6 files changed, 69 insertions, 12 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 978935d45..4e7144359 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,15 @@
+2002-11-01  David Shaw  <[email protected]>
+
+	* g10.c (main): Add --no-throw-keyid.
+
+	* keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main),
+	pkclist.c (build_pk_list): Add --hidden-recipient (-R) and
+	--hidden-encrypt-to, which do a single-user variation on
+	--throw-keyid.  The "hide this key" flag is carried in bit 0 of
+	the pk_list flags field.
+
+	* keyserver.c (parse_keyrec): Fix shadowing warning.
+
 2002-10-31  Stefan Bellon  <[email protected]>
 
 	* compress.c (init_compress) [__riscos__]: Use
diff --git a/g10/encode.c b/g10/encode.c
index 6727c08ed..b635ce0b4 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -699,7 +699,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
 	enc = m_alloc_clear( sizeof *enc );
 	enc->pubkey_algo = pk->pubkey_algo;
 	keyid_from_pk( pk, enc->keyid );
-	enc->throw_keyid = opt.throw_keyid;
+	enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));
 
 	if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7))
 	  {
diff --git a/g10/g10.c b/g10/g10.c
index 5aa0dbfbc..96696ae40 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -65,6 +65,7 @@ enum cmd_and_opt_values { aNull = 0,
     oOutput	  = 'o',
     oQuiet	  = 'q',
     oRecipient	  = 'r',
+    oHiddenRecipient = 'R',
     aSign	  = 's',
     oTextmodeShort= 't',
     oUser	  = 'u',
@@ -218,6 +219,7 @@ enum cmd_and_opt_values { aNull = 0,
     oComment,
     oDefaultComment,
     oThrowKeyid,
+    oNoThrowKeyid,
     oShowPhotos,
     oNoShowPhotos,
     oPhotoViewer,
@@ -247,6 +249,7 @@ enum cmd_and_opt_values { aNull = 0,
     oTempDir,
     oExecPath,
     oEncryptTo,
+    oHiddenEncryptTo,
     oNoEncryptTo,
     oLoggerFD,
 #ifdef __riscos__
@@ -372,6 +375,7 @@ static ARGPARSE_OPTS opts[] = {
     { oArmor, "armor",     0, N_("create ascii armored output")},
     { oArmor, "armour",     0, "@" },
     { oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")},
+    { oHiddenRecipient, "hidden-recipient", 2, "@" },
     { oRecipient, "remote-user", 2, "@"},  /* old option name */
     { oDefRecipient, "default-recipient" ,2,
 				  N_("|NAME|use NAME as default recipient")},
@@ -381,6 +385,7 @@ static ARGPARSE_OPTS opts[] = {
     { oTempDir, "temp-directory", 2, "@" },
     { oExecPath, "exec-path", 2, "@" },
     { oEncryptTo, "encrypt-to", 2, "@" },
+    { oHiddenEncryptTo, "hidden-encrypt-to", 2, "@" },
     { oNoEncryptTo, "no-encrypt-to", 0, "@" },
     { oUser, "local-user",2, N_("use this user-id to sign or decrypt")},
     { oCompress, NULL,	      1, N_("|N|set compress level N (0 disables)") },
@@ -460,6 +465,7 @@ static ARGPARSE_OPTS opts[] = {
     { oCertDigestAlgo, "cert-digest-algo", 2 , "@" },
     { oCompressAlgo, "compress-algo", 1 , N_("|N|use compress algorithm N")},
     { oThrowKeyid, "throw-keyid", 0, N_("throw keyid field of encrypted packets")},
+    { oNoThrowKeyid, "no-throw-keyid", 0, "@" },
     { oShowPhotos,   "show-photos", 0, N_("Show Photo IDs")},
     { oNoShowPhotos, "no-show-photos", 0, N_("Don't show Photo IDs")},
     { oPhotoViewer,  "photo-viewer", 2, N_("Set command line to view Photo IDs")},
@@ -1515,6 +1521,7 @@ main( int argc, char **argv )
 	  case oComment: opt.comment_string = pargs.r.ret_str; break;
 	  case oDefaultComment: opt.comment_string = NULL; break;
 	  case oThrowKeyid: opt.throw_keyid = 1; break;
+	  case oNoThrowKeyid: opt.throw_keyid = 0; break;
 	  case oShowPhotos: opt.show_photos = 1; break;
 	  case oNoShowPhotos: opt.show_photos = 0; break;
 	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
@@ -1535,10 +1542,19 @@ main( int argc, char **argv )
 	    sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
 	    sl->flags = 1;
 	    break;
+	  case oHiddenEncryptTo: /* store the recipient in the second list */
+	    sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
+	    sl->flags = 1|2;
+	    break;
 	  case oRecipient: /* store the recipient */
 	    add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
             any_explicit_recipient = 1;
 	    break;
+	  case oHiddenRecipient: /* store the recipient with a flag */
+	    sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
+	    sl->flags = 2;
+            any_explicit_recipient = 1;
+	    break;
 	  case oTextmodeShort: opt.textmode = 2; break;
 	  case oTextmode: opt.textmode=1;  break;
 	  case oExpert: opt.expert = 1; break;
diff --git a/g10/keydb.h b/g10/keydb.h
index ea9e48e6d..0204bd35c 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -89,7 +89,7 @@ typedef struct pk_list *PK_LIST;
 struct pk_list {
     PK_LIST next;
     PKT_public_key *pk;
-    int mark;
+    int flags; /* flag bit 1==throw_keyid */
 };
 
