1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-11 21:48:50 +01:00
gnupg/g10
Werner Koch 2fc27c8696
gpg: Switch to a hash and CERT record based PKA system.
* common/dns-cert.c (get_dns_cert): Make r_key optional.
* common/pka.c: Rewrite for the new hash based lookup.
* common/t-pka.c: New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.

--

Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.

The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time.  Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified.  Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key.  Having a solid way of getting a key matching
a mail address is however a must have.

More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase.  The auto-key-locate mechanism
should also be able to continue key fetching with another methods once
the fingerprint has been retrieved with PKA.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-25 16:34:19 +01:00
..
armor.c gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
build-packet.c gpg: Fix segv due to NULL value stored as opaque MPI. 2015-02-19 16:29:58 +01:00
call-agent.c Use inline functions to convert buffer data to scalars. 2015-02-11 10:28:25 +01:00
call-agent.h gpg: Re-enable the "Passphrase" parameter for batch key generation. 2015-01-21 11:31:20 +01:00
call-dirmngr.c Add option --no-autostart. 2014-11-28 09:44:19 +01:00
call-dirmngr.h gpg: Print the actual used keyserver address. 2014-03-14 16:12:54 +01:00
card-util.c gpg: Remove unused args from a function. 2015-01-05 15:15:36 +01:00
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-01 11:09:02 +01:00
cipher.c gpg: Remove options --pgp2 and --rfc1991. 2014-08-14 11:03:55 +02:00
comment.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
compress-bz2.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
compress.c gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
cpr.c common: Add cpr_get_answer_is_yes_def() 2014-07-23 14:35:22 +02:00
dearmor.c gpg: Create exported secret files and revocs with mode 700. 2014-06-30 09:12:48 +02:00
decrypt-data.c gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
decrypt.c gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
dek.h gpg: Remove cipher.h and put algo ids into a common file. 2014-01-29 20:35:05 +01:00
delkey.c gpg: --delete-secret-key - check that a secret key exists. 2014-09-20 16:27:16 +02:00
distsigkey.gpg Add more signing keys. 2014-10-31 14:21:34 +01:00
ecdh.c gpg: Clear a possible rest of the KDF secret buffer. 2015-01-05 15:15:28 +01:00
encrypt.c gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
exec.c gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
exec.h Changed to GPLv3. 2007-07-04 19:49:40 +00:00
export.c gpg: Fix export bug using exact search with only one key in the keybox. 2014-12-01 11:54:51 +01:00
filter.h gpg: Remove PGP-2 related cruft. 2014-11-13 12:01:42 +01:00
free-packet.c gpg: Remove cipher.h and put algo ids into a common file. 2014-01-29 20:35:05 +01:00
getkey.c gpg: Switch to a hash and CERT record based PKA system. 2015-02-25 16:34:19 +01:00
gpg-w32info.rc w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpg.c gpg: Add command --print-pka-records. 2015-02-24 19:31:59 +01:00
gpg.h gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
gpg.w32-manifest.in w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpgv.c Add a hook to be called right after main. 2015-01-28 19:57:22 +01:00
helptext.c Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
import.c gpg: Add dedicated error code for PGP-2 keys. 2015-01-22 14:39:31 +01:00
kbnode.c gpg: Fix a missing LF in debug output. 2014-11-13 17:01:17 +01:00
keydb.c gpg: Prevent an invalid memory read using a garbled keyring. 2015-02-09 15:46:00 +01:00
keydb.h gpg: Fix informative printing of user ids. 2014-10-13 14:54:26 +02:00
keyedit.c gpg: Replace remaining uses of stdio by estream. 2015-02-19 17:22:27 +01:00
keygen.c Move new mailbox.c source file to common/. 2015-02-25 11:43:50 +01:00
