* plaintext.c: Copyright.

* encode.c (encode_simple): Show cipher with --verbose.

* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level.  If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.

* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.

7 files changed, 201 insertions, 172 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 3bf57da08..03aa220ed 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,18 @@
+2004-02-24  David Shaw  <[email protected]>
+
+	* plaintext.c: Copyright.
+
+	* encode.c (encode_simple): Show cipher with --verbose.
+
+	* options.h, g10.c (main), keyedit.c (sign_keys): Add
+	--ask-cert-level option to enable cert level prompts during
+	sigs. Defaults to on.  Simplify --default-cert-check-level to
+	--default-cert-level.  If ask-cert-level is off, or batch is on,
+	use the default-cert-level as the cert level.
+
+	* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs):
+	Simplify --min-cert-check-level to --min-cert-level.
+
 2004-02-22  David Shaw  <[email protected]>
 
 	* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
diff --git a/g10/encode.c b/g10/encode.c
index 95df2f682..f841dc97b 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -1,6 +1,6 @@
 /* encode.c - encode data
- * Copyright (C) 1998, 1999, 2000, 2001, 2002,
- *               2003 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ *               2004 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -217,6 +217,10 @@ encode_simple( const char *filename, int mode, int use_seskey )
             m_free( cfx.dek ); cfx.dek = dek;
 	  }
 
+	if(opt.verbose)
+	  log_info(_("using cipher %s\n"),
+		   cipher_algo_to_string(cfx.dek->algo));
+
 	cfx.dek->use_mdc=use_mdc(NULL,cfx.dek->algo);
     }
 
diff --git a/g10/g10.c b/g10/g10.c
index 455b39558..e4a72f6bd 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -148,12 +148,14 @@ enum cmd_and_opt_values
     oNoAskSigExpire,
     oAskCertExpire,
     oNoAskCertExpire,
+    oAskCertLevel,
+    oNoAskCertLevel,
     oFingerprint,
     oWithFingerprint,
     oAnswerYes,
     oAnswerNo,
-    oDefCertCheckLevel,
-    oMinCertCheckLevel,
+    oDefCertLevel,
+    oMinCertLevel,
     oKeyring,
     oPrimaryKeyring,
     oSecretKeyring,
@@ -437,6 +439,8 @@ static ARGPARSE_OPTS opts[] = {
     { oNoAskSigExpire, "no-ask-sig-expire",   0, "@"},
     { oAskCertExpire, "ask-cert-expire",   0, "@"},
     { oNoAskCertExpire, "no-ask-cert-expire",   0, "@"},
+    { oAskCertLevel, "ask-cert-level",   0, "@"},
+    { oNoAskCertLevel, "no-ask-cert-level",   0, "@"},
     { oOutput, "output",    2, N_("use as output file")},
     { oMaxOutput, "max-output", 16|4, "@" },
     { oVerbose, "verbose",   0, N_("verbose") },
@@ -567,8 +571,9 @@ static ARGPARSE_OPTS opts[] = {
     { oSkipVerify, "skip-verify",0, "@" },
     { oCompressKeys, "compress-keys",0, "@"},
     { oCompressSigs, "compress-sigs",0, "@"},
-    { oDefCertCheckLevel, "default-cert-check-level", 1, "@"},
-    { oMinCertCheckLevel, "min-cert-check-level", 1, "@"},
+    { oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */
+    { oDefCertLevel, "default-cert-level", 1, "@"},
+    { oMinCertLevel, "min-cert-level", 1, "@"},
     { oAlwaysTrust, "always-trust", 0, "@"},
     { oTrustModel, "trust-model", 2, "@"},
     { oForceOwnertrust, "force-ownertrust", 2, "@"},
@@ -1440,7 +1445,7 @@ main( int argc, char **argv )
       VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
     opt.trust_model=TM_AUTO;
     opt.mangle_dos_filenames=0;
-    opt.min_cert_check_level=2;
+    opt.min_cert_level=2;
     set_screen_dimensions();
 #if defined (_WIN32)
     set_homedir ( read_w32_registry_string( NULL,
@@ -1781,8 +1786,8 @@ main( int argc, char **argv )
 	    break;
 	  case oNoArmor: opt.no_armor=1; opt.armor=0; break;
 	  case oNoDefKeyring: default_keyring = 0; break;
-          case oDefCertCheckLevel: opt.def_cert_check_level=pargs.r.ret_int; break;
-          case oMinCertCheckLevel: opt.min_cert_check_level=pargs.r.ret_int; break;
+          case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
+          case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
 	  case oNoGreeting: nogreeting = 1; break;
 	  case oNoVerbose: g10_opt_verbose = 0;
 			   opt.verbose = 0; opt.list_sigs=0; break;
@@ -1997,6 +2002,8 @@ main( int argc, char **argv )
 	  case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
 	  case oAskCertExpire: opt.ask_cert_expire = 1; break;
 	  case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
+	  case oAskCertLevel: opt.ask_cert_level = 1; break;
+	  case oNoAskCertLevel: opt.ask_cert_level = 0; break;
 	  case oUser: /* store the local users */
 	    add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
 	    break;
@@ -2480,8 +2487,10 @@ main( int argc, char **argv )
       log_error(_("marginals-needed must be greater than 1\n"));
     if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
       log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
-    if( opt.min_cert_check_level < 1 || opt.min_cert_check_level > 3 )
-      log_error(_("min-cert-check-level must be in the range from 1 to 3\n"));
+    if(opt.def_cert_level<0 || opt.def_cert_level>3)
+      log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n"));
+    if( opt.min_cert_level < 1 || opt.min_cert_level > 3 )
+      log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
     switch( opt.s2k_mode ) {
       case 0:
 	log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n"));
@@ -2491,16 +2500,14 @@ main( int argc, char **argv )
 	log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
     }
 
