15 years ago* g10.c (main): Give a deprecated option warning for --show-keyring,
David Shaw [Fri, 10 Oct 2003 03:05:05 +0000 (03:05 +0000)]
* g10.c (main): Give a deprecated option warning for --show-keyring,
--show-photos, --show-policy-url, --show-notation, and their respective
no- forms.

* options.skel: Remove show-photos and replace with list/verify-options
show-photos.  Remove no-mangle-dos-filenames.

* misc.c (parse_options): Allow for incomplete (but unambiguous) options.

15 years ago* ccid-driver.c (ccid_transceive): Add T=1 chaining for sending.
Werner Koch [Thu, 9 Oct 2003 15:08:12 +0000 (15:08 +0000)]
* ccid-driver.c (ccid_transceive): Add T=1 chaining for sending.

* sign.c (do_sign) [!ENABLE_CARD_SUPPORT]: Return an error for
card keys.

* cardglue.c (agent_scd_pkdecrypt): Implemented.
* pubkey-enc.c (get_it) [ENABLE_CARD_SUPPORT]: Divert decryption
to card

15 years ago* cardglue.c (pin_cb): Detect whether an admin or regular PIN is
Werner Koch [Wed, 8 Oct 2003 15:21:20 +0000 (15:21 +0000)]
* cardglue.c (pin_cb): Detect whether an admin or regular PIN is
(genkey_status_cb): New.
(agent_scd_genkey): Implemented.

* keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare
parameters for on card key generation. Changed all callers.
(do_generate_keypair): Add new arg card and merged casrd specific
changes from 1.9.
(proc_parameter_file): New arg card, apss it down to
do_generate_keypair and changed all callers.
(gen_card_key): New.

* g10.c: Include cardclue.h.
(main): s/app_set_default_reader_port/card_set_reader_port/.
* cardglue.c (card_set_reader_port): New to address include file

15 years ago(tty_print_string, tty_print_utf8_string2)
Werner Koch [Wed, 8 Oct 2003 15:20:58 +0000 (15:20 +0000)]
(tty_print_string, tty_print_utf8_string2)
(tty_print_utf8_string): Made string arg const.

15 years ago* primegen.c (gen_prime): Bail out if NBITS is zero. This is
Werner Koch [Mon, 6 Oct 2003 12:09:46 +0000 (12:09 +0000)]
* primegen.c (gen_prime): Bail out if NBITS is zero.  This is
Debian bug #213989 reported by Max <>.

15 years ago2003-10-04 Timo Schulz <>
Timo Schulz [Sat, 4 Oct 2003 12:55:47 +0000 (12:55 +0000)]
2003-10-04  Timo Schulz  <>

        * dynload [WIN32] (dlclose): Do not use CloseHandle but FreeLibrary.

15 years ago* cardglue.c (learn_status_cb): Release values before assignment
Werner Koch [Thu, 2 Oct 2003 10:20:12 +0000 (10:20 +0000)]
* cardglue.c (learn_status_cb): Release values before assignment
so that it can be used by getattr to update the structure.
(agent_scd_getattr): New.

* keylist.c (print_pubkey_info): Add FP arg for optional printing
to a stream.  Changed all callers.

15 years ago* g10.c (main): Add --no-groups to zero --group list.
David Shaw [Wed, 1 Oct 2003 15:15:58 +0000 (15:15 +0000)]
* g10.c (main): Add --no-groups to zero --group list.

* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically
encrypted session key.  Use --s2k-cipher-algo to choose cipher, rather
than the default cipher.

* parse-packet.c (parse_subkeyenc): Give a warning if an symmetrically
encrypted session key is seen without salt.  Show in --list-packets if a
symetrically encrypted session key is present.

* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless
--quiet is set.  Use text name of cipher in warning.

15 years ago* samplekeys.asc: Update 99242560.
David Shaw [Wed, 1 Oct 2003 14:40:55 +0000 (14:40 +0000)]
* samplekeys.asc: Update 99242560.

* gpg.sgml: Document --no-groups.

15 years ago* gpg.sgml: Note web bug behavior of auto-key-retrieve. Note that big
David Shaw [Tue, 30 Sep 2003 21:47:19 +0000 (21:47 +0000)]
* gpg.sgml: Note web bug behavior of auto-key-retrieve.  Note that big
photos mean big keys.  Document --rfc2440.  Document verify-option

15 years ago* options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
David Shaw [Tue, 30 Sep 2003 21:16:36 +0000 (21:16 +0000)]
* options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
--verify-option show-unusable-uids.

15 years ago* gpg.sgml: Clarify --mangle-dos-filenames, document list-option
David Shaw [Tue, 30 Sep 2003 15:48:04 +0000 (15:48 +0000)]
* gpg.sgml: Clarify --mangle-dos-filenames, document list-option
show-unusable-uids, remove --no-comment (which is now --no-sk-comments),
add --no-comments (to remove --comment), remove --default-comment, and
document --sig-keyserver-url.

