diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 38 | ||||
| -rw-r--r-- | g10/Makefile.am | 2 | ||||
| -rw-r--r-- | g10/armor.c | 25 | ||||
| -rw-r--r-- | g10/build-packet.c | 2 | ||||
| -rw-r--r-- | g10/cipher.c | 7 | ||||
| -rw-r--r-- | g10/encode.c | 20 | ||||
| -rw-r--r-- | g10/filter.h | 3 | ||||
| -rw-r--r-- | g10/g10.c | 88 | ||||
| -rw-r--r-- | g10/getkey.c | 46 | ||||
| -rw-r--r-- | g10/gpgd.c | 12 | ||||
| -rw-r--r-- | g10/import.c | 2 | ||||
| -rw-r--r-- | g10/keyedit.c | 51 | ||||
| -rw-r--r-- | g10/main.h | 1 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/packet.h | 2 | ||||
| -rw-r--r-- | g10/parse-packet.c | 30 | ||||
| -rw-r--r-- | g10/pkclist.c | 12 | ||||
| -rw-r--r-- | g10/pref.c | 81 | ||||
| -rw-r--r-- | g10/pref.h | 42 | ||||
| -rw-r--r-- | g10/ringedit.c | 13 | ||||
| -rw-r--r-- | g10/sign.c | 45 | ||||
| -rw-r--r-- | g10/skclist.c | 6 | ||||
| -rw-r--r-- | g10/trustdb.c | 83 | ||||
| -rw-r--r-- | g10/trustdb.h | 3 |
24 files changed, 401 insertions, 215 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 7094ed601..664d378bb 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,41 @@ +Mon Jul 6 09:03:49 1998 Werner Koch (wk@isil.d.shuttle.de) + + * getkey.c (add_keyring): Keyrings are now added to end of the + list of keyrings. The first added keyringwill be created. + (add_secret_keyring): Likewise. + + * ringedit.c (add_keyblock_resource): Files are created here. + + * g10.c (aNOP): Removed + + * getkey.c (lookup): Add checking of usage for name lookups + * packet.h (pubkey_usage): Add a field which may be used to store + usage capabilities. + * pkclist.c (build_pk_list): getkey now called with usage arg. + * skclist.c (build_sk_list): Ditto. + + * sign.c (clearsign_file): Fixed "Hash:" headers + +Sat Jul 4 13:33:31 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (list_ownertrust): New. + * g10.c (aListOwnerTrust): New. + + * g10.c (def_pubkey_algo): Removed. + + * trustdb.c (verify_private_data): Removed and also the call to it. + (sign_private_data): Removed. + +Fri Jul 3 13:26:10 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (aEditKey): was aEditSig. Changed usage msg. + + * keyedit.c: Done some i18n stuff. + + * g10.c (do_not_use_RSA): New. + * sign.c (do_sign): Add call to above function. + * encode.c (write_pubkey_enc_from_list): Ditto. + Thu Jul 2 21:01:25 1998 Werner Koch (wk@isil.d.shuttle.de) * parse-packet.c: Now is able sto store data of unknown diff --git a/g10/Makefile.am b/g10/Makefile.am index 579ec6075..c64055423 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -32,6 +32,8 @@ common_source = \ keyid.c \ trustdb.c \ trustdb.h \ + pref.h \ + pref.c \ packet.h \ parse-packet.c \ passphrase.c \ diff --git a/g10/armor.c b/g10/armor.c index 7fe2f8172..1dd028afc 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -325,7 +325,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen, if( n < buflen || c == '\n' ) { if( n && buf[0] != '\r') { /* maybe a header */ if( strchr( buf, ':') ) { /* yes */ - int hashes; + int hashes=0; if( buf[n-1] == '\r' ) buf[--n] = 0; if( opt.verbose ) { @@ -822,13 +822,19 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn, else if( (c=iobuf_get(a)) == -1 ) break; } while( ++idx < 4 ); - if( c == -1 ) + if( c == -1 ) { log_error("premature eof (in CRC)\n"); - else if( idx != 4 ) + rc = G10ERR_INVALID_ARMOR; + } + else if( idx != 4 ) { log_error("malformed CRC\n"); - else if( mycrc != afx->crc ) + rc = G10ERR_INVALID_ARMOR; + } + else if( mycrc != afx->crc ) { log_error("CRC error; %06lx - %06lx\n", (ulong)afx->crc, (ulong)mycrc); + rc = G10ERR_INVALID_ARMOR; + } else { rc = 0; #if 0 @@ -843,10 +849,14 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn, } if( rc == -1 ) rc = 0; - else if( rc == 2 ) + else if( rc == 2 ) { log_error("premature eof (in Trailer)\n"); - else + rc = G10ERR_INVALID_ARMOR; + } + else { log_error("error in trailer line\n"); + rc = G10ERR_INVALID_ARMOR; + } #endif } } @@ -988,7 +998,8 @@ armor_filter( void *opaque, int control, iobuf_writestr(a, "-----\n"); iobuf_writestr(a, "Version: GNUPG v" VERSION " (" PRINTABLE_OS_NAME ")\n"); - iobuf_writestr(a, "Comment: This is an alpha version!\n"); + iobuf_writestr(a, + "Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/\n"); if( afx->hdrlines ) iobuf_writestr(a, afx->hdrlines); iobuf_put(a, '\n'); diff --git a/g10/build-packet.c b/g10/build-packet.c index b8acc577e..ae5e08f15 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -281,7 +281,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) iobuf_put(a, sk->pubkey_algo ); nskey = pubkey_get_nskey( sk->pubkey_algo ); npkey = pubkey_get_npkey( sk->pubkey_algo ); - if( npkey ) { + if( !npkey ) { write_fake_data( a, sk->skey[0] ); goto leave; } diff --git a/g10/cipher.c b/g10/cipher.c index b975d26f1..0891d52fb 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -46,6 +46,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; + ed.new_ctb = !ed.len && !opt.rfc1991; init_packet( &pkt ); pkt.pkttype = PKT_ENCRYPTED; pkt.pkt.encrypted = &ed; @@ -88,13 +89,7 @@ cipher_filter( void *opaque, int control, rc = G10ERR_WRITE_FILE; } else if( control == IOBUFCTRL_FREE ) { - #if 0 - if( cfx->new_partial && cfx->cfx->la_buffer ) { - - } - #endif cipher_close(cfx->cipher_hd); - m_free(cfx->la_buffer); cfx->la_buffer = NULL; } else if( control == IOBUFCTRL_DESC ) { *(char**)buf = "cipher_filter"; diff --git a/g10/encode.c b/g10/encode.c index 2cc2f10c3..969e9afee 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -34,6 +34,7 @@ #include "util.h" #include "main.h" #include "filter.h" +#include "i18n.h" static int encode_simple( const char *filename, int mode ); @@ -81,7 +82,7 @@ encode_simple( const char *filename, int mode ) /* prepare iobufs */ if( !