## Process this file with automake to produce Makefile.in
ACLOCAL_AMFLAGS = -I m4
-DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-g13 \
+AM_DISTCHECK_CONFIGURE_FLAGS = --enable-gnupg-builddir-envvar \
+ --enable-symcryptrun --enable-g13 \
--enable-gpg2-is-gpg --enable-gpgtar --enable-wks-tools --disable-ntbtls
GITLOG_TO_CHANGELOG=gitlog-to-changelog
+Noteworthy changes in version 2.1.19 (2017-03-01)
+-------------------------------------------------
+
+ * gpg: Print a warning if Tor mode is requested but the Tor daemon
+ is not running.
+
+ * gpg: New status code DECRYPTION_KEY to print the actual private
+ key used for decryption.
+
+ * gpgv: New options --log-file and --debug.
+
+ * gpg-agent: Revamp the prompts to ask for card PINs.
+
+ * scd: Support for multiple card readers.
+
+ * scd: Removed option --debug-disable-ticker. Ticker is used
+ only when it is required to watch removal of device/card.
+
+ * scd: Improved detection of card inserting and removal.
+
+ * dirmngr: New option --disable-ipv4.
+
+ * dirmngr: New option --no-use-tor to explicitly disable the use of
+ Tor.
+
+ * dirmngr: The option --allow-version-check is now required even if
+ the option --use-tor is also used.
+
+ * dirmngr: Handle a missing nsswitch.conf gracefully.
+
+ * dirmngr: Avoid PTR lookups for keyserver pools. The are only done
+ for the debug command "keyserver --hosttable".
+
+ * dirmngr: Rework the internal certificate cache to support classes
+ of certificates. Load system provided certificates on startup.
+ Add options --tls, --no-crl, and --systrust to the "VALIDATE"
+ command.
+
+ * dirmngr: Add support for the ntbtls library.
+
+ * wks: Create mails with a "WKS-Phase" header. Fix detection of
+ Draft-2 mode.
+
+ * The Windows installer is now build with limited TLS support.
+
+ * Many other bug fixes and new regression tests.
+
+
Noteworthy changes in version 2.1.18 (2017-01-23)
-------------------------------------------------
* Fixed spurious failures on BSD system in the spawn functions.
This affected for example gpg-wks-client and gpgconf.
+ See-also: gnupg-announce/2017q1/000401.html
+
Noteworthy changes in version 2.1.17 (2016-12-20)
-------------------------------------------------
session_env_t session_env;
char *lc_ctype;
char *lc_messages;
+ unsigned long client_pid;
/* The current pinentry mode. */
pinentry_mode_t pinentry_mode;
void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
/*-- findkey.c --*/
+gpg_error_t agent_modify_description (const char *in, const char *comment,
+ const gcry_sexp_t key, char **result);
int agent_write_private_key (const unsigned char *grip,
const void *buffer, size_t length, int force);
gpg_error_t agent_key_from_file (ctrl_t ctrl,
/*-- divert-scd.c --*/
-int divert_pksign (ctrl_t ctrl,
+int divert_pksign (ctrl_t ctrl, const char *desc_text,
const unsigned char *digest, size_t digestlen, int algo,
const unsigned char *shadow_info, unsigned char **r_sig,
size_t *r_siglen);
-int divert_pkdecrypt (ctrl_t ctrl,
+int divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
const unsigned char *cipher,
const unsigned char *shadow_info,
char **r_buf, size_t *r_len, int *r_padding);
int agent_card_serialno (ctrl_t ctrl, char **r_serialno, const char *demand);
int agent_card_pksign (ctrl_t ctrl,
const char *keyid,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg,
+ const char *desc_text,
int mdalgo,
const unsigned char *indata, size_t indatalen,
unsigned char **r_buf, size_t *r_buflen);
int agent_card_pkdecrypt (ctrl_t ctrl,
const char *keyid,
- int (*getpin_cb)(void *, const char *, char*,size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*,size_t),
void *getpin_cb_arg,
+ const char *desc_text,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen, int *r_padding);
int agent_card_readcert (ctrl_t ctrl,
int agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
const char *id, const char *keydata,
size_t keydatalen,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg);
gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result);
+gpg_error_t agent_card_cardlist (ctrl_t ctrl, strlist_t *result);
int agent_card_scd (ctrl_t ctrl, const char *cmdline,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg, void *assuan_context);
void
agent_store_cache_hit (const char *key)
{
- xfree (last_stored_cache_key);
- last_stored_cache_key = key? xtrystrdup (key) : NULL;
+ char *new;
+ char *old;
+
+ /* To make sure the update is atomic under the non-preemptive thread
+ * model, we must make sure not to surrender control to a different
+ * thread. Therefore, we avoid calling the allocator during the
+ * update.
+ *
+ * Background: xtrystrdup uses gcry_strdup which may use the secure
+ * memory allocator of Libgcrypt. That allocator takes locks and
+ * since version 1.14 libgpg-error is nPth aware and thus taking a
+ * lock may now lead to thread switch. Note that this only happens
+ * when secure memory is _allocated_ (the standard allocator uses
+ * malloc which is not nPth aware) but not when calling _xfree_
+ * because gcry_free needs to check whether the pointer is in secure
+ * memory and thus needs to take a lock.
+ */
+ new = key ? xtrystrdup (key) : NULL;
+
+ /* Atomic update. */
+ old = last_stored_cache_key;
+ last_stored_cache_key = new;
+ /* Done. */
+
+ xfree (old);
}
# include <sys/wait.h>
# include <sys/types.h>
# include <signal.h>
+# include <sys/utsname.h>
#endif
#include <npth.h>
/* The assuan context of the current pinentry. */
static assuan_context_t entry_ctx;
+/* A list of features of the current pinentry. */
+static struct
+{
+ /* The Pinentry support RS+US tabbing. This means that a RS (0x1e)
+ * starts a new tabbing block in which a US (0x1f) followed by a
+ * colon marks a colon. A pinentry can use this to pretty print
+ * name value pairs. */
+ unsigned int tabbing:1;
+} entry_features;
+
+
/* The control variable of the connection owning the current pinentry.
This is only valid if ENTRY_CTX is not NULL. Note, that we care
only about the value of the pointer and that it should never be
}
+/* Status line callback for the FEATURES status. */
+static gpg_error_t
+getinfo_features_cb (void *opaque, const char *line)
+{
+ const char *args;
+ char **tokens;
+ int i;
+
+ (void)opaque;
+
+ if ((args = has_leading_keyword (line, "FEATURES")))
+ {
+ tokens = strtokenize (args, " ");
+ if (!tokens)
+ return gpg_error_from_syserror ();
+ for (i=0; tokens[i]; i++)
+ if (!strcmp (tokens[i], "tabbing"))
+ entry_features.tabbing = 1;
+ xfree (tokens);
+ }
+
+ return 0;
+}
+
+
static gpg_error_t
getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
{
}
}
+ /* Tell Pinentry about our client. */
+ if (ctrl->client_pid)
+ {
+ char *optstr;
+ const char *nodename = "";
+
+#ifndef HAVE_W32_SYSTEM
+ struct utsname utsbuf;
+ if (!uname (&utsbuf))
+ nodename = utsbuf.nodename;
+#endif /*!HAVE_W32_SYSTEM*/
+
+ if ((optstr = xtryasprintf ("OPTION owner=%lu %s",
+ ctrl->client_pid, nodename)))
+ {
+ assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
+ NULL);
+ /* We ignore errors because this is just a fancy thing and
+ older pinentries do not support this feature. */
+ xfree (optstr);
+ }
+ }
+
- /* Ask the pinentry for its version and flavor and streo that as a
+ /* Ask the pinentry for its version and flavor and store that as a
* string in MB. This information is useful for helping users to
- * figure out Pinentry problems. */
+ * figure out Pinentry problems. Noet that "flavor" may also return
+ * a status line with the features; we use a dedicated handler for
+ * that. */
{
membuf_t mb;
init_membuf (&mb, 256);
if (assuan_transact (entry_ctx, "GETINFO flavor",
- put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
+ put_membuf_cb, &mb,
+ NULL, NULL,
+ getinfo_features_cb, NULL))
put_membuf_str (&mb, "unknown");
put_membuf_str (&mb, " ");
if (assuan_transact (entry_ctx, "GETINFO version",
put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
put_membuf_str (&mb, "unknown");
+ put_membuf_str (&mb, " ");
+ if (assuan_transact (entry_ctx, "GETINFO ttyinfo",
+ put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
+ put_membuf_str (&mb, "? ? ?");
put_membuf (&mb, "", 1);
flavor_version = get_membuf (&mb, NULL);
}
}
+/* Build a SETDESC command line. This is a dedicated funcion so that
+ * it can remove control characters which are not supported by the
+ * current Pinentry. */
+static void
+build_cmd_setdesc (char *line, size_t linelen, const char *desc)
+{
+ char *src, *dst;
+
+ snprintf (line, linelen, "SETDESC %s", desc);
+ if (!entry_features.tabbing)
+ {
+ /* Remove RS and US. */
+ for (src=dst=line; *src; src++)
+ if (!strchr ("\x1e\x1f", *src))
+ *dst++ = *src;
+ *dst = 0;
+ }
+}
+
\f
/* Call the Entry and ask for the PIN. We do check for a valid PIN
if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
return unlock_pinentry (rc);
- snprintf (line, DIM(line), "SETDESC %s", desc_text);
+ build_cmd_setdesc (line, DIM(line), desc_text);
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
if (desc)
- snprintf (line, DIM(line), "SETDESC %s", desc);
+ build_cmd_setdesc (line, DIM(line), desc);
else
snprintf (line, DIM(line), "RESET");
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
return rc;
if (desc)
- snprintf (line, DIM(line), "SETDESC %s", desc);
+ build_cmd_setdesc (line, DIM(line), desc);
else
snprintf (line, DIM(line), "RESET");
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
return rc;
if (desc)
- snprintf (line, DIM(line), "SETDESC %s", desc);
+ build_cmd_setdesc (line, DIM(line), desc);
else
snprintf (line, DIM(line), "RESET");
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
return rc;
if (desc)
- snprintf (line, DIM(line), "SETDESC %s", desc);
+ build_cmd_setdesc (line, DIM(line), desc);
else
snprintf (line, DIM(line), "RESET");
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
#include "agent.h"
#include <assuan.h>
+#include "strlist.h"
#ifdef _POSIX_OPEN_MAX
#define MAX_OPEN_FDS _POSIX_OPEN_MAX
/* Definition of module local data of the CTRL structure. */
struct scd_local_s
{
- /* We keep a list of all allocated context with a an achnor at
+ /* We keep a list of all allocated context with an anchor at
SCD_LOCAL_LIST (see below). */
struct scd_local_s *next_local;
/* We need to get back to the ctrl object actually referencing this
- structure. This is really an awkward way of enumerint the lcoal
- contects. A much cleaner way would be to keep a global list of
+ structure. This is really an awkward way of enumerating the local
+ contexts. A much cleaner way would be to keep a global list of
ctrl objects to enumerate them. */
ctrl_t ctrl_backlink;
void *sinfo_cb_arg;
};
-struct inq_needpin_s
+
+/* Callback parameter used by inq_getpin and inq_writekey_parms. */
+struct inq_needpin_parm_s
{
assuan_context_t ctx;
- int (*getpin_cb)(void *, const char *, char*, size_t);
+ int (*getpin_cb)(void *, const char *, const char *, char*, size_t);
void *getpin_cb_arg;
+ const char *getpin_cb_desc;
assuan_context_t passthru; /* If not NULL, pass unknown inquiries
up to the caller. */
int any_inq_seen;
+
+ /* The next fields are used by inq_writekey_parm. */
+ const unsigned char *keydata;
+ size_t keydatalen;
};
static gpg_error_t
inq_needpin (void *opaque, const char *line)
{
- struct inq_needpin_s *parm = opaque;
+ struct inq_needpin_parm_s *parm = opaque;
const char *s;
char *pin;
size_t pinlen;
if (!pin)
return out_of_core ();
- rc = parm->getpin_cb (parm->getpin_cb_arg, line, pin, pinlen);
+ rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,
+ line, pin, pinlen);
if (!rc)
rc = assuan_send_data (parm->ctx, pin, pinlen);
xfree (pin);
}
else if ((s = has_leading_keyword (line, "POPUPPINPADPROMPT")))
{
- rc = parm->getpin_cb (parm->getpin_cb_arg, s, NULL, 1);
+ rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,
+ s, NULL, 1);
}
else if ((s = has_leading_keyword (line, "DISMISSPINPADPROMPT")))
{
- rc = parm->getpin_cb (parm->getpin_cb_arg, "", NULL, 0);
+ rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,
+ "", NULL, 0);
}
else if (parm->passthru)
{
return rc;
}
+
/* Create a signature using the current card. MDALGO is either 0 or
- gives the digest algorithm. */
+ * gives the digest algorithm. DESC_TEXT is an additional parameter
+ * passed to GETPIN_CB. */
int
agent_card_pksign (ctrl_t ctrl,
const char *keyid,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg,
+ const char *desc_text,
int mdalgo,
const unsigned char *indata, size_t indatalen,
unsigned char **r_buf, size_t *r_buflen)
int rc;
char line[ASSUAN_LINELENGTH];
membuf_t data;
- struct inq_needpin_s inqparm;
+ struct inq_needpin_parm_s inqparm;
*r_buf = NULL;
rc = start_scd (ctrl);
inqparm.ctx = ctrl->scd_local->ctx;
inqparm.getpin_cb = getpin_cb;
inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.getpin_cb_desc = desc_text;
inqparm.passthru = 0;
inqparm.any_inq_seen = 0;
+ inqparm.keydata = NULL;
+ inqparm.keydatalen = 0;
+
if (ctrl->use_auth_call)
snprintf (line, sizeof line, "PKAUTH %s", keyid);
else
/* Decipher INDATA using the current card. Note that the returned
- value is not an s-expression but the raw data as returned by
- scdaemon. The padding information is stored at R_PADDING with -1
- for not known. */
+ * value is not an s-expression but the raw data as returned by
+ * scdaemon. The padding information is stored at R_PADDING with -1
+ * for not known. DESC_TEXT is an additional parameter passed to
+ * GETPIN_CB. */
int
agent_card_pkdecrypt (ctrl_t ctrl,
const char *keyid,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg,
+ const char *desc_text,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen, int *r_padding)
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
membuf_t data;
- struct inq_needpin_s inqparm;
+ struct inq_needpin_parm_s inqparm;
size_t len;
*r_buf = NULL;
inqparm.ctx = ctrl->scd_local->ctx;
inqparm.getpin_cb = getpin_cb;
inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.getpin_cb_desc = desc_text;
inqparm.passthru = 0;
inqparm.any_inq_seen = 0;
+ inqparm.keydata = NULL;
+ inqparm.keydatalen = 0;
snprintf (line, DIM(line), "PKDECRYPT %s", keyid);
rc = assuan_transact (ctrl->scd_local->ctx, line,
put_membuf_cb, &data,
}
-struct writekey_parm_s
-{
- assuan_context_t ctx;
- int (*getpin_cb)(void *, const char *, char*, size_t);
- void *getpin_cb_arg;
- assuan_context_t passthru;
- int any_inq_seen;
- /**/
- const unsigned char *keydata;
- size_t keydatalen;
-};
-
/* Handle a KEYDATA inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the end */
static gpg_error_t
inq_writekey_parms (void *opaque, const char *line)
{
- struct writekey_parm_s *parm = opaque;
+ struct inq_needpin_parm_s *parm = opaque;
if (has_leading_keyword (line, "KEYDATA"))
return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen);
int
agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
const char *id, const char *keydata, size_t keydatalen,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg)
{
int rc;
char line[ASSUAN_LINELENGTH];
- struct writekey_parm_s parms;
+ struct inq_needpin_parm_s parms;
(void)serialno;
rc = start_scd (ctrl);
parms.ctx = ctrl->scd_local->ctx;
parms.getpin_cb = getpin_cb;
parms.getpin_cb_arg = getpin_cb_arg;
+ parms.getpin_cb_desc= NULL;
parms.passthru = 0;
parms.any_inq_seen = 0;
parms.keydata = keydata;
rc = cancel_inquire (ctrl, rc);
return unlock_scd (ctrl, rc);
}
+
+
\f
/* Type used with the card_getattr_cb. */
struct card_getattr_parm_s {
}
+\f
+struct card_cardlist_parm_s {
+ int error;
+ strlist_t list;
+};
+
+/* Callback function for agent_card_cardlist. */
+static gpg_error_t
+card_cardlist_cb (void *opaque, const char *line)
+{
+ struct card_cardlist_parm_s *parm = opaque;
+ const char *keyword = line;
+ int keywordlen;
+
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ while (spacep (line))
+ line++;
+
+ if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
+ {
+ const char *s;
+ int n;
+
+ for (n=0,s=line; hexdigitp (s); s++, n++)
+ ;
+
+ if (!n || (n&1) || *s)
+ parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
+ else
+ add_to_strlist (&parm->list, line);
+ }
+
+ return 0;
+}
+
+/* Call the scdaemon to retrieve list of available cards. On success
+ the allocated strlist is stored at RESULT. On error an error code is
+ returned and NULL stored at RESULT. */
+gpg_error_t
+agent_card_cardlist (ctrl_t ctrl, strlist_t *result)
+{
+ int err;
+ struct card_cardlist_parm_s parm;
+ char line[ASSUAN_LINELENGTH];
+
+ *result = NULL;
+
+ memset (&parm, 0, sizeof parm);
+ strcpy (line, "GETINFO card_list");
+
+ err = start_scd (ctrl);
+ if (err)
+ return err;
+
+ err = assuan_transact (ctrl->scd_local->ctx, line,
+ NULL, NULL, NULL, NULL,
+ card_cardlist_cb, &parm);
+ if (!err && parm.error)
+ err = parm.error;
+
+ if (!err)
+ *result = parm.list;
+ else
+ free_strlist (parm.list);
+
+ return unlock_scd (ctrl, err);
+}
+
\f
static gpg_error_t
inquiry is handled inside gpg-agent. */
int
agent_card_scd (ctrl_t ctrl, const char *cmdline,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg, void *assuan_context)
{
int rc;
- struct inq_needpin_s inqparm;
+ struct inq_needpin_parm_s inqparm;
int saveflag;
rc = start_scd (ctrl);
inqparm.ctx = ctrl->scd_local->ctx;
inqparm.getpin_cb = getpin_cb;
inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.getpin_cb_desc = NULL;
inqparm.passthru = assuan_context;
inqparm.any_inq_seen = 0;
+ inqparm.keydata = NULL;
+ inqparm.keydatalen = 0;
+
saveflag = assuan_get_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS);
assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, 1);
rc = assuan_transact (ctrl->scd_local->ctx, cmdline,
}
+static gpg_error_t
+card_key_list (ctrl_t ctrl, char **r_serialno, strlist_t *result)
+{
+ gpg_error_t err;
+
+ *r_serialno = NULL;
+ *result = NULL;
+
+ err = agent_card_serialno (ctrl, r_serialno, NULL);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_ENODEV)
+ return 0; /* Nothing available. */
+
+ if (opt.verbose)
+ log_info (_("error getting serial number of card: %s\n"),
+ gpg_strerror (err));
+ return err;
+ }
+
+ err = agent_card_cardlist (ctrl, result);
+ if (err)
+ {
+ xfree (*r_serialno);
+ *r_serialno = NULL;
+ }
+ return err;
+}
+
/* Check whether a smartcard is available and whether it has a usable
key. Store a copy of that key at R_PK and return 0. If no key is
available store NULL at R_PK and return an error code. If CARDSN
reader - this should be allowed even without being listed in
sshcontrol. */
- if (!opt.disable_scdaemon
- && !card_key_available (ctrl, &key_public, &cardsn))
+ if (!opt.disable_scdaemon)
{
- err = ssh_send_key_public (key_blobs, key_public, cardsn);
- gcry_sexp_release (key_public);
- key_public = NULL;
- xfree (cardsn);
+ char *serialno;
+ strlist_t card_list, sl;
+
+ err = card_key_list (ctrl, &serialno, &card_list);
if (err)
- goto out;
+ {
+ if (opt.verbose)
+ log_info (_("error getting list of cards: %s\n"),
+ gpg_strerror (err));
+ goto out;
+ }
- key_counter++;
+ for (sl = card_list; sl; sl = sl->next)
+ {
+ char *serialno0;
+ err = agent_card_serialno (ctrl, &serialno0, sl->d);
+ if (err)
+ {
+ if (opt.verbose)
+ log_info (_("error getting serial number of card: %s\n"),
+ gpg_strerror (err));
+ xfree (serialno);
+ free_strlist (card_list);
+ goto out;
+ }
+
+ xfree (serialno0);
+ if (card_key_available (ctrl, &key_public, &cardsn))
+ continue;
+
+ err = ssh_send_key_public (key_blobs, key_public, cardsn);
+ gcry_sexp_release (key_public);
+ key_public = NULL;
+ xfree (cardsn);
+ if (err)
+ {
+ xfree (serialno);
+ free_strlist (card_list);
+ goto out;
+ }
+
+ key_counter++;
+ }
+
+ xfree (serialno);
+ free_strlist (card_list);
}
/* Then look at all the registered and non-disabled keys. */
}
-/* This function signs the data described by CTRL. If HASH is is not
+/* This function signs the data described by CTRL. If HASH is not
NULL, (HASH,HASHLEN) overrides the hash stored in CTRL. This is to
allow the use of signature algorithms that implement the hashing
internally (e.g. Ed25519). On success the created signature is
}
+/* Return the peer's pid. Stripped down code from libassuan. */
+static unsigned long
+get_client_pid (int fd)
+{
+ pid_t client_pid = (pid_t)(-1);
+
+#ifdef HAVE_SO_PEERCRED
+ {
+ struct ucred cr;
+ socklen_t cl = sizeof cr;
+
+ if ( !getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl))
+ client_pid = cr.pid;
+ }
+#elif defined (HAVE_GETPEERUCRED)
+ {
+ ucred_t *ucred = NULL;
+
+ if (getpeerucred (fd, &ucred) != -1)
+ {
+ client_pid= ucred_getpid (ucred);
+ ucred_free (ucred);
+ }
+ }
+#elif defined (HAVE_LOCAL_PEEREID)
+ {
+ struct unpcbid unp;
+ socklen_t unpl = sizeof unp;
+
+ if (getsockopt (fd, 0, LOCAL_PEEREID, &unp, &unpl) != -1)
+ client_pid = unp.unp_pid;
+ }
+#endif
+
+ return client_pid == (pid_t)(-1)? 0 : (unsigned long)client_pid;
+}
+
+
/* Start serving client on SOCK_CLIENT. */
void
start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
if (err)
goto out;
+ ctrl->client_pid = get_client_pid (FD2INT(sock_client));
+
/* Create stream from socket. */
stream_sock = es_fdopen (FD2INT(sock_client), "r+");
if (!stream_sock)
#ifdef HAVE_W32_SYSTEM
/* Serve one ssh-agent request. This is used for the Putty support.
- REQUEST is the the mmapped memory which may be accessed up to a
+ REQUEST is the mmapped memory which may be accessed up to a
length of MAXREQLEN. Returns 0 on success which also indicates
that a valid SSH response message is now in REQUEST. */
int
size_t response_size;
/* NB: In contrast to the request-stream, the response stream
- includes the the message type byte. */
+ includes the message type byte. */
if (es_fclose_snatch (response_stream, &response_data, &response_size))
{
log_error ("snatching ssh response failed: %s",
static const char hlp_geteventcounter[] =
"GETEVENTCOUNTER\n"
"\n"
- "Return a a status line named EVENTCOUNTER with the current values\n"
+ "Return a status line named EVENTCOUNTER with the current values\n"
"of all event counters. The values are decimal numbers in the range\n"
"0 to UINT_MAX and wrapping around to 0. The actual values should\n"
"not be relied upon, they shall only be used to detect a change.\n"
"KEYWRAP_KEY [--clear] <mode>\n"
"\n"
"Return a key to wrap another key. For now the key is returned\n"
- "verbatim and and thus makes not much sense because an eavesdropper on\n"
+ "verbatim and thus makes not much sense because an eavesdropper on\n"
"the gpg-agent connection will see the key as well as the wrapped key.\n"
"However, this function may either be equipped with a public key\n"
"mechanism or not used at all if the key is a pre-shared key. In any\n"
"try to connect to that daemon. Only if that fails they may start\n"
"an own instance of the service daemon. \n"
"\n"
- "KEY is an an arbitrary symbol with the same syntax rules as keys\n"
+ "KEY is an arbitrary symbol with the same syntax rules as keys\n"
"for shell environment variables. PERCENT_ESCAPED_VALUE is the\n"
"corresponding value; they should be similar to the values of\n"
"envronment variables but gpg-agent does not enforce any\n"
for (;;)
{
+ pid_t client_pid;
+
rc = assuan_accept (ctx);
if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1)
{
break;
}
- ctrl->server_local->connect_from_self = (assuan_get_pid (ctx)==getpid ());
+ client_pid = assuan_get_pid (ctx);
+ ctrl->server_local->connect_from_self = (client_pid == getpid ());
+ if (client_pid != ASSUAN_INVALID_PID)
+ ctrl->client_pid = (unsigned long)client_pid;
+ else
+ ctrl->client_pid = 0;
rc = assuan_process (ctx);
if (rc)
char *serialno;
int no_card = 0;
char *desc;
- char *want_sn, *want_kid;
- int want_sn_displen;
+ char *want_sn, *want_kid, *want_sn_disp;
+ int len;
*r_kid = NULL;
rc = parse_shadow_info (shadow_info, &want_sn, &want_kid, NULL);
if (rc)
return rc;
+ want_sn_disp = xtrystrdup (want_sn);
+ if (!want_sn_disp)
+ {
+ rc = gpg_error_from_syserror ();
+ xfree (want_sn);
+ return rc;
+ }
- /* We assume that a 20 byte serial number is a standard one which
- has the property to have a zero in the last nibble (Due to BCD
- representation). We don't display this '0' because it may
- confuse the user. */
- want_sn_displen = strlen (want_sn);
- if (want_sn_displen == 20 && want_sn[19] == '0')
- want_sn_displen--;
+ len = strlen (want_sn_disp);
+ if (len == 32 && !strncmp (want_sn_disp, "D27600012401", 12))
+ {
+ /* This is an OpenPGP card - reformat */
+ memmove (want_sn_disp, want_sn_disp+16, 4);
+ want_sn_disp[4] = ' ';
+ memmove (want_sn_disp+5, want_sn_disp+20, 8);
+ want_sn_disp[13] = 0;
+ }
+ else if (len == 20 && want_sn_disp[19] == '0')
+ {
+ /* We assume that a 20 byte serial number is a standard one
+ * which has the property to have a zero in the last nibble (Due
+ * to BCD representation). We don't display this '0' because it
+ * may confuse the user. */
+ want_sn_disp[19] = 0;
+ }
for (;;)
{
{
if (asprintf (&desc,
"%s:%%0A%%0A"
- " \"%.*s\"",
+ " %s",
no_card
? L_("Please insert the card with serial number")
: L_("Please remove the current card and "
"insert the one with serial number"),
- want_sn_displen, want_sn) < 0)
+ want_sn_disp) < 0)
{
rc = out_of_core ();
}
}
if (rc)
{
+ xfree (want_sn_disp);
xfree (want_sn);
xfree (want_kid);
return rc;
}
+/* Return true if STRING ends in "%0A". */
+static int
+has_percent0A_suffix (const char *string)
+{
+ size_t n;
+
+ return (string
+ && (n = strlen (string)) >= 3
+ && !strcmp (string + n - 3, "%0A"));
+}
+
+
/* Callback used to ask for the PIN which should be set into BUF. The
buf has been allocated by the caller and is of size MAXBUF which
includes the terminating null. The function should return an UTF-8
string with the passphrase, the buffer may optionally be padded
with arbitrary characters.
+ If DESC_TEXT is not NULL it can be used as further informtion shown
+ atop of the INFO message.
+
INFO gets displayed as part of a generic string. However if the
first character of INFO is a vertical bar all up to the next
verical bar are considered flags and only everything after the
are considered.
*/
static int
-getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
+getpin_cb (void *opaque, const char *desc_text, const char *info,
+ char *buf, size_t maxbuf)
{
struct pin_entry_info_s *pi;
int rc;
{
if (info)
{
- char *desc;
+ char *desc, *desc2;
if ( asprintf (&desc,
L_("%s%%0A%%0AUse the reader's pinpad for input."),
rc = gpg_error_from_syserror ();
else
{
- rc = agent_popup_message_start (ctrl, desc, NULL);
+ /* Prepend DESC_TEXT to INFO. */
+ if (desc_text)
+ desc2 = strconcat (desc_text,
+ has_percent0A_suffix (desc_text)
+ ? "%0A" : "%0A%0A",
+ desc, NULL);
+ else
+ desc2 = NULL;
+ rc = agent_popup_message_start (ctrl,
+ desc2? desc2:desc, NULL);
+ xfree (desc2);
xfree (desc);
}
}
else
- rc = agent_popup_message_start (ctrl, NULL, NULL);
+ rc = agent_popup_message_start (ctrl, desc_text, NULL);
}
else
rc = gpg_error (GPG_ERR_INV_VALUE);
if (any_flags)
{
- rc = agent_askpin (ctrl, info, prompt, again_text, pi, NULL, 0);
+ {
+ char *desc2;
+
+ if (desc_text)
+ desc2 = strconcat (desc_text,
+ has_percent0A_suffix (desc_text)
+ ? "%0A" : "%0A%0A",
+ info, NULL);
+ else
+ desc2 = NULL;
+ rc = agent_askpin (ctrl, desc2? desc2 : info,
+ prompt, again_text, pi, NULL, 0);
+ xfree (desc2);
+ }
again_text = NULL;
if (!rc && newpin)
{
}
else
{
- char *desc;
+ char *desc, *desc2;
+
if ( asprintf (&desc,
L_("Please enter the PIN%s%s%s to unlock the card"),
info? " (":"",
info? info:"",
info? ")":"") < 0)
desc = NULL;
- rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi, NULL, 0);
+ if (desc_text)
+ desc2 = strconcat (desc_text,
+ has_percent0A_suffix (desc_text)
+ ? "%0A" : "%0A%0A",
+ desc, NULL);
+ else
+ desc2 = NULL;
+ rc = agent_askpin (ctrl, desc2? desc2 : desc? desc : info,
+ prompt, NULL, pi, NULL, 0);
+ xfree (desc2);
xfree (desc);
}
-
+/* This function is used when a sign operation has been diverted to a
+ * smartcard. DESC_TEXT is the original text for a prompt has send by
+ * gpg to gpg-agent.
+ *
+ * FIXME: Explain the other args. */
int
-divert_pksign (ctrl_t ctrl,
+divert_pksign (ctrl_t ctrl, const char *desc_text,
const unsigned char *digest, size_t digestlen, int algo,
const unsigned char *shadow_info, unsigned char **r_sig,
size_t *r_siglen)
size_t siglen;
unsigned char *sigval = NULL;
+ (void)desc_text;
+
rc = ask_for_card (ctrl, shadow_info, &kid);
if (rc)
return rc;
{
int save = ctrl->use_auth_call;
ctrl->use_auth_call = 1;
- rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl,
+ rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl, NULL,
algo, digest, digestlen, &sigval, &siglen);
ctrl->use_auth_call = save;
}
rc = encode_md_for_card (digest, digestlen, algo, &data, &ndata);
if (!rc)
{
- rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl,
+ rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl, NULL,
algo, data, ndata, &sigval, &siglen);
xfree (data);
}
}
-/* Decrypt the the value given asn an S-expression in CIPHER using the
+/* Decrypt the value given asn an S-expression in CIPHER using the
key identified by SHADOW_INFO and return the plaintext in an
allocated buffer in R_BUF. The padding information is stored at
R_PADDING with -1 for not known. */
int
-divert_pkdecrypt (ctrl_t ctrl,
+divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
const unsigned char *cipher,
const unsigned char *shadow_info,
char **r_buf, size_t *r_len, int *r_padding)
char *plaintext;
size_t plaintextlen;
+ (void)desc_text;
+
*r_padding = -1;
s = cipher;
if (rc)
return rc;
- rc = agent_card_pkdecrypt (ctrl, kid, getpin_cb, ctrl,
+ rc = agent_card_pkdecrypt (ctrl, kid, getpin_cb, ctrl, NULL,
ciphertext, ciphertextlen,
&plaintext, &plaintextlen, r_padding);
if (!rc)
The functions returns 0 on success or an error code. On success a
newly allocated string is stored at the address of RESULT.
*/
-static gpg_error_t
-modify_description (const char *in, const char *comment, const gcry_sexp_t key,
- char **result)
+gpg_error_t
+agent_modify_description (const char *in, const char *comment,
+ const gcry_sexp_t key, char **result)
{
size_t comment_length;
size_t in_len;
size_t i;
int special, pass;
char *ssh_fpr = NULL;
+ char *p;
+
+ *result = NULL;
+
+ if (!comment)
+ comment = "";
comment_length = strlen (comment);
in_len = strlen (in);
/* First pass calculates the length, second pass does the actual
copying. */
+ /* FIXME: This can be simplified by using es_fopenmem. */
out = NULL;
out_len = 0;
for (pass=0; pass < 2; pass++)
}
*out = 0;
- assert (*result + out_len == out);
+ log_assert (*result + out_len == out);
xfree (ssh_fpr);
+
+ /* The ssh prompt may sometimes end in
+ * "...%0A ()"
+ * The empty parentheses doesn't look very good. We use this hack
+ * here to remove them as well as the indentation spaces. */
+ p = *result;
+ i = strlen (p);
+ if (i > 2 && !strcmp (p + i - 2, "()"))
+ {
+ p += i - 2;
+ *p-- = 0;
+ while (p > *result && spacep (p))
+ *p-- = 0;
+ }
+
return 0;
}
desc_text_final = NULL;
if (desc_text)
- rc = modify_description (desc_text, comment? comment:"", s_skey,
- &desc_text_final);
+ rc = agent_modify_description (desc_text, comment, s_skey,
+ &desc_text_final);
gcry_free (comment);
if (!rc)
-/* Check whether the the secret key identified by GRIP is available.
+/* Check whether the secret key identified by GRIP is available.
Returns 0 is the key is available. */
int
agent_key_available (const unsigned char *grip)
}
if (desc_text)
- err = modify_description (desc_text, comment? comment:"", s_skey,
- &desc_text_final);
+ err = agent_modify_description (desc_text, comment, s_skey,
+ &desc_text_final);
if (err)
goto leave;
}
/* Now check the constraints and collect the error messages unless
- in in silent mode which returns immediately. */
+ in silent mode which returns immediately. */
if (utf8_charcount (pw, -1) < minlen )
{
if (!failed_constraint)
}
#endif
-/* Check the nonce on a new connection. This is a NOP unless we we
+/* Check the nonce on a new connection. This is a NOP unless we
are using our Unix domain socket emulation under Windows. */
static int
check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
*** openpgp-s2k3-sha1-aes-cbc
- This describes an algorithm using using AES in CBC mode for
+ This describes an algorithm using AES in CBC mode for
encryption, SHA-1 for integrity protection and the String to Key
algorithm 3 from OpenPGP (rfc4880).
*** openpgp-s2k3-ocb-aes
- This describes an algorithm using using AES-128 in OCB mode, a nonce
+ This describes an algorithm using AES-128 in OCB mode, a nonce
of 96 bit, a taglen of 128 bit, and the String to Key algorithm 3
from OpenPGP (rfc4880).
* PROTALGO is a Libgcrypt style cipher algorithm name
* IV is the initialization verctor.
* S2KMODE is the value from RFC-4880.
- * S2KHASH is a a libgcrypt style hash algorithm identifier.
+ * S2KHASH is a libgcrypt style hash algorithm identifier.
* S2KSALT is the 8 byte salt
* S2KCOUNT is the count value from RFC-4880.
goto leave;
}
- rc = divert_pkdecrypt (ctrl, ciphertext, shadow_info,
+ rc = divert_pkdecrypt (ctrl, desc_text, ciphertext, shadow_info,
&buf, &len, r_padding);
if (rc)
{
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
const void *overridedata, size_t overridedatalen)
{
- gcry_sexp_t s_skey = NULL, s_sig = NULL;
+ gcry_sexp_t s_skey = NULL;
+ gcry_sexp_t s_sig = NULL;
gcry_sexp_t s_hash = NULL;
gcry_sexp_t s_pkey = NULL;
unsigned char *shadow_info = NULL;
is_ECDSA = 1;
}
- rc = divert_pksign (ctrl,
- data, datalen,
- ctrl->digest.algo,
- shadow_info, &buf, &len);
+ {
+ char *desc2 = NULL;
+
+ if (desc_text)
+ agent_modify_description (desc_text, NULL, s_skey, &desc2);
+
+ rc = divert_pksign (ctrl, desc2? desc2 : desc_text,
+ data, datalen,
+ ctrl->digest.algo,
+ shadow_info, &buf, &len);
+ xfree (desc2);
+ }
if (rc)
{
log_error ("smartcard signing failed: %s\n", gpg_strerror (rc));
else
usage (1);
- /* Tell simple-pwquery about the the standard socket name. */
+ /* Tell simple-pwquery about the standard socket name. */
{
char *tmp = make_filename (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
simple_pw_set_socket (tmp);
return rc;
/* Now create the protected version of the key. Note that the 10
- extra bytes are for for the inserted "protected-" string (the
+ extra bytes are for the inserted "protected-" string (the
beginning of the plaintext reads: "((11:private-key(" ). The 35
term is the space for (12:protected-at15:<timestamp>). */
*resultlen = (10
ifeq ($(TARGETOS),w32)
speedo_spkgs += \
- zlib bzip2 adns sqlite
+ zlib bzip2 sqlite
ifeq ($(WITH_GUI),1)
speedo_spkgs += gettext libiconv
endif
endif
speedo_spkgs += \
- libassuan libksba gnupg
+ libassuan libksba
+
+ifeq ($(TARGETOS),w32)
+speedo_spkgs += \
+ ntbtls
+endif
+
+speedo_spkgs += \
+ gnupg
ifeq ($(TARGETOS),w32)
ifeq ($(WITH_GUI),1)
# Packages which use the gnupg autogen.sh build style
speedo_gnupg_style = \
libgpg-error npth libgcrypt \
- libassuan libksba gnupg gpgme \
+ libassuan libksba ntbtls gnupg gpgme \
pinentry gpa gpgex
# Packages which use only make and no build directory
libksba_sha1 := $(shell awk '$$1=="libksba_sha1" {print $$2}' swdb.lst)
libksba_sha2 := $(shell awk '$$1=="libksba_sha2" {print $$2}' swdb.lst)
+ntbtls_ver := $(shell awk '$$1=="ntbtls_ver" {print $$2}' swdb.lst)
+ntbtls_sha1 := $(shell awk '$$1=="ntbtls_sha1" {print $$2}' swdb.lst)
+ntbtls_sha2 := $(shell awk '$$1=="ntbtls_sha2" {print $$2}' swdb.lst)
+
gpgme_ver := $(shell awk '$$1=="gpgme_ver" {print $$2}' swdb.lst)
gpgme_sha1 := $(shell awk '$$1=="gpgme_sha1" {print $$2}' swdb.lst)
gpgme_sha2 := $(shell awk '$$1=="gpgme_sha2" {print $$2}' swdb.lst)
bzip2_sha1 := $(shell awk '$$1=="bzip2_sha1_gz" {print $$2}' swdb.lst)
bzip2_sha2 := $(shell awk '$$1=="bzip2_sha2_gz" {print $$2}' swdb.lst)
-adns_ver := $(shell awk '$$1=="adns_ver" {print $$2}' swdb.lst)
-adns_sha1 := $(shell awk '$$1=="adns_sha1" {print $$2}' swdb.lst)
-adns_sha2 := $(shell awk '$$1=="adns_sha2" {print $$2}' swdb.lst)
-
sqlite_ver := $(shell awk '$$1=="sqlite_ver" {print $$2}' swdb.lst)
sqlite_sha1 := $(shell awk '$$1=="sqlite_sha1_gz" {print $$2}' swdb.lst)
sqlite_sha2 := $(shell awk '$$1=="sqlite_sha2_gz" {print $$2}' swdb.lst)
$(info Npth ...........: $(npth_ver))
$(info Libgcrypt ......: $(libgcrypt_ver))
$(info Libassuan ......: $(libassuan_ver))
+$(info Libksba ........: $(libksba_ver))
$(info Zlib ...........: $(zlib_ver))
$(info Bzip2 ..........: $(bzip2_ver))
-$(info ADNS ...........: $(adns_ver))
$(info SQLite .........: $(sqlite_ver))
+$(info NtbTLS .. ......: $(ntbtls_ver))
$(info GPGME ..........: $(gpgme_ver))
$(info Pinentry .......: $(pinentry_ver))
$(info GPA ............: $(gpa_ver))
speedo_pkg_libgcrypt_gitref = master
speedo_pkg_libksba_git = $(gitrep)/libksba
speedo_pkg_libksba_gitref = master
+ speedo_pkg_ntbtls_git = $(gitrep)/ntbtls
+ speedo_pkg_ntbtls_gitref = master
speedo_pkg_gpgme_git = $(gitrep)/gpgme
speedo_pkg_gpgme_gitref = master
speedo_pkg_pinentry_git = $(gitrep)/pinentry
$(pkgrep)/libgcrypt/libgcrypt-$(libgcrypt_ver).tar.bz2
speedo_pkg_libksba_tar = \
$(pkgrep)/libksba/libksba-$(libksba_ver).tar.bz2
+ speedo_pkg_ntbtls_tar = \
+ $(pkgrep)/ntbtls/ntbtls-$(ntbtls_ver).tar.bz2
speedo_pkg_gpgme_tar = \
$(pkgrep)/gpgme/gpgme-$(gpgme_ver).tar.bz2
speedo_pkg_pinentry_tar = \
speedo_pkg_zlib_tar = $(pkgrep)/zlib/zlib-$(zlib_ver).tar.gz
speedo_pkg_bzip2_tar = $(pkgrep)/bzip2/bzip2-$(bzip2_ver).tar.gz
speedo_pkg_sqlite_tar = $(pkgrep)/sqlite/sqlite-autoconf-$(sqlite_ver).tar.gz
-speedo_pkg_adns_tar = $(pkg10rep)/adns/adns-$(adns_ver).tar.bz2
speedo_pkg_libiconv_tar = $(pkg2rep)/libiconv-$(libiconv_ver).tar.gz
speedo_pkg_gettext_tar = $(pkg2rep)/gettext-$(gettext_ver).tar.gz
speedo_pkg_libffi_tar = $(pkg2rep)/libffi-$(libffi_ver).tar.gz
speedo_pkg_libksba_configure = --disable-static
+# For now we build ntbtls only static
+speedo_pkg_ntbtls_configure = --enable-static --disable-shared
+
ifeq ($(TARGETOS),w32)
speedo_pkg_gnupg_configure = \
- --enable-gpg2-is-gpg --disable-g13 --disable-ntbtls \
+ --enable-gpg2-is-gpg --disable-g13 --enable-ntbtls \
--enable-build-timestamp
else
speedo_pkg_gnupg_configure = --disable-g13
File "bin/gpg-connect-agent.exe"
File "bin/gpgtar.exe"
File "libexec/gpg-preset-passphrase.exe"
+ File "libexec/gpg-wks-client.exe"
ClearErrors
SetOverwrite try
File "share/gnupg/gpg-conf.skel"
File "share/gnupg/dirmngr-conf.skel"
File "share/gnupg/distsigkey.gpg"
+ File "share/gnupg/sks-keyservers.netCA.pem"
SetOutPath "$INSTDIR\share\locale\ca\LC_MESSAGES"
File share/locale/ca/LC_MESSAGES/gnupg2.mo
File bin/zlib1.dll
SectionEnd
-Section "-adns" SEC_adns
- SetOutPath "$INSTDIR\bin"
- File bin/libadns-1.dll
- SetOutPath "$INSTDIR\lib"
- File /oname=libadns.imp lib/libadns.dll.a
- SetOutPath "$INSTDIR\include"
- File include/adns.h
-SectionEnd
-
Section "-npth" SEC_npth
SetOutPath "$INSTDIR\bin"
File bin/libnpth-0.dll
Delete "$INSTDIR\include\npth.h"
SectionEnd
-Section "-un.adns"
- Delete "$INSTDIR\bin\libadns-1.dll"
- Delete "$INSTDIR\lib\libadns.imp"
- Delete "$INSTDIR\include\adns.h"
-SectionEnd
-
Section "-un.zlib"
Delete "$INSTDIR\bin\zlib1.dll"
SectionEnd
Delete "$INSTDIR\bin\gpg-connect-agent.exe"
Delete "$INSTDIR\bin\gpgtar.exe"
Delete "$INSTDIR\bin\gpg-preset-passphrase.exe"
+ Delete "$INSTDIR\bin\gpg-wks-client.exe"
+ Delete "$INSTDIR\share\gnupg\sks-keyservers.netCA.pem"
Delete "$INSTDIR\share\gnupg\dirmngr-conf.skel"
Delete "$INSTDIR\share\gnupg\distsigkey.gpg"
Delete "$INSTDIR\share\gnupg\gpg-conf.skel"
exectool.c exectool.h \
server-help.c server-help.h \
name-value.c name-value.h \
- recsel.c recsel.h
+ recsel.c recsel.h \
+ ksba-io-support.c ksba-io-support.h
+
if HAVE_W32_SYSTEM
common_sources += w32-reg.c
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
/* GnuPG uses GPLv3+ but a standalone version of this defaults to
GPLv2+ because that is the license of this file. Change this if
you include it in a program which uses GPLv3. If you don't want to
- set a a copyright string for your usage() you may also hardcode it
+ set a copyright string for your usage() you may also hardcode it
here. */
#ifndef GNUPG_MAJOR_VERSION
int unread_buf[3]; /* We use an int so that we can store EOF. */
int unread_buf_count = 0;
- if (!fp) /* Divert to to arg_parse() in this case. */
+ if (!fp) /* Divert to arg_parse() in this case. */
return arg_parse (arg, opts);
initialize (arg, filename, lineno);
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
/* If the agent has been configured for use with a standard
socket, an environment variable is not required and thus
- we we can savely start the agent here. */
+ we can safely start the agent here. */
i = 0;
argv[i++] = "--homedir";
argv[i++] = abs_homedir;
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
};
-/* A list of of all lock handles. The volatile attribute might help
+/* A list of all lock handles. The volatile attribute might help
if used in an atexit handler. Note that [UN]LOCK_all_lockfiles
must not change ERRNO. */
static volatile dotlock_t all_lockfiles;
\f
-/* Convenience function to store a file descriptor (or any any other
+/* Convenience function to store a file descriptor (or any other
integer value) in the context of handle H. */
void
dotlock_set_fd (dotlock_t h, int fd)
h->extra_fd = fd;
}
-/* Convenience function to retrieve a file descriptor (or any any other
+/* Convenience function to retrieve a file descriptor (or any other
integer value) stored in the context of handle H. */
int
dotlock_get_fd (dotlock_t h)
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
{
gpg_error_t err = 0;
HANDLE fds[2];
+ es_syshd_t syshd;
filedes[0] = filedes[1] = -1;
err = my_error (GPG_ERR_GENERAL);
if (! err && r_fp)
{
+ syshd.type = ES_SYSHD_HANDLE;
if (!outbound)
- *r_fp = es_fdopen (filedes[0], nonblock? "r,nonblock" : "r");
+ {
+ syshd.u.handle = fds[0];
+ *r_fp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r");
+ }
else
- *r_fp = es_fdopen (filedes[1], nonblock? "w,nonblock" : "w");
+ {
+ syshd.u.handle = fds[1];
+ *r_fp = es_sysopen (&syshd, nonblock? "w,nonblock" : "w");
+ }
if (!*r_fp)
{
err = my_error_from_syserror ();
/* Now find the argument marker and replace by the pipe's fd.
Yeah, that is an ugly non-thread safe hack but it safes us to
create a copy of the array. */
+#ifdef HAVE_W32_SYSTEM
+ snprintf (extrafdbuf, sizeof extrafdbuf, "-&%lu",
+ (unsigned long)(void*)_get_osfhandle (extrapipe[0]));
+#else
snprintf (extrafdbuf, sizeof extrafdbuf, "-&%d", extrapipe[0]);
+#endif
for (argsaveidx=0; argv[argsaveidx]; argsaveidx++)
if (!strcmp (argv[argsaveidx], "-&@INEXTRA@"))
{
static void
gnupg_set_builddir_from_env (void)
{
-#ifdef IS_DEVELOPMENT_VERSION
+#if defined(IS_DEVELOPMENT_VERSION) || defined(ENABLE_GNUPG_BUILDDIR_ENVVAR)
if (gnupg_build_directory)
return;
* Enable or disable partial body length mode (RFC 4880 4.2.2.4).
*
* If LEN is 0, this disables partial block mode by popping the
- * partial body length filter, which which must be the most recently
+ * partial body length filter, which must be the most recently
* added filter.
*
* If LEN is non-zero, it pushes a partial body length filter. If
-/* base64.c
- * Copyright (C) 2001, 2003, 2010 Free Software Foundation, Inc.
+/* kska-io-support.c - Supporting functions for ksba reader and writer
+ * Copyright (C) 2001-2005, 2007, 2010-2011, 2017 Werner Koch
+ * Copyright (C) 2006 g10 Code GmbH
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
*
- * GnuPG is distributed in the hope that it will be useful,
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
#include <unistd.h>
#include <time.h>
#include <assert.h>
-
-#include "gpgsm.h"
-
-
#include <ksba.h>
+#include "util.h"
#include "i18n.h"
+#include "ksba-io-support.h"
+
#ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n"
#define LF "\n"
#endif
+
/* Data used by the reader callbacks. */
struct reader_cb_parm_s
{
{
estream_t stream; /* Output stream. */
- const char *pem_name;
+ char *pem_name; /* Malloced. */
int wrote_begin;
int did_finish;
};
-/* context for this module's functions */
-struct base64_context_s {
+/* Context for this module's functions. */
+struct gnupg_ksba_io_s {
union {
struct reader_cb_parm_s rparm;
struct writer_cb_parm_s wparm;
}
-/* This callback is only used in stream mode. Hiowever, we don't
+/* This callback is only used in stream mode. However, we don't
restrict it to this. */
static int
plain_writer_cb (void *cb_value, const void *buffer, size_t count)
\f
-/* Create a reader for the given file descriptor. Depending on the
- control information an input decoding is automagically chosen.
- The function returns a Base64Context object which must be passed to
- the gpgme_destroy_reader function. The created KsbaReader object
- is also returned, but the caller must not call the
- ksba_reader_release function on. If ALLOW_MULTI_PEM is true, the
- reader expects that the caller uses ksba_reader_clear after EOF
- until no more objects were found. */
-int
-gpgsm_create_reader (Base64Context *ctx,
- ctrl_t ctrl, estream_t fp, int allow_multi_pem,
- ksba_reader_t *r_reader)
+/* Create a reader for the stream FP. FLAGS can be used to specify
+ * the expected input encoding.
+ *
+ * The function returns a gnupg_ksba_io_t object which must be passed to
+ * the gpgme_destroy_reader function. The created ksba_reader_t
+ * object is stored at R_READER - the caller must not call the
+ * ksba_reader_release function on.
+ *
+ * The supported flags are:
+ *
+ * GNUPG_KSBA_IO_PEM - Assume the input is PEM encoded
+ * GNUPG_KSBA_IO_BASE64 - Assume the input is Base64 encoded.
+ * GNUPG_KSBA_IO_AUTODETECT - The reader tries to detect the encoding.
+ * GNUPG_KSBA_IO_MULTIPEM - The reader expects that the caller uses
+ * ksba_reader_clear after EOF until no more
+ * objects were found.
+ *
+ * Note that the PEM flag has a higher priority than the BASE64 flag
+ * which in turn has a gight priority than the AUTODETECT flag.
+ */
+gpg_error_t
+gnupg_ksba_create_reader (gnupg_ksba_io_t *ctx,
+ unsigned int flags, estream_t fp,
+ ksba_reader_t *r_reader)
{
int rc;
ksba_reader_t r;
*ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx)
return out_of_core ();
- (*ctx)->u.rparm.allow_multi_pem = allow_multi_pem;
+ (*ctx)->u.rparm.allow_multi_pem = !!(flags & GNUPG_KSBA_IO_MULTIPEM);
rc = ksba_reader_new (&r);
if (rc)
}
(*ctx)->u.rparm.fp = fp;
- if (ctrl->is_pem)
+ if ((flags & GNUPG_KSBA_IO_PEM))
{
(*ctx)->u.rparm.assume_pem = 1;
(*ctx)->u.rparm.assume_base64 = 1;
rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
}
- else if (ctrl->is_base64)
+ else if ((flags & GNUPG_KSBA_IO_BASE64))
{
(*ctx)->u.rparm.assume_base64 = 1;
rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
}
- else if (ctrl->autodetect_encoding)
+ else if ((flags & GNUPG_KSBA_IO_AUTODETECT))
{
(*ctx)->u.rparm.autodetect = 1;
rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
}
+/* Return True if an EOF as been seen. */
int
-gpgsm_reader_eof_seen (Base64Context ctx)
+gnupg_ksba_reader_eof_seen (gnupg_ksba_io_t ctx)
{
return ctx && ctx->u.rparm.eof_seen;
}
+
+/* Destroy a reader object. */
void
-gpgsm_destroy_reader (Base64Context ctx)
+gnupg_ksba_destroy_reader (gnupg_ksba_io_t ctx)
{
if (!ctx)
return;
\f
-/* Create a writer for the given STREAM. Depending on
- the control information an output encoding is automagically
- chosen. The function returns a Base64Context object which must be
- passed to the gpgme_destroy_writer function. The created
- KsbaWriter object is also returned, but the caller must not call
- the ksba_reader_release function on it. */
-int
-gpgsm_create_writer (Base64Context *ctx, ctrl_t ctrl, estream_t stream,
- ksba_writer_t *r_writer)
+/* Create a writer for the given STREAM. Depending on FLAGS an output
+ * encoding is chosen. In PEM mode PEM_NAME is used for the header
+ * and footer lines; if PEM_NAME is NULL the string "CMS OBJECT" is
+ * used.
+ *
+ * The function returns a gnupg_ksba_io_t object which must be passed to
+ * the gpgme_destroy_writer function. The created ksba_writer_t
+ * object is stored at R_WRITER - the caller must not call the
+ * ksba_reader_release function on it.
+ *
+ * The supported flags are:
+ *
+ * GNUPG_KSBA_IO_PEM - Write output as PEM
+ * GNUPG_KSBA_IO_BASE64 - Write output as plain Base64; note that the PEM
+ * flag overrides this flag.
+ *
+ */
+gpg_error_t
+gnupg_ksba_create_writer (gnupg_ksba_io_t *ctx, unsigned int flags,
+ const char *pem_name, estream_t stream,
+ ksba_writer_t *r_writer)
{
int rc;
ksba_writer_t w;
*r_writer = NULL;
*ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx)
- return out_of_core ();
+ return gpg_error_from_syserror ();
rc = ksba_writer_new (&w);
if (rc)
return rc;
}
- if (ctrl->create_pem || ctrl->create_base64)
+ if ((flags & GNUPG_KSBA_IO_PEM) || (flags & GNUPG_KSBA_IO_BASE64))
{
(*ctx)->u.wparm.stream = stream;
- if (ctrl->create_pem)
- (*ctx)->u.wparm.pem_name = ctrl->pem_name? ctrl->pem_name
- : "CMS OBJECT";
+ if ((flags & GNUPG_KSBA_IO_PEM))
+ {
+ (*ctx)->u.wparm.pem_name = xtrystrdup (pem_name
+ ? pem_name
+ : "CMS OBJECT");
+ if (!(*ctx)->u.wparm.pem_name)
+ {
+ rc = gpg_error_from_syserror ();
+ ksba_writer_release (w);
+ xfree (*ctx); *ctx = NULL;
+ return rc;
+ }
+ }
rc = ksba_writer_set_cb (w, base64_writer_cb, &(*ctx)->u.wparm);
}
else if (stream)
}
-int
-gpgsm_finish_writer (Base64Context ctx)
+/* Flush a writer. This is for example required to write the padding
+ * or the PEM footer. */
+gpg_error_t
+gnupg_ksba_finish_writer (gnupg_ksba_io_t ctx)
{
struct writer_cb_parm_s *parm;
return base64_finish_write (parm);
}
+
+/* Destroy a writer object. */
void
-gpgsm_destroy_writer (Base64Context ctx)
+gnupg_ksba_destroy_writer (gnupg_ksba_io_t ctx)
{
if (!ctx)
return;
ksba_writer_release (ctx->u2.writer);
+ xfree (ctx->u.wparm.pem_name);
xfree (ctx);
}
--- /dev/null
+/* ksba-io-support.h - Supporting functions for ksba reader and writer
+ * Copyright (C) 2017 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_KSBA_IO_SUPPORT_H
+#define GNUPG_KSBA_IO_SUPPORT_H
+
+/* Flags used with gnupg_ksba_create_reader and
+ * gnupg_ksba_create_writer. */
+#define GNUPG_KSBA_IO_PEM 1 /* X.509 PEM format. */
+#define GNUPG_KSBA_IO_BASE64 2 /* Plain Base64 format. */
+#define GNUPG_KSBA_IO_AUTODETECT 4 /* Try to autodetect the format. */
+#define GNUPG_KSBA_IO_MULTIPEM 8 /* Allow more than one PEM chunk. */
+
+
+/* Context object. */
+typedef struct gnupg_ksba_io_s *gnupg_ksba_io_t;
+
+
+
+gpg_error_t gnupg_ksba_create_reader (gnupg_ksba_io_t *ctx,
+ unsigned int flags,
+ estream_t fp,
+ ksba_reader_t *r_reader);
+
+int gnupg_ksba_reader_eof_seen (gnupg_ksba_io_t ctx);
+void gnupg_ksba_destroy_reader (gnupg_ksba_io_t ctx);
+
+gpg_error_t gnupg_ksba_create_writer (gnupg_ksba_io_t *ctx,
+ unsigned int flags,
+ const char *pem_name,
+ estream_t stream,
+ ksba_writer_t *r_writer);
+
+gpg_error_t gnupg_ksba_finish_writer (gnupg_ksba_io_t ctx);
+void gnupg_ksba_destroy_writer (gnupg_ksba_io_t ctx);
+
+
+
+
+#endif /*GNUPG_KSBA_IO_SUPPORT_H*/
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
#include "i18n.h"
#include "common-defs.h"
#include "logging.h"
+#include "sysutils.h"
#ifdef HAVE_W32_SYSTEM
# define S_IRGRP S_IRUSR
void
log_set_fd (int fd)
{
+ if (! gnupg_fd_valid (fd))
+ log_fatal ("logger-fd is invalid: %s\n", strerror (errno));
+
set_file_fd (NULL, fd);
}
static void
do_logv (int level, int ignore_arg_ptr, const char *extrastring,
- const char *fmt, va_list arg_ptr)
+ const char *prefmt, const char *fmt, va_list arg_ptr)
{
int leading_backspace = (fmt && *fmt == '\b');
if (fmt)
{
+ if (prefmt)
+ es_fputs_unlocked (prefmt, logstream);
+
if (ignore_arg_ptr)
{ /* This is used by log_string and comes with the extra
* feature that after a LF the next line is indent at the
va_list arg_ptr ;
va_start (arg_ptr, fmt) ;
- do_logv (level, 0, NULL, fmt, arg_ptr);
+ do_logv (level, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
}
void
log_logv (int level, const char *fmt, va_list arg_ptr)
{
- do_logv (level, 0, NULL, fmt, arg_ptr);
+ do_logv (level, 0, NULL, NULL, fmt, arg_ptr);
+}
+
+
+/* Same as log_logv but PREFIX is printed immediately before FMT.
+ * Note that PREFIX is an additional string and independent of the
+ * prefix set by log_set_prefix. */
+void
+log_logv_with_prefix (int level, const char *prefix,
+ const char *fmt, va_list arg_ptr)
+{
+ do_logv (level, 0, NULL, prefix, fmt, arg_ptr);
}
{
va_list arg_ptr;
va_start (arg_ptr, str);
- do_logv (level, 1, NULL, str, arg_ptr);
+ do_logv (level, 1, NULL, NULL, str, arg_ptr);
va_end (arg_ptr);
}
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_INFO, 0, NULL, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_INFO, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
}
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_ERROR, 0, NULL, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_ERROR, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
/* Protect against counter overflow. */
if (errorcount < 30000)
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_FATAL, 0, NULL, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_FATAL, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
abort (); /* Never called; just to make the compiler happy. */
}
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_BUG, 0, NULL, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_BUG, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
abort (); /* Never called; just to make the compiler happy. */
}
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_DEBUG, 0, NULL, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_DEBUG, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
}
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_DEBUG, 0, string, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_DEBUG, 0, string, NULL, fmt, arg_ptr);
va_end (arg_ptr);
}
va_list arg_ptr;
va_start (arg_ptr, fmt);
- do_logv (fmt ? GPGRT_LOG_CONT : GPGRT_LOG_BEGIN, 0, NULL, fmt, arg_ptr);
+ do_logv (fmt ? GPGRT_LOG_CONT : GPGRT_LOG_BEGIN, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
}
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
};
void log_log (int level, const char *fmt, ...) GPGRT_ATTR_PRINTF(2,3);
void log_logv (int level, const char *fmt, va_list arg_ptr);
+void log_logv_with_prefix (int level, const char *prefix,
+ const char *fmt, va_list arg_ptr);
void log_string (int level, const char *string);
void log_bug (const char *fmt, ...) GPGRT_ATTR_NR_PRINTF(1,2);
void log_fatal (const char *fmt, ...) GPGRT_ATTR_NR_PRINTF(1,2);
}
-/* Shift the the content of the membuf MB by AMOUNT bytes. The next
+/* Shift the content of the membuf MB by AMOUNT bytes. The next
operation will then behave as if AMOUNT bytes had not been put into
the buffer. If AMOUNT is greater than the actual accumulated
bytes, the membuf is basically reset to its initial state. */
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
/* The name. Comments and blank lines have NAME set to NULL. */
char *name;
- /* The value as stored in the file. We store it when when we parse
+ /* The value as stored in the file. We store it when we parse
a file so that we can reproduce it. */
strlist_t raw_value;
long it has not been removed or updated by a call to
session_env_putenv. If the variable does not exist, the function
tries to return the value trough a call to getenv; if that returns
- a value, this value is recorded and and used. If no value could be
+ a value, this value is recorded and used. If no value could be
found, returns NULL. The caller must not change the returned
value. */
char *
}
-/* Check whether the the string at the address BUF points to matches
+/* Check whether the string at the address BUF points to matches
the token. Return true on match and update BUF to point behind the
token. Return false and do not update the buffer if it does not
match. */
}
-/* Return the algo of a public RSA expressed as an canonical encoded
- S-expression. The return value is a statically allocated
- string. On error that string is set to NULL. */
-gpg_error_t
-get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen,
- const char **r_algo)
-{
- gpg_error_t err;
- const unsigned char *buf, *tok;
- size_t buflen, toklen;
- int depth;
-
- *r_algo = NULL;
-
- buf = keydata;
- buflen = keydatalen;
- depth = 0;
- if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
- return err;
- if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
- return err;
- if (!tok || toklen != 10 || memcmp ("public-key", tok, toklen))
- return gpg_error (GPG_ERR_BAD_PUBKEY);
- if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
- return err;
- if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
- return err;
- if (!tok)
- return gpg_error (GPG_ERR_BAD_PUBKEY);
-
- if (toklen == 3 && !memcmp ("rsa", tok, toklen))
- *r_algo = "rsa";
- else if (toklen == 3 && !memcmp ("dsa", tok, toklen))
- *r_algo = "dsa";
- else if (toklen == 3 && !memcmp ("elg", tok, toklen))
- *r_algo = "elg";
- else if (toklen == 5 && !memcmp ("ecdsa", tok, toklen))
- *r_algo = "ecdsa";
- else if (toklen == 5 && !memcmp ("eddsa", tok, toklen))
- *r_algo = "eddsa";
- else
- return gpg_error (GPG_ERR_PUBKEY_ALGO);
-
- return 0;
-}
-
-
/* Return the algo of a public KEY of SEXP. */
int
get_pk_algo_from_key (gcry_sexp_t key)
return algo;
}
+
+
+/* This is a variant of get_pk_algo_from_key but takes an canonical
+ * encoded S-expression as input. Returns a GCRYPT public key
+ * identiier or 0 on error. */
+int
+get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen)
+{
+ gcry_sexp_t sexp;
+ int algo;
+
+ if (gcry_sexp_sscan (&sexp, NULL, keydata, keydatalen))
+ return 0;
+
+ algo = get_pk_algo_from_key (sexp);
+ gcry_sexp_release (sexp);
+ return algo;
+}
/* Ask the gpg-agent for a passphrase and present the user with a
DESCRIPTION, a PROMPT and optionally with a TRYAGAIN extra text.
- If a CACHEID is not NULL it is used to locate the passphrase in in
+ If a CACHEID is not NULL it is used to locate the passphrase in
the cache and store it under this ID. If OPT_CHECK is true
gpg-agent is asked to apply some checks on the passphrase security.
If ERRORCODE is not NULL it should point a variable receiving an
/* Ask the gpg-agent for a passphrase and present the user with a
DESCRIPTION, a PROMPT and optiaonlly with a TRYAGAIN extra text.
- If a CACHEID is not NULL it is used to locate the passphrase in in
+ If a CACHEID is not NULL it is used to locate the passphrase in
the cache and store it under this ID. If OPT_CHECK is true
gpg-agent is asked to apply some checks on the passphrase security.
If ERRORCODE is not NULL it should point a variable receiving an
STATUS_NO_PUBKEY,
STATUS_NO_SECKEY,
STATUS_NEED_PASSPHRASE_SYM,
+ STATUS_DECRYPTION_KEY,
STATUS_DECRYPTION_INFO,
STATUS_DECRYPTION_FAILED,
STATUS_DECRYPTION_OKAY,
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
return name;
}
#endif /*!HAVE_W32_SYSTEM*/
+
+/* Check whether FD is valid. */
+int
+gnupg_fd_valid (int fd)
+{
+ int d = dup (fd);
+ if (d < 0)
+ return 0;
+ close (d);
+ return 1;
+}
int gnupg_unsetenv (const char *name);
char *gnupg_getcwd (void);
char *gnupg_get_socket_name (int fd);
+int gnupg_fd_valid (int fd);
gpg_error_t gnupg_inotify_watch_socket (int *r_fd, const char *socket_name);
int gnupg_inotify_has_name (int fd, const char *name);
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
return do_get ( prompt, 0 );
}
-/* Variable argument version of tty_get. The prompt is is actually a
+/* Variable argument version of tty_get. The prompt is actually a
format string with arguments. */
char *
tty_getf (const char *promptfmt, ... )
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
const char *aliases;
/* We are a console program thus we need to use the
- GetConsoleOutputCP function and not the the GetACP which
+ GetConsoleOutputCP function and not the GetACP which
would give the codepage for a GUI program. Note this is not
a bulletproof detection because GetConsoleCP might return a
different one for console input. Not sure how to cope with
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
size_t *r_nlen,
unsigned char const **r_e,
size_t *r_elen);
-gpg_error_t get_pk_algo_from_canon_sexp (const unsigned char *keydata,
- size_t keydatalen,
- const char **r_algo);
+
int get_pk_algo_from_key (gcry_sexp_t key);
+int get_pk_algo_from_canon_sexp (const unsigned char *keydata,
+ size_t keydatalen);
/*-- convert.c --*/
int hex2bin (const char *string, void *buffer, size_t length);
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
}
/*
- Return 1 for okay, 0 for for cancel or DEF_ANSWER for default.
+ Return 1 for okay, 0 for cancel or DEF_ANSWER for default.
*/
int
answer_is_okay_cancel (const char *s, int def_answer)
m4_define([mym4_package],[gnupg])
m4_define([mym4_major], [2])
m4_define([mym4_minor], [1])
-m4_define([mym4_micro], [18])
+m4_define([mym4_micro], [19])
# To start a new development series, i.e a new major or minor number
# you need to mark an arbitrary commit before the first beta release
fi
fi
+#
+# Allow to set a fixed trust store file for system provided certificates.
+#
+AC_ARG_WITH([default-trust-store-file],
+ [AC_HELP_STRING([--with-default-trust-store-file=FILE],
+ [Use FILE as system trust store])],
+ default_trust_store_file="$withval",
+ default_trust_store_file="")
+if test x"$default_trust_store_file" = xno;then
+ default_trust_store_file=""
+fi
+if test x"$default_trust_store_file" != x ; then
+ AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
+ ["$default_trust_store_file"], [Use as default system trust store file])
+fi
+
AC_MSG_NOTICE([checking for networking options])
AC_MSG_ERROR([[Sorry, the current implemenation requires mmap.]])
fi
+
+#
+# Check for the getsockopt SO_PEERCRED
+# (This has been copied from libassuan)
+#
+AC_MSG_CHECKING(for SO_PEERCRED)
+AC_CACHE_VAL(gnupg_cv_sys_so_peercred,
+ [AC_TRY_COMPILE([#include <sys/socket.h>],
+ [struct ucred cr;
+ int cl = sizeof cr;
+ getsockopt (1, SOL_SOCKET, SO_PEERCRED, &cr, &cl);],
+ gnupg_cv_sys_so_peercred=yes,
+ gnupg_cv_sys_so_peercred=no)
+ ])
+AC_MSG_RESULT($gnupg_cv_sys_so_peercred)
+
+if test $gnupg_cv_sys_so_peercred = yes; then
+ AC_DEFINE(HAVE_SO_PEERCRED, 1,
+ [Defined if SO_PEERCRED is supported (Linux specific)])
+else
+ # Check for the getsockopt LOCAL_PEEREID (NetBSD)
+ AC_MSG_CHECKING(for LOCAL_PEEREID)
+ AC_CACHE_VAL(gnupg_cv_sys_so_local_peereid,
+ [AC_TRY_COMPILE([#include <sys/socket.>
+ #include <sys/un.h>],
+ [struct unpcbid unp;
+ int unpl = sizeof unp;
+ getsockopt (1, SOL_SOCKET, LOCAL_PEEREID, &unp, &unpl);],
+ gnupg_cv_sys_so_local_peereid=yes,
+ gnupg_cv_sys_so_local_peereid=no)
+ ])
+ AC_MSG_RESULT($gnupg_cv_sys_so_local_peereid)
+
+ if test $gnupg_cv_sys_so_local_peereid = yes; then
+ AC_DEFINE(HAVE_LOCAL_PEEREID, 1,
+ [Defined if LOCAL_PEEREID is supported (NetBSD specific)])
+ else
+ # (Open)Solaris
+ AC_CHECK_FUNCS([getpeerucred], AC_CHECK_HEADERS([ucred.h]))
+ if test $ac_cv_func_getpeerucred != yes; then
+ # FreeBSD
+ AC_CHECK_FUNCS([getpeereid])
+ fi
+ fi
+fi
+
+
#
# W32 specific test
#
fi])
#
+# We do not want support for the GNUPG_BUILDDIR environment variable
+# in a released version. However, our regression tests suite requires
+# this and thus we build with support for it during "make distcheck".
+# This configure option implements this along with the top Makefile's
+# AM_DISTCHECK_CONFIGURE_FLAGS.
+#
+gnupg_builddir_envvar=no
+AC_ARG_ENABLE(gnupg-builddir-envvar,,
+ gnupg_builddir_envvar=$enableval)
+if test x"$gnupg_builddir_envvar" = x"yes"; then
+ AC_DEFINE(ENABLE_GNUPG_BUILDDIR_ENVVAR, 1,
+ [This is only used with "make distcheck"])
+fi
+
+#
# Add user CFLAGS.
#
CFLAGS="$CFLAGS $CFLAGS_orig"
* dirmngr-client.c (inq_cert): Ignore "SENDCERT" and
"SENDISSUERCERT".
- * server.c (do_get_cert_local): Limit the length of a retruned
+ * server.c (do_get_cert_local): Limit the length of a returned
certificate. Return NULL without an error if an empry value has
been received.
corrupted CRL files.
(open_dir): Read the new dbfile hash field.
- * src/crlfetch.c (crl_fetch, crl_fetch_default): Changed to retrun
+ * src/crlfetch.c (crl_fetch, crl_fetch_default): Changed to return
a stream.
(fun_reader, fun_closer, setup_funopen): New.
* src/server.c (inquire_cert): Changed to use the new stream interface
ocsp.c ocsp.h validate.c validate.h \
dns-stuff.c dns-stuff.h \
http.c http.h \
+ http-ntbtls.c \
ks-action.c ks-action.h ks-engine.h \
ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
# http tests
+# We need to add the KSBA flags in case we are building against GNUTLS.
+# In that case NTBTLS flags are empty, but we need ksba anyway.
t_http_SOURCES = $(t_common_src) t-http.c http.c dns-stuff.c
t_http_CFLAGS = -DWITHOUT_NPTH=1 $(USE_C99_CFLAGS) \
$(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS) \
- $(GPG_ERROR_CFLAGS)
+ $(GPG_ERROR_CFLAGS) $(KSBA_CFLAGS)
t_http_LDADD = $(t_common_ldadd) \
- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
+ $(NTBTLS_LIBS) $(KSBA_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
t_ldap_parse_uri_SOURCES = \
t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
/* certcache.c - Certificate caching
- * Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH
+ * Copyright (C) 2004, 2005, 2007, 2008, 2017 g10 Code GmbH
*
* This file is part of DirMngr.
*
#include "dirmngr.h"
#include "misc.h"
+#include "../common/ksba-io-support.h"
#include "crlfetch.h"
#include "certcache.h"
-
-#define MAX_EXTRA_CACHED_CERTS 1000
+#define MAX_NONPERM_CACHED_CERTS 1000
/* Constants used to classify search patterns. */
enum pattern_class
char *issuer_dn; /* The malloced issuer DN. */
ksba_sexp_t sn; /* The malloced serial number */
char *subject_dn; /* The malloced subject DN - maybe NULL. */
- struct
- {
- unsigned int loaded:1; /* It has been explicitly loaded. */
- unsigned int trusted:1; /* This is a trusted root certificate. */
- } flags;
+
+ /* If this field is set the certificate has been taken from some
+ * configuration and shall not be flushed from the cache. */
+ unsigned int permanent:1;
+
+ /* If this field is set the certificate is trusted. The actual
+ * value is a (possible) combination of CERTTRUST_CLASS values. */
+ unsigned int trustclasses:4;
};
typedef struct cert_item_s *cert_item_t;
/* Flag to track whether the cache has been initialized. */
static int initialization_done;
-/* Total number of certificates loaded during initialization and
- cached during operation. */
-static unsigned int total_loaded_certificates;
-static unsigned int total_extra_certificates;
+/* Total number of non-permanent certificates. */
+static unsigned int total_nonperm_certificates;
+
+
+#ifdef HAVE_W32_SYSTEM
+/* We load some functions dynamically. Provide typedefs for tehse
+ * fucntions. */
+typedef HCERTSTORE (WINAPI *CERTOPENSYSTEMSTORE)
+ (HCRYPTPROV hProv, LPCSTR szSubsystemProtocol);
+typedef PCCERT_CONTEXT (WINAPI *CERTENUMCERTIFICATESINSTORE)
+ (HCERTSTORE hCertStore, PCCERT_CONTEXT pPrevCertContext);
+typedef WINBOOL (WINAPI *CERTCLOSESTORE)
+ (HCERTSTORE hCertStore,DWORD dwFlags);
+#endif /*HAVE_W32_SYSTEM*/
+
\f
/* Return a malloced canonical S-Expression with the serial number
- converted from the hex string HEXSN. Return NULL on memory
- error. */
+ * converted from the hex string HEXSN. Return NULL on memory
+ * error. */
ksba_sexp_t
hexsn_to_sexp (const char *hexsn)
{
}
+\f
/* Cleanup one slot. This releases all resourses but keeps the actual
slot in the cache marked for reuse. */
static void
cert = ci->cert;
ci->cert = NULL;
+ ci->permanent = 0;
+ ci->trustclasses = 0;
+
ksba_cert_release (cert);
}
/* Put the certificate CERT into the cache. It is assumed that the
- cache is locked while this function is called. If FPR_BUFFER is not
- NULL the fingerprint of the certificate will be stored there.
- FPR_BUFFER neds to point to a buffer of at least 20 bytes. The
- fingerprint will be stored on success or when the function returns
- gpg_err_code(GPG_ERR_DUP_VALUE). */
+ * cache is locked while this function is called.
+ *
+ * FROM_CONFIG indicates that CERT is a permanent certificate and
+ * should stay in the cache. IS_TRUSTED requests that the trusted
+ * flag is set for the certificate; a value of 1 indicates the
+ * cert is trusted due to GnuPG mechanisms, a value of 2 indicates
+ * that it is trusted because it has been taken from the system's
+ * store of trusted certificates. If FPR_BUFFER is not NULL the
+ * fingerprint of the certificate will be stored there. FPR_BUFFER
+ * needs to point to a buffer of at least 20 bytes. The fingerprint
+ * will be stored on success or when the function returns
+ * GPG_ERR_DUP_VALUE. */
static gpg_error_t
-put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
+put_cert (ksba_cert_t cert, int permanent, unsigned int trustclass,
+ void *fpr_buffer)
{
unsigned char help_fpr_buffer[20], *fpr;
cert_item_t ci;
fpr = fpr_buffer? fpr_buffer : &help_fpr_buffer;
/* If we already reached the caching limit, drop a couple of certs
- from the cache. Our dropping strategy is simple: We keep a
- static index counter and use this to start looking for
- certificates, then we drop 5 percent of the oldest certificates
- starting at that index. For a large cache this is a fair way of
- removing items. An LRU strategy would be better of course.
- Because we append new entries to the head of the list and we want
- to remove old ones first, we need to do this from the tail. The
- implementation is not very efficient but compared to the long
- time it takes to retrieve a certifciate from an external resource
- it seems to be reasonable. */
- if (!is_loaded && total_extra_certificates >= MAX_EXTRA_CACHED_CERTS)
+ * from the cache. Our dropping strategy is simple: We keep a
+ * static index counter and use this to start looking for
+ * certificates, then we drop 5 percent of the oldest certificates
+ * starting at that index. For a large cache this is a fair way of
+ * removing items. An LRU strategy would be better of course.
+ * Because we append new entries to the head of the list and we want
+ * to remove old ones first, we need to do this from the tail. The
+ * implementation is not very efficient but compared to the long
+ * time it takes to retrieve a certificate from an external resource
+ * it seems to be reasonable. */
+ if (!permanent && total_nonperm_certificates >= MAX_NONPERM_CACHED_CERTS)
{
static int idx;
cert_item_t ci_mark;
int i;
unsigned int drop_count;
- drop_count = MAX_EXTRA_CACHED_CERTS / 20;
+ drop_count = MAX_NONPERM_CACHED_CERTS / 20;
if (drop_count < 2)
drop_count = 2;
{
ci_mark = NULL;
for (ci = cert_cache[i]; ci; ci = ci->next)
- if (ci->cert && !ci->flags.loaded)
+ if (ci->cert && !ci->permanent)
ci_mark = ci;
if (ci_mark)
{
clean_cache_slot (ci_mark);
drop_count--;
- total_extra_certificates--;
+ total_nonperm_certificates--;
}
}
if (i==idx)
ci->next = cert_cache[*fpr];
cert_cache[*fpr] = ci;
}
- else
- memset (&ci->flags, 0, sizeof ci->flags);
ksba_cert_ref (cert);
ci->cert = cert;
return gpg_error (GPG_ERR_INV_CERT_OBJ);
}
ci->subject_dn = ksba_cert_get_subject (cert, 0);
- ci->flags.loaded = !!is_loaded;
- ci->flags.trusted = !!is_trusted;
+ ci->permanent = !!permanent;
+ ci->trustclasses = trustclass;
- if (is_loaded)
- total_loaded_certificates++;
- else
- total_extra_certificates++;
+ if (!permanent)
+ total_nonperm_certificates++;
return 0;
}
/* Load certificates from the directory DIRNAME. All certificates
matching the pattern "*.crt" or "*.der" are loaded. We assume that
- certificates are DER encoded and not PEM encapsulated. The cache
+ certificates are DER encoded and not PEM encapsulated. The cache
should be in a locked state when calling this function. */
static gpg_error_t
-load_certs_from_dir (const char *dirname, int are_trusted)
+load_certs_from_dir (const char *dirname, unsigned int trustclass)
{
gpg_error_t err;
DIR *dir;
continue;
}
- err = put_cert (cert, 1, are_trusted, NULL);
+ err = put_cert (cert, 1, trustclass, NULL);
if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
log_info (_("certificate '%s' already cached\n"), fname);
else if (!err)
{
- if (are_trusted)
+ if (trustclass)
log_info (_("trusted certificate '%s' loaded\n"), fname);
else
log_info (_("certificate '%s' loaded\n"), fname);
}
+/* Load certificates from FILE. The certificates are expected to be
+ * PEM encoded so that it is possible to load several certificates.
+ * TRUSTCLASSES is used to mark the certificates as trusted. The
+ * cache should be in a locked state when calling this function.
+ * NO_ERROR repalces an error message when FNAME was not found by an
+ * information message. */
+static gpg_error_t
+load_certs_from_file (const char *fname, unsigned int trustclasses,
+ int no_error)
+{
+ gpg_error_t err;
+ estream_t fp = NULL;
+ gnupg_ksba_io_t ioctx = NULL;
+ ksba_reader_t reader;
+ ksba_cert_t cert = NULL;
+
+ fp = es_fopen (fname, "rb");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ if (gpg_err_code (err) == GPG_ERR_ENONET && no_error)
+ log_info (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
+ else
+ log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
+ goto leave;
+ }
+
+ err = gnupg_ksba_create_reader (&ioctx,
+ (GNUPG_KSBA_IO_AUTODETECT
+ | GNUPG_KSBA_IO_MULTIPEM),
+ fp, &reader);
+ if (err)
+ {
+ log_error ("can't create reader: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+
+ /* Loop to read all certificates from the file. */
+ do
+ {
+ ksba_cert_release (cert);
+ cert = NULL;
+ err = ksba_cert_new (&cert);
+ if (!err)
+ err = ksba_cert_read_der (cert, reader);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ err = 0;
+ else
+ log_error (_("can't parse certificate '%s': %s\n"),
+ fname, gpg_strerror (err));
+ goto leave;
+ }
+
+ err = put_cert (cert, 1, trustclasses, NULL);
+ if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
+ log_info (_("certificate '%s' already cached\n"), fname);
+ else if (err)
+ log_error (_("error loading certificate '%s': %s\n"),
+ fname, gpg_strerror (err));
+ else if (opt.verbose > 1)
+ {
+ char *p;
+
+ log_info (_("trusted certificate '%s' loaded\n"), fname);
+ p = get_fingerprint_hexstring_colon (cert);
+ log_info (_(" SHA1 fingerprint = %s\n"), p);
+ xfree (p);
+
+ cert_log_name (_(" issuer ="), cert);
+ cert_log_subject (_(" subject ="), cert);
+ }
+
+ ksba_reader_clear (reader, NULL, NULL);
+ }
+ while (!gnupg_ksba_reader_eof_seen (ioctx));
+
+ leave:
+ ksba_cert_release (cert);
+ gnupg_ksba_destroy_reader (ioctx);
+ es_fclose (fp);
+
+ return err;
+}
+
+
+#ifdef HAVE_W32_SYSTEM
+/* Load all certificates from the Windows store named STORENAME. All
+ * certificates are considered to be system provided trusted
+ * certificates. The cache should be in a locked state when calling
+ * this function. */
+static void
+load_certs_from_w32_store (const char *storename)
+{
+ static int init_done;
+ static CERTOPENSYSTEMSTORE pCertOpenSystemStore;
+ static CERTENUMCERTIFICATESINSTORE pCertEnumCertificatesInStore;
+ static CERTCLOSESTORE pCertCloseStore;
+ gpg_error_t err;
+ HCERTSTORE w32store;
+ const CERT_CONTEXT *w32cert;
+ ksba_cert_t cert = NULL;
+ unsigned int count = 0;
+
+ /* Initialize on the first use. */
+ if (!init_done)
+ {
+ static HANDLE hCrypt32;
+
+ init_done = 1;
+
+ hCrypt32 = LoadLibrary ("Crypt32.dll");
+ if (!hCrypt32)
+ {
+ log_error ("can't load Crypt32.dll: %s\n", w32_strerror (-1));
+ return;
+ }
+
+ pCertOpenSystemStore = (CERTOPENSYSTEMSTORE)
+ GetProcAddress (hCrypt32, "CertOpenSystemStoreA");
+ pCertEnumCertificatesInStore = (CERTENUMCERTIFICATESINSTORE)
+ GetProcAddress (hCrypt32, "CertEnumCertificatesInStore");
+ pCertCloseStore = (CERTCLOSESTORE)
+ GetProcAddress (hCrypt32, "CertCloseStore");
+ if ( !pCertOpenSystemStore
+ || !pCertEnumCertificatesInStore
+ || !pCertCloseStore)
+ {
+ log_error ("can't load crypt32.dll: %s\n", "missing function");
+ pCertOpenSystemStore = NULL;
+ }
+ }
+
+ if (!pCertOpenSystemStore)
+ return; /* Not initialized. */
+
+
+ w32store = pCertOpenSystemStore (0, storename);
+ if (!w32store)
+ {
+ log_error ("can't open certificate store '%s': %s\n",
+ storename, w32_strerror (-1));
+ return;
+ }
+
+ w32cert = NULL;
+ while ((w32cert = pCertEnumCertificatesInStore (w32store, w32cert)))
+ {
+ if (w32cert->dwCertEncodingType == X509_ASN_ENCODING)
+ {
+ ksba_cert_release (cert);
+ cert = NULL;
+ err = ksba_cert_new (&cert);
+ if (!err)
+ err = ksba_cert_init_from_mem (cert,
+ w32cert->pbCertEncoded,
+ w32cert->cbCertEncoded);
+ if (err)
+ {
+ log_error (_("can't parse certificate '%s': %s\n"),
+ storename, gpg_strerror (err));
+ break;
+ }
+
+ err = put_cert (cert, 1, CERTTRUST_CLASS_SYSTEM, NULL);
+ if (!err)
+ count++;
+ if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
+ log_info (_("certificate '%s' already cached\n"), storename);
+ else if (err)
+ log_error (_("error loading certificate '%s': %s\n"),
+ storename, gpg_strerror (err));
+ else if (opt.verbose > 1)
+ {
+ char *p;
+
+ log_info (_("trusted certificate '%s' loaded\n"), storename);
+ p = get_fingerprint_hexstring_colon (cert);
+ log_info (_(" SHA1 fingerprint = %s\n"), p);
+ xfree (p);
+
+ cert_log_name (_(" issuer ="), cert);
+ cert_log_subject (_(" subject ="), cert);
+ }
+ }
+ }
+
+ ksba_cert_release (cert);
+ pCertCloseStore (w32store, 0);
+
+ if (DBG_X509)
+ log_debug ("number of certs loaded from store '%s': %u\n",
+ storename, count);
+
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+/* Load the trusted certificates provided by the system. */
+static gpg_error_t
+load_certs_from_system (void)
+{
+#ifdef HAVE_W32_SYSTEM
+
+ load_certs_from_w32_store ("ROOT");
+ load_certs_from_w32_store ("CA");
+
+ return 0;
+
+#else /*!HAVE_W32_SYSTEM*/
+
+ /* A list of certificate bundles to try. */
+ static struct {
+ const char *name;
+ } table[] = {
+#ifdef DEFAULT_TRUST_STORE_FILE
+ { DEFAULT_TRUST_STORE_FILE }
+#else
+ { "/etc/ssl/ca-bundle.pem" },
+ { "/etc/ssl/certs/ca-certificates.crt" },
+ { "/etc/pki/tls/cert.pem" },
+ { "/usr/local/share/certs/ca-root-nss.crt" },
+ { "/etc/ssl/cert.pem" }
+#endif /*!DEFAULT_TRUST_STORE_FILE*/
+ };
+ int idx;
+ gpg_error_t err = 0;
+
+ for (idx=0; idx < DIM (table); idx++)
+ if (!access (table[idx].name, F_OK))
+ {
+ /* Take the first available bundle. */
+ err = load_certs_from_file (table[idx].name, CERTTRUST_CLASS_SYSTEM, 0);
+ break;
+ }
+
+ return err;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
/* Initialize the certificate cache if not yet done. */
void
-cert_cache_init (void)
+cert_cache_init (strlist_t hkp_cacerts)
{
- char *dname;
+ char *fname;
+ strlist_t sl;
if (initialization_done)
return;
init_cache_lock ();
acquire_cache_write_lock ();
- dname = make_filename (gnupg_sysconfdir (), "trusted-certs", NULL);
- load_certs_from_dir (dname, 1);
- xfree (dname);
+ load_certs_from_system ();
+
+ fname = make_filename_try (gnupg_sysconfdir (), "trusted-certs", NULL);
+ if (fname)
+ load_certs_from_dir (fname, CERTTRUST_CLASS_CONFIG);
+ xfree (fname);
+
+ fname = make_filename_try (gnupg_sysconfdir (), "extra-certs", NULL);
+ if (fname)
+ load_certs_from_dir (fname, 0);
+ xfree (fname);
+
+ fname = make_filename_try (gnupg_datadir (),
+ "sks-keyservers.netCA.pem", NULL);
+ if (fname)
+ load_certs_from_file (fname, CERTTRUST_CLASS_HKPSPOOL, 1);
+ xfree (fname);
- dname = make_filename (gnupg_sysconfdir (), "extra-certs", NULL);
- load_certs_from_dir (dname, 0);
- xfree (dname);
+ for (sl = hkp_cacerts; sl; sl = sl->next)
+ load_certs_from_file (sl->d, CERTTRUST_CLASS_HKP, 0);
initialization_done = 1;
release_cache_lock ();
}
}
- total_loaded_certificates = 0;
- total_extra_certificates = 0;
+ total_nonperm_certificates = 0;
initialization_done = 0;
release_cache_lock ();
}
void
cert_cache_print_stats (void)
{
+ cert_item_t ci;
+ int idx;
+ unsigned int n_nonperm = 0;
+ unsigned int n_permanent = 0;
+ unsigned int n_trusted = 0;
+ unsigned int n_trustclass_system = 0;
+ unsigned int n_trustclass_config = 0;
+ unsigned int n_trustclass_hkp = 0;
+ unsigned int n_trustclass_hkpspool = 0;
+
+ acquire_cache_read_lock ();
+ for (idx = 0; idx < 256; idx++)
+ for (ci=cert_cache[idx]; ci; ci = ci->next)
+ if (ci->cert)
+ {
+ if (ci->permanent)
+ n_permanent++;
+ else
+ n_nonperm++;
+ if (ci->trustclasses)
+ {
+ n_trusted++;
+ if ((ci->trustclasses & CERTTRUST_CLASS_SYSTEM))
+ n_trustclass_system++;
+ if ((ci->trustclasses & CERTTRUST_CLASS_CONFIG))
+ n_trustclass_config++;
+ if ((ci->trustclasses & CERTTRUST_CLASS_HKP))
+ n_trustclass_hkp++;
+ if ((ci->trustclasses & CERTTRUST_CLASS_HKPSPOOL))
+ n_trustclass_hkpspool++;
+ }
+ }
+
+ release_cache_lock ();
+
log_info (_("permanently loaded certificates: %u\n"),
- total_loaded_certificates);
+ n_permanent);
log_info (_(" runtime cached certificates: %u\n"),
- total_extra_certificates);
+ n_nonperm);
+ log_info (_(" trusted certificates: %u (%u,%u,%u,%u)\n"),
+ n_trusted,
+ n_trustclass_system,
+ n_trustclass_config,
+ n_trustclass_hkp,
+ n_trustclass_hkpspool);
}
-/* Return a value describing the the class of PATTERN. The offset of
+/* Return a value describing the class of PATTERN. The offset of
the actual string to be used for the comparison is stored at
R_OFFSET. The offset of the serialnumer is stored at R_SN_OFFSET. */
static enum pattern_class
\f
/* Return the certificate matching ISSUER_DN and SERIALNO; if it is
- not already in the cache, try to find it from other resources. */
+ * not already in the cache, try to find it from other resources. */
ksba_cert_t
find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
{
return cert;
/* Ask back to the service requester to return the certificate.