15 years ago* NEWS: Note that SHA-256 is read-write now, that TIGER/192 is no more,
David Shaw [Tue, 30 Sep 2003 15:43:21 +0000 (15:43 +0000)]
* NEWS: Note that SHA-256 is read-write now, that TIGER/192 is no more,
that revoked and expired uids are skipped in -r, and that
--no-mangle-dos-filenames is now the default.

15 years ago* gpgv.c (check_trustdb_stale): Stub.
David Shaw [Tue, 30 Sep 2003 15:30:39 +0000 (15:30 +0000)]
* gpgv.c (check_trustdb_stale): Stub.

* trustdb.c (get_validity): Move the up-to-date check to
check_trustdb_stale (new), so that it can be called before validity is

* keylist.c (list_keyblock_print): Disable the overall key validity
display until it can be thought about more.  Use check_trustdb_stale here
to avoid putting the check warning in the middle of a listed key.

* trustdb.c (init_trustdb): Only verify_own_keys() for those trust models
that it applies to (i.e. classic and OpenPGP).

15 years ago* keygen.c (do_add_key_flags, parse_parameter_usage): Add support
Werner Koch [Tue, 30 Sep 2003 08:00:08 +0000 (08:00 +0000)]
* keygen.c (do_add_key_flags, parse_parameter_usage): Add support
the proposed AUTH key flag.
* getkey.c (fixup_uidnode, merge_selfsigs_main)
(merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
* keylist.c (print_capabilities): Ditto.

* parse-packet.c (parse_key): Allow to parse the divert-to-card
S2K mode.
* build-packet.c (do_secret_key): Handle divert-to-card S2K
* seckey-cert.c (is_secret_key_protected): Ditto.
(check_secret_key): Ditto.

* keygen.c (do_ask_passphrase): Renamed from ask_passphrase.
* passphrase.c (ask_passphrase): New.

15 years ago2003-09-28 Timo Schulz <>
Timo Schulz [Sun, 28 Sep 2003 17:16:03 +0000 (17:16 +0000)]
2003-09-28  Timo Schulz  <>

        * util.h [WIN32]: Prototype for asprintf.
        * dynload.h [WIN32]: Define RTLD_LAZY.

15 years ago2003-09-28 Timo Schulz <>
Timo Schulz [Sun, 28 Sep 2003 17:15:46 +0000 (17:15 +0000)]
2003-09-28  Timo Schulz  <>

        * strgutil.c [WIN32] (asprintf): New.

15 years ago(tty_fprintf): New.
Werner Koch [Sun, 28 Sep 2003 13:42:33 +0000 (13:42 +0000)]
(tty_fprintf): New.

15 years ago* util.h: Add the atoi_* and xtoi_* suite of macros from 1.9.
Werner Koch [Sun, 28 Sep 2003 13:42:18 +0000 (13:42 +0000)]
* util.h: Add the atoi_* and xtoi_* suite of macros from 1.9.
* dynload.h: New.  Taken from 1.9.

15 years ago* g10.c (main): New commands --card-edit, --card-status and
Werner Koch [Sun, 28 Sep 2003 13:41:58 +0000 (13:41 +0000)]
* g10.c (main): New commands --card-edit, --card-status and
--change-pin.  New options --ctapi-driver, --pcsc-driver and
* options.h (DBG_CARD_IO): New.
* cardglue.c, cardclue.h: Enhanced.
* card-util.c: New. Taken from current the gnupg 1.9 branch.
* app-common.h, app-openpgp.c, iso7816.c, iso7816.h, apdu.c
* apdu.h, ccid-driver.c, ccid-driver.h: New.  Takem from the current
gnupg 1.9 branch withy minor changes to include directives.
* Added these files.

15 years agoFirst bits of a card support backport from 1.9. It is not enabled by
Werner Koch [Sat, 27 Sep 2003 19:37:53 +0000 (19:37 +0000)]
First bits of a card support backport from 1.9. It is not enabled by
default and tehre is not yet much more than a new configure option.

* (LIBUSB_LIBS,HAVE_LIBUSB): Check for Libusb.
(--enable-card-support): New.

* sign.c (do_sign) [ENABLE_CARD_SUPPORT]: Divert to card.
* cardglue.c, cardglue.h: New.
* (gpg_LDADD): Added.
(card_support_sources): New.

* memory.h (xmalloc): Define xmalloc macros in terms of m_alloc.

15 years ago* options.h, g10.c (main), keylist.c (list_keyblock_print): Add
David Shaw [Thu, 25 Sep 2003 04:03:11 +0000 (04:03 +0000)]
* options.h, g10.c (main), keylist.c (list_keyblock_print): Add
"show-unusable-uids" list-option to show revoked and/or expired user IDs.

15 years ago* keyedit.c (show_key_with_all_names): Show names a little neater by
David Shaw [Wed, 24 Sep 2003 12:11:17 +0000 (12:11 +0000)]
* keyedit.c (show_key_with_all_names): Show names a little neater by
putting the [revoked] or [expired] in the space used for the [validity].
There is also no point in showing "[unknown] [revoked]".

15 years ago* sign.c (mk_notation_policy_etc): Capitalize "URL".
David Shaw [Wed, 24 Sep 2003 03:48:55 +0000 (03:48 +0000)]
* sign.c (mk_notation_policy_etc): Capitalize "URL".

