| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
| |
(tty_get_ttyname): New.
(init_ttyfp): Use it here instead of the TERMDEVICE macro.
|
| |
|
|
|
| |
get the default ttyname.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
a given keyring is registered twice.
* keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a default
keyring. (keydb_locate_writable): Prefer the default keyring if possible.
* g10.c (main): Add --default-keyring option.
|
| |
|
|
|
|
|
|
| |
--force-ownertrust option for debugging purposes. This allows setting a
whole keyring to a given trust during an --update-trustdb. Not for normal
use - it's just easier than hitting "4" all the time to test a large
trustdb.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
buffer; didn't worked at all. Reported by Thijmen Klok. From Werner on
stable branch.
* secmem.c (secmem_free, secmem_term): Use wipememory2() instead of
memset() to overwrite secure memory
* iobuf.c (direct_open): Handle mode 'b' if O_BINARY is available. From
Werner on stable branch.
* fileutil.c: Comment from stable branch.
|
| |
|
|
|
| |
byte to wipe with).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
anymore. (From Werner)
* random.c (read_seed_file,update_random_seed_file): Use binary mode for
__CYGWIN__. (From Werner)
* blowfish.c (burn_stack), cast5.c (burn_stack), des.c (burn_stack), md5.c
(burn_stack), random.c (burn_stack, read_pool, fast_random_poll),
rijndael.c (burn_stack), rmd160.c (burn_stack), rndegd.c
(rndegd_gather_random), rndlinux.c (rndlinux_gather_random), sha1.c
(burn_stack), tiger.c (burn_stack), twofish.c (burn_stack): Replace
various calls to memset() with the more secure wipememory().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
passphrase against all secret keys rather than trying all secret keys in
turn. Don't if --try-all-secrets or --status-fd is enabled.
* passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase
query, but don't prompt with the key info.
* seckey-cert.c (do_check, check_secret_key): A negative ask count means
to enable passphrase mode 1.
* keydb.h, getkey.c (enum_secret_keys): Add flag to include
secret-parts-missing keys (or not) in the list.
|
| |
|
|
|
|
|
| |
get_key, search_key): The LDAP keyserver doesn't remove duplicates, so
remove them locally. Do not include the key modification time in the
search response.
|
| |
|
|
|
|
| |
don't try and fit the search output to the screen size - just dump the
whole list.
|
| |
|
|
|
| |
just dump the raw keyserver protocol to stdout and don't print the menu.
|
| |
|
|
|
|
|
| |
listings.
* DETAILS: Clarify meaning of 'u'. Noted by Timo.
|
| |
|
|
|
|
|
| |
validate_one_keyblock): It's not clear what a trustdb rebuild or check
means with a trust model other than "classic" or "openpgp", so disallow
this.
|
| |
|
|
|
| |
input file that does not include any key data at all.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
"openpgp" which is classic+trustsigs, "classic" which is classic only, and
"always" which is the same as the current option --always-trust (which
still works). Default is "openpgp".
* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to enable
trust sigs.
* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c (do_we_trust,
do_we_trust_pre, check_signatures_trust): Use new --trust-model option in
place of --always-trust.
|
| |
|
|
|
|
| |
document --hidden-recipient, document --hidden-encrypt-to, clarify
--no-encrypt-to, clarify --throw-keyid, document --no-throw-keyid.
|
| |
|
|
|
|
| |
--hidden-encrypt-to/--hidden-recipient, and long algorithm name support
everywhere.
|
| |
|
|
|
|
|
|
|
|
|
| |
Prompt for and create a trust signature with "tsign". This is functional,
but needs better UI text.
* build-packet.c (build_sig_subpkt): Able to build trust and regexp
subpackets.
* pkclist.c (do_edit_ownertrust): Comment.
|
| |
|
|
|
|
|
|
|
|
|
| |
algorithm name (CAST5, SHA1) rather than the short form (S3, H2).
* main.h, keygen.c (keygen_get_std_prefs), keyedit.c (keyedit_menu):
Return and use a fake uid packet rather than a string since we already
have a nice parser/printer in keyedit.c:show_prefs.
* main.h, misc.c (string_to_compress_algo): New.
|
| |
|
|
|
| |
the Sxxx and Hxxx format for cipher and digest names.
|
| |
|
|
|
|
|
|
|
|
| |
* keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main), pkclist.c
(build_pk_list): Add --hidden-recipient (-R) and --hidden-encrypt-to,
which do a single-user variation on --throw-keyid. The "hide this key"
flag is carried in bit 0 of the pk_list flags field.
* keyserver.c (parse_keyrec): Fix shadowing warning.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
encode_crypt), sign.c (write_plaintext_packet): Use wipememory() instead
of memset() to wipe sensitive memory as the memset() might be optimized
away.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
like "fully trusted", "marginally trusted", etc. (get_min_ownertrust):
New. Return minimum ownertrust. (update_min_ownertrust): New. Set
minimum ownertrust. (check_regexp): New. Check a regular epression
against a user ID. (ask_ownertrust): Allow specifying a minimum value.
(get_ownertrust_info): Follow the minimum ownertrust when returning a
letter. (clear_validity): Remove minimum ownertrust when a key becomes
invalid. (release_key_items): Release regexp along with the rest of the
info. (validate_one_keyblock, validate_keys): Build a trust sig chain
while validating. Call check_regexp for regexps. Use the minimum
ownertrust if the user does not specify a genuine ownertrust.
* pkclist.c (do_edit_ownertrust): Only allow user to select a trust level
greater than the minimum value.
* parse-packet.c (can_handle_critical): Can handle critical trust and
regexp subpackets.
* trustdb.h, trustdb.c (clear_ownertrusts), delkey.c (do_delete_key),
import.c (import_one): Rename clear_ownertrust to clear_ownertrusts and
have it clear the min_ownertrust value as well.
* keylist.c (list_keyblock_print): Indent uid to match pub and sig.
|
| |
|
|
|
|
| |
handle the regex stuff. This means they can't fully handle trust sigs
with an attached regex either.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.
* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.
* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).
|
| | |
|
| | |
|
| |
|
|
|
|
| |
used for cipher/hash plugins, and include gpgv, gpgsplit, and the new
gnupg.7 man page.
|
| |
|
|
|
| |
protocol and program version.
|
| |
|
|
|
| |
* gpg.sgml: Clarify --force-mdc, and document --disable-mdc.
|
| |
|
|
|
|
|
| |
parse_import_options), g10.c (main): New import-option "convert-sk-to-pk"
to convert a secret key into a public key during import. It is on by
default.
|
| |
|
|
|
| |
GNUified the indentation style.
|
| |
|
|
|
| |
has been assigned.
|
| |
|
|
|
| |
platforms where INTLLIBS is set.
|
| | |
|
| |
|
|
|
| |
internal regex code or not.
|
| |
|
|
|
| |
regexec.c: Add new regex files from glibc 2.3.1.
|
| |
|
|
|
|
|
|
|
| |
* keylist.c: (print_pubkey_info): New.
(print_seckey_info): New.
* main.h: Prototypes for the new functions.
* delkey.c (do_delete_key): Use it here.
* revoke.c (gen_desig_revoke): Ditto.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
(ALL_LINGUAS): Removed all except for de. During development it
might not be a good idea to keep all of them - they get outdated
too soon and diff files will be far too large.
|
