they at least handle subkeys correctly.
* options.h, g10.c (main), main.h, keylist.c (show_keyserver_url),
mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt,
parse_one_sig_subpkt, can_handle_critical): Add read-only support for
preferred keyserver subpackets. They're basically policy URLs with a
different name. Add a verify-option "show-preferred-keyserver" to turn
them on and off (on by default, as per stable branch).
* g10.c (main): Add "--set-notation" as alias to "--notation-data" this is
to make things consistent with --set-policy-url meaning both sigs and
certs.
"show-validity" and "show-long-keyid" list-options.
* gpgv.c (get_validity, trust_value_to_string): Stubs.
* g10.c (main): Use SAFE_VERSION instead of VERSION in the
version-specific gpg.conf file so it can be overridden on RISCOS.
(check_sig_and_print): Emulate the old policy and notation behavior
(display by default). Send to status-fd whether it is displayed on the
screen or not.
* g10.c (main): Since we now have some options in devel that won't work in
a stable branch gpg.conf file, try for a version-specific gpg.conf-VERSION
file before falling back to gpg.conf.
* main.h, options.h: Move various option flags to options.h.
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.
* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands. These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options. The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings. The old options
are emulated.
bug in the old version that did not handle report syntax errors after a
valid entry.
* import.c (parse_import_options), export.c (parse_export_options): Call
it here instead of duplicating the code.
--with-colons mode. Actually translate "Keyring" string.
* mainproc.c (proc_tree): We can't currently handle multiple signatures of
different classes or digests (we'd pretty much have to run a different
hash context for each), but if they are all the same, make an exception.
This is Debian bug #194292.
* sig-check.c (check_key_signature2): Make string translatable.
* packet.h, getkey.c (fixup_uidnode): Mark real primary uids differently
than assumed primaries.
* keyedit.c (no_primary_warning): Use the differently marked primaries
here in a new function to warn when an --edit-key command might rearrange
the self-sig dates enough to change which uid is primary. (menu_expire,
menu_set_preferences): Use no_primary_warning() here.
* Makefile.am: Use @DLLIBS@ for -ldl.
warning a verbose item and translatable. (From wk on stable branch)
* sig-check.c (check_key_signature2): Made "no subkey for subkey binding
packet" a verbose item instead of a !quiet one. There are too many
garbled keys out in the wild. (From wk on stable branch)
* filter.h: Remove const from WHAT. (From wk on stable branch)
* progress.c (handle_progress): Store a copy of NAME. (progress_filter):
Release WHAT, make sure not to print a NULL WHAT. (From wk on stable
branch)
* openfile.c (open_sigfile): Adjust free for new progress semantics. (From
wk on stable branch)
* plaintext.c (ask_for_detached_datafile): Don't dealloc pfx->WHAT. (From
wk on stable branch)
* seckey-cert.c (do_check): Issue the RSA_OR_IDEA status when the cipher
algo is IDEA to make it easier to track down the problem. (From twoaday on
stable branch)
getkey.c, keydb.c, openfile.c, plaintext.c, status.c, gpgv.c, keygen.c,
options.h, sig-check.c, tdbio.h, encode.c, mainproc.c, parse-packet.c,
signal.c, textfilter.c: Edit all preprocessor instructions to remove
whitespace before the '#'. This is not required by C89, but there are some
compilers out there that don't like it.
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy. Cache the result of the check so we don't
need to hit the trustdb more than once.
* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.
* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.
* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.
* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.
* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.
* exec.h, photoid.h: Add copyright message.
* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings. This is for
consistency with --show-photos.
* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.
* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options. This is the same as --no-XXXX for those options.
* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question. This is bug 153.
* keyedit.c (sign_uids): Show keyid of the key making the signature.
* sign.c (write_plaintext_packet)
* encode.c (encode_simple,encode_crypt): Make sure that a filename
of "-" is considered to be stdin so that iobuf_get_filelength
won't get called. This fixes bug 156 reported by Gregery Barton.