* trustdb.c (validate_keys): Give a little more information while
rebuilding trustdb.

* pkclist.c (do_edit_ownertrust): Clarify "don't know".

* g10.c (main): Default to --no-mangle-dos-filenames.

15 years ago* keydb.h, keyring.c (keyring_search), trustdb.c (search_skipfnc): Expand
David Shaw [Tue, 23 Sep 2003 23:14:03 +0000 (23:14 +0000)]
* keydb.h, keyring.c (keyring_search), trustdb.c (search_skipfnc): Expand
the skipfnc to include a pointer to the user ID that matched.

* getkey.c (skip_disabled): Rename to skip_unusable, and add checks for
expired or revoked user IDs.

15 years ago* g10.c (main): Deprecate --default-comment in favor of --no-comments.
David Shaw [Tue, 23 Sep 2003 03:52:55 +0000 (03:52 +0000)]
* g10.c (main): Deprecate --default-comment in favor of --no-comments.

* options.h, g10.c (main), armor.c (armor_filter): Allow using --comment
multiple times to get multiple Comment: header lines. --no-comments resets

15 years ago2003-09-21 Timo Schulz <>
Timo Schulz [Sun, 21 Sep 2003 17:36:51 +0000 (17:36 +0000)]
2003-09-21  Timo Schulz  <>

        * http.c [WIN32]: Define MB_CUR_MAX.
        (connect_server): use unsigned long since W32 does not have in_addr_t.

15 years ago* g10.c (main): Trim --help to commonly used options. Remove -f.
David Shaw [Fri, 12 Sep 2003 03:29:00 +0000 (03:29 +0000)]
* g10.c (main): Trim --help to commonly used options.  Remove -f.

15 years ago* g10.c (main): Error out if --multifile is used with the commands that
David Shaw [Tue, 9 Sep 2003 00:25:53 +0000 (00:25 +0000)]
* g10.c (main): Error out if --multifile is used with the commands that
don't support it yet (--sign, --clearsign, --detach-sign, --symmetric, and

* g10.c (main): Add --multifile as an alias to turn --encrypt into
--encrypt-files (plus --verify-files, --decrypt-files).

* encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440 directly to
check for MDC usability.  Do not set the force_mdc or disable_mdc flags
since there is no point any longer.

15 years agoMissed one.
David Shaw [Thu, 4 Sep 2003 12:43:45 +0000 (12:43 +0000)]
Missed one.

15 years ago* cipher.h: Drop TIGER/192 support.
David Shaw [Thu, 4 Sep 2003 12:30:01 +0000 (12:30 +0000)]
* cipher.h: Drop TIGER/192 support.

15 years ago* Drop TIGER/192 support. Check for UINT64_C to go along
David Shaw [Thu, 4 Sep 2003 12:27:33 +0000 (12:27 +0000)]
* Drop TIGER/192 support.  Check for UINT64_C to go along
with uint64_t.

15 years ago* mds.test, sigs.test: Remove TIGER/192 and make SHA-256 optional (since
David Shaw [Thu, 4 Sep 2003 12:12:42 +0000 (12:12 +0000)]
* mds.test, sigs.test: Remove TIGER/192 and make SHA-256 optional (since
it might not be compiled in).

15 years ago* armor.c (parse_hash_header, armor_filter), g10.c (print_hex, print_mds),
David Shaw [Thu, 4 Sep 2003 12:03:04 +0000 (12:03 +0000)]
* armor.c (parse_hash_header, armor_filter), g10.c (print_hex, print_mds),
pkclist.c (algo_available): Drop TIGER/192 support.

15 years ago* md.c (string_to_digest_algo): Enable read-write SHA-256 support.
David Shaw [Thu, 4 Sep 2003 11:53:10 +0000 (11:53 +0000)]
* md.c (string_to_digest_algo): Enable read-write SHA-256 support.

* algorithms.h,, md.c (load_digest_module,
string_to_digest_algo), tiger.c: Drop TIGER/192 support.

15 years ago* keyedit.c (show_key_with_all_names): Fix assertion failure when using
David Shaw [Wed, 3 Sep 2003 23:24:03 +0000 (23:24 +0000)]
* keyedit.c (show_key_with_all_names): Fix assertion failure when using
toggle to see a secret key.  Reported by Maxim Britov.

15 years ago* NEWS: Note --list-options, --verify-options, the deprecation of
David Shaw [Tue, 2 Sep 2003 03:16:34 +0000 (03:16 +0000)]
* NEWS: Note --list-options, --verify-options, the deprecation of
--show-photos, --show-policy-url, --show-notation, and --show-keyring, and
getting the signer's fingerprint in sig records.

15 years ago* DETAILS: Note fingerprint of signing key in sig records.
David Shaw [Tue, 2 Sep 2003 03:12:46 +0000 (03:12 +0000)]
* DETAILS: Note fingerprint of signing key in sig records.

15 years ago* gpg.sgml: Use "keyserver-url" instead of "preferred-keyserver" for the
David Shaw [Sun, 31 Aug 2003 23:51:12 +0000 (23:51 +0000)]
* gpg.sgml: Use "keyserver-url" instead of "preferred-keyserver" for the
sake of short and simple commands.