- This is because we can assume that he already used the
- certificate while checking for the CRL. */
+ * This is because we can assume that he already used the
+ * certificate while checking for the CRL. */
hexsn = serial_hex (serialno);
if (!hexsn)
{
log_error ("serial_hex() failed\n");
return NULL;
}
- buf = xtrymalloc (1 + strlen (hexsn) + 1 + strlen (issuer_dn) + 1);
+ buf = strconcat ("#", hexsn, "/", issuer_dn, NULL);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
xfree (hexsn);
return NULL;
}
- strcpy (stpcpy (stpcpy (stpcpy (buf, "#"), hexsn),"/"), issuer_dn);
xfree (hexsn);
+
cert = get_cert_local (ctrl, buf);
xfree (buf);
if (cert)
/* Return the certificate matching SUBJECT_DN and (if not NULL)
- KEYID. If it is not already in the cache, try to find it from other
- resources. Note, that the external search does not work for user
- certificates because the LDAP lookup is on the caCertificate
- attribute. For our purposes this is just fine. */
+ * KEYID. If it is not already in the cache, try to find it from other
+ * resources. Note, that the external search does not work for user
+ * certificates because the LDAP lookup is on the caCertificate
+ * attribute. For our purposes this is just fine. */
ksba_cert_t
find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
{
ksba_sexp_t subj;
/* If we have certificates from an OCSP request we first try to use
- them. This is because these certificates will really be the
- required ones and thus even in the case that they can't be
- uniquely located by the following code we can use them. This is
- for example required by Telesec certificates where a keyId is
- used but the issuer certificate comes without a subject keyId! */
+ * them. This is because these certificates will really be the
+ * required ones and thus even in the case that they can't be
+ * uniquely located by the following code we can use them. This is
+ * for example required by Telesec certificates where a keyId is
+ * used but the issuer certificate comes without a subject keyId! */
if (ctrl->ocsp_certs && subject_dn)
{
cert_item_t ci;
log_debug ("find_cert_bysubject: certificate not in ocsp_certs\n");
}
-
- /* First we check whether the certificate is cached. */
+ /* No check whether the certificate is cached. */
for (seq=0; (cert = get_cert_bysubject (subject_dn, seq)); seq++)
{
if (!keyid)
log_debug ("find_cert_bysubject: certificate not in cache\n");
/* Ask back to the service requester to return the certificate.
- This is because we can assume that he already used the
- certificate while checking for the CRL. */
+ * This is because we can assume that he already used the
+ * certificate while checking for the CRL. */
if (keyid)
cert = get_cert_local_ski (ctrl, subject_dn, keyid);
else
{
/* In contrast to get_cert_local_ski, get_cert_local uses any
- passed pattern, so we need to make sure that an exact subject
- search is done. */
+ * passed pattern, so we need to make sure that an exact subject
+ * search is done. */
char *buf;
- buf = xtrymalloc (1 + strlen (subject_dn) + 1);
+ buf = strconcat ("/", subject_dn, NULL);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
return NULL;
}
- strcpy (stpcpy (buf, "/"), subject_dn);
cert = get_cert_local (ctrl, buf);
xfree (buf);
}
}
-
/* Return 0 if the certificate is a trusted certificate. Returns
- GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
- case of systems errors. */
+ * GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
+ * case of systems errors. TRUSTCLASSES are the bitwise ORed
+ * CERTTRUST_CLASS values to use for the check. */
gpg_error_t
-is_trusted_cert (ksba_cert_t cert)
+is_trusted_cert (ksba_cert_t cert, unsigned int trustclasses)
{
unsigned char fpr[20];
cert_item_t ci;
for (ci=cert_cache[*fpr]; ci; ci = ci->next)
if (ci->cert && !memcmp (ci->fpr, fpr, 20))
{
- if (ci->flags.trusted)
+ if ((ci->trustclasses & trustclasses))
{
+ /* The certificate is trusted in one of the given
+ * TRUSTCLASSES. */
release_cache_lock ();
return 0; /* Yes, it is trusted. */
}
\f
/* Given the certificate CERT locate the issuer for this certificate
- and return it at R_CERT. Returns 0 on success or
- GPG_ERR_NOT_FOUND. */
+ * and return it at R_CERT. Returns 0 on success or
+ * GPG_ERR_NOT_FOUND. */
gpg_error_t
find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
{
{
issuer_cert = find_cert_bysn (ctrl, s, authidno);
}
+
if (!issuer_cert && keyid)
{
/* Not found by issuer+s/n. Now that we have an AKI
- keyIdentifier look for a certificate with a matching
- SKI. */
+ * keyIdentifier look for a certificate with a matching
+ * SKI. */
issuer_cert = find_cert_bysubject (ctrl, issuer_dn, keyid);
}
+
/* Print a note so that the user does not feel too helpless when
- an issuer certificate was found and gpgsm prints BAD
- signature because it is not the correct one. */
+ * an issuer certificate was found and gpgsm prints BAD
+ * signature because it is not the correct one. */
if (!issuer_cert)
{
log_info ("issuer certificate ");
}
/* If this did not work, try just with the issuer's name and assume
- that there is only one such certificate. We only look into our
- cache then. */
+ * that there is only one such certificate. We only look into our
+ * cache then. */
if (err || !issuer_cert)
{
issuer_cert = get_cert_bysubject (issuer_dn, 0);
return err;
}
+
+
+\f
+/* Read a list of certificates in PEM format from stream FP and store
+ * them on success at R_CERTLIST. On error NULL is stored at R_CERT
+ * list and an error code returned. Note that even on success an
+ * empty list of certificates can be returned (i.e. NULL stored at
+ * R_CERTLIST) iff the input stream has no certificates. */
+gpg_error_t
+read_certlist_from_stream (certlist_t *r_certlist, estream_t fp)
+{
+ gpg_error_t err;
+ gnupg_ksba_io_t ioctx = NULL;
+ ksba_reader_t reader;
+ ksba_cert_t cert = NULL;
+ certlist_t certlist = NULL;
+ certlist_t cl, *cltail;
+
+ *r_certlist = NULL;
+
+ err = gnupg_ksba_create_reader (&ioctx,
+ (GNUPG_KSBA_IO_PEM | GNUPG_KSBA_IO_MULTIPEM),
+ fp, &reader);
+ if (err)
+ goto leave;
+
+ /* Loop to read all certificates from the stream. */
+ cltail = &certlist;
+ do
+ {
+ ksba_cert_release (cert);
+ cert = NULL;
+ err = ksba_cert_new (&cert);
+ if (!err)
+ err = ksba_cert_read_der (cert, reader);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ err = 0;
+ goto leave;
+ }
+
+ /* Append the certificate to the list. We also store the
+ * fingerprint and check whether we have a cached certificate;
+ * in that case the cached certificate is put into the list to
+ * take advantage of a validation result which might be stored
+ * in the cached certificate. */
+ cl = xtrycalloc (1, sizeof *cl);
+ if (!cl)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ cert_compute_fpr (cert, cl->fpr);
+ cl->cert = get_cert_byfpr (cl->fpr);
+ if (!cl->cert)
+ {
+ cl->cert = cert;
+ cert = NULL;
+ }
+ *cltail = cl;
+ cltail = &cl->next;
+ ksba_reader_clear (reader, NULL, NULL);
+ }
+ while (!gnupg_ksba_reader_eof_seen (ioctx));
+
+ leave:
+ ksba_cert_release (cert);
+ gnupg_ksba_destroy_reader (ioctx);
+ if (err)
+ release_certlist (certlist);
+ else
+ *r_certlist = certlist;
+
+ return err;
+}
+
+
+/* Release the certificate list CL. */
+void
+release_certlist (certlist_t cl)
+{
+ while (cl)
+ {
+ certlist_t next = cl->next;
+ ksba_cert_release (cl->cert);
+ cl = next;
+ }
+}
#ifndef CERTCACHE_H
#define CERTCACHE_H
+/* The origin of the trusted root certificates. */
+enum {
+ CERTTRUST_CLASS_SYSTEM = 1, /* From the system's list of trusted certs. */
+ CERTTRUST_CLASS_CONFIG = 2, /* From dirmngr's config files. */
+ CERTTRUST_CLASS_HKP = 4, /* From --hkp-cacert */
+ CERTTRUST_CLASS_HKPSPOOL= 8, /* The one and only from sks-keyservers */
+};
+
+
/* First time initialization of the certificate cache. */
-void cert_cache_init (void);
+void cert_cache_init (strlist_t hkp_cacerts);
/* Deinitialize the certificate cache. */
void cert_cache_deinit (int full);
gpg_error_t cache_cert_silent (ksba_cert_t cert, void *fpr_buffer);
/* Return 0 if the certificate is a trusted certificate. Returns
- GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
- case of systems errors. */
-gpg_error_t is_trusted_cert (ksba_cert_t cert);
-
+ * GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
+ * case of systems errors. TRUSTCLASSES are the bitwise ORed
+ * CERTTRUST_CLASS values to use for the check. */
+gpg_error_t is_trusted_cert (ksba_cert_t cert, unsigned trustclasses);
/* Return a certificate object for the given fingerprint. FPR is
expected to be a 20 byte binary SHA-1 fingerprint. If no matching
+/* A simple list of certificates. */
+struct certlist_s
+{
+ struct certlist_s *next;
+ ksba_cert_t cert;
+ unsigned char fpr[20]; /* of the certificate. */
+};
+typedef struct certlist_s *certlist_t;
+
+gpg_error_t read_certlist_from_stream (certlist_t *r_certlist, estream_t fp);
+void release_certlist (certlist_t cl);
+
+
#endif /*CERTCACHE_H*/
Field 1: Constant "v"
Field 2: Version number of this file. Must be 1.
- This record must be the first non-comment record record and
+ This record must be the first non-comment record and
there shall only exist one record of this type.
1.3. CRL cache record
md = NULL;
err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
- VALIDATE_MODE_CRL_RECURSIVE,
+ (VALIDATE_FLAG_TRUST_CONFIG
+ | VALIDATE_FLAG_CRL
+ | VALIDATE_FLAG_RECURSIVE),
r_trust_anchor);
if (err)
{
http_release_parsed_uri (uri);
if (err && !strncmp (url, "https:", 6))
{
- /* Our HTTP code does not support TLS, thus we can't use this
- scheme and it is frankly not useful for CRL retrieval anyway.
- We resort to using http, assuming that the server also
- provides plain http access. */
+ /* FIXME: We now support https.
+ * Our HTTP code does not support TLS, thus we can't use this
+ * scheme and it is frankly not useful for CRL retrieval anyway.
+ * We resort to using http, assuming that the server also
+ * provides plain http access. */
free_this = xtrymalloc (strlen (url) + 1);
if (free_this)
{
err = http_open_document (&hd, url, NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
- |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
+ |(dirmngr_use_tor()? HTTP_FLAG_FORCE_TOR:0)
+ |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4:0)
+ ),
ctrl->http_proxy, NULL, NULL, NULL);
switch ( err? 99999 : http_get_status_code (hd) )
"LDAP");
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
}
- else if (opt.use_tor)
+ else if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
gpg_error_t
crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
{
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
}
-/* Fetch a CA certificate for DN using the default server. This
- function only initiates the fetch; fetch_next_cert must be used to
- actually read the certificate; end_cert_fetch to end the
- operation. */
+/* Fetch a CA certificate for DN using the default server. This
+ * function only initiates the fetch; fetch_next_cert must be used to
+ * actually read the certificate; end_cert_fetch to end the
+ * operation. */
gpg_error_t
ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
{
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
strlist_t patterns, const ldap_server_t server)
{
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
/* Fetch the next data from CONTEXT, assuming it is a certificate and return
- it as a cert object in R_CERT. */
+ * it as a cert object in R_CERT. */
gpg_error_t
fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
{
oBatch,
oDisableHTTP,
oDisableLDAP,
+ oDisableIPv4,
oIgnoreLDAPDP,
oIgnoreHTTPDP,
oIgnoreOCSPSvcUrl,
oHTTPWrapperProgram,
oIgnoreCertExtension,
oUseTor,
+ oNoUseTor,
oKeyServer,
oNameServer,
oDisableCheckOwnSocket,
N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via Tor")),
+ ARGPARSE_s_n (oNoUseTor, "no-use-tor", "@"),
+
+ ARGPARSE_s_n (oDisableIPv4, "disable-ipv4", "@"),
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
{ DBG_DNS_VALUE , "dns" },
{ DBG_NETWORK_VALUE, "network" },
{ DBG_LOOKUP_VALUE , "lookup" },
+ { DBG_EXTPROG_VALUE, "extprog" },
{ 77, NULL } /* 77 := Do not exit on "help" or "?". */
};
/* Flags to indicate that we shall not watch our own socket. */
static int disable_check_own_socket;
+/* Flag to control the Tor mode. */
+static enum
+ { TOR_MODE_AUTO = 0, /* Switch to NO or YES */
+ TOR_MODE_NEVER, /* Never use Tor. */
+ TOR_MODE_NO, /* Do not use Tor */
+ TOR_MODE_YES, /* Use Tor */
+ TOR_MODE_FORCE /* Force using Tor */
+ } tor_mode;
+
+
/* Counter for the active connections. */
static int active_connections;
* thread to run background network tasks. */
static int network_activity_seen;
+/* A list of filenames registred with --hkp-cacert. */
+static strlist_t hkp_cacert_filenames;
+
+
/* The timer tick used for housekeeping stuff. */
#define TIMERTICK_INTERVAL (60)
static void
set_tor_mode (void)
{
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* Enable Tor mode and when called again force a new curcuit
* (e.g. on SIGHUP). */
log_info ("(is your Libassuan recent enough?)\n");
}
}
+ else
+ disable_dns_tormode ();
+}
+
+
+/* Return true if Tor shall be used. */
+int
+dirmngr_use_tor (void)
+{
+ if (tor_mode == TOR_MODE_AUTO)
+ {
+ /* FIXME: Figure out whether Tor is running. */
+ }
+
+ if (tor_mode == TOR_MODE_FORCE)
+ return 2; /* Use Tor (using 2 to indicate force mode) */
+ else if (tor_mode == TOR_MODE_YES)
+ return 1; /* Use Tor */
+ else
+ return 0; /* Do not use Tor. */
}
}
FREE_STRLIST (opt.ignored_cert_extensions);
http_register_tls_ca (NULL);
+ FREE_STRLIST (hkp_cacert_filenames);
FREE_STRLIST (opt.keyserver);
- /* Note: We do not allow resetting of opt.use_tor at runtime. */
+ /* Note: We do not allow resetting of TOR_MODE_FORCE at runtime. */
+ if (tor_mode != TOR_MODE_FORCE)
+ tor_mode = TOR_MODE_AUTO;
disable_check_own_socket = 0;
enable_standard_resolver (0);
set_dns_timeout (0);
case oDisableHTTP: opt.disable_http = 1; break;
case oDisableLDAP: opt.disable_ldap = 1; break;
+ case oDisableIPv4: opt.disable_ipv4 = 1; break;
case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
case oHkpCaCert:
{
+ /* We need to register the filenames with gnutls (http.c) and
+ * also for our own cert cache. */
char *tmpname;
/* Do tilde expansion and make path absolute. */
tmpname = make_absfilename (pargs->r.ret_str, NULL);
http_register_tls_ca (tmpname);
+ add_to_strlist (&hkp_cacert_filenames, pargs->r.ret_str);
xfree (tmpname);
}
break;
add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
break;
- case oUseTor: opt.use_tor = 1; break;
+ case oUseTor:
+ tor_mode = TOR_MODE_FORCE;
+ break;
+ case oNoUseTor:
+ if (tor_mode != TOR_MODE_FORCE)
+ tor_mode = TOR_MODE_NEVER;
+ break;
case oStandardResolver: enable_standard_resolver (1); break;
case oRecursiveResolver: enable_recursive_resolver (1); break;
set_dns_verbose (opt.verbose, !!DBG_DNS);
http_set_verbose (opt.verbose, !!DBG_NETWORK);
+ set_dns_disable_ipv4 (opt.disable_ipv4);
return 1; /* Handled. */
}
}
#endif /*!HAVE_W32_SYSTEM*/
+#if HTTP_USE_NTBTLS
+static void
+my_ntbtls_log_handler (void *opaque, int level, const char *fmt, va_list argv)
+{
+ (void)opaque;
+
+ if (level == -1)
+ log_logv_with_prefix (GPGRT_LOG_INFO, "ntbtls: ", fmt, argv);
+ else
+ {
+ char prefix[10+20];
+ snprintf (prefix, sizeof prefix, "ntbtls(%d): ", level);
+ log_logv_with_prefix (GPGRT_LOG_DEBUG, prefix, fmt, argv);
+ }
+}
+#endif
+
static void
thread_init (void)
setup_libgcrypt_logging ();
+#if HTTP_USE_NTBTLS
+ ntbtls_set_log_handler (my_ntbtls_log_handler, NULL);
+#endif
+
/* Setup defaults. */
shell = getenv ("SHELL");
if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
thread_init ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
http_register_netactivity_cb (netactivity_action);
start_command_handler (ASSUAN_INVALID_FD);
log_set_prefix (NULL, 0);
thread_init ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
http_register_netactivity_cb (netactivity_action);
handle_connections (3);
#endif
thread_init ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
http_register_netactivity_cb (netactivity_action);
handle_connections (fd);
dirmngr_init_default_ctrl (&ctrlbuf);
thread_init ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
if (!argc)
rc = crl_cache_load (&ctrlbuf, NULL);
dirmngr_init_default_ctrl (&ctrlbuf);
thread_init ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
rc = crl_fetch (&ctrlbuf, argv[0], &reader);
if (rc)
void
dirmngr_init_default_ctrl (ctrl_t ctrl)
{
+ ctrl->magic = SERVER_CONTROL_MAGIC;
if (opt.http_proxy)
ctrl->http_proxy = xstrdup (opt.http_proxy);
+ ctrl->http_no_crl = 1;
}
{
if (!ctrl)
return;
+ ctrl->magic = 0xdeadbeef;
+
xfree (ctrl->http_proxy);
ctrl->http_proxy = NULL;
}
reread_configuration ();
cert_cache_deinit (0);
crl_cache_deinit ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
reload_dns_stuff (0);
ks_hkp_reload ();
if (network_activity_seen)
{
network_activity_seen = 0;
- if (opt.use_tor || opt.allow_version_check)
+ if (opt.allow_version_check)
dirmngr_load_swdb (&ctrlbuf, 0);
}
close (my_inotify_fd);
#endif /*HAVE_INOTIFY_INIT*/
npth_attr_destroy (&tattr);
- if (listen_fd != -1)
+ if (listen_fd != GNUPG_INVALID_FD)
assuan_sock_close (fd);
cleanup ();
log_info ("%s %s stopped\n", strusage(11), strusage(13));
program. */
int running_detached; /* We are running in detached mode. */
- int use_tor; /* Tor mode has been enabled. */
int allow_version_check; /* --allow-version-check is active. */
int force; /* Force loading outdated CRLs. */
int disable_http; /* Do not use HTTP at all. */
int disable_ldap; /* Do not use LDAP at all. */
+ int disable_ipv4; /* Do not use leagacy IP addresses. */
int honor_http_proxy; /* Honor the http_proxy env variable. */
const char *http_proxy; /* The default HTTP proxy. */
const char *ldap_proxy; /* Use given LDAP proxy. */
#define DBG_IPC_VALUE 1024 /* debug assuan communication */
#define DBG_NETWORK_VALUE 2048 /* debug network I/O. */
#define DBG_LOOKUP_VALUE 8192 /* debug lookup details */
+#define DBG_EXTPROG_VALUE 16384 /* debug external program calls */
#define DBG_X509 (opt.debug & DBG_X509_VALUE)
#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
#define DBG_IPC (opt.debug & DBG_IPC_VALUE)
#define DBG_NETWORK (opt.debug & DBG_NETWORK_VALUE)
#define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE)
+#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
-/* A simple list of certificate references. */
+/* A simple list of certificate references. FIXME: Better use
+ certlist_t also for references (Store NULL at .cert) */
struct cert_ref_s
{
struct cert_ref_s *next;
};
typedef struct cert_ref_s *cert_ref_t;
+
/* Forward references; access only through server.c. */
struct server_local_s;
+#if SIZEOF_UNSIGNED_LONG == 8
+# define SERVER_CONTROL_MAGIC 0x6469726d6e677220
+#else
+# define SERVER_CONTROL_MAGIC 0x6469726d
+#endif
+
/* Connection control structure. */
struct server_control_s
{
- int refcount; /* Count additional references to this object. */
- int no_server; /* We are not running under server control. */
- int status_fd; /* Only for non-server mode. */
+ unsigned long magic;/* Always has SERVER_CONTROL_MAGIC. */
+ int refcount; /* Count additional references to this object. */
+ int no_server; /* We are not running under server control. */
+ int status_fd; /* Only for non-server mode. */
struct server_local_s *server_local;
int force_crl_refresh; /* Always load a fresh CRL. */
int audit_events; /* Send audit events to client. */
char *http_proxy; /* The used http_proxy or NULL. */
+
+ unsigned int http_no_crl:1; /* Do not check CRLs for https. */
};
void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
void dirmngr_sighup_action (void);
const char* dirmngr_get_current_socket_name (void);
-
+int dirmngr_use_tor (void);
/*-- Various housekeeping functions. --*/
void ks_hkp_housekeeping (time_t curtime);
gpg_error_t dirmngr_status_help (ctrl_t ctrl, const char *text);
gpg_error_t dirmngr_tick (ctrl_t ctrl);
+/*-- http-ntbtls.c --*/
+/* Note that we don't use a callback for gnutls. */
+
+gpg_error_t gnupg_http_tls_verify_cb (void *opaque,
+ http_t http,
+ http_session_t session,
+ unsigned int flags,
+ void *tls_context);
+
/*-- loadswdb.c --*/
gpg_error_t dirmngr_load_swdb (ctrl_t ctrl, int force);
/* The timeout in seconds for libdns requests. */
static int opt_timeout;
+/* The flag to disable IPv4 access - right now this only skips
+ * returned A records. */
+static int opt_disable_ipv4;
+
/* If set force the use of the standard resolver. */
static int standard_resolver;
}
+/* Disable tor mode. */
+void
+disable_dns_tormode (void)
+{
+ tor_mode = 0;
+}
+
+
/* Set verbosity and debug mode for this module. */
void
set_dns_verbose (int verbose, int debug)
}
+/* Set the Disable-IPv4 flag so that the name resolver does not return
+ * A addresses. */
+void
+set_dns_disable_ipv4 (int yes)
+{
+ opt_disable_ipv4 = !!yes;
+}
+
+
/* Set the timeout for libdns requests to SECONDS. A value of 0 sets
* the default timeout and values are capped at 10 minutes. */
void
(dns_nssconf_loadpath (ld.resolv_conf, fname));
if (err)
{
- log_error ("failed to load '%s': %s\n", fname, gpg_strerror (err));
- /* not fatal, nsswitch.conf is not used on all systems; assume
- * classic behavior instead. Our dns library states "bf" which tries
- * DNS then Files, which is not classic; FreeBSD
- * /usr/src/lib/libc/net/gethostnamadr.c defines default_src[] which
- * is Files then DNS, which is. */
+ /* This is not a fatal error: nsswitch.conf is not used on
+ * all systems; assume classic behavior instead. */
+ if (gpg_err_code (err) != GPG_ERR_ENOENT)
+ log_error ("failed to load '%s': %s\n", fname, gpg_strerror (err));
if (opt_debug)
log_debug ("dns: fallback resolution order, files then DNS\n");
ld.resolv_conf->lookup[0] = 'f';
ld.resolv_conf->lookup[2] = '\0';
err = GPG_ERR_NO_ERROR;
}
+ else if (!strchr (ld.resolv_conf->lookup, 'b'))
+ {
+ /* No DNS resulution type found in the list. This might be
+ * due to systemd based systems which allow for custom
+ * keywords which are not known to us and thus we do not
+ * know whether DNS is wanted or not. Becuase DNS is
+ * important for our infrastructure, we forcefully append
+ * DNS to the end of the list. */
+ if (strlen (ld.resolv_conf->lookup)+2 < sizeof ld.resolv_conf->lookup)
+ {
+ if (opt_debug)
+ log_debug ("dns: appending DNS to resolution order\n");
+ strcat (ld.resolv_conf->lookup, "b");
+ }
+ else
+ log_error ("failed to append DNS to resolution order\n");
+ }
#endif /* Unix */
}
struct addrinfo *ent;
char portstr_[21];
char *portstr = NULL;
+ char *namebuf = NULL;
int derr;
*r_dai = NULL;
hints.ai_flags = AI_ADDRCONFIG;
if (r_canonname)
hints.ai_flags |= AI_CANONNAME;
- if (is_ip_address (name))
- hints.ai_flags |= AI_NUMERICHOST;
if (port)
{
if (err)
goto leave;
+
+ if (is_ip_address (name))
+ {
+ hints.ai_flags |= AI_NUMERICHOST;
+ /* libdns does not grok brackets - remove them. */
+ if (*name == '[' && name[strlen(name)-1] == ']')
+ {
+ namebuf = xtrymalloc (strlen (name));
+ if (!namebuf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ strcpy (namebuf, name+1);
+ namebuf[strlen (namebuf)-1] = 0;
+ name = namebuf;
+ }
+ }
+
ai = dns_ai_open (name, portstr, 0, &hints, res, &derr);
if (!ai)
{
else
*r_dai = daihead;
+ xfree (namebuf);
return err;
}
#endif /*USE_LIBDNS*/
else
*portstr = 0;
- /* We can't use the the AI_IDN flag because that does the conversion
+ /* We can't use the AI_IDN flag because that does the conversion
using the current locale. However, GnuPG always used UTF-8. To
support IDN we would need to make use of the libidn API. */
ret = getaddrinfo (name, *portstr? portstr : NULL, &hints, &aibuf);
{
if (ai->ai_family != AF_INET6 && ai->ai_family != AF_INET)
continue;
+ if (opt_disable_ipv4 && ai->ai_family == AF_INET)
+ continue;
dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
dai->family = ai->ai_family;
if (*name == '[')
return 6; /* yes: A legal DNS name may not contain this character;
- this mut be bracketed v6 address. */
+ this must be bracketed v6 address. */
if (*name == '.')
return 0; /* No. A leading dot is not a valid IP address. */
if (*s == '.')
{
if (s[1] == '.')
- return 0; /* No: Douple dot. */
+ return 0; /* No: Double dot. */
if (atoi (s+1) > 255)
return 0; /* No: Ipv4 byte value too large. */
ndots++;
found, the malloced data is returned at (R_KEY, R_KEYLEN) and
the other return parameters are set to NULL/0. If an IPGP CERT
record was found the fingerprint is stored as an allocated block at
- R_FPR and its length at R_FPRLEN; an URL is is allocated as a
+ R_FPR and its length at R_FPRLEN; an URL is allocated as a
string and returned at R_URL. If WANT_CERTTYPE is 0 this function
returns the first CERT found with a supported type; it is expected
that only one CERT record is used. If WANT_CERTTYPE is one of the
/* Set verbosity and debug mode for this module. */
void set_dns_verbose (int verbose, int debug);
+/* Set the Disable-IPv4 flag so that the name resolver does not return
+ * A addresses. */
+void set_dns_disable_ipv4 (int yes);
+
/* Set the timeout for libdns requests to SECONDS. */
void set_dns_timeout (int seconds);
/* Put this module eternally into Tor mode. When called agained with
* NEW_CIRCUIT request a new TOR circuit for the next DNS query. */
void enable_dns_tormode (int new_circuit);
+void disable_dns_tormode (void);
/* Change the default IP address of the nameserver to IPADDR. The
address needs to be a numerical IP address and will be used for the
--- /dev/null
+/* http-ntbtls.c - Support for using NTBTLS with http.c
+ * Copyright (C) 2017 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "dirmngr.h"
+#include "certcache.h"
+#include "validate.h"
+
+#ifdef HTTP_USE_NTBTLS
+# include <ntbtls.h>
+
+
+
+/* The callback used to verify the peer's certificate. */
+gpg_error_t
+gnupg_http_tls_verify_cb (void *opaque,
+ http_t http,
+ http_session_t session,
+ unsigned int http_flags,
+ void *tls_context)
+{
+ ctrl_t ctrl = opaque;
+ ntbtls_t tls = tls_context;
+ gpg_error_t err;
+ int idx;
+ ksba_cert_t cert;
+ ksba_cert_t hostcert = NULL;
+ unsigned int validate_flags;
+ const char *hostname;
+
+ (void)http;
+ (void)session;
+
+ log_assert (ctrl && ctrl->magic == SERVER_CONTROL_MAGIC);
+ log_assert (!ntbtls_check_context (tls));
+
+ /* Get the peer's certs fron ntbtls. */
+ for (idx = 0;
+ (cert = ntbtls_x509_get_peer_cert (tls, idx)); idx++)
+ {
+ if (!idx)
+ hostcert = cert;
+ else
+ {
+ /* Quick hack to make verification work by inserting the supplied
+ * certs into the cache. FIXME! */
+ cache_cert (cert);
+ ksba_cert_release (cert);
+ }
+ }
+ if (!idx)
+ {
+ err = gpg_error (GPG_ERR_MISSING_CERT);
+ goto leave;
+ }
+
+ validate_flags = VALIDATE_FLAG_TLS;
+
+ /* Are we using the standard hkps:// pool use the dedicated
+ * root certificate. */
+ hostname = ntbtls_get_hostname (tls);
+ if (hostname
+ && !ascii_strcasecmp (hostname, "hkps.pool.sks-keyservers.net"))
+ {
+ validate_flags |= VALIDATE_FLAG_TRUST_HKPSPOOL;
+ }
+ else /* Use the certificates as requested from the HTTP module. */
+ {
+ if ((http_flags & HTTP_FLAG_TRUST_DEF))
+ validate_flags |= VALIDATE_FLAG_TRUST_HKP;
+ if ((http_flags & HTTP_FLAG_TRUST_SYS))
+ validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
+ }
+
+ if ((http_flags & HTTP_FLAG_NO_CRL))
+ validate_flags |= VALIDATE_FLAG_NOCRLCHECK;
+
+ err = validate_cert_chain (ctrl, hostcert, NULL, validate_flags, NULL);
+
+ leave:
+ ksba_cert_release (hostcert);
+ return err;
+}
+
+
+#else /*!HTTP_USE_NTBTLS*/
+
+/* Dummy function used when not build without ntbtls support. */
+gpg_error_t
+gnupg_http_tls_verify_cb (void *opaque,
+ http_t http,
+ http_session_t session,
+ unsigned int flags,
+ void *tls_context)
+{
+ (void)opaque;
+ (void)http;
+ (void)session;
+ (void)flags;
+ (void)tls_context;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+}
+#endif /*!HTTP_USE_NTBTLS*/
static char *build_rel_path (parsed_uri_t uri);
static gpg_error_t parse_response (http_t hd);
-static assuan_fd_t connect_server (const char *server, unsigned short port,
+static gpg_error_t connect_server (const char *server, unsigned short port,
unsigned int flags, const char *srvtag,
- int *r_host_not_found);
+ assuan_fd_t *r_sock);
+static gpgrt_ssize_t read_server (int sock, void *buffer, size_t size);
static gpg_error_t write_server (int sock, const char *data, size_t length);
static gpgrt_ssize_t cookie_read (void *cookie, void *buffer, size_t size);
static gpgrt_ssize_t cookie_write (void *cookie,
const void *buffer, size_t size);
static int cookie_close (void *cookie);
-
+#ifdef HAVE_W32_SYSTEM
+static gpgrt_ssize_t simple_cookie_read (void *cookie,
+ void *buffer, size_t size);
+static gpgrt_ssize_t simple_cookie_write (void *cookie,
+ const void *buffer, size_t size);
+#endif
/* A socket object used to a allow ref counting of sockets. */
struct my_socket_s
cookie_close
};
+
struct cookie_s
{
/* Socket object or NULL if already closed. */
};
typedef struct cookie_s *cookie_t;
+
+/* Simple cookie functions. Here the cookie is an int with the
+ * socket. */
+#ifdef HAVE_W32_SYSTEM
+static es_cookie_io_functions_t simple_cookie_functions =
+ {
+ simple_cookie_read,
+ simple_cookie_write,
+ NULL,
+ NULL
+ };
+#endif
+
+
+#if SIZEOF_UNSIGNED_LONG == 8
+# define HTTP_SESSION_MAGIC 0x0068545470534553 /* "hTTpSES" */
+#else
+# define HTTP_SESSION_MAGIC 0x68547365 /* "hTse" */
+#endif
+
/* The session object. */
struct http_session_s
{
+ unsigned long magic;
+
int refcount; /* Number of references to this object. */
#ifdef HTTP_USE_GNUTLS
gnutls_certificate_credentials_t certcred;
/* A callback function to log details of TLS certifciates. */
void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
const void **, size_t *);
+
+ /* The flags passed to the session object. */
+ unsigned int flags;
+
+ /* A per-session TLS verification callback. */
+ http_verify_cb_t verify_cb;
+ void *verify_cb_value;
};
typedef struct header_s *header_t;
+#if SIZEOF_UNSIGNED_LONG == 8
+# define HTTP_CONTEXT_MAGIC 0x0068545470435458 /* "hTTpCTX" */
+#else
+# define HTTP_CONTEXT_MAGIC 0x68546378 /* "hTcx" */
+#endif
+
+
/* Our handle context. */
struct http_context_s
{
+ unsigned long magic;
unsigned int status_code;
my_socket_t sock;
unsigned int in_data:1;
#endif /*HTTP_USE_GNUTLS*/
+#ifdef HTTP_USE_NTBTLS
+/* Connect the ntbls callback to our generic callback. */
+static gpg_error_t
+my_ntbtls_verify_cb (void *opaque, ntbtls_t tls, unsigned int verify_flags)
+{
+ http_t hd = opaque;
+
+ (void)verify_flags;
+
+ log_assert (hd && hd->session && hd->session->verify_cb);
+ log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
+ log_assert (hd->session->magic == HTTP_SESSION_MAGIC);
+
+ return hd->session->verify_cb (hd->session->verify_cb_value,
+ hd, hd->session,
+ (hd->flags | hd->session->flags),
+ tls);
+}
+#endif /*HTTP_USE_NTBTLS*/
+
+
\f
/* This notification function is called by estream whenever stream is
{
http_t hd = opaque;
+ log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
if (hd->fp_read && hd->fp_read == stream)
hd->fp_read = NULL;
else if (hd->fp_write && hd->fp_write == stream)
if (!sess)
return;
+ log_assert (sess->magic == HTTP_SESSION_MAGIC);
+
sess->refcount--;
if (opt_debug > 1)
log_debug ("http.c:%d:session_unref: sess %p ref now %d\n",
close_tls_session (sess);
#endif /*USE_TLS*/
+ sess->magic = 0xdeadbeef;
xfree (sess);
}
#define http_session_unref(a) session_unref (__LINE__, (a))
* Valid values for FLAGS are:
* HTTP_FLAG_TRUST_DEF - Use the CAs set with http_register_tls_ca
* HTTP_FLAG_TRUST_SYS - Also use the CAs defined by the system
+ * HTTP_FLAG_NO_CRL - Do not consult CRLs for https.
*/
gpg_error_t
-http_session_new (http_session_t *r_session, const char *tls_priority,
- const char *intended_hostname, unsigned int flags)
+http_session_new (http_session_t *r_session,
+ const char *intended_hostname, unsigned int flags,
+ http_verify_cb_t verify_cb, void *verify_cb_value)
{
gpg_error_t err;
http_session_t sess;
sess = xtrycalloc (1, sizeof *sess);
if (!sess)
return gpg_error_from_syserror ();
+ sess->magic = HTTP_SESSION_MAGIC;
sess->refcount = 1;
+ sess->flags = flags;
+ sess->verify_cb = verify_cb;
+ sess->verify_cb_value = verify_cb_value;
#if HTTP_USE_NTBTLS
{
- x509_cert_t ca_chain;
- char line[256];
- estream_t fp, mem_p;
- size_t nread, nbytes;
- struct b64state state;
- void *buf;
- size_t buflen;
- char *pemname;
-
- (void)tls_priority;
-
- pemname = make_filename_try (gnupg_datadir (),
- "sks-keyservers.netCA.pem", NULL);
- if (!pemname)
- {
- err = gpg_error_from_syserror ();
- log_error ("setting CA from file '%s' failed: %s\n",
- pemname, gpg_strerror (err));
- goto leave;
- }
-
- fp = es_fopen (pemname, "r");
- if (!fp)
- {
- err = gpg_error_from_syserror ();
- log_error ("can't open '%s': %s\n", pemname, gpg_strerror (err));
- xfree (pemname);
- goto leave;
- }
- xfree (pemname);
-
- mem_p = es_fopenmem (0, "r+b");
- err = b64dec_start (&state, "CERTIFICATE");
- if (err)
- {
- log_error ("b64dec failure: %s\n", gpg_strerror (err));
- goto leave;
- }
-
- while ( (nread = es_fread (line, 1, DIM (line), fp)) )
- {
- err = b64dec_proc (&state, line, nread, &nbytes);
- if (err)
- {
- if (gpg_err_code (err) == GPG_ERR_EOF)
- break;
-
- log_error ("b64dec failure: %s\n", gpg_strerror (err));
- es_fclose (fp);
- es_fclose (mem_p);
- goto leave;
- }
- else if (nbytes)
- es_fwrite (line, 1, nbytes, mem_p);
- }
- err = b64dec_finish (&state);
- if (err)
- {
- log_error ("b64dec failure: %s\n", gpg_strerror (err));
- es_fclose (fp);
- es_fclose (mem_p);
- goto leave;
- }
-
- es_fclose_snatch (mem_p, &buf, &buflen);
- es_fclose (fp);
-
- err = ntbtls_x509_cert_new (&ca_chain);
- if (err)
- {
- log_error ("ntbtls_x509_new failed: %s\n", gpg_strerror (err));
- xfree (buf);
- goto leave;
- }
-
- err = ntbtls_x509_append_cert (ca_chain, buf, buflen);
- xfree (buf);
+ (void)intended_hostname; /* Not needed because we do not preload
+ * certificates. */
err = ntbtls_new (&sess->tls_session, NTBTLS_CLIENT);
if (err)
{
log_error ("ntbtls_new failed: %s\n", gpg_strerror (err));
- ntbtls_x509_cert_release (ca_chain);
goto leave;
}
- err = ntbtls_set_ca_chain (sess->tls_session, ca_chain, NULL);
}
#elif HTTP_USE_GNUTLS
{
gnutls_transport_set_ptr (sess->tls_session, NULL);
rc = gnutls_priority_set_direct (sess->tls_session,
- tls_priority? tls_priority : "NORMAL",
+ "NORMAL",
&errpos);
if (rc < 0)
{
goto leave;
}
}
-#else /*!HTTP_USE_GNUTLS*/
+#else /*!HTTP_USE_GNUTLS && !HTTP_USE_NTBTLS*/
{
- (void)tls_priority;
+ (void)intended_hostname;
+ (void)flags;
}
-#endif /*!HTTP_USE_GNUTLS*/
+#endif /*!HTTP_USE_GNUTLS && !HTTP_USE_NTBTLS*/
if (opt_debug > 1)
log_debug ("http.c:session_new: sess %p created\n", sess);
hd = xtrycalloc (1, sizeof *hd);
if (!hd)
return gpg_error_from_syserror ();
+ hd->magic = HTTP_CONTEXT_MAGIC;
hd->req_type = reqtype;
hd->flags = flags;
hd->session = http_session_ref (session);
gpg_error_t err = 0;
http_t hd;
cookie_t cookie;
- int hnf;
*r_hd = NULL;
hd = xtrycalloc (1, sizeof *hd);
if (!hd)
return gpg_error_from_syserror ();
+ hd->magic = HTTP_CONTEXT_MAGIC;
hd->req_type = HTTP_REQ_OPAQUE;
hd->flags = flags;
{
assuan_fd_t sock;
- sock = connect_server (server, port, hd->flags, srvtag, &hnf);
- if (sock == ASSUAN_INVALID_FD)
+ err = connect_server (server, port, hd->flags, srvtag, &sock);
+ if (err)
{
- err = gpg_err_make (default_errsource,
- (hnf? GPG_ERR_UNKNOWN_HOST
- : gpg_err_code_from_syserror ()));
xfree (hd);
return err;
}
if (!hd)
return;
+ log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
+
/* First remove the close notifications for the streams. */
if (hd->fp_read)
es_onclose (hd->fp_read, 0, fp_onclose_notification, hd);
if (hd->fp_write)
es_fclose (hd->fp_write);
http_session_unref (hd->session);
+ hd->magic = 0xdeadbeef;
http_release_parsed_uri (hd->uri);
while (hd->headers)
{
/* Return information pertaining to TLS. If TLS is not in use for HD,
NULL is returned. WHAT is used ask for specific information:
- (NULL) := Only check whether TLS is is use. Returns an
+ (NULL) := Only check whether TLS is in use. Returns an
unspecified string if TLS is in use. That string may
even be the empty string.
*/
char *proxy_authstr = NULL;
char *authstr = NULL;
int sock;
- int hnf;
if (hd->uri->use_tls && !hd->session)
{
&& *http_proxy ))
{
parsed_uri_t uri;
- int save_errno;
if (proxy)
http_proxy = proxy;
}
}
- sock = connect_server (*uri->host ? uri->host : "localhost",
- uri->port ? uri->port : 80,
- hd->flags, srvtag, &hnf);
- save_errno = errno;
+ err = connect_server (*uri->host ? uri->host : "localhost",
+ uri->port ? uri->port : 80,
+ hd->flags, srvtag, &sock);
http_release_parsed_uri (uri);
- if (sock == ASSUAN_INVALID_FD)
- gpg_err_set_errno (save_errno);
}
else
{
- sock = connect_server (server, port, hd->flags, srvtag, &hnf);
+ err = connect_server (server, port, hd->flags, srvtag, &sock);
}
- if (sock == ASSUAN_INVALID_FD)
+ if (err)
{
xfree (proxy_authstr);
- return gpg_err_make (default_errsource,
- (hnf? GPG_ERR_UNKNOWN_HOST
- : gpg_err_code_from_syserror ()));
+ return err;
}
hd->sock = my_socket_new (sock);
if (!hd->sock)
}
-
#if HTTP_USE_NTBTLS
if (hd->uri->use_tls)
{
my_socket_ref (hd->sock);
+ /* Until we support send/recv in estream under Windows we need
+ * to use es_fopencookie. */
+#ifdef HAVE_W32_SYSTEM
+ in = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "rb",
+ simple_cookie_functions);
+#else
in = es_fdopen_nc (hd->sock->fd, "rb");
+#endif
if (!in)
{
err = gpg_error_from_syserror ();
return err;
}
+#ifdef HAVE_W32_SYSTEM
+ out = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "wb",
+ simple_cookie_functions);
+#else
out = es_fdopen_nc (hd->sock->fd, "wb");
+#endif
if (!out)
{
err = gpg_error_from_syserror ();
return err;
}
+#ifdef HTTP_USE_NTBTLS
+ if (hd->session->verify_cb)
+ {
+ err = ntbtls_set_verify_cb (hd->session->tls_session,
+ my_ntbtls_verify_cb, hd);
+ if (err)
+ {
+ log_error ("ntbtls_set_verify_cb failed: %s\n",
+ gpg_strerror (err));
+ xfree (proxy_authstr);
+ return err;
+ }
+ }
+#endif /*HTTP_USE_NTBTLS*/
+
while ((err = ntbtls_handshake (hd->session->tls_session)))
{
switch (err)
}
hd->session->verify.done = 0;
- if (tls_callback)
+
+ /* Try the available verify callbacks until one returns success
+ * or a real error. Note that NTBTLS does the verification
+ * during the handshake via */
+#ifdef HTTP_USE_NTBTLS
+ err = 0; /* Fixme check that the CB has been called. */
+#else
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
+
+ if (hd->session->verify_cb
+ && gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
+ && gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
+ err = hd->session->verify_cb (hd->session->verify_cb_value,
+ hd, hd->session,
+ (hd->flags | hd->session->flags),
+ hd->session->tls_session);
+
+ if (tls_callback
+ && gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
+ && gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
err = tls_callback (hd, hd->session, 0);
- else
+
+ if (gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
+ && gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
err = http_verify_server_credentials (hd->session);
+
if (err)
{
log_info ("TLS connection authentication failed: %s <%s>\n",
xfree (proxy_authstr);
return err;
}
+
}
#elif HTTP_USE_GNUTLS
if (hd->uri->use_tls)
{
char portstr[35];
- if (port == 80)
+ if (port == (hd->uri->use_tls? 443 : 80))
*portstr = 0;
else
snprintf (portstr, sizeof portstr, ":%u", port);
if (h)
{
/* We have already seen a line with that name. Thus we assume
- it is a comma separated list and merge them. */
- p = xtrymalloc (strlen (h->value) + 1 + strlen (value)+ 1);
+ * it is a comma separated list and merge them. */
+ p = strconcat (h->value, ",", value, NULL);
if (!p)
return gpg_err_code_from_syserror ();
- strcpy (stpcpy (stpcpy (p, h->value), ","), value);
xfree (h->value);
h->value = p;
return 0;
}
-/* Actually connect to a server. Returns the file descriptor or -1 on
- error. ERRNO is set on error. */
-static assuan_fd_t
+/* Actually connect to a server. On success 0 is returned and the
+ * file descriptor for the socket is stored at R_SOCK; on error an
+ * error code is returned and ASSUAN_INVALID_FD is stored at
+ * R_SOCK. */
+static gpg_error_t
connect_server (const char *server, unsigned short port,
- unsigned int flags, const char *srvtag, int *r_host_not_found)
+ unsigned int flags, const char *srvtag, assuan_fd_t *r_sock)
{
gpg_error_t err;
assuan_fd_t sock = ASSUAN_INVALID_FD;
int hostfound = 0;
int anyhostaddr = 0;
int srv, connected;
- int last_errno = 0;
+ gpg_error_t last_err = 0;
struct srventry *serverlist = NULL;
- int ret;
- *r_host_not_found = 0;
+ *r_sock = ASSUAN_INVALID_FD;
+
#if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
init_sockets ();
#endif /*Windows*/
ASSUAN_SOCK_TOR);
if (sock == ASSUAN_INVALID_FD)
{
- if (errno == EHOSTUNREACH)
- *r_host_not_found = 1;
- log_error ("can't connect to '%s': %s\n", server, strerror (errno));
+ err = gpg_err_make (default_errsource,
+ (errno == EHOSTUNREACH)? GPG_ERR_UNKNOWN_HOST
+ : gpg_err_code_from_syserror ());
+ log_error ("can't connect to '%s': %s\n", server, gpg_strerror (err));
+ return err;
}
- else
- notify_netactivity ();
- return sock;
+
+ notify_netactivity ();
+ *r_sock = sock;
+ return 0;
#else /*!ASSUAN_SOCK_TOR*/
- gpg_err_set_errno (ENETUNREACH);
- return -1; /* Out of core. */
+ err = gpg_err_make (default_errsource, GPG_ERR_ENETUNREACH);
+ return ASSUAN_INVALID_FD;
#endif /*!HASSUAN_SOCK_TOR*/
}
log_info ("getting '%s' SRV for '%s' failed: %s\n",
srvtag, server, gpg_strerror (err));
/* Note that on error SRVCOUNT is zero. */
+ err = 0;
}
if (!serverlist)
up a fake SRV record. */
serverlist = xtrycalloc (1, sizeof *serverlist);
if (!serverlist)
- return -1; /* Out of core. */
+ return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+
serverlist->port = port;
strncpy (serverlist->target, server, DIMof (struct srventry, target));
serverlist->target[DIMof (struct srventry, target)-1] = '\0';
{
log_info ("resolving '%s' failed: %s\n",
serverlist[srv].target, gpg_strerror (err));
+ last_err = err;
continue; /* Not found - try next one. */
}
hostfound = 1;
sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
if (sock == ASSUAN_INVALID_FD)
{
- int save_errno = errno;
- log_error ("error creating socket: %s\n", strerror (errno));
+ err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
+ log_error ("error creating socket: %s\n", gpg_strerror (err));
free_dns_addrinfo (aibuf);
xfree (serverlist);
- errno = save_errno;
- return ASSUAN_INVALID_FD;
+ return err;
}
anyhostaddr = 1;
- ret = assuan_sock_connect (sock, ai->addr, ai->addrlen);
- if (ret)
- last_errno = errno;
+ if (assuan_sock_connect (sock, ai->addr, ai->addrlen))
+ {
+ last_err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
+ }
else
{
connected = 1;
server, (int)WSAGetLastError());
#else
log_error ("can't connect to '%s': %s\n",
- server, strerror (last_errno));
+ server, gpg_strerror (last_err));
#endif
}
- if (!hostfound || (hostfound && !anyhostaddr))
- *r_host_not_found = 1;
+ err = last_err? last_err : gpg_err_make (default_errsource,
+ GPG_ERR_UNKNOWN_HOST);
if (sock != ASSUAN_INVALID_FD)
assuan_sock_close (sock);
- gpg_err_set_errno (last_errno);
- return ASSUAN_INVALID_FD;
+ return err;
}
- return sock;
+
+ *r_sock = sock;
+ return 0;
+}
+
+
+/* Helper to read from a socket. This handles npth things and
+ * EINTR. */
+static gpgrt_ssize_t
+read_server (int sock, void *buffer, size_t size)
+{
+ int nread;
+
+ do
+ {
+#ifdef HAVE_W32_SYSTEM
+ /* Under Windows we need to use recv for a socket. */
+# if defined(USE_NPTH)
+ npth_unprotect ();
+# endif
+ nread = recv (sock, buffer, size, 0);
+# if defined(USE_NPTH)
+ npth_protect ();
+# endif
+
+#else /*!HAVE_W32_SYSTEM*/
+
+# ifdef USE_NPTH
+ nread = npth_read (sock, buffer, size);
+# else
+ nread = read (sock, buffer, size);
+# endif
+
+#endif /*!HAVE_W32_SYSTEM*/
+ }
+ while (nread == -1 && errno == EINTR);
+
+ return nread;
}
else
#endif /*HTTP_USE_GNUTLS*/
{
- do
- {
-#ifdef HAVE_W32_SYSTEM
- /* Under Windows we need to use recv for a socket. */
-# if defined(USE_NPTH)
- npth_unprotect ();
-# endif
- nread = recv (c->sock->fd, buffer, size, 0);
-# if defined(USE_NPTH)
- npth_protect ();
-# endif
-
-#else /*!HAVE_W32_SYSTEM*/
-
-# ifdef USE_NPTH
- nread = npth_read (c->sock->fd, buffer, size);
-# else
- nread = read (c->sock->fd, buffer, size);
-# endif
-
-#endif /*!HAVE_W32_SYSTEM*/
- }
- while (nread == -1 && errno == EINTR);
+ nread = read_server (c->sock->fd, buffer, size);
}
if (c->content_length_valid && nread > 0)
}
+#ifdef HAVE_W32_SYSTEM
+static gpgrt_ssize_t
+simple_cookie_read (void *cookie, void *buffer, size_t size)
+{
+ int sock = (int)(uintptr_t)cookie;
+ return read_server (sock, buffer, size);
+}
+
+static gpgrt_ssize_t
+simple_cookie_write (void *cookie, const void *buffer_arg, size_t size)
+{
+ int sock = (int)(uintptr_t)cookie;
+ const char *buffer = buffer_arg;
+ int nwritten;
+
+ if (write_server (sock, buffer, size))
+ {
+ gpg_err_set_errno (EIO);
+ nwritten = -1;
+ }
+ else
+ nwritten = size;
+
+ return (gpgrt_ssize_t)nwritten;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
#ifdef HTTP_USE_GNUTLS
/* Wrapper for gnutls_bye used by my_socket_unref. */
static void
gpg_error_t
http_verify_server_credentials (http_session_t sess)
{
-#if HTTP_USE_NTBTLS
- (void)sess;
- return 0; /* FIXME!! */
-#elif HTTP_USE_GNUTLS
+#if HTTP_USE_GNUTLS
static const char const errprefix[] = "TLS verification of peer failed";
int rc;
unsigned int status;
HTTP_FLAG_IGNORE_CL = 32, /* Ignore content-length. */
HTTP_FLAG_IGNORE_IPv4 = 64, /* Do not use IPv4. */
HTTP_FLAG_IGNORE_IPv6 = 128, /* Do not use IPv6. */
- HTTP_FLAG_TRUST_DEF = 256, /* Use the default CAs. */
- HTTP_FLAG_TRUST_SYS = 512 /* Also use the system defined CAs. */
+ HTTP_FLAG_TRUST_DEF = 256, /* Use the CAs configured for HKP. */
+ HTTP_FLAG_TRUST_SYS = 512, /* Also use the system defined CAs. */
+ HTTP_FLAG_NO_CRL = 1024 /* Do not consult CRLs for https. */
};
struct http_context_s;
typedef struct http_context_s *http_t;
+/* A TLS verify callback function. */
+typedef gpg_error_t (*http_verify_cb_t) (void *opaque,
+ http_t http,
+ http_session_t session,
+ unsigned int flags,
+ void *tls_context);
+
void http_set_verbose (int verbose, int debug);
void http_register_tls_callback (gpg_error_t (*cb)(http_t,http_session_t,int));
gpg_error_t http_session_new (http_session_t *r_session,
- const char *tls_priority,
const char *intended_hostname,
- unsigned int flags);
+ unsigned int flags,
+ http_verify_cb_t cb,
+ void *cb_value);
http_session_t http_session_ref (http_session_t sess);
void http_session_release (http_session_t sess);
*server++ = 0;
err = http_raw_connect (&http, server, 79,
- (opt.use_tor? HTTP_FLAG_FORCE_TOR : 0), NULL);
+ ((dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR : 0)
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
+ NULL);
if (err)
{
xfree (name);
unsigned int v6:1; /* Host supports AF_INET6. */
unsigned int onion:1;/* NAME is an onion (Tor HS) address. */
unsigned int dead:1; /* Host is currently unresponsive. */
+ unsigned int iporname_valid:1; /* The field IPORNAME below is valid */
+ /* (but may be NULL) */
time_t died_at; /* The time the host was marked dead. If this is
0 the host has been manually marked dead. */
char *cname; /* Canonical name of the host. Only set if this
is a pool or NAME has a numerical IP address. */
- char *v4addr; /* A string with the v4 IP address of the host.
- NULL if NAME has a numeric IP address or no v4
- address is available. */
- char *v6addr; /* A string with the v6 IP address of the host.
- NULL if NAME has a numeric IP address or no v6
- address is available. */
+ char *iporname; /* Numeric IP address or name for printing. */
unsigned short port; /* The port used by the host, 0 if unknown. */
char name[1]; /* The hostname. */
};
hi->v6 = 0;
hi->onion = 0;
hi->dead = 0;
+ hi->iporname_valid = 0;
hi->died_at = 0;
hi->cname = NULL;
- hi->v4addr = NULL;
- hi->v6addr = NULL;
+ hi->iporname = NULL;
hi->port = 0;
/* Add it to the hosttable. */
}
+/* Print a warninng iff Tor is not running but Tor has been requested.
+ * Also return true if it is not running. */
+static int
+tor_not_running_p (ctrl_t ctrl)
+{
+ assuan_fd_t sock;
+
+ if (!dirmngr_use_tor ())
+ return 0;
+
+ sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
+ if (sock != ASSUAN_INVALID_FD)
+ {
+ assuan_sock_close (sock);
+ return 0;
+ }
+
+ log_info ("(it seems Tor is not running)\n");
+ dirmngr_status (ctrl, "WARNING", "tor_not_running 0",
+ "Tor is enabled but the local Tor daemon"
+ " seems to be down", NULL);
+ return 1;
+}
+
+
/* Add the host AI under the NAME into the HOSTTABLE. If PORT is not
zero, it specifies which port to use to talk to the host. If NAME
specifies a pool (as indicated by IS_POOL), update the given
gpg_error_t tmperr;
char *tmphost;
int idx, tmpidx;
- int is_numeric = 0;
int i;
idx = find_hostinfo (name);
- if (!is_pool && !is_ip_address (name))
+ if (is_pool)
{
- /* This is a hostname but not a pool. Use the name
- as given without going through resolve_dns_addr. */
+ /* For a pool immediately convert the address to a string. */
+ tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
+ (DNS_NUMERICHOST | DNS_WITHBRACKET), &tmphost);
+ }
+ else if (!is_ip_address (name))
+ {
+ /* This is a hostname. Use the name as given without going
+ * through resolve_dns_addr. */
tmphost = xtrystrdup (name);
if (!tmphost)
tmperr = gpg_error_from_syserror ();
}
else
{
+ /* Do a PTR lookup on AI. If a name was not found the function
+ * returns the numeric address (with brackets). */
tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
DNS_WITHBRACKET, &tmphost);
- if (tmphost && is_ip_address (tmphost))
- is_numeric = 1;
}
if (tmperr)
if (tmpidx == -1)
{
- log_error ("map_host for '%s' problem: %s - '%s'"
- " [ignored]\n",
+ log_error ("map_host for '%s' problem: %s - '%s' [ignored]\n",
name, strerror (errno), tmphost);
}
else /* Set or update the entry. */
{
- char *ipaddr = NULL;
-
if (port)
hosttable[tmpidx]->port = port;
- if (!is_numeric)
- {
- xfree (tmphost);
- tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
- (DNS_NUMERICHOST
- | DNS_WITHBRACKET),
- &tmphost);
- if (tmperr)
- log_info ("resolve_dns_addr failed: %s\n",
- gpg_strerror (tmperr));
- else
- {
- ipaddr = tmphost;
- tmphost = NULL;
- }
- }
-
if (ai->family == AF_INET6)
{
hosttable[tmpidx]->v6 = 1;
- xfree (hosttable[tmpidx]->v6addr);
- hosttable[tmpidx]->v6addr = ipaddr;
}
else if (ai->family == AF_INET)
{
hosttable[tmpidx]->v4 = 1;
- xfree (hosttable[tmpidx]->v4addr);
- hosttable[tmpidx]->v4addr = ipaddr;
}
else
BUG ();
if (err)
{
xfree (reftbl);
+ if (gpg_err_code (err) == GPG_ERR_ECONNREFUSED)
+ tor_not_running_p (ctrl);
return err;
}
{
if (ai->family != AF_INET && ai->family != AF_INET6)
continue;
+ if (opt.disable_ipv4 && ai->family == AF_INET)
+ continue;
dirmngr_tick (ctrl);
add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx);
{
for (ai = aibuf; ai; ai = ai->next)
{
- if (ai->family == AF_INET6 || ai->family == AF_INET)
+ if (ai->family == AF_INET6
+ || (!opt.disable_ipv4 && ai->family == AF_INET))
{
err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host);
if (!err)
if (err)
return err;
+ /* FIXME: We need a lock for the hosttable. */
curtime = gnupg_get_time ();
for (idx=0; idx < hosttable_size; idx++)
if ((hi=hosttable[idx]))
}
else
diedstr = died = NULL;
- err = ks_printf_help (ctrl, "%3d %s %s %s %s%s%s%s%s%s%s%s\n",
+
+ if (!hi->iporname_valid)
+ {
+ char *canon = NULL;
+
+ xfree (hi->iporname);
+ hi->iporname = NULL;
+
+ /* Do a lookup just for the display purpose. */
+ if (hi->onion || hi->pool)
+ ;
+ else if (is_ip_address (hi->name))
+ {
+ dns_addrinfo_t aibuf, ai;
+
+ /* Turn the numerical IP address string into an AI and
+ * then do a DNS PTR lookup. */
+ if (!resolve_dns_name (hi->name, 0, 0,
+ SOCK_STREAM,
+ &aibuf, &canon))
+ {
+ if (canon && is_ip_address (canon))
+ {
+ xfree (canon);
+ canon = NULL;
+ }
+ for (ai = aibuf; !canon && ai; ai = ai->next)
+ {
+ resolve_dns_addr (ai->addr, ai->addrlen,
+ DNS_WITHBRACKET, &canon);
+ if (canon && is_ip_address (canon))
+ {
+ /* We already have the numeric IP - no need to
+ * display it a second time. */
+ xfree (canon);
+ canon = NULL;
+ }
+ }
+ }
+ free_dns_addrinfo (aibuf);
+ }
+ else
+ {
+ dns_addrinfo_t aibuf, ai;
+
+ /* Get the IP address as a string from a name. Note
+ * that resolve_dns_addr allocates CANON on success
+ * and thus terminates the loop. */
+ if (!resolve_dns_name (hi->name, 0,
+ hi->v6? AF_INET6 : AF_INET,
+ SOCK_STREAM,
+ &aibuf, NULL))
+ {
+ for (ai = aibuf; !canon && ai; ai = ai->next)
+ {
+ resolve_dns_addr (ai->addr, ai->addrlen,
+ DNS_NUMERICHOST|DNS_WITHBRACKET,
+ &canon);
+ }
+ }
+ free_dns_addrinfo (aibuf);
+ }
+
+ hi->iporname = canon;
+ hi->iporname_valid = 1;
+ }
+
+ err = ks_printf_help (ctrl, "%3d %s %s %s %s%s%s%s%s%s%s\n",
idx,
hi->onion? "O" : hi->v6? "6":" ",
hi->v4? "4":" ",
hi->dead? "d":" ",
hi->name,
- hi->v6addr? " v6=":"",
- hi->v6addr? hi->v6addr:"",
- hi->v4addr? " v4=":"",
- hi->v4addr? hi->v4addr:"",
+ hi->iporname? " (":"",
+ hi->iporname? hi->iporname : "",
+ hi->iporname? ")":"",
diedstr? " (":"",
diedstr? diedstr:"",
diedstr? ")":"" );
hi = hosttable[idx];
if (!hi)
continue;
+ hi->iporname_valid = 0;
if (!hi->dead)
continue;
hi->dead = 0;
*r_fp = NULL;
- err = http_session_new (&session, NULL, httphost, HTTP_FLAG_TRUST_DEF);
+ err = http_session_new (&session, httphost,
+ ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
+ | HTTP_FLAG_TRUST_DEF),
+ gnupg_http_tls_verify_cb, ctrl);
if (err)
goto leave;
http_session_set_log_cb (session, cert_log_cb);
/* fixme: AUTH */ NULL,
(httpflags
|(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
- |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
+ |(dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
+ |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
ctrl->http_proxy,
session,
NULL,
}
-/* Helper to evaluate the error code ERR form a send_request() call
+/* Helper to evaluate the error code ERR from a send_request() call
with REQUEST. The function returns true if the caller shall try
again. TRIES_LEFT points to a variable to track the number of
retries; this function decrements it and won't return true if it is
down to zero. */
static int
-handle_send_request_error (gpg_error_t err, const char *request,
+handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request,
unsigned int *tries_left)
{
int retry = 0;
switch (gpg_err_code (err))
{
case GPG_ERR_ECONNREFUSED:
- if (opt.use_tor)
- {
- assuan_fd_t sock;
-
- sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
- if (sock == ASSUAN_INVALID_FD)
- log_info ("(it seems Tor is not running)\n");
- else
- assuan_sock_close (sock);
- }
+ if (tor_not_running_p (ctrl))
+ break; /* A retry does not make sense. */
+ /* Okay: Tor is up or --use-tor is not used. */
/*FALLTHRU*/
case GPG_ERR_ENETUNREACH:
case GPG_ERR_ENETDOWN:
}
break;
+ case GPG_ERR_EACCES:
+ if (dirmngr_use_tor ())
+ {
+ log_info ("(Tor configuration problem)\n");
+ dirmngr_status (ctrl, "WARNING", "tor_config_problem 0",
+ "Please check that the \"SocksPort\" flag "
+ "\"IPv6Traffic\" is set in torrc", NULL);
+ }
+ break;
+
default:
break;
}
/* Send the request. */
err = send_request (ctrl, request, hostport, httphost, httpflags,
NULL, NULL, &fp, r_http_status);
- if (handle_send_request_error (err, request, &tries))
+ if (handle_send_request_error (ctrl, err, request, &tries))
{
reselect = 1;
goto again;
/* Send the request. */
err = send_request (ctrl, request, hostport, httphost, httpflags,
NULL, NULL, &fp, NULL);
- if (handle_send_request_error (err, request, &tries))
+ if (handle_send_request_error (ctrl, err, request, &tries))
{
reselect = 1;
goto again;
/* Send the request. */
err = send_request (ctrl, request, hostport, httphost, 0,
put_post_cb, &parm, &fp, NULL);
- if (handle_send_request_error (err, request, &tries))
+ if (handle_send_request_error (ctrl, err, request, &tries))
{
reselect = 1;
goto again;
once_more:
/* Note that we only use the system provided certificates with the
* fetch command. */
- err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_SYS);
+ err = http_session_new (&session, NULL,
+ ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
+ | HTTP_FLAG_TRUST_SYS),
+ gnupg_http_tls_verify_cb, ctrl);
if (err)
goto leave;
http_session_set_log_cb (session, cert_log_cb);
/* httphost */ NULL,
/* fixme: AUTH */ NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
- | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
+ | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
ctrl->http_proxy,
session,
NULL,
(void) ctrl;
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("LDAP access not possible due to Tor mode\n"));
(void) ctrl;
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("LDAP access not possible due to Tor mode\n"));
for ((ptr = (*m)->mod_values), (i = 1); ptr && *ptr; ptr++, i ++)
{
/* Assuming terminals are about 80 characters wide,
- display at most most about 10 lines of debugging
+ display at most about 10 lines of debugging
output. If we do trim the buffer, append '...' to
the end. */
const int max_len = 10 * 70;
/* Elide a warning. */
(void) ctrl;
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("LDAP access not possible due to Tor mode\n"));
xfree (u_dn);
return err;
}
- *url = malloc ( 8 + strlen (u_dn)
- + 1 + strlen (attrs)
- + 5 + strlen (u_filter) + 1 );
+
+ *url = strconcat ("ldap:///", u_dn, "?", attrs, "?sub?", u_filter, NULL);
if (!*url)
- {
- err = gpg_error_from_errno (errno);
- xfree (u_dn);
- xfree (u_filter);
- return err;
- }
+ err = gpg_error_from_syserror ();
+ else
+ err = 0;
- stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (*url, "ldap:///"),
- u_dn),
- "?"),
- attrs),
- "?sub?"),
- u_filter);
xfree (u_dn);
xfree (u_filter);
- return 0;
+ return err;
}
{
struct verify_status_parm_s *parm = opaque;
+ if (DBG_EXTPROG)
+ log_debug ("gpgv status: %s %s\n", keyword, args);
+
/* We care only about the first valid signature. */
if (!strcmp (keyword, "VALIDSIG") && !parm->anyvalid)
{
goto leave;
}
+ if (DBG_EXTPROG)
+ log_debug ("starting gpgv\n");
err = gnupg_exec_tool_stream (gnupg_module_name (GNUPG_MODULE_NAME_GPGV),
argv, swdb, swdb_sig, NULL,
verify_status_cb, &verify_status_parm);
if (!err && verify_status_parm.sigtime == (time_t)(-1))
err = gpg_error (verify_status_parm.anyvalid? GPG_ERR_BAD_SIGNATURE
/**/ : GPG_ERR_INV_TIME );
+ if (DBG_EXTPROG)
+ log_debug ("gpgv finished: err=%d\n", err);
if (err)
goto leave;
return hexify_data (buf, 20, 0);
}
+
+/* FIXME: Replace this by hextobin. */
char*
hexify_data (const unsigned char* data, size_t len, int with_prefix)
{
(void)ctrl;
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not allow OCSP via Tor due to possible privacy
concerns. Needs further research. */
once_more:
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
- | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
+ | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
ctrl->http_proxy, NULL, NULL, NULL);
if (err)
{
Dirmngr was a system service and not a user service. */
#define MAX_CERT_LENGTH (16*1024)
+/* The limit for the CERTLIST inquiry. We allow for up to 20
+ * certificates but also take PEM encoding into account. */
+#define MAX_CERTLIST_LENGTH ((MAX_CERT_LENGTH * 20 * 4)/3)
+
/* The same goes for OpenPGP keyblocks, but here we need to allow for
much longer blocks; a 200k keyblock is not too unusual for keys
with a lot of signatures (e.g. 0x5b0358a2). 9C31503C6D866396 even
const char *buffer = buffer_arg;
gpg_error_t err;
- /* If we do not want logging, enable it it here. */
+ /* If we do not want logging, enable it here. */
if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging)
ctrl->server_local->inhibit_data_logging_now = 1;
char *buf;
ksba_cert_t cert;
- if (name)
+ buf = name? strconcat (command, " ", name, NULL) : xtrystrdup (command);
+ if (!buf)
+ rc = gpg_error_from_syserror ();
+ else
{
- buf = xmalloc ( strlen (command) + 1 + strlen(name) + 1);
- strcpy (stpcpy (stpcpy (buf, command), " "), name);
+ rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
+ &value, &valuelen, MAX_CERT_LENGTH);
+ xfree (buf);
}
- else
- buf = xstrdup (command);
-
- rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
- &value, &valuelen, MAX_CERT_LENGTH);
- xfree (buf);
if (rc)
{
log_error (_("assuan_inquire(%s) failed: %s\n"),
-/* Ask back to return a certificate for name, given as a regular
- gpgsm certificate indentificates (e.g. fingerprint or one of the
- other methods). Alternatively, NULL may be used for NAME to
- return the current target certificate. Either return the certificate
- in a KSBA object or NULL if it is not available.
-*/
+/* Ask back to return a certificate for NAME, given as a regular gpgsm
+ * certificate identifier (e.g. fingerprint or one of the other
+ * methods). Alternatively, NULL may be used for NAME to return the
+ * current target certificate. Either return the certificate in a
+ * KSBA object or NULL if it is not available. */
ksba_cert_t
get_cert_local (ctrl_t ctrl, const char *name)
{
}
-/* Ask back to return the issuing certificate for name, given as a
- regular gpgsm certificate indentificates (e.g. fingerprint or one
- of the other methods). Alternatively, NULL may be used for NAME to
- return thecurrent target certificate. Either return the certificate
- in a KSBA object or NULL if it is not available.
-*/
+/* Ask back to return the issuing certificate for NAME, given as a
+ * regular gpgsm certificate identifier (e.g. fingerprint or one
+ * of the other methods). Alternatively, NULL may be used for NAME to
+ * return the current target certificate. Either return the certificate
+ * in a KSBA object or NULL if it is not available. */
ksba_cert_t
get_issuing_cert_local (ctrl_t ctrl, const char *name)
{
return do_get_cert_local (ctrl, name, "SENDISSUERCERT");
}
+
/* Ask back to return a certificate with subject NAME and a
- subjectKeyIdentifier of KEYID. */
+ * subjectKeyIdentifier of KEYID. */
ksba_cert_t
get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
{
return NULL;
}
- buf = xtrymalloc (15 + strlen (hexkeyid) + 2 + strlen(name) + 1);
+ buf = strconcat ("SENDCERT_SKI ", hexkeyid, " /", name, NULL);
if (!buf)
{
-
log_error ("can't allocate enough memory: %s\n", strerror (errno));
xfree (hexkeyid);
return NULL;
}
- strcpy (stpcpy (stpcpy (stpcpy (buf, "SENDCERT_SKI "), hexkeyid)," /"),name);
xfree (hexkeyid);
rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
else if (!strcmp (key, "honor-keyserver-url-used"))
{
/* Return an error if we are running in Tor mode. */
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
err = gpg_error (GPG_ERR_FORBIDDEN);
}
+ else if (!strcmp (key, "http-crl"))
+ {
+ int i = *value? atoi (value) : 0;
+ ctrl->http_no_crl = !i;
+ }
else
err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
static const char hlp_validate[] =
- "VALIDATE\n"
+ "VALIDATE [--systrust] [--tls] [--no-crl]\n"
"\n"
"Validate a certificate using the certificate validation function\n"
"used internally by dirmngr. This command is only useful for\n"
" INQUIRE TARGETCERT\n"
"\n"
"and the caller is expected to return the certificate for the\n"
- "request as a binary blob.";
+ "request as a binary blob. The option --tls modifies this by asking\n"
+ "for list of certificates with\n"
+ "\n"
+ " INQUIRE CERTLIST\n"
+ "\n"
+ "Here the first certificate is the target certificate, the remaining\n"
+ "certificates are suggested intermediary certificates. All certifciates\n"
+ "need to be PEM encoded.\n"
+ "\n"
+ "The option --systrust changes the behaviour to include the system\n"
+ "provided root certificates as trust anchors. The option --no-crl\n"
+ "skips CRL checks";
static gpg_error_t
cmd_validate (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
ksba_cert_t cert = NULL;
+ certlist_t certlist = NULL;
unsigned char *value = NULL;
size_t valuelen;
+ int systrust_mode, tls_mode, no_crl;
- (void)line;
+ systrust_mode = has_option (line, "--systrust");
+ tls_mode = has_option (line, "--tls");
+ no_crl = has_option (line, "--no-crl");
+ line = skip_options (line);
- err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
- &value, &valuelen, MAX_CERT_LENGTH);
+ if (tls_mode)
+ err = assuan_inquire (ctrl->server_local->assuan_ctx, "CERTLIST",
+ &value, &valuelen, MAX_CERTLIST_LENGTH);
+ else
+ err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
+ &value, &valuelen, MAX_CERT_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
if (!valuelen) /* No data returned; return a comprehensible error. */
err = gpg_error (GPG_ERR_MISSING_CERT);
+ else if (tls_mode)
+ {
+ estream_t fp;
+
+ fp = es_fopenmem_init (0, "rb", value, valuelen);
+ if (!fp)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ err = read_certlist_from_stream (&certlist, fp);
+ es_fclose (fp);
+ if (!err && !certlist)
+ err = gpg_error (GPG_ERR_MISSING_CERT);
+ if (!err)
+ {
+ /* Extraxt the first certificate from the list. */
+ cert = certlist->cert;
+ ksba_cert_ref (cert);
+ }
+ }
+ }
else
{
err = ksba_cert_new (&cert);
if(err)
goto leave;
- /* If we have this certificate already in our cache, use the cached
- version for validation because this will take care of any cached
- results. */
- {
- unsigned char fpr[20];
- ksba_cert_t tmpcert;
+ if (!tls_mode)
+ {
+ /* If we have this certificate already in our cache, use the
+ * cached version for validation because this will take care of
+ * any cached results. We don't need to do this in tls mode
+ * because this has already been done for certificate in a
+ * certlist_t. */
+ unsigned char fpr[20];
+ ksba_cert_t tmpcert;
- cert_compute_fpr (cert, fpr);
- tmpcert = get_cert_byfpr (fpr);
- if (tmpcert)
- {
- ksba_cert_release (cert);
- cert = tmpcert;
- }
- }
+ cert_compute_fpr (cert, fpr);
+ tmpcert = get_cert_byfpr (fpr);
+ if (tmpcert)
+ {
+ ksba_cert_release (cert);
+ cert = tmpcert;
+ }
+ }
+
+ /* Quick hack to make verification work by inserting the supplied
+ * certs into the cache. */
+ if (tls_mode && certlist)
+ {
+ certlist_t cl;
- err = validate_cert_chain (ctrl, cert, NULL, VALIDATE_MODE_CERT, NULL);
+ for (cl = certlist->next; cl; cl = cl->next)
+ cache_cert (cl->cert);
+ }
+
+ err = validate_cert_chain (ctrl, cert, NULL,
+ (VALIDATE_FLAG_TRUST_CONFIG
+ | (tls_mode ? VALIDATE_FLAG_TLS : 0)
+ | (systrust_mode ? VALIDATE_FLAG_TRUST_SYSTEM : 0)
+ | (no_crl ? VALIDATE_FLAG_NOCRLCHECK : 0)),
+ NULL);
leave:
ksba_cert_release (cert);
+ release_certlist (certlist);
return leave_cmd (ctx, err);
}
}
else if (!strcmp (line, "tor"))
{
- if (opt.use_tor)
+ int use_tor;
+
+ use_tor = dirmngr_use_tor ();
+ if (use_tor)
{
if (!is_tor_running (ctrl))
err = assuan_write_status (ctx, "NO_TOR", "Tor not running");
else
err = 0;
if (!err)
- assuan_set_okay_line (ctx, "- Tor mode is enabled");
+ assuan_set_okay_line (ctx, use_tor == 1 ? "- Tor mode is enabled"
+ /**/ : "- Tor mode is enforced");
}
else
err = set_error (GPG_ERR_FALSE, "Tor mode is NOT enabled");
#include "logging.h"
#include "http.h"
-
+#include <ksba.h>
#if HTTP_USE_NTBTLS
# include <ntbtls.h>
#elif HTTP_USE_GNUTLS
}
#endif
+#if HTTP_USE_NTBTLS
+static gpg_error_t
+my_http_tls_verify_cb (void *opaque,
+ http_t http,
+ http_session_t session,
+ unsigned int http_flags,
+ void *tls_context)
+{
+ gpg_error_t err;
+ int idx;
+ ksba_cert_t cert;
+ ksba_cert_t hostcert = NULL;
+
+ (void)opaque;
+ (void)http;
+ (void)session;
+ (void)http_flags;
+
+ /* Get the peer's certs fron ntbtls. */
+ for (idx = 0;
+ (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++)
+ {
+ if (!idx)
+ {
+ log_info ("Received host certificate\n");
+ hostcert = cert;
+ }
+ else
+ {
+
+ log_info ("Received additional certificate\n");
+ ksba_cert_release (cert);
+ }
+ }
+ if (!idx)
+ {
+ err = gpg_error (GPG_ERR_MISSING_CERT);
+ goto leave;
+ }
+
+ err = 0;
+
+ leave:
+ ksba_cert_release (hostcert);
+ log_info ("my_http_tls_verify_cb returns: %s\n", gpg_strerror (err));
+ return err;
+}
+#endif /*HTTP_USE_NTBTLS*/
+
+
+
/* Prepend FNAME with the srcdir environment variable's value and
return an allocated filename. */
static char *
{
int last_argc = -1;
gpg_error_t err;
- int rc;
- parsed_uri_t uri;
+ int rc; parsed_uri_t uri;
uri_tuple_t r;
http_t hd;
int c;
unsigned int my_http_flags = 0;
int no_out = 0;
int tls_dbg = 0;
+ int no_crl = 0;
const char *cafile = NULL;
http_session_t session = NULL;
"Options:\n"
" --verbose print timings etc.\n"
" --debug flyswatter\n"
- " --gnutls-debug N use GNUTLS debug level N\n"
+ " --tls-debug N use TLS debug level N\n"
" --cacert FNAME expect CA certificate in file FNAME\n"
" --no-verify do not verify the certificate\n"
" --force-tls use HTTP_FLAG_FORCE_TLS\n"
" --force-tor use HTTP_FLAG_FORCE_TOR\n"
- " --no-out do not print the content\n",
+ " --no-out do not print the content\n"
+ " --no-crl do not consuilt a CRL\n",
stdout);
exit (0);
}
debug++;
argc--; argv++;
}
- else if (!strcmp (*argv, "--gnutls-debug"))
+ else if (!strcmp (*argv, "--tls-debug"))
{
argc--; argv++;
if (argc)
no_out = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--no-crl"))
+ {
+ no_crl = 1;
+ argc--; argv++;
+ }
else if (!strncmp (*argv, "--", 2))
{
fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
assuan_sock_init ();
#if HTTP_USE_NTBTLS
-
- (void)err;
-
+ log_info ("new session.\n");
+ err = http_session_new (&session, NULL,
+ ((no_crl? HTTP_FLAG_NO_CRL : 0)
+ | HTTP_FLAG_TRUST_DEF),
+ my_http_tls_verify_cb, NULL);
+ if (err)
+ log_error ("http_session_new failed: %s\n", gpg_strerror (err));
ntbtls_set_debug (tls_dbg, NULL, NULL);
#elif HTTP_USE_GNUTLS
http_register_tls_callback (verify_callback);
http_register_tls_ca (cafile);
- err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF);
+ err = http_session_new (&session, NULL,
+ ((no_crl? HTTP_FLAG_NO_CRL : 0)
+ | HTTP_FLAG_TRUST_DEF),
+ NULL, NULL);
if (err)
log_error ("http_session_new failed: %s\n", gpg_strerror (err));
/* validate.c - Validate a certificate chain.
* Copyright (C) 2001, 2003, 2004, 2008 Free Software Foundation, Inc.
- * Copyright (C) 2004, 2006, 2008 g10 Code GmbH
+ * Copyright (C) 2004, 2006, 2008, 2017 g10 Code GmbH
*
* This file is part of DirMngr.
*
#include "validate.h"
#include "misc.h"
+
+/* Mode parameters for cert_check_usage(). */
+enum cert_usage_modes
+ {
+ CERT_USAGE_MODE_SIGN, /* Usable for encryption. */
+ CERT_USAGE_MODE_ENCR, /* Usable for signing. */
+ CERT_USAGE_MODE_VRFY, /* Usable for verification. */
+ CERT_USAGE_MODE_DECR, /* Usable for decryption. */
+ CERT_USAGE_MODE_CERT, /* Usable for cert signing. */
+ CERT_USAGE_MODE_OCSP, /* Usable for OCSP respone signing. */
+ CERT_USAGE_MODE_CRL /* Usable for CRL signing. */
+ };
+
+
/* While running the validation function we need to keep track of the
certificates and the validation outcome of each. We use this type
for it. */
static gpg_error_t check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert);
+/* Make sure that the values defined in the headers are correct. We
+ * can't use the preprocessor due to the use of enums. */
+static void
+check_header_constants (void)
+{
+ log_assert (CERTTRUST_CLASS_SYSTEM == VALIDATE_FLAG_TRUST_SYSTEM);
+ log_assert (CERTTRUST_CLASS_CONFIG == VALIDATE_FLAG_TRUST_CONFIG);
+ log_assert (CERTTRUST_CLASS_HKP == VALIDATE_FLAG_TRUST_HKP);
+ log_assert (CERTTRUST_CLASS_HKPSPOOL == VALIDATE_FLAG_TRUST_HKPSPOOL);
+
+#undef X
+#define X (VALIDATE_FLAG_TRUST_SYSTEM | VALIDATE_FLAG_TRUST_CONFIG \
+ | VALIDATE_FLAG_TRUST_HKP | VALIDATE_FLAG_TRUST_HKPSPOOL)
+
+#if ( X & VALIDATE_FLAG_MASK_TRUST ) != X
+# error VALIDATE_FLAG_MASK_TRUST is bad
+#endif
+#if ( ~X & VALIDATE_FLAG_MASK_TRUST )
+# error VALIDATE_FLAG_MASK_TRUST is bad
+#endif
+
+#undef X
+}
/* Check whether CERT contains critical extensions we don't know
return err;
if (!flag)
{
- if (!is_trusted_cert (cert))
+ if (!is_trusted_cert (cert, CERTTRUST_CLASS_CONFIG))
{
/* The German SigG Root CA's certificate does not flag
itself as a CA; thus we relax this requirement if we
int any_crl_too_old = 0;
chain_item_t ci;
- assert (ctrl->check_revocations_nest_level >= 0);
- assert (chain);
+ log_assert (ctrl->check_revocations_nest_level >= 0);
+ log_assert (chain);
if (ctrl->check_revocations_nest_level > 10)
{
R_TRUST_ANCHOR; in all other cases NULL is stored there. */
gpg_error_t
validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
- int mode, char **r_trust_anchor)
+ unsigned int flags, char **r_trust_anchor)
{
gpg_error_t err = 0;
int depth, maxdepth;
char *issuer = NULL;
char *subject = NULL;
- ksba_cert_t subject_cert = NULL, issuer_cert = NULL;
+ ksba_cert_t subject_cert = NULL;
+ ksba_cert_t issuer_cert = NULL;
ksba_isotime_t current_time;
ksba_isotime_t exptime;
int any_expired = 0;
int any_no_policy_match = 0;
chain_item_t chain;
+ check_header_constants ();
if (r_exptime)
*r_exptime = 0;
dump_cert ("subject", cert);
/* May the target certificate be used for this purpose? */
- switch (mode)
- {
- case VALIDATE_MODE_OCSP:
- err = cert_use_ocsp_p (cert);
- break;
- case VALIDATE_MODE_CRL:
- case VALIDATE_MODE_CRL_RECURSIVE:
- err = cert_use_crl_p (cert);
- break;
- default:
- err = 0;
- break;
- }
- if (err)
+ if ((flags & VALIDATE_FLAG_OCSP) && (err = check_cert_use_ocsp (cert)))
+ return err;
+ if ((flags & VALIDATE_FLAG_CRL) && (err = check_cert_use_crl (cert)))
return err;
/* If we already validated the certificate not too long ago, we can
/* We walk up the chain until we find a trust anchor. */
subject_cert = cert;
- maxdepth = 10;
+ maxdepth = 10; /* Sensible limit on the length of the chain. */
chain = NULL;
depth = 0;
for (;;)
goto leave;
/* Is this a self-signed certificate? */
- if (is_root_cert ( subject_cert, issuer, subject))
+ if (is_root_cert (subject_cert, issuer, subject))
{
/* Yes, this is our trust anchor. */
if (check_cert_sig (subject_cert, subject_cert) )
if (err)
goto leave; /* No. */
- err = is_trusted_cert (subject_cert);
+ err = is_trusted_cert (subject_cert,
+ (flags & VALIDATE_FLAG_MASK_TRUST));
if (!err)
; /* Yes we trust this cert. */
else if (gpg_err_code (err) == GPG_ERR_NOT_TRUSTED)
dump_cert ("issuer", issuer_cert);
}
- /* Now check the signature of the certificate. Well, we
- should delay this until later so that faked certificates
- can't be turned into a DoS easily. */
+ /* Now check the signature of the certificate. FIXME: we should
+ * delay this until later so that faked certificates can't be
+ * turned into a DoS easily. */
err = check_cert_sig (issuer_cert, subject_cert);
if (err)
{
}
}
#endif
- /* We give a more descriptive error code than the one
- returned from the signature checking. */
+ /* Return a more descriptive error code than the one
+ * returned from the signature checking. */
err = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
goto leave;
}
/* Check that the length of the chain is not longer than allowed
- by the CA. */
+ * by the CA. */
{
int chainlen;
}
/* May that certificate be used for certification? */
- err = cert_use_cert_p (issuer_cert);
+ err = check_cert_use_cert (issuer_cert);
if (err)
goto leave; /* No. */
issuer_cert = NULL;
}
+ /* Even if we have no error here we need to check whether we
+ * encountered an error somewhere during the checks. Set the error
+ * code to the most critical one. */
if (!err)
- { /* If we encountered an error somewhere during the checks, set
- the error code to the most critical one */
+ {
if (any_expired)
err = gpg_error (GPG_ERR_CERT_EXPIRED);
else if (any_no_policy_match)
cert_log_name (" certificate", citem->cert);
}
- if (!err && mode != VALIDATE_MODE_CRL)
+ /* Now check for revocations unless CRL checks are disabled or we
+ * are non-recursive CRL mode. */
+ if (!err
+ && !(flags & VALIDATE_FLAG_NOCRLCHECK)
+ && !((flags & VALIDATE_FLAG_CRL)
+ && !(flags & VALIDATE_FLAG_RECURSIVE)))
{ /* Now that everything is fine, walk the chain and check each
- certificate for revocations.
-
- 1. item in the chain - The root certificate.
- 2. item - the CA below the root
- last item - the target certificate.
-
- Now for each certificate in the chain check whether it has
- been included in a CRL and thus be revoked. We don't do OCSP
- here because this does not seem to make much sense. This
- might become a recursive process and we should better cache
- our validity results to avoid double work. Far worse a
- catch-22 may happen for an improper setup hierarchy and we
- need a way to break up such a deadlock. */
+ * certificate for revocations.
+ *
+ * 1. item in the chain - The root certificate.
+ * 2. item - the CA below the root
+ * last item - the target certificate.
+ *
+ * Now for each certificate in the chain check whether it has
+ * been included in a CRL and thus be revoked. We don't do OCSP
+ * here because this does not seem to make much sense. This
+ * might become a recursive process and we should better cache
+ * our validity results to avoid double work. Far worse a
+ * catch-22 may happen for an improper setup hierarchy and we
+ * need a way to break up such a deadlock. */
err = check_revocations (ctrl, chain);
}
if (!err && !(r_trust_anchor && *r_trust_anchor))
{
/* With no error we can update the validation cache. We do this
- for all certificates in the chain. Note that we can't use
- the cache if the caller requested to check the trustiness of
- the root certificate himself. Adding such a feature would
- require us to also store the fingerprint of root
- certificate. */
+ * for all certificates in the chain. Note that we can't use
+ * the cache if the caller requested to check the trustiness of
+ * the root certificate himself. Adding such a feature would
+ * require us to also store the fingerprint of root
+ * certificate. */
chain_item_t citem;
time_t validated_at = gnupg_get_time ();
/* Check the signature on CERT using the ISSUER_CERT. This function
- does only test the cryptographic signature and nothing else. It is
- assumed that the ISSUER_CERT is valid. */
+ * does only test the cryptographic signature and nothing else. It is
+ * assumed that the ISSUER_CERT is valid. */
static gpg_error_t
check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
{
/* Prepare the values for signature verification. At this point we
- have these values:
-
- S_PKEY - S-expression with the issuer's public key.
- S_SIG - Signature value as given in the certrificate.
- MD - Finalized hash context with hash of the certificate.
- ALGO_NAME - Lowercase hash algorithm name
+ * have these values:
+ *
+ * S_PKEY - S-expression with the issuer's public key.
+ * S_SIG - Signature value as given in the certificate.
+ * MD - Finalized hash context with hash of the certificate.
+ * ALGO_NAME - Lowercase hash algorithm name
*/
digestlen = gcry_md_get_algo_dlen (algo);
digest = gcry_md_read (md, algo);
if (pk_algo_from_sexp (s_pkey) == GCRY_PK_DSA)
{
+ /* NB.: We support only SHA-1 here because we had problems back
+ * then to get test data for DSA-2. Meanwhile DSA has been
+ * replaced by ECDSA which we do not yet support. */
if (digestlen != 20)
{
- log_error (_("DSA requires the use of a 160 bit hash algorithm\n"));
+ log_error ("DSA requires the use of a 160 bit hash algorithm\n");
gcry_md_close (md);
gcry_sexp_release (s_sig);
gcry_sexp_release (s_pkey);
(int)digestlen, digest) )
BUG ();
}
- else /* Not DSA. */
+ else /* Not DSA - we assume RSA */
{
if ( gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))",
algo_name, (int)digestlen, digest) )
\f
-/* Return 0 if the cert is usable for encryption. A MODE of 0 checks
- for signing, a MODE of 1 checks for encryption, a MODE of 2 checks
- for verification and a MODE of 3 for decryption (just for
- debugging). MODE 4 is for certificate signing, MODE 5 for OCSP
- response signing, MODE 6 is for CRL signing. */
-static int
-cert_usage_p (ksba_cert_t cert, int mode)
+/* Return 0 if CERT is usable for MODE. */
+static gpg_error_t
+check_cert_usage (ksba_cert_t cert, enum cert_usage_modes mode)
{
gpg_error_t err;
unsigned int use;
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
{
err = 0;
- if (opt.verbose && mode < 2)
+ if (opt.verbose && (mode == CERT_USAGE_MODE_SIGN
+ || mode == CERT_USAGE_MODE_ENCR))
log_info (_("no key usage specified - assuming all usages\n"));
use = ~0;
}
return err;
}
- if (mode == 4)
+ switch (mode)
{
+ case CERT_USAGE_MODE_SIGN:
+ case CERT_USAGE_MODE_VRFY:
+ if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
+ | KSBA_KEYUSAGE_NON_REPUDIATION)))
+ return 0;
+ log_info (mode == CERT_USAGE_MODE_VRFY
+ ? _("certificate should not have been used for signing\n")
+ : _("certificate is not usable for signing\n"));
+ break;
+
+ case CERT_USAGE_MODE_ENCR:
+ case CERT_USAGE_MODE_DECR:
+ if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT
+ | KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
+ return 0;
+ log_info (mode == CERT_USAGE_MODE_DECR
+ ? _("certificate should not have been used for encryption\n")
+ : _("certificate is not usable for encryption\n"));
+ break;
+
+ case CERT_USAGE_MODE_CERT:
if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
return 0;
log_info (_("certificate should not have "
"been used for certification\n"));
- return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
- }
+ break;
- if (mode == 5)
- {
+ case CERT_USAGE_MODE_OCSP:
if (use != ~0
&& (have_ocsp_signing
|| (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
return 0;
log_info (_("certificate should not have "
"been used for OCSP response signing\n"));
- return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
- }
+ break;
- if (mode == 6)
- {
+ case CERT_USAGE_MODE_CRL:
if ((use & (KSBA_KEYUSAGE_CRL_SIGN)))
return 0;
log_info (_("certificate should not have "
"been used for CRL signing\n"));
- return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+ break;
}
- if ((use & ((mode&1)?
