1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

1138 Commits

Author SHA1 Message Date
Werner Koch
9b7f1f6976 exported subkeys are now merged into one output keyblock 2005-10-17 17:21:15 +00:00
David Shaw
6c4e740a59 * keyedit.c (keyedit_menu, menu_backsign): New "backsign" command to
add 0x19 backsigs to old keys that don't have them.

* misc.c (parse_options): Fix build warning.

* main.h, keygen.c (make_backsig): Make public.
2005-10-14 04:07:13 +00:00
David Shaw
094a7ab401 * options.h, getkey.c (merge_selfsigs_subkey), gpg.c (main), sig-check.c
(signature_check2): Add --require-backsigs and --no-require-backsigs.  
Currently defaults to --no-require-backsigs.
2005-10-12 20:44:24 +00:00
David Shaw
47433adaa5 * getkey.c (merge_selfsigs_subkey), sig-check.c (signature_check2),
keygen.c (make_backsig): Did some backsig interop testing with the PGP
folks.  All is well, so I'm turning generation of backsigs on for new
keys.  Checking for backsigs on verification is still off.
2005-10-11 22:13:49 +00:00
Werner Koch
02aefe3866 Yet another fix for the gpg.c rename 2005-10-06 10:38:23 +00:00
Werner Koch
3470697e72 Fixes for the g10.c -> gpg.c renamed 2005-10-05 18:22:36 +00:00
Werner Koch
bd1df0119c Renamed g10.c to gpg.c
Filelength fixes for W32.
2005-10-05 16:58:50 +00:00
Werner Koch
d0b9ff171d * mainproc.c (proc_symkey_enc): Take care of a canceled passphrase
prompt.
2005-09-20 08:19:50 +00:00
David Shaw
8e17d6437d * keylist.c (reorder_keyblock, do_reorder_keyblock): Reorder attribute
IDs as well as regular text IDs.

* plaintext.c (ask_for_detached_datafile): Use make_filename() on
filename so tilde expansion works.
2005-09-20 03:34:32 +00:00
David Shaw
4afa18bcaa * main.h, misc.c (parse_options): Add the ability to have help
strings in xxx-options commands.

* keyserver.c (keyserver_opts), import.c (parse_import_options),
export.c (parse_export_options), g10.c (parse_list_options, main):
Add help strings to xxx-options.
2005-09-14 22:31:21 +00:00
David Shaw
65566b5633 * keyedit.c (show_names): Moved name display code out from
show_key_with_all_names.  (keyedit_menu): Call it here for pref and
showpref so they can show only the selected user ID.  Suggested by
Timo Schulz.
2005-09-10 16:50:41 +00:00
Werner Koch
b4b9f891e2 Updated card stuff to support T=0 cards. 2005-09-07 17:05:42 +00:00
Werner Koch
9a2a2904cc Add "help" sub option to --*-options. 2005-09-07 15:53:03 +00:00
David Shaw
039c27f153 * parse-packet.c (enum_sig_subpkt, parse_signature,
parse_attribute_subpkts): Make a number of warnings verbose items.
These fire on many slightly mangled keys in the field, so the
warning is becoming burdensome.
2005-09-02 19:23:33 +00:00
David Shaw
be8543812d * photoid.h, photoid.c (generate_photo_id): Allow passing in a
suggested filename.

* keyedit.c (keyedit_menu, menu_adduid): Call it here so "addphoto
filename" works.
2005-09-01 20:51:13 +00:00
David Shaw
187eaf0665 * photoid.c (generate_photo_id): Enable readline completion and tilde
expansion for the JPEG prompt.
2005-08-31 18:40:39 +00:00
David Shaw
f74282bee0 * misc.c (openpgp_pk_algo_usage): Default to allowing CERT for signing
algorithms.

* keyedit.c (sign_uids): Don't request a signing key to make a
certification.

* keygen.c (do_add_key_flags): Force the certify flag on for all
primary keys, as the spec requires primary keys must be able to
certify (if nothing else, which key is going to issue the user ID
signature?)  (print_key_flags): Show certify flag.  (ask_key_flags,
ask_algo): Don't allow setting the C flag for subkeys.
	
* keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): Distinguish
between a sign/certify key and a certify-only key.
2005-08-27 03:09:40 +00:00
David Shaw
752d64bffc * keyedit.c (ask_revoke_sig): Add a revsig --with-colons mode.
Suggested by Michael Schierl.
2005-08-27 02:56:51 +00:00
David Shaw
24adfe678d * Makefile.am: No need to link with curl any longer.
* main.h, misc.c (path_access): New.  Same as access() but does a PATH
search like execlp.

* keyserver.c (curl_can_handle): Removed.  Replaced by...
(curl_cant_handle): We are now relying on curl as the handler of last
resort.  This is necessary because PGP LDAP and curl LDAP are apples
and oranges.  (keyserver_typemap): Only test for ldap and ldaps.
(keyserver_spawn): If a given handler is unusable (as determined by
path_access()) then try gpgkeys_curl.
2005-08-21 20:58:46 +00:00
David Shaw
2e8c02b54b * exec.h, exec.c (make_tempdir, expand_args, exec_write, exec_read):
Minor cleanup to use bitfield flags instead of a bunch of integers.
2005-08-21 14:20:27 +00:00
David Shaw
5cb51422f9 * g10.c (main): Add aliases sign-with->local-user and user->recipient
to make switching from PGP command line to GPG easier.
2005-08-20 19:38:45 +00:00
David Shaw
bd146d5fcc * options.skel: Remove the surfnet LDAP keyserver from the list of
samples since it is being shut down.

* getkey.c (classify_user_id): Disable the '.' and '+' search modes
since they aren't supported yet.
2005-08-19 13:37:47 +00:00
David Shaw
9536012034 Missed keydb.h entry for set_passphrase_from_string 2005-08-06 21:17:11 +00:00
David Shaw
82bee9c68a * g10.c (main), passphrase.c (set_passphrase_from_string): New
--passphrase command line option.  Only useful in very special
circumstances.
2005-08-05 19:54:06 +00:00
Werner Koch
2ce542ad52 auto retrieve keys from PKA. Thsi allows to specify an email address
so that gpg can get the key from DNS.  This helps with opportunistic
encryption.  No integration with the trust modell yet.
2005-08-05 14:46:59 +00:00
David Shaw
533bc3e813 * keygen.c (proc_parameter_file): Sanity check items in keygen batch
file.  Noted by Michael Schierl.
2005-08-05 03:30:13 +00:00
David Shaw
c765d1ee0c * pkclist.c (do_edit_ownertrust): Don't allow ownertrust level 0.
Noted by Michael Schierl.
2005-08-05 02:03:12 +00:00
David Shaw
a4563ecd19 * keygen.c (write_keyblock): Don't try and build deleted kbnodes since
we start our tree with one.
2005-08-04 21:41:11 +00:00
David Shaw
5ce7563171 Revert bad patch. 2005-08-04 21:39:43 +00:00
David Shaw
bf4728992f * keygen.c (start_tree): Need to use an actual packet type (which we
can then delete) to start the tree.
2005-08-04 20:48:13 +00:00
Werner Koch
cd4c621017 Fixes pertaining to revocation creation with subkey-only exported card keys 2005-08-04 09:53:21 +00:00
Werner Koch
986a137c58 Implemented PKA trust model 2005-07-28 18:59:36 +00:00
Werner Koch
a1cdf3c75f Converted all m_free to xfree etc. 2005-07-27 18:10:56 +00:00
David Shaw
efea9c3ce1 * keyserver.c (keyserver_typemap): Special-case LDAP since curl will
report that it can handle it, and we don't want it to.
2005-07-27 01:24:57 +00:00
Werner Koch
a7ea40e4f8 * passphrase.c (agent_get_passphrase): Make sure to release the
saved codeset.
(agent_open): Add arg ORIG_CODESET and switch back to it in case
of error.  Changed all callers.

* zh_TW.po, fr.po, cs.po: Updated.
2005-07-26 19:08:11 +00:00
Werner Koch
862652ebe1 Preparing a release 2005-07-26 15:41:04 +00:00
David Shaw
99c80f8c39 * keyedit.c (sign_uids): Don't prompt for setting signature expiry to
match key expiry unless --ask-cert-expire is set.  Suggested by Peter
Palfrader.
2005-07-22 16:42:48 +00:00
Werner Koch
a486501c0b * gpg.sgml (http):
* g10.c, options.h: New option --exit-on-status-write-error.
* status.c (write_status_text): Make use of this option.
2005-07-22 16:28:40 +00:00
David Shaw
04b9cec18f * options.h, g10.c (main), keyedit.c (keyedit_menu): Use --interactive
to enable the uid walking when signing a key with no uids specified to
sign.

* keylist.c (list_keyblock_print): Fix silly typo.  Noted by Greg
Sabino Mullane.
2005-07-22 12:52:34 +00:00
David Shaw
a918d63fd5 * keyserver.c (curl_can_handle): New. Do a runtime check against libcurl
to see if it can handle a particular protocol. (keyserver_typemap): Call
it here.

* Makefile.am: Pull in libcurl for curl_version_info() if used.
2005-07-20 21:15:04 +00:00
Werner Koch
a0b4f40301 * g10.c, options.h: New option --limit-card-insert-tries.
* cardglue.c (open_card): Use it.
2005-07-19 12:14:39 +00:00
Werner Koch
730247b19e * configure.ac [W32]: Always set DISABLE_KEYSERVER_PATH.
* export.c (parse_export_options): New option
export-reset-subkey-passwd.
(do_export_stream): Implement it.

* misc.c (get_libexecdir): New.
* keyserver.c (keyserver_spawn): Use it
2005-07-19 08:50:28 +00:00
Werner Koch
6dc5a11997 * tdbio.c (open_db): Check for EROFS. Suggested by Bryce Nichols.
* ttyio.c (do_get): Move printing of the prompt after disabling
echo.  Suggested by Scott Worley.
2005-07-18 17:58:25 +00:00
David Shaw
8238e7698b * trustdb.c (clean_uids_from_key): Don't keep a valid selfsig around
when compacting a uid.  There is no reason to make an attacker's job
easier - this way they only have a revocation which is useless in
bringing the uid back.

* keydb.h, kbnode.c (undelete_kbnode): Removed.  No longer needed.

* import.c (chk_self_sigs): Allow a uid revocation to be enough to
allow importing a particular uid (no self sig needed).  This allows
importing compacted uids.
2005-07-09 02:34:04 +00:00
David Shaw
c66eeec3c6 * keygen.c (save_unprotected_key_to_card): Better fix for gcc4 warning. 2005-06-20 17:32:09 +00:00
Werner Koch
2d2e2e74b8 * gpg.sgml: Document smartcard related options.
* g10.c, options.h: New option --no-interactive-selection.
* keyedit.c (keyedit_menu): Use it.
2005-06-20 17:03:27 +00:00
Werner Koch
059d159657 (parse_signature): Use log_info for messages
about missing timestamp or keyid.  In case we don't use that key
there won't be no further error and thus gpg does not need to
return with an error.
2005-06-18 11:49:50 +00:00
David Shaw
07e9d532b1 * keygen.c (save_unprotected_key_to_card): Fix gcc4 warning.
* options.h, import.c (parse_import_options, import_one): Add
import-clean-uids option to automatically compact unusable uids when
importing.  Like import-clean-sigs, this may nodify the local keyring.

