1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-11 21:48:50 +01:00
Commit Graph

169 Commits

Author SHA1 Message Date
David Shaw
99b1f3e1da * gpg.c (print_mds), armor.c (armor_filter, parse_hash_header): Add
SHA-224.

* sign.c (write_plaintext_packet), encode.c (encode_simple): Factor
common literal packet setup code from here, to...

* main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure the
literal packet filename field is UTF-8 encoded.

* options.h, gpg.c (main): Make sure --set-filename is UTF-8 encoded
and note when filenames are already UTF-8.
2006-04-20 02:36:05 +00:00
David Shaw
4fea8fdbbb * options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data):
Use it here for the various notation commands.

* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.
2006-03-08 23:30:12 +00:00
David Shaw
90d8377276 * options.h, mainproc.c (check_sig_and_print), gpg.c (main):
pka-lookups, not pka-lookup.

* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
2006-03-08 02:40:42 +00:00
David Shaw
4f9efb7a79 * options.h, gpg.c (main, parse_trust_model), pkclist.c
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
2006-03-07 20:14:20 +00:00
Werner Koch
4aeb4d4b10 More tests added; make distcheck works 2006-03-07 11:05:41 +00:00
David Shaw
f4f5ea43e7 * keydb.h, getkey.c (release_akl), gpg.c (main): Add
--no-auto-key-locate.

* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.

* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New.  Find a keyserver that matches ours and
return its spec.

* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
2006-02-24 14:27:22 +00:00
David Shaw
624f3582ba * options.c, gpg.c (main), keyserver.c (keyserver_spawn): No special
treatment of include-revoked, include-subkeys, and try-dns-srv.  These are
keyserver features, and GPG shouldn't get involved here.
2006-02-23 22:39:40 +00:00
David Shaw
c37453211c * options.h, keyserver.c (add_canonical_option): New.
(parse_keyserver_options): Moved from here. (parse_keyserver_uri): Use it
here so each keyserver can have some private options in addition to the
main keyserver-options (e.g. per-keyserver auth).
2006-02-23 17:00:02 +00:00
David Shaw
1ae024ef81 * options.h, keyserver-internal.h, keyserver.c (keyserver_import_name),
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
2006-02-22 23:37:23 +00:00
David Shaw
305288b5f5 * options.h, keyserver.c (parse_keyserver_options): Remove
auto-cert-retrieve as it is no longer meaningful.  Add max-cert-size to
allow users to pick a max key size retrieved via CERT.
2006-02-22 20:34:48 +00:00
David Shaw
477defdb1b * options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.
2006-02-22 20:20:58 +00:00
David Shaw
7eab1846ca * options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate):
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
2006-02-22 19:06:23 +00:00
David Shaw
846eefaa71 * keyserver.c (keyserver_import_pka): New. Moved from
getkey.c:get_pubkey_byname which was getting crowded.

* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records.  Can handle both the PGP (actual key) and IPGP (URL) CERT types.

* getkey.c (get_pubkey_byname): Call them both here.

* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
2005-12-23 22:17:11 +00:00
Werner Koch
f1482aab4e Finished PKA feature 2005-12-20 20:19:16 +00:00
David Shaw
1d051e8ed5 * options.h, keyserver.c (curl_cant_handle, keyserver_spawn,
keyserver_fetch): Set a flag to indicate that we're doing a direct URI
fetch so we can differentiate between a keyserver operation and a URI
fetch for protocols like LDAP that can do either.
2005-12-08 05:52:41 +00:00
David Shaw
eac8dbc9b7 * keyedit.c (keyedit_menu, menu_clean): Simplify clean options to just
"clean", and add "minimize".

* import.c (parse_import_options): Make help text match the export
versions of the options.

* options.h, export.c (parse_export_options, do_export_stream): Reduce
clean options to two: clean and minimize.

* trustdb.h, trustdb.c (clean_one_uid): New function that joins uid
and sig cleaning into one for a simple API outside trustdb.
2005-11-18 04:25:07 +00:00
David Shaw
40b9d5648d * trustdb.h, trustdb.c (clean_key): New function to handle key
cleaning from one convenient place.

* options.h, import.c (parse_import_options, clean_sigs_from_all_uids,
import_one): Reduce clean options to two: clean and minimize.

* parse-packet.c (setup_user_id): Remove.  (parse_user_id,
parse_attribute): Just use xmalloc_clear instead.
2005-11-12 04:53:03 +00:00
David Shaw
477ded81a4 * options.h, import.c (parse_import_options, clean_sigs_from_all_uids,
import_one): Add import-minimal option. Similar to export-minimal, except
it works on the way in.
2005-11-10 21:30:27 +00:00
David Shaw
094a7ab401 * options.h, getkey.c (merge_selfsigs_subkey), gpg.c (main), sig-check.c
(signature_check2): Add --require-backsigs and --no-require-backsigs.  
Currently defaults to --no-require-backsigs.
2005-10-12 20:44:24 +00:00
Werner Koch
2ce542ad52 auto retrieve keys from PKA. Thsi allows to specify an email address
so that gpg can get the key from DNS.  This helps with opportunistic
encryption.  No integration with the trust modell yet.
2005-08-05 14:46:59 +00:00
Werner Koch
a486501c0b * gpg.sgml (http):
* g10.c, options.h: New option --exit-on-status-write-error.
* status.c (write_status_text): Make use of this option.
2005-07-22 16:28:40 +00:00
David Shaw
04b9cec18f * options.h, g10.c (main), keyedit.c (keyedit_menu): Use --interactive
to enable the uid walking when signing a key with no uids specified to
sign.

