* g10/tofu.c (get_trust): Call get_policy before short-circuiting the
policy lookup for ultimately trusted keys to make sure the binding is
added to the bindings table, if necessary.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2929
* g10/tofu.c (tofu_get_validity): If there was a conflict, don't also
print out a warning about too few messages.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/tofu.c (get_trust): Add arguments POLICYP and CONFLICT_SETP. If
they are not NULL, return the policy and conflict set (if there is
one), respectively. Update callers. If MAY_ASK is FALSE, don't print
out the statistics.
(tofu_register_encryption): If there is a conflict and we haven't yet
printed the statistics about the conflicting bindings, do so now.
(tofu_get_validity): Likewise.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2914
* g10/keyring.c (compare_name): Fix KEYDB_SEARCH_MODE_MAIL* searches
in keyrings when the UID is a plain addr-spec.
--
Previously, 'gpg --list-key "<foo@example.org>"' failed if 1/ the
keyring format is used and 2/ the key's UID is a plain addr-spec
(cf. RFC2822 section 4.3), e.g. 'foo@example.org'.
GnuPG-bug-id: 2930
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/ks-engine-hkp.c (tor_not_running_p): New.
(map_host): Call that to print a warning.
(handle_send_request_error): Ditto and avoid marking the host dead.
Also print a tor_config_problem warning. Add arg CTRL; adjust callers
to pass that new arg.
* g10/call-dirmngr.c (ks_status_cb): Detect and print the new
warnings.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/trustdb.c (check_regexp): Correctly print whether the
regexp matched or not.
--
This patch fixes the log message displayed when gpg attempts to
match the regexp associated with a trust signature with an user ID.
The current message interprets the 'ret' variable backwards, and
displays 'YES' when the regexp actually fails to match.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* g10/export.c (parse_export_options): Add "backup" and its alias
"export-backup".
(do_export_one_keyblock): Export ring trust packets in backup mode.
* g10/import.c (parse_import_options): Add "restore" and its alias
"import-restore".
(read_block): Import ring trust packets.
--
These options are intended to, well, backup and restore keys between
GnuPG implementations. These options may eventually be enhanced to
backup and restore all public key related information.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): If the parameter for --faked-system-time
ends with a '!', freeze time at the specified point.
* common/gettime.c (gnupg_set_time): Allow to freeze the time
at an arbitrary time instead of only the current time.
* doc/gpg.texi: Update documentation for --faked-system-time.
--
This patch allows the user to modify the behavior of the
--faked-system-time option: by appending a '!' to the parameter,
time in GnuPG will be frozen at the specified time, instead of
advancing normally from that time onward.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* g10/keylist.c (show_policy_url): Implement MODE -1.
(show_keyserver_url): Ditto.
(show_notation): Ditto.
* g10/keyedit.c (print_one_sig): Print policy URL, keyserver URL and
notation data to the tty.
--
With this change the listing of signatures in the key edit menu does
now include policy URLs et al in order and not possible after leaving
the menu (it used to go to stdout and not the tty).
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/trust.c (mark_usable_uid_certs): Allow use of secret key packets.
(clean_sigs_from_uid): Ditto.
(clean_uid_from_key): Ditto.
(clean_one_uid): Ditto.
(clean_key): Ditto.
--
Since 2.1 secret keys and public keys use identical data structure and
thus we should not restrict those key cleaning functions to work only
with public key packets. This change has no immediate effect but may
come handy in the future.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (keygen_set_std_prefs): Rename variable.
--
I consider it better not to use the name of a commonly used function.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (write_stats_status): Use the number of days with
signatures / encryptions to compute the validity, not the total number
of signatures / encryptions.
(BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
(FULL_TRUST_THRESHOLD): Likewise.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status
line.
* g10/tofu.c (write_stats_status): Take additional parameters
signature_days and encryption_days. Update callers. Include them in
the tfs record and TOFU status lines.
(show_statistics): Compute the number of days on which we saw a
message signed by FINGERPRINT, and the number of days on which we
encrypted a message to it.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/tofu.c (ask_about_binding): Emit all of the conflicting keys and
their statistics on the status fd.
(get_trust): Likewise, if we don't call ask_about_binding.
(show_statistics): Have the caller pass the policy as returned by
get_policy. Add argument only_status_fd and don't emit any output on
stdout if it is set. Update callers.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (main): Avoid translating arguments to 'wrong_args'.
--
Translating these messages is a burden for translators, and we only
have translations for very few of them as it is.
If we want to localize these messages, I'd suggest to translate the
placeholders (e.g. 'filename').
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename options.
(main): Update errors.
* doc/gpg.texi: Update accordingly.
--
I decided not to keep the old versions as aliases in the documentation
because the interface is a fairly recent addition.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename option.
* g10/call-agent.c (agent_scd_learn): Update comment.
* doc/gpg.texi: Update accordingly.
--
This change has a surprising side effect. Previously, --edit was an
alias for --edit-key, because the argument parser actually accepts
unique prefixes of all options. With this change, however, --edit is
ambiguous.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename option.
* doc/gpg.texi: Update accordingly.
--
This is a rather long name, but I believe that this command is rarely
used, and in places where it is used frequently, the process is likely
automated.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpg.texi: Document that fact.
* g10/keygen.c (quick_generate_keypair): Use a default value.
* tests/openpgp/quick-key-manipulation.scm: Test that fact.
GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/keygen.c (get_default_pubkey_algo): New.
(parse_key_parameter_string): Use it.
* g10/gpg.c (gpgconf_list): Take value from new function.
--
Note that consumers of that gpgconf-list value may need to be adjusted
to that new value. It should anyway only be used to display the
default algorithm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1.
(parse_key_parameter_part): Use default key size if only "rsa", "dsa",
or "elg" is given.
--
The first change is the actual fix. The second change avoids the
error "Invalid Curve" when only "rsa" instead of RSA2048 is given.
Fixes-commit: ce29272e24e7b718b8fca9b84bc728e65f3dea24
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (default_expiration_interval): New variable.
(generate_keypair): Use the new default.
--
Cursory discussion on gnupg-devel@ suggested two years as a good
default expiration interval.
GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/loadswdb.c: Set ERR on malloc failure.
* g10/passphrase.c (passphrase_to_dek): Initialize all fields of
HELP_S2K.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (build_conflict_set): Revert to int* and fix calloc.
--
The original code used an int array and thus better keep that and do
not limit it to 128 entries.
Fixes-commit: c3008bffac68b6f31e9ae9bad837cdce5de7c0db
Fixes-commit: 3b5b94ceab7c0ed9501c5cf54b4efa17fcd7300a
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (build_conflict_set): Replace variable dynamic array.
--
Note that clang complained that CONFLICT_SET_COUNT could be negative.
Thus I added an assert.
Signed-off-by: Werner Koch <wk@gnupg.org>