1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-26 10:59:58 +01:00

538 Commits

Author SHA1 Message Date
Werner Koch
0295445a4c * keygen.c (get_parameter_algo): Never allow generation of the
deprecated RSA-E or RSA-S flavors of PGP RSA.
(ask_algo): Allow generation of RSA sign and encrypt in expert
mode.  Don't allow ElGamal S+E unless in expert mode.
* helptext.c: Added entry keygen.algo.rsa_se.
2002-05-07 07:24:29 +00:00
David Shaw
2e56b988c8 * keyedit.c (sign_uids): If --expert it set, allow re-signing a uid to
promote a v3 self-sig to a v4 one.  This essentially deletes the old v3
self-sig and replaces it with a v4 one.
2002-05-07 04:27:40 +00:00
David Shaw
50c9a5bd25 * packet.h, parse-packet.c (parse_key), getkey.c (merge_keys_and_selfsig,
merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4
self-sig express a key expiration time that extends beyond the original v3
expiration time.
2002-05-07 04:05:03 +00:00
David Shaw
4a214fbfbb * keyedit.c (sign_uids): When making a self-signature via "sign" don't ask
about sig level or expiration, and include the usual preferences and such
for v4 self-sigs.  (menu_set_preferences): Convert uids from UTF8 to
native before printing.
2002-05-06 22:38:53 +00:00
David Shaw
2dfec7107c * keyedit.c (sign_uids): Convert uids from UTF8 to native before printing.
(menu_set_primary_uid): Show error if the user tries to make a uid with a
v3 self-sig primary.
2002-05-06 16:40:33 +00:00
David Shaw
ffc98f20ea * import.c (import_one): When merging with a key we already have, don't
let a key conflict (same keyid but different key) stop the import: just
skip the bad key and continue.

* exec.c (make_tempdir): Under Win32, don't try environment variables for
temp directories - GetTempDir tries environment variables internally, and
it's better not to second-guess it in case MS adds some sort of temp dir
handling to Windows at some point.
2002-05-05 19:44:22 +00:00
Timo Schulz
f6ccde9f14 2002-05-04 Timo Schulz <ts@winpt.org>
* mainproc.c (proc_symkey_enc): Don't ask for a passphrase
        in the list only mode.
2002-05-05 15:50:44 +00:00
David Shaw
ab59f621d6 * keyserver.c (keyserver_refresh): --refresh-keys implies --merge-only so
as not to import keys with keyids that match the ones being refreshed.
Noted by Florian Weimer.
2002-05-05 12:45:54 +00:00
Stefan Bellon
158091ef9f fixed m_alloc(0) bug and added checks to revkey and numrevkeys 2002-05-04 14:45:34 +00:00
David Shaw
4991e018bf * photoid.c: Provide default image viewer for Win32.
* misc.c (pct_expando): %t means extension, not name ("jpg", not "jpeg").

* keyserver.c (keyserver_spawn), photoid.c (show_photos), exec.h, exec.c:
Allow the caller to determine the temp file extension when starting an
exec_write and change all callers.
2002-05-04 00:39:15 +00:00
David Shaw
201ad25df9 * keyedit.c (sign_uids): Nonrevocable key signatures cause an automatic
promotion to v4.
2002-05-03 22:31:30 +00:00
David Shaw
cc0074dc5a * configure.ac: Add --disable-exec flag to disable all remote program
execution.  --disable-exec implies --disable-ldap and --disable-mailto.
Also look in /usr/lib for sendmail.  If sendmail is not found, do not
default - just fail.

* exec.c: Provide stubs for exec_ functions when NO_EXEC is defined.
2002-05-03 12:35:51 +00:00
David Shaw
6dc53d136a * photoid.h, photoid.c (parse_image_header, image_type_to_string): Useful
functions to return data about an image.

* packet.h, parse-packet.c (make_attribute_uidname,
parse_attribute_subpkts, parse_attribute), photoid.h, photoid.c
(show_photos): Handle multiple images in a single attribute packet.

* main.h, misc.c (pct_expando), sign.c (mk_notation_and_policy), photoid.c
(show_photos): Simpler expando code that does not require using
compile-time string sizes.  Call image_type_to_string to get image strings
(i.e. "jpg", "image/jpeg").  Change all callers.

* keyedit.c (menu_showphoto), keylist.c (list_keyblock_print): Allow
viewing multiple images within a single attribute packet.

