| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* g10/import.c (read_block): Bail out on compressed packets.
* g10/options.h (COMPAT_COMPR_KEYS): New.
* g10/gpg.c (compatibility_flags): Add "compr-keys".
* common/util.h: Remove replacement code not any longer needed.
(GPG_ERR_UNEXPECTED_PACKET): Add a new replacement code.
--
Compressed key packets do not make much sense but historically they
were supported. Thus we also add a compatibility flag.
GnuPG-bug-id: 7014
|
|
* g10/gpg.c: Include recsel.h.
(debug_flags): New flag "recsel".
(set_debug): Set it.
* g10/options.h (DBG_RECSEL_VALUE, DBG_RECSEL): New.
* g10/import.c (impex_filter_getval): Add debug diagnostics.
* g10/keylist.c (parse_and_set_list_filter): Dump the record filter.
* common/recsel.c (recsel_debug): New variable.
(recsel_set_debug): New function.
(recsel_select): Add debug output if requested.
|
|
* g10/options.h (LIST_SHOW_TRUSTSIG): New.
* g10/gpg.c (parse_list_options): Add "show-trustsig".
* g10/keylist.c (parse_trust_name): New.
(list_signature_print): Print trust signature info.
|
|
* g10/options.h (flags): Add field disable_pqc_encryption.
* g10/gpg.c (oDisablePQCEncryption): New.
(opts): Add --option.
(main): Set option.
* g10/getkey.c (finish_lookup): Skip subkeys if option is set.
--
This option can be used to avoid the use of Kyber encryption subkeys
if this does not make sense (i.e. protection of local files).
|
|
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (proc_tree): Do not stop signature checking if this
new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--
GnuPG-bug-id: 7261
|
|
* g10/options.h (DBG_KEYDB_VALUE): New.
* g10/gpg.c (debug_flags): Add it.
* g10/keydb.c: Replace all DBG_LOOKUP by DBG_KEYDB.
* g10/keyring.c: Ditto.
* g10/call-keyboxd.c: Ditto.
--
Using "lookup" also for key search debugging was not a good idea.
This uses a separate flag for the latter.
|
|
* g10/options.h (opt): Add show_only_session_key and turn
show_session_key into a bit flag.
* g10/gpg.c (oShowOnlySessionKey): New.
(opts): Add "show-only-session-key".
(main): Set flag.
* g10/mainproc.c (proc_encrypted): Handle the new option.
* g10/decrypt-data.c (decrypt_data): Ditto. Add compliance error flag
to the DECRYPTION_INFO status line.
--
This new option is somehow related to
GnuPG-bug-id: 1825
|
|
* g10/import.c (parse_import_options): Rename option.
* g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS.
Change all users.
--
GnuPG-bug-id: 7146
|
|
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--
The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.
GnuPG-bug-id: 7133
|
|
* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new. Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--
GnuPG-bug-id: 6882
|
|
--
These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.
With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.
GnuPG-bug-id: 7116
|
|
* g10/gpg.c (oRequirePQCEncryption): New.
(opts): Add option.
(main): Set option.
* g10/mainproc.c (print_pkenc_list): Print a warning.
* g10/options.h (flags): Add flag require_pqc_encryption.
* g10/getkey.c (finish_lookup): Skip non-pqc keys if the option is
set.
--
GnuPG-bug-id: 6815
|
|
* g10/options.h (LIST_SHOW_OWNERTRUST): New.
* g10/keylist.c (print_key_line): Show wonertrust and always show
whether a key is disabled.
* g10/gpg.c (parse_list_options): Add "show-ownertrust".
* g10/gpgv.c (get_ownertrust_string): Add stub.
* g10/test-stubs.c (get_ownertrust_string): Add stub.
--
Note that in a --with-colons listing the ownertrust has always been
emitted and the disabled state is marked in that listing with a
special 'D' usage.
|
|
* g10/options.h (LIST_SHOW_OWNERTRUST): New.
