1 2004-08-31 Werner Koch <wk@g10code.de>
3 * openfile.c (copy_options_file): Use gpg-conf.skel. Better take
4 the length of SKELEXT into account, someone might make it larger.
5 * Makefile.am: Install options.skel as gpg-conf.skel.
7 2004-08-18 Marcus Brinkmann <marcus@g10code.de>
9 * passphrase.c (agent_get_passphrase): Fix detection of gpg-agent
12 2004-07-01 Werner Koch <wk@gnupg.org>
14 * card-util.c (change_login): Kludge to allow reading data from a
16 (card_edit): Pass ARG_STRING to change_login.
17 (card_status): Print CA fingerprints.
19 (card_edit): New command CAFPR.
21 * call-agent.h: Add members for CA fingerprints.
22 * call-agent.c (agent_release_card_info): Invalid them.
23 (learn_status_cb): Store them.
25 2004-04-30 Werner Koch <wk@gnupg.org>
27 * g10.c (main) <gpgconf>: Use gpg.conf and not /dev/null as
30 2004-04-28 Werner Koch <wk@gnupg.org>
32 * card-util.c (card_edit): Remove PIN verification.
33 (generate_card_keys): New arg SERIALNO. Do PIN verification here
34 after resetting forced_chv1.
36 2004-04-26 Werner Koch <wk@gnupg.org>
38 * card-util.c (change_name): Check that the NAME is not too long.
39 (change_url): Likewise.
40 (change_login): Likewise.
42 2004-03-23 Werner Koch <wk@gnupg.org>
44 * g10.c: New options --gpgconf-list, --debug-level and --log-file
45 (set_debug): Add arg DEBUG_LEVEL.
46 (main): Look at less and less version specific config files. From
49 2004-02-17 Werner Koch <wk@gnupg.org>
51 * call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO.
52 * passphrase.c (agent_open): Ditto.
54 2004-02-12 Werner Koch <wk@gnupg.org>
56 * gpgv.c: Removed g10defs.h.
58 * Makefile.am: Include cmacros.am for common flags.
60 2004-02-11 Werner Koch <wk@gnupg.org>
62 * openfile.c (try_make_homedir): Use GNUPG_DEFAULT_HOMEDIR.
63 * gpgv.c (main): Ditto.
64 * g10.c (main): Ditto.
66 2004-01-19 Moritz Schulte <mo@g10code.com>
68 * keygen.c (do_generate_keypair): Print member fname, instead of
70 (do_generate_keypair): Don't try to execute certain pieces of code
71 in case an error occured.
72 (gen_card_key): Don't print out a message, which is already
73 printed by do_generate_keypair().
75 2004-01-18 Moritz Schulte <mo@g10code.com>
77 * keygen.c (do_generate_keypair): Print member fname, instead of
80 2003-12-17 Werner Koch <wk@gnupg.org>
82 * card-util.c (print_name): Fixed bad format string usage.
83 (print_isoname): Ditto.
85 * trustdb.c (check_regexp): s/exp/expr/.
87 * keyedit.c (trustsig_prompt): Removed a "> 255" term; it is
88 always false due to the data type.
90 * passphrase.c (agent_get_passphrase): Use xasprintf and avoid
91 non-literal format strings.
93 * tdbio.c (upd_hashtable, drop_from_hashtable, lookup_hashtable):
94 Fixed log_error format string bugs. Kudos to the now working
95 gcc-3.3 -Wformat-nonliteral and Florian Weimer's investigations in
98 2003-12-15 Werner Koch <wk@gnupg.org>
100 * seckey-cert.c (protect_secret_key): Use gry_create_nonce for the
101 IV; there is not need for real strong random here and it even
102 better protect the random bits used for the key.
104 2003-11-16 Moritz Schulte <mo@g10code.com>
106 * signal.c: Removed unused file.
108 2003-11-10 Moritz Schulte <mo@g10code.com>
110 * Makefile.am (INCLUDES): Added: @LIBGCRYPT_CFLAGS@.
112 2003-10-25 Werner Koch <wk@gnupg.org>
114 * call-agent.c (learn_status_cb, scd_genkey_cb): Fixed faulty use
117 2003-10-20 Werner Koch <wk@gnupg.org>
119 * card-util.c (card_edit): New command "passwd". Add logic to
120 check the PIN in advance.
121 (card_status): Add new args to return the serial number. Changed
123 * call-agent.c (agent_scd_checkpin): New.
125 2003-10-08 Werner Koch <wk@gnupg.org>
127 * call-agent.c (agent_scd_getattr): Don't clear the passed info
128 structure, so that it can indeed be updated.
130 * card-util.c (fpr_is_zero): New.
131 (generate_card_keys): New.
132 (card_edit): New command "generate".
133 * keygen.c (generate_keypair): New arg CARD_SERIALNO, removed call
135 (check_smartcard,show_smartcard): Removed.
136 (show_sha1_fpr,fpr_is_zero): Removed.
138 2003-10-01 Werner Koch <wk@gnupg.org>
140 * card-util.c: Tweaked to use this source also under 1.3.
142 2003-09-30 Werner Koch <wk@gnupg.org>
144 * keylist.c (print_card_serialno): New.
145 (list_keyblock_print): Use it here.
147 * card-util.c (toggle_forcesig): New.
148 (card_edit): New command "forcesig".
150 * card-util.c (print_name, print_isoname): Use 0 and not LF fro
151 the max_n arg of tty_print_utf8_string2.
153 * call-agent.c (agent_scd_getattr): New.
154 (learn_status_cb): Release values before assignment so that it can
155 be used by getattr to update the structure.
157 * card-util.c (change_pin): Simplified. We now have only a PIN
160 2003-09-27 Werner Koch <wk@gnupg.org>
162 * sign.c (do_sign): Removed disabled testcode.
164 2003-09-26 Timo Schulz <twoaday@freakmail.de>
166 * card_status (card_status): Do not use fputs since the fp
167 parameter can be NULL. This fixes a segv.
169 2003-09-24 Werner Koch <wk@gnupg.org>
171 * card-util.c (print_isoname,card_status): Handle opt.with_colons.
172 (print_sha1_fpr_colon): New.
174 2003-09-23 Werner Koch <wk@gnupg.org>
176 Merged most of David Shaw's changes in 1.3 since 2003-06-03.
178 * Makefile.am: Include W32LIBS where appropriate.
180 * armor.c (parse_hash_header,armor_filter): Drop TIGER/192 support.
181 * g10.c (print_hex,print_mds): Ditto.
182 * pkclist.c (algo_available): Ditto.
184 * armor.c (armor_filter): Allow using --comment multiple times to
185 get multiple Comment header lines. --no-comments resets list.
186 * options.h, g10.c (main): Ditto. Deprecate --default-comment in
187 favor of --no-comments.
189 * g10.c (main): Trim --help to commonly used options. Remove -f.
191 * g10.c (main): Add --multifile as an alias to turn --encrypt into
192 --encrypt-files (plus --verify-files, --decrypt-files). Error out
193 if --multifile is used with the commands that don't support it yet.
195 * encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440
196 directly to check for MDC usability. Do not set the force_mdc or
197 disable_mdc flags since there is no point any longer.
199 * g10.c (main): Use "keyserver-url" instead of
200 "preferred-keyserver" for the sake of short and simple commands.
201 (add_keyserver_url): Clarify a few strings. It's a
202 "preferred keyserver URL".
203 * keyedit.c (keyedit_menu): Ditto.
204 * sign.c (mk_notation_policy_etc): Ditto.
206 * main.h, keygen.c (keygen_add_keyserver_url): Signature callback
207 for adding a keyserver URL.
208 * keyedit.c (keyedit_menu, menu_set_keyserver_url): New command to
209 set preferred keyserver to specified (or all) user IDs.
210 * build-packet.c (build_sig_subpkt): Set preferred keyserver flag
211 while building a preferred keyserver subpacket.
213 * keylist.c (show_policy_url, show_keyserver_url): URLs might be
216 * keyedit.c (menu_addrevoker): Fix leaking a few bytes.
218 * keyedit.c (show_key_with_all_names): Use list-option
219 show-long-keyid in main --edit-key display.
221 * keyedit.c (print_and_check_one_sig): Use list-option
222 show-long-keyid in --edit-key "check" function.
224 * passphrase.c (agent_send_all_options): Make use of $GPG_TTY.
226 * g10.c (main): Disable use-agent if passphrase-fd is given
227 later. Suggested by Kurt Garloff.
229 * exec.c, g10.c, gpgv.c, passphrase.c, photoid.c:
230 s/__MINGW32__/_WIN32/ to help building on native Windows
231 compilers. Requested by Brian Gladman. From Werner on stable
234 * options.h, g10.c (main): Add list-option
235 list-preferred-keyserver.
237 * keyedit.c (change_passphrase): When responding 'no' to the blank
238 passphrase question, re-prompt for a new passphrase. This is bug
241 * mainproc.c (check_sig_and_print): Use two different preferred
242 keyserver displays - one if the key is not present (to tell the
243 user where to get the key), the other if it is present (to tell
244 the user where the key can be refreshed).
246 * packet.h, parse-packet.c (parse_signature): Set flag if a
247 preferred keyserver is present.
249 * keylist.c (list_keyblock_print): Show keyserver url in listings
250 with list-option show-keyserver-url.
252 * mainproc.c (check_sig_and_print): Get the uid validity before
253 printing any sig results to avoid munging the output with trustdb
256 * g10.c (main): Don't include --show-keyring in --help as it is
259 * options.skel: Note that keyserver.pgp.com isn't synchronized,
260 and explain the roundrobin a bit better.
262 * sig-check.c (check_key_signature2), import.c (import_one,
263 import_revoke_cert, chk_self_sigs, delete_inv_parts,
264 collapse_uids, merge_blocks): Make much quieter during import of
265 slightly munged, but recoverable, keys. Use log_error for
266 unrecoverable import failures.
268 * keyring.c (keyring_rebuild_cache): Comment.
270 * sign.c (mk_notation_and_policy): Making a v3 signature with
271 notations or policy urls is an error, not an info (i.e. increment
272 the errorcount). Don't print the notation or policy url to stdout
273 since it can be mixed into the output stream when piping and munge
276 * packet.h, sig-check.c (signature_check2, do_check,
277 do_check_messages): Provide a signing-key-is-revoked flag. Change
280 * status.h, status.c (get_status_string): New REVKEYSIG status tag
281 for a good signature from a revoked key.
283 * mainproc.c (do_check_sig, check_sig_and_print): Use it here.
285 * import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare
286 actual signatures on import rather than using keyid or class
287 matching. This does not change actual behavior with a key, but
288 does mean that all sigs are imported whether they will be used or
291 * parse-packet.c (parse_signature): Don't give "signature packet
292 without xxxx" warnings for experimental pk algorithms. An
293 experimental algorithm may not have a notion of (for example) a
294 keyid (i.e. PGP's x.509 stuff).
296 * options.h, g10.c (main), keylist.c (list_keyblock_print),
297 keyedit.c (print_and_check_one_sig): New "show-sig-expire"
298 list-option to show signature expiration dates (if any).
300 * options.h, g10.c (main, add_keyserver_url): Add
301 --sig-preferred-keyserver to implant a "where to get my key"
302 subpacket into a signature.
304 * sign.c (mk_notation_and_policy): Rename to
305 mk_notation_policy_etc and add preferred keyserver support for
308 * keygen.c (do_add_key_flags): Don't set the certify flag for
310 (ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal
312 (generate_keypair): Provide key flags for the default DSA/Elgamal
315 * sig-check.c (signature_check, signature_check2,
316 check_key_signature, check_key_signature2): Allow passing NULLs
317 for unused parameters in the x2 form of each function to avoid the
318 need for dummy variables. getkey.c, mainproc.c: Change all
321 * trustdb.h, trustdb.c (read_trust_options): New. Returns items
322 from the trustdb version record.
323 * keylist.c (public_key_list): Use it here for the new "tru"
325 * gpgv.c (read_trust_options): Stub.
327 * keyedit.c (show_key_with_all_names): Use list-option
328 show-validity in --edit-key interface as well.
330 * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
331 verify-options "show-validity" and "show-long-keyid" to show
332 trustdb validity and long keyids during (file) signature
335 * packet.h, main.h, sig-check.c (signature_check2)
336 (check_key_signature2, do_check): If ret_pk is set, fill in the pk
337 used to verify the signature. Change all callers in getkey.c,
338 mainproc.c, and sig-check.c.
340 * keylist.c (list_keyblock_colon): Use the ret_pk from above to
341 put the fingerprint of the signing key in "sig" records during a
342 --with-colons --check-sigs. This requires --no-sig-cache as well
343 since we don't cache fingerprints.
345 * parse-packet.c (parse_signature): No need to reserve 8 bytes for
346 the unhashed signature cache any longer.
348 * misc.c (pct_expando): Add two new expandos - signer's
349 fingerprint (%g), and signer's primary fingerprint (%p).
351 * g10.c (main): Add --rfc2440 alias for --openpgp since in a few
352 months, they won't be the same thing.
354 * keyserver.c (parse_keyserver_uri): Accept "http" as an alias for
355 "hkp", since it is occasionally written that way.
356 (keyserver_spawn): Use ascii_isspace to avoid locale issues.
358 * keygen.c (ask_user_id): Make --allow-freeform-uid apply to the
359 email field as well as the name field, and allow mixing fields
362 * trustdb.c (validate_one_keyblock): Certifications on revoked or
363 expired uids do not count in the web of trust.
365 * signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
366 sigprocmask() if we have sigset_t, and only use sigaction() if we
367 have struct sigaction. This is for Forte c89 on Solaris which
368 seems to define only the function call half of the two pairs by
370 (pause_on_sigusr): Typo.
371 (do_block): If we can't use sigprocmask() and sigset_t, try to get
372 the number of signals from NSIG as well as MAXSIG, and if we
373 can't, fail with an explanation.
375 * signal.c, tdbio.c: Comment out the transaction code. It was not
376 used in this version, and was causing some build problems on
377 quasi-posix platforms (Solaris and Forte c89).
379 * keylist.c (list_keyblock_colon): Don't include validity values
380 when listing secret keys since they can be incorrect and/or
381 misleading. This is a temporary kludge, and will be handled
384 * mainproc.c (check_sig_and_print): Only show the "key available
385 from" preferred keyserver line if the key is not currently
388 * keyedit.c (sign_uids): Do not sign expired uids without --expert
389 (same behavior as revoked uids). Do not allow signing a user ID
390 without a self-signature. --expert overrides. Add additional
391 prompt to the signature level question.
392 (menu_expire): When changing expiration dates, don't replace
393 selfsigs on revoked uids since this would effectively unrevoke
394 them. There is also no point in replacing expired selfsigs. This
397 * g10.c (add_notation_data): Make sure that only ascii is passed
398 to iscntrl. Noted by Christian Biere.
399 * getkey.c (classify_user_id2): Replaced isspace by spacep
400 * keygen.c (ask_user_id): Ditto.
401 (get_parameter_algo): Ditto.
402 * keyedit.c (keyedit_menu): Ditto.
403 * tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/.
404 * revoke.c (ask_revocation_reason):
405 * keyserver.c (keyserver_spawn): Dito.
407 * parse-packet.c (parse): Disallow old style partial length for
408 all key material packets to avoid possible corruption of keyrings.
410 * import.c (import_keys_internal): Invalidate the cache so that
411 the file descriptor gets closed. Fixes bug reported by Juan
414 * options.h, g10.c (main), main.h, keylist.c (show_keyserver_url),
415 mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt,
416 parse_one_sig_subpkt, can_handle_critical): Add read-only support
417 for preferred keyserver subpackets. They're basically policy URLs
418 with a different name. Add a verify-option
419 "show-preferred-keyserver" to turn them on and off (on by default,
420 as per stable branch).
422 * g10.c (main): Add "--set-notation" as alias to "--notation-data"
423 this is to make things consistent with --set-policy-url meaning
426 * options.h, g10.c (main), keylist.c (list_keyblock_print): Add
427 "show-validity" and "show-long-keyid" list-options.
429 * gpgv.c (get_validity, trust_value_to_string): Stubs.
431 * g10.c (main): Use SAFE_VERSION instead of VERSION in the
432 version-specific gpg.conf file so it can be overridden on RISCOS.
434 * keyedit.c (show_key_with_all_names): Fix assertion failure when
435 using toggle to see a secret key. Reported by Maxim Britov.
438 2003-09-22 Timo Schulz <twoaday@freakmail.de>
440 * card-util.c (card_status): Free pk in case of an error
441 and return if the card is no OpenPGP card.
443 2003-09-18 Werner Koch <wk@gnupg.org>
445 * g10.c: New command --card-edit.
446 * card-util.c (card_status): Use tty_fprintf for all output.
447 (print_sha1_fpr, print_isoname): Ditto.
448 (get_one_name,change_name, change_url, change_login,change_lang)
449 (change_sex): New; taken from keygen.c.
450 * keygen.c (smartcard_get_one_name, smartcard_change_name)
451 (smartcard_change_url, smartcard_change_login_data)
452 (smartcard_change_lang, smartcard_change_sex): Removed.
