate returns a list of keys, not all of which are
usable (revoked, expired, etc).  Noted by Simon Josefsson.
2006-05-22 16:53:09 +00:00
David Shaw
51e88a5fdb * getkey.c (parse_auto_key_locate): Fix dupe-removal code.
* keyedit.c (menu_backsign): Allow backsigning even if the secret
subkey doesn't have a binding signature.

* armor.c (radix64_read): Don't report EOF when reading only a pad (=)
character.  The EOF actually starts after the pad.

* gpg.c (main): Make --export, --send-keys, --recv-keys,
--refresh-keys, and --fetch-keys follow their arguments from left to
right.  Suggested by Peter Palfrader.
2006-04-09 03:34:09 +00:00
Werner Koch
e5a03c84f7 See ChangeLog 2006-04-08 00:36:51 +00:00
David Shaw
4afa4eb10e * getkey.c (get_pubkey_byname): Fix missing auto_key_retrieve unlock.
Fix strings to not start with a capital letter as per convention.
2006-04-01 02:47:53 +00:00
David Shaw
97b0606a95 * getkey.c (parse_auto_key_locate): Silently strip out duplicates rather
than causing an error.
2006-03-22 23:05:32 +00:00
David Shaw
3cfc77097d * keyserver.c (keyserver_import_cert): Handle the IPGP CERT type for
both the fingerprint alone, and fingerprint+URL cases.

* getkey.c (get_pubkey_byname): Minor cleanup.
2006-03-17 05:20:13 +00:00
David Shaw
9f524c4a04 * keyserver-internal.h, keyserver.c (keyserver_import_pka): Use the
same API as the other auto-key-locate fetchers.

* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched.  This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it.  In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker.  By forcing the use of
the fingerprint, we won't use the attacker's key here.
2006-03-14 03:16:21 +00:00
David Shaw
b478ce7a79 * keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keyserver_import_cert, keyserver_import_name, keyserver_import_ldap):
Pass fingerprint info through.
2006-03-14 02:42:02 +00:00
David Shaw
78904c691c * getkey.c (parse_auto_key_locate): Error if the user selects "cert" or
"pka" when those features are disabled.

* misc.c (has_invalid_email_chars): Fix some C syntax that broke the
compilers on SGI IRIX MIPS and Compaq/DEC OSF/1 Alpha.  Noted by Nelson H.
F. Beebe.
2006-03-01 18:16:55 +00:00
David Shaw
f4f5ea43e7 * keydb.h, getkey.c (release_akl), gpg.c (main): Add
--no-auto-key-locate.

* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.

* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New.  Find a keyserver that matches ours and
return its spec.

* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
2006-02-24 14:27:22 +00:00
David Shaw
1ae024ef81 * options.h, keyserver-internal.h, keyserver.c (keyserver_import_name),
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
2006-02-22 23:37:23 +00:00
David Shaw
7eab1846ca * options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate):
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
2006-02-22 19:06:23 +00:00
David Shaw
d038b36c8f * getkey.c (get_pubkey_byname): Fix minor security problem with PKA when
importing at -r time.  The URL in the PKA record may point to a key put in
by an attacker.  Fix is to use the fingerprint from the PKA record as the
recipient.  This ensures that the PKA record is followed.

* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
2006-02-21 22:23:35 +00:00
David Shaw
846eefaa71 * keyserver.c (keyserver_import_pka): New. Moved from
getkey.c:get_pubkey_byname which was getting crowded.

* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records.  Can handle both the PGP (actual key) and IPGP (URL) CERT types.

* getkey.c (get_pubkey_byname): Call them both here.

* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
2005-12-23 22:17:11 +00:00
David Shaw
8b9c16ed0a * gpgv.c: Stub.
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keygerver_getname): New keyserver_getname function to fetch keys by name.

* getkey.c (get_pubkey_byname): Call it here to enable locating keys by
full mailbox from a keyserver a la PKA.  Try PKA first, though, as it is
likely to be faster.
2005-12-23 21:33:32 +00:00
Werner Koch
f1482aab4e Finished PKA feature 2005-12-20 20:19:16 +00:00
David Shaw
64fa7ea37e * getkey.c (merge_selfsigs_main): All primary keys can certify. 2005-12-19 22:10:20 +00:00
David Shaw
ce1ce8910e * packet.h: Move some flags to a bitfield. Change all callers. 2005-11-10 22:50:46 +00:00
David Shaw
b3ea683ac9 * keyedit.c (menu_addrevoker), getkey.c (finish_lookup): Fix problem with
adding a cert-only designated revoker.  Code was looking for a key with
sign ability, and not cert ability.  Noted by Timo Schulz.
2005-10-27 16:23:59 +00:00
David Shaw
6c4e740a59 * keyedit.c (keyedit_menu, menu_backsign): New "backsign" command to
add 0x19 backsigs to old keys that don't have them.

* misc.c (parse_options): Fix build warning.

* main.h, keygen.c (make_backsig): Make public.
2005-10-14 04:07:13 +00:00
David Shaw
094a7ab401 * options.h, getkey.c (merge_selfsigs_subkey), gpg.c (main), sig-check.c
(signature_check2): Add --require-backsigs and --no-require-backsigs.  
Currently defaults to --no-require-backsigs.
2005-10-12 20:44:24 +00:00
David Shaw
47433adaa5 * getkey.c (merge_selfsigs_subkey), sig-check.c (signature_check2),
keygen.c (make_backsig): Did some backsig interop testing with the PGP
folks.  All is well, so I'm turning generation of backsigs on for new
keys.  Checking for backsigs on verification is still off.
2005-10-11 22:13:49 +00:00
David Shaw
f74282bee0 * misc.c (openpgp_pk_algo_usage): Default to allowing CERT for signing
algorithms.

