is dirty and --interactive is set, do an --update-trustdb. If not
interactive, do a --check_trustdb unless --no-auto-check-trustdb is
set.
* import.c (import_keys_internal): Moved from here.
* keyserver.c (keyserver_refresh): Call it here after all refreshing
has happened so that we don't rebuild after each preferred keyserver
set of imports, but do one big rebuild at the end. This is Debian bug
#293816, noted by Kurt Roeckx.
before the encryption key. This is a partial workaround for a PGP bug
(as of this writing, all versions including 8.1), that causes it to
try and encrypt to the most recent subkey regardless of whether that
subkey is actually an encryption type. In this case, the auth key is
an RSA key so it succeeds.
instead of 0x0000000000000000 for the invalid key ID since all-zeroes
is reserved for the anonymous recipient.
* keyedit.c (change_passphrase), keygen.c (generate_subkeypair): Fix a
string ;)
ask for the passphrase. Return an error if the primary key is a
plain stub.
* keyedit.c (change_passphrase): Don't ever change any stub key.
Print a note if a key consists of only stub keys. Reported by
Dany Nativel. These are bugs #401 and #402.
the cache. Changed all callers.
(get_one_do): Bypass the cache if the value would have been read
directly for v1.1 cards.It makes things a bit slower but obnly for
1.0 cards and there are not that many cards out in the wild. This
is required to fix a caching bug when generating new keys; as a
side effect of the retrieval of the the C4 DO from the 6E DO the
chaced fingerprint will get updated to the old value and later
when signing the generated key the checking of the fingerprint
fails becuase it won't match the new one. Thanks to Moritz for
analyzing this problem.
(verify_chv3): Removed the CHV status reread logic because we
won't cache the C4 DO anymore.
* card-util.c (card_status): Create asecret key stub on the fly
and print more information about a card key.
* import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New.
* getkey.c (get_seckeyblock_byfprint): New.
* keylist.c (print_card_key_info): New.
initialization.
* gpgv.c (i18n_init) [W32]: Ditto.
* simple-gettext.c (set_gettext_file): Use MO files depending on
the installation directory. Add new arg REGKEY.
filter context instead of hardcoding '\n' or '\r\n'. If no eol string is
provided, default to '\n' or '\r\n' as appropriate. (is_armor_header):
Trim tabs in armor header lines as well.
* keyserver.c (keyserver_spawn): Use it here to force '\n' line endings
since the keyserver output file gets a LF->CRLF expansion on win32.
* armor.c (is_armor_header): Allow CR and LF (not just actual spaces) in
an armor header line (-----BEGIN etc). This is needed due to CRLF issues
on win32. As before, --openpgp makes it strict.
(scan_or_find_devices): Add new args to return endpoint info and
interface number.
(ccid_open_reader, ccid_shutdown_reader): Take care of these new
args.
(bulk_in, bulk_out): Use the correct endpoints.
(ccid_transceive_apdu_level): New.
(ccid_transceive): Divert to above.
(parse_ccid_descriptor): Allow APDU level exchange mode.
(do_close_reader): Pass the interface number to usb_release_interface.
common type (e.g. ldaps -> ldap). If we are building with curl, map both
http and ftp to curl.
* build-packet.c (build_sig_subpkt): Only allow one preferred keyserver
subpacket at a time.
chosen selfsig so we don't accidentally promote an older selfsig to
chosen. Discovered by Simon Josefsson and 'Todd'.
* keygen.c (ask_expire_interval): Fix typo.
passphrase still wrong. Roman Pavlik found such a case.
* mpicoder.c (mpi_read_from_buffer): Don't abort in case of an
invalid MPI but print a message and return NULL. Use log_info and
not log_error.
* passphrase.c: Don't check for __CYGWIN__, so it is treated as a
unix-like system.
* options.h, g10.c (main), textfilter.c (standard): Use new option
--rfc2440-text to determine whether to filter "<space>\t\r\n" or just
"\r\n" before canonicalizing text line endings. Default to
"<space>\t\r\n".
temporary user ID.
* keyedit.c (keyedit_menu): Merge updpref and setpref. Keep updpref as an
invisible alias. Add invisible alias for revphoto. Fix small memory leak
when using "setpref" (not all of the uid was freed). (menu_revkey):
Trigger a trust rebuild after revoking a key. Don't allow revoking an
already-revoked whole key. (menu_revsubkey): Don't allow revoking an
already-revoked subkey.
Revoke a whole key. (keyedit_menu): Call it here for when 'revkey' is used
without any subkeys selected. This is to be consistent with the other
functions which are "selected part if selected, whole key if not".
exit if it cannot lock memory. Also remove --nrsign-key and --nrlsign-key
since this can better be done via --edit-key.
* secmem.c (secmem_init): Return a flag to indicate whether we got the
lock.
* memory.h: Return a flag to indicate whether we got the lock.
(status_one_subpacket, print_one_subpacket): Fix some compiler warnings.
* g10.c (main): Fix --compression-algo to take a string argument like
--compress-algo.
* trustdb.c (uid_trust_string_fixed): For safety, check for a pk.
revoked.
* keyedit.c (show_key_with_all_names): Don't show validity for secret key
UIDs.
* keyedit.c (parse_sign_type): New. Figure out the flags (local,
nonrevoke, trust) for a signature. (keyedit_menu): Call it here so we can
mix and match flags, and don't need "nrltsign", "ltsign", "tnrsign", etc,
etc, etc.
