1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

140 Commits

Author SHA1 Message Date
Werner Koch
cc6de431ff * keyedit.c (show_key_with_all_names_colon): Renamed the record
for revocation keys to "rvk".
2002-05-29 11:27:08 +00:00
Werner Koch
9fe2c355e5 * keyedit.c (show_key_with_all_names_colon): New.
(show_key_with_all_names): Divert to new function when required.
Sanitize printing of revoker name.
2002-05-28 08:27:45 +00:00
David Shaw
e4b2f8da41 * build-packet.c (build_sig_subpkt): Handle setting sig flags for certain
subpacket types (notation, policy url, exportable, revocable).  keyedit.c
(sign_mk_attrib): Flags no longer need to be set here.

* packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c
(build_sig_subpkt): Call parse_one_sig_subpkt to sanity check buffer
lengths before building a sig subpacket.
2002-05-28 03:10:00 +00:00
David Shaw
2656589782 * options.h, main.h, keygen.c (keygen_set_set_prefs, keygen_get_std_prefs,
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted.  Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.

* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
2002-05-22 14:07:12 +00:00
David Shaw
91f05595cc * main.h, g10.c (main), revoke.c (gen_desig_revoke): Generate a designated
revocation via --desig-revoke

* keyedit.c (keyedit_menu, menu_addrevoker): New "addrevoker" command to
add a designated revoker to a key.
2002-05-19 15:04:04 +00:00
David Shaw
28ae0d878f * gpgv.c: Add stub for get_ownertrust().
* g10.c (main): --allow-freeform-uid should be implied by OpenPGP.  Add
--no-allow-freeform-uid.

* keyedit.c (sign_uids): Issue a warning when signing a non-selfsigned
uid.

* getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
allow-non-selfsigned-uid is not set, still try and make the key valid by
checking all uids for a signature from an ultimately trusted key.
2002-05-17 18:49:30 +00:00
David Shaw
435ecaa5b0 * photoid.c (show_photos): Use the long keyid as the filename for the
photo.  Use the short keyid as the filename on 8.3 systems.

* exec.h, exec.c (make_tempdir, exec_write, exec_finish): Allow caller to
specify filename.  This should make things easier on windows and macs
where the file extension is required, but a whole filename is even better.

* keyedit.c (show_key_with_all_names, show_prefs): Show proper prefs for a
v4 key uid with no selfsig at all.

* misc.c (check_permissions): Don't check permissions on non-normal files
(pipes, character devices, etc.)
2002-05-13 20:44:30 +00:00
Stefan Bellon
1935d90e1f fixes for M_DEBUG, strcasecmp and RISC OS 2002-05-10 17:28:32 +00:00
David Shaw
fecfcb6454 * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Show assumed
prefs for hash and compression as well as the cipher pref. Show assumed
prefs if there are no prefs at all on a v4 self-signed key.

* options.h, g10.c (main), sign.c (make_keysig_packet): New
--cert-digest-algo function to override the default key signing hash
algorithm.
2002-05-10 15:27:20 +00:00
David Shaw
2e56b988c8 * keyedit.c (sign_uids): If --expert it set, allow re-signing a uid to
promote a v3 self-sig to a v4 one.  This essentially deletes the old v3
self-sig and replaces it with a v4 one.
2002-05-07 04:27:40 +00:00
David Shaw
4a214fbfbb * keyedit.c (sign_uids): When making a self-signature via "sign" don't ask
about sig level or expiration, and include the usual preferences and such
for v4 self-sigs.  (menu_set_preferences): Convert uids from UTF8 to
native before printing.
2002-05-06 22:38:53 +00:00
David Shaw
2dfec7107c * keyedit.c (sign_uids): Convert uids from UTF8 to native before printing.
(menu_set_primary_uid): Show error if the user tries to make a uid with a
v3 self-sig primary.
2002-05-06 16:40:33 +00:00
Stefan Bellon
158091ef9f fixed m_alloc(0) bug and added checks to revkey and numrevkeys 2002-05-04 14:45:34 +00:00
David Shaw
201ad25df9 * keyedit.c (sign_uids): Nonrevocable key signatures cause an automatic
promotion to v4.
2002-05-03 22:31:30 +00:00
David Shaw
6dc53d136a * photoid.h, photoid.c (parse_image_header, image_type_to_string): Useful
functions to return data about an image.

* packet.h, parse-packet.c (make_attribute_uidname,
parse_attribute_subpkts, parse_attribute), photoid.h, photoid.c
(show_photos): Handle multiple images in a single attribute packet.

