1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

1127 Commits

Author SHA1 Message Date
David Shaw
e81bae94cb * packet.h, pkclist.c (build_pk_list), free-packet.c
(release_public_key_parts): Remove unused namehash element for public
keys.

* trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info): Pass a
user ID in rather than a namehash, so we only have to do the hashing in
one place.
2003-01-09 04:04:55 +00:00
Werner Koch
8602e35feb Preparing a release candidate. 2003-01-07 10:05:38 +00:00
Werner Koch
f6e2cb4032 * Broken links resulting from revised web site filesystem structure
corrected:
    Intro - available *here* link corrected.
          Was <http://www.gnupg.org/faq.html>, corrected to be:
          <http://www.gnupg.org/documentation/faqs.html>
    1.1 - RFC 2440 link corrected. Was
          <http://www.gnupg.org/rfc2440.html>,
          now linked to: <http://www.rfc-editor.org/>
    2.1 - <http://www.gnupg.org/docs.html> corrected to be:
          <http://www.gnupg.org/documentation/>
	  <http://lists.gnupg.org> corrected to be:
	  <http://www.gnupg.org/documentation/mailing-lists.html>
    2.2 - <http://www.gnupg.org/mirrors.html> corrected to be:
          <http://www.gnupg.org/download/mirrors.html>
    3.1 - <http://gnupg.org/backend.html#supsys> corrected to be:
          <http://gnupg.org/download/supported_systems.html>
    3.2 - <http://www.gnupg.org/download.html> corrected to be:
          <http://www.gnupg.org/download/>
* Corrected typo in question 4.12 - Changed "How can a get list of key
  IDs..." to "How can I get list of key IDs..."
* Modified URL listed in question 6.19 to become an actual hyperlink.
* Removed line continuation character ("\") at the end of command-
  strings that were split into two lines (to lessen confusion for those
  using Windows or OSes that don't support line continuation).
* Removed paragraph on line continuation, replacing it with a paragraph
  to remind the reader that although some command lines may be split
  into two lines to allow for proper web page display of the FAQ file
  in some  browsers, the entire command-string is to be entered all on
  one line.
* Corrected command-line entries that lacked a "$" character at the
  beginning of the command-string to signafy a shell prompt in order to
  apply consitancy throughout the FAQ.
* Replaced <pre> tags with <samp> for code entries to improve display
  for those browser with limited window widths (does not apply to
  tables).
* Trimmed whitespace in tables to narrow width to improve display for
  those browsers with limited window widths.
2003-01-07 10:03:50 +00:00
Werner Koch
78d250a82c * de.po: Updated the translation myself.
* fi.po, zh_TW.po: New from TP Robot.

* es.po, gl.po, id.po, tr.po: Updated from TP Robot.
2003-01-07 08:48:27 +00:00
David Shaw
705578de9c * NEWS: Add notes about disabled keys and trustdb tweaks. 2003-01-07 04:43:35 +00:00
David Shaw
eb6c0aa2be * packet.h, tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record),
trustdb.c (update_validity): Store temporary full & marginal counts in the
trustdb. (clear_validity, get_validity_counts): Return and clear temp
counts. (store_validation_status): Keep track of which keyids have been
stored. (validate_one_keyblock, validate_key_list): Use per-uid copies of
the full & marginal counts so they can be recalled for multiple levels.
(validate_keys): Only use unused keys for each new round.
(reset_unconnected_keys): Rename to reset_trust_records, and only skip
specifically excluded records.
2003-01-06 22:32:20 +00:00
David Shaw
462b2f93ca * DETAILS: Document disabled flag in capabilities field. 2003-01-06 21:10:41 +00:00
David Shaw
fad1d22621 * keylist.c (print_capabilities): Show 'D' for disabled keys in
capabilities section.

* trustdb.c (is_disabled): Remove incorrect comment.
2003-01-06 21:06:47 +00:00
David Shaw
2d5091e4e3 * getkey.c (merge_selfsigs_main): Remove some unused code and make sure
that the pk selfsigversion member accounts for 1F direct sigs.

