15 years ago* card-util.c (card_edit): Require PIN only for generate.
Werner Koch [Wed, 28 Apr 2004 11:55:46 +0000 (11:55 +0000)]
* card-util.c (card_edit): Require PIN only for generate.

* app-openpgp.c (do_setattr): Sync FORCE_CHV1.

15 years ago(keyserver_spawn) [EXEC_TEMPFILE_ONLY]: Removed
Werner Koch [Tue, 27 Apr 2004 10:20:38 +0000 (10:20 +0000)]
(keyserver_spawn) [EXEC_TEMPFILE_ONLY]: Removed
setting use_temp_file because this option has been removed.

15 years agoRenamed prototype parameter name to avoid gcc warnings.
Werner Koch [Tue, 27 Apr 2004 08:24:37 +0000 (08:24 +0000)]
Renamed prototype parameter name to avoid gcc warnings.

15 years ago* DETAILS (NEWSIG): Documented.
Werner Koch [Tue, 27 Apr 2004 08:24:29 +0000 (08:24 +0000)]
* DETAILS (NEWSIG): Documented.

15 years agoA bunch of changes for the openpgp card.
Werner Koch [Tue, 27 Apr 2004 08:23:45 +0000 (08:23 +0000)]
A bunch of changes for the openpgp card.

15 years ago* getkey.c (get_seckey_byname2): Significantly simplify this function by
David Shaw [Mon, 26 Apr 2004 01:20:03 +0000 (01:20 +0000)]
* getkey.c (get_seckey_byname2): Significantly simplify this function by
using key_byname to do the heavy lifting.  Note that this also fixes an
old problem when the first key on the secret keyring has an unusable stub
primary, but is still chosen.

15 years ago* getkey.c (key_byname): If namelist is NULL, return the first key in the
David Shaw [Mon, 26 Apr 2004 00:36:01 +0000 (00:36 +0000)]
* getkey.c (key_byname): If namelist is NULL, return the first key in the

15 years ago* keygen.c (make_backsig): If DO_BACKSIGS is not defined, do not create
David Shaw [Fri, 23 Apr 2004 03:25:58 +0000 (03:25 +0000)]
* keygen.c (make_backsig): If DO_BACKSIGS is not defined, do not create

* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid.  If DO_BACKSIGS is not defined, fake this as
always valid.

* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.

* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.

15 years ago* parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
David Shaw [Thu, 22 Apr 2004 00:54:30 +0000 (00:54 +0000)]
* parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
can_handle_critical): Parse and display 0x19 signatures.

15 years ago* keyserver.c (parse_keyserver_uri): Do not accept "http" as an alias for
David Shaw [Tue, 20 Apr 2004 20:17:38 +0000 (20:17 +0000)]
* keyserver.c (parse_keyserver_uri): Do not accept "http" as an alias for
"hkp".  They are not the same thing.

15 years ago* options.h, g10.c (main): Add keyserver-option honor-keyserver-url.
David Shaw [Mon, 19 Apr 2004 16:02:11 +0000 (16:02 +0000)]
* options.h, g10.c (main): Add keyserver-option honor-keyserver-url.
parse_keyserver_options now returns a success code.

* keyserver.c (parse_keyserver_options): Return error on failure to parse.
Currently there is no way to fail as any unrecognized options get saved to
be sent to the keyserver plugins later. Check length of keyserver option
tokens since with =arguments we must only match the prefix.
(free_keyserver_spec): Moved code from parse_keyserver_url.
(keyserver_work, keyserver_spawn): Pass in a struct keyserver_spec rather
than using the global keyserver option. (calculate_keyid_fpr): New.
Fills in a KEYDB_SEARCH_DESC for a key. (keyidlist): New implementation
using get_pubkey_bynames rather than searching the keydb directly.  If
honor-keyserver-url is set, make up a keyserver_spec and try and fetch
that key directly.  Do not include it in the returned keyidlist in that

15 years ago2004-04-02 Thomas Schwinge <>
Marcus Brinkmann [Mon, 19 Apr 2004 14:17:30 +0000 (14:17 +0000)]
2004-04-02  Thomas Schwinge  <>


15 years ago* plaintext.c (handle_plaintext): Accept 'u' as a plaintext mode that
David Shaw [Fri, 16 Apr 2004 16:31:19 +0000 (16:31 +0000)]
* plaintext.c (handle_plaintext): Accept 'u' as a plaintext mode that
requires end of line conversion.  This is being considered for a UTF8 text
packet.  If this doesn't take place, no major harm done.  If it does take
place, we'll get a jump on starting the changeover.

* g10.c (main): --no-use-embedded-filename.

* build-packet.c (calc_plaintext, do_plaintext): Do not create illegal
(packet header indicates a size larger than the actual packet) encrypted
data packets when not compressing and using a filename longer than 255

* keyedit.c (no_primary_warning): Cleanup. (menu_expire): Don't give
primary warning for subkey expiration changes.  These cannot reorder

15 years ago* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, do_generate_keypair,
David Shaw [Fri, 16 Apr 2004 16:07:07 +0000 (16:07 +0000)]
* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, do_generate_keypair,
generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey.  Do not overload the ret_sk.  This is some early cleanup
to do backsigs for signing subkeys.

