16 years agoSimple script to create samplekeys.asc. CVS only.
Werner Koch [Mon, 23 Dec 2002 15:48:50 +0000 (15:48 +0000)]
Simple script to create samplekeys.asc.  CVS only.

16 years ago* samplekeys.asc: Updated.
Werner Koch [Mon, 23 Dec 2002 15:47:53 +0000 (15:47 +0000)]
* samplekeys.asc: Updated.

16 years ago2002-12-22 Timo Schulz <>
Timo Schulz [Sun, 22 Dec 2002 20:53:20 +0000 (20:53 +0000)]
2002-12-22  Timo Schulz  <>

        * import.c (print_import_check): New.
        (import_one): Use it here.
        Use merge_keys_and_selfsig in the interactive mode to avoid
        wrong key information.
        * status.h: Add new status code.
        * status.c: Ditto.

16 years ago* pkclist.c (do_we_trust): Tweak language to refer to the "named
David Shaw [Fri, 13 Dec 2002 21:10:53 +0000 (21:10 +0000)]
* pkclist.c (do_we_trust): Tweak language to refer to the "named
user" rather than "owner".  Noted by Stefan Bellon.

* trustdb.h, trustdb.c (trustdb_pending_check): New function to
check if the trustdb needs a check.

* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.

* options.skel: Include the required '=' sign in the sample
'group' option.  Noted by Stefan Bellon.

* import.c (chk_self_sigs): Don't try and check a subkey as if it
was a signature.

16 years ago* tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
David Shaw [Wed, 11 Dec 2002 17:50:38 +0000 (17:50 +0000)]
* tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
RECTYPE_TRUST records a bit.

* g10.c (main): Comment out --list-trust-path until it can be implemented.

* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich

* keygen.c (ask_algo): Make the Elgamal sign+encrypt warning stronger, and
remove the RSA sign+encrypt warning.

16 years ago* gpg.sgml: Clarify include-revoked and include-disabled so they match
David Shaw [Wed, 11 Dec 2002 03:47:03 +0000 (03:47 +0000)]
* gpg.sgml: Clarify include-revoked and include-disabled so they match
what the program actually does.  Noted by Dick Gevers.

* gpg.sgml: Document %-expandos for policy URLs and notations.

* gpg.sgml: Document --pgp8.  Clarify that --pgp6 and --pgp7 disable

16 years agofixed typo
Stefan Bellon [Fri, 6 Dec 2002 00:38:43 +0000 (00:38 +0000)]
fixed typo

16 years ago* gpg.sgml: Document --no-mangle-dos-filenames.
Werner Koch [Thu, 5 Dec 2002 15:25:46 +0000 (15:25 +0000)]
* gpg.sgml: Document --no-mangle-dos-filenames.

16 years ago* g10.c: New options --[no-]mangle-dos-filenames.
Werner Koch [Thu, 5 Dec 2002 15:25:16 +0000 (15:25 +0000)]
* g10.c: New options --[no-]mangle-dos-filenames.
* options.h (opt): Added mangle-dos-filenames.
* openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
filename only when this option is set; this is the default.

16 years ago* main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) change.
David Shaw [Wed, 4 Dec 2002 18:50:10 +0000 (18:50 +0000)]
* main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) change.
Minimal isn't always best.

* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time.  Make sure that this doesn't
cause a time warp.

* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).

* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.

* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).

* packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.

16 years ago* trustdb.c (validate_keys): Show trust parameters when building trustdb,
David Shaw [Wed, 4 Dec 2002 06:06:56 +0000 (06:06 +0000)]
* trustdb.c (validate_keys): Show trust parameters when building trustdb,
and make sure that the version record update was successful.
(init_trustdb): If the current parameters aren't what was used for
building the trustdb, the trustdb is invalid.

* tbio.c (tdbio_db_matches_options): Update to work with new trustdbs.

16 years ago* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store trust
David Shaw [Wed, 4 Dec 2002 00:05:11 +0000 (00:05 +0000)]
* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store trust
model in the trustdb version record. (tdbio_update_version_record): New
function to update version record values during a trustdb check or update.
(tdbio_dump_record): Show trust model in dump.

* trustdb.c (validate_keys): Call tdbio_update_version_record on success
so that the correct options are stored in the trustdb.

* options.h: rearrange trust models so that CLASSIC is 0 and OPENPGP is 1.

16 years ago* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
David Shaw [Tue, 3 Dec 2002 23:31:48 +0000 (23:31 +0000)]
* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode.  This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.

* getkey.c (finish_lookup): Comment.

* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder
user ID display in the --edit-key menu to match that of the --list-keys

* g10.c (add_notation_data): Fix initialization.