453 (check_smartcard): Removed most menu items.
455 2003-09-06 Werner Koch <wk@gnupg.org>
457 * misc.c (openpgp_pk_algo_usage): Allow AUTH where SIGN is allowed.
459 * keygen.c (ask_passphrase): No need to allocated S2K in secure
462 2003-09-04 Werner Koch <wk@gnupg.org>
464 * keygen.c (do_add_key_flags, parse_parameter_usage)
465 (do_generate_keypair): Add support the proposed AUTH key flag.
466 * getkey.c (fixup_uidnode, merge_selfsigs_main)
467 (merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
468 * keylist.c (print_capabilities): Ditto.
470 2003-08-25 Timo Schulz <twoaday@freakmail.de>
472 * pkglue.c (mpi_from_sexp): New. Used to factor out
475 2003-08-24 Werner Koch <wk@gnupg.org>
477 * keygen.c (do_generate_keypair): Print a reminder to use --gen-revoke.
479 2003-08-18 Timo Schulz <twoaday@freakmail.de>
481 * encode.c (encode_sesskey): Checked the code and removed
482 the warning since all compatibility checks with PGP succeeded.
483 * mainproc.c (symkey_decrypt_sesskey): Better check for the
484 algorithm and check the return values of some functions.
485 * mdc.c (use_mdc): Simplified.
487 2003-08-07 Werner Koch <wk@gnupg.org>
489 * pkglue.c (pk_sign): Fix last change.
490 (pk_verify): Check for valid DATA array so that we don't segv in
494 2003-08-06 Werner Koch <wk@gnupg.org>
496 * pkglue.c (pk_sign): Allow signing using RSA.
498 2003-08-05 Werner Koch <wk@gnupg.org>
500 * Makefile.am (install-data-local): Dropped check for the ancient
502 (bin_PROGRAMS): Renamed gpg to gpg2 and gpgv to gpgv2. This is so
503 that it won't conflict with the current stable version of gpg.
505 * pkglue.c (pk_check_secret_key): New.
506 * seckey-cert.c (do_check): Reenable this test here again.
508 * g10.c (main): Add command -K as an alias for
509 --list-secret-keys. Command "-k" is now an alias to --list-keys.
510 Remove special treatment of -kv and -kvv.
512 (main): Strip a "-cvs" suffix when testing for a version specific
515 * status.h, status.c, g10.c [USE_SHM_COPROCESSING]: Removed. This
516 is not any longer available.
518 2003-07-29 Werner Koch <wk@gnupg.org>
520 * g10.c (main): Add secmem features and set the random seed file.
521 (g10_exit): Update the random seed file.
523 * parse-packet.c (parse_signature,read_protected_v3_mpi)
524 (parse_key): Fixed use of mpi_set_opaque.
525 * keygen.c (gen_card_key): Ditto.
527 2003-07-28 Werner Koch <wk@gnupg.org>
529 * status.c (progress_cb): Adjusted for use with Libcgrypt.
530 (set_status_fd): Register that callback.
532 * keygen.c (smartcard_change_login_data): New.
533 (smartcard_change_lang): New.
534 (smartcard_change_sex): New.
535 (check_smartcard): Add menu entries to edit the above.
536 (gen_elg,gen_dsa,gen_rsa): Reimplemented in terms of Libgcrypt.
537 (genhelp_protect, genhelp_factors, key_from_sexp): New.
538 * comment.c (make_comment_node_from_buffer): New.
539 (make_comment_node): Reimplemented in terms of above.
541 2003-07-27 Werner Koch <wk@gnupg.org>
543 Adjusted for gcry_mpi_print and gcry_mpi_scan API change.
545 2003-07-24 Werner Koch <wk@gnupg.org>
547 * g10.c: New command --card-status.
548 * card-util.c (card_status): New.
549 * call-agent.c (learn_status_cb): Parse more information.
551 * keylist.c (print_pubkey_info): Add FP arg for optional printing
552 to a stream. Changed all callers.
554 2003-07-23 Werner Koch <wk@gnupg.org>
556 * keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards.
557 (do_generate_keypair): Abd generate the authkey.
558 (check_smartcard): Changed menu accordingly.
560 2003-07-22 Werner Koch <wk@gnupg.org>
562 * g10.c: New command --change-pin.
564 * call-agent.c (agent_scd_change_pin): New.
565 (agent_release_card_info): New.
566 * keygen.c (check_smartcard): Use it here.
568 2003-07-16 Werner Koch <wk@gnupg.org>
570 * export.c (parse_export_options): New option sexp-format.
571 (export_seckeys,export_secsubkeys): Check sexp-format option.
572 (do_export): Ignore armor for sexp format.
573 (do_export_stream): Handle sexp-format.
574 (write_sexp_line,write_sexp_keyparm, build_sexp_seckey): New.
577 2003-07-03 Werner Koch <wk@gnupg.org>
579 * options.h (DBG_CIPHER): Reintroduced it.
580 * seskey.c (encode_session_key): Debug output of the session key.
582 * pubkey-enc.c (get_it): Handle card case.
583 * call-agent.c (agent_scd_pkdecrypt): New.
584 * pkglue.c (pk_encrypt): Add RSA support.
586 * g10.c (main): Default to --use-agent.
588 * keygen.c (show_smartcard): Print info about the public key.
589 (check_smartcard): Check for existing key here.
590 (gen_card_key): And not anymore here.
592 (generate_keypair): Generate both keys for a card.
593 (smartcard_change_url): Nw.
595 2003-07-02 Werner Koch <wk@gnupg.org>
597 * seckey-cert.c (is_secret_key_protected): Let it handle mode 1002.
599 2003-07-01 Werner Koch <wk@gnupg.org>
601 * keygen.c (gen_card_key): Obviously we should use the creation
602 date received from SCDAEMON, so that the fingerprints will match.
603 * sign.c (do_sign): Pass the serialno to the sign code.
604 * keyid.c (serialno_and_fpr_from_sk): New.
606 2003-06-30 Werner Koch <wk@gnupg.org>
608 * call-agent.h (agent_card_info_s): Add field serialno.
609 * call-agent.c (store_serialno): New.
610 (learn_status_cb): Store the serial number.
611 * keygen.c (gen_card_key): Store the serial number
612 (check_smartcard): New argument to return the serial number.
613 (generate_keypair): Get the serial number from check_smartcard and
614 store it as a parameter.
615 * parse-packet.c (parse_key): Use the protect.iv field to store the
617 * build-packet.c (do_secret_key): Write the serial number.
619 2003-06-27 Werner Koch <wk@gnupg.org>
621 * seckey-cert.c (check_secret_key): Bypass the unprotection for
623 * sign.c (do_sign): Handle card case (i.e. mode 1002).
625 2003-06-26 Werner Koch <wk@gnupg.org>
627 * build-packet.c (do_secret_key): Implement special protection
629 * parse-packet.c (parse_key): Likewise.
631 * keygen.c (smartcard_gen_key): New.
632 * call-agent.c (agent_scd_setattr): New.
634 2003-06-24 Werner Koch <wk@gnupg.org>
636 * Makefile.am: Removed signal.c
638 * g10.c (emergency_cleanup): New.
639 (main): Use gnupg_init_signals and register malloc for assuan.
641 2003-06-23 Werner Koch <wk@gnupg.org>
643 * keyid.c (do_fingerprint_md): Made it work again.
645 2003-06-19 Werner Koch <wk@gnupg.org>
647 Fixed all "==" comparisons against error code constants to use
650 * import.c (import_secret_one):
651 (import_revoke_cert):
654 * misc.c (openpgp_md_map_name): Check also for the Hx format.
655 (openpgp_cipher_map_name): Check also for the Sx format.
656 (pubkey_get_npkey): Adjusted for changed gcrypt API.
657 (pubkey_get_nskey): Ditto.
658 (pubkey_get_nsig): Ditto.
659 (pubkey_get_nenc): Ditto.
661 2003-06-18 Werner Koch <wk@gnupg.org>
663 Finished the bulk of changes for gnupg 1.9. This included
664 switching to libgcrypt functions, using shared error codes from
665 libgpg-error, replacing the old functions we used to have in
666 ../util by those in ../jnlib and ../common, renaming the malloc
667 functions and a couple of types. Note, that not all changes are
668 listed below becuause they are too similar and done at far too
669 many places. As of today the code builds using the current
670 libgcrypt from CVS but it is very unlikely that it actually works.
672 * sig-check.c (cmp_help): Removed. Was never used.
674 * pkglue.c: New. Most stuff taken from gnupg 1.1.2.
677 * misc.c (pull_in_libs): Removed.
679 * keygen.c (count_chr): New.
680 (ask_user_id): Removed faked RNG support.
682 * misc.c (openpgp_md_map_name,openpgp_cipher_map_name)
683 (openpgp_pk_map_name): New.
685 * skclist.c (build_sk_list): Removed faked RNG support.
686 (is_insecure): Removed.
688 * comment.c (make_mpi_comment_node): Use gcry MPI print function.
690 * keyid.c (v3_keyid): New.
692 * misc.c (mpi_write,mpi_write_opaque,mpi_read,mpi_read_opaque)
693 (mpi_print): New. Taken from gnupg 1.1.2.
694 (checksum_mpi): Replaced by implementation from 1.1.2.
696 * g10.c (my_strusage): Renamed from strusage and return NULL
697 instead calling a default function.
698 (add_to_strlist2): New. Taken from ../util/strgutil.c of gnupg 1.2.
700 * plaintext.c (handle_plaintext): New arg CREATE_FILE to cope with
701 the fact that gpg-error does not have this error code anymore.
703 * mainproc.c (symkey_decrypt_sesskey): Ditto.
705 * seskey.c (make_session_key): Adjusted for use with libgcrypt.
706 (encode_session_key): Ditto.
707 (do_encode_md): Ditto.
708 (encode_md_value): Ditto.
710 * keyring.c: Use libgpg-error instead of READ_ERROR etc.
712 * g10.c: Adjusted all algorithm name/id mapping functions.
713 (set_debug): Pass MPI and CRYPTO debug values to libgcrypt.
715 * Makefile.am (INCLUDES): Define LOCALEDIR and the default error
718 * g10.c (i18n_init): s/G10_LOCALEDIR/LOCALEDIR/.
720 Renamed m_alloc et al to xmalloc et al.
721 s/g10_errstr/gpg_strerror/
723 Adjusted all md_open calls to the libgcrypt API.
725 * build-packet.c (do_comment): Return error code from iobuf write
728 (do_public_key): Ditto.
730 * Makefile.am: Add new files, link gpg with libgpg-error.
731 * g10.c, options.h: New option --agent-program.
733 * gpg.h, call-agent.h: New.
735 2003-06-03 David Shaw <dshaw@jabberwocky.com>
737 * options.h, g10.c (main), keylist.c (list_keyblock_print): Add
738 "show-validity" and "show-long-keyid" list-options.
740 * gpgv.c (get_validity, trust_value_to_string): Stubs.
742 * g10.c (main): Use SAFE_VERSION instead of VERSION in the
743 version-specific gpg.conf file so it can be overridden on RISCOS.
745 2003-06-01 David Shaw <dshaw@jabberwocky.com>
747 * g10.c (main), keylist.c (show_policy_url, show_notation),
748 mainproc.c (check_sig_and_print): Emulate the old policy and
749 notation behavior (display by default). Send to status-fd whether
750 it is displayed on the screen or not.
752 * g10.c (main): Since we now have some options in devel that won't
753 work in a stable branch gpg.conf file, try for a version-specific
754 gpg.conf-VERSION file before falling back to gpg.conf.
756 * main.h, options.h: Move various option flags to options.h.
758 2003-05-31 David Shaw <dshaw@jabberwocky.com>
760 * mainproc.c (check_sig_and_print), main.h, keylist.c
761 (show_policy, show_notation): Collapse the old print_notation_data
762 into show_policy() and show_notation() so there is only one
763 function to print notations and policy URLs.
765 * options.h, main.h, g10.c (main), keyedit.c
766 (print_and_check_one_sig), keylist.c (list_one,
767 list_keyblock_print), pkclist.c (do_edit_ownertrust), sign.c
768 (mk_notation_and_policy): New "list-options" and "verify-options"
769 commands. These replace the existing
770 --show-photos/--no-show-photos,
771 --show-notation/--no-show-notation,
772 --show-policy-url/--no-show-policy-url, and --show-keyring
773 options. The new method is more flexible since a user can specify
774 (for example) showing photos during sig verification, but not in
775 key listings. The old options are emulated.
777 * main.h, misc.c (parse_options): New general option line
778 parser. Fix the bug in the old version that did not handle report
779 syntax errors after a valid entry.
781 * import.c (parse_import_options), export.c
782 (parse_export_options): Call it here instead of duplicating the
785 2003-05-30 David Shaw <dshaw@jabberwocky.com>
787 * keylist.c (list_one): Don't show the keyring filename when in
788 --with-colons mode. Actually translate "Keyring" string.
790 * mainproc.c (proc_tree): We can't currently handle multiple
791 signatures of different classes or digests (we'd pretty much have
792 to run a different hash context for each), but if they are all the
793 same, make an exception. This is Debian bug #194292.
795 * sig-check.c (check_key_signature2): Make string translatable.
797 * packet.h, getkey.c (fixup_uidnode): Mark real primary uids
798 differently than assumed primaries.
800 * keyedit.c (no_primary_warning): Use the differently marked
801 primaries here in a new function to warn when an --edit-key
802 command might rearrange the self-sig dates enough to change which
804 (menu_expire, menu_set_preferences): Use no_primary_warning()
807 * Makefile.am: Use @DLLIBS@ for -ldl.
809 2003-05-26 David Shaw <dshaw@jabberwocky.com>
811 * getkey.c (premerge_public_with_secret): Made "no secret subkey
812 for" warning a verbose item and translatable. (From wk on stable
815 * sig-check.c (check_key_signature2): Made "no subkey for subkey
816 binding packet" a verbose item instead of a !quiet one. There are
817 too many garbled keys out in the wild. (From wk on stable branch)
819 * filter.h: Remove const from WHAT. (From wk on stable branch)
821 * progress.c (handle_progress): Store a copy of
822 NAME. (progress_filter): Release WHAT, make sure not to print a
823 NULL WHAT. (From wk on stable branch)
825 * openfile.c (open_sigfile): Adjust free for new progress
826 semantics. (From wk on stable branch)
828 * plaintext.c (ask_for_detached_datafile): Don't dealloc
829 pfx->WHAT. (From wk on stable branch)
831 * seckey-cert.c (do_check): Issue the RSA_OR_IDEA status when the
832 cipher algo is IDEA to make it easier to track down the
833 problem. (From twoaday on stable branch)
835 2003-05-24 David Shaw <dshaw@jabberwocky.com>
837 * armor.c, g10.c, kbnode.c, misc.c, pkclist.c, sign.c,
838 build-packet.c, getkey.c, keydb.c, openfile.c, plaintext.c,
839 status.c, gpgv.c, keygen.c, options.h, sig-check.c, tdbio.h,
840 encode.c, mainproc.c, parse-packet.c, signal.c, textfilter.c: Edit
841 all preprocessor instructions to remove whitespace before the '#'.
842 This is not required by C89, but there are some compilers out
843 there that don't like it.
845 2003-05-21 David Shaw <dshaw@jabberwocky.com>
847 * trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename
848 is_disabled to cache_disabled_value, which now takes a pk and not
849 just the keyid. This is for speed since there is no need to
850 re-fetch a key when we already have that key handy. Cache the
851 result of the check so we don't need to hit the trustdb more than
854 * getkey.c (skip_disabled): New function to get a pk and call
855 is_disabled on it. (key_byname): Use it here.
857 * packet.h, getkey.c (skip_disabled), keylist.c
858 (print_capabilities): New "pk_is_disabled" macro to retrieve the
859 cached disabled value if available, and fill it in via
860 cache_disabled_value if not available.
862 * trustdb.c (get_validity): Cache the disabled value since we have
863 it handy and it might be useful later.
865 * parse-packet.c (parse_key): Clear disabled flag when parsing a
866 new key. Just in case someone forgets to clear the whole key.
868 * getkey.c (merge_selfsigs_main): Add an "if all else fails" path
869 for setting a single user ID primary when there are multiple set
870 primaries all at the same second, or no primaries set and the most
871 recent user IDs are at the same second, or no signed user IDs at
872 all. This is arbitrary, but deterministic.
874 * exec.h, photoid.h: Add copyright message.
876 * keylist.c (list_keyblock_print): Don't dump attribs for
877 revoked/expired/etc uids for non-colon key listings. This is for
878 consistency with --show-photos.
880 * main.h, keylist.c (dump_attribs), mainproc.c
881 (check_sig_and_print): Dump attribs if --attrib-fd is set when
882 verifying signatures.
884 * g10.c (main): New --gnupg option to disable the various
885 --openpgp, --pgpX, etc. options. This is the same as --no-XXXX
888 * revoke.c (ask_revocation_reason): Clear old reason if user
889 elects to repeat question. This is bug 153.
