diff options
| author | Werner Koch <wk@gnupg.org> | 1998-04-02 12:30:03 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 1998-04-02 12:30:03 +0200 |
| commit | 303b1084d51dd1f9d3e614497f180a66744f5185 (patch) | |
| tree | 3e482ba03967ff3f324184e19ecc91016ce4b939 | |
| parent | some cleanups (diff) | |
| download | gnupg2-303b1084d51dd1f9d3e614497f180a66744f5185.tar.xz gnupg2-303b1084d51dd1f9d3e614497f180a66744f5185.zip | |
release 0.2.14
42 files changed, 822 insertions, 516 deletions
@@ -1,3 +1,19 @@ +Noteworthy changes in version 0.2.14 +------------------------------------ + + * Changed the internal handling of keyrings. + + * Add support to list PGP 5 keyrings with supkeys + + * Timestamps of signatures are now verified. + + * A expiration time can now be specified during key generation. + + * Some speedups for Blowfish and SHA-1, rewrote SHA-1 transform. + Reduced the amount of random bytes needed for key generation in + some cases. + + Noteworthy changes in version 0.2.13 ------------------------------------ @@ -7,6 +7,7 @@ exempt of errors. Anand Kumria wildfire@progsoc.uts.edu.au Daniel Eisenbud eisenbud@cs.swarthmore.edu Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de +Ed Boraas ecxjo@esperanto.org Ernst Molitor ernst.molitor@uni-bonn.de Hendrik Buschkamp buschkamp@rheumanet.org James Troup J.J.Troup@scm.brad.ac.uk @@ -23,6 +24,7 @@ Walter Koch walterk@ddorf.rhein-ruhr.de Werner Koch werner.koch@guug.de Wim Vandeputte bunbun@reptile.rug.ac.be + Thanks to the German Unix User Group for providing FTP space and Martin Hamilton for hosting the mailing list. @@ -2,7 +2,7 @@ * improve iobuf by reading more than one byte at once, this shoud espceially done for the buffer in the chain. Change the buffering to a mbuf like scheme? Need it for PSST anyway. - * add a way to difference between errors and eof in the underflow/flush + * add a way to distinguish between errors and eof in the underflow/flush function of iobuf. * add checking of armor trailers * remove all "Fixmes" @@ -38,7 +38,14 @@ * remove key management stuff from sign.c. - * add fingerprint/keyid hashing. We need a new filed in PKC to + * add fingerprint/keyid hashing. We need a new field in PKC to flag that we may have a cached signature for this (and use the address of PKC to lookup the hash). + * change the misleading usage of public key certificate to public key data + or something like this. + + * seckey_cert.c: merge all the check funtions into one. + + * fix the problems with "\v" in gettext + @@ -1 +1 @@ -0.2.13a +0.2.14 diff --git a/checks/Makefile.am b/checks/Makefile.am index 99dea2842..964725383 100644 --- a/checks/Makefile.am +++ b/checks/Makefile.am @@ -8,7 +8,8 @@ TESTS = version.test decrypt.test clearsig.test armsigs.test \ TEST_FILES = pubring.asc secring.asc gnupg.asc plain-1 plain-2 plain-3o.asc \ - plain-1.asc plain-2.asc plain-3.asc + plain-1.asc plain-2.asc plain-3.asc \ + pubring.pkr.asc secring.skr.asc DATA_FILES = data-500 data-9000 data-32000 data-80000 diff --git a/cipher/ChangeLog b/cipher/ChangeLog index fbd7bed8c..3d2bf7cad 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,7 @@ +Wed Apr 1 16:38:27 1998 Werner Koch (wk@isil.d.shuttle.de) + + * elgamla.c (elg_generate): Faster generation of x in some cases. + Thu Mar 19 13:54:48 1998 Werner Koch (wk@isil.d.shuttle.de) * blowfish.c (blowfish_decode_cfb): changed XOR operation diff --git a/cipher/Makefile.am b/cipher/Makefile.am index c0b3c8a5b..926d084bd 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl EXTRA_DIST = @CIPHER_EXTRA_DIST@ noinst_LIBRARIES = libcipher.a diff --git a/cipher/Makefile.in b/cipher/Makefile.in index 579d4a355..981fd9957 100644 --- a/cipher/Makefile.in +++ b/cipher/Makefile.in @@ -92,7 +92,7 @@ VERSION = @VERSION@ ZLIBS = @ZLIBS@ l = @l@ -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl EXTRA_DIST = @CIPHER_EXTRA_DIST@ noinst_LIBRARIES = libcipher.a diff --git a/cipher/elgamal.c b/cipher/elgamal.c index b211d7f6c..c13181d90 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -126,6 +126,7 @@ elg_generate( ELG_public_key *pk, ELG_secret_key *sk, MPI y; MPI temp; unsigned qbits; + byte *rndbuf; p_min1 = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); temp = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); @@ -145,22 +146,33 @@ elg_generate( ELG_public_key *pk, ELG_secret_key *sk, /* select a random number which has these properties: * 0 < x < p-1 * This must be a very good random number because this is the - * secret part. The prime is public and may be shared anyware, - * so a random generator level of 1 has been used for the prime + * secret part. The prime is public and may be shared anyway, + * so a random generator level of 1 is used for the prime. */ x = mpi_alloc_secure( nbits/BITS_PER_MPI_LIMB ); if( DBG_CIPHER ) log_debug("choosing a random x "); + rndbuf = NULL; do { - byte *rndbuf; if( DBG_CIPHER ) fputc('.', stderr); - rndbuf = get_random_bits( nbits, 2, 1 ); + if( rndbuf ) { /* change only some of the higher bits */ + if( nbits < 16 ) {/* should never happen ... */ + m_free(rndbuf); + rndbuf = get_random_bits( nbits, 2, 1 ); + } + else { + char *r = get_random_bits( 16, 2, 1 ); + memcpy(rndbuf, r, 16 ); + m_free(r); + } + } + else + rndbuf = get_random_bits( nbits, 2, 1 ); mpi_set_buffer( x, rndbuf, (nbits+7)/8, 0 ); - m_free(rndbuf); mpi_clear_highbit( x, nbits+1 ); - log_mpidump(" x: ", x ); } while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) ); + m_free(rndbuf); y = mpi_alloc(nbits/BITS_PER_MPI_LIMB); mpi_powm( y, g, x, p ); diff --git a/configure.in b/configure.in index ba738cfcc..e9bcc9874 100644 --- a/configure.in +++ b/configure.in @@ -99,9 +99,6 @@ dnl Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS(unistd.h) -G10_LOCALEDIR="$g10_prefix/$DATADIRNAME/locale" -AC_SUBST(G10_LOCALEDIR) -AC_DEFINE_UNQUOTED(G10_LOCALEDIR, "$G10_LOCALEDIR") dnl Checks for typedefs, structures, and compiler characteristics. @@ -210,6 +207,9 @@ AC_SUBST(CIPHER_EXTRA_OBJS) AC_SUBST(CIPHER_EXTRA_DIST) AM_GNU_GETTEXT +G10_LOCALEDIR="$g10_prefix/$DATADIRNAME/locale" +AC_SUBST(G10_LOCALEDIR) +AC_DEFINE_UNQUOTED(G10_LOCALEDIR, "$G10_LOCALEDIR") WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl ) WK_DO_LINK_FILES diff --git a/doc/Makefile.am b/doc/Makefile.am index 0c8690c78..020338b40 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -11,3 +11,23 @@ man_MANS = gpg.1 >$@,$$$$ && mv -f $@,$$$$ $@\ || rm -f $@,$$$$ + + +%.txt : %.sgml + sgml2txt -c latin $* + +%.html : %.sgml + sgml2html -l deutsch -c latin $* + +%.dvi : %.sgml + -rm $*.sgml.tmp + mv $*.sgml $*.sgml.tmp + sed -e '/<!entity/ s/"IGNORE">/"INCLUDE">/' $*.sgml.tmp >$*.sgml + sgml2latex -b -l deutsch -c latin $* ; mv $*.sgml.tmp $*.sgml + +%.ps : %.sgml + -rm $*.sgml.tmp + mv $*.sgml $*.sgml.tmp + sed -e '/<!entity/ s/"IGNORE">/"INCLUDE">/' $*.sgml.tmp >$*.sgml + sgml2latex -b -l deutsch -c latin -o ps $* ; mv $*.sgml.tmp $*.sgml + diff --git a/g10/ChangeLog b/g10/ChangeLog index 66c5b7554..f9f0e3c89 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,24 @@ +Thu Apr 2 10:38:16 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keygen.c (generate_keypair): Add valid_days stuff. + * trustdb.c (check_trust): Add check for valid_days. + +Wed Apr 1 16:15:58 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keygen.c (generate_keypair): Addional question whether the + selected large keysize is really needed. + +Wed Apr 1 15:56:33 1998 Werner Koch (wk@isil.d.shuttle.de) + + * seckey-cert.c (protect_secret_key): merged protect_xxx to here. + +Wed Apr 1 10:34:46 1998 Werner Koch (wk@isil.d.shuttle.de) + + * Makefile.am (g10maint.c): Changed creation rule, so that it works + on FreeBSD (missing CFLAGS). + + * parse-packet.c (parse_subkey): Removed. + Thu Mar 19 15:22:36 1998 Werner Koch (wk@isil.d.shuttle.de) * ringedit.c (keyring_enum): Fixed problem with reading too diff --git a/g10/Makefile.am b/g10/Makefile.am index baf3d62e0..bbdb598a4 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl EXTRA_DIST = OPTIONS pubring.asc OMIT_DEPENDENCIES = zlib.h zconf.h BUILT_SOURCES = g10maint.c @@ -67,7 +67,7 @@ gpgm_SOURCES = g10maint.c \ LDADD = @INTLLIBS@ $(needed_libs) @ZLIBS@ g10maint.c : g10.c - $(CPP) $(DEFS) $(INCLUDES) -DIS_G10MAINT $< > $@ || rm $@ + $(CPP) $(CFLAGS) $(DEFS) $(INCLUDES) -DIS_G10MAINT $< > $@ || rm $@ $(PROGRAMS): $(needed_libs) diff --git a/g10/Makefile.in b/g10/Makefile.in index a88b10eed..9f6ff08eb 100644 --- a/g10/Makefile.in +++ b/g10/Makefile.in @@ -92,7 +92,7 @@ VERSION = @VERSION@ ZLIBS = @ZLIBS@ l = @l@ -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl EXTRA_DIST = OPTIONS pubring.asc OMIT_DEPENDENCIES = zlib.h zconf.h BUILT_SOURCES = g10maint.c @@ -404,7 +404,7 @@ maintainer-clean-generic clean mostlyclean distclean maintainer-clean g10maint.c : g10.c - $(CPP) $(DEFS) $(INCLUDES) -DIS_G10MAINT $< > $@ || rm $@ + $(CPP) $(CFLAGS) $(DEFS) $(INCLUDES) -DIS_G10MAINT $< > $@ || rm $@ $(PROGRAMS): $(needed_libs) diff --git a/g10/armor.c b/g10/armor.c index 848019018..9fd175fbf 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -653,8 +653,6 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, fhdr_state_t state = afx->parse_state; unsigned emplines = afx->empty; - size = 100; /* FIXME: only used for testing (remove it) */ - len = 2; /* reserve 2 bytes for the length header */ size -= 3; /* and 1 for empline handling and 2 for the term header */ while( !rc && len < size ) { diff --git a/g10/build-packet.c b/g10/build-packet.c index 793095e65..85278af1c 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -267,31 +267,31 @@ do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *skc ) mpi_write(a, skc->d.elg.p ); mpi_write(a, skc->d.elg.g ); mpi_write(a, skc->d.elg.y ); - if( skc->d.elg.is_protected ) { + if( skc->is_protected ) { iobuf_put(a, 0xff ); - iobuf_put(a, skc->d.elg.protect.algo ); - iobuf_put(a, skc->d.elg.protect.s2k ); - iobuf_put(a, skc->d.elg.protect.hash ); - if( skc->d.elg.protect.s2k == 1 - || skc->d.elg.protect.s2k == 3 ) - iobuf_write(a, skc->d.elg.protect.salt, 8 ); - if( skc->d.elg.protect.s2k == 3 ) - iobuf_put(a, skc->d.elg.protect.count ); - iobuf_write(a, skc->d.elg.protect.iv, 8 ); + iobuf_put(a, skc->protect.algo ); + iobuf_put(a, skc->protect.s2k ); + iobuf_put(a, skc->protect.hash ); + if( skc->protect.s2k == 1 + || skc->protect.s2k == 3 ) + iobuf_write(a, skc->protect.salt, 8 ); + if( skc->protect.s2k == 3 ) + iobuf_put(a, skc->protect.count ); + iobuf_write(a, skc->protect.iv, 8 ); } else iobuf_put(a, 0 ); mpi_write(a, skc->d.elg.x ); - write_16(a, skc->d.elg.csum ); + write_16(a, skc->csum ); } else if( skc->pubkey_algo == PUBKEY_ALGO_RSA ) { mpi_write(a, skc->d.rsa.rsa_n ); mpi_write(a, skc->d.rsa.rsa_e ); - if( skc->d.rsa.is_protected ) { - assert( skc->d.rsa.protect_algo == CIPHER_ALGO_BLOWFISH ); - iobuf_put(a, skc->d.rsa.protect_algo ); - iobuf_write(a, skc->d.rsa.protect.blowfish.iv, 8 ); + if( skc->is_protected ) { + assert( skc->protect.algo == CIPHER_ALGO_BLOWFISH ); + iobuf_put(a, skc->protect.algo ); + iobuf_write(a, skc->protect.iv, 8 ); } else iobuf_put(a, 0 ); @@ -299,7 +299,7 @@ do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *skc ) mpi_write(a, skc->d.rsa.rsa_p ); mpi_write(a, skc->d.rsa.rsa_q ); mpi_write(a, skc->d.rsa.rsa_u ); - write_16(a, skc->d.rsa.csum ); + write_16(a, skc->csum ); } else { rc = G10ERR_PUBKEY_ALGO; diff --git a/g10/cipher.c b/g10/cipher.c index 47b9aaffe..52da03b58 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -48,7 +48,7 @@ cipher_filter( void *opaque, int control, int rc=0; if( control == IOBUFCTRL_UNDERFLOW ) { /* decrypt */ - rc = -1; /* FIXME:*/ + rc = -1; /* not yet used */ } else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */ assert(a); diff --git a/g10/compress.c b/g10/compress.c index 686332b82..75e24b584 100644 --- a/g10/compress.c +++ b/g10/compress.c @@ -147,7 +147,7 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs, log_debug("inflate returned: avail_in=%u, avail_out=%u, zrc=%d\n", (unsigned)zs->avail_in, (unsigned)zs->avail_out, zrc); if( zrc == Z_STREAM_END ) - rc = -1; /* eof FIXME: return remaining bytes until EOF */ + rc = -1; /* eof */ else if( zrc != Z_OK ) { if( zs->msg ) log_fatal("zlib inflate problem: %s\n", zs->msg ); @@ -635,8 +635,10 @@ main( int argc, char **argv ) /* reading data and passphrase form stdin: * we assume the first line is the passphrase, so * we better should read it now. + * + * We should do it here, but for now it is not needed. + * Anyway, this password scheme is not quite good */ - /* FIXME: doit */ } } diff --git a/g10/getkey.c b/g10/getkey.c index e8d9d15a5..edc5c8355 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -81,8 +81,6 @@ add_keyring( const char *name ) STRLIST sl; int rc; - /* FIXME: check wether this one is available etc */ - /* maybe we should do this later */ if( *name != '/' ) { /* do tilde expansion etc */ char *p ; @@ -101,7 +99,7 @@ add_keyring( const char *name ) sl->next = keyrings; keyrings = sl; - /* FIXME: We should remove much out of this module and + /* fixme: We should remove much out of this module and * combine it with the keyblock stuff from ringedit.c * For now we will simple add the filename as keyblock resource */ @@ -131,8 +129,6 @@ add_secret_keyring( const char *name ) STRLIST sl; int rc; - /* FIXME: check wether this one is available etc */ - /* my be we should do this later */ if( *name != '/' ) { /* do tilde expansion etc */ char *p ; @@ -151,7 +147,7 @@ add_secret_keyring( const char *name ) sl->next = secret_keyrings; secret_keyrings = sl; - /* FIXME: We should remove much out of this mpdule and + /* fixme: We should remove much out of this mpdule and * combine it with the keyblock stuff from ringedit.c * For now we will simple add the filename as keyblock resource */ diff --git a/g10/import.c b/g10/import.c index 3d5cd2a17..8e4a54710 100644 --- a/g10/import.c +++ b/g10/import.c @@ -580,7 +580,7 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid ) * * o compare the signatures: If we already have this signature, check * that they compare okay; if not, issue a warning and ask the user. - * FIXME: add the check, that we don` have duplicate signatures and the + * FIXME: add the check, that we don't have duplicate signatures and the * warning in cases that the old/new signatures don't match. * o Simply add the signature. Can't verify here because we may not have * the signatures public key yet; verification is done when putting it diff --git a/g10/keygen.c b/g10/keygen.c index e8f9382ad..293d70a58 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -34,11 +34,6 @@ #include "keydb.h" #include "i18n.h" -#if 0 - #define TEST_ALGO 1 - #define TEST_NBITS 256 - #define TEST_UID "Karl Test" -#endif #if defined(HAVE_RSA_CIPHER) && 0 #define ENABLE_RSA_KEYGEN 1 @@ -136,7 +131,7 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc ) static int gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, - byte *salt, PKT_secret_cert **ret_skc ) + byte *salt, PKT_secret_cert **ret_skc, u16 valid_days ) { int rc; int i; @@ -152,7 +147,7 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, skc = m_alloc_clear( sizeof *skc ); pkc = m_alloc_clear( sizeof *pkc ); skc->timestamp = pkc->timestamp = make_timestamp(); - skc->valid_days = pkc->valid_days = 0; /* fixme: make it configurable*/ + skc->valid_days = pkc->valid_days = valid_days; skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_ELGAMAL; pkc->d.elg.p = pk.p; pkc->d.elg.g = pk.g; @@ -161,19 +156,19 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, skc->d.elg.g = sk.g; skc->d.elg.y = sk.y; skc->d.elg.x = sk.x; - skc->d.elg.is_protected = 0; - skc->d.elg.protect.algo = 0; + skc->is_protected = 0; + skc->protect.algo = 0; - skc->d.elg.csum = checksum_mpi( skc->d.elg.x ); + skc->csum = checksum_mpi( skc->d.elg.x ); /* return an unprotected version of the skc */ *ret_skc = copy_secret_cert( NULL, skc ); if( dek ) { - skc->d.elg.protect.algo = CIPHER_ALGO_BLOWFISH; - skc->d.elg.protect.s2k = 1; - skc->d.elg.protect.hash = DIGEST_ALGO_RMD160; - memcpy(skc->d.elg.protect.salt, salt, 8); - randomize_buffer(skc->d.elg.protect.iv, 8, 1); + skc->protect.algo = CIPHER_ALGO_BLOWFISH; + skc->protect.s2k = 1; + skc->protect.hash = DIGEST_ALGO_RMD160; + memcpy(skc->protect.salt, salt, 8); + randomize_buffer(skc->protect.iv, 8, 1); rc = protect_secret_key( skc, dek ); if( rc ) { log_error("protect_secret_key failed: %s\n", g10_errstr(rc) ); @@ -206,7 +201,7 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, #ifdef ENABLE_RSA_KEYGEN static int gen_rsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, - byte *salt, PKT_secret_cert **ret_skc ) + byte *salt, PKT_secret_cert **ret_skc, u16 valid_days ) { int rc; PACKET *pkt; @@ -220,7 +215,7 @@ gen_rsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, skc = m_alloc_clear( sizeof *skc ); pkc = m_alloc_clear( sizeof *pkc ); skc->timestamp = pkc->timestamp = make_timestamp(); - skc->valid_days = pkc->valid_days = 0; /* fixme: make it configurable*/ + skc->valid_days = pkc->valid_days = valid_days; skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_RSA; memset(&pkc->mfx, 0, sizeof pkc->mfx); pkc->d.rsa.rsa_n = pk.n; @@ -270,7 +265,7 @@ gen_rsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, static int gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, - byte *salt, PKT_secret_cert **ret_skc ) + byte *salt, PKT_secret_cert **ret_skc, u16 valid_days ) { return G10ERR_GENERAL; } @@ -278,6 +273,34 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, /**************** + * check valid days: + * return 0 on error or the multiplier + */ +static int +check_valid_days( const char *s ) +{ + if( !isdigit(*s) ) + return 0; + for( s++; *s; s++) + if( !isdigit(*s) ) + break; + if( !*s ) + return 1; + if( s[1] ) + return 0; /* e.g. "2323wc" */ + if( *s == 'd' || *s == 'D' ) + return 1; + if( *s == 'w' || *s == 'W' ) + return 7; + if( *s == 'm' || *s == 'M' ) + return 30; + if( *s == 'y' || *s == 'Y' ) + return 365; + return 0; +} + + +/**************** * Generate a keypair */ void @@ -297,8 +320,8 @@ generate_keypair() int algo; const char *algo_name; char *aname, *acomment, *amail; + int valid_days=0; -#ifndef TEST_ALGO if( opt.batch || opt.answer_yes || opt.answer_no ) { log_error(_("Key generation can only be used in interactive mode\n")); return; @@ -310,21 +333,16 @@ generate_keypair() #ifdef ENABLE_RSA_KEYGEN tty_printf(_(" (3) RSA cannot be used in the U.S.\n")); #endif -#endif for(;;) { - #ifdef TEST_ALGO - algo = TEST_ALGO; + #ifdef ENABLE_RSA_KEYGEN + answer = tty_get(_("Your selection? (1,2,3) ")); #else - #ifdef ENABLE_RSA_KEYGEN - answer = tty_get(_("Your selection? (1,2,3) ")); - #else - answer = tty_get(_("Your selection? (1,2) ")); - #endif + answer = tty_get(_("Your selection? (1,2) ")); + #endif tty_kill_prompt(); algo = *answer? atoi(answer): 1; m_free(answer); - #endif if( algo == 1 ) { algo = PUBKEY_ALGO_ELGAMAL; algo_name = "ElGamal"; @@ -333,7 +351,7 @@ generate_keypair() else if( algo == 2 ) { algo = PUBKEY_ALGO_DSA; algo_name = "DSA"; - tty_printf(_("Sorry; DSA is not yet supported.\n")); + tty_printf(_("Sorry; DSA key generation is not yet supported.\n")); } #ifdef ENABLE_RSA_KEYGEN else if( algo == 3 ) { @@ -351,14 +369,10 @@ generate_keypair() " default keysize is 1024 bits\n" " highest suggested keysize is 2048 bits\n"), algo_name ); for(;;) { - #ifdef TEST_NBITS - nbits = TEST_NBITS; - #else answer = tty_get(_("What keysize do you want? (1024) ")); tty_kill_prompt(); nbits = *answer? atoi(answer): 1024; m_free(answer); - #endif if( algo == PUBKEY_ALGO_DSA && (nbits < 512 || nbits > 1024) ) tty_printf(_("DSA does only allow keysizes from 512 to 1024\n")); else if( nbits < 768 ) @@ -377,6 +391,15 @@ generate_keypair() } m_free(answer); } + else if( nbits > 1536 ) { + answer = tty_get(_("Do you really need such a large keysize? ")); + tty_kill_prompt(); + if( answer_is_yes(answer) ) { + m_free(answer); + break; + } + m_free(answer); + } else break; } @@ -390,14 +413,53 @@ generate_keypair() tty_printf(_("rounded up to %u bits\n"), nbits ); } - #ifdef TEST_UID - uid = m_alloc(strlen(TEST_UID)+1); - strcpy(uid, TEST_UID); - #else + tty_printf(_("Please specify how long the key should be valid.