-    if(opt.def_cert_check_level<0 || opt.def_cert_check_level>3)
-      log_error(_("invalid default-check-level; must be 0, 1, 2, or 3\n"));
-
     /* This isn't actually needed, but does serve to error out if the
        string is invalid. */
     if(opt.def_preference_list &&
 	keygen_set_std_prefs(opt.def_preference_list,0))
       log_error(_("invalid default preferences\n"));
 
-    /* We provide defaults for the personal digest list */
+    /* We provide defaults for the personal digest list.  This is
+       SHA-1. */
     if(!pers_digest_list)
       pers_digest_list="h2";
 
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 3a8fc96f3..a22005fb2 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -761,8 +761,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 	  ;
 	else
 	  {
-	    if(opt.batch)
-	      class=0x10+opt.def_cert_check_level;
+	    if(opt.batch || !opt.ask_cert_level)
+	      class=0x10+opt.def_cert_level;
 	    else
 	      {
 		char *answer;
@@ -773,13 +773,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 			     "answer, enter \"0\".\n"));
 		tty_printf("\n");
 		tty_printf(_("   (0) I will not answer.%s\n"),
-			   opt.def_cert_check_level==0?" (default)":"");
+			   opt.def_cert_level==0?" (default)":"");
 		tty_printf(_("   (1) I have not checked at all.%s\n"),
-			   opt.def_cert_check_level==1?" (default)":"");
+			   opt.def_cert_level==1?" (default)":"");
 		tty_printf(_("   (2) I have done casual checking.%s\n"),
-			   opt.def_cert_check_level==2?" (default)":"");
+			   opt.def_cert_level==2?" (default)":"");
 		tty_printf(_("   (3) I have done very careful checking.%s\n"),
-			   opt.def_cert_check_level==3?" (default)":"");
+			   opt.def_cert_level==3?" (default)":"");
 		tty_printf("\n");
 
 		while(class==0)
@@ -787,7 +787,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 		    answer = cpr_get("sign_uid.class",_("Your selection? "
 					"(enter '?' for more information): "));
 		    if(answer[0]=='\0')
-		      class=0x10+opt.def_cert_check_level; /* Default */
+		      class=0x10+opt.def_cert_level; /* Default */
 		    else if(ascii_strcasecmp(answer,"0")==0)
 		      class=0x10; /* Generic */
 		    else if(ascii_strcasecmp(answer,"1")==0)
diff --git a/g10/options.h b/g10/options.h
index 53821aa0d..ef7a4b36f 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -38,161 +38,163 @@
 #endif
 
