Homepage: https://www.gnupg.org
Download: ftp://ftp.gnupg.org/gcrypt/gnupg/
Repository: git://git.gnupg.org/gnupg.git
-Maintainer: Werner Koch <wk@gnupg.org>
-Bug reports: http://bugs.gnupg.org
+Bug reports: https://bugs.gnupg.org
Security related bug reports: <security@gnupg.org>
+Maintainer: Werner Koch <wk@gnupg.org>
License: GPLv3+
GnuPG is free software. See the files COPYING for copying conditions.
+Noteworthy changes in version 2.1.9 (2015-10-09)
+------------------------------------------------
+
+ * gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate). New
+ option --print-dane-records.
+
+ * gpg: Fix for a problem with PGP-2 keys in a keyring.
+
+ * gpg: Fail with an error instead of a warning if a modern cipher
+ algorithm is used without a MDC.
+
+ * agent: New option --pinentry-invisible-char.
+
+ * agent: Always do a RSA signature verification after creation.
+
+ * agent: Fix a regression in ssh-add-ing Ed25519 keys.
+
+ * agent: Fix ssh fingerprint computation for nistp384 and EdDSA.
+
+ * agent: Fix crash during passprase entry on some platforms.
+
+ * scd: Change timeout to fix problems with some 2.1 cards.
+
+ * dirmngr: Displayed name is now Key Acquirer.
+
+ * dirmngr: Add option --keyserver. Deprecate that option for gpg.
+ Install a dirmngr.conf file from a skeleton for new installations.
+
+
Noteworthy changes in version 2.1.8 (2015-09-10)
------------------------------------------------
int no_grab; /* Don't let the pinentry grab the keyboard */
- /* The name of the file pinentry shall tocuh before exiting. If
- this is not set the filoe name of the standard socket is used. */
+ /* The name of the file pinentry shall touch before exiting. If
+ this is not set the file name of the standard socket is used. */
const char *pinentry_touch_file;
+ /* A string where the first character is used by the pinentry as a
+ custom invisible character. */
+ char *pinentry_invisible_char;
+
/* The default and maximum TTL of cache entries. */
unsigned long def_cache_ttl; /* Default. */
unsigned long def_cache_ttl_ssh; /* for SSH. */
int with_qualitybar; /* Set if the quality bar should be displayed. */
int with_repeat; /* Request repetition of the passphrase. */
int repeat_okay; /* Repetition worked. */
- int (*check_cb)(struct pin_entry_info_s *); /* CB used to check the PIN */
+ gpg_error_t (*check_cb)(struct pin_entry_info_s *); /* CB used to check
+ the PIN */
void *check_cb_arg; /* optional argument which might be of use in the CB */
const char *cb_errtext; /* used by the cb to display a specific error */
size_t max_length; /* Allocated length of the buffer PIN. */
void agent_query_dump_state (void);
void agent_reset_query (ctrl_t ctrl);
int pinentry_active_p (ctrl_t ctrl, int waitseconds);
-int agent_askpin (ctrl_t ctrl,
- const char *desc_text, const char *prompt_text,
- const char *inital_errtext,
- struct pin_entry_info_s *pininfo,
- const char *keyinfo, cache_mode_t cache_mode);
+gpg_error_t agent_askpin (ctrl_t ctrl,
+ const char *desc_text, const char *prompt_text,
+ const char *inital_errtext,
+ struct pin_entry_info_s *pininfo,
+ const char *keyinfo, cache_mode_t cache_mode);
int agent_get_passphrase (ctrl_t ctrl, char **retpass,
const char *desc, const char *prompt,
const char *errtext, int with_qualitybar,
disconnect that pinentry - we do this after the unlock so that a
stalled pinentry does not block other threads. Fixme: We should
have a timeout in Assuan for the disconnect operation. */
-static int
-unlock_pinentry (int rc)
+static gpg_error_t
+unlock_pinentry (gpg_error_t rc)
{
assuan_context_t ctx = entry_ctx;
int err;
that this function must always be used to aquire the lock for the
pinentry - we will serialize _all_ pinentry calls.
*/
-static int
+static gpg_error_t
start_pinentry (ctrl_t ctrl)
{
int rc = 0;
}
}
+ /* Tell the pinentry that we would prefer that the given character
+ is used as the invisible character by the entry widget. */
+ if (opt.pinentry_invisible_char)
+ {
+ char *optstr;
+ if ((optstr = xtryasprintf ("OPTION invisible-char=%s",
+ opt.pinentry_invisible_char)))
+ {
+ assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
+ NULL);
+ /* We ignore errors because this is just a fancy thing and
+ older pinentries do not support this feature. */
+ xfree (optstr);
+ }
+ }
/* Tell the pinentry the name of a file it shall touch after having
messed with the tty. This is optional and only supported by
/* Helper for agent_askpin and agent_get_passphrase. */
-static int
+static gpg_error_t
setup_qualitybar (ctrl_t ctrl)
{
int rc;
number here and repeat it as long as we have invalid formed
numbers. KEYINFO and CACHE_MODE are used to tell pinentry something
about the key. */
-int
+gpg_error_t
agent_askpin (ctrl_t ctrl,
const char *desc_text, const char *prompt_text,
const char *initial_errtext,
struct pin_entry_info_s *pininfo,
const char *keyinfo, cache_mode_t cache_mode)
{
- int rc;
+ gpg_error_t rc;
char line[ASSUAN_LINELENGTH];
struct entry_parm_s parm;
const char *errtext = NULL;
*pininfo->pin = 0; /* Reset the PIN. */
rc = pinentry_loopback(ctrl, "PASSPHRASE", &passphrase, &size,
- pininfo->max_length);
+ pininfo->max_length - 1);
if (rc)
return rc;
/* More checks by utilizing the optional callback. */
pininfo->cb_errtext = NULL;
rc = pininfo->check_cb (pininfo);
- if (rc == -1 && pininfo->cb_errtext)
+ if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
+ && pininfo->cb_errtext)
errtext = pininfo->cb_errtext;
else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
|| gpg_err_code (rc) == GPG_ERR_BAD_PIN)
{
size_t size;
size_t len = ASSUAN_LINELENGTH/2;
- unsigned char *buffer = gcry_malloc_secure (len);
- rc = pinentry_loopback(ctrl, "PASSPHRASE", &buffer, &size, len);
- if (rc)
- xfree(buffer);
- else
- {
- buffer[size] = 0;
- *retpass = buffer;
- }
- return rc;
+ return pinentry_loopback (ctrl, "PASSPHRASE",
+ (unsigned char **)retpass, &size, len);
}
return gpg_error (GPG_ERR_NO_PIN_ENTRY);
}
}
no_close_list[i] = ASSUAN_INVALID_FD;
- /* Connect to the pinentry and perform initial handshaking. Use
- detached flag (128) so that under W32 SCDAEMON does not show up a
+ /* Connect to the scdaemon and perform initial handshaking. Use
+ detached flag so that under Windows SCDAEMON does not show up a
new window. */
rc = assuan_pipe_connect (ctx, opt.scdaemon_program, argv,
- no_close_list, atfork_cb, NULL, 128);
+ no_close_list, atfork_cb, NULL,
+ ASSUAN_PIPE_CONNECT_DETACHED);
if (rc)
{
log_error ("can't connect to the SCdaemon: %s\n",
/* Read a binary string from STREAM and store it as an opaque MPI at
- R_MPI. Depending on SECURE use secure memory. If the string is
- too large for key material return an error. */
+ R_MPI, adding 0x40 (this is the prefix for EdDSA key in OpenPGP).
+ Depending on SECURE use secure memory. If the string is too large
+ for key material return an error. */
static gpg_error_t
stream_read_blob (estream_t stream, unsigned int secure, gcry_mpi_t *r_mpi)
{
/* Allocate space. */
if (secure)
- buffer = xtrymalloc_secure (length? length:1);
+ buffer = xtrymalloc_secure (length+1);
else
- buffer = xtrymalloc (length?length:1);
+ buffer = xtrymalloc (length+1);
if (!buffer)
{
err = gpg_error_from_syserror ();
}
/* Read data. */
- err = stream_read_data (stream, buffer, length);
+ err = stream_read_data (stream, buffer + 1, length);
if (err)
goto leave;
- *r_mpi = gcry_mpi_set_opaque (NULL, buffer, 8*length);
+ buffer[0] = 0x40;
+ *r_mpi = gcry_mpi_set_opaque (NULL, buffer, 8*(length+1));
buffer = NULL;
leave:
/* Callback function to compare the first entered PIN with the one
currently being entered. */
-static int
+static gpg_error_t
reenter_compare_cb (struct pin_entry_info_s *pi)
{
const char *pin1 = pi->check_cb_arg;
if (!strcmp (pin1, pi->pin))
return 0; /* okay */
- return -1;
+ return gpg_error (GPG_ERR_BAD_PASSPHRASE);
}
char *comment = NULL;
char *key_fpr = NULL;
const char *initial_errtext = NULL;
- struct pin_entry_info_s *pi = NULL, *pi2;
+ struct pin_entry_info_s *pi = NULL;
+ struct pin_entry_info_s *pi2 = NULL;
err = ssh_key_grip (key, key_grip_raw);
if (err)
goto out;
}
- pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
+ pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
if (!pi)
{
err = gpg_error_from_syserror ();
goto out;
}
- pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1);
+ pi2 = gcry_calloc_secure (1, sizeof (*pi2) + MAX_PASSPHRASE_LEN + 1);
+ if (!pi2)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
pi->max_length = MAX_PASSPHRASE_LEN + 1;
pi->max_tries = 1;
pi->with_repeat = 1;
if (*pi->pin && !pi->repeat_okay)
{
err = agent_askpin (ctrl, description2, NULL, NULL, pi2, NULL, 0);
- if (err == -1)
+ if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE)
{ /* The re-entered one did not match and the user did not
hit cancel. */
initial_errtext = L_("does not match - try again");
out:
+ if (pi2 && pi2->max_length)
+ wipememory (pi2->pin, pi2->max_length);
+ xfree (pi2);
if (pi && pi->max_length)
wipememory (pi->pin, pi->max_length);
xfree (pi);
/* Callback function to try the unprotection from the passphrase query
code. */
-static int
+static gpg_error_t
try_do_unprotect_cb (struct pin_entry_info_s *pi)
{
gpg_error_t err;
value = gcry_sexp_nth_data (list, ++idx, &valuelen);
if (!value || !valuelen)
goto bad_seckey;
- if (is_enc || curve)
+ if (is_enc)
{
- /* Encrypted parameters and ECC parameters need or can be
- stored as opaque. */
+ /* Encrypted parameters need to be stored as opaque. */
skey[skeyidx] = gcry_mpi_set_opaque_copy (NULL, value, valuelen*8);
if (!skey[skeyidx])
goto outofmem;
- if (is_enc)
- gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER1);
+ gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER1);
}
else
{
ndata = 20; /* Space for the SHA-1 checksum. */
for (i = npkey, j = 0; i < nskey; i++, j++ )
{
- if (gcry_mpi_get_flag (array[i], GCRYMPI_FLAG_OPAQUE))
- {
- const unsigned char *s;
- unsigned int n;
-
- s = gcry_mpi_get_opaque (array[i], &n);
- if (!s)
- {
- s = "";
- n = 0;
- }
- /* Strip leading zero bits. */
- for (; n >= 8 && !*s; s++, n -= 8)
- ;
- if (n >= 8 && !(*s & 0x80))
- if (--n >= 7 && !(*s & 0x40))
- if (--n >= 6 && !(*s & 0x20))
- if (--n >= 5 && !(*s & 0x10))
- if (--n >= 4 && !(*s & 0x08))
- if (--n >= 3 && !(*s & 0x04))
- if (--n >= 2 && !(*s & 0x02))
- if (--n >= 1 && !(*s & 0x01))
- --n;
-
- nbits[j] = n;
- n = (n+7)/8;
- narr[j] = n;
- bufarr[j] = (gcry_is_secure (s)? xtrymalloc_secure (n?n:1)
- /* */ : xtrymalloc (n?n:1));
- if (!bufarr[j])
- {
- err = gpg_error_from_syserror ();
- for (i = 0; i < j; i++)
- xfree (bufarr[i]);
- return err;
- }
- memcpy (bufarr[j], s, n);
- }
- else
+ err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]);
+ if (err)
{
- err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]);
- if (err)
- {
- for (i = 0; i < j; i++)
- xfree (bufarr[i]);
- return err;
- }
- nbits[j] = gcry_mpi_get_nbits (array[i]);
+ for (i = 0; i < j; i++)
+ xfree (bufarr[i]);
+ return err;
}
+ nbits[j] = gcry_mpi_get_nbits (array[i]);
ndata += 2 + narr[j];
}
else if (!strcmp (name, "ecc"))
{
algoname = "ecc";
- format = "/qd?";
+ format = "qd?";
npkey = 1;
nskey = 2;
curve = gcry_sexp_find_token (list, "curve", 0);
flags = gcry_sexp_find_token (list, "flags", 0);
err = gcry_sexp_extract_param (list, NULL, format,
array+0, array+1, NULL);
- if (flags)
- {
- gcry_sexp_t param = gcry_sexp_find_token (flags, "param", 0);
- if (param)
- {
- gcry_sexp_release (param);
- array[6] = array[0];
- array[7] = array[1];
- err = gcry_sexp_extract_param (list, NULL, "pabgnh?",
- array+0, array+1, array+2, array+3,
- array+4, array+5, NULL);
- if (array[5] == NULL)
- {
- array[5] = GCRYMPI_CONST_ONE;
- npkey += 6;
- nskey += 6;
- }
- format = "pabgnhqd?";
- }
- }
- }
- else if (!strcmp (name, "ecdsa"))
- {
- algoname = "ecdsa";
- format = "pabgnqd?";
- npkey = 6;
- nskey = 7;
- err = gcry_sexp_extract_param (list, NULL, format,
- array+0, array+1, array+2, array+3,
- array+4, array+5, array+6, NULL);
- }
- else if (!strcmp (name, "ecdh"))
- {
- algoname = "ecdh";
- format = "pabgnqd?";
- npkey = 6;
- nskey= 7;
- err = gcry_sexp_extract_param (list, NULL, format,
- array+0, array+1, array+2, array+3,
- array+4, array+5, array+6, NULL);
}
else
{
{
*r_algoname = algoname;
if (r_elems)
- {
- if (format[0] == '/') /* It is opaque data qualifier, skip it. */
- *r_elems = format+1;
- else
- *r_elems = format;
- }
+ *r_elems = format;
*r_npkey = npkey;
if (r_nskey)
*r_nskey = nskey;
/* Callback function to try the unprotection from the passphrase query
code. */
-static int
+static gpg_error_t
try_unprotect_cb (struct pin_entry_info_s *pi)
{
struct try_unprotect_arg_s *arg = pi->check_cb_arg;
/* Callback function to compare the first entered PIN with the one
currently being entered. */
-static int
+static gpg_error_t
reenter_compare_cb (struct pin_entry_info_s *pi)
{
const char *pin1 = pi->check_cb_arg;
if (!strcmp (pin1, pi->pin))
return 0; /* okay */
- return -1;
+ return gpg_error (GPG_ERR_BAD_PASSPHRASE);
}
return err;
}
- pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
- pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1);
+ pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
+ if (!pi)
+ return gpg_error_from_syserror ();
+ pi2 = gcry_calloc_secure (1, sizeof (*pi2) + MAX_PASSPHRASE_LEN + 1);
+ if (!pi2)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (pi2);
+ return err;
+ }
pi->max_length = MAX_PASSPHRASE_LEN + 1;
pi->max_tries = 3;
pi->with_qualitybar = 1;
if (*pi->pin && !pi->repeat_okay)
{
err = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL, 0);
- if (err == -1)
+ if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE)
{ /* The re-entered one did not match and the user did not
hit cancel. */
initial_errtext = xtrystrdup (L_("does not match - try again"));
}
xfree (initial_errtext);
+ xfree (pi2);
xfree (pi);
return err;
}
oPinentryProgram,
oPinentryTouchFile,
+ oPinentryInvisibleChar,
oDisplay,
oTTYname,
oTTYtype,
ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
/* */ N_("|PGM|use PGM as the PIN-Entry program")),
ARGPARSE_s_s (oPinentryTouchFile, "pinentry-touch-file", "@"),
+ ARGPARSE_s_s (oPinentryInvisibleChar, "pinentry-invisible-char", "@"),
ARGPARSE_s_s (oScdaemonProgram, "scdaemon-program",
/* */ N_("|PGM|use PGM as the SCdaemon program") ),
ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon",
opt.debug_pinentry = 0;
opt.pinentry_program = NULL;
opt.pinentry_touch_file = NULL;
+ xfree (opt.pinentry_invisible_char);
+ opt.pinentry_invisible_char = NULL;
opt.scdaemon_program = NULL;
opt.def_cache_ttl = DEFAULT_CACHE_TTL;
opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
+ case oPinentryInvisibleChar:
+ xfree (opt.pinentry_invisible_char);
+ opt.pinentry_invisible_char = xtrystrdup (pargs->r.ret_str); break;
+ break;
case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
case oDisableScdaemon: opt.disable_scdaemon = 1; break;
case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
const void *overridedata, size_t overridedatalen)
{
gcry_sexp_t s_skey = NULL, s_sig = NULL;
+ gcry_sexp_t s_hash = NULL;
+ gcry_sexp_t s_pkey = NULL;
unsigned char *shadow_info = NULL;
unsigned int rc = 0; /* FIXME: gpg-error? */
const unsigned char *data;
int datalen;
+ int check_signature = 0;
if (overridedata)
{
int is_ECDSA = 0;
int is_EdDSA = 0;
+ rc = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey);
+ if (rc)
+ {
+ log_error ("failed to read the public key\n");
+ goto leave;
+ }
+
if (agent_is_eddsa_key (s_skey))
is_EdDSA = 1;
else
if (is_RSA)
{
+ check_signature = 1;
if (*buf & 0x80)
{
len++;
else
{
/* No smartcard, but a private key */
- gcry_sexp_t s_hash = NULL;
- int dsaalgo;
+ int dsaalgo = 0;
/* Put the hash into a sexp */
if (agent_is_eddsa_key (s_skey))
if (rc)
goto leave;
+ if (dsaalgo == 0 && GCRYPT_VERSION_NUMBER < 0x010700)
+ /* It's RSA and Libgcrypt < 1.7 */
+ check_signature = 1;
+
if (DBG_CRYPTO)
{
gcry_log_debugsxp ("skey", s_skey);
/* sign */
rc = gcry_pk_sign (&s_sig, s_hash, s_skey);
- gcry_sexp_release (s_hash);
if (rc)
{
log_error ("signing failed: %s\n", gpg_strerror (rc));
gcry_log_debugsxp ("rslt", s_sig);
}
+ /* Check that the signature verification worked and nothing is
+ * fooling us e.g. by a bug in the signature create code or by
+ * deliberately introduced faults. Because Libgcrypt 1.7 does this
+ * for RSA internally there is no need to do it here again. */
+ if (check_signature)
+ {
+ if (s_hash == NULL)
+ {
+ if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
+ rc = do_encode_raw_pkcs1 (data, datalen,
+ gcry_pk_get_nbits (s_skey),
+ &s_hash);
+ else
+ rc = do_encode_md (data, datalen,
+ ctrl->digest.algo,
+ &s_hash,
+ ctrl->digest.raw_value);
+ }
+
+ rc = gcry_pk_verify (s_sig, s_hash, s_pkey? s_pkey: s_skey);
+
+ if (rc)
+ {
+ log_error (_("checking created signature failed: %s\n"),
+ gpg_strerror (rc));
+ gcry_sexp_release (s_sig);
+ s_sig = NULL;
+ }
+ }
+
leave:
*signature_sexp = s_sig;
+ gcry_sexp_release (s_pkey);
gcry_sexp_release (s_skey);
+ gcry_sexp_release (s_hash);
xfree (shadow_info);
return rc;
@echo ' native-gui Ditto but with pinentry and GPA'
@echo ' w32-installer Build a Windows installer'
@echo ' w32-source Pack a source archive'
+ @echo ' w32-release Build a Windows release'
@echo
@echo 'You may append INSTALL_PREFIX=<dir> for native builds.'
@echo 'Prepend TARGET with "git-" to build from GIT repos.'
$(SPEEDOMAKE) TARGETOS=w32 WHAT=this WITH_GUI=0 \
CUSTOM_SWDB=1 dist-source
+w32-release: check-tools
+ $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=0 SELFCHECK=0 \
+ installer-from-source
+
+
# Set this to "git" to build from git,
# to "release" from tarballs,
# {{{
ifeq ($(TARGETOS),w32)
-dist-source: all
+dist-source: installer
for i in 00 01 02 03; do sleep 1;touch PLAY/stamps/stamp-*-${i}-*;done
(set -e;\
tarname="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).tar" ;\
tar --totals -rf "$$tarname" --exclude-backups --exclude-vc \
--transform='s,^,$(INST_NAME)-$(INST_VERSION)/,' \
PLAY/stamps/stamp-*-00-unpack PLAY/src swdb.lst swdb.lst.sig ;\
+ [ -f "$$tarname".xz ] && rm "$$tarname".xz;\
xz "$$tarname" ;\
)
$(extra_installer_options) $(w32src)/inst.nsi
@echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe"
+# Build the installer from the source tarball.
+installer-from-source: dist-source
+ (set -e;\
+ [ -d PLAY-release ] && rm -rf PLAY-release; \
+ mkdir PLAY-release;\
+ cd PLAY-release; \
+ tar xJf "../$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).tar.xz";\
+ cd $(INST_NAME)-$(INST_VERSION); \
+ $(MAKE) -f build-aux/speedo.mk this-w32-installer SELFCHECK=0;\
+ mv "PLAY/inst/$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" ../.. ;\
+ )
+
endif
# }}} W32
openpgp-oid.c \
ssh-utils.c ssh-utils.h \
agent-opt.c \
- helpfile.c
+ helpfile.c \
+ mkdir_p.c mkdir_p.h
if HAVE_W32_SYSTEM
common_sources += w32-reg.c w32-afunix.c w32-afunix.h
static gpg_error_t
create_pipe_and_estream (int filedes[2], estream_t *r_fp,
+ int outbound, int nonblock,
gpg_err_source_t errsource)
{
gpg_error_t err;
return err;
}
- *r_fp = es_fdopen (filedes[0], "r");
+ if (outbound)
+ *r_fp = es_fdopen (filedes[0], nonblock? "r,nonblock" : "r");
+ else
+ *r_fp = es_fdopen (filedes[1], nonblock? "w,nonblock" : "w");
if (!*r_fp)
{
err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
gnupg_spawn_process (const char *pgmname, const char *argv[],
gpg_err_source_t errsource,
void (*preexec)(void), unsigned int flags,
- estream_t infp,
+ estream_t *r_infp,
estream_t *r_outfp,
estream_t *r_errfp,
pid_t *pid)
{
gpg_error_t err;
- int infd = -1;
+ int inpipe[2] = {-1, -1};
int outpipe[2] = {-1, -1};
int errpipe[2] = {-1, -1};
+ estream_t infp = NULL;
estream_t outfp = NULL;
estream_t errfp = NULL;
+ int nonblock = !!(flags & GNUPG_SPAWN_NONBLOCK);
- (void)flags; /* Currently not used. */
-
+ if (r_infp)
+ *r_infp = NULL;
if (r_outfp)
*r_outfp = NULL;
if (r_errfp)
*r_errfp = NULL;
*pid = (pid_t)(-1); /* Always required. */
- if (infp)
+ if (r_infp)
{
- es_fflush (infp);
- es_rewind (infp);
- infd = es_fileno (infp);
- if (infd == -1)
- return gpg_err_make (errsource, GPG_ERR_INV_VALUE);
+ err = create_pipe_and_estream (inpipe, &infp, 0, nonblock, errsource);
+ if (err)
+ return err;
}
if (r_outfp)
{
- err = create_pipe_and_estream (outpipe, &outfp, errsource);
+ err = create_pipe_and_estream (outpipe, &outfp, 1, nonblock, errsource);
if (err)
- return err;
+ {
+ if (infp)
+ es_fclose (infp);
+ else if (inpipe[1] != -1)
+ close (inpipe[1]);
+ if (inpipe[0] != -1)
+ close (inpipe[0]);
+
+ return err;
+ }
}
if (r_errfp)
{
- err = create_pipe_and_estream (errpipe, &errfp, errsource);
+ err = create_pipe_and_estream (errpipe, &errfp, 1, nonblock, errsource);
if (err)
{
+ if (infp)
+ es_fclose (infp);
+ else if (inpipe[1] != -1)
+ close (inpipe[1]);
+ if (inpipe[0] != -1)
+ close (inpipe[0]);
+
if (outfp)
es_fclose (outfp);
else if (outpipe[0] != -1)
close (outpipe[0]);
if (outpipe[1] != -1)
close (outpipe[1]);
+
return err;
}
}
err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
log_error (_("error forking process: %s\n"), gpg_strerror (err));
+ if (infp)
+ es_fclose (infp);
+ else if (inpipe[1] != -1)
+ close (inpipe[1]);
+ if (inpipe[0] != -1)
+ close (inpipe[0]);
+
if (outfp)
es_fclose (outfp);
else if (outpipe[0] != -1)
gcry_control (GCRYCTL_TERM_SECMEM);
es_fclose (outfp);
es_fclose (errfp);
- do_exec (pgmname, argv, infd, outpipe[1], errpipe[1], preexec);
+ do_exec (pgmname, argv, inpipe[0], outpipe[1], errpipe[1], preexec);
/*NOTREACHED*/
}
/* This is the parent. */
+ if (inpipe[0] != -1)
+ close (inpipe[0]);
if (outpipe[1] != -1)
close (outpipe[1]);
if (errpipe[1] != -1)
close (errpipe[1]);
+ if (r_infp)
+ *r_infp = infp;
if (r_outfp)
*r_outfp = outfp;
if (r_errfp)
gnupg_spawn_process (const char *pgmname, const char *argv[],
gpg_err_source_t errsource,
void (*preexec)(void), unsigned int flags,
- estream_t infp,
+ estream_t *r_infp,
estream_t *r_outfp,
estream_t *r_errfp,
pid_t *pid)
STARTUPINFO si;
int cr_flags;
char *cmdline;
- HANDLE inhandle = INVALID_HANDLE_VALUE;
+ HANDLE inpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE};
HANDLE outpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE};
HANDLE errpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE};
+ estream_t infp = NULL;
estream_t outfp = NULL;
estream_t errfp = NULL;
HANDLE nullhd[3] = {INVALID_HANDLE_VALUE,
int i;
es_syshd_t syshd;
+ if (r_infp)
+ *r_infp = NULL;
if (r_outfp)
*r_outfp = NULL;
if (r_errfp)
if (infp)
{
- es_fflush (infp);
- es_rewind (infp);
- es_syshd (infp, &syshd);
- switch (syshd.type)
+ if (create_inheritable_pipe (inpipe, 0))
{
- case ES_SYSHD_FD:
- inhandle = (HANDLE)_get_osfhandle (syshd.u.fd);
- break;
- case ES_SYSHD_SOCK:
- inhandle = (HANDLE)_get_osfhandle (syshd.u.sock);
- break;
- case ES_SYSHD_HANDLE:
- inhandle = syshd.u.handle;
- break;
- default:
- inhandle = INVALID_HANDLE_VALUE;
- break;
+ err = gpg_err_make (errsource, GPG_ERR_GENERAL);
+ log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
+ return err;
+ }
+
+ syshd.type = ES_SYSHD_HANDLE;
+ syshd.u.handle = inpipe[1];
+ infp = es_sysopen (&syshd, "w");
+ if (!infp)
+ {
+ err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
+ log_error (_("error creating a stream for a pipe: %s\n"),
+ gpg_strerror (err));
+ CloseHandle (inpipe[0]);
+ CloseHandle (inpipe[1]);
+ inpipe[0] = inpipe[1] = INVALID_HANDLE_VALUE;
+ return err;
}
- if (inhandle == INVALID_HANDLE_VALUE)
- return gpg_err_make (errsource, GPG_ERR_INV_VALUE);
- /* FIXME: In case we can't get a system handle (e.g. due to
- es_fopencookie we should create a piper and a feeder
- thread. */
}
if (r_outfp)
CloseHandle (outpipe[0]);
CloseHandle (outpipe[1]);
outpipe[0] = outpipe[1] = INVALID_HANDLE_VALUE;
+ if (infp)
+ es_fclose (infp);
+ else if (inpipe[1] != INVALID_HANDLE_VALUE)
+ CloseHandle (outpipe[1]);
+ if (inpipe[0] != INVALID_HANDLE_VALUE)
+ CloseHandle (inpipe[0]);
return err;
}
}
CloseHandle (outpipe[0]);
if (outpipe[1] != INVALID_HANDLE_VALUE)
CloseHandle (outpipe[1]);
+ if (infp)
+ es_fclose (infp);
+ else if (inpipe[1] != INVALID_HANDLE_VALUE)
+ CloseHandle (outpipe[1]);
+ if (inpipe[0] != INVALID_HANDLE_VALUE)
+ CloseHandle (inpipe[0]);
return err;
}
}
if (err)
return err;
- if (inhandle != INVALID_HANDLE_VALUE)
+ if (inpipe[0] != INVALID_HANDLE_VALUE)
nullhd[0] = w32_open_null (0);
if (outpipe[1] != INVALID_HANDLE_VALUE)
nullhd[1] = w32_open_null (0);
si.cb = sizeof (si);
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
- si.hStdInput = inhandle == INVALID_HANDLE_VALUE? nullhd[0] : inhandle;
+ si.hStdInput = inpipe[0] == INVALID_HANDLE_VALUE? nullhd[0] : inpipe[0];
si.hStdOutput = outpipe[1] == INVALID_HANDLE_VALUE? nullhd[1] : outpipe[1];
si.hStdError = errpipe[1] == INVALID_HANDLE_VALUE? nullhd[2] : errpipe[1];
cr_flags = (CREATE_DEFAULT_ERROR_MODE
- | ((flags & 128)? DETACHED_PROCESS : 0)
+ | ((flags & GNUPG_SPAWN_DETACHED)? DETACHED_PROCESS : 0)
| GetPriorityClass (GetCurrentProcess ())
| CREATE_SUSPENDED);
/* log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline); */
{
log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
xfree (cmdline);
+ if (infp)
+ es_fclose (infp);
+ else if (inpipe[1] != INVALID_HANDLE_VALUE)
+ CloseHandle (outpipe[1]);
+ if (inpipe[0] != INVALID_HANDLE_VALUE)
+ CloseHandle (inpipe[0]);
if (outfp)
es_fclose (outfp);
else if (outpipe[0] != INVALID_HANDLE_VALUE)
CloseHandle (nullhd[i]);
/* Close the inherited ends of the pipes. */
+ if (inpipe[0] != INVALID_HANDLE_VALUE)
+ CloseHandle (inpipe[0]);
if (outpipe[1] != INVALID_HANDLE_VALUE)
CloseHandle (outpipe[1]);
if (errpipe[1] != INVALID_HANDLE_VALUE)
/* Fixme: For unknown reasons AllowSetForegroundWindow returns an
invalid argument error if we pass it the correct processID. As a
workaround we use -1 (ASFW_ANY). */
- if ( (flags & 64) )
+ if ((flags & GNUPG_SPAWN_RUN_ASFW))
gnupg_allow_set_foregound_window ((pid_t)(-1)/*pi.dwProcessId*/);
/* Process has been created suspended; resume it now. */
ResumeThread (pi.hThread);
CloseHandle (pi.hThread);
+ if (r_infp)
+ *r_infp = infp;
if (r_outfp)
*r_outfp = outfp;
if (r_errfp)
gnupg_spawn_process (const char *pgmname, const char *argv[],
gpg_err_source_t errsource,
void (*preexec)(void), unsigned int flags,
- estream_t infp,
+ estream_t *r_infp,
estream_t *r_outfp,
estream_t *r_errfp,
pid_t *pid)
inheritable. */
gpg_error_t gnupg_create_outbound_pipe (int filedes[2]);
+#define GNUPG_SPAWN_NONBLOCK 16
+#define GNUPG_SPAWN_RUN_ASFW 64
+#define GNUPG_SPAWN_DETACHED 128
-/* Fork and exec the PGMNAME. If INFP is NULL connect /dev/null to
- stdin of the new process; if it is not NULL connect the file
- descriptor retrieved from INFP to stdin. If R_OUTFP is NULL
- connect stdout of the new process to /dev/null; if it is not NULL
- store the address of a pointer to a new estream there. If R_ERRFP
- is NULL connect stderr of the new process to /dev/null; if it is
- not NULL store the address of a pointer to a new estream there. On
- success the pid of the new process is stored at PID. On error -1
- is stored at PID and if R_OUTFP or R_ERRFP are not NULL, NULL is
- stored there.
+
+/* Fork and exec the program PGMNAME.
+
+ If R_INFP is NULL connect stdin of the new process to /dev/null; if
+ it is not NULL store the address of a pointer to a new estream
+ there. If R_OUTFP is NULL connect stdout of the new process to
+ /dev/null; if it is not NULL store the address of a pointer to a
+ new estream there. If R_ERRFP is NULL connect stderr of the new
+ process to /dev/null; if it is not NULL store the address of a
+ pointer to a new estream there. On success the pid of the new
+ process is stored at PID. On error -1 is stored at PID and if
+ R_OUTFP or R_ERRFP are not NULL, NULL is stored there.
The arguments for the process are expected in the NULL terminated
array ARGV. The program name itself should not be included there.
FLAGS is a bit vector:
- Bit 7: If set the process will be started as a background process.
+ GNUPG_SPAWN_NONBLOCK
+ If set the two output streams are created in non-blocking
+ mode and the input stream is switched to non-blocking mode.
+ This is merely a convenience feature because the caller
+ could do the same with gpgrt_set_nonblock. Does not yet
+ work for Windows.
+
+ GNUPG_SPAWN_DETACHED
+ If set the process will be started as a background process.
This flag is only useful under W32 (but not W32CE) systems,
so that no new console is created and pops up a console
window when starting the server. Does not work on W32CE.
- Bit 6: On W32 (but not on W32CE) run AllowSetForegroundWindow for
+ GNUPG_SPAWN_RUN_ASFW
+ On W32 (but not on W32CE) run AllowSetForegroundWindow for
the child. Note that due to unknown problems this actually
allows SetForegroundWindow for all childs of this process.
gnupg_spawn_process (const char *pgmname, const char *argv[],
gpg_err_source_t errsource,
void (*preexec)(void), unsigned int flags,
- estream_t infp,
+ estream_t *r_infp,
estream_t *r_outfp,
estream_t *r_errfp,
pid_t *pid);
*r_hd = NULL;
+ if ((flags & HTTP_FLAG_FORCE_TOR))
+ {
+ log_error ("TOR support is not yet available\n");
+ return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+ }
+
/* Create the handle. */
hd = xtrycalloc (1, sizeof *hd);
if (!hd)
}
#endif /*USE_TLS*/
+ if ((hd->flags & HTTP_FLAG_FORCE_TOR))
+ {
+ log_error ("TOR support is not yet available\n");
+ return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+ }
+
server = *hd->uri->host ? hd->uri->host : "localhost";
port = hd->uri->port ? hd->uri->port : 80;
if (proxy)
http_proxy = proxy;
- err = parse_uri (&uri, http_proxy, 1, 0);
+ err = parse_uri (&uri, http_proxy, 0, 0);
if (gpg_err_code (err) == GPG_ERR_INV_URI
&& is_hostname_port (http_proxy))
{
{
HTTP_FLAG_TRY_PROXY = 1, /* Try to use a proxy. */
HTTP_FLAG_SHUTDOWN = 2, /* Close sending end after the request. */
+ HTTP_FLAG_FORCE_TOR = 4, /* Force a TOR connection. */
HTTP_FLAG_LOG_RESP = 8, /* Log the server respone. */
- HTTP_FLAG_FORCE_TLS = 16, /* Force the use opf TLS. */
+ HTTP_FLAG_FORCE_TLS = 16, /* Force the use of TLS. */
HTTP_FLAG_IGNORE_CL = 32, /* Ignore content-length. */
HTTP_FLAG_IGNORE_IPv4 = 64, /* Do not use IPv4. */
HTTP_FLAG_IGNORE_IPv6 = 128 /* Do not use IPv6. */
#include <stdio.h>
#include <stdarg.h>
+#include <gpg-error.h>
#include "mischelp.h"
#include "w32help.h"
#include <errno.h>
#include <stdarg.h>
-#include "membuf.h"
-
#include "util.h"
+#include "membuf.h"
/* A simple implementation of a dynamic buffer. Use init_membuf() to
--- /dev/null
+/* mkdir_p.c - Create a directory and any missing parents.
+ * Copyright (C) 2015 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <assert.h>
+#include <stdarg.h>
+
+#include "util.h"
+#include "stringhelp.h"
+#include "logging.h"
+#include "sysutils.h"
+#include "mkdir_p.h"
+
+
+gpg_error_t
+amkdir_p (char **directory_components)
+{
+ gpg_error_t err = 0;
+ int count;
+ char **dirs;
+ int i;
+
+ for (count = 0; directory_components[count]; count ++)
+ ;
+
+ /* log_debug ("%s: %d directory components.\n", __func__, count); */
+
+ dirs = xtrycalloc (count, sizeof (char *));
+ if (!dirs)
+ return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+
+ for (i = 0; directory_components[i]; i ++)
+ {
+ if (i == 0)
+ dirs[i] = directory_components[i];
+ else
+ dirs[i] = make_filename (dirs[i - 1], directory_components[i], NULL);
+
+ /* log_debug ("%s: Directory %d: `%s'.\n", __func__, i, dirs[i]); */
+ }
+
+ for (i = count - 1; i >= 0; i --)
+ {
+ struct stat s;
+
+ /* log_debug ("%s: stat(%s)\n", __func__, dirs[i]); */
+
+ if (!stat (dirs[i], &s))
+ {
+ if ( ! S_ISDIR (s.st_mode))
+ {
+ /* log_debug ("%s: %s exists, but is not a directory!\n", */
+ /* __func__, dirs[i]); */
+ err = gpg_err_make (default_errsource, GPG_ERR_ENOTDIR);
+ goto out;
+ }
+ else
+ {
+ /* Got a directory. */
+ /* log_debug ("%s: %s exists and is a directory!\n", */
+ /* __func__, dirs[i]); */
+ err = 0;
+ break;
+ }
+ }
+ else if (errno == ENOENT)
+ /* This directory does not exist yet. Continue walking up the
+ hierarchy. */
+ {
+ /* log_debug ("%s: %s does not exist!\n", */
+ /* __func__, dirs[i]); */
+ continue;
+ }
+ else
+ /* Some other error code. Die. Note: this could be ENOTDIR
+ (we return this above), which means that a component of the
+ path prefix is not a directory. */
+ {
+ /* log_debug ("%s: stat(%s) => %s!\n", */
+ /* __func__, dirs[i], strerror (errno)); */
+ err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+ goto out;
+ }
+ }
+
+ assert (i >= -1);
+ /* DIRS[I] exists. Start with the following entry. */
+ i ++;
+
+ for (; i < count; i ++)
+ {
+ /* log_debug ("Creating directory: %s\n", dirs[i]); */
+
+ if (gnupg_mkdir (dirs[i], "-rwx"))
+ {
+ err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+ goto out;
+ }
+ }
+
+ out:
+ for (i = 1; i < count; i ++)
+ xfree (dirs[i]);
+ xfree (dirs);
+
+ /* log_debug ("%s: Returning %s\n", __func__, gpg_strerror (rc)); */
+
+ return err;
+}
+
+
+gpg_error_t
+mkdir_p (char *directory_component, ...)
+{
+ va_list ap;
+ gpg_error_t err = 0;
+ int i;
+ int space = 1;
+ char **dirs;
+
+ dirs = xtrymalloc (space * sizeof (char *));
+ if (!dirs)
+ return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+
+ dirs[0] = directory_component;
+
+ va_start (ap, directory_component);
+ for (i = 1; dirs[i - 1]; i ++)
+ {
+ if (i == space)
+ {
+ char **tmp_dirs;
+
+ space = 2 * space;
+ tmp_dirs = xtryrealloc (dirs, space * sizeof (char *));
+ if (!tmp_dirs)
+ {
+ err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
+ break;
+ }
+ dirs = tmp_dirs;
+ }
+ dirs[i] = va_arg (ap, char *);
+ }
+ va_end (ap);
+
+ if (!err)
+ err = amkdir_p (dirs);
+
+ xfree (dirs);
+
+ return err;
+}
--- /dev/null
+/* mkdir_p.h - Create a directory and any missing parents.
