| Commit message (Collapse) | Author | Files | Lines |
|---|
|
algorithm which will be used if available.
* encode.c (encode_crypt, encrypt_filter), sign.c (sign_file): Use new
select_algo_from_prefs feature to check if forcing an algorithm would
violate the recipient preferences.
* photoid.c (get_default_photo_command, show_photos): Use different
default viewers on different platforms. Currently we have Win 9x, Win NT
(2k, xp), Mac OSX, RISC OS, and "everybody else". These are #ifdefs as
much as possible to avoid clutter.
* g10.c (strusage, build_list), keyedit.c (show_prefs), main.h, misc.c
(compress_algo_to_string, check_compress_algo), pkclist.c
(algo_available), keygen.c (keygen_set_std_prefs): New algo_to_string and
check functions for compress algorithms.
|
|
helpers. Also don't leak the last line worth of memory from the keyserver
response.
* main.h, misc.c (deprecated_warning): New function to warn about
deprecated options and commands.
* g10.c (main), keyserver-internal.h, keyserver.c (parse_keyserver_uri):
Use new deprecated function to warn about honor-http-proxy,
auto-key-retrieve, and x-broken-hkp.
|
|
expand_groups), g10.c (main, add_group): Add new "group" command to allow
one name to expand into multiple keys. For simplicity, and to avoid
potential loops, we only expand once - you can't make an alias that points
to an alias.
* main.h, g10.c (main), keygen.c (build_personal_digest_list): Simplify
the default digest list - there is really no need for the other hashes
since they will never be used after SHA-1 in the list.
* options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
"x-broken-hkp" keyserver scheme into keyserver-option "broken-http-proxy".
Move honor_http_proxy into keyserver_options. Canonicalize the three
variations of "hkp", "x-hkp", and "x-broken-hkp" into "hkp".
|
|
default digest preference list consisting of SHA-1, followed by every
other installed digest except MD5. Note this is the same as having no
digest preference at all except for SHA-1 being favored.
* options.h, g10.c (main), keygen.c (keygen_set_std_prefs), pkclist.c
(select_algo_from_prefs): Split --personal-preference-list into three:
--personal-{cipher|digest|compress}-preferences. This allows a user to
set one without affecting another (i.e. setting only a digest pref doesn't
imply an empty cipher pref).
* exec.c (exec_read): This is a safer way of guessing the return value of
system(). Noted by Stefan Bellon.
|
|
list_keyblock_print, list_keyblock_colon), status.h, status.c
(get_status_string): New --attribute-fd feature to dump the contents of
attribute subpackets for frontends. If --status-fd is also used, then a
new status tag ATTRIBUTE is provided for each subpacket.
* packet.h, getkey.c (fixup_uidnode, merge_selfsigs_main,
merge_selfsigs_subkey), parse-packet.c (setup_user_id): Keep track of the
expiration time of a user ID, and while we're at it, use the expired flag
from the selfsig rather than reparsing the SIG_EXPIRE subpacket.
* photoid.c (generate_photo_id): When adding a new photo ID, showing the
photo for confirmation is not safe when noninteractive since the "user"
may not be able to dismiss a viewer window. Noted by Timo Schulz.
|
|
expandos, and pass notations through pct_expando as well.
* main.h, misc.c (pct_expando): Add %s and %S expandos for signer's keyid.
|
|
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted. Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.
* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
|
|
revocation via --desig-revoke
* keyedit.c (keyedit_menu, menu_addrevoker): New "addrevoker" command to
add a designated revoker to a key.
|
|
signature (callable by make_keysig_packet). (write_direct_sig): Write a 1F
direct key signature. (parse_revocation_key): Parse a string in
algo:fpr:sensitive format into a revocation key. (get_parameter_revkey,
do_generate_keypair): Call above functions when prompted from a batch key
generation file.
* build-packet.c (build_sig_subpkt): Allow multiple revocation key
subpackets in a single sig.
