1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

911 Commits

Author SHA1 Message Date
David Shaw
9b506bab88 * free-packet.c (copy_signature): Properly copy a signature that carries a
revocation key on it.
2002-06-14 22:07:14 +00:00
David Shaw
c5a82f99dc * pkclist.c (expand_id, expand_group, build_pk_list): Groups now work
properly when used in the "Enter the user ID" prompt.
2002-06-14 19:47:11 +00:00
David Shaw
0686d7c10c * util.h: Add pop_strlist() from strgutil.c. 2002-06-14 19:34:30 +00:00
David Shaw
7226fdf27a * strgutil.c (pop_strlist): New function to pop the head off of a strlist. 2002-06-14 19:34:19 +00:00
David Shaw
08d65bc8ca * keyedit.c (show_key_with_all_names): Display warning if a user tries to
show prefs on a v3 key with a v3 selfsig.

* kbnode.c (dump_kbnode): Show if a uid is expired.

* import.c (merge_blocks, import_revoke_cert): Show user ID receiving a
revocation certificate.

* free-packet.c (cmp_user_ids): Properly compare attribute ids.
2002-06-14 18:39:07 +00:00
David Shaw
ecc02567a6 * pkclist.c (expand_groups): Maintain the strlist flags while expanding.
Members of an expansion inherit their flags from the expansion key.

* options.h, cipher.c (write_header), g10.c (main), keygen.c
(keygen_set_std_prefs): remove the personal_mdc flag.  It no longer serves
a purpose now that the personal preference lists are split into
cipher/digest/zip.
2002-06-14 17:42:47 +00:00
Timo Schulz
08ad6bc159 2002-06-14 Timo Schulz <ts@winpt.org>
* skclist.c (is_insecure): Implemented.
2002-06-14 11:14:41 +00:00
David Shaw
26f00196b3 * keyserver.c (keyserver_spawn): Properly handle PROGRAM responses when
they have a CRLF ending.  Noted by Keith Ray.
2002-06-12 20:53:00 +00:00
David Shaw
8ce53a679a * keyserver.c (keyserver_spawn): Handle CRLF endings from keyserver
helpers.  Also don't leak the last line worth of memory from the keyserver
response.

* main.h, misc.c (deprecated_warning): New function to warn about
deprecated options and commands.

* g10.c (main), keyserver-internal.h, keyserver.c (parse_keyserver_uri):
Use new deprecated function to warn about honor-http-proxy,
auto-key-retrieve, and x-broken-hkp.
2002-06-12 18:56:36 +00:00
David Shaw
03d78479ff * configure.ac: Move -lsocket and -lnsl checks before LDAP link tests so
they work properly on Solaris.  Noted by David Champion.

Also, check for the Mozilla LDAP library if the OpenLDAP library check
fails.  Put -lsocket and -lnsl in NETLIBS rather than LIBS so not all
programs are forced to link to them.
2002-06-11 21:50:13 +00:00
David Shaw
ceab809f1e * Makefile.am: link gpg with NETLIBS for the built-in HKP access. 2002-06-11 21:39:21 +00:00
David Shaw
7a5c28ffe9 * Makefile.am: Don't hard-code the LDAP libraries - get them from LDAPLIBS
via configure.  Also, gpgkeys_hkp is a program, not a script.
2002-06-11 21:38:02 +00:00
David Shaw
f1c38eea2a * gpgkeys_ldap.c (include_subkeys): Default "include-subkeys" to off,
since GnuPG now defaults it to on.
2002-06-10 21:34:15 +00:00
David Shaw
6ae955f451 * options.h, keyserver.c (keyserver_opts), g10.c (main): New keyserver
option "include-subkeys".  This feature already existed, but now can be
turned off.  It defaults to on.

* options.h, keyserver.c (parse_keyserver_options, keyserver_spawn): There
are now enough options to justify making a structure for the keyserver
options rather than a page of if-then-else-if-then-etc.

* getkey.c (merge_keys_and_selfsig, merge_selfsigs_main): Fix bug in
calculating key expiration dates.
2002-06-10 21:32:07 +00:00
David Shaw
3bff7c1d60 * keydb.h, getkey.c (get_user_id_native), import.c (import_one): Display
user ID while importing a key.  Note this applies to both --import and
keyserver --recv-keys.