(not used). (standard): 2440 says that textmode hashes should canonicalize
line endings to CRLF and remove spaces and tabs. 2440bis-12 says to just
canonicalize to CRLF. So, we default to the 2440bis-12 behavior, but
revert to the strict 2440 behavior if the user specifies --rfc2440. In
practical terms this makes no difference to any signatures in the real
world except for a textmode detached signature.
CUSTOM_DESCRIPTION. Changed all callers.
* app-openpgp.c (do_getattr, do_learn_status, do_setattr): Support
the new private DOs.
(do_change_pin): Add a "N" prefix to the strings so that the
callback can act accordingly for a new PIN. Unfortunately this
breaks existing translations but I see no wother way to overvome
this.
* cardglue.c (learn_status_cb): Ditto.
(agent_release_card_info): Ditto.
(struct pin_cb_info_s): Removed and changed all users.
(pin_cb): Reworked.
* card-util.c (card_status): Print them
(card_edit): New command PRIVATEDO.
(change_private_do): New.
hardcoding key sizes. Bump default to 2048. Bump minimum down to 512,
where possible, but require --expert to get there. DSA is always 1024
unless --expert is given.
Set PUBKEY_USAGE_UNKNOWN to handle flags that we don't understand.
(fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey): Call it from
here to remove duplicate code.
(parse_import_options, import_keys_internal): Make the import-options and
export-options distinct since they can be mixed together as part of
keyserver-options.
translatable string similar to trust_value_to_string. This allows for
easier lining up of displays.
* keyedit.c (show_key_with_all_names), keylist.c (list_keyblock_print):
Use it here to print validity strings.
* gpgv.c: Stub.
(main): Unconditionally implement --status-file, --logger-file,
--attribute-file, --passphrase-file, --command-file. This is not
generally useful but easy to support and might make scripting
under Windows easier.
filename when using --use-embedded-filename with input that has no
filename (clearsigned or message generated from a pipe).
* encode.c (encode_simple, encode_crypt), progress.c (handle_progress),
sign.c (write_plaintext_packet): Fix a few inconsistent calls (NULL
filename means a pipe here, so don't bother to check it twice).
MD5, so give a warning. (print_pubkey_algo_note, print_cipher_algo_note,
print_digest_algo_note): Give the algorithm name in the experimental algo
warning.
Elgamal signing keys since we no longer support any Elgamal signing keys.
* sign.c (sign_file, clearsign_file): Use "writing to" instead of "writing
to file" to match other strings.
* pkclist.c (check_signatures_trust): Fix typo. Noted by Moray Allan.
This is Debian bug #278708.
* passphrase.c (ask_passphrase, passphrase_to_dek): "password" ->
"passphrase".
* keyedit.c (show_key_with_all_names): Show designated revoker as part of
translatable string.
--status interface.
* card-util.c (card_edit): Show when admin is enabled or not.
* status.h, status.c: New STATUS_SIG_SUBPACKET type.
* build-packet.c (build_sig_subpkt): Multiple keyserver URLs are allowed.
* exec.c, sign.c: Change "can't open file" to "can't open" and "can't
create file" to "can't create" to be consistent with other strings so we
don't have to translate both.
* app-common.h (app_openpgp_storekey: Add prototype.
* app-openpgp.c (do_sign): Replace asprintf by direct allocation.
This avoids problems with missing vasprintf implementations.
* card-util.c (generate_card_keys): Add a #warning for gnupg 1.9
and use the same string there.
* util.h [!HAVE_VASPRINTF]: Removed prototype.
* vasprintf.c: Removed. It was used only at one place and I don't
want to get into build problems in 1.4.
(pcsc_get_status): Implemented.
(reset_pcsc_reader): Implemented.
(open_pcsc_reader): Succeed even with no card inserted.
(open_ccid_reader): Set LAST_STATUS.
* iso7816.c (iso7816_select_application): Always use 0 for P1.
* status.h (STATUS_NEED_PASSPHRASE_PIN): New.
* status.c (get_status_string): Added.
* passphrase.c (ask_passphrase): Moved status printing to ..
* cardglue.c (pin_cb): .. here and issue new status message.
* keyedit.c (sign_uids): Don't include the leading LF in the
translatable string but print them separately.
* apdu.c (apdu_open_remote_reader) [_WIN32]: We don't have ENOSYS.
after the first user ID.
* keyedit.c (show_key_with_all_names): Don't show validity if we're just
printing user IDs for signing.
* armor.c (fake_packet): Properly handle the case where the line is
dash-space (i.e. a blank line that was quoted). Give a warning for bad
dash escaping.
trust since the meaning is different.
* keyedit.c (trustsig_prompt): Change the strings to match the ones in
pkclist.c:do_edit_ownertrust to make translation easier.
* trustdb.c (trust_model_string, get_validity): Add direct trust model
which applies to the key as a whole and not per-uid.
* options.h, g10.c (parse_trust_model): New. (main): Call it from here to
do string-to-trust-model.
http.
* openfile.c (overwrite_filep, make_outfile_name, open_outfile)
(open_sigfile): Use iobuf_is_pipe_filename to check for pipes so
that special filesnames are taken into account. This is bug 327.
* tdbdump.c (import_ownertrust): Ditto.
* sign.c (write_plaintext_packet): Ditto.
* progress.c (handle_progress): Ditto.
* plaintext.c (handle_plaintext): Ditto.
* encode.c (encode_simple, encode_crypt): Ditto.
* iobuf.c (iobuf_is_pipe_filename): New.
* fileutil.c (is_file_compressed): Use it here.
showing the user ID as mainproc.c:print_pkenc_list.