891 * keyedit.c (sign_uids): Show keyid of the key making the
894 2003-05-21 Werner Koch <wk@gnupg.org>
896 * progress.c (handle_progress)
897 * sign.c (write_plaintext_packet)
898 * encode.c (encode_simple,encode_crypt): Make sure that a filename
899 of "-" is considered to be stdin so that iobuf_get_filelength
900 won't get called. This fixes bug 156 reported by Gregery Barton.
902 2003-05-02 David Shaw <dshaw@jabberwocky.com>
904 * packet.h, build-packet.c (build_sig_subpkt), export.c
905 (do_export_stream), import.c (remove_bad_stuff, import),
906 parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt): Remove
907 vestigal code for the old sig cache subpacket. This wasn't
908 completely harmless as it caused subpacket 101 to disappear on
911 * options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c,
912 sign.c, encode.c, getkey.c, revoke.c: The current flags for
913 different levels of PGP-ness are massively complex. This is step
914 one in simplifying them. No functional change yet, just use a
915 macro to check for compliance level.
917 * sign.c (sign_file): Fix bug that causes spurious compression
920 * sign.c (clearsign_file): Fix bug that prevents proper warning
921 message from appearing when clearsigning in --pgp2 mode with a
924 * main.h, misc.c (compliance_option_string, compliance_string,
925 compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
926 clearsign_file), encode.c (encode_crypt,
927 write_pubkey_enc_from_list): New functions to put the "this
928 message may not be usable...." warning in one place.
930 * options.h, g10.c (main): Part two of the simplification. Use a
931 single enum to indicate what we are compliant to (1991, 2440,
934 * g10.c (main): Show errors for failure in export, send-keys,
935 recv-keys, and refresh-keys.
937 * options.h, g10.c (main): Give algorithm warnings for algorithms
938 chosen against the --pgpX and --openpgp rules.
940 * keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in
943 * sign.c (sign_file), pkclist.c (algo_available): Allow passing a
946 2003-05-01 David Shaw <dshaw@jabberwocky.com>
948 * tdbio.c (create_version_record): Only create new trustdbs with
949 TM_CLASSIC or TM_PGP.
951 * trustdb.h, trustdb.c (trust_string, get_ownertrust_string,
952 get_validity_string, ask_ownertrust, validate_keys), pkclist.c
953 (do_edit_ownertrust): Rename trust_string to trust_value_to_string
954 for naming consistency.
956 * trustdb.h, trustdb.c (string_to_trust_value): New function to
957 translate a string to a trust value.
959 * g10.c (main): Use string_to_trust_value here for
962 * options.h, g10.c (main), trustdb.c (trust_model_string,
963 init_trustdb, check_trustdb, update_trustdb, get_validity,
964 validate_one_keyblock): An "OpenPGP" trust model is misleading
965 since there is no official OpenPGP trust model. Use "PGP"
968 2003-04-30 David Shaw <dshaw@jabberwocky.com>
970 * build-packet.c (build_sig_subpkt): Comments.
972 * exec.c (exec_write): Cast NULL to void* to properly terminate
975 * keyedit.c (show_key_with_all_names): Just for safety, catch an
976 invalid pk algorithm.
978 * sign.c (make_keysig_packet): Crucial that the call to mksubpkt
979 comes LAST before the calls to finalize the sig as that makes it
980 possible for the mksubpkt function to get a reliable pointer to
983 * pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
984 particular user ID, use that ID as the one to ask about when
985 prompting whether to use the key anyway.
986 (build_pk_list): Similar change here when adding keys to the
989 * trustdb.c (update_validity): Fix bug that prevented more than
990 one validity record per trust record.
991 (get_validity): When retrieving validity for a (user) supplied
992 user ID, return the validity for that user ID only, and do not
993 fall back to the general key validity.
994 (validate_one_keyblock): Some commentary on whether
995 non-self-signed user IDs belong in the web of trust (arguably,
998 2003-04-27 David Shaw <dshaw@jabberwocky.com>
1000 * g10.c (main): Add --no-textmode.
1002 * export.c (do_export_stream), keyedit.c (show_key_with_all_names,
1003 menu_addrevoker), mainproc.c (check_sig_and_print), photoid.c
1004 (show_photos), sign.c (mk_notation_and_policy), trustdb.c
1005 (get_validity, reset_trust_records, validate_keys): Make some
1006 strings translatable.
1008 * mainproc.c (check_sig_and_print): Show digest algorithm and sig
1009 class when verifying a sig with --verbose on, and add version, pk
1010 and hash algorithms and sig class to VALIDSIG.
1012 * parse-packet.c (enum_sig_subpkt): Make a warning message a
1013 --verbose warning message since we don't need to warn every time
1014 we see an unknown critical (we only need to invalidate the
1017 * trustdb.c (init_trustdb): Check the trustdb options even with
1018 TM_AUTO since the auto may become TM_CLASSIC or TM_OPENPGP.
1020 2003-04-26 David Shaw <dshaw@jabberwocky.com>
1022 * sign.c (do_sign): Show the hash used when making a signature in
1025 * tdbio.h, tdbio.c (tdbio_read_model): New function to return the
1026 trust model used in a given trustdb.
1028 * options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb,
1029 update_trustdb): Use tdbio_read_model to implement an "auto" trust
1030 model which is set via the trustdb.
1032 2003-04-23 David Shaw <dshaw@jabberwocky.com>
1034 * import.c (import_revoke_cert): Remove ultimate trust when
1035 revoking an ultimately trusted key.
1037 * keyedit.c (sign_uids): Allow replacing expired signatures.
1038 Allow duplicate signatures with --expert.
1040 * pkclist.c (check_signatures_trust): Don't display a null
1041 fingerprint when checking a signature with --always-trust enabled.
1043 * filter.h (progress_filter_context_t), progress.c
1044 (handle_progress), plaintext.c (ask_for_detached_datafile,
1045 hash_datafiles): Fix compiler warnings. Make "what" constant.
1047 * build-packet.c (do_plaintext): Do not create invalid literal
1048 packets with >255-byte names.
1050 2003-04-15 Werner Koch <wk@gnupg.org>
1052 * Makefile.am (AM_CFLAGS): Make use of AM_CFLAGS and AM_LDFLAGS.
1054 * g10.c, options.h: New option --enable-progress-filter.
1055 * progress.c (handle_progress): Make use of it.
1057 2003-04-15 Marcus Brinkmann <marcus@g10code.de>
1059 * progress.c: New file.
1060 * Makefile.am (common_source): Add progress.c.
1061 * filter.h (progress_filter_context_t): New type.
1062 (progress_filter, handle_progress): New prototypes.
1063 * main.h (open_sigfile): New argument for prototype.
1064 * openfile.c (open_sigfile): New argument to install progress
1066 * encode.c (encode_simple): New variable PFX. Register
1067 progress filter. Install text_filter after that.
1068 (encode_crypt): Likewise.
1069 * sign.c (sign_file): Likewise.
1070 (clearsign_file): Likewise.
1071 * decrypt.c (decrypt_message): Likewise.
1072 (decrypt_messages): Likewise.
1073 * verify.c (verify_signatures): Likewise.
1074 (verify_one_file): Likewise.
1075 * plaintext.c (hash_datafiles): Likewise.
1076 (ask_for_detached_datafile): Likewise.
1078 2003-04-10 Werner Koch <wk@gnupg.org>
1080 * passphrase.c (read_passphrase_from_fd): Do a dummy read if the
1081 agent is to be used. Noted by Ingo Klöcker.
1082 (agent_get_passphrase): Inhibit caching when we have no
1083 fingerprint. This is required for key generation as well as for
1084 symmetric only encryption.
1086 * passphrase .c (agent_get_passphrase): New arg CANCELED.
1087 (passphrase_to_dek): Ditto. Passed to above. Changed all
1088 callers to pass NULL.
1089 * seckey-cert.c (do_check): New arg CANCELED.
1090 (check_secret_key): Terminate loop when canceled.
1092 * keyedit.c (change_passphrase): Pass ERRTEXT untranslated to
1093 passphrase_to_dek and translate where appropriate.
1094 * seckey-cert.c (check_secret_key): Ditto.
1095 * keygen.c (ask_passphrase): Ditto.
1096 * passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT.
1097 Switch the codeset to utf-8.
1099 2003-04-09 Werner Koch <wk@gnupg.org>
1101 * decrypt.c (decrypt_messages): Fixed error handling; the function
1102 used to re-loop with same file after an error. Reported by Joseph
1105 2003-04-08 David Shaw <dshaw@jabberwocky.com>
1107 * main.h, g10.c (main), import.c (parse_import_options,
1108 fix_pks_corruption): It's really PKS corruption, not HKP
1109 corruption. Keep the old repair-hkp-subkey-bug command as an
1112 * g10.c (main): Rename --no-version to --no-emit-version for
1113 consistency. Keep --no-version as an alias.
1115 2003-04-04 David Shaw <dshaw@jabberwocky.com>
1117 * pkclist.c (algo_available): PGP 8 can use the SHA-256 hash.
1119 * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Remove
1122 2003-04-01 Werner Koch <wk@gnupg.org>
1124 * mainproc.c (check_sig_and_print): Add primary key fpr to VALIDSIG
1127 2003-03-24 David Shaw <dshaw@jabberwocky.com>
1129 * keydb.h: Err on the side of making an unknown signature a SIG
1132 * import.c (delete_inv_parts): Discard any key signatures that
1133 aren't key types (i.e. 0x00, 0x01, etc.)
1135 * g10.c (main): Add deprecated option warning for
1136 --list-ownertrust. Add --compression-algo alias for
1137 --compress-algo. Change --version output strings to match
1138 "showpref" strings, and make translatable.
1140 * status.c (do_get_from_fd): Accept 'y' as well as 'Y' for
1141 --command-fd boolean input.
1143 * trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX)
1145 * keyedit.c (show_key_with_all_names_colon): Show no-ks-modify
1148 2003-03-11 David Shaw <dshaw@jabberwocky.com>
1150 * options.h, g10.c (main), keyserver.c (kopts): Add "try-dns-srv"
1151 keyserver option. Defaults to on.
1153 * passphrase.c (agent_get_passphrase): Fix memory leak with
1154 symmetric messages. Fix segfault with symmetric messages. Fix
1155 incorrect prompt with symmetric messages.
1157 2003-03-10 Werner Koch <wk@gnupg.org>
1159 * compress.c (init_uncompress): Use a 15 bit window size so that
1160 the output of implementations which don't run for PGP 2
1161 compatibility won't get garbled.
1163 2003-03-04 David Shaw <dshaw@jabberwocky.com>
1165 * trustdb.c (validate_keys): Mask the ownertrust when building the
1166 list of fully valid keys so that disabled keys are still counted
1167 in the web of trust.
1168 (get_ownertrust_with_min): Do the same for the minimum ownertrust
1171 * parse-packet.c (dump_sig_subpkt): Show the notation names for
1172 not-human-readable notations. Fix cosmetic off-by-one length
1175 * options.skel: Add explantion and commented-out
1176 "no-mangle-dos-filenames".
1178 * mainproc.c (proc_encrypted): Make string translatable.
1180 * keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit
1181 characters in the uid strings sent to the keyserver helper.
1183 * keyring.c (keyring_rebuild_cache): Lock the keyring while
1184 rebuilding the signature caches to prevent another gpg from
1185 tampering with the temporary copy.
1187 * keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in
1190 * keyedit.c (show_prefs): Make strings translatable.
1192 * keydb.c: Double the maximum number of keyrings to 40.
1194 * gpgv.c (main): Fix bug #113 - gpgv should accept the
1195 --ignore-time-conflict option.
1197 * g10.c (main): --openpgp disables --pgpX. Double the amount of
1198 secure memory to 32k (keys are getting bigger these days).
1200 * Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we
1201 are using capabilities.
1203 2003-02-26 David Shaw <dshaw@jabberwocky.com>
1205 * keyserver.c (keyserver_spawn): Include various pieces of
1206 information about the key in the data sent to the keyserver
1207 helper. This allows the helper to use it in instructing a remote
1208 server which may not have any actual OpenPGP smarts in parsing
1211 * main.h, export.c (export_pubkeys_stream, do_export_stream): Add
1212 ability to return only the first match in an exported keyblock for
1213 keyserver usage. This should be replaced at some point with a
1214 more flexible solution where each key can be armored seperately.
1216 2003-02-22 David Shaw <dshaw@jabberwocky.com>
1218 * sign.c (sign_file): Do not push textmode filter onto an unopened
1219 IOBUF (segfault). Noted by Marcus Brinkmann. Push and
1220 reinitialize textmode filter for each file in a multiple file
1223 * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set
1224 and show the keyserver no-modify flag.
1226 * keygen.c (add_keyserver_modify): New.
1227 (keygen_upd_std_prefs): Call it here.
1228 (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as
1229 prefs to set and unset keyserver modify flag.
1231 * g10.c (main): Accept "s1" in addition to "idea" to match the
1234 * main.h, misc.c (idea_cipher_warn): We don't need this if IDEA
1237 2003-02-21 David Shaw <dshaw@jabberwocky.com>
1239 * keygen.c (keygen_set_std_prefs): Don't put AES or CAST5 in
1240 default prefs if they are disabled.
1242 * g10.c (main): Use 3DES instead of CAST5 if we don't have CAST5
1243 support. Use 3DES for the s2k cipher in --openpgp mode.
1244 (print_mds): #ifdef all of the optional digest algorithms.
1246 2003-02-12 David Shaw <dshaw@jabberwocky.com>
1248 * keydb.h, getkey.c (classify_user_id, classify_user_id2): Make
1249 'exact' a per-desc item. Merge into one function since
1250 'force_exact' is no longer needed.
1251 (key_byname): Use new classify_user_id function, and new exact
1252 flag in KEYDB_SEARCH_DESC.
1254 * keyring.h, keyring.c (keyring_search): Return an optional index
1255 to show which KEYDB_SEARCH_DESC was the matching one.
1257 * keydb.h, keydb.c (keydb_search): Rename to keydb_search2, and
1258 pass the optional index to keyring_search. Add a macro version of
1259 keydb_search that calls this new function.
1261 * export.c (do_export_stream): If the keyid! syntax is used,
1262 export only that specified key. If the key in question is a
1263 subkey, export the primary plus that subkey only.
1265 2003-02-11 David Shaw <dshaw@jabberwocky.com>
1267 * exec.c (set_exec_path): Add debugging line.
1269 * g10.c (print_hex, print_mds): Print long hash strings a lot
1270 neater. This assumes at least an 80-character display, as there
1271 are a few other similar assumptions here and there. Users who
1272 need unformatted hashes can still use with-colons. Check that
1273 SHA384 and 512 are available before using them as they are no
1274 longer always available.
1276 * Makefile.am: Use a local copy of libexecdir along with @PACKAGE@
1277 as GNUPG_LIBEXECDIR so it can be easily overridden at make time.
1279 2003-02-04 David Shaw <dshaw@jabberwocky.com>
1281 * armor.c (parse_hash_header, armor_filter): Accept the new SHAs
1282 in the armor Hash: header.
1284 * g10.c (print_hex): Print long hash strings a little neater.
1285 (print_mds): Add the new SHAs to the hash list.
1287 2003-02-02 David Shaw <dshaw@jabberwocky.com>
1289 * keyedit.c (menu_revuid): Properly handle a nonselfsigned uid on
1290 a v4 key (treat as a v4 revocation).
1292 * import.c (print_import_check): Do not re-utf8 convert user IDs.
1294 2003-01-27 David Shaw <dshaw@jabberwocky.com>
1296 * mainproc.c (list_node): Show signature expiration date in
1297 with-colons sig records.
1299 * keylist.c (list_keyblock_colon), mainproc.c (list_node): Show
1300 trust sig information in with-colons sig records.
1302 2003-01-16 David Shaw <dshaw@jabberwocky.com>
1304 * g10.c (add_group): Trim whitespace after a group name so it does
1305 not matter where the user puts the = sign.
1307 * options.skel: Comment out the first three lines in case someone
1308 manually copies the skel file to their homedir.
1310 * sign.c (clearsign_file): Only use pgp2mode with v3 keys and
1311 MD5. This matches what we do when decoding such messages and
1312 prevents creating a message (v3+RIPEMD/160) that we can't verify.
1314 * sig-check.c (signature_check2): Use G10ERR_GENERAL as the error
1315 for signature digest conflict. BAD_SIGN implies that a signature
1316 was checked and we may try and print out a user ID for a key that
1319 2003-01-15 David Shaw <dshaw@jabberwocky.com>
1321 * trustdb.c (init_trustdb, get_validity): Don't use a changed
1322 trust model to indicate a dirty trustdb, and never auto-rebuild a
1323 dirty trustdb with the "always" trust model.