* exec.c (exec_finish): Log unnatural exit (core dump, killed manually,
etc) for fork/exec/pipe child processes.
2002-06-09 17:16:51 +00:00
Timo Schulz
fc0d796503 2002-06-08 Timo Schulz <ts@winpt.org>
* encode.c (encode_symmetric): Disable the compat flag
        when the expert mode is enabled.
2002-06-08 16:37:09 +00:00
David Shaw
92cefb688e * options.skel, options.h, main.h, keydb.h, pkclist.c (build_pk_list,
expand_groups), g10.c (main, add_group): Add new "group" command to allow
one name to expand into multiple keys. For simplicity, and to avoid
potential loops, we only expand once - you can't make an alias that points
to an alias.

* main.h, g10.c (main), keygen.c (build_personal_digest_list): Simplify
the default digest list - there is really no need for the other hashes
since they will never be used after SHA-1 in the list.

* options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
"x-broken-hkp" keyserver scheme into keyserver-option "broken-http-proxy".
Move honor_http_proxy into keyserver_options.  Canonicalize the three
variations of "hkp", "x-hkp", and "x-broken-hkp" into "hkp".
2002-06-07 19:38:27 +00:00
Stefan Bellon
40b599a04a RISC OS specific changes 2002-06-07 12:13:44 +00:00
David Shaw
005d2cc4a8 * main.h, g10.c (main), keygen.c (build_personal_digest_list): Put in a
default digest preference list consisting of SHA-1, followed by every
other installed digest except MD5.  Note this is the same as having no
digest preference at all except for SHA-1 being favored.

* options.h, g10.c (main), keygen.c (keygen_set_std_prefs), pkclist.c
(select_algo_from_prefs): Split --personal-preference-list into three:
--personal-{cipher|digest|compress}-preferences.  This allows a user to
set one without affecting another (i.e. setting only a digest pref doesn't
imply an empty cipher pref).

* exec.c (exec_read): This is a safer way of guessing the return value of
system().  Noted by Stefan Bellon.
2002-06-06 20:59:20 +00:00
David Shaw
e6e35d9937 * gpgkeys_hkp.c (parse_hkp_index): Type tweaks.
* gpgkeys_hkp.c (main): Add experimental code warning.
2002-06-06 16:25:16 +00:00
David Shaw
e1f88c5d3f * hkp.c (parse_hkp_index): Be more robust with keyservers returning very
unparseable responses.

* exec.c (exec_read): Catch and display an error when the remote process
exits unnaturally (i.e. segfault) so the user knows what happened.  Also
fix exec_write stub which has a different number of arguments now.
2002-06-06 04:04:35 +00:00
David Shaw
d8524b8461 * Makefile.am, gpgkeys_hkp.c (new): Experimental HKP keyserver interface. 2002-06-06 01:04:37 +00:00
David Shaw
5b27bb8361 * configure.ac: Add a switch for the experimental external HKP keyserver
interface.
2002-06-06 00:17:27 +00:00
Timo Schulz
fa73dd2052 2002-06-05 Timo Schulz <ts@winpt.org>
* encode.c (encode_simple): Ignore the new mode for RFC1991.
        * mainproc.c (symkey_sesskey_decrypt): Better check for weird
        keysizes.
2002-06-05 13:48:41 +00:00
Timo Schulz
8bd4025def 2002-06-05 Timo Schulz <ts@winpt.org>
* encode.c (encode_sesskey): New.
        (encode_simple): Use it here. But by default we use the compat
        mode which supress to generate encrypted session keys.
2002-06-05 12:19:44 +00:00
Timo Schulz
fade87da08 *** empty log message *** 2002-06-05 11:47:18 +00:00
Timo Schulz
3b6a0c36a2 2002-06-05 Timo Schulz <ts@winpt.org>
* mainproc.c (symkey_decrypt_sesskey): New.
        (proc_symkey_enc): Support for encrypted session keys.
2002-06-05 10:31:08 +00:00
Timo Schulz
098a5229d1 2002-06-05 Timo Schulz <ts@winpt.org>
* fileutil.c (is_file_compressed): Corrected the magic values
        for bzip2 and gzip. Noted by David.
2002-06-05 09:23:51 +00:00
David Shaw
fd08b13528 * sign.c (hash_for, sign_file): When encrypting and signing at the same
time, consult the various hash prefs to pick a hash algorithm to use.
Pass in a 160-bit hint if any of the signing keys are DSA.

