1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-26 10:59:58 +01:00

787 Commits

Author SHA1 Message Date
David Shaw
2a785147be * options.h, g10.c (main), import.c (parse_import_options, import_one,
import_secret_one), keyserver.c (keyserver_refresh): Change --merge-only
to --import-option merge-only.  Deprecate --merge-only.
2003-12-31 04:58:52 +00:00
David Shaw
d537d547ce * misc.c (pull_in_libs): Dead code. Removed.
* sig-check.c (check_revocation_keys): Comments.

* getkey.c (merge_selfsigs_main): Don't bother to check designated revoker
sigs if the key is already revoked.

* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on
PKs.  It is set when there is a revocation signature from a valid
revocation key, but the revocation key is not present to verify the
signature.

* pkclist.c (check_signatures_trust): Use it here to give a warning when
showing key trust.

* compress-bz2.c: Include stdio.h.  Solaris 9 has a very old bzip2 library
and we can at least guarantee that it won't fail because of the lack of
stdio.h.

* tdbio.c: Fixed format string bugs related to the use of DB_NAME.
Reported by Florian Weimer.
2003-12-30 00:46:42 +00:00
David Shaw
48238805b9 * options.h, g10.c (main), keyserver.c (keyserver_opts,
parse_keyserver_uri): honor-http-proxy is no longer an option since we can
do the same thing with http-proxy with no arguments. Also remove
broken-http-proxy since it can be better handled in the HTTP helper.
2003-12-28 16:08:04 +00:00
David Shaw
4cf0123a68 * keyserver.c (argsep): New variation on strsep that knows about optional
arguments. (parse_keyserver_options): Use it here for optional arguments.
2003-12-28 15:46:49 +00:00
Stefan Bellon
02ae08d6ef cleaned up RISC OS code and removed lots of unnecessary stuff 2003-12-28 14:12:16 +00:00
David Shaw
0f346cf8c1 * keyserver.c (strip_leading_space, get_arg): New.
(parse_keyserver_options): Use them here to allow arguments to
keyserver-options.  Since none of our options need arguments yet, just
pass them through whole to the keyserver helper.
2003-12-28 04:38:00 +00:00
David Shaw
392e6da660 * main.h, misc.c (parse_options): Add a "noisy" flag to enable and disable
the messages about which option didn't match or matched ambiguously.
Change all callers (g10.c, keyserver.c).

* main.h, import.c (import_options), export.c (export_options): Pass the
noisy flag through.
2003-12-28 03:46:43 +00:00
David Shaw
7847eae02c * build-packet.c (write_fake_data, do_secret_key), seckey-cert.c
(do_check): Use an unsigned length for mpi_get_opaque.

* options.h: It's impolite to assign -1 to an unsigned
opt.force_ownertrust.
2003-12-17 23:04:53 +00:00
David Shaw
84401d1523 * sig-check.c (cmp_help, do_check), sign.c (do_sign): Remove old unused
code.

* keyid.c (keyid_from_sk): Make sure lowbits is initialized.
2003-12-17 19:21:41 +00:00
David Shaw
f5d4b8dc06 * sig-check.c (do_check): Move the signing algo and hash checks from
here... (signature_check2): ... to here. (check_key_signature2): ... and
here.  This is a minor optimization to avoid fetching a key (which can be
expensive, especially if it is not self-signed, and there are many key
signatures on it which need to be checked for ultimate trust) if the
signature would have failed anyway because of algorithm or hash problems.
2003-12-13 03:53:27 +00:00
David Shaw
db5ab5e730 * packet.h, build-packet.c (hash_public_key): Remove function ...
* keydb.h, keyid.c (hash_public_key, do_fingerprint_md): ... and make a
new one here that shares code with the fingerprint calculations.  This
removes some duplicated functionality, and is also around 14% faster.
(Every bit helps).

* import.c (import_one): No longer need the Elgamal import warning.

* getkey.c (get_pubkey_fast): This one is sort of obscure. get_pubkey_fast
returns the primary key when requesting a subkey, so if a user has a key
signed by a subkey (we don't do this, but used to), AND that key is not
self-signed, AND the algorithm of the subkey in question is not present in
GnuPG, AND the algorithm of the primary key that owns the subkey in
question is present in GnuPG, then we will try and verify the subkey
signature using the primary key algorithm and hit a BUG().  The fix is to
not return a hit if the keyid is not the primary.  All other users of
get_pubkey_fast already expect a primary only.
2003-12-11 01:07:42 +00:00
David Shaw
888a6c2980 * keyid.c (do_fingerprint_md): Remove the rules to hash the old v3 Elgamal
keys.  They are no longer needed.
2003-12-10 01:59:45 +00:00
David Shaw
08967eb985 * keyid.c (keyid_from_sk, keyid_from_pk, fingerprint_from_pk,
fingerprint_from_sk): Enforce the v3-is-only-RSA rule.  Anything that
isn't RSA gets a zero keyid and fingerprint.
2003-12-10 01:52:33 +00:00
David Shaw
4830eb7cae * keyid.c (do_fingerprint_md): Properly handle hashing of keys that we
don't know the structure of by using the opaque MPI.
(do_fingerprint_md_sk): We cannot calculate the fingerprint from a secret
key unless we know the structure (since we can't leave off the secret key
parts), so fail early..... (keyid_from_sk, fingerprint_from_sk): .... and
return all zeroes.
2003-12-10 01:27:55 +00:00
David Shaw
189dea77ea * g10.c (strusage, main): Show development version warning in --version
output. (main): Set --bzip2-compress-level to the default value at
startup.  Remove --emulate-checksum-bug noop.
2003-12-04 04:58:12 +00:00
David Shaw
3c40fd65d6 * options.h, g10.c (main), main.h, seskey.c (do_encode_md,
encode_md_value), sig-check.c (do_check), sign.c (do_sign): Remove
--emulate-md-encode-bug as it only applied to Elgamal signatures, which
are going away.
2003-12-04 04:34:08 +00:00
David Shaw
03b04db3cf * mainproc.c (proc_symkey_enc, proc_encrypted): Add ability to use
--override-session-key on --symmetric messages (new-style or old-style).
(proc_pubkey_enc): Move code to show session key from here to
proc_encrypted() so it can work with any type of message. Suggested by
Michael Young.
2003-11-30 15:33:04 +00:00
David Shaw
3c0eb7790b * trustdb.c (validate_keys): Reset the trustdb before checking if we have
any ultimately trusted keys.  This ensures that if we lose all our
ultimately trusted keys, we don't leave behind the old validity
calculations.  Noted by Peter Palfrader.

* revoke.c (gen_desig_revoke): Specify in the comment when a designated
revocation is generated.

* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
get_seckey_byname2): Remove Elgamal check since we are removing type 20
keys altogether.
2003-11-30 00:33:27 +00:00
David Shaw
5473ac9deb * pkclist.c (build_pk_list): Do not allow an empty PK list in interactive
mode.

* getkey.c (get_seckey_byname2): Disallow use of sign+encrypt Elgamal
keys.
2003-11-27 14:47:00 +00:00
David Shaw
973c868961 * keygen.c (ask_algo): Remove ability to generate Elgamal sign+encrypt
keys.

* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Disallow use of
sign+encrypt Elgamal keys.
2003-11-27 13:53:34 +00:00
David Shaw
85a80265c7 * seskey.c (do_encode_md): Comment about earlier (pre-PGP 2.3) encodings.
* misc.c (compress_algo_to_string): Translate "Uncompressed". Requested by
Tommi Vainikainen. (string_to_compress_algo): Include multi-string for
"uncompressed|none".
2003-11-21 01:11:25 +00:00
David Shaw
dcf747d620 * options.h, g10.c (main), compress-bz2.c (init_uncompress): Add
--bz2-compress-lowmem to set bzlib "small" flag for low memory (but slow)
decompression.
2003-11-18 02:52:35 +00:00
David Shaw
2e4ab6c669 * compress.c (init_compress): Remove compress level 10 trick, since it is
no longer needed.

* g10.c: Fix typoed option name.

* compress-bz2.c (init_compress): Compression level 0 is not meaningful
for bzip2.
2003-11-15 23:54:14 +00:00
David Shaw
995d712589 * options.h, g10.c (main), compress.c (init_compress), compress-bz2.c
(init_compress): Add --compress-level and --bzip2-compress-level.  -z sets
them both.  Change various callers.
2003-11-15 22:31:58 +00:00
David Shaw
3257edd4e4 * encode.c (encode_simple), sign.c (sign_symencrypt_file): Properly use
default_compress_algo (--compress-algo, followed by the highest
--personal-compress-preference, followed by ZIP) to get the algorithm.
2003-11-15 15:38:43 +00:00
David Shaw
c47ec46526 * options.h, trustdb.c (trust_model_string, init_trustdb): Add support for
"external" trust model, where the user can provide a pregenerated trustdb.

* keyedit.c (keyedit_menu): Do not allow editing ownertrust with an
external trust model trustdb.
2003-11-15 00:19:49 +00:00
David Shaw
80caf9957f * options.h, g10.c, keyedit.c, keylist.c, mainproc.c: Clarify the
plurarility (or not) of various list and verify options.
2003-11-14 05:06:19 +00:00
David Shaw
bc1e4357a9 * g10.c (main): Add --symmetric --sign --encrypt.
* main.h, encode.c (setup_symkey): New.  Prompt for a passphrase and
create a DEK for symmetric encryption. (write_symkey_enc): New.  Write out
symmetrically encrypted session keys. (encode_crypt, encrypt_filter): Use
them here here when creating a message that can be decrypted with a
passphrase or a pk.

* sign.c (sign_file): Call setup_symkey if we are doing a --symmetric
--sign --encrypt.
2003-11-13 02:54:12 +00:00
David Shaw
5028edd538 * mainproc.c (proc_symkey_enc): Don't show algorithm information when
--quiet is set.  Suggested by Duncan Harris.  Also don't fail with BUG()
when processing a --symmetric message with a cipher we don't have.

* g10.c: Alias --personal-xxx-prefs to --personal-xxx-preferences.
2003-11-10 04:33:13 +00:00
David Shaw
ebe6f4999f * pkclist.c (build_pk_list): When adding recipients interactively, allow
the user to stop at any point.
2003-11-10 01:30:12 +00:00
David Shaw
5c37fd90bf * trustdb.h, trustdb.c (register_trusted_keyid): New. Adds a keyid to the
list of ultimately trusted keys.

* keygen.c (do_generate_keypair): Use it here so that the ultimate
ownertrust happens before the trustdb (might be) rebuilt.  Also fix an
error where the newly generated pk is thought to be a subkey by the
trustdb.

* g10.c (main): Fix --export-all do actually do something different than
--export.

* pkclist.c (build_pk_list): Show all recipients rather than showing each
recipient as they are added.

* mainproc.c (proc_symkey_enc, proc_encrypted): Keep a count of the number
of passphrases that can decrypt a symmetric or mixed symmetric/pk message
and include it in the list of keys shown to the user.
2003-11-01 01:13:16 +00:00
David Shaw
869c6bb7e4 * misc.c (compress_algo_to_string, string_to_compress_algo,
check_compress_algo): Add bzip2.

* compress.c (compress_filter): Make static to help force the use of
push_compress_filter.  Remove default algorithm setting since that is done
in push_compress_filter now.

* main.h: Use named algorithm.

* filter.h, compress.c (push_compress_filter, push_compress_filter2): New.
Figure out which is the appropriate compression filter to use, and push it
into place.

* compress.c (handle_compressed), encode.c (encode_simple, encode_crypt),
sign.c (sign_file, sign_symencrypt_file), import.c (read_block), export.c
(do_export): Use push_compress_filter instead of pushing the compression
filter ourselves.

* compress-bz2.c: New.  Bzlib versions of the compression filter routines.

* Makefile.am: Include compress-bz2.c if bz2lib is available.
2003-10-31 05:39:02 +00:00
Werner Koch
06865e7164 (close_ct_reader, close_pcsc_reader): Implemented.
(get_ccid_error_string): New.  Not very useful messages, though.
2003-10-30 09:30:20 +00:00
Werner Koch
fcc72f915b * cardglue.c (open_card): Ask for card insertion.
(check_card_serialno): New.
(agent_scd_pksign, agent_scd_pkdecrypt): Use it here.
* cardglue.c (open_card): Issue insertion status message.
* status.h, status.c (STATUS_CARDCTRL): New.

* status.c (cpr_get_answer_okay_cancel): New.

* miscutil.c (answer_is_okay_cancel): New.
2003-10-29 10:07:44 +00:00
Werner Koch
be239a058a * DETAILS: Add the 'a' value for field 12 and the new field 15.
* keylist.c (list_keyblock_print): Denote secrets keys stored on a
card with an '>'. Print the '#' also for subkeys.
(list_keyblock_colon): Introduce new field 15 for sec/ssb to print
the serial number.
2003-10-28 09:25:06 +00:00
David Shaw
ce4c9b6b5f * g10.c (main): Enhance the version-specific config file code to try for
more specific matches before giving up (e.g. 1.3.3-cvs, 1.3.3, 1.3, 1).
2003-10-26 15:49:44 +00:00
David Shaw
bb7986e9a6 * g10.c (main): Add --symmetric --encrypt command. This generates a
message that can be decrypted via a passphrase or public key system.