* keyring.c (keyring_search): skipfnc didn't work properly with non-keyid
searches.  Noted by Stefan Bellon.
2003-01-03 00:40:20 +00:00
Werner Koch
e538b99549 * keydb.c (keydb_add_resource): Don't assume that try_make_homedir
terminates but check again for the existence of the directory and
continue then.
* openfile.c (copy_options_file): Print a warning if the skeleton
file has active options.
2003-01-02 17:47:35 +00:00
David Shaw
041d99295a (oops) The rest of the fix from previous checkin. 2002-12-28 04:25:29 +00:00
David Shaw
63246fe693 * getkey.c (merge_selfsigs_main), main.h, sig-check.c
(check_key_signature2): Pass the ultimately trusted pk directly to
check_key_signature2 to avoid going through the key selection mechanism.
This prevents a deadly embrace when two keys without selfsigs each sign
the other.
2002-12-28 04:08:53 +00:00
David Shaw
1fb55cd173 * keyserver.c (keyserver_refresh): Don't print the "refreshing..." line if
there are no keys to refresh or if there is no keyserver set.

* getkey.c (merge_selfsigs_main): Any valid user ID should make a key
valid, not just the last one.  This also fixes Debian bug #174276.
2002-12-27 23:31:04 +00:00
David Shaw
b8068e84e7 * keygen.c (keygen_add_key_expire): Properly handle updating a key
expiration to a no-expiration value.

* keyedit.c (enable_disable_key): Comment.

* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.
2002-12-26 22:00:44 +00:00
David Shaw
ad79ac8a80 * iobuf.c (iobuf_flush): Only print debug info if debugging is on. 2002-12-26 20:35:20 +00:00
Timo Schulz
a1b94b92c8 2002-12-23 Timo Schulz <ts@winpt.org>
* import.c (import_one): Use merge_keys_and_selfsig in the
        interactive mode to avoid wrong key information.
2002-12-23 19:31:05 +00:00
Werner Koch
43943b505f * samplekeys.asc: Updated. 2002-12-23 15:50:09 +00:00
David Shaw
fd75f7daac * keydb.h, getkey.c (key_byname): Flag to enable or disable including
disabled keys.  Keys specified via keyid (i.e. 0x...) are always included.

* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.

* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt.  Do include disabled keys for the default key and
--encrypt-to.

* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.

* gpgv.c (is_disabled): Stub.
2002-12-19 04:47:12 +00:00
David Shaw
bafb6ebf27 * gpg.sgml: Clarify --no-permission-warning to note that the permission
warnings are not intended to be the be-all and end-all in security checks.
Add note to --group that when used on the command line, it may be
necessary to quote the argument so it is not treated as multiple
arguments.  Noted by Stefan.
2002-12-12 22:06:11 +00:00
David Shaw
7cbc893caf * options.skel: Include the required '=' sign in the sample 'group'
option.

* import.c (chk_self_sigs): Don't try and check a subkey as if it was a
signature.
2002-12-12 22:02:53 +00:00
David Shaw
23b36f4e47 * mainproc.c (proc_tree): Handle multiple detached sigs concatenated
together by warning the user and processing only the first.

* g10.c (main): Comment out --list-trust-path until it can be implemented.
2002-12-11 15:17:10 +00:00
David Shaw
4017bbc683 * gpg.sgml: Clarify include-revoked and include-disabled so they match
what the program actually does.  Noted by Dick Gevers.
2002-12-11 03:41:52 +00:00
David Shaw
4d7eba13cc * gpg.sgml: Document %-expandos for policy URLs and notations. 2002-12-06 17:49:59 +00:00
David Shaw
b7b7e6c25a * keygen.c (ask_algo): Make the Elgamal sign+encrypt warning stronger, and
remove the RSA sign+encrypt warning.

* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich
cache.
2002-12-06 04:05:47 +00:00
Werner Koch
6a52cba167 faq update. 2002-12-05 18:48:24 +00:00
Werner Koch
5c504ac5c5 * Changed variable for default gnupg.org http location from $hGPG
to $hGPGHTTP and update instances of variable throughout FAQ in
  introduction area and sections 1.1, 2.1 and 2.2

* Added section 1.4 - What conventions are used in this FAQ?
  + unices vs. win32 (with hyperlink (<Rhomedir>) to section 4.18 for
    example
  + gpg.conf vs. options (with hyperlink (<Roptions>) to section 5.8
    to note name change

