aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Solved conflictWerner Koch2002-03-032-13/+28
|
* This is the first half of revocation key / designated revokerDavid Shaw2002-02-289-29/+331
| | | | | | | | | | | | | | | | | | | | | support. That is, it handles all the data to mark a key as revoked if it has been revoked by a designated revoker. The second half (coming later) will contain the code to make someones key your designated revoker and to issue revocations for someone else. Note that this is written so that a revoked revoker can still issue revocations: i.e. If A revokes B, but A is revoked, B is still revoked. I'm not completely convinced this is the proper behavior, but it matches how PGP does it. It does at least have the advantage of much simpler code - my first version of this had lots of loop maintaining code so you could chain revokers many levels deep and if D was revoked, C was not, which meant that B was, and so on. It was sort of scary, actually. This also changes importing to allow bringing in more revocation keys, and exporting to not export revocation keys marked "sensitive". The --edit menu information will show if a revocation key is present.
* Do not include v3 keys in a --export-secret-subkeys export.David Shaw2002-02-282-0/+11
|
* If a key isn't valid (say, because of no self-signature), allowDavid Shaw2002-02-272-0/+18
| | | | | --always-trust to force it valid so it can be trusted.
* Treat key lists internally as fingerprints when possible. All this is viaDavid Shaw2002-02-268-118/+160
| | | | | | | | | | | | KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows the helper program to search the keyserver by fingerprint if desired (and the keyserver supports it). Note that automatic fingerprint promotion during refresh only applies to v4 keys as a v4 fingerprint can be easily changed into a long or short key id, and a v3 cannot. Take two copies of hextobyte() from pubkey-enc.c and getkey.c and make them into one copy in misc.c.
* Detect a "no keys found" case even if the keyserver helper program doesDavid Shaw2002-02-223-10/+32
| | | | | | | not explicitly say how many keys were found. Bug fix - don't report non-revoked keys as revoked in HKP key searches.
* Catch corruption in HKP index lines (can be caused by broken or maliciousDavid Shaw2002-02-193-0/+26
| | | | | | | | | | keyservers). Add KEYSERVER_NOT_SUPPORTED for unsupported actions (say, a keyserver that has no way to search, or a readonly keyserver that has no way to add). Also add a USE_EXTERNAL_HKP define to disable the internal HKP keyserver code.
* * pkclist.c (check_signatures_trust): Always print the warning forWerner Koch2002-02-143-9/+17
| | | | | | | | unknown and undefined trust. Removed the did_add cruft. Reported by Janusz A. Urbanowicz. * g10.c: New option --no-use-agent. Hmmm, is this a a good name? --do-not-use-agent seems a bit to long.
* Bug fix - properly handle user IDs with colons (":") in them while HKPDavid Shaw2002-02-122-5/+36
| | | | | searching.
* For --sig-policy-url and --cert-policy-url, clarify what is a sig and whatDavid Shaw2002-02-1012-39/+118
| | | | | | | | | | | | | | | | | | | | | | is a cert. A sig has sigclass 0x00, 0x01, 0x02, or 0x40, and everything else is a cert. Add a "nrlsign" for nonrevocable and local key signatures. Add a --no-force-mdc to undo --force-mdc. Add a knob to force --disable-mdc/--no-disable-mdc. Off by default, of course, but is used in --pgp2 and --pgp6 modes. Allow specifying multiple users in the "Enter the user ID" loop. Enter a blank line to stop. Show each key+id as it is added. It is not illegal (though possibly silly) to have multiple policy URLs in a given signature, so print all that are present. More efficient implementation of URL-ifying code for --search on an HKP keyserver.
* Allow policy URLs with %-expandos in them. This allows policy URLs likeDavid Shaw2002-02-057-100/+179
| | | | | | | | | "http://notary.jabberwocky.com/keysign/%K" to create a per-signature policy URL. Use the new generic %-handler for the photo ID stuff as well. Display policy URLs and notations during signature generation if --show-policy-url/--show-notation is set.
