| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
* app-openpgp.c (do_setattr): Sync FORCE_CHV1.
|
| |
|
|
|
| |
setting use_temp_file because this option has been removed.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
using key_byname to do the heavy lifting. Note that this also fixes an
old problem when the first key on the secret keyring has an unusable stub
primary, but is still chosen.
|
| |
|
|
|
| |
keyring.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
backsigs.
* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid. If DO_BACKSIGS is not defined, fake this as
always valid.
* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.
* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.
|
| |
|
|
|
| |
can_handle_critical): Parse and display 0x19 signatures.
|
| |
|
|
|
| |
"hkp". They are not the same thing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
parse_keyserver_options now returns a success code.
* keyserver.c (parse_keyserver_options): Return error on failure to parse.
Currently there is no way to fail as any unrecognized options get saved to
be sent to the keyserver plugins later. Check length of keyserver option
tokens since with =arguments we must only match the prefix.
(free_keyserver_spec): Moved code from parse_keyserver_url.
(keyserver_work, keyserver_spawn): Pass in a struct keyserver_spec rather
than using the global keyserver option. (calculate_keyid_fpr): New.
Fills in a KEYDB_SEARCH_DESC for a key. (keyidlist): New implementation
using get_pubkey_bynames rather than searching the keydb directly. If
honor-keyserver-url is set, make up a keyserver_spec and try and fetch
that key directly. Do not include it in the returned keyidlist in that
case.
|
| |
|
|
|
| |
* autogen.sh: Added ACLOCAL_FLAGS.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
requires end of line conversion. This is being considered for a UTF8 text
packet. If this doesn't take place, no major harm done. If it does take
place, we'll get a jump on starting the changeover.
* g10.c (main): --no-use-embedded-filename.
* build-packet.c (calc_plaintext, do_plaintext): Do not create illegal
(packet header indicates a size larger than the actual packet) encrypted
data packets when not compressing and using a filename longer than 255
characters.
* keyedit.c (no_primary_warning): Cleanup. (menu_expire): Don't give
primary warning for subkey expiration changes. These cannot reorder
primaries.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey. Do not overload the ret_sk. This is some early cleanup
to do backsigs for signing subkeys.
* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):
Keep track of the unprotected subkey secret key so we can make a backsig
with it.
* keygen.c (make_backsig): New function to add a backsig to a binding sig
of signing subkeys. Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.
* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).
* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.
|
| |
|
|
|
|
|
|
| |
and properly handle a partial match against an option with an argument.
* keyserver-internal.h, keyserver.c (parse_keyserver_options): Use new
optsep and argsplit functions.
|
| |
|
|
|
| |
they can be called separately.
|
| |
|
|
|
|
|
|
|
| |
from parse_keyserver_options by calling the generic parse_options.
* keyserver.c (keyserver_spawn, keyserver_refresh), g10.c (main), gpgv.c
(main), mainproc.c (check_sig_and_print), import.c (revocation_present):
Change all callers.
|
| |
|
|
|
|
|
|
|
| |
which self-sig we actually chose.
* keyedit.c (menu_expire, menu_set_primary_uid, menu_set_preferences): Use
it here to avoid updating non-used self-sigs and possibly promoting an old
self-sig into consideration again.
|
| |
|
|
|
|
|
| |
keyserver.c (parse_keyserver_uri): Parse keyserver URI into a structure.
Cleanup for new "guess my keyserver" functionality, as well as refreshing
via a preferred keyserver subpacket.
|
| | |
|
| |
|
|
|
| |
optional. Document --bzip2-decompress-lowmem.
|
| |
|
|
|
| |
user ID so the new ID gets validity set. Reported by Owen Taylor.
|
| |
|
|
|
|
| |
--bzip2-compress-lowmem to --bzip2-decompress-lowmem since it applies to
decompression, not compression.
|
| |
|
|
|
|
| |
menu_revsig, menu_showphoto): --keyid-format conversion.
(menu_addrevoker): Use print_pubkey_info() rather than duplicating code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
functions in log_debug.