16 years agoMarked unused slots in the trustdb.
Werner Koch [Tue, 3 Dec 2002 08:12:53 +0000 (08:12 +0000)]
Marked unused slots in the trustdb.

16 years ago* gpg.sgml: Point out that if the user absolutely must, it's better to use
David Shaw [Sun, 1 Dec 2002 21:06:13 +0000 (21:06 +0000)]
* gpg.sgml: Point out that if the user absolutely must, it's better to use
--pgpX than forcing an algorithm manually.  Better still not to use
anything, of course. CVS:
gpg.sgml CVS:

16 years ago* distfiles, Include convert-from-106.
David Shaw [Sun, 1 Dec 2002 21:04:07 +0000 (21:04 +0000)]
* distfiles, Include convert-from-106.

* convert-from-106: Script to automate the 1.0.6->later conversion.  It
marks all secret keys as ultimately trusted, adds the signature caches,
and checks the trustdb.

16 years ago* keyedit.c (menu_expire): Don't lose key flags when changing the
David Shaw [Sun, 1 Dec 2002 20:59:04 +0000 (20:59 +0000)]
* keyedit.c (menu_expire): Don't lose key flags when changing the
expiration date of a subkey.  This is not the most optimal solution, but
it is minimal change on the stable branch.

* main.h, keygen.c (do_copy_key_flags): New function to copy key flags, if
any, from one sig to another. (do_add_key_expire): New function to add key
expiration to a sig. (keygen_copy_flags_add_expire): New version of
keygen_add_key_expire that also copies key flags.
(keygen_add_key_flags_and_expire): Use do_add_key_expire.

* import.c (fix_hkp_corruption): Comment.

16 years ago* NEWS: Add notes about notation names and '@', the --trust-model option,
David Shaw [Tue, 26 Nov 2002 04:02:58 +0000 (04:02 +0000)]
* NEWS: Add notes about notation names and '@', the --trust-model option,
default algorithms from --personal-xxxx, --primary-keyring, changes with
--s2k-digest-algo, the new anonymous recipient improvements, and
non-optimized memory wiping.

16 years ago* gpg.sgml: Document --primary-keyring. Clarify --s2k-cipher-algo,
David Shaw [Tue, 26 Nov 2002 04:00:28 +0000 (04:00 +0000)]
* gpg.sgml: Document --primary-keyring.  Clarify --s2k-cipher-algo,
--s2k-digest-algo, --personal-cipher-preferences,
--personal-digest-preferences, and --personal-compress-preferences.

16 years ago* gpg.sgml: Document --sig-policy-url, --cert-policy-url, --sig-notation,
David Shaw [Mon, 25 Nov 2002 14:34:08 +0000 (14:34 +0000)]
* gpg.sgml: Document --sig-policy-url, --cert-policy-url, --sig-notation,
--cert-notation.  Clarify --show-notation and --show-policy-url that
policy URLs and notations can be used in data signatures as well.  Add
note about '@' being a required character in notation names.

16 years agono RISC OS filetype needed for nooutput
Stefan Bellon [Mon, 25 Nov 2002 13:30:34 +0000 (13:30 +0000)]
no RISC OS filetype needed for nooutput

16 years ago* main.h, misc.c (default_cipher_algo, default_compress_algo): New.
David Shaw [Mon, 25 Nov 2002 04:24:41 +0000 (04:24 +0000)]
* main.h, misc.c (default_cipher_algo, default_compress_algo): New.
Return the default algorithm by trying --cipher-algo/--compress-algo, then
the first item in the pref list, then s2k-cipher-algo or ZIP.

* sign.c (sign_file, sign_symencrypt_file), encode.c (encode_simple,
encode_crypt): Call default_cipher_algo and default_compress_algo to get

* g10.c (main): Allow pref selection for compress algo with --openpgp.

16 years ago* mainproc.c (proc_encrypted): Use --s2k-digest-algo for passphrase
David Shaw [Mon, 25 Nov 2002 04:11:02 +0000 (04:11 +0000)]
* mainproc.c (proc_encrypted): Use --s2k-digest-algo for passphrase
mangling rather than --digest-algo.

16 years ago* sign.c (hash_for): If --digest-algo is not set, but
David Shaw [Mon, 25 Nov 2002 04:06:04 +0000 (04:06 +0000)]
* sign.c (hash_for): If --digest-algo is not set, but
--personal-digest-preferences is, then use the first hash algorithm in the
personal list.  If the signing algorithm is DSA, then use the first
160-bit hash algorithm in the personal list. If --pgp2 is set and it's a
v3 RSA key, use MD5.

