1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-19 14:27:02 +01:00

125 Commits

Author SHA1 Message Date
David Shaw
0f1c325c1c * keydb.h, pkclist.c (select_algo_from_prefs): Allow passing a suggested
algorithm which will be used if available.

* encode.c (encode_crypt, encrypt_filter), sign.c (sign_file): Use new
select_algo_from_prefs feature to check if forcing an algorithm would
violate the recipient preferences.

* photoid.c (get_default_photo_command, show_photos): Use different
default viewers on different platforms.  Currently we have Win 9x, Win NT
(2k, xp), Mac OSX, RISC OS, and "everybody else".  These are #ifdefs as
much as possible to avoid clutter.

* g10.c (strusage, build_list), keyedit.c (show_prefs), main.h, misc.c
(compress_algo_to_string, check_compress_algo), pkclist.c
(algo_available), keygen.c (keygen_set_std_prefs): New algo_to_string and
check functions for compress algorithms.
2002-06-20 19:20:55 +00:00
David Shaw
9de7807546 * keygen.c (keygen_add_revkey): Remove unused code.
* misc.c (check_permissions): Check directory permissions properly - they
are not special files.

* pkclist.c (expand_id, expand_group, build_pk_list): When expanding
groups before building a pk list, inherit flags from the original
pre-expanded string.

* pubkey-enc.c (is_algo_in_prefs): Don't use prefs from expired uids.
2002-06-15 04:14:58 +00:00
David Shaw
ecc02567a6 * pkclist.c (expand_groups): Maintain the strlist flags while expanding.
Members of an expansion inherit their flags from the expansion key.

* options.h, cipher.c (write_header), g10.c (main), keygen.c
(keygen_set_std_prefs): remove the personal_mdc flag.  It no longer serves
a purpose now that the personal preference lists are split into
cipher/digest/zip.
2002-06-14 17:42:47 +00:00
David Shaw
92cefb688e * options.skel, options.h, main.h, keydb.h, pkclist.c (build_pk_list,
expand_groups), g10.c (main, add_group): Add new "group" command to allow
one name to expand into multiple keys. For simplicity, and to avoid
potential loops, we only expand once - you can't make an alias that points
to an alias.

* main.h, g10.c (main), keygen.c (build_personal_digest_list): Simplify
the default digest list - there is really no need for the other hashes
since they will never be used after SHA-1 in the list.

* options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
"x-broken-hkp" keyserver scheme into keyserver-option "broken-http-proxy".
Move honor_http_proxy into keyserver_options.  Canonicalize the three
variations of "hkp", "x-hkp", and "x-broken-hkp" into "hkp".
2002-06-07 19:38:27 +00:00
David Shaw
005d2cc4a8 * main.h, g10.c (main), keygen.c (build_personal_digest_list): Put in a
default digest preference list consisting of SHA-1, followed by every
other installed digest except MD5.  Note this is the same as having no
digest preference at all except for SHA-1 being favored.

* options.h, g10.c (main), keygen.c (keygen_set_std_prefs), pkclist.c
(select_algo_from_prefs): Split --personal-preference-list into three:
--personal-{cipher|digest|compress}-preferences.  This allows a user to
set one without affecting another (i.e. setting only a digest pref doesn't
imply an empty cipher pref).

* exec.c (exec_read): This is a safer way of guessing the return value of
system().  Noted by Stefan Bellon.
2002-06-06 20:59:20 +00:00
David Shaw
da3f17990c * keygen.c (keygen_set_std_prefs, add_feature_mdc): Use "mdc" and "no-mdc"
in the prefs string to allow switching on and off the MDC feature.  This
is needed to properly export a key from GnuPG for use on PGP which does
not support MDC - without this, MDC-capable implementations will still try
and generate MDCs which will break PGP.

* keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if it is
enabled.

* options.h, g10.c (main), cipher.c (write_header), keygen.c
(keygen_set_std_prefs): For consistency, allow the user to specify
mdc/no-mdc in the --personal-preference-list.  If disabled, it acts just
like --disable-mdc.
2002-05-29 20:52:51 +00:00
David Shaw
2656589782 * options.h, main.h, keygen.c (keygen_set_set_prefs, keygen_get_std_prefs,
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted.  Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.

* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
2002-05-22 14:07:12 +00:00
David Shaw
4dcdaa3b1b * main.h, keygen.c (keygen_add_revkey): Add revocation key subpackets to a
signature (callable by make_keysig_packet). (write_direct_sig): Write a 1F
direct key signature. (parse_revocation_key): Parse a string in
algo:fpr:sensitive format into a revocation key. (get_parameter_revkey,
do_generate_keypair): Call above functions when prompted from a batch key
generation file.

* build-packet.c (build_sig_subpkt): Allow multiple revocation key
subpackets in a single sig.