* import.c (import_one): Try and collapse user IDs when importing a key
for the first time.
* keyedit.c (menu_addrevoker): Allow appointing a subkey as a designated
revoker if the user forces it via keyid!, so long as the subkey can
certify. Also use the proper date string when prompting for confirmation.
* g10.c (main): Maintain ordering of multiple Comment lines. Requested by
Peter Hyman.
|
| |
|
|
|
| |
--keyid-format conversion.
|
| |
|
|
|
|
| |
premerge_public_with_secret, lookup, get_user_id_string): --keyid-format
conversion.
|
| |
|
|
|
| |
get_validity, ask_ownertrust, validate_keys): --keyid-format conversion.
|
| |
|
|
|
|
|
| |
and a little better text. (import_one, import_secret_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, merge_blocks): Still
more --keyid-format conversions.
|
| |
|
|
|
|
|
| |
conversion. (list_keyblock_print): 0xshort should not push us into the new
list format since it is not much longer than regular 8-character short
keyids.
|
| |
|
|
|
|
|
|
|
| |
a key string from a key in one step. This isn't faster than before, but
makes for neater code.
* keylist.c (list_keyblock_print): Use keystr_from_xx here.
(print_key_data): No need to pass a keyid in.
|
| |
|
|
|
| |
keyids so we don't have to calculate them each time.
|
| |
|
|
|
|
|
|
|
| |
support their pk algorithm. This allows for early (during get_*)
rejection of a subkey, and selection of another.
* passphrase.c (passphrase_to_dek): Give a little more information when we
have room to do so.
|
| |
|
|
|
|
|
|
|
|
|
| |
(passphrase_to_dek), keyserver.c (print_keyrec): A few more places to use
--keyid-format.
* options.h, g10.c (main), export.c (parse_export_options,
do_export_stream): Remove --export-all and the "include-non-rfc"
export-option as they are no longer meaningful with the removal of v3
Elgamal keys.
|
| |
|
|
|
| |
(iobuf_set_block_mode, iobuf_in_block_mode): Removed as superfluous.
|
| | |
|
| |
|
|
|
| |
encoding for the faked plaintext packet.
|
| |
|
|
|
|
| |
verify-option show-long-keyids and replace with the more general
keyid-format.
|
| |
|
|
|
|
|
|
|
|
|
| |
length mode and change all callers. (do_plaintext): Turn off partial
length encoding now that we're done writing the packet. (do_comment,
do_user_id): Try for a headerlen of 2 since that's the smallest and most
likely encoding for these packets.
* parse-packet.c (parse): Remove call to start old gpg partial length
mode.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
replace the list-option (and eventually verify-option) show-long-keyids.
The format can be short, long, 0xshort, and 0xlong.
* keydb.h, keyid.c (keystr, keystrlen): New functions to generate a
printable keyid.
* keyedit.c (print_and_check_one_sig, show_key_with_all_names), keylist.c
(list_keyblock_print): Use new keystr() function here to print keyids.
|
| |
|
|
|
|
|
|
| |
(copy_packet, skip_packet, skip_rest, read_rest, parse_plaintext,
parse_encrypted, parse_gpg_control): Use a flag to indicate partial or
indeterminate encoding. This is the first step in some minor surgery to
remove the old gpg partial length encoding.
|
| |
|
|
|
| |
OpenPGP partial length encoding.
|
| |
|
|
|
| |
with a 5-byte length that happens to be zero.
|
| | |
|
| |
|
|
|
|
| |
can't handle blank lines after a \ continuation. Noted by Christoph
Moench-Tegeder.
|
| | |
|
| | |
|
| |
|
|
|
| |
--default-cert-level.
|
| |
|
|
|
|
| |
merge-only, remove old honor-http-proxy, --merge-only, and
--emulate-md-encode-bug. Document COLUMNS and LINES.
|
| |
|
|
|
|
|
| |
* NEWS: Note --max-output, --list-config, --min-cert-level, AIX fix, new
http-proxy keyserver-option, new LDAP server code, TLS, LDAPS, and
--show-session-key with --symmetric.
|