+ * Copyright (C) 2015 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef MKDIR_P_H
+#define MKDIR_P_H
+
+#include "types.h"
+
+/* Create a directory as well as any missing parents.
+
+ The arguments must be NULL termianted. If DIRECTORY_COMPONENTS...
+ consists of two elements, "foo/bar" and "xyzzy", this function will
+ first try to create the directory "foo/bar" and then the directory
+ "foo/bar/xyzzy". On success returns 0, otherwise an error code is
+ returned. */
+gpg_error_t mkdir_p (char *directory_component, ...) GPGRT_ATTR_SENTINEL(0);
+
+/* Like mkdir_p, but DIRECTORY_COMPONENTS is a NULL terminated
+ array, e.g.:
+
+ char **dirs = { "foo", "bar", NULL };
+ amkdir_p (dirs);
+ */
+gpg_error_t amkdir_p (char **directory_components);
+
+#endif
else if (!strcmp (name, "NIST P-256")||!strcmp (name, "nistp256"))
gcry_md_write (md, "256\0\0\0\x08nistp256", 15);
else if (!strcmp (name, "NIST P-384")||!strcmp (name, "nistp384"))
- gcry_md_write (md, "384\0\0\0\x08nistp521", 15);
+ gcry_md_write (md, "384\0\0\0\x08nistp384", 15);
else if (!strcmp (name, "NIST P-521")||!strcmp (name, "nistp521"))
gcry_md_write (md, "521\0\0\0\x08nistp521", 15);
else
err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
goto leave;
}
+ blob++;
+ bloblen--;
lenbuf[0] = bloblen >> 24;
lenbuf[1] = bloblen >> 16;
lenbuf[2] = bloblen >> 8;
for (t = strchr (string, delim); t; t = strchr (t + 1, delim))
fields ++;
- result = xtrycalloc (sizeof (*result), (fields + 1));
+ result = xtrycalloc ((fields + 1), sizeof (*result));
if (! result)
return NULL;
return haystack;
return NULL;
}
+
+int
+strlist_length (strlist_t list)
+{
+ int i;
+ for (i = 0; list; list = list->next)
+ i ++;
+
+ return i;
+}
char * strlist_pop (strlist_t *list);
strlist_t strlist_find (strlist_t haystack, const char *needle);
+int strlist_length (strlist_t list);
#define FREE_STRLIST(a) do { free_strlist((a)); (a) = NULL ; } while(0)
" --cacert FNAME expect CA certificate in file FNAME\n"
" --no-verify do not verify the certificate\n"
" --force-tls use HTTP_FLAG_FORCE_TLS\n"
+ " --force-tor use HTTP_FLAG_FORCE_TOR\n"
" --no-out do not print the content\n",
stdout);
exit (0);
my_http_flags |= HTTP_FLAG_FORCE_TLS;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--force-tor"))
+ {
+ my_http_flags |= HTTP_FLAG_FORCE_TOR;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--no-out"))
{
no_out = 1;
printf ("TLS : %s\n",
uri->use_tls? "yes":
(my_http_flags&HTTP_FLAG_FORCE_TLS)? "forced" : "no");
+ printf ("Tor : %s\n",
+ (my_http_flags&HTTP_FLAG_FORCE_TOR)? "yes" : "no");
}
fflush (stdout);
")",
"2d:b1:70:1a:04:9e:41:a3:ce:27:a5:c7:22:fe:3a:a3"
},
+ { /* OpenSSH 6.7p1 generated key: */
+ "(protected-private-key "
+ "(ecdsa "
+ "(curve \"NIST P-256\")"
+ "(q #041F17ED5E3D637181DFA68157270F94A46C089B6F5D4518564600551C0A60A063B3"
+ "31EDE027A23CAB58A5BAD469600229DC8DED06380A92F86460ED400F963319#)"
+ "(protected openpgp-s2k3-sha1-aes-cbc "
+ "("
+ "(sha1 #43F887516D94A502# \"20971520\")"
+ "#B135DEDA02CF36F126BA661FB22A35CF#)"
+ "#37E74BEC054B17723C106BA69214CFDA245512E40F4848ECF5719E3700002C940BC7EEC"
+ "283537CA4D8779107E07F03AAA9FAF155BA9BF6286080C35EF72DDAAF303FD9069475B03"
+ "C99D9FC93C58CD83A852964D2C7BFD1D803E2ECD1331937C3#)"
+ "(protected-at \"20150922T071259\")"
+ ")"
+ "(comment \"ecdsa w/o comment\")"
+ ")", /* Passphrase="abc" */
+ "93:4f:08:02:7d:cb:16:9b:0c:39:21:4b:cf:28:5a:19"
+ },
+ { /* OpenSSH 6.7p1 generated key: */
+ "(protected-private-key "
+ "(ecdsa "
+ "(curve \"NIST P-384\") "
+ "(q #04B6E747AC2F179F96088D1DB58EB8600BB23FAEF5F58EFE712A7478FB7BF735"
+ "B015EA2DFBBA965D8C6EB135A2B9B9599D65BF0167D2DB6ABF00F641F0F5FC15A4C3"
+ "EFE432DA331B7C8A66D6C4C2B0EBB5ED11A80301C4E57C1EBD25665CEBF123#)"
+ "(protected openpgp-s2k3-sha1-aes-cbc "
+ "("
+ "(sha1 #3B13710B67D756EA# \"20971520\")"
+ "#720599AC095BF1BD73ED72F49FB77BFA#)"
+ "#F1A522F4533E3A6E40821D67CEA6C28A7FF07ACA4BEE81E0F39193B2E469E0C583D"
+ "A42E0E2D52ADB5ACFAB9C4CA7F1C3556FD7FD2770717FB3CE7C59474A3E2A7AF3D93"
+ "9EC01E067DAAA60D3D355D9BABCCD1F013E8637C555DDFA61F8FA5AFB010FF02979D"
+ "35BBBEED71BFD8BB508F7#)"
+ "(protected-at \"20150922T070806\")"
+ ")"
+ "(comment \"ecdsa w/o comment\")"
+ ")", /* Passphrase="abc" */
+ "a3:cb:44:c8:56:15:25:62:85:fd:e8:04:7a:26:dc:76"
+ },
+ { /* OpenSSH 6.7p1 generated key: */
+ "(protected-private-key "
+ "(ecdsa "
+ "(curve \"NIST P-521\")"
+ "(q #04005E460058F37DB5ADA670040203C4D7E18D9FC8A7087165904A4E25EE5EEE"
+ "3046406D922616DA7E71016A1CB9E57A45E3D3727D7C8DF0F11AE2BD75FAD3355CAA"
+ "E1019D89D33CC77424E5DA233588207444FC9F67BBE428A9528B7DC77AF8261A1D45"
+ "ACC1A657C99E361E93C1E5C0F214104C18807670F4CDC1E038B7C950FDBAAECB40#)"
+ "(protected openpgp-s2k3-sha1-aes-cbc "
+ "("
+ "(sha1 #FB2E36984DE2E17C# \"19737600\")"
+ "#85DB6445B37012F9A449E5AC0D5017E9#)"
+ "#B4C7CCDFE9B5D32B31BA7C763B80485A62EBF34FD68D8E306DA75FD2BDDBABAA098"
+ "9B51972BA3B731DA5261E0ADC3FAEF9BB4C8284C53D3E88E738AEF1490941903A5B2"
+ "9F3747E83C4D80B6A89E0B7BDEE5C6638332F4AAEA5983F760B2887A43A1C4BE0564"
+ "3F72C6943987D97FDAA7D9C235C6D31973A2400DA9BAB564A16EA#)"
+ "(protected-at \"20150922T075611\")"
+ ")"
+ "(comment \"ecdsa w/o comment\")"
+ ")", /* Passphrase="abc" */
+ "1e:a6:94:ab:bd:81:73:5f:22:bc:0e:c7:89:f6:68:df"
+ },
+ { /* OpenSSH 6.7p1 generated key: */
+ "(protected-private-key "
+ "(ecc "
+ "(curve Ed25519)"
+ "(flags eddsa)"
+ "(q #40A3577AA7830C50EBC15B538E9505DB2F0D2FFCD57EA477DD83dcaea530f3c277#)"
+ "(protected openpgp-s2k3-sha1-aes-cbc "
+ "("
+ "(sha1 #FA8123F1A37CBC1F# \"3812352\")"
+ "#7671C7387E2DD931CC62C35CBBE08A28#)"
+ "#75e928f4698172b61dffe9ef2ada1d3473f690f3879c5386e2717e5b2fa46884"
+ "b189ee409827aab0ff37f62996e040b5fa7e75fc4d8152c8734e2e648dff90c9"
+ "e8c3e39ea7485618d05c34b1b74ff59676e9a3d932245cc101b5904777a09f86#)"
+ "(protected-at \"20150928T050210\")"
+ ")"
+ "(comment \"eddsa w/o comment\")"
+ ")", /* Passphrase="abc" */
+ "f1:fa:c8:a6:40:bb:b9:a1:65:d7:62:65:ac:26:78:0e"
+ },
{
NULL,
NULL
# define GPG_ERR_LDAP_ASSERTION_FAILED 890
# define GPG_ERR_LDAP_PROX_AUTH_DENIED 891
#endif /*GPG_ERROR_VERSION_NUMBER < 0x011300*/
+#if GPG_ERROR_VERSION_NUMBER < 0x011500 /* 1.21 */
+# define GPG_ERR_TRUE 255
+# define GPG_ERR_FALSE 256
+#endif
/* Hash function used with libksba. */
#define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
+++ /dev/null
-/* xmalloc.c - standard malloc wrappers
- * Copyright (C) 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- * - the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 3 of the License, or (at
- * your option) any later version.
- *
- * or
- *
- * - the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-
-#include "libjnlib-config.h"
-#include "xmalloc.h"
-
-static void
-out_of_core(void)
-{
- fputs("\nfatal: out of memory\n", stderr );
- exit(2);
-}
-
-
-void *
-xmalloc( size_t n )
-{
- void *p;
-
- /* Make sure that xmalloc (0) works. This is the same behaviour
- has in gpg 2.x. Note that in contrast to this code, Libgcrypt
- (and thus most xmallocs in gpg 2.x) detect the !n and bail out. */
- if (!n)
- n = 1;
-
- p = malloc( n );
- if( !p )
- out_of_core();
- return p;
-}
-
-void *
-xrealloc( void *a, size_t n )
-{
- void *p = realloc( a, n );
- if( !p )
- out_of_core();
- return p;
-}
-
-void *
-xcalloc( size_t n, size_t m )
-{
- void *p;
-
- if (!n)
- n = 1;
- if (!m)
- m = 1;
-
- p = calloc( n, m );
- if( !p )
- out_of_core();
- return p;
-}
-
-char *
-xstrdup( const char *string )
-{
- void *p = xmalloc( strlen(string)+1 );
- strcpy( p, string );
- return p;
-}
-
-
-char *
-xstrcat2( const char *a, const char *b )
-{
- size_t n1;
- char *p;
-
- if( !b )
- return xstrdup( a );
-
- n1 = strlen(a);
- p = xmalloc( n1 + strlen(b) + 1 );
- memcpy(p, a, n1 );
- strcpy(p+n1, b );
- return p;
-}
+++ /dev/null
-/* xmalloc.h
- * Copyright (C) 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- * - the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 3 of the License, or (at
- * your option) any later version.
- *
- * or
- *
- * - the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef GNUPG_COMMON_XMALLOC_H
-#define GNUPG_COMMON_XMALLOC_H
-
-void *xmalloc( size_t n );
-void *xrealloc( void *a, size_t n );
-void *xcalloc( size_t n, size_t m );
-char *xstrdup( const char *string );
-char *xstrcat2( const char *a, const char *b );
-
-
-#endif /*GNUPG_COMMON_XMALLOC_H*/
m4_define([mym4_package],[gnupg])
m4_define([mym4_major], [2])
m4_define([mym4_minor], [1])
-m4_define([mym4_micro], [8])
+m4_define([mym4_micro], [9])
# To start a new development series, i.e a new major or minor number
# you need to mark an arbitrary commit before the first beta release
}
else
err = http_open_document (&hd, url, NULL,
- (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
- |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0),
+ ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
+ |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
+ |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
ctrl->http_proxy, NULL, NULL, NULL);
switch ( err? 99999 : http_get_status_code (hd) )
"LDAP");
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
}
+ else if (opt.use_tor)
+ {
+ /* For now we do not support LDAP over TOR. */
+ log_error (_("CRL access not possible due to TOR mode\n"));
+ err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ }
else
{
# if USE_LDAP
gpg_error_t
crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
{
+ if (opt.use_tor)
+ {
+ /* For now we do not support LDAP over TOR. */
+ log_error (_("CRL access not possible due to TOR mode\n"));
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ }
if (opt.disable_ldap)
{
log_error (_("CRL access not possible due to disabled %s\n"),
"LDAP");
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
+
#if USE_LDAP
return attr_fetch_ldap (ctrl, issuer, "certificateRevocationList",
reader);
gpg_error_t
ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
{
+ if (opt.use_tor)
+ {
+ /* For now we do not support LDAP over TOR. */
+ log_error (_("CRL access not possible due to TOR mode\n"));
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ }
if (opt.disable_ldap)
{
log_error (_("CRL access not possible due to disabled %s\n"),
start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
strlist_t patterns, const ldap_server_t server)
{
+ if (opt.use_tor)
+ {
+ /* For now we do not support LDAP over TOR. */
+ log_error (_("CRL access not possible due to TOR mode\n"));
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ }
if (opt.disable_ldap)
{
log_error (_("certificate search not possible due to disabled %s\n"),
oLDAPWrapperProgram,
oHTTPWrapperProgram,
oIgnoreCertExtension,
+ oUseTor,
+ oKeyServer,
aTest
};
ARGPARSE_s_i (oMaxReplies, "max-replies",
N_("|N|do not return more than N items in one query")),
+ ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
ARGPARSE_s_s (oHkpCaCert, "hkp-cacert",
N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
+ ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via TOR")),
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
}
FREE_STRLIST (opt.ignored_cert_extensions);
http_register_tls_ca (NULL);
+ xfree (opt.keyserver);
+ opt.keyserver = NULL;
+ /* Note: We do not allow resetting of opt.use_tor at runtime. */
return 1;
}
case oMaxReplies: opt.max_replies = pargs->r.ret_int; break;
case oHkpCaCert:
- http_register_tls_ca (pargs->r.ret_str);
+ {
+ char *tmpname;
+
+ /* Do tilde expansion and print a warning if the file can't be
+ accessed. */
+ tmpname = make_absfilename_try (pargs->r.ret_str, NULL);
+ if (!tmpname || access (tmpname, F_OK))
+ log_info (_("can't access '%s': %s\n"),
+ tmpname? tmpname : pargs->r.ret_str,
+ gpg_strerror (gpg_error_from_syserror()));
+ else
+ http_register_tls_ca (tmpname);
+ xfree (tmpname);
+ }
break;
case oIgnoreCertExtension:
add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
break;
+ case oUseTor: opt.use_tor = 1; break;
+
+ case oKeyServer:
+ xfree (opt.keyserver);
+ opt.keyserver = *pargs->r.ret_str? xtrystrdup (pargs->r.ret_str) : NULL;
+ break;
+
default:
return 0; /* Not handled. */
}
log_info ("NOTE: this is a development version!\n");
#endif
+ if (opt.use_tor)
+ {
+ log_info ("WARNING: ***************************************\n");
+ log_info ("WARNING: TOR mode (--use-tor) DOES NOT YET WORK!\n");
+ log_info ("WARNING: ***************************************\n");
+ }
+
+
/* Print a warning if an argument looks like an option. */
if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
{
/* Note: The next one is to fix a typo in gpgconf - should be
removed eventually. */
es_printf ("ignore-ocsp-servic-url:%lu:\n", flags | GC_OPT_FLAG_NONE);
+
+ es_printf ("use-tor:%lu:\n", flags | GC_OPT_FLAG_NONE);
+ es_printf ("keyserver:%lu:\n", flags | GC_OPT_FLAG_NONE);
}
cleanup ();
return !!rc;
int system_service; /* We are running as W32 service (implies daemon). */
int system_daemon; /* We are running in system daemon mode. */
int running_detached; /* We are running in detached mode. */
+ int use_tor; /* TOR mode has been enabled. */
int force; /* Force loading outdated CRLs. */
considered valid after thisUpdate. */
unsigned int ocsp_current_period; /* Seconds a response is considered
current after nextUpdate. */
+
+ char *keyserver; /* Malloced string with the default keyserver. */
} opt;
/* Not every installation has gotten around to supporting CERTs
yet... */
#ifndef T_CERT
-#define T_CERT 37
+# define T_CERT 37
#endif
/* ADNS has no support for CERT yet. */
string and returned at R_URL. If WANT_CERTTYPE is 0 this function
returns the first CERT found with a supported type; it is expected
that only one CERT record is used. If WANT_CERTTYPE is one of the
- supported certtypes only records wih this certtype are considered
+ supported certtypes only records with this certtype are considered
and the first found is returned. (R_KEY,R_KEYLEN) are optional. */
gpg_error_t
get_dns_cert (const char *name, int want_certtype,
return err;
}
- if (adns_synchronous (state, name, (adns_r_unknown | my_adns_r_cert),
+ if (adns_synchronous (state, name,
+ (adns_r_unknown
+ | (want_certtype < DNS_CERTTYPE_RRBASE
+ ? my_adns_r_cert
+ : (want_certtype - DNS_CERTTYPE_RRBASE))),
adns_qf_quoteok_query, &answer))
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
int datalen = answer->rrs.byteblock[count].len;
const unsigned char *data = answer->rrs.byteblock[count].data;
+ /* First check for our generic RR hack. */
+ if (datalen
+ && want_certtype >= DNS_CERTTYPE_RRBASE
+ && ((want_certtype - DNS_CERTTYPE_RRBASE)
+ == (answer->type & ~adns_r_unknown)))
+ {
+ /* Found the requested record - return it. */
+ *r_key = xtrymalloc (datalen);
+ if (!*r_key)
+ err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
+ else
+ {
+ memcpy (*r_key, data, datalen);
+ *r_keylen = datalen;
+ err = 0;
+ }
+ goto leave;
+ }
+
if (datalen < 5)
continue; /* Truncated CERT record - skip. */
err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
- r = res_query (name, C_IN, T_CERT, answer, 65536);
+ r = res_query (name, C_IN,
+ (want_certtype < DNS_CERTTYPE_RRBASE
+ ? T_CERT
+ : (want_certtype - DNS_CERTTYPE_RRBASE)),
+ answer, 65536);
/* Not too big, not too small, no errors and at least 1 answer. */
if (r >= sizeof (HEADER) && r <= 65536
&& (((HEADER *) answer)->rcode) == NOERROR
dlen = buf16_to_u16 (pt);
pt += 2;
- /* We asked for CERT and got something else - might be a
- CNAME, so loop around again. */
- if (type != T_CERT)
+ /* Check the type and parse. */
+ if (want_certtype >= DNS_CERTTYPE_RRBASE
+ && type == (want_certtype - DNS_CERTTYPE_RRBASE)
+ && r_key)
{
- pt += dlen;
- continue;
- }
-
- /* The CERT type */
- ctype = buf16_to_u16 (pt);
- pt += 2;
-
- /* Skip the CERT key tag and algo which we don't need. */
- pt += 3;
-
- dlen -= 5;
-
- /* 15 bytes takes us to here */
- if (want_certtype && want_certtype != ctype)
- ; /* Not of the requested certtype. */
- else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen)
- {
- /* PGP type */
*r_key = xtrymalloc (dlen);
if (!*r_key)
err = gpg_err_make (default_errsource,
}
goto leave;
}
- else if (ctype == DNS_CERTTYPE_IPGP
- && dlen && dlen < 1023 && dlen >= pt[0] + 1)
+ else if (want_certtype >= DNS_CERTTYPE_RRBASE)
+ {
+ /* We did not found the requested RR. */
+ pt += dlen;
+ }
+ else if (type == T_CERT)
{
- /* IPGP type */
- *r_fprlen = pt[0];
- if (*r_fprlen)
+ /* We got a CERT type. */
+ ctype = buf16_to_u16 (pt);
+ pt += 2;
+
+ /* Skip the CERT key tag and algo which we don't need. */
+ pt += 3;
+
+ dlen -= 5;
+
+ /* 15 bytes takes us to here */
+ if (want_certtype && want_certtype != ctype)
+ ; /* Not of the requested certtype. */
+ else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen)
{
- *r_fpr = xtrymalloc (*r_fprlen);
- if (!*r_fpr)
+ /* PGP type */
+ *r_key = xtrymalloc (dlen);
+ if (!*r_key)
+ err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
+ else
{
- err = gpg_err_make (default_errsource,
- gpg_err_code_from_syserror ());
- goto leave;
+ memcpy (*r_key, pt, dlen);
+ *r_keylen = dlen;
+ err = 0;
}
- memcpy (*r_fpr, &pt[1], *r_fprlen);
+ goto leave;
}
- else
- *r_fpr = NULL;
-
- if (dlen > *r_fprlen + 1)
+ else if (ctype == DNS_CERTTYPE_IPGP
+ && dlen && dlen < 1023 && dlen >= pt[0] + 1)
{
- *r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
- if (!*r_fpr)
+ /* IPGP type */
+ *r_fprlen = pt[0];
+ if (*r_fprlen)
+ {
+ *r_fpr = xtrymalloc (*r_fprlen);
+ if (!*r_fpr)
+ {
+ err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
+ goto leave;
+ }
+ memcpy (*r_fpr, &pt[1], *r_fprlen);
+ }
+ else
+ *r_fpr = NULL;
+
+ if (dlen > *r_fprlen + 1)
{
- err = gpg_err_make (default_errsource,
- gpg_err_code_from_syserror ());
- xfree (*r_fpr);
- *r_fpr = NULL;
- goto leave;
+ *r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
+ if (!*r_fpr)
+ {
+ err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
+ xfree (*r_fpr);
+ *r_fpr = NULL;
+ goto leave;
+ }
+ memcpy (*r_url, &pt[*r_fprlen + 1],
+ dlen - (*r_fprlen + 1));
+ (*r_url)[dlen - (*r_fprlen + 1)] = '\0';
}
- memcpy (*r_url, &pt[*r_fprlen + 1], dlen - (*r_fprlen + 1));
- (*r_url)[dlen - (*r_fprlen + 1)] = '\0';
+ else
+ *r_url = NULL;
+
+ err = 0;
+ goto leave;
}
- else
- *r_url = NULL;
- err = 0;
- goto leave;
+ /* No subtype matches, so continue with the next answer. */
+ pt += dlen;
+ }
+ else
+ {
+ /* Not a requested type - might be a CNAME. Try next item. */
+ pt += dlen;
}
-
- /* Neither type matches, so go around to the next answer. */
- pt += dlen;
}
}
#define DNS_CERTTYPE_IACPKIX 8 /* The URL of an Attribute Certificate. */
#define DNS_CERTTYPE_URI 253 /* URI private. */
#define DNS_CERTTYPE_OID 254 /* OID private. */
-
+/* Hacks for our implementation. */
+#define DNS_CERTTYPE_RRBASE 1024 /* Base of special constants. */
+#define DNS_CERTTYPE_RR61 (DNS_CERTTYPE_RRBASE + 61)
gpg_error_t get_dns_cert (const char *name, int want_certtype,
void **r_key, size_t *r_keylen,
}
*server++ = 0;
- err = http_raw_connect (&http, server, 79, 0, NULL);
+ err = http_raw_connect (&http, server, 79,
+ (opt.use_tor? HTTP_FLAG_FORCE_TOR : 0), NULL);
if (err)
{
xfree (name);
int n_v6, n_v4;
/* First figure out whether this is a pool. For a pool we
- use a different strategy than for a plains erver: We use
+ use a different strategy than for a plain server: We use
the canonical name of the pool as the virtual host along
with the IP addresses. If it is not a pool, we use the
specified name. */
xfree (reftbl);
return err;
}
- qsort (reftbl, refidx, sizeof *reftbl, sort_hostpool);
+ qsort (hi->pool, refidx, sizeof *reftbl, sort_hostpool);
}
else
xfree (reftbl);
request,
httphost,
/* fixme: AUTH */ NULL,
- (httpflags | (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)),
+ (httpflags
+ |(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
+ |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
ctrl->http_proxy,
session,
NULL,
url,
/* httphost */ NULL,
/* fixme: AUTH */ NULL,
- (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
+ ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
+ | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
ctrl->http_proxy,
session,
NULL,
(void) ctrl;
+ if (opt.use_tor)
+ {
+ /* For now we do not support LDAP over TOR. */
+ log_error (_("LDAP access not possible due to TOR mode\n"));
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ }
+
/* Before connecting to the server, make sure we have a sane
keyspec. If not, there is no need to establish a network
connection. */
(void) ctrl;
+ if (opt.use_tor)
+ {
+ /* For now we do not support LDAP over TOR. */
+ log_error (_("LDAP access not possible due to TOR mode\n"));
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ }
+
/* Before connecting to the server, make sure we have a sane
keyspec. If not, there is no need to establish a network
connection. */
/* Elide a warning. */
(void) ctrl;
+ if (opt.use_tor)
+ {
+ /* For now we do not support LDAP over TOR. */
+ log_error (_("LDAP access not possible due to TOR mode\n"));
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ }
+
ldap_err = my_ldap_connect (uri,
&ldap_conn, &basedn, &pgpkeyattr, &real_ldap);
if (ldap_err || !basedn)
(void)ctrl;
+ if (opt.use_tor)
+ {
+ /* For now we do not allow OCSP via TOR due to possible privacy
+ concerns. Needs further research. */
+ log_error (_("OCSP request not possible due to TOR mode\n"));
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ }
+
if (opt.disable_http)
{
log_error (_("OCSP request not possible due to disabled HTTP\n"));
once_more:
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
- (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
+ ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
+ | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
ctrl->http_proxy, NULL, NULL, NULL);
if (err)
{
else if (!(ctrl->http_proxy = xtrystrdup (value)))
err = gpg_error_from_syserror ();
}
+ else if (!strcmp (key, "honor-keyserver-url-used"))
+ {
+ /* Return an error if we are running in TOR mode. */
+ if (opt.use_tor)
+ err = gpg_error (GPG_ERR_FORBIDDEN);
+ }
else
err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
static const char hlp_dns_cert[] =
"DNS_CERT <subtype> <name>\n"
"DNS_CERT --pka <user_id>\n"
+ "DNS_CERT --dane <user_id>\n"
"\n"
"Return the CERT record for <name>. <subtype> is one of\n"
" * Return the first record of any supported subtype\n"
" IPGP Return the first record of subtype IPGP (6)\n"
"If the content of a certifciate is available (PGP) it is returned\n"
"by data lines. Fingerprints and URLs are returned via status lines.\n"
- "In --pka mode the fingerprint and if available an URL is returned.";
+ "In --pka mode the fingerprint and if available an URL is returned.\n"
+ "In --dane mode the key is returned from RR type 61";
static gpg_error_t
cmd_dns_cert (assuan_context_t ctx, char *line)
{
/* ctrl_t ctrl = assuan_get_pointer (ctx); */
gpg_error_t err = 0;
- int pka_mode;
+ int pka_mode, dane_mode;
char *mbox = NULL;
char *namebuf = NULL;
char *encodedhash = NULL;
char *url = NULL;
pka_mode = has_option (line, "--pka");
+ dane_mode = has_option (line, "--dane");
line = skip_options (line);
- if (pka_mode)
+
+ if (pka_mode && dane_mode)
+ {
+ err = PARM_ERROR ("either --pka or --dane may be given");
+ goto leave;
+ }
+
+ if (pka_mode || dane_mode)
; /* No need to parse here - we do this later. */
else
{
}
}
- if (pka_mode)
+ if (opt.use_tor)
+ {
+ err = gpg_error (GPG_ERR_FORBIDDEN);
+ goto leave;
+ }
+
+ if (pka_mode || dane_mode)
{
- char *domain; /* Points to mbox. */
- char hashbuf[20];
+ char *domain; /* Points to mbox. */
+ char hashbuf[32]; /* For SHA-1 and SHA-256. */
+ /* We lowercase ascii characters but the DANE I-D does not allow
+ this. FIXME: Check after the release of the RFC whether to
+ change this. */
mbox = mailbox_from_userid (line);
if (!mbox || !(domain = strchr (mbox, '@')))
{
}
*domain++ = 0;
- gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
- encodedhash = zb32_encode (hashbuf, 8*20);
- if (!encodedhash)
+ if (pka_mode)
{
- err = gpg_error_from_syserror ();
- goto leave;
+ gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
+ encodedhash = zb32_encode (hashbuf, 8*20);
+ if (!encodedhash)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ namebuf = strconcat (encodedhash, "._pka.", domain, NULL);
+ if (!namebuf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ name = namebuf;
+ certtype = DNS_CERTTYPE_IPGP;
}
- namebuf = strconcat (encodedhash, "._pka.", domain, NULL);
- if (!namebuf)
+ else
{
- err = gpg_error_from_syserror ();
- goto leave;
+ /* Note: The hash is truncated to 28 bytes and we lowercase
+ the result only for aesthetic reasons. */
+ gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf, mbox, strlen (mbox));
+ encodedhash = bin2hex (hashbuf, 28, NULL);
+ if (!encodedhash)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ ascii_strlwr (encodedhash);
+ namebuf = strconcat (encodedhash, "._openpgpkey.", domain, NULL);
+ if (!namebuf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ name = namebuf;
+ certtype = DNS_CERTTYPE_RR61;
}
- name = namebuf;
- certtype = DNS_CERTTYPE_IPGP;
}
else
name = line;
return leave_cmd (ctx, err);
}
+
\f
+/* Parse an keyserver URI and store it in a new uri item which is
+ returned at R_ITEM. On error return an error code. */
+static gpg_error_t
+make_keyserver_item (const char *uri, uri_item_t *r_item)
+{
+ gpg_error_t err;
+ uri_item_t item;
+
+ *r_item = NULL;
+ item = xtrymalloc (sizeof *item + strlen (uri));
+ if (!item)
+ return gpg_error_from_syserror ();
+
+ item->next = NULL;
+ item->parsed_uri = NULL;
+ strcpy (item->uri, uri);
+
+#if USE_LDAP
+ if (ldap_uri_p (item->uri))
+ err = ldap_parse_uri (&item->parsed_uri, uri);
+ else
+#endif
+ {
+ err = http_parse_uri (&item->parsed_uri, uri, 1);
+ }
+
+ if (err)
+ xfree (item);
+ else
+ *r_item = item;
+ return err;
+}
+
+
+/* If no keyserver is stored in CTRL but a global keyserver has been
+ set, put that global keyserver into CTRL. We need use this
+ function to help migrate from the old gpg based keyserver
+ configuration to the new dirmngr based configuration. */
+static gpg_error_t
+ensure_keyserver (ctrl_t ctrl)
+{
+ gpg_error_t err;
+ uri_item_t item;
+
+ if (ctrl->server_local->keyservers)
+ return 0; /* Already set for this session. */
+ if (!opt.keyserver)
+ return 0; /* No global option set. */
+
+ err = make_keyserver_item (opt.keyserver, &item);
+ if (!err)
+ ctrl->server_local->keyservers = item;
+
+ return err;
+}
+
+
static const char hlp_keyserver[] =
"KEYSERVER [<options>] [<uri>|<host>]\n"
"Options are:\n"
if (resolve_flag)
{
- err = ks_action_resolve (ctrl, ctrl->server_local->keyservers);
+ err = ensure_keyserver (ctrl);
+ if (!err)
+ err = ks_action_resolve (ctrl, ctrl->server_local->keyservers);
if (err)
goto leave;
}
if (add_flag)
{
- item = xtrymalloc (sizeof *item + strlen (line));
- if (!item)
- {
- err = gpg_error_from_syserror ();
- goto leave;
- }
- item->next = NULL;
- item->parsed_uri = NULL;
- strcpy (item->uri, line);
-
-#if USE_LDAP
- if (ldap_uri_p (item->uri))
- err = ldap_parse_uri (&item->parsed_uri, line);
- else
-#endif
- {
- err = http_parse_uri (&item->parsed_uri, line, 1);
- }
+ err = make_keyserver_item (line, &item);
if (err)
- {
- xfree (item);
- goto leave;
- }
+ goto leave;
}
if (clear_flag)
release_ctrl_keyservers (ctrl);
ctrl->server_local->keyservers = item;
}
- if (!add_flag && !clear_flag && !help_flag) /* List configured keyservers. */
+ if (!add_flag && !clear_flag && !help_flag)
{
+ /* List configured keyservers. However, we first add a global
+ keyserver. */
uri_item_t u;
+ err = ensure_keyserver (ctrl);
+ if (err)
+ {
+ assuan_set_error (ctx, err,
+ "Bad keyserver configuration in dirmngr.conf");
+ goto leave;
+ }
+
for (u=ctrl->server_local->keyservers; u; u = u->next)
dirmngr_status (ctrl, "KEYSERVER", u->uri, NULL);
}
}
}
+ err = ensure_keyserver (ctrl);
+ if (err)
+ goto leave;
+
/* Setup an output stream and perform the search. */
outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
if (!outfp)
}
}
+ err = ensure_keyserver (ctrl);
+ if (err)
+ goto leave;
+
/* Setup an output stream and perform the get. */
outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
if (!outfp)
/* No options for now. */
line = skip_options (line);
+ err = ensure_keyserver (ctrl);
+ if (err)
+ goto leave;
+
/* Setup an output stream and perform the get. */
outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
if (!outfp)
es_fclose (outfp);
}
+ leave:
return leave_cmd (ctx, err);
}
/* No options for now. */
line = skip_options (line);
+ err = ensure_keyserver (ctrl);
+ if (err)
+ goto leave;
+
/* Ask for the key material. */
err = assuan_inquire (ctx, "KEYBLOCK",
&value, &valuelen, MAX_KEYBLOCK_LENGTH);
"\n"
"version - Return the version of the program.\n"
"pid - Return the process id of the server.\n"
- "\n"
+ "tor - Return OK if running in TOR mode\n"
"socket_name - Return the name of the socket.\n";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
else
err = gpg_error (GPG_ERR_NO_DATA);
}
+ else if (!strcmp (line, "tor"))
+ {
+ err = opt.use_tor? 0:set_error (GPG_ERR_GENERAL, "TOR mode not enabled");
+ }
else
err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
if (!err)
{
ctrl->server_local->stopme = 1;
+ assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
err = gpg_error (GPG_ERR_EOF);
}
return err;
{
#ifndef HAVE_W32_SYSTEM
{
- gpg_err_code_t ec;
- assuan_peercred_t cred;
-
- ec = gpg_err_code (assuan_get_peercred (ctx, &cred));
- if (!ec && cred->uid)
- ec = GPG_ERR_EPERM; /* Only root may terminate. */
- if (ec)
- return set_error (ec, "no permission to reload this process");
+ gpg_error_t err;
+
+ err = check_owner_permission (ctx,
+ "no permission to reload this process");
+ if (err)
+ return err;
}
#endif
}
Enabling this option forces loading of expired CRLs; this is only
useful for debugging.
+@item --use-tor
+@opindex use-tor
+This options is not yet functional! It will eventually switch GnuPG
+into a TOR mode to route all network access via TOR (an anonymity
+network).
+
+@item --keyserver @code{name}
+@opindex keyserver
+Use @code{name} as your keyserver. This is the server that @command{gpg}
+communicates with to receive keys, send keys, and search for
+keys. The format of the @code{name} is a URI:
+`scheme:[//]keyservername[:port]' The scheme is the type of keyserver:
+"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP
+keyservers, or "mailto" for the Graff email keyserver. Note that your
+particular installation of GnuPG may have other keyserver types
+available as well. Keyserver schemes are case-insensitive. After the
+keyserver name, optional keyserver configuration options may be
+provided. These are the same as the global @option{--keyserver-options}
+from below, but apply only to this particular keyserver.
+
+Most keyservers synchronize with each other, so there is generally no
+need to send keys to more than one server. The keyserver
+@code{hkp://keys.gnupg.net} uses round robin DNS to give a different
+keyserver each time you use it.
+
@item --disable-ldap
@opindex disable-ldap
Entirely disables the use of LDAP.
certificates used with @code{hkps} (keyserver access over TLS). If
the file is in PEM format a suffix of @code{.pem} is expected for
@var{file}. This option may be given multiple times to add more
-root certificates.
+root certificates. Tilde expansion is supported.
@end table
@opindex enable-passphrase-history
This option does nothing yet.
+@item --pinentry-invisible-char @var{char}
+@opindex pinentry-invisible-char
+This option asks the Pinentry to use @var{char} for displaying hidden
+characters. @var{char} must be one character UTF-8 string. A
+Pinentry may or may not honor this request.
+
@item --pinentry-program @var{filename}
@opindex pinentry-program
Use program @var{filename} as the PIN entry. The default is
again. Only certain options are honored: @code{quiet},
@code{verbose}, @code{debug}, @code{debug-all}, @code{debug-level},
@code{debug-pinentry},
-@code{no-grab}, @code{pinentry-program}, @code{default-cache-ttl},
+@code{no-grab},
+@code{pinentry-program},
+@code{pinentry-invisible-char},
+@code{default-cache-ttl},
@code{max-cache-ttl}, @code{ignore-cache-for-signing},
@code{no-allow-external-cache}, @code{allow-emacs-pinentry},
@code{no-allow-mark-trusted}, @code{disable-scdaemon}, and
@item check
@opindex keyedit:check
- Check the signatures on all selected user IDs.
+ Check the signatures on all selected user IDs. With the extra
+ option @code{selfsig} only self-signatures are shown.
@item adduid
@opindex keyedit:adduid
@item pka
Locate a key using DNS PKA.
+ @item dane
+ Locate a key using DANE, as specified
+ in draft-ietf-dane-openpgpkey-05.txt.
+
@item ldap
Using DNS Service Discovery, check the domain in question for any LDAP
keyservers to use. If this fails, attempt to locate the key using the
@item --keyserver @code{name}
@opindex keyserver
+This option is deprecated - please use the @option{--keyserver} in
+@file{dirmngr.conf} instead.
+
Use @code{name} as your keyserver. This is the server that
@option{--recv-keys}, @option{--send-keys}, and @option{--search-keys}
will communicate with to receive keys from, send keys to, and search for
@option{--recv-keys} command as a whole. Defaults to 30 seconds.
@item http-proxy=@code{value}
+ This options is deprecated.
Set the proxy to use for HTTP and HKP keyservers.
This overrides any proxy defined in @file{dirmngr.conf}.
to put into DNS zone files. An ORIGIN line is printed before each
record to allow diverting the records to the corresponding zone file.
+@item --print-dane-records
+@opindex print-dane-records
+Modify the output of the list commands to print OpenPGP DANE records
+suitable to put into DNS zone files. An ORIGIN line is printed before
+each record to allow diverting the records to the corresponding zone
+file.
