| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
trustdb.c (update_validity): Store temporary full & marginal counts in the
trustdb. (clear_validity, get_validity_counts): Return and clear temp
counts. (store_validation_status): Keep track of which keyids have been
stored. (validate_one_keyblock, validate_key_list): Use per-uid copies of
the full & marginal counts so they can be recalled for multiple levels.
(validate_keys): Only use unused keys for each new round.
(reset_unconnected_keys): Rename to reset_trust_records, and only skip
specifically excluded records.
|
| | |
|
| |
|
|
|
|
|
| |
capabilities section.
* trustdb.c (is_disabled): Remove incorrect comment.
|
| |
|
|
|
|
|
|
| |
that the pk selfsigversion member accounts for 1F direct sigs.
* keyring.c (keyring_search): skipfnc didn't work properly with non-keyid
searches. Noted by Stefan Bellon.
|
| |
|
|
|
|
|
|
| |
terminates but check again for the existence of the directory and
continue then.
* openfile.c (copy_options_file): Print a warning if the skeleton
file has active options.
|
| | |
|
| |
|
|
|
|
|
|
| |
(check_key_signature2): Pass the ultimately trusted pk directly to
check_key_signature2 to avoid going through the key selection mechanism.
This prevents a deadly embrace when two keys without selfsigs each sign
the other.
|
| |
|
|
|
|
|
|
| |
there are no keys to refresh or if there is no keyserver set.
* getkey.c (merge_selfsigs_main): Any valid user ID should make a key
valid, not just the last one. This also fixes Debian bug #174276.
|
| |
|
|
|
|
|
|
|
|
| |
expiration to a no-expiration value.
* keyedit.c (enable_disable_key): Comment.
* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.
|
| | |
|
| |
|
|
|
|
| |
* import.c (import_one): Use merge_keys_and_selfsig in the
interactive mode to avoid wrong key information.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
disabled keys. Keys specified via keyid (i.e. 0x...) are always included.
* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.
* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt. Do include disabled keys for the default key and
--encrypt-to.
* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.
* gpgv.c (is_disabled): Stub.
|
| |
|
|
|
|
|
|
| |
warnings are not intended to be the be-all and end-all in security checks.
Add note to --group that when used on the command line, it may be
necessary to quote the argument so it is not treated as multiple
arguments. Noted by Stefan.
|
| |
|
|
|
|
|
|
| |
option.
* import.c (chk_self_sigs): Don't try and check a subkey as if it was a
signature.
|
| |
|
|
|
|
|
| |
together by warning the user and processing only the first.
* g10.c (main): Comment out --list-trust-path until it can be implemented.
|
| |
|
|
|
| |
what the program actually does. Noted by Dick Gevers.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
remove the RSA sign+encrypt warning.
* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich
cache.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to $hGPGHTTP and update instances of variable throughout FAQ in
introduction area and sections 1.1, 2.1 and 2.2
* Added section 1.4 - What conventions are used in this FAQ?
+ unices vs. win32 (with hyperlink (<Rhomedir>) to section 4.18 for
example
+ gpg.conf vs. options (with hyperlink (<Roptions>) to section 5.8
to note name change
* Corrected section 2.2 - Changed ftp URL (both display and link URLs)
from "ftp://ftp.gnupg.org/pub/gcrypt" to ftp://ftp.gnupg.org/gcrypt/,
and the display URL (not the actual link URL, it's correct) of the http
URL from "http://www.gnupg.org/mirror.html" to
"http://www.gnupg.org/mirrors.html"
* Included variable ($hVERSION) for easier updating of latest gpg
version when referenced (as in section 2.2)
* Included variable ($hGPGFTP) for default gnupg.org ftp location
(ftp://ftp.gnupg.org) for use in sections 2.2 and 4.16
* Corrected section 3.1 visual display of link from
"http://www.gnupg.org/gnupg.html#supsys" to
"http://www.gnupg.org/backend.html#supsys"
* Edited sections 3.1, 3.2, 5.2 to include $hGPGHTTP variable
* Corrected section 3.2 - Word typo ("avoided" was "avoiced").
* Corrected / edited section 3.3 -
+ corrected link: ftp://ftp.gnupg.dk/pub/contrib-dk/
for idea.c.gz, idea.c.gz.sig, ideadll.zip, ideadll.zip.sig
+ edited section to include all files and added
~/.gnupg/gpg.conf info
* Edited section 4.6 - As this section deals with loosing a public key,
I added a paragraph containing a hyperlink to the end of section 4.21
("I still have my secret key, but lost my public key..."). The
paragraph reads: "If you've lost your public key and need to recreate
it instead for continued use with your secret key, you may be able to
use gpgsplit as detailed in question <Rgpgsplit>."
