diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 28 | ||||
| -rw-r--r-- | g10/g10.c | 1 | ||||
| -rw-r--r-- | g10/getkey.c | 34 | ||||
| -rw-r--r-- | g10/import.c | 37 | ||||
| -rw-r--r-- | g10/keyedit.c | 2 | ||||
| -rw-r--r-- | g10/mainproc.c | 2 | ||||
| -rw-r--r-- | g10/sign.c | 12 |
7 files changed, 76 insertions, 40 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 804c7cc40..7e101ac67 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,31 @@ +2002-03-17 David Shaw <[email protected]> + + * g10.c (main): --openpgp implies --allow-non-selfsigned-uid. + + * getkey.c (merge_selfsigs_main): If none of the uids are primary + (because none are valid) then pick the first to be primary (but + still invalid). This is for cosmetics in case some display needs + to print a user ID from a non-selfsigned key. Also use + --allow-non-selfsigned-uid to make such a key valid and not + --always-trust. The key is *not* automatically trusted via + --allow-non-selfsigned-uid. + + * mainproc.c (check_sig_and_print): Make sure non-selfsigned uids + print [uncertain] on verification even though one is primary now. + + * getkey.c (merge_selfsigs): If the main key is not valid, then + neither are the subkeys. + + * import.c (import_one): Allow --allow-non-selfsigned-uid to work + on completely unsigned keys. Print the uids in UTF8. Remove + mark_non_selfsigned_uids_valid(). + + * keyedit.c (show_key_with_all_names): Show revocation key as + UTF8. + + * sign.c (clearsign_file): Allow --not-dash-escaped to work with + v3 keys. + 2002-03-13 David Shaw <[email protected]> * import.c (chk_self_sigs): Show which user ID a bad self-sig @@ -1071,6 +1071,7 @@ main( int argc, char **argv ) case oOpenPGP: opt.rfc1991 = 0; opt.rfc2440 = 1; + opt.allow_non_selfsigned_uid = 1; opt.pgp2_workarounds = 0; opt.escape_from = 0; opt.force_v3_sigs = 0; diff --git a/g10/getkey.c b/g10/getkey.c index 5b8ac80ce..337a0369a 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1354,12 +1354,13 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) pk->is_valid = 1; } - /* If the key isn't valid yet, and we have --always-trust set, - then force it valid. */ - if(opt.always_trust && !pk->is_valid) + /* If the key isn't valid yet, and we have + --allow-non-selfsigned-uid set, then force it valid. */ + if(!pk->is_valid && opt.allow_non_selfsigned_uid) { if(opt.verbose) - log_info(_("Invalid key %08lX made valid by --always-trust\n"), + log_info(_("Invalid key %08lX made valid by " + "--allow-non-selfsigned-uid\n"), (ulong)keyid_from_pk(pk,NULL)); pk->is_valid = 1; @@ -1454,7 +1455,22 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) /* none is flagged primary - use the latest user ID we have */ uidnode2->pkt->pkt.user_id->is_primary = 1; } - + else + { + /* None of our uids were self-signed, so pick the first one to + be the primary. This is the best we can do here since + there are no self sigs to date the uids. */ + + for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; + k = k->next ) + { + if(k->pkt->pkttype==PKT_USER_ID) + { + k->pkt->pkt.user_id->is_primary=1; + break; + } + } + } } @@ -1611,6 +1627,13 @@ merge_selfsigs( KBNODE keyblock ) } } + /* If the main key is not valid, then the subkeys aren't either, + even if they have binding sigs. */ + if(!main_pk->is_valid) + for(k=keyblock; k; k=k->next) + if(k->pkt->pkttype==PKT_PUBLIC_SUBKEY) + k->pkt->pkt.public_key->is_valid=0; + /* set the preference list of all keys to those of the primary * user ID. Note: we use these preferences when we don't know by * which user ID the key has been selected. @@ -1640,7 +1663,6 @@ merge_selfsigs( KBNODE keyblock ) pk->mdc_feature = mdc_feature; } } - } diff --git a/g10/import.c b/g10/import.c