keyid.c gpg: Fix segv due to NULL value stored as opaque MPI. 2015-02-19 16:29:58 +01:00
keylist.c Move new mailbox.c source file to common/. 2015-02-25 11:43:50 +01:00
keyring.c gpg: Prevent an invalid memory read using a garbled keyring. 2015-02-09 15:46:00 +01:00
keyring.h Decryption and signi via agent is now implemented. 2010-04-23 11:36:59 +00:00
keyserver-internal.h gpg: Remove unused args from a function. 2015-01-05 15:15:36 +01:00
keyserver.c gpg: Switch to a hash and CERT record based PKA system. 2015-02-25 16:34:19 +01:00
main.h Move new mailbox.c source file to common/. 2015-02-25 11:43:50 +01:00
mainproc.c gpg: Switch to a hash and CERT record based PKA system. 2015-02-25 16:34:19 +01:00
Makefile.am Move new mailbox.c source file to common/. 2015-02-25 11:43:50 +01:00
mdfilter.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
migrate.c gpg: Change wording of a migration error message. 2014-10-09 10:56:25 +02:00
misc.c gpg: Add function to extract the mailbox. 2015-02-24 17:46:22 +01:00
openfile.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-13 17:39:31 +01:00
OPTIONS See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
options.h gpg: Add command --print-pka-records. 2015-02-24 19:31:59 +01:00
options.skel Change a couple of files to use abbreviated copyright notes. 2014-11-04 16:28:03 +01:00
packet.h gpg: Remove all support for v3 keys and always create v4-signatures. 2014-10-17 13:32:16 +02:00
parse-packet.c Use inline functions to convert buffer data to scalars. 2015-02-11 10:28:25 +01:00
passphrase.c Comment typo fixes. 2014-11-19 10:47:57 +01:00
photoid.c gpg: New %U expando for the photo viewer. 2014-04-17 21:44:09 +02:00
photoid.h Decryption and signi via agent is now implemented. 2010-04-23 11:36:59 +00:00
pkclist.c gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
pkglue.c gpg: Fix memory leak in ECC encryption. 2014-09-08 18:25:06 +02:00
pkglue.h gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id. 2014-01-30 18:48:37 +01:00
plaintext.c gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
progress.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
pubkey-enc.c Use inline functions to convert buffer data to scalars. 2015-02-11 10:28:25 +01:00
pubring.asc See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
revoke.c gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
rmd160.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
rmd160.h Add missing header file. 2008-12-12 08:54:50 +00:00
seckey-cert.c Use inline functions to convert buffer data to scalars. 2015-02-11 10:28:25 +01:00
server.c Remove support for the GPG_AGENT_INFO envvar. 2014-10-03 11:58:58 +02:00
seskey.c gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id. 2014-01-30 18:48:37 +01:00
sig-check.c gpg: Replace remaining uses of stdio by estream. 2015-02-19 17:22:27 +01:00
sign.c gpg: Replace remaining uses of stdio by estream. 2015-02-19 17:22:27 +01:00
signal.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
skclist.c gpg: Remove cipher.h and put algo ids into a common file. 2014-01-29 20:35:05 +01:00
t-rmd160.c Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
tdbdump.c gpg: Replace remaining uses of stdio by estream. 2015-02-19 17:22:27 +01:00
tdbio.c gpg: Replace remaining uses of stdio by estream. 2015-02-19 17:22:27 +01:00
tdbio.h gpg: Replace remaining uses of stdio by estream. 2015-02-19 17:22:27 +01:00
textfilter.c gpg: Remove all support for v3 keys and always create v4-signatures. 2014-10-17 13:32:16 +02:00
trust.c Use inline functions to convert buffer data to scalars. 2015-02-11 10:28:25 +01:00
trustdb.c gpg: Replace remaining uses of stdio by estream. 2015-02-19 17:22:27 +01:00
trustdb.h gpg: Allow building without any trust model support. 2014-02-10 17:46:40 +01:00
verify.c gpg: Replace remaining old error code macros by GPG_ERR_. 2015-01-22 12:06:11 +01:00
zlib-riscos.h include: Remove this directory. 2014-01-29 17:45:05 +01:00