after the first user ID.
* keyedit.c (show_key_with_all_names): Don't show validity if we're just
printing user IDs for signing.
* armor.c (fake_packet): Properly handle the case where the line is
dash-space (i.e. a blank line that was quoted). Give a warning for bad
dash escaping.
trust since the meaning is different.
* keyedit.c (trustsig_prompt): Change the strings to match the ones in
pkclist.c:do_edit_ownertrust to make translation easier.
* trustdb.c (trust_model_string, get_validity): Add direct trust model
which applies to the key as a whole and not per-uid.
* options.h, g10.c (parse_trust_model): New. (main): Call it from here to
do string-to-trust-model.
http.
* openfile.c (overwrite_filep, make_outfile_name, open_outfile)
(open_sigfile): Use iobuf_is_pipe_filename to check for pipes so
that special filesnames are taken into account. This is bug 327.
* tdbdump.c (import_ownertrust): Ditto.
* sign.c (write_plaintext_packet): Ditto.
* progress.c (handle_progress): Ditto.
* plaintext.c (handle_plaintext): Ditto.
* encode.c (encode_simple, encode_crypt): Ditto.
* iobuf.c (iobuf_is_pipe_filename): New.
* fileutil.c (is_file_compressed): Use it here.
showing the user ID as mainproc.c:print_pkenc_list.
* mainproc.c (print_pkenc_list): Allow translating the quotes around the
user ID.
* card-util.c, g10.c, photoid.c, trustdb.c: The last of the \"%s\" -> `%s'
quoting for things that aren't user IDs.
* keyserver.c (keyserver_spawn): If there is no keyserver host, print the
whole URI since it is self-contained.
a revoked or expired key, so BUG() that case. Remove question about
overriding revoked/expired. Also --keyid-format-ify. (do_we_trust_pre):
Use print_pubkey_info() instead of printing the info ourselves.
* passphrase.c (passphrase_to_dek): Improve translatability of user ID
prompts.
* keylist.c (print_pubkey_info): Use the user ID the pk was selected by,
if any.
fix sprintf warnings.
* keyserver.c (keyserver_spawn): Fix BUG() with certain sets of mixed
regular and preferred keyserver refreshes. Noted by Sebastian Wiesinger.
* keyedit.c (show_key_with_all_names): Show uid validity in menu.
.. (maybe_create_keyring): .. new. Make sure that we do the checks in a
locked state. Problem reported by Stefan Haller. Try to create the home
directory before acquiring a lock for the keyring. From Werner on stable
branch.
* g10.c (main): Blow up if we didn't lose setuid. From Werner on stable
branch.
show-sig-expire takes up so we do not wrap lines.
(show_key_with_all_names): No need to show subkey revocations as a
seperate line since we now show revocation date in the main subkey line.
* app-openpgp.c: Made all strings translatable.
(verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin
available for use in gnupg 2.
(verify_chv3): Reimplemented countdown showing to use only
functions from this module. Flush the CVH status cache on a
successful read.
(get_one_do): Hack to bypass the cache for cards versions > 1.0.
(store_fpr): Store the creation date for card version > 1.0.
there by the scdaemon which is a bit different to the direct
integration in gpg 1.3. In general they should all be maintained in
1.9 but while preparing 1.4 its okay to do it in 1.3. We just need to
take some care not to break 1.9 to heavily.
app-openpgp.c: Made all strings translatable.
(verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin
available for use in gnupg 2.
(verify_chv3): Reimplemented countdown showing to use only
functions from this module.
issued, skip right to the CHV1/CHV2 PIN change. No need to show the
unblock or admin PIN change option. (card_edit): Add "admin" command to
add admin commands to the menu. Do not allow admin commands until "admin"
is given.
* app-openpgp.c (verify_chv3): Show a countdown of how many wrong admin
PINs can be entered before the card is locked.
* options.h, g10.c (main), app-openpgp.c (verify_chv3): Remove
--allow-admin.
opt.s2k_digest_algo. This helps fix a problem with PGP 2.x encrypted
symmetric messages. Change all callers (encode.c, g10.c, keyedit.c,
keygen.c, passphrase.c, sign.c).
* armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent in some
more quoted strings. Always use 'user ID', not 'user id', "quotes" for
user IDs, etc.
error. However the backupfile has been created successfully.
* rsa.c (rsa_generate): Return the dummy list of factors only if
the caller asked for it.
* card_util.c (generate_card_keys): ask whether backup should be
created.
(card_store_subkey): Factored some code out to ..
* keygen.c (save_unprotected_key_to_card): .. new function.
(gen_card_key_with_backup): New.
(generate_raw_key): New.
(generate_keypair): New arg BACKUP_ENCRYPTION_DIR. Changed all
callers.
(do_generate_keypair): Divert to gen_card_key_with_backup when
desired.
* g10.c: Make -K an alias for --list-secret-keys.
* keylist.c (print_card_serialno): New. Taken from gnupg 1.9.11.
(list_keyblock_print): Make use of it.
* keyedit.c (show_key_with_all_names): Print the card S/N.