* trustdb.c (clean_uids_from_key): Only allow selfsigs to be a
candidate for re-inclusion.
2005-06-14 03:55:19 +00:00
David Shaw
f3c4b07d05 * options.h, import.c (parse_import_options, clean_sigs_from_all_uids,
import_one): Add import-clean-sigs option to automatically clean a key
when importing.  Note that when importing a key that is already on the
local keyring, the clean applies to the merged key - i.e. existing
superceded or invalid signatures are removed.
2005-06-12 21:17:46 +00:00
David Shaw
6e9b751b79 * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Make sure
that even after keys may be merged together, we only have one chosen
selfsig.
2005-06-12 20:42:04 +00:00
David Shaw
1594883f2f * options.h, import.c (parse_import_options, delete_inv_parts):
import-unusable-sigs is now a noop.
2005-06-10 03:15:25 +00:00
David Shaw
045433e35c * options.h, export.c (do_export_stream), keyedit.c (keyedit_menu,
menu_clean_subkeys_from_key), trustdb.h, trustdb.c
(clean_subkeys_from_key): Remove subkey cleaning function.  It is of
very limited usefulness since it cannot be used on any subkey that can
sign, and can only affect multiple selfsigs on encryption-only
subkeys.
2005-06-10 03:00:57 +00:00
David Shaw
31522bac1d * keydb.h, kbnode.c (undelete_kbnode): New function to undelete a
kbnode.

* trustdb.c (clean_uids_from_key): Further tweak the algorithm so that
the last good selfsig is kept when the chosen selfsig is a revocation.
2005-06-10 02:52:41 +00:00
David Shaw
475107dff3 * trustdb.c (clean_uids_from_key), keyedit.c
(menu_clean_uids_from_key): Tweak algorithm to preserve the last
selfsig which helps prevent uid resurrections.
2005-06-09 02:53:18 +00:00
David Shaw
1b07e3723e * getkey.c (fixup_uidnode, merge_selfsigs_main): Handle both expired
and revoked uids in fixup_uidnode().  No need to special case in
merge_selfsigs_main().  This also means that an expired uid will have
its selfsig tagged with chosen_selfsig.
2005-06-08 13:12:57 +00:00
David Shaw
2c9948c00a * options.h, g10.c (main), export.c (parse_export_options,
do_export_stream): Add export-options export-clean-sigs,
export-clean-uids, export-clean-subkeys, and export-clean which is all
of the above.  Export-minimal is the same except it also removes all
non-selfsigs.  export-unusable-sigs is now a noop.
2005-06-08 03:31:48 +00:00
David Shaw
7bf9354bf6 * signal.c [HAVE_DOSISH_SYSTEM]: Fix unused function warnings on mingw32.
Noted by Joe Vender.

* passphrase.c [_WIN32]: Remove unused variables.
2005-06-01 19:13:05 +00:00
David Shaw
db8adc2880 * keyedit.c (menu_clean_uids_from_key, menu_clean_subkeys_from_key),
trustdb.c (clean_uids_from_key, clean_subkeys_from_key): Fix mingw32 build
warnings.  Noted by Joe Vender.
2005-05-31 19:12:10 +00:00
Werner Koch
a6a93ac540 * keydb.h [!ENABLE_AGENT_SUPPORT]: Define dummy types.
* cardglue.c (assuan_strerror, assuan_transact): Dummy functions
        if not build with agent support.

	* zh_TW.po, zh_CN.po, es.po, ro.po: Updated.

        * tr.po: Updated from TP.  Note: this is an exception in general
        translations from the Robot are not anymore accepted.

        * regcomp.c (MB_CUR_MAX) [_WIN32]: Define it only if not defined.
2005-05-31 10:11:01 +00:00
Werner Koch
7d4043ca57 Updated FSF street address and preparations for a release candidate. 2005-05-31 08:39:18 +00:00
David Shaw
0a9827ca07 * trustdb.h, trustdb.c (clean_subkeys_from_key): New. Walk through
the subkeys on a key, and mark any that aren't usable for deletion.
Note that a signing subkey is never marked for deletion since these
keys are still useful after expiration or revocation.

* keyedit.c (menu_clean_subkeys_from_key): New function to call
clean_subkeys_from_key() on a key.  Note that the strings here are not
marked for translation yet.  The UI is still in flux, and there is no
point in annoying the translators twice.  (keyedit_menu): Call it here
as part of the "clean" command.
2005-05-31 03:59:24 +00:00
David Shaw
acac94aa90 * trustdb.h, trustdb.c (clean_uids_from_key): New. Walk through the
user IDs on a key, and mark any that aren't valid for deletion.

* keyedit.c (menu_clean_uids_from_key): New function to call
clean_uids_from_key() on a key.  (keyedit_menu): Call it from here as
part of the "clean" command.
2005-05-30 03:43:30 +00:00
David Shaw
0bad13cdf4 * g10.c (main): Default {export|import}-unusable-sigs to off until the
"clean" UI can be finished.
2005-05-27 03:00:26 +00:00
Werner Koch
d0f5655d19 * passphrase.c (ask_passphrase): Unescape the description string.
* cardglue.c (unescape_status_string): Removed.  Changed all
caller to use ...
* misc.c (unescape_percent_string): New.
2005-05-24 12:39:42 +00:00
Werner Koch
2ab2a874a0 (add_notation_data): Check number of at-signs. 2005-05-24 09:15:01 +00:00
Werner Koch
d8bd3a3826 (add_notation_data): Check number of at-signs. 2005-05-24 09:14:31 +00:00
Werner Koch
2f63b5299c * app-openpgp.c, app-common.h: Again updated from gnupg 1.9 CVS.
* cardglue.c (open_card): Check USE_AGENT.
(agent_scd_checkpin): Implemented Assuan part.
(agent_scd_change_pin): Ditto.
2005-05-23 20:16:21 +00:00
Werner Koch
75675331f1 * cardglue.c (open_card): Check USE_AGENT.
* g10.c (main): Option --debug-ccid-driver may now be given
several times increase the debug level.

* ccid-driver.c (parse_ccid_descriptor): Mark SCR335 FW version
5.14 as good.
(do_close_reader): Never do a reset. The caller should instead
make sure that the reader has been closed properly.  The new retry
code in ccid_slot_status will make sure that the readersatrts up
fine even if the last process didn't closed the USB connection
properly.
(ccid_get_atr): For certain readers try switching to ISO mode.
Thanks to Ludovic Rousseau for this hint and the magic numbers.
(print_command_failed): New.
(bulk_in): Use it here. Add new arg NO_DEBUG.
(ccid_slot_status): Disabled debugging.
2005-05-23 14:38:05 +00:00
Werner Koch
be2aa37dbf * cardglue.c (send_status_info): Make CTRL optional.
(agent_scd_writekey, inq_writekey_parms): New.
(agent_openpgp_storekey): Removed.
* cardglue.h: Add a few more error code mappings.
* keygen.c (copy_mpi): Removed.
(save_unprotected_key_to_card): Changed to use agent_scd_writekey.
* app-common.h, app-openpgp.c, tlv.c, tlv.h: Updated from newer
version in gnupg 1.9 CVS.
2005-05-21 14:04:32 +00:00
Werner Koch
bd644c8d45 (ccid_transceive): Arghhh. The seqno is another
bit in the R-block than in the I block, this was wrong at one
place. Fixes bug #419 and hopefully several others.
2005-05-20 20:37:08 +00:00
David Shaw
c5fa20dba3 * build-packet.c (do_comment): Removed. (build_packet): Ignore
comment packets.

* export.c (do_export_stream): Don't export comment packets any
longer.

* options.h, g10.c (main): Remove --sk-comments and --no-sk-comments
options, and replace with no-op.
2005-05-14 02:38:31 +00:00
David Shaw
e81d88b265 * keygen.c (write_selfsigs): Rename from write_selfsig. Write the same
selfsig into both the pk and sk, so that someone importing their sk (which
will get an autoconvert to the pk) won't end up with two selfsigs.
(do_generate_keypair): Call it from here.

* parse-packet.c (can_handle_critical_notation): New.  Check for
particular notation tags that we will accept when critical. Currently,
that's only preferred-email-encoding@pgp.com, since we know how to handle
it (pass it through to a mail program). (can_handle_critical): Call it
from here. (parse_one_sig_subpkt): Sanity check that notations are
well-formed in that the internal lengths add up to the size of the
subpacket.
2005-05-11 19:31:53 +00:00
Werner Koch
0ab01480ed (do_close_reader): Don't do a reset before close.
Some folks reported that it makes the SCR335 hang less often.
Look at the source on how to re-enable it.
2005-05-07 15:22:01 +00:00
David Shaw
89c844bd3a * main.h, keygen.c (parse_expire_string, ask_expire_interval), sign.c
(sign_file, clearsign_file, sign_symencrypt_file), g10.c (main), keyedit.c
(sign_uids): Use seconds rather than days internally to calculate
expiration.  We no longer need the day-based code as we don't generate v3
keys.
2005-05-06 19:25:19 +00:00
David Shaw
10f51e0714 * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Use the
default sig expire value when signing in batchmode.
2005-05-06 13:03:22 +00:00
David Shaw
89055cca85 * Makefile.am, packet.h, main.h, comment.c: Remove comment.c. We don't
use any of these functions any longer.
2005-05-05 22:32:52 +00:00
David Shaw
da0c60a987 * keygen.c (start_tree): New function to "prime" a KBNODE list.
(do_generate_keypair): Use it here rather than creating and deleting a
comment packet.

* keygen.c (gen_elg, gen_dsa): Do not put public factors in secret key as
a comment.

* options.h, encode.c (encode_simple, encode_crypt), keygen.c (do_create):
Remove disabled comment packet code.
2005-05-05 22:08:37 +00:00
David Shaw
08bd93f7dc * keygen.c (keygen_set_std_prefs): Add SHA256 and BZip2 to default
preferences.
2005-05-05 21:18:47 +00:00
David Shaw
c71639cfff * options.h, g10.c (main): Add new --default-sig-expire and
--default-cert-expire options.  Suggested by Florian Weimer.

* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.

* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
2005-05-05 19:21:40 +00:00
Werner Koch
6639bbf699 * passphrase.c (agent_get_passphrase): Add new arg CACHEID.
Changed all callers.
(ask_passphrase): Add new arg CACHEID and use it in agent mode.
Changed all callers.
(passphrase_clear_cache): New arg CACHEID.  Changed all callers.
* cardglue.c (format_cacheid): New.
(pin_cb): Compute a cache ID.
(agent_scd_pksign, agent_scd_pkdecrypt): Use it.
(agent_clear_pin_cache): New.
* card-util.c (change_pin): Clear the PIN cache.
(check_pin_for_key_operation): Ditto.
2005-05-03 22:27:07 +00:00
David Shaw
f02fe1dafb * trustdb.h, trustdb.c (mark_usable_uid_certs): Add flags for the
no-pubkey and chosen revocation cases.  (clean_uid): New function to
clean a user ID of unusable (as defined by mark_usable_uid_certs)
certs.

* keyedit.c (keyedit_menu, menu_clean_uids): Call it here for new
"clean" command that removes unusable sigs from a key.
2005-04-24 18:35:30 +00:00
David Shaw
6d72a1c649 * trustdb.h, keyedit.c (keyedit_menu, menu_select_uid_namehash): Allow
specifying user ID via the namehash from --with-colons
--fixed-list-mode --list-keys.  Suggested by Peter Palfrader.
2005-04-24 16:05:41 +00:00
David Shaw
5bfd1199b8 * keyedit.c (sign_uids, keyedit_menu): When the user requests to sign
a key without specifying which user IDs to sign, and declines to sign
all user IDs, walk through the set of user IDs and prompt for which to
sign.
2005-04-22 03:36:20 +00:00
David Shaw
edc0862448 * mainproc.c (symkey_decrypt_seskey): There is no need to have an
extra check for a bad passphrase and/or unknown cipher algorithm here.
We'll fail quite happily later, and usually with a better error
message to boot.
2005-04-22 03:21:14 +00:00
David Shaw
b7c3018d32 * keyserver.c (keyserver_spawn): Free some memory.
* sign.c (hash_for): Comments.
2005-04-17 04:10:03 +00:00
Werner Koch
73fb1c592f * g10.c (main, add_notation_data, add_policy_url)
(add_keyserver_url): Use isascii() to protect the isfoo macros and
to replace direct tests.  Possible problems noted by Christian
Biere.
* keyserver.c (parse_keyserver_uri): Ditto.