* main.h, misc.c (pct_expando), sign.c (mk_notation_and_policy), photoid.c
(show_photos): Simpler expando code that does not require using
compile-time string sizes.  Call image_type_to_string to get image strings
(i.e. "jpg", "image/jpeg").  Change all callers.

* keyedit.c (menu_showphoto), keylist.c (list_keyblock_print): Allow
viewing multiple images within a single attribute packet.

* gpgv.c: Various stubs for link happiness.
2002-05-02 20:47:23 +00:00
David Shaw
0d63a076b0 Allow multiple policy URLs on a given signature.
Split "--notation-data" into "--cert-notation" and "--sig-notation" so the
user can set different policies for key and data signing.  For backwards
compatibility, "--notation-data" sets both, as before.
2002-05-02 13:25:59 +00:00
David Shaw
66c8a663a5 * keyedit.c (menu_adduid): 2440bis04 says that multiple attribute packets
on a given key are legal.

* keyserver.c (keyserver_refresh): the fake v3 keyid hack applies to
"mailto" URLs as well since they are also served by pksd.
2002-05-01 22:33:18 +00:00
Werner Koch
cd59cb1d64 Added a copyright year for files changed this year. 2002-04-29 14:42:34 +00:00
David Shaw
cd7b3f9590 After generating a new key, show the key information (name, keyid,
fingerprint, etc.)

Do not print uncheckable signatures (missing key..) in --check-sigs.

Print statistics (N missing keys, etc.) after --check-sigs.

When signing a key with an expiration date on it, the "Do you want your
signature to expire at the same time?" question should default to YES
2002-04-23 17:54:38 +00:00
David Shaw
f06ee291db * keyedit.c (menu_deluid): Only cause a trust update if we delete a
non-revoked user id.

* hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options,
keyserver_spawn), options.h: Remove fast-import keyserver option (no
longer meaningful).

* g10.c (main), keyedit.c (sign_uids), options.h: Change
--default-check-level to --default-cert-check-level as it makes clear what
it operates on.

* g10.c (main): --pgp6 also implies --no-ask-sig-expire.

* delkey.c (do_delete_key): Comment.
2002-04-19 22:38:20 +00:00
David Shaw
cc7fb43ac3 * keyedit.c (sign_uids, keyedit_menu, menu_deluid, menu_delsig,
menu_expire, menu_revsig, menu_revkey): Only force a trustdb check if we
did something that changes it.

* g10.c: add "--auto-check-trustdb" to override a
"--no-auto-check-trustdb"
2002-04-19 11:31:53 +00:00
Werner Koch
4847eadcd8 * tdbio.c (tdbio_write_nextcheck): Return a status whether the
stamp was actually changed.
* trustdb.c (revalidation_mark): Sync the changes.  Removed the
sync operation done by its callers.
(get_validity): Add logic for maintaining a pending_check flag.
(clear_ownertrust): New.

* keyedit.c (sign_uids): Don't call revalidation_mark depending on
primary_pk.
(keyedit_menu): Call revalidation_mark after "trust".
(show_key_with_all_names): Print a warning on the wrong listed key
validity.

* delkey.c (do_delete_key): Clear the owenertrust information when
deleting a public key.
2002-04-19 09:18:57 +00:00
David Shaw
9ef1a80f8d * parse-packet.c (parse_signature): Minor fix - signatures should expire
at their expiration time and not one second later.

* keygen.c (proc_parameter_file): Allow specifying preferences string
(i.e. "s5 s2 z1 z2", etc) in a batchmode key generation file.

* keyedit.c (keyedit_menu): Print standard error message when signing a
revoked key (no new translation).

* getkey.c (merge_selfsigs): Get the default set of key prefs from the
real (not attribute) primary uid.
2002-04-14 01:27:11 +00:00
David Shaw
9d7b26c784 * pkclist.c (build_pk_list): Fix bug that allowed a key to be selected
twice in batch mode if one instance was the default recipient and the
other was an encrypt-to.  Noted by Stefan Bellon.

* parse-packet.c (dump_sig_subpkt): Show data in trust and regexp sig
subpackets.

* keyedit.c (keyedit_menu): Use new function real_uids_left to prevent
deleting the last real (i.e. non-attribute) uid.  Again, according to the
attribute draft. (menu_showphoto): Make another string translatable.
2002-04-13 04:32:03 +00:00
David Shaw
5005434c7e * build-packet.c (build_sig_subpkt): Delete subpackets from both hashed
and unhashed area on update.  (find_subpkt): No longer needed.

* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key with a v4
signature.  As usual, --expert overrides.  Try to tweak some strings to a
closer match so they can all be translated in one place.  Use different
helptext keys to allow different help text for different questions.