* mainproc.c (print_pkenc_list): Allow translating the quotes around the
user ID.
* card-util.c, g10.c, photoid.c, trustdb.c: The last of the \"%s\" -> `%s'
quoting for things that aren't user IDs.
* keyserver.c (keyserver_spawn): If there is no keyserver host, print the
whole URI since it is self-contained.
a revoked or expired key, so BUG() that case. Remove question about
overriding revoked/expired. Also --keyid-format-ify. (do_we_trust_pre):
Use print_pubkey_info() instead of printing the info ourselves.
* passphrase.c (passphrase_to_dek): Improve translatability of user ID
prompts.
* keylist.c (print_pubkey_info): Use the user ID the pk was selected by,
if any.
fix sprintf warnings.
* keyserver.c (keyserver_spawn): Fix BUG() with certain sets of mixed
regular and preferred keyserver refreshes. Noted by Sebastian Wiesinger.
* keyedit.c (show_key_with_all_names): Show uid validity in menu.
.. (maybe_create_keyring): .. new. Make sure that we do the checks in a
locked state. Problem reported by Stefan Haller. Try to create the home
directory before acquiring a lock for the keyring. From Werner on stable
branch.
* g10.c (main): Blow up if we didn't lose setuid. From Werner on stable
branch.
show-sig-expire takes up so we do not wrap lines.
(show_key_with_all_names): No need to show subkey revocations as a
seperate line since we now show revocation date in the main subkey line.
* app-openpgp.c: Made all strings translatable.
(verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin
available for use in gnupg 2.
(verify_chv3): Reimplemented countdown showing to use only
functions from this module. Flush the CVH status cache on a
successful read.
(get_one_do): Hack to bypass the cache for cards versions > 1.0.
(store_fpr): Store the creation date for card version > 1.0.
there by the scdaemon which is a bit different to the direct
integration in gpg 1.3. In general they should all be maintained in
1.9 but while preparing 1.4 its okay to do it in 1.3. We just need to
take some care not to break 1.9 to heavily.
app-openpgp.c: Made all strings translatable.
(verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin
available for use in gnupg 2.
(verify_chv3): Reimplemented countdown showing to use only
functions from this module.
issued, skip right to the CHV1/CHV2 PIN change. No need to show the
unblock or admin PIN change option. (card_edit): Add "admin" command to
add admin commands to the menu. Do not allow admin commands until "admin"
is given.
* app-openpgp.c (verify_chv3): Show a countdown of how many wrong admin
PINs can be entered before the card is locked.
* options.h, g10.c (main), app-openpgp.c (verify_chv3): Remove
--allow-admin.
opt.s2k_digest_algo. This helps fix a problem with PGP 2.x encrypted
symmetric messages. Change all callers (encode.c, g10.c, keyedit.c,
keygen.c, passphrase.c, sign.c).
* armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent in some
more quoted strings. Always use 'user ID', not 'user id', "quotes" for
user IDs, etc.
error. However the backupfile has been created successfully.
* rsa.c (rsa_generate): Return the dummy list of factors only if
the caller asked for it.
* card_util.c (generate_card_keys): ask whether backup should be
created.
(card_store_subkey): Factored some code out to ..
* keygen.c (save_unprotected_key_to_card): .. new function.
(gen_card_key_with_backup): New.
(generate_raw_key): New.
(generate_keypair): New arg BACKUP_ENCRYPTION_DIR. Changed all
callers.
(do_generate_keypair): Divert to gen_card_key_with_backup when
desired.
* g10.c: Make -K an alias for --list-secret-keys.
* keylist.c (print_card_serialno): New. Taken from gnupg 1.9.11.
(list_keyblock_print): Make use of it.
* keyedit.c (show_key_with_all_names): Print the card S/N.
* keyedit.c (keyedit_menu): New command ADDCARDKEY.
* card-util.c (card_generate_subkey): New.
* keygen.c (generate_card_subkeypair): New.
(gen_card_key): New arg IS_PRIMARY; changed all callers.
* cardglue.c (open_card): Use shutdown code if possible.
(check_card_serialno): Ditto.
use_get_string_simple anymore.
* g10.c (list_config): New config option ccid-reader-id.
(gpgconf_list): Add "reader-port".
* apdu.c (open_ccid_reader): New arg PORTSTR. Pass it to
ccid_open_reader.
(apdu_open_reader): Pass portstr to open_ccid_reader.
* ccid-driver.c (ccid_get_reader_list): New.
(ccid_open_reader): Changed API to take a string for the reader.
Removed al the cruft for the libusb development vesion which seems
not to be maintained anymore and there are no packages anyway.
The stable library works just fine.
(struct ccid_reader_id_s): Deleted and replaced everywhere by a
simple string.
(usb_get_string_simple): Removed.
(bulk_in): Do valgrind hack here and not just everywhere.
* misc.c (get_signature_count): New. Get the signature count from a
smartcard. (pct_expando): Call it here so the %c expando becomes the
number of signatures issued. This allows for notations or the like with
an automatic signature count.
* ccid-driver.c (usb_get_string_simple): Replacement function to work with
older libusb.
* ccid-driver.c (read_device_info): Removed.
(make_reader_id, scan_or_find_devices): New.
(ccid_open_reader): Simplified by make use of the new functions.
(ccid_set_debug_level): New. Changed the macros to make use of
it. It has turned out that it is often useful to enable debugging
at runtime so I added this option.
Print a spk record for each request subpacket. (list_keyblock_colon): Call
them here.