(do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c
(dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old
sig cache subpacket. This wasn't completely harmless as it caused
subpacket 101 to disappear on import and export.
* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c,
encode.c, getkey.c, revoke.c: The current flags for different levels of
PGP-ness are massively complex. This is step one in simplifying them. No
functional change yet, just use a macro to check for compliance level.
* sign.c (sign_file): Fix bug that causes spurious compression preference
warning.
* sign.c (clearsign_file): Fix bug that prevents proper warning message
from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key.
* main.h, misc.c (compliance_option_string, compliance_string,
compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New
functions to put the "this message may not be usable...." warning in one
place.
* options.h, g10.c (main): Part two of the simplification. Use a single
enum to indicate what we are compliant to (1991, 2440, PGPx, etc.)
* g10.c (main): Show errors for failure in export, send-keys, recv-keys,
and refresh-keys.
* options.h, g10.c (main): Give algorithm warnings for algorithms chosen
against the --pgpX and --openpgp rules.
* keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp
mode.
* sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of
0.
TM_CLASSIC or TM_PGP.
* trustdb.h, trustdb.c (trust_string, get_ownertrust_string,
get_validity_string, ask_ownertrust, validate_keys), pkclist.c
(do_edit_ownertrust): Rename trust_string to trust_value_to_string for
naming consistency.
* trustdb.h, trustdb.c (string_to_trust_value): New function to translate
a string to a trust value.
* g10.c (main): Use string_to_trust_value here for --force-ownertrust.
* options.h, g10.c (main), trustdb.c (trust_model_string, init_trustdb,
check_trustdb, update_trustdb, get_validity, validate_one_keyblock): An
"OpenPGP" trust model is misleading since there is no official OpenPGP
trust model. Use "PGP" instead.
* exec.c (exec_write): Cast NULL to void* to properly terminate varargs
list.
* keyedit.c (show_key_with_all_names): Just for safety, catch an invalid
pk algorithm.
* sign.c (make_keysig_packet): Crucial that the call to mksubpkt comes
LAST before the calls to finalize the sig as that makes it possible for
the mksubpkt function to get a reliable pointer to the subpacket area.
* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
particular user ID, use that ID as the one to ask about when prompting
whether to use the key anyway. (build_pk_list): Similar change here when
adding keys to the recipient list.
* trustdb.c (update_validity): Fix bug that prevented more than one
validity record per trust record. (get_validity): When retrieving validity
for a (user) supplied user ID, return the validity for that user ID only,
and do not fall back to the general key validity. (validate_one_keyblock):
Some commentary on whether non-self-signed user IDs belong in the web of
trust (arguably, they do).
* export.c (do_export_stream), keyedit.c (show_key_with_all_names,
menu_addrevoker), mainproc.c (check_sig_and_print), photoid.c
(show_photos), sign.c (mk_notation_and_policy), trustdb.c (get_validity,
reset_trust_records, validate_keys): Make some strings translatable.
* mainproc.c (check_sig_and_print): Show digest algorithm and sig class
when verifying a sig with --verbose on, and add version, pk and hash
algorithms and sig class to VALIDSIG.
* parse-packet.c (enum_sig_subpkt): Make a warning message a --verbose
warning message since we don't need to warn every time we see an unknown
critical (we only need to invalidate the signature).
* trustdb.c (init_trustdb): Check the trustdb options even with TM_AUTO
since the auto may become TM_CLASSIC or TM_OPENPGP.
mode.
* tdbio.h, tdbio.c (tdbio_read_model): New function to return the trust
model used in a given trustdb.
* options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb,
update_trustdb): Use tdbio_read_model to implement an "auto" trust model
which is set via the trustdb.
agent is to be used. Noted by Ingo Kl�cker.
(agent_get_passphrase): Inhibit caching when we have no
fingerprint. This is required for key generation as well as for
symmetric only encryption.