 EXTERN_UNLESS_MAIN_MODULE
-struct {
-    int verbose;
-    int quiet;
-    unsigned debug;
-    int armor;
-    char *outfile;
-    off_t max_output;
-    int dry_run;
-    int list_only;
-    int textmode;
-    int expert;
-    int ask_sig_expire;
-    int ask_cert_expire;
-    int batch;	    /* run in batch mode */
-    int answer_yes; /* answer yes on most questions */
-    int answer_no;  /* answer no on most questions */
-    int check_sigs; /* check key signatures */
-    int with_colons;
-    int with_key_data;
-    int with_fingerprint; /* opt --with-fingerprint active */
-    int fingerprint; /* list fingerprints */
-    int list_sigs;   /* list signatures */
-    int no_armor;
-    int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
-    int def_cipher_algo;
-    int force_v3_sigs;
-    int force_v4_certs;
-    int force_mdc;
-    int disable_mdc;
-    int def_digest_algo;
-    int cert_digest_algo;
-    int compress_algo;
-    int compress_level;
-    int bz2_compress_level;
-    int bz2_compress_lowmem;
-    const char *def_secret_key;
-    char *def_recipient;
-    int def_recipient_self;
-    int def_cert_check_level;
-    int min_cert_check_level;
-    int sk_comments;
-    int no_version;
-    int marginals_needed;
-    int completes_needed;
-    int max_cert_depth;
-    const char *homedir;
+struct
+{
+  int verbose;
+  int quiet;
+  unsigned debug;
+  int armor;
+  char *outfile;
+  off_t max_output;
+  int dry_run;
+  int list_only;
+  int textmode;
+  int expert;
+  int ask_sig_expire;
+  int ask_cert_expire;
+  int batch;	    /* run in batch mode */
+  int answer_yes; /* answer yes on most questions */
+  int answer_no;  /* answer no on most questions */
+  int check_sigs; /* check key signatures */
+  int with_colons;
+  int with_key_data;
+  int with_fingerprint; /* opt --with-fingerprint active */
+  int fingerprint; /* list fingerprints */
+  int list_sigs;   /* list signatures */
+  int no_armor;
+  int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
+  int def_cipher_algo;
+  int force_v3_sigs;
+  int force_v4_certs;
+  int force_mdc;
+  int disable_mdc;
+  int def_digest_algo;
+  int cert_digest_algo;
+  int compress_algo;
+  int compress_level;
+  int bz2_compress_level;
+  int bz2_compress_lowmem;
+  const char *def_secret_key;
+  char *def_recipient;
+  int def_recipient_self;
+  int def_cert_level;
+  int min_cert_level;
+  int ask_cert_level;
+  int sk_comments;
+  int no_version;
+  int marginals_needed;
+  int completes_needed;
+  int max_cert_depth;
+  const char *homedir;
 
-    char *display;      /* 5 options to be passed to the gpg-agent */
-    char *ttyname;     
-    char *ttytype;
-    char *lc_ctype;
-    char *lc_messages;
+  char *display;      /* 5 options to be passed to the gpg-agent */
+  char *ttyname;     
+  char *ttytype;
+  char *lc_ctype;
+  char *lc_messages;
 
