keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted. Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.
* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
signature (callable by make_keysig_packet). (write_direct_sig): Write a 1F
direct key signature. (parse_revocation_key): Parse a string in
algo:fpr:sensitive format into a revocation key. (get_parameter_revkey,
do_generate_keypair): Call above functions when prompted from a batch key
generation file.
* build-packet.c (build_sig_subpkt): Allow multiple revocation key
subpackets in a single sig.
* keydb.h, getkey.c (get_seckey_byfprint): Same as get_pubkey_byfprint,
except for secret keys. We only know the fingerprint of a revocation key,
so this is needed to retrieve the secret key needed to issue a revokation.
* packet.h, parse-packet.c (parse_signature, parse_revkeys): Split revkey
parsing off into a new function that can be used to reparse after
manipulating the revkey list.
* sign.c (make_keysig_packet): Ability to make 1F direct key signatures.
fingerprint, etc.)
Do not print uncheckable signatures (missing key..) in --check-sigs.
Print statistics (N missing keys, etc.) after --check-sigs.
When signing a key with an expiration date on it, the "Do you want your
signature to expire at the same time?" question should default to YES
v3 keys is a MUST NOT.
* getkey.c (finish_lookup): The --pgp6 "use the primary key" behavior
should only apply while data signing and not encryption. Noted by Roger
Sondermann.
at their expiration time and not one second later.
* keygen.c (proc_parameter_file): Allow specifying preferences string
(i.e. "s5 s2 z1 z2", etc) in a batchmode key generation file.
* keyedit.c (keyedit_menu): Print standard error message when signing a
revoked key (no new translation).
* getkey.c (merge_selfsigs): Get the default set of key prefs from the
real (not attribute) primary uid.
and unhashed area on update. (find_subpkt): No longer needed.
* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key with a v4
signature. As usual, --expert overrides. Try to tweak some strings to a
closer match so they can all be translated in one place. Use different
helptext keys to allow different help text for different questions.
* keygen.c (keygen_upd_std_prefs): Remove preferences from both hashed and
unhashed areas if they are not going to be used.
Properly initialize the user ID refcount for user and photo IDs.
Tweak a few prompts to change "y/n" to "y/N", which is how most other
prompts are written.
Warn the user if they are about to revoke an expired sig (not a problem,
but they should know).
Control-d escapes the keyserver search prompt.
If a subkey is considered revoked solely because the parent key is
revoked, print the revocation reason from the parent key.
Allow revocation/expiration to apply to a uid/key with no entry in the
trustdb.
When key signing with multiple keys at the same time, make sure each key
gets the sigclass prompt
Close the iobuf and FILE before trying to reap the child process to
encourage the child to exit
Disable cache-on-close of the fd iobuf (shouldn't all fd iobufs not be
cached?)
bits long (as RSA minimum is 1024)
Allow IDEA as a fake preference for v3 keys with v3 selfsigs when
verifying that a cipher is in preferences while decrypting
keys (this is in the RFC), so that they can be (sometimes) used along
OpenPGP keys. Do not force using IDEA on an OpenPGP key, as this may
violate its prefs.
Also, revise the help text for the sig class explanation.
used with the agent. Changed all callers.
(agent_get_passphrase): Likewise and send it to the agent
* seckey-cert.c (do_check): New arg tryagain_text.
(check_secret_key): Pass the string to do_check.
* keygen.c (ask_passphrase): Set the error text is required.
* keyedit.c (change_passphrase): Ditto.
* passphrase.c (agent_open): Disable opt.use_agent in case of a
problem with the agent.
(agent_get_passphrase): Ditto.
(passphrase_clear_cache): Ditto.
IDEA warning for pk messages encrypted with IDEA (symmetric is already done)
Print IDEA warning for each occurance except for secret key protection and
unknown cipher from an encrypted message.
pops up when the user uses "--cipher-algo idea", when setpref is used to
set a "S1" preference, and when a secret key protected with IDEA is used.
Tweak the --pgp2 mode to use this generic warning.
Offer to expire a key signature when the key the user is signing expires
Expired sigs cause an error return
If --expert is set, prompt for sig duration