* keyedit.c (sign_uids): Don't request a signing key to make a
certification.

* keygen.c (do_add_key_flags): Force the certify flag on for all
primary keys, as the spec requires primary keys must be able to
certify (if nothing else, which key is going to issue the user ID
signature?)  (print_key_flags): Show certify flag.  (ask_key_flags,
ask_algo): Don't allow setting the C flag for subkeys.
	
* keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): Distinguish
between a sign/certify key and a certify-only key.
2005-08-27 03:09:40 +00:00
David Shaw
bd146d5fcc * options.skel: Remove the surfnet LDAP keyserver from the list of
samples since it is being shut down.

* getkey.c (classify_user_id): Disable the '.' and '+' search modes
since they aren't supported yet.
2005-08-19 13:37:47 +00:00
Werner Koch
2ce542ad52 auto retrieve keys from PKA. Thsi allows to specify an email address
so that gpg can get the key from DNS.  This helps with opportunistic
encryption.  No integration with the trust modell yet.
2005-08-05 14:46:59 +00:00
Werner Koch
a1cdf3c75f Converted all m_free to xfree etc. 2005-07-27 18:10:56 +00:00
David Shaw
6e9b751b79 * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Make sure
that even after keys may be merged together, we only have one chosen
selfsig.
2005-06-12 20:42:04 +00:00
David Shaw
1b07e3723e * getkey.c (fixup_uidnode, merge_selfsigs_main): Handle both expired
and revoked uids in fixup_uidnode().  No need to special case in
merge_selfsigs_main().  This also means that an expired uid will have
its selfsig tagged with chosen_selfsig.
2005-06-08 13:12:57 +00:00
Werner Koch
7d4043ca57 Updated FSF street address and preparations for a release candidate. 2005-05-31 08:39:18 +00:00
David Shaw
5f7720e693 * getkey.c (get_seckey_byname2): If no explicit default key is set, don't
pick a disabled default.  Noted by David Crick.
2005-03-17 23:52:38 +00:00
David Shaw
01f0036d23 * getkey.c (merge_selfsigs_subkey): Merged away definition from the
backsigs code.
2005-02-05 00:00:35 +00:00
Werner Koch
b2b2786be1 * gpgv.c (tty_fprintf): New stub.
* card-util.c (card_status): Create asecret key stub on the fly
and print more information about a card key.
* import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New.
* getkey.c (get_seckeyblock_byfprint): New.
* keylist.c (print_card_key_info): New.
2005-01-20 17:21:40 +00:00
David Shaw
b37facc593 * packet.h, getkey.c (merge_selfsigs_main, sig_to_revoke_info), keyid.c
(revokestr_from_pk), keyedit.c (show_key_with_all_names): Show who revoked
a key (either the same key or a designated revoker) and when.
2004-12-30 03:26:57 +00:00
David Shaw
07250279e7 * keyedit.c (keyedit_menu): Invisible alias "passwd" as "password".
* passphrase.c: Don't check for __CYGWIN__, so it is treated as a
unix-like system.

* options.h, g10.c (main), textfilter.c (standard): Use new option
--rfc2440-text to determine whether to filter "<space>\t\r\n" or just
"\r\n" before canonicalizing text line endings.  Default to
"<space>\t\r\n".
2004-12-20 05:19:09 +00:00
David Shaw
5dcc3dc353 * getkey.c (parse_key_usage): New function to parse out key usage flags.
Set PUBKEY_USAGE_UNKNOWN to handle flags that we don't understand.
(fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey): Call it from
here to remove duplicate code.
2004-11-29 21:21:52 +00:00
David Shaw
4d26ab92cc * main.h: Create S2K_DIGEST_ALGO macro so we do not need to always set
opt.s2k_digest_algo.  This helps fix a problem with PGP 2.x encrypted
symmetric messages.  Change all callers (encode.c, g10.c, keyedit.c,
keygen.c, passphrase.c, sign.c).

* armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent in some
more quoted strings.  Always use 'user ID', not 'user id', "quotes" for
user IDs, etc.
2004-09-24 20:34:38 +00:00
David Shaw
1d8e25695f * getkey.c (premerge_public_with_secret): Fix subkey<->binding sig
mismatch when some secret subkeys are missing.  Discovered by Michael
Roth.
2004-09-14 02:00:39 +00:00
David Shaw
9d4327ba4d * keydb.h, getkey.c (get_user_id_printable): Rename to get_user_id_native
and remove the printable stuff since we're print-ifying valid utf8
characters.  Change all callers in import.c, sign.c, keylist.c, and
encode.c.
2004-08-23 17:55:49 +00:00
David Shaw
0c67c75cbe * getkey.c (get_seckey_byname2): Significantly simplify this function by
using key_byname to do the heavy lifting.  Note that this also fixes an
old problem when the first key on the secret keyring has an unusable stub
primary, but is still chosen.
2004-04-26 01:20:03 +00:00
David Shaw
7d74743c0e * getkey.c (key_byname): If namelist is NULL, return the first key in the
keyring.
2004-04-26 00:36:01 +00:00
David Shaw
732f049817 * keygen.c (make_backsig): If DO_BACKSIGS is not defined, do not create
backsigs.

* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid.  If DO_BACKSIGS is not defined, fake this as
always valid.

* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.

* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.
2004-04-23 03:25:58 +00:00
David Shaw
8c4607568d * packet.h, getkey.c (fixup_uidnode, merge_selfsigs_subkey): Keep track of
which self-sig we actually chose.

* keyedit.c (menu_expire, menu_set_primary_uid, menu_set_preferences): Use
it here to avoid updating non-used self-sigs and possibly promoting an old
self-sig into consideration again.
2004-04-15 00:30:05 +00:00