in the prefs string to allow switching on and off the MDC feature. This
is needed to properly export a key from GnuPG for use on PGP which does
not support MDC - without this, MDC-capable implementations will still try
and generate MDCs which will break PGP.
* keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if it is
enabled.
* options.h, g10.c (main), cipher.c (write_header), keygen.c
(keygen_set_std_prefs): For consistency, allow the user to specify
mdc/no-mdc in the --personal-preference-list. If disabled, it acts just
like --disable-mdc.
* exec.c (win_system): New system()-like function for win32 that does not
return until the child process terminates. Of course, this doesn't help
if the process itself exits before it is finished.
subpacket types (notation, policy url, exportable, revocable). keyedit.c
(sign_mk_attrib): Flags no longer need to be set here.
* packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c
(build_sig_subpkt): Call parse_one_sig_subpkt to sanity check buffer
lengths before building a sig subpacket.
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted. Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.
* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
* g10.c (main): --allow-freeform-uid should be implied by OpenPGP. Add
--no-allow-freeform-uid.
* keyedit.c (sign_uids): Issue a warning when signing a non-selfsigned
uid.
* getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
allow-non-selfsigned-uid is not set, still try and make the key valid by
checking all uids for a signature from an ultimately trusted key.
signature (callable by make_keysig_packet). (write_direct_sig): Write a 1F
direct key signature. (parse_revocation_key): Parse a string in
algo:fpr:sensitive format into a revocation key. (get_parameter_revkey,
do_generate_keypair): Call above functions when prompted from a batch key
generation file.
* build-packet.c (build_sig_subpkt): Allow multiple revocation key
subpackets in a single sig.
* keydb.h, getkey.c (get_seckey_byfprint): Same as get_pubkey_byfprint,
except for secret keys. We only know the fingerprint of a revocation key,
so this is needed to retrieve the secret key needed to issue a revokation.
* packet.h, parse-packet.c (parse_signature, parse_revkeys): Split revkey
parsing off into a new function that can be used to reparse after
manipulating the revkey list.
* sign.c (make_keysig_packet): Ability to make 1F direct key signatures.
sample LDAP server instead.
* getkey.c (merge_selfsigs_main): Properly handle multiple revocation keys
in a single packet. Properly handle revocation keys that are in
out-of-order packets. Remove duplicates in revocation key list.
photo. Use the short keyid as the filename on 8.3 systems.
* exec.h, exec.c (make_tempdir, exec_write, exec_finish): Allow caller to
specify filename. This should make things easier on windows and macs
where the file extension is required, but a whole filename is even better.
* keyedit.c (show_key_with_all_names, show_prefs): Show proper prefs for a
v4 key uid with no selfsig at all.
* misc.c (check_permissions): Don't check permissions on non-normal files
(pipes, character devices, etc.)
prefs for hash and compression as well as the cipher pref. Show assumed
prefs if there are no prefs at all on a v4 self-signed key.
* options.h, g10.c (main), sign.c (make_keysig_packet): New
--cert-digest-algo function to override the default key signing hash
algorithm.
clean as this function may be called more than once (e.g. from functions
in --edit).
* g10.c, encode.c (encode_crypt), sign.c (sign_file,
sign_symencrypt_file): Make --compress-algo work like the documentation
says. It should be like --cipher-algo and --digest-algo in that it can
override the preferences calculation and impose the setting the user
wants. No --compress-algo setting allows the usual preferences
calculation to take place.
* main.h, compress.c (compress_filter): use new DEFAULT_COMPRESS_ALGO
define, and add a sanity check for compress algo value.
(algo_available): --pgp7, identical to --pgp6 except that it permits a few
algorithms that PGP 7 added: AES128, AES192, AES256, and TWOFISH. Any
more of these --pgpX flags, and it'll be time to start looking at a
generic --emulate-pgp X option.
if it or any of its secret subkeys are protected with SHA1 while
simple_sk_checksum is set.
* parse-packet.c (parse_key): Show when the SHA1 protection is used in
--list-packets.
* options.h, build-packet.c (do_comment), g10.c (main): Rename
--no-comment as --sk-comments/--no-sk-comments (--no-comment still works)
and make the default be --no-sk-comments.
merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4
self-sig express a key expiration time that extends beyond the original v3
expiration time.
about sig level or expiration, and include the usual preferences and such
for v4 self-sigs. (menu_set_preferences): Convert uids from UTF8 to
native before printing.
let a key conflict (same keyid but different key) stop the import: just
skip the bad key and continue.
* exec.c (make_tempdir): Under Win32, don't try environment variables for
temp directories - GetTempDir tries environment variables internally, and
it's better not to second-guess it in case MS adds some sort of temp dir
handling to Windows at some point.