| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
| |
unknown and undefined trust. Removed the did_add cruft. Reported
by Janusz A. Urbanowicz.
* g10.c: New option --no-use-agent.
Hmmm, is this a a good name? --do-not-use-agent seems a bit to long.
|
| |
|
|
|
| |
the code more complicate and may give the path to more bugs.
|
| |
|
|
|
| |
searching.
|
| |
|
|
|
|
|
|
|
|
| |
just copy it. This avoids any choosen input attacks which are not
serious in our setting because an outsider won't be able to mix
data in and even then we keep going with a PRNG. Thanks to Stefan
Keller for pointing this out.
* random.c (mix_pool): Carry an extra failsafe_digest buffer
around to make the function more robust.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
is a cert. A sig has sigclass 0x00, 0x01, 0x02, or 0x40, and everything
else is a cert.
Add a "nrlsign" for nonrevocable and local key signatures.
Add a --no-force-mdc to undo --force-mdc.
Add a knob to force --disable-mdc/--no-disable-mdc. Off by default, of
course, but is used in --pgp2 and --pgp6 modes.
Allow specifying multiple users in the "Enter the user ID" loop. Enter a
blank line to stop. Show each key+id as it is added.
It is not illegal (though possibly silly) to have multiple policy URLs in
a given signature, so print all that are present.
More efficient implementation of URL-ifying code for --search on an HKP
keyserver.
|
| |
|
|
|
|
|
|
|
| |
"http://notary.jabberwocky.com/keysign/%K" to create a per-signature
policy URL. Use the new generic %-handler for the photo ID stuff as well.
Display policy URLs and notations during signature generation if
--show-policy-url/--show-notation is set.
|
| |
|
|
|
|
|
|
| |
keyids as if they were v3. The workaround/hack is to fetch both the v4
(e.g. 99242560) and v3 (e.g. 68FDDBC7) keyids. This only happens for key
refresh while using the HKP scheme and the refresh-add-fake-v3-keyids
keyserver option must be set. This should stay off by default.
|
| | |
|
| |
|
|
|
|
| |
so the user can set different policies for key and data signing. For
backwards compatibility, "--set-policy-url" sets both, as before.
|
| |
|
|
|
| |
encoded string.
|
| |
|
|
|
|
|
|
| |
turns off force_mdc, turns on no_comment, escape_from, and force_v3_sigs,
and sets compression to 1. It also restricts the user to IDEA (if
present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. See the comments above
algo_available() for lots of discussion on why you would want to do this.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
When key signing with multiple keys at the same time, make sure each key
gets the sigclass prompt
Close the iobuf and FILE before trying to reap the child process to
encourage the child to exit
Disable cache-on-close of the fd iobuf (shouldn't all fd iobufs not be
cached?)
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* passphrase.c (agent_open): Let it override the environment info.
* seckey-cert.c (check_secret_key): Always try 3 times when the
agent is enabled.
* options.skel: Describe --use-agent.
|
| |
|
|
|
| |
is automatically added to the binary.
|
| |
|
|
|
|
|
| |
prefs
Only put in the fake IDEA preference with --pgp2 mode
Print "Expired" for expired but good signatures.
|
| |
|
|
|
|
|
| |
bits long (as RSA minimum is 1024)
Allow IDEA as a fake preference for v3 keys with v3 selfsigs when
verifying that a cipher is in preferences while decrypting
|
| |
|
|
|
|
|
|
| |
keys (this is in the RFC), so that they can be (sometimes) used along
OpenPGP keys. Do not force using IDEA on an OpenPGP key, as this may
violate its prefs.
Also, revise the help text for the sig class explanation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
used with the agent. Changed all callers.
(agent_get_passphrase): Likewise and send it to the agent
* seckey-cert.c (do_check): New arg tryagain_text.
(check_secret_key): Pass the string to do_check.
* keygen.c (ask_passphrase): Set the error text is required.
* keyedit.c (change_passphrase): Ditto.
* passphrase.c (agent_open): Disable opt.use_agent in case of a
problem with the agent.
(agent_get_passphrase): Ditto.
(passphrase_clear_cache): Ditto.
|
| | |
|
| |
|
|
|
|
|
| |
gpg-agent. New arg to return the used protocol version.
(agent_get_passphrase): Implemented new protocol here.
(passphrase_clear_cache): Ditto.
|
| |
|
|
|
| |
Some fixes.
|
| | |
|
| |
|
|
|
|
|
| |
Revise --expire (it doesn't switch on the expiration prompt any longer)
Revise --default-check-level to be clearer as to what makes a good key
check before signing
|
| |
|
|
|
|
|
|
| |
Remove get_temp_dir (it's in exec.c now)
Allow --delete-key (now --delete-keys, though --delete-key still works) to
delete multiple keys in one go. This applies to
--delete-secret-key(s) and --delete-secret-and-public-key(s) as well
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
it is needed to figure out the default recipient. Reported by
Roger Sondermann.
|
| | |
|
| |
|
|
|
| |
experimental. It is now a standard feature.
|
| |
|
|
|
|
|
|
|
|
| |
change default compression to 1
add ask-sig-expire and ask-cert-expire (--expert was getting absurdly
overloaded)
permit v3 subkeys
use --expert to protect adding multiple photo ids and adding photos to a
v3 key
|
| | |
|
| |
|
|
|
|
|
|
| |
commands.
* keydb.c (keydb_add_resource): Use access to test for keyring
existence. This avoids cached opened files which are bad under
RISC OS.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Warn with pgp2 and non-detached signatures
Use the actual filesize rather than partial length packets in
symmetric messages (see ChangeLog or NEWS for discussion).
|
| |
|
|
|
| |
and simpler code in keyserver
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
