1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

522 Commits

Author SHA1 Message Date
David Shaw
3c40fd65d6 * options.h, g10.c (main), main.h, seskey.c (do_encode_md,
encode_md_value), sig-check.c (do_check), sign.c (do_sign): Remove
--emulate-md-encode-bug as it only applied to Elgamal signatures, which
are going away.
2003-12-04 04:34:08 +00:00
David Shaw
03b04db3cf * mainproc.c (proc_symkey_enc, proc_encrypted): Add ability to use
--override-session-key on --symmetric messages (new-style or old-style).
(proc_pubkey_enc): Move code to show session key from here to
proc_encrypted() so it can work with any type of message. Suggested by
Michael Young.
2003-11-30 15:33:04 +00:00
David Shaw
3c0eb7790b * trustdb.c (validate_keys): Reset the trustdb before checking if we have
any ultimately trusted keys.  This ensures that if we lose all our
ultimately trusted keys, we don't leave behind the old validity
calculations.  Noted by Peter Palfrader.

* revoke.c (gen_desig_revoke): Specify in the comment when a designated
revocation is generated.

* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
get_seckey_byname2): Remove Elgamal check since we are removing type 20
keys altogether.
2003-11-30 00:33:27 +00:00
David Shaw
5473ac9deb * pkclist.c (build_pk_list): Do not allow an empty PK list in interactive
mode.

* getkey.c (get_seckey_byname2): Disallow use of sign+encrypt Elgamal
keys.
2003-11-27 14:47:00 +00:00
David Shaw
973c868961 * keygen.c (ask_algo): Remove ability to generate Elgamal sign+encrypt
keys.

* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Disallow use of
sign+encrypt Elgamal keys.
2003-11-27 13:53:34 +00:00
David Shaw
85a80265c7 * seskey.c (do_encode_md): Comment about earlier (pre-PGP 2.3) encodings.
* misc.c (compress_algo_to_string): Translate "Uncompressed". Requested by
Tommi Vainikainen. (string_to_compress_algo): Include multi-string for
"uncompressed|none".
2003-11-21 01:11:25 +00:00
David Shaw
dcf747d620 * options.h, g10.c (main), compress-bz2.c (init_uncompress): Add
--bz2-compress-lowmem to set bzlib "small" flag for low memory (but slow)
decompression.
2003-11-18 02:52:35 +00:00
David Shaw
2e4ab6c669 * compress.c (init_compress): Remove compress level 10 trick, since it is
no longer needed.

* g10.c: Fix typoed option name.

* compress-bz2.c (init_compress): Compression level 0 is not meaningful
for bzip2.
2003-11-15 23:54:14 +00:00
David Shaw
995d712589 * options.h, g10.c (main), compress.c (init_compress), compress-bz2.c
(init_compress): Add --compress-level and --bzip2-compress-level.  -z sets
them both.  Change various callers.
2003-11-15 22:31:58 +00:00
David Shaw
3257edd4e4 * encode.c (encode_simple), sign.c (sign_symencrypt_file): Properly use
default_compress_algo (--compress-algo, followed by the highest
--personal-compress-preference, followed by ZIP) to get the algorithm.
2003-11-15 15:38:43 +00:00
David Shaw
c47ec46526 * options.h, trustdb.c (trust_model_string, init_trustdb): Add support for
"external" trust model, where the user can provide a pregenerated trustdb.

* keyedit.c (keyedit_menu): Do not allow editing ownertrust with an
external trust model trustdb.
2003-11-15 00:19:49 +00:00
David Shaw
80caf9957f * options.h, g10.c, keyedit.c, keylist.c, mainproc.c: Clarify the
plurarility (or not) of various list and verify options.
2003-11-14 05:06:19 +00:00
David Shaw
bc1e4357a9 * g10.c (main): Add --symmetric --sign --encrypt.
* main.h, encode.c (setup_symkey): New.  Prompt for a passphrase and
create a DEK for symmetric encryption. (write_symkey_enc): New.  Write out
symmetrically encrypted session keys. (encode_crypt, encrypt_filter): Use
them here here when creating a message that can be decrypted with a
passphrase or a pk.

* sign.c (sign_file): Call setup_symkey if we are doing a --symmetric
--sign --encrypt.
2003-11-13 02:54:12 +00:00
David Shaw
5028edd538 * mainproc.c (proc_symkey_enc): Don't show algorithm information when
--quiet is set.  Suggested by Duncan Harris.  Also don't fail with BUG()
when processing a --symmetric message with a cipher we don't have.

