summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile.am2
-rw-r--r--NEWS14
-rw-r--r--PROJECTS6
-rw-r--r--README19
-rw-r--r--THANKS8
-rw-r--r--TODO22
-rw-r--r--VERSION2
-rw-r--r--acconfig.h1
-rw-r--r--acinclude.m411
-rw-r--r--checks/ChangeLog4
-rw-r--r--checks/Makefile.am2
-rwxr-xr-xchecks/genkey1024.test14
-rwxr-xr-xchecks/mds.test2
-rwxr-xr-xchecks/run-gpg7
-rw-r--r--checks/run-gpg.patterns6
-rw-r--r--cipher/ChangeLog13
-rw-r--r--cipher/Makefile.am4
-rw-r--r--cipher/des.c205
-rw-r--r--cipher/md.c81
-rw-r--r--cipher/pubkey.c2
-rw-r--r--cipher/tiger.c2
-rw-r--r--configure.in5
-rw-r--r--doc/HACKING92
-rw-r--r--doc/Makefile.am11
-rw-r--r--doc/gpg.1pod46
-rw-r--r--g10/ChangeLog94
-rw-r--r--g10/Makefile.am2
-rw-r--r--g10/OPTIONS2
-rw-r--r--g10/armor.c48
-rw-r--r--g10/encode.c16
-rw-r--r--g10/filter.h2
-rw-r--r--g10/g10.c116
-rw-r--r--g10/getkey.c27
-rw-r--r--g10/gpgd.c9
-rw-r--r--g10/import.c15
-rw-r--r--g10/keydb.h4
-rw-r--r--g10/keyedit.c12
-rw-r--r--g10/keygen.c12
-rw-r--r--g10/ks-proto.c299
-rw-r--r--g10/mainproc.c4
-rw-r--r--g10/options.h3
-rw-r--r--g10/parse-packet.c3
-rw-r--r--g10/passphrase.c138
-rw-r--r--g10/pkclist.c16
-rw-r--r--g10/seckey-cert.c2
-rw-r--r--g10/sig-check.c4
-rw-r--r--g10/status.c17
-rw-r--r--g10/trustdb.c24
-rw-r--r--include/cipher.h2
-rw-r--r--po/ChangeLog8
-rw-r--r--po/POTFILES.in2
-rw-r--r--po/de.po16
-rw-r--r--po/fr.po120
-rw-r--r--po/it.po156
-rw-r--r--tools/Makefile.am4
-rw-r--r--util/ChangeLog4
-rw-r--r--util/secmem.c36
-rw-r--r--zlib/Makefile28
58 files changed, 1101 insertions, 725 deletions
diff --git a/Makefile.am b/Makefile.am
index 0699aac6d..43e2a28ce 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
SUBDIRS = intl po zlib util mpi cipher tools g10 doc checks
-EXTRA_DIST = VERSION
+EXTRA_DIST = VERSION PROJECTS
dist-hook:
diff --git a/NEWS b/NEWS
index 0c7a1c587..05d910e98 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,17 @@
+Noteworthy changes in version 0.4.1
+-----------------------------------
+ * A secondary key is used when the primary key is specified but cannot
+ be used for the operation (if it is a sign-only key).
+
+ * GNUPG can now handle concatenated armored messages: There is still a
+ bug if different kinds of messages are mixed.
+
+ * Iterated+Salted passphrases now work. If want to be sure that PGP5
+ is able to handle them you may want to use the options
+ "--s2k-mode 3 --s2k-cipher-algo cast5 --s2k-digest-algo sha1"
+ when changing a passphrase.
+
+
Noteworthy changes in version 0.4.0
-----------------------------------
* Triple DES is now supported. Michael Roth did this piece of
diff --git a/PROJECTS b/PROJECTS
new file mode 100644
index 000000000..835bf2292
--- /dev/null
+++ b/PROJECTS
@@ -0,0 +1,6 @@
+
+ - abstraction of the MPI
+
+ - Add a way to override the current cipher/md implementations
+ by others (using extensions)
+
diff --git a/README b/README
index 31cae5510..216d84fe5 100644
--- a/README
+++ b/README
@@ -1,5 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-
GNUPG - The GNU Privacy Guard
-------------------------------
Version 0.4
@@ -49,7 +47,7 @@
The default algorithms are now DSA and ELGamal. ELGamal for signing
is still available, but due to the larger size of such signatures it
is depreciated (Please note that the GNUPG implementation of ElGamal
- signatures is *not* insecure). Symmetric algorithms are: Blowfish
+ signatures is *not* insecure). Symmetric algorithms are: 3DES, Blowfish
and CAST5, Digest algorithms are MD5, RIPEMD160, SHA1 and TIGER/192.
@@ -57,7 +55,9 @@
Installation
------------
- See the file INSTALL. Here is a quick summary:
+ Please read the file INSTALL.
+
+ Here is a quick summary:
1) "./configure"
@@ -321,7 +321,7 @@
ugly data structures, weird usage of filenames and other things.
The primary FTP site is "ftp://ftp.guug.de/pub/gcrypt/"
- The primary WWW page is "http://www.d.shuttle.de/isil/crypt/gnupg.html"
+ The primary WWW page is "http://www.d.shuttle.de/isil/gnupg/"
If you like, send your keys to <gnupg-keys@isil.d.shuttle.de>; use
"gpg --export --armor | mail gnupg-keys@isil.d.shuttle.de" to do this.
@@ -330,12 +330,3 @@
post them to the mailing list <g10@net.lut.ac.uk> (this is a closed list,
please subscribe before posting).
------BEGIN PGP SIGNATURE-----
-Version: GNUPG v0.3.5a (GNU/Linux)
-Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/
-
-iQB1AwUBNgJ6bB0Z9MEMmFelAQEBHgL+JhFVCrTAK2G3NVVVQBHXU5eucNx3tQQE3UucvSBA
-YaKfX8dC5QU7wfgv8nFBXMK2mnAcJhJzBT6mZwxpzTZZTh7IS4qu//R9Vgy3A06ZddxKFf2M
-YFelmgdpqTL6ntJC
-=JZ3m
------END PGP SIGNATURE-----
diff --git a/THANKS b/THANKS
index 67d97c901..000b24d19 100644
--- a/THANKS
+++ b/THANKS
@@ -15,12 +15,17 @@ Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
Ed Boraas ecxjo@esperanto.org
Ernst Molitor ernst.molitor@uni-bonn.de
Frank Heckenbach heckenb@mi.uni-erlangen.de
+Gaël Quéri gqueri@mail.dotcom.fr
Hendrik Buschkamp buschkamp@rheumanet.org
+Holger Schurig holger@d.om.org
+Hugh Daniel hugh@toad.com
Ian McKellar imckellar@harvestroad.com.au
James Troup james@nocrew.org
Jean-loup Gailly gzip@prep.ai.mit.edu
Jens Bachem bachem@rrz.uni-koeln.de
Jörg Schilling schilling@fokus.gmd.de
+Karl Fogel kfogel@guanabana.onshore.com
+Karsten Thygesen karthy@kom.auc.dk
Lars Kellogg-Stedman lars@bu.edu
Marco d'Itri md@linux.it
Mark Adler madler@alumni.caltech.edu
@@ -37,9 +42,10 @@ Paul D. Smith psmith@baynetworks.com
Peter Gutmann pgut001@cs.auckland.ac.nz
QingLong qinglong@bolizm.ihep.su
Ralph Gillen gillen@theochem.uni-duesseldorf.de
+Roland Rosenfeld roland@spinnaker.rhein.de
Serge Munhoven munhoven@mema.ucl.ac.be
Steffen Ullrich ccrlphr@xensei.com
-Steffen Zahn Steffen.Zahn@oen.siemens.de
+Steffen Zahn zahn@berlin.snafu.de
Thomas Roessler roessler@guug.de
Tom Spindler dogcow@home.merit.edu
Tom Zerucha tzeruch@ceddec.com
diff --git a/TODO b/TODO
index 2fa254923..f54d99ccc 100644
--- a/TODO
+++ b/TODO
@@ -1,11 +1,18 @@
- * if --libdir is used, the extensions are put in a wrong place.
- How does GNOME handle this or make a new option for this directory.
+ * after creating a new uid, the preferences in the trustdb are not updated.
+ We should always sync the trustdb in such cases.
+
+ * write a tool to extract selected keys from a file.
- * Should we use the ElGamal subkey if the DSA keyid is given?
- What about an option --loose-keyid-match?
+ * new menu to delete signatures and list signature in menu
- * salted and iterated S2Ks don't work (see passphrase.c).
+ * commandline controlled --edit-key with assumed save.
+
+ * -rdynamic auf Solaris Problem
+
+ * if --libdir is used, the extensions are put in a wrong place.
+ How does GNOME handle this or make a new option for this directory.
+ Hmmm, I don´ like to pass ot as a commandline option to cc.
* Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal.
@@ -42,11 +49,6 @@
* Add some stuff for DU cc
- * check for "expect" before running test genkey1024
-
* use "passphrase" instead of "pass phrase"
* Use "user ID", "trustdb" and "WARNING".
- * armor.c cannot handle concatenated armored messages.
- at least it should be possible to do this for "KEY BLOCK"
-
diff --git a/VERSION b/VERSION
index 1d0ba9ea1..8d427d3e4 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.4.0
+0.4.0a
diff --git a/acconfig.h b/acconfig.h
index 1956d3c97..7bd261441 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -80,6 +80,7 @@
#undef USE_SHM_COPROCESSING
+#undef IPC_HAVE_SHM_LOCK
#undef IPC_RMID_DEFERRED_RELEASE
@BOTTOM@
diff --git a/acinclude.m4 b/acinclude.m4
index b6c1f656f..f540edc63 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -116,6 +116,7 @@ define(WK_CHECK_CACHE,
######################################################################
# Check for SysV IPC (from GIMP)
+# And see whether we have a SHM_LOCK (FreeBSD does not have it).
######################################################################
dnl WK_CHECK_IPC
dnl
@@ -150,6 +151,15 @@ define(WK_CHECK_IPC,
AC_MSG_RESULT(yes),
AC_MSG_RESULT(no),
AC_MSG_RESULT(assuming no))
+ AC_MSG_CHECKING(whether SHM_LOCK is available)
+ AC_TRY_COMPILE([#include <sys/types.h>
+ #include <sys/ipc.h>
+ #include <sys/shm.h>],[
+ int foo( int shm_id ) { shmctl(shm_id, SHM_LOCK, 0); }
+ ],
+ AC_DEFINE(IPC_HAVE_SHM_LOCK)
+ AC_MSG_RESULT(yes),
+ AC_MSG_RESULT(no))
fi
])
@@ -165,6 +175,7 @@ define(WK_CHECK_MLOCK,
if test "$ac_cv_func_mlock" = "yes"; then
AC_MSG_CHECKING(whether mlock is broken)
AC_TRY_RUN([
+ #include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <sys/mman.h>
diff --git a/checks/ChangeLog b/checks/ChangeLog
index 2adfc1b59..4d99d8629 100644
--- a/checks/ChangeLog
+++ b/checks/ChangeLog
@@ -1,3 +1,7 @@
+Wed Sep 23 12:25:07 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * run-gpg.patterns: New (because Solaris fgrep does not like -f -).
+
Mon Aug 10 21:33:38 1998 Werner Koch (wk@(none))
* genkey1024.test: Ariel fixed this.
diff --git a/checks/Makefile.am b/checks/Makefile.am
index 351075206..cf784a5bf 100644
--- a/checks/Makefile.am
+++ b/checks/Makefile.am
@@ -18,7 +18,7 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
DATA_FILES = data-500 data-9000 data-32000 data-80000
-EXTRA_DIST = defs.inc run-gpg run-gpgm $(TESTS) $(TEST_FILES)
+EXTRA_DIST = defs.inc run-gpg run-gpgm run-gpg.patterns $(TESTS) $(TEST_FILES)
CLEANFILES = prepared.stamp x y z out err $(DATA_FILES) \
plain-1 plain-2 plain-3
DISTCLEANFILES = pubring.gpg secring.gpg pubring.pkr secring.skr
diff --git a/checks/genkey1024.test b/checks/genkey1024.test
index 95093895d..e419088f2 100755
--- a/checks/genkey1024.test
+++ b/checks/genkey1024.test
@@ -2,9 +2,19 @@
. $srcdir/defs.inc || exit 3
+
+if which expect ; then
+ :
+else
+ echo "\"expect\" needed but not found - test skipped"
+ exit 0
+fi
+
+
+
expect - <<EOF
#set timeout -1
-set timeout 5
+set timeout 8
match_max 100000
spawn ../g10/gpg --no-batch --quick-random --homedir . --gen-key
expect {
@@ -86,7 +96,7 @@ some other action (work in another window, move the mouse, utilize the\r
network and the disks) during the prime generation; this gives the random\r
number generator a better chance to gain enough entropy.\r" {}
timeout { exit 1 } }
-set timeout 120
+set timeout 600
expect {
-ex "public and secret key created and signed.\r" { exit 0 }
eof { exit 1 }
diff --git a/checks/mds.test b/checks/mds.test
index 38ca5fbc6..f945a6cbf 100755
--- a/checks/mds.test
+++ b/checks/mds.test
@@ -3,7 +3,7 @@
. $srcdir/defs.inc || exit 3
test_one () {
- if [ "$(grep $1 y | sed -e 's/.*=[ ]\(.*\)/\1/' -e 's/ //g')" != "$2" ]; then
+ if [ "`grep $1 y | sed -e 's/.*=[ ]\(.*\)/\1/' -e 's/ //g'`" != "$2" ]; then
failed="$failed $1"
fi
}
diff --git a/checks/run-gpg b/checks/run-gpg
index 4128e00d9..518721a40 100755
--- a/checks/run-gpg
+++ b/checks/run-gpg
@@ -10,11 +10,6 @@ else
rm err.tmp.$$
exit 1
fi
-fgrep -v -f - err.tmp.$$ <<EOF
-gpg: Good signature from
-gpg: Signature made
-gpg: note: cipher algorithm 3 not found in preferences
-gpg: note: cipher algorithm 4 not found in preferences
-EOF
+fgrep -v -f run-gpg.patterns err.tmp.$$
rm err.tmp.$$
diff --git a/checks/run-gpg.patterns b/checks/run-gpg.patterns
new file mode 100644
index 000000000..7fd9f2c49
--- /dev/null
+++ b/checks/run-gpg.patterns
@@ -0,0 +1,6 @@
+gpg: Good signature from
+gpg: Signature made
+gpg: note: cipher algorithm 3 not found in preferences
+gpg: note: cipher algorithm 4 not found in preferences
+gpg: note: secret key 2E5FA4F4 is NOT protected.
+gpg: note: secret key 439F02CA is NOT protected.
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index cbcea5f9e..251f4df9d 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,16 @@
+Mon Sep 28 13:23:09 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_digest): New.
+ (md_reset): New.
+
+Wed Sep 23 12:27:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.
+
+Mon Sep 21 06:22:53 1998 Werner Koch (wk@(none))
+
+ * des.c: Some patches from Michael.
+
Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none))
* des.c : New file from Michael Roth <mroth@nessie.de>
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index 09edd4df9..26c625dcb 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -48,11 +48,11 @@ EXTRA_twofish_SOURCES = twofish.c
tiger: $(srcdir)/tiger.c
- `echo $(COMPILE) -shared -fPIC -o tiger $(srcdir)/tiger.c | \
+ `echo $(COMPILE) -shared -fPIC -lc -o tiger $(srcdir)/tiger.c | \
sed -e 's/-O2/-O1/' `
twofish: $(srcdir)/twofish.c
- `echo $(COMPILE) -shared -fPIC -o twofish $(srcdir)/twofish.c | \
+ `echo $(COMPILE) -shared -fPIC -lc -o twofish $(srcdir)/twofish.c | \
sed -e 's/-O2/ /' `
diff --git a/cipher/des.c b/cipher/des.c
index f10716a2e..ef8ce7de3 100644
--- a/cipher/des.c
+++ b/cipher/des.c
@@ -152,7 +152,6 @@
*/
typedef struct _des_ctx
{
- int mode;
u32 encrypt_subkeys[32];
u32 decrypt_subkeys[32];
}
@@ -163,19 +162,19 @@ des_ctx[1];
*/
typedef struct _tripledes_ctx
{
- int mode;
u32 encrypt_subkeys[96];
u32 decrypt_subkeys[96];
}
tripledes_ctx[1];
-static void des_key_schedule (const byte *, u32 *, int);
+static void des_key_schedule (const byte *, u32 *);
static int des_setkey (struct _des_ctx *, const byte *);
static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
static int tripledes_set2keys (struct _tripledes_ctx *, const byte *, const byte *);
static int tripledes_set3keys (struct _tripledes_ctx *, const byte *, const byte *, const byte *);
static int tripledes_ecb_crypt (struct _tripledes_ctx *, const byte *, byte *, int);
+static int is_weak_key ( const byte *key );
static const char *selftest (void);
@@ -308,18 +307,58 @@ u32 rightkey_swap[16] =
/*
* Numbers of left shifts per round for encryption subkey schedule
+ * To calculate the decryption key scheduling we just reverse the
+ * ordering of the subkeys so we can omit the table for decryption
+ * subkey schedule.
*/
static byte encrypt_rotate_tab[16] =
{
1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
};
+
+
/*
- * Numbers of right shifts per round for decryption subkey schedule
+ * Table with weak DES keys sorted in ascending order.