* keygen.c (write_keybinding, do_generate_keypair, generate_subkeypair):
Keep track of the unprotected subkey secret key so we can make a backsig
with it.

* keygen.c (make_backsig): New function to add a backsig to a binding sig
of signing subkeys.  Currently disabled. (write_keybinding): Call it here,
for signing subkeys only.

* sign.c (make_keysig_packet): Allow generating 0x19 signatures (same as
0x18 or 0x28, but used for backsigs).

* packet.h, build-packet.c (build_sig_subpkt): Add new SIGSUBPKT_SIGNATURE
type for embedded signatures.

15 years ago* main.h, misc.c (optsep, argsplit, optlen, parse_options): Simplify code
David Shaw [Fri, 16 Apr 2004 15:19:35 +0000 (15:19 +0000)]
* main.h, misc.c (optsep, argsplit, optlen, parse_options): Simplify code
and properly handle a partial match against an option with an argument.

* keyserver-internal.h, keyserver.c (parse_keyserver_options): Use new
optsep and argsplit functions.

15 years ago* main.h, misc.c (argsplit): Refactor argsep into argsplit and argsep so
David Shaw [Fri, 16 Apr 2004 02:57:20 +0000 (02:57 +0000)]
* main.h, misc.c (argsplit): Refactor argsep into argsplit and argsep so
they can be called separately.

15 years ago* options.h, keyserver.c (parse_keyserver_options): Remove duplicate code
David Shaw [Thu, 15 Apr 2004 18:16:17 +0000 (18:16 +0000)]
* options.h, keyserver.c (parse_keyserver_options): Remove duplicate code
from parse_keyserver_options by calling the generic parse_options.

* keyserver.c (keyserver_spawn, keyserver_refresh), g10.c (main), gpgv.c
(main), mainproc.c (check_sig_and_print), import.c (revocation_present):
Change all callers.

15 years ago* packet.h, getkey.c (fixup_uidnode, merge_selfsigs_subkey): Keep track of
David Shaw [Thu, 15 Apr 2004 00:30:05 +0000 (00:30 +0000)]
* packet.h, getkey.c (fixup_uidnode, merge_selfsigs_subkey): Keep track of
which self-sig we actually chose.

* keyedit.c (menu_expire, menu_set_primary_uid, menu_set_preferences): Use
it here to avoid updating non-used self-sigs and possibly promoting an old
self-sig into consideration again.

15 years ago* options.h, import.c, keyserver-internal.h, g10.c, mainproc.c,
David Shaw [Wed, 14 Apr 2004 21:33:45 +0000 (21:33 +0000)]
* options.h, import.c, keyserver-internal.h, g10.c, mainproc.c,
keyserver.c (parse_keyserver_uri): Parse keyserver URI into a structure.
Cleanup for new "guess my keyserver" functionality, as well as refreshing
via a preferred keyserver subpacket.

15 years ago* options.h: Encapsulate keyserver details. Change all callers.
David Shaw [Wed, 14 Apr 2004 17:56:23 +0000 (17:56 +0000)]
* options.h: Encapsulate keyserver details.  Change all callers.

15 years ago* gpg.sgml: Document delsig. Clarify that --refresh-keys arguments are
David Shaw [Sat, 10 Apr 2004 02:40:53 +0000 (02:40 +0000)]
* gpg.sgml: Document delsig.  Clarify that --refresh-keys arguments are
optional.  Document --bzip2-decompress-lowmem.

15 years ago* keyedit.c (keyedit_menu): Request a trustdb update when adding a new
David Shaw [Sun, 28 Mar 2004 05:33:00 +0000 (05:33 +0000)]
* keyedit.c (keyedit_menu): Request a trustdb update when adding a new
user ID so the new ID gets validity set.  Reported by Owen Taylor.

15 years ago* options.h, g10.c (main), compress-bz2.c (init_uncompress): Rename
David Shaw [Thu, 25 Mar 2004 22:43:51 +0000 (22:43 +0000)]
* options.h, g10.c (main), compress-bz2.c (init_uncompress): Rename
--bzip2-compress-lowmem to --bzip2-decompress-lowmem since it applies to
decompression, not compression.

15 years ago* keyedit.c (sign_uids, show_key_and_fingerprint, ask_revoke_sig,
David Shaw [Wed, 24 Mar 2004 17:34:57 +0000 (17:34 +0000)]
* keyedit.c (sign_uids, show_key_and_fingerprint, ask_revoke_sig,
menu_revsig, menu_showphoto): --keyid-format conversion.
(menu_addrevoker): Use print_pubkey_info() rather than duplicating code.

15 years ago* trustdb.c (update_min_ownertrust, validate_keys): Do not use keystr
David Shaw [Fri, 19 Mar 2004 23:15:27 +0000 (23:15 +0000)]
* trustdb.c (update_min_ownertrust, validate_keys): Do not use keystr
functions in log_debug.

* import.c (import_one): Try and collapse user IDs when importing a key
for the first time.

