| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
--default-cert-level.
|
| |
|
|
|
|
| |
merge-only, remove old honor-http-proxy, --merge-only, and
--emulate-md-encode-bug. Document COLUMNS and LINES.
|
| |
|
|
|
|
|
| |
* NEWS: Note --max-output, --list-config, --min-cert-level, AIX fix, new
http-proxy keyserver-option, new LDAP server code, TLS, LDAPS, and
--show-session-key with --symmetric.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
present if --expert is set.
* plaintext.c (handle_plaintext): Make bytecount static so it works with
multiple literal packets inside a message.
* encode.c, helptext.c (keygen.algo, keygen.algo.elg_se), keygen.c
(ask_algo), sig-check.c (do_check_messages), skclist.c (build_sk_list):
Rename "ElGamal" to "Elgamal" as that is the proper spelling nowadays.
Suggested by Jon Callas.
|
| |
|
|
|
|
|
| |
attributes. This guarantees that if something goes wrong, we won't be
able to complete the transaction, thus leaving any key already existing on
the server intact.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* encode.c (encode_simple): Show cipher with --verbose.
* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level. If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
|
| | |
|
| |
|
|
|
|
|
|
| |
functionality added. Optional deduping functionality added (currently
only used for pgpSignerID). (build_attrs): Translate sig entries into
pgpSignerID. Properly build the timestamp for pgpKeyCreateTime and
pgpKeyExpireTime.
|
| |
|
|
|
|
| |
--min-cert-check-level option to specify minimum cert check level.
Defaults to 2 (so 0x11 sigs are ignored). 0x10 sigs cannot be ignored.
|
| |
|
|
|
|
|
|
|
| |
with NULL (a "delete" that works even for nonexistant attributes).
(send_key): Use it here to remove attributes so a modify operation starts
with a clean playing field. Bias sends to modify before add, since (I
suspect) people update their existing keys more often than they make and
send new keys to the server.
|
| |
|
|
|
| |
(do not limit output at all).
|
| |
|
|
|
|
|
| |
header lines, and include "sig:" records for the benefit of people who
store their keys in LDAP servers. It makes it easy to do queries for
things like "all keys signed by Isabella".
|
| |
|
|
|
|
|
|
|
|
| |
(make_one_attr): New. Build a modification list in memory to send to the
LDAP server. (build_attrs): New. Parse INFO lines sent over by gpg.
(free_mod_values): New. Unwinds a modification list.
(send_key_keyserver): Renamed from old send_key(). (send_key): New
function to send a key to a LDAP server. (main): Use send_key() for real
LDAP servers, send_key_keyserver() otherwise.
|
| | |
|
| |
|
|
|
| |
the keyserver helpers.
|
| | |
|
| |
|
|
|
|
|
| |
IDs. (keyserver_import): Clarify error message. (keyserver_spawn):
Properly handle 8 bit characters in user IDs in the info lines during
SEND.
|
| |
|
|
|
| |
and unsetenv().
|
| |
|
|
|
| |
* Makefile.am: Include @LIBOBJS@ for replacement functions.
|
| |
|
|
|
|
|
|
| |
* Makefile.am: We get mkdtemp.c from libutil.a now, so don't link with
@LIBOBJS@.
* keyserver.c (keyserver_spawn): Pass the scheme to the keyserver helper.
|
| |
|
|
|
|
|
|
|
|
| |
(search_key): Catch a SIZELIMIT_EXCEEDED error and show the user whatever
the server did give us. (find_basekeyspacedn): There is no guarantee that
namingContexts will be readable.
* Makefile.am: Link gpgkeys_ldap with libutil.a to get the replacement
functions (and eventually translations, etc).
|
| |
|
|
|
|
|
| |
correct for timezones. (main): Find the basekeyspacedn before we try to
start TLS, so we can give a better error message when a user tries to use
TLS with a LDAP keyserver.
|
| |
|
|
|
| |
making gpgkeys_ldaps symlink to gpgkeys_ldap.
|
| |
|
|
|
|
|
|
|
|
| |
gpgkeys_ldap when needed.
* gpgkeys_ldap.c (main): Add support for LDAPS and TLS connections.
These are only useful and usable when talking to real LDAP keyservers.
Add new "tls" option to tune TLS use from off, to try quietly, to try
loudly, or to require TLS.
|
| |
|
|
|
|
| |
mature these days and dependencies are cleaner. Add checks for
ldap_set_option and ldap_start_tls_s.
|
| |
|
|
|
|
|
|
| |
kind of LDAP server we're talking to (either real LDAP or the LDAP
keyserver), and return the baseKeySpaceDN to find keys under. (main): Call
it from here, and remove the old code that only handled the LDAP
keyserver.
|
| |
|
|
|
| |
--max-output option to help people deal with decompression bombs.
|
| |
|
|
|
|
|
| |
is defined before we use it.
* gpgkeys_mailto.in: Fix VERSION number.
|
| |
|
|
|
|
| |
as they require a new CTB, and we don't support forced headers for new
CTBs yet.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
along with a zero length, interpret this as an actual zero length packet
and not as an indeterminate length packet. (do_comment, do_user_id): Use
it here as these packets might be naturally zero length.