+ * In DES their are 64 known keys wich are weak. They are weak
+ * because they produce only one, two or four different
+ * subkeys in the subkey scheduling process.
+ * The keys in this table have all their parity bits cleared.
*/
-static byte decrypt_rotate_tab[16] =
+static byte weak_keys[64][8] =
{
- 0, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
+ { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 }, { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
+ { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
+ { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe }, { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
+ { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
+ { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 }, { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
+ { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
+ { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e }, { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
+ { 0x0e, 0x0e, 0x0e, 0x0e, 0xf0, 0xf0, 0xf0, 0xf0 }, { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
+ { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
+ { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 }, { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
+ { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
+ { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe }, { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
+ { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
+ { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 }, { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
+ { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
+ { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e }, { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
+ { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe }, { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 },
+ { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e }, { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
+ { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 }, { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e },
+ { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 }, { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
+ { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e }, { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
+ { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e }, { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
+ { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
+ { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe }, { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
+ { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e }, { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 },
+ { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 }, { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
+ { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 }, { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e },
+ { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e }, { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
+ { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe }, { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 },
+ { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 }, { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
+ { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 }, { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe }
};
@@ -359,7 +398,7 @@ static byte decrypt_rotate_tab[16] =
/*
- * A full DES round including 'expansion funtion', 'sbox substitution'
+ * A full DES round including 'expansion function', 'sbox substitution'
* and 'primitive function P' but without swapping the left and right word.
*/
#define DES_ROUND(from, to, work, subkey) \
@@ -403,23 +442,22 @@ static byte decrypt_rotate_tab[16] =
/*
- * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for one DES round
+ * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
+ * 16 encryption rounds.
+ * To calculate subkeys for decryption the caller
+ * have to reorder the generated subkeys.
*
* rawkey: 8 Bytes of key data
* subkey: Array of at least 32 u32s. Will be filled
* with calculated subkeys.
- * mode: Key schedule mode.
- * mode == 0: Calculate subkeys to encrypt
- * mode != 0: Calculate subkeys to decrypt
*
*/
static void
-des_key_schedule (const byte * rawkey, u32 * subkey, int mode)
+des_key_schedule (const byte * rawkey, u32 * subkey)
{
u32 left, right, work;
int round;
-
READ_64BIT_DATA (rawkey, left, right)
DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
@@ -441,20 +479,8 @@ des_key_schedule (const byte * rawkey, u32 * subkey, int mode)
for (round = 0; round < 16; ++round)
{
- if (mode)
- {
- /* decrypt */
-
- left = ((left >> decrypt_rotate_tab[round]) | (left << (28 - decrypt_rotate_tab[round]))) & 0x0fffffff;
- right = ((right >> decrypt_rotate_tab[round]) | (right << (28 - decrypt_rotate_tab[round]))) & 0x0fffffff;
- }
- else
- {
- /* encrypt */
-
- left = ((left << encrypt_rotate_tab[round]) | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
- right = ((right << encrypt_rotate_tab[round]) | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
- }
+ left = ((left << encrypt_rotate_tab[round]) | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
+ right = ((right << encrypt_rotate_tab[round]) | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
*subkey++ = ((left << 4) & 0x24000000)
| ((left << 28) & 0x10000000)
@@ -514,11 +540,15 @@ des_key_schedule (const byte * rawkey, u32 * subkey, int mode)
static int
des_setkey (struct _des_ctx *ctx, const byte * key)
{
- if (!ctx || !key)
- return -1;
+ int i;
- des_key_schedule (key, ctx->encrypt_subkeys, 0);
- des_key_schedule (key, ctx->decrypt_subkeys, 1);
+ des_key_schedule (key, ctx->encrypt_subkeys);
+
+ for(i=0; i<32; i+=2)
+ {
+ ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
+ ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
+ }
return 0;
}
@@ -535,9 +565,6 @@ des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
u32 left, right, work;
u32 *keys;
- if (!ctx || !from || !to)
- return -1;
-
keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
READ_64BIT_DATA (from, left, right)
@@ -570,17 +597,25 @@ tripledes_set2keys (struct _tripledes_ctx *ctx,
const byte * key1,
const byte * key2)
{
- if (!ctx || !key1 || !key2)
- return -1;
+ int i;
+
+ des_key_schedule (key1, ctx->encrypt_subkeys);
+ des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
- des_key_schedule (key1, ctx->encrypt_subkeys, 0);
- des_key_schedule (key1, ctx->decrypt_subkeys, 1);
+ for(i=0; i<32; i+=2)
+ {
+ ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
+ ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
+
+ ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
+ ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
- des_key_schedule (key2, &(ctx->encrypt_subkeys[32]), 1);
- des_key_schedule (key2, &(ctx->decrypt_subkeys[32]), 0);
+ ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
+ ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];
- des_key_schedule (key1, &(ctx->encrypt_subkeys[64]), 0);
- des_key_schedule (key1, &(ctx->decrypt_subkeys[64]), 1);
+ ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
+ ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
+ }
return 0;
}
@@ -598,17 +633,23 @@ tripledes_set3keys (struct _tripledes_ctx *ctx,
const byte * key2,
const byte * key3)
{
- if (!ctx || !key1 || !key2 || !key3)
- return -1;
+ int i;
- des_key_schedule (key1, ctx->encrypt_subkeys, 0);
- des_key_schedule (key1, ctx->decrypt_subkeys, 1);
+ des_key_schedule (key1, ctx->encrypt_subkeys);
+ des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
+ des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
- des_key_schedule (key2, &(ctx->encrypt_subkeys[32]), 1);
- des_key_schedule (key2, &(ctx->decrypt_subkeys[32]), 0);
+ for(i=0; i<32; i+=2)
+ {
+ ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
+ ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];
+
+ ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
+ ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
- des_key_schedule (key3, &(ctx->encrypt_subkeys[64]), 0);
- des_key_schedule (key3, &(ctx->decrypt_subkeys[64]), 1);
+ ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
+ ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
+ }
return 0;
}
@@ -617,6 +658,7 @@ tripledes_set3keys (struct _tripledes_ctx *ctx,
/*
* Electronic Codebook Mode Triple-DES encryption/decryption of data according to 'mode'.
+ * Sometimes this mode is named 'EDE' mode (Encryption-Decryption-Encryption).
*/
static int
tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, int mode)
@@ -624,9 +666,6 @@ tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, i
u32 left, right, work;
u32 *keys;
- if (!ctx || !from || !to)
- return -1;
-
keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
READ_64BIT_DATA (from, left, right)
@@ -666,17 +705,45 @@ tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, i
}
+
/*
* Check whether the 8 byte key is weak.
+ * Dose not check the parity bits of the key but simple ignore them.
*/
-
static int
-is_weak_key ( byte *key )
+is_weak_key ( const byte *key )
{
- return 0; /* FIXME */
+ byte work[8];
+ int i, left, right, middle, cmp_result;
+
+ /* clear parity bits */
+ for(i=0; i<8; ++i)
+ work[i] = key[i] & 0xfe;
+
+ /* binary search in the weak key table */
+ left = 0;
+ right = 63;
+ while(1)
+ {
+ middle = (left + right) / 2;
+
+ if ( !(cmp_result=memcmp(work, weak_keys[middle], 8)) )
+ return -1;
+
+ if ( left == right )
+ break;
+
+ if ( cmp_result > 0 )
+ left = middle + 1;
+ else
+ right = middle - 1;
+ }
+
+ return 0;
}
+
/*
* Performs a selftest of this DES/Triple-DES implementation.
* Returns an string with the error text on failure.
@@ -717,12 +784,14 @@ selftest (void)
memcpy (input, temp1, 8);
}
if (memcmp (temp3, result, 8))
- return "DES maintenace test failed.";
+ return "DES maintenance test failed.";
}
/*
- * Triple-DES test (Does somebody known on official test?)
+ * Triple-DES test (Do somebody known on official test?)
+ *
+ * FIXME: This test doesn't use tripledes_set3keys() !
*/
{
int i;
@@ -749,6 +818,20 @@ selftest (void)
return "TRIPLE-DES test failed.";
}
+
+ /*
+ * Check the weak key detection. We simply assume the table with
+ * weak keys is ok and check every key in the table if it is
+ * detected... (This test is a little bit stupid)
+ */
+ {
+ int i;
+
+ for (i = 0; i < 64; ++i)
+ if (!is_weak_key(weak_keys[i]))
+ return "DES weak key detection failed";
+ }
+
return 0;
}
@@ -759,11 +842,11 @@ do_tripledes_setkey ( struct _tripledes_ctx *ctx, byte *key, unsigned keylen )
if( keylen != 24 )
return G10ERR_WRONG_KEYLEN;
+ tripledes_set3keys ( ctx, key, key+8, key+16);
+
if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) )
return G10ERR_WEAK_KEY;
- tripledes_set3keys ( ctx, key, key+8, key+16);
-
return 0;
}
@@ -800,7 +883,7 @@ des_get_info( int algo, size_t *keylen,
if( !did_selftest ) {
const char *s = selftest();
if( s )
- log_fatal("selftest failed: %s", s );
+ log_fatal("selftest failed: %s\n", s );
did_selftest = 1;
}
diff --git a/cipher/md.c b/cipher/md.c
index 56f639cfd..a04155235 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -256,7 +256,7 @@ md_copy( MD_HANDLE a )
: m_alloc( sizeof *b );
memcpy( b, a, sizeof *a );
b->list = NULL;
- /* and now copy the compelte list of algorithms */
+ /* and now copy the complete list of algorithms */
/* I know that the copied list is reversed, but that doesn't matter */
for( ar=a->list; ar; ar = ar->next ) {
br = a->secure ? m_alloc_secure( sizeof *br + ar->contextsize )
@@ -269,6 +269,23 @@ md_copy( MD_HANDLE a )
}
+/****************
+ * Reset all contexts and discard any buffered stuuf. This may be used
+ * instead of a md_close(); md_open().
+ */
+void
+md_reset( MD_HANDLE a )
+{
+ struct md_digest_list_s *r;
+
+ a->bufcount = 0;
+ for( r=a->list; r; r = r->next ) {
+ memset( r->context, 0, r->contextsize );
+ (*r->init)( &r->context );
+ }
+}
+
+
void
md_close(MD_HANDLE a)
{
@@ -331,7 +348,7 @@ md_read( MD_HANDLE a, int algo )
if( !algo ) { /* return the first algorithm */
if( (r=a->list) ) {
if( r->next )
- log_error("warning: more than algorithm in md_read(0)\n");
+ log_debug("more than algorithm in md_read(0)\n");
return (*r->read)( &r->context );
}
}
@@ -344,6 +361,58 @@ md_read( MD_HANDLE a, int algo )
return NULL;
}
+
+/****************
+ * This function combines md_final and md_read but keeps the context
+ * intact. This function can be used to calculate intermediate
+ * digests. The digest is copied into buffer and the digestlength is
+ * returned. If buffer is NULL only the needed size for buffer is returned.
+ * buflen gives the max size of buffer. If the buffer is too shourt to
+ * hold the complete digest, the buffer is filled with as many bytes are
+ * possible and this value is returned.
+ */
+int
+md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen )
+{
+ struct md_digest_list_s *r = NULL;
+ char *context;
+ char *digest;
+
+ if( a->bufcount )
+ md_write( a, NULL, 0 );
+
+ if( !algo ) { /* return digest for the first algorithm */
+ if( (r=a->list) && r->next )
+ log_debug("more than algorithm in md_digest(0)\n");
+ }
+ else {
+ for(r=a->list; r; r = r->next )
+ if( r->algo == algo )
+ break;
+ }
+ if( !r )
+ BUG();
+
+ if( !buffer )
+ return r->mdlen;
+
+ /* I don't want to change the interface, so I simply work on a copy
+ * the context (extra overhead - should be fixed)*/
+ context = a->secure ? m_alloc_secure( r->contextsize )
+ : m_alloc( r->contextsize );
+ memcpy( context, r->context, r->contextsize );
+ (*r->final)( context );
+ digest = (*r->read)( context );
+
+ if( buflen > r->mdlen )
+ buflen = r->mdlen;
+ memcpy( buffer, digest, buflen );
+
+ m_free(context);
+ return buflen;
+}
+
+
int
md_get_algo( MD_HANDLE a )
{
@@ -423,5 +492,13 @@ md_stop_debug( MD_HANDLE md )
fclose(md->debug);
md->debug = NULL;
}
+ #ifdef HAVE_U64_TYPEDEF
+ { /* a kludge to pull in the __muldi3 for Solaris */
+ volatile u32 a = (u32)md;
+ volatile u32 b = 42;
+ volatile u64 c;
+ c = a * b;
+ }
+ #endif
}
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index a78f788c0..62a48a6d8 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -480,7 +480,7 @@ pubkey_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
/****************
* This is the interface to the public key signing.
- * Sign hash with skey and put the result into resarr which
+ * Sign data with skey and put the result into resarr which
* should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the
* algorithm allows this - check with pubkey_get_nsig() )
*/
diff --git a/cipher/tiger.c b/cipher/tiger.c
index d02f5cb86..c473e92d3 100644
--- a/cipher/tiger.c
+++ b/cipher/tiger.c
@@ -29,9 +29,9 @@
typedef struct {
u64 a, b, c;
- u32 nblocks;
byte buf[64];
int count;
+ u32 nblocks;
} TIGER_CONTEXT;
diff --git a/configure.in b/configure.in
index bbb3eb9a4..bd5bc7b5a 100644
--- a/configure.in
+++ b/configure.in
@@ -254,14 +254,15 @@ fi
AC_SUBST(ZLIBS)
-AM_GNU_GETTEXT
G10_LOCALEDIR="$g10_prefix/$DATADIRNAME/locale"
AC_SUBST(G10_LOCALEDIR)
AC_DEFINE_UNQUOTED(G10_LOCALEDIR, "$G10_LOCALEDIR")
-WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )
+dnl WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )
WK_DO_LINK_FILES
+AM_GNU_GETTEXT
+
AC_OUTPUT([
Makefile
intl/Makefile
diff --git a/doc/HACKING b/doc/HACKING
new file mode 100644
index 000000000..27faa87c5
--- /dev/null
+++ b/doc/HACKING
@@ -0,0 +1,92 @@
+ A Hacker's Guide to GNUPG
+ ================================
+ (Some notes on GNUPG internals.)
+
+
+
+Memory allocation
+-----------------
+Use only the functions:
+
+ m_alloc()
+ m_alloc_clear()
+ m_strdup()
+ m_free()
+
+If you want to store a passphrase or some other sensitive data you may
+want to use m_alloc_secure() instead of m_alloc(), as this puts the data
+into a memory region which is protected from swapping (on some platforms).
+m_free() works for both. This functions will not return if there is not
+enough memory available.
+
+
+
+Logging
+-------
+
+
+
+
+
+
+Option parsing
+---------------
+GNUPG does not use getopt or GNU getopt but functions of it's own. See
+util/argparse.c for details. The advantage of these funtions is that
+it is more easy to display and maintain the help texts for the options.
+The same option table is also used to parse resource files.
+
+
+
+What is an iobuf
+----------------
+This is the data structure used for most I/O of gnupg. It is similiar
+to System V Streams but much simpler. It should be replaced by a cleaner
+and faster implementation. We are doing to much copying and the semantics
+of "filter" removing are not very clean. EOF handling is also a problem.
+
+
+
+How to use the message digest functions
+---------------------------------------
+cipher/md.c implements an interface to hash (message diesgt functions).
+
+a) If you have a common part of data and some variable parts
+ and you need to hash of the concatenated parts, you can use this:
+ md = md_open(...)
+ md_write( md, common_part )
+ md1 = md_copy( md )
+ md_write(md1, part1)
+ md_final(md1);
+ digest1 = md_read(md1)
+ md2 = md_copy( md )
+ md_write(md2, part2)
+ md_final(md2);
+ digest2 = md_read(md2)
+
+ An example are key signatures; the key packet is the common part
+ and the user-id packets are the variable parts.
+
+b) If you need a running digest you should use this:
+ md = md_open(...)
+ md_write( md, part1 )
+ digest_of_part1 = md_digest( md );
+ md_write( md, part2 )
+ digest_of_part1_cat_part2 = md_digest( md );
+ ....
+
+Both methods may be combined. [Please see the source for the real syntax]
+
+
+
+
+How to use the cipher functions
+-------------------------------
+
+
+
+
+How to use the public key functions
+-----------------------------------
+
+
diff --git a/doc/Makefile.am b/doc/Makefile.am
index dc2ee585b..9c83575b0 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -1,9 +1,18 @@
## Process this file with automake to create Makefile.in
-EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ
+EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ HACKING
man_MANS = gpg.1
+
+
+install-data-hook:
+ if test -f $(man1dir)/gpgm.1; then rm $(man1dir)/gpgm.1; fi
+ ln -s $(man1dir)/gpg.1 $(man1dir)/gpgm.1 \
+ || ln $(man1dir)/gpg.1 $(man1dir)/gpgm.1
+
+
+
%: %pod
pod2man $< --section=`echo $@ | sed 's/^.*(?)$$/$$&/'`\
--release="`date -r $< '+%d %b %Y'`"\
diff --git a/doc/gpg.1pod b/doc/gpg.1pod
index 93b1a199f..40c930b45 100644
--- a/doc/gpg.1pod
+++ b/doc/gpg.1pod
@@ -75,7 +75,7 @@ B<-k> [I<username>] [I<keyring>]
B<-kvc> List fingerprints
B<-kvvc> List fingerprints and signatures
-B<--list-keys> [I<names>]
+B<--list-keys> [I<names>]
List all keys from the public keyrings, or just the
ones given on the command line.
