| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
| |
problem when auto-key-locate returns a list of keys, not all of which are
usable (revoked, expired, etc). Noted by Simon Josefsson.
|
| |
|
|
|
| |
but no --keyserver set.
|
| |
|
|
|
|
| |
to add "_uri" to certain gpgkeys_xxx helpers when the meaning is
different if a path is provided (i.e. ldap).
|
| |
|
|
|
| |
a place not in the regular include search path.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to disable.
* pkclist.c (algo_available): If --enable-dsa2 is set, we're allowed to
truncate hashes to fit DSA keys.
* sign.c (match_dsa_hash): New. Return the best match hash for a given q
size. (do_sign, hash_for, sign_file): When signing with a DSA key, if it
has q==160, assume it is an old DSA key and don't allow truncation unless
--enable-dsa2 is also set. q!=160 always allows truncation since they
must be DSA2 keys. (make_keysig_packet): If the user doesn't specify a
--cert-digest-algo, use match_dsa_hash to pick the best hash for key
signatures.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
SHA-224.
* sign.c (write_plaintext_packet), encode.c (encode_simple): Factor
common literal packet setup code from here, to...
* main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure the
literal packet filename field is UTF-8 encoded.
* options.h, gpg.c (main): Make sure --set-filename is UTF-8 encoded
and note when filenames are already UTF-8.
|
| |
|
|
|
| |
have no need to backsign.
|
| |
|
|
|
| |
viewer at runtime. Seems FC5 doesn't have xloadimage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* keyedit.c (menu_backsign): Allow backsigning even if the secret
subkey doesn't have a binding signature.
* armor.c (radix64_read): Don't report EOF when reading only a pad (=)
character. The EOF actually starts after the pad.
* gpg.c (main): Make --export, --send-keys, --recv-keys,
--refresh-keys, and --fetch-keys follow their arguments from left to
right. Suggested by Peter Palfrader.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Fix strings to not start with a capital letter as per convention.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
than 160 bits as per DSA2. This will allow us to verify and issue DSA2
signatures for some backwards compatibility once we start generating DSA2
keys.
* sign.c (do_sign), sig-check.c (do_check): Change all callers.
* sign.c (do_sign): Enforce the 160-bit check for new signatures here
since encode_md_value can handle non-160-bit digests now. This will need
to come out once the standard for DSA2 is firmed up.
|
| |
|
|
|
| |
than causing an error.
|
| | |
|
| |
|
|
|
| |
sig_to_notation conversion. Noted by Peter Palfradrer.
|
| | |
|
| |
|
|
|
|
|
| |
both the fingerprint alone, and fingerprint+URL cases.
* getkey.c (get_pubkey_byname): Minor cleanup.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
same API as the other auto-key-locate fetchers.
* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched. This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it. In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker. By forcing the use of
the fingerprint, we won't use the attacker's key here.
|
| |
|
|
|
|
| |
keyserver_import_cert, keyserver_import_name, keyserver_import_ldap):
Pass fingerprint info through.
|
| |
|
|
|
|
| |
the key being imported. (import_keys_internal, import_keys_stream,
import): Change all callers.
|
| |
|
|
|
|
|
|
|
| |
is no backsig present. Give a URL for more information.
* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.
|
| |
|
|
|
|
|
|
| |
to be deleted with a '-' prefix.
* keyedit.c (menu_set_notation): Use it here to allow deleting a notation
marked with '-'. This works with either "-notation" or "-notation=value".
|
| | |
|
| |
|
|
|
|
|
| |
self-signatures. (keyedit_menu): Call it here.
(tty_print_notations): Helper. (show_prefs): Show notations in
"showpref".
|
| |
|
|
|
| |
duplicate code by using notation functions.
|
| |
|
|
|
|
| |
(keygen_add_notations): Provide printable text for non-human-readable
notation values.
|
| |
|
|
|
|
| |
(keygen_add_notations): Tweak to handle non-human-readable notation
values.
|
| |
|
|
|
|
|
|
|
|
| |
Use it here for the various notation commands.
* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.
|
| |
|
|
|
|
|
|
|
| |
pka-lookups, not pka-lookup.
* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
|
| |
|
|
|
|
|
| |
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
|
| | |
|
| |
|
|
|
| |
is not a PGP 2.x algorithm.
|
| |
|
|
|
| |
algorithm.
|
| |
|
|
|
| |
There is still one problem to solve.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
"pka" when those features are disabled.
* misc.c (has_invalid_email_chars): Fix some C syntax that broke the
compilers on SGI IRIX MIPS and Compaq/DEC OSF/1 Alpha. Noted by Nelson H.
F. Beebe.
|
| |
|
|
|
| |
Josefsson's page for CERT.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--no-auto-key-locate.
* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.
* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New. Find a keyserver that matches ours and
return its spec.
* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
|
| |
|
|
|
| |
used.
|
| |
|
|
|
|
| |
treatment of include-revoked, include-subkeys, and try-dns-srv. These are
keyserver features, and GPG shouldn't get involved here.
|
| |
|
|
|
| |
options to the list, as ordering may be significant to the user.
|
| |
|
|
|
| |
adding notations. Noted by Christian Biere.
|
| |
|
|
|
|
|
| |
(parse_keyserver_options): Moved from here. (parse_keyserver_uri): Use it
here so each keyserver can have some private options in addition to the
main keyserver-options (e.g. per-keyserver auth).
|
| |
|
|
|
|
| |
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
|
