| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
encode_crypt), sign.c (write_plaintext_packet): Use wipememory() instead
of memset() to wipe sensitive memory as the memset() might be optimized
away.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
like "fully trusted", "marginally trusted", etc. (get_min_ownertrust):
New. Return minimum ownertrust. (update_min_ownertrust): New. Set
minimum ownertrust. (check_regexp): New. Check a regular epression
against a user ID. (ask_ownertrust): Allow specifying a minimum value.
(get_ownertrust_info): Follow the minimum ownertrust when returning a
letter. (clear_validity): Remove minimum ownertrust when a key becomes
invalid. (release_key_items): Release regexp along with the rest of the
info. (validate_one_keyblock, validate_keys): Build a trust sig chain
while validating. Call check_regexp for regexps. Use the minimum
ownertrust if the user does not specify a genuine ownertrust.
* pkclist.c (do_edit_ownertrust): Only allow user to select a trust level
greater than the minimum value.
* parse-packet.c (can_handle_critical): Can handle critical trust and
regexp subpackets.
* trustdb.h, trustdb.c (clear_ownertrusts), delkey.c (do_delete_key),
import.c (import_one): Rename clear_ownertrust to clear_ownertrusts and
have it clear the min_ownertrust value as well.
* keylist.c (list_keyblock_print): Indent uid to match pub and sig.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.
* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.
* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
parse_import_options), g10.c (main): New import-option "convert-sk-to-pk"
to convert a secret key into a public key during import. It is on by
default.
|
| |
|
|
|
| |
has been assigned.
|
| |
|
|
|
|
|
|
|
| |
* keylist.c: (print_pubkey_info): New.
(print_seckey_info): New.
* main.h: Prototypes for the new functions.
* delkey.c (do_delete_key): Use it here.
* revoke.c (gen_desig_revoke): Ditto.
|
| |
|
|
|
|
| |
be enhanced to also show the current trust level. Suggested by
Florian Weimer.
|
| |
|
|
|
| |
before the options file is loaded.
|
| |
|
|
|
|
| |
--pgp2 mode as PGP 2 can't handle the unknown length literal packet.
Reported by Michael Richardson.
|
| |
|
|
|
|
|
|
|
|
| |
show_prompt, keyserver_search_prompt, keyserver_spawn): Go to version 1 of
the keyserver protocol. This is a better design, similar to
--with-colons, that allows for keys with multiple user IDs rather than
using multiple keys. It also matches the machine readable pksd format.
Also use a prettier --search-keys listing format that can fill different
size windows (currently set at 24 lines).
|
| |
|
|
|
|
| |
(do_generate_keypair): Use it to print the fingerprint.
(generate_subkeypair): Likewise.
|
| |
|
|
|
|
| |
Also, do not allow appointing the same revoker twice, and report
ALREADY_SIGNED if the user tries it.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* keylist.c (print_capabilities): Properly indicate per-key capabilities
of sign&encrypt primary keys that have secret-parts-missing (i.e. no
capabilities at all)
* mainproc.c (symkey_decrypt_sesskey): Fix compiler warning.
|
| |
|
|
|
|
|
|
|
| |
function as they may not have all their fields filled in.
* sig-check.c (signature_check2): Use new is_primary flag to check rather
than comparing main_keyid with keyid as this still works in the case of a
not fully filled in pk.
|
| |
|
|
|
|
|
|
| |
warning.
* passphrase.c (agent_get_passphrase): Fixed signed/unsigned char
problem in %-escaping. Noted by Ingo Kl�cker.
|
| |
|
|
|
| |
log_warning severity level from info to error.
|
| |
|
|
|
|
|
|
|
| |
that fact in the capabilities, and only primary signing keys can certify
other keys.
* packet.h, parse_packet.c (parse_key): Add is_primary flag for public
keys (it already exists for secret keys).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cipher when importing a secret key.
* keylist.c (list_keyblock_print): Show a '#' for a secret-parts-missing
key.
* parse_packet.c (parse_key): Some comments.
* revoke.c (gen_revoke): Remove some debugging code.
* trustdb.c (verify_own_keys): Make trusted-key a non-deprecated option
again.
* seckey-cert.c (do_check): Don't give the IDEA warning unless the cipher
in question is in fact IDEA.
|
| |
|
|
|
| |
clean ownertrust.
|
| |
|
|
|
|
|
| |
(merge_selfsigs_main): Use it here to look for an ultimately
trusted key. Using the full get_pubkey might lead to an
infinitive recursion.
|
| |
|
|
|
| |
lowercase to be case-insensitive.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* export.c (do_export_stream): Comment.
