| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
output. (main): Set --bzip2-compress-level to the default value at
startup. Remove --emulate-checksum-bug noop.
|
| |
|
|
|
|
|
| |
encode_md_value), sig-check.c (do_check), sign.c (do_sign): Remove
--emulate-md-encode-bug as it only applied to Elgamal signatures, which
are going away.
|
| |
|
|
|
|
|
|
| |
--override-session-key on --symmetric messages (new-style or old-style).
(proc_pubkey_enc): Move code to show session key from here to
proc_encrypted() so it can work with any type of message. Suggested by
Michael Young.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
any ultimately trusted keys. This ensures that if we lose all our
ultimately trusted keys, we don't leave behind the old validity
calculations. Noted by Peter Palfrader.
* revoke.c (gen_desig_revoke): Specify in the comment when a designated
revocation is generated.
* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
get_seckey_byname2): Remove Elgamal check since we are removing type 20
keys altogether.
|
| |
|
|
|
|
|
|
| |
mode.
* getkey.c (get_seckey_byname2): Disallow use of sign+encrypt Elgamal
keys.
|
| |
|
|
|
|
|
|
| |
keys.
* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Disallow use of
sign+encrypt Elgamal keys.
|
| |
|
|
|
|
|
| |
* misc.c (compress_algo_to_string): Translate "Uncompressed". Requested by
Tommi Vainikainen. (string_to_compress_algo): Include multi-string for
"uncompressed|none".
|
| |
|
|
|
|
| |
--bz2-compress-lowmem to set bzlib "small" flag for low memory (but slow)
decompression.
|
| |
|
|
|
|
|
|
|
|
| |
no longer needed.
* g10.c: Fix typoed option name.
* compress-bz2.c (init_compress): Compression level 0 is not meaningful
for bzip2.
|
| |
|
|
|
|
| |
(init_compress): Add --compress-level and --bzip2-compress-level. -z sets
them both. Change various callers.
|
| |
|
|
|
|
| |
default_compress_algo (--compress-algo, followed by the highest
--personal-compress-preference, followed by ZIP) to get the algorithm.
|
| |
|
|
|
|
|
|
| |
"external" trust model, where the user can provide a pregenerated trustdb.
* keyedit.c (keyedit_menu): Do not allow editing ownertrust with an
external trust model trustdb.
|
| |
|
|
|
| |
plurarility (or not) of various list and verify options.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* main.h, encode.c (setup_symkey): New. Prompt for a passphrase and
create a DEK for symmetric encryption. (write_symkey_enc): New. Write out
symmetrically encrypted session keys. (encode_crypt, encrypt_filter): Use
them here here when creating a message that can be decrypted with a
passphrase or a pk.
* sign.c (sign_file): Call setup_symkey if we are doing a --symmetric
--sign --encrypt.
|
| |
|
|
|
|
|
|
| |
--quiet is set. Suggested by Duncan Harris. Also don't fail with BUG()
when processing a --symmetric message with a cipher we don't have.
* g10.c: Alias --personal-xxx-prefs to --personal-xxx-preferences.
|
| |
|
|
|
| |
the user to stop at any point.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
list of ultimately trusted keys.
* keygen.c (do_generate_keypair): Use it here so that the ultimate
ownertrust happens before the trustdb (might be) rebuilt. Also fix an
error where the newly generated pk is thought to be a subkey by the
trustdb.
* g10.c (main): Fix --export-all do actually do something different than
--export.
* pkclist.c (build_pk_list): Show all recipients rather than showing each
recipient as they are added.
* mainproc.c (proc_symkey_enc, proc_encrypted): Keep a count of the number
of passphrases that can decrypt a symmetric or mixed symmetric/pk message
and include it in the list of keys shown to the user.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
check_compress_algo): Add bzip2.
* compress.c (compress_filter): Make static to help force the use of
push_compress_filter. Remove default algorithm setting since that is done
in push_compress_filter now.
* main.h: Use named algorithm.
* filter.h, compress.c (push_compress_filter, push_compress_filter2): New.
Figure out which is the appropriate compression filter to use, and push it
into place.
* compress.c (handle_compressed), encode.c (encode_simple, encode_crypt),
sign.c (sign_file, sign_symencrypt_file), import.c (read_block), export.c
(do_export): Use push_compress_filter instead of pushing the compression
filter ourselves.