* keyedit.c (menu_addrevoker): Allow appointing a subkey as a designated
revoker if the user forces it via keyid!, so long as the subkey can
certify.  Also use the proper date string when prompting for confirmation.

* g10.c (main): Maintain ordering of multiple Comment lines. Requested by
Peter Hyman.

15 years ago* mainproc.c (proc_pubkey_enc, print_pkenc_list, list_node):
David Shaw [Thu, 18 Mar 2004 02:56:41 +0000 (02:56 +0000)]
* mainproc.c (proc_pubkey_enc, print_pkenc_list, list_node):
--keyid-format conversion.

15 years ago* getkey.c (skip_unusable, merge_selfsigs_main,
David Shaw [Tue, 16 Mar 2004 22:47:45 +0000 (22:47 +0000)]
* getkey.c (skip_unusable, merge_selfsigs_main,
premerge_public_with_secret, lookup, get_user_id_string): --keyid-format

15 years ago* trustdb.c (add_utk, verify_own_keys, update_min_ownertrust,
David Shaw [Mon, 15 Mar 2004 23:15:57 +0000 (23:15 +0000)]
* trustdb.c (add_utk, verify_own_keys, update_min_ownertrust,
get_validity, ask_ownertrust, validate_keys): --keyid-format conversion.

15 years ago* import.c (check_prefs_warning, check_prefs): --keyid-format conversion
David Shaw [Mon, 15 Mar 2004 20:00:42 +0000 (20:00 +0000)]
* import.c (check_prefs_warning, check_prefs): --keyid-format conversion
and a little better text. (import_one, import_secret_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, merge_blocks): Still
more --keyid-format conversions.

15 years ago* keylist.c (print_seckey_info, print_pubkey_info): --keyid-format
David Shaw [Sat, 6 Mar 2004 20:45:44 +0000 (20:45 +0000)]
* keylist.c (print_seckey_info, print_pubkey_info): --keyid-format
conversion. (list_keyblock_print): 0xshort should not push us into the new
list format since it is not much longer than regular 8-character short

15 years ago* keydb.h, keyid.c (keystr_from_pk, keystr_from_sk): New functions to pull
David Shaw [Sat, 6 Mar 2004 17:12:44 +0000 (17:12 +0000)]
* keydb.h, keyid.c (keystr_from_pk, keystr_from_sk): New functions to pull
a key string from a key in one step.  This isn't faster than before, but
makes for neater code.

* keylist.c (list_keyblock_print): Use keystr_from_xx here.
(print_key_data): No need to pass a keyid in.

15 years ago* keyid.c (keyid_from_sk): Minor performance boost by caching secret key
David Shaw [Sat, 6 Mar 2004 04:08:06 +0000 (04:08 +0000)]
* keyid.c (keyid_from_sk): Minor performance boost by caching secret key
keyids so we don't have to calculate them each time.

15 years ago* getkey.c (merge_selfsigs_subkey): Do not mark subkeys valid if we do not
David Shaw [Fri, 5 Mar 2004 13:34:56 +0000 (13:34 +0000)]
* getkey.c (merge_selfsigs_subkey): Do not mark subkeys valid if we do not
support their pk algorithm.  This allows for early (during get_*)
rejection of a subkey, and selection of another.

* passphrase.c (passphrase_to_dek): Give a little more information when we
have room to do so.

15 years ago* revoke.c (export_minimal_pk), export.c (do_export_stream), passphrase.c
David Shaw [Fri, 5 Mar 2004 00:01:25 +0000 (00:01 +0000)]
* revoke.c (export_minimal_pk), export.c (do_export_stream), passphrase.c
(passphrase_to_dek), keyserver.c (print_keyrec): A few more places to use

* options.h, g10.c (main), export.c (parse_export_options,
do_export_stream): Remove --export-all and the "include-non-rfc"
export-option as they are no longer meaningful with the removal of v3
Elgamal keys.

15 years ago* iobuf.c (block_filter): Remove the old gpg indeterminate length mode.
David Shaw [Thu, 4 Mar 2004 20:48:46 +0000 (20:48 +0000)]
* iobuf.c (block_filter): Remove the old gpg indeterminate length mode.
(iobuf_set_block_mode, iobuf_in_block_mode): Removed as superfluous.

15 years ago* iobuf.h: Remove iobuf_set_block_mode() and iobuf_in_block_mode().
David Shaw [Thu, 4 Mar 2004 20:46:56 +0000 (20:46 +0000)]
* iobuf.h: Remove iobuf_set_block_mode() and iobuf_in_block_mode().

15 years ago* armor.c (fake_packet, armor_filter): Use the 2440 partial length
David Shaw [Thu, 4 Mar 2004 20:40:12 +0000 (20:40 +0000)]
* armor.c (fake_packet, armor_filter): Use the 2440 partial length
encoding for the faked plaintext packet.