1325 * g10.c (add_group): Last commit missed the \t ;)
1327 2003-01-14 David Shaw <dshaw@jabberwocky.com>
1329 * packet.h, parse-packet.c (setup_user_id), free-packet.c
1330 (free_user_id), keydb.h, keyid.c (namehash_from_uid): New function
1331 to rmd160-hash the contents of a user ID packet and cache it in
1334 * keylist.c (list_keyblock_colon): Use namehash in field 8 of
1335 uids. Show dates for creation (selfsig date), and expiration in
1338 * trustdb.c (get_validity, get_validity_counts, update_validity):
1339 Use new namehash function rather than hashing it locally.
1341 2003-01-14 Werner Koch <wk@gnupg.org>
1343 * g10.c (add_group): Fixed group parsing to allow more than one
1344 delimiter in a row and also allow tab as delimiter.
1346 2003-01-12 David Shaw <dshaw@jabberwocky.com>
1348 * tdbio.c (tdbio_set_dbname): Fix assertion failure with
1349 non-fully-qualified trustdb names.
1351 2003-01-11 David Shaw <dshaw@jabberwocky.com>
1353 * trustdb.c (get_validity_info, get_ownertrust_info,
1354 trust_letter): Simplify by returning a ? for error directly.
1356 * keyedit.c (show_key_with_all_names): Use get_validity_string and
1357 get_ownertrust_string to show full word versions of trust
1358 (i.e. "full" instead of 'f').
1360 * trustdb.h, trustdb.c (get_ownertrust_string,
1361 get_validity_string): Same as get_ownertrust_info, and
1362 get_validity_info, except returns a full string.
1364 * trustdb.c (get_ownertrust_with_min): New. Same as
1365 'get_ownertrust' but takes the min_ownertrust value into account.
1367 2003-01-10 David Shaw <dshaw@jabberwocky.com>
1369 * armor.c (armor_filter): Comment about PGP's end of line tab
1372 * trustdb.h, trustdb.c (trust_letter): Make
1373 static. (get_ownertrust_info, get_validity_info): Don't mask the
1376 * trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
1377 keylist.c (list_keyblock_colon), keyedit.c
1378 (show_key_with_all_names_colon, menu_revuid): Pass a user ID in
1379 rather than a namehash, so we only have to do the hashing in one
1382 * packet.h, pkclist.c (build_pk_list), free-packet.c
1383 (release_public_key_parts): Remove unused namehash element for
1386 2003-01-07 David Shaw <dshaw@jabberwocky.com>
1388 * keygen.c (keygen_set_std_prefs): Warn when setting an IDEA
1389 preference when IDEA is not available.
1391 2003-01-06 David Shaw <dshaw@jabberwocky.com>
1393 * trustdb.c (get_validity_info): 'd' for disabled is not a
1394 validity value any more.
1396 * packet.h, tdbio.h, tdbio.c (tdbio_read_record,
1397 tdbio_write_record), trustdb.c (update_validity): Store temporary
1398 full & marginal counts in the trustdb.
1399 (clear_validity, get_validity_counts): Return and clear temp
1401 (store_validation_status): Keep track of which keyids have been
1403 (validate_one_keyblock, validate_key_list): Use per-uid copies of
1404 the full & marginal counts so they can be recalled for multiple
1406 (validate_keys): Only use unused keys for each new round.
1407 (reset_unconnected_keys): Rename to reset_trust_records, and only
1408 skip specifically excluded records.
1410 * keylist.c (print_capabilities): Show 'D' for disabled keys in
1411 capabilities section.
1413 * trustdb.c (is_disabled): Remove incorrect comment.
1415 2003-01-03 David Shaw <dshaw@jabberwocky.com>
1417 * import.c (import_one): Only do the work to create the status
1418 display for interactive import if status is enabled.
1420 * keyring.c (keyring_search): skipfnc didn't work properly with
1421 non-keyid searches. Noted by Stefan Bellon.
1423 * getkey.c (merge_selfsigs_main): Remove some unused code and make
1424 sure that the pk selfsigversion member accounts for 1F direct
1427 2003-01-02 Werner Koch <wk@gnupg.org>
1429 * keydb.c (keydb_add_resource): Don't assume that try_make_homedir
1430 terminates but check again for the existence of the directory and
1432 * openfile.c (copy_options_file): Print a warning if the skeleton
1433 file has active options.
1435 2002-12-29 David Shaw <dshaw@jabberwocky.com>
1437 * getkey.c (merge_selfsigs_main), main.h, sig-check.c
1438 (check_key_signature2): Pass the ultimately trusted pk directly to
1439 check_key_signature2 to avoid going through the key selection
1440 mechanism. This prevents a deadly embrace when two keys without
1441 selfsigs each sign the other.
1443 2002-12-27 David Shaw <dshaw@jabberwocky.com>
1445 * keyserver.c (keyserver_refresh): Don't print the "refreshing..."
1446 line if there are no keys to refresh or if there is no keyserver
1449 * getkey.c (merge_selfsigs_main): Any valid user ID should make a
1450 key valid, not just the last one. This also fixes Debian bug
1453 2002-12-27 Stefan Bellon <sbellon@sbellon.de>
1455 * import.c (print_import_check): Changed int to size_t.
1457 2002-12-27 David Shaw <dshaw@jabberwocky.com>
1459 * keyedit.c (keyedit_menu, menu_revuid): Add "revuid" feature to
1460 revoke a user ID. This is the same as issuing a revocation for
1461 the self-signature, but a much simpler interface to do it.
1463 2002-12-26 David Shaw <dshaw@jabberwocky.com>
1465 * keydb.h, getkey.c (key_byname): Flag to enable or disable
1466 including disabled keys. Keys specified via keyid (i.e. 0x...)
1467 are always included.
1469 * getkey.c (get_pubkey_byname, get_seckey_byname2,
1470 get_seckey_bynames), keyedit.c (keyedit_menu, menu_addrevoker):
1471 Include disabled keys in these functions.
1473 * pkclist.c (build_pk_list): Do not include disabled keys for -r
1474 or the key prompt. Do include disabled keys for the default key
1477 * trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping
1480 * gpgv.c (is_disabled): Stub.
1482 * keygen.c (keygen_add_key_expire): Properly handle updating a key
1483 expiration to a no-expiration value.
1485 * keyedit.c (enable_disable_key): Comment.
1487 * import.c (import_one): When in interactive mode and --verbose,
1488 don't repeat some key information twice.
1490 2002-12-22 Timo Schulz <ts@winpt.org>
1492 * import.c (print_import_check): New.
1493 (import_one): Use it here.
1494 Use merge_keys_and_selfsig in the interactive mode to avoid
1495 wrong key information.
1496 * status.h: Add new status code.
1499 2002-12-13 David Shaw <dshaw@jabberwocky.com>
1501 * pkclist.c (do_we_trust): Tweak language to refer to the "named
1502 user" rather than "owner". Noted by Stefan Bellon.
1504 * trustdb.h, trustdb.c (trustdb_pending_check): New function to
1505 check if the trustdb needs a check.
1507 * import.c (import_keys_internal): Used here so we don't rebuild
1508 the trustdb if it is still clean.
1509 (import_one, chk_self_sigs): Only mark trustdb dirty if the key
1510 that is being imported has any sigs other than self-sigs.
1511 Suggested by Adrian von Bidder.
1513 * options.skel: Include the required '=' sign in the sample
1514 'group' option. Noted by Stefan Bellon.
1516 * import.c (chk_self_sigs): Don't try and check a subkey as if it
1519 2002-12-11 David Shaw <dshaw@jabberwocky.com>
1521 * tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
1522 RECTYPE_TRUST records a bit.
1524 * g10.c (main): Comment out --list-trust-path until it can be
1527 * import.c (import_one): Warn when importing an Elgamal primary
1528 that this may take some time (to verify self-sigs).
1529 (chk_self_sigs): Try and cache all self-sigs so the keyblock is
1530 written to the keyring with a good rich cache.
1532 * keygen.c (ask_algo): Make the Elgamal sign+encrypt warning
1533 stronger, and remove the RSA sign+encrypt warning.
1535 2002-12-06 Stefan Bellon <sbellon@sbellon.de>
1537 * options.h: Fixed typo (mangle_dos_names instead of
1538 mangle_dos_filenames).
1540 2002-12-05 Werner Koch <wk@gnupg.org>
1542 * g10.c: New options --[no-]mangle-dos-filenames.
1543 * options.h (opt): Added mangle-dos-filenames.
1544 * openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
1545 filename only when this option is set; this is the default.
1547 2002-12-04 David Shaw <dshaw@jabberwocky.com>
1549 * main.h, keyedit.c, keygen.c: Back out previous (2002-12-01)
1550 change. Minimal isn't always best.
1552 * sign.c (update_keysig_packet): Use the current time rather then
1553 a modification of the original signature time. Make sure that
1554 this doesn't cause a time warp.
1556 * keygen.c (keygen_add_key_expire): Properly handle a key
1557 expiration date in the past (use a duration of 0).
1559 * keyedit.c (menu_expire): Use update_keysig_packet so any sig
1560 subpackets are maintained during the update.
1562 * build-packet.c (build_sig_subpkt): Mark sig expired or unexpired
1563 when the sig expiration subpacket is added.
1564 (build_sig_subpkt_from_sig): Handle making an expiration subpacket
1565 from a sig that has already expired (use a duration of 0).
1567 * packet.h, sign.c (update_keysig_packet), keyedit.c
1568 (menu_set_primary_uid, menu_set_preferences): Add ability to issue
1569 0x18 subkey binding sigs to update_keysig_packet and change all
1572 * trustdb.c (validate_keys): Show trust parameters when building
1573 the trustdb, and make sure that the version record update was
1575 (init_trustdb): If the current parameters aren't what was used for
1576 building the trustdb, the trustdb is invalid.
1578 * tbio.c (tdbio_db_matches_options): Update to work with new
1581 2002-12-03 David Shaw <dshaw@jabberwocky.com>
1583 * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store
1584 trust model in the trustdb version record.
1585 (tdbio_update_version_record): New function to update version
1586 record values during a trustdb check or update.
1587 (tdbio_dump_record): Show trust model in dump.
1589 * trustdb.c (validate_keys): Call tdbio_update_version_record on
1590 success so that the correct options are stored in the trustdb.
1592 * options.h: rearrange trust models so that CLASSIC is 0 and
1595 * options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
1596 pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8
1597 mode. This is basically identical to --pgp7 in all ways except
1598 that signing subkeys, v4 data sigs (including expiration), and SK
1599 comments are allowed.
1601 * getkey.c (finish_lookup): Comment.
1603 * main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu):
1604 Reorder user ID display in the --edit-key menu to match that of
1605 the --list-keys display.
1607 * g10.c (add_notation_data): Fix initialization.
1609 2002-12-01 David Shaw <dshaw@jabberwocky.com>
1611 * keyedit.c (menu_expire): Don't lose key flags when changing the
1612 expiration date of a subkey. This is not the most optimal
1613 solution, but it is minimal change on the stable branch.
1615 * main.h, keygen.c (do_copy_key_flags): New function to copy key
1616 flags, if any, from one sig to another.
1617 (do_add_key_expire): New function to add key expiration to a sig.
1618 (keygen_copy_flags_add_expire): New version of
1619 keygen_add_key_expire that also copies key flags.
1620 (keygen_add_key_flags_and_expire): Use do_add_key_expire.
1622 * import.c (fix_hkp_corruption): Comment.
1624 2002-11-25 Stefan Bellon <sbellon@sbellon.de>
1626 * plaintext.c (handle_plaintext) [__riscos__]: If nooutput is set,
1627 no filetype is needed obviously.
1629 2002-11-24 David Shaw <dshaw@jabberwocky.com>
1631 * main.h, misc.c (default_cipher_algo, default_compress_algo):
1632 New. Return the default algorithm by trying
1633 --cipher-algo/--compress-algo, then the first item in the pref
1634 list, then s2k-cipher-algo or ZIP.
1636 * sign.c (sign_file, sign_symencrypt_file), encode.c
1637 (encode_simple, encode_crypt): Call default_cipher_algo and
1638 default_compress_algo to get algorithms.
1640 * g10.c (main): Allow pref selection for compress algo with
1643 * mainproc.c (proc_encrypted): Use --s2k-digest-algo for
1644 passphrase mangling rather than --digest-algo.
1646 * sign.c (hash_for): If --digest-algo is not set, but
1647 --personal-digest-preferences is, then use the first hash
1648 algorithm in the personal list. If the signing algorithm is DSA,
1649 then use the first 160-bit hash algorithm in the personal list.
1650 If --pgp2 is set and it's a v3 RSA key, use MD5.
1652 * g10.c (main), keydb.c (keydb_add_resource,
1653 keydb_locate_writable): Rename --default-keyring as
1654 --primary-keyring. Stefan wins the naming contest.
1656 2002-11-23 David Shaw <dshaw@jabberwocky.com>
1658 * g10.c (add_notation_data): Disallow notation names that do not
1659 contain a '@', unless --expert is set. This is to help prevent
1660 people from polluting the (as yet unused) IETF namespace.
1662 * main.h: Comments about default algorithms.
1664 * photoid.c (image_type_to_string): Comments about 3-letter file
1667 * encode.c (encode_simple), passphrase.c (passphrase_to_dek),
1668 sign.c (sign_symencrypt_file): Use --s2k-digest-algo for
1669 passphrase mangling rather than --digest-algo.
1671 2002-11-21 David Shaw <dshaw@jabberwocky.com>
1673 * keygen.c (keygen_set_std_prefs): Properly handle an empty
1676 * misc.c (string_to_compress_algo): "none" is a bad choice since
1677 it conflicts with the "none" in setpref.
1679 2002-11-14 David Shaw <dshaw@jabberwocky.com>
1681 * g10.c (main): Allow compression algorithm names as the argument
1682 to --compress-algo. The old algorithm names still work for
1683 backwards compatibility.
1685 * misc.c (string_to_compress_algo): Allow "none" as an alias for
1688 2002-11-13 Stefan Bellon <sbellon@sbellon.de>
1690 * getkey.c (get_pubkey_byfprint_fast): Fixed type incompatibility,
1691 was unsigned char instead of byte.
1693 2002-11-13 David Shaw <dshaw@jabberwocky.com>
1695 * encode.c (encode_simple): Make sure that files larger than about
1696 4G use partial length encoding. This is required because OpenPGP
1697 allows only for 32 bit length fields. From Werner on stable
1700 * getkey.c (get_pubkey_direct): Renamed to...
1701 (get_pubkey_fast): this and made extern.
1702 (get_pubkey_byfprint_fast): New. From Werner on stable branch.
1704 * keydb.h, import.c (import_one): Use get_pubkey_fast instead of
1705 get_pubkey. We don't need a merged key and actually this might
1707 (revocation_present): Likewise for search by fingerprint. From
1708 Werner on stable branch.
1710 * g10.c (main): Try to create the trustdb even for non-colon-mode
1711 list-key operations. This is required because getkey needs to
1712 know whether a a key is ultimately trusted. From Werner on stable
1715 * exec.c [__CYGWIN32__]: Keep cygwin separate from Mingw32;
1716 we don't need it here as it behaves more like a Posix system.
1717 From Werner on stable branch.
1719 * passphrase.c (agent_get_passphrase): Ditto. From Werner on
1722 * tdbio.c (MY_O_BINARY): Need binary mode with Cygwin. From
1723 Werner on stable branch.
1725 * g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from
1726 the registry. From Werner on stable branch.
1728 * keyedit.c (show_key_with_all_names_colon): Make --with-colons
1729 --edit display match the validity and trust of --with-colons
1732 * passphrase.c (agent_send_all_options): Fix compile warning.
1734 * keylist.c (list_keyblock_colon): Validity for subkeys should
1735 match that of the primary key, and not that of the last user ID.
1737 * getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys
1738 carry these facts onto all their subkeys, but only after the
1739 subkey has a chance to be marked valid. This is to fix an
1740 incorrect "invalid public key" error verifying a signature made by
1741 a revoked signing subkey, with a valid unrevoked primary key.
1743 2002-11-09 Werner Koch <wk@gnupg.org>
1745 * passphrase.c (agent_send_all_options): Use tty_get_ttyname to
1746 get the default ttyname.
1748 2002-11-07 David Shaw <dshaw@jabberwocky.com>
1750 * keyring.h, keyring.c (keyring_register_filename): Return the
1751 pointer if a given keyring is registered twice.
1753 * keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a
1755 (keydb_locate_writable): Prefer the default keyring if possible.
1757 * g10.c (main): Add --default-keyring option.
1759 2002-11-06 David Shaw <dshaw@jabberwocky.com>
1761 * options.h, g10.c (main), trustdb.c (ask_ownertrust): Add
1762 --force-ownertrust option for debugging purposes. This allows
1763 setting a whole keyring to a given trust during an
1764 --update-trustdb. Not for normal use - it's just easier than
1765 hitting "4" all the time to test a large trustdb.
1767 * pubkey-enc.c (get_session_key): With hidden recipients or try a
1768 given passphrase against all secret keys rather than trying all
1769 secret keys in turn. Don't if --try-all-secrets or --status-fd is
1772 * passphrase.c (passphrase_to_dek): Mode 1 means do a regular
1773 passphrase query, but don't prompt with the key info.
1775 * seckey-cert.c (do_check, check_secret_key): A negative ask count
1776 means to enable passphrase mode 1.