+
@item --fixed-list-mode
@opindex fixed-list-mode
Do not merge primary user ID and primary key in @option{--with-colon}
values are not valid for the build platform but we need some values
nevertheless. */
#include "config.h"
-/* When building for Windows some -D macros are not available. We
- provide replacements here. */
+/* When building for Windows the -D macros do not have appropriate
+ values. We provide replacements here. */
#ifdef HAVE_W32_SYSTEM
+# undef GNUPG_BINDIR
+# undef GNUPG_LIBEXECDIR
+# undef GNUPG_LIBDIR
+# undef GNUPG_DATADIR
+# undef GNUPG_SYSCONFDIR
+# undef GNUPG_LOCALSTATEDIR
# define GNUPG_BINDIR "INSTDIR/bin"
# define GNUPG_LIBEXECDIR "INSTDIR/bin"
# define GNUPG_LIBDIR "INSTDIR/lib/" PACKAGE_NAME
## Process this file with automake to produce Makefile.in
-EXTRA_DIST = options.skel distsigkey.gpg ChangeLog-2011 gpg-w32info.rc \
+EXTRA_DIST = options.skel dirmngr-conf.skel distsigkey.gpg \
+ ChangeLog-2011 gpg-w32info.rc \
gpg.w32-manifest.in test.c t-keydb-keyring.kbx
AM_CPPFLAGS = -I$(top_srcdir)/common
$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)
$(INSTALL_DATA) $(srcdir)/options.skel \
$(DESTDIR)$(pkgdatadir)/gpg-conf.skel
+ $(INSTALL_DATA) $(srcdir)/dirmngr-conf.skel \
+ $(DESTDIR)$(pkgdatadir)/dirmngr-conf.skel
$(INSTALL_DATA) $(srcdir)/distsigkey.gpg \
$(DESTDIR)$(pkgdatadir)/distsigkey.gpg
uninstall-local:
-@rm $(DESTDIR)$(pkgdatadir)/gpg-conf.skel
+ -@rm $(DESTDIR)$(pkgdatadir)/dirmngr-conf.skel
-@rm $(DESTDIR)$(pkgdatadir)/distsigkey.gpg
/* Parameter structure used to gather status info. */
struct ks_status_parm_s
{
+ const char *keyword; /* Look for this keyword or NULL for "SOURCE". */
char *source;
};
xfree (line);
}
}
+
+ if (err)
+ ;
+ else if ((opt.keyserver_options.options & KEYSERVER_HONOR_KEYSERVER_URL))
+ {
+ /* Tell the dirmngr that this possibly privacy invading
+ option is in use. If Dirmngr is running in TOR mode, it
+ will return an error. */
+ err = assuan_transact (ctx, "OPTION honor-keyserver-url-used",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (gpg_err_code (err) == GPG_ERR_FORBIDDEN)
+ log_error (_("keyserver option \"honor-keyserver-url\""
+ " may not be used in TOR mode\n"));
+ else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
+ err = 0; /* Old dirmngr versions do not support this option. */
+ }
}
if (err)
\f
-/* Status callback for ks_get and ks_search. */
+/* Status callback for ks_list, ks_get and ks_search. */
static gpg_error_t
ks_status_cb (void *opaque, const char *line)
{
gpg_error_t err = 0;
const char *s;
- if ((s = has_leading_keyword (line, "SOURCE")))
+ if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
{
if (!parm->source)
{
\f
+/* Run the "KEYSERVER" command to return the name of the used
+ keyserver at R_KEYSERVER. */
+gpg_error_t
+gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
+{
+ gpg_error_t err;
+ assuan_context_t ctx;
+ struct ks_status_parm_s stparm;
+
+ memset (&stparm, 0, sizeof stparm);
+ stparm.keyword = "KEYSERVER";
+ *r_keyserver = NULL;
+
+ err = open_context (ctrl, &ctx);
+ if (err)
+ return err;
+
+ err = assuan_transact (ctx, "KEYSERVER", NULL, NULL,
+ NULL, NULL, ks_status_cb, &stparm);
+ if (err)
+ goto leave;
+ if (!stparm.source)
+ {
+ err = gpg_error (GPG_ERR_NO_KEYSERVER);
+ goto leave;
+ }
+
+ *r_keyserver = stparm.source;
+ stparm.source = NULL;
+
+ leave:
+ xfree (stparm.source);
+ close_context (ctrl, ctx);
+ return err;
+}
+
+
+\f
/* Data callback for the KS_SEARCH command. */
static gpg_error_t
ks_search_data_cb (void *opaque, const void *data, size_t datalen)
CERT record found with a supported type; it is expected that only
one CERT record is used. If CERTTYPE is one of the supported
certtypes, only records with this certtype are considered and the
- first one found is returned. All R_* args are optional. */
+ first one found is returned. All R_* args are optional.
+
+ If CERTTYPE is NULL the DANE method is used to fetch the key.
+ */
gpg_error_t
gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
estream_t *r_key,
if (err)
return err;
- line = es_bsprintf ("DNS_CERT %s %s", certtype, name);
+ line = es_bsprintf ("DNS_CERT %s %s", certtype? certtype : "--dane", name);
if (!line)
{
err = gpg_error_from_syserror ();
void gpg_dirmngr_deinit_session_data (ctrl_t ctrl);
+gpg_error_t gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver);
gpg_error_t gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
gpg_error_t (*cb)(void*, int, char *),
void *cb_value);
--- /dev/null
+# dirmngr-conf.skel - Skeleton to create dirmngr.conf.
+# (Note that the first three lines are not copied.)
+#
+# dirmngr.conf - Options for Dirmngr
+# Written in 2015 by The GnuPG Project <https://gnupg.org>
+#
+# To the extent possible under law, the authors have dedicated all
+# copyright and related and neighboring rights to this file to the
+# public domain worldwide. This file is distributed without any
+# warranty. You should have received a copy of the CC0 Public Domain
+# Dedication along with this file. If not, see
+# <http://creativecommons.org/publicdomain/zero/1.0/>.
+#
+#
+# Unless you specify which option file to use (with the command line
+# option "--options filename"), the file ~/.gnupg/dirmngr.conf is used
+# by dirmngr. The file can contain any long options which are valid
+# for Dirmngr. If the first non white space character of a line is a
+# '#', the line is ignored. Empty lines are also ignored. See the
+# dirmngr man page or the manual for a list of options.
+#
+
+# --keyserver URI
+#
+# GPG can send and receive keys to and from a keyserver. These
+# servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP
+# support).
+#
+# Example HKP keyservers:
+# hkp://keys.gnupg.net
+#
+# Example HKPS keyservers (see --hkp-cacert below):
+# hkps://hkps.pool.sks-keyservers.net
+#
+# Example LDAP keyservers:
+# ldap://pgp.surfnet.nl:11370
+#
+# Regular URL syntax applies, and you can set an alternate port
+# through the usual method:
+# hkp://keyserver.example.net:22742
+#
+# Most users just set the name and type of their preferred keyserver.
+# Note that most servers (with the notable exception of
+# ldap://keyserver.pgp.com) synchronize changes with each other. Note
+# also that a single server name may actually point to multiple
+# servers via DNS round-robin. hkp://keys.gnupg.net is an example of
+# such a "server", which spreads the load over a number of physical
+# servers.
+
+keyserver hkp://keys.gnupg.net
+
+# --hkp-cacert FILENAME
+#
+# For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to
+# know the root certificates for verification of the TLS certificates
+# used for the connection. Enter the full name of a file with the
+# root certificates here. If that file is in PEM format a ".pem"
+# suffix is expected. This option may be given multiple times to add
+# more root certificates. Tilde expansion is supported.
+
+#hkp-cacert /path/to/CA/sks-keyservers.netCA.pem
/* export.c - Export keys in the OpenPGP defined format.
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2005, 2010 Free Software Foundation, Inc.
- * Copyright (C) 2014 Werner Koch
+ * Copyright (C) 1998-2015 Werner Koch
*
* This file is part of GnuPG.
*
strlist_t users, int secret,
kbnode_t *keyblock_out, unsigned int options,
int *any);
-static int build_sexp (iobuf_t out, PACKET *pkt, int *indent);
int
N_("remove unusable parts from key during export")},
{"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL,
N_("remove as much as possible from key during export")},
- {"export-sexp-format",EXPORT_SEXP_FORMAT, NULL,
- N_("export keys in an S-expression based format")},
/* Aliases for backward compatibility */
{"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL},
{"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL},
int
export_seckeys (ctrl_t ctrl, strlist_t users )
{
- /* Use only relevant options for the secret key. */
- unsigned int options = (opt.export_options & EXPORT_SEXP_FORMAT);
- return do_export (ctrl, users, 1, options);
+ return do_export (ctrl, users, 1, 0);
}
int
export_secsubkeys (ctrl_t ctrl, strlist_t users )
{
- /* Use only relevant options for the secret key. */
- unsigned int options = (opt.export_options & EXPORT_SEXP_FORMAT);
- return do_export (ctrl, users, 2, options);
+ return do_export (ctrl, users, 2, 0);
}
if (rc)
return rc;
- if (!(options & EXPORT_SEXP_FORMAT))
+ if ( opt.armor )
{
- if ( opt.armor )
- {
- afx = new_armor_context ();
- afx->what = secret? 5 : 1;
- push_armor_filter (afx, out);
- }
+ afx = new_armor_context ();
+ afx->what = secret? 5 : 1;
+ push_armor_filter (afx, out);
}
rc = do_export_stream (ctrl, out, users, secret, NULL, options, &any );
export options to apply. If KEYBLOCK_OUT is not NULL, AND the exit
code is zero, a pointer to the first keyblock found and exported
will be stored at this address; no other keyblocks are exported in
- this case. The caller must free it the returned keyblock. If any
+ this case. The caller must free the returned keyblock. If any
key has been exported true is stored at ANY. */
static int
do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
subkey_list_t subkey_list = NULL; /* Track already processed subkeys. */
KEYDB_HANDLE kdbhd;
strlist_t sl;
- int indent = 0;
gcry_cipher_hd_t cipherhd = NULL;
char *cache_nonce = NULL;
init_packet (&pkt);
kdbhd = keydb_new ();
+ /* For the DANE format override the options. */
+ if ((options & EXPORT_DANE_FORMAT))
+ options = (EXPORT_DANE_FORMAT | EXPORT_MINIMAL | EXPORT_CLEAN);
+
+
if (!users)
{
ndesc = 1;
ski->iv[ski->ivlen] = xtoi_2 (s);
}
- if ((options&EXPORT_SEXP_FORMAT))
- err = build_sexp (out, node->pkt, &indent);
- else
- err = build_packet (out, node->pkt);
+ err = build_packet (out, node->pkt);
}
else if (!err)
{
if (err)
goto unwraperror;
- if ((options&EXPORT_SEXP_FORMAT))
- err = build_sexp (out, node->pkt, &indent);
- else
- err = build_packet (out, node->pkt);
+ err = build_packet (out, node->pkt);
goto unwraperror_leave;
unwraperror:
}
else
{
- if ((options&EXPORT_SEXP_FORMAT))
- err = build_sexp (out, node->pkt, &indent);
- else
- err = build_packet (out, node->pkt);
+ err = build_packet (out, node->pkt);
}
if (err)
*any = 1;
}
- if ((options&EXPORT_SEXP_FORMAT) && indent)
- {
- for (; indent; indent--)
- iobuf_put (out, ')');
- iobuf_put (out, '\n');
- }
-
if (keyblock_out)
{
*keyblock_out = keyblock;
break;
}
}
- if ((options&EXPORT_SEXP_FORMAT) && indent)
- {
- for (; indent; indent--)
- iobuf_put (out, ')');
- iobuf_put (out, '\n');
- }
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
err = 0;
log_info(_("WARNING: nothing exported\n"));
return err;
}
-
-
-
-/* static int */
-/* write_sexp_line (iobuf_t out, int *indent, const char *text) */
-/* { */
-/* int i; */
-
-/* for (i=0; i < *indent; i++) */
-/* iobuf_put (out, ' '); */
-/* iobuf_writestr (out, text); */
-/* return 0; */
-/* } */
-
-/* static int */
-/* write_sexp_keyparm (iobuf_t out, int *indent, const char *name, gcry_mpi_t a) */
-/* { */
-/* int rc; */
-/* unsigned char *buffer; */
-
-/* write_sexp_line (out, indent, "("); */
-/* iobuf_writestr (out, name); */
-/* iobuf_writestr (out, " #"); */
-
-/* rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a); */
-/* assert (!rc); */
-/* iobuf_writestr (out, buffer); */
-/* iobuf_writestr (out, "#)"); */
-/* gcry_free (buffer); */
-/* return 0; */
-/* } */
-
-static int
-build_sexp_seckey (iobuf_t out, PACKET *pkt, int *indent)
-{
- (void)out;
- (void)pkt;
- (void)indent;
-
- /* FIXME: Not yet implemented. */
- return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
- /* PKT_secret_key *sk = pkt->pkt.secret_key; */
- /* char tmpbuf[100]; */
-
- /* if (pkt->pkttype == PKT_SECRET_KEY) */
- /* { */
- /* iobuf_writestr (out, "(openpgp-key\n"); */
- /* (*indent)++; */
- /* } */
- /* else */
- /* { */
- /* iobuf_writestr (out, " (subkey\n"); */
- /* (*indent)++; */
- /* } */
- /* (*indent)++; */
- /* write_sexp_line (out, indent, "(private-key\n"); */
- /* (*indent)++; */
- /* if (is_RSA (sk->pubkey_algo) && !sk->is_protected) */
- /* { */
- /* write_sexp_line (out, indent, "(rsa\n"); */
- /* (*indent)++; */
- /* write_sexp_keyparm (out, indent, "n", sk->skey[0]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "e", sk->skey[1]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "d", sk->skey[2]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "p", sk->skey[3]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "q", sk->skey[4]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "u", sk->skey[5]); */
- /* iobuf_put (out,')'); iobuf_put (out,'\n'); */
- /* (*indent)--; */
- /* } */
- /* else if (sk->pubkey_algo == PUBKEY_ALGO_DSA && !sk->is_protected) */
- /* { */
- /* write_sexp_line (out, indent, "(dsa\n"); */
- /* (*indent)++; */
- /* write_sexp_keyparm (out, indent, "p", sk->skey[0]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "q", sk->skey[1]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "g", sk->skey[2]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "y", sk->skey[3]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "x", sk->skey[4]); */
- /* iobuf_put (out,')'); iobuf_put (out,'\n'); */
- /* (*indent)--; */
- /* } */
- /* else if (sk->pubkey_algo == PUBKEY_ALGO_ECDSA && !sk->is_protected) */
- /* { */
- /* write_sexp_line (out, indent, "(ecdsa\n"); */
- /* (*indent)++; */
- /* write_sexp_keyparm (out, indent, "c", sk->skey[0]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "q", sk->skey[6]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "d", sk->skey[7]); */
- /* iobuf_put (out,')'); iobuf_put (out,'\n'); */
- /* (*indent)--; */
- /* } */
- /* else if (is_ELGAMAL (sk->pubkey_algo) && !sk->is_protected) */
- /* { */
- /* write_sexp_line (out, indent, "(elg\n"); */
- /* (*indent)++; */
- /* write_sexp_keyparm (out, indent, "p", sk->skey[0]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "g", sk->skey[2]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "y", sk->skey[3]); iobuf_put (out,'\n'); */
- /* write_sexp_keyparm (out, indent, "x", sk->skey[4]); */
- /* iobuf_put (out,')'); iobuf_put (out,'\n'); */
- /* (*indent)--; */
- /* } */
- /* write_sexp_line (out, indent, "(attrib\n"); (*indent)++; */
- /* sprintf (tmpbuf, "(created \"%lu\"", (unsigned long)sk->timestamp); */
- /* write_sexp_line (out, indent, tmpbuf); */
- /* iobuf_put (out,')'); (*indent)--; /\* close created *\/ */
- /* iobuf_put (out,')'); (*indent)--; /\* close attrib *\/ */
- /* iobuf_put (out,')'); (*indent)--; /\* close private-key *\/ */
- /* if (pkt->pkttype != PKT_SECRET_KEY) */
- /* iobuf_put (out,')'), (*indent)--; /\* close subkey *\/ */
- /* iobuf_put (out,'\n'); */
-
- /* return 0; */
-}
-
-
-/* For some packet types we write them in a S-expression format. This
- is still EXPERIMENTAL and subject to change. */
-static int
-build_sexp (iobuf_t out, PACKET *pkt, int *indent)
-{
- int rc;
-
- switch (pkt->pkttype)
- {
- case PKT_SECRET_KEY:
- case PKT_SECRET_SUBKEY:
- rc = build_sexp_seckey (out, pkt, indent);
- break;
- default:
- rc = 0;
- break;
- }
- return rc;
-}
/* getkey.c - Get a key from the database
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2007, 2008, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2015 g10 Code GmbH
*
* This file is part of GnuPG.
*
struct getkey_ctx_s
{
+ /* Part of the search criteria: whether the search is an exact
+ search or not. A search that is exact requires that a key or
+ subkey meet all of the specified criteria. A search that is not
+ exact allows selecting a different key or subkey from the
+ keyblock that matched the critera. Further, an exact search
+ returns the key or subkey that matched whereas a non-exact search
+ typically returns the primary key. See finish_lookup for
+ details. */
int exact;
- int want_secret; /* The caller requested only secret keys. */
- KBNODE keyblock;
- KBPOS kbpos;
- KBNODE found_key; /* Pointer into some keyblock. */
- strlist_t extra_list; /* Will be freed when releasing the context. */
+
+ /* Part of the search criteria: Whether the caller only wants keys
+ with an available secret key. This is used by getkey_next to get
+ the next result with the same initial criteria. */
+ int want_secret;
+
+ /* Part of the search criteria: The type of the requested key. A
+ mask of PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT.
+ If non-zero, then for a key to match, it must implement one of
+ the required uses. */
int req_usage;
+
+ /* The database handle. */
KEYDB_HANDLE kr_handle;
+
+ /* Whether we should call xfree() on the context when the context is
+ released using getkey_end()). */
int not_allocated;
+
+ /* Part of the search criteria: The low-level search specification
+ as passed to keydb_search. */
int nitems;
+ /* This must be the last element in the structure. When we allocate
+ the structure, we allocate it so that ITEMS can hold NITEMS. */
KEYDB_SEARCH_DESC items[1];
};
static int uid_cache_entries; /* Number of entries in uid cache. */
static void merge_selfsigs (kbnode_t keyblock);
-static int lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret);
+static int lookup (getkey_ctx_t ctx,
+ kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
+ int want_secret);
#if 0
static void
#endif
+/* For documentation see keydb.h. */
void
cache_public_key (PKT_public_key * pk)
{
/* Return the user ID from the given keyblock.
* We use the primary uid flag which has been set by the merge_selfsigs
- * function. The returned value is only valid as long as then given
+ * function. The returned value is only valid as long as the given
* keyblock is not changed. */
static const char *
get_primary_uid (KBNODE keyblock, size_t * uidlen)
}
+/* For documentation see keydb.h. */
void
getkey_disable_caches ()
{
static void
-pk_from_block (GETKEY_CTX ctx, PKT_public_key * pk, KBNODE keyblock)
+pk_from_block (GETKEY_CTX ctx, PKT_public_key * pk, KBNODE keyblock,
+ KBNODE found_key)
{
- KBNODE a = ctx->found_key ? ctx->found_key : keyblock;
+ KBNODE a = found_key ? found_key : keyblock;
+
+ (void) ctx;
assert (a->pkt->pkttype == PKT_PUBLIC_KEY
|| a->pkt->pkttype == PKT_PUBLIC_SUBKEY);
copy_public_key (pk, a->pkt->pkt.public_key);
}
-/* Get a public key and store it into the allocated pk can be called
- * with PK set to NULL to just read it into some internal
- * structures. */
+
+/* For documentation see keydb.h. */
int
get_pubkey (PKT_public_key * pk, u32 * keyid)
{
for (ce = pk_cache; ce; ce = ce->next)
{
if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
+ /* XXX: We don't check PK->REQ_USAGE here, but if we don't
+ read from the cache, we do check it! */
{
copy_public_key (pk, ce->pk);
return 0;
{
struct getkey_ctx_s ctx;
KBNODE kb = NULL;
+ KBNODE found_key = NULL;
memset (&ctx, 0, sizeof ctx);
ctx.exact = 1; /* Use the key ID exactly as given. */
ctx.not_allocated = 1;
ctx.items[0].u.kid[0] = keyid[0];
ctx.items[0].u.kid[1] = keyid[1];
ctx.req_usage = pk->req_usage;
- rc = lookup (&ctx, &kb, 0);
+ rc = lookup (&ctx, &kb, &found_key, 0);
if (!rc)
{
- pk_from_block (&ctx, pk, kb);
+ pk_from_block (&ctx, pk, kb, found_key);
}
- get_pubkey_end (&ctx);
+ getkey_end (&ctx);
release_kbnode (kb);
}
if (!rc)
}
-/* Get a public key and store it into the allocated pk. This function
- differs from get_pubkey() in that it does not do a check of the key
- to avoid recursion. It should be used only in very certain cases.
- It will only retrieve primary keys. */
+/* For documentation see keydb.h. */
int
get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
{
for (ce = pk_cache; ce; ce = ce->next)
{
- if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
+ if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1]
+ /* Only consider primary keys. */
+ && ce->pk->keyid[0] == ce->pk->main_keyid[0]
+ && ce->pk->keyid[1] == ce->pk->main_keyid[1])
{
if (pk)
copy_public_key (pk, ce->pk);
}
assert (keyblock && keyblock->pkt
- && (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
- || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY));
+ && keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+ /* We return the primary key. If KEYID matched a subkey, then we
+ return an error. */
keyid_from_pk (keyblock->pkt->pkt.public_key, pkid);
if (keyid[0] == pkid[0] && keyid[1] == pkid[1])
copy_public_key (pk, keyblock->pkt->pkt.public_key);
}
+/* For documentation see keydb.h. */
KBNODE
get_pubkeyblock (u32 * keyid)
{
ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
ctx.items[0].u.kid[0] = keyid[0];
ctx.items[0].u.kid[1] = keyid[1];
- rc = lookup (&ctx, &keyblock, 0);
- get_pubkey_end (&ctx);
+ rc = lookup (&ctx, &keyblock, NULL, 0);
+ getkey_end (&ctx);
return rc ? NULL : keyblock;
}
-
-
-/*
- * Get a public key and store it into PK. This functions check that a
- * corresponding secret key is available. With no secret key it does
- * not succeeed.
- */
+/* For documentation see keydb.h. */
gpg_error_t
get_seckey (PKT_public_key *pk, u32 *keyid)
{
gpg_error_t err;
struct getkey_ctx_s ctx;
kbnode_t keyblock = NULL;
+ kbnode_t found_key = NULL;
memset (&ctx, 0, sizeof ctx);
ctx.exact = 1; /* Use the key ID exactly as given. */
ctx.items[0].u.kid[0] = keyid[0];
ctx.items[0].u.kid[1] = keyid[1];
ctx.req_usage = pk->req_usage;
- err = lookup (&ctx, &keyblock, 1);
+ err = lookup (&ctx, &keyblock, &found_key, 1);
if (!err)
{
- pk_from_block (&ctx, pk, keyblock);
+ pk_from_block (&ctx, pk, keyblock, found_key);
}
- get_pubkey_end (&ctx);
+ getkey_end (&ctx);
release_kbnode (keyblock);
if (!err)
- err = agent_probe_secret_key (/*ctrl*/NULL, pk);
+ {
+ err = agent_probe_secret_key (/*ctrl*/NULL, pk);
+ if (err)
+ release_public_key_parts (pk);
+ }
return err;
}
+/* Skip unusable keys. A key is unusable if it is revoked, expired or
+ disabled or if the selected user id is revoked or expired. */
static int
-skip_unusable (void *dummy, u32 * keyid, PKT_user_id * uid)
+skip_unusable (void *dummy, u32 * keyid, int uid_no)
{
int unusable = 0;
KBNODE keyblock;
+ PKT_public_key *pk;
(void) dummy;
goto leave;
}
- /* Is the user ID in question revoked/expired? */
- if (uid)
+ pk = keyblock->pkt->pkt.public_key;
+
+ /* Is the key revoked or expired? */
+ if (pk->flags.revoked || pk->has_expired)
+ unusable = 1;
+
+ /* Is the user ID in question revoked or expired? */
+ if (!unusable && uid_no)
{
KBNODE node;
+ int uids_seen = 0;
for (node = keyblock; node; node = node->next)
{
if (node->pkt->pkttype == PKT_USER_ID)
{
- if (cmp_user_ids (uid, node->pkt->pkt.user_id) == 0
- && (node->pkt->pkt.user_id->is_revoked
- || node->pkt->pkt.user_id->is_expired))
- {
- unusable = 1;
- break;
- }
+ PKT_user_id *user_id = node->pkt->pkt.user_id;
+
+ uids_seen ++;
+ if (uids_seen != uid_no)
+ continue;
+
+ if (user_id->is_revoked || user_id->is_expired)
+ unusable = 1;
+
+ break;
}
}
+
+ /* If UID_NO is non-zero, then the keyblock better have at least
+ that many UIDs. */
+ assert (uids_seen == uid_no);
}
if (!unusable)
- unusable = pk_is_disabled (keyblock->pkt->pkt.public_key);
+ unusable = pk_is_disabled (pk);
leave:
release_kbnode (keyblock);
}
-/* Try to get the pubkey by the userid. This function looks for the
- * first pubkey certificate which has the given name in a user_id. If
- * PK has the pubkey algo set, the function will only return a pubkey
- * with that algo. If NAMELIST is NULL, the first key is returned.
- * The caller should provide storage for the PK or pass NULL if it is
- * not needed. If RET_KB is not NULL the function stores the entire
- * keyblock at that address. */
+/* Search for keys matching some criteria.
+
+ If RETCTX is not NULL, then the constructed context is returned in
+ *RETCTX so that getpubkey_next can be used to get subsequent
+ results. In this case, getkey_end() must be used to free the
+ search context. If RETCTX is not NULL, then RET_KDBHD must be
+ NULL.
+
+ If NAMELIST is not NULL, then a search query is constructed using
+ classify_user_id on each of the strings in the list. (Recall: the
+ database does an OR of the terms, not an AND.) If NAMELIST is
+ NULL, then all results are returned.
+
+ If PK is not NULL, the public key of the first result is returned
+ in *PK. Note: PK->REQ_USAGE must be valid!!! If PK->REQ_USAGE is
+ set, it is used to filter the search results. See the
+ documentation for finish_lookup to understand exactly how this is
+ used. Note: The self-signed data has already been merged into the
+ public key using merge_selfsigs. Free *PK by calling
+ release_public_key_parts (or, if PK was allocated using xfree, you
+ can use free_public_key, which calls release_public_key_parts(PK)
+ and then xfree(PK)).
+
+ If WANT_SECRET is set, then only keys with an available secret key
+ (either locally or via key registered on a smartcard) are returned.
+
+ If INCLUDE_UNUSABLE is set, then unusable keys (see the
+ documentation for skip_unusable for an exact definition) are
+ skipped unless they are looked up by key id or by fingerprint.
+
+ If RET_KB is not NULL, the keyblock is returned in *RET_KB. This
+ should be freed using release_kbnode().
+
+ If RET_KDBHD is not NULL, then the new database handle used to
+ conduct the search is returned in *RET_KDBHD. This can be used to
+ get subsequent results using keydb_search_next. Note: in this
+ case, no advanced filtering is done for subsequent results (e.g.,
+ WANT_SECRET and PK->REQ_USAGE are not respected).
+
+ This function returns 0 on success. Otherwise, an error code is
+ returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
+ (if want_secret is set) is returned if the key is not found. */
static int
key_byname (GETKEY_CTX *retctx, strlist_t namelist,
PKT_public_key *pk,
strlist_t r;
GETKEY_CTX ctx;
KBNODE help_kb = NULL;
+ KBNODE found_key = NULL;
if (retctx)
{
*ret_kdbhd = NULL;
if (!namelist)
+ /* No search terms: iterate over the whole DB. */
{
ctx = xmalloc_clear (sizeof *ctx);
ctx->nitems = 1;
for (n = 0, r = namelist; r; r = r->next)
n++;
+ /* CTX has space for a single search term at the end. Thus, we
+ need to allocate sizeof *CTX plus (n - 1) sizeof
+ CTX->ITEMS. */
ctx = xmalloc_clear (sizeof *ctx + (n - 1) * sizeof ctx->items);
ctx->nitems = n;
ctx->req_usage = pk->req_usage;
}
- rc = lookup (ctx, ret_kb, want_secret);
+ rc = lookup (ctx, ret_kb, &found_key, want_secret);
if (!rc && pk)
{
- pk_from_block (ctx, pk, *ret_kb);
+ pk_from_block (ctx, pk, *ret_kb, found_key);
}
release_kbnode (help_kb);
*ret_kdbhd = ctx->kr_handle;
ctx->kr_handle = NULL;
}
- get_pubkey_end (ctx);
+ getkey_end (ctx);
}
return rc;
}
-
-/* Find a public key from NAME and return the keyblock or the key. If
- ret_kdb is not NULL, the KEYDB handle used to locate this keyblock
- is returned and the caller is responsible for closing it. If a key
- was not found (or if local search has been disabled) and NAME is a
- valid RFC822 mailbox and --auto-key-locate has been enabled, we try
- to import the key via the online mechanisms defined by
- --auto-key-locate. */
+/* For documentation see keydb.h. */
int
get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
const char *name, KBNODE * ret_keyblock,
if (retctx)
*retctx = NULL;
+ /* Does NAME appear to be a mailbox (mail address)? */
is_mbox = is_valid_mailbox (name);
- /* Check whether the default local search has been disabled.
- This is the case if either the "nodefault" or the "local" keyword
- are in the list of auto key locate mechanisms.
+ /* The auto-key-locate feature works as follows: there are a number
+ of methods to look up keys. By default, the local keyring is
+ tried first. Then, each method listed in the --auto-key-locate is
+ tried in the order it appears.
+
+ This can be changed as follows:
+
+ - if nodefault appears anywhere in the list of options, then
+ the local keyring is not tried first, or,
- ANYLOCALFIRST is set if the search order has the local method
- before any other or if "local" is used first by default. This
- makes sure that if a RETCTX is used it is only set if a local
- search has precedence over the other search methods and only then
- a followup call to get_pubkey_next shall succeed. */
+ - if local appears anywhere in the list of options, then the
+ local keyring is not tried first, but in the order in which
+ it was listed in the --auto-key-locate option.
+
+ Note: we only save the search context in RETCTX if the local
+ method is the first method tried (either explicitly or
+ implicitly). */
if (!no_akl)
+ /* auto-key-locate is enabled. */
{
+ /* nodefault is true if "nodefault" or "local" appear. */
for (akl = opt.auto_key_locate; akl; akl = akl->next)
if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
{
nodefault = 1;
break;
}
+ /* anylocalfirst is true if "local" appears before any other
+ search methods (except "nodefault"). */
for (akl = opt.auto_key_locate; akl; akl = akl->next)
if (akl->type != AKL_NODEFAULT)
{
}
if (!nodefault)
+ /* "nodefault" didn't occur. Thus, "local" is implicitly the
+ first method to try. */
anylocalfirst = 1;
if (nodefault && is_mbox)
+ /* Either "nodefault" or "local" (explicitly) appeared in the auto
+ key locate list and NAME appears to be an email address. Don't
+ try the local keyring. */
{
- /* Nodefault but a mailbox - let the AKL locate the key. */
rc = GPG_ERR_NO_PUBKEY;
}
else
+ /* Either "nodefault" and "local" don't appear in the auto key
+ locate list (in which case we try the local keyring first) or
+ NAME does not appear to be an email address (in which case we
+ only try the local keyring). In this case, lookup NAME in the
+ local keyring. */
{
add_to_strlist (&namelist, name);
rc = key_byname (retctx, namelist, pk, 0,
/* If the requested name resembles a valid mailbox and automatic
retrieval has been enabled, we try to import the key. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && !no_akl && is_mbox)
+ /* NAME wasn't present in the local keyring (or we didn't try the
+ local keyring). Since the auto key locate feature is enabled
+ and NAME appears to be an email address, try the auto locate
+ feature. */
{
for (akl = opt.auto_key_locate; akl; akl = akl->next)
{
did_key_byname = 1;
if (retctx)
{
- get_pubkey_end (*retctx);
+ getkey_end (*retctx);
*retctx = NULL;
}
add_to_strlist (&namelist, name);
case AKL_CERT:
mechanism = "DNS CERT";
glo_ctrl.in_auto_key_retrieve++;
- rc = keyserver_import_cert (ctrl, name, &fpr, &fpr_len);
+ rc = keyserver_import_cert (ctrl, name, 0, &fpr, &fpr_len);
glo_ctrl.in_auto_key_retrieve--;
break;
glo_ctrl.in_auto_key_retrieve--;
break;
+ case AKL_DANE:
+ mechanism = "DANE";
+ glo_ctrl.in_auto_key_retrieve++;
+ rc = keyserver_import_cert (ctrl, name, 1, &fpr, &fpr_len);
+ glo_ctrl.in_auto_key_retrieve--;
+ break;
+
case AKL_LDAP:
mechanism = "LDAP";
glo_ctrl.in_auto_key_retrieve++;
add_to_strlist (&namelist, fpr_string);
}
else if (!rc && !fpr && !did_key_byname)
+ /* The acquisition method said no failure occured, but it
+ didn't return a fingerprint. That's a failure. */
{
no_fingerprint = 1;
rc = GPG_ERR_NO_PUBKEY;
fpr = NULL;
if (!rc && !did_key_byname)
+ /* There was no error and we didn't do a local lookup.
+ This means that we imported a key into the local
+ keyring. Try to read the imported key from the
+ keyring. */
{
if (retctx)
{
- get_pubkey_end (*retctx);
+ getkey_end (*retctx);
*retctx = NULL;
}
rc = key_byname (anylocalfirst ? retctx : NULL,
if (rc && retctx)
{
- get_pubkey_end (*retctx);
+ getkey_end (*retctx);
*retctx = NULL;
}
- if (retctx && *retctx)
- {
- assert (!(*retctx)->extra_list);
- (*retctx)->extra_list = namelist;
- }
- else
- free_strlist (namelist);
+ free_strlist (namelist);
return rc;
}
-int
-get_pubkey_bynames (GETKEY_CTX * retctx, PKT_public_key * pk,
- strlist_t names, KBNODE * ret_keyblock)
-{
- return key_byname (retctx, names, pk, 0, 1, ret_keyblock, NULL);
-}
+/* For documentation see keydb.h.
-int
-get_pubkey_next (GETKEY_CTX ctx, PKT_public_key * pk, KBNODE * ret_keyblock)
-{
- return gpg_err_code (getkey_next (ctx, pk, ret_keyblock));
-}
-
-void
-get_pubkey_end (GETKEY_CTX ctx)
-{
- getkey_end (ctx);
-}
-
-
-/* Search for a key with the given standard fingerprint. In contrast
- * to get_pubkey_byfprint we assume a right padded fingerprint of the
- * standard length. PK may be NULL to only put the result into the
- * internal caches. */
-gpg_error_t
-get_pubkey_byfpr (PKT_public_key *pk, const byte *fpr)
-{
- gpg_error_t err;
- struct getkey_ctx_s ctx;
- kbnode_t kb = NULL;
-
- memset (&ctx, 0, sizeof ctx);
- ctx.exact = 1;
- ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new ();
- ctx.nitems = 1;
- ctx.items[0].mode = KEYDB_SEARCH_MODE_FPR;
- memcpy (ctx.items[0].u.fpr, fpr, MAX_FINGERPRINT_LEN);
- err = lookup (&ctx, &kb, 0);
- if (!err && pk)
- pk_from_block (&ctx, pk, kb);
- release_kbnode (kb);
- get_pubkey_end (&ctx);
-
- return err;
-}
-
-
-/* Search for a key with the given fingerprint. The caller need to
- * prove an allocated public key object at PK. If R_KEYBLOCK is not
- * NULL the entire keyblock is stored there and the caller needs to
- * call release_kbnode() on it. Note that this function does an exact
- * search and thus the public key stored at PK may be a copy of a
- * subkey.
- *
- * FIXME:
- * We should replace this with the _byname function. This can be done
- * by creating a userID conforming to the unified fingerprint style.
- */
+ FIXME: We should replace this with the _byname function. This can
+ be done by creating a userID conforming to the unified fingerprint
+ style. */
int
get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock,
const byte * fprint, size_t fprint_len)
{
struct getkey_ctx_s ctx;
KBNODE kb = NULL;
+ KBNODE found_key = NULL;
memset (&ctx, 0, sizeof ctx);
ctx.exact = 1;
ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
: KEYDB_SEARCH_MODE_FPR20;
memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
- rc = lookup (&ctx, &kb, 0);
+ rc = lookup (&ctx, &kb, &found_key, 0);
if (!rc && pk)
- {
- pk_from_block (&ctx, pk, kb);
- if (r_keyblock)
- {
- *r_keyblock = kb;
- kb = NULL;
- }
- }
+ pk_from_block (&ctx, pk, kb, found_key);
+ if (!rc && r_keyblock)
+ {
+ *r_keyblock = kb;
+ kb = NULL;
+ }
release_kbnode (kb);
- get_pubkey_end (&ctx);
+ getkey_end (&ctx);
}
else
rc = GPG_ERR_GENERAL; /* Oops */
}
-/* Get a public key and store it into the allocated pk. This function
- differs from get_pubkey_byfprint() in that it does not do a check
- of the key to avoid recursion. It should be used only in very
- certain cases. PK may be NULL to check just for the existance of
- the key. */
+/* For documentation see keydb.h. */
int
get_pubkey_byfprint_fast (PKT_public_key * pk,
const byte * fprint, size_t fprint_len)
}
-/* Search for a key with the given fingerprint and return the
- * complete keyblock which may have more than only this key. */
-int
-get_keyblock_byfprint (KBNODE * ret_keyblock, const byte * fprint,
- size_t fprint_len)
-{
- int rc;
-
- if (fprint_len == 20 || fprint_len == 16)
- {
- struct getkey_ctx_s ctx;
-
- memset (&ctx, 0, sizeof ctx);
- ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new ();
- ctx.nitems = 1;
- ctx.items[0].mode = (fprint_len == 16
- ? KEYDB_SEARCH_MODE_FPR16
- : KEYDB_SEARCH_MODE_FPR20);
- memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
- rc = lookup (&ctx, ret_keyblock, 0);
- get_pubkey_end (&ctx);
- }
- else
- rc = GPG_ERR_GENERAL; /* Oops */
-
- return rc;
-}
-
-
-/* Get a secret key by NAME and store it into PK. If NAME is NULL use
- * the default key. This functions checks that a corresponding secret
- * key is available. With no secret key it does not succeeed. */
+/* For documentation see keydb.h. */
gpg_error_t
-get_seckey_byname (PKT_public_key *pk, const char *name)
+get_seckey_default (PKT_public_key *pk)
{
gpg_error_t err;
strlist_t namelist = NULL;
int include_unusable = 1;
- /* If we have no name, try to use the default secret key. If we
- have no default, we'll use the first usable one. */
-
- if (!name && opt.def_secret_key && *opt.def_secret_key)
+ if (opt.def_secret_key && *opt.def_secret_key)
add_to_strlist (&namelist, opt.def_secret_key);
- else if (name)
- add_to_strlist (&namelist, name);
else
include_unusable = 0;
return err;
}
-
-
-
-/* Search for a key with the given fingerprint.
- * FIXME:
- * We should replace this with the _byname function. This can be done
- * by creating a userID conforming to the unified fingerprint style. */
-gpg_error_t
-get_seckey_byfprint (PKT_public_key *pk, const byte * fprint, size_t fprint_len)
-{
- gpg_error_t err;
-
- if (fprint_len == 20 || fprint_len == 16)
- {
- struct getkey_ctx_s ctx;
- kbnode_t kb = NULL;
-
- memset (&ctx, 0, sizeof ctx);
- ctx.exact = 1;
- ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new ();
- ctx.nitems = 1;
- ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
- : KEYDB_SEARCH_MODE_FPR20;
- memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
- err = lookup (&ctx, &kb, 1);
- if (!err && pk)
- pk_from_block (&ctx, pk, kb);
- release_kbnode (kb);
- get_pubkey_end (&ctx);
- }
- else
- err = gpg_error (GPG_ERR_BUG);
- return err;
-}
-
-
-/* Search for a secret key with the given fingerprint and return the
- complete keyblock which may have more than only this key. Return
- an error if no corresponding secret key is available. */
-gpg_error_t
-get_seckeyblock_byfprint (kbnode_t *ret_keyblock,
- const byte *fprint, size_t fprint_len)
-{
- gpg_error_t err;
- struct getkey_ctx_s ctx;
-
- if (fprint_len != 20 && fprint_len == 16)
- return gpg_error (GPG_ERR_BUG);
-
- memset (&ctx, 0, sizeof ctx);
- ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new ();
- ctx.nitems = 1;
- ctx.items[0].mode = (fprint_len == 16
- ? KEYDB_SEARCH_MODE_FPR16 : KEYDB_SEARCH_MODE_FPR20);
- memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
- err = lookup (&ctx, ret_keyblock, 1);
- get_pubkey_end (&ctx);
-
- return err;
-}
-
-
\f
-/* The new function to return a key.
