uids are always on a line for themselves. Mark expired secret keys as
expired.
* options.h, g10.c (main): Rename list show-validity to show-uid-validity
as it only shows for uids.
* armor.c (armor_filter): Do not use padding to get us to 8 bytes of
header. Rather, use 2+4 as two different chunks. This avoids a fake
filename of "is".
continuing confusion and make room for possible changes in devel.
* parse-packet.c (parse_plaintext): Show the hex value for the literal
packet mode since it may not be printable.
* keygen.c (make_backsig): Make sure that the backsig was built
successfully before we try and use it.
* status.h, status.c (get_status_string), plaintext.c (handle_plaintext):
New status tags PLAINTEXT and PLAINTEXT_LENGTH.
preferred keyserver on "keyserver" command line. Sanity check keyserver
URL before accepting it.
* keyserver-internal.h, g10.c (main), keyserver.c (parse_keyserver_uri):
Add an option to require the scheme:// and change all callers.
(free_keyserver_spec): Make public.
show. Don't allow a not-shown notation to prevent us from issuing the
proper --status-fd message.
* options.h, g10.c (main): Add show-std/standard-notations and
show-user-notations. show-notations is both. Default is to show standard
notations only during verify. Change all callers.
parse_keyserver_options now returns a success code.
* keyserver.c (parse_keyserver_options): Return error on failure to parse.
Currently there is no way to fail as any unrecognized options get saved to
be sent to the keyserver plugins later. Check length of keyserver option
tokens since with =arguments we must only match the prefix.
(free_keyserver_spec): Moved code from parse_keyserver_url.
(keyserver_work, keyserver_spawn): Pass in a struct keyserver_spec rather
than using the global keyserver option. (calculate_keyid_fpr): New.
Fills in a KEYDB_SEARCH_DESC for a key. (keyidlist): New implementation
using get_pubkey_bynames rather than searching the keydb directly. If
honor-keyserver-url is set, make up a keyserver_spec and try and fetch
that key directly. Do not include it in the returned keyidlist in that
case.
requires end of line conversion. This is being considered for a UTF8 text
packet. If this doesn't take place, no major harm done. If it does take
place, we'll get a jump on starting the changeover.
* g10.c (main): --no-use-embedded-filename.
* build-packet.c (calc_plaintext, do_plaintext): Do not create illegal
(packet header indicates a size larger than the actual packet) encrypted
data packets when not compressing and using a filename longer than 255
characters.
* keyedit.c (no_primary_warning): Cleanup. (menu_expire): Don't give
primary warning for subkey expiration changes. These cannot reorder
primaries.
keyserver.c (parse_keyserver_uri): Parse keyserver URI into a structure.
Cleanup for new "guess my keyserver" functionality, as well as refreshing
via a preferred keyserver subpacket.
functions in log_debug.
* import.c (import_one): Try and collapse user IDs when importing a key
for the first time.
* keyedit.c (menu_addrevoker): Allow appointing a subkey as a designated
revoker if the user forces it via keyid!, so long as the subkey can
certify. Also use the proper date string when prompting for confirmation.
* g10.c (main): Maintain ordering of multiple Comment lines. Requested by
Peter Hyman.
(passphrase_to_dek), keyserver.c (print_keyrec): A few more places to use
--keyid-format.
* options.h, g10.c (main), export.c (parse_export_options,
do_export_stream): Remove --export-all and the "include-non-rfc"
export-option as they are no longer meaningful with the removal of v3
Elgamal keys.
replace the list-option (and eventually verify-option) show-long-keyids.
The format can be short, long, 0xshort, and 0xlong.
* keydb.h, keyid.c (keystr, keystrlen): New functions to generate a
printable keyid.
* keyedit.c (print_and_check_one_sig, show_key_with_all_names), keylist.c
(list_keyblock_print): Use new keystr() function here to print keyids.
* encode.c (encode_simple): Show cipher with --verbose.
* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level. If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
* main.h, misc.c (parse_options), export.c (parse_export_options),
import.c (parse_import_options), g10.c (main): Use it here to allow for
options with optional arguments. Change all callers.
general command list functionality to replace it.
* g10.c (main): Use the general command functionality to implement
--sign-key, --lsign-key, --nrsign-key, and --nrlsign-key.
runtime as it properly handles algorithms disabled at build or run time.
* getkey.c (merge_selfsigs_main): Properly handle expired user IDs when
the expired self-sig is not the only self-sig.
* misc.c (compress_algo_to_string): Return NULL on failure like all of the
other xxxx_algo_to_string() functions.
* mainproc.c (list_node): Minor spacing tweak to match --list-keys output.
* keylist.c (list_keyblock_print), mainproc.c (list_node): Mark revoked
subkeys as revoked. Requested by Matthew Wilcox. Revoked overrides
expiration when both apply.
* keyedit.c (show_prefs): Use compress algo constants.
(show_basic_key_info): Make revoked and expired tags translatable.
* g10.c (rm_group): Properly ungroup from a list of groups.
group. (add_group): When adding a group with the same name as an already
existing group, merge the two groups. (list_config): Show an error message
when listing a config item that doesn't exist. (main): Replace -z0 trick
for no compression.