16 years ago* g10.c (main), keydb.c (keydb_add_resource, keydb_locate_writable):
David Shaw [Mon, 25 Nov 2002 03:18:48 +0000 (03:18 +0000)]
* g10.c (main), keydb.c (keydb_add_resource, keydb_locate_writable):
Rename --default-keyring as --primary-keyring.  Stefan wins the naming

16 years ago* g10.c (add_notation_data): Disallow notation names that do not contain a
David Shaw [Sun, 24 Nov 2002 01:49:32 +0000 (01:49 +0000)]
* g10.c (add_notation_data): Disallow notation names that do not contain a
'@', unless --expert is set.  This is to help prevent people from
polluting the (as yet unused) IETF namespace.

* main.h: Comments about default algorithms.

* photoid.c (image_type_to_string): Comments about 3-letter file

16 years ago* encode.c (encode_simple), passphrase.c (passphrase_to_dek), sign.c
David Shaw [Sun, 24 Nov 2002 00:50:14 +0000 (00:50 +0000)]
* encode.c (encode_simple), passphrase.c (passphrase_to_dek), sign.c
(sign_symencrypt_file): Use --s2k-digest-algo for passphrase mangling
rather than --digest-algo.

16 years ago* gpg.sgml: Add an interoperability section.
David Shaw [Fri, 22 Nov 2002 03:53:53 +0000 (03:53 +0000)]
* gpg.sgml: Add an interoperability section.

16 years ago* keygen.c (keygen_set_std_prefs): Properly handle an empty preference
David Shaw [Thu, 21 Nov 2002 16:25:05 +0000 (16:25 +0000)]
* keygen.c (keygen_set_std_prefs): Properly handle an empty preference

* misc.c (string_to_compress_algo): "none" is a bad choice since it
conflicts with the "none" in setpref.

17 years ago* gpgkeys_ldap.c (main), gpgkeys_hkp.c (main): Use new keyserver protocol
David Shaw [Mon, 18 Nov 2002 00:43:33 +0000 (00:43 +0000)]
* gpgkeys_ldap.c (main), gpgkeys_hkp.c (main): Use new keyserver protocol

17 years ago* gpg.sgml: Correct defaults for --s2k-mode and --s2k-digest-mode. Noted
David Shaw [Sun, 17 Nov 2002 15:22:48 +0000 (15:22 +0000)]
* gpg.sgml: Correct defaults for --s2k-mode and --s2k-digest-mode. Noted
by Haakon Riiser.

17 years ago* config.links: Use OpenBSD/NetBSD powerpc assembler code for Darwin.
David Shaw [Sat, 16 Nov 2002 16:53:58 +0000 (16:53 +0000)]
* config.links: Use OpenBSD/NetBSD powerpc assembler code for Darwin.
Successfully tested by Gordon Worley.

17 years ago* gpg.sgml: --compress-algo now allows algorithm names.
David Shaw [Fri, 15 Nov 2002 04:15:39 +0000 (04:15 +0000)]
* gpg.sgml: --compress-algo now allows algorithm names.

* gpg.sgml: Document --trust-model.

* README.W32: Add blurb on how to create a ZIP file, changed requirement
for mingw32 to 0.3.2.

17 years ago* g10.c (main): Allow compression algorithm names as the argument to
David Shaw [Fri, 15 Nov 2002 04:07:24 +0000 (04:07 +0000)]
* g10.c (main): Allow compression algorithm names as the argument to
--compress-algo.  The old algorithm names still work for backwards

* misc.c (string_to_compress_algo): Allow "none" as an alias for

17 years ago* gpgkeys_ldap.c (get_key): The deduping code requires "pgpcertid", but
David Shaw [Thu, 14 Nov 2002 14:30:53 +0000 (14:30 +0000)]
* gpgkeys_ldap.c (get_key): The deduping code requires "pgpcertid", but
that was not available when running without verbose on.  Noted by Stefan.

17 years agofixed type incompatibility
Stefan Bellon [Wed, 13 Nov 2002 21:49:57 +0000 (21:49 +0000)]
fixed type incompatibility

17 years ago* encode.c (encode_simple): Make sure that files larger than about 4G use
David Shaw [Wed, 13 Nov 2002 17:43:27 +0000 (17:43 +0000)]
* encode.c (encode_simple): Make sure that files larger than about 4G use
partial length encoding.  This is required because OpenPGP allows only for
32 bit length fields.  From Werner on stable branch.

* getkey.c (get_pubkey_direct): Renamed to... (get_pubkey_fast): this and
made extern. (get_pubkey_byfprint_fast): New.  From Werner on stable

* keydb.h, import.c (import_one): Use get_pubkey_fast instead of
get_pubkey.  We don't need a merged key and actually this might lead to
recursions. (revocation_present): Likewise for search by fingerprint.
From Werner on stable branch.