15 years ago* g10.c (add_keyserver_url), keyedit.c (keyedit_menu), sign.c
David Shaw [Sun, 31 Aug 2003 23:49:07 +0000 (23:49 +0000)]
* g10.c (add_keyserver_url), keyedit.c (keyedit_menu), sign.c
(mk_notation_policy_etc): Clarify a few strings.  It's a "preferred
keyserver URL".

* g10.c (main): Use "keyserver-url" instead of "preferred-keyserver" for
the sake of short and simple commands.

15 years ago* main.h, keygen.c (keygen_add_keyserver_url): Signature callback for
David Shaw [Sun, 31 Aug 2003 03:45:41 +0000 (03:45 +0000)]
* main.h, keygen.c (keygen_add_keyserver_url): Signature callback for
adding a keyserver URL.

* keyedit.c (keyedit_menu, menu_set_keyserver_url): New command to set
preferred keyserver to specified (or all) user IDs.

* build-packet.c (build_sig_subpkt): Set preferred keyserver flag while
building a preferred keyserver subpacket.

* keylist.c (show_policy_url): Policy URLs might be UTF8.

* keyedit.c (menu_addrevoker): Fix leaking a few bytes.

15 years ago* gpg.sgml: Document list-options (show-preferred-keyserver,
David Shaw [Sat, 30 Aug 2003 03:29:33 +0000 (03:29 +0000)]
* gpg.sgml: Document list-options (show-preferred-keyserver,
show-validity, show-long-keyid, and show-sig-expire), and verify-options
(show-preferred-keyserver, show-validity, show-long-keyid).

15 years ago* keyedit.c (show_key_with_all_names): Use list-option show-long-keyid in
David Shaw [Sat, 30 Aug 2003 01:08:08 +0000 (01:08 +0000)]
* keyedit.c (show_key_with_all_names): Use list-option show-long-keyid in
main --edit-key display.

15 years ago* keyedit.c (print_and_check_one_sig): Use list-option show-long-keyid in
David Shaw [Sat, 30 Aug 2003 00:40:56 +0000 (00:40 +0000)]
* keyedit.c (print_and_check_one_sig): Use list-option show-long-keyid in
--edit-key "check" function.

15 years agoCredits from stable
David Shaw [Fri, 29 Aug 2003 02:27:02 +0000 (02:27 +0000)]
Credits from stable

15 years ago* samplekeys.asc: Updated.
David Shaw [Fri, 29 Aug 2003 02:25:57 +0000 (02:25 +0000)]
* samplekeys.asc: Updated.

* DETAILS: Document "tru" trust record.  Document REVKEYSIG status tag.
Removed paragraph on gdbm usage.  Note that pipemode is deprecated.

15 years ago* Touch po/all for --build-w32. From Werner on stable branch.
David Shaw [Fri, 29 Aug 2003 00:42:31 +0000 (00:42 +0000)]
* Touch po/all for --build-w32.  From Werner on stable branch.

15 years ago* AUTHORS, THANKS: Updates from stable.
David Shaw [Fri, 29 Aug 2003 00:26:16 +0000 (00:26 +0000)]
* AUTHORS, THANKS: Updates from stable.

15 years ago* passphrase.c (agent_send_all_options): Make use of $GPG_TTY.
David Shaw [Fri, 29 Aug 2003 00:14:42 +0000 (00:14 +0000)]
* passphrase.c (agent_send_all_options): Make use of $GPG_TTY.

* g10.c (main): Disable use-agent if passphrase-fd is given later.
Suggested by Kurt Garloff.

* exec.c, g10.c, gpgv.c, passphrase.c, photoid.c: s/__MINGW32__/_WIN32/ to
help building on native Windows compilers.  Requested by Brian Gladman.
From Werner on stable branch.

15 years ago* idea-stub.c, random.c; s/__MINGW32__/_WIN32/ to help building on native
David Shaw [Thu, 28 Aug 2003 23:49:03 +0000 (23:49 +0000)]
* idea-stub.c, random.c; s/__MINGW32__/_WIN32/ to help building on native
Windows compilers.  Requested by Brian Gladman.  From Werner on stable

15 years ago* util.h: s/__MINGW32__/_WIN32/ to help building on native Windows
David Shaw [Thu, 28 Aug 2003 23:41:41 +0000 (23:41 +0000)]
* util.h: s/__MINGW32__/_WIN32/ to help building on native Windows
compilers.  Requested by Brian Gladman.  From Werner on stable branch.

15 years ago* dotlock.c, http.c, iobuf.c, simple-gettext.c, srv.c, srv.h, strgutil.c,
David Shaw [Thu, 28 Aug 2003 23:29:32 +0000 (23:29 +0000)]
* dotlock.c, http.c, iobuf.c, simple-gettext.c, srv.c, srv.h, strgutil.c,
ttyio.c, w32reg.c: s/__MINGW32__/_WIN32/ to help building on native
Windows compilers.  Requested by Brian Gladman. From Werner on stable

* http.c (connect_server): Oops - forgot to freeaddrinfo().