* packet.h, keyedit.c (show_key_with_all_names_colon), keylist.c
(list_keyblock_colon), mainproc.c (list_node, proc_tree): Minor cleanup to
remove local_id, which is no longer used.
* options.h, g10.c (set_screen_dimensions): New function to look at
COLUMNS and LINES.
* keyserver.c (parse_keyrec, keyserver_search_prompt), keyedit.c
(print_and_check_one_sig): Use new screen dimension variables.
Currently requires --with-colons. (collapse_args): New function to turn
argc/argv into a single string. (main): Use it here to pass list_config()
more than one argument as a single string. (print_algo_numbers): Helper to
print algorithm number for --list-config "pubkey", "cipher",
"hash"/"digest", and "compress" config options.
keyring.c (keyring_rebuild_cache): Add "noisy" flag so cache rebuilds can
remain noisy when called for itself, and quiet when called as part of the
trustdb rebuild.
* trustdb.c (validate_keys): Rebuild the sig caches before building the
trustdb. Note that this is going to require some architectual
re-thinking, as it is agonizingly slow.
parse_keyserver_uri): honor-http-proxy is no longer an option since we can
do the same thing with http-proxy with no arguments. Also remove
broken-http-proxy since it can be better handled in the HTTP helper.
the messages about which option didn't match or matched ambiguously.
Change all callers (g10.c, keyserver.c).
* main.h, import.c (import_options), export.c (export_options): Pass the
noisy flag through.
encode_md_value), sig-check.c (do_check), sign.c (do_sign): Remove
--emulate-md-encode-bug as it only applied to Elgamal signatures, which
are going away.
* main.h, encode.c (setup_symkey): New. Prompt for a passphrase and
create a DEK for symmetric encryption. (write_symkey_enc): New. Write out
symmetrically encrypted session keys. (encode_crypt, encrypt_filter): Use
them here here when creating a message that can be decrypted with a
passphrase or a pk.
* sign.c (sign_file): Call setup_symkey if we are doing a --symmetric
--sign --encrypt.
--quiet is set. Suggested by Duncan Harris. Also don't fail with BUG()
when processing a --symmetric message with a cipher we don't have.
* g10.c: Alias --personal-xxx-prefs to --personal-xxx-preferences.
list of ultimately trusted keys.
* keygen.c (do_generate_keypair): Use it here so that the ultimate
ownertrust happens before the trustdb (might be) rebuilt. Also fix an
error where the newly generated pk is thought to be a subkey by the
trustdb.
* g10.c (main): Fix --export-all do actually do something different than
--export.
* pkclist.c (build_pk_list): Show all recipients rather than showing each
recipient as they are added.
* mainproc.c (proc_symkey_enc, proc_encrypted): Keep a count of the number
of passphrases that can decrypt a symmetric or mixed symmetric/pk message
and include it in the list of keys shown to the user.
check_compress_algo): Add bzip2.
* compress.c (compress_filter): Make static to help force the use of
push_compress_filter. Remove default algorithm setting since that is done
in push_compress_filter now.
* main.h: Use named algorithm.
* filter.h, compress.c (push_compress_filter, push_compress_filter2): New.
Figure out which is the appropriate compression filter to use, and push it
into place.
* compress.c (handle_compressed), encode.c (encode_simple, encode_crypt),
sign.c (sign_file, sign_symencrypt_file), import.c (read_block), export.c
(do_export): Use push_compress_filter instead of pushing the compression
filter ourselves.
* compress-bz2.c: New. Bzlib versions of the compression filter routines.
* Makefile.am: Include compress-bz2.c if bz2lib is available.
message that can be decrypted via a passphrase or public key system.
* main.h, encode.c (encode_seskey): Allow passing in an already-created
session key dek. (encode_simple): Use the actual symmetric cipher when
encrypting a session key for a symmetric message. (encode_crypt): Add a
flag to trigger a hybrid mode that can be decrypted via a passphrase or a
pk. Change all callers.
* mainproc.c (symkey_decrypt_sesskey): There is no way to tell the
difference here between a bad passphrase and a cipher algorithm that we
don't have, so use a error message that makes that clear. Use the actual
list of ciphers when checking whether a cipher is invalid. Return error
if the decrypted cipher algorithm is invalid. (proc_symkey_enc): In a
mixed passphrase/pk message, if a valid dek already exists from decrypting
via pk, do not try to process the passphrase. (proc_symkey_enc): Indicate
when we're decrypting a session key as opposed to decrypting data. If a
passphrase is invalid, discard the dek so we'll keep trying.
Changed all callers.
* cardglue.c (pin_cb): Use it here, so the machine interface can
tell whether the Admin PIN is requested.
* cardglue.c (agent_scd_checkpin): New.
* misc.c (openpgp_pk_algo_usage): Added AUTH usage.
* app-openpgp.c (check_against_given_fingerprint): New. Factored
out that code elsewhere.
(do_check_pin): New.
* card-util.c (card_edit): New command "passwd". Add logic to
check the PIN in advance.
(card_status): Add new args to return the serial number. Changed
all callers.