@@ -83,7 +83,7 @@ B<--list-secret-keys> [I<names>]
List all keys from the secret keyrings, or just the
ones given on the command line.
-B<--list-sigs> [I<names>]
+B<--list-sigs> [I<names>]
Same as B<--list-keys>, but the signatures are listed
too.
@@ -201,7 +201,7 @@ B<--import-ownertrust> [I<filename>]
Long options can be put in an options file (default F<~/.gnupg/options>);
do not write the 2 dashes, but simply the name of the option and any
-arguments if required. Lines with a hash as the first non-white-space
+arguments if required. Lines with a hash as the first non-white-space
character are ignored. Commands may be put in this file too, but that
does not make sense.
@@ -324,6 +324,26 @@ B<--digest-algo> I<name>
program with the option B<--verbose> yields a list of
supported algorithms.
+B<--s2k-cipher-algo> I<name>
+ Use I<name> as the cipher algorithm used to protect secret
+ keys. The default cipher is BLOWFISH. This cipher is
+ also used for conventional encryption if B<--cipher-algo>
+ is not given.
+
+B<--s2k-digest-algo> I<name>
+ Use I<name> as the digest algorithm used to mangle the
+ passphrases. The default algorithm is RIPE-MD-160.
+ This digest algorithm is also used for conventional
+ encryption if B<--digest-algo> is not given.
+
+B<--s2k-mode> I<number>
+ Selects how passphrases are mangled: A number of I<0>
+ uses the plain passphrase (which is not recommended),
+ a I<1> (default) adds a salt to the passphrase and
+ I<3> interates the whole process a couple of times.
+ Unless -B<--rfc1991> is used, this mode is also used
+ for conventional encryption.
+
B<--compress-algo> I<number>
Use compress algorithm I<number>. Default is I<2> which is
RFC1950 compression; you may use I<1> to use the old zlib
@@ -333,6 +353,12 @@ B<--compress-algo> I<number>
If this is not used the OpenPGP behaviour is used; i.e.
the compression algorith is selected from the preferences.
+B<--digest-algo> I<name>
+ Use I<name> as message digest algorithm. Running the
+ program with the option B<--verbose> yields a list of
+ supported algorithms.
+
+
B<--throw-keyid>
Do not put the keyid into encrypted packets. This option
hides the receiver of the message and is a countermeasure
@@ -385,11 +411,11 @@ a signature was bad and other errorcode for fatal errors.
=head1 EXAMPLES
- -se -r Bob [file] sign and encrypt for user Bob
- -sat [file] make a clear text signature
- -sb [file] make a detached signature
- -k [userid] show keys
- -kc [userid] show fingerprint
+ -se -r Bob [file] sign and encrypt for user Bob
+ -sat [file] make a clear text signature
+ -sb [file] make a detached signature
+ -k [userid] show keys
+ -kc [userid] show fingerprint
=head1 ENVIRONMENT
@@ -404,13 +430,13 @@ F<~/.gnupg/pubring.gpg> The public keyring
F<~/.gnupg/trustdb.gpg> The trust database
-F<~/.gnupg/options> May contain options
+F<~/.gnupg/options> May contain options
F</usr[/local]/lib/gnupg/> Default location for extensions
=head1 SEE ALSO
-gpgm(1) gpgd(1)
+gpg(1) gpgm(1)
=head1 WARNINGS
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 84ebb78bd..e767f75be 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,21 +1,67 @@
-Fri Sep 18 16:50:32 1998 Werner Koch (wk@(none))
+Mon Sep 28 12:57:12 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (verify_own_keys): Add warning if a key is not protected.
+
+ * passphrase (hash_passphrase): Fixed iterated+salted mode and
+ setup for keysizes > hashsize.
+
+ * g10.c (main): New options: --s2k-{cipher,digest,mode}.
+
+Fri Sep 25 09:34:23 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c: Chnaged some help texts.
+
+Tue Sep 22 19:34:39 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * passphrase.c (read_passphrase_from_fd): fixed bug for long
+ passphrases.
+
+Mon Sep 21 11:28:05 1998 Werner Koch (wk@(none))
+
+ * getkey.c (lookup): Add code to use the sub key if the primary one
+ does not match the usage.
+
+ * armor.c (armor_filter): New error message: no valid data found.
+ (radix64_read): Changes to support multiple messages.
+ (i18n.h): New.
+ * mainproc.c (add_onepass_sig): bug fix.
+
+Mon Sep 21 08:03:16 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * pkclist.c (do_we_trust): Add keyid to most messages.
+
+ * passphrase.c (read_passphrase_from_fd): New.
+ (have_static_passphrase): New
+ (get_passphrase_fd): Removed.
+ (set_passphrase_fd): Removed.
+ * g10.c (main): passphrase is now read here.
+
+ * keyedit.c (keyedit_menu): "help" texts should now translate fine.
+
+Mon Sep 21 06:40:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * encode.c (encode_simple): Now disables compression
+ when --rfc1991 is used.
+ (encode_crypt): Ditto.
+
+Fri Sep 18 16:50:32 1998 Werner Koch (wk@isil.d.shuttle.de)
* getkey.c (merge_key_and_selfsig): New.
-Fri Sep 18 10:20:11 1998 Werner Koch (wk@(none))
+Fri Sep 18 10:20:11 1998 Werner Koch (wk@isil.d.shuttle.de)
- * pkclist.c (select_algo_from_prefs): Removed 3DEs kludge.
+ * pkclist.c (select_algo_from_prefs): Removed 3DES kludge.
* seskey.c (make_session_key): Fixed SERIOUS bug introduced
by adding the weak key detection code.
* sign.c (sign_file): Changed aremor header in certain cases.
-Tue Sep 15 17:52:55 1998 Werner Koch (wk@(none))
+Tue Sep 15 17:52:55 1998 Werner Koch (wk@isil.d.shuttle.de)
* mainproc.c (check_sig_and_print): Replaced ascime by asctimestamp.
-Mon Sep 14 11:40:52 1998 Werner Koch (wk@(none))
+Mon Sep 14 11:40:52 1998 Werner Koch (wk@isil.d.shuttle.de)
* seskey.c (make_session_key): Now detects weak keys.
@@ -24,17 +70,17 @@ Mon Sep 14 11:40:52 1998 Werner Koch (wk@(none))
* plaintext.c (handle_plaintext): Does no anymore suppress CR from
cleartext signed messages.
-Sun Sep 13 12:54:29 1998 Werner Koch (wk@(none))
+Sun Sep 13 12:54:29 1998 Werner Koch (wk@isil.d.shuttle.de)
* trustdb.c (insert_trust_record): Fixed a stupid bug in the free
liunked list loops.
-Sat Sep 12 15:49:16 1998 Werner Koch (wk@(none))
+Sat Sep 12 15:49:16 1998 Werner Koch (wk@isil.d.shuttle.de)
* status.c (remove_shmid): New.
(init_shm_comprocess): Now sets permission to the real uid.
-Wed Sep 9 11:15:03 1998 Werner Koch (wk@(none))
+Wed Sep 9 11:15:03 1998 Werner Koch (wk@isil.d.shuttle.de)
* packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to
implement it.
@@ -42,11 +88,11 @@ Wed Sep 9 11:15:03 1998 Werner Koch (wk@(none))
* getkey.c (enum_secret_keys): Add new ar and changed all callers.
-Tue Sep 8 20:04:09 1998 Werner Koch (wk@(none))
+Tue Sep 8 20:04:09 1998 Werner Koch (wk@isil.d.shuttle.de)
* delkey.c (delete_key): Moved from keyedit.c.
-Mon Sep 7 16:37:52 1998 Werner Koch (wk@(none))
+Mon Sep 7 16:37:52 1998 Werner Koch (wk@isil.d.shuttle.de)
* build-packet.c (calc_length_header): New arg new_ctb to correctly
calculate the length of new style packets.
@@ -55,7 +101,7 @@ Mon Sep 7 16:37:52 1998 Werner Koch (wk@(none))
* pkclist.c (select_algo_from_prefs): 3DEs substitute is now CAST5.
-Tue Aug 11 17:54:50 1998 Werner Koch (wk@(none))
+Tue Aug 11 17:54:50 1998 Werner Koch (wk@isil.d.shuttle.de)
* build-packet.c (do_secret_key): Fixed handling of old keys.
@@ -63,7 +109,7 @@ Tue Aug 11 17:54:50 1998 Werner Koch (wk@(none))
* openfile.c (open_outfile): Changed arguments and all callers.
-Tue Aug 11 09:14:35 1998 Werner Koch (wk@(none))
+Tue Aug 11 09:14:35 1998 Werner Koch (wk@isil.d.shuttle.de)
* encode.c (encode_simple): Applied option set-filename and comment.
(encode_crypt): Ditto.
@@ -87,7 +133,7 @@ Tue Aug 11 09:14:35 1998 Werner Koch (wk@(none))
* status.c (cpr_get_answer_is_yes): add display_help.
-Mon Aug 10 10:11:28 1998 Werner Koch (wk@(none))
+Mon Aug 10 10:11:28 1998 Werner Koch (wk@isil.d.shuttle.de)
* getkey.c (lookup_sk): Now always returns the primary if arg
primary is true.
@@ -96,15 +142,15 @@ Mon Aug 10 10:11:28 1998 Werner Koch (wk@(none))
(get_seckey_byname): Ditto.
-Mon Aug 10 08:34:03 1998 Werner Koch (wk@(none))
+Mon Aug 10 08:34:03 1998 Werner Koch (wk@isil.d.shuttle.de)
* keyid.c (pubkey_letter): ELG_E is now a small g.
-Sat Aug 8 17:26:12 1998 Werner Koch (wk@(none))
+Sat Aug 8 17:26:12 1998 Werner Koch (wk@isil.d.shuttle.de)
* openfile (overwrite_filep): Changed semantics and all callers.
-Sat Aug 8 12:17:07 1998 Werner Koch (wk@(none))
+Sat Aug 8 12:17:07 1998 Werner Koch (wk@isil.d.shuttle.de)
* status.c (display_help): New.
@@ -118,7 +164,7 @@ Thu Aug 6 07:34:56 1998 Werner Koch,mobil,,, (wk@tobold)
secret keyrings and add additional warning in case of
a failed secret keyring operation.
-Wed Aug 5 11:54:37 1998 Werner Koch (wk@(none))
+Wed Aug 5 11:54:37 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (check_opts): Moved to main. Changed def_cipher_algo
semantics and chnaged all users.
@@ -131,7 +177,7 @@ Wed Aug 5 11:54:37 1998 Werner Koch (wk@(none))
* build-packet.c (do_secret_key): Ditto.
(do_symkey_enc): Ditto.
-Tue Aug 4 08:59:10 1998 Werner Koch (wk@(none))
+Tue Aug 4 08:59:10 1998 Werner Koch (wk@isil.d.shuttle.de)
* getkey.c (enum_secret_keys): Now returns only primary keys.
@@ -142,36 +188,36 @@ Tue Aug 4 08:59:10 1998 Werner Koch (wk@(none))
* sign.c (sign_file): one-pass sigs are now emiited reverse.
Preference data is considered when selecting the compress algo.
-Wed Jul 29 12:53:03 1998 Werner Koch (wk@(none))
+Wed Jul 29 12:53:03 1998 Werner Koch (wk@isil.d.shuttle.de)
* free-packet.c (copy_signature): New.
* keygen.c (generate_subkeypair): rewritten
* g10.c (aKeyadd): Removed option --add-key
-Mon Jul 27 10:37:28 1998 Werner Koch (wk@(none))
+Mon Jul 27 10:37:28 1998 Werner Koch (wk@isil.d.shuttle.de)
* seckey-cert.c (do_check): Additional check on cipher blocksize.
(protect_secret_key): Ditto.
* encr-data.c: Support for other blocksizes.
* cipher.c (write_header): Ditto.
-Fri Jul 24 16:47:59 1998 Werner Koch (wk@(none))
+Fri Jul 24 16:47:59 1998 Werner Koch (wk@isil.d.shuttle.de)
* kbnode.c (insert_kbnode): Changed semantics and all callers.
* keyedit.c : More or less a complete rewrite
-Wed Jul 22 17:10:04 1998 Werner Koch (wk@(none))
+Wed Jul 22 17:10:04 1998 Werner Koch (wk@isil.d.shuttle.de)
* build-packet.c (write_sign_packet_header): New.
-Tue Jul 21 14:37:09 1998 Werner Koch (wk@(none))
+Tue Jul 21 14:37:09 1998 Werner Koch (wk@isil.d.shuttle.de)
* import.c (import_one): Now creates a trustdb record.
* g10.c (main): New command --check-trustdb
-Mon Jul 20 11:15:07 1998 Werner Koch (wk@(none))
+Mon Jul 20 11:15:07 1998 Werner Koch (wk@isil.d.shuttle.de)
* genkey.c (generate_keypair): Default key is now DSA with
encryption only ElGamal subkey.
diff --git a/g10/Makefile.am b/g10/Makefile.am
index c6d5b135e..b38037d28 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -71,6 +71,8 @@ gpgm_SOURCES = dearmor.c \
#gpgd_SOURCES = gpgd.c \
# ks-proto.h \
# ks-proto.c \
+# ks-db.c \
+# ks-db.h \
# $(common_source)
diff --git a/g10/OPTIONS b/g10/OPTIONS
index 9555ce06a..4ec4192e3 100644
--- a/g10/OPTIONS
+++ b/g10/OPTIONS
@@ -49,7 +49,7 @@ compress-sigs
run-as-shm-coprocess [request-locked-shm-size]
# very special :-)
# You will have to use "--status-fd" too
-
+# Note: This option dioes only work if given on the command line.