* gpgv.c: Various stubs for link happiness.
2002-05-02 20:47:23 +00:00
David Shaw
0d63a076b0 Allow multiple policy URLs on a given signature.
Split "--notation-data" into "--cert-notation" and "--sig-notation" so the
user can set different policies for key and data signing.  For backwards
compatibility, "--notation-data" sets both, as before.
2002-05-02 13:25:59 +00:00
Werner Koch
1b65d681ff util/
* memory.c (alloc): Malloc at least 1 byte.  Noted by Winona Brown.
g10/
* options.skel: Removed the comment on trusted-keys because this
option is now deprecated.
2002-05-02 07:48:39 +00:00
David Shaw
66c8a663a5 * keyedit.c (menu_adduid): 2440bis04 says that multiple attribute packets
on a given key are legal.

* keyserver.c (keyserver_refresh): the fake v3 keyid hack applies to
"mailto" URLs as well since they are also served by pksd.
2002-05-01 22:33:18 +00:00
Werner Koch
cd59cb1d64 Added a copyright year for files changed this year. 2002-04-29 14:42:34 +00:00
Werner Koch
a452130f55 fixed comment style 2002-04-29 09:17:17 +00:00
Werner Koch
ecbf6f4d46 g10/
* g10.c, options.h: New options --display, --ttyname, --ttytype,
--lc-ctype, --lc-messages to be used with future versions of the
gpg-agent.
* passphrase.c (agent_send_option,agent_send_all_options): New.
(agent_open): Send options to the agent.

* trustdb.c (update_ownertrust, clear_ownertrust): Do an explicit
do_sync because revalidation_mark does it only if when the
timestamp actually changes.
/
* configure.ac: Check for locale.h and setlocale
2002-04-25 08:30:35 +00:00
David Shaw
cd7b3f9590 After generating a new key, show the key information (name, keyid,
fingerprint, etc.)

Do not print uncheckable signatures (missing key..) in --check-sigs.

Print statistics (N missing keys, etc.) after --check-sigs.

When signing a key with an expiration date on it, the "Do you want your
signature to expire at the same time?" question should default to YES
2002-04-23 17:54:38 +00:00
David Shaw
3b9a04844c * parse-packet.c (parse_plaintext), packet.h, plaintext.c
(handle_plaintext): Fix bug in handling literal packets with zero-length
data (no data was being confused with partial body length).

* misc.c (pct_expando), options.skel: %t means extension ("jpg"). %T means
MIME type ("image/jpeg").

* import.c (import_one): Only trigger trust update if the keyring is
actually changed.

* export.c (do_export_stream): Missing a m_free.
2002-04-23 02:48:44 +00:00
Werner Koch
0f2fedd806 po/
* et.po, tr.po, cs.po, it.po, id.po: Updated.
2002-04-22 19:33:39 +00:00
Stefan Bellon
70618e5175 RISC OS specific changes 2002-04-22 15:49:31 +00:00
David Shaw
3b97ac9ef8 * keygen.c (generate_subkeypair): 2440bis04 adds that creating subkeys on
v3 keys is a MUST NOT.

* getkey.c (finish_lookup): The --pgp6 "use the primary key" behavior
should only apply while data signing and not encryption. Noted by Roger
Sondermann.
2002-04-20 11:57:35 +00:00
David Shaw
f06ee291db * keyedit.c (menu_deluid): Only cause a trust update if we delete a
non-revoked user id.

* hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options,
keyserver_spawn), options.h: Remove fast-import keyserver option (no
longer meaningful).

* g10.c (main), keyedit.c (sign_uids), options.h: Change
--default-check-level to --default-cert-check-level as it makes clear what
it operates on.

* g10.c (main): --pgp6 also implies --no-ask-sig-expire.

* delkey.c (do_delete_key): Comment.
2002-04-19 22:38:20 +00:00
David Shaw
cc7fb43ac3 * keyedit.c (sign_uids, keyedit_menu, menu_deluid, menu_delsig,
menu_expire, menu_revsig, menu_revkey): Only force a trustdb check if we
did something that changes it.

* g10.c: add "--auto-check-trustdb" to override a
"--no-auto-check-trustdb"
2002-04-19 11:31:53 +00:00
Werner Koch
4847eadcd8 * tdbio.c (tdbio_write_nextcheck): Return a status whether the
stamp was actually changed.
* trustdb.c (revalidation_mark): Sync the changes.  Removed the
sync operation done by its callers.
(get_validity): Add logic for maintaining a pending_check flag.
(clear_ownertrust): New.

* keyedit.c (sign_uids): Don't call revalidation_mark depending on
primary_pk.
(keyedit_menu): Call revalidation_mark after "trust".
(show_key_with_all_names): Print a warning on the wrong listed key
validity.