* g10.c: Alias --personal-xxx-prefs to --personal-xxx-preferences.
2003-11-10 04:33:13 +00:00
David Shaw
ebe6f4999f * pkclist.c (build_pk_list): When adding recipients interactively, allow
the user to stop at any point.
2003-11-10 01:30:12 +00:00
David Shaw
5c37fd90bf * trustdb.h, trustdb.c (register_trusted_keyid): New. Adds a keyid to the
list of ultimately trusted keys.

* keygen.c (do_generate_keypair): Use it here so that the ultimate
ownertrust happens before the trustdb (might be) rebuilt.  Also fix an
error where the newly generated pk is thought to be a subkey by the
trustdb.

* g10.c (main): Fix --export-all do actually do something different than
--export.

* pkclist.c (build_pk_list): Show all recipients rather than showing each
recipient as they are added.

* mainproc.c (proc_symkey_enc, proc_encrypted): Keep a count of the number
of passphrases that can decrypt a symmetric or mixed symmetric/pk message
and include it in the list of keys shown to the user.
2003-11-01 01:13:16 +00:00
David Shaw
869c6bb7e4 * misc.c (compress_algo_to_string, string_to_compress_algo,
check_compress_algo): Add bzip2.

* compress.c (compress_filter): Make static to help force the use of
push_compress_filter.  Remove default algorithm setting since that is done
in push_compress_filter now.

* main.h: Use named algorithm.

* filter.h, compress.c (push_compress_filter, push_compress_filter2): New.
Figure out which is the appropriate compression filter to use, and push it
into place.

* compress.c (handle_compressed), encode.c (encode_simple, encode_crypt),
sign.c (sign_file, sign_symencrypt_file), import.c (read_block), export.c
(do_export): Use push_compress_filter instead of pushing the compression
filter ourselves.

* compress-bz2.c: New.  Bzlib versions of the compression filter routines.

* Makefile.am: Include compress-bz2.c if bz2lib is available.
2003-10-31 05:39:02 +00:00
Werner Koch
06865e7164 (close_ct_reader, close_pcsc_reader): Implemented.
(get_ccid_error_string): New.  Not very useful messages, though.
2003-10-30 09:30:20 +00:00
Werner Koch
fcc72f915b * cardglue.c (open_card): Ask for card insertion.
(check_card_serialno): New.
(agent_scd_pksign, agent_scd_pkdecrypt): Use it here.
* cardglue.c (open_card): Issue insertion status message.
* status.h, status.c (STATUS_CARDCTRL): New.

* status.c (cpr_get_answer_okay_cancel): New.

* miscutil.c (answer_is_okay_cancel): New.
2003-10-29 10:07:44 +00:00
Werner Koch
be239a058a * DETAILS: Add the 'a' value for field 12 and the new field 15.
* keylist.c (list_keyblock_print): Denote secrets keys stored on a
card with an '>'. Print the '#' also for subkeys.
(list_keyblock_colon): Introduce new field 15 for sec/ssb to print
the serial number.
2003-10-28 09:25:06 +00:00
David Shaw
ce4c9b6b5f * g10.c (main): Enhance the version-specific config file code to try for
more specific matches before giving up (e.g. 1.3.3-cvs, 1.3.3, 1.3, 1).
2003-10-26 15:49:44 +00:00
David Shaw
bb7986e9a6 * g10.c (main): Add --symmetric --encrypt command. This generates a
message that can be decrypted via a passphrase or public key system.

* main.h, encode.c (encode_seskey): Allow passing in an already-created
session key dek. (encode_simple): Use the actual symmetric cipher when
encrypting a session key for a symmetric message. (encode_crypt): Add a
flag to trigger a hybrid mode that can be decrypted via a passphrase or a
pk.  Change all callers.

* mainproc.c (symkey_decrypt_sesskey): There is no way to tell the
difference here between a bad passphrase and a cipher algorithm that we
don't have, so use a error message that makes that clear. Use the actual
list of ciphers when checking whether a cipher is invalid.  Return error
if the decrypted cipher algorithm is invalid. (proc_symkey_enc): In a
mixed passphrase/pk message, if a valid dek already exists from decrypting
via pk, do not try to process the passphrase. (proc_symkey_enc): Indicate
when we're decrypting a session key as opposed to decrypting data.  If a
passphrase is invalid, discard the dek so we'll keep trying.
2003-10-26 03:26:14 +00:00
Werner Koch
e62874f1d1 * ccid-driver.c (ccid_open_reader): Return an error if no USB
devices are found.

* Makefile.am: Replaced INTLLIBS by LIBINTL.
2003-10-25 16:26:29 +00:00
Werner Koch
bc45e6e065 * g10.c (main) [ENABLE_CARD_SUPPORT]: Add a default for
--pcsc-driver.