15 years ago* options.h, g10.c (main), mainproc.c (check_sig_and_print): Remove
David Shaw [Wed, 3 Mar 2004 20:54:03 +0000 (20:54 +0000)]
* options.h, g10.c (main), mainproc.c (check_sig_and_print): Remove
verify-option show-long-keyids and replace with the more general

15 years ago* build-packet.c (write_header2): Remove call to start old gpg partial
David Shaw [Wed, 3 Mar 2004 16:38:34 +0000 (16:38 +0000)]
* build-packet.c (write_header2): Remove call to start old gpg partial
length mode and change all callers. (do_plaintext): Turn off partial
length encoding now that we're done writing the packet. (do_comment,
do_user_id): Try for a headerlen of 2 since that's the smallest and most
likely encoding for these packets.

* parse-packet.c (parse): Remove call to start old gpg partial length

15 years ago* options.h, g10.c (main): Add a more flexible --keyid-format option to
David Shaw [Wed, 3 Mar 2004 05:47:51 +0000 (05:47 +0000)]
* options.h, g10.c (main): Add a more flexible --keyid-format option to
replace the list-option (and eventually verify-option) show-long-keyids.
The format can be short, long, 0xshort, and 0xlong.

* keydb.h, keyid.c (keystr, keystrlen): New functions to generate a
printable keyid.

* keyedit.c (print_and_check_one_sig, show_key_with_all_names), keylist.c
(list_keyblock_print): Use new keystr() function here to print keyids.

15 years ago* packet.h, free-packet.c (free_encrypted, free_plaintext), parse-packet.c
David Shaw [Wed, 3 Mar 2004 00:09:16 +0000 (00:09 +0000)]
* packet.h, free-packet.c (free_encrypted, free_plaintext), parse-packet.c
(copy_packet, skip_packet, skip_rest, read_rest, parse_plaintext,
parse_encrypted, parse_gpg_control): Use a flag to indicate partial or
indeterminate encoding.  This is the first step in some minor surgery to
remove the old gpg partial length encoding.

15 years ago* parse-packet.c (parse): Only data-type packets are allowed to use
David Shaw [Mon, 1 Mar 2004 23:10:35 +0000 (23:10 +0000)]
* parse-packet.c (parse): Only data-type packets are allowed to use
OpenPGP partial length encoding.

15 years ago* iobuf.c (block_filter): Properly handle a partial body stream that ends
David Shaw [Mon, 1 Mar 2004 21:48:32 +0000 (21:48 +0000)]
* iobuf.c (block_filter): Properly handle a partial body stream that ends
with a 5-byte length that happens to be zero.

15 years ago* unsetenv.c: Fixed debugging typo.
David Shaw [Sat, 28 Feb 2004 20:53:08 +0000 (20:53 +0000)]
* unsetenv.c: Fixed debugging typo.

15 years ago* Don't split LDADD across two lines since some make programs
David Shaw [Sat, 28 Feb 2004 20:38:25 +0000 (20:38 +0000)]
* Don't split LDADD across two lines since some make programs
can't handle blank lines after a \ continuation.  Noted by Christoph

15 years agoPost release version number change
Werner Koch [Thu, 26 Feb 2004 18:22:20 +0000 (18:22 +0000)]
Post release version number change

15 years agoPreparing for 1.3.5 V1-3-5
Werner Koch [Thu, 26 Feb 2004 17:18:57 +0000 (17:18 +0000)]
Preparing for 1.3.5

15 years ago* gpg.sgml: Document --ask-cert-level, --max-output, and
David Shaw [Thu, 26 Feb 2004 05:08:18 +0000 (05:08 +0000)]
* gpg.sgml: Document --ask-cert-level, --max-output, and

15 years ago* gpg.sgml: Document keyserver-option http-proxy, import-option
David Shaw [Thu, 26 Feb 2004 05:04:16 +0000 (05:04 +0000)]
* gpg.sgml: Document keyserver-option http-proxy, import-option
merge-only, remove old honor-http-proxy, --merge-only, and
--emulate-md-encode-bug.  Document COLUMNS and LINES.

15 years ago* README: Update copyright.
David Shaw [Thu, 26 Feb 2004 04:40:57 +0000 (04:40 +0000)]
* README: Update copyright.

* NEWS: Note --max-output, --list-config, --min-cert-level, AIX fix, new
http-proxy keyserver-option, new LDAP server code, TLS, LDAPS, and
--show-session-key with --symmetric.

15 years ago* delkey.c (do_delete_key): Allow deleting a public key with a secret
David Shaw [Thu, 26 Feb 2004 02:03:27 +0000 (02:03 +0000)]
* delkey.c (do_delete_key): Allow deleting a public key with a secret
present if --expert is set.

* plaintext.c (handle_plaintext): Make bytecount static so it works with
multiple literal packets inside a message.

* encode.c, helptext.c (keygen.algo, keygen.algo.elg_se), keygen.c
(ask_algo), sig-check.c (do_check_messages), skclist.c (build_sk_list):
Rename "ElGamal" to "Elgamal" as that is the proper spelling nowadays.
Suggested by Jon Callas.

15 years ago* gpgkeys_ldap.c (send_key): List pgpCertID as one of the deleted
David Shaw [Thu, 26 Feb 2004 01:29:26 +0000 (01:29 +0000)]
* gpgkeys_ldap.c (send_key): List pgpCertID as one of the deleted
attributes.  This guarantees that if something goes wrong, we won't be
able to complete the transaction, thus leaving any key already existing on
the server intact.

