| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
algorithm which will be used if available.
* encode.c (encode_crypt, encrypt_filter), sign.c (sign_file): Use new
select_algo_from_prefs feature to check if forcing an algorithm would
violate the recipient preferences.
* photoid.c (get_default_photo_command, show_photos): Use different
default viewers on different platforms. Currently we have Win 9x, Win NT
(2k, xp), Mac OSX, RISC OS, and "everybody else". These are #ifdefs as
much as possible to avoid clutter.
* g10.c (strusage, build_list), keyedit.c (show_prefs), main.h, misc.c
(compress_algo_to_string, check_compress_algo), pkclist.c
(algo_available), keygen.c (keygen_set_std_prefs): New algo_to_string and
check functions for compress algorithms.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* misc.c (check_permissions): Check directory permissions properly - they
are not special files.
* pkclist.c (expand_id, expand_group, build_pk_list): When expanding
groups before building a pk list, inherit flags from the original
pre-expanded string.
* pubkey-enc.c (is_algo_in_prefs): Don't use prefs from expired uids.
|
| |
|
|
|
| |
properly when used in the "Enter the user ID" prompt.
|
| |
|
|
|
|
|
|
|
|
| |
Members of an expansion inherit their flags from the expansion key.
* options.h, cipher.c (write_header), g10.c (main), keygen.c
(keygen_set_std_prefs): remove the personal_mdc flag. It no longer serves
a purpose now that the personal preference lists are split into
cipher/digest/zip.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
expand_groups), g10.c (main, add_group): Add new "group" command to allow
one name to expand into multiple keys. For simplicity, and to avoid
potential loops, we only expand once - you can't make an alias that points
to an alias.
* main.h, g10.c (main), keygen.c (build_personal_digest_list): Simplify
the default digest list - there is really no need for the other hashes
since they will never be used after SHA-1 in the list.
* options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
"x-broken-hkp" keyserver scheme into keyserver-option "broken-http-proxy".
Move honor_http_proxy into keyserver_options. Canonicalize the three
variations of "hkp", "x-hkp", and "x-broken-hkp" into "hkp".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
default digest preference list consisting of SHA-1, followed by every
other installed digest except MD5. Note this is the same as having no
digest preference at all except for SHA-1 being favored.
* options.h, g10.c (main), keygen.c (keygen_set_std_prefs), pkclist.c
(select_algo_from_prefs): Split --personal-preference-list into three:
--personal-{cipher|digest|compress}-preferences. This allows a user to
set one without affecting another (i.e. setting only a digest pref doesn't
imply an empty cipher pref).
* exec.c (exec_read): This is a safer way of guessing the return value of
system(). Noted by Stefan Bellon.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
time, consult the various hash prefs to pick a hash algorithm to use.
Pass in a 160-bit hint if any of the signing keys are DSA.
* keydb.h, pkclist.c (select_algo_from_prefs, algo_available): Pass a
"hints" opaque pointer in to let the caller give hints as to what
algorithms would be acceptable. The only current hint is for
PREFTYPE_HASH to require a 160-bit hash for DSA. Change all callers in
encode.c (encode_crypt, encrypt_filter) and sign.c (sign_file). If we
settle on MD5 as the best algorithm based solely on recepient keys and
SHA1 is also a possibility, use SHA1 unless the user intentionally chose
MD5. This is as per 2440:13.
* exec.c (make_tempdir): Fix duplicated filename problem.
|
| |
|
|
|
|
|
|
|
|
| |
enum_sig_subpkt when a subpacket is critical and change all callers in
keylist.c (show_policy_url, show_notation), mainproc.c
(print_notation_data), and pkclist.c (do_show_revocation_reason).
* keylist.c (show_policy_url, show_notation): Display if the policy or
notation is critical.
|
| |
|
|
|
|
|
|
| |
* pkclist.c (do_show_revocation_reason): Don't use capital
letters for non-interactive output.
(show_revocation_reason): Now it is global.
* pubkey-enc.c (get_it): Show if the key has been revoked.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
keygen_upd_std_prefs), keyedit.c (keyedit_menu), g10.c (main), pkclist.c
(select_algo_from_prefs): Add --personal-preference-list which allows the
user to factor in their own preferred algorithms when the preference lists
are consulted. Obviously, this does not let the user violate a
recepient's preferences (and the RFC) - this only influences the ranking
of the agreed-on (and available) algorithms from the recepients.
Suggested by David Hollenberg.
* options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
--preference-list to --default-preference-list (as that is what it really
is), and make it a true default in that if the user selects "default" they
get this list and not the compiled-in list.
|
| |
|
|
|
| |
preference for uncompressed data.
|
| |
|
|
|
|
|
|
| |
(algo_available): --pgp7, identical to --pgp6 except that it permits a few
algorithms that PGP 7 added: AES128, AES192, AES256, and TWOFISH. Any
more of these --pgpX flags, and it'll be time to start looking at a
generic --emulate-pgp X option.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
twice in batch mode if one instance was the default recipient and the
other was an encrypt-to. Noted by Stefan Bellon.
* parse-packet.c (dump_sig_subpkt): Show data in trust and regexp sig
subpackets.
* keyedit.c (keyedit_menu): Use new function real_uids_left to prevent
deleting the last real (i.e. non-attribute) uid. Again, according to the
attribute draft. (menu_showphoto): Make another string translatable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Properly initialize the user ID refcount for user and photo IDs.
Tweak a few prompts to change "y/n" to "y/N", which is how most other
prompts are written.
Warn the user if they are about to revoke an expired sig (not a problem,
but they should know).
Control-d escapes the keyserver search prompt.
If a subkey is considered revoked solely because the parent key is
revoked, print the revocation reason from the parent key.
Allow revocation/expiration to apply to a uid/key with no entry in the
trustdb.
|
| |
|
|
|
|
|
|
| |
unknown and undefined trust. Removed the did_add cruft. Reported
by Janusz A. Urbanowicz.
* g10.c: New option --no-use-agent.
Hmmm, is this a a good name? --do-not-use-agent seems a bit to long.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
is a cert. A sig has sigclass 0x00, 0x01, 0x02, or 0x40, and everything
else is a cert.
Add a "nrlsign" for nonrevocable and local key signatures.
Add a --no-force-mdc to undo --force-mdc.
Add a knob to force --disable-mdc/--no-disable-mdc. Off by default, of
course, but is used in --pgp2 and --pgp6 modes.
Allow specifying multiple users in the "Enter the user ID" loop. Enter a
blank line to stop. Show each key+id as it is added.
It is not illegal (though possibly silly) to have multiple policy URLs in
a given signature, so print all that are present.
More efficient implementation of URL-ifying code for --search on an HKP
keyserver.
|
| |
|
|
|
|
|
|
| |
turns off force_mdc, turns on no_comment, escape_from, and force_v3_sigs,
and sets compression to 1. It also restricts the user to IDEA (if
present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. See the comments above
algo_available() for lots of discussion on why you would want to do this.
|
| |
|
|
|
|
|
| |
prefs
Only put in the fake IDEA preference with --pgp2 mode
Print "Expired" for expired but good signatures.
|
| |
|
|
|
|
|
|
| |
keys (this is in the RFC), so that they can be (sometimes) used along
OpenPGP keys. Do not force using IDEA on an OpenPGP key, as this may
violate its prefs.
Also, revise the help text for the sig class explanation.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
DCVS: ----------------------------------------------------------------------
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
