| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
"already clean" when a minimized key is minimized again. From Dirk
Traulsen.
|
| |
|
|
|
|
|
| |
--passphrase-repeat option to control how many times gpg will
re-prompt for a passphrase to ensure the user has typed it correctly.
Defaults to 1.
|
| |
|
|
|
|
| |
if make_printable_string returns a longer string. Fixes bug 728.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
packed s2k iteration count.
* main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c
(hash_passphrase): Add --s2k-count option to specify the number of s2k
hash iterations.
|
| |
|
|
|
| |
whatever key selector the user used on the command line.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
breakage of other partys of the code.
|
| | |
|
| | |
|
| |
|
|
|
| |
properly with uClibc.
|
| | |
|
| |
|
|
|
|
|
| |
union for preference hints rather than doing void * games.
* sign.c (sign_file): Use it here.
|
| |
|
|
|
|
|
| |
and one being DSA2 and encrypting at the same time, if the recipient
preferences give a hash that can work with the DSA2 key, then allow the
DSA1 key to be promoted rather than giving up and using hash_for().
|
| |
|
|
|
| |
a key that clearly isn't DSA1 (i.e. q!=160).
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
keygen_add_std_prefs, proc_parameter_file): Add --default-keyserver-url to
specify a keyserver URL at key generation time, and "Keyserver:" keyword
for doing the same through a batch file.
|
| |
|
|
|
| |
in what you accept, etc).
|
| |
|
|
|
|
| |
on an autoconverted public key. The check should only happen on the
sk size. Noted by Dirk Traulsen.
|
| |
|
|
|
|
|
|
| |
(not a copy) of the stub secret key for the secret key we just
generated on the card. (generate_card_subkeypair): Use it here so
that the signing key on the card can use the card to generate the 0x19
backsig on the primary key. Noted by Janko Heilgeist and Jonas Oberg.
|
| |
|
|
|
|
|
| |
This prevents a memory allocation attack with a very large user ID. A
very large packet length could even cause the allocation (a u32) to wrap
around to a small number. Noted by Evgeny Legerov on full-disclosure.
|
| | |
|
| |
|
|
|
| |
arbitrarily long temporary directory paths.
|
| |
|
|
|
|
|
| |
1024 when --enable-dsa2 is set). The size of q is set automatically based
on the key size. (ask_keysize, generate_keypair): Ask for DSA size when
--enable-dsa2 is set.
|
| |
|
|
|
| |
that is over 256 bytes long. Noted by Israel G. Lugo.
|
| |
|
|
|
|
|
|
| |
called with them closed. This is to protect our keyring/trustdb files
from corruption if they get attached to one of the standard fds. Print a
warning if possible that this has happened, and fail completely if we
cannot reopen (should never happen). (main): Call it here.
|
| |
|
|
|
|
|
|
|
| |
(build_sig_subpkt_from_sig), getkey.c (fixup_uidnode,
merge_selfsigs_main, merge_selfsigs_subkey), keygen.c
(keygen_add_key_expire): Fix meaning of key expiration and sig
expiration subpackets - zero means "never expire" according to 2440,
not "expire instantly".
|
| | |
|
| |
|
|
|
|
| |
problem when auto-key-locate returns a list of keys, not all of which are
usable (revoked, expired, etc). Noted by Simon Josefsson.
|
| |
|
|
|
| |
but no --keyserver set.
|
| |
|
|
|
|
| |
to add "_uri" to certain gpgkeys_xxx helpers when the meaning is
different if a path is provided (i.e. ldap).
|
| |
|
|
|
| |
a place not in the regular include search path.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to disable.
* pkclist.c (algo_available): If --enable-dsa2 is set, we're allowed to
truncate hashes to fit DSA keys.
* sign.c (match_dsa_hash): New. Return the best match hash for a given q
size. (do_sign, hash_for, sign_file): When signing with a DSA key, if it
has q==160, assume it is an old DSA key and don't allow truncation unless
--enable-dsa2 is also set. q!=160 always allows truncation since they
must be DSA2 keys. (make_keysig_packet): If the user doesn't specify a
--cert-digest-algo, use match_dsa_hash to pick the best hash for key
signatures.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
SHA-224.
* sign.c (write_plaintext_packet), encode.c (encode_simple): Factor
common literal packet setup code from here, to...
* main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure the
literal packet filename field is UTF-8 encoded.
* options.h, gpg.c (main): Make sure --set-filename is UTF-8 encoded
and note when filenames are already UTF-8.
|
| |
|
|
|
| |
have no need to backsign.
|
| |
|
|
|
| |
viewer at runtime. Seems FC5 doesn't have xloadimage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* keyedit.c (menu_backsign): Allow backsigning even if the secret
subkey doesn't have a binding signature.
* armor.c (radix64_read): Don't report EOF when reading only a pad (=)
character. The EOF actually starts after the pad.
* gpg.c (main): Make --export, --send-keys, --recv-keys,
--refresh-keys, and --fetch-keys follow their arguments from left to
right. Suggested by Peter Palfrader.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Fix strings to not start with a capital letter as per convention.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
than 160 bits as per DSA2. This will allow us to verify and issue DSA2
signatures for some backwards compatibility once we start generating DSA2
keys.
* sign.c (do_sign), sig-check.c (do_check): Change all callers.
* sign.c (do_sign): Enforce the 160-bit check for new signatures here
since encode_md_value can handle non-160-bit digests now. This will need
to come out once the standard for DSA2 is firmed up.
|