* keylist.c (list_keyblock_print): Fix silly typo.  Noted by Greg
Sabino Mullane.
2005-07-22 12:52:34 +00:00
Werner Koch
a0b4f40301 * g10.c, options.h: New option --limit-card-insert-tries.
* cardglue.c (open_card): Use it.
2005-07-19 12:14:39 +00:00
Werner Koch
730247b19e * configure.ac [W32]: Always set DISABLE_KEYSERVER_PATH.
* export.c (parse_export_options): New option
export-reset-subkey-passwd.
(do_export_stream): Implement it.

* misc.c (get_libexecdir): New.
* keyserver.c (keyserver_spawn): Use it
2005-07-19 08:50:28 +00:00
Werner Koch
2d2e2e74b8 * gpg.sgml: Document smartcard related options.
* g10.c, options.h: New option --no-interactive-selection.
* keyedit.c (keyedit_menu): Use it.
2005-06-20 17:03:27 +00:00
David Shaw
07e9d532b1 * keygen.c (save_unprotected_key_to_card): Fix gcc4 warning.
* options.h, import.c (parse_import_options, import_one): Add
import-clean-uids option to automatically compact unusable uids when
importing.  Like import-clean-sigs, this may nodify the local keyring.

* trustdb.c (clean_uids_from_key): Only allow selfsigs to be a
candidate for re-inclusion.
2005-06-14 03:55:19 +00:00
David Shaw
f3c4b07d05 * options.h, import.c (parse_import_options, clean_sigs_from_all_uids,
import_one): Add import-clean-sigs option to automatically clean a key
when importing.  Note that when importing a key that is already on the
local keyring, the clean applies to the merged key - i.e. existing
superceded or invalid signatures are removed.
2005-06-12 21:17:46 +00:00
David Shaw
1594883f2f * options.h, import.c (parse_import_options, delete_inv_parts):
import-unusable-sigs is now a noop.
2005-06-10 03:15:25 +00:00
David Shaw
045433e35c * options.h, export.c (do_export_stream), keyedit.c (keyedit_menu,
menu_clean_subkeys_from_key), trustdb.h, trustdb.c
(clean_subkeys_from_key): Remove subkey cleaning function.  It is of
very limited usefulness since it cannot be used on any subkey that can
sign, and can only affect multiple selfsigs on encryption-only
subkeys.
2005-06-10 03:00:57 +00:00
David Shaw
2c9948c00a * options.h, g10.c (main), export.c (parse_export_options,
do_export_stream): Add export-options export-clean-sigs,
export-clean-uids, export-clean-subkeys, and export-clean which is all
of the above.  Export-minimal is the same except it also removes all
non-selfsigs.  export-unusable-sigs is now a noop.
2005-06-08 03:31:48 +00:00
Werner Koch
7d4043ca57 Updated FSF street address and preparations for a release candidate. 2005-05-31 08:39:18 +00:00
David Shaw
c5fa20dba3 * build-packet.c (do_comment): Removed. (build_packet): Ignore
comment packets.

* export.c (do_export_stream): Don't export comment packets any
longer.

* options.h, g10.c (main): Remove --sk-comments and --no-sk-comments
options, and replace with no-op.
2005-05-14 02:38:31 +00:00
David Shaw
da0c60a987 * keygen.c (start_tree): New function to "prime" a KBNODE list.
(do_generate_keypair): Use it here rather than creating and deleting a
comment packet.

* keygen.c (gen_elg, gen_dsa): Do not put public factors in secret key as
a comment.

* options.h, encode.c (encode_simple, encode_crypt), keygen.c (do_create):
Remove disabled comment packet code.
2005-05-05 22:08:37 +00:00
David Shaw
c71639cfff * options.h, g10.c (main): Add new --default-sig-expire and
--default-cert-expire options.  Suggested by Florian Weimer.

* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.

* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
2005-05-05 19:21:40 +00:00
Werner Koch
1985805cdf (pin_cb): Print a warning if the info string hack is
not there.  This may happen due to typos in the translation.
2005-03-30 10:39:13 +00:00
David Shaw
ff93f3528a * options.h, keyserver.c (parse_keyserver_options, keyserver_spawn): Don't
treat 'verbose' and 'include-disabled' as special.  Just pass them through
silently to the keyserver helper.
2005-03-17 22:55:17 +00:00
David Shaw
fbee22ac0c * options.h, import.c (parse_import_options, delete_inv_parts): Add
import-unusable-sigs flag to enable importing unusable (currently:
expired) sigs.

