[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.23-19-g6aa0464
by Werner Koch
cvs at cvs.gnupg.org
Tue Jun 24 15:40:57 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 6aa0464db9785a5f9d63b3ff826500b4e2dd7c0e (commit)
via 41dcd32218b9baf0c417090e6968dd2d250e751b (commit)
via 3b90ddde251b94a9d55e43d96fe4ccf340aa8620 (commit)
via 1242a72923db810f7e5fd36269c72b14cb19f60f (commit)
via 017c6f8fba9ae141a46084d6961ba60c4230f97a (commit)
via 8e39fe810d951c2fef4c22246440a5944a89a18c (commit)
via fb274a3cf3295dbd509494338bd6a16c8069176a (commit)
via a37f63d7b86b467df82ac77cfa5a75bfb1c77b7c (commit)
via aacb43a730a6f52c1ac91131afed73ae6ef25416 (commit)
via 2daa112a7404bcbedcda9b84c5ebbe33fd7fabd8 (commit)
via 76b0b076d0dfc1c0b011b9fd458a5158c189ebb4 (commit)
via 9607bc0b9fce1f7853eee6591b44e35deed4a66c (commit)
via 5e933008beffbeae7255ece02383606481f9c169 (commit)
via e790671cb3a35f3042558224e915b6f74ebc2251 (commit)
from ceef5568d53b286efe639c6fd1d37f154be133ef (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6aa0464db9785a5f9d63b3ff826500b4e2dd7c0e
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 15:43:46 2014 +0200
Post release updates
--
diff --git a/NEWS b/NEWS
index 5e2de7f..3800c35 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Noteworthy changes in version 2.0.25 (unreleased)
+-------------------------------------------------
+
Noteworthy changes in version 2.0.24 (2014-06-24)
-------------------------------------------------
diff --git a/configure.ac b/configure.ac
index 4ea6606..2c92c31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,7 +26,7 @@ min_automake_version="1.10"
# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [2.0.24])
+m4_define([mym4_version], [2.0.25])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
diff --git a/doc/Makefile.am b/doc/Makefile.am
index a1ca4ba..376a8f3 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -140,8 +140,8 @@ online: gnupg.html gnupg.pdf
if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \
dashdevel="-devel" ; \
else \
- rsync -v gnupg.pdf $${user}@{webhost}:webspace/manuals/ ; \
+ rsync -v gnupg.pdf $${user}@$${webhost}:webspace/manuals/ ; \
fi ; \
cd gnupg.html ; \
- rsync -vr --exclude='.svn' . \
- $${user}@{webhost}:webspace/manuals/gnupg$${dashdevel}/
+ rsync -vr --exclude='.git' . \
+ $${user}@$${webhost}:webspace/manuals/gnupg$${dashdevel}/
commit 41dcd32218b9baf0c417090e6968dd2d250e751b
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 15:11:12 2014 +0200
Release 2.0.24
diff --git a/NEWS b/NEWS
index aed90e6..5e2de7f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,20 @@
-Noteworthy changes in version 2.0.24 (unreleased)
+Noteworthy changes in version 2.0.24 (2014-06-24)
-------------------------------------------------
+ * gpg: Avoid DoS due to garbled compressed data packets.
+
+ * gpg: Screen keyserver responses to avoid importing unwanted keys
+ from rogue servers.
+
+ * gpg: The validity of user ids is now shown by default. To revert
+ this add "list-options no-show-uid-validity" to gpg.conf.
+
+ * gpg: Print more specific reason codes with the INV_RECP status.
+
+ * gpg: Allow loading of a cert only key to an OpenPGP card.
+
+ * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt 1.6.
+
Noteworthy changes in version 2.0.23 (2014-06-03)
-------------------------------------------------
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9a6782a..d66259e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2330,12 +2330,17 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
available, but the MIT release is a good common baseline.
-This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --escape-from-lines --force-v3-sigs
+This option implies
+ at ifset gpgone
+ at option{--rfc1991 --disable-mdc --no-force-v4-certs
+--escape-from-lines --force-v3-sigs
+--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
+ at end ifset
@ifclear gpgone
---allow-weak-digest-algos
- at end ifclear
+ at option{--rfc1991 --disable-mdc --no-force-v4-certs
+--escape-from-lines --force-v3-sigs --allow-weak-digest-algos
--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
+ at end ifclear
It also disables @option{--textmode} when encrypting.
@item --pgp6
commit 3b90ddde251b94a9d55e43d96fe4ccf340aa8620
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 15:10:54 2014 +0200
po: Auto-update
--
diff --git a/po/be.po b/po/be.po
index b6b973c..2a110d4 100644
--- a/po/be.po
+++ b/po/be.po
@@ -2281,6 +2281,13 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr ""
@@ -2376,6 +2383,10 @@ msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
msgid "key %s: \"%s\" not changed\n"
msgstr ""
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "ÑакрÑтны ключ недаÑтупны"
diff --git a/po/ca.po b/po/ca.po
index 06fb419..73306c7 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -2445,6 +2445,13 @@ msgid "key %s: no user ID\n"
msgstr "clau %08lX: sense ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "es descarta «%s»: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clau %08lX: corrupció de la subclau HKP reparada\n"
@@ -2539,6 +2546,10 @@ msgstr "clau %08lX: «%s» %d ID d'usuari nous\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clau %08lX: «%s» no ha estat modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "s'està escrivint la clau secreta a «%s»\n"
diff --git a/po/cs.po b/po/cs.po
index bdda65d..5e06ac7 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -2295,6 +2295,14 @@ msgstr "nelze aktualizovat předvolby s: gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "klÃÄ %s: chybà identifikátor uživatele\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "pÅ™eskoÄen „%s“: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "klÃÄ %s: PKS poÅ¡kozenà podklÃÄe opraveno\n"
@@ -2392,6 +2400,11 @@ msgstr "klÃÄ %s: „%s“ %d ID uživatele odstranÄ›no\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "klÃÄ %s: „%s“ beze zmÄ›n\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "tajný klÃÄ â€ž%s“ nenalezen: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import tajných klÃÄů nenà povolen\n"
diff --git a/po/da.po b/po/da.po
index add5085..cb70c36 100644
--- a/po/da.po
+++ b/po/da.po
@@ -2270,6 +2270,14 @@ msgstr "du kan opdatere dine præferencer med: gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "nøgle %s: ingen bruger-id\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "udelod »%s«: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "nøgle %s: korruption af PKS-undernøgle er repareret!\n"
@@ -2365,6 +2373,11 @@ msgstr "nøgle %s: »%s« %d bruger-id'er renset\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "nøgle %s: »%s« ikke ændret\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemmelig nøgle »%s« blev ikke fundet: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import af hemmelige nøgler er ikke tilladt\n"
diff --git a/po/el.po b/po/el.po
index 5a599ef..54ccde4 100644
--- a/po/el.po
+++ b/po/el.po
@@ -2380,6 +2380,13 @@ msgid "key %s: no user ID\n"
msgstr "êëåéäß %08lX: äåí õðÜñ÷åé áõôü ôï user ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ðáñáëåßöèçêå `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "êëåéäß %08lX: åðéäéüñèùóç öèáñìÝíïõ õðïêëåéäéïý HKP\n"
@@ -2474,6 +2481,10 @@ msgstr "
msgid "key %s: \"%s\" not changed\n"
msgstr "êëåéäß %08lX: \"%s\" áìåôÜâëçôï\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "ôï ìõóôéêü êëåéäß `%s' äå âñÝèçêå: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
diff --git a/po/eo.po b/po/eo.po
index 9ef9625..639c60a 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -2363,6 +2363,13 @@ msgid "key %s: no user ID\n"
msgstr "þlosilo %08lX: mankas uzantidentigilo\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignoris '%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "þlosilo %08lX: mankas subþlosilo por þlosilbindado\n"
@@ -2457,6 +2464,10 @@ msgstr "
msgid "key %s: \"%s\" not changed\n"
msgstr "þlosilo %08lX: ne þanøita\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "þlosilo '%s' ne trovita: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "skribas sekretan þlosilon al '%s'\n"
diff --git a/po/es.po b/po/es.po
index 4457467..e45399a 100644
--- a/po/es.po
+++ b/po/es.po
@@ -2312,6 +2312,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "clave %s: sin identificador de usuario\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "omitido \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clave %s: reparada la subclave PKS corrompida\n"
@@ -2407,6 +2415,11 @@ msgstr "clave %s: \"%s\" %d identificadores de usuario limpiados\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clave %s: \"%s\" sin cambios\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "clave secreta \"%s\" no encontrada: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "no se permite importar claves secretas\n"
diff --git a/po/et.po b/po/et.po
index 9613faf..2cb42a1 100644
--- a/po/et.po
+++ b/po/et.po
@@ -2358,6 +2358,13 @@ msgid "key %s: no user ID\n"
msgstr "võti %08lX: kasutaja ID puudub\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "`%s' jätsin vahele: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "võti %08lX: HKP alamvõtme rike parandatud\n"
@@ -2453,6 +2460,10 @@ msgstr "v
msgid "key %s: \"%s\" not changed\n"
msgstr "võti %08lX: \"%s\" ei muudetud\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "salajast võtit `%s' ei leitud: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "kirjutan salajase võtme faili `%s'\n"
diff --git a/po/fi.po b/po/fi.po
index 19fe78c..39d22a7 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -2379,6 +2379,13 @@ msgid "key %s: no user ID\n"