1778 * keydb.h, getkey.c (enum_secret_keys): Add flag to include
1779 secret-parts-missing keys (or not) in the list.
1781 2002-11-05 David Shaw <dshaw@jabberwocky.com>
1783 * keyserver.c (keyserver_search_prompt): When --with-colons is
1784 enabled, don't try and fit the search output to the screen size -
1785 just dump the whole list.
1787 2002-11-04 David Shaw <dshaw@jabberwocky.com>
1789 * keyserver.c (keyserver_search_prompt): When --with-colons is
1790 enabled, just dump the raw keyserver protocol to stdout and don't
1793 * keyserver.c (show_prompt): Don't show a prompt when command-fd
1796 * trustdb.c (trust_model_string, check_trustdb, update_trustdb,
1797 validate_one_keyblock): It's not clear what a trustdb rebuild or
1798 check means with a trust model other than "classic" or "openpgp",
1801 2002-11-03 David Shaw <dshaw@jabberwocky.com>
1803 * options.h, g10.c (main): Add --trust-model option. Current
1804 models are "openpgp" which is classic+trustsigs, "classic" which
1805 is classic only, and "always" which is the same as the current
1806 option --always-trust (which still works). Default is "openpgp".
1808 * trustdb.c (validate_one_keyblock): Use "openpgp" trust model to
1811 * gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c
1812 (do_we_trust, do_we_trust_pre, check_signatures_trust): Use new
1813 --trust-model option in place of --always-trust.
1815 * keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids,
1816 keyedit_menu): Prompt for and create a trust signature with
1817 "tsign". This is functional, but needs better UI text.
1819 * build-packet.c (build_sig_subpkt): Able to build trust and
1822 * pkclist.c (do_edit_ownertrust): Comment.
1824 2002-11-02 David Shaw <dshaw@jabberwocky.com>
1826 * keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the
1827 full algorithm name (CAST5, SHA1) rather than the short form (S3,
1830 * main.h, keygen.c (keygen_get_std_prefs), keyedit.c
1831 (keyedit_menu): Return and use a fake uid packet rather than a
1832 string since we already have a nice parser/printer in
1833 keyedit.c:show_prefs.
1835 * main.h, misc.c (string_to_compress_algo): New.
1837 2002-11-01 David Shaw <dshaw@jabberwocky.com>
1839 * g10.c (main): Add --no-throw-keyid.
1841 * keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main),
1842 pkclist.c (build_pk_list): Add --hidden-recipient (-R) and
1843 --hidden-encrypt-to, which do a single-user variation on
1844 --throw-keyid. The "hide this key" flag is carried in bit 0 of
1845 the pk_list flags field.
1847 * keyserver.c (parse_keyrec): Fix shadowing warning.
1849 2002-10-31 Stefan Bellon <sbellon@sbellon.de>
1851 * compress.c (init_compress) [__riscos__]: Use
1852 riscos_load_module() to load ZLib module.
1854 * g10.c (main) [__riscos__]: Renames due to changes in riscos.c
1855 (e.g. prefixes all RISC OS specific functions with riscos_*).
1856 * photoid.c (show_photos) [__riscos__]: Likewise.
1857 * signal.c (got_fatal_signal) [__riscos__]: Likewise.
1859 * trustdb.c (check_regexp) [__riscos__]: Branch to RISC OS RegEx
1862 2002-10-31 David Shaw <dshaw@jabberwocky.com>
1864 * build-packet.c (do_plaintext), encode.c (encode_sesskey,
1865 encode_simple, encode_crypt), sign.c (write_plaintext_packet): Use
1866 wipememory() instead of memset() to wipe sensitive memory as the
1867 memset() might be optimized away.
1869 2002-10-30 David Shaw <dshaw@jabberwocky.com>
1871 * trustdb.c (check_regexp): Modern regexps require REG_EXTENDED.
1873 2002-10-29 David Shaw <dshaw@jabberwocky.com>
1875 * packet.h, trustdb.h, trustdb.c (trust_string): New. Return a
1876 string like "fully trusted", "marginally trusted", etc.
1877 (get_min_ownertrust): New. Return minimum ownertrust.
1878 (update_min_ownertrust): New. Set minimum ownertrust.
1879 (check_regexp): New. Check a regular epression against a user ID.
1880 (ask_ownertrust): Allow specifying a minimum value.
1881 (get_ownertrust_info): Follow the minimum ownertrust when
1883 (clear_validity): Remove minimum ownertrust when a key becomes
1885 (release_key_items): Release regexp along with the rest of the
1887 (validate_one_keyblock, validate_keys): Build a trust sig chain
1888 while validating. Call check_regexp for regexps. Use the minimum
1889 ownertrust if the user does not specify a genuine ownertrust.
1891 * pkclist.c (do_edit_ownertrust): Only allow user to select a
1892 trust level greater than the minimum value.
1894 * parse-packet.c (can_handle_critical): Can handle critical trust
1895 and regexp subpackets.
1897 * trustdb.h, trustdb.c (clear_ownertrusts), delkey.c
1898 (do_delete_key), import.c (import_one): Rename clear_ownertrust to
1899 clear_ownertrusts and have it clear the min_ownertrust value as
1902 * keylist.c (list_keyblock_print): Indent uid to match pub and
1905 * keyedit.c (print_and_check_one_sig, show_key_and_fingerprint,
1906 menu_addrevoker), keylist.c (list_keyblock_print,
1907 print_fingerprint): Show "T" or the trust depth for trust
1908 signatures, and add spaces to some strings to make room for it.
1910 * packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
1911 parse_signature): Parse trust signature values.
1913 * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record):
1914 Reserve a byte for the minimum ownertrust value (for use with
1917 2002-10-29 Stefan Bellon <sbellon@sbellon.de>
1919 * build-packet.c (calc_plaintext, do_plaintext): Removed RISC OS
1920 specific filetype parts (it's now done in make_basename()).
1922 * plaintext.c (handle_plaintext): Tidied up RISC OS specific
1925 * encode.c (encode_simple, encode_crypt): Added argument to
1926 make_basename() call.
1928 * sign.c (write_plaintext_packet): Added argument to
1929 make_basename() call.
1931 2002-10-28 Stefan Bellon <sbellon@sbellon.de>
1933 * build-packet.c (calc_plaintext, do_plaintext): Added filetype
1934 handling for RISC OS' file types.
1936 * plaintext.c (handle_plaintext) [__riscos__]: Added filetype
1937 handling for RISC OS' file types.
1939 2002-10-23 David Shaw <dshaw@jabberwocky.com>
1941 * main.h, import.c (sec_to_pub_keyblock, import_secret_one,
1942 parse_import_options), g10.c (main): New import-option
1943 "convert-sk-to-pk" to convert a secret key into a public key
1944 during import. It is on by default.
1946 2002-10-23 Werner Koch <wk@gnupg.org>
1948 * pubkey-enc.c (get_it): Fix segv, test for revoked only when PK
1951 2002-10-18 Timo Schulz <ts@winpt.org>
1953 * keylist.c: (print_pubkey_info): New.
1954 (print_seckey_info): New.
1955 * main.h: Prototypes for the new functions.
1956 * delkey.c (do_delete_key): Use it here.
1957 * revoke.c (gen_desig_revoke): Ditto.
1959 2002-10-17 Werner Koch <wk@gnupg.org>
1961 * pkclist.c (do_edit_ownertrust): Show all user IDs. This should
1962 be enhanced to also show the current trust level. Suggested by
1965 2002-10-17 David Shaw <dshaw@jabberwocky.com>
1967 * g10.c (main): Handle --strict and --no-strict from the command
1968 line before the options file is loaded.
1970 2002-10-15 David Shaw <dshaw@jabberwocky.com>
1972 * g10.c (main): Disable --textmode when encrypting (symmetric or
1973 pk) in --pgp2 mode as PGP 2 can't handle the unknown length
1974 literal packet. Reported by Michael Richardson.
1976 2002-10-14 David Shaw <dshaw@jabberwocky.com>
1978 * keyserver-internal.h, keyserver.c (print_keyrec, parse_keyrec,
1979 show_prompt, keyserver_search_prompt, keyserver_spawn): Go to
1980 version 1 of the keyserver protocol. This is a better design,
1981 similar to --with-colons, that allows for keys with multiple user
1982 IDs rather than using multiple keys. It also matches the machine
1983 readable pksd format. Also use a prettier --search-keys listing
1984 format that can fill different size windows (currently set at 24
1987 2002-10-12 Werner Koch <wk@gnupg.org>
1989 * keygen.c (print_status_key_created): New.
1990 (do_generate_keypair): Use it to print the fingerprint.
1991 (generate_subkeypair): Likewise.
1993 2002-10-11 David Shaw <dshaw@jabberwocky.com>
1995 * keyedit.c (menu_addrevoker): Properly back out if the signature
1996 fails. Also, do not allow appointing the same revoker twice, and
1997 report ALREADY_SIGNED if the user tries it.
1999 2002-10-07 David Shaw <dshaw@jabberwocky.com>
2001 * import.c (import_keys_internal): Missed one s/inp/inp2/.
2003 * keylist.c (print_capabilities): Properly indicate per-key
2004 capabilities of sign&encrypt primary keys that have
2005 secret-parts-missing (i.e. no capabilities at all)
2007 * mainproc.c (symkey_decrypt_sesskey): Fix compiler warning.
2009 2002-10-04 David Shaw <dshaw@jabberwocky.com>
2011 * getkey.c (get_pubkey_direct): Don't cache keys retrieved via
2012 this function as they may not have all their fields filled in.
2014 * sig-check.c (signature_check2): Use new is_primary flag to check
2015 rather than comparing main_keyid with keyid as this still works in
2016 the case of a not fully filled in pk.
2018 2002-10-04 Werner Koch <wk@gnupg.org>
2020 * import.c (import_keys_internal): s/inp/inp2/ to avoid shadowing
2023 * passphrase.c (agent_get_passphrase): Fixed signed/unsigned char
2024 problem in %-escaping. Noted by Ingo Klöcker.
2026 2002-10-03 David Shaw <dshaw@jabberwocky.com>
2028 * options.h, g10.c (main): Add --strict and --no-strict to switch
2029 the log_warning severity level from info to error.
2031 * keylist.c (print_capabilities): Secret-parts-missing keys should
2032 show that fact in the capabilities, and only primary signing keys
2033 can certify other keys.
2035 * packet.h, parse_packet.c (parse_key): Add is_primary flag for
2036 public keys (it already exists for secret keys).
2038 2002-10-02 David Shaw <dshaw@jabberwocky.com>
2040 * import.c (import_secret_one): Check for an illegal (>110)
2041 protection cipher when importing a secret key.
2043 * keylist.c (list_keyblock_print): Show a '#' for a
2044 secret-parts-missing key.
2046 * parse_packet.c (parse_key): Some comments.
2048 * revoke.c (gen_revoke): Remove some debugging code.
2050 * trustdb.c (verify_own_keys): Make trusted-key a non-deprecated
2053 * seckey-cert.c (do_check): Don't give the IDEA warning unless the
2054 cipher in question is in fact IDEA.
2056 2002-10-01 David Shaw <dshaw@jabberwocky.com>
2058 * import.c (import_one): Make sure that a newly imported key
2059 starts with a clean ownertrust.
2061 2002-10-01 Werner Koch <wk@gnupg.org>
2063 * getkey.c (get_pubkey_direct): New.
2064 (merge_selfsigs_main): Use it here to look for an ultimately
2065 trusted key. Using the full get_pubkey might lead to an
2066 infinitive recursion.
2068 2002-09-29 David Shaw <dshaw@jabberwocky.com>
2070 * keyserver.c (parse_keyserver_uri): Force the keyserver URI
2071 scheme to lowercase to be case-insensitive.
2073 2002-09-28 David Shaw <dshaw@jabberwocky.com>
2075 * export.c (do_export_stream): Comment.
2077 * sig-check.c (check_key_signature2): Properly handle a
2078 non-designated revocation import.
2080 2002-09-26 Werner Koch <wk@gnupg.org>
2082 * g10.c (set_homedir): New. Changed all direct assignments to use
2084 * gpgv.c (set_homedir): Ditto.
2086 2002-09-25 David Shaw <dshaw@jabberwocky.com>
2088 * Makefile.am: Link gpg with EGDLIBS (i.e. NETLIBS) as EGD uses
2089 sockets. Remove the old NETLIBS variable since the keyserver
2090 stuff is no longer internal.
2092 2002-09-24 David Shaw <dshaw@jabberwocky.com>
2094 * import.c (import_keys_stream): Fix compiler type warning.
2096 * keyring.c (keyring_rebuild_cache), sig-check.c
2097 (check_key_signature2), import.c (import, chk_self_sigs): Minor
2100 2002-09-23 Stefan Bellon <sbellon@sbellon.de>
2102 * main.h: Introduced fast-import as import option. Removed
2103 fast as separate option from prototypes.
2104 * import.c (parse_import_options): Added fast-import option.
2105 (import_*): Removed fast as separate option.
2106 * g10.c (main): Added option fast-import, removed old fast
2107 as separate argument.
2108 * keyserver.c (keyserver_spawn): Removed old fast as separate
2111 2002-09-22 Stefan Bellon <sbellon@sbellon.de>
2113 * import.c (import_keys, import_keys_stream,
2114 import_keys_internal): Added trustdb update/check to key import if
2115 not fast-import and interactive set/no-auto-check-trustdb unset.
2116 Avoided function clone by introducing import_keys_internal.
2118 2002-09-19 David Shaw <dshaw@jabberwocky.com>
2120 * keyserver.c (keyserver_spawn): Properly handle line truncation.
2121 Don't leak memory (~10-20 bytes) on searches.
2122 (keyserver_search_prompt): Cleanup.
2124 * keylist.c (list_keyblock_colon): Show 1F direct key signatures
2125 in --with-colons listing.
2127 2002-09-16 David Shaw <dshaw@jabberwocky.com>
2129 * keyedit.c (menu_addrevoker): The direct key signature for
2130 revocation keys must be at least v4 to carry the revocation key
2131 subpacket. Add a PGP 2.x warning for revocation keys.
2133 2002-09-14 David Shaw <dshaw@jabberwocky.com>
2135 * g10.c (check_permissions): Rearrange strings to make translating
2136 easier (don't incorporate string parts).
2138 * keyedit.c (sign_uids): Make strings translatable.
2140 * sig-check.c (check_key_signature2): Make string translatable.
2142 2002-09-13 David Shaw <dshaw@jabberwocky.com>
2144 * getkey.c (check_revocation_keys): Move....
2145 * main.h, sig-check.c (check_revocation_keys): to here. Also
2146 return the signature_check error code rather than 0/1 and cache
2149 * sig-check.c (check_key_signature2): Divert to
2150 check_revocation_keys if a revocation sig is made by someone other
2153 * getkey.c (merge_selfsigs_main): Tidy.
2155 2002-09-13 Werner Koch <wk@gnupg.org>
2157 * g10.c (main) [__MINGW32__]: Activate oLoadExtension.
2159 2002-09-12 David Shaw <dshaw@jabberwocky.com>
2161 * Makefile.am, hkp.c, hkp.h, keyserver.c (keyserver_work): Remove
2162 internal HKP support.
2164 * keyserver.c (keyserver_spawn): Remove whitespace after keyserver
2167 2002-09-10 David Shaw <dshaw@jabberwocky.com>
2169 * exec.c (expand_args): Remove loop left over from earlier
2171 (exec_write): Missed one tick.
2173 2002-09-10 Werner Koch <wk@gnupg.org>
2175 * g10.c, options.h: Removed option --emulate-checksum-bug.
2176 * misc.c (checksum_u16_nobug): Removed.
2177 (checksum_u16): Removed the bug emulation.
2178 (checksum_mpi): Ditto.
2179 (checksum_mpi_counted_nbits): Removed and replaced all calls
2182 * parse-packet.c (read_protected_v3_mpi): New.
2183 (parse_key): Use it here to store it as an opaque MPI.
2184 * seckey-cert.c (do_check): Changed the v3 unprotection to the new
2185 why to store these keys.
2186 (protect_secret_key): Likewise.
2187 * build-packet.c (do_secret_key): And changed the writing.
2189 * tdbio.c (tdbio_set_dbname, open_db): Use new macro MY_O_BINARY
2190 to avoid silly ifdefs.
2191 (open_db): Fallback to RDONLY so that gpg may be used from a
2194 * encode.c (encode_simple): Make sure we don't use an ESK packet
2195 when we don't have a salt in the S2K.
2197 * misc.c (pct_expando) <case f>: Make sure that LEN is initialized.
2199 * exec.c (exec_finish): Use ticks to denote filenames in messages.
2200 (make_tempdir, exec_write): Changed format of messages.
2202 * keyserver.c (print_keyinfo): Release USERID in on error.
2203 (keyserver_work) [!DISABLE_KEYSERVER_HELPERS]: Exclude the unused
2206 2002-09-09 Werner Koch <wk@gnupg.org>
2208 * parse-packet.c (make_attribute_uidname): Add new ar MAX_NAMELEN
2209 for sanity checks. Changed both callers. Limit the size of an %s.
