| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
--no-default-keyring.
|
| |
|
|
|
| |
Reported by Todd Vierling.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
backsigs.
* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid. If DO_BACKSIGS is not defined, fake this as
always valid.
* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.
* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.
|
| |
|
|
|
| |
can_handle_critical): Parse and display 0x19 signatures.
|
| |
|
|
|
| |
"hkp". They are not the same thing.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
of signing subkeys. Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.
* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).
* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.
|
| |
|
|
|
| |
optional. Document --bzip2-decompress-lowmem.
|
| |
|
|
|
|
|
|
| |
* plaintext.c (handle_plaintext): Accept 'u' as a plaintext mode that
requires end of line conversion. This is being considered for a UTF8 text
packet. If this doesn't take place, no major harm done. If it does take
place, we'll get a jump on starting the changeover.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
user ID so the new ID gets validity set. Reported by Owen Taylor.
|
| |
|
|
|
|
|
| |
(packet header indicates a size larger than the actual packet) encrypted
data packets when not compressing and using a filename longer than 255
characters.
|
| |
|
|
|
|
| |
--bzip2-decompress-lowmem since we do handle receiving a bzip2 message on
the stable branch.
|
| |
|
|
|
|
| |
primary warning for subkey expiration changes. These cannot reorder
primaries.
|
| |
|
|
|
|
|
|
|
| |
which self-sig we actually chose.
* keyedit.c (menu_expire, menu_set_primary_uid, menu_set_preferences): Use
it here to avoid updating non-used self-sigs and possibly promoting an old
self-sig into consideration again.
|
| |
|
|
|
|
| |
Keep track of the unprotected subkey secret key so we can make a backsig
with it.
|
| |
|
|
|
|
|
| |
generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey. Do not overload the ret_sk. This is some early cleanup
to do backsigs for signing subkeys.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
for the first time.
* build-packet.c (do_comment, do_user_id): Try for a headerlen of 2 since
that's the smallest and most likely encoding for these packets
* keyedit.c (menu_addrevoker): Allow appointing a subkey as a designated
revoker if the user forces it via keyid!, so long as the subkey can
certify. Also use the proper date string when prompting for confirmation.
|
| |
|
|
|
| |
with a 5-byte length that happens to be zero.
|
| |
|
|
|
|
|
|
| |
* mainproc.c (check_sig_and_print): track whether we are
retrieving a key.
* status.c (status_currently_allowed): New.
(write_status_text, write_status_text_and_buffer): Use it here.
|
| |
|
|
|
| |
designated revoker.
|
| |
|
|
|
| |
--default-cert-level.
|
| |
|
|
|
|
|
|
| |
present if --expert is set.
* plaintext.c (handle_plaintext): Make bytecount static so it works with
multiple literal packets inside a message.
|
| |
|
|
|
|
|
| |
* README: Update version.
* NEWS: Note --max-output, --list-config, --min-cert-level, and AIX fix.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level. If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
--min-cert-check-level option to specify minimum cert check level.
Defaults to 1 (so no sigs are ignored). 0x10 sigs cannot be ignored.
* options.h, g10.c (main), plaintext.c (handle_plaintext): Add
--max-output option to help people deal with decompression bombs.
|
| |
|
|
|
|
| |
as they require a new CTB, and we don't support forced headers for new
CTBs yet.
|
| |
|
|
|
|
|
|
|
|
| |
along with a zero length, interpret this as an actual zero length packet
and not as an indeterminate length packet. (do_comment, do_user_id): Use
it here as these packets might be naturally zero length.
* parse-packet.c (parse): Show packet type when failing due to an
indeterminate length packet.
|
| |
|
|
|
|
|
| |
key, a revocation key set in a direct key signature, and a revocation from
that revocation key, all arrive piecemeal. Needless to say, this is pretty
obscure.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
other xxxx_algo_to_string() functions.
* mainproc.c (list_node): Minor spacing tweak to match --list-keys output.
* keylist.c (list_keyblock_print), mainproc.c (list_node): Mark revoked
subkeys as revoked. Requested by Matthew Wilcox. Make revoked and
expired tags translatable (they are already translated elsewhere).
Revoked overrides expiration when both apply.
* keyedit.c (show_prefs): Use compress algo constants.
(show_basic_key_info): Make revoked and expired tags translatable
(show_key_with_all_names): Revoked overrides expired when both apply.
|
| | |
|
| |
|
|
|
| |
the expired self-sig is not the only self-sig.
|
| |
|
|
|
|
|
|
| |
* samplekeys.asc: Update 99242560.
* gpg.sgml: Note what happens if you run 'gpg' without any commands.
Document --multifile.
|
| |
|
|
|
| |
* gpg.sgml: Document --ungroup and --list-config.
|
| |
|
|
|
|
|
| |
* packet.h, keyedit.c (show_key_with_all_names_colon), keylist.c
(list_keyblock_colon), mainproc.c (list_node, proc_tree): Minor cleanup to
remove local_id, which is no longer used.
|
| |
|
|
|
|
|
| |
group. (add_group): When adding a group with the same name as an already
existing group, merge the two groups. (list_config): Show an error message
when listing a config item that doesn't exist.
|
| |
|
|
|
|
|
|
|
| |
PK_UID_CACHE_SIZE (set in ./configure).
* getkey.c (get_pubkey): When reading key data into the cache, properly
handle keys that are partially (pk, no UIDs) cached already. This is
Debian bug #176425 and #229549.
|
| |
|
|
|
|
| |
* README, configure.ac: Add --enable-key-cache=SIZE configure option.
This sets the key/uid cache size. Default is 4096.
|
| |
|
|
|
|
|
|
|
|
| |
inside a compressed data packet. This is possibly dangerous without an
MDC. (push_compress_filter2): Do the right thing (i.e. nothing) with
compress algo 0.
* main.h, decrypt.c (decrypt_messages): Accept filenames to decrypt on
stdin. This is bug #253.
|
| |
|
|
|
|
| |
don't allow a designated revokation of the whole key to override this.
We're still revoked either way, of course.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
string. (main): Use it here to pass list_config() more than one argument
as a single string. (print_algo_numbers): Helper to print algorithm
numbers. (list_config): Use it here for "pubkey", "cipher",
"hash"/"digest", and "compress" config options.
|
| |
|
|
|
| |
These aren't actual problems, but the warnings bothered me.
|
| |
|
|
|
|
|
| |
stdout. Currently requires --with-colons.
* getkey.c, keylist.c, packet.h, pkclist.c: Fix copyright dates.
|
| | |
|
| | |
|