(inp = iobuf_open(filename)) ) { - log_error("can't open %s: %s\n", filename? filename: "[stdin]", + log_error(_("%s: can't open: %s\n"), filename? filename: "[stdin]", strerror(errno) ); return G10ERR_OPEN_FILE; } @@ -98,7 +99,7 @@ encode_simple( const char *filename, int mode ) m_free(cfx.dek); m_free(s2k); iobuf_close(inp); - log_error("error creating passphrase: %s\n", g10_errstr(rc) ); + log_error(_("error creating passphrase: %s\n"), g10_errstr(rc) ); return rc; } } @@ -134,7 +135,7 @@ encode_simple( const char *filename, int mode ) pt->namelen = strlen(filename); memcpy(pt->name, filename, pt->namelen ); if( !(filesize = iobuf_get_filelength(inp)) ) - log_info("warning: '%s' is an empty file\n", filename ); + log_info(_("%s: warning: empty file\n"), filename ); } else { /* no filename */ pt = m_alloc( sizeof *pt - 1 ); @@ -191,18 +192,18 @@ encode_crypt( const char *filename, STRLIST remusr ) memset( &afx, 0, sizeof afx); memset( &zfx, 0, sizeof zfx); - if( (rc=build_pk_list( remusr, &pk_list, 2)) ) + if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) ) return rc; /* prepare iobufs */ if( !(inp = iobuf_open(filename)) ) { - log_error("can't open %s: %s\n", filename? filename: "[stdin]", + log_error(_("can't open %s: %s\n"), filename? filename: "[stdin]", strerror(errno) ); rc = G10ERR_OPEN_FILE; goto leave; } else if( opt.verbose ) - log_info("reading from '%s'\n", filename? filename: "[stdin]"); + log_info(_("reading from '%s'\n"), filename? filename: "[stdin]"); if( !(out = open_outfile( filename, opt.armor? 1:0 )) ) { rc = G10ERR_CREATE_FILE; /* or user said: do not overwrite */ @@ -232,7 +233,7 @@ encode_crypt( const char *filename, STRLIST remusr ) pt->namelen = strlen(filename); memcpy(pt->name, filename, pt->namelen ); if( !(filesize = iobuf_get_filelength(inp)) ) - log_info("warning: '%s' is an empty file\n", filename ); + log_info(_("%s: warning: empty file\n"), filename ); } else { /* no filename */ pt = m_alloc( sizeof *pt - 1 ); @@ -242,6 +243,7 @@ encode_crypt( const char *filename, STRLIST remusr ) pt->timestamp = make_timestamp(); pt->mode = 'b'; pt->len = filesize; + pt->new_ctb = !pt->len && !opt.rfc1991; pt->buf = inp; init_packet(&pkt); pkt.pkttype = PKT_PLAINTEXT; @@ -332,6 +334,8 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ) MPI frame; pk = pk_list->pk; + if( is_RSA(pk->pubkey_algo) ) + do_not_use_RSA(); enc = m_alloc_clear( sizeof *enc ); enc->pubkey_algo = pk->pubkey_algo; keyid_from_pk( pk, enc->keyid ); @@ -344,7 +348,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ) else { if( opt.verbose ) { char *ustr = get_user_id_string( enc->keyid ); - log_info("%s encrypted for: %s\n", + log_info(_("%s encrypted for: %s\n"), pubkey_algo_to_string(enc->pubkey_algo), ustr ); m_free(ustr); } diff --git a/g10/filter.h b/g10/filter.h index 108e64c0e..2dc8a3e87 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -61,9 +61,6 @@ typedef struct { typedef struct { DEK *dek; u32 datalen; - int new_partial; /* use Openpgp partial packets header */ - char *la_buffer; /* help buffer for OP partial stuff */ - size_t la_buflen; /* and its used length */ CIPHER_HANDLE cipher_hd; int header; } cipher_filter_context_t; @@ -79,6 +79,7 @@ static ARGPARSE_OPTS opts[] = { { 530, "import", 0 , N_("import/merge keys")}, { 521, "list-packets",0,N_("list only the sequence of packets")}, #ifdef IS_G10MAINT + { 564, "list-ownertrust", 0, "list the ownertrust values"}, { 546, "dearmor", 0, N_("De-Armor a file or stdin") }, { 547, "enarmor", 0, N_("En-Armor a file or stdin") }, { 555, "print-md" , 0, N_("|algo [files]|print message digests")}, @@ -116,12 +117,10 @@ static ARGPARSE_OPTS opts[] = { { 561, "rfc1991", 0, N_("emulate the mode described in RFC1991")}, #ifdef IS_G10 { 527, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")}, - { 528, "pubkey-algo", 2 , N_("|NAME|use public key algorithm NAME")}, { 529, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")}, { 556, "compress-algo", 1 , N_("|N|use compress algorithm N")}, #else /* some dummies */ { 527, "cipher-algo", 2 , "@"}, - { 528, "pubkey-algo", 2 , "@"}, { 529, "digest-algo", 2 , "@"}, { 556, "compress-algo", 1 , "@"}, #endif @@ -138,6 +137,7 @@ static ARGPARSE_OPTS opts[] = { /* hidden options */ #ifdef IS_G10MAINT { 514, "test" , 0, "@" }, + { 564, "list-ownertrust",0 , "@"}, { 531, "list-trustdb",0 , "@"}, { 533, "list-trust-path",0, "@"}, #endif @@ -154,7 +154,6 @@ static ARGPARSE_OPTS opts[] = { { 519, "no-armor", 0, "@"}, { 520, "no-default-keyring", 0, "@" }, { 522, "no-greeting", 0, "@" }, - { 541, "no-operation", 0, "@" }, /* used by regression tests */ { 543, "no-options", 0, "@" }, /* shortcut for --options /dev/null */ { 544, "homedir", 2, "@" }, /* defaults to "~/.gnupg" */ { 545, "no-batch", 0, "@" }, @@ -169,18 +168,19 @@ static ARGPARSE_OPTS opts[] = { {0} }; - +/* (Free numbers: 541) */ enum cmd_values { aNull = 0, aSym, aStore, aEncr, aKeygen, aSign, aSignEncr, - aSignKey, aClearsign, aListPackets, aEditSig, aDeleteKey, aDeleteSecretKey, + aSignKey, aClearsign, aListPackets, aEditKey, aDeleteKey, aDeleteSecretKey, aKMode, aKModeC, aChangePass, aImport, aVerify, aDecrypt, aListKeys, aListSigs, aKeyadd, aListSecretKeys, aExport, aExportSecret, aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs, - aListTrustDB, aListTrustPath, aDeArmor, aEnArmor, aGenRandom, aTest, -aNOP }; + aListTrustDB, aListTrustPath, aListOwnerTrust, + aDeArmor, aEnArmor, aGenRandom, +aTest }; static char *build_list( const char *text, @@ -358,8 +358,6 @@ check_opts(void) { if( !opt.def_cipher_algo || check_cipher_algo(opt.def_cipher_algo) ) log_error(_("selected cipher algorithm is invalid\n")); - if( !opt.def_pubkey_algo || check_pubkey_algo(opt.def_pubkey_algo) ) - log_error(_("selected pubkey algorithm is invalid\n")); if( opt.def_digest_algo && check_digest_algo(opt.def_digest_algo) ) log_error(_("selected digest algorithm is invalid\n")); if( opt.def_compress_algo < 1 || opt.def_compress_algo > 2 ) @@ -414,7 +412,6 @@ main( int argc, char **argv ) opt.compress = -1; /* defaults to standard compress level */ /* fixme: set the next two to zero and decide where used */ opt.def_cipher_algo = DEFAULT_CIPHER_ALGO; - opt.def_pubkey_algo = DEFAULT_PUBKEY_ALGO; opt.def_digest_algo = 0; opt.def_compress_algo = 2; opt.completes_needed = 1; @@ -510,14 +507,11 @@ main( int argc, char **argv ) case 506: set_cmd( &cmd, aSignKey); break; case 507: set_cmd( &cmd, aStore); break; case 523: set_passphrase_fd( pargs.r.ret_int ); break; - case 524: set_cmd( &cmd, aEditSig); break; + case 524: set_cmd( &cmd, aEditKey); break; case 525: set_cmd( &cmd, aChangePass); break; case 527: opt.def_cipher_algo = string_to_cipher_algo(pargs.r.ret_str); break; - case 528: - opt.def_pubkey_algo = string_to_pubkey_algo(pargs.r.ret_str); - break; case 529: opt.def_digest_algo = string_to_digest_algo(pargs.r.ret_str); break; @@ -527,7 +521,6 @@ main( int argc, char **argv ) case 550: set_cmd( &cmd, aVerify); break; #else case 527: - case 528: case 529: break; #endif /* !IS_G10 */ @@ -543,6 +536,7 @@ main( int argc, char **argv ) case 547: set_cmd( &cmd, aEnArmor); break; case 548: set_cmd( &cmd, aGenRandom); break; case 555: set_cmd( &cmd, aPrintMD); break; + case 564: set_cmd( &cmd, aListOwnerTrust); break; #endif /* IS_G10MAINT */ case 'o': opt.outfile = pargs.r.ret_str; break; @@ -581,7 +575,6 @@ main( int argc, char **argv ) case 536: opt.marginals_needed = pargs.r.ret_int; break; case 537: set_cmd( &cmd, aExport); break; case 538: trustdb_name = pargs.r.ret_str; break; - case 541: set_cmd( &cmd, aNOP); break; case 543: break; /* no-options */ case 544: opt.homedir = pargs.r.ret_str; break; case 545: opt.batch = 0; break; @@ -692,6 +685,7 @@ main( int argc, char **argv ) if( opt.with_colons ) /* need this to list the trust */ rc = init_trustdb(1, trustdb_name ); break; + case aListOwnerTrust: rc = init_trustdb( 0, trustdb_name ); break; case aListTrustDB: rc = init_trustdb( argc? 1:0, trustdb_name ); break; default: rc = init_trustdb(1, trustdb_name ); break; } @@ -784,9 +778,9 @@ main( int argc, char **argv ) log_error("%s: sign key failed: %s\n", print_fname_stdin(fname), g10_errstr(rc) ); break; - case aEditSig: /* Edit a key signature */ + case aEditKey: /* Edit a key signature */ if( argc != 1 ) - wrong_args(_("--edit-sig username")); + wrong_args(_("--edit-key username")); /* note: fname is the user id! */ if( (rc = edit_keysigs(fname)) ) log_error("%s: edit signature failed: %s\n", print_fname_stdin(fname), g10_errstr(rc) ); @@ -1003,11 +997,14 @@ main( int argc, char **argv ) list_trust_path( atoi(*argv), argv[1] ); break; - #endif /* IS_G10MAINT */ + case aListOwnerTrust: + if( argc ) + wrong_args("--list-ownertrust"); + list_ownertrust(); + break; + #endif /* IS_G10MAINT */ - case aNOP: - break; case aListPackets: opt.list_packets=1; @@ -1053,6 +1050,20 @@ g10_exit( int rc ) exit(rc ); } + +void +do_not_use_RSA() +{ + static int did_rsa_note = 0; + + if( !did_rsa_note ) { + did_rsa_note = 1; + log_info(_("RSA keys are depreciated; please consider " + "creating a new key and use this key in the future\n")); + } +} + + #ifdef IS_G10MAINT static void print_hex( byte *p, size_t n ) @@ -1159,41 +1170,6 @@ print_mds( const char *fname, int algo ) static void do_test(int times) { - MPI base[4]; - MPI exp[4]; - MPI t1 = mpi_alloc(50); - MPI t2 = mpi_alloc(50); - MPI t3 = mpi_alloc(50); - MPI tmp= mpi_alloc(50); - MPI m = mpi_alloc(50); - MPI res = mpi_alloc(50); - - mpi_fromstr( m, "0x10000000000000000000000000" ); - base[0] = mpi_alloc_set_ui( 3 ); - mpi_fromstr( base[0], "0x145984358945989898495ffdd13" ); - base[1] = mpi_alloc_set_ui( 5 ); - mpi_fromstr( base[1], "0x000effff9999000000001100001" ); - base[2] = mpi_alloc_set_ui( 2 ); - mpi_fromstr( base[2], "0x499eeeaaaaa0444444545466672" ); - base[3] = NULL; - exp[0] = mpi_alloc_set_ui( 30 ); - exp[1] = mpi_alloc_set_ui( 10 ); - mpi_fromstr( exp[1], "0x3457878888888888aabbbccccc1" ); - exp[2] = mpi_alloc_set_ui( 24 ); - exp[3] = NULL; - - mpi_powm( t1, base[0], exp[0], m ); - mpi_powm( t2, base[1], exp[1], m ); - mpi_powm( t3, base[2], exp[2], m ); - mpi_mulm( tmp, t1, t2, m ); - mpi_mulm( t1, tmp, t3, m ); - log_mpidump("X=", t1 ); - - - mpi_mulpowm( res, base, exp, m ); - log_mpidump("X=", res ); - - m_check(NULL); } #endif /* IS_G10MAINT */ diff --git a/g10/getkey.c b/g10/getkey.c index b88b926e0..0c69efb0b 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -76,12 +76,15 @@ static int lookup_sk( PKT_secret_key *sk, int mode, u32 *keyid, const char *name ); /* note this function may be called before secure memory is - * available */ + * available + * The first keyring which is added by this function is + * created if it does not exist. + */ void add_keyring( const char *name ) { STRLIST sl; - int rc; + int rc, force = !keyrings; if( *name != '/' ) { /* do tilde expansion etc */ char *p ; @@ -90,22 +93,17 @@ add_keyring( const char *name ) p = make_filename(name, NULL); else p = make_filename(opt.homedir, name, NULL); - sl = m_alloc( sizeof *sl + strlen(p) ); - strcpy(sl->d, p ); + sl = append_to_strlist( &keyrings, p ); m_free(p); } - else { - sl = m_alloc( sizeof *sl + strlen(name) ); - strcpy(sl->d, name ); - } - sl->next = keyrings; - keyrings = sl; + else + sl = append_to_strlist( &keyrings, name ); /* fixme: We should remove much out of this module and * combine it with the keyblock stuff from ringedit.c * For now we will simple add the filename as keyblock resource */ - rc = add_keyblock_resource( sl->d, 0, 0 ); + rc = add_keyblock_resource( sl->d, force, 0 ); if( rc ) log_error("keyblock resource '%s': %s\n", sl->d, g10_errstr(rc) ); } @@ -139,7 +137,7 @@ void add_secret_keyring( const char *name ) { STRLIST sl; - int rc; + int rc, force = !secret_keyrings; if( *name != '/' ) { /* do tilde expansion etc */ char *p ; @@ -148,22 +146,17 @@ add_secret_keyring( const char *name ) p = make_filename(name, NULL); else p = make_filename(opt.homedir, name, NULL); - sl = m_alloc( sizeof *sl + strlen(p) ); - strcpy(sl->d, p ); + sl = append_to_strlist( &secret_keyrings, p ); m_free(p); } - else { - sl = m_alloc( sizeof *sl + strlen(name) ); - strcpy(sl->d, name ); - } - sl->next = secret_keyrings; - secret_keyrings = sl; + else + sl = append_to_strlist( &secret_keyrings, name ); /* fixme: We should remove much out of this module and * combine it with the keyblock stuff from ringedit.c * For now we will simple add the filename as keyblock resource */ - rc = add_keyblock_resource( sl->d, 0, 1 ); + rc = add_keyblock_resource( sl->d, force, 1 ); if( rc ) log_error("secret keyblock resource '%s': %s\n", sl->d, g10_errstr(rc)); } @@ -648,6 +641,7 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode ) } } + /**************** * Lookup a key by scanning all keyrings * mode 1 = lookup by NAME (exact) @@ -696,7 +690,12 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid, || kk->pkt->pkttype == PKT_PUBLIC_SUBKEY ) && ( !pk->pubkey_algo || pk->pubkey_algo - == kk->pkt->pkt.public_key->pubkey_algo)) + == kk->pkt->pkt.public_key->pubkey_algo) + && ( !pk->pubkey_usage + || !check_pubkey_algo2( + kk->pkt->pkt.public_key->pubkey_algo, + pk->pubkey_usage )) + ) break; if( kk ) { u32 aki[2]; @@ -711,6 +710,9 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid, } } else { /* keyid or fingerprint lookup */ + /* No need to compare the usage here, as we already have the + * keyid to use + */ if( DBG_CACHE && (mode== 10 || mode==11) ) { log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n", (ulong)keyid[0], (ulong)keyid[1], diff --git a/g10/gpgd.c b/g10/gpgd.c index 34158b7f9..da7a990dc 100644 --- a/g10/gpgd.c +++ b/g10/gpgd.c @@ -249,6 +249,18 @@ g10_exit( int rc ) exit(rc ); } +void +do_not_use_RSA() +{ + static int did_rsa_note = 0; + + if( !did_rsa_note ) { + did_rsa_note = 1; + log_info("RSA keys are depreciated; please consider " + "creating a new key and use this key in the future\n"); + } +} + static void become_daemon() diff --git a/g10/import.c b/g10/import.c index 1467f092f..3ed6b96bb 100644 --- a/g10/import.c +++ b/g10/import.c @@ -125,7 +125,7 @@ import_keys( const char *fname ) } if( rc == -1 ) rc = 0; - else if( rc ) + else if( rc && rc != G10ERR_INV_KEYRING ) log_error("%s: read error: %s\n", fname, g10_errstr(rc)); iobuf_close(inp); diff --git a/g10/keyedit.c b/g10/keyedit.c index 3851b5c06..ee50a7880 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -75,8 +75,9 @@ sign_it_p( PKT_public_key *pk, PKT_user_id *uid ) char *answer; int yes; - tty_printf("\nAre you really sure that you want to sign this key:\n\n" - "%4u%c/%08lX %s ", + tty_printf("\n"); + tty_printf(_("Are you really sure that you want to sign this key:\n\n")); + tty_printf("pub %4u%c/%08lX %s ", nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), (ulong)keyid_from_pk( pk, NULL ), @@ -85,7 +86,7 @@ sign_it_p( PKT_public_key *pk, PKT_user_id *uid ) tty_printf("\n"); show_fingerprint(pk); tty_printf("\n"); - answer = tty_get("Sign this key? "); + answer = tty_get(_("Sign this key? ")); tty_kill_prompt(); yes = answer_is_yes(answer); m_free(answer); @@ -141,11 +142,11 @@ check_all_keysigs( KBNODE keyblock ) } } if( inv_sigs ) - tty_printf("%d bad signatures\n", inv_sigs ); + tty_printf(_("%d bad signatures\n"), inv_sigs ); if( no_key ) - tty_printf("No public key for %d signatures\n", no_key ); + tty_printf(_("No public key for %d signatures\n"), no_key ); if( oth_err ) - tty_printf("%d signatures not checked due to errors\n", oth_err ); + tty_printf(_("%d signatures not checked due to errors\n"), oth_err ); return inv_sigs || no_key || oth_err; } @@ -172,7 +173,7 @@ remove_keysigs( KBNODE keyblock, u32 *keyid, int all ) tty_printf("\n \"%08lX %s ", sig->keyid[1], datestr_from_sig(sig)); if( node->flag & 6 ) - tty_printf("[User name not available] "); + tty_printf(_("[User name not available] ")); else { size_t n; char *p = get_user_id( sig->keyid, &n ); @@ -181,18 +182,19 @@ remove_keysigs( KBNODE keyblock, u32 *keyid, int all ) } tty_printf("\"\n"); if( node->flag & 1 ) - tty_printf("This is a BAD signature!\n"); + tty_printf(_("This is a BAD signature!\n")); else if( node->flag & 2 ) - tty_printf("Public key not available.\n"); + tty_printf(_("Public key not available.\n")); else if( node->flag & 4 ) - tty_printf("The signature could not be checked!\n"); + tty_printf(_("The signature could not be checked!\n")); if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { - tty_printf("Skipped self-signature\n"); + tty_printf(_("Skipped self-signature\n")); continue; /* do not remove self-signatures */ } - answer = tty_get("\nRemove this signature? "); + tty_printf("\n"); + answer = tty_get(_("Remove this signature? ")); tty_kill_prompt(); if( answer_is_yes(answer) ) { node->flag |= 128; /* use bit 7 to mark this node */ @@ -204,7 +206,7 @@ remove_keysigs( KBNODE keyblock, u32 *keyid, int all ) if( !count ) return 0; /* nothing to remove */ - answer = tty_get("Do you really want to remove the selected signatures? "); + answer = tty_get(_("Do you really want to remove the selected signatures? ")); tty_kill_prompt(); yes = answer_is_yes(answer); m_free(answer); @@ -245,7 +247,7 @@ sign_key( const char *username, STRLIST locusr ) /* search the userid */ rc = find_keyblock_byname( &kbpos, username ); if( rc ) { - log_error("user '%s' not found\n", username ); + log_error(_("%s: user not found\n"), username ); goto leave; } @@ -272,7 +274,7 @@ sign_key( const char *username, STRLIST locusr ) pk = node->pkt->pkt.public_key; keyid_from_pk( pk, pk_keyid ); - log_info("Checking signatures of this public key certificate:\n"); + tty_printf(_("Checking signatures of this public key certificate:\n")); tty_printf("pub %4u%c/%08lX %s ", nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), @@ -289,7 +291,8 @@ sign_key( const char *username, STRLIST locusr ) if( check_all_keysigs( keyblock ) ) { if( !opt.batch ) { /* ask whether we really should do anything */ - answer = tty_get("To you want to remove some of the invalid sigs? "); + answer = tty_get( + _("To you want to remove some of the invalid sigs? ")); tty_kill_prompt(); if( answer_is_yes(answer) ) remove_keysigs( keyblock, pk_keyid, 0 ); @@ -309,7 +312,7 @@ sign_key( const char *username, STRLIST locusr ) && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) { if( akeyid[0] == node->pkt->pkt.signature->keyid[0] && akeyid[1] == node->pkt->pkt.signature->keyid[1] ) { - log_info("Already signed by keyid %08lX\n", + log_info(_("Already signed by keyid %08lX\n"), (ulong)akeyid[1] ); sk_rover->mark = 0; } @@ -321,7 +324,7 @@ sign_key( const char *username, STRLIST locusr ) break; } if( !sk_rover ) { - log_info("Nothing to sign\n"); + log_info(_("Nothing to sign\n")); goto leave; } @@ -390,7 +393,7 @@ edit_keysigs( const char *username ) /* search the userid */ rc = find_keyblock_byname( &kbpos, username ); if( rc ) { - log_error("%s: user not found\n", username ); + log_error(_("%s: user not found\n"), username ); goto leave; } @@ -411,7 +414,7 @@ edit_keysigs( const char *username ) pk = node->pkt->pkt.public_key; keyid_from_pk( pk, pk_keyid ); - log_info("Checking signatures of this public key certificate:\n"); + tty_printf(_("Checking signatures of this public key certificate:\n")); tty_printf("pub %4u%c/%08lX %s ", nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), @@ -459,7 +462,7 @@ delete_key( const char *username, int secret ) rc = secret? find_secret_keyblock_byname( &kbpos, username ) : find_keyblock_byname( &kbpos, username ); if( rc ) { - log_error("%s: user not found\n", username ); + log_error(_("%s: user not found\n"), username ); goto leave; } @@ -622,10 +625,10 @@ change_passphrase( const char *username ) rc = G10ERR_PUBKEY_ALGO; break; case 0: - tty_printf("This key is not protected.\n"); + tty_printf(_("This key is not protected.\n")); break; default: - tty_printf("Key is protected.\n"); + tty_printf(_("Key is protected.