| Commit message (Collapse) | Author | Files | Lines |
|---|
|
import_one): Add import-clean-sigs option to automatically clean a key
when importing. Note that when importing a key that is already on the
local keyring, the clean applies to the merged key - i.e. existing
superceded or invalid signatures are removed.
|
|
import-unusable-sigs is now a noop.
|
|
menu_clean_subkeys_from_key), trustdb.h, trustdb.c
(clean_subkeys_from_key): Remove subkey cleaning function. It is of
very limited usefulness since it cannot be used on any subkey that can
sign, and can only affect multiple selfsigs on encryption-only
subkeys.
|
|
do_export_stream): Add export-options export-clean-sigs,
export-clean-uids, export-clean-subkeys, and export-clean which is all
of the above. Export-minimal is the same except it also removes all
non-selfsigs. export-unusable-sigs is now a noop.
|
|
|
|
comment packets.
* export.c (do_export_stream): Don't export comment packets any
longer.
* options.h, g10.c (main): Remove --sk-comments and --no-sk-comments
options, and replace with no-op.
|
|
(do_generate_keypair): Use it here rather than creating and deleting a
comment packet.
* keygen.c (gen_elg, gen_dsa): Do not put public factors in secret key as
a comment.
* options.h, encode.c (encode_simple, encode_crypt), keygen.c (do_create):
Remove disabled comment packet code.
|
|
--default-cert-expire options. Suggested by Florian Weimer.
* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.
* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
|
|
not there. This may happen due to typos in the translation.
|
|
treat 'verbose' and 'include-disabled' as special. Just pass them through
silently to the keyserver helper.
|
|
import-unusable-sigs flag to enable importing unusable (currently:
expired) sigs.
* options.h, export.c (parse_export_options, do_export_stream): Add
export-unusable-sigs flag to enable exporting unusable (currently:
expired) sigs.
|
|
from URLs and pass to keyserver helpers.
|
|
* passphrase.c: Don't check for __CYGWIN__, so it is treated as a
unix-like system.
* options.h, g10.c (main), textfilter.c (standard): Use new option
--rfc2440-text to determine whether to filter "<space>\t\r\n" or just
"\r\n" before canonicalizing text line endings. Default to
"<space>\t\r\n".
|
|
--openpgp directly to determine the end of line hashing rule.
* trustdb.c (uid_trust_string_fixed): Show uids as expired if the key is
expired.
|
|
(not used). (standard): 2440 says that textmode hashes should canonicalize
line endings to CRLF and remove spaces and tabs. 2440bis-12 says to just
canonicalize to CRLF. So, we default to the 2440bis-12 behavior, but
revert to the strict 2440 behavior if the user specifies --rfc2440. In
practical terms this makes no difference to any signatures in the real
world except for a textmode detached signature.
|
|
(parse_import_options, import_keys_internal): Make the import-options and
export-options distinct since they can be mixed together as part of
keyserver-options.
|
|
"export-minimal" option to disregard any sigs except selfsigs.
|
|
verify-option show-validity to show-uid-validity to match the similar
list-option.
* app-openpgp.c (verify_chv3): Fix typo.
|
|
trust since the meaning is different.
* keyedit.c (trustsig_prompt): Change the strings to match the ones in
pkclist.c:do_edit_ownertrust to make translation easier.
* trustdb.c (trust_model_string, get_validity): Add direct trust model
which applies to the key as a whole and not per-uid.
* options.h, g10.c (parse_trust_model): New. (main): Call it from here to
do string-to-trust-model.
|
|
issued, skip right to the CHV1/CHV2 PIN change. No need to show the
unblock or admin PIN change option. (card_edit): Add "admin" command to
add admin commands to the menu. Do not allow admin commands until "admin"
is given.
* app-openpgp.c (verify_chv3): Show a countdown of how many wrong admin
PINs can be entered before the card is locked.
* options.h, g10.c (main), app-openpgp.c (verify_chv3): Remove
--allow-admin.
|
|
Print a spk record for each request subpacket. (list_keyblock_colon): Call
them here.
* g10.c (parse_subpacket_list, parse_list_options): New. Make the list of
subpackets we are going to print. (main): Call them here.
|
|
uids are always on a line for themselves. Mark expired secret keys as
expired.
* options.h, g10.c (main): Rename list show-validity to show-uid-validity
as it only shows for uids.
* armor.c (armor_filter): Do not use padding to get us to 8 bytes of
header. Rather, use 2+4 as two different chunks. This avoids a fake
filename of "is".
|
|
|
|
* mainproc.c (check_sig_and_print): track whether we are retrieving a key.
* status.c (status_currently_allowed): New. (write_status_text,
write_status_text_and_buffer): Use it here.
* g10.c: New command --gpgconf-list. (gpgconf_list): New. From Werner on
stable branch.
|
|
Improved URI parser that keeps track of the path information and doesn't
modify the input string. (keyserver_spawn): Tell keyserver plugins about
the path.
|
|
keyrec, parse_keyrec, keyserver_search_prompt), keyedit.c (keyedit_menu),
g10.c (add_keyserver_url, add_policy_url): Fix some compiler warnings.
|
|
show. Don't allow a not-shown notation to prevent us from issuing the
proper --status-fd message.
* options.h, g10.c (main): Add show-std/standard-notations and
show-user-notations. show-notations is both. Default is to show standard
notations only during verify. Change all callers.
|
|
|
|
parse_keyserver_options now returns a success code.
* keyserver.c (parse_keyserver_options): Return error on failure to parse.
Currently there is no way to fail as any unrecognized options get saved to
be sent to the keyserver plugins later. Check length of keyserver option
tokens since with =arguments we must only match the prefix.
(free_keyserver_spec): Moved code from parse_keyserver_url.
(keyserver_work, keyserver_spawn): Pass in a struct keyserver_spec rather
than using the global keyserver option. (calculate_keyid_fpr): New.
Fills in a KEYDB_SEARCH_DESC for a key. (keyidlist): New implementation
using get_pubkey_bynames rather than searching the keydb directly. If
honor-keyserver-url is set, make up a keyserver_spec and try and fetch
that key directly. Do not include it in the returned keyidlist in that
case.
|
|
from parse_keyserver_options by calling the generic parse_options.
* keyserver.c (keyserver_spawn, keyserver_refresh), g10.c (main), gpgv.c
(main), mainproc.c (check_sig_and_print), import.c (revocation_present):
Change all callers.
|
|
keyserver.c (parse_keyserver_uri): Parse keyserver URI into a structure.
Cleanup for new "guess my keyserver" functionality, as well as refreshing
via a preferred keyserver subpacket.
|
|
|
|
--bzip2-compress-lowmem to --bzip2-decompress-lowmem since it applies to
decompression, not compression.
|
|
(passphrase_to_dek), keyserver.c (print_keyrec): A few more places to use
--keyid-format.
* options.h, g10.c (main), export.c (parse_export_options,
do_export_stream): Remove --export-all and the "include-non-rfc"
export-option as they are no longer meaningful with the removal of v3
Elgamal keys.
|
|
verify-option show-long-keyids and replace with the more general
keyid-format.
|
|
replace the list-option (and eventually verify-option) show-long-keyids.
The format can be short, long, 0xshort, and 0xlong.
* keydb.h, keyid.c (keystr, keystrlen): New functions to generate a
printable keyid.
* keyedit.c (print_and_check_one_sig, show_key_with_all_names), keylist.c
(list_keyblock_print): Use new keystr() function here to print keyids.
|
|
* encode.c (encode_simple): Show cipher with --verbose.
* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level. If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
|
|
--min-cert-check-level option to specify minimum cert check level.
Defaults to 2 (so 0x11 sigs are ignored). 0x10 sigs cannot be ignored.
|
|
--max-output option to help people deal with decompression bombs.
|
|
"show-unusable-subkeys" list-option to show revoked and/or expired
subkeys.
|
|
* options.h, g10.c (set_screen_dimensions): New function to look at
COLUMNS and LINES.
* keyserver.c (parse_keyrec, keyserver_search_prompt), keyedit.c
(print_and_check_one_sig): Use new screen dimension variables.
|
|
import_secret_one), keyserver.c (keyserver_refresh): Change --merge-only
to --import-option merge-only. Deprecate --merge-only.
|
|
parse_keyserver_uri): honor-http-proxy is no longer an option since we can
do the same thing with http-proxy with no arguments. Also remove
broken-http-proxy since it can be better handled in the HTTP helper.
|
|
(do_check): Use an unsigned length for mpi_get_opaque.
* options.h: It's impolite to assign -1 to an unsigned
opt.force_ownertrust.
|
|
encode_md_value), sig-check.c (do_check), sign.c (do_sign): Remove
--emulate-md-encode-bug as it only applied to Elgamal signatures, which
are going away.
|
|
--bz2-compress-lowmem to set bzlib "small" flag for low memory (but slow)
decompression.
|
|
(init_compress): Add --compress-level and --bzip2-compress-level. -z sets
them both. Change various callers.
|
|
"external" trust model, where the user can provide a pregenerated trustdb.
* keyedit.c (keyedit_menu): Do not allow editing ownertrust with an
external trust model trustdb.
|
|
plurarility (or not) of various list and verify options.
|
|
--verify-option show-unusable-uids.
|
