Provide a signing-key-is-revoked flag. Change all callers.
* status.h, status.c (get_status_string): New REVKEYSIG status tag for a
good signature from a revoked key.
* mainproc.c (do_check_sig, check_sig_and_print): Use it here.
* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual
signatures on import rather than using keyid or class matching. This does
not change actual behavior with a key, but does mean that all sigs are
imported whether they will be used or not.
* parse-packet.c (parse_signature): Don't give "signature packet without
xxxx" warnings for experimental pk algorithms. An experimental algorithm
may not have a notion of (for example) a keyid (i.e. PGP's x.509 stuff).
do_check): If ret_pk is set, fill in the pk used to verify the signature.
Change all callers in getkey.c, mainproc.c, and sig-check.c.
* keylist.c (list_keyblock_colon): Use the ret_pk from above to put the
fingerprint of the signing key in "sig" records during a --with-colons
--check-sigs. This requires --no-sig-cache as well since we don't cache
fingerprints.
--with-colons mode. Actually translate "Keyring" string.
* mainproc.c (proc_tree): We can't currently handle multiple signatures of
different classes or digests (we'd pretty much have to run a different
hash context for each), but if they are all the same, make an exception.
This is Debian bug #194292.
* sig-check.c (check_key_signature2): Make string translatable.
* packet.h, getkey.c (fixup_uidnode): Mark real primary uids differently
than assumed primaries.
* keyedit.c (no_primary_warning): Use the differently marked primaries
here in a new function to warn when an --edit-key command might rearrange
the self-sig dates enough to change which uid is primary. (menu_expire,
menu_set_preferences): Use no_primary_warning() here.
* Makefile.am: Use @DLLIBS@ for -ldl.
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy. Cache the result of the check so we don't
need to hit the trustdb more than once.
* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.
* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.
* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.
* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.
* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.
* exec.h, photoid.h: Add copyright message.
* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings. This is for
consistency with --show-photos.
* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.
* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options. This is the same as --no-XXXX for those options.
* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question. This is bug 153.
* keyedit.c (sign_uids): Show keyid of the key making the signature.
(do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c
(dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old
sig cache subpacket. This wasn't completely harmless as it caused
subpacket 101 to disappear on import and export.
* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c,
encode.c, getkey.c, revoke.c: The current flags for different levels of
PGP-ness are massively complex. This is step one in simplifying them. No
functional change yet, just use a macro to check for compliance level.
* sign.c (sign_file): Fix bug that causes spurious compression preference
warning.
* sign.c (clearsign_file): Fix bug that prevents proper warning message
from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key.
* main.h, misc.c (compliance_option_string, compliance_string,
compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New
functions to put the "this message may not be usable...." warning in one
place.
* options.h, g10.c (main): Part two of the simplification. Use a single
enum to indicate what we are compliant to (1991, 2440, PGPx, etc.)
* g10.c (main): Show errors for failure in export, send-keys, recv-keys,
and refresh-keys.
* options.h, g10.c (main): Give algorithm warnings for algorithms chosen
against the --pgpX and --openpgp rules.
* keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp
mode.
* sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of
0.
(segfault). Noted by Marcus Brinkmann. Push and reinitialize textmode
filter for each file in a multiple file list.
* packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set and show
the keyserver no-modify flag.
* keygen.c (add_keyserver_modify): New. (keygen_upd_std_prefs): Call it
here. (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as
prefs to set and unset keyserver modify flag.
keydb.h, keyid.c (namehash_from_uid): New function to rmd160-hash the
contents of a user ID packet and cache it in the uid object.
* keylist.c (list_keyblock_colon): Use namehash in field 8 of uids. Show
dates for creation (selfsig date), and expiration in fields 6 and 7.
* trustdb.c (get_validity, get_validity_counts, update_validity): Use new
namehash function rather than hashing it locally.
* trustdb.h, trustdb.c (trust_letter): Make static. (get_ownertrust_info,
get_validity_info): Don't mask the trust level twice.
* trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
keylist.c (list_keyblock_colon), keyedit.c (show_key_with_all_names_colon,
menu_revuid): Pass a user ID in rather than a namehash, so we only have to
do the hashing in one place.
* packet.h, pkclist.c (build_pk_list), free-packet.c
(release_public_key_parts): Remove unused namehash element for public
keys.
trustdb.c (update_validity): Store temporary full & marginal counts in the
trustdb. (clear_validity, get_validity_counts): Return and clear temp
counts. (store_validation_status): Keep track of which keyids have been
stored. (validate_one_keyblock, validate_key_list): Use per-uid copies of
the full & marginal counts so they can be recalled for multiple levels.
(validate_keys): Only use unused keys for each new round.
(reset_unconnected_keys): Rename to reset_trust_records, and only skip
specifically excluded records.
Minimal isn't always best.
* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time. Make sure that this doesn't
cause a time warp.
* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).
* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.
* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).
* packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.
like "fully trusted", "marginally trusted", etc. (get_min_ownertrust):
New. Return minimum ownertrust. (update_min_ownertrust): New. Set
minimum ownertrust. (check_regexp): New. Check a regular epression
against a user ID. (ask_ownertrust): Allow specifying a minimum value.
(get_ownertrust_info): Follow the minimum ownertrust when returning a
letter. (clear_validity): Remove minimum ownertrust when a key becomes
invalid. (release_key_items): Release regexp along with the rest of the
info. (validate_one_keyblock, validate_keys): Build a trust sig chain
while validating. Call check_regexp for regexps. Use the minimum
ownertrust if the user does not specify a genuine ownertrust.
* pkclist.c (do_edit_ownertrust): Only allow user to select a trust level
greater than the minimum value.
* parse-packet.c (can_handle_critical): Can handle critical trust and
regexp subpackets.
* trustdb.h, trustdb.c (clear_ownertrusts), delkey.c (do_delete_key),
import.c (import_one): Rename clear_ownertrust to clear_ownertrusts and
have it clear the min_ownertrust value as well.
* keylist.c (list_keyblock_print): Indent uid to match pub and sig.
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.
* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.
* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).
that fact in the capabilities, and only primary signing keys can certify
other keys.
* packet.h, parse_packet.c (parse_key): Add is_primary flag for public
keys (it already exists for secret keys).