* command-ssh.c (ssh_identity_register): Make KEY_GRIP_RAW be 20
instead of 21 bytes long; do not fill KEY_GRIP_RAW[20] with NUL
byte - KEY_GRIP_RAW is a raw binary string anyway.
than 160 bits as per DSA2. This will allow us to verify and issue DSA2
signatures for some backwards compatibility once we start generating DSA2
keys.
* sign.c (do_sign), sig-check.c (do_check): Change all callers.
* sign.c (do_sign): Enforce the 160-bit check for new signatures here
since encode_md_value can handle non-160-bit digests now. This will need
to come out once the standard for DSA2 is firmed up.
rather than '#ifdef' BIG_ENDIAN_HOST. Harmless as we explicitly
define BIG_ENDIAN_HOST to 1 when we need it, but needed for OSX fat
builds when we define BIG_ENDIAN_HOST to another macro.
same API as the other auto-key-locate fetchers.
* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched. This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it. In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker. By forcing the use of
the fingerprint, we won't use the attacker's key here.
is no backsig present. Give a URL for more information.
* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.
to be deleted with a '-' prefix.
* keyedit.c (menu_set_notation): Use it here to allow deleting a notation
marked with '-'. This works with either "-notation" or "-notation=value".
Use it here for the various notation commands.
* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.
pka-lookups, not pka-lookup.
* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
David Shaw