msgstr "avain %08lX: ei käyttäjätunnusta\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ohitetaan \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "avain %08lX: HKP-aliavainvirhe korjattu\n"
@@ -2474,6 +2481,10 @@ msgstr "avain %08lX: \"%s\" %d uutta käyttäjätunnusta\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "avain %08lX: \"%s\" ei muutoksia\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "salaista avainta \"%s\" ei löydy: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
diff --git a/po/fr.po b/po/fr.po
index dd6c7bd..303d677 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -2333,6 +2333,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "clef %s : pas d'identité\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "« %s » a été ignorée : %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clef %s : corruption de sous-clef PKS réparée\n"
@@ -2428,6 +2436,11 @@ msgstr "clef %s : « %s » %d identités nettoyées\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clef %s : « %s » n'est pas modifiée\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "clef secrète « %s » introuvable : %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "impossible d'importer des clefs secrètes\n"
diff --git a/po/gl.po b/po/gl.po
index 0df3729..d6c493b 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -2373,6 +2373,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: non hai ID de usuario\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "omítese `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: arranxouse a corrupción da sub-chave HKP\n"
@@ -2471,6 +2478,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: \"%s\" sen cambios\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "non se atopou a chave secreta `%s': %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "gravando a chave secreta en `%s'\n"
diff --git a/po/hu.po b/po/hu.po
index 63ae157..af03be2 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -2356,6 +2356,13 @@ msgid "key %s: no user ID\n"
msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "Kihagytam \"%s\"-t: %s.\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "%08lX kulcs: HKP alkulcssérülés kijavítva.\n"
@@ -2450,6 +2457,10 @@ msgstr "%08lX kulcs: \"%s\" %d
msgid "key %s: \"%s\" not changed\n"
msgstr "%08lX kulcs: \"%s\" nem változott.\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "\"%s\" titkos kulcs nem található: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "Írom a titkos kulcsot a %s állományba.\n"
diff --git a/po/id.po b/po/id.po
index 5aadeeb..b499b8c 100644
--- a/po/id.po
+++ b/po/id.po
@@ -2369,6 +2369,13 @@ msgid "key %s: no user ID\n"
msgstr "kunci %08lX: tidak ada ID user\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "melewati `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "kunci %08lX: subkey HKP yang rusak diperbaiki\n"
@@ -2463,6 +2470,10 @@ msgstr "kunci %08lX: \"%s\" %d user ID baru\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "kunci %08lX: \"%s\" tidak berubah\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "menulis kunci rahasia ke `%s'\n"
diff --git a/po/it.po b/po/it.po
index 8014132..a89e1c3 100644
--- a/po/it.po
+++ b/po/it.po
@@ -2370,6 +2370,13 @@ msgid "key %s: no user ID\n"
msgstr "chiave %08lX: nessun user ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "saltata `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chiave %08lX: riparati i danni di HKP alla subchiave\n"
@@ -2464,6 +2471,10 @@ msgstr "chiave %08lX: \"%s\" %d nuovi user ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chiave %08lX: \"%s\" non cambiata\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "chiave segreta `%s' non trovata: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "scrittura della chiave segreta in `%s'\n"
diff --git a/po/ja.po b/po/ja.po
index c479e89..24123fd 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -2234,6 +2234,14 @@ msgstr "以下ã§ã€å„ªå…ˆæŒ‡å®šã‚’æ›´æ–°ã§ãã¾ã™: gpg --edit-key %s updpref
msgid "key %s: no user ID\n"
msgstr "éµ%s: ユーザIDãŒã‚ã‚Šã¾ã›ã‚“\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "\"%s\"をスã‚ップã—ã¾ã—ãŸ: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "éµ%s: PKSã®å‰¯éµå¤‰é€ を修復\n"
@@ -2329,6 +2337,11 @@ msgstr "éµ%s: \"%s\" %d個ã®ãƒ¦ãƒ¼ã‚¶IDã‚’ãã‚Œã„ã«ã—ã¾ã—ãŸ\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "éµ%s:\"%s\"変更ãªã—\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "秘密éµ\"%s\"ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã¯ç¦æ¢ã§ã™\n"
diff --git a/po/nb.po b/po/nb.po
index 8938541..56814fa 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -2302,6 +2302,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "nøkkel %s: ingen brukerid\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "hoppet over «%s»: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "nøkkel %s: PKS-undernøkkel reparert\n"
@@ -2397,6 +2405,11 @@ msgstr "n
msgid "key %s: \"%s\" not changed\n"
msgstr "nøkkel %s: «%s» ikke endret\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemmelig nøkkel «%s» ble ikke funnet: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import av hemmelig nøkkel er ikke tillatt\n"
diff --git a/po/pl.po b/po/pl.po
index c38f573..0cd137d 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -2278,6 +2278,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "klucz %s: brak identyfikatora u¿ytkownika\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "pominiêty ,,%s'': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "klucz %s: podklucz uszkodzony przez serwer zosta³ naprawiony\n"
@@ -2373,6 +2381,11 @@ msgstr "klucz %s: ,,%s'' %d identyfikator
msgid "key %s: \"%s\" not changed\n"
msgstr "klucz %s: ,,%s'' bez zmian\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "klucz prywatny ,,%s'' nie zosta³ odnaleziony: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "wczytywanie kluczy tajnych nie jest dozwolone\n"
diff --git a/po/pt.po b/po/pt.po
index 54651b3..875f9f0 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -2365,6 +2365,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: sem ID de utilizador\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignorado `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: subchave HKP corrompida foi reparada\n"
@@ -2459,6 +2466,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: \"%s\" não modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "a escrever chave privada para `%s'\n"
diff --git a/po/pt_BR.po b/po/pt_BR.po
index f4f1b85..27812d9 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -2390,6 +2390,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: sem ID de usuário\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignorado `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: sem subchave para ligação de chaves\n"
@@ -2484,6 +2491,10 @@ msgstr "chave %08lX: %d novos IDs de usu
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: não modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "usuário `%s' não encontrado: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "escrevendo certificado privado para `%s'\n"
diff --git a/po/ro.po b/po/ro.po
index 8128c50..92353e4 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -2355,6 +2355,14 @@ msgstr "v
msgid "key %s: no user ID\n"
msgstr "cheia %s: nici un ID utilizator\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "sãritã \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "cheia %s: subcheia HPK coruptã a fost reparatã\n"
@@ -2450,6 +2458,11 @@ msgstr "cheia %s: \"%s\" %d noi ID-uri utilizator\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "cheia %s: \"%s\" nu a fost schimbatã\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "cheia secretã \"%s\" nu a fost gãsitã: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "importul de chei secrete nu este permis\n"
diff --git a/po/ru.po b/po/ru.po
index 5e4de97..6ccd36e 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -2283,6 +2283,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "ключ %s: не имеет User ID\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "пропущено \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "ключ %s: PKS повреждение подключа иÑправлено\n"
@@ -2378,6 +2386,11 @@ msgstr "ключ %s: \"%s\" %d очищенных User ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "ключ %s: \"%s\" не изменен\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "Ñекретный ключ \"%s\" не найден: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "импортирование Ñекретного ключа не позволено\n"
diff --git a/po/sk.po b/po/sk.po
index d897bbb..e813126 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -2375,6 +2375,13 @@ msgid "key %s: no user ID\n"
msgstr "kµúè %08lX: chyba identifikátor u¾ívateµa\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "preskoèený `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "kµúè %08lX: HKP po¹kodenie podkµúèa opravené\n"
@@ -2471,6 +2478,10 @@ msgstr "k
msgid "key %s: \"%s\" not changed\n"
msgstr "kµúè %08lX: \"%s\" bez zmeny\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "tajný kµúè `%s' nebol nájdený: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "zapisujem tajný kµúè do `%s'\n"
diff --git a/po/sv.po b/po/sv.po
index 2eef3fc..b896570 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -2335,6 +2335,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "nyckel %s: ingen användaridentitet\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "hoppade över \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
