1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-29 11:21:32 +01:00

3564 Commits

Author SHA1 Message Date
David Shaw
cbc5c947d5 * sign.c (hash_for): Add code to detect if the sk lives on a smart
card.  If it does, only allow 160-bit hashes, a la DSA.  This involves
passing the *sk in, so change all callers.  This is correct for today,
given the current 160-bit q in DSA, and the current SHA-1/RIPEMD160
support in the openpgp card.  It will almost certainly need changing
down the road.

* app-openpgp.c (do_sign): Give user error if hash algorithm is not
supported by the card.
2006-01-01 17:48:54 +00:00
David Shaw
74117cf4d3 * cert.c (get_cert): Properly chase down CNAMEs pointing to CERTs. 2005-12-24 15:35:39 +00:00
David Shaw
846eefaa71 * keyserver.c (keyserver_import_pka): New. Moved from
getkey.c:get_pubkey_byname which was getting crowded.

* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records.  Can handle both the PGP (actual key) and IPGP (URL) CERT types.

* getkey.c (get_pubkey_byname): Call them both here.

* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
2005-12-23 22:17:11 +00:00
David Shaw
8b9c16ed0a * gpgv.c: Stub.
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keygerver_getname): New keyserver_getname function to fetch keys by name.

* getkey.c (get_pubkey_byname): Call it here to enable locating keys by
full mailbox from a keyserver a la PKA.  Try PKA first, though, as it is
likely to be faster.
2005-12-23 21:33:32 +00:00
David Shaw
da9a10d2b0 * ksutil.h, ksutil.c (parse_ks_options): New keyserver command "getname".
* gpgkeys_hkp.c (main, get_name), gpgkeys_ldap.c (main, get_name): Use it
here to do direct name (rather than key ID) fetches.
2005-12-23 20:51:48 +00:00
David Shaw
7f13d486b0 New code to do DNS CERT queries. 2005-12-23 18:15:24 +00:00
David Shaw
5e08b08da8 * srv.c, Makefile.am: Only build srv.c if we need to. 2005-12-23 05:00:55 +00:00
David Shaw
f3c99c604c * configure.ac: Split PKA checking off from DNS SRV checking.
Currently PKA is only enabled if HTTP or HKP is enabled which is not
necessary.
2005-12-23 04:58:25 +00:00
Werner Koch
f1482aab4e Finished PKA feature 2005-12-20 20:19:16 +00:00
Werner Koch
dfaee3d480 post release preparations 2005-12-20 11:12:16 +00:00
Werner Koch
a56dc7e7af Preparing a released gnupg-1.9.20 2005-12-20 10:26:32 +00:00
David Shaw
64fa7ea37e * getkey.c (merge_selfsigs_main): All primary keys can certify. 2005-12-19 22:10:20 +00:00
David Shaw
5432755319 * ksutil.h, ksutil.c (curl_armor_writer, curl_writer,
curl_writer_finalize): New functionality to handle binary format keys by
armoring them for input to GPG.

* gpgkeys_curl.c (get_key), gpgkeys_hkp.c (get_key): Call it here.
2005-12-19 19:39:32 +00:00
David Shaw
aebd3a04f3 * gpg.c (main): Restore convert-sk-to-pk as programs rely on it.
* keyid.c (usagestr_from_pk): Remove special PUBKEY_USAGE_CERT flag.
It's no longer needed.
2005-12-19 01:51:31 +00:00
Werner Koch
38e7c4c50a Fixed importing certs created by newer versions of Mozilla. 2005-12-16 15:52:48 +00:00
David Shaw
26eeebf512 * gpg.c (main): Don't default to import-options convert-sk-to-pk. It
causes confusing warning messages when importing a PGP-exported key
that contains a secret key without selfsigs followed by the public
key.
2005-12-14 14:52:04 +00:00
Werner Koch
f80ad71f1c Add support for direct pkcs#7 signatures 2005-12-14 09:55:40 +00:00
David Shaw
b12d50dccd * ttyio.c (tty_enable_completion, tty_disable_completion): Add checks
for no_terminal so we don't try to open("/dev/tty") when invoked with
--no-tty.
2005-12-12 03:56:01 +00:00
David Shaw
81f64252c0 * NEWS: Note --fetch-keys. 2005-12-08 23:35:47 +00:00
David Shaw
f8c4263b1a * gpg.sgml: Document --fetch-keys. 2005-12-08 19:39:59 +00:00
David Shaw
735257ee1c * keyserver.c (keyserver_fetch): Switch on fast-import before we
--fetch-keys so we don't rebuild the trustdb after each fetch.
2005-12-08 15:37:26 +00:00
Werner Koch
0edfbba804 Made strings translatable. Minor fixes. 2005-12-08 07:42:41 +00:00
David Shaw
1d051e8ed5 * options.h, keyserver.c (curl_cant_handle, keyserver_spawn,
keyserver_fetch): Set a flag to indicate that we're doing a direct URI
fetch so we can differentiate between a keyserver operation and a URI
fetch for protocols like LDAP that can do either.
2005-12-08 05:52:41 +00:00
David Shaw
4ba9fd4683 * gpg.sgml: Document -d. Add [file] to a few options. 2005-12-08 05:29:35 +00:00
David Shaw
a4fae95d04 * gpgkeys_finger.c (get_key), gpgkeys_curl.c (get_key): Better language
for the key-not-found error.
2005-12-07 23:00:30 +00:00
David Shaw
05193a2705 * keyserver.c (keyserver_spawn): Don't print "searching for key 00000000"
when fetching a URI.