* g10.c (main): Declare --pipemode deprecated.
* misc.c (deprecated_command): New.
2005-04-11 18:24:09 +00:00
Werner Koch
f8a3345229 * ccid-driver.c (ccid_slot_status): Fixed debug messages.
* card-util.c (card_edit): Add command "verify".  Enhanced admin
command to allow optional arguments "on", "off" and "verify".
(card_status): Print private DOs in colon mode.
* app-openpgp.c (do_check_pin): Add hack to allow verification of
CHV3.
2005-04-07 08:31:23 +00:00
Werner Koch
80f4424658 Changes to make use of code taken from libassuan. This replaces the
old ad-hoc connection code to gpg-agent.  We do need this for the
forthcoming diversion of card code to an already running gpg-agent
with card-support.
2005-04-05 17:09:13 +00:00
David Shaw
727cda9758 * mainproc.c (proc_plaintext): Properly handle SIG+LITERAL (old-style PGP)
signatures that use hashes other than SHA-1, RIPEMD160, or MD5.
2005-04-01 16:22:34 +00:00
Werner Koch
c43423f0bd (keygen_set_std_prefs): Explain the chosen order of
AES key sizes.
2005-04-01 09:03:15 +00:00
David Shaw
c336e34571 * exec.h, exec.c (set_exec_path): Remove some dead code and change all
callers.  We no longer need to append to $PATH.
2005-03-31 17:11:53 +00:00
Werner Koch
fe01cbceb0 * keydb.c (keydb_add_resource): Clarify meaning of flags. Add new
flag 4.  Use log_info for errors registering the default secret key.
* g10.c (main): Flag the default keyrings.
2005-03-31 07:05:35 +00:00
David Shaw
14fdbdc97a * keyserver.c (keyserver_spawn): Don't mess about with the $PATH.
Rather, call keyserver helpers with the full path.  This fixes some
PATH-inspired DLL problems on W32.  Noted by Carlo Luciano Bianco.
2005-03-31 03:58:53 +00:00
Werner Koch
1985805cdf (pin_cb): Print a warning if the info string hack is
not there.  This may happen due to typos in the translation.
2005-03-30 10:39:13 +00:00
David Shaw
57b9ba5e16 * gpgv.c: Stubs for tty_enable_completion() & tty_disable_completion().
* openfile.c (ask_outfile_name): Enable readline completion when prompting
for an output filename.

* plaintext.c (ask_for_detached_datafile): Enable readline completion when
prompting for a detached sig datafile.
2005-03-21 20:47:28 +00:00
Werner Koch
31135aff14 * keyedit.c (command_generator, keyedit_completion): Changed
indentation.
* card-util.c (command_generator, card_edit_completion): Ditto.
2005-03-21 15:24:48 +00:00
David Shaw
f30b25e565 * card-util.c (command_generator, card_edit_completion)
[GNUPG_MAJOR_VERSION==1 && HAVE_LIBREADLINE]: New functions to enable
command completion in the --card-edit menu.  (card_edit): Call them
here.
2005-03-20 03:59:07 +00:00
David Shaw
c249809a6b * keyedit.c (command_generator, keyedit_completion) [HAVE_LIBREADLINE]:
New functions to enable command completion in the --edit-key menu.
(keyedit_menu): Call them here.
2005-03-18 22:07:12 +00:00
David Shaw
5f7720e693 * getkey.c (get_seckey_byname2): If no explicit default key is set, don't
pick a disabled default.  Noted by David Crick.
2005-03-17 23:52:38 +00:00
David Shaw
e19aa2e3ea * Makefile.am: Calculate GNUPG_LIBEXECDIR directly. Do not redefine
$libexecdir.
2005-03-17 23:14:47 +00:00
David Shaw
ff93f3528a * options.h, keyserver.c (parse_keyserver_options, keyserver_spawn): Don't
treat 'verbose' and 'include-disabled' as special.  Just pass them through
silently to the keyserver helper.
2005-03-17 22:55:17 +00:00
Werner Koch
8ba895c763 (parse_ccid_descriptor): Make SCM workaround
reader type specific.
(scan_or_find_devices): Do not check the interface subclass in the
SPR532 kludge, as this depends on the firmware version.
(ccid_get_atr): Get the Slot status first.  This solves the
problem with readers hanging on recent Linux 2.6.x.
(bulk_in): Add argument TIMEOUT and changed all callers to pass an
appropriate one.  Change the standard timeout from 10 to 5 seconds.
(ccid_slot_status): Add a retry code with an initial short timeout.
(do_close_reader): Do an usb_reset before closing the reader.
2005-03-16 19:10:54 +00:00
Werner Koch
a177090f37 * card-util.c (card_status): Use isotimestamp and not the
localized asctimestamp to match the timezone used in the key
information.

* miscutil.c (isotimestamp): New.
2005-03-14 20:41:20 +00:00
Werner Koch
a043c14d22 * cardglue.c (pin_cb): Disable debug output.
* mk-w32-dist: Check for patch files.
* w32installer.nsi: Translated a few more strings.  Print a
warning if permssions are not suitable for the installation.
Add Uninstaller entries.
2005-03-14 19:19:21 +00:00
David Shaw
9bf9389179 * keyserver.c (parse_keyserver_options): Accept honor-http-proxy as an
alias for http-proxy.
2005-03-10 19:34:40 +00:00
David Shaw
04f02174e1 * delkey.c (do_delete_key, delete_keys): Fix problem with --expert
preventing --delete-secret-and-public-keys from deleting secret keys.
2005-03-10 18:43:36 +00:00
Werner Koch
e27aa939bf (keyedit_menu) [W32]: Run the trustdb stale check
earlier.
2005-03-10 18:40:57 +00:00
Werner Koch
c91e30fda4 * primegen.c (is_prime): Free A2. Noted by pmike2001@mail.ru.
Fixes #423.

* DETAILS: Document new status codes.

* cardglue.c (agent_scd_pkdecrypt, agent_scd_pksign)
(agent_scd_genkey, agent_scd_setattr, agent_scd_change_pin)
(agent_scd_checkpin, agent_openpgp_storekey): Make sure to send a
SC_OP_FAILURE after card operations which might change data.
* card-util.c (change_pin): Send a SC_OP_SUCCESS after a PIN has
been changed.
(change_name): Removed a debug output.
* status.h, status.c: New codes BAD_PASSPHRASE_PIN, SC_OP_FAILURE
and SC_OP_SUCCESS.

* de.po: Updated. Translation is still in the works, though.
2005-03-07 13:59:59 +00:00
David Shaw
522ca12084 * keyedit.c (keyedit_menu): Only print the key signing hint when signing
from a place where it is useful (i.e. --edit-key and not --sign-key).
2005-02-24 21:21:14 +00:00
Werner Koch
00ef56868d * card-util.c (fetch_url): Fetch the key from the default
keyserver if no URL is available.

* w32installer.nsi: Added page to select the language.
* mk-w32-dist: Create the opt.ini using the available languages.
2005-02-16 20:08:14 +00:00
Werner Koch
bb71180d07 * gpg.sgml: Add bkuptocard command for --edit-key.
* passphrase.c (agent_get_passphrase): Don't call free_public_key
if PK is NULL.
(passphrase_clear_cache): Ditto. Removed debug output.
(passphrase_to_dek): Ditto.
2005-02-15 11:02:32 +00:00
David Shaw
a3ea962679 Disable the "quick check" bytes for PK decryptions. This is in
regards to the Mister and Zuccherato attack on OpenPGP CFB mode.
2005-02-10 04:06:30 +00:00
David Shaw
2dbfc709ad * trustdb.h, trustdb.c (trustdb_check_or_update): New. If the trustdb
is dirty and --interactive is set, do an --update-trustdb.  If not
interactive, do a --check_trustdb unless --no-auto-check-trustdb is
set.

* import.c (import_keys_internal): Moved from here.

* keyserver.c (keyserver_refresh): Call it here after all refreshing
has happened so that we don't rebuild after each preferred keyserver
set of imports, but do one big rebuild at the end.  This is Debian bug
#293816, noted by Kurt Roeckx.
2005-02-06 17:38:43 +00:00
David Shaw
01f0036d23 * getkey.c (merge_selfsigs_subkey): Merged away definition from the
backsigs code.
2005-02-05 00:00:35 +00:00
Werner Koch
334e3e96d2 Updated to match the switch to the NSIS installer. 2005-02-03 09:32:53 +00:00
David Shaw
c49620a720 * keygen.c (do_generate_keypair): Write the auth key to the card
before the encryption key.  This is a partial workaround for a PGP bug
(as of this writing, all versions including 8.1), that causes it to
try and encrypt to the most recent subkey regardless of whether that
subkey is actually an encryption type.  In this case, the auth key is
an RSA key so it succeeds.
2005-02-01 05:26:25 +00:00
David Shaw
df42d339d9 * keyid.c (keyid_from_sk, keyid_from_pk): Use 0xFFFFFFFFFFFFFFFF
instead of 0x0000000000000000 for the invalid key ID since all-zeroes
is reserved for the anonymous recipient.

* keyedit.c (change_passphrase), keygen.c (generate_subkeypair): Fix a
string ;)
2005-01-28 00:50:10 +00:00
Werner Koch
d96f816f89 * keygen.c (generate_subkeypair): Detect primary key on-card and
ask for the passphrase.  Return an error if the primary key is a
plain stub.

* keyedit.c (change_passphrase): Don't ever change any stub key.
Print a note if a key consists of only stub keys.  Reported by
Dany Nativel.  These are bugs #401 and #402.
2005-01-27 11:48:33 +00:00
Werner Koch
963748d1b5 Updated to the version from 1.2.7. 2005-01-27 10:30:28 +00:00
David Shaw
e6cbb88f61 * keyserver.c (parse_keyserver_uri): Allow RFC-2732 IPv6 [literal
address] syntax in keyserver URLs.  (keyserver_typemap): Map ftps if
we are supporting it.
2005-01-26 21:20:30 +00:00
Werner Koch
aa62bf505d (do_generate_keypair): Don't continue after an error;
fixed at two places. Why at all didn't I used a goto to cleanup,
tsss?
2005-01-25 14:34:51 +00:00
Werner Koch
aa87314e6f (get_cached_data): New arg GET_IMMEDIATE to bypass
the cache.  Changed all callers.
(get_one_do): Bypass the cache if the value would have been read
directly for v1.1 cards.It makes things a bit slower but obnly for
1.0 cards and there are not that many cards out in the wild.  This
is required to fix a caching bug when generating new keys; as a
side effect of the retrieval of the the C4 DO from the 6E DO the
chaced fingerprint will get updated to the old value and later
when signing the generated key the checking of the fingerprint
fails becuase it won't match the new one.  Thanks to Moritz for
analyzing this problem.
(verify_chv3): Removed the CHV status reread logic because we
won't cache the C4 DO anymore.
2005-01-25 14:18:56 +00:00
David Shaw
625806b6ae * keyserver.c (free_keyserver_spec): Fix small leak.
(keyserver_typemap): Map https if we are supporting it.
2005-01-22 03:33:12 +00:00
Werner Koch
6a0fda89c0 (open_card): Issue new CARDCTRL(4) status. 2005-01-20 18:25:25 +00:00
Werner Koch
b2b2786be1 * gpgv.c (tty_fprintf): New stub.
* card-util.c (card_status): Create asecret key stub on the fly
and print more information about a card key.
* import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New.
* getkey.c (get_seckeyblock_byfprint): New.
* keylist.c (print_card_key_info): New.
2005-01-20 17:21:40 +00:00
Werner Koch
5bda87bd6e * g10.c (i18n_init) [W32]: Pass registry key to gettext
initialization.
* gpgv.c (i18n_init) [W32]: Ditto.