* g10.c (parse_subpacket_list, parse_list_options): New. Make the list of
subpackets we are going to print. (main): Call them here.
card to fetch an updated copy. Works with either straight URLs or HKP or
LDAP keyservers.
* keyserver-internal.h, keyserver.c (keyserver_import_fprint), import.c
(revocation_present): Use a keyserver_spec so the caller can pass in
whatever keyserver they like.
* configure.ac: Check for readline. Make enable-card-support the
default. New option --without-readline. Allow the use of either
the development or the stable libusb.
* cardglue.h: Add members for CA fingerprints.
* cardglue.c (agent_release_card_info): Invalid them.
(learn_status_cb): Store them.
* app-common.h, app-openpgp.c, iso7816.c, iso7816.h
* apdu.c, apdu.h, ccid-driver.c, ccid-driver.h
* card-util.c: Updated from current gnupg-1.9.
* ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New.
* ccid-driver.c (ccid_open_reader): Support the stable 0.1 version
of libusb.
(ccid_get_atr): Handle short messages.
* apdu.c (my_rapdu_get_status): Implemented.
* apdu.c: Include <signal.h>.
* apdu.c (reader_table_s): Add function pointers for the backends.
(apdu_close_reader, apdu_get_status, apdu_activate)
(send_apdu): Make use of them.
(new_reader_slot): Intialize them to NULL.
(dump_ccid_reader_status, ct_dump_reader_status): New.
(dump_pcsc_reader_status): New.
(open_ct_reader, open_pcsc_reader, open_ccid_reader)
(open_osc_reader, open_rapdu_reader): Intialize function pointers.
(ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu)
(error_string): Removed. Replaced by apdu_strerror.
(get_ccid_error_string): Removed.
(ct_activate_card): Remove the unused loop.
(reset_ct_reader): Implemented.
(ct_send_apdu): Activate the card if not yet done.
(pcsc_send_apdu): Ditto.
* ccid-driver.h: Add error codes.
* ccid-driver.c: Implement more or less proper error codes all
over the place.
* apdu.c (apdu_send_direct): New.
(get_ccid_error_string): Add some error code mappings.
(send_apdu): Pass error codes along for drivers already supporting
them.
(host_sw_string): New.
(get_ccid_error_string): Use above.
(send_apdu_ccid): Reset the reader if it has not yet been done.
(open_ccid_reader): Don't care if the ATR can't be read.
(apdu_activate_card): New.
(apdu_strerror): New.
(dump_reader_status): Only enable it with opt.VERBOSE.
* iso7816.c (map_sw): Add mappings for the new error codes.
* apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader)
(reset_ccid_reader, open_osc_reader): Call dump_reader_status only
in verbose mode.
* app-openpgp.c (do_getattr): Fix for sending CA-FPR.
* app-openpgp.c (app_openpgp_readkey): Fixed check for valid
exponent.
* app-openpgp.c (do_setattr): Sync FORCE_CHV1.
* card-util.c (change_login): Kludge to allow reading data from a
file.
(card_edit): Pass ARG_STRING to change_login.
(card_status): Print CA fingerprints.
(change_cafpr): New.
(card_edit): New command CAFPR.
* errors.h (G10ERR_NO_CARD, G10ERR_CANCELED): New error codes.
* errors.c (g10_errstr): New error codes G10ERR_NO_CARD,
G10ERR_CANCELED.
* signal.c (got_fatal_signal): Do readline cleanup. Print signal
number if we can't print the name. Use new autoconf macro
HAVE_DECL_SYS_SIGLIST.
(get_signal_name): Removed.
* ttyio.c (tty_get): Add readline support.
* parse-packet.c (skip_rest): Removed. Changed all callers to use
the new iobuf_skip_reset. Orginal patch by Florian Weimer.
* iobuf.c (iobuf_skip_rest): New. Orginal patch by Florian
Weimer. Added new argument PARTIAL.
we are taking.
* keyid.c (keystr): If printing a keyid that lacks the high 4 bytes, print
the low 4 alone. (keystr_from_desc): Handle short keyids and warn on v3
fingerprints.
* g10.c (main): New alias --throw-keyid for --throw-keyids, so that it
continues to work in old configuration files. Noted by Jens Adam.
* pkclist.c (algo_available): --pgp8 now allows blowfish, zlib, and bzip2.
* status.c (do_get_from_fd): Flush stdout if status isn't flushing it for
us. This guarantees that any menus that were displayed before the prompt
don't get stuck in a buffer. Noted by Peter Palfrader. This is Debian
bug #254072.
* sign.c (update_keysig_packet): Revert change of 2004-05-18. It is not
appropriate to strip policy and notations when remaking a sig. That
should only happen when specifically requested by the user.
uids are always on a line for themselves. Mark expired secret keys as
expired.
* options.h, g10.c (main): Rename list show-validity to show-uid-validity
as it only shows for uids.
* armor.c (armor_filter): Do not use padding to get us to 8 bytes of
header. Rather, use 2+4 as two different chunks. This avoids a fake
filename of "is".
expired user IDs. Also, once we've established that a given uid cannot or
will not be signed, don't continue to ask about each sig.
* mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check the S2K
hash algorithm before we try to generate a passphrase using it. This
prevents hitting BUG() when generating a passphrase using a hash that we
don't have.
* sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign
--symmetric messages.
continuing confusion and make room for possible changes in devel.
* parse-packet.c (parse_plaintext): Show the hex value for the literal
packet mode since it may not be printable.
* keygen.c (make_backsig): Make sure that the backsig was built
successfully before we try and use it.