* g10.c (main): Try to create the trustdb even for non-colon-mode list-key
operations.  This is required because getkey needs to know whether a a key
is ultimately trusted.  From Werner on stable branch.

17 years ago* exec.c [__CYGWIN32__]: Keep cygwin separate from Mingw32; we don't need
David Shaw [Wed, 13 Nov 2002 17:19:22 +0000 (17:19 +0000)]
* exec.c [__CYGWIN32__]: Keep cygwin separate from Mingw32; we don't need
it here as it behaves more like a Posix system. From Werner on stable

* passphrase.c (agent_get_passphrase): Ditto.  From Werner on stable

* tdbio.c (MY_O_BINARY): Need binary mode with Cygwin.  From Werner on
stable branch.

* g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from the
registry.  From Werner on stable branch.

17 years ago* mk-w32-dist: Don't use iconv for pl.po. From Werner on stable branch.
David Shaw [Wed, 13 Nov 2002 16:50:44 +0000 (16:50 +0000)]
* mk-w32-dist: Don't use iconv for pl.po.  From Werner on stable branch.

* mk-w32-dist: Include gpgkeys_ldap and gpgkeys_hkp.

17 years ago* util.h [__CYGWIN32__]: Don't need the registry prototypes. From Werner
David Shaw [Wed, 13 Nov 2002 16:38:07 +0000 (16:38 +0000)]
* util.h [__CYGWIN32__]: Don't need the registry prototypes.  From Werner
on stable branch.

17 years ago* THANKS: Changes from stable branch.
David Shaw [Wed, 13 Nov 2002 16:11:32 +0000 (16:11 +0000)]
* THANKS: Changes from stable branch.

* Check for ctermid().  From Werner on stable

Werner on stable branch.

* (try_gettext): Remove special case for cygwin.
This removes all the DOS specific macros and let Cygwin work like
a real OS.  Needs a couple of changes elsewhere but after all,
GnuPG presents itself much more like a Posix program and can be
used in a full Cygwin environment; e.g. used along with mutt.
Changes suggested by Volker Quetschke.  From Werner on stable

* acinclude.m4 (GNUPG_SYS_NM_PARSE): Allow for underscore in test
symbols.  Useful for Cygwin builds.
(GNUPG_SYS_SYMBOL_UNDERSCORE): Don't hardwire to yes for Cygwin.
From Werner on stable branch.

* README: Add an installation note for Darwin 6.1.  From Werner on
stable branch.

17 years ago* secmem.c (lock_pool) [__CYGWIN__]: Don't print secmem warning. From
David Shaw [Wed, 13 Nov 2002 15:39:10 +0000 (15:39 +0000)]
* secmem.c (lock_pool) [__CYGWIN__]: Don't print secmem warning. From
Werner on stable branch.

17 years ago* keyedit.c (show_key_with_all_names_colon): Make --with-colons --edit
David Shaw [Wed, 13 Nov 2002 13:23:03 +0000 (13:23 +0000)]
* keyedit.c (show_key_with_all_names_colon): Make --with-colons --edit
display match the validity and trust of --with-colons --list-keys.

* passphrase.c (agent_send_all_options): Fix compile warning.

* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.

* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid.  This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.

17 years ago* config.sub, config.guess: Updated from
Werner Koch [Tue, 12 Nov 2002 19:37:44 +0000 (19:37 +0000)]
* config.sub, config.guess: Updated from
to version 2002-11-08.

17 years agoPost release version number bump.
Werner Koch [Tue, 12 Nov 2002 16:45:22 +0000 (16:45 +0000)]
Post release version number bump.

17 years agoPreparing 1.3.1 release. V1-3-1
Werner Koch [Tue, 12 Nov 2002 16:15:57 +0000 (16:15 +0000)]
Preparing 1.3.1 release.

17 years ago* gpgkeys_ldap.c (get_key): Fix typo in deduping code.
David Shaw [Sun, 10 Nov 2002 21:32:11 +0000 (21:32 +0000)]
* gpgkeys_ldap.c (get_key): Fix typo in deduping code.

17 years ago* ttyio.c (TERMDEVICE): Removed.
Werner Koch [Sat, 9 Nov 2002 17:49:01 +0000 (17:49 +0000)]
* ttyio.c (TERMDEVICE): Removed.
(tty_get_ttyname): New.
(init_ttyfp): Use it here instead of the TERMDEVICE macro.

17 years ago* passphrase.c (agent_send_all_options): Use tty_get_ttyname to
Werner Koch [Sat, 9 Nov 2002 17:48:41 +0000 (17:48 +0000)]
* passphrase.c (agent_send_all_options): Use tty_get_ttyname to
get the default ttyname.