* keydb.h, pkclist.c (select_algo_from_prefs, algo_available): Pass a
"hints" opaque pointer in to let the caller give hints as to what
algorithms would be acceptable.  The only current hint is for
PREFTYPE_HASH to require a 160-bit hash for DSA.  Change all callers in
encode.c (encode_crypt, encrypt_filter) and sign.c (sign_file).  If we
settle on MD5 as the best algorithm based solely on recepient keys and
SHA1 is also a possibility, use SHA1 unless the user intentionally chose
MD5.  This is as per 2440:13.

* exec.c (make_tempdir): Fix duplicated filename problem.
2002-06-04 23:18:37 +00:00
David Shaw
ae02cf4630 forgot the changelog :) 2002-06-03 23:31:26 +00:00
David Shaw
8273c72860 * packet.h, parse-packet.c (enum_sig_subpkt): Report back from
enum_sig_subpkt when a subpacket is critical and change all callers in
keylist.c (show_policy_url, show_notation), mainproc.c
(print_notation_data), and pkclist.c (do_show_revocation_reason).

* keylist.c (show_policy_url, show_notation): Display if the policy or
notation is critical.
2002-06-03 23:30:10 +00:00
David Shaw
fa7148d1ed * DETAILS: Details of ATTRIBUTE.
* gpg.sgml: Document --attribute-fd
2002-06-03 21:49:20 +00:00
Timo Schulz
4007960066 2002-06-03 Timo Schulz <ts@winpt.org>
* DETAILS: Add ATTRIBUTE.
2002-06-03 21:16:14 +00:00
David Shaw
f0bf8b4afc * main.h, g10.c (main), keylist.c (dump_attribs, set_attrib_fd,
list_keyblock_print, list_keyblock_colon), status.h, status.c
(get_status_string): New --attribute-fd feature to dump the contents of
attribute subpackets for frontends.  If --status-fd is also used, then a
new status tag ATTRIBUTE is provided for each subpacket.

* packet.h, getkey.c (fixup_uidnode, merge_selfsigs_main,
merge_selfsigs_subkey), parse-packet.c (setup_user_id): Keep track of the
expiration time of a user ID, and while we're at it, use the expired flag
from the selfsig rather than reparsing the SIG_EXPIRE subpacket.

* photoid.c (generate_photo_id): When adding a new photo ID, showing the
photo for confirmation is not safe when noninteractive since the "user"
may not be able to dismiss a viewer window. Noted by Timo Schulz.
2002-06-03 20:48:36 +00:00
David Shaw
cd2450f41f * options.skel: Sample photo viewers for Win32.
* misc.c (pct_expando): Use the seckey for %k/%K if the pubkey is not
available.

* photoid.h, photoid.c (show_photos): Include the seckey in case a user
tries to view a photo on a secret key, and change all callers in keyedit.c
(menu_showphoto), keylist.c (list_keyblock_print), and photoid.c
(generate_photo_id).
2002-06-03 12:39:23 +00:00
David Shaw
e96f8f1fe0 * photoid.c (show_photos): Work properly when not called with a public
key.
2002-06-02 22:19:39 +00:00
David Shaw
ee39ad5750 * sign.c (mk_notation_and_policy): Free unneeded buffer.
* hkp.c (parse_hkp_index): Properly handle the '&' character (i.e.
"&amp;") in HKP responses.

* getkey.c (merge_selfsigs_main): Fix reversed expiration time check with
self-sigs.

