| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
dummy_setkey, dummy_encrypt_block, dummy_decrypt_block): the dummy cipher
should only be built on development versions.
|
| | |
|
| |
|
|
|
|
| |
ownertrust value and only add entries to the table if we really
have a value.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"deprecated-use-keyexpired-instead" to SIGEXPIRED.
Start transition from SIGEXPIRED to KEYEXPIRED, since the actual event is
signature verification by an expired key and not an expired signature.
Rename do_signature_check as signature_check2, make public, and change all
callers.
Use status EXPSIG for an expired, but good, signature. Add the expiration
time (or 0) to the VALIDSIG status line. Use status KEYEXPSIG for a good
signature from an expired key.
Remove checks for no arguments now that argparse does it.
|
| |
|
|
|
| |
can't cope with swapped arguments.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* id.po: Fixed a format string mismatch.
* eo.po, it.po, ja.po, sv.po: Updated with a somewhat newer
version from the TP.
* es_ES.po: Removed
* es.po: and replaced with this updated version from the TP.
* cs.po: New. Fixed for format string mismatches.
* el.po, gl.po: New from TP.
|
| |
|
|
|
| |
translations. s/es_ES/es/.
|
| | |
|
| | |
|
| |
|
|
|
| |
correct INV_RECP (the second occurence) to NO_RECP.
|
| |
|
|
|
|
| |
affected - but everything else and it seems that there is no backup of
the BTS data is available :-(
|
| |
|
|
|
|
|
|
| |
Roger Sondermann).
Do not reorder the primary attribute packet - the first user ID must be a
genuine one.
|
| |
|
|
|
|
|
|
|
| |
auto-key-retrieve is a keyserver-option (noted by Roger Sondermann).
--pgp2 also means --disable-mdc, --no-ask-sig-expire, and
--no-ask-cert-expire. It does not mean --no-force-v3-sigs (noted by
Timo).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Properly initialize the user ID refcount for user and photo IDs.
Tweak a few prompts to change "y/n" to "y/N", which is how most other
prompts are written.
Warn the user if they are about to revoke an expired sig (not a problem,
but they should know).
Control-d escapes the keyserver search prompt.
If a subkey is considered revoked solely because the parent key is
revoked, print the revocation reason from the parent key.
Allow revocation/expiration to apply to a uid/key with no entry in the
trustdb.
|
| |
|
|
|
|
|
| |
helpers. Added a * to catch variations on the basic gpg man page (gpg,
gpgv). Mark options.skel as a config file. Do not include the
FAQ/faq.html twice (in /doc/ and /share/).
|
| | |
|
| |
|
|
|
| |
Problem noted by Rainer Perske.
|
| | |
|
| | |
|
| |
|
|
|
| |
about HKP and NAI HKP to the manual.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--allow-non-selfsigned-uid allows for completey unsigned uids).
Do not choose an attribute packet (i.e. photo) as primary uid. This
prevents oddities like "Good signature from [image of size 2671]". This
is still not perfect (one can still select an attribute packet as primary
in --edit), but is closer to the way the draft is going.
The algorithms list should include #110.
--pgp2 implies --no-ask-sig-expire and --no-ask-cert-expire as those would
cause a v4 sig/cert.
Be more lenient in what constitutes a valid armor header (i.e. -----BEGIN
blah blah-----) as some Windows programs seem to add spaces at the end.
--openpgp makes it strict again
|
| | |
|
| |
|
|
|
| |
add --no-allow-non-selfsigned-uid.
|
| |
|
|
|
|
|
|
| |
(external HKP is ok). Also, make a COUNT -1 (i.e. streamed) keyserver
response a little more efficient.
Add --no-allow-non-selfsigned-uid
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If none of the uids are primary (because none are valid) then pick the
first to be primary (but still invalid). This is for cosmetics in case
some display needs to print a user ID from a non-selfsigned key. Also use
--allow-non-selfsigned-uid to make such a key valid and not
--always-trust. The key is *not* automatically trusted via
--allow-non-selfsigned-uid.
Make sure non-selfsigned uids print [uncertain] on verification even
though one is primary now.
If the main key is not valid, then neither are the subkeys.
Allow --allow-non-selfsigned-uid to work on completely unsigned keys.