* Edited section 4.15 - Added paragraph below table on GPGrelay, an
application for MUAs that lack OpenPGP (rfc2015) support to. "Users of
Win32 MUAs that lack OpenPGP support may look into using GPGrelay
<http://http://gpgrelay.sourceforge.net>, a small email-relaying
server that uses GnuPG to enable many email clients to send and
receive emails that conform to PGP-MIME (RFC 2015)."
suggested by: Andreas John <[email protected]>
* Corrected section 4.16 - Incorportated Werner's URL fix for gpgme FTP
location to synchronize local CVS with released FAQ version 1.5.8.
* Added section 4.19 - "How do I verify signed packages?"
suggested by: Christian Reis <[email protected]>
* Added section 4.20 - "How do I export a keyring with only selected
signatures?"
by: David Shaw <[email protected]>
* Added section 4.21 - "I still have my secret key, but lost my public
key. What can I do?"
by: Werner Koch <[email protected]>
* Added section 4.22 - "Clearsigned messages sent from my web-mail
account have an invalid signature. Why?"
by: David Scribner <[email protected]>
* Edited / Corrected section 5.8 - Changed question from "I just
installed the most recent version of GnuPG and don't have a
~/.gnupg/options file. Is this missing from the installation?" to
"GnuPG no longer installs a ~/.gnupg/options file. Is it missing?"
+ Added "An existing options file can be renamed to gpg.conf for
users upgrading, or receiving the message that the "old default
options file" is ignored (occurs if both a gpg.conf and an
options file are found)." to the end of the paragraph.
+ Corrected ~/.gnupg/gpg.conf (was ~/.gnupg/conf)
* Added section 5.9 - "How to you export GnuPG keys for use with PGP?"
by: David Shaw <[email protected]>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* options.h (opt): Added mangle-dos-filenames.
* openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
filename only when this option is set; this is the default.
NOT YET TESTED!
|
| | |
|
| |
|
|
|
| |
--throw-keyid.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Minimal isn't always best.
* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time. Make sure that this doesn't
cause a time warp.
* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).
* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.
* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).
|
| |
|
|
|
|
| |
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.
|
| |
|
|
|
|
|
|
|
| |
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode. This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.
* getkey.c (finish_lookup): Comment.
|
| |
|
|
|
|
|
|
|
|
|
| |
user ID display in the --edit-key menu to match that of the --list-keys
display.
* tdbio.c (tdbio_read_record, tdbio_write_record): Comments to reserve a
byte for trust model in the devel version.
* g10.c (add_notation_data): Fix initialization.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
expiration date of a subkey. This is not the most optimal solution, but
it is minimal change on the stable branch.
* main.h, keygen.c (do_copy_key_flags): New function to copy key flags, if
any, from one sig to another. (do_add_key_expire): New function to add key
expiration to a sig. (keygen_copy_flags_add_expire): New version of
keygen_add_key_expire that also copies key flags.
(keygen_add_key_flags_and_expire): Use do_add_key_expire.
* import.c (fix_hkp_corruption): Comment.
|
| |
|
|
|
|
| |
--pgpX than forcing an algorithm manually. Better still not to use
anything, of course.
|
| | |
|
| |
|
|
|
|
| |
marks all secret keys as ultimately trusted, adds the signature caches,
and checks the trustdb.
|
| |
|
|
|
| |
option, and non-optimized memory wiping.
|
| |
|
|
|
|
|
| |
--cert-notation. Clarify --show-notation and --show-policy-url that
policy URLs and notations can be used in data signatures as well. Add
note about '@' being a required character in notation names.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
'@', unless --expert is set. This is to help prevent people from
polluting the (as yet unused) IETF namespace.
* main.h: Comments about default algorithms.
* photoid.c (image_type_to_string): Comments about 3-letter file
extensions.
* g10.c (main): Add --strict and --no-strict as no-ops to smooth
transition when the devel GnuPG becomes the stable one.
|
| | |
|
| |
|
|
|
| |
by Haakon Riiser.
|
| |
|
|
|
| |
Successfully tested by Gordon Worley.
|
| |
|
|
|
| |
Noted by Jason S. Mantor.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
display match the validity and trust of --with-colons --list-keys.
* passphrase.c (agent_send_all_options): Fix compile warning.
* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.
|
| |
|
|
|
|
|
|
| |
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid. This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
|
| |
|
|
|
| |
to version 2002-11-08.
|
| | |
|
| |
|
|
|
| |
get the default ttyname.
|
| |
|
|
|
|
| |
(tty_get_ttyname): New.
(init_ttyfp): Use it here instead of the TERMDEVICE macro.
|
| | |
|