17 years agoFixed copyright year
Werner Koch [Sat, 9 Nov 2002 17:42:24 +0000 (17:42 +0000)]
Fixed copyright year

17 years ago* keyring.h, keyring.c (keyring_register_filename): Return the pointer if
David Shaw [Fri, 8 Nov 2002 03:31:21 +0000 (03:31 +0000)]
* keyring.h, keyring.c (keyring_register_filename): Return the pointer if
a given keyring is registered twice.

* keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a default
keyring. (keydb_locate_writable): Prefer the default keyring if possible.

* g10.c (main): Add --default-keyring option.

17 years ago* options.h, g10.c (main), trustdb.c (ask_ownertrust): Add
David Shaw [Thu, 7 Nov 2002 04:37:27 +0000 (04:37 +0000)]
* options.h, g10.c (main), trustdb.c (ask_ownertrust): Add
--force-ownertrust option for debugging purposes.  This allows setting a
whole keyring to a given trust during an --update-trustdb.  Not for normal
use - it's just easier than hitting "4" all the time to test a large

17 years ago* w32reg.c (read_w32_registry_string): Fixed expanding of the environment
David Shaw [Wed, 6 Nov 2002 22:51:44 +0000 (22:51 +0000)]
* w32reg.c (read_w32_registry_string): Fixed expanding of the environment
buffer; didn't worked at all.  Reported by Thijmen Klok.  From Werner on
stable branch.

* secmem.c (secmem_free, secmem_term): Use wipememory2() instead of
memset() to overwrite secure memory

* iobuf.c (direct_open): Handle mode 'b' if O_BINARY is available. From
Werner on stable branch.

* fileutil.c: Comment from stable branch.

17 years ago* util.h: Add wipememory2() macro (same as wipememory, but can specify the
David Shaw [Wed, 6 Nov 2002 17:38:09 +0000 (17:38 +0000)]
* util.h: Add wipememory2() macro (same as wipememory, but can specify the
byte to wipe with).

17 years ago* rndw32.c [__CYGWIN32__]: Don't include winioctl.h - it is not required
David Shaw [Wed, 6 Nov 2002 17:32:37 +0000 (17:32 +0000)]
* rndw32.c [__CYGWIN32__]: Don't include winioctl.h - it is not required
anymore. (From Werner)

* random.c (read_seed_file,update_random_seed_file): Use binary mode for
__CYGWIN__. (From Werner)

* blowfish.c (burn_stack), cast5.c (burn_stack), des.c (burn_stack), md5.c
(burn_stack), random.c (burn_stack, read_pool, fast_random_poll),
rijndael.c (burn_stack), rmd160.c (burn_stack), rndegd.c
(rndegd_gather_random), rndlinux.c (rndlinux_gather_random), sha1.c
(burn_stack), tiger.c (burn_stack), twofish.c (burn_stack): Replace
various calls to memset() with the more secure wipememory().

17 years ago* pubkey-enc.c (get_session_key): With hidden recipients or try a given
David Shaw [Wed, 6 Nov 2002 16:58:28 +0000 (16:58 +0000)]
* pubkey-enc.c (get_session_key): With hidden recipients or try a given
passphrase against all secret keys rather than trying all secret keys in
turn.  Don't if --try-all-secrets or --status-fd is enabled.

* passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase
query, but don't prompt with the key info.

* seckey-cert.c (do_check, check_secret_key): A negative ask count means
to enable passphrase mode 1.

* keydb.h, getkey.c (enum_secret_keys): Add flag to include
secret-parts-missing keys (or not) in the list.

17 years ago* gpgkeys_ldap.c (key_in_keylist, add_key_to_keylist, free_keylist,
David Shaw [Tue, 5 Nov 2002 22:08:02 +0000 (22:08 +0000)]
* gpgkeys_ldap.c (key_in_keylist, add_key_to_keylist, free_keylist,
get_key, search_key): The LDAP keyserver doesn't remove duplicates, so
remove them locally.  Do not include the key modification time in the
search response.

17 years ago* keyserver.c (keyserver_search_prompt): When --with-colons is enabled,
David Shaw [Tue, 5 Nov 2002 16:11:04 +0000 (16:11 +0000)]
* keyserver.c (keyserver_search_prompt): When --with-colons is enabled,
don't try and fit the search output to the screen size - just dump the
whole list.

17 years ago* keyserver.c (keyserver_search_prompt): When --with-colons is enabled,
David Shaw [Tue, 5 Nov 2002 04:28:40 +0000 (04:28 +0000)]
* keyserver.c (keyserver_search_prompt): When --with-colons is enabled,
just dump the raw keyserver protocol to stdout and don't print the menu.