* keyedit.c (keyedit_menu): New command ADDCARDKEY.
* card-util.c (card_generate_subkey): New.
* keygen.c (generate_card_subkeypair): New.
(gen_card_key): New arg IS_PRIMARY; changed all callers.
* cardglue.c (open_card): Use shutdown code if possible.
(check_card_serialno): Ditto.
use_get_string_simple anymore.
* g10.c (list_config): New config option ccid-reader-id.
(gpgconf_list): Add "reader-port".
* apdu.c (open_ccid_reader): New arg PORTSTR. Pass it to
ccid_open_reader.
(apdu_open_reader): Pass portstr to open_ccid_reader.
* ccid-driver.c (ccid_get_reader_list): New.
(ccid_open_reader): Changed API to take a string for the reader.
Removed al the cruft for the libusb development vesion which seems
not to be maintained anymore and there are no packages anyway.
The stable library works just fine.
(struct ccid_reader_id_s): Deleted and replaced everywhere by a
simple string.
(usb_get_string_simple): Removed.
(bulk_in): Do valgrind hack here and not just everywhere.
* misc.c (get_signature_count): New. Get the signature count from a
smartcard. (pct_expando): Call it here so the %c expando becomes the
number of signatures issued. This allows for notations or the like with
an automatic signature count.
* ccid-driver.c (usb_get_string_simple): Replacement function to work with
older libusb.
* ccid-driver.c (read_device_info): Removed.
(make_reader_id, scan_or_find_devices): New.
(ccid_open_reader): Simplified by make use of the new functions.
(ccid_set_debug_level): New. Changed the macros to make use of
it. It has turned out that it is often useful to enable debugging
at runtime so I added this option.
Print a spk record for each request subpacket. (list_keyblock_colon): Call
them here.
* g10.c (parse_subpacket_list, parse_list_options): New. Make the list of
subpackets we are going to print. (main): Call them here.
card to fetch an updated copy. Works with either straight URLs or HKP or
LDAP keyservers.
* keyserver-internal.h, keyserver.c (keyserver_import_fprint), import.c
(revocation_present): Use a keyserver_spec so the caller can pass in
whatever keyserver they like.
* configure.ac: Check for readline. Make enable-card-support the
default. New option --without-readline. Allow the use of either
the development or the stable libusb.
* cardglue.h: Add members for CA fingerprints.
* cardglue.c (agent_release_card_info): Invalid them.
(learn_status_cb): Store them.
* app-common.h, app-openpgp.c, iso7816.c, iso7816.h
* apdu.c, apdu.h, ccid-driver.c, ccid-driver.h
* card-util.c: Updated from current gnupg-1.9.
* ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New.
* ccid-driver.c (ccid_open_reader): Support the stable 0.1 version
of libusb.
(ccid_get_atr): Handle short messages.
* apdu.c (my_rapdu_get_status): Implemented.
* apdu.c: Include <signal.h>.
* apdu.c (reader_table_s): Add function pointers for the backends.
(apdu_close_reader, apdu_get_status, apdu_activate)
(send_apdu): Make use of them.
(new_reader_slot): Intialize them to NULL.
(dump_ccid_reader_status, ct_dump_reader_status): New.
(dump_pcsc_reader_status): New.
(open_ct_reader, open_pcsc_reader, open_ccid_reader)
(open_osc_reader, open_rapdu_reader): Intialize function pointers.
(ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu)
(error_string): Removed. Replaced by apdu_strerror.
(get_ccid_error_string): Removed.
(ct_activate_card): Remove the unused loop.
(reset_ct_reader): Implemented.
(ct_send_apdu): Activate the card if not yet done.
(pcsc_send_apdu): Ditto.
* ccid-driver.h: Add error codes.
* ccid-driver.c: Implement more or less proper error codes all
over the place.
* apdu.c (apdu_send_direct): New.
(get_ccid_error_string): Add some error code mappings.
(send_apdu): Pass error codes along for drivers already supporting
them.
(host_sw_string): New.
(get_ccid_error_string): Use above.
(send_apdu_ccid): Reset the reader if it has not yet been done.
(open_ccid_reader): Don't care if the ATR can't be read.
(apdu_activate_card): New.
(apdu_strerror): New.
(dump_reader_status): Only enable it with opt.VERBOSE.
* iso7816.c (map_sw): Add mappings for the new error codes.
* apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader)
(reset_ccid_reader, open_osc_reader): Call dump_reader_status only
in verbose mode.
* app-openpgp.c (do_getattr): Fix for sending CA-FPR.
* app-openpgp.c (app_openpgp_readkey): Fixed check for valid
exponent.
* app-openpgp.c (do_setattr): Sync FORCE_CHV1.
* card-util.c (change_login): Kludge to allow reading data from a
file.
(card_edit): Pass ARG_STRING to change_login.
(card_status): Print CA fingerprints.
(change_cafpr): New.
(card_edit): New command CAFPR.
* errors.h (G10ERR_NO_CARD, G10ERR_CANCELED): New error codes.
* errors.c (g10_errstr): New error codes G10ERR_NO_CARD,
G10ERR_CANCELED.