# Undernyckeln är skadad på HKP-servern. Vanligt fel vid många undernycklar.
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
@@ -2433,6 +2441,11 @@ msgstr "nyckel %s: \"%s\" %d användaridentiteter rensade\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "nyckel %s: \"%s\" inte ändrad\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import av hemliga nycklar tillåts inte\n"
diff --git a/po/tr.po b/po/tr.po
index b94fb4c..f6bfb37 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -2282,6 +2282,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "anahtar %s: kullanıcı kimliği yok\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "\"%s\" atlandı: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "anahtar %s: PKS yardımcı anahtar bozulması giderildi\n"
@@ -2377,6 +2385,11 @@ msgstr "anahtar %s: \"%s\" %d kullanıcı kimliği temizlendi\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "anahtar %s: \"%s\" deÄŸiÅŸmedi\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "gizli anahtar \"%s\" yok: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "gizli anahtarı alımına izin verilmez\n"
diff --git a/po/uk.po b/po/uk.po
index 1ac4679..bd50c6d 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -2322,6 +2322,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "ключ %s: немає ідентифікатор кориÑтувача\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "пропущено «%s»: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "ключ %s: відновлено пошкоджений підключ PKS\n"
@@ -2417,6 +2425,11 @@ msgstr "ключ %s: «%s» Ñпорожнено %d ідентифікаторі
msgid "key %s: \"%s\" not changed\n"
msgstr "ключ %s: «%s» не змінено\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "закритий ключ «%s» не знайдено: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¸Ñ… ключів заборонено\n"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 9824489..4615cf4 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -2293,6 +2293,14 @@ msgstr "您å¯ä»¥è¿™æ ·æ›´æ–°æ‚¨çš„首选项:gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "密钥 %sï¼šæ²¡æœ‰ç”¨æˆ·æ ‡è¯†\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "“%sâ€å·²è·³è¿‡ï¼š%s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "密钥 %s:PKS åé’¥ç ´æŸå·²ä¿®å¤\n"
@@ -2388,6 +2396,11 @@ msgstr "密钥 %s:“%sâ€%d ä¸ªç”¨æˆ·æ ‡è¯†è¢«æ¸…é™¤\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "密钥 %s:“%sâ€æœªæ”¹å˜\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "找ä¸åˆ°ç§é’¥â€œ%sâ€ï¼š%s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "ä¸å…许导入ç§é’¥\n"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 611cf45..e1f58b3 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -2213,6 +2213,14 @@ msgstr "ä½ å¯ä»¥åƒé€™æ¨£ä¾†æ›´æ–°å好è¨å®š: gpg --edit-key %s updpref save\
msgid "key %s: no user ID\n"
msgstr "金鑰 %s: 沒有使用者 ID\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "å·²è·³éŽ \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "金鑰 %s: PKS å鑰的訛誤已被修復\n"
@@ -2308,6 +2316,11 @@ msgstr "金鑰 %s: \"%s\" 已清除 %d 個使用者 ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "金鑰 %s: \"%s\" 未改變\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "找ä¸åˆ°ç§é‘° \"%s\": %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "未å…許匯入ç§é‘°\n"
commit 1242a72923db810f7e5fd36269c72b14cb19f60f
Author: Kristian Fiskerstrand <kf at sumptuouscapital.com>
Date: Thu Jun 12 16:12:28 2014 +0200
gpg: Fix a couple of spelling errors
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 71bee61..5669e04 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -163,12 +163,12 @@ check_hijacking (assuan_context_t ctx)
string = get_membuf (&mb, NULL);
if (!string || !*string)
{
- /* Definitley hijacked - show a warning prompt. */
+ /* Definitely hijacked - show a warning prompt. */
static int shown;
const char warn1[] =
"The GNOME keyring manager hijacked the GnuPG agent.";
const char warn2[] =
- "GnuPG will not work proberly - please configure that "
+ "GnuPG will not work properly - please configure that "
"tool to not interfere with the GnuPG system!";
log_info ("WARNING: %s\n", warn1);
log_info ("WARNING: %s\n", warn2);
commit 017c6f8fba9ae141a46084d6961ba60c4230f97a
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 13:54:30 2014 +0200
doc: Update from master.
--
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index bfb1d93..c3dfd82 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -372,13 +372,16 @@ seconds. The default is 1800 seconds.
@opindex max-cache-ttl
Set the maximum time a cache entry is valid to @var{n} seconds. After
this time a cache entry will be expired even if it has been accessed
-recently. The default is 2 hours (7200 seconds).
+recently or has been set using @command{gpg-preset-passphrase}. The
+default is 2 hours (7200 seconds).
@item --max-cache-ttl-ssh @var{n}
@opindex max-cache-ttl-ssh
-Set the maximum time a cache entry used for SSH keys is valid to @var{n}
-seconds. After this time a cache entry will be expired even if it has
-been accessed recently. The default is 2 hours (7200 seconds).
+Set the maximum time a cache entry used for SSH keys is valid to
+ at var{n} seconds. After this time a cache entry will be expired even
+if it has been accessed recently or has been set using
+ at command{gpg-preset-passphrase}. The default is 2 hours (7200
+seconds).
@item --enforce-passphrase-constraints
@opindex enforce-passphrase-constraints
diff --git a/doc/gpg.texi b/doc/gpg.texi
index a263690..9a6782a 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -408,8 +408,8 @@ removed first. In batch mode the key must be specified by fingerprint.
@opindex export
Either export all keys from all keyrings (default keyrings and those
registered via option @option{--keyring}), or if at least one name is given,
-those of the given name. The new keyring is written to STDOUT or to the
-file given with option @option{--output}. Use together with
+those of the given name. The exported keys are written to STDOUT or to the
+file given with option @option{--output}. Use together with
@option{--armor} to mail those keys.
@item --send-keys @code{key IDs}
@@ -424,14 +424,30 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing.
@itemx --export-secret-subkeys
@opindex export-secret-keys
@opindex export-secret-subkeys
-Same as @option{--export}, but exports the secret keys instead. This is
-normally not very useful and a security risk. The second form of the
-command has the special property to render the secret part of the
-primary key useless; this is a GNU extension to OpenPGP and other
-implementations can not be expected to successfully import such a key.
+Same as @option{--export}, but exports the secret keys instead. The
+exported keys are written to STDOUT or to the file given with option
+ at option{--output}. This command is often used along with the option
+ at option{--armor} to allow easy printing of the key for paper backup;
+however the external tool @command{paperkey} does a better job for
+creating backups on paper. Note that exporting a secret key can be a
+security risk if the exported keys are send over an insecure channel.
+
+The second form of the command has the special property to render the
+secret part of the primary key useless; this is a GNU extension to
+OpenPGP and other implementations can not be expected to successfully
+import such a key. Its intended use is to generated a full key with
+an additional signing subkey on a dedicated machine and then using
+this command to export the key without the primary key to the main
+machine.
+
+ at ifset gpgtwoone
+GnuPG may ask you to enter the passphrase for the key. This is
+required because the internal protection method of the secret key is
+different from the one specified by the OpenPGP protocol.
+ at end ifset
@ifclear gpgtwoone
-See the option @option{--simple-sk-checksum} if you want to import such
-an exported key with an older OpenPGP implementation.
+See the option @option{--simple-sk-checksum} if you want to import an
+exported secret key into ancient OpenPGP implementations.
@end ifclear
@item --import
@@ -2127,6 +2143,12 @@ of the output and may be used together with another command.
@item --with-keygrip
@opindex with-keygrip
Include the keygrip in the key listings.
+
+ at item --with-secret
+ at opindex with-secret
+Include info about the presence of a secret key in public key listings
+done with @code{--with-colons}.
+
@end ifset
@end table
@@ -2310,9 +2332,11 @@ available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
--no-force-v4-certs --escape-from-lines --force-v3-sigs
---allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5
---compress-algo ZIP}. It also disables @option{--textmode} when
-encrypting.
+ at ifclear gpgone
+--allow-weak-digest-algos
+ at end ifclear
+--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
+It also disables @option{--textmode} when encrypting.
@item --pgp6
@opindex pgp6
@@ -2768,12 +2792,13 @@ necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
+ at ifclear gpgone
@item --allow-weak-digest-algos
@opindex allow-weak-digest-algos
Signatures made with the broken MD5 algorithm are normally rejected
with an ``invalid digest algorithm'' message. This option allows the
verification of signatures made with such weak algorithms.
-
+ at end ifclear
@item --no-default-keyring
@opindex no-default-keyring
@@ -3036,18 +3061,33 @@ files; They all live in in the current home directory (@pxref{option
@table @file
- @item ~/.gnupg/secring.gpg
- The secret keyring. You should backup this file.
-
- @item ~/.gnupg/secring.gpg.lock
- The lock file for the secret keyring.
-
@item ~/.gnupg/pubring.gpg
The public keyring. You should backup this file.
@item ~/.gnupg/pubring.gpg.lock
The lock file for the public keyring.
+ at ifset gpgtwoone
+ @item ~/.gnupg/pubring.kbx
+ The public keyring using a different format. This file is sharred
+ with @command{gpgsm}. You should backup this file.
+
+ @item ~/.gnupg/pubring.kbx.lock
+ The lock file for @file{pubring.kbx}.
+ at end ifset
+
+ @item ~/.gnupg/secring.gpg
+ at ifclear gpgtwoone
+ The secret keyring. You should backup this file.
+ at end ifclear
+ at ifset gpgtwoone
+ A secret keyring as used by GnuPG versions before 2.1. It is not
+ used by GnuPG 2.1 and later.
+
+ @item ~/.gnupg/.gpg-v21-migrated
+ File indicating that a migration to GnuPG 2.1 has taken place.
+ at end ifset
+
@item ~/.gnupg/trustdb.gpg
The trust database. There is no need to backup this file; it is better
to backup the ownertrust values (@pxref{option --export-ownertrust}).
@@ -3058,6 +3098,9 @@ files; They all live in in the current home directory (@pxref{option
@item ~/.gnupg/random_seed
A file used to preserve the state of the internal random pool.
+ @item ~/.gnupg/secring.gpg.lock
+ The lock file for the secret keyring.
+
@item /usr[/local]/share/gnupg/options.skel
The skeleton options file.
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index 3d2594f..078d2ad 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -259,13 +259,26 @@ certificate are only exported if all @var{pattern} are given as
fingerprints or keygrips.
@item --export-secret-key-p12 @var{key-id}
- at opindex export
+ at opindex export-secret-key-p12
Export the private key and the certificate identified by @var{key-id} in
-a PKCS#12 format. When using along with the @code{--armor} option a few
+a PKCS#12 format. When used with the @code{--armor} option a few
informational lines are prepended to the output. Note, that the PKCS#12
format is not very secure and this command is only provided if there is
no other way to exchange the private key. (@pxref{option --p12-charset})
+ at ifset gpgtwoone
+ at item --export-secret-key-p8 @var{key-id}
+ at itemx --export-secret-key-raw @var{key-id}
+ at opindex export-secret-key-p8
+ at opindex export-secret-key-raw
+Export the private key of the certificate identified by @var{key-id}
+with any encryption stripped. The @code{...-raw} command exports in
+PKCS#1 format; the @code{...-p8} command exports in PKCS#8 format.
+When used with the @code{--armor} option a few informational lines are
+prepended to the output. These commands are useful to prepare a key
+for use on a TLS server.
+ at end ifset
+
@item --import [@var{files}]
@opindex import
Import the certificates from the PEM or binary encoded files as well as
@@ -568,6 +581,13 @@ certificate.