Print the uids in UTF8. Remove mark_non_selfsigned_uids_valid()
Show revocation key as UTF8.
Allow --not-dash-escaped to work with v3 keys.
|
| |
|
|
|
| |
algorithm) resides on.
|
| |
|
|
|
|
| |
an attacker could DoS the user by inventing a bogus invalid
self-signature.
|
| |
|
|
|
| |
maintainer. Removed his address and setup a generic address.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
that has been revoked by designated revoker, but the designated revoker is
not present to verify the revocation (whew!). This applies to all ways to
get a key into the system: --import --recv-keys, and --search-keys. If
auto-key-retrieve is set, try and retrieve the revocation key.
Also, auto-key-retrieve is now a keyserver-option.
|
| |
|
|
|
|
| |
Bernhard Reiter.
* configure.ac (ALL_LINGUAS): s/pt_PT/pt/
|
| |
|
|
|
|
|
| |
* pt.po: and replaced by this updated one. My machine voted 30 to
2 for just pt. So we go with the crowd. Thanks for Pedro Morais
for suggesting this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
do not prompt for revocation reason for v3 revocations (unless
force-v4-certs is on) since they wouldn't be used anyway.
show the status of the sigs (exportable? revocable?) to the user before
prompting for which sig to revoke. Also, make sure that local signatures
get local revocations.
Add "exec-path" variable to override PATH for execing programs.
properly check return code from classify_user_id to catch unclassifiable
keys.
|
| |
|
|
|
|
|
|
| |
various autoconf tests should be tested with it enabled. This also works
around a compiler warning caused by a minor header bug in glibc 2.1 that
causes fseeko to be defined when building gpg, but not when tested for in
configure
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
support. That is, it handles all the data to mark a key as revoked if it
has been revoked by a designated revoker. The second half (coming
later) will contain the code to make someones key your designated revoker
and to issue revocations for someone else.
Note that this is written so that a revoked revoker can still issue
revocations: i.e. If A revokes B, but A is revoked, B is still revoked.
I'm not completely convinced this is the proper behavior, but it matches
how PGP does it. It does at least have the advantage of much simpler code
- my first version of this had lots of loop maintaining code so you could
chain revokers many levels deep and if D was revoked, C was not, which
meant that B was, and so on. It was sort of scary, actually.
This also changes importing to allow bringing in more revocation keys, and
exporting to not export revocation keys marked "sensitive".
The --edit menu information will show if a revocation key is present.
|
| |
|
|
|
|
| |
Usually there should be no problem, but maybe this is not true
for all W32 versions (2K, NT, XP, ME).
|
| | |
|
| |
|
|
|
| |
--always-trust to force it valid so it can be trusted.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows the
helper program to search the keyserver by fingerprint if desired (and the
keyserver supports it). Note that automatic fingerprint promotion during
refresh only applies to v4 keys as a v4 fingerprint can be easily changed
into a long or short key id, and a v3 cannot.
Take two copies of hextobyte() from pubkey-enc.c and getkey.c and make
them into one copy in misc.c.
|
| |
|
|
|
|
| |
tries. Actually, they don't support any fingerprints, but at least we can
calculate a keyid from a v4 fingerprint.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
one key is being handled in a batch, and one fails while the other
succeeds. Note that a search that comes up with no results is not a
failure - that is a valid response of "no answer".
Allow GnuPG to send us full v4 fingerprints, long key ids, or short key
ids while fetching. Since the LDAP server doesn't actually handle
fingerprints, chop them down to long key ids for actual use.
When searching for a keyid, search for subkeys as well as primary keys.
This is mostly significant when automatically fetching the key based on
the id in a header (i.e. "signature made by...."). "no-include-subkeys"
disables.
|
| |
|
|
|
|
|
| |
not explicitly say how many keys were found.
Bug fix - don't report non-revoked keys as revoked in HKP key searches.
|
| |
|
|
|
|
|
|
|
|
| |
keyservers).
Add KEYSERVER_NOT_SUPPORTED for unsupported actions (say, a keyserver that
has no way to search, or a readonly keyserver that has no way to add).
Also add a USE_EXTERNAL_HKP define to disable the internal HKP keyserver
code.
|
| | |
|
| | |
|