* main.h, encode.c (encode_seskey): Allow passing in an already-created
session key dek. (encode_simple): Use the actual symmetric cipher when
encrypting a session key for a symmetric message. (encode_crypt): Add a
flag to trigger a hybrid mode that can be decrypted via a passphrase or a
pk.  Change all callers.

* mainproc.c (symkey_decrypt_sesskey): There is no way to tell the
difference here between a bad passphrase and a cipher algorithm that we
don't have, so use a error message that makes that clear. Use the actual
list of ciphers when checking whether a cipher is invalid.  Return error
if the decrypted cipher algorithm is invalid. (proc_symkey_enc): In a
mixed passphrase/pk message, if a valid dek already exists from decrypting
via pk, do not try to process the passphrase. (proc_symkey_enc): Indicate
when we're decrypting a session key as opposed to decrypting data.  If a
passphrase is invalid, discard the dek so we'll keep trying.
2003-10-26 03:26:14 +00:00
Werner Koch
e62874f1d1 * ccid-driver.c (ccid_open_reader): Return an error if no USB
devices are found.

* Makefile.am: Replaced INTLLIBS by LIBINTL.
2003-10-25 16:26:29 +00:00
Werner Koch
bc45e6e065 * g10.c (main) [ENABLE_CARD_SUPPORT]: Add a default for
--pcsc-driver.

* cardglue.c (learn_status_cb): Fixed faulty use of !space.
2003-10-25 14:17:24 +00:00
Werner Koch
624612b991 (apdu_open_reader): Hacks for PC/SC under Windows. 2003-10-24 20:50:38 +00:00
Werner Koch
441aeb85f2 * passphrase.c (ask_passphrase): Add optional promptid arg.
Changed all callers.
* cardglue.c (pin_cb): Use it here, so the machine interface can
tell whether the Admin PIN is requested.

* cardglue.c (agent_scd_checkpin): New.

* misc.c (openpgp_pk_algo_usage): Added AUTH usage.

* app-openpgp.c (check_against_given_fingerprint): New. Factored
out that code elsewhere.
(do_check_pin): New.
* card-util.c (card_edit): New command "passwd".  Add logic to
check the PIN in advance.
(card_status): Add new args to return the serial number.  Changed
all callers.
2003-10-21 18:22:21 +00:00
David Shaw
6ad91b2b3a * import.c (import_one): Show the keyid when giving the Elgamal slow
import warning.

* g10.c (main): Older versions used --comment "" to indicate no comment.
Don't add an empty comment.
2003-10-14 23:30:14 +00:00
David Shaw
837df305c6 * keyedit.c (show_key_with_all_names): Ownertrust is only meaningful for
the PGP or classic trust models.  Both validity and ownertrust are not
meaningful for the always trust model.
2003-10-14 00:05:44 +00:00
Werner Koch
bc14a878e2 Always enable the gen_card_key prototype. 2003-10-11 16:32:03 +00:00
Werner Koch
8b36b03074 (card_close): New.
(agent_scd_change_pin): Implemented.
2003-10-10 15:45:11 +00:00
Werner Koch
6f6511f3ca About to release 1.3.3 2003-10-10 15:32:24 +00:00
Werner Koch
5a0fbad9b3 * cardglue.c (card_close): New.
* ccid-driver.c (ccid_close_reader): New.
* apdu.c (close_ccid_reader, close_ct_reader, close_csc_reader)
(close_osc_reader, apdu_close_reader): New.  Not all are properly
implemented yet.
* g10.c (g10_exit): Use close_card.
2003-10-10 15:12:02 +00:00
Werner Koch
3cfffa8a4e * primegen.c (gen_prime): Bail out if we try to generate a prime
with less than 16 bits. Include i18n.h.

* POTFILES.in (cipher/primegen.c): Added.
2003-10-10 09:28:26 +00:00
David Shaw
40db05fb99 * g10.c (main): Give a deprecated option warning for --show-keyring,
--show-photos, --show-policy-url, --show-notation, and their respective
no- forms.

* options.skel: Remove show-photos and replace with list/verify-options
show-photos.  Remove no-mangle-dos-filenames.

* misc.c (parse_options): Allow for incomplete (but unambiguous) options.
2003-10-10 03:05:05 +00:00
Werner Koch
f633ef17dc * ccid-driver.c (ccid_transceive): Add T=1 chaining for sending.
* sign.c (do_sign) [!ENABLE_CARD_SUPPORT]: Return an error for
card keys.

* cardglue.c (agent_scd_pkdecrypt): Implemented.
* pubkey-enc.c (get_it) [ENABLE_CARD_SUPPORT]: Divert decryption
to card
2003-10-09 15:08:12 +00:00
Werner Koch
72c648c035 * cardglue.c (pin_cb): Detect whether an admin or regular PIN is
requested.
(genkey_status_cb): New.
(agent_scd_genkey): Implemented.

* keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare
parameters for on card key generation. Changed all callers.
(do_generate_keypair): Add new arg card and merged casrd specific
changes from 1.9.
(proc_parameter_file): New arg card, apss it down to
do_generate_keypair and changed all callers.
(gen_card_key): New.

* g10.c: Include cardclue.h.
(main): s/app_set_default_reader_port/card_set_reader_port/.
* cardglue.c (card_set_reader_port): New to address include file
issues.
2003-10-08 15:21:20 +00:00
Werner Koch
99cabff03f * cardglue.c (learn_status_cb): Release values before assignment
so that it can be used by getattr to update the structure.
(agent_scd_getattr): New.

* keylist.c (print_pubkey_info): Add FP arg for optional printing
to a stream.  Changed all callers.
2003-10-02 10:20:12 +00:00
David Shaw
b0fe35f60e * g10.c (main): Add --no-groups to zero --group list.
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically
encrypted session key.  Use --s2k-cipher-algo to choose cipher, rather
than the default cipher.

* parse-packet.c (parse_subkeyenc): Give a warning if an symmetrically
encrypted session key is seen without salt.  Show in --list-packets if a
symetrically encrypted session key is present.

* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless
--quiet is set.  Use text name of cipher in warning.
2003-10-01 15:15:58 +00:00
David Shaw
cb772decc4 * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
--verify-option show-unusable-uids.
2003-09-30 21:16:36 +00:00
David Shaw
52100b459a * gpgv.c (check_trustdb_stale): Stub.
* trustdb.c (get_validity): Move the up-to-date check to
check_trustdb_stale (new), so that it can be called before validity is
checked.

* keylist.c (list_keyblock_print): Disable the overall key validity
display until it can be thought about more.  Use check_trustdb_stale here
to avoid putting the check warning in the middle of a listed key.

* trustdb.c (init_trustdb): Only verify_own_keys() for those trust models
that it applies to (i.e. classic and OpenPGP).
2003-09-30 15:30:39 +00:00
Werner Koch
8062cb418a * keygen.c (do_add_key_flags, parse_parameter_usage): Add support
the proposed AUTH key flag.
* getkey.c (fixup_uidnode, merge_selfsigs_main)
(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
* keylist.c (print_capabilities): Ditto.

* parse-packet.c (parse_key): Allow to parse the divert-to-card
S2K mode.
* build-packet.c (do_secret_key): Handle divert-to-card S2K
* seckey-cert.c (is_secret_key_protected): Ditto.
(check_secret_key): Ditto.

* keygen.c (do_ask_passphrase): Renamed from ask_passphrase.
* passphrase.c (ask_passphrase): New.
2003-09-30 08:00:08 +00:00
Werner Koch
e369270a65 * g10.c (main): New commands --card-edit, --card-status and
--change-pin.  New options --ctapi-driver, --pcsc-driver and
--disable-ccid
* options.h (DBG_CARD_IO): New.
* cardglue.c, cardclue.h: Enhanced.
* card-util.c: New. Taken from current the gnupg 1.9 branch.
* app-common.h, app-openpgp.c, iso7816.c, iso7816.h, apdu.c
* apdu.h, ccid-driver.c, ccid-driver.h: New.  Takem from the current
gnupg 1.9 branch withy minor changes to include directives.
* Makefile.am: Added these files.
2003-09-28 13:41:58 +00:00
Werner Koch
20ed53942a First bits of a card support backport from 1.9. It is not enabled by
default and tehre is not yet much more than a new configure option.

* configure.ac (LIBUSB_LIBS,HAVE_LIBUSB): Check for Libusb.
(--enable-card-support): New.

* sign.c (do_sign) [ENABLE_CARD_SUPPORT]: Divert to card.
* cardglue.c, cardglue.h: New.
* Makefile.am (gpg_LDADD): Added.
(card_support_sources): New.

* memory.h (xmalloc): Define xmalloc macros in terms of m_alloc.
2003-09-27 19:37:53 +00:00
David Shaw
e70e41612f * options.h, g10.c (main), keylist.c (list_keyblock_print): Add
"show-unusable-uids" list-option to show revoked and/or expired user IDs.
2003-09-25 04:03:11 +00:00
David Shaw
0d8bd2eace * keyedit.c (show_key_with_all_names): Show names a little neater by
putting the [revoked] or [expired] in the space used for the [validity].
There is also no point in showing "[unknown] [revoked]".
2003-09-24 12:11:17 +00:00
David Shaw
97dcb84cce * sign.c (mk_notation_policy_etc): Capitalize "URL".
* trustdb.c (validate_keys): Give a little more information while
rebuilding trustdb.

* pkclist.c (do_edit_ownertrust): Clarify "don't know".

* g10.c (main): Default to --no-mangle-dos-filenames.
2003-09-24 03:48:55 +00:00
David Shaw
4ccd51cb50 * keydb.h, keyring.c (keyring_search), trustdb.c (search_skipfnc): Expand
the skipfnc to include a pointer to the user ID that matched.

* getkey.c (skip_disabled): Rename to skip_unusable, and add checks for
expired or revoked user IDs.
2003-09-23 23:14:03 +00:00
David Shaw
b224756fbe * g10.c (main): Deprecate --default-comment in favor of --no-comments.
* options.h, g10.c (main), armor.c (armor_filter): Allow using --comment
multiple times to get multiple Comment: header lines. --no-comments resets
list.
2003-09-23 03:52:55 +00:00
David Shaw
eb18893c8c * g10.c (main): Trim --help to commonly used options. Remove -f. 2003-09-12 03:29:00 +00:00
David Shaw
405d9dfc59 * g10.c (main): Error out if --multifile is used with the commands that
don't support it yet (--sign, --clearsign, --detach-sign, --symmetric, and
--store).

* g10.c (main): Add --multifile as an alias to turn --encrypt into
--encrypt-files (plus --verify-files, --decrypt-files).

* encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440 directly to
check for MDC usability.  Do not set the force_mdc or disable_mdc flags
since there is no point any longer.
2003-09-09 00:25:53 +00:00
David Shaw
fe0de7bcaa * armor.c (parse_hash_header, armor_filter), g10.c (print_hex, print_mds),
pkclist.c (algo_available): Drop TIGER/192 support.
2003-09-04 12:03:04 +00:00
David Shaw
ff4b6613a9 * keyedit.c (show_key_with_all_names): Fix assertion failure when using
toggle to see a secret key.  Reported by Maxim Britov.
2003-09-03 23:24:03 +00:00
David Shaw
858a0a511e * g10.c (add_keyserver_url), keyedit.c (keyedit_menu), sign.c
(mk_notation_policy_etc): Clarify a few strings.  It's a "preferred
keyserver URL".

* g10.c (main): Use "keyserver-url" instead of "preferred-keyserver" for
the sake of short and simple commands.
2003-08-31 23:49:07 +00:00
David Shaw
653da12d2c * main.h, keygen.c (keygen_add_keyserver_url): Signature callback for
adding a keyserver URL.

* keyedit.c (keyedit_menu, menu_set_keyserver_url): New command to set
preferred keyserver to specified (or all) user IDs.

* build-packet.c (build_sig_subpkt): Set preferred keyserver flag while
building a preferred keyserver subpacket.

* keylist.c (show_policy_url): Policy URLs might be UTF8.

* keyedit.c (menu_addrevoker): Fix leaking a few bytes.
2003-08-31 03:45:41 +00:00
David Shaw
7c352dc29e * keyedit.c (show_key_with_all_names): Use list-option show-long-keyid in
main --edit-key display.
2003-08-30 01:08:08 +00:00
David Shaw
b9c223f86a * keyedit.c (print_and_check_one_sig): Use list-option show-long-keyid in
--edit-key "check" function.
2003-08-30 00:40:56 +00:00
David Shaw
17e67cd29b * passphrase.c (agent_send_all_options): Make use of $GPG_TTY.
* g10.c (main): Disable use-agent if passphrase-fd is given later.
Suggested by Kurt Garloff.

