| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
per-desc item. Merge into one function since 'force_exact' is no longer
needed. (key_byname): Use new classify_user_id function, and new exact
flag in KEYDB_SEARCH_DESC.
* keyring.h, keyring.c (keyring_search): Return an optional index to show
which KEYDB_SEARCH_DESC was the matching one.
* keydb.h, keydb.c (keydb_search): Rename to keydb_search2, and pass the
optional index to keyring_search. Add a macro version of keydb_search
that calls this new function.
* export.c (do_export_stream): If the keyid! syntax is used, export only
that specified key. If the key in question is a subkey, export the
primary plus that subkey only.
|
| |
|
|
|
|
|
|
|
| |
* g10.c (print_hex, print_mds): Print long hash strings a lot neater.
This assumes at least an 80-character display, as there are a few other
similar assumptions here and there. Users who need unformatted hashes can
still use with-colons. Check that SHA384 and 512 are available before
using them as they are no longer always available.
|
| |
|
|
|
| |
GNUPG_LIBEXECDIR so it can be easily overridden at make time.
|
| |
|
|
|
|
| |
makefiles can override it. Verify that we have a 64-bit type before
building tiger.c or sha512.c. Add uint64_t as a possible 64-bit type.
|
| |
|
|
|
| |
TIGER if specifically enabled by the 64-bit type check in configure.
|
| | |
|
| |
|
|
|
| |
can be easily overridden at make time.
|
| |
|
|
|
|
|
|
| |
armor Hash: header.
* g10.c (print_hex): Print long hash strings a little neater. (print_mds):
Add the new SHAs to the hash list.
|
| |
|
|
|
|
| |
* Makefile.am, algorithms.h, md.c (load_digest_module,
string_to_digest_algo): Add read-only support for the new SHAs.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
(treat as a v4 revocation).
* import.c (print_import_check): Do not re-utf8 convert user IDs.
|
| |
|
|
|
| |
keyid, but rather a text string from the user ID.
|
| | |
|
| |
|
|
|
|
|
|
| |
sig records.
* keylist.c (list_keyblock_colon), mainproc.c (list_node): Show trust sig
information in with-colons sig records.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
matter where the user puts the = sign.
* options.skel: Comment out the first three lines in case someone manually
copies the skel file to their homedir.
* sign.c (clearsign_file): Only use pgp2mode with v3 keys and MD5. This
matches what we do when decoding such messages and prevents creating a
message (v3+RIPEMD/160) that we can't verify.
* sig-check.c (signature_check2): Use G10ERR_GENERAL as the error for
signature digest conflict. BAD_SIGN implies that a signature was checked
and we may try and print out a user ID for a key that doesn't exist.
|
| |
|
|
|
|
|
|
| |
to indicate a dirty trustdb, and never auto-rebuild a dirty trustdb with
the "always" trust model.
* g10.c (add_group): Last commit missed the \t ;)
|
| |
|
|
|
|
|
|
| |
etc.
* DETAILS: Note that user IDs/UATs fill in creation and expiration date.
Document namehash.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
keydb.h, keyid.c (namehash_from_uid): New function to rmd160-hash the
contents of a user ID packet and cache it in the uid object.
* keylist.c (list_keyblock_colon): Use namehash in field 8 of uids. Show
dates for creation (selfsig date), and expiration in fields 6 and 7.
* trustdb.c (get_validity, get_validity_counts, update_validity): Use new
namehash function rather than hashing it locally.
|
| |
|
|
|
| |
delimiter in a row and also allow tab as delimiter.
|
| |
|
|
|
| |
non-fully-qualified trustdb names.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Simplify by returning a ? for error directly.
* keyedit.c (show_key_with_all_names): Use get_validity_string and
get_ownertrust_string to show full word versions of trust (i.e. "full"
instead of 'f').
* trustdb.h, trustdb.c (get_ownertrust_string, get_validity_string): Same
as get_ownertrust_info, and get_validity_info, except returns a full
string.
* trustdb.c (get_ownertrust_with_min): New. Same as 'get_ownertrust' but
takes the min_ownertrust value into account.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* trustdb.h, trustdb.c (trust_letter): Make static. (get_ownertrust_info,
get_validity_info): Don't mask the trust level twice.
* trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
keylist.c (list_keyblock_colon), keyedit.c (show_key_with_all_names_colon,
menu_revuid): Pass a user ID in rather than a namehash, so we only have to
do the hashing in one place.
* packet.h, pkclist.c (build_pk_list), free-packet.c
(release_public_key_parts): Remove unused namehash element for public
keys.
|
| | |
|
| | |
|
| |
|
|
|
| |
when IDEA is not available.
|
| |
|
|
|
| |
any more.
|
| |
|
|
|
| |
doesn't attach the HTML header which we will just have to discard.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
trustdb.c (update_validity): Store temporary full & marginal counts in the
trustdb. (clear_validity, get_validity_counts): Return and clear temp
counts. (store_validation_status): Keep track of which keyids have been
stored. (validate_one_keyblock, validate_key_list): Use per-uid copies of
the full & marginal counts so they can be recalled for multiple levels.
(validate_keys): Only use unused keys for each new round.
(reset_unconnected_keys): Rename to reset_trust_records, and only skip
specifically excluded records.
|
| | |
|
| |
|
|
|
|
|
| |
capabilities section.
* trustdb.c (is_disabled): Remove incorrect comment.
|
| |
|
|
|
|
|
|
|
|
|
| |
interactive import if status is enabled.
* keyring.c (keyring_search): skipfnc didn't work properly with non-keyid
searches. Noted by Stefan Bellon.
* getkey.c (merge_selfsigs_main): Remove some unused code and make sure
that the pk selfsigversion member accounts for 1F direct sigs.
|
| |
|
|
|
|
|
|
| |
terminates but check again for the existence of the directory and
continue then.
* openfile.c (copy_options_file): Print a warning if the skeleton
file has active options.
|
| |
|
|
|
|
|
|
| |
(check_key_signature2): Pass the ultimately trusted pk directly to
check_key_signature2 to avoid going through the key selection mechanism.
This prevents a deadly embrace when two keys without selfsigs each sign
the other.
|
| |
|
|
|
|
|
|
| |
there are no keys to refresh or if there is no keyserver set.
* getkey.c (merge_selfsigs_main): Any valid user ID should make a key
valid, not just the last one. This also fixes Debian bug #174276.
|
| |
|
|
|
|
|
|
| |
warnings are not intended to be the be-all and end-all in security checks.
Add note to --group that when used on the command line, it may be
necessary to quote the argument so it is not treated as multiple
arguments. Noted by Stefan Bellon.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
user ID. This is the same as issuing a revocation for the self-signature,
but a much simpler interface to do it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
disabled keys. Keys specified via keyid (i.e. 0x...) are always included.
* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.
* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt. Do include disabled keys for the default key and
--encrypt-to.
* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.
* gpgv.c (is_disabled): Stub.
* keygen.c (keygen_add_key_expire): Properly handle updating a key
expiration to a no-expiration value.
* keyedit.c (enable_disable_key): Comment.
* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* import.c (print_import_check): New.
(import_one): Use it here.
Use merge_keys_and_selfsig in the interactive mode to avoid
wrong key information.
* status.h: Add new status code.
* status.c: Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
user" rather than "owner". Noted by Stefan Bellon.
* trustdb.h, trustdb.c (trustdb_pending_check): New function to
check if the trustdb needs a check.
* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.
* options.skel: Include the required '=' sign in the sample
'group' option. Noted by Stefan Bellon.
* import.c (chk_self_sigs): Don't try and check a subkey as if it
was a signature.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RECTYPE_TRUST records a bit.
* g10.c (main): Comment out --list-trust-path until it can be implemented.
* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich
cache.
* keygen.c (ask_algo): Make the Elgamal sign+encrypt warning stronger, and
remove the RSA sign+encrypt warning.
|
| |
|
|
|
|
|
|
|
|
| |
what the program actually does. Noted by Dick Gevers.
* gpg.sgml: Document %-expandos for policy URLs and notations.
* gpg.sgml: Document --pgp8. Clarify that --pgp6 and --pgp7 disable
--throw-keyid.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* options.h (opt): Added mangle-dos-filenames.
* openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
filename only when this option is set; this is the default.
|