* passphrase .c (agent_get_passphrase): New arg CANCELED.
(passphrase_to_dek): Ditto. Passed to above. Changed all
callers to pass NULL.
* seckey-cert.c (do_check): New arg CANCELED.
(check_secret_key): Terminate loop when canceled.
* keyedit.c (change_passphrase): Pass ERRTEXT untranslated to
passphrase_to_dek and translate where appropriate.
* seckey-cert.c (check_secret_key): Ditto.
* keygen.c (ask_passphrase): Ditto.
* passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT.
Switch the codeset to utf-8.
fix_pks_corruption): It's really PKS corruption, not HKP corruption.
Keep the old repair-hkp-subkey-bug command as an alias.
* g10.c (main): Rename --no-version to --no-emit-version for consistency.
Keep --no-version as an alias.
than a CERT.
* import.c (delete_inv_parts): Discard any key signatures that aren't key
types (i.e. 0x00, 0x01, etc.)
* g10.c (main): Add deprecated option warning for --list-ownertrust. Add
--compression-algo alias for --compress-algo. Change --version output
strings to match "showpref" strings, and make translatable.
* status.c (do_get_from_fd): Accept 'y' as well as 'Y' for --command-fd
boolean input.
* trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX)
* keyedit.c (show_key_with_all_names_colon): Show no-ks-modify flag.
keyserver option. Defaults to on.
* passphrase.c (agent_get_passphrase): Fix memory leak with symmetric
messages. Fix segfault with symmetric messages. Fix incorrect prompt
with symmetric messages.
fully valid keys so that disabled keys are still counted in the web of
trust. (get_ownertrust_with_min): Do the same for the minimum ownertrust
calculation.
* parse-packet.c (dump_sig_subpkt): Show the notation names for
not-human-readable notations. Fix cosmetic off-by-one length counter.
* options.skel: Add explantion and commented-out
"no-mangle-dos-filenames".
* mainproc.c (proc_encrypted): Make string translatable.
* keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit characters
in the uid strings sent to the keyserver helper.
* keyring.c (keyring_rebuild_cache): Lock the keyring while rebuilding the
signature caches to prevent another gpg from tampering with the temporary
copy.
* keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in default
prefs.
* keyedit.c (show_prefs): Make strings translatable.
* keydb.c: Double the maximum number of keyrings to 40.
* gpgv.c (main): Fix bug #113 - gpgv should accept the
--ignore-time-conflict option.
* g10.c (main): --openpgp disables --pgpX. Double the amount of secure
memory to 32k (keys are getting bigger these days).
* Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.
about the key in the data sent to the keyserver helper. This allows the
helper to use it in instructing a remote server which may not have any
actual OpenPGP smarts in parsing keys.
* main.h, export.c (export_pubkeys_stream, do_export_stream): Add ability
to return only the first match in an exported keyblock for keyserver
usage. This should be replaced at some point with a more flexible
solution where each key can be armored seperately.
(segfault). Noted by Marcus Brinkmann. Push and reinitialize textmode
filter for each file in a multiple file list.
* packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set and show
the keyserver no-modify flag.
* keygen.c (add_keyserver_modify): New. (keygen_upd_std_prefs): Call it
here. (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as
prefs to set and unset keyserver modify flag.
per-desc item. Merge into one function since 'force_exact' is no longer
needed. (key_byname): Use new classify_user_id function, and new exact
flag in KEYDB_SEARCH_DESC.
* keyring.h, keyring.c (keyring_search): Return an optional index to show
which KEYDB_SEARCH_DESC was the matching one.
* keydb.h, keydb.c (keydb_search): Rename to keydb_search2, and pass the
optional index to keyring_search. Add a macro version of keydb_search
that calls this new function.
* export.c (do_export_stream): If the keyid! syntax is used, export only
that specified key. If the key in question is a subkey, export the
primary plus that subkey only.
* g10.c (print_hex, print_mds): Print long hash strings a lot neater.
