We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
* keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL):
New.
* keybox-update.c (keybox_compress): Use it here instead of a
magic constant.
sm/
* fingerprint.c (gpgsm_get_fingerprint): Add caching.
(gpgsm_get_fingerprint_string): Use bin2hexcolon().
(gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only
as much memory as required.
(gpgsm_get_keygrip_hexstring): Use bin2hex.
* certchain.c (gpgsm_validate_chain): Keep track of the
certificate chain and reset the ephemeral flags.
* keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK.
Changed caller to use a mask of ~0. Return a proper error code if
the certificate is not available.
* keydb.c (keydb_insert_cert): Do not lock here, but only check if
it is locked.
(keydb_store_cert): Lock here.
* keydb.h (keydb_delete): Accept new argument UNLOCK.
* keydb.c (keydb_delete): Likewise. Only unlock if this is set.
* delete.c (delete_one): Add new argument to invocation of
keydb_delete.
char * vs. unsigned char * warnings. The GNU coding standards used to
say that these mismatches are okay and better than a bunch of casts.
Obviously this has changed now.
* certreqgen.c (get_parameter_uint, create_request): Create
an extension for key usage when requested.
* gpgsm.c (main): Install emergency_cleanup also as an atexit
handler.
* verify.c (gpgsm_verify): Removed the separate error code
handling for KSBA. We use shared error codes anyway.
* export.c (export_p12): Removed debugging code.
* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
(main): New option --gpgconf-list.
(main): Do not setup -u and -r keys when not required.
(main): Setup the used character set.
* keydb.c (keydb_add_resource): Print a hint to start the
gpg-agent.
* keybox-search.c (get_flag_from_image, keybox_get_flags): New.
(_keybox_get_flag_location): New.
* certchain.c (gpgsm_validate_chain): Mark revoked certs in the
keybox.
* keylist.c (list_cert_colon): New arg VALIDITY; use it to print a
revoked flag.
(list_internal_keys): Retrieve validity flag.
(list_external_cb): Pass 0 as validity flag.
* keydb.c (keydb_get_flags, keydb_set_flags): New.
(keydb_set_cert_flags): New.
(lock_all): Return a proper error code.
(keydb_lock): New.
(keydb_delete): Don't lock but check that it has been locked.
(keydb_update_keyblock): Ditto.
* delete.c (delete_one): Take a lock.
all callers.
* call-agent.c (learn_cb): Print info message only for real imports.
* import.c (gpgsm_import): Moved duplicated code to ...
(check_and_store): new function. Added magic to import the entire
chain. Print status only for real imports and moved printing code
to ..
(print_imported_status): New.
* certpath.c (find_up): Try to retrieve an issuer key from an
external source and from the ephemeral key DB.
(find_up_store_certs_cb): New.
* keydb.c (keydb_set_ephemeral): Does now return the old
state. Call the backend only when required.
* call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR.
(lookup_status_cb): Issue status only when CTRL is not NULL.
(gpgsm_dirmngr_lookup): Document that CTRL is optional.
* call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT.
certificate with the required key usage.
* gpgsm.c (main): Fixed a segv when using --outfile without an
argument.
* keylist.c (print_capabilities): Also check for non-repudiation
and data encipherment.
* certlist.c (cert_usage_p): Test for signing and encryption was
swapped. Add a case for certification usage, handle
non-repudiation and data encipherment.
(gpgsm_cert_use_cert_p): New.
(gpgsm_add_to_certlist): Added a CTRL argument and changed all
callers to pass it.
* certpath.c (gpgsm_validate_path): Use it here to print a status
message. Added a CTRL argument and changed all callers to pass it.
* decrypt.c (gpgsm_decrypt): Print a status message for wrong key
usage.
* verify.c (gpgsm_verify): Ditto.
* keydb.c (classify_user_id): Allow a colon delimited fingerprint.
successful import.
* keydb.c (keydb_set_ephemeral): New.
(keydb_store_cert): New are ephemeral, changed all callers.
* keylist.c (list_external_cb): Store cert as ephemeral.
* export.c (gpgsm_export): Kludge to export epehmeral certificates.
* gpgsm.c (main): New command --list-external-keys.
* sign.c (gpgsm_get_default_cert): New.
(get_default_signer): Use the new function if local_user is not
set otherwise used that value.
* encrypt.c (get_default_recipient): Removed.
(gpgsm_encrypt): Use gpgsm_get_default_cert.
* verify.c (gpgsm_verify): Better error text for a bad signature
found by comparing the hashs.
storing it.
* certpath.c (gpgsm_basic_cert_check): New.
* keydb.c (keydb_store_cert): New.
* import.c (store_cert): Removed and change all caller to use
the new function.
* verify.c (store_cert): Ditto.
* certlist.c (gpgsm_add_to_certlist): Validate the path
* certpath.c (gpgsm_validate_path): Check the trust list.
* call-agent.c (gpgsm_agent_istrusted): New.
* server.c (cmd_genkey): New.
* certreqgen.c: New. The parameter handling code has been taken
from gnupg/g10/keygen.c version 1.0.6.
* call-agent.c (gpgsm_agent_genkey): New.
* certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made
global.
(print_time): Renamed to gpgsm_dump_time, made global.
(gpgsm_dump_serial): Take a real S-Expression as argument and
print the first item.
* keylist.c (list_cert_colon): Ditto.
* keydb.c (keydb_search_issuer_sn): Ditto.
* decrypt.c (print_integer_sexp): Removed and made callers
use gpgsm_dump_serial.
* verify.c (print_time): Removed, made callers use gpgsm_dump_time.