aboutsummaryrefslogtreecommitdiffstats
path: root/doc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg: drop import-clean from default keyserver import optionsDaniel Kahn Gillmor2019-07-201-1/+1
| | | | | | | | | | | | | | | | | * g10/gpg.c (main): drop IMPORT_CLEAN from the default opt.keyserver_options.import_options * doc/gpg.texi: reflect this change in the documentation Given that SELF_SIGS_ONLY is already set, it's not clear what additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN means that receiving an OpenPGP certificate from a keyserver will potentially delete data that is otherwise held in the local keyring, which is surprising to users who expect retrieval from the keyservers to be purely additive. GnuPG-Bug-Id: 4628 Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gbp-Pq: Name gpg-drop-import-clean-from-default-keyserver-import-optio.patch
* fix spellingDaniel Kahn Gillmor2019-07-201-3/+3
| | | Gbp-Pq: Name fix-spelling.patch
* Use hkps://keys.openpgp.org as the default keyserverDaniel Kahn Gillmor2019-07-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As of 2.2.17, GnuPG will refuse to accept any third-party certifications from OpenPGP certificates pulled from the keyserver network. The SKS keyserver network currently has at least a dozen popular certificates which are flooded with enough unusable third-party certifications that they cannot be retrieved in any reasonable amount of time. The hkps://keys.openpgp.org keyserver installation offers HKPS, performs cryptographic validation, and by policy does not distribute third-party certifications anyway. It is not distributed or federated yet, unfortunately, but it is functional, which is more than can be said for the dying SKS pool. And given that GnuPG is going to reject all the third-party certifications anyway, there is no clear "web of trust" rationale for relying on the SKS pool. One sticking point is that keys.openpgp.org does not distribute user IDs unless the user has proven control of the associated e-mail address. This means that on standard upstream GnuPG, retrieving revocations or subkey updates of those certificates will fail, because upstream GnuPG ignores any incoming certificate without a user ID, even if it knows a user ID in the local copy of the certificate (see https://dev.gnupg.org/T4393). However, we have three patches in debian/patches/import-merge-without-userid/ that together fix that bug. Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gbp-Pq: Name Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
* gpg: default to 3072-bit RSA keys.Daniel Kahn Gillmor2019-07-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | * agent/command.c (hlp_genkey): update help text to suggest the use of 3072 bits. * doc/wks.texi: Make example match default generation. * g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment, (gen_rsa, get_keysize_range): update default from 2048 to 3072). * g10/keyid.c (pubkey_string): update comment so that first example is the default 3072-bit RSA. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. Signed-off-by: Daniel Kahn Gillmor <[email protected]> (cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c) Gbp-Pq: Topic from-master Gbp-Pq: Name gpg-default-to-3072-bit-RSA-keys.patch
* dirmngr: Avoid automatically checking upstream swdb.Daniel Kahn Gillmor2019-07-201-3/+4
| | | | | | | | | | | | * dirmngr/dirmngr.c (housekeeping_thread): Avoid automatically checking upstream's software database. In Debian, software updates should be handled by the distro mechanism, and additional upstream checks only confuse the user. * doc/dirmngr.texi: document that --allow-version-check does nothing. Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gbp-Pq: Topic dirmngr-idling Gbp-Pq: Name dirmngr-Avoid-automatically-checking-upstream-swdb.patch
* gpg: With --auto-key-retrieve prefer WKD over keyservers.Werner Koch2019-07-051-4/+20
| | | | | | | | | | | | | | | * g10/mainproc.c (check_sig_and_print): Print a hint on how to make use of the preferred keyserver. Remove keyserver lookup just by the keyid. Try a WKD lookup before a keyserver lookup. -- The use of the the keyid for lookups does not make much sense anymore since for quite some time we do have the fingerprint as part of the signature. GnuPG-bug-id: 4595 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9)
* gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.Werner Koch2019-07-041-0/+5