set-filename <name>
# Set <name> as the filename into the plaintext packet
diff --git a/g10/armor.c b/g10/armor.c
index 38e1b190d..c72526a98 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -34,6 +34,7 @@
#include "options.h"
#include "main.h"
#include "status.h"
+#include "i18n.h"
#define CRCINIT 0xB704CE
@@ -51,7 +52,7 @@ static int is_initialized;
typedef enum {
- fhdrHASArmor,
+ fhdrHASArmor = 0,
fhdrNOArmor,
fhdrINIT,
fhdrINITCont,
@@ -331,12 +332,12 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
if( buf[n-1] == '\r' )
buf[--n] = 0;
if( opt.verbose ) {
- log_info("armor header: ");
+ log_info(_("armor header: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
}
if( clearsig && !(hashes=parse_hash_header( buf )) ) {
- log_error("invalid clearsig header\n");
+ log_error(_("invalid clearsig header\n"));
state = fhdrERROR;
}
else {
@@ -362,7 +363,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
}
}
else {
- log_error("invalid armor header: ");
+ log_error(_("invalid armor header: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
state = fhdrERROR;
@@ -371,7 +372,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
else if( c != -1 ) {
if( strchr( buf, ':') ) { /* buffer to short, but this is okay*/
if( opt.verbose ) {
- log_info("armor header: ");
+ log_info(_("armor header: "));
print_string( stderr, buf, n, 0 );
fputs("[...]\n", stderr); /* indicate it is truncated */
}
@@ -436,7 +437,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
if( hdr_line == BEGIN_SIGNED_MSG_IDX )
clearsig = 1;
if( opt.verbose > 1 )
- log_info("armor: %s\n", head_strings[hdr_line]);
+ log_info(_("armor: %s\n"), head_strings[hdr_line]);
break;
case fhdrCLEARSIG:
@@ -480,7 +481,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
fhdrREADClearsig : fhdrTESTSpaces;
}
else {
- log_error("invalid dash escaped line: ");
+ log_error(_("invalid dash escaped line: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
state = fhdrERROR;
@@ -549,7 +550,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
} break;
case fhdrERRORShow:
- log_error("invalid clear text header: ");
+ log_error(_("invalid clear text header: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
state = fhdrERROR;
@@ -779,7 +780,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
break;
}
else if( (c = asctobin[(c2=c)]) == 255 ) {
- log_error("invalid radix64 character %02x skipped\n", c2);
+ log_error(_("invalid radix64 character %02x skipped\n"), c2);
continue;
}
switch(idx) {
@@ -797,7 +798,10 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
afx->idx = idx;
afx->radbuf[0] = val;
if( checkcrc ) {
- afx->inp_eof = 1; /*assume eof */
+ afx->any_data = 1;
+ afx->inp_checked=0;
+ afx->faked = 0;
+ afx->parse_state = 0;
for(;;) { /* skip lf and pad characters */
if( afx->helpidx < afx->helplen )
c = afx->helpbuf[afx->helpidx++];
@@ -809,7 +813,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
break;
}
if( c == -1 )
- log_error("premature eof (no CRC)\n");
+ log_error(_("premature eof (no CRC)\n"));
else {
u32 mycrc = 0;
idx = 0;
@@ -828,15 +832,15 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
break;
} while( ++idx < 4 );
if( c == -1 ) {
- log_error("premature eof (in CRC)\n");
+ log_error(_("premature eof (in CRC)\n"));
rc = G10ERR_INVALID_ARMOR;
}
else if( idx != 4 ) {
- log_error("malformed CRC\n");
+ log_error(_("malformed CRC\n"));
rc = G10ERR_INVALID_ARMOR;
}
else if( mycrc != afx->crc ) {
- log_error("CRC error; %06lx - %06lx\n",
+ log_error(_("CRC error; %06lx - %06lx\n"),
(ulong)afx->crc, (ulong)mycrc);
rc = G10ERR_INVALID_ARMOR;
}
@@ -855,11 +859,11 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
if( rc == -1 )
rc = 0;
else if( rc == 2 ) {
- log_error("premature eof (in Trailer)\n");
+ log_error(_("premature eof (in Trailer)\n"));
rc = G10ERR_INVALID_ARMOR;
}
else {
- log_error("error in trailer line\n");
+ log_error(_("error in trailer line\n"));
rc = G10ERR_INVALID_ARMOR;
}
#endif
@@ -874,7 +878,6 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
return rc;
}
-
/****************
* This filter is used to handle the armor stuff
*/
@@ -914,13 +917,6 @@ armor_filter( void *opaque, int control,
if( size < 15+(4*15) ) /* need space for up to 4 onepass_sigs */
BUG(); /* supplied buffer too short */
- if( afx->inp_eof ) {
- *ret_len = 0;
- if( DBG_FILTER )
- log_debug("armor-filter: eof due to inp_eof flag\n" );
- return -1;
- }
-
if( afx->faked )
rc = fake_packet( afx, a, &n, buf, size );
else if( !afx->inp_checked ) {
@@ -1021,7 +1017,7 @@ armor_filter( void *opaque, int control,
}
else
iobuf_writestr(a,
- "Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/\n");
+ "Comment: For info finger gcrypt@ftp.guug.de\n");
if( afx->hdrlines )
iobuf_writestr(a, afx->hdrlines);
iobuf_put(a, '\n');
@@ -1120,6 +1116,8 @@ armor_filter( void *opaque, int control,
iobuf_writestr(a, tail_strings[afx->what] );
iobuf_writestr(a, "-----\n");
}
+ else if( !afx->any_data && !afx->inp_bypass )
+ log_error(_("no valid RFC1991 or OpenPGP data found.\n"));
}
else if( control == IOBUFCTRL_DESC )
*(char**)buf = "armor_filter";
diff --git a/g10/encode.c b/g10/encode.c
index ae8b26116..bc4742607 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -76,6 +76,7 @@ encode_simple( const char *filename, int mode )
cipher_filter_context_t cfx;
armor_filter_context_t afx;
compress_filter_context_t zfx;
+ int do_compress = opt.compress && !opt.rfc1991;
memset( &cfx, 0, sizeof cfx);
memset( &afx, 0, sizeof afx);
@@ -92,12 +93,12 @@ encode_simple( const char *filename, int mode )
cfx.dek = NULL;
if( mode ) {
s2k = m_alloc_clear( sizeof *s2k );
- s2k->mode = opt.rfc1991? 0:1;
+ s2k->mode = opt.rfc1991? 0:opt.s2k_mode;
s2k->hash_algo = opt.def_digest_algo ? opt.def_digest_algo
- : DEFAULT_DIGEST_ALGO;
+ : opt.s2k_digest_algo;
cfx.dek = passphrase_to_dek( NULL,
opt.def_cipher_algo ? opt.def_cipher_algo
- : DEFAULT_CIPHER_ALGO , s2k, 2 );
+ : opt.s2k_cipher_algo , s2k, 2 );
if( !cfx.dek || !cfx.dek->keylen ) {
rc = G10ERR_PASSPHRASE;
m_free(cfx.dek);
@@ -158,13 +159,13 @@ encode_simple( const char *filename, int mode )
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
- cfx.datalen = filesize && !opt.compress ? calc_packet_length( &pkt ) : 0;
+ cfx.datalen = filesize && !do_compress ? calc_packet_length( &pkt ) : 0;
/* register the cipher filter */
if( mode )
iobuf_push_filter( out, cipher_filter, &cfx );
/* register the compress filter */
- if( opt.compress )
+ if( do_compress )
iobuf_push_filter( out, compress_filter, &zfx );
/* do the work */
@@ -197,6 +198,7 @@ encode_crypt( const char *filename, STRLIST remusr )
armor_filter_context_t afx;
compress_filter_context_t zfx;
PK_LIST pk_list;
+ int do_compress = opt.compress && !opt.rfc1991;
memset( &cfx, 0, sizeof cfx);
memset( &afx, 0, sizeof afx);
@@ -270,12 +272,12 @@ encode_crypt( const char *filename, STRLIST remusr )
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
- cfx.datalen = filesize && !opt.compress? calc_packet_length( &pkt ) : 0;
+ cfx.datalen = filesize && !do_compress? calc_packet_length( &pkt ) : 0;
/* register the cipher filter */
iobuf_push_filter( out, cipher_filter, &cfx );
/* register the compress filter */
- if( opt.compress ) {
+ if( do_compress ) {
int compr_algo = select_algo_from_prefs( pk_list, PREFTYPE_COMPR );
if( !compr_algo )
; /* don't use compression */
diff --git a/g10/filter.h b/g10/filter.h
index 2dc8a3e87..d48b75627 100644
--- a/g10/filter.h
+++ b/g10/filter.h
@@ -42,7 +42,7 @@ typedef struct {
int parse_state;
int inp_checked; /* set if inp has been checked */
int inp_bypass; /* set if the input is not armored */
- int inp_eof;
+ int any_data;
const char *hdrlines;
} armor_filter_context_t;
diff --git a/g10/g10.c b/g10/g10.c
index dac154d56..891da839e 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -135,6 +135,9 @@ enum cmd_and_opt_values { aNull = 0,
oSetFilename,
oComment,
oThrowKeyid,
+ oS2KMode,
+ oS2KDigest,
+ oS2KCipher,
aTest };
@@ -212,6 +215,11 @@ static ARGPARSE_OPTS opts[] = {
{ oMarginalsNeeded, "marginals-needed", 1, N_("(default is 3)")},
{ oLoadExtension, "load-extension" ,2, N_("|file|load extension module")},
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
+ { oS2KMode, "s2k-mode", 1, N_("|N| use passphrase mode N")},
+ { oS2KDigest, "s2k-digest-algo",2,
+ N_("|NAME| use message digest algorithm NAME for passphrases")},
+ { oS2KCipher, "s2k-cipher-algo",2,
+ N_("|NAME| use cipher algorithm NAME for passphrases")},
#ifdef IS_G10
{ oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")},
{ oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
@@ -226,10 +234,10 @@ static ARGPARSE_OPTS opts[] = {
#ifdef IS_G10
{ 302, NULL, 0, N_("@\nExamples:\n\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
- " -sat [file] make a clear text signature\n"
- " -sb [file] make a detached signature\n"
- " -k [userid] show keys\n"
- " -kc [userid] show fingerprint\n" ) },
+ " --clearsign [file] make a clear text signature\n"
+ " --detach-sign [file] make a detached signature\n"
+ " --list-keys [names] show keys\n"
+ " --fingerprint [names] show fingerprints\n" ) },
#endif
/* hidden options */
@@ -472,11 +480,15 @@ main( int argc, char **argv )
const char *trustdb_name = NULL;
char *def_cipher_string = NULL;
char *def_digest_string = NULL;
+ char *s2k_cipher_string = NULL;
+ char *s2k_digest_string = NULL;
+ int pwfd = -1;
#ifdef USE_SHM_COPROCESSING
ulong requested_shm_size=0;
#endif
trap_unaligned();
+ secmem_set_flags( secmem_get_flags() | 2 ); /* suspend warnings */
#ifdef IS_G10MAINT
secmem_init( 0 ); /* disable use of secmem */
maybe_setuid = 0;
@@ -497,6 +509,9 @@ main( int argc, char **argv )
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
opt.def_compress_algo = 2;
+ opt.s2k_mode = 1; /* salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_RMD160;
+ opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH;
opt.completes_needed = 1;
opt.marginals_needed = 3;
opt.homedir = getenv("GNUPGHOME");
@@ -527,8 +542,34 @@ main( int argc, char **argv )
default_config = 0; /* --no-options */
else if( pargs.r_opt == oHomedir )
opt.homedir = pargs.r.ret_str;
+ #ifdef USE_SHM_COPROCESSING
+ else if( pargs.r_opt == oRunAsShmCP ) {
+ /* does not make sense in a options file, we do it here,
+ * so that we are the able to drop setuid as soon as possible */
+ opt.shm_coprocess = 1;
+ requested_shm_size = pargs.r.ret_ulong;
+ }
+ #endif
}
+
+ #ifdef USE_SHM_COPROCESSING
+ if( opt.shm_coprocess ) {
+ #ifdef IS_G10
+ init_shm_coprocessing(requested_shm_size, 1 );
+ #else
+ init_shm_coprocessing(requested_shm_size, 0 );
+ #endif
+ }
+ #endif
+ #ifdef IS_G10
+ /* initialize the secure memory. */
+ secmem_init( 16384 );
+ maybe_setuid = 0;
+ /* Okay, we are now working under our real uid */
+ #endif
+
+
if( default_config )
configname = make_filename(opt.homedir, "options", NULL );
@@ -550,7 +591,7 @@ main( int argc, char **argv )
else {
log_error(_("option file '%s': %s\n"),
configname, strerror(errno) );
- g10_exit(1);
+ g10_exit(2);
}
m_free(configname); configname = NULL;
}
@@ -654,16 +695,18 @@ main( int argc, char **argv )
case oDoNotExportRSA: opt.do_not_export_rsa = 1; break;
case oCompressSigs: opt.compress_sigs = 1; break;
case oRunAsShmCP:
- #ifdef USE_SHM_COPROCESSING
- opt.shm_coprocess = 1;
- requested_shm_size = pargs.r.ret_ulong;
- #else
+ #ifndef USE_SHM_COPROCESSING
+ /* not possible in the option file,
+ * but we print the warning here anyway */
log_error("shared memory coprocessing is not available\n");
#endif
break;
case oSetFilename: opt.set_filename = pargs.r.ret_str; break;
case oComment: opt.comment_string = pargs.r.ret_str; break;
case oThrowKeyid: opt.throw_keyid = 1; break;
+ case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
+ case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break;
+ case oS2KCipher: s2k_cipher_string = m_strdup(pargs.r.ret_str); break;
#ifdef IS_G10
case oRemote: /* store the remote users */
@@ -680,7 +723,7 @@ main( int argc, char **argv )
locusr = sl;
break;
case oCompress: opt.compress = pargs.r.ret_int; break;
- case oPasswdFD: set_passphrase_fd( pargs.r.ret_int ); break;
+ case oPasswdFD: pwfd = pargs.r.ret_int; break;
case oCipherAlgo: def_cipher_string = m_strdup(pargs.r.ret_str); break;
case oDigestAlgo: def_digest_string = m_strdup(pargs.r.ret_str); break;
case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break;
@@ -709,22 +752,7 @@ main( int argc, char **argv )
tty_printf("%s\n", strusage(15) );
}
- #ifdef USE_SHM_COPROCESSING
- if( opt.shm_coprocess ) {
- #ifdef IS_G10
- init_shm_coprocessing(requested_shm_size, 1 );
- #else
- init_shm_coprocessing(requested_shm_size, 0 );
- #endif
- }
- #endif
- #ifdef IS_G10
- /* initialize the secure memory. */
- secmem_init( 16384 );
- maybe_setuid = 0;
- /* Okay, we are now working under our real uid */
- #endif
-
+ secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */
set_debug();
@@ -742,12 +770,29 @@ main( int argc, char **argv )
if( check_digest_algo(opt.def_digest_algo) )
log_error(_("selected digest algorithm is invalid\n"));
}
+ if( s2k_cipher_string ) {
+ opt.s2k_cipher_algo = string_to_cipher_algo(s2k_cipher_string);
+ m_free(s2k_cipher_string); s2k_cipher_string = NULL;
+ if( check_cipher_algo(opt.s2k_cipher_algo) )
+ log_error(_("selected cipher algorithm is invalid\n"));
+ }
+ if( s2k_digest_string ) {
+ opt.s2k_digest_algo = string_to_digest_algo(s2k_digest_string);
+ m_free(s2k_digest_string); s2k_digest_string = NULL;
+ if( check_digest_algo(opt.s2k_digest_algo) )
+ log_error(_("selected digest algorithm is invalid\n"));
+ }
if( opt.def_compress_algo < 1 || opt.def_compress_algo > 2 )
log_error(_("compress algorithm must be in range %d..%d\n"), 1, 2);
if( opt.completes_needed < 1 )
log_error(_("completes-needed must be greater than 0\n"));
if( opt.marginals_needed < 2 )
log_error(_("marginals-needed must be greater than 1\n"));
+ switch( opt.s2k_mode ) {
+ case 0: case 1: case 3: break;
+ default:
+ log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
+ }
if( log_get_errorcount(0) )
g10_exit(2);
@@ -795,20 +840,11 @@ main( int argc, char **argv )
FREE_STRLIST(nrings);
FREE_STRLIST(sec_nrings);
- if( argc )
- fname = *argv;
- else {
- fname = NULL;
- if( get_passphrase_fd() == 0 ) {
- /* reading data and passphrase from stdin:
- * we assume the first line is the passphrase, so
- * we should read it now.
- *
- * We should do it here, but for now it is not needed.
- * Anyway, this password scheme is not quite good
- */
- }
- }
+
+ if( pwfd != -1 ) /* read the passphrase now. */
+ read_passphrase_from_fd( pwfd );
+
+ fname = argc? *argv : NULL;
switch( cmd ) {
case aPrimegen:
diff --git a/g10/getkey.c b/g10/getkey.c
index f9f4c9f43..eed62e916 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -31,6 +31,7 @@
#include "keydb.h"
#include "options.h"
#include "main.h"
+#include "i18n.h"
#define MAX_PK_CACHE_ENTRIES 500
@@ -789,9 +790,6 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
}
}
else { /* keyid or fingerprint lookup */
- /* No need to compare the usage here, as we already have the
- * keyid to use
- */
if( DBG_CACHE && (mode== 10 || mode==11) ) {
log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n",
(ulong)keyid[0], (ulong)keyid[1],
@@ -867,6 +865,29 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
merge_one_pk_and_selfsig( keyblock, keyblock );
}
else {
+ if( primary && pk->pubkey_usage
+ && check_pubkey_algo2( k->pkt->pkt.public_key->pubkey_algo,
+ pk->pubkey_usage ) == G10ERR_WR_PUBKEY_ALGO ) {
+ /* if the usage is not correct, try to use a subkey */
+ KBNODE save_k = k;
+
+ for( ; k; k = k->next ) {
+ if( k->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ && !check_pubkey_algo2(
+ k->pkt->pkt.public_key->pubkey_algo,
+ pk->pubkey_usage ) )
+ break;
+ }
+ if( !k )
+ k = save_k;
+ else
+ log_info(_("using secondary key %08lX "
+ "instead of primary key %08lX\n"),
+ (ulong)keyid_from_pk( k->pkt->pkt.public_key, NULL),
+ (ulong)keyid_from_pk( save_k->pkt->pkt.public_key, NULL)
+ );
+ }
+
copy_public_key_new_namehash( pk, k->pkt->pkt.public_key,
use_namehash? namehash:NULL);
merge_one_pk_and_selfsig( keyblock, k );
diff --git a/g10/gpgd.c b/g10/gpgd.c
index da7a990dc..ce92c95d7 100644
--- a/g10/gpgd.c
+++ b/g10/gpgd.c
@@ -18,6 +18,15 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
+/****************
+ * This is a spinning server for most purposes, the server does only
+ * fork for updates (which may require signature checks and lengthy DB
+ * operations).
+ *
+ * see ks-proto.c for the used protocol.
+ * see ks-db.c for the layout of the database.
+ */
+
#include <config.h>
#include <stdio.h>
#include <errno.h>
diff --git a/g10/import.c b/g10/import.c
index 7ef916d27..12a2a099d 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -459,7 +459,7 @@ import_secret_one( const char *fname, KBNODE keyblock )
_("can't lock secret keyring: %s\n"), g10_errstr(rc) );
else if( (rc=insert_keyblock( &kbpos, keyblock )) )
log_error_f(keyblock_resource_name(&kbpos),
- _("can't write keyring\n"), g10_errstr(rc) );
+ _("can't write keyring: %s\n"), g10_errstr(rc) );
unlock_keyblock( &kbpos );
/* we are ready */
log_info_f(fname, _("key %08lX: secret key imported\n"), (ulong)keyid[1]);
@@ -655,16 +655,17 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
else if( node->pkt->pkttype == PKT_SIGNATURE
&& node->pkt->pkt.signature->sig_class == 0x20 ) {
if( uid_seen ) {
- log_error_f(fname, _("key %08lX: revocation certificate at wrong "
- "place - skipped\n"), fname, (ulong)keyid[1]);
+ log_error_f(fname, _("key %08lX: revocation certificate "
+ "at wrong place - skipped\n"),
+ (ulong)keyid[1]);
delete_kbnode( node );
}
else {
int rc = check_key_signature( keyblock, node, NULL);
if( rc ) {
- log_error_f(fname, _("key %08lX: invalid revocation certificate"
- ": %s - skipped\n"),
- fname, (ulong)keyid[1], g10_errstr(rc));
+ log_error_f(fname, _("key %08lX: invalid revocation "
+ "certificate: %s - skipped\n"),
+ (ulong)keyid[1], g10_errstr(rc));
delete_kbnode( node );
}
}
@@ -788,7 +789,7 @@ append_uid( KBNODE keyblock, KBNODE node, int *n_sigs,
/* at lease a self signature comes next to the user-id */
if( node->next->pkt->pkttype == PKT_USER_ID ) {
log_error_f(fname, _("key %08lX: our copy has no self-signature\n"),
- fname, (ulong)keyid[1]);
+ (ulong)keyid[1]);
return G10ERR_GENERAL;
}
diff --git a/g10/keydb.h b/g10/keydb.h
index c16dc4b80..c7fb26db1 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -99,8 +99,8 @@ int build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
int unlock, unsigned usage );
/*-- passphrase.h --*/
-void set_passphrase_fd( int fd );
-int get_passphrase_fd(void);
+int have_static_passphrase(void);
+void read_passphrase_from_fd( int fd );
DEK *passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode);
void set_next_passphrase( const char *s );
char *get_last_passphrase(void);
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 13fa24c8c..9387a762e 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -199,7 +199,6 @@ check_all_keysigs( KBNODE keyblock, int only_selected )
}
-
/****************
* Loop over all locusr and and sign the uids after asking.