* simple-gettext.c (set_gettext_file): Use MO files depending on
the installation directory.  Add new arg REGKEY.
2005-01-20 11:42:03 +00:00
Werner Koch
79161ef7b9 (public_key_list): Do a trustdb staleness check before
opening the keyring.
(secret_key_list): Ditto.
2005-01-18 09:51:58 +00:00
David Shaw
96a3982b9b * keyedit.c (keyedit_menu): Move command strings outside the function to
get ready for the readline completion code.
2005-01-11 04:15:55 +00:00
David Shaw
74ca58ee94 * passphrase.c (readline, agent_send_option, agent_open,
agent_get_passphrase, passphrase_clear_cache): Rename readline() to
readaline() to keep readline library namespace clear.
2005-01-10 22:56:46 +00:00
David Shaw
f464dcef59 * filter.h, armor.c (armor_filter): Use the eol string from the armor
filter context instead of hardcoding '\n' or '\r\n'.  If no eol string is
provided, default to '\n' or '\r\n' as appropriate. (is_armor_header):
Trim tabs in armor header lines as well.

* keyserver.c (keyserver_spawn): Use it here to force '\n' line endings
since the keyserver output file gets a LF->CRLF expansion on win32.
2005-01-06 16:23:47 +00:00
David Shaw
299a250c94 * g10.c (main): Typo.
* armor.c (is_armor_header): Allow CR and LF (not just actual spaces) in
an armor header line (-----BEGIN etc).  This is needed due to CRLF issues
on win32.  As before, --openpgp makes it strict.
2005-01-06 04:44:38 +00:00
David Shaw
14ce45565d * Makefile.am: Use @LIBUSB@ instead of @LIBUSB_LIBS@
* import.c (delete_inv_parts): Comments on import-unusable-sigs.
2005-01-03 15:15:34 +00:00
David Shaw
fbee22ac0c * options.h, import.c (parse_import_options, delete_inv_parts): Add
import-unusable-sigs flag to enable importing unusable (currently:
expired) sigs.

* options.h, export.c (parse_export_options, do_export_stream): Add
export-unusable-sigs flag to enable exporting unusable (currently:
expired) sigs.
2005-01-01 21:21:11 +00:00
David Shaw
b37facc593 * packet.h, getkey.c (merge_selfsigs_main, sig_to_revoke_info), keyid.c
(revokestr_from_pk), keyedit.c (show_key_with_all_names): Show who revoked
a key (either the same key or a designated revoker) and when.
2004-12-30 03:26:57 +00:00
Werner Koch
afe8ca4fbf (find_endpoint): New.
(scan_or_find_devices): Add new args to return endpoint info and
interface number.
(ccid_open_reader, ccid_shutdown_reader): Take care of these new
args.
(bulk_in, bulk_out): Use the correct endpoints.
(ccid_transceive_apdu_level): New.
(ccid_transceive): Divert to above.
(parse_ccid_descriptor): Allow APDU level exchange mode.
(do_close_reader): Pass the interface number to usb_release_interface.
2004-12-28 07:30:57 +00:00
David Shaw
783ec6dbb2 * keyserver.c (keyserver_typemap): Only map HTTP and FTP if libcurl has
specifically been selected to handle them.
2004-12-24 19:51:02 +00:00
David Shaw
f3c33b8768 * options.h, keyserver.c (parse_keyserver_uri): Properly parse auth data
from URLs and pass to keyserver helpers.
2004-12-22 18:09:41 +00:00
David Shaw
b96038387b * keyserver.c (keyserver_typemap): New. Map certain keyserver types to a
common type (e.g. ldaps -> ldap).  If we are building with curl, map both
http and ftp to curl.

* build-packet.c (build_sig_subpkt): Only allow one preferred keyserver
subpacket at a time.
2004-12-22 17:49:44 +00:00
David Shaw
b883e9642b * keyedit.c (menu_set_keyserver_url): Make sure we only operate on the
chosen selfsig so we don't accidentally promote an older selfsig to
chosen.  Discovered by Simon Josefsson and 'Todd'.

* keygen.c (ask_expire_interval): Fix typo.
2004-12-21 15:49:56 +00:00
David Shaw
8dcbbf98bb * keylist.c (list_keyblock_print): Secret key listings should always show
everything (expired UIDs, revoked subkeys, etc, etc).

* keyedit.c (keyedit_menu): Add additional help for the "sign" flags.
2004-12-21 04:19:03 +00:00
Werner Koch
29dd149778 (ask_expire_interval): For better translations chnage 2
strings.
2004-12-20 18:14:57 +00:00
Werner Koch
9e3526f236 * seckey-cert.c (do_check): Handle case when checksum was okay but
passphrase still wrong.  Roman Pavlik found such a case.

* mpicoder.c (mpi_read_from_buffer): Don't abort in case of an
invalid MPI but print a message and return NULL.  Use log_info and
not log_error.
2004-12-20 10:05:20 +00:00
David Shaw
07250279e7 * keyedit.c (keyedit_menu): Invisible alias "passwd" as "password".
* passphrase.c: Don't check for __CYGWIN__, so it is treated as a
unix-like system.

* options.h, g10.c (main), textfilter.c (standard): Use new option
--rfc2440-text to determine whether to filter "<space>\t\r\n" or just
"\r\n" before canonicalizing text line endings.  Default to
"<space>\t\r\n".
2004-12-20 05:19:09 +00:00
David Shaw
1e487ab1d6 * keygen.c (keygen_get_std_prefs): Set reference count when creating the
temporary user ID.

* keyedit.c (keyedit_menu): Merge updpref and setpref.  Keep updpref as an
invisible alias.  Add invisible alias for revphoto. Fix small memory leak
when using "setpref" (not all of the uid was freed). (menu_revkey):
Trigger a trust rebuild after revoking a key. Don't allow revoking an
already-revoked whole key. (menu_revsubkey): Don't allow revoking an
already-revoked subkey.
2004-12-19 05:20:07 +00:00
David Shaw
06c27b8a38 * keyedit.c (menu_revkey): Rename to menu_revsubkey. (menu_revkey): New.
Revoke a whole key. (keyedit_menu): Call it here for when 'revkey' is used
without any subkeys selected.  This is to be consistent with the other
functions which are "selected part if selected, whole key if not".
2004-12-19 04:30:16 +00:00
David Shaw
005b1d7960 Readline fix to be robust against platforms where readline has its own
dependencies.  We play guess-the-depedency for a while, and try termcap,
curses, and ncurses.
2004-12-18 22:23:49 +00:00
Werner Koch
74330a49ec * passphrase.c (agent_get_passphrase): Define NREAD locally as
size_t or int.

* keylist.c (list_keyblock_print): Make field width an int.
* keyedit.c (show_key_with_all_names): Ditto.
2004-12-17 18:51:32 +00:00
David Shaw
e79f2db8e4 * g10.c (main): Add --require-secmem/--no-require-secmem to cause gpg to
exit if it cannot lock memory.  Also remove --nrsign-key and --nrlsign-key
since this can better be done via --edit-key.

* secmem.c (secmem_init): Return a flag to indicate whether we got the
lock.

* memory.h: Return a flag to indicate whether we got the lock.
2004-12-16 05:16:09 +00:00
David Shaw
7a388529a3 * apdu.c (apdu_send_le, apdu_send_direct), keylist.c
(status_one_subpacket, print_one_subpacket): Fix some compiler warnings.

* g10.c (main): Fix --compression-algo to take a string argument like
--compress-algo.

* trustdb.c (uid_trust_string_fixed): For safety, check for a pk.
2004-12-15 05:16:53 +00:00
David Shaw
b120400413 * keyedit.c (keyedit_menu): Re-remove the N_() markers. 2004-12-14 14:50:15 +00:00
David Shaw
7dd3fe2a79 * trustdb.c (uid_trust_string_fixed): Show uids as revoked if the key is
revoked.

* keyedit.c (show_key_with_all_names): Don't show validity for secret key
UIDs.

* keyedit.c (parse_sign_type): New.  Figure out the flags (local,
nonrevoke, trust) for a signature. (keyedit_menu): Call it here so we can
mix and match flags, and don't need "nrltsign", "ltsign", "tnrsign", etc,
etc, etc.
2004-12-14 14:42:41 +00:00
Werner Koch
160eaf1874 automake updates, removed one debug output 2004-12-14 08:03:56 +00:00
Werner Koch
d0b9eff4b6 Prepared for last 1.4 release candidate 2004-12-14 07:49:27 +00:00
Werner Koch
1037420b76 (read_passphrase_from_fd): Fixed memory leak.
Noted by Andrei Darashenka.
2004-12-13 08:04:52 +00:00
David Shaw
4c2bacac99 * keyserver.c (parse_preferred_keyserver): Force preferred keyserver
subpackets to have a URI scheme specified.
2004-12-12 05:10:22 +00:00
David Shaw
bf5d013bc8 * options.h, g10.c (main), textfilter.c (standard): Use --rfc2440 or
--openpgp directly to determine the end of line hashing rule.

* trustdb.c (uid_trust_string_fixed): Show uids as expired if the key is
expired.
2004-12-11 04:47:33 +00:00
Werner Koch
5a37f0deab * app-openpgp.c (send_fprtime_if_not_null): New.
(do_getattr): Add KEY_TIME.
(do_learn_status): Print KEY_TIME.
* cardglue.c (learn_status_cb): Parse KEY-TIME.
* card-util.c (card_status): Print creation time if available.
2004-12-10 10:49:14 +00:00
David Shaw
1c334577f3 * options.h, g10.c (main), textfilter.c (len_without_trailing_ws): Removed
(not used). (standard): 2440 says that textmode hashes should canonicalize
line endings to CRLF and remove spaces and tabs.  2440bis-12 says to just
canonicalize to CRLF.  So, we default to the 2440bis-12 behavior, but
revert to the strict 2440 behavior if the user specifies --rfc2440.  In
practical terms this makes no difference to any signatures in the real
world except for a textmode detached signature.
2004-12-10 05:35:54 +00:00
Werner Koch
9e52cf2758 * passphrase.c (agent_get_passphrase): New args CUSTOM_PROMPT and
CUSTOM_DESCRIPTION. 	Changed all callers.

* app-openpgp.c (do_getattr, do_learn_status, do_setattr): Support
the new private DOs.
(do_change_pin): Add a "N" prefix to the strings so that the
callback can act accordingly for a new PIN.  Unfortunately this
breaks existing translations but I see no wother way to overvome
this.

* cardglue.c (learn_status_cb): Ditto.
(agent_release_card_info): Ditto.
(struct pin_cb_info_s): Removed and changed all users.
(pin_cb): Reworked.

* card-util.c (card_status): Print them
(card_edit): New command PRIVATEDO.
(change_private_do): New.
2004-12-09 16:57:30 +00:00
David Shaw
53ae360457 * keygen.c (ask_algo): Add a choose-your-own-capabilities option for DSA. 2004-12-09 15:49:47 +00:00
David Shaw
ea4d80b0a3 * keygen.c (ask_keysize): Change strings to always use %u instead of
hardcoding key sizes.  Bump default to 2048.  Bump minimum down to 512,
where possible, but require --expert to get there.  DSA is always 1024
unless --expert is given.
2004-12-07 17:58:35 +00:00
David Shaw
5dcc3dc353 * getkey.c (parse_key_usage): New function to parse out key usage flags.
Set PUBKEY_USAGE_UNKNOWN to handle flags that we don't understand.
(fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey): Call it from
here to remove duplicate code.
2004-11-29 21:21:52 +00:00
David Shaw
3ea642d8ae * export.c (do_export_stream): Allow export-minimal to work with secret
keys, even though a non-selfsig secret key signature is rare.
2004-11-26 16:48:05 +00:00
David Shaw
6dedf7a068 * options.h, export.c (parse_export_options, do_export_stream), import.c
(parse_import_options, import_keys_internal): Make the import-options and
export-options distinct since they can be mixed together as part of
keyserver-options.
2004-11-26 15:51:37 +00:00
David Shaw
9a70afe2b3 * options.h, export.c (parse_export_options, do_export_stream): Add
"export-minimal" option to disregard any sigs except selfsigs.
2004-11-25 03:58:42 +00:00
David Shaw
3d165c4ecf * trustdb.c (uid_trust_string_fixed): Use a string that can be atoi-ed,
but also has a comment for the translator.
2004-11-25 03:48:34 +00:00
David Shaw
04b715e4da * trustdb.h, trustdb.c (uid_trust_string_fixed): New. Return a fixed-size
translatable string similar to trust_value_to_string. This allows for
easier lining up of displays.