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): Change default. -- Due to the DoS attack on the keyeservers we do not anymore default to import key signatures. That makes the keyserver unsuable for getting keys for the WoT but it still allows to retriev keys - even if that takes long to download the large keyblocks. To revert to the old behavior add keyserver-optiions no-self-sigs-only,no-import-clean to gpg.conf. GnuPG-bug-id: 4607 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 23c978640812d123eaffd4108744bdfcf48f7c93)
* gpg: New command --locate-external-key.Werner Koch2019-07-041-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d00c8024e58822e0623b3fad99248ce68a8b7725)
* Mention --sender in documentationPeter Lebbing2019-07-031-5/+5
|
* gpg: New import and keyserver option "self-sigs-only"Werner Koch2019-07-011-0/+8
| | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_SELF_SIGS_ONLY): New. * g10/import.c (parse_import_options): Add option "self-sigs-only". (read_block): Handle that option. -- This option is intended to help against importing keys with many bogus key-signatures. It has obvious drawbacks and is not a bullet-proof solution because a self-signature can also be faked and would be detected only later. GnuPG-bug-id: 4591 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0)
* doc/wks.texi: fix typoDaniel Kahn Gillmor2019-05-291-1/+1
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Allow deletion of subkeys with --delete-[secret-]key.Werner Koch2019-05-271-2/+8
| | | | | | | | | | * common/userids.c (classify_user_id): Do not set the EXACT flag in the default case. * g10/export.c (exact_subkey_match_p): Make static, * g10/delkey.c (do_delete_key): Implement subkey only deleting. -- GnuPG-bug-id: 4457
* gpg: Fix using --decrypt along with --use-embedded-filename.Werner Koch2019-05-171-1/+2
| | | | | | | | | | | | | | | | | * g10/options.h (opt): Add flags.dummy_outfile. * g10/decrypt.c (decrypt_message): Set this global flag instead of the fucntion local flag. * g10/plaintext.c (get_output_file): Ignore opt.output if that was used as a dummy option aslong with --use-embedded-filename. -- The problem here was that an explicit specified --decrypt, as meanwhile suggested, did not work with that dangerous --use-embedded-filename. In contrast it worked when gpg decrypted as a side-effect of parsing the data. GnuPG-bug-id: 4500 Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve the photo image viewer selection.Werner Koch2019-05-171-9/+14
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/exec.c (w32_system): Add "!ShellExecute" special. * g10/photoid.c (get_default_photo_command): Use the new ShellExecute under Windows and fallbac to 'display' and 'xdg-open' in the Unix case. (show_photos): Flush stdout so that the output is shown before the image pops up. -- For Unix this basically syncs the code with what we have in gpg 1.4. Note that xdg-open may not be used when running as root which we support here. For Windows we now use ShellExecute as this seems to be preferred over "cmd /c start"; however this does not solve the actual problem we had in the bug report. To solve that problem we resort to a wait parameter which defaults to 400ms. This works on my Windows-10 virtualized test box. If we can figure out which simple viewers are commonly installed on Windows we should enhance this patch to test for them. GnuPG-bug-id: 4334 Signed-off-by: Werner Koch <[email protected]>
* doc: Do not mention gpg's deprecated --keyserver option.Werner Koch2019-05-151-19/+15
| | | | | -- GnuPG-bug-id: 4466
* gpgconf: Support --homedir for --launch.Werner Koch2019-05-151-0/+2
| | | | | | | | | | | | * tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because gnupg_homedir already returns abd absolute name. (scdaemon_runtime_change): Ditto. (dirmngr_runtime_change): Ditto. (gc_component_launch): Support --homedir. -- GnuPG-bug-id: 4496 Signed-off-by: Werner Koch <[email protected]>
* doc: Minor edit for a gpg option.Werner Koch2019-05-141-2/+2
| | | | | -- GnuPG-bug-id: 4507
* doc: correct documentation for gpgconf --killDaniel Kahn Gillmor2019-05-101-5/+6
| | | | | | | * doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill. Signed-off-by: Daniel Kahn Gillmor <[email protected]> (cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)
* doc: Minor doc fix to dirmngr.Werner Koch2019-05-031-3/+1
| | | | | | -- Reported-by: dkg
* wkd: New command --print-wkd-url for gpg-wks-client.Werner Koch2019-03-251-2/+6
