Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:
pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
Main change is that the netpgpverify binary is no longer part of this
package - instead, pkgsrc/security/netpgpverify and
pkgsrc/security/libnetpgpverify should be used.
Other changes since previous version include:
> ----------------------------
> revision 1.96
> date: 2012-02-21 22:58:54 -0800; author: agc; state: Exp; lines: +5 -15;
> Add the --trusted-keys argument to netpgpkeys(1) to print out PGP ids in a
> machine-readable manner.
> ----------------------------
> revision 1.95
> date: 2012-02-21 22:29:40 -0800; author: agc; state: Exp; lines: +1 -3;
> re-order the fields that we print out in the pgp_sprint_pubkey() function
> to be more usual.
>
> print out the name from within pgp_sprint_pubkey() rather than tagging it
> onto the end of the output from the function.
> ----------------------------
> revision 1.94
> date: 2011-08-02 00:16:56 -0700; author: agc; state: Exp; lines: +19 -8;
> branches: 1.94.2;
> plug some memory leaks in error paths
> ----------------------------
> revision 1.93
> date: 2011-08-01 22:36:45 -0700; author: agc; state: Exp; lines: +19 -13;
> when matching pubkeys, also return the first (pgp) uid for the key in the
> resultant key listing
>
> when using json to format keys returned from libnetpgp, also prepare for
> machine-readable format ("mr") as well as human ("human"), even though
> it's not yet used.
> ----------------------------
> revision 1.92
> date: 2011-06-27 20:35:28 -0700; author: agc; state: Exp; lines: +45 -24;
> get some things off the TODO list
>
> when initialising, recognise keys in a different order.
>
> 1. read the public keyring
>
> 2. if a userid has been specified, use it
>
> 3. if not, check the configuration file (~/.gnupg/gpg.conf) for a
> default user id
>
> 4, only read the secret keyring if we need to (decrypting or signing)
>
> 5. if signing, and we still don't have a userid, use the first key in
> the secret keyring
>
> 6. if encrypting, and we still have no userid, use the first in the
> public keyring
>
> ssh keys remain the same as previously.
> ----------------------------
> revision 1.91
> date: 2011-06-27 00:05:31 -0700; author: agc; state: Exp; lines: +7 -5;
> only attempt to load the secret key if we need to (for signing or for
> decrypting).
> ----------------------------
> revision 1.90
> date: 2011-06-24 17:37:44 -0700; author: agc; state: Exp; lines: +11 -7;
> change mj library to take an additional argument for a string type,
> denoting its length. this allows binary strings to be encoded using
> libmj.
>
> escape magic characters in json strings in a more efficient manner.
> the previous method was not scalable.
>
> update callers to suit
>
> bump libmj major version number
>
> add examples to the libmj(3) man page
> ----------------------------
> revision 1.89
> date: 2011-01-02 21:34:53 -0800; author: agc; state: Exp; lines: +2 -2;
> avoid a double free - from Anthony Bentley.
> ----------------------------
> revision 1.88
> date: 2011-01-01 15:00:24 -0800; author: agc; state: Exp; lines: +17 -15;
> clean up lint (on amd64)
> ----------------------------
> revision 1.87
> date: 2010-12-01 14:14:52 -0800; author: agc; state: Exp; lines: +5 -2;
> avoid nameclash - call the generated user id variable "generated userid"
> avoid nameclash - call the generated user id variable "generated userid"
>
> also keep the time of structure initialisation as an internal variable.
> ----------------------------
> revision 1.86
> date: 2010-12-01 14:01:41 -0800; author: agc; state: Exp; lines: +4 -2;
> When generating a key, set the new key's userid (last 16 bytes of
> fingerprint) as an internal netpgp variable.
>
> This can then be queried using netpgp_getvar(netpgp, "userid") to find the
> new key's id.
> ----------------------------
> revision 1.85
> date: 2010-11-28 20:20:12 -0800; author: agc; state: Exp; lines: +73 -18;
> Fix PR 44075 from Peter Pentchev, but do this by adding a
> --numtries=<attempts> option to netpgp(1) to provide the maximum
> number of attempts to retrieve the correct passphrase when signing or
> decrypting, and use it in libnetpgp(3). The default number of
> attempts is 3, and a value of "unlimited" will loop until the correct
> passphrase has been entered.
> ----------------------------
> revision 1.84
> date: 2010-11-15 00:27:40 -0800; author: agc; state: Exp; lines: +13 -4;
> Use a regular expression to match the various ASCII-armoured headers we
> may encounter - fixes PR 44074 from Peter Pentchev in a different way.
> ----------------------------
> revision 1.83
> date: 2010-11-15 00:03:39 -0800; author: agc; state: Exp; lines: +48 -3;
> Changes to help with netpgp key generation and interoperability:
>
> + use plain SHA1 for session key s2k negotiation
> + don't warn on some conditions when inflating (reading a compressed file)
> since the conditions don't hold for partial block lengths
> + prompt for a passphrase when generating a new key - used in the upcoming
> secret-sharing functionality for netpgp
> ----------------------------
Changes since 20090531:
+ only prompt for a passphrase on the secret key if there is a passphrase
on the secret key
CHANGES 1.99.10 -> 1.99.11
+ address keys array from 0 with unsigned indices
+ print results to io->res stream - default to stderr, and set using
netpgp_setvar(..., "results", filename)
+ __ops_keyid()'s third arg was always the size of the keyid array - no need
to pass it
+ get rid of the excessive type-checking in packet-show-cast.h, which wasn't
necessary, and fold all the show routines into packet-show.c
+ introduce a generic __ops_new() and use it for some structure allocation
CHANGES 1.99.9 -> 1.99.10
+ fix a bug in decryption whereby a bad passphrase would cause a segmentation
violation
+ fix some regressions in key searching in the underlying find keys routines
+ add C++ declaration protection to the external interface in netpgp.h
+ split out the key management parts of netpgp(1) into netpgpkeys(1)
CHANGES 1.99.8 -> 1.99.9
+ make more use of __ops_io_t structure
+ addition of standalone, stripped-down netpgpverify utility
+ addition of test for --list-packets on an empty file
+ bring forward some simplifications from netpgpverify
+ some name changes
+ get rid of the increment and then decrement keycount around
accumulated data ("it's to do with counting")
+ then use unsigned integers for the size and counts for the
dynamic array of keys, and use the common dynamic array macros
for keys in a keyring
+ if it's a union, let's use it as a union, not a struct
+ modified documentation to correct the --list-packets command (sorry, ver)
+ add a new directory structure for both the distribution and the
reachover Makefiles. The autotest framework has been partially overhauled
but more TLC is needed here.
+ add a --pass-fd=n option so that external programs can provide the
passphrase on a file descriptor without going through the callback,
requested by joerg
Packages Collection.
The netpgp command can digitally sign files and verify that the
signatures attached to files were signed by a given user identifier.
netpgp can also encrypt files using the public or private keys of
users and, in the same manner, decrypt files which were encrypted.
The netpgp utility can also be used to generate a new key-pair for a
user. This key is in two parts, the public key (which can be used by
other people) and a private key.
In addition to these primary uses, the third way of using netpgp is to
maintain keyrings. Keyrings are collections of public keys belonging
to other users. By using other means of identification, it is
possible to establish the bona fides of other users. Once trust has
been established, the public key of the other user will be signed.
The other user's public key can be added to our keyring. The other
user will add our public key to their keyring.
This software is built on top of openpgpsdk 0.9.1, but provides a
higher-level interface, is autoconf-ed and libtool-ed, and has had
some significant bugs fixed.