This assumes at least an 80-character display, as there are a few other
similar assumptions here and there. Users who need unformatted hashes can
still use with-colons. Check that SHA384 and 512 are available before
using them as they are no longer always available.
matter where the user puts the = sign.
* options.skel: Comment out the first three lines in case someone manually
copies the skel file to their homedir.
* sign.c (clearsign_file): Only use pgp2mode with v3 keys and MD5. This
matches what we do when decoding such messages and prevents creating a
message (v3+RIPEMD/160) that we can't verify.
* sig-check.c (signature_check2): Use G10ERR_GENERAL as the error for
signature digest conflict. BAD_SIGN implies that a signature was checked
and we may try and print out a user ID for a key that doesn't exist.
keydb.h, keyid.c (namehash_from_uid): New function to rmd160-hash the
contents of a user ID packet and cache it in the uid object.
* keylist.c (list_keyblock_colon): Use namehash in field 8 of uids. Show
dates for creation (selfsig date), and expiration in fields 6 and 7.
* trustdb.c (get_validity, get_validity_counts, update_validity): Use new
namehash function rather than hashing it locally.
Simplify by returning a ? for error directly.
* keyedit.c (show_key_with_all_names): Use get_validity_string and
get_ownertrust_string to show full word versions of trust (i.e. "full"
instead of 'f').
* trustdb.h, trustdb.c (get_ownertrust_string, get_validity_string): Same
as get_ownertrust_info, and get_validity_info, except returns a full
string.
* trustdb.c (get_ownertrust_with_min): New. Same as 'get_ownertrust' but
takes the min_ownertrust value into account.
* trustdb.h, trustdb.c (trust_letter): Make static. (get_ownertrust_info,
get_validity_info): Don't mask the trust level twice.
* trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
keylist.c (list_keyblock_colon), keyedit.c (show_key_with_all_names_colon,
menu_revuid): Pass a user ID in rather than a namehash, so we only have to
do the hashing in one place.
* packet.h, pkclist.c (build_pk_list), free-packet.c
(release_public_key_parts): Remove unused namehash element for public
keys.
trustdb.c (update_validity): Store temporary full & marginal counts in the
trustdb. (clear_validity, get_validity_counts): Return and clear temp
counts. (store_validation_status): Keep track of which keyids have been
stored. (validate_one_keyblock, validate_key_list): Use per-uid copies of
the full & marginal counts so they can be recalled for multiple levels.
(validate_keys): Only use unused keys for each new round.
(reset_unconnected_keys): Rename to reset_trust_records, and only skip
specifically excluded records.
interactive import if status is enabled.
* keyring.c (keyring_search): skipfnc didn't work properly with non-keyid
searches. Noted by Stefan Bellon.
* getkey.c (merge_selfsigs_main): Remove some unused code and make sure
that the pk selfsigversion member accounts for 1F direct sigs.
terminates but check again for the existence of the directory and
continue then.
* openfile.c (copy_options_file): Print a warning if the skeleton
file has active options.
(check_key_signature2): Pass the ultimately trusted pk directly to
check_key_signature2 to avoid going through the key selection mechanism.
This prevents a deadly embrace when two keys without selfsigs each sign
the other.
there are no keys to refresh or if there is no keyserver set.
* getkey.c (merge_selfsigs_main): Any valid user ID should make a key
valid, not just the last one. This also fixes Debian bug #174276.
disabled keys. Keys specified via keyid (i.e. 0x...) are always included.
* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.
* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt. Do include disabled keys for the default key and
--encrypt-to.
* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.
* gpgv.c (is_disabled): Stub.
* keygen.c (keygen_add_key_expire): Properly handle updating a key
expiration to a no-expiration value.
* keyedit.c (enable_disable_key): Comment.
* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.
* import.c (print_import_check): New.
(import_one): Use it here.
Use merge_keys_and_selfsig in the interactive mode to avoid
wrong key information.