* exec.c, g10.c, gpgv.c, passphrase.c, photoid.c: s/__MINGW32__/_WIN32/ to
help building on native Windows compilers.  Requested by Brian Gladman.
From Werner on stable branch.
2003-08-29 00:14:42 +00:00
David Shaw
2d682ddc00 * options.h, g10.c (main): Add list-option list-preferred-keyserver.
* keyedit.c (change_passphrase): When responding 'no' to the blank
passphrase question, re-prompt for a new passphrase.  This is bug #202.
2003-08-26 04:07:52 +00:00
David Shaw
68aa60e79c * mainproc.c (check_sig_and_print): Use two different preferred keyserver
displays - one if the key is not present (to tell the user where to get
the key), the other if it is present (to tell the user where the key can
be refreshed).

* packet.h, parse-packet.c (parse_signature): Set flag if a preferred
keyserver is present.

* keylist.c (list_keyblock_print): Show keyserver url in listings with
list-option show-keyserver-url.
2003-08-26 03:56:47 +00:00
David Shaw
5707b80e59 * Makefile.am: Use NETLIBS instead of EGDLIBS. 2003-08-25 03:37:06 +00:00
David Shaw
03c12b5a5b * mainproc.c (check_sig_and_print): Get the uid validity before printing
any sig results to avoid munging the output with trustdb warnings.

* g10.c (main): Don't include --show-keyring in --help as it is
deprecated.
2003-08-24 23:01:26 +00:00
David Shaw
d8273544e1 * gpgv.c: Remove extra semicolon (typo).
* options.skel: Note that keyserver.pgp.com isn't synchronized, and
explain the roundrobin a bit better.

* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, collapse_uids,
merge_blocks): Make much quieter during import of slightly munged, but
recoverable, keys. Use log_error for unrecoverable import failures.

* keyring.c (keyring_rebuild_cache): Comment.

* sign.c (mk_notation_and_policy): Making a v3 signature with notations or
policy urls is an error, not an info (i.e. increment the errorcount).
Don't print the notation or policy url to stdout since it can be mixed
into the output stream when piping and munge the stream.
2003-08-21 23:20:58 +00:00
David Shaw
a2cf3caa98 * packet.h, sig-check.c (signature_check2, do_check, do_check_messages):
Provide a signing-key-is-revoked flag.  Change all callers.

* status.h, status.c (get_status_string): New REVKEYSIG status tag for a
good signature from a revoked key.

* mainproc.c (do_check_sig, check_sig_and_print): Use it here.

* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual
signatures on import rather than using keyid or class matching.  This does
not change actual behavior with a key, but does mean that all sigs are
imported whether they will be used or not.

* parse-packet.c (parse_signature): Don't give "signature packet without
xxxx" warnings for experimental pk algorithms.  An experimental algorithm
may not have a notion of (for example) a keyid (i.e. PGP's x.509 stuff).
2003-08-13 03:31:36 +00:00
David Shaw
752e3459ab * options.h, g10.c (main), keylist.c (list_keyblock_print), keyedit.c
(print_and_check_one_sig): New "show-sig-expire" list-option to show
signature expiration dates (if any).
2003-08-03 02:37:48 +00:00
David Shaw
e4a9d14aad * options.h, g10.c (main, add_keyserver_url): Add
--sig-preferred-keyserver to implant a "where to get my key" subpacket
into a signature.

* sign.c (mk_notation_and_policy): Rename to mk_notation_policy_etc and
add preferred keyserver support for signatures.
2003-07-24 19:28:12 +00:00
David Shaw
fbdee01db9 * keygen.c (do_add_key_flags): Don't set the certify flag for subkeys.
(ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal subkeys.
(generate_keypair): Provide key flags for the default DSA/Elgamal keys.

* sig-check.c (signature_check, signature_check2, check_key_signature,
check_key_signature2): Allow passing NULLs for unused parameters in the x2
form of each function to avoid the need for dummy variables. getkey.c,
mainproc.c: Change all callers.

* trustdb.h, trustdb.c (read_trust_options): New.  Returns items from the
trustdb version record.

* keylist.c (public_key_list): Use it here for the new "tru" record.

* gpgv.c (read_trust_options): Stub.
2003-07-21 23:19:15 +00:00
David Shaw
fa0cc6602b * keyedit.c (show_key_with_all_names): Use list-option show-validity in
--edit-key interface as well.
2003-07-20 17:09:43 +00:00
David Shaw
726b36b647 * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
verify-options "show-validity" and "show-long-keyid" to show trustdb
validity and long keyids during (file) signature verification.
2003-07-20 02:09:06 +00:00
David Shaw
06442ab0da * packet.h, main.h, sig-check.c (signature_check2, check_key_signature2,
do_check): If ret_pk is set, fill in the pk used to verify the signature.
Change all callers in getkey.c, mainproc.c, and sig-check.c.

* keylist.c (list_keyblock_colon): Use the ret_pk from above to put the
fingerprint of the signing key in "sig" records during a --with-colons
--check-sigs.  This requires --no-sig-cache as well since we don't cache
fingerprints.
2003-07-20 00:10:13 +00:00
David Shaw
f4617d97b8 * parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.

* misc.c (pct_expando): Add two new expandos - signer's fingerprint (%g),
and signer's primary fingerprint (%p).

* Makefile.am: Include W32LIBS where appropriate.

* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.

* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for "hkp",
since it is occasionally written that way. (keyserver_spawn): Use
ascii_isspace to avoid locale issues.

* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the email
field as well as the name field, and allow mixing fields when it is set.

* options.skel: Use subkeys.pgp.net as the default keyserver.

* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.

* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction.  This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.

* signal.c, tdbio.c: Comment out the transaction code.  It was not used in
this version, and was causing some build problems on quasi-posix platforms
(Solaris and Forte c89).

* keylist.c (list_keyblock_colon): Don't include validity values when
listing secret keys since they can be incorrect and/or misleading.  This
is a temporary kludge, and will be handled properly in 1.9/2.0.

* mainproc.c (check_sig_and_print): Only show the "key available from"
preferred keyserver line if the key is not currently present.

* keyedit.c (sign_uids): Do not sign expired uids without --expert (same
behavior as revoked uids).  Do not allow signing a user ID without a
self-signature.  --expert overrides.  Add additional prompt to the
signature level question. (menu_expire): When changing expiration dates,
don't replace selfsigs on revoked uids since this would effectively
unrevoke them. There is also no point in replacing expired selfsigs.
This is bug #181

* g10.c (add_notation_data): Make sure that only ascii is passed to
iscntrl.  Noted by Christian Biere.

* getkey.c (classify_user_id2): Replaced isspace by spacep

* keygen.c (ask_user_id): Ditto. (get_parameter_algo): Ditto.

* keyedit.c (keyedit_menu): Ditto.

* tdbdump.c (import_ownertrust): Ditto.  s/isxdigit/hexdigitp/.

* revoke.c (ask_revocation_reason):

* keyserver.c (keyserver_spawn): Dito.
2003-07-10 14:30:07 +00:00
Werner Koch
66a7843c94 * parse-packet.c (parse): Disallow old style partial length for
all key material packets to avoid possible corruption of keyrings.
2003-06-10 09:05:38 +00:00
Werner Koch
1c24b139e7 * import.c (import_keys_internal): Invalidate the cache so that
the file descriptor gets closed.  Fixes bug reported by Juan
F. Codagnone.
2003-06-08 21:35:25 +00:00
Werner Koch
5880657f5e * import.c (import_keys_internal): Invalidate the cache so that
the file descriptor gets closed.  Fixes bug reported by Juan
F. Codagnone.
2003-06-08 21:23:48 +00:00
David Shaw
4d3fecee56 * options.skel: Use new hkp://subkeys.pgp.net as sample keyserver since
they at least handle subkeys correctly.

* options.h, g10.c (main), main.h, keylist.c (show_keyserver_url),
mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt,
parse_one_sig_subpkt, can_handle_critical): Add read-only support for
preferred keyserver subpackets.  They're basically policy URLs with a
different name.  Add a verify-option "show-preferred-keyserver" to turn
them on and off (on by default, as per stable branch).

* g10.c (main): Add "--set-notation" as alias to "--notation-data" this is
to make things consistent with --set-policy-url meaning both sigs and
certs.
2003-06-05 02:06:12 +00:00
David Shaw
39e6e163d4 Inadvertently left out of the 2003-06-01 checkin 2003-06-04 21:21:23 +00:00
David Shaw
7c9855aaa2 * options.h, g10.c (main), keylist.c (list_keyblock_print): Add
"show-validity" and "show-long-keyid" list-options.

* gpgv.c (get_validity, trust_value_to_string): Stubs.

* g10.c (main): Use SAFE_VERSION instead of VERSION in the
version-specific gpg.conf file so it can be overridden on RISCOS.
2003-06-03 17:47:58 +00:00
David Shaw
27ec3d9201 * g10.c (main), keylist.c (show_policy_url, show_notation), mainproc.c
(check_sig_and_print): Emulate the old policy and notation behavior
(display by default).  Send to status-fd whether it is displayed on the
screen or not.

* g10.c (main): Since we now have some options in devel that won't work in
a stable branch gpg.conf file, try for a version-specific gpg.conf-VERSION
file before falling back to gpg.conf.

* main.h, options.h: Move various option flags to options.h.
2003-06-01 15:36:13 +00:00
David Shaw
b17358948d * mainproc.c (check_sig_and_print), main.h, keylist.c (show_policy,
show_notation): Collapse the old print_notation_data into show_policy()
and show_notation() so there is only one function to print notations and
policy URLs.

* options.h, main.h, g10.c (main), keyedit.c (print_and_check_one_sig),
keylist.c (list_one, list_keyblock_print), pkclist.c (do_edit_ownertrust),
sign.c (mk_notation_and_policy): New "list-options" and "verify-options"
commands.  These replace the existing --show-photos/--no-show-photos,
--show-notation/--no-show-notation,
--show-policy-url/--no-show-policy-url, and --show-keyring options.  The
new method is more flexible since a user can specify (for example) showing
photos during sig verification, but not in key listings.  The old options
are emulated.
2003-05-31 23:23:19 +00:00
David Shaw
ff43d07819 * main.h, misc.c (parse_options): New general option line parser. Fix the
bug in the old version that did not handle report syntax errors after a
valid entry.

* import.c (parse_import_options), export.c (parse_export_options): Call
it here instead of duplicating the code.
2003-05-31 21:52:16 +00:00
David Shaw
9390fe676b * keylist.c (list_one): Don't show the keyring filename when in
--with-colons mode.  Actually translate "Keyring" string.

* mainproc.c (proc_tree): We can't currently handle multiple signatures of
different classes or digests (we'd pretty much have to run a different
hash context for each), but if they are all the same, make an exception.
This is Debian bug #194292.

* sig-check.c (check_key_signature2): Make string translatable.

* packet.h, getkey.c (fixup_uidnode): Mark real primary uids differently
than assumed primaries.

* keyedit.c (no_primary_warning): Use the differently marked primaries
here in a new function to warn when an --edit-key command might rearrange
the self-sig dates enough to change which uid is primary. (menu_expire,
menu_set_preferences): Use no_primary_warning() here.

* Makefile.am: Use @DLLIBS@ for -ldl.
2003-05-31 04:06:06 +00:00
David Shaw
ad9f6ae4b5 * getkey.c (premerge_public_with_secret): Made "no secret subkey for"
warning a verbose item and translatable. (From wk on stable branch)

* sig-check.c (check_key_signature2): Made "no subkey for subkey binding
packet" a verbose item instead of a !quiet one.  There are too many
garbled keys out in the wild. (From wk on stable branch)

* filter.h: Remove const from WHAT. (From wk on stable branch)

* progress.c (handle_progress): Store a copy of NAME. (progress_filter):
Release WHAT, make sure not to print a NULL WHAT. (From wk on stable
branch)

* openfile.c (open_sigfile): Adjust free for new progress semantics. (From
wk on stable branch)

* plaintext.c (ask_for_detached_datafile): Don't dealloc pfx->WHAT. (From
wk on stable branch)

* seckey-cert.c (do_check): Issue the RSA_OR_IDEA status when the cipher
algo is IDEA to make it easier to track down the problem. (From twoaday on
stable branch)
2003-05-26 13:21:12 +00:00
David Shaw
3a23c4230b * armor.c, g10.c, kbnode.c, misc.c, pkclist.c, sign.c, build-packet.c,
getkey.c, keydb.c, openfile.c, plaintext.c, status.c, gpgv.c, keygen.c,
options.h, sig-check.c, tdbio.h, encode.c, mainproc.c, parse-packet.c,
signal.c, textfilter.c: Edit all preprocessor instructions to remove
whitespace before the '#'. This is not required by C89, but there are some
compilers out there that don't like it.
2003-05-24 21:50:33 +00:00
David Shaw
2e821d77f7 * trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy.  Cache the result of the check so we don't
need to hit the trustdb more than once.

* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.

* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.

* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.

* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.

* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.

* exec.h, photoid.h: Add copyright message.

* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings.  This is for
consistency with --show-photos.

* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.

* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options.  This is the same as --no-XXXX for those options.

* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question.  This is bug 153.