* keydb.h, getkey.c (get_seckey_byfprint): Same as get_pubkey_byfprint,
except for secret keys. We only know the fingerprint of a revocation key,
so this is needed to retrieve the secret key needed to issue a revokation.
* packet.h, parse-packet.c (parse_signature, parse_revkeys): Split revkey
parsing off into a new function that can be used to reparse after
manipulating the revkey list.
* sign.c (make_keysig_packet): Ability to make 1F direct key signatures.
|
|
clean as this function may be called more than once (e.g. from functions
in --edit).
* g10.c, encode.c (encode_crypt), sign.c (sign_file,
sign_symencrypt_file): Make --compress-algo work like the documentation
says. It should be like --cipher-algo and --digest-algo in that it can
override the preferences calculation and impose the setting the user
wants. No --compress-algo setting allows the usual preferences
calculation to take place.
* main.h, compress.c (compress_filter): use new DEFAULT_COMPRESS_ALGO
define, and add a sanity check for compress algo value.
|
|
functions to return data about an image.
* packet.h, parse-packet.c (make_attribute_uidname,
parse_attribute_subpkts, parse_attribute), photoid.h, photoid.c
(show_photos): Handle multiple images in a single attribute packet.
* main.h, misc.c (pct_expando), sign.c (mk_notation_and_policy), photoid.c
(show_photos): Simpler expando code that does not require using
compile-time string sizes. Call image_type_to_string to get image strings
(i.e. "jpg", "image/jpeg"). Change all callers.
* keyedit.c (menu_showphoto), keylist.c (list_keyblock_print): Allow
viewing multiple images within a single attribute packet.
* gpgv.c: Various stubs for link happiness.
|
|
|
|
fingerprint, etc.)
Do not print uncheckable signatures (missing key..) in --check-sigs.
Print statistics (N missing keys, etc.) after --check-sigs.
When signing a key with an expiration date on it, the "Do you want your
signature to expire at the same time?" question should default to YES
|
|
affected - but everything else and it seems that there is no backup of
the BTS data is available :-(
|
|
KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows the
helper program to search the keyserver by fingerprint if desired (and the
keyserver supports it). Note that automatic fingerprint promotion during
refresh only applies to v4 keys as a v4 fingerprint can be easily changed
into a long or short key id, and a v3 cannot.
Take two copies of hextobyte() from pubkey-enc.c and getkey.c and make
them into one copy in misc.c.
|
|
"http://notary.jabberwocky.com/keysign/%K" to create a per-signature
policy URL. Use the new generic %-handler for the photo ID stuff as well.
Display policy URLs and notations during signature generation if
--show-policy-url/--show-notation is set.
|
|
Some fixes.
|
|
Remove get_temp_dir (it's in exec.c now)
Allow --delete-key (now --delete-keys, though --delete-key still works) to
delete multiple keys in one go. This applies to
--delete-secret-key(s) and --delete-secret-and-public-key(s) as well
|
|
|
|
|
|
Properly handle permission/ownership checks on files that are shared (for
example /usr/local/lib/gnupg/idea)
|
|
that live there for safe permission/ownership (--no-permission-warning to
disable)
The newer glibcs print scary warnings about using mktemp(). The use here
was actually safe, but the warning was bound to confuse people, so here is
an arguably better tempname creator that pulls random bits from the pool.
|
|
IDEA warning for pk messages encrypted with IDEA (symmetric is already done)
Print IDEA warning for each occurance except for secret key protection and
unknown cipher from an encrypted message.
|
|
pops up when the user uses "--cipher-algo idea", when setpref is used to
set a "S1" preference, and when a secret key protected with IDEA is used.
Tweak the --pgp2 mode to use this generic warning.
|
|
Offer to expire a key signature when the key the user is signing expires
Expired sigs cause an error return
If --expert is set, prompt for sig duration
|
|
displays in key listings, and shows flags for signature features.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
