1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

105 Commits

Author SHA1 Message Date
David Shaw
3c0eb7790b * trustdb.c (validate_keys): Reset the trustdb before checking if we have
any ultimately trusted keys.  This ensures that if we lose all our
ultimately trusted keys, we don't leave behind the old validity
calculations.  Noted by Peter Palfrader.

* revoke.c (gen_desig_revoke): Specify in the comment when a designated
revocation is generated.

* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
get_seckey_byname2): Remove Elgamal check since we are removing type 20
keys altogether.
2003-11-30 00:33:27 +00:00
David Shaw
5473ac9deb * pkclist.c (build_pk_list): Do not allow an empty PK list in interactive
mode.

* getkey.c (get_seckey_byname2): Disallow use of sign+encrypt Elgamal
keys.
2003-11-27 14:47:00 +00:00
David Shaw
973c868961 * keygen.c (ask_algo): Remove ability to generate Elgamal sign+encrypt
keys.

* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Disallow use of
sign+encrypt Elgamal keys.
2003-11-27 13:53:34 +00:00
Werner Koch
8062cb418a * keygen.c (do_add_key_flags, parse_parameter_usage): Add support
the proposed AUTH key flag.
* getkey.c (fixup_uidnode, merge_selfsigs_main)
(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
* keylist.c (print_capabilities): Ditto.

* parse-packet.c (parse_key): Allow to parse the divert-to-card
S2K mode.
* build-packet.c (do_secret_key): Handle divert-to-card S2K
* seckey-cert.c (is_secret_key_protected): Ditto.
(check_secret_key): Ditto.

* keygen.c (do_ask_passphrase): Renamed from ask_passphrase.
* passphrase.c (ask_passphrase): New.
2003-09-30 08:00:08 +00:00
David Shaw
4ccd51cb50 * keydb.h, keyring.c (keyring_search), trustdb.c (search_skipfnc): Expand
the skipfnc to include a pointer to the user ID that matched.

* getkey.c (skip_disabled): Rename to skip_unusable, and add checks for
expired or revoked user IDs.
2003-09-23 23:14:03 +00:00
David Shaw
fbdee01db9 * keygen.c (do_add_key_flags): Don't set the certify flag for subkeys.
(ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal subkeys.
(generate_keypair): Provide key flags for the default DSA/Elgamal keys.

* sig-check.c (signature_check, signature_check2, check_key_signature,
check_key_signature2): Allow passing NULLs for unused parameters in the x2
form of each function to avoid the need for dummy variables. getkey.c,
mainproc.c: Change all callers.

* trustdb.h, trustdb.c (read_trust_options): New.  Returns items from the
trustdb version record.

* keylist.c (public_key_list): Use it here for the new "tru" record.

* gpgv.c (read_trust_options): Stub.
2003-07-21 23:19:15 +00:00
David Shaw
06442ab0da * packet.h, main.h, sig-check.c (signature_check2, check_key_signature2,
do_check): If ret_pk is set, fill in the pk used to verify the signature.
Change all callers in getkey.c, mainproc.c, and sig-check.c.

* keylist.c (list_keyblock_colon): Use the ret_pk from above to put the
fingerprint of the signing key in "sig" records during a --with-colons
--check-sigs.  This requires --no-sig-cache as well since we don't cache
fingerprints.
2003-07-20 00:10:13 +00:00
David Shaw
f4617d97b8 * parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.

* misc.c (pct_expando): Add two new expandos - signer's fingerprint (%g),
and signer's primary fingerprint (%p).

* Makefile.am: Include W32LIBS where appropriate.

* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.

* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for "hkp",
since it is occasionally written that way. (keyserver_spawn): Use
ascii_isspace to avoid locale issues.

* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the email
field as well as the name field, and allow mixing fields when it is set.

* options.skel: Use subkeys.pgp.net as the default keyserver.

* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.

* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction.  This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.

* signal.c, tdbio.c: Comment out the transaction code.  It was not used in
this version, and was causing some build problems on quasi-posix platforms
(Solaris and Forte c89).

