Enable --require-cross-certification by default. --openpgp
(--rfc4880) is the same as --rfc2440 except with "--enable-dsa2
--no-rfc2440-text --escape-from-lines".
--rfc4880, and make --openpgp an alias to it. --rfc2440 now stands
alone. For now, use the old 2440 defaults for 4880.
* keyedit.c (keyedit_menu): Use compliance_option_string() instead of
printing the compliance modes here.
keygen_add_std_prefs, proc_parameter_file): Add --default-keyserver-url to
specify a keyserver URL at key generation time, and "Keyserver:" keyword
for doing the same through a batch file.
called with them closed. This is to protect our keyring/trustdb files
from corruption if they get attached to one of the standard fds. Print a
warning if possible that this has happened, and fail completely if we
cannot reopen (should never happen). (main): Call it here.
to disable.
* pkclist.c (algo_available): If --enable-dsa2 is set, we're allowed to
truncate hashes to fit DSA keys.
* sign.c (match_dsa_hash): New. Return the best match hash for a given q
size. (do_sign, hash_for, sign_file): When signing with a DSA key, if it
has q==160, assume it is an old DSA key and don't allow truncation unless
--enable-dsa2 is also set. q!=160 always allows truncation since they
must be DSA2 keys. (make_keysig_packet): If the user doesn't specify a
--cert-digest-algo, use match_dsa_hash to pick the best hash for key
signatures.
SHA-224.
* sign.c (write_plaintext_packet), encode.c (encode_simple): Factor
common literal packet setup code from here, to...
* main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure the
literal packet filename field is UTF-8 encoded.
* options.h, gpg.c (main): Make sure --set-filename is UTF-8 encoded
and note when filenames are already UTF-8.
* keyedit.c (menu_backsign): Allow backsigning even if the secret
subkey doesn't have a binding signature.
* armor.c (radix64_read): Don't report EOF when reading only a pad (=)
character. The EOF actually starts after the pad.
* gpg.c (main): Make --export, --send-keys, --recv-keys,
--refresh-keys, and --fetch-keys follow their arguments from left to
right. Suggested by Peter Palfrader.
Use it here for the various notation commands.
* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.
pka-lookups, not pka-lookup.
* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
--no-auto-key-locate.
* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.
* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New. Find a keyserver that matches ours and
return its spec.
* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
when fetching a URI.
* keyserver-internal.h, keyserver.c (keyserver_fetch): New. Fetch an
arbitrary URI using the keyserver helpers.
* gpg.c (main): Call it from here for --fetch-keys.
since we may unprotect it.
* main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local user
support so users can use -u with --desig-revoke. This bypasses the
interactive walk over the revocation keys.
speaking this should be only in gpg_CPPFLAGS, but then we have to
compile everything twice for gpg and gpgv.
* apdu.c (open_pcsc_reader): Fix double free.
* gpg.c (main) [__APPLE__]: Default the PCSC driver to the OS X
location. Suggested by Patty A. Hardy.