2211 * options.skel: Comment lock-once out, so that this file does not
2212 change anything when copied to a new home directory.
2213 * openfile.c (try_make_homedir): Don't exit after copying the
2216 * options.h: Don't use a comma when declaring variables over more
2219 * mainproc.c (symkey_decrypt_sesskey): Check length of the session
2222 * hkp.c (dehtmlize): Use ascii_tolower to protect against weird
2223 locales. Cast the argument for isspace for the sake of broken
2225 (parse_hkp_index): s/ascii_memcasecmp/ascii_strncasecmp/.
2227 * g10.c: Removed option --emulate-3des-s2k-bug.
2229 * passphrase.c (hash_passphrase): Was used here.
2231 * export.c (parse_export_options)
2232 * keyserver.c (parse_keyserver_options)
2233 * import.c (parse_import_options)
2234 * g10.c (check_permissions): s/ascii_memcasecmp/ascii_strncasecmp/.
2236 2002-09-09 David Shaw <dshaw@jabberwocky.com>
2238 * g10.c (add_group): Use '=' to separate group name from group
2239 members. Use a better error message for when no = is found.
2241 * hkp.c (hkp_export): Use CRLF in headers.
2243 2002-09-03 David Shaw <dshaw@jabberwocky.com>
2245 * mainproc.c (print_pkenc_list): Don't increment the error counter
2246 when printing the list of keys a message was encrypted to. This
2247 would make gpg give a non-zero exit code even for completely valid
2248 messages if the message was encrypted to more than one key that
2251 2002-09-02 Werner Koch <wk@gnupg.org>
2253 * g10.c (main): Try to set a default character set. Print the
2254 used one in verbosity level 3.
2255 * gpgv.c (main): Try to set a default character set.
2257 * status.c, status.h (STATUS_IMPORT_OK): New.
2258 * import.c (import_one,import_secret_one): Print new status.
2260 2002-08-30 David Shaw <dshaw@jabberwocky.com>
2262 * pkclist.c (build_pk_list): Add new status code to indicate an
2263 untrusted user. This (or a disabled key) fail with "unavailable
2264 pubkey" (G10ERR_UNU_PUBKEY).
2266 * pkclist.c (build_pk_list): Fail if any recipient keys are
2269 * options.skel: The PGP LDAP keyserver is back. Use MIT keyserver
2270 as a sample rather than cryptnet as cryptnet does not support
2273 * keyedit.c (show_key_with_all_names): Fix error message
2274 (preferences are userid/selfsig and not key specific).
2276 2002-08-30 Werner Koch <wk@gnupg.org>
2278 * pkclist.c (do_we_trust_pre): Changed the wording of a warning.
2280 * encode.c (encode_simple,encode_crypt): Use new style CTB for
2281 compressssed packets when using MDC. We need to do this so that
2282 concatenated messages are properly decrypted. Old style
2283 compression assumes that it is the last packet; given that we
2284 can't determine the length in advance, the uncompressor does not
2285 know where to start. Actually we should use the new CTB always
2286 but this would break PGP 2 compatibility.
2288 * parse-packet.c (parse): Special treatment for new style CTB
2291 * build-packet.c (do_mdc): Removed. Was not used.
2292 (do_encrypted_mdc): Count in the version number and the MDC packet.
2294 2002-08-28 David Shaw <dshaw@jabberwocky.com>
2296 * sig-check.c (do_check_messages, do_check): Show keyid in error
2299 * keyserver.c (print_keyinfo): More readable key listings for
2300 --search-keys responses.
2302 2002-08-26 David Shaw <dshaw@jabberwocky.com>
2304 * hkp.c (parse_hkp_index, dehtmlize): Move HTML functionality into
2305 new "dehtmlize" function. Remove HTML before trying to parse each
2306 line from the keyserver. If the keyserver provides key type
2307 information in the listing, use it.
2309 2002-08-23 David Shaw <dshaw@jabberwocky.com>
2311 * sig-check.c (do_check, do_check_messages): Emit the usual sig
2312 warnings even for cached sigs. This also serves to protect
2313 against missing a sig expiring while cached.
2315 * getkey.c (merge_selfsigs_main): Don't check UID self-sigs twice.
2317 2002-08-22 David Shaw <dshaw@jabberwocky.com>
2319 * import.c (clean_subkeys, chk_self_sigs): Merge clean_subkeys
2320 into chk_self_sigs. This improves efficiency as the same
2321 signatures are not checked multiple times. Clarify when a subkey
2322 is revoked (any revocation signature, even if it is dated before
2323 the binding signature).
2325 * getkey.c (merge_selfsigs_subkey): Subkey revocation comments.
2327 * keylist.c (list_one): Stats are only for public key listings.
2329 * g10.c (main), options.skel: Default should be include-revoked
2330 for keyserver operations.
2332 2002-08-21 Werner Koch <wk@gnupg.org>
2334 * import.c (import_print_stats): Print new non_imported counter
2335 which is currently not used because we terminate on errors.
2337 2002-08-20 David Shaw <dshaw@jabberwocky.com>
2339 * options.skel: Document no-include-attributes for
2342 * keylist.c, keyedit.c, keyserver.c, sign.c: Some TODOs and
2345 * export.c (do_export_stream): Fix noop bug in exporting sensitive
2348 * pkclist.c (do_edit_ownertrust): Comment out the option for
2349 showing trust paths until it can be implemented.
2351 2002-08-19 Werner Koch <wk@gnupg.org>
2353 * getkey.c (get_user_id_native): Renamed to ..
2354 (get_user_id_printable): this. Filter out all dangerous
2355 characters. Checked all usages.
2356 (get_user_id_string_native): Renamed to..
2357 (get_user_id_string_printable): this. Filter out all dangerous
2358 characters. Checked all usages.
2359 * keyedit.c (show_basic_key_info): New.
2360 * keylist.c (print_fingerprint): New mode 3.
2361 * import.c (import_one): Use new function to display the user ID.
2363 2002-08-16 Timo Schulz <ts@winpt.org>
2365 * g10.c (main): Enable opt.interactive.
2367 * import.c (import_one): Ask the user if the key shall be
2368 imported when the interactive mode is used. Useful to extract
2369 selected keys from a file.
2371 2002-08-16 Werner Koch <wk@gnupg.org>
2373 * seckey-cert.c: Workaround to allow decryption of v3 keys created
2374 with a bug in the mpi_get_secure_buffer.
2376 2002-08-14 David Shaw <dshaw@jabberwocky.com>
2378 * hkp.c (parse_hkp_index): Properly handle really large keys
2379 (5 digit key length) in HKP searches.
2381 2002-08-13 David Shaw <dshaw@jabberwocky.com>
2383 * encode.c (encode_simple): Fix problem with using compression
2384 algo 2 and symmetric compressed files.
2386 * encode.c (encode_simple, encode_crypt): If we are not using a
2387 MDC, compress even if a file is already compressed. This is to
2388 help against the chosen ciphertext attack.
2390 * pkclist.c (select_algo_from_prefs): Fix requested algorithm bug
2391 so the request succeeds even if the requested algorithm is not the
2394 * cipher.c (write_header), encode.c (use_mdc, encode_simple,
2395 encode_crypt, encrypt_filter), g10.c (main): Be more eager to use
2396 a MDC. We use a MDC if the keys directly support it, if the keys
2397 list AES (any) or TWOFISH anywhere in the prefs, or if the cipher
2398 chosen does not have a 64 bit blocksize.
2400 2002-08-08 David Shaw <dshaw@jabberwocky.com>
2402 * options.skel: Some language tweaks, and remove the
2403 load-extension section for random gatherers.
2405 * keyring.c (create_tmp_file, rename_tmp_file): Create tmp files
2406 with user-only permissions, but restore the original permissions
2407 if the user has something special set.
2409 * openfile.c (copy_options_file): Create new options file
2410 (gpg.conf) with user-only permissions.
2412 * keydb.c (keydb_add_resource): Create new keyrings with user-only
2415 * tdbio.c (tdbio_set_dbname): Create new trustdbs with user-only
2418 2002-08-07 David Shaw <dshaw@jabberwocky.com>
2420 * sig-check.c (signature_check2): Sanity check that the md has a
2421 context for the hash that the sig is expecting. This can happen
2422 if a onepass sig header does not match the actual sig, and also if
2423 the clearsign "Hash:" header is missing or does not match the
2426 * keyedit.c (menu_revsig): Properly show a uid is revoked without
2427 restarting gpg. This is Debian bug 124219, though their supplied
2428 patch will not do the right thing.
2430 * main.h, tdbio.c (tdbio_set_dbname), misc.c (removed
2431 check_permissions), keydb.c (keydb_add_resource), g10.c (main,
2432 check_permissions): Significant reworking of the permission check
2433 mechanism. The new behavior is to check everything in the homedir
2434 by checking the homedir itself. If the user wants to put
2435 (possibly shared) keyrings outside the homedir, they are not
2436 checked. The options file and any extension files are checked
2437 wherever they are, as well as their enclosing directories. This
2438 is Debian bug 147760.
2440 2002-08-06 Stefan Bellon <sbellon@sbellon.de>
2442 * g10.c (main): Use of EXTSEP_S in new gpg.conf string.
2443 * openfile.c (copy_options_file): Ditto.
2445 2002-08-06 David Shaw <dshaw@jabberwocky.com>
2447 * options.h, g10.c (main), mainproc.c (proc_encrypted):
2448 --ignore-mdc-error option to turn a MDC check error into a
2451 * encode.c (encode_crypt), g10.c (main), sign.c (sign_file,
2452 clearsign_file): Use the same --pgpX warning string everywhere to
2455 * encode.c (write_pubkey_enc_from_list): Warn when using
2456 --throw-keyid with --pgpX. Noted by Vedaal Nistar.
2458 * revoke.c (export_minimal_pk, gen_desig_revoke, gen_revoke):
2459 Export a minimal pk along with the revocation cert when in --pgpX
2460 mode so that PGP can import it.
2462 2002-08-06 Werner Koch <wk@gnupg.org>
2464 * options.skel: Changed comments.
2466 * g10.c (main): Try to use "gpg.conf" as default option file.
2467 * openfile.c (copy_options_file): Changed name of created file.
2469 2002-08-02 Werner Koch <wk@gnupg.org>
2471 * Makefile.am (LDFLAGS): Removed DYNLINK_LDFLAGS.
2473 2002-07-30 David Shaw <dshaw@jabberwocky.com>
2475 * options.h, g10.c (main), mainproc.c (proc_encrypted): Return a
2476 decryption failed error if a MDC does not verify. Warn if a MDC
2477 is not present (can disable via --no-mdc-warning).
2479 * exec.c (exec_write), g10.c (main), keyserver.c
2480 (keyserver_spawn): Use new DISABLE_KEYSERVER_PATH rather than
2483 2002-07-28 David Shaw <dshaw@jabberwocky.com>
2485 * sig-check.c (do_check): Properly validate v4 sigs with no hashed
2488 2002-07-25 Werner Koch <wk@gnupg.org>
2490 * delkey.c (do_delete_key): Always allow to delete a key in batch mode
2491 when specified by fingerprint. Suggested by Enzo Michelangeli.
2493 2002-07-25 David Shaw <dshaw@jabberwocky.com>
2495 * keyedit.c (menu_revsig): Change "revsig" to honor selected uids
2496 so the user can revoke sigs from particular uids only.
2498 * keylist.c (list_keyblock_print): Don't display expired uids in
2499 --list-keys unless -v and not --list-sigs (just like revoked
2502 * exec.c, export.c, import.c, keyedit.c, keyserver.c, misc.c:
2503 "Warning" -> "WARNING"
2505 2002-07-24 David Shaw <dshaw@jabberwocky.com>
2507 * main.h, import.c (parse_import_options, fix_hkp_corruption,
2508 import_one, delete_inv_parts), g10.c (main): New import-option
2509 "repair-hkp-subkey-bug", which repairs as much as possible the HKP
2510 mangling multiple subkeys bug. It is on by default for keyserver
2511 receives, and off by default for regular --import.
2513 * main.h, import.c (import, import_one, delete_inv_parts), hkp.c
2514 (hkp_ask_import), keyserver.c (keyserver_spawn): Use keyserver
2515 import options when doing keyserver receives.
2517 * options.h, exec.h, exec.c (set_exec_path, exec_write), g10.c
2518 (main), keyserver.c (keyserver_spawn): If the user does not use
2519 "exec-path", completely replace $PATH with GNUPG_LIBEXECDIR before
2520 calling the keyserver helper. If the user does use "exec-path",
2521 append GNUPG_LIBEXECDIR after the specified path.
2523 2002-07-23 David Shaw <dshaw@jabberwocky.com>
2525 * import.c (parse_import_options), export.c
2526 (parse_export_options): Fix offset problem with reversed ("no-")
2529 * import.c (delete_inv_parts): Discard subkey signatures (0x18 and
2530 0x28) if found in the userid section of the key.
2532 * sig-check.c (signature_check2): Signatures made by invalid
2533 subkeys (bad/missing binding sig) are also invalid.
2535 * keylist.c (print_fingerprint): Show the primary as well as the
2536 secondary key fingerprint in modes 1 & 2.
2538 2002-07-22 David Shaw <dshaw@jabberwocky.com>
2540 * options.h, main.h, g10.c (main), import.c
2541 (parse_import_options, delete_inv_parts), keyserver.c
2542 (parse_keyserver_options): add new --import-options option. The
2543 only current flag is "allow-local-sigs".
2545 * g10.c (main): Don't disable MDC in pgp7 mode.
2547 * options.h, g10.c (main), keyserver.c (parse_keyserver_options):
2548 Remove old keyserver-option include-attributes now that there is
2549 an export-option for the same thing.
2551 * options.h, main.h, export.c (parse_export_options,
2552 do_export_stream), g10.c (main): add new --export-options option.
2553 Current flags are "include-non-rfc", "include-local-sigs",
2554 "include-attributes", and "include-sensitive-revkeys".
2556 * options.h, hkp.c (hkp_export), keyserver.c
2557 (parse_keyserver_options, keyserver_spawn): try passing unknown
2558 keyserver options to export options, and if successful, use them
2559 when doing a keyserver --send-key.
2561 * build-packet.c (build_sig_subpkt): We do not generate
2562 SIGSUBPKT_PRIV_VERIFY_CACHE anymore.
2564 * revoke.c (gen_desig_revoke): Lots more comments about including
2565 sensitive revkeys along with the revocation sig itself.
2567 * keyserver.c (parse_keyserver_options): Simpler implementation
2568 that can skip one pass over the options.
2570 2002-07-18 David Shaw <dshaw@jabberwocky.com>
2572 * keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying
2573 "sensitive" as an argument to an addrevoker command. This sets
2574 the 0x40 sensitive revoker flag.
2576 * revoke.c (gen_desig_revoke): When generating a designated
2577 revocation, include the direct key sig that contains the
2578 designated revoker subpacket. This allows sensitive designated
2579 revocation subpackets to be exported. Also indicate which
2580 revokers are sensitive in the first place.
2582 2002-07-17 David Shaw <dshaw@jabberwocky.com>
2584 * keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in
2585 a designated revoker means "sensitive", not "local". It's
2586 exportable under the right circumstances.
2588 * main.h, options.h, export.c (do_export_stream), g10.c (main),
2589 hkp.c (hkp_export), keyserver.c (keyserver_spawn: Add a flag to
2590 skip attribute packets and their signatures while exporting. This
2591 is to accomodate keyservers (pksd again) that choke on attributes.
2592 Use keyserver-option "include-attributes" to control it. This
2593 defaults to ON (i.e. don't skip).
2595 2002-07-09 David Shaw <dshaw@jabberwocky.com>
2597 * options.h, keyserver.c (parse_keyserver_uri, keyserver_spawn,
2598 keyserver_work), hkp.c (hkp_ask_import, hkp_export, hkp_search):
2599 Use a much more strict reading of RFC-2396 for the keyserver URIs.
2600 Specifically, don't try and be smart about checking the value of
2601 ":port" so long as it is all digits, and properly handle opaque
2602 data (those scheme specific parts that do not start with "//").
2604 2002-07-04 David Shaw <dshaw@jabberwocky.com>
2606 * photoid.c (get_default_photo_command, show_photos): Honor
2607 FIXED_PHOTO_VIEWER and DISABLE_PHOTO_VIEWER.
2609 * mainproc.c (check_sig_and_print): Use --show-photos to show
2610 photos when verifying a sig made by a key with a photo.
2612 * keyserver.c (parse_keyserver_uri): Properly parse a URI with no
2613 :port section and an empty file path, but with a terminating '/'.
2614 (keyserver_work): Honor DISABLE_KEYSERVER_HELPERS.
2616 * hkp.c (hkp_ask_import): Display keyserver URI as a URI, but only
2619 * exec.c, g10.c: USE_EXEC_PATH -> FIXED_EXEC_PATH
2621 2002-07-03 David Shaw <dshaw@jabberwocky.com>
2623 * exec.h, exec.c (set_exec_path, exec_write), g10.c (main): If
2624 USE_EXEC_PATH is defined at compile time, use it to lock the
2625 exec-path and not allow the user to change it.