- (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT):
- (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
- )
- return 0;
-
- log_info (mode==3? _("certificate should not have been used "
- "for encryption\n"):
- mode==2? _("certificate should not have been used for signing\n"):
- mode==1? _("certificate is not usable for encryption\n"):
- _("certificate is not usable for signing\n"));
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
}
+
/* Return 0 if the certificate CERT is usable for certification. */
gpg_error_t
-cert_use_cert_p (ksba_cert_t cert)
+check_cert_use_cert (ksba_cert_t cert)
{
- return cert_usage_p (cert, 4);
+ return check_cert_usage (cert, CERT_USAGE_MODE_CERT);
}
/* Return 0 if the certificate CERT is usable for signing OCSP
responses. */
gpg_error_t
-cert_use_ocsp_p (ksba_cert_t cert)
+check_cert_use_ocsp (ksba_cert_t cert)
{
- return cert_usage_p (cert, 5);
+ return check_cert_usage (cert, CERT_USAGE_MODE_OCSP);
}
/* Return 0 if the certificate CERT is usable for signing CRLs. */
gpg_error_t
-cert_use_crl_p (ksba_cert_t cert)
+check_cert_use_crl (ksba_cert_t cert)
{
- return cert_usage_p (cert, 6);
+ return check_cert_usage (cert, CERT_USAGE_MODE_CRL);
}
#define VALIDATE_H
-enum {
- /* Simple certificate validation mode. */
- VALIDATE_MODE_CERT = 0,
- /* Standard CRL issuer certificate validation; i.e. CRLs are not
- considered for CRL issuer certificates. */
- VALIDATE_MODE_CRL = 1,
- /* Full CRL validation. */
- VALIDATE_MODE_CRL_RECURSIVE = 2,
- /* Validation as used for OCSP. */
- VALIDATE_MODE_OCSP = 3
-};
+/* Flag values matching the CERTTRUST_CLASS values and a MASK for
+ * them. check_header_constants() checks their consistency. */
+#define VALIDATE_FLAG_TRUST_SYSTEM 1
+#define VALIDATE_FLAG_TRUST_CONFIG 2
+#define VALIDATE_FLAG_TRUST_HKP 4
+#define VALIDATE_FLAG_TRUST_HKPSPOOL 8
+#define VALIDATE_FLAG_MASK_TRUST 0x0f
+
+/* Standard CRL issuer certificate validation; i.e. CRLs are not
+ * considered for CRL issuer certificates. */
+#define VALIDATE_FLAG_CRL 64
+
+/* If this flag is set along with VALIDATE_FLAG_CRL a full CRL
+ * verification is done. */
+#define VALIDATE_FLAG_RECURSIVE 128
+
+/* Validation mode as used for OCSP. */
+#define VALIDATE_FLAG_OCSP 256
+
+/* Validation mode as used with TLS. */
+#define VALIDATE_FLAG_TLS 512
+
+/* Don't do CRL checks. */
+#define VALIDATE_FLAG_NOCRLCHECK 1024
/* Validate the certificate CHAIN up to the trust anchor. Optionally
return the closest expiration time in R_EXPTIME. */
gpg_error_t validate_cert_chain (ctrl_t ctrl,
ksba_cert_t cert, ksba_isotime_t r_exptime,
- int mode, char **r_trust_anchor);
+ unsigned int flags, char **r_trust_anchor);
/* Return 0 if the certificate CERT is usable for certification. */
-gpg_error_t cert_use_cert_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_cert (ksba_cert_t cert);
/* Return 0 if the certificate CERT is usable for signing OCSP
responses. */
-gpg_error_t cert_use_ocsp_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_ocsp (ksba_cert_t cert);
/* Return 0 if the certificate CERT is usable for signing CRLs. */
-gpg_error_t cert_use_crl_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_crl (ksba_cert_t cert);
#endif /*VALIDATE_H*/
only filled if the issuer certificate is available. The root has
been reached if this is the same string as the fingerprint. The
advantage of using this value is that it is guaranteed to have
- been been build by the same lookup algorithm as gpgsm uses.
+ been built by the same lookup algorithm as gpgsm uses.
For "uid" records this field lists the preferences in the same way
gpg's --edit-key menu does.
*** END_DECRYPTION
Mark the end of the actual decryption process. This are also
emitted when in --list-only mode.
+*** DECRYPTION_KEY <fpr> <fpr2> <otrust>
+ This line is emitted when a public key decryption succeeded in
+ providing a session key. <fpr> is the hexified fingerprint of the
+ actual key used for descryption. <fpr2> is the fingerprint of the
+ primary key. <otrust> is the letter with the ownertrust; this is
+ in general a 'u' which stands for ultimately trusted.
*** DECRYPTION_INFO <mdc_method> <sym_algo>
Print information about the symmetric encryption algorithm and the
MDC method. This will be emitted even if the decryption fails.
VALIDATION_MODEL describes the algorithm used to check the
validity of the key. The defaults are the standard Web of Trust
- model for gpg and the the standard X.509 model for gpgsm. The
+ model for gpg and the standard X.509 model for gpgsm. The
defined values are
- pgp :: The standard PGP WoT.
recent message was verified 4 seconds ago.'
*** PKA_TRUST_
- This is is one:
+ This is one of:
- PKA_TRUST_GOOD <addr-spec>
- PKA_TRUST_BAD <addr-spec>
.#gpgsm.some.help-item
This string is not translated.
-After translation you should remove the the hash mark so that the
+After translation you should remove the hash mark so that the
entry looks like.
.gpgsm.some.help-item
@item --allow-version-check
@opindex allow-version-check
Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get
-the list of current software versions. If this option is enabled, or
-if @option{use-tor} is active, the list is retrieved when the local
+the list of current software versions. If this option is enabled
+the list is retrieved in case the local
copy does not exist or is older than 5 to 7 days. See the option
@option{--query-swdb} of the command @command{gpgconf} for more
details. Note, that regardless of this option a version check can
a numerical IP address must be given (IPv6 or IPv4) and that no error
checking is done for @var{ipaddr}.
+@item --disable-ipv4
+@opindex disable-ipv4
+Disable the use of all IPv4 addresses. This option is mainly useful
+for debugging.
+
@item --disable-ldap
@opindex disable-ldap
Entirely disables the use of LDAP.
@end table
If DirMngr has not enough information about the given certificate (which
-is the case for not yet cached certificates), it will will inquire the
+is the case for not yet cached certificates), it will inquire the
missing data:
@example
@c c) No authorityKeyIdentifier exits: The certificate is retrieved
@c using @code{find_cert_bysubject} without the key ID argument. If
@c the certificate is in the certificate cache the first one with a
-@c matching subject is is directly returned. Then the requester is
+@c matching subject is directly returned. Then the requester is
@c asked via the Assuan inquiry ``SENDCERT'' and an exact
@c specification of the subject whether he can
@c provide this certificate. If this succeed the returned
@c respectively. The have already been described above under the
@c description of @code{crl_cache_insert}. If no certificate was found
@c or with no authorityKeyIdentifier, only the cache is consulted using
-@c @code{get_cert_bysubject}. The latter is is done under the assumption
+@c @code{get_cert_bysubject}. The latter is done under the assumption
@c that a matching certificate has explicitly been put into the
@c certificate cache. If the issuer's certificate could not be found,
@c the validation terminates with the error code @code{GPG_ERR_MISSING_CERT}.
: | sort | uniq | xargs echo gpg --recv-keys
Note that the invocation of sort is also required to wait for the
- of the listing before before starting the import.
+ of the listing before starting the import.
* Bug reporting and hacking
GnuPG has originally been developed in Germany because we have been
able to do that without being affected by the US export restrictions.
We had to reject any contributions from US citizens or from people
-living the the US. That changed by end of 2000 when the export
+living in the US. That changed by end of 2000 when the export
restrictions were basically dropped for all kind of freely available
software. However there are still some requirements in the US.
Quoting David Shaw: mail
@c
@c The rationale for this separation is that it allows access to the
@c secret key to be tightly controlled and audited, and it doesn't permit
-@c the the supplicant to either copy the key or to override the owner's
+@c the supplicant to either copy the key or to override the owner's
@c intentions.
@example
0. The actual values should not be relied upon; they shall only be used
to detect a change.
-The currently defined counters are are:
+The currently defined counters are:
@table @code
@item ANY
Incremented with any change of any of the other counters.
@item cache-ttl-opt-preset
This option sets the cache TTL for new entries created by GENKEY and
-PASSWD commands when using the @option{--preset} option. It it is not
+PASSWD commands when using the @option{--preset} option. It is not
used a default value is used.
@item s2k-count
@itemx -h
@opindex help
Print a usage message summarizing the most useful command-line options.
-Note that you cannot abbreviate this command.
+Note that you cannot arbitrarily abbreviate this command
+(though you can use its short form @option{-h}).
@item --warranty
@opindex warranty
the default is to a create certification and signing key.
The @code{expire} argument can be used to specify an expiration date
-for the key. Several formats are supported; commonly the ISO
-YYYY-MM-DD format is used. The values ``never'', ``none'' can be used
-for no expiration date. Not specifying a value, or using ``-''
-results in a key expiring in a reasonable default interval.
+for the key. Several formats are supported; commonly the ISO formats
+``YYYY-MM-DD'' or ``YYYYMMDDThhmmss'' are used. To make the key
+expire in N seconds, N days, N weeks, N months, or N years use
+``seconds=N'', ``Nd'', ``Nw'', ``Nm'', or ``Ny'' respectively. Not
+specifying a value, or using ``-'' results in a key expiring in a
+reasonable default interval. The values ``never'', ``none'' can be
+used for no expiration date.
If this command is used with @option{--batch},
@option{--pinentry-mode} has been set to @code{loopback}, and one of
encryption subkey or a signing subkey. If an algorithm is capable of
signing and encryption and such a subkey is desired, a @code{usage}
string must be given. This string is either ``default'' or ``-'' to
-keep the default or a comma delimited list of keywords: ``sign'' for a
-signing subkey, ``auth'' for an authentication subkey, and ``encr''
-for an encryption subkey (``encrypt'' can be used as alias for
-``encr''). The valid combinations depend on the algorithm.
+keep the default or a comma delimited list (or space delimited list)
+of keywords: ``sign'' for a signing subkey, ``auth'' for an
+authentication subkey, and ``encr'' for an encryption subkey
+(``encrypt'' can be used as alias for ``encr''). The valid
+combinations depend on the algorithm.
The @code{expire} argument can be used to specify an expiration date
-for the subkey. Several formats are supported; commonly the ISO
-YYYY-MM-DD format is used. The values ``never'', ``none'', or ``-''
-can be used for no expiration date.
+for the key. Several formats are supported; commonly the ISO formats
+``YYYY-MM-DD'' or ``YYYYMMDDThhmmss'' are used. To make the key
+expire in N seconds, N days, N weeks, N months, or N years use
+``seconds=N'', ``Nd'', ``Nw'', ``Nm'', or ``Ny'' respectively. Not
+specifying a value, or using ``-'' results in a key expiring in a
+reasonable default interval. The values ``never'', ``none'' can be
+used for no expiration date.
@item --generate-key
@opindex generate-key
use the specified keyring alone, use @option{--keyring} along with
@option{--no-default-keyring}.
-If the the option @option{--no-keyring} has been used no keyrings will
+If the option @option{--no-keyring} has been used no keyrings will
be used at all.
used with HKP keyservers.
@item auto-key-retrieve
- This is the same as the option @option{auto-key-retrieve}.
+ This is an obsolete alias for the option @option{auto-key-retrieve}.
+ Please do not use it; it will be removed in future versions..
@item honor-keyserver-url
When using @option{--refresh-keys}, if the key in question has a preferred
@item --export-options @code{parameters}
@opindex export-options
This is a space or comma delimited string that gives options for
-exporting keys. Options can be prepended with a `no-' to give the
-opposite meaning. The options are:
+exporting keys. Options can be prepended with a `no-' to give the
+opposite meaning. The options are:
@table @asis
helper script is provided to create these files (@pxref{addgnupghome}).
For internal purposes @command{@gpgname} creates and maintains a few other
-files; They all live in in the current home directory (@pxref{option
+files; They all live in the current home directory (@pxref{option
--homedir}). Only the @command{@gpgname} program may modify these files.
helper script is provided to create these files (@pxref{addgnupghome}).
For internal purposes @command{gpgsm} creates and maintains a few other files;
-they all live in in the current home directory (@pxref{option
+they all live in the current home directory (@pxref{option
--homedir}). Only @command{gpgsm} may modify these files.
@opindex logger-fd
Write log output to file descriptor @code{n} and not to stderr.
+@item --log-file @code{file}
+@opindex log-file
+Same as @option{--logger-fd}, except the logger data is written to
+file @code{file}. Use @file{socket://} to log to socket.
+
@item --ignore-time-conflict
@opindex ignore-time-conflict
GnuPG normally checks that the timestamps associated with keys and
@efindex ASSUAN_DEBUG
Changes the active Libassuan logging categories to @var{cats}. The
value for @var{cats} is an unsigned integer given in usual C-Syntax.
-A value of of 0 switches to a default category. If this option is not
+A value of 0 switches to a default category. If this option is not
used the categories are taken from the environment variable
@code{ASSUAN_DEBUG}. Note that this option has only an effect if the
Assuan debug flag has also been with the option @option{--debug}. For
message.
Note, that using gpg on the command line is in almost all cases not
-done with redirection but by letting gpg save the the signed message.
+done with redirection but by letting gpg save the signed message.
In this case gpg will save the message to different files or in case
the file names are identical, prompt the over to overwrite the first
one again.
• The scripts to create a Windows installer are now part of GnuPG.
Now for the detailed description of these new features. Note that the
- examples assume that that /gpg/ is installed as /gpg/. Your
+ examples assume that /gpg/ is installed as /gpg/. Your
installation may have it installed under the name /gpg2/.
at login time and use an environment variable (`GPG_AGENT_INFO') to
tell the other GnuPG modules how to connect to the agent. However,
correctly managing the start up and this environment variable is
- cumbersome so that that an easier method is required. Since GnuPG
+ cumbersome so that an easier method is required. Since GnuPG
2.0.16 the `--use-standard-socket' option already allowed to start the
agent on the fly; however the environment variable was still required.
A deficit of the OpenPGP protocol is that signatures carry only a
limited indication on which public key has been used to create a
signature. Thus a verification engine may only use this “long key id”
- to look up the the key in its own store or from a public keyserver.
+ to look up the key in its own store or from a public keyserver.
Unfortunately it has now become possible to create a key with a long
key id matching the key id of another key. Importing a key with a
long key id already used by another key in gpg’s local key store was
c = bintoasc[radbuf[2]&077];
iobuf_put(a, c);
iobuf_writestr(a,afx->eol);
- /* and the the trailer */
+ /* and the trailer */
if( afx->what >= DIM(tail_strings) )
log_bug("afx->what=%d", afx->what);
iobuf_writestr(a, "-----");
is assumed to have been enabled on OUT. On success, partial block
mode is disabled.
- If PT->BUF is NULL, the the caller must write out the data. In
+ If PT->BUF is NULL, the caller must write out the data. In
this case, if PT->LEN was 0, then partial body length mode was
enabled and the caller must disable it by calling
iobuf_set_partial_body_length_mode (out, 0). */
}
-/* Take a 20 byte hexencoded string and put it into the the provided
+/* Take a 20 byte hexencoded string and put it into the provided
20 byte buffer FPR in binary format. */
static int
unhexify_fpr (const char *hexstr, unsigned char *fpr)
{
struct ks_status_parm_s *parm = opaque;
gpg_error_t err = 0;
- const char *s;
+ const char *s, *s2;
+ const char *warn;
if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
{
err = gpg_error_from_syserror ();
}
}
+ else if ((s = has_leading_keyword (line, "WARNING")))
+ {
+ if ((s2 = has_leading_keyword (s, "tor_not_running")))
+ warn = _("Tor is not running");
+ else if ((s2 = has_leading_keyword (s, "tor_config_problem")))
+ warn = _("Tor is not properly configured");
+ else
+ warn = NULL;
+
+ if (warn)
+ {
+ log_info (_("WARNING: %s\n"), warn);
+ if (s2)
+ {
+ while (*s2 && !spacep (s2))
+ s2++;
+ while (*s2 && spacep (s2))
+ s2++;
+ if (*s2)
+ print_further_info ("%s", s2);
+ }
+ }
+ }
return err;
}
}
-/* Change the PIN of a an OpenPGP card. This is an interactive
+/* Change the PIN of an OpenPGP card. This is an interactive
function. */
void
change_pin (int unblock_v2, int allow_admin)
nread = iobuf_read( a, zfx->inbuf + n, count );
if( nread == -1 ) nread = 0;
n += nread;
- /* Algo 1 has no zlib header which requires us to to give
+ /* Algo 1 has no zlib header which requires us to give
* inflate an extra dummy byte to read. To be on the safe
* side we allow for up to 4 ff bytes. */
if( nread < count && zfx->algo == 1 && zfx->algo1hack < 4) {
if (fd == -1)
return;
+ if (! gnupg_fd_valid (fd))
+ log_fatal ("status-fd is invalid: %s\n", strerror (errno));
+
if (fd == 1)
statusfp = es_stdout;
else if (fd == 2)
&& !overflow && opt.verbose)
log_info(_("WARNING: '%s' is an empty file\n"), filename );
/* We can't encode the length of very large files because
- OpenPGP uses only 32 bit for file sizes. So if the the
+ OpenPGP uses only 32 bit for file sizes. So if the
size of a file is larger than 2^32 minus some bytes for
packet headers, we switch to partial length encoding. */
if ( tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) )
* The caller may provide a checked list of public keys in
* PROVIDED_PKS; if not the function builds a list of keys on its own.
*
- * Note that FILEFD is currently only used by cmd_encrypt in the the
+ * Note that FILEFD is currently only used by cmd_encrypt in the
* not yet finished server.c.
*/
int
&& !overflow && opt.verbose)
log_info(_("WARNING: '%s' is an empty file\n"), filename );
/* We can't encode the length of very large files because
- OpenPGP uses only 32 bit for file sizes. So if the the size
+ OpenPGP uses only 32 bit for file sizes. So if the size
of a file is larger than 2^32 minus some bytes for packet
headers, we switch to partial length encoding. */
if (tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) )
/*
* Export secret keys (to stdout or to --output FILE).
*
- * Depending on opt.armor the output is armored. If USERS is NULL,
- * all secret keys will be exported. STATS is either an export stats
- * object for update or NULL.
+ * Depending on opt.armor the output is armored. OPTIONS are defined
+ * in main.h. If USERS is NULL, all secret keys will be exported.
+ * STATS is either an export stats object for update or NULL.
*
* This function is the core of "gpg --export-secret-keys".
*/
int
-export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats)
+export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats)
{
- return do_export (ctrl, users, 1, 0, stats);
+ return do_export (ctrl, users, 1, options, stats);
}
* Export secret sub keys (to stdout or to --output FILE).
*
* This is the same as export_seckeys but replaces the primary key by
- * a stub key. Depending on opt.armor the output is armored. If
- * USERS is NULL, all secret subkeys will be exported. STATS is
- * either an export stats object for update or NULL.
+ * a stub key. Depending on opt.armor the output is armored. OPTIONS
+ * are defined in main.h. If USERS is NULL, all secret subkeys will
+ * be exported. STATS is either an export stats object for update or
+ * NULL.
*
* This function is the core of "gpg --export-secret-subkeys".
*/
int
-export_secsubkeys (ctrl_t ctrl, strlist_t users, export_stats_t stats)
+export_secsubkeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats)
{
- return do_export (ctrl, users, 2, 0, stats);
+ return do_export (ctrl, users, 2, options, stats);
}
err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
goto leave;
}
- /* Put the curve's OID into into the MPI array. This requires
+ /* Put the curve's OID into the MPI array. This requires
that we shift Q and D. For ECDH also insert the KDF parms. */
if (is_ecdh)
{
}
/* Always do the cleaning on the public key part if requested.
- Note that we don't yet set this option if we are exporting
- secret keys. Note that both export-clean and export-minimal
- only apply to UID sigs (0x10, 0x11, 0x12, and 0x13). A
- designated revocation is never stripped, even with
- export-minimal set. */
+ * Note that both export-clean and export-minimal only apply to
+ * UID sigs (0x10, 0x11, 0x12, and 0x13). A designated
+ * revocation is never stripped, even with export-minimal set. */
if ((options & EXPORT_CLEAN))
clean_key (keyblock, opt.verbose, (options&EXPORT_MINIMAL), NULL, NULL);
latest_key = node;
}
}
+
+ /* If no subkey was suitable check the primary key. */
+ if (!latest_key
+ && (node = keyblock) && node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ pk = node->pkt->pkt.public_key;
+ if (DBG_LOOKUP)
+ log_debug ("\tchecking primary key %08lX\n",
+ (ulong) keyid_from_pk (pk, NULL));
+ if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH))
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not usable for authentication\n");
+ }
+ else if (!pk->flags.valid)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not valid\n");
+ }
+ else if (pk->flags.revoked)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key has been revoked\n");
+ }
+ else if (pk->has_expired)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key has expired\n");
+ }
+ else if (pk->timestamp > curtime && !opt.ignore_valid_from)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not yet valid\n");
+ }
+ else
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key is fine\n");
+ latest_date = pk->timestamp;
+ latest_key = node;
+ }
+ }
}
if (!latest_key)
/* Find a public key identified by NAME.
*
- * If name appears to be a valid valid RFC822 mailbox (i.e., email
+ * If name appears to be a valid RFC822 mailbox (i.e., email
* address) and auto key lookup is enabled (no_akl == 0), then the
* specified auto key lookup methods (--auto-key-lookup) are used to
* import the key into the local keyring. Otherwise, just the local
ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
- ARGPARSE_s_n (aListKeys, "list-key", "@"), /* alias */
- ARGPARSE_s_n (aListSigs, "list-sig", "@"), /* alias */
- ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
+ ARGPARSE_c (aListKeys, "list-key", "@"), /* alias */
+ ARGPARSE_c (aListSigs, "list-sig", "@"), /* alias */
+ ARGPARSE_c (aCheckKeys, "check-sig", "@"), /* alias */
ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
+ es_printf ("auto-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
es_printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("compliance:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "gnupg");
es_printf ("default-new-key-algo:%lu:\n", GC_OPT_FLAG_NONE);
+ es_printf ("trust-model:%lu:\n", GC_OPT_FLAG_NONE);
/* The next one is an info only item and should match the macros at
the top of keygen.c */
case oCommandFD:
opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
+ if (! gnupg_fd_valid (opt.command_fd))
+ log_fatal ("command-fd is invalid: %s\n", strerror (errno));
break;
case oCommandFile:
opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1);
add_to_strlist2( &sl, *argv, utf8_strings );
{
export_stats_t stats = export_new_stats ();
- export_seckeys (ctrl, sl, stats);
+ export_seckeys (ctrl, sl, opt.export_options, stats);
export_print_stats (stats);
export_release_stats (stats);
}
add_to_strlist2( &sl, *argv, utf8_strings );
{
export_stats_t stats = export_new_stats ();
- export_secsubkeys (ctrl, sl, stats);
+ export_secsubkeys (ctrl, sl, opt.export_options, stats);
export_print_stats (stats);
export_release_stats (stats);
}
#endif /*USE_TOFU*/
break;
- case aListPackets:
default:
+ if (!opt.quiet)
+ log_info (_("WARNING: no command supplied."
+ " Trying to guess what you mean ...\n"));
+ /*FALLTHU*/
+ case aListPackets:
if( argc > 1 )
wrong_args("[filename]");
/* Issue some output for the unix newbie */
int i, len;
char *line;
+ if (! gnupg_fd_valid (fd))
+ log_fatal ("override-session-key-fd is invalid: %s\n", strerror (errno));
+
for (line = NULL, i = len = 100; ; i++ )
{
if (i >= len-1 )
oIgnoreTimeConflict,
oStatusFD,
oLoggerFD,
+ oLoggerFile,
oHomedir,
oWeakDigest,
oEnableSpecialFilenames,
+ oDebug,
aTest
};
ARGPARSE_s_i (oStatusFD, "status-fd",
N_("|FD|write status info to this FD")),
ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
+ ARGPARSE_s_s (oLoggerFile, "log-file", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
ARGPARSE_s_s (oWeakDigest, "weak-digest",
N_("|ALGO|reject signatures made with ALGO")),
ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
+ ARGPARSE_s_s (oDebug, "debug", "@"),
ARGPARSE_end ()
};
+/* The list of supported debug flags. */
+static struct debug_flags_s debug_flags [] =
+ {
+ { DBG_PACKET_VALUE , "packet" },
+ { DBG_MPI_VALUE , "mpi" },
+ { DBG_CRYPTO_VALUE , "crypto" },
+ { DBG_FILTER_VALUE , "filter" },
+ { DBG_IOBUF_VALUE , "iobuf" },
+ { DBG_MEMORY_VALUE , "memory" },
+ { DBG_CACHE_VALUE , "cache" },
+ { DBG_MEMSTAT_VALUE, "memstat" },
+ { DBG_TRUST_VALUE , "trust" },
+ { DBG_HASHING_VALUE, "hashing" },
+ { DBG_IPC_VALUE , "ipc" },
+ { DBG_CLOCK_VALUE , "clock" },
+ { DBG_LOOKUP_VALUE , "lookup" },
+ { DBG_EXTPROG_VALUE, "extprog" },
+ { 0, NULL }
+ };
+
int g10_errors_seen = 0;
opt.list_sigs=1;
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
break;
+ case oDebug:
+ if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
+ {
+ pargs.r_opt = ARGPARSE_INVALID_ARG;
+ pargs.err = ARGPARSE_PRINT_ERROR;
+ }
+ break;
case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
case oOutput: opt.outfile = pargs.r.ret_str; break;
- case oStatusFD: set_status_fd( pargs.r.ret_int ); break;
+ case oStatusFD:
+ set_status_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
+ break;
case oLoggerFD:
log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
break;
+ case oLoggerFile:
+ log_set_file (pargs.r.ret_str);
+ log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
+ | GPGRT_LOG_WITH_TIME
+ | GPGRT_LOG_WITH_PID) );
+ break;
case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
case oWeakDigest:
additional_weak_digest(pargs.r.ret_str);
}
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
(void)pk;
+ (void)no_create;
return '?';
}
#define NODE_FLAG_A 8
-/* A an object and a global instance to store selectors created from
+/* An object and a global instance to store selectors created from
* --import-filter keep-uid=EXPR.
* --import-filter drop-sig=EXPR.
*
* keydb_get_keyblock (hd, ...); // -> Result 1.
*
* Note: it is only possible to save a single save state at a time.
- * In other words, the the save stack only has room for a single
+ * In other words, the save stack only has room for a single
* instance of the state. */
void
keydb_push_found_state (KEYDB_HANDLE hd)
/*
- * Loop over all LOCUSR and and sign the uids after asking. If no
+ * Loop over all LOCUSR and sign the uids after asking. If no
* user id is marked, all user ids will be signed; if some user_ids
* are marked only those will be signed. If QUICK is true the
* function won't ask the user and use sensible defaults.
(ulong) pk->timestamp, (ulong) pk->expiredate);
if (node->pkt->pkttype == PKT_PUBLIC_KEY
&& !(opt.fast_list_mode || opt.no_expensive_trust_checks))
- es_putc (get_ownertrust_info (pk), fp);
+ es_putc (get_ownertrust_info (pk, 0), fp);
es_putc (':', fp);
es_putc (':', fp);
es_putc (':', fp);
static int did_warn = 0;
trust = get_validity_string (ctrl, pk, NULL);
- otrust = get_ownertrust_string (pk);
+ otrust = get_ownertrust_string (pk, 0);
/* Show a warning once */
if (!did_warn
* Set the primary uid flag for the selected UID. We will also reset
* all other primary uid flags. For this to work with have to update
* all the signature timestamps. If we would do this with the current
- * time, we lose quite a lot of information, so we use a a kludge to
+ * time, we lose quite a lot of information, so we use a kludge to
* do this: Just increment the timestamp by one second which is
* sufficient to updated a signature during import.
*/
pSERIALNO,
pCARDBACKUPKEY,
pHANDLE,
- pKEYSERVER
+ pKEYSERVER,
+ pKEYGRIP
};
struct para_data_s {
else if (!subkey && *s == 'c')
{
/* Accept 'c' for the primary key because USAGE_CERT
- will will be set anyway. This is for folks who
+ will be set anyway. This is for folks who
want to experiment with a cert-only primary key. */
current |= PUBKEY_USAGE_CERT;
}
gpg_error_t err;
unsigned char *public;
size_t publiclen;
- const char *algostr;
+ int algo;
if (hexgrip[0] == '&')
hexgrip++;
return 0;
publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL);
- get_pk_algo_from_canon_sexp (public, publiclen, &algostr);
+ algo = get_pk_algo_from_canon_sexp (public, publiclen);
xfree (public);
- /* FIXME: Mapping of ECC algorithms is probably not correct. */
- if (!algostr)
- return 0;
- else if (!strcmp (algostr, "rsa"))
- return PUBKEY_ALGO_RSA;
- else if (!strcmp (algostr, "dsa"))
- return PUBKEY_ALGO_DSA;
- else if (!strcmp (algostr, "elg"))
- return PUBKEY_ALGO_ELGAMAL_E;
- else if (!strcmp (algostr, "ecc"))
- return PUBKEY_ALGO_ECDH;
- else if (!strcmp (algostr, "ecdsa"))
- return PUBKEY_ALGO_ECDSA;
- else if (!strcmp (algostr, "eddsa"))
- return PUBKEY_ALGO_EDDSA;
- else
- return 0;
+ return map_pk_gcry_to_openpgp (algo);
}
{ "Preferences", pPREFERENCES },
{ "Revoker", pREVOKER },
{ "Handle", pHANDLE },
- { "Keyserver", pKEYSERVER },
- { NULL, 0 }
+ { "Keyserver", pKEYSERVER },
+ { "Keygrip", pKEYGRIP },
+ { NULL, 0 }
};
IOBUF fp;
byte *line;
else if (full) /* Full featured key generation. */
{
int subkey_algo;
- char *curve = NULL;
-
- /* Fixme: To support creating a primary key by keygrip we better
- also define the keyword for the parameter file. Note that
- the subkey case will never be asserted if a keygrip has been
- given. */
- algo = ask_algo (ctrl, 0, &subkey_algo, &use, NULL);
- if (subkey_algo)
+ char *key_from_hexgrip = NULL;
+
+ algo = ask_algo (ctrl, 0, &subkey_algo, &use, &key_from_hexgrip);
+ if (key_from_hexgrip)
{
- /* Create primary and subkey at once. */
- both = 1;
- if (algo == PUBKEY_ALGO_ECDSA
- || algo == PUBKEY_ALGO_EDDSA
- || algo == PUBKEY_ALGO_ECDH)
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo);
+ r->next = para;
+ para = r;
+
+ if (use)
{
- curve = ask_curve (&algo, &subkey_algo);
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = pKEYTYPE;
- sprintf( r->u.value, "%d", algo);
- r->next = para;
- para = r;
- nbits = 0;
- r = xmalloc_clear (sizeof *r + strlen (curve));
- r->key = pKEYCURVE;
- strcpy (r->u.value, curve);
+ r = xmalloc_clear( sizeof *r + 25 );
+ r->key = pKEYUSAGE;
+ sprintf( r->u.value, "%s%s%s",
+ (use & PUBKEY_USAGE_SIG)? "sign ":"",
+ (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
+ (use & PUBKEY_USAGE_AUTH)? "auth":"" );
r->next = para;
para = r;
}
- else
+
+ r = xmalloc_clear( sizeof *r + 40 );
+ r->key = pKEYGRIP;
+ strcpy (r->u.value, key_from_hexgrip);
+ r->next = para;
+ para = r;
+
+ xfree (key_from_hexgrip);
+ }
+ else
+ {
+ char *curve = NULL;
+
+ if (subkey_algo)
{
+ /* Create primary and subkey at once. */
+ both = 1;
+ if (algo == PUBKEY_ALGO_ECDSA
+ || algo == PUBKEY_ALGO_EDDSA
+ || algo == PUBKEY_ALGO_ECDH)
+ {
+ curve = ask_curve (&algo, &subkey_algo);
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo);
+ r->next = para;
+ para = r;
+ nbits = 0;
+ r = xmalloc_clear (sizeof *r + strlen (curve));
+ r->key = pKEYCURVE;
+ strcpy (r->u.value, curve);
+ r->next = para;
+ para = r;
+ }
+ else
+ {
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo);
+ r->next = para;
+ para = r;
+ nbits = ask_keysize (algo, 0);
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYLENGTH;
+ sprintf( r->u.value, "%u", nbits);
+ r->next = para;
+ para = r;
+ }
r = xmalloc_clear( sizeof *r + 20 );
- r->key = pKEYTYPE;
- sprintf( r->u.value, "%d", algo);
+ r->key = pKEYUSAGE;
+ strcpy( r->u.value, "sign" );
r->next = para;
para = r;
- nbits = ask_keysize (algo, 0);
+
r = xmalloc_clear( sizeof *r + 20 );
- r->key = pKEYLENGTH;
- sprintf( r->u.value, "%u", nbits);
+ r->key = pSUBKEYTYPE;
+ sprintf( r->u.value, "%d", subkey_algo);
+ r->next = para;
+ para = r;
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pSUBKEYUSAGE;
+ strcpy( r->u.value, "encrypt" );
r->next = para;
para = r;
- }
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = pKEYUSAGE;
- strcpy( r->u.value, "sign" );
- r->next = para;
- para = r;
-
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = pSUBKEYTYPE;
- sprintf( r->u.value, "%d", subkey_algo);
- r->next = para;
- para = r;
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = pSUBKEYUSAGE;
- strcpy( r->u.value, "encrypt" );
- r->next = para;
- para = r;
- if (algo == PUBKEY_ALGO_ECDSA
- || algo == PUBKEY_ALGO_EDDSA
- || algo == PUBKEY_ALGO_ECDH)
+ if (algo == PUBKEY_ALGO_ECDSA
+ || algo == PUBKEY_ALGO_EDDSA
+ || algo == PUBKEY_ALGO_ECDH)
+ {
+ if (algo == PUBKEY_ALGO_EDDSA
+ && subkey_algo == PUBKEY_ALGO_ECDH)
+ {
+ /* Need to switch to a different curve for the
+ encryption key. */
+ xfree (curve);
+ curve = xstrdup ("Curve25519");
+ }
+ r = xmalloc_clear (sizeof *r + strlen (curve));
+ r->key = pSUBKEYCURVE;
+ strcpy (r->u.value, curve);
+ r->next = para;
+ para = r;
+ }
+ }
+ else /* Create only a single key. */
{
- if (algo == PUBKEY_ALGO_EDDSA
- && subkey_algo == PUBKEY_ALGO_ECDH)
+ /* For ECC we need to ask for the curve before storing the
+ algo because ask_curve may change the algo. */
+ if (algo == PUBKEY_ALGO_ECDSA
+ || algo == PUBKEY_ALGO_EDDSA
+ || algo == PUBKEY_ALGO_ECDH)
{
- /* Need to switch to a different curve for the
- encryption key. */
- xfree (curve);
- curve = xstrdup ("Curve25519");
+ curve = ask_curve (&algo, NULL);
+ r = xmalloc_clear (sizeof *r + strlen (curve));
+ r->key = pKEYCURVE;
+ strcpy (r->u.value, curve);
+ r->next = para;
+ para = r;
}
- r = xmalloc_clear (sizeof *r + strlen (curve));
- r->key = pSUBKEYCURVE;
- strcpy (r->u.value, curve);
+
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
+
+ if (use)
+ {
+ r = xmalloc_clear( sizeof *r + 25 );
+ r->key = pKEYUSAGE;
+ sprintf( r->u.value, "%s%s%s",
+ (use & PUBKEY_USAGE_SIG)? "sign ":"",
+ (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
+ (use & PUBKEY_USAGE_AUTH)? "auth":"" );
+ r->next = para;
+ para = r;
+ }
+ nbits = 0;
}
- }
- else /* Create only a single key. */
- {
- /* For ECC we need to ask for the curve before storing the
- algo because ask_curve may change the algo. */
+
if (algo == PUBKEY_ALGO_ECDSA
|| algo == PUBKEY_ALGO_EDDSA
|| algo == PUBKEY_ALGO_ECDH)
{
- curve = ask_curve (&algo, NULL);
- r = xmalloc_clear (sizeof *r + strlen (curve));
- r->key = pKEYCURVE;
- strcpy (r->u.value, curve);
- r->next = para;
- para = r;
+ /* The curve has already been set. */
}
-
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = pKEYTYPE;
- sprintf( r->u.value, "%d", algo );
- r->next = para;
- para = r;
-
- if (use)
+ else
{
- r = xmalloc_clear( sizeof *r + 25 );
- r->key = pKEYUSAGE;
- sprintf( r->u.value, "%s%s%s",
- (use & PUBKEY_USAGE_SIG)? "sign ":"",
- (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
- (use & PUBKEY_USAGE_AUTH)? "auth":"" );
+ nbits = ask_keysize (both? subkey_algo : algo, nbits);
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
+ sprintf( r->u.value, "%u", nbits);
r->next = para;
para = r;
}
- nbits = 0;
- }
- if (algo == PUBKEY_ALGO_ECDSA
- || algo == PUBKEY_ALGO_EDDSA
- || algo == PUBKEY_ALGO_ECDH)
- {
- /* The curve has already been set. */
+ xfree (curve);
}
- else
- {
- nbits = ask_keysize (both? subkey_algo : algo, nbits);
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
- sprintf( r->u.value, "%u", nbits);
- r->next = para;
- para = r;
- }
-
- xfree (curve);
}
else /* Default key generation. */
{
int did_sub = 0;
u32 timestamp;
char *cache_nonce = NULL;
+ int algo;
+ u32 expire;
+ const char *key_from_hexgrip = NULL;
if (outctrl->dryrun)
{
node of the subkey but that is more work than just to pass the
current timestamp. */
- if (!card)
- err = do_create (get_parameter_algo( para, pKEYTYPE, NULL ),
+ algo = get_parameter_algo( para, pKEYTYPE, NULL );
+ expire = get_parameter_u32( para, pKEYEXPIRE );
+ key_from_hexgrip = get_parameter_value (para, pKEYGRIP);
+ if (key_from_hexgrip)
+ err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip,
+ pub_root, timestamp, expire, 0);
+ else if (!card)
+ err = do_create (algo,
get_parameter_uint( para, pKEYLENGTH ),
get_parameter_value (para, pKEYCURVE),
pub_root,
timestamp,
- get_parameter_u32( para, pKEYEXPIRE ), 0,
+ expire, 0,
outctrl->keygen_flags,
get_parameter_passphrase (para),
&cache_nonce, NULL);
else
- err = gen_card_key (1, get_parameter_algo( para, pKEYTYPE, NULL ),
+ err = gen_card_key (1, algo,
1, pub_root, ×tamp,
- get_parameter_u32 (para, pKEYEXPIRE));
+ expire);
/* Get the pointer to the generated public key packet. */
if (!err)
node = find_kbnode (pub_keyblock, PKT_PUBLIC_KEY);
if (!node)
{
- log_error ("Oops; publkic key lost!\n");
+ log_error ("Oops; public key lost!\n");
err = gpg_error (GPG_ERR_INTERNAL);
goto leave;
}
}
gcry_md_putc ( md, 0x99 ); /* ctb */
- /* What does it mean if n is greater than than 0xFFFF ? */
+ /* What does it mean if n is greater than 0xFFFF ? */
gcry_md_putc ( md, n >> 8 ); /* 2 byte length header */
gcry_md_putc ( md, n );
gcry_md_putc ( md, pk->version );
}
if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
- ownertrust_print = get_ownertrust_info (pk);
+ ownertrust_print = get_ownertrust_info (pk, 0);
else
ownertrust_print = 0;
if (fd == -1)
return;
+ if (! gnupg_fd_valid (fd))
+ log_fatal ("attribute-fd is invalid: %s\n", strerror (errno));
+
#ifdef HAVE_DOSISH_SYSTEM
setmode (fd, O_BINARY);
#endif
\f
/* A map of the all characters valid used for word_match()
- * Valid characters are in in this table converted to uppercase.
+ * Valid characters are in this table converted to uppercase.
* because the upper 128 bytes have special meaning, we assume
* that they are all valid.
* Note: We must use numerical values here in case that this program
else if ( mode == KEYDB_SEARCH_MODE_MAIL
|| mode == KEYDB_SEARCH_MODE_MAILSUB
|| mode == KEYDB_SEARCH_MODE_MAILEND) {
+ int have_angles = 1;
for (i=0, s= uid; i < uidlen && *s != '<'; s++, i++)
;
+ if (i == uidlen)
+ {
+ /* The UID is a plain addr-spec (cf. RFC2822 section 4.3). */
+ have_angles = 0;
+ s = uid;
+ i = 0;
+ }
if (i < uidlen) {
- /* skip opening delim and one char and look for the closing one*/
- s++; i++;
- for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
- ;
+ if (have_angles)
+ {
+ /* skip opening delim and one char and look for the closing one*/
+ s++; i++;
+ for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
+ ;
+ }
+ else
+ se = s + uidlen;
+
if (i < uidlen) {
i = se - s;
if (mode == KEYDB_SEARCH_MODE_MAIL) {
int export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options,
export_stats_t stats);
-int export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats);
-int export_secsubkeys (ctrl_t ctrl, strlist_t users, export_stats_t stats);
+int export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats);
+int export_secsubkeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats);
gpg_error_t export_pubkey_buffer (ctrl_t ctrl, const char *keyspec,
unsigned int options,
signature. */
struct
{
- /* A file descriptor of the the signed data. Only used if not -1. */
+ /* A file descriptor of the signed data. Only used if not -1. */
int data_fd;
/* A list of filenames with the data files or NULL. This is only
used if DATA_FD is -1. */
colon_datestr_from_pk( pk ),
colon_strtime (pk->expiredate) );
if (pk->flags.primary && !opt.fast_list_mode)
- es_putc (get_ownertrust_info (pk), es_stdout);
+ es_putc (get_ownertrust_info (pk, 1), es_stdout);
es_putc (':', es_stdout);
es_putc ('\n', es_stdout);
}
log_assert (mainpk);
- /* In case we did not found a valid valid textual userid above
+ /* In case we did not found a valid textual userid above
we print the first user id packet or a "[?]" instead along
with the "Good|Expired|Bad signature" line. */
if (!count)
block length. This is so that the packet parsing code works even
for unknown algorithms (for which we assume 8 due to tradition).
- NOTE: If you change the the returned blocklen above 16, check
+ NOTE: If you change the returned blocklen above 16, check
the callers because they may use a fixed size buffer of that
size. */
switch (algo)
int i, len;
char *pw;
+ if (! gnupg_fd_valid (fd))
+ log_fatal ("passphrase-fd is invalid: %s\n", strerror (errno));
+
if ( !opt.batch && opt.pinentry_mode != PINENTRY_MODE_LOOPBACK)
{ /* Not used but we have to do a dummy read, so that it won't end
up at the begin of the message if the quite usual trick to
int show=0;
int min_num;
int did_help=defer_help;
- unsigned int minimum = tdb_get_min_ownertrust (pk);
+ unsigned int minimum = tdb_get_min_ownertrust (pk, 0);
switch(minimum)
{
* success the new key is added to PK_LIST_ADDR. NAME is the user id
* of the key. USE the requested usage and a set MARK_HIDDEN will
* mark the key in the updated list as a hidden recipient. If
- * FROM_FILE is true, NAME is is not a user ID but the name of a file
+ * FROM_FILE is true, NAME is not a user ID but the name of a file
* holding a key. */
gpg_error_t
find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
/* Now get the DEK (data encryption key) from the frame
*
- * Old versions encode the DEK in in this format (msb is left):
+ * Old versions encode the DEK in this format (msb is left):
*
* 0 1 DEK(16 bytes) CSUM(2 bytes) 0 RND(n bytes) 2
*
if (DBG_CRYPTO)
log_printhex ("DEK is:", dek->key, dek->keylen);
- /* Check that the algo is in the preferences and whether it has expired. */
+ /* Check that the algo is in the preferences and whether it has
+ * expired. Also print a status line with the key's fingerprint. */
{
PKT_public_key *pk = NULL;
+ PKT_public_key *mainpk = NULL;
KBNODE pkb = get_pubkeyblock (keyid);
if (!pkb)
&& !is_algo_in_prefs (pkb, PREFTYPE_SYM, dek->algo))
log_info (_("WARNING: cipher algorithm %s not found in recipient"
" preferences\n"), openpgp_cipher_algo_name (dek->algo));
+
if (!err)
{
- KBNODE k;
+ kbnode_t k;
+ int first = 1;
for (k = pkb; k; k = k->next)
{
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
u32 aki[2];
- keyid_from_pk (k->pkt->pkt.public_key, aki);
+ if (first)
+ {
+ first = 0;
+ mainpk = k->pkt->pkt.public_key;
+ }
+
+ keyid_from_pk (k->pkt->pkt.public_key, aki);
if (aki[0] == keyid[0] && aki[1] == keyid[1])
{
pk = k->pkt->pkt.public_key;
show_revocation_reason (pk, 1);
}
+ if (is_status_enabled () && pk && mainpk)
+ {
+ char pkhex[MAX_FINGERPRINT_LEN*2+1];
+ char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
+
+ hexfingerprint (pk, pkhex, sizeof pkhex);
+ hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
+
+ /* Note that we do not want to create a trustdb just for
+ * getting the ownertrust: If there is no trustdb there can't
+ * be ulitmately trusted key anyway and thus the ownertrust
+ * value is irrelevant. */
+ write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c",
+ pkhex, mainpkhex,
+ get_ownertrust_info (mainpk, 1));
+
+ }
+
release_kbnode (pkb);
err = 0;
}
to stdout or the filename given by --output. REASON describes the
revocation reason. PSK is the public primary key - we expect that
a corresponding secret key is available. KEYBLOCK is the entire
- KEYBLOCK which is used in PGP mode to write a a minimal key and not
+ KEYBLOCK which is used in PGP mode to write a minimal key and not
just the naked revocation signature; it may be NULL. If LEADINTEXT
is not NULL, it is written right before the (armored) output.*/
static int
* along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
-/* For historic reasons gpg uses RIPE-MD160 to to identify names in
+/* For historic reasons gpg uses RIPE-MD160 to identify names in
the trustdb. It would be better to change that to SHA-1, to take
advantage of a SHA-1 hardware operation provided by some CPUs.
This would break trustdb compatibility and thus we don't want to do
gpg_error_t
gpg_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line)
{
- if (opt.verbose)
- {
- char *linecopy = xtrystrdup (line);
- char *fields[4];
-
- if (linecopy
- && split_fields (linecopy, fields, DIM (fields)) >= 4
- && !strcmp (fields[0], "PINENTRY_LAUNCHED"))
- log_info (_("pinentry launched (pid %s, flavor %s, version %s)\n"),
- fields[1], fields[2], fields[3]);
+ const char *s;
- xfree (linecopy);
+ if (opt.verbose
+ && !strncmp (line, "PINENTRY_LAUNCHED", 17)
+ && (line[17]==' '||!line[17]))
+ {
+ for (s = line + 17; *s && spacep (s); s++)
+ ;
+ log_info (_("pinentry launched (%s)\n"), s);
}
if (!ctrl || !ctrl->server_local
pk = sk_rover->pk;
/* Build the signature packet. */
- sig = xmalloc_clear (sizeof *sig);
+ sig = xtrycalloc (1, sizeof *sig);
+ if (!sig)
+ return gpg_error_from_syserror ();
+
if (duration || opt.sig_policy_url
|| opt.sig_notations || opt.sig_keyserver_url)
sig->version = 4;
print_status_sig_created (pk, sig, status_letter);
free_packet (&pkt);
if (rc)
- log_error ("build signature packet failed: %s\n", gpg_strerror (rc));
+ log_error ("build signature packet failed: %s\n",
+ gpg_strerror (rc));
}
+ else
+ xfree (sig);
+
if (rc)
return rc;
}
(void)username;
- init_trustdb();
+ init_trustdb (0);
/* For now we ignore the user ID. */
if (1)
{
int i;
byte *p;
- init_trustdb();
+ init_trustdb (0);
es_printf (_("# List of assigned trustvalues, created %s\n"
"# (Use \"gpg --import-ownertrust\" to restore them)\n"),
asctimestamp( make_timestamp() ) );
int any = 0;
int rc;
- init_trustdb();
+ init_trustdb (0);
if( iobuf_is_pipe_filename (fname) ) {
fp = es_stdin;
fname = "[stdin]";
if( !rc ) { /* found: update */
if (rec.r.trust.ownertrust != otrust)
{
- if( rec.r.trust.ownertrust )
- log_info("changing ownertrust from %u to %u\n",
- rec.r.trust.ownertrust, otrust );
- else
- log_info("setting ownertrust to %u\n", otrust );
+ if (!opt.quiet)
+ {
+ if( rec.r.trust.ownertrust )
+ log_info("changing ownertrust from %u to %u\n",
+ rec.r.trust.ownertrust, otrust );
+ else
+ log_info("setting ownertrust to %u\n", otrust );
+ }
rec.r.trust.ownertrust = otrust;
write_record (&rec );
any = 1;
}
}
else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) { /* insert */
- log_info("inserting ownertrust of %u\n", otrust );
+ if (!opt.quiet)
+ log_info("inserting ownertrust of %u\n", otrust );
memset (&rec, 0, sizeof rec);
rec.recnum = tdbio_new_recnum ();
rec.rectype = RECTYPE_TRUST;
}
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
(void)pk;
+ (void)no_create;
return '?';
}
else if (!response[0])
/* Default to unknown. Don't save it. */
{
- tty_printf (_("Defaulting to unknown."));
+ tty_printf (_("Defaulting to unknown.\n"));
*policy = TOFU_POLICY_UNKNOWN;
break;
}
/* Return the effective policy for the binding <FINGERPRINT, EMAIL>
* (email has already been normalized) and any conflict information in
* *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns
- * _tofu_GET_POLICY_ERROR if an error occurs. */
+ * _tofu_GET_POLICY_ERROR if an error occurs.
+ *
+ * This function registers the binding in the bindings table if it has
+ * not yet been registered.
+ */
static enum tofu_policy
get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
const char *fingerprint, const char *user_id, const char *email,
static enum tofu_policy
get_trust (ctrl_t ctrl, PKT_public_key *pk,
const char *fingerprint, const char *email,
- const char *user_id, int may_ask, time_t now)
+ const char *user_id, int may_ask,
+ enum tofu_policy *policyp, strlist_t *conflict_setp,
+ time_t now)
{
tofu_dbs_t dbs = ctrl->tofu.dbs;
int in_transaction = 0;
&& _tofu_GET_TRUST_ERROR != TRUST_FULLY
&& _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE);
+ begin_transaction (ctrl, 0);
+ in_transaction = 1;
+
+ /* We need to call get_policy even if the key is ultimately trusted
+ * to make sure the binding has been registered. */
+ policy = get_policy (dbs, pk, fingerprint, user_id, email,
+ &conflict_set, now);
+
/* If the key is ultimately trusted, there is nothing to do. */
{
u32 kid[2];
if (tdb_keyid_is_utk (kid))
{
trust_level = TRUST_ULTIMATE;
+ policy = TOFU_POLICY_GOOD;
goto out;
}
}
- begin_transaction (ctrl, 0);
- in_transaction = 1;
-
- policy = get_policy (dbs, pk, fingerprint, user_id, email, &conflict_set, now);
if (policy == TOFU_POLICY_AUTO)
{
policy = opt.tofu_default_policy;
}
else
{
- for (iter = conflict_set; iter; iter = iter->next)
- show_statistics (dbs, iter->d, email,
- TOFU_POLICY_ASK, NULL, 1, now);
-
trust_level = TRUST_UNDEFINED;
}
if (in_transaction)
end_transaction (ctrl, 0);
- free_strlist (conflict_set);
+ if (policyp)
+ *policyp = policy;
+
+ if (conflict_setp)
+ *conflict_setp = conflict_set;
+ else
+ free_strlist (conflict_set);
return trust_level;
}
*
* POLICY is the key's policy (as returned by get_policy).
*
- * Returns 0 if if ONLY_STATUS_FD is set. Otherwise, returns whether
+ * Returns 0 if ONLY_STATUS_FD is set. Otherwise, returns whether
* the caller should call show_warning after iterating over all user
* ids.
*/
/* Get the signature stats. */
rc = gpgsql_exec_printf
(dbs->db, strings_collect_cb, &strlist, &err,
- "select count (*), min (signatures.time), max (signatures.time)\n"
+ "select count (*), coalesce (min (signatures.time), 0),\n"
+ " coalesce (max (signatures.time), 0)\n"
" from signatures\n"
" left join bindings on signatures.binding = bindings.oid\n"
" where fingerprint = %Q and email = %Q;",
/* Get the encryption stats. */
rc = gpgsql_exec_printf
(dbs->db, strings_collect_cb, &strlist, &err,
- "select count (*), min (encryptions.time), max (encryptions.time)\n"
+ "select count (*), coalesce (min (encryptions.time), 0),\n"
+ " coalesce (max (encryptions.time), 0)\n"
" from encryptions\n"
" left join bindings on encryptions.binding = bindings.oid\n"
" where fingerprint = %Q and email = %Q;",
/* Make sure the binding exists and record any TOFU
conflicts. */
- if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0, now)
+ if (get_trust (ctrl, pk, fingerprint, email, user_id->d,
+ 0, NULL, NULL, now)
== _tofu_GET_TRUST_ERROR)
{
rc = gpg_error (GPG_ERR_GENERAL);
if (! user_id_list)
log_info (_("WARNING: Encrypting to %s, which has no "
- "non-revoked user ids.\n"),
+ "non-revoked user ids\n"),
keystr (pk->keyid));
}
for (user_id = user_id_list; user_id; user_id = user_id->next)
{
char *email = email_from_user_id (user_id->d);
+ strlist_t conflict_set = NULL;
+ enum tofu_policy policy;
/* Make sure the binding exists and that we recognize any
conflicts. */
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
- may_ask, now);
+ may_ask, &policy, &conflict_set, now);
if (tl == _tofu_GET_TRUST_ERROR)
{
/* An error. */
goto die;
}
+
+ /* If there is a conflict and MAY_ASK is true, we need to show
+ * the TOFU statistics for the current binding and the
+ * conflicting bindings. But, if we are not in batch mode, then
+ * they have already been printed (this is required to make sure
+ * the information is available to the caller before cpr_get is
+ * called). */
+ if (policy == TOFU_POLICY_ASK && may_ask && opt.batch)
+ {
+ strlist_t iter;
+
+ /* The conflict set should contain at least the current
+ * key. */
+ log_assert (conflict_set);
+
+ for (iter = conflict_set; iter; iter = iter->next)
+ show_statistics (dbs, iter->d, email,
+ TOFU_POLICY_ASK, NULL, 1, now);
+ }
+
+ free_strlist (conflict_set);
+
rc = gpgsql_stepx
(dbs->db, &dbs->s.register_encryption, NULL, NULL, &err,
"insert into encryptions\n"
int bindings = 0;
int bindings_valid = 0;
int need_warning = 0;
+ int had_conflict = 0;
dbs = opendbs (ctrl);
if (! dbs)
for (user_id = user_id_list; user_id; user_id = user_id->next, bindings ++)
{
char *email = email_from_user_id (user_id->d);
+ strlist_t conflict_set = NULL;
+ enum tofu_policy policy;
/* Always call get_trust to make sure the binding is
registered. */
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
- may_ask, now);
+ may_ask, &policy, &conflict_set, now);
if (tl == _tofu_GET_TRUST_ERROR)
{
/* An error. */
if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED)
{
- enum tofu_policy policy =
- get_policy (dbs, pk, fingerprint, user_id->d, email, NULL, now);
+ /* If policy is ask, then we already printed out the
+ * conflict information in ask_about_binding or will do so
+ * in a moment. */
+ if (policy != TOFU_POLICY_ASK)
+ need_warning |=
+ show_statistics (dbs, fingerprint, email, policy, NULL, 0, now);
+
+ /* If there is a conflict and MAY_ASK is true, we need to
+ * show the TOFU statistics for the current binding and the
+ * conflicting bindings. But, if we are not in batch mode,
+ * then they have already been printed (this is required to
+ * make sure the information is available to the caller
+ * before cpr_get is called). */
+ if (policy == TOFU_POLICY_ASK && opt.batch)
+ {
+ strlist_t iter;
+
+ /* The conflict set should contain at least the current
+ * key. */
+ log_assert (conflict_set);
- need_warning |=
- show_statistics (dbs, fingerprint, email, policy, NULL, 0, now);
+ had_conflict = 1;
+ for (iter = conflict_set; iter; iter = iter->next)
+ show_statistics (dbs, iter->d, email,
+ TOFU_POLICY_ASK, NULL, 1, now);
+ }
}
+ free_strlist (conflict_set);
+
if (tl == TRUST_NEVER)
trust_level = TRUST_NEVER;
else if (tl == TRUST_EXPIRED)
xfree (email);
}
- if (need_warning)
+ if (need_warning && ! had_conflict)
show_warning (fingerprint, user_id_list);
die:
(void)pk;
return TRUST_UNKNOWN;
#else
- return tdb_get_ownertrust (pk);
+ return tdb_get_ownertrust (pk, 0);
#endif
}
/*
* Same as get_ownertrust but this takes the minimum ownertrust value
- * into into account, and will bump up the value as needed.
+ * into account, and will bump up the value as needed. NO_CREATE
+ * inhibits creation of a trustdb it that does not yet exists.
*/
static int
-get_ownertrust_with_min (PKT_public_key *pk)
+get_ownertrust_with_min (PKT_public_key *pk, int no_create)
{
#ifdef NO_TRUST_MODELS
(void)pk;
#else
unsigned int otrust, otrust_min;
- otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
- otrust_min = tdb_get_min_ownertrust (pk);
+ /* Shortcut instead of doing the same twice in the two tdb_get
+ * functions: If the caller asked not to create a trustdb we call
+ * init_trustdb directly and allow it to fail with an error code for
+ * a non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
+ otrust = (tdb_get_ownertrust (pk, no_create) & TRUST_MASK);
+ otrust_min = tdb_get_min_ownertrust (pk, no_create);
if (otrust < otrust_min)
{
/* If the trust that the user has set is less than the trust
/*
* Same as get_ownertrust but return a trust letter instead of an
- * value. This takes the minimum ownertrust value into account.
+ * value. This takes the minimum ownertrust value into account. If
+ * NO_CREATE is set, no efforts for creating a trustdb will be taken.
*/
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
- return trust_letter (get_ownertrust_with_min (pk));
+ return trust_letter (get_ownertrust_with_min (pk, no_create));
}
/*
* Same as get_ownertrust but return a trust string instead of an
- * value. This takes the minimum ownertrust value into account.
+ * value. This takes the minimum ownertrust value into account. If
+ * NO_CREATE is set, no efforts for creating a trustdb will be taken.
*/
const char *
-get_ownertrust_string (PKT_public_key *pk)
+get_ownertrust_string (PKT_public_key *pk, int no_create)
{
- return trust_value_to_string (get_ownertrust_with_min (pk));
+ return trust_value_to_string (get_ownertrust_with_min (pk, no_create));
}
/*
* Helper to add a key to the global list of ultimately trusted keys.
- * Retruns: true = inserted, false = already in in list.
+ * Returns: true = inserted, false = already in list.
*/
static int
add_utk (u32 *kid)
keystr(k->kid));
else
{
- tdb_update_ownertrust (&pk,
- ((tdb_get_ownertrust (&pk) & ~TRUST_MASK)
- | TRUST_ULTIMATE ));
+ tdb_update_ownertrust
+ (&pk, ((tdb_get_ownertrust (&pk, 0) & ~TRUST_MASK)
+ | TRUST_ULTIMATE ));
release_public_key_parts (&pk);
}
}
-void
-init_trustdb ()
+/* Initialize the trustdb. With NO_CREATE set a missing trustdb is
+ * not an error and the function won't terminate the process on error;
+ * in that case 0 is returned if there is a trustdb or an error code
+ * if no trustdb is available. */
+gpg_error_t
+init_trustdb (int no_create)
{
int level = trustdb_args.level;
const char* dbname = trustdb_args.dbname;
if( trustdb_args.init )
- return;
+ return 0;
trustdb_args.init = 1;
if(level==0 || level==1)
{
- int rc = tdbio_set_dbname( dbname, !!level, &trustdb_args.no_trustdb);
- if( rc )
+ int rc = tdbio_set_dbname (dbname, (!no_create && level),
+ &trustdb_args.no_trustdb);
+ if (no_create && trustdb_args.no_trustdb)
+ {
+ /* No trustdb found and the caller asked us not to create
+ * it. Return an error and set the initialization state
+ * back so that we always test for an existing trustdb. */
+ trustdb_args.init = 0;
+ return gpg_error (GPG_ERR_ENOENT);
+ }
+ if (rc)
log_fatal("can't init trustdb: %s\n", gpg_strerror (rc) );
}
else
if(!tdbio_db_matches_options())
pending_check_trustdb=1;
}
+
+ return 0;
}
void
check_trustdb (ctrl_t ctrl)
{
- init_trustdb();
+ init_trustdb (0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
{
void
update_trustdb (ctrl_t ctrl)
{
- init_trustdb ();
+ init_trustdb (0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
validate_keys (ctrl, 1);
void
tdb_revalidation_mark (void)
{
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
{
TRUSTREC opts;
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
memset (&opts, 0, sizeof opts);
else
{
int rc;
- init_trustdb();
+ init_trustdb (0);
rc = tdbio_search_trust_bypk (pk, rec);
if (rc)
{
return 0;
}
-/****************
- * Return the assigned ownertrust value for the given public key.
- * The key should be the primary key.
+
+/*
+ * Return the assigned ownertrust value for the given public key. The
+ * key should be the primary key. If NO_CREATE is set a missing
+ * trustdb will not be created. This comes for example handy when we
+ * want to print status lines (DECRYPTION_KEY) which carry ownertrust
+ * values but we usually use --always-trust.
*/
unsigned int
-tdb_get_ownertrust ( PKT_public_key *pk)
+tdb_get_ownertrust (PKT_public_key *pk, int no_create)
{
TRUSTREC rec;
gpg_error_t err;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
+ /* If the caller asked not to create a trustdb we call init_trustdb
+ * directly and allow it to fail with an error code for a
+ * non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
err = read_trust_record (pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */
unsigned int
-tdb_get_min_ownertrust (PKT_public_key *pk)
+tdb_get_min_ownertrust (PKT_public_key *pk, int no_create)
{
TRUSTREC rec;
gpg_error_t err;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
+ /* If the caller asked not to create a trustdb we call init_trustdb
+ * directly and allow it to fail with an error code for a
+ * non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
err = read_trust_record (pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */
TRUSTREC rec;
gpg_error_t err;
- init_trustdb ();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return 0;
if (pk->flags.disabled_valid)
return pk->flags.disabled;
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb)
return 0; /* No trustdb => not disabled. */
{
static int did_nextcheck=0;
- init_trustdb ();
+ init_trustdb (0);
if (trustdb_args.no_trustdb)
return; /* No trustdb => can't be stale. */
(void)may_ask;
#endif
- init_trustdb ();
+ init_trustdb (0);
/* If we have no trustdb (which also means it has not been created)
and the trust-model is always, we don't know the validity -
{
/* Note that this happens BEFORE any user ID stuff is checked.
The direct trust model applies to keys as a whole. */
- validity = tdb_get_ownertrust (main_pk);
+ validity = tdb_get_ownertrust (main_pk, 0);
goto leave;
}
uid->help_marginal_count=uid->help_full_count=0;
- init_trustdb ();
+ init_trustdb (0);
if(read_trust_record (pk, &trec))
return;
{
ot=edit_ownertrust (ctrl, pk, 0);
if(ot>0)
- ot = tdb_get_ownertrust (pk);
+ ot = tdb_get_ownertrust (pk, 0);
else if(ot==0)
ot = minimum?minimum:TRUST_UNDEFINED;
else
k->kid[1]=kid[1];
k->ownertrust =
(tdb_get_ownertrust
- (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK);
+ (kar->keyblock->pkt->pkt.public_key, 0) & TRUST_MASK);
k->min_ownertrust = tdb_get_min_ownertrust
- (kar->keyblock->pkt->pkt.public_key);
+ (kar->keyblock->pkt->pkt.public_key, 0);
k->trust_depth=
kar->keyblock->pkt->pkt.public_key->trust_depth;
k->trust_value=
int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void);
const char *trust_model_string (int model);
-void init_trustdb( void );
+gpg_error_t init_trustdb (int no_create);
void tdb_check_trustdb_stale (ctrl_t ctrl);
void sync_trustdb( void );
byte *marginals,byte *completes,byte *cert_depth,
byte *min_cert_level);
-unsigned int tdb_get_ownertrust (PKT_public_key *pk);
-unsigned int tdb_get_min_ownertrust (PKT_public_key *pk);
-int get_ownertrust_info (PKT_public_key *pk);
-const char *get_ownertrust_string (PKT_public_key *pk);
+unsigned int tdb_get_ownertrust (PKT_public_key *pk, int no_create);
+unsigned int tdb_get_min_ownertrust (PKT_public_key *pk, int no_create);
+int get_ownertrust_info (PKT_public_key *pk, int no_create);
+const char *get_ownertrust_string (PKT_public_key *pk, int no_create);
void tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
int tdb_clear_ownertrusts (PKT_public_key *pk);
module_tests = t-g13tuple
t_common_ldadd = $(libcommon) $(LIBGCRYPT_LIBS) \
- $(LIBASSUAN_LIBS)
+ $(LIBASSUAN_LIBS) $(LIBICONV)
t_g13tuple_SOURCES = t-g13tuple.c g13tuple.c
t_g13tuple_LDADD = $(t_common_ldadd)
char *label; /* Optional malloced label for that entry. */
char *mountpoint; /* NULL or a malloced mountpoint. */
char blockdev[1]; /* String with the name of the block device. If
- it starts with a slash is is a regular device
+ it starts with a slash it is a regular device
name, otherwise it is a PARTUUID. */
};
the CTRL object of each connection. */
struct server_local_s
{
- /* The Assuan contect we are working on. */
+ /* The Assuan context we are working on. */
assuan_context_t assuan_ctx;
char *containername; /* Malloced active containername. */
the CTRL object of each connection. */
struct server_local_s
{
- /* The Assuan contect we are working on. */
+ /* The Assuan context we are working on. */
assuan_context_t assuan_ctx;
/* The malloced name of the device. */
IDs go here.
- bN Space for the keyblock or certificate.
- bN RFU. This is the remaining space after keyblock and before
- the checksum. Is is not covered by the checksum.
+ the checksum. It is not covered by the checksum.
- b20 SHA-1 checksum (useful for KS syncronisation?)
Note, that KBX versions before GnuPG 2.1 used an MD5
checksum. However it was only created but never checked.
put32 ( a, 0 ); /* size of reserved space */
/* reserved space (which is currently of size 0) */
- /* space where we write keyIDs and and other stuff so that the
+ /* space where we write keyIDs and other stuff so that the
pointers can actually point to somewhere */
if (blobtype == KEYBOX_BLOBTYPE_PGP)
{
# that contains a configuration script generated by Autoconf, under
# the same distribution terms as the rest of that program.
#
-# This file can can be used in projects which are not available under
+# This file can be used in projects which are not available under
# the GNU General Public License or the GNU Library General Public
# License but which still want to provide support for Autobuild.
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
AC_PREREQ(2.52)
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
common/audit.c
common/helpfile.c
common/gettime.c
+common/ksba-io-support.c
common/argparse.c
common/logging.c
scd/app-dinsig.c
scd/scdaemon.c
-sm/base64.c
sm/call-agent.c
sm/call-dirmngr.c
sm/certchain.c
"no s'ha trobat cap anell secret de escrivible: %s\n"
"\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "error en crear «%s»: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[no establert]"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "el caràcter radix64 %02x invàlid s'ha omés\n"
+
msgid "argument not expected"
msgstr ""
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Endavant, escriviu el missatge...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "error mentre s'enviava a «%s»: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "no s'ha pogut reconstruir la memòria cau de l'anell: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "canvia la contrasenya"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "l'enviament al servidor de claus ha fallat: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "canvia la contrasenya"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "canvia la contrasenya"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "canvia la contrasenya"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Seleccioneu la raó de la revocació:\n"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "el caràcter radix64 %02x invàlid s'ha omés\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent no està disponible en aquesta sessió\n"
msgid " runtime cached certificates: %u\n"
msgstr "error en la creació de la contrasenya: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "S'ha creat el certificat de revocació.\n"
msgid "certificate chain is good\n"
msgstr "Certificat de revocació vàlid"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA requereix l'ús d'un algoritme de dispersió de 160 bits\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "canvia la contrasenya"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA requereix l'ús d'un algoritme de dispersió de 160 bits\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [nom_del_fitxer]"
msgid "no suitable card key found: %s\n"
msgstr "nenalezen žádný vhodný klíč karty: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "chyba při získání uložených příznaků: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[neuvedeno]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "neplatný radix64 znak %02x byl přeskočen\n"
+
msgid "argument not expected"
msgstr "argument nebyl očekáván"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr "„%s“ nevypadá jako platné ID klíče, otisk klíče nebo keygrip\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Začněte psát svou zprávu…\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "chyba při odesílání dat: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "uložení data vytvoření se nezdařilo: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "chyba při získání CHV z karty\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "odpověď neobsahuje RSA modulus\n"
msgid "reading public key failed: %s\n"
msgstr "čtení veřejného klíče se nezdařilo: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "používám implicitní PIN jako %s\n"
"použití implicitního PINu jako %s selhalo: %s – vypínám jeho budoucí "
"použití\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Prosím vložte PIN%%0A[podpis hotov: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Prosím vložte PIN"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "ověření CHV%d se nezdařilo: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "chyba při získání CHV z karty\n"
-
msgid "card is permanently locked!\n"
msgstr "karta je trvale uzamčena!\n"
"Do trvalého uzamčení karty zůstává %d pokusů o zadání PINu administrátora\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Prosím, zadejte PIN správce%%0A[zbývá pokusů: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Prosím, zadejte PIN správce"
msgid "access to admin commands is not configured\n"
msgstr "přístup k administrátorským příkazům není nakonfigurován\n"
+msgid "||Please enter the PIN"
+msgstr "||Prosím vložte PIN"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Prosím, zadejte resetační kód karty"
msgid "handler for fd %d terminated\n"
msgstr "obsluha pro deskriptor %d ukončena\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "neplatný radix64 znak %02x byl přeskočen\n"
-
msgid "no dirmngr running in this session\n"
msgstr "v této relaci neběží žádný dirmngr\n"
msgid " runtime cached certificates: %u\n"
msgstr "za běhu nakešovaných certifikátů: %u\n"
+# XXX: Align with msgid "permanently loaded certificates:"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "za běhu nakešovaných certifikátů: %u\n"
+
msgid "certificate already cached\n"
msgstr "certifikát již v keši\n"
msgid "certificate chain is good\n"
msgstr "řetěz certifikátů je v pořádku\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA požaduje použití 160bitového hašovacího algoritmu\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr "certifikát neměl být použit pro podepsání CRL\n"
"Syntaxe: gpg-check-pattern [volby] soubor_se_vzorem\n"
"Prověří heslo zadané na vstupu proti souboru se vzory\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Prosím vložte PIN%%0A[podpis hotov: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Prosím, zadejte PIN správce%%0A[zbývá pokusů: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA požaduje použití 160bitového hašovacího algoritmu\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [jméno souboru]"
msgid "no suitable card key found: %s\n"
msgstr "ingen egnet kortnøgle fundet: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "fejl ved indhentelse af gemte flag: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[ingen]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "ugyldigt radix64-tegn %02x udeladt\n"
+
msgid "argument not expected"
msgstr "parameter var ikke forventet"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Gå til sagen og skriv meddelelsen ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "fejl under afsendelse af %s-kommando: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "kunne ikke gemme oprettelsesdatoen: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "fejl ved indhentelse af CHV-status fra kort\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "svar indeholder ikke RSA modulus'erne\n"
msgid "reading public key failed: %s\n"
msgstr "læsning af offentlig nøgle mislykkedes: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "bruger standard-PIN som %s\n"
"kunne ikke bruge standard-PIN som %s: %s - deaktiverer yderligere "
"standardbrug\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Indtast venligst PIN%%0A[sigs færdig: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Indtast venligst PIN'en"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "verificering af CHV%d mislykkedes: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "fejl ved indhentelse af CHV-status fra kort\n"
-
msgid "card is permanently locked!\n"
msgstr "kort er permanent låst!\n"
msgstr[1] "%d PIN-forsøg for administrator før kort permanent låses\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Ændr venligst administrator-PIN%%0A[tilbageværende forsøg: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Indtast venligst administrator-PIN'en"
msgid "access to admin commands is not configured\n"
msgstr "adgang til administratorkommandoer er ikke konfigureret\n"
+msgid "||Please enter the PIN"
+msgstr "||Indtast venligst PIN'en"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Indtast venligst nulstillingskoden for kortet"
msgid "handler for fd %d terminated\n"
msgstr "håndtering for fd %d termineret\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "ugyldigt radix64-tegn %02x udeladt\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
msgid " runtime cached certificates: %u\n"
msgstr "antallet af matchende certifikater: %d\n"
+#, fuzzy, c-format
+#| msgid "number of matching certificates: %d\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "antallet af matchende certifikater: %d\n"
+
#, fuzzy
#| msgid " (certificate created at "
msgid "certificate already cached\n"
msgid "certificate chain is good\n"
msgstr "certifikat er gyldigt\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr ""
-
#, fuzzy
#| msgid "certificate should not have been used for signing\n"
msgid "certificate should not have been used for CRL signing\n"
"Syntaks: gpg-check-pattern [tilvalg] mønsterfil\n"
"Kontroller en adgangsfrase angivet på stdin mod mønsterfilen\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Indtast venligst PIN%%0A[sigs færdig: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Ændr venligst administrator-PIN%%0A[tilbageværende forsøg: %d]"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [filnavn]"
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2017-01-23 19:23+0100\n"
+"PO-Revision-Date: 2017-02-22 18:55+0100\n"
"Last-Translator: Werner Koch <wk@gnupg.org>\n"
"Language-Team: German <de@li.org>\n"
"Language: de\n"
msgstr "keine passender Kartenschlüssel gefunden: %s\n"
#, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "Fehler beim Holen der Liste der Karten: %s\n"
+
+#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
"allow this?"
msgid "[none]"
msgstr "[keine]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "Ungültiges Basis-64 Zeichen %02X wurde übersprungen\n"
+
msgid "argument not expected"
msgstr "Argument nicht erwartet"
"'%s\" sieht nicht nach einer gültigen Schlüssel-ID, einem Fingerabdruck oder "
"einem \"Keygrip\" aus\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+"WARNING: Kein Kommando angegeben. Versuche zu raten was gemeint ist ...\n"
+
msgid "Go ahead and type your message ...\n"
msgstr "Auf geht's - Botschaft eintippen ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr "(G)ut, einmal (A)kzeptieren, (U)nbekannt, einmal ab(L)ehnen, (F)alsch?"
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "Fehler beim Öffnen der TOFU Datenbank: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "Das Erzeugungsdatum konnte nicht gespeichert werden: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "Fehler beim Holen des CHV-Status' von der Karte\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "Die Antwort enthält das RSA-Modulus nicht\n"
msgid "reading public key failed: %s\n"
msgstr "Lesen des öffentlichen Schlüssels fehlgeschlagen: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr "%sNummer\1f: %s%%0ABesitzer\1f: %s%%0AAnzahl\1f: %lu%s"
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr "%sNummer\1f: %s%%0ABesitzer\1f: %s%s"
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr "Verbliebene Versuche: %d"
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "Die Standard PIN wird für %s benutzt\n"
"Die Standard PIN für %s konnte nicht benutzt werden: %s - Die Standard PIN "
"wird nicht weiter benutzt\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Bitte die PIN eingeben%%0A[Sigs erzeugt: %lu]"
-
-msgid "||Please enter the PIN"
-msgstr "||Bitte die PIN eingeben"
+msgid "||Please unlock the card"
+msgstr "||Bitte entsperren Sie die Karte"
#, c-format
msgid "PIN for CHV%d is too short; minimum length is %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "Prüfung des CHV%d fehlgeschlagen: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "Fehler beim Holen des CHV-Status' von der Karte\n"
-
msgid "card is permanently locked!\n"
msgstr "Karte ist dauerhaft gesperrt!\n"
msgstr[1] "Noch %d Admin-PIN-Versuche, bis die Karte dauerhaft gesperrt ist\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Bitte die Admin-PIN eingeben.%%0A[Verbliebene Versuche: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Bitte die Admin-PIN eingeben."
msgid "access to admin commands is not configured\n"
msgstr "Zugriff auf Admin-Befehle ist nicht eingerichtet\n"
+msgid "||Please enter the PIN"
+msgstr "||Bitte die PIN eingeben"
+
msgid "||Please enter the Reset Code for the card"
msgstr "Bitte geben Sie den Rückstellcode für diese Karte ein"
msgid "handler for fd %d terminated\n"
msgstr "Handhabungsroutine für den fd %d beendet\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "Ungültiges Basis-64 Zeichen %02X wurde übersprungen\n"
-
msgid "no dirmngr running in this session\n"
msgstr "Der Dirmngr läuft nicht für diese Session\n"
#, c-format
msgid " runtime cached certificates: %u\n"
-msgstr "zur Laufzeit zwischengespeicherte Zertifikate: %u\n"
+msgstr " zwischengespeicherte Zertifikate: %u\n"
+
+#, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr " vertrauenswürdige Zertifikate: %u (%u,%u,%u,%u)\n"
msgid "certificate already cached\n"
msgstr "Zertifikat ist bereits im Zwischenspeicher\n"
msgid "certificate chain is good\n"
msgstr "Der Zertifikatkette ist gültig\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA benötigt eine 160 Bit Hashmethode\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Das Zertifikat hätte nicht zum Signieren einer CRL benutzt werden sollen\n"
"Syntax: gpg-check-pattern [optionen] Musterdatei\n"
"Die von stdin gelesene Passphrase gegen die Musterdatei prüfen\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Bitte die PIN eingeben%%0A[Sigs erzeugt: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Bitte die Admin-PIN eingeben.%%0A[Verbliebene Versuche: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA benötigt eine 160 Bit Hashmethode\n"
+
#, fuzzy
#~| msgid ""
#~| "@\n"
msgid "no suitable card key found: %s\n"
msgstr "δε βρέθηκε εγγράψιμη μυστική κλειδοθήκη: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "άγνωστο"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "μη έγκυρος radix64 χαρακτήρας %02x παράβλεψη\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Μπορείτε τώρα να εισαγάγετε το μήνυμα σας ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "αποτυχία επαναδόμησης της cache κλειδοθήκης: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "αλλαγή της φράσης κλειδί"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "keyserver αποστολή απέτυχε: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "αλλαγή της φράσης κλειδί"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "αλλαγή της φράσης κλειδί"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "αλλαγή της φράσης κλειδί"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Παρακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "μη έγκυρος radix64 χαρακτήρας %02x παράβλεψη\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "ο gpg-agent δεν είναι διαθέσιμος σε αυτή τη συνεδρία\n"
msgid " runtime cached certificates: %u\n"
msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "σφάλμα στη δημιουργία της φράσης κλειδί: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Πιστοποιητικό ανάκλησης δημιουργήθηκε.\n"
msgid "certificate chain is good\n"
msgstr "η προεπιλογή %c%lu αντιγράφτηκε\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "ο DSA απαιτεί τη χρήση ενός 160 bit αλγόριθμου hash\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "αλλαγή της φράσης κλειδί"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "ο DSA απαιτεί τη χρήση ενός 160 bit αλγόριθμου hash\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [όνομα αρχείου]"
msgid "no suitable card key found: %s\n"
msgstr "neniu skribebla sekreta ŝlosilaro trovita: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "nekonata versio"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "nevalida signo %02x en bazo 64 ignorita\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "skribas sekretan ŝlosilon al '%s'\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Ektajpu vian mesaĝon ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "eraro dum sendo al '%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "malsukcesis rekonstrui ŝlosilaran staplon: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "ŝanĝi la pasfrazon"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "Kreado de ŝlosiloj malsukcesis: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "ŝanĝi la pasfrazon"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "ŝanĝi la pasfrazon"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "ŝanĝi la pasfrazon"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Kialo por revoko: "
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "nevalida signo %02x en bazo 64 ignorita\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent ne estas disponata en ĉi tiu sesio\n"
msgid " runtime cached certificates: %u\n"
msgstr "eraro dum kreado de pasfrazo: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "ŝlosilo %08lX: revokatestilo aldonita\n"
msgid "certificate chain is good\n"
msgstr "Valida atestilrevoko"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr ""
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "ŝanĝi la pasfrazon"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [dosiero]"
msgid "no suitable card key found: %s\n"
msgstr "no se encuentra una clave de tarjeta adecuada: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "error obteniendo parámetros almacenados: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[ninguno]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caracter inválido radix64 %02x omitido\n"
+
msgid "argument not expected"
msgstr "parámetro inesperado"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
# Falta un espacio.
# En español no se deja espacio antes de los puntos suspensivos
# (Real Academia dixit) :)
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "error enviando orden %s: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "fallo guardando la fecha de creación: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "error recuperando el estatus CHV de la tarjeta\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "la respuesta no incluye el módulo RSA\n"
msgid "reading public key failed: %s\n"
msgstr "fallo leyendo clave pública: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "usando PIN por defecto %s\n"
msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr "fallo al usar el PIN por defecto %s: %s - en adelante deshabilitado\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Por favor introduzca PIN%%0A[firmas hechas: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Por favor introduzca PIN"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "la verificación CHV%d falló: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "error recuperando el estatus CHV de la tarjeta\n"
-
msgid "card is permanently locked!\n"
msgstr "¡la tarjeta está bloqueada permanentemente!\n"
"bloquearpermanentemente la clave\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Introduzca PIN de Administrador%%0A[intentos restantes: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Por favor introduzca PIN de Administrador"
msgid "access to admin commands is not configured\n"
msgstr "el acceso a órdenes de administrador no está configurado\n"
+msgid "||Please enter the PIN"
+msgstr "||Por favor introduzca PIN"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Por favor introduzca Código de Reinicio de la tarjeta"
msgid "handler for fd %d terminated\n"
msgstr "manejador del descriptor %d terminado\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "caracter inválido radix64 %02x omitido\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
msgid " runtime cached certificates: %u\n"
msgstr "número de certificados coincidentes: %d\n"
+#, fuzzy, c-format
+#| msgid "number of matching certificates: %d\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "número de certificados coincidentes: %d\n"
+
#, fuzzy
#| msgid " (certificate created at "
msgid "certificate already cached\n"
msgid "certificate chain is good\n"
msgstr "certificado correcto\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA necesita un algoritmo de hash de 160 bits.\n"
-
#, fuzzy
#| msgid "certificate should have not been used for signing\n"
msgid "certificate should not have been used for CRL signing\n"
"Compara frase contraseña dada en entrada estándar con un fichero de "
"patrones\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Por favor introduzca PIN%%0A[firmas hechas: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Introduzca PIN de Administrador%%0A[intentos restantes: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA necesita un algoritmo de hash de 160 bits.\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [nombre_fichero]"
msgid "no suitable card key found: %s\n"
msgstr "kirjutatavat salajaste võtmete hoidlat pole: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "tundmatu"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "vigane radix64 sümbol %02x vahele jäetud\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "kirjutan salajase võtme faili `%s'\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Kirjutage nüüd oma teade ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "viga teate saatmisel serverile `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "võtmehoidla vahemälu uuesti loomine ebaõnnestus: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "muuda parooli"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "võtmeserverile saatmine ebaõnnestus: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "muuda parooli"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "muuda parooli"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "muuda parooli"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Palun valige tühistamise põhjus:\n"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "vigane radix64 sümbol %02x vahele jäetud\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
msgid " runtime cached certificates: %u\n"
msgstr "viga parooli loomisel: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "viga parooli loomisel: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Tühistamise sertifikaat on loodud.\n"
msgid "certificate chain is good\n"
msgstr "eelistus %c%lu on duplikaat\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA nõuab 160 bitist räsialgoritmi kasutamist\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "muuda parooli"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA nõuab 160 bitist räsialgoritmi kasutamist\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [failinimi]"
msgid "no suitable card key found: %s\n"
msgstr "kirjoitettavissa olevaa salaista avainrengasta ei löydy: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "tuntematon "
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "epäkelpo radix64-merkki %02x ohitettu\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Kirjoita viestisi...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "avainrenkaan välimuistin uudelleenluominen epäonnistui: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "avainlohkojen poisto epäonnistui: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "muuta salasanaa"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "avainpalvelimelle lähettäminen epäonnistui: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "muuta salasanaa"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "muuta salasanaa"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "muuta salasanaa"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Valitse mitätöinnin syy:\n"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "epäkelpo radix64-merkki %02x ohitettu\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
msgid " runtime cached certificates: %u\n"
msgstr "virhe luotaessa salasanaa: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Mitätöintivarmenne luotu.\n"
msgid "certificate chain is good\n"
msgstr "valinta %c%lu on kopio\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA vaatii 160-bittisen tiivistealgoritmin käyttöä\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "muuta salasanaa"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA vaatii 160-bittisen tiivistealgoritmin käyttöä\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [tiedostonimi]"
msgid "no suitable card key found: %s\n"
msgstr "aucune clef de carte convenable n'a été trouvée : %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "erreur de lecture des options stockées : %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[aucun]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caractère %02x incorrect en radix64, ignoré\n"
+
msgid "argument not expected"
msgstr "argument inattendu"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Vous pouvez taper votre message…\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "erreur d'envoi de données : %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "impossible de stocker la date de création : %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "erreur de récupération de l'état CHV de la carte\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "la réponse ne contient pas le module RSA\n"
msgid "reading public key failed: %s\n"
msgstr "échec de lecture de clef publique : %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "utilisation du code personnel par défaut en tant que %s\n"
"impossible d'utiliser le code personnel par défaut en tant que %s :\n"
"%s — désactivation de la prochaine utilisation par défaut\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Veuillez entrer le code personnel%%0A[signatures faites : %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Veuillez entrer le code personnel"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "échec de vérification CHV%d : %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "erreur de récupération de l'état CHV de la carte\n"
-
msgid "card is permanently locked!\n"
msgstr "la carte est irrémédiablement bloquée.\n"
"avant que la carte ne soit irrémédiablement bloquée\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr ""
-"|A|Veuillez entrer le code personnel d'administration%%0A[tentatives "
-"restantes : %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Veuillez entrer le code personnel d'administration"
msgid "access to admin commands is not configured\n"
msgstr "l'accès aux commandes d'administration n'est pas configuré\n"
+msgid "||Please enter the PIN"
+msgstr "||Veuillez entrer le code personnel"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Veuillez entrer le code de réinitialisation pour la carte"
msgid "handler for fd %d terminated\n"
msgstr "gestionnaire pour le descripteur %d terminé\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "caractère %02x incorrect en radix64, ignoré\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
msgid " runtime cached certificates: %u\n"
msgstr " certificats actuellement en cache : %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr " certificats actuellement en cache : %u\n"
+
msgid "certificate already cached\n"
msgstr "certificat déjà en cache\n"
msgid "certificate chain is good\n"
msgstr "la chaîne de certificats est correcte\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA nécessite l'utilisation d'un algorithme de hachage de 160 bits\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"le certificat n'aurait pas dû être utilisé pour signer une liste de "
"Vérifier une phrase secrète donnée sur l'entrée standard par rapport à "
"ficmotif\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Veuillez entrer le code personnel%%0A[signatures faites : %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr ""
+#~ "|A|Veuillez entrer le code personnel d'administration%%0A[tentatives "
+#~ "restantes : %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr ""
+#~ "DSA nécessite l'utilisation d'un algorithme de hachage de 160 bits\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [fichier]"
msgid "no suitable card key found: %s\n"
msgstr "non se atopou un chaveiro privado no que se poida escribir: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "descoñecido"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "carácter radix64 non válido %02x omitido\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "gravando a chave secreta en `%s'\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Escriba a súa mensaxe ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "erro ao enviar a `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "fallo ao reconstruí-la caché de chaveiros: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "fallou o borrado do bloque de chaves: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "cambia-lo contrasinal"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "o envío ao servidor de chaves fallou: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "cambia-lo contrasinal"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "cambia-lo contrasinal"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "cambia-lo contrasinal"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Por favor, escolla o motivo da revocación:\n"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "carácter radix64 non válido %02x omitido\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent non está dispoñible nesta sesión\n"
msgid " runtime cached certificates: %u\n"
msgstr "erro ao crea-lo contrasinal: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Creouse o certificado de revocación.\n"
msgid "certificate chain is good\n"
msgstr "Revocación de certificado válida"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA require o emprego dun algoritmo hash de 160 bits\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "cambia-lo contrasinal"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA require o emprego dun algoritmo hash de 160 bits\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [ficheiro]"
msgid "no suitable card key found: %s\n"
msgstr "Nem írható titkoskulcs-karikát találtam: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "Ismeretlen módú"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "Kihagytam a %02x kódú érvénytelen radix64 karaktert.\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "Írom a titkos kulcsot a %s állományba.\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Kezdheti gépelni az üzenetet...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "Hiba %s-ra/-re küldéskor: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "Nem tudtam újraépíteni a kulcskarika cache-ét: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "jelszóváltoztatás"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "Küldés a kulcsszerverre sikertelen: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "jelszóváltoztatás"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "jelszóváltoztatás"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "jelszóváltoztatás"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Kérem, válassza ki a visszavonás okát:\n"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "Kihagytam a %02x kódú érvénytelen radix64 karaktert.\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "GPG ügynök nem elérhető ebben a munkafolyamatban.\n"
msgid " runtime cached certificates: %u\n"
msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Visszavonó igazolás létrehozva.\n"
msgid "certificate chain is good\n"
msgstr "%c%lu preferencia kétszer szerepel!\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "A DSA 160 bites hash (kivonatoló) algoritmust igényel.\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "jelszóváltoztatás"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "A DSA 160 bites hash (kivonatoló) algoritmust igényel.\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [fájlnév]"
msgid "no suitable card key found: %s\n"
msgstr "tidak ditemukan keyring rahasia yang dapat ditulisi: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "tidak dikenal"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "karakter radix64 tidak valid %02x dilewati\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "menulis kunci rahasia ke `%s'\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Teruskan dan ketikkan pesan anda ....\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "kesalahan mengirim ke `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "gagal membuat kembali cache keyring: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "gagal menghapus keyblok: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "ubah passphrase"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "Pengiriman keyserver gagal: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "ubah passphrase"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "ubah passphrase"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "ubah passphrase"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Silakan pilih alasan untuk pembatalan:\n"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "karakter radix64 tidak valid %02x dilewati\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
msgid " runtime cached certificates: %u\n"
msgstr "kesalahan penciptaan passphrase: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Sertifikat pembatalan tercipta.\n"
msgid "certificate chain is good\n"
msgstr "preferensi %c%lu ganda \n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA butuh penggunaan algoritma hash 160 bit\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "ubah passphrase"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA butuh penggunaan algoritma hash 160 bit\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [namafile]"
msgid "no suitable card key found: %s\n"
msgstr "non è stato trovato un portachiavi segreto scrivibile: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "sconosciuto"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "Carattere radix64 non valido %02x saltato\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "scrittura della chiave segreta in `%s'\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Vai avanti e scrivi il messaggio...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "errore leggendo `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "rebuild della cache del portachiavi fallito: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "cancellazione del keyblock fallita: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "cambia la passphrase"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "invio al keyserver fallito: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "cambia la passphrase"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "cambia la passphrase"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "cambia la passphrase"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Per favore scegli il motivo della revoca:\n"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "Carattere radix64 non valido %02x saltato\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent non è disponibile in questa sessione\n"
msgid " runtime cached certificates: %u\n"
msgstr "errore nella creazione della passhprase: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Certificato di revoca creato.\n"
msgid "certificate chain is good\n"
msgstr "la preferenza %c%lu è doppia\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA richiede l'uso di un algoritmo di hashing con almeno 160 bit\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "cambia la passphrase"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA richiede l'uso di un algoritmo di hashing con almeno 160 bit\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [nomefile]"
msgid "no suitable card key found: %s\n"
msgstr "適当なカードの鍵が見つかりません: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "保存されたフラグの取得エラー: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[未設定]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "無効な64進文字%02Xをスキップしました\n"
+
msgid "argument not expected"
msgstr "引数は期待されていません"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr "'%s'は有効な鍵ID, フィンガープリント、keygripではないようです。\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "開始します。メッセージを打ってください ...\n"
"(G)ood-良, (A)ccept once-一度だけ認める, (U)nknown-不明, (R)eject once-一度だ"
"け否, (B)ad-ダメ? "
-msgid "Defaulting to unknown."