* keyedit.c (sign_uids): Show keyid of the key making the signature.
2003-05-21 16:42:22 +00:00
Werner Koch
d0573d3db6 * progress.c (handle_progress)
* sign.c (write_plaintext_packet)
* encode.c (encode_simple,encode_crypt): Make sure that a filename
of "-" is considered to be stdin so that iobuf_get_filelength
won't get called.  This fixes bug 156 reported by Gregery Barton.
2003-05-21 08:48:26 +00:00
David Shaw
3afe991bb8 * packet.h, build-packet.c (build_sig_subpkt), export.c
(do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c
(dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old
sig cache subpacket.  This wasn't completely harmless as it caused
subpacket 101 to disappear on import and export.

* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c,
encode.c, getkey.c, revoke.c: The current flags for different levels of
PGP-ness are massively complex.  This is step one in simplifying them. No
functional change yet, just use a macro to check for compliance level.

* sign.c (sign_file): Fix bug that causes spurious compression preference
warning.

* sign.c (clearsign_file): Fix bug that prevents proper warning message
from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key.

* main.h, misc.c (compliance_option_string, compliance_string,
compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New
functions to put the "this message may not be usable...." warning in one
place.

* options.h, g10.c (main): Part two of the simplification.  Use a single
enum to indicate what we are compliant to (1991, 2440, PGPx, etc.)

* g10.c (main): Show errors for failure in export, send-keys, recv-keys,
and refresh-keys.

* options.h, g10.c (main): Give algorithm warnings for algorithms chosen
against the --pgpX and --openpgp rules.

* keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp
mode.

* sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of
0.
2003-05-03 04:07:45 +00:00
David Shaw
f861b6488e * tdbio.c (create_version_record): Only create new trustdbs with
TM_CLASSIC or TM_PGP.

* trustdb.h, trustdb.c (trust_string, get_ownertrust_string,
get_validity_string, ask_ownertrust, validate_keys), pkclist.c
(do_edit_ownertrust): Rename trust_string to trust_value_to_string for
naming consistency.

* trustdb.h, trustdb.c (string_to_trust_value): New function to translate
a string to a trust value.

* g10.c (main): Use string_to_trust_value here for --force-ownertrust.

* options.h, g10.c (main), trustdb.c (trust_model_string, init_trustdb,
check_trustdb, update_trustdb, get_validity, validate_one_keyblock): An
"OpenPGP" trust model is misleading since there is no official OpenPGP
trust model.  Use "PGP" instead.
2003-05-01 21:37:08 +00:00
David Shaw
1fc1d26083 * build-packet.c (build_sig_subpkt): Comments.
* exec.c (exec_write): Cast NULL to void* to properly terminate varargs
list.

* keyedit.c (show_key_with_all_names): Just for safety, catch an invalid
pk algorithm.

* sign.c (make_keysig_packet): Crucial that the call to mksubpkt comes
LAST before the calls to finalize the sig as that makes it possible for
the mksubpkt function to get a reliable pointer to the subpacket area.

* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
particular user ID, use that ID as the one to ask about when prompting
whether to use the key anyway. (build_pk_list): Similar change here when
adding keys to the recipient list.

* trustdb.c (update_validity): Fix bug that prevented more than one
validity record per trust record. (get_validity): When retrieving validity
for a (user) supplied user ID, return the validity for that user ID only,
and do not fall back to the general key validity. (validate_one_keyblock):
Some commentary on whether non-self-signed user IDs belong in the web of
trust (arguably, they do).
2003-04-30 05:33:52 +00:00
David Shaw
9f6fa94486 * g10.c (main): Add --no-textmode.
* export.c (do_export_stream), keyedit.c (show_key_with_all_names,
menu_addrevoker), mainproc.c (check_sig_and_print), photoid.c
(show_photos), sign.c (mk_notation_and_policy), trustdb.c (get_validity,
reset_trust_records, validate_keys): Make some strings translatable.

* mainproc.c (check_sig_and_print): Show digest algorithm and sig class
when verifying a sig with --verbose on, and add version, pk and hash
algorithms and sig class to VALIDSIG.

* parse-packet.c (enum_sig_subpkt): Make a warning message a --verbose
warning message since we don't need to warn every time we see an unknown
critical (we only need to invalidate the signature).

* trustdb.c (init_trustdb): Check the trustdb options even with TM_AUTO
since the auto may become TM_CLASSIC or TM_OPENPGP.
2003-04-27 20:22:09 +00:00
David Shaw
a01bda6abd * sign.c (do_sign): Show the hash used when making a signature in verbose
mode.

* tdbio.h, tdbio.c (tdbio_read_model): New function to return the trust
model used in a given trustdb.

* options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb,
update_trustdb): Use tdbio_read_model to implement an "auto" trust model
which is set via the trustdb.
2003-04-26 20:38:16 +00:00
David Shaw
874214d0a0 * import.c (import_revoke_cert): Remove ultimate trust when revoking an
ultimately trusted key.

* keyedit.c (sign_uids): Allow replacing expired signatures. Allow
duplicate signatures with --expert.

* pkclist.c (check_signatures_trust): Don't display a null fingerprint
when checking a signature with --always-trust enabled.

* filter.h (progress_filter_context_t), progress.c (handle_progress),
plaintext.c (ask_for_detached_datafile, hash_datafiles): Fix compiler
warnings.  Make "what" constant.

* build-packet.c (do_plaintext): Do not create invalid literal packets
with >255-byte names.
2003-04-23 21:18:39 +00:00
Werner Koch
b394776a80 * Makefile.am (AM_CFLAGS): Make use of AM_CFLAGS and AM_LDFLAGS.
* g10.c, options.h: New option --enable-progress-filter.
* progress.c (handle_progress): Make use of it.
2003-04-15 15:46:13 +00:00
Werner Koch
6b55878912 * passphrase.c (read_passphrase_from_fd): Do a dummy read if the
agent is to be used.  Noted by Ingo Kl�cker.
(agent_get_passphrase): Inhibit caching when we have no
fingerprint.  This is required for key generation as well as for
symmetric only encryption.

* passphrase .c (agent_get_passphrase): New arg CANCELED.
(passphrase_to_dek): Ditto.  Passed to above.  Changed all
callers to pass NULL.
* seckey-cert.c (do_check): New arg CANCELED.
(check_secret_key): Terminate loop when canceled.

* keyedit.c (change_passphrase): Pass ERRTEXT untranslated to
passphrase_to_dek and translate where appropriate.
* seckey-cert.c (check_secret_key): Ditto.
* keygen.c (ask_passphrase): Ditto.
* passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT.
Switch the codeset to utf-8.
2003-04-10 09:56:47 +00:00
David Shaw
3cf45b304e * main.h, g10.c (main), import.c (parse_import_options,
fix_pks_corruption): It's really PKS corruption, not HKP corruption.
Keep the old repair-hkp-subkey-bug command as an alias.

* g10.c (main): Rename --no-version to --no-emit-version for consistency.
Keep --no-version as an alias.
2003-04-09 01:57:46 +00:00
Werner Koch
26fabc31e3 Add primary key fingerprint to VALIDSIG status. 2003-04-08 08:42:47 +00:00
David Shaw
5eba95854c * pkclist.c (algo_available): PGP 8 can use the SHA-256 hash.
* sign.c (sign_file, clearsign_file, sign_symencrypt_file): Remove unused
code.
2003-04-04 22:48:24 +00:00
David Shaw
d2548b3f60 * keydb.h: Err on the side of making an unknown signature a SIG rather
than a CERT.

* import.c (delete_inv_parts): Discard any key signatures that aren't key
types (i.e. 0x00, 0x01, etc.)

* g10.c (main): Add deprecated option warning for --list-ownertrust.  Add
--compression-algo alias for --compress-algo.  Change --version output
strings to match "showpref" strings, and make translatable.

* status.c (do_get_from_fd): Accept 'y' as well as 'Y' for --command-fd
boolean input.

* trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX)

* keyedit.c (show_key_with_all_names_colon): Show no-ks-modify flag.
2003-03-24 20:05:53 +00:00
David Shaw
2c717d9038 * options.h, g10.c (main), keyserver.c (kopts): Add "try-dns-srv"
keyserver option.  Defaults to on.

* passphrase.c (agent_get_passphrase): Fix memory leak with symmetric
messages.  Fix segfault with symmetric messages.  Fix incorrect prompt
with symmetric messages.
2003-03-11 22:12:20 +00:00
Werner Koch
230d871336 * compress.c (init_uncompress): Use a 15 bit window size so that
the output of implementations which don't run for PGP 2
compatibility won't get garbled.
2003-03-10 09:59:33 +00:00
David Shaw
909f6a0637 * trustdb.c (validate_keys): Mask the ownertrust when building the list of
fully valid keys so that disabled keys are still counted in the web of
trust. (get_ownertrust_with_min): Do the same for the minimum ownertrust
calculation.

* parse-packet.c (dump_sig_subpkt): Show the notation names for
not-human-readable notations.  Fix cosmetic off-by-one length counter.

* options.skel: Add explantion and commented-out
"no-mangle-dos-filenames".

* mainproc.c (proc_encrypted): Make string translatable.

* keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit characters
in the uid strings sent to the keyserver helper.

* keyring.c (keyring_rebuild_cache): Lock the keyring while rebuilding the
signature caches to prevent another gpg from tampering with the temporary
copy.

* keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in default
prefs.

* keyedit.c (show_prefs): Make strings translatable.

* keydb.c: Double the maximum number of keyrings to 40.

* gpgv.c (main): Fix bug #113 - gpgv should accept the
--ignore-time-conflict option.

* g10.c (main): --openpgp disables --pgpX.  Double the amount of secure
memory to 32k (keys are getting bigger these days).

* Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.
2003-03-04 15:24:12 +00:00
David Shaw
cb2167a306 * keyserver.c (keyserver_spawn): Include various pieces of information
about the key in the data sent to the keyserver helper.  This allows the
helper to use it in instructing a remote server which may not have any
actual OpenPGP smarts in parsing keys.

* main.h, export.c (export_pubkeys_stream, do_export_stream): Add ability
to return only the first match in an exported keyblock for keyserver
usage.  This should be replaced at some point with a more flexible
solution where each key can be armored seperately.
2003-02-26 17:11:24 +00:00
David Shaw
30d0fc519d * sign.c (sign_file): Do not push textmode filter onto an unopened IOBUF
(segfault).  Noted by Marcus Brinkmann.  Push and reinitialize textmode
filter for each file in a multiple file list.

* packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set and show
the keyserver no-modify flag.

* keygen.c (add_keyserver_modify): New. (keygen_upd_std_prefs): Call it
here. (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as
prefs to set and unset keyserver modify flag.
2003-02-22 23:58:39 +00:00
David Shaw
6f41d06841 * g10.c (main): Accept "s1" in addition to "idea" to match the other
ciphers.

* main.h, misc.c (idea_cipher_warn): We don't need this if IDEA has been
disabled.
2003-02-22 13:00:18 +00:00
David Shaw
4ee2d23892 * keygen.c (keygen_set_std_prefs): Don't put AES or CAST5 in default prefs
if they are disabled.
2003-02-21 22:16:43 +00:00
David Shaw
5511e3870d * g10.c (main): Use 3DES instead of CAST5 if we don't have CAST5 support.
Use 3DES for the s2k cipher in --openpgp mode. (print_mds): #ifdef all of
the optional digest algorithms.
2003-02-21 20:43:17 +00:00
David Shaw
d691cf8d10 * keydb.h, getkey.c (classify_user_id, classify_user_id2): Make 'exact' a
per-desc item.  Merge into one function since 'force_exact' is no longer
needed. (key_byname): Use new classify_user_id function, and new exact
flag in KEYDB_SEARCH_DESC.

* keyring.h, keyring.c (keyring_search): Return an optional index to show
which KEYDB_SEARCH_DESC was the matching one.

* keydb.h, keydb.c (keydb_search): Rename to keydb_search2, and pass the
optional index to keyring_search.  Add a macro version of keydb_search
that calls this new function.

* export.c (do_export_stream): If the keyid! syntax is used, export only
that specified key.  If the key in question is a subkey, export the
primary plus that subkey only.
2003-02-12 18:43:44 +00:00
David Shaw
48ac1127ae * exec.c (set_exec_path): Add debugging line.
* g10.c (print_hex, print_mds): Print long hash strings a lot neater.
This assumes at least an 80-character display, as there are a few other
similar assumptions here and there.  Users who need unformatted hashes can
still use with-colons.  Check that SHA384 and 512 are available before
using them as they are no longer always available.
2003-02-12 05:18:26 +00:00
David Shaw
257956b490 * Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ as
GNUPG_LIBEXECDIR so it can be easily overridden at make time.
2003-02-12 05:10:30 +00:00
David Shaw
f523e53d4e * armor.c (parse_hash_header, armor_filter): Accept the new SHAs in the
armor Hash: header.

* g10.c (print_hex): Print long hash strings a little neater. (print_mds):
Add the new SHAs to the hash list.
2003-02-04 19:33:09 +00:00
David Shaw
6291f18371 * keyedit.c (menu_revuid): Properly handle a nonselfsigned uid on a v4 key
(treat as a v4 revocation).