* delkey.c (do_delete_key): Clear the owenertrust information when
deleting a public key.
2002-04-19 09:18:57 +00:00
Werner Koch
aedeefcc5f * seskey.c (encode_md_value): Print an error message if a wrong
digest algorithm is used with DSA.  Changed all callers to cope
with a NULL return.  Problem noted by Imad R. Faiad.
2002-04-18 19:38:34 +00:00
Werner Koch
40bbe7f621 * trustdb.c (validate_keys): Never schedule a nextcheck into the
past.
(validate_key_list): New arg curtime use it to set next_expire.
(validate_one_keyblock): Take the current time from the caller.
(clear_validity, reset_unconnected_keys): New.
(validate_keys): Reset all unconnected keys.
2002-04-18 18:40:11 +00:00
David Shaw
c07113d265 * trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable
signatures that can expire.  In short, the only thing that can override an
unexpired nonrevocable signature is another unexpired nonrevocable
signature.

* getkey.c (finish_lookup): Always use primary signing key for signatures
when --pgp6 is on since pgp6 and 7 do not understand signatures made by
signing subkeys.
2002-04-18 18:23:22 +00:00
Werner Koch
37c268ed6a * trustdb.c (validate_keys): Never schedule a nextcheck into the
past.
2002-04-18 11:01:56 +00:00
Werner Koch
bf7cef8ebf * getkey.c (lookup): Advance the searchmode after a search FIRST. 2002-04-18 10:50:05 +00:00
Werner Koch
ad2bfad4cc * getkey.c (premerge_public_with_secret): Fixed 0x12345678! syntax
for use with secret keys.

* seckey-cert.c (do_check): Always calculate the old checksum for
use after unprotection.

* g10.c, options.skel: New option --no-escape-from.  Made
--escape-from and --force-v3-sigs the default and removed them
from the options skeleton.
2002-04-18 08:09:56 +00:00
Werner Koch
60e0b2ad92 * parse-packet.c (parse_key): Support a SHA1 checksum as per
draft-rfc2440-bis04.
* packet.h (PKT_secret_key): Add field sha1chk.
* seckey-cert.c (do_check): Check the SHA1 checksum
(protect_secret_key): And create it.
* build-packet.c (do_secret_key): Mark it as sha-1 protected.
* g10.c, options.h: New option --simple-sk-checksum.
2002-04-17 16:00:03 +00:00
David Shaw
9ef1a80f8d * parse-packet.c (parse_signature): Minor fix - signatures should expire
at their expiration time and not one second later.

* keygen.c (proc_parameter_file): Allow specifying preferences string
(i.e. "s5 s2 z1 z2", etc) in a batchmode key generation file.

* keyedit.c (keyedit_menu): Print standard error message when signing a
revoked key (no new translation).

* getkey.c (merge_selfsigs): Get the default set of key prefs from the
real (not attribute) primary uid.
2002-04-14 01:27:11 +00:00
David Shaw
9d7b26c784 * pkclist.c (build_pk_list): Fix bug that allowed a key to be selected
twice in batch mode if one instance was the default recipient and the
other was an encrypt-to.  Noted by Stefan Bellon.

* parse-packet.c (dump_sig_subpkt): Show data in trust and regexp sig
subpackets.

* keyedit.c (keyedit_menu): Use new function real_uids_left to prevent
deleting the last real (i.e. non-attribute) uid.  Again, according to the
attribute draft. (menu_showphoto): Make another string translatable.
2002-04-13 04:32:03 +00:00
David Shaw
5005434c7e * build-packet.c (build_sig_subpkt): Delete subpackets from both hashed
and unhashed area on update.  (find_subpkt): No longer needed.

* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key with a v4
signature.  As usual, --expert overrides.  Try to tweak some strings to a
closer match so they can all be translated in one place.  Use different
helptext keys to allow different help text for different questions.

* keygen.c (keygen_upd_std_prefs): Remove preferences from both hashed and
unhashed areas if they are not going to be used.
2002-04-12 04:07:26 +00:00
David Shaw
018f352294 * misc.c (pct_expando), options.skel: Use %t to indicate type of a photo
ID (in this version, it's always "jpeg").  Also tweak string expansion
loop to minimize reallocs.

* mainproc.c (do_check_sig): Variable type fix.

* keyedit.c (menu_set_primary_uid): Differentiate between true user IDs
and attribute user IDs when making one of them primary. That is, if we are
making a user ID primary, we alter user IDs. If we are making an attribute
packet primary, we alter attribute packets.  This matches the language in
the latest attribute packet draft.

* keyedit.c (sign_uids): No need for the empty string hack.