* sig-check.c (check_key_signature2): Properly handle a
non-designated revocation import.
2002-09-26 Werner Koch <[email protected]>
* g10.c (set_homedir): New. Changed all direct assignments to use
this.
* gpgv.c (set_homedir): Ditto.
|
| |
|
|
|
|
| |
Remove the old NETLIBS variable since the keyserver stuff is no longer
internal.
|
| |
|
|
|
|
| |
* keyring.c (keyring_rebuild_cache), sig-check.c (check_key_signature2),
import.c (import, chk_self_sigs): Minor language cleanups.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* keyserver.c (keyserver_spawn): Properly handle line truncation. Don't
leak memory (~10-20 bytes) on searches.
(keyserver_search_prompt): Cleanup.
* keylist.c (list_keyblock_colon): Show 1F direct key signatures in
--with-colons listing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* keyedit.c (menu_addrevoker): The direct key signature for revocation
keys must be at least v4 to carry the revocation key subpacket. Add a PGP
2.x warning for revocation keys.
* g10.c (check_permissions): Rearrange strings to make translating easier
(don't incorporate string parts).
* keyedit.c (sign_uids): Make strings translatable.
* sig-check.c (check_key_signature2): Make string translatable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2002-09-13 David Shaw <[email protected]>
* getkey.c (check_revocation_keys): Move....
* main.h, sig-check.c (check_revocation_keys): to here. Also
return the signature_check error code rather than 0/1 and cache
the sig result.
* sig-check.c (check_key_signature2): Divert to
check_revocation_keys if a revocation sig is made by someone other
than the pk owner.
* getkey.c (merge_selfsigs_main): Tidy.
2002-09-13 Werner Koch <[email protected]>
* g10.c (main) [__MINGW32__]: Activate oLoadExtension.
|
| |
|
|
|
| |
HKP support.
|
| |
|
|
|
| |
commands.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* misc.c (checksum_u16_nobug): Removed.
(checksum_u16): Removed the bug emulation.
(checksum_mpi): Ditto.
(checksum_mpi_counted_nbits): Removed and replaced all calls
with checksum_mpi.
* parse-packet.c (read_protected_v3_mpi): New.
(parse_key): Use it here to store it as an opaque MPI.
* seckey-cert.c (do_check): Changed the v3 unprotection to the new
why to store these keys.
(protect_secret_key): Likewise.
* build-packet.c (do_secret_key): And changed the writing.
|
| |
|
|
|
| |
(exec_write): Missed one tick.
|
| | |
|
| |
|
|
|
|
|
| |
Use a better error message for when no = is found.
* hkp.c (hkp_export): Use CRLF in headers.
|
| |
|
|
|
|
|
| |
printing the list of keys a message was encrypted to. This would make gpg
give a non-zero exit code even for completely valid messages if the
message was encrypted to more than one key that the user owned.
|
| |
|
|
|
|
|
|
|
| |
used one in verbosity level 3.
* gpgv.c (main): Try to set a default character set.
* status.c, status.h (STATUS_IMPORT_OK): New.
* import.c (import_one,import_secret_one): Print new status.
|
| |
|
|
|
|
| |
user. This (or a disabled key) fail with "unavailable pubkey"
(G10ERR_UNU_PUBKEY).
|
| |
|
|
|
|
|
|
|
| |
* options.skel: The PGP LDAP keyserver is back. Use MIT keyserver as a
sample rather than cryptnet as cryptnet does not support searching yet.
* keyedit.c (show_key_with_all_names): Fix error message (preferences are
userid/selfsig and not key specific).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* encode.c (encode_simple,encode_crypt): Use new style CTB for
compressssed packets when using MDC. We need to do this so that
concatenated messages are properly decrypted. Old style
compression assumes that it is the last packet; given that we
can't determine the length in advance, the uncompressor does not
know where to start. Actually we should use the new CTB always
but this would break PGP 2 compatibility.
* parse-packet.c (parse): Special treatment for new style CTB
compressed packets.
* build-packet.c (do_mdc): Removed. Was not used.
(do_encrypted_mdc): Count the version number and the MDC packet.
|
| |
|
|
|
|
| |
* keyserver.c (print_keyinfo): More readable key listings for
--search-keys responses.
|
| |
|
|
|
|
|
| |
"dehtmlize" function. Remove HTML before trying to parse each line from
the keyserver. If the keyserver provides key type information in the
listing, use it.
|
| |
|
|
|
|
|
|
| |
even for cached sigs. This also serves to protect against missing a sig
expiring while cached.
* getkey.c (merge_selfsigs_main): Don't check UID self-sigs twice.
|