* import.c (print_import_check): Do not re-utf8 convert user IDs.
2003-02-02 15:47:43 +00:00
David Shaw
2659e53b6e * mainproc.c (list_node): Show signature expiration date in with-colons
sig records.

* keylist.c (list_keyblock_colon), mainproc.c (list_node): Show trust sig
information in with-colons sig records.
2003-01-27 21:49:37 +00:00
David Shaw
8220f3fd4d * g10.c (add_group): Trim whitespace after a group name so it does not
matter where the user puts the = sign.

* options.skel: Comment out the first three lines in case someone manually
copies the skel file to their homedir.

* sign.c (clearsign_file): Only use pgp2mode with v3 keys and MD5. This
matches what we do when decoding such messages and prevents creating a
message (v3+RIPEMD/160) that we can't verify.

* sig-check.c (signature_check2): Use G10ERR_GENERAL as the error for
signature digest conflict.  BAD_SIGN implies that a signature was checked
and we may try and print out a user ID for a key that doesn't exist.
2003-01-16 19:20:10 +00:00
David Shaw
b7ea66ef37 * trustdb.c (init_trustdb, get_validity): Don't use a changed trust model
to indicate a dirty trustdb, and never auto-rebuild a dirty trustdb with
the "always" trust model.

* g10.c (add_group): Last commit missed the \t ;)
2003-01-15 17:07:54 +00:00
David Shaw
773513c70b * packet.h, parse-packet.c (setup_user_id), free-packet.c (free_user_id),
keydb.h, keyid.c (namehash_from_uid): New function to rmd160-hash the
contents of a user ID packet and cache it in the uid object.

* keylist.c (list_keyblock_colon): Use namehash in field 8 of uids.  Show
dates for creation (selfsig date), and expiration in fields 6 and 7.

* trustdb.c (get_validity, get_validity_counts, update_validity): Use new
namehash function rather than hashing it locally.
2003-01-14 18:13:22 +00:00
Werner Koch
2a9bd94734 * g10.c (add_group): Fixed group parsing to allow more than one
delimiter in a row and also allow tab as delimiter.
2003-01-14 09:35:31 +00:00
David Shaw
33d6f711cc * tdbio.c (tdbio_set_dbname): Fix assertion failure with
non-fully-qualified trustdb names.
2003-01-12 15:46:17 +00:00
David Shaw
7a5c4d215c * trustdb.c (get_validity_info, get_ownertrust_info, trust_letter):
Simplify by returning a ? for error directly.

* keyedit.c (show_key_with_all_names): Use get_validity_string and
get_ownertrust_string to show full word versions of trust (i.e. "full"
instead of 'f').

* trustdb.h, trustdb.c (get_ownertrust_string, get_validity_string): Same
as get_ownertrust_info, and get_validity_info, except returns a full
string.

* trustdb.c (get_ownertrust_with_min): New.  Same as 'get_ownertrust' but
takes the min_ownertrust value into account.
2003-01-11 21:13:41 +00:00
David Shaw
8b3b70499a * armor.c (armor_filter): Comment about PGP's end of line tab problem.
* trustdb.h, trustdb.c (trust_letter): Make static. (get_ownertrust_info,
get_validity_info): Don't mask the trust level twice.

* trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
keylist.c (list_keyblock_colon), keyedit.c (show_key_with_all_names_colon,
menu_revuid): Pass a user ID in rather than a namehash, so we only have to
do the hashing in one place.

* packet.h, pkclist.c (build_pk_list), free-packet.c
(release_public_key_parts): Remove unused namehash element for public
keys.
2003-01-11 03:57:00 +00:00
David Shaw
254225ac37 * keygen.c (keygen_set_std_prefs): Warn when setting an IDEA preference
when IDEA is not available.
2003-01-07 15:30:02 +00:00
David Shaw
7b278538c7 * trustdb.c (get_validity_info): 'd' for disabled is not a validity value
any more.
2003-01-07 00:06:02 +00:00
David Shaw
af6e3ef045 * packet.h, tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record),
trustdb.c (update_validity): Store temporary full & marginal counts in the
trustdb. (clear_validity, get_validity_counts): Return and clear temp
counts. (store_validation_status): Keep track of which keyids have been
stored. (validate_one_keyblock, validate_key_list): Use per-uid copies of
the full & marginal counts so they can be recalled for multiple levels.
(validate_keys): Only use unused keys for each new round.
(reset_unconnected_keys): Rename to reset_trust_records, and only skip
specifically excluded records.
2003-01-06 22:56:08 +00:00
David Shaw
c974390d37 * keylist.c (print_capabilities): Show 'D' for disabled keys in
capabilities section.

* trustdb.c (is_disabled): Remove incorrect comment.
2003-01-06 21:01:44 +00:00
David Shaw
e247a0b3e0 * import.c (import_one): Only do the work to create the status display for
interactive import if status is enabled.

* keyring.c (keyring_search): skipfnc didn't work properly with non-keyid
searches.  Noted by Stefan Bellon.

* getkey.c (merge_selfsigs_main): Remove some unused code and make sure
that the pk selfsigversion member accounts for 1F direct sigs.
2003-01-03 21:41:53 +00:00
Werner Koch
842e690f54 * keydb.c (keydb_add_resource): Don't assume that try_make_homedir
terminates but check again for the existence of the directory and
continue then.
* openfile.c (copy_options_file): Print a warning if the skeleton
file has active options.
2003-01-02 18:28:29 +00:00
David Shaw
0bb73ee428 * getkey.c (merge_selfsigs_main), main.h, sig-check.c
(check_key_signature2): Pass the ultimately trusted pk directly to
check_key_signature2 to avoid going through the key selection mechanism.
This prevents a deadly embrace when two keys without selfsigs each sign
the other.
2002-12-29 15:58:44 +00:00
David Shaw
55eda4b4f8 * keyserver.c (keyserver_refresh): Don't print the "refreshing..." line if
there are no keys to refresh or if there is no keyserver set.

* getkey.c (merge_selfsigs_main): Any valid user ID should make a key
valid, not just the last one.  This also fixes Debian bug #174276.
2002-12-27 23:46:51 +00:00
Stefan Bellon
54a7e71a36 fixed type problem 2002-12-27 22:17:25 +00:00
David Shaw
eff3b562ae * keyedit.c (keyedit_menu, menu_revuid): Add "revuid" feature to revoke a
user ID.  This is the same as issuing a revocation for the self-signature,
but a much simpler interface to do it.
2002-12-27 13:41:17 +00:00
David Shaw
f3f1015f6a * keydb.h, getkey.c (key_byname): Flag to enable or disable including
disabled keys.  Keys specified via keyid (i.e. 0x...) are always included.

* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.

* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt.  Do include disabled keys for the default key and
--encrypt-to.

* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.

* gpgv.c (is_disabled): Stub.

* keygen.c (keygen_add_key_expire): Properly handle updating a key
expiration to a no-expiration value.

* keyedit.c (enable_disable_key): Comment.

* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.
2002-12-26 22:22:50 +00:00
Timo Schulz
15a2a3cd1f 2002-12-22 Timo Schulz <ts@winpt.org>
* import.c (print_import_check): New.
        (import_one): Use it here.
        Use merge_keys_and_selfsig in the interactive mode to avoid
        wrong key information.
        * status.h: Add new status code.
        * status.c: Ditto.
2002-12-22 20:53:20 +00:00
David Shaw
6a4bd944a8 * pkclist.c (do_we_trust): Tweak language to refer to the "named
user" rather than "owner".  Noted by Stefan Bellon.

* trustdb.h, trustdb.c (trustdb_pending_check): New function to
check if the trustdb needs a check.

* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.

* options.skel: Include the required '=' sign in the sample
'group' option.  Noted by Stefan Bellon.

* import.c (chk_self_sigs): Don't try and check a subkey as if it
was a signature.
2002-12-13 21:10:53 +00:00
David Shaw
eb9607707e * tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
RECTYPE_TRUST records a bit.

* g10.c (main): Comment out --list-trust-path until it can be implemented.

* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich
cache.

* keygen.c (ask_algo): Make the Elgamal sign+encrypt warning stronger, and
remove the RSA sign+encrypt warning.
2002-12-11 17:50:38 +00:00
Stefan Bellon
ea86ca6565 fixed typo 2002-12-06 00:38:43 +00:00
Werner Koch
036fbb22a7 * g10.c: New options --[no-]mangle-dos-filenames.
* options.h (opt): Added mangle-dos-filenames.
* openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
filename only when this option is set; this is the default.
2002-12-05 15:25:16 +00:00
David Shaw
1aec20776c * main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) change.
Minimal isn't always best.

* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time.  Make sure that this doesn't
cause a time warp.

* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).

* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.

* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).

* packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.
2002-12-04 18:50:10 +00:00
David Shaw
60fce379da * trustdb.c (validate_keys): Show trust parameters when building trustdb,
and make sure that the version record update was successful.
(init_trustdb): If the current parameters aren't what was used for
building the trustdb, the trustdb is invalid.

* tbio.c (tdbio_db_matches_options): Update to work with new trustdbs.
2002-12-04 06:06:56 +00:00
David Shaw
3b7ca1faa5 * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store trust
model in the trustdb version record. (tdbio_update_version_record): New
function to update version record values during a trustdb check or update.
(tdbio_dump_record): Show trust model in dump.

* trustdb.c (validate_keys): Call tdbio_update_version_record on success
so that the correct options are stored in the trustdb.

* options.h: rearrange trust models so that CLASSIC is 0 and OPENPGP is 1.
2002-12-04 00:05:11 +00:00
David Shaw
e357092285 * options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode.  This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.

* getkey.c (finish_lookup): Comment.

* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder
user ID display in the --edit-key menu to match that of the --list-keys
display.

* g10.c (add_notation_data): Fix initialization.
2002-12-03 23:31:48 +00:00
David Shaw
db9195c10b * keyedit.c (menu_expire): Don't lose key flags when changing the
expiration date of a subkey.  This is not the most optimal solution, but
it is minimal change on the stable branch.

* main.h, keygen.c (do_copy_key_flags): New function to copy key flags, if
any, from one sig to another. (do_add_key_expire): New function to add key
expiration to a sig. (keygen_copy_flags_add_expire): New version of
keygen_add_key_expire that also copies key flags.
(keygen_add_key_flags_and_expire): Use do_add_key_expire.

* import.c (fix_hkp_corruption): Comment.
2002-12-01 20:59:04 +00:00
Stefan Bellon
1289ab78e1 no RISC OS filetype needed for nooutput 2002-11-25 13:30:34 +00:00
David Shaw
0819797911 * main.h, misc.c (default_cipher_algo, default_compress_algo): New.
Return the default algorithm by trying --cipher-algo/--compress-algo, then
the first item in the pref list, then s2k-cipher-algo or ZIP.

* sign.c (sign_file, sign_symencrypt_file), encode.c (encode_simple,
encode_crypt): Call default_cipher_algo and default_compress_algo to get
algorithms.

* g10.c (main): Allow pref selection for compress algo with --openpgp.
2002-11-25 04:24:41 +00:00
David Shaw
bd23076c5e * mainproc.c (proc_encrypted): Use --s2k-digest-algo for passphrase
mangling rather than --digest-algo.
2002-11-25 04:11:02 +00:00
David Shaw
8b9e9d33c1 * sign.c (hash_for): If --digest-algo is not set, but
--personal-digest-preferences is, then use the first hash algorithm in the
personal list.  If the signing algorithm is DSA, then use the first
160-bit hash algorithm in the personal list. If --pgp2 is set and it's a
v3 RSA key, use MD5.
2002-11-25 04:06:04 +00:00
David Shaw
ce4ddd144c * g10.c (main), keydb.c (keydb_add_resource, keydb_locate_writable):
Rename --default-keyring as --primary-keyring.  Stefan wins the naming
contest.
2002-11-25 03:18:48 +00:00
David Shaw
a5b9770a8b * g10.c (add_notation_data): Disallow notation names that do not contain a
'@', unless --expert is set.  This is to help prevent people from
polluting the (as yet unused) IETF namespace.

* main.h: Comments about default algorithms.

* photoid.c (image_type_to_string): Comments about 3-letter file
extensions.
2002-11-24 01:49:32 +00:00
David Shaw
0cd879cd9c * encode.c (encode_simple), passphrase.c (passphrase_to_dek), sign.c
(sign_symencrypt_file): Use --s2k-digest-algo for passphrase mangling
rather than --digest-algo.
2002-11-24 00:50:14 +00:00
David Shaw
1c6bcef3ce * keygen.c (keygen_set_std_prefs): Properly handle an empty preference
string.

* misc.c (string_to_compress_algo): "none" is a bad choice since it
conflicts with the "none" in setpref.
2002-11-21 16:25:05 +00:00
David Shaw
cf163db505 * g10.c (main): Allow compression algorithm names as the argument to
--compress-algo.  The old algorithm names still work for backwards
compatibility.

* misc.c (string_to_compress_algo): Allow "none" as an alias for
"uncompressed".
2002-11-15 04:07:24 +00:00
Stefan Bellon
0907db4855 fixed type incompatibility 2002-11-13 21:49:57 +00:00
David Shaw
fbffa8209b * encode.c (encode_simple): Make sure that files larger than about 4G use
partial length encoding.  This is required because OpenPGP allows only for
32 bit length fields.  From Werner on stable branch.