* Corrected section 2.2 - Changed ftp URL (both display and link URLs)
  from "ftp://ftp.gnupg.org/pub/gcrypt" to ftp://ftp.gnupg.org/gcrypt/,
  and the display URL (not the actual link URL, it's correct) of the http
  URL from "http://www.gnupg.org/mirror.html" to
 "http://www.gnupg.org/mirrors.html"

* Included variable ($hVERSION) for easier updating of latest gpg
  version when referenced (as in section 2.2)

* Included variable ($hGPGFTP) for default gnupg.org ftp location
  (ftp://ftp.gnupg.org) for use in sections 2.2 and 4.16

* Corrected section 3.1 visual display of link from
  "http://www.gnupg.org/gnupg.html#supsys" to
  "http://www.gnupg.org/backend.html#supsys"

* Edited sections 3.1, 3.2, 5.2 to include $hGPGHTTP variable

* Corrected section 3.2 - Word typo ("avoided" was "avoiced").

* Corrected / edited section 3.3 -
  + corrected link: ftp://ftp.gnupg.dk/pub/contrib-dk/
    for idea.c.gz, idea.c.gz.sig, ideadll.zip, ideadll.zip.sig
  + edited section to include all files and added
    ~/.gnupg/gpg.conf info

* Edited section 4.6 - As this section deals with loosing a public key,
  I added a paragraph containing a hyperlink to the end of section 4.21
  ("I still have my secret key, but lost my public key..."). The
  paragraph reads: "If you've lost your public key and need to recreate
  it instead for continued use with your secret key, you may be able to
  use gpgsplit as detailed in question <Rgpgsplit>."

* Edited section 4.15 - Added paragraph below table on GPGrelay, an
  application for MUAs that lack OpenPGP (rfc2015) support to. "Users of
  Win32 MUAs that lack OpenPGP support may look into using GPGrelay
  <http://http://gpgrelay.sourceforge.net>, a small email-relaying
  server that uses GnuPG to enable many email clients to send and
  receive emails that conform to PGP-MIME (RFC 2015)."
  suggested by: Andreas John <aj@tesla.inka.de>

* Corrected section 4.16 - Incorportated Werner's URL fix for gpgme FTP
  location to synchronize local CVS with released FAQ version 1.5.8.

* Added section 4.19 - "How do I verify signed packages?"
  suggested by: Christian Reis <kiko@async.com.br>

* Added section 4.20 - "How do I export a keyring with only selected
  signatures?"
  by: David Shaw <dshaw@jabberwocky.com>

* Added section 4.21 - "I still have my secret key, but lost my public
  key. What can I do?"
  by: Werner Koch <wk@gnupg.org>

* Added section 4.22 - "Clearsigned messages sent from my web-mail
  account have an invalid signature. Why?"
  by: David Scribner <dscribner@bigfoot.com>

* Edited / Corrected section 5.8 - Changed question from "I just
  installed the most recent version of GnuPG and don't have a
  ~/.gnupg/options file. Is this missing from the installation?" to
  "GnuPG no longer installs a ~/.gnupg/options file. Is it missing?"
  + Added "An existing options file can be renamed to gpg.conf for
    users upgrading, or receiving the message that the "old default
    options file" is ignored (occurs if both a gpg.conf and an
    options file are found)." to the end of the paragraph.
  + Corrected ~/.gnupg/gpg.conf (was ~/.gnupg/conf)

* Added section 5.9 - "How to you export GnuPG keys for use with PGP?"
  by: David Shaw <dshaw@jabberwocky.com>
2002-12-05 18:47:58 +00:00
Werner Koch
77f99fd667 New entries 2002-12-05 15:22:21 +00:00
Werner Koch
f59aac24bb * gpg.sgml: Document --no-mangle-dos-filenames. 2002-12-05 15:21:41 +00:00
Werner Koch
9a34b607ab * g10.c: New options --[no-]mangle-dos-filenames.
* options.h (opt): Added mangle-dos-filenames.
* openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
filename only when this option is set; this is the default.

NOT YET TESTED!
2002-12-05 15:21:17 +00:00
David Shaw
1ae9261ef6 * NEWS: Add note about convert-from-106 script. 2002-12-04 18:59:23 +00:00
David Shaw
f4401fafd9 * gpg.sgml: Document --pgp8. Clarify that --pgp6 and --pgp7 disable
--throw-keyid.
2002-12-04 18:57:52 +00:00
David Shaw
2d6a766433 * main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) change.
Minimal isn't always best.

* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time.  Make sure that this doesn't
cause a time warp.

* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).

* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.

* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).
2002-12-04 18:32:00 +00:00
David Shaw
6d30580362 * packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.
2002-12-04 16:17:21 +00:00
David Shaw
dc70beb88f * options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode.  This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.

* getkey.c (finish_lookup): Comment.
2002-12-03 23:09:20 +00:00
David Shaw
33783a41a4 * main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder
user ID display in the --edit-key menu to match that of the --list-keys
display.

* tdbio.c (tdbio_read_record, tdbio_write_record): Comments to reserve a
byte for trust model in the devel version.

* g10.c (add_notation_data): Fix initialization.
2002-12-03 18:10:10 +00:00
David Shaw
03aaecf3f8 * keyedit.c (menu_expire): Don't lose key flags when changing the
expiration date of a subkey.  This is not the most optimal solution, but
it is minimal change on the stable branch.

* main.h, keygen.c (do_copy_key_flags): New function to copy key flags, if
any, from one sig to another. (do_add_key_expire): New function to add key
expiration to a sig. (keygen_copy_flags_add_expire): New version of
keygen_add_key_expire that also copies key flags.
(keygen_add_key_flags_and_expire): Use do_add_key_expire.

* import.c (fix_hkp_corruption): Comment.
2002-12-01 20:49:13 +00:00
David Shaw
7917a43b81 * gpg.sgml: Point out that if the user absolutely must, it's better to use
--pgpX than forcing an algorithm manually.  Better still not to use
anything, of course.
2002-12-01 01:51:34 +00:00
David Shaw
31e09a853d * distfiles, gnupg.spec.in: Include convert-from-106. 2002-11-30 23:30:48 +00:00
David Shaw
1c4090fe65 * convert-from-106: Script to automate the 1.0.6->later conversion. It
marks all secret keys as ultimately trusted, adds the signature caches,
and checks the trustdb.
2002-11-30 16:09:33 +00:00
David Shaw
721353f8c4 * NEWS: Add notes about notation names and '@', the "--trust-model always"
option, and non-optimized memory wiping.
2002-11-25 14:38:10 +00:00
David Shaw
efa986b098 * gpg.sgml: Document --sig-policy-url, --cert-policy-url, --sig-notation,
--cert-notation.  Clarify --show-notation and --show-policy-url that
policy URLs and notations can be used in data signatures as well.  Add
note about '@' being a required character in notation names.
2002-11-25 14:32:40 +00:00
David Shaw
f41be729cc * g10.c (add_notation_data): Disallow notation names that do not contain a
'@', unless --expert is set.  This is to help prevent people from
polluting the (as yet unused) IETF namespace.

* main.h: Comments about default algorithms.

* photoid.c (image_type_to_string): Comments about 3-letter file
extensions.

* g10.c (main): Add --strict and --no-strict as no-ops to smooth
transition when the devel GnuPG becomes the stable one.
2002-11-24 01:44:37 +00:00
David Shaw
d907271871 * gpg.sgml: Add an interoperability section. 2002-11-22 03:52:48 +00:00
David Shaw
e76d3eab83 * gpg.sgml: Correct defaults for --s2k-mode and --s2k-digest-mode. Noted
by Haakon Riiser.
2002-11-17 15:15:36 +00:00
David Shaw
848ae72ed5 * config.links: Use OpenBSD/NetBSD powerpc assembler code for Darwin.
Successfully tested by Gordon Worley.
2002-11-16 16:51:06 +00:00
David Shaw
c028cac7ab * gpg.sgml: Correct --compress-algo documentation to match behavior.
Noted by Jason S. Mantor.
2002-11-14 22:06:58 +00:00
David Shaw
01819803ae * gpg.sgml: Document --trust-model. 2002-11-14 02:54:56 +00:00
Stefan Bellon
5059ac6f0b fixed type incompatibility 2002-11-13 21:50:33 +00:00
David Shaw
5ecf0cbd79 * keyedit.c (show_key_with_all_names_colon): Make --with-colons --edit
display match the validity and trust of --with-colons --list-keys.

* passphrase.c (agent_send_all_options): Fix compile warning.

* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.
2002-11-13 13:14:40 +00:00
David Shaw
7178a8056c * getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid.  This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
2002-11-13 05:20:43 +00:00