+#, fuzzy
+#| msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr "不明がデフォルトです。"
msgid "TOFU db corruption detected.\n"
msgid "error opening TOFU database: %s\n"
msgstr "TOFUデータベースのオープンでエラー: %s\n"
-#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+#, fuzzy, c-format
+#| msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
"*警告*: %s に暗号化します。失効していないユーザIDが一つもないものです。\n"
msgid "failed to store the creation date: %s\n"
msgstr "生成日の保管に失敗しました: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "カードからCHVステイタスの取得でエラー\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "応答にRSAのモジュラスが含まれていません\n"
msgid "reading public key failed: %s\n"
msgstr "公開鍵の読み込みに失敗しました: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "デフォルトPINを%sとして使います\n"
"デフォルトのPIN %s を使うのに失敗しました: %s - これ以上デフォルトとしての使"
"用を無効とします\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||PINを入力してください%%0A[署名数: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||PINを入力してください"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "CHV%dの認証に失敗しました: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "カードからCHVステイタスの取得でエラー\n"
-
msgid "card is permanently locked!\n"
msgstr "カードが永久にロックされてます!\n"
msgstr[0] "カードの永久ロック前に%d回の管理者PINの試行が残っています\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|管理者PINを入力してください%%0A[残り回数: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|管理者PINを入力してください"
msgid "access to admin commands is not configured\n"
msgstr "管理コマンドへのアクセスが設定されていません\n"
+msgid "||Please enter the PIN"
+msgstr "||PINを入力してください"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||カードのリセット・コードを入力してください"
msgid "handler for fd %d terminated\n"
msgstr "fd %dのハンドラが終了しました\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "無効な64進文字%02Xをスキップしました\n"
-
msgid "no dirmngr running in this session\n"
msgstr "このセッションでdirmngrは実行されていません\n"
msgid " runtime cached certificates: %u\n"
msgstr "実行時キャッシュ証明書の数: %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "実行時キャッシュ証明書の数: %u\n"
+
msgid "certificate already cached\n"
msgstr " すでにキャッシュされた証明書\n"
msgid "certificate chain is good\n"
msgstr "証明書チェインは正しいです\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSAは160ビットののハッシュアルゴリズムの使用を必要とします\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr "証明書はCRL署名のために使われるべきではありませんでした\n"
"形式: gpg-check-pattern [オプション] パターンファイル\n"
"パターンファイルに対して標準入力のパスフレーズを確認する\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||PINを入力してください%%0A[署名数: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|管理者PINを入力してください%%0A[残り回数: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSAは160ビットののハッシュアルゴリズムの使用を必要とします\n"
+
#~ msgid ""
#~ "@\n"
#~ "Examples:\n"
msgid "no suitable card key found: %s\n"
msgstr "fant ingen passende kortnøkkel: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "feil under henting av lagrede valg: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[ingen]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "hoppet over ugyldig radix64-tegn %02x\n"
+
msgid "argument not expected"
msgstr "uforventet argument"
"«%s» ser hverken ut til å være en gyldig nøkkel-ID, fingeravtrykk eller "
"nøkkelgrep\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Skriv inn melding …\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr "(G)od, (A)ksepter én gang, (U)kjent, (N)ekt én gang, (D)årlig? "
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "feil under åpning av TOFU-database: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "klarte ikke å lagre opprettelsesdato: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "feil under henting av CHV-status fra kort\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "svar inneholder ikke RSA-modulus\n"
msgid "reading public key failed: %s\n"
msgstr "lesing av offentlig nøkkel mislyktes: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "bruker forvalgt PIN som %s\n"
"klarte ikke å bruke forvalgt PIN som %s: %s. Lar være å bruke forvalgt PIN "
"senere\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Skriv inn PIN%%0A[signaturer utført: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Skriv inn PIN-kode"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "bekreftelse av CHV%d mislyktes: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "feil under henting av CHV-status fra kort\n"
-
msgid "card is permanently locked!\n"
msgstr "kortet er låst for godt.\n"
msgstr[1] "%d Admin-PIN-forsøk gjenstår før kortet blir låst permanent\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Skriv inn admin-PIN%%0A[gjenstående forsøk: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Skriv inn admin-PIN"
msgid "access to admin commands is not configured\n"
msgstr "tilgang til admin-kommandoer er ikke konfigurert\n"
+msgid "||Please enter the PIN"
+msgstr "||Skriv inn PIN-kode"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Skriv inn tilbakestillingskode for kortet"
msgid "handler for fd %d terminated\n"
msgstr "avsluttet håndteringsprogram for fd %d\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "hoppet over ugyldig radix64-tegn %02x\n"
-
msgid "no dirmngr running in this session\n"
msgstr "ingen dirmngr kjører i gjeldende økt\n"
msgid " runtime cached certificates: %u\n"
msgstr " hurtiglagrede sertifikater: %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr " hurtiglagrede sertifikater: %u\n"
+
msgid "certificate already cached\n"
msgstr "sertifikat allerede hurtiglagret\n"
msgid "certificate chain is good\n"
msgstr "sertifikatkjede er funnet i orden\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA krever kontrollsum på 160 bit\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr "sertifikat skulle ikke vært brukt til CRL-signering\n"
"Syntaks: gpg-check-pattern [valg] mønsterfil\n"
"Kontroller passordfrase oppgitt på standard innkanal mot valgt mønsterfil\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Skriv inn PIN%%0A[signaturer utført: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Skriv inn admin-PIN%%0A[gjenstående forsøk: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA krever kontrollsum på 160 bit\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [filnavn]"
--- /dev/null
+# Dutch translations for package gnupg2.
+# Copyright (C) 2006 Free Software Foundation, Inc.
+# This file is distributed under the same license as the gnupg package.
+# Automatically generated, 2006.
+#
+# All this catalog "translates" are quotation characters.
+# The msgids must be ASCII and therefore cannot contain real quotation
+# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
+# and double quote (0x22). These substitutes look strange; see
+# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
+#
+# This catalog translates grave accent (0x60) and apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019).
+# It also translates pairs of apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019)
+# and pairs of quotation mark (0x22) to
+# left double quotation mark (U+201C) and right double quotation mark (U+201D).
+#
+# When output to an UTF-8 terminal, the quotation characters appear perfectly.
+# When output to an ISO-8859-1 terminal, the single quotation marks are
+# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
+# grave/acute accent (by libiconv), and the double quotation marks are
+# transliterated to 0x22.
+# When output to an ASCII terminal, the single quotation marks are
+# transliterated to apostrophes, and the double quotation marks are
+# transliterated to 0x22.
+# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014, 2015.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 2.0.28\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"PO-Revision-Date: 2015-06-07 16:56+0200\n"
+"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
+"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Gtranslator 2.91.6\n"
+
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "verwerven van de pinentry-vergrendeling is mislukt: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+msgid "|pinentry-label|_OK"
+msgstr "|pinentry-label|_OK"
+
+msgid "|pinentry-label|_Cancel"
+msgstr "|pinentry-label|_Annuleren"
+
+msgid "|pinentry-label|_Yes"
+msgstr "|pinentry-label|_Ja"
+
+msgid "|pinentry-label|_No"
+msgstr "|pinentry-label|_Nee"
+
+msgid "|pinentry-label|PIN:"
+msgstr "|pinentry-label|Pincode:"
+
+msgid "|pinentry-label|_Save in password manager"
+msgstr "|pinentry-label|_Bewaren in de wachtwoordmanager"
+
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Wilt U uw wachtwoordzin echt zichtbaar maken op het scherm?"
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr "|pinentry-tt|Wachtwoordzin zichtbaar maken"
+
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "|pinentry-tt|Wachtwoordzin verbergen"
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+msgid "Quality:"
+msgstr "Kwaliteit:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+"De kwaliteit van de hierboven ingevoerde wachtwoordzin.\n"
+"Vraag aan uw systeembeheerder nadere toelichting bij\n"
+"de gehanteerde criteria voor het meten van de kwaliteit."
+
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+"Voer uw pincode in, zodat de geheime sleutel voor deze sessie ontgrendeld "
+"kan worden"
+
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Voer uw wachtwoordzin in, zodat de geheime sleutel voor deze sessie "
+"ontgrendeld kan worden"
+
+#. TRANSLATORS: The string is appended to an error message in
+#. the pinentry. The %s is the actual error message, the
+#. two %d give the current and maximum number of tries.
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (poging %d van %d)"
+
+msgid "PIN too long"
+msgstr "Pincode is te lang"
+
+msgid "Passphrase too long"
+msgstr "Wachtwoordzin is te lang"
+
+msgid "Invalid characters in PIN"
+msgstr "Ongeldige tekens in de pincode"
+
+msgid "PIN too short"
+msgstr "Pincode is te kort"
+
+msgid "Bad PIN"
+msgstr "Slechte pincode"
+
+msgid "Bad Passphrase"
+msgstr "Slechte wachtwoordzin"
+
+msgid "Passphrase"
+msgstr "Wachtwoordzin"
+
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "ssh-sleutels groter dan %d bits worden niet ondersteund\n"
+
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "kan `%s' niet aanmaken: %s\n"
+
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "kan `%s' niet openen: %s\n"
+
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "fout bij het opvragen van het serienummer van de kaart: %s\n"
+
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "kaart gevonden met serienummer: %s\n"
+
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr ""
+"fout bij het ophalen van de kaart van de ID van de standaard "
+"authenticatiesleutel: %s\n"
+
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "geen bruikbare kaartsleutel gevonden: %s\n"
+
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "verheimelijken van de sleutel is mislukt: %s\n"
+
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "fout bij het wegschrijven van de sleutel: %s\n"
+
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+"Een ssh-proces vroeg om het gebruik van sleutel%%0A %s%%0A (%s)%%0AWilt u "
+"dit toestaan?"
+
+msgid "Allow"
+msgstr "Toestaan"
+
+msgid "Deny"
+msgstr "Verbieden"
+
+#, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Voer de wachtwoordzin in voor de ssh-sleutel%%0A %F%%0A (%c)"
+
+msgid "Please re-enter this passphrase"
+msgstr "Gelieve deze wachtwoordzin nogmaals in te voeren"
+
+#, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A "
+"%s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Gelieve een wachtwoordzin in te voeren ter beveiliging van de verkregen "
+"geheime sleutel%%0A %s%%0A %s%%0Abinnen de sleutelopslagplaats van de "
+"gpg-agent"
+
+msgid "does not match - try again"
+msgstr "komt niet overeen - probeer opnieuw"
+
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "een gegevensstroom vanuit de socket doen ontstaan is mislukt: %s\n"
+
+msgid "Please insert the card with serial number"
+msgstr "Plaats de kaart met serienummer"
+
+msgid "Please remove the current card and insert the one with serial number"
+msgstr "Verwijder de huidige kaart en plaats die met serienummer"
+
+msgid "Admin PIN"
+msgstr "Pincode van de beheerder"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+msgid "PUK"
+msgstr "PUK-code"
+
+msgid "Reset Code"
+msgstr "Reset-Code"
+
+#, c-format
+msgid "%s%%0A%%0AUse the reader's pinpad for input."
+msgstr "%s%%0A%%0AGebruik het numeriek pad van de kaartlezer als input."
+
+msgid "Repeat this Reset Code"
+msgstr "Herhaal deze Reset-Code"
+
+msgid "Repeat this PUK"
+msgstr "Herhaal deze PUK-code"
+
+msgid "Repeat this PIN"
+msgstr "Herhaal deze pincode"
+
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Reset-Code was niet tweemaal hetzelfde; probeer opnieuw"
+
+msgid "PUK not correctly repeated; try again"
+msgstr "PUK-code was niet tweemaal hetzelfde; probeer opnieuw"
+
+msgid "PIN not correctly repeated; try again"
+msgstr "Pincode was niet tweemaal hetzelfde; probeer opnieuw"
+
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Gelieve de pincode%s%s%s in te voeren om de kaart te ontgrendelen"
+
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "fout bij het maken van een tijdelijk bestand: %s\n"
+
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "fout bij het schrijven naar het tijdelijk bestand: %s\n"
+
+msgid "Enter new passphrase"
+msgstr "Voer nieuwe wachtwoordzin in"
+
+msgid "Take this one anyway"
+msgstr "Die toch gebruiken"
+
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"Waarschuwing: u heeft een onveilige wachtwoordzin ingevoerd.%%0AEen "
+"wachtwoordzin moet minstens %u teken lang zijn."
+msgstr[1] ""
+"Waarschuwing: u heeft een onveilige wachtwoordzin ingevoerd.%%0AEen "
+"wachtwoordzin moet minstens %u tekens lang zijn."
+
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Waarschuwing: u heeft een onveilige wachtwoordzin ingevoerd.%%0AEen "
+"wachtwoordzin moet minstens %u cijfer of%%0A speciaal teken bevatten."
+msgstr[1] ""
+"Waarschuwing: u heeft een onveilige wachtwoordzin ingevoerd.%%0AEen "
+"wachtwoordzin moet minstens %u cijfers of%%0A speciale tekens bevatten."
+
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"Waarschuwing: u heeft een onveilige wachtwoordzin ingevoerd.%%0AEen "
+"wachtwoordzin mag geen bekende term zijn of overeenkomen met%%0A een bepaald "
+"patroon."
+
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+"U heeft geen wachtwoordzin ingevoerd!!%0AEen lege wachtwoordzin is niet "
+"toegestaan."
+
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"U heeft geen wachtwoordzin ingevoerd - dit is meestal en slecht idee!"
+"%0AGelieve te bevestigen dat u uw sleutel op geen enkele manier wenst te "
+"beveiligen."
+
+msgid "Yes, protection is not needed"
+msgstr "Ja, een beveiliging is onnodig"
+
+#, c-format
+msgid "Please enter the passphrase to%0Aprotect your new key"
+msgstr ""
+"Gelieve de wachtwoordzin in te voeren ter%0Abeveiliging van uw nieuwe sleutel"
+
+msgid "Please enter the new passphrase"
+msgstr "Gelieve de nieuwe wachtwoordzin in te voeren"
+
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Opties:\n"
+" "
+
+msgid "run in daemon mode (background)"
+msgstr "uitvoeren als achtergronddienst (daemon-modus)"
+
+msgid "run in server mode (foreground)"
+msgstr "uitvoeren in servermodus (voorgronddienst)"
+
+msgid "verbose"
+msgstr "gedetailleerd"
+
+msgid "be somewhat more quiet"
+msgstr "wees wat stiller"
+
+msgid "sh-style command output"
+msgstr "commando-uitvoer in sh-formaat"
+
+msgid "csh-style command output"
+msgstr "commando-uitvoer in csh-formaat"
+
+msgid "|FILE|read options from FILE"
+msgstr "|BESTAND|de opties inlezen vanuit BESTAND"
+
+msgid "do not detach from the console"
+msgstr "niet van de console loskoppelen"
+
+msgid "do not grab keyboard and mouse"
+msgstr "het toetsenbord en de muis niet kapen"
+
+msgid "use a log file for the server"
+msgstr "gebruik een logboekbestand voor de server"
+
+msgid "use a standard location for the socket"
+msgstr "gebruik een standaardlocatie voor de socket"
+
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PROG|PROG gebruiken als programma voor het invoeren van de pincode"
+
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PROG|PROG gebruiken als het programma voor de SC-achtergronddienst"
+
+msgid "do not use the SCdaemon"
+msgstr "gebruik de SC-achtergronddienst niet"
+
+msgid "ignore requests to change the TTY"
+msgstr "verzoeken om de TTY te wijzigen negeren"
+
+msgid "ignore requests to change the X display"
+msgstr "verzoeken om het grafisch beeldscherm te wijzigen negeren"
+
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|in de cache geladen pincodes laten verlopen na N seconden"
+
+msgid "do not use the PIN cache when signing"
+msgstr ""
+"maak bij het ondertekenen geen gebruik van het cachegeheugen met de pincodes"
+
+msgid "disallow clients to mark keys as \"trusted\""
+msgstr "clients niet toestaan om sleutels als \"betrouwbaar\" te markeren"
+
+msgid "allow presetting passphrase"
+msgstr "het vooraf instellen van de wachtwoordzin toestaan"
+
+msgid "enable ssh support"
+msgstr "ssh-ondersteuning mogelijk maken"
+
+msgid "enable putty support"
+msgstr "putty-ondersteuning mogelijk maken"
+
+msgid "disallow the use of an external password cache"
+msgstr "het gebruik van een externe wachtwoordcache niet toestaan"
+
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|BESTAND|schrijf omgevingsinstellingen ook weg naar BESTAND"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Gelieve fouten te signaleren aan <@EMAIL@>.\n"
+
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Gebruik: gpg-agent [opties] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"Syntaxis: gpg-agent [opties] [opdracht [argumenten]]\n"
+"Beheer van geheime sleutels van GnuPG\n"
+
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "ongeldig debug-niveau `%s' opgegeven\n"
+
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s is te oud (heb %s nodig, heb %s)\n"
+
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOOT: geen bestand `%s' met standaardopties\n"
+
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "optiebestand `%s': %s\n"
+
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "inlezen van opties uit `%s'\n"
+
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "fout bij het aanmaken van `%s': %s\n"
+
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "kan map `%s' niet maken: %s\n"
+
+msgid "name of socket too long\n"
+msgstr "socketnaam is te lang\n"
+
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "kan socket niet aanmaken: %s\n"
+
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "socketnaam `%s' is te lang\n"
+
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr ""
+"er is al een instantie van gpg-agent actief - er wordt geen nieuwe "
+"opgestart\n"
+
+msgid "error getting nonce for the socket\n"
+msgstr "fout bij het verkrijgen van nonce voor de socket\n"
+
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "fout bij de het verbinden van de socket met `%s': %s\n"
+
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "listen() is mislukt: %s\n"
+
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "er wordt geluisterd op socket `%s'\n"
+
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "map `%s' aangemaakt\n"
+
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "opvragen van status van `%s' mislukte: %s\n"
+
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "kan map `%s' niet gebruiken als thuismap\n"
+
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "fout bij het lezen van nonce op bestandsindicator %d: %s\n"
+
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "verwerker 0x%lx voor bestandsindicator %d werd gestart\n"
+
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "verwerker 0x%lx voor bestandsindicator %d werd beëindigd\n"
+
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "ssh-verwerker 0x%lx voor bestandsindicator %d werd gestart\n"
+
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "ssh-verwerker 0x%lx voor bestandsindicator %d werd beëindigd\n"
+
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select mislukte: %s - er wordt 1s gewacht\n"
+
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s gestopt\n"
+
+msgid "no gpg-agent running in this session\n"
+msgstr "er is geen instantie van gpg-agent actief tijdens deze sessie\n"
+
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "ongeldig formaat van de omgevingsvariabele GPG_AGENT_INFO\n"
+
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "protocolversie %d van gpg-agent wordt niet ondersteund\n"
+
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Gebruik: gpg-preset-passphrase [opties] SLEUTELHENDEL (-h voor hulp)\n"
+
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"Syntaxis: gpg-preset-passphrase [opties] SLEUTELHENDEL\n"
+"Onderhoud van de wachtwoordcache\n"
+
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Commando's:\n"
+" "
+
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opties:\n"
+" "
+
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Gebruik: gpg-protect-tool [opties] (-h voor hulp)\n"
+
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"Syntaxis: gpg-protect-tool [opties] [argumenten]\n"
+"Hulpmiddel voor het onderhoud van de geheime sleutels\n"
+
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr ""
+"Voer de wachtwoordzin in om de beveiliging van het PKCS#12-object op te "
+"heffen."
+
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Voer de wachtwoordzin in om het nieuwe PKCS#12-object te beveiligen."
+
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Voer de wachtwoordzin in om het in het GnuPG-systeem geïmporteerde object te "
+"beveiligen."
+
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Gelieve de wachtwoordzin of de pincode in te voeren\n"
+"dit is nodig om deze bewerking te voltooien."
+
+msgid "Passphrase:"
+msgstr "Wachtwoordzin:"
+
+msgid "cancelled\n"
+msgstr "geannuleerd\n"
+
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "fout bij het opvragen van de wachtwoordzin: %s\n"
+
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "fout bij het openen van `%s': %s\n"
+
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "bestand `%s', regel %d: %s\n"
+
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "instructie \"%s\" genegeerd in `%s', regel %d\n"
+
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "de lijst `%s' over systeembetrouwbaarheid is niet beschikbaar\n"
+
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "slechte vingerafdruk in `%s', regel %d\n"
+
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "ongeldige sleutelparameter in `%s', regel %d\n"
+
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "fout bij het lezen van `%s', regel %d: %s\n"
+
+msgid "error reading list of trusted root certificates\n"
+msgstr "fout bij het lezen van de lijst van vertrouwde stamcertificaten\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"Vertrouwt u er uiterst sterk op dat%%0A \"%s\"%%0Aop een correcte wijze "
+"gebruikerscertificaten certificeert?"
+
+msgid "Yes"
+msgstr "Ja"
+
+msgid "No"
+msgstr "Nee"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Gelieve te verifiëren of het certificaat dat geïdentificeerd werd als:%%0A "
+"\"%s\"%%0Avolgende vingerafdruk heeft:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+msgid "Correct"
+msgstr "Juist"
+
+msgid "Wrong"
+msgstr "Fout"
+
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+"Noot: Deze wachtwoordzin werd nog nooit gewijzigd.%0AGelieve hem nu te "
+"wijzigen."
+
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"Deze wachtwoordzin werd niet meer gewijzigd%%0Asinds %.4s-%.2s-%.2s. Gelieve "
+"hem nu te wijzigen."
+
+msgid "Change passphrase"
+msgstr "Wijzig de wachtwoordzin"
+
+msgid "I'll change it later"
+msgstr "Ik zal hem later wijzigen"
+
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "fout bij het maken van een pijp: %s\n"
+
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "kan de pijp met fdopen niet openen om eruit te lezen: %s\n"
+
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "fout bij het starten van een nieuw proces (fork): %s\n"
+
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "wachten op het einde van proces %d is mislukt: %s\n"
+
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "fout bij het opvragen van de afsluitcode van proces %d: %s\n"
+
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "fout bij het uitvoeren van `%s': afsluitstatus %d\n"
+
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "fout bij het uitvoeren van `%s': wellicht niet geïnstalleerd\n"
+
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "fout bij het uitvoeren van `%s': gestopt\n"
+
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "fout bij het maken van een socket: %s\n"
+
+msgid "host not found"
+msgstr "computer niet gevonden"
+
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent is niet beschikbaar tijdens deze sessie\n"
+
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "kan geen verbinding maken met `%s': %s\n"
+
+msgid "communication problem with gpg-agent\n"
+msgstr "probleem in de communicatie met gpg-agent\n"
+
+msgid "problem setting the gpg-agent options\n"
+msgstr "problemen bij het instellen van de opties voor gpg-agent\n"
+
+msgid "canceled by user\n"
+msgstr "afgebroken door de gebruiker\n"
+
+msgid "problem with the agent\n"
+msgstr "probleem met de agent\n"
+
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "het is niet mogelijk om core-dumps uit te schakelen: %s\n"
+
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Waarschuwing: onveilige eigendomsinstellingen op %s \"%s\"\n"
+
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Waarschuwing: onveilige toegangsrechten op %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "yes"
+msgstr "yes|ja"
+
+msgid "yY"
+msgstr "yYjJ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "no"
+msgstr "no|nee"
+
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "quit"
+msgstr "quit|stoppen"
+
+msgid "qQ"
+msgstr "qQsS"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "okay|okay"
+msgstr "okay|oké|ok|OK"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "cancel|cancel"
+msgstr "cancel|cancelen|annuleren"
+
+msgid "oO"
+msgstr "oO"
+
+msgid "cC"
+msgstr "cCaA"
+
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+"over de limiet van het beveiligde geheugen bij het reserveren van %lu bytes"
+
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "over de geheugenlimiet bij het reserveren van %lu bytes"
+
+msgid "no running gpg-agent - starting one\n"
+msgstr "er is geen instantie van gpg-agent actief - er wordt een gestart\n"
+
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr "er wordt %d seconden gewacht terwijl de agent opstart\n"
+
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+"kan geen verbinding krijgen met de agent - er wordt een noodoplossing "
+"geprobeerd\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+msgid "|audit-log-result|Good"
+msgstr "|audit-log-result|Goed"
+
+msgid "|audit-log-result|Bad"
+msgstr "|audit-log-result|Slecht"
+
+msgid "|audit-log-result|Not supported"
+msgstr "|audit-log-result|Niet ondersteund"
+
+msgid "|audit-log-result|No certificate"
+msgstr "|audit-log-result|Geen certificaat"
+
+msgid "|audit-log-result|Not enabled"
+msgstr "|audit-log-result|Niet geactiveerd"
+
+msgid "|audit-log-result|Error"
+msgstr "|audit-log-result|Fout"
+
+msgid "|audit-log-result|Not used"
+msgstr "|audit-log-result|Niet gebruikt"
+
+msgid "|audit-log-result|Okay"
+msgstr "|audit-log-result|Oké"
+
+msgid "|audit-log-result|Skipped"
+msgstr "|audit-log-result|Overgeslagen"
+
+msgid "|audit-log-result|Some"
+msgstr "|audit-log-result|Sommige"
+
+msgid "Certificate chain available"
+msgstr "Ketting van certificaten is beschikbaar"
+
+msgid "root certificate missing"
+msgstr "stamcertificaat ontbreekt"
+
+msgid "Data encryption succeeded"
+msgstr "Versleutelen van gegevens is geslaagd"
+
+msgid "Data available"
+msgstr "Er zijn gegevens beschikbaar"
+
+msgid "Session key created"
+msgstr "Sessiesleutel aangemaakt"
+
+#, c-format
+msgid "algorithm: %s"
+msgstr "algoritme: %s"
+
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "niet ondersteund algoritme: %s"
+
+msgid "seems to be not encrypted"
+msgstr "lijkt niet versleuteld te zijn"
+
+msgid "Number of recipients"
+msgstr "Aantal ontvangers"
+
+#, c-format
+msgid "Recipient %d"
+msgstr "Ontvanger %d"
+
+msgid "Data signing succeeded"
+msgstr "Gegevens ondertekenen is gelukt"
+
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr "algoritme voor het hashen van gegevens: %s"
+
+#, c-format
+msgid "Signer %d"
+msgstr "Ondertekenaar %d"
+
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr "algoritme voor het hashen van attributen: %s"
+
+msgid "Data decryption succeeded"
+msgstr "Gegevens versleutelen is gelukt"
+
+msgid "Encryption algorithm supported"
+msgstr "Versleutelingsalgoritme wordt ondersteund"
+
+msgid "Data verification succeeded"
+msgstr "Verificatie van gegevens is gelukt"
+
+msgid "Signature available"
+msgstr "Ondertekening is beschikbaar"
+
+msgid "Parsing data succeeded"
+msgstr "Gegevens ontleden is gelukt"
+
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "slecht algoritme voor het hashen van gegevens: %s"
+
+#, c-format
+msgid "Signature %d"
+msgstr "Handtekening %d"
+
+msgid "Certificate chain valid"
+msgstr "Ketting van certificaten is geldig"
+
+msgid "Root certificate trustworthy"
+msgstr "Stamcertificaat is betrouwbaar"
+
+msgid "no CRL found for certificate"
+msgstr "geen enkele lijst van intrekkingen gevonden voor het certificaat"
+
+msgid "the available CRL is too old"
+msgstr "de beschikbare lijst van intrekkingen is te oud"
+
+msgid "CRL/OCSP check of certificates"
+msgstr ""
+"Verificatie van de certificaten met de lijst van intrekkingen en met OCSP"
+
+msgid "Included certificates"
+msgstr "Ingesloten certificaten"
+
+msgid "No audit log entries."
+msgstr "Geen invoer in het auditlogboek."
+
+msgid "Unknown operation"
+msgstr "Onbekende bewerking"
+
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent kan gebruikt worden"
+
+msgid "Dirmngr usable"
+msgstr "Dirmngr kan gebruikt worden"
+
+#, c-format
+msgid "No help available for `%s'."
+msgstr "Geen hulp beschikbaar voor `%s'."
+
+msgid "ignoring garbage line"
+msgstr "regel met rommel wordt genegeerd"
+
+msgid "[none]"
+msgstr "[geen]"
+
+#, c-format
+msgid "armor: %s\n"
+msgstr "harnas: %s\n"
+
+msgid "invalid armor header: "
+msgstr "ongeldige harnas-intro: "
+
+msgid "armor header: "
+msgstr "harnas-intro: "
+
+msgid "invalid clearsig header\n"
+msgstr "ongeldige intro van de handtekening in klare tekst\n"
+
+msgid "unknown armor header: "
+msgstr "onbekende harnas-intro: "
+
+msgid "nested clear text signatures\n"
+msgstr "geneste ondertekeningen in klare tekst\n"
+
+msgid "unexpected armor: "
+msgstr "onverwacht harnas: "
+
+msgid "invalid dash escaped line: "
+msgstr "door liggend streepje afgeschermde regel is ongeldig: "
+
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "ongeldig radix64-teken %02X overgeslagen\n"
+
+msgid "premature eof (no CRC)\n"
+msgstr "voortijdig bestandseinde (eof) (geen CRC)\n"
+
+msgid "premature eof (in CRC)\n"
+msgstr "voortijdig bestandseinde (eof) (in CRC)\n"
+
+msgid "malformed CRC\n"
+msgstr "ongeldige CRC\n"
+
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC-fout; %06lX - %06lX\n"
+
+msgid "premature eof (in trailer)\n"
+msgstr "voortijdig bestandseinde (eof) (in de epiloog)\n"
+
+msgid "error in trailer line\n"
+msgstr "fout in epiloogregel\n"
+
+msgid "no valid OpenPGP data found.\n"
+msgstr "geen geldige OpenPGP-gegevens gevonden.\n"
+
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "ongeldig harnas: de regel is langer dan %d tekens\n"
+
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"harnas bevat een 'quoted printable'-teken - wellicht werd een defecte MTA "
+"(mail-server) gebruikt\n"
+
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"een notatiebenaming mag enkel afdrukbare tekens of spaties bevatten, en moet "
+"eindigen met een '='-teken\n"
+
+msgid "a user notation name must contain the '@' character\n"
+msgstr "een notatiebenaming voor een gebruiker moet het teken '@' bevatten\n"
+
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr ""
+"een notatiebenaming mag niet meer dan een keer het teken '@' bevatten\n"
+
+msgid "a notation value must not use any control characters\n"
+msgstr "een notatiewaarde mag geen enkel controleteken bevatten\n"
+
+msgid "WARNING: invalid notation data found\n"
+msgstr "WAARSCHUWING: ongeldige notatiegegevens gevonden\n"
+
+msgid "not human readable"
+msgstr "niet leesbaar door de gebruiker"
+
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP-kaart is niet beschikbaar: %s\n"
+
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "OpenPGP-kaartnummer %s gevonden\n"
+
+msgid "can't do this in batch mode\n"
+msgstr "dit is niet mogelijk in automatische modus\n"
+
+msgid "This command is only available for version 2 cards\n"
+msgstr "Dit commando is enkel beschikbaar voor kaarten van versie 2\n"
+
+msgid "Reset Code not or not anymore available\n"
+msgstr "Reset-Code niet of niet langer beschikbaar\n"
+
+msgid "Your selection? "
+msgstr "Uw keuze? "
+
+msgid "[not set]"
+msgstr "[niet ingesteld]"
+
+msgid "male"
+msgstr "man"
+
+msgid "female"
+msgstr "vrouw"
+
+msgid "unspecified"
+msgstr "niet gespecificeerd"
+
+msgid "not forced"
+msgstr "niet geforceerd"
+
+msgid "forced"
+msgstr "geforceerd"
+
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Fout: Alleen platte ASCII is momenteel toegestaan.\n"
+
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Fout: U mag het teken \"<\" niet gebruiken.\n"
+
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Fout: Dubbele spaties gebruiken is niet toegestaan.\n"
+
+msgid "Cardholder's surname: "
+msgstr "Achternaam van de kaarthouder: "
+
+msgid "Cardholder's given name: "
+msgstr "Voornaam van de kaarthouder: "
+
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Fout: Volledige naam is te lang (de limiet is %d tekens).\n"
+
+msgid "URL to retrieve public key: "
+msgstr "URL voor het ophalen van de publieke sleutel: "
+
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Fout: URL is te lang (de limiet is %d tekens).\n"
+
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "fout bij het reserveren van voldoende geheugen: %s\n"
+
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "fout bij het lezen van `%s': %s\n"
+
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr "fout bij het wegschrijven van `%s': %s\n"
+
+msgid "Login data (account name): "
+msgstr "Aanmeldgegevens (accountnaam): "
+
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Fout: Aanmeldgegevens zijn te lang (de limiet is %d tekens).\n"
+
+msgid "Private DO data: "
+msgstr "Geheime DO-gegevens: "
+
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Fout: Geheime DO is te lang (de limiet is %d tekens).\n"
+
+msgid "Language preferences: "
+msgstr "Taalvoorkeuren: "
+
+msgid "Error: invalid length of preference string.\n"
+msgstr "Fout: ongeldige lengte van de voorkeursinformatie.\n"
+
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Fout: ongeldige tekens in voorkeursinformatie.\n"
+
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Geslacht ((M)Man, (F)Vrouw of spatie): "
+
+msgid "Error: invalid response.\n"
+msgstr "Fout: ongeldig antwoord.\n"
+
+msgid "CA fingerprint: "
+msgstr "CA-vingerafdruk: "
+
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Fout: ongeldig opgemaakte vingerafdruk.\n"
+
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "sleutelbewerking is niet mogelijk: %s\n"
+
+msgid "not an OpenPGP card"
+msgstr "geen OpenPGP-kaart"
+
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "fout bij het ophalen van de gegevens van de huidige sleutel: %s\n"
+
+msgid "Replace existing key? (y/N) "
+msgstr "Bestaande sleutel vervangen? (j/N) "
+
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+"NOOT: Het kan niet gegarandeerd worden dat de kaart\n"
+" de gevraagde grootte ondersteunt.\n"
+" Indien het aanmaken van de sleutel niet lukt, moet u de documentatie\n"
+" bij uw kaart raadplegen om na te gaan welke groottes toegelaten zijn.\n"
+
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Welke sleutelgrootte wilt u voor de Ondertekeningssleutel? (%u) "
+
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Welke sleutelgrootte wilt u voor de Encryptiesleutel? (%u) "
+
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Welke sleutelgrootte wilt u voor de Authenticatiesleutel? (%u) "
+
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "afgerond naar %u bits\n"
+
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "%s sleutelgrootte moet vallen binnen het bereik %u-%u\n"
+
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+"De kaart zal nu opnieuw ingesteld worden om een sleutel van %u bits aan te "
+"maken\n"
+
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr ""
+"fout bij het veranderen van de grootte van sleutel %d naar %u bits: %s\n"
+
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Een externe reservekopie maken van de encryptiesleutel? (J/n) "
+
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "NOOT: sleutels worden al op de kaart bewaard!\n"
+
+msgid "Replace existing keys? (y/N) "
+msgstr "Bestaande sleutels vervangen? (j/N) "
+
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Gelieve te noteren dat de fabrieksinstellingen voor de pincodes de volgende "
+"zijn:\n"
+" pincode = `%s' Beheerderspincode = `%s'\n"
+"U wordt aangeraden deze te wijzigen met het commando --change-pin\n"
+
+msgid "Please select the type of key to generate:\n"
+msgstr "Selecteer het type sleutel dat aangemaakt moet worden:\n"
+
+msgid " (1) Signature key\n"
+msgstr " (1) Ondertekeningssleutel\n"
+
+msgid " (2) Encryption key\n"
+msgstr " (2) Encryptiesleutel\n"
+
+msgid " (3) Authentication key\n"
+msgstr " (3) Authenticatiesleutel\n"
+
+msgid "Invalid selection.\n"
+msgstr "Ongeldige keuze.\n"
+
+msgid "Please select where to store the key:\n"
+msgstr "Geef aan waar de sleutel moet opgeslagen worden:\n"
+
+msgid "unknown key protection algorithm\n"
+msgstr "onbekend sleutelbeveiligingsalgoritme\n"
+
+msgid "secret parts of key are not available\n"
+msgstr "geheime delen van de sleutel zijn niet beschikbaar\n"
+
+msgid "secret key already stored on a card\n"
+msgstr "geheime sleutel staat reeds op de kaart\n"
+
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr "fout bij het wegschrijven van de sleutel naar de kaart: %s\n"
+
+msgid "quit this menu"
+msgstr "dit menu verlaten"
+
+msgid "show admin commands"
+msgstr "toon beheerderscommando's"
+
+msgid "show this help"
+msgstr "toon deze hulp"
+
+msgid "list all available data"
+msgstr "toon alle beschikbare gegevens"
+
+msgid "change card holder's name"
+msgstr "verander de naam van de kaarthouder"
+
+msgid "change URL to retrieve key"
+msgstr "verander de URL waarvan de sleutel opgehaald moet worden"
+
+msgid "fetch the key specified in the card URL"
+msgstr "haal de sleutel op van de URL die op de kaart vermeld staat"
+
+msgid "change the login name"
+msgstr "verander de aanmeldnaam"
+
+msgid "change the language preferences"
+msgstr "verander de taalvoorkeuren"
+
+msgid "change card holder's sex"
+msgstr "verander het geslacht van de kaarthouder"
+
+msgid "change a CA fingerprint"
+msgstr "verander een CA-vingerafdruk"
+
+msgid "toggle the signature force PIN flag"
+msgstr ""
+"schakel de parameter die om een pincode vraagt bij het ondertekenen aan/uit"
+
+msgid "generate new keys"
+msgstr "maak nieuwe sleutels aan"
+
+msgid "menu to change or unblock the PIN"
+msgstr "menu voor het wijzigen of ontgrendelen van de pincode"
+
+msgid "verify the PIN and list all data"
+msgstr "controleer de pincode en toon alle gegevens"
+
+msgid "unblock the PIN using a Reset Code"
+msgstr "ontgrendel de pincode met behulp van een Reset-Code"
+
+msgid "gpg/card> "
+msgstr "gpg/kaart> "
+
+msgid "Admin-only command\n"
+msgstr "Enkel de beheerder kan dit commando uitvoeren\n"
+
+msgid "Admin commands are allowed\n"
+msgstr "Beheerderscommando's zijn toegestaan\n"
+
+msgid "Admin commands are not allowed\n"
+msgstr "Beheerderscommando's zijn niet toegestaan\n"
+
+msgid "Invalid command (try \"help\")\n"
+msgstr "Ongeldig commando (probeer \"help\")\n"
+
+msgid "--output doesn't work for this command\n"
+msgstr "--output werkt niet voor dit commando\n"
+
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "kan `%s' niet openen\n"
+
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "sleutel \"%s\" niet gevonden: %s\n"
+
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "fout tijdens het lezen van sleutelblok: %s\n"
+
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(tenzij u de sleutel via de vingerafdruk specificeert)\n"
+
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr ""
+"dit is onmogelijk in automatische modus zonder de parameter \"--yes\"\n"
+
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Deze sleutel uit de sleutelring verwijderen? (j/N) "
+
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Dit is een geheime sleutel! - echt verwijderen? (j/N) "
+
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "verwijderen van sleutelblok is mislukt: %s\n"
+
+msgid "ownertrust information cleared\n"
+msgstr "de betrouwbaarheidsgegevens werden gewist\n"
+
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "een geheime sleutel fungeert als publieke sleutel \"%s\"!\n"
+
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+"gebruik de optie \"--delete-secret-keys\" om hem eerst te verwijderen.\n"
+
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "fout bij het maken van de wachtwoordzin: %s\n"
+
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "kan geen symmetrisch ESK-pakket gebruiken omwille van de S2K-modus\n"
+
+#, c-format
+msgid "using cipher %s\n"
+msgstr "versleutelingsalgoritme %s wordt gebruikt\n"
+
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' is reeds gecomprimeerd\n"
+
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "WAARSCHUWING: `%s' is een leeg bestand\n"
+
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"U kunt enkel versleutelen naar RSA-sleutels van 2048 bits of minder in de "
+"modus --pgp2\n"
+
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "lezen van `%s'\n"
+
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"het is onmogelijk om het IDEA-versleutelingsalgoritme te gebruiken voor al "
+"de sleutels waarnaar u versleutelt.\n"
+
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"WAARSCHUWING: het dwingend opleggen van het symmetrisch "
+"versleutelingsalgoritme %s (%d) gaat in tegen de voorkeuren van de "
+"ontvanger\n"
+
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"WAARSCHUWING: het dwingend opleggen van het compressiealgoritme %s (%d) gaat "
+"in tegen de voorkeuren van de ontvanger\n"
+
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"het dwingend opleggen van het symmetrisch versleutelingsalgoritme %s (%d) "
+"gaat in tegen de voorkeuren van de ontvanger\n"
+
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "u mag %s niet gebruiken in de %s-modus\n"
+
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s versleuteld voor: \"%s\"\n"
+
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s versleutelde gegevens\n"
+
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "versleuteld met onbekend algoritme %d\n"
+
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"WAARSCHUWING: het bericht is versleuteld met een zwakke sleutel in het "
+"symmetrische versleutelingsalgoritme.\n"
+
+msgid "problem handling encrypted packet\n"
+msgstr "probleem met het verwerken van het versleutelde pakket\n"
+
+msgid "no remote program execution supported\n"
+msgstr "het uitvoeren van externe programma's wordt niet ondersteund\n"
+
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"het aanroepen van externe programma's is uitgeschakeld omdat de "
+"toegangsrechten van het optiebestand onveilig zijn\n"
+
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"dit platform heeft tijdelijke bestanden nodig bij het aanroepen van externe "
+"programma's\n"
+
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "kan programma `%s' niet uitvoeren: %s\n"
+
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "kan shell `%s' niet uitvoeren: %s\n"
+
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systeemfout bij het aanroepen van een extern programma: %s\n"
+
+msgid "unnatural exit of external program\n"
+msgstr "onnatuurlijk einde van het externe programma\n"
+
+msgid "unable to execute external program\n"
+msgstr "niet in staat om het externe programma uit te voeren\n"
+
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "niet in staat om het antwoord van het externe programma te lezen: %s\n"
+
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+"WAARSCHUWING: tijdelijk bestand (%s) `%s' kan niet verwijderd worden: %s\n"
+
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "WAARSCHUWING: tijdelijke map `%s' kan niet verwijderd worden: %s\n"
+
+msgid "export signatures that are marked as local-only"
+msgstr "exporteer handtekeningen die gemarkeerd staan als uitsluitend lokaal"
+
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+"exporteer identiteitsattributen van gebruikers (meestal identiteitsfoto's)"
+
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "exporteer intrekkingssleutels die als \"gevoelig\" gemarkeerd zijn"
+
+msgid "remove the passphrase from exported subkeys"
+msgstr "verwijder de wachtwoordzin van de geëxporteerde subsleutels"
+
+msgid "remove unusable parts from key during export"
+msgstr "verwijder de onbruikbare delen van de sleutel tijdens het exporteren"
+
+msgid "remove as much as possible from key during export"
+msgstr "verwijder zo veel mogelijk van de sleutel tijdens het exporteren"
+
+msgid "export keys in an S-expression based format"
+msgstr "exporteer sleutels in een formaat gebaseerd op een S-expressie"
+
+msgid "exporting secret keys not allowed\n"
+msgstr "het exporteren van geheime sleutels is niet toegestaan\n"
+
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "sleutel %s: niet beveiligd - overgeslagen\n"
+
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "sleutel %s: sleutel van het type PGP 2.x - overgeslagen\n"
+
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "sleutel %s: sleutelmateriaal op kaart - overgeslagen\n"
+
+msgid "about to export an unprotected subkey\n"
+msgstr "sta op het punt om een onbeveiligde subsleutel te exporteren\n"
+
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "wegnemen van de beveiliging van de subsleutel is mislukt: %s\n"
+
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+"WAARSCHUWING: geheime sleutel %s heeft geen eenvoudige SK-controlesom\n"
+
+msgid "WARNING: nothing exported\n"
+msgstr "WAARSCHUWING: er werd niets geëxporteerd\n"
+
+msgid "too many entries in pk cache - disabled\n"
+msgstr "te veel regels in de pk-cache - gedeactiveerd\n"
+
+msgid "[User ID not found]"
+msgstr "[Gebruikers-ID niet gevonden]"
+
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "sleutel %s: geheime sleutel zonder publieke sleutel - overgeslagen\n"
+
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "`%s' automatisch opgehaald via %s\n"
+
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "fout bij het ophalen van `%s' via %s: %s\n"
+
+msgid "No fingerprint"
+msgstr "Geen vingerafdruk"
+
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Ongeldige sleutel %s is geldig gemaakt met --allow-non-selfsigned-uid\n"
+
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "geen geheime subsleutel voor publieke subsleutel %s - overgeslagen\n"
+
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "subsleutel %s wordt gebruikt in plaats van primaire sleutel %s\n"
+
+msgid "make a signature"
+msgstr "maak een ondertekening"
+
+msgid "make a clear text signature"
+msgstr "maak een ondertekening in klare tekst"
+
+msgid "make a detached signature"
+msgstr "maak een ontkoppelde ondertekening"
+
+msgid "encrypt data"
+msgstr "versleutel gegevens"
+
+msgid "encryption only with symmetric cipher"
+msgstr "enkel versleutelen met het symmetrisch versleutelingsalgoritme"
+
+msgid "decrypt data (default)"
+msgstr "ontcijfer gegevens (standaard)"
+
+msgid "verify a signature"
+msgstr "controleer een ondertekening"
+
+msgid "list keys"
+msgstr "toon sleutels"
+
+msgid "list keys and signatures"
+msgstr "toon sleutels en ondertekeningen"
+
+msgid "list and check key signatures"
+msgstr "toon en controleer sleutelondertekeningen"
+
+msgid "list keys and fingerprints"
+msgstr "toon sleutels en vingerafdrukken"
+
+msgid "list secret keys"
+msgstr "toon geheime sleutels"
+
+msgid "generate a new key pair"
+msgstr "maak een nieuw sleutelpaar aan"
+
+msgid "generate a revocation certificate"
+msgstr "maak een intrekkingscertificaat aan"
+
+msgid "remove keys from the public keyring"
+msgstr "verwijder sleutels uit de publieke sleutelring"
+
+msgid "remove keys from the secret keyring"
+msgstr "verwijder sleutels uit de geheime sleutelring"
+
+msgid "sign a key"
+msgstr "onderteken een sleutel"
+
+msgid "sign a key locally"
+msgstr "onderteken een sleutel lokaal"
+
+msgid "sign or edit a key"
+msgstr "onderteken of bewerk een sleutel"
+
+msgid "change a passphrase"
+msgstr "wijzig een wachtwoordzin"
+
+msgid "export keys"
+msgstr "exporteer sleutels"
+
+msgid "export keys to a keyserver"
+msgstr "exporteer sleutels naar een sleutelserver"
+
+msgid "import keys from a keyserver"
+msgstr "importeer sleutels van een sleutelserver"
+
+msgid "search for keys on a keyserver"
+msgstr "zoek naar sleutels op een sleutelserver"
+
+msgid "update all keys from a keyserver"
+msgstr "alle sleutels bijwerken vanaf een sleutelserver"
+
+msgid "import/merge keys"
+msgstr "sleutels importeren/samenvoegen"
+
+msgid "print the card status"
+msgstr "toon de kaartstatus"
+
+msgid "change data on a card"
+msgstr "wijzig gegevens op een kaart"
+
+msgid "change a card's PIN"
+msgstr "wijzig de pincode van een kaart"
+
+msgid "update the trust database"
+msgstr "werk de database met betrouwbaarheidsinformatie bij"
+
+msgid "print message digests"
+msgstr "toon de hash-waarden van het bericht"
+
+msgid "run in server mode"
+msgstr "in servermodus uitvoeren"
+
+msgid "create ascii armored output"
+msgstr "creëer uitvoer in ascii-harnas"
+
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|GEBRUIKERS-ID|versleutel voor GEBRUIKERS-ID"
+
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+"|GEBRUIKERS-ID|gebruik deze GEBRUIKERS-ID om te ondertekenen of te "
+"ontcijferen"
+
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|stel compressieniveau N in (0 voor geen)"
+
+msgid "use canonical text mode"
+msgstr "gebruik de gebruikelijke tekstmodus"
+
+msgid "|FILE|write output to FILE"
+msgstr "|BESTAND|schrijf uitvoer weg naar BESTAND"
+
+msgid "do not make any changes"
+msgstr "maak geen wijzigingen"
+
+msgid "prompt before overwriting"
+msgstr "niet overschrijven zonder te vragen"
+
+msgid "use strict OpenPGP behavior"
+msgstr "strikt OpenPGP-gedrag toepassen"
+
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(zie de man-pagina voor een complete lijst van alle commando's en opties)\n"
+
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clear-sign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Voorbeelden:\n"
+"\n"
+" -se -r Bob [bestand] onderteken en versleutel voor gebruiker Bob\n"
+" --clear-sign [bestand] maak een ondertekening in klare tekst\n"
+" --detach-sign [bestand] maak een ontkoppelde ondertekening\n"
+" --list-keys [namen] toon sleutels\n"
+" --fingerprint [namen] toon vingerafdrukken\n"
+
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Gebruik: gpg [opties] [bestanden] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"Sign, check, encrypt or decrypt\n"
+"Default operation depends on the input data\n"
+msgstr ""
+"Syntaxis: gpg [opties] [bestanden]\n"
+"Onderteken, controleer, versleutel of ontcijfer\n"
+"Standaardactie is afhankelijk van de gegevensinvoer\n"
+
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Ondersteunde algoritmes:\n"
+
+msgid "Pubkey: "
+msgstr "Publieke sleutel: "
+
+msgid "Cipher: "
+msgstr "Versleutelingsalgoritme: "
+
+msgid "Hash: "
+msgstr "Hashalgoritme: "
+
+msgid "Compression: "
+msgstr "Compressiealgoritme: "
+
+msgid "usage: gpg [options] "
+msgstr "gebruik: gpg [opties] "
+
+msgid "conflicting commands\n"
+msgstr "conflicterende commando's\n"
+
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "geen '='-teken gevonden in de groepsdefinitie `%s'\n"
+
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "WAARSCHUWING: onveilige eigendomsinstellingen van thuismap `%s'\n"
+
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr ""
+"WAARSCHUWING: onveilige eigendomsinstellingen van configuratiebestand `%s'\n"
+
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "WAARSCHUWING: onveilige eigendomsinstellingen van uitbreiding ‘%s’\n"
+
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "WAARSCHUWING: toegangsrechten van thuismap `%s' zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr ""
+"WAARSCHUWING: toegangsrechten van configuratiebestand `%s' zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "WAARSCHUWING: toegangsrechten van uitbreiding ‘%s’ zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"WAARSCHUWING: de eigendomsinstellingen van de map waarin de thuismap `%s' "
+"zich bevindt, zijn onveilig\n"
+
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"WAARSCHUWING: de eigendomsinstellingen van de map waarin configuratiebestand "
+"`%s' zich bevindt, zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"WAARSCHUWING: de eigendomsinstellingen van de map waarin uitbreiding `%s' "
+"zich bevindt, zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"WAARSCHUWING: de toegangsrechten van de map waarin de thuismap `%s' zich "
+"bevindt, zijn onveilig\n"
+
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"WAARSCHUWING: de toegangsrechten van de map waarin configuratiebestand `%s' "
+"zich bevindt, zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"WAARSCHUWING: de toegangsrechten van de map waarin uitbreiding `%s' zich "
+"bevindt, zijn onveilig\n"
+
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "onbekend configuratie-item `%s'\n"
+
+msgid "display photo IDs during key listings"
+msgstr "toon identiteitsfoto's bij de lijst van sleutels"
+
+msgid "show policy URLs during signature listings"
+msgstr "toon richtlijn-URL's bij de lijst van handtekeningen"
+
+msgid "show all notations during signature listings"
+msgstr "toon alle notaties bij het weergeven van de lijst van handtekeningen"
+
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+"toon IETF-standaardnotaties bij het weergeven van de lijst van handtekeningen"
+
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+"toon door de gebruiker gemaakte notaties bij het weergeven van de lijst van "
+"handtekeningen"
+
+msgid "show preferred keyserver URLs during signature listings"
+msgstr ""
+"toon de URL van de voorkeurssleutelserver bij de lijst van handtekeningen"
+
+msgid "show user ID validity during key listings"
+msgstr "toon de geldigheid van de gebruikers-ID bij de lijst van sleutels"
+
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+"toon de ingetrokken en verlopen gebruikers-ID's bij de lijst van sleutels"
+
+msgid "show revoked and expired subkeys in key listings"
+msgstr "toon de ingetrokken en vervallen subsleutels bij de lijst van sleutels"
+
+msgid "show the keyring name in key listings"
+msgstr "toon de naam van de sleutelring bij de lijst van sleutels"
+
+msgid "show expiration dates during signature listings"
+msgstr "toon de vervaldata bij de lijst van handtekeningen"
+
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOOT: oud bestand `%s' met standaardopties werd genegeerd\n"
+
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libgcrypt is te oud (heb %s nodig, heb %s)\n"
+
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOOT: %s is niet bedoeld voor normaal gebruik!\n"
+
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "`%s' is geen geldige vervaldatum voor handtekeningen\n"
+
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "`%s' is geen geldige tekenset\n"
+
+msgid "could not parse keyserver URL\n"
+msgstr "kon de URL van de sleutelserver niet ontleden\n"
+
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: ongeldige sleutelserveropties\n"
+
+msgid "invalid keyserver options\n"
+msgstr "ongeldige sleutelserveropties\n"
+
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: ongeldige importopties\n"
+
+msgid "invalid import options\n"
+msgstr "ongeldige importopties\n"
+
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: ongeldige exportopties\n"
+
+msgid "invalid export options\n"
+msgstr "ongeldige exportopties\n"
+
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: ongeldige lijstopties\n"
+
+msgid "invalid list options\n"
+msgstr "ongeldige lijstopties\n"
+
+msgid "display photo IDs during signature verification"
+msgstr "toon identiteitsfoto's bij het controleren van de handtekening"
+
+msgid "show policy URLs during signature verification"
+msgstr "toon richtlijn-URL's bij het controleren van de handtekening"
+
+msgid "show all notations during signature verification"
+msgstr "toon alle notaties bij het controleren van de handtekening"
+
+msgid "show IETF standard notations during signature verification"
+msgstr "toon IETF-standaardnotaties bij het controleren van de handtekening"
+
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+"toon door de gebruiker gemaakte notaties bij het controleren van de "
+"handtekening"
+
+msgid "show preferred keyserver URLs during signature verification"
+msgstr ""
+"toon de URL van de voorkeurssleutelserver bij het controleren van de "
+"handtekening"
+
+msgid "show user ID validity during signature verification"
+msgstr ""
+"toon de geldigheid van de gebruikers-ID bij het controleren van de "
+"handtekening"
+
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+"toon de ingetrokken en vervallen gebruikers-ID's bij het controleren van de "
+"handtekening"
+
+msgid "show only the primary user ID in signature verification"
+msgstr ""
+"toon enkel de primaire gebruikers-ID bij het controleren van de handtekening"
+
+msgid "validate signatures with PKA data"
+msgstr "valideer ondertekeningen met PKA-gegevens"
+
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+"verhoog de betrouwbaarheid van ondertekeningen met geldige PKA-gegevens"
+
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: ongeldige verificatieopties\n"
+
+msgid "invalid verify options\n"
+msgstr "ongeldige verificatieopties\n"
+
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "kon het pad naar het programma %s niet instellen\n"
+
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: lijst voor het automatisch opzoeken van sleutels is ongeldig\n"
+
+msgid "invalid auto-key-locate list\n"
+msgstr "lijst voor het automatisch opzoeken van sleutels is ongeldig\n"
+
+msgid "WARNING: program may create a core file!\n"
+msgstr "WAARSCHUWING: het programma zou een core-dump-bestand kunnen maken!\n"
+
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "WAARSCHUWING: %s heeft voorrang op %s\n"
+
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s mag niet gebruikt worden met %s!\n"
+
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s is zinloos in combinatie met %s!\n"
+
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "zal met onveilig geheugen niet werken wegens %s\n"
+
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"enkel ontkoppelde ondertekeningen of handtekeningen in klare tekst zijn "
+"mogelijk in de modus --pgp2\n"
+
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "u kunt miet tegelijk ondertekenen en versleutelen in de modus --pgp2\n"
+
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "u moet bestanden (en geen pipe) gebruiken in de modus --pgp2.\n"
+
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+"om een bericht te versleutelen in de modus --pgp2 is het IDEA-"
+"versleutelingsalgoritme nodig\n"
+
+msgid "selected cipher algorithm is invalid\n"
+msgstr "ongeldig versleutelingsalgoritme gekozen\n"
+
+msgid "selected digest algorithm is invalid\n"
+msgstr "ongeldig hashalgoritme gekozen\n"
+
+msgid "selected compression algorithm is invalid\n"
+msgstr "ongeldig compressiealgoritme gekozen\n"
+
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "het gekozen hashalgoritme voor certificatie is ongeldig\n"
+
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed moet groter zijn dan 0\n"
+
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed moet groter zijn dan 1\n"
+
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth moet liggen tussen 1 en 255\n"
+
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "ongeldig default-cert-level; moet 0, 1, 2 of 3 zijn\n"
+
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "ongeldig min-cert-level; moet 1, 2 of 3 zijn\n"
+
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOOT: eenvoudige S2K-modus (0) wordt sterk afgeraden\n"
+
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "ongeldige S2K-modus; moet 0, 1 of 3 zijn\n"
+
+msgid "invalid default preferences\n"
+msgstr "ongeldige standaardvoorkeuren\n"
+
+msgid "invalid personal cipher preferences\n"
+msgstr "ongeldige voorkeuren in het persoonlijk versleutelingsalgoritme\n"
+
+msgid "invalid personal digest preferences\n"
+msgstr "ongeldige voorkeuren in het persoonlijk hashalgoritme\n"
+
+msgid "invalid personal compress preferences\n"
+msgstr "ongeldige voorkeuren in het persoonlijk compressiealgoritme\n"
+
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s werkt nog niet met %s\n"
+
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "u mag versleutelingsalgoritme `%s' niet gebruiken in %s-modus\n"
+
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "u mag hashalgoritme `%s' niet gebruiken in %s-modus\n"
+
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "u mag compressiealgoritme `%s' niet gebruiken in %s-modus\n"
+
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr ""
+"initialiseren van de TrustDB (database van vertrouwen) is mislukt: %s\n"
+
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"WAARSCHUWING: er werden ontvangers (-r) opgegeven zonder dat versleuteling "
+"met een publieke sleutel toegepast wordt\n"
+
+msgid "--store [filename]"
+msgstr "--store [bestandsnaam]"
+
+msgid "--symmetric [filename]"
+msgstr "--symmetric [bestandsnaam]"
+
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "symmetrische versleuteling van `%s' is mislukt: %s\n"
+
+msgid "--encrypt [filename]"
+msgstr "--encrypt [bestandsnaam]"
+
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [bestandsnaam]"
+
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "u kunt --symmetric --encrypt niet gebruiken samen met --s2k-mode 0\n"
+
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "u kunt --symmetric --encrypt niet in %s-modus gebruiken\n"
+
+msgid "--sign [filename]"
+msgstr "--sign [bestandsnaam]"
+
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [bestandsnaam]"
+
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [bestandsnaam]"
+
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+"u kunt --symmetric --sign --encrypt niet gebruiken samen met --s2k-mode 0\n"
+
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "u kunt --symmetric --sign --encrypt niet in %s-modus gebruiken\n"
+
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [bestandsnaam]"
+
+msgid "--clear-sign [filename]"
+msgstr "--clear-sign [bestandsnaam]"
+
+msgid "--decrypt [filename]"
+msgstr "--decrypt [bestandsnaam]"
+
+msgid "--sign-key user-id"
+msgstr "--sign-key gebruikers-id"
+
+msgid "--lsign-key user-id"
+msgstr "--lsign-key gebruikers-id"
+
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key gebruikers-id [commando's]"
+
+msgid "--passwd <user-id>"
+msgstr "--passwd <gebruikers-id>"
+
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "verzenden naar sleutelserver is mislukt: %s\n"
+
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "opvragen vanaf sleutelserver is mislukt: %s\n"
+
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "sleutel exporteren is mislukt: %s\n"
+
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "opzoeking op sleutelserver is mislukt: %s\n"
+
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "verversen vanaf sleutelserver is mislukt: %s\n"
+
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "ontmantelen van harnas is mislukt: %s\n"
+
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "opbouwen van harnas is mislukt: %s\n"
+
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "ongeldig hashalgoritme `%s'\n"
+
+msgid "[filename]"
+msgstr "[bestandsnaam]"
+
+msgid "Go ahead and type your message ...\n"
+msgstr "U kunt uw bericht typen ...\n"
+
+msgid "the given certification policy URL is invalid\n"
+msgstr "de opgegeven URL voor certificeringsrichtlijnen is ongeldig\n"
+
+msgid "the given signature policy URL is invalid\n"
+msgstr "de opgegeven URL voor ondertekeningsrichtlijnen is ongeldig\n"
+
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "de opgegeven URL voor de voorkeurssleutelserver is ongeldig\n"
+
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|BESTAND|gebruik de sleutels van de sleutelring BESTAND"
+
+msgid "make timestamp conflicts only a warning"
+msgstr "maak dateringsconflicten slechts een waarschuwing waard"
+
+msgid "|FD|write status info to this FD"
+msgstr "|FD|schrijf statusinformatie naar deze bestandsindicator (FD)"
+
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Gebruik: gpgv [opties] [bestanden] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Syntaxis: gpg [opties] [bestanden]\n"
+"Controleer ondertekeningen via gekende en vertrouwde sleutels\n"
+
+msgid "No help available"
+msgstr "Geen hulp beschikbaar"
+
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Geen hulp beschikbaar voor `%s'"
+
+msgid "import signatures that are marked as local-only"
+msgstr "importeer handtekeningen die als uitsluitend lokaal zijn gemarkeerd"
+
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+"herstel beschadigingen die ontstaan zijn bij het importeren vanuit de pks-"
+"sleutelserver"
+
+msgid "do not clear the ownertrust values during import"
+msgstr ""
+"zet de waarden in verband met betrouwbaarheid bij het importeren niet op nul"
+
+msgid "do not update the trustdb after import"
+msgstr "werk de betrouwbaarheidsdatabank (trustdb) niet bij na het importeren"
+
+msgid "create a public key when importing a secret key"
+msgstr ""
+"maak een publieke sleutel aan bij het importeren van een geheime sleutel"
+
+msgid "only accept updates to existing keys"
+msgstr "accepteer alleen het bijwerken van bestaande sleutels"
+
+msgid "remove unusable parts from key after import"
+msgstr "verwijder onbruikbare delen van de sleutel na het importeren"
+
+msgid "remove as much as possible from key after import"
+msgstr "verwijder zo veel mogelijk van de sleutel na het importeren"
+
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "blok van het type %d wordt overgeslagen\n"
+
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu sleutels verwerkt tot dusver\n"
+
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr " Totaal aantal verwerkt: %lu\n"
+
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " overgeslagen nieuwe sleutels: %lu\n"
+
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " zonder gebruikers-ID: %lu\n"
+
+#, c-format
+msgid " imported: %lu"
+msgstr " geïmporteerd: %lu"
+
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " onveranderd: %lu\n"
+
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nieuwe gebruikers-ID's: %lu\n"
+
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nieuwe subsleutels: %lu\n"
+
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nieuwe handtekeningen: %lu\n"
+
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr "nieuwe intrekkingen van sleutels: %lu\n"
+
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " gelezen geheime sleutels: %lu\n"
+
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " geïmporteerde geheime sleutels: %lu\n"
+
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " ongewijzigde geheime sleutels: %lu\n"
+
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " niet geïmporteerd: %lu\n"
+
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " opgeschoonde handtekeningen: %lu\n"
+
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " opgeschoonde gebruikers-ID's: %lu\n"
+
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"WAARSCHUWING: sleutel %s bevat voorkeuren voor niet-beschikbare\n"
+"algoritmes bij deze gebruikers-ID's:\n"
+
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": voorkeur voor versleutelingsalgoritme %s\n"
+
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": voorkeur voor hashalgoritme %s\n"
+
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " \"%s\": voorkeur voor compressiealgoritme %s\n"
+
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "we raden u sterk aan om uw voorkeuren aan te passen en\n"
+
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"om deze sleutel opnieuw te distribueren om mogelijke problemen met niet-"
+"overeenstemmende algoritmes te voorkomen\n"
+
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr "u kunt uw voorkeuren bijwerken met: gpg --edit-key %s updpref save\n"
+
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "sleutel %s: geen gebruikers-ID\n"
+
+#, c-format
+msgid "key %s: %s\n"
+msgstr "sleutel %s: %s\n"
+
+msgid "rejected by import filter"
+msgstr "verworpen door de importfilter"
+
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "sleutel %s: beschadigingen in PKS-subsleutel hersteld\n"
+
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "sleutel %s: niet auto-gesigneerde gebruikers-ID \"%s\" aanvaard\n"
+
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "sleutel %s: geen geldige gebruikers-ID's\n"
+
+msgid "this may be caused by a missing self-signature\n"
+msgstr ""
+"dit kan veroorzaakt worden door het ontbreken van een eigen ondertekening\n"
+
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "sleutel %s: publieke sleutel niet gevonden: %s\n"
+
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "sleutel %s: nieuwe sleutel - overgeslagen\n"
+
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "geen sleutelring gevonden waarnaartoe geschreven kan worden: %s\n"
+
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "aan het schrijven naar `%s'\n"
+
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "fout bij het schrijven naar sleutelring `%s': %s\n"
+
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "sleutel %s: publieke sleutel \"%s\" geïmporteerd\n"
+
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "sleutel %s: stemt niet overeen met onze kopie\n"
+
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "sleutel %s: kan het originele sleutelblok niet vinden: %s\n"
+
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "sleutel %s: kan het originele sleutelblok niet lezen: %s\n"
+
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "sleutel %s: \"%s\" 1 nieuwe gebruikers-ID\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "sleutel %s: \"%s\" %d nieuwe gebruikers-ID's\n"
+
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "sleutel %s: \"%s\" 1 nieuwe ondertekening\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "sleutel %s: \"%s\" %d nieuwe ondertekeningen\n"
+
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "sleutel %s: \"%s\" 1 nieuwe subsleutel\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "sleutel %s: \"%s\" %d nieuwe subsleutels\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "sleutel %s: \"%s\" %d ondertekening opgeschoond\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "sleutel %s: \"%s\" %d ondertekeningen opgeschoond\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "sleutel %s: \"%s\" %d gebruikers-ID opgeschoond\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "sleutel %s: \"%s\" %d gebruikers-ID's opgeschoond\n"
+
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "sleutel %s: \"%s\" niet veranderd\n"
+
+#, c-format
+msgid "secret key %s: %s\n"
+msgstr "geheime sleutel %s: %s\n"
+
+msgid "importing secret keys not allowed\n"
+msgstr "importeren van geheime sleutels is niet toegestaan\n"
+
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr ""
+"sleutel %s: geheime sleutel met ongeldig versleutelingsalgoritme %d - "
+"overgeslagen\n"
+
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "geen standaardsleutelring voor geheime sleutels: %s\n"
+
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "sleutel %s: geheime sleutel geïmporteerd\n"
+
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "sleutel %s: reeds in sleutelring van geheime sleutels\n"
+
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "sleutel %s: geheime sleutel niet gevonden: %s\n"
+
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"sleutel %s: geen publieke sleutel - kan intrekkingscertificaat niet "
+"toepassen\n"
+
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "sleutel %s: ongeldig intrekkingscertificaat: %s - afgewezen\n"
+
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "sleutel %s: \"%s\" intrekkingscertificaat geïmporteerd\n"
+
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "sleutel %s: geen gebruikers-ID voor ondertekening\n"
+
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"sleutel %s: niet ondersteund publieke-sleutelalgoritme voor gebruikers-ID "
+"\"%s\"\n"
+
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "sleutel %s: ongeldige eigen ondertekening bij gebruikers-ID \"%s\"\n"
+
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "sleutel %s: niet ondersteund publieke-sleutelalgoritme\n"
+
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "sleutel %s: ongeldige rechtstreekse ondertekening van de sleutel\n"
+
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "sleutel %s: geen subsleutel voor de koppeling met de sleutel\n"
+
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "sleutel %s: ongeldige koppeling met de subsleutel\n"
+
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "sleutel %s: meervoudige koppeling met de subsleutel verwijderd\n"
+
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "sleutel %s: geen subsleutel voor het intrekken van de sleutel\n"
+
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "sleutel %s: ongeldige intrekking van subsleutel\n"
+
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "sleutel %s: meervoudige intrekking van de subsleutel verwijderd\n"
+
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "sleutel %s: gebruikers-ID \"%s\" overgeslagen\n"
+
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "sleutel %s: subsleutel overgeslagen\n"
+
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr ""
+"sleutel %s: ondertekening (klasse 0x%02X) kan niet geëxporteerd worden - "
+"overgeslagen\n"
+
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "sleutel %s: intrekkingscertificaat op verkeerde plek - overgeslagen\n"
+
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "sleutel %s: ongeldig intrekkingscertificaat: %s - overgeslagen\n"
+
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr ""
+"sleutel %s: ondertekening van subsleutel op de verkeerde plek - "
+"overgeslagen\n"
+
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "sleutel %s: onverwachte ondertekening klasse (0x%02X) - overgeslagen\n"
+
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "sleutel %s: duplicaat van gebruikers-ID gevonden - samengevoegd\n"
+
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"WAARSCHUWING: sleutel %s kan ingetrokken zijn: ophalen intrekkingssleutel "
+"%s\n"
+
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"WAARSCHUWING: sleutel %s kan ingetrokken zijn: intrekkingssleutel %s niet "
+"aanwezig.\n"
+
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "sleutel %s: \"%s\" intrekkingscertificaat toegevoegd\n"
+
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "sleutel %s: directe ondertekening van de sleutel toegevoegd\n"
+
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+"NOOT: een serienummer van een sleutel stemt niet overeen met die van de "
+"kaart\n"
+
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "NOOT: primaire sleutel is online en opgeslagen op de kaart\n"
+
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "NOOT: secundaire sleutel is online en opgeslagen op de kaart\n"
+
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "fout bij het aanmaken van de sleutelring `%s': %s\n"
+
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "sleutelring `%s' is aangemaakt\n"
+
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "bron van de sleutelblok `%s': %s\n"
+
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "de cache van de sleutelring opnieuw bouwen is mislukt: %s\n"
+
+msgid "[revocation]"
+msgstr "[intrekking]"
+
+msgid "[self-signature]"
+msgstr "[eigen ondertekening]"
+
+msgid "1 bad signature\n"
+msgstr "1 slechte ondertekening\n"
+
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d slechte ondertekeningen\n"
+
+msgid "1 signature not checked due to a missing key\n"
+msgstr ""
+"1 ondertekening werd niet gecontroleerd wegens een ontbrekende sleutel\n"
+
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr ""
+"%d ondertekeningen werden niet gecontroleerd wegens ontbrekende sleutels\n"
+
+msgid "1 signature not checked due to an error\n"
+msgstr "1 ondertekening werd niet gecontroleerd wegens een fout\n"
+
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d ondertekeningen werden niet gecontroleerd wegens fouten\n"
+
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 gebruikers-ID gevonden zonder geldige eigen handtekening\n"
+
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d gebruikers-ID's gevonden zonder geldige eigen handtekening\n"
+
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Geef aan in welke mate u er op vertrouwt dat deze gebruiker de sleutels van "
+"andere gebruikers op correcte wijze controleert\n"
+"(door het paspoort te bekijken, vingerafdrukken uit verschillende bronnen te "
+"checken, enz.)\n"
+
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Ik vertrouw het maar marginaal\n"
+
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Ik vertrouw het volledig\n"
+
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Geef aan hoe groot het vertrouwen mag zijn in deze betrouwbare "
+"handtekening.\n"
+"Als de waarde groter dan 1 is, stelt u de sleutel die u ondertekent, in de\n"
+"mogelijkheid om in uw plaats handtekeningen van vertrouwen te plaatsen.\n"
+
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+"Voer een domein in als u de geldigheid van de handtekening daartoe wilt "
+"beperken, laat leeg voor geen beperking.\n"
+
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Gebruikers-ID \"%s\" is ingetrokken."
+
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Weet U zeker dat U die nog steeds wilt ondertekenen? (j/N) "
+
+msgid " Unable to sign.\n"
+msgstr " Ondertekenen is niet mogelijk.\n"
+
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Gebruikers-ID \"%s\" is vervallen."
+
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "Gebruikers-ID \"%s\" is niet auto-gesigneerd."
+
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "Gebruikers-ID \"%s\" kan ondertekend worden. "
+
+msgid "Sign it? (y/N) "
+msgstr "Ondertekenen? (j/N) "
+
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"De eigen ondertekening van \"%s\"\n"
+"is een ondertekening van het type PGP 2.x.\n"
+
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr ""
+"Wilt u ze opwaarderen tot een eigen ondertekening van het type OpenPGP? (j/"
+"N) "
+
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Uw huidige ondertekening op \"%s\"\n"
+"is verlopen.\n"
+
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Wilt U een nieuwe ondertekening uitgeven om de vervallen te vervangen ? (j/"
+"N) "
+
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Uw huidige ondertekening op \"%s\"\n"
+"is een lokale ondertekening.\n"
+
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+"Wilt u ze opwaarderen naar een ondertekening die volledig exporteerbaar is? "
+"(j/N) "
+
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" was reeds lokaal ondertekend met sleutel %s\n"
+
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" was reeds ondertekend met sleutel %s\n"
+
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Wilt u die toch opnieuw ondertekenen? (j/N) "
+
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Er valt niets te ondertekenen met sleutel %s\n"
+
+msgid "This key has expired!"
+msgstr "Deze sleutel is verlopen!"
+
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Deze sleutel zal vervallen op %s.\n"
+
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Wilt u uw handtekening op hetzelfde moment laten vervallen? (J/n) "
+
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"U mag geen OpenPGP-ondertekening zetten bij een sleutel van het type PGP 2.x "
+"als u de modus --pgp2 gebruikt.\n"
+
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Dit zou de sleutel onbruikbaar maken met PGP 2.x.\n"
+
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Hoe zorgvuldig heeft u gecontroleerd dat de sleutel die u gaat ondertekenen\n"
+"werkelijk van de hiervoor genoemde persoon is? Indien u niet goed weet wat\n"
+"te antwoorden, geef dan \"0\" op\n"
+
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Hierop geef ik geen antwoord.%s\n"
+
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Ik heb dit helemaal niet gecontroleerd.%s\n"
+
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Ik heb een oppervlakkige controle uitgevoerd.%s\n"
+
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Ik heb dit zeer zorgvuldig gecontroleerd.%s\n"
+
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Uw keuze? (type `?' voor meer informatie): "
+
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Weet u zeker dat u deze sleutel wilt ondertekenen met uw\n"
+"sleutel \"%s\" (%s)\n"
+
+msgid "This will be a self-signature.\n"
+msgstr "Dit zal een eigen ondertekening zijn.\n"
+
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"WAARSCHUWING: de ondertekening zal niet als niet-exporteerbaar\n"
+" worden gemarkeerd.\n"
+
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"WAARSCHUWING: de ondertekening zal niet als niet in te trekken\n"
+" worden gemarkeerd.\n"
+
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "De ondertekening zal als niet-exporteerbaar gemarkeerd worden.\n"
+
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "De ondertekening zal als niet in te trekken gemarkeerd worden.\n"
+
+msgid "I have not checked this key at all.\n"
+msgstr "Ik heb deze sleutel helemaal niet gecontroleerd.\n"
+
+msgid "I have checked this key casually.\n"
+msgstr "Ik heb deze sleutel oppervlakkig gecontroleerd.\n"
+
+msgid "I have checked this key very carefully.\n"
+msgstr "Ik heb deze sleutel zeer zorgvuldig gecontroleerd.\n"
+
+msgid "Really sign? (y/N) "
+msgstr "Echt ondertekenen? (j/N) "
+
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "ondertekenen is mislukt: %s\n"
+
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"Deze sleutel bevat slechts partiële of op de kaart opgeslagen elementen - er "
+"is geen wachtwoordzin die veranderd kan worden.\n"
+
+msgid "This key is not protected.\n"
+msgstr "Deze sleutel is niet beveiligd.\n"
+
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Geheime delen van de primaire sleutel zijn niet beschikbaar.\n"
+
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Geheime delen van de primaire sleutel staan opgeslagen op de kaart.\n"
+
+msgid "Key is protected.\n"
+msgstr "Sleutel is beveiligd.\n"
+
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Deze sleutel kan niet bewerkt worden: %s\n"
+
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Voer de nieuwe wachtwoordzin voor deze geheime sleutel in.\n"
+"\n"
+
+msgid "passphrase not correctly repeated; try again"
+msgstr "de wachtwoordzin is niet twee keer dezelfde; probeer opnieuw"
+
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"U wilt geen wachtwoordzin - Dit is wellicht een *slecht* idee!\n"
+"\n"
+
+msgid "Do you really want to do this? (y/N) "
+msgstr "Wilt u dit echt doen? (j/N) "
+
+msgid "moving a key signature to the correct place\n"
+msgstr ""
+"de ondertekening van de sleutel wordt naar de juiste plaats verplaatst\n"
+
+msgid "save and quit"
+msgstr "opslaan en stoppen"
+
+msgid "show key fingerprint"
+msgstr "toon de vingerafdruk van de sleutel"
+
+msgid "list key and user IDs"
+msgstr "toon sleutel en gebruikers-ID's"
+
+msgid "select user ID N"
+msgstr "selecteer gebruikers-ID N"
+
+msgid "select subkey N"
+msgstr "selecteer subsleutel N"
+
+msgid "check signatures"
+msgstr "controleer handtekeningen"
+
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+"onderteken geselecteerde gebruikers-ID's [* zie hieronder voor gerelateerde "
+"commando's]"
+
+msgid "sign selected user IDs locally"
+msgstr "onderteken geselecteerde gebruikers-ID's lokaal"
+
+msgid "sign selected user IDs with a trust signature"
+msgstr ""
+"onderteken geselecteerde gebruikers-ID's met een handtekening van vertrouwen"
+
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+"onderteken geselecteerde gebruikers-ID's met een handtekening die niet "
+"ingetrokken kan worden"
+
+msgid "add a user ID"
+msgstr "voeg een gebruikers-ID toe"
+
+msgid "add a photo ID"
+msgstr "voeg een identiteitsfoto toe"
+
+msgid "delete selected user IDs"
+msgstr "verwijder geselecteerde gebruikers-ID's"
+
+msgid "add a subkey"
+msgstr "voeg een subsleutel toe"
+
+msgid "add a key to a smartcard"
+msgstr "voeg een sleutel toe op een chipkaart"
+
+msgid "move a key to a smartcard"
+msgstr "verplaats een sleutel naar een chipkaart"
+
+msgid "move a backup key to a smartcard"
+msgstr "verplaats een reservesleutel naar een chipkaart"
+
+msgid "delete selected subkeys"
+msgstr "verwijder de geselecteerde subsleutels"
+
+msgid "add a revocation key"
+msgstr "voeg een intrekkingssleutel toe"
+
+msgid "delete signatures from the selected user IDs"
+msgstr "verwijder ondertekeningen van de geselecteerde gebruikers-ID's"
+
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "verander de vervaldatum van de sleutel of de geselecteerde subsleutels"
+
+msgid "flag the selected user ID as primary"
+msgstr "markeer de geselecteerde gebruikers-ID als primair"
+
+msgid "toggle between the secret and public key listings"
+msgstr "wissel tussen de lijst met geheime en die met publieke sleutels"
+
+msgid "list preferences (expert)"
+msgstr "toon voorkeuren (expert)"
+
+msgid "list preferences (verbose)"
+msgstr "toon voorkeuren (uitvoerig)"
+
+msgid "set preference list for the selected user IDs"
+msgstr "stel de lijst met voorkeuren in voor de geselecteerde gebruikers-ID's"
+
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+"stel de URL in van de voorkeurssleutelserver voor de geselecteerde "
+"gebruikers-ID's"
+
+msgid "set a notation for the selected user IDs"
+msgstr "stel een notatie in voor de geselecteerde gebruikers-ID's"
+
+msgid "change the passphrase"
+msgstr "wijzig de wachtwoordzin"
+
+msgid "change the ownertrust"
+msgstr "wijzig de betrouwbaarheidsinformatie"
+
+msgid "revoke signatures on the selected user IDs"
+msgstr "trek de handtekeningen op de geselecteerde gebruikers-ID's in"
+
+msgid "revoke selected user IDs"
+msgstr "trek de geselecteerde gebruikers-ID's in"
+
+msgid "revoke key or selected subkeys"
+msgstr "trek de sleutel of de geselecteerde subsleutels in"
+
+msgid "enable key"
+msgstr "activeer de sleutel"
+
+msgid "disable key"
+msgstr "deactiveer de sleutel"
+
+msgid "show selected photo IDs"
+msgstr "toon de geselecteerde identiteitsfoto's"
+
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+"comprimeer onbruikbare gebruikers-ID's en verwijder onbruikbare "
+"handtekeningen van de sleutel"
+
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+"comprimeer onbruikbare gebruikers-ID's en verwijder alle handtekeningen van "
+"de sleutel"
+
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "fout bij het lezen van het geheime sleutelblok \"%s\": %s\n"
+
+msgid "Secret key is available.\n"
+msgstr "Geheime sleutel is beschikbaar.\n"
+
+msgid "Need the secret key to do this.\n"
+msgstr "Hiervoor is de geheime sleutel nodig.\n"
+
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Gebruik eerst het commando \"toggle\" (wisselen).\n"
+
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* Het commando `sign' (ondertekenen) kan worden voorafgegaan door een\n"
+" `l' (lsign) om een lokale ondertekening te maken, een `t' (tsign) om een\n"
+" handtekening van vertrouwen te plaatsen, een `nr' (nrsign) om een\n"
+" niet-intrekbare handtekening te zetten, of om het even welke combinatie\n"
+" hiervan (ltsign, tnrsign, enz.).\n"
+
+msgid "Key is revoked."
+msgstr "Sleutel werd ingetrokken."
+
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Echt alle gebruikers-ID's ondertekenen? (j/N) "
+
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Hint: Selecteer de gebruikers-ID's die U wilt ondertekenen\n"
+
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Onbekend ondertekeningstype ‘%s’\n"
+
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Dit commando is niet toegestaan in %s-modus.\n"
+
+msgid "You must select at least one user ID.\n"
+msgstr "U moet minimaal één gebruikers-ID selecteren.\n"
+
+msgid "You can't delete the last user ID!\n"
+msgstr "U kunt de laatste gebruikers-ID niet verwijderen!\n"
+
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Werkelijk alle geselecteerde gebruikers-ID's verwijderen? (j/N) "
+
+msgid "Really remove this user ID? (y/N) "
+msgstr "Wilt u deze gebruikers-ID echt verwijderen? (j/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+msgid "Really move the primary key? (y/N) "
+msgstr "Wilt u echt de primaire sleutel verplaatsen? (j/N) "
+
+msgid "You must select exactly one key.\n"
+msgstr "U moet exact één sleutel selecteren.\n"
+
+msgid "Command expects a filename argument\n"
+msgstr "Commando verwacht een bestandsnaam als argument\n"
+
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Kan `%s' niet openen: %s\n"
+
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Fout bij het lezen van reservesleutel van `%s': %s\n"
+
+msgid "You must select at least one key.\n"
+msgstr "U moet minimaal één sleutel selecteren.\n"
+
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Wilt u de geselecteerde sleutels echt wissen? (j/N) "
+
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Wilt u deze sleutel echt wissen? (j/N) "
+
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Wilt u alle geselecteerde gebruikers-ID's echt intrekken? (j/N) "
+
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Wilt u deze gebruikers-ID echt intrekken? (j/N) "
+
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Wilt u echt de volledige sleutel intrekken? (j/N) "
+
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Wilt U de geselecteerde subsleutels echt intrekken? (j/N) "
+
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Wilt U deze subsleutel echt intrekken? (j/N) "
+
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Betrouwbaarheidsinformatie kan niet ingesteld worden wanneer gebruik\n"
+"gemaakt wordt van een door een gebruiker zelf verstrekte vertrouwenslijst\n"
+
+msgid "Set preference list to:\n"
+msgstr "Stel voorkeurenlijst in op:\n"
+
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"De voorkeuren voor de geselecteerde gebruikers-ID's echt aanpassen? (j/N) "
+
+msgid "Really update the preferences? (y/N) "
+msgstr "De voorkeuren echt aanpassen? (j/N) "
+
+msgid "Save changes? (y/N) "
+msgstr "Aanpassingen opslaan? (j/N) "
+
+msgid "Quit without saving? (y/N) "
+msgstr "Stoppen zonder opslaan? (j/N) "
+
+#, c-format
+msgid "update failed: %s\n"
+msgstr "aanpassen is mislukt: %s\n"
+
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "aanpassen van geheime gedeelte is mislukt: %s\n"
+
+msgid "Key not changed so no update needed.\n"
+msgstr "Sleutel is niet veranderd, dus er is geen aanpassing nodig.\n"
+
+msgid "Digest: "
+msgstr "Hashing: "
+
+msgid "Features: "
+msgstr "Functies: "
+
+msgid "Keyserver no-modify"
+msgstr "Sleutelserver zonder wijziging"
+
+msgid "Preferred keyserver: "
+msgstr "Voorkeurssleutelserver: "
+
+msgid "Notations: "
+msgstr "Notaties: "
+
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Een gebruikers-ID in een formaat PGP 2.x kent geen voorkeuren.\n"
+
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "De volgende sleutel werd ingetrokken op %s door %s sleutel %s\n"
+
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Deze sleutel kan ingetrokken zijn door %s sleutel %s"
+
+msgid "(sensitive)"
+msgstr "(gevoelig)"
+
+#, c-format
+msgid "created: %s"
+msgstr "aangemaakt op: %s"
+
+#, c-format
+msgid "revoked: %s"
+msgstr "ingetrokken op: %s"
+
+#, c-format
+msgid "expired: %s"
+msgstr "verlopen op: %s"
+
+#, c-format
+msgid "expires: %s"
+msgstr "vervaldatum: %s"
+
+#, c-format
+msgid "usage: %s"
+msgstr "gebruik: %s"
+
+#, c-format
+msgid "trust: %s"
+msgstr "betrouwbaarheid: %s"
+
+#, c-format
+msgid "validity: %s"
+msgstr "geldigheid: %s"
+
+msgid "This key has been disabled"
+msgstr "Deze sleutel werd uitgeschakeld"
+
+msgid "card-no: "
+msgstr "kaartnummer: "
+
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Houd er rekening mee dat de getoonde geldigheid van de sleutel niet\n"
+"noodzakelijk correct is, tenzij u de applicatie herstart.\n"
+
+msgid "revoked"
+msgstr "ingetrokken"
+
+msgid "expired"
+msgstr "verlopen"
+
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"WAARSCHUWING: Er werd geen gebruikers-ID als primair gemarkeerd. Door dit\n"
+" programma te gebruiken kan er een andere gebruikers-ID de\n"
+" veronderstelde primaire ID worden.\n"
+
+msgid "WARNING: Your encryption subkey expires soon.\n"
+msgstr "Waarschuwing: Uw subsleutel voor versleutelen vervalt weldra.\n"
+
+msgid "You may want to change its expiration date too.\n"
+msgstr "Misschien wilt u ook zijn vervaldatum wijzigen.\n"
+
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"WAARSCHUWING: Dit is een sleutel in PGP2-formaat. Het toevoegen van een\n"
+" identiteitsfoto kan er voor zorgen dat sommige versies van "
+"PGP\n"
+" deze sleutel zullen verwerpen.\n"
+
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Weet U zeker dat u die nog steeds wilt toevoegen? (j/N) "
+
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+"U kunt geen identiteitsfoto toevoegen aan een sleutel in PGP2-formaat.\n"
+
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Deze goede handtekening verwijderen? (j/N/s)"
+
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Deze ongeldige handtekening verwijderen? (j/N/s)"
+
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Deze onbekende handtekening verwijderen? (j/N/s)"
+
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Deze eigen handtekening echt verwijderen? (j/N)"
+
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d handtekening verwijderd.\n"
+
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d handtekeningen verwijderd.\n"
+
+msgid "Nothing deleted.\n"
+msgstr "Niets verwijderd.\n"
+
+msgid "invalid"
+msgstr "ongeldig"
+
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Gebruikers-ID \"%s\" is gecomprimeerd: %s\n"
+
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Gebruikers-ID \"%s\": %d handtekening verwijderd\n"
+
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Gebruikers-ID \"%s\": %d handtekeningen verwijderd\n"
+
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "Gebruikers-ID \"%s\": reeds geminimaliseerd\n"
+
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "Gebruikers-ID \"%s\": reeds opgeschoond\n"
+
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"WAARSCHUWING: Dit is een sleutel van het type PGP 2.x. Het toevoegen van "
+"een\n"
+" bevoegde intrekker kan er voor zorgen dat sommige PGP-versies\n"
+" deze sleutel zullen verwerpen.\n"
+
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+"U mag geen bevoegde intrekker toevoegen aan een sleutel van het type PGP 2."
