Apart from infrastructure changes, there are the following functional ones:
+ Update to version 1.99.14/20091210
+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring. If no
pattern is specified to match, then all keys are returned.
+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library
+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable. This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library
+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file
+ autoconf infrastructure changes
+ take a hammer to the _GNU_SOURCE definitions problems
+ don't rely on strnlen(3) being present everywhere
+ add rudimentary support for ssh keys
+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions
Changes since 20090531:
+ only prompt for a passphrase on the secret key if there is a passphrase
on the secret key
CHANGES 1.99.10 -> 1.99.11
+ address keys array from 0 with unsigned indices
+ print results to io->res stream - default to stderr, and set using
netpgp_setvar(..., "results", filename)
+ __ops_keyid()'s third arg was always the size of the keyid array - no need
to pass it
+ get rid of the excessive type-checking in packet-show-cast.h, which wasn't
necessary, and fold all the show routines into packet-show.c
+ introduce a generic __ops_new() and use it for some structure allocation
CHANGES 1.99.9 -> 1.99.10
+ fix a bug in decryption whereby a bad passphrase would cause a segmentation
violation
+ fix some regressions in key searching in the underlying find keys routines
+ add C++ declaration protection to the external interface in netpgp.h
+ split out the key management parts of netpgp(1) into netpgpkeys(1)
CHANGES 1.99.8 -> 1.99.9
+ make more use of __ops_io_t structure
+ addition of standalone, stripped-down netpgpverify utility
+ addition of test for --list-packets on an empty file
+ bring forward some simplifications from netpgpverify
+ some name changes
+ get rid of the increment and then decrement keycount around
accumulated data ("it's to do with counting")
+ then use unsigned integers for the size and counts for the
dynamic array of keys, and use the common dynamic array macros
for keys in a keyring
+ if it's a union, let's use it as a union, not a struct
+ modified documentation to correct the --list-packets command (sorry, ver)
+ add a new directory structure for both the distribution and the
reachover Makefiles. The autotest framework has been partially overhauled
but more TLC is needed here.
+ add a --pass-fd=n option so that external programs can provide the
passphrase on a file descriptor without going through the callback,
requested by joerg
CHANGES 1.99.7 -> 1.99.8
+ get rid of __ops_malloc_passphrase() - strdup() works just as well
+ generalise __ops_seckey_forget() to become __ops_forget(), give it a size
parameter, and make it work on things other than secret keys (passphrases
for instance)
+ minor struct field enum renaming
+ minor function call renaming
+ add ops_io_t struct to hold pointers to IO streams, and pass it down
where necessary
CHANGES 1.99.6 -> 1.99.7
+ added to the regression tests
+ get rid of some magic constants, replace with more obvious names
+ zero out the memory used for a passphrase before freeing it in one place
CHANGES 1.99.5 -> 1.99.6
+ made --homedir=d consistent with POLS. Default is $HOME/.gnupg, and
if a directory is specified with --homedir=d, the directory containing
conf file and keyrings is taken to be "d".
CHANGES 1.99.4 -> 1.99.5
+ Luke Mewburn completely overhauled the auto tools infrastructure
+ changed signature (hah!) of some netpgp file management prototypes to
use const char * for file names and user ids, not char * - suggested by
christos
+ change some of the openpgpsdk display functions to return integer values,
and send those values back from the netpgp functions - suggested by
christos
+ rather than passing a shedload of variables to netpgp_init(), get rid
of them, and set variables using the netpgp_[gs]etvar() interface
+ replace some magic constants with descriptive names
+ use a netpgp variable to skip userid checks if necessary
+ add ability to allow coredumps via --coredumps if (a) you have taken
leave of your sanity, and (b) you have some magical persistent
storage which doesn't spare sectors, and (c) you know how to remove
a file securely
+ bumped library version on NetBSD to 1.0 for interface changes
Changes since previous version:
CHANGES 1.99.3 -> 1.99.4
+ get rid of some magic constants
+ revamped regression test script to count number of tests passed
+ made checkhash array in ops_seckey_t dynamic, rather than statically
allocated
+ made mdc array dynamic, and added a length field to mdc for future use
+ revamped usage message to match reality
+ made portable version again for the autoconfed package sources
+ add separate netpgpdigest.h file so that separate digest sizes can be
used without having to include "packet.h" in everything
CHANGES 1.99.2 -> 1.99.3
+ modified regression tests to make it easier to see status messages
+ modified --encrypt, --decrypt, --sign, and --clearsign as well as --cat
to respect the --output argument for the output file. Default behaviour
remains unchanged - if --output is not specified, standard file names
and suffixes apply. Note that --verify has not been changed - this is
for compatibility with gpg, POLA/POLS, and because --verify-cat/--cat
provides this behaviour
Get rid of a few TODO items that aren't needed.