* g10/keylist.c (print_key_line): Show wonertrust and always show
whether a key is disabled.
* g10/gpg.c (parse_list_options): Add "show-ownertrust".
* g10/gpgv.c (get_ownertrust_string): Add stub.
* g10/test-stubs.c (get_ownertrust_string): Add stub.
--
Note that in a --with-colons listing the ownertrust has always been
emitted and the disabled state is marked in that listing with a
special 'D' usage.
|
|
* g10/pubkey-enc.c (get_it): Use algo and fingerprint for the
fixed-info. Keep a testing mode.
* g10/options.h (COMPAT_T7014_OLD): New.
* g10/gpg.c (compatibility_flags): Add "t71014-old" flag.
--
GnuPG-bug-id: 6815
|
|
* g10/options.h (LIST_STORE_X509_NOTATIONS): New.
* g10/gpg.c (parse_list_options): Add "store-x509-notations".
* g10/keylist.c (print_x509_notations): Add arg PK and code to write a
file.
(list_signature_print): Add arg lastpk and handle new option.
(list_keyblock_print): Track last key or subkey and pass to
list_signature_print.
|
|
* g10/gpg.c (parse_list_options): Add new option.
* g10/options.h (LIST_SHOW_X509_NOTATIONS): New.
* g10/build-packet.c (search_sig_notations): New.
* g10/keylist.c (print_x509_notations): New.
(list_signature_print): Use macros for the sig classes. Call
print_x509_notations.
(list_keyblock_print): Call list_signature_print if x509 notation
printing is enabled.
|
|
* g10/options.h (EXPORT_REALCLEAN): New. Also re-assign other values
to keep them more in sync with the corresponding import values.
* g10/export.c (parse_export_options): Add "export-realclean".
(do_export_stream): Call clean_all_uids directly with the options
arg.
* g10/import.c (import_one_real): Change for direct use of options in
clean_all_uids.
* g10/key-clean.c (is_trusted_key_sig): New. Stub for now.
(clean_sigs_from_uid): Re-purpose self_only to a general options arg.
Implement EXPORT_REALCLEAN code path.
(clean_one_uid): Re-purpose self_only to a general options arg.
(clean_all_uids): Ditto.
* g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple
flag.
(menu_clean): Re-purpose self_only to a general options arg.
* g10/keyid.c (fpr20_from_pk): Factor code out to ....
(fpr20_from_fpr): new. Remove useless case for ARRAY being NULL.
* g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use
fpr20_from_fpr if needed.
(tdbio_search_trust_bypk): Pass 20 for the fingerprint length.
--
Note that this code has no function yet. Another patch will follow to
extract the trusted-keys flag from the trustdb.
|
|
* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try
for opt.pinentry_program. Change definition accordingly.
* g10/gpg.c (main): Use make_filename for agent_program,
dirmngr_program, and keyboxd_program. Change definition accordingly.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-card.c (parse_arguments): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpg-wks-client.c (parse_arguments): Likewise. Do it also for
option --output.
(process_confirmation_request): Print a note for a successful sent.
--
GnuPG-bug-id: 7017
|
|
* g10/keyid.c (parse_one_algo_string): New.
(compare_pubkey_string_part): New.
(compare_pubkey_string): New.
* g10/verify.c (check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo.
* g10/options.h (opt): Add field assert_pubkey_algos.
* g10/gpg.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false.
* common/status.h (ASSERT_PUBKEY_ALGOS): new.
* common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if
this macro is set.
* g10/gpgv.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Check assert_pubkey_algo_false.
* g10/t-keyid.c: New.
* g10/Makefile.am: Add t-keyid.
* g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and
remove from other tests.
(check_assert_signer_list): Ditto.
(check_assert_pubkey_algo): Ditto.
--
GnuPG-bug-id: 6946
|
|
* g10/options.h (IMPORT_IGNORE_ATTRIBUTES): New.