* getkey.c (get_pubkey_direct): Renamed to... (get_pubkey_fast): this and
made extern. (get_pubkey_byfprint_fast): New.  From Werner on stable
branch.

* keydb.h, import.c (import_one): Use get_pubkey_fast instead of
get_pubkey.  We don't need a merged key and actually this might lead to
recursions. (revocation_present): Likewise for search by fingerprint.
From Werner on stable branch.

* g10.c (main): Try to create the trustdb even for non-colon-mode list-key
operations.  This is required because getkey needs to know whether a a key
is ultimately trusted.  From Werner on stable branch.
2002-11-13 17:43:27 +00:00
David Shaw
7c3eee80ba * exec.c [__CYGWIN32__]: Keep cygwin separate from Mingw32; we don't need
it here as it behaves more like a Posix system. From Werner on stable
branch.

* passphrase.c (agent_get_passphrase): Ditto.  From Werner on stable
branch.

* tdbio.c (MY_O_BINARY): Need binary mode with Cygwin.  From Werner on
stable branch.

* g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from the
registry.  From Werner on stable branch.
2002-11-13 17:19:22 +00:00
David Shaw
365011c8f1 * keyedit.c (show_key_with_all_names_colon): Make --with-colons --edit
display match the validity and trust of --with-colons --list-keys.

* passphrase.c (agent_send_all_options): Fix compile warning.

* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.

* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid.  This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
2002-11-13 13:23:03 +00:00
Werner Koch
d219b061ac * passphrase.c (agent_send_all_options): Use tty_get_ttyname to
get the default ttyname.
2002-11-09 17:48:41 +00:00
David Shaw
7911a5ed86 * keyring.h, keyring.c (keyring_register_filename): Return the pointer if
a given keyring is registered twice.

* keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a default
keyring. (keydb_locate_writable): Prefer the default keyring if possible.

* g10.c (main): Add --default-keyring option.
2002-11-08 03:31:21 +00:00
David Shaw
bf4a893586 * options.h, g10.c (main), trustdb.c (ask_ownertrust): Add
--force-ownertrust option for debugging purposes.  This allows setting a
whole keyring to a given trust during an --update-trustdb.  Not for normal
use - it's just easier than hitting "4" all the time to test a large
trustdb.
2002-11-07 04:37:27 +00:00
David Shaw
3cb4118b6c * pubkey-enc.c (get_session_key): With hidden recipients or try a given
passphrase against all secret keys rather than trying all secret keys in
turn.  Don't if --try-all-secrets or --status-fd is enabled.

* passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase
query, but don't prompt with the key info.

* seckey-cert.c (do_check, check_secret_key): A negative ask count means
to enable passphrase mode 1.

* keydb.h, getkey.c (enum_secret_keys): Add flag to include
secret-parts-missing keys (or not) in the list.
2002-11-06 16:58:28 +00:00
David Shaw
6920513cb4 * keyserver.c (keyserver_search_prompt): When --with-colons is enabled,
don't try and fit the search output to the screen size - just dump the
whole list.
2002-11-05 16:11:04 +00:00
David Shaw
47b4b7f5c3 * keyserver.c (keyserver_search_prompt): When --with-colons is enabled,
just dump the raw keyserver protocol to stdout and don't print the menu.
2002-11-05 04:28:40 +00:00
David Shaw
731ab598ad * trustdb.c (trust_model_string, check_trustdb, update_trustdb,
validate_one_keyblock): It's not clear what a trustdb rebuild or check
means with a trust model other than "classic" or "openpgp", so disallow
this.
2002-11-04 17:30:38 +00:00
David Shaw
91a8e4a6fb * options.h, g10.c (main): Add --trust-model option. Current models are
"openpgp" which is classic+trustsigs, "classic" which is classic only, and
"always" which is the same as the current option --always-trust (which
still works).  Default is "openpgp".

* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to enable
trust sigs.

* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c (do_we_trust,
do_we_trust_pre, check_signatures_trust): Use new --trust-model option in
place of --always-trust.
2002-11-03 20:18:56 +00:00
David Shaw
ae1d1288ee * keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids, keyedit_menu):
Prompt for and create a trust signature with "tsign".  This is functional,
but needs better UI text.

* build-packet.c (build_sig_subpkt): Able to build trust and regexp
subpackets.

* pkclist.c (do_edit_ownertrust): Comment.
2002-11-03 12:46:52 +00:00
David Shaw
39e659312e * keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the full
algorithm name (CAST5, SHA1) rather than the short form (S3, H2).

* main.h, keygen.c (keygen_get_std_prefs), keyedit.c (keyedit_menu):
Return and use a fake uid packet rather than a string since we already
have a nice parser/printer in keyedit.c:show_prefs.

* main.h, misc.c (string_to_compress_algo): New.
2002-11-03 00:00:42 +00:00
David Shaw
bdf0e306df * g10.c (main): Add --no-throw-keyid.
* keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main), pkclist.c
(build_pk_list): Add --hidden-recipient (-R) and --hidden-encrypt-to,
which do a single-user variation on --throw-keyid.  The "hide this key"
flag is carried in bit 0 of the pk_list flags field.

* keyserver.c (parse_keyrec): Fix shadowing warning.
2002-11-01 16:15:45 +00:00
Stefan Bellon
7dac918b6d added RISC OS module loading support 2002-10-31 16:58:47 +00:00
David Shaw
20c99d180a * build-packet.c (do_plaintext), encode.c (encode_sesskey, encode_simple,
encode_crypt), sign.c (write_plaintext_packet): Use wipememory() instead
of memset() to wipe sensitive memory as the memset() might be optimized
away.
2002-10-31 15:40:42 +00:00
David Shaw
179b8570c8 * trustdb.c (check_regexp): Modern regexps require REG_EXTENDED. 2002-10-30 23:40:05 +00:00
David Shaw
09158d1e99 * packet.h, trustdb.h, trustdb.c (trust_string): New. Return a string
like "fully trusted", "marginally trusted", etc. (get_min_ownertrust):
New.  Return minimum ownertrust. (update_min_ownertrust): New.  Set
minimum ownertrust. (check_regexp): New.  Check a regular epression
against a user ID. (ask_ownertrust): Allow specifying a minimum value.
(get_ownertrust_info): Follow the minimum ownertrust when returning a
letter. (clear_validity): Remove minimum ownertrust when a key becomes
invalid. (release_key_items): Release regexp along with the rest of the
info. (validate_one_keyblock, validate_keys): Build a trust sig chain
while validating.  Call check_regexp for regexps.  Use the minimum
ownertrust if the user does not specify a genuine ownertrust.

* pkclist.c (do_edit_ownertrust): Only allow user to select a trust level
greater than the minimum value.

* parse-packet.c (can_handle_critical): Can handle critical trust and
regexp subpackets.

* trustdb.h, trustdb.c (clear_ownertrusts), delkey.c (do_delete_key),
import.c (import_one): Rename clear_ownertrust to clear_ownertrusts and
have it clear the min_ownertrust value as well.

* keylist.c (list_keyblock_print): Indent uid to match pub and sig.
2002-10-30 03:11:57 +00:00
David Shaw
809b8b031a * keyedit.c (print_and_check_one_sig, show_key_and_fingerprint,
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.

* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.

* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).
2002-10-29 18:00:07 +00:00
Stefan Bellon
e4021a4c95 tidied RISC OS filetype support 2002-10-29 14:37:12 +00:00
Stefan Bellon
557f65836d filetype support for RISC OS 2002-10-28 13:26:44 +00:00
David Shaw
64291d81be * main.h, import.c (sec_to_pub_keyblock, import_secret_one,
parse_import_options), g10.c (main): New import-option "convert-sk-to-pk"
to convert a secret key into a public key during import.  It is on by
default.
2002-10-23 15:59:45 +00:00
Werner Koch
7e5f9547c5 * pubkey-enc.c (get_it): Fix segv, test for revoked only when PK
has been assigned.
2002-10-23 07:11:01 +00:00
Timo Schulz
aa853f1eb5 2002-10-18 Timo Schulz <ts@winpt.org>
* keylist.c: (print_pubkey_info): New.
        (print_seckey_info): New.
        * main.h: Prototypes for the new functions.
        * delkey.c (do_delete_key): Use it here.
        * revoke.c (gen_desig_revoke): Ditto.
2002-10-18 15:41:33 +00:00
Werner Koch
be9b626c1d * pkclist.c (do_edit_ownertrust): Show all user IDs. This should
be enhanced to also show the current trust level.  Suggested by
Florian Weimer.
2002-10-17 13:48:43 +00:00
David Shaw
e613304ae7 * g10.c (main): Handle --strict and --no-strict from the command line
before the options file is loaded.
2002-10-17 11:50:46 +00:00
David Shaw
73ccfeb606 * g10.c (main): Disable --textmode when encrypting (symmetric or pk) in
--pgp2 mode as PGP 2 can't handle the unknown length literal packet.
Reported by Michael Richardson.
2002-10-15 17:01:04 +00:00
David Shaw
da1c9e820c * keyserver-internal.h, keyserver.c (print_keyrec, parse_keyrec,
show_prompt, keyserver_search_prompt, keyserver_spawn): Go to version 1 of
the keyserver protocol.  This is a better design, similar to
--with-colons, that allows for keys with multiple user IDs rather than
using multiple keys.  It also matches the machine readable pksd format.
Also use a prettier --search-keys listing format that can fill different
size windows (currently set at 24 lines).
2002-10-14 18:50:28 +00:00
Werner Koch
e5f14f15da * keygen.c (print_status_key_created): New.
(do_generate_keypair): Use it to print the fingerprint.
(generate_subkeypair): Likewise.
2002-10-12 11:47:40 +00:00
David Shaw
9fafaa7ef7 * keyedit.c (menu_addrevoker): Properly back out if the signature fails.
Also, do not allow appointing the same revoker twice, and report
ALREADY_SIGNED if the user tries it.
2002-10-11 21:07:03 +00:00
David Shaw
9e86063293 And changelog :) 2002-10-07 22:19:27 +00:00
David Shaw
e4f5b9b4c2 * import.c (import_keys_internal): Missed one s/inp/inp2/.
* keylist.c (print_capabilities): Properly indicate per-key capabilities
of sign&encrypt primary keys that have secret-parts-missing (i.e. no
capabilities at all)

* mainproc.c (symkey_decrypt_sesskey): Fix compiler warning.
2002-10-07 22:19:11 +00:00
David Shaw
1fed5c87f0 * getkey.c (get_pubkey_direct): Don't cache keys retrieved via this
function as they may not have all their fields filled in.

* sig-check.c (signature_check2): Use new is_primary flag to check rather
than comparing main_keyid with keyid as this still works in the case of a
not fully filled in pk.
2002-10-04 22:12:09 +00:00
Werner Koch
d68fe4f73d * import.c (import_keys_internal): s/inp/inp2/ to avoid shadowing
warning.

* passphrase.c (agent_get_passphrase): Fixed signed/unsigned char
problem in %-escaping.  Noted by Ingo Kl�cker.
2002-10-04 05:43:54 +00:00
David Shaw
8c48fbd0e2 * options.h, g10.c (main): Add --strict and --no-strict to switch the
log_warning severity level from info to error.
2002-10-03 22:13:04 +00:00
David Shaw
fcefffcb00 * keylist.c (print_capabilities): Secret-parts-missing keys should show
that fact in the capabilities, and only primary signing keys can certify
other keys.

* packet.h, parse_packet.c (parse_key): Add is_primary flag for public
keys (it already exists for secret keys).
2002-10-03 19:20:37 +00:00
David Shaw
58972f24c4 * import.c (import_secret_one): Check for an illegal (>110) protection
cipher when importing a secret key.

* keylist.c (list_keyblock_print): Show a '#' for a secret-parts-missing
key.

* parse_packet.c (parse_key): Some comments.

* revoke.c (gen_revoke): Remove some debugging code.

* trustdb.c (verify_own_keys): Make trusted-key a non-deprecated option
again.

* seckey-cert.c (do_check): Don't give the IDEA warning unless the cipher
in question is in fact IDEA.
2002-10-02 22:01:29 +00:00
David Shaw
05691b1dce * import.c (import_one): Make sure that a newly imported key starts with a
clean ownertrust.
2002-10-01 17:32:06 +00:00
Werner Koch
e85fd72317 * getkey.c (get_pubkey_direct): New.
(merge_selfsigs_main): Use it here to look for an ultimately
trusted key.  Using the full get_pubkey might lead to an
infinitive recursion.
2002-10-01 08:38:24 +00:00
David Shaw
383ff96bea * keyserver.c (parse_keyserver_uri): Force the keyserver URI scheme to
lowercase to be case-insensitive.
2002-09-30 03:28:41 +00:00
David Shaw
9380f80b14 2002-09-28 David Shaw <dshaw@jabberwocky.com>
* export.c (do_export_stream): Comment.

	* sig-check.c (check_key_signature2): Properly handle a
	non-designated revocation import.