* keydb.h, getkey.c (get_seckey_byfprint): Same as get_pubkey_byfprint,
except for secret keys.  We only know the fingerprint of a revocation key,
so this is needed to retrieve the secret key needed to issue a revokation.

* packet.h, parse-packet.c (parse_signature, parse_revkeys): Split revkey
parsing off into a new function that can be used to reparse after
manipulating the revkey list.

* sign.c (make_keysig_packet): Ability to make 1F direct key signatures.
2002-05-16 03:35:55 +00:00
Werner Koch
0295445a4c * keygen.c (get_parameter_algo): Never allow generation of the
deprecated RSA-E or RSA-S flavors of PGP RSA.
(ask_algo): Allow generation of RSA sign and encrypt in expert
mode.  Don't allow ElGamal S+E unless in expert mode.
* helptext.c: Added entry keygen.algo.rsa_se.
2002-05-07 07:24:29 +00:00
Werner Koch
cd59cb1d64 Added a copyright year for files changed this year. 2002-04-29 14:42:34 +00:00
David Shaw
cd7b3f9590 After generating a new key, show the key information (name, keyid,
fingerprint, etc.)

Do not print uncheckable signatures (missing key..) in --check-sigs.

Print statistics (N missing keys, etc.) after --check-sigs.

When signing a key with an expiration date on it, the "Do you want your
signature to expire at the same time?" question should default to YES
2002-04-23 17:54:38 +00:00
Werner Koch
0f2fedd806 po/
* et.po, tr.po, cs.po, it.po, id.po: Updated.
2002-04-22 19:33:39 +00:00
David Shaw
3b97ac9ef8 * keygen.c (generate_subkeypair): 2440bis04 adds that creating subkeys on
v3 keys is a MUST NOT.

* getkey.c (finish_lookup): The --pgp6 "use the primary key" behavior
should only apply while data signing and not encryption. Noted by Roger
Sondermann.
2002-04-20 11:57:35 +00:00
David Shaw
9ef1a80f8d * parse-packet.c (parse_signature): Minor fix - signatures should expire
at their expiration time and not one second later.

* keygen.c (proc_parameter_file): Allow specifying preferences string
(i.e. "s5 s2 z1 z2", etc) in a batchmode key generation file.

* keyedit.c (keyedit_menu): Print standard error message when signing a
revoked key (no new translation).

* getkey.c (merge_selfsigs): Get the default set of key prefs from the
real (not attribute) primary uid.
2002-04-14 01:27:11 +00:00
David Shaw
5005434c7e * build-packet.c (build_sig_subpkt): Delete subpackets from both hashed
and unhashed area on update.  (find_subpkt): No longer needed.

* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key with a v4
signature.  As usual, --expert overrides.  Try to tweak some strings to a
closer match so they can all be translated in one place.  Use different
helptext keys to allow different help text for different questions.

* keygen.c (keygen_upd_std_prefs): Remove preferences from both hashed and
unhashed areas if they are not going to be used.
2002-04-12 04:07:26 +00:00
Werner Koch
b725d8ec27 Merged in my changes, after disk crash. Fortunately the CVS was not
affected - but everything else and it seems that there is no backup of
the BTS data is available :-(
2002-04-08 15:10:51 +00:00
David Shaw
0f682ed3f7 Fix ownertrust display with --with-colons.
Properly initialize the user ID refcount for user and photo IDs.

Tweak a few prompts to change "y/n" to "y/N", which is how most other
prompts are written.

Warn the user if they are about to revoke an expired sig (not a problem,
but they should know).

Control-d escapes the keyserver search prompt.

If a subkey is considered revoked solely because the parent key is
revoked, print the revocation reason from the parent key.