Include the keygrip in standard key listings. Note that the keygrip is
always listed in --with-colons mode.
+ at ifset gpgtwoone
+ at item --with-secret
+ at opindex with-secret
+Include info about the presence of a secret key in public key listings
+done with @code{--with-colons}.
+ at end ifset
+
@end table
@c *******************************************
diff --git a/doc/tools.texi b/doc/tools.texi
index 32ab1e4..030f269 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1060,10 +1060,11 @@ may not be used and the passphrases for the to be used keys are given at
machine startup.
Passphrases set with this utility don't expire unless the
- at option{--forget} option is used to explicitly clear them from the cache
---- or @command{gpg-agent} is either restarted or reloaded (by sending a
-SIGHUP to it). It is necessary to allow this passphrase presetting by
-starting @command{gpg-agent} with the
+ at option{--forget} option is used to explicitly clear them from the
+cache --- or @command{gpg-agent} is either restarted or reloaded (by
+sending a SIGHUP to it). Nite that the maximum cache time as set with
+ at option{--max-cache-ttl} is still honored. It is necessary to allow
+this passphrase presetting by starting @command{gpg-agent} with the
@option{--allow-preset-passphrase}.
@menu
commit 8e39fe810d951c2fef4c22246440a5944a89a18c
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 13:52:02 2014 +0200
gpg: Do not link gpgv against libassuan.
* g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS.
--
This is not required.
GnuPG-bug-id: 1533
diff --git a/g10/Makefile.am b/g10/Makefile.am
index 00036c8..efa427d 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -124,7 +124,7 @@ LDADD = $(needed_libs) ../common/libgpgrl.a \
$(LIBINTL) $(CAPLIBS) $(NETLIBS)
gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
$(LIBICONV) $(resource_objs)
-gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
+gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
$(LIBICONV) $(resource_objs)
t_common_ldadd =
commit fb274a3cf3295dbd509494338bd6a16c8069176a
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 11:14:20 2014 +0200
po: Update de.po
diff --git a/po/de.po b/po/de.po
index 515fd9e..12abe70 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.0.18\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-06-03 09:53+0200\n"
+"PO-Revision-Date: 2014-06-24 11:13+0200\n"
"Last-Translator: Werner Koch <wk at gnupg.org>\n"
"Language-Team: German <de at li.org>\n"
"Language: de\n"
@@ -2321,6 +2321,13 @@ msgid "key %s: no user ID\n"
msgstr "Schlüssel %s: Keine User-ID\n"
#, c-format
+msgid "key %s: %s\n"
+msgstr "Schlüssel %s: %s\n"
+
+msgid "rejected by import filter"
+msgstr "vom Importfilter zurückgewiesen"
+
+#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "Schlüssel %s: PKS Unterschlüsseldefekt repariert\n"
@@ -2415,6 +2422,10 @@ msgstr "Schlüssel %s: \"%s\" %d User-IDs bereinigt\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "Schlüssel %s: \"%s\" nicht geändert\n"
+#, c-format
+msgid "secret key %s: %s\n"
+msgstr "Geheimer Schlüssel %s: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "Importieren geheimer Schlüssel ist nicht erlaubt\n"
commit a37f63d7b86b467df82ac77cfa5a75bfb1c77b7c
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 11:06:32 2014 +0200
common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6
* common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if
defined.
diff --git a/common/ssh-utils.c b/common/ssh-utils.c
index 11ff0fb..30cb451 100644
--- a/common/ssh-utils.c
+++ b/common/ssh-utils.c
@@ -89,7 +89,9 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
elems = "pqgy";
gcry_md_write (md, "\0\0\0\x07ssh-dss", 11);
break;
+#if GCRYPT_VERSION_NUMBER >= 0x010600
case GCRY_PK_ECC:
+#endif
case GCRY_PK_ECDSA:
/* We only support the 3 standard curves for now. It is just a
quick hack. */
commit aacb43a730a6f52c1ac91131afed73ae6ef25416
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 10:56:19 2014 +0200
Remove thread callbacks for libgcrypt >= 1.6.
* agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with
libgcrypt >= 1.6.
(main): Ditto.
* scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto.
(main): Ditto.
--
This is not anymore needed but kept for compatibility with Libgcrypt <
1.6.
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 1f53a37..bf2a26d 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -308,6 +308,7 @@ static int check_for_running_agent (int silent, int mode);
/* Pth wrapper function definitions. */
ASSUAN_SYSTEM_PTH_IMPL;
+#if GCRYPT_VERSION_NUMBER < 0x010600
GCRY_THREAD_OPTION_PTH_IMPL;
#if GCRY_THREAD_OPTION_VERSION < 1
static int fixed_gcry_pth_init (void)
@@ -315,6 +316,7 @@ static int fixed_gcry_pth_init (void)
return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
}
#endif
+#endif /*GCRYPT_VERSION_NUMBER < 0x10600*/
#ifndef PTH_HAVE_PTH_THREAD_ID
static unsigned long pth_thread_id (void)
@@ -625,7 +627,8 @@ main (int argc, char **argv )
init_common_subsystems ();
- /* Libgcrypt requires us to register the threading model first.
+#if GCRYPT_VERSION_NUMBER < 0x010600
+ /* Libgcrypt < 1.6 requires us to register the threading model first.
Note that this will also do the pth_init. */
#if GCRY_THREAD_OPTION_VERSION < 1
gcry_threads_pth.init = fixed_gcry_pth_init;
@@ -636,6 +639,7 @@ main (int argc, char **argv )
log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
gpg_strerror (err));
}
+#endif /*GCRYPT_VERSION_NUMBER < 0x010600*/
/* Check that the libraries are suitable. Do it here because
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
index 5f64521..e133ddc 100644
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -212,6 +212,7 @@ static void handle_connections (int listen_fd);
/* Pth wrapper function definitions. */
ASSUAN_SYSTEM_PTH_IMPL;
+#if GCRYPT_VERSION_NUMBER < 0x010600
GCRY_THREAD_OPTION_PTH_IMPL;
#if GCRY_THREAD_OPTION_VERSION < 1
static int fixed_gcry_pth_init (void)
@@ -219,6 +220,7 @@ static int fixed_gcry_pth_init (void)
return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
}
#endif
+#endif /*GCRYPT_VERSION_NUMBER < 0x010600*/
�
static char *
@@ -380,7 +382,6 @@ main (int argc, char **argv )
{
ARGPARSE_ARGS pargs;
int orig_argc;
- gpg_error_t err;
char **orig_argv;
FILE *configfp = NULL;
char *configname = NULL;
@@ -415,17 +416,23 @@ main (int argc, char **argv )
init_common_subsystems ();
- /* Libgcrypt requires us to register the threading model first.
+#if GCRYPT_VERSION_NUMBER < 0x010600
+ /* Libgcrypt < 1.6 requires us to register the threading model first.
Note that this will also do the pth_init. */
+ {
+ gpg_error_t err;
#if GCRY_THREAD_OPTION_VERSION < 1
gcry_threads_pth.init = fixed_gcry_pth_init;
#endif
+
err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
if (err)
{
log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
gpg_strerror (err));
}
+ }
+#endif /*GCRYPT_VERSION_NUMBER < 0x010600*/
/* Check that the libraries are suitable. Do it here because
the option parsing may need services of the library */
commit 2daa112a7404bcbedcda9b84c5ebbe33fd7fabd8
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 10:36:15 2014 +0200
Improve configure option --with-libgpg-error-prefix
--
GnuPG-bug-id: 1561
Note that this is not a complete solution. The libgpg-error include
directory has now a higher preference but ld may not pick up the right
library if another one is installed. The problem is that the -L
option and the -l options are not emitted separately by
gpg-error-config.
diff --git a/agent/Makefile.am b/agent/Makefile.am
index 5c2da2c..55c374c 100644
--- a/agent/Makefile.am
+++ b/agent/Makefile.am
@@ -31,7 +31,7 @@ if HAVE_W32_SYSTEM
resource_objs += gpg-agent-w32info.o
endif
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
gpg_agent_SOURCES = \
gpg-agent.c agent.h \
diff --git a/common/Makefile.am b/common/Makefile.am
index 880b01b..337e246 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -32,7 +32,7 @@ MAINTAINERCLEANFILES = audit-events.h status-codes.h
AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
include $(top_srcdir)/am/cmacros.am
diff --git a/g10/Makefile.am b/g10/Makefile.am
index c3e35f6..00036c8 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -25,7 +25,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \
include $(top_srcdir)/am/cmacros.am
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS)
needed_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a
diff --git a/jnlib/Makefile.am b/jnlib/Makefile.am
index b3e7d7d..2ba2fbf 100644
--- a/jnlib/Makefile.am
+++ b/jnlib/Makefile.am
@@ -27,7 +27,7 @@ TESTS = $(module_tests)
AM_CPPFLAGS = -I$(top_srcdir)/intl
# We need libgcrypt because libjnlib-config includes gcrypt.h
-AM_CFLAGS = -DJNLIB_IN_JNLIB $(LIBGCRYPT_CFLAGS)
+AM_CFLAGS = -DJNLIB_IN_JNLIB $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
noinst_LIBRARIES = libjnlib.a
diff --git a/scd/Makefile.am b/scd/Makefile.am
index 63a11dc..e883180 100644
--- a/scd/Makefile.am
+++ b/scd/Makefile.am
@@ -33,8 +33,8 @@ if HAVE_W32_SYSTEM
resource_objs += scdaemon-w32info.o
endif
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \
- $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) \
+ $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c
diff --git a/sm/Makefile.am b/sm/Makefile.am
index 01cf028..8e1dc97 100644
--- a/sm/Makefile.am
+++ b/sm/Makefile.am
@@ -22,7 +22,8 @@ bin_PROGRAMS = gpgsm
EXTRA_DIST = ChangeLog-2011 gpgsm-w32info.rc
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) \
+ $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl
include $(top_srcdir)/am/cmacros.am
diff --git a/tools/Makefile.am b/tools/Makefile.am
index cc782a3..e5c16a2 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -30,7 +30,7 @@ if HAVE_W32_SYSTEM
resource_objs += gpg-connect-agent-w32info.o
endif
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS)
sbin_SCRIPTS = addgnupghome applygnupgdefaults
@@ -97,16 +97,16 @@ gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \
$(resource_objs)
gpgkey2ssh_SOURCES = gpgkey2ssh.c
-gpgkey2ssh_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+gpgkey2ssh_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
# common sucks in jnlib, via use of BUG() in an inline function, which
# some compilers do not eliminate.
gpgkey2ssh_LDADD = $(common_libs) \
- $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
+ $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) $(LIBINTL) $(LIBICONV)
if !DISABLE_REGEX
gpg_check_pattern_SOURCES = gpg-check-pattern.c
-gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+gpg_check_pattern_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
gpg_check_pattern_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
$(LIBINTL) $(LIBICONV) $(W32SOCKLIBS)
endif
commit 76b0b076d0dfc1c0b011b9fd458a5158c189ebb4
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 10 14:54:55 2014 +0200
gpg: Use more specific reason codes for INV_RECP.
* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
INV_RECP.
--
GnuPG-bug-id: 1650
Note that this patch is a bit more limited than the one in 2.1.
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 85a8eeb..1d0b2d2 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -831,7 +831,11 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
{
free_public_key ( pk ); pk = NULL;
log_error (_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
- write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ write_status_text_and_buffer (STATUS_INV_RECP,
+ (rc == GPG_ERR_NO_PUBKEY
+ || rc == GPG_ERR_NO_SECKEY)? "1 ":
+ (rc == GPG_ERR_INV_USER_ID)? "14 ":
+ "0 ",
rov->d, strlen (rov->d), -1);
goto fail;
}
@@ -874,7 +878,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
available. */
free_public_key( pk ); pk = NULL;
log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
- write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ write_status_text_and_buffer (STATUS_INV_RECP, "3 ",
rov->d, strlen (rov->d), -1);
goto fail;
}
@@ -1086,7 +1090,11 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
/* Key not found or other error. */
free_public_key( pk ); pk = NULL;
log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
- write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ write_status_text_and_buffer (STATUS_INV_RECP,
+ (rc == G10ERR_NO_PUBKEY
+ || rc == G10ERR_NO_SECKEY)? "1 ":
+ (rc == G10ERR_INV_USER_ID)? "14 ":
+ "0 ",
remusr->d, strlen (remusr->d),
-1);
goto fail;
@@ -1103,7 +1111,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
free_public_key(pk); pk = NULL;
log_info(_("%s: skipped: public key is disabled\n"),
remusr->d);
- write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ write_status_text_and_buffer (STATUS_INV_RECP, "13 ",
remusr->d,
strlen (remusr->d),
-1);
@@ -1152,7 +1160,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
{
/* Key found but not usable for us (e.g. sign-only key). */
free_public_key( pk ); pk = NULL;
- write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ write_status_text_and_buffer (STATUS_INV_RECP, "3 ",
remusr->d,
strlen (remusr->d),
-1);
commit 9607bc0b9fce1f7853eee6591b44e35deed4a66c
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 09:53:46 2014 +0200
gpg: Make show-uid-validity the default.
diff --git a/g10/gpg.c b/g10/gpg.c
index 87ffe54..1a8e6e7 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2004,6 +2004,8 @@ main (int argc, char **argv)
opt.passphrase_repeat=1;
opt.emit_version = 1; /* Limit to the major number. */
+ opt.list_options |= LIST_SHOW_UID_VALIDITY;
+ opt.verify_options |= LIST_SHOW_UID_VALIDITY;
/* Check whether we have a config file on the command line. */
orig_argc = argc;
commit 5e933008beffbeae7255ece02383606481f9c169
Author: Stefan Tomanek <tomanek at internet-sicherheit.de>
Date: Thu Jan 30 00:57:43 2014 +0100
gpg: Screen keyserver responses.
* g10/main.h (import_filter_t): New.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()
--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.
Signed-off-by: Stefan Tomanek <tomanek at internet-sicherheit.de>
Re-indention and minor changes by wk.
Resolved conflicts:
g10/import.c
g10/keyserver.c
g10/main.h
diff --git a/g10/import.c b/g10/import.c
index 540b24b..fbe6b37 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -59,14 +59,17 @@ struct stats_s {
static int import( IOBUF inp, const char* fname,struct stats_s *stats,
- unsigned char **fpr,size_t *fpr_len,unsigned int options );
+ unsigned char **fpr,size_t *fpr_len,unsigned int options,
+ import_filter_t filter, void *filter_arg );
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
static void revocation_present(KBNODE keyblock);
static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,
- unsigned int options,int from_sk);
+ unsigned int options,int from_sk,
+ import_filter_t filter, void *filter_arg);
static int import_secret_one( const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options);
+ struct stats_s *stats, unsigned int options,
+ import_filter_t filter, void *filter_arg);
static int import_revoke_cert( const char *fname, KBNODE node,
struct stats_s *stats);
static int chk_self_sigs( const char *fname, KBNODE keyblock,
@@ -163,7 +166,8 @@ import_release_stats_handle (void *p)
static int
import_keys_internal( IOBUF inp, char **fnames, int nnames,
void *stats_handle, unsigned char **fpr, size_t *fpr_len,
- unsigned int options )
+ unsigned int options,
+ import_filter_t filter, void *filter_arg)
{
int i, rc = 0;
struct stats_s *stats = stats_handle;
@@ -172,7 +176,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
stats = import_new_stats_handle ();
if (inp) {
- rc = import( inp, "[stream]", stats, fpr, fpr_len, options);
+ rc = import (inp, "[stream]", stats, fpr, fpr_len, options,
+ filter, filter_arg);
}
else {
int once = (!fnames && !nnames);
@@ -192,7 +197,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
else
{
- rc = import( inp2, fname, stats, fpr, fpr_len, options );
+ rc = import (inp2, fname, stats, fpr, fpr_len, options,
+ NULL, NULL);
iobuf_close(inp2);
/* Must invalidate that ugly cache to actually close it. */
iobuf_ioctl (NULL, 2, 0, (char*)fname);
@@ -223,24 +229,27 @@ void
import_keys( char **fnames, int nnames,
void *stats_handle, unsigned int options )
{
- import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options);
+ import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL,
+ options, NULL, NULL);
}
int
import_keys_stream( IOBUF inp, void *stats_handle,
- unsigned char **fpr, size_t *fpr_len,unsigned int options )
+ unsigned char **fpr, size_t *fpr_len,unsigned int options,
+ import_filter_t filter, void *filter_arg)
{
- return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options);
+ return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len,
+ options, filter, filter_arg);
}
+
static int
-import( IOBUF inp, const char* fname,struct stats_s *stats,
- unsigned char **fpr,size_t *fpr_len,unsigned int options )
+import (IOBUF inp, const char* fname,struct stats_s *stats,
+ unsigned char **fpr, size_t *fpr_len, unsigned int options,
+ import_filter_t filter, void *filter_arg)
{
PACKET *pending_pkt = NULL;
- KBNODE keyblock = NULL; /* Need to initialize because gcc can't
- grasp the return semantics of
- read_block. */
+ KBNODE keyblock = NULL;
int rc = 0;
getkey_disable_caches();
@@ -256,9 +265,11 @@ import( IOBUF inp, const char* fname,struct stats_s *stats,
while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
- rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0);
- else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
- rc = import_secret_one( fname, keyblock, stats, options );
+ rc = import_one (fname, keyblock, stats, fpr, fpr_len, options, 0,
+ filter, filter_arg);
+ else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
+ rc = import_secret_one (fname, keyblock, stats, options,
+ filter, filter_arg);
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
rc = import_revoke_cert( fname, keyblock, stats );
@@ -634,7 +645,7 @@ check_prefs(KBNODE keyblock)
KBNODE node;
PKT_public_key *pk;
int problem=0;
-
+
merge_keys_and_selfsig(keyblock);
pk=keyblock->pkt->pkt.public_key;
@@ -659,9 +670,9 @@ check_prefs(KBNODE keyblock)
{
if (openpgp_cipher_test_algo (prefs->value))
{
- const char *algo =
+ const char *algo =
(openpgp_cipher_test_algo (prefs->value)
- ? num
+ ? num
: openpgp_cipher_algo_name (prefs->value));
if(!problem)
check_prefs_warning(pk);
@@ -676,7 +687,7 @@ check_prefs(KBNODE keyblock)
{
const char *algo =
(gcry_md_test_algo (prefs->value)
- ? num
+ ? num
: gcry_md_algo_name (prefs->value));
if(!problem)
check_prefs_warning(pk);
@@ -745,7 +756,7 @@ check_prefs(KBNODE keyblock)
static int
import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,unsigned int options,
- int from_sk )
+ int from_sk, import_filter_t filter, void *filter_arg)
{
PKT_public_key *pk;
PKT_public_key *pk_orig;
@@ -787,7 +798,14 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
return 0;
}
-
+
+ if (filter && filter (pk, NULL, filter_arg))
+ {
+ log_error (_("key %s: %s\n"), keystr_from_pk(pk),
+ _("rejected by import filter"));
+ return 0;
+ }
+
if (opt.interactive) {
if(is_status_enabled())
print_import_check (pk, uidnode->pkt->pkt.user_id);
@@ -924,7 +942,7 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
size_t an;
fingerprint_from_pk (pk_orig, afp, &an);
- while (an < MAX_FINGERPRINT_LEN)
+ while (an < MAX_FINGERPRINT_LEN)
afp[an++] = 0;
rc = keydb_search_fpr (hd, afp);
}
@@ -948,7 +966,7 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
if (n_sigs_cleaned)
commit_kbnode (&keyblock_orig);
-
+
/* and try to merge the block */
clear_kbnode_flags( keyblock_orig );
clear_kbnode_flags( keyblock );
@@ -1018,14 +1036,14 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
stats->n_sigs_cleaned +=n_sigs_cleaned;
stats->n_uids_cleaned +=n_uids_cleaned;
- if (is_status_enabled ())
+ if (is_status_enabled ())
print_import_ok (pk, NULL,
((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0)));
}
else
{
same_key = 1;
- if (is_status_enabled ())
+ if (is_status_enabled ())
print_import_ok (pk, NULL, 0);
if( !opt.quiet )
@@ -1165,15 +1183,16 @@ sec_to_pub_keyblock(KBNODE sec_keyblock)
* with the trust calculation.
