[svn] GnuPG - r3876 - trunk/g10
svn author dshaw
cvs at cvs.gnupg.org
Sat Aug 27 05:09:42 CEST 2005
Author: dshaw
Date: 2005-08-27 05:09:40 +0200 (Sat, 27 Aug 2005)
New Revision: 3876
Modified:
trunk/g10/ChangeLog
trunk/g10/getkey.c
trunk/g10/keyedit.c
trunk/g10/keygen.c
trunk/g10/keyid.c
trunk/g10/keyserver.c
trunk/g10/misc.c
Log:
* misc.c (openpgp_pk_algo_usage): Default to allowing CERT for signing
algorithms.
* keyedit.c (sign_uids): Don't request a signing key to make a
certification.
* keygen.c (do_add_key_flags): Force the certify flag on for all
primary keys, as the spec requires primary keys must be able to
certify (if nothing else, which key is going to issue the user ID
signature?) (print_key_flags): Show certify flag. (ask_key_flags,
ask_algo): Don't allow setting the C flag for subkeys.
* keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): Distinguish
between a sign/certify key and a certify-only key.
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2005-08-27 02:56:51 UTC (rev 3875)
+++ trunk/g10/ChangeLog 2005-08-27 03:09:40 UTC (rev 3876)
@@ -1,5 +1,22 @@
2005-08-26 David Shaw <dshaw at jabberwocky.com>
+ * misc.c (openpgp_pk_algo_usage): Default to allowing CERT for
+ signing algorithms.
+
+ * keyedit.c (sign_uids): Don't request a signing key to make a
+ certification.
+
+ * keygen.c (do_add_key_flags): Force the certify flag on for all
+ primary keys, as the spec requires primary keys must be able to
+ certify (if nothing else, which key is going to issue the user ID
+ signature?)
+ (print_key_flags): Show certify flag.
+ (ask_key_flags, ask_algo): Don't allow setting the C flag for
+ subkeys.
+
+ * keyid.c (usagestr_from_pk), getkey.c (parse_key_usage):
+ Distinguish between a sign/certify key and a certify-only key.
+
* keyedit.c (ask_revoke_sig): Add a revsig --with-colons mode.
Suggested by Michael Schierl.
Modified: trunk/g10/getkey.c
===================================================================
--- trunk/g10/getkey.c 2005-08-27 02:56:51 UTC (rev 3875)
+++ trunk/g10/getkey.c 2005-08-27 03:09:40 UTC (rev 3876)
@@ -1331,16 +1331,24 @@
/* first octet of the keyflags */
flags=*p;
- if(flags & 3)
+ if(flags & 1)
{
+ key_usage |= PUBKEY_USAGE_CERT;
+ flags&=~1;
+ }
+
+ if(flags & 2)
+ {
key_usage |= PUBKEY_USAGE_SIG;
- flags&=~3;
+ flags&=~2;
}
- if(flags & 12)
+ /* We do not distinguish between encrypting communications and
+ encrypting storage. */
+ if(flags & (0x04|0x08))
{
key_usage |= PUBKEY_USAGE_ENC;
- flags&=~12;
+ flags&=~(0x04|0x08);
}
if(flags & 0x20)
Modified: trunk/g10/keyedit.c
===================================================================
--- trunk/g10/keyedit.c 2005-08-27 02:56:51 UTC (rev 3875)
+++ trunk/g10/keyedit.c 2005-08-27 03:09:40 UTC (rev 3876)
@@ -529,8 +529,8 @@
* be one which is capable of signing keys. I can't see a reason
* why to sign keys using a subkey. Implementation of USAGE_CERT
* is just a hack in getkey.c and does not mean that a subkey
- * marked as certification capable will be used */
- rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT);
+ * marked as certification capable will be used. */
+ rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_CERT);
if( rc )
goto leave;
Modified: trunk/g10/keygen.c
===================================================================
--- trunk/g10/keygen.c 2005-08-27 02:56:51 UTC (rev 3875)
+++ trunk/g10/keygen.c 2005-08-27 03:09:40 UTC (rev 3876)
@@ -190,9 +190,6 @@
{
byte buf[1];
- if (!use)
- return;
-
buf[0] = 0;
/* The spec says that all primary keys MUST be able to certify. */