* Workaround for the pksd and OKS keyserver bug that calculates v4 RSADavid Shaw2002-02-043-4/+48
| | | | | | | | keyids as if they were v3. The workaround/hack is to fetch both the v4 (e.g. 99242560) and v3 (e.g. 68FDDBC7) keyids. This only happens for key refresh while using the HKP scheme and the refresh-add-fake-v3-keyids keyserver option must be set. This should stay off by default.
* Bug fix - do not append keys to each other when --sending more than one.David Shaw2002-02-042-1/+6
|
* Split "--set-policy-url" into "--cert-policy-url" and "--sig-policy-url"David Shaw2002-02-035-8/+42
| | | | | | so the user can set different policies for key and data signing. For backwards compatibility, "--set-policy-url" sets both, as before.
* * g10.c (main): --gen-random --armor does now output a base64Werner Koch2002-01-302-2/+23
| | | | | encoded string.
* --pgp6 flag. This is not nearly as involved as --pgp2. In short, itDavid Shaw2002-01-295-69/+105
| | | | | | | | turns off force_mdc, turns on no_comment, escape_from, and force_v3_sigs, and sets compression to 1. It also restricts the user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. See the comments above algo_available() for lots of discussion on why you would want to do this.
* More comments about when to use IDEA in keygen.cDavid Shaw2002-01-274-8/+31
| | | | | | | | | | When key signing with multiple keys at the same time, make sure each key gets the sigclass prompt Close the iobuf and FILE before trying to reap the child process to encourage the child to exit Disable cache-on-close of the fd iobuf (shouldn't all fd iobufs not be cached?)
* * g10.c, options.h: New option --gpg-agent-infoWerner Koch2002-01-266-8/+50
| | | | | | | | * passphrase.c (agent_open): Let it override the environment info. * seckey-cert.c (check_secret_key): Always try 3 times when the agent is enabled. * options.skel: Describe --use-agent.
* Only check preferences against keys with v4 self sigs as v3 sigs have noDavid Shaw2002-01-244-15/+26
| | | | | | | prefs Only put in the fake IDEA preference with --pgp2 mode Print "Expired" for expired but good signatures.
* Cosmetic: don't present a RSA signing key as a "keypair" which can be 768David Shaw2002-01-233-3/+21
| | | | | | | bits long (as RSA minimum is 1024) Allow IDEA as a fake preference for v3 keys with v3 selfsigs when verifying that a cipher is in preferences while decrypting
* Some compatibility polish for PGP2. Add a fake IDEA preference for v3David Shaw2002-01-229-17/+94
| | | | | | | | keys (this is in the RFC), so that they can be (sometimes) used along OpenPGP keys. Do not force using IDEA on an OpenPGP key, as this may violate its prefs. Also, revise the help text for the sig class explanation.
* * passphrase.c (passphrase_to_dek): Add tryagain_text arg to beWerner Koch2002-01-2010-30/+101
| | | | | | | | | | | | | | used with the agent. Changed all callers. (agent_get_passphrase): Likewise and send it to the agent * seckey-cert.c (do_check): New arg tryagain_text. (check_secret_key): Pass the string to do_check. * keygen.c (ask_passphrase): Set the error text is required. * keyedit.c (change_passphrase): Ditto. * passphrase.c (agent_open): Disable opt.use_agent in case of a problem with the agent. (agent_get_passphrase): Ditto. (passphrase_clear_cache): Ditto.
* Removed debugging outputWerner Koch2002-01-192-2/+2
|
* * passphrase.c (agent_open): Add support for the new Assuan basedWerner Koch2002-01-192-170/+357
| | | | | | | gpg-agent. New arg to return the used protocol version. (agent_get_passphrase): Implemented new protocol here. (passphrase_clear_cache): Ditto.
* New command --decrypt-files.Timo Schulz2002-01-155-40/+109
| | | | | Some fixes.