 /* structure to hold a couple of secret key certificates */
@@ -97,7 +97,7 @@ typedef struct sk_list *SK_LIST;
 struct sk_list {
     SK_LIST next;
     PKT_secret_key *sk;
-    int mark;
+    int mark; /* not used */
 };
 
 /* structure to collect all information which can be used to
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 59d67e32d..b80e69148 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -304,7 +304,7 @@ parse_keyrec(char *keystring)
 {
   static struct keyrec *work=NULL;
   struct keyrec *ret=NULL;
-  char *record,*tok;
+  char *record;
   int i;
 
   if(keystring==NULL)
@@ -342,6 +342,8 @@ parse_keyrec(char *keystring)
 
   if(ascii_strcasecmp("pub",record)==0)
     {
+      char *tok;
+
       if(work->desc.mode)
 	{
 	  ret=work;
@@ -415,7 +417,6 @@ parse_keyrec(char *keystring)
   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
     {
       char *userid,*tok,*decoded;
-      int i=0;
 
       if((tok=strsep(&keystring,":"))==NULL)
 	return ret;
@@ -428,6 +429,8 @@ parse_keyrec(char *keystring)
       /* By definition, de-%-encoding is always smaller than the
          original string so we can decode in place. */
 
+      i=0;
+
       while(*tok)
 	if(tok[0]=='%' && tok[1] && tok[2])
 	  {
diff --git a/g10/pkclist.c b/g10/pkclist.c
index e54d4d535..780dde01a 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -808,7 +808,21 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
      * list of the encrypt-to ones (we always trust them) */
     for( rov = remusr; rov; rov = rov->next ) {
 	if( !(rov->flags & 1) )
+	  {
 	    any_recipients = 1;
+
+	    if((rov->flags&2) && (opt.pgp2 || opt.pgp6 || opt.pgp7))
+	      {
+		log_info(_("you may not use %s while in %s mode\n"),
+			 "--hidden-recipient",
+			 opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":"--pgp7");
+
+		log_info(_("this message may not be usable by %s\n"),
+			 opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":"PGP 7.x");
+
+		opt.pgp2=opt.pgp6=opt.pgp7=0;
+	      }
+	  }
 	else if( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) {
 	    pk = m_alloc_clear( sizeof *pk );
 	    pk->req_usage = use;
@@ -832,8 +846,20 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 		    r = m_alloc( sizeof *r );
 		    r->pk = pk; pk = NULL;
 		    r->next = pk_list;
-		    r->mark = 0;
+		    r->flags = (rov->flags&2)?1:0;
 		    pk_list = r;
+
+		    if(r->flags&1 && (opt.pgp2 || opt.pgp6 || opt.pgp7))
+		      {
+			log_info(_("you may not use %s while in %s mode\n"),
+				 "--hidden-encrypt-to",
+				 opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":"--pgp7");
+
+			log_info(_("this message may not be usable by %s\n"),
+			      opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":"PGP 7.x");
+
+			opt.pgp2=opt.pgp6=opt.pgp7=0;
+		      }
 		}
 	    }
 	    else {
@@ -896,7 +922,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 			PK_LIST r = m_alloc( sizeof *r );
 			r->pk = pk; pk = NULL;
 			r->next = pk_list;
-			r->mark = 0;
+			r->flags = 0; /* no throwing default ids */
 			pk_list = r;
 		    }
 		    any_recipients = 1;
@@ -936,7 +962,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 			    r = m_alloc( sizeof *r );
 			    r->pk = pk; pk = NULL;
 			    r->next = pk_list;
-			    r->mark = 0;
+			    r->flags = 0; /* no throwing interactive ids */
 			    pk_list = r;
 			}
 			any_recipients = 1;
@@ -970,7 +996,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 	    PK_LIST r = m_alloc( sizeof *r );
 	    r->pk = pk; pk = NULL;
 	    r->next = pk_list;
-	    r->mark = 0;
+	    r->flags = 0; /* no throwing default ids */
 	    pk_list = r;
 	  }
 	}
@@ -1030,7 +1056,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 			r = m_alloc( sizeof *r );
 			r->pk = pk; pk = NULL;
 			r->next = pk_list;
-			r->mark = 0;
+			r->flags = (remusr->flags&2)?1:0;
 			pk_list = r;
 		    }
 		}
@@ -1266,7 +1292,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint)
 	 * algorithm 1 is also available (the ordering is not relevant
 	 * in this case). */
 	if( bits[0] & (1<<1) )
-	    i = 1;  /* yep; we can use compression algo 1 */
+	    i = 1; /* yep; we can use compression algo 1 */
     }
 
     /* "If you are building an authentication system, the recipient
@@ -1274,7 +1300,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint)
        would be foolish to use a weak algorithm simply because the
        recipient requests it." RFC2440:13.  If we settle on MD5, and
        SHA1 is also available, use SHA1 instead.  Of course, if the
-       user intentinally chose MD5 (by putting it in their personal
+       user intentionally chose MD5 (by putting it in their personal
        prefs), then we should do what they say. */
 
     if(preftype==PREFTYPE_HASH &&