secret keyring files to be extra safe on filesystems that may not sync
data and metadata together (ext4). Also check return code from the
cache invalidation to make sure we're safe over NFS and similar.
calculations so that we lower the trust depth of signatures to fit
within the current chain, rather than discarding any signature that
does not fit within the trust depth.
(list_keyblock_print), pkclist.c (do_edit_ownertrust), keyedit.c
(menu_showphoto), photoid.c (generate_photo_id, show_photos), misc.c
(pct_expando): Add %v and %V expandos so that displaying photo IDs
can show the attribute validity tag (%v) and string (%V). Originally
by Daniel Gillmor.
* gpg.c (main): New variable default_configname. Use it if
save_configname is NULL (can happen if default configfile does
not exist). Move default configname determination to ...
(get_default_configname): ... this new function.
(malloc bombs) by force-commenting any characters aside from the ones
we explicitly want. (check_regexp): Use it here before passing the
regexp to regcomp().
SHA-224 DER prefixes when verifying a signature. See the change
itself for more discussion.
* main.h, seskey.c (do_encode_md): Rename to pkcs1_encode_md and make
non-static.
Enable --require-cross-certification by default. --openpgp
(--rfc4880) is the same as --rfc2440 except with "--enable-dsa2
--no-rfc2440-text --escape-from-lines".
--rfc4880, and make --openpgp an alias to it. --rfc2440 now stands
alone. For now, use the old 2440 defaults for 4880.
* keyedit.c (keyedit_menu): Use compliance_option_string() instead of
printing the compliance modes here.
2440bis-21. (parse_header_line): Call it here, as bis-21 requires
warning the user (but continuing to process the message) when seeing
an unknown header.
for are >=v4. (write_signature_packets, make_keysig_packet): Only
call it for >=v4 sigs. This allows --force-v3-sigs and
--force-v4-certs to enable or disable notations, policies, and
keyserver URLs. This is bug#800.
the literals count.
* verify.c (verify_one_file), decrypt.c (decrypt_messages): Call it
here so we allow multiple literals in --multifile mode (in different
files - not concatenated together).
fix_keyblock() or collapse_uids()) make sure we reprocess the keyblock
so the flags are correct. Noted by Robin H. Johnson.
* getkey.c (fixup_uidnode): Properly clear flags that don't apply to
us (revoked, expired) so that we can reprocess a uid.
Change all callers. (sign_file, clearsign_file,
sign_symencrypt_file): Calculate one timestamp for the whole
transaction. Different timestamps for each step can leak performance
information.
(write_keybinding): Have the various selfsigs created during key
generation use the timestamp of their parent key. This helps avoid
leaking information about the performance of the machine where the
keys were generated. Noted by Christian Danner.
* configure.ac: Remove GNUPG_DATADIR for non-W32 systems.
g10/
* Makefile.am (AM_CPPFLAGS): Define GNUPG_DATADIR.
* openfile.c (copy_options_file): Use log_info and not log_error
to avoid error returns in case of a missing skeleton file.
and one being DSA2 and encrypting at the same time, if the recipient
preferences give a hash that can work with the DSA2 key, then allow the
DSA1 key to be promoted rather than giving up and using hash_for().
keygen_add_std_prefs, proc_parameter_file): Add --default-keyserver-url to
specify a keyserver URL at key generation time, and "Keyserver:" keyword
for doing the same through a batch file.
(not a copy) of the stub secret key for the secret key we just
generated on the card. (generate_card_subkeypair): Use it here so
that the signing key on the card can use the card to generate the 0x19
backsig on the primary key. Noted by Janko Heilgeist and Jonas Oberg.
This prevents a memory allocation attack with a very large user ID. A
very large packet length could even cause the allocation (a u32) to wrap
around to a small number. Noted by Evgeny Legerov on full-disclosure.
1024 when --enable-dsa2 is set). The size of q is set automatically based
on the key size. (ask_keysize, generate_keypair): Ask for DSA size when
--enable-dsa2 is set.
called with them closed. This is to protect our keyring/trustdb files
from corruption if they get attached to one of the standard fds. Print a
warning if possible that this has happened, and fail completely if we
cannot reopen (should never happen). (main): Call it here.
(build_sig_subpkt_from_sig), getkey.c (fixup_uidnode,
merge_selfsigs_main, merge_selfsigs_subkey), keygen.c
(keygen_add_key_expire): Fix meaning of key expiration and sig
expiration subpackets - zero means "never expire" according to 2440,
not "expire instantly".
to disable.
* pkclist.c (algo_available): If --enable-dsa2 is set, we're allowed to
truncate hashes to fit DSA keys.
* sign.c (match_dsa_hash): New. Return the best match hash for a given q
size. (do_sign, hash_for, sign_file): When signing with a DSA key, if it
has q==160, assume it is an old DSA key and don't allow truncation unless
--enable-dsa2 is also set. q!=160 always allows truncation since they
must be DSA2 keys. (make_keysig_packet): If the user doesn't specify a
--cert-digest-algo, use match_dsa_hash to pick the best hash for key
signatures.
SHA-224.
* sign.c (write_plaintext_packet), encode.c (encode_simple): Factor
common literal packet setup code from here, to...
* main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure the
literal packet filename field is UTF-8 encoded.
* options.h, gpg.c (main): Make sure --set-filename is UTF-8 encoded
and note when filenames are already UTF-8.
* keyedit.c (menu_backsign): Allow backsigning even if the secret
subkey doesn't have a binding signature.
* armor.c (radix64_read): Don't report EOF when reading only a pad (=)
character. The EOF actually starts after the pad.
* gpg.c (main): Make --export, --send-keys, --recv-keys,
--refresh-keys, and --fetch-keys follow their arguments from left to
right. Suggested by Peter Palfrader.
than 160 bits as per DSA2. This will allow us to verify and issue DSA2
signatures for some backwards compatibility once we start generating DSA2
keys.
* sign.c (do_sign), sig-check.c (do_check): Change all callers.
* sign.c (do_sign): Enforce the 160-bit check for new signatures here
since encode_md_value can handle non-160-bit digests now. This will need
to come out once the standard for DSA2 is firmed up.
same API as the other auto-key-locate fetchers.
* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched. This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it. In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker. By forcing the use of
the fingerprint, we won't use the attacker's key here.
is no backsig present. Give a URL for more information.
* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.
to be deleted with a '-' prefix.
* keyedit.c (menu_set_notation): Use it here to allow deleting a notation
marked with '-'. This works with either "-notation" or "-notation=value".
Use it here for the various notation commands.
* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.