2002-09-26  Werner Koch  <wk@gnupg.org>

	* g10.c (set_homedir): New. Changed all direct assignments to use
	this.
	* gpgv.c (set_homedir): Ditto.
2002-09-28 17:49:38 +00:00
David Shaw
48d55024e2 * Makefile.am: Link gpg with EGDLIBS (i.e. NETLIBS) as EGD uses sockets.
Remove the old NETLIBS variable since the keyserver stuff is no longer
internal.
2002-09-25 11:30:51 +00:00
David Shaw
7ad7f453c0 * import.c (import_keys_stream): Fix compiler type warning.
* keyring.c (keyring_rebuild_cache), sig-check.c (check_key_signature2),
import.c (import, chk_self_sigs): Minor language cleanups.
2002-09-24 21:20:48 +00:00
Stefan Bellon
bbf5ea78c2 added fast-import to import-options 2002-09-23 13:03:52 +00:00
Stefan Bellon
77ffe357a9 avoid function clone 2002-09-22 09:20:08 +00:00
Stefan Bellon
78c754cd70 added trustdb update/check for stream import as well 2002-09-21 23:59:59 +00:00
Stefan Bellon
b9c091bd86 trustdb checks/updates after import 2002-09-21 21:57:22 +00:00
Werner Koch
c9f2aaca05 comment type fix 2002-09-20 07:37:44 +00:00
David Shaw
c4c0b1dc5b From stable branch
* keyserver.c (keyserver_spawn): Properly handle line truncation. Don't
leak memory (~10-20 bytes) on searches.
(keyserver_search_prompt): Cleanup.

* keylist.c (list_keyblock_colon): Show 1F direct key signatures in
--with-colons listing.
2002-09-19 17:13:03 +00:00
David Shaw
299e2bf336 From stable branch
* keyedit.c (menu_addrevoker): The direct key signature for revocation
keys must be at least v4 to carry the revocation key subpacket.  Add a PGP
2.x warning for revocation keys.

* g10.c (check_permissions): Rearrange strings to make translating easier
(don't incorporate string parts).

* keyedit.c (sign_uids): Make strings translatable.

* sig-check.c (check_key_signature2): Make string translatable.
2002-09-17 03:21:13 +00:00
David Shaw
baffecaca2 Import from stable branch.
2002-09-13  David Shaw  <dshaw@jabberwocky.com>

	* getkey.c (check_revocation_keys): Move....
	* main.h, sig-check.c (check_revocation_keys): to here.  Also
	return the signature_check error code rather than 0/1 and cache
	the sig result.

	* sig-check.c (check_key_signature2): Divert to
	check_revocation_keys if a revocation sig is made by someone other
	than the pk owner.

	* getkey.c (merge_selfsigs_main): Tidy.

2002-09-13  Werner Koch  <wk@gnupg.org>

	* g10.c (main) [__MINGW32__]: Activate oLoadExtension.
2002-09-13 12:59:31 +00:00
David Shaw
b45a2d03a6 * Makefile.am, hkp.c, hkp.h, keyserver.c (keyserver_work): Remove internal
HKP support.
2002-09-12 12:45:58 +00:00
David Shaw
72cd3ef859 * keyserver.c (keyserver_spawn): Remove whitespace after keyserver
commands.
2002-09-12 12:10:04 +00:00
Werner Koch
c5445cc323 * g10.c, options.h: Removed option --emulate-checksum-bug.
* misc.c (checksum_u16_nobug): Removed.
(checksum_u16): Removed the bug emulation.
(checksum_mpi): Ditto.
(checksum_mpi_counted_nbits): Removed and replaced all calls
with checksum_mpi.
* parse-packet.c (read_protected_v3_mpi): New.
(parse_key): Use it here to store it as an opaque MPI.
* seckey-cert.c (do_check): Changed the v3 unprotection to the new
why to store these keys.
(protect_secret_key): Likewise.
* build-packet.c (do_secret_key): And changed the writing.
2002-09-11 07:27:54 +00:00
David Shaw
c30d7e8dc7 * exec.c (expand_args): Remove loop left over from earlier implementation.
(exec_write): Missed one tick.
2002-09-10 18:03:40 +00:00
Werner Koch
b324a5d2d1 Cleanups and minor fixes. 2002-09-10 08:40:12 +00:00
David Shaw
d8eda8dbd1 * g10.c (add_group): Use '=' to separate group name from group members.
Use a better error message for when no = is found.

* hkp.c (hkp_export): Use CRLF in headers.
2002-09-09 19:21:58 +00:00
David Shaw
8dccf882f7 * mainproc.c (print_pkenc_list): Don't increment the error counter when
printing the list of keys a message was encrypted to.  This would make gpg
give a non-zero exit code even for completely valid messages if the
message was encrypted to more than one key that the user owned.
2002-09-04 02:48:47 +00:00
Werner Koch
5819b1ee45 * g10.c (main): Try to set a default character set. Print the
used one in verbosity level 3.
* gpgv.c (main): Try to set a default character set.

* status.c, status.h (STATUS_IMPORT_OK): New.
* import.c (import_one,import_secret_one): Print new status.
2002-09-02 10:59:04 +00:00
David Shaw
46a58a0527 * pkclist.c (build_pk_list): Add new status code to indicate an untrusted
user.  This (or a disabled key) fail with "unavailable pubkey"
(G10ERR_UNU_PUBKEY).
2002-08-30 19:21:55 +00:00
David Shaw
c721e11bf5 * pkclist.c (build_pk_list): Fail if any recipient keys are unusable.
* options.skel: The PGP LDAP keyserver is back.  Use MIT keyserver as a
sample rather than cryptnet as cryptnet does not support searching yet.

* keyedit.c (show_key_with_all_names): Fix error message (preferences are
userid/selfsig and not key specific).
2002-08-30 18:01:32 +00:00
Werner Koch
5dfd5a6dac * pkclist.c (do_we_trust_pre): Changed the wording of a warning.
* encode.c (encode_simple,encode_crypt): Use new style CTB for
compressssed packets when using MDC.  We need to do this so that
concatenated messages are properly decrypted.  Old style
compression assumes that it is the last packet; given that we
can't determine the length in advance, the uncompressor does not
know where to start.  Actually we should use the new CTB always
but this would break PGP 2 compatibility.
* parse-packet.c (parse): Special treatment for new style CTB
compressed packets.

* build-packet.c (do_mdc): Removed. Was not used.
(do_encrypted_mdc): Count the version number and the MDC packet.
2002-08-30 16:34:13 +00:00
David Shaw
a119391e26 * sig-check.c (do_check_messages, do_check): Show keyid in error messages.
* keyserver.c (print_keyinfo): More readable key listings for
--search-keys responses.
2002-08-28 19:34:58 +00:00
David Shaw
da488f03a7 * hkp.c (parse_hkp_index, dehtmlize): Move HTML functionality into new
"dehtmlize" function.  Remove HTML before trying to parse each line from
the keyserver.  If the keyserver provides key type information in the
listing, use it.
2002-08-26 19:07:59 +00:00
David Shaw
7e3e9bf357 * sig-check.c (do_check, do_check_messages): Emit the usual sig warnings
even for cached sigs.  This also serves to protect against missing a sig
expiring while cached.

* getkey.c (merge_selfsigs_main): Don't check UID self-sigs twice.
2002-08-23 20:59:48 +00:00
David Shaw
8609693d79 * import.c (clean_subkeys, chk_self_sigs): Merge clean_subkeys into
chk_self_sigs.  This improves efficiency as the same signatures are not
checked multiple times.  Clarify when a subkey is revoked (any revocation
signature, even if it is dated before the binding signature).

* getkey.c (merge_selfsigs_subkey): Subkey revocation comments.

* keylist.c (list_one): Stats are only for public key listings.

* g10.c (main), options.skel: Default should be include-revoked for
keyserver operations.
2002-08-22 17:47:42 +00:00
Werner Koch
c7dfa3a8d2 * import.c (import_print_stats): Print new non_imported counter
which is currently not used becuase we terminate on errors.
2002-08-21 14:59:05 +00:00
David Shaw
1cc0480be4 * options.skel: Document no-include-attributes for keyserver-options. 2002-08-20 17:16:33 +00:00
David Shaw
fa88fe9aaf * keylist.c, keyedit.c, keyserver.c, sign.c: Some TODOs and comments.
* export.c (do_export_stream): Fix noop bug in exporting sensitive
revocation keys.

* pkclist.c (do_edit_ownertrust): Comment out the option for showing trust
paths until it can be implemented.
2002-08-20 12:45:57 +00:00
Werner Koch
89f8e7ef36 * getkey.c (get_user_id_native): Renamed to ..
(get_user_id_printable): this.  Filter out all dangerous
characters.  Checked all usages.
(get_user_id_string_native): Renamed to..
(get_user_id_string_printable): this.  Filter out all dangerous
characters.  Checked all usages.
* keyedit.c (show_basic_key_info): New.
* keylist.c (print_fingerprint): New mode 3.
* import.c (import_one): Use new function to display the user ID.
2002-08-19 08:28:00 +00:00
Timo Schulz
5201d1ec9d 2002-08-16 Timo Schulz <ts@winpt.org>
* g10.c (main): enable opt.interactive.

        * import.c (import_one): Ask the user if the key shall be
        imported when the interactive mode is used. Useful to extract
        selected keys from a file.
2002-08-18 17:24:21 +00:00
Werner Koch
e78e69f37a Removed a leftover conflict indicator. 2002-08-16 07:14:29 +00:00
Werner Koch
0996f7d4df * seckey-cert.c: Workaround to allow decryption of v3 keys created
with a bug in the mpi_get_secure_buffer.
2002-08-16 07:13:13 +00:00
David Shaw
9ad0a6550b * hkp.c (parse_hkp_index): Properly handle really large keys (5 digit key
length) in HKP searches.
2002-08-14 22:48:28 +00:00
David Shaw
1111da19a8 * encode.c (encode_simple): Fix problem with using compression algo 2 and
symmetric compressed files.

* encode.c (encode_simple, encode_crypt): If we are not using a MDC,
compress even if a file is already compressed.  This is to help against
the chosen ciphertext attack.

* pkclist.c (select_algo_from_prefs): Fix requested algorithm bug so the
request succeeds even if the requested algorithm is not the first found.

* cipher.c (write_header), encode.c (use_mdc, encode_simple, encode_crypt,
encrypt_filter), g10.c (main): Be more eager to use a MDC.  We use a MDC
if the keys directly support it, if the keys list AES (any) or TWOFISH
anywhere in the prefs, or if the cipher chosen does not have a 64 bit
blocksize.
2002-08-13 19:00:23 +00:00
David Shaw
74a84ca93b * options.skel: Some language tweaks, and remove the load-extension
section for random gatherers.

* keyring.c (create_tmp_file, rename_tmp_file): Create tmp files with
user-only permissions, but restore the original permissions if the user
has something special set.

* openfile.c (copy_options_file): Create new options file (gpg.conf) with
user-only permissions.

* keydb.c (keydb_add_resource): Create new keyrings with user-only
permissions.
2002-08-09 02:23:42 +00:00
David Shaw
c3f1100411 * tdbio.c (tdbio_set_dbname): Create new trustdbs with user-only
permissions.
2002-08-08 19:09:34 +00:00
David Shaw
e703540328 * sig-check.c (signature_check2): Sanity check that the md has a context
for the hash that the sig is expecting.  This can happen if a onepass sig
header does not match the actual sig, and also if the clearsign "Hash:"
header is missing or does not match the actual sig.
2002-08-07 19:53:27 +00:00
David Shaw
fee7e35bae * keyedit.c (menu_revsig): Properly show a uid is revoked without
restarting gpg.  This is Debian bug 124219, though their supplied patch
will not do the right thing.

* main.h, tdbio.c (tdbio_set_dbname), misc.c (removed check_permissions),
keydb.c (keydb_add_resource), g10.c (main, check_permissions): Significant
reworking of the permission check mechanism.  The new behavior is to check
everything in the homedir by checking the homedir itself.  If the user
wants to put (possibly shared) keyrings outside the homedir, they are not
checked.  The options file and any extension files are checked wherever
they are, as well as their enclosing directories.  This is Debian bug
147760.
2002-08-07 15:53:15 +00:00
Stefan Bellon
7dec3219c9 use of EXTSEP_S 2002-08-06 18:32:58 +00:00
David Shaw
63a71c1ff9 * options.h, g10.c (main), mainproc.c (proc_encrypted): --ignore-mdc-error
option to turn a MDC check error into a warning.
2002-08-06 17:57:53 +00:00
David Shaw
58b0a36d6b * encode.c (encode_crypt), g10.c (main), sign.c (sign_file,
clearsign_file): Use the same --pgpX warning string everywhere to ease
translations.