15 years ago* options.h, g10.c (main): Add list-option list-preferred-keyserver.
David Shaw [Tue, 26 Aug 2003 04:07:52 +0000 (04:07 +0000)]
* options.h, g10.c (main): Add list-option list-preferred-keyserver.

* keyedit.c (change_passphrase): When responding 'no' to the blank
passphrase question, re-prompt for a new passphrase.  This is bug #202.

15 years ago* mainproc.c (check_sig_and_print): Use two different preferred keyserver
David Shaw [Tue, 26 Aug 2003 03:56:47 +0000 (03:56 +0000)]
* mainproc.c (check_sig_and_print): Use two different preferred keyserver
displays - one if the key is not present (to tell the user where to get
the key), the other if it is present (to tell the user where the key can
be refreshed).

* packet.h, parse-packet.c (parse_signature): Set flag if a preferred
keyserver is present.

* keylist.c (list_keyblock_print): Show keyserver url in listings with
list-option show-keyserver-url.

15 years ago* NEWS: Note %g and %p, the "tru" --with-colons record, and the REVKEYSIG
David Shaw [Tue, 26 Aug 2003 03:03:54 +0000 (03:03 +0000)]
* NEWS: Note %g and %p, the "tru" --with-colons record, and the REVKEYSIG
--status-fd tag.

* README: Add a note about the SunOS symbol underscore problem and how to
fix it.  Note problem with gcc < 2.96 and non-gnu as.

15 years ago* Rework much of the spec to use %-macros throughout. Fix
David Shaw [Tue, 26 Aug 2003 00:37:09 +0000 (00:37 +0000)]
* Rework much of the spec to use %-macros throughout.  Fix
to work properly with RPM 4.1 (all files in buildroot must be packaged).
Package and install info files. Tweak the English description.  Do not
install gpgv and gpgsplit setuid root. Make sure that install-info is
called in such a way that doesn't bork the RPM install if it cannot
complete (necessary for some upgrade scenarios).

15 years ago* gpg.sgml: Document --list-options (show-photos, show-policy-url,
David Shaw [Tue, 26 Aug 2003 00:32:58 +0000 (00:32 +0000)]
* gpg.sgml: Document --list-options (show-photos, show-policy-url,
show-notation, show-keyring) and --verify-options (show-photos,
show-policy-url, show-notation).  Deprecate --show-photos,
--show-policy-url, --show-notation, and --show-keyring.

15 years ago* Use NETLIBS instead of EGDLIBS.
David Shaw [Mon, 25 Aug 2003 03:37:06 +0000 (03:37 +0000)]
* Use NETLIBS instead of EGDLIBS.

15 years ago* Check for getaddrinfo. Don't bother to check for EGD libs
David Shaw [Mon, 25 Aug 2003 03:32:01 +0000 (03:32 +0000)]
* Check for getaddrinfo.  Don't bother to check for EGD libs
since we need to have the netlibs regardless because of the agent socket.

15 years ago* http.c (connect_server): Try and use getaddrinfo if it is available.
David Shaw [Mon, 25 Aug 2003 02:18:45 +0000 (02:18 +0000)]
* http.c (connect_server): Try and use getaddrinfo if it is available.
Try for IPv6 via getaddrinfo() or a IPv6-ized gethostbyname().  Suggested
by Jun-ichiro itojun Hagino.

15 years ago* mainproc.c (check_sig_and_print): Get the uid validity before printing
David Shaw [Sun, 24 Aug 2003 23:01:26 +0000 (23:01 +0000)]
* mainproc.c (check_sig_and_print): Get the uid validity before printing
any sig results to avoid munging the output with trustdb warnings.

* g10.c (main): Don't include --show-keyring in --help as it is

15 years ago* random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM twice.
David Shaw [Thu, 21 Aug 2003 23:26:57 +0000 (23:26 +0000)]
* random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM twice.

15 years ago* gpgv.c: Remove extra semicolon (typo).
David Shaw [Thu, 21 Aug 2003 23:20:58 +0000 (23:20 +0000)]
* gpgv.c: Remove extra semicolon (typo).

* options.skel: Note that isn't synchronized, and
explain the roundrobin a bit better.

* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, collapse_uids,
merge_blocks): Make much quieter during import of slightly munged, but
recoverable, keys. Use log_error for unrecoverable import failures.

* keyring.c (keyring_rebuild_cache): Comment.

* sign.c (mk_notation_and_policy): Making a v3 signature with notations or
policy urls is an error, not an info (i.e. increment the errorcount).
Don't print the notation or policy url to stdout since it can be mixed
into the output stream when piping and munge the stream.

15 years ago* packet.h, sig-check.c (signature_check2, do_check, do_check_messages):
David Shaw [Wed, 13 Aug 2003 03:31:36 +0000 (03:31 +0000)]
* packet.h, sig-check.c (signature_check2, do_check, do_check_messages):
Provide a signing-key-is-revoked flag.  Change all callers.

* status.h, status.c (get_status_string): New REVKEYSIG status tag for a
good signature from a revoked key.

* mainproc.c (do_check_sig, check_sig_and_print): Use it here.

* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual
signatures on import rather than using keyid or class matching.  This does
not change actual behavior with a key, but does mean that all sigs are
imported whether they will be used or not.

* parse-packet.c (parse_signature): Don't give "signature packet without
xxxx" warnings for experimental pk algorithms.  An experimental algorithm
may not have a notion of (for example) a keyid (i.e. PGP's x.509 stuff).

15 years agoAbout to release the first 1.9 version. V1-9-0
Werner Koch [Tue, 5 Aug 2003 17:20:18 +0000 (17:20 +0000)]
About to release the first 1.9 version.

15 years agoCleanups, fixes and PC/SC support
Werner Koch [Tue, 5 Aug 2003 17:11:04 +0000 (17:11 +0000)]
Cleanups, fixes and PC/SC support

15 years ago* options.h, g10.c (main), keylist.c (list_keyblock_print), keyedit.c
David Shaw [Sun, 3 Aug 2003 02:37:48 +0000 (02:37 +0000)]
* options.h, g10.c (main), keylist.c (list_keyblock_print), keyedit.c
(print_and_check_one_sig): New "show-sig-expire" list-option to show
signature expiration dates (if any).

15 years agominor changes to make make distcheck happy
Werner Koch [Thu, 31 Jul 2003 15:45:11 +0000 (15:45 +0000)]
minor changes to make make distcheck happy

15 years agoRemove leftover cruft
Werner Koch [Tue, 29 Jul 2003 14:10:02 +0000 (14:10 +0000)]
Remove leftover cruft

15 years ago*** empty log message ***
Werner Koch [Tue, 29 Jul 2003 14:07:28 +0000 (14:07 +0000)]
*** empty log message ***

15 years ago* gpgsm.c (main): Add secmem features and set the random seed file.
Werner Koch [Tue, 29 Jul 2003 08:53:19 +0000 (08:53 +0000)]
* gpgsm.c (main): Add secmem features and set the random seed file.
(gpgsm_exit): Update the random seed file and enable debug output.

* g10.c (main): Add secmem features and set the random seed file.
(g10_exit): Update the random seed file.

* parse-packet.c (parse_signature,read_protected_v3_mpi)
(parse_key): Fixed use of mpi_set_opaque.
* keygen.c (gen_card_key): Ditto.

15 years agoAdjusted for use with current libgcrypt (1.1.42).
Werner Koch [Mon, 28 Jul 2003 08:59:18 +0000 (08:59 +0000)]
Adjusted for use with current libgcrypt (1.1.42).

15 years ago* options.h, g10.c (main, add_keyserver_url): Add
David Shaw [Thu, 24 Jul 2003 19:28:12 +0000 (19:28 +0000)]
* options.h, g10.c (main, add_keyserver_url): Add
--sig-preferred-keyserver to implant a "where to get my key" subpacket
into a signature.

* sign.c (mk_notation_and_policy): Rename to mk_notation_policy_etc and
add preferred keyserver support for signatures.

15 years ago* app-openpgp.c (do_learn_status): Print more status information.
Werner Koch [Thu, 24 Jul 2003 09:06:13 +0000 (09:06 +0000)]
* app-openpgp.c (do_learn_status): Print more status information.
(app_select_openpgp): Store the card version.
(store_fpr): Add argument card_version and fix DOs for old cards.
(app_openpgp_storekey): Likewise.

15 years ago* command.c (cmd_pkauth): New.
Werner Koch [Wed, 23 Jul 2003 07:13:05 +0000 (07:13 +0000)]
* command.c (cmd_pkauth): New.
(cmd_setdata): Check whether data was given at all to avoid
passing 0 to malloc.

* app.c (app_auth): New.
* app-openpgp.c (do_auth): New.

16 years ago* keygen.c (do_add_key_flags): Don't set the certify flag for subkeys.
David Shaw [Mon, 21 Jul 2003 23:19:15 +0000 (23:19 +0000)]
* keygen.c (do_add_key_flags): Don't set the certify flag for subkeys.
(ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal subkeys.
(generate_keypair): Provide key flags for the default DSA/Elgamal keys.

* sig-check.c (signature_check, signature_check2, check_key_signature,
check_key_signature2): Allow passing NULLs for unused parameters in the x2
form of each function to avoid the need for dummy variables. getkey.c,
mainproc.c: Change all callers.

* trustdb.h, trustdb.c (read_trust_options): New.  Returns items from the
trustdb version record.

* keylist.c (public_key_list): Use it here for the new "tru" record.

* gpgv.c (read_trust_options): Stub.

16 years ago* keyedit.c (show_key_with_all_names): Use list-option show-validity in
David Shaw [Sun, 20 Jul 2003 17:09:43 +0000 (17:09 +0000)]
* keyedit.c (show_key_with_all_names): Use list-option show-validity in
--edit-key interface as well.

16 years ago* options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
David Shaw [Sun, 20 Jul 2003 02:09:06 +0000 (02:09 +0000)]
* options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
verify-options "show-validity" and "show-long-keyid" to show trustdb
validity and long keyids during (file) signature verification.