* cardglue.c (learn_status_cb): Fixed faulty use of !space.
2003-10-25 14:17:24 +00:00
Werner Koch
624612b991 (apdu_open_reader): Hacks for PC/SC under Windows. 2003-10-24 20:50:38 +00:00
Werner Koch
441aeb85f2 * passphrase.c (ask_passphrase): Add optional promptid arg.
Changed all callers.
* cardglue.c (pin_cb): Use it here, so the machine interface can
tell whether the Admin PIN is requested.

* cardglue.c (agent_scd_checkpin): New.

* misc.c (openpgp_pk_algo_usage): Added AUTH usage.

* app-openpgp.c (check_against_given_fingerprint): New. Factored
out that code elsewhere.
(do_check_pin): New.
* card-util.c (card_edit): New command "passwd".  Add logic to
check the PIN in advance.
(card_status): Add new args to return the serial number.  Changed
all callers.
2003-10-21 18:22:21 +00:00
David Shaw
6ad91b2b3a * import.c (import_one): Show the keyid when giving the Elgamal slow
import warning.

* g10.c (main): Older versions used --comment "" to indicate no comment.
Don't add an empty comment.
2003-10-14 23:30:14 +00:00
David Shaw
837df305c6 * keyedit.c (show_key_with_all_names): Ownertrust is only meaningful for
the PGP or classic trust models.  Both validity and ownertrust are not
meaningful for the always trust model.
2003-10-14 00:05:44 +00:00
Werner Koch
bc14a878e2 Always enable the gen_card_key prototype. 2003-10-11 16:32:03 +00:00
Werner Koch
8b36b03074 (card_close): New.
(agent_scd_change_pin): Implemented.
2003-10-10 15:45:11 +00:00
Werner Koch
6f6511f3ca About to release 1.3.3 2003-10-10 15:32:24 +00:00
Werner Koch
5a0fbad9b3 * cardglue.c (card_close): New.
* ccid-driver.c (ccid_close_reader): New.
* apdu.c (close_ccid_reader, close_ct_reader, close_csc_reader)
(close_osc_reader, apdu_close_reader): New.  Not all are properly
implemented yet.
* g10.c (g10_exit): Use close_card.
2003-10-10 15:12:02 +00:00
Werner Koch
3cfffa8a4e * primegen.c (gen_prime): Bail out if we try to generate a prime
with less than 16 bits. Include i18n.h.

* POTFILES.in (cipher/primegen.c): Added.
2003-10-10 09:28:26 +00:00
David Shaw
40db05fb99 * g10.c (main): Give a deprecated option warning for --show-keyring,
--show-photos, --show-policy-url, --show-notation, and their respective
no- forms.

* options.skel: Remove show-photos and replace with list/verify-options
show-photos.  Remove no-mangle-dos-filenames.

* misc.c (parse_options): Allow for incomplete (but unambiguous) options.
2003-10-10 03:05:05 +00:00
Werner Koch
f633ef17dc * ccid-driver.c (ccid_transceive): Add T=1 chaining for sending.
* sign.c (do_sign) [!ENABLE_CARD_SUPPORT]: Return an error for
card keys.

* cardglue.c (agent_scd_pkdecrypt): Implemented.
* pubkey-enc.c (get_it) [ENABLE_CARD_SUPPORT]: Divert decryption
to card
2003-10-09 15:08:12 +00:00
Werner Koch
72c648c035 * cardglue.c (pin_cb): Detect whether an admin or regular PIN is
requested.
(genkey_status_cb): New.
(agent_scd_genkey): Implemented.

* keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare
parameters for on card key generation. Changed all callers.
(do_generate_keypair): Add new arg card and merged casrd specific
changes from 1.9.
(proc_parameter_file): New arg card, apss it down to
do_generate_keypair and changed all callers.
(gen_card_key): New.

* g10.c: Include cardclue.h.
(main): s/app_set_default_reader_port/card_set_reader_port/.
* cardglue.c (card_set_reader_port): New to address include file
issues.
2003-10-08 15:21:20 +00:00
Werner Koch
99cabff03f * cardglue.c (learn_status_cb): Release values before assignment
so that it can be used by getattr to update the structure.
(agent_scd_getattr): New.

* keylist.c (print_pubkey_info): Add FP arg for optional printing
to a stream.  Changed all callers.
2003-10-02 10:20:12 +00:00
David Shaw
b0fe35f60e * g10.c (main): Add --no-groups to zero --group list.
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically
encrypted session key.  Use --s2k-cipher-algo to choose cipher, rather
than the default cipher.

* parse-packet.c (parse_subkeyenc): Give a warning if an symmetrically
encrypted session key is seen without salt.  Show in --list-packets if a
symetrically encrypted session key is present.

* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless
--quiet is set.  Use text name of cipher in warning.
2003-10-01 15:15:58 +00:00
David Shaw
cb772decc4 * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
--verify-option show-unusable-uids.
2003-09-30 21:16:36 +00:00
David Shaw
52100b459a * gpgv.c (check_trustdb_stale): Stub.
* trustdb.c (get_validity): Move the up-to-date check to
check_trustdb_stale (new), so that it can be called before validity is
checked.

* keylist.c (list_keyblock_print): Disable the overall key validity
display until it can be thought about more.  Use check_trustdb_stale here
to avoid putting the check warning in the middle of a listed key.

* trustdb.c (init_trustdb): Only verify_own_keys() for those trust models
that it applies to (i.e. classic and OpenPGP).
2003-09-30 15:30:39 +00:00
Werner Koch
8062cb418a * keygen.c (do_add_key_flags, parse_parameter_usage): Add support
the proposed AUTH key flag.
* getkey.c (fixup_uidnode, merge_selfsigs_main)
(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
* keylist.c (print_capabilities): Ditto.

* parse-packet.c (parse_key): Allow to parse the divert-to-card
S2K mode.
* build-packet.c (do_secret_key): Handle divert-to-card S2K
* seckey-cert.c (is_secret_key_protected): Ditto.
(check_secret_key): Ditto.

* keygen.c (do_ask_passphrase): Renamed from ask_passphrase.
* passphrase.c (ask_passphrase): New.
2003-09-30 08:00:08 +00:00
Werner Koch
e369270a65 * g10.c (main): New commands --card-edit, --card-status and
--change-pin.  New options --ctapi-driver, --pcsc-driver and
--disable-ccid
* options.h (DBG_CARD_IO): New.
* cardglue.c, cardclue.h: Enhanced.
* card-util.c: New. Taken from current the gnupg 1.9 branch.
* app-common.h, app-openpgp.c, iso7816.c, iso7816.h, apdu.c
* apdu.h, ccid-driver.c, ccid-driver.h: New.  Takem from the current
gnupg 1.9 branch withy minor changes to include directives.
* Makefile.am: Added these files.
2003-09-28 13:41:58 +00:00
Werner Koch
20ed53942a First bits of a card support backport from 1.9. It is not enabled by
default and tehre is not yet much more than a new configure option.

* configure.ac (LIBUSB_LIBS,HAVE_LIBUSB): Check for Libusb.
(--enable-card-support): New.

* sign.c (do_sign) [ENABLE_CARD_SUPPORT]: Divert to card.
* cardglue.c, cardglue.h: New.
* Makefile.am (gpg_LDADD): Added.
(card_support_sources): New.

* memory.h (xmalloc): Define xmalloc macros in terms of m_alloc.
2003-09-27 19:37:53 +00:00
David Shaw
e70e41612f * options.h, g10.c (main), keylist.c (list_keyblock_print): Add
"show-unusable-uids" list-option to show revoked and/or expired user IDs.
2003-09-25 04:03:11 +00:00
David Shaw
0d8bd2eace * keyedit.c (show_key_with_all_names): Show names a little neater by
putting the [revoked] or [expired] in the space used for the [validity].
There is also no point in showing "[unknown] [revoked]".
2003-09-24 12:11:17 +00:00
David Shaw
97dcb84cce * sign.c (mk_notation_policy_etc): Capitalize "URL".
* trustdb.c (validate_keys): Give a little more information while
rebuilding trustdb.

* pkclist.c (do_edit_ownertrust): Clarify "don't know".

* g10.c (main): Default to --no-mangle-dos-filenames.
2003-09-24 03:48:55 +00:00
David Shaw
4ccd51cb50 * keydb.h, keyring.c (keyring_search), trustdb.c (search_skipfnc): Expand
the skipfnc to include a pointer to the user ID that matched.

* getkey.c (skip_disabled): Rename to skip_unusable, and add checks for
expired or revoked user IDs.
2003-09-23 23:14:03 +00:00
David Shaw
b224756fbe * g10.c (main): Deprecate --default-comment in favor of --no-comments.
* options.h, g10.c (main), armor.c (armor_filter): Allow using --comment
multiple times to get multiple Comment: header lines. --no-comments resets
list.
2003-09-23 03:52:55 +00:00
David Shaw
eb18893c8c * g10.c (main): Trim --help to commonly used options. Remove -f. 2003-09-12 03:29:00 +00:00
David Shaw
405d9dfc59 * g10.c (main): Error out if --multifile is used with the commands that
don't support it yet (--sign, --clearsign, --detach-sign, --symmetric, and
--store).

* g10.c (main): Add --multifile as an alias to turn --encrypt into
--encrypt-files (plus --verify-files, --decrypt-files).

* encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440 directly to
check for MDC usability.  Do not set the force_mdc or disable_mdc flags
since there is no point any longer.
2003-09-09 00:25:53 +00:00