@@ -205,6 +202,10 @@
buf[0] |= 0x04 | 0x08;
if (use & PUBKEY_USAGE_AUTH)
buf[0] |= 0x20;
+
+ if (!buf[0])
+ return;
+
build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
}
@@ -1238,6 +1239,9 @@
if(flags&PUBKEY_USAGE_SIG)
tty_printf("%s ",_("Sign"));
+ if(flags&PUBKEY_USAGE_CERT)
+ tty_printf("%s ",_("Certify"));
+
if(flags&PUBKEY_USAGE_ENC)
tty_printf("%s ",_("Encrypt"));
@@ -1248,7 +1252,7 @@
/* Returns the key flags */
static unsigned int
-ask_key_flags(int algo)
+ask_key_flags(int algo,int subkey)
{
const char *togglers=_("SsEeAaQq");
char *answer=NULL;
@@ -1258,6 +1262,10 @@
if(strlen(togglers)!=8)
BUG();
+ /* Only primary keys may certify. */
+ if(subkey)
+ possible&=~PUBKEY_USAGE_CERT;
+
/* Preload the current set with the possible set, minus
authentication, since nobody really uses auth yet. */
current=possible&~PUBKEY_USAGE_AUTH;
@@ -1291,7 +1299,7 @@
cpr_kill_prompt();
if(strlen(answer)>1)
- continue;
+ tty_printf(_("Invalid selection.\n"));
else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7])
break;
else if((*answer==togglers[0] || *answer==togglers[1])
@@ -1318,6 +1326,8 @@
else
current|=PUBKEY_USAGE_AUTH;
}
+ else
+ tty_printf(_("Invalid selection.\n"));
}
xfree(answer);
@@ -1362,7 +1372,7 @@
}
else if( algo == 7 && opt.expert ) {
algo = PUBKEY_ALGO_RSA;
- *r_usage=ask_key_flags(algo);
+ *r_usage=ask_key_flags(algo,addmode);
break;
}
else if( algo == 6 && addmode ) {
@@ -1382,7 +1392,7 @@
}
else if( algo == 3 && opt.expert ) {
algo = PUBKEY_ALGO_DSA;
- *r_usage=ask_key_flags(algo);
+ *r_usage=ask_key_flags(algo,addmode);
break;
}
else if( algo == 2 ) {
Modified: trunk/g10/keyid.c
===================================================================
--- trunk/g10/keyid.c 2005-08-27 02:56:51 UTC (rev 3875)
+++ trunk/g10/keyid.c 2005-08-27 03:09:40 UTC (rev 3876)
@@ -547,10 +547,13 @@
if ( use & PUBKEY_USAGE_SIG )
{
if (pk->is_primary)
- buffer[i++] = 'C';
+ use|=PUBKEY_USAGE_CERT;
buffer[i++] = 'S';
}
+ if ( use & PUBKEY_USAGE_CERT )
+ buffer[i++] = 'C';
+
if ( use & PUBKEY_USAGE_ENC )
buffer[i++] = 'E';
Modified: trunk/g10/keyserver.c
===================================================================
--- trunk/g10/keyserver.c 2005-08-27 02:56:51 UTC (rev 3875)
+++ trunk/g10/keyserver.c 2005-08-27 03:09:40 UTC (rev 3876)
@@ -853,6 +853,8 @@
}
#ifdef GPGKEYS_CURL
+/* The PGP LDAP and the curl fetch-a-LDAP-object methodologies are
+ sufficiently different that we can't use curl to do LDAP. */
static int
curl_cant_handle(const char *scheme)
{
Modified: trunk/g10/misc.c
===================================================================
--- trunk/g10/misc.c 2005-08-27 02:56:51 UTC (rev 3875)
+++ trunk/g10/misc.c 2005-08-27 03:09:40 UTC (rev 3876)
@@ -407,19 +407,19 @@
/* they are hardwired in gpg 1.0 */
switch ( algo ) {
case PUBKEY_ALGO_RSA:
- use = PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH;
+ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH;
break;
case PUBKEY_ALGO_RSA_E:
use = PUBKEY_USAGE_ENC;
break;
case PUBKEY_ALGO_RSA_S:
- use = PUBKEY_USAGE_SIG;
+ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG;
break;
case PUBKEY_ALGO_ELGAMAL_E:
use = PUBKEY_USAGE_ENC;
break;
case PUBKEY_ALGO_DSA:
- use = PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
+ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break;
default:
break;
@@ -1224,6 +1224,7 @@
return GNUPG_LIBEXECDIR;
}
+/* Similar to access(2), but uses PATH to find the file. */
int
path_access(const char *file,int mode)
{
More information about the Gnupg-commits
mailing list