* Fixed some typos.Timo Schulz2002-01-122-29/+59
|
* Move idea_cipher_warn to misc.c so gpgv.c doesn't need a stubDavid Shaw2002-01-096-95/+77
| | | | | | | | Remove get_temp_dir (it's in exec.c now) Allow --delete-key (now --delete-keys, though --delete-key still works) to delete multiple keys in one go. This applies to --delete-secret-key(s) and --delete-secret-and-public-key(s) as well
* New code for encode_crypt_files.Timo Schulz2002-01-094-13/+37
|
* Added missing include file.Timo Schulz2002-01-092-0/+7
|
* Better description for --encrypt-files.Timo Schulz2002-01-082-1/+5
|
* * g10.c (main): Must register the secring for encryption becauseWerner Koch2002-01-082-2/+8
| | | | | | it is needed to figure out the default recipient. Reported by Roger Sondermann.
* fix off-by-one in building attribute subpacketsDavid Shaw2002-01-068-19/+106
| | | | | | | | | | change default compression to 1 add ask-sig-expire and ask-cert-expire (--expert was getting absurdly overloaded) permit v3 subkeys use --expert to protect adding multiple photo ids and adding photos to a v3 key
* * g10.c (main): Do not register the secret keyrings for certainWerner Koch2002-01-053-79/+92
| | | | | | | | commands. * keydb.c (keydb_add_resource): Use access to test for keyring existence. This avoids cached opened files which are bad under RISC OS.
* Use one-pass packets even if it's a v3 key making the signatureDavid Shaw2002-01-044-27/+51
| | | | | | | Warn with pgp2 and non-detached signatures Use the actual filesize rather than partial length packets in symmetric messages (see ChangeLog or NEWS for discussion).
* Minor tweaks: remove --no-default-check-level, don't cache child tempfilesDavid Shaw2002-01-034-10/+19
| | | | | and simpler code in keyserver
* New command (encrypt-files).Timo Schulz2002-01-035-1/+39
|
* used different char types for RISC OSStefan Bellon2002-01-021-0/+9
|
* moved util.h include downwardsStefan Bellon2002-01-021-1/+1
|
* invalidate close cacheStefan Bellon2002-01-021-2/+7
|
* lock only writable key rings and free unused iobufStefan Bellon2002-01-022-3/+28
|
* Bugfix in photoid.c and keyserver.cDavid Shaw2001-12-298-28/+73
| | | | | | Properly handle permission/ownership checks on files that are shared (for example /usr/local/lib/gnupg/idea)
* Add an outofband indicator to the keyserver protocol.David Shaw2001-12-288-69/+68
| | | | | | Use signature flags for exportability check rather than re-parsing the subpacket.
* Some exec cleanups and tweaks for photo ID and keyserver executionDavid Shaw2001-12-275-41/+91
|
* Some tweaks - copyleft info for mkdtemp.c, and header pruning in photoid.cDavid Shaw2001-12-254-43/+51
| | | | | and keyserver.c
* Fixed a typo and W32 support for the latest CVS changes.Timo Schulz2001-12-237-0/+30
|
* Avoid const compiler warningDavid Shaw2001-12-222-1/+3
|
* Some last minute tweaks - type fixes from Stefan and win32 temp filesDavid Shaw2001-12-224-11/+40
| | | | | from Timo.
* Minor cleanupsWerner Koch2001-12-222-16/+23
|
* * keyserver.c (keyserver_spawn): Removed some variablesWerner Koch2001-12-228-27/+131
| | | | | | | | | | | | declaration due to shadowing warnings. * build-packet.c (build_attribute_subpkt): s/index/idx/ to avoid compiler warnig due to index(3). * getkey.c (get_ctx_handle): Use KEYDB_HANDLE as return value. * keylist.c (list_one): Made resname const. * keyedit.c (keyedit_menu): Allow "addphoto" only when --openpgp is not used. * options.skel: Changed one example photo viewer to qiv.
* Added is_file_compressedTimo Schulz2001-12-222-84/+23
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 14:25:16 +0000