*/
static int
-import_secret_one( const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options)
+import_secret_one (const char *fname, KBNODE keyblock,
+ struct stats_s *stats, unsigned int options,
+ import_filter_t filter, void *filter_arg)
{
PKT_secret_key *sk;
KBNODE node, uidnode;
u32 keyid[2];
int rc = 0;
- /* get the key and print some info about it */
+ /* Get the key and print some info about it. */
node = find_kbnode( keyblock, PKT_SECRET_KEY );
if( !node )
BUG();
@@ -1182,6 +1201,12 @@ import_secret_one( const char *fname, KBNODE keyblock,
keyid_from_sk( sk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
+ if (filter && filter (NULL, sk, filter_arg)) {
+ log_error (_("secret key %s: %s\n"), keystr_from_sk(sk),
+ _("rejected by import filter"));
+ return 0;
+ }
+
if( opt.verbose )
{
log_info( "sec %4u%c/%s %s ",
@@ -1223,8 +1248,8 @@ import_secret_one( const char *fname, KBNODE keyblock,
log_error (_("importing secret keys not allowed\n"));
return 0;
}
-#endif
-
+#endif
+
clear_kbnode_flags( keyblock );
/* do we have this key already in one of our secrings ? */
@@ -1250,7 +1275,7 @@ import_secret_one( const char *fname, KBNODE keyblock,
if( !opt.quiet )
log_info( _("key %s: secret key imported\n"), keystr_from_sk(sk));
stats->secret_imported++;
- if (is_status_enabled ())
+ if (is_status_enabled ())
print_import_ok (NULL, sk, 1|16);
if(options&IMPORT_SK2PK)
@@ -1260,8 +1285,9 @@ import_secret_one( const char *fname, KBNODE keyblock,
KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock);
if(pub_keyblock)
{
- import_one(fname,pub_keyblock,stats,
- NULL,NULL,opt.import_options,1);
+ import_one (fname, pub_keyblock, stats,
+ NULL, NULL, opt.import_options, 1,
+ NULL, NULL);
release_kbnode(pub_keyblock);
}
}
@@ -1281,7 +1307,7 @@ import_secret_one( const char *fname, KBNODE keyblock,
log_error( _("key %s: already in secret keyring\n"),
keystr_from_sk(sk));
stats->secret_dups++;
- if (is_status_enabled ())
+ if (is_status_enabled ())
print_import_ok (NULL, sk, 16);
/* TODO: if we ever do merge secret keys, make sure to handle
@@ -1337,9 +1363,9 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
{
byte afp[MAX_FINGERPRINT_LEN];
size_t an;
-
+
fingerprint_from_pk (pk, afp, &an);
- while (an < MAX_FINGERPRINT_LEN)
+ while (an < MAX_FINGERPRINT_LEN)
afp[an++] = 0;
rc = keydb_search_fpr (hd, afp);
}
@@ -1435,11 +1461,11 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
int rc;
u32 bsdate=0,rsdate=0;
KBNODE bsnode = NULL, rsnode = NULL;
-
+
(void)fname;
(void)pk;
- for (n=keyblock; (n = find_next_kbnode (n, 0)); )
+ for (n=keyblock; (n = find_next_kbnode (n, 0)); )
{
if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
@@ -1453,7 +1479,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
if ( n->pkt->pkttype != PKT_SIGNATURE )
continue;
-
+
sig = n->pkt->pkt.signature;
if ( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
{
@@ -1465,7 +1491,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
import a fully-cached key which speeds things up. */
if (!opt.no_sig_cache)
check_key_signature (keyblock, n, NULL);
-
+
if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
{
KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
@@ -1475,16 +1501,16 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
keystr(keyid));
return -1; /* The complete keyblock is invalid. */
}
-
+
/* If it hasn't been marked valid yet, keep trying. */
- if (!(unode->flag&1))
+ if (!(unode->flag&1))
{
rc = check_key_signature (keyblock, n, NULL);
if ( rc )
{
if ( opt.verbose )
{
- char *p = utf8_to_native
+ char *p = utf8_to_native
(unode->pkt->pkt.user_id->name,
strlen (unode->pkt->pkt.user_id->name),0);
log_info (gpg_err_code(rc) == G10ERR_PUBKEY_ALGO ?
@@ -1513,7 +1539,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
n->flag |= 4;
}
}
- else if ( IS_SUBKEY_SIG (sig) )
+ else if ( IS_SUBKEY_SIG (sig) )
{
/* Note that this works based solely on the timestamps like
the rest of gpg. If the standard gets revocation
@@ -1542,19 +1568,19 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
else
{
/* It's valid, so is it newer? */
- if (sig->timestamp >= bsdate)
+ if (sig->timestamp >= bsdate)
{
knode->flag |= 1; /* The subkey is valid. */
if (bsnode)
{
/* Delete the last binding sig since this
one is newer */
- bsnode->flag |= 4;
+ bsnode->flag |= 4;
if (opt.verbose)
log_info (_("key %s: removed multiple subkey"
" binding\n"),keystr(keyid));
}
-
+
bsnode = n;
bsdate = sig->timestamp;
}
@@ -1599,12 +1625,12 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
{
/* Delete the last revocation sig since
this one is newer. */
- rsnode->flag |= 4;
+ rsnode->flag |= 4;
if (opt.verbose)
log_info (_("key %s: removed multiple subkey"
" revocation\n"),keystr(keyid));
}
-
+
rsnode = n;
rsdate = sig->timestamp;
}
@@ -2345,35 +2371,35 @@ pub_to_sec_keyblock (KBNODE pub_keyblock)
PACKET *pkt = xmalloc_clear (sizeof *pkt);
PKT_secret_key *sk = xmalloc_clear (sizeof *sk);
int i, n;
-
+
if (pubnode->pkt->pkttype == PKT_PUBLIC_KEY)
pkt->pkttype = PKT_SECRET_KEY;
else
pkt->pkttype = PKT_SECRET_SUBKEY;
-
+
pkt->pkt.secret_key = sk;
copy_public_parts_to_secret_key ( pk, sk );
sk->version = pk->version;
sk->timestamp = pk->timestamp;
-
+
n = pubkey_get_npkey (pk->pubkey_algo);
if (!n)
n = 1; /* Unknown number of parameters, however the data
is stored in the first mpi. */
for (i=0; i < n; i++ )
sk->skey[i] = mpi_copy (pk->pkey[i]);
-
+
sk->is_protected = 1;
sk->protect.s2k.mode = 1001;
-
+
secnode = new_kbnode (pkt);
}
else
{
secnode = clone_kbnode (pubnode);
}
-
+
if(!sec_keyblock)
sec_keyblock = secnode;
else
@@ -2387,12 +2413,12 @@ pub_to_sec_keyblock (KBNODE pub_keyblock)
/* Walk over the secret keyring SEC_KEYBLOCK and update any simple
stub keys with the serial number SNNUM of the card if one of the
fingerprints FPR1, FPR2 or FPR3 match. Print a note if the key is
- a duplicate (may happen in case of backed uped keys).
-
+ a duplicate (may happen in case of backed uped keys).
+
Returns: True if anything changed.
*/
static int
-update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
+update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
const unsigned char *fpr1,
const unsigned char *fpr2,
const unsigned char *fpr3,
@@ -2412,7 +2438,7 @@ update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
&& node->pkt->pkttype != PKT_SECRET_SUBKEY)
continue;
sk = node->pkt->pkt.secret_key;
-
+
fingerprint_from_sk (sk, array, &n);
if (n != 20)
continue; /* Can't be a card key. */
@@ -2462,7 +2488,7 @@ update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
exists, add appropriate subkey stubs and update the secring.
Return 0 if the key could be created. */
int
-auto_create_card_key_stub ( const char *serialnostr,
+auto_create_card_key_stub ( const char *serialnostr,
const unsigned char *fpr1,
const unsigned char *fpr2,
const unsigned char *fpr3)
@@ -2473,7 +2499,7 @@ auto_create_card_key_stub ( const char *serialnostr,
int rc;
/* We only want to do this for an OpenPGP card. */
- if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
+ if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
|| strlen (serialnostr) != 32 )
return G10ERR_GENERAL;
@@ -2484,7 +2510,7 @@ auto_create_card_key_stub ( const char *serialnostr,
;
else
return G10ERR_GENERAL;
-
+
hd = keydb_new (1);
/* Now check whether there is a secret keyring. */
@@ -2510,7 +2536,7 @@ auto_create_card_key_stub ( const char *serialnostr,
else
{
merge_keys_and_selfsig (sec_keyblock);
-
+
/* FIXME: We need to add new subkeys first. */
if (update_sec_keyblock_with_cardinfo (sec_keyblock,
fpr1, fpr2, fpr3,
@@ -2544,7 +2570,7 @@ auto_create_card_key_stub ( const char *serialnostr,
keydb_get_resource_name (hd), g10_errstr(rc) );
}
}
-
+
release_kbnode (sec_keyblock);
release_kbnode (pub_keyblock);
keydb_release (hd);
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 7164f67..83a4b95 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -981,10 +981,55 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
#define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
#define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
+
+/* Check whether a key matches the search description. The filter
+ returns 0 if the key shall be imported. Note that this kind of
+ filter is not related to the iobuf filters. */
static int
-keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
- int count,int *prog,unsigned char **fpr,size_t *fpr_len,
- struct keyserver_spec *keyserver)
+keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
+{
+ KEYDB_SEARCH_DESC *desc = arg;
+ u32 keyid[2];
+ byte fpr[MAX_FINGERPRINT_LEN];
+ size_t fpr_len = 0;
+
+ /* Secret keys are not expected from a keyserver. Do not import. */
+ if (sk)
+ return G10ERR_GENERAL;
+
+ fingerprint_from_pk (pk, fpr, &fpr_len);
+ keyid_from_pk (pk, keyid);
+
+ /* Compare requested and returned fingerprints if available. */
+ if (desc->mode == KEYDB_SEARCH_MODE_FPR20)
+ {
+ if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20))
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_FPR16)
+ {
+ if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16))
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1])
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ {
+ if (keyid[1] != desc->u.kid[1])
+ return G10ERR_GENERAL;
+ }
+
+ return 0;
+}
+
+
+static int
+keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc,
+ int count, int *prog, unsigned char **fpr, size_t *fpr_len,
+ struct keyserver_spec *keyserver)
{
int ret=0,i,gotversion=0,outofband=0;
strlist_t temp;
@@ -1504,8 +1549,9 @@ keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
but we better protect against rogue keyservers. */
import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len,
- (opt.keyserver_options.import_options
- | IMPORT_NO_SECKEY));
+ (opt.keyserver_options.import_options
+ | IMPORT_NO_SECKEY),
+ keyserver_retrieval_filter, desc);
import_print_stats(stats_handle);
import_release_stats_handle(stats_handle);
@@ -1536,12 +1582,14 @@ keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
return ret;
}
+
static int
-keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
- int count,unsigned char **fpr,size_t *fpr_len,
- struct keyserver_spec *keyserver)
+keyserver_work (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc,
+ int count, unsigned char **fpr, size_t *fpr_len,
+ struct keyserver_spec *keyserver)
{
- int rc=0,ret=0;
+ int rc = 0;
+ int ret = 0;
if(!keyserver)
{
@@ -1606,6 +1654,7 @@ keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
#endif /* ! DISABLE_KEYSERVER_HELPERS*/
}
+
int
keyserver_export(strlist_t users)
{
@@ -1638,6 +1687,7 @@ keyserver_export(strlist_t users)
return rc;
}
+
int
keyserver_import(strlist_t users)
{
@@ -1712,11 +1762,14 @@ keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
}
-/* code mostly stolen from do_export_stream */
+
+/* Code mostly stolen from do_export_stream */
static int
keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
{
- int rc=0,ndesc,num=100;
+ int rc = 0;
+ int num = 100;
+ int ndesc;
KBNODE keyblock=NULL,node;
KEYDB_HANDLE kdbhd;
KEYDB_SEARCH_DESC *desc;
@@ -2045,7 +2098,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
rc=import_keys_stream (key, NULL, fpr, fpr_len,
(opt.keyserver_options.import_options
- | IMPORT_NO_SECKEY));
+ | IMPORT_NO_SECKEY), NULL, NULL);
opt.no_armor=armor_status;
diff --git a/g10/main.h b/g10/main.h
index 8d29071..6a0de00 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -260,11 +260,16 @@ gcry_mpi_t encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
gcry_md_hd_t md, int hash_algo );
/*-- import.c --*/
+
+typedef int (*import_filter_t)(PKT_public_key *pk, PKT_secret_key *sk,
+ void *arg);
+
int parse_import_options(char *str,unsigned int *options,int noisy);
void import_keys( char **fnames, int nnames,
void *stats_hd, unsigned int options );
-int import_keys_stream( iobuf_t inp,void *stats_hd,unsigned char **fpr,
- size_t *fpr_len,unsigned int options );
+int import_keys_stream (iobuf_t inp, void *stats_hd, unsigned char **fpr,
+ size_t *fpr_len, unsigned int options,
+ import_filter_t filter, void *filter_arg);
void *import_new_stats_handle (void);
void import_release_stats_handle (void *p);
void import_print_stats (void *hd);
commit e790671cb3a35f3042558224e915b6f74ebc2251
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 24 09:13:38 2014 +0200
gpg: Allow key-to-card upload for cert-only keys
* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
--
Suggested-by: Dominik Heidler <dominik at heidler.eu>
diff --git a/g10/card-util.c b/g10/card-util.c
index 801de57..57f873f 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -86,7 +86,7 @@ change_pin (int unblock_v2, int allow_admin)
gpg_strerror (rc));
return;
}
-
+
log_info (_("OpenPGP card no. %s detected\n"),
info.serialno? info.serialno : "[none]");
@@ -180,7 +180,7 @@ change_pin (int unblock_v2, int allow_admin)
rc = agent_scd_change_pin (102, info.serialno);
write_sc_op_status (rc);
if (rc)
- tty_printf ("Error setting the Reset Code: %s\n",
+ tty_printf ("Error setting the Reset Code: %s\n",
gpg_strerror (rc));
else
tty_printf ("Reset Code set.\n");
@@ -382,7 +382,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
else
tty_fprintf (fp, "Application ID ...: %s\n",
info.serialno? info.serialno : "[none]");
- if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
+ if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
|| strlen (info.serialno) != 32 )
{
if (info.apptype && !strcmp (info.apptype, "NKS"))
@@ -424,7 +424,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
;
else if (strlen (serialno)+1 > serialnobuflen)
log_error ("serial number longer than expected\n");
- else
+ else
strcpy (serialno, info.serialno);
if (opt.with_colons)
@@ -437,7 +437,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
fprintf (fp, "vendor:%04x:%s:\n", uval, get_manufacturer (uval));
fprintf (fp, "serial:%.8s:\n", info.serialno+20);
-
+
print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
fputs ("lang:", fp);
@@ -494,18 +494,18 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
(unsigned long)info.fpr1time, (unsigned long)info.fpr2time,
(unsigned long)info.fpr3time);
}
- else
+ else
{
tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
info.serialno[12] == '0'?"":info.serialno+12,
info.serialno[13],
info.serialno[14] == '0'?"":info.serialno+14,
info.serialno[15]);
- tty_fprintf (fp, "Manufacturer .....: %s\n",
+ tty_fprintf (fp, "Manufacturer .....: %s\n",
get_manufacturer (xtoi_2(info.serialno+16)*256
+ xtoi_2 (info.serialno+18)));
tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20);
-
+
print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
print_name (fp, "Language prefs ...: ", info.disp_lang);
tty_fprintf (fp, "Sex ..............: %s\n",
@@ -568,13 +568,13 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
if (info.fpr3valid && info.fpr3time)
tty_fprintf (fp, " created ....: %s\n",
isotimestamp (info.fpr3time));
- tty_fprintf (fp, "General key info..: ");
+ tty_fprintf (fp, "General key info..: ");
- thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
+ thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
info.fpr3valid? info.fpr3 : NULL);
/* If the fingerprint is all 0xff, the key has no asssociated
OpenPGP certificate. */
- if ( thefpr && !fpr_is_ff (thefpr)
+ if ( thefpr && !fpr_is_ff (thefpr)
&& !get_pubkey_byfprint (pk, thefpr, 20))
{
KBNODE keyblock = NULL;
@@ -587,7 +587,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
{
release_kbnode (keyblock);
keyblock = NULL;
-
+
if (!auto_create_card_key_stub (info.serialno,
info.fpr1valid? info.fpr1:NULL,