Allow revocation/expiration to apply to a uid/key with no entry in the
trustdb.
2002-03-31 23:51:33 +00:00
David Shaw
3e6d5d7c77 More comments about when to use IDEA in keygen.c
When key signing with multiple keys at the same time, make sure each key
gets the sigclass prompt
Close the iobuf and FILE before trying to reap the child process to
encourage the child to exit
Disable cache-on-close of the fd iobuf (shouldn't all fd iobufs not be
cached?)
2002-01-27 05:56:35 +00:00
David Shaw
1cad77d9b4 Cosmetic: don't present a RSA signing key as a "keypair" which can be 768
bits long (as RSA minimum is 1024)
Allow IDEA as a fake preference for v3 keys with v3 selfsigs when
verifying that a cipher is in preferences while decrypting
2002-01-23 22:17:45 +00:00
David Shaw
1dbd67b96a Some compatibility polish for PGP2. Add a fake IDEA preference for v3
keys (this is in the RFC), so that they can be (sometimes) used along
OpenPGP keys.  Do not force using IDEA on an OpenPGP key, as this may
violate its prefs.
Also, revise the help text for the sig class explanation.
2002-01-22 20:39:10 +00:00
Werner Koch
5a92c6052f * passphrase.c (passphrase_to_dek): Add tryagain_text arg to be
used with the agent.  Changed all callers.
(agent_get_passphrase): Likewise and send it to the agent
* seckey-cert.c (do_check): New arg tryagain_text.
(check_secret_key): Pass the string to do_check.
* keygen.c (ask_passphrase): Set the error text is required.
* keyedit.c (change_passphrase): Ditto.
* passphrase.c (agent_open): Disable opt.use_agent in case of a
problem with the agent.
(agent_get_passphrase): Ditto.
(passphrase_clear_cache): Ditto.
2002-01-20 18:33:04 +00:00
David Shaw
ca058399b0 Nonrevocable key signature support via "nrsign". These sigs can expire,
but cannot be revoked.  Any revocation certificates for them are ignored.
2001-12-21 21:02:05 +00:00
David Shaw
e8936126af Much stricter checking of the keyserver URI
IDEA warning for pk messages encrypted with IDEA (symmetric is already done)
Print IDEA warning for each occurance except for secret key protection and
unknown cipher from an encrypted message.
2001-12-18 23:10:46 +00:00
David Shaw
30481e5a17 Add a generic IDEA warning for when the IDEA plugin is not present. This
pops up when the user uses "--cipher-algo idea", when setpref is used to
set a "S1" preference, and when a secret key protected with IDEA is used.

Tweak the --pgp2 mode to use this generic warning.
2001-12-17 21:45:40 +00:00
David Shaw
1ccd578910 Sig expiration code
Offer to expire a key signature when the key the user is signing expires
Expired sigs cause an error return
If --expert is set, prompt for sig duration
2001-12-07 01:14:15 +00:00
David Shaw
ebd148e553 Bug fix in "showpref"
Allow setting a no-compression preference
2001-12-07 00:57:50 +00:00
Werner Koch
a3af543617 Revamped the trustDB 2001-09-24 16:03:14 +00:00
Werner Koch
d4cd7a3d4b more bug fixesand some warning cleanups 2001-09-09 16:09:19 +00:00
Werner Koch
59334400a1 fixed a stupid C error 2001-09-07 07:57:51 +00:00
Werner Koch
ed17c7afd0 Revamped the keyring code 2001-09-06 17:10:00 +00:00
Werner Koch
bab40b52cd MDC feature support and other stuff 2001-08-30 16:39:23 +00:00
Werner Koch
aa1514852a Added RSA key generation 2001-08-14 11:33:49 +00:00
Werner Koch
a255ea76ae Added a way to update preferences 2001-08-09 13:11:51 +00:00
Werner Koch
0fa9ffe75c Fixes here and there. 2001-08-08 12:34:00 +00:00
Werner Koch
dce4566802 Changed lsign behaviour, allow future subkeys, don't list revoked keys 2001-08-01 10:30:24 +00:00
Werner Koch
01fe1dd2a9 Fix for toupper('I') != 'i' 2001-06-12 18:42:40 +00:00
Werner Koch
e3b897b52d About to release 1.0.6 2001-05-29 06:58:58 +00:00
Werner Koch
355c76352a Made genkey work again. 2001-03-27 11:14:22 +00:00
Werner Koch
f3b2ef0b93 The "Samba" bug fixes :-) 2001-03-22 18:04:47 +00:00
Werner Koch
be06120679 Changed and added copyright notices 2001-03-08 14:33:24 +00:00
Werner Koch
a66fa9c25e Add KEY_CREATED status 2001-01-03 13:36:03 +00:00
Werner Koch
f2b8760f75 Minor changes done for the Windows binary 2000-10-23 16:38:27 +00:00
Werner Koch
dc7cea85ba Add Rijndael support, changes to fix an IRIX problem. 2000-10-12 14:34:01 +00:00
Werner Koch
8f45e56ad9 See ChangeLog: Fri Sep 15 18:40:36 CEST 2000 Werner Koch 2000-09-15 16:40:24 +00:00
Werner Koch
d9df5017bf See ChangeLog: Wed Sep 6 17:55:47 CEST 2000 Werner Koch 2000-09-06 15:57:12 +00:00
Werner Koch
1d01573b78 See ChangeLog: Wed Aug 23 19:52:51 CEST 2000 Werner Koch 2000-08-23 17:47:49 +00:00
Werner Koch
600846925c See ChangeLog: Wed Jun 28 11:54:44 CEST 2000 Werner Koch 2000-06-28 09:56:18 +00:00
Werner Koch
5f8fc31d9a See ChangeLog: Fri Apr 14 19:37:08 CEST 2000 Werner Koch 2000-04-14 17:34:30 +00:00
Werner Koch
265d82ac8c removed debugging code 2000-03-16 15:51:35 +00:00
Werner Koch
dca608ab9d See ChangeLog: Thu Mar 16 16:20:23 CET 2000 Werner Koch 2000-03-16 15:16:15 +00:00