* keygen.c (keygen_upd_std_prefs): Remove preferences from both hashed and
unhashed areas if they are not going to be used.
2002-04-12 04:07:26 +00:00
David Shaw
018f352294 * misc.c (pct_expando), options.skel: Use %t to indicate type of a photo
ID (in this version, it's always "jpeg").  Also tweak string expansion
loop to minimize reallocs.

* mainproc.c (do_check_sig): Variable type fix.

* keyedit.c (menu_set_primary_uid): Differentiate between true user IDs
and attribute user IDs when making one of them primary. That is, if we are
making a user ID primary, we alter user IDs. If we are making an attribute
packet primary, we alter attribute packets.  This matches the language in
the latest attribute packet draft.

* keyedit.c (sign_uids): No need for the empty string hack.

* getkey.c (fixup_uidnode): Only accept preferences from the hashed
segment of the self-sig.
2002-04-11 04:04:41 +00:00
Werner Koch
b725d8ec27 Merged in my changes, after disk crash. Fortunately the CVS was not
affected - but everything else and it seems that there is no backup of
the BTS data is available :-(
2002-04-08 15:10:51 +00:00
David Shaw
0f682ed3f7 Fix ownertrust display with --with-colons.
Properly initialize the user ID refcount for user and photo IDs.

Tweak a few prompts to change "y/n" to "y/N", which is how most other
prompts are written.

Warn the user if they are about to revoke an expired sig (not a problem,
but they should know).

Control-d escapes the keyserver search prompt.

If a subkey is considered revoked solely because the parent key is
revoked, print the revocation reason from the parent key.

Allow revocation/expiration to apply to a uid/key with no entry in the
trustdb.
2002-03-31 23:51:33 +00:00
David Shaw
b8858a3ef1 --openpgp implies --allow-non-selfsigned-uid
If none of the uids are primary (because none are valid) then pick the
first to be primary (but still invalid).  This is for cosmetics in case
some display needs to print a user ID from a non-selfsigned key.  Also use
--allow-non-selfsigned-uid to make such a key valid and not
--always-trust.  The key is *not* automatically trusted via
--allow-non-selfsigned-uid.

Make sure non-selfsigned uids print [uncertain] on verification even
though one is primary now.

If the main key is not valid, then neither are the subkeys.

Allow --allow-non-selfsigned-uid to work on completely unsigned keys.
Print the uids in UTF8.  Remove mark_non_selfsigned_uids_valid()

Show revocation key as UTF8.

Allow --not-dash-escaped to work with v3 keys.
2002-03-17 23:47:32 +00:00
David Shaw
9267666d78 Some minor bug fixes.
do not prompt for revocation reason for v3 revocations (unless
force-v4-certs is on) since they wouldn't be used anyway.

show the status of the sigs (exportable? revocable?) to the user before
prompting for which sig to revoke.  Also, make sure that local signatures
get local revocations.

Add "exec-path" variable to override PATH for execing programs.

properly check return code from classify_user_id to catch unclassifiable
keys.
2002-03-05 04:57:10 +00:00
David Shaw
fbc66185f8 This is the first half of revocation key / designated revoker
support.  That is, it handles all the data to mark a key as revoked if it
has been revoked by a designated revoker.  The second half (coming
later) will contain the code to make someones key your designated revoker
and to issue revocations for someone else.

Note that this is written so that a revoked revoker can still issue
revocations: i.e. If A revokes B, but A is revoked, B is still revoked.
I'm not completely convinced this is the proper behavior, but it matches
how PGP does it.  It does at least have the advantage of much simpler code
- my first version of this had lots of loop maintaining code so you could
chain revokers many levels deep and if D was revoked, C was not, which
meant that B was, and so on. It was sort of scary, actually.

This also changes importing to allow bringing in more revocation keys, and
exporting to not export revocation keys marked "sensitive".

The --edit menu information will show if a revocation key is present.
2002-02-28 21:01:25 +00:00
David Shaw
22f32c9472 For --sig-policy-url and --cert-policy-url, clarify what is a sig and what
is a cert.  A sig has sigclass 0x00, 0x01, 0x02, or 0x40, and everything
else is a cert.

Add a "nrlsign" for nonrevocable and local key signatures.

Add a --no-force-mdc to undo --force-mdc.

Add a knob to force --disable-mdc/--no-disable-mdc.  Off by default, of
course, but is used in --pgp2 and --pgp6 modes.

Allow specifying multiple users in the "Enter the user ID" loop.  Enter a
blank line to stop.  Show each key+id as it is added.

It is not illegal (though possibly silly) to have multiple policy URLs in
a given signature, so print all that are present.