* status.h: Add new status code.
* status.c: Ditto.
user" rather than "owner". Noted by Stefan Bellon.
* trustdb.h, trustdb.c (trustdb_pending_check): New function to
check if the trustdb needs a check.
* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.
* options.skel: Include the required '=' sign in the sample
'group' option. Noted by Stefan Bellon.
* import.c (chk_self_sigs): Don't try and check a subkey as if it
was a signature.
RECTYPE_TRUST records a bit.
* g10.c (main): Comment out --list-trust-path until it can be implemented.
* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich
cache.
* keygen.c (ask_algo): Make the Elgamal sign+encrypt warning stronger, and
remove the RSA sign+encrypt warning.
* options.h (opt): Added mangle-dos-filenames.
* openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
filename only when this option is set; this is the default.
Minimal isn't always best.
* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time. Make sure that this doesn't
cause a time warp.
* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).
* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.
* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).
* packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.
and make sure that the version record update was successful.
(init_trustdb): If the current parameters aren't what was used for
building the trustdb, the trustdb is invalid.
* tbio.c (tdbio_db_matches_options): Update to work with new trustdbs.
model in the trustdb version record. (tdbio_update_version_record): New
function to update version record values during a trustdb check or update.
(tdbio_dump_record): Show trust model in dump.
* trustdb.c (validate_keys): Call tdbio_update_version_record on success
so that the correct options are stored in the trustdb.
* options.h: rearrange trust models so that CLASSIC is 0 and OPENPGP is 1.
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode. This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.
* getkey.c (finish_lookup): Comment.
* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder
user ID display in the --edit-key menu to match that of the --list-keys
display.
* g10.c (add_notation_data): Fix initialization.
expiration date of a subkey. This is not the most optimal solution, but
it is minimal change on the stable branch.
* main.h, keygen.c (do_copy_key_flags): New function to copy key flags, if
any, from one sig to another. (do_add_key_expire): New function to add key
expiration to a sig. (keygen_copy_flags_add_expire): New version of
keygen_add_key_expire that also copies key flags.
(keygen_add_key_flags_and_expire): Use do_add_key_expire.
* import.c (fix_hkp_corruption): Comment.
Return the default algorithm by trying --cipher-algo/--compress-algo, then
the first item in the pref list, then s2k-cipher-algo or ZIP.
* sign.c (sign_file, sign_symencrypt_file), encode.c (encode_simple,
encode_crypt): Call default_cipher_algo and default_compress_algo to get
algorithms.
* g10.c (main): Allow pref selection for compress algo with --openpgp.
--personal-digest-preferences is, then use the first hash algorithm in the
personal list. If the signing algorithm is DSA, then use the first
160-bit hash algorithm in the personal list. If --pgp2 is set and it's a
v3 RSA key, use MD5.
'@', unless --expert is set. This is to help prevent people from
polluting the (as yet unused) IETF namespace.
* main.h: Comments about default algorithms.
* photoid.c (image_type_to_string): Comments about 3-letter file
extensions.
--compress-algo. The old algorithm names still work for backwards
compatibility.
* misc.c (string_to_compress_algo): Allow "none" as an alias for
"uncompressed".
partial length encoding. This is required because OpenPGP allows only for
32 bit length fields. From Werner on stable branch.
* getkey.c (get_pubkey_direct): Renamed to... (get_pubkey_fast): this and
made extern. (get_pubkey_byfprint_fast): New. From Werner on stable
branch.
* keydb.h, import.c (import_one): Use get_pubkey_fast instead of
get_pubkey. We don't need a merged key and actually this might lead to
recursions. (revocation_present): Likewise for search by fingerprint.
From Werner on stable branch.
* g10.c (main): Try to create the trustdb even for non-colon-mode list-key
operations. This is required because getkey needs to know whether a a key
is ultimately trusted. From Werner on stable branch.
it here as it behaves more like a Posix system. From Werner on stable
branch.