15 years ago* plaintext.c: Copyright.
David Shaw [Tue, 24 Feb 2004 23:37:18 +0000 (23:37 +0000)]
* plaintext.c: Copyright.

* encode.c (encode_simple): Show cipher with --verbose.

* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level.  If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.

* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.

15 years ago(lock_pool) [_AIX]: Also set errno.
Werner Koch [Tue, 24 Feb 2004 16:06:55 +0000 (16:06 +0000)]
(lock_pool) [_AIX]: Also set errno.

15 years ago* gpgkeys_ldap.c (delete_one_attr): Removed. (make_one_attr): Delete
David Shaw [Tue, 24 Feb 2004 03:57:21 +0000 (03:57 +0000)]
* gpgkeys_ldap.c (delete_one_attr): Removed. (make_one_attr): Delete
functionality added.  Optional deduping functionality added (currently
only used for pgpSignerID). (build_attrs): Translate sig entries into
pgpSignerID.  Properly build the timestamp for pgpKeyCreateTime and

15 years ago* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
David Shaw [Mon, 23 Feb 2004 04:00:51 +0000 (04:00 +0000)]
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
--min-cert-check-level option to specify minimum cert check level.
Defaults to 2 (so 0x11 sigs are ignored).  0x10 sigs cannot be ignored.

15 years ago* gpgkeys_ldap.c (delete_one_attr): New function to replace attributes
David Shaw [Mon, 23 Feb 2004 03:43:45 +0000 (03:43 +0000)]
* gpgkeys_ldap.c (delete_one_attr): New function to replace attributes
with NULL (a "delete" that works even for nonexistant attributes).
(send_key): Use it here to remove attributes so a modify operation starts
with a clean playing field.  Bias sends to modify before add, since (I
suspect) people update their existing keys more often than they make and
send new keys to the server.

15 years ago* plaintext.c (handle_plaintext): Properly handle a --max-output of zero
David Shaw [Sun, 22 Feb 2004 04:16:31 +0000 (04:16 +0000)]
* plaintext.c (handle_plaintext): Properly handle a --max-output of zero
(do not limit output at all).

15 years ago* keyserver.c (keyserver_spawn): Use the full 64-bit keyid in the INFO
David Shaw [Sun, 22 Feb 2004 00:36:34 +0000 (00:36 +0000)]
* keyserver.c (keyserver_spawn): Use the full 64-bit keyid in the INFO
header lines, and include "sig:" records for the benefit of people who
store their keys in LDAP servers.  It makes it easy to do queries for
things like "all keys signed by Isabella".

15 years ago* gpgkeys_ldap.c (epoch2ldaptime): New. Converse of ldap2epochtime.
David Shaw [Sun, 22 Feb 2004 00:08:53 +0000 (00:08 +0000)]
* gpgkeys_ldap.c (epoch2ldaptime): New.  Converse of ldap2epochtime.
(make_one_attr): New. Build a modification list in memory to send to the
LDAP server. (build_attrs): New. Parse INFO lines sent over by gpg.
(free_mod_values): New.  Unwinds a modification list.
(send_key_keyserver): Renamed from old send_key(). (send_key): New
function to send a key to a LDAP server. (main): Use send_key() for real
LDAP servers, send_key_keyserver() otherwise.

15 years ago* util.h: Prototype for hextobyte().
David Shaw [Sat, 21 Feb 2004 22:13:39 +0000 (22:13 +0000)]
* util.h: Prototype for hextobyte().

15 years ago* miscutil.c (hextobyte): Moved here from g10/misc.c so I can use it in
David Shaw [Sat, 21 Feb 2004 22:12:29 +0000 (22:12 +0000)]
* miscutil.c (hextobyte): Moved here from g10/misc.c so I can use it in
the keyserver helpers.

15 years ago* main.h, misc.c (hextobyte): Removed. It's in libutil.a now.
David Shaw [Sat, 21 Feb 2004 22:11:23 +0000 (22:11 +0000)]
* main.h, misc.c (hextobyte): Removed.  It's in libutil.a now.

15 years ago* keyserver.c (keyserver_export): Disallow user strings that aren't key
David Shaw [Fri, 20 Feb 2004 20:18:49 +0000 (20:18 +0000)]
* keyserver.c (keyserver_export): Disallow user strings that aren't key
IDs. (keyserver_import): Clarify error message. (keyserver_spawn):
Properly handle 8 bit characters in user IDs in the info lines during

15 years ago* Check for timegm(). Replacement functions for setenv()
David Shaw [Fri, 20 Feb 2004 15:11:57 +0000 (15:11 +0000)]
* Check for timegm().  Replacement functions for setenv()
and unsetenv().

15 years ago* mkdtemp.c: New (moved from g10/), setenv.c: New, unsetenv.c: New.
David Shaw [Fri, 20 Feb 2004 15:10:36 +0000 (15:10 +0000)]
* mkdtemp.c: New (moved from g10/), setenv.c: New, unsetenv.c: New.