* keylist.c (list_keyblock_colon): Don't include validity values when
listing secret keys since they can be incorrect and/or misleading.  This
is a temporary kludge, and will be handled properly in 1.9/2.0.

* mainproc.c (check_sig_and_print): Only show the "key available from"
preferred keyserver line if the key is not currently present.

* keyedit.c (sign_uids): Do not sign expired uids without --expert (same
behavior as revoked uids).  Do not allow signing a user ID without a
self-signature.  --expert overrides.  Add additional prompt to the
signature level question. (menu_expire): When changing expiration dates,
don't replace selfsigs on revoked uids since this would effectively
unrevoke them. There is also no point in replacing expired selfsigs.
This is bug #181

* g10.c (add_notation_data): Make sure that only ascii is passed to
iscntrl.  Noted by Christian Biere.

* getkey.c (classify_user_id2): Replaced isspace by spacep

* keygen.c (ask_user_id): Ditto. (get_parameter_algo): Ditto.

* keyedit.c (keyedit_menu): Ditto.

* tdbdump.c (import_ownertrust): Ditto.  s/isxdigit/hexdigitp/.

* revoke.c (ask_revocation_reason):

* keyserver.c (keyserver_spawn): Dito.
2003-07-10 14:30:07 +00:00
David Shaw
9390fe676b * keylist.c (list_one): Don't show the keyring filename when in
--with-colons mode.  Actually translate "Keyring" string.

* mainproc.c (proc_tree): We can't currently handle multiple signatures of
different classes or digests (we'd pretty much have to run a different
hash context for each), but if they are all the same, make an exception.
This is Debian bug #194292.

* sig-check.c (check_key_signature2): Make string translatable.

* packet.h, getkey.c (fixup_uidnode): Mark real primary uids differently
than assumed primaries.

* keyedit.c (no_primary_warning): Use the differently marked primaries
here in a new function to warn when an --edit-key command might rearrange
the self-sig dates enough to change which uid is primary. (menu_expire,
menu_set_preferences): Use no_primary_warning() here.

* Makefile.am: Use @DLLIBS@ for -ldl.
2003-05-31 04:06:06 +00:00
David Shaw
ad9f6ae4b5 * getkey.c (premerge_public_with_secret): Made "no secret subkey for"
warning a verbose item and translatable. (From wk on stable branch)

* sig-check.c (check_key_signature2): Made "no subkey for subkey binding
packet" a verbose item instead of a !quiet one.  There are too many
garbled keys out in the wild. (From wk on stable branch)

* filter.h: Remove const from WHAT. (From wk on stable branch)

* progress.c (handle_progress): Store a copy of NAME. (progress_filter):
Release WHAT, make sure not to print a NULL WHAT. (From wk on stable
branch)

* openfile.c (open_sigfile): Adjust free for new progress semantics. (From
wk on stable branch)

* plaintext.c (ask_for_detached_datafile): Don't dealloc pfx->WHAT. (From
wk on stable branch)

* seckey-cert.c (do_check): Issue the RSA_OR_IDEA status when the cipher
algo is IDEA to make it easier to track down the problem. (From twoaday on
stable branch)
2003-05-26 13:21:12 +00:00
David Shaw
3a23c4230b * armor.c, g10.c, kbnode.c, misc.c, pkclist.c, sign.c, build-packet.c,
getkey.c, keydb.c, openfile.c, plaintext.c, status.c, gpgv.c, keygen.c,
options.h, sig-check.c, tdbio.h, encode.c, mainproc.c, parse-packet.c,
signal.c, textfilter.c: Edit all preprocessor instructions to remove
whitespace before the '#'. This is not required by C89, but there are some
compilers out there that don't like it.
2003-05-24 21:50:33 +00:00
David Shaw
2e821d77f7 * trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy.  Cache the result of the check so we don't
need to hit the trustdb more than once.

* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.

* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.

* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.

* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.

* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.

* exec.h, photoid.h: Add copyright message.

* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings.  This is for
consistency with --show-photos.

* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.

* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options.  This is the same as --no-XXXX for those options.

* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question.  This is bug 153.