* compress-bz2.c: New. Bzlib versions of the compression filter routines.
* Makefile.am: Include compress-bz2.c if bz2lib is available.
|
| |
|
|
|
| |
(get_ccid_error_string): New. Not very useful messages, though.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(check_card_serialno): New.
(agent_scd_pksign, agent_scd_pkdecrypt): Use it here.
* cardglue.c (open_card): Issue insertion status message.
* status.h, status.c (STATUS_CARDCTRL): New.
* status.c (cpr_get_answer_okay_cancel): New.
* miscutil.c (answer_is_okay_cancel): New.
|
| |
|
|
|
|
|
|
| |
* keylist.c (list_keyblock_print): Denote secrets keys stored on a
card with an '>'. Print the '#' also for subkeys.
(list_keyblock_colon): Introduce new field 15 for sec/ssb to print
the serial number.
|
| |
|
|
|
| |
more specific matches before giving up (e.g. 1.3.3-cvs, 1.3.3, 1.3, 1).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
message that can be decrypted via a passphrase or public key system.
* main.h, encode.c (encode_seskey): Allow passing in an already-created
session key dek. (encode_simple): Use the actual symmetric cipher when
encrypting a session key for a symmetric message. (encode_crypt): Add a
flag to trigger a hybrid mode that can be decrypted via a passphrase or a
pk. Change all callers.
* mainproc.c (symkey_decrypt_sesskey): There is no way to tell the
difference here between a bad passphrase and a cipher algorithm that we
don't have, so use a error message that makes that clear. Use the actual
list of ciphers when checking whether a cipher is invalid. Return error
if the decrypted cipher algorithm is invalid. (proc_symkey_enc): In a
mixed passphrase/pk message, if a valid dek already exists from decrypting
via pk, do not try to process the passphrase. (proc_symkey_enc): Indicate
when we're decrypting a session key as opposed to decrypting data. If a
passphrase is invalid, discard the dek so we'll keep trying.
|
| |
|
|
|
|
|
| |
devices are found.
* Makefile.am: Replaced INTLLIBS by LIBINTL.
|
| |
|
|
|
|
|
| |
--pcsc-driver.
* cardglue.c (learn_status_cb): Fixed faulty use of !space.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed all callers.
* cardglue.c (pin_cb): Use it here, so the machine interface can
tell whether the Admin PIN is requested.
* cardglue.c (agent_scd_checkpin): New.
* misc.c (openpgp_pk_algo_usage): Added AUTH usage.
* app-openpgp.c (check_against_given_fingerprint): New. Factored
out that code elsewhere.
(do_check_pin): New.
* card-util.c (card_edit): New command "passwd". Add logic to
check the PIN in advance.
(card_status): Add new args to return the serial number. Changed
all callers.
|
| |
|
|
|
|
|
|
| |
import warning.
* g10.c (main): Older versions used --comment "" to indicate no comment.
Don't add an empty comment.
|
| |
|
|
|
|
| |
the PGP or classic trust models. Both validity and ownertrust are not
meaningful for the always trust model.
|
| | |
|
| |
|
|
|
| |
(agent_scd_change_pin): Implemented.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* ccid-driver.c (ccid_close_reader): New.
* apdu.c (close_ccid_reader, close_ct_reader, close_csc_reader)
(close_osc_reader, apdu_close_reader): New. Not all are properly
implemented yet.
* g10.c (g10_exit): Use close_card.
|
| |
|
|
|
|
|
| |
with less than 16 bits. Include i18n.h.
* POTFILES.in (cipher/primegen.c): Added.
|
| |
|
|
|
|
|
|
|
|
|
| |
--show-photos, --show-policy-url, --show-notation, and their respective
no- forms.
* options.skel: Remove show-photos and replace with list/verify-options
show-photos. Remove no-mangle-dos-filenames.
* misc.c (parse_options): Allow for incomplete (but unambiguous) options.
|
| |
|
|
|
|
|
|
|
|
| |
* sign.c (do_sign) [!ENABLE_CARD_SUPPORT]: Return an error for
card keys.
* cardglue.c (agent_scd_pkdecrypt): Implemented.
