Commit graph

29 commits

Author SHA1 Message Date
khorben
e3f36bb15d Output signatures to the standard output for "-"
This is to reflect the behaviour documented in netpgp(1).

Originally submitted on tech-pkg@ as:
[PATCH 09/11] Output signatures to the standard output for "-"

Only modified for consistency with the coding style; as also applied in
NetBSD's src repository.
2018-03-15 20:21:52 +00:00
khorben
ca80201c92 Correct option "--armor" and document alternate option "--detach"
Originally submitted on tech-pkg@ as:
[PATCH 07/11] Correct option "--armor"
[PATCH 08/11] Also document alternate option "--detach"

As also applied in NetBSD's src repository.
2018-03-15 20:14:14 +00:00
khorben
f4c97da9bd Do not use random data for pass-phrases on EOF
Originally submitted on tech-pkg@ as:
[PATCH 04/11] Do not use random data for pass-phrases on EOF

Only modified for consistency with the coding style; as also applied in
NetBSD's src repository.

Tested on NetBSD/amd64.
2018-03-15 20:00:43 +00:00
khorben
bee6262660 Do not truncate pass-phrases without a newline character
This also fixes a crash when the pass-phrase entered is empty.

Originally submitted on tech-pkg@ as:
[PATCH 02/11] Do not truncate pass-phrases without a newline character

Only modified for consistency with the coding style; as also applied in
NetBSD's src repository.

Tested on NetBSD/amd64.
2018-03-15 19:51:08 +00:00
khorben
f688681988 Do not ask for a passphrase when empty
Originally submitted on tech-pkg@ as:
[PATCH 06/11] Do not ask for a passphrase when empty

Only modified for consistency with the coding style; as also applied in
NetBSD's src repository.

Tested on NetBSD/amd64.
2018-03-15 19:37:30 +00:00
khorben
3642aaa93f Do not crash when listing keys without a keyring
Bumps PKGREVISION.
2017-02-20 01:09:11 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
jperkin
c387062dec Pass correct location of OpenSSL. 2014-09-25 19:13:23 +00:00
agc
55cc48def5 Update netpgp to version 20140220
Changes from previous version:

+ portability fixes from xtraeme for his Linux distribution:
	+ add search for ar(1) into autoconf (I fixed this differently
	  so as not to rely on an automake check)
	+ define __printflike if it's not already defined
	+ fix missing asprintf (I fixed this differently)
2014-02-21 02:16:23 +00:00
agc
196a81a7ef Update security/netpgp from version 20140210 to 20140211
Changes:

	Avoid a warning on Gentoo Linux about fwrite(3) -- their glibc
	declares fwrite(3) with the warn_unused_result attribute, from Razvan
	Cojocaru

	Manual page improvements from Anthony J. Bentley
2014-02-17 07:48:16 +00:00
agc
eced51ad66 Update netpgp package from 20101107 to 20140210
Main change is that the netpgpverify binary is no longer part of this
package - instead, pkgsrc/security/netpgpverify and
pkgsrc/security/libnetpgpverify should be used.

Other changes since previous version include:

> ----------------------------
> revision 1.96
> date: 2012-02-21 22:58:54 -0800;  author: agc;  state: Exp;  lines: +5 -15;
> Add the --trusted-keys argument to netpgpkeys(1) to print out PGP ids in a
> machine-readable manner.
> ----------------------------
> revision 1.95
> date: 2012-02-21 22:29:40 -0800;  author: agc;  state: Exp;  lines: +1 -3;
> re-order the fields that we print out in the pgp_sprint_pubkey() function
> to be more usual.
>
> print out the name from within pgp_sprint_pubkey() rather than tagging it
> onto the end of the output from the function.
> ----------------------------
> revision 1.94
> date: 2011-08-02 00:16:56 -0700;  author: agc;  state: Exp;  lines: +19 -8;
> branches:  1.94.2;
> plug some memory leaks in error paths
> ----------------------------
> revision 1.93
> date: 2011-08-01 22:36:45 -0700;  author: agc;  state: Exp;  lines: +19 -13;
> when matching pubkeys, also return the first (pgp) uid for the key in the
> resultant key listing
>
> when using json to format keys returned from libnetpgp, also prepare for
> machine-readable format ("mr") as well as human ("human"), even though
> it's not yet used.
> ----------------------------
> revision 1.92
> date: 2011-06-27 20:35:28 -0700;  author: agc;  state: Exp;  lines: +45 -24;
> get some things off the TODO list
>
> when initialising, recognise keys in a different order.
>
> 1. read the public keyring
>
> 2. if a userid has been specified, use it
>
> 3.  if not, check the configuration file (~/.gnupg/gpg.conf) for a
> default user id
>
> 4, only read the secret keyring if we need to (decrypting or signing)
>
> 5.  if signing, and we still don't have a userid, use the first key in
> the secret keyring
>
> 6.  if encrypting, and we still have no userid, use the first in the
> public keyring
>
> ssh keys remain the same as previously.
> ----------------------------
> revision 1.91
> date: 2011-06-27 00:05:31 -0700;  author: agc;  state: Exp;  lines: +7 -5;
> only attempt to load the secret key if we need to (for signing or for
> decrypting).
> ----------------------------
> revision 1.90
> date: 2011-06-24 17:37:44 -0700;  author: agc;  state: Exp;  lines: +11 -7;
> change mj library to take an additional argument for a string type,
> denoting its length. this allows binary strings to be encoded using
> libmj.
>
> escape magic characters in json strings in a more efficient manner.
> the previous method was not scalable.
>
> update callers to suit
>
> bump libmj major version number
>
> add examples to the libmj(3) man page
> ----------------------------
> revision 1.89
> date: 2011-01-02 21:34:53 -0800;  author: agc;  state: Exp;  lines: +2 -2;
> avoid a double free - from Anthony Bentley.
> ----------------------------
> revision 1.88
> date: 2011-01-01 15:00:24 -0800;  author: agc;  state: Exp;  lines: +17 -15;
> clean up lint (on amd64)
> ----------------------------
> revision 1.87
> date: 2010-12-01 14:14:52 -0800;  author: agc;  state: Exp;  lines: +5 -2;
> avoid nameclash - call the generated user id variable "generated userid"
> avoid nameclash - call the generated user id variable "generated userid"
>
> also keep the time of structure initialisation as an internal variable.
> ----------------------------
> revision 1.86
> date: 2010-12-01 14:01:41 -0800;  author: agc;  state: Exp;  lines: +4 -2;
> When generating a key, set the new key's userid (last 16 bytes of
> fingerprint) as an internal netpgp variable.
>
> This can then be queried using netpgp_getvar(netpgp, "userid") to find the
> new key's id.
> ----------------------------
> revision 1.85
> date: 2010-11-28 20:20:12 -0800;  author: agc;  state: Exp;  lines: +73 -18;
> Fix PR 44075 from Peter Pentchev, but do this by adding a
> --numtries=<attempts> option to netpgp(1) to provide the maximum
> number of attempts to retrieve the correct passphrase when signing or
> decrypting, and use it in libnetpgp(3).  The default number of
> attempts is 3, and a value of "unlimited" will loop until the correct
> passphrase has been entered.
> ----------------------------
> revision 1.84
> date: 2010-11-15 00:27:40 -0800;  author: agc;  state: Exp;  lines: +13 -4;
> Use a regular expression to match the various ASCII-armoured headers we
> may encounter - fixes PR 44074 from Peter Pentchev in a different way.
> ----------------------------
> revision 1.83
> date: 2010-11-15 00:03:39 -0800;  author: agc;  state: Exp;  lines: +48 -3;
> Changes to help with netpgp key generation and interoperability:
>
> + use plain SHA1 for session key s2k negotiation
> + don't warn on some conditions when inflating (reading a compressed file)
>   since the conditions don't hold for partial block lengths
> + prompt for a passphrase when generating a new key - used in the upcoming
>   secret-sharing functionality for netpgp
> ----------------------------
2014-02-17 06:45:42 +00:00
tron
c64e9eb269 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:18:26 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
agc
cfac11ad30 Update netpgp to 20101107.
Changes since previous version:

+ fixes for GNU autoconf/automake infrastructure
+ Elgamal encryption and decryption (for DSA keys) is now supported
2010-11-07 07:54:39 +00:00
agc
1fe8aec298 Update netpgp to version 20101105 - fixes for autoconf and automake 2010-11-06 03:54:18 +00:00
agc
975cdbd809 Update netpgp to version 3.99.13/20101104
Changes from previous version (20100601)

Changes to 3.99.13/20101104

+ fix up GNU autoconf framework to reflect new structure
+ add ability in netpgpkeys(1) and netpgp(1) to specify the cipher
  (symmetric algorithm)
+ add the camellia cipher implementation from openssl as specified in RFC 5581
+ changes from Peter Pentchev to get rid of an exit(3) in library context
+ changes from Peter Pentchev for manual page hyphens
+ changes from Peter Pentchev to clean up after tests
+ changes from Arnaud Ysmal to avoid dereferencing possible NULL pointers
+ change from Arnaud Ysmal to clean up usage message in netpgpkeys(1)
+ avoid calling bzlib functions if they aren't present
+ when writing out the key as an ssh key, don't include the user id
  information at the end, in-line with expectations about standard ssh
  key formats
+ since the signing key changed its "menu line" entry from "pub" to
  "signature", the offset of the key id moved 7 chars to the right, so
  take this into consideration when generating new keys
+ allow the user specification of the secret key file as the
  --sshkeyfile or -S argument, and check that the public key file exists
  before trying to read it

Changes to 3.99.12/20100907

+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
  as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
  for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias (-S file) for [--sshkeyfile file] to
  netpgpkeys(1) and netpgp(1)

Changes to 3.99.11/20100809

+ update hkpd(8) to reflect the -S argument to hkpd(8)
+ add reachover Makefile support for hkpd(8) and hkpc(1)
+ regen autoconf with new version and date information

Changes to 3.99.10/20100809

+ check return value from option setting function in netpgpkeys(1)
+ be smarter when checking for a null id
+ add test for crap being returned when listing specific keys in netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
  keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys

Changes to 3.99.9/20100809

+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option (=value)? to netpgp(1) and netpgpkeys(1)
+ save subkeys when parsing keys. when listing keys, note that the first
  subkey is for encryption
+ rationalise birthtime/expiration timestamps into a single function
+ clean up some 64-bit (amd64) lint

Changes to 3.99.8/20100805

+ free a regular expression after using it
+ be a bit less typedef-happy when it's not needed
+ added minimalist JSON (libmj) to distribution
+ add a function in ops layer to construct JSON serialised text from keys
+ use json output from the library in netpgpkeys(1)
+ added check for alternative openssl location

Changes to 3.99.7/20100701

+ recognise ascii-armoured encrypted messages properly, in memory and
  in files
+ fix a bug when printing out the public key when prompting for a secret
  key
+ print error message and exit for now when trying to encrypt with a DSA key
+ fix bug reported by dyoung when trying to print out the encryption key
  fingerprint

Changes to 3.99.6/20100701

+ make some synonyms for --ssh-keys
+ make proper defaults for home dir for ssh key files as well as pgp files
+ modify regression test script to ensure that ssh-keygen and netpgpkey's
  idea of ssh keys are the same
+ return any error codes when reading ssh pub or private keys