2627 2002-07-02 David Shaw <dshaw@jabberwocky.com>
2629 * options.h, g10.c (main), keyserver.c (keyserver_refresh):
2630 Maintain and use the original keyserver URI for cosmetics rather
2631 than trying to recreate it when needed.
2633 * mainproc.c (check_sig_and_print): Properly disregard expired
2634 uids. Make sure that the first uid listed is a real uid and not
2635 an attribute (attributes should only be listed in the "aka"
2636 section). When there are no valid textual userids, try for an
2637 invalid textual userid before using any attribute uid.
2639 2002-07-01 David Shaw <dshaw@jabberwocky.com>
2641 * options.skel: Fix a few typos, clarify "group", and remove
2642 sample photo viewers for Win32 since they are the defaults now.
2644 * parse-packet.c (make_attribute_uidname), keylist.c
2645 (dump_attribs): Fix two typecast warnings.
2647 * packet.h, build-packet.c (build_attribute_subpkt), exec.c
2648 (expand_args), mkdtemp.c (mkdtemp), photoid.c
2649 (parse_image_header): Fix some signedness compiler warnings.
2651 2002-07-01 Werner Koch <wk@gnupg.org>
2653 * photoid.c (get_default_photo_command): Also use __MINGW32__
2654 instead of HAVE_DOSISH_SYSTEM.
2656 * encode.c (encode_symmetric): Do not use the new encryption code.
2658 2002-06-30 Werner Koch <wk@gnupg.org>
2660 * photoid.c: Use __MINGW32__ to include windows because
2661 HAVE_DOSISH_SYSTEM is also set for OS/2 and plain DOS. Provide
2662 constant missing in older mingw installations.
2664 2002-06-21 Stefan Bellon <sbellon@sbellon.de>
2666 * g10.c [__riscos__]: Moved RISC OS specific stuff to util/riscos.c
2669 * gpgv.c [__riscos__]: Likewise.
2671 2002-06-20 David Shaw <dshaw@jabberwocky.com>
2673 * keydb.h, pkclist.c (select_algo_from_prefs): Allow passing a
2674 suggested algorithm which will be used if available.
2676 * encode.c (encode_crypt, encrypt_filter), sign.c (sign_file): Use
2677 new select_algo_from_prefs feature to check if forcing an
2678 algorithm would violate the recipient preferences.
2680 * photoid.c (get_default_photo_command, show_photos): Use
2681 different default viewers on different platforms. Currently we
2682 have Win 9x, Win NT (2k, xp), Mac OSX, RISC OS, and "everybody
2683 else". These are #ifdefs as much as possible to avoid clutter.
2685 * g10.c (strusage, build_list), keyedit.c (show_prefs), main.h,
2686 misc.c (compress_algo_to_string, check_compress_algo), pkclist.c
2687 (algo_available), keygen.c (keygen_set_std_prefs): New
2688 algo_to_string and check functions for compress algorithms.
2690 2002-06-20 Werner Koch <wk@gnupg.org>
2692 * misc.c (setsysinfo): Removed a #warning for Alpha's uniligedn
2693 trap disabling - it is quite possible that this is a debug relict.
2695 2002-06-20 Stefan Bellon <sbellon@sbellon.de>
2697 * g10.c [__riscos__]: Added image file system feature.
2699 * gpgv.c [__riscos__]: Added image file system feature.
2701 * photoid.c (show_photos) [__riscos__]: Set RISC OS filetype of
2702 photo id according to MIME type.
2704 2002-06-19 David Shaw <dshaw@jabberwocky.com>
2706 * hkp.c (parse_hkp_index): Don't leak memory when failing out of a
2709 * g10.c (add_notation_data): Relax slightly the rules as to what
2710 can go into a notation name - 2440 allows "@", for example.
2712 2002-06-17 David Shaw <dshaw@jabberwocky.com>
2714 * import.c (clean_subkeys, import_one): Only allow at most 1
2715 binding sig and at most 1 revocation sig on a subkey, as per
2718 * hkp.c (parse_hkp_index, hkp_search): Error if the keyserver
2719 returns an unparseable HKP response.
2721 2002-06-15 David Shaw <dshaw@jabberwocky.com>
2723 * keyedit.c (show_key_with_all_names), keylist.c
2724 (list_keyblock_print): Show "[expired]" before expired uids.
2726 * keyedit.c (show_key_with_all_names_colon), mainproc.c
2727 (list_node), keylist.c (list_keyblock_colon): Show flag 'e' for
2728 expired user ids. Use "uat" for user attribute packets instead of
2729 "uid". Also use '<count> <length>' rather than the fake user id
2730 string on attributes.
2732 * keygen.c (keygen_add_revkey): Remove unused code.
2734 * misc.c (check_permissions): Check directory permissions
2735 properly - they are not special files.
2737 * pkclist.c (expand_id, expand_group, build_pk_list): When
2738 expanding groups before building a pk list, inherit flags from the
2739 original pre-expanded string.
2741 * pubkey-enc.c (is_algo_in_prefs): Don't use prefs from expired
2744 2002-06-14 David Shaw <dshaw@jabberwocky.com>
2746 * free-packet.c (copy_signature): Properly copy a signature that
2747 carries a revocation key on it.
2749 * pkclist.c (expand_id, expand_group, build_pk_list): Groups now
2750 work properly when used in the "Enter the user ID" prompt.
2752 2002-06-14 David Shaw <dshaw@jabberwocky.com>
2754 * keyedit.c (show_key_with_all_names): Display warning if a user
2755 tries to show prefs on a v3 key with a v3 selfsig.
2757 * kbnode.c (dump_kbnode): Show if a uid is expired.
2759 * import.c (merge_blocks, import_revoke_cert): Show user ID
2760 receiving a revocation certificate.
2762 * free-packet.c (cmp_user_ids): Properly compare attribute ids.
2764 * pkclist.c (expand_groups): Maintain the strlist flags while
2765 expanding. Members of an expansion inherit their flags from the
2768 * options.h, cipher.c (write_header), g10.c (main), keygen.c
2769 (keygen_set_std_prefs): remove the personal_mdc flag. It no
2770 longer serves a purpose now that the personal preference lists are
2771 split into cipher/digest/zip.
2773 2002-06-14 Timo Schulz <ts@winpt.org>
2775 * skclist.c (is_insecure): Implemented.
2777 2002-06-12 David Shaw <dshaw@jabberwocky.com>
2779 * keyserver.c (keyserver_spawn): Properly handle PROGRAM responses
2780 when they have a CRLF ending. Noted by Keith Ray.
2782 * keyserver.c (keyserver_spawn): Handle CRLF endings from
2783 keyserver helpers. Also don't leak the last line worth of memory
2784 from the keyserver response.
2786 * main.h, misc.c (deprecated_warning): New function to warn about
2787 deprecated options and commands.
2789 * g10.c (main), keyserver-internal.h, keyserver.c
2790 (parse_keyserver_uri): Use new deprecated function to warn about
2791 honor-http-proxy, auto-key-retrieve, and x-broken-hkp.
2793 2002-06-11 David Shaw <dshaw@jabberwocky.com>
2795 * Makefile.am: link gpg with NETLIBS for the built-in HKP access.
2797 2002-06-10 David Shaw <dshaw@jabberwocky.com>
2799 * options.h, keyserver.c (keyserver_opts), g10.c (main): New
2800 keyserver option "include-subkeys". This feature already existed,
2801 but now can be turned off. It defaults to on.
2803 * options.h, keyserver.c (parse_keyserver_options,
2804 keyserver_spawn): There are now enough options to justify making a
2805 structure for the keyserver options rather than a page of
2806 if-then-else-if-then-etc.
2808 * getkey.c (merge_keys_and_selfsig, merge_selfsigs_main): Fix bug
2809 in calculating key expiration dates.
2811 2002-06-09 David Shaw <dshaw@jabberwocky.com>
2813 * keydb.h, getkey.c (get_user_id_native), import.c (import_one):
2814 Display user ID while importing a key. Note this applies to both
2815 --import and keyserver --recv-keys.
2817 * exec.c (exec_finish): Log unnatural exit (core dump, killed
2818 manually, etc) for fork/exec/pipe child processes.
2820 2002-06-08 Timo Schulz <ts@winpt.org>
2822 * encode.c (encode_symmetric): Disable the compat flag
2823 when the expert mode is enabled.
2825 2002-06-07 David Shaw <dshaw@jabberwocky.com>
2827 * options.skel, options.h, main.h, keydb.h, pkclist.c
2828 (build_pk_list, expand_groups), g10.c (main, add_group): Add new
2829 "group" command to allow one name to expand into multiple keys.
2830 For simplicity, and to avoid potential loops, we only expand once
2831 - you can't make an alias that points to an alias.
2833 * main.h, g10.c (main), keygen.c (build_personal_digest_list):
2834 Simplify the default digest list - there is really no need for the
2835 other hashes since they will never be used after SHA-1 in the
2838 * options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
2839 hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
2840 parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
2841 "x-broken-hkp" keyserver scheme into keyserver-option
2842 "broken-http-proxy". Move honor_http_proxy into
2843 keyserver_options. Canonicalize the three variations of "hkp",
2844 "x-hkp", and "x-broken-hkp" into "hkp".
2846 2002-06-07 Stefan Bellon <sbellon@sbellon.de>
2848 * g10.c [__riscos__]: Added --attribute-file to do the same as
2849 --attribute-fd, but with a filename not a fd as argument.
2850 Added magic symbol for RISC OS to use different memory management.
2852 * gpgv.c [__riscos__]: Added magic symbol for RISC OS to use
2853 different memory management.
2855 2002-06-06 David Shaw <dshaw@jabberwocky.com>
2857 * main.h, g10.c (main), keygen.c (build_personal_digest_list): Put
2858 in a default digest preference list consisting of SHA-1, followed
2859 by every other installed digest except MD5. Note this is the same
2860 as having no digest preference at all except for SHA-1 being
2863 * options.h, g10.c (main), keygen.c (keygen_set_std_prefs),
2864 pkclist.c (select_algo_from_prefs): Split
2865 --personal-preference-list into three:
2866 --personal-{cipher|digest|compress}-preferences. This allows a
2867 user to set one without affecting another (i.e. setting only a
2868 digest pref doesn't imply an empty cipher pref).
2870 * exec.c (exec_read): This is a safer way of guessing the return
2871 value of system(). Noted by Stefan Bellon.
2873 2002-06-05 David Shaw <dshaw@jabberwocky.com>
2875 * hkp.c (parse_hkp_index): Be more robust with keyservers
2876 returning very unparseable responses.
2878 * exec.c (exec_read): Catch and display an error when the remote
2879 process exits unnaturally (i.e. segfault) so the user knows what
2880 happened. Also fix exec_write stub which has a different number
2883 2002-06-05 Timo Schulz <ts@winpt.org>
2885 * encode.c (encode_simple): Ignore the new mode for RFC1991.
2886 * mainproc.c (symkey_decrypt_sesskey): Better check for weird
2889 2002-06-05 Timo Schulz <ts@winpt.org>
2891 * encode.c (encode_sesskey): New.
2892 (encode_simple): Use it here. But by default we use the compat
2893 mode which supress to generate encrypted session keys.
2895 2002-06-05 Timo Schulz <ts@winpt.org>
2897 * mainproc.c (symkey_decrypt_sesskey): New.
2898 (proc_symkey_enc): Support for encrypted session keys.
2900 2002-06-04 David Shaw <dshaw@jabberwocky.com>
2902 * sign.c (hash_for, sign_file): When encrypting and signing at the
2903 same time, consult the various hash prefs to pick a hash algorithm
2904 to use. Pass in a 160-bit hint if any of the signing keys are
2907 * keydb.h, pkclist.c (select_algo_from_prefs, algo_available):
2908 Pass a "hints" opaque pointer in to let the caller give hints as
2909 to what algorithms would be acceptable. The only current hint is
2910 for PREFTYPE_HASH to require a 160-bit hash for DSA. Change all
2911 callers in encode.c (encode_crypt, encrypt_filter) and sign.c
2912 (sign_file). If we settle on MD5 as the best algorithm based
2913 solely on recepient keys and SHA1 is also a possibility, use SHA1
2914 unless the user intentionally chose MD5. This is as per 2440:13.
2916 * exec.c (make_tempdir): Fix duplicated filename problem.
2918 2002-06-03 David Shaw <dshaw@jabberwocky.com>
2920 * packet.h, parse-packet.c (enum_sig_subpkt): Report back from
2921 enum_sig_subpkt when a subpacket is critical and change all
2922 callers in keylist.c (show_policy_url, show_notation), mainproc.c
2923 (print_notation_data), and pkclist.c (do_show_revocation_reason).
2925 * keylist.c (show_policy_url, show_notation): Display if the
2926 policy or notation is critical.
2928 2002-06-03 David Shaw <dshaw@jabberwocky.com>
2930 * main.h, g10.c (main), keylist.c (dump_attribs, set_attrib_fd,
2931 list_keyblock_print, list_keyblock_colon), status.h, status.c
2932 (get_status_string): New --attribute-fd feature to dump the
2933 contents of attribute subpackets for frontends. If --status-fd is
2934 also used, then a new status tag ATTRIBUTE is provided for each
2937 * packet.h, getkey.c (fixup_uidnode, merge_selfsigs_main,
2938 merge_selfsigs_subkey), parse-packet.c (setup_user_id): Keep track
2939 of the expiration time of a user ID, and while we're at it, use
2940 the expired flag from the selfsig rather than reparsing the
2941 SIG_EXPIRE subpacket.
2943 * photoid.c (generate_photo_id): When adding a new photo ID,
2944 showing the photo for confirmation is not safe when noninteractive
2945 since the "user" may not be able to dismiss a viewer window.
2946 Noted by Timo Schulz.
2948 2002-06-03 David Shaw <dshaw@jabberwocky.com>
2950 * options.skel: Sample photo viewers for Win32.
2952 * misc.c (pct_expando): Use the seckey for %k/%K if the pubkey is
2955 * photoid.h, photoid.c (show_photos): Include the seckey in case a
2956 user tries to view a photo on a secret key, and change all callers
2957 in keyedit.c (menu_showphoto), keylist.c (list_keyblock_print),
2958 and photoid.c (generate_photo_id).
2960 2002-06-02 David Shaw <dshaw@jabberwocky.com>
2962 * photoid.c (show_photos): Work properly when not called with a
2965 2002-05-31 David Shaw <dshaw@jabberwocky.com>
2967 * sign.c (mk_notation_and_policy): Free unneeded buffer.
2969 * hkp.c (parse_hkp_index): Properly handle the '&' character
2970 (i.e. "&") in HKP responses.
2972 * getkey.c (merge_selfsigs_main): Fix reversed expiration time
2973 check with self-sigs.
2975 * keyedit.c (sign_uids): When making a new self-sig on a v3 key,
2976 make a v3 self-sig unless it is currently a v3 self-sig being
2979 2002-05-31 Timo Schulz <ts@winpt.org>
2981 * pkclist.c (do_show_revocation_reason): Don't use capital
2982 letters for non-interactive output.
2983 (show_revocation_reason): Now it is global.
2984 * pubkey-enc.c (get_it): Show if the key has been revoked.
2986 2002-05-30 David Shaw <dshaw@jabberwocky.com>
2988 * sign.c (write_signature_packets, sign_file, clearsign_file,
2989 sign_symencrypt_file): Make a v4 signature if a policy URL or
2990 notation is set, unless v3 sigs are forced via rfc1991 or
2991 force-v3-sigs. Also remove some doubled code and clarify an error
2992 message (we don't sign in PGP2 mode - just detach-sign).
2994 * parse-packet.c (parse_one_sig_subpkt): Add KS_FLAGS to the "any
2997 2002-05-29 David Shaw <dshaw@jabberwocky.com>
2999 * keygen.c (keygen_set_std_prefs, add_feature_mdc): Use "mdc" and
3000 "no-mdc" in the prefs string to allow switching on and off the MDC
3001 feature. This is needed to properly export a key from GnuPG for
3002 use on PGP which does not support MDC - without this, MDC-capable
3003 implementations will still try and generate MDCs which will break
3006 * keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if
3009 * options.h, g10.c (main), cipher.c (write_header), keygen.c
3010 (keygen_set_std_prefs): For consistency, allow the user to specify
3011 mdc/no-mdc in the --personal-preference-list. If disabled, it
3012 acts just like --disable-mdc.
3014 2002-05-29 David Shaw <dshaw@jabberwocky.com>
3016 * options.h, exec.c: Add some debugging info, using the 1024 debug
3019 * exec.c (win_system): New system()-like function for win32 that
3020 does not return until the child process terminates. Of course,
3021 this doesn't help if the process itself exits before it is
3024 2002-05-29 Werner Koch <wk@gnupg.org>
3026 * encode.c (encode_simple): Intialize PKT when --no-literal is used.
3028 * keyedit.c (show_key_with_all_names_colon): Renamed the record
3029 for revocation keys to "rvk".
3031 2002-05-27 Werner Koch <wk@gnupg.org>
3033 * keyedit.c (show_key_with_all_names_colon): New.