- FIXME: Document it. */
+/* For documentation see keydb.h. */
gpg_error_t
getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk,
strlist_t names, int want_secret, kbnode_t *ret_keyblock)
}
-/* Get a key by name and store it into PK if that is not NULL. If
- * RETCTX is not NULL return the search context which needs to be
- * released by the caller using getkey_end. If NAME is NULL use the
- * default key (see below). On success and if RET_KEYBLOCK is not
- * NULL the found keyblock is stored at this address. WANT_SECRET
- * passed as true requires that a secret key is available for the
- * selected key.
- *
- * If WANT_SECRET is true and NAME is NULL and a default key has been
- * defined that defined key is used. In all other cases the first
- * available key is used.
- *
- * FIXME: Explain what is up with unusable keys.
- *
- * FIXME: We also have the get_pubkey_byname function which has a
- * different semantic. Should be merged with this one.
- */
+/* For documentation see keydb.h. */
gpg_error_t
getkey_byname (getkey_ctx_t *retctx, PKT_public_key *pk,
const char *name, int want_secret, kbnode_t *ret_keyblock)
}
-/* The new function to return the next key. */
+/* For documentation see keydb.h. */
gpg_error_t
getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock)
{
int rc; /* Fixme: Make sure this is proper gpg_error */
+ KBNODE found_key = NULL;
/* We need to disable the caching so that for an exact key search we
won't get the result back from the cache and thus end up in an
- endless loop. Disabling this here is sufficient because although
- the result has been cached, if won't be used then. */
+ endless loop. The endless loop can occur, because the cache is
+ used without respecting the current file pointer! */
keydb_disable_caching (ctx->kr_handle);
- rc = lookup (ctx, ret_keyblock, ctx->want_secret);
+ rc = lookup (ctx, ret_keyblock, &found_key, ctx->want_secret);
if (!rc && pk && ret_keyblock)
- pk_from_block (ctx, pk, *ret_keyblock);
+ pk_from_block (ctx, pk, *ret_keyblock, found_key);
return rc;
}
-/* The new function to finish a key listing. */
+/* For documentation see keydb.h. */
void
getkey_end (getkey_ctx_t ctx)
{
if (ctx)
{
- memset (&ctx->kbpos, 0, sizeof ctx->kbpos);
keydb_release (ctx->kr_handle);
- free_strlist (ctx->extra_list);
if (!ctx->not_allocated)
xfree (ctx);
}
************* Merging stuff ********************
************************************************/
-/* Set the mainkey_id fields for all keys in KEYBLOCK. This is
- usually done by merge_selfsigs but at some places we only need the
- main_kid but the the full merging. The function also guarantees
- that all pk->keyids are computed. */
+/* For documentation see keydb.h. */
void
setup_main_keyids (kbnode_t keyblock)
{
}
-/* Merge all self-signatures with the keys. */
+/* For documentation see keydb.h. */
void
merge_keys_and_selfsig (KBNODE keyblock)
{
/* Apply information from SIGNODE (which is the valid self-signature
* associated with that UID) to the UIDNODE:
- * - wether the UID has been revoked
+ * - weather the UID has been revoked
* - assumed creation date of the UID
* - temporary store the keyflags here
* - temporary store the key expiration time here
}
-/* Note that R_REVOKED may be set to 0, 1 or 2. */
+/* Given a keyblock, parse the key block and extract various pieces of
+ information and save them with the primary key packet and the user
+ id packets. For instance, some information is stored in signature
+ packets. We find the latest such valid packet (since the user can
+ change that information) and copy its contents into the
+ PKT_public_key.
+
+ Note that R_REVOKED may be set to 0, 1 or 2.
+
+ This function fills in the following fields in the primary key's
+ keyblock:
+
+ main_keyid (computed)
+ revkey / numrevkeys (derived from self signed key data)
+ flags.valid (whether we have at least 1 self-sig)
+ flags.maybe_revoked (whether a designed revoked the key, but
+ we are missing the key to check the sig)
+ selfsigversion (highest version of any valid self-sig)
+ pubkey_usage (derived from most recent self-sig or most
+ recent user id)
+ has_expired (various sources)
+ expiredate (various sources)
+
+ See the documentation for fixup_uidnode for how the user id packets
+ are modified. In addition to that the primary user id's is_primary
+ field is set to 1 and the other user id's is_primary are set to
+ 0. */
static void
merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
struct revoke_info *rinfo)
*r_revoked = 0;
memset (rinfo, 0, sizeof (*rinfo));
+ /* Section 11.1 of RFC 4880 determines the order of packets within a
+ message. There are three sections, which must occur in the
+ following order: the public key, the user ids and user attributes
+ and the subkeys. Within each section, each primary packet (e.g.,
+ a user id packet) is followed by one or more signature packets,
+ which modify that packet. */
+
+ /* According to Section 11.1 of RFC 4880, the public key must be the
+ first packet. */
if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
+ /* parse_keyblock_image ensures that the first packet is the
+ public key. */
BUG ();
pk = keyblock->pkt->pkt.public_key;
keytimestamp = pk->timestamp;
key_expire_seen = 1;
}
- /* First pass: Find the latest direct key self-signature. We assume
- * that the newest one overrides all others. */
+ /* First pass:
+
+ - Find the latest direct key self-signature. We assume that the
+ newest one overrides all others.
+
+ - Determine whether the key has been revoked.
+
+ - Gather all revocation keys (unlike other data, we don't just
+ take them from the latest self-signed packet).
- /* In case this key was already merged. */
+ - Determine max (sig[...]->version).
+ */
+
+ /* Reset this in case this key was already merged. */
xfree (pk->revkey);
pk->revkey = NULL;
pk->numrevkeys = 0;
signode = NULL;
sigdate = 0; /* Helper variable to find the latest signature. */
- for (k = keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next)
+
+ /* According to Section 11.1 of RFC 4880, the public key comes first
+ and is immediately followed by any signature packets that modify
+ it. */
+ for (k = keyblock;
+ k && k->pkt->pkttype != PKT_USER_ID
+ && k->pkt->pkttype != PKT_ATTRIBUTE
+ && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next)
{
if (k->pkt->pkttype == PKT_SIGNATURE)
{
PKT_signature *sig = k->pkt->pkt.signature;
if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
+ /* Self sig. */
{
if (check_key_signature (keyblock, k, NULL))
; /* Signature did not verify. */
}
else if (IS_KEY_SIG (sig))
{
- /* Add any revocation keys onto the pk. This is
- particularly interesting since we normally only
- get data from the most recent 1F signature, but
- you need multiple 1F sigs to properly handle
- revocation keys (PGP does it this way, and a
- revocation key could be sensitive and hence in a
- different signature). */
+ /* Add the indicated revocations keys from all
+ signatures not just the latest. We do this
+ because you need multiple 1F sigs to properly
+ handle revocation keys (PGP does it this way, and
+ a revocation key could be sensitive and hence in
+ a different signature). */
if (sig->revkey)
{
int i;
}
if (sig->timestamp >= sigdate)
+ /* This is the latest signature so far. */
{
if (sig->flags.expired)
; /* Signature has expired - ignore it. */
}
/* Remove dupes from the revocation keys. */
-
if (pk->revkey)
{
int i, j, x, changed = 0;
}
if (signode)
+ /* SIGNODE is the 1F signature packet with the latest creation
+ time. Extract some information from it. */
{
/* Some information from a direct key signature take precedence
* over the same information given in UID sigs. */
}
/* Second pass: Look at the self-signature of all user IDs. */
+
+ /* According to RFC 4880 section 11.1, user id and attribute packets
+ are in the second section, after the public key packet and before
+ the subkey packets. */
signode = uidnode = NULL;
sigdate = 0; /* Helper variable to find the latest signature in one UID. */
for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
{
- if (k->pkt->pkttype == PKT_USER_ID)
+ if (k->pkt->pkttype == PKT_USER_ID || k->pkt->pkttype == PKT_ATTRIBUTE)
+ /* New user id packet. */
{
if (uidnode && signode)
+ /* Apply the data from the most recent self-signed packet
+ to the preceding user id packet. */
{
fixup_uidnode (uidnode, signode, keytimestamp);
pk->flags.valid = 1;
}
- uidnode = k;
+ /* Clear SIGNODE. The only relevant self-signed data for
+ UIDNODE follows it. */
+ if (k->pkt->pkttype == PKT_USER_ID)
+ uidnode = k;
+ else
+ uidnode = NULL;
signode = NULL;
sigdate = 0;
}
{
/* Note: we allow to invalidate cert revocations
* by a newer signature. An attacker can't use this
- * because a key should be revoced with a key revocation.
+ * because a key should be revoked with a key revocation.
* The reason why we have to allow for that is that at
* one time an email address may become invalid but later
* the same email address may become valid again (hired,
avoid infinite recursion in certain cases.
There is no reason to check that an ultimately
trusted key is still valid - if it has been
- revoked or the user should also renmove the
+ revoked the user should also remove the
ultimate trust flag. */
if (get_pubkey_fast (ultimate_pk, sig->keyid) == 0
&& check_key_signature2 (keyblock, k, ultimate_pk,
return sig;
}
+/* Use the self-signed data to fill in various fields in subkeys.
+
+ KEYBLOCK is the whole keyblock. SUBNODE is the subkey to fill in.
+
+ Sets the following fields on the subkey:
+
+ main_keyid
+ flags.valid if the subkey has a valid self-sig binding
+ flags.revoked
+ flags.backsig
+ pubkey_usage
+ has_expired
+ expired_date
+
+ On this subkey's most revent valid self-signed packet, the
+ following field is set:
+
+ flags.chosen_selfsig
+ */
static void
merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode)
{
}
-/*
- * Merge information from the self-signatures with the key, so that
- * we can later use them more easy.
- * The function works by first applying the self signatures to the
- * primary key and the to each subkey.
- * Here are the rules we use to decide which inormation from which
- * self-signature is used:
- * We check all self signatures or validity and ignore all invalid signatures.
- * All signatures are then ordered by their creation date ....
- * For the primary key:
- * FIXME the docs
- */
+/* Merge information from the self-signatures with the public key,
+ subkeys and user ids to make using them more easy.
+
+ See documentation for merge_selfsigs_main, merge_selfsigs_subkey
+ and fixup_uidnode for exactly which fields are updated. */
static void
merge_selfsigs (KBNODE keyblock)
{
\f
-/* See whether the key fits our requirements and in case we do not
- * request the primary key, select a suitable subkey.
- *
- * Returns: True when a suitable key has been found.
- *
- * We have to distinguish four cases: FIXME!
- * 1. No usage and no primary key requested
- * Examples for this case are that we have a keyID to be used
- * for decrytion or verification.
- * 2. No usage but primary key requested
- * This is the case for all functions which work on an
- * entire keyblock, e.g. for editing or listing
- * 3. Usage and primary key requested
- * FXME
- * 4. Usage but no primary key requested
- * FIXME
- * FIXME: Tell what is going to happen here and something about the rationale
- * Note: We don't use this function if no specific usage is requested;
- * This way the getkey functions can be used for plain key listings.
- *
- * CTX ist the keyblock we are investigating, if FOUNDK is not NULL this
- * is the key we actually found by looking at the keyid or a fingerprint and
- * may either point to the primary or one of the subkeys. */
-static int
-finish_lookup (GETKEY_CTX ctx)
+/* See whether the key satisfies any additional requirements specified
+ in CTX. If so, return 1 and set CTX->FOUND_KEY to an appropriate
+ key or subkey. Otherwise, return 0 if there was no appropriate
+ key.
+
+ In case the primary key is not required, select a suitable subkey.
+ We need the primary key if PUBKEY_USAGE_CERT is set in
+ CTX->REQ_USAGE or we are in PGP6 or PGP7 mode and PUBKEY_USAGE_SIG
+ is set in CTX->REQ_USAGE.
+
+ If any of PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT
+ are set in CTX->REQ_USAGE, we filter by the key's function.
+ Concretely, if PUBKEY_USAGE_SIG and PUBKEY_USAGE_CERT are set, then
+ we only return a key if it is (at least) either a signing or a
+ certification key.
+
+ If CTX->REQ_USAGE is set, then we reject any keys that are not good
+ (i.e., valid, not revoked, not expired, etc.). This allows the
+ getkey functions to be used for plain key listings.
+
+ Sets the matched key's user id field (pk->user_id) to the user id
+ that matched the low-level search criteria or NULL.
+
+
+ This function needs to handle several different cases:
+
+ 1. No requested usage and no primary key requested
+ Examples for this case are that we have a keyID to be used
+ for decrytion or verification.
+ 2. No usage but primary key requested
+ This is the case for all functions which work on an
+ entire keyblock, e.g. for editing or listing
+ 3. Usage and primary key requested
+ FXME
+ 4. Usage but no primary key requested
+ FIXME
+
+ */
+static KBNODE
+finish_lookup (GETKEY_CTX ctx, KBNODE keyblock)
{
- KBNODE keyblock = ctx->keyblock;
KBNODE k;
+
+ /* If CTX->EXACT is set, the key or subkey that actually matched the
+ low-level search criteria. */
KBNODE foundk = NULL;
+ /* The user id (if any) that matched the low-level search criteria. */
PKT_user_id *foundu = NULL;
+
#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
unsigned int req_usage = (ctx->req_usage & USAGE_MASK);
+
/* Request the primary if we're certifying another key, and also
if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
do not understand signatures made by a signing subkey. PGP 8
does. */
int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
((PGP6 || PGP7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
+
+ u32 curtime = make_timestamp ();
+
u32 latest_date;
KBNODE latest_key;
- u32 curtime = make_timestamp ();
assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
- ctx->found_key = NULL;
-
if (ctx->exact)
+ /* Get the key or subkey that matched the low-level search
+ criteria. */
{
for (k = keyblock; k; k = k->next)
{
}
}
+ /* Get the user id that matched that low-level search criteria. */
for (k = keyblock; k; k = k->next)
{
if ((k->flag & 2))
latest_date = 0;
latest_key = NULL;
- /* Do not look at subkeys if a certification key is requested. */
- if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_prim)
+ /* Set latest_key to the latest (the one with the most recent
+ timestamp) good (valid, not revoked, not expired, etc.) subkey.
+
+ Don't bother if we are only looking for a primary key or we need
+ an exact match and the exact match is not a subkey. */
+ if (req_prim || (foundk && foundk->pkt->pkttype != PKT_PUBLIC_SUBKEY))
+ ;
+ else
{
KBNODE nextk;
+
/* Either start a loop or check just this one subkey. */
for (k = foundk ? foundk : keyblock; k; k = nextk)
{
PKT_public_key *pk;
- nextk = k->next;
+
+ if (foundk)
+ /* If FOUNDK is not NULL, then only consider that exact
+ key, i.e., don't iterate. */
+ nextk = NULL;
+ else
+ nextk = k->next;
+
if (k->pkt->pkttype != PKT_PUBLIC_SUBKEY)
continue;
- if (foundk)
- nextk = NULL; /* what a hack */
+
pk = k->pkt->pkt.public_key;
if (DBG_LOOKUP)
log_debug ("\tchecking subkey %08lX\n",
}
}
- /* Okay now try the primary key unless we want an exact
- * key ID match on a subkey */
- if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim)
+ /* Check if the primary key is ok (valid, not revoke, not expire,
+ matches requested usage) if:
+
+ - we didn't find an appropriate subkey and we're not doing an
+ exact search,
+
+ - we're doing an exact match and the exact match was the
+ primary key, or,
+
+ - we're just considering the primary key. */
+ if ((!latest_key && !ctx->exact) || foundk == keyblock || req_prim)
{
PKT_public_key *pk;
if (DBG_LOOKUP && !foundk && !req_prim)
{
if (DBG_LOOKUP)
log_debug ("\tno suitable key found - giving up\n");
- return 0; /* Not found. */
+ return NULL; /* Not found. */
}
found:
pk->user_id = scopy_user_id (foundu);
}
- ctx->found_key = latest_key;
-
if (latest_key != keyblock && opt.verbose)
{
char *tempkeystr =
cache_user_id (keyblock);
- return 1; /* Found. */
+ return latest_key ? latest_key : keyblock; /* Found. */
}
}
-/* The main function to lookup a key. On success the found keyblock
- is stored at RET_KEYBLOCK and also in CTX. If WANT_SECRET is true
- a corresponding secret key is required. */
+/* A high-level function to lookup keys.
+
+ This function builds on top of the low-level keydb API. It first
+ searches the database using the description stored in CTX->ITEMS,
+ then it filters the results using CTX and, finally, if WANT_SECRET
+ is set, it ignores any keys for which no secret key is available.
+
+ Note: this function skips any legacy keys unless the search mode is
+ KEYDB_SEARCH_MODE_FIRST or KEYDB_SEARCH_MODE_NEXT or we are
+ searching by fingerprint.
+
+ Unlike the low-level search functions, this function also merges
+ all of the self-signed data into the keys, subkeys and user id
+ packets (see the merge_selfsigs for details).
+
+ On success the key's keyblock is stored at *RET_KEYBLOCK. */
static int
-lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret)
+lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
+ int want_secret)
{
int rc;
int no_suitable_key = 0;
+ KBNODE keyblock = NULL;
+ KBNODE found_key = NULL;
for (;;)
{
rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL);
- /* Skip over all legacy keys but only if they are not requested
- by fingerprints.
+
+ /* Skip over all legacy keys unless we are iterating over all
+ keys in the DB or the key was requested by its fingerprint.
+
Fixme: The lower level keydb code should actually do that but
then it would be harder to report the number of skipped
legacy keys during import. */
if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
- && !(ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
+ && !(ctx->nitems && (ctx->items->mode == KEYDB_SEARCH_MODE_FIRST
+ || ctx->items->mode == KEYDB_SEARCH_MODE_NEXT))
&& !search_modes_are_fingerprint (ctx))
continue;
if (rc)
break;
- /* If we are searching for the first key we have to make sure
- that the next iteration does not do an implicit reset.
- This can be triggered by an empty key ring. */
+ /* If we are iterating over the entire database, then we need to
+ change from KEYDB_SEARCH_MODE_FIRST, which does an implicit
+ reset, to KEYDB_SEARCH_MODE_NEXT, which gets the next
+ record. */
if (ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
ctx->items->mode = KEYDB_SEARCH_MODE_NEXT;
- rc = keydb_get_keyblock (ctx->kr_handle, &ctx->keyblock);
+ rc = keydb_get_keyblock (ctx->kr_handle, &keyblock);
if (rc)
{
log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
goto skip;
}
- if (want_secret && agent_probe_any_secret_key (NULL, ctx->keyblock))
+ if (want_secret && agent_probe_any_secret_key (NULL, keyblock))
goto skip; /* No secret key available. */
/* Warning: node flag bits 0 and 1 should be preserved by
* merge_selfsigs. For secret keys, premerge transferred the
* keys to the keyblock. */
- merge_selfsigs (ctx->keyblock);
- if (finish_lookup (ctx))
+ merge_selfsigs (keyblock);
+ found_key = finish_lookup (ctx, keyblock);
+ if (found_key)
{
no_suitable_key = 0;
goto found;
skip:
/* Release resources and continue search. */
- release_kbnode (ctx->keyblock);
- ctx->keyblock = NULL;
- /* We need to disable the caching so that for an exact key
- search we won't get the result back from the cache and thus
- end up in an endless loop. Disabling the cache here at this
- point is sufficient because even a cached result won't be
- used after a call to keydb_disable_caching. */
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ /* The keyblock cache ignores the current "file position".
+ Thus, if we request the next result and the cache matches
+ (and it will since it is what we just looked for), we'll get
+ the same entry back! We can avoid this infinite loop by
+ disabling the cache. */
keydb_disable_caching (ctx->kr_handle);
}
if (!rc)
{
- *ret_keyblock = ctx->keyblock; /* Return the keyblock. */
- ctx->keyblock = NULL;
+ *ret_keyblock = keyblock; /* Return the keyblock. */
+ keyblock = NULL;
}
else if ((gpg_err_code (rc) == GPG_ERR_NOT_FOUND
|| gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) && no_suitable_key)
else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
rc = want_secret? GPG_ERR_NO_SECKEY : GPG_ERR_NO_PUBKEY;
- release_kbnode (ctx->keyblock);
- ctx->keyblock = NULL;
+ release_kbnode (keyblock);
+
+ if (ret_found_key)
+ {
+ if (! rc)
+ *ret_found_key = found_key;
+ else
+ *ret_found_key = NULL;
+ }
return rc;
}
-
-
-/*
- * Enumerate certain secret keys. Caller must use these procedure:
- * 1) create a void pointer and initialize it to NULL
- * 2) pass this void pointer by reference to this function
- * and provide space for the secret key (pass a buffer for sk)
- * 3) call this function as long as it does not return an error.
- * The error code GPG_ERR_EOF indicates the end of the listing.
- * 4) Always call this function a last time with SK set to NULL,
- * so that can free it's context.
- */
+/* For documentation see keydb.h. */
gpg_error_t
enum_secret_keys (void **context, PKT_public_key *sk)
{
int pass = 0;
char *p;
- /* Try it two times; second pass reads from key resources. */
+ /* Try it two times; second pass reads from the database. */
do
{
for (r = user_id_db; r; r = r->next)
}
-/* Return a user id from the caching by looking it up using the FPR
- which must be of size MAX_FINGERPRINT_LEN. */
+/* Return the user id for a key designated by its fingerprint, FPR,
+ which must be MAX_FINGERPRINT_LEN bytes in size. Note: the
+ returned string, which must be freed using xfree, may not be NUL
+ terminated. To determine the length of the string, you must use
+ *RN. */
char *
get_user_id_byfpr (const byte *fpr, size_t *rn)
{
char *p;
int pass = 0;
- /* Try it two times; second pass reads from key resources. */
+ /* Try it two times; second pass reads from the database. */
do
{
for (r = user_id_db; r; r = r->next)
}
}
}
- while (++pass < 2 && !get_pubkey_byfpr (NULL, fpr));
+ while (++pass < 2
+ && !get_pubkey_byfprint (NULL, NULL, fpr, MAX_FINGERPRINT_LEN));
p = xstrdup (user_id_not_found_utf8 ());
*rn = strlen (p);
return p;
}
+/* Like get_user_id_byfpr, but convert the string to the native
+ encoding. The returned string needs to be freed. Unlike
+ get_user_id_byfpr, the returned string is NUL terminated. */
char *
get_user_id_byfpr_native (const byte *fpr)
{
+/* For documentation see keydb.h. */
KEYDB_HANDLE
get_ctx_handle (GETKEY_CTX ctx)
{
#endif
else if (ascii_strcasecmp (tok, "pka") == 0)
akl->type = AKL_PKA;
+ else if (ascii_strcasecmp (tok, "dane") == 0)
+ akl->type = AKL_DANE;
else if ((akl->spec = parse_keyserver_uri (tok, 1)))
akl->type = AKL_SPEC;
else
}
-/* Return true if a secret key or secret subkey is available for one
- of the public keys in KEYBLOCK. */
-int
-have_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
-{
- kbnode_t node;
-
- for (node = keyblock; node; node = node->next)
- if ((node->pkt->pkttype == PKT_PUBLIC_KEY
- || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- && !agent_probe_secret_key (ctrl, node->pkt->pkt.public_key))
- return 1;
- return 0;
-}
-
-
-/* Return true if a secret key is available for the public key with
- * the given KEYID. This is just a fast check and does not tell us
- * whether the secret key is valid. It merely tells os whether there
- * is some secret key. */
+/* For documentation see keydb.h. */
int
have_secret_key_with_kid (u32 *keyid)
{
for (node = keyblock; node; node = node->next)
{
/* Bit 0 of the flags is set if the search found the key
- using that key or subkey. */
+ using that key or subkey. Note: a search will only ever
+ match a single key or subkey. */
if ((node->flag & 1))
{
assert (node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
- if (!agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
- {
- result = 1;
- break;
- }
+ if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key) == 0)
+ /* Not available. */
+ result = 1;
+ else
+ result = 0;
+
+ break;
}
}
release_kbnode (keyblock);
oFakedSystemTime,
oNoAutostart,
oPrintPKARecords,
+ oPrintDANERecords,
oNoop
};
ARGPARSE_s_n (oLegacyListMode, "legacy-list-mode", "@"),
ARGPARSE_s_n (oListOnly, "list-only", "@"),
ARGPARSE_s_n (oPrintPKARecords, "print-pka-records", "@"),
+ ARGPARSE_s_n (oPrintDANERecords, "print-dane-records", "@"),
ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
ARGPARSE_s_n (oIgnoreValidFrom, "ignore-valid-from", "@"),
ARGPARSE_s_n (oIgnoreCrcError, "ignore-crc-error", "@"),
case oFixedListMode: /* Dummy */ break;
case oLegacyListMode: opt.legacy_list_mode = 1; break;
case oPrintPKARecords: opt.print_pka_records = 1; break;
+ case oPrintDANERecords: opt.print_dane_records = 1; break;
case oListOnly: opt.list_only=1; break;
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
if (argc != 1 )
wrong_args("--gen-key user-id");
username = make_username (fname);
- quick_generate_keypair (username);
+ quick_generate_keypair (ctrl, username);
xfree (username);
break;
*r_url = NULL;
return gpg_error (GPG_ERR_NOT_FOUND);
}
+
+gpg_error_t
+export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
+ kbnode_t *r_keyblock, void **r_data, size_t *r_datalen)
+{
+ (void)ctrl;
+ (void)keyspec;
+ (void)options;
+
+ *r_keyblock = NULL;
+ *r_data = NULL;
+ *r_datalen = 0;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+}
/****************
- * A data structre to hold information about the external position
+ * A data structure to hold information about the external position
* of a keyblock.
*/
struct keyblock_pos_struct {
/*-- getkey.c --*/
+
+/* Cache a copy of a public key in the public key cache. PK is not
+ cached if caching is disabled (via getkey_disable_caches), if
+ PK->FLAGS.DONT_CACHE is set, we don't know how to derive a key id
+ from the public key (e.g., unsupported algorithm), or a key with
+ the key id is already in the cache.
+
+ The public key packet is copied into the cache using
+ copy_public_key. Thus, any secret parts are not copied, for
+ instance.
+
+ This cache is filled by get_pubkey and is read by get_pubkey and
+ get_pubkey_fast. */
void cache_public_key( PKT_public_key *pk );
+
+/* Disable and drop the public key cache (which is filled by
+ cache_public_key and get_pubkey). Note: there is currently no way
+ to reenable this cache. */
void getkey_disable_caches(void);
+
+/* Return the public key with the key id KEYID and store it in *PK.
+ The resources in *PK should be released using
+ release_public_key_parts(). This function also stores a copy of
+ the public key in the user id cache (see cache_public_key).
+
+ If PK is NULL, this function just stores the public key in the
+ cache and returns the usual return code.
+
+ PK->REQ_USAGE (which is a mask of PUBKEY_USAGE_SIG,
+ PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT) is passed through to the
+ lookup function. If this is non-zero, only keys with the specified
+ usage will be returned. As such, it is essential that
+ PK->REQ_USAGE be correctly initialized!
+
+ Returns 0 on success, GPG_ERR_NO_PUBKEY if there is no public key
+ with the specified key id, or another error code if an error
+ occurs.
+
+ If the data was not read from the cache, then the self-signed data
+ has definately been merged into the public key using
+ merge_selfsigs. */
int get_pubkey( PKT_public_key *pk, u32 *keyid );
+
+/* Similar to get_pubkey, but it does not take PK->REQ_USAGE into
+ account nor does it merge in the self-signed data. This function
+ also only considers primary keys. It is intended to be used as a
+ quick check of the key to avoid recursion. It should only be used
+ in very certain cases. Like get_pubkey and unlike any of the other
+ lookup functions, this function also consults the user id cache
+ (see cache_public_key).
+
+ Return the public key in *PK. The resources in *PK should be
+ released using release_public_key_parts(). */
int get_pubkey_fast ( PKT_public_key *pk, u32 *keyid );
+
+/* Return the key block for the key with key id KEYID or NULL, if an
+ error occurs. Use release_kbnode() to release the key block.
+
+ The self-signed data has already been merged into the public key
+ using merge_selfsigs. */
KBNODE get_pubkeyblock( u32 *keyid );
+
+/* Find a public key identified by the name NAME.
+
+ If name appears to be a valid valid RFC822 mailbox (i.e., email
+ address) and auto key lookup is enabled (no_akl == 0), then the
+ specified auto key lookup methods (--auto-key-lookup) are used to
+ import the key into the local keyring. Otherwise, just the local
+ keyring is consulted.
+
+
+ If RETCTX is not NULL, then the constructed context is returned in
+ *RETCTX so that getpubkey_next can be used to get subsequent
+ results. In this case, getkey_end() must be used to free the
+ search context. If RETCTX is not NULL, then RET_KDBHD must be
+ NULL.
+
+ If PK is not NULL, the public key of the first result is returned
+ in *PK. Note: PK->REQ_USAGE must be valid!!! PK->REQ_USAGE is
+ passed through to the lookup function and is a mask of
+ PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT. If this
+ is non-zero, only keys with the specified usage will be returned.
+ Note: The self-signed data has already been merged into the public
+ key using merge_selfsigs. Free *PK by calling
+ release_public_key_parts (or, if PK was allocated using xfree, you
+ can use free_public_key, which calls release_public_key_parts(PK)
+ and then xfree(PK)).
+
+ NAME is a string, which is turned into a search query using
+ classify_user_id.
+
+ If RET_KEYBLOCK is not NULL, the keyblock is returned in
+ *RET_KEYBLOCK. This should be freed using release_kbnode().
+
+ If RET_KDBHD is not NULL, then the new database handle used to
+ conduct the search is returned in *RET_KDBHD. This can be used to
+ get subsequent results using keydb_search_next or to modify the
+ returned record. Note: in this case, no advanced filtering is done
+ for subsequent results (e.g., PK->REQ_USAGE is not respected).
+ Unlike RETCTX, this is always returned.
+
+ If INCLUDE_UNUSABLE is set, then unusable keys (see the
+ documentation for skip_unusable for an exact definition) are
+ skipped unless they are looked up by key id or by fingerprint.
+
+ If NO_AKL is set, then the auto key locate functionality is
+ disabled and only the local key ring is considered. Note: the
+ local key ring is consulted even if local is not in the
+ --auto-key-locate option list!
+
+ This function returns 0 on success. Otherwise, an error code is
+ returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
+ (if want_secret is set) is returned if the key is not found. */
int get_pubkey_byname (ctrl_t ctrl,
- GETKEY_CTX *rx, PKT_public_key *pk, const char *name,
+ GETKEY_CTX *retctx, PKT_public_key *pk,
+ const char *name,
KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd,
int include_unusable, int no_akl );
-int get_pubkey_bynames( GETKEY_CTX *rx, PKT_public_key *pk,
- strlist_t names, KBNODE *ret_keyblock );
-int get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock );
-void get_pubkey_end( GETKEY_CTX ctx );
+
+/* Return the public key with the key id KEYID and store it in *PK.
+ The resources should be released using release_public_key_parts().
+
+ Unlike other lookup functions, PK may not be NULL. PK->REQ_USAGE
+ is passed through to the lookup function and is a mask of
+ PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT. Thus, it
+ must be valid! If this is non-zero, only keys with the specified
+ usage will be returned.
+
+ Returns 0 on success. If a public key with the specified key id is
+ not found or a secret key is not available for that public key, an
+ error code is returned. Note: this function ignores legacy keys.
+ An error code is also return if an error occurs.
+
+ The self-signed data has already been merged into the public key
+ using merge_selfsigs. */
gpg_error_t get_seckey (PKT_public_key *pk, u32 *keyid);
-gpg_error_t get_pubkey_byfpr (PKT_public_key *pk, const byte *fpr);
+
+/* Lookup a key with the specified fingerprint.
+
+ If PK is not NULL, the public key of the first result is returned
+ in *PK. Note: this function does an exact search and thus the
+ returned public key may be a subkey rather than the primary key.
+ Note: The self-signed data has already been merged into the public
+ key using merge_selfsigs. Free *PK by calling
+ release_public_key_parts (or, if PK was allocated using xfree, you
+ can use free_public_key, which calls release_public_key_parts(PK)
+ and then xfree(PK)).
+
+ If PK->REQ_USAGE is set, it is used to filter the search results.
+ (Thus, if PK is not NULL, PK->REQ_USAGE must be valid!!!) See the
+ documentation for finish_lookup to understand exactly how this is
+ used.
+
+ If R_KEYBLOCK is not NULL, then the first result's keyblock is
+ returned in *R_KEYBLOCK. This should be freed using
+ release_kbnode().
+
+ FPRINT is a byte array whose contents is the fingerprint to use as
+ the search term. FPRINT_LEN specifies the length of the
+ fingerprint (in bytes). Currently, only 16 and 20-byte
+ fingerprints are supported. */
int get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock,
const byte *fprint, size_t fprint_len);
+
+/* This function is similar to get_pubkey_byfprint, but it doesn't
+ merge the self-signed data into the public key and subkeys or into
+ the user ids. It also doesn't add the key to the user id cache.
+ Further, this function ignores PK->REQ_USAGE.
+
+ This function is intended to avoid recursion and, as such, should
+ only be used in very specific situations.
+
+ Like get_pubkey_byfprint, PK may be NULL. In that case, this
+ function effectively just checks for the existence of the key. */
int get_pubkey_byfprint_fast (PKT_public_key *pk,
const byte *fprint, size_t fprint_len);
-int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
- size_t fprint_len );
/* Return whether a secret key is available for the public key with
- key id KEYID. Note: this is just a fast check and does not tell us
- whether the secret key is valid; this check merely indicates
- whether there is some secret key with the specified key id. */
+ key id KEYID. This function ignores legacy keys. Note: this is
+ just a fast check and does not tell us whether the secret key is
+ valid; this check merely indicates whether there is some secret key
+ with the specified key id. */
int have_secret_key_with_kid (u32 *keyid);
-gpg_error_t get_seckey_byname (PKT_public_key *pk, const char *name);
-
-gpg_error_t get_seckey_byfprint (PKT_public_key *pk,
- const byte *fprint, size_t fprint_len);
-gpg_error_t get_seckeyblock_byfprint (kbnode_t *ret_keyblock,
- const byte *fprint, size_t fprint_len);
-
+/* Look up a secret key.
+
+ If PK is not NULL, the public key of the first result is returned
+ in *PK. Note: PK->REQ_USAGE must be valid!!! If PK->REQ_USAGE is
+ set, it is used to filter the search results. See the
+ documentation for finish_lookup to understand exactly how this is
+ used. Note: The self-signed data has already been merged into the
+ public key using merge_selfsigs. Free *PK by calling
+ release_public_key_parts (or, if PK was allocated using xfree, you
+ can use free_public_key, which calls release_public_key_parts(PK)
+ and then xfree(PK)).
+
+ If --default-key was set, then the specified key is looked up. (In
+ this case, the default key is returned even if it is considered
+ unusable. See the documentation for skip_unusable for exactly what
+ this means.)
+
+ Otherwise, this initiates a DB scan that returns all keys that are
+ usable (see previous paragraph for exactly what usable means) and
+ for which a secret key is available.
+
+ This function returns the first match. Additional results can be
+ returned using getkey_next. */
+gpg_error_t get_seckey_default (PKT_public_key *pk);
+
+/* Search for keys matching some criteria.
+
+ If RETCTX is not NULL, then the constructed context is returned in
+ *RETCTX so that getpubkey_next can be used to get subsequent
+ results. In this case, getkey_end() must be used to free the
+ search context. If RETCTX is not NULL, then RET_KDBHD must be
+ NULL.
+
+ If PK is not NULL, the public key of the first result is returned
+ in *PK. Note: PK->REQ_USAGE must be valid!!! If PK->REQ_USAGE is
+ set, it is used to filter the search results. See the
+ documentation for finish_lookup to understand exactly how this is
+ used. Note: The self-signed data has already been merged into the
+ public key using merge_selfsigs. Free *PK by calling
+ release_public_key_parts (or, if PK was allocated using xfree, you
+ can use free_public_key, which calls release_public_key_parts(PK)
+ and then xfree(PK)).
+
+ If NAMES is not NULL, then a search query is constructed using
+ classify_user_id on each of the strings in the list. (Recall: the
+ database does an OR of the terms, not an AND.) If NAMES is
+ NULL, then all results are returned.
+
+ If WANT_SECRET is set, then only keys with an available secret key
+ (either locally or via key registered on a smartcard) are returned.
+
+ This function does not skip unusable keys (see the documentation
+ for skip_unusable for an exact definition).
+
+ If RET_KEYBLOCK is not NULL, the keyblock is returned in
+ *RET_KEYBLOCK. This should be freed using release_kbnode().
+
+ This function returns 0 on success. Otherwise, an error code is
+ returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
+ (if want_secret is set) is returned if the key is not found. */
gpg_error_t getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk,
strlist_t names, int want_secret,
kbnode_t *ret_keyblock);
+
+/* Search for keys matching some criteria.
+
+ If RETCTX is not NULL, then the constructed context is returned in
+ *RETCTX so that getpubkey_next can be used to get subsequent
+ results. In this case, getkey_end() must be used to free the
+ search context. If RETCTX is not NULL, then RET_KDBHD must be
+ NULL.
+
+ If PK is not NULL, the public key of the first result is returned
+ in *PK. Note: PK->REQ_USAGE must be valid!!! If PK->REQ_USAGE is
+ set, it is used to filter the search results. See the
+ documentation for finish_lookup to understand exactly how this is
+ used. Note: The self-signed data has already been merged into the
+ public key using merge_selfsigs. Free *PK by calling
+ release_public_key_parts (or, if PK was allocated using xfree, you
+ can use free_public_key, which calls release_public_key_parts(PK)
+ and then xfree(PK)).
+
+ If NAME is not NULL, then a search query is constructed using
+ classify_user_id on the string. In this case, even unusable keys
+ (see the documentation for skip_unusable for an exact definition of
+ unusable) are returned. Otherwise, if --default-key was set, then
+ that key is returned (even if it is unusable). If neither of these
+ conditions holds, then the first usable key is returned.
+
+ If WANT_SECRET is set, then only keys with an available secret key
+ (either locally or via key registered on a smartcard) are returned.
+
+ This function does not skip unusable keys (see the documentation
+ for skip_unusable for an exact definition).
+
+ If RET_KEYBLOCK is not NULL, the keyblock is returned in
+ *RET_KEYBLOCK. This should be freed using release_kbnode().
+
+ This function returns 0 on success. Otherwise, an error code is
+ returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
+ (if want_secret is set) is returned if the key is not found.
+
+ FIXME: We also have the get_pubkey_byname function which has a
+ different semantic. Should be merged with this one. */
gpg_error_t getkey_byname (getkey_ctx_t *retctx, PKT_public_key *pk,
const char *name, int want_secret,
kbnode_t *ret_keyblock);
+
+/* Return the next search result.
+
+ If PK is not NULL, the public key of the next result is returned in
+ *PK. Note: The self-signed data has already been merged into the
+ public key using merge_selfsigs. Free *PK by calling
+ release_public_key_parts (or, if PK was allocated using xfree, you
+ can use free_public_key, which calls release_public_key_parts(PK)
+ and then xfree(PK)).
+
+ The self-signed data has already been merged into the public key
+ using merge_selfsigs. */
gpg_error_t getkey_next (getkey_ctx_t ctx, PKT_public_key *pk,
kbnode_t *ret_keyblock);
+
+/* Release any resources used by a key listing content. This must be
+ called on the context returned by, e.g., getkey_byname. */
void getkey_end (getkey_ctx_t ctx);
+/* Return the database handle used by this context. The context still
+ owns the handle. */
+KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx);
+
+/* Enumerate some secret keys (specifically, those specified with
+ --default-key and --try-secret-key). Use the following procedure:
+
+ 1) Initialize a void pointer to NULL
+ 2) Pass a reference to this pointer to this function (content)
+ and provide space for the secret key (sk)
+ 3) Call this function as long as it does not return an error (or
+ until you are done). The error code GPG_ERR_EOF indicates the
+ end of the listing.