* status.h, status.c (get_status_string), plaintext.c (handle_plaintext):
New status tags PLAINTEXT and PLAINTEXT_LENGTH.
which we hashed them when issuing the signature. Noted by Nicholas Cole.
* pkclist.c (do_edit_ownertrust): Fix a kbnode leak and do another
keyid-format conversion.
keyservers, and auto-key-retrieve is set, try and get a missing key from
the preferred keyserver subpacket when we verify the sig.
* gpgv.c (parse_preferred_keyserver, free_keyserver_spec): Stubs.
* keyserver.c (keyidlist): Use new parse_preferred_keyserver function.
(keyserver_work): Use the passed-in keyserver spec rather than the options
global one.
* keyserver-internal.h, keyserver.c (parse_preferred_keyserver): New
function to take a sig and return a split out keyserver_spec.
(keyserver_import_keyid): Now takes a keyserver_spec.
merge selfsigs if we have to for honor-keyserver-url. (keyserver_refresh):
Keyserver URL handler moved here. (calculate_keyid_fpr): Removed.
* keydb.h, keyid.c (keystr_from_desc): Calculate a key string from a
KEYDB_SEARCH_DESC.
keyserver to happen even if there is no global keyserver set.
* sig-check.c (do_check_messages): No need to check for Elgamal signatures
any longer. (do_check_messages, do_check, check_key_signature2):
--keyid-format conversion.
* pkclist.c (show_paths, edit_ownertrust): Remove some unused code.
* mainproc.c (check_sig_and_print): track whether we are retrieving a key.
* status.c (status_currently_allowed): New. (write_status_text,
write_status_text_and_buffer): Use it here.
* g10.c: New command --gpgconf-list. (gpgconf_list): New. From Werner on
stable branch.
Improved URI parser that keeps track of the path information and doesn't
modify the input string. (keyserver_spawn): Tell keyserver plugins about
the path.
(list_one): Use const char* for i18n string helpers.
* keygen.c (do_generate_keypair, read_parameter_file): Really
close the files.
(do_generate_keypair): Create the secret key file using safe
permissions. Noted by Atom Smasher.
preferred keyserver on "keyserver" command line. Sanity check keyserver
URL before accepting it.
* keyserver-internal.h, g10.c (main), keyserver.c (parse_keyserver_uri):
Add an option to require the scheme:// and change all callers.
(free_keyserver_spec): Make public.
show. Don't allow a not-shown notation to prevent us from issuing the
proper --status-fd message.
* options.h, g10.c (main): Add show-std/standard-notations and
show-user-notations. show-notations is both. Default is to show standard
notations only during verify. Change all callers.
using key_byname to do the heavy lifting. Note that this also fixes an
old problem when the first key on the secret keyring has an unusable stub
primary, but is still chosen.
backsigs.
* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid. If DO_BACKSIGS is not defined, fake this as
always valid.
* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.
* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.
parse_keyserver_options now returns a success code.
* keyserver.c (parse_keyserver_options): Return error on failure to parse.
Currently there is no way to fail as any unrecognized options get saved to
be sent to the keyserver plugins later. Check length of keyserver option
tokens since with =arguments we must only match the prefix.
(free_keyserver_spec): Moved code from parse_keyserver_url.
(keyserver_work, keyserver_spawn): Pass in a struct keyserver_spec rather
than using the global keyserver option. (calculate_keyid_fpr): New.
Fills in a KEYDB_SEARCH_DESC for a key. (keyidlist): New implementation
using get_pubkey_bynames rather than searching the keydb directly. If
honor-keyserver-url is set, make up a keyserver_spec and try and fetch
that key directly. Do not include it in the returned keyidlist in that
case.
requires end of line conversion. This is being considered for a UTF8 text
packet. If this doesn't take place, no major harm done. If it does take
place, we'll get a jump on starting the changeover.
* g10.c (main): --no-use-embedded-filename.
* build-packet.c (calc_plaintext, do_plaintext): Do not create illegal
(packet header indicates a size larger than the actual packet) encrypted
data packets when not compressing and using a filename longer than 255
characters.
* keyedit.c (no_primary_warning): Cleanup. (menu_expire): Don't give
primary warning for subkey expiration changes. These cannot reorder
primaries.
generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey. Do not overload the ret_sk. This is some early cleanup
to do backsigs for signing subkeys.
* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):
Keep track of the unprotected subkey secret key so we can make a backsig
with it.
* keygen.c (make_backsig): New function to add a backsig to a binding sig
of signing subkeys. Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.
* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).
* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.
and properly handle a partial match against an option with an argument.
* keyserver-internal.h, keyserver.c (parse_keyserver_options): Use new
optsep and argsplit functions.
which self-sig we actually chose.
* keyedit.c (menu_expire, menu_set_primary_uid, menu_set_preferences): Use
it here to avoid updating non-used self-sigs and possibly promoting an old
self-sig into consideration again.
keyserver.c (parse_keyserver_uri): Parse keyserver URI into a structure.
Cleanup for new "guess my keyserver" functionality, as well as refreshing
via a preferred keyserver subpacket.
functions in log_debug.
* import.c (import_one): Try and collapse user IDs when importing a key
for the first time.
* keyedit.c (menu_addrevoker): Allow appointing a subkey as a designated
revoker if the user forces it via keyid!, so long as the subkey can
certify. Also use the proper date string when prompting for confirmation.
