| Commit message (Collapse) | Author | Files | Lines |
|---|
|
The following works:
gpg2 --gen-key (ECC)
gpg2 --list-keys
gpg2 --list-packets ~/.gnupg/pubring.gpg
gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys>
ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
|
|
Check vor v1 card while signing.
|
|
|
|
A couple of forward ported changes.
Doc updates.
|
|
It builds fine and passes some of the tests but there are quite some
features which don't work yet.
|
|
|
|
|
|
Comment fixes.
Minor chnages in preparation of a W32CE port.
|
|
|
|
|
|
Remove dead code.
|
|
|
|
|
|
|
|
|
|
Fix auto-key-locate processing of "nodefault".
|
|
|
|
add log-file and debug-level to the --gpgconf-list.
|
|
|
|
Implemented key helper kdns
|
|
Convey the new envvars when using simple-pwquery.
|
|
Removed intl/.
|
|
* parse-packet.c (parse_signature): It's hex.
* getkey.c (merge_selfsigs_subkey): Avoid listing the contents of a
backsig when list mode is on. Noted by Timo Schulz.
|
|
* keyedit.c (keyedit_menu): If we modify the keyblock (via
fix_keyblock() or collapse_uids()) make sure we reprocess the
keyblock so the flags are correct. Noted by Robin H. Johnson.
* getkey.c (fixup_uidnode): Properly clear flags that don't apply
to us (revoked, expired) so that we can reprocess a uid.
|
|
|
|
|
|
|
|
(build_sig_subpkt_from_sig), getkey.c (fixup_uidnode,
merge_selfsigs_main, merge_selfsigs_subkey), keygen.c
(keygen_add_key_expire): Fix meaning of key expiration and sig
expiration subpackets - zero means "never expire" according to 2440,
not "expire instantly".
|
|
problem when auto-key-locate returns a list of keys, not all of which are
usable (revoked, expired, etc). Noted by Simon Josefsson.
|
|
|
|
The gpg part does not yet build.
|
|
* keyedit.c (menu_backsign): Allow backsigning even if the secret
subkey doesn't have a binding signature.
* armor.c (radix64_read): Don't report EOF when reading only a pad (=)
character. The EOF actually starts after the pad.
* gpg.c (main): Make --export, --send-keys, --recv-keys,
--refresh-keys, and --fetch-keys follow their arguments from left to
right. Suggested by Peter Palfrader.
|
|
|
|
Fix strings to not start with a capital letter as per convention.
|
|
than causing an error.
|
|
both the fingerprint alone, and fingerprint+URL cases.
* getkey.c (get_pubkey_byname): Minor cleanup.
|
|
same API as the other auto-key-locate fetchers.
* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched. This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it. In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker. By forcing the use of
the fingerprint, we won't use the attacker's key here.
|
|
keyserver_import_cert, keyserver_import_name, keyserver_import_ldap):
Pass fingerprint info through.
|
|
"pka" when those features are disabled.
* misc.c (has_invalid_email_chars): Fix some C syntax that broke the
compilers on SGI IRIX MIPS and Compaq/DEC OSF/1 Alpha. Noted by Nelson H.
F. Beebe.
|
|
--no-auto-key-locate.
* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.
* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New. Find a keyserver that matches ours and
return its spec.
* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
|
|
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
|
|
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
|
|
importing at -r time. The URL in the PKA record may point to a key put in
by an attacker. Fix is to use the fingerprint from the PKA record as the
recipient. This ensures that the PKA record is followed.
* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
|
|
getkey.c:get_pubkey_byname which was getting crowded.
* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records. Can handle both the PGP (actual key) and IPGP (URL) CERT types.
* getkey.c (get_pubkey_byname): Call them both here.
* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
|
|
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keygerver_getname): New keyserver_getname function to fetch keys by name.
* getkey.c (get_pubkey_byname): Call it here to enable locating keys by
full mailbox from a keyserver a la PKA. Try PKA first, though, as it is
likely to be faster.
|
|
|
|
|
|
|
|
adding a cert-only designated revoker. Code was looking for a key with
sign ability, and not cert ability. Noted by Timo Schulz.
|
|
add 0x19 backsigs to old keys that don't have them.
* misc.c (parse_options): Fix build warning.
* main.h, keygen.c (make_backsig): Make public.
|