\n")); rc = check_secret_key( sk ); if( !rc ) passphrase = get_last_passphrase(); @@ -644,7 +647,7 @@ change_passphrase( const char *username ) } if( rc ) - tty_printf("Can't edit this key: %s\n", g10_errstr(rc)); + tty_printf(_("Can't edit this key: %s\n"), g10_errstr(rc)); else { DEK *dek = NULL; STRING2KEY *s2k = m_alloc_secure( sizeof *s2k ); diff --git a/g10/main.h b/g10/main.h index 03150d37f..dcba0488f 100644 --- a/g10/main.h +++ b/g10/main.h @@ -43,6 +43,7 @@ typedef struct { #else void g10_exit(int rc); #endif +void do_not_use_RSA(void); /*-- misc.c --*/ void trap_unaligned(void); diff --git a/g10/options.h b/g10/options.h index 1e34ced08..8ad0a4205 100644 --- a/g10/options.h +++ b/g10/options.h @@ -37,7 +37,7 @@ struct { int no_armor; int list_packets; /* list-packets mode */ int def_cipher_algo; - int def_pubkey_algo; + int reserved; int def_digest_algo; int def_compress_algo; int no_comment; diff --git a/g10/packet.h b/g10/packet.h index 4524328c6..edca2a4e9 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -109,6 +109,7 @@ typedef struct { byte hdrbytes; /* number of header bytes */ byte version; byte pubkey_algo; /* algorithm used for public key scheme */ + byte pubkey_usage; /* for now only used to pass it to getkey() */ ulong local_id; /* internal use, valid if > 0 */ MPI pkey[PUBKEY_MAX_NPKEY]; } PKT_public_key; @@ -119,6 +120,7 @@ typedef struct { byte hdrbytes; /* number of header bytes */ byte version; byte pubkey_algo; /* algorithm used for public key scheme */ + byte pubkey_usage; byte is_protected; /* The secret info is protected and must */ /* be decrypted before use, the protected */ /* MPIs are simply (void*) pointers to memory */ diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 20afd4163..ab1e6cdf8 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -203,7 +203,7 @@ static int parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, int *skip, IOBUF out, int do_skip ) { - int rc, c, ctb, pkttype, lenbytes; + int rc=0, c, ctb, pkttype, lenbytes; unsigned long pktlen; byte hdr[8]; int hdrlen; @@ -213,13 +213,16 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, assert( !pkt->pkt.generic ); if( retpos ) *retpos = iobuf_tell(inp); - if( (ctb = iobuf_get(inp)) == -1 ) - return -1; + if( (ctb = iobuf_get(inp)) == -1 ) { + rc = -1; + goto leave; + } hdrlen=0; hdr[hdrlen++] = ctb; if( !(ctb & 0x80) ) { log_error("%s: invalid packet (ctb=%02x)\n", iobuf_where(inp), ctb ); - return G10ERR_INVALID_PACKET; + rc = G10ERR_INVALID_PACKET; + goto leave; } pktlen = 0; new_ctb = !!(ctb & 0x40); @@ -227,7 +230,8 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, pkttype = ctb & 0x3f; if( (c = iobuf_get(inp)) == -1 ) { log_error("%s: 1st length byte missing\n", iobuf_where(inp) ); - return G10ERR_INVALID_PACKET; + rc = G10ERR_INVALID_PACKET; + goto leave; } hdr[hdrlen++] = c; if( c < 192 ) @@ -236,7 +240,8 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, pktlen = (c - 192) * 256; if( (c = iobuf_get(inp)) == -1 ) { log_error("%s: 2nd length byte missing\n", iobuf_where(inp) ); - return G10ERR_INVALID_PACKET; + rc = G10ERR_INVALID_PACKET; + goto leave; } hdr[hdrlen++] = c; pktlen += c + 192; @@ -247,7 +252,8 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 8; if( (c = iobuf_get(inp)) == -1 ) { log_error("%s: 4 byte length invalid\n", iobuf_where(inp) ); - return G10ERR_INVALID_PACKET; + rc = G10ERR_INVALID_PACKET; + goto leave; } pktlen |= (hdr[hdrlen++] = c ); } @@ -277,13 +283,14 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, rc = G10ERR_WRITE_FILE; else rc = copy_packet(inp, out, pkttype, pktlen ); - return rc; + goto leave; } if( do_skip || !pkttype || (reqtype && pkttype != reqtype) ) { skip_packet(inp, pkttype, pktlen); *skip = 1; - return 0; + rc = 0; + goto leave; } if( DBG_PACKET ) @@ -341,6 +348,9 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, break; } + leave: + if( rc == -1 && iobuf_error(inp) ) + rc = G10ERR_INV_KEYRING; return rc; } @@ -925,6 +935,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, sk->hdrbytes = hdrlen; sk->version = version; sk->pubkey_algo = algorithm; + sk->pubkey_usage = 0; /* not yet used */ } else { PKT_public_key *pk = pkt->pkt.public_key; @@ -934,6 +945,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, pk->hdrbytes = hdrlen; pk->version = version; pk->pubkey_algo = algorithm; + pk->pubkey_usage = 0; /* not yet used */ } nskey = pubkey_get_nskey( algorithm ); npkey = pubkey_get_npkey( algorithm ); diff --git a/g10/pkclist.c b/g10/pkclist.c index 3babb2997..e20fe8503 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -317,9 +317,10 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage ) if( pk ) free_public_key( pk ); pk = m_alloc_clear( sizeof *pk ); + pk->pubkey_usage = usage; rc = get_pubkey_byname( pk, answer ); if( rc ) - tty_printf("No such user ID.\n"); + tty_printf(_("No such user ID.\n")); else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage)) ) { int trustlevel; @@ -350,9 +351,10 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage ) for(; remusr; remusr = remusr->next ) { pk = m_alloc_clear( sizeof *pk ); + pk->pubkey_usage = usage; if( (rc = get_pubkey_byname( pk, remusr->d )) ) { free_public_key( pk ); pk = NULL; - log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) ); + log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) ); } else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage )) ) { int trustlevel; @@ -360,7 +362,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage ) rc = check_trust( pk, &trustlevel ); if( rc ) { free_public_key( pk ); pk = NULL; - log_error("error checking pk of '%s': %s\n", + log_error(_("%s: error