list_keyblock_print, list_keyblock_colon), status.h, status.c
(get_status_string): New --attribute-fd feature to dump the contents of
attribute subpackets for frontends. If --status-fd is also used, then a
new status tag ATTRIBUTE is provided for each subpacket.
* packet.h, getkey.c (fixup_uidnode, merge_selfsigs_main,
merge_selfsigs_subkey), parse-packet.c (setup_user_id): Keep track of the
expiration time of a user ID, and while we're at it, use the expired flag
from the selfsig rather than reparsing the SIG_EXPIRE subpacket.
* photoid.c (generate_photo_id): When adding a new photo ID, showing the
photo for confirmation is not safe when noninteractive since the "user"
may not be able to dismiss a viewer window. Noted by Timo Schulz.
* hkp.c (parse_hkp_index): Properly handle the '&' character (i.e.
"&") in HKP responses.
* getkey.c (merge_selfsigs_main): Fix reversed expiration time check with
self-sigs.
* keyedit.c (sign_uids): When making a new self-sig on a v3 key, make a v3
self-sig unless it is currently a v3 self-sig being promoted to v4.
* g10.c (main): --allow-freeform-uid should be implied by OpenPGP. Add
--no-allow-freeform-uid.
* keyedit.c (sign_uids): Issue a warning when signing a non-selfsigned
uid.
* getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
allow-non-selfsigned-uid is not set, still try and make the key valid by
checking all uids for a signature from an ultimately trusted key.
signature (callable by make_keysig_packet). (write_direct_sig): Write a 1F
direct key signature. (parse_revocation_key): Parse a string in
algo:fpr:sensitive format into a revocation key. (get_parameter_revkey,
do_generate_keypair): Call above functions when prompted from a batch key
generation file.
* build-packet.c (build_sig_subpkt): Allow multiple revocation key
subpackets in a single sig.
* keydb.h, getkey.c (get_seckey_byfprint): Same as get_pubkey_byfprint,
except for secret keys. We only know the fingerprint of a revocation key,
so this is needed to retrieve the secret key needed to issue a revokation.
* packet.h, parse-packet.c (parse_signature, parse_revkeys): Split revkey
parsing off into a new function that can be used to reparse after
manipulating the revkey list.
* sign.c (make_keysig_packet): Ability to make 1F direct key signatures.
sample LDAP server instead.
* getkey.c (merge_selfsigs_main): Properly handle multiple revocation keys
in a single packet. Properly handle revocation keys that are in
out-of-order packets. Remove duplicates in revocation key list.
prefs for hash and compression as well as the cipher pref. Show assumed
prefs if there are no prefs at all on a v4 self-signed key.
* options.h, g10.c (main), sign.c (make_keysig_packet): New
--cert-digest-algo function to override the default key signing hash
algorithm.
clean as this function may be called more than once (e.g. from functions
in --edit).
* g10.c, encode.c (encode_crypt), sign.c (sign_file,
sign_symencrypt_file): Make --compress-algo work like the documentation
says. It should be like --cipher-algo and --digest-algo in that it can
override the preferences calculation and impose the setting the user
wants. No --compress-algo setting allows the usual preferences
calculation to take place.
* main.h, compress.c (compress_filter): use new DEFAULT_COMPRESS_ALGO
define, and add a sanity check for compress algo value.
(algo_available): --pgp7, identical to --pgp6 except that it permits a few
algorithms that PGP 7 added: AES128, AES192, AES256, and TWOFISH. Any
more of these --pgpX flags, and it'll be time to start looking at a
generic --emulate-pgp X option.
merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4
self-sig express a key expiration time that extends beyond the original v3
expiration time.
v3 keys is a MUST NOT.
* getkey.c (finish_lookup): The --pgp6 "use the primary key" behavior
should only apply while data signing and not encryption. Noted by Roger
Sondermann.
signatures that can expire. In short, the only thing that can override an
unexpired nonrevocable signature is another unexpired nonrevocable
signature.
* getkey.c (finish_lookup): Always use primary signing key for signatures
when --pgp6 is on since pgp6 and 7 do not understand signatures made by
signing subkeys.
for use with secret keys.
* seckey-cert.c (do_check): Always calculate the old checksum for
use after unprotection.
* g10.c, options.skel: New option --no-escape-from. Made
--escape-from and --force-v3-sigs the default and removed them
from the options skeleton.
at their expiration time and not one second later.