* parse-packet.c (parse): Show packet type when failing due to an
indeterminate length packet.
* misc.c (parse_options): Only provide args for the true (i.e. not
"no-xxx") form of options.
|
| |
|
|
|
|
|
| |
* main.h, misc.c (parse_options), export.c (parse_export_options),
import.c (parse_import_options), g10.c (main): Use it here to allow for
options with optional arguments. Change all callers.
|
| |
|
|
|
|
| |
import_secret_one): Without knowing the number of MPIs there are, we
cannot try and sk-to-pk-ize a key.
|
| |
|
|
|
|
|
|
|
| |
* samplekeys.asc: Update 99242560.
* gpg.sgml: Clarify -u/--local-user and --default-key. Note what happens
if you run 'gpg' without any commands. Document --multifile. Document
list-option show-unusable-subkeys.
|
| |
|
|
|
|
|
|
|
| |
key to ensure that it does not advertise any that we cannot fulfill. Use
the keyedit command list function to optionally rewrite the prefs.
(import_one, import_secret_one): Use it here when importing a public key
that we have the secret half of, or when importing a secret key that we
have the public half of.
|
| |
|
|
|
|
|
|
| |
general command list functionality to replace it.
* g10.c (main): Use the general command functionality to implement
--sign-key, --lsign-key, --nrsign-key, and --nrlsign-key.
|
| |
|
|
|
|
|
| |
key, a revocation key set in a direct key signature, and a revocation from
that revocation key, all arrive piecemeal. Needless to say, this is pretty
obscure.
|
| |
|
|
|
|
| |
"show-unusable-subkeys" list-option to show revoked and/or expired
subkeys.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
public subkeys.
* keylist.c (list_keyblock_print), keyedit.c (show_key_with_all_names):
Show the revocation date of a key/subkey, and general formatting work.
* packet.h, getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
merge_selfsigs): Keep track of the revocation date of a key.
* keydb.h, keyid.c (revokestr_from_pk): New function to print the
revocation date of a key.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
runtime as it properly handles algorithms disabled at build or run time.
* getkey.c (merge_selfsigs_main): Properly handle expired user IDs when
the expired self-sig is not the only self-sig.
* misc.c (compress_algo_to_string): Return NULL on failure like all of the
other xxxx_algo_to_string() functions.
* mainproc.c (list_node): Minor spacing tweak to match --list-keys output.
* keylist.c (list_keyblock_print), mainproc.c (list_node): Mark revoked
subkeys as revoked. Requested by Matthew Wilcox. Revoked overrides
expiration when both apply.
* keyedit.c (show_prefs): Use compress algo constants.
(show_basic_key_info): Make revoked and expired tags translatable.
* g10.c (rm_group): Properly ungroup from a list of groups.
|
| |
|
|
|
| |
proper key for doing an RSA test.
|
| |
|
|
|
| |
* gpg.sgml: Document --ungroup and --list-config.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
group. (add_group): When adding a group with the same name as an already
existing group, merge the two groups. (list_config): Show an error message
when listing a config item that doesn't exist. (main): Replace -z0 trick
for no compression.
* packet.h, keyedit.c (show_key_with_all_names_colon), keylist.c
(list_keyblock_colon), mainproc.c (list_node, proc_tree): Minor cleanup to
remove local_id, which is no longer used.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PK_UID_CACHE_SIZE (set in ./configure).
* getkey.c (get_pubkey): When reading key data into the cache, properly
handle keys that are partially (pk, no UIDs) cached already. This is
Debian bug #176425 and #229549.
* compress.c (init_compress, push_compress_filter2): Do the right thing
(i.e. nothing) with compress algo 0.
* main.h, decrypt.c (decrypt_messages): Accept filenames to decrypt on
stdin. This is bug #253.
|
| |
|
|
|
|
|
|
| |
Elgamal removal.
* README, configure.ac: Add --enable-key-cache=SIZE configure option.
This sets the key/uid cache size. Default is 4096.
|
| |
|
|
|
|
|
|
|
| |
* options.h, g10.c (set_screen_dimensions): New function to look at
COLUMNS and LINES.
* keyserver.c (parse_keyrec, keyserver_search_prompt), keyedit.c
(print_and_check_one_sig): Use new screen dimension variables.
|
| |
|
|
|
|
|
|
|
| |
Currently requires --with-colons. (collapse_args): New function to turn
argc/argv into a single string. (main): Use it here to pass list_config()
more than one argument as a single string. (print_algo_numbers): Helper to
print algorithm number for --list-config "pubkey", "cipher",
"hash"/"digest", and "compress" config options.
|
| |
|
|
|
|
| |
(check_signatures_trust): Indicate who has revoked a key (the owner or a
designated revoker). If a key was revoked by both, prefer the owner.
|
| |
|
|
|
|
| |
environment variable (if any) to hint how wide the terminal is. Disabled
on _WIN32. Suggested by Janusz A. Urbanowicz.
|
| |
|
|
|
| |
meaningful on POSIX systems, but the Mingw builds aren't exactly POSIX.
|