info.fpr2valid? info.fpr2:NULL,
@@ -603,7 +603,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
else
tty_fprintf (fp, "[none]\n");
}
-
+
free_public_key (pk);
agent_release_card_info (&info);
}
@@ -632,7 +632,7 @@ get_one_name (const char *prompt1, const char *prompt2)
else if (strchr (name, '<'))
tty_printf (_("Error: The \"<\" character may not be used.\n"));
else if (strstr (name, " "))
- tty_printf (_("Error: Double spaces are not allowed.\n"));
+ tty_printf (_("Error: Double spaces are not allowed.\n"));
else
return name;
xfree (name);
@@ -670,7 +670,7 @@ change_name (void)
if (strlen (isoname) > 39 )
{
tty_printf (_("Error: Combined name too long "
- "(limit is %d characters).\n"), 39);
+ "(limit is %d characters).\n"), 39);
xfree (isoname);
return -1;
}
@@ -699,7 +699,7 @@ change_url (void)
if (strlen (url) > 254 )
{
tty_printf (_("Error: URL too long "
- "(limit is %d characters).\n"), 254);
+ "(limit is %d characters).\n"), 254);
xfree (url);
return -1;
}
@@ -770,7 +770,7 @@ get_data_from_file (const char *fname, size_t maxlen, char **r_buffer)
FILE *fp;
char *data;
int n;
-
+
*r_buffer = NULL;
fp = fopen (fname, "rb");
@@ -787,7 +787,7 @@ get_data_from_file (const char *fname, size_t maxlen, char **r_buffer)
tty_printf (_("can't open `%s': %s\n"), fname, strerror (errno));
return -1;
}
-
+
data = xtrymalloc (maxlen? maxlen:1);
if (!data)
{
@@ -818,7 +818,7 @@ static int
put_data_to_file (const char *fname, const void *buffer, size_t length)
{
FILE *fp;
-
+
fp = fopen (fname, "wb");
#if GNUPG_MAJOR_VERSION == 1
if (fp && is_secured_file (fileno (fp)))
@@ -833,7 +833,7 @@ put_data_to_file (const char *fname, const void *buffer, size_t length)
tty_printf (_("can't create `%s': %s\n"), fname, strerror (errno));
return -1;
}
-
+
if (length && fwrite (buffer, length, 1, fp) != 1)
{
tty_printf (_("error writing `%s': %s\n"), fname, strerror (errno));
@@ -874,7 +874,7 @@ change_login (const char *args)
if (n > 254 )
{
tty_printf (_("Error: Login data too long "
- "(limit is %d characters).\n"), 254);
+ "(limit is %d characters).\n"), 254);
xfree (data);
return -1;
}
@@ -893,7 +893,7 @@ change_private_do (const char *args, int nr)
char do_name[] = "PRIVATE-DO-X";
char *data;
int n;
- int rc;
+ int rc;
assert (nr >= 1 && nr <= 4);
do_name[11] = '0' + nr;
@@ -920,7 +920,7 @@ change_private_do (const char *args, int nr)
if (n > 254 )
{
tty_printf (_("Error: Private DO too long "
- "(limit is %d characters).\n"), 254);
+ "(limit is %d characters).\n"), 254);
xfree (data);
return -1;
}
@@ -1053,13 +1053,13 @@ change_sex (void)
str = "1";
else if ((*data == 'F' || *data == 'f') && !data[1])
str = "2";
- else
+ else
{
tty_printf (_("Error: invalid response.\n"));
xfree (data);
return -1;
}
-
+
rc = agent_scd_setattr ("DISP-SEX", str, 1, NULL );
if (rc)
log_error ("error setting sex: %s\n", gpg_strerror (rc));
@@ -1147,7 +1147,7 @@ get_info_for_key_operation (struct agent_card_info_s *info)
memset (info, 0, sizeof *info);
rc = agent_scd_getattr ("SERIALNO", info);
- if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
+ if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
|| strlen (info->serialno) != 32 )
{
log_error (_("key operation not possible: %s\n"),
@@ -1172,7 +1172,7 @@ get_info_for_key_operation (struct agent_card_info_s *info)
/* Helper for the key generation/edit functions. */
static int
check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
-{
+{
int rc = 0;
agent_clear_pin_cache (info->serialno);
@@ -1206,7 +1206,7 @@ check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
}
/* Helper for the key generation/edit functions. */
-static void
+static void
restore_forced_chv1 (int *forced_chv1)
{
int rc;
@@ -1290,7 +1290,7 @@ ask_card_keysize (int keyno, unsigned int nbits)
for (;;)
{
- prompt = xasprintf
+ prompt = xasprintf
(keyno == 0?
_("What keysize do you want for the Signature key? (%u) "):
keyno == 1?
@@ -1302,16 +1302,16 @@ ask_card_keysize (int keyno, unsigned int nbits)
req_nbits = *answer? atoi (answer): nbits;
xfree (prompt);
xfree (answer);
-
+
if (req_nbits != nbits && (req_nbits % 32) )
{
req_nbits = ((req_nbits + 31) / 32) * 32;
tty_printf (_("rounded up to %u bits\n"), req_nbits);
}
-
+
if (req_nbits == nbits)
return 0; /* Use default. */
-
+
if (req_nbits < min_nbits || req_nbits > max_nbits)
{
tty_printf (_("%s keysizes must be in the range %u-%u\n"),
@@ -1331,19 +1331,19 @@ ask_card_keysize (int keyno, unsigned int nbits)
/* Change the size of key KEYNO (0..2) to NBITS and show an error
message if that fails. */
static gpg_error_t
-do_change_keysize (int keyno, unsigned int nbits)
+do_change_keysize (int keyno, unsigned int nbits)
{
gpg_error_t err;
char args[100];
-
+
snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits);
err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
if (err)
- log_error (_("error changing size of key %d to %u bits: %s\n"),
+ log_error (_("error changing size of key %d to %u bits: %s\n"),
keyno+1, nbits, gpg_strerror (err));
return err;
}
-
+
static void
generate_card_keys (void)
@@ -1422,7 +1422,7 @@ generate_card_keys (void)
/* Note that INFO has not be synced. However we will only use
the serialnumber and thus it won't harm. */
}
-
+
generate_keypair (NULL, info.serialno, want_backup? opt.homedir:NULL);
leave:
@@ -1452,7 +1452,7 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
tty_printf (_(" (2) Encryption key\n"));
tty_printf (_(" (3) Authentication key\n"));
- for (;;)
+ for (;;)
{
char *answer = cpr_get ("cardedit.genkeys.subkeytype",
_("Your selection? "));
@@ -1509,7 +1509,7 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
carry the serialno stuff instead of the actual secret key
parameters. USE is the usage for that key; 0 means any
usage. */
-int
+int
card_store_subkey (KBNODE node, int use)
{
struct agent_card_info_s info;
@@ -1549,7 +1549,7 @@ card_store_subkey (KBNODE node, int use)
goto leave;
}
- allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG)));
+ allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT)));
allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
@@ -1562,7 +1562,7 @@ card_store_subkey (KBNODE node, int use)
if (allow_keyno[2])
tty_printf (_(" (3) Authentication key\n"));
- for (;;)
+ for (;;)
{
char *answer = cpr_get ("cardedit.genkeys.storekeytype",
_("Your selection? "));
@@ -1576,7 +1576,7 @@ card_store_subkey (KBNODE node, int use)
xfree(answer);
if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
{
- if (info.is_v2 && !info.extcap.aac
+ if (info.is_v2 && !info.extcap.aac
&& info.key_attr[keyno-1].nbits != nbits)
{
tty_printf ("Key does not match the card's capability.\n");
@@ -1628,7 +1628,7 @@ card_store_subkey (KBNODE node, int use)
if (copied_sk)
{
free_secret_key (copied_sk);
- copied_sk = NULL;
+ copied_sk = NULL;
}
sk = node->pkt->pkt.secret_key;
@@ -1703,7 +1703,7 @@ static struct
{ "privatedo", cmdPRIVATEDO, 0, NULL },
{ "readcert", cmdREADCERT, 0, NULL },
{ "writecert", cmdWRITECERT, 1, NULL },
- { NULL, cmdINVCMD, 0, NULL }
+ { NULL, cmdINVCMD, 0, NULL }
};
@@ -1782,7 +1782,7 @@ card_edit (strlist_t commands)
char *p;
int i;
int cmd_admin_only;
-
+
tty_printf("\n");
if (redisplay )
{
@@ -1834,7 +1834,7 @@ card_edit (strlist_t commands)
cmd = cmdLIST; /* Default to the list command */
else if (*answer == CONTROL_D)
cmd = cmdQUIT;
- else
+ else
{
if ((p=strchr (answer,' ')))
{
@@ -1849,7 +1849,7 @@ card_edit (strlist_t commands)
while (spacep (arg_rest))
arg_rest++;
}
-
+
for (i=0; cmds[i].name; i++ )
if (!ascii_strcasecmp (answer, cmds[i].name ))
break;
-----------------------------------------------------------------------
Summary of changes:
NEWS | 19 ++++++-
agent/Makefile.am | 2 +-
agent/gpg-agent.c | 6 +-
common/Makefile.am | 2 +-
common/ssh-utils.c | 2 +
configure.ac | 2 +-
doc/Makefile.am | 6 +-
doc/gpg-agent.texi | 11 ++--
doc/gpg.texi | 90 +++++++++++++++++++++++-------
doc/gpgsm.texi | 24 +++++++-
doc/tools.texi | 9 +--
g10/Makefile.am | 4 +-
g10/call-agent.c | 4 +-
g10/card-util.c | 94 +++++++++++++++----------------
g10/gpg.c | 2 +
g10/import.c | 158 ++++++++++++++++++++++++++++++----------------------
g10/keyserver.c | 77 +++++++++++++++++++++----
g10/main.h | 9 ++-
g10/pkclist.c | 18 ++++--
jnlib/Makefile.am | 2 +-
po/be.po | 11 ++++
po/ca.po | 11 ++++
po/cs.po | 13 +++++
po/da.po | 13 +++++
po/de.po | 13 ++++-
po/el.po | 11 ++++
po/eo.po | 11 ++++
po/es.po | 13 +++++
po/et.po | 11 ++++
po/fi.po | 11 ++++
po/fr.po | 13 +++++
po/gl.po | 11 ++++
po/hu.po | 11 ++++
po/id.po | 11 ++++
po/it.po | 11 ++++
po/ja.po | 13 +++++
po/nb.po | 13 +++++
po/pl.po | 13 +++++
po/pt.po | 11 ++++
po/pt_BR.po | 11 ++++
po/ro.po | 13 +++++
po/ru.po | 13 +++++
po/sk.po | 11 ++++
po/sv.po | 13 +++++
po/tr.po | 13 +++++
po/uk.po | 13 +++++
po/zh_CN.po | 13 +++++
po/zh_TW.po | 13 +++++
scd/Makefile.am | 4 +-
scd/scdaemon.c | 11 +++-
sm/Makefile.am | 3 +-
tools/Makefile.am | 8 +--
52 files changed, 719 insertions(+), 186 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list