| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
(agent_scd_writekey, inq_writekey_parms): New.
(agent_openpgp_storekey): Removed.
* cardglue.h: Add a few more error code mappings.
* keygen.c (copy_mpi): Removed.
(save_unprotected_key_to_card): Changed to use agent_scd_writekey.
* app-common.h, app-openpgp.c, tlv.c, tlv.h: Updated from newer
version in gnupg 1.9 CVS.
|
| |
|
|
|
|
| |
bit in the R-block than in the I block, this was wrong at one
place. Fixes bug #419 and hopefully several others.
|
| |
|
|
|
|
|
|
|
|
|
| |
comment packets.
* export.c (do_export_stream): Don't export comment packets any
longer.
* options.h, g10.c (main): Remove --sk-comments and --no-sk-comments
options, and replace with no-op.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
selfsig into both the pk and sk, so that someone importing their sk (which
will get an autoconvert to the pk) won't end up with two selfsigs.
(do_generate_keypair): Call it from here.
* parse-packet.c (can_handle_critical_notation): New. Check for
particular notation tags that we will accept when critical. Currently,
that's only [email protected], since we know how to handle
it (pass it through to a mail program). (can_handle_critical): Call it
from here. (parse_one_sig_subpkt): Sanity check that notations are
well-formed in that the internal lengths add up to the size of the
subpacket.
|
| |
|
|
|
|
| |
Some folks reported that it makes the SCR335 hang less often.
Look at the source on how to re-enable it.
|
| |
|
|
|
|
|
|
| |
(sign_file, clearsign_file, sign_symencrypt_file), g10.c (main), keyedit.c
(sign_uids): Use seconds rather than days internally to calculate
expiration. We no longer need the day-based code as we don't generate v3
keys.
|
| |
|
|
|
| |
default sig expire value when signing in batchmode.
|
| |
|
|
|
| |
use any of these functions any longer.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(do_generate_keypair): Use it here rather than creating and deleting a
comment packet.
* keygen.c (gen_elg, gen_dsa): Do not put public factors in secret key as
a comment.
* options.h, encode.c (encode_simple, encode_crypt), keygen.c (do_create):
Remove disabled comment packet code.
|
| |
|
|
|
| |
preferences.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
--default-cert-expire options. Suggested by Florian Weimer.
* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.
* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed all callers.
(ask_passphrase): Add new arg CACHEID and use it in agent mode.
Changed all callers.
(passphrase_clear_cache): New arg CACHEID. Changed all callers.
* cardglue.c (format_cacheid): New.
(pin_cb): Compute a cache ID.
(agent_scd_pksign, agent_scd_pkdecrypt): Use it.
(agent_clear_pin_cache): New.
* card-util.c (change_pin): Clear the PIN cache.
(check_pin_for_key_operation): Ditto.
|
| |
|
|
|
|
|
|
|
|
| |
no-pubkey and chosen revocation cases. (clean_uid): New function to
clean a user ID of unusable (as defined by mark_usable_uid_certs)
certs.
* keyedit.c (keyedit_menu, menu_clean_uids): Call it here for new
"clean" command that removes unusable sigs from a key.
|
| |
|
|
|
|
| |
specifying user ID via the namehash from --with-colons
--fixed-list-mode --list-keys. Suggested by Peter Palfrader.
|
| |
|
|
|
|
|
| |
a key without specifying which user IDs to sign, and declines to sign
all user IDs, walk through the set of user IDs and prompt for which to
sign.
|
| |
|
|
|
|
|
| |
extra check for a bad passphrase and/or unknown cipher algorithm here.
We'll fail quite happily later, and usually with a better error
message to boot.
|
| |
|
|
|
| |
* sign.c (hash_for): Comments.
|
| |
|
|
|
|
|
|
|
|
|
| |
(add_keyserver_url): Use isascii() to protect the isfoo macros and
to replace direct tests. Possible problems noted by Christian
Biere.
* keyserver.c (parse_keyserver_uri): Ditto.
* g10.c (main): Declare --pipemode deprecated.
* misc.c (deprecated_command): New.
|
| |
|
|
|
|
|
|
|
| |
* card-util.c (card_edit): Add command "verify". Enhanced admin
command to allow optional arguments "on", "off" and "verify".
(card_status): Print private DOs in colon mode.
* app-openpgp.c (do_check_pin): Add hack to allow verification of
CHV3.
|
| |
|
|
|
|
|
| |
old ad-hoc connection code to gpg-agent. We do need this for the
forthcoming diversion of card code to an already running gpg-agent
with card-support.
|
| |
|
|
|
| |
signatures that use hashes other than SHA-1, RIPEMD160, or MD5.
|
| |
|
|
|
| |
AES key sizes.
|
| |
|
|
|
| |
callers. We no longer need to append to $PATH.
|
| |
|
|
|
|
| |
flag 4. Use log_info for errors registering the default secret key.