* g10.c (main): Maintain ordering of multiple Comment lines. Requested by
Peter Hyman.
and a little better text. (import_one, import_secret_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, merge_blocks): Still
more --keyid-format conversions.
conversion. (list_keyblock_print): 0xshort should not push us into the new
list format since it is not much longer than regular 8-character short
keyids.
a key string from a key in one step. This isn't faster than before, but
makes for neater code.
* keylist.c (list_keyblock_print): Use keystr_from_xx here.
(print_key_data): No need to pass a keyid in.
support their pk algorithm. This allows for early (during get_*)
rejection of a subkey, and selection of another.
* passphrase.c (passphrase_to_dek): Give a little more information when we
have room to do so.
(passphrase_to_dek), keyserver.c (print_keyrec): A few more places to use
--keyid-format.
* options.h, g10.c (main), export.c (parse_export_options,
do_export_stream): Remove --export-all and the "include-non-rfc"
export-option as they are no longer meaningful with the removal of v3
Elgamal keys.
length mode and change all callers. (do_plaintext): Turn off partial
length encoding now that we're done writing the packet. (do_comment,
do_user_id): Try for a headerlen of 2 since that's the smallest and most
likely encoding for these packets.
* parse-packet.c (parse): Remove call to start old gpg partial length
mode.
replace the list-option (and eventually verify-option) show-long-keyids.
The format can be short, long, 0xshort, and 0xlong.
* keydb.h, keyid.c (keystr, keystrlen): New functions to generate a
printable keyid.
* keyedit.c (print_and_check_one_sig, show_key_with_all_names), keylist.c
(list_keyblock_print): Use new keystr() function here to print keyids.
(copy_packet, skip_packet, skip_rest, read_rest, parse_plaintext,
parse_encrypted, parse_gpg_control): Use a flag to indicate partial or
indeterminate encoding. This is the first step in some minor surgery to
remove the old gpg partial length encoding.
present if --expert is set.
* plaintext.c (handle_plaintext): Make bytecount static so it works with
multiple literal packets inside a message.
* encode.c, helptext.c (keygen.algo, keygen.algo.elg_se), keygen.c
(ask_algo), sig-check.c (do_check_messages), skclist.c (build_sk_list):
Rename "ElGamal" to "Elgamal" as that is the proper spelling nowadays.
Suggested by Jon Callas.
* encode.c (encode_simple): Show cipher with --verbose.
* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level. If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
header lines, and include "sig:" records for the benefit of people who
store their keys in LDAP servers. It makes it easy to do queries for
things like "all keys signed by Isabella".
* Makefile.am: We get mkdtemp.c from libutil.a now, so don't link with
@LIBOBJS@.
* keyserver.c (keyserver_spawn): Pass the scheme to the keyserver helper.
along with a zero length, interpret this as an actual zero length packet
and not as an indeterminate length packet. (do_comment, do_user_id): Use
it here as these packets might be naturally zero length.
* parse-packet.c (parse): Show packet type when failing due to an
indeterminate length packet.
* misc.c (parse_options): Only provide args for the true (i.e. not
"no-xxx") form of options.
* main.h, misc.c (parse_options), export.c (parse_export_options),
import.c (parse_import_options), g10.c (main): Use it here to allow for
options with optional arguments. Change all callers.
key to ensure that it does not advertise any that we cannot fulfill. Use
the keyedit command list function to optionally rewrite the prefs.
(import_one, import_secret_one): Use it here when importing a public key
that we have the secret half of, or when importing a secret key that we
have the public half of.
general command list functionality to replace it.
* g10.c (main): Use the general command functionality to implement
--sign-key, --lsign-key, --nrsign-key, and --nrlsign-key.
key, a revocation key set in a direct key signature, and a revocation from
that revocation key, all arrive piecemeal. Needless to say, this is pretty
obscure.
public subkeys.
* keylist.c (list_keyblock_print), keyedit.c (show_key_with_all_names):
Show the revocation date of a key/subkey, and general formatting work.
* packet.h, getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
merge_selfsigs): Keep track of the revocation date of a key.
* keydb.h, keyid.c (revokestr_from_pk): New function to print the
revocation date of a key.
runtime as it properly handles algorithms disabled at build or run time.
* getkey.c (merge_selfsigs_main): Properly handle expired user IDs when
the expired self-sig is not the only self-sig.
* misc.c (compress_algo_to_string): Return NULL on failure like all of the
other xxxx_algo_to_string() functions.
* mainproc.c (list_node): Minor spacing tweak to match --list-keys output.
* keylist.c (list_keyblock_print), mainproc.c (list_node): Mark revoked
subkeys as revoked. Requested by Matthew Wilcox. Revoked overrides
expiration when both apply.
* keyedit.c (show_prefs): Use compress algo constants.
(show_basic_key_info): Make revoked and expired tags translatable.
* g10.c (rm_group): Properly ungroup from a list of groups.
group. (add_group): When adding a group with the same name as an already
existing group, merge the two groups. (list_config): Show an error message
when listing a config item that doesn't exist. (main): Replace -z0 trick
for no compression.
* packet.h, keyedit.c (show_key_with_all_names_colon), keylist.c
(list_keyblock_colon), mainproc.c (list_node, proc_tree): Minor cleanup to
remove local_id, which is no longer used.
PK_UID_CACHE_SIZE (set in ./configure).
* getkey.c (get_pubkey): When reading key data into the cache, properly
handle keys that are partially (pk, no UIDs) cached already. This is
Debian bug #176425 and #229549.
* compress.c (init_compress, push_compress_filter2): Do the right thing
(i.e. nothing) with compress algo 0.