* keyedit.c (show_key_with_all_names), keylist.c (list_keyblock_print):
Use it here to print validity strings.

* gpgv.c: Stub.
2004-11-24 05:25:03 +00:00
Werner Koch
44289a4e68 (S_IRGRP) [HAVE_DOSISH_SYSTEM]: Define to 0. 2004-11-18 16:01:08 +00:00
Werner Koch
3220faf7f7 (open_info_file): New.
(main): Unconditionally implement --status-file, --logger-file,
--attribute-file, --passphrase-file, --command-file.  This is not
generally useful but easy to support and might make scripting
under Windows easier.
2004-11-17 16:04:21 +00:00
David Shaw
69ef25f8d6 * plaintext.c (handle_plaintext): Don't try and create a zero-length
filename when using --use-embedded-filename with input that has no
filename (clearsigned or message generated from a pipe).

* encode.c (encode_simple, encode_crypt), progress.c (handle_progress),
sign.c (write_plaintext_packet): Fix a few inconsistent calls (NULL
filename means a pipe here, so don't bother to check it twice).
2004-11-04 22:28:39 +00:00
David Shaw
c09b34fede * misc.c (print_digest_algo_note): The latest 2440bis drafts deprecates
MD5, so give a warning. (print_pubkey_algo_note, print_cipher_algo_note,
print_digest_algo_note): Give the algorithm name in the experimental algo
warning.
2004-11-03 20:35:28 +00:00
Timo Schulz
37ecd725e5 2004-11-03 Timo Schulz <twoaday@g10code.com>
* strgutil.c (w32_strerror): New.
        * ttyio.c (init_ttyfp, tty_printf, do_get): Use it here.
        * iobuf.c (fd_cache_open, file_filter): Likewise.
        (iobuf_seek, translate_file_handle): Likewise.
2004-11-03 20:03:46 +00:00
David Shaw
6ab8378c00 * skclist.c (build_sk_list): Don't need to warn about PGP-generated
Elgamal signing keys since we no longer support any Elgamal signing keys.

* sign.c (sign_file, clearsign_file): Use "writing to" instead of "writing
to file" to match other strings.

* pkclist.c (check_signatures_trust): Fix typo.  Noted by Moray Allan.
This is Debian bug #278708.

* passphrase.c (ask_passphrase, passphrase_to_dek): "password" ->
"passphrase".

* keyedit.c (show_key_with_all_names): Show designated revoker as part of
translatable string.
2004-10-28 22:09:09 +00:00
Werner Koch
41f46fb062 Inlcude LIBICONV 2004-10-28 18:57:50 +00:00
Werner Koch
66e627bdae About to release 1.3.92 2004-10-28 09:06:50 +00:00
David Shaw
f15e944b98 * card-util.c, delkey.c, keygen.c, plaintext.c, keyedit.c, passphrase.c,
revoke.c: Collapse the two different "can't do that in batch mode" strings
into one.
2004-10-28 03:57:30 +00:00
David Shaw
f5b7a72a48 * keylist.c (status_one_subpacket): New. Send the subpacket data to the
--status interface.

* card-util.c (card_edit): Show when admin is enabled or not.

* status.h, status.c: New STATUS_SIG_SUBPACKET type.

* build-packet.c (build_sig_subpkt): Multiple keyserver URLs are allowed.
2004-10-28 03:14:55 +00:00
David Shaw
d89c701acb * keyring.c: Make some strings translatable.
* exec.c, sign.c: Change "can't open file" to "can't open" and "can't
create file" to "can't create" to be consistent with other strings so we
don't have to translate both.
2004-10-28 02:14:06 +00:00
David Shaw
1976afce93 * delkey.c, export.c, keyedit.c, pkclist.c, revoke.c, skclist.c: Fix a few
missed possible \"username\" quotes.
2004-10-28 01:58:01 +00:00
Werner Koch
e939eb248d (verify_chv3): The minimum length for CHV3 is
8. Changed string to match the other ones.
2004-10-26 07:51:15 +00:00
Werner Koch
3060984dd1 (agent_send_all_options): Try to deduce the ttyname
from stdin.
2004-10-26 07:50:47 +00:00
David Shaw
65077adf83 * options.h, g10.c (main), mainproc.c (check_sig_and_print): Rename
verify-option show-validity to show-uid-validity to match the similar
list-option.

* app-openpgp.c (verify_chv3): Fix typo.
2004-10-21 19:18:47 +00:00
Werner Koch
0ebf79c824 * configure.ac: Remove the check for asprintf
* app-common.h (app_openpgp_storekey: Add prototype.

* app-openpgp.c (do_sign): Replace asprintf by direct allocation.
This avoids problems with missing vasprintf implementations.

* card-util.c (generate_card_keys): Add a #warning for gnupg 1.9
and use the same string there.

* util.h [!HAVE_VASPRINTF]: Removed prototype.

* vasprintf.c: Removed. It was used only at one place and I don't
want to get into build problems in 1.4.
2004-10-21 16:56:22 +00:00
David Shaw
107e515aa9 * g10.c (parse_list_options): Fix non-constant initializer so we can build
with C89.
2004-10-21 01:10:49 +00:00
Werner Koch
27d06166d3 * apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion.
(pcsc_get_status): Implemented.
(reset_pcsc_reader): Implemented.
(open_pcsc_reader): Succeed even with no card inserted.
(open_ccid_reader): Set LAST_STATUS.

* iso7816.c (iso7816_select_application): Always use 0 for P1.
2004-10-20 09:39:56 +00:00
Werner Koch
ad3382bdc7 (agent_get_passphrase): Cast UIDLEN to int. Noted
by Christian Cornelssen.
2004-10-17 13:28:37 +00:00
David Shaw
b03a7a6f3b * parse-packet.c (parse_one_sig_subpkt, enum_sig_subpkt): Don't BUG() on
unknown subpackets.  Rather, just return them silently.
2004-10-16 22:48:20 +00:00
Werner Koch
c3a51cd17d * README: Mentioned --enable-selinux-support.
* status.h (STATUS_NEED_PASSPHRASE_PIN): New.
* status.c (get_status_string): Added.
* passphrase.c (ask_passphrase): Moved status printing to ..
* cardglue.c (pin_cb): .. here and issue new status message.

* keyedit.c (sign_uids): Don't include the leading LF in the
translatable string but print them separately.

* apdu.c (apdu_open_remote_reader) [_WIN32]: We don't have ENOSYS.
2004-10-15 13:16:58 +00:00
Werner Koch
5db236f4e7 * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): New.
(AUTOMAKE_OPTIONS): New.

* configure.ac: Check whether vasprintf needs a replacement.

* app-openpgp.c (parse_login_data): New.
(app_select_openpgp): Call it.
(do_setattr): Reparse it after change.

* Makefile.am: Add ksutil.h.
2004-10-15 09:55:39 +00:00
Werner Koch
450f0d770b * pkclist.c (do_edit_ownertrust): Add a note to translators.
* keygen.c (ask_user_id): Ditto.

* helptext.c: Typo fix.
2004-10-15 09:39:25 +00:00
Werner Koch
8b7cb60229 another s/unsigned char*/byte*/ 2004-10-14 20:47:56 +00:00
David Shaw
f13bba108a * keylist.c (list_keyblock_print): Show the fingerprint after the key, not
after the first user ID.

* keyedit.c (show_key_with_all_names): Don't show validity if we're just
printing user IDs for signing.

* armor.c (fake_packet): Properly handle the case where the line is
dash-space (i.e. a blank line that was quoted).  Give a warning for bad
dash escaping.
2004-10-14 20:13:16 +00:00
Werner Koch
f294ce2d8b * export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow
secret key export.
* import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise
2004-10-14 10:48:15 +00:00
Werner Koch
35774ec568 * misc.c (is_secured_filename): New.
* keydb.c (maybe_create_keyring)
* tdbio.c (tdbio_set_dbname)
* plaintext.c (handle_plaintext)
* openfile.c (copy_options_file, open_outfile)
* exec.c (exec_write)
* keygen.c (do_generate_keypair, gen_card_key_with_backup)
* sign.c (sign_file, clearsign_file)
* keyring.c (create_tmp_file, do_copy): Check for secured files
before creating them.

* keygen.c (print_status_key_created): s/unsigned char/byte/ due
to a strange typedef for RISC OS.  Noted by Stefan.
2004-10-14 07:11:57 +00:00
David Shaw
0d6defc0da * armor.c (fake_packet): Allow arbitrary dash-escaped lines as per
2440bis-10.  This is bug #158.
2004-10-13 20:39:54 +00:00
David Shaw
5887f2fb26 * keyserver.c (keyserver_work): Handle keyserver timeouts. 2004-10-13 18:40:13 +00:00
Werner Koch
151ca81f1a Added SELInux hacks and did some cleanups. 2004-10-13 18:10:06 +00:00
David Shaw
9a4dc13d5e * pkclist.c (do_edit_ownertrust): Different prompt when we're using direct
trust since the meaning is different.

* keyedit.c (trustsig_prompt): Change the strings to match the ones in
pkclist.c:do_edit_ownertrust to make translation easier.

* trustdb.c (trust_model_string, get_validity): Add direct trust model
which applies to the key as a whole and not per-uid.

* options.h, g10.c (parse_trust_model): New. (main): Call it from here to
do string-to-trust-model.
2004-10-13 15:34:52 +00:00
Werner Koch
620ac79ebf * configure.ac: Actually name the option --disable-finger and not
http.

* openfile.c (overwrite_filep, make_outfile_name, open_outfile)
(open_sigfile): Use iobuf_is_pipe_filename to check for pipes so
that special filesnames are taken into account. This is bug 327.
* tdbdump.c (import_ownertrust): Ditto.
* sign.c (write_plaintext_packet): Ditto.
* progress.c (handle_progress): Ditto.
* plaintext.c (handle_plaintext): Ditto.
* encode.c (encode_simple, encode_crypt): Ditto.

* iobuf.c (iobuf_is_pipe_filename): New.
* fileutil.c (is_file_compressed): Use it here.
2004-10-13 09:59:46 +00:00
Werner Koch
690aa956f1 * keygen.c (read_parameter_file): New keyword "Handle". This is
bug 287.
	(print_status_key_not_created): New.
	(print_status_key_created): Add new arg HANDLE.
	(do_generate_keypair): Print not created status.
	* status.c, tatus.h (STATUS_KEY_NOT_CREATED): New.
2004-10-13 07:10:51 +00:00
Werner Koch
ca6dcb7258 (read_parameter_file): Changed to use iobuf based file
reading to allow the special file name feature to work.
2004-10-12 16:41:17 +00:00
David Shaw
bf079613b7 * pkclist.c (do_edit_ownertrust): Use the same translated string for
showing the user ID as mainproc.c:print_pkenc_list.

* mainproc.c (print_pkenc_list): Allow translating the quotes around the
user ID.

* card-util.c, g10.c, photoid.c, trustdb.c: The last of the \"%s\" -> `%s'
quoting for things that aren't user IDs.

