| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
keyserver.
* g10.c (add_notation_data): Relax slightly the rules as to what can go
into a notation name - 2440 allows "@", for example.
|
| |
|
|
|
|
|
|
| |
and at most 1 revocation sig on a subkey, as per 2440:11.1.
* hkp.c (parse_hkp_index, hkp_search): Error if the keyserver returns an
unparseable HKP response.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
expand_groups), g10.c (main, add_group): Add new "group" command to allow
one name to expand into multiple keys. For simplicity, and to avoid
potential loops, we only expand once - you can't make an alias that points
to an alias.
* main.h, g10.c (main), keygen.c (build_personal_digest_list): Simplify
the default digest list - there is really no need for the other hashes
since they will never be used after SHA-1 in the list.
* options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
"x-broken-hkp" keyserver scheme into keyserver-option "broken-http-proxy".
Move honor_http_proxy into keyserver_options. Canonicalize the three
variations of "hkp", "x-hkp", and "x-broken-hkp" into "hkp".
|
| |
|
|
|
|
|
|
|
| |
unparseable responses.
* exec.c (exec_read): Catch and display an error when the remote process
exits unnaturally (i.e. segfault) so the user knows what happened. Also
fix exec_write stub which has a different number of arguments now.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* hkp.c (parse_hkp_index): Properly handle the '&' character (i.e.
"&") in HKP responses.
* getkey.c (merge_selfsigs_main): Fix reversed expiration time check with
self-sigs.
* keyedit.c (sign_uids): When making a new self-sig on a v3 key, make a v3
self-sig unless it is currently a v3 self-sig being promoted to v4.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
non-revoked user id.
* hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options,
keyserver_spawn), options.h: Remove fast-import keyserver option (no
longer meaningful).
* g10.c (main), keyedit.c (sign_uids), options.h: Change
--default-check-level to --default-cert-check-level as it makes clear what
it operates on.
* g10.c (main): --pgp6 also implies --no-ask-sig-expire.
* delkey.c (do_delete_key): Comment.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows the
helper program to search the keyserver by fingerprint if desired (and the
keyserver supports it). Note that automatic fingerprint promotion during
refresh only applies to v4 keys as a v4 fingerprint can be easily changed
into a long or short key id, and a v3 cannot.
Take two copies of hextobyte() from pubkey-enc.c and getkey.c and make
them into one copy in misc.c.
|
| |
|
|
|
|
|
| |
not explicitly say how many keys were found.
Bug fix - don't report non-revoked keys as revoked in HKP key searches.
|
| |
|
|
|
|
|
|
|
|
| |
keyservers).
Add KEYSERVER_NOT_SUPPORTED for unsupported actions (say, a keyserver that
has no way to search, or a readonly keyserver that has no way to add).
Also add a USE_EXTERNAL_HKP define to disable the internal HKP keyserver
code.
|
| |
|
|
|
| |
searching.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
is a cert. A sig has sigclass 0x00, 0x01, 0x02, or 0x40, and everything
else is a cert.
Add a "nrlsign" for nonrevocable and local key signatures.
Add a --no-force-mdc to undo --force-mdc.
Add a knob to force --disable-mdc/--no-disable-mdc. Off by default, of
course, but is used in --pgp2 and --pgp6 modes.
Allow specifying multiple users in the "Enter the user ID" loop. Enter a
blank line to stop. Show each key+id as it is added.
It is not illegal (though possibly silly) to have multiple policy URLs in
a given signature, so print all that are present.
More efficient implementation of URL-ifying code for --search on an HKP
keyserver.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* pubkey-enc.c (get_session_key): Check that the public key
algorithm is indeed usable for en/decryption. This avoid a
strange error message from pubkey_decrypt if for some reasons a
bad algorithm indentifier is passed.
* hkp.c (hkp_export): Do not print possible control characters
from a keyserver response.
(parse_hkp_index): Made uid an unsigned char* because it is passed to
isspace().
(hkp_search): Ditto for the char* vars.
* g10.c (main): Print the IDEA warning also for -c and -se.
* g10.c (get_temp_dir): Assert that we have dropped privs
* encode.c (encode_crypt): Include the first key into the --pgp2
check.
|
| | |
|
| |
|
|
|
| |
works.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