* main.h, decrypt.c (decrypt_messages): Accept filenames to decrypt on
stdin. This is bug #253.
* options.h, g10.c (set_screen_dimensions): New function to look at
COLUMNS and LINES.
* keyserver.c (parse_keyrec, keyserver_search_prompt), keyedit.c
(print_and_check_one_sig): Use new screen dimension variables.
Currently requires --with-colons. (collapse_args): New function to turn
argc/argv into a single string. (main): Use it here to pass list_config()
more than one argument as a single string. (print_algo_numbers): Helper to
print algorithm number for --list-config "pubkey", "cipher",
"hash"/"digest", and "compress" config options.
keyring.c (keyring_rebuild_cache): Add "noisy" flag so cache rebuilds can
remain noisy when called for itself, and quiet when called as part of the
trustdb rebuild.
* trustdb.c (validate_keys): Rebuild the sig caches before building the
trustdb. Note that this is going to require some architectual
re-thinking, as it is agonizingly slow.
* keyring.c (keyring_rebuild_cache): Clear sig cache for any signatures
that we can no longer process (say, if the user removed support for a
necessary pubkey or digest algorithm).
* sig-check.c (check_revocation_keys): Comments.
* getkey.c (merge_selfsigs_main): Don't bother to check designated revoker
sigs if the key is already revoked.
* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on
PKs. It is set when there is a revocation signature from a valid
revocation key, but the revocation key is not present to verify the
signature.
* pkclist.c (check_signatures_trust): Use it here to give a warning when
showing key trust.
* compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 library
and we can at least guarantee that it won't fail because of the lack of
stdio.h.
* tdbio.c: Fixed format string bugs related to the use of DB_NAME.
Reported by Florian Weimer.
parse_keyserver_uri): honor-http-proxy is no longer an option since we can
do the same thing with http-proxy with no arguments. Also remove
broken-http-proxy since it can be better handled in the HTTP helper.
(parse_keyserver_options): Use them here to allow arguments to
keyserver-options. Since none of our options need arguments yet, just
pass them through whole to the keyserver helper.
the messages about which option didn't match or matched ambiguously.
Change all callers (g10.c, keyserver.c).
* main.h, import.c (import_options), export.c (export_options): Pass the
noisy flag through.
here... (signature_check2): ... to here. (check_key_signature2): ... and
here. This is a minor optimization to avoid fetching a key (which can be
expensive, especially if it is not self-signed, and there are many key
signatures on it which need to be checked for ultimate trust) if the
signature would have failed anyway because of algorithm or hash problems.
* keydb.h, keyid.c (hash_public_key, do_fingerprint_md): ... and make a
new one here that shares code with the fingerprint calculations. This
removes some duplicated functionality, and is also around 14% faster.
(Every bit helps).
* import.c (import_one): No longer need the Elgamal import warning.
* getkey.c (get_pubkey_fast): This one is sort of obscure. get_pubkey_fast
returns the primary key when requesting a subkey, so if a user has a key
signed by a subkey (we don't do this, but used to), AND that key is not
self-signed, AND the algorithm of the subkey in question is not present in
GnuPG, AND the algorithm of the primary key that owns the subkey in
question is present in GnuPG, then we will try and verify the subkey
signature using the primary key algorithm and hit a BUG(). The fix is to
not return a hit if the keyid is not the primary. All other users of
get_pubkey_fast already expect a primary only.
don't know the structure of by using the opaque MPI.
(do_fingerprint_md_sk): We cannot calculate the fingerprint from a secret
key unless we know the structure (since we can't leave off the secret key
parts), so fail early..... (keyid_from_sk, fingerprint_from_sk): .... and
return all zeroes.
encode_md_value), sig-check.c (do_check), sign.c (do_sign): Remove
--emulate-md-encode-bug as it only applied to Elgamal signatures, which
are going away.
--override-session-key on --symmetric messages (new-style or old-style).
(proc_pubkey_enc): Move code to show session key from here to
proc_encrypted() so it can work with any type of message. Suggested by
Michael Young.
any ultimately trusted keys. This ensures that if we lose all our
ultimately trusted keys, we don't leave behind the old validity
calculations. Noted by Peter Palfrader.
* revoke.c (gen_desig_revoke): Specify in the comment when a designated
revocation is generated.
* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
get_seckey_byname2): Remove Elgamal check since we are removing type 20
keys altogether.
* misc.c (compress_algo_to_string): Translate "Uncompressed". Requested by
Tommi Vainikainen. (string_to_compress_algo): Include multi-string for
"uncompressed|none".
"external" trust model, where the user can provide a pregenerated trustdb.
* keyedit.c (keyedit_menu): Do not allow editing ownertrust with an
external trust model trustdb.
* main.h, encode.c (setup_symkey): New. Prompt for a passphrase and
create a DEK for symmetric encryption. (write_symkey_enc): New. Write out
symmetrically encrypted session keys. (encode_crypt, encrypt_filter): Use
them here here when creating a message that can be decrypted with a
passphrase or a pk.
* sign.c (sign_file): Call setup_symkey if we are doing a --symmetric
--sign --encrypt.
--quiet is set. Suggested by Duncan Harris. Also don't fail with BUG()
when processing a --symmetric message with a cipher we don't have.
* g10.c: Alias --personal-xxx-prefs to --personal-xxx-preferences.
list of ultimately trusted keys.
* keygen.c (do_generate_keypair): Use it here so that the ultimate
ownertrust happens before the trustdb (might be) rebuilt. Also fix an
error where the newly generated pk is thought to be a subkey by the
trustdb.