* keyserver.c (keyserver_spawn): If there is no keyserver host, print the
whole URI since it is self-contained.
2004-10-11 21:08:37 +00:00
Werner Koch
5bdb171026 * configure.ac: New option --disable-finger.
* keyserver.c (keyserver_spawn): Print an empty string in log_info
if the host is not set (e.g. finger).

* gpgkeys_finger.c: New.
2004-10-11 08:44:35 +00:00
David Shaw
f3687f6b6c * card-util.c, keyedit.c, openfile.c, pkclist.c, delkey.c, keygen.c,
photoid.c, revoke.c: Some yes-or-no prompts end in "(y/n)".  Some don't.
Consistently use y/n everywhere.
2004-10-10 15:27:14 +00:00
David Shaw
d41e6455a3 * keygen.c (ask_key_flags): New. (ask_algo): Call it here in --expert mode
so we don't need to specify each possible variation of RSA capabilities.
2004-10-10 14:33:37 +00:00
David Shaw
aa50dcff2f * keygen.c (do_add_key_flags): The spec says that all primary keys MUST be
able to certify.  Force the certify flag on for primaries (and off for
subkeys).
2004-10-10 14:19:39 +00:00
David Shaw
65ec9772a7 * keygen.c (generate_keypair): Fix generating keys with the auth flag. 2004-10-10 13:13:47 +00:00
David Shaw
fa012921b2 * encr-data.c (decrypt_data): Give a warning with a weak key, but still
allow to decrypt the message.
2004-10-08 21:54:26 +00:00
David Shaw
4737923d56 * pkclist.c (build_pk_list): Keystrify.
* mainproc.c (check_sig_and_print), pkclist.c (do_edit_ownertrust):
Improve translatability of user ID prompts.
2004-10-07 21:14:31 +00:00
David Shaw
b1e2c5398f * helptext.c, pkclist.c (do_we_trust): It is not possible to get here with
a revoked or expired key, so BUG() that case.  Remove question about
overriding revoked/expired.  Also --keyid-format-ify. (do_we_trust_pre):
Use print_pubkey_info() instead of printing the info ourselves.

* passphrase.c (passphrase_to_dek): Improve translatability of user ID
prompts.

* keylist.c (print_pubkey_info): Use the user ID the pk was selected by,
if any.
2004-10-06 21:50:23 +00:00
David Shaw
27b2c9356a * keyedit.c (sign_uids, ask_revoke_sig): Improve translatability of user
ID prompts. (ask_revoke_sig, menu_revsig): Try and use common strings for
these two functions so they don't need to be translated twice.
2004-10-06 20:40:07 +00:00
David Shaw
8da1dfeed0 * keyedit.c, keylist.c, keyserver.c, mainproc.c: The
revoked/expired/expires string change of 2004-09-29 was too simple.  Use
two styles for each tag.
2004-10-06 19:51:45 +00:00
David Shaw
8c72ff9543 * passphrase.c (agent_get_passphrase): Use keystrs for agent strings, and
fix sprintf warnings.

* keyserver.c (keyserver_spawn): Fix BUG() with certain sets of mixed
regular and preferred keyserver refreshes.  Noted by Sebastian Wiesinger.

* keyedit.c (show_key_with_all_names): Show uid validity in menu.
2004-10-05 14:33:02 +00:00
Timo Schulz
eb02f5b46a 2004-10-03 Timo Schulz <twoaday@g10code.de>
* apdu.c (apdu_open_remote_reader) [_WIN32]: Do not set ENOSYS.
2004-10-04 17:25:29 +00:00
David Shaw
56fbde0f5e * keyedit.c (print_and_check_one_sig_colon): Fix bad keyids in colon
delsig output.  Noted by Peter Palfrader. (show_prefs): Do not reference
missing selfsig.  Noted by Alex Moroz.
2004-10-04 01:17:27 +00:00
Werner Koch
7caab37cd1 * gpgv.c (i18n_init): Always use LC_ALL.
* bftest.c (i18n_init): Always use LC_ALL.
* shmtest.c (i18n_init): Ditto.
* mpicalc.c (i18n_init): Ditto.
2004-10-01 10:18:31 +00:00
Werner Koch
1d315be6fa * mk-w32-dist: Updated from stable branch.
* mk-gpg-texi: Changed to use the newer docbook2x-texi utility.

* config.guess, config.sub, mkinstalldirs, missing
* depcomp, install-sh: Upgraded.
2004-10-01 10:11:42 +00:00
David Shaw
85f9755968 * gpgv.c, keydb.c (keydb_add_resource): Factored keyring creation out to
.. (maybe_create_keyring): .. new.  Make sure that we do the checks in a
locked state.  Problem reported by Stefan Haller.  Try to create the home
directory before acquiring a lock for the keyring. From Werner on stable
branch.

* g10.c (main): Blow up if we didn't lose setuid.  From Werner on stable
branch.
2004-09-30 15:00:58 +00:00
David Shaw
742682bf95 * keyedit.c, keylist.c, keyserver.c, mainproc.c: Reduce the many
variations of "revoked" ("revoked", "[revoked]", " [revoked]", "[revoked]
") "and" expired down to two to simplify translation.
2004-09-29 17:41:58 +00:00
David Shaw
c48d5ebbb7 * keyedit.c (print_and_check_one_sig): Account for the extra space that
show-sig-expire takes up so we do not wrap lines.
(show_key_with_all_names): No need to show subkey revocations as a
seperate line since we now show revocation date in the main subkey line.
2004-09-29 03:21:05 +00:00
David Shaw
793f8d8d55 * signal.c (got_fatal_signal): HAVE_DECL_SYS_SIGLIST is defined, but zero
if not found.  Noted by John Clizbe.

* keyserver.c (parse_keyrec): Fix problem with non-expiring keys appearing
expired in --search-keys results.
2004-09-28 14:50:05 +00:00
Werner Koch
a2599936c9 * card-util.c (card_edit): Take admin only status from the table.
* app-openpgp.c: Made all strings translatable.
(verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin
available for use in gnupg 2.
(verify_chv3): Reimplemented countdown showing to use only
functions from this module.  Flush the CVH status cache on a
successful read.
(get_one_do): Hack to bypass the cache for cards versions > 1.0.
(store_fpr): Store the creation date for card version > 1.0.
2004-09-27 12:56:05 +00:00
Werner Koch
cb3c6f8a05 We need to take care that several files are also used in gnupg 1.9 and
there by the scdaemon which is a bit different to the direct
integration in gpg 1.3.  In general they should all be maintained in
1.9 but while preparing 1.4 its okay to do it in 1.3.  We just need to
take some care not to break 1.9 to heavily.

app-openpgp.c: Made all strings translatable.
(verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin
available for use in gnupg 2.
(verify_chv3): Reimplemented countdown showing to use only
functions from this module.
2004-09-27 09:42:26 +00:00
David Shaw
2ff6607f0d * main.h, g10.c (main), card-util.c (change_pin): If "admin" has not been
issued, skip right to the CHV1/CHV2 PIN change.  No need to show the
unblock or admin PIN change option. (card_edit): Add "admin" command to
add admin commands to the menu.  Do not allow admin commands until "admin"
is given.

* app-openpgp.c (verify_chv3): Show a countdown of how many wrong admin
PINs can be entered before the card is locked.

* options.h, g10.c (main), app-openpgp.c (verify_chv3): Remove
--allow-admin.
2004-09-25 13:04:55 +00:00
David Shaw
4d26ab92cc * main.h: Create S2K_DIGEST_ALGO macro so we do not need to always set
opt.s2k_digest_algo.  This helps fix a problem with PGP 2.x encrypted
symmetric messages.  Change all callers (encode.c, g10.c, keyedit.c,
keygen.c, passphrase.c, sign.c).

* armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent in some
more quoted strings.  Always use 'user ID', not 'user id', "quotes" for
user IDs, etc.
2004-09-24 20:34:38 +00:00
David Shaw
680be9be10 * keyedit.c (keyedit_menu), gpgv.c (agent_scd_getattr (stub)), keygen.c
(copy_mpi, generate_raw_key): Fix a compile problem and a few warnings
when building without card support.
2004-09-24 14:34:45 +00:00
Werner Koch
f36154535e Note: I have not fully tested the new key creation due to a pc/sc
error.  However the backupfile has been created successfully.

* rsa.c (rsa_generate): Return the dummy list of factors only if
the caller asked for it.

* card_util.c (generate_card_keys): ask whether backup should be
created.
(card_store_subkey): Factored some code out to ..
* keygen.c (save_unprotected_key_to_card): .. new function.
(gen_card_key_with_backup): New.
(generate_raw_key): New.
(generate_keypair): New arg BACKUP_ENCRYPTION_DIR.  Changed all
callers.
(do_generate_keypair): Divert to gen_card_key_with_backup when
desired.
2004-09-23 19:34:45 +00:00
Werner Koch
42c18de83a * gpg.sgml: Document "addcardkey" and "keytocard".
* apdu.c (open_pcsc_reader): Do not print empty reader string.

* keygen.c (ask_algo): Allow creation of AUTH keys.

* keyid.c (usagestr_from_pk): New.

* app-openpgp.c (app_openpgp_storekey): Call flush_cache.

* keyedit.c (keyedit_menu): New command "keytocard"
(keyedit_menu): Bad hack for the not_with_sk element.
(show_key_with_all_names): Print the usage.
(find_pk_from_sknode): New.

* card-util.c (card_store_subkey): New.
(copy_mpi): New.
* cardglue.c (agent_openpgp_storekey): New.
2004-09-23 13:32:31 +00:00
David Shaw
d937ace2f8 * mainproc.c (check_sig_and_print), keyedit.c (show_prefs,
menu_set_keyserver_url): Make sure that keyserver URLs with control
characters inside are printed properly.  In fact, handle them as UTF8.
2004-09-22 03:16:41 +00:00
David Shaw
f0279fc10d * keyedit.c (keyedit_menu): Don't show "addcardkey" in the menu if we do
not have card support.

* keydb.h, keyserver.c (print_keyrec, keyserver_spawn): fpr is an array of
unsigned bytes.
2004-09-21 22:24:47 +00:00
Werner Koch
9d17a635c9 * gpg.sgml: Document -K.
* g10.c: Make -K an alias for --list-secret-keys.

* keylist.c (print_card_serialno): New. Taken from gnupg 1.9.11.
(list_keyblock_print): Make use of it.
* keyedit.c (show_key_with_all_names): Print the card S/N.

* keyedit.c (keyedit_menu): New command ADDCARDKEY.
* card-util.c (card_generate_subkey): New.
* keygen.c (generate_card_subkeypair): New.
(gen_card_key): New arg IS_PRIMARY; changed all callers.

* cardglue.c (open_card): Use shutdown code if possible.
(check_card_serialno): Ditto.
2004-09-20 18:38:39 +00:00
Werner Koch
5576f6ef6c * cardglue.c (open_card): Use shutdown code if possible.
(check_card_serialno): Ditto.

* ccid-driver.c (do_close_reader): Factored some code out from ...
(ccid_close_reader): ..here.
(ccid_shutdown_reader): New.

* apdu.c (apdu_shutdown_reader): New.
(shutdown_ccid_reader): New.
2004-09-20 13:15:37 +00:00
Werner Koch
ca26884b3a (apdu_open_reader): No fallback if a full CCID reader id has been
Removed test code from ccid-driver.c
2004-09-17 14:26:50 +00:00
Werner Koch
f08c4222b7 * configure.ac: Don't check for usb_create_match or
use_get_string_simple anymore.

* g10.c (list_config): New config option ccid-reader-id.
(gpgconf_list): Add "reader-port".

* apdu.c (open_ccid_reader): New arg PORTSTR.  Pass it to
ccid_open_reader.
(apdu_open_reader): Pass portstr to open_ccid_reader.