* keyedit.c (sign_uids): Show keyid of the key making the signature.
2003-05-21 16:42:22 +00:00
David Shaw
3afe991bb8 * packet.h, build-packet.c (build_sig_subpkt), export.c
(do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c
(dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old
sig cache subpacket.  This wasn't completely harmless as it caused
subpacket 101 to disappear on import and export.

* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c,
encode.c, getkey.c, revoke.c: The current flags for different levels of
PGP-ness are massively complex.  This is step one in simplifying them. No
functional change yet, just use a macro to check for compliance level.

* sign.c (sign_file): Fix bug that causes spurious compression preference
warning.

* sign.c (clearsign_file): Fix bug that prevents proper warning message
from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key.

* main.h, misc.c (compliance_option_string, compliance_string,
compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New
functions to put the "this message may not be usable...." warning in one
place.

* options.h, g10.c (main): Part two of the simplification.  Use a single
enum to indicate what we are compliant to (1991, 2440, PGPx, etc.)

* g10.c (main): Show errors for failure in export, send-keys, recv-keys,
and refresh-keys.

* options.h, g10.c (main): Give algorithm warnings for algorithms chosen
against the --pgpX and --openpgp rules.

* keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp
mode.

* sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of
0.
2003-05-03 04:07:45 +00:00
David Shaw
30d0fc519d * sign.c (sign_file): Do not push textmode filter onto an unopened IOBUF
(segfault).  Noted by Marcus Brinkmann.  Push and reinitialize textmode
filter for each file in a multiple file list.

* packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set and show
the keyserver no-modify flag.

* keygen.c (add_keyserver_modify): New. (keygen_upd_std_prefs): Call it
here. (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as
prefs to set and unset keyserver modify flag.
2003-02-22 23:58:39 +00:00
David Shaw
d691cf8d10 * keydb.h, getkey.c (classify_user_id, classify_user_id2): Make 'exact' a
per-desc item.  Merge into one function since 'force_exact' is no longer
needed. (key_byname): Use new classify_user_id function, and new exact
flag in KEYDB_SEARCH_DESC.

* keyring.h, keyring.c (keyring_search): Return an optional index to show
which KEYDB_SEARCH_DESC was the matching one.

* keydb.h, keydb.c (keydb_search): Rename to keydb_search2, and pass the
optional index to keyring_search.  Add a macro version of keydb_search
that calls this new function.

* export.c (do_export_stream): If the keyid! syntax is used, export only
that specified key.  If the key in question is a subkey, export the
primary plus that subkey only.
2003-02-12 18:43:44 +00:00
David Shaw
e247a0b3e0 * import.c (import_one): Only do the work to create the status display for
interactive import if status is enabled.

* keyring.c (keyring_search): skipfnc didn't work properly with non-keyid
searches.  Noted by Stefan Bellon.

* getkey.c (merge_selfsigs_main): Remove some unused code and make sure
that the pk selfsigversion member accounts for 1F direct sigs.
2003-01-03 21:41:53 +00:00
David Shaw
0bb73ee428 * getkey.c (merge_selfsigs_main), main.h, sig-check.c
(check_key_signature2): Pass the ultimately trusted pk directly to
check_key_signature2 to avoid going through the key selection mechanism.
This prevents a deadly embrace when two keys without selfsigs each sign
the other.
2002-12-29 15:58:44 +00:00
David Shaw
55eda4b4f8 * keyserver.c (keyserver_refresh): Don't print the "refreshing..." line if
there are no keys to refresh or if there is no keyserver set.

* getkey.c (merge_selfsigs_main): Any valid user ID should make a key
valid, not just the last one.  This also fixes Debian bug #174276.
2002-12-27 23:46:51 +00:00
David Shaw
f3f1015f6a * keydb.h, getkey.c (key_byname): Flag to enable or disable including
disabled keys.  Keys specified via keyid (i.e. 0x...) are always included.

* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.

* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt.  Do include disabled keys for the default key and
--encrypt-to.

* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.

* gpgv.c (is_disabled): Stub.

* keygen.c (keygen_add_key_expire): Properly handle updating a key
expiration to a no-expiration value.

* keyedit.c (enable_disable_key): Comment.

* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.
2002-12-26 22:22:50 +00:00
David Shaw
e357092285 * options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode.  This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.

* getkey.c (finish_lookup): Comment.

* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder
user ID display in the --edit-key menu to match that of the --list-keys
display.

* g10.c (add_notation_data): Fix initialization.
2002-12-03 23:31:48 +00:00
Stefan Bellon
0907db4855 fixed type incompatibility 2002-11-13 21:49:57 +00:00
David Shaw
fbffa8209b * encode.c (encode_simple): Make sure that files larger than about 4G use
partial length encoding.  This is required because OpenPGP allows only for
32 bit length fields.  From Werner on stable branch.

* getkey.c (get_pubkey_direct): Renamed to... (get_pubkey_fast): this and
made extern. (get_pubkey_byfprint_fast): New.  From Werner on stable
branch.

* keydb.h, import.c (import_one): Use get_pubkey_fast instead of
get_pubkey.  We don't need a merged key and actually this might lead to
recursions. (revocation_present): Likewise for search by fingerprint.
From Werner on stable branch.

* g10.c (main): Try to create the trustdb even for non-colon-mode list-key
operations.  This is required because getkey needs to know whether a a key
is ultimately trusted.  From Werner on stable branch.
2002-11-13 17:43:27 +00:00
David Shaw
365011c8f1 * keyedit.c (show_key_with_all_names_colon): Make --with-colons --edit
display match the validity and trust of --with-colons --list-keys.

* passphrase.c (agent_send_all_options): Fix compile warning.

* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.

* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid.  This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
2002-11-13 13:23:03 +00:00
David Shaw
3cb4118b6c * pubkey-enc.c (get_session_key): With hidden recipients or try a given
passphrase against all secret keys rather than trying all secret keys in
turn.  Don't if --try-all-secrets or --status-fd is enabled.

* passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase
query, but don't prompt with the key info.

* seckey-cert.c (do_check, check_secret_key): A negative ask count means
to enable passphrase mode 1.

* keydb.h, getkey.c (enum_secret_keys): Add flag to include
secret-parts-missing keys (or not) in the list.
2002-11-06 16:58:28 +00:00
David Shaw
1fed5c87f0 * getkey.c (get_pubkey_direct): Don't cache keys retrieved via this
function as they may not have all their fields filled in.

* sig-check.c (signature_check2): Use new is_primary flag to check rather
than comparing main_keyid with keyid as this still works in the case of a
not fully filled in pk.
2002-10-04 22:12:09 +00:00
Werner Koch
e85fd72317 * getkey.c (get_pubkey_direct): New.
(merge_selfsigs_main): Use it here to look for an ultimately
trusted key.  Using the full get_pubkey might lead to an
infinitive recursion.
2002-10-01 08:38:24 +00:00
David Shaw
baffecaca2 Import from stable branch.
2002-09-13  David Shaw  <dshaw@jabberwocky.com>

	* getkey.c (check_revocation_keys): Move....
	* main.h, sig-check.c (check_revocation_keys): to here.  Also
	return the signature_check error code rather than 0/1 and cache
	the sig result.

	* sig-check.c (check_key_signature2): Divert to
	check_revocation_keys if a revocation sig is made by someone other
	than the pk owner.

	* getkey.c (merge_selfsigs_main): Tidy.

2002-09-13  Werner Koch  <wk@gnupg.org>

	* g10.c (main) [__MINGW32__]: Activate oLoadExtension.
2002-09-13 12:59:31 +00:00
David Shaw
7e3e9bf357 * sig-check.c (do_check, do_check_messages): Emit the usual sig warnings
even for cached sigs.  This also serves to protect against missing a sig
expiring while cached.

* getkey.c (merge_selfsigs_main): Don't check UID self-sigs twice.
2002-08-23 20:59:48 +00:00
David Shaw
8609693d79 * import.c (clean_subkeys, chk_self_sigs): Merge clean_subkeys into
chk_self_sigs.  This improves efficiency as the same signatures are not
checked multiple times.  Clarify when a subkey is revoked (any revocation
signature, even if it is dated before the binding signature).