| | | | | | | | | * tools/gpg-wks-client.c (aPrintWKDURL): New. (opts): Add option. (main): Implement. * tools/wks-util.c (wks_cmd_print_wkd_url): New. Signed-off-by: Werner Koch <[email protected]>
* doc: Clarify option --no-keyring.Werner Koch2019-03-251-1/+2
| | | | | | | -- GnuPG-bug-id: 4424 Signed-off-by: Werner Koch <[email protected]>
* wkd: New command --print-wkd-hash for gpg-wks-client.Werner Koch2019-03-251-0/+4
| | | | | | | | | | | | | * tools/gpg-wks-client.c (aPrintWKDHash): New. (opts) : Add "--print-wkd-hash". (main): Implement that command. (proc_userid_from_stdin): New. * tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY. (wks_cmd_print_wkd_hash): New. -- GnuPG-bug-id: 4418 Signed-off-by: Werner Koch <[email protected]>
* doc: fix formatting errorDaniel Kahn Gillmor2019-03-221-1/+2
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpgtar: Make option -C work for archive creation.Werner Koch2019-03-071-4/+5
| | | | | | | | | | | | * tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory. -- The -C option is pretty useful given that pattern are always relative to the current directory. In contrast to GNU tar, the switching is done only once. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit b3a7a5140784b5a015107b5c5c73b15ae44e71dc)
* gpgv: Improve documentation for keyring choicesDaniel Kahn Gillmor2019-03-071-7/+8
| | | | | | | | | | | | | * doc/gpgv.texi: Improve documentation for keyring choices -- From the existing documentation, it's not clear whether the default keyring will always be mixed into the set of keyrings, or whether it will be skipped if a --keyring is present. The updated text here attempts to describe the keyring selection logic more completely. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpgsm: default to 3072-bit keys.Daniel Kahn Gillmor2019-02-282-8/+8
| | | | | | | | | | | | | | | | | | | | * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update default to 3072 bits. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to 3072 bits. * sm/certreqgen.c (proc_parameters): update default to 3072 bits. * sm/gpgsm.c (main): print correct default_pubkey_algo. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gbp-Pq: Topic update-defaults Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch (cherry picked from commit 7955262151a5c755814dd23414e6804f79125355)
* scd: Allow standard keyref scheme for app-openpgp.Werner Koch2019-02-111-1/+1
| | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with "OPENPGP." -- The generic keyref allows for better error detection in case a keyref is send to a wrong card. This has been taken from master commit 3231ecdafd71ac47b734469b07170756979ede72 which has additional changed for gpg-card-tool, which is only available there. Signed-off-by: Werner Koch <[email protected]>
* gpg: Implement searching keys via keygrip.Werner Koch2019-01-291-4/+1
| | | | | | | | | | | | | | | | | | | | * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip. * kbx/keybox-openpgp.c (struct keyparm_s): New. (keygrip_from_keyparm): New. (parse_key): Compute keygrip. * kbx/keybox-search.c (blob_openpgp_has_grip): New. (has_keygrip): Call it. -- This has been marked for too long as not yet working. However, it is a pretty useful feature and will come pretty handy when looking for all keys matching one keygrip. Can be optimized a lot by storing the keygrip in the meta data. This will be done along with the upgrade of KBX for v5 fingerprints. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c128667b3cba749dd14262e032d4c260a2b0acd3)
* doc: Mark keyserver-options timeout and http-proxy as obsolete.Werner Koch2019-01-221-25/+5
| | | | | | -- (cherry picked from commit 6c000d4b78b836686e5a2789cc88a41e465e4400)
* agent: Make the S2K calibration time runtime configurable.Werner Koch2018-12-111-2/+9
| | | | | | | | | | | | | | | | | | | * agent/protect.c (s2k_calibration_time): New file global var. (calibrate_s2k_count): Use it here. (get_calibrated_s2k_count): Replace function static var by ... (s2k_calibrated_count): new file global var. (set_s2k_calibration_time): New function. * agent/gpg-agent.c (oS2KCalibration): New const. (opts): New option --s2k-calibration. (parse_rereadable_options): Parse that option. -- Note that using an unrelistic high value (like 60000) takes quite some time for calibration. GnuPG-bug-id: 3399 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit cbcc8c19541fe8407f3b6588fce1535c64cf6b25)
