1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00

1159 Commits

Author SHA1 Message Date
David Shaw
bafb6ebf27 * gpg.sgml: Clarify --no-permission-warning to note that the permission
warnings are not intended to be the be-all and end-all in security checks.
Add note to --group that when used on the command line, it may be
necessary to quote the argument so it is not treated as multiple
arguments.  Noted by Stefan.
2002-12-12 22:06:11 +00:00
David Shaw
7cbc893caf * options.skel: Include the required '=' sign in the sample 'group'
option.

* import.c (chk_self_sigs): Don't try and check a subkey as if it was a
signature.
2002-12-12 22:02:53 +00:00
David Shaw
23b36f4e47 * mainproc.c (proc_tree): Handle multiple detached sigs concatenated
together by warning the user and processing only the first.

* g10.c (main): Comment out --list-trust-path until it can be implemented.
2002-12-11 15:17:10 +00:00
David Shaw
4017bbc683 * gpg.sgml: Clarify include-revoked and include-disabled so they match
what the program actually does.  Noted by Dick Gevers.
2002-12-11 03:41:52 +00:00
David Shaw
4d7eba13cc * gpg.sgml: Document %-expandos for policy URLs and notations. 2002-12-06 17:49:59 +00:00
David Shaw
b7b7e6c25a * keygen.c (ask_algo): Make the Elgamal sign+encrypt warning stronger, and
remove the RSA sign+encrypt warning.

* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich
cache.
2002-12-06 04:05:47 +00:00
Werner Koch
6a52cba167 faq update. 2002-12-05 18:48:24 +00:00
Werner Koch
5c504ac5c5 * Changed variable for default gnupg.org http location from $hGPG
to $hGPGHTTP and update instances of variable throughout FAQ in
  introduction area and sections 1.1, 2.1 and 2.2

* Added section 1.4 - What conventions are used in this FAQ?
  + unices vs. win32 (with hyperlink (<Rhomedir>) to section 4.18 for
    example
  + gpg.conf vs. options (with hyperlink (<Roptions>) to section 5.8
    to note name change

* Corrected section 2.2 - Changed ftp URL (both display and link URLs)
  from "ftp://ftp.gnupg.org/pub/gcrypt" to ftp://ftp.gnupg.org/gcrypt/,
  and the display URL (not the actual link URL, it's correct) of the http
  URL from "http://www.gnupg.org/mirror.html" to
 "http://www.gnupg.org/mirrors.html"

* Included variable ($hVERSION) for easier updating of latest gpg
  version when referenced (as in section 2.2)

* Included variable ($hGPGFTP) for default gnupg.org ftp location
  (ftp://ftp.gnupg.org) for use in sections 2.2 and 4.16

* Corrected section 3.1 visual display of link from
  "http://www.gnupg.org/gnupg.html#supsys" to
  "http://www.gnupg.org/backend.html#supsys"

* Edited sections 3.1, 3.2, 5.2 to include $hGPGHTTP variable

* Corrected section 3.2 - Word typo ("avoided" was "avoiced").

* Corrected / edited section 3.3 -
  + corrected link: ftp://ftp.gnupg.dk/pub/contrib-dk/
    for idea.c.gz, idea.c.gz.sig, ideadll.zip, ideadll.zip.sig
  + edited section to include all files and added
    ~/.gnupg/gpg.conf info

* Edited section 4.6 - As this section deals with loosing a public key,
  I added a paragraph containing a hyperlink to the end of section 4.21
  ("I still have my secret key, but lost my public key..."). The
  paragraph reads: "If you've lost your public key and need to recreate
  it instead for continued use with your secret key, you may be able to
  use gpgsplit as detailed in question <Rgpgsplit>."

* Edited section 4.15 - Added paragraph below table on GPGrelay, an
  application for MUAs that lack OpenPGP (rfc2015) support to. "Users of
  Win32 MUAs that lack OpenPGP support may look into using GPGrelay
  <http://http://gpgrelay.sourceforge.net>, a small email-relaying
  server that uses GnuPG to enable many email clients to send and
  receive emails that conform to PGP-MIME (RFC 2015)."
  suggested by: Andreas John <aj@tesla.inka.de>

* Corrected section 4.16 - Incorportated Werner's URL fix for gpgme FTP
  location to synchronize local CVS with released FAQ version 1.5.8.