* signal.c (got_fatal_signal): Do readline cleanup. Print signal
number if we can't print the name. Use new autoconf macro
HAVE_DECL_SYS_SIGLIST.
(get_signal_name): Removed.
* ttyio.c (tty_get): Add readline support.
* parse-packet.c (skip_rest): Removed. Changed all callers to use
the new iobuf_skip_reset. Orginal patch by Florian Weimer.
* iobuf.c (iobuf_skip_rest): New. Orginal patch by Florian
Weimer. Added new argument PARTIAL.
we are taking.
* keyid.c (keystr): If printing a keyid that lacks the high 4 bytes, print
the low 4 alone. (keystr_from_desc): Handle short keyids and warn on v3
fingerprints.
* g10.c (main): New alias --throw-keyid for --throw-keyids, so that it
continues to work in old configuration files. Noted by Jens Adam.
* pkclist.c (algo_available): --pgp8 now allows blowfish, zlib, and bzip2.
* status.c (do_get_from_fd): Flush stdout if status isn't flushing it for
us. This guarantees that any menus that were displayed before the prompt
don't get stuck in a buffer. Noted by Peter Palfrader. This is Debian
bug #254072.
* sign.c (update_keysig_packet): Revert change of 2004-05-18. It is not
appropriate to strip policy and notations when remaking a sig. That
should only happen when specifically requested by the user.
uids are always on a line for themselves. Mark expired secret keys as
expired.
* options.h, g10.c (main): Rename list show-validity to show-uid-validity
as it only shows for uids.
* armor.c (armor_filter): Do not use padding to get us to 8 bytes of
header. Rather, use 2+4 as two different chunks. This avoids a fake
filename of "is".
expired user IDs. Also, once we've established that a given uid cannot or
will not be signed, don't continue to ask about each sig.
* mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check the S2K
hash algorithm before we try to generate a passphrase using it. This
prevents hitting BUG() when generating a passphrase using a hash that we
don't have.
* sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign
--symmetric messages.
continuing confusion and make room for possible changes in devel.
* parse-packet.c (parse_plaintext): Show the hex value for the literal
packet mode since it may not be printable.
* keygen.c (make_backsig): Make sure that the backsig was built
successfully before we try and use it.
* status.h, status.c (get_status_string), plaintext.c (handle_plaintext):
New status tags PLAINTEXT and PLAINTEXT_LENGTH.
which we hashed them when issuing the signature. Noted by Nicholas Cole.
* pkclist.c (do_edit_ownertrust): Fix a kbnode leak and do another
keyid-format conversion.
keyservers, and auto-key-retrieve is set, try and get a missing key from
the preferred keyserver subpacket when we verify the sig.
* gpgv.c (parse_preferred_keyserver, free_keyserver_spec): Stubs.
* keyserver.c (keyidlist): Use new parse_preferred_keyserver function.
(keyserver_work): Use the passed-in keyserver spec rather than the options
global one.
* keyserver-internal.h, keyserver.c (parse_preferred_keyserver): New
function to take a sig and return a split out keyserver_spec.
(keyserver_import_keyid): Now takes a keyserver_spec.
merge selfsigs if we have to for honor-keyserver-url. (keyserver_refresh):
Keyserver URL handler moved here. (calculate_keyid_fpr): Removed.
* keydb.h, keyid.c (keystr_from_desc): Calculate a key string from a
KEYDB_SEARCH_DESC.
keyserver to happen even if there is no global keyserver set.
* sig-check.c (do_check_messages): No need to check for Elgamal signatures
any longer. (do_check_messages, do_check, check_key_signature2):
--keyid-format conversion.
* pkclist.c (show_paths, edit_ownertrust): Remove some unused code.
* mainproc.c (check_sig_and_print): track whether we are retrieving a key.
* status.c (status_currently_allowed): New. (write_status_text,
write_status_text_and_buffer): Use it here.
* g10.c: New command --gpgconf-list. (gpgconf_list): New. From Werner on
stable branch.
Improved URI parser that keeps track of the path information and doesn't
modify the input string. (keyserver_spawn): Tell keyserver plugins about
the path.
(list_one): Use const char* for i18n string helpers.
* keygen.c (do_generate_keypair, read_parameter_file): Really
close the files.
(do_generate_keypair): Create the secret key file using safe
permissions. Noted by Atom Smasher.
preferred keyserver on "keyserver" command line. Sanity check keyserver
URL before accepting it.
* keyserver-internal.h, g10.c (main), keyserver.c (parse_keyserver_uri):
Add an option to require the scheme:// and change all callers.
(free_keyserver_spec): Make public.
show. Don't allow a not-shown notation to prevent us from issuing the
proper --status-fd message.
* options.h, g10.c (main): Add show-std/standard-notations and
show-user-notations. show-notations is both. Default is to show standard
notations only during verify. Change all callers.
using key_byname to do the heavy lifting. Note that this also fixes an
old problem when the first key on the secret keyring has an unusable stub
primary, but is still chosen.
backsigs.
* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid. If DO_BACKSIGS is not defined, fake this as
always valid.
* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.
* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.