card. If it does, only allow 160-bit hashes, a la DSA. This involves
passing the *sk in, so change all callers. This is correct for today,
given the current 160-bit q in DSA, and the current SHA-1/RIPEMD160
support in the openpgp card. It will almost certainly need changing
down the road.
* app-openpgp.c (do_sign): Give user error if hash algorithm is not
supported by the card.
(sign_file, clearsign_file, sign_symencrypt_file), g10.c (main), keyedit.c
(sign_uids): Use seconds rather than days internally to calculate
expiration. We no longer need the day-based code as we don't generate v3
keys.
--default-cert-expire options. Suggested by Florian Weimer.
* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.
* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
Changed all callers.
(ask_passphrase): Add new arg CACHEID and use it in agent mode.
Changed all callers.
(passphrase_clear_cache): New arg CACHEID. Changed all callers.
* cardglue.c (format_cacheid): New.
(pin_cb): Compute a cache ID.
(agent_scd_pksign, agent_scd_pkdecrypt): Use it.
(agent_clear_pin_cache): New.
* card-util.c (change_pin): Clear the PIN cache.
(check_pin_for_key_operation): Ditto.
filename when using --use-embedded-filename with input that has no
filename (clearsigned or message generated from a pipe).
* encode.c (encode_simple, encode_crypt), progress.c (handle_progress),
sign.c (write_plaintext_packet): Fix a few inconsistent calls (NULL
filename means a pipe here, so don't bother to check it twice).
Elgamal signing keys since we no longer support any Elgamal signing keys.
* sign.c (sign_file, clearsign_file): Use "writing to" instead of "writing
to file" to match other strings.
* pkclist.c (check_signatures_trust): Fix typo. Noted by Moray Allan.
This is Debian bug #278708.
* passphrase.c (ask_passphrase, passphrase_to_dek): "password" ->
"passphrase".
* keyedit.c (show_key_with_all_names): Show designated revoker as part of
translatable string.
* exec.c, sign.c: Change "can't open file" to "can't open" and "can't
create file" to "can't create" to be consistent with other strings so we
don't have to translate both.
http.
* openfile.c (overwrite_filep, make_outfile_name, open_outfile)
(open_sigfile): Use iobuf_is_pipe_filename to check for pipes so
that special filesnames are taken into account. This is bug 327.
* tdbdump.c (import_ownertrust): Ditto.
* sign.c (write_plaintext_packet): Ditto.
* progress.c (handle_progress): Ditto.
* plaintext.c (handle_plaintext): Ditto.
* encode.c (encode_simple, encode_crypt): Ditto.
* iobuf.c (iobuf_is_pipe_filename): New.
* fileutil.c (is_file_compressed): Use it here.
opt.s2k_digest_algo. This helps fix a problem with PGP 2.x encrypted
symmetric messages. Change all callers (encode.c, g10.c, keyedit.c,
keygen.c, passphrase.c, sign.c).
* armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent in some
more quoted strings. Always use 'user ID', not 'user id', "quotes" for
user IDs, etc.
* g10.c (main): New alias --throw-keyid for --throw-keyids, so that it
continues to work in old configuration files. Noted by Jens Adam.
* pkclist.c (algo_available): --pgp8 now allows blowfish, zlib, and bzip2.
* status.c (do_get_from_fd): Flush stdout if status isn't flushing it for
us. This guarantees that any menus that were displayed before the prompt
don't get stuck in a buffer. Noted by Peter Palfrader. This is Debian
bug #254072.
* sign.c (update_keysig_packet): Revert change of 2004-05-18. It is not
appropriate to strip policy and notations when remaking a sig. That
should only happen when specifically requested by the user.
expired user IDs. Also, once we've established that a given uid cannot or
will not be signed, don't continue to ask about each sig.
* mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check the S2K
hash algorithm before we try to generate a passphrase using it. This
prevents hitting BUG() when generating a passphrase using a hash that we
don't have.
* sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign
--symmetric messages.
generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey. Do not overload the ret_sk. This is some early cleanup
to do backsigs for signing subkeys.
* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):
Keep track of the unprotected subkey secret key so we can make a backsig
with it.
* keygen.c (make_backsig): New function to add a backsig to a binding sig
of signing subkeys. Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.
* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).
* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.
encode_md_value), sig-check.c (do_check), sign.c (do_sign): Remove
--emulate-md-encode-bug as it only applied to Elgamal signatures, which
are going away.
* main.h, encode.c (setup_symkey): New. Prompt for a passphrase and
create a DEK for symmetric encryption. (write_symkey_enc): New. Write out
symmetrically encrypted session keys. (encode_crypt, encrypt_filter): Use
them here here when creating a message that can be decrypted with a
passphrase or a pk.
* sign.c (sign_file): Call setup_symkey if we are doing a --symmetric
--sign --encrypt.
check_compress_algo): Add bzip2.
* compress.c (compress_filter): Make static to help force the use of
push_compress_filter. Remove default algorithm setting since that is done
in push_compress_filter now.
* main.h: Use named algorithm.
* filter.h, compress.c (push_compress_filter, push_compress_filter2): New.
Figure out which is the appropriate compression filter to use, and push it
into place.
* compress.c (handle_compressed), encode.c (encode_simple, encode_crypt),
sign.c (sign_file, sign_symencrypt_file), import.c (read_block), export.c
(do_export): Use push_compress_filter instead of pushing the compression
filter ourselves.
* compress-bz2.c: New. Bzlib versions of the compression filter routines.
* Makefile.am: Include compress-bz2.c if bz2lib is available.
requested.
(genkey_status_cb): New.
(agent_scd_genkey): Implemented.
* keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare
parameters for on card key generation. Changed all callers.
(do_generate_keypair): Add new arg card and merged casrd specific
changes from 1.9.
(proc_parameter_file): New arg card, apss it down to
do_generate_keypair and changed all callers.
(gen_card_key): New.
* g10.c: Include cardclue.h.
(main): s/app_set_default_reader_port/card_set_reader_port/.
* cardglue.c (card_set_reader_port): New to address include file
issues.
default and tehre is not yet much more than a new configure option.
* configure.ac (LIBUSB_LIBS,HAVE_LIBUSB): Check for Libusb.
(--enable-card-support): New.
* sign.c (do_sign) [ENABLE_CARD_SUPPORT]: Divert to card.
* cardglue.c, cardglue.h: New.
* Makefile.am (gpg_LDADD): Added.
(card_support_sources): New.
* memory.h (xmalloc): Define xmalloc macros in terms of m_alloc.
* trustdb.c (validate_keys): Give a little more information while
rebuilding trustdb.
* pkclist.c (do_edit_ownertrust): Clarify "don't know".
* g10.c (main): Default to --no-mangle-dos-filenames.
(mk_notation_policy_etc): Clarify a few strings. It's a "preferred
keyserver URL".
* g10.c (main): Use "keyserver-url" instead of "preferred-keyserver" for
the sake of short and simple commands.
* options.skel: Note that keyserver.pgp.com isn't synchronized, and
explain the roundrobin a bit better.
* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, collapse_uids,
merge_blocks): Make much quieter during import of slightly munged, but
recoverable, keys. Use log_error for unrecoverable import failures.
* keyring.c (keyring_rebuild_cache): Comment.
* sign.c (mk_notation_and_policy): Making a v3 signature with notations or
policy urls is an error, not an info (i.e. increment the errorcount).
Don't print the notation or policy url to stdout since it can be mixed
into the output stream when piping and munge the stream.
--sig-preferred-keyserver to implant a "where to get my key" subpacket
into a signature.
* sign.c (mk_notation_and_policy): Rename to mk_notation_policy_etc and
add preferred keyserver support for signatures.
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.
* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands. These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options. The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings. The old options
are emulated.
getkey.c, keydb.c, openfile.c, plaintext.c, status.c, gpgv.c, keygen.c,
options.h, sig-check.c, tdbio.h, encode.c, mainproc.c, parse-packet.c,
signal.c, textfilter.c: Edit all preprocessor instructions to remove
whitespace before the '#'. This is not required by C89, but there are some
compilers out there that don't like it.