* keyedit.c (sign_uids): When making a new self-sig on a v3 key, make a v3
self-sig unless it is currently a v3 self-sig being promoted to v4.
2002-06-01 04:10:16 +00:00
David Shaw
1848ef6950 * gpg.sgml: Add "edit/addrevoker". Document --desig-revoke. Note that -z
and --compress are the same option.  Note that --digest-algo can no longer
violate OpenPGP with a non-160 bit hash with DSA.  Document
--cert-digest-algo with suitable warnings not to use it.  Note the default
s2k-cipher-algo is now CAST5. Note that --force-v3-sigs overrides
--ask-sig-expire.  Revise --expert documentation, as it is now definitely
legal to have more than one photo ID on a key.  --preference-list is now
--default-preference-list with the new meaning.  Document
--personal-preference-list.

* DETAILS: Document "Revoker" for batch key generation.
2002-05-31 22:34:16 +00:00
Timo Schulz
5f3acaffa9 2002-05-31 Timo Schulz <ts@winpt.org>
* pkclist.c (do_show_revocation_reason): Don't use capital
        letters for non-interactive output.
        (show_revocation_reason): Now it is global.
        * pubkey-enc.c (get_it): Show if the key has been revoked.
2002-05-31 09:23:24 +00:00
David Shaw
5f5c43ab26 * sign.c (write_signature_packets, sign_file, clearsign_file,
sign_symencrypt_file): Make a v4 signature if a policy URL or notation is
set, unless v3 sigs are forced via rfc1991 or force-v3-sigs.  Also remove
some doubled code and clarify an error message (we don't sign in PGP2
mode - just detach-sign).

* parse-packet.c (parse_one_sig_subpkt): Add KS_FLAGS to the "any size"
section.
2002-05-30 22:58:19 +00:00
David Shaw
da3f17990c * keygen.c (keygen_set_std_prefs, add_feature_mdc): Use "mdc" and "no-mdc"
in the prefs string to allow switching on and off the MDC feature.  This
is needed to properly export a key from GnuPG for use on PGP which does
not support MDC - without this, MDC-capable implementations will still try
and generate MDCs which will break PGP.

* keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if it is
enabled.

* options.h, g10.c (main), cipher.c (write_header), keygen.c
(keygen_set_std_prefs): For consistency, allow the user to specify
mdc/no-mdc in the --personal-preference-list.  If disabled, it acts just
like --disable-mdc.
2002-05-29 20:52:51 +00:00
David Shaw
e77b643b4a * options.h, exec.c: Add some debugging info, using the 1024 debug flag.
* exec.c (win_system): New system()-like function for win32 that does not
return until the child process terminates.  Of course, this doesn't help
if the process itself exits before it is finished.
2002-05-29 18:46:49 +00:00
Werner Koch
9a9ae615ea * encode.c (encode_simple): Intialize PKT when --no-literal is used. 2002-05-29 13:44:19 +00:00
Werner Koch
cc6de431ff * keyedit.c (show_key_with_all_names_colon): Renamed the record
for revocation keys to "rvk".
2002-05-29 11:27:08 +00:00
Werner Koch
0a1b46b5db Described --with-colons enhancements. 2002-05-28 08:28:49 +00:00
Werner Koch
9fe2c355e5 * keyedit.c (show_key_with_all_names_colon): New.
(show_key_with_all_names): Divert to new function when required.
Sanitize printing of revoker name.
2002-05-28 08:27:45 +00:00
David Shaw
e4b2f8da41 * build-packet.c (build_sig_subpkt): Handle setting sig flags for certain
subpacket types (notation, policy url, exportable, revocable).  keyedit.c
(sign_mk_attrib): Flags no longer need to be set here.

* packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c
(build_sig_subpkt): Call parse_one_sig_subpkt to sanity check buffer
lengths before building a sig subpacket.
2002-05-28 03:10:00 +00:00
David Shaw
8d5dad0ac3 * sign.c (mk_notation_and_policy): Include secret key to enable %s
expandos, and pass notations through pct_expando as well.

* main.h, misc.c (pct_expando): Add %s and %S expandos for signer's keyid.
2002-05-27 01:00:11 +00:00
David Shaw
de2f0905b5 * g10.c (strusage, build_list): Add compress algorithms to --version list.
Show algorithm numbers when --verbose --version is done.
2002-05-26 03:42:39 +00:00
David Shaw
2656589782 * options.h, main.h, keygen.c (keygen_set_set_prefs, keygen_get_std_prefs,
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted.  Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.

* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
2002-05-22 14:07:12 +00:00