* If no user id is marked, all user ids will be signed;
@@ -259,10 +258,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified )
(ulong)sk_keyid[1] );
continue;
}
- /* Ask whether we realy should sign these user id(s) */
+ /* Ask whether we really should sign these user id(s) */
tty_printf("\n");
show_key_with_all_names( keyblock, 1, 1, 0, 0 );
- tty_printf("\n");
tty_printf(_(
"Are you really sure that you want to sign this key\n"
"with your key: \""));
@@ -372,9 +370,9 @@ change_passphrase( KBNODE keyblock )
set_next_passphrase( NULL );
for(;;) {
- s2k->mode = 1;
- s2k->hash_algo = DIGEST_ALGO_RMD160;
- dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 );
+ s2k->mode = opt.s2k_mode;
+ s2k->hash_algo = opt.s2k_digest_algo;
+ dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 );
if( !dek ) {
tty_printf(_("passphrase not correctly repeated; try again.\n"));
}
@@ -556,7 +554,7 @@ keyedit_menu( const char *username, STRLIST locusr )
if( cmds[i].need_sk && !sec_keyblock )
; /* skip if we do not have the secret key */
else if( cmds[i].desc )
- tty_printf("%-10s %s\n", cmds[i].name, cmds[i].desc );
+ tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
}
break;
diff --git a/g10/keygen.c b/g10/keygen.c
index 47a24b2ae..1d1cdbfc2 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -687,9 +687,9 @@ ask_passphrase( STRING2KEY **ret_s2k )
s2k = m_alloc_secure( sizeof *s2k );
for(;;) {
- s2k->mode = 1;
- s2k->hash_algo = DIGEST_ALGO_RMD160;
- dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 );
+ s2k->mode = opt.s2k_mode;
+ s2k->hash_algo = opt.s2k_digest_algo;
+ dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 );
if( !dek ) {
tty_printf(_("passphrase not correctly repeated; try again.\n"));
}
@@ -970,10 +970,10 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
if( passphrase ) {
s2k = m_alloc_secure( sizeof *s2k );
- s2k->mode = 1;
- s2k->hash_algo = DIGEST_ALGO_RMD160;
+ s2k->mode = opt.s2k_mode;
+ s2k->hash_algo = opt.s2k_digest_algo;
set_next_passphrase( passphrase );
- dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 );
+ dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 );
}
rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,
diff --git a/g10/ks-proto.c b/g10/ks-proto.c
index b862357fb..b5109f2ad 100644
--- a/g10/ks-proto.c
+++ b/g10/ks-proto.c
@@ -42,245 +42,114 @@
* X-Key-MTime: <last modification time>
* X-Key-LID: <local_key_id_used_for_update_etc>
* [fixme: is X-.... allowed?]
+ *
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <errno.h>
+#include <ctype.h>
#include "util.h"
#include "ks-proto.h"
-#if 0
-/****************
- * Read a protocol line
- */
-static int
-read_line( FILE *fp )
-{
- return -1;
-}
-
-
-
-
-/****************
- * Send a HKP request
- */
-int
-hkp_request( int operation, const char *user_id )
-{
-
-}
-
-
-
-
-
-/************************************************
- ******* client communication stuff ************
- ************************************************/
-
-/****************
- * Initialisieren des clients
- * Es wird ein Handle zurückgegeben oder -1 bei einem fehler.
- * z.Z. ist nut eine Verbindung gleichzeitig möglich.
- * Wenn einer serverpid von 0 angegeben wird, so wird diese
- * der environment variabeln ATEXDB_PID entnommen.
- */
-
-int
-hkp_open( const char *serverurl )
-{
- const char *s;
-
- s = SERVER_NAME_TEMPLATE;
- client.serv_name = xmalloc(strlen(s) + 10 );
- sprintf(client.serv_name,s, serverpid );
- if( opt.verbose )
- Info("Using unix domain stream '%s'", client.serv_name );
-
- memset( &client.serv_addr, 0, sizeof client.serv_addr );
- client.serv_addr.sun_family = AF_UNIX;
- strcpy( client.serv_addr.sun_path, client.serv_name );
- client.serv_addr_len = strlen(client.serv_addr.sun_path)
- + sizeof client.serv_addr.sun_family;
-
- client.sockfd = -1;
- if( DoCheckVersion() )
- return -1;
- return 0;
-}
-
-
-static int
-DoConnect()
-{
- if( client.sockfd != -1 )
- DoDisconnect();
- if( (client.sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1 ) {
- Error(1000,"can't open unix domain socket");
- return 1;
- }
- if( connect(client.sockfd, (struct sockaddr*)&client.serv_addr,
- client.serv_addr_len) == -1 ) {
- Error(1000,"can't connect to '%s'",client.serv_addr.sun_path);
- return 1;
- }
-
- return 0; /* okay */
-}
-
-static int
-DoDisconnect()
-{
- if( client.sockfd != -1 ) {
- close(client.sockfd);
- client.sockfd = -1;
- }
- return 0; /* okay */
-}
-/****************
- * NBYTES auf den aktuellen stream schreiben.
- */
static int
-DoWrite( void *buf, size_t nbytes )
+do_read( int fd, char *buffer, size_t bufsize, int *ret_nread )
{
- size_t nleft = nbytes;
- ssize_t nwritten;
-
- while( nleft > 0 ) {
- /* FIXME: add EINTR handling */
- nwritten = write(client.sockfd, buf, nleft);
- if( nwritten < 0 ) {
- Error(1000,"error writing to server");
+ int n;
+ fd_set rfds;
+ struct timeval tv;
+ int rc;
+
+ *ret_nread = 0;
+ do {
+ FD_ZERO(&rfds);
+ FD_SET(fd, &rfds);
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) )
+ return 0; /* timeout */
+ if( rc == -1 ) {
+ log_error("select() error: %s\n", strerror(errno));
return -1;
}
- nleft -= nwritten;
- buf = (char*)buf + nwritten;
- }
- return 0;
-}
-
-static int
-DoWriteStr( const char *s )
-{
- return DoWrite((char *)s, strlen(s) );
-}
-
-
-static int
-DoRead( void *buf, size_t buflen, size_t *ret_nread, int stop)
-{
- size_t nleft = buflen;
- int nread;
- char *p;
-
- p = buf;
- while( nleft > 0 ) {
- /* FIXME: add EINTR handling */
- nread = read(client.sockfd, buf, stop? 1 : nleft);
- if( nread < 0 ) {
- Error(1000,"error reading from server");
- return -1;
- }
- else if( !nread )
- break; /* EOF */
- nleft -= nread;
- buf = (char*)buf + nread;
- if( stop )
- for(; p < (char*)buf ; p++ )
- if( *p == '\n' )
- goto leave;
- }
- leave:
- if( ret_nread )
- *ret_nread = buflen - nleft;
- return 0;
-}
-
-/****************
- * Like DoRead(), but append the received data to the given strgbuf.
- * read a maximum of nbytes;
- */
-static int
-DoReadIntoStrgbuf( strgbuf_t *strgbuf, size_t nbytes, size_t *ret_nread)
-{
- size_t ntotal, nleft;
- int nread;
- byte *p, buffer[1000];
- ntotal = 0;
- nleft = nbytes;
- while( nleft ) {
- nread = read(client.sockfd, buffer,
- nleft > DIM(buffer)? DIM(buffer) : nleft);
- if( nread < 0 ) {
- Error(1000,"error reading from server");
+ do {
+ n = read(fd, buffer, bufsize );
+ if( n >= 0 && n > bufsize )
+ log_bug("bogus read from fd %d (n=%d)\n", fd, n );
+ } while( n == -1 && errno == EINTR );
+ if( n == -1 ) {
+ log_error("read error on fd %d: %s\n", fd, strerror(errno) );
return -1;
}
- else if( !nread )
- break; /* EOF */
- nleft -= nread;
- ntotal += nread;
- /* ab in den stringbuffer */
- for(p=buffer; nread; nread--, p++ )
- PutStrgbuf(strgbuf, *p );
- }
-
- if( ret_nread )
- *ret_nread = ntotal;
+ } while( !n );
+ *ret_nread = n;
return 0;
}
-/****************
- * In retval wird das numerische argument nach OK zurückgegeben
- */
-static int
-DoRequest( char *request, long *retval )
-{
- if( DoWrite(request, strlen(request)) )
- return -1;
- return DoWaitReply( retval );
-}
-
-static int
-DoWaitReply( long *retval )
+int
+ks_get_request( int fd, KS_TRANS *req )
{
- char *p, buf[200]; /* enough room for messages */
- size_t nread;
+ char *p, *p2, buf[500];
+ int nread, n;
+ int state = 0;
+
+ req->err = 0;
+ req->data = NULL;
+ while( !do_read( fd, buf, DIM(buf)-1, &nread ) {
+ p = buf;
+ if( !state ) {
+ /* replace the trailing LF with a 0 */
+ for(p2=p,n=0; n < nread && *p2 != '\n'; p2++ )
+ ;
+ if( *p2 != '\n' ) {
+ req->err = KS_ERR_REQ_TOO_LONG;
+ break;
+ }
+ *p2++ = 0;
+ n++;
+
+ /* now look at the request. Note that the isspace() will work
+ * because there is still a CR before the 0 */
+ if( (p[0] == 'G' || p[0] == 'g')
+ && (p[1] == 'E' || p[1] == 'e')
+ && (p[2] == 'T' || p[2] == 't') && isspace( p[3] ) ) {
+ req->cmd = KS_REQ_GET;
+ p += 4;
+ }
+ else if( (p[0] == 'H' || p[0] == 'h')
+ && (p[1] == 'E' || p[1] == 'e')
+ && (p[2] == 'A' || p[2] == 'a')
+ && (p[3] == 'D' || p[3] == 'd') && isspace( p[4] ) ) {
+ req->cmd = KS_REQ_HEAD;
+ p += 5;
+ }
+ else if( (p[0] == 'H' || p[0] == 'h')
+ && (p[1] == 'E' || p[1] == 'e')
+ && (p[2] == 'L' || p[2] == 'l')
+ && (p[3] == 'P' || p[3] == 'p') && isspace( p[4] ) ) {
+ req->cmd = KS_REQ_HELP;
+ p += 5;
+ }
+ else
+ req->cmd = KS_REQ_UNKNOWN;
+ /* skip spaces, store args and remaining data */
+ while( *p == ' ' || *p == '\t' )
+ p++;
+ /* fixme: remove trailing blanks from args */
+ req->args = p;
+ p = p2; /* p now points to the remaining n bytes in the buffer */
+ state = 1;
+ }
+ if( state == 1 ) {
+ /* read the option lines */
+ }
- /* read but stop at the first newline */
- if( DoRead(buf, DIM(buf)-2, &nread, 1 ) )
- return -1;
- buf[DIM(buf)-1] = 0;
- /* fixme: should check, that we have the linefeed and otherwise
- * perform a dummy read */
- if( p = strchr(buf, '\n') )
- *p = 0;
- if( *buf == 'O' && buf[1] == 'K' && (buf[2]==' ' || !buf[2]) ) {
- if( retval )
- *retval = buf[2]? strtol(buf+3, NULL, 10 ):0;
- return 0;
}
- Error(0, "Server replied: %.60s", buf );
- return -1;
}
-
-
-
-
-
-
-
-
-
-
-#endif
-
-
-
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 1e8af7e21..bcbc4bd92 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -88,8 +88,10 @@ add_onepass_sig( CTX c, PACKET *pkt )
if( c->list->pkt->pkttype != PKT_ONEPASS_SIG ) {
log_error("add_onepass_sig: another packet is in the way\n");
release_list( c );
+ c->list = new_kbnode( pkt );
}
- add_kbnode( c->list, new_kbnode( pkt ));
+ else
+ add_kbnode( c->list, new_kbnode( pkt ));
}
else /* insert the first one */
c->list = node = new_kbnode( pkt );
diff --git a/g10/options.h b/g10/options.h
index a4b4167c4..d674ada12 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -55,6 +55,9 @@ struct {
const char *set_filename;
const char *comment_string;
int throw_keyid;
+ int s2k_mode;
+ int s2k_digest_algo;
+ int s2k_cipher_algo;
} opt;
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 2601e1571..1cd14acfb 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1068,6 +1068,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
}
sk->protect.s2k.count = iobuf_get(inp);
pktlen--;
+ if( list_mode )
+ printf("\tprotect count: %lu\n",
+ (ulong)sk->protect.s2k.count);
}
}
else { /* old version; no S2K, so we set mode to 0, hash MD5 */
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 7dbaeb466..2e649119d 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -34,22 +34,16 @@
#include "i18n.h"
#include "status.h"
-static int pwfd = -1;
+static char *fd_passwd = NULL;
static char *next_pw = NULL;
static char *last_pw = NULL;
static void hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create );
-void
-set_passphrase_fd( int fd )
-{
- pwfd = fd;
-}
-
int
-get_passphrase_fd()
+have_static_passphrase()
{
- return pwfd;
+ return !!fd_passwd;
}
/****************
@@ -81,6 +75,36 @@ get_last_passphrase()
}
+void
+read_passphrase_from_fd( int fd )
+{
+ int i, len;
+ char *pw;
+
+ if( !opt.batch )
+ tty_printf("Reading passphrase from file descriptor %d ...", fd );
+ for( pw = NULL, i = len = 100; ; i++ ) {
+ if( i >= len-1 ) {
+ char *pw2 = pw;
+ len += 100;
+ pw = m_alloc_secure( len );
+ if( pw2 )
+ memcpy(pw, pw2, i );
+ else
+ i=0;
+ }
+ if( read( fd, pw+i, 1) != 1 || pw[i] == '\n' )
+ break;
+ }
+ pw[i] = 0;
+ if( !opt.batch )
+ tty_printf("\b\b\b \n" );
+
+ m_free( fd_passwd );
+ fd_passwd = pw;
+}
+
+
/****************
* Get a passphrase for the secret key with KEYID, display TEXT
* if the user needs to enter the passphrase.
@@ -140,26 +164,9 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
pw = next_pw;
next_pw = NULL;
}
- else if( pwfd != -1 ) { /* read the passphrase from the file */
- int i, len;
-
- if( !opt.batch )
- tty_printf("Reading from file descriptor %d ...", pwfd );
- for( pw = NULL, i = len = 100; ; i++ ) {
- if( i >= len-1 ) {
- char *pw2 = pw;
- len += 100;
- pw = m_alloc_secure( len );
- if( pw2 )
- memcpy(pw, pw2, i );
- i=0;
- }
- if( read( pwfd, pw+i, 1) != 1 || pw[i] == '\n' )
- break;
- }
- pw[i] = 0;
- if( !opt.batch )
- tty_printf("\b\b\b \n" );
+ else if( fd_passwd ) {
+ pw = m_alloc_secure( strlen(fd_passwd)+1 );
+ strcpy( pw, fd_passwd );
}
else if( opt.batch )
log_fatal("Can't query password in batchmode\n");
@@ -192,54 +199,69 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
/****************
* Hash a passphrase using the supplied s2k. If create is true, create
- * a new salt or whatelse must be filled into the s2k for a new key.
+ * a new salt or what else must be filled into the s2k for a new key.
* always needs: dek->algo, s2k->mode, s2k->hash_algo.
*/
static void
hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
{
MD_HANDLE md;
+ int pass, i;
+ int used = 0;
+ int pwlen = strlen(pw);
assert( s2k->hash_algo );
- dek->keylen = 0;
+ dek->keylen = cipher_get_keylen( dek->algo ) / 8;
+ if( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) )
+ BUG();
+
md = md_open( s2k->hash_algo, 1);
- if( s2k->mode == 1 || s2k->mode == 3 ) {
- ulong count = 0;
- int len = strlen(pw);
- int len2 = len + 8;
+ for(pass=0; used < dek->keylen ; pass++ ) {
+ if( pass ) {
+ md_reset(md);
+ for(i=0; i < pass; i++ ) /* preset the hash context */
+ md_putc(md, 0 );
+ }
- if( create )
- randomize_buffer(s2k->salt, 8, 1);
+ if( s2k->mode == 1 || s2k->mode == 3 ) {
+ int len2 = pwlen + 8;
+ ulong count = len2;
- if( s2k->mode == 3 ) {
- count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6);
- log_debug("s2k iteration count=%lu\n", count );
- }
- for(;;) {
- md_write( md, s2k->salt, 8 );
- md_write( md, pw, len );
- if( count <= len2 )
- break;
- count -= len2;
- }
- if( count ) {
- if( count < 8 ) {
- md_write( md, s2k->salt, count );
+ if( create && !pass ) {
+ randomize_buffer(s2k->salt, 8, 1);
+ if( s2k->mode == 3 )
+ s2k->count = 96; /* = 56536 */
}
+
+ if( s2k->mode == 3 ) {
+ count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6);
+ if( count < len2 )
+ count = len2;
+ }
+ /* a little bit complicated because we need a ulong for count */
+ while( count > len2 ) { /* maybe iterated+salted */
+ md_write( md, s2k->salt, 8 );
+ md_write( md, pw, pwlen );
+ count -= len2;
+ }
+ if( count < 8 )
+ md_write( md, s2k->salt, count );
else {
md_write( md, s2k->salt, 8 );
count -= 8;
- assert( count <= len );
+ assert( count >= 0 );
md_write( md, pw, count );
}
}
+ else
+ md_write( md, pw, pwlen );
+ md_final( md );
+ i = md_digest_length( s2k->hash_algo );
+ if( i > dek->keylen - used )
+ i = dek->keylen - used;
+ memcpy( dek->key+used, md_read(md, s2k->hash_algo), i );
+ used += i;
}
- else
- md_write( md, pw, strlen(pw) );
- md_final( md );
- dek->keylen = cipher_get_keylen( dek->algo ) / 8;
- assert(dek->keylen > 0 && dek->keylen <= DIM(dek->key) );
- memcpy( dek->key, md_read(md,0), dek->keylen );
md_close(md);
}
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 4f52eebb7..272a861b7 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -182,7 +182,8 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
int rc;
if( (trustlevel & TRUST_FLAG_REVOKED) ) {
- log_info("key has been revoked!\n");
+ log_info("%08lX: key has been revoked!\n",
+ (ulong)keyid_from_pk( pk, NULL) );
if( opt.batch )
return 0;
@@ -209,12 +210,13 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
return do_we_trust( pk, trustlevel );
case TRUST_EXPIRED:
- log_info("key has expired\n");
+ log_info("%08lX: key has expired\n", (ulong)keyid_from_pk( pk, NULL) );
return 0; /* no */
case TRUST_UNDEFINED:
if( opt.batch || opt.answer_no )
- log_info("no info to calculate a trust probability\n");
+ log_info("%08lX: no info to calculate a trust probability\n",
+ (ulong)keyid_from_pk( pk, NULL) );
else {
rc = add_ownertrust( pk );
if( !rc ) {
@@ -229,12 +231,14 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
return 0;
case TRUST_NEVER:
- log_info("We do NOT trust this key\n");
+ log_info("%08lX: We do NOT trust this key\n",
+ (ulong)keyid_from_pk( pk, NULL) );
return 0; /* no */
case TRUST_MARGINAL:
- log_info("I'm not sure whether this key really belongs to the owner\n"
- "but I proceed anyway\n");
+ log_info("%08lX: I'm not sure whether this key really belongs to the owner\n"
+ "but I proceed anyway\n",
+ (ulong)keyid_from_pk( pk, NULL) );
return 1; /* yes */
case TRUST_FULLY:
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 9253b8ce1..d43f8619d 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -168,7 +168,7 @@ check_secret_key( PKT_secret_key *sk, int n )
if( i )
log_error(_("Invalid passphrase; please try again ...\n"));
rc = do_check( sk );
- if( get_passphrase_fd() != -1 )
+ if( have_static_passphrase() )
break;
}
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 1dda44529..5e6873f9d 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -152,8 +152,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
u32 cur_time;
if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
- log_info("this is a PGP generated "
- "ElGamal key which is NOT secure for signatures!\n");
+ log_info(_("this is a PGP generated "
+ "ElGamal key which is NOT secure for signatures!\n"));
return G10ERR_PUBKEY_ALGO;
}
diff --git a/g10/status.c b/g10/status.c
index 7cb2f5c5d..97b4fba97 100644
--- a/g10/status.c
+++ b/g10/status.c
@@ -31,6 +31,9 @@
#ifdef HAVE_SYS_SHM_H
#include <sys/shm.h>
#endif
+ #if defined(HAVE_MLOCK)
+ #include <sys/mman.h>
+ #endif
#endif
#include "util.h"
#include "status.h"
@@ -142,11 +145,21 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
log_info("mapped %uk shared memory at %p, id=%d\n",
(unsigned)shm_size/1024, shm_area, shm_id );
if( lock_mem ) {
+ #ifdef IPC_HAVE_SHM_LOCK
if ( shmctl (shm_id, SHM_LOCK, 0) )
- log_info("Locking shared memory %d failed: %s\n",
+ log_info("locking shared memory %d failed: %s\n",
shm_id, strerror(errno));
else
shm_is_locked = 1;
+ #elif defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
+ if ( mlock (shm_area, shm_size) )
+ log_info("locking shared memory %d failed: %s\n",
+ shm_id, strerror(errno));
+ else
+ shm_is_locked = 1;
+ #else
+ log_info("Locking shared memory %d failed: No way to do it\n", shm_id );
+ #endif
}
@@ -225,7 +238,7 @@ do_shm_get( const char *keyword, int hidden, int bool )
static void
display_help( const char *keyword )
{
- char *p;
+ const char *p;
int hint = 0;
tty_kill_prompt();
diff --git a/g10/trustdb.c b/g10/trustdb.c
index bce0df0c9..b36c176ae 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -105,7 +105,7 @@ static TRUST_SEG_LIST last_trust_web_tslist;
#define HEXTOBIN(a) ( (a) >= '0' && (a) <= '9' ? ((a)-'0') : \
(a) >= 'A' && (a) <= 'F' ? ((a)-'A'+10) : ((a)-'a'+10))
-
+
/**********************************************
************* list helpers *******************
**********************************************/
@@ -239,6 +239,8 @@ keyid_from_lid( ulong lid, u32 *keyid )
return 0;
}
+
+
/****************
* Walk through the signatures of a public key.
* The caller must provide a context structure, with all fields set
@@ -333,7 +335,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create )
-
+
/***********************************************
************* Trust stuff ******************
***********************************************/
@@ -357,6 +359,10 @@ verify_own_keys()
if( DBG_TRUST )
log_debug("key %08lX: checking secret key\n", (ulong)keyid[1] );
+ if( is_secret_key_protected( sk ) < 1 )
+ log_info("note: secret key %08lX is NOT protected.\n",
+ (ulong)keyid[1] );
+
/* see whether we can access the public key of this secret key */
memset( pk, 0, sizeof *pk );
rc = get_pubkey( pk, keyid );
@@ -1204,7 +1210,7 @@ do_check( TRUSTREC *dr, unsigned *trustlevel )
return 0;
}
-
+
/***********************************************
**************** API ************************
***********************************************/
@@ -1564,6 +1570,8 @@ check_trustdb( const char *username )
}
}
+
+
/****************
* Get the trustlevel for this PK.
* Note: This does not ask any questions
@@ -1612,11 +1620,11 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
rc = insert_trust_record( pk );
if( rc ) {
log_error(_("key %08lX: insert trust record failed: %s\n"),
- keyid[1], g10_errstr(rc));
+ (ulong)keyid[1], g10_errstr(rc));
goto leave;
}
log_info(_("key %08lX.%lu: inserted into trustdb\n"),
- keyid[1], pk->local_id );
+ (ulong)keyid[1], pk->local_id );
/* and re-read the dir record */
if( tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
log_error("check_trust: reread dir record failed\n");
@@ -1628,14 +1636,14 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
if( pk->timestamp > cur_time ) {
log_info(_("key %08lX.%lu: created in future "
"(time warp or clock problem)\n"),
- keyid[1], pk->local_id );
+ (ulong)keyid[1], pk->local_id );
return G10ERR_TIME_CONFLICT;
}
if( pk->valid_days && add_days_to_timestamp(pk->timestamp,
pk->valid_days) < cur_time ) {
log_info(_("key %08lX.%lu: expired at %s\n"),
- keyid[1], pk->local_id,
+ (ulong)keyid[1], pk->local_id,
asctimestamp( add_days_to_timestamp(pk->timestamp,
pk->valid_days)));
trustlevel = TRUST_EXPIRED;
@@ -1644,7 +1652,7 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
rc = do_check( &rec, &trustlevel );
if( rc ) {
log_error(_("key %08lX.%lu: trust check failed: %s\n"),
- keyid[1], pk->local_id, g10_errstr(rc));
+ (ulong)keyid[1], pk->local_id, g10_errstr(rc));
return rc;
}
}
diff --git a/include/cipher.h b/include/cipher.h
index 14b99803e..dce7262c6 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -106,10 +106,12 @@ int check_digest_algo( int algo );
MD_HANDLE md_open( int algo, int secure );
void md_enable( MD_HANDLE hd, int algo );
MD_HANDLE md_copy( MD_HANDLE a );
+void md_reset( MD_HANDLE a );
void md_close(MD_HANDLE a);
void md_write( MD_HANDLE a, byte *inbuf, size_t inlen);
void md_final(MD_HANDLE a);
byte *md_read( MD_HANDLE a, int algo );
+int md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen );
int md_get_algo( MD_HANDLE a );
int md_digest_length( int algo );
const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen );
diff --git a/po/ChangeLog b/po/ChangeLog
index 61c1c9753..a09a806ae 100644
--- a/po/ChangeLog
+++ b/po/ChangeLog
@@ -1,3 +1,11 @@
+Mon Sep 21 15:03:44 1998 Werner Koch (wk@(none))
+
+ * it.po: New version from Marco d'Itri
+
+Mon Sep 21 09:28:54 1998 Werner Koch (wk@(none))
+
+ * fr.po: New version from Gaël Quéri
+
Tue Aug 11 12:28:11 1998 Werner Koch (wk@(none))
* it.po: New file from Marco.
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 04a37d240..6b5f524bc 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -15,10 +15,12 @@ cipher/rand-w32.c
# main program
g10/g10.c
+g10/armor.c
g10/pkclist.c
g10/keygen.c
g10/decrypt.c
g10/encode.c
+g10/getkey.c
g10/import.c
g10/keyedit.c
g10/keylist.c
diff --git a/po/de.po b/po/de.po
index fcf01f305..cf34f09d1 100644
--- a/po/de.po
+++ b/po/de.po
@@ -298,19 +298,19 @@ msgid ""
"Examples:\n"
"\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
-" -sat [file] make a clear text signature\n"
-" -sb [file] make a detached signature\n"
-" -k [userid] show keys\n"
-" -kc [userid] show fingerprint\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprint\n"
msgstr ""
"@\n"
"Beispiele:\n"
"\n"
" -se -r Bob [file] Signieren und verschlüsseln für Benutzer Bob\n"
-" -sat [file] Eine Klartextsignatur erzeugen\n"
-" -sb [file] Eine abgetrennte Signatur erzeugen\n"
-" -k [userid] Die Schlüssel anzeigen\n"
-" -kc [userid] Die \"Fingerabdrücke\" anzeigen\n"
+" --clearsign [file] Eine Klartextsignatur erzeugen\n"
+" --detach-sign [file] Eine abgetrennte Signatur erzeugen\n"
+" --list-keys [names] Die Schlüssel anzeigen\n"
+" --fingerprint [names] Die \"Fingerabdrücke\" anzeigen\n"
#: g10/g10.c:302
msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
diff --git a/po/fr.po b/po/fr.po
index 1a59f7bf5..8b8e0f895 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -2,15 +2,16 @@
# Copyright (C) 1998 Free Software Foundation, Inc.
# Gaël Quéri <gqueri@mail.dotcom.fr>, 1998.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: gnupg-0.3.4\n"
+"Project-Id-Version: gnupg-0.4.0\n"
"POT-Creation-Date: 1998-09-18 17:16+0200\n"
-"PO-Revision-Date: 1998-08-20 00:0000+0200\n"
+"PO-Revision-Date: 1998-09-17 03:14+0200\n"
"Last-Translator: Gaël Quéri <gqueri@mail.dotcom.fr>\n"
+"Language-Team: French <fr@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=iso8859-1\n"
+"Content-Transfer-Encoding: 8-bit\n"
#: util/secmem.c:226
msgid "Warning: using insecure memory!\n"
@@ -52,7 +53,7 @@ msgid ""
msgstr ""
"\n"
"Il n'y a pas assez d'octets aléatoires disponibles. Faites autre chose\n"
-"pur que l'OS puisse amasser plus d'entropie! (il faut %d octets de plus)\n"
+"pour que l'OS puisse amasser plus d'entropie! (il faut %d octets de plus)\n"
#: g10/g10.c:143
msgid ""
@@ -120,7 +121,7 @@ msgstr "générer une nouvelle paire de clés"
#: g10/g10.c:163
msgid "remove key from the public keyring"
-msgstr "enlever la clé du pore-clés public"
+msgstr "enlever la clé du porte-clés public"
#: g10/g10.c:165
msgid "sign or edit a key"
@@ -156,15 +157,15 @@ msgstr "|[NOMS]|vérifier la base de confiance"
#: g10/g10.c:177
msgid "De-Armor a file or stdin"
-msgstr "Enlever l'armure d'un fichier ou de l'entrée standard"
+msgstr "Enlever l'armure d'un fichier ou de stdin"
#: g10/g10.c:178
msgid "En-Armor a file or stdin"
-msgstr "Mettre une armure à un fichier ou à l'entrée standard"
+msgstr "Mettre une armure à un fichier ou à stdin"
#: g10/g10.c:179
msgid "|algo [files]|print message digests"
-msgstr "|algo [fichiers]|indiquer les fonctions de hachage"
+msgstr "|alg. [fich.]|indiquer les fonctions de hachage"
#: g10/g10.c:180
msgid "print all message digests"
@@ -263,7 +264,7 @@ msgstr "(3 par défaut)"
#: g10/g10.c:213
msgid "|file|load extension module"
-msgstr "|fichier|charger un module d'extension"
+msgstr "|fich|charger un module d'extension"
#: g10/g10.c:214
msgid "emulate the mode described in RFC1991"
@@ -283,33 +284,31 @@ msgstr "|N|utiliser l'algorithme de compression N"
#: g10/g10.c:219
msgid "throw keyid field of encrypted packets"
-msgstr ""
+msgstr "enlever l'idendification de la clé des paquets cryptés"
-# encore un qui a lu Applied Cryptography ! (Bob)...
-#
#: g10/g10.c:227
msgid ""
"@\n"
"Examples:\n"
"\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
-" -sat [file] make a clear text signature\n"
-" -sb [file] make a detached signature\n"
-" -k [userid] show keys\n"
-" -kc [userid] show fingerprint\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprint\n"
msgstr ""
"@\n"
"Exemples:\n"
"\n"
-" -se -r Alice [fichier] signer et crypter pour l'utilisateur Alice\n"
-" -sat [fichier] faire une signature en texte clair\n"
-" -sb [fichier] faire une signature détachée\n"
-" -k [utilisateur] montrer les clés\n"
-" -kc [utilisateur] montrer les empreintes\n"
+" -se -r Alice [fichier] signer et crypter pour l'utilisateur Alice\n"
+" --clearsign [fichier] faire une signature en texte clair\n"
+" --detach-sign [fichier] faire une signature détachée\n"
+" --list-keys [utilisateur] montrer les clés\n"
+" --fingerprint [utilisateur] montrer les empreintes\n"
#: g10/g10.c:302
msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
-msgstr "Rapprter toutes anomalies à <gnupg-bugs@gnu.org>.\n"
+msgstr "Rapporter toutes anomalies à <gnupg-bugs@gnu.org>.\n"
#: g10/g10.c:307
msgid "Usage: gpgm [options] [files] (-h for help)"
@@ -342,6 +341,8 @@ msgid ""
"\n"
"Supported algorithms:\n"
msgstr ""
+"\n"
+"Algorithmes supportés:\n"
#: g10/g10.c:398
msgid "usage: gpgm [options] "
@@ -474,8 +475,8 @@ msgid ""
"RSA keys are deprecated; please consider creating a new key and use this key "
"in the future\n"
msgstr ""
-"Les clés RSA sont déconseillées: considérez créer une nouvelle clé "
-"etl'utiliser dans l'avenir\n"
+"Les clés RSA sont déconseillées: considérez créer une nouvelle clé et "
+"l'utiliser dans l'avenir\n"
#: g10/pkclist.c:71
#, c-format
@@ -520,6 +521,10 @@ msgstr "sSmM"
#: g10/pkclist.c:99
msgid "edit_ownertrust.value"
msgstr ""
+"C'est à vous d'assigner une valeur ici; cette valeur ne sera jamais\n"
+"exportée à une tierce personne. Nous en avons besoin pour créer le;\n"
+"réseau de confiance (web-of-trust); cela n'a rien à voir avec le\n"
+"réseau de certificats (créé implicitement)"
#: g10/pkclist.c:99
msgid "Your decision? "
@@ -549,6 +554,7 @@ msgstr ""
#: g10/pkclist.c:189
msgid "revoked_key.override"
msgstr ""
+"Si vous voulez utiliser cette clé révoquée quand-même, répondez \"oui\"."
#: g10/pkclist.c:190 g10/pkclist.c:277
msgid "Use this key anyway? "
@@ -569,6 +575,7 @@ msgstr ""
#: g10/pkclist.c:276
msgid "untrusted_key.override"
msgstr ""
+"Si vous voulez utiliser cette clé peu sûre quand-même, répondez \"oui\"."
#: g10/pkclist.c:281
msgid "WARNING: Using untrusted key!\n"
@@ -625,7 +632,7 @@ msgstr ""
#: g10/pkclist.c:423
msgid "pklist.user_id.enter"
-msgstr ""
+msgstr "Entrez le nom de l'adresse à qui vous voulez envoyer le message."
#: g10/pkclist.c:424
msgid "Enter the user ID: "
@@ -690,7 +697,7 @@ msgstr " (%d) ElGamal dans un paquet v3\n"
#: g10/keygen.c:393
msgid "keygen.algo"
-msgstr ""
+msgstr "Sélectionnez l'algorithme à utiliser:"
#: g10/keygen.c:393
msgid "Your selection? "
@@ -750,8 +757,8 @@ msgid ""
"Okay, but keep in mind that your monitor and keyboard radiation is also very "
"vulnerable to attacks!\n"
msgstr ""
-"D'accord, mais n'oubliez pas que votre écran et les radiations du "
-"claviersont aussi vulnérables aux attaques! :)\n"
+"D'accord, mais n'oubliez pas que votre écran et les radiations du clavier "
+"sont aussi très vulnérables aux attaques!\n"
#: g10/keygen.c:459
msgid "keygen.size.large.okay"
@@ -815,7 +822,7 @@ msgstr ""
#: g10/keygen.c:525
msgid "Is this correct (y/n)? "
-msgstr "Est-ce correct (y/n)? "
+msgstr "Est-ce correct (o/n)? "
#: g10/keygen.c:553
msgid ""
@@ -827,8 +834,8 @@ msgid ""
"\n"
msgstr ""
"\n"
-"Vous avez besoin d'un nom d'utilisateur pour identifier votre clé; "
-"leprogramme le construit à partir du nom réel, d'un commentaire et d'une\n"
+"Vous avez besoin d'un nom d'utilisateur pour identifier votre clé; le "
+"programme le construit à partir du nom réel, d'un commentaire et d'une\n"
"adresse e-mail de cette manière:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de\"\n"
"\n"
@@ -895,6 +902,11 @@ msgstr "NnCcEeOoQq"
#: g10/keygen.c:638
msgid "keygen.userid.cmd"
msgstr ""
+"N pour changer le nom.\n"
+"C pour changer le commentaire.\n"
+"E pour changer l'adresse e-mail.\n"
+"O pour continuer à générer la clé.\n"
+"Q pour arrêter de générer de clé."
#: g10/keygen.c:639
msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
@@ -931,9 +943,9 @@ msgid ""
"network and the disks) during the prime generation; this gives the random\n"
"number generator a better chance to gain enough entropy.\n"
msgstr ""
-"On doit générer beaucoup d'octets aléatoires. C'est une bonne idée de\n"
+"Beaucoup d'octets aléatoires doivent être générés. Vous devriez\n"
"faire autre chose (travailler dans une autre fenêtre, bouger la souris,\n"
-"utiliser le réseau et les disques) pendant la géneration de nombres\n"
+"utiliser le réseau et les disques) pendant la génération de nombres\n"
"premiers; cela permet au générateur de nombres aléatoires de gagner assez\n"
"d'entropie plus facilement.\n"
@@ -943,7 +955,7 @@ msgstr "La génération de clé ne peut être faite qu'en mode interactif\n"
#: g10/keygen.c:796
msgid "DSA keypair will have 1024 bits.\n"
-msgstr "La paire de clés DSA aura 1024 bits.\n"
+msgstr "La paire de clés DSA fera 1024 bits.\n"
#: g10/keygen.c:802
msgid "Key generation cancelled.\n"
@@ -979,7 +991,7 @@ msgstr "La génération de clé a échoué: %s\n"
#: g10/keygen.c:967
msgid "keygen.sub.okay"
-msgstr ""
+msgstr "Répondez \"oui\" (ou simplement \"o\") pour générer la sous-clé"
#: g10/keygen.c:968
msgid "Really create? "
@@ -1315,7 +1327,7 @@ msgid ""
"You don't want a passphrase - this is probably a *bad* idea!\n"
"\n"
msgstr ""
-"Vous ne voulez pas de mot de passa - cela est certainement une *mauvaise* "
+"Vous ne voulez pas de mot de passe - cela est certainement une *mauvaise* "
"idée\n"
#: g10/keyedit.c:385
@@ -1499,7 +1511,7 @@ msgstr "La clé secrète est disponible.\n"
#: g10/keyedit.c:522
msgid "keyedit.cmd"
-msgstr ""
+msgstr "Entrez \"aide\" s'il vous plaît."
#: g10/keyedit.c:522
msgid "Command> "
@@ -1642,11 +1654,13 @@ msgstr ""
#: g10/passphrase.c:126
#, c-format
msgid "(%u-bit %s key, ID %08lX, created %s)\n"
-msgstr "(clé de %u bits, ID %08lX, créée le %s)\n"
+msgstr "(clé de %u bits %s, ID %08lX, créée le %s)\n"
#: g10/passphrase.c:167
msgid "passphrase.enter"
msgstr ""
+"Entrez le mot de passe; c'est une phrase secrète \n"
+" Blurb, blurb,.... "
#: g10/passphrase.c:167
msgid "Enter pass phrase: "
@@ -1655,6 +1669,7 @@ msgstr "Entrez le mot de passe: "
#: g10/passphrase.c:170
msgid "passphrase.repeat"
msgstr ""
+"Répétez le dernier mot de passe, pour être sûr de ce que vous avez tapé."
#: g10/passphrase.c:171
msgid "Repeat pass phrase: "
@@ -1684,7 +1699,7 @@ msgstr "Mot de passe invalide; réessayez...\n"
#: g10/seckey-cert.c:215
msgid "Warning: Weak key detected - please change passphrase again.\n"
-msgstr ""
+msgstr "Attention: Mauvaise clé détectée - changez encore le mot de passe.\n"
#: g10/sig-check.c:165
msgid "public key created in future (time warp or clock problem)\n"
@@ -1772,11 +1787,11 @@ msgstr "Pas d'aide disponible pour '%s'"
#: g10/pubkey-enc.c:78
#, c-format
msgid "anonymous receiver; trying secret key %08lX ...\n"
-msgstr ""
+msgstr "destinataire anonyme; essai de la clé secrète %08lX ...\n"
#: g10/pubkey-enc.c:84
msgid "okay, we are the anonymous receiver.\n"
-msgstr ""
+msgstr "d'accord, nous sommes le destinataire anonyme.\n"
#: g10/pubkey-enc.c:183
#, c-format
@@ -1796,33 +1811,22 @@ msgstr ""
#: g10/openfile.c:60
msgid "Overwrite (y/N)? "
-msgstr "Réécrire (y/N)? "
+msgstr "Réécrire (o/N)? "
#: g10/encr-data.c:74
msgid ""
"Warning: Message was encrypted with a weak key in the symmetric cipher.\n"
msgstr ""
+"Attention: Le message a été crypté avec une mauvaise clé pendant le\n"
+"chiffrement symétrique.\n"
#: g10/seskey.c:52
msgid "weak key created - retrying\n"
-msgstr ""
+msgstr "mauvais clé générée - nouvel essai\n"
#: g10/seskey.c:57
#, c-format
msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
msgstr ""
-
-#~ msgid "there is a secret key for this public key!\n"
-#~ msgstr "il y a une clé secrète pour cette clé publique!\n"
-
-#~ msgid "use option \"--delete-secret-key\" to delete it first.\n"
-#~ msgstr "utilisez l'option \"--delete-secret-key\" pour l'effacer d'abort.\n"
-
-#~ msgid "can't do that in batchmode without \"--yes\"\n"
-#~ msgstr "ne peut faire cela en mode automatique sans \"--yes\"\n"
-
-#~ msgid "Delete this key from the keyring? "
-#~ msgstr "Effacer cette clé du porte-clés? "
-
-#~ msgid "This is a secret key! - really delete? "
-#~ msgstr "C'est une clé secrète! - effacer réellement? "
+"ne peut éviter une mauvaise clé pour le chiffrement symétrique: \n"
+"%d essais ont eu lieu!\n"
diff --git a/po/it.po b/po/it.po
index 9c2326810..b5d300ef7 100644
--- a/po/it.po
+++ b/po/it.po
@@ -1,12 +1,16 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
msgid ""
msgstr ""
-"POT-Creation-Date: 1998-09-18 17:16+0200\n"
+"Project-Id-Version: gnupg-0.4.0\n"
+"PO-Revision-Date: 1998-09-20 16:15+02:00\n"
+"Last-Translator: Marco d'Itri <md@linux.it>\n"
+"Language-Team: Italian <it@li.org>\n"
+"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=iso-8859-1\n"
-"Date: 1998-03-07 12:16:14+0100\n"
-"From: Marco d'Itri <md@linux.it>\n"
-"Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments "
-"--keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
-"Files: util/secmem.c cipher/random.c g10/g10.c g10/pkclist.c g10/keygen.c\n"
+"Content-Transfer-Encoding: 8bit\n"
#: util/secmem.c:226
msgid "Warning: using insecure memory!\n"
@@ -277,7 +281,7 @@ msgstr "|N|usa l'algoritmo di compressione N"
#: g10/g10.c:219
msgid "throw keyid field of encrypted packets"
-msgstr ""
+msgstr "elimina il campo keyid dei pacchetti crittografati"
#: g10/g10.c:227
msgid ""
@@ -285,19 +289,19 @@ msgid ""
"Examples:\n"
"\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
-" -sat [file] make a clear text signature\n"
-" -sb [file] make a detached signature\n"
-" -k [userid] show keys\n"
-" -kc [userid] show fingerprint\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprint\n"
msgstr ""
"@\n"
"Esempi:\n"
"\n"
" -se -r Bob [file] firma e cifra per l'utente Bob\n"
-" -sat [file] fai una firma mantenendo il testo in chiaro\n"
-" -sb [file] fai una firma separata\n"
-" -k [userid] mostra le chiavi\n"
-" -kc [userid] mostra le impronte digitali\n"
+" --clearsign [file] fai una firma mantenendo il testo in chiaro\n"
+" --detach-sign [file] fai una firma separata\n"
+" --list-keys [names] mostra le chiavi\n"
+" --fingerprint [names] mostra le impronte digitali\n"
#: g10/g10.c:302
msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
@@ -333,7 +337,7 @@ msgstr ""
msgid ""
"\n"
"Supported algorithms:\n"
-msgstr ""
+msgstr "\nAlgoritmi gestiti:\n"
#: g10/g10.c:398
msgid "usage: gpgm [options] "
@@ -347,19 +351,16 @@ msgstr "uso: gpg [options] "
msgid "conflicting commands\n"
msgstr "comandi in conflitto\n"
-# , c-format
#: g10/g10.c:547
#, c-format
msgid "note: no default option file '%s'\n"
msgstr "nota: nessun file con opzioni predefinite '%s'\n"
-# , c-format
#: g10/g10.c:551
#, c-format
msgid "option file '%s': %s\n"
msgstr "file con opzioni predefinite '%s': %s\n"
-# , c-format
#: g10/g10.c:558
#, c-format
msgid "reading options from '%s'\n"
@@ -373,7 +374,6 @@ msgstr "l'algoritmo di cifratura selezionato non è valido\n"
msgid "selected digest algorithm is invalid\n"
msgstr "l'algoritmo di digest selezionato non è valido\n"
-# , c-format
#: g10/g10.c:746
#, c-format
msgid "compress algorithm must be in range %d..%d\n"
@@ -387,7 +387,6 @@ msgstr "completes-needed deve essere maggiore di 0\n"
msgid "marginals-needed must be greater than 1\n"
msgstr "marginals-needed deve essere maggiore di 1\n"
-# , c-format
#: g10/g10.c:833
#, c-format
msgid "failed to initialize the TrustDB: %s\n"
@@ -433,7 +432,6 @@ msgstr "--delete-secret-key nomeutente"
msgid "--delete-key username"
msgstr "--delete-key nomeutente"
-# , c-format
#: g10/encode.c:211 g10/g10.c:950 g10/keylist.c:79
#, c-format
msgid "can't open %s: %s\n"
@@ -443,19 +441,16 @@ msgstr "impossibile aprire '%s': %s\n"
msgid "-k[v][v][v][c] [userid] [keyring]"
msgstr "-k[v][v][v][c] [userid] [portachiavi]"
-# , c-format
#: g10/g10.c:1016
#, c-format
msgid "dearmoring failed: %s\n"
msgstr "rimozione dell'armatura fallita: %s\n"
-# , c-format
#: g10/g10.c:1024
#, c-format
msgid "enarmoring failed: %s\n"
msgstr "creazione dell'armatura fallita: %s\n"
-# , c-format
#: g10/g10.c:1085
#, c-format
msgid "invalid hash algorithm '%s'\n"
@@ -465,7 +460,6 @@ msgstr "algoritmo di hash non valido '%s'\n"
msgid "[filename]"
msgstr "[nomefile]"
-# , c-format
#: g10/decrypt.c:59 g10/g10.c:1157 g10/verify.c:66
#, c-format
msgid "can't open '%s'\n"
@@ -479,7 +473,6 @@ msgstr ""
"L'uso di chiavi RSA è deprecato; per favore in futuro considera di creare e\n"
"usare una nuova chiave.\n"
-# , c-format
#: g10/pkclist.c:71
#, c-format
msgid ""
@@ -513,7 +506,7 @@ msgstr ""
#: g10/pkclist.c:90
msgid " m = back to the main menu\n"
-msgstr ""
+msgstr " m = ritorna al menù principale\n"
# valid user replies (not including 1..4)
# [Marco, you can change 'm' and 's' to whatever letters you like]
@@ -666,31 +659,26 @@ msgstr "scrittura della autofirma\n"
msgid "Please select what kind of key you want:\n"
msgstr "Per favore scegli che tipo di chiave vuoi:\n"
-# , c-format
#: g10/keygen.c:385
#, c-format
msgid " (%d) DSA and ElGamal (default)\n"
msgstr " (%d) DSA e ElGamal (default)\n"
-# , c-format
#: g10/keygen.c:386
#, c-format
msgid " (%d) ElGamal (sign and encrypt)\n"
msgstr " (%d) ElGamal (firma e crittografa)\n"
-# , c-format
#: g10/keygen.c:387
#, c-format
msgid " (%d) ElGamal (encrypt only)\n"
msgstr " (%d) ElGamal (crittografa solo)\n"
-# , c-format
#: g10/keygen.c:388
#, c-format
msgid " (%d) DSA (sign only)\n"
msgstr " (%d) DSA (firma solo)\n"
-# , c-format
#: g10/keygen.c:389
#, c-format
msgid " (%d) ElGamal in a v3 packet\n"
@@ -708,7 +696,6 @@ msgstr "Cosa scegli? "
msgid "Invalid selection.\n"
msgstr "Scelta non valida.\n"
-# , c-format
#: g10/keygen.c:431
#, c-format
msgid ""
@@ -751,9 +738,8 @@ msgid "keygen.size.huge.okay"
msgstr ""
#: g10/keygen.c:451
-#, fuzzy
msgid "Are you sure that you want this keysize? "
-msgstr "Sei sicuro che vuoi una chiave di queste dimensioni? "
+msgstr "Sei sicuro di volere una chiave di queste dimensioni? "
#: g10/keygen.c:452
msgid ""
@@ -771,13 +757,11 @@ msgstr ""
msgid "Do you really need such a large keysize? "
msgstr "Ti serve davvero una chiave così lunga? "
-# , c-format
#: g10/keygen.c:466
#, c-format
msgid "Requested keysize is %u bits\n"
msgstr "Le dimensioni della chiave richieste sono %u bit\n"
-# , c-format
#: g10/keygen.c:469 g10/keygen.c:473
#, c-format
msgid "rounded up to %u bits\n"
@@ -814,7 +798,6 @@ msgstr "valore non valido\n"
msgid "Key does not expire at all\n"
msgstr "La chiave non scade\n"
-# , c-format
#. print the date when the key expires
#: g10/keygen.c:519
#, c-format
@@ -889,7 +872,6 @@ msgstr "Commento: "
msgid "Invalid character in comment\n"
msgstr "Carattere non valido nel commento\n"
-# , c-format
#: g10/keygen.c:626
#, c-format
msgid ""
@@ -910,7 +892,6 @@ msgid "keygen.userid.cmd"
msgstr ""
#: g10/keygen.c:639
-#, fuzzy
msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (O)kay/(Q)uit? "
@@ -964,13 +945,11 @@ msgstr "La coppia DSA avrà 1024 bit.\n"
msgid "Key generation cancelled.\n"
msgstr "Generazione della chiave annullata.\n"
-# , c-format
#: g10/keygen.c:812
#, c-format
msgid "writing public certificate to '%s'\n"
msgstr "scrittura del certificato pubblico in '%s'\n"
-# , c-format
#: g10/keygen.c:813
#, c-format
msgid "writing secret certificate to '%s'\n"
@@ -989,7 +968,6 @@ msgstr ""
"vorrai usare il comando \"--add-key\" per generare una chiave secondaria\n"
"per questo scopo.\n"
-# , c-format
#: g10/keygen.c:906 g10/keygen.c:990
#, c-format
msgid "Key generation failed: %s\n"
@@ -1003,7 +981,6 @@ msgstr ""
msgid "Really create? "
msgstr "Crea davvero? "
-# , c-format
#: g10/encode.c:87
#, c-format
msgid "%s: can't open: %s\n"
@@ -1019,7 +996,6 @@ msgstr "errore nella creazione della passhprase: %s\n"
msgid "%s: warning: empty file\n"
msgstr "%s: attenzione: file vuoto\n"
-# , c-format
#: g10/encode.c:217
#, c-format
msgid "reading from '%s'\n"
@@ -1030,7 +1006,6 @@ msgstr "lettura da '%s'\n"
msgid "%s encrypted for: %s\n"
msgstr "%s crittografato per: %s\n"
-# , c-format
#: g10/import.c:105 g10/trustdb.c:1342
#, c-format
msgid "can't open file: %s\n"
@@ -1058,7 +1033,7 @@ msgstr "chiave %08lX: nessun user id valido\n"
#: g10/import.c:283
msgid "this may be caused by a missing self-signature\n"
-msgstr ""
+msgstr "questo può essere causato da una autofirma mancante\n"
#: g10/import.c:291 g10/import.c:508
#, c-format
@@ -1069,19 +1044,16 @@ msgstr "chiave %08lX: chiave pubblica non trovata: %s\n"
msgid "no default public keyring\n"
msgstr "nessun portachiavi pubblico predefinito\n"
-# , c-format
#: g10/import.c:301
#, c-format
msgid "writing to '%s'\n"
msgstr "scrittura in '%s'\n"
-# , c-format
#: g10/import.c:305 g10/import.c:359 g10/import.c:562
#, c-format
msgid "can't lock public keyring: %s\n"
msgstr "impossibile bloccare il portachiavi pubblico: %s\n"
-# , c-format
#: g10/import.c:308
#, c-format
msgid "can't write to keyring: %s\n"
@@ -1112,7 +1084,6 @@ msgstr "chiave %08lX: impossibile leggere il keyblock originale: %s\n"
msgid "writing keyblock\n"
msgstr "scrittura del keyblock\n"
-# , c-format
#: g10/import.c:362 g10/import.c:565
#, c-format
msgid "can't write keyblock: %s\n"
@@ -1308,7 +1279,6 @@ msgstr ""
msgid "Really sign? "
msgstr "Firmo davvero? "
-# , c-format
#: g10/keyedit.c:295
#, c-format
msgid "signing failed: %s\n"
@@ -1322,7 +1292,6 @@ msgstr "Questa chiave non è protetta.\n"
msgid "Key is protected.\n"
msgstr "La chiave è protetta.\n"
-# , c-format
#: g10/keyedit.c:366
#, c-format
msgid "Can't edit this key: %s\n"
@@ -1510,7 +1479,7 @@ msgstr ""
#: g10/keyedit.c:465
msgid "change the ownertrust"
-msgstr ""
+msgstr "cambia il valore di fiducia"
#: g10/keyedit.c:483
msgid "can't do that in batchmode\n"
@@ -1550,13 +1519,11 @@ msgstr ""
msgid "Quit without saving? "
msgstr "Esco senza salvare? "
-# , c-format
#: g10/keyedit.c:580
#, c-format
msgid "update failed: %s\n"
msgstr "aggiornamento fallito: %s\n"
-# , c-format
#: g10/keyedit.c:587
#, c-format
msgid "update secret failed: %s\n"
@@ -1628,13 +1595,11 @@ msgstr "Nessun user id con l'indice %d\n"
msgid "No secondary key with index %d\n"
msgstr "Nessuna chiave secondaria con l'indice %d\n"
-# , c-format
#: g10/mainproc.c:198
#, c-format
msgid "public key decryption failed: %s\n"
msgstr "Decifratura della chiave pubblica fallita: %s\n"
-# , c-format
#: g10/mainproc.c:228
#, c-format
msgid "decryption failed: %s\n"
@@ -1659,20 +1624,19 @@ msgid "Can't check signature: %s\n"
msgstr "Impossibile controllare la firma: %s\n"
#: g10/passphrase.c:117
-#, fuzzy
msgid ""
"\n"
"You need a passphrase to unlock the secret key for\n"
"user: \""
msgstr ""
-"Ti serve una passphrase per proteggere la tua chiave segreta.\n"
"\n"
+"Ti serve una passphrase per sbloccare la chiave segreta\n"
+"dell'utente: \""
-# "(chiave %s di %u-bit, ID %08lX, creata il %s)\n"
#: g10/passphrase.c:126
#, c-format
msgid "(%u-bit %s key, ID %08lX, created %s)\n"
-msgstr "(%u-bit, chiave %s, ID %08lX, creata il %s)\n"
+msgstr "(chiave %2$s di %1$u-bit, ID %3$08lX, creata il %4$s)\n"
#: g10/passphrase.c:167
msgid "passphrase.enter"
@@ -1698,16 +1662,15 @@ msgstr ""
msgid "Please enter name of data file: "
msgstr "Inserisci il nome del file di dati: "
-# , c-format
#: g10/plaintext.c:295
#, c-format
msgid "can't open signed data '%s'\n"
msgstr "impossibile aprire i dati firmati '%s'\n"
#: g10/seckey-cert.c:56
-#, fuzzy, c-format
+#, c-format
msgid "protection algorithm %d is not supported\n"
-msgstr "nota: algoritmo di cifratura %d non trovato nelle impostazioni\n"
+msgstr "l'algoritmo di protezione %d non è gestito\n"
#: g10/seckey-cert.c:169
msgid "Invalid passphrase; please try again ...\n"
@@ -1716,6 +1679,8 @@ msgstr "Passphrase non valida; riprova...\n"
#: g10/seckey-cert.c:215
msgid "Warning: Weak key detected - please change passphrase again.\n"
msgstr ""
+"Attenzione: individuata una chiave debole - per favore cambia ancora la\n"
+"passphrase.\n"
#: g10/sig-check.c:165
msgid "public key created in future (time warp or clock problem)\n"
@@ -1728,43 +1693,41 @@ msgstr ""
msgid "warning: signature key expired %s\n"
msgstr "attenzione: firma della chiave scaduta il %s\n"
-# , c-format
#: g10/trustdb.c:316
#, c-format
msgid "error reading sigrec: %s\n"
-msgstr ""
+msgstr "errore leggendo la sigrec: %s\n"
#: g10/trustdb.c:321
#, c-format
msgid "chained sigrec %lu has a wrong owner\n"
-msgstr ""
+msgstr "la chained sigrec %lu ha il proprietario sbagliato\n"
#: g10/trustdb.c:364
#, c-format
msgid "key %08lX: secret key without public key\n"
-msgstr "key %08lX: chiave segreta senza chiave pubblica\n"
+msgstr "chiave %08lX: chiave segreta senza chiave pubblica\n"
#: g10/trustdb.c:369
#, c-format
msgid "key %08lX: secret and public key don't match\n"
-msgstr "key %08lX: le chiavi segreta e pubblica non corrispondono\n"
+msgstr "chiave %08lX: le chiavi segreta e pubblica non corrispondono\n"
#: g10/trustdb.c:380
#, c-format
msgid "key %08lX: can't put it into the trustdb\n"
-msgstr "key %08lX: impossibile metterla nel trustdb\n"
+msgstr "chiave %08lX: impossibile metterla nel trustdb\n"
#: g10/trustdb.c:386
#, c-format
msgid "key %08lX: query record failed\n"
-msgstr "key %08lX: richiesta del record fallita\n"
+msgstr "chiave %08lX: richiesta del record fallita\n"
#: g10/trustdb.c:395
#, c-format
msgid "key %08lX: already in ultikey_table\n"
-msgstr "key %08lX: già in ultikey_table\n"
+msgstr "chiave %08lX: già in ultikey_table\n"
-# , c-format
#: g10/trustdb.c:402
#, c-format
msgid "enum_secret_keys failed: %s\n"
@@ -1773,30 +1736,29 @@ msgstr "enum_secret_keys fallito: %s\n"
#: g10/trustdb.c:1614
#, c-format
msgid "key %08lX: insert trust record failed: %s\n"
-msgstr "key %08lX: inserimento del record della fiducia fallito: %s\n"
+msgstr "chiave %08lX: inserimento del record della fiducia fallito: %s\n"
#: g10/trustdb.c:1618
#, c-format
msgid "key %08lX.%lu: inserted into trustdb\n"
-msgstr "key %08lX.%lu: inserita nel trustdb\n"
+msgstr "chiave %08lX.%lu: inserita nel trustdb\n"
#: g10/trustdb.c:1629
#, c-format
msgid "key %08lX.%lu: created in future (time warp or clock problem)\n"
msgstr ""
-"key %08lX.%lu: creata nel futuro (salto nel tempo o problema\n"
+"chiave %08lX.%lu: creata nel futuro (salto nel tempo o problema\n"
"con l'orologio)\n"
-# , c-format
#: g10/trustdb.c:1637
#, c-format
msgid "key %08lX.%lu: expired at %s\n"
-msgstr "key %08lX.%lu: scaduta il %s\n"
+msgstr "chiave %08lX.%lu: scaduta il %s\n"
#: g10/trustdb.c:1646
#, c-format
msgid "key %08lX.%lu: trust check failed: %s\n"
-msgstr "key %08lX.%lu: controllo della fiducia fallito: %s\n"
+msgstr "chiave %08lX.%lu: controllo della fiducia fallito: %s\n"
#: g10/status.c:233
msgid "No help available"
@@ -1810,11 +1772,11 @@ msgstr "Nessun aiuto disponibile per '%s'"
#: g10/pubkey-enc.c:78
#, c-format
msgid "anonymous receiver; trying secret key %08lX ...\n"
-msgstr ""
+msgstr "ricevente anonimo; provo la chiave segreta %08lX ...\n"
#: g10/pubkey-enc.c:84
msgid "okay, we are the anonymous receiver.\n"
-msgstr ""
+msgstr "Bene, siamo il ricevente anonimo.\n"
#: g10/pubkey-enc.c:183
#, c-format
@@ -1825,7 +1787,7 @@ msgstr "nota: algoritmo di cifratura %d non trovato nelle impostazioni\n"
#: g10/openfile.c:58
#, c-format
msgid "File '%s' exists. "
-msgstr ""
+msgstr "Il file '%s' esiste. "
#: g10/openfile.c:59
msgid "openfile.overwrite.okay"
@@ -1833,36 +1795,22 @@ msgstr ""
#: g10/openfile.c:60
msgid "Overwrite (y/N)? "
-msgstr ""
+msgstr "Sovrascrivo (y/N)? "
#: g10/encr-data.c:74
msgid ""
"Warning: Message was encrypted with a weak key in the symmetric cipher.\n"
msgstr ""
+"Attenzione: il messaggio era stato crittografato usando una chiave debole\n"
+"per il cifrario simmetrico\n"
#: g10/seskey.c:52
msgid "weak key created - retrying\n"
-msgstr ""
+msgstr "creata una chiave debole - riprovo\n"
#: g10/seskey.c:57
#, c-format
msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
msgstr ""
-
-#~ msgid "do not make any changes"
-#~ msgstr "non fare cambiamenti"
-
-#~ msgid "there is a secret key for this public key!\n"
-#~ msgstr "c'è una chiave segreta per questa chiave pubblica!\n"
-
-#~ msgid "use option \"--delete-secret-key\" to delete it first.\n"
-#~ msgstr "prima usa l'opzione \"--delete-secret-key\" per cancellarla.\n"
-
-#~ msgid "can't do that in batchmode without \"--yes\"\n"
-#~ msgstr "impossibile fare questo in batch mode senza \"--yes\"\n"
-
-#~ msgid "Delete this key from the keyring? "
-#~ msgstr "Cancello questa chiave dal portachiavi? "
-
-#~ msgid "This is a secret key! - really delete? "
-#~ msgstr "Questa è una chiave segreta! - la cancello davvero? "
+"Impossibile evitare una chiave debole per il cifrario simmetrico;\n"
+"ho provato %d volte!\n"
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 249ce85d9..e3c8975d3 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
-INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
+INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
needed_libs = ../cipher/libcipher.a ../util/libutil.a \
../mpi/libmpi.a ../util/libutil.a
@@ -20,5 +20,5 @@ bftest_LDADD = @INTLLIBS@ $(needed_libs)
shmtest_LDADD = @INTLLIBS@ $(needed_libs)
-mpicalc bftest: $(needed_libs)
+mpicalc bftest shmtest: $(needed_libs)
diff --git a/util/ChangeLog b/util/ChangeLog
index 668c40fe5..4eb7b9697 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,7 @@
+Mon Sep 21 19:45:01 1998 Werner Koch (wk@(none))
+
+ * secmem.c: New flags to allow suspend/resume of warnings.
+
Fri Sep 18 16:25:47 1998 Werner Koch (wk@(none))
* secmem.c (lock_pool): Kludge for broken mlock on HPUX 10.20
diff --git a/util/secmem.c b/util/secmem.c
index e75a13512..1f1616a18 100644
--- a/util/secmem.c
+++ b/util/secmem.c
@@ -67,6 +67,16 @@ static unsigned cur_blocks;
static int disable_secmem;
static int show_warning;
static int no_warning;
+static int suspend_warning;
+
+
+static void
+print_warn()
+{
+ if( !no_warning )
+ log_info(_("Warning: using insecure memory!\n"));
+}
+
static void
lock_pool( void *p, size_t n )
@@ -78,8 +88,10 @@ lock_pool( void *p, size_t n )
uid = getuid();
#ifdef HAVE_BROKEN_MLOCK
- if( uid )
- err = EPERM;
+ if( uid ) {
+ errno = EPERM;
+ err = errno;
+ }
else {
err = mlock( p, n );
if( err && errno )
@@ -179,13 +191,26 @@ compress_pool(void)
void
secmem_set_flags( unsigned flags )
{
+ int was_susp = suspend_warning;
+
no_warning = flags & 1;
+ suspend_warning = flags & 2;
+
+ /* and now issue the warning if it is not longer suspended */
+ if( was_susp && !suspend_warning && show_warning ) {
+ show_warning = 0;
+ print_warn();
+ }
}
unsigned
secmem_get_flags(void)
{
- return no_warning ? 1:0;
+ unsigned flags;
+
+ flags = no_warning ? 1:0;
+ flags |= suspend_warning ? 2:0;
+ return flags;
}
void
@@ -220,10 +245,9 @@ secmem_malloc( size_t size )
if( !pool_okay )
log_bug("secmem not initialized\n");
- if( show_warning ) {
+ if( show_warning && !suspend_warning ) {
show_warning = 0;
- if( !no_warning )
- log_info(_("Warning: using insecure memory!\n"));
+ print_warn();
}
/* blocks are always a multiple of 32 */
diff --git a/zlib/Makefile b/zlib/Makefile
index 4eb3f3b59..7b77552a3 100644
--- a/zlib/Makefile
+++ b/zlib/Makefile
@@ -66,33 +66,33 @@ host_alias = i586-pc-linux-gnu
host_triplet = i586-pc-linux-gnu
target_alias = i586-pc-linux-gnu
target_triplet = i586-pc-linux-gnu
-CATALOGS = en.gmo de.gmo it.gmo fr.gmo
-CATOBJEXT = .gmo
+CATALOGS =
+CATOBJEXT =
CC = gcc
CPP = gcc -E
DATADIRNAME = share
DYNLINK_LDFLAGS = -rdynamic
-G10_LOCALEDIR = /usr/local/share/locale
+G10_LOCALEDIR = /usr/local//locale
GENCAT =
GMOFILES = en.gmo de.gmo it.gmo fr.gmo
-GMSGFMT = /usr/local/bin/msgfmt
+GMSGFMT =
GT_NO =
GT_YES = #YES#
INCLUDE_LOCALE_H = #include <locale.h>
-INSTOBJEXT = .mo
-INTLDEPS = $(top_builddir)/intl/libintl.a
-INTLLIBS = $(top_builddir)/intl/libintl.a
-INTLOBJS = $(GETTOBJS)
+INSTOBJEXT =
+INTLDEPS =
+INTLLIBS =
+INTLOBJS =
MKINSTALLDIRS = scripts/mkinstalldirs
MPI_EXTRA_ASM_OBJS =
-MSGFMT = /usr/local/bin/msgfmt
+MSGFMT =
PACKAGE = gnupg
POFILES = en.po de.po it.po fr.po
-POSUB = po
+POSUB =
RANLIB = ranlib
-USE_INCLUDED_LIBINTL = yes
-USE_NLS = yes
-VERSION = 0.4.0
+USE_INCLUDED_LIBINTL = no
+USE_NLS = no
+VERSION = 0.4.0a
ZLIBS =
l =
@@ -122,7 +122,7 @@ LIBRARIES = $(noinst_LIBRARIES)
DEFS = -DHAVE_CONFIG_H -I. -I$(srcdir) -I..
CPPFLAGS =
LDFLAGS =
-LIBS = -ldl -lz
+LIBS = -ldl -lz
libzlib_a_LIBADD =
libzlib_a_OBJECTS = adler32.o compress.o crc32.o gzio.o uncompr.o \
deflate.o trees.o zutil.o inflate.o infblock.o inftrees.o infcodes.o \
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 22:01:31 +0100