* encode.c (write_pubkey_enc_from_list): Warn when using --throw-keyid
with --pgpX.  Noted by Vedaal Nistar.
2002-08-06 17:38:04 +00:00
David Shaw
111f78b1ff * revoke.c (export_minimal_pk, gen_desig_revoke, gen_revoke): Export a
minimal pk along with the revocation cert when in --pgpX mode so that PGP
can import it.
2002-08-06 16:58:58 +00:00
Werner Koch
e028b7760b * options.skel: Changed comments.
* gpg.sgml: Fixed doc regarding the name change of the option
file.
2002-08-06 13:37:09 +00:00
Werner Koch
a1259acdcb * g10.c (main): Try to use "gpg.conf" as default option file.
* openfile.c (copy_options_file): Changed name of created file.
2002-08-06 13:29:27 +00:00
Werner Koch
85aa3e18c2 The big extension module removal. 2002-08-03 10:50:53 +00:00
Werner Koch
4493a9603b * delkey.c (do_delete_key): Always allow to delete a key in batch mode
when specified by fingerprint.  Suggested by Enzo Michelangeli.
2002-08-02 10:15:39 +00:00
David Shaw
928dba9e70 * options.h, g10.c (main), mainproc.c (proc_encrypted): Return a
decryption failed error if a MDC does not verify.  Warn if a MDC is not
present (can disable via --no-mdc-warning).

* exec.c (exec_write), g10.c (main), keyserver.c (keyserver_spawn): Use
new DISABLE_KEYSERVER_PATH rather than FIXED_EXEC_PATH.
2002-07-30 16:48:21 +00:00
David Shaw
33ef3cf981 * sig-check.c (do_check): Properly validate v4 sigs with no hashed section
at all.
2002-07-29 03:07:11 +00:00
David Shaw
bb99f6c828 * keyedit.c (menu_revsig): Change "revsig" to honor selected uids so the
user can revoke sigs from particular uids only.

* keylist.c (list_keyblock_print): Don't display expired uids in
--list-keys unless -v and not --list-sigs (just like revoked uids).
2002-07-25 22:59:25 +00:00
David Shaw
9ac6821b46 * exec.c, export.c, import.c, keyedit.c, keyserver.c, misc.c: "Warning" ->
"WARNING"
2002-07-25 18:08:09 +00:00
David Shaw
553ac3f08c * main.h, import.c (parse_import_options, fix_hkp_corruption, import_one,
delete_inv_parts), g10.c (main): New import-option
"repair-hkp-subkey-bug", which repairs as much as possible the HKP
mangling multiple subkeys bug.  It is on by default for keyserver
receives, and off by default for regular --import.

* main.h, import.c (import, import_one, delete_inv_parts), hkp.c
(hkp_ask_import), keyserver.c (keyserver_spawn): Use keyserver import
options when doing keyserver receives.
2002-07-24 21:17:19 +00:00
David Shaw
d0c643a6c5 * options.h, exec.h, exec.c (set_exec_path, exec_write), g10.c (main),
keyserver.c (keyserver_spawn): If the user does not use "exec-path",
completely replace $PATH with GNUPG_LIBEXECDIR before calling the
keyserver helper.  If the user does use "exec-path", append
GNUPG_LIBEXECDIR after the specified path.
2002-07-24 19:24:08 +00:00
Werner Koch
35bf53d4bb Forgot to commit this:
* photoid.c (get_default_photo_command): Also use __MINGW32__
instead of HAVE_DOSISH_SYSTEM.
2002-07-24 07:40:53 +00:00
David Shaw
72a3fd4868 * import.c (parse_import_options), export.c (parse_export_options): Fix
offset problem with reversed ("no-") meanings.
2002-07-24 03:37:55 +00:00
David Shaw
eb5c0265e1 * import.c (delete_inv_parts): Discard subkey signatures (0x18 and 0x28)
if found in the userid section of the key.
2002-07-24 03:29:02 +00:00
David Shaw
4623605645 * sig-check.c (signature_check2): Signatures made by invalid subkeys
(bad/missing binding sig) are also invalid.

* keylist.c (print_fingerprint): Show the primary as well as the secondary
key fingerprint in modes 1 & 2.
2002-07-23 18:42:18 +00:00
David Shaw
125613737c * options.h, main.h, g10.c (main), import.c (parse_import_options,
delete_inv_parts), keyserver.c (parse_keyserver_options): add new
--import-options option.  The only current flag is "allow-local-sigs".

* g10.c (main): Don't disable MDC in pgp7 mode.

* options.h, g10.c (main), keyserver.c (parse_keyserver_options): Remove
old keyserver-option include-attributes now that there is an export-option
for the same thing.
2002-07-22 22:26:14 +00:00
David Shaw
002f085c23 * options.h, main.h, export.c (parse_export_options, do_export_stream),
g10.c (main): add new --export-options option. Current flags are
"include-non-rfc", "include-local-sigs", "include-attributes", and
"include-sensitive-revkeys".

* options.h, hkp.c (hkp_export), keyserver.c (parse_keyserver_options,
keyserver_spawn): try passing unknown keyserver options to export options,
and if successful, use them when doing a keyserver --send-key.

* build-packet.c (build_sig_subpkt): We do not generate
SIGSUBPKT_PRIV_VERIFY_CACHE anymore.
2002-07-22 19:07:21 +00:00
David Shaw
b65aced7b2 * revoke.c (gen_desig_revoke): Lots more comments about including
sensitive revkeys along with the revocation sig itself.

* keyserver.c (parse_keyserver_options): Simpler implementation that can
skip one pass over the options.
2002-07-22 17:52:02 +00:00
David Shaw
fc8d9e4741 * keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying "sensitive"
as an argument to an addrevoker command.  This sets the 0x40 sensitive
revoker flag.

* revoke.c (gen_desig_revoke): When generating a designated revocation,
include the direct key sig that contains the designated revoker subpacket.
This allows sensitive designated revocation subpackets to be exported.
Also indicate which revokers are sensitive in the first place.
2002-07-19 05:08:54 +00:00
David Shaw
75ad30031f * keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in a
designated revoker means "sensitive", not "local".  It's exportable under
the right circumstances.

* main.h, options.h, export.c (do_export_stream), g10.c (main), hkp.c
(hkp_export), keyserver.c (keyserver_spawn: Add a flag to skip attribute
packets and their signatures while exporting.  This is to accomodate
keyservers (pksd again) that choke on attributes. Use keyserver-option
"include-attributes" to control it.  This defaults to ON (i.e. don't
skip).
2002-07-17 19:48:19 +00:00
David Shaw
9ffea0d67b * options.h, keyserver.c (parse_keyserver_uri, keyserver_spawn,
keyserver_work), hkp.c (hkp_ask_import, hkp_export, hkp_search): Use a
much more strict reading of RFC-2396 for the keyserver URIs. Specifically,
don't try and be smart about checking the value of ":port" so long as it
is all digits, and properly handle opaque data (those scheme specific
parts that do not start with "//").
2002-07-09 19:40:18 +00:00
David Shaw
32b11e4501 * photoid.c (get_default_photo_command, show_photos): Honor
FIXED_PHOTO_VIEWER and DISABLE_PHOTO_VIEWER.

* mainproc.c (check_sig_and_print): Use --show-photos to show photos when
verifying a sig made by a key with a photo.

* keyserver.c (parse_keyserver_uri): Properly parse a URI with no :port
section and an empty file path, but with a terminating '/'.
(keyserver_work): Honor DISABLE_KEYSERVER_HELPERS.

* hkp.c (hkp_ask_import): Display keyserver URI as a URI, but only if
verbose.

* exec.c, g10.c: USE_EXEC_PATH -> FIXED_EXEC_PATH
2002-07-04 16:06:38 +00:00
David Shaw
bccb780228 * exec.h, exec.c (set_exec_path, exec_write), g10.c (main): If
USE_EXEC_PATH is defined at compile time, use it to lock the exec-path and
not allow the user to change it.
2002-07-03 04:01:21 +00:00
David Shaw
c6feade425 * options.h, g10.c (main), keyserver.c (keyserver_refresh): Maintain and
use the original keyserver URI for cosmetics rather than trying to
recreate it when needed.

* mainproc.c (check_sig_and_print): Properly disregard expired uids.
Make sure that the first uid listed is a real uid and not an attribute
(attributes should only be listed in the "aka" section).  When there are
no valid textual userids, try for an invalid textual userid before using
any attribute uid.
2002-07-02 22:13:00 +00:00
Timo Schulz
4b0497a2a9 Removed old keyserver (daemon) code. 2002-07-02 08:52:34 +00:00
David Shaw
db765c90d8 * options.skel: Fix a few typos, clarify "group", and remove sample photo
viewers for Win32 since they are the defaults now.

* parse-packet.c (make_attribute_uidname), keylist.c (dump_attribs): Fix
two typecast warnings.
2002-07-01 16:47:22 +00:00
David Shaw
b672df87d6 * packet.h, build-packet.c (build_attribute_subpkt), exec.c (expand_args),
mkdtemp.c (mkdtemp), photoid.c (parse_image_header): Fix some signedness
compiler warnings.
2002-07-01 16:40:52 +00:00
Werner Koch
096cfcc5c7 * encode.c (encode_symmetric): Do not use the new encryption code. 2002-07-01 09:44:42 +00:00
Werner Koch
ac49eadf31 * photoid.c: Use __MINGW32__ to include windows because
HAVE_DOSISH_SYSTEM is also set for OS/2 and plain DOS.  Provide
constant missing in older mingw installations.
2002-06-30 07:40:40 +00:00
David Shaw
3f51f7db3d Update head to match stable 1.0 2002-06-29 13:46:34 +00:00
Werner Koch
a1c48aede2 Does now work with libgcrypt 2000-12-21 11:51:57 +00:00
Werner Koch
613c15be88 Removed the libgcrypt stuff and started to modify the source to work with
that external library.
2000-12-19 18:28:36 +00:00
Werner Koch
986649bea0 Some configuration changes 2000-11-14 16:04:16 +00:00
Werner Koch
c287a8d05b Add features packet and fixes MIPS3. 2000-10-11 17:26:49 +00:00
Werner Koch
5a9ea8ff5c Changed keyring handling - saving still does not work.
Added new cipher mode and updated cipher test program.
2000-10-10 12:58:43 +00:00
Werner Koch
14974bc5d7 See ChangeLog: Fri Oct 6 14:29:16 CEST 2000 Werner Koch 2000-10-06 12:28:44 +00:00
Werner Koch
9c20f65cbe See ChangeLog: Wed Oct 4 13:16:18 CEST 2000 Werner Koch 2000-10-04 11:16:19 +00:00
Werner Koch
986d928ce2 See ChangeLog: Mon Sep 18 16:35:45 CEST 2000 Werner Koch 2000-09-18 14:35:34 +00:00
Werner Koch
9fc2d24fdb See ChangeLog: Mon Aug 21 17:59:17 CEST 2000 Werner Koch 2000-08-21 15:54:37 +00:00
Werner Koch
c9c709545a See ChangeLog: Fri Aug 18 14:27:14 CEST 2000 Werner Koch 2000-08-18 12:23:17 +00:00
Werner Koch
7a8c8b4826 See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
Werner Koch
d81c3f733b See ChangeLog: Fri Jul 28 18:19:11 CEST 2000 Werner Koch 2000-07-28 16:19:07 +00:00
Werner Koch
b872ea2577 See ChangeLog: Tue Jul 25 17:44:15 CEST 2000 Werner Koch 2000-07-25 15:38:12 +00:00
Werner Koch
0bf44b072c See ChangeLog: Mon Jul 17 16:35:47 CEST 2000 Werner Koch 2000-07-17 14:32:21 +00:00
Werner Koch
92cd255508 See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner Koch 2000-07-14 17:34:53 +00:00
Werner Koch
d1648b4d7a See ChangeLog: Thu May 25 18:39:11 CEST 2000 Werner Koch 2000-05-25 16:28:04 +00:00
Werner Koch
da129a5124 See ChangeLog: Fri Mar 24 11:25:45 CET 2000 Werner Koch 2000-03-24 10:19:50 +00:00
Werner Koch
14a2e006bc See ChangeLog: Mon Mar 13 19:22:46 CET 2000 Werner Koch 2000-03-13 18:19:12 +00:00
Werner Koch
d1b6e0ce0d See ChangeLog: Mon Feb 21 22:43:01 CET 2000 Werner Koch 2000-02-21 21:38:43 +00:00
Werner Koch
100fc8da59 See ChangeLog: Mon Jan 31 16:37:34 CET 2000 Werner Koch 2000-01-31 15:27:03 +00:00
Werner Koch
baa30ad117 See ChangeLog: Thu Jan 27 18:00:44 CET 2000 Werner Koch 2000-01-27 16:50:45 +00:00
Werner Koch
db43afc923 See ChangeLog: Mon Jan 24 22:24:38 CET 2000 Werner Koch 2000-01-24 21:14:42 +00:00
Werner Koch
0070faa0ff See ChangeLog: Mon Jan 24 13:04:28 CET 2000 Werner Koch 2000-01-24 11:55:49 +00:00
Werner Koch
704eb738c0 See ChangeLog: Fri Dec 31 14:06:56 CET 1999 Werner Koch 1999-12-31 13:02:40 +00:00
Werner Koch
ed0b0e09d3 See ChangeLog: Fri Dec 31 12:48:31 CET 1999 Werner Koch 1999-12-31 11:44:29 +00:00