\n" + " 0 = key does not expire\n" + " <n> = key expires in n days\n" + " <n>w = key expires in n weeks\n" + " <n>m = key expires in n months\n" + " <n>y = key expires in n years\n")); + answer = NULL; + for(;;) { + int mult; + + m_free(answer); + answer = tty_get(_("Key is valid for? (0) ")); + tty_kill_prompt(); + trim_spaces(answer); + if( !*answer ) + valid_days = 0; + else if( (mult=check_valid_days(answer)) ) { + valid_days = atoi(answer) * mult; + if( valid_days < 0 || valid_days > 32767 ) + valid_days = 0; + } + else { + tty_printf(_("invalid value\n")); + continue; + } + + if( !valid_days ) + tty_printf(_("Key does not expire at all\n")); + else { + tty_printf(_("Key expires at %s\n"), strtimestamp( + add_days_to_timestamp( make_timestamp(), valid_days ))); + } + + m_free(answer); + answer = tty_get(_("Is this correct (y/n)? ")); + tty_kill_prompt(); + if( answer_is_yes(answer) ) + break; + } + m_free(answer); + + + tty_printf( _("\n" "You need a User-ID to identify your key; the software constructs the user id\n" "from Real Name, Comment and Email Address in this form:\n" -" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n\n") ); +" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n\n") ); uid = NULL; aname=acomment=amail=NULL; for(;;) { @@ -469,6 +531,7 @@ generate_keypair() tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid); + /* fixme: add a warning if this the user-id already exists */ for(;;) { answer = tty_get(_("Edit (N)ame, (C)omment, (E)mail or (O)kay? ")); tty_kill_prompt(); @@ -499,7 +562,6 @@ generate_keypair() break; m_free(uid); uid = NULL; } - #endif tty_printf(_("You need a Passphrase to protect your secret key.\n\n") ); @@ -555,13 +617,13 @@ generate_keypair() "number generator a better chance to gain enough entropy.\n") ); if( algo == PUBKEY_ALGO_ELGAMAL ) - rc = gen_elg(nbits, pub_root, sec_root, dek, salt, &skc ); + rc = gen_elg(nbits, pub_root, sec_root, dek, salt, &skc, valid_days ); #ifdef ENABLE_RSA_KEYGEN else if( algo == PUBKEY_ALGO_RSA ) - rc = gen_rsa(nbits, pub_root, sec_root, dek, salt, &skc ); + rc = gen_rsa(nbits, pub_root, sec_root, dek, salt, &skc, valid_days ); #endif else if( algo == PUBKEY_ALGO_DSA ) - rc = gen_dsa(nbits, pub_root, sec_root, dek, salt, &skc ); + rc = gen_dsa(nbits, pub_root, sec_root, dek, salt, &skc, valid_days ); else BUG(); if( !rc ) { @@ -588,7 +650,6 @@ generate_keypair() int rc2 = -1; /* we can now write the certificates */ - /* FIXME: should we check wether the user-id already exists? */ if( get_keyblock_handle( pub_fname, 0, &pub_kbpos ) ) { if( add_keyblock_resource( pub_fname, 1, 0 ) ) { diff --git a/g10/keyid.c b/g10/keyid.c index da426aa2a..9f4ccdfb8 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -115,16 +115,16 @@ elg_fingerprint_md( PKT_public_cert *pkc ) unsigned nb1, nb3, nb4; unsigned n; - nb1 = mpi_get_nbits(pkc->d.dsa.p); - p1 = buf1 = mpi_get_buffer( pkc->d.dsa.p, &n1, NULL ); + nb1 = mpi_get_nbits(pkc->d.elg.p); + p1 = buf1 = mpi_get_buffer( pkc->d.elg.p, &n1, NULL ); for( ; !*p1 && n1; p1++, n1-- ) /* skip leading null bytes */ ; - nb3 = mpi_get_nbits(pkc->d.dsa.g); - p3 = buf3 = mpi_get_buffer( pkc->d.dsa.g, &n3, NULL ); + nb3 = mpi_get_nbits(pkc->d.elg.g); + p3 = buf3 = mpi_get_buffer( pkc->d.elg.g, &n3, NULL ); for( ; !*p3 && n3; p3++, n3-- ) ; - nb4 = mpi_get_nbits(pkc->d.dsa.y); - p4 = buf4 = mpi_get_buffer( pkc->d.dsa.y, &n4, NULL ); + nb4 = mpi_get_nbits(pkc->d.elg.y); + p4 = buf4 = mpi_get_buffer( pkc->d.elg.y, &n4, NULL ); for( ; !*p4 && n4; p4++, n4-- ) ; diff --git a/g10/keylist.c b/g10/keylist.c index 3d209ecf8..ce4d65aa4 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -111,19 +111,20 @@ list_one( const char *name ) /* get the keyid from the keyblock */ node = find_kbnode( keyblock, PKT_PUBLIC_CERT ); if( !node ) { - log_error("Oops; public key not found anymore!\n"); + log_error("Oops; public key lost!\n"); goto leave; } pkc = node->pkt->pkt.public_cert; keyid_from_pkc( pkc, keyid ); if( opt.with_colons ) - printf("pub::%u:%d:%08lX%08lX:%s:::", + printf("pub::%u:%d:%08lX%08lX:%s:%u:::", /* fixme: add trust value here */ nbits_from_pkc( pkc ), pkc->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], - datestr_from_pkc( pkc ) + datestr_from_pkc( pkc ), + (unsigned)pkc->valid_days /* fixme: add LID and ownertrust here */ ); else @@ -136,7 +137,7 @@ list_one( const char *name ) if( node->pkt->pkttype == PKT_USER_ID ) { if( any ) { if( opt.with_colons ) - printf("uid::::::::"); + printf("uid:::::::::"); else printf("uid%*s", 28, ""); } @@ -151,6 +152,34 @@ list_one( const char *name ) any = 1; } } + else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { + u32 keyid2[2]; + PKT_public_cert *pkc2 = node->pkt->pkt.public_cert; + + if( !any ) { + putchar('\n'); + if( opt.fingerprint ) + fingerprint( pkc ); /* of the main key */ + any = 1; + } + + keyid_from_pkc( pkc2, keyid2 ); + if( opt.with_colons ) + printf("sub::%u:%d:%08lX%08lX:%s:%u:::\n", + /* fixme: add trust value here */ + nbits_from_pkc( pkc2 ), + pkc2->pubkey_algo, + (ulong)keyid2[0],(ulong)keyid2[1], + datestr_from_pkc( pkc2 ), + (unsigned)pkc2->valid_days + /* fixme: add LID and ownertrust here */ + ); + else + printf("sub %4u%c/%08lX %s\n", nbits_from_pkc( pkc2 ), + pubkey_letter( pkc2->pubkey_algo ), + (ulong)keyid2[1], + datestr_from_pkc( pkc2 ) ); + } else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = node->pkt->pkt.signature; int sigrc; @@ -169,11 +198,13 @@ list_one( const char *name ) fputs("rev", stdout); else if( (sig->sig_class&~3) == 0x10 ) fputs("sig", stdout); + else if( sig->sig_class == 0x18 ) + fputs("sig", stdout); else { if( opt.with_colons ) - printf("sig:::::::::%02x:\n",sig->sig_class ); + printf("sig::::::::::%02x:\n",sig->sig_class ); else - printf("sig " + printf("sig " "[unexpected signature class 0x%02x]\n",sig->sig_class ); continue; } @@ -195,7 +226,7 @@ list_one( const char *name ) putchar(':'); if( sigrc != ' ' ) putchar(sigrc); - printf(":::%08lX%08lX:%s:::", (ulong)sig->keyid[0], + printf(":::%08lX%08lX:%s::::", (ulong)sig->keyid[0], (ulong)sig->keyid[1], datestr_from_sig(sig)); } else @@ -235,7 +266,7 @@ fingerprint( PKT_public_cert *pkc ) p = array = fingerprint_from_pkc( pkc, &n ); if( opt.with_colons ) { - printf("fpr::::::::"); + printf("fpr:::::::::"); for(i=0; i < n ; i++, p++ ) printf("%02X", *p ); putchar(':'); diff --git a/g10/mainproc.c b/g10/mainproc.c index b5ceecef8..86a1716db 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -93,28 +93,23 @@ add_onepass_sig( CTX c, PACKET *pkt ) } -static int -add_public_cert( CTX c, PACKET *pkt ) -{ - release_list( c ); - c->list = new_kbnode( pkt ); - return 1; -} static int -add_secret_cert( CTX c, PACKET *pkt ) +add_user_id( CTX c, PACKET *pkt ) { - release_list( c ); - c->list = new_kbnode( pkt ); + if( !c->list ) { + log_error("orphaned user id\n" ); + return 0; + } + add_kbnode( c->list, new_kbnode( pkt ) ); return 1; } - static int -add_user_id( CTX c, PACKET *pkt ) +add_subkey( CTX c, PACKET *pkt ) { if( !c->list ) { - log_error("orphaned user id\n" ); + log_error("subkey w/o mainkey\n" ); return 0; } add_kbnode( c->list, new_kbnode( pkt ) ); @@ -309,30 +304,11 @@ do_check_sig( CTX c, KBNODE node ) md = md_open( 0, 0 ); /* signature_check() will enable the md*/ } else if( (sig->sig_class&~3) == 0x10 + || sig->sig_class == 0x18 || sig->sig_class == 0x20 || sig->sig_class == 0x30 ) { /* classes 0x10..0x13,0x20,0x30 */ - if( c->list->pkt->pkttype == PKT_PUBLIC_CERT ) { - #if 0 - KBNODE n1; - - if( sig->sig_class == 0x20 ) { - md = md_open( algo, 0 ); - hash_public_cert( md, c->list->pkt->pkt.public_cert ); - } - else if( (n1=find_prev_kbnode( c->list, node, PKT_USER_ID )) ) { - md = md_open( algo, 0 ); - hash_public_cert( md, c->list->pkt->pkt.public_cert ); - if( sig->sig_class != 0x20 ) - md_write( md, n1->pkt->pkt.user_id->name, - n1->pkt->pkt.user_id->len); - } - else { - log_error("invalid parent packet for sigclass %02x\n", - sig->sig_class); - return G10ERR_SIG_CLASS; - } - #endif - + if( c->list->pkt->pkttype == PKT_PUBLIC_CERT + || c->list->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { return check_key_signature( c->list, node, NULL ); } else { @@ -374,7 +350,7 @@ print_fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc ) p = array = skc? fingerprint_from_skc( skc, &n ) : fingerprint_from_pkc( pkc, &n ); if( opt.with_colons ) { - printf("fpr::::::::"); + printf("fpr:::::::::"); for(i=0; i < n ; i++, p++ ) printf("%02X", *p ); putchar(':'); @@ -409,26 +385,32 @@ static void list_node( CTX c, KBNODE node ) { int any=0; + int mainkey; if( !node ) ; - else if( node->pkt->pkttype == PKT_PUBLIC_CERT ) { + else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_CERT) ) + || node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { PKT_public_cert *pkc = node->pkt->pkt.public_cert; if( opt.with_colons ) { u32 keyid[2]; keyid_from_pkc( pkc, keyid ); - printf("pub::%u:%d:%08lX%08lX:%s:::", + printf("%s::%u:%d:%08lX%08lX:%s:%u:::", + mainkey? "pub":"sub", /* fixme: add trust value here */ nbits_from_pkc( pkc ), pkc->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], - datestr_from_pkc( pkc ) + datestr_from_pkc( pkc ), + (unsigned)pkc->valid_days /* fixme: add LID and ownertrust here */ ); } else - printf("pub %4u%c/%08lX %s ", nbits_from_pkc( pkc ), + printf("%s %4u%c/%08lX %s ", + mainkey? "pub":"sub", + nbits_from_pkc( pkc ), pubkey_letter( pkc->pubkey_algo ), (ulong)keyid_from_pkc( pkc, NULL ), datestr_from_pkc( pkc ) ); @@ -449,7 +431,7 @@ list_node( CTX c, KBNODE node ) if( any ) { if( opt.with_colons ) - printf("uid::::::::"); + printf("uid:::::::::"); else printf( "uid%*s", 28, "" ); } @@ -467,17 +449,29 @@ list_node( CTX c, KBNODE node ) } any=2; } + else if( mainkey && node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { + if( !any ) { + putchar('\n'); + any = 1; + } + list_node(c, node ); + } } - if( any != 2 ) + if( any != 2 && mainkey ) printf("ERROR: no user id!