* options.h, export.c (parse_export_options, do_export_stream): Add
export-unusable-sigs flag to enable exporting unusable (currently:
expired) sigs.
2005-01-01 21:21:11 +00:00
David Shaw
f3c33b8768 * options.h, keyserver.c (parse_keyserver_uri): Properly parse auth data
from URLs and pass to keyserver helpers.
2004-12-22 18:09:41 +00:00
David Shaw
07250279e7 * keyedit.c (keyedit_menu): Invisible alias "passwd" as "password".
* passphrase.c: Don't check for __CYGWIN__, so it is treated as a
unix-like system.

* options.h, g10.c (main), textfilter.c (standard): Use new option
--rfc2440-text to determine whether to filter "<space>\t\r\n" or just
"\r\n" before canonicalizing text line endings.  Default to
"<space>\t\r\n".
2004-12-20 05:19:09 +00:00
David Shaw
bf5d013bc8 * options.h, g10.c (main), textfilter.c (standard): Use --rfc2440 or
--openpgp directly to determine the end of line hashing rule.

* trustdb.c (uid_trust_string_fixed): Show uids as expired if the key is
expired.
2004-12-11 04:47:33 +00:00
David Shaw
1c334577f3 * options.h, g10.c (main), textfilter.c (len_without_trailing_ws): Removed
(not used). (standard): 2440 says that textmode hashes should canonicalize
line endings to CRLF and remove spaces and tabs.  2440bis-12 says to just
canonicalize to CRLF.  So, we default to the 2440bis-12 behavior, but
revert to the strict 2440 behavior if the user specifies --rfc2440.  In
practical terms this makes no difference to any signatures in the real
world except for a textmode detached signature.
2004-12-10 05:35:54 +00:00
David Shaw
6dedf7a068 * options.h, export.c (parse_export_options, do_export_stream), import.c
(parse_import_options, import_keys_internal): Make the import-options and
export-options distinct since they can be mixed together as part of
keyserver-options.
2004-11-26 15:51:37 +00:00
David Shaw
9a70afe2b3 * options.h, export.c (parse_export_options, do_export_stream): Add
"export-minimal" option to disregard any sigs except selfsigs.
2004-11-25 03:58:42 +00:00
David Shaw
65077adf83 * options.h, g10.c (main), mainproc.c (check_sig_and_print): Rename
verify-option show-validity to show-uid-validity to match the similar
list-option.

* app-openpgp.c (verify_chv3): Fix typo.
2004-10-21 19:18:47 +00:00
David Shaw
9a4dc13d5e * pkclist.c (do_edit_ownertrust): Different prompt when we're using direct
trust since the meaning is different.

* keyedit.c (trustsig_prompt): Change the strings to match the ones in
pkclist.c:do_edit_ownertrust to make translation easier.

* trustdb.c (trust_model_string, get_validity): Add direct trust model
which applies to the key as a whole and not per-uid.

* options.h, g10.c (parse_trust_model): New. (main): Call it from here to
do string-to-trust-model.
2004-10-13 15:34:52 +00:00
David Shaw
2ff6607f0d * main.h, g10.c (main), card-util.c (change_pin): If "admin" has not been
issued, skip right to the CHV1/CHV2 PIN change.  No need to show the
unblock or admin PIN change option. (card_edit): Add "admin" command to
add admin commands to the menu.  Do not allow admin commands until "admin"
is given.

* app-openpgp.c (verify_chv3): Show a countdown of how many wrong admin
PINs can be entered before the card is locked.

* options.h, g10.c (main), app-openpgp.c (verify_chv3): Remove
--allow-admin.
2004-09-25 13:04:55 +00:00
David Shaw
e7c94128b2 * options.h, keylist.c (print_one_subpacket, print_subpackets_colon):
Print a spk record for each request subpacket. (list_keyblock_colon): Call
them here.

* g10.c (parse_subpacket_list, parse_list_options): New.  Make the list of
subpackets we are going to print. (main): Call them here.
2004-09-12 15:27:38 +00:00
David Shaw
0aad41079e * keylist.c (list_keyblock_print): Always use the new listing format where
uids are always on a line for themselves.  Mark expired secret keys as
expired.

* options.h, g10.c (main): Rename list show-validity to show-uid-validity
as it only shows for uids.

* armor.c (armor_filter): Do not use padding to get us to 8 bytes of
header.  Rather, use 2+4 as two different chunks.  This avoids a fake
filename of "is".
2004-07-16 14:30:55 +00:00
Werner Koch
3624da002f some late minor fixes. 2004-05-22 11:33:47 +00:00
David Shaw
cc383b6432 * options.h (ctrl): New for member IN_AUTO_KEY_RETRIEVE.
* mainproc.c (check_sig_and_print): track whether we are retrieving a key.

* status.c (status_currently_allowed): New. (write_status_text,
write_status_text_and_buffer): Use it here.

* g10.c: New command --gpgconf-list. (gpgconf_list): New.  From Werner on
stable branch.
2004-05-20 18:04:33 +00:00