* passphrase.c (agent_get_passphrase): Ditto. From Werner on stable
branch.
* tdbio.c (MY_O_BINARY): Need binary mode with Cygwin. From Werner on
stable branch.
* g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from the
registry. From Werner on stable branch.
display match the validity and trust of --with-colons --list-keys.
* passphrase.c (agent_send_all_options): Fix compile warning.
* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.
* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid. This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
a given keyring is registered twice.
* keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a default
keyring. (keydb_locate_writable): Prefer the default keyring if possible.
* g10.c (main): Add --default-keyring option.
--force-ownertrust option for debugging purposes. This allows setting a
whole keyring to a given trust during an --update-trustdb. Not for normal
use - it's just easier than hitting "4" all the time to test a large
trustdb.
passphrase against all secret keys rather than trying all secret keys in
turn. Don't if --try-all-secrets or --status-fd is enabled.
* passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase
query, but don't prompt with the key info.
* seckey-cert.c (do_check, check_secret_key): A negative ask count means
to enable passphrase mode 1.
* keydb.h, getkey.c (enum_secret_keys): Add flag to include
secret-parts-missing keys (or not) in the list.
"openpgp" which is classic+trustsigs, "classic" which is classic only, and
"always" which is the same as the current option --always-trust (which
still works). Default is "openpgp".
* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to enable
trust sigs.
* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c (do_we_trust,
do_we_trust_pre, check_signatures_trust): Use new --trust-model option in
place of --always-trust.
Prompt for and create a trust signature with "tsign". This is functional,
but needs better UI text.
* build-packet.c (build_sig_subpkt): Able to build trust and regexp
subpackets.
* pkclist.c (do_edit_ownertrust): Comment.
algorithm name (CAST5, SHA1) rather than the short form (S3, H2).
* main.h, keygen.c (keygen_get_std_prefs), keyedit.c (keyedit_menu):
Return and use a fake uid packet rather than a string since we already
have a nice parser/printer in keyedit.c:show_prefs.
* main.h, misc.c (string_to_compress_algo): New.
* keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main), pkclist.c
(build_pk_list): Add --hidden-recipient (-R) and --hidden-encrypt-to,
which do a single-user variation on --throw-keyid. The "hide this key"
flag is carried in bit 0 of the pk_list flags field.
* keyserver.c (parse_keyrec): Fix shadowing warning.
like "fully trusted", "marginally trusted", etc. (get_min_ownertrust):
New. Return minimum ownertrust. (update_min_ownertrust): New. Set
minimum ownertrust. (check_regexp): New. Check a regular epression
against a user ID. (ask_ownertrust): Allow specifying a minimum value.
(get_ownertrust_info): Follow the minimum ownertrust when returning a
letter. (clear_validity): Remove minimum ownertrust when a key becomes
invalid. (release_key_items): Release regexp along with the rest of the
info. (validate_one_keyblock, validate_keys): Build a trust sig chain
while validating. Call check_regexp for regexps. Use the minimum
ownertrust if the user does not specify a genuine ownertrust.
* pkclist.c (do_edit_ownertrust): Only allow user to select a trust level
greater than the minimum value.
* parse-packet.c (can_handle_critical): Can handle critical trust and
regexp subpackets.
* trustdb.h, trustdb.c (clear_ownertrusts), delkey.c (do_delete_key),
import.c (import_one): Rename clear_ownertrust to clear_ownertrusts and
have it clear the min_ownertrust value as well.
* keylist.c (list_keyblock_print): Indent uid to match pub and sig.
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.
* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.
* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).
parse_import_options), g10.c (main): New import-option "convert-sk-to-pk"
to convert a secret key into a public key during import. It is on by
default.
* keylist.c: (print_pubkey_info): New.
(print_seckey_info): New.
* main.h: Prototypes for the new functions.
* delkey.c (do_delete_key): Use it here.
* revoke.c (gen_desig_revoke): Ditto.
Werner Koch