* getkey.c (merge_selfsigs_subkey): Subkey revocation comments.

* keylist.c (list_one): Stats are only for public key listings.

* g10.c (main), options.skel: Default should be include-revoked for
keyserver operations.
2002-08-22 17:47:42 +00:00
Werner Koch
89f8e7ef36 * getkey.c (get_user_id_native): Renamed to ..
(get_user_id_printable): this.  Filter out all dangerous
characters.  Checked all usages.
(get_user_id_string_native): Renamed to..
(get_user_id_string_printable): this.  Filter out all dangerous
characters.  Checked all usages.
* keyedit.c (show_basic_key_info): New.
* keylist.c (print_fingerprint): New mode 3.
* import.c (import_one): Use new function to display the user ID.
2002-08-19 08:28:00 +00:00
David Shaw
3f51f7db3d Update head to match stable 1.0 2002-06-29 13:46:34 +00:00
Werner Koch
5a9ea8ff5c Changed keyring handling - saving still does not work.
Added new cipher mode and updated cipher test program.
2000-10-10 12:58:43 +00:00
Werner Koch
14974bc5d7 See ChangeLog: Fri Oct 6 14:29:16 CEST 2000 Werner Koch 2000-10-06 12:28:44 +00:00
Werner Koch
9c20f65cbe See ChangeLog: Wed Oct 4 13:16:18 CEST 2000 Werner Koch 2000-10-04 11:16:19 +00:00
Werner Koch
986d928ce2 See ChangeLog: Mon Sep 18 16:35:45 CEST 2000 Werner Koch 2000-09-18 14:35:34 +00:00
Werner Koch
92cd255508 See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner Koch 2000-07-14 17:34:53 +00:00
Werner Koch
baa30ad117 See ChangeLog: Thu Jan 27 18:00:44 CET 2000 Werner Koch 2000-01-27 16:50:45 +00:00
Werner Koch
0070faa0ff See ChangeLog: Mon Jan 24 13:04:28 CET 2000 Werner Koch 2000-01-24 11:55:49 +00:00
Werner Koch
881e513237 See ChangeLog: Sat Nov 13 17:44:23 CET 1999 Werner Koch 1999-11-13 16:43:23 +00:00
Werner Koch
0428ca6da6 See ChangeLog: Wed Sep 1 15:30:44 CEST 1999 Werner Koch 1999-09-01 13:40:07 +00:00
Werner Koch
4dbfb24dbb See ChangeLog: Mon Jul 26 09:34:46 CEST 1999 Werner Koch 1999-07-26 07:44:46 +00:00
Werner Koch
541bb017d2 See ChangeLog: Thu Jul 22 20:03:03 CEST 1999 Werner Koch 1999-07-22 18:11:55 +00:00
Werner Koch
7cb8838061 See ChangeLog: Thu May 6 14:18:17 CEST 1999 Werner Koch 1999-05-06 12:26:10 +00:00
Werner Koch
1feae2011c See ChangeLog: Sun Apr 18 10:11:28 CEST 1999 Werner Koch 1999-04-18 08:18:52 +00:00
Werner Koch
8d255ff264 See ChangeLog: Wed Mar 17 13:09:03 CET 1999 Werner Koch 1999-03-17 12:13:04 +00:00
Werner Koch
b31145f3e2 See ChangeLog: Mon Mar 8 20:47:17 CET 1999 Werner Koch 1999-03-08 19:50:18 +00:00
Werner Koch
9f099678ac See ChangeLog: Mon Feb 22 20:04:00 CET 1999 Werner Koch 1999-02-22 19:08:46 +00:00
Werner Koch
a4ff45f634 See ChangeLog: Fri Feb 19 15:49:15 CET 1999 Werner Koch 1999-02-19 14:54:00 +00:00
Werner Koch
9a4f506a18 See ChangeLog: Wed Feb 10 17:15:39 CET 1999 Werner Koch 1999-02-10 16:22:40 +00:00
Werner Koch
a16e15282a See ChangeLog: Sun Jan 24 18:16:26 CET 1999 Werner Koch 1999-01-24 17:16:40 +00:00