* Added section 4.19 - "How do I verify signed packages?"
  suggested by: Christian Reis <kiko@async.com.br>

* Added section 4.20 - "How do I export a keyring with only selected
  signatures?"
  by: David Shaw <dshaw@jabberwocky.com>

* Added section 4.21 - "I still have my secret key, but lost my public
  key. What can I do?"
  by: Werner Koch <wk@gnupg.org>

* Added section 4.22 - "Clearsigned messages sent from my web-mail
  account have an invalid signature. Why?"
  by: David Scribner <dscribner@bigfoot.com>

* Edited / Corrected section 5.8 - Changed question from "I just
  installed the most recent version of GnuPG and don't have a
  ~/.gnupg/options file. Is this missing from the installation?" to
  "GnuPG no longer installs a ~/.gnupg/options file. Is it missing?"
  + Added "An existing options file can be renamed to gpg.conf for
    users upgrading, or receiving the message that the "old default
    options file" is ignored (occurs if both a gpg.conf and an
    options file are found)." to the end of the paragraph.
  + Corrected ~/.gnupg/gpg.conf (was ~/.gnupg/conf)

* Added section 5.9 - "How to you export GnuPG keys for use with PGP?"
  by: David Shaw <dshaw@jabberwocky.com>
2002-12-05 18:47:58 +00:00
Werner Koch
77f99fd667 New entries 2002-12-05 15:22:21 +00:00
Werner Koch
f59aac24bb * gpg.sgml: Document --no-mangle-dos-filenames. 2002-12-05 15:21:41 +00:00
Werner Koch
9a34b607ab * g10.c: New options --[no-]mangle-dos-filenames.
* options.h (opt): Added mangle-dos-filenames.
* openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
filename only when this option is set; this is the default.

NOT YET TESTED!
2002-12-05 15:21:17 +00:00
David Shaw
1ae9261ef6 * NEWS: Add note about convert-from-106 script. 2002-12-04 18:59:23 +00:00
David Shaw
f4401fafd9 * gpg.sgml: Document --pgp8. Clarify that --pgp6 and --pgp7 disable
--throw-keyid.
2002-12-04 18:57:52 +00:00
David Shaw
2d6a766433 * main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) change.
Minimal isn't always best.

* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time.  Make sure that this doesn't
cause a time warp.

* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).

* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.

* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).
2002-12-04 18:32:00 +00:00
David Shaw
6d30580362 * packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.
2002-12-04 16:17:21 +00:00
David Shaw
dc70beb88f * options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode.  This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.

* getkey.c (finish_lookup): Comment.
2002-12-03 23:09:20 +00:00
David Shaw
33783a41a4 * main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder
user ID display in the --edit-key menu to match that of the --list-keys
display.

* tdbio.c (tdbio_read_record, tdbio_write_record): Comments to reserve a
byte for trust model in the devel version.

* g10.c (add_notation_data): Fix initialization.
2002-12-03 18:10:10 +00:00
David Shaw
03aaecf3f8 * keyedit.c (menu_expire): Don't lose key flags when changing the
expiration date of a subkey.  This is not the most optimal solution, but
it is minimal change on the stable branch.

* main.h, keygen.c (do_copy_key_flags): New function to copy key flags, if
any, from one sig to another. (do_add_key_expire): New function to add key
expiration to a sig. (keygen_copy_flags_add_expire): New version of
keygen_add_key_expire that also copies key flags.
(keygen_add_key_flags_and_expire): Use do_add_key_expire.

* import.c (fix_hkp_corruption): Comment.
2002-12-01 20:49:13 +00:00
David Shaw
7917a43b81 * gpg.sgml: Point out that if the user absolutely must, it's better to use
--pgpX than forcing an algorithm manually.  Better still not to use
anything, of course.
2002-12-01 01:51:34 +00:00
David Shaw
31e09a853d * distfiles, gnupg.spec.in: Include convert-from-106. 2002-11-30 23:30:48 +00:00
David Shaw
1c4090fe65 * convert-from-106: Script to automate the 1.0.6->later conversion. It
marks all secret keys as ultimately trusted, adds the signature caches,
and checks the trustdb.
2002-11-30 16:09:33 +00:00
David Shaw
721353f8c4 * NEWS: Add notes about notation names and '@', the "--trust-model always"
option, and non-optimized memory wiping.
2002-11-25 14:38:10 +00:00
David Shaw
efa986b098 * gpg.sgml: Document --sig-policy-url, --cert-policy-url, --sig-notation,
--cert-notation.  Clarify --show-notation and --show-policy-url that
policy URLs and notations can be used in data signatures as well.  Add
note about '@' being a required character in notation names.
2002-11-25 14:32:40 +00:00
David Shaw
f41be729cc * g10.c (add_notation_data): Disallow notation names that do not contain a
'@', unless --expert is set.  This is to help prevent people from
polluting the (as yet unused) IETF namespace.

* main.h: Comments about default algorithms.

* photoid.c (image_type_to_string): Comments about 3-letter file
extensions.