+ 4) Call this function a last time with SK set to NULL,
+ so that can free it's context.
+
+ In pseudo-code:
+
+ void *ctx = NULL;
+ PKT_public_key *sk = xmalloc_clear (sizeof (*sk));
+ gpg_error_t err;
+
+ while ((err = enum_secret_keys (&ctx, sk)))
+ {
+ // Process SK.
+
+ if (done)
+ break;
+
+ free_public_key (sk);
+ sk = xmalloc_clear (sizeof (*sk));
+ }
+
+ // Release any resources used by CTX.
+ enum_secret_keys (&ctx, NULL);
+ free_public_key (sk);
+
+ if (gpg_err_code (err) != GPG_ERR_EOF)
+ ; // An error occured.
+ */
gpg_error_t enum_secret_keys (void **context, PKT_public_key *pk);
+/* Set the mainkey_id fields for all keys in KEYBLOCK. This is
+ usually done by merge_selfsigs but at some places we only need the
+ main_kid not a full merge. The function also guarantees that all
+ pk->keyids are computed. */
void setup_main_keyids (kbnode_t keyblock);
+
+/* KEYBLOCK corresponds to a public key block. This function merges
+ much of the information from the self-signed data into the public
+ key, public subkey and user id data structures. If you use the
+ high-level search API (e.g., get_pubkey) for looking up key blocks,
+ then you don't need to call this function. This function is
+ useful, however, if you change the keyblock, e.g., by adding or
+ removing a self-signed data packet. */
void merge_keys_and_selfsig( KBNODE keyblock );
+
char*get_user_id_string_native( u32 *keyid );
char*get_long_user_id_string( u32 *keyid );
char*get_user_id( u32 *keyid, size_t *rn );
char*get_user_id_native( u32 *keyid );
char *get_user_id_byfpr (const byte *fpr, size_t *rn);
char *get_user_id_byfpr_native (const byte *fpr);
-KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx);
+
void release_akl(void);
int parse_auto_key_locate(char *options);
#include "i18n.h"
#include "keyserver-internal.h"
#include "call-agent.h"
+#include "host2net.h"
static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig,
int verbose);
/*
- * Print information about a signature, check it and return true
- * if the signature is okay. NODE must be a signature packet.
+ * Print information about a signature, check it and return true if
+ * the signature is okay. NODE must be a signature packet. With
+ * EXTENDED set all possible signature list options will always be
+ * printed.
*/
static int
print_and_check_one_sig (KBNODE keyblock, KBNODE node,
int *inv_sigs, int *no_key, int *oth_err,
- int *is_selfsig, int print_without_key)
+ int *is_selfsig, int print_without_key, int extended)
{
PKT_signature *sig = node->pkt->pkt.signature;
int rc, sigrc;
sig->flags.expired ? 'X' : ' ',
(sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
0) ? '0' +
- sig->trust_depth : ' ', keystr (sig->keyid),
+ sig->trust_depth : ' ',
+ keystr (sig->keyid),
datestr_from_sig (sig));
- if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
+ if ((opt.list_options & LIST_SHOW_SIG_EXPIRE) || extended )
tty_printf (" %s", expirestr_from_sig (sig));
tty_printf (" ");
if (sigrc == '%')
else if (*is_selfsig)
{
tty_printf (is_rev ? _("[revocation]") : _("[self-signature]"));
+ if (extended && sig->flags.chosen_selfsig)
+ tty_printf ("*");
}
else
{
}
tty_printf ("\n");
- if (sig->flags.policy_url && (opt.list_options & LIST_SHOW_POLICY_URLS))
+ if (sig->flags.policy_url
+ && ((opt.list_options & LIST_SHOW_POLICY_URLS) || extended))
show_policy_url (sig, 3, 0);
- if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
+ if (sig->flags.notation
+ && ((opt.list_options & LIST_SHOW_NOTATIONS) || extended))
show_notation (sig, 3, 0,
((opt.
list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0) +
((opt.
list_options & LIST_SHOW_USER_NOTATIONS) ? 2 : 0));
- if (sig->flags.pref_ks && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
+ if (sig->flags.pref_ks
+ && ((opt.list_options & LIST_SHOW_KEYSERVER_URLS) || extended))
show_keyserver_url (sig, 3, 0);
+
+ if (extended)
+ {
+ PKT_public_key *pk = keyblock->pkt->pkt.public_key;
+ const unsigned char *s;
+
+ s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
+ if (s && *s)
+ tty_printf (" [primary]\n");
+
+ s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+ if (s && buf32_to_u32 (s))
+ tty_printf (" [expires: %s]\n",
+ isotimestamp (pk->timestamp + buf32_to_u32 (s)));
+ }
}
return (sigrc == '!');
* Returns true if error found.
*/
static int
-check_all_keysigs (KBNODE keyblock, int only_selected)
+check_all_keysigs (KBNODE keyblock, int only_selected, int only_selfsigs)
{
KBNODE kbctx;
KBNODE node;
int mis_selfsig = 0;
int selected = !only_selected;
int anyuid = 0;
+ u32 keyid[2];
for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
{
- if (node->pkt->pkttype == PKT_USER_ID)
+ if (node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ if (only_selfsigs)
+ keyid_from_pk (node->pkt->pkt.public_key, keyid);
+ }
+ else if (node->pkt->pkttype == PKT_USER_ID)
{
PKT_user_id *uid = node->pkt->pkt.user_id;
|| node->pkt->pkt.signature->sig_class == 0x30))
{
int selfsig;
-
- if (print_and_check_one_sig (keyblock, node, &inv_sigs,
- &no_key, &oth_err, &selfsig, 0))
+ PKT_signature *sig = node->pkt->pkt.signature;
+
+ if (only_selfsigs
+ && !(keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]))
+ ; /* Not a selfsig but we want only selfsigs - skip. */
+ else if (print_and_check_one_sig (keyblock, node, &inv_sigs,
+ &no_key, &oth_err, &selfsig,
+ 0, only_selfsigs))
{
if (selfsig)
has_selfsig = 1;
break;
case cmdCHECK:
- check_all_keysigs (keyblock, count_selected_uids (keyblock));
+ check_all_keysigs (keyblock, count_selected_uids (keyblock),
+ !strcmp (arg_string, "selfsig"));
break;
case cmdSIGN:
int n1;
if (!(n1 = count_selected_uids (keyblock)))
- tty_printf (_("You must select at least one user ID.\n"));
+ {
+ tty_printf (_("You must select at least one user ID.\n"));
+ if (!opt.expert)
+ tty_printf (_("(Use the '%s' command.)\n"), "uid");
+ }
else if (real_uids_left (keyblock) < 1)
tty_printf (_("You can't delete the last user ID!\n"));
else if (cpr_get_answer_is_yes
int n1;
if (!(n1 = count_selected_uids (keyblock)))
- tty_printf (_("You must select at least one user ID.\n"));
+ {
+ tty_printf (_("You must select at least one user ID.\n"));
+ if (!opt.expert)
+ tty_printf (_("(Use the '%s' command.)\n"), "uid");
+ }
else if (menu_delsig (keyblock))
{
/* No redisplay here, because it may scroll away some
int n1;
if (!(n1 = count_selected_keys (keyblock)))
- tty_printf (_("You must select at least one key.\n"));
+ {
+ tty_printf (_("You must select at least one key.\n"));
+ if (!opt.expert)
+ tty_printf (_("(Use the '%s' command.)\n"), "key");
+ }
else if (!cpr_get_answer_is_yes
("keyedit.remove.subkey.okay",
n1 > 1 ? _("Do you really want to delete the "
int n1;
if (!(n1 = count_selected_uids (keyblock)))
- tty_printf (_("You must select at least one user ID.\n"));
+ {
+ tty_printf (_("You must select at least one user ID.\n"));
+ if (!opt.expert)
+ tty_printf (_("(Use the '%s' command.)\n"), "uid");
+ }
else if (cpr_get_answer_is_yes
("keyedit.revoke.uid.okay",
n1 > 1 ? _("Really revoke all selected user IDs? (y/N) ")
else
valid = print_and_check_one_sig (pub_keyblock, node,
&inv_sig, &no_key, &other_err,
- &selfsig, 1);
+ &selfsig, 1, 0);
if (valid)
{
static int nzip_prefs;
static int mdc_available,ks_modify;
-static void do_generate_keypair( struct para_data_s *para,
+static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
struct output_control_s *outctrl, int card );
static int write_keyblock (iobuf_t out, kbnode_t node);
static gpg_error_t gen_card_key (int algo, int keyno, int is_primary,
}
static int
-proc_parameter_file( struct para_data_s *para, const char *fname,
+proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname,
struct output_control_s *outctrl, int card )
{
struct para_data_s *r;
append_to_parameter (para, r);
}
- do_generate_keypair( para, outctrl, card );
+ do_generate_keypair (ctrl, para, outctrl, card );
return 0;
}
* Note, that string parameters are expected to be in UTF-8
*/
static void
-read_parameter_file( const char *fname )
+read_parameter_file (ctrl_t ctrl, const char *fname )
{
static struct { const char *name;
enum para_name key;
outctrl.keygen_flags |= KEYGEN_FLAG_TRANSIENT_KEY;
else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
outctrl.lnr = lnr;
- if (proc_parameter_file( para, fname, &outctrl, 0 ))
+ if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
print_status_key_not_created
(get_parameter_value (para, pHANDLE));
release_parameter_list( para );
if( keywords[i].key == pKEYTYPE && para ) {
outctrl.lnr = lnr;
- if (proc_parameter_file( para, fname, &outctrl, 0 ))
+ if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
print_status_key_not_created
(get_parameter_value (para, pHANDLE));
release_parameter_list( para );
}
else if( para ) {
outctrl.lnr = lnr;
- if (proc_parameter_file( para, fname, &outctrl, 0 ))
+ if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
print_status_key_not_created (get_parameter_value (para, pHANDLE));
}
* Unattended generation of a standard key.
*/
void
-quick_generate_keypair (const char *uid)
+quick_generate_keypair (ctrl_t ctrl, const char *uid)
{
gpg_error_t err;
struct para_data_s *para = NULL;
para = r;
}
- proc_parameter_file (para, "[internal]", &outctrl, 0);
+ proc_parameter_file (ctrl, para, "[internal]", &outctrl, 0);
leave:
release_parameter_list (para);
}
if (opt.batch)
{
- read_parameter_file( fname );
+ read_parameter_file (ctrl, fname);
return;
}
r->next = para;
para = r;
- proc_parameter_file (para, "[internal]", &outctrl, !!card_serialno);
+ proc_parameter_file (ctrl, para, "[internal]", &outctrl, !!card_serialno);
release_parameter_list (para);
}
static void
-do_generate_keypair (struct para_data_s *para,
+do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
struct output_control_s *outctrl, int card)
{
gpg_error_t err;
{
tty_printf (_("public and secret key created and signed.\n") );
tty_printf ("\n");
- list_keyblock_direct (pub_root, 0, 1, 1);
+ list_keyblock_direct (ctrl, pub_root, 0, 1, 1);
}
#include "mbox-util.h"
-static void list_all (int, int);
-static void list_one (strlist_t names, int secret, int mark_secret);
+static void list_all (ctrl_t, int, int);
+static void list_one (ctrl_t ctrl,
+ strlist_t names, int secret, int mark_secret);
static void locate_one (ctrl_t ctrl, strlist_t names);
static void print_card_serialno (const char *serialno);
};
-static void list_keyblock (kbnode_t keyblock, int secret, int has_secret,
+static void list_keyblock (ctrl_t ctrl,
+ kbnode_t keyblock, int secret, int has_secret,
int fpr, struct keylist_context *listctx);
if (locate_mode)
locate_one (ctrl, list);
else if (!list)
- list_all (0, opt.with_secret);
+ list_all (ctrl, 0, opt.with_secret);
else
- list_one (list, 0, opt.with_secret);
+ list_one (ctrl, list, 0, opt.with_secret);
}
check_trustdb_stale ();
if (!list)
- list_all (1, 0);
+ list_all (ctrl, 1, 0);
else /* List by user id */
- list_one (list, 1, 0);
+ list_one (ctrl, list, 1, 0);
}
void
MARK_SECRET is true secret keys are indicated in a public key
listing. */
static void
-list_all (int secret, int mark_secret)
+list_all (ctrl_t ctrl, int secret, int mark_secret)
{
KEYDB_HANDLE hd;
KBNODE keyblock = NULL;
}
}
merge_keys_and_selfsig (keyblock);
- list_keyblock (keyblock, secret, any_secret, opt.fingerprint,
+ list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
&listctx);
}
release_kbnode (keyblock);
static void
-list_one (strlist_t names, int secret, int mark_secret)
+list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
{
int rc = 0;
KBNODE keyblock = NULL;
if (rc)
{
log_error ("error reading key: %s\n", gpg_strerror (rc));
- get_pubkey_end (ctx);
+ getkey_end (ctx);
return;
}
es_putc ('-', es_stdout);
es_putc ('\n', es_stdout);
}
- list_keyblock (keyblock, secret, mark_secret, opt.fingerprint, &listctx);
+ list_keyblock (ctrl,
+ keyblock, secret, mark_secret, opt.fingerprint, &listctx);
release_kbnode (keyblock);
}
while (!getkey_next (ctx, NULL, &keyblock));
{
do
{
- list_keyblock (keyblock, 0, 0, opt.fingerprint, &listctx);
+ list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
release_kbnode (keyblock);
}
- while (ctx && !get_pubkey_next (ctx, NULL, &keyblock));
- get_pubkey_end (ctx);
+ while (ctx && !getkey_next (ctx, NULL, &keyblock));
+ getkey_end (ctx);
ctx = NULL;
}
}
/* Print IPGP cert records instead of a standard key listing. */
static void
-list_keyblock_pka (kbnode_t keyblock)
+list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
{
kbnode_t kbctx;
kbnode_t node;
PKT_public_key *pk;
char pkstrbuf[PUBKEY_STRING_SIZE];
char *hexfpr;
+ char *hexkeyblock = NULL;
+ unsigned int hexkeyblocklen;
+ const char *s;
/* Get the keyid from the keyblock. */
node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
pk = node->pkt->pkt.public_key;
- es_fprintf (es_stdout, ";; pub %s/%s %s\n;; ",
+ /* First print an overview of the key with all userids. */
+ es_fprintf (es_stdout, ";; pub %s/%s %s\n;;",
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
keystr_from_pk (pk), datestr_from_pk (pk));
print_fingerprint (NULL, pk, 10);
+ for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+
+ if (pk && (uid->is_expired || uid->is_revoked)
+ && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
+ continue;
+
+ es_fputs (";; uid ", es_stdout);
+ print_utf8_buffer (es_stdout, uid->name, uid->len);
+ es_putc ('\n', es_stdout);
+ }
+ }
+
+
hexfpr = hexfingerprint (pk);
+ if (opt.print_dane_records)
+ {
+ kbnode_t dummy_keyblock;
+ void *data;
+ size_t datalen;
+ gpg_error_t err;
+
+ /* We do not have an export fucntion which allows to pass a
+ keyblock, thus we need to search the key again. */
+ err = export_pubkey_buffer (ctrl, hexfpr,
+ EXPORT_DANE_FORMAT,
+ &dummy_keyblock, &data, &datalen);
+ release_kbnode (dummy_keyblock);
+ if (!err)
+ {
+ hexkeyblocklen = datalen;
+ hexkeyblock = bin2hex (data, datalen, NULL);
+ if (!hexkeyblock)
+ err = gpg_error_from_syserror ();
+ xfree (data);
+ ascii_strlwr (hexkeyblock);
+ }
+ if (err)
+ log_error (_("skipped \"%s\": %s\n"), hexfpr, gpg_strerror (err));
+
+ }
for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
{
&& !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
continue;
- es_fputs (";; uid ", es_stdout);
- print_utf8_buffer (es_stdout, uid->name, uid->len);
- es_putc ('\n', es_stdout);
mbox = mailbox_from_userid (uid->name);
if (mbox && (p = strchr (mbox, '@')))
{
- char hashbuf[20];
+ char hashbuf[32];
char *hash;
unsigned int len;
*p++ = 0;
- es_fprintf (es_stdout, "$ORIGIN _pka.%s.\n", p);
- gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
- hash = zb32_encode (hashbuf, 8*20);
- if (hash)
+ if (opt.print_pka_records)
{
- len = strlen (hexfpr)/2;
- es_fprintf (es_stdout,
- "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n",
- hash, 6 + len, len, hexfpr);
- xfree (hash);
+ es_fprintf (es_stdout, "$ORIGIN _pka.%s.\n; %s\n; ",
+ p, hexfpr);
+ print_utf8_buffer (es_stdout, uid->name, uid->len);
+ es_putc ('\n', es_stdout);
+ gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
+ mbox, strlen (mbox));
+ hash = zb32_encode (hashbuf, 8*20);
+ if (hash)
+ {
+ len = strlen (hexfpr)/2;
+ es_fprintf (es_stdout,
+ "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n",
+ hash, 6 + len, len, hexfpr);
+ xfree (hash);
+ }
+ }
+ if (opt.print_dane_records && hexkeyblock)
+ {
+ es_fprintf (es_stdout, "$ORIGIN _openpgpkey.%s.\n; %s\n; ",
+ p, hexfpr);
+ print_utf8_buffer (es_stdout, uid->name, uid->len);
+ es_putc ('\n', es_stdout);
+ gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf,
+ mbox, strlen (mbox));
+ hash = bin2hex (hashbuf, 28, NULL);
+ if (hash)
+ {
+ ascii_strlwr (hash);
+ es_fprintf (es_stdout, "%s TYPE61 \\# %u (\n",
+ hash, hexkeyblocklen);
+ xfree (hash);
+ s = hexkeyblock;
+ for (;;)
+ {
+ es_fprintf (es_stdout, "\t%.64s\n", s);
+ if (strlen (s) < 64)
+ break;
+ s += 64;
+ }
+ es_fputs ("\t)\n", es_stdout);
+ }
}
}
xfree (mbox);
}
es_putc ('\n', es_stdout);
+ xfree (hexkeyblock);
xfree (hexfpr);
}
}
static void
-list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr,
+list_keyblock (ctrl_t ctrl,
+ KBNODE keyblock, int secret, int has_secret, int fpr,
struct keylist_context *listctx)
{
reorder_keyblock (keyblock);
- if (opt.print_pka_records)
- list_keyblock_pka (keyblock);
+ if (opt.print_pka_records || opt.print_dane_records)
+ list_keyblock_pka (ctrl, keyblock);
else if (opt.with_colons)
list_keyblock_colon (keyblock, secret, has_secret, fpr);
else
/* Public function used by keygen to list a keyblock. */
void
-list_keyblock_direct (kbnode_t keyblock, int secret, int has_secret, int fpr)
+list_keyblock_direct (ctrl_t ctrl,
+ kbnode_t keyblock, int secret, int has_secret, int fpr)
{
struct keylist_context listctx;
memset (&listctx, 0, sizeof (listctx));
- list_keyblock (keyblock, secret, has_secret, fpr, &listctx);
+ list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx);
keylist_context_release (&listctx);
}
for (n=any_skip?0:ndesc; n < ndesc; n++)
{
if (desc[n].skipfnc
- && desc[n].skipfnc (desc[n].skipfncvalue, aki, uid))
+ && desc[n].skipfnc (desc[n].skipfncvalue, aki, uid_no))
break;
}
if (n == ndesc)
struct keyserver_spec *keyserver);
int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid,
struct keyserver_spec *keyserver);
-int keyserver_refresh (ctrl_t ctrl, strlist_t users);
+gpg_error_t keyserver_refresh (ctrl_t ctrl, strlist_t users);
gpg_error_t keyserver_search (ctrl_t ctrl, strlist_t tokens);
int keyserver_fetch (ctrl_t ctrl, strlist_t urilist);
-int keyserver_import_cert (ctrl_t ctrl, const char *name,
+int keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
unsigned char **fpr,size_t *fpr_len);
gpg_error_t keyserver_import_pka (ctrl_t ctrl, const char *name,
unsigned char **fpr,size_t *fpr_len);
/* Note this is different than the original HKP refresh. It allows
usernames to refresh only part of the keyring. */
-int
+gpg_error_t
keyserver_refresh (ctrl_t ctrl, strlist_t users)
{
- int rc,count,numdesc,fakev3=0;
+ gpg_error_t err;
+ int count, numdesc;
+ int fakev3 = 0;
KEYDB_SEARCH_DESC *desc;
unsigned int options=opt.keyserver_options.import_options;
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
fakev3=1;
- rc=keyidlist(users,&desc,&numdesc,fakev3);
- if(rc)
- return rc;
+ err = keyidlist (users, &desc, &numdesc, fakev3);
+ if (err)
+ return err;
count=numdesc;
if(count>0)
/* We use the keyserver structure we parsed out before.
Note that a preferred keyserver without a scheme://
will be interpreted as hkp:// */
- rc = keyserver_get (ctrl, &desc[i], 1, keyserver, NULL, NULL);
- if(rc)
+ err = keyserver_get (ctrl, &desc[i], 1, keyserver, NULL, NULL);
+ if (err)
log_info(_("WARNING: unable to refresh key %s"
" via %s: %s\n"),keystr_from_desc(&desc[i]),
- keyserver->uri,gpg_strerror (rc));
+ keyserver->uri,gpg_strerror (err));
else
{
/* We got it, so mark it as NONE so we don't try and
if(count>0)
{
- if(opt.keyserver && !opt.quiet)
- {
- if(count==1)
- log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
- else
- log_info(_("refreshing %d keys from %s\n"),
- count,opt.keyserver->uri);
- }
+ char *tmpuri;
+
+ err = gpg_dirmngr_ks_list (ctrl, &tmpuri);
+ if (!err)
+ {
+ if (!opt.quiet)
+ {
+ if(count==1)
+ log_info(_("refreshing 1 key from %s\n"), tmpuri);
+ else
+ log_info(_("refreshing %d keys from %s\n"), count, tmpuri);
+ }
+ xfree (tmpuri);
- rc=keyserver_get (ctrl, desc, numdesc, NULL, NULL, NULL);
+ err = keyserver_get (ctrl, desc, numdesc, NULL, NULL, NULL);
+ }
}
xfree(desc);
if(!(opt.keyserver_options.import_options&IMPORT_FAST))
check_or_update_trustdb ();
- return rc;
+ return err;
}
if (!tokens)
return 0; /* Return success if no patterns are given. */
- if (!opt.keyserver)
- {
- log_error (_("no keyserver known (use option --keyserver)\n"));
- return gpg_error (GPG_ERR_NO_KEYSERVER);
- }
-
/* Write global options */
/* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */
}
-/* Import key in a CERT or pointed to by a CERT */
+/* Import key in a CERT or pointed to by a CERT. In DANE_MODE fetch
+ the certificate using the DANE method. */
int
-keyserver_import_cert (ctrl_t ctrl,
- const char *name,unsigned char **fpr,size_t *fpr_len)
+keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
+ unsigned char **fpr,size_t *fpr_len)
{
gpg_error_t err;
- char *domain,*look,*url;
+ char *look,*url;
estream_t key;
+ look = xstrdup(name);
- look=xstrdup(name);
-
- domain=strrchr(look,'@');
- if(domain)
- *domain='.';
+ if (!dane_mode)
+ {
+ char *domain = strrchr (look,'@');
+ if (domain)
+ *domain='.';
+ }
- err = gpg_dirmngr_dns_cert (ctrl, look, "*", &key, fpr, fpr_len, &url);
+ err = gpg_dirmngr_dns_cert (ctrl, look, dane_mode? NULL : "*",
+ &key, fpr, fpr_len, &url);
if (err)
;
else if (key)
{
int armor_status=opt.no_armor;
- /* CERTs are always in binary format */
+ /* CERTs and DANE records are always in binary format */
opt.no_armor=1;
err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
u32 parse_expire_string(const char *string);
u32 ask_expire_interval(int object,const char *def_expire);
u32 ask_expiredate(void);
-void quick_generate_keypair (const char *uid);
+void quick_generate_keypair (ctrl_t ctrl, const char *uid);
void generate_keypair (ctrl_t ctrl, int full, const char *fname,
const char *card_serialno, int card_backup_key);
int keygen_set_std_prefs (const char *string,int personal);
void secret_key_list (ctrl_t ctrl, strlist_t list );
void print_subpackets_colon(PKT_signature *sig);
void reorder_keyblock (KBNODE keyblock);
-void list_keyblock_direct (kbnode_t keyblock, int secret, int has_secret,
- int fpr);
+void list_keyblock_direct (ctrl_t ctrl, kbnode_t keyblock, int secret,
+ int has_secret, int fpr);
void print_fingerprint (estream_t fp, PKT_public_key *pk, int mode);
void print_revokers (estream_t fp, PKT_public_key *pk);
void show_policy_url(PKT_signature *sig,int indent,int mode);
if (result == -1)
;
+ else if (!result
+ && !opt.ignore_mdc_error
+ && !pkt->pkt.encrypted->mdc_method
+ && openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
+ && c->dek->algo != CIPHER_ALGO_TWOFISH)
+ {
+ /* The message has been decrypted but has no MDC despite that a
+ modern cipher (blocklength != 64 bit, except for Twofish) is
+ used and the option to ignore MDC errors is not used: To
+ avoid attacks changing an MDC message to a non-MDC message,
+ we fail here. */
+ log_error (_("WARNING: message was not integrity protected\n"));
+ if (opt.verbose > 1)
+ log_info ("decryption forced to fail\n");
+ write_status (STATUS_DECRYPTION_FAILED);
+ }
else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
&& opt.ignore_mdc_error))
{
/****************
- * Copy the option file skeleton to the given directory.
+ * Copy the option file skeleton for NAME to the given directory.
+ * Returns true if the new option file has any option.
*/
-static void
-copy_options_file (const char *destdir)
+static int
+copy_options_file (const char *destdir, const char *name)
{
const char *datadir = gnupg_datadir ();
char *fname;
int any_option = 0;
if (opt.dry_run)
- return;
+ return 0;
- fname = xmalloc (strlen(datadir) + strlen(destdir) + 15);
- strcpy (stpcpy(fname, datadir), DIRSEP_S "gpg-conf" SKELEXT);
+ fname = xstrconcat (datadir, DIRSEP_S, name, "-conf", SKELEXT, NULL);
src = fopen (fname, "r");
if (src && is_secured_file (fileno (src)))
{
{
log_info (_("can't open '%s': %s\n"), fname, strerror(errno));
xfree(fname);
- return;
+ return 0;
}
- strcpy (stpcpy (fname, destdir), DIRSEP_S GPGEXT_GPG EXTSEP_S "conf");
+ xfree (fname);
+ fname = xstrconcat (destdir, DIRSEP_S, name, EXTSEP_S, "conf", NULL);
oldmask = umask (077);
if (is_secured_filename (fname))
log_info (_("can't create '%s': %s\n"), fname, strerror(errno) );
fclose (src);
xfree (fname);
- return;
+ return 0;
}
while ((c = getc (src)) != EOF)
fclose (src);
log_info (_("new configuration file '%s' created\n"), fname);
- if (any_option)
- log_info (_("WARNING: options in '%s'"
- " are not yet active during this run\n"),
- fname);
xfree (fname);
+ return any_option;
}
fname, strerror(errno) );
else if (!opt.quiet )
log_info ( _("directory '%s' created\n"), fname );
- copy_options_file( fname );
+
+ /* Note that we also copy a dirmngr.conf file here. This is
+ because gpg is likely the first invoked tool and thus creates
+ the directory. */
+ copy_options_file (fname, DIRMNGR_NAME);
+ if (copy_options_file (fname, GPG_NAME))
+ log_info (_("WARNING: options in '%s'"
+ " are not yet active during this run\n"),
+ fname);
}
}
int fingerprint; /* list fingerprints */
int list_sigs; /* list signatures */
int print_pka_records;
+ int print_dane_records;
int no_armor;
int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
int def_cipher_algo;
AKL_LOCAL,
AKL_CERT,
AKL_PKA,
+ AKL_DANE,
AKL_LDAP,
AKL_KEYSERVER,
AKL_SPEC
#define EXPORT_RESET_SUBKEY_PASSWD (1<<3)
#define EXPORT_MINIMAL (1<<4)
#define EXPORT_CLEAN (1<<5)
-#define EXPORT_SEXP_FORMAT (1<<6)
+#define EXPORT_DANE_FORMAT (1<<6)
#define LIST_SHOW_PHOTOS (1<<0)
#define LIST_SHOW_POLICY_URLS (1<<1)
#lock-once
-# GnuPG can send and receive keys to and from a keyserver. These
-# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
-# support).
-#
-# Example HKP keyservers:
-# hkp://keys.gnupg.net
-#
-# Example LDAP keyservers:
-# ldap://pgp.surfnet.nl:11370
-#
-# Regular URL syntax applies, and you can set an alternate port
-# through the usual method:
-# hkp://keyserver.example.net:22742
-#
-# If you have problems connecting to a HKP server through a buggy http
-# proxy, you can use keyserver option broken-http-proxy (see below),
-# but first you should make sure that you have read the man page
-# regarding proxies (keyserver option honor-http-proxy)
-#
-# Most users just set the name and type of their preferred keyserver.
-# Note that most servers (with the notable exception of
-# ldap://keyserver.pgp.com) synchronize changes with each other. Note
-# also that a single server name may actually point to multiple
-# servers via DNS round-robin. hkp://keys.gnupg.net is an example of
-# such a "server", which spreads the load over a number of physical
-# servers. To see the IP address of the server actually used, you may use
-# the "--keyserver-options debug".
-
-keyserver hkp://keys.gnupg.net
-#keyserver http://http-keys.gnupg.net
-#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
# Common options for keyserver functions:
+# (Note that the --keyserver option has been moved to dirmngr.conf)
#
# include-disabled = when searching, include keys marked as "disabled"
# on the keyserver (not all keyservers support this).
int (*mksubpkt)(PKT_signature *, void *),
void *opaque,
const char *cache_nonce);
-int update_keysig_packet( PKT_signature **ret_sig,
+gpg_error_t update_keysig_packet (PKT_signature **ret_sig,
PKT_signature *orig_sig,
PKT_public_key *pk,
PKT_user_id *uid,
/* get the keyblock */
fingerprint_from_pk( pk, fingerprint, &fingerlen );
- rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen );
+ rc = get_pubkey_byfprint(NULL, &keyblock, fingerprint, fingerlen);
if( rc ) { /* that should never happen */
log_debug( "failed to get the keyblock\n");
return;
if( !opt.def_recipient_self )
return NULL;
pk = xmalloc_clear( sizeof *pk );
- i = get_seckey_byname (pk, NULL);
+ i = get_seckey_default (pk);
if( i ) {
free_public_key( pk );
return NULL;
#include "options.h"
#include "pkglue.h"
-/* Context used by the compare function. */
-struct cmp_help_context_s
-{
- PKT_signature *sig;
- gcry_md_hd_t md;
-};
int
signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
- int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
+ int *r_expired, int *r_revoked, PKT_public_key *pk )
{
- PKT_public_key *pk = xmalloc_clear( sizeof *pk );
int rc=0;
+ int pk_internal;
+
+ if (pk)
+ pk_internal = 0;
+ else
+ {
+ pk_internal = 1;
+ pk = xmalloc_clear( sizeof *pk );
+ }
if ( (rc=openpgp_md_test_algo(sig->digest_algo)) )
; /* We don't have this digest. */
if(r_expiredate)
*r_expiredate = pk->expiredate;
- rc = do_check( pk, sig, digest, r_expired, r_revoked, ret_pk );
+ rc = do_check( pk, sig, digest, r_expired, r_revoked, NULL );
/* Check the backsig. This is a 0x19 signature from the
subkey on the primary key. The idea here is that it should
}
}
- free_public_key( pk );
+ if (pk_internal || rc)
+ {
+ release_public_key_parts (pk);
+ if (pk_internal)
+ xfree (pk);
+ else
+ /* Be very sure that the caller doesn't try to use *PK. */
+ memset (pk, 0, sizeof (*pk));
+ }
if( !rc && sig->sig_class < 2 && is_status_enabled() ) {
/* This signature id works best with DLP algorithms because
gcry_md_hd_t md, int mdalgo, const char *cache_nonce)
{
gpg_error_t err;
- gcry_mpi_t frame;
byte *dp;
char *hexgrip;
}
xfree (hexgrip);
- /* Check that the signature verification worked and nothing is
- * fooling us e.g. by a bug in the signature create code or by
- * deliberately introduced faults. Because Libgcrypt 1.7 does this
- * for RSA internally there is no need to do it here again. */
- if (!err
-#if GCRYPT_VERSION_NUMBER >= 0x010700 /* Libgcrypt >= 1.7 */
- && !is_RSA (pksk->pubkey_algo)
-#endif /* Libgcrypt >= 1.7 */
- )
- {
- PKT_public_key *pk = xmalloc_clear (sizeof *pk);
-
- if (get_pubkey (pk, sig->keyid ))
- err = gpg_error (GPG_ERR_NO_PUBKEY);
- else
- {
- frame = encode_md_value (pk, md, sig->digest_algo );
- if (!frame)
- err = gpg_error (GPG_ERR_GENERAL);
- else
- err = pk_verify (pk->pubkey_algo, frame, sig->data, pk->pkey);
- gcry_mpi_release (frame);
- }
- if (err)
- log_error (_("checking created signature failed: %s\n"),
- gpg_strerror (err));
- free_public_key (pk);
- }
-
if (err)
log_error (_("signing failed: %s\n"), gpg_strerror (err));
else
*
* TODO: Merge this with make_keysig_packet.
*/
-int
+gpg_error_t
update_keysig_packet( PKT_signature **ret_sig,
PKT_signature *orig_sig,
PKT_public_key *pk,
void *opaque)
{
PKT_signature *sig;
- int rc = 0;
+ gpg_error_t rc = 0;
int digest_algo;
gcry_md_hd_t md;
/* ... but we won't make a timestamp earlier than the existing
one. */
- while(sig->timestamp<=orig_sig->timestamp)
- {
- gnupg_sleep (1);
- sig->timestamp=make_timestamp();
- }
+ {
+ int tmout = 0;
+ while(sig->timestamp<=orig_sig->timestamp)
+ {
+ if (++tmout > 5 && !opt.ignore_time_conflict)
+ {
+ rc = gpg_error (GPG_ERR_TIME_CONFLICT);
+ goto leave;
+ }
+ gnupg_sleep (1);
+ sig->timestamp=make_timestamp();
+ }
+ }
/* Note that already expired sigs will remain expired (with a
duration of 1) since build-packet.c:build_sig_subpkt_from_sig
rc = complete_sig (sig, pksk, md, NULL);
}
+ leave:
gcry_md_close (md);
if( rc )
free_seckey_enc (sig);
*r_url = NULL;
return gpg_error (GPG_ERR_NOT_FOUND);
}
+
+gpg_error_t
+export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
+ kbnode_t *r_keyblock, void **r_data, size_t *r_datalen)
+{
+ (void)ctrl;
+ (void)keyspec;
+ (void)options;
+
+ *r_keyblock = NULL;
+ *r_data = NULL;
+ *r_datalen = 0;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+}
static int
-search_skipfnc (void *opaque, u32 *kid, PKT_user_id *dummy)
+search_skipfnc (void *opaque, u32 *kid, int dummy_uid_no)
{
- (void)dummy;
+ (void)dummy_uid_no;
return test_key_hash_table ((KeyHashTable)opaque, kid);
}
g13_SOURCES = \
g13.c g13.h \
+ g13-common.c g13-common.h \
keyblob.h \
utils.c utils.h \
server.c server.h \
--- /dev/null
+/* g13-common.c - Common code for G13 modules
+ * Copyright (C) 2009, 2015 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "g13-common.h"
+#include <gcrypt.h>
+#include <assuan.h>
+#include "i18n.h"
+#include "sysutils.h"
+
+
+
+/* Global variable to keep an error count. */
+int g13_errors_seen = 0;
+
+
+
+/* Note: This function is used by signal handlers!. */
+static void
+emergency_cleanup (void)
+{
+ gcry_control (GCRYCTL_TERM_SECMEM);
+}
+
+
+/* Wrapper around gnupg_init_signals. */
+void
+g13_init_signals (void)
+{
+ gnupg_init_signals (0, emergency_cleanup);
+}
+
+
+/* Install a regular exit handler to make real sure that the secure
+ memory gets wiped out. */
+void
+g13_install_emergency_cleanup (void)
+{
+ if (atexit (emergency_cleanup))
+ {
+ log_error ("atexit failed\n");
+ g13_exit (2);
+ }
+}
+
+
+/* Use this function instead of exit() in all g13 modules. */
+void
+g13_exit (int rc)
+{
+ gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
+ if (opt.debug & DBG_MEMSTAT_VALUE)
+ {
+ gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
+ gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
+ }
+ if (opt.debug)
+ gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
+ emergency_cleanup ();
+ rc = rc? rc : log_get_errorcount(0)? 2 : g13_errors_seen? 1 : 0;
+ exit (rc);
+}
--- /dev/null
+/* g13.h - Global definitions for G13.
