| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
* gpg.sgml: Document --trust-model.
* README.W32: Add blurb on how to create a ZIP file, changed requirement
for mingw32 to 0.3.2.
|
| |
|
|
|
|
|
|
|
| |
--compress-algo. The old algorithm names still work for backwards
compatibility.
* misc.c (string_to_compress_algo): Allow "none" as an alias for
"uncompressed".
|
| |
|
|
|
| |
that was not available when running without verbose on. Noted by Stefan.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
partial length encoding. This is required because OpenPGP allows only for
32 bit length fields. From Werner on stable branch.
* getkey.c (get_pubkey_direct): Renamed to... (get_pubkey_fast): this and
made extern. (get_pubkey_byfprint_fast): New. From Werner on stable
branch.
* keydb.h, import.c (import_one): Use get_pubkey_fast instead of
get_pubkey. We don't need a merged key and actually this might lead to
recursions. (revocation_present): Likewise for search by fingerprint.
From Werner on stable branch.
* g10.c (main): Try to create the trustdb even for non-colon-mode list-key
operations. This is required because getkey needs to know whether a a key
is ultimately trusted. From Werner on stable branch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
it here as it behaves more like a Posix system. From Werner on stable
branch.
* passphrase.c (agent_get_passphrase): Ditto. From Werner on stable
branch.
* tdbio.c (MY_O_BINARY): Need binary mode with Cygwin. From Werner on
stable branch.
* g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from the
registry. From Werner on stable branch.
|
| |
|
|
|
| |
* mk-w32-dist: Include gpgkeys_ldap and gpgkeys_hkp.
|
| |
|
|
|
| |
on stable branch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Check for ctermid(). From Werner on stable
branch.
* configure.ac (GPGKEYS_LDAP,GPGKEYS_HKP): Add $EXEEXT. From
Werner on stable branch.
* configure.ac (try_gettext): Remove special case for cygwin.
This removes all the DOS specific macros and let Cygwin work like
a real OS. Needs a couple of changes elsewhere but after all,
GnuPG presents itself much more like a Posix program and can be
used in a full Cygwin environment; e.g. used along with mutt.
Changes suggested by Volker Quetschke. From Werner on stable
branch.
* acinclude.m4 (GNUPG_SYS_NM_PARSE): Allow for underscore in test
symbols. Useful for Cygwin builds.
(GNUPG_SYS_SYMBOL_UNDERSCORE): Don't hardwire to yes for Cygwin.
From Werner on stable branch.
* README: Add an installation note for Darwin 6.1. From Werner on
stable branch.
|
| |
|
|
|
| |
Werner on stable branch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
display match the validity and trust of --with-colons --list-keys.
* passphrase.c (agent_send_all_options): Fix compile warning.
* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.
* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid. This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
|
| |
|
|
|
| |
to version 2002-11-08.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
(tty_get_ttyname): New.
(init_ttyfp): Use it here instead of the TERMDEVICE macro.
|
| |
|
|
|
| |
get the default ttyname.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
a given keyring is registered twice.
* keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a default
keyring. (keydb_locate_writable): Prefer the default keyring if possible.
* g10.c (main): Add --default-keyring option.
|
| |
|
|
|
|
|
|
| |
--force-ownertrust option for debugging purposes. This allows setting a
whole keyring to a given trust during an --update-trustdb. Not for normal
use - it's just easier than hitting "4" all the time to test a large
trustdb.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
buffer; didn't worked at all. Reported by Thijmen Klok. From Werner on
stable branch.
* secmem.c (secmem_free, secmem_term): Use wipememory2() instead of
memset() to overwrite secure memory
* iobuf.c (direct_open): Handle mode 'b' if O_BINARY is available. From
Werner on stable branch.
* fileutil.c: Comment from stable branch.
|
| |
|
|
|
| |
byte to wipe with).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
anymore. (From Werner)
* random.c (read_seed_file,update_random_seed_file): Use binary mode for
__CYGWIN__. (From Werner)
* blowfish.c (burn_stack), cast5.c (burn_stack), des.c (burn_stack), md5.c
(burn_stack), random.c (burn_stack, read_pool, fast_random_poll),
rijndael.c (burn_stack), rmd160.c (burn_stack), rndegd.c
(rndegd_gather_random), rndlinux.c (rndlinux_gather_random), sha1.c
(burn_stack), tiger.c (burn_stack), twofish.c (burn_stack): Replace
various calls to memset() with the more secure wipememory().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
passphrase against all secret keys rather than trying all secret keys in
turn. Don't if --try-all-secrets or --status-fd is enabled.
* passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase
query, but don't prompt with the key info.
* seckey-cert.c (do_check, check_secret_key): A negative ask count means
to enable passphrase mode 1.
* keydb.h, getkey.c (enum_secret_keys): Add flag to include
secret-parts-missing keys (or not) in the list.
|
| |
|
|
|
|
|
| |
get_key, search_key): The LDAP keyserver doesn't remove duplicates, so
remove them locally. Do not include the key modification time in the
search response.
|
| |
|
|
|
|
| |
don't try and fit the search output to the screen size - just dump the
whole list.
|
| |
|
|
|
| |
just dump the raw keyserver protocol to stdout and don't print the menu.
|
| |
|
|
|
|
|
| |
listings.
* DETAILS: Clarify meaning of 'u'. Noted by Timo.
|
| |
|
|
|
|
|
| |
validate_one_keyblock): It's not clear what a trustdb rebuild or check
means with a trust model other than "classic" or "openpgp", so disallow
this.
|
| |
|
|
|
| |
input file that does not include any key data at all.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
"openpgp" which is classic+trustsigs, "classic" which is classic only, and
"always" which is the same as the current option --always-trust (which
still works). Default is "openpgp".
* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to enable
trust sigs.
* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c (do_we_trust,
do_we_trust_pre, check_signatures_trust): Use new --trust-model option in
place of --always-trust.
|
| |
|
|
|
|
| |
document --hidden-recipient, document --hidden-encrypt-to, clarify
--no-encrypt-to, clarify --throw-keyid, document --no-throw-keyid.
|
| |
|
|
|
|
| |
--hidden-encrypt-to/--hidden-recipient, and long algorithm name support
everywhere.
|
| |
|
|
|
|
|
|
|
|
|
| |
Prompt for and create a trust signature with "tsign". This is functional,
but needs better UI text.
* build-packet.c (build_sig_subpkt): Able to build trust and regexp
subpackets.
* pkclist.c (do_edit_ownertrust): Comment.
|
| |
|
|
|
|
|
|
|
|
|
| |
algorithm name (CAST5, SHA1) rather than the short form (S3, H2).
* main.h, keygen.c (keygen_get_std_prefs), keyedit.c (keyedit_menu):
Return and use a fake uid packet rather than a string since we already
have a nice parser/printer in keyedit.c:show_prefs.
* main.h, misc.c (string_to_compress_algo): New.
|
| |
|
|
|
| |
the Sxxx and Hxxx format for cipher and digest names.
|
| |
|
|
|
|
|
|
|
|
| |
* keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main), pkclist.c
(build_pk_list): Add --hidden-recipient (-R) and --hidden-encrypt-to,
which do a single-user variation on --throw-keyid. The "hide this key"
flag is carried in bit 0 of the pk_list flags field.
* keyserver.c (parse_keyrec): Fix shadowing warning.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
encode_crypt), sign.c (write_plaintext_packet): Use wipememory() instead
of memset() to wipe sensitive memory as the memset() might be optimized
away.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
like "fully trusted", "marginally trusted", etc. (get_min_ownertrust):
New. Return minimum ownertrust. (update_min_ownertrust): New. Set
minimum ownertrust. (check_regexp): New. Check a regular epression
against a user ID. (ask_ownertrust): Allow specifying a minimum value.
(get_ownertrust_info): Follow the minimum ownertrust when returning a
letter. (clear_validity): Remove minimum ownertrust when a key becomes
invalid. (release_key_items): Release regexp along with the rest of the
info. (validate_one_keyblock, validate_keys): Build a trust sig chain
while validating. Call check_regexp for regexps. Use the minimum
ownertrust if the user does not specify a genuine ownertrust.
* pkclist.c (do_edit_ownertrust): Only allow user to select a trust level
greater than the minimum value.
* parse-packet.c (can_handle_critical): Can handle critical trust and
regexp subpackets.
* trustdb.h, trustdb.c (clear_ownertrusts), delkey.c (do_delete_key),
import.c (import_one): Rename clear_ownertrust to clear_ownertrusts and
have it clear the min_ownertrust value as well.
* keylist.c (list_keyblock_print): Indent uid to match pub and sig.
|
| |
|
|
|
|
| |
handle the regex stuff. This means they can't fully handle trust sigs
with an attached regex either.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.
* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.
* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).
|
| | |
|
| | |
|
| |
|
|
|
|
| |
used for cipher/hash plugins, and include gpgv, gpgsplit, and the new
gnupg.7 man page.
|
