| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
and --compress are the same option. Note that --digest-algo can no longer
violate OpenPGP with a non-160 bit hash with DSA. Document
--cert-digest-algo with suitable warnings not to use it. Note the default
s2k-cipher-algo is now CAST5. Note that --force-v3-sigs overrides
--ask-sig-expire. Revise --expert documentation, as it is now definitely
legal to have more than one photo ID on a key. --preference-list is now
--default-preference-list with the new meaning. Document
--personal-preference-list.
* DETAILS: Document "Revoker" for batch key generation.
|
| |
|
|
|
|
|
|
| |
* pkclist.c (do_show_revocation_reason): Don't use capital
letters for non-interactive output.
(show_revocation_reason): Now it is global.
* pubkey-enc.c (get_it): Show if the key has been revoked.
|
| |
|
|
|
|
|
|
|
|
|
| |
sign_symencrypt_file): Make a v4 signature if a policy URL or notation is
set, unless v3 sigs are forced via rfc1991 or force-v3-sigs. Also remove
some doubled code and clarify an error message (we don't sign in PGP2
mode - just detach-sign).
* parse-packet.c (parse_one_sig_subpkt): Add KS_FLAGS to the "any size"
section.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in the prefs string to allow switching on and off the MDC feature. This
is needed to properly export a key from GnuPG for use on PGP which does
not support MDC - without this, MDC-capable implementations will still try
and generate MDCs which will break PGP.
* keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if it is
enabled.
* options.h, g10.c (main), cipher.c (write_header), keygen.c
(keygen_set_std_prefs): For consistency, allow the user to specify
mdc/no-mdc in the --personal-preference-list. If disabled, it acts just
like --disable-mdc.
|
| |
|
|
|
|
|
| |
* exec.c (win_system): New system()-like function for win32 that does not
return until the child process terminates. Of course, this doesn't help
if the process itself exits before it is finished.
|
| | |
|
| |
|
|
|
| |
for revocation keys to "rvk".
|
| | |
|
| |
|
|
|
|
| |
(show_key_with_all_names): Divert to new function when required.
Sanitize printing of revoker name.
|
| |
|
|
|
|
|
|
|
|
| |
subpacket types (notation, policy url, exportable, revocable). keyedit.c
(sign_mk_attrib): Flags no longer need to be set here.
* packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c
(build_sig_subpkt): Call parse_one_sig_subpkt to sanity check buffer
lengths before building a sig subpacket.
|
| |
|
|
|
|
|
| |
expandos, and pass notations through pct_expando as well.
* main.h, misc.c (pct_expando): Add %s and %S expandos for signer's keyid.
|
| |
|
|
|
| |
Show algorithm numbers when --verbose --version is done.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted. Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.
* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
|
| | |
|
| | |
|
| |
|
|
|
| |
translatable. Noted by Michael Tokarev.
|
| |
|
|
|
| |
stricmp and memicmp checks.
|
| |
|
|
|
|
|
|
| |
* miscutil.c (answer_is_yes_no_quit,answer_is_yes_no_default): Ditto.
* strgutil.c (strncasecmp): New.
(memicmp): Removed.
|
| |
|
|
|
| |
was erroneously introduced on 2002-01-09.
|
| |
|
|
|
| |
Reported by David Hollenberg.
|
| |
|
|
|
|
|
|
| |
revocation via --desig-revoke
* keyedit.c (keyedit_menu, menu_addrevoker): New "addrevoker" command to
add a designated revoker to a key.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10.c (main): --allow-freeform-uid should be implied by OpenPGP. Add
--no-allow-freeform-uid.
* keyedit.c (sign_uids): Issue a warning when signing a non-selfsigned
uid.
* getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
allow-non-selfsigned-uid is not set, still try and make the key valid by
checking all uids for a signature from an ultimately trusted key.
|
| |
|
|
|
| |
* faq.raw: Minor typo fixes noted by [email protected].
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
signature (callable by make_keysig_packet). (write_direct_sig): Write a 1F
direct key signature. (parse_revocation_key): Parse a string in
algo:fpr:sensitive format into a revocation key. (get_parameter_revkey,
do_generate_keypair): Call above functions when prompted from a batch key
generation file.
* build-packet.c (build_sig_subpkt): Allow multiple revocation key
subpackets in a single sig.
* keydb.h, getkey.c (get_seckey_byfprint): Same as get_pubkey_byfprint,
except for secret keys. We only know the fingerprint of a revocation key,
so this is needed to retrieve the secret key needed to issue a revokation.
* packet.h, parse-packet.c (parse_signature, parse_revkeys): Split revkey
parsing off into a new function that can be used to reparse after
manipulating the revkey list.