* keygen.c (proc_parameter_file): Allow specifying preferences string
(i.e. "s5 s2 z1 z2", etc) in a batchmode key generation file.
* keyedit.c (keyedit_menu): Print standard error message when signing a
revoked key (no new translation).
* getkey.c (merge_selfsigs): Get the default set of key prefs from the
real (not attribute) primary uid.
ID (in this version, it's always "jpeg"). Also tweak string expansion
loop to minimize reallocs.
* mainproc.c (do_check_sig): Variable type fix.
* keyedit.c (menu_set_primary_uid): Differentiate between true user IDs
and attribute user IDs when making one of them primary. That is, if we are
making a user ID primary, we alter user IDs. If we are making an attribute
packet primary, we alter attribute packets. This matches the language in
the latest attribute packet draft.
* keyedit.c (sign_uids): No need for the empty string hack.
* getkey.c (fixup_uidnode): Only accept preferences from the hashed
segment of the self-sig.
--allow-non-selfsigned-uid allows for completey unsigned uids).
Do not choose an attribute packet (i.e. photo) as primary uid. This
prevents oddities like "Good signature from [image of size 2671]". This
is still not perfect (one can still select an attribute packet as primary
in --edit), but is closer to the way the draft is going.
The algorithms list should include #110.
--pgp2 implies --no-ask-sig-expire and --no-ask-cert-expire as those would
cause a v4 sig/cert.
Be more lenient in what constitutes a valid armor header (i.e. -----BEGIN
blah blah-----) as some Windows programs seem to add spaces at the end.
--openpgp makes it strict again
If none of the uids are primary (because none are valid) then pick the
first to be primary (but still invalid). This is for cosmetics in case
some display needs to print a user ID from a non-selfsigned key. Also use
--allow-non-selfsigned-uid to make such a key valid and not
--always-trust. The key is *not* automatically trusted via
--allow-non-selfsigned-uid.
Make sure non-selfsigned uids print [uncertain] on verification even
though one is primary now.
If the main key is not valid, then neither are the subkeys.
Allow --allow-non-selfsigned-uid to work on completely unsigned keys.
Print the uids in UTF8. Remove mark_non_selfsigned_uids_valid()
Show revocation key as UTF8.
Allow --not-dash-escaped to work with v3 keys.
support. That is, it handles all the data to mark a key as revoked if it
has been revoked by a designated revoker. The second half (coming
later) will contain the code to make someones key your designated revoker
and to issue revocations for someone else.
Note that this is written so that a revoked revoker can still issue
revocations: i.e. If A revokes B, but A is revoked, B is still revoked.
I'm not completely convinced this is the proper behavior, but it matches
how PGP does it. It does at least have the advantage of much simpler code
- my first version of this had lots of loop maintaining code so you could
chain revokers many levels deep and if D was revoked, C was not, which
meant that B was, and so on. It was sort of scary, actually.
This also changes importing to allow bringing in more revocation keys, and
exporting to not export revocation keys marked "sensitive".
The --edit menu information will show if a revocation key is present.
KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows the
helper program to search the keyserver by fingerprint if desired (and the
keyserver supports it). Note that automatic fingerprint promotion during
refresh only applies to v4 keys as a v4 fingerprint can be easily changed
into a long or short key id, and a v3 cannot.
Take two copies of hextobyte() from pubkey-enc.c and getkey.c and make
them into one copy in misc.c.
keys (this is in the RFC), so that they can be (sometimes) used along
OpenPGP keys. Do not force using IDEA on an OpenPGP key, as this may
violate its prefs.
Also, revise the help text for the sig class explanation.
change default compression to 1
add ask-sig-expire and ask-cert-expire (--expert was getting absurdly
overloaded)
permit v3 subkeys
use --expert to protect adding multiple photo ids and adding photos to a
v3 key
declaration due to shadowing warnings.
* build-packet.c (build_attribute_subpkt): s/index/idx/ to avoid
compiler warnig due to index(3).
* getkey.c (get_ctx_handle): Use KEYDB_HANDLE as return value.
* keylist.c (list_one): Made resname const.
* keyedit.c (keyedit_menu): Allow "addphoto" only when --openpgp is
not used.
* options.skel: Changed one example photo viewer to qiv.