17 years ago* KEYSERVER: New. Documents the --with-colons format for keyserver
David Shaw [Tue, 5 Nov 2002 04:24:45 +0000 (04:24 +0000)]
* KEYSERVER: New.  Documents the --with-colons format for keyserver

* DETAILS: Clarify meaning of 'u'.  Noted by Timo.

17 years ago* trustdb.c (trust_model_string, check_trustdb, update_trustdb,
David Shaw [Mon, 4 Nov 2002 17:30:38 +0000 (17:30 +0000)]
* trustdb.c (trust_model_string, check_trustdb, update_trustdb,
validate_one_keyblock): It's not clear what a trustdb rebuild or check
means with a trust model other than "classic" or "openpgp", so disallow

17 years ago* gpgkeys_hkp.c (send_key), gpgkeys_ldap.c (send_key): Properly handle an
David Shaw [Mon, 4 Nov 2002 13:59:08 +0000 (13:59 +0000)]
* gpgkeys_hkp.c (send_key), gpgkeys_ldap.c (send_key): Properly handle an
input file that does not include any key data at all.

17 years ago* options.h, g10.c (main): Add --trust-model option. Current models are
David Shaw [Sun, 3 Nov 2002 20:18:56 +0000 (20:18 +0000)]
* options.h, g10.c (main): Add --trust-model option.  Current models are
"openpgp" which is classic+trustsigs, "classic" which is classic only, and
"always" which is the same as the current option --always-trust (which
still works).  Default is "openpgp".

* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to enable
trust sigs.

* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c (do_we_trust,
do_we_trust_pre, check_signatures_trust): Use new --trust-model option in
place of --always-trust.

17 years ago* gpg.sgml: Document "tsign", clarify "setpref", clarify --recipient,
David Shaw [Sun, 3 Nov 2002 13:40:39 +0000 (13:40 +0000)]
* gpg.sgml: Document "tsign", clarify "setpref", clarify --recipient,
document --hidden-recipient, document --hidden-encrypt-to, clarify
--no-encrypt-to, clarify --throw-keyid, document --no-throw-keyid.

17 years ago* NEWS: Note trust signature support,
David Shaw [Sun, 3 Nov 2002 12:52:30 +0000 (12:52 +0000)]
* NEWS: Note trust signature support,
--hidden-encrypt-to/--hidden-recipient, and long algorithm name support

17 years ago* keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids, keyedit_menu):
David Shaw [Sun, 3 Nov 2002 12:46:52 +0000 (12:46 +0000)]
* keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids, keyedit_menu):
Prompt for and create a trust signature with "tsign".  This is functional,
but needs better UI text.

* build-packet.c (build_sig_subpkt): Able to build trust and regexp

* pkclist.c (do_edit_ownertrust): Comment.

17 years ago* keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the full
David Shaw [Sun, 3 Nov 2002 00:00:42 +0000 (00:00 +0000)]
* keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the full
algorithm name (CAST5, SHA1) rather than the short form (S3, H2).

* main.h, keygen.c (keygen_get_std_prefs), keyedit.c (keyedit_menu):
Return and use a fake uid packet rather than a string since we already
have a nice parser/printer in keyedit.c:show_prefs.

* main.h, misc.c (string_to_compress_algo): New.

17 years ago* cipher.c (string_to_cipher_algo), md.c (string_to_digest_algo): Allow
David Shaw [Sat, 2 Nov 2002 21:39:37 +0000 (21:39 +0000)]
* cipher.c (string_to_cipher_algo), md.c (string_to_digest_algo): Allow
the Sxxx and Hxxx format for cipher and digest names.

17 years ago* g10.c (main): Add --no-throw-keyid.
David Shaw [Fri, 1 Nov 2002 16:15:45 +0000 (16:15 +0000)]
* g10.c (main): Add --no-throw-keyid.

* keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main), pkclist.c
(build_pk_list): Add --hidden-recipient (-R) and --hidden-encrypt-to,
which do a single-user variation on --throw-keyid.  The "hide this key"
flag is carried in bit 0 of the pk_list flags field.

* keyserver.c (parse_keyrec): Fix shadowing warning.

17 years ago* Put gnupg.spec in the root directory so rpm -ta works.
David Shaw [Thu, 31 Oct 2002 18:29:53 +0000 (18:29 +0000)]
* Put gnupg.spec in the root directory so rpm -ta works.

17 years ago* Update source ftp path.
David Shaw [Thu, 31 Oct 2002 18:28:35 +0000 (18:28 +0000)]
* Update source ftp path.