* Include @LIBOBJS@ for replacement functions.

15 years ago* mkdtemp.c: Removed.
David Shaw [Fri, 20 Feb 2004 15:04:56 +0000 (15:04 +0000)]
* mkdtemp.c: Removed.

* We get mkdtemp.c from libutil.a now, so don't link with

* keyserver.c (keyserver_spawn): Pass the scheme to the keyserver helper.

15 years ago* gpgkeys_ldap.c: Replacement prototypes for setenv and unsetenv.
David Shaw [Fri, 20 Feb 2004 14:59:02 +0000 (14:59 +0000)]
* gpgkeys_ldap.c: Replacement prototypes for setenv and unsetenv.
(search_key): Catch a SIZELIMIT_EXCEEDED error and show the user whatever
the server did give us. (find_basekeyspacedn): There is no guarantee that
namingContexts will be readable.

* Link gpgkeys_ldap with libutil.a to get the replacement
functions (and eventually translations, etc).

15 years ago* gpgkeys_ldap.c (ldap2epochtime): LDAP timestamps are UTC, so do not
David Shaw [Thu, 19 Feb 2004 21:32:15 +0000 (21:32 +0000)]
* gpgkeys_ldap.c (ldap2epochtime): LDAP timestamps are UTC, so do not
correct for timezones. (main): Find the basekeyspacedn before we try to
start TLS, so we can give a better error message when a user tries to use
TLS with a LDAP keyserver.

15 years ago* Check for ln -s and add GPGKEYS_LDAP conditional, both for
David Shaw [Thu, 19 Feb 2004 20:10:38 +0000 (20:10 +0000)]
* Check for ln -s and add GPGKEYS_LDAP conditional, both for
making gpgkeys_ldaps symlink to gpgkeys_ldap.

15 years ago* Add automake conditionals to symlink gpgkeys_ldaps to
David Shaw [Thu, 19 Feb 2004 20:09:12 +0000 (20:09 +0000)]
* Add automake conditionals to symlink gpgkeys_ldaps to
gpgkeys_ldap when needed.

* gpgkeys_ldap.c (main): Add support for LDAPS and TLS connections.
These are only useful and usable when talking to real LDAP keyservers.
Add new "tls" option to tune TLS use from off, to try quietly, to try
loudly, or to require TLS.

15 years ago* Simplify the LDAP checking code since OpenLDAP is far more
David Shaw [Thu, 19 Feb 2004 16:34:32 +0000 (16:34 +0000)]
* Simplify the LDAP checking code since OpenLDAP is far more
mature these days and dependencies are cleaner.  Add checks for
ldap_set_option and ldap_start_tls_s.

15 years ago* gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out what
David Shaw [Thu, 19 Feb 2004 15:09:14 +0000 (15:09 +0000)]
* gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out what
kind of LDAP server we're talking to (either real LDAP or the LDAP
keyserver), and return the baseKeySpaceDN to find keys under. (main): Call
it from here, and remove the old code that only handled the LDAP

15 years ago* options.h, g10.c (main), plaintext.c (handle_plaintext): Add
David Shaw [Wed, 18 Feb 2004 23:09:27 +0000 (23:09 +0000)]
* options.h, g10.c (main), plaintext.c (handle_plaintext): Add
--max-output option to help people deal with decompression bombs.

15 years ago* gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that LDAP_OPT_ERROR_NUMBER
David Shaw [Wed, 18 Feb 2004 23:05:47 +0000 (23:05 +0000)]
* gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that LDAP_OPT_ERROR_NUMBER
is defined before we use it.

* Fix VERSION number.

15 years ago* build-packet.c (do_user_id): Do not force a header for attribute packets
David Shaw [Sun, 15 Feb 2004 15:54:02 +0000 (15:54 +0000)]
* build-packet.c (do_user_id): Do not force a header for attribute packets
as they require a new CTB, and we don't support forced headers for new
CTBs yet.

15 years ago* build-packet.c (write_header2): If a suggested header length is provided
David Shaw [Sun, 15 Feb 2004 00:04:32 +0000 (00:04 +0000)]
* build-packet.c (write_header2): If a suggested header length is provided
along with a zero length, interpret this as an actual zero length packet
and not as an indeterminate length packet. (do_comment, do_user_id): Use
it here as these packets might be naturally zero length.

* parse-packet.c (parse): Show packet type when failing due to an
indeterminate length packet.

* misc.c (parse_options): Only provide args for the true (i.e. not
"no-xxx") form of options.

15 years ago* keyserver.c (argsep): Move to misc.c.
David Shaw [Sat, 14 Feb 2004 05:03:45 +0000 (05:03 +0000)]
* keyserver.c (argsep): Move to misc.c.

* main.h, misc.c (parse_options), export.c (parse_export_options),
import.c (parse_import_options), g10.c (main): Use it here to allow for
options with optional arguments.  Change all callers.