* pubkey-enc.c (get_it) [ENABLE_CARD_SUPPORT]: Divert decryption
to card
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
requested.
(genkey_status_cb): New.
(agent_scd_genkey): Implemented.
* keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare
parameters for on card key generation. Changed all callers.
(do_generate_keypair): Add new arg card and merged casrd specific
changes from 1.9.
(proc_parameter_file): New arg card, apss it down to
do_generate_keypair and changed all callers.
(gen_card_key): New.
* g10.c: Include cardclue.h.
(main): s/app_set_default_reader_port/card_set_reader_port/.
* cardglue.c (card_set_reader_port): New to address include file
issues.
|
| |
|
|
|
|
|
|
|
| |
so that it can be used by getattr to update the structure.
(agent_scd_getattr): New.
* keylist.c (print_pubkey_info): Add FP arg for optional printing
to a stream. Changed all callers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically
encrypted session key. Use --s2k-cipher-algo to choose cipher, rather
than the default cipher.
* parse-packet.c (parse_subkeyenc): Give a warning if an symmetrically
encrypted session key is seen without salt. Show in --list-packets if a
symetrically encrypted session key is present.
* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless
--quiet is set. Use text name of cipher in warning.
|
| |
|
|
|
| |
--verify-option show-unusable-uids.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* trustdb.c (get_validity): Move the up-to-date check to
check_trustdb_stale (new), so that it can be called before validity is
checked.
* keylist.c (list_keyblock_print): Disable the overall key validity
display until it can be thought about more. Use check_trustdb_stale here
to avoid putting the check warning in the middle of a listed key.
* trustdb.c (init_trustdb): Only verify_own_keys() for those trust models
that it applies to (i.e. classic and OpenPGP).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the proposed AUTH key flag.
* getkey.c (fixup_uidnode, merge_selfsigs_main)
(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
* keylist.c (print_capabilities): Ditto.
* parse-packet.c (parse_key): Allow to parse the divert-to-card
S2K mode.
* build-packet.c (do_secret_key): Handle divert-to-card S2K
* seckey-cert.c (is_secret_key_protected): Ditto.
(check_secret_key): Ditto.
* keygen.c (do_ask_passphrase): Renamed from ask_passphrase.
* passphrase.c (ask_passphrase): New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
--change-pin. New options --ctapi-driver, --pcsc-driver and
--disable-ccid
* options.h (DBG_CARD_IO): New.
* cardglue.c, cardclue.h: Enhanced.
* card-util.c: New. Taken from current the gnupg 1.9 branch.
* app-common.h, app-openpgp.c, iso7816.c, iso7816.h, apdu.c
* apdu.h, ccid-driver.c, ccid-driver.h: New. Takem from the current
gnupg 1.9 branch withy minor changes to include directives.
* Makefile.am: Added these files.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
default and tehre is not yet much more than a new configure option.
* configure.ac (LIBUSB_LIBS,HAVE_LIBUSB): Check for Libusb.
(--enable-card-support): New.
* sign.c (do_sign) [ENABLE_CARD_SUPPORT]: Divert to card.
* cardglue.c, cardglue.h: New.
* Makefile.am (gpg_LDADD): Added.
(card_support_sources): New.
* memory.h (xmalloc): Define xmalloc macros in terms of m_alloc.
|
| |
|
|
|
| |
"show-unusable-uids" list-option to show revoked and/or expired user IDs.
|
| |
|
|
|
|
| |
putting the [revoked] or [expired] in the space used for the [validity].
There is also no point in showing "[unknown] [revoked]".
|
| |
|
|
|
|
|
|
|
|
| |
* trustdb.c (validate_keys): Give a little more information while
rebuilding trustdb.
* pkclist.c (do_edit_ownertrust): Clarify "don't know".
* g10.c (main): Default to --no-mangle-dos-filenames.
|
| |
|
|
|
|
|
|
| |
the skipfnc to include a pointer to the user ID that matched.
* getkey.c (skip_disabled): Rename to skip_unusable, and add checks for
expired or revoked user IDs.
|
| |
|
|
|
|
|
| |
* options.h, g10.c (main), armor.c (armor_filter): Allow using --comment
multiple times to get multiple Comment: header lines. --no-comments resets
list.
|
| | |
|