-    int skip_verify;
-    int compress_keys;
-    int compress_sigs;
-    /* TM_CLASSIC must be zero to accomodate trustdbs generated before
-       we started storing the trust model inside the trustdb. */
-    enum
-      {
-	TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, TM_ALWAYS, TM_AUTO
-      } trust_model;
-    int force_ownertrust;
-    enum
-      {
-	CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8
-      } compliance;
-    int pgp2_workarounds;
-    int shm_coprocess;
-    const char *set_filename;
-    STRLIST comments;
-    int throw_keyid;
-    const char *photo_viewer;
-    int s2k_mode;
-    int s2k_digest_algo;
-    int s2k_cipher_algo;
-    int simple_sk_checksum; /* create the deprecated rfc2440 secret
-                               key protection*/
-    int not_dash_escaped;
-    int escape_from;
-    int lock_once;
-    char *keyserver_uri;
-    char *keyserver_scheme;
-    char *keyserver_host;
-    char *keyserver_port;
-    char *keyserver_opaque;
-    struct
+  int skip_verify;
+  int compress_keys;
+  int compress_sigs;
+  /* TM_CLASSIC must be zero to accomodate trustdbs generated before
+     we started storing the trust model inside the trustdb. */
+  enum
+    {
+      TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, TM_ALWAYS, TM_AUTO
+    } trust_model;
+  int force_ownertrust;
+  enum
     {
-      int verbose;
-      int include_revoked;
-      int include_disabled;
-      int include_subkeys;
-      int use_temp_files;
-      int keep_temp_files;
-      int fake_v3_keyids;
-      int auto_key_retrieve;
-      int try_dns_srv;
-      unsigned int import_options;
-      unsigned int export_options;
-      STRLIST other;
-    } keyserver_options;
-    int exec_disable;
-    int exec_path_set;
+      CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8
+    } compliance;
+  int pgp2_workarounds;
+  int shm_coprocess;
+  const char *set_filename;
+  STRLIST comments;
+  int throw_keyid;
+  const char *photo_viewer;
+  int s2k_mode;
+  int s2k_digest_algo;
+  int s2k_cipher_algo;
+  int simple_sk_checksum; /* create the deprecated rfc2440 secret
+			     key protection*/
+  int not_dash_escaped;
+  int escape_from;
+  int lock_once;
+  char *keyserver_uri;
+  char *keyserver_scheme;
+  char *keyserver_host;
+  char *keyserver_port;
+  char *keyserver_opaque;
+  struct
+  {
+    int verbose;
+    int include_revoked;
+    int include_disabled;
+    int include_subkeys;
+    int use_temp_files;
+    int keep_temp_files;
+    int fake_v3_keyids;
+    int auto_key_retrieve;
+    int try_dns_srv;
     unsigned int import_options;
     unsigned int export_options;
-    unsigned int list_options;
-    unsigned int verify_options;
-    char *def_preference_list;
-    prefitem_t *personal_cipher_prefs;
-    prefitem_t *personal_digest_prefs;
-    prefitem_t *personal_compress_prefs;
-    int no_perm_warn;
-    int no_mdc_warn;
-    char *temp_dir;
-    int no_encrypt_to;
-    int interactive;
-    STRLIST sig_notation_data;
-    STRLIST cert_notation_data;
-    STRLIST sig_policy_url;
-    STRLIST cert_policy_url;
-    STRLIST sig_keyserver_url;
-    int use_embedded_filename;
-    int allow_non_selfsigned_uid;
-    int allow_freeform_uid;
-    int no_literal;
-    ulong set_filesize;
-    int fast_list_mode;
-    int fixed_list_mode;
-    int ignore_time_conflict;
-    int ignore_valid_from;
-    int ignore_crc_error;
-    int ignore_mdc_error;
-    int command_fd;
-    const char *override_session_key;
-    int show_session_key;
-    int use_agent;
-    const char *gpg_agent_info;
-    int try_all_secrets;
-    int no_expensive_trust_checks;
-    int no_sig_cache;
-    int no_sig_create_check;
-    int no_auto_check_trustdb;
-    int preserve_permissions;
-    int no_homedir_creation;
-    struct groupitem *grouplist;
-    int strict;
-    int mangle_dos_filenames; 
-    int enable_progress_filter;
-    int screen_columns;
-    int screen_lines;
+    STRLIST other;
+  } keyserver_options;
+  int exec_disable;
+  int exec_path_set;
+  unsigned int import_options;
+  unsigned int export_options;
+  unsigned int list_options;
+  unsigned int verify_options;
+  char *def_preference_list;
+  prefitem_t *personal_cipher_prefs;
+  prefitem_t *personal_digest_prefs;
+  prefitem_t *personal_compress_prefs;
+  int no_perm_warn;
+  int no_mdc_warn;
+  char *temp_dir;
+  int no_encrypt_to;
+  int interactive;
+  STRLIST sig_notation_data;
+  STRLIST cert_notation_data;
+  STRLIST sig_policy_url;
+  STRLIST cert_policy_url;
+  STRLIST sig_keyserver_url;
+  int use_embedded_filename;
+  int allow_non_selfsigned_uid;
+  int allow_freeform_uid;
+  int no_literal;
+  ulong set_filesize;
+  int fast_list_mode;
+  int fixed_list_mode;
+  int ignore_time_conflict;
+  int ignore_valid_from;
+  int ignore_crc_error;
+  int ignore_mdc_error;
+  int command_fd;
+  const char *override_session_key;
+  int show_session_key;
+  int use_agent;
+  const char *gpg_agent_info;
+  int try_all_secrets;
+  int no_expensive_trust_checks;
+  int no_sig_cache;
+  int no_sig_create_check;
+  int no_auto_check_trustdb;
+  int preserve_permissions;
+  int no_homedir_creation;
+  struct groupitem *grouplist;
+  int strict;
+  int mangle_dos_filenames; 
+  int enable_progress_filter;
+  int screen_columns;
+  int screen_lines;
 
 #ifdef ENABLE_CARD_SUPPORT
-    const char *ctapi_driver; /* Library to access the ctAPI. */
-    const char *pcsc_driver;  /* Library to access the PC/SC system. */
-    int disable_ccid;    /* Disable the use of the internal CCID driver. */
+  const char *ctapi_driver; /* Library to access the ctAPI. */
+  const char *pcsc_driver;  /* Library to access the PC/SC system. */
+  int disable_ccid;    /* Disable the use of the internal CCID driver. */
 #endif /*ENABLE_CARD_SUPPORT*/
 
 } opt;
diff --git a/g10/plaintext.c b/g10/plaintext.c
index a998acbb2..e9b9918cb 100644
--- a/g10/plaintext.c
+++ b/g10/plaintext.c
@@ -1,5 +1,6 @@
 /* plaintext.c -  process plaintext packets
- * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ *               2004 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
diff --git a/g10/trustdb.c b/g10/trustdb.c
index ab3b12527..3156116f3 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1382,7 +1382,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
       if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
         continue; /* we only look at these signature classes */
       if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
-	 sig->sig_class-0x10<opt.min_cert_check_level)
+	 sig->sig_class-0x10<opt.min_cert_level)
 	continue;
       if (!is_in_klist (klist, sig))
         continue;  /* no need to check it then */