16 years ago* packet.h, main.h, sig-check.c (signature_check2, check_key_signature2,
David Shaw [Sun, 20 Jul 2003 00:10:13 +0000 (00:10 +0000)]
* packet.h, main.h, sig-check.c (signature_check2, check_key_signature2,
do_check): If ret_pk is set, fill in the pk used to verify the signature.
Change all callers in getkey.c, mainproc.c, and sig-check.c.

* keylist.c (list_keyblock_colon): Use the ret_pk from above to put the
fingerprint of the signing key in "sig" records during a --with-colons
--check-sigs.  This requires --no-sig-cache as well since we don't cache

16 years ago* Add sc-copykeys program.
Werner Koch [Wed, 16 Jul 2003 13:47:14 +0000 (13:47 +0000)]
* Add sc-copykeys program.
* sc-copykeys.c: New.
* app-openpgp.c (app_openpgp_storekey): New.
(app_openpgp_cardinfo): New.
(count_bits): New.
(store_fpr): And use it here to get the actual length in bit.

16 years ago* simple-pwquery.c, simple-pwquery.h: New; moved from ../agent.
Werner Koch [Wed, 16 Jul 2003 13:44:43 +0000 (13:44 +0000)]
* simple-pwquery.c, simple-pwquery.h:  New; moved from ../agent.
* (libsimple_pwquery_a_LIBADD): New.

16 years ago* simple-pwquery.c, simple-pwquery.h: Moved to ../common.
Werner Koch [Wed, 16 Jul 2003 13:44:03 +0000 (13:44 +0000)]
* simple-pwquery.c, simple-pwquery.h:  Moved to ../common.
* (gpg_protect_tool_LDADD): Add simple-pwquery.o.
Removed it from xx_SOURCES.

16 years ago* Add --no-permission-warning to avoid spurious warning when
David Shaw [Thu, 10 Jul 2003 15:10:02 +0000 (15:10 +0000)]
* Add --no-permission-warning to avoid spurious warning when
importing demo keys.

16 years ago* Check for sigset_t and struct sigaction.
David Shaw [Thu, 10 Jul 2003 15:03:55 +0000 (15:03 +0000)]
* Check for sigset_t and struct sigaction.
This is for Forte c89 on Solaris which seems to define only the function
call half of the two pairs by default.

16 years ago* parse-packet.c (parse_signature): No need to reserve 8 bytes for the
David Shaw [Thu, 10 Jul 2003 14:30:07 +0000 (14:30 +0000)]
* parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.

* misc.c (pct_expando): Add two new expandos - signer's fingerprint (%g),
and signer's primary fingerprint (%p).

* Include W32LIBS where appropriate.

* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.

* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for "hkp",
since it is occasionally written that way. (keyserver_spawn): Use
ascii_isspace to avoid locale issues.

* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the email
field as well as the name field, and allow mixing fields when it is set.

* options.skel: Use as the default keyserver.

* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.

* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction.  This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.

* signal.c, tdbio.c: Comment out the transaction code.  It was not used in
this version, and was causing some build problems on quasi-posix platforms
(Solaris and Forte c89).

* keylist.c (list_keyblock_colon): Don't include validity values when
listing secret keys since they can be incorrect and/or misleading.  This
is a temporary kludge, and will be handled properly in 1.9/2.0.

* mainproc.c (check_sig_and_print): Only show the "key available from"
preferred keyserver line if the key is not currently present.

* keyedit.c (sign_uids): Do not sign expired uids without --expert (same
behavior as revoked uids).  Do not allow signing a user ID without a
self-signature.  --expert overrides.  Add additional prompt to the
signature level question. (menu_expire): When changing expiration dates,
don't replace selfsigs on revoked uids since this would effectively
unrevoke them. There is also no point in replacing expired selfsigs.
This is bug #181

* g10.c (add_notation_data): Make sure that only ascii is passed to
iscntrl.  Noted by Christian Biere.

* getkey.c (classify_user_id2): Replaced isspace by spacep

* keygen.c (ask_user_id): Ditto. (get_parameter_algo): Ditto.

* keyedit.c (keyedit_menu): Ditto.

* tdbdump.c (import_ownertrust): Ditto.  s/isxdigit/hexdigitp/.

* revoke.c (ask_revocation_reason):

* keyserver.c (keyserver_spawn): Dito.

16 years ago* DETAILS: Document the --attribute-fd data.
David Shaw [Thu, 10 Jul 2003 12:42:49 +0000 (12:42 +0000)]
* DETAILS: Document the --attribute-fd data.

* gpg.sgml: Document --set-notation.  Explain why it is not possible to
disable permission warnings in the gpg.conf file about the homedir.  Add
pointer in --ignore-time-conflict to see --ignore-valid from, and vice
versa.  Warning not to try and parse --list-keys in scripts. Document the
signature flags (1-3/L/R/P/N/X), Document expandos %g and %p.  Note the
default --personal-digest-preferences are "H2".

16 years ago* Use W32LIBS where appropriate.
David Shaw [Thu, 10 Jul 2003 12:32:57 +0000 (12:32 +0000)]
* Use W32LIBS where appropriate.