* g10.c (main): Flag the default keyrings.
|
| |
|
|
|
|
| |
Rather, call keyserver helpers with the full path. This fixes some
PATH-inspired DLL problems on W32. Noted by Carlo Luciano Bianco.
|
| |
|
|
|
| |
not there. This may happen due to typos in the translation.
|
| |
|
|
|
|
|
|
|
| |
* openfile.c (ask_outfile_name): Enable readline completion when prompting
for an output filename.
* plaintext.c (ask_for_detached_datafile): Enable readline completion when
prompting for a detached sig datafile.
|
| |
|
|
|
|
| |
indentation.
* card-util.c (command_generator, card_edit_completion): Ditto.
|
| |
|
|
|
|
|
| |
[GNUPG_MAJOR_VERSION==1 && HAVE_LIBREADLINE]: New functions to enable
command completion in the --card-edit menu. (card_edit): Call them
here.
|
| |
|
|
|
|
| |
New functions to enable command completion in the --edit-key menu.
(keyedit_menu): Call them here.
|
| |
|
|
|
| |
pick a disabled default. Noted by David Crick.
|
| |
|
|
|
| |
$libexecdir.
|
| |
|
|
|
|
| |
treat 'verbose' and 'include-disabled' as special. Just pass them through
silently to the keyserver helper.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
reader type specific.
(scan_or_find_devices): Do not check the interface subclass in the
SPR532 kludge, as this depends on the firmware version.
(ccid_get_atr): Get the Slot status first. This solves the
problem with readers hanging on recent Linux 2.6.x.
(bulk_in): Add argument TIMEOUT and changed all callers to pass an
appropriate one. Change the standard timeout from 10 to 5 seconds.
(ccid_slot_status): Add a retry code with an initial short timeout.
(do_close_reader): Do an usb_reset before closing the reader.
|
| |
|
|
|
|
|
|
| |
localized asctimestamp to match the timezone used in the key
information.
* miscutil.c (isotimestamp): New.
|
| |
|
|
|
|
|
|
| |
* mk-w32-dist: Check for patch files.
* w32installer.nsi: Translated a few more strings. Print a
warning if permssions are not suitable for the installation.
Add Uninstaller entries.
|
| |
|
|
|
| |
alias for http-proxy.
|
| |
|
|
|
| |
preventing --delete-secret-and-public-keys from deleting secret keys.
|
| |
|
|
|
| |
earlier.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #423.
* DETAILS: Document new status codes.
* cardglue.c (agent_scd_pkdecrypt, agent_scd_pksign)
(agent_scd_genkey, agent_scd_setattr, agent_scd_change_pin)
(agent_scd_checkpin, agent_openpgp_storekey): Make sure to send a
SC_OP_FAILURE after card operations which might change data.
* card-util.c (change_pin): Send a SC_OP_SUCCESS after a PIN has
been changed.
(change_name): Removed a debug output.
* status.h, status.c: New codes BAD_PASSPHRASE_PIN, SC_OP_FAILURE
and SC_OP_SUCCESS.
* de.po: Updated. Translation is still in the works, though.
|
| |
|
|
|
| |
from a place where it is useful (i.e. --edit-key and not --sign-key).
|
| |
|
|
|
|
|
|
| |
keyserver if no URL is available.
* w32installer.nsi: Added page to select the language.
* mk-w32-dist: Create the opt.ini using the available languages.
|
| |
|
|
|
|
|
|
| |
* passphrase.c (agent_get_passphrase): Don't call free_public_key
if PK is NULL.
(passphrase_clear_cache): Ditto. Removed debug output.
(passphrase_to_dek): Ditto.
|
| |
|
|
|
| |
regards to the Mister and Zuccherato attack on OpenPGP CFB mode.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
is dirty and --interactive is set, do an --update-trustdb. If not
interactive, do a --check_trustdb unless --no-auto-check-trustdb is
set.
* import.c (import_keys_internal): Moved from here.
* keyserver.c (keyserver_refresh): Call it here after all refreshing
has happened so that we don't rebuild after each preferred keyserver
set of imports, but do one big rebuild at the end. This is Debian bug
#293816, noted by Kurt Roeckx.
|
| |
|
|
|
| |
backsigs code.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
before the encryption key. This is a partial workaround for a PGP bug
(as of this writing, all versions including 8.1), that causes it to
try and encrypt to the most recent subkey regardless of whether that
subkey is actually an encryption type. In this case, the auth key is
an RSA key so it succeeds.
|
| |
|
|
|
|
|
|
|
| |
instead of 0x0000000000000000 for the invalid key ID since all-zeroes
is reserved for the anonymous recipient.
* keyedit.c (change_passphrase), keygen.c (generate_subkeypair): Fix a
string ;)
|
| |
|
|
|
|
|
|
|
|
| |
ask for the passphrase. Return an error if the primary key is a
plain stub.
* keyedit.c (change_passphrase): Don't ever change any stub key.
Print a note if a key consists of only stub keys. Reported by
Dany Nativel. These are bugs #401 and #402.
|
