1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-25 10:49:57 +01:00

112 Commits

Author SHA1 Message Date
David Shaw
b8858a3ef1 --openpgp implies --allow-non-selfsigned-uid
If none of the uids are primary (because none are valid) then pick the
first to be primary (but still invalid).  This is for cosmetics in case
some display needs to print a user ID from a non-selfsigned key.  Also use
--allow-non-selfsigned-uid to make such a key valid and not
--always-trust.  The key is *not* automatically trusted via
--allow-non-selfsigned-uid.

Make sure non-selfsigned uids print [uncertain] on verification even
though one is primary now.

If the main key is not valid, then neither are the subkeys.

Allow --allow-non-selfsigned-uid to work on completely unsigned keys.
Print the uids in UTF8.  Remove mark_non_selfsigned_uids_valid()

Show revocation key as UTF8.

Allow --not-dash-escaped to work with v3 keys.
2002-03-17 23:47:32 +00:00
David Shaw
9267666d78 Some minor bug fixes.
do not prompt for revocation reason for v3 revocations (unless
force-v4-certs is on) since they wouldn't be used anyway.

show the status of the sigs (exportable? revocable?) to the user before
prompting for which sig to revoke.  Also, make sure that local signatures
get local revocations.

Add "exec-path" variable to override PATH for execing programs.

properly check return code from classify_user_id to catch unclassifiable
keys.
2002-03-05 04:57:10 +00:00
David Shaw
fbc66185f8 This is the first half of revocation key / designated revoker
support.  That is, it handles all the data to mark a key as revoked if it
has been revoked by a designated revoker.  The second half (coming
later) will contain the code to make someones key your designated revoker
and to issue revocations for someone else.

Note that this is written so that a revoked revoker can still issue
revocations: i.e. If A revokes B, but A is revoked, B is still revoked.
I'm not completely convinced this is the proper behavior, but it matches
how PGP does it.  It does at least have the advantage of much simpler code
- my first version of this had lots of loop maintaining code so you could
chain revokers many levels deep and if D was revoked, C was not, which
meant that B was, and so on. It was sort of scary, actually.

This also changes importing to allow bringing in more revocation keys, and
exporting to not export revocation keys marked "sensitive".

The --edit menu information will show if a revocation key is present.
2002-02-28 21:01:25 +00:00
David Shaw
22f32c9472 For --sig-policy-url and --cert-policy-url, clarify what is a sig and what
is a cert.  A sig has sigclass 0x00, 0x01, 0x02, or 0x40, and everything
else is a cert.

Add a "nrlsign" for nonrevocable and local key signatures.

Add a --no-force-mdc to undo --force-mdc.

Add a knob to force --disable-mdc/--no-disable-mdc.  Off by default, of
course, but is used in --pgp2 and --pgp6 modes.

Allow specifying multiple users in the "Enter the user ID" loop.  Enter a
blank line to stop.  Show each key+id as it is added.

It is not illegal (though possibly silly) to have multiple policy URLs in
a given signature, so print all that are present.

More efficient implementation of URL-ifying code for --search on an HKP
keyserver.
2002-02-10 00:18:54 +00:00
David Shaw
9057172a92 Allow policy URLs with %-expandos in them. This allows policy URLs like
"http://notary.jabberwocky.com/keysign/%K" to create a per-signature
policy URL.  Use the new generic %-handler for the photo ID stuff as well.