3034 (show_key_with_all_names): Divert to new function when required.
3035 Sanitize printing of revoker name.
3037 2002-05-27 David Shaw <dshaw@jabberwocky.com>
3039 * build-packet.c (build_sig_subpkt): Handle setting sig flags for
3040 certain subpacket types (notation, policy url, exportable,
3041 revocable). keyedit.c (sign_mk_attrib): Flags no longer need to
3044 * packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c
3045 (build_sig_subpkt): Call parse_one_sig_subpkt to sanity check
3046 buffer lengths before building a sig subpacket.
3048 2002-05-26 David Shaw <dshaw@jabberwocky.com>
3050 * sign.c (mk_notation_and_policy): Include secret key to enable %s
3051 expandos, and pass notations through pct_expando as well.
3053 * main.h, misc.c (pct_expando): Add %s and %S expandos for
3056 2002-05-25 David Shaw <dshaw@jabberwocky.com>
3058 * g10.c (strusage, build_list): Add compress algorithms to
3059 --version list. Show algorithm numbers when --verbose --version
3062 2002-05-22 David Shaw <dshaw@jabberwocky.com>
3064 * options.h, main.h, keygen.c (keygen_set_set_prefs,
3065 keygen_get_std_prefs, keygen_upd_std_prefs), keyedit.c
3066 (keyedit_menu), g10.c (main), pkclist.c (select_algo_from_prefs):
3067 Add --personal-preference-list which allows the user to factor in
3068 their own preferred algorithms when the preference lists are
3069 consulted. Obviously, this does not let the user violate a
3070 recepient's preferences (and the RFC) - this only influences the
3071 ranking of the agreed-on (and available) algorithms from the
3072 recepients. Suggested by David Hollenberg.
3074 * options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
3075 --preference-list to --default-preference-list (as that is what it
3076 really is), and make it a true default in that if the user selects
3077 "default" they get this list and not the compiled-in list.
3079 2002-05-22 Werner Koch <wk@gnupg.org>
3081 * g10.c (main): Add missing LF in a info printout and made it
3082 translatable. Noted by Michael Tokarev.
3084 2002-05-21 Werner Koch <wk@gnupg.org>
3086 * g10.c (main): Removed the undef of USE_SHM_COPROCESSING which
3087 was erroneously introduced on 2002-01-09.
3089 * signal.c (got_fatal_signal): Don't write the Nul to stderr.
3090 Reported by David Hollenberg.
3092 2002-05-18 David Shaw <dshaw@jabberwocky.com>
3094 * main.h, g10.c (main), revoke.c (gen_desig_revoke): Generate a
3095 designated revocation via --desig-revoke
3097 * keyedit.c (keyedit_menu, menu_addrevoker): New "addrevoker"
3098 command to add a designated revoker to a key.
3100 2002-05-17 David Shaw <dshaw@jabberwocky.com>
3102 * gpgv.c: Add stub for get_ownertrust().
3104 * g10.c (main): --allow-freeform-uid should be implied by
3105 OpenPGP. Add --no-allow-freeform-uid.
3107 * keyedit.c (sign_uids): Issue a warning when signing a
3110 * getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
3111 allow-non-selfsigned-uid is not set, still try and make the key
3112 valid by checking all uids for a signature from an ultimately
3115 2002-05-16 David Shaw <dshaw@jabberwocky.com>
3117 * main.h, keygen.c (keygen_add_revkey): Add revocation key
3118 subpackets to a signature (callable by
3119 make_keysig_packet). (write_direct_sig): Write a 1F direct key
3120 signature. (parse_revocation_key): Parse a string in
3121 algo:fpr:sensitive format into a revocation
3122 key. (get_parameter_revkey, do_generate_keypair): Call above
3123 functions when prompted from a batch key generation file.
3125 * build-packet.c (build_sig_subpkt): Allow multiple revocation key
3126 subpackets in a single sig.
3128 * keydb.h, getkey.c (get_seckey_byfprint): Same as
3129 get_pubkey_byfprint, except for secret keys. We only know the
3130 fingerprint of a revocation key, so this is needed to retrieve the
3131 secret key needed to issue a revokation.
3133 * packet.h, parse-packet.c (parse_signature, parse_revkeys): Split
3134 revkey parsing off into a new function that can be used to reparse
3135 after manipulating the revkey list.
3137 * sign.c (make_keysig_packet): Ability to make 1F direct key
3140 2002-05-15 David Shaw <dshaw@jabberwocky.com>
3142 * options.skel: keyserver.pgp.com is gone, so list pgp.surfnet.nl
3143 as a sample LDAP server instead.
3145 * getkey.c (merge_selfsigs_main): Properly handle multiple
3146 revocation keys in a single packet. Properly handle revocation
3147 keys that are in out-of-order packets. Remove duplicates in
3148 revocation key list.
3150 2002-05-14 Timo Schulz <ts@winpt.org>
3152 * exec.c (make_tempdir) [MINGW32]: Added missing '\'.
3154 2002-05-14 Stefan Bellon <sbellon@sbellon.de>
3156 * exec.c (make_tempdir): Make use of EXTSEP_S instead of hardcoded
3157 dot as extension separator.
3159 2002-05-13 David Shaw <dshaw@jabberwocky.com>
3161 * photoid.c (show_photos): Use the long keyid as the filename for
3162 the photo. Use the short keyid as the filename on 8.3 systems.
3164 * exec.h, exec.c (make_tempdir, exec_write, exec_finish): Allow
3165 caller to specify filename. This should make things easier on
3166 windows and macs where the file extension is required, but a whole
3167 filename is even better.
3169 * keyedit.c (show_key_with_all_names, show_prefs): Show proper
3170 prefs for a v4 key uid with no selfsig at all.
3172 * misc.c (check_permissions): Don't check permissions on
3173 non-normal files (pipes, character devices, etc.)
3175 2002-05-11 Werner Koch <wk@gnupg.org>
3177 * mainproc.c (proc_symkey_enc): Avoid segv in case the parser
3178 encountered an invalid packet.
3180 * keyserver.c (keyserver_export): Get confirmation before sending
3183 2002-05-10 Stefan Bellon <sbellon@sbellon.de>
3185 * g10.c, hkp.c, keyedit.c, keyserver.c: Replaced all occurrances
3186 of strcasecmp with ascii_strcasecmp and all occurrances of
3187 strncasecmp with ascii_memcasecmp.
3189 2002-05-10 David Shaw <dshaw@jabberwocky.com>
3191 * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Show
3192 assumed prefs for hash and compression as well as the cipher pref.
3193 Show assumed prefs if there are no prefs at all on a v4
3196 * options.h, g10.c (main), sign.c (make_keysig_packet): New
3197 --cert-digest-algo function to override the default key signing
3200 2002-05-09 David Shaw <dshaw@jabberwocky.com>
3202 * getkey.c (merge_selfsigs_main): Make sure the revocation key
3203 list starts clean as this function may be called more than once
3204 (e.g. from functions in --edit).
3206 * g10.c, encode.c (encode_crypt), sign.c (sign_file,
3207 sign_symencrypt_file): Make --compress-algo work like the
3208 documentation says. It should be like --cipher-algo and
3209 --digest-algo in that it can override the preferences calculation
3210 and impose the setting the user wants. No --compress-algo setting
3211 allows the usual preferences calculation to take place.
3213 * main.h, compress.c (compress_filter): use new
3214 DEFAULT_COMPRESS_ALGO define, and add a sanity check for compress
3217 2002-05-08 David Shaw <dshaw@jabberwocky.com>
3219 * pkclist.c (select_algo_from_prefs): There is an assumed
3220 compression preference for uncompressed data.
3222 2002-05-07 David Shaw <dshaw@jabberwocky.com>
3224 * options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c
3225 (algo_available): --pgp7, identical to --pgp6 except that it
3226 permits a few algorithms that PGP 7 added: AES128, AES192, AES256,
3227 and TWOFISH. Any more of these --pgpX flags, and it'll be time to
3228 start looking at a generic --emulate-pgp X option.
3230 * export.c (do_export_stream): Warn the user when exporting a
3231 secret key if it or any of its secret subkeys are protected with
3232 SHA1 while simple_sk_checksum is set.
3234 * parse-packet.c (parse_key): Show when the SHA1 protection is
3235 used in --list-packets.
3237 * options.h, build-packet.c (do_comment), g10.c (main): Rename
3238 --no-comment as --sk-comments/--no-sk-comments (--no-comment still
3239 works) and make the default be --no-sk-comments.
3241 2002-05-07 Werner Koch <wk@gnupg.org>
3243 * keygen.c (get_parameter_algo): Never allow generation of the
3244 deprecated RSA-E or RSA-S flavors of PGP RSA.
3245 (ask_algo): Allow generation of RSA sign and encrypt in expert
3246 mode. Don't allow ElGamal S+E unless in expert mode.
3247 * helptext.c: Added entry keygen.algo.rsa_se.
3249 2002-05-07 David Shaw <dshaw@jabberwocky.com>
3251 * keyedit.c (sign_uids): If --expert is set, allow re-signing a
3252 uid to promote a v3 self-sig to a v4 one. This essentially
3253 deletes the old v3 self-sig and replaces it with a v4 one.
3255 * packet.h, parse-packet.c (parse_key), getkey.c
3256 (merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4
3257 self-sig must never let the v4 self-sig express a key expiration
3258 time that extends beyond the original v3 expiration time.
3260 2002-05-06 David Shaw <dshaw@jabberwocky.com>
3262 * keyedit.c (sign_uids): When making a self-signature via "sign"
3263 don't ask about sig level or expiration, and include the usual
3264 preferences and such for v4 self-sigs. (menu_set_preferences):
3265 Convert uids from UTF8 to native before printing.
3267 * keyedit.c (sign_uids): Convert uids from UTF8 to native before
3268 printing. (menu_set_primary_uid): Show error if the user tries to
3269 make a uid with a v3 self-sig primary.
3271 2002-05-05 David Shaw <dshaw@jabberwocky.com>
3273 * import.c (import_one): When merging with a key we already have,
3274 don't let a key conflict (same keyid but different key) stop the
3275 import: just skip the bad key and continue.
3277 * exec.c (make_tempdir): Under Win32, don't try environment
3278 variables for temp directories - GetTempDir tries environment
3279 variables internally, and it's better not to second-guess it in
3280 case MS adds some sort of temp dir handling to Windows at some
3283 2002-05-05 Timo Schulz <ts@winpt.org>
3285 * mainproc.c (proc_symkey_enc): Don't ask for a passphrase
3286 in the list only mode.
3288 2002-05-05 David Shaw <dshaw@jabberwocky.com>
3290 * keyserver.c (keyserver_refresh): --refresh-keys implies
3291 --merge-only so as not to import keys with keyids that match the
3292 ones being refreshed. Noted by Florian Weimer.
3294 2002-05-04 Stefan Bellon <sbellon@sbellon.de>
3296 * free-packet.c (copy_public_key): Don't call m_alloc(0), therefore
3297 added consistency check for revkey and numrefkeys.
3299 * getkey.c (check_revocation_keys): Added consistency check for
3300 revkey and numrefkeys.
3302 * keyedit.c (show_key_with_all_names): Likewise.
3304 2002-05-03 David Shaw <dshaw@jabberwocky.com>
3306 * photoid.c: Provide default image viewer for Win32.
3308 * misc.c (pct_expando): %t means extension, not name ("jpg", not
3311 * keyserver.c (keyserver_spawn), photoid.c (show_photos), exec.h,
3312 exec.c: Allow the caller to determine the temp file extension when
3313 starting an exec_write and change all callers.
3315 * keyedit.c (sign_uids): Nonrevocable key signatures cause an
3316 automatic promotion to v4.
3318 * exec.c: Provide stubs for exec_ functions when NO_EXEC is
3321 2002-05-02 David Shaw <dshaw@jabberwocky.com>
3323 * photoid.h, photoid.c (parse_image_header, image_type_to_string):
3324 Useful functions to return data about an image.
3326 * packet.h, parse-packet.c (make_attribute_uidname,
3327 parse_attribute_subpkts, parse_attribute), photoid.h, photoid.c
3328 (show_photos): Handle multiple images in a single attribute
3331 * main.h, misc.c (pct_expando), sign.c (mk_notation_and_policy),
3332 photoid.c (show_photos): Simpler expando code that does not
3333 require using compile-time string sizes. Call
3334 image_type_to_string to get image strings (i.e. "jpg",
3335 "image/jpeg"). Change all callers.
3337 * keyedit.c (menu_showphoto), keylist.c (list_keyblock_print):
3338 Allow viewing multiple images within a single attribute packet.
3340 * gpgv.c: Various stubs for link happiness.
3342 2002-05-02 David Shaw <dshaw@jabberwocky.com>
3344 * build-packet.c (build_sig_subpkt), keyedit.c (sign_uids),
3345 options.h, sign.c (mk_notation_and_policy), g10.c (main,
3346 add_notation_data, add_policy_url (new), check_policy_url
3347 (removed)): Allow multiple policy URLs on a given signature.
3348 Split "--notation-data" into "--cert-notation" and
3349 "--sig-notation" so the user can set different policies for key
3350 and data signing. For backwards compatibility, "--notation-data"
3351 sets both, as before.
3353 2002-05-02 Werner Koch <wk@gnupg.org>
3355 * options.skel: Removed the comment on trusted-keys because this
3356 option is now deprecated.
3358 2002-05-01 David Shaw <dshaw@jabberwocky.com>
3360 * keyedit.c (menu_adduid): 2440bis04 says that multiple attribute
3361 packets on a given key are legal.
3363 * keyserver.c (keyserver_refresh): the fake v3 keyid hack applies
3364 to "mailto" URLs as well since they are also served by pksd.
3366 2002-04-29 Werner Koch <wk@gnupg.org>
3368 Added a copyright year for files changed this year.
3370 2002-04-25 Werner Koch <wk@gnupg.org>
3372 * g10.c, options.h: New options --display, --ttyname, --ttytype,
3373 --lc-ctype, --lc-messages to be used with future versions of the
3375 * passphrase.c (agent_send_option,agent_send_all_options): New.
3376 (agent_open): Send options to the agent.
3378 * trustdb.c (update_ownertrust, clear_ownertrust): Do an explicit
3379 do_sync because revalidation_mark does it only if when the
3380 timestamp actually changes.
3382 2002-04-23 David Shaw <dshaw@jabberwocky.com>
3384 * main.h, keygen.c (do_generate_keypair), keylist.c
3385 (print_signature_stats, list_all, list_one, list_keyblock,
3386 list_keyblock_print, list_keyblock_colon): After generating a new
3387 key, show the key information (name, keyid, fingerprint, etc.)
3388 Also do not print uncheckable signatures (missing key..) in
3389 --check-sigs. Print statistics (N missing keys, etc.) after
3392 * keyedit.c (sign_uids): When signing a key with an expiration
3393 date on it, the "Do you want your signature to expire at the same
3394 time?" question should default to YES.
3396 2002-04-22 David Shaw <dshaw@jabberwocky.com>
3398 * parse-packet.c (parse_plaintext), packet.h, plaintext.c
3399 (handle_plaintext): Fix bug in handling literal packets with
3400 zero-length data (no data was being confused with partial body
3403 * misc.c (pct_expando), options.skel: %t means extension ("jpg").
3404 %T means MIME type ("image/jpeg").
3406 * import.c (import_one): Only trigger trust update if the keyring
3407 is actually changed.
3409 * export.c (do_export_stream): Missing a m_free.
3411 2002-04-22 Stefan Bellon <sbellon@sbellon.de>
3413 * keyid.c (expirestr_from_sk, expirestr_from_sig): Added _() to
3416 * exec.c (make_tempdir) [__riscos__]: Better placement of
3419 2002-04-20 David Shaw <dshaw@jabberwocky.com>
3421 * keygen.c (generate_subkeypair): 2440bis04 adds that creating
3422 subkeys on v3 keys is a MUST NOT.
3424 * getkey.c (finish_lookup): The --pgp6 "use the primary key"
3425 behavior should only apply while data signing and not encryption.
3426 Noted by Roger Sondermann.
3428 2002-04-19 Werner Koch <wk@gnupg.org>
3430 * keygen.c (keygen_set_std_prefs): Put back 3DES because the RFC
3431 says it is good form to do so.
3433 2002-04-19 David Shaw <dshaw@jabberwocky.com>
3435 * keyedit.c (menu_deluid): Only cause a trust update if we delete
3436 a non-revoked user id.
3438 * hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options,
3439 keyserver_spawn), options.h: Remove fast-import keyserver option
3440 (no longer meaningful).
3442 * g10.c (main), keyedit.c (sign_uids), options.h: Change
3443 --default-check-level to --default-cert-check-level as it makes
3444 clear what it operates on.
3446 * g10.c (main): --pgp6 also implies --no-ask-sig-expire.
3448 * delkey.c (do_delete_key): Comment.
3450 * keyedit.c (sign_uids, keyedit_menu, menu_deluid, menu_delsig,
3451 menu_expire, menu_revsig, menu_revkey): Only force a trustdb check
projects / gnupg.git / blob