+"x.\n"
+
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Geef de gebruikers-ID van de bevoegde intrekker: "
+
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+"kan geen sleutel van het type PGP 2.x aanstellen als bevoegde intrekker\n"
+
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "u kunt een sleutel niet aanstellen als zijn eigen bevoegde intrekker\n"
+
+msgid "this key has already been designated as a revoker\n"
+msgstr "deze sleutel is al aangesteld als bevoegde intrekker\n"
+
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"WAARSCHUWING: een sleutel aanstellen als bevoegde intrekker kan niet "
+"ongedaan\n"
+" gemaakt worden!\n"
+
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Weet u zeker dat u deze sleutel wilt aanstellen als bevoegde intrekker? (j/"
+"N) "
+
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Haal de gekozen onderdelen uit de geheime sleutels.\n"
+
+msgid "Please select at most one subkey.\n"
+msgstr "Selecteer hoogstens één subsleutel.\n"
+
+msgid "Changing expiration time for a subkey.\n"
+msgstr "De vervaldatum van een subsleutel wordt veranderd.\n"
+
+msgid "Changing expiration time for the primary key.\n"
+msgstr "De vervaldatum van de primaire sleutel wordt veranderd.\n"
+
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "U kunt de vervaldatum van een v3-sleutel niet veranderen\n"
+
+msgid "No corresponding signature in secret ring\n"
+msgstr "Er is geen overeenkomstige ondertekening in de geheime sleutelring\n"
+
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr ""
+"er gebeurde reeds een kruiscertificering van de ondertekening van subsleutel "
+"%s\n"
+
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+"subsleutel %s ondertekent niet en heeft dus geen kruiscertificering nodig\n"
+
+msgid "Please select exactly one user ID.\n"
+msgstr "Selecteer exact één gebruikers-ID.\n"
+
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr ""
+"de eigen ondertekening in v3-stijl van gebruikers-ID \"%s\" wordt "
+"overgeslagen\n"
+
+msgid "Enter your preferred keyserver URL: "
+msgstr "Geef de URL van de sleutelserver van uw voorkeur: "
+
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Weet u zeker dat u die wilt vervangen? (j/N) "
+
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Weet u zeker dat u die wilt verwijderen? (j/N) "
+
+msgid "Enter the notation: "
+msgstr "Voer de notatie in: "
+
+msgid "Proceed? (y/N) "
+msgstr "Doorgaan? (j/N) "
+
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Er is geen gebruikers-ID met index %d\n"
+
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Er is geen gebruikers-ID met hash %s\n"
+
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "Er is geen subsleutel met index %d\n"
+
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "gebruikers-ID: \"%s\"\n"
+
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "ondertekend met uw sleutel %s op %s%s%s\n"
+
+msgid " (non-exportable)"
+msgstr " (niet exporteerbaar)"
+
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Deze ondertekening is verlopen op %s.\n"
+
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Weet u zeker dat u die nog altijd wilt intrekken? (j/N) "
+
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Een intrekkingscertificaat voor deze ondertekening aanmaken? (j/N) "
+
+msgid "Not signed by you.\n"
+msgstr "Niet door u ondertekend.\n"
+
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "U heeft deze gebruikers-ID's op sleutel %s ondertekend:\n"
+
+msgid " (non-revocable)"
+msgstr " (niet intrekbaar)"
+
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "ingetrokken door uw sleutel %s op %s\n"
+
+msgid "You are about to revoke these signatures:\n"
+msgstr "U staat op het punt deze ondertekeningen in te trekken:\n"
+
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Wilt u deze intrekkingscertificaten echt aanmaken? (j/N) "
+
+msgid "no secret key\n"
+msgstr "geen geheime sleutel\n"
+
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "gebruikers-ID \"%s\" is reeds ingetrokken\n"
+
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"WAARSCHUWING: de ondertekening van een gebruikers-ID\n"
+" is %d seconden in de toekomst gedateerd\n"
+
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Sleutel %s is reeds ingetrokken.\n"
+
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Subsleutel %s is reeds ingetrokken.\n"
+
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"%s identiteitsfoto van formaat %ld voor sleutel %s (gebruikers-ID %d) wordt "
+"getoond\n"
+
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "voorkeur `%s' heeft duplicaat\n"
+
+msgid "too many cipher preferences\n"
+msgstr "te veel voorkeursinstellingen voor versleuteling\n"
+
+msgid "too many digest preferences\n"
+msgstr "te veel voorkeursinstellingen voor hashing\n"
+
+msgid "too many compression preferences\n"
+msgstr "te veel voorkeursinstellingen voor compressie\n"
+
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "ongeldig item `%s' in voorkeursinstellingen\n"
+
+msgid "writing direct signature\n"
+msgstr "directe ondertekening wordt weggeschreven\n"
+
+msgid "writing self signature\n"
+msgstr "eigen handtekening wordt weggeschreven\n"
+
+msgid "writing key binding signature\n"
+msgstr "de ondertekening van de koppeling met de sleutel wordt weggeschreven\n"
+
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "sleutelgrootte is ongeldig; %u bit wordt gebruikt\n"
+
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "sleutelgrootte afgerond op %u bits\n"
+
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"WAARSCHUWING: sommige OpenPGP-programma's kunnen niet overweg met een\n"
+" DSA-sleutel van deze hashgrootte\n"
+
+msgid "Sign"
+msgstr "Ondertekenen"
+
+msgid "Certify"
+msgstr "Certificeren"
+
+msgid "Encrypt"
+msgstr "Versleutelen"
+
+msgid "Authenticate"
+msgstr "Authenticeren"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+msgid "SsEeAaQq"
+msgstr "OoVvAaSs"
+
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Mogelijke acties voor een %s-sleutel: "
+
+msgid "Current allowed actions: "
+msgstr "Momenteel toegestane acties: "
+
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) De bekwaamheid om te onderteken activeren/deactiveren\n"
+
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) De bekwaamheid om te versleutelen activeren/deactiveren\n"
+
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) De bekwaamheid om te authenticeren activeren/deactiveren\n"
+
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Klaar\n"
+
+msgid "Please select what kind of key you want:\n"
+msgstr "Selecteer het soort sleutel dat u wilt:\n"
+
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) RSA en RSA (standaard)\n"
+
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA en Elgamal\n"
+
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (alleen ondertekenen)\n"
+
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (alleen ondertekenen)\n"
+
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (alleen versleutelen)\n"
+
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (alleen versleutelen)\n"
+
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (eigen bekwaamheden instellen)\n"
+
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (eigen bekwaamheden instellen)\n"
+
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "%s-sleutels moeten tussen %u en %u bits lang zijn.\n"
+
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Welke sleutellengte wilt u voor de subsleutel? (%u) "
+
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Welke sleutellengte wilt u? (%u) "
+
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Gevraagde sleutellengte is %u bits\n"
+
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Geef aan hoe lang de sleutel geldig moet zijn.\n"
+" 0 = sleutel verloopt nooit\n"
+" <n> = sleutel verloopt na n dagen\n"
+" <n>w = sleutel verloopt na n weken\n"
+" <n>m = sleutel verloopt na n maanden\n"
+" <n>y = sleutel verloopt na n jaar\n"
+
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Geef aan hoe lang de ondertekening geldig moet zijn.\n"
+" 0 = ondertekening verloopt nooit\n"
+" <n> = ondertekening verloopt na n dagen\n"
+" <n>w = ondertekening verloopt na n weken\n"
+" <n>m = ondertekening verloopt na n maanden\n"
+" <n>y = ondertekening verloopt na n jaar\n"
+
+msgid "Key is valid for? (0) "
+msgstr "Hoe lang moet de sleutel geldig zijn? (0) "
+
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Hoe lang moet de ondertekening geldig zijn? (%s) "
+
+msgid "invalid value\n"
+msgstr "ongeldige waarde\n"
+
+msgid "Key does not expire at all\n"
+msgstr "Sleutel verloopt helemaal niet\n"
+
+msgid "Signature does not expire at all\n"
+msgstr "Ondertekening verloopt helemaal niet\n"
+
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Sleutel vervalt op %s\n"
+
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "Ondertekening vervalt op %s\n"
+
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Uw systeem kan geen datum weergeven na 2038.\n"
+"Data worden echter wel juist verwerkt tot 2106.\n"
+
+msgid "Is this correct? (y/N) "
+msgstr "Is dit correct? (j/N) "
+
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG moet een gebruikers-ID bouwen ter identificatie van uw sleutel.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"U heeft een gebruikers-ID nodig om uw sleutel te identificeren; de software\n"
+"construeert de gebruikers-ID aan de hand van de werkelijke naam, de\n"
+"toelichting en het e-mailadres in het volgende formaat:\n"
+" \"Heinrich Heine (De dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+msgid "Real name: "
+msgstr "Werkelijke naam: "
+
+msgid "Invalid character in name\n"
+msgstr "Ongeldig teken in de naam\n"
+
+msgid "Name may not start with a digit\n"
+msgstr "Een naam mag niet met een cijfer beginnen\n"
+
+msgid "Name must be at least 5 characters long\n"
+msgstr "Een naam moet minimaal 5 tekens lang zijn\n"
+
+msgid "Email address: "
+msgstr "E-mailadres: "
+
+msgid "Not a valid email address\n"
+msgstr "Geen geldig e-mailadres\n"
+
+msgid "Comment: "
+msgstr "Toelichting: "
+
+msgid "Invalid character in comment\n"
+msgstr "Ongeldig teken in de toelichting\n"
+
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "U gebruikt tekenset `%s'.\n"
+
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"U heeft de volgende GEBRUIKERS-ID gekozen:\n"
+" \"%s\"\n"
+"\n"
+
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+"Plaats het e-mailadres alstublieft niet bij de werkelijke naam of de "
+"toelichting\n"
+
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Een dergelijke gebruikers-ID bestaat reeds voor deze sleutel!\n"
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+msgid "NnCcEeOoQq"
+msgstr "NnTtEeOoSs"
+
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Wijzig (N)aam, (T)oelichting, (E)-mailadres of (S)toppen? "
+
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Wijzig (N)aam, (T)oelichting, (E)-mailadres of (O)ké/(S)toppen? "
+
+msgid "Please correct the error first\n"
+msgstr "Verbeter eerst de fout\n"
+
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"U heeft een wachtwoordzin nodig om uw geheime sleutel te beveiligen.\n"
+"\n"
+
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Voer een wachtwoordzin in om de externe veiligheidskopie van de nieuwe "
+"encryptiesleutel te beveiligen."
+
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"U wilt geen wachtwoordzin - dit is waarschijnlijk een *slecht* idee!\n"
+"Ik ga het toch doen. U kunt uw wachtwoordzin op elk moment wijzigen\n"
+"met behulp van dit programma en de optie \"--edit-key\".\n"
+"\n"
+
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"We moeten een hele hoop willekeurige bytes genereren. U doet er goed aan om\n"
+"een andere activiteit te ondernemen (tikken op het toetsenbord, de muis\n"
+"bewegen, de schijven gebruiken) tijdens het genereren van het priemgetal.\n"
+"Dit geeft het programma dat het willekeurig getal genereert, meer kans om\n"
+"voldoende entropie te verzamelen.\n"
+
+msgid "Key generation canceled.\n"
+msgstr "Het aanmaken van de sleutel is geannuleerd.\n"
+
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "publieke sleutel wordt weggeschreven naar `%s'\n"
+
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "een stukje van de geheime sleutel wordt weggeschreven naar `%s'\n"
+
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "geheime sleutel wordt weggeschreven naar `%s'\n"
+
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr ""
+"geen publieke sleutelring gevonden waarnaar geschreven kan worden: %s\n"
+
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "geen geheime sleutelring gevonden waarnaar geschreven kan worden: %s\n"
+
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "fout bij het schrijven naar de publieke sleutelring `%s': %s\n"
+
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "fout bij het schrijven naar de geheime sleutelring `%s': %s\n"
+
+msgid "public and secret key created and signed.\n"
+msgstr "publieke en geheime sleutel zijn aangemaakt en ondertekend.\n"
+
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Noteer dat deze sleutel niet gebruikt kan worden voor versleuteling. U zou\n"
+"het commando \"--edit-key\" kunnen gebruiken om voor dit doel een "
+"subsleutel\n"
+"aan te maken.\n"
+
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Sleutel aanmaken is mislukt: %s\n"
+
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"de sleutel werd %lu seconde in de toekomst aangemaakt (afwijkende tijd of er "
+"is een probleem met de klok)\n"
+
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"de sleutel werd %lu seconden in de toekomst aangemaakt (afwijkende tijd of "
+"er is een probleem met de klok)\n"
+
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+"NOOT: subsleutels aanmaken voor v3-sleutels is niet compatibel met OpenPGP\n"
+
+msgid "Really create? (y/N) "
+msgstr "Werkelijk aanmaken? (j/N) "
+
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "sleutel opslaan op kaart is niet gelukt: %s\n"
+
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "kan reservebestand `%s' niet aanmaken: %s\n"
+
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOOT: reservebestand van de kaartsleutel opgeslagen als `%s'\n"
+
+msgid "never "
+msgstr "nooit "
+
+msgid "Critical signature policy: "
+msgstr "Kritieke ondertekeningsrichtlijnen: "
+
+msgid "Signature policy: "
+msgstr "Ondertekeningsrichtlijnen: "
+
+msgid "Critical preferred keyserver: "
+msgstr "Kritieke voorkeurssleutelserver: "
+
+msgid "Critical signature notation: "
+msgstr "Kritieke notatie van de handtekening: "
+
+msgid "Signature notation: "
+msgstr "Notatie van de handtekening: "
+
+msgid "Keyring"
+msgstr "Sleutelring"
+
+msgid "Primary key fingerprint:"
+msgstr "Vingerafdruk van de primaire sleutel:"
+
+msgid " Subkey fingerprint:"
+msgstr " Vingerafdruk van de subsleutel:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+msgid " Primary key fingerprint:"
+msgstr " Vingerafdruk van de primaire sleutel:"
+
+msgid " Subkey fingerprint:"
+msgstr " Vingerafdruk van de subsleutel:"
+
+msgid " Key fingerprint ="
+msgstr " Vingerafdruk van de sleutel ="
+
+#, fuzzy, c-format
+#| msgid "WARNING: using experimental digest algorithm %s\n"
+msgid "WARNING: a PGP-2 fingerprint is not safe\n"
+msgstr "WAARSCHUWING: er wordt een experimenteel hashalgoritme %s gebruikt\n"
+
+msgid " Card serial no. ="
+msgstr " Serienummer van de kaart ="
+
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "het hernoemen van `%s' naar `%s' is mislukt: %s\n"
+
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr ""
+"WAARSCHUWING: er bestaan twee bestanden met vertrouwelijke informatie.\n"
+
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s is het ongewijzigde\n"
+
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s is het nieuwe\n"
+
+msgid "Please fix this possible security flaw\n"
+msgstr "Los dit mogelijk veiligheidseuvel alstublieft op\n"
+
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "sleutelring `%s' wordt in de cache geladen\n"
+
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu sleutels tot dusver in de cache geladen (%lu ondertekeningen)\n"
+
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu sleutels in de cache geladen (%lu ondertekeningen)\n"
+
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: sleutelring aangemaakt\n"
+
+msgid "include revoked keys in search results"
+msgstr "ingetrokken sleutels ook weergeven bij de zoekresultaten"
+
+msgid "include subkeys when searching by key ID"
+msgstr "ook zoeken op subsleutels als gezocht wordt op sleutel-ID"
+
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+"gebruik tijdelijke bestanden om gegevens door te geven aan de "
+"sleutelserverhelpers"
+
+msgid "do not delete temporary files after using them"
+msgstr "tijdelijke bestanden na gebruik niet verwijderen"
+
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "sleutels automatisch ophalen bij het controleren van ondertekeningen"
+
+msgid "honor the preferred keyserver URL set on the key"
+msgstr ""
+"honoreer de URL van de voorkeurssleutelserver zoals die in de sleutel "
+"vermeld staat"
+
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+"honoreer bij het ophalen van de sleutel de PKA-staat die in de sleutel "
+"vervat zit"
+
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"WAARSCHUWING: sleutelserveroptie `%s' wordt niet gebruikt op dit platform\n"
+
+msgid "disabled"
+msgstr "uitgeschakeld"
+
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Voer (een) getal(len) in, V)olgende , of S)toppen > "
+
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "ongeldig sleutelserverprotocol (wij %d!=verwerkingsroutine %d)\n"
+
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "sleutel \"%s\" niet gevonden op de sleutelserver\n"
+
+msgid "key not found on keyserver\n"
+msgstr "sleutel niet gevonden op de sleutelserver\n"
+
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "opvragen sleutel %s van %s server %s\n"
+
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "opvragen sleutel %s van %s\n"
+
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "namen zoeken van %s server %s\n"
+
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "namen zoeken van %s\n"
+
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "versturen van sleutel %s naar %s server %s\n"
+
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "versturen van sleutel %s naar %s\n"
+
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "zoeken naar \"%s\" van %s server %s\n"
+
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "zoeken naar \"%s\" van %s\n"
+
+msgid "no keyserver action!\n"
+msgstr "geen sleutelserveractiviteit!\n"
+
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+"WAARSCHUWING: verwerkingsroutine van sleutelserver heeft een andere GnuPG-"
+"versie (%s)\n"
+
+msgid "keyserver did not send VERSION\n"
+msgstr "sleutelserver verstuurde geen versie-informatie\n"
+
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "fout in de communicatie met de sleutelserver: %s\n"
+
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "er is geen sleutelserver bekend (gebruik optie --keyserver)\n"
+
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+"het aanroepen van externe sleutelservers wordt in deze versie niet "
+"ondersteund\n"
+
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "geen verwerkingsroutine voor sleutelserverstelsel `%s'\n"
+
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "de actie `%s' wordt niet ondersteund door sleutelserverstelsel `%s'\n"
+
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s ondersteunt verwerkingsroutine met versie %d niet\n"
+
+msgid "keyserver timed out\n"
+msgstr "sleutelserver reageert te langzaam\n"
+
+msgid "keyserver internal error\n"
+msgstr "sleutelserver geeft een interne fout\n"
+
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "\"%s\" is geen sleutel-ID: overgeslagen\n"
+
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr ""
+"WAARSCHUWING: het is niet mogelijk sleutel %s via %s te verversen: %s\n"
+
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "verversen van 1 sleutel vanuit %s\n"
+
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "verversen van %d sleutels vanuit %s\n"
+
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "WAARSCHUWING: het is niet mogelijk om URI %s op te halen: %s\n"
+
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "WAARSCHUWING: het is niet mogelijk om URI %s te ontleden\n"
+
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "vreemde lengte voor een versleutelde sessiesleutel (%d)\n"
+
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s versleutelde sessiesleutel\n"
+
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "wachtwoordzin is gemaakt met onbekend hashalgoritme %d\n"
+
+#, c-format
+msgid "public key is %s\n"
+msgstr "publieke sleutel is %s\n"
+
+msgid "public key encrypted data: good DEK\n"
+msgstr "met de publieke sleutel versleutelde gegevens: goede DEK\n"
+
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "versleuteld met %u bit %s-sleutel, ID %s, gemaakt op %s\n"
+
+#, c-format
+msgid " \"%s\"\n"
+msgstr " \"%s\"\n"
+
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "versleuteld met %s-sleutel, ID %s\n"
+
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "ontcijferen van publieke sleutel is mislukt : %s\n"
+
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "versleuteld met %lu wachtwoordzinnen\n"
+
+msgid "encrypted with 1 passphrase\n"
+msgstr "versleuteld met 1 wachtwoordzin\n"
+
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "gegevens waarschijnlijk versleuteld met %s\n"
+
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"IDEA-versleutelingsalgoritme is niet beschikbaar, maar we gaan in plaats "
+"daarvan met goede moed %s proberen\n"
+
+msgid "decryption okay\n"
+msgstr "ontcijfering oké\n"
+
+msgid "WARNING: message was not integrity protected\n"
+msgstr "WAARSCHUWING: de integriteit van het bericht was niet beveiligd\n"
+
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "WAARSCHUWING: versleuteld bericht werd gemanipuleerd!\n"
+
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr "gewiste wachtwoordzin in de cache geplaatst met ID: %s\n"
+
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "ontcijferen mislukt: %s\n"
+
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr ""
+"NOOT: afzender heeft het volgende verzocht: \"alleen-voor-u-persoonlijk\"\n"
+
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "originele bestandsnaam='%.*s'\n"
+
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "WAARSCHUWING: er werd meerdere keren een klare tekst gezien\n"
+
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "autonome intrekking - gebruik \"gpg --import\" om ze toe te passen\n"
+
+msgid "no signature found\n"
+msgstr "geen ondertekening gevonden\n"
+
+msgid "signature verification suppressed\n"
+msgstr "controle van de ondertekening onderdrukt\n"
+
+msgid "can't handle this ambiguous signature data\n"
+msgstr "kan deze ambigue ondertekeningsgegevens niet verwerken\n"
+
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Ondertekening gemaakt op %s\n"
+
+#, c-format
+msgid " using %s key %s\n"
+msgstr " met %s sleutel %s\n"
+
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Ondertekening gemaakt op %s met %s sleutel-ID %s\n"
+
+msgid "Key available at: "
+msgstr "Sleutel beschikbaar op: "
+
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "SLECHTE handtekening van \"%s\""
+
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Vervallen handtekening van \"%s\""
+
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Goede handtekening van \"%s\""
+
+msgid "[uncertain]"
+msgstr "[onzeker]"
+
+#, c-format
+msgid " aka \"%s\""
+msgstr " ook bekend als \"%s\""
+
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Ondertekening vervallen op %s\n"
+
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Ondertekening verloopt op %s\n"
+
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s handtekening, hashalgoritme %s\n"
+
+msgid "binary"
+msgstr "binair"
+
+msgid "textmode"
+msgstr "tekstmodus"
+
+msgid "unknown"
+msgstr "onbekend"
+
+#, c-format
+msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
+msgstr ""
+"WAARSCHUWING: geen ontkoppelde handtekening; bestand '%s' werd NIET "
+"geverifieerd!\n"
+
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Kan ondertekening niet controleren: %s\n"
+
+msgid "not a detached signature\n"
+msgstr "geen ontkoppelde ondertekening\n"
+
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"WAARSCHUWING: meerdere ondertekeningen gevonden.\n"
+" Alleen de eerste zal gecontroleerd worden.\n"
+
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "autonome ondertekening van klasse 0x%02x\n"
+
+msgid "old style (PGP 2.x) signature\n"
+msgstr "ondertekening in oude stijl (PGP 2.x)\n"
+
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "ongeldig stampakket gevonden in proc_tree()\n"
+
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "opvragen van status (fstat) van `%s' mislukte in %s: %s\n"
+
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "opvragen van status (fstat(%d)) mislukte in %s: %s\n"
+
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr ""
+"WAARSCHUWING: er wordt een experimenteel algoritme %s\n"
+" gebruikt voor de publieke sleutel\n"
+
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"WAARSCHUWING: Elgamal-sleutels die ondertekenen + versleutelen zijn "
+"verouderd\n"
+
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr ""
+"WAARSCHUWING: er wordt een experimenteel versleutelingsalgoritme %s "
+"gebruikt\n"
+
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "WAARSCHUWING: er wordt een experimenteel hashalgoritme %s gebruikt\n"
+
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "WAARSCHUWING: hashalgoritme %s is verouderd\n"
+
+#, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "Noot: handtekeningen die het %s-algoritme gebruiken worden verworpen\n"
+
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "het IDEA versleutelingsalgoritme is niet beschikbaar\n"
+
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "lees %s voor meer informatie\n"
+
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: verouderde optie \"%s\"\n"
+
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "WAARSCHUWING: \"%s\" is een verouderde optie\n"
+
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "gelieve in de plaats \"%s%s\" te gebruiken\n"
+
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "WAARSCHUWING: \"%s\" is een verouderd commando - gebruik het niet\n"
+
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: verouderde optie \"%s\" - ze heeft geen enkel effect\n"
+
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr ""
+"WAARSCHUWING: \"%s\" is een verouderde optie - ze heeft geen enkel effect\n"
+
+#, c-format
+msgid "%s:%u: \"%s%s\" is obsolete in this file - it only has effect in %s\n"
+msgstr ""
+"%s:%u: \"%s%s\" is in dit bestand verouderd - ze heeft enkel effect in %s\n"
+
+#, c-format
+msgid ""
+"WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
+msgstr ""
+"WAARSCHUWING: \"%s%s\" is een verouderde optie - ze heeft geen effect tenzij "
+"op %s\n"
+
+msgid "Uncompressed"
+msgstr "Niet gecomprimeerd"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "uncompressed|none"
+msgstr "niet gecomprimeerd|geen"
+
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "dit bericht kan mogelijk niet gebruikt worden door %s\n"
+
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "dubbelzinnige optie `%s'\n"
+
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "onbekende optie `%s'\n"
+
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Bestand `%s' bestaat. "
+
+msgid "Overwrite? (y/N) "
+msgstr "Overschrijven? (j/N) "
+
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: onbekend achtervoegsel\n"
+
+msgid "Enter new filename"
+msgstr "Voer een nieuwe bestandsnaam in"
+
+msgid "writing to stdout\n"
+msgstr "schrijven naar standaarduitvoer\n"
+
+#, c-format
+msgid "assuming signed data in '%s'\n"
+msgstr "gegevens in `%s' worden verondersteld ondertekend te zijn\n"
+
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "nieuw configuratiebestand `%s' aangemaakt\n"
+
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"WAARSCHUWING: opties in `%s' zijn tijdens deze doorloop nog niet actief\n"
+
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "kan het algoritme %d van de publieke sleutel niet verwerken\n"
+
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"WAARSCHUWING: mogelijk onveilige symmetrisch versleutelde sessiesleutel\n"
+
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "de kritieke bit is gezet voor het subpakket van type %d\n"
+
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problemen met de agent: %s\n"
+
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (hoofdsleutel-ID %s)"
+
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Voer de wachtwoordzin in om de geheime sleutel te ontgrendelen\n"
+"van het volgende OpenPGP-certificaat:\n"
+"\"%.*s\"\n"
+"%u-bit %s-sleutel, ID %s,\n"
+"gemaakt op %s%s.\n"
+
+msgid "Enter passphrase\n"
+msgstr "Voer de wachtwoordzin in\n"
+
+msgid "cancelled by user\n"
+msgstr "geannuleerd door de gebruiker\n"
+
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"U heeft een wachtwoordzin nodig om de geheime sleutel te ontgrendelen\n"
+"van gebruiker: \"%s\"\n"
+
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bit %s-sleutel, ID %s, aangemaakt op %s"
+
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (subsleutel bij hoofdsleutel-ID %s)"
+
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Kies een afbeelding om als uw identiteitsfoto te gebruiken. De afbeelding\n"
+"moet een bestand in JPEG-formaat zijn. Onthoud dat de afbeelding opgeslagen\n"
+"wordt in uw publieke sleutel. Als u een erg grote afbeelding gebruikt, zal\n"
+"uw publieke sleutel ook erg groot worden! Een goed formaat voor de "
+"afbeelding\n"
+"is ongeveer 240x288.\n"
+
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Geef de naam van het JPEG-bestand voor de identiteitsfoto: "
+
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "kan JPEG-bestand `%s' niet openen: %s\n"
+
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Dit JPEG-bestand is erg groot (%d bytes) !\n"
+
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Weet U zeker dat u het wilt gebruiken? (j/N) "
+
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "`%s' is geen JPEG-bestand\n"
+
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Is deze foto correct (j/N/s)? "
+
+msgid "unable to display photo ID!\n"
+msgstr "het is niet mogelijk de identiteitsfoto te tonen!\n"
+
+msgid "No reason specified"
+msgstr "Geen reden opgegeven"
+
+msgid "Key is superseded"
+msgstr "Sleutel is vervangen"
+
+msgid "Key has been compromised"
+msgstr "Sleutel is gecompromitteerd"
+
+msgid "Key is no longer used"
+msgstr "Sleutel is niet meer in gebruik"
+
+msgid "User ID is no longer valid"
+msgstr "Gebruikers-ID is niet langer geldig"
+
+msgid "reason for revocation: "
+msgstr "reden van de intrekking: "
+
+msgid "revocation comment: "
+msgstr "toelichting bij de intrekking: "
+
+#. TRANSLATORS: These are the allowed answers in lower and
+#. uppercase. Below you will find the matching strings which
+#. should be translated accordingly and the letter changed to
+#. match the one in the answer string.
+#.
+#. i = please show me more information
+#. m = back to the main menu
+#. s = skip this key
+#. q = quit
+#.
+msgid "iImMqQsS"
+msgstr "iImMsSoO"
+
+msgid "No trust value assigned to:\n"
+msgstr "Er werd geen betrouwbaarheidswaarde toegekend aan:\n"
+
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " ook bekend als \"%s\"\n"
+
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"In hoeverre vertrouwt U erop dat deze sleutel werkelijk\n"
+"bij de genoemde gebruiker hoort?\n"
+
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Weet ik niet of zal ik niet zeggen\n"
+
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = Ik vertrouw het NIET\n"
+
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Ik heb er het uiterste vertrouwen in\n"
+
+msgid " m = back to the main menu\n"
+msgstr " m = terug naar het hoofdmenu\n"
+
+msgid " s = skip this key\n"
+msgstr " o = sla deze sleutel over\n"
+
+msgid " q = quit\n"
+msgstr " s = stoppen\n"
+
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"Het minimale betrouwbaarheidsniveau van deze sleutel is: %s\n"
+"\n"
+
+msgid "Your decision? "
+msgstr "Uw besluit? "
+
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Wilt u deze sleutel echt instellen als uiterst betrouwbaar? (j/N) "
+
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificaten die leiden naar een uiterst betrouwbare sleutel:\n"
+
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr "%s: Er is geen zekerheid dat deze sleutel van de genoemde persoon is\n"
+
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Er is een beperkte zekerheid dat deze sleutel van de genoemde persoon "
+"is\n"
+
+msgid "This key probably belongs to the named user\n"
+msgstr "Deze sleutel is waarschijnlijk van de genoemde persoon\n"
+
+msgid "This key belongs to us\n"
+msgstr "Deze sleutel is van ons\n"
+
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Het is NIET zeker dat deze sleutel van de persoon is die genoemd wordt\n"
+"in de gebruikers-ID. Als u echter HEEL zeker weet wat u doet,\n"
+"mag u op de volgende vraag Ja antwoorden.\n"
+
+msgid "Use this key anyway? (y/N) "
+msgstr "Deze sleutel toch gebruiken? (j/N) "
+
+msgid "WARNING: Using untrusted key!\n"
+msgstr "WAARSCHUWING: er wordt een onbetrouwbare sleutel gebruikt!\n"
+
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"WAARSCHUWING: deze sleutel kan ingetrokken zijn\n"
+" (maar de intrekkingssleutel is niet aanwezig)\n"
+
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr ""
+"WAARSCHUWING: Deze sleutel werd ingetrokken door zijn bevoegde intrekker!\n"
+
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "WAARSCHUWING: Deze sleutel werd ingetrokken door de eigenaar!\n"
+
+msgid " This could mean that the signature is forged.\n"
+msgstr " Dit kan betekenen dat de ondertekening vervalst is.\n"
+
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr ""
+"WAARSCHUWING: Deze subsleutel werd ingetrokken door de eigenaar ervan!\n"
+
+msgid "Note: This key has been disabled.\n"
+msgstr "Noot: Deze sleutel is uitgeschakeld.\n"
+
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "Noot: Het gecontroleerde adres van de ondertekenaar is `%s'\n"
+
+# TODO
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+"Noot: Het adres `%s' van de ondertekenaar komt niet overeen met een DNS-"
+"registratie\n"
+
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+"betrouwbaarheidsniveau bijgesteld naar VOLLEDIG op basis van geldige PKA-"
+"info\n"
+
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+"betrouwbaarheidsniveau bijgesteld naar NOOIT op basis van slechte PKA-info\n"
+
+msgid "Note: This key has expired!\n"
+msgstr "Noot: Deze sleutel is vervallen!\n"
+
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+"WAARSCHUWING: Deze sleutel werd niet gecertificeerd\n"
+" door een betrouwbare handtekening!\n"
+
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Er is geen aanwijzing dat de handtekening van de eigenaar is.\n"
+
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "WAARSCHUWING: We vertrouwen deze sleutel NIET!\n"
+
+msgid " The signature is probably a FORGERY.\n"
+msgstr " De handtekening is waarschijnlijk een VERVALSING.\n"
+
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"WAARSCHUWING: Deze sleutel werd niet met voldoende\n"
+" betrouwbare handtekeningen gecertificeerd!\n"
+
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Het is niet zeker dat de handtekening van de eigenaar is.\n"
+
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: overgeslagen: %s\n"
+
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: overgeslagen: publieke sleutel is al aanwezig\n"
+
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+"U heeft geen gebruikers-ID gespecificeerd. (u kunt de optie \"-r\" "
+"gebruiken)\n"
+
+msgid "Current recipients:\n"
+msgstr "Huidige ontvangers:\n"
+
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Voer de gebruikers-ID in. Beëindig met een lege regel: "
+
+msgid "No such user ID.\n"
+msgstr "Een dergelijke gebruikers-ID is er niet.\n"
+
+msgid "skipped: public key already set as default recipient\n"
+msgstr ""
+"overgeslagen: publieke sleutel was reeds als standaardontvanger ingesteld\n"
+
+msgid "Public key is disabled.\n"
+msgstr "Publieke sleutel werd uitgeschakeld\n"
+
+msgid "skipped: public key already set\n"
+msgstr "overgeslagen: publieke sleutel was reeds ingesteld\n"
+
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "onbekende standaardontvanger \"%s\"\n"
+
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: overgeslagen: publieke sleutel is uitgeschakeld\n"
+
+msgid "no valid addressees\n"
+msgstr "geen geldige geadresseerden\n"
+
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Noot: sleutel %s heeft functionaliteit %s niet\n"
+
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Noot: sleutel %s bevat geen voorkeur voor %s\n"
+
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"gegevens niet bewaard; gebruik de optie \"--output\" om ze te bewaren\n"
+
+msgid "Detached signature.\n"
+msgstr "Ontkoppelde handtekening.\n"
+
+msgid "Please enter name of data file: "
+msgstr "Voer de naam in van het gegevensbestand: "
+
+msgid "reading stdin ...\n"
+msgstr "lezen van standaardinvoer (stdin) ...\n"
+
+msgid "no signed data\n"
+msgstr "geen ondertekende gegevens\n"
+
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "kan de ondertekende gegevens `%s' niet openen\n"
+
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr ""
+"kan de ondertekende gegevens uit bestandsindicator=%d niet openen: %s\n"
+
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "anonieme ontvanger; geheime sleutel %s wordt geprobeerd ...\n"
+
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "oké, wij zijn de anonieme ontvanger.\n"
+
+msgid "old encoding of the DEK is not supported\n"
+msgstr "de oude codering van de encryptiesleutel DEK wordt niet ondersteund\n"
+
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "versleutelingsalgoritme %d%s is onbekend of uitgeschakeld\n"
+
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+"WAARSCHUWING: versleutelingsalgoritme %s niet gevonden\n"
+" in de voorkeuren van de ontvanger\n"
+
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOOT: geheime sleutel %s verviel op %s\n"
+
+msgid "NOTE: key has been revoked"
+msgstr "NOOT: sleutel werd ingetrokken"
+
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet is mislukt: %s\n"
+
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "sleutel %s heeft geen gebruikers-ID's\n"
+
+msgid "To be revoked by:\n"
+msgstr "Moet worden ingetrokken door:\n"
+
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Dit is een gevoelige intekkingssleutel)\n"
+
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Een bevoegd intrekkingscertificaat aanmaken voor deze sleutel? (j/N) "
+
+msgid "ASCII armored output forced.\n"
+msgstr "gedwongen uitvoer in ASCII-harnas.\n"
+
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet is mislukt: %s\n"
+
+msgid "Revocation certificate created.\n"
+msgstr "Intrekkingscertificaat werd aangemaakt.\n"
+
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "er werden geen intrekkingssleutels gevonden voor \"%s\"\n"
+
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "geheime sleutel \"%s\" niet gevonden: %s\n"
+
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "geen overeenkomstige publieke sleutel: %s\n"
+
+msgid "public key does not match secret key!\n"
+msgstr "publieke sleutel komt niet overeen met de geheime sleutel!\n"
+
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Een intrekkingscertificaat voor deze sleutel maken? (j/N) "
+
+msgid "unknown protection algorithm\n"
+msgstr "onbekend beveiligingsalgoritme\n"
+
+msgid "NOTE: This key is not protected!\n"
+msgstr "NOOT: Deze sleutel is niet beveiligd!\n"
+
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Intrekkingscertificaat aangemaakt.\n"
+"\n"
+"Gelieve het naar een medium te verplaatsen dat u kunt wegstoppen; indien\n"
+"iemand dit certificaat in handen krijgt, kan hij het gebruiken om uw "
+"sleutel\n"
+"onbruikbaar te maken. Het is verstandig om dit certificaat af te drukken en\n"
+"het weg te bergen, voor het geval uw media onleesbaar zouden worden. Maar\n"
+"neem wat voorzichtigheid in acht: het printersysteem van uw computer kan de\n"
+"gegevens opslaan, waardoor ze voor anderen toegankelijk kunnen worden!\n"
+
+msgid "Please select the reason for the revocation:\n"
+msgstr "Gelieve een reden te kiezen voor de intrekking:\n"
+
+msgid "Cancel"
+msgstr "Annuleren"
+
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Wellicht wilt u hier %d kiezen)\n"
+
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Voer een optionele beschrijving in; beëindig met een lege regel:\n"
+
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Reden van intrekking: %s\n"
+
+msgid "(No description given)\n"
+msgstr "(Geen beschrijving gegeven)\n"
+
+msgid "Is this okay? (y/N) "
+msgstr "Is dit oké? (j/N) "
+
+msgid "secret key parts are not available\n"
+msgstr "onderdelen van de geheime sleutel zijn niet beschikbaar\n"
+
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "beveiligingsalgoritme %d%s wordt niet ondersteund\n"
+
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "beveiligingshash %d wordt niet ondersteund\n"
+
+msgid "Invalid passphrase; please try again"
+msgstr "Ongeldige wachtwoordzin; probeer opnieuw"
+
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"WAARSCHUWING: Een zwakke sleutel gevonden - gelieve de\n"
+" wachtwoordzin opnieuw te wijzigen.\n"
+
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"de controlesom ter beveiliging van de geheime sleutel\n"
+"wordt aangemaakt in het verouderde 16-bit-formaat\n"
+
+msgid "weak key created - retrying\n"
+msgstr "er werd een zwakke sleutel aangemaakt - er wordt nogmaals geprobeerd\n"
+
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"een zwakke sleutel voor het symmetrisch versleutelingsalgoritme\n"
+"kan niet vermeden worden; er werd %d maal geprobeerd!\n"
+
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA vereist dat de lengte van de hash een veelvoud van 8 bits is\n"
+
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "DSA-sleutel %s gebruikt een onveilige (%u bit) hash\n"
+
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "DSA-sleutel %s vereist een hash van %u bit of meer\n"
+
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "WAARSCHUWING: conflicterende ondertekeningshash in het bericht\n"
+
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+"WAARSCHUWING: er is geen kruiscertificering gebeurd\n"
+" van de ondertekenende subsleutel %s\n"
+
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"WAARSCHUWING: ondertekenende subsleutel %s heeft een ongeldige "
+"kruiscertificering\n"
+
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "publieke sleutel %s is %lu seconde recenter dan de handtekening\n"
+
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "publieke sleutel %s is %lu seconden recenter dan de handtekening\n"
+
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"sleutel %s werd %lu seconde in de toekomst aangemaakt\n"
+"(afwijkende tijd of een probleem met de klok)\n"
+
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"sleutel %s werd %lu seconden in de toekomst aangemaakt\n"
+"(afwijkende tijd of een probleem met de klok)\n"
+
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOOT: ondertekeningssleutel %s verviel op %s\n"
+
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOOT: ondertekeningssleutel %s werd ingetrokken\n"
+
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"er wordt verondersteld dat de ondertekening van\n"
+"sleutel %s slecht is, omdat de kritieke bit niet gekend is\n"
+
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr ""
+"sleutel %s: geen subsleutel voor de ondertekening\n"
+"van de intrekking van de subsleutel\n"
+
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr ""
+"sleutel %s: geen subsleutel voor de ondertekening van de koppeling met de "
+"subsleutel\n"
+
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"WAARSCHUWING: kan geen expansie maken op basis van %% van de notatie\n"
+" (te groot). De niet-geëxpandeerde versie wordt gebruikt.\n"
+
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"WAARSCHUWING: kan geen expansie maken op basis van %% van de richtlijn-URL\n"
+" (te groot). De niet-geëxpandeerde versie wordt gebruikt.\n"
+
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"WAARSCHUWING: kan geen expansie maken op basis van %% van de\n"
+" URL van de voorkeurssleutelsserver (te groot).\n"
+" De niet-geëxpandeerde versie wordt gebruikt.\n"
+
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "controle van de aangemaakte ondertekening is mislukt: %s\n"
+
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s ondertekening van: \"%s\"\n"
+
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"u kunt enkel een ontkoppelde ondertekening maken met een\n"
+"sleutel van het type PGP 2.x als u in modus --pgp2 bent\n"
+
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"WAARSCHUWING: het hashalgoritme %s (%d) dwingend opleggen is in strijd\n"
+" met de voorkeuren van de ontvanger\n"
+
+msgid "signing:"
+msgstr "bezig met ondertekenen:"
+
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"u kunt enkel een ondertekening in klare tekst maken met een\n"
+"sleutel van het type PGP 2.x als u in modus --pgp2 bent\n"
+
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s-versleuteling zal gebruikt worden\n"
+
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"sleutel staat niet als onveilig gemarkeerd - kan hem niet gebruiken\n"
+"met de gesimuleerde generator van willekeurige getallen (RNG)!\n"
+
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "\"%s\" overgeslagen: waren duplicaten\n"
+
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "\"%s\" overgeslagen: %s\n"
+
+msgid "skipped: secret key already present\n"
+msgstr "overgeslagen: geheime sleutel is al aanwezig\n"
+
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"dit is een Elgamal-sleutel aangemaakt met PGP.\n"
+"Het is niet veilig om er mee te ondertekenen!"
+
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "staat van betrouwbaarheid %lu, type %d: registreren mislukt: %s\n"
+
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Lijst van toegekende betrouwbaarheidswaarden, aangemaakt op %s\n"
+"# (Gebruik \"gpg --import-ownertrust\" om ze te repareren)\n"
+
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "fout in `%s': %s\n"
+
+msgid "line too long"
+msgstr "regel is te lang"
+
+msgid "colon missing"
+msgstr "ontbrekende dubbele punt"
+
+msgid "invalid fingerprint"
+msgstr "ongeldige vingerafdruk"
+
+msgid "ownertrust value missing"
+msgstr "ontbrekende waarde voor mate van betrouwbaarheid"
+
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "fout bij het zoeken naar de staat van betrouwbaarheid in `%s': %s\n"
+
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "leesfout in `%s': %s\n"
+
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "betrouwbaarheidsdatabank (trustdb): synchronisatie mislukt: %s\n"
+
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "kan geen grendel maken voor `%s'\n"
+
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "kan `%s' niet vergrendelen\n"
+
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr ""
+"betrouwbaarheidsdatabank (trustdb): element %lu: lseek is mislukt: %s\n"
+
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+"betrouwbaarheidsdatabank (trustdb): element %lu: wegschrijven is mislukt (n="
+"%d): %s\n"
+
+msgid "trustdb transaction too large\n"
+msgstr "betrouwbaarheidsdatabank (trustdb): transactie is te groot\n"
+
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: map bestaat niet!\n"
+
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "krijg geen toegang tot `%s': %s\n"
+
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: het registreren van de versie is mislukt: %s"
+
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: ongeldige betrouwbaarheidsdatabank (trustdb) aangemaakt\n"
+
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: betrouwbaarheidsdatabank (trustdb) aangemaakt\n"
+
+msgid "NOTE: trustdb not writable\n"
+msgstr ""
+"NOOT: er kan niet geschreven worden in de betrouwbaarheidsdatabank "
+"(trustdb)\n"
+
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: ongeldige betrouwbaarheidsdatabank (trustdb)\n"
+
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: aanmaken van de hashtabel is mislukt: %s\n"
+
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: fout bij het bijwerken van versiegegevens: %s\n"
+
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: fout bij het lezen van versiegegevens: %s\n"
+
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: fout bij het wegschrijven van versiegegevens: %s\n"
+
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "betrouwbaarheidsdatabank (trustdb): lseek is mislukt: %s\n"
+
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "betrouwbaarheidsdatabank (trustdb): lezen is mislukt (n=%d): %s\n"
+
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: bestand is geen betrouwbaarheidsdatabank (trustdb)\n"
+
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: versiegegevens met registratienummer %lu\n"
+
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: ongeldige bestandsversie %d\n"
+
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: fout bij het lezen van vrije staat: %s\n"
+
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: fout bij het wegschrijven van de staat van de map: %s\n"
+
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: fout bij het op nul zetten van een staat: %s\n"
+
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: het toevoegen van een staat is mislukt: %s\n"
+
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "Fout: de betrouwbaarheidsdatabank (trustdb) is beschadigd.\n"
+
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "kan geen tekstregels verwerken die groter zijn dan %d tekens\n"
+
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "invoerregel groter dan %d tekens\n"
+
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' is geen geldige ID voor een lange sleutel\n"
+
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "sleutel %s: aanvaard als betrouwbare sleutel\n"
+
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr ""
+"sleutel %s komt meer dan eens voor in de betrouwbaarheidsdatabank (trustdb)\n"
+
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"sleutel %s: geen publieke sleutel voor de vertrouwde sleutel - overgeslagen\n"
+
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "sleutel %s gemarkeerd als uiterst betrouwbaar\n"
+
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "staat van betrouwbaarheid %lu, vereist type %d: lezen mislukt: %s\n"
+
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "staat van betrouwbaarheid %lu is niet van het vereiste type %d\n"
+
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+"U kunt proberen om de betrouwbaarheidsdatabank (trustdb)\n"
+"opnieuw aan te maken met behulp van de commando's:\n"
+
+msgid "If that does not work, please consult the manual\n"
+msgstr "Indien dit niet lukt, gelieve dan de handleiding te raadplegen\n"
+
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"kan onbekend betrouwbaarheidsmodel (%d) niet\n"
+"gebruiken - betrouwbaarheidsmodel %s wordt verondersteld\n"
+
+#, c-format
+msgid "using %s trust model\n"
+msgstr "betrouwbaarheidsmodel %s wordt gebruikt\n"
+
+#. TRANSLATORS: these strings are similar to those in
+#. trust_value_to_string(), but are a fixed length. This is needed to
+#. make attractive information listings where columns line up
+#. properly. The value "10" should be the length of the strings you
+#. choose to translate to. This is the length in printable columns.
+#. It gets passed to atoi() so everything after the number is
+#. essentially a comment and need not be translated. Either key and
+#. uid are both NULL, or neither are NULL.
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+"11 translator see trustdb.c:uid_trust_string_fixed: werd gelezen door "
+"vertaler"
+
+msgid "[ revoked]"
+msgstr "[ingetrok]"
+
+msgid "[ expired]"
+msgstr "[vervalln]"
+
+msgid "[ unknown]"
+msgstr "[onbekend]"
+
+msgid "[ undef ]"
+msgstr "[ ongedef]"
+
+msgid "[marginal]"
+msgstr "[marginal]"
+
+msgid "[ full ]"
+msgstr "[volledig]"
+
+msgid "[ultimate]"
+msgstr "[ uiterst]"
+
+msgid "undefined"
+msgstr "niet gedefinieerd"
+
+msgid "never"
+msgstr "nooit"
+
+msgid "marginal"
+msgstr "marginaal"
+
+msgid "full"
+msgstr "volledig"
+
+msgid "ultimate"
+msgstr "uiterst"
+
+msgid "no need for a trustdb check\n"
+msgstr "een controle van de betrouwbaarheidsdatabank (trustdb) is niet nodig\n"
+
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "volgende controle van de betrouwbaarheidsdatabank (trustdb) is op %s\n"
+
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr ""
+"een controle van de betrouwbaarheidsdatabank (trustdb)\n"
+"is niet nodig bij het vertrouwensmodel `%s'\n"
+
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr ""
+"een bijwerking van de betrouwbaarheidsdatabank (trustdb)\n"
+"is niet nodig bij het vertrouwensmodel `%s'\n"
+
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "publieke sleutel %s niet gevonden: %s\n"
+
+msgid "please do a --check-trustdb\n"
+msgstr "gelieve het commando --check-trustdb uit te voeren\n"
+
+msgid "checking the trustdb\n"
+msgstr "de betrouwbaarheidsdatabank (trustdb) wordt gecontroleerd\n"
+
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d sleutels werden verwerkt (%d geldigheidstellers op nul gezet)\n"
+
+msgid "no ultimately trusted keys found\n"
+msgstr "geen uiterst betrouwbare sleutels gevonden\n"
+
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "publieke sleutel van uiterst betrouwbare sleutel %s niet gevonden\n"
+
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "%d marginale nodig, %d volledige nodig, vertrouwensmodel %s\n"
+
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"diepte: %d geldig: %3d ondert.: %3d vertr.: %d-, %dq, %dn, %dm, %df, %du\n"
+
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"bijwerken van de versiegegevens van de betrouwbaarheidsdatabank (trustdb):\n"
+"wegschrijven is mislukt: %s\n"
+
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"de ondertekening kon niet geverifieerd worden.\n"
+"Denk eraan dat het bestand met handtekeningen (.sig of .asc)\n"
+"het eerste bestand moet zijn dat aan de commandolijn ingevoerd wordt.\n"
+
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "invoerregel %u is te lang of LF ontbreekt\n"
+
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "kan bestandsindicator %d niet openen: %s\n"
+
+msgid "argument not expected"
+msgstr "onverwacht argument"
+
+msgid "read error"
+msgstr "leesfout"
+
+msgid "keyword too long"
+msgstr "sleutelwoord is te lang"
+
+msgid "missing argument"
+msgstr "ontbrekend argument"
+
+msgid "invalid argument"
+msgstr "ongeldig argument"
+
+msgid "invalid command"
+msgstr "ongeldig commando"
+
+msgid "invalid alias definition"
+msgstr "ongeldige definitie van een alias"
+
+msgid "out of core"
+msgstr "geheugenlimiet overschreden"
+
+msgid "invalid option"
+msgstr "ongeldige optie"
+
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "ontbrekend argument voor optie \"%.50s\"\n"
+
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "ontbrekend argument voor optie \"%.50s\"\n"
+
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "optie \"%.50s\" verwacht geen argument\n"
+
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "ongeldig commando \"%.50s\"\n"
+
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "optie \"%.50s\" is ambigue\n"
+
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "commando \"%.50s\" is ambigue\n"
+
+msgid "out of core\n"
+msgstr "geheugenlimiet overschreden\n"
+
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "ongeldige optie \"%.50s\"\n"
+
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "u vond een bug ... (%s:%d)\n"
+
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "omzetting van `%s' naar `%s' is niet beschikbaar\n"
+
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open is mislukt: %s\n"
+
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "omzetting van `%s' naar `%s' is mislukt: %s\n"
+
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "kon tijdelijk bestand `%s' niet aanmaken: %s\n"
+
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "fout bij het wegschrijven van `%s': %s\n"
+
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "oud grendelbestand (aangemaakt door %d) wordt verwijderd\n"
+
+msgid " - probably dead - removing lock"
+msgstr " - wellicht dood - grendel wordt verwijderd"
+
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "wachten op de grendel (vastgehouden door %d%s) %s...\n"
+
+msgid "(deadlock?) "
+msgstr "(dode grendel?) "
+
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "grendel `%s' werd niet geplaatst: %s\n"
+
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "wachten op grendel %s...\n"
+
+msgid "set debugging flags"
+msgstr "stel debug-opties in"
+
+msgid "enable full debugging"
+msgstr "maak debuggen ten volle mogelijk"
+
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Gebruik: kbxutil [opties] [bestanden] (-h voor hulp)"
+
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"List, export, import Keybox data\n"
+msgstr ""
+"Syntaxis: kbxutil [opties] [bestanden]\n"
+"Toon, exporteer, importeer Keybox-gegevens (sleutelkistje-data)\n"
+
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "RSA-modulus ontbreekt of heeft niet een grootte van %d bits\n"
+
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "publieke exponent van RSA ontbreekt of is groter dan %d bits\n"
+
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "Herroepen van de pincode gaf een fout: %s\n"
+
+msgid "the NullPIN has not yet been changed\n"
+msgstr "de nul-pincode werd nog niet gewijzigd\n"
+
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|N|Gelieve een nieuwe pincode in te voeren voor de standaardsleutels."
+
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Gelieve de pincode voor de standaardsleutels in te voeren."
+
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|NP|Gelieve een nieuwe PUK-code (PIN Unblocking Code) in te voeren voor de "
+"standaardsleutels."
+
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|P|Gelieve de PUK-code (PIN Unblocking Code) in te voeren voor de "
+"standaardsleutels."
+
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+"|N|Gelieve een nieuwe pincode in te voeren voor de sleutel die bevoegde "
+"handtekeningen kan aanmaken."
+
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+"||Gelieve de pincode in te voeren voor de sleutel die bevoegde "
+"handtekeningen kan aanmaken."
+
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|NP|Gelieve een nieuwe PUK-code (PIN Unblocking Code) in te voeren voor de "
+"sleutel die bevoegde handtekeningen kan aanmaken."
+
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|P|Gelieve de PUK-code (PIN Unblocking Code) in te voeren voor de sleutel "
+"die bevoegde handtekeningen kan aanmaken."
+
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "fout bij het verkrijgen van een nieuwe pincode: %s\n"
+
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "opslaan van de vingerafdruk is mislukt: %s\n"
+
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "opslaan van de aanmaakdatum is mislukt: %s\n"
+
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "het lezen van de publieke sleutel is mislukt: %s\n"
+
+msgid "response does not contain the public key data\n"
+msgstr "antwoord bevat de gegevens van de publieke sleutel niet\n"
+
+msgid "response does not contain the RSA modulus\n"
+msgstr "antwoord bevat de RSA-modulus niet\n"
+
+msgid "response does not contain the RSA public exponent\n"
+msgstr "antwoord bevat de publieke exponent van RSA niet\n"
+
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "de standaardpincode wordt gebruikt voor %s\n"
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+"de standaardpincode gebruiken voor %s is mislukt: %s - standaard\n"
+"wordt in het vervolg niet meer gebruikt\n"
+
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Graag invoer van de pincode%%0A[gemaakte ondertekeningen: %lu]"
+
+msgid "||Please enter the PIN"
+msgstr "||Gelieve de pincode in te voeren"
+
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "pincode voor CHV%d is te kort; die moet minimaal %d lang zijn\n"
+
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "controle van CHV%d is mislukt: %s\n"
+
+msgid "error retrieving CHV status from card\n"
+msgstr "fout bij het ophalen van de CHV-status uit de kaart\n"
+
+msgid "card is permanently locked!\n"
+msgstr "kaart is permanent vergrendeld!\n"
+
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+"beheerder heeft %d resterende pogingen om de pincode in te voeren\n"
+"voordat de kaart permanent vergrendeld wordt\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "|A|Graag invoer van de beheerderspincode%%0A[resterende pogingen: %d]"
+
+msgid "|A|Please enter the Admin PIN"
+msgstr "|A|Gelieve de pincode van de beheerder in te voeren"
+
+msgid "access to admin commands is not configured\n"
+msgstr "toegang tot beheerderscommando's is niet ingesteld\n"
+
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Gelieve de Reset-Code voor de kaart in te voeren"
+
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Reset-Code is te kort; die moet minimaal %d lang zijn\n"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+msgid "|RN|New Reset Code"
+msgstr "|RN|Nieuwe Reset-Code"
+
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Nieuwe pincode voor de beheerder"
+
+msgid "|N|New PIN"
+msgstr "|N|Nieuwe pincode"
+
+msgid "||Please enter the Admin PIN and New Admin PIN"
+msgstr ""
+"||Gelieve de pincode van de beheerder en zijn nieuwe pincode in te voeren"
+
+msgid "||Please enter the PIN and New PIN"
+msgstr "||Gelieve de pincode en de nieuwe pincode in te voeren"
+
+msgid "error reading application data\n"
+msgstr "fout bij het lezen van toepassingsgegevens\n"
+
+msgid "error reading fingerprint DO\n"
+msgstr "fout bij het lezen van de vingerafdruk DO\n"
+
+msgid "key already exists\n"
+msgstr "de sleutel bestaat reeds\n"
+
+msgid "existing key will be replaced\n"
+msgstr "de bestaande sleutel zal vervangen worden\n"
+
+msgid "generating new key\n"
+msgstr "aanmaken van nieuwe sleutel\n"
+
+msgid "writing new key\n"
+msgstr "wegschrijven van nieuwe sleutel\n"
+
+msgid "creation timestamp missing\n"
+msgstr "aanmaaktijdstip ontbreekt\n"
+
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "priemgetal %s van RSA ontbreekt of heeft niet de grootte van %d bits\n"
+
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "opslaan van de sleutel is mislukt: %s\n"
+
+msgid "please wait while key is being generated ...\n"
+msgstr "wacht terwijl de sleutel wordt aangemaakt ...\n"
+
+msgid "generating key failed\n"
+msgstr "aanmaken van de sleutel is mislukt\n"
+
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "het aanmaken van de sleutel is voltooid (in %d seconden)\n"
+
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "ongeldige structuur van de OpenPGP-kaart (DO 0x93)\n"
+
+msgid "fingerprint on card does not match requested one\n"
+msgstr "vingerafdruk op de kaart komt niet overeen met de gevraagde\n"
+
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "de kaart ondersteunt het hashalgoritme %s niet\n"
+
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "tot dusver gegenereerde handtekeningen: %lu\n"
+
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"controleren van de pincode van de beheerder wordt momenteel verboden met dit "
+"commando\n"
+
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "kan geen toegang krijgen tot %s - ongeldige OpenPGP-kaart?\n"
+
+msgid "||Please enter your PIN at the reader's pinpad"
+msgstr ""
+"||Gelieve uw pincode in te voeren op het numeriek pad van de kaartlezer"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+msgid "|N|Initial New PIN"
+msgstr "|N|Initiële nieuwe pincode"
+
+msgid "run in multi server mode (foreground)"
+msgstr "uitvoeren in multi-servermodus (voorgrond)"
+
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|NIVEAU|stel het debuggingsniveau in op NIVEAU"
+
+msgid "|FILE|write a log to FILE"
+msgstr "|BESTAND|houd een logboek bij in BESTAND"
+
+msgid "|N|connect to reader at port N"
+msgstr "|N|maak verbinding met de lezer via poort N"
+
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NAAM|gebruik NAAM als stuurprogramma voor ct-API"
+
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NAAM|gebruik NAAM als stuurprogramma voor PC/SC"
+
+msgid "do not use the internal CCID driver"
+msgstr "gebruik het interne stuurprogramma CCID niet"
+
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+"|N|verbreek de verbinding met de kaart na een inactiviteit van N seconden"
+
+msgid "do not use a reader's pinpad"
+msgstr "gebruik het numeriek pad van de kaartlezer niet"
+
+msgid "deny the use of admin card commands"
+msgstr "sta het gebruik van commando's voor het beheer van de kaart niet toe"
+
+msgid "use variable length input for pinpad"
+msgstr "maak bij het numeriek pad gebruik van een invoer van variabele lengte"
+
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Gebruik: scdaemon [opties] (-h voor hulp)"
+
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"Syntaxis: scdaemon [opties] [commando [parameters]]\n"
+"Chipkaart-achtergronddienst voor GnuPG\n"
+
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+"gelieve de optie `--daemon' te gebruiken om het programma in de achtergrond "
+"uit te voeren\n"
+
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "verwerker voor bestandsindicator %d gestart\n"
+
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "verwerker voor bestandsindicator %d beëindigd\n"
+
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "ongeldig radix64-teken %02X overgeslagen\n"
+
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "doorspelen van aanvraag %s aan de client is mislukt\n"
+
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "dirmngr wordt nog niet uitgevoerd - `%s' wordt gestart\n"
+
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "ongeldig formaat van de omgevingsvariabele DIRMNGR_INFO\n"
+
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "protocolversie %d van dirmngr wordt niet ondersteund\n"
+
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+"kan geen verbinding leggen met de dirmngr - er wordt een noodoplossing "
+"geprobeerd\n"
+
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "door het certificaat gevraagd valideringsmodel: %s"
+
+msgid "chain"
+msgstr "ketting"
+
+msgid "shell"
+msgstr "shell"
+
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "kritieke certificaatsuitbreiding %s wordt niet ondersteund"
+
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+"het certificaat van de uitgever staat niet als een certificeringsautoriteit "
+"gemarkeerd"
+
+msgid "critical marked policy without configured policies"
+msgstr ""
+"gemarkeerd als kritieke richtlijn maar instellingen voor beleidsrichtlijnen "
+"ontbreken"
+
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "kan `%s' niet openen: %s\n"
+
+msgid "note: non-critical certificate policy not allowed"
+msgstr "noot: niet-kritieke certificaatsrichtlijn niet toegestaan"
+
+msgid "certificate policy not allowed"
+msgstr "certificaatsrichtlijn niet toegestaan"
+
+msgid "looking up issuer at external location\n"
+msgstr "uitgever wordt op een externe locatie opgezocht\n"
+
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "aantal overeenstemmende uitgevers: %d\n"
+
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "uitgever wordt opgezocht in de cache van Dirmngr\n"
+
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "aantal overeenstemmende certificaten: %d\n"
+
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr ""
+"het enkel in de cache van dirmngr opzoeken van de sleutel is mislukt: %s\n"
+
+msgid "failed to allocate keyDB handle\n"
+msgstr "het reserveren van het beheer van de sleuteldatabase is mislukt\n"
+
+msgid "certificate has been revoked"
+msgstr "certificaat werd ingetrokken"
+
+msgid "the status of the certificate is unknown"
+msgstr "onbekende status van het certificaat"
+
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+"gelieve u ervan te vergewissen dat de \"dirmngr\" behoorlijk geïnstalleerd "
+"werd\n"
+
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "controle van de lijst van ingetrokken certificaten is mislukt: %s"
+
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "certificaat met een ongeldige geldigheid: %s"
+
+msgid "certificate not yet valid"
+msgstr "certificaat is nog niet geldig"
+
+msgid "root certificate not yet valid"
+msgstr "stamcertificaat is nog niet geldig"
+
+msgid "intermediate certificate not yet valid"
+msgstr "het tussenliggend certificaat is nog niet geldig"
+
+msgid "certificate has expired"
+msgstr "het certificaat is verlopen"
+
+msgid "root certificate has expired"
+msgstr "het stamcertificaat is vervallen"
+
+msgid "intermediate certificate has expired"
+msgstr "het tussenliggend certificaat is vervallen"
+
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "de vereiste certificaatattributen ontbreken: %s%s%s"
+
+msgid "certificate with invalid validity"
+msgstr "certificaat met ongeldige geldigheid"
+
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+"handtekening werd niet aangemaakt binnen de levensduur van het certificaat"
+
+msgid "certificate not created during lifetime of issuer"
+msgstr "certificaat werd niet aangemaakt binnen de levensduur van de uitgever"
+
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+"het tussenliggend certificaat werd niet aangemaakt binnen de levensduur van "
+"de uitgever"
+
+msgid " ( signature created at "
+msgstr " (handtekening aangemaakt op "
+
+msgid " (certificate created at "
+msgstr " ( certificaat aangemaakt op "
+
+msgid " (certificate valid from "
+msgstr " ( certificaat geldig van "
+
+msgid " ( issuer valid from "
+msgstr " ( uitgever geldig van "
+
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "vingerafdruk=%s\n"
+
+msgid "root certificate has now been marked as trusted\n"
+msgstr "het stamcertificaat werd nu als betrouwbaar gemarkeerd\n"
+
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+"iets interactief als betrouwbaar markeren is niet mogelijk met gpg-agent\n"
+
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+"iets interactief als betrouwbaar markeren is tijdens deze sessie niet "
+"mogelijk\n"
+
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+"WAARSCHUWING: het tijdstip waarop de handtekening aangemaakt werd is niet "
+"bekend - er wordt aangenomen dat het nu was"
+
+msgid "no issuer found in certificate"
+msgstr "geen uitgever gevonden in het certificaat"
+
+msgid "self-signed certificate has a BAD signature"
+msgstr "auto-gesigneerd certificaat heeft een SLECHTE handtekening"
+
+msgid "root certificate is not marked trusted"
+msgstr "stamcertificaat staat niet gemarkeerd als betrouwbaar"
+
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "controle van de lijst van vertrouwen is mislukt: %s\n"
+
+msgid "certificate chain too long\n"
+msgstr "certificaatketting is te lang\n"
+
+msgid "issuer certificate not found"
+msgstr "certificaat van uitgever niet gevonden"
+
+msgid "certificate has a BAD signature"
+msgstr "certificaat heeft een SLECHTE ondertekening"
+
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+"mogelijk een ander overeenstemmend CA-certificaat gevonden - er wordt "
+"opnieuw geprobeerd"
+
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+"certificaatketting is langer dan toegestaan door de certificatieautoriteit "
+"(%d)"
+
+msgid "certificate is good\n"
+msgstr "certificaat is goed\n"
+
+msgid "intermediate certificate is good\n"
+msgstr "tussenliggend certificaat is goed\n"
+
+msgid "root certificate is good\n"
+msgstr "stamcertificaat is goed\n"
+
+msgid "switching to chain model"
+msgstr "er wordt overgeschakeld op het kettingmodel"
+
+#, c-format
+msgid "validation model used: %s"
+msgstr "gebruikt valideringsmodel: %s"
+
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "%s-sleutel gebruikt een onveilige (%u bit) hash\n"
+
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "een hash van %u bit is niet geldig voor een %u bit %s-sleutel\n"
+
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(dit is het MD2-algoritme)\n"
+
+msgid "none"
+msgstr "geen"
+
+msgid "[Error - invalid encoding]"
+msgstr "[Fout - ongeldige codering]"
+
+msgid "[Error - out of core]"
+msgstr "[Fout - geheugenlimiet overschreden]"
+
+msgid "[Error - No name]"
+msgstr "[Fout - Geen naam]"
+
+msgid "[Error - invalid DN]"
+msgstr "[Fout - ongeldige DN]"
+
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Voer de wachtwoordzin in voor het ontgrendelen van de geheime sleutel van "
+"het X.509-certificaat:\n"
+"\"%s\"\n"
+"serienummer %s, ID 0x%08lX,\n"
+"aangemaakt op %s, vervalt op %s.\n"
+
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+"geen gebruik gespecificeerd voor de sleutel - elk gebruik wordt "
+"verondersteld\n"
+
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr ""
+"fout bij het ophalen van de informatie over het gebruik van de sleutel: %s\n"
+
+msgid "certificate should not have been used for certification\n"
+msgstr "het certificaat had niet gebruikt mogen worden om te certificeren\n"
+
+msgid "certificate should not have been used for OCSP response signing\n"
+msgstr ""
+"het certificaat had niet gebruikt mogen worden voor het ondertekenen van "
+"OCSP-antwoorden\n"
+
+msgid "certificate should not have been used for encryption\n"
+msgstr "het certificaat had niet gebruikt mogen worden om te versleutelen\n"
+
+msgid "certificate should not have been used for signing\n"
+msgstr "het certificaat had niet gebruikt mogen worden om te ondertekenen\n"
+
+msgid "certificate is not usable for encryption\n"
+msgstr "het certificaat kan niet gebruikt worden om te versleutelen\n"
+
+msgid "certificate is not usable for signing\n"
+msgstr "het certificaat kan niet gebruikt worden om te ondertekenen\n"
+
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "regel %d: ongeldig algoritme\n"
+
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "regel %d: ongeldige sleutellengte %u (geldig is van %d tot %d)\n"
+
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "regel %d: geen naam aan het subject gegeven\n"
+
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "regel %d: de naam van het subject heeft het ongeldige label `%.*s'\n"
+
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "regel %d: het subject heeft de ongeldige naam `%s' op positie %d\n"
+
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "regel %d: geen geldig e-mailadres\n"
+
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "regel %d: fout bij het lezen van sleutel `%s' van de kaart: %s\n"
+
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr ""
+"regel %d: fout bij het ophalen van de sleutel met sleutelhendel `%s': %s\n"
+
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "regel %d: sleutel aanmaken is mislukt: %s <%s>\n"
+
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"Om deze certificaataanvraag te vervolledigen moet u nogmaals de "
+"wachtwoordzin invoeren voor de sleutel die u zonet aanmaakte.\n"
+
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Bestaande sleutel\n"
+
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) Bestaande sleutel op de kaart\n"
+
+msgid "Enter the keygrip: "
+msgstr "Voer de sleutelhendel in: "
+
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+"Geen geldige sleutelhendel (een reeks van 40 hexadecimale cijfers wordt "
+"verwacht)\n"
+
+msgid "No key with this keygrip\n"
+msgstr "Deze sleutelhendel heeft geen sleutel bij zich\n"
+
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr "fout bij het lezen van de kaart: %s\n"
+
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "Serienummer van de kaart: %s\n"
+
+msgid "Available keys:\n"
+msgstr "Beschikbare sleutels:\n"
+
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Mogelijke acties voor een %s-sleutel:\n"
+
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) ondertekenen, versleutelen\n"
+
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) ondertekenen\n"
+
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) versleutelen\n"
+
+msgid "Enter the X.509 subject name: "
+msgstr "Voer de naam in voor het subject in X.509-formaat: "
+
+msgid "No subject name given\n"
+msgstr "Geen naam voor het subject ingevoerd\n"
+
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "De naam voor het subject heeft ongeldig label `%.*s'\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Subject met ongeldige naam `%s'\n"
+
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "21"
+
+msgid "Enter email addresses"
+msgstr "Voer de e-mailadressen in"
+
+msgid " (end with an empty line):\n"
+msgstr " (beëindig met een lege regel):\n"
+
+msgid "Enter DNS names"
+msgstr "Voer de DNS-namen in"
+
+msgid " (optional; end with an empty line):\n"
+msgstr " (facultatief; beëindig met een lege regel):\n"
+
+msgid "Enter URIs"
+msgstr "Voer de URI's in"
+
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Te gebruiken parameters bij het aanvragen van een certificaat:\n"
+
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+"Er wordt nu een aanvraag voor een certificaat gemaakt. Dit kan even "
+"duren ...\n"
+
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+"Klaar. U zou die aanvraag nu moeten sturen naar uw certificatieautoriteit.\n"
+
+msgid "resource problem: out of core\n"
+msgstr "een probleem van hulpbronnen: geheugenlimiet overschreden\n"
+
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(dit is het RC2-algoritme)\n"
+
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(dit lijkt geen versleuteld bericht te zijn)\n"
+
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "certificaat `%s' niet gevonden: %s\n"
+
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "fout bij het vergrendelen van het sleutelkistje: %s\n"
+
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "duplicaat van het certificaat `%s' werd verwijderd\n"
+
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certificaat `%s' werd verwijderd\n"
+
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "verwijderen van certificaat \"%s\" is mislukt: %s\n"
+
+msgid "no valid recipients given\n"
+msgstr "geen geldige ontvangers opgegeven)\n"
+
+msgid "list external keys"
+msgstr "toon externe sleutels"
+
+msgid "list certificate chain"
+msgstr "toon de certificaatketting"
+
+msgid "import certificates"
+msgstr "importeer certificaten"
+
+msgid "export certificates"
+msgstr "exporteer certificaten"
+
+msgid "register a smartcard"
+msgstr "registreer een chipkaart"
+
+msgid "pass a command to the dirmngr"
+msgstr "geef een opdracht door aan de dirmngr"
+
+msgid "invoke gpg-protect-tool"
+msgstr "Activeer gpg-protect-tool"
+
+msgid "create base-64 encoded output"
+msgstr "creëer uitvoer in base-64-formaat"
+
+msgid "assume input is in PEM format"
+msgstr "ga er van uit dat de invoer in PEM-formaat is"
+
+msgid "assume input is in base-64 format"
+msgstr "ga er van uit dat de invoer in base-64-formaat is"
+
+msgid "assume input is in binary format"
+msgstr "ga er van uit dat de invoer in binair formaat is"
+
+msgid "use system's dirmngr if available"
+msgstr "gebruik de dirmngr van het systeem als die beschikbaar is"
+
+msgid "never consult a CRL"
+msgstr "raadpleeg nooit een CRL (lijst van ingetrokken certificaten)"
+
+msgid "check validity using OCSP"
+msgstr "controleer geldigheid met OCSP"
+
+msgid "|N|number of certificates to include"
+msgstr "|N|aantal toe te voegen certificaten"
+
+msgid "|FILE|take policy information from FILE"
+msgstr "|BESTAND|haal richtlijninformatie uit BESTAND"
+
+msgid "do not check certificate policies"
+msgstr "kijk de certificaatrichtlijnen niet na"
+
+msgid "fetch missing issuer certificates"
+msgstr "haal ontbrekende uitgeverscertificaten op"
+
+msgid "don't use the terminal at all"
+msgstr "maak helemaal geen gebruik van de terminal"
+
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|BESTAND|houd een logboek bij in server-modus in BESTAND"
+
+msgid "|FILE|write an audit log to FILE"
+msgstr "|BESTAND|houd een auditlogboek bij in BESTAND"
+
+msgid "batch mode: never ask"
+msgstr "automatische modus: stel nooit vragen"
+
+msgid "assume yes on most questions"
+msgstr "ga uit van een ja-antwoord op de meeste vragen"
+
+msgid "assume no on most questions"
+msgstr "ga uit van een nee-antwoord op de meeste vragen"
+
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|BESTAND|voeg de sleutelring toe aan de lijst van sleutelringen"
+
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|GEBRUIKERS-ID|gebruik GEBRUIKERS-ID als de standaard geheime sleutel"
+
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|gebruik deze sleutelserver om sleutels op te zoeken"
+
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAAM|gebruik versleutelingsalgoritme NAAM"
+
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NAAM|gebruik hashalgoritme NAAM"
+
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Gebruik: gpgsm [opties] [bestanden] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"Sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"Default operation depends on the input data\n"
+msgstr ""
+"Syntaxis: gpgsm [opties] [bestanden]\n"
+"Onderteken, controleer, versleutel of ontcijfer met het S/MIME-protocol\n"
+"Standaardactie is afhankelijk van de ingevoerde gegevens\n"
+
+msgid "usage: gpgsm [options] "
+msgstr "gebruik: gpgsm [opties] "
+
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "NOOT: zal niet in staat zijn om te versleutelen naar `%s': %s\n"
+
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "onbekend valideringsmodel `%s'\n"
+
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: geen computernaam opgegeven\n"
+
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: wachtwoord zonder gebruiker gegeven\n"
+
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: deze regel wordt overgeslagen\n"
+
+msgid "could not parse keyserver\n"
+msgstr "kon de sleutelserver niet ontleden\n"
+
+msgid "WARNING: running with faked system time: "
+msgstr "WAARSCHUWING: wordt uitgevoerd met de gesimuleerde systeemtijd: "
+
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "bezig met importeren van gemeenschappelijke certificaten `%s'\n"
+
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "kan niet ondertekenen met `%s': %s\n"
+
+msgid "invalid command (there is no implicit command)\n"
+msgstr "ongeldig commando (er is geen impliciet commando)\n"
+
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "totaal aantal verwerkt: %lu\n"
+
+msgid "error storing certificate\n"
+msgstr "fout bij het opslaan van het certificaat\n"
+
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+"basale controle van het certificaat mislukte - wordt niet geïmporteerd\n"
+
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "fout bij het inlezen van de opgeslagen opties: %s\n"
+
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "fout bij het importeren van het certificaat: %s\n"
+
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "fout bij het lezen van invoer: %s\n"
+
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "fout bij het aanmaken van sleuteldoosje `%s': %s\n"
+
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "sleuteldoosje `%s' is aangemaakt\n"
+
+msgid "failed to get the fingerprint\n"
+msgstr "opvragen van de vingerafdruk is mislukt: %s\n"
+
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "probleem bij het opzoeken van een bestaand certificaat: %s\n"
+
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr ""
+"fout bij het zoeken naar een sleuteldatabase waarin kan geschreven worden: "
+"%s\n"
+
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "fout bij het opslaan van het certificaat: %s\n"
+
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "probleem bij het opnieuw opzoeken van het certificaat: %s\n"
+
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "fout bij het opslaan van de opties: %s\n"
+
+msgid "Error - "
+msgstr "Fout - "
+
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+"GPG_TTY werd niet ingesteld - de standaard, die misschien gebrekkig zal "
+"functioneren, wordt gebruik\n"
+
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "ongeldig opgemaakte vingerafdruk in `%s', regel %d\n"
+
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "ongeldige landcode in `%s', regel %d\n"
+
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"U staat op het punt om een handtekening aan te maken met uw certificaat:\n"
+"\"%s\"\n"
+"Dit zal een bevoegde handtekening aanmaken die volgens de wet evenwaardig is "
+"aan een met de hand geplaatste handtekening.\n"
+"\n"
+"%s%sBent u er echt zeker van dat u dit wilt doen?"
+
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Noteer dat deze programmatuur niet officieel goedgekeurd is om dergelijke "
+"handtekeningen aan te maken of te verifiëren.\n"
+
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"U staat op het punt om een handtekening aan te maken met uw certificaat:\n"
+"\"%s\"\n"
+"Noteer dat dit certificaat GEEN bevoegde handtekening zal aanmaken!"
+
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr ""
+"hashalgoritme %d (%s) voor ondertekenaar %d wordt niet ondersteund; %s wordt "
+"gebruikt\n"
+
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+"er wordt gebruik gemaakt van het hashalgoritme voor ondertekenaar %d: %s "
+"(%s)\n"
+
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "nagaan of het een bevoegd certificaat betreft, is mislukt: %s\n"
+
+msgid "Signature made "
+msgstr "Handtekening geplaatst"
+
+msgid "[date not given]"
+msgstr "[datum niet vermeld]"
+
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " er wordt gebruik gemaakt van certificaat ID 0x%08lX\n"
+
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+"ongeldige ondertekening: het hashattribuut van het bericht komt niet overeen "
+"met het berekende\n"
+
+msgid "Good signature from"
+msgstr "Goede handtekening van"
+
+msgid " aka"
+msgstr " ook bekend als"
+
+msgid "This is a qualified signature\n"
+msgstr "Dit is een bevoegde ondertekening\n"
+
+msgid "quiet"
+msgstr "stil"
+
+msgid "print data out hex encoded"
+msgstr "toon de gecodeerde gegevens in hexadecimaal formaat"
+
+msgid "decode received data lines"
+msgstr "ontcijfer de ontvangen dataregels"
+
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|NAAM|maak verbinding met Assuan-socket NAAM"
+
+msgid "run the Assuan server given on the command line"
+msgstr "start de Assuan-server die aan de commandolijn ingevoerd werd"
+
+msgid "do not use extended connect mode"
+msgstr "maak geen gebruik van de uitvoerige verbindingsmodus"
+
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|BESTAND|voer bij het opstarten de opdrachten uit BESTAND uit"
+
+msgid "run /subst on startup"
+msgstr "voer bij het opstarten /subst uit"
+
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Gebruik: gpg-connect-agent [opties] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"Syntaxis: gpg-connect-agent [opties]\n"
+"Maak een verbinding met een actieve agent en stuur opdrachten\n"
+
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "optie \"%s\" vereist een programma en optionele argumenten\n"
+
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "optie \"%s\" genegeerd omwille van \"%s\"\n"
+
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "ontvangen van regel is mislukt: %s\n"
+
+msgid "line too long - skipped\n"
+msgstr "regel is te lang - overgeslagen\n"
+
+msgid "line shortened due to embedded Nul character\n"
+msgstr "regel werd ingekort wegens een ingebed NULL-teken\n"
+
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "onbekende opdracht `%s'\n"
+
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "regel versturen is mislukt: %s\n"
+
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "fout bij het versturen van opdracht %s: %s\n"
+
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "fout bij het versturen van standaardopties: %s\n"
+
+msgid "Options controlling the diagnostic output"
+msgstr "Opties die de diagnostische uitvoer sturen"
+
+msgid "Options controlling the configuration"
+msgstr "Opties die de configuratie-instellingen sturen"
+
+msgid "Options useful for debugging"
+msgstr "Nuttige opties voor foutenanalyse (debugging)"
+
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|BESTAND|schrijf logboekgegevens in server-modus naar BESTAND"
+
+msgid "Options controlling the security"
+msgstr "Opties die de beveiliging sturen"
+
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|laat SSH-sleutels na N seconden verlopen"
+
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+"|N|stel de maximale levensduur van de cache van de pincode in op N seconden"
+
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|stel de maximale levensduur van een SSH-sleutel in op N seconden"
+
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+"Opties voor het toepassen van richtlijnen in verband met wachtwoordzinnen"
+
+msgid "do not allow bypassing the passphrase policy"
+msgstr "sta niet toe om de richtlijnen inzake wachtwoordzinnen te omzeilen"
+
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|stel de minimale lengte voor nieuwe wachtwoordzinnen in op N"
+
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+"|N|stel als vereiste dat een nieuwe wachtwoordzin minstens N niet-alfa "
+"tekens moet bevatten"
+
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|BESTAND|toets nieuwe wachtwoordzinnen af aan het patroon in BESTAND"
+
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|laat de wachtwoordzin na N dagen vervallen"
+
+msgid "do not allow the reuse of old passphrases"
+msgstr "laat het opnieuw gebruiken van oude wachtwoordzinnen niet toe"
+
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAAM|gebruik NAAM als standaard geheime sleutel"
+
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAAM|versleutel ook naar gebruikers-ID NAAM"
+
+msgid "|SPEC|set up email aliases"
+msgstr "|SPEC|stel e-mail aliassen in"
+
+msgid "Configuration for Keyservers"
+msgstr "Instellingen voor Sleutelservers"
+
+msgid "|URL|use keyserver at URL"
+msgstr "|URL|gebruik de sleutelserver op URL"
+
+msgid "allow PKA lookups (DNS requests)"
+msgstr "sta PKA-opzoekingen toe (DNS-verzoeken)"
+
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+"|MECHANISME|gebruik MECHANISME om sleutels via e-mailadressen te localiseren"
+
+msgid "disable all access to the dirmngr"
+msgstr "deactiveer alle toegang tot de dirmngr"
+
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr ""
+"|NAAM|gebruik codering NAAM voor wachtwoordzinnen van het formaat PKCS#12"
+
+msgid "do not check CRLs for root certificates"
+msgstr ""
+"voer voor stamcertificaten geen controle uit bij de lijst van ingetrokken "
+"certificaten"
+
+msgid "Options controlling the format of the output"
+msgstr "Opties om het formaat van de uitvoer te sturen"
+
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Opties die een invloed hebben op de interactiviteit en de uitvoering"
+
+msgid "Configuration for HTTP servers"
+msgstr "Configuratie van de HTTP-servers"
+
+msgid "use system's HTTP proxy setting"
+msgstr "gebruik de instellingen van het systeem met betrekking tot HTTP proxy"
+
+msgid "Configuration of LDAP servers to use"
+msgstr "Te gebruiken configuratie voor de LDAP-servers"
+
+msgid "LDAP server list"
+msgstr "Lijst van LDAP-servers"
+
+msgid "Configuration for OCSP"
+msgstr "Configuratie van OCSP"
+
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "Externe verificatie van component %s is mislukt"
+
+msgid "Note that group specifications are ignored\n"
+msgstr "Noteer dat groepsspecificaties genegeerd worden\n"
+
+msgid "list all components"
+msgstr "toon alle componenten"
+
+msgid "check all programs"
+msgstr "controleer alle programma's"
+
+msgid "|COMPONENT|list options"
+msgstr "|COMPONENT|toon opties"
+
+msgid "|COMPONENT|change options"
+msgstr "|COMPONENT|wijzig opties"
+
+msgid "|COMPONENT|check options"
+msgstr "|COMPONENT|controleer opties"
+
+msgid "apply global default values"
+msgstr "pas de globale standaardwaarden toe"
+
+msgid "get the configuration directories for gpgconf"
+msgstr "haal de mappen op met de configuratie-instellingen van gpgconf"
+
+msgid "list global configuration file"
+msgstr "toon het bestand met de globale configuratie-instellingen"
+
+msgid "check global configuration file"
+msgstr "controleer het bestand met de globale configuratie-instellingen"
+
+msgid "use as output file"
+msgstr "gebruik als uitvoerbestand"
+
+msgid "activate changes at runtime, if possible"
+msgstr ""
+"pas indien mogelijk wijzigingen nog toe tijdens de uitvoering van het "
+"programma"
+
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Gebruik: gpgconf [opties] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"Syntaxis: gpgconf [opties]\n"
+"Beheer de configuratieopties van de instrumenten van het GnuPG-systeem\n"
+
+msgid "usage: gpgconf [options] "
+msgstr "gebruik: gpgconf [opties] "
+
+msgid "Need one component argument"
+msgstr "Een component als argument is vereist"
+
+msgid "Component not found"
+msgstr "Component niet gevonden"
+
+msgid "No argument allowed"
+msgstr "Een argument is niet toegelaten"
+
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Commando's:\n"
+" "
+
+msgid "decryption modus"
+msgstr "ontcijferingsmodus"
+
+msgid "encryption modus"
+msgstr "encryptiemodus"
+
+msgid "tool class (confucius)"
+msgstr "klasse van instrumenten (confucius)"
+
+msgid "program filename"
+msgstr "bestandsnaam van het programma"
+
+msgid "secret key file (required)"
+msgstr "geheime-sleutelbestand (verplicht)"
+
+msgid "input file name (default stdin)"
+msgstr "bestandsnaam voor de invoer (standaard is stdin)"
+
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Gebruik: symcryptrun [opties] (-h voor hulp)"
+
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"Syntaxis: symcryptrun --class KLASSE --program PROGRAMMA --keyfile "
+"SLEUTELBESTAND [opties...] COMMANDO [invoerbestand]\n"
+"Uitvoeren van een eenvoudig hulpmiddel voor symmetrische versleuteling\n"
+
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s op %s afgebroken met status %i\n"
+
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s op %s mislukte met status %i\n"
+
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "kan tijdelijke map `%s' niet maken: %s\n"
+
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "kon %s niet openen om er naar te schrijven: %s\n"
+
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "fout bij het schrijven naar %s: %s\n"
+
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "fout bij het lezen uit %s: %s\n"
+
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "fout bij het sluiten van %s: %s\n"
+
+msgid "no --program option provided\n"
+msgstr "geen optie --program meegegeven\n"
+
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "enkel --decrypt en --encrypt worden ondersteund\n"
+
+msgid "no --keyfile option provided\n"
+msgstr "geen optie --keyfile meegegeven\n"
+
+msgid "cannot allocate args vector\n"
+msgstr "kan de parametervector niet reserveren\n"
+
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "kon pijp niet aanmaken: %s\n"
+
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "kon pty niet aanmaken: %s\n"
+
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "kon geen nieuw programma (fork) starten: %s\n"
+
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "execv is mislukt: %s\n"
+
+#, c-format
+msgid "select failed: %s\n"
+msgstr "selecteren is mislukt: %s\n"
+
+#, c-format
+msgid "read failed: %s\n"
+msgstr "lezen is mislukt: %s\n"
+
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "lezen van pty is mislukt: %s\n"
+
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "waitpid is mislukt: %s\n"
+
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "kindproces werd afgebroken met status %i\n"
+
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "kan de tekenreeks infile niet reserveren: %s\n"
+
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "kan de tekenreeks outfile niet reserveren: %s\n"
+
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "ofwel %s of %s moet opgegeven worden\n"
+
+msgid "no class provided\n"
+msgstr "geen klasse opgegeven\n"
+
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "klasse %s wordt niet ondersteund\n"
+
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Gebruik: gpg-check-pattern [opties] patroonbestand (-h voor hulp)\n"
+
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"Syntaxis: gpg-check-pattern [opties] patroonbestand\n"
+"Toets een wachtwoordzin die op stdin ingevoerd werd, aan een patroonbestand\n"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "kan geen priemgetal genereren met pbits=%u qbits=%u\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "kan geen priemgetal genereren van minder dan %d bits\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "geen module gevonden om entropie te verzamelen\n"
+
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "kan `%s' niet vergrendelen: %s\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "kan status van `%s' niet vaststellen: %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' is geen gewoon bestand - wordt genegeerd\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "noot: bestand random_seed is leeg\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr ""
+#~ "WAARSCHUWING: ongeldige grootte van het bestand random_seed - wordt niet "
+#~ "gebruikt\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "kan `%s' niet lezen: %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "noot: bestand random_seed wordt niet bijgewerkt\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "kan `%s' niet wegschrijven: %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "kan `%s' niet afsluiten: %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr ""
+#~ "WAARSCHUWING: er wordt een onveilige generator van willekeurige getallen "
+#~ "gebruikt!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "De generator van willekeurige getallen is alleen maar een zootje "
+#~ "ongeregeld\n"
+#~ "om iets te hebben dat werkt - het is niet echt een sterk programma!\n"
+#~ "\n"
+#~ "GEBRUIK DE DOOR DIT PROGRAMMA GEGENEREERDE GEGEVENS NIET!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Ogenblik geduld, entropie wordt verzameld. Werk intussen wat.\n"
+#~ "Het zal er niet enkel voor zorgen dat u zich niet gaat vervelen, het\n"
+#~ "zal tegelijk de kwaliteit van de entropie verbeteren.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Er zijn niet genoeg willekeurige bytes beschikbaar. Doe wat ander werk om "
+#~ "het OS\n"
+#~ "de gelegenheid te geven meer entropie te verzamelen! (heb nog %d bytes "
+#~ "nodig)\n"
+
+#~ msgid "card reader not available\n"
+#~ msgstr "kaartlezer is niet beschikbaar\n"
+
+#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
+#~ msgstr "Plaats de kaart en druk op enter of op 'c' om te cancelen: "
+
+#~ msgid "Hit return when ready or enter 'c' to cancel: "
+#~ msgstr "Druk op enter als u klaar bent of op 'c' om te cancelen: "
+
+#~ msgid "Enter New Admin PIN: "
+#~ msgstr "Voer de nieuwe pincode voor de beheerder in: "
+
+#~ msgid "Enter New PIN: "
+#~ msgstr "Voer nieuwe pincode in: "
+
+#~ msgid "Enter Admin PIN: "
+#~ msgstr "Voer de pincode voor de beheerder in: "
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "berichten aanmaken die compatibel zijn met PGP 2.x"
+
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "NOOT: %s is niet beschikbaar in deze versie\n"
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [gebruikers-id] [sleutelring]"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Het is aan u om hier een waarde toe te kennen; deze waarde zal nooit naar "
+#~ "een\n"
+#~ "derde partij geëxporteerd worden. We hebben ze nodig om het netwerk-van-"
+#~ "vertrouwen\n"
+#~ "(web-of-trust) te implementeren. Dit heeft niets te maken met het "
+#~ "(impliciet\n"
+#~ "aangemaakte) netwerk-van-certificaten (web-of-certificates)."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Om het netwerk-van-vertrouwen op te bouwen, moet GnuPG weten welke "
+#~ "sleutels\n"
+#~ "volledig vertrouwd worden. Dit zijn gewoonlijk de sleutels waarvoor u ook "
+#~ "toegang\n"
+#~ "tot de geheime sleutel heeft. Antwoord \"yes\" om deze sleutel in te\n"
+#~ "stellen als volledig te vertrouwen.\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Als u deze niet-vertrouwde sleutel toch wilt gebruiken, antwoord dan \"yes"
+#~ "\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "Voer het gebruikers-ID in van de ontvanger van dit bericht."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "Selecteer het te gebruiken algoritme.\n"
+#~ "\n"
+#~ "DSA (ook bekend als DSS) is het algoritme voor digitale handtekeningen\n"
+#~ "(Digital Signature Algorithm) dat enkel voor ondertekeningen kan gebruikt "
+#~ "worden.\n"
+#~ "\n"
+#~ "Elgamal is een algoritme enkel bedoeld voor versleuteling.\n"
+#~ "\n"
+#~ "RSA kan gebruikt worden voor ondertekeningen en versleuteling.\n"
+#~ "\n"
+#~ "De eerste (primaire) sleutel moet altijd een sleutel zijn waarmee "
+#~ "ondertekend\n"
+#~ "kan worden."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "In het algemeen is het geen goed idee om dezelfde sleutel te gebruiken "
+#~ "om\n"
+#~ "te ondertekenen en te versleutelen. Dit algoritme zou enkel in bepaalde "
+#~ "domeinen\n"
+#~ "gebruikt mogen worden. Vraag eerst een beveiligingsspecialist om advies."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Voer de lengte van de sleutel in"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Antwoord \"yes\" (Ja) of \"no\" (nee)"
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Geef de vereiste waarde op, zoals getoond in de vraag.\n"
+#~ "Het is mogelijk om een datum in ISO-formaat (JJJJ-MM-DD) in te voeren, "
+#~ "maar u\n"
+#~ "zult geen passende foutmelding krijgen - het systeem zal daarentegen "
+#~ "proberen\n"
+#~ "om de ingevoerde waarde te interpreteren als een interval."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Geef de naam van de sleutelhouder"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr ""
+#~ "geef alstublieft een e-mailadres, dit is niet verplicht maar wel sterk "
+#~ "aangeraden"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Geef eventueel een toelichting. Dit is facultatief"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to quit the key generation."
+#~ msgstr ""
+#~ "N om de de naam te veranderen.\n"
+#~ "C om de toelichting te veranderen.\n"
+#~ "E om het e-mailadres te veranderen.\n"
+#~ "O om door te gaan met het aanmaken van de sleutel.\n"
+#~ "Q om het aanmaken van de sleutel af te breken."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr ""
+#~ "Antwoord \"yes\" (of alleen \"y\") als het oké is om de subsleutel te "
+#~ "maken."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Als U een gebruikers-ID koppelt aan een sleutel, moet U eerst nagaan of "
+#~ "de\n"
+#~ "sleutel echt van de persoon is die in het gebruikers-ID genoemd wordt.\n"
+#~ "Voor anderen is het van belang te weten dat U dit grondig gecontroleerd "
+#~ "heeft.\n"
+#~ "\n"
+#~ "\"0\" betekent dat U zich niet uitspreekt over hoe grondig U deze "
+#~ "sleutel\n"
+#~ " heeft gecontroleerd\n"
+#~ "\n"
+#~ "\"1\" betekent dat U gelooft dat de sleutel eigendom is van de persoon "
+#~ "die beweert\n"
+#~ " er eigenaar van te zijn, maar dat u de sleutel niet controleerde of "
+#~ "dit\n"
+#~ " niet kon doen. Dit is zinvol in geval van een \"persona\"-verificatie "
+#~ "bij\n"
+#~ " het ondertekenen van de sleutel van het pseudoniem van een "
+#~ "gebruiker.\n"
+#~ "\n"
+#~ "\"2\" betekent dat U de sleutel vluchtig gecontroleerd heeft. Dit kan "
+#~ "bijvoorbeeld\n"
+#~ " betekenen dat u de vingerafdruk van de sleutel gecontroleerd heeft en "
+#~ "de\n"
+#~ " gebruikers-ID getoetst heeft aan een identiteitsfoto.\n"
+#~ "\n"
+#~ "\"3\" betekent dat u de sleutel uitvoerig heeft gecontroleerd. Dit kan "
+#~ "bijvoorbeeld\n"
+#~ " betekenen dat U de vingerafdruk van de sleutel persoonlijk "
+#~ "gecontroleerd\n"
+#~ " heeft bij de eigenaar van de sleutel, en dat u gecontroleerd heeft "
+#~ "aan de hand\n"
+#~ " van een foto op een moeilijk te vervalsen document (zoals een "
+#~ "paspoort)\n"
+#~ " dat de naam van de eigenaar van de sleutel overeenkomt met de naam in "
+#~ "de\n"
+#~ " gebruikers-ID op de sleutel, en dat u tenslotte gecontroleerd heeft "
+#~ "(via het\n"
+#~ " uitwisselen van e-mail) dat het e-mailadres op de sleutel effectief "
+#~ "van\n"
+#~ " de eigenaar van de sleutel is.\n"
+#~ "\n"
+#~ "Noteer dat de gegeven voorbeelden voor de niveaus 2 en 3 *slechts* "
+#~ "voorbeelden\n"
+#~ "zijn. Uiteindelijk moet U zelf uitmaken wat voor u de betekenis is van "
+#~ "\"vluchtig\"\n"
+#~ "en \"uitvoerig\" bij het ondertekenen van sleutels van anderen.\n"
+#~ "\n"
+#~ "Indien u twijfelt over wat het correcte antwoord is, antwoord dan \"0\"."
+
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Antwoord \"yes\" als U ALLE gebruikers-ID's wilt tekenen."