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ * Copyright (C) 2009, 2015 Werner Koch.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef G13_COMMON_H
+#define G13_COMMON_H
+
+#ifdef GPG_ERR_SOURCE_DEFAULT
+#error GPG_ERR_SOURCE_DEFAULT already defined
+#endif
+#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_G13
+#include <gpg-error.h>
+
+#include "../common/util.h"
+#include "../common/status.h"
+#include "../common/session-env.h"
+
+
+/* Debug values and macros. */
+#define DBG_MOUNT_VALUE 1 /* Debug mount or device stuff. */
+#define DBG_CRYPTO_VALUE 4 /* Debug low level crypto. */
+#define DBG_MEMORY_VALUE 32 /* Debug memory allocation stuff. */
+#define DBG_MEMSTAT_VALUE 128 /* Show memory statistics. */
+#define DBG_IPC_VALUE 1024 /* Debug assuan communication. */
+
+#define DBG_MOUNT (opt.debug & DBG_MOUNT_VALUE)
+#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
+#define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE)
+#define DBG_IPC (opt.debug & DBG_IPC_VALUE)
+
+/* A large struct named "opt" to keep global flags. Note that this
+ struct is used by g13 and g13-syshelp and thus some fields may only
+ make sense for one of them. */
+struct
+{
+ unsigned int debug; /* Debug flags (DBG_foo_VALUE). */
+ int verbose; /* Verbosity level. */
+ int quiet; /* Be as quiet as possible. */
+ int dry_run; /* Don't change any persistent data. */
+
+ const char *homedir; /* Configuration directory name. */
+ const char *config_filename; /* Name of the used config file. */
+
+ /* Filename of the AGENT program. */
+ const char *agent_program;
+
+ /* Filename of the GPG program. Unless set via an program option it
+ is initialzed at the first engine startup to the standard gpg
+ filename. */
+ const char *gpg_program;
+
+ /* Environment variables passed along to the engine. */
+ char *display;
+ char *ttyname;
+ char *ttytype;
+ char *lc_ctype;
+ char *lc_messages;
+ char *xauthority;
+ char *pinentry_user_data;
+ session_env_t session_env;
+
+ /* Name of the output file - FIXME: what is this? */
+ const char *outfile;
+
+} opt;
+
+
+/*-- g13-common.c --*/
+void g13_init_signals (void);
+void g13_install_emergency_cleanup (void);
+void g13_exit (int rc);
+
+/*-- server.c and g13-sh-cmd.c --*/
+gpg_error_t g13_status (ctrl_t ctrl, int no, ...) GPGRT_ATTR_SENTINEL(0);
+
+
+#endif /*G13_COMMON_H*/
/* The timer tick interval used by the idle task. */
#define TIMERTICK_INTERVAL_SEC (1)
-
-/* Global variable to keep an error count. */
-int g13_errors_seen = 0;
-
/* It is possible that we are currently running under setuid permissions. */
static int maybe_setuid = 1;
static npth_t idle_task_thread;
+/* The container type as specified on the command line. */
+static int cmdline_conttype;
+
+
\f
static void set_cmd (enum cmd_and_opt_values *ret_cmd,
enum cmd_and_opt_values new_cmd );
-static void emergency_cleanup (void);
static void start_idle_task (void);
static void join_idle_task (void);
may_coredump = disable_core_dumps ();
- gnupg_init_signals (0, emergency_cleanup);
+ g13_init_signals ();
dotlock_create (NULL, 0); /* Register locking cleanup. */
/* Setup the debug flags for all subsystems. */
set_debug ();
- /* Install a regular exit handler to make real sure that the secure
- memory gets wiped out. */
- if (atexit (emergency_cleanup))
- {
- log_error ("atexit failed\n");
- g13_exit (2);
- }
+ /* Install emergency cleanup handler. */
+ g13_install_emergency_cleanup ();
/* Terminate if we found any error until now. */
if (log_get_errorcount(0))
}
-/* Note: This function is used by signal handlers!. */
-static void
-emergency_cleanup (void)
-{
- gcry_control (GCRYCTL_TERM_SECMEM );
-}
-
-
-void
-g13_exit (int rc)
-{
- gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
- if (opt.debug & DBG_MEMSTAT_VALUE)
- {
- gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
- gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
- }
- if (opt.debug)
- gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
- emergency_cleanup ();
- rc = rc? rc : log_get_errorcount(0)? 2 : g13_errors_seen? 1 : 0;
- exit (rc);
-}
-
-
/* Store defaults into the per-connection CTRL object. */
void
g13_init_default_ctrl (struct server_control_s *ctrl)
{
- ctrl->conttype = CONTTYPE_ENCFS;
+ ctrl->conttype = cmdline_conttype? cmdline_conttype : CONTTYPE_ENCFS;
}
#ifndef G13_H
#define G13_H
-#ifdef GPG_ERR_SOURCE_DEFAULT
-#error GPG_ERR_SOURCE_DEFAULT already defined
-#endif
-#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_G13
-#include <gpg-error.h>
+#include "g13-common.h"
-#include "../common/util.h"
-#include "../common/status.h"
-#include "../common/session-env.h"
-
-/* A large struct named "opt" to keep global flags. */
-struct
-{
- unsigned int debug; /* Debug flags (DBG_foo_VALUE). */
- int verbose; /* Verbosity level. */
- int quiet; /* Be as quiet as possible. */
- int dry_run; /* Don't change any persistent data. */
-
- const char *homedir; /* Configuration directory name. */
- const char *config_filename; /* Name of the used config file. */
-
- /* Filename of the AGENT program. */
- const char *agent_program;
-
- /* Filename of the GPG program. Unless set via an program option it
- is initialzed at the first engine startup to the standard gpg
- filename. */
- const char *gpg_program;
-
- /* Environment variables passed along to the engine. */
- char *display;
- char *ttyname;
- char *ttytype;
- char *lc_ctype;
- char *lc_messages;
- char *xauthority;
- char *pinentry_user_data;
- session_env_t session_env;
-
- /* Name of the output file - FIXME: what is this? */
- const char *outfile;
-
-} opt;
-
-
-/* Debug values and macros. */
-#define DBG_MOUNT_VALUE 1 /* Debug mount or device stuff. */
-#define DBG_CRYPTO_VALUE 4 /* Debug low level crypto. */
-#define DBG_MEMORY_VALUE 32 /* Debug memory allocation stuff. */
-#define DBG_MEMSTAT_VALUE 128 /* Show memory statistics. */
-#define DBG_IPC_VALUE 1024 /* Debug assuan communication. */
-
-#define DBG_MOUNT (opt.debug & DBG_MOUNT_VALUE)
-#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
-#define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE)
-#define DBG_IPC (opt.debug & DBG_IPC_VALUE)
/* Forward declaration for an object defined in server.c. */
struct server_local_s;
};
-\f
/*-- g13.c --*/
-void g13_exit (int rc);
void g13_init_default_ctrl (struct server_control_s *ctrl);
-/*-- server.c (commonly used, thus declared here) --*/
-gpg_error_t g13_status (ctrl_t ctrl, int no, ...) GPGRT_ATTR_SENTINEL(0);
-
-
#endif /*G13_H*/
{
runner->canceled = 1; /* Mark that we canceled this one already. */
/* FIXME: This does only work if the thread emits status lines. We
- need to change the trhead to wait on an event. */
+ need to change the thread to wait on an event. */
runner->cancel_flag = 1;
/* For now we use the brutal way and kill the process. */
gnupg_kill_process (runner->pid);
struct keydb_search_desc
{
KeydbSearchMode mode;
- int (*skipfnc)(void *, u32 *, gpg_pkt_user_id_t);
+ /* Callback used to filter results. The first parameter is
+ SKIPFUNCVALUE. The second is the keyid. The third is the
+ 1-based index of the UID packet that matched the search criteria
+ (or 0, if none).
+
+ Return non-zero if the result should be skipped. */
+ int (*skipfnc)(void *, u32 *, int);
void *skipfncvalue;
const unsigned char *sn;
int snlen; /* -1 := sn is a hex string */
if (desc[n].skipfnc
&& blob_get_first_keyid (blob, kid)
- && desc[n].skipfnc (desc[n].skipfncvalue, kid, NULL))
- break;
+ && desc[n].skipfnc (desc[n].skipfncvalue, kid, uid_no))
+ break;
}
if (n == ndesc)
break; /* got it */
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
+
# Parts? Peces? ivb
msgid "secret key parts are not available\n"
msgstr "parts de la clau secreta no estan disponbles\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "s'està escrivint la clau secreta a «%s»\n"
msgid "You must select at least one user ID.\n"
msgstr "Heu de seleccionar al menys un ID d'usuari.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "No podeu esborrar l'últim ID d'usuari!\n"
msgid "Keyring"
msgstr "Anell"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "es descarta «%s»: %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Empremtes digital de la clau primària:"
msgid "refreshing %d keys from %s\n"
msgstr "s'està sol·licitant la clau %08lX de %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "no es coneix cap servidor de claus (useu l'opció \"--keyserver\")\n"
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "no s'ha trobat la clau «%s»: %s\n"
msgid "key not found on keyserver\n"
msgstr "no s'ha trobat la clau «%s»: %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "no es coneix cap servidor de claus (useu l'opció \"--keyserver\")\n"
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "s'està sol·licitant la clau %08lX de %s\n"
msgstr "s'està sol·licitant la clau %08lX de %s\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "es descarta «%s»: %s\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "s'està cercant «%s» al servidor HKP %s\n"
"El xifratge IDEA no està disponible, s'intentarà utilitzar optimistament %s "
"en el seu lloc\n"
-msgid "decryption okay\n"
-msgstr "desxifratge correcte\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "AVÍS: el missatge no tenia protecció d'integritat\n"
+msgid "decryption okay\n"
+msgstr "desxifratge correcte\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "AVÍS: el missatge xifrat ha estat manipulat!\n"
"AVÍS: no s'ha pogut %%-expandir l'url de política (massa gran). S'utilitza "
"no expandida.\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s signatura de: «%s»\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "error en la lectura de «%s»: %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr "%zubitový hash není platný pro %ubitový %s klíč\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "kontrola vytvořeného podpisu se nepodařila: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "tajné části klíče nejsou dostupné\n"
msgid "remove as much as possible from key during export"
msgstr "odstranit při exportu z klíče vše, co lze"
-msgid "export keys in an S-expression based format"
-msgstr "exportovat klíče ve formátu postaveném na S-výrazech"
-
msgid "exporting secret keys not allowed\n"
msgstr "exportování tajného klíče není povoleno\n"
msgid "You must select at least one user ID.\n"
msgstr "Musíte vybrat alespoň jeden id uživatele.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Nemůžete smazat poslední id uživatele!\n"
msgid "Keyring"
msgstr "Soubor klíčů (keyring)"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "přeskočen „%s“: %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Otisk primárního klíče:"
msgid "refreshing %d keys from %s\n"
msgstr "aktualizuji %d klíčů z %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "žádný server klíčů není znám (použijte volbu --keyserver)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "klíč „%s“ nebyl na serveru klíčů nalezen\n"
msgid "key not found on keyserver\n"
msgstr "klíč nebyl na serveru klíčů nalezen\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "žádný server klíčů není znám (použijte volbu --keyserver)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "požaduji klíč %s ze %s server %s\n"
msgstr "požaduji klíč %s z %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "přeskočen „%s“: %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "posílám klíč %s na %s server %s\n"
"algoritmus IDEA není dostupný; optimisticky se jej pokusíme nahradit "
"algoritmem %s\n"
-msgid "decryption okay\n"
-msgstr "dešifrování o.k.\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "VAROVÁNÍ: zpráva nebyla chráněna proti porušení její integrity\n"
+msgid "decryption okay\n"
+msgstr "dešifrování o.k.\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "VAROVÁNÍ: se zašifrovanou zprávou bylo manipulováno!\n"
"Použity neexpandované.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "kontrola vytvořeného podpisu se nepodařila: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s podpis od: „%s“\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "chyba při získávání „%s“: status HTTP je %u\n"
+# Poslední argument je název protokolu
+#, fuzzy
+#| msgid "CRL access not possible due to disabled %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "Přístup k CRL není možný kvůli vypnutému %s\n"
+
#, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "dohledání certifikátu nemožné kvůli vypnutému %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr "|SOUBOR|pro HKP přes TLS použije certifikáty CA ze SOUBORU"
+msgid "route all network traffic via TOR"
+msgstr ""
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
msgid "response from server too large; limit is %d bytes\n"
msgstr "odpověď serveru je příliš velká, limit je %d bajtů\n"
+#, fuzzy
+#| msgid "OCSP request not possible due to disabled HTTP\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr "OCSP dotaz není možný, protože HTTP je zakázáno\n"
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr "OCSP dotaz není možný, protože HTTP je zakázáno\n"
msgid "Options controlling the interactivity and enforcement"
msgstr "Volby ovlivňující interaktivitu a vymáhání"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "Volby ovlivňující bezpečnost"
+
msgid "Configuration for HTTP servers"
msgstr "Nastavení HTTP serverů"
msgid "GPG for S/MIME"
msgstr "GPG pro S/MIME"
-msgid "Directory Manager"
-msgstr "Správce adresářů"
+msgid "Key Acquirer"
+msgstr ""
msgid "PIN and Passphrase Entry"
msgstr "Zadávání kódu PIN a hesla"
"Syntaxe: gpg-check-pattern [volby] soubor_se_vzorem\n"
"Prověří heslo zadané na vstupu proti souboru se vzory\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "exportovat klíče ve formátu postaveném na S-výrazech"
+
+#~ msgid "Directory Manager"
+#~ msgstr "Správce adresářů"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr "přepnout mezi výpisem seznamu tajných a veřejných klíčů"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr "en %u-bit-hash er ikke gyldig for en %u-bit %s-nøgle\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "kontrol af oprettet underskrift mislykkedes: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "hemmelige nøgledele er ikke tilgængelige\n"
msgid "remove as much as possible from key during export"
msgstr "fjern så meget som muligt fra nøglen under eksport"
-msgid "export keys in an S-expression based format"
-msgstr "eksporter nøgler i et S-udtryksbaseret format"
-
msgid "exporting secret keys not allowed\n"
msgstr "eksport af hemmelige nøgler er ikke tilladt\n"
msgid "You must select at least one user ID.\n"
msgstr "Du skal vælge mindst en bruger-id.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Du kan ikke slette den sidste bruger-id!\n"
msgid "Keyring"
msgstr "Nøglering"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "udelod »%s«: %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Primær nøglefingeraftryk:"
msgid "refreshing %d keys from %s\n"
msgstr "opdaterer %d nøgler fra %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "ingen kendt nøgleserver (brug tilvalget --keyserver)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "nøgle »%s« blev ikke fundet på nøgleserver\n"
msgid "key not found on keyserver\n"
msgstr "nøgle blev ikke fundet på nøgleserver\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "ingen kendt nøgleserver (brug tilvalget --keyserver)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "anmoder om nøgle %s fra %s server %s\n"
msgstr "anmoder om nøgle %s fra %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "udelod »%s«: %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "sender nøgle %s til %s server %s\n"
msgstr ""
"IDEA-chiffer utilgængelig, forsøger optimistisk at bruge %s i stedet for\n"
-msgid "decryption okay\n"
-msgstr "afkryptering okay\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "ADVARSEL: besked var ikke integritetsbeskyttet\n"
+msgid "decryption okay\n"
+msgstr "afkryptering okay\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "ADVARSEL: krypteret besked er blevet manipuleret!\n"
"Bruger uden udvidelse.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "kontrol af oprettet underskrift mislykkedes: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s-underskrift fra: »%s«\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "fejl ved kørsel af »%s«: afslutningsstatus %d\n"
+#, fuzzy
+#| msgid "certificate `%s' not found: %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "certifikat »%s« blev ikke fundet: %s\n"
+
#, fuzzy, c-format
#| msgid "certificate `%s' not found: %s\n"
msgid "certificate search not possible due to disabled %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr "Fejl: Privat DO er for lang (begrænsningen er %d tegn).\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr "Tilvalg der kontrollerer interaktiviteten og tvang"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "Tilvalg der kontrollerer sikkerheden"
+
msgid "Configuration for HTTP servers"
msgstr "Konfiguration for HTTP-servere"
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
"Syntaks: gpg-check-pattern [tilvalg] mønsterfil\n"
"Kontroller en adgangsfrase angivet på stdin mod mønsterfilen\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "eksporter nøgler i et S-udtryksbaseret format"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr "skift mellem hemmelig og offentlig nøglevisning"
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2015-08-20 16:27+0200\n"
+"PO-Revision-Date: 2015-10-06 12:50+0200\n"
"Last-Translator: Werner Koch <wk@gnupg.org>\n"
"Language-Team: German <de@li.org>\n"
"Language: de\n"
msgstr ""
"Ein %zu-Bit Hashverfahren ist für einen %u-Bit %s Schlüssel nicht möglich\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "Prüfung der erstellten Signatur ist fehlgeschlagen: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "Teile des geheimen Schlüssels sind nicht vorhanden\n"
msgid "remove as much as possible from key during export"
msgstr "Während des Exports soviel wie möglich vom Schlüssel entfernen"
-msgid "export keys in an S-expression based format"
-msgstr "Exportiere Schlüssel in einem auf S-Ausdrücken basierenden Format"
-
msgid "exporting secret keys not allowed\n"
msgstr "Exportieren geheimer Schlüssel ist nicht erlaubt\n"
msgid "You must select at least one user ID.\n"
msgstr "Zumindestens eine User-ID muß ausgewählt werden.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr "(Benutze den '%s' Befehl.)\n"
+
msgid "You can't delete the last user ID!\n"
msgstr "Die letzte User-ID kann nicht gelöscht werden!\n"
msgid "Keyring"
msgstr "Schlüsselbund"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "übersprungen \"%s\": %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Haupt-Fingerabdruck ="
msgid "refreshing %d keys from %s\n"
msgstr "%d Schlüssel werden per %s aktualisiert\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "Kein Schlüsselserver bekannt (Option --keyserver verwenden)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "Schlüssel \"%s\" wurde auf dem Schlüsselserver nicht gefunden\n"
msgid "key not found on keyserver\n"
msgstr "Schlüssel wurde auf dem Schlüsselserver nicht gefunden\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "Kein Schlüsselserver bekannt (Option --keyserver verwenden)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "fordere Schlüssel %s von %s-Server %s an\n"
msgstr "fordere Schlüssel %s von %s an\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "übersprungen \"%s\": %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "sende Schlüssel %s auf den %s-Server %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "IDEA-Verschlüsselung nicht verfügbar; versucht wird stattdessen %s\n"
-msgid "decryption okay\n"
-msgstr "Entschlüsselung erfolgreich\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr ""
"WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected)\n"
+msgid "decryption okay\n"
+msgstr "Entschlüsselung erfolgreich\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "WARNUNG: Verschlüsselte Botschaft ist manipuliert worden!\n"
"(zu groß). Verwende \"unerweiterte\".\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "Prüfung der erstellten Signatur ist fehlgeschlagen: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s Signatur von: \"%s\"\n"
#, c-format
msgid "can't access '%s': %s\n"
-msgstr "kann aus `%s' nicht zugreifen: %s\n"
+msgstr "kann auf `%s' nicht zugreifen: %s\n"
#, c-format
msgid "%s: directory does not exist!\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "Fehler beim Holen von `%s': HTTP Status %u\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "CRL Zugriff ist im TOR Modus nicht möglich\n"
+
#, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "Zertifikatsuche ist nicht möglich da %s abgeschaltet ist\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr "|DATEI|Benutze die CA Zertifikate in DATEI für HKP über TLS"
+msgid "route all network traffic via TOR"
+msgstr "Netzzugriff nur über TOR"
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
msgid "response from server too large; limit is %d bytes\n"
msgstr "Antwort vom Server zu lang; die Grenze sind %d Bytes\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr "OCSP Anfrage ist im TOR Modus nicht möglich\n"
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr "OCSP Anfrage nicht möglich da HTTP abgeschaltet ist\n"
msgid "Options controlling the interactivity and enforcement"
msgstr "Optionen zur Einstellung der Interaktivität und Geltendmachung"
+msgid "Options controlling the use of TOR"
+msgstr "Optionen zur Benutzung von TOR"
+
msgid "Configuration for HTTP servers"
msgstr "Konfiguration für HTTP Server"
msgid "GPG for S/MIME"
msgstr "GPG für S/MIME"
-msgid "Directory Manager"
-msgstr "Directory Manager"
+msgid "Key Acquirer"
+msgstr "Schlüsselzugriff"
msgid "PIN and Passphrase Entry"
msgstr "PIN und Passphrase Eingabe"
"Syntax: gpg-check-pattern [optionen] Musterdatei\n"
"Die von stdin gelesene Passphrase gegen die Musterdatei prüfen\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "Exportiere Schlüssel in einem auf S-Ausdrücken basierenden Format"
+
+#~ msgid "Directory Manager"
+#~ msgstr "Directory Manager"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr ""
#~ "Umschalten zwischen dem Auflisten geheimer und öffentlicher Schlüssel"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "áðÝôõ÷å ï Ýëåã÷ïò ôçò õðïãñáöÞò ðïõ äçìéïõñãÞèçêå: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "ôìÞìáôá ôïõ ìõóôéêïý êëåéäéïý äåí åßíáé äéáèÝóéìá\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
msgid "You must select at least one user ID.\n"
msgstr "ÐñÝðåé íá åðéëÝîåôå ôï ëéãüôåñï Ýíá user ID.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Äåí ìðïñåßôå íá äéáãñÜøåôå ôï ôåëåõôáßï user ID!\n"
msgid "Keyring"
msgstr "ÊëåéäïèÞêç"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "ðáñáëåßöèçêå `%s': %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Áðïôýðùìá ðñùôåýùí êëåéäéïý:"
msgid "refreshing %d keys from %s\n"
msgstr "áßôçóç êëåéäéïý %08lX áðü ôï %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "ôï êëåéäß '%s' äå âñÝèçêå: %s\n"
msgid "key not found on keyserver\n"
msgstr "ôï êëåéäß '%s' äå âñÝèçêå: %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "áßôçóç êëåéäéïý %08lX áðü ôï %s\n"
msgstr "áßôçóç êëåéäéïý %08lX áðü ôï %s\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "ðáñáëåßöèçêå `%s': %s\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "áíáæÞôçóç ôïõ \"%s\" áðü ôï HKP äéáêïìéóôÞ %s\n"
"Êñõðôáëãüñéèìïò IDEA ìç äéáèÝóéìïò, áéóéüäïîç ðñïóðÜèåéá ÷ñÞóçò ôïõ\n"
"%s áíôßèåôá\n"
-msgid "decryption okay\n"
-msgstr "áðïêñõðôïãñÜöçóç OK\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: äåí ðñïóôáôåýôçêå ç áêåñáéüôçôá ôïõ ìçýìáôïò\n"
+msgid "decryption okay\n"
+msgstr "áðïêñõðôïãñÜöçóç OK\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï êñõðôïãñáöçìÝíï ìÞíõìá Ý÷åé ðåéñá÷èåß!\n"
"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá óôç %%-áíÜðôõîç ôïõ url ðïëéôéêÞò (ðïëõ ìåãÜëï).\n"
" ×ñÞóç ìç áíåðôõãìÝíïõ.\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "áðÝôõ÷å ï Ýëåã÷ïò ôçò õðïãñáöÞò ðïõ äçìéïõñãÞèçêå: %s\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s õðïãñáöÞ áðü: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "ôï êëåéäß '%s' äå âñÝèçêå: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "ôï êëåéäß '%s' äå âñÝèçêå: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "sekretaj þlosilpartoj ne estas disponataj\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "skribas sekretan þlosilon al '%s'\n"
msgid "You must select at least one user ID.\n"
msgstr "Vi devas elekti almenaý unu uzantidentigilon.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Vi ne povas forviþi la lastan uzantidentigilon!\n"
msgid "Keyring"
msgstr "Þlosilaro"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "ignoris '%s': %s\n"
+
#, fuzzy
msgid "Primary key fingerprint:"
msgstr "listigi þlosilojn kaj fingroþpurojn"
msgid "refreshing %d keys from %s\n"
msgstr "petas la þlosilon %08lX de HKP-þlosilservilo %s ...\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "neniu þlosilservilo konata (uzu la opcion --keyserver)\n"
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "þlosilo '%s' ne trovita: %s\n"
msgid "key not found on keyserver\n"
msgstr "þlosilo '%s' ne trovita: %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "neniu þlosilservilo konata (uzu la opcion --keyserver)\n"
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "petas la þlosilon %08lX de HKP-þlosilservilo %s ...\n"
msgstr "petas la þlosilon %08lX de HKP-þlosilservilo %s ...\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "ignoris '%s': %s\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "seræas pri \"%s\" æe HKP-servilo %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "Æifro IDEA ne disponata, optimisme provas uzi %s anstataýe\n"
-msgid "decryption okay\n"
-msgstr "malæifrado sukcesis\n"
-
#, fuzzy
msgid "WARNING: message was not integrity protected\n"
msgstr "AVERTO: nenio estis eksportita\n"
+msgid "decryption okay\n"
+msgstr "malæifrado sukcesis\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "AVERTO: æifrita mesaøo estis manipulita!\n"
"AVERTO: ne povas %%-kompletigi gvidlinian URL (tro granda); uzas sen "
"kompletigo.\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s-subskribo de: %s\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "eraro dum legado de '%s': %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "þlosilo '%s' ne trovita: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "þlosilo '%s' ne trovita: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgstr ""
"Project-Id-Version: gnupg 2.0.9\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2013-04-24 09:47+0200\n"
+"PO-Revision-Date: 2015-10-09 17:10+0200\n"
"Last-Translator: Jaime Suárez <jaime.suma@gmail.com>\n"
"Language-Team: Spanish <es@li.org>\n"
"Language: es\n"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr "un hash de %u bits no vale para %u bits de la clave %s\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "la comprobación de la firma creada falló: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "las partes de la clave privada no están disponibles\n"
msgid "remove as much as possible from key during export"
msgstr "borrar tanto como sea posible de la clave al exportar"
-msgid "export keys in an S-expression based format"
-msgstr "exportar claves en formato basado en una expresión S"
-
msgid "exporting secret keys not allowed\n"
msgstr "no se permite exportar claves secretas\n"
msgid "You must select at least one user ID.\n"
msgstr "Debe seleccionar por lo menos un identificador de usuario.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "¡No puede borrar el último identificador de usuario!\n"
msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
msgstr "¿Cambia (N)ombre, (C)omentario, (D)irección o (V)ale/(S)alir? "
-#, fuzzy
-#| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
msgid "Change (N)ame, (E)mail, or (Q)uit? "
-msgstr "¿Cambia (N)ombre, (C)omentario, (D)irección o (S)alir? "
+msgstr "¿Cambia (N)ombre, (D)irección o (S)alir? "
-#, fuzzy
-#| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
-msgstr "¿Cambia (N)ombre, (C)omentario, (D)irección o (V)ale/(S)alir? "
+msgstr "¿Cambia (N)ombre, (D)irección o (V)ale/(S)alir? "
msgid "Please correct the error first\n"
msgstr "Por favor corrija primero el error.\n"
msgid "Keyring"
msgstr "Anillo de claves"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "omitido \"%s\": %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Huellas dactilares de la clave primaria:"
msgid "refreshing %d keys from %s\n"
msgstr "renovando %d claves desde %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "no hay servidores de claves conocidos (use opción --keyserver)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "clave \"%s\" no encontrada en el servidor\n"
msgid "key not found on keyserver\n"
msgstr "clave no encontrada en el servidor\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "no hay servidores de claves conocidos (use opción --keyserver)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "solicitando clave %s de %s servidor %s\n"
msgstr "solicitando clave %s de %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "omitido \"%s\": %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "enviando clave %s a %s servidor %s\n"
msgstr ""
"cifrado IDEA no disponible, confiadamente intentamos usar %s en su lugar\n"
-msgid "decryption okay\n"
-msgstr "descifrado correcto\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "ATENCIÓN: la intgridad del mensaje no está protegida\n"
+msgid "decryption okay\n"
+msgstr "descifrado correcto\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "ATENCIÓN: ¡el mensaje cifrado ha sido manipulado!\n"
"preferido. Se usa sin expandir.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "la comprobación de la firma creada falló: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s firma de: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "error ejecutando `%s': código de finalización %d\n"
+#, fuzzy
+#| msgid "certificate `%s' not found: %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "certificado `%s' no encontrado: %s\n"
+
#, fuzzy, c-format
#| msgid "certificate `%s' not found: %s\n"
msgid "certificate search not possible due to disabled %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
# ordenes -> órdenes
# página man -> página de manual
# Vale. ¿del manual mejor?
msgstr ""
"Error: los datos privados son demasiado largos (límite de %d caracteres).\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr "Opciones que controlan la interactividad y obligación"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "Opciones que controlan la seguridad"
+
msgid "Configuration for HTTP servers"
msgstr "Configuración de servidores HTTP"
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
# ¿Por qué no frase de paso?
"Compara frase contraseña dada en entrada estándar con un fichero de "
"patrones\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "exportar claves en formato basado en una expresión S"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr "cambiar entre lista de claves secretas y públicas"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "salajase võtme komponendid ei ole kättesaadavad\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "kirjutan salajase võtme faili `%s'\n"
msgid "You must select at least one user ID.\n"
msgstr "Te peate valima vähemalt ühe kasutaja ID.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Viimast kasutaja ID ei saa kustutada!\n"
msgid "Keyring"
msgstr "Võtmehoidla"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "`%s' jätsin vahele: %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Primaarse võtme sõrmejälg:"
msgid "refreshing %d keys from %s\n"
msgstr "küsin võtit %08lX võtmeserverist %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "võtit '%s' ei leitud: %s\n"
msgid "key not found on keyserver\n"
msgstr "võtit '%s' ei leitud: %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "küsin võtit %08lX võtmeserverist %s\n"
msgstr "küsin võtit %08lX võtmeserverist %s\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "`%s' jätsin vahele: %s\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "otsin \"%s\" HKP serverist %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "IDEA ¨iffer pole saadaval, loodan kasutada selle asemel %s\n"
-msgid "decryption okay\n"
-msgstr "lahtikrüpteerimine õnnestus\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "HOIATUS: teate kooskõlalisus ei ole tagatud\n"
+msgid "decryption okay\n"
+msgstr "lahtikrüpteerimine õnnestus\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "HOIATUS: krüpteeritud teadet on muudetud!\n"
"HOIATUS: poliisi urli %%-asendus ebaõnnestus (liiga suur). Kasutan "
"kompaktset.\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s allkiri kasutajalt: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "viga `%s' lugemisel: %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "võtit '%s' ei leitud: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "võtit '%s' ei leitud: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "salaisen avaimen osat eivät ole käytettävissä\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
msgid "You must select at least one user ID.\n"
msgstr "Sinun täytyy valita ainakin yksi käyttäjätunnus.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Et voi poistaa viimeistä käyttäjätunnusta!\n"
msgid "Keyring"
msgstr "Avainrengas"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "ohitetaan \"%s\": %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Ensisijaisen avaimen sormenjälki:"
msgid "refreshing %d keys from %s\n"
msgstr "pyydetään avainta %08lX kohteesta %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "avainta \"%s\" ei löydy: %s\n"
msgid "key not found on keyserver\n"
msgstr "avainta \"%s\" ei löydy: %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "pyydetään avainta %08lX kohteesta %s\n"
msgstr "pyydetään avainta %08lX kohteesta %s\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "ohitetaan \"%s\": %s\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "etsitään \"%s\" HKP-palvelimelta %s\n"
"IDEA-salain ei käytettävissä, yritetään optimistisesti \n"
"käyttää sen sijaan salainta %s\n"
-msgid "decryption okay\n"
-msgstr "avaus onnistui\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "VAROITUS: viestin eheyttä ei oltu suojattu\n"
+msgid "decryption okay\n"
+msgstr "avaus onnistui\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "VAROITUS: salattua viestiä on muokattu!\n"
"VAROITUS: käytäntö-url:n %%-laajennus ei onnistu (liian suuri). \n"
"Käytetään laajentamatonta.\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s-allekirjoitus lähettäjältä: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "avainta \"%s\" ei löydy: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "avainta \"%s\" ei löydy: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgstr ""
"un hachage de %1$zu bits n'est pas valable pour une clef %3$s de %2$u bits\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "échec de vérification de la signature créée : %s\n"
+
msgid "secret key parts are not available\n"
msgstr "des parties de la clef secrète ne sont pas disponibles\n"
msgid "remove as much as possible from key during export"
msgstr "supprimer autant que possible de la clef pendant l'exportation"
-msgid "export keys in an S-expression based format"
-msgstr "exporter les clefs dans un format basé sur une expression symbolique"
-
msgid "exporting secret keys not allowed\n"
msgstr "il est interdit d'exporter les clefs secrètes\n"
msgid "You must select at least one user ID.\n"
msgstr "Vous devez sélectionner au moins une identité.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Vous ne pouvez pas supprimer la dernière identité.\n"
msgid "Keyring"
msgstr "Porte-clefs"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "« %s » a été ignorée : %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Empreinte de clef principale :"
msgid "refreshing %d keys from %s\n"
msgstr "rafraîchissement de %d clefs à partir de %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "pas de serveur de clefs connu (utilisez l'option --keyserver)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "clef « %s » introuvable sur le serveur de clefs\n"
msgid "key not found on keyserver\n"
msgstr "clef introuvable sur le serveur de clefs\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "pas de serveur de clefs connu (utilisez l'option --keyserver)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "demande de la clef %s sur le serveur %s %s\n"
msgstr "requête de la clef %s sur %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "« %s » a été ignorée : %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "envoi de la clef %s au serveur %s %s\n"
"L'algorithme IDEA n'est pas disponible, essai avec %s\n"
"qui fonctionnera peut-être avec un peu de chance\n"
-msgid "decryption okay\n"
-msgstr "le déchiffrement a réussi\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "Attention : l'intégrité du message n'était pas protégée\n"
+msgid "decryption okay\n"
+msgstr "le déchiffrement a réussi\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "Attention : le message chiffré a été manipulé.\n"
" Utilisation de la version non expansée.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "échec de vérification de la signature créée : %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s signature de : « %s »\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "erreur de récupération de « %s » : état HTTP %u\n"
+#, fuzzy
+#| msgid "CRL access not possible due to disabled %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr ""
+"accès à la liste de révocations de certificat impossible car %s est "
+"désactivé\n"
+
#, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "recherche de certificats impossible car %s est désactivé\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr "|FICHIER|utiliser les certificats de CA dans FICHIER pour HKP par TLS"
+msgid "route all network traffic via TOR"
+msgstr ""
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
msgid "response from server too large; limit is %d bytes\n"
msgstr "réponse trop grande du serveur ; limitée à %d octets.\n"
+#, fuzzy
+#| msgid "OCSP request not possible due to disabled HTTP\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr "requête OCSP impossible car HTTP est désactivé\n"
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr "requête OCSP impossible car HTTP est désactivé\n"
msgid "Options controlling the interactivity and enforcement"
msgstr "Options contrôlant l'interactivité et la mise en application"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "Options contrôlant la sécurité"
+
msgid "Configuration for HTTP servers"
msgstr "Configuration pour les serveurs HTTP"
msgid "GPG for S/MIME"
msgstr "GPG pour S/MIME"
-msgid "Directory Manager"
-msgstr "Gestionnaire de répertoires"
+msgid "Key Acquirer"
+msgstr ""
msgid "PIN and Passphrase Entry"
msgstr "Entrée de code personnel et de phrase secrète"
"Vérifier une phrase secrète donnée sur l'entrée standard par rapport à "
"ficmotif\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr ""
+#~ "exporter les clefs dans un format basé sur une expression symbolique"
+
+#~ msgid "Directory Manager"
+#~ msgstr "Gestionnaire de répertoires"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr ""
#~ "passer de la liste de clefs secrètes à celle de clefs privées ou vice "
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "fallou a comprobación da sinatura creada: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "hai partes da chave secreta non dispoñibles\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "gravando a chave secreta en `%s'\n"
msgid "You must select at least one user ID.\n"
msgstr "Debe seleccionar alomenos un ID de usuario.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "¡Non pode borra-lo último ID de usuario!\n"
msgid "Keyring"
msgstr "Chaveiro"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "omítese `%s': %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Pegada dactilar da chave primaria:"
msgid "refreshing %d keys from %s\n"
msgstr "solicitando a chave %08lX de %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-"non hai un servidor de chaves coñecido (empregue a opción --keyserver)\n"
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "non se atopou a chave `%s': %s\n"
msgid "key not found on keyserver\n"
msgstr "non se atopou a chave `%s': %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+"non hai un servidor de chaves coñecido (empregue a opción --keyserver)\n"
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "solicitando a chave %08lX de %s\n"
msgstr "solicitando a chave %08lX de %s\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "omítese `%s': %s\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "buscando \"%s\" no servidor HKP %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "A cifra IDEA non está dispoñible, téntase empregar %s no seu canto\n"
-msgid "decryption okay\n"
-msgstr "descifrado correcto\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "AVISO: a mensaxe non tiña protección de integridade\n"
+msgid "decryption okay\n"
+msgstr "descifrado correcto\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "AVISO: ¡a mensaxe cifrada foi manipulada!\n"
"unexpanded.\n"
msgstr "AVISO: non se pode expandir-%% o url de normativa (grande de máis).\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "fallou a comprobación da sinatura creada: %s\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "Sinatura %s de: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "erro lendo `%s': %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "non se atopou a chave `%s': %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "non se atopou a chave `%s': %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "A létrehozott aláírás ellenõrzése sikertelen: %s.\n"
+
msgid "secret key parts are not available\n"
msgstr "Titkos kulcsrészek nem állnak rendelkezésre.\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "Írom a titkos kulcsot a %s állományba.\n"
msgid "You must select at least one user ID.\n"
msgstr "Legalább egy felhasználóazonosítót ki kell választania!\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Nem törölheti az utolsó felhasználóazonosítót!\n"
msgid "Keyring"
msgstr "Kulcskarika"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "Kihagytam \"%s\"-t: %s.\n"
+
msgid "Primary key fingerprint:"
msgstr "Elsõdlegeskulcs-ujjlenyomat:"
msgid "refreshing %d keys from %s\n"
msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverrõl.\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "\"%s\" kulcs nem található: %s\n"
msgid "key not found on keyserver\n"
msgstr "\"%s\" kulcs nem található: %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverrõl.\n"
msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverrõl.\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "Kihagytam \"%s\"-t: %s.\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "Keresem \"%s\"-t a %s HKP szerveren.\n"
"IDEA rejtjelezõ nem áll rendelkezésre, optimista módon megpróbálok\n"
"%s-t használni helyette.\n"
-msgid "decryption okay\n"
-msgstr "Visszafejtés rendben.\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "FIGYELEM: Az üzenetet nem látták el integritásvédelemmel.\n"
+msgid "decryption okay\n"
+msgstr "Visszafejtés rendben.\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "FIGYELEM: A titkosított üzenetet manipulálták!\n"
"hosszú).\n"
"Kifejtés nélkül használom.\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "A létrehozott aláírás ellenõrzése sikertelen: %s.\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s aláírás a következõtõl: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "Hiba \"%s\" olvasásakor: %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "\"%s\" kulcs nem található: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "\"%s\" kulcs nem található: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "Gagal memeriksa signature yang dibuat: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "bagian kunci rahasia tidak tersedia\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "menulis kunci rahasia ke `%s'\n"
msgid "You must select at least one user ID.\n"
msgstr "Anda harus memilih minimum satu ID user.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Anda tidak dapat menghapus ID user terakhir!\n"
msgid "Keyring"
msgstr "Keyring"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "melewati `%s': %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Fingerprint kunci primer:"
msgid "refreshing %d keys from %s\n"
msgstr "meminta kunci %08lX dari %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "kunci '%s' tidak ditemukan: %s\n"
msgid "key not found on keyserver\n"
msgstr "kunci '%s' tidak ditemukan: %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "meminta kunci %08lX dari %s\n"
msgstr "meminta kunci %08lX dari %s\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "melewati `%s': %s\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "mencari \"%s\" dari server HKP %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "Cipher IDEA tidak tersedia, secara optimis berusaha menggunakan %s\n"
-msgid "decryption okay\n"
-msgstr "dekripsi lancar\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "PERINGATAN: integritas pesan tidak terlindungi\n"
+msgid "decryption okay\n"
+msgstr "dekripsi lancar\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "PERINGATAN: pesan terenkripsi telah dimanipulasi!\n"
"PERINGATAN: tidak dapat melakukan %%-expand policy url (terlalu besar). "
"Menggunakan yang tidak expand.\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "Gagal memeriksa signature yang dibuat: %s\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s signature dari: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "kesalahan membaca `%s': %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "kunci '%s' tidak ditemukan: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "kunci '%s' tidak ditemukan: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "controllo della firma creata fallito: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "parti della chiave segreta non sono disponibili\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "scrittura della chiave segreta in `%s'\n"
msgid "You must select at least one user ID.\n"
msgstr "Devi selezionare almeno un user ID.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Non puoi cancellare l'ultimo user ID!\n"
msgid "Keyring"
msgstr "Portachiavi"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "saltata `%s': %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Impronta digitale della chiave primaria:"
msgid "refreshing %d keys from %s\n"
msgstr "richiedo la chiave %08lX a %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "chiave `%s' non trovata: %s\n"
msgid "key not found on keyserver\n"
msgstr "chiave `%s' non trovata: %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "richiedo la chiave %08lX a %s\n"
msgstr "richiedo la chiave %08lX a %s\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "saltata `%s': %s\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "cerco \"%s\" sul server HKP %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "Cifrario IDEA non disponibile, ottimisticamente cerco di usare %s\n"
-msgid "decryption okay\n"
-msgstr "decifratura corretta\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "ATTENZIONE: l'integrità del messaggio non era protetta\n"
+msgid "decryption okay\n"
+msgstr "decifratura corretta\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "ATTENZIONE: il messaggio cifrato è stato manipolato!\n"
"lunga).\n"
"Usata inespansa.\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "controllo della firma creata fallito: %s\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "Firma %s da: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "errore leggendo `%s': %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "chiave `%s' non trovata: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "chiave `%s' non trovata: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
#
msgid ""
msgstr ""
-"Project-Id-Version: gnupg 2.1.6\n"
+"Project-Id-Version: gnupg 2.1.8\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2015-07-02 12:21+0900\n"
+"PO-Revision-Date: 2015-09-15 15:12+0900\n"
"Last-Translator: NIIBE Yutaka <gniibe@fsij.org>\n"
"Language-Team: none\n"
"Language: ja\n"
msgstr "PUK"
msgid "Reset Code"
-msgstr "Reset Code"
+msgstr "リセット・コード"
#, c-format
msgid "%s%%0A%%0AUse the reader's pinpad for input."