\n"); + else if( any != 2 ) + putchar('\n'); } - else if( node->pkt->pkttype == PKT_SECRET_CERT ) { + else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_CERT) ) + || node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { PKT_secret_cert *skc = node->pkt->pkt.secret_cert; - printf("sec %4u%c/%08lX %s ", nbits_from_skc( skc ), + printf("%s %4u%c/%08lX %s ", + mainkey? "sec":"ssb", + nbits_from_skc( skc ), pubkey_letter( skc->pubkey_algo ), (ulong)keyid_from_skc( skc, NULL ), - datestr_from_skc( skc ) ); + datestr_from_skc( skc ) ); /* and now list all userids */ while( (node = find_next_kbnode(node, PKT_USER_ID)) ) { print_userid( node->pkt ); @@ -486,8 +480,10 @@ list_node( CTX c, KBNODE node ) print_fingerprint( NULL, skc ); any=1; } - if( !any ) + if( !any && mainkey ) printf("ERROR: no user id!\n"); + else if( !any ) + putchar('\n'); } else if( node->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = node->pkt->pkt.signature; @@ -516,7 +512,7 @@ list_node( CTX c, KBNODE node ) putchar(':'); if( sigrc != ' ' ) putchar(sigrc); - printf(":::%08lX%08lX:%s:::", (ulong)sig->keyid[0], + printf(":::%08lX%08lX:%s::::", (ulong)sig->keyid[0], (ulong)sig->keyid[1], datestr_from_sig(sig)); } else @@ -638,8 +634,16 @@ do_proc_packets( CTX c, IOBUF a ) } else { switch( pkt->pkttype ) { - case PKT_PUBLIC_CERT: newpkt = add_public_cert( c, pkt ); break; - case PKT_SECRET_CERT: newpkt = add_secret_cert( c, pkt ); break; + case PKT_PUBLIC_CERT: + case PKT_SECRET_CERT: + release_list( c ); + c->list = new_kbnode( pkt ); + newpkt = 1; + break; + case PKT_PUBKEY_SUBCERT: + case PKT_SECKEY_SUBCERT: + newpkt = add_subkey( c, pkt ); + break; case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break; case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break; @@ -730,7 +734,8 @@ proc_tree( CTX c, KBNODE node ) if( opt.list_packets ) return; - if( node->pkt->pkttype == PKT_PUBLIC_CERT ) + if( node->pkt->pkttype == PKT_PUBLIC_CERT + || node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) list_node( c, node ); else if( node->pkt->pkttype == PKT_SECRET_CERT ) list_node( c, node ); diff --git a/g10/packet.h b/g10/packet.h index 5f29b83e5..0e6a188c9 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -130,24 +130,24 @@ typedef struct { byte hdrbytes; /* number of header bytes */ byte version; byte pubkey_algo; /* algorithm used for public key scheme */ + byte is_protected; /* The secret infos are protected and must */ + /* be decrypteded before use, the protected */ + /* MPIs are simply (void*) pointers to memory */ + /* and should never be passed to a mpi_xxx() */ + struct { + byte algo; /* cipher used to protect the secret informations*/ + byte s2k; + byte hash; + byte salt[8]; + byte count; + byte iv[8]; /* initialization vector for CFB mode */ + } protect; union { struct { MPI p; /* prime */ MPI g; /* group generator */ MPI y; /* g^x mod p */ MPI x; /* secret exponent */ - u16 csum; /* checksum */ - byte is_protected; /* The above infos are protected and must */ - /* be decrypteded before use. */ - struct { - byte algo; /* cipher used to protect the secret informations*/ - byte s2k; - byte hash; - byte salt[8]; - byte count; - byte iv[8]; /* initialization vector for CFB mode */ - } protect; /* when protected, the MPIs above are pointers - * to plain storage */ } elg; struct { MPI p; /* prime */ @@ -155,18 +155,6 @@ typedef struct { MPI g; /* group generator */ MPI y; /* g^x mod p */ MPI x; /* secret exponent */ - u16 csum; /* checksum */ - byte is_protected; /* The above infos are protected and must */ - /* be decrypteded before use. */ - struct { - byte algo; /* cipher used to protect the secret informations*/ - byte s2k; - byte hash; - byte salt[8]; - byte count; - byte iv[8]; /* initialization vector for CFB mode */ - } protect; /* when protected, the MPIs above are pointers - * to plain storage */ } dsa; struct { MPI rsa_n; /* public modulus */ @@ -175,19 +163,9 @@ typedef struct { MPI rsa_p; /* secret first prime number */ MPI rsa_q; /* secret second prime number */ MPI rsa_u; /* secret multiplicative inverse */ - u16 csum; /* checksum */ - byte is_protected; /* The above infos are protected and must */ - /* be decrypteded before use */ - byte protect_algo; /* cipher used to protect the secret informations*/ - union { /* information for the protection */ - struct { - byte iv[8]; /* initialization vector for CFB mode */ - /* when protected, the MPIs above are pointers - * to plain storage */ - } blowfish; - } protect; } rsa; } d; + u16 csum; /* checksum */ } PKT_secret_cert; diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 4281ef173..fe2c63c5b 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -52,7 +52,6 @@ static int parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, byte *hdr, int hdrlen, PACKET *packet ); static int parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ); -static void parse_subkey( IOBUF inp, int pkttype, unsigned long pktlen ); static int parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ); static void parse_trust( IOBUF inp, int pkttype, unsigned long pktlen ); @@ -289,6 +288,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, rc = G10ERR_UNKNOWN_PACKET; /* default error */ switch( pkttype ) { case PKT_PUBLIC_CERT: + case PKT_PUBKEY_SUBCERT: pkt->pkt.public_cert = m_alloc_clear(sizeof *pkt->pkt.public_cert ); rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt ); break; @@ -311,9 +311,6 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, case PKT_USER_ID: rc = parse_user_id(inp, pkttype, pktlen, pkt ); break; - case PKT_PUBKEY_SUBCERT: - parse_subkey(inp, pkttype, pktlen); - break; case PKT_COMMENT: rc = parse_comment(inp, pkttype, pktlen, pkt); break; @@ -767,19 +764,37 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, int is_v4=0; int rc=0; - - if( pktlen < 12 ) { - log_error("packet(%d) too short\n", pkttype); - goto leave; - } version = iobuf_get_noeof(inp); pktlen--; - if( version == 4 ) + if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) { + /* early versions of G10 use old comments packets; luckily all those + * comments are started by a hash */ + if( list_mode ) { + printf(":old comment packet: \"" ); + for( ; pktlen; pktlen-- ) { + int c; + c = iobuf_get_noeof(inp); + if( c >= ' ' && c <= 'z' ) + putchar(c); + else + printf("\\x%02x", c ); + } + printf("\"\n"); + } + skip_rest(inp, pktlen); + return 0; + } + else if( version == 4 ) is_v4=1; else if( version != 2 && version != 3 ) { log_error("packet(%d) with unknown version %d\n", pkttype, version); goto leave; } + if( pktlen < 11 ) { + log_error("packet(%d) too short\n", pkttype); + goto leave; + } + timestamp = read_32(inp); pktlen -= 4; if( is_v4 ) valid_period = 0; @@ -795,7 +810,7 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, pkttype == PKT_PUBKEY_SUBCERT? "public sub" : pkttype == PKT_SECKEY_SUBCERT? "secret sub" : "??", version, timestamp, valid_period ); - if( pkttype == PKT_SECRET_CERT ) { + if( pkttype == PKT_SECRET_CERT || pkttype == PKT_SECKEY_SUBCERT ) { pkt->pkt.secret_cert->timestamp = timestamp; pkt->pkt.secret_cert->valid_days = valid_period; pkt->pkt.secret_cert->hdrbytes = hdrlen; @@ -824,7 +839,7 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, mpi_print(stdout, elg_y, mpi_print_mode ); putchar('\n'); } - if( pkttype == PKT_PUBLIC_CERT ) { + if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) { pkt->pkt.public_cert->d.elg.p = elg_p; pkt->pkt.public_cert->d.elg.g = elg_g; pkt->pkt.public_cert->d.elg.y = elg_y; @@ -836,27 +851,27 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, pkt->pkt.secret_cert->d.elg.p = elg_p; pkt->pkt.secret_cert->d.elg.g = elg_g; pkt->pkt.secret_cert->d.elg.y = elg_y; - cert->d.elg.protect.algo = iobuf_get_noeof(inp); pktlen--; - if( cert->d.elg.protect.algo ) { - cert->d.elg.is_protected = 1; - cert->d.elg.protect.count = 0; - if( cert->d.elg.protect.algo == 255 ) { + cert->protect.algo = iobuf_get_noeof(inp); pktlen--; + if( cert->protect.algo ) { + cert->is_protected = 1; + cert->protect.count = 0; + if( cert->protect.algo == 255 ) { if( pktlen < 3 ) { rc = G10ERR_INVALID_PACKET; goto leave; } - cert->d.elg.protect.algo = iobuf_get_noeof(inp); pktlen--; - cert->d.elg.protect.s2k = iobuf_get_noeof(inp); pktlen--; - cert->d.elg.protect.hash = iobuf_get_noeof(inp); pktlen--; - switch( cert->d.elg.protect.s2k ) { + cert->protect.algo = iobuf_get_noeof(inp); pktlen--; + cert->protect.s2k = iobuf_get_noeof(inp); pktlen--; + cert->protect.hash = iobuf_get_noeof(inp); pktlen--; + switch( cert->protect.s2k ) { case 1: case 3: for(i=0; i < 8 && pktlen; i++, pktlen-- ) temp[i] = iobuf_get_noeof(inp); - memcpy(cert->d.elg.protect.salt, temp, 8 ); + memcpy(cert->protect.salt, temp, 8 ); break; } - switch( cert->d.elg.protect.s2k ) { + switch( cert->protect.s2k ) { case 0: if( list_mode ) printf( "\tsimple S2K" ); break; case 1: if( list_mode ) printf( "\tsalted S2K" ); @@ -866,30 +881,30 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, default: if( list_mode ) printf( "\tunknown S2K %d\n", - cert->d.elg.protect.s2k ); + cert->protect.s2k ); rc = G10ERR_INVALID_PACKET; goto leave; } if( list_mode ) { printf(", algo: %d, hash: %d", - cert->d.elg.protect.algo, - cert->d.elg.protect.hash ); - if( cert->d.elg.protect.s2k == 1 - || cert->d.elg.protect.s2k == 3 ) { + cert->protect.algo, + cert->protect.hash ); + if( cert->protect.s2k == 1 + || cert->protect.s2k == 3 ) { printf(", salt: "); for(i=0; i < 8; i++ ) - printf("%02x", cert->d.elg.protect.salt[i]); + printf("%02x", cert->protect.salt[i]); } putchar('\n'); } - if( cert->d.elg.protect.s2k == 3 ) { + if( cert->protect.s2k == 