16 years ago* iobuf.c (check_special_filename): Replaced is isdigit by digitp
David Shaw [Thu, 10 Jul 2003 12:26:42 +0000 (12:26 +0000)]
* iobuf.c (check_special_filename): Replaced is isdigit by digitp
to avoid passing negative values and potential locale problems.
Problem noted by Christian Biere.
* strgutil.c (strlwr,strcasecmp,strncasecmp): Make sure we don't
pass a negative value.
* miscutil.c (scan_isodatestr): Ditto.

16 years ago* types.h: Prefer using uint64_t when creating a 64-bit unsigned type.
David Shaw [Thu, 10 Jul 2003 12:13:53 +0000 (12:13 +0000)]
* types.h: Prefer using uint64_t when creating a 64-bit unsigned type.
This avoids a warning on compilers that support but complain about
unsigned long long.

* util.h (ascii_isspace): New variation on isspace() that is immune from
locale changes.

* util.h: Make sure that only ascii is passed to isfoo functions. (From
Werner on stable branch).

16 years ago* THANKS: Updates from stable.
David Shaw [Thu, 10 Jul 2003 12:06:08 +0000 (12:06 +0000)]
* THANKS: Updates from stable.

* Include wsock32 in W32LIBS.  This is different from
NETLIBS so we don't need to force other platforms to pull in the netlibs
when they aren't actually needed.

* NEWS: Note portability changes.

16 years agoMinor changes to make make dist work correctly.
Werner Koch [Fri, 4 Jul 2003 09:40:19 +0000 (09:40 +0000)]
Minor changes to make make dist work correctly.

16 years ago* app-openpgp.c (do_setattr): Add setting of the URL.
Werner Koch [Thu, 3 Jul 2003 18:10:13 +0000 (18:10 +0000)]
* app-openpgp.c (do_setattr): Add setting of the URL.
(app_select_openpgp): Dump card data only in very verbose mode.
(do_decipher): New.

16 years ago* app-openpgp.c (store_fpr): Fixed fingerprint calculation.
Werner Koch [Tue, 1 Jul 2003 08:34:45 +0000 (08:34 +0000)]
* app-openpgp.c (store_fpr): Fixed fingerprint calculation.

* keygen.c (gen_card_key): Obviously we should use the creation
date received from SCDAEMON, so that the fingerprints will match.
* sign.c (do_sign): Pass the serialno to the sign code.
* keyid.c (serialno_and_fpr_from_sk): New.

16 years agoKey generation and signing using the OpenPGP card does rudimentary work.
Werner Koch [Fri, 27 Jun 2003 20:53:09 +0000 (20:53 +0000)]
Key generation and signing using the OpenPGP card does rudimentary work.

16 years agoFinished the bulk of changes for gnupg 1.9. This included switching
Werner Koch [Wed, 18 Jun 2003 19:56:13 +0000 (19:56 +0000)]
Finished the bulk of changes for gnupg 1.9.  This included switching
to libgcrypt functions, using shared error codes from libgpg-error,
replacing the old functions we used to have in ../util by those in
../jnlib and ../common, renaming the malloc functions and a couple of
types.  Note, that not all changes are listed below becuause they are
too similar and done at far too many places.  As of today the code
builds using the current libgcrypt from CVS but it is very unlikely
that it actually works.

16 years ago* parse-packet.c (parse): Disallow old style partial length for
Werner Koch [Tue, 10 Jun 2003 09:05:38 +0000 (09:05 +0000)]
* parse-packet.c (parse): Disallow old style partial length for
all key material packets to avoid possible corruption of keyrings.

16 years ago* import.c (import_keys_internal): Invalidate the cache so that
Werner Koch [Sun, 8 Jun 2003 21:35:25 +0000 (21:35 +0000)]
* import.c (import_keys_internal): Invalidate the cache so that
the file descriptor gets closed.  Fixes bug reported by Juan
F. Codagnone.

16 years ago* import.c (import_keys_internal): Invalidate the cache so that
Werner Koch [Sun, 8 Jun 2003 21:23:48 +0000 (21:23 +0000)]
* import.c (import_keys_internal): Invalidate the cache so that
the file descriptor gets closed.  Fixes bug reported by Juan
F. Codagnone.

16 years agoA small step for GnuPG but a huge leap for error codes.
Werner Koch [Thu, 5 Jun 2003 07:14:21 +0000 (07:14 +0000)]
A small step for GnuPG but a huge leap for error codes.
(Sorry, it does not build currently - I need to check it in to avoid
duplicate work.)

16 years ago* options.skel: Use new hkp:// as sample keyserver since
David Shaw [Thu, 5 Jun 2003 02:06:12 +0000 (02:06 +0000)]
* options.skel: Use new hkp:// as sample keyserver since
they at least handle subkeys correctly.

* options.h, g10.c (main), main.h, keylist.c (show_keyserver_url),
mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt,
parse_one_sig_subpkt, can_handle_critical): Add read-only support for
preferred keyserver subpackets.  They're basically policy URLs with a
different name.  Add a verify-option "show-preferred-keyserver" to turn
them on and off (on by default, as per stable branch).

* g10.c (main): Add "--set-notation" as alias to "--notation-data" this is
to make things consistent with --set-policy-url meaning both sigs and