Changes to 3.99.5/20100613

+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
  older hexdump function from openpgpsdk
+ pass hash type down from command line where needed
+ add test for netpgp/ssh key fingerprint matching
+ make netpgpkeys(1) take a --hash= option
2010-11-05 03:48:33 +00:00
agc
1ddac943f4 Update netpgp to version 3.99.4/20100601
+ avoid possible free() of new value passed to netpgp_setvar(),
  with thanks to Anon Ymous.
+ netpgpkeys(1):  print keys to stdout, not stderr - reported by Anon
  Ymous.
+ fix DSA signatures and verification
+ simplify and shorten the internals of packet processing by getting rid of
  the intermediate pseudo-abstraction layer, which detracted from understanding
  and had no benefit whatsoever. Rename some enums and some definitions.
+ add some checking to new key generation, and don't try to read in
  the keys after writing them - reported by Tyler Retzlaff
+ netpgpverify - avoid the separate codebase, and just use libnetpgp(3)
2010-06-01 06:15:00 +00:00
agc
a962abfd36 Upgrade netpgp to version 3.99.2/20100507.
Changes to 3.99.2/20100507

+ add detached armoured signature creation and verification
+ fix manual pages
+ rationalisation of debug messages
2010-05-08 03:45:58 +00:00
agc
0a67c9b56f Update pkgsrc/security/netpgp to 2.99.1/20100313
Changes to 2.99.1/20100313

+ add functionality to parse basic signature subkeys
+ in doing so, add expiration of keys
+ at the same time, add revocation of keys
+ recognise the primary user id, and use it when displaying user ids
+ recognise self signed keys and subkeys
+ rework the indentation of output
+ add the --list-sigs [userid] option to netpgpkeys(1)
+ use memcmp(3) rather than strcmp(3) when checking binary user ids to
  be exported
+ add expiration display to subkey signature output
+ update libnetpgp library version major number to 3
2010-03-14 01:21:03 +00:00
agc
dc900b3dd2 Update to netpgp-20100305
+ clean up some lint
+ the obligatory ''build on os x'' fixes - include <inttypes.h>
2010-03-05 19:59:37 +00:00
agc
3e5c30ffeb Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes:
Changes to 1.99.20/20100304

        + move args to some functions around to be consistent
        + use uint*_t where appropriate
        + fix bug in verify memory
        + add documentation to manual pages to show how to do combined
          signing/encryption and decryption/verification
        + make verification of ascii-armoured memory work the same as binary
	+ eliminate use of strdup(3), strcasecmp(3), and strptime(3).
	  NetBSD/pkgsrc PR 42922 applies - need to define
	  _XOPEN_SOURCE and _BSD_SOURCE for newer linux platforms with
	  glibc 2.10.1.  solved a bit differently, by implementing
	  strdup(3) and strcasecmp(3) independently, and using regexps
	  to avoid calling strptime(3).
2010-03-05 16:20:05 +00:00
agc
255d4a5b23 Update the netpgp package to version 20100212/1.99.19
Changes to 1.99.19/20100212

	+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!)
	+ make the singular of time units read correctly
	+ print decryption key info properly when prompting for passphrase

	Changes to 1.99.18/20100211

	small steps, but lots of them - this is the first one.

	+ print out the correct key information when signing files and memory.
	  what used to be printed out was the copy of the public key which is
	  stored as part of the private key. does not address the info shown
	  when decrypting, since that is done in a different way, by callback.
	  this whole part needs to be re-written, but will have to wait for two
	  good hands.

