| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
in the draft are settled.
* srv.c (getsrv): Error on oversize SRV responses.
|
| |
|
|
|
| |
direct_uri flag so the right keyserver helper is run.
|
| |
|
|
|
|
|
|
| |
keyserver helpers on systems that use extensions.
* misc.c (path_access) [HAVE_DRIVE_LETTERS]: Do the right thing with
drive letter systems.
|
| |
|
|
|
| |
on systems that use extensions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
passphrase as if it was used (move from next_pw to last_pw).
* pubkey-enc.c (get_session_key): Use it here to handle the case where a
passphrase happens to be correct for a secret key, but yet that key isn't
the anonymous recipient (i.e. the secret key could be decrypted, but not
the session key). This also handles the case where a secret key is
located on a card and a secret key with no passphrase. Note this does not
fix bug 594 (anonymous recipients on smartcard do not work) - it just
prevents the anonymous search from stopping when the card is encountered.
|
| | |
|
| |
|
|
|
| |
longer.
|
| |
|
|
|
| |
uploading a key.
|
| |
|
|
|
|
| |
in a refresh batch has a preferred keyserver set. Noted by Nicolas
Rachinsky.
|
| |
|
|
|
|
|
| |
(keyserver_import_pka), card-util.c (fetch_url): Always require a
scheme:// for keyserver URLs except when used as part of the
--keyserver command for backwards compatibility.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
card. If it does, only allow 160-bit hashes, a la DSA. This involves
passing the *sk in, so change all callers. This is correct for today,
given the current 160-bit q in DSA, and the current SHA-1/RIPEMD160
support in the openpgp card. It will almost certainly need changing
down the road.
* app-openpgp.c (do_sign): Give user error if hash algorithm is not
supported by the card.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
getkey.c:get_pubkey_byname which was getting crowded.
* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records. Can handle both the PGP (actual key) and IPGP (URL) CERT types.
* getkey.c (get_pubkey_byname): Call them both here.
* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
|
| |
|
|
|
|
|
|
|
|
| |
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keygerver_getname): New keyserver_getname function to fetch keys by name.
* getkey.c (get_pubkey_byname): Call it here to enable locating keys by
full mailbox from a keyserver a la PKA. Try PKA first, though, as it is
likely to be faster.
|
| |
|
|
|
|
| |
* gpgkeys_hkp.c (main, get_name), gpgkeys_ldap.c (main, get_name): Use it
here to do direct name (rather than key ID) fetches.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Currently PKA is only enabled if HTTP or HKP is enabled which is not
necessary.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
curl_writer_finalize): New functionality to handle binary format keys by
armoring them for input to GPG.
* gpgkeys_curl.c (get_key), gpgkeys_hkp.c (get_key): Call it here.
|
| |
|
|
|
|
| |
* keyid.c (usagestr_from_pk): Remove special PUBKEY_USAGE_CERT flag.
It's no longer needed.
|
| |
|
|
|
|
|
| |
causes confusing warning messages when importing a PGP-exported key
that contains a secret key without selfsigs followed by the public
key.
|
| |
|
|
|
|
| |
for no_terminal so we don't try to open("/dev/tty") when invoked with
--no-tty.
|
| | |
|
| | |
|
| |
|
|
|
| |
--fetch-keys so we don't rebuild the trustdb after each fetch.
|
| | |
|
| |
|
|
|
|
|
| |
keyserver_fetch): Set a flag to indicate that we're doing a direct URI
fetch so we can differentiate between a keyserver operation and a URI
fetch for protocols like LDAP that can do either.
|
| | |
|
| |
|
|
|
| |
for the key-not-found error.
|
| |
|
|
|
|
|
|
|
|
| |
when fetching a URI.
* keyserver-internal.h, keyserver.c (keyserver_fetch): New. Fetch an
arbitrary URI using the keyserver helpers.
* gpg.c (main): Call it from here for --fetch-keys.
|
| |
|
|
|
|
| |
* gpgkeys_curl.c (get_key): Give key-not-found error if no data is found
(or file itself is not found) during a fetch.
|
| | |
|
| |
|
|
|
|
| |
This causes a warning on Sun's cc. Do the internal regex code as well for
consistency.
|
| |
|
|
|
| |
pointer.
|
| |
|
|
|
| |
declaration).
|
| |
|
|
|
|
| |
* secmem.c, assuan-buffer.c, dotlock.c: Fix a few warnings from printf-ing
%p where the arg wasn't void *.
|
| |
|
|
|
|
| |
ifdeffed out. This causes a warning on Sun's cc. Do sha512.c as well for
consistency.
|
| |
|
|
|
|
|
|
|
| |
revoker record. Moved from keyedit.c:show_key_with_all_names_colon.
* keylist.c (list_keyblock_colon): Use it here ...
* keyedit.c (show_key_with_all_names_colon): ... and here.
|
| |
|
|
|
|
|
|
|
| |
since we may unprotect it.
* main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local user
support so users can use -u with --desig-revoke. This bypasses the
interactive walk over the revocation keys.
|
| |
|
|
|
| |
"xxxxx-minimal", and "minimize".
|
| |
|
|
|
| |
options.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
"clean", and add "minimize".
* import.c (parse_import_options): Make help text match the export
versions of the options.
* options.h, export.c (parse_export_options, do_export_stream): Reduce
clean options to two: clean and minimize.
* trustdb.h, trustdb.c (clean_one_uid): New function that joins uid
and sig cleaning into one for a simple API outside trustdb.
|