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Antwoord \"yes\" als u werkelijk deze gebruikers-ID wilt wissen.\n"
+#~ "Alle bijbehorende certificaten worden ook gewist!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Antwoord \"yes\" als het oké is om de subsleutel te wissen"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Dit is een geldige ondertekening van de sleutel; normaal gezien wilt U "
+#~ "deze\n"
+#~ "ondertekening niet wissen. omdat ze belangrijk kan zijn voor het opzetten "
+#~ "van een\n"
+#~ "betrouwbare relatie met behulp van deze sleutel of met een andere sleutel "
+#~ "die met\n"
+#~ "deze sleutel gecertificeerd werd."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Deze ondertekening kan niet worden gecontroleerd omdat u de bijbehorende\n"
+#~ "sleutel niet heeft. U wordt aangeraden om het verwijderen ervan uit te "
+#~ "stellen\n"
+#~ "totdat u weet welke sleutel gebruikt geweest is, omdat deze "
+#~ "ondertekenende\n"
+#~ "sleutel misschien een betrouwbare relatie tot stand brengt via\n"
+#~ "een andere reeds gecertificeerde sleutel."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "De ondertekening is niet geldig. Het is een goed idee om ze van uw "
+#~ "sleutelring\n"
+#~ "af te halen."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Dit is een ondertekening die de gebruikers-ID aan de sleutel koppelt. "
+#~ "Het\n"
+#~ "is meestal niet goed om een dergelijke handtekening te verwijderen. "
+#~ "Waarschijnlijk\n"
+#~ "zal GnuPG deze sleutel dan niet meer kunnen gebruiken. Doe dit dus alleen "
+#~ "als deze\n"
+#~ "zelf geplaatste handtekening om een of andere reden niet geldig is en er\n"
+#~ "een andere beschikbaar is."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Vervang de voorkeuren van alle (of alleen de gekozen) gebruikers-ID's\n"
+#~ "door de huidige lijst van voorkeuren. De tijdsindicatie van alle "
+#~ "betrokken\n"
+#~ "zelf geplaatste handtekeningen zal met een seconde worden verhoogd.\n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Herhaal de laatste wachtwoordzin, om zeker te zijn dat u die juist "
+#~ "intypte."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr ""
+#~ "Geef de naam van het bestand waarop deze handtekening van toepassing is"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Antwoord \"yes\" als het oké is om bestand te overschrijven"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Geef alstublieft een nieuwe bestandsnaam. Als U gewoon op Enter drukt zal "
+#~ "het\n"
+#~ "standaardbestand (u ziet zijn naam tussen de blokhaken) gebruikt worden."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Geef hier een reden voor de certificering. Afhankelijk van de context "
+#~ "kunt U\n"
+#~ "een omschrijving kiezen uit deze lijst:\n"
+#~ " \"Sleutel is gecompromitteerd\"\n"
+#~ " Gebruik dit indien u redenen heeft om aan te nemen dat onbevoegde\n"
+#~ " personen uw geheime sleutel in handen gekregen hebben.\n"
+#~ " \"Sleutel is vervangen\"\n"
+#~ " Gebruik dit als u deze sleutel door een nieuwe vervangen heeft.\n"
+#~ " \"Sleutel wordt niet langer gebruikt\"\n"
+#~ " Gebruik dit indien u deze sleutel ingetrokken heeft.\n"
+#~ " \"Gebruikers-ID is niet langer geldig\"\n"
+#~ " Gebruik dit om te stellen dat deze gebruikers-ID niet langer "
+#~ "gebruikt\n"
+#~ " zou moeten worden. Gewoonlijk gebruikt men dit om een e-mailadres "
+#~ "als\n"
+#~ " niet langer geldig te markeren.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Als U wilt kunt U een tekst intypen met uitleg waarom u dit\n"
+#~ "certificaat van intrekking maakt. Hou deze tekst beknopt.\n"
+#~ "Beëindig de tekst met een lege regel.\n"
+
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr " algoritmes bij deze gebruikers-ID's:\n"
+
+#~ msgid "NOTE: This feature is not available in %s\n"
+#~ msgstr "NOOT: Deze functionaliteit is niet beschikbaar in %s\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Herhaal wachtwoordzin\n"
+
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "kan geen wachtwoordzin vragen in automatische modus\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Voer wachtwoordzin in: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Herhaal wachtwoordzin: "
+
+#~ msgid "no photo viewer set\n"
+#~ msgstr "geen programma ingesteld om de foto te bekijken\n"
+
+#~ msgid "general error"
+#~ msgstr "algemene fout"
+
+#~ msgid "unknown packet type"
+#~ msgstr "onbekend pakkettype"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "onbekend algoritme van de publieke sleutel"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "onbekend hashalgoritme"
+
+#~ msgid "bad public key"
+#~ msgstr "slechte publieke sleutel"
+
+#~ msgid "bad secret key"
+#~ msgstr "slechte geheime sleutel"
+
+#~ msgid "bad signature"
+#~ msgstr "slechte handtekening"
+
+#~ msgid "checksum error"
+#~ msgstr "fout in de controlesom"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "kan de sleutelring niet openen"
+
+#~ msgid "invalid packet"
+#~ msgstr "ongeldig pakket"
+
+#~ msgid "no such user id"
+#~ msgstr "een dergelijk gebruikers-id bestaat niet"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "er werd een verkeerde geheime sleutel gebruikt"
+
+#~ msgid "bad key"
+#~ msgstr "slechte sleutel"
+
+#~ msgid "file write error"
+#~ msgstr "fout bij het wegschrijven naar het bestand"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "onbekend compressiealgoritme"
+
+#~ msgid "file open error"
+#~ msgstr "fout bij het openen van het bestand"
+
+#~ msgid "file create error"
+#~ msgstr "fout bij het aanmaken van het bestand"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "niet geïmplementeerd algoritme voor de publieke sleutel"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "niet geïmplementeerd versleutelingsalgoritme"
+
+#~ msgid "unknown signature class"
+#~ msgstr "onbekende handtekeningenklasse"
+
+#~ msgid "trust database error"
+#~ msgstr "fout in de betrouwbaarheidsdatabank (trustdb)"
+
+#~ msgid "bad MPI"
+#~ msgstr "slecht MPI (geheel getal van multipele precisie)"
+
+#~ msgid "resource limit"
+#~ msgstr "bronlimiet"
+
+#~ msgid "invalid keyring"
+#~ msgstr "ongeldige sleutelring"
+
+#~ msgid "malformed user id"
+#~ msgstr "ongeldige gebruikers-id"
+
+#~ msgid "file close error"
+#~ msgstr "fout bij het sluiten van het bestand"
+
+#~ msgid "file rename error"
+#~ msgstr "fout bij het hernoemen van het bestand"
+
+#~ msgid "file delete error"
+#~ msgstr "fout bij het verwijderen van het bestand"
+
+#~ msgid "unexpected data"
+#~ msgstr "onverwachte gegevens"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "dateringsconflict"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "onbruikbaar algoritme van de publieke sleutel"
+
+#~ msgid "file exists"
+#~ msgstr "bestand bestaat"
+
+#~ msgid "weak key"
+#~ msgstr "zwakke sleutel"
+
+#~ msgid "bad URI"
+#~ msgstr "slechte URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "niet ondersteunde URI"
+
+#~ msgid "network error"
+#~ msgstr "netwerkfout"
+
+#~ msgid "not processed"
+#~ msgstr "niet verwerkt"
+
+#~ msgid "unusable public key"
+#~ msgstr "onbruikbare publieke sleutel"
+
+#~ msgid "unusable secret key"
+#~ msgstr "onbruikbare geheime sleutel"
+
+#~ msgid "keyserver error"
+#~ msgstr "fout van de sleutelserver"
+
+#~ msgid "no card"
+#~ msgstr "geen kaart"
+
+#~ msgid "no data"
+#~ msgstr "geen gegevens"
+
+#~ msgid "ERROR: "
+#~ msgstr "FOUT: "
+
+#~ msgid "WARNING: "
+#~ msgstr "WAARSCHUWING: "
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... dit is een bug (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "WAARSCHUWING: er wordt onveilig geheugen gebruikt!\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/documentation/faqs.html for more "
+#~ "information\n"
+#~ msgstr ""
+#~ "zie http://www.gnupg.org/documentation/faqs.html voor meer informatie\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "bewerking is niet mogelijk zonder geïnitialiseerd veilig geheugen\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr ""
+#~ "(misschien heeft u voor deze taak het verkeerde programma gebruikt)\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "versleutelalgoritme uitbreiding ‘%s’ is niet geladen door onveilige\n"
+#~ "instellingen\n"
+
+#~ msgid "Command> "
+#~ msgstr "Commando> "
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA sleutelpaar krijgt %u bits.\n"
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "the trustdb is corrupted; please run “gpg --fix-trustdb”.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "can't put notation data into v3 (PGP 2.x style) signatures\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
# Gnu Privacy Guard.
-# Copyright (C) 1998, 1999, 2000, 2001, 2002,
+# Copyright (C) 1998, 1999, 2000, 2001, 2002,
# 2007 Free Software Foundation, Inc.
# Janusz A. Urbanowicz <alex@bofh.net.pl>, 1999, 2000, 2001, 2002, 2003-2004
# Jakub Bogusz <qboosh@pld-linux.org>, 2003-2013.
msgstr ""
"Project-Id-Version: gnupg-2.0.20\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2013-05-12 17:25+0200\n"
+"PO-Revision-Date: 2017-02-22 16:03+0100\n"
"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
"Language: pl\n"
msgid "no suitable card key found: %s\n"
msgstr "nie znaleziono pasującego klucza karty: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "błąd pobierania zapisanych flag: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[brak]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "niewłaściwy znak formatu radix64 %02x został pominięty\n"
+
msgid "argument not expected"
msgstr "nieoczekiwany argument"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Wpisz tutaj swoją wiadomość ...\n"
"Zmienić (I)mię/nazwisko, (K)omentarz, adres (E)mail, przejść (D)alej,\n"
"czy (W)yjść z programu? "
-#, fuzzy
-#| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
msgid "Change (N)ame, (E)mail, or (Q)uit? "
-msgstr "Zmienić (I)mię/nazwisko, (K)omentarz, adres (E)mail, czy (W)yjść? "
+msgstr "Zmienić (I)mię/nazwisko, adres (E)mail, czy (W)yjść? "
-#, fuzzy
-#| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
msgstr ""
-"Zmienić (I)mię/nazwisko, (K)omentarz, adres (E)mail, przejść (D)alej,\n"
+"Zmienić (I)mię/nazwisko, adres (E)mail, przejść (D)alej,\n"
"czy (W)yjść z programu? "
msgid "Please correct the error first\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "błąd wysyłania polecenia %s: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "nie powiódł się zapis daty utworzenia: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "błąd podczas odczytu stanu CHV z karty\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "odpowiedź nie zawiera współczynnika RSA\n"
msgid "reading public key failed: %s\n"
msgstr "odczyt klucza publicznego nie powiódł się: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "użycie domyślnego PIN-u jako %s\n"
"nie udało się użyć domyślnego PIN-u jako %s: %s - wyłączenie dalszego "
"domyślnego użycia\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Proszę wpisać PIN%%0A[podpisów wykonanych: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Proszę wpisać PIN"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "weryfikacja CHV%d nie powiodła się: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "błąd podczas odczytu stanu CHV z karty\n"
-
msgid "card is permanently locked!\n"
msgstr "karta została trwale zablokowana!\n"
"Zostało %d prób PIN-u administracyjnego do trwałego zablokowania karty\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Proszę wprowadzić PIN administracyjny%%0A[pozostało prób: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Proszę wprowadzić PIN administracyjny"
msgid "access to admin commands is not configured\n"
msgstr "dostęp do poleceń administratora nie został skonfigurowany\n"
+msgid "||Please enter the PIN"
+msgstr "||Proszę wpisać PIN"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Proszę wprowadzić kod resetujący dla karty"
msgid "handler for fd %d terminated\n"
msgstr "obsługa fd %d zakończona\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "niewłaściwy znak formatu radix64 %02x został pominięty\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
msgid " runtime cached certificates: %u\n"
msgstr "liczba pasujących certyfikatów: %d\n"
+#, fuzzy, c-format
+#| msgid "number of matching certificates: %d\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "liczba pasujących certyfikatów: %d\n"
+
#, fuzzy
#| msgid " (certificate created at "
msgid "certificate already cached\n"
msgid "certificate chain is good\n"
msgstr "certyfikat jest dobry\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr ""
-
#, fuzzy
#| msgid "certificate should not have been used for signing\n"
msgid "certificate should not have been used for CRL signing\n"
"Składnia: gpg-check-pattern [opcje] plik-wzorców\n"
"Sprawdzanie hasła ze standardowego wejścia względem pliku wzorców\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Proszę wpisać PIN%%0A[podpisów wykonanych: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Proszę wprowadzić PIN administracyjny%%0A[pozostało prób: %d]"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [plik]"
msgid "no suitable card key found: %s\n"
msgstr "nenhum porta-chaves secreto com permissões de escrita encontrado: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "versão desconhecida"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caracter radix64 inválido %02x ignorado\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "a escrever chave privada para `%s'\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Digite a sua mensagem ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "erro ao enviar para `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "falha ao criar 'cache' do porta-chaves: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "remoção do bloco de chave falhou: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "muda a frase secreta"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "A geração de chaves falhou: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "muda a frase secreta"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "muda a frase secreta"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "muda a frase secreta"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "motivo da revocação: "
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "caracter radix64 inválido %02x ignorado\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "o gpg-agent não está disponível nesta sessão\n"
msgid " runtime cached certificates: %u\n"
msgstr "erro na criação da frase secreta: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
msgid "certificate chain is good\n"
msgstr "preferência %c%lu duplicada\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA necessita de utilização de uma algoritmo de dispersão de 160 bit\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "muda a frase secreta"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr ""
+#~ "DSA necessita de utilização de uma algoritmo de dispersão de 160 bit\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [nome_do_ficheiro]"
msgid "no suitable card key found: %s\n"
msgstr "nu am găsit nici un inel de chei secret de scris: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "eroare la obţinere noului PIN: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[nesetat(ă)]"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caracter radix64 invalid %02X sărit\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "Nu sunt permise comenzi administrare\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Daţi-i drumul şi scrieţi mesajul ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "eroare trimitere la `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "am eşuat să stochez data creării: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "eroare la recuperarea stării CHV de pe card\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "răspunsul nu conţine modulul RSA\n"
msgid "reading public key failed: %s\n"
msgstr "citirea cheii publice a eşuat: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
msgstr ""
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+msgid "Remaining attempts: %d"
+msgstr ""
+
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "verificarea CHV%d a eşuat: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "eroare la recuperarea stării CHV de pe card\n"
-
msgid "card is permanently locked!\n"
msgstr "cardul este încuiat permanent!\n"
"%d încercări PIN Admin rămase înainte de a încuia cardul permanent\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
msgstr "accesul la comenzile de administrare nu este configurată\n"
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "caracter radix64 invalid %02X sărit\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent nu este disponibil în această sesiune\n"
msgid " runtime cached certificates: %u\n"
msgstr "eroare la obţinerea numărului serial: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "eroare la obţinerea numărului serial: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Certificat de revocare creat.\n"
msgid "certificate chain is good\n"
msgstr "preferinţa `%s' duplicată\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA necesită folosirea unui algoritm cu hash de 160 biţi\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA necesită folosirea unui algoritm cu hash de 160 biţi\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [nume_fişier]"
# !-- no such user (2011-01-11)
# Thanks Pawel I. Shajdo <pshajdo@gmail.com>.
# Thanks Cmecb for the inspiration.
-# Ineiev <ineiev@gnu.org>, 2014, 2015, 2016
+# Ineiev <ineiev@gnu.org>, 2014, 2015, 2016, 2017
#
# Designated-Translator: none
msgid ""
msgstr ""
"Project-Id-Version: GnuPG 2.1.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2016-11-18 15:44+0100\n"
+"PO-Revision-Date: 2017-01-24 17:17+0000\n"
"Last-Translator: Ineiev <ineiev@gnu.org>\n"
"Language-Team: Russian <gnupg-ru@gnupg.org>\n"
"Language: ru\n"
msgid "no suitable card key found: %s\n"
msgstr "на карте не найдено подходящего ключа: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "ошибка получения сохраненных признаков: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
"Warning: This key is also listed for use with SSH!\n"
"Deleting the key might remove your ability to access remote machines."
msgstr ""
-"Внимание: этот ключ также в списке для применения с SSH!\n"
+"Ð\92нимание: Ñ\8dÑ\82оÑ\82 клÑ\8eÑ\87 Ñ\82акже наÑ\85одиÑ\82Ñ\81Ñ\8f в Ñ\81пиÑ\81ке длÑ\8f пÑ\80именениÑ\8f Ñ\81 SSH!\n"
"Удаление его может лишить Вас возможности доступа к удаленным машинам."
msgid "DSA requires the hash length to be a multiple of 8 bits\n"
msgid "Warning: unsafe permissions on %s \"%s\"\n"
msgstr "Внимание: небезопасные права доступа %s \"%s\"\n"
-#, fuzzy, c-format
-#| msgid "waiting for the agent to come up ... (%ds)\n"
+#, c-format
msgid "waiting for file '%s' to become accessible ...\n"
-msgstr "ожидаÑ\8e подклÑ\8eÑ\87ениÑ\8f агенÑ\82а ... (%iÑ\81)\n"
+msgstr "ожидаÑ\8e доÑ\81Ñ\82Ñ\83пноÑ\81Ñ\82и Ñ\84айла '%s'\n"
-#, fuzzy, c-format
-#| msgid "error renaming '%s' to '%s': %s\n"
+#, c-format
msgid "renaming '%s' to '%s' failed: %s\n"
-msgstr "ошибка переименования '%s' в '%s': %s\n"
+msgstr "сбой при переименовании '%s' в '%s': %s\n"
#. TRANSLATORS: See doc/TRANSLATE about this string.
msgid "yes"
msgid "[none]"
msgstr "[отсутствует]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "недопустимый символ radix64 %02x пропущен\n"
+
msgid "argument not expected"
msgstr "неожиданный параметр"
msgstr "неожиданный текстовый формат: "
msgid "invalid dash escaped line: "
-msgstr "недопустимая строка, выделенная дефисами: "
+msgstr "недопустимая строка с выключенными дефисами: "
#, c-format
msgid "invalid radix64 character %02X skipped\n"
msgstr "Ошибка: Двойные пробелы недопустимы.\n"
msgid "Cardholder's surname: "
-msgstr "ФамилиÑ\8f владелÑ\8cÑ\86а карты: "
+msgstr "ФамилиÑ\8f деÑ\80жаÑ\82елÑ\8f карты: "
msgid "Cardholder's given name: "
-msgstr "Ð\98мÑ\8f владелÑ\8cÑ\86а карты: "
+msgstr "Ð\98мÑ\8f деÑ\80жаÑ\82елÑ\8f карты: "
#, c-format
msgid "Error: Combined name too long (limit is %d characters).\n"
msgstr "вывести все доступные данные"
msgid "change card holder's name"
-msgstr "измениÑ\82Ñ\8c имÑ\8f владелÑ\8cÑ\86а карты"
+msgstr "измениÑ\82Ñ\8c имÑ\8f деÑ\80жаÑ\82елÑ\8f карты"
msgid "change URL to retrieve key"
msgstr "изменить URL получения ключа"
msgstr "изменить языковые предпочтения"
msgid "change card holder's sex"
-msgstr "измениÑ\82Ñ\8c пол владелÑ\8cÑ\86а карты"
+msgstr "измениÑ\82Ñ\8c пол деÑ\80жаÑ\82елÑ\8f карты"
msgid "change a CA fingerprint"
msgstr "сменить отпечаток удостоверяющего центра"
msgstr "ключ \"%s\" не найден\n"
msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(еÑ\81ли Ñ\82олÑ\8cко Ð\92Ñ\8b не задали клÑ\8eÑ\87 отпечатком)\n"
+msgstr "(еÑ\81ли Ñ\82олÑ\8cко клÑ\8eÑ\87 не задан отпечатком)\n"
msgid "can't do this in batch mode without \"--yes\"\n"
msgstr "не могу выполнить в пакетном режиме без \"--yes\"\n"
#, c-format
msgid "%s/%s encrypted for: \"%s\"\n"
-msgstr "%s/%s зашифровано для: \"%s\"\n"
+msgstr "%s/%s зашифровано для пользователя \"%s\"\n"
#, c-format
msgid "you may not use %s while in %s mode\n"
msgstr "экспортировать подписи, помеченные как 'только локальные'"
msgid "export attribute user IDs (generally photo IDs)"
-msgstr "экспортировать атрибутные ID пользователя (обычно фотоидентификаторы)"
+msgstr ""
+"экспортировать атрибутные идентификаторы пользователя (обычно "
+"фотоидентификаторы)"
msgid "export revocation keys marked as \"sensitive\""
msgstr "экспортировать ключи отзыва, помеченные как 'особо важные'"
msgstr "при экспорте удалить из ключа как можно больше"
msgid "use the GnuPG key backup format"
-msgstr ""
+msgstr "пользоваться архивным форматом ключей GnuPG"
msgid " - skipped"
msgstr " - пропущено"
msgstr "ошибка создания '%s': %s\n"
msgid "[User ID not found]"
-msgstr "[ID пользователя не найден]"
+msgstr "[Идентификатор пользователя не найден]"
#, c-format
msgid "(check argument of option '%s')\n"
msgstr "быстро создать новую пару ключей"
msgid "quickly add a new user-id"
-msgstr "быстро добавить новый ID пользователя"
+msgstr "быстро добавить новый идентификатор пользователя"
msgid "quickly revoke a user-id"
-msgstr "быстро отозвать ID пользователя"
+msgstr "быстро отозвать идентификатор пользователя"
-#, fuzzy
-#| msgid "quickly generate a new key pair"
msgid "quickly set a new expiration date"
-msgstr "бÑ\8bÑ\81Ñ\82Ñ\80о Ñ\81оздаÑ\82Ñ\8c новÑ\83Ñ\8e паÑ\80Ñ\83 клÑ\8eÑ\87ей"
+msgstr "бÑ\8bÑ\81Ñ\82Ñ\80о Ñ\83Ñ\81Ñ\82ановиÑ\82Ñ\8c новÑ\8bй Ñ\81Ñ\80ок дейÑ\81Ñ\82виÑ\8f"
msgid "full featured key pair generation"
msgstr "создание полноценной пары ключей"
"@\n"
"(Полный список команд и параметров см. на странице man)\n"
-#, fuzzy
-#| msgid ""
-#| "@\n"
-#| "Examples:\n"
-#| "\n"
-#| " -se -r Bob [file] sign and encrypt for user Bob\n"
-#| " --clear-sign [file] make a clear text signature\n"
-#| " --detach-sign [file] make a detached signature\n"
-#| " --list-keys [names] show keys\n"
-#| " --fingerprint [names] show fingerprints\n"
msgid ""
"@\n"
"Examples:\n"
"@\n"
"Примеры:\n"
"\n"
-" -se -r Вова [файл] подписать и зашифровать для получателя Вова\n"
-" --clear-sign [файл] создать текстовую подпись\n"
+" -se -r Вова [файл] подписать и зашифровать для получателя Вова\n"
+" --clear-sign [файл] создать текстовую подпись\n"
" --detach-sign [файл] создать отделенную подпись\n"
" --list-keys [имена] показать ключи\n"
" --fingerprint [имена] показать отпечатки\n"
msgstr "показать в списке подписей URL предпочтительных серверов ключей"
msgid "show user ID validity during key listings"
-msgstr "показать в списке ключей действительность ID пользователей"
+msgstr ""
+"показать в списке ключей действительность идентификаторов пользователей"
msgid "show revoked and expired user IDs in key listings"
-msgstr "показать в списке ключей отозванные и просроченные ID пользователей"
+msgstr ""
+"показать в списке ключей отозванные и просроченные идентификаторы "
+"пользователей"
msgid "show revoked and expired subkeys in key listings"
msgstr "показать в списке ключей отозванные и просроченные подключи"
msgstr "показать при проверке подписей URL предпочтительных серверов ключей"
msgid "show user ID validity during signature verification"
-msgstr "показать при проверке подписей действительность ID пользователей"
+msgstr ""
+"показать при проверке подписей действительность идентификаторов пользователей"
msgid "show revoked and expired user IDs in signature verification"
msgstr ""
-"показать при проверке подписей отозванные и просроченные ID пользователя"
+"показать при проверке подписей отозванные и просроченные идентификаторы "
+"пользователя"
msgid "show only the primary user ID in signature verification"
-msgstr "показать при проверке подписей только первичный ID пользователя"
+msgstr ""
+"показать при проверке подписей только первичный идентификатор пользователя"
msgid "validate signatures with PKA data"
msgstr "проверить подписи по данным PKA"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr "'%s' не является идентификатором, отпечатком или кодом ключа\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Пишите сообщение ...\n"
msgid "run import filters and export key immediately"
msgstr "применить фильтры импорта и немедленно экспортировать ключ"
-#, fuzzy
-#| msgid "assume input is in binary format"
msgid "assume the GnuPG key backup format"
-msgstr "пÑ\80едполагаÑ\8e, Ñ\87Ñ\82о вÑ\85однÑ\8bе даннÑ\8bе в двоиÑ\87ном Ñ\84оÑ\80маÑ\82е"
+msgstr "ожидаÑ\82Ñ\8c клÑ\8eÑ\87и в аÑ\80Ñ\85ивном Ñ\84оÑ\80маÑ\82е GnuPG"
#, c-format
msgid "skipping block of type %d\n"
#, c-format
msgid " w/o user IDs: %lu\n"
-msgstr " без ID пользователя: %lu\n"
+msgstr " без идентификатора пользователя: %lu\n"
#, c-format
msgid " imported: %lu"
#, c-format
msgid " new user IDs: %lu\n"
-msgstr " новых ID пользователя: %lu\n"
+msgstr " новых идентификаторов пользователя: %lu\n"
#, c-format
msgid " new subkeys: %lu\n"
#, c-format
msgid " user IDs cleaned: %lu\n"
-msgstr " очищено ID пользователей: %lu\n"
+msgstr " очищено идентификаторов пользователей: %lu\n"
#, c-format
msgid ""
"algorithms on these user IDs:\n"
msgstr ""
"Внимание: ключ %s содержит предпочтения для недоступных\n"
-"алгоритмов для следующих ID пользователей:\n"
+"алгоритмов для следующих идентификаторов пользователей:\n"
#, c-format
msgid " \"%s\": preference for cipher algorithm %s\n"
#, c-format
msgid "key %s: no user ID\n"
-msgstr "ключ %s: нет ID пользователя\n"
+msgstr "ключ %s: нет идентификатора пользователя\n"
#, c-format
msgid "key %s: %s\n"
#, c-format
msgid "key %s: accepted non self-signed user ID \"%s\"\n"
-msgstr "ключ %s: принят без самозаверенного ID пользователя \"%s\"\n"
+msgstr ""
+"ключ %s: принят без самозаверенного идентификатора пользователя \"%s\"\n"
#, c-format
msgid "key %s: no valid user IDs\n"
-msgstr "ключ %s: нет действительных ID пользователя\n"
+msgstr "ключ %s: нет действительных идентификаторов пользователя\n"
msgid "this may be caused by a missing self-signature\n"
msgstr "может быть, из-за отсутствия самоподписи\n"
#, c-format
msgid "key %s: \"%s\" 1 new user ID\n"
-msgstr "ключ %s: \"%s\" 1 новый ID пользователя\n"
+msgstr "ключ %s: \"%s\" 1 новый идентификатор пользователя\n"
#, c-format
msgid "key %s: \"%s\" %d new user IDs\n"
-msgstr "ключ %s: \"%s\" %d новых ID пользователя\n"
+msgstr "ключ %s: \"%s\" %d новых идентификаторов пользователя\n"
#, c-format
msgid "key %s: \"%s\" 1 new signature\n"
#, c-format
msgid "key %s: \"%s\" %d user ID cleaned\n"
-msgstr "ключ %s: \"%s\" %d ID пользователя очищен\n"
+msgstr "ключ %s: \"%s\" %d идентификатор пользователя очищен\n"
#, c-format
msgid "key %s: \"%s\" %d user IDs cleaned\n"
-msgstr "ключ %s: \"%s\" %d ID пользователя очищено\n"
+msgstr "ключ %s: \"%s\" %d идентификаторов пользователя очищено\n"
#, c-format
msgid "key %s: \"%s\" not changed\n"
#, c-format
msgid "key %s: no user ID for signature\n"
-msgstr "ключ %s: нет ID пользователя для подписи\n"
+msgstr "ключ %s: нет идентификатора пользователя для подписи\n"
#, c-format
msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
msgstr ""
-"ключ %s: алгоритм с открытым ключом у ID пользователя \"%s\" не "
+"ключ %s: алгоритм с открытым ключом у идентификатора пользователя \"%s\" не "
"поддерживается\n"
#, c-format
msgid "key %s: invalid self-signature on user ID \"%s\"\n"
-msgstr "ключ %s: неправильная самоподпись на ID пользователя \"%s\"\n"
+msgstr ""
+"ключ %s: неправильная самоподпись на идентификаторе пользователя \"%s\"\n"
#, c-format
msgid "key %s: unsupported public key algorithm\n"
#, c-format
msgid "key %s: skipped user ID \"%s\"\n"
-msgstr "ключ %s: пропущен ID пользователя \"%s\"\n"
+msgstr "ключ %s: пропущен идентификатор пользователя \"%s\"\n"
#, c-format
msgid "key %s: skipped subkey\n"
#, c-format
msgid "key %s: duplicated user ID detected - merged\n"
-msgstr "ключ %s: обнаружено дублирование ID пользователя - объединены\n"
+msgstr ""
+"ключ %s: обнаружено дублирование идентификатора пользователя - объединены\n"
#, c-format
msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
#, c-format
msgid "Skipping user ID \"%s\", which is not a text ID.\n"
-msgstr "ID пользователя \"%s\" пропущен: это не текстовый ID.\n"
+msgstr ""
+"Идентификатор пользователя \"%s\" пропущен: это не текстовый идентификатор.\n"
#, c-format
msgid "User ID \"%s\" is revoked."
-msgstr "ID пользователя \"%s\" отозван."
+msgstr "Идентификатор пользователя \"%s\" отозван."
msgid "Are you sure you still want to sign it? (y/N) "
msgstr "Вы все равно хотите его подписать? (y/N) "
#, c-format
msgid "User ID \"%s\" is expired."
-msgstr "Срок действия ID пользователя \"%s\" истек."
+msgstr "Срок действия идентификатора пользователя \"%s\" истек."
#, c-format
msgid "User ID \"%s\" is not self-signed."
-msgstr "ID пользователя \"%s\" не самозаверен."
+msgstr "Идентификатор пользователя \"%s\" не самозаверен."
#, c-format
msgid "User ID \"%s\" is signable. "
-msgstr "ID пользователя \"%s\" можно подписать."
+msgstr "Идентификатор пользователя \"%s\" можно подписать."
msgid "Sign it? (y/N) "
msgstr "Подписать его? (y/N) "
msgstr "показать код ключа"
msgid "list key and user IDs"
-msgstr "вывести список ключей и ID пользователя"
+msgstr "вывести список ключей и идентификаторов пользователя"
msgid "select user ID N"
-msgstr "выбрать ID пользователя N"
+msgstr "выбрать идентификатор пользователя N"
msgid "select subkey N"
msgstr "выбрать подключ N"
msgstr "проверка подписей"
msgid "sign selected user IDs [* see below for related commands]"
-msgstr "подписать выбранные ID пользователя [* описание команд см. ниже]"
+msgstr ""
+"подписать выбранные идентификаторы пользователя [* описание команд см. ниже]"
msgid "sign selected user IDs locally"
-msgstr "локально подписать выбранные ID пользователя"
+msgstr "локально подписать выбранные идентификаторы пользователя"
msgid "sign selected user IDs with a trust signature"
-msgstr "подписать выбранные ID пользователя подписью доверия"
+msgstr "подписать выбранные идентификаторы пользователя подписью доверия"
msgid "sign selected user IDs with a non-revocable signature"
-msgstr "подписать выбранные ID пользователя без возможности отзыва"
+msgstr "подписать выбранные идентификаторы пользователя без возможности отзыва"
msgid "add a user ID"
-msgstr "добавить ID пользователя"
+msgstr "добавить идентификатор пользователя"
msgid "add a photo ID"
msgstr "добавить фотоидентификатор"
msgid "delete selected user IDs"
-msgstr "удалить выбранные ID пользователя"
+msgstr "удалить выбранные идентификаторы пользователя"
msgid "add a subkey"
msgstr "добавить подключ"
msgstr "добавить ключ отзыва"
msgid "delete signatures from the selected user IDs"
-msgstr "удалить подписи с выбранных ID пользователя"
+msgstr "удалить подписи с выбранных идентификаторов пользователя"
msgid "change the expiration date for the key or selected subkeys"
msgstr "сменить срок действия ключа или выбранных подключей"
msgid "flag the selected user ID as primary"
-msgstr "пометить выбранный ID пользователя как первичный"
+msgstr "пометить выбранный идентификатор пользователя как первичный"
msgid "list preferences (expert)"
msgstr "список предпочтений (экспертам)"
msgstr "список предпочтений (подробный)"
msgid "set preference list for the selected user IDs"
-msgstr "установить список предпочтений для выбранных ID пользователя"
+msgstr ""
+"установить список предпочтений для выбранных идентификаторов пользователя"
msgid "set the preferred keyserver URL for the selected user IDs"
msgstr ""
-"установить URL предпочтительного сервера ключей для выбранных ID пользователя"
+"установить URL предпочтительного сервера ключей для выбранных "
+"идентификаторов пользователя"
msgid "set a notation for the selected user IDs"
-msgstr "установить замечание для выбранных ID пользователя"
+msgstr "установить замечание для выбранных идентификаторов пользователя"
msgid "change the passphrase"
msgstr "сменить фразу-пароль"
msgstr "изменить уровень доверия владельцу"
msgid "revoke signatures on the selected user IDs"
-msgstr "отозвать подписи у выбранных ID пользователя"
+msgstr "отозвать подписи у выбранных идентификаторов пользователя"
msgid "revoke selected user IDs"
-msgstr "отозвать выбранные ID пользователя"
+msgstr "отозвать выбранные идентификаторы пользователя"
msgid "revoke key or selected subkeys"
msgstr "отозвать ключ или выбранные подключи"
msgid "compact unusable user IDs and remove unusable signatures from key"
msgstr ""
-"сжать непригодные ID пользователей и удалить непригодные подписи из ключа"
+"сжать непригодные идентификаторы пользователей и удалить непригодные подписи "
+"из ключа"
msgid "compact unusable user IDs and remove all signatures from key"
-msgstr "сжать непригодные ID пользователей и удалить все подписи из ключа"
+msgstr ""
+"сжать непригодные идентификаторы пользователей и удалить все подписи из ключа"
msgid "Secret key is available.\n"
msgstr "Секретный ключ доступен.\n"
msgstr "Ключ отозван."
msgid "Really sign all user IDs? (y/N) "
-msgstr "Действительно подписать все ID пользователя? (y/N) "
+msgstr "Действительно подписать все идентификаторы пользователя? (y/N) "
msgid "Really sign all text user IDs? (y/N) "
-msgstr "Действительно подписать все текстовые ID пользователя? (y/N) "
+msgstr ""
+"Действительно подписать все текстовые идентификаторы пользователя? (y/N) "
msgid "Hint: Select the user IDs to sign\n"
-msgstr "Подсказка: Выберите ID пользователей, которые нужно подписать\n"
+msgstr ""
+"Подсказка: Выберите идентификаторы пользователей, которые нужно подписать\n"
#, c-format
msgid "Unknown signature type '%s'\n"
msgstr "Данная команда в режиме %s недопустима.\n"
msgid "You must select at least one user ID.\n"
-msgstr "Вы должны выбрать хотя бы один ID пользователя.\n"
+msgstr "Вы должны выбрать хотя бы один идентификатор пользователя.\n"
#, c-format
msgid "(Use the '%s' command.)\n"
msgstr "(Команда '%s'.)\n"
msgid "You can't delete the last user ID!\n"
-msgstr "Вы не можете удалить последний ID пользователя!\n"
+msgstr "Вы не можете удалить последний идентификатор пользователя!\n"
msgid "Really remove all selected user IDs? (y/N) "
-msgstr "Действительно удалить все выбранные ID пользователей? (y/N) "
+msgstr ""
+"Действительно удалить все выбранные идентификаторы пользователей? (y/N) "
msgid "Really remove this user ID? (y/N) "
-msgstr "Действительно удалить этот ID пользователя? (y/N) "
+msgstr "Действительно удалить этот идентификатор пользователя? (y/N) "
#. TRANSLATORS: Please take care: This is about
#. moving the key and not about removing it.
msgstr "Вы действительно хотите удалить данный ключ? (y/N) "
msgid "Really revoke all selected user IDs? (y/N) "
-msgstr "Действительно отозвать все выбранные ID пользователей? (y/N) "
+msgstr ""
+"Действительно отозвать все выбранные идентификаторы пользователей? (y/N) "
msgid "Really revoke this user ID? (y/N) "
-msgstr "Действительно отозвать данный ID пользователя? (y/N) "
+msgstr "Действительно отозвать данный идентификатор пользователя? (y/N) "
msgid "Do you really want to revoke the entire key? (y/N) "
msgstr "Вы действительно хотите отозвать ключ целиком? (y/N) "
msgid "Really update the preferences for the selected user IDs? (y/N) "
msgstr ""
-"Действительно обновить предпочтения для выбранных ID пользователей? (y/N) "
+"Действительно обновить предпочтения для выбранных идентификаторов "
+"пользователей? (y/N) "
msgid "Really update the preferences? (y/N) "
msgstr "Действительно обновить предпочтения? (y/N) "
#, c-format
msgid "Invalid user ID '%s': %s\n"
-msgstr "Недопустимый ID пользователя '%s': %s\n"
+msgstr "Недопустимый идентификатор пользователя '%s': %s\n"
msgid "No matching user IDs."
-msgstr "Нет подходящих ID пользователей."
+msgstr "Нет подходящих идентификаторов пользователей."
msgid "Nothing to sign.\n"
msgstr "Подписывать нечего.\n"
-#, fuzzy, c-format
-#| msgid "'%s' is not a valid signature expiration\n"
+#, c-format
msgid "'%s' is not a valid expiration time\n"
-msgstr "'%s' - не допустимый срок действия подписи\n"
+msgstr "'%s' - не допустимый срок действия\n"
msgid "Digest: "
msgstr "Хеш: "
msgstr "Замечания: "
msgid "There are no preferences on a PGP 2.x-style user ID.\n"
-msgstr "В ID пользователя типа PGP 2.x не может быть предпочтений.\n"
+msgstr ""
+"В идентификаторе пользователя типа PGP 2.x не может быть предпочтений.\n"
#, c-format
msgid "The following key was revoked on %s by %s key %s\n"
"WARNING: no user ID has been marked as primary. This command may\n"
" cause a different user ID to become the assumed primary.\n"
msgstr ""
-"Внимание: нет ID пользователя, помеченного как первичный. Эта команда может\n"
-" пÑ\80ивеÑ\81Ñ\82и к Ñ\82омÑ\83, Ñ\87Ñ\82о пеÑ\80виÑ\87нÑ\8bм Ñ\81Ñ\82анеÑ\82 Ñ\81Ñ\87иÑ\82аÑ\82Ñ\8cÑ\81Ñ\8f дÑ\80Ñ\83гой\n"
-" ID пользователя.\n"
+"Внимание: нет идентификатора пользователя, помеченного как первичный.\n"
+" ÐÑ\82а команда можеÑ\82 пÑ\80ивеÑ\81Ñ\82и к Ñ\82омÑ\83, Ñ\87Ñ\82о пеÑ\80виÑ\87нÑ\8bм Ñ\81Ñ\82анеÑ\82 Ñ\81Ñ\87иÑ\82аÑ\82Ñ\8cÑ\81Ñ\8f\n"
+" другой идентификатор пользователя.\n"
msgid "WARNING: Your encryption subkey expires soon.\n"
msgstr "Внимание: Срок действия Вашего подключа для шифрования истекает.\n"
msgstr "Нельзя добавить фотоидентификатор в ключ типа PGP2.\n"
msgid "Such a user ID already exists on this key!\n"
-msgstr "Такой ID пользователя на этом ключе уже есть!\n"
+msgstr "Такой идентификатор пользователя на этом ключе уже есть!\n"
msgid "Delete this good signature? (y/N/q)"
msgstr "Удалить данную действительную подпись? (y/N/q)"
#, c-format
msgid "User ID \"%s\" compacted: %s\n"
-msgstr "ID пользователя \"%s\" сжат: %s\n"
+msgstr "Идентификатор пользователя \"%s\" сжат: %s\n"
#, c-format
msgid "User ID \"%s\": %d signature removed\n"
msgid_plural "User ID \"%s\": %d signatures removed\n"
-msgstr[0] "ID пользователя \"%s\": %d подпись удалена\n"
-msgstr[1] "ID пользователя \"%s\": %d подписи удалены\n"
-msgstr[2] "ID пользователя \"%s\": %d подписей удалено\n"
+msgstr[0] "Идентификатор пользователя \"%s\": %d подпись удалена\n"
+msgstr[1] "Идентификатор пользователя \"%s\": %d подписи удалены\n"
+msgstr[2] "Идентификатор пользователя \"%s\": %d подписей удалено\n"
#, c-format
msgid "User ID \"%s\": already minimized\n"
-msgstr "ID пользователя \"%s\" уже минимизирован\n"
+msgstr "Идентификатор пользователя \"%s\" уже минимизирован\n"
#, c-format
msgid "User ID \"%s\": already clean\n"
-msgstr "ID пользователя \"%s\": уже очищен\n"
+msgstr "Идентификатор пользователя \"%s\": уже очищен\n"
msgid ""
"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
msgstr "Нельзя добавить особый отзывающий ключ в ключ типа PGP 2.x.\n"
msgid "Enter the user ID of the designated revoker: "
-msgstr "Укажите ID пользователя ключа, назначенного отзывающим: "
+msgstr "Укажите идентификатор пользователя ключа, назначенного отзывающим: "
msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
msgstr "нельзя назначить отзывающим ключ типа PGP 2.x\n"
msgstr "подключ %s не для подписей, он не нуждается в перекрестном заверении\n"
msgid "Please select exactly one user ID.\n"
-msgstr "Выберите ровно один ID пользователя.\n"
+msgstr "Выберите ровно один идентификатор пользователя.\n"
#, c-format
msgid "skipping v3 self-signature on user ID \"%s\"\n"
-msgstr "пропуск самоподписи v3 на ID пользователя \"%s\"\n"
+msgstr "пропуск самоподписи v3 на идентификаторе пользователя \"%s\"\n"
msgid "Enter your preferred keyserver URL: "
msgstr "Введите URL предпочтительного сервера ключей: "
#, c-format
msgid "No user ID with index %d\n"
-msgstr "Нет ID пользователя с индексом %d\n"
+msgstr "Нет идентификатора пользователя с индексом %d\n"
#, c-format
msgid "No user ID with hash %s\n"
-msgstr "Нет ID пользователя с хешем %s\n"
+msgstr "Нет идентификатора пользователя с хешем %s\n"
#, c-format
msgid "No subkey with key ID '%s'.\n"
-msgstr "Нет подключа с ID ключа '%s'.\n"
+msgstr "Нет подключа с идентификатором ключа '%s'.\n"
#, c-format
msgid "No subkey with index %d\n"
#, c-format
msgid "user ID: \"%s\"\n"
-msgstr "ID пользователя: \"%s\"\n"
+msgstr "Идентификатор пользователя: \"%s\"\n"
#, c-format
msgid "signed by your key %s on %s%s%s\n"
#, c-format
msgid "You have signed these user IDs on key %s:\n"
-msgstr "Вы подписали эти ID пользователей на ключе %s:\n"
+msgstr "Вы подписали эти идентификаторы пользователей на ключе %s:\n"
msgid " (non-revocable)"
msgstr " (неотзываемая)"
#, c-format
msgid "user ID \"%s\" is already revoked\n"
-msgstr "ID пользователя \"%s\" уже отозван\n"
+msgstr "Идентификатор пользователя \"%s\" уже отозван\n"
#, c-format
msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
-msgstr "Внимание: подпись ID пользователя датирована %d секундами в будущем\n"
+msgstr ""
+"Внимание: подпись идентификатора пользователя датирована %d секундами в "
+"будущем\n"
#, c-format
msgid "Key %s is already revoked.\n"
"\n"
msgstr ""
"\n"
-"GnuPG должен составить ID пользователя для идентификации ключа.\n"
+"GnuPG должен составить идентификатор пользователя для идентификации ключа.\n"
"\n"
#. TRANSLATORS: This string is in general not anymore used
"\n"
msgstr ""
"\n"
-"Для идентификации Вашего ключа необходим ID пользователя. Программа создаст "
-"его\n"
+"Для идентификации Вашего ключа необходим идентификатор пользователя. "
+"Ð\9fÑ\80огÑ\80амма Ñ\81оздаÑ\81Ñ\82 его\n"
"из Вашего имени, примечания и адреса электронной почты в виде:\n"
" \"Вася Пушкин (персонаж) <vp@test.ru>\"\n"
"\n"
" \"%s\"\n"
"\n"
msgstr ""
-"Вы выбрали следующий ID пользователя:\n"
+"Вы выбрали следующий идентификатор пользователя:\n"
" \"%s\"\n"
"\n"
msgstr "включить в результаты поиска отозванные ключи"
msgid "include subkeys when searching by key ID"
-msgstr "искать по ID ключа, включая подключи"
+msgstr "искать по идентификатору ключа, включая подключи"
msgid "override timeout options set for dirmngr"
msgstr "переназначить настройки времени ожидания для dirmngr"
#, c-format
msgid "\"%s\" not a key ID: skipping\n"
-msgstr "\"%s\" - не ID ключа: пропущен\n"
+msgstr "\"%s\" - не идентификатор ключа: пропущен\n"
#, c-format
msgid "refreshing %d key from %s\n"
#, c-format
msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
-msgstr "зашифровано %u-битным ключом %s с ID %s, созданным %s\n"
+msgstr "зашифровано %u-битным ключом %s с идентификатором %s, созданным %s\n"
#, c-format
msgid " \"%s\"\n"
#, c-format
msgid "encrypted with %s key, ID %s\n"
-msgstr "зашифровано ключом %s с ID %s\n"
+msgstr "зашифровано ключом %s с идентификатором %s\n"
#, c-format
msgid "public key decryption failed: %s\n"
#, c-format
msgid " using %s key %s\n"
-msgstr " ключом %s с ID %s\n"
+msgstr " ключом %s с идентификатором %s\n"
#, c-format
msgid "Signature made %s using %s key ID %s\n"
-msgstr "Подпись сделана %s ключом %s с ID %s\n"
+msgstr "Подпись сделана %s ключом %s с идентификатором %s\n"
#, c-format
msgid " issuer \"%s\"\n"
#, c-format
msgid " (main key ID %s)"
-msgstr " (ID главного ключа %s)"
+msgstr " (идентификатор главного ключа %s)"
msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
msgstr "Введите фразу-пароль для разблокировки секретного ключа OpenPGP:"
msgstr ""
"%s\n"
"\"%.*s\"\n"
-"%u-битный ключ %s, ID %s,\n"
+"%u-битный ключ %s, идентификатор %s,\n"
"создан %s%s.\n"
"%s"
msgstr "Ключ больше не используется"
msgid "User ID is no longer valid"
-msgstr "ID пользователя больше не действителен"
+msgstr "Идентификатор пользователя больше не действителен"
msgid "reason for revocation: "
msgstr "причина отзыва: "
msgid "%s: This key is bad! It has been marked as untrusted!\n"
msgstr "%s: Некачественный ключ! Он помечен как недоверенный!\n"
-#, fuzzy
-#| msgid ""
-#| "This key has is bad! It has been marked as untrusted! If you\n"
-#| "*really* know what you are doing, you may answer the next\n"
-#| "question with yes.\n"
msgid ""
"This key is bad! It has been marked as untrusted! If you\n"
"*really* know what you are doing, you may answer the next\n"
"you may answer the next question with yes.\n"
msgstr ""
"НЕТ уверенности в том, что ключ принадлежит человеку, указанному\n"
-"в ID пользователя. Если Вы ТОЧНО знаете, что делаете,\n"
+"в идентификаторе пользователя. Если Вы ТОЧНО знаете, что делаете,\n"
"можете ответить на следующий вопрос утвердительно.\n"
msgid "Use this key anyway? (y/N) "
msgstr "задан параметр '%s', но параметр '%s' не задан\n"
msgid "You did not specify a user ID. (you may use \"-r\")\n"
-msgstr "Не задан ID пользователя (можно использовать \"-r\").\n"
+msgstr "Не задан идентификатор пользователя (можно использовать \"-r\").\n"
msgid "Current recipients:\n"
msgstr "Текущие получатели:\n"
"Enter the user ID. End with an empty line: "
msgstr ""
"\n"
-"Введите ID пользователя. Завершите пустой строкой: "
+"Введите идентификатор пользователя. Завершите пустой строкой: "
msgid "No such user ID.\n"
-msgstr "Нет такого ID пользователя.\n"
+msgstr "Нет такого идентификатора пользователя.\n"
msgid "skipped: public key already set as default recipient\n"
msgstr "пропущено: открытый ключ уже установлен для получателя по умолчанию\n"
#, c-format
msgid "key %s has no user IDs\n"
-msgstr "у ключа %s нет ID пользователя\n"
+msgstr "у ключа %s нет идентификатора пользователя\n"
msgid "To be revoked by:\n"
msgstr "Будет отозван:\n"
msgid "unsupported TOFU database version: %s\n"
msgstr "версия базы данных TOFU (не поддерживается): %s\n"
-#, fuzzy, c-format
-#| msgid "error creating temporary file: %s\n"
+#, c-format
msgid "error creating 'ultimately_trusted_keys' TOFU table: %s\n"
-msgstr "ошибка создания временного файла: %s\n"
+msgstr "ошибка создания таблицы TOFU 'ultimately_trusted_keys': %s\n"
msgid "TOFU DB error"
-msgstr ""
+msgstr "ошибка базы данных TOFU"
#, c-format
msgid "error reading TOFU database: %s\n"
msgid "error initializing TOFU database: %s\n"
msgstr "ошибка инициализации базы данных TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "error reading TOFU database: %s\n"
+#, c-format
msgid "error creating 'encryptions' TOFU table: %s\n"
-msgstr "оÑ\88ибка Ñ\87Ñ\82ениÑ\8f базÑ\8b даннÑ\8bÑ\85 TOFU: %s\n"
+msgstr "оÑ\88ибка Ñ\81озданиÑ\8f Ñ\82аблиÑ\86Ñ\8b TOFU 'encryptions': %s\n"
#, c-format
msgid "adding column effective_policy to bindings DB: %s\n"
-msgstr ""
+msgstr "добавление столбца effective_policy в базу данных привязок: %s\n"
#, c-format
msgid "error opening TOFU database '%s': %s\n"
"This is the first time the email address \"%s\" is being used with key %s."
msgstr "Адрес электронной почты \"%s\" используется с ключом %s впервые."
-#, fuzzy, c-format
-#| msgid "The email address \"%s\" is associated with %d keys!"
+#, c-format
msgid "The email address \"%s\" is associated with %d key!"
msgid_plural "The email address \"%s\" is associated with %d keys!"
-msgstr[0] "Ð\90дÑ\80еÑ\81 Ñ\8dлекÑ\82Ñ\80онной поÑ\87Ñ\82Ñ\8b \"%s\" Ñ\81вÑ\8fзан Ñ\81 %d клÑ\8eÑ\87ами!"
+msgstr[0] "Ð\90дÑ\80еÑ\81 Ñ\8dлекÑ\82Ñ\80онной поÑ\87Ñ\82Ñ\8b \"%s\" Ñ\81вÑ\8fзан Ñ\81 %d клÑ\8eÑ\87ом!"
msgstr[1] "Адрес электронной почты \"%s\" связан с %d ключами!"
msgstr[2] "Адрес электронной почты \"%s\" связан с %d ключами!"
#, c-format
msgid "error gathering other user IDs: %s\n"
-msgstr "ошибка при сборе ID других пользователей: %s\n"
+msgstr "ошибка при сборе идентификаторов других пользователей: %s\n"
msgid "This key's user IDs:\n"
msgstr "Идентификаторы пользователя этого ключа:\n"
msgid "this key"
msgstr "этот ключ"
-#, fuzzy, c-format
-#| msgid "Verified %d message"
-#| msgid_plural "Verified %d messages"
+#, c-format
msgid "Verified %d message."
msgid_plural "Verified %d messages."
-msgstr[0] "Проверено %d сообщение"
-msgstr[1] "Проверены %d сообщения"
-msgstr[2] "Проверено %d сообщений"
+msgstr[0] "Проверено %d сообщение."
+msgstr[1] "Проверены %d сообщения."
+msgstr[2] "Проверено %d сообщений."
-#, fuzzy, c-format
-#| msgid "Encrypted %d message"
-#| msgid_plural "Encrypted %d messages"
+#, c-format
msgid "Encrypted %d message."
msgid_plural "Encrypted %d messages."
-msgstr[0] "Зашифровано %d сообщение"
-msgstr[1] "Зашифрованы %d сообщения"
-msgstr[2] "Зашифровано %d сообщений"
+msgstr[0] "Зашифровано %d сообщение."
+msgstr[1] "Зашифрованы %d сообщения."
+msgstr[2] "Зашифровано %d сообщений."
-#, fuzzy, c-format
-#| msgid "Verified %d message"
-#| msgid_plural "Verified %d messages"
+#, c-format
msgid "Verified %d message in the future."
msgid_plural "Verified %d messages in the future."
-msgstr[0] "Проверено %d сообщение"
-msgstr[1] "Проверены %d сообщения"
-msgstr[2] "Проверено %d сообщений"
+msgstr[0] "Проверено %d сообщение в будущем."
+msgstr[1] "Проверены %d сообщения в будущем."
+msgstr[2] "Проверено %d сообщений в будущем."
-#, fuzzy, c-format
-#| msgid ", and encrypted %ld message in the past %s"
-#| msgid_plural ", and encrypted %ld messages in the past %s"
+#, c-format
msgid "Encrypted %d message in the future."
msgid_plural "Encrypted %d messages in the future."
-msgstr[0] ", зашифровано %ld сообщение за %s."
-msgstr[1] ", зашифрованы %ld сообщения за %s."
-msgstr[2] ", зашифровано %ld сообщений за %s."
+msgstr[0] "Зашифровано %d сообщение в будущем."
+msgstr[1] "Зашифрованы %d сообщения в будущем."
+msgstr[2] "Зашифровано %d сообщений в будущем."
-#, fuzzy, c-format
-#| msgid " over the past day."
-#| msgid_plural " over the past %d days."
+#, c-format
msgid "Messages verified over the past %d day: %d."
msgid_plural "Messages verified over the past %d days: %d."
-msgstr[0] " за %d прошедший день."
-msgstr[1] " за %d прошедших дня."
-msgstr[2] " за %d прошедших дней."
+msgstr[0] "Проверено сообщений за %d прошедший день: %d."
+msgstr[1] "Проверено сообщений за %d прошедших дня: %d."
+msgstr[2] "Проверено сообщений за %d прошедших дней: %d."
-#, fuzzy, c-format
-#| msgid " over the past day."
-#| msgid_plural " over the past %d days."
+#, c-format
msgid "Messages encrypted over the past %d day: %d."
msgid_plural "Messages encrypted over the past %d days: %d."
-msgstr[0] " за %d прошедший день."
-msgstr[1] " за %d прошедших дня."
-msgstr[2] " за %d прошедших дней."
+msgstr[0] "Зашифровано сообщений за %d прошедший день: %d."
+msgstr[1] "Зашифровано сообщений за %d прошедших дня: %d."
+msgstr[2] "Зашифровано сообщений за %d прошедших дней: %d."
-#, fuzzy, c-format
-#| msgid " over the past month."
-#| msgid_plural " over the past %d months."
+#, c-format
msgid "Messages verified over the past %d month: %d."
msgid_plural "Messages verified over the past %d months: %d."
-msgstr[0] " за %d прошедший месяц."
-msgstr[1] " за %d прошедших месяца."
-msgstr[2] " за %d прошедших месяцев."
+msgstr[0] "Проверено сообщений за %d прошедший месяц: %d."
+msgstr[1] "Проверено сообщений за %d прошедших месяца: %d."
+msgstr[2] "Проверено сообщений за %d прошедших месяцев: %d."
-#, fuzzy, c-format
-#| msgid " over the past month."
-#| msgid_plural " over the past %d months."
+#, c-format
msgid "Messages encrypted over the past %d month: %d."
msgid_plural "Messages encrypted over the past %d months: %d."
-msgstr[0] " за %d прошедший месяц."
-msgstr[1] " за %d прошедших месяца."
-msgstr[2] " за %d прошедших месяцев."
+msgstr[0] "Зашифровано сообщений за %d прошедший месяц: %d."
+msgstr[1] "Зашифровано сообщений за %d прошедших месяца: %d."
+msgstr[2] "Зашифровано сообщений за %d прошедших месяцев: %d."
-#, fuzzy, c-format
-#| msgid " over the past year."
-#| msgid_plural " over the past %d years."
+#, c-format
msgid "Messages verified over the past %d year: %d."
msgid_plural "Messages verified over the past %d years: %d."
-msgstr[0] " за %d прошедший год."
-msgstr[1] " за %d прошедших дня."
-msgstr[2] " за %d прошедших дней."
+msgstr[0] "Проверено сообщений за %d прошедший год: %d."
+msgstr[1] "Проверено сообщений за %d прошедших года: %d."
+msgstr[2] "Проверено сообщений за %d прошедших лет: %d."
-#, fuzzy, c-format
-#| msgid " over the past year."
-#| msgid_plural " over the past %d years."
+#, c-format
msgid "Messages encrypted over the past %d year: %d."
msgid_plural "Messages encrypted over the past %d years: %d."
-msgstr[0] " за %d прошедший год."
-msgstr[1] " за %d прошедших дня."
-msgstr[2] " за %d прошедших дней."
+msgstr[0] "Зашифровано сообщений за %d прошедший год: %d."
+msgstr[1] "Зашифровано сообщений за %d прошедших года: %d."
+msgstr[2] "Зашифровано сообщений за %d прошедших лет: %d."
-#, fuzzy, c-format
-#| msgid " over the past day."
-#| msgid_plural " over the past %d days."
+#, c-format
msgid "Messages verified in the past: %d."
-msgstr " за %d прошедший день."
+msgstr "Проверено сообщений в прошлом: %d."
-#, fuzzy, c-format
-#| msgid ", and encrypted %ld message in the past %s"
-#| msgid_plural ", and encrypted %ld messages in the past %s"
+#, c-format
msgid "Messages encrypted in the past: %d."
-msgstr ", зашифровано %ld сообщение за %s."
+msgstr "Зашифровавно сообщений в прошлом: %d."
#. TRANSLATORS: Please translate the text found in the source
#. * file below. We don't directly internationalize that text so
"Обычно с конкретным адресом электронной почты связан только один ключ. "
"Однако иногда создают новый ключ, например, если ключ слишком стар или "
"владелец считает, что ключ может быть раскрыт. В противном случае новый ключ "
-"может означать атаку \"человек посередине\"! Перед тем как принять этот "
-"ключ, следует связаться с владельцем и убедиться, что этот новый ключ "
-"правомерен."
+"может означать перехват сообщений! Перед тем как принять этот ключ, следует "
+"связаться с владельцем и убедиться, что этот новый ключ правомерен."
#. TRANSLATORS: Two letters (normally the lower and upper case
#. * version of the hotkey) for each of the five choices. If
msgstr ""
"(G)Хороший, (A)Пока принять, (U)Неясно, (R)Пока отвергнуть, (B)Плохой? "
-msgid "Defaulting to unknown."
+#, fuzzy
+#| msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr "Принимается исходное значение (неясно)."
msgid "TOFU db corruption detected.\n"
msgid "resetting keydb: %s\n"
msgstr "сброс базы данных ключей: %s\n"
-#, fuzzy, c-format
-#| msgid "error setting TOFU binding's trust level to %s\n"
+#, c-format
msgid "error setting TOFU binding's policy to %s\n"
-msgstr "ошибка установки уровня доверия привязки TOFU в %s\n"
+msgstr "ошибка установки правил привязки TOFU в %s\n"
#, c-format
msgid "error changing TOFU policy: %s\n"
msgstr "ошибка при смене правила TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "%d~year"
-#| msgid_plural "%d~years"
+#, c-format
msgid "%lld~year"
msgid_plural "%lld~years"
-msgstr[0] "%d~год"
-msgstr[1] "%d~года"
-msgstr[2] "%d~лет"
+msgstr[0] "%lld~прошедший~год"
+msgstr[1] "%lld~прошедших~года"
+msgstr[2] "%lld~прошедших~лет"
-#, fuzzy, c-format
-#| msgid "%d~month"
-#| msgid_plural "%d~months"
+#, c-format
msgid "%lld~month"
msgid_plural "%lld~months"
-msgstr[0] "%d~месяц"
-msgstr[1] "%d~месяца"
-msgstr[2] "%d~месяцев"
+msgstr[0] "%lld~прошедший~месяц"
+msgstr[1] "%lld~прошедших~месяца"
+msgstr[2] "%lld~прошедших~месяцев"
#, c-format
msgid "%lld~week"
msgid_plural "%lld~weeks"
-msgstr[0] ""
-msgstr[1] ""
-msgstr[2] ""
+msgstr[0] "%lld~прошедшую~неделю"
+msgstr[1] "%lld~прошедшие~недели"
+msgstr[2] "%lld~прошедших~недель"
-#, fuzzy, c-format
-#| msgid "%d~day"
-#| msgid_plural "%d~days"
+#, c-format
msgid "%lld~day"
msgid_plural "%lld~days"
-msgstr[0] "%d~день"
-msgstr[1] "%d~дня"
-msgstr[2] "%d~дней"
+msgstr[0] "%lld~прошедший~день"
+msgstr[1] "%lld~прошедших~дня"
+msgstr[2] "%lld~прошедших~дней"
-#, fuzzy, c-format
-#| msgid "%d~hour"
-#| msgid_plural "%d~hours"
+#, c-format
msgid "%lld~hour"
msgid_plural "%lld~hours"
-msgstr[0] "%d~час"
-msgstr[1] "%d~часа"
-msgstr[2] "%d~часов"
+msgstr[0] "%lld~прошедший~час"
+msgstr[1] "%lld~прошедших~часа"
+msgstr[2] "%lld~прошедших~часов"
-#, fuzzy, c-format
-#| msgid "%d~minute"
-#| msgid_plural "%d~minutes"
+#, c-format
msgid "%lld~minute"
msgid_plural "%lld~minutes"
-msgstr[0] "%d~минута"
-msgstr[1] "%d~минуты"
-msgstr[2] "%d~минут"
+msgstr[0] "%lld~прошедшую~минуту"
+msgstr[1] "%lld~прошедшие~минуты"
+msgstr[2] "%lld~прошедших~минут"
-#, fuzzy, c-format
-#| msgid "%d~second"
-#| msgid_plural "%d~seconds"
+#, c-format
msgid "%lld~second"
msgid_plural "%lld~seconds"
-msgstr[0] "%d~секунда"
-msgstr[1] "%d~секунды"
-msgstr[2] "%d~секунд"
+msgstr[0] "%lld~прошедшую~секунду"
+msgstr[1] "%lld~прошедшие~секунды"
+msgstr[2] "%lld~прошедших~секунд"
#, c-format
msgid "%s: Verified 0~signatures and encrypted 0~messages."
-msgstr ""
+msgstr "%s: Проверено 0~подписей, зашифровано 0~сообщений."
-#, fuzzy, c-format
-#| msgid "Verified %ld signatures"
+#, c-format
msgid "%s: Verified 0 signatures."
-msgstr "Проверено %ld подписей"
+msgstr "%s: Проверено 0 подписей."
-#, fuzzy, c-format
-#| msgid "Verified %ld signature in the past %s"
-#| msgid_plural "Verified %ld signatures in the past %s"
+#, c-format
msgid "%s: Verified %ld~signature in the past %s."
msgid_plural "%s: Verified %ld~signatures in the past %s."
-msgstr[0] "Проверена %ld подпись за %s."
-msgstr[1] "Проверены %ld прописи за %s."
-msgstr[2] "Проверено %ld подписей за %s."
+msgstr[0] "%s: Проверена %ld~подпись за %s."
+msgstr[1] "%s: Проверены %ld~прописи за %s."
+msgstr[2] "%s: Проверено %ld~подписей за %s."
-#, fuzzy
-#| msgid "Encrypted %d message"
-#| msgid_plural "Encrypted %d messages"
msgid "Encrypted 0 messages."
-msgstr "Зашифровано %d сообщение"
+msgstr "Зашифровано 0 сообщений."
-#, fuzzy, c-format
-#| msgid ", and encrypted %ld message in the past %s"
-#| msgid_plural ", and encrypted %ld messages in the past %s"
+#, c-format
msgid "Encrypted %ld~message in the past %s."
msgid_plural "Encrypted %ld~messages in the past %s."
-msgstr[0] ", зашифровано %ld сообщение за %s."
-msgstr[1] ", зашифрованы %ld сообщения за %s."
-msgstr[2] ", зашифровано %ld сообщений за %s."
+msgstr[0] "Зашифровано %ld~сообщение за %s."
+msgstr[1] "Зашифрованы %ld~сообщения за %s."
+msgstr[2] "Зашифровано %ld~сообщений за %s."
-#, fuzzy, c-format
-#| msgid "policy: %s"
+#, c-format
msgid "(policy: %s)"
msgstr "правило: %s"
msgstr "ошибка при открытии базы данных TOFU: %s\n"
#, fuzzy, c-format
-#| msgid "WARNING: Encrypting to %s, which has nonon-revoked user ids.\n"
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+#| msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
"ВНИМАНИЕ: Шифрование для ключа %s, у которого нет неотозванных "
"идентификаторов пользователя.\n"
#, c-format
msgid "'%s' is not a valid long keyID\n"
-msgstr "'%s' не является допустимым длинным ID ключа\n"
+msgstr "'%s' не является допустимым длинным идентификатором ключа\n"
#, c-format
msgid "key %s: accepted as trusted key\n"
msgid "failed to store the creation date: %s\n"
msgstr "сбой при сохранении даты создания: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "ошибка получения статуса CHV с карты\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "в ответе отсутствует модуль RSA\n"
msgid "reading public key failed: %s\n"
msgstr "сбой при чтении открытого ключа: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "основной PIN применяется как %s\n"
"не удалось применить основной PIN как %s: %s - далее применяться\n"
"как основной не будет\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Введите PIN%%0A[сделано подписей: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Введите PIN"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "сбой при проверке CHV%d: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "ошибка получения статуса CHV с карты\n"
-
msgid "card is permanently locked!\n"
msgstr "карта окончательно заблокирована!\n"
"осталось %d попыток ввода административного PIN перед блокировкой карты\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Введите административный PIN%%0A[осталось попыток: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Введите административный PIN"
msgid "access to admin commands is not configured\n"
msgstr "доступ к командам управления не настроен\n"
+msgid "||Please enter the PIN"
+msgstr "||Введите PIN"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Введите код сброса для карты"
msgid "handler for fd %d terminated\n"
msgstr "обработчик fd %d остановлен\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "недопустимый символ radix64 %02x пропущен\n"
-
msgid "no dirmngr running in this session\n"
msgstr "в этом сеансе dirmngr не работает\n"
msgstr ""
"Введите фразу-пароль для доступа к секретному ключу сертификата X.509:\n"
"\"%s\"\n"
-"S/N %s, ID 0x%08lX,\n"
+"S/N %s, идентификатор 0x%08lX,\n"
"создан %s, истекает %s.\n"
msgid "no key usage specified - assuming all usages\n"
#, c-format
msgid " using certificate ID 0x%08lX\n"
-msgstr " с помощью сертификата с ID 0x%08lX\n"
+msgstr " с помощью сертификата с идентификатором 0x%08lX\n"
msgid ""
"invalid signature: message digest attribute does not match computed one\n"
msgid " runtime cached certificates: %u\n"
msgstr "сертификатов в буфере времени исполнения: %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "сертификатов в буфере времени исполнения: %u\n"
+
msgid "certificate already cached\n"
msgstr "сертификат уже в буфере\n"
#, c-format
msgid "no CRL available for issuer id %s\n"
-msgstr "списка отозванных сертификатов для издателя с ID %s нет в наличии\n"
+msgstr ""
+"списка отозванных сертификатов для издателя с идентификатором %s нет в "
+"наличии\n"
#, c-format
msgid "cached CRL for issuer id %s too old; update required\n"
msgstr ""
-"список отозванных сертификатов для издателя с ID %s в буфере слишком стар; "
-"требуется обновление\n"
+"список отозванных сертификатов для издателя с идентификатором %s в буфере "
+"Ñ\81лиÑ\88ком Ñ\81Ñ\82аÑ\80; Ñ\82Ñ\80ебÑ\83еÑ\82Ñ\81Ñ\8f обновление\n"
#, c-format
msgid ""
"force-crl-refresh active and %d minutes passed for issuer id %s; update "
"required\n"
msgstr ""
-"действует force-crl-refresh и прошло %d минут для издателя с ID %s; "
-"требуется обновление\n"
+"действует force-crl-refresh и прошло %d минут для издателя с идентификатором "
+"%s; требуется обновление\n"
#, c-format
msgid "force-crl-refresh active for issuer id %s; update required\n"
msgstr ""
-"для издателя с ID %s действует force-crl-refresh; требуется обновление\n"
+"для издателя с идентификатором %s действует force-crl-refresh; требуется "
+"обновление\n"
#, c-format
msgid "available CRL for issuer ID %s can't be used\n"
msgstr ""
-"доступный список отозванных сертификатов для издателя с ID %s нельзя "
-"использовать\n"
+"доступный список отозванных сертификатов для издателя с идентификатором %s "
+"нелÑ\8cзÑ\8f иÑ\81полÑ\8cзоваÑ\82Ñ\8c\n"
#, c-format
msgid "cached CRL for issuer id %s tampered; we need to update\n"
msgstr ""
-"список отозванных сертификатов для издателя с ID %s в буфере поврежден; его "
-"нужно обновить\n"
+"список отозванных сертификатов для издателя с идентификатором %s в буфере "
+"повÑ\80ежден; его нÑ\83жно обновиÑ\82Ñ\8c\n"
msgid "WARNING: invalid cache record length for S/N "
msgstr "Внимание: недопустимая для серийного номера длина буферной записи "
msgid "allow sending OCSP requests"
msgstr "разрешить посылку запросов OCSP"
-#, fuzzy
-#| msgid "query the software version database"
msgid "allow online software version check"
-msgstr "запросить базу данных версий программ"
+msgstr "разрешить проверку версий программ по сети"
msgid "inhibit the use of HTTP"
msgstr "запретить использование HTTP"
#, c-format
msgid "error getting responder ID: %s\n"
-msgstr "ошибка при получении ID ответчика: %s\n"
+msgstr "ошибка при получении идентификатора ответчика: %s\n"
msgid "no suitable certificate found to verify the OCSP response\n"
msgstr "не найдено подходящего сертификата для проверки ответа OCSP\n"
msgstr "нет сервера LDAP"
msgid "serialno missing in cert ID"
-msgstr "в ID сертификата нет серийного номера"
+msgstr "в идентификаторе сертификата нет серийного номера"
#, c-format
msgid "assuan_inquire failed: %s\n"
msgid "certificate chain is good\n"
msgstr "хорошая цепочка сертификатов\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA требует 160-битной хеш-функции\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"сертификат не следовало использовать для подписывания списка отозванных "
msgstr "|NAME|использовать NAME как основной секретный ключ"
msgid "|NAME|encrypt to user ID NAME as well"
-msgstr "|NAME|зашифровывать также для ID пользователя NAME"
+msgstr "|NAME|зашифровывать также для идентификатора пользователя NAME"
msgid "|SPEC|set up email aliases"
msgstr "|SPEC|установить синонимы электронной почты"
msgid "Configuration for OCSP"
msgstr "Настройки OCSP"
-#, fuzzy
-#| msgid "GPG for OpenPGP"
msgid "OpenPGP"
-msgstr "GPG для OpenPGP"
+msgstr "OpenPGP"
msgid "Private Keys"
-msgstr ""
+msgstr "Закрытые ключи"
-#, fuzzy
-#| msgid "Smartcard Daemon"
msgid "Smartcards"
-msgstr "Ð\94емон кÑ\80ипÑ\82огÑ\80аÑ\84иÑ\87еÑ\81киÑ\85 каÑ\80Ñ\82"
+msgstr "Ð\9aÑ\80ипÑ\82огÑ\80аÑ\84иÑ\87еÑ\81кие каÑ\80Ñ\82Ñ\8b"
-#, fuzzy
-#| msgid "GPG for S/MIME"
msgid "S/MIME"
-msgstr "GPG для S/MIME"
+msgstr "S/MIME"
msgid "Network"
-msgstr ""
+msgstr "Сеть"
-#, fuzzy
-#| msgid "PIN and Passphrase Entry"
msgid "Passphrase Entry"
-msgstr "Ввод PIN и фраз-паролей"
+msgstr "Ввод фраз-паролей"
msgid "Component not suitable for launching"
msgstr "Компонент не подходит для запуска"
msgid "Note that group specifications are ignored\n"
msgstr "Обратите внимание, что спецификации групп игнорируются\n"
-#, fuzzy, c-format
-#| msgid "error closing '%s': %s\n"
+#, c-format
msgid "error closing '%s'\n"
-msgstr "ошибка закрытия '%s': %s\n"
+msgstr "ошибка закрытия '%s'\n"
-#, fuzzy, c-format
-#| msgid "error hashing '%s': %s\n"
+#, c-format
msgid "error parsing '%s'\n"
-msgstr "оÑ\88ибка пÑ\80и полÑ\83Ñ\87ении Ñ\85еÑ\88а '%s': %s\n"
+msgstr "оÑ\88ибка пÑ\80и инÑ\82еÑ\80пÑ\80еÑ\82аÑ\86ии '%s'\n"
msgid "list all components"
msgstr "вывод списка всех компонентов"
msgid "apply global default values"
msgstr "применить глобальные значения по умолчанию"
-#, fuzzy
-#| msgid "|FILE|take policy information from FILE"
msgid "|FILE|update configuration files using FILE"
-msgstr "|FILE|взÑ\8fÑ\82Ñ\8c инÑ\84оÑ\80маÑ\86иÑ\8e о пÑ\80авилаÑ\85 из файла FILE"
+msgstr "|FILE|обновиÑ\82Ñ\8c Ñ\84айлÑ\8b конÑ\84игÑ\83Ñ\80аÑ\86ии из файла FILE"
msgid "get the configuration directories for @GPGCONF@"
msgstr "получить каталоги настроек для @GPGCONF@"
"Синтаксис: gpg-check-pattern [параметры] файл_образцов\n"
"Проверить фразу-пароль, поступающую из stdin, по файлу образцов\n"
-#~ msgid "--store [filename]"
-#~ msgstr "--store [файл]"
-
-#~ msgid "--symmetric [filename]"
-#~ msgstr "--symmetric [файл]"
-
-#~ msgid "--encrypt [filename]"
-#~ msgstr "--encrypt [файл]"
-
-#~ msgid "--symmetric --encrypt [filename]"
-#~ msgstr "--symmetric --encrypt [файл]"
-
-#~ msgid "--sign [filename]"
-#~ msgstr "--sign [файл]"
-
-#~ msgid "--sign --encrypt [filename]"
-#~ msgstr "--sign --encrypt [файл]"
-
-#~ msgid "--symmetric --sign --encrypt [filename]"
-#~ msgstr "--symmetric --sign --encrypt [файл]"
-
-#~ msgid "--sign --symmetric [filename]"
-#~ msgstr "--sign --symmetric [файл]"
-
-#~ msgid "--clear-sign [filename]"
-#~ msgstr "--clear-sign [файл]"
-
-#~ msgid "--decrypt [filename]"
-#~ msgstr "--decrypt [файл]"
-
-#~ msgid "--sign-key user-id"
-#~ msgstr "--sign-key <ID пользователя>"
-
-#~ msgid "--lsign-key user-id"
-#~ msgstr "--lsign-key <ID пользователя>"
-
-#~ msgid "--edit-key user-id [commands]"
-#~ msgstr "--edit-key <ID пользователя> [команды]"
-
-#~ msgid "--passwd <user-id>"
-#~ msgstr "--passwd <ID пользователя>"
-
-#~ msgid "[filename]"
-#~ msgstr "[файл]"
-
-#~ msgid " in the past."
-#~ msgstr " в прошлом."
-
-#~ msgid "%s: "
-#~ msgstr "%s: "
-
-#~ msgid ", and encrypted %ld messages"
-#~ msgstr ", зашифровано %ld сообщений"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Введите PIN%%0A[сделано подписей: %lu]"
-#~ msgid "GPG Agent"
-#~ msgstr "Агент GPG"
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Введите административный PIN%%0A[осталось попыток: %d]"
-#~ msgid "Key Acquirer"
-#~ msgstr "Диспетчер ключей"
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA требует 160-битной хеш-функции\n"
msgid "no suitable card key found: %s\n"
msgstr "nenájdený zapisovateľný súbor tajných kľúčov (secring): %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "neznáme"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "neplatný znak vo formáte radix64 %02x bol preskočený\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "zapisujem tajný kľúč do `%s'\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Začnite písať svoju správu ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "chyba pri posielaní na `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "zlyhalo obnovenie vyrovnávacej pamäti kľúčov: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
msgid "reading public key failed: %s\n"
msgstr "zmazanie bloku kľúča sa nepodarilo: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "zmeniť heslo"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "nepodarilo poslať kľúč na server: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "zmeniť heslo"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "zmeniť heslo"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "zmeniť heslo"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Prosím výberte dôvod na revokáciu:\n"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "neplatný znak vo formáte radix64 %02x bol preskočený\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent nie je v tomto sedení dostupný\n"
msgid " runtime cached certificates: %u\n"
msgstr "chyba pri vytváraní hesla: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Revokačný certifikát bol vytvorený.\n"
msgid "certificate chain is good\n"
msgstr "duplicita predvoľby %c%lu\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA požaduje použitie 160 bitového hashovacieho algoritmu\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "zmeniť heslo"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA požaduje použitie 160 bitového hashovacieho algoritmu\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [meno súboru]"
msgid "no suitable card key found: %s\n"
msgstr "ingen lämplig kortnyckel hittades: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "fel vid hämtning av lagrade flaggor: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[ingen]"
+# överhoppad eller hoppades över?
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "ogiltigt radix64-tecken %02x hoppades över\n"
+
msgid "argument not expected"
msgstr "argument förväntades inte"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Skriv ditt meddelande här ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "fel vid sändning av %s-kommando: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "misslyckades med att lagra datum för skapandet: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "fel vid hämtning av CHV-status från kort\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "svaret innehåller inte en RSA-modulus\n"
msgid "reading public key failed: %s\n"
msgstr "läsning av publik nyckel misslyckades: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "använder standard-PIN som %s\n"
"misslyckades med att använda standard-PIN som %s: %s - inaktiverar "
"ytterligare standardanvändning\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Ange PIN-koden%%0A[signaturer kvar: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Ange PIN-koden"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "validering av CHV%d misslyckades: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "fel vid hämtning av CHV-status från kort\n"
-
msgid "card is permanently locked!\n"
msgstr "kortet är låst permanent!\n"
"%d försök för Admin PIN-koden återstår innan kortet låses permanent\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Ange administratörens PIN-kod%%0A[återstående försök: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Ange administratörens PIN-kod"
msgid "access to admin commands is not configured\n"
msgstr "åtkomst till administrationskommandon är inte konfigurerat\n"
+msgid "||Please enter the PIN"
+msgstr "||Ange PIN-koden"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Ange nollställningskoden för kortet"
msgid "handler for fd %d terminated\n"
msgstr "hanterare för fd %d avslutad\n"
-# överhoppad eller hoppades över?
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "ogiltigt radix64-tecken %02x hoppades över\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
msgid " runtime cached certificates: %u\n"
msgstr "antal matchande certifikat: %d\n"
+#, fuzzy, c-format
+#| msgid "number of matching certificates: %d\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "antal matchande certifikat: %d\n"
+
#, fuzzy
#| msgid " (certificate created at "
msgid "certificate already cached\n"
msgid "certificate chain is good\n"
msgstr "certifikatet är korrekt\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr ""
-
#, fuzzy
#| msgid "certificate should have not been used for signing\n"
msgid "certificate should not have been used for CRL signing\n"
"Syntax: gpg-check-pattern [flaggor] mönsterfil\n"
"Kontrollera en lösenfras angiven på standard in mot mönsterfilen\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Ange PIN-koden%%0A[signaturer kvar: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Ange administratörens PIN-kod%%0A[återstående försök: %d]"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [filnamn]"
msgid "no suitable card key found: %s\n"
msgstr "uygun bir kart anahtarı yok: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "saklanmış bayraklar alınırken hata: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[yok]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "geçersiz radix64 karakteri %02x atlandı\n"
+
msgid "argument not expected"
msgstr "değiştirge beklenmiyordu"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "İletinizi yazın ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "%s komutu gönderilirken hata: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "oluşturma tarihinin saklanması başarısız oldu: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "karttan CHV durumu alınırken hata\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "yanıt RSA modülü içermiyor\n"
msgid "reading public key failed: %s\n"
msgstr "genel anahtar okuması başarısız: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "%s olarak öntanımlı PIN kullanılıyor\n"
"%s olarak öntanımlı PIN kullanılamadı: %s - öntanımlı kullanımı iptal "
"ediliyor\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Lütfen PIN'i giriniz%%0A[yapılan imza: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Lütfen PIN'i giriniz"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "CHV%d doğrulaması başarısız oldu: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "karttan CHV durumu alınırken hata\n"
-
msgid "card is permanently locked!\n"
msgstr "kart kalıcı olarak kilitli!\n"
"kart kalıcı olarak kilitlenmeden önce %d Yönetici PIN kalmasına çalışılıyor\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr ""
-"|A|Lütfen Yönetici PIN'ini okuyucu tuştakımından giriniz%%0A[kalan deneme: "
-"%d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "||Lütfen PIN'i giriniz"
msgid "access to admin commands is not configured\n"
msgstr "yönetici komutlarına erişim yapılandırılmamış\n"
+msgid "||Please enter the PIN"
+msgstr "||Lütfen PIN'i giriniz"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
msgid "handler for fd %d terminated\n"
msgstr "fd %d için eylemci sonlandı\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "geçersiz radix64 karakteri %02x atlandı\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
msgid " runtime cached certificates: %u\n"
msgstr "eşleşen sertifika sayısı: %d\n"
+#, fuzzy, c-format
+#| msgid "number of matching certificates: %d\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "eşleşen sertifika sayısı: %d\n"
+
#, fuzzy
#| msgid " (certificate created at "
msgid "certificate already cached\n"
msgid "certificate chain is good\n"
msgstr "sertifika iyi durumda\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr ""
-
#, fuzzy
#| msgid "certificate should have not been used for signing\n"
msgid "certificate should not have been used for CRL signing\n"
"Standart girdiden verilen anahtar parolasını örüntü dosyasıyla "
"karşılaştırır\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Lütfen PIN'i giriniz%%0A[yapılan imza: %lu]"
+
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr ""
+#~ "|A|Lütfen Yönetici PIN'ini okuyucu tuştakımından giriniz%%0A[kalan "
+#~ "deneme: %d]"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [dosyaismi]"
# Copyright (C) 2011 Free Software Foundation, Inc.
# This file is distributed under the same license as the GnuPG package.
#
-# Yuri Chornoivan <yurchor@ukr.net>, 2011, 2014, 2015, 2016.
+# Yuri Chornoivan <yurchor@ukr.net>, 2011, 2014, 2015, 2016, 2017.
msgid ""
msgstr ""
"Project-Id-Version: GNU gnupg 2.1.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2016-07-10 15:11+0300\n"
+"PO-Revision-Date: 2017-01-27 14:10+0200\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <kde-i18n-uk@kde.org>\n"
"Language: uk\n"
msgid "no suitable card key found: %s\n"
msgstr "не виявлено відповідних ключів картки: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "помилка під час спроби отримання збережених прапорців: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "run in server mode (foreground)"
msgstr "запустити у режимі сервера (основному)"
-#, fuzzy
-#| msgid "run in server mode"
msgid "run in supervised mode"
-msgstr "запÑ\83Ñ\81Ñ\82иÑ\82и Ñ\83 Ñ\80ежимÑ\96 Ñ\81еÑ\80веÑ\80а"
+msgstr "запÑ\83Ñ\81Ñ\82иÑ\82и Ñ\83 Ñ\80ежимÑ\96 Ñ\96з наглÑ\8fдом"
msgid "verbose"
msgstr "докладний режим"
msgid "Warning: unsafe permissions on %s \"%s\"\n"
msgstr "Увага: визначення прав доступу не є безпечним для %s — «%s»\n"
-#, fuzzy, c-format
-#| msgid "waiting for the agent to come up ... (%ds)\n"
+#, c-format
msgid "waiting for file '%s' to become accessible ...\n"
-msgstr "очікування на працездатність агента… (%d с)\n"
+msgstr "очікуємо на отримання доступу до файла «%s»…\n"
#, c-format
msgid "renaming '%s' to '%s' failed: %s\n"
msgid "[none]"
msgstr "[немає]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "пропущено некоректний символ radix64 %02x\n"
+
msgid "argument not expected"
msgstr "неочікуваний аргумент"
msgstr "вилучити максимум частин з ключа під час експортування"
msgid "use the GnuPG key backup format"
-msgstr ""
+msgstr "використовувати формат резервних копій ключів GnuPG"
msgid " - skipped"
msgstr " - пропущено"
msgid "quickly revoke a user-id"
msgstr "швидке відкликання ідентифікатора користувача"
-#, fuzzy
-#| msgid "quickly generate a new key pair"
msgid "quickly set a new expiration date"
-msgstr "швидке створення пари ключів"
+msgstr "швидке встановлення нової дати завершення строку дії"
msgid "full featured key pair generation"
msgstr "повноцінне створення пари ключів"
"(Щоб ознайомитися зі списком команд і параметрів, скористайтеся сторінкою "
"довідника (man))\n"
-#, fuzzy
-#| msgid ""
-#| "@\n"
-#| "Examples:\n"
-#| "\n"
-#| " -se -r Bob [file] sign and encrypt for user Bob\n"
-#| " --clear-sign [file] make a clear text signature\n"
-#| " --detach-sign [file] make a detached signature\n"
-#| " --list-keys [names] show keys\n"
-#| " --fingerprint [names] show fingerprints\n"
msgid ""
"@\n"
"Examples:\n"
msgid "show expiration dates during signature listings"
msgstr "показувати дати завершення строків дії у списку підписів"
-#, fuzzy, c-format
-#| msgid "invalid argument for option \"%.50s\"\n"
+#, c-format
msgid "valid values for option '%s':\n"
-msgstr "некоÑ\80екÑ\82ний аÑ\80гÑ\83менÑ\82 паÑ\80амеÑ\82Ñ\80а «%.50s»\n"
+msgstr "коÑ\80екÑ\82нÑ\96 знаÑ\87еннÑ\8f паÑ\80амеÑ\82Ñ\80а «%s»:\n"
#, c-format
msgid "unknown TOFU policy '%s'\n"
msgid "(use \"help\" to list choices)\n"
msgstr "(команда «help» виводить список можливих варіантів)\n"
-#, fuzzy, c-format
-#| msgid "invalid argument for option \"%.50s\"\n"
+#, c-format
msgid "invalid value for option '%s'\n"
-msgstr "некоÑ\80екÑ\82ний аÑ\80гÑ\83менÑ\82 паÑ\80амеÑ\82Ñ\80а «%.50s»\n"
+msgstr "некоÑ\80екÑ\82не знаÑ\87еннÑ\8f паÑ\80амеÑ\82Ñ\80а «%s»\n"
#, c-format
msgid "Note: old default options file '%s' ignored\n"
msgid "'%s' is not a valid signature expiration\n"
msgstr "«%s» не є коректним записом завершення строку дії підпису\n"
-#, fuzzy, c-format
-#| msgid "line %d: not a valid email address\n"
+#, c-format
msgid "\"%s\" is not a proper mail address\n"
-msgstr "рядок %d: некоректна адреса електронної пошти\n"
+msgstr "«%s» не є коректною адресою електронної пошти\n"
#, c-format
msgid "invalid pinentry mode '%s'\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr "«%s» не є коректним ідентифікатором ключа, відбитком або кодом\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Почніть вводити ваше повідомлення...\n"
msgid "run import filters and export key immediately"
msgstr "запустити фільтри імпортування та експортувати ключ негайно"
-#, fuzzy
-#| msgid "assume input is in binary format"
msgid "assume the GnuPG key backup format"
-msgstr "вважаÑ\82и вÑ\85Ñ\96днÑ\96 данÑ\96 даними Ñ\83 двÑ\96йковомÑ\83 Ñ\84оÑ\80маÑ\82Ñ\96"
+msgstr "пÑ\80ипÑ\83Ñ\81каÑ\82и Ñ\84оÑ\80маÑ\82 Ñ\80езеÑ\80вниÑ\85 копÑ\96й клÑ\8eÑ\87Ñ\96в GnuPG"
#, c-format
msgid "skipping block of type %d\n"
msgid "Nothing to sign.\n"
msgstr "Нічого підписувати.\n"
-#, fuzzy, c-format
-#| msgid "'%s' is not a valid signature expiration\n"
+#, c-format
msgid "'%s' is not a valid expiration time\n"
-msgstr "«%s» не є коректним записом завершення строку дії підпису\n"
+msgstr "«%s» не є коректним записом завершення строку дії\n"
msgid "Digest: "
msgstr "Контрольна сума: "
msgid "Signature made %s using %s key ID %s\n"
msgstr "Підпис створено %s ключем %s з ідентифікатором %s\n"
-#, fuzzy, c-format
-#| msgid " aka \"%s\""
+#, c-format
msgid " issuer \"%s\"\n"
-msgstr " або «%s»"
+msgstr " видавець «%s»\n"
msgid "Key available at: "
msgstr "Ключ доступний на: "
msgid "This key belongs to us\n"
msgstr "Цей ключ належить нам\n"
-#, fuzzy, c-format
-#| msgid "root certificate has now been marked as trusted\n"
+#, c-format
msgid "%s: This key is bad! It has been marked as untrusted!\n"
-msgstr "кореневий сертифікат було позначено як надійний\n"
+msgstr "%s: цей ключ є помилковим! Його позначено як не вартий довіри!\n"
-#, fuzzy
-#| msgid ""
-#| "It is NOT certain that the key belongs to the person named\n"
-#| "in the user ID. If you *really* know what you are doing,\n"
-#| "you may answer the next question with yes.\n"
msgid ""
"This key is bad! It has been marked as untrusted! If you\n"
"*really* know what you are doing, you may answer the next\n"
"question with yes.\n"
msgstr ""
-"Не можна з певністю вважати, що ключ належить особі,\n"
-"вказаній у ідентифікаторі користувача. Якщо вам *точно*\n"
-"відомі наслідки ваших дій, можете ствердно відповісти\n"
-"на наступне питання.\n"
+"Цей ключ є помилковим! Його позначено як не вартий довіри! Якщо\n"
+"ви попри це впевнені у наслідках своїх дій, вам слід відповісти\n"
+"на наступне питання «так».\n"
msgid ""
"It is NOT certain that the key belongs to the person named\n"
msgid "unsupported TOFU database version: %s\n"
msgstr "непідтримувана версія бази даних TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "error creating temporary file: %s\n"
+#, c-format
msgid "error creating 'ultimately_trusted_keys' TOFU table: %s\n"
-msgstr "помилка створення тимчасового файла: %s\n"
+msgstr ""
+"помилка під час спроби створити таблицю TOFU «ultimately_trusted_keys»: %s\n"
msgid "TOFU DB error"
-msgstr ""
+msgstr "помилка бази даних TOFU"
#, c-format
msgid "error reading TOFU database: %s\n"
msgid "error initializing TOFU database: %s\n"
msgstr "помилка під час спроби ініціалізації бази даних TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "error reading TOFU database: %s\n"
+#, c-format
msgid "error creating 'encryptions' TOFU table: %s\n"
-msgstr "помилка пÑ\96д Ñ\87аÑ\81 Ñ\81пÑ\80оби Ñ\87иÑ\82аннÑ\8f бази даниÑ\85 TOFU: %s\n"
+msgstr "помилка пÑ\96д Ñ\87аÑ\81 Ñ\81пÑ\80оби Ñ\81Ñ\82воÑ\80иÑ\82и Ñ\82аблиÑ\86Ñ\8e TOFU «encryptions»: %s\n"
#, c-format
msgid "adding column effective_policy to bindings DB: %s\n"
-msgstr ""
+msgstr "додаємо стовпчик effective_policy до бази даних прив’язок: %s\n"
#, c-format
msgid "error opening TOFU database '%s': %s\n"
msgid "error updating TOFU database: %s\n"
msgstr "помилка під час спроби оновлення бази даних TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "The email address \"%s\" is associated with %d key:\n"
-#| msgid_plural "The email address \"%s\" is associated with %d keys:\n"
+#, c-format
msgid ""
"This is the first time the email address \"%s\" is being used with key %s."
-msgstr "Адресу електронної пошти «%s» пов’язано із %d ключем:\n"
+msgstr "Адреса електронної пошти «%s» вперше використовується з ключем %s."
-#, fuzzy, c-format
-#| msgid "The email address \"%s\" is associated with %d key:\n"
-#| msgid_plural "The email address \"%s\" is associated with %d keys:\n"
+#, c-format
msgid "The email address \"%s\" is associated with %d key!"
msgid_plural "The email address \"%s\" is associated with %d keys!"