3 ) { if( !pktlen ) { rc = G10ERR_INVALID_PACKET; goto leave; } - cert->d.elg.protect.count = iobuf_get_noeof(inp); + cert->protect.count = iobuf_get_noeof(inp); pktlen--; } @@ -897,12 +912,12 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, else { if( list_mode ) printf( "\tprotect algo: %d\n", - cert->d.elg.protect.algo); + cert->protect.algo); /* old version, we don't have a S2K, so we fake one */ - cert->d.elg.protect.s2k = 0; + cert->protect.s2k = 0; /* We need this kludge to cope with old GNUPG versions */ - cert->d.elg.protect.hash = - cert->d.elg.protect.algo == CIPHER_ALGO_BLOWFISH? + cert->protect.hash = + cert->protect.algo == CIPHER_ALGO_BLOWFISH? DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5; } if( pktlen < 8 ) { @@ -917,20 +932,20 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, printf(" %02x", temp[i] ); putchar('\n'); } - memcpy(cert->d.elg.protect.iv, temp, 8 ); + memcpy(cert->protect.iv, temp, 8 ); } else - cert->d.elg.is_protected = 0; + cert->is_protected = 0; /* It does not make sense to read it into secure memory. * If the user is so careless, not to protect his secret key, * we can assume, that he operates an open system :=(. * So we put the key into secure memory when we unprotect him. */ n = pktlen; cert->d.elg.x = mpi_read(inp, &n, 0 ); pktlen -=n; - cert->d.elg.csum = read_16(inp); pktlen -= 2; + cert->csum = read_16(inp); pktlen -= 2; if( list_mode ) { printf("\t[secret value x is not shown]\n" - "\tchecksum: %04hx\n", cert->d.elg.csum); + "\tchecksum: %04hx\n", cert->csum); } /*log_mpidump("elg p=", cert->d.elg.p ); log_mpidump("elg g=", cert->d.elg.g ); @@ -955,7 +970,7 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, mpi_print(stdout, dsa_y, mpi_print_mode ); putchar('\n'); } - if( pkttype == PKT_PUBLIC_CERT ) { + if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) { pkt->pkt.public_cert->d.dsa.p = dsa_p; pkt->pkt.public_cert->d.dsa.q = dsa_q; pkt->pkt.public_cert->d.dsa.g = dsa_g; @@ -969,27 +984,27 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, pkt->pkt.secret_cert->d.dsa.q = dsa_q; pkt->pkt.secret_cert->d.dsa.g = dsa_g; pkt->pkt.secret_cert->d.dsa.y = dsa_y; - cert->d.dsa.protect.algo = iobuf_get_noeof(inp); pktlen--; - if( cert->d.dsa.protect.algo ) { - cert->d.dsa.is_protected = 1; - cert->d.dsa.protect.count = 0; - if( cert->d.dsa.protect.algo == 255 ) { + cert->protect.algo = iobuf_get_noeof(inp); pktlen--; + if( cert->protect.algo ) { + cert->is_protected = 1; + cert->protect.count = 0; + if( cert->protect.algo == 255 ) { if( pktlen < 3 ) { rc = G10ERR_INVALID_PACKET; goto leave; } - cert->d.dsa.protect.algo = iobuf_get_noeof(inp); pktlen--; - cert->d.dsa.protect.s2k = iobuf_get_noeof(inp); pktlen--; - cert->d.dsa.protect.hash = iobuf_get_noeof(inp); pktlen--; - switch( cert->d.dsa.protect.s2k ) { + cert->protect.algo = iobuf_get_noeof(inp); pktlen--; + cert->protect.s2k = iobuf_get_noeof(inp); pktlen--; + cert->protect.hash = iobuf_get_noeof(inp); pktlen--; + switch( cert->protect.s2k ) { case 1: case 3: for(i=0; i < 8 && pktlen; i++, pktlen-- ) temp[i] = iobuf_get_noeof(inp); - memcpy(cert->d.dsa.protect.salt, temp, 8 ); + memcpy(cert->protect.salt, temp, 8 ); break; } - switch( cert->d.dsa.protect.s2k ) { + switch( cert->protect.s2k ) { case 0: if( list_mode ) printf( "\tsimple S2K" ); break; case 1: if( list_mode ) printf( "\tsalted S2K" ); @@ -998,42 +1013,39 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, break; default: if( list_mode ) - printf( "\tunknown S2K %d\n", - cert->d.dsa.protect.s2k ); + printf( "\tunknown S2K %d\n", cert->protect.s2k ); rc = G10ERR_INVALID_PACKET; goto leave; } if( list_mode ) { printf(", algo: %d, hash: %d", - cert->d.dsa.protect.algo, - cert->d.dsa.protect.hash ); - if( cert->d.dsa.protect.s2k == 1 - || cert->d.dsa.protect.s2k == 3 ) { + cert->protect.algo, + cert->protect.hash ); + if( cert->protect.s2k == 1 || cert->protect.s2k == 3 ){ printf(", salt: "); for(i=0; i < 8; i++ ) - printf("%02x", cert->d.dsa.protect.salt[i]); + printf("%02x", cert->protect.salt[i]); } putchar('\n'); } - if( cert->d.dsa.protect.s2k == 3 ) { + if( cert->protect.s2k == 3 ) { if( !pktlen ) { rc = G10ERR_INVALID_PACKET; goto leave; } - cert->d.dsa.protect.count = iobuf_get_noeof(inp); + cert->protect.count = iobuf_get_noeof(inp); pktlen--; } } else { if( list_mode ) - printf( "\tprotect algo: %d\n", - cert->d.dsa.protect.algo); + printf( "\tprotect algo: %d\n", cert->protect.algo); /* old version, we don't have a S2K, so we fake one */ - cert->d.dsa.protect.s2k = 0; - cert->d.dsa.protect.hash = DIGEST_ALGO_MD5; + cert->protect.s2k = 0; + cert->protect.hash = DIGEST_ALGO_MD5; } if( pktlen < 8 ) { rc = G10ERR_INVALID_PACKET; @@ -1047,20 +1059,20 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, printf(" %02x", temp[i] ); putchar('\n'); } - memcpy(cert->d.dsa.protect.iv, temp, 8 ); + memcpy(cert->protect.iv, temp, 8 ); } else - cert->d.dsa.is_protected = 0; + cert->is_protected = 0; /* It does not make sense to read it into secure memory. * If the user is so careless, not to protect his secret key, * we can assume, that he operates an open system :=(. * So we put the key into secure memory when we unprotect him. */ n = pktlen; cert->d.dsa.x = mpi_read(inp, &n, 0 ); pktlen -=n; - cert->d.dsa.csum = read_16(inp); pktlen -= 2; + cert->csum = read_16(inp); pktlen -= 2; if( list_mode ) { printf("\t[secret value x is not shown]\n" - "\tchecksum: %04hx\n", cert->d.dsa.csum); + "\tchecksum: %04hx\n", cert->csum); } /*log_mpidump("dsa p=", cert->d.dsa.p ); log_mpidump("dsa q=", cert->d.dsa.q ); @@ -1081,7 +1093,7 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, mpi_print(stdout, rsa_pub_exp, mpi_print_mode ); putchar('\n'); } - if( pkttype == PKT_PUBLIC_CERT ) { + if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) { pkt->pkt.public_cert->d.rsa.rsa_n = rsa_pub_mod; pkt->pkt.public_cert->d.rsa.rsa_e = rsa_pub_exp; } @@ -1091,11 +1103,11 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, pkt->pkt.secret_cert->d.rsa.rsa_n = rsa_pub_mod; pkt->pkt.secret_cert->d.rsa.rsa_e = rsa_pub_exp; - cert->d.rsa.protect_algo = iobuf_get_noeof(inp); pktlen--; + cert->protect.algo = iobuf_get_noeof(inp); pktlen--; if( list_mode ) - printf( "\tprotect algo: %d\n", cert->d.rsa.protect_algo); - if( cert->d.rsa.protect_algo ) { - cert->d.rsa.is_protected = 1; + printf( "\tprotect algo: %d\n", cert->protect.algo); + if( cert->protect.algo ) { + cert->is_protected = 1; for(i=0; i < 8 && pktlen; i++, pktlen-- ) temp[i] = iobuf_get_noeof(inp); if( list_mode ) { @@ -1104,21 +1116,21 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, printf(" %02x", temp[i] ); putchar('\n'); } - if( cert->d.rsa.protect_algo == CIPHER_ALGO_BLOWFISH ) - memcpy(cert->d.rsa.protect.blowfish.iv, temp, 8 ); + if( cert->protect.algo == CIPHER_ALGO_BLOWFISH ) + memcpy(cert->protect.iv, temp, 8 ); } else - cert->d.rsa.is_protected = 0; + cert->is_protected = 0; /* (See comments at the code for elg keys) */ n = pktlen; cert->d.rsa.rsa_d = mpi_read(inp, &n, 0 ); pktlen -=n; n = pktlen; cert->d.rsa.rsa_p = mpi_read(inp, &n, 0 ); pktlen -=n; n = pktlen; cert->d.rsa.rsa_q = mpi_read(inp, &n, 0 ); pktlen -=n; n = pktlen; cert->d.rsa.rsa_u = mpi_read(inp, &n, 0 ); pktlen -=n; - cert->d.rsa.csum = read_16(inp); pktlen -= 2; + cert->csum = read_16(inp); pktlen -= 2; if( list_mode ) { printf("\t[secret values d,p,q,u are not shown]\n" - "\tchecksum: %04hx\n", cert->d.rsa.csum); + "\tchecksum: %04hx\n", cert->csum); } /* log_mpidump("rsa n=", cert->d.rsa.rsa_n ); log_mpidump("rsa e=", cert->d.rsa.rsa_e ); @@ -1164,37 +1176,6 @@ parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) } -static void -parse_subkey( IOBUF inp, int pkttype, unsigned long pktlen ) -{ - int version; - - version = iobuf_get_noeof(inp); pktlen--; - if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) { - /* early versions of G10 use old comments packets; luckily all those - * comments are started by a hash */ - if( list_mode ) { - printf(":old comment packet: \"" ); - for( ; pktlen; pktlen-- ) { - int c; - c = iobuf_get_noeof(inp); - if( c >= ' ' && c <= 'z' ) - putchar(c); - else - printf("\\x%02x", c ); - } - printf("\"\n"); - } - skip_rest(inp, pktlen); - return; - } - - if( list_mode ) - printf(":public subkey packet: \"" ); - skip_rest(inp, pktlen); -} - - static int parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) diff --git a/g10/pkclist.c b/g10/pkclist.c index a47747f0b..d4e8133ae 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -202,7 +202,7 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel ) return do_we_trust( pkc, trustlevel ); case TRUST_EXPIRED: - log_info("trust has expired: NOT yet implemented\n"); + log_info("key has expired\n"); return 0; /* no */ case TRUST_UNDEFINED: @@ -215,11 +215,11 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel ) if( rc ) log_fatal("trust check after add_ownertrust failed: %s\n", g10_errstr(rc) ); - /* FIXME: this is recursive; we better should unroll it */ + /* fixme: this is recursive; we better should unroll it */ return do_we_trust( pkc, trustlevel ); } } - return 0; /* no FIXME: add "Proceed anyway?" */ + return 0; case TRUST_NEVER: log_info("We do NOT trust this key\n"); diff --git a/g10/revoke.c b/g10/revoke.c index 86d465cc0..c98bcc336 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -89,7 +89,7 @@ gen_revoke( const char *uname ) goto leave; } - /* FIXME: should make a function out of this stuff, + /* fixme: should make a function out of this stuff, * it's used all over the source */ skc = node->pkt->pkt.secret_cert; keyid_from_skc( skc, skc_keyid ); diff --git a/g10/ringedit.c b/g10/ringedit.c index 49e46ecde..8eade961a 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -674,6 +674,7 @@ keyring_read( KBPOS *kbpos, KBNODE *ret_root ) rc = G10ERR_INV_KEYRING; goto ready; } + log_info("read_keyblock: read error: %s\n", g10_errstr(rc) ); kbpos->count++; free_packet( pkt ); init_packet( pkt ); diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index f126ba01b..49870dcd9 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -67,19 +67,18 @@ check_elg( PKT_secret_cert *cert ) ELG_secret_key skey; char save_iv[8]; - if( cert->d.elg.is_protected ) { /* remove the protection */ + if( cert->is_protected ) { /* remove the protection */ DEK *dek = NULL; MPI test_x; BLOWFISH_context *blowfish_ctx=NULL; - switch( cert->d.elg.protect.algo ) { + switch( cert->protect.algo ) { case CIPHER_ALGO_NONE: BUG(); break; case CIPHER_ALGO_BLOWFISH: keyid_from_skc( cert, keyid ); - if( cert->d.elg.protect.s2k == 1 - || cert->d.elg.protect.s2k == 3 ) + if( cert->protect.s2k == 1 || cert->protect.s2k == 3 ) dek = get_passphrase_hash( keyid, NULL, - cert->d.elg.protect.salt ); + cert->protect.salt ); else dek = get_passphrase_hash( keyid, NULL, NULL ); @@ -87,10 +86,9 @@ check_elg( PKT_secret_cert *cert ) blowfish_setkey( blowfish_ctx, dek->key, dek->keylen ); m_free(dek); /* pw is in secure memory, so m_free() burns it */ blowfish_setiv( blowfish_ctx, NULL ); - memcpy(save_iv, cert->d.elg.protect.iv, 8 ); - blowfish_decode_cfb( blowfish_ctx, - cert->d.elg.protect.iv, - cert->d.elg.protect.iv, 8 ); + memcpy(save_iv, cert->protect.iv, 8 ); + blowfish_decode_cfb( blowfish_ctx, cert->protect.iv, + cert->protect.iv, 8 ); mpi_set_secure(cert->d.elg.x ); /*fixme: maybe it is better to set the buffer secure with a * new get_buffer_secure() function */ @@ -103,9 +101,9 @@ check_elg( PKT_secret_cert *cert ) m_free( buffer ); m_free( blowfish_ctx ); /* now let's see wether we have used the right passphrase */ - if( csum != cert->d.elg.csum ) { + if( csum != cert->csum ) { mpi_free(test_x); - memcpy( cert->d.elg.protect.iv, save_iv, 8 ); + memcpy( cert->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } @@ -117,16 +115,16 @@ check_elg( PKT_secret_cert *cert ) memset( &skey, 0, sizeof skey ); if( !res ) { mpi_free(test_x); - memcpy( cert->d.elg.protect.iv, save_iv, 8 ); + memcpy( cert->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } mpi_set(cert->d.elg.x, test_x); mpi_free(test_x); - cert->d.elg.is_protected = 0; + cert->is_protected = 0; break; default: - return G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */ + return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */ } } else { /* not protected */ @@ -134,7 +132,7 @@ check_elg( PKT_secret_cert *cert ) csum = checksum_u16( nbytes*8 ); csum += checksum( buffer, nbytes ); m_free( buffer ); - if( csum != cert->d.elg.csum ) + if( csum != cert->csum ) return G10ERR_CHECKSUM; } @@ -143,39 +141,6 @@ check_elg( PKT_secret_cert *cert ) static int -protect_elg( PKT_secret_cert *cert, DEK *dek ) -{ - byte *buffer; - unsigned nbytes; - - if( !cert->d.elg.is_protected ) { /* add the protection */ - BLOWFISH_context *blowfish_ctx=NULL; - - switch( cert->d.elg.protect.algo ) { - case CIPHER_ALGO_NONE: BUG(); break; - case CIPHER_ALGO_BLOWFISH: - blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx ); - blowfish_setkey( blowfish_ctx, dek->key, dek->keylen ); - blowfish_setiv( blowfish_ctx, NULL ); - blowfish_encode_cfb( blowfish_ctx, - cert->d.elg.protect.iv, - cert->d.elg.protect.iv, 8 ); - buffer = mpi_get_buffer( cert->d.elg.x, &nbytes, NULL ); - blowfish_encode_cfb( blowfish_ctx, buffer, buffer, nbytes ); - mpi_set_buffer( cert->d.elg.x, buffer, nbytes, 0 ); - m_free( buffer ); - m_free( blowfish_ctx ); - cert->d.elg.is_protected = 1; - break; - - default: - return G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */ - } - } - return 0; -} - -static int check_dsa( PKT_secret_cert *cert ) { byte *buffer; @@ -186,19 +151,18 @@ check_dsa( PKT_secret_cert *cert ) DSA_secret_key skey; char save_iv[8]; - if( cert->d.dsa.is_protected ) { /* remove the protection */ + if( cert->is_protected ) { /* remove the protection */ DEK *dek = NULL; MPI test_x; BLOWFISH_context *blowfish_ctx=NULL; - switch( cert->d.dsa.protect.algo ) { + switch( cert->protect.algo ) { case CIPHER_ALGO_NONE: BUG(); break; case CIPHER_ALGO_BLOWFISH: keyid_from_skc( cert, keyid ); - if( cert->d.dsa.protect.s2k == 1 - || cert->d.dsa.protect.s2k == 3 ) + if( cert->protect.s2k == 1 || cert->protect.s2k == 3 ) dek = get_passphrase_hash( keyid, NULL, - cert->d.dsa.protect.salt ); + cert->protect.salt ); else dek = get_passphrase_hash( keyid, NULL, NULL ); @@ -206,10 +170,10 @@ check_dsa( PKT_secret_cert *cert ) blowfish_setkey( blowfish_ctx, dek->key, dek->keylen ); m_free(dek); /* pw is in secure memory, so m_free() burns it */ blowfish_setiv( blowfish_ctx, NULL ); - memcpy(save_iv, cert->d.dsa.protect.iv, 8 ); + memcpy(save_iv, cert->protect.iv, 8 ); blowfish_decode_cfb( blowfish_ctx, - cert->d.dsa.protect.iv, - cert->d.dsa.protect.iv, 8 ); + cert->protect.iv, + cert->protect.iv, 8 ); mpi_set_secure(cert->d.dsa.x ); /*fixme: maybe it is better to set the buffer secure with a * new get_buffer_secure() function */ @@ -222,9 +186,9 @@ check_dsa( PKT_secret_cert *cert ) m_free( buffer ); m_free( blowfish_ctx ); /* now let's see wether we have used the right passphrase */ - if( csum != cert->d.dsa.csum ) { + if( csum != cert->csum ) { mpi_free(test_x); - memcpy( cert->d.dsa.protect.iv, save_iv, 8 ); + memcpy( cert->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } @@ -237,12 +201,12 @@ check_dsa( PKT_secret_cert *cert ) memset( &skey, 0, sizeof skey ); if( !res ) { mpi_free(test_x); - memcpy( cert->d.dsa.protect.iv, save_iv, 8 ); + memcpy( cert->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } mpi_set(cert->d.dsa.x, test_x); mpi_free(test_x); - cert->d.dsa.is_protected = 0; + cert->is_protected = 0; break; default: @@ -254,7 +218,7 @@ check_dsa( PKT_secret_cert *cert ) csum = checksum_u16( nbytes*8 ); csum += checksum( buffer, nbytes ); m_free( buffer ); - if( csum != cert->d.dsa.csum ) + if( csum != cert->csum ) return G10ERR_CHECKSUM; } @@ -262,39 +226,6 @@ check_dsa( PKT_secret_cert *cert ) } -static int -protect_dsa( PKT_secret_cert *cert, DEK *dek ) -{ - byte *buffer; - unsigned nbytes; - - if( !cert->d.dsa.is_protected ) { /* add the protection */ - BLOWFISH_context *blowfish_ctx=NULL; - - switch( cert->d.dsa.protect.algo ) { - case CIPHER_ALGO_NONE: BUG(); break; - case CIPHER_ALGO_BLOWFISH: - blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx ); - blowfish_setkey( blowfish_ctx, dek->key, dek->keylen ); - blowfish_setiv( blowfish_ctx, NULL ); - blowfish_encode_cfb( blowfish_ctx, - cert->d.dsa.protect.iv, - cert->d.dsa.protect.iv, 8 ); - buffer = mpi_get_buffer( cert->d.dsa.x, &nbytes, NULL ); - blowfish_encode_cfb( blowfish_ctx, buffer, buffer, nbytes ); - mpi_set_buffer( cert->d.dsa.x, buffer, nbytes, 0 ); - m_free( buffer ); - m_free( blowfish_ctx ); - cert->d.dsa.is_protected = 1; - break; - - default: - return G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */ - } - } - return 0; -} - #ifdef HAVE_RSA_CIPHER static int @@ -307,11 +238,11 @@ check_rsa( PKT_secret_cert *cert ) u32 keyid[2]; RSA_secret_key skey; - if( cert->d.rsa.is_protected ) { /* remove the protection */ + if( cert->is_protected ) { /* remove the protection */ DEK *dek = NULL; BLOWFISH_context *blowfish_ctx=NULL; - switch( cert->d.rsa.protect_algo ) { + switch( cert->protect.algo ) { /* FIXME: use test variables to check for the correct key */ case CIPHER_ALGO_NONE: BUG(); break; case CIPHER_ALGO_BLOWFISH: @@ -321,9 +252,8 @@ check_rsa( PKT_secret_cert *cert ) blowfish_setkey( blowfish_ctx, dek->key, dek->keylen ); m_free(dek); /* pw is in secure memory, so m_free() burns it */ blowfish_setiv( blowfish_ctx, NULL ); - blowfish_decode_cfb( blowfish_ctx, - cert->d.rsa.protect.blowfish.iv, - cert->d.rsa.protect.blowfish.iv, 8 ); + blowfish_decode_cfb( blowfish_ctx, cert->protect.iv, + cert->protect.iv, 8 ); csum = 0; #define X(a) do { \ mpi_set_secure(cert->d.rsa.rsa_##a); \ @@ -339,10 +269,10 @@ check_rsa( PKT_secret_cert *cert ) X(q); X(u); #undef X - cert->d.rsa.is_protected = 0; + cert->is_protected = 0; m_free( blowfish_ctx ); /* now let's see wether we have used the right passphrase */ - if( csum != cert->d.rsa.csum ) + if( csum != cert->csum ) return G10ERR_BAD_PASS; skey.d = cert->d.rsa.rsa_d; @@ -377,7 +307,7 @@ check_rsa( PKT_secret_cert *cert ) csum += checksum_u16( nbytes*8 ); csum += checksum( buffer, nbytes ); m_free( buffer ); - if( csum != cert->d.rsa.csum ) + if( csum != cert->csum ) return G10ERR_CHECKSUM; } @@ -424,16 +354,35 @@ check_secret_key( PKT_secret_cert *cert ) int is_secret_key_protected( PKT_secret_cert *cert ) { - if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) - return cert->d.elg.is_protected? cert->d.elg.protect.algo : 0; - else if( cert->pubkey_algo == PUBKEY_ALGO_DSA ) - return cert->d.dsa.is_protected? cert->d.dsa.protect.algo : 0; - #ifdef HAVE_RSA_CIPHER - else if( cert->pubkey_algo == PUBKEY_ALGO_RSA ) - return cert->d.rsa.is_protected? cert->d.rsa.protect_algo : 0; - #endif - else - return -1; /* unsupported */ + return cert->is_protected? cert->protect.algo : 0; +} + + +static int +do_protect( void (*fnc)(void *, byte *, byte *, unsigned), + void *fncctx, PKT_secret_cert *cert ) +{ + byte *buffer; + unsigned nbytes; + + switch( cert->pubkey_algo ) { + case PUBKEY_ALGO_ELGAMAL: + buffer = mpi_get_buffer( cert->d.elg.x, &nbytes, NULL ); + (*fnc)( fncctx, buffer, buffer, nbytes ); + mpi_set_buffer( cert->d.elg.x, buffer, nbytes, 0 ); + m_free( buffer ); + break; + + case PUBKEY_ALGO_DSA: + buffer = mpi_get_buffer( cert->d.dsa.x, &nbytes, NULL ); + (*fnc)( fncctx, buffer, buffer, nbytes ); + mpi_set_buffer( cert->d.dsa.x, buffer, nbytes, 0 ); + m_free( buffer ); + break; + + default: return G10ERR_PUBKEY_ALGO; + } + return 0; } @@ -443,14 +392,33 @@ is_secret_key_protected( PKT_secret_cert *cert ) int protect_secret_key( PKT_secret_cert *cert, DEK *dek ) { + int rc=0; + if( !dek ) return 0; - if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) - return protect_elg( cert, dek ); - else if( cert->pubkey_algo == PUBKEY_ALGO_DSA ) - return protect_dsa( cert, dek ); - else - return G10ERR_PUBKEY_ALGO; + if( !cert->is_protected ) { /* okay, apply the protection */ + BLOWFISH_context *blowfish_ctx=NULL; + + switch( cert->protect.algo ) { + case CIPHER_ALGO_NONE: BUG(); break; + case CIPHER_ALGO_BLOWFISH: + blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx ); + blowfish_setkey( blowfish_ctx, dek->key, dek->keylen ); + blowfish_setiv( blowfish_ctx, NULL ); + blowfish_encode_cfb( blowfish_ctx, cert->protect.iv, + cert->protect.iv, 8 ); + if( !do_protect( (void (*)(void*,byte*,byte*,unsigned)) + &blowfish_encode_cfb, blowfish_ctx, cert ) ) + cert->is_protected = 1; + m_free( blowfish_ctx ); + break; + + default: + rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */ + break; + } + } + return rc; } diff --git a/g10/sig-check.c b/g10/sig-check.c index 27e166ace..2e0159348 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -251,7 +251,6 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest ) int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) { - KBNODE unode; MD_HANDLE md; PKT_public_cert *pkc; PKT_signature *sig; @@ -283,8 +282,23 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) rc = do_check( pkc, sig, md ); md_close(md); } + else if( sig->sig_class == 0x18 ) { + KBNODE snode = find_prev_kbnode( root, node, PKT_PUBKEY_SUBCERT ); + + if( snode ) { + md = md_open( algo, 0 ); + hash_public_cert( md, pkc ); + hash_public_cert( md, snode->pkt->pkt.public_cert ); + rc = do_check( pkc, sig, md ); + md_close(md); + } + else { + log_error("no subkey for key signature packet\n"); + rc = G10ERR_SIG_CLASS; + } + } else { - unode = find_prev_kbnode( root, node, PKT_USER_ID ); + KBNODE unode = find_prev_kbnode( root, node, PKT_USER_ID ); if( unode ) { PKT_user_id *uid = unode->pkt->pkt.user_id; diff --git a/g10/sign.c b/g10/sign.c index fffee0870..9f06680db 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -57,7 +57,8 @@ complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md ) else BUG(); - /* fixme: should we check wether the signature is okay? */ + /* fixme: should we check wether the signature is okay? + * maybe by using an option */ return rc; } @@ -1072,12 +1073,11 @@ change_passphrase( const char *username ) break; } else { /* okay */ - /* FIXME: what about dsa */ - skc->d.elg.protect.algo = CIPHER_ALGO_BLOWFISH; - skc->d.elg.protect.s2k = 1; - skc->d.elg.protect.hash = DIGEST_ALGO_RMD160; - memcpy(skc->d.elg.protect.salt, salt, 8); - randomize_buffer(skc->d.elg.protect.iv, 8, 1); + skc->protect.algo = CIPHER_ALGO_BLOWFISH; + skc->protect.s2k = 1; + skc->protect.hash = DIGEST_ALGO_RMD160; + memcpy(skc->protect.salt, salt, 8); + randomize_buffer(skc->protect.iv, 8, 1); rc = protect_secret_key( skc, dek ); if( rc ) log_error("protect_secret_key failed: %s\n", g10_errstr(rc) ); diff --git a/g10/signal.c b/g10/signal.c index 9d57b6258..b508e515b 100644 --- a/g10/signal.c +++ b/g10/signal.c @@ -35,7 +35,7 @@ #include "ttyio.h" - +#if 0 static RETSIGTYPE print_and_exit( int sig ) { @@ -53,7 +53,7 @@ print_and_exit( int sig ) secmem_term(); exit(2); /* not correct but .. */ } - +#endif void init_signals() diff --git a/g10/trustdb.c b/g10/trustdb.c index 9bea383c7..8a9c959ed 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -38,6 +38,7 @@ #include "options.h" #include "packet.h" #include "main.h" +#include "i18n.h" #define TRUST_RECORD_LEN 40 @@ -1708,6 +1709,7 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel ) TRUSTREC rec; unsigned trustlevel = TRUST_UNKNOWN; int rc=0; + int cur_time; if( DBG_TRUST ) log_info("check_trust() called.\n"); @@ -1736,16 +1738,25 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel ) pkc->local_id ); } } - if( pkc->timestamp > make_timestamp() ) { + cur_time = make_timestamp(); + if( pkc->timestamp > cur_time ) { log_info("public key created in future (time warp or clock problem)\n"); return G10ERR_TIME_CONFLICT; } - - rc = do_check( pkc->local_id, &rec, &trustlevel ); - if( rc ) { - log_error("check_trust: do_check failed: %s\n", g10_errstr(rc)); - return rc; + if( pkc->valid_days && add_days_to_timestamp(pkc->timestamp, + pkc->valid_days) < cur_time ) { + log_info(_("key expiration date is %s\n"), strtimestamp( + add_days_to_timestamp(pkc->timestamp, + pkc->valid_days))); + trustlevel = TRUST_EXPIRED; + } + else { + rc = do_check( pkc->local_id, &rec, &trustlevel ); + if( rc ) { + log_error("check_trust: do_check failed: %s\n", g10_errstr(rc)); + return rc; + } } @@ -45,6 +45,16 @@ msgstr "" "BENUTZEN SIE DIE DURCH DIESES PROGRAMM ERZEUGTEN DATEN NICHT!\n" "\n" + +#: g10/g10.c:214 +msgid "" +"Syntax: gpgm [options] [files]\n" +"GNUPG maintenance utility\n" +msgstr "" +"Syntax: gpgm [options] [files]\n" +"GNUPG Wartungs Hilfsmittel\n" + + #: g10/g10.c:72 msgid "" "Syntax: gpg [options] [files]\n" @@ -55,18 +65,44 @@ msgstr "" "Signieren, prüfen, verschlüsseln, entschlüsseln\n" "Die voreingestellte Operation ist abhängig von den Eingabedaten\n" + #: g10/g10.c:77 msgid "Please report bugs to <gnupg-bugs@isil.d.shuttle.de>.\n" msgstr "Berichte über Wanzen bitte an <gnupg-bugs@isil.d.shuttle.de>.\n" -#: g10/g10.c:116 -msgid "Usage: g10 [options] " -msgstr "Aufruf: g10 [Opeionen] " +#: g10/g10.c:207 +msgid "Usage: gpgm [options] [files] (-h for help)" +msgstr "Aufruf: gpgm [Optionen] [Dateien] (-h für Hilfe)" + +#: g10/g10.c:209 +msgid "Usage: gpg [options] [files] (-h for help)" +msgstr "Aufruf: gpg [Optionen] [Dateien] (-h für Hilfe)" + #: g10/g10.c:152 msgid "conflicting commands\n" msgstr "Widersprechende Kommandos\n" + +#: g10/g10.c:57 +msgid "" +"\\vCommands:\n" +" " +msgstr "" +"\\vKommandos:\n" +" " + +#: g10/g10.c:92 +msgid "" +"\\v\n" +"Options:\n" +" " +msgstr "" +"\\v\n" +"Optionen:\n" +" " + + #: g10/g10.c:164 msgid "create ascii armored output" msgstr "Ausgabe mit ASCII Armor versehen" @@ -80,7 +116,7 @@ msgid "set compress level (0 disables)" msgstr "Kompressionspegel sethen (aussschalten mit 0)" #: g10/g10.c:167 -msgid "don't make any changes" +msgid "do not make any changes" msgstr "Keine wirklichen Änderungen durchführen" #: g10/g10.c:168 @@ -107,25 +143,25 @@ msgstr "\"Nein\" als Standard Antwort annehmen" msgid "generate a new key pair" msgstr "Ein neues Schlüsselpaar erzeugen" -#: g10/g10.c:174 -msgid "add key to the public keyring" -msgstr "" +#: g10/g10.c:76 +msgid "remove key from the public keyring" +msgstr "Schlüssel entfernen" -#: g10/g10.c:175 -msgid "remove key from public keyring" -msgstr "Key entfernen" +#: g10/g10.c:79 +msgid "generate a revocation certificate" +msgstr "Ein \"Revocation\" Zertifikat erzeugen" #: g10/g10.c:176 msgid "make a signature on a key in the keyring" -msgstr "key signieren" +msgstr "Schlüssel signieren" #: g10/g10.c:177 msgid "store only" -msgstr "" +msgstr "nur speichern" #: g10/g10.c:178 msgid "check signatures on a key in the keyring" -msgstr " " +msgstr "Schlüssel Signaturen prüfen" #: g10/g10.c:179 msgid "add this keyring to the list of keyrings" @@ -133,149 +169,264 @@ msgstr "" #: g10/g10.c:180 msgid "make a signature" -msgstr "" +msgstr "Eine Signatur erzeugen" + +#: g10/g10.c:61 +msgid "make a clear text signature" +msgstr "Eine Klartext Signatur erzeugen" #: g10/g10.c:181 msgid "use canonical text mode" -msgstr "" +msgstr "Text Modus benutzen" #: g10/g10.c:182 msgid "make a detached signature" -msgstr "" +msgstr "Eine abgetrennte Signatur erzeugen" #: g10/g10.c:183 msgid "encrypt data" -msgstr "" +msgstr "Daten verschlüsseln" + +#: g10/g10.c:64 +msgid "encryption only with symmetric cipher" +msgstr "Daten nur symmetrisch verschlüsseln" #: g10/g10.c:184 msgid "decrypt data (default)" -msgstr "" +msgstr "Daten enschlüsseln" + + +#: g10/g10.c:67 +msgid "verify a signature" +msgstr "Signatur prüfen" #: g10/g10.c:185 msgid "use this user-id to sign or decrypt" -msgstr "" +msgstr "Mit dieser User-ID signieren" #: g10/g10.c:186 msgid "use this user-id for encryption" -msgstr "" +msgstr "Verschlüsseln für diese User-ID" #: g10/g10.c:187 msgid "list keys" -msgstr "" +msgstr "Liste der Schlüssel" + + +#: g10/g10.c:70 +msgid "list keys and signatures" +msgstr "Liste der Schlüssel und deren Signaturen" + +#: g10/g10.c:71 +msgid "check key signatures" +msgstr "Signaturen der Schlüssel prüfen" + +#: g10/g10.c:72 +msgid "list keys and fingerprints" +msgstr "Liste der Schlüssel und deren \"Fingerprints\"" #: g10/g10.c:188 msgid "set debugging flags" -msgstr "" +msgstr "Debug-Flags einschalten" #: g10/g10.c:189 msgid "enable full debugging" -msgstr "" - -#: g10/g10.c:193 -msgid "show the fingerprints" -msgstr "" +msgstr "Alle Debug-Flags einschalten" #: g10/g10.c:194 msgid "print all message digests" -msgstr "" +msgstr "Message-Digests für die Eingabedaten ausgeben" #: g10/g10.c:195 msgid "add this secret keyring to the list" -msgstr "" +msgstr "Den geheimen Schlüsselring mitbenutzen" #: g10/g10.c:196 msgid "read options from file" -msgstr "" +msgstr "Optionen aus der Datei lesen" #: g10/g10.c:199 msgid "list only the sequence of packets" -msgstr "" +msgstr "Lediglich die Struktur der Daten Packete anzeigen" #: g10/g10.c:202 msgid "edit a key signature" -msgstr "" +msgstr "Editieren de Schlüssel Signaturen" #: g10/g10.c:203 msgid "change the passphrase of your secret keyring" -msgstr "" +msgstr "Die \"Passphrase\" des geheimen Schlüssels ändern" #: g10/g10.c:205 msgid "select default cipher algorithm" -msgstr "" +msgstr "Den Cipher Algorithmus auswählen" #: g10/g10.c:206 msgid "select default puplic key algorithm" -msgstr "" +msgstr "Den Public-Key Algorithmus auswählen" #: g10/g10.c:207 msgid "select default message digest algorithm" -msgstr "" +msgstr "Den Message-Digest Algorithmus auswählen" -#: g10/g10.c:208 -msgid "put public keys into the trustdb" -msgstr "" #: g10/g10.c:212 msgid "do not write comment packets" -msgstr "" +msgstr "Keine Kommentarpackete schreiben" #: g10/g10.c:213 msgid "(default is 1)" -msgstr "" +msgstr "(voreingestellt ist 1)" #: g10/g10.c:214 msgid "(default is 3)" -msgstr "" +msgstr "(voreingestellt ist 3)" + +#: g10/g10.c:81 +msgid "export keys" +msgstr "Schlüssel exportieren" + +#: g10/g10.c:82 +msgid "import/merge keys" +msgstr "Schlüssel importieren/kombinieren" + +#: g10/g10.c:85 +msgid "De-Armor a file or stdin" +msgstr "\"De-Armor\" einer Datei oder stdin" + +#: g10/g10.c:86 +msgid "En-Armor a file or stdin" +msgstr "\"En-Armor\" einer Datei oder stdin" -#: g10/g10.c:215 -msgid "export all or the given keys" -msgstr "" #: g10/g10.c:282 msgid "note: no default option file '%s'\n" -msgstr "" +msgstr "Notiz: Keine voreingestellte Optionen Datei '%s' vorhanden\n" #: g10/g10.c:285 msgid "option file '%s': %s\n" -msgstr "" +msgstr "Opionen Datei '%s': %s\n" #: g10/g10.c:290 msgid "reading options from '%s'\n" -msgstr "" +msgstr "Optionen werden von '%s' gelesen\n" #: g10/g10.c:382 msgid "selected cipher algorithm is invalid\n" -msgstr "" +msgstr "Der ausgewählte Cipher Algorithmus ist ungültig\n" #: g10/g10.c:386 msgid "selected pubkey algorithm is invalid\n" -msgstr "" +msgstr "Der ausgewählte Public-Key Algorithmus ist ungültig\n" #: g10/g10.c:390 msgid "selected digest algorithm is invalid\n" -msgstr "" +msgstr "Der ausgewählte Message-Digest Algorithmus ist ungültig\n" #: g10/g10.c:394 msgid "completes-needed must be greater than 0\n" -msgstr "" +msgstr "completes-needed müßen größer als 0 sein\n" #: g10/g10.c:398 msgid "marginals-needed must be greater than 1\n" -msgstr "" +msgstr "marginals-needed müßen größer als 1 sein\n" #: g10/g10.c:462 msgid "failed to initialize the TrustDB: %s\n" -msgstr "" +msgstr "Die Trust-DB kann nicht initialisiert werden: %s\n" #: g10/g10.c:554 g10/g10.c:571 g10/g10.c:660 msgid "can't open '%s'\n" -msgstr "" +msgstr "Datei '%s' kann nicht geöffnet werden\n" + + +#: g10/g10.c:113 +msgid "write status info to this fd" +msgstr "Status Informationen auf diesen FD schreiben" + +#: g10/g10.c:124 +msgid "" +"\\v\n" +"Examples:\n" +"\n" +" -se -r Bob [file] sign and encrypt for user Bob\n" +" -sat [file] make a clear text signature\n" +" -sb [file] make a detached signature\n" +" -k [userid] show keys\n" +" -kc [userid] show fingerprint\n" +msgstr "" +"\\v\n" +"Beispiele:\n" +"\n" +" -se -r Bob [file] Signieren und verschlüsseln für Benutzer Bob\n" +" -sat [file] Eine Klartext Signatur erzeugen\n" +" -sb [file] Eine abgetrennte Signatur erzeugen\n" +" -k [userid] Die Schllüssel anzeigen\n" +" -kc [userid] Die \"Fingerprints\" anzeigen\n" + + + +#: g10/g10.c:666 +msgid "--store [filename]" +msgstr "--store [Dateiname]" + +#. encrypt the given file only with the symmetric cipher +#: g10/g10.c:674 +msgid "--symmetric [filename]" +msgstr "--symmetric [Dateiname]" + +#: g10/g10.c:682 +msgid "--encrypt [filename]" +msgstr "--encrypt [Dateiname]" + +#: g10/g10.c:695 +msgid "--sign [filename]" +msgstr "--sign [Dateiname]" + +#: g10/g10.c:708 +msgid "--sign --encrypt [filename]" +msgstr "--sign --encrypt [Dateiname]" + +#. make a clearsig +#: g10/g10.c:722 +msgid "--clearsign [filename]" +msgstr "--clearsign [Dateiname]" + +#: g10/g10.c:734 +msgid "--decrypt [filename]" +msgstr "--decrypt [Dateiname]" + +#: g10/g10.c:742 +msgid "--sign-key username" +msgstr "--sign-key Benutzername" + +#: g10/g10.c:750 +msgid "--edit-sig username" +msgstr "--edit-sig Benutzername" + +#: g10/g10.c:758 +msgid "--delete-secret-key username" +msgstr "--delete-secret-key Benutzername" + +#: g10/g10.c:761 +msgid "--delete-key username" +msgstr "--delete-key Benutzername" + +#. no arg: use default, 1 arg use this one +#: g10/g10.c:769 +msgid "--change-passphrase [username]" +msgstr "--change-passphrase [Benutzername]" + + + #: g10/pkclist.c:65 msgid "" "No ownertrust defined for %lu:\n" "%4u%c/%08lX %s \"" msgstr "" +"Es ist kein \"Ownertrust\" für %lu definiert:\n" +"%4u%c/%08lX %s \"" #: g10/pkclist.c:72 msgid "" @@ -318,7 +469,7 @@ msgstr "" #: g10/pkclist.c:108 msgid "You will see a list of signators etc. here\n" -msgstr "" +msgstr "Sie sollten hier eigentlich eine Liste der Signierer sehen.\n" #: g10/pkclist.c:132 msgid "" @@ -332,11 +483,11 @@ msgstr "" #: g10/keygen.c:109 msgid "writing self signature\n" -msgstr "" +msgstr "Die Selbst-Signatur wird geschrieben\n" #: g10/keygen.c:299 msgid "Key generation can only be used in interactive mode\n" -msgstr "" +msgstr "Die Schlüsselerzeugung kann nur im interaktiven Modus benutzt werden\n" #: g10/keygen.c:301 msgid "" @@ -344,22 +495,25 @@ msgid "" " (1) ElGamal is the suggested one.\n" " (2) DSA can only be used for signatures.\n" msgstr "" +"Bitte wählen Sie den zu benutzenden Algorithmus aus:\n" +" (1) ElGamal wird empfohlen.\n" +" (2) DSA kann nur für Signaturen verwendet werden.\n" #: g10/keygen.c:305 msgid " (3) RSA cannot be used in the U.S.\n" -msgstr "" +msgstr " (3) RSA darf in den USA nicht benutzt werden\n" #: g10/keygen.c:314 msgid "Your selection? (1,2,3) " -msgstr "" +msgstr "Ihre Auswahl? (1,2,3) " #: g10/keygen.c:316 msgid "Your selection? (1,2) " -msgstr "" +msgstr "Ihre Auswahl? (1,2) " #: g10/keygen.c:330 msgid "Sorry; DSA is not yet supported.\n" -msgstr "" +msgstr "Pardon; DSA wird noch nicht unterstützt.\n" #: g10/keygen.c:343 msgid "" @@ -402,25 +556,25 @@ msgstr "Gut, aber bitte denken Sie auch daran, daß Monitor und Tastatur " #: g10/keygen.c:377 msgid "Requested keysize is %u bits\n" -msgstr "" +msgstr "Die verlangte Schlüssellänge ist %u Bits\n" #: g10/keygen.c:380 g10/keygen.c:384 msgid "rounded up to %u bits\n" -msgstr "" +msgstr "aufgerundet auf %u Bits\n" #: g10/keygen.c:391 msgid "" "\n" "You need a User-ID to identify your key; the software constructs the user id\n" "from Real Name, Comment and Email Address in this form:\n" -" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n" +" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n" "\n" msgstr "" "\n" "Sie benötigen einen User-ID um Ihren Schlüssel eindeutig zu machen; das\n" "Programm baut diese User-ID aus Ihrem echten Namen, einem Kommentar und\n" "Ihrer Email Adresse in dieser Form auf:\n" -" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n" +" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n" "\n" @@ -500,11 +654,11 @@ msgstr "\"passphrase\" nicht richtig wiederholt; noch einmal.\n" #: g10/keygen.c:531 msgid "writing public certificate to '%s'\n" -msgstr "" +msgstr "schreiben des öffentlichen Schlüssels nach '%s'\n" #: g10/keygen.c:532 msgid "writing secret certificate to '%s'\n" -msgstr "" +msgstr "schreiben des geheimen Schlüssels nach '%s'\n" #: g10/keygen.c:544 msgid "" @@ -523,4 +677,9 @@ msgstr "Öffentlichen und geheimen Schlüssel erzeugt und signiert.\n" #: g10/keygen.c:622 msgid "Key generation failed: %s\n" -msgstr "" +msgstr "Schlüssel-Erzeugung fehlgeschlagen: %s\n" + + + + + @@ -452,8 +452,8 @@ msgstr "" "\"\n" "\n" "Per favore decidi fino a quanto hai fiducia di questo utente perchè\n" -firmi correttamente le chiavi di altri utenti (guardando il suo\n" -passaporto, controllando le impronte digitali da diverse fonti ...)?\n" +"firmi correttamente le chiavi di altri utenti (guardando il suo\n" +"passaporto, controllando le impronte digitali da diverse fonti ...)?\n" "\n" " 1 = Non lo so\n" " 2 = NON mi fido\n" @@ -474,8 +474,8 @@ msgid "" msgstr "" "È compito tuo assegnare qui un valore; questo valore non sarà mai esportato\n" "ad alcuna terza persona. Ci serve per implementare la ragnatela-di-fiducia;\n" -"non ha nulla a che fare con la ragnatela-di-certificati (creata -implicitamente).\n" +"non ha nulla a che fare con la ragnatela-di-certificati (creata" +"implicitamente).\n" #: g10/pkclist.c:108 msgid "You will see a list of signators etc. here\n" @@ -616,14 +616,14 @@ msgid "" "You need a User-ID to identify your key; the software constructs the user " "id\n" "from Real Name, Comment and Email Address in this form:\n" -" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n" +" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n" "\n" msgstr "" "\n" "Ti serve un User ID per identificare la tua chiave; il software costruisce " "l'user id a partire da Nome e Cognome, Commento e Indirizzo di Email " "indicati in questo modulo:\n" -" \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n" +" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n" "\n" #: g10/keygen.c:409 diff --git a/tools/Makefile.am b/tools/Makefile.am index 5101e67a8..ed1e83dfb 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl needed_libs = ../cipher/libcipher.a ../util/libutil.a ../mpi/libmpi.a ../util/libutil.a noinst_PROGRAMS = mpicalc bftest clean-sat diff --git a/tools/Makefile.in b/tools/Makefile.in index cff827ec0..a9ceae455 100644 --- a/tools/Makefile.in +++ b/tools/Makefile.in @@ -92,7 +92,7 @@ VERSION = @VERSION@ ZLIBS = @ZLIBS@ l = @l@ -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl needed_libs = ../cipher/libcipher.a ../util/libutil.a ../mpi/libmpi.a ../util/libutil.a noinst_PROGRAMS = mpicalc bftest clean-sat diff --git a/util/Makefile.am b/util/Makefile.am index e8f920f84..df60fbb64 100644 --- a/util/Makefile.am +++ b/util/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl noinst_LIBRARIES = libutil.a diff --git a/util/Makefile.in b/util/Makefile.in index 75e1d82e6..025ea3f8e 100644 --- a/util/Makefile.in +++ b/util/Makefile.in @@ -92,7 +92,7 @@ VERSION = @VERSION@ ZLIBS = @ZLIBS@ l = @l@ -INCLUDES = -I$(top_srcdir)/include +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl noinst_LIBRARIES = libutil.a diff --git a/util/miscutil.c b/util/miscutil.c index cad89e8ab..3bdc68a21 100644 --- a/util/miscutil.c +++ b/util/miscutil.c @@ -32,6 +32,24 @@ make_timestamp() return time(NULL); } +u32 +add_days_to_timestamp( u32 stamp, u16 days ) +{ + return stamp + days*86400L; +} + +const char * +strtimestamp( u32 stamp ) +{ + static char buffer[11+5]; + struct tm *tp; + time_t atime = stamp; + + tp = gmtime( &atime ); + sprintf(buffer,"%04d-%02d-%02d", + 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday ); + return buffer; +} /**************** * Print a string to FP, but filter all control characters out. |