checking key: %s\n"), remusr->d, g10_errstr(rc) ); } else if( do_we_trust_pre( pk, trustlevel ) ) { @@ -379,14 +381,14 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage ) } else { free_public_key( pk ); pk = NULL; - log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) ); + log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) ); } } } if( !rc && !pk_list ) { - log_error("no valid addressees\n"); + log_error(_("no valid addressees\n")); rc = G10ERR_NO_USER_ID; } diff --git a/g10/pref.c b/g10/pref.c new file mode 100644 index 000000000..342696907 --- /dev/null +++ b/g10/pref.c @@ -0,0 +1,81 @@ +/* pref.c + * Copyright (C) 1998 Free Software Foundation, Inc. + * + * This file is part of GNUPG. + * + * GNUPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#define DEFINES_PREF_LIST 1 +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <assert.h> + +#include "errors.h" +#include "memory.h" +#include "util.h" +#include "ttyio.h" +#include "i18n.h" +#include "pref.h" + + +#define N_CIPHERS 3 +#define N_DIGESTS 4 +#define N_COMPRS 3 + +struct pref_list_s { + PREF_LIST *extend; /* if we need more, we link them together */ + byte cipher[N_CIPHERS]; /* cipher algos */ + byte digest[N_DIGESTS]; /* digest algos */ + byte compr [N_COMPRS ]; /* compress algos (a 255 denotes no compression)*/ +}; + + +#if 0 +PREF_LIST +new_pref_list() +{ + return m_alloc_clear( sizeof(*PREF_LIST) ); +} + +void +release_pref_list( PREF_LIST pref ) +{ + while( pref ) { + PREF_LIST tmp = pref->extend; + m_free( pref ); + pref = tmp; + } +} + +PREF_LIST +copy_pref_list( PREF_LIST s ) +{ + PREF_LIST ss, ss, d = new_pref_list(); + *d = *s; + for( ss = s->extend; ss; ss = ss->extend ) { + + WORK WORK WORK + d->extend = new_pref_list(); + + *d->extend = *ss; + } + return d; +} +#endif + diff --git a/g10/pref.h b/g10/pref.h new file mode 100644 index 000000000..ec173c90b --- /dev/null +++ b/g10/pref.h @@ -0,0 +1,42 @@ +/* pref.h + * Copyright (C) 1998 Free Software Foundation, Inc. + * + * This file is part of GNUPG. + * + * GNUPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifndef G10_PREF_H +#define G10_PREF_H 1 + +/* a structure to hold information abopu preferred algorithms */ +typedef struct pref_list_s *PREF_LIST; +#ifndef DEFINES_PREF_LIST +struct pref_list_s { char preference_stuff[1]; }; +#endif + + +PREF_LIST new_pref_list(void); +void release_pref_list( PREF_LIST pref ); + + + + + + + + + +#endif /*G10_PREF_H*/ diff --git a/g10/ringedit.c b/g10/ringedit.c index 876247000..58eb6d6d9 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -117,6 +117,17 @@ add_keyblock_resource( const char *filename, int force, int secret ) if( !iobuf && !force ) return G10ERR_OPEN_FILE; #endif + + if( !iobuf ) { + iobuf = iobuf_create( filename ); + if( !iobuf ) { + log_error("%s: can't create: %s\n", filename, strerror(errno)); + return G10ERR_OPEN_FILE; + } + else + log_info("%s: keyring created\n", filename ); + } + resource_table[i].used = 1; resource_table[i].secret = !!secret; resource_table[i].fname = m_strdup(filename); @@ -726,6 +737,8 @@ keyring_copy( KBPOS *kbpos, int mode, KBNODE root ) log_error("%s: can't create: %s\n", rentry->fname, strerror(errno)); return G10ERR_OPEN_FILE; } + else + log_info("%s: keyring created\n", rentry->fname ); kbctx=NULL; while( (node = walk_kbnode( root, &kbctx, 0 )) ) { diff --git a/g10/sign.c b/g10/sign.c index 116e74b73..7dffba314 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -46,6 +46,9 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, byte *dp; int rc; + if( is_RSA(sk->pubkey_algo) ) + do_not_use_RSA(); + if( !digest_algo ) digest_algo = md_get_algo(md); @@ -166,12 +169,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, if( fname && filenames->next && (!detached || encrypt) ) log_bug("multiple files can only be detached signed"); - if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) ) + if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) goto leave; if( !old_style ) old_style = only_old_style( sk_list ); if( encrypt ) { - if( (rc=build_pk_list( remusr, &pk_list, 2 )) ) + if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) ) goto leave; } @@ -314,6 +317,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, pt->timestamp = make_timestamp(); pt->mode = opt.textmode && !outfile ? 't':'b'; pt->len = filesize; + pt->new_ctb = !pt->len && !opt.rfc1991; pt->buf = inp; pkt.pkttype = PKT_PLAINTEXT; pkt.pkt.plaintext = pt; @@ -461,12 +465,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) SK_LIST sk_list = NULL; SK_LIST sk_rover = NULL; int old_style = opt.rfc1991; + int only_md5 = 0; memset( &afx, 0, sizeof afx); memset( &tfx, 0, sizeof tfx); init_packet( &pkt ); - if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) ) + if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) goto leave; if( !old_style ) old_style = only_old_style( sk_list ); @@ -493,18 +498,36 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) goto leave; } - /* FIXME: This stuff is not correct if multiple hash algos are used*/ iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----\n" ); - if( old_style - || (opt.def_digest_algo?opt.def_digest_algo:DEFAULT_DIGEST_ALGO) - == DIGEST_ALGO_MD5 ) + + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { + PKT_secret_key *sk = sk_rover->sk; + if( hash_for(sk->pubkey_algo) == DIGEST_ALGO_MD5 ) + only_md5 = 1; + else { + only_md5 = 0; + break; + } + } + + if( old_style || only_md5 ) iobuf_writestr(out, "\n" ); else { - const char *s = digest_algo_to_string(opt.def_digest_algo? - opt.def_digest_algo:DEFAULT_DIGEST_ALGO); - assert(s); + const char *s; + int any = 0; + iobuf_writestr(out, "Hash: " ); - iobuf_writestr(out, s ); + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { + PKT_secret_key *sk = sk_rover->sk; + s = digest_algo_to_string( hash_for(sk->pubkey_algo) ); + if( s ) { + if( any ) + iobuf_put(out, ',' ); + iobuf_writestr(out, s ); + any = 1; + } + } + assert(any); iobuf_writestr(out, "\n\n" ); } diff --git a/g10/skclist.c b/g10/skclist.c index 7082a2caa..efd97f3d1 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -56,13 +56,14 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, PKT_secret_key *sk; sk = m_alloc_clear( sizeof *sk ); + sk->pubkey_usage = usage; if( (rc = get_seckey_byname( sk, NULL, unlock )) ) { free_secret_key( sk ); sk = NULL; log_error("no default secret key: %s\n", g10_errstr(rc) ); } else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) { SK_LIST r; - if( sk->version == 4 && (usage & 1) + if( sk->version == 4 && (usage & PUBKEY_USAGE_SIG) && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { log_error("this is a PGP generated " "ElGamal key which is NOT secure for signatures!\n"); @@ -86,13 +87,14 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, PKT_secret_key *sk; sk = m_alloc_clear( sizeof *sk ); + sk->pubkey_usage = usage; if( (rc = get_seckey_byname( sk, locusr->d, unlock )) ) { free_secret_key( sk ); sk = NULL; log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) ); } else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) { SK_LIST r; - if( sk->version == 4 && (usage & 1) + if( sk->version == 4 && (usage & PUBKEY_USAGE_SIG) && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { log_info("skipped '%s': this is a PGP generated " "ElGamal key which is not secure for signatures!\n", diff --git a/g10/trustdb.c b/g10/trustdb.c index e9264c69e..4ca177c1d 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1540,18 +1540,13 @@ init_trustdb( int level, const char *dbname ) if( !level ) return 0; - /* we can verify a signature about our local data (secring and trustdb) - * in ~/.gnupg/ here */ - rc = verify_private_data(); - if( !rc ) { - /* verify that our own keys are in the trustDB - * or move them to the trustdb. */ - rc = verify_own_keys(); + /* verify that our own keys are in the trustDB + * or move them to the trustdb. */ + rc = verify_own_keys(); - /* should we check whether there is no other ultimately trusted - * key in the database? */ + /* should we check whether there is no other ultimately trusted + * key in the database? */ - } } else BUG(); @@ -1593,6 +1588,27 @@ list_trustdb( const char *username ) } } +/**************** + * make a list of all owner trust value. + */ +void +list_ownertrust() +{ + TRUSTREC rec; + ulong recnum; + int i; + byte *p; + + for(recnum=0; !read_record( recnum, &rec, 0); recnum++ ) { + if( rec.rectype == RECTYPE_KEY ) { + p = rec.r.key.fingerprint; + for(i=0; i < rec.r.key.fingerprint_len; i++, p++ ) + printf("%02X", *p ); + printf(":%u:\n", (unsigned)rec.r.key.ownertrust ); + } + } +} + void list_trust_path( int max_depth, const char *username ) { @@ -2012,50 +2028,3 @@ update_no_sigs( ulong lid, int no_sigs ) } -int -verify_private_data() -{ - int rc = 0; - char *sigfile = make_filename(opt.homedir, "gnupg.sig", NULL ); - - if( access( sigfile, R_OK ) ) { - if( errno != ENOENT ) { - log_error("can't access %s: %s\n", sigfile, strerror(errno) ); - rc = G10ERR_TRUSTDB; - goto leave; - } - log_info("private data signature missing; creating ...\n"); - rc = sign_private_data(); - if( rc ) { - log_error("error creating %s: %s\n", sigfile, g10_errstr(rc) ); - goto leave; - } - } - - /* FIXME: verify this signature */ - - leave: - m_free(sigfile); - return rc; -} - - -int -sign_private_data() -{ - int rc; - char *sigfile = make_filename(opt.homedir, "gnupg.sig", NULL ); - char *secring = make_filename(opt.homedir, "secring.gpg", NULL ); - STRLIST list = NULL; - - add_to_strlist( &list, db_name ); - add_to_strlist( &list, secring ); - - rc = sign_file( list, 1, NULL, 0, NULL, sigfile); - - m_free(sigfile); - m_free(secring); - free_strlist(list); - return rc; -} - diff --git a/g10/trustdb.h b/g10/trustdb.h index e4d74e411..705ffaf80 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -38,6 +38,7 @@ /*-- trustdb.c --*/ void list_trustdb(const char *username); void list_trust_path( int max_depth, const char *username ); +void list_ownertrust(void); int init_trustdb( int level, const char *dbname ); int check_trust( PKT_public_key *pk, unsigned *r_trustlevel ); int query_trust_info( PKT_public_key *pk ); @@ -47,7 +48,5 @@ int keyid_from_trustdb( ulong lid, u32 *keyid ); int query_trust_record( PKT_public_key *pk ); int insert_trust_record( PKT_public_key *pk ); int update_ownertrust( ulong lid, unsigned new_trust ); -int verify_private_data(void); -int sign_private_data(void); #endif /*G10_TRUSTDB_H*/ |