msgstr "%s%%0A%%0Aリーダーのピンパッドを入力に使ってください。"
msgid "Repeat this Reset Code"
-msgstr "このReset Codeをもう一度入力してください"
+msgstr "このリセット・コードをもう一度入力してください"
msgid "Repeat this PUK"
msgstr "このPUKをもう一度入力してください"
msgstr "このPINをもう一度入力してください"
msgid "Reset Code not correctly repeated; try again"
-msgstr "Reset Codeが正しく繰り返されていません。もう一度"
+msgstr "リセット・コードが正しく繰り返されていません。もう一度"
msgid "PUK not correctly repeated; try again"
msgstr "PUKが正しく繰り返されていません。もう一度"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr "%zuビットのハッシュは%uビットの%s鍵には無効です\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "作成された署名の検査に失敗しました: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "秘密部分が得られません\n"
#, c-format
msgid "Warning: unsafe ownership on %s \"%s\"\n"
-msgstr "警告: '%s'の安全でない所有者 \"%s\"\n"
+msgstr "警告: '%s'の安全でない所有 \"%s\"\n"
#, c-format
msgid "Warning: unsafe permissions on %s \"%s\"\n"
msgstr "OpenPGPカードno. %sを検出\n"
msgid "can't do this in batch mode\n"
-msgstr "ã\81\9dれはバッチ・モードではできません\n"
+msgstr "ã\81\93れはバッチ・モードではできません\n"
msgid "This command is only available for version 2 cards\n"
msgstr "このコマンドが使えるのはバージョン2のカードだけです\n"
msgid "Reset Code not or not anymore available\n"
-msgstr "Reset Codeが(もはや)利用可能ではありません\n"
+msgstr "リセット・コードが(もはや)利用可能ではありません\n"
msgid "Your selection? "
msgstr "あなたの選択は? "
msgstr "エラー: 優先指定の文字列に無効な文字があります。\n"
msgid "Sex ((M)ale, (F)emale or space): "
-msgstr "性別 ((M)男、(F)女、空白): "
+msgstr "性別 ((M)男、(F)女、または空白): "
msgid "Error: invalid response.\n"
msgstr "エラー: 無効な応答。\n"
msgstr "現行鍵情報の取得エラー: %s\n"
msgid "Replace existing key? (y/N) "
-msgstr "既存の鍵を交換しますか? (y/N) "
+msgstr "既存の鍵を置き換えしますか? (y/N) "
msgid ""
"Note: There is no guarantee that the card supports the requested size.\n"
msgstr ""
"*注意*: カードが要求された鍵長をサポートしているという保証はありません。\n"
" 鍵生成が成功しない場合、あなたのカードに関する技術文書を確認し、\n"
-" 利用できる鍵長についてみてください。\n"
+" 利用できる鍵長について確認ください。\n"
#, c-format
msgid "What keysize do you want for the Signature key? (%u) "
#, c-format
msgid "What keysize do you want for the Encryption key? (%u) "
-msgstr "暗号鍵の鍵長は? (%u) "
+msgstr "暗号化鍵の鍵長は? (%u) "
#, c-format
msgid "What keysize do you want for the Authentication key? (%u) "
msgstr "鍵%dの長さを%u bit に変更する際にエラー: %s\n"
msgid "Make off-card backup of encryption key? (Y/n) "
-msgstr "暗号鍵のカード外バックアップを作成しますか? (Y/n) "
+msgstr "暗号化鍵のカード外バックアップを作成しますか? (Y/n) "
msgid "Note: keys are already stored on the card!\n"
msgstr "*注意*: 秘密鍵はもうカードに保管してあります!\n"
"You should change them using the command --change-pin\n"
msgstr ""
"工場設定のPINは下記のとおり\n"
-" PIN = '%s' Admin PIN = '%s'\n"
+" PIN = '%s' 管理者PIN = '%s'\n"
"次のコマンドを使って変更すべきです --change-pin\n"
msgid "Please select the type of key to generate:\n"
msgstr "鍵を取得するURLの変更"
msgid "fetch the key specified in the card URL"
-msgstr "ã\82«ã\83¼ã\83\89URLã\81§æ\8c\87å®\9aã\81\95ã\82\8cã\81\9fé\8dµã\81®å¼\95ã\81\8då\87ºã\81\97"
+msgstr "ã\82«ã\83¼ã\83\89URLã\81§æ\8c\87å®\9aã\81\95ã\82\8cã\81\9fé\8dµã\81®å\8f\96å¾\97"
msgid "change the login name"
msgstr "ログイン名の変更"
msgstr "PINを確認しすべてのデータを表示する"
msgid "unblock the PIN using a Reset Code"
-msgstr "PINをReset Codeで再設定する"
+msgstr "PINをリセット・コードでブロックを解除する"
msgid "destroy all keys and data"
msgstr "すべての鍵とデータを破壊します"
msgstr "gpg/card> "
msgid "Admin-only command\n"
-msgstr "管理専用コマンド\n"
+msgstr "管理者専用コマンド\n"
msgid "Admin commands are allowed\n"
-msgstr "管理コマンドが許可されています\n"
+msgstr "管理者コマンドが許可されています\n"
msgid "Admin commands are not allowed\n"
-msgstr "管理コマンドは禁止されています\n"
+msgstr "管理者コマンドは禁止されています\n"
msgid "Invalid command (try \"help\")\n"
msgstr "無効なコマンド (\"help\"を参照)\n"
msgstr "鍵ブロックの読み込みエラー: %s\n"
msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(ã\81\82ã\82\8bã\81\84ã\81¯ã\80\81ã\83\95ã\82£ã\83³ã\82¬ã\83¼ã\83\97ã\83ªã\83³ã\83\88ã\81§é\8dµã\82\92æ\8c\87å®\9a)\n"
+msgstr "(ã\83\95ã\82£ã\83³ã\82¬ã\83¼ã\83»ã\83\97ã\83ªã\83³ã\83\88ã\81§é\8dµã\82\92æ\8c\87å®\9aã\81\97ã\81¦ã\81ªã\81\84é\99\90ã\82\8a)\n"
msgid "can't do this in batch mode without \"--yes\"\n"
msgstr "\"--yes\"なしでバッチ・モードではできません\n"
msgid ""
"external program calls are disabled due to unsafe options file permissions\n"
msgstr ""
-"オプション・ファイルの許可モードが、安全ではないので、\n"
-"外部プログラムの呼出しは、使用禁止です。\n"
+"オプション・ファイルの許可モードが安全ではないので、外部プログラムの呼出しは"
+"禁止となります。\n"
msgid "this platform requires temporary files when calling external programs\n"
msgstr ""
msgid "remove as much as possible from key during export"
msgstr "エクスポートの際、できるだけ除去する"
-msgid "export keys in an S-expression based format"
-msgstr "S式ベースのフォーマットで鍵をエクスポートする"
-
msgid "exporting secret keys not allowed\n"
msgstr "秘密鍵のエクスポートは認められません\n"
msgstr " - スキップされました"
msgid "WARNING: nothing exported\n"
-msgstr "*è¦å\91\8a*: ä½\95ã\82\82ã\82¨ã\82¯ã\82¹ã\83\9dã\83¼ã\83\88ã\81\97ていません\n"
+msgstr "*è¦å\91\8a*: ä½\95ã\82\82ã\82¨ã\82¯ã\82¹ã\83\9dã\83¼ã\83\88ã\81\95ã\82\8cていません\n"
msgid "[User ID not found]"
msgstr "[ユーザIDが見つかりません]"
#, c-format
msgid "WARNING: unsafe ownership on homedir '%s'\n"
-msgstr "*警告*: homedir '%s'の安全でない所有者\n"
+msgstr "*警告*: homedir '%s'の安全でない所有\n"
#, c-format
msgid "WARNING: unsafe ownership on configuration file '%s'\n"
-msgstr "*警告*: コンフィグレーション・ファイル'%s'の安全でない所有者\n"
+msgstr "*警告*: コンフィグレーション・ファイル'%s'の安全でない所有\n"
#, c-format
msgid "WARNING: unsafe ownership on extension '%s'\n"
-msgstr "*警告*: 拡張'%s'の安全でない所有者\n"
+msgstr "*警告*: 拡張'%s'の安全でない所有\n"
#, c-format
msgid "WARNING: unsafe permissions on homedir '%s'\n"
#, c-format
msgid "WARNING: unsafe enclosing directory ownership on homedir '%s'\n"
-msgstr "*警告*: homedir '%s'の安全でない上位ディレクトリ所有者\n"
+msgstr "*警告*: homedir '%s'の安全でない上位ディレクトリ所有\n"
#, c-format
msgid ""
"WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
msgstr ""
-"*警告*: コンフィグレーション・ファイル'%s'の安全でない上位ディレクトリ所有"
-"者\n"
+"*警告*: コンフィグレーション・ファイル'%s'の安全でない上位ディレクトリ所有\n"
#, c-format
msgid "WARNING: unsafe enclosing directory ownership on extension '%s'\n"
-msgstr "*警告*: 拡張'%s'の安全でない上位ディレクトリ所有者\n"
+msgstr "*警告*: 拡張'%s'の安全でない上位ディレクトリ所有\n"
#, c-format
msgid "WARNING: unsafe enclosing directory permissions on homedir '%s'\n"
msgstr "不明のコンフィグレーション項目'%s'\n"
msgid "display photo IDs during key listings"
-msgstr "鍵の一覧にフォトIDを表示する"
+msgstr "鍵の一覧時にフォトIDを表示する"
msgid "show key usage information during key listings"
-msgstr "鍵の一覧に鍵の使い方の情報を表示する"
+msgstr "鍵の一覧時に鍵の使い方の情報を表示する"
msgid "show policy URLs during signature listings"
-msgstr "署名の一覧にポリシURLを表示する"
+msgstr "署名の一覧時にポリシーURLを表示する"
msgid "show all notations during signature listings"
-msgstr "署名の一覧にすべての注釈を表示する"
+msgstr "署名の一覧時にすべての注釈を表示する"
msgid "show IETF standard notations during signature listings"
-msgstr "署名の一覧にIETF標準注釈を表示する"
+msgstr "署名の一覧時にIETF標準注釈を表示する"
msgid "show user-supplied notations during signature listings"
-msgstr "署名の一覧にユーザの注釈を表示する"
+msgstr "署名の一覧時にユーザの注釈を表示する"
msgid "show preferred keyserver URLs during signature listings"
-msgstr "署名の一覧に優先鍵サーバURLを表示する"
+msgstr "署名の一覧時に優先鍵サーバURLを表示する"
msgid "show user ID validity during key listings"
-msgstr "鍵の一覧にユーザIDの有効性を表示する"
+msgstr "鍵の一覧時にユーザIDの有効性を表示する"
msgid "show revoked and expired user IDs in key listings"
msgstr "鍵の一覧に失効したユーザID、期限切れとなったユーザIDを表示する"
msgstr "鍵の一覧に鍵リングの名前を表示する"
msgid "show expiration dates during signature listings"
-msgstr "署名の一覧に有効期限の日付を表示する"
+msgstr "署名の一覧時に有効期限の日付を表示する"
#, c-format
msgid "Note: old default options file '%s' ignored\n"
#, c-format
msgid "libgcrypt is too old (need %s, have %s)\n"
-msgstr "libgcrypt ã\81¯古すぎます (必要 %s, 現在 %s)\n"
+msgstr "libgcrypt ã\81\8c古すぎます (必要 %s, 現在 %s)\n"
#, c-format
msgid "Note: %s is not for normal use!\n"
msgstr "署名の検証時にフォトIDを表示する"
msgid "show policy URLs during signature verification"
-msgstr "署名の検証時にポリシURLを表示する"
+msgstr "署名の検証時にポリシーURLを表示する"
msgid "show all notations during signature verification"
msgstr "署名の検証時にすべての注釈を表示する"
msgstr "無効な auto-key-locate リストです\n"
msgid "WARNING: program may create a core file!\n"
-msgstr "*è¦å\91\8a*: ã\83\97ã\83ã\82°ã\83©ã\83 ã\81®ã\82³ã\82¢ã\83»ã\83\95ã\82¡ã\82¤ã\83«ã\81\8cã\81§ã\81\8dることがあります!\n"
+msgstr "*è¦å\91\8a*: ã\83\97ã\83ã\82°ã\83©ã\83 ã\81¯coreã\83\95ã\82¡ã\82¤ã\83«ã\82\92ä½\9cæ\88\90ã\81\99ることがあります!\n"
#, c-format
msgid "WARNING: %s overrides %s\n"
#, c-format
msgid "keyserver refresh failed: %s\n"
-msgstr "鍵サーバの回復に失敗しました: %s\n"
+msgstr "鍵サーバの更新に失敗しました: %s\n"
#, c-format
msgid "dearmoring failed: %s\n"
msgstr "開始します。メッセージを打ってください ...\n"
msgid "the given certification policy URL is invalid\n"
-msgstr "あたえられた証明書ポリシURLは無効です\n"
+msgstr "あたえられた証明書ポリシーURLは無効です\n"
msgid "the given signature policy URL is invalid\n"
-msgstr "あたえられた署名ポリシURLは無効です\n"
+msgstr "あたえられた署名ポリシーURLは無効です\n"
msgid "the given preferred keyserver URL is invalid\n"
msgstr "指定された優先鍵サーバURLは無効です\n"
msgstr "ローカルだけとマークされた署名をインポートします"
msgid "repair damage from the pks keyserver during import"
-msgstr "インポート時にpksキーサーバからのダメージを修正します"
+msgstr "インポートの際、にpksキーサーバからのダメージを修正します"
msgid "do not clear the ownertrust values during import"
msgstr "インポートの際、所有者信用の値をクリアしない"
msgid "do not update the trustdb after import"
-msgstr "インポートの際、信用データベースを更新しない"
+msgstr "インポート後、信用データベースを更新しない"
msgid "only accept updates to existing keys"
msgstr "既存の鍵に対する更新のみ認めます"
msgstr "インポート後、利用できない部分を鍵から除去します"
msgid "remove as much as possible from key after import"
-msgstr "インポートの後、できるだけ除去します"
+msgstr "インポート後、できるだけ除去します"
#, c-format
msgid "skipping block of type %d\n"
#, c-format
msgid "%lu keys processed so far\n"
-msgstr "%lu鍵まで処理\n"
+msgstr "これまで%lu個の鍵を処理\n"
#, c-format
msgid "Total number processed: %lu\n"
#, c-format
msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
-msgstr "*警告*: 鍵%sは失効可能です: 失効鍵%sを取ってきます\n"
+msgstr "*警告*: 鍵%sは失効されたかもしれません: 失効鍵%sを取ってきます\n"
#, c-format
msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
-msgstr "*警告*: 鍵%sは失効可能です: 失効鍵%sが存在しません。\n"
+msgstr "*警告*: 鍵%sは失効されたかもしれません: 失効鍵%sが存在しません。\n"
#, c-format
msgid "key %s: \"%s\" revocation certificate added\n"
"is a local signature.\n"
msgstr ""
"\"%s\"にたいするあなたの今の署名\n"
-"は内部署名です。\n"
+"はローカルな署名です。\n"
msgid "Do you want to promote it to a full exportable signature? (y/N) "
msgstr "エクスポート可能な署名に格上げしたいですか? (y/N) "
#, c-format
msgid "\"%s\" was already locally signed by key %s\n"
-msgstr "\"%s\"は鍵%sでもう内部署名してあります\n"
+msgstr "\"%s\"は鍵%sでもうローカルに署名してあります\n"
#, c-format
msgid "\"%s\" was already signed by key %s\n"
msgid "show key fingerprint"
msgstr "鍵のフィンガープリントを表示"
-#, fuzzy
-#| msgid "Enter the keygrip: "
msgid "show the keygrip"
-msgstr "keygripを入力: "
+msgstr "keygripを表示"
msgid "list key and user IDs"
msgstr "鍵とユーザIDの一覧"
msgstr "ユーザID Nの選択"
msgid "select subkey N"
-msgstr "subkey Nの選択"
+msgstr "副鍵Nの選択"
msgid "check signatures"
msgstr "署名の確認"
msgstr "副鍵を追加"
msgid "add a key to a smartcard"
-msgstr "ICカードへ鍵の追加"
+msgstr "スマートカードへ鍵の追加"
msgid "move a key to a smartcard"
-msgstr "鍵をICカードへ移動"
+msgstr "鍵をスマートカードへ移動"
msgid "move a backup key to a smartcard"
-msgstr "バックアップ鍵をICカードへ移動"
+msgstr "バックアップ鍵をスマートカードへ移動"
msgid "delete selected subkeys"
msgstr "選択した副鍵の削除"
msgstr "選択したユーザIDに優先指定リストを設定"
msgid "set the preferred keyserver URL for the selected user IDs"
-msgstr "選択したユーザIDに優先鍵サーバのURIを設定"
+msgstr "選択したユーザIDに優先鍵サーバのURLを設定"
msgid "set a notation for the selected user IDs"
msgstr "選択したユーザIDに注釈を設定する"
msgstr "選択したユーザIDの署名を失効"
msgid "revoke selected user IDs"
-msgstr "ユーザIDの失効"
+msgstr "選択したユーザIDの失効"
msgid "revoke key or selected subkeys"
msgstr "鍵の失効または選択した副鍵の失効"
msgid "You must select at least one user ID.\n"
msgstr "ユーザIDを少なくともひとつ選択してください。\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "最後のユーザIDは削除できません!\n"
msgstr "このユーザIDを本当に失効しますか? (y/N) "
msgid "Do you really want to revoke the entire key? (y/N) "
-msgstr "鍵全体を本当に失効しますか? (y/N) "
+msgstr "この鍵全体を本当に失効しますか? (y/N) "
msgid "Do you really want to revoke the selected subkeys? (y/N) "
msgstr "選択した副鍵を本当に失効しますか? (y/N) "
#, c-format
msgid "The following key was revoked on %s by %s key %s\n"
-msgstr "%s で %s 鍵によってこの鍵は、失効されました: %s\n"
+msgstr "%sで%s鍵%sによって以下の鍵は、失効されました\n"
#, c-format
msgid "This key may be revoked by %s key %s"
msgstr ""
"*警告*: これはPGP2形式の鍵です。フォトIDの追加で、一部のバージョンのPGPで"
"は、\n"
-" この鍵を拒否するかもしれません。\n"
+" この鍵を拒否するかもしれません。\n"
msgid "Are you sure you still want to add it? (y/N) "
msgstr "それでも追加したいですか? (y/N) "
msgstr ""
"*警告*: これはPGP 2.x形式の鍵です。指名失効者の追加で、一部のバージョンのPGP"
"では、\n"
-" この鍵を拒否するかもしれません。\n"
+" この鍵を拒否するかもしれません。\n"
msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
msgstr "PGP 2.x形式の鍵には指名失効者を追加できません。\n"
#, c-format
msgid " (%c) Toggle the sign capability\n"
-msgstr " (%c) 署名特性を反転する\n"
+msgstr " (%c) 署名機能を反転する\n"
#, c-format
msgid " (%c) Toggle the encrypt capability\n"
-msgstr " (%c) 暗号特性を反転する\n"
+msgstr " (%c) 暗号機能を反転する\n"
#, c-format
msgid " (%c) Toggle the authenticate capability\n"
-msgstr " (%c) 認証特性を反転する\n"
+msgstr " (%c) 認証機能を反転する\n"
#, c-format
msgid " (%c) Finished\n"
#, c-format
msgid " (%d) DSA (set your own capabilities)\n"
-msgstr " (%d) DSA (特性をあなた自身で設定)\n"
+msgstr " (%d) DSA (機能をあなた自身で設定)\n"
#, c-format
msgid " (%d) RSA (set your own capabilities)\n"
-msgstr " (%d) RSA (特性をあなた自身で設定)\n"
+msgstr " (%d) RSA (機能をあなた自身で設定)\n"
#, c-format
msgid " (%d) ECC and ECC\n"
#, c-format
msgid " (%d) ECC (set your own capabilities)\n"
-msgstr " (%d) ECC (特性をあなた自身で設定)\n"
+msgstr " (%d) ECC (機能をあなた自身で設定)\n"
#, c-format
msgid " (%d) ECC (encrypt only)\n"
"Please enter a passphrase to protect the off-card backup of the new "
"encryption key."
msgstr ""
-"パスフレーズを入力してください。これは新しく作られる暗号鍵のカード外のバック"
-"アップを保護するものです。"
+"パスフレーズを入力してください。これは新しく作られる暗号化鍵のカード外のバッ"
+"ã\82¯ã\82¢ã\83\83ã\83\97ã\82\92ä¿\9dè·ã\81\99ã\82\8bã\82\82ã\81®ã\81§ã\81\99ã\80\82"
msgid "passphrase not correctly repeated; try again"
msgstr "パスフレーズをちゃんと繰り返していません。再入力してください"
"disks) during the prime generation; this gives the random number\n"
"generator a better chance to gain enough entropy.\n"
msgstr ""
-"たくさんのランダム・バイトの生成が必要です。キーボードを打つ、マウスを動か"
-"す、\n"
-"ディスクにアクセスするなどの他の操作を素数生成の間に行うことで、乱数生成器"
-"に\n"
-"十分なエントロピーを供給する機会を与えることができます。\n"
+"たくさんのランダム・バイトの生成が必要です。キーボードを打つ、マウスを動か\n"
+"す、ディスクにアクセスするなどの他の操作を素数生成の間に行うことで、乱数生\n"
+"成器に十分なエントロピーを供給する機会を与えることができます。\n"
#, c-format
msgid "Key generation failed: %s\n"
msgstr "*注意*: v3鍵に対する副鍵の作成は、OpenPGPに適合しません\n"
msgid "Secret parts of primary key are not available.\n"
-msgstr "主é\8dµã\81®ç§\98å¯\86é\83¨å\88\86ã\81\8cå¾\97ã\82\89ã\82\8cません。\n"
+msgstr "主é\8dµã\81®ç§\98å¯\86é\83¨å\88\86ã\81\8cå\88©ç\94¨ã\81§ã\81\8dません。\n"
msgid "Secret parts of primary key are stored on-card.\n"
-msgstr "主鍵の秘密部分は科議場に保存されています。\n"
+msgstr "主鍵の秘密部分はカード上に保存されています。\n"
msgid "Really create? (y/N) "
msgstr "本当に作成しますか? (y/N) "
msgstr "無期限 "
msgid "Critical signature policy: "
-msgstr "クリティカルな署名ポリシ: "
+msgstr "クリティカルな署名ポリシー: "
msgid "Signature policy: "
-msgstr "署名ポリシ: "
+msgstr "署名ポリシー: "
msgid "Critical preferred keyserver: "
msgstr "クリティカルな優先鍵サーバ: "
msgid "Keyring"
msgstr "鍵リング"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "\"%s\"をスキップしました: %s\n"
+
msgid "Primary key fingerprint:"
-msgstr "主鍵のフィンガープリント:"
+msgstr " 主鍵フィンガープリント:"
msgid " Subkey fingerprint:"
-msgstr "副鍵のフィンガープリント:"
+msgstr " 副鍵フィンガープリント:"
#. TRANSLATORS: this should fit into 24 bytes so that the
#. * fingerprint data is properly aligned with the user ID
msgid " Primary key fingerprint:"
-msgstr "主鍵のフィンガープリント:"
+msgstr " 主鍵フィンガープリント:"
msgid " Subkey fingerprint:"
-msgstr "副鍵のフィンガープリント:"
+msgstr " 副鍵フィンガープリント:"
msgid " Key fingerprint ="
msgstr " フィンガープリント ="
#, c-format
msgid "refreshing 1 key from %s\n"
-msgstr "1本の鍵を%sから回復\n"
+msgstr "1本の鍵を%sから更新\n"
#, c-format
msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "*警告*: 鍵%sを%s経由で回復できません: %s\n"
+msgstr "*警告*: 鍵%sを%s経由で更新できません: %s\n"
#, c-format
msgid "refreshing %d keys from %s\n"
-msgstr "%d本の鍵を%sから回復\n"
-
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "既知の鍵サーバがありません (オプション--keyserverを使いましょう)\n"
+msgstr "%d本の鍵を%sから更新\n"
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgid "key not found on keyserver\n"
msgstr "鍵が鍵サーバに見つかりません\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "既知の鍵サーバがありません (オプション--keyserverを使いましょう)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "鍵%sを%sからサーバ%sに要求\n"
msgstr "鍵%sを%sに要求\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "\"%s\"をスキップしました: %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "鍵%sを%sサーバ%sへ送信\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "IDEA暗号方式は利用不能なので、楽天的ですが%sで代用しようとしています\n"
-msgid "decryption okay\n"
-msgstr "復号に成功\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "*警告*: メッセージの完全性は保護されていません\n"
+msgid "decryption okay\n"
+msgstr "復号に成功\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "*警告*: 暗号化されたメッセージは改竄されています!\n"
#, c-format
msgid " %d = I trust ultimately\n"
-msgstr " %d = 絶対的に信用する\n"
+msgstr " %d = 究極的に信用する\n"
msgid " m = back to the main menu\n"
msgstr " m = メーン・メニューに戻る\n"
msgstr "あなたの決定は? "
msgid "Do you really want to set this key to ultimate trust? (y/N) "
-msgstr "æ\9c¬å½\93ã\81«ã\81\93ã\81®é\8dµã\82\92絶対的に信用しますか? (y/N) "
+msgstr "æ\9c¬å½\93ã\81«ã\81\93ã\81®é\8dµã\82\92究極的に信用しますか? (y/N) "
msgid "Certificates leading to an ultimately trusted key:\n"
-msgstr "絶対的に信用した鍵への証明書:\n"
+msgstr "究極的に信用した鍵への証明書:\n"
#, c-format
msgid "%s: There is no assurance this key belongs to the named user\n"
#, c-format
msgid ""
"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
-msgstr "*警告*: ポリシURLを%%拡張不能 (大きすぎ)。拡張せずに使用。\n"
+msgstr "*警告*: ポリシーURLを%%拡張不能 (大きすぎ)。拡張せずに使用。\n"
#, c-format
msgid ""
msgstr "*警告*: 優先鍵サーバURLを%%拡張不能 (大きすぎ)。拡張せずに使用。\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "作成された署名の検査に失敗しました: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s署名。署名者:\"%s\"\n"
"# List of assigned trustvalues, created %s\n"
"# (Use \"gpg --import-ownertrust\" to restore them)\n"
msgstr ""
-"# 指定された信頼度の一覧です 作成日時: %s\n"
+"# 指定された信用度の一覧です 作成日時: %s\n"
"# (\"gpg --import-ownertrust\" で復旧することができます)\n"
#, c-format
#, c-format
msgid "%s: error writing dir record: %s\n"
-msgstr "%s: ã\83\87ã\82£ã\83¬ã\82¯ã\83\88ã\83ªã\83¼ã\83»ã\83¬ã\82³ã\83¼ã\83\89ã\81®æ\9b¸ã\81\8dè¾¼ã\81¿ã\82¨ã\83©ã\83¼: %s\n"
+msgstr "%s: ディレクトリ・レコードの書き込みエラー: %s\n"
#, c-format
msgid "%s: failed to zero a record: %s\n"
#, c-format
msgid "key %s marked as ultimately trusted\n"
-msgstr "é\8dµ%sã\82\92絶対的に信用するよう記録しました\n"
+msgstr "é\8dµ%sã\82\92究極的に信用するよう記録しました\n"
#, c-format
msgid "trust record %lu, req type %d: read failed: %s\n"
msgstr "%d本の鍵を処理 (うち%d本の有効性数をクリア)\n"
msgid "no ultimately trusted keys found\n"
-msgstr "絶対的に信用する鍵が見つかりません\n"
+msgstr "究極的に信用する鍵が見つかりません\n"
#, c-format
msgid "public key of ultimately trusted key %s not found\n"
-msgstr "絶対的に信用する鍵%sの公開鍵が見つかりません\n"
+msgstr "究極的に信用する鍵%sの公開鍵が見つかりません\n"
#, c-format
msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
"た: %s\n"
msgid "undefined"
-msgstr ""
+msgstr "未定義"
-#, fuzzy
-#| msgid "never "
msgid "never"
-msgstr "無期限 "
+msgstr "断じてなし"
msgid "marginal"
-msgstr ""
+msgstr "まぁまぁ"
msgid "full"
-msgstr ""
+msgstr "充分"
msgid "ultimate"
-msgstr ""
+msgstr "究極"
#. TRANSLATORS: these strings are similar to those in
#. trust_value_to_string(), but are a fixed length. This is needed to
#. essentially a comment and need not be translated. Either key and
#. uid are both NULL, or neither are NULL.
msgid "10 translator see trust.c:uid_trust_string_fixed"
-msgstr ""
+msgstr "10 translator see trust.c:uid_trust_string_fixed"
-#, fuzzy
-#| msgid "revoked"
msgid "[ revoked]"
-msgstr "失効"
+msgstr "[ 失効 ]"
-#, fuzzy
-#| msgid "expired"
msgid "[ expired]"
-msgstr "期限切れ"
+msgstr "[期限切れ]"
-#, fuzzy
-#| msgid "unknown"
msgid "[ unknown]"
-msgstr "不明の"
+msgstr "[ 不明 ]"
msgid "[ undef ]"
-msgstr ""
+msgstr "[ 未定義 ]"
msgid "[marginal]"
-msgstr ""
+msgstr "[まぁまぁ]"
msgid "[ full ]"
-msgstr ""
+msgstr "[ 充分 ]"
msgid "[ultimate]"
-msgstr ""
+msgstr "[ 究極 ]"
msgid ""
"the signature could not be verified.\n"
#, c-format
msgid "RSA modulus missing or not of size %d bits\n"
-msgstr "RSAの法(modulus)がないか、%dビットのものではありません\n"
+msgstr "RSAのモジュラスがないか、%dビットのものではありません\n"
#, c-format
msgid "RSA public exponent missing or larger than %d bits\n"
-msgstr "RSA公開指数が指定されていないか %d ビットより大きすぎます\n"
+msgstr "RSA公開指数がないか %d ビットより大きすぎます\n"
#, c-format
msgid "PIN callback returned error: %s\n"
-msgstr "PINコールバックがエラーを戻しました: %s\n"
+msgstr "PINコールバックがエラーを返しました: %s\n"
msgid "the NullPIN has not yet been changed\n"
msgstr "NullPINが変更されていません\n"
msgstr "応答に公開鍵データが含まれていません\n"
msgid "response does not contain the RSA modulus\n"
-msgstr "応答にRSAの法(modulus)が含まれていません\n"
+msgstr "応答にRSAのモジュラスが含まれていません\n"
msgid "response does not contain the RSA public exponent\n"
msgstr "応答にRSA公開指数が含まれていません\n"
msgstr "CHV%dの認証に失敗しました: %s\n"
msgid "error retrieving CHV status from card\n"
-msgstr "カードからのCHVステイタス取得でエラー\n"
+msgstr "カードからCHVステイタスの取得でエラー\n"
msgid "card is permanently locked!\n"
-msgstr "カードが永久にロックされます!\n"
+msgstr "ã\82«ã\83¼ã\83\89ã\81\8cæ°¸ä¹\85ã\81«ã\83ã\83\83ã\82¯ã\81\95ã\82\8cã\81¦ã\81¾ã\81\99!\n"
#, c-format
msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
-msgstr "カードの永久ロック前に%dのAdmin PINが試されています\n"
+msgstr "カードの永久ロック前に%d回の管理者PINの試行が残っています\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
#. the start of the string. Use %%0A to force a linefeed.
msgstr "管理コマンドへのアクセスが設定されていません\n"
msgid "||Please enter the Reset Code for the card"
-msgstr "||カードのReset Codeを入力してください"
+msgstr "||カードのリセット・コードを入力してください"
#, c-format
msgid "Reset Code is too short; minimum length is %d\n"
-msgstr "Reset Codeが短すぎます。最短の長さは%dです。\n"
+msgstr "リセット・コードが短すぎます。最短の長さは%dです。\n"
#. TRANSLATORS: Do not translate the "|*|" prefixes but
#. keep it at the start of the string. We need this elsewhere
#. to get some infos on the string.