* sign.c (write_plaintext_packet)
* encode.c (encode_simple,encode_crypt): Make sure that a filename
of "-" is considered to be stdin so that iobuf_get_filelength
won't get called. This fixes bug 156 reported by Gregery Barton.
(do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c
(dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old
sig cache subpacket. This wasn't completely harmless as it caused
subpacket 101 to disappear on import and export.
* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c,
encode.c, getkey.c, revoke.c: The current flags for different levels of
PGP-ness are massively complex. This is step one in simplifying them. No
functional change yet, just use a macro to check for compliance level.
* sign.c (sign_file): Fix bug that causes spurious compression preference
warning.
* sign.c (clearsign_file): Fix bug that prevents proper warning message
from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key.
* main.h, misc.c (compliance_option_string, compliance_string,
compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New
functions to put the "this message may not be usable...." warning in one
place.
* options.h, g10.c (main): Part two of the simplification. Use a single
enum to indicate what we are compliant to (1991, 2440, PGPx, etc.)
* g10.c (main): Show errors for failure in export, send-keys, recv-keys,
and refresh-keys.
* options.h, g10.c (main): Give algorithm warnings for algorithms chosen
against the --pgpX and --openpgp rules.
* keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp
mode.
* sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of
0.
* exec.c (exec_write): Cast NULL to void* to properly terminate varargs
list.
* keyedit.c (show_key_with_all_names): Just for safety, catch an invalid
pk algorithm.
* sign.c (make_keysig_packet): Crucial that the call to mksubpkt comes
LAST before the calls to finalize the sig as that makes it possible for
the mksubpkt function to get a reliable pointer to the subpacket area.
* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
particular user ID, use that ID as the one to ask about when prompting
whether to use the key anyway. (build_pk_list): Similar change here when
adding keys to the recipient list.
* trustdb.c (update_validity): Fix bug that prevented more than one
validity record per trust record. (get_validity): When retrieving validity
for a (user) supplied user ID, return the validity for that user ID only,
and do not fall back to the general key validity. (validate_one_keyblock):
Some commentary on whether non-self-signed user IDs belong in the web of
trust (arguably, they do).
mode.
* tdbio.h, tdbio.c (tdbio_read_model): New function to return the trust
model used in a given trustdb.
* options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb,
update_trustdb): Use tdbio_read_model to implement an "auto" trust model
which is set via the trustdb.
agent is to be used. Noted by Ingo Kl�cker.
(agent_get_passphrase): Inhibit caching when we have no
fingerprint. This is required for key generation as well as for
symmetric only encryption.
* passphrase .c (agent_get_passphrase): New arg CANCELED.
(passphrase_to_dek): Ditto. Passed to above. Changed all
callers to pass NULL.
* seckey-cert.c (do_check): New arg CANCELED.
(check_secret_key): Terminate loop when canceled.
* keyedit.c (change_passphrase): Pass ERRTEXT untranslated to
passphrase_to_dek and translate where appropriate.
* seckey-cert.c (check_secret_key): Ditto.
* keygen.c (ask_passphrase): Ditto.
* passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT.
Switch the codeset to utf-8.
(segfault). Noted by Marcus Brinkmann. Push and reinitialize textmode
filter for each file in a multiple file list.
* packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set and show
the keyserver no-modify flag.
* keygen.c (add_keyserver_modify): New. (keygen_upd_std_prefs): Call it
here. (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as
prefs to set and unset keyserver modify flag.
matter where the user puts the = sign.
* options.skel: Comment out the first three lines in case someone manually
copies the skel file to their homedir.
* sign.c (clearsign_file): Only use pgp2mode with v3 keys and MD5. This
matches what we do when decoding such messages and prevents creating a
message (v3+RIPEMD/160) that we can't verify.
* sig-check.c (signature_check2): Use G10ERR_GENERAL as the error for
signature digest conflict. BAD_SIGN implies that a signature was checked
and we may try and print out a user ID for a key that doesn't exist.
Minimal isn't always best.
* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time. Make sure that this doesn't
cause a time warp.
* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).
* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.
* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).
* packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.