Display policy URLs and notations during signature generation if
--show-policy-url/--show-notation is set.
2002-02-05 00:04:24 +00:00
David Shaw
0c3e409fa3 Split "--set-policy-url" into "--cert-policy-url" and "--sig-policy-url"
so the user can set different policies for key and data signing.  For
backwards compatibility, "--set-policy-url" sets both, as before.
2002-02-03 14:42:56 +00:00
David Shaw
3e6d5d7c77 More comments about when to use IDEA in keygen.c
When key signing with multiple keys at the same time, make sure each key
gets the sigclass prompt
Close the iobuf and FILE before trying to reap the child process to
encourage the child to exit
Disable cache-on-close of the fd iobuf (shouldn't all fd iobufs not be
cached?)
2002-01-27 05:56:35 +00:00
Werner Koch
5a92c6052f * passphrase.c (passphrase_to_dek): Add tryagain_text arg to be
used with the agent.  Changed all callers.
(agent_get_passphrase): Likewise and send it to the agent
* seckey-cert.c (do_check): New arg tryagain_text.
(check_secret_key): Pass the string to do_check.
* keygen.c (ask_passphrase): Set the error text is required.
* keyedit.c (change_passphrase): Ditto.
* passphrase.c (agent_open): Disable opt.use_agent in case of a
problem with the agent.
(agent_get_passphrase): Ditto.
(passphrase_clear_cache): Ditto.
2002-01-20 18:33:04 +00:00
David Shaw
7997bba7a9 fix off-by-one in building attribute subpackets
change default compression to 1
add ask-sig-expire and ask-cert-expire (--expert was getting absurdly
overloaded)
permit v3 subkeys
use --expert to protect adding multiple photo ids and adding photos to a
v3 key
2002-01-06 03:52:14 +00:00
Werner Koch
ab430c4b24 * keyserver.c (keyserver_spawn): Removed some variables
declaration due to shadowing warnings.
* build-packet.c (build_attribute_subpkt): s/index/idx/ to avoid
compiler warnig due to index(3).
* getkey.c (get_ctx_handle): Use KEYDB_HANDLE as return value.
* keylist.c (list_one): Made resname const.
* keyedit.c (keyedit_menu): Allow "addphoto" only when --openpgp is
not used.
* options.skel: Changed one example photo viewer to qiv.
2001-12-22 13:04:24 +00:00
David Shaw
d560bdac18 Photo ID support (actually generic "attribute packet" support, but there
is only one attribute packet defined thus far, and it's a picture)
2001-12-21 23:06:02 +00:00
David Shaw
ca058399b0 Nonrevocable key signature support via "nrsign". These sigs can expire,
but cannot be revoked.  Any revocation certificates for them are ignored.
2001-12-21 21:02:05 +00:00
David Shaw
1ccd578910 Sig expiration code
Offer to expire a key signature when the key the user is signing expires
Expired sigs cause an error return
If --expert is set, prompt for sig duration
2001-12-07 01:14:15 +00:00
David Shaw
98facb5800 Allow a regular key signature to promote a local signature to full
exportable status
2001-12-07 01:04:02 +00:00
David Shaw
2e941ab7a3 New option --expert
Do not allow signing a revoked UID unless --expert is set, and ask even then.
Do not allow signing a revoked key unless --expert is set, and ask even then.
2001-12-07 01:00:21 +00:00
David Shaw
ebd148e553 Bug fix in "showpref"
Allow setting a no-compression preference
2001-12-07 00:57:50 +00:00
David Shaw
46efe28815 "sigclass" patch - adds key signature class levels, notation and policy-url
displays in key listings, and shows flags for signature features.
2001-12-06 22:04:08 +00:00
Werner Koch
b920ef23ca more fixes due to automake 1.5 2001-10-23 08:04:00 +00:00
Werner Koch
ebf6b8a515 calculate time of next trustdb check 2001-09-28 17:00:00 +00:00
Werner Koch
531f3953d8 Encryption should work again 2001-09-27 16:22:23 +00:00
Werner Koch
52be6a8aef completed the new key validation code 2001-09-26 12:49:10 +00:00
Werner Koch
a3af543617 Revamped the trustDB 2001-09-24 16:03:14 +00:00
Werner Koch
abdd248af9 Code cleanups 2001-09-20 07:12:52 +00:00
Werner Koch
d4cd7a3d4b more bug fixesand some warning cleanups 2001-09-09 16:09:19 +00:00
Werner Koch
2874670be9 Last changes before 1.0.6a snapshot release 2001-09-07 11:40:19 +00:00
Werner Koch
ed17c7afd0 Revamped the keyring code 2001-09-06 17:10:00 +00:00
Werner Koch
bab40b52cd MDC feature support and other stuff 2001-08-30 16:39:23 +00:00
Werner Koch
aa1514852a Added RSA key generation 2001-08-14 11:33:49 +00:00
Werner Koch
dc718d704f Revamped preference handling 2001-08-10 14:04:32 +00:00
Werner Koch
a255ea76ae Added a way to update preferences 2001-08-09 13:11:51 +00:00
Werner Koch
aa9da2b07e reworked the way hased data is stored and added a "primary" command
DCVS: ----------------------------------------------------------------------
2001-08-09 09:34:25 +00:00
Werner Koch
dce4566802 Changed lsign behaviour, allow future subkeys, don't list revoked keys 2001-08-01 10:30:24 +00:00
Werner Koch
a5ed3e6925 Fixed lsign using v3 problem 2001-07-27 09:33:00 +00:00
Werner Koch
6732700743 migration to autoconf 2.52 and bugfixes 2001-07-26 09:37:47 +00:00
Werner Koch
01fe1dd2a9 Fix for toupper('I') != 'i' 2001-06-12 18:42:40 +00:00
Werner Koch
ca284c1000 fixed severe format string bug 2001-05-25 07:22:34 +00:00
Werner Koch
94e6596bec New "showpref" subcommand for --edit-key 2001-04-25 10:05:33 +00:00
Werner Koch
be06120679 Changed and added copyright notices 2001-03-08 14:33:24 +00:00
Werner Koch
fbbcb797c5 Fixed the new key selection code 2001-03-03 16:17:55 +00:00
Werner Koch
04beb81571 1.0.4c snapshot 2000-12-19 12:38:53 +00:00
Werner Koch
cfdb80a759 Fixes for command-fd 2000-10-13 10:31:16 +00:00
Werner Koch
8f6b40ff1c See ChangeLog: Wed Sep 13 18:12:34 CEST 2000 Werner Koch 2000-09-13 16:11:24 +00:00
Werner Koch
fdfb475cd2 See ChangeLog: Mon Jul 24 10:30:17 CEST 2000 Werner Koch 2000-07-24 08:24:35 +00:00
Werner Koch
836f226479 See ChangeLog: Wed Jul 5 13:28:45 CEST 2000 Werner Koch 2000-07-05 11:28:59 +00:00
Werner Koch
c8def6ecfa See ChangeLog: Thu May 18 11:38:54 CEST 2000 Werner Koch 2000-05-18 09:30:29 +00:00
Werner Koch
64009cd745 See ChangeLog: Fri May 12 14:01:20 CEST 2000 Werner Koch 2000-05-12 11:59:49 +00:00
Werner Koch
f24734987b See ChangeLog: Mon May 1 17:08:14 CEST 2000 Werner Koch 2000-05-01 15:01:42 +00:00
Werner Koch
c6cd141bc0 See ChangeLog: Mon Apr 10 13:34:19 CEST 2000 Werner Koch 2000-04-10 11:32:38 +00:00
Werner Koch
e243db9748 See ChangeLog: Tue Mar 14 18:54:19 CET 2000 Werner Koch 2000-03-14 17:50:27 +00:00
Werner Koch
97f82721df See ChangeLog: Thu Mar 2 15:37:46 CET 2000 Werner Koch 2000-03-02 14:36:39 +00:00