blob: 30e27e75fbfad5e2afa0df022783f821670a4268 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
* Look at FEATURES packet to decide wether to use MDC. We should
rethink the whole preference implementation and drop that ugly hamehash
stuff. Is it possible to that in getkey? We have to see whether we
realy lookit up by user name or whethre there is a double lookup,
first by userid and then later by keyid - which is bad.
* options.skel wird mit umask von root installiert.
* See how we can handle the symlinks in ./gcrypt
* Add SIGSEGV handler to overcome zlib problems with truncated data.
* Use --output for keylistings too.
* Never allocate packet memory with a m-alloc, but use a specific function.
* Should we change names like mpi_write in g10/ so that we don't
use the prefix mpi here?
* Implement the AXP syscall to enable bus traps for GLIB 2
* parse a paramter file to do automatic key generation and to set
parameters for the keygen menu. Far easier than to do a dialog for
each required parameter.
* With option -i prompt before adding a key to the keyring and show some
info what we are about to add.
* Speed up calculation of key validation.
* --disable-asm should still assemble _udiv_qrnnd when needed
* Skip RO keyrings when importing a key.
* Use the newest encryption key if only the main key has been given.
* replace the keyserver stuff either by a call to a specialized
utility and SOCKSify this utility.
* Check the beginning of file to detect already compressed files (gzip,
bzip2, xdelta and some picture formats)
* Delay the read of the passphrase-fd afte a NEED_PASSPHRASE. But this
may break some scripts.
* as soon as we have moved to KBX, we can check signatures at all places
because there is no perfomance drawback as we can store the result of
a verification in the KBX. This enable us to better print information on
revoked user IDs and signatures. Well, caching of non-self-signatures
will still be complicated.
Nice to have
------------
* Official test vectors for 3DES-EDE3
* use DEL and ^H for erasing the previous character (util/ttyio.c).
or better readline.
* Print a warning if the directory mode is wrong.
* Do a real fix for bug #7 or document that it is a PGP 5 error.
* preferences of hash algorithms are not yet used.
* Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal.
or use POSIX.4 realtime signals. Overhaul the interface and the
test program. Use it with the test suite?
* add test cases for invalid data (scrambled armor or other random data)
* add checking of armor trailers
* Burn the buffers used by fopen(), or use read(2). Does this
really make sense? And while we are at it: implement a secure deletion
stuff?
* the pubkey encrypt functions should do some sanity checks.
* dynload: implement the hint stuff.
* "gpg filename.tar.gz.asc" should work like --verify (-sab).
* for messages created with "-t", it might make sense to append the
verification status of the message to the output (i.e. write something to
the --output file and not only to stderr.
* configure option where to find zlib
* Display more validity information about the user IDs at certain places.
We need a more general function to extract such kind of info from the
trustdb.
* Evaluate whether it make sense to replace the namehashs either by
using the user ID directly or by using pointers into the trustdb.
* --gen-prime may trigger a log_bug; should be a log_fatal.
|