msgid "|RN|New Reset Code"
-msgstr "|RN|新しいReset Code"
+msgstr "|RN|新しいリセット・コード"
msgid "|AN|New Admin PIN"
msgstr "|AN|新しい管理者PIN"
msgstr "発行者の証明書がCAとしてマークされていません"
msgid "critical marked policy without configured policies"
-msgstr "ã\82³ã\83³ã\83\95ã\82£ã\82°ã\81\95ã\82\8cã\81\9fã\83\9dã\83ªã\82·ã\81ªã\81\97ã\81«ã\82¯ã\83ªã\83\86ã\82£ã\82«ã\83«ã\81«ã\83\9eã\83¼ã\82¯ã\81\95ã\82\8cã\81\9fã\83\9dã\83ªã\82·"
+msgstr "ã\82³ã\83³ã\83\95ã\82£ã\82°ã\81\95ã\82\8cã\81\9fã\83\9dã\83ªã\82·ã\83¼ã\81ªã\81\97ã\81«ã\82¯ã\83ªã\83\86ã\82£ã\82«ã\83«ã\81«ã\83\9eã\83¼ã\82¯ã\81\95ã\82\8cã\81\9fã\83\9dã\83ªã\82·ã\83¼"
#, c-format
msgid "failed to open '%s': %s\n"
msgstr "'%s'が開けません: %s\n"
msgid "Note: non-critical certificate policy not allowed"
-msgstr "注意: クリティカルでない証明書ポリシは認められません"
+msgstr "注æ\84\8f: ã\82¯ã\83ªã\83\86ã\82£ã\82«ã\83«ã\81§ã\81ªã\81\84証æ\98\8eæ\9b¸ã\83\9dã\83ªã\82·ã\83¼ã\81¯èª\8dã\82\81ã\82\89ã\82\8cã\81¾ã\81\9bã\82\93"
msgid "certificate policy not allowed"
-msgstr "証明書ポリシは認められません"
+msgstr "証æ\98\8eæ\9b¸ã\83\9dã\83ªã\82·ã\83¼ã\81¯èª\8dã\82\81ã\82\89ã\82\8cã\81¾ã\81\9bã\82\93"
msgid "looking up issuer at external location\n"
msgstr "発行者の外部ロケーションを調べています\n"
msgstr "証明書をエクスポートする"
msgid "register a smartcard"
-msgstr "ICカードを登録する"
+msgstr "スマートカードを登録する"
msgid "pass a command to the dirmngr"
msgstr "dirmngrにコマンドを渡す"
msgstr "|N|インクルードする証明書の数"
msgid "|FILE|take policy information from FILE"
-msgstr "|FILE|ポリシ情報をFILEから取得する"
+msgstr "|FILE|ポリシー情報をFILEから取得する"
msgid "do not check certificate policies"
-msgstr "証明書ポリシをチェックしない"
+msgstr "証æ\98\8eæ\9b¸ã\83\9dã\83ªã\82·ã\83¼ã\82\92ã\83\81ã\82§ã\83\83ã\82¯ã\81\97ã\81ªã\81\84"
msgid "fetch missing issuer certificates"
msgstr "紛失している発行者証明書を取得する"
msgid "error retrieving '%s': http status %u\n"
msgstr "'%s'の取得エラー: httpステイタス %u\n"
+#, fuzzy
+#| msgid "CRL access not possible due to disabled %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "CRLアクセスは停止された%sのため不可能です\n"
+
#, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "禁止されているため、証明書の探索ができません: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr "|FILE|FILEにあるCA証明書をTLSでのHKPに使う"
+msgid "route all network traffic via TOR"
+msgstr ""
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
msgid "response from server too large; limit is %d bytes\n"
msgstr "サーバからの応答がが長すぎます (上限%dバイト)。\n"
+#, fuzzy
+#| msgid "OCSP request not possible due to disabled HTTP\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr "HTTPが停止されているためOCSPリクエストが不可能です\n"
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr "HTTPが停止されているためOCSPリクエストが不可能です\n"
msgstr "|N|最大SSH鍵存続時間をN秒とする"
msgid "Options enforcing a passphrase policy"
-msgstr "パスワード・ポリシの強制オプション"
+msgstr "ã\83\91ã\82¹ã\83¯ã\83¼ã\83\89ã\83»ã\83\9dã\83ªã\82·ã\83¼ã\81®å¼·å\88¶ã\82ªã\83\97ã\82·ã\83§ã\83³"
msgid "do not allow to bypass the passphrase policy"
-msgstr "パスワード・ポリシを迂回することを認めない"
+msgstr "ã\83\91ã\82¹ã\83¯ã\83¼ã\83\89ã\83»ã\83\9dã\83ªã\82·ã\83¼ã\82\92è¿\82å\9b\9eã\81\99ã\82\8bã\81\93ã\81¨ã\82\92èª\8dã\82\81ã\81ªã\81\84"
msgid "|N|set minimal required length for new passphrases to N"
msgstr "|N|新しいパスフレーズの必要とする最低長をNとする"
msgid "Options controlling the interactivity and enforcement"
msgstr "インタラクティビティと強制を制御するオプション"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "セキュリティを制御するオプション"
+
msgid "Configuration for HTTP servers"
msgstr "HTTPサーバのコンフィグレーション"
msgid "GPG for S/MIME"
msgstr "S/MIME のためのGPG"
-msgid "Directory Manager"
-msgstr "ディレクトリ・マネージャ"
+msgid "Key Acquirer"
+msgstr ""
msgid "PIN and Passphrase Entry"
msgstr "PINとパスフレーズの入力"
"形式: gpg-check-pattern [オプション] パターンファイル\n"
"パターンファイルに対して標準入力のパスフレーズを確認する\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "S式ベースのフォーマットで鍵をエクスポートする"
+
+#~ msgid "Directory Manager"
+#~ msgstr "ディレクトリ・マネージャ"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr "秘密鍵と公開鍵の一覧の反転"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr ""
+
msgid "secret key parts are not available\n"
msgstr ""
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
msgid "exporting secret keys not allowed\n"
msgstr "eksportering av hemmelige nøkler er ikke tillatt\n"
msgid "You must select at least one user ID.\n"
msgstr "Du må velge minst en brukerid.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Du kan ikke slette den siste brukeriden!\n"
msgid "Keyring"
msgstr "Nøkkelknippe"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "hoppet over «%s»: %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Fingeravtrykk for primærnøkkel:"
msgid "refreshing %d keys from %s\n"
msgstr "oppfrisker %d nøkler fra %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "nøkkelen «%s» ble ikke funnet på nøkkelserveren\n"
msgid "key not found on keyserver\n"
msgstr "nøkkelen ble ikke funnet på nøkkelserver\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "ber om nøkkelen %s fra %s server %s\n"
msgstr "ber om nøkkel %s fra %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "hoppet over «%s»: %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr ""
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr ""
-msgid "decryption okay\n"
+msgid "WARNING: message was not integrity protected\n"
msgstr ""
-msgid "WARNING: message was not integrity protected\n"
+msgid "decryption okay\n"
msgstr ""
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr ""
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr ""
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s-signatur fra: «%s»\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "feil ved lesing av «%s»: %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "hemmelig nøkkel «%s» ble ikke funnet: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "hemmelig nøkkel «%s» ble ikke funnet: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr "Feil: Privat DO for lang (grensa går ved %d tegn).\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr "skrót %u-bitowy nie jest poprawny dla %u-bitowego klucza %s\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "sprawdzenie z³o¿onego podpisu nie powiod³o siê: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "tajne czê¶ci klucza s± niedostêpne\n"
msgid "remove as much as possible from key during export"
msgstr "usuniêcie jak najwiêkszej czê¶ci klucza przy eksporcie"
-msgid "export keys in an S-expression based format"
-msgstr "eksport kluczy w formacie opartym na S-wyra¿eniach"
-
msgid "exporting secret keys not allowed\n"
msgstr "eksport kluczy tajnych nie jest dozwolony\n"
msgid "You must select at least one user ID.\n"
msgstr "Musisz wybraæ co najmniej jeden identyfikator u¿ytkownika.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Nie mo¿esz usun±æ ostatniego identyfikatora u¿ytkownika!\n"
msgid "Keyring"
msgstr "Zbiór kluczy"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "pominiêty ,,%s'': %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Odcisk klucza g³ównego:"
msgid "refreshing %d keys from %s\n"
msgstr "od¶wie¿anie %d kluczy z %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "brak znanyk serwerów kluczy (u¿yj opcji --keyserver)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "klucz ,,%s'' nie zosta³ odnaleziony na serwerze kluczy\n"
msgid "key not found on keyserver\n"
msgstr "klucz nie zosta³ odnaleziony na serwerze kluczy\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "brak znanyk serwerów kluczy (u¿yj opcji --keyserver)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "zapytanie o klucz %s z serwera %s %s\n"
msgstr "zapytanie o klucz %s z %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "pominiêty ,,%s'': %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "wysy³anie klucza %s na serwer %s %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "szyfr IDEA nie jest dostêpny, próba u¿ycia %s zamiast niego\n"
-msgid "decryption okay\n"
-msgstr "odszyfrowanie poprawne\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "OSTRZE¯ENIE: wiadomo¶æ nie by³a zabezpieczona przed manipulacj±\n"
+msgid "decryption okay\n"
+msgstr "odszyfrowanie poprawne\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "OSTRZE¯ENIE: zaszyfrowana wiadomo¶æ by³a manipulowana!\n"
" serwera kluczy (jest zbyt d³ugi). U¿yty zostanie nie rozwiniêty.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "sprawdzenie z³o¿onego podpisu nie powiod³o siê: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "podpis %s/%s z³o¿ony przez: ,,%s''\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "b³±d uruchamiania ,,%s'': kod wyj¶cia %d\n"
+#, fuzzy
+#| msgid "certificate `%s' not found: %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "nie znaleziono certyfikatu ,,%s'': %s\n"
+
#, fuzzy, c-format
#| msgid "certificate `%s' not found: %s\n"
msgid "certificate search not possible due to disabled %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr "B³±d: prywatne DO zbyt d³ugie (limit to %d znaków).\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr "Opcje steruj±ce interaktywno¶ci± i wymuszaniem"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "Opcje steruj±ce bezpieczeñstwem"
+
msgid "Configuration for HTTP servers"
msgstr "Konfiguracja dla serwerów HTTP"
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
"Sk³adnia: gpg-check-pattern [opcje] plik-wzorców\n"
"Sprawdzanie has³a ze standardowego wej¶cia wzglêdem pliku wzorców\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "eksport kluczy w formacie opartym na S-wyra¿eniach"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr "prze³±czenie pomiêdzy listami kluczy tajnych i publicznych"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "verificação da assinatura criada falhou: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "partes da chave secreta não disponíveis\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "a escrever chave privada para `%s'\n"
msgid "You must select at least one user ID.\n"
msgstr "Você precisa selecionar pelo menos um ID de utilizador.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Você não pode remover o último ID de utilizador!\n"
msgid "Keyring"
msgstr "Porta-chaves"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "ignorado `%s': %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Impressão da chave primária:"
msgid "refreshing %d keys from %s\n"
msgstr "a pedir a chave %08lX de %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "chave `%s' não encontrada: %s\n"
msgid "key not found on keyserver\n"
msgstr "chave `%s' não encontrada: %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "a pedir a chave %08lX de %s\n"
msgstr "a pedir a chave %08lX de %s\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "ignorado `%s': %s\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "a procurar por \"%s\" no servidor HKP %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "Cifra IDEO não disponível, a tentar utilizar %s em substituição\n"
-msgid "decryption okay\n"
-msgstr "decifragem correcta\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "AVISO: a mensagem não tinha a sua integridade protegida\n"
+msgid "decryption okay\n"
+msgstr "decifragem correcta\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "CUIDADO: a mensagem cifrada foi manipulada!\n"
"AVISO: impossível expandir-%% a url de política (demasiado grande).\n"
"A utilizar não expandida.\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "verificação da assinatura criada falhou: %s\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "assinatura %s de: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "erro na leitura de `%s': %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "chave `%s' não encontrada: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "verificarea semnãturii create a eºuat: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "pãrþi ale cheii secrete nu sunt disponibile\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
msgid "exporting secret keys not allowed\n"
msgstr "exportul cheilor secrete nu este permis\n"
msgid "You must select at least one user ID.\n"
msgstr "Trebuie mai întâi sã selectaþi cel puþin un ID utilizator.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Nu puteþi ºterge ultimul ID utilizator!\n"
msgid "Keyring"
msgstr "Inel de chei"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "sãritã \"%s\": %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Amprentã cheie primarã:"
msgid "refreshing %d keys from %s\n"
msgstr "reactualizez %d chei de la %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "nici un server de chei cunoscut (folosiþi opþiunea --keyserver)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "cheia \"%s\" nu a fost gãsitã pe serverul de chei\n"
msgid "key not found on keyserver\n"
msgstr "cheia nu a fost gãsitã pe serverul de chei\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "nici un server de chei cunoscut (folosiþi opþiunea --keyserver)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "cer cheia %s de la serverul %s %s\n"
msgstr "cer cheia %s de la %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "sãritã \"%s\": %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "trimit cheia %s serverului %s %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "cifru IDEA indisponibil, vom încerca sã folosim %s în loc\n"
-msgid "decryption okay\n"
-msgstr "decriptare OK\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "AVERTISMENT: mesajul nu a avut integritatea protejatã\n"
+msgid "decryption okay\n"
+msgstr "decriptare OK\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "AVERTISMENT: mesajul cifrat a fost manipulat!\n"
"folosesc neexpandat.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "verificarea semnãturii create a eºuat: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s semnãturã de la: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "eroare la citire `%s': %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "cheia secretã \"%s\" nu a fost gãsitã: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "cheia secretã \"%s\" nu a fost gãsitã: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr "Eroare DO personal pre lung (limita este de %d caractere).\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr "%zu-битный хэш недопустим для %u-битного ключа %s\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "сбой проверки созданной подписи: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "закрытая часть ключа недоступна\n"
msgid "remove as much as possible from key during export"
msgstr "при экспорте удалить из ключа как можно больше"
-msgid "export keys in an S-expression based format"
-msgstr "экспортировать ключи в формате на основе S-выражений"
-
msgid "exporting secret keys not allowed\n"
msgstr "экспорт закрытых ключей не разрешен\n"
msgid "You must select at least one user ID.\n"
msgstr "Вы должны выбрать хотя бы один ID пользователя.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Вы не можете удалить последний ID пользователя!\n"
msgid "Keyring"
msgstr "Таблица ключей"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "пропущено \"%s\": %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Отпечаток главного ключа:"
msgid "refreshing %d keys from %s\n"
msgstr "обновление %d ключей из %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "не заданы серверы ключей (используйте --keyserver)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "ключ \"%s\" не найден на сервере ключей\n"
msgid "key not found on keyserver\n"
msgstr "ключ не найден на сервере ключей\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "не заданы серверы ключей (используйте --keyserver)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "запрашиваю ключ %s с сервера %s %s\n"
msgstr "получение ключа %s с %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "пропущено \"%s\": %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "отправка ключа %s на сервер %s %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "шифр IDEA недоступен, попробую вместо него %s\n"
-msgid "decryption okay\n"
-msgstr "расшифровано нормально\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "Внимание: целостность сообщения не защищена\n"
+msgid "decryption okay\n"
+msgstr "расшифровано нормально\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "Внимание: зашифрованное сообщение было изменено!\n"
"(слишком длинный). Использую неразвернутым.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "сбой проверки созданной подписи: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "подпись %s/%s пользователя \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "ошибка получения '%s': статус HTTP %u\n"
+#, fuzzy
+#| msgid "CRL access not possible due to disabled %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr ""
+"Доступ к списку отозванных сертификатов невозможен\n"
+"из-за того, что не задействуется %s\n"
+
#, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "поиск сертификата невозможен из-за того, что не задействуется %s\n"
"|FILE|использовать сертификаты удостоверяющего центра из файла FILE для HKP "
"по TLS"
+msgid "route all network traffic via TOR"
+msgstr ""
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
msgid "response from server too large; limit is %d bytes\n"
msgstr "слишком длинный ответ сервера; предел - %d байт\n"
+#, fuzzy
+#| msgid "OCSP request not possible due to disabled HTTP\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr "запрос OCSP невозможен из-за отключения HTTP\n"
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr "запрос OCSP невозможен из-за отключения HTTP\n"
msgid "Options controlling the interactivity and enforcement"
msgstr "Параметры, управляющие интерактивностью и принудительными действиями"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "Параметры, управляющие безопасностью"
+
msgid "Configuration for HTTP servers"
msgstr "Настройки серверов HTTP"
msgid "GPG for S/MIME"
msgstr "GPG для S/MIME"
-msgid "Directory Manager"
-msgstr "Управление каталогами"
+msgid "Key Acquirer"
+msgstr ""
msgid "PIN and Passphrase Entry"
msgstr "Ввод PIN и фраз-паролей"
"Синтаксис: gpg-check-pattern [параметры] файл_образцов\n"
"Проверить фразу-пароль, поступающую из stdin, по файлу образцов\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "экспортировать ключи в формате на основе S-выражений"
+
+#~ msgid "Directory Manager"
+#~ msgstr "Управление каталогами"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr "переключение между просмотром открытых и закрытых ключей"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "tajné èasti kµúèa nie sú dostupné\n"
msgid "remove as much as possible from key during export"
msgstr ""
-msgid "export keys in an S-expression based format"
-msgstr ""
-
#, fuzzy
msgid "exporting secret keys not allowed\n"
msgstr "zapisujem tajný kµúè do `%s'\n"
msgid "You must select at least one user ID.\n"
msgstr "Musíte vybra» aspoò jedno id u¾ívateµa.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Nemô¾ete zmaza» posledné id u¾ívateµa!\n"
msgid "Keyring"
msgstr "súbor kµúèov (keyring)"
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "preskoèený `%s': %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Primárny fingerprint kµúèa:"
msgid "refreshing %d keys from %s\n"
msgstr "po¾adujem kµúè %08lX z %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-
#, fuzzy, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "kµúè `%s' nebol nájdený: %s\n"
msgid "key not found on keyserver\n"
msgstr "kµúè `%s' nebol nájdený: %s\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
#, fuzzy, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "po¾adujem kµúè %08lX z %s\n"
msgstr "po¾adujem kµúè %08lX z %s\n"
#, fuzzy, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "preskoèený `%s': %s\n"
-
-#, fuzzy, c-format
msgid "sending key %s to %s server %s\n"
msgstr "vyhµadávam \"%s\" na HKP serveri %s\n"
"algoritmus IDEA nie je dostupný; optimisticky sa ho pokúsime nahradi» "
"algoritmom %s\n"
-msgid "decryption okay\n"
-msgstr "de¹ifrovanie o.k.\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "VAROVANIE: správa nemá ochranu integrity\n"
+msgid "decryption okay\n"
+msgstr "de¹ifrovanie o.k.\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "VAROVANIE: so za¹ifrovanou správou bolo manipulované!\n"
"VAROVANIE: nemô¾em %%-expandova» URL politiky (príli¹ dlhé). Pou¾ité "
"neexpandované.\n"
-#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
-
#, fuzzy, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s podpis od: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "chyba pri èítaní `%s': %s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "kµúè `%s' nebol nájdený: %s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "kµúè `%s' nebol nájdený: %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr "en %u-bitars hash är inte giltig för en %u-bitars %s-nyckel\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "kontroll av den skapade signaturen misslyckades: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "de hemliga nyckeldelarna är inte tillgängliga\n"
msgid "remove as much as possible from key during export"
msgstr "ta bort så mycket som möjligt från nyckeln under exportering"
-msgid "export keys in an S-expression based format"
-msgstr "exportera nycklar i ett S-uttrycksbaserat format"
-
msgid "exporting secret keys not allowed\n"
msgstr "export av hemliga nycklar tillåts inte\n"
msgid "You must select at least one user ID.\n"
msgstr "Du måste välja åtminstone en användaridentitet.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Du kan inte ta bort den sista användaridentiteten!\n"
msgid "Keyring"
msgstr "Nyckelring"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "hoppade över \"%s\": %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Primära nyckelns fingeravtryck:"
msgid "refreshing %d keys from %s\n"
msgstr "uppdaterar %d nycklar från %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "ingen nyckelserver är känd (använd flaggan --keyserver)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "nyckeln \"%s\" hittades inte på nyckelservern\n"
msgid "key not found on keyserver\n"
msgstr "nyckeln hittades inte på nyckelservern\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "ingen nyckelserver är känd (använd flaggan --keyserver)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "begär nyckeln %s från %s-servern %s\n"
msgstr "begär nyckeln %s från %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "hoppade över \"%s\": %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "skickar nyckeln %s till %s-servern %s\n"
"IDEA-chiffer är inte tillgängligt. Försöker optimistiskt att använda %s "
"istället\n"
-msgid "decryption okay\n"
-msgstr "dekrypteringen lyckades\n"
-
# Äldre krypteringalgoritmer skapar ingen mdc dvs. "minisignatur" som skyddar mot att delar av den krypterade texten byts ut/tas bort. Alla nya 128-bitars algoritmer använder mdc: AES, AES192, AES256, BLOWFISH.
msgid "WARNING: message was not integrity protected\n"
msgstr "VARNING: detta meddelande var inte integritetsskyddat\n"
+msgid "decryption okay\n"
+msgstr "dekrypteringen lyckades\n"
+
# Meddelandet innebär alltså att kontrollen av mdc visade att meddelandet förändrats/manipulerats sedan det krypterades. Block kan ha tagits bort eller bytts ut.
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "VARNING: det krypterade meddelandet har ändrats!\n"
"stor). Använder oexpanderad.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "kontroll av den skapade signaturen misslyckades: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s signatur från: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "fel vid körning av \"%s\": avslutsstatus %d\n"
+#, fuzzy
+#| msgid "certificate `%s' not found: %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "certifikatet \"%s\" hittades inte: %s\n"
+
#, fuzzy, c-format
#| msgid "certificate `%s' not found: %s\n"
msgid "certificate search not possible due to disabled %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
# inställningar istället för flaggor?
# Nej, här är det bruksanvisningen för kommandoraden.
#, fuzzy
msgid "response from server too large; limit is %d bytes\n"
msgstr "Fel: Privat DO för långt (gränsen är %d tecken).\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr "Flaggor som kontrollerar interaktivitet och framtvingande"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "Flaggor som kontrollerar säkerheten"
+
msgid "Configuration for HTTP servers"
msgstr "Konfiguration för HTTP-servrar"
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
"Syntax: gpg-check-pattern [flaggor] mönsterfil\n"
"Kontrollera en lösenfras angiven på standard in mot mönsterfilen\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "exportera nycklar i ett S-uttrycksbaserat format"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr "växla mellan att lista hemliga och publika nycklar"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr "%u bitlik çittirim %u bitlik %s anahtarı için geçersiz\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "oluşturulan imzanın denetimi başarısız: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "gizli anahtar parçaları kullanım dışı\n"
msgid "remove as much as possible from key during export"
msgstr "ihraç sırasında anahtardan mümkün olduğunca çok şey kaldırılır"
-msgid "export keys in an S-expression based format"
-msgstr "anahtarları bir S ifadesine dayalı biçimde ihraceder"
-
msgid "exporting secret keys not allowed\n"
msgstr "gizli anahtarların ihracına izin verilmez\n"
msgid "You must select at least one user ID.\n"
msgstr "En az bir kullanıcı kimliği seçmelisiniz.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Son kullanıcı kimliğini silemezsiniz!\n"
msgid "Keyring"
msgstr "Anahtar zinciri"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "\"%s\" atlandı: %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Birincil anahtar parmak izi:"
msgid "refreshing %d keys from %s\n"
msgstr "%d anahtar %s adresinden tazeleniyor\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "bilinen bir anahtar sunucusu yok (--keyserver seçeneğini kullanın)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "anahtar \"%s\" anahtar sunucusunda yok\n"
msgid "key not found on keyserver\n"
msgstr "anahtar, anahtar sunucusunda yok\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "bilinen bir anahtar sunucusu yok (--keyserver seçeneğini kullanın)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "%1$s anahtarı %3$s sunucusunun %2$s adresinden isteniyor\n"
msgstr "%s anahtarı %s adresinden isteniyor\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "\"%s\" atlandı: %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "anahtar %1$s, %3$s sunucusunun %2$s adresine gönderiliyor\n"
msgstr ""
"IDEA şifre kullanışsız, iyimserlikle yerine %s kullanılmaya çalışılıyor\n"
-msgid "decryption okay\n"
-msgstr "Şifre çözme tamam\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "UYARI: ileti bütünlük korumalı değildi\n"
+msgid "decryption okay\n"
+msgstr "Şifre çözme tamam\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "UYARI: şifreli ileti tahrip edilmiş!\n"
"(çok büyük). Uzatılmadan kullanılıyor.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "oluşturulan imzanın denetimi başarısız: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s imza: \"%s\" den\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "`%s' çalışırken hata: çıkış durumu: %d\n"
+#, fuzzy
+#| msgid "certificate `%s' not found: %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "sertifika \"%s\" yok: %s\n"
+
#, fuzzy, c-format
#| msgid "certificate `%s' not found: %s\n"
msgid "certificate search not possible due to disabled %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr "Hata: Özel DO çok uzun (sınır: %d karakter).\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr "Etkileşimliliği ve zorlamayı denetleyen seçenekler"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "Güvenliği denetleyen seçenekler"
+
msgid "Configuration for HTTP servers"
msgstr "HTTP sunucuları için yapılandırma"
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
"Standart girdiden verilen anahtar parolasını örüntü dosyasıyla "
"karşılaştırır\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "anahtarları bir S ifadesine dayalı biçimde ihraceder"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr "genel ve gizli anahtar listeleri arasında yer değiştirir"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr "%zu-бітовий хеш не є коректним для %u-бітового ключа %s\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "невдала спроба перевірити створений підпис: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "закриті частини ключа недоступні\n"
msgid "remove as much as possible from key during export"
msgstr "вилучити максимум частин з ключа під час експортування"
-msgid "export keys in an S-expression based format"
-msgstr "експортувати ключі у форматі, заснованому на S-виразах"
-
msgid "exporting secret keys not allowed\n"
msgstr "експортування закритих ключів заборонено\n"
msgid "You must select at least one user ID.\n"
msgstr "Вам слід вибрати принаймні один ідентифікатор користувача.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "Не можна вилучати останній ідентифікатор користувача!\n"
msgid "Keyring"
msgstr "Сховище ключів"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "пропущено «%s»: %s\n"
+
msgid "Primary key fingerprint:"
msgstr "Основний відбиток ключа:"
msgid "refreshing %d keys from %s\n"
msgstr "оновлюємо %d ключів з %s\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr ""
-"не вказано жодного сервера ключів (скористайтеся параметром --keyserver)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "ключ «%s» не знайдено на сервері ключів\n"
msgid "key not found on keyserver\n"
msgstr "ключ не знайдено на сервері ключів\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+"не вказано жодного сервера ключів (скористайтеся параметром --keyserver)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "надсилаємо запит щодо ключа %s до %s сервера %s\n"
msgstr "надсилаємо запит щодо ключа %s з %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "пропущено «%s»: %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "надсилаємо ключ %s до %s сервера %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "Шифр IDEA недоступний, спробуємо скористатися замість нього %s\n"
-msgid "decryption okay\n"
-msgstr "розшифровано\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "УВАГА: цілісність повідомлення не захищено\n"
+msgid "decryption okay\n"
+msgstr "розшифровано\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "УВАГА: зашифроване повідомлення було змінено!\n"
"(занадто велика). Використовуємо нерозгорнутою.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "невдала спроба перевірити створений підпис: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s підпис від: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "помилка отримання «%s»: стан http %u\n"
+#, fuzzy
+#| msgid "CRL access not possible due to disabled %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "Доступ до CRL неможливий через вимкнений %s\n"
+
#, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "пошук сертифікатів неможливий через вимкнений %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr "|ФАЙЛ|використовувати сертифікати CA з файла ФАЙЛ для HKP крізь TLS"
+msgid "route all network traffic via TOR"
+msgstr ""
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
msgid "response from server too large; limit is %d bytes\n"
msgstr "занадто об’ємна відповідь від сервера; верхня межа — %d байтів\n"
+#, fuzzy
+#| msgid "OCSP request not possible due to disabled HTTP\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr "запит за допомогою OCSP неможливий через вимикання протоколу HTTP\n"
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr "запит за допомогою OCSP неможливий через вимикання протоколу HTTP\n"
msgid "Options controlling the interactivity and enforcement"
msgstr "Параметри керування інтерактивністю та примусом"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "Параметри керування захистом"
+
msgid "Configuration for HTTP servers"
msgstr "Налаштування для серверів HTTP"
msgid "GPG for S/MIME"
msgstr "GPG для S/MIME"
-msgid "Directory Manager"
-msgstr "Керування каталогом"
+msgid "Key Acquirer"
+msgstr ""
msgid "PIN and Passphrase Entry"
msgstr "Введення пінкодів і паролів"
"Синтаксис: gpg-check-pattern [параметри] файл_шаблонів\n"
"Перевірити пароль, вказаний у stdin, за допомогою файла_шаблонів\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "експортувати ключі у форматі, заснованому на S-виразах"
+
+#~ msgid "Directory Manager"
+#~ msgstr "Керування каталогом"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr "перемкнутися між списками закритих і відкритих ключів"
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr ""
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "检查已建立的签名时发生错误: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "私钥部分不可用\n"
msgid "remove as much as possible from key during export"
msgstr "导出时尽可能清除密钥中的可选部分"
-msgid "export keys in an S-expression based format"
-msgstr ""
-
msgid "exporting secret keys not allowed\n"
msgstr "不允许导出私钥\n"
msgid "You must select at least one user ID.\n"
msgstr "您至少得选择一个用户标识。\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "您不能删除最后一个用户标识!\n"
msgid "Keyring"
msgstr "钥匙环"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "“%s”已跳过:%s\n"
+
msgid "Primary key fingerprint:"
msgstr "主钥指纹:"
msgid "refreshing %d keys from %s\n"
msgstr "%d 个密钥正从 %s 得到更新\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "未给出公钥服务器(使用 --keyserver 选项)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "在公钥服务器上找不到密钥“%s”\n"
msgid "key not found on keyserver\n"
msgstr "在公钥服务器上找不到密钥\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "未给出公钥服务器(使用 --keyserver 选项)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "下载密钥‘%s’,从 %s 服务器 %s\n"
msgstr "下载密钥 %s,从 %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "“%s”已跳过:%s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "将密钥‘%s’上传到 %s 服务器 %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "IDEA 算法不可用,试以 %s 代替\n"
-msgid "decryption okay\n"
-msgstr "解密成功\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "警告:报文未受到完整的保护\n"
+msgid "decryption okay\n"
+msgstr "解密成功\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "警告:加密过的报文已经变造!\n"
msgstr "警告:无法 %%-扩展首选公钥服务器 URL (太大了)。现在使用未扩展的。\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "检查已建立的签名时发生错误: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s 签名来自:“%s”\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "读取‘%s’时出错:%s\n"
+#, fuzzy
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "找不到私钥“%s”:%s\n"
+
#, fuzzy, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "找不到私钥“%s”:%s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
+msgid "route all network traffic via TOR"
+msgstr ""
+
#, fuzzy
#| msgid ""
#| "@\n"
msgid "response from server too large; limit is %d bytes\n"
msgstr "错误:个人 DO 太长(至多 %d 个字符)。\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr ""
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
msgid "Options controlling the interactivity and enforcement"
msgstr ""
+msgid "Options controlling the use of TOR"
+msgstr ""
+
msgid "Configuration for HTTP servers"
msgstr ""
msgid "GPG for S/MIME"
msgstr ""
-msgid "Directory Manager"
+msgid "Key Acquirer"
msgstr ""
#, fuzzy
msgid "a %zu bit hash is not valid for a %u bit %s key\n"
msgstr "%zu 位元的雜湊對 %u 位元的 %s 金鑰無效\n"
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "檢查已建立的簽章時出錯: %s\n"
+
msgid "secret key parts are not available\n"
msgstr "私鑰部分無法取用\n"
msgid "remove as much as possible from key during export"
msgstr "匯出時盡可能地從金鑰中移除"
-msgid "export keys in an S-expression based format"
-msgstr "匯出金鑰成以 S-表示式形式的格式"
-
msgid "exporting secret keys not allowed\n"
msgstr "不允許匯出私鑰\n"
msgid "You must select at least one user ID.\n"
msgstr "你至少得選擇一個使用者 ID.\n"
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr ""
+
msgid "You can't delete the last user ID!\n"
msgstr "你不能刪除最後一個使用者 ID!\n"
msgid "Keyring"
msgstr "鑰匙圈"
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "已跳過 \"%s\": %s\n"
+
msgid "Primary key fingerprint:"
msgstr " 主鑰指紋:"
msgid "refreshing %d keys from %s\n"
msgstr "更新 %d 份金鑰中 (從 %s )\n"
-msgid "no keyserver known (use option --keyserver)\n"
-msgstr "沒有已知的金鑰伺服器 (使用 --keyserver 選項)\n"
-
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "在金鑰伺服器上找不到金鑰 \"%s\"\n"
msgid "key not found on keyserver\n"
msgstr "在金鑰伺服器上找不到金鑰\n"
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "沒有已知的金鑰伺服器 (使用 --keyserver 選項)\n"
+
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "正在請求金鑰 %s 自 %s 伺服器 %s\n"
msgstr "正在請求金鑰 %s 自 %s\n"
#, c-format
-msgid "skipped \"%s\": %s\n"
-msgstr "已跳過 \"%s\": %s\n"
-
-#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "遞送金鑰 %s 至 %s 伺服器 %s\n"
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "IDEA 編密法不可用, 我們樂觀地試著改以 %s 代替\n"
-msgid "decryption okay\n"
-msgstr "解密成功\n"
-
msgid "WARNING: message was not integrity protected\n"
msgstr "警告: 訊息未受到完整的保護\n"
+msgid "decryption okay\n"
+msgstr "解密成功\n"
+
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "警告: 加密過的訊息已經被變造了!\n"
msgstr "警告: 偏好金鑰伺服器 URL 的 %% 無法擴張 (太大了). 現在使用未擴張的.\n"
#, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "檢查已建立的簽章時出錯: %s\n"
-
-#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s 簽章來自: \"%s\"\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "取回 '%s' 時出錯: http 狀態 %u\n"
+#, fuzzy
+#| msgid "CRL access not possible due to disabled %s\n"
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "不可能存取 CRL 因已停用 %s\n"
+
#, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "不可能進行憑證搜尋, 因為已停用 %s\n"
msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr "|檔案|在 HKP over TLS 的指定檔案中使用 CA 憑證"
+msgid "route all network traffic via TOR"
+msgstr ""
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
msgid "response from server too large; limit is %d bytes\n"
msgstr "來自伺服器的回應太大; 上限是 %d 位元組\n"
+#, fuzzy
+#| msgid "OCSP request not possible due to disabled HTTP\n"
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr "因為已經停用 HTTP 而不可能有 OCSP 請求\n"
+
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr "因為已經停用 HTTP 而不可能有 OCSP 請求\n"
msgid "Options controlling the interactivity and enforcement"
msgstr "控制著互動及強制執行的選項"
+#, fuzzy
+#| msgid "Options controlling the security"
+msgid "Options controlling the use of TOR"
+msgstr "控制著安全性的選項"
+
msgid "Configuration for HTTP servers"
msgstr "HTTP 伺服器組態"
msgid "GPG for S/MIME"
msgstr "S/MIME 版 GPG"
-msgid "Directory Manager"
-msgstr "目錄總管"
+msgid "Key Acquirer"
+msgstr ""
msgid "PIN and Passphrase Entry"
msgstr "個人識別碼及密語項目"
"語法: gpg-check-pattern [選項] 樣式檔案\n"
"用樣式檔案來檢查由標準輸入給定的密語\n"
+#~ msgid "export keys in an S-expression based format"
+#~ msgstr "匯出金鑰成以 S-表示式形式的格式"
+
+#~ msgid "Directory Manager"
+#~ msgstr "目錄總管"
+
#~ msgid "toggle between the secret and public key listings"
#~ msgstr "在私鑰清單和公鑰清單間切換"
int
apdu_connect (int slot)
{
- int sw;
- unsigned int status;
+ int sw = 0;
+ unsigned int status = 0;
if (DBG_READER)
log_debug ("enter: apdu_connect: slot=%d\n", slot);
unlock_slot (slot);
}
}
- else
- sw = 0;
/* We need to call apdu_get_status_internal, so that the last-status
machinery gets setup properly even if a card is inserted while
scdaemon is fired up and apdu_get_status has not yet been called.
Without that we would force a reset of the card with the next
call to apdu_get_status. */
- apdu_get_status_internal (slot, 1, 1, &status, NULL);
+ if (!sw)
+ sw = apdu_get_status_internal (slot, 1, 1, &status, NULL);
+
if (sw)
;
else if (!(status & APDU_CARD_PRESENT))
{
const unsigned char **buf2;
size_t *buf2len;
+ int native = flag_djb_tweak;
switch (*tok)
{
case 'q': buf2 = &ecc_q; buf2len = &ecc_q_len; break;
- case 'd': buf2 = &ecc_d; buf2len = &ecc_d_len; break;
+ case 'd': buf2 = &ecc_d; buf2len = &ecc_d_len; native = 0; break;
default: buf2 = NULL; buf2len = NULL; break;
}
if (buf2 && *buf2)
}
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
goto leave;
- if (tok && buf2 && !flag_djb_tweak)
- /* It's MPI. Strip off leading zero bytes and save. */
- for (;toklen && !*tok; toklen--, tok++)
- ;
+ if (tok && buf2)
+ {
+ if (!native)
+ /* Strip off leading zero bytes and save. */
+ for (;toklen && !*tok; toklen--, tok++)
+ ;
- *buf2 = tok;
- *buf2len = toklen;
+ *buf2 = tok;
+ *buf2len = toklen;
+ }
}
/* Skip until end of list. */
last_depth2 = depth;
*/
#define CCID_MAX_BUF (2048+7+10)
+/* CCID command timeout. OpenPGPcard v2.1 requires timeout of 13 seconds. */
+#define CCID_CMD_TIMEOUT (13*1000)
+
/* Depending on how this source is used we either define our error
output to go to stderr or to the GnuPG based logging functions. We
use the latter when GNUPG_MAJOR_VERSION or GNUPG_SCD_MAIN_HEADER
apdu_len -= apdu_part_len;
rc = bulk_in (handle, msg, sizeof msg, &msglen,
- RDR_to_PC_DataBlock, seqno, 5000, 0);
+ RDR_to_PC_DataBlock, seqno, CCID_CMD_TIMEOUT, 0);
if (rc)
return rc;
return rc;
rc = bulk_in (handle, msg, sizeof msg, &msglen,
- RDR_to_PC_DataBlock, seqno, 5000, 0);
+ RDR_to_PC_DataBlock, seqno, CCID_CMD_TIMEOUT, 0);
if (rc)
return rc;
}
msg = recv_buffer;
rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
via_escape? RDR_to_PC_Escape : RDR_to_PC_DataBlock,
- seqno, 5000, 0);
+ seqno, CCID_CMD_TIMEOUT, 0);
if (rc)
return rc;
samplekeys/eddsa-sample-1-sec.asc \
samplekeys/dda252ebb8ebe1af-1.asc \
samplekeys/dda252ebb8ebe1af-2.asc \
- samplekeys/whats-new-in-2.1.asc
+ samplekeys/whats-new-in-2.1.asc \
+ samplekeys/e2e-p256-1-clr.asc \
+ samplekeys/e2e-p256-1-prt.asc
EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) ChangeLog-2011 \
mkdemodirs signdemokey $(priv_keys) $(sample_keys)
dda252ebb8ebe1af-1.asc rsa4096 key 1
dda252ebb8ebe1af-2.asc rsa4096 key 2 with a long keyid collision.
whats-new-in-2.1.asc Collection of sample keys.
+e2e-p256-1-clr.asc Google End-end-End test key (no protection)
+e2e-p256-1-prt.asc Ditto, but protected with passphrase "a".
--- /dev/null
+pub nistp256/03288C74F8BE8F0F 1970-01-01
+uid [ unknown] <example@another.test>
+sub nistp256/A6ED196C7C513F1E 1970-01-01
+
+Not protected.
+
+Taken from
+https://github.com/google/end-to-end/issues/326#issuecomment-123585977
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Charset: UTF-8
+Version: End-To-End v0.3.1342
+
+xf8AAAB3BAAAAAATCCqGSM49AwEHAgMEmUwnXtxBvQY+nXvduAbd626NmYshRVi4
+HULGQ9fAHjKqfld4qWk97o+ggZDAnhQJ/Jm3ljtXr3/SosXUsSh7AAABAP2/JEYo
+22A3Ju3N3vhcbSuvJiHggUDtaomAX2ts2uGYEOvN/wAAABY8ZXhhbXBsZUBhbm90
+aGVyLnRlc3Q+wv8AAACNBBATCAA//wAAAAWCVazty/8AAAACiwn/AAAACZADKIx0
++L6PD/8AAAAFlQgJCgv/AAAAA5YBAv8AAAACmwP/AAAAAp4BAACIEgD8C80DxHrk
+iIBDHF5EWguzM+gUTb4xmIdTAJ2wGUOnTOoA/RpWuJNKU3kdtnnmqce88//jN8VF
+1Ho0BONH1b7dRV4ix/8AAAB7BAAAAAASCCqGSM49AwEHAgMEyfb375CDU05C3BXj
+FY3tGbGEmGrTgNj0lAzdbi7TVm5tiHidcNWPHSQPS8aMmygH23OvIkTBmJdCHR38
+lGID/gMBCAcAAQD8IOp5uKaGHtkmHNdwiwizTl3a2fAltOEAmWwyS6X0qBD1wv8A
+AABtBBgTCAAf/wAAAAWCVazty/8AAAAJkAMojHT4vo8P/wAAAAKbDAAA88EBAKve
+TpskPN10clQ6TeCFqlq51jhB5ZhzPSq64ChB7p8nAQCa9aJZneQOvMDquN/1vpJK
+MvDHHXB+EgIsuAzL0DtfL8b/AAAAUgQAAAAAEwgqhkjOPQMBBwIDBJlMJ17cQb0G
+Pp173bgG3etujZmLIUVYuB1CxkPXwB4yqn5XeKlpPe6PoIGQwJ4UCfyZt5Y7V69/
+0qLF1LEoewDN/wAAABY8ZXhhbXBsZUBhbm90aGVyLnRlc3Q+wv8AAACNBBATCAA/
+/wAAAAWCVazty/8AAAACiwn/AAAACZADKIx0+L6PD/8AAAAFlQgJCgv/AAAAA5YB
+Av8AAAACmwP/AAAAAp4BAACIEgD8C80DxHrkiIBDHF5EWguzM+gUTb4xmIdTAJ2w
+GUOnTOoA/RpWuJNKU3kdtnnmqce88//jN8VF1Ho0BONH1b7dRV4izv8AAABWBAAA
+AAASCCqGSM49AwEHAgMEyfb375CDU05C3BXjFY3tGbGEmGrTgNj0lAzdbi7TVm5t
+iHidcNWPHSQPS8aMmygH23OvIkTBmJdCHR38lGID/gMBCAfC/wAAAG0EGBMIAB//
+AAAABYJVrO3L/wAAAAmQAyiMdPi+jw//AAAAApsMAADzwQD/ahaSqogMflSlGJRU
+Z6Qb51EAaYBB5nL/u1ckWLh/CCEBAM83CFzh1qJXzYnl5DJNAPnj4jJgJKtSxOhn
+bvlk62wx
+=Xjs9
+-----END PGP PRIVATE KEY BLOCK-----
--- /dev/null
+pub nistp256/03288C74F8BE8F0F 1970-01-01
+uid [ unknown] <example@another.test>
+sub nistp256/A6ED196C7C513F1E 1970-01-01
+
+Passphrase is "a".
+
+Taken from
+https://github.com/google/end-to-end/issues/326#issuecomment-123585977
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Charset: UTF-8
+Version: End-To-End v0.3.1342
+
+xf8AAAClBAAAAAATCCqGSM49AwEHAgMEmUwnXtxBvQY+nXvduAbd626NmYshRVi4
+HULGQ9fAHjKqfld4qWk97o+ggZDAnhQJ/Jm3ljtXr3/SosXUsSh7AP4JAwLJdqYd
+6K+4XWACOPArMgQfaUFtQY54pRS1Vo98N4Jpw7o0iYAr80y40s5DaBIcUD5UuMHM
+p5no4vv8/hVCkIWJvoD/08rIzJDYEc9h2S4Lzf8AAAAWPGV4YW1wbGVAYW5vdGhl
+ci50ZXN0PsL/AAAAjQQQEwgAP/8AAAAFglWs7cv/AAAAAosJ/wAAAAmQAyiMdPi+
+jw//AAAABZUICQoL/wAAAAOWAQL/AAAAApsD/wAAAAKeAQAAiBIA/AvNA8R65IiA
+QxxeRFoLszPoFE2+MZiHUwCdsBlDp0zqAP0aVriTSlN5HbZ55qnHvPP/4zfFRdR6
+NATjR9W+3UVeIsf/AAAAqQQAAAAAEggqhkjOPQMBBwIDBMn29++Qg1NOQtwV4xWN
+7RmxhJhq04DY9JQM3W4u01ZubYh4nXDVjx0kD0vGjJsoB9tzryJEwZiXQh0d/JRi
+A/4DAQgH/gkDAsplyBF6DNuBYC3tTyYEL0QQjWrcaaeTk4JSb93mog6QlL610EO5
++muowWT9Dl8Ll77BjQSpj7mmqGHIj/IxJubOYqa+iW1e4pj5qlXCaBbC/wAAAG0E
+GBMIAB//AAAABYJVrO3L/wAAAAmQAyiMdPi+jw//AAAAApsMAADzwQEAq95OmyQ8
+3XRyVDpN4IWqWrnWOEHlmHM9KrrgKEHunycBAJr1olmd5A68wOq43/W+kkoy8Mcd
+cH4SAiy4DMvQO18vxv8AAABSBAAAAAATCCqGSM49AwEHAgMEmUwnXtxBvQY+nXvd
+uAbd626NmYshRVi4HULGQ9fAHjKqfld4qWk97o+ggZDAnhQJ/Jm3ljtXr3/SosXU
+sSh7AM3/AAAAFjxleGFtcGxlQGFub3RoZXIudGVzdD7C/wAAAI0EEBMIAD//AAAA
+BYJVrO3L/wAAAAKLCf8AAAAJkAMojHT4vo8P/wAAAAWVCAkKC/8AAAADlgEC/wAA
+AAKbA/8AAAACngEAAIgSAPwLzQPEeuSIgEMcXkRaC7Mz6BRNvjGYh1MAnbAZQ6dM
+6gD9Gla4k0pTeR22eeapx7zz/+M3xUXUejQE40fVvt1FXiLO/wAAAFYEAAAAABII
+KoZIzj0DAQcCAwTJ9vfvkINTTkLcFeMVje0ZsYSYatOA2PSUDN1uLtNWbm2IeJ1w
+1Y8dJA9LxoybKAfbc68iRMGYl0IdHfyUYgP+AwEIB8L/AAAAbQQYEwgAH/8AAAAF
+glWs7cv/AAAACZADKIx0+L6PD/8AAAACmwwAAPPBAP9qFpKqiAx+VKUYlFRnpBvn
+UQBpgEHmcv+7VyRYuH8IIQEAzzcIXOHWolfNieXkMk0A+ePiMmAkq1LE6Gdu+WTr
+bDE=
+=Sgsj
+-----END PGP PRIVATE KEY BLOCK-----
{ "Keyserver",
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
"gnupg", N_("Configuration for Keyservers") },
- { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
- "gnupg", N_("|URL|use keyserver at URL"),
+ { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+ "gnupg", N_("|URL|use keyserver at URL"), /* Deprecated - use dirmngr */
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
{ "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"gnupg", N_("allow PKA lookups (DNS requests)"),
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
-
-
GC_OPTION_NULL
};
#endif /*BUILD_WITH_GPG*/
"dirmngr", "force loading of outdated CRLs",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "TOR",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the use of TOR") },
+ { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ "dirmngr", "route all network traffic via TOR",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+
+ { "Keyserver",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Configuration for Keyservers") },
+ { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", N_("|URL|use keyserver at URL"),
+ GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+
{ "HTTP",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
"gnupg", N_("Configuration for HTTP servers") },
{ "gpg-agent","gnupg", N_("GPG Agent"), gc_options_gpg_agent },
{ "scdaemon", "gnupg", N_("Smartcard Daemon"), gc_options_scdaemon },
{ "gpgsm", "gnupg", N_("GPG for S/MIME"), gc_options_gpgsm },
- { "dirmngr", "gnupg", N_("Directory Manager"), gc_options_dirmngr },
+ { "dirmngr", "gnupg", N_("Key Acquirer"), gc_options_dirmngr },
{ "pinentry", "gnupg", N_("PIN and Passphrase Entry"), gc_options_pinentry }
};
projects / platform / upstream / gpg2.git / commitdiff