More efficient implementation of URL-ifying code for --search on an HKP
keyserver.
2002-02-10 00:18:54 +00:00
David Shaw
9057172a92 Allow policy URLs with %-expandos in them. This allows policy URLs like
"http://notary.jabberwocky.com/keysign/%K" to create a per-signature
policy URL.  Use the new generic %-handler for the photo ID stuff as well.

Display policy URLs and notations during signature generation if
--show-policy-url/--show-notation is set.
2002-02-05 00:04:24 +00:00
David Shaw
0c3e409fa3 Split "--set-policy-url" into "--cert-policy-url" and "--sig-policy-url"
so the user can set different policies for key and data signing.  For
backwards compatibility, "--set-policy-url" sets both, as before.
2002-02-03 14:42:56 +00:00
David Shaw
3e6d5d7c77 More comments about when to use IDEA in keygen.c
When key signing with multiple keys at the same time, make sure each key
gets the sigclass prompt
Close the iobuf and FILE before trying to reap the child process to
encourage the child to exit
Disable cache-on-close of the fd iobuf (shouldn't all fd iobufs not be
cached?)
2002-01-27 05:56:35 +00:00
Werner Koch
5a92c6052f * passphrase.c (passphrase_to_dek): Add tryagain_text arg to be
used with the agent.  Changed all callers.
(agent_get_passphrase): Likewise and send it to the agent
* seckey-cert.c (do_check): New arg tryagain_text.
(check_secret_key): Pass the string to do_check.
* keygen.c (ask_passphrase): Set the error text is required.
* keyedit.c (change_passphrase): Ditto.
* passphrase.c (agent_open): Disable opt.use_agent in case of a
problem with the agent.
(agent_get_passphrase): Ditto.
(passphrase_clear_cache): Ditto.
2002-01-20 18:33:04 +00:00
David Shaw
7997bba7a9 fix off-by-one in building attribute subpackets
change default compression to 1
add ask-sig-expire and ask-cert-expire (--expert was getting absurdly
overloaded)
permit v3 subkeys
use --expert to protect adding multiple photo ids and adding photos to a
v3 key
2002-01-06 03:52:14 +00:00
Werner Koch
ab430c4b24 * keyserver.c (keyserver_spawn): Removed some variables
declaration due to shadowing warnings.
* build-packet.c (build_attribute_subpkt): s/index/idx/ to avoid
compiler warnig due to index(3).
* getkey.c (get_ctx_handle): Use KEYDB_HANDLE as return value.
* keylist.c (list_one): Made resname const.
* keyedit.c (keyedit_menu): Allow "addphoto" only when --openpgp is
not used.
* options.skel: Changed one example photo viewer to qiv.
2001-12-22 13:04:24 +00:00
David Shaw
d560bdac18 Photo ID support (actually generic "attribute packet" support, but there
is only one attribute packet defined thus far, and it's a picture)
2001-12-21 23:06:02 +00:00
David Shaw
ca058399b0 Nonrevocable key signature support via "nrsign". These sigs can expire,
but cannot be revoked.  Any revocation certificates for them are ignored.
2001-12-21 21:02:05 +00:00
David Shaw
1ccd578910 Sig expiration code
Offer to expire a key signature when the key the user is signing expires
Expired sigs cause an error return
If --expert is set, prompt for sig duration
2001-12-07 01:14:15 +00:00
David Shaw
98facb5800 Allow a regular key signature to promote a local signature to full
exportable status
2001-12-07 01:04:02 +00:00
David Shaw
2e941ab7a3 New option --expert
Do not allow signing a revoked UID unless --expert is set, and ask even then.
Do not allow signing a revoked key unless --expert is set, and ask even then.
2001-12-07 01:00:21 +00:00
David Shaw
ebd148e553 Bug fix in "showpref"
Allow setting a no-compression preference
2001-12-07 00:57:50 +00:00
David Shaw
46efe28815 "sigclass" patch - adds key signature class levels, notation and policy-url
displays in key listings, and shows flags for signature features.
2001-12-06 22:04:08 +00:00
Werner Koch
b920ef23ca more fixes due to automake 1.5 2001-10-23 08:04:00 +00:00
Werner Koch
ebf6b8a515 calculate time of next trustdb check 2001-09-28 17:00:00 +00:00
Werner Koch
531f3953d8 Encryption should work again 2001-09-27 16:22:23 +00:00
Werner Koch
52be6a8aef completed the new key validation code 2001-09-26 12:49:10 +00:00
Werner Koch
a3af543617 Revamped the trustDB 2001-09-24 16:03:14 +00:00