* g10/import.c (parse_import_options): Add new sub-option.
(read_block): Implement sub-option.
--
Suggested-by: Robin H. Johnson
Tested using the import-export feature:
gpg --export KEY_WITH_PICTURE \
| gpg --import --import-options import-export,ignore-attributes \
| gpg --show-key
|
|
* g10/gpg.c (oWithV5Fingerprint): New.
(opts): Add new option.
(main): Set option.
* g10/options.h (opt): Add with_v5_fingerprint.
* g10/keyid.c (hash_public_key): Factor out to ...
(do_hash_public_key): this. Add new arg to foce v5 style hashing.
(v5_fingerprint_from_pk): New.
(v5hexfingerprint): New.
* g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys
if the option is set.
--
GnuPG-bug-id: 6705
|
|
* g10/gpg.c (oWithV5Fingerprint): New.
(opts): Add new option.
(main): Set option.
* g10/options.h (opt): Add with_v5_fingerprint.
* g10/keyid.c (hash_public_key): Factor out to ...
(do_hash_public_key): this. Add new arg to foce v5 style hashing.
(v5_fingerprint_from_pk): New.
(v5hexfingerprint): New.
* g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys
if the option is set.
--
GnuPG-bug-id: 6705
|
|
* g10/options.h (COMPAT_PARALLELIZED): New.
* g10/filter.h (md_thd_filter_context_t): New type.
(md_thd_filter_set_md, md_thd_filter): New.
* g10/gpg.c (compatibility_flags): Update to support
COMPAT_PARALLELIZED.
* g10/mdfilter.c (struct md_thd_filter_context): New.
(lock_md, unlock_md, get_buffer_to_hash, put_buffer_to_recv): New.
(get_buffer_to_fill, put_buffer_to_send, md_thread): New.
(md_thd_filter, md_thd_filter_set_md): New.
* g10/sign.c (sign_file): Add support for md_thd_filter.
(sign_symencrypt_file): Likewise.
--
GnuPG-bug-id: 6570
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/gpg.c (oDebugIgnoreExpiration): New.
(opts): Add option.
(main): Set flag.
* g10/options.h (opt): Add field ignore_expiration.
* g10/pkclist.c (do_we_trust): Handle the option.
* g10/getkey.c (skip_unusable): Ditto.
(finish_lookup): Ditto.
--
GnuPG-bug-id: 2703
|
|
* g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner.
(opts): Add "assert-signer".
(main): Set option.
(assert_signer_true): New var.
(g10_exit): Evaluate new var.
* g10/main.h (assert_signer_true): Declare new var.
* common/status.h (STATUS_ASSERT_SIGNER): New.
* g10/options.h (opt): Add field assert_signer_list.
* g10/verify.c (is_fingerprint): New.
(check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call that function. Clear
assert_signer_true on a warning.
* g10/gpgv.c: Add dummy function and vars.
* g10/t-keydb-get-keyblock.c: Ditto.
* g10/t-keydb.c: Ditto.
* g10/t-stutter.c: Ditto.
--
|
|
* g10/gpg.c (oAddDesigRevoker): New.
(opts): Add new option.
* g10/options.h (opt): Add field desig_revokers.
* g10/keygen.c (get_parameter_idx): New.
(get_parameter): Make use of get_parameter_idx.
(prepare_desig_revoker): New.
(get_parameter_revkey): Add arg idx.
(proc_parameter_file): Add designated revokers.
(do_generate_keypair): Write all designated revokers.
|
|
* g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New.
* g10/gpg.c (parse_list_options): Add "show-unusable-sigs".
* g10/keydb.h (keyid_eq): New.
(pk_is_primary): New.
* g10/keylist.c (list_signature_print): Early return for weak key
signatures. Print "self-signature" instead of user-id.
(list_keyblock_print): Simplify and always set self-sig node flag.