index 6fef4432a..fff54eedb 100644 --- a/g10/import.c +++ b/g10/import.c @@ -67,7 +67,6 @@ static int import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats); static int chk_self_sigs( const char *fname, KBNODE keyblock, PKT_public_key *pk, u32 *keyid ); -static void mark_non_selfsigned_uids_valid( KBNODE keyblock, u32 *kid ); static int delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid ); static int merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock, u32 *keyid, @@ -445,8 +444,18 @@ import_one( const char *fname, KBNODE keyblock, int fast, if( rc ) return rc== -1? 0:rc; + /* If we allow such a thing, mark unsigned uids as valid */ if( opt.allow_non_selfsigned_uid ) - mark_non_selfsigned_uids_valid( keyblock, keyid ); + for( node=keyblock; node; node = node->next ) + if( node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) ) + { + char *user=utf8_to_native(node->pkt->pkt.user_id->name, + node->pkt->pkt.user_id->len,0); + node->flag |= 1; + log_info( _("key %08lX: accepted non self-signed user ID '%s'\n"), + (ulong)keyid[1],user); + m_free(user); + } if( !delete_inv_parts( fname, keyblock, keyid ) ) { if( !opt.quiet ) { @@ -866,30 +875,6 @@ chk_self_sigs( const char *fname, KBNODE keyblock, return 0; } - - -/**************** - * If a user ID has at least one signature, mark it as valid - */ -static void -mark_non_selfsigned_uids_valid( KBNODE keyblock, u32 *kid ) -{ - KBNODE node; - for(node=keyblock->next; node; node = node->next ) { - if( node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) ) { - if( (node->next && node->next->pkt->pkttype == PKT_SIGNATURE) - || !node->next ) { - node->flag |= 1; - log_info( _("key %08lX: accepted non self-signed user ID '"), - (ulong)kid[1]); - print_string( log_stream(), node->pkt->pkt.user_id->name, - node->pkt->pkt.user_id->len, 0 ); - fputs("'\n", log_stream() ); - } - } - } -} - /**************** * delete all parts which are invalid and those signatures whose * public key algorithm is not available in this implemenation; diff --git a/g10/keyedit.c b/g10/keyedit.c index bca65a12a..bad55db57 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1419,7 +1419,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker, keyid_from_fingerprint(pk->revkey[i].fpr, MAX_FINGERPRINT_LEN,r_keyid); - user=get_user_id_string(r_keyid); + user=get_user_id_string_native(r_keyid); tty_printf(_("This key may be revoked by %s key %s%s\n"), pubkey_algo_to_string(pk->revkey[i].algid), diff --git a/g10/mainproc.c b/g10/mainproc.c index 68752767a..e86037d80 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1276,6 +1276,8 @@ check_sig_and_print( CTX c, KBNODE node ) for( un=keyblock; un; un = un->next ) { if( un->pkt->pkttype != PKT_USER_ID ) continue; + if ( !un->pkt->pkt.user_id->created ) + continue; if ( un->pkt->pkt.user_id->is_revoked ) continue; if ( !un->pkt->pkt.user_id->is_primary ) diff --git a/g10/sign.c b/g10/sign.c index 57618c377..c1a09bae4 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -825,9 +825,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) } } - if( old_style && only_md5 ) - iobuf_writestr(out, LF ); - else { + if( !(old_style && only_md5) ) { const char *s; int any = 0; byte hashs_seen[256]; @@ -851,12 +849,12 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) } assert(any); iobuf_writestr(out, LF ); - if( opt.not_dash_escaped ) - iobuf_writestr( out, - "NotDashEscaped: You need GnuPG to verify this message" LF ); - iobuf_writestr(out, LF ); } + if( opt.not_dash_escaped ) + iobuf_writestr( out, + "NotDashEscaped: You need GnuPG to verify this message" LF ); + iobuf_writestr(out, LF ); textmd = md_open(0, 0); for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { |