diff options
| -rw-r--r-- | NEWS | 11 | ||||
| -rw-r--r-- | TODO | 4 | ||||
| -rw-r--r-- | configure.in | 4 | ||||
| -rw-r--r-- | doc/HACKING | 6 | ||||
| -rw-r--r-- | doc/gpg.1pod | 7 | ||||
| -rw-r--r-- | g10/ChangeLog | 6 | ||||
| -rw-r--r-- | g10/export.c | 1 | ||||
| -rw-r--r-- | g10/keyedit.c | 78 | ||||
| -rw-r--r-- | g10/keylist.c | 5 | ||||
| -rw-r--r-- | g10/mainproc.c | 2 | ||||
| -rw-r--r-- | g10/sign.c | 5 | ||||
| -rw-r--r-- | util/ChangeLog | 4 | ||||
| -rw-r--r-- | util/miscutil.c | 25 |
13 files changed, 133 insertions, 25 deletions
@@ -1,15 +1,14 @@ - * Full Twofish support. It is now statically linked by default. - The experimental 128 bit version is now disabled. - ----> Hmmm, there is an internal conflict in the RFC - ----> For now it is disabled + * Twofish is now statically linked by default. The experimental 128 bit + version is now disabled. Full support will be available as soon as + the OpenPGP WG has decided on an interpretation of rfc2440. * Dropped support for the ancient Blowfish160 which is not OpenPGP. * Merged gpgm and gpg into one binary. - * Add revsig command to the edit menu. It is now possible to - revoke signature. + * Add "revsig" and "revkey" commands to the edit menu. It is now + possible to revoke signature and subkeys. Noteworthy changes in version 0.9.5 @@ -2,9 +2,9 @@ * add some status output put for signing and encryption. replace the putc in primegen with some kind of status-fd outputs. - * Fix revocation and expire stuff. + * Fix revocation and expire stuff. Subkey revocations are not detected. - * Check calculation of key validity. + * Speed up calculation of key validity. * See why we always get this "Hmmm, public key not anymore available" diff --git a/configure.in b/configure.in index a792ec00c..2f2c49347 100644 --- a/configure.in +++ b/configure.in @@ -268,7 +268,7 @@ AC_SUBST(DYNLINK_MOD_CFLAGS) dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS(unistd.h) +AC_CHECK_HEADERS(unistd.h langinfo.h) dnl Checks for typedefs, structures, and compiler characteristics. @@ -303,7 +303,7 @@ dnl Checks for library functions. AC_FUNC_VPRINTF AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mmap) AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit) -AC_CHECK_FUNCS(memicmp atexit raise getpagesize strftime) +AC_CHECK_FUNCS(memicmp atexit raise getpagesize strftime nl_langinfo) GNUPG_CHECK_MLOCK diff --git a/doc/HACKING b/doc/HACKING index 24119a827..8b285cfcd 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -23,11 +23,11 @@ don't complain. CVS may put a high load on a server, so please don't poll poll for new updates but wait for an announcement; to receive this you may want to subscribe to: - gnupg-commit-watchers@isil.d.shuttle.de + gnupg-commit-watchers@gnupg.org -by sending a mail with "subscribe" in the body to +by sending a mail with subject "subscribe" to - gnupg-commit-watchers-request@isil.d.shuttle.de + gnupg-commit-watchers-request@gnupg.org Please run scripts/autogen.sh to create some required files. diff --git a/doc/gpg.1pod b/doc/gpg.1pod index 95f5c301f..9ec4d2ef4 100644 --- a/doc/gpg.1pod +++ b/doc/gpg.1pod @@ -120,6 +120,11 @@ B<--edit-key> I<name> non-exportbale and will therefore never be used by others. This may be used to make keys valid only in the local environment. + B<revsig> + Revoke a signature. GnuPG asks for every + every signature which has been done by one of + teh secret keys, whether a revocation + certificate should be generated. B<trust> Change the owner trust value. This updates the trust-db immediately and no save is required. @@ -131,6 +136,8 @@ B<--edit-key> I<name> Add a subkey to this key. B<delkey> Remove a subkey. + B<revkey> + Revoke a subkey. B<expire> Change the key expiration time. If a key is selected, the time of this key will be changed. diff --git a/g10/ChangeLog b/g10/ChangeLog index 739677029..ea8895aa2 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +Wed Apr 28 13:03:03 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> + + * keyedit.c (keyedit_menu): Add new command revkey. + * (menu_revkey): New. + + Mon Apr 26 17:48:15 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> * parse-packet.c (parse_signature): Add the MDC hack. diff --git a/g10/export.c b/g10/export.c index 3cd297f70..911a71599 100644 --- a/g10/export.c +++ b/g10/export.c @@ -204,4 +204,3 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any ) return rc; } - diff --git a/g10/keyedit.c b/g10/keyedit.c index 1ba92a2cd..b2fb13d28 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -57,6 +57,7 @@ static int count_keys_with_flag( KBNODE keyblock, unsigned flag ); static int count_selected_uids( KBNODE keyblock ); static int count_selected_keys( KBNODE keyblock ); static int menu_revsig( KBNODE keyblock ); +static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock ); #define CONTROL_D ('D' - 'A' + 1) @@ -523,7 +524,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands ) { enum cmdids { cmdNONE = 0, cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN, - cmdLSIGN, cmdREVSIG, + cmdLSIGN, cmdREVSIG, cmdREVKEY, cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE, cmdNOP }; @@ -560,6 +561,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands ) { N_("passwd") , cmdPASSWD , 1, N_("change the passphrase") }, { N_("trust") , cmdTRUST , 0, N_("change the ownertrust") }, { N_("revsig") , cmdREVSIG , 0, N_("revoke signatures") }, + { N_("revkey") , cmdREVKEY , 1, N_("revoke a secondary key") }, { NULL, cmdNONE } }; enum cmdids cmd; @@ -830,6 +832,28 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands ) } break; + case cmdREVKEY: { + int n1; + + if( !(n1=count_selected_keys( keyblock )) ) + tty_printf(_("You must select at least one key.\n")); + else if( sec_keyblock && !cpr_get_answer_is_yes( + "keyedit.revoke.subkey.okay", + n1 > 1? + _("Do you really want to revoke the selected keys? "): + _("Do you really want to revoke this key? ") + )) + ; + else { + if( menu_revkey( keyblock, sec_keyblock ) ) { + modified = 1; + /*sec_modified = 1;*/ + } + redisplay = 1; + } + } + break; + case cmdEXPIRE: if( menu_expire( keyblock, sec_keyblock ) ) { merge_keys_and_selfsig( sec_keyblock ); @@ -1663,4 +1687,56 @@ menu_revsig( KBNODE keyblock ) return changed; } +/**************** + * Revoke some of the secondary keys. + * Hmmm: Should we add a revocation to the secret keyring too? + * Does its all make sense to duplicate most of the information? + */ +static int +menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock ) +{ + PKT_public_key *mainpk; + KBNODE node; + int changed = 0; + int upd_trust = 0; + int rc; + + reloop: /* (better this way becuase we are modifing the keyring) */ + mainpk = pub_keyblock->pkt->pkt.public_key; + for( node = pub_keyblock; node; node = node->next ) { + if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY + && (node->flag & NODFLG_SELKEY) ) { + PACKET *pkt; + PKT_signature *sig; + PKT_secret_key *sk; + PKT_public_key *subpk = node->pkt->pkt.public_key; + + node->flag &= ~NODFLG_SELKEY; + sk = copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key ); + rc = make_keysig_packet( &sig, mainpk, NULL, subpk, sk, 0x28, 0, + NULL, NULL ); + free_secret_key(sk); + if( rc ) { + log_error(_("signing failed: %s\n"), g10_errstr(rc)); + return changed; + } + changed = 1; /* we changed the keyblock */ + upd_trust = 1; + + pkt = m_alloc_clear( sizeof *pkt ); + pkt->pkttype = PKT_SIGNATURE; + pkt->pkt.signature = sig; + insert_kbnode( node, new_kbnode(pkt), PKT_SIGNATURE ); + goto reloop; + } + } + commit_kbnode( &pub_keyblock ); + /*commit_kbnode( &sec_keyblock );*/ + + if( upd_trust ) + clear_trust_checked_flag( mainpk ); + + return changed; +} + diff --git a/g10/keylist.c b/g10/keylist.c index a2f9e7b5b..cfd6772c0 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -329,6 +329,8 @@ list_keyblock( KBNODE keyblock, int secret ) puts("[revoked]"); else if( sig->sig_class == 0x18 ) puts("[key binding]"); + else if( sig->sig_class == 0x28 ) + puts("[subkey revoked]"); else putchar('\n'); if( opt.fingerprint ) @@ -336,7 +338,8 @@ list_keyblock( KBNODE keyblock, int secret ) any=1; } - if( sig->sig_class == 0x20 || sig->sig_class == 0x30 ) + if( sig->sig_class == 0x20 || sig->sig_class == 0x28 + || sig->sig_class == 0x30 ) fputs("rev", stdout); else if( (sig->sig_class&~3) == 0x10 ) fputs("sig", stdout); diff --git a/g10/mainproc.c b/g10/mainproc.c index 528f520ac..024674e4a 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -307,7 +307,7 @@ proc_plaintext( CTX c, PACKET *pkt ) md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); } - #if 0 + #if 1 #warning md_start_debug is enabled md_start_debug( c->mfx.md, "verify" ); #endif diff --git a/g10/sign.c b/g10/sign.c index 8cf5be7f5..8acf1b239 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -656,7 +656,8 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, MD_HANDLE md; assert( (sigclass >= 0x10 && sigclass <= 0x13) - || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x30 ); + || sigclass == 0x20 || sigclass == 0x18 + || sigclass == 0x30 || sigclass == 0x28 ); if( !digest_algo ) { switch( sk->pubkey_algo ) { case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break; @@ -669,7 +670,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, /* hash the public key certificate and the user id */ hash_public_key( md, pk ); - if( sigclass == 0x18 ) { /* subkey binding */ + if( sigclass == 0x18 || sigclass == 0x28 ) { /* subkey binding/revocation*/ hash_public_key( md, subpk ); } else if( sigclass != 0x20 ) { diff --git a/util/ChangeLog b/util/ChangeLog index 6dac03492..33b500b02 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,7 @@ +Wed Apr 28 13:03:03 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> + + * miscutil.c (asctimestamp): Use nl_langinfo (Gaël Quéri). + Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> * argparse.c (store_alias): Disabled becuase it is not used. diff --git a/util/miscutil.c b/util/miscutil.c index 5e1844893..a1d480fa4 100644 --- a/util/miscutil.c +++ b/util/miscutil.c @@ -1,5 +1,5 @@ /* miscutil.c - miscellaneous utilities - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -23,6 +23,9 @@ #include <string.h> #include <time.h> #include <ctype.h> +#ifdef HAVE_LANGINFO_H + #include <langinfo.h> +#endif #include "types.h" #include "util.h" #include "i18n.h" @@ -91,16 +94,26 @@ const char * asctimestamp( u32 stamp ) { static char buffer[50]; + #if defined (HAVE_STRFTIME) && defined (HAVE_NL_LANGINFO) + static char fmt[50]; + #endif struct tm *tp; time_t atime = stamp; tp = localtime( &atime ); #ifdef HAVE_STRFTIME - /* fixme: we should check whether the locale apppends a " %Z" - * These locales from glibc don't put the " %Z": - * fi_FI hr_HR ja_JP lt_LT lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN - */ - strftime( buffer, DIM(buffer)-1, "%c %Z", tp ); + #if defined(HAVE_NL_LANGINFO) + mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt) ); + if( strstr( fmt, "%Z" ) == NULL ) + strcat( fmt, " %Z"); + strftime( buffer, DIM(buffer)-1, fmt, tp ); + #else + /* fixme: we should check whether the locale appends a " %Z" + * These locales from glibc don't put the " %Z": + * fi_FI hr_HR ja_JP lt_LT lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN + */ + strftime( buffer, DIM(buffer)-1, "%c %Z", tp ); + #endif buffer[DIM(buffer)-1] = 0; #else mem2str( buffer, asctime(tp), DIM(buffer) ); |