--
This patch avoid the printing of often hundreds of "Invalid digest
algorithm" notices during key signature listings if those key
signatures were done with SHA1. The new option can be used to revert
the behaviour.
We now also print "[self-signature]" with --check-sigs or --list-sigs
instead of the primary user id. This makes such listing easier to read.
|
|
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--
The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key. The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.
Fixes-commit: fb26e144adfd93051501d58f5d0d4f8826ddf436
GnuPG-bug-id: 5655
|
|
* common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature.
(file_filter): Implement peeking.
(iobuf_ioctl): Add new IOBUF_IOCTL_PEEK.
* common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New.
* common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF.
* g10/encrypt.c (encrypt_simple): Peek before detecting compression.
(encrypt_crypt): Ditto.
* g10/sign.c (sign_file): Also detect already compressed data.
* g10/options.h (opt): Add explicit_compress_option.
* g10/gpg.c (main): Set opt.explicit_compress_option for -z.
--
Note that this patch also introduces a compression check for signing
which was never done in the past.
GnuPG-bug-id: 6332
|
|
* agent/command.c (cmd_export_key): Add option --mode1003.
(command_has_option): Ditto.
* g10/build-packet.c (do_key): Implement mode 1003.
* g10/parse-packet.c (parse_key): Ditto.
* g10/options.h (EXPORT_MODE1003): New.o
* g10/call-agent.c (agent_export_key): Add arg mode1003.
* g10/export.c (parse_export_options): Add "mode1003"
(secret_key_to_mode1003): New.
(receive_seckey_from_agent): Add arg mode1003.
(do_export_one_keyblock): Pass option down.
--
This option allows to export a secret key in GnuPG's native format.
Thus no re-encryption is required and further the public key parameters
are also authenticated if a protection passphrase has been used.
Note that --import is not yet able to handle this new mode. Although
old version of GnuPG will bail out with "invalid packet" if a mode1003
exported secret key is seen.
|
|
* g10/options.h (EXPORT_REVOCS): New.
* g10/export.c (export_select_filter): New.
(struct export_filter_attic_s): Add field.
(cleanup_export_globals): Cleanup.
(parse_export_options): Add option "export-revocs".
(parse_and_set_export_filter): Parse the select type.
(do_export_revocs): New.
(do_export_stream): Add a way to select things for export.
|
|
* g10/options.h (LIST_SHOW_PREF): New.
(LIST_SHOW_PREF_VERBOSE): New.
* g10/gpg.c (parse_list_options): Add new options.
* g10/keyedit.c (show_prefs): Factor code out to ...
* g10/keylist.c (show_preferences): new.
(list_keyblock_print): Call show_preferences.
|
|
* g10/gpg.c (opts): New option--force-ocb as alias for force-aead.
Turn --aead-algo and --personal-aead-preferences into dummy options.
(build_list_md_test_algo, build_list_aead_algo_name): Remove.
(my_strusage): Remove output of AEAD algos.
(main): Remove code from the --aead options.
* g10/encrypt.c (encrypt_seskey): Make file local.
(use_aead): Remove requirement for rfc4880bis. Always return
AEAD_ALGO_OCB.
* g10/main.h (DEFAULT_AEAD_ALGO): Removed unused macro.
* g10/misc.c (default_aead_algo): Remove.
* g10/pkclist.c (select_aead_from_pklist): Return AEAD_ALGO_OCB or 0.
(select_algo_from_prefs): Remove personal AEAD algo setting.
* g10/keygen.c (keygen_set_std_prefs): Remove AEAD preference option
parsing.
* g10/options.h (opt): Remove def_aead_algo and personal_aead_prefs.
--
Due to the meanwhile expired patent on OCB there is no more reason for
using EAX. Thus we forcefully use OCB if the AEAD feature flag is set
on a key.
|
|
* g10/gpg.c (oCompatibilityFlags): New.
(opts): Add option.
(compatibility_flags): New list.
