| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Minimal isn't always best.
* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time. Make sure that this doesn't
cause a time warp.
* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).
* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.
* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).
* packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.
|
| |
|
|
|
|
|
|
|
| |
and make sure that the version record update was successful.
(init_trustdb): If the current parameters aren't what was used for
building the trustdb, the trustdb is invalid.
* tbio.c (tdbio_db_matches_options): Update to work with new trustdbs.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
model in the trustdb version record. (tdbio_update_version_record): New
function to update version record values during a trustdb check or update.
(tdbio_dump_record): Show trust model in dump.
* trustdb.c (validate_keys): Call tdbio_update_version_record on success
so that the correct options are stored in the trustdb.
* options.h: rearrange trust models so that CLASSIC is 0 and OPENPGP is 1.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode. This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.
* getkey.c (finish_lookup): Comment.
* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder
user ID display in the --edit-key menu to match that of the --list-keys
display.
* g10.c (add_notation_data): Fix initialization.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
--pgpX than forcing an algorithm manually. Better still not to use
anything, of course. CVS:
----------------------------------------------------------------------
gpg.sgml CVS:
----------------------------------------------------------------------
|
| |
|
|
|
|
|
| |
* convert-from-106: Script to automate the 1.0.6->later conversion. It
marks all secret keys as ultimately trusted, adds the signature caches,
and checks the trustdb.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
expiration date of a subkey. This is not the most optimal solution, but
it is minimal change on the stable branch.
* main.h, keygen.c (do_copy_key_flags): New function to copy key flags, if
any, from one sig to another. (do_add_key_expire): New function to add key
expiration to a sig. (keygen_copy_flags_add_expire): New version of
keygen_add_key_expire that also copies key flags.
(keygen_add_key_flags_and_expire): Use do_add_key_expire.
* import.c (fix_hkp_corruption): Comment.
|
| |
|
|
|
|
|
| |
default algorithms from --personal-xxxx, --primary-keyring, changes with
--s2k-digest-algo, the new anonymous recipient improvements, and
non-optimized memory wiping.
|
| |
|
|
|
|
| |
--s2k-digest-algo, --personal-cipher-preferences,
--personal-digest-preferences, and --personal-compress-preferences.
|
| |
|
|
|
|
|
| |
--cert-notation. Clarify --show-notation and --show-policy-url that
policy URLs and notations can be used in data signatures as well. Add
note about '@' being a required character in notation names.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Return the default algorithm by trying --cipher-algo/--compress-algo, then
the first item in the pref list, then s2k-cipher-algo or ZIP.
* sign.c (sign_file, sign_symencrypt_file), encode.c (encode_simple,
encode_crypt): Call default_cipher_algo and default_compress_algo to get
algorithms.
* g10.c (main): Allow pref selection for compress algo with --openpgp.
|
| |
|
|
|
| |
mangling rather than --digest-algo.
|
| |
|
|
|
|
|
|
| |
--personal-digest-preferences is, then use the first hash algorithm in the
personal list. If the signing algorithm is DSA, then use the first
160-bit hash algorithm in the personal list. If --pgp2 is set and it's a
v3 RSA key, use MD5.
|
| |
|
|
|
|
| |
Rename --default-keyring as --primary-keyring. Stefan wins the naming
contest.
|
| |
|
|
|
|
|
|
|
|
|
| |
'@', unless --expert is set. This is to help prevent people from
polluting the (as yet unused) IETF namespace.
* main.h: Comments about default algorithms.
* photoid.c (image_type_to_string): Comments about 3-letter file
extensions.
|
| |
|
|
|
|
| |
(sign_symencrypt_file): Use --s2k-digest-algo for passphrase mangling
rather than --digest-algo.
|
| | |
|
| |
|
|
|
|
|
|
| |
string.
* misc.c (string_to_compress_algo): "none" is a bad choice since it
conflicts with the "none" in setpref.
|
| |
|
|
|
| |
version.
|
| |
|
|
|
| |
by Haakon Riiser.
|
| |
|
|
|
| |
Successfully tested by Gordon Worley.
|
| |
|
|
|
|
|
|
| |
* gpg.sgml: Document --trust-model.
* README.W32: Add blurb on how to create a ZIP file, changed requirement
for mingw32 to 0.3.2.
|
| |
|
|
|
|
|
|
|
| |
--compress-algo. The old algorithm names still work for backwards
compatibility.
* misc.c (string_to_compress_algo): Allow "none" as an alias for
"uncompressed".
|
| |
|
|
|
| |
that was not available when running without verbose on. Noted by Stefan.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
partial length encoding. This is required because OpenPGP allows only for
32 bit length fields. From Werner on stable branch.