* gpg: New list-option "show-only-fpr-mbox".Werner Koch2018-12-051-0/+4
| | | | | | | | | | | | | | | | * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox". * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New. * g10/keylist.c (list_keyblock_simple): New. (list_keyblock): Call it. (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX mode. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49) * g10/keylist.c (list_keyblock_simple): Remove optional arg from mailbox_from_userid
* wks: Allow reading of --install-key arguments from stdin.Werner Koch2018-12-051-3/+8
| | | | | | | | | | * tools/wks-util.c (install_key_from_spec_file): New. (wks_cmd_install_key): Call it. * tools/gpg-wks-client.c (main): Allow --install-key w/o arguments. * tools/gpg-wks-server.c (main): Ditto. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)
* wks: Add new commands --install-key and --remove-key to the client.Werner Koch2018-12-051-0/+15
| | | | | | | | | | | | | | | * tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New. (opts): Add "--install-key", "--remove-key" and "-C". (parse_arguments): Parse them. (main): Check that the given directory exists. Implement the new commands. -- These commands maybe useful to prepare a WKD directory on a non-Unix box using the standard wks client. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 602b1909632925d5a2e0778c102d66109795c627)
* doc: Clarify use of clear and nodefault in the AKL.Werner Koch2018-11-211-1/+3
| | | | | | -- (cherry picked from commit e5c3a6999a374813134a9e68744444c25c3017f6)
* wks: New option --with-colons for gpg-wks-client.Werner Koch2018-11-051-1/+40
| | | | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (opt): Add field with_colons. * tools/gpg-wks-client.c (oWithColons): New const. (opts, parse_arguments): Add option --with-colons. (main): Change aSupported to take several domains in --with-colons mode. (command_send): Factor policy getting code out to ... (get_policy_and_sa): New function. (command_supported): Make use of new function. -- In addition to this the --create command now also supports a submission address only in the policy file. That means the submission-address file is not anymore required and can be replaced by the policy file. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e3a1e80d13487c9336640a99b2f6d385d7d6f55c)
* gpg: Don't take the a TOFU trust model from the trustdb,Werner Koch2018-11-051-1/+2
| | | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model. (create_version_record): Don't init as TOFU. (tdbio_db_matches_options): Don't indicate a change in case TOFU is stored in an old trustdb file. -- This change allows to switch between a tofu and pgp or tofu+pgp trust model without an auto rebuild of the trustdb. This also requires that the tofu trust model is requested on the command line. If TOFU will ever be the default we need to tweak the model detection via TM_AUTO by also looking into the TOFU data base, GnuPG-bug-id: 4134 (cherry picked from commit 150a33df41944d764621f037038683f3d605aa3f)
* wkd: Add option --directory to the server.Werner Koch2018-10-261-11/+18
| | | | | | | | | | | | | | * tools/gpg-wks-server.c (opts): Add '--directory', (main): Explain how to set correct permissions. (command_list_domains): Create an empty policy file and remove the warning for an empty policy file. -- Note that a policy file is meanwhile required and thus is is useful to create it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f248416bc9792e80bb0785302058131de49d7639)
* doc: Minor additions to the gpg man pageWerner Koch2018-08-291-4/+10
| | | | | | | | | | -- Includes a fix for GnuPG-bug-id: 3906 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 420dc2b49ad816bdd27b40db45d900551c71476f)
* doc: Show how to list envvars send to gpg-agent.Werner Koch2018-08-291-0/+9
| | | | | | | | -- GnuPG-bug: 3353 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 53bbac0865719076f7ad7bb57e13f656bd6edf39)
* gpg: New option --known-notation.Werner Koch2018-08-291-0/+7
| | | | | | | | | | | | | | | * g10/gpg.c (oKnownNotation): New const. (opts): Add option --known-notation. (main): Set option. * g10/parse-packet.c (known_notations_list): New local var. (register_known_notation): New. (can_handle_critical_notation): Rewrite to handle the new feature. Also print the name of unknown notations in verbose mode. -- GnuPG-bug-id: 4060 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3da835713fb6220112d988e1953f3d84beabbf6a)