* g10.c (main): Fix --export-all do actually do something different than
--export.
* pkclist.c (build_pk_list): Show all recipients rather than showing each
recipient as they are added.
* mainproc.c (proc_symkey_enc, proc_encrypted): Keep a count of the number
of passphrases that can decrypt a symmetric or mixed symmetric/pk message
and include it in the list of keys shown to the user.
check_compress_algo): Add bzip2.
* compress.c (compress_filter): Make static to help force the use of
push_compress_filter. Remove default algorithm setting since that is done
in push_compress_filter now.
* main.h: Use named algorithm.
* filter.h, compress.c (push_compress_filter, push_compress_filter2): New.
Figure out which is the appropriate compression filter to use, and push it
into place.
* compress.c (handle_compressed), encode.c (encode_simple, encode_crypt),
sign.c (sign_file, sign_symencrypt_file), import.c (read_block), export.c
(do_export): Use push_compress_filter instead of pushing the compression
filter ourselves.
* compress-bz2.c: New. Bzlib versions of the compression filter routines.
* Makefile.am: Include compress-bz2.c if bz2lib is available.
* keylist.c (list_keyblock_print): Denote secrets keys stored on a
card with an '>'. Print the '#' also for subkeys.
(list_keyblock_colon): Introduce new field 15 for sec/ssb to print
the serial number.
message that can be decrypted via a passphrase or public key system.
* main.h, encode.c (encode_seskey): Allow passing in an already-created
session key dek. (encode_simple): Use the actual symmetric cipher when
encrypting a session key for a symmetric message. (encode_crypt): Add a
flag to trigger a hybrid mode that can be decrypted via a passphrase or a
pk. Change all callers.
* mainproc.c (symkey_decrypt_sesskey): There is no way to tell the
difference here between a bad passphrase and a cipher algorithm that we
don't have, so use a error message that makes that clear. Use the actual
list of ciphers when checking whether a cipher is invalid. Return error
if the decrypted cipher algorithm is invalid. (proc_symkey_enc): In a
mixed passphrase/pk message, if a valid dek already exists from decrypting
via pk, do not try to process the passphrase. (proc_symkey_enc): Indicate
when we're decrypting a session key as opposed to decrypting data. If a
passphrase is invalid, discard the dek so we'll keep trying.
Changed all callers.
* cardglue.c (pin_cb): Use it here, so the machine interface can
tell whether the Admin PIN is requested.
* cardglue.c (agent_scd_checkpin): New.
* misc.c (openpgp_pk_algo_usage): Added AUTH usage.
* app-openpgp.c (check_against_given_fingerprint): New. Factored
out that code elsewhere.
(do_check_pin): New.
* card-util.c (card_edit): New command "passwd". Add logic to
check the PIN in advance.
(card_status): Add new args to return the serial number. Changed
all callers.
requested.
(genkey_status_cb): New.
(agent_scd_genkey): Implemented.
* keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare
parameters for on card key generation. Changed all callers.
(do_generate_keypair): Add new arg card and merged casrd specific
changes from 1.9.
(proc_parameter_file): New arg card, apss it down to
do_generate_keypair and changed all callers.
(gen_card_key): New.
* g10.c: Include cardclue.h.
(main): s/app_set_default_reader_port/card_set_reader_port/.
* cardglue.c (card_set_reader_port): New to address include file
issues.
so that it can be used by getattr to update the structure.
(agent_scd_getattr): New.
* keylist.c (print_pubkey_info): Add FP arg for optional printing
to a stream. Changed all callers.
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically
encrypted session key. Use --s2k-cipher-algo to choose cipher, rather
than the default cipher.
* parse-packet.c (parse_subkeyenc): Give a warning if an symmetrically
encrypted session key is seen without salt. Show in --list-packets if a
symetrically encrypted session key is present.
* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless
--quiet is set. Use text name of cipher in warning.
* trustdb.c (get_validity): Move the up-to-date check to
check_trustdb_stale (new), so that it can be called before validity is
checked.
* keylist.c (list_keyblock_print): Disable the overall key validity
display until it can be thought about more. Use check_trustdb_stale here
to avoid putting the check warning in the middle of a listed key.
* trustdb.c (init_trustdb): Only verify_own_keys() for those trust models
that it applies to (i.e. classic and OpenPGP).
--change-pin. New options --ctapi-driver, --pcsc-driver and
--disable-ccid
* options.h (DBG_CARD_IO): New.
* cardglue.c, cardclue.h: Enhanced.
* card-util.c: New. Taken from current the gnupg 1.9 branch.
* app-common.h, app-openpgp.c, iso7816.c, iso7816.h, apdu.c
* apdu.h, ccid-driver.c, ccid-driver.h: New. Takem from the current
gnupg 1.9 branch withy minor changes to include directives.
* Makefile.am: Added these files.
default and tehre is not yet much more than a new configure option.
* configure.ac (LIBUSB_LIBS,HAVE_LIBUSB): Check for Libusb.
(--enable-card-support): New.
* sign.c (do_sign) [ENABLE_CARD_SUPPORT]: Divert to card.
* cardglue.c, cardglue.h: New.
* Makefile.am (gpg_LDADD): Added.
(card_support_sources): New.
* memory.h (xmalloc): Define xmalloc macros in terms of m_alloc.
* trustdb.c (validate_keys): Give a little more information while
rebuilding trustdb.
* pkclist.c (do_edit_ownertrust): Clarify "don't know".
* g10.c (main): Default to --no-mangle-dos-filenames.