-msgstr[0] "Адресу електронної пошти «%s» пов’язано із %d ключем:\n"
-msgstr[1] "Ð\90дÑ\80еÑ\81Ñ\83 елекÑ\82Ñ\80онноÑ\97 поÑ\88Ñ\82и «%s» повâ\80\99Ñ\8fзано Ñ\96з %d клÑ\8eÑ\87ем:\n"
-msgstr[2] "Ð\90дÑ\80еÑ\81Ñ\83 елекÑ\82Ñ\80онноÑ\97 поÑ\88Ñ\82и «%s» повâ\80\99Ñ\8fзано Ñ\96з %d клÑ\8eÑ\87ем:\n"
+msgstr[0] "Адресу електронної пошти «%s» пов’язано із %d ключем!"
+msgstr[1] "Ð\90дÑ\80еÑ\81Ñ\83 елекÑ\82Ñ\80онноÑ\97 поÑ\88Ñ\82и «%s» повâ\80\99Ñ\8fзано Ñ\96з %d клÑ\8eÑ\87ами!"
+msgstr[2] "Ð\90дÑ\80еÑ\81Ñ\83 елекÑ\82Ñ\80онноÑ\97 поÑ\88Ñ\82и «%s» повâ\80\99Ñ\8fзано Ñ\96з %d клÑ\8eÑ\87ами!"
-#, fuzzy
-#| msgid ""
-#| "The key with fingerprint %s raised a conflict with the binding %s. Since "
-#| "this binding's policy was 'auto', it was changed to 'ask'."
msgid " Since this binding's policy was 'auto', it has been changed to 'ask'."
msgstr ""
-"Ключ із відбитком %s конфліктує із прив’язкою %s. Оскільки правилами цієї "
-"прив’язки визначалося «автоматично», їх змінено на «запитувати»."
+" Оскільки правилами цієї прив’язки визначалося «автоматично», їх змінено на "
+"«запитувати»."
#, c-format
msgid ""
"Please indicate whether this email address should be associated with key %s "
"or whether you think someone is impersonating \"%s\"."
msgstr ""
+"Будь ласка, вкажіть, слід пов’язати цю адресу електронної пошти з ключем %s "
+"чи ви вважаєте, що хтось видає себе за «%s»."
#, c-format
msgid "error gathering other user IDs: %s\n"
msgstr "помилка під час збирання інших ідентифікаторів користувачів: %s\n"
-#, fuzzy
-#| msgid "list key and user IDs"
msgid "This key's user IDs:\n"
-msgstr "показаÑ\82и Ñ\81пиÑ\81ок клÑ\8eÑ\87Ñ\96в Ñ\82а Ñ\96денÑ\82иÑ\84Ñ\96каÑ\82оÑ\80Ñ\96в коÑ\80иÑ\81Ñ\82Ñ\83ваÑ\87а"
+msgstr "Ð\86денÑ\82иÑ\84Ñ\96каÑ\82оÑ\80и коÑ\80иÑ\81Ñ\82Ñ\83ваÑ\87Ñ\96в Ñ\86Ñ\8cого клÑ\8eÑ\87а:\n"
#, c-format
msgid "policy: %s"
msgstr "Статистичні дані для ключів із адресою електронної пошти «%s»:\n"
msgid ", "
-msgstr ""
+msgstr ", "
msgid "this key"
msgstr "цей ключ"
-#, fuzzy, c-format
-#| msgid "Verified %ld messages signed by \"%s\"."
+#, c-format
msgid "Verified %d message."
msgid_plural "Verified %d messages."
-msgstr[0] "Перевірено %ld повідомлень, підписаних «%s»."
-msgstr[1] "Перевірено %ld повідомлень, підписаних «%s»."
-msgstr[2] "Перевірено %ld повідомлень, підписаних «%s»."
+msgstr[0] "Перевірено %d повідомлення."
+msgstr[1] "Перевірено %d повідомлення."
+msgstr[2] "Перевірено %d повідомлень."
-#, fuzzy, c-format
-#| msgid "encrypted with %lu passphrases\n"
+#, c-format
msgid "Encrypted %d message."
msgid_plural "Encrypted %d messages."
-msgstr[0] "заÑ\88иÑ\84Ñ\80овано за допомогоÑ\8e %lu паÑ\80олÑ\96в\n"
-msgstr[1] "заÑ\88иÑ\84Ñ\80овано за допомогоÑ\8e %lu паÑ\80олÑ\96в\n"
-msgstr[2] "заÑ\88иÑ\84Ñ\80овано за допомогоÑ\8e %lu паÑ\80олÑ\96в\n"
+msgstr[0] "Ð\97аÑ\88иÑ\84Ñ\80овано %d повÑ\96домленнÑ\8f."
+msgstr[1] "Ð\97аÑ\88иÑ\84Ñ\80овано %d повÑ\96домленнÑ\8f."
+msgstr[2] "Ð\97аÑ\88иÑ\84Ñ\80овано %d повÑ\96домленÑ\8c."
-#, fuzzy, c-format
-#| msgid "%ld message signed in the future."
-#| msgid_plural "%ld messages signed in the future."
+#, c-format
msgid "Verified %d message in the future."
msgid_plural "Verified %d messages in the future."
-msgstr[0] "%ld повідомлення підписано у майбутньому."
-msgstr[1] "%ld повідомлення підписано у майбутньому."
-msgstr[2] "%ld повідомлень підписано у майбутньому."
+msgstr[0] "Перевірено %d повідомлення у майбутньому."
+msgstr[1] "Перевірено %d повідомлення у майбутньому."
+msgstr[2] "Перевірено %d повідомлень у майбутньому."
-#, fuzzy, c-format
-#| msgid "%ld message signed in the future."
-#| msgid_plural "%ld messages signed in the future."
+#, c-format
msgid "Encrypted %d message in the future."
msgid_plural "Encrypted %d messages in the future."
-msgstr[0] "%ld повідомлення підписано у майбутньому."
-msgstr[1] "%ld повідомлення підписано у майбутньому."
-msgstr[2] "%ld повідомлень підписано у майбутньому."
+msgstr[0] "Зашифровано %d повідомлення у майбутньому."
+msgstr[1] "Зашифровано %d повідомлення у майбутньому."
+msgstr[2] "Зашифровано %d повідомлень у майбутньому."
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
msgid "Messages verified over the past %d day: %d."
msgid_plural "Messages verified over the past %d days: %d."
-msgstr[0] " протягом %ld попереднього дня."
-msgstr[1] " протягом %ld попередніх днів."
-msgstr[2] " протягом %ld попередніх днів."
+msgstr[0] "Перевірено повідомлень протягом останнього %d дня: %d."
+msgstr[1] "Перевірено повідомлень протягом останніх %d днів: %d."
+msgstr[2] "Перевірено повідомлень протягом останніх %d днів: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
msgid "Messages encrypted over the past %d day: %d."
msgid_plural "Messages encrypted over the past %d days: %d."
-msgstr[0] " протягом %ld попереднього дня."
-msgstr[1] " протягом %ld попередніх днів."
-msgstr[2] " протягом %ld попередніх днів."
+msgstr[0] "Повідомлень, які зашифровано протягом останнього %d дня: %d."
+msgstr[1] "Повідомлень, які зашифровано протягом останніх %d днів: %d."
+msgstr[2] "Повідомлень, які зашифровано протягом останніх %d днів: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld month."
-#| msgid_plural " over the past %ld months."
+#, c-format
msgid "Messages verified over the past %d month: %d."
msgid_plural "Messages verified over the past %d months: %d."
-msgstr[0] " протягом %ld попереднього місяця."
-msgstr[1] " протягом %ld попередніх місяців."
-msgstr[2] " протягом %ld попередніх місяців."
+msgstr[0] "Перевірено повідомлень протягом останнього %d місяця: %d."
+msgstr[1] "Перевірено повідомлень протягом останніх %d місяців: %d."
+msgstr[2] "Перевірено повідомлень протягом останніх %d місяців: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld month."
-#| msgid_plural " over the past %ld months."
+#, c-format
msgid "Messages encrypted over the past %d month: %d."
msgid_plural "Messages encrypted over the past %d months: %d."
-msgstr[0] " протягом %ld попереднього місяця."
-msgstr[1] " протягом %ld попередніх місяців."
-msgstr[2] " протягом %ld попередніх місяців."
+msgstr[0] "Повідомлень, які зашифровано протягом останнього %d місяця: %d."
+msgstr[1] "Повідомлень, які зашифровано протягом останніх %d місяців: %d."
+msgstr[2] "Повідомлень, які зашифровано протягом останніх %d місяців: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
msgid "Messages verified over the past %d year: %d."
msgid_plural "Messages verified over the past %d years: %d."
-msgstr[0] " протягом %ld попереднього дня."
-msgstr[1] " протягом %ld попередніх днів."
-msgstr[2] " протягом %ld попередніх днів."
+msgstr[0] "Перевірено повідомлень протягом останнього %d року: %d."
+msgstr[1] "Перевірено повідомлень протягом останніх %d років: %d."
+msgstr[2] "Перевірено повідомлень протягом останніх %d років: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
msgid "Messages encrypted over the past %d year: %d."
msgid_plural "Messages encrypted over the past %d years: %d."
-msgstr[0] " протягом %ld попереднього дня."
-msgstr[1] " протягом %ld попередніх днів."
-msgstr[2] " протягом %ld попередніх днів."
+msgstr[0] "Повідомлень, які зашифровано протягом останнього %d року: %d."
+msgstr[1] "Повідомлень, які зашифровано протягом останніх %d років: %d."
+msgstr[2] "Повідомлень, які зашифровано протягом останніх %d років: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
msgid "Messages verified in the past: %d."
-msgstr " протягом %ld попереднього дня."
+msgstr "Повідомлень, які перевірено у минулому: %d."
-#, fuzzy, c-format
-#| msgid ""
-#| "Verified %ld message signed by \"%s\"\n"
-#| "in the past %s."
-#| msgid_plural ""
-#| "Verified %ld messages signed by \"%s\"\n"
-#| "in the past %s."
+#, c-format
msgid "Messages encrypted in the past: %d."
-msgstr ""
-"Перевірено %ld повідомлення, підписане «%s»,\n"
-"протягом такого строку: %s."
+msgstr "Повідомлень, які зашифровано у минулому: %d."
#. TRANSLATORS: Please translate the text found in the source
#. * file below. We don't directly internationalize that text so
"(G)Добрий, (A)Прийняти одноразово, (U)Невідомий, (R)Відкинути одноразово, "
"(B)Поганий? "
-msgid "Defaulting to unknown."
-msgstr ""
+#, fuzzy
+#| msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
+msgstr "Типовим значенням є «невідомий»."
msgid "TOFU db corruption detected.\n"
-msgstr ""
+msgstr "Виявлено пошкодження бази даних TOFU.\n"
-#, fuzzy, c-format
-#| msgid "error writing key: %s\n"
+#, c-format
msgid "resetting keydb: %s\n"
-msgstr "помилка під час спроби запису ключа: %s\n"
+msgstr "скидаємо базу даних ключів: %s\n"
-#, fuzzy, c-format
-#| msgid "error setting TOFU binding's trust level to %s\n"
+#, c-format
msgid "error setting TOFU binding's policy to %s\n"
-msgstr ""
-"помилка під час спроби встановлення рівня довіри до прив’язки TOFU до %s\n"
+msgstr "помилка під час спроби встановлення правил прив’язки TOFU до %s\n"
#, c-format
msgid "error changing TOFU policy: %s\n"
msgstr "помилка під час спроби змінити правила TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "%d~year"
-#| msgid_plural "%d~years"
+#, c-format
msgid "%lld~year"
msgid_plural "%lld~years"
-msgstr[0] "%d~рік"
-msgstr[1] "%d~роки"
-msgstr[2] "%d~років"
+msgstr[0] "%lld~рік"
+msgstr[1] "%lld~роки"
+msgstr[2] "%lld~років"
-#, fuzzy, c-format
-#| msgid "%d~month"
-#| msgid_plural "%d~months"
+#, c-format
msgid "%lld~month"
msgid_plural "%lld~months"
-msgstr[0] "%d~місяць"
-msgstr[1] "%d~місяці"
-msgstr[2] "%d~місяців"
+msgstr[0] "%lld~місяць"
+msgstr[1] "%lld~місяці"
+msgstr[2] "%lld~місяців"
#, c-format
msgid "%lld~week"
msgid_plural "%lld~weeks"
-msgstr[0] ""
-msgstr[1] ""
-msgstr[2] ""
+msgstr[0] "%lld~тиждень"
+msgstr[1] "%lld~тижні"
+msgstr[2] "%lld~тижнів"
-#, fuzzy, c-format
-#| msgid "%d~day"
-#| msgid_plural "%d~days"
+#, c-format
msgid "%lld~day"
msgid_plural "%lld~days"
-msgstr[0] "%d~день"
-msgstr[1] "%d~дні"
-msgstr[2] "%d~днів"
+msgstr[0] "%lld~день"
+msgstr[1] "%lld~дні"
+msgstr[2] "%lld~днів"
-#, fuzzy, c-format
-#| msgid "%d~hour"
-#| msgid_plural "%d~hours"
+#, c-format
msgid "%lld~hour"
msgid_plural "%lld~hours"
-msgstr[0] "%d~година"
-msgstr[1] "%d~години"
-msgstr[2] "%d~годин"
+msgstr[0] "%lld~година"
+msgstr[1] "%lld~години"
+msgstr[2] "%lld~годин"
-#, fuzzy, c-format
-#| msgid "%d~minute"
-#| msgid_plural "%d~minutes"
+#, c-format
msgid "%lld~minute"
msgid_plural "%lld~minutes"
-msgstr[0] "%d~хвилина"
-msgstr[1] "%d~хвилини"
-msgstr[2] "%d~хвилин"
+msgstr[0] "%lld~хвилина"
+msgstr[1] "%lld~хвилини"
+msgstr[2] "%lld~хвилин"
-#, fuzzy, c-format
-#| msgid "%d~second"
-#| msgid_plural "%d~seconds"
+#, c-format
msgid "%lld~second"
msgid_plural "%lld~seconds"
-msgstr[0] "%d~секунда"
-msgstr[1] "%d~секунди"
-msgstr[2] "%d~секунд"
+msgstr[0] "%lld~секунда"
+msgstr[1] "%lld~секунди"
+msgstr[2] "%lld~секунд"
#, c-format
msgid "%s: Verified 0~signatures and encrypted 0~messages."
-msgstr ""
+msgstr "%s: перевірено 0~підписів і зашифровано 0~повідомлень."
-#, fuzzy, c-format
-#| msgid "Deleted %d signatures.\n"
+#, c-format
msgid "%s: Verified 0 signatures."
-msgstr "Вилучено %d підписів.\n"
+msgstr "%s: перевірено 0 підписів."
-#, fuzzy, c-format
-#| msgid ""
-#| "Verified %ld message signed by \"%s\"\n"
-#| "in the past %s."
-#| msgid_plural ""
-#| "Verified %ld messages signed by \"%s\"\n"
-#| "in the past %s."
+#, c-format
msgid "%s: Verified %ld~signature in the past %s."
msgid_plural "%s: Verified %ld~signatures in the past %s."
-msgstr[0] ""
-"Перевірено %ld повідомлення, підписане «%s»,\n"
-"протягом такого строку: %s."
-msgstr[1] ""
-"Перевірено %ld повідомлення, підписаних «%s»,\n"
-"протягом такого строку: %s."
-msgstr[2] ""
-"Перевірено %ld повідомлень, підписаних «%s»,\n"
-"протягом такого строку: %s."
+msgstr[0] "%s: перевірено %ld~підпис протягом останнього %s."
+msgstr[1] "%s: перевірено %ld~підписи протягом останнього %s."
+msgstr[2] "%s: перевірено %ld~підписів протягом останнього %s."
-#, fuzzy
-#| msgid "encrypted with %lu passphrases\n"
msgid "Encrypted 0 messages."
-msgstr "заÑ\88иÑ\84Ñ\80овано за допомогоÑ\8e %lu паÑ\80олÑ\96в\n"
+msgstr "Ð\97аÑ\88иÑ\84Ñ\80овано 0 повÑ\96домленÑ\8c."
-#, fuzzy, c-format
-#| msgid ""
-#| "Verified %ld message signed by \"%s\"\n"
-#| "in the past %s."
-#| msgid_plural ""
-#| "Verified %ld messages signed by \"%s\"\n"
-#| "in the past %s."
+#, c-format
msgid "Encrypted %ld~message in the past %s."
msgid_plural "Encrypted %ld~messages in the past %s."
-msgstr[0] ""
-"Перевірено %ld повідомлення, підписане «%s»,\n"
-"протягом такого строку: %s."
-msgstr[1] ""
-"Перевірено %ld повідомлення, підписаних «%s»,\n"
-"протягом такого строку: %s."
-msgstr[2] ""
-"Перевірено %ld повідомлень, підписаних «%s»,\n"
-"протягом такого строку: %s."
+msgstr[0] "Зашифровано %ld~повідомлення протягом останнього %s."
+msgstr[1] "Зашифровано %ld~повідомлення протягом останнього %s."
+msgstr[2] "Зашифровано %ld~повідомлень протягом останнього %s."
-#, fuzzy, c-format
-#| msgid "policy: %s"
+#, c-format
msgid "(policy: %s)"
-msgstr "правило: %s"
+msgstr "(правило: %s)"
-#, fuzzy
-#| msgid "Warning: we've have yet to see a message signed by this key!\n"
msgid ""
"Warning: we have yet to see a message signed using this key and user id!\n"
-msgstr "Попередження: повідомлень, які було б підписано цим ключем, не було!\n"
+msgstr ""
+"Попередження: ще не існує повідомлень, які було б підписано цим ключем та "
+"ідентифікатором користувача!\n"
-#, fuzzy
-#| msgid "Warning: we've only seen a single message signed by this key!\n"
msgid ""
"Warning: we've only seen one message signed using this key and user id!\n"
-msgstr "Попередження: цим ключем було підписано лише одне повідомлення!\n"
+msgstr ""
+"Попередження: за допомогою цього ключа і ідентифікатора користувача "
+"підписано лише одне повідомлення!\n"
-#, fuzzy
-#| msgid "Warning: we've have yet to see a message signed by this key!\n"
msgid "Warning: you have yet to encrypt a message to this key!\n"
-msgstr "Попередження: повідомлень, які було б підписано цим ключем, не було!\n"
+msgstr "Попередження: цим ключем ще не зашифровано жодного повідомлення!\n"
-#, fuzzy
-#| msgid "Warning: we've only seen a single message signed by this key!\n"
msgid "Warning: you have only encrypted one message to this key!\n"
-msgstr "Ð\9fопеÑ\80едженнÑ\8f: Ñ\86им клÑ\8eÑ\87ем бÑ\83ло пÑ\96дпиÑ\81ано лише одне повідомлення!\n"
+msgstr "Ð\9fопеÑ\80едженнÑ\8f: Ñ\86им клÑ\8eÑ\87ем бÑ\83ло заÑ\88иÑ\84Ñ\80овано лише одне повідомлення!\n"
-#, fuzzy, c-format
-#| msgid ""
-#| "Warning: if you think you've seen more than %ld message signed by this "
-#| "key, then this key might be a forgery! Carefully examine the email "
-#| "address for small variations. If the key is suspect, then use\n"
-#| " %s\n"
-#| "to mark it as being bad.\n"
-#| msgid_plural ""
-#| "Warning: if you think you've seen more than %ld messages signed by this "
-#| "key, then this key might be a forgery! Carefully examine the email "
-#| "address for small variations. If the key is suspect, then use\n"
-#| " %s\n"
-#| "to mark it as being bad.\n"
+#, c-format
msgid ""
"Warning: if you think you've seen more signatures by this key and user id, "
"then this key might be a forgery! Carefully examine the email address for "
" %s\n"
"to mark it as being bad.\n"
msgstr[0] ""
-"Ð\9fопеÑ\80едженнÑ\8f: Ñ\8fкÑ\89о вам здаÑ\94Ñ\82Ñ\8cÑ\81Ñ\8f, Ñ\89о Ñ\83 ваÑ\81 бÑ\83ло понад %ld повÑ\96домленнÑ\8f, "
-"підписане цим ключем, цей ключ може бути підробним! Уважно перевірте, чи "
-"точно вказано адресу електронної пошти. Якщо ключ є підозріливим, "
-"скористайтеся командою\n"
+"Ð\9fопеÑ\80едженнÑ\8f: Ñ\8fкÑ\89о вам здаÑ\94Ñ\82Ñ\8cÑ\81Ñ\8f, Ñ\89о Ñ\83 ваÑ\81 бÑ\83ло бÑ\96лÑ\8cÑ\88е пÑ\96дпиÑ\81Ñ\96в за допомогоÑ\8e "
+"цього ключа, цей ключ та ідентифікатор користувача можуть бути підробними! "
+"Уважно перевірте, чи точно вказано адресу електронної пошти. Якщо ключ є "
+"підозріливим, скористайтеся командою\n"
" %s\n"
"для позначення ключа як помилкового.\n"
msgstr[1] ""
-"Ð\9fопеÑ\80едженнÑ\8f: Ñ\8fкÑ\89о вам здаÑ\94Ñ\82Ñ\8cÑ\81Ñ\8f, Ñ\89о Ñ\83 ваÑ\81 бÑ\83ло понад %ld повÑ\96домленнÑ\8f, "
-"підписане цим ключем, цей ключ може бути підробним! Уважно перевірте, чи "
-"точно вказано адресу електронної пошти. Якщо ключ є підозріливим, "
-"скористайтеся командою\n"
+"Ð\9fопеÑ\80едженнÑ\8f: Ñ\8fкÑ\89о вам здаÑ\94Ñ\82Ñ\8cÑ\81Ñ\8f, Ñ\89о Ñ\83 ваÑ\81 бÑ\83ло бÑ\96лÑ\8cÑ\88е пÑ\96дпиÑ\81Ñ\96в за допомогоÑ\8e "
+"цього ключа, цей ключ та ідентифікатори користувача можуть бути підробними! "
+"Уважно перевірте, чи точно вказано адреси електронної пошти. Якщо ключ є "
+"підозріливим, скористайтеся командою\n"
" %s\n"
"для позначення ключа як помилкового.\n"
msgstr[2] ""
-"Ð\9fопеÑ\80едженнÑ\8f: Ñ\8fкÑ\89о вам здаÑ\94Ñ\82Ñ\8cÑ\81Ñ\8f, Ñ\89о Ñ\83 ваÑ\81 бÑ\83ло понад %ld повÑ\96домленÑ\8c, "
-"підписане цим ключем, цей ключ може бути підробним! Уважно перевірте, чи "
-"точно вказано адресу електронної пошти. Якщо ключ є підозріливим, "
-"скористайтеся командою\n"
+"Ð\9fопеÑ\80едженнÑ\8f: Ñ\8fкÑ\89о вам здаÑ\94Ñ\82Ñ\8cÑ\81Ñ\8f, Ñ\89о Ñ\83 ваÑ\81 бÑ\83ло бÑ\96лÑ\8cÑ\88е пÑ\96дпиÑ\81Ñ\96в за допомогоÑ\8e "
+"цього ключа, цей ключ та ідентифікатори користувача можуть бути підробними! "
+"Уважно перевірте, чи точно вказано адреси електронної пошти. Якщо ключ є "
+"підозріливим, скористайтеся командою\n"
" %s\n"
"для позначення ключа як помилкового.\n"
msgid "error opening TOFU database: %s\n"
msgstr "помилка під час спроби відкрити бази даних TOFU: %s\n"
-#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+#, fuzzy, c-format
+#| msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
+"ПОПЕРЕДЖЕННЯ: шифруємо до %s, для якого не виявлено не відкликаних "
+"ідентифікаторів користувача.\n"
-#, fuzzy, c-format
-#| msgid "error writing public keyring '%s': %s\n"
+#, c-format
msgid "error setting policy for key %s, user id \"%s\": %s"
-msgstr "помилка під час спроби запису до сховища відкритих ключів «%s»: %s\n"
+msgstr ""
+"помилка під час спроби встановити правила для ключа %s, ідентифікатор "
+"користувача «%s»: %s"
#, c-format
msgid "'%s' is not a valid long keyID\n"
msgid "failed to store the creation date: %s\n"
msgstr "не вдалося зберегти дату створення: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "помилка отримання стану CHV з картки\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "відповідь не містить основи числення RSA\n"
msgid "response does not contain the RSA public exponent\n"
msgstr "відповідь не містить відкритого показника RSA\n"
-#, fuzzy
-#| msgid "response does not contain the EC public point\n"
msgid "response does not contain the EC public key\n"
-msgstr "відповідь не містить відкритої точки еліптичної кривої\n"
+msgstr "відповідь не містить відкритого ключа еліптичної кривої\n"
msgid "response does not contain the public key data\n"
msgstr "відповідь не містить даних відкритого ключа\n"
msgid "reading public key failed: %s\n"
msgstr "помилка читання відкритого ключа: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "використовуємо типовий пінкод як %s\n"
"не вдалося використати типовий пінкод як %s: %s — вимикаємо подальше типове "
"використання\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Будь ласка, вкажіть пінкод%%0A[підписів: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Вкажіть пінкод"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "помилка перевірки CHV%d: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "помилка отримання стану CHV з картки\n"
-
msgid "card is permanently locked!\n"
msgstr "картку заблоковано!\n"
"картку буде остаточно заблоковано\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr ""
-"|A|Будь ласка, вкажіть адміністративний пінкод%%0A[залишилося спроб: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Вкажіть адміністративний пінкод"
msgid "access to admin commands is not configured\n"
msgstr "доступ до адміністративних команд не налаштовано\n"
+msgid "||Please enter the PIN"
+msgstr "||Вкажіть пінкод"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Вкажіть код скидання коду картки"
msgid "handler for fd %d terminated\n"
msgstr "роботу обробника для дескриптора %d перервано\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "пропущено некоректний символ radix64 %02x\n"
-
msgid "no dirmngr running in this session\n"
msgstr "у цьому сеансі не запущено dirmngr\n"
msgid " runtime cached certificates: %u\n"
msgstr " динамічно кешовані сертифікати: %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr " динамічно кешовані сертифікати: %u\n"
+
msgid "certificate already cached\n"
msgstr "сертифікат вже кешовано\n"
msgstr "дозволити надсилання запитів OCSP"
msgid "allow online software version check"
-msgstr ""
+msgstr "дозволити інтерактивну перевірку версії програмного забезпечення"
msgid "inhibit the use of HTTP"
msgstr "заборонити використання HTTP"
msgid "certificate chain is good\n"
msgstr "коректний ланцюжок сертифікації\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA потребує використання 160-бітового алгоритму хешування\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr "сертифікат не мав використовуватися для підписування CRL\n"
msgid "Configuration for OCSP"
msgstr "Налаштування OCSP"
-#, fuzzy
-#| msgid "GPG for OpenPGP"
msgid "OpenPGP"
-msgstr "GPG для OpenPGP"
+msgstr "OpenPGP"
msgid "Private Keys"
-msgstr ""
+msgstr "Закриті ключі"
-#, fuzzy
-#| msgid "Smartcard Daemon"
msgid "Smartcards"
-msgstr "Фонова Ñ\81лÑ\83жба каÑ\80Ñ\82ок пам’яті"
+msgstr "Ð\9aаÑ\80Ñ\82ки пам’яті"
-#, fuzzy
-#| msgid "GPG for S/MIME"
msgid "S/MIME"
-msgstr "GPG для S/MIME"
+msgstr "S/MIME"
msgid "Network"
-msgstr ""
+msgstr "Мережа"
-#, fuzzy
-#| msgid "PIN and Passphrase Entry"
msgid "Passphrase Entry"
-msgstr "Введення пінкодів і паролів"
+msgstr "Введення пароля"
msgid "Component not suitable for launching"
msgstr "Компонент не є придатним до запуску"
msgid "Note that group specifications are ignored\n"
msgstr "Зауважте, що специфікації груп буде проігноровано\n"
-#, fuzzy, c-format
-#| msgid "error closing '%s': %s\n"
+#, c-format
msgid "error closing '%s'\n"
-msgstr "помилка під час спроби закрити «%s»: %s\n"
+msgstr "помилка під час спроби закрити «%s»\n"
-#, fuzzy, c-format
-#| msgid "error hashing '%s': %s\n"
+#, c-format
msgid "error parsing '%s'\n"
-msgstr "помилка під час спроби хешування «%s»: %s\n"
+msgstr "помилка під час спроби обробити «%s»'\n"
msgid "list all components"
msgstr "показати список всіх компонентів"
msgid "apply global default values"
msgstr "застосувати загальні типові значення"
-#, fuzzy
-#| msgid "|FILE|take policy information from FILE"
msgid "|FILE|update configuration files using FILE"
-msgstr "|FILE|взÑ\8fÑ\82и данÑ\96 Ñ\89одо пÑ\80авил з вказаного Ñ\84айла"
+msgstr "|FILE|оновиÑ\82и Ñ\84айли налаÑ\88Ñ\82Ñ\83ванÑ\8c на оÑ\81новÑ\96 Ñ\84айла ФÐ\90Ð\99Ð\9b"
msgid "get the configuration directories for @GPGCONF@"
msgstr "отримати назви каталогів налаштувань для @GPGCONF@"
msgid "check global configuration file"
msgstr "перевірити загальний файл налаштувань"
-#, fuzzy
-#| msgid "update the trust database"
msgid "query the software version database"
-msgstr "оновиÑ\82и базÑ\83 даниÑ\85 довÑ\96Ñ\80и"
+msgstr "надÑ\96Ñ\81лаÑ\82и запиÑ\82 до бази даниÑ\85 веÑ\80Ñ\81Ñ\96й пÑ\80огÑ\80амного забезпеÑ\87еннÑ\8f"
msgid "reload all or a given component"
msgstr "перезавантажити всі або вказаний компонент"
"Синтаксис: gpg-check-pattern [параметри] файл_шаблонів\n"
"Перевірити пароль, вказаний у stdin, за допомогою файла_шаблонів\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Будь ласка, вкажіть пінкод%%0A[підписів: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr ""
+#~ "|A|Будь ласка, вкажіть адміністративний пінкод%%0A[залишилося спроб: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA потребує використання 160-бітового алгоритму хешування\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [назва файла]"
msgid "no suitable card key found: %s\n"
msgstr "找不到可写的私钥钥匙环:%s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "获取新 PIN 时出错:%s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[未设定]"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "跳过无效的 64 进制字符 %02x\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "不允许使用管理员命令\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "请开始键入您的报文……\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "读取‘%s’时出错:%s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "无法存储创建日期:%s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "从卡中获取 CHV 状态时出错\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "响应未包含 RSA 余数\n"
msgid "reading public key failed: %s\n"
msgstr "无法读出公钥:%s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
msgstr ""
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||请输入 PIN%%0A[完成的签字:%lu]"
+msgid "Remaining attempts: %d"
+msgstr ""
+
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||请输入 PIN%%0A[完成的签字:%lu]"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "验证 CHV%d 失败:%s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "从卡中获取 CHV 状态时出错\n"
-
msgid "card is permanently locked!\n"
msgstr "卡被永久锁定!\n"
msgstr[1] "尝试管理员 PIN %d 次后,卡将被永久锁定!\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "||请输入 PIN%%0A[完成的签字:%lu]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "||请输入 PIN%%0A[完成的签字:%lu]"
msgstr "尚未配置管理员命令的权限\n"
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "||请输入 PIN%%0A[完成的签字:%lu]"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "||请输入 PIN%%0A[完成的签字:%lu]"
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "跳过无效的 64 进制字符 %02x\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent 在此次舍话中无法使用\n"
msgid " runtime cached certificates: %u\n"
msgstr "生成密码的时候发生错误:%s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "生成密码的时候发生错误:%s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "已建立吊销证书。\n"
msgid "certificate chain is good\n"
msgstr "首选项‘%s’重复\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA 要求使用 160 位的散列算法\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||请输入 PIN%%0A[完成的签字:%lu]"
+
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "||请输入 PIN%%0A[完成的签字:%lu]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA 要求使用 160 位的散列算法\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [文件名]"
msgid "no suitable card key found: %s\n"
msgstr "找不到合適的卡片金鑰: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "取得已存放的旗標時出錯: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
msgid "[none]"
msgstr "[ 無 ]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "已跳過無效的 radix64 字符 %02x\n"
+
msgid "argument not expected"
msgstr "沒料到有引數"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "請開始輸入你的訊息 ...\n"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
msgstr "送出資料時出錯: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
msgid "failed to store the creation date: %s\n"
msgstr "存放創生日期失敗: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "從卡片取回 CHV 狀態時出錯\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "回應中未包含 RSA 系數\n"
msgid "reading public key failed: %s\n"
msgstr "讀取公鑰時失敗: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%%0ACounter\1f: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber\1f: %s%%0AHolder\1f: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "以 %s 做為預設 PIN\n"
msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr "使用 %s 做為預設個人識別碼 (PIN) 失敗: %s - 正在停用之後的預設使用\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||請輸入 PIN%%0A[簽署完成: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||請輸入個人識別碼 (PIN)"
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "驗證 CHV%d 失敗: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "從卡片取回 CHV 狀態時出錯\n"
-
msgid "card is permanently locked!\n"
msgstr "卡片永久鎖定了!!\n"
msgstr[0] "%d 管理者個人識別碼 (PIN) 試圖在卡片永久鎖定前遺留下來\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|請在上輸入管理者 PIN%%0A[剩餘嘗試次數: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|請輸入管理者 PIN"
msgid "access to admin commands is not configured\n"
msgstr "管理者指令存取權限尚未組態\n"
+msgid "||Please enter the PIN"
+msgstr "||請輸入個人識別碼 (PIN)"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||請輸入卡片的重設碼"
msgid "handler for fd %d terminated\n"
msgstr "用於 fd %d 的經手程式已終止\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "已跳過無效的 radix64 字符 %02x\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
msgid " runtime cached certificates: %u\n"
msgstr " 執行時期快取的憑證: %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr " 執行時期快取的憑證: %u\n"
+
msgid "certificate already cached\n"
msgstr "憑證早已快取\n"
msgid "certificate chain is good\n"
msgstr "憑證鏈完好\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA 要求使用 160 位元的雜湊演算法\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr "憑證應該還未被用於 CRL 簽署\n"
"語法: gpg-check-pattern [選項] 樣式檔案\n"
"用樣式檔案來檢查由標準輸入給定的密語\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||請輸入 PIN%%0A[簽署完成: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|請在上輸入管理者 PIN%%0A[剩餘嘗試次數: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA 要求使用 160 位元的雜湊演算法\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [檔名]"
int (*disconnect_card)(int);
int (*close_reader)(int);
int (*reset_reader)(int);
- int (*get_status_reader)(int, unsigned int *);
+ int (*get_status_reader)(int, unsigned int *, int);
int (*send_apdu_reader)(int,unsigned char *,size_t,
unsigned char *, size_t *, pininfo_t *);
int (*check_pinpad)(int, int, pininfo_t *);
} rapdu;
#endif /*USE_G10CODE_RAPDU*/
char *rdrname; /* Name of the connected reader or NULL if unknown. */
- int is_t0; /* True if we know that we are running T=0. */
- int is_spr532; /* True if we know that the reader is a SPR532. */
- int pinpad_varlen_supported; /* True if we know that the reader
- supports variable length pinpad
- input. */
+ unsigned int is_t0:1; /* True if we know that we are running T=0. */
+ unsigned int is_spr532:1; /* True if we know that the reader is a SPR532. */
+ unsigned int pinpad_varlen_supported:1; /* True if we know that the reader
+ supports variable length pinpad
+ input. */
+ unsigned int require_get_status:1;
unsigned char atr[33];
size_t atrlen; /* A zero length indicates that the ATR has
not yet been read; i.e. the card is not
/* Prototypes. */
static int pcsc_vendor_specific_init (int slot);
-static int pcsc_get_status (int slot, unsigned int *status);
+static int pcsc_get_status (int slot, unsigned int *status, int on_wire);
static int reset_pcsc_reader (int slot);
-static int apdu_get_status_internal (int slot, int hang, int no_atr_reset,
- unsigned int *status);
+static int apdu_get_status_internal (int slot, int hang, unsigned int *status,
+ int on_wire);
static int check_pcsc_pinpad (int slot, int command, pininfo_t *pininfo);
static int pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo);
reader_table[reader].is_t0 = 1;
reader_table[reader].is_spr532 = 0;
reader_table[reader].pinpad_varlen_supported = 0;
+ reader_table[reader].require_get_status = 1;
#ifdef NEED_PCSC_WRAPPER
reader_table[reader].pcsc.req_fd = -1;
reader_table[reader].pcsc.rsp_fd = -1;
static int
-ct_get_status (int slot, unsigned int *status)
+ct_get_status (int slot, unsigned int *status, int on_wire)
{
(void)slot;
+ (void)on_wire;
/* The status we returned is wrong but we don't care because ctAPI
is not anymore required. */
*status = APDU_CARD_USABLE|APDU_CARD_PRESENT|APDU_CARD_ACTIVE;
#ifndef NEED_PCSC_WRAPPER
static int
-pcsc_get_status_direct (int slot, unsigned int *status)
+pcsc_get_status_direct (int slot, unsigned int *status, int on_wire)
{
long err;
struct pcsc_readerstate_s rdrstates[1];
+ (void)on_wire;
memset (rdrstates, 0, sizeof *rdrstates);
rdrstates[0].reader = reader_table[slot].rdrname;
rdrstates[0].current_state = PCSC_STATE_UNAWARE;
#ifdef NEED_PCSC_WRAPPER
static int
-pcsc_get_status_wrapped (int slot, unsigned int *status)
+pcsc_get_status_wrapped (int slot, unsigned int *status, int on_wire)
{
long err;
reader_table_t slotp;
unsigned char buffer[16];
int sw = SW_HOST_CARD_IO_ERROR;
+ (void)on_wire;
slotp = reader_table + slot;
if (slotp->pcsc.req_fd == -1
static int
-pcsc_get_status (int slot, unsigned int *status)
+pcsc_get_status (int slot, unsigned int *status, int on_wire)
{
#ifdef NEED_PCSC_WRAPPER
- return pcsc_get_status_wrapped (slot, status);
+ return pcsc_get_status_wrapped (slot, status, on_wire);
#else
- return pcsc_get_status_direct (slot, status);
+ return pcsc_get_status_direct (slot, status, on_wire);
#endif
}
slotp->atrlen = len;
/* Read the status so that IS_T0 will be set. */
- pcsc_get_status (slot, &dummy_status);
+ pcsc_get_status (slot, &dummy_status, 1);
return 0;
unsigned int dummy_status;
/* Note that we use the constant and not the function because this
- code won't be be used under Windows. */
+ code won't be used under Windows. */
const char *wrapperpgm = GNUPG_LIBEXECDIR "/gnupg-pcsc-wrapper";
if (access (wrapperpgm, X_OK))
pcsc_vendor_specific_init (slot);
/* Read the status so that IS_T0 will be set. */
- pcsc_get_status (slot, &dummy_status);
+ pcsc_get_status (slot, &dummy_status, 1);
dump_reader_status (slot);
unlock_slot (slot);
static int
-get_status_ccid (int slot, unsigned int *status)
+get_status_ccid (int slot, unsigned int *status, int on_wire)
{
int rc;
int bits;
- rc = ccid_slot_status (reader_table[slot].ccid.handle, &bits);
+ rc = ccid_slot_status (reader_table[slot].ccid.handle, &bits, on_wire);
if (rc)
return rc;
{
int err;
int slot;
+ int require_get_status;
reader_table_t slotp;
slot = new_reader_slot ();
err = 0;
}
+ require_get_status = ccid_require_get_status (slotp->ccid.handle);
+
reader_table[slot].close_reader = close_ccid_reader;
reader_table[slot].reset_reader = reset_ccid_reader;
reader_table[slot].get_status_reader = get_status_ccid;
/* Our CCID reader code does not support T=0 at all, thus reset the
flag. */
reader_table[slot].is_t0 = 0;
+ reader_table[slot].require_get_status = require_get_status;
dump_reader_status (slot);
unlock_slot (slot);
static int
-my_rapdu_get_status (int slot, unsigned int *status)
+my_rapdu_get_status (int slot, unsigned int *status, int on_wire)
{
int err;
reader_table_t slotp;
rapdu_msg_t msg = NULL;
int oldslot;
+ (void)on_wire;
slotp = reader_table + slot;
oldslot = rapdu_set_reader (slotp->rapdu.handle, slot);
}
int
-apdu_open_reader (struct dev_list *dl)
+apdu_open_reader (struct dev_list *dl, int app_empty)
{
int slot;
/* Check identity by BAI against already opened HANDLEs. */
for (slot = 0; slot < MAX_READER; slot++)
if (reader_table[slot].used
+ && reader_table[slot].ccid.handle
&& ccid_compare_BAI (reader_table[slot].ccid.handle, bai))
break;
dl->idx++;
}
- slot = -1;
+ /* Not found. Try one for PC/SC, only when it's the initial scan. */
+ if (app_empty && dl->idx == dl->idx_max)
+ {
+ dl->idx++;
+ slot = apdu_open_one_reader (dl->portstr);
+ }
+ else
+ slot = -1;
}
else
#endif
{ /* PC/SC readers. */
- if (dl->idx == 0)
+ if (app_empty && dl->idx == 0)
{
dl->idx++;
slot = apdu_open_one_reader (dl->portstr);
/* Connect a card. This is used to power up the card and make sure
that an ATR is available. Depending on the reader backend it may
- return an error for an inactive card or if no card is
- available. */
+ return an error for an inactive card or if no card is available.
+ Return -1 on error. Return 1 if reader requires get_status to
+ watch card removal. Return 0 if it's a token (always with a card),
+ or it supports INTERRUPT endpoint to watch card removal.
+ */
int
apdu_connect (int slot)
{
{
if (DBG_READER)
log_debug ("leave: apdu_connect => SW_HOST_NO_DRIVER\n");
- return SW_HOST_NO_DRIVER;
+ return -1;
}
/* Only if the access method provides a connect function we use it.
Without that we would force a reset of the card with the next
call to apdu_get_status. */
if (!sw)
- sw = apdu_get_status_internal (slot, 1, 1, &status);
+ sw = apdu_get_status_internal (slot, 1, &status, 1);
if (sw)
;
else if ((status & APDU_CARD_PRESENT) && !(status & APDU_CARD_ACTIVE))
sw = SW_HOST_CARD_INACTIVE;
+ if (sw == SW_HOST_CARD_INACTIVE)
+ {
+ /* Try power it up again. */
+ sw = apdu_reset (slot);
+ }
+
if (DBG_READER)
log_debug ("leave: apdu_connect => sw=0x%x\n", sw);
- return sw;
+ if (sw)
+ return -1;
+
+ return reader_table[slot].require_get_status;
}
APDU_CARD_ACTIVE (bit 2) = card active
(bit 3) = card access locked [not yet implemented]
- For must applications, testing bit 0 is sufficient.
+ For most applications, testing bit 0 is sufficient.
*/
static int
-apdu_get_status_internal (int slot, int hang, int no_atr_reset,
- unsigned int *status)
+apdu_get_status_internal (int slot, int hang, unsigned int *status, int on_wire)
{
int sw;
unsigned int s;
return sw;
if (reader_table[slot].get_status_reader)
- sw = reader_table[slot].get_status_reader (slot, &s);
+ sw = reader_table[slot].get_status_reader (slot, &s, on_wire);
unlock_slot (slot);
if (sw)
{
- if (!no_atr_reset)
+ if (on_wire)
reader_table[slot].atrlen = 0;
s = 0;
}
if (DBG_READER)
log_debug ("enter: apdu_get_status: slot=%d hang=%d\n", slot, hang);
- sw = apdu_get_status_internal (slot, hang, 0, status);
+ sw = apdu_get_status_internal (slot, hang, status, 0);
if (DBG_READER)
{
if (status)
void apdu_dev_list_finish (struct dev_list *l);
/* Note, that apdu_open_reader returns no status word but -1 on error. */
-int apdu_open_reader (struct dev_list *l);
+int apdu_open_reader (struct dev_list *l, int app_empty);
int apdu_open_remote_reader (const char *portstr,
const unsigned char *cookie, size_t length,
int (*readfnc) (void *opaque,
const char *apptype;
unsigned int card_version;
unsigned int card_status;
- unsigned int require_get_status:1;
+ unsigned int reset_requested:1;
+ unsigned int periodical_check_needed:1;
unsigned int did_chv1:1;
unsigned int force_chv1:1; /* True if the card does not cache CHV1. */
unsigned int did_chv2:1;
/*-- app.c --*/
-app_t app_list_start (void);
-void app_list_finish (void);
void app_send_card_list (ctrl_t ctrl);
char *app_get_serialno (app_t app);
int scan, const unsigned char *serialno_bin,
size_t serialno_bin_len);
char *get_supported_applications (void);
-void release_application (app_t app);
+void release_application (app_t app, int locked_already);
gpg_error_t app_munge_serialno (app_t app);
gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl,
unsigned int flags);
return gpg_error (GPG_ERR_INV_VALUE);
/* Check that the provided ID is vaid. This is not really needed
- but we do it to to enforce correct usage by the caller. */
+ but we do it to enforce correct usage by the caller. */
if (strncmp (keyidstr, "DINSIG.", 7) )
return gpg_error (GPG_ERR_INV_ID);
keyidstr += 7;
goto leave;
/* Read the first record of EF_ID (SFI=0x17). We require this
- record to be at least 24 bytes with the the first byte 0x67 and a
+ record to be at least 24 bytes with the first byte 0x67 and a
correct filler byte. */
err = iso7816_read_record (slot, 1, 1, ((0x17 << 3)|4), &result, &resultlen);
if (err)
return gpg_error (GPG_ERR_INV_VALUE);
/* Check that the provided ID is valid. This is not really needed
- but we do it to to enforce correct usage by the caller. */
+ but we do it to enforce correct usage by the caller. */
if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
;
else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
The lsb is here the rightmost bit. Defined flags bits are:
Bit 0 = CHV1 and CHV2 are not syncronized
- Bit 1 = CHV2 has been been set to the default PIN of "123456"
+ Bit 1 = CHV2 has been set to the default PIN of "123456"
(this implies that bit 0 is also set).
P=<pinpad-request>
return rc;
}
+
+/* Return the DISP-NAME without any padding characters. Caller must
+ * free the result. If not found or empty NULL is returned. */
+static char *
+get_disp_name (app_t app)
+{
+ int rc;
+ void *relptr;
+ unsigned char *value;
+ size_t valuelen;
+ char *string;
+ char *p, *given;
+ char *result;
+
+ relptr = get_one_do (app, 0x005B, &value, &valuelen, &rc);
+ if (!relptr)
+ return NULL;
+
+ string = xtrymalloc (valuelen + 1);
+ if (!string)
+ {
+ xfree (relptr);
+ return NULL;
+ }
+ memcpy (string, value, valuelen);
+ string[valuelen] = 0;
+ xfree (relptr);
+
+ /* Swap surname and given name. */
+ given = strstr (string, "<<");
+ for (p = string; *p; p++)
+ if (*p == '<')
+ *p = ' ';
+
+ if (given && given[2])
+ {
+ *given = 0;
+ given += 2;
+ result = strconcat (given, " ", string, NULL);
+ }
+ else
+ {
+ result = string;
+ string = NULL;
+ }
+
+ xfree (string);
+ return result;
+}
+
+
+/* Return the pretty formatted serialnumber. On error NULL is
+ * returned. */
+static char *
+get_disp_serialno (app_t app)
+{
+ char *serial = app_get_serialno (app);
+
+ /* For our OpenPGP cards we do not want to show the entire serial
+ * number but a nicely reformatted actual serial number. */
+ if (serial && strlen (serial) > 16+12)
+ {
+ memmove (serial, serial+16, 4);
+ serial[4] = ' ';
+ /* memmove (serial+5, serial+20, 4); */
+ /* serial[9] = ' '; */
+ /* memmove (serial+10, serial+24, 4); */
+ /* serial[14] = 0; */
+ memmove (serial+5, serial+20, 8);
+ serial[13] = 0;
+ }
+ return serial;
+}
+
+
+/* Return the number of remaining tries for the standard or the admin
+ * pw. Returns -1 on card error. */
+static int
+get_remaining_tries (app_t app, int adminpw)
+{
+ void *relptr;
+ unsigned char *value;
+ size_t valuelen;
+ int remaining;
+
+ relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
+ if (!relptr || valuelen < 7)
+ {
+ log_error (_("error retrieving CHV status from card\n"));
+ xfree (relptr);
+ return -1;
+ }
+ remaining = value[adminpw? 6 : 4];
+ xfree (relptr);
+ return remaining;
+}
+
+
/* Retrieve the fingerprint from the card inserted in SLOT and write
the according hex representation to FPR. Caller must have provide
a buffer at FPR of least 41 bytes. Returns 0 on success or an
}
-/* Verify a CHV either using using the pinentry or if possible by
+/* Return a string with information about the card for use in a
+ * prompt. Returns NULL on memory failure. */
+static char *
+get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining)
+{
+ char *serial, *disp_name, *rembuf, *tmpbuf, *result;
+
+ serial = get_disp_serialno (app);
+ if (!serial)
+ return NULL;
+
+ disp_name = get_disp_name (app);
+ if (chvno == 1)
+ {
+ /* TRANSLATORS: Put a \x1f right before a colon. This can be
+ * used by pinentry to nicely align the names and values. Keep
+ * the %s at the start and end of the string. */
+ result = xtryasprintf (_("%s"
+ "Number\x1f: %s%%0A"
+ "Holder\x1f: %s%%0A"
+ "Counter\x1f: %lu"
+ "%s"),
+ "\x1e",
+ serial,
+ disp_name? disp_name:"",
+ sigcount,
+ "");
+ }
+ else
+ {
+ result = xtryasprintf (_("%s"
+ "Number\x1f: %s%%0A"
+ "Holder\x1f: %s"
+ "%s"),
+ "\x1e",
+ serial,
+ disp_name? disp_name:"",
+ "");
+ }
+ xfree (disp_name);
+ xfree (serial);
+
+ if (remaining != -1)
+ {
+ /* TRANSLATORS: This is the number of remaining attempts to
+ * enter a PIN. Use %%0A (double-percent,0A) for a linefeed. */
+ rembuf = xtryasprintf (_("Remaining attempts: %d"), remaining);
+ if (!rembuf)
+ {
+ xfree (result);
+ return NULL;
+ }
+ tmpbuf = strconcat (result, "%0A%0A", rembuf, NULL);
+ xfree (rembuf);
+ if (!tmpbuf)
+ {
+ xfree (result);
+ return NULL;
+ }
+ xfree (result);
+ result = tmpbuf;
+ }
+
+ return result;
+}
+
+
+/* Verify a CHV either using the pinentry or if possible by
using a pinpad. PINCB and PINCB_ARG describe the usual callback
for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only
used with CHV1. PINVALUE is the address of a pointer which will
const char *prompt;
pininfo_t pininfo;
int minlen = 6;
+ int remaining;
- assert (chvno == 1 || chvno == 2);
+ log_assert (chvno == 1 || chvno == 2);
*pinvalue = NULL;
+ remaining = get_remaining_tries (app, 0);
+ if (remaining == -1)
+ return gpg_error (GPG_ERR_CARD);
+
if (chvno == 2 && app->app_local->flags.def_chv2)
{
/* Special case for def_chv2 mechanism. */
pininfo.fixedlen = -1;
pininfo.minlen = minlen;
+ {
+ const char *firstline = _("||Please unlock the card");
+ char *infoblock = get_prompt_info (app, chvno, sigcount,
+ remaining < 3? remaining : -1);
- if (chvno == 1)
- {
-#define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")
- size_t promptsize = strlen (PROMPTSTRING) + 50;
-
- prompt_buffer = xtrymalloc (promptsize);
- if (!prompt_buffer)
- return gpg_error_from_syserror ();
- snprintf (prompt_buffer, promptsize, PROMPTSTRING, sigcount);
+ prompt_buffer = strconcat (firstline, "%0A%0A", infoblock, NULL);
+ if (prompt_buffer)
prompt = prompt_buffer;
-#undef PROMPTSTRING
- }
- else
- prompt = _("||Please enter the PIN");
+ else
+ prompt = firstline; /* ENOMEM fallback. */
+ xfree (infoblock);
+ }
if (!opt.disable_pinpad
&& !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo)
/* Dismiss the prompt. */
pincb (pincb_arg, NULL, NULL);
- assert (!*pinvalue);
+ log_assert (!*pinvalue);
}
else
{
static gpg_error_t
build_enter_admin_pin_prompt (app_t app, char **r_prompt)
{
- void *relptr;
- unsigned char *value;
- size_t valuelen;
int remaining;
char *prompt;
+ char *infoblock;
*r_prompt = NULL;
- relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
- if (!relptr || valuelen < 7)
- {
- log_error (_("error retrieving CHV status from card\n"));
- xfree (relptr);
- return gpg_error (GPG_ERR_CARD);
- }
- if (value[6] == 0)
+ remaining = get_remaining_tries (app, 1);
+ if (remaining == -1)
+ return gpg_error (GPG_ERR_CARD);
+ if (!remaining)
{
log_info (_("card is permanently locked!\n"));
- xfree (relptr);
return gpg_error (GPG_ERR_BAD_PIN);
}
- remaining = value[6];
- xfree (relptr);
log_info (ngettext("%d Admin PIN attempt remaining before card"
" is permanently locked\n",
" is permanently locked\n",
remaining), remaining);
- if (remaining < 3)
- {
- /* TRANSLATORS: Do not translate the "|A|" prefix but keep it at
- the start of the string. Use %%0A to force a linefeed. */
- prompt = xtryasprintf (_("|A|Please enter the Admin PIN%%0A"
- "[remaining attempts: %d]"), remaining);
- }
- else
- prompt = xtrystrdup (_("|A|Please enter the Admin PIN"));
+ infoblock = get_prompt_info (app, 3, 0, remaining < 3? remaining : -1);
+ /* TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+ the start of the string. Use %0A (single percent) for a linefeed. */
+ prompt = strconcat (_("|A|Please enter the Admin PIN"),
+ "%0A%0A", infoblock, NULL);
+ xfree (infoblock);
if (!prompt)
return gpg_error_from_syserror ();
}
-static void
-release_application_internal (app_t app)
-{
- if (!app->ref_count)
- log_bug ("trying to release an already released context\n");
-
- --app->ref_count;
-}
-
gpg_error_t
app_reset (app_t app, ctrl_t ctrl, int send_reset)
{
- gpg_error_t err;
-
- err = lock_app (app, ctrl);
- if (err)
- return err;
+ gpg_error_t err = 0;
if (send_reset)
{
- int sw = apdu_reset (app->slot);
+ int sw;
+
+ lock_app (app, ctrl);
+ sw = apdu_reset (app->slot);
if (sw)
err = gpg_error (GPG_ERR_CARD_RESET);
- /* Release the same application which is used by other sessions. */
- send_client_notifications (app, 1);
+ app->reset_requested = 1;
+ unlock_app (app);
+
+ scd_kick_the_loop ();
+ gnupg_sleep (1);
}
else
{
ctrl->app_ctx = NULL;
- release_application_internal (app);
+ release_application (app, 0);
}
- unlock_app (app);
return err;
}
static gpg_error_t
-app_new_register (int slot, ctrl_t ctrl, const char *name)
+app_new_register (int slot, ctrl_t ctrl, const char *name,
+ int periodical_check_needed)
{
gpg_error_t err = 0;
app_t app = NULL;
}
app->slot = slot;
+ app->card_status = (unsigned int)-1;
if (npth_mutex_init (&app->lock, NULL))
{
return err;
}
- app->require_get_status = 1; /* For token, this can be 0. */
+ app->periodical_check_needed = periodical_check_needed;
npth_mutex_lock (&app_list_lock);
app->next = app_top;
if (scan || !app_top)
{
struct dev_list *l;
+ int periodical_check_needed = 0;
+ /* Scan the devices to find new device(s). */
err = apdu_dev_list_start (opt.reader_port, &l);
if (err)
return err;
while (1)
{
int slot;
- int sw;
+ int periodical_check_needed_this;
- slot = apdu_open_reader (l);
+ slot = apdu_open_reader (l, !app_top);
if (slot < 0)
break;
- err = 0;
- sw = apdu_connect (slot);
-
- if (sw == SW_HOST_CARD_INACTIVE)
+ periodical_check_needed_this = apdu_connect (slot);
+ if (periodical_check_needed_this < 0)
{
- /* Try again. */
- sw = apdu_reset (slot);
+ /* We close a reader with no card. */
+ err = gpg_error (GPG_ERR_ENODEV);
}
-
- if (!sw || sw == SW_HOST_ALREADY_CONNECTED)
- err = 0;
- else if (sw == SW_HOST_NO_CARD)
- err = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
- else
- err = gpg_error (GPG_ERR_ENODEV);
-
- if (!err)
- err = app_new_register (slot, ctrl, name);
else
{
- /* We close a reader with no card. */
- apdu_close_reader (slot);
+ err = app_new_register (slot, ctrl, name,
+ periodical_check_needed_this);
+ if (periodical_check_needed_this)
+ periodical_check_needed = 1;
}
+
+ if (err)
+ apdu_close_reader (slot);
}
apdu_dev_list_finish (l);
+
+ /* If periodical check is needed for new device(s), kick the
+ scdaemon loop. */
+ if (periodical_check_needed)
+ scd_kick_the_loop ();
}
npth_mutex_lock (&app_list_lock);
}
xfree (app->serialno);
+
+ unlock_app (app);
xfree (app);
}
actually deferring the deallocation to allow for a later reuse by
a new connection. */
void
-release_application (app_t app)
+release_application (app_t app, int locked_already)
{
if (!app)
return;
is using the card - this way the PIN cache and other cached data
are preserved. */
- lock_app (app, NULL);
- release_application_internal (app);
- unlock_app (app);
+ if (!locked_already)
+ lock_app (app, NULL);
+
+ if (!app->ref_count)
+ log_bug ("trying to release an already released context\n");
+
+ --app->ref_count;
+ if (!locked_already)
+ unlock_app (app);
}
xfree (homestr);
}
-void
+int
scd_update_reader_status_file (void)
{
app_t a, app_next;
+ int periodical_check_needed = 0;
npth_mutex_lock (&app_list_lock);
for (a = app_top; a; a = app_next)
{
+ int sw;
+ unsigned int status;
+
+ lock_app (a, NULL);
app_next = a->next;
- if (a->require_get_status)
+
+ if (a->reset_requested)
+ status = 0;
+ else
{
- int sw;
- unsigned int status;
sw = apdu_get_status (a->slot, 0, &status);
-
if (sw == SW_HOST_NO_READER)
{
/* Most likely the _reader_ has been unplugged. */
else if (sw)
{
/* Get status failed. Ignore that. */
+ if (a->periodical_check_needed)
+ periodical_check_needed = 1;
+ unlock_app (a);
continue;
}
+ }
- if (a->card_status != status)
+ if (a->card_status != status)
+ {
+ report_change (a->slot, a->card_status, status);
+ send_client_notifications (a, status == 0);
+
+ if (status == 0)
{
- report_change (a->slot, a->card_status, status);
- send_client_notifications (a, status == 0);
-
- if (status == 0)
- {
- log_debug ("Removal of a card: %d\n", a->slot);
- apdu_close_reader (a->slot);
- deallocate_app (a);
- }
- else
- a->card_status = status;
+ log_debug ("Removal of a card: %d\n", a->slot);
+ apdu_close_reader (a->slot);
+ deallocate_app (a);
}
+ else
+ {
+ a->card_status = status;
+ if (a->periodical_check_needed)
+ periodical_check_needed = 1;
+ unlock_app (a);
+ }
+ }
+ else
+ {
+ if (a->periodical_check_needed)
+ periodical_check_needed = 1;
+ unlock_app (a);
}
}
npth_mutex_unlock (&app_list_lock);
+
+ return periodical_check_needed;
}
/* This function must be called once to initialize this module. This
return apdu_init ();
}
-app_t
-app_list_start (void)
-{
- npth_mutex_lock (&app_list_lock);
- return app_top;
-}
-
-void
-app_list_finish (void)
-{
- npth_mutex_unlock (&app_list_lock);
-}
-
void
app_send_card_list (ctrl_t ctrl)
{
unsigned int auto_param:1;
unsigned int auto_pps:1;
unsigned int auto_ifsd:1;
- unsigned int powered_off:1;
unsigned int has_pinpad:2;
unsigned int enodev_seen:1;
+ int powered_off;
time_t last_progress; /* Last time we sent progress line. */
ccid_set_progress_cb. */
void (*progress_cb)(void *, const char *, int, int, int);
void *progress_cb_arg;
+
+ unsigned char intr_buf[64];
+ struct libusb_transfer *transfer;
};
2 = Level 1 + T=1 protocol tracing
3 = Level 2 + USB/I/O tracing of SlotStatus.
*/
+static int ccid_usb_thread_is_alive;
static unsigned int compute_edc (const unsigned char *data, size_t datalen,
The
0x5117 - SCR 3320 USB ID-000 reader
seems to be very slow but enabling this workaround boosts the
- performance to a a more or less acceptable level (tested by David).
+ performance to a more or less acceptable level (tested by David).
*/
if (handle->id_vendor == VENDOR_SCM
/* First get the list of supported languages and use the first one.
If we do don't find it we try to use English. Note that this is
all in a 2 bute Unicode encoding using little endian. */
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN,
LIBUSB_REQUEST_GET_DESCRIPTOR,
(LIBUSB_DT_STRING << 8), 0,
(char*)buf, sizeof buf, 1000 /* ms timeout */);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc < 4)
langid = 0x0409; /* English. */
else
langid = (buf[3] << 8) | buf[2];
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN,
LIBUSB_REQUEST_GET_DESCRIPTOR,
(LIBUSB_DT_STRING << 8) + idx, langid,
(char*)buf, sizeof buf, 1000 /* ms timeout */);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc < 2 || buf[1] != LIBUSB_DT_STRING)
return NULL; /* Error or not a string. */
len = buf[0];
With READERNO >= 0 or READERID is not NULL find mode is used. This
uses the same algorithm as the scan mode but stops and returns at
- the entry number READERNO and return the handle for the the opened
+ the entry number READERNO and return the handle for the opened
USB device. If R_RID is not NULL it will receive the reader ID of
that device. If R_DEV is not NULL it will the device pointer of
that device. If IFCDESC_EXTRA is NOT NULL it will receive a
return handle->bai == bai;
}
+
+static void
+intr_cb (struct libusb_transfer *transfer)
+{
+ ccid_driver_t handle = transfer->user_data;
+
+ DEBUGOUT_1 ("CCID: interrupt callback %d\n", transfer->status);
+
+ if (transfer->status == LIBUSB_TRANSFER_TIMED_OUT)
+ {
+ int err;
+
+ submit_again:
+ /* Submit the URB again to keep watching the INTERRUPT transfer. */
+ err = libusb_submit_transfer (transfer);
+ if (err == LIBUSB_ERROR_NO_DEVICE)
+ goto device_removed;
+
+ DEBUGOUT_1 ("CCID submit transfer again %d\n", err);
+ }
+ else if (transfer->status == LIBUSB_TRANSFER_COMPLETED)
+ {
+ if (transfer->actual_length == 2
+ && transfer->buffer[0] == 0x50
+ && (transfer->buffer[1] & 1) == 0)
+ {
+ DEBUGOUT ("CCID: card removed\n");
+ handle->powered_off = 1;
+ }
+ else
+ {
+ /* Event other than card removal. */
+ goto submit_again;
+ }
+ }
+ else if (transfer->status == LIBUSB_TRANSFER_CANCELLED)
+ handle->powered_off = 1;
+ else
+ {
+ device_removed:
+ DEBUGOUT ("CCID: device removed\n");
+ handle->powered_off = 1;
+ }
+
+ scd_kick_the_loop ();
+}
+
+static void
+ccid_setup_intr (ccid_driver_t handle)
+{
+ struct libusb_transfer *transfer;
+ int err;
+
+ transfer = libusb_alloc_transfer (0);
+ handle->transfer = transfer;
+ libusb_fill_interrupt_transfer (transfer, handle->idev, handle->ep_intr,
+ handle->intr_buf, sizeof (handle->intr_buf),
+ intr_cb, handle, 0);
+ err = libusb_submit_transfer (transfer);
+ DEBUGOUT_2 ("CCID submit transfer (%x): %d", handle->ep_intr, err);
+}
+
+
+static void *
+ccid_usb_thread (void *arg)
+{
+ libusb_context *ctx = arg;
+
+ while (ccid_usb_thread_is_alive)
+ {
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
+ libusb_handle_events_completed (ctx, NULL);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
+ }
+
+ return NULL;
+}
+
+
static int
ccid_open_usb_reader (const char *spec_reader_name,
int idx, struct ccid_dev_table *ccid_table,
{
libusb_device *dev;
libusb_device_handle *idev = NULL;
- char *rid;
+ char *rid = NULL;
int rc = 0;
int ifc_no, set_no;
struct libusb_device_descriptor desc;
return rc;
}
+ if (ccid_usb_thread_is_alive++ == 0)
+ {
+ npth_t thread;
+ npth_attr_t tattr;
+ int err;
+
+ err = npth_attr_init (&tattr);
+ if (err)
+ {
+ DEBUGOUT_1 ("npth_attr_init failed: %s\n", strerror (err));
+ free (*handle);
+ *handle = NULL;
+ return err;
+ }
+
+ npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
+ err = npth_create (&thread, &tattr, ccid_usb_thread, NULL);
+ if (err)
+ {
+ DEBUGOUT_1 ("npth_create failed: %s\n", strerror (err));
+ free (*handle);
+ *handle = NULL;
+ return err;
+ }
+
+ npth_attr_destroy (&tattr);
+ }
+
rc = libusb_get_device_descriptor (dev, &desc);
if (rc)
{
- libusb_close (idev);
- free (*handle);
- *handle = NULL;
- return rc;
+ DEBUGOUT ("get_device_descripor failed\n");
+ goto leave;
}
rid = make_reader_id (idev, desc.idVendor, desc.idProduct,
}
}
+ if ((*handle)->ep_intr >= 0)
+ ccid_setup_intr (*handle);
+
rc = ccid_vendor_specific_init (*handle);
leave:
if (rc)
{
+ --ccid_usb_thread_is_alive;
free (rid);
libusb_close (idev);
free (*handle);
/* Open the reader with the internal number READERNO and return a
pointer to be used as handle in HANDLE. Returns 0 on success. */
int
-ccid_open_reader (const char *spec_reader_name,
- int idx, struct ccid_dev_table *ccid_table,
+ccid_open_reader (const char *spec_reader_name, int idx,
+ struct ccid_dev_table *ccid_table,
ccid_driver_t *handle, char **rdrname_p)
{
int n;
}
+int
+ccid_require_get_status (ccid_driver_t handle)
+{
+ /* When a card reader supports interrupt transfer to check the
+ status of card, it is possible to submit only an interrupt
+ transfer, and no check is required by application layer. USB can
+ detect removal of a card and can detect removal of a reader.
+ */
+ if (handle->ep_intr >= 0)
+ return 0;
+
+ /* Libusb actually detects the removal of USB device in use.
+ However, there is no good API to handle the removal (yet),
+ cleanly and with good portability.
+
+ There is libusb_set_pollfd_notifiers function, but it doesn't
+ offer libusb_device_handle* data to its callback. So, when it
+ watches multiple devices, there is no way to know which device is
+ removed.
+
+ Once, we will have a good programming interface of libusb, we can
+ list tokens (with no interrupt transfer support, but always with
+ card inserted) here to return 0, so that scdaemon can submit
+ minimum packet on wire.
+ */
+ return 1;
+}
+
+
static void
do_close_reader (ccid_driver_t handle)
{
if (!rc)
bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus,
seqno, 2000, 0);
- handle->powered_off = 1;
}
if (handle->idev)
{
+ if (handle->transfer)
+ {
+ if (!handle->powered_off)
+ {
+ DEBUGOUT ("libusb_cancel_transfer\n");
+
+ rc = libusb_cancel_transfer (handle->transfer);
+ if (rc != LIBUSB_ERROR_NOT_FOUND)
+ while (!handle->powered_off)
+ {
+ DEBUGOUT ("libusb_handle_events_completed\n");
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
+ libusb_handle_events_completed (NULL, &handle->powered_off);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
+ }
+ }
+
+ libusb_free_transfer (handle->transfer);
+ }
libusb_release_interface (handle->idev, handle->ifc_no);
+ --ccid_usb_thread_is_alive;
libusb_close (handle->idev);
handle->idev = NULL;
}
{
int transferred;
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out,
(char*)msg, msglen, &transferred,
5000 /* ms timeout */);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc == 0 && transferred == msglen)
return 0;
retry:
if (handle->idev)
{
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in,
(char*)buffer, length, &msglen, timeout);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc)
{
DEBUGOUT_1 ("usb_bulk_read error: %s\n", libusb_error_name (rc));
/* Send the abort command to the control pipe. Note that we don't
need to keep track of sent abort commands because there should
never be another thread using the same slot concurrently. */
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_control_transfer (handle->idev,
0x21,/* bmRequestType: host-to-device,
class specific, to interface. */
handle->ifc_no,
dummybuf, 0,
1000 /* ms timeout */);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc)
{
DEBUGOUT_1 ("usb_control_msg error: %s\n", libusb_error_name (rc));
msglen = 10;
set_msg_len (msg, 0);
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out,
(char*)msg, msglen, &transferred,
5000 /* ms timeout */);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc == 0 && transferred == msglen)
rc = 0;
else if (rc)
if (rc)
return rc;
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in,
(char*)msg, sizeof msg, &msglen,
5000 /*ms timeout*/);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc)
{
DEBUGOUT_1 ("usb_bulk_read error in abort_cmd: %s\n",
/* Note that this function won't return the error codes NO_CARD or
CARD_INACTIVE */
int
-ccid_slot_status (ccid_driver_t handle, int *statusbits)
+ccid_slot_status (ccid_driver_t handle, int *statusbits, int on_wire)
{
int rc;
unsigned char msg[100];
unsigned char seqno;
int retries = 0;
+ if (handle->powered_off)
+ return CCID_DRIVER_ERR_NO_READER;
+
+ /* If the card (with its lower-level driver) doesn't require
+ GET_STATUS on wire (because it supports INTERRUPT transfer for
+ status change, or it's a token which has a card always inserted),
+ no need to send on wire. */
+ if (!on_wire && !ccid_require_get_status (handle))
+ {
+ *statusbits = 0;
+ return 0;
+ }
+
retry:
msg[0] = PC_to_RDR_GetSlotStatus;
msg[5] = 0; /* slot */
if (!retries)
{
DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n");
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
libusb_clear_halt (handle->idev, handle->ep_bulk_in);
libusb_clear_halt (handle->idev, handle->ep_bulk_out);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
}
else
DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n");
retries++;
goto retry;
}
- if (rc && rc != CCID_DRIVER_ERR_NO_CARD
- && rc != CCID_DRIVER_ERR_CARD_INACTIVE)
+ if (rc && rc != CCID_DRIVER_ERR_NO_CARD && rc != CCID_DRIVER_ERR_CARD_INACTIVE)
return rc;
*statusbits = (msg[7] & 3);
};
/* First check whether a card is available. */
- rc = ccid_slot_status (handle, &statusbits);
+ rc = ccid_slot_status (handle, &statusbits, 1);
if (rc)
return rc;
if (statusbits == 2)
if (tpdulen < 4)
{
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
libusb_clear_halt (handle->idev, handle->ep_bulk_in);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
return CCID_DRIVER_ERR_ABORTED;
}
if (tpdulen < 4)
{
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
libusb_clear_halt (handle->idev, handle->ep_bulk_in);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
return CCID_DRIVER_ERR_ABORTED;
}
if (debug_level > 1)
int ccid_close_reader (ccid_driver_t handle);
int ccid_get_atr (ccid_driver_t handle,
unsigned char *atr, size_t maxatrlen, size_t *atrlen);
-int ccid_slot_status (ccid_driver_t handle, int *statusbits);
+int ccid_slot_status (ccid_driver_t handle, int *statusbits, int on_wire);
int ccid_transceive (ccid_driver_t handle,
const unsigned char *apdu, size_t apdulen,
unsigned char *resp, size_t maxresplen, size_t *nresp);
const unsigned char *data, size_t datalen,
unsigned char *resp, size_t maxresplen,
size_t *nresp);
-
+int ccid_require_get_status (ccid_driver_t handle);
#endif /*CCID_DRIVER_H*/
gpg_error_t err;
unsigned char *serialno_bin = NULL;
size_t serialno_bin_len = 0;
+ app_t app = ctrl->app_ctx;
/* If we are already initialized for one specific application we
need to check that the client didn't requested a specific
if (apptype && ctrl->app_ctx)
return check_application_conflict (apptype, ctrl->app_ctx);
+ /* Re-scan USB devices. Release APP, before the scan. */
+ ctrl->app_ctx = NULL;
+ release_application (app, 0);
+
if (serialno)
serialno_bin = hex_to_buffer (serialno, &serialno_bin_len);
static const char hlp_setattr[] =
"SETATTR <name> <value> \n"
"\n"
- "This command is used to store data on a a smartcard. The allowed\n"
+ "This command is used to store data on a smartcard. The allowed\n"
"names and values are depend on the currently selected smartcard\n"
"application. NAME and VALUE must be percent and '+' escaped.\n"
"\n"
"application. The actual certifciate is requested using the inquiry\n"
"\"CERTDATA\" and needs to be provided in its raw (e.g. DER) form.\n"
"\n"
- "In almost all cases a a PIN will be requested. See the related\n"
+ "In almost all cases a PIN will be requested. See the related\n"
"writecert function of the actually used application (app-*.c) for\n"
"details.";
static gpg_error_t
static const char hlp_writekey[] =
"WRITEKEY [--force] <keyid> \n"
"\n"
- "This command is used to store a secret key on a a smartcard. The\n"
+ "This command is used to store a secret key on a smartcard. The\n"
"allowed keyids depend on the currently selected smartcard\n"
"application. The actual keydata is requested using the inquiry\n"
"\"KEYDATA\" and need to be provided without any protection. With\n"
"Multi purpose command to return certain information. \n"
"Supported values of WHAT are:\n"
"\n"
- "version - Return the version of the program.\n"
- "pid - Return the process id of the server.\n"
- "\n"
- "socket_name - Return the name of the socket.\n"
- "\n"
- "status - Return the status of the current reader (in the future, may\n"
- "also return the status of all readers). The status is a list of\n"
- "one-character flags. The following flags are currently defined:\n"
- " 'u' Usable card present. This is the normal state during operation.\n"
- " 'r' Card removed. A reset is necessary.\n"
- "These flags are exclusive.\n"
- "\n"
- "reader_list - Return a list of detected card readers. Does\n"
- " currently only work with the internal CCID driver.\n"
- "\n"
- "deny_admin - Returns OK if admin commands are not allowed or\n"
- " GPG_ERR_GENERAL if admin commands are allowed.\n"
- "\n"
- "app_list - Return a list of supported applications. One\n"
- " application per line, fields delimited by colons,\n"
- " first field is the name.\n"
- "\n"
- "card_list - Return a list of serial numbers of active cards,\n"
- " using a status response.";
+ " version - Return the version of the program.\n"
+ " pid - Return the process id of the server.\n"
+ " socket_name - Return the name of the socket.\n"
+ " connections - Return number of active connections.\n"
+ " status - Return the status of the current reader (in the future,\n"
+ " may also return the status of all readers). The status\n"
+ " is a list of one-character flags. The following flags\n"
+ " are currently defined:\n"
+ " 'u' Usable card present.\n"
+ " 'r' Card removed. A reset is necessary.\n"
+ " These flags are exclusive.\n"
+ " reader_list - Return a list of detected card readers. Does\n"
+ " currently only work with the internal CCID driver.\n"
+ " deny_admin - Returns OK if admin commands are not allowed or\n"
+ " GPG_ERR_GENERAL if admin commands are allowed.\n"
+ " app_list - Return a list of supported applications. One\n"
+ " application per line, fields delimited by colons,\n"
+ " first field is the name.\n"
+ " card_list - Return a list of serial numbers of active cards,\n"
+ " using a status response.";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
else
rc = gpg_error (GPG_ERR_NO_DATA);
}
+ else if (!strcmp (line, "connections"))
+ {
+ char numbuf[20];
+
+ snprintf (numbuf, sizeof numbuf, "%d", get_active_connection_count ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
else if (!strcmp (line, "status"))
{
ctrl_t ctrl = assuan_get_pointer (ctx);
if (app)
{
ctrl->app_ctx = NULL;
- release_application (app);
+ release_application (app, 0);
}
if (locked_session && ctrl->server_local == locked_session)
{
{
sl->ctrl_backlink->app_ctx = NULL;
sl->card_removed = 1;
- release_application (app);
+ release_application (app, 1);
}
if (!sl->event_signal || !sl->assuan_ctx)
#include "ccid-driver.h"
#include "gc-opt-flags.h"
#include "asshelp.h"
+#include "exechelp.h"
#include "../common/init.h"
#ifndef ENAMETOOLONG
enum cmd_and_opt_values
{ aNull = 0,
- oCsh = 'c',
- oQuiet = 'q',
- oSh = 's',
- oVerbose = 'v',
+ oCsh = 'c',
+ oQuiet = 'q',
+ oSh = 's',
+ oVerbose = 'v',
oNoVerbose = 500,
aGPGConfList,
oDenyAdmin,
oDisableApplication,
oEnablePinpadVarlen,
- oDebugDisableTicker
};
N_("run in multi server mode (foreground)")),
ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
- ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
- ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
- ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
+ ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
+ ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
+ ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")),
- ARGPARSE_s_s (oDebug, "debug", "@"),
+ ARGPARSE_s_s (oDebug, "debug", "@"),
ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
ARGPARSE_s_s (oDebugLevel, "debug-level" ,
N_("|LEVEL|set the debugging level to LEVEL")),
ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
ARGPARSE_s_n (oDebugAllowCoreDump, "debug-allow-core-dump", "@"),
ARGPARSE_s_n (oDebugCCIDDriver, "debug-ccid-driver", "@"),
- ARGPARSE_s_n (oDebugDisableTicker, "debug-disable-ticker", "@"),
ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"),
ARGPARSE_p_u (oDebugAssuanLogCats, "debug-assuan-log-cats", "@"),
ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
#define DEFAULT_PCSC_DRIVER "libpcsclite.so"
#endif
-/* The timer tick used for housekeeping stuff. We poll every 500ms to
- let the user immediately know a status change.
+/* The timer tick used to check card removal.
+
+ We poll every 500ms to let the user immediately know a status
+ change.
+
+ For a card reader with an interrupt endpoint, this timer is not
+ used with the internal CCID driver.
This is not too good for power saving but given that there is no
easy way to block on card status changes it is the best we can do.
POSIX systems). */
static assuan_sock_nonce_t socket_nonce;
-/* Debug flag to disable the ticker. The ticker is in fact not
- disabled but it won't perform any ticker specific actions. */
-static int ticker_disabled;
-
-
+/* FD to notify update of usb devices. */
+static int notify_fd;
\f
static char *create_socket_name (char *standard_name);
static gnupg_fd_t create_server_socket (const char *name,
parse_debug++;
else if (pargs.r_opt == oOptions)
{ /* yes there is one, so we do not try the default one, but
- read the option file when it is encountered at the
- commandline */
+ read the option file when it is encountered at the
+ commandline */
default_config = 0;
- }
- else if (pargs.r_opt == oNoOptions)
+ }
+ else if (pargs.r_opt == oNoOptions)
default_config = 0; /* --no-options */
- else if (pargs.r_opt == oHomedir)
+ else if (pargs.r_opt == oHomedir)
gnupg_set_homedir (pargs.r.ret_str);
}
if( parse_debug )
log_info (_("Note: no default option file '%s'\n"),
configname );
- }
+ }
else
{
log_error (_("option file '%s': %s\n"),
configname, strerror(errno) );
exit(2);
- }
+ }
xfree (configname);
configname = NULL;
- }
+ }
if (parse_debug && configname )
log_info (_("reading options from '%s'\n"), configname );
default_config = 0;
ccid_set_debug_level (ccid_set_debug_level (-1)+1);
#endif /*HAVE_LIBUSB*/
break;
- case oDebugDisableTicker: ticker_disabled = 1; break;
case oDebugLogTid:
log_set_pid_suffix_cb (tid_log_callback);
break;
/* config files may not be nested (silently ignore them) */
if (!configfp)
{
- xfree(configname);
- configname = xstrdup(pargs.r.ret_str);
- goto next_pass;
- }
+ xfree(configname);
+ configname = xstrdup(pargs.r.ret_str);
+ goto next_pass;
+ }
break;
case oNoGreeting: nogreeting = 1; break;
case oNoVerbose: opt.verbose = 0; break;
add_to_strlist (&opt.disabled_applications, pargs.r.ret_str);
break;
- case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break;
+ case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break;
default:
pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
break;
- }
+ }
}
if (configfp)
{
char *filename_esc;
if (config_filename)
- filename = xstrdup (config_filename);
+ filename = xstrdup (config_filename);
else
filename = make_filename (gnupg_homedir (),
SCDAEMON_NAME EXTSEP_S "conf", NULL);
res = npth_attr_init (&tattr);
if (res)
- {
+ {
log_error ("error allocating thread attributes: %s\n",
strerror (res));
scd_exit (2);
log_info ("%s %s stopped\n", strusage(11), strusage(13) );
cleanup ();
scd_exit (0);
- }
+ }
break;
case SIGINT:
#endif /*!HAVE_W32_SYSTEM*/
-static void
-handle_tick (void)
-{
- if (!ticker_disabled)
- scd_update_reader_status_file ();
-}
-
-
/* Create a name for the socket. We check for valid characters as
well as against a maximum allowed length for a unix domain socket
is done. The function terminates the process in case of an error.
if (rc == -1)
{
log_error (_("error binding socket to '%s': %s\n"),
- unaddr->sun_path,
+ unaddr->sun_path,
gpg_strerror (gpg_error_from_syserror ()));
assuan_sock_close (fd);
scd_exit (2);
return NULL;
}
+ active_connections++;
+
scd_init_default_ctrl (ctrl);
if (opt.verbose)
log_info (_("handler for fd %d started\n"),
scd_deinit_default_ctrl (ctrl);
xfree (ctrl);
+
+ if (--active_connections == 0)
+ scd_kick_the_loop ();
+
return NULL;
}
+void
+scd_kick_the_loop (void)
+{
+ int ret;
+
+ /* Kick the select loop. */
+ ret = write (notify_fd, "", 1);
+ (void)ret;
+}
+
/* Connection handler loop. Wait for connection requests and spawn a
thread after accepting a connection. LISTEN_FD is allowed to be -1
in which case this code will only do regular timeouts and handle
struct sockaddr_un paddr;
socklen_t plen;
fd_set fdset, read_fdset;
+ int nfd;
int ret;
int fd;
- int nfd;
- struct timespec abstime;
- struct timespec curtime;
struct timespec timeout;
+ struct timespec *t;
int saved_errno;
#ifndef HAVE_W32_SYSTEM
int signo;
#endif
+ int pipe_fd[2];
+
+ ret = gnupg_create_pipe (pipe_fd);
+ if (ret)
+ {
+ log_error ("pipe creation failed: %s\n", gpg_strerror (ret));
+ return;
+ }
+ notify_fd = pipe_fd[1];
ret = npth_attr_init(&tattr);
- /* FIXME: Check error. */
+ if (ret)
+ {
+ log_error ("npth_attr_init failed: %s\n", strerror (ret));
+ return;
+ }
+
npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
#ifndef HAVE_W32_SYSTEM
nfd = listen_fd;
}
- npth_clock_gettime (&curtime);
- timeout.tv_sec = TIMERTICK_INTERVAL_SEC;
- timeout.tv_nsec = TIMERTICK_INTERVAL_USEC * 1000;
- npth_timeradd (&curtime, &timeout, &abstime);
- /* We only require abstime here. The others will be reused. */
+ FD_SET (pipe_fd[0], &fdset);
+ if (nfd < pipe_fd[0])
+ nfd = pipe_fd[0];
for (;;)
{
+ int periodical_check;
+
if (shutdown_pending)
{
if (active_connections == 0)
file descriptors to wait for, so that the select will be
used to just wait on a signal or timeout event. */
FD_ZERO (&fdset);
+ FD_SET (pipe_fd[0], &fdset);
+ nfd = pipe_fd[0];
listen_fd = -1;
- }
-
- npth_clock_gettime (&curtime);
- if (!(npth_timercmp (&curtime, &abstime, <)))
- {
- /* Timeout. */
- handle_tick ();
- timeout.tv_sec = TIMERTICK_INTERVAL_SEC;
- timeout.tv_nsec = TIMERTICK_INTERVAL_USEC * 1000;
- npth_timeradd (&curtime, &timeout, &abstime);
- }
- npth_timersub (&abstime, &curtime, &timeout);
+ }
+
+ periodical_check = scd_update_reader_status_file ();
+
+ timeout.tv_sec = TIMERTICK_INTERVAL_SEC;
+ timeout.tv_nsec = TIMERTICK_INTERVAL_USEC * 1000;
+
+ if (shutdown_pending || periodical_check)
+ t = &timeout;
+ else
+ t = NULL;
/* POSIX says that fd_set should be implemented as a structure,
thus a simple assignment is fine to copy the entire set. */
read_fdset = fdset;
#ifndef HAVE_W32_SYSTEM
- ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, npth_sigev_sigmask());
+ ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, t,
+ npth_sigev_sigmask ());
saved_errno = errno;
while (npth_sigev_get_pending(&signo))
- handle_signal (signo);
+ handle_signal (signo);
#else
- ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, NULL, NULL);
+ ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, t, NULL, NULL);
saved_errno = errno;
#endif
if (ret == -1 && saved_errno != EINTR)
- {
+ {
log_error (_("npth_pselect failed: %s - waiting 1s\n"),
strerror (saved_errno));
npth_sleep (1);
- continue;
- }
+ continue;
+ }
if (ret <= 0)
- /* Timeout. Will be handled when calculating the next timeout. */
- continue;
+ /* Timeout. Will be handled when calculating the next timeout. */
+ continue;
+
+ if (FD_ISSET (pipe_fd[0], &read_fdset))
+ {
+ char buf[256];
+
+ ret = read (pipe_fd[0], buf, sizeof buf);
+ }
if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset))
- {
+ {
ctrl_t ctrl;
plen = sizeof paddr;
- fd = npth_accept (listen_fd, (struct sockaddr *)&paddr, &plen);
- if (fd == -1)
- {
- log_error ("accept failed: %s\n", strerror (errno));
- }
+ fd = npth_accept (listen_fd, (struct sockaddr *)&paddr, &plen);
+ if (fd == -1)
+ {
+ log_error ("accept failed: %s\n", strerror (errno));
+ }
else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) )
{
log_error ("error allocating connection control data: %s\n",
else
{
char threadname[50];
- npth_t thread;
+ npth_t thread;
snprintf (threadname, sizeof threadname, "conn fd=%d", fd);
ctrl->thread_startup.fd = INT2FD (fd);
ret = npth_create (&thread, &tattr, start_connection_thread, ctrl);
- if (ret)
+ if (ret)
{
log_error ("error spawning connection handler: %s\n",
strerror (ret));
close (fd);
}
else
- npth_setname_np (thread, threadname);
+ npth_setname_np (thread, threadname);
}
- fd = -1;
- }
+ }
}
+ close (pipe_fd[0]);
+ close (pipe_fd[1]);
cleanup ();
log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
npth_attr_destroy (&tattr);
}
+
+/* Return the number of active connections. */
+int
+get_active_connection_count (void)
+{
+ return active_connections;
+}
void send_status_info (ctrl_t ctrl, const char *keyword, ...)
GPGRT_ATTR_SENTINEL(1);
void send_status_direct (ctrl_t ctrl, const char *keyword, const char *args);
-void scd_update_reader_status_file (void);
void send_client_notifications (app_t app, int removal);
+void scd_kick_the_loop (void);
+int get_active_connection_count (void);
+/*-- app.c --*/
+int scd_update_reader_status_file (void);
#endif /*SCDAEMON_H*/
call-agent.c \
call-dirmngr.c \
fingerprint.c \
- base64.c \
certlist.c \
certdump.c \
certcheck.c \
}
-/* Take a 20 byte hexencoded string and put it into the the provided
+/* Take a 20 byte hexencoded string and put it into the provided
20 byte buffer FPR in binary format. */
static int
unhexify_fpr (const char *hexstr, unsigned char *fpr)
}
/* If this is a German signature law issued certificate, we store
- additional additional information. */
+ additional information. */
if (!gpgsm_is_in_qualified_list (NULL, array[depth-1], country)
&& !strcmp (country, "de"))
{
/* certdump.c - Dump a certificate for debugging
- * Copyright (C) 2001, 2004, 2007 Free Software Foundation, Inc.
+ * Copyright (C) 2001-2010, 2014-2015 g10 Code GmbH
*
* This file is part of GnuPG.
*
{
/* Forward to the last multi-valued RDN, so that we can
print them all in reverse in the correct order. Note
- that this overrides the the standard sequence but that
+ that this overrides the standard sequence but that
seems to a reasonable thing to do with multi-valued
RDNs. */
while (dn->multivalued && dn[1].key)
{
if (!first_subject)
{
- /* Save the the subject and the issuer for key usage
+ /* Save the subject and the issuer for key usage
and ambiguous name tests. */
first_subject = ksba_cert_get_subject (cert, 0);
first_issuer = ksba_cert_get_issuer (cert, 0);
gpg_error_t err;
ksba_sexp_t public;
size_t publiclen;
- const char *algostr;
+ int algo;
if (hexgrip[0] == '&')
hexgrip++;
return NULL;
publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL);
- get_pk_algo_from_canon_sexp (public, publiclen, &algostr);
+ algo = get_pk_algo_from_canon_sexp (public, publiclen);
xfree (public);
- if (!algostr)
- return NULL;
- else if (!strcmp (algostr, "rsa"))
- return "RSA";
- else if (!strcmp (algostr, "dsa"))
- return "DSA";
- else if (!strcmp (algostr, "elg"))
- return "ELG";
- else if (!strcmp (algostr, "ecdsa"))
- return "ECDSA";
- else
- return NULL;
+ switch (algo)
+ {
+ case GCRY_PK_RSA: return "RSA";
+ case GCRY_PK_DSA: return "DSA";
+ case GCRY_PK_ELG: return "ELG";
+ case GCRY_PK_EDDSA: return "ECDSA";
+ default: return NULL;
+ }
}
if (!outctrl->dryrun)
{
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
int create_cert ;
create_cert = !!get_parameter_value (para, pSERIAL, 0);
ctrl->pem_name = create_cert? "CERTIFICATE" : "CERTIFICATE REQUEST";
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
log_error ("can't create writer: %s\n", gpg_strerror (rc));
else
rc = create_request (ctrl, para, cardkeyid, public, sigkey, writer);
if (!rc)
{
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
log_error ("write failed: %s\n", gpg_strerror (rc));
else
create_cert?"":" request");
}
}
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
}
}
gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
{
int rc;
- Base64Context b64reader = NULL;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64reader = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_reader_t reader;
ksba_writer_t writer;
ksba_cms_t cms = NULL;
goto leave;
}
- rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, 0, &reader);
+ rc = gnupg_ksba_create_reader
+ (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
+ | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)),
+ in_fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gpg_strerror (rc));
goto leave;
}
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
}
while (stopreason != KSBA_SR_READY);
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
gpg_strerror (rc), gpg_strsource (rc));
}
ksba_cms_release (cms);
- gpgsm_destroy_reader (b64reader);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_reader (b64reader);
+ gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
es_fclose (in_fp);
if (dfparm.hd)
gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
{
int rc = 0;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
gpg_error_t err;
ksba_writer_t writer;
ksba_reader_t reader = NULL;
encparm.fp = data_fp;
ctrl->pem_name = "ENCRYPTED MESSAGE";
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
}
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
leave:
ksba_cms_release (cms);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
ksba_reader_release (reader);
keydb_release (kh);
xfree (dek);
KEYDB_HANDLE hd = NULL;
KEYDB_SEARCH_DESC *desc = NULL;
int ndesc;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
strlist_t sl;
ksba_cert_t cert = NULL;
if (!b64writer)
{
ctrl->pem_name = "CERTIFICATE";
- rc = gpgsm_create_writer (&b64writer, ctrl, stream, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 :0)),
+ ctrl->pem_name, stream, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
if (ctrl->create_pem)
{
/* We want one certificate per PEM block */
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;
}
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
b64writer = NULL;
}
}
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
else if (b64writer)
{
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
}
leave:
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
ksba_cert_release (cert);
xfree (desc);
keydb_release (hd);
gpg_error_t err = 0;
KEYDB_HANDLE hd;
KEYDB_SEARCH_DESC *desc = NULL;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
ksba_cert_t cert = NULL;
const unsigned char *image;
ctrl->pem_name = "PRIVATE KEY";
else
ctrl->pem_name = "RSA PRIVATE KEY";
- err = gpgsm_create_writer (&b64writer, ctrl, stream, &writer);
+ err = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, stream, &writer);
if (err)
{
log_error ("can't create writer: %s\n", gpg_strerror (err));
if (ctrl->create_pem)
{
/* We want one certificate per PEM block */
- err = gpgsm_finish_writer (b64writer);
+ err = gnupg_ksba_finish_writer (b64writer);
if (err)
{
log_error ("write failed: %s\n", gpg_strerror (err));
goto leave;
}
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
b64writer = NULL;
}
cert = NULL;
leave:
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
ksba_cert_release (cert);
xfree (desc);
keydb_release (hd);
#include "../common/status.h"
#include "../common/audit.h"
#include "../common/session-env.h"
+#include "../common/ksba-io-support.h"
#define MAX_DIGEST_LEN 64
};
-/* Data structure used in base64.c. */
-typedef struct base64_context_s *Base64Context;
-
-
/* An object to keep a list of certificates. */
struct certlist_s
{
char *gpgsm_get_certid (ksba_cert_t cert);
-/*-- base64.c --*/
-int gpgsm_create_reader (Base64Context *ctx,
- ctrl_t ctrl, estream_t fp, int allow_multi_pem,
- ksba_reader_t *r_reader);
-int gpgsm_reader_eof_seen (Base64Context ctx);
-void gpgsm_destroy_reader (Base64Context ctx);
-int gpgsm_create_writer (Base64Context *ctx,
- ctrl_t ctrl, estream_t stream,
- ksba_writer_t *r_writer);
-int gpgsm_finish_writer (Base64Context ctx);
-void gpgsm_destroy_writer (Base64Context ctx);
-
-
/*-- certdump.c --*/
void gpgsm_print_serial (estream_t fp, ksba_const_sexp_t p);
void gpgsm_print_time (estream_t fp, ksba_isotime_t t);
import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
{
int rc;
- Base64Context b64reader = NULL;
+ gnupg_ksba_io_t b64reader = NULL;
ksba_reader_t reader;
ksba_cert_t cert = NULL;
ksba_cms_t cms = NULL;
goto leave;
}
- rc = gpgsm_create_reader (&b64reader, ctrl, fp, 1, &reader);
+ rc = gnupg_ksba_create_reader
+ (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
+ | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)
+ | GNUPG_KSBA_IO_MULTIPEM),
+ fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gpg_strerror (rc));
ksba_reader_clear (reader, NULL, NULL);
}
- while (!gpgsm_reader_eof_seen (b64reader));
+ while (!gnupg_ksba_reader_eof_seen (b64reader));
leave:
if (any && gpg_err_code (rc) == GPG_ERR_EOF)
rc = 0;
ksba_cms_release (cms);
ksba_cert_release (cert);
- gpgsm_destroy_reader (b64reader);
+ gnupg_ksba_destroy_reader (b64reader);
es_fclose (fp);
return rc;
}
/* Do we have an URL?
gnupg-kbx:filename := this is a plain keybox
- filename := See what is is, but create as plain keybox.