* gpg: Print revocation reason for "rvs" records.Werner Koch2018-07-031-0/+9
| | | | | | | | | | | | | | | | | | | | | * g10/import.c (get_revocation_reason): New. (list_standalone_revocation): Extend function. -- Note that this function extends the "rvs" field signature-class (field 11) with the revocation reason. GPGME does not yet parse this but it can be expected that the comma delimiter does not break other parsers. A new field is added to the "rvs" (and in future also the "rev") record to carry a record specific comment. Hopefully all parsers meanwhile learned the lesson from other new fields and don't bail out on more fields than they know about. This is partial solution to GnuPG-bug-id: 1173 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit b7cd2c2093ae1b47645be50fa1d431a028187cad)
* gpg: Let --show-keys print revocation certificates.Werner Koch2018-07-031-6/+8
| | | | | | | | | | * g10/import.c (list_standalone_revocation): New. (import_revoke_cert): Call new function. -- GnuPG-bug-id: 4018 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 386b9c4f25b28fd769d7563f2d86ac3a19cc3011)
* gpg: Add new usage option for drop-subkey filters.Daniel Kahn Gillmor2018-06-121-0/+5
| | | | | | | | | | | | | | | * g10/import.c (impex_filter_getval): Add new "usage" property for drop-subkey filter. -- For example, this permits extraction of only encryption-capable subkeys like so: gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR GnuPG-Bug-id: 4019 Signed-off-by: Daniel Kahn Gillmor <[email protected]> (cherry picked from commit 2ddfb5bef920919443309ece9fa2930282bbce85)
* gpg: Set some list options with --show-keysWerner Koch2018-06-111-3/+5
| | | | | | | | | | | | | * g10/gpg.c (main): Set some list options. -- The new command --show-keys is commonly used to check the content of a file with keys. In this case it can be expected that all included subkeys and uids are of interested, even when they are already expired or have been revoked. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d2bc66f241a66cc95140cbb3a07555f6301290ed)
* doc: Typo fixesWerner Koch2018-06-063-4/+4
| | | | | | | | -- Reported-by: Claus Assmann <[email protected]> Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 70f26e4263364f4b521c7856c38ba7ee59e38445)
* gpg: New command --show-keys.Werner Koch2018-06-061-1/+10
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 257661d6ae0ca376df758c38fabab2316d10e3a9)
* gpg: Remove MDC optionsWerner Koch2018-05-311-12/+11
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc into NOPs. * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. * g10/cipher.c (write_header): Include extra hint and make translatable. * g10/options.h (struct opt): Remove fields force_mdc and disable_mdc. -- The MDC is now always used except with --rfc2440 which will lead to a a big fat warning. This is a stripped down version of commit 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be applied due to the AEAD mechanisms there. Signed-off-by: Werner Koch <[email protected]>
* gpg: Hard fail on a missing MDC even for legacy algorithms.Werner Koch2018-05-311-4/+5
| | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Require an MDC or AEAD * tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to allow testing with the current files. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f) Resolved Conflicts: g10/mainproc.c - Remove AEAD stuff.
* gpg: Turn --no-mdc-warn into a NOP.Werner Koch2018-05-311-4/+0
| | | | | | | | | | | | | | | | * g10/gpg.c (oNoMDCWarn): Remove. (opts): Make --no-mdc-warn a NOP. (main): Don't set var. * g10/options.h (struct opt): Remove 'no_mdc_var'. * g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false. * g10/mainproc.c (proc_encrypted): Ditto. -- Users should not be allowed to suppress the warning that they are shooting into their foot. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 96350c5d5afcbc7f66c535e38b9fcc7355622855)
* doc: Update description of displayed trust values.Ineiev2018-05-074-32/+65
| | | | | | | | | | | | | | * doc/trust-values.texi: New file. * doc/Makefile.am (EXTRA_DIST): Add trust-values.texi. * doc/gnupg.texi (Trust Values): New chapter. * doc/gpg.texi (OpenPGP Key Management): Update the description of how trust values are displayed, replace table with a reference to Trust Values. * doc/gpg.texi (GPG Examples): Add @mansect trust values. -- Signed-off-by: Ineiev <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 14:27:14 +0000