| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| | |
to add "_uri" to certain gpgkeys_xxx helpers when the meaning is
different if a path is provided (i.e. ldap).
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
this is done via curl or fake-curl.
* ksutil.h, ksutil.c, gpgkeys_hkp.c, gpgkeys_curl.c: Minor #include tweaks
as FAKE_CURL is no longer meaningful.
|
| | |
| |
| |
| |
| | |
a place not in the regular include search path.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
to disable.
* pkclist.c (algo_available): If --enable-dsa2 is set, we're allowed to
truncate hashes to fit DSA keys.
* sign.c (match_dsa_hash): New. Return the best match hash for a given q
size. (do_sign, hash_for, sign_file): When signing with a DSA key, if it
has q==160, assume it is an old DSA key and don't allow truncation unless
--enable-dsa2 is also set. q!=160 always allows truncation since they
must be DSA2 keys. (make_keysig_packet): If the user doesn't specify a
--cert-digest-algo, use match_dsa_hash to pick the best hash for key
signatures.
|
| | |
| |
| |
| |
| | |
size doesn't end between byte boundaries.
|
| | |
| |
| |
| |
| | |
Not yet used (q==160).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SHA-224.
* sign.c (write_plaintext_packet), encode.c (encode_simple): Factor
common literal packet setup code from here, to...
* main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure the
literal packet filename field is UTF-8 encoded.
* options.h, gpg.c (main): Make sure --set-filename is UTF-8 encoded
and note when filenames are already UTF-8.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
have no need to backsign.
|
| | |
| |
| |
| |
| | |
--compress-algo should be avoided.
|
| | |
| |
| |
| |
| | |
characters lose part of their ASCII representation.
|
| | | |
|
| | |
| |
| |
| |
| | |
inform people not to use it.
|
| | |
| |
| |
| |
| | |
viewer at runtime. Seems FC5 doesn't have xloadimage.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
directly into place rather than mallocing temporary buffers.
|
| | |
| |
| |
| |
| | |
using sprintf which is harder to read and modify.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
and KS_SEARCH_KEYID_LONG to search for a key ID.
* gpgkeys_ldap.c (search_key): Use it here to flip from pgpUserID
searches to pgpKeyID or pgpCertID.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* keyedit.c (menu_backsign): Allow backsigning even if the secret
subkey doesn't have a binding signature.
* armor.c (radix64_read): Don't report EOF when reading only a pad (=)
character. The EOF actually starts after the pad.
* gpg.c (main): Make --export, --send-keys, --recv-keys,
--refresh-keys, and --fetch-keys follow their arguments from left to
right. Suggested by Peter Palfrader.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
stderr and allow spaces in a fingerprint. Also warn when a key is
over 16k (as that is the default max-cert-size) and fail when a key is
over 64k as that is the DNS limit in many places.
|
| | |
| |
| |
| |
| | |
so people don't have to do it manually.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Fix strings to not start with a capital letter as per convention.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
than 160 bits as per DSA2. This will allow us to verify and issue DSA2
signatures for some backwards compatibility once we start generating DSA2
keys.
* sign.c (do_sign), sig-check.c (do_check): Change all callers.
* sign.c (do_sign): Enforce the 160-bit check for new signatures here
since encode_md_value can handle non-160-bit digests now. This will need
to come out once the standard for DSA2 is firmed up.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
the regular old API that is compatible with other LDAP libraries.
|
| | | |
|
| | |
| |
| |
| |
| | |
than causing an error.
|
| | | |
|
| | |
| |
| |
| |
| | |
sig_to_notation conversion. Noted by Peter Palfradrer.
|
| | | |
|
| | |
| |
| |
| |
| | |
change. It's now all done in configure.
|
| | |
| |
| |
| |
| | |
changing #ifdefs in the rest of the code.
|
| | |
| |
| |
| |
| |
| |
| | |
on OSX.
* README: Add note on how to build a fat binary on OSX.
|
| | |
| |
| |
| |
| |
| |
| | |
rather than '#ifdef' BIG_ENDIAN_HOST. Harmless as we explicitly
define BIG_ENDIAN_HOST to 1 when we need it, but needed for OSX fat
builds when we define BIG_ENDIAN_HOST to another macro.
|
| | |
| |
| |
| |
| | |
Apple-specific BIND_8_COMPAT.
|
| | |
| |
| |
| |
| |
| |
| | |
both the fingerprint alone, and fingerprint+URL cases.
* getkey.c (get_pubkey_byname): Minor cleanup.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
same API as the other auto-key-locate fetchers.
* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched. This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it. In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker. By forcing the use of
the fingerprint, we won't use the attacker's key here.
|