(main): Set flags and print help.
* g10/options.h (opt): Add field compatibility_flags.
--
No flags are yet defined but it is good to have the framework.
|
|
* g10/options.h (opt): Add field flags.require_compliance.
* g10/gpg.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
(check_sig_and_print): Ditto.
* g10/encrypt.c (encrypt_crypt): Ditto.
--
Note that in the --encrypt and --verify cased other checks may kick in
earlier than this new --require-compliance controlled one.
|
|
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
|
|
* g10/gpg.c (oOverrideComplianceCheck): New.
(opts): Add new option.
(main): Set option and add check for batch mode.
* g10/options.h (opt): Add flags.override_compliance_check.
* g10/sig-check.c (check_signature2): Factor complaince checking out
to ...
(check_key_verify_compliance): this. Turn error into a warning in
override mode.
--
There is one important use case for this: For systems configured
globally to use de-vs mode, Ed25519 and other key types are not
allowed because they are not listred in the BSI algorithm catalog.
Now, our release signing keys happen to be Ed25519 and thus we need to
offer a way for users to check new versions even if the system is in
de-vs mode. This does on purpose not work in --batch mode so that
scripted solutions won't accidently pass a signature check.
GnuPG-bug-id: 5655
|
|
* common/keyserver.h: Remove.
* sm/gpgsm.h (struct keyserver_spec): Remove.
(opt): Change keyserver to a strlist_t.
* sm/gpgsm.c (keyserver_list_free): Remove.
(parse_keyserver_line): Remove.
(main): Store keyserver in an strlist.
* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid
an ambiguity in dirmngr by adding a prefix if needed.
* g10/options.h (struct keyserver_spec): Move definition from
keyserver.h to here. Remove most fields.
* g10/keyserver.c (free_keyserver_spec): Adjust.
(cmp_keyserver_spec): Adjust.
(parse_keyserver_uri): Simplify.
(keyidlist): Remove fakev3 arg which does not make any sense because
we don't even support v3 keys.
--
We now rely on the dirmngr to parse the keyserver specs. Thus a bad
specification will not be caught immediately. However, even before
that dirmngr had stricter tests.
Signed-off-by: Werner Koch <[email protected]>
Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
|
|
* g10/options.h (opts): New field expl_import_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--
I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are. Thus we
don't clean the key anymore so that key certifications are kept even
if the public key has not yet been imported.
See-commit: 6c26e593df51475921410ac97e9227df6b258618
GnuPG-bug-id: 5387
|
|
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--
I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are. Thus we
can allow the import of key signature from LDAP keyservers by default.
GnuPG-bug-id: 5387
|
|
* g10/gpg.c (oNoAutoTrustNewKey): New.
(opts): Add --no-auto-trust-new-key.
(main): Set it.
* g10/options.h (opt): Add flags.no_auto_trust_new_key.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
(main): Set it.
* g10/options.h (opt): New flag flags.force_sign_key.
* g10/keyedit.c (sign_uids): Use new flag.
--
GnuPG-bug-id: 4584
|
|
* g10/gpg.c: New option --allow-old-cipher-algos.
(set_compliance_option): Set --rfc4880bis explictly to SHA256 and
AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440.
* g10/options.h (opt): Add flags.allow_old_cipher_algos.
* g10/misc.c (print_sha1_keysig_rejected_note): Always print the note
unless in --quiet mode.
* g10/encrypt.c (setup_symkey): Disallow by default algos with a
blocklengt < 128.
(encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES.
* g10/pkclist.c (algo_available): Take care of old cipher also.
(select_algo_from_prefs): Use AES as implicit algorithm by default.
* tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos.
--
GnuPG-bug-id: 3415
|
|
* g10/gpg.c (oPrintPKARecords): Remove.
(opts): Remove --print-pka-records.
(main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff.
* g10/options.h (EXPORT_DANE_FORMAT): Remove.
(VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove.
(KEYSERVER_HONOR_PKA_RECORD): Remove.
* g10/packet.h (pka_info_t): Remove.
(PKT_signature): Remove flags.pka_tried and pka_info.
* g10/parse-packet.c (register_known_notation): Remove
"[email protected]".
* g10/pkclist.c (check_signatures_trust): Remove PKA stuff.
* g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove.
* g10/export.c (parse_export_options): Remove "export-pka".
(do_export): Adjust for this.
(write_keyblock_to_output): Ditto.
(do_export_stream): Ditto.
(print_pka_or_dane_records): Rename to ...
(print_dane_records): this and remove two args. Remove PKA printing.
* g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed
pka_info field.
* g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy.
* g10/keyserver.c: Remove "honor-pka-record".
(keyserver_import_pka): Remove.
* g10/mainproc.c (get_pka_address): Remove.
(pka_uri_from_sig): Remove.
(check_sig_and_print): Remove code for PKA.
--
PKA (Public Key Association) was a DNS based key discovery method
which looked up fingerprint by mail addresses in the DNS. This goes
back to the conference where DKIM was suggested to show that we
already had a better method for this available with PGP/MIME. PKA was
was later superseded by an experimental DANE method and is today not
anymore relevant. It is anyway doubtful whether PKA was ever widely
used.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/options.h (IMPORT_DROP_UIDS, EXPORT_DROP_UIDS): Remove.
* g10/import.c (parse_import_options): Remove option import-drop-uids.
(import_one_real): Remove drop uids code.
(remove_all_uids): Remove function.
* g10/export.c (parse_export_options): Remove option export-drop-uids.
(do_export_one_keyblock): Remove drop uids code.
|
|
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
support for KEYDB_SEARCH_MODE_MAIL.
(ks_ldap_get): Add a debug.
* g10/options.h (AKL_NTDS): New.
* g10/keyserver.c (keyserver_import_ntds): New.
(keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
* g10/getkey.c (parse_auto_key_locate): Support "ntds".
(get_pubkey_byname): Ditto.
|
|
* g10/gpg.c (parse_list_options): Add "sort-sigs".
(main): Make it the default.
* g10/options.h (LIST_SORT_SIGS): New.
* g10/keylist.c (cmp_signodes): New.
(list_keyblock_print): Sort signatures and factor signature printing
code out to ...
(list_signature_print): new.
--
In particular together with --full-timestamps this makes it easier to
see the history of key signatures and their revocations. The
self-signatures are also printed first. To disable this
--list-options no-sort-sigs
can be used.
Also don't print the annoying "no recocation reason specified"
message.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/options.h (IMPORT_BULK): New.
* g10/import.c (parse_import_options): Add "bulk-import".
* g10/call-keyboxd.c (in_transaction): New var.
(gpg_keyboxd_deinit_session_data): Run a commit if in bulk import
mode.
(create_new_context): Run a begin transaction if in bulk import mode.
--
Initial tests with this option are not very promising. Importing
about 3000 real world keys with --use-keyboxd and full logging took:
real 33m31.724s
user 19m54.265s
sys 2m49.662s
With bulk-import this saves a mere 12%:
real 29m36.542s
user 19m3.391s
sys 2m46.728s
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/options.h (IMPORT_COLLAPSE_UIDS): New.
(IMPORT_COLLAPSE_SUBKEYS): New.
* g10/gpg.c (main): Make them the default.
* g10/import.c (parse_import_options): New import options
"no-collapse-uids" and "no-collapse_subkeys".
(collapse_subkeys): New.
(import_one_real): Collapse subkeys and allow disabling the collapsing
using the new options.
(read_key_from_file_or_buffer): Always collapse subkeys.
* g10/keyedit.c (fix_keyblock): Call collapse_subkeys.
--
GnuPG-bug-id: 4421
Signed-off-by: Werner Koch <[email protected]>
|