15 years ago* import.c (check_prefs): Some language fixes. (sec_to_pub_keyblock,
David Shaw [Sat, 14 Feb 2004 01:54:12 +0000 (01:54 +0000)]
* import.c (check_prefs): Some language fixes. (sec_to_pub_keyblock,
import_secret_one): Without knowing the number of MPIs there are, we
cannot try and sk-to-pk-ize a key.

15 years ago* gnupg.7: Clarify that 'gpgv' doesn't encrypt, and that's not a bug.
David Shaw [Thu, 12 Feb 2004 20:46:18 +0000 (20:46 +0000)]
* gnupg.7: Clarify that 'gpgv' doesn't encrypt, and that's not a bug.

* samplekeys.asc: Update 99242560.

* gpg.sgml: Clarify -u/--local-user and --default-key.  Note what happens
if you run 'gpg' without any commands.  Document --multifile.  Document
list-option show-unusable-subkeys.

15 years ago* import.c (check_prefs): New function to check preferences on a public
David Shaw [Thu, 12 Feb 2004 19:18:27 +0000 (19:18 +0000)]
* import.c (check_prefs): New function to check preferences on a public
key to ensure that it does not advertise any that we cannot fulfill.  Use
the keyedit command list function to optionally rewrite the prefs.
(import_one, import_secret_one): Use it here when importing a public key
that we have the secret half of, or when importing a secret key that we
have the public half of.

15 years ago* main.h, keyedit.c (keyedit_menu): Remove sign_mode and enhance the more
David Shaw [Thu, 12 Feb 2004 18:32:09 +0000 (18:32 +0000)]
* main.h, keyedit.c (keyedit_menu): Remove sign_mode and enhance the more
general command list functionality to replace it.

* g10.c (main): Use the general command functionality to implement
--sign-key, --lsign-key, --nrsign-key, and --nrlsign-key.

15 years ago* import.c (import_one): Do the revocation check even in the case when a
David Shaw [Thu, 12 Feb 2004 16:31:07 +0000 (16:31 +0000)]
* import.c (import_one): Do the revocation check even in the case when a
key, a revocation key set in a direct key signature, and a revocation from
that revocation key, all arrive piecemeal. Needless to say, this is pretty

15 years ago* options.h, g10.c (main), keylist.c (list_keyblock_print): Add
David Shaw [Wed, 11 Feb 2004 13:46:23 +0000 (13:46 +0000)]
* options.h, g10.c (main), keylist.c (list_keyblock_print): Add
"show-unusable-subkeys" list-option to show revoked and/or expired

15 years ago* keyedit.c (keyedit_menu): Prompt for subkey removal for both secret and
David Shaw [Wed, 11 Feb 2004 04:32:52 +0000 (04:32 +0000)]
* keyedit.c (keyedit_menu): Prompt for subkey removal for both secret and
public subkeys.

* keylist.c (list_keyblock_print), keyedit.c (show_key_with_all_names):
Show the revocation date of a key/subkey, and general formatting work.

* packet.h, getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
merge_selfsigs): Keep track of the revocation date of a key.

* keydb.h, keyid.c (revokestr_from_pk): New function to print the
revocation date of a key.

15 years ago* keygen.c (keygen_set_std_prefs): Build the default preferences list at
David Shaw [Tue, 10 Feb 2004 22:42:34 +0000 (22:42 +0000)]
* keygen.c (keygen_set_std_prefs): Build the default preferences list at
runtime as it properly handles algorithms disabled at build or run time.

* getkey.c (merge_selfsigs_main): Properly handle expired user IDs when
the expired self-sig is not the only self-sig.

* misc.c (compress_algo_to_string): Return NULL on failure like all of the
other xxxx_algo_to_string() functions.

* mainproc.c (list_node): Minor spacing tweak to match --list-keys output.

* keylist.c (list_keyblock_print), mainproc.c (list_node): Mark revoked
subkeys as revoked.  Requested by Matthew Wilcox.  Revoked overrides
expiration when both apply.

* keyedit.c (show_prefs): Use compress algo constants.
(show_basic_key_info): Make revoked and expired tags translatable.

* g10.c (rm_group): Properly ungroup from a list of groups.

15 years ago* clearsig.test, sigs.test: Properly detect RSA being missing, and use the
David Shaw [Mon, 9 Feb 2004 19:44:36 +0000 (19:44 +0000)]
* clearsig.test, sigs.test: Properly detect RSA being missing, and use the
proper key for doing an RSA test.

15 years ago* DETAILS: Details for --list-config.
David Shaw [Fri, 30 Jan 2004 19:03:22 +0000 (19:03 +0000)]
* DETAILS: Details for --list-config.

* gpg.sgml: Document --ungroup and --list-config.

15 years ago* g10.c (main, rm_group): Add --ungroup command to remove a particular
David Shaw [Fri, 30 Jan 2004 16:49:28 +0000 (16:49 +0000)]
* g10.c (main, rm_group): Add --ungroup command to remove a particular
group. (add_group): When adding a group with the same name as an already
existing group, merge the two groups. (list_config): Show an error message
when listing a config item that doesn't exist. (main): Replace -z0 trick
for no compression.

* packet.h, keyedit.c (show_key_with_all_names_colon), keylist.c
(list_keyblock_colon), mainproc.c (list_node, proc_tree): Minor cleanup to
remove local_id, which is no longer used.