* getkey.c (fixup_uidnode): Only accept preferences from the hashed
segment of the self-sig.
2002-04-11 04:04:41 +00:00
Werner Koch
f99f585427 * tdbio.c (migrate_from_v2): Fixed the offset to read the old
ownertrust value and only add entries to the table if we really
have a value.
2002-04-10 09:53:55 +00:00
David Shaw
d367d40e47 Add KEYEXPIRED, EXPSIG, and EXPKEYSIG. Add
"deprecated-use-keyexpired-instead" to SIGEXPIRED.

Start transition from SIGEXPIRED to KEYEXPIRED, since the actual event is
signature verification by an expired key and not an expired signature.
Rename do_signature_check as signature_check2, make public, and change all
callers.

Use status EXPSIG for an expired, but good, signature.  Add the expiration
time (or 0) to the VALIDSIG status line.  Use status KEYEXPSIG for a good
signature from an expired key.

Remove checks for no arguments now that argparse does it.
2002-04-10 04:21:26 +00:00
Werner Koch
b725d8ec27 Merged in my changes, after disk crash. Fortunately the CVS was not
affected - but everything else and it seems that there is no backup of
the BTS data is available :-(
2002-04-08 15:10:51 +00:00
David Shaw
6be3bee320 Fix auto-key-retrieve to actually work as a keyserver-option (noted by
Roger Sondermann).

Do not reorder the primary attribute packet - the first user ID must be a
genuine one.
2002-04-04 03:45:50 +00:00
David Shaw
0f682ed3f7 Fix ownertrust display with --with-colons.
Properly initialize the user ID refcount for user and photo IDs.

Tweak a few prompts to change "y/n" to "y/N", which is how most other
prompts are written.

Warn the user if they are about to revoke an expired sig (not a problem,
but they should know).

Control-d escapes the keyserver search prompt.

If a subkey is considered revoked solely because the parent key is
revoked, print the revocation reason from the parent key.

Allow revocation/expiration to apply to a uid/key with no entry in the
trustdb.
2002-03-31 23:51:33 +00:00
David Shaw
9fb6cae5e4 Quote and unquote backslashes from keyserver search responses. 2002-03-29 16:58:07 +00:00
David Shaw
ff8460f20d Minor tweak to importing to allow more non-signed uids (now that
--allow-non-selfsigned-uid allows for completey unsigned uids).

Do not choose an attribute packet (i.e. photo) as primary uid.  This
prevents oddities like "Good signature from [image of size 2671]".  This
is still not perfect (one can still select an attribute packet as primary
in --edit), but is closer to the way the draft is going.

The algorithms list should include #110.

--pgp2 implies --no-ask-sig-expire and --no-ask-cert-expire as those would
cause a v4 sig/cert.

Be more lenient in what constitutes a valid armor header (i.e. -----BEGIN
blah blah-----) as some Windows programs seem to add spaces at the end.
--openpgp makes it strict again
2002-03-24 04:54:58 +00:00
David Shaw
46ce06d9d9 Properly handle a "no keys found" case from the internal HKP code
(external HKP is ok). Also, make a COUNT -1 (i.e. streamed) keyserver
response a little more efficient.

Add --no-allow-non-selfsigned-uid
2002-03-19 04:35:45 +00:00
David Shaw
b8858a3ef1 --openpgp implies --allow-non-selfsigned-uid
If none of the uids are primary (because none are valid) then pick the
first to be primary (but still invalid).  This is for cosmetics in case
some display needs to print a user ID from a non-selfsigned key.  Also use
--allow-non-selfsigned-uid to make such a key valid and not
--always-trust.  The key is *not* automatically trusted via
--allow-non-selfsigned-uid.

Make sure non-selfsigned uids print [uncertain] on verification even
though one is primary now.

If the main key is not valid, then neither are the subkeys.

Allow --allow-non-selfsigned-uid to work on completely unsigned keys.
Print the uids in UTF8.  Remove mark_non_selfsigned_uids_valid()

Show revocation key as UTF8.

Allow --not-dash-escaped to work with v3 keys.
2002-03-17 23:47:32 +00:00
David Shaw
8cb9dd7a39 Show which user ID a bad self-sig (invald sig or unsupported public key
algorithm) resides on.
2002-03-13 20:20:14 +00:00
David Shaw
22bc1b3a5e any valid self-sig should mark a user ID or subkey as valid - otherwise,
an attacker could DoS the user by inventing a bogus invalid
self-signature.
2002-03-13 13:28:18 +00:00
David Shaw
f8f52d8ffe Some minor fixes for revocation keys: print a warning if a key is imported
that has been revoked by designated revoker, but the designated revoker is
not present to verify the revocation (whew!).  This applies to all ways to
get a key into the system: --import --recv-keys, and --search-keys.  If
auto-key-retrieve is set, try and retrieve the revocation key.

Also, auto-key-retrieve is now a keyserver-option.
2002-03-07 19:44:57 +00:00