	Changes to 1.99.17/20100206

	+ get rid of last 2 static variables - use the __ops_printstate_t struct
	  passed down
	+ get rid of 3 occurrences in reader.c where an automatic buffer was
	  addressed (as part of a subsequent callback) by a struct field from
	  a calling scope, and only valid within the callback.  Found by
	  Flexelint and phk - many thanks.
	+ print filename/"memory" when time problems occur when validating signatures

	Changes to 1.99.16/20100205

	+ minor simplifications to netpgp(1) internally
	+ fix a bug in netpgp_verify_file where a non-existent file while listing
	  packets would cause a SIGSEGV
	+ add duration arg to netpgp(1), and check for validity when verifying
	  signatures
	+ add birthtime arg to netpgp(1), and check for validity when verifying
	  signatures
	+ add netpgp commands to print pubkey, if desired
	+ allow the passphrase for the signature to be taken from --pass-fd
	+ get rid of static indent value when printing packet contents
	+ print signature validity times when verifying a file's signature
2010-02-13 00:18:47 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
agc
a08122742d Update netpgp to version 20091210.
Apart from infrastructure changes, there are the following functional ones:

+ Update to version 1.99.14/20091210

+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring.  If no
pattern is specified to match, then all keys are returned.

+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library

+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable.  This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library

+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file

+ autoconf infrastructure changes

+ take a hammer to the _GNU_SOURCE definitions problems

+ don't rely on strnlen(3) being present everywhere

+ add rudimentary support for ssh keys

+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key

+ add functionality to call this function in netpgpkeys(1)

+ add test for netpgp_get_key

+ add a verbose switch to the tst script

+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)

+ coalesced signing and verification ops file functions
2009-12-15 00:06:15 +00:00
agc
943220e9bf Update netpgp to version 20090611.
Changes since 20090531:

+ only prompt for a passphrase on the secret key if there is a passphrase
  on the secret key

CHANGES 1.99.10 -> 1.99.11

+ address keys array from 0 with unsigned indices
+ print results to io->res stream - default to stderr, and set using
        netpgp_setvar(..., "results", filename)
+ __ops_keyid()'s third arg was always the size of the keyid array - no need
  to pass it
+ get rid of the excessive type-checking in packet-show-cast.h, which wasn't
  necessary, and fold all the show routines into packet-show.c
+ introduce a generic __ops_new() and use it for some structure allocation

CHANGES 1.99.9 -> 1.99.10

+ fix a bug in decryption whereby a bad passphrase would cause a segmentation
  violation
+ fix some regressions in key searching in the underlying find keys routines
+ add C++ declaration protection to the external interface in netpgp.h
+ split out the key management parts of netpgp(1) into netpgpkeys(1)

CHANGES 1.99.8 -> 1.99.9

+ make more use of __ops_io_t structure
+ addition of standalone, stripped-down netpgpverify utility
+ addition of test for --list-packets on an empty file
+ bring forward some simplifications from netpgpverify
        + some name changes
        + get rid of the increment and then decrement keycount around
          accumulated data ("it's to do with counting")
        + then use unsigned integers for the size and counts for the
          dynamic array of keys, and use the common dynamic array macros
          for keys in a keyring
        + if it's a union, let's use it as a union, not a struct
+ modified documentation to correct the --list-packets command (sorry, ver)
+ add a new directory structure for both the distribution and the
  reachover Makefiles. The autotest framework has been partially overhauled
  but more TLC is needed here.
+ add a --pass-fd=n option so that external programs can provide the
  passphrase on a file descriptor without going through the callback,
  requested by joerg
2009-06-11 17:02:17 +00:00
agc
5eaebfc65c Update netpgp package from version 20090525 to 20090531.
CHANGES 1.99.7 -> 1.99.8

+ get rid of __ops_malloc_passphrase() - strdup() works just as well
+ generalise __ops_seckey_forget() to become __ops_forget(), give it a size
  parameter, and make it work on things other than secret keys (passphrases
  for instance)
+ minor struct field enum renaming
+ minor function call renaming
+ add ops_io_t struct to hold pointers to IO streams, and pass it down
  where necessary

CHANGES 1.99.6 -> 1.99.7

+ added to the regression tests
+ get rid of some magic constants, replace with more obvious names
+ zero out the memory used for a passphrase before freeing it in one place