* encode.c (encode_sesskey): New.
(encode_simple): Use it here. But by default we use the compat
mode which supress to generate encrypted session keys.
time, consult the various hash prefs to pick a hash algorithm to use.
Pass in a 160-bit hint if any of the signing keys are DSA.
* keydb.h, pkclist.c (select_algo_from_prefs, algo_available): Pass a
"hints" opaque pointer in to let the caller give hints as to what
algorithms would be acceptable. The only current hint is for
PREFTYPE_HASH to require a 160-bit hash for DSA. Change all callers in
encode.c (encode_crypt, encrypt_filter) and sign.c (sign_file). If we
settle on MD5 as the best algorithm based solely on recepient keys and
SHA1 is also a possibility, use SHA1 unless the user intentionally chose
MD5. This is as per 2440:13.
* exec.c (make_tempdir): Fix duplicated filename problem.
enum_sig_subpkt when a subpacket is critical and change all callers in
keylist.c (show_policy_url, show_notation), mainproc.c
(print_notation_data), and pkclist.c (do_show_revocation_reason).
* keylist.c (show_policy_url, show_notation): Display if the policy or
notation is critical.
list_keyblock_print, list_keyblock_colon), status.h, status.c
(get_status_string): New --attribute-fd feature to dump the contents of
attribute subpackets for frontends. If --status-fd is also used, then a
new status tag ATTRIBUTE is provided for each subpacket.
* packet.h, getkey.c (fixup_uidnode, merge_selfsigs_main,
merge_selfsigs_subkey), parse-packet.c (setup_user_id): Keep track of the
expiration time of a user ID, and while we're at it, use the expired flag
from the selfsig rather than reparsing the SIG_EXPIRE subpacket.
* photoid.c (generate_photo_id): When adding a new photo ID, showing the
photo for confirmation is not safe when noninteractive since the "user"
may not be able to dismiss a viewer window. Noted by Timo Schulz.
* misc.c (pct_expando): Use the seckey for %k/%K if the pubkey is not
available.
* photoid.h, photoid.c (show_photos): Include the seckey in case a user
tries to view a photo on a secret key, and change all callers in keyedit.c
(menu_showphoto), keylist.c (list_keyblock_print), and photoid.c
(generate_photo_id).
* hkp.c (parse_hkp_index): Properly handle the '&' character (i.e.
"&") in HKP responses.
* getkey.c (merge_selfsigs_main): Fix reversed expiration time check with
self-sigs.
* keyedit.c (sign_uids): When making a new self-sig on a v3 key, make a v3
self-sig unless it is currently a v3 self-sig being promoted to v4.
and --compress are the same option. Note that --digest-algo can no longer
violate OpenPGP with a non-160 bit hash with DSA. Document
--cert-digest-algo with suitable warnings not to use it. Note the default
s2k-cipher-algo is now CAST5. Note that --force-v3-sigs overrides
--ask-sig-expire. Revise --expert documentation, as it is now definitely
legal to have more than one photo ID on a key. --preference-list is now
--default-preference-list with the new meaning. Document
--personal-preference-list.
* DETAILS: Document "Revoker" for batch key generation.
* pkclist.c (do_show_revocation_reason): Don't use capital
letters for non-interactive output.
(show_revocation_reason): Now it is global.
* pubkey-enc.c (get_it): Show if the key has been revoked.
sign_symencrypt_file): Make a v4 signature if a policy URL or notation is
set, unless v3 sigs are forced via rfc1991 or force-v3-sigs. Also remove
some doubled code and clarify an error message (we don't sign in PGP2
mode - just detach-sign).
* parse-packet.c (parse_one_sig_subpkt): Add KS_FLAGS to the "any size"
section.
in the prefs string to allow switching on and off the MDC feature. This
is needed to properly export a key from GnuPG for use on PGP which does
not support MDC - without this, MDC-capable implementations will still try
and generate MDCs which will break PGP.
* keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if it is
enabled.
* options.h, g10.c (main), cipher.c (write_header), keygen.c
(keygen_set_std_prefs): For consistency, allow the user to specify
mdc/no-mdc in the --personal-preference-list. If disabled, it acts just
like --disable-mdc.
* exec.c (win_system): New system()-like function for win32 that does not
return until the child process terminates. Of course, this doesn't help
if the process itself exits before it is finished.
subpacket types (notation, policy url, exportable, revocable). keyedit.c
(sign_mk_attrib): Flags no longer need to be set here.
* packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c
(build_sig_subpkt): Call parse_one_sig_subpkt to sanity check buffer
lengths before building a sig subpacket.
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted. Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.
* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
* g10.c (main): --allow-freeform-uid should be implied by OpenPGP. Add
--no-allow-freeform-uid.
* keyedit.c (sign_uids): Issue a warning when signing a non-selfsigned
uid.
* getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
allow-non-selfsigned-uid is not set, still try and make the key valid by
checking all uids for a signature from an ultimately trusted key.
signature (callable by make_keysig_packet). (write_direct_sig): Write a 1F
direct key signature. (parse_revocation_key): Parse a string in
algo:fpr:sensitive format into a revocation key. (get_parameter_revkey,
do_generate_keypair): Call above functions when prompted from a batch key
generation file.
* build-packet.c (build_sig_subpkt): Allow multiple revocation key
subpackets in a single sig.
* keydb.h, getkey.c (get_seckey_byfprint): Same as get_pubkey_byfprint,
except for secret keys. We only know the fingerprint of a revocation key,
so this is needed to retrieve the secret key needed to issue a revokation.
* packet.h, parse-packet.c (parse_signature, parse_revkeys): Split revkey
parsing off into a new function that can be used to reparse after
manipulating the revkey list.
* sign.c (make_keysig_packet): Ability to make 1F direct key signatures.
sample LDAP server instead.
* getkey.c (merge_selfsigs_main): Properly handle multiple revocation keys
in a single packet. Properly handle revocation keys that are in
out-of-order packets. Remove duplicates in revocation key list.
photo. Use the short keyid as the filename on 8.3 systems.
* exec.h, exec.c (make_tempdir, exec_write, exec_finish): Allow caller to
specify filename. This should make things easier on windows and macs
where the file extension is required, but a whole filename is even better.
* keyedit.c (show_key_with_all_names, show_prefs): Show proper prefs for a
v4 key uid with no selfsig at all.
* misc.c (check_permissions): Don't check permissions on non-normal files
(pipes, character devices, etc.)
prefs for hash and compression as well as the cipher pref. Show assumed
prefs if there are no prefs at all on a v4 self-signed key.
* options.h, g10.c (main), sign.c (make_keysig_packet): New
--cert-digest-algo function to override the default key signing hash
algorithm.