* ccid-driver.c (ccid_get_reader_list): New.
(ccid_open_reader): Changed API to take a string for the reader.
Removed al the cruft for the libusb development vesion which seems
not to be maintained anymore and there are no packages anyway.
The stable library works just fine.
(struct ccid_reader_id_s): Deleted and replaced everywhere by a
simple string.
(usb_get_string_simple): Removed.
(bulk_in): Do valgrind hack here and not just everywhere.
2004-09-17 13:57:29 +00:00
David Shaw
4accf027d2 * keyedit.c (show_key_with_all_names, show_prefs): Show preferred
keyserver(s) in "showpref" output.
2004-09-16 20:55:09 +00:00
David Shaw
0862ee6979 * keygen.c (keygen_add_keyserver_url), keyedit.c (menu_set_keyserver_url):
Allow setting a keyserver URL of "none" to remove an existing keyserver
URL.
2004-09-16 20:07:42 +00:00
David Shaw
617a5a91bf * keyedit.c (menu_set_keyserver_url): Confirm replacement of a keyserver
URL before overwriting the old one.
2004-09-16 19:53:06 +00:00
David Shaw
a46e83b8e3 * gpgv.c (agent_scd_getattr): Stub.
* misc.c (get_signature_count): New.  Get the signature count from a
smartcard. (pct_expando): Call it here so the %c expando becomes the
number of signatures issued.  This allows for notations or the like with
an automatic signature count.

* ccid-driver.c (usb_get_string_simple): Replacement function to work with
older libusb.
2004-09-15 18:41:36 +00:00
Werner Koch
58cf95534e * g10.c [HAVE_LIBUSB]: New option --debug-ccid-driver.
* ccid-driver.c (read_device_info): Removed.
(make_reader_id, scan_or_find_devices): New.
(ccid_open_reader): Simplified by make use of the new functions.
(ccid_set_debug_level): New.  Changed the macros to make use of
it.  It has turned out that it is often useful to enable debugging
at runtime so I added this option.
2004-09-15 15:26:38 +00:00
David Shaw
1d8e25695f * getkey.c (premerge_public_with_secret): Fix subkey<->binding sig
mismatch when some secret subkeys are missing.  Discovered by Michael
Roth.
2004-09-14 02:00:39 +00:00
David Shaw
b7be7d59b1 * main.h, keylist.c (print_subpackets_colon): Make a public function.
* keyedit.c (print_and_check_one_sig_colon): New.  Print a with-colons
version of the sig record. (menu_delsig): Call it here for a with-colons
delsig.
2004-09-13 12:31:25 +00:00
David Shaw
e7c94128b2 * options.h, keylist.c (print_one_subpacket, print_subpackets_colon):
Print a spk record for each request subpacket. (list_keyblock_colon): Call
them here.

* g10.c (parse_subpacket_list, parse_list_options): New.  Make the list of
subpackets we are going to print. (main): Call them here.
2004-09-12 15:27:38 +00:00
David Shaw
45f99c58bb * card-util.c (fetch_url, card_edit): Use the pubkey URL stored on the
card to fetch an updated copy.  Works with either straight URLs or HKP or
LDAP keyservers.

* keyserver-internal.h, keyserver.c (keyserver_import_fprint), import.c
(revocation_present): Use a keyserver_spec so the caller can pass in
whatever keyserver they like.
2004-09-11 15:42:19 +00:00
David Shaw
dccd0d991b * app-openpgp.c (get_cached_data): Avoid mallocing zero since it breaks us
when using --enable-m-guard.
2004-09-11 03:30:48 +00:00
David Shaw
0f48ec7bba * ccid-driver.c (read_device_info): Fix segfault when usb device is not
accessible. (ccid_open_reader): Allow working with an even older version
of libusb (usb_busses global instead of usb_get_busses()).
2004-09-11 02:29:36 +00:00
Werner Koch
06853bbc4d * README: Doc --disable-card-support and --without-readline.
* configure.ac: Check for readline.  Make enable-card-support the
default.  New option --without-readline.  Allow the use of either
the development or the stable libusb.

* cardglue.h: Add members for CA fingerprints.
* cardglue.c (agent_release_card_info): Invalid them.
(learn_status_cb): Store them.

* app-common.h, app-openpgp.c, iso7816.c, iso7816.h
* apdu.c, apdu.h, ccid-driver.c, ccid-driver.h
* card-util.c: Updated from current gnupg-1.9.

* ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New.
* ccid-driver.c (ccid_open_reader): Support the stable 0.1 version
of libusb.
(ccid_get_atr): Handle short messages.
* apdu.c (my_rapdu_get_status): Implemented.
* apdu.c: Include <signal.h>.
* apdu.c (reader_table_s):  Add function pointers for the backends.
(apdu_close_reader, apdu_get_status, apdu_activate)
(send_apdu): Make use of them.
(new_reader_slot): Intialize them to NULL.
(dump_ccid_reader_status, ct_dump_reader_status): New.
(dump_pcsc_reader_status): New.
(open_ct_reader, open_pcsc_reader, open_ccid_reader)
(open_osc_reader, open_rapdu_reader): Intialize function pointers.
(ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu)
(error_string): Removed.  Replaced by apdu_strerror.
(get_ccid_error_string): Removed.
(ct_activate_card): Remove the unused loop.
(reset_ct_reader): Implemented.
(ct_send_apdu): Activate the card if not yet done.
(pcsc_send_apdu): Ditto.
* ccid-driver.h: Add error codes.
* ccid-driver.c: Implement more or less proper error codes all
over the place.
* apdu.c (apdu_send_direct): New.
(get_ccid_error_string): Add some error code mappings.
(send_apdu): Pass error codes along for drivers already supporting
them.
(host_sw_string): New.
(get_ccid_error_string): Use above.
(send_apdu_ccid): Reset the reader if it has not yet been done.
(open_ccid_reader): Don't care if the ATR can't be read.
(apdu_activate_card): New.
(apdu_strerror): New.
(dump_reader_status): Only enable it with opt.VERBOSE.
* iso7816.c (map_sw): Add mappings for the new error codes.
* apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader)
(reset_ccid_reader, open_osc_reader): Call dump_reader_status only
in verbose mode.
* app-openpgp.c (do_getattr): Fix for sending CA-FPR.
* app-openpgp.c (app_openpgp_readkey): Fixed check for valid
exponent.
* app-openpgp.c (do_setattr): Sync FORCE_CHV1.
* card-util.c (change_login): Kludge to allow reading data from a
file.
(card_edit): Pass ARG_STRING to change_login.
(card_status): Print CA fingerprints.
(change_cafpr): New.
(card_edit): New command CAFPR.

* errors.h (G10ERR_NO_CARD, G10ERR_CANCELED): New error codes.

* errors.c (g10_errstr): New error codes G10ERR_NO_CARD,
G10ERR_CANCELED.
2004-09-09 18:18:36 +00:00
Werner Koch
bfc45cc8bc * configure.ac: Check for readline.
* signal.c (got_fatal_signal): Do readline cleanup.  Print signal
number if we can't print the name. Use new autoconf macro
HAVE_DECL_SYS_SIGLIST.
(get_signal_name): Removed.

* ttyio.c (tty_get): Add readline support.
2004-09-09 17:04:44 +00:00
Werner Koch
87e3264f77 * photoid.c: Include ttyio.h.
* parse-packet.c (skip_rest): Removed.  Changed all callers to use
the new iobuf_skip_reset.  Orginal patch by Florian Weimer.

* iobuf.c (iobuf_skip_rest): New.  Orginal patch by Florian
Weimer.  Added new argument PARTIAL.
2004-09-09 12:42:10 +00:00
Werner Koch
eda1b80760 (generate_photo_id): Use tty_printf and not just
printf.  Put _() around one string.
2004-09-07 16:49:10 +00:00
David Shaw
d4ca1e8cbc * keyserver.c (parse_keyrec): Force the 'e'xpired flag on as soon as we
know the key is definitely expired.  Some translatable string cleanup.
2004-09-03 22:06:36 +00:00
David Shaw
ea279f1bae * encode.c, exec.c, g10.c, sign.c: Some translatable string cleanup.
Change some "this" to `this'.
2004-08-27 17:32:31 +00:00
David Shaw
10eb272a73 * keyserver.c (keyserver_spawn): Show log line for what keyserver action
we are taking.

* keyid.c (keystr): If printing a keyid that lacks the high 4 bytes, print
the low 4 alone. (keystr_from_desc): Handle short keyids and warn on v3
fingerprints.
2004-08-23 19:20:17 +00:00
David Shaw
9d4327ba4d * keydb.h, getkey.c (get_user_id_printable): Rename to get_user_id_native
and remove the printable stuff since we're print-ifying valid utf8
characters.  Change all callers in import.c, sign.c, keylist.c, and
encode.c.
2004-08-23 17:55:49 +00:00
David Shaw
ba0ba64b85 * keyserver.c (keyserver_search_prompt): Make sure the search string is
converted from UTF-8 before display.
2004-08-23 14:39:48 +00:00
Werner Koch
bf256b9696 (encode_session_key): Changed the zero random byte
substituting code to actually do clever things.  Thanks to
Matthias Urlichs for noting the implementation problem.
2004-08-19 10:12:54 +00:00
Marcus Brinkmann
75ac082a76 2004-08-18 Marcus Brinkmann <marcus@g10code.de>
* passphrase.c (agent_get_passphrase):
2004-08-18 00:06:08 +00:00
David Shaw
5d98f7afe5 * plaintext.c (handle_plaintext): Bigger buffer for extra safety.
* g10.c (main): New alias --throw-keyid for --throw-keyids, so that it
continues to work in old configuration files.  Noted by Jens Adam.

* pkclist.c (algo_available): --pgp8 now allows blowfish, zlib, and bzip2.

* status.c (do_get_from_fd): Flush stdout if status isn't flushing it for
us.  This guarantees that any menus that were displayed before the prompt
don't get stuck in a buffer.  Noted by Peter Palfrader.  This is Debian
bug #254072.

* sign.c (update_keysig_packet): Revert change of 2004-05-18.  It is not
appropriate to strip policy and notations when remaking a sig.  That
should only happen when specifically requested by the user.
2004-08-08 13:28:04 +00:00
David Shaw
52a83025e9 * armor.c (radix64_read): No armor CRC is legal according to the spec (the
CRC is a MAY).
2004-08-05 20:18:44 +00:00
David Shaw
0d7aca863d * misc.c (argsplit): Properly split quoted args from the keyword and trim
whitespace afterwards.
2004-07-28 15:36:23 +00:00
David Shaw
a2e332cded * misc.c (optsep): Add the ability to understand keyword="quoted arg with
spaces" type options.
2004-07-28 04:12:50 +00:00
David Shaw
0aad41079e * keylist.c (list_keyblock_print): Always use the new listing format where
uids are always on a line for themselves.  Mark expired secret keys as
expired.

* options.h, g10.c (main): Rename list show-validity to show-uid-validity
as it only shows for uids.

* armor.c (armor_filter): Do not use padding to get us to 8 bytes of
header.  Rather, use 2+4 as two different chunks.  This avoids a fake
filename of "is".
2004-07-16 14:30:55 +00:00
David Shaw
673894ef48 * keyedit.c (sign_uids): Properly handle remaking a self-sig on revoked or
expired user IDs.  Also, once we've established that a given uid cannot or
will not be signed, don't continue to ask about each sig.

* mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check the S2K
hash algorithm before we try to generate a passphrase using it.  This
prevents hitting BUG() when generating a passphrase using a hash that we
don't have.

* sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign
--symmetric messages.
2004-07-15 21:16:54 +00:00
David Shaw
2cba999f22 * g10.c (main): Alias --charset as --display-charset to help avoid the
continuing confusion and make room for possible changes in devel.

* parse-packet.c (parse_plaintext): Show the hex value for the literal
packet mode since it may not be printable.