15 years ago* getkey.c: Set MAX_PK_CACHE_ENTRIES and MAX_UID_CACHE_ENTRIES to
David Shaw [Wed, 28 Jan 2004 01:04:30 +0000 (01:04 +0000)]
PK_UID_CACHE_SIZE (set in ./configure).

* getkey.c (get_pubkey): When reading key data into the cache, properly
handle keys that are partially (pk, no UIDs) cached already.  This is
Debian bug #176425 and #229549.

* compress.c (init_compress, push_compress_filter2): Do the right thing
(i.e. nothing) with compress algo 0.

* main.h, decrypt.c (decrypt_messages): Accept filenames to decrypt on
stdin.  This is bug #253.

15 years ago* NEWS: Note --enable-key-cache, the OpenBSD/i386 and HPPA fixes, and
David Shaw [Wed, 28 Jan 2004 01:00:53 +0000 (01:00 +0000)]
* NEWS: Note --enable-key-cache, the OpenBSD/i386 and HPPA fixes, and
Elgamal removal.

* README, Add --enable-key-cache=SIZE configure option.
This sets the key/uid cache size.  Default is 4096.

15 years ago* mainproc.c (list_node): Show sigs with --verbose.
David Shaw [Sat, 24 Jan 2004 00:47:45 +0000 (00:47 +0000)]
* mainproc.c (list_node): Show sigs with --verbose.

* options.h, g10.c (set_screen_dimensions): New function to look at

* keyserver.c (parse_keyrec, keyserver_search_prompt), keyedit.c
(print_and_check_one_sig): Use new screen dimension variables.

15 years ago* g10.c (list_config): New function to dump config options to stdout.
David Shaw [Thu, 22 Jan 2004 03:47:05 +0000 (03:47 +0000)]
* g10.c (list_config): New function to dump config options to stdout.
Currently requires --with-colons. (collapse_args): New function to turn
argc/argv into a single string. (main): Use it here to pass list_config()
more than one argument as a single string. (print_algo_numbers): Helper to
print algorithm number for --list-config "pubkey", "cipher",
"hash"/"digest", and "compress" config options.

15 years ago* packet.h, getkey.c (merge_selfsigs, merge_selfsigs_main), pkclist.c
David Shaw [Thu, 22 Jan 2004 01:08:58 +0000 (01:08 +0000)]
* packet.h, getkey.c (merge_selfsigs, merge_selfsigs_main), pkclist.c
(check_signatures_trust): Indicate who has revoked a key (the owner or a
designated revoker).  If a key was revoked by both, prefer the owner.

15 years ago* keyedit.c (print_and_check_one_sig, keyedit_menu): Use the COLUMNS
David Shaw [Wed, 21 Jan 2004 21:25:43 +0000 (21:25 +0000)]
* keyedit.c (print_and_check_one_sig, keyedit_menu): Use the COLUMNS
environment variable (if any) to hint how wide the terminal is.  Disabled
on _WIN32.  Suggested by Janusz A. Urbanowicz.

15 years ago* keylist.c (set_attrib_fd): Open attribute fd in binary mode. This isn't
David Shaw [Wed, 21 Jan 2004 04:35:32 +0000 (04:35 +0000)]
* keylist.c (set_attrib_fd): Open attribute fd in binary mode. This isn't
meaningful on POSIX systems, but the Mingw builds aren't exactly POSIX.

15 years agohppa1.1/udiv-qrnnd.S: Alignment fix from Lamont Jones for Debian.
David Shaw [Wed, 21 Jan 2004 04:26:35 +0000 (04:26 +0000)]
hppa1.1/udiv-qrnnd.S: Alignment fix from Lamont Jones for Debian.

15 years ago* trustdb.c (reset_trust_records): New, faster, implementation that
David Shaw [Wed, 21 Jan 2004 03:19:13 +0000 (03:19 +0000)]
* trustdb.c (reset_trust_records): New, faster, implementation that
doesn't involve a keyring scan. (clear_validity): Removed.

15 years ago* g10.c (main), keydb.h, keydb.c (keydb_rebuild_caches), keyring.h,
David Shaw [Tue, 20 Jan 2004 16:09:38 +0000 (16:09 +0000)]
* g10.c (main), keydb.h, keydb.c (keydb_rebuild_caches), keyring.h,
keyring.c (keyring_rebuild_cache): Add "noisy" flag so cache rebuilds can
remain noisy when called for itself, and quiet when called as part of the
trustdb rebuild.

* trustdb.c (validate_keys): Rebuild the sig caches before building the
trustdb.  Note that this is going to require some architectual
re-thinking, as it is agonizingly slow.

15 years ago* sig-check.c (check_key_signature2): Comments.
David Shaw [Mon, 19 Jan 2004 22:46:55 +0000 (22:46 +0000)]
* sig-check.c (check_key_signature2): Comments.

* keyring.c (keyring_rebuild_cache): Clear sig cache for any signatures
that we can no longer process (say, if the user removed support for a
necessary pubkey or digest algorithm).