* keyserver-internal.h, keyserver.c (keyserver_fetch): New.  Fetch an
arbitrary URI using the keyserver helpers.

* gpg.c (main): Call it from here for --fetch-keys.
2005-12-07 22:34:11 +00:00
David Shaw
c826ccdec1 * ksutil.c (curl_err_to_gpg_err): Add CURLE_OK and CURLE_COULDNT_CONNECT.
* gpgkeys_curl.c (get_key): Give key-not-found error if no data is found
(or file itself is not found) during a fetch.
2005-12-07 22:25:58 +00:00
David Shaw
990097b067 Missed file. 2005-12-06 21:10:34 +00:00
David Shaw
bc1c4af8c3 Some cleanup so we don't build files that are completely ifdeffed out.
This causes a warning on Sun's cc.  Do the internal regex code as well for
consistency.
2005-12-06 20:54:05 +00:00
David Shaw
8a0cf1d2a3 * idea-stub.c (load_module): Not legal to return a void * as a function
pointer.
2005-12-06 20:27:43 +00:00
David Shaw
d6e918e40f * curl-shim.c (curl_easy_perform): Fix build warning (code before
declaration).
2005-12-06 18:49:34 +00:00
David Shaw
a635daa6b6 * mkdtemp.c (mkdtemp): Fix warning.
* secmem.c, assuan-buffer.c, dotlock.c: Fix a few warnings from printf-ing
%p where the arg wasn't void *.
2005-12-06 18:24:57 +00:00
David Shaw
c0d7fa368e * Makefile.am: Some cleanup so we don't build files that are completely
ifdeffed out.  This causes a warning on Sun's cc.  Do sha512.c as well for
consistency.
2005-12-06 17:13:44 +00:00
Werner Koch
496c3b5572 Print warning for missing pcsc-wrapper 2005-12-06 16:44:20 +00:00
Werner Koch
6a13cf2c3d Preparing an interim release 2005-11-28 11:52:25 +00:00
Werner Koch
000a38ccf2 Add translations 2005-11-23 12:38:38 +00:00
Werner Koch
b8795bb823 Print a note that the software has not been approved for qualified signatures. 2005-11-23 09:05:45 +00:00
David Shaw
28c12508c5 * main.h, keylist.c (print_revokers): New. Print the "rvk" designated
revoker record.  Moved from keyedit.c:show_key_with_all_names_colon.

* keylist.c (list_keyblock_colon): Use it here ...

* keyedit.c (show_key_with_all_names_colon): ... and here.
2005-11-20 15:02:03 +00:00
David Shaw
f7c138d9e7 * free-packet.c (copy_secret_key): Copy secret key into secure memory
since we may unprotect it.

* main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local user
support so users can use -u with --desig-revoke.  This bypasses the
interactive walk over the revocation keys.
2005-11-19 05:55:45 +00:00
David Shaw
092bae80a9 * gpg.sgml: Clarify "xxxxx-clean" and "clean". Document
"xxxxx-minimal", and "minimize".
2005-11-18 04:50:15 +00:00
David Shaw
3349715ebb * NEWS: Note backsigs, the xxxxx-clean options, and the xxxxx-minimal
options.
2005-11-18 04:37:30 +00:00
David Shaw
eac8dbc9b7 * keyedit.c (keyedit_menu, menu_clean): Simplify clean options to just
"clean", and add "minimize".

* import.c (parse_import_options): Make help text match the export
versions of the options.

* options.h, export.c (parse_export_options, do_export_stream): Reduce
clean options to two: clean and minimize.

* trustdb.h, trustdb.c (clean_one_uid): New function that joins uid
and sig cleaning into one for a simple API outside trustdb.
2005-11-18 04:25:07 +00:00
Werner Koch
29a62827b4 Don't use keywords for signed files. 2005-11-14 13:11:15 +00:00
Werner Koch
f13a425d48 Added signature property 2005-11-14 13:02:59 +00:00
Werner Koch
894c65bcae . 2005-11-14 12:59:55 +00:00
Werner Koch
1d53603c37 Added real information 2005-11-14 12:50:59 +00:00
David Shaw
9d49768999 * armor.c (parse_header_line): A fussy bit of 2440: header lines are
delimited with a colon-space pair.  Therefore a line such as "Comment:
" is actually legal, albeit not particularly useful.
2005-11-13 21:48:52 +00:00
Werner Koch
b9633196f4 Added qualified signature features. 2005-11-13 19:07:06 +00:00
Werner Koch
caed7370e9 NEw file qualified.ttx - not yet ready for distribution 2005-11-13 19:05:00 +00:00
David Shaw
40b9d5648d * trustdb.h, trustdb.c (clean_key): New function to handle key
cleaning from one convenient place.

* options.h, import.c (parse_import_options, clean_sigs_from_all_uids,
import_one): Reduce clean options to two: clean and minimize.

* parse-packet.c (setup_user_id): Remove.  (parse_user_id,
parse_attribute): Just use xmalloc_clear instead.
2005-11-12 04:53:03 +00:00