* keygen.c (make_backsig): Make sure that the backsig was built
successfully before we try and use it.

* status.h, status.c (get_status_string), plaintext.c (handle_plaintext):
New status tags PLAINTEXT and PLAINTEXT_LENGTH.
2004-07-15 21:00:35 +00:00
Werner Koch
e9c4c8ac74 (copy_secret_key): Get last fix right. 2004-06-16 13:24:01 +00:00
Werner Koch
6bbcda7477 s/1/i/ 2004-06-16 09:15:21 +00:00
Werner Koch
5c9cc2e867 * free-packet.c (copy_secret_key): Fixed memory leak when D is not
NULL.

* passphrase.c (passphrase_to_dek): Added a few comments to the
code.
2004-06-16 09:09:31 +00:00
David Shaw
c88d037b6b * keyserver.c (keyserver_refresh): Keep track of keys already fetched so
we don't do a regular keyserver fetch if the preferred keyserver fetch has
exhausted the list.
2004-05-26 15:01:48 +00:00
David Shaw
79bb56aa56 * verify.c (verify_signatures): Verify multiple files in the same order in
which we hashed them when issuing the signature.  Noted by Nicholas Cole.

* pkclist.c (do_edit_ownertrust): Fix a kbnode leak and do another
keyid-format conversion.
2004-05-23 16:24:15 +00:00
Werner Koch
3624da002f some late minor fixes. 2004-05-22 11:33:47 +00:00
David Shaw
bc3f1a148f * mainproc.c (check_sig_and_print): If we're honoring preferred
keyservers, and auto-key-retrieve is set, try and get a missing key from
the preferred keyserver subpacket when we verify the sig.

* gpgv.c (parse_preferred_keyserver, free_keyserver_spec): Stubs.

* keyserver.c (keyidlist): Use new parse_preferred_keyserver function.
(keyserver_work): Use the passed-in keyserver spec rather than the options
global one.

* keyserver-internal.h, keyserver.c (parse_preferred_keyserver): New
function to take a sig and return a split out keyserver_spec.
(keyserver_import_keyid): Now takes a keyserver_spec.
2004-05-22 03:50:20 +00:00
David Shaw
086e589898 * keyserver.c (keyidlist): Go back to the old fast keyid lister. Only
merge selfsigs if we have to for honor-keyserver-url. (keyserver_refresh):
Keyserver URL handler moved here. (calculate_keyid_fpr): Removed.

* keydb.h, keyid.c (keystr_from_desc): Calculate a key string from a
KEYDB_SEARCH_DESC.
2004-05-21 17:32:30 +00:00
David Shaw
228e1a55a4 * keyserver.c (keyserver_spawn): Fix keyserver options on tempfile only
platforms.  Noted by Roger Sondermann.
2004-05-21 12:29:53 +00:00
David Shaw
18e96cb281 * keyserver.c (keyserver_work): Allow --refresh-keys with a preferred
keyserver to happen even if there is no global keyserver set.

* sig-check.c (do_check_messages): No need to check for Elgamal signatures
any longer. (do_check_messages, do_check, check_key_signature2):
--keyid-format conversion.

* pkclist.c (show_paths, edit_ownertrust): Remove some unused code.
2004-05-20 20:42:01 +00:00
David Shaw
cc383b6432 * options.h (ctrl): New for member IN_AUTO_KEY_RETRIEVE.
* mainproc.c (check_sig_and_print): track whether we are retrieving a key.

* status.c (status_currently_allowed): New. (write_status_text,
write_status_text_and_buffer): Use it here.

* g10.c: New command --gpgconf-list. (gpgconf_list): New.  From Werner on
stable branch.
2004-05-20 18:04:33 +00:00
David Shaw
d201b2a92d * g10.c: New command --gpgconf-list. (gpgconf_list): New. From Werner on
stable branch.
2004-05-20 17:06:34 +00:00
David Shaw
3cef407e06 * pubkey-enc.c (get_session_key, get_it), keyedit.c
(show_key_with_all_names, show_basic_key_info): --keyid-format conversion.
2004-05-20 02:51:23 +00:00
David Shaw
ef13cef29c * sign.c (update_keysig_packet): Policies and notations should be stripped
out when remaking a self-signature.  Noted by Atom Smasher.

* keyserver.c (parse_keyserver_uri): Fix compiler warnings.
2004-05-19 03:11:22 +00:00
David Shaw
0aba5ff41b * options.h, keyserver-internal.h, keyserver.c (parse_keyserver_uri):
Improved URI parser that keeps track of the path information and doesn't
modify the input string. (keyserver_spawn): Tell keyserver plugins about
the path.
2004-05-11 19:36:44 +00:00
Werner Koch
536841ecae * keylist.c (show_policy_url, show_keyserver_url, show_notation)
(list_one): Use const char* for i18n string helpers.

* keygen.c (do_generate_keypair, read_parameter_file): Really
close the files.
(do_generate_keypair): Create the secret key file using safe
permissions.  Noted by Atom Smasher.
2004-05-11 07:43:19 +00:00
David Shaw
69df506b84 * options.h, mainproc.c (symkey_decrypt_seskey), keyserver.c (struct
keyrec, parse_keyrec, keyserver_search_prompt), keyedit.c (keyedit_menu),
g10.c (add_keyserver_url, add_policy_url): Fix some compiler warnings.
2004-05-10 21:46:00 +00:00
David Shaw
614304a543 * keyedit.c (keyedit_menu, menu_set_keyserver_url): Allow passing
preferred keyserver on "keyserver" command line.  Sanity check keyserver
URL before accepting it.

* keyserver-internal.h, g10.c (main), keyserver.c (parse_keyserver_uri):
Add an option to require the scheme:// and change all callers.
(free_keyserver_spec): Make public.
2004-05-08 13:51:14 +00:00
Werner Koch
135946bb02 (write_plaintext_packet): Fixed the detection of too
large files in the same way as in encode.c.
2004-05-07 09:31:29 +00:00
David Shaw
f106448a7d * keylist.c (show_notation): Use bits to select which sort of notation to
show.  Don't allow a not-shown notation to prevent us from issuing the
proper --status-fd message.

* options.h, g10.c (main): Add show-std/standard-notations and
show-user-notations.  show-notations is both.  Default is to show standard
notations only during verify.  Change all callers.
2004-05-05 02:40:27 +00:00
David Shaw
0842905be3 * main.h, keylist.c (show_notation): Add argument to show only user
notations, only standard notations, or both.  Change all callers.

* keyserver.c (keyserver_spawn): We still need EXEC_TEMPFILE_ONLY.
2004-04-29 03:42:54 +00:00
Werner Koch
75f14e8571 * card-util.c (card_edit): Require PIN only for generate.
* app-openpgp.c (do_setattr): Sync FORCE_CHV1.
2004-04-28 11:55:46 +00:00
Werner Koch
2900ffbff7 (keyserver_spawn) [EXEC_TEMPFILE_ONLY]: Removed
setting use_temp_file because this option has been removed.
2004-04-27 10:20:38 +00:00
Werner Koch
577d9c2342 A bunch of changes for the openpgp card. 2004-04-27 08:23:45 +00:00
David Shaw
0c67c75cbe * getkey.c (get_seckey_byname2): Significantly simplify this function by
using key_byname to do the heavy lifting.  Note that this also fixes an
old problem when the first key on the secret keyring has an unusable stub
primary, but is still chosen.
2004-04-26 01:20:03 +00:00
David Shaw
7d74743c0e * getkey.c (key_byname): If namelist is NULL, return the first key in the
keyring.
2004-04-26 00:36:01 +00:00
David Shaw
732f049817 * keygen.c (make_backsig): If DO_BACKSIGS is not defined, do not create
backsigs.

* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid.  If DO_BACKSIGS is not defined, fake this as
always valid.

* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.

* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.
2004-04-23 03:25:58 +00:00
David Shaw
2bdb01e2e7 * parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
can_handle_critical): Parse and display 0x19 signatures.
2004-04-22 00:54:30 +00:00
David Shaw
36e6975ac9 * keyserver.c (parse_keyserver_uri): Do not accept "http" as an alias for
"hkp".  They are not the same thing.
2004-04-20 20:17:38 +00:00
David Shaw
3ec6fecade * options.h, g10.c (main): Add keyserver-option honor-keyserver-url.
parse_keyserver_options now returns a success code.

* keyserver.c (parse_keyserver_options): Return error on failure to parse.
Currently there is no way to fail as any unrecognized options get saved to
be sent to the keyserver plugins later. Check length of keyserver option
tokens since with =arguments we must only match the prefix.
(free_keyserver_spec): Moved code from parse_keyserver_url.
(keyserver_work, keyserver_spawn): Pass in a struct keyserver_spec rather
than using the global keyserver option. (calculate_keyid_fpr): New.
Fills in a KEYDB_SEARCH_DESC for a key. (keyidlist): New implementation
using get_pubkey_bynames rather than searching the keydb directly.  If
honor-keyserver-url is set, make up a keyserver_spec and try and fetch
that key directly.  Do not include it in the returned keyidlist in that
case.
2004-04-19 16:02:11 +00:00
David Shaw
d49a7e1a7a * plaintext.c (handle_plaintext): Accept 'u' as a plaintext mode that
requires end of line conversion.  This is being considered for a UTF8 text
packet.  If this doesn't take place, no major harm done.  If it does take
place, we'll get a jump on starting the changeover.

* g10.c (main): --no-use-embedded-filename.

* build-packet.c (calc_plaintext, do_plaintext): Do not create illegal
(packet header indicates a size larger than the actual packet) encrypted
data packets when not compressing and using a filename longer than 255
characters.

* keyedit.c (no_primary_warning): Cleanup. (menu_expire): Don't give
primary warning for subkey expiration changes.  These cannot reorder
primaries.
2004-04-16 16:31:19 +00:00
David Shaw
4420275b83 * keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, do_generate_keypair,
generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey.  Do not overload the ret_sk.  This is some early cleanup
to do backsigs for signing subkeys.

* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):
Keep track of the unprotected subkey secret key so we can make a backsig
with it.

* keygen.c (make_backsig): New function to add a backsig to a binding sig
of signing subkeys.  Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.

* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).

* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.
2004-04-16 16:07:07 +00:00
David Shaw
0a17966a21 * main.h, misc.c (optsep, argsplit, optlen, parse_options): Simplify code
and properly handle a partial match against an option with an argument.

* keyserver-internal.h, keyserver.c (parse_keyserver_options): Use new
optsep and argsplit functions.
2004-04-16 15:19:35 +00:00
David Shaw
2936e539cc * main.h, misc.c (argsplit): Refactor argsep into argsplit and argsep so
they can be called separately.
2004-04-16 02:57:20 +00:00
David Shaw
d20a79dd07 * options.h, keyserver.c (parse_keyserver_options): Remove duplicate code
from parse_keyserver_options by calling the generic parse_options.

* keyserver.c (keyserver_spawn, keyserver_refresh), g10.c (main), gpgv.c
(main), mainproc.c (check_sig_and_print), import.c (revocation_present):
Change all callers.
2004-04-15 18:16:17 +00:00
David Shaw
8c4607568d * packet.h, getkey.c (fixup_uidnode, merge_selfsigs_subkey): Keep track of
which self-sig we actually chose.

* keyedit.c (menu_expire, menu_set_primary_uid, menu_set_preferences): Use
it here to avoid updating non-used self-sigs and possibly promoting an old
self-sig into consideration again.
2004-04-15 00:30:05 +00:00
David Shaw
a9b00b06d1 * options.h, import.c, keyserver-internal.h, g10.c, mainproc.c,
keyserver.c (parse_keyserver_uri): Parse keyserver URI into a structure.
Cleanup for new "guess my keyserver" functionality, as well as refreshing
via a preferred keyserver subpacket.
2004-04-14 21:33:45 +00:00