+ filename := See what it is, but create as plain keybox.
*/
if (strlen (resname) > 10)
{
}
-/* Same as standard mode mode list all certifying certs too. */
+/* Same as standard mode list all certifying certs too. */
static void
list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
ksba_cert_t cert, int raw_mode,
{
int i, rc;
gpg_error_t err;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
ksba_cms_t cms = NULL;
ksba_stop_reason_t stopreason;
}
ctrl->pem_name = "SIGNED MESSAGE";
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
}
while (stopreason != KSBA_SR_READY);
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
if (release_signerlist)
gpgsm_release_certlist (signerlist);
ksba_cms_release (cms);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
gcry_md_close (data_md);
return rc;
gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
{
int i, rc;
- Base64Context b64reader = NULL;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64reader = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_reader_t reader;
ksba_writer_t writer = NULL;
ksba_cms_t cms = NULL;
goto leave;
}
- rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, 0, &reader);
+ rc = gnupg_ksba_create_reader
+ (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
+ | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)),
+ in_fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gpg_strerror (rc));
if (out_fp)
{
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
if (b64writer)
{
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
leave:
ksba_cms_release (cms);
- gpgsm_destroy_reader (b64reader);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_reader (b64reader);
+ gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
gcry_md_close (data_md);
es_fclose (in_fp);
(setenv "PATH" (string-append (path-join (getenv "GNUPG_BUILDDIR") "tools")
(string *pathsep*) (getenv "PATH")) #t)
+;; The tests expect the pinentry to return the passphrase "abc".
+(setenv "PINENTRY_USER_DATA" "abc" #t)
+
(define (create-file name content)
(letfd ((fd (open name (logior O_WRONLY O_CREAT O_BINARY) #o600)))
(display content (fdopen fd "wb"))))
(create-file "gpg.conf" "no-force-v3-sigs\n")
(create-file
"gpg-agent.conf"
- (string-append "pinentry-program "
- (in-gpgme-srcdir "tests" "gpg" "pinentry") "\n"))
+ (string-append "pinentry-program " (tool 'pinentry)))
(mkdir "private-keys-v1.d" "-rwx")
(log "Storing private keys")
(apply path-join
`(,(if (compiled? name)
gpgme-builddir
- gpgme-srcdir) ,@(:path cmpnts),name)))
+ gpgme-srcdir) ,@(:path cmpnts) ,(qualify name))))
(let ((makefile (apply path-join `(,gpgme-srcdir ,@(:path cmpnts)
"Makefile.am"))))
(map (lambda (name)
(log "Importing extra key...")
(call-check `(,@GPG --yes --import ,(in-srcdir "pubkey-1.asc"))))))
-(log "Running" (car executable))
-(exit (run executable))
+(if (file-exists? (car executable))
+ (begin
+ (log "Running" (car executable))
+ (exit (run executable)))
+ (skip (car executable) "is not built"))
lib.scm \
repl.scm \
t-child.scm \
- tests.scm
+ tests.scm \
+ time.scm
AM_CPPFLAGS = -I$(top_srcdir)/common
include $(top_srcdir)/am/cmacros.am
}
static pointer
+do_get_time (scheme *sc, pointer args)
+{
+ FFI_PROLOG ();
+ FFI_ARGS_DONE_OR_RETURN (sc, args);
+ FFI_RETURN_INT (sc, gnupg_get_time ());
+}
+
+static pointer
do_getpid (scheme *sc, pointer args)
{
FFI_PROLOG ();
ffi_define_function (sc, mkdir);
ffi_define_function (sc, rmdir);
ffi_define_function (sc, get_isotime);
+ ffi_define_function (sc, get_time);
ffi_define_function (sc, getpid);
/* Random numbers. */
;; Low-level mechanism to terminate the process.
(ffi-define (_exit status))
+
+;; Get the current time in seconds since the epoch.
+(ffi-define (get-time))
(display n)
(display ": ")
(let ((tag (get-tag f)))
- (unless (null? tag)
- (display (basename (car tag)))
- (display ":")
- (display (+ 1 (cdr tag)))
- (display ": ")))
+ (when (and (pair? tag) (string? (car tag)) (number? (cdr tag)))
+ (display (basename (car tag)))
+ (display ":")
+ (display (+ 1 (cdr tag)))
+ (display ": ")))
(write f))
(newline)
(loop (+ n 1) skip (cdr frames))))))
(macro (assert form)
(let ((tag (get-tag form)))
`(if (not ,(cadr form))
- (throw ,(if (pair? tag)
+ (throw ,(if (and (pair? tag) (string? (car tag)) (number? (cdr tag)))
`(string-append ,(car tag) ":"
,(number->string (+ 1 (cdr tag)))
": Assertion failed: ")
}
}
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
struct {
FILE *file;
int closeit;
-#if SHOW_ERROR_LINE
- pointer curr_line;
- pointer filename;
-#endif
} stdio;
struct {
char *start;
char *curr;
} string;
} rep;
+#if SHOW_ERROR_LINE
+ pointer curr_line;
+ pointer filename;
+#endif
} port;
/* cell structure */
struct cell *_cdr;
} _cons;
struct {
+ size_t _length;
+ pointer _elements[0];
+ } _vector;
+ struct {
char *_data;
const foreign_object_vtable *_vtable;
} _foreign_object;
# define FIRST_CELLSEGS 3
#endif
+\f
+
+/* Support for immediate values.
+ *
+ * Immediate values are tagged with IMMEDIATE_TAG, which is neither
+ * used in types, nor in pointer values.
+ *
+ * XXX: Currently, we only use this to tag pointers in vectors. */
+#define IMMEDIATE_TAG 1
+#define is_immediate(p) ((pointer) ((uintptr_t) (p) & IMMEDIATE_TAG))
+#define set_immediate(p) ((pointer) ((uintptr_t) (p) | IMMEDIATE_TAG))
+#define clr_immediate(p) ((pointer) ((uintptr_t) (p) & ~IMMEDIATE_TAG))
+
+\f
+
enum scheme_types {
- T_STRING=1,
- T_NUMBER=2,
- T_SYMBOL=3,
- T_PROC=4,
- T_PAIR=5,
- T_CLOSURE=6,
- T_CONTINUATION=7,
- T_FOREIGN=8,
- T_CHARACTER=9,
- T_PORT=10,
- T_VECTOR=11,
- T_MACRO=12,
- T_PROMISE=13,
- T_ENVIRONMENT=14,
- T_FOREIGN_OBJECT=15,
- T_BOOLEAN=16,
- T_NIL=17,
- T_EOF_OBJ=18,
- T_SINK=19,
- T_LAST_SYSTEM_TYPE=19
+ T_STRING=1 << 1, /* Do not use the lsb, it is used for
+ * immediate values. */
+ T_NUMBER=2 << 1,
+ T_SYMBOL=3 << 1,
+ T_PROC=4 << 1,
+ T_PAIR=5 << 1,
+ T_CLOSURE=6 << 1,
+ T_CONTINUATION=7 << 1,
+ T_FOREIGN=8 << 1,
+ T_CHARACTER=9 << 1,
+ T_PORT=10 << 1,
+ T_VECTOR=11 << 1,
+ T_MACRO=12 << 1,
+ T_PROMISE=13 << 1,
+ T_ENVIRONMENT=14 << 1,
+ T_FOREIGN_OBJECT=15 << 1,
+ T_BOOLEAN=16 << 1,
+ T_NIL=17 << 1,
+ T_EOF_OBJ=18 << 1,
+ T_SINK=19 << 1,
+ T_LAST_SYSTEM_TYPE=19 << 1
};
static const char *
}
/* ADJ is enough slack to align cells in a TYPE_BITS-bit boundary */
-#define ADJ 32
-#define TYPE_BITS 5
-#define T_MASKTYPE 31 /* 0000000000011111 */
+#define TYPE_BITS 6
+#define ADJ (1 << TYPE_BITS)
+#define T_MASKTYPE (ADJ - 1)
#define T_TAGGED 1024 /* 0000010000000000 */
#define T_FINALIZE 2048 /* 0000100000000000 */
#define T_SYNTAX 4096 /* 0001000000000000 */
INTERFACE static int is_list(scheme *sc, pointer p);
INTERFACE INLINE int is_vector(pointer p) { return (type(p)==T_VECTOR); }
+/* Given a vector, return it's length. */
+#define vector_length(v) (v)->_object._vector._length
+/* Given a vector length, compute the amount of cells required to
+ * represent it. */
+#define vector_size(len) (1 + ((len) - 1 + 2) / 3)
INTERFACE static void fill_vector(pointer vec, pointer obj);
INTERFACE static pointer vector_elem(pointer vec, int ielem);
INTERFACE static pointer set_vector_elem(pointer vec, int ielem, pointer a);
if (sc->inhibit_gc == 0) {
reserve_cells(sc, (reserve));
sc->reserved_cells = (reserve);
-#ifndef NDEBUG
+#ifdef NDEBUG
(void) lineno;
#else
sc->reserved_lineno = lineno;
static pointer get_vector_object(scheme *sc, int len, pointer init)
{
- pointer cells = get_consecutive_cells(sc,len/2+len%2+1);
+ pointer cells = get_consecutive_cells(sc, vector_size(len));
if(sc->no_memory) { return sc->sink; }
/* Record it as a vector so that gc understands it. */
- typeflag(cells) = (T_VECTOR | T_ATOM);
- ivalue_unchecked(cells)=len;
- set_num_integer(cells);
+ typeflag(cells) = (T_VECTOR | T_ATOM | T_FINALIZE);
+ vector_length(cells) = len;
fill_vector(cells,init);
if (gc_enabled (sc))
push_recent_alloc(sc, cells, sc->NIL);
return cells;
}
-#if defined TSGRIND
-static void check_cell_alloced(pointer p, int expect_alloced)
-{
- /* Can't use putstr(sc,str) because callers have no access to
- sc. */
- if(typeflag(p) & !expect_alloced)
- {
- fprintf(stderr,"Cell is already allocated!\n");
- }
- if(!(typeflag(p)) & expect_alloced)
- {
- fprintf(stderr,"Cell is not allocated!\n");
- }
-
-}
-static void check_range_alloced(pointer p, int n, int expect_alloced)
-{
- int i;
- for(i = 0;i<n;i++)
- { (void)check_cell_alloced(p+i,expect_alloced); }
-}
-
-#endif
-
/* Medium level cell allocation */
/* get new cons cell */
static pointer oblist_initial_value(scheme *sc)
{
- return mk_vector(sc, 461); /* probably should be bigger */
+ /* There are about 768 symbols used after loading the
+ * interpreter. */
+ return mk_vector(sc, 1009);
}
-/* returns the new symbol */
-static pointer oblist_add_by_name(scheme *sc, const char *name)
+/* Add a new symbol NAME at SLOT. SLOT must be obtained using
+ * oblist_find_by_name, and no insertion must be done between
+ * obtaining the SLOT and calling this function. Returns the new
+ * symbol.
+ *
+ * If SLOT is NULL, the new symbol is be placed at the appropriate
+ * place in the vector. */
+static pointer oblist_add_by_name(scheme *sc, const char *name, pointer *slot)
{
#define oblist_add_by_name_allocates 3
pointer x;
typeflag(x) = T_SYMBOL;
setimmutable(car(x));
- location = hash_fn(name, ivalue_unchecked(sc->oblist));
- set_vector_elem(sc->oblist, location,
- immutable_cons(sc, x, vector_elem(sc->oblist, location)));
+ if (slot == NULL) {
+ location = hash_fn(name, vector_length(sc->oblist));
+ set_vector_elem(sc->oblist, location,
+ immutable_cons(sc, x, vector_elem(sc->oblist, location)));
+ } else {
+ *slot = immutable_cons(sc, x, *slot);
+ }
+
gc_enable(sc);
return x;
}
-static INLINE pointer oblist_find_by_name(scheme *sc, const char *name)
+/* Lookup the symbol NAME. Returns the symbol, or NIL if it does not
+ * exist. In that case, SLOT points to the point where the new symbol
+ * is to be inserted.
+ *
+ * SLOT may be set to NULL if the new symbol should be placed at the
+ * appropriate place in the vector. */
+static INLINE pointer
+oblist_find_by_name(scheme *sc, const char *name, pointer **slot)
{
int location;
pointer x;
char *s;
+ int d;
- location = hash_fn(name, ivalue_unchecked(sc->oblist));
- for (x = vector_elem(sc->oblist, location); x != sc->NIL; x = cdr(x)) {
+ location = hash_fn(name, vector_length(sc->oblist));
+ for (*slot = NULL, x = vector_elem(sc->oblist, location);
+ x != sc->NIL; *slot = &cdr(x), x = **slot) {
s = symname(car(x));
/* case-insensitive, per R5RS section 2. */
- if(stricmp(name, s) == 0) {
- return car(x);
- }
+ d = stricmp(name, s);
+ if (d == 0)
+ return car(x); /* Hit. */
+ else if (d > 0)
+ break; /* Miss. */
}
return sc->NIL;
}
pointer x;
pointer ob_list = sc->NIL;
- for (i = 0; i < ivalue_unchecked(sc->oblist); i++) {
+ for (i = 0; i < vector_length(sc->oblist); i++) {
for (x = vector_elem(sc->oblist, i); x != sc->NIL; x = cdr(x)) {
ob_list = cons(sc, x, ob_list);
}
return sc->NIL;
}
-static INLINE pointer oblist_find_by_name(scheme *sc, const char *name)
+/* Lookup the symbol NAME. Returns the symbol, or NIL if it does not
+ * exist. In that case, SLOT points to the point where the new symbol
+ * is to be inserted. */
+static INLINE pointer
+oblist_find_by_name(scheme *sc, const char *name, pointer **slot)
{
pointer x;
char *s;
+ int d;
- for (x = sc->oblist; x != sc->NIL; x = cdr(x)) {
+ for (*slot = &sc->oblist, x = **slot; x != sc->NIL; *slot = &cdr(x), x = **slot) {
s = symname(car(x));
/* case-insensitive, per R5RS section 2. */
- if(stricmp(name, s) == 0) {
- return car(x);
- }
+ d = stricmp(name, s);
+ if (d == 0)
+ return car(x); /* Hit. */
+ else if (d > 0)
+ break; /* Miss. */
}
return sc->NIL;
}
-/* returns the new symbol */
-static pointer oblist_add_by_name(scheme *sc, const char *name)
+/* Add a new symbol NAME at SLOT. SLOT must be obtained using
+ * oblist_find_by_name, and no insertion must be done between
+ * obtaining the SLOT and calling this function. Returns the new
+ * symbol. */
+static pointer oblist_add_by_name(scheme *sc, const char *name, pointer *slot)
{
+#define oblist_add_by_name_allocates 3
pointer x;
x = immutable_cons(sc, mk_string(sc, name), sc->NIL);
typeflag(x) = T_SYMBOL;
setimmutable(car(x));
- sc->oblist = immutable_cons(sc, x, sc->oblist);
+ *slot = immutable_cons(sc, x, *slot);
return x;
}
static pointer oblist_all_symbols(scheme *sc)
{ return get_vector_object(sc,len,sc->NIL); }
INTERFACE static void fill_vector(pointer vec, pointer obj) {
- int i;
- int n = ivalue(vec)/2+ivalue(vec)%2;
- for(i=0; i < n; i++) {
- typeflag(vec+1+i) = T_PAIR;
- setimmutable(vec+1+i);
- car(vec+1+i)=obj;
- cdr(vec+1+i)=obj;
+ size_t i;
+ assert (is_vector (vec));
+ for(i = 0; i < vector_length(vec); i++) {
+ vec->_object._vector._elements[i] = set_immediate(obj);
}
}
INTERFACE static pointer vector_elem(pointer vec, int ielem) {
- int n=ielem/2;
- if(ielem%2==0) {
- return car(vec+1+n);
- } else {
- return cdr(vec+1+n);
- }
+ assert (is_vector (vec));
+ assert (ielem < vector_length(vec));
+ return clr_immediate(vec->_object._vector._elements[ielem]);
}
INTERFACE static pointer set_vector_elem(pointer vec, int ielem, pointer a) {
- int n=ielem/2;
- if(ielem%2==0) {
- return car(vec+1+n)=a;
- } else {
- return cdr(vec+1+n)=a;
- }
+ assert (is_vector (vec));
+ assert (ielem < vector_length(vec));
+ vec->_object._vector._elements[ielem] = set_immediate(a);
+ return a;
}
/* get new symbol */
INTERFACE pointer mk_symbol(scheme *sc, const char *name) {
#define mk_symbol_allocates oblist_add_by_name_allocates
pointer x;
+ pointer *slot;
/* first check oblist */
- x = oblist_find_by_name(sc, name);
+ x = oblist_find_by_name(sc, name, &slot);
if (x != sc->NIL) {
return (x);
} else {
- x = oblist_add_by_name(sc, name);
+ x = oblist_add_by_name(sc, name, slot);
return (x);
}
}
INTERFACE pointer gensym(scheme *sc) {
pointer x;
+ pointer *slot;
char name[40];
for(; sc->gensym_cnt<LONG_MAX; sc->gensym_cnt++) {
snprintf(name,40,"gensym-%ld",sc->gensym_cnt);
/* first check oblist */
- x = oblist_find_by_name(sc, name);
+ x = oblist_find_by_name(sc, name, &slot);
if (x != sc->NIL) {
continue;
} else {
- x = oblist_add_by_name(sc, name);
+ x = oblist_add_by_name(sc, name, slot);
return (x);
}
}
E2: setmark(p);
if(is_vector(p)) {
int i;
- int n = ivalue_unchecked(p)/2+ivalue_unchecked(p)%2;
- for(i=0; i < n; i++) {
- /* Vector cells will be treated like ordinary cells */
- mark(p+1+i);
+ for (i = 0; i < vector_length(p); i++) {
+ mark(clr_immediate(p->_object._vector._elements[i]));
}
}
#if SHOW_ERROR_LINE
else if (is_port(p)) {
port *pt = p->_object._port;
- if (pt->kind & port_file) {
- mark(pt->rep.stdio.curr_line);
- mark(pt->rep.stdio.filename);
- }
+ mark(pt->curr_line);
+ mark(pt->filename);
}
#endif
/* Mark tag if p has one. */
mark(sc->outport);
mark(sc->loadport);
for (i = 0; i <= sc->file_i; i++) {
- if (! (sc->load_stack[i].kind & port_file))
- continue;
-
- mark(sc->load_stack[i].rep.stdio.filename);
- mark(sc->load_stack[i].rep.stdio.curr_line);
+ mark(sc->load_stack[i].filename);
+ mark(sc->load_stack[i].curr_line);
}
/* Mark recent objects the interpreter doesn't know about yet. */
for (i = sc->last_cell_seg; i >= 0; i--) {
p = sc->cell_seg[i] + CELL_SEGSIZE;
while (--p >= sc->cell_seg[i]) {
+ if (typeflag(p) & IMMEDIATE_TAG)
+ continue;
if (is_mark(p)) {
clrmark(p);
} else {
sc->free(a->_object._port);
} else if(is_foreign_object(a)) {
a->_object._foreign_object._vtable->finalize(sc, a->_object._foreign_object._data);
+ } else if (is_vector(a)) {
+ int i;
+ for (i = vector_size(vector_length(a)) - 1; i > 0; i--) {
+ pointer p = a + i;
+ typeflag(p) = 0;
+ car(p) = sc->NIL;
+ cdr(p) = sc->free_cell;
+ sc->free_cell = p;
+ sc->fcells += 1;
+ }
}
}
static void
port_clear_location (scheme *sc, port *p)
{
- assert(p->kind & port_file);
- p->rep.stdio.curr_line = sc->NIL;
- p->rep.stdio.filename = sc->NIL;
+ p->curr_line = sc->NIL;
+ p->filename = sc->NIL;
+}
+
+static void
+port_increment_current_line (scheme *sc, port *p, long delta)
+{
+ if (delta == 0)
+ return;
+
+ p->curr_line =
+ mk_integer(sc, ivalue_unchecked(p->curr_line) + delta);
+}
+
+static void
+port_init_location (scheme *sc, port *p, pointer name)
+{
+ p->curr_line = mk_integer(sc, 0);
+ p->filename = name ? name : mk_string(sc, "<unknown>");
}
+#else
+
static void
-port_reset_current_line (scheme *sc, port *p)
+port_clear_location (scheme *sc, port *p)
{
- assert(p->kind & port_file);
- p->rep.stdio.curr_line = mk_integer(sc, 0);
}
static void
port_increment_current_line (scheme *sc, port *p, long delta)
{
- assert(p->kind & port_file);
- p->rep.stdio.curr_line =
- mk_integer(sc, ivalue_unchecked(p->rep.stdio.curr_line) + delta);
}
+
+static void
+port_init_location (scheme *sc, port *p, pointer name)
+{
+}
+
#endif
/* ========== Routines for Reading ========== */
sc->load_stack[sc->file_i].rep.stdio.closeit=1;
sc->nesting_stack[sc->file_i]=0;
sc->loadport->_object._port=sc->load_stack+sc->file_i;
-
-#if SHOW_ERROR_LINE
- port_reset_current_line(sc, &sc->load_stack[sc->file_i]);
- sc->load_stack[sc->file_i].rep.stdio.filename = fname;
-#endif
+ port_init_location(sc, &sc->load_stack[sc->file_i], fname);
}
return fin!=0;
}
if(sc->file_i != 0) {
sc->nesting=sc->nesting_stack[sc->file_i];
port_close(sc,sc->loadport,port_input);
-#if SHOW_ERROR_LINE
- if (sc->load_stack[sc->file_i].kind & port_file)
- port_clear_location(sc, &sc->load_stack[sc->file_i]);
-#endif
+ port_clear_location(sc, &sc->load_stack[sc->file_i]);
sc->file_i--;
sc->loadport->_object._port=sc->load_stack+sc->file_i;
}
}
pt=port_rep_from_file(sc,f,prop);
pt->rep.stdio.closeit=1;
-
-#if SHOW_ERROR_LINE
- if (fn)
- pt->rep.stdio.filename = mk_string(sc, fn);
- else
- pt->rep.stdio.filename = mk_string(sc, "<unknown>");
-
- port_reset_current_line(sc, pt);
-#endif
+ port_init_location(sc, pt, mk_string(sc, fn));
return pt;
}
pt->kind = port_file | prop;
pt->rep.stdio.file = f;
pt->rep.stdio.closeit = 0;
-#if SHOW_ERROR_LINE
- pt->rep.stdio.filename = mk_string(sc, "<unknown>");
- port_reset_current_line(sc, pt);
-#endif
+ port_init_location(sc, pt, NULL);
return pt;
}
pt->rep.string.start=start;
pt->rep.string.curr=start;
pt->rep.string.past_the_end=past_the_end;
+ port_init_location(sc, pt, NULL);
return pt;
}
pt->rep.string.start=start;
pt->rep.string.curr=start;
pt->rep.string.past_the_end=start+BLOCK_SIZE-1;
+ port_init_location(sc, pt, NULL);
return pt;
}
port *pt=p->_object._port;
pt->kind&=~flag;
if((pt->kind & (port_input|port_output))==0) {
+ /* Cleanup is here so (close-*-port) functions could work too */
+ port_clear_location(sc, pt);
if(pt->kind&port_file) {
-
-#if SHOW_ERROR_LINE
- /* Cleanup is here so (close-*-port) functions could work too */
- port_clear_location(sc, pt);
-#endif
-
fclose(pt->rep.stdio.file);
}
pt->kind=port_free;
#endif
} while (isspace(c));
-/* record it */
-#if SHOW_ERROR_LINE
- {
- port *p = &sc->load_stack[sc->file_i];
- if (p->kind & port_file)
- port_increment_current_line(sc, p, curr_line);
- }
-#endif
+ /* record it */
+ port_increment_current_line(sc, &sc->load_stack[sc->file_i], curr_line);
if(c!=EOF) {
backchar(sc,c);
while ((c=inchar(sc)) != '\n' && c!=EOF)
;
-#if SHOW_ERROR_LINE
- if(c == '\n' && sc->load_stack[sc->file_i].kind & port_file)
+ if(c == '\n')
port_increment_current_line(sc, &sc->load_stack[sc->file_i], 1);
-#endif
if(c == EOF)
{ return (TOK_EOF); }
while ((c=inchar(sc)) != '\n' && c!=EOF)
;
-#if SHOW_ERROR_LINE
- if(c == '\n' && sc->load_stack[sc->file_i].kind & port_file)
+ if(c == '\n')
port_increment_current_line(sc, &sc->load_stack[sc->file_i], 1);
-#endif
if(c == EOF)
{ return (TOK_EOF); }
}
#endif
+/* Compares A and B. Returns an integer less than, equal to, or
+ * greater than zero if A is stored at a memory location that is
+ * numerical less than, equal to, or greater than that of B. */
+static int
+pointercmp(pointer a, pointer b)
+{
+ uintptr_t a_n = (uintptr_t) a;
+ uintptr_t b_n = (uintptr_t) b;
+
+ if (a_n < b_n)
+ return -1;
+ if (a_n > b_n)
+ return 1;
+ return 0;
+}
+
#ifndef USE_ALIST_ENV
/*
{
pointer new_frame;
- /* The interaction-environment has about 300 variables in it. */
+ /* The interaction-environment has about 480 variables in it. */
if (old_env == sc->NIL) {
- new_frame = mk_vector(sc, 461);
+ new_frame = mk_vector(sc, 751);
} else {
new_frame = sc->NIL;
}
setenvironment(sc->envir);
}
+/* Insert (VARIABLE, VALUE) at SSLOT. SSLOT must be obtained using
+ * find_slot_spec_in_env, and no insertion must be done between
+ * obtaining SSLOT and the call to this function.
+ *
+ * If SSLOT is NULL, the new slot is put into the appropriate place in
+ * the environment vector. */
static INLINE void new_slot_spec_in_env(scheme *sc, pointer env,
- pointer variable, pointer value)
+ pointer variable, pointer value,
+ pointer *sslot)
{
#define new_slot_spec_in_env_allocates 2
pointer slot;
gc_disable(sc, gc_reservations (new_slot_spec_in_env));
slot = immutable_cons(sc, variable, value);
- if (is_vector(car(env))) {
- int location = hash_fn(symname(variable), ivalue_unchecked(car(env)));
+ if (sslot == NULL) {
+ int location;
+ assert(is_vector(car(env)));
+ location = hash_fn(symname(variable), vector_length(car(env)));
set_vector_elem(car(env), location,
immutable_cons(sc, slot, vector_elem(car(env), location)));
} else {
- car(env) = immutable_cons(sc, slot, car(env));
+ *sslot = immutable_cons(sc, slot, *sslot);
}
gc_enable(sc);
}
-static pointer find_slot_in_env(scheme *sc, pointer env, pointer hdl, int all)
+/* Find the slot in ENV under the key HDL. If ALL is given, look in
+ * all environments enclosing ENV. If the lookup fails, and SSLOT is
+ * given, the position where the new slot has to be inserted is stored
+ * at SSLOT.
+ *
+ * SSLOT may be set to NULL if the new symbol should be placed at the
+ * appropriate place in the vector. */
+static pointer
+find_slot_spec_in_env(scheme *sc, pointer env, pointer hdl, int all, pointer **sslot)
{
pointer x,y;
int location;
+ pointer *sl;
+ int d;
+ assert(is_symbol(hdl));
for (x = env; x != sc->NIL; x = cdr(x)) {
if (is_vector(car(x))) {
- location = hash_fn(symname(hdl), ivalue_unchecked(car(x)));
+ location = hash_fn(symname(hdl), vector_length(car(x)));
+ sl = NULL;
y = vector_elem(car(x), location);
} else {
- y = car(x);
+ sl = &car(x);
+ y = *sl;
}
- for ( ; y != sc->NIL; y = cdr(y)) {
- if (caar(y) == hdl) {
- break;
- }
- }
- if (y != sc->NIL) {
- break;
- }
- if(!all) {
- return sc->NIL;
- }
- }
- if (x != sc->NIL) {
- return car(y);
+ for ( ; y != sc->NIL; sl = &cdr(y), y = *sl) {
+ d = pointercmp(caar(y), hdl);
+ if (d == 0)
+ return car(y); /* Hit. */
+ else if (d > 0)
+ break; /* Miss. */
}
- return sc->NIL;
+
+ if (x == env && sslot)
+ *sslot = sl; /* Insert here. */
+
+ if (!all)
+ return sc->NIL; /* Miss, and stop looking. */
+ }
+
+ return sc->NIL; /* Not found in any environment. */
}
#else /* USE_ALIST_ENV */
setenvironment(sc->envir);
}
+/* Insert (VARIABLE, VALUE) at SSLOT. SSLOT must be obtained using
+ * find_slot_spec_in_env, and no insertion must be done between
+ * obtaining SSLOT and the call to this function. */
static INLINE void new_slot_spec_in_env(scheme *sc, pointer env,
- pointer variable, pointer value)
+ pointer variable, pointer value,
+ pointer *sslot)
{
- car(env) = immutable_cons(sc, immutable_cons(sc, variable, value), car(env));
+#define new_slot_spec_in_env_allocates 2
+ (void) env;
+ assert(is_symbol(variable));
+ *sslot = immutable_cons(sc, immutable_cons(sc, variable, value), *sslot);
}
-static pointer find_slot_in_env(scheme *sc, pointer env, pointer hdl, int all)
+/* Find the slot in ENV under the key HDL. If ALL is given, look in
+ * all environments enclosing ENV. If the lookup fails, and SSLOT is
+ * given, the position where the new slot has to be inserted is stored
+ * at SSLOT. */
+static pointer
+find_slot_spec_in_env(scheme *sc, pointer env, pointer hdl, int all, pointer **sslot)
{
pointer x,y;
+ pointer *sl;
+ int d;
+ assert(is_symbol(hdl));
+
for (x = env; x != sc->NIL; x = cdr(x)) {
- for (y = car(x); y != sc->NIL; y = cdr(y)) {
- if (caar(y) == hdl) {
- break;
- }
- }
- if (y != sc->NIL) {
- break;
- }
- if(!all) {
- return sc->NIL;
- }
- }
- if (x != sc->NIL) {
- return car(y);
+ for (sl = &car(x), y = *sl; y != sc->NIL; sl = &cdr(y), y = *sl) {
+ d = pointercmp(caar(y), hdl);
+ if (d == 0)
+ return car(y); /* Hit. */
+ else if (d > 0)
+ break; /* Miss. */
+ }
+
+ if (x == env && sslot)
+ *sslot = sl; /* Insert here. */
+
+ if (!all)
+ return sc->NIL; /* Miss, and stop looking. */
}
- return sc->NIL;
+
+ return sc->NIL; /* Not found in any environment. */
}
#endif /* USE_ALIST_ENV else */
+static pointer find_slot_in_env(scheme *sc, pointer env, pointer hdl, int all)
+{
+ return find_slot_spec_in_env(sc, env, hdl, all, NULL);
+}
+
static INLINE void new_slot_in_env(scheme *sc, pointer variable, pointer value)
{
#define new_slot_in_env_allocates new_slot_spec_in_env_allocates
- new_slot_spec_in_env(sc, sc->envir, variable, value);
+ pointer slot;
+ pointer *sslot;
+ assert(is_symbol(variable));
+ slot = find_slot_spec_in_env(sc, sc->envir, variable, 0, &sslot);
+ assert(slot == sc->NIL);
+ new_slot_spec_in_env(sc, sc->envir, variable, value, sslot);
}
static INLINE void set_slot_in_env(scheme *sc, pointer slot, pointer value)
#if SHOW_ERROR_LINE
/* make sure error is not in REPL */
- if (sc->load_stack[sc->file_i].kind & port_file &&
- sc->load_stack[sc->file_i].rep.stdio.file != stdin) {
+ if (((sc->load_stack[sc->file_i].kind & port_file) == 0
+ || sc->load_stack[sc->file_i].rep.stdio.file != stdin)) {
pointer tag;
const char *fname;
int ln;
fname = string_value(car(tag));
ln = ivalue_unchecked(cdr(tag));
} else {
- fname = string_value(sc->load_stack[sc->file_i].rep.stdio.filename);
- ln = ivalue_unchecked(sc->load_stack[sc->file_i].rep.stdio.curr_line);
+ fname = string_value(sc->load_stack[sc->file_i].filename);
+ ln = ivalue_unchecked(sc->load_stack[sc->file_i].curr_line);
}
/* should never happen */
s_save(sc,OP_DEF1, sc->NIL, x);
s_thread_to(sc,OP_EVAL);
- CASE(OP_DEF1): /* define */
- x=find_slot_in_env(sc,sc->envir,sc->code,0);
+ CASE(OP_DEF1): { /* define */
+ pointer *sslot;
+ x = find_slot_spec_in_env(sc, sc->envir, sc->code, 0, &sslot);
if (x != sc->NIL) {
set_slot_in_env(sc, x, sc->value);
} else {
- new_slot_in_env(sc, sc->code, sc->value);
+ new_slot_spec_in_env(sc, sc->envir, sc->code, sc->value, sslot);
}
s_return(sc,sc->code);
-
+ }
CASE(OP_DEFP): /* defined? */
x=sc->envir;
s_save(sc,OP_MACRO1, sc->NIL, x);
s_goto(sc,OP_EVAL);
- CASE(OP_MACRO1): /* macro */
+ CASE(OP_MACRO1): { /* macro */
+ pointer *sslot;
typeflag(sc->value) = T_MACRO;
- x = find_slot_in_env(sc, sc->envir, sc->code, 0);
+ x = find_slot_spec_in_env(sc, sc->envir, sc->code, 0, &sslot);
if (x != sc->NIL) {
set_slot_in_env(sc, x, sc->value);
} else {
- new_slot_in_env(sc, sc->code, sc->value);
+ new_slot_spec_in_env(sc, sc->envir, sc->code, sc->value, sslot);
}
s_return(sc,sc->code);
+ }
CASE(OP_CASE0): /* case */
s_save(sc,OP_CASE1, sc->NIL, cdr(sc->code));
CASE(OP_VECLEN): /* vector-length */
gc_disable(sc, 1);
- s_return_enable_gc(sc, mk_integer(sc, ivalue(car(sc->args))));
+ s_return_enable_gc(sc, mk_integer(sc, vector_length(car(sc->args))));
CASE(OP_VECREF): { /* vector-ref */
int index;
index=ivalue(cadr(sc->args));
- if(index>=ivalue(car(sc->args))) {
+ if(index >= vector_length(car(sc->args))) {
Error_1(sc,"vector-ref: out of bounds:",cadr(sc->args));
}
}
index=ivalue(cadr(sc->args));
- if(index>=ivalue(car(sc->args))) {
+ if(index >= vector_length(car(sc->args))) {
Error_1(sc,"vector-set!: out of bounds:",cadr(sc->args));
}
} else if (sc->tok == TOK_DOT) {
Error_0(sc,"syntax error: illegal dot expression");
} else {
+#if USE_TAGS && SHOW_ERROR_LINE
+ pointer filename;
+ pointer lineno;
+#endif
sc->nesting_stack[sc->file_i]++;
#if USE_TAGS && SHOW_ERROR_LINE
- if (sc->load_stack[sc->file_i].kind & port_file) {
- pointer filename =
- sc->load_stack[sc->file_i].rep.stdio.filename;
- pointer lineno =
- sc->load_stack[sc->file_i].rep.stdio.curr_line;
-
- s_save(sc, OP_TAG_VALUE,
- cons(sc, filename, cons(sc, lineno, sc->NIL)),
- sc->NIL);
- }
+ filename = sc->load_stack[sc->file_i].filename;
+ lineno = sc->load_stack[sc->file_i].curr_line;
+
+ s_save(sc, OP_TAG_VALUE,
+ cons(sc, filename, cons(sc, lineno, sc->NIL)),
+ sc->NIL);
#endif
s_save(sc,OP_RDLIST, sc->NIL, sc->NIL);
s_thread_to(sc,OP_RDSEXPR);
int c = inchar(sc);
if (c != '\n')
backchar(sc,c);
-#if SHOW_ERROR_LINE
- else if (sc->load_stack[sc->file_i].kind & port_file)
- port_increment_current_line(sc,
- &sc->load_stack[sc->file_i], 1);
-#endif
+ else
+ port_increment_current_line(sc, &sc->load_stack[sc->file_i], 1);
sc->nesting_stack[sc->file_i]--;
s_return(sc,reverse_in_place(sc, sc->NIL, sc->args));
} else if (sc->tok == TOK_DOT) {
CASE(OP_PVECFROM): {
int i=ivalue_unchecked(cdr(sc->args));
pointer vec=car(sc->args);
- int len=ivalue_unchecked(vec);
+ int len = vector_length(vec);
if(i==len) {
putstr(sc,")");
s_return(sc,sc->T);
static void assign_syntax(scheme *sc, char *name) {
pointer x;
+ pointer *slot;
- x = oblist_add_by_name(sc, name);
+ x = oblist_find_by_name(sc, name, &slot);
+ assert (x == sc->NIL);
+
+ x = oblist_add_by_name(sc, name, slot);
typeflag(x) |= T_SYNTAX;
}
}
sc->loadport=sc->NIL;
-#if SHOW_ERROR_LINE
for(i=0; i<=sc->file_i; i++) {
- if (sc->load_stack[i].kind & port_file)
- port_clear_location(sc, &sc->load_stack[i]);
+ port_clear_location(sc, &sc->load_stack[i]);
}
-#endif
sc->gc_verbose=0;
gc(sc,sc->NIL,sc->NIL);
sc->interactive_repl=1;
}
-#if SHOW_ERROR_LINE
- port_reset_current_line(sc, &sc->load_stack[0]);
- if(fin!=stdin && filename)
- sc->load_stack[0].rep.stdio.filename = mk_string(sc, filename);
- else
- sc->load_stack[0].rep.stdio.filename = mk_string(sc, "<unknown>");
-#endif
+ port_init_location(sc, &sc->load_stack[0],
+ (fin != stdin && filename)
+ ? mk_string(sc, filename)
+ : NULL);
sc->inport=sc->loadport;
sc->args = mk_integer(sc,sc->file_i);
sc->retcode=sc->nesting!=0;
}
-#if SHOW_ERROR_LINE
port_clear_location(sc, &sc->load_stack[0]);
-#endif
}
void scheme_load_string(scheme *sc, const char *cmd) {
sc->load_stack[0].rep.string.start=(char*)cmd; /* This func respects const */
sc->load_stack[0].rep.string.past_the_end=(char*)cmd+strlen(cmd);
sc->load_stack[0].rep.string.curr=(char*)cmd;
+ port_init_location(sc, &sc->load_stack[0], NULL);
sc->loadport=mk_port(sc,sc->load_stack);
sc->retcode=0;
sc->interactive_repl=0;
if(sc->retcode==0) {
sc->retcode=sc->nesting!=0;
}
+
+ port_clear_location(sc, &sc->load_stack[0]);
}
void scheme_define(scheme *sc, pointer envir, pointer symbol, pointer value) {
pointer x;
-
- x=find_slot_in_env(sc,envir,symbol,0);
+ pointer *sslot;
+ x = find_slot_spec_in_env(sc, envir, symbol, 0, &sslot);
if (x != sc->NIL) {
set_slot_in_env(sc, x, value);
} else {
- new_slot_spec_in_env(sc, envir, symbol, value);
+ new_slot_spec_in_env(sc, envir, symbol, value, sslot);
}
}
--- /dev/null
+;; Simple time manipulation library.
+;;
+;; Copyright (C) 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+;; This library mimics what GnuPG thinks about expiration times.
+;; Granularity is one second. Its focus is not on correctness.
+
+;; Conversion functions.
+(define (minutes->seconds minutes)
+ (* minutes 60))
+(define (hours->seconds hours)
+ (* hours 60 60))
+(define (days->seconds days)
+ (* days 24 60 60))
+(define (weeks->seconds weeks)
+ (days->seconds (* weeks 7)))
+(define (months->seconds months)
+ (days->seconds (* months 30)))
+(define (years->seconds years)
+ (days->seconds (* years 365)))
+
+(define (time-matches? a b slack)
+ (< (abs (- a b)) slack))
+(assert (time-matches? (hours->seconds 1) (hours->seconds 2) (hours->seconds 2)))
+(assert (time-matches? (hours->seconds 2) (hours->seconds 1) (hours->seconds 2)))
+(assert (not (time-matches? (hours->seconds 4) (hours->seconds 1) (hours->seconds 2))))
+(assert (not (time-matches? (hours->seconds 1) (hours->seconds 4) (hours->seconds 2))))
;;
(info "Checking that a valid signature is verified as such.")
(lettmp (sig body)
- (with-output-to-file sig (lambda () (display test-sig1)))
- (with-output-to-file body (lambda () (display test-text1)))
+ (call-with-binary-output-file sig (lambda (port) (display test-sig1 port)))
+ (call-with-binary-output-file body (lambda (port) (display test-text1 port)))
(call-check `(,@gpgsm --verify ,sig ,body)))
(info "Checking that an invalid signature is verified as such.")
(lettmp (sig body)
- (with-output-to-file sig (lambda () (display test-sig1)))
- (with-output-to-file body (lambda () (display test-text1f)))
+ (call-with-binary-output-file sig (lambda (port) (display test-sig1 port)))
+ (call-with-binary-output-file body (lambda (port) (display test-text1f port)))
(assert (not (zero? (call `(,@gpgsm --verify ,sig ,body))))))
quick-key-manipulation.scm \
key-selection.scm \
delete-keys.scm \
+ gpgconf.scm \
issue2015.scm \
issue2346.scm \
issue2417.scm \
- issue2419.scm
-
-# Fixme: gpgconf.scm does not yet work with make distcheck.
-# gpgconf.scm
-
+ issue2419.scm \
+ issue2929.scm \
+ issue2941.scm
# XXX: Currently, one cannot override automake's 'check' target. As a
# workaround, we avoid defining 'TESTS', thus automake will not emit
(define usrpass3 "")
(define dsa-usrname1 "pgp5")
-;; we use the sub key because we do not yet have the logic to to derive
+;; we use the sub key because we do not yet have the logic to derive
;; the first encryption key from a keyblock (I guess) (Well of course
;; we have this by now and the notation below will lookup the primary
;; first and then search for the encryption subkey.)
(define :gc:c:name car)
(define :gc:c:description cadr)
(define :gc:c:pgmname caddr)
+(define (:gc:o:name x) (list-ref x 0))
+(define (:gc:o:flags x) (string->number (list-ref x 1)))
+(define (:gc:o:level x) (string->number (list-ref x 2)))
+(define (:gc:o:description x) (list-ref x 3))
+(define (:gc:o:type x) (string->number (list-ref x 4)))
+(define (:gc:o:alternate-type x) (string->number (list-ref x 5)))
+(define (:gc:o:argument-name x) (list-ref x 6))
+(define (:gc:o:default-value x) (list-ref x 7))
+(define (:gc:o:default-argument x) (list-ref x 8))
+(define (:gc:o:value x) (if (< (length x) 10) "" (list-ref x 9)))
(define (gpg-config component key)
(package
(define (value)
- (assoc key (gpg-conf '--list-options component)))
+ (let* ((conf (assoc key (gpg-conf '--list-options component)))
+ (type (:gc:o:type conf))
+ (value (:gc:o:value conf)))
+ (case type
+ ((0 2 3) (string->number value))
+ ((1 32) (substring value 1 (string-length value))))))
(define (update value)
- (gpg-conf' (string-append key ":0:" (percent-encode value))
- `(--change-options ,component)))
+ (let ((value' (cond
+ ((string? value) (string-append "\"" value))
+ ((number? value) (number->string value))
+ (else (throw "Unsupported value" value)))))
+ (gpg-conf' (string-append key ":0:" (percent-encode value'))
+ `(--change-options ,component))))
(define (clear)
(gpg-conf' (string-append key ":16:")
`(--change-options ,component)))))
(if value
(begin
(opt::update value)
- (assert (string=? value (list-ref (opt::value) 9))))
+ (assert (equal? value (opt::value))))
(begin
(opt::clear)
- (let ((v (opt::value)))
- (assert (or (< (length v) 10)
- (string=? "" (list-ref v 9))))))))
+ (assert (or (not (opt::value)) (string=? "" (opt::value)))))))
(progress ".")))))
(lambda (name . rest) name)
(list "keyserver" "verbose" "quiet")
(list (gpg-config 'gpg "keyserver")
(gpg-config 'gpg "verbose")
(gpg-config 'gpg "quiet"))
- (list (lambda (i) (if (even? i) "\"hkp://foo.bar" "\"hkps://bar.baz"))
- (lambda (i) (number->string
- ;; gpgconf: argument for option verbose of type 0
- ;; (none) must be positive
- (+ 1 i)))
- (lambda (i) (if (even? i) #f "1"))))
+ (list (lambda (i) (if (even? i) "hkp://foo.bar" "hkps://bar.baz"))
+ ;; gpgconf: argument for option verbose of type 0 (none) must
+ ;; be positive
+ (lambda (i) (+ 1 i))
+ (lambda (i) (if (even? i) #f 1))))
--- /dev/null
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (with-path "defs.scm"))
+(setup-environment)
+
+(catch (skip "Tofu not supported")
+ (call-check `(,@gpg --trust-model=tofu --list-config)))
+
+;; Redefine GPG without --always-trust and TOFU trust model.
+(define gpg `(,(tool 'gpg) --no-permission-warning --trust-model=tofu))
+
+(info "Checking TOFU trust model with ultimately trusted keys (issue2929).")
+(call-check `(,@gpg --quick-generate-key frob@example.org))
+(call-check `(,@gpg --sign gpg.conf))
+(call-check `(,@gpg --verify gpg.conf.gpg))
--- /dev/null
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (with-path "defs.scm"))
+(setup-legacy-environment)
+
+(define (check-failure options)
+ (let ((command `(,@gpg ,@options)))
+ (catch '()
+ (call-check command)
+ (error "Expected an error, but got none when executing" command))))
+
+(for-each-p
+ "Checking invocation with invalid file descriptors (issue2941)."
+ (lambda (option)
+ (check-failure `(,(string-append "--" option "=23") --sign gpg.conf)))
+ '("status-fd" "attribute-fd" "logger-fd"
+ "override-session-key-fd" "passphrase-fd" "command-fd"))
#!/usr/bin/env gpgscm
-;; Copyright (C) 2016 g10 Code GmbH
+;; Copyright (C) 2016-2017 g10 Code GmbH
;;
;; This file is part of GnuPG.
;;
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (with-path "defs.scm"))
+(load (with-path "time.scm"))
(setup-environment)
;; XXX because of --always-trust, the trustdb is not created.
;; Make the key expire in one year.
(call-check `(,@gpg --quick-set-expire ,fpr "1y"))
-;; XXX It'd be nice to check that the value is right.
-(assert (not (equal? "" (expiration-time fpr))))
+(assert (time-matches? (+ (get-time) (years->seconds 1))
+ (string->number (expiration-time fpr))
+ (minutes->seconds 5)))
;;
'(()
(- - -)
(default default never)
+ (rsa "sign auth encr" "seconds=600") ;; GPGME uses this
+ (rsa "auth,encr" "2") ;; "without a letter, days is assumed"
+ (rsa "sign" "2105-01-01") ;; "last year GnuPG can represent is 2105"
+ (rsa "sign" "21050101T115500") ;; "last year GnuPG can represent is 2105"
(rsa sign "2d")
(rsa1024 sign "2w")
(rsa2048 encr "2m")
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (string-contains? (:cap subkey) "s"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (string-contains? (:cap subkey) "a"))
+ (assert (string-contains? (:cap subkey) "e"))
+ (assert (time-matches? (+ (get-time) 600)
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "a"))
+ (assert (string-contains? (:cap subkey) "e"))
+ (assert (time-matches? (+ (get-time) (days->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "s"))
+ (assert (time-matches? 4260207600 ;; 2105-01-01
+ (string->number (:expire subkey))
+ ;; This is off by 12h, but I guess it just
+ ;; choses the middle of the day.
+ (days->seconds 1))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "s"))
+ (assert (time-matches? 4260254100 ;; UTC 2105-01-01 11:55:00
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "s"))
+ (assert (time-matches? (+ (get-time) (days->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 1024 (:length subkey)))
(assert (string-contains? (:cap subkey) "s"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (time-matches? (+ (get-time) (weeks->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 2048 (:length subkey)))
(assert (string-contains? (:cap subkey) "e"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (time-matches? (+ (get-time) (months->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 4096 (:length subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (string-contains? (:cap subkey) "a"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (time-matches? (+ (get-time) (years->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
#f))
rsa-rsa-sample-1.asc RSA+RSA sample key (no passphrase)
ed25519-cv25519-sample-1.asc Ed25519+CV25519 sample key (no passphrase)
silent-running.asc Collection of sample secret keys (no passphrases)
+rsa-primary-auth-only.pub.asc rsa2408 primary only, usage: cert,auth
+rsa-primary-auth-only.sec.asc Ditto but the secret keyblock.
--- /dev/null
+pub rsa2048 2017-02-14 [CA]
+ F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
+ Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
+uid [ unknown] ssh://host.example.net
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
+Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
+S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
+ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
+SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
+j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAG0FnNzaDovL2hvc3QuZXhh
+bXBsZS5uZXSJAU4EEwEIADgWIQT3S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIb
+IQULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclV
+tM60+ydPNgUJwyRXpKdLIm/AtM1zOijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv3
+1NNDNMbUuFumApVrLzJUBugFRb+8/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYX
+Zy6uim8E4OlJ41S68fQcMiTxbLTCDkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXf
+dyoiDz9N1V0ERzmGEiPewvHg2zWcVia07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCy
+AyU3X8fL10XKWooCAU+t4hR5hXYxYTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9
+kV8icGkI6KXp
+=zMXp
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+sec rsa2048 2017-02-14 [CA]
+ F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
+ Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
+uid [ unknown] ssh://host.example.net
+
+Passprase: none
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQOYBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
+Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
+S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
+ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
+SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
+j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAEAB/wN0yan4HIdQ+fU5i2c
+v0uknI9+i9zW8mWUi84Puks0K15CZ1VTLHC8JQ6hgq4twhw3HeS7GkJO3X2K4BuQ
+tggdIv94slqtQKaQ9XbNgYraz/AMXZtIiNy0FdGaGmM6rY+ccwxM9w1BFXn+48v4
+lzCUCq/2wX53wwDSC5dpRPw8km6+uksFh3dfY8kgfpjU/lUCCwQiooYrQhut1EGB
+lDLRHp2ntC1xsnowtdPzluIHFetFSnmn2ehGqXqXtXLAMF0HOirViO5dUVMuj2Pe
+ra3IYVYANYK/7FEsRXHxU6aB/BSnubb5EiqB1Oi1JNyMrvYZnRsoRUaMjVgjA4ne
+RwD5BADBZN2USYGgciDVh7kvTbrtS1igPhoe3xUUQsM0hVIEwBzG4A4pWXznIQyW
+BziVTnRNp953EbHJIYdn7vmJzdiRKI+hOvrF8dfvVsq+fp4pWxrc+zrC6qptpo6H
+IhkHWUpyfIPuTI8d+glIUIuDshwKau0UZ8VDTOYuRYEZX9PrAwQA15RdS3geA1cf
+UK/ZaKs5VnohcLtEE/z3BlvlQaEdHxSQJSLYC4By7zKVOFZlZkHk36IPikwYNTgc
+P57aLe7rwNZqPhADue1ZN6Ypetvrek55lAYL9XoPJ/mWaYz6oDWWW8vHYqEPk8OL
+N8/8a6DhK0iydXi9/ztHQllbOt0EUcsEAJBjX84FgIi3VRotRSEDN/tIhekNo8p6
+Pl8YF4V8A1hCVBEKRIcsPVx603DFiGFRcQQcBbblqVG4fpOYYgiBtEgJksRiMg/o
+kmVkl8BPrIhBGe2ez7byhhFvJDAoOWCdH0MWGaPGUoCGTDvd046GE8B3UWN9TSmo
+qAqfrUG0hQVQLEa0FnNzaDovL2hvc3QuZXhhbXBsZS5uZXSJAU4EEwEIADgWIQT3
+S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIbIQULCQgHAgYVCAkKCwIEFgIDAQIe
+AQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclVtM60+ydPNgUJwyRXpKdLIm/AtM1z
+OijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv31NNDNMbUuFumApVrLzJUBugFRb+8
+/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYXZy6uim8E4OlJ41S68fQcMiTxbLTC
+DkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXfdyoiDz9N1V0ERzmGEiPewvHg2zWc
+Via07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCyAyU3X8fL10XKWooCAU+t4hR5hXYx
+YTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9kV8icGkI6KXp
+=3QG9
+-----END PGP PRIVATE KEY BLOCK-----
(call-check `(,(tool 'gpgconf) --null --list-dirs agent-ssh-socket))
#t)
-(define SSH-ADD #f)
+(define path (string-split (getenv "PATH") *pathsep*))
+(define ssh #f)
+(catch (skip "ssh not found") (set! ssh (path-expand "ssh" path)))
+
+(define ssh-add #f)
(catch (skip "ssh-add not found")
- (set! SSH-ADD
- (path-expand "ssh-add" (string-split (getenv "PATH") *pathsep*))))
+ (set! ssh-add (path-expand "ssh-add" path)))
+
+(define ssh-keygen #f)
+(catch (skip "ssh-keygen not found")
+ (set! ssh-keygen (path-expand "ssh-keygen" path)))
+
+(define ssh-version
+ (let ((tmp (:stderr (call-with-io `(,ssh "-V") "")))
+ (prefix "OpenSSH_"))
+ (unless (string-prefix? tmp prefix)
+ (skip "This doesn't look like OpenSSH:" tmp))
+ (string->number (substring tmp (string-length prefix)
+ (+ 3 (string-length prefix))))))
+
+(define (ssh-supports? algorithm)
+ (cond
+ ((equal? algorithm "ed25519")
+ (>= ssh-version 6.5))
+ (else
+ (not (string-contains? (:stderr (call-with-io `(,ssh-keygen
+ -t ,algorithm
+ -b "1009") ""))
+ "unknown key type")))))
(define keys
'(("dsa" "9a:e1:f1:5f:46:ea:a5:06:e1:e2:f8:38:8e:06:54:58")
(pipe:spawn `(,SSH-ADD -)))
(unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash)
(fail "key not added"))))
- car keys)
+ car (filter (lambda (x) (ssh-supports? (car x))) keys))
(info "Checking for issue2316...")
(unlink (path-join GNUPGHOME "sshcontrol"))
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (with-path "defs.scm"))
+(load (with-path "time.scm"))
(setup-environment)
(define GPGTIME 1480943782)
;; Generate a --faked-system-time parameter for a particular offset.
(define (faketime delta)
(string-append "--faked-system-time=" (number->string (+ GPGTIME delta))))
-;; A convenience function for the above.
-(define (days->seconds days) (* days 24 60 60))
;; Redefine GPG without --always-trust and a fixed time.
(define GPG `(,(tool 'gpg) --no-permission-warning ,(faketime 0)))
(catch (skip "Tofu not supported")
(call-check `(,@GPG --trust-model=tofu --list-config)))
+(let ((trust-model (gpg-config 'gpg "trust-model")))
+ (trust-model::update "tofu"))
+
(define KEYS '("1C005AF3" "BE04EB2B" "B662E42F"))
;; Import the test keys.
(define (getpolicy keyid . args)
(let ((policy
(list-ref (assoc "tfs" (gpg-with-colons
- `(--trust-model=tofu --with-tofu-info
+ `(--with-tofu-info
,@args
--list-keys ,keyid))) 5)))
(unless (member policy '("auto" "good" "unknown" "bad" "ask"))
(define (gettrust keyid . args)
(let ((trust
(list-ref (assoc "pub" (gpg-with-colons
- `(--trust-model=tofu
- ,@args
+ `(,@args
--list-keys ,keyid))) 1)))
(unless (and (= 1 (string-length trust))
(member (string-ref trust 0) (string->list "oidreqnmfuws-")))
;; Set key KEYID's policy to POLICY. Any remaining arguments are
;; passed as options to gpg.
(define (setpolicy keyid policy . args)
- (call-check `(,@GPG --trust-model=tofu ,@args
+ (call-check `(,@GPG ,@args
--tofu-policy ,policy ,keyid)))
(info "Checking tofu policies and trust...")
;; Verify a message. There should be no conflict and the trust
;; policy should be set to auto.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
(checkpolicy "1C005AF3" "auto")
;; Check default trust.
;; auto), but not affect 1C005AF3's policy.
(setpolicy "BE04EB2B" "auto")
(checkpolicy "BE04EB2B" "ask")
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/B662E42F-1.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/B662E42F-1.txt")))
(checkpolicy "BE04EB2B" "ask")
(checkpolicy "1C005AF3" "bad")
(checkpolicy "B662E42F" "ask")
(let*
((tfs (assoc "tfs"
(gpg-with-colons
- `(--trust-model=tofu --with-tofu-info
- ,@args --list-keys ,keyid))))
+ `(--with-tofu-info ,@args --list-keys ,keyid))))
(sigs (string->number (list-ref tfs 3)))
(sig-days (string->number (list-ref tfs 11)))
(encs (string->number (list-ref tfs 4)))
(check-counts "B662E42F" 0 0 0 0)
;; Verify a message. The signature count should increase by 1.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
(check-counts "1C005AF3" 1 1 0 0)
;; Verify the same message. The signature count should remain the
;; same.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
(check-counts "1C005AF3" 1 1 0 0)
;; Verify another message.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/1C005AF3-2.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/1C005AF3-2.txt")))
(check-counts "1C005AF3" 2 1 0 0)
;; Verify another message.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/1C005AF3-3.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/1C005AF3-3.txt")))
(check-counts "1C005AF3" 3 1 0 0)
;; Verify a message from a different sender. The signature count
;; should increase by 1 for that key.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/BE04EB2B-1.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/BE04EB2B-1.txt")))
(check-counts "1C005AF3" 3 1 0 0)
(check-counts "BE04EB2B" 1 1 0 0)
(check-counts "B662E42F" 0 0 0 0)
;; Verify another message on a new day. (Recall: we are interested in
;; when the message was first verified, not when the signer claimed
;; that it was signed.)
-(call-check `(,@GPG --trust-model=tofu ,(faketime (days->seconds 2))
+(call-check `(,@GPG ,(faketime (days->seconds 2))
--verify ,(in-srcdir "tofu/conflicting/1C005AF3-4.txt")))
(check-counts "1C005AF3" 4 2 0 0)
(check-counts "BE04EB2B" 1 1 0 0)
(check-counts "B662E42F" 0 0 0 0)
;; And another.
-(call-check `(,@GPG --trust-model=tofu ,(faketime (days->seconds 2))
+(call-check `(,@GPG ,(faketime (days->seconds 2))
--verify ,(in-srcdir "tofu/conflicting/1C005AF3-5.txt")))
(check-counts "1C005AF3" 5 2 0 0)
(check-counts "BE04EB2B" 1 1 0 0)
(check-counts "B662E42F" 0 0 0 0)
;; Another, but for a different key.
-(call-check `(,@GPG --trust-model=tofu ,(faketime (days->seconds 2))
+(call-check `(,@GPG ,(faketime (days->seconds 2))
--verify ,(in-srcdir "tofu/conflicting/BE04EB2B-2.txt")))
(check-counts "1C005AF3" 5 2 0 0)
(check-counts "BE04EB2B" 2 2 0 0)
(check-counts "B662E42F" 0 0 0 0)
;; And add a third day.
-(call-check `(,@GPG --trust-model=tofu ,(faketime (days->seconds 4))
+(call-check `(,@GPG ,(faketime (days->seconds 4))
--verify ,(in-srcdir "tofu/conflicting/BE04EB2B-3.txt")))
(check-counts "1C005AF3" 5 2 0 0)
(check-counts "BE04EB2B" 3 3 0 0)
(check-counts "B662E42F" 0 0 0 0)
-(call-check `(,@GPG --trust-model=tofu ,(faketime (days->seconds 4))
+(call-check `(,@GPG ,(faketime (days->seconds 4))
--verify ,(in-srcdir "tofu/conflicting/BE04EB2B-4.txt")))
(check-counts "1C005AF3" 5 2 0 0)
(check-counts "BE04EB2B" 4 3 0 0)
(for-each
(lambda (i)
(let ((fn (in-srcdir DIR (string-append key "-" i ".txt"))))
- (call-check `(,@GPG --trust-model=tofu --verify ,fn))))
+ (call-check `(,@GPG --verify ,fn))))
(list "1" "2")))
(list KEYIDA KEYIDB)))
(for-each
(lambda (i)
(let ((fn (in-srcdir DIR (string-append key "-" i ".txt"))))
- (call-check `(,@GPG --trust-model=tofu --verify ,fn))))
+ (call-check `(,@GPG --verify ,fn))))
(list "1" "2")))
(list KEYIDA KEYIDB)))
;; An Ed25519 cleartext message with an R parameter of only 247 bits
;; so that the code to re-insert the stripped zero byte kicks in. The
;; S parameter has 253 bits but that does not strip a full byte.
+;;
+;; Note that the message has a typo ("the the"), but this should not
+;; be fixed because it breaks this test.
(define msg_ed25519_rshort "
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
\f
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
int rc;
int cmderr;
const char *opt_run = NULL;
- FILE *script_fp = NULL;
+ gpgrt_stream_t script_fp = NULL;
int use_tty, keep_line;
struct {
int collecting;
"--tcp-socket", "--raw-socket");
}
- if (opt_run && !(script_fp = fopen (opt_run, "r")))
+ if (opt_run && !(script_fp = gpgrt_fopen (opt_run, "r")))
{
log_error ("cannot open run file '%s': %s\n",
opt_run, strerror (errno));
linesize = 0;
keep_line = 1;
}
- n = read_line (script_fp? script_fp:stdin,
- &line, &linesize, &maxlength);
+ n = gpgrt_read_line (script_fp ? script_fp : gpgrt_stdin,
+ &line, &linesize, &maxlength);
}
if (n < 0)
{
log_error (_("error reading input: %s\n"), strerror (errno));
if (script_fp)
{
- fclose (script_fp);
+ gpgrt_fclose (script_fp);
script_fp = NULL;
log_error ("stopping script execution\n");
continue;
/* EOF */
if (script_fp)
{
- fclose (script_fp);
+ gpgrt_fclose (script_fp);
script_fp = NULL;
if (opt.verbose)
log_info ("end of script\n");
log_error ("syntax error in run command\n");
if (script_fp)
{
- fclose (script_fp);
+ gpgrt_fclose (script_fp);
script_fp = NULL;
}
}
else if (script_fp)
{
log_error ("cannot nest run commands - stop\n");
- fclose (script_fp);
+ gpgrt_fclose (script_fp);
script_fp = NULL;
}
- else if (!(script_fp = fopen (p, "r")))
+ else if (!(script_fp = gpgrt_fopen (p, "r")))
{
log_error ("cannot open run file '%s': %s\n",
p, strerror (errno));
if ((rc || cmderr) && script_fp)
{
log_error ("stopping script execution\n");
- fclose (script_fp);
+ gpgrt_fclose (script_fp);
script_fp = NULL;
}
\f
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
log_error ("error allocating memory buffer: %s\n", gpg_strerror (err));
goto leave;
}
+
/* Prefix the key with the MIME content type. */
es_fputs ("Content-Type: application/pgp-keys\n"
"\n", key);
\f
+struct decrypt_stream_parm_s
+{
+ char *fpr;
+ char *mainfpr;
+ int otrust;
+};
+
static void
decrypt_stream_status_cb (void *opaque, const char *keyword, char *args)
{
- (void)opaque;
+ struct decrypt_stream_parm_s *decinfo = opaque;
if (DBG_CRYPTO)
log_debug ("gpg status: %s %s\n", keyword, args);
-}
+ if (!strcmp (keyword, "DECRYPTION_KEY") && !decinfo->fpr)
+ {
+ char *fields[3];
+ if (split_fields (args, fields, DIM (fields)) >= 3)
+ {
+ decinfo->fpr = xstrdup (fields[0]);
+ decinfo->mainfpr = xstrdup (fields[1]);
+ decinfo->otrust = *fields[2];
+ }
+ }
+}
/* Decrypt the INPUT stream to a new stream which is stored at success
* at R_OUTPUT. */
static gpg_error_t
-decrypt_stream (estream_t *r_output, estream_t input)
+decrypt_stream (estream_t *r_output, struct decrypt_stream_parm_s *decinfo,
+ estream_t input)
{
gpg_error_t err;
ccparray_t ccp;
estream_t output;
*r_output = NULL;
+ memset (decinfo, 0, sizeof *decinfo);
output = es_fopenmem (0, "w+b");
if (!output)
}
err = gnupg_exec_tool_stream (opt.gpg_program, argv, input,
NULL, output,
- decrypt_stream_status_cb, NULL);
+ decrypt_stream_status_cb, decinfo);
+ if (!err && (!decinfo->fpr || !decinfo->mainfpr || !decinfo->otrust))
+ err = gpg_error (GPG_ERR_INV_ENGINE);
if (err)
{
log_error ("decryption failed: %s\n", gpg_strerror (err));
output = NULL;
leave:
+ if (err)
+ {
+ xfree (decinfo->fpr);
+ xfree (decinfo->mainfpr);
+ memset (decinfo, 0, sizeof *decinfo);
+ }
es_fclose (output);
xfree (argv);
return err;
if (err)
goto leave;
- /* Tell server that we support draft version 3. */
- err = mime_maker_add_header (mime, "Wks-Draft-Version", "3");
+ /* Tell server which draft we support. */
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
if (err)
goto leave;
err = mime_maker_add_header (mime, "Subject", "Key publication confirmation");
if (err)
goto leave;
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
+ if (err)
+ goto leave;
if (encrypt)
{
/* Reply to a confirmation request. The MSG has already been
- * decrypted and we only need to send the nonce back. */
+ * decrypted and we only need to send the nonce back. MAINFPR is
+ * either NULL or the primary key fingerprint of the key used to
+ * decrypt the request. */
static gpg_error_t
-process_confirmation_request (estream_t msg)
+process_confirmation_request (estream_t msg, const char *mainfpr)
{
gpg_error_t err;
nvc_t nvc;
}
fingerprint = value;
- /* FIXME: Check that the fingerprint matches the key used to decrypt the
- * message. */
+ /* Check that the fingerprint matches the key used to decrypt the
+ * message. In --read mode or with the old format we don't have the
+ * decryption key; thus we can't bail out. */
+ if (!mainfpr || ascii_strcasecmp (mainfpr, fingerprint))
+ {
+ log_info ("target fingerprint: %s\n", fingerprint);
+ log_info ("but decrypted with: %s\n", mainfpr);
+ log_error ("confirmation request not decrypted with target key\n");
+ if (mainfpr)
+ {
+ err = gpg_error (GPG_ERR_INV_DATA);
+ goto leave;
+ }
+ }
/* Get the address. */
if (!((item = nvc_lookup (nvc, "address:")) && (value = nve_value (item))
}
address = value;
/* FIXME: Check that the "address" matches the User ID we want to
- * publish. Also get the "fingerprint" and compare that to our to
- * be published key. Further we should make sure that we actually
- * decrypted using that fingerprint (which is a bit problematic if
- * --read is used). */
+ * publish. */
/* Get the sender. */
if (!((item = nvc_lookup (nvc, "sender:")) && (value = nve_value (item))
}
if (c != '-')
- err = process_confirmation_request (msg);
+ err = process_confirmation_request (msg, NULL);
else
{
- err = decrypt_stream (&plaintext, msg);
+ struct decrypt_stream_parm_s decinfo;
+
+ err = decrypt_stream (&plaintext, &decinfo, msg);
if (err)
log_error ("decryption failed: %s\n", gpg_strerror (err));
+ else if (decinfo.otrust != 'u')
+ {
+ err = gpg_error (GPG_ERR_WRONG_SECKEY);
+ log_error ("key used to decrypt the confirmation request"
+ " was not generated by us\n");
+ }
else
- err = process_confirmation_request (plaintext);
+ err = process_confirmation_request (plaintext, decinfo.mainfpr);
+ xfree (decinfo.fpr);
+ xfree (decinfo.mainfpr);
}
es_fclose (plaintext);
\f
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
err = mime_maker_add_header (mime, "Subject", "Confirm your key publication");
if (err)
goto leave;
+
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
+ if (err)
+ goto leave;
+
+ /* Help Enigmail to identify messages. Note that this is in no way
+ * secured. */
+ err = mime_maker_add_header (mime, "WKS-Phase", "confirm");
+ if (err)
+ goto leave;
+
for (sl = opt.extra_headers; sl; sl = sl->next)
{
err = mime_maker_add_header (mime, sl->d, NULL);
if (err)
goto leave;
- mime_maker_dump_tree (mime);
+ /* mime_maker_dump_tree (mime); */
err = mime_maker_get_part (mime, partid, &signeddata);
if (err)
goto leave;
if (policybuf.auth_submit)
{
- /* Bypass the confirmation stuff and publish the the key as is. */
+ /* Bypass the confirmation stuff and publish the key as is. */
log_info ("publishing address '%s'\n", sl->d);
/* FIXME: We need to make sure that we do this only for the
* address in the mail. */
err = mime_maker_add_header (mime, "Subject", "Your key has been published");
if (err)
goto leave;
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
+ if (err)
+ goto leave;
+ err = mime_maker_add_header (mime, "WKS-Phase", "done");
+ if (err)
+ goto leave;
for (sl = opt.extra_headers; sl; sl = sl->next)
{
err = mime_maker_add_header (mime, sl->d, NULL);
\f
/* Return a list of all configured domains. ECh list element is the
- * top directory for for the domain. To figure out the actual domain
+ * top directory for the domain. To figure out the actual domain
* name strrchr(name, '/') can be used. */
static gpg_error_t
get_domain_list (strlist_t *r_list)
#include "../common/strlist.h"
#include "mime-maker.h"
+/* The draft version we implement. */
+#define WKS_DRAFT_VERSION 3
+
+
/* We keep all global options in the structure OPT. */
struct
{
#include "util.h"
#include "i18n.h"
#include "exechelp.h"
+#include "sysutils.h"
#include "gc-opt-flags.h"
#include "gpgconf.h"
(GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
NULL, NULL,
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
+ { "trust-model",
+ GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
{ "Debug",
{ "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
+ { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
GC_OPTION_NULL
config = es_fopen (config_filename, "r");
if (!config)
- gc_error (0, errno, "warning: can not open config file %s",
- config_filename);
+ {
+ if (errno != ENOENT)
+ gc_error (0, errno, "warning: can not open config file %s",
+ config_filename);
+ }
else
{
while ((length = es_read_line (config, &line, &line_len, NULL)) > 0)
gc_option_t *list_option;
gc_option_t *config_option;
char *list_filename;
- FILE *list_file;
+ gpgrt_stream_t list_file;
char *line = NULL;
size_t line_len = 0;
ssize_t length;
assert (!list_option->active);
list_filename = get_config_filename (component, backend);
- list_file = fopen (list_filename, "r");
+ list_file = gpgrt_fopen (list_filename, "r");
if (!list_file)
gc_error (0, errno, "warning: can not open list file %s", list_filename);
else
{
- while ((length = read_line (list_file, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (list_file, &line, &line_len, NULL)) > 0)
{
char *start;
char *end;
else
list = xasprintf ("\"%s", gc_percent_escape (start));
}
- if (length < 0 || ferror (list_file))
+ if (length < 0 || gpgrt_ferror (list_file))
gc_error (1, errno, "can not read list file %s", list_filename);
}
if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
- if (list_file && fclose (list_file))
+ if (list_file && gpgrt_fclose (list_file))
gc_error (1, errno, "error closing %s", list_filename);
xfree (line);
}
while (arg && *arg);
}
-
#ifdef HAVE_W32_SYSTEM
int
copy_file (const char *src_name, const char *dst_name)
#define BUF_LEN 4096
char buffer[BUF_LEN];
int len;
- FILE *src;
- FILE *dst;
+ gpgrt_stream_t src;
+ gpgrt_stream_t dst;
- src = fopen (src_name, "r");
+ src = gpgrt_fopen (src_name, "r");
if (src == NULL)
return -1;
- dst = fopen (dst_name, "w");
+ dst = gpgrt_fopen (dst_name, "w");
if (dst == NULL)
{
int saved_err = errno;
- fclose (src);
+ gpgrt_fclose (src);
gpg_err_set_errno (saved_err);
return -1;
}
{
int written;
- len = fread (buffer, 1, BUF_LEN, src);
+ len = gpgrt_fread (buffer, 1, BUF_LEN, src);
if (len == 0)
break;
- written = fwrite (buffer, 1, len, dst);
+ written = gpgrt_fwrite (buffer, 1, len, dst);
if (written != len)
break;
}
- while (!feof (src) && !ferror (src) && !ferror (dst));
+ while (! gpgrt_feof (src) && ! gpgrt_ferror (src) && ! gpgrt_ferror (dst));
- if (ferror (src) || ferror (dst) || !feof (src))
+ if (gpgrt_ferror (src) || gpgrt_ferror (dst) || ! gpgrt_feof (src))
{
int saved_errno = errno;
- fclose (src);
- fclose (dst);
+ gpgrt_fclose (src);
+ gpgrt_fclose (dst);
unlink (dst_name);
gpg_err_set_errno (saved_errno);
return -1;
}
- if (fclose (dst))
+ if (gpgrt_fclose (dst))
gc_error (1, errno, "error closing %s", dst_name);
- if (fclose (src))
+ if (gpgrt_fclose (src))
gc_error (1, errno, "error closing %s", src_name);
return 0;
/* Create and verify the new configuration file for the specified
- backend and component. Returns 0 on success and -1 on error. */
+ * backend and component. Returns 0 on success and -1 on error. This
+ * function may store pointers to malloced strings in SRC_FILENAMEP,
+ * DEST_FILENAMEP, and ORIG_FILENAMEP. Those must be freed by the
+ * caller. The strings refer to three versions of the configuration
+ * file:
+ *
+ * SRC_FILENAME: The updated configuration is written to this file.
+ * DEST_FILENAME: Name of the configuration file read by the
+ * component.
+ * ORIG_FILENAME: A backup of the previous configuration file.
+ *
+ * To apply the configuration change, rename SRC_FILENAME to
+ * DEST_FILENAME. To revert to the previous configuration, rename
+ * ORIG_FILENAME to DEST_FILENAME. */
static int
change_options_file (gc_component_t component, gc_backend_t backend,
char **src_filenamep, char **dest_filenamep,
ssize_t length;
int res;
int fd;
- FILE *src_file = NULL;
- FILE *dest_file = NULL;
+ gpgrt_stream_t src_file = NULL;
+ gpgrt_stream_t dest_file = NULL;
char *src_filename;
char *dest_filename;
char *orig_filename;
if (res < 0 && errno != ENOENT)
{
xfree (dest_filename);
+ xfree (src_filename);
+ xfree (orig_filename);
return -1;
}
if (res < 0)
fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
if (fd < 0)
return -1;
- src_file = fdopen (fd, "w");
+ src_file = gpgrt_fdopen (fd, "w");
res = errno;
if (!src_file)
{
process. */
if (orig_filename)
{
- dest_file = fopen (dest_filename, "r");
+ dest_file = gpgrt_fopen (dest_filename, "r");
if (!dest_file)
goto change_file_one_err;
- while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
{
int disable = 0;
char *start;
{
if (!in_marker)
{
- fprintf (src_file,
+ gpgrt_fprintf (src_file,
"# %s disabled this option here at %s\n",
GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
- fprintf (src_file, "# %s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "# %s", line);
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
}
}
else
{
- fprintf (src_file, "%s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s", line);
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
}
}
- if (length < 0 || ferror (dest_file))
+ if (length < 0 || gpgrt_ferror (dest_file))
goto change_file_one_err;
}
proceed. Note that we first write a newline, this guards us
against files which lack the newline at the end of the last
line, while it doesn't hurt us in all other cases. */
- fprintf (src_file, "\n%s\n", marker);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "\n%s\n", marker);
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
}
followed by the rest of the original file. */
while (cur_arg)
{
- fprintf (src_file, "%s\n", cur_arg);
+ gpgrt_fprintf (src_file, "%s\n", cur_arg);
/* Find next argument. */
if (arg)
cur_arg = NULL;
}
- fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
if (!in_marker)
{
- fprintf (src_file, "# %s edited this configuration file.\n",
+ gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
GPGCONF_DISP_NAME);
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
- fprintf (src_file, "# It will disable options before this marked "
+ gpgrt_fprintf (src_file, "# It will disable options before this marked "
"block, but it will\n");
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
- fprintf (src_file, "# never change anything below these lines.\n");
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
}
if (dest_file)
{
- while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
{
- fprintf (src_file, "%s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s", line);
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
}
- if (length < 0 || ferror (dest_file))
+ if (length < 0 || gpgrt_ferror (dest_file))
goto change_file_one_err;
}
xfree (line);
line = NULL;
- res = fclose (src_file);
+ res = gpgrt_fclose (src_file);
if (res)
{
res = errno;
close (fd);
if (dest_file)
- fclose (dest_file);
+ gpgrt_fclose (dest_file);
gpg_err_set_errno (res);
return -1;
}
close (fd);
if (dest_file)
{
- res = fclose (dest_file);
+ res = gpgrt_fclose (dest_file);
if (res)
return -1;
}
res = errno;
if (src_file)
{
- fclose (src_file);
+ gpgrt_fclose (src_file);
close (fd);
}
if (dest_file)
- fclose (dest_file);
+ gpgrt_fclose (dest_file);
gpg_err_set_errno (res);
return -1;
}
/* Create and verify the new configuration file for the specified
* backend and component. Returns 0 on success and -1 on error. If
- * VERBATIM is set the profile mode is used. */
+ * VERBATIM is set the profile mode is used. This function may store
+ * pointers to malloced strings in SRC_FILENAMEP, DEST_FILENAMEP, and
+ * ORIG_FILENAMEP. Those must be freed by the caller. The strings
+ * refer to three versions of the configuration file:
+ *
+ * SRC_FILENAME: The updated configuration is written to this file.
+ * DEST_FILENAME: Name of the configuration file read by the
+ * component.
+ * ORIG_FILENAME: A backup of the previous configuration file.
+ *
+ * To apply the configuration change, rename SRC_FILENAME to
+ * DEST_FILENAME. To revert to the previous configuration, rename
+ * ORIG_FILENAME to DEST_FILENAME. */
static int
change_options_program (gc_component_t component, gc_backend_t backend,
char **src_filenamep, char **dest_filenamep,
ssize_t length;
int res;
int fd;
- FILE *src_file = NULL;
- FILE *dest_file = NULL;
+ gpgrt_stream_t src_file = NULL;
+ gpgrt_stream_t dest_file = NULL;
char *src_filename;
char *dest_filename;
char *orig_filename;
fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
if (fd < 0)
return -1;
- src_file = fdopen (fd, "w");
+ src_file = gpgrt_fdopen (fd, "w");
res = errno;
if (!src_file)
{
process. */
if (orig_filename)
{
- dest_file = fopen (dest_filename, "r");
+ dest_file = gpgrt_fopen (dest_filename, "r");
if (!dest_file)
goto change_one_err;
- while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
{
int disable = 0;
char *start;
{
if (!in_marker)
{
- fprintf (src_file,
+ gpgrt_fprintf (src_file,
"# %s disabled this option here at %s\n",
GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_one_err;
- fprintf (src_file, "# %s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "# %s", line);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
}
else
{
- fprintf (src_file, "%s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s", line);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
}
- if (length < 0 || ferror (dest_file))
+ if (length < 0 || gpgrt_ferror (dest_file))
goto change_one_err;
}
proceed. Note that we first write a newline, this guards us
against files which lack the newline at the end of the last
line, while it doesn't hurt us in all other cases. */
- fprintf (src_file, "\n%s\n", marker);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "\n%s\n", marker);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
/* At this point, we have copied everything up to the end marker
/* We have to turn on UTF8 strings for GnuPG. */
if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
- fprintf (src_file, "utf8-strings\n");
+ gpgrt_fprintf (src_file, "utf8-strings\n");
option = gc_component[component].options;
while (option->name)
{
if (*arg == '\0' || *arg == ',')
{
- fprintf (src_file, "%s\n", option->name);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s\n", option->name);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
else if (gc_arg_type[option->arg_type].fallback
== GC_ARG_TYPE_NONE)
{
assert (*arg == '1');
- fprintf (src_file, "%s\n", option->name);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s\n", option->name);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
arg++;
else
end = NULL;
- fprintf (src_file, "%s %s\n", option->name,
+ gpgrt_fprintf (src_file, "%s %s\n", option->name,
verbatim? arg : percent_deescape (arg));
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_one_err;
if (end)
if (end)
*end = '\0';
- fprintf (src_file, "%s %s\n", option->name, arg);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s %s\n", option->name, arg);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
if (end)
option++;
}
- fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
+ if (gpgrt_ferror (src_file))
goto change_one_err;
if (!in_marker)
{
- fprintf (src_file, "# %s edited this configuration file.\n",
+ gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
GPGCONF_DISP_NAME);
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_one_err;
- fprintf (src_file, "# It will disable options before this marked "
+ gpgrt_fprintf (src_file, "# It will disable options before this marked "
"block, but it will\n");
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_one_err;
- fprintf (src_file, "# never change anything below these lines.\n");
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
if (dest_file)
{
- while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
{
- fprintf (src_file, "%s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s", line);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
- if (length < 0 || ferror (dest_file))
+ if (length < 0 || gpgrt_ferror (dest_file))
goto change_one_err;
}
xfree (line);
line = NULL;
- res = fclose (src_file);
+ res = gpgrt_fclose (src_file);
if (res)
{
res = errno;
close (fd);
if (dest_file)
- fclose (dest_file);
+ gpgrt_fclose (dest_file);
gpg_err_set_errno (res);
return -1;
}
close (fd);
if (dest_file)
{
- res = fclose (dest_file);
+ res = gpgrt_fclose (dest_file);
if (res)
return -1;
}
res = errno;
if (src_file)
{
- fclose (src_file);
+ gpgrt_fclose (src_file);
close (fd);
}
if (dest_file)
- fclose (dest_file);
+ gpgrt_fclose (dest_file);
gpg_err_set_errno (res);
return -1;
}
int verbatim)
{
int err = 0;
+ int block = 0;
int runtime[GC_BACKEND_NR];
char *src_filename[GC_BACKEND_NR];
char *dest_filename[GC_BACKEND_NR];
change_one_value (option, runtime, flags, new_value, 0);
}
+ if (length < 0 || gpgrt_ferror (in))
+ gc_error (1, errno, "error reading stream 'in'");
}
/* Now that we have collected and locally verified the changes,
option++;
}
+ /* We are trying to atomically commit all changes. Unfortunately,
+ we cannot rely on gnupg_rename_file to manage the signals for us,
+ doing so would require us to pass NULL as BLOCK to any subsequent
+ call to it. Instead, we just manage the signal handling
+ manually. */
+ block = 1;
+ gnupg_block_all_signals ();
+
if (! err && ! opt.dry_run)
{
int i;
assert (dest_filename[i]);
if (orig_filename[i])
- {
-#ifdef HAVE_W32_SYSTEM
- /* There is no atomic update on W32. */
- err = unlink (dest_filename[i]);
-#endif /* HAVE_W32_SYSTEM */
- if (!err)
- err = rename (src_filename[i], dest_filename[i]);
- }
+ err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
else
{
#ifdef HAVE_W32_SYSTEM
/* We skip the unlink if we expect the file not to
be there. */
- err = rename (src_filename[i], dest_filename[i]);
+ err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
#else /* HAVE_W32_SYSTEM */
/* This is a bit safer than rename() because we
expect DEST_FILENAME not to be there. If it
a version of the file that is even newer than the one
we just installed. */
if (orig_filename[i])
- {
-#ifdef HAVE_W32_SYSTEM
- /* There is no atomic update on W32. */
- unlink (dest_filename[i]);
-#endif /* HAVE_W32_SYSTEM */
- rename (orig_filename[i], dest_filename[i]);
- }
+ gnupg_rename_file (orig_filename[i], dest_filename[i], NULL);
else
unlink (dest_filename[i]);
}
backup_filename = xasprintf ("%s.%s.bak",
dest_filename[backend], GPGCONF_NAME);
-
-#ifdef HAVE_W32_SYSTEM
- /* There is no atomic update on W32. */
- unlink (backup_filename);
-#endif /* HAVE_W32_SYSTEM */
- rename (orig_filename[backend], backup_filename);
+ gnupg_rename_file (orig_filename[backend], backup_filename, NULL);
xfree (backup_filename);
}
leave:
+ if (block)
+ gnupg_unblock_all_signals ();
xfree (line);
for (backend = 0; backend < GC_BACKEND_NR; backend++)
{
char *line = NULL;
size_t line_len = 0;
ssize_t length;
- FILE *config;
+ gpgrt_stream_t config;
int lineno = 0;
int in_rule = 0;
int got_match = 0;
for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
runtime[backend_id] = 0;
- config = fopen (fname, "r");
+ config = gpgrt_fopen (fname, "r");
if (!config)
{
/* Do not print an error if the file is not available, except
return result;
}
- while ((length = read_line (config, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (config, &line, &line_len, NULL)) > 0)
{
char *key, *component, *option, *flags, *value;
char *empty;
}
}
- if (length < 0 || ferror (config))
+ if (length < 0 || gpgrt_ferror (config))
{
gc_error (0, errno, "error reading from '%s'", fname);
result = -1;
}
- if (fclose (config))
+ if (gpgrt_fclose (config))
gc_error (0, errno, "error closing '%s'", fname);
xfree (line);
};
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
/* This function is called by the parser to communicate events. This
callback comminucates with the main program using a structure
- passed in OPAQUE. Should retrun 0 or set errno and return -1. */
+ passed in OPAQUE. Should return 0 or set errno and return -1. */
static int
message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg)
{
\f
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
/* Read the next record from STREAM. RECORD is a buffer provided by
the caller and must be at leadt of size RECORDSIZE. The function
- return 0 on success and and error code on failure; a diagnostic
+ return 0 on success and error code on failure; a diagnostic
printed as well. Note that there is no need for an EOF indicator
because a tarball has an explicit EOF record. */
gpg_error_t
fi
if [ "$dryrun" = "0" ]; then
- echo "About to send the the keys signed by $signedby" >&2
+ echo "About to send the keys signed by $signedby" >&2
echo -n "to their owners. Do you really want to do this? (y/N)" >&2
read
[ "$REPLY" != "y" -a "$REPLY" != "Y" ] && exit 0
{
void *cookie; /* Cookie passed to all callbacks. */
+ /* The callback to announce the transation from header to body. */
+ gpg_error_t (*t2body) (void *cookie, int level);
+
/* The callback to announce a new part. */
gpg_error_t (*new_part) (void *cookie,
const char *mediatype,
ctx->want_part = 0;
ctx->decode_part = 0;
+
+ if (ctx->t2body)
+ {
+ rc = ctx->t2body (ctx->cookie, ctx->nesting_level);
+ if (rc)
+ goto t2body_leave;
+ }
+
field = rfc822parse_parse_field (msg, "Content-Type", -1);
if (field)
{
}
}
+ t2body_leave:
ctx->show.header = 0;
ctx->show.data = 1;
ctx->show.n_skip = 1;
}
+/* Set a callback for the transition from header to body. LEVEL is
+ * the current nesting level, starting with 0. This callback can be
+ * used to evaluate headers before any other action is done. Note
+ * that if a new NEW_PART callback needs to be called it is done after
+ * this T2BODY callback. */
+void
+mime_parser_set_t2body (mime_parser_t ctx,
+ gpg_error_t (*fnc) (void *cookie, int level))
+{
+ ctx->t2body = fnc;
+}
+
+
/* Set the callback used to announce a new part. It will be called
* with the media type and media subtype of the part. If no
* Content-type header was given both values are the empty string.
void mime_parser_release (mime_parser_t ctx);
void mime_parser_set_verbose (mime_parser_t ctx, int level);
+void mime_parser_set_t2body (mime_parser_t ctx,
+ gpg_error_t (*fnc) (void *cookie, int level));
void mime_parser_set_new_part (mime_parser_t ctx,
gpg_error_t (*fnc) (void *cookie,
const char *mediatype,
} opt;
\f
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage (int level)
{
setup_libgcrypt_logging ();
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
- /* Tell simple-pwquery about the the standard socket name. */
+ /* Tell simple-pwquery about the standard socket name. */
{
char *tmp = make_filename (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
simple_pw_set_socket (tmp);
}
+/* The callback for the transition from header to body. We use it to
+ * look at some header values. */
+static gpg_error_t
+t2body (void *cookie, int level)
+{
+ receive_ctx_t ctx = cookie;
+ rfc822parse_t msg;
+ char *value;
+ size_t valueoff;
+
+ log_info ("t2body for level %d\n", level);
+ if (!level)
+ {
+ /* This is the outermost header. */
+ msg = mime_parser_rfc822parser (ctx->parser);
+ if (msg)
+ {
+ value = rfc822parse_get_field (msg, "Wks-Draft-Version",
+ -1, &valueoff);
+ if (value)
+ {
+ if (atoi(value+valueoff) >= 2 )
+ ctx->draft_version_2 = 1;
+ free (value);
+ }
+ }
+ }
+
+ return 0;
+}
+
+
static gpg_error_t
new_part (void *cookie, const char *mediatype, const char *mediasubtype)
{
}
else
{
- rfc822parse_t msg = mime_parser_rfc822parser (ctx->parser);
- if (msg)
- {
- char *value;
- size_t valueoff;
-
- value = rfc822parse_get_field (msg, "Wks-Draft-Version",
- -1, &valueoff);
- if (value)
- {
- if (atoi(value+valueoff) >= 2 )
- ctx->draft_version_2 = 1;
- free (value);
- }
- }
-
ctx->key_data = es_fopenmem (0, "w+b");
if (!ctx->key_data)
{
goto leave;
if (DBG_PARSER)
mime_parser_set_verbose (parser, 1);
+ mime_parser_set_t2body (parser, t2body);
mime_parser_set_new_part (parser, new_part);
mime_parser_set_part_data (parser, part_data);
mime_parser_set_collect_encrypted (parser, collect_encrypted);