CHANGES 1.99.1 -> 1.99.2
+ various minor cleanups
+ fix longstanding pasto where the key server preference packets are
displayed with the correct ptag information
+ up until now, there has been an asymmetry in the command line
options for netpgp(1) - whilst a file may have signature information
added to it with the "--sign" command, there has been no way to
retrieve the contents of the file without the signature. The new
"--cat" option does this (there are synonyms of "--verify-show" and
"--verify-cat") - the signature is verified, and if it matches, the
original contents of the file are sent to the output file (which
defaults to stdout, and can be set with the --output option on the
command line). If the signature does not match, there is no output,
and an EXIT_FAILURE code is returned.
+ revamped netpgp(1) to make it clear what commands are available, how
these commands relate to each other, and which commands take custom
options
CHANGES 1.0.0 -> 1.99.1
+ released and tagged version 1.0.0; development version now 1.99.1
+ get rid of some fields which are no longer needed
+ minor name changes
+ add mmapped field to ops_data_t struct to denote that the array needs an
munmap(2) and not a free(3)
+ add an __ops_mem_readfile() function, and use it for reading files.
The function does mmap(2), and then falls back to read(2) if that fails.
Retire unused __ops_fileread() which had an unusual interface
+ drop sign_detached() from netpgp.c down into signature.c as
__ops_sign_detached()
+ got rid of "local" header files. These aren't necessary since the openpgpsdk
code was modified to all be in the same directory
+ added netpgp_getvar() and netpgp_setvar(), and use them to get and set the
user id and hash algorithm preference
+ get rid of <stdbool.h> usage - I'm still not sure this is the way we should
be going long term, but the bool changes got integrated with the others,
and are there in cvs history if we want to resurrect them. Correct autoconf
accordingly. Bump netpgp minimus version, and autoconf-based date version.
+ updated documentation to reflect these changes
Commit the weekend's changes:
+ minor name changes
+ remove duplicated code (commented out) in packet-print.c
+ original code contained abstraction violations for hash size - fix them
+ get rid of some magic constants related to length of hash arrays
+ allow a choice of hash algorithms for the signature digest (rather
than hardcoding SHA1 - it is looking as though collisions are easier
to manufacture based on recent findings)
+ move default signature RSA hash algorithm to SHA256 (from SHA1). This is
passed as a string parameter from the high-level interface. We'll
revisit this later after a good way to specify the algorithm has been
found.
+ display the size of the keys in --list-packets
+ display the keydata prior to file decryption
+ add a --help option
+ if setrlimit exists, set the core dump size to be 0
(with thanks to mrg for the reference implementation)
+ get rid of __ops_start_cleartext_sig/__ops_start_msg_sig abstractions
and just "export" the __ops_start_sig function - the function is not
actually exported, just usable by other __ops functions
+ bump internal version number to 0.99.2, autoconf version to 20090506
+ prettify usage message output
Change some names to something a bit less obscure.
e.g. For some unfathomable reason, I find "__ops_write_mem_from_file" a bit
counterintuitive - replace that by "__ops_fileread"
+ __ops_packet_t -> __ops_subpacket_t
+ __ops_parser_content_t -> __ops_packet_t
+ rename some other long names
51 chars is the record function name length so far
+ preliminary moves to support detached signatures
as yet, incomplete
+ add back command line option to list packets in a signed or encrypted file
+ make __ops_parse() take an argument whether to print errors, and kill the
__ops_parse_and_print_errors() function
+ get rid of some assertions in the code - this is a library - about 100 to go
Make this code WARNS=4
Add an option to the netpgp command to produce a detached signature.
Packages Collection.
The netpgp command can digitally sign files and verify that the
signatures attached to files were signed by a given user identifier.
netpgp can also encrypt files using the public or private keys of
users and, in the same manner, decrypt files which were encrypted.
The netpgp utility can also be used to generate a new key-pair for a
user. This key is in two parts, the public key (which can be used by
other people) and a private key.
In addition to these primary uses, the third way of using netpgp is to
maintain keyrings. Keyrings are collections of public keys belonging
to other users. By using other means of identification, it is
possible to establish the bona fides of other users. Once trust has
been established, the public key of the other user will be signed.
The other user's public key can be added to our keyring. The other
user will add our public key to their keyring.
This software is built on top of openpgpsdk 0.9.1, but provides a
higher-level interface, is autoconf-ed and libtool-ed, and has had
some significant bugs fixed.