* getkey.c (get_pubkey_direct): Renamed to... (get_pubkey_fast): this and
made extern. (get_pubkey_byfprint_fast): New. From Werner on stable
branch.
* keydb.h, import.c (import_one): Use get_pubkey_fast instead of
get_pubkey. We don't need a merged key and actually this might lead to
recursions. (revocation_present): Likewise for search by fingerprint.
From Werner on stable branch.
* g10.c (main): Try to create the trustdb even for non-colon-mode list-key
operations. This is required because getkey needs to know whether a a key
is ultimately trusted. From Werner on stable branch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
it here as it behaves more like a Posix system. From Werner on stable
branch.
* passphrase.c (agent_get_passphrase): Ditto. From Werner on stable
branch.
* tdbio.c (MY_O_BINARY): Need binary mode with Cygwin. From Werner on
stable branch.
* g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from the
registry. From Werner on stable branch.
|
| |
|
|
|
| |
* mk-w32-dist: Include gpgkeys_ldap and gpgkeys_hkp.
|
| |
|
|
|
| |
on stable branch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Check for ctermid(). From Werner on stable
branch.
* configure.ac (GPGKEYS_LDAP,GPGKEYS_HKP): Add $EXEEXT. From
Werner on stable branch.
* configure.ac (try_gettext): Remove special case for cygwin.
This removes all the DOS specific macros and let Cygwin work like
a real OS. Needs a couple of changes elsewhere but after all,
GnuPG presents itself much more like a Posix program and can be
used in a full Cygwin environment; e.g. used along with mutt.
Changes suggested by Volker Quetschke. From Werner on stable
branch.
* acinclude.m4 (GNUPG_SYS_NM_PARSE): Allow for underscore in test
symbols. Useful for Cygwin builds.
(GNUPG_SYS_SYMBOL_UNDERSCORE): Don't hardwire to yes for Cygwin.
From Werner on stable branch.
* README: Add an installation note for Darwin 6.1. From Werner on
stable branch.
|
| |
|
|
|
| |
Werner on stable branch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
display match the validity and trust of --with-colons --list-keys.
* passphrase.c (agent_send_all_options): Fix compile warning.
* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.
* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid. This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
|
| |
|
|
|
| |
to version 2002-11-08.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
(tty_get_ttyname): New.
(init_ttyfp): Use it here instead of the TERMDEVICE macro.
|
| |
|
|
|
| |
get the default ttyname.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
a given keyring is registered twice.
* keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a default
keyring. (keydb_locate_writable): Prefer the default keyring if possible.
* g10.c (main): Add --default-keyring option.
|
| |
|
|
|
|
|
|
| |
--force-ownertrust option for debugging purposes. This allows setting a
whole keyring to a given trust during an --update-trustdb. Not for normal
use - it's just easier than hitting "4" all the time to test a large
trustdb.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
buffer; didn't worked at all. Reported by Thijmen Klok. From Werner on
stable branch.
* secmem.c (secmem_free, secmem_term): Use wipememory2() instead of
memset() to overwrite secure memory
* iobuf.c (direct_open): Handle mode 'b' if O_BINARY is available. From
Werner on stable branch.
* fileutil.c: Comment from stable branch.
|
| |
|
|
|
| |
byte to wipe with).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
anymore. (From Werner)
* random.c (read_seed_file,update_random_seed_file): Use binary mode for
__CYGWIN__. (From Werner)
* blowfish.c (burn_stack), cast5.c (burn_stack), des.c (burn_stack), md5.c
(burn_stack), random.c (burn_stack, read_pool, fast_random_poll),
rijndael.c (burn_stack), rmd160.c (burn_stack), rndegd.c
(rndegd_gather_random), rndlinux.c (rndlinux_gather_random), sha1.c
(burn_stack), tiger.c (burn_stack), twofish.c (burn_stack): Replace
various calls to memset() with the more secure wipememory().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
passphrase against all secret keys rather than trying all secret keys in
turn. Don't if --try-all-secrets or --status-fd is enabled.
* passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase
query, but don't prompt with the key info.
* seckey-cert.c (do_check, check_secret_key): A negative ask count means
to enable passphrase mode 1.
* keydb.h, getkey.c (enum_secret_keys): Add flag to include
secret-parts-missing keys (or not) in the list.
|
| |
|
|
|
|
|
| |
get_key, search_key): The LDAP keyserver doesn't remove duplicates, so
remove them locally. Do not include the key modification time in the
search response.
|
| |
|
|
|
|
| |
don't try and fit the search output to the screen size - just dump the
whole list.
|
| |
|
|
|
| |
just dump the raw keyserver protocol to stdout and don't print the menu.
|