* g10.c (main): Add --strict and --no-strict as no-ops to smooth
transition when the devel GnuPG becomes the stable one.
2002-11-24 01:44:37 +00:00
David Shaw
d907271871 * gpg.sgml: Add an interoperability section. 2002-11-22 03:52:48 +00:00
David Shaw
e76d3eab83 * gpg.sgml: Correct defaults for --s2k-mode and --s2k-digest-mode. Noted
by Haakon Riiser.
2002-11-17 15:15:36 +00:00
David Shaw
848ae72ed5 * config.links: Use OpenBSD/NetBSD powerpc assembler code for Darwin.
Successfully tested by Gordon Worley.
2002-11-16 16:51:06 +00:00
David Shaw
c028cac7ab * gpg.sgml: Correct --compress-algo documentation to match behavior.
Noted by Jason S. Mantor.
2002-11-14 22:06:58 +00:00
David Shaw
01819803ae * gpg.sgml: Document --trust-model. 2002-11-14 02:54:56 +00:00
Stefan Bellon
5059ac6f0b fixed type incompatibility 2002-11-13 21:50:33 +00:00
David Shaw
5ecf0cbd79 * keyedit.c (show_key_with_all_names_colon): Make --with-colons --edit
display match the validity and trust of --with-colons --list-keys.

* passphrase.c (agent_send_all_options): Fix compile warning.

* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.
2002-11-13 13:14:40 +00:00
David Shaw
7178a8056c * getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid.  This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
2002-11-13 05:20:43 +00:00
Werner Koch
dbe54c8bd5 * config.sub, config.guess: Updated from ftp.gnu.org/gnu/config
to version 2002-11-08.
2002-11-12 19:38:16 +00:00
Werner Koch
7f0938142b * configure.ac: Check for ctermid(). 2002-11-09 17:38:55 +00:00
Werner Koch
e95dbae3f6 * passphrase.c (agent_send_all_options): Use tty_get_ttyname to
get the default ttyname.
2002-11-09 17:38:29 +00:00
Werner Koch
d0180ee195 * ttyio.c (TERMDEVICE): Removed.
(tty_get_ttyname): New.
(init_ttyfp): Use it here instead of the TERMDEVICE macro.
2002-11-09 17:38:11 +00:00
Stefan Bellon
eb6f7ce0ad added prototype that was missing in CVS since long ago 2002-11-06 16:17:14 +00:00
David Shaw
23ac2c1e0a * secmem.c (secmem_free, secmem_term): Use wipememory2() instead of
memset() to overwrite secure memory.
2002-11-06 15:43:38 +00:00
David Shaw
49db742b75 * util.h: Add wipememory2() macro (same as wipememory, but can specify the
byte to wipe with).
2002-11-06 15:40:45 +00:00
David Shaw
90279250e8 * blowfish.c (burn_stack), cast5.c (burn_stack), des.c (burn_stack), md5.c
(burn_stack), random.c (burn_stack, read_pool, fast_random_poll),
rijndael.c (burn_stack), rmd160.c (burn_stack), rndegd.c
(rndegd_gather_random), rndlinux.c (rndlinux_gather_random), rndriscos.c
(rndriscos_gather_random), sha1.c (burn_stack), tiger.c (burn_stack),
twofish.c (burn_stack): Replace various calls to memset() with the more
secure wipememory().
2002-11-06 15:28:12 +00:00
David Shaw
666dcb370b * keyedit.c (show_key_with_all_names_colon): Don't stick nulls into the
--with-colons listing.
2002-11-05 22:30:59 +00:00
David Shaw
62ff9a5e89 * g10.c (main): Add a mostly noop --trust-model option to smooth
transition to 1.4.
2002-11-05 02:17:48 +00:00
David Shaw
8078c08969 * DETAILS: Clarify meaning of 'u'. Noted by Timo. 2002-11-04 18:00:16 +00:00
David Shaw
66c458f954 * gpgkeys_hkp.c (send_key), gpgkeys_ldap.c (send_key): Properly handle an
input file that does not include any key data at all.
2002-11-04 13:49:31 +00:00
David Shaw
23d943d015 * Makefile.am: Put gnupg.spec in the root directory so rpm -ta works. 2002-10-31 17:55:38 +00:00
David Shaw
f77b885e65 * gnupg.spec.in: Update source ftp path. 2002-10-31 17:54:00 +00:00
David Shaw
456f89ea7a * build-packet.c (do_plaintext), encode.c (encode_sesskey, encode_simple,
encode_crypt), sign.c (write_plaintext_packet): Use wipememory() instead
of memset() to wipe sensitive memory as the memset() might be optimized
away.
2002-10-31 15:28:19 +00:00
David Shaw
92fb1251d0 * configure.ac: Add a check for volatile. 2002-10-31 15:23:10 +00:00
David Shaw
8be3f3e80c * util.h: Add wipememory() macro. 2002-10-31 15:22:21 +00:00
Werner Koch
321b88d0f6 * getkey.c (get_pubkey_direct): Renamed to...
(get_pubkey_fast): this and made extern.
(get_pubkey_byfprint_fast): New.
* import.c (import_one): Use get_pubkey_fast instead of
get_pubkey.  We don't need a merged key and actually this might
lead to recursions. --> There is still a problem, though.
(revocation_present): Likewise for search by fingerprint.

* g10.c (main): Try to create the trustdb even for non-colon-mode
list-key operations.  This is required because getkey needs to
know whether a a key is ultimately trusted.
2002-10-30 10:02:38 +00:00