17 years agoadded RISC OS module loading support
Stefan Bellon [Thu, 31 Oct 2002 16:58:47 +0000 (16:58 +0000)]
added RISC OS module loading support

17 years ago* build-packet.c (do_plaintext), encode.c (encode_sesskey, encode_simple,
David Shaw [Thu, 31 Oct 2002 15:40:42 +0000 (15:40 +0000)]
* build-packet.c (do_plaintext), encode.c (encode_sesskey, encode_simple,
encode_crypt), sign.c (write_plaintext_packet): Use wipememory() instead
of memset() to wipe sensitive memory as the memset() might be optimized

17 years ago* util.h: Add wipememory() macro.
David Shaw [Thu, 31 Oct 2002 15:35:24 +0000 (15:35 +0000)]
* util.h: Add wipememory() macro.

17 years ago* Add a check for volatile.
David Shaw [Thu, 31 Oct 2002 15:31:04 +0000 (15:31 +0000)]
* Add a check for volatile.

17 years ago* trustdb.c (check_regexp): Modern regexps require REG_EXTENDED.
David Shaw [Wed, 30 Oct 2002 23:40:05 +0000 (23:40 +0000)]
* trustdb.c (check_regexp): Modern regexps require REG_EXTENDED.

17 years ago* packet.h, trustdb.h, trustdb.c (trust_string): New. Return a string
David Shaw [Wed, 30 Oct 2002 03:11:57 +0000 (03:11 +0000)]
* packet.h, trustdb.h, trustdb.c (trust_string): New.  Return a string
like "fully trusted", "marginally trusted", etc. (get_min_ownertrust):
New.  Return minimum ownertrust. (update_min_ownertrust): New.  Set
minimum ownertrust. (check_regexp): New.  Check a regular epression
against a user ID. (ask_ownertrust): Allow specifying a minimum value.
(get_ownertrust_info): Follow the minimum ownertrust when returning a
letter. (clear_validity): Remove minimum ownertrust when a key becomes
invalid. (release_key_items): Release regexp along with the rest of the
info. (validate_one_keyblock, validate_keys): Build a trust sig chain
while validating.  Call check_regexp for regexps.  Use the minimum
ownertrust if the user does not specify a genuine ownertrust.

* pkclist.c (do_edit_ownertrust): Only allow user to select a trust level
greater than the minimum value.

* parse-packet.c (can_handle_critical): Can handle critical trust and
regexp subpackets.

* trustdb.h, trustdb.c (clear_ownertrusts), delkey.c (do_delete_key),
import.c (import_one): Rename clear_ownertrust to clear_ownertrusts and
have it clear the min_ownertrust value as well.

* keylist.c (list_keyblock_print): Indent uid to match pub and sig.

17 years ago* Add --disable-regex in case some platform just can't
David Shaw [Tue, 29 Oct 2002 22:44:07 +0000 (22:44 +0000)]
* Add --disable-regex in case some platform just can't
handle the regex stuff.  This means they can't fully handle trust sigs
with an attached regex either.

17 years ago* keyedit.c (print_and_check_one_sig, show_key_and_fingerprint,
David Shaw [Tue, 29 Oct 2002 18:00:07 +0000 (18:00 +0000)]
* keyedit.c (print_and_check_one_sig, show_key_and_fingerprint,
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.

* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.

* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).

17 years agotidied RISC OS filetype support
Stefan Bellon [Tue, 29 Oct 2002 14:37:12 +0000 (14:37 +0000)]
tidied RISC OS filetype support

17 years agofiletype support for RISC OS
Stefan Bellon [Mon, 28 Oct 2002 13:26:44 +0000 (13:26 +0000)]
filetype support for RISC OS

17 years ago* Use new path for keyserver helpers, /usr/lib is no longer
David Shaw [Sat, 26 Oct 2002 19:45:00 +0000 (19:45 +0000)]
* Use new path for keyserver helpers, /usr/lib is no longer
used for cipher/hash plugins, and include gpgv, gpgsplit, and the new
gnupg.7 man page.

17 years ago* gpgkeys_hkp.c (main), gpgkeys_ldap.c (main): Add -V flag to output
David Shaw [Thu, 24 Oct 2002 22:33:22 +0000 (22:33 +0000)]
* gpgkeys_hkp.c (main), gpgkeys_ldap.c (main): Add -V flag to output
protocol and program version.

17 years ago * gpg.sgml: Document --refresh-keys.
David Shaw [Thu, 24 Oct 2002 05:48:14 +0000 (05:48 +0000)]
* gpg.sgml: Document --refresh-keys.

* gpg.sgml: Clarify --force-mdc, and document --disable-mdc.