* sign.c (make_keysig_packet): Ability to make 1F direct key signatures.
|
| |
|
|
|
|
|
|
|
| |
sample LDAP server instead.
* getkey.c (merge_selfsigs_main): Properly handle multiple revocation keys
in a single packet. Properly handle revocation keys that are in
out-of-order packets. Remove duplicates in revocation key list.
|
| |
|
|
|
| |
* exec.c (make_tempdir) [MINGW32]: Added missing '\'.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
photo. Use the short keyid as the filename on 8.3 systems.
* exec.h, exec.c (make_tempdir, exec_write, exec_finish): Allow caller to
specify filename. This should make things easier on windows and macs
where the file extension is required, but a whole filename is even better.
* keyedit.c (show_key_with_all_names, show_prefs): Show proper prefs for a
v4 key uid with no selfsig at all.
* misc.c (check_permissions): Don't check permissions on non-normal files
(pipes, character devices, etc.)
|
| |
|
|
|
| |
encountered an invalid packet.
|
| |
|
|
|
| |
all keys.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
prefs for hash and compression as well as the cipher pref. Show assumed
prefs if there are no prefs at all on a v4 self-signed key.
* options.h, g10.c (main), sign.c (make_keysig_packet): New
--cert-digest-algo function to override the default key signing hash
algorithm.
|
| |
|
|
|
| |
Noted by Andreas Haumer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clean as this function may be called more than once (e.g. from functions
in --edit).
* g10.c, encode.c (encode_crypt), sign.c (sign_file,
sign_symencrypt_file): Make --compress-algo work like the documentation
says. It should be like --cipher-algo and --digest-algo in that it can
override the preferences calculation and impose the setting the user
wants. No --compress-algo setting allows the usual preferences
calculation to take place.
* main.h, compress.c (compress_filter): use new DEFAULT_COMPRESS_ALGO
define, and add a sanity check for compress algo value.
|
| |
|
|
|
| |
preference for uncompressed data.
|
| |
|
|
|
| |
compiling against a very old OpenLDAP.
|
| |
|
|
|
| |
giving up. Old versions of OpenLDAP require that.
|
| |
|
|
|
|
| |
--no-pgp7. Fix --pgp2 and --pgp6: the proper name is --escape-from-lines
and not --escape-from.
|
| |
|
|
|
|
|
|
| |
(algo_available): --pgp7, identical to --pgp6 except that it permits a few
algorithms that PGP 7 added: AES128, AES192, AES256, and TWOFISH. Any
more of these --pgpX flags, and it'll be time to start looking at a
generic --emulate-pgp X option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
if it or any of its secret subkeys are protected with SHA1 while
simple_sk_checksum is set.
* parse-packet.c (parse_key): Show when the SHA1 protection is used in
--list-packets.
* options.h, build-packet.c (do_comment), g10.c (main): Rename
--no-comment as --sk-comments/--no-sk-comments (--no-comment still works)
and make the default be --no-sk-comments.
|
| | |
|
| |
|
|
|
|
|
|
| |
deprecated RSA-E or RSA-S flavors of PGP RSA.
(ask_algo): Allow generation of RSA sign and encrypt in expert
mode. Don't allow ElGamal S+E unless in expert mode.
* helptext.c: Added entry keygen.algo.rsa_se.
|
| |
|
|
|
|
| |
promote a v3 self-sig to a v4 one. This essentially deletes the old v3
self-sig and replaces it with a v4 one.
|
| |
|
|
|
|
|
| |
merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4
self-sig express a key expiration time that extends beyond the original v3
expiration time.
|
| |
|
|
|
|
|
| |
about sig level or expiration, and include the usual preferences and such
for v4 self-sigs. (menu_set_preferences): Convert uids from UTF8 to
native before printing.
|
| |
|
|
|
|
| |
(menu_set_primary_uid): Show error if the user tries to make a uid with a
v3 self-sig primary.
|
| |
|
|
|
|
|
|
|
|
|
| |
let a key conflict (same keyid but different key) stop the import: just
skip the bad key and continue.
* exec.c (make_tempdir): Under Win32, don't try environment variables for
temp directories - GetTempDir tries environment variables internally, and
it's better not to second-guess it in case MS adds some sort of temp dir
handling to Windows at some point.
|
| |
|
|
|
|
| |
* mainproc.c (proc_symkey_enc): Don't ask for a passphrase
in the list only mode.
|
| |
|
|
|
|
| |
as not to import keys with keyids that match the ones being refreshed.
Noted by Florian Weimer.
|
