| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* g10/mainproc.c (proc_encrypted): Move show_session_key code to ...
* g10/decrypt-data.c (decrypt_data): here.
--
This feature can be used to return the session key for just a part of
a file. For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key. The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.
This is the same feature as
commit 101a54add351ff62793cbfbf3877787c4791f833 for 2.1 and
commit 3ae90ff28c500967cb90b1176299d2ca01ef450f for 2.0.
GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth. Handle errors from
check_compressed.
Signed-off-by: Werner Koch <[email protected]>
|
|
* cipher/idea.c: New. Take from Libgcrypt master and adjust for
direct use in GnuPG.
* cipher/idea-stub.c: Remove.
* cipher/Makefile.am: Add idea.c and remove idea-stub.c rules.
* configure.ac: Remove idea-stub code.
* g10/gpg.c (check_permissions): Remove code path for ITEM==2.
(main): Make --load-extension a dummy option.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove. Also remove all callers.
* g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA.
* g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA.
* g10/status.h (STATUS_RSA_OR_IDEA): Remove.
--
To keep the number of actually used algorithms low, we support IDEA
only in a basically read-only way (unless --pgp2 is used during key
generation). It does not make sense to suggest the use of this old 64
bit blocksize algorithm. However, there is old data available where
it might be helpful to have IDEA available.
|
|
This does not mean we have any kind of ECC support now. It is merely
to avoid printing a question mark for the algorithm.
Trailing white space changes as usual.
|
|
|
|
(list_keyblock_print), pkclist.c (do_edit_ownertrust), keyedit.c
(menu_showphoto), photoid.c (generate_photo_id, show_photos), misc.c
(pct_expando): Add %v and %V expandos so that displaying photo IDs
can show the attribute validity tag (%v) and string (%V). Originally
by Daniel Gillmor.
|
|
Allow de/encryption using legacy type 20 keys.
Updated config.{sub,guess}
|
|
|
|
Updated gettext.
|
|
the literals count.
* verify.c (verify_one_file), decrypt.c (decrypt_messages): Call it
here so we allow multiple literals in --multifile mode (in different
files - not concatenated together).
|
|
|
|
|
|
sig_to_notation conversion. Noted by Peter Palfradrer.
|
|
|
|
duplicate code by using notation functions.
|
|
pka-lookups, not pka-lookup.
* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
|
|
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
|
|
|
|
algorithm.
|
|
There is still one problem to solve.
|
|
|
|
|
|
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.
|
|
|
|
(keyserver_import_pka), card-util.c (fetch_url): Always require a
scheme:// for keyserver URLs except when used as part of the
--keyserver command for backwards compatibility.
|
|
|
|
|
|
prompt.
|
|
so that gpg can get the key from DNS. This helps with opportunistic
encryption. No integration with the trust modell yet.
|
|
|
|
|
|
|
|
extra check for a bad passphrase and/or unknown cipher algorithm here.
We'll fail quite happily later, and usually with a better error
message to boot.
|
|
signatures that use hashes other than SHA-1, RIPEMD160, or MD5.
|
|
regards to the Mister and Zuccherato attack on OpenPGP CFB mode.
|
|
|
|
verify-option show-validity to show-uid-validity to match the similar
list-option.
* app-openpgp.c (verify_chv3): Fix typo.
|
|
showing the user ID as mainproc.c:print_pkenc_list.
* mainproc.c (print_pkenc_list): Allow translating the quotes around the
user ID.
* card-util.c, g10.c, photoid.c, trustdb.c: The last of the \"%s\" -> `%s'
quoting for things that aren't user IDs.
* keyserver.c (keyserver_spawn): If there is no keyserver host, print the
whole URI since it is self-contained.
|
|
* mainproc.c (check_sig_and_print), pkclist.c (do_edit_ownertrust):
Improve translatability of user ID prompts.
|
|
revoked/expired/expires string change of 2004-09-29 was too simple. Use
two styles for each tag.
|
|
variations of "revoked" ("revoked", "[revoked]", " [revoked]", "[revoked]
") "and" expired down to two to simplify translation.
|
|
menu_set_keyserver_url): Make sure that keyserver URLs with control
characters inside are printed properly. In fact, handle them as UTF8.
|
|
expired user IDs. Also, once we've established that a given uid cannot or
will not be signed, don't continue to ask about each sig.
* mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check the S2K
hash algorithm before we try to generate a passphrase using it. This
prevents hitting BUG() when generating a passphrase using a hash that we
don't have.
* sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign
--symmetric messages.
|
|
|
|
keyservers, and auto-key-retrieve is set, try and get a missing key from
the preferred keyserver subpacket when we verify the sig.
* gpgv.c (parse_preferred_keyserver, free_keyserver_spec): Stubs.
* keyserver.c (keyidlist): Use new parse_preferred_keyserver function.
(keyserver_work): Use the passed-in keyserver spec rather than the options
global one.
* keyserver-internal.h, keyserver.c (parse_preferred_keyserver): New
function to take a sig and return a split out keyserver_spec.
(keyserver_import_keyid): Now takes a keyserver_spec.
|
|
* mainproc.c (check_sig_and_print): track whether we are retrieving a key.
* status.c (status_currently_allowed): New. (write_status_text,
write_status_text_and_buffer): Use it here.
* g10.c: New command --gpgconf-list. (gpgconf_list): New. From Werner on
stable branch.
|
|
keyrec, parse_keyrec, keyserver_search_prompt), keyedit.c (keyedit_menu),
g10.c (add_keyserver_url, add_policy_url): Fix some compiler warnings.
|
|
show. Don't allow a not-shown notation to prevent us from issuing the
proper --status-fd message.
* options.h, g10.c (main): Add show-std/standard-notations and
show-user-notations. show-notations is both. Default is to show standard
notations only during verify. Change all callers.
|
|
notations, only standard notations, or both. Change all callers.
* keyserver.c (keyserver_spawn): We still need EXEC_TEMPFILE_ONLY.
|
|
from parse_keyserver_options by calling the generic parse_options.
* keyserver.c (keyserver_spawn, keyserver_refresh), g10.c (main), gpgv.c
(main), mainproc.c (check_sig_and_print), import.c (revocation_present):
Change all callers.
|