17 years ago* main.h, import.c (sec_to_pub_keyblock, import_secret_one,
David Shaw [Wed, 23 Oct 2002 15:59:45 +0000 (15:59 +0000)]
* main.h, import.c (sec_to_pub_keyblock, import_secret_one,
parse_import_options), g10.c (main): New import-option "convert-sk-to-pk"
to convert a secret key into a public key during import.  It is on by

17 years ago* gpgsplit.c: New options --secret-to-public and --no-split.
Werner Koch [Wed, 23 Oct 2002 08:47:17 +0000 (08:47 +0000)]
* gpgsplit.c: New options --secret-to-public and --no-split.
GNUified the indentation style.

17 years ago* pubkey-enc.c (get_it): Fix segv, test for revoked only when PK
Werner Koch [Wed, 23 Oct 2002 07:11:01 +0000 (07:11 +0000)]
* pubkey-enc.c (get_it): Fix segv, test for revoked only when PK
has been assigned.

17 years ago* Anything linking with libutil.a needs INTLLIBS as well on
David Shaw [Mon, 21 Oct 2002 20:32:38 +0000 (20:32 +0000)]
* Anything linking with libutil.a needs INTLLIBS as well on
platforms where INTLLIBS is set.

17 years ago* distfiles, _regex.h: Add _regex.h from glibc 2.3.1.
David Shaw [Sat, 19 Oct 2002 20:36:28 +0000 (20:36 +0000)]
* distfiles, _regex.h: Add _regex.h from glibc 2.3.1.

17 years ago* Regex tests adapted from mutt to decide whether to use the
David Shaw [Sat, 19 Oct 2002 20:34:51 +0000 (20:34 +0000)]
* Regex tests adapted from mutt to decide whether to use the
internal regex code or not.

17 years ago*, regcomp.c, regex.c, regex_internal.c, regex_internal.h,
David Shaw [Sat, 19 Oct 2002 20:24:53 +0000 (20:24 +0000)]
*, regcomp.c, regex.c, regex_internal.c, regex_internal.h,
regexec.c: Add new regex files from glibc 2.3.1.

17 years ago2002-10-18 Timo Schulz <>
Timo Schulz [Fri, 18 Oct 2002 15:41:33 +0000 (15:41 +0000)]
2002-10-18  Timo Schulz  <>

        * keylist.c: (print_pubkey_info): New.
        (print_seckey_info): New.
        * main.h: Prototypes for the new functions.
        * delkey.c (do_delete_key): Use it here.
        * revoke.c (gen_desig_revoke): Ditto.

17 years agoBumped version number for cvs version
Werner Koch [Fri, 18 Oct 2002 10:41:34 +0000 (10:41 +0000)]
Bumped version number for cvs version

17 years ago* (hkp.c): Removed. V1-3-0
Werner Koch [Fri, 18 Oct 2002 09:39:04 +0000 (09:39 +0000)]
* (hkp.c): Removed.

17 years ago* Changed version number comments.
Werner Koch [Fri, 18 Oct 2002 09:32:42 +0000 (09:32 +0000)]
* Changed version number comments.
(ALL_LINGUAS): Removed all except for de.  During development it
might not be a good idea to keep all of them - they get outdated
too soon and diff files will be far too large.

17 years ago* config.links (powerpc-apple-darwin6.1): Disable assembler
Werner Koch [Fri, 18 Oct 2002 09:24:56 +0000 (09:24 +0000)]
* config.links (powerpc-apple-darwin6.1): Disable assembler
due to non-working modules/as.  Suggested by Gordon Worley.

17 years ago* Allow env variables to override the auto* tool
Werner Koch [Thu, 17 Oct 2002 14:03:11 +0000 (14:03 +0000)]
* Allow env variables to override the auto* tool
names.  Suggested by Simon Josefsson.

17 years ago* pkclist.c (do_edit_ownertrust): Show all user IDs. This should
Werner Koch [Thu, 17 Oct 2002 13:48:43 +0000 (13:48 +0000)]
* pkclist.c (do_edit_ownertrust): Show all user IDs.  This should
be enhanced to also show the current trust level.  Suggested by
Florian Weimer.

17 years ago* README: Multiple A record rotation works with MINGW32 now, and clarify
David Shaw [Thu, 17 Oct 2002 13:27:13 +0000 (13:27 +0000)]
* README: Multiple A record rotation works with MINGW32 now, and clarify
how it works with LDAP.

17 years ago* http.c (connect_server): Try all A records for names with multiple
David Shaw [Thu, 17 Oct 2002 12:45:58 +0000 (12:45 +0000)]
* http.c (connect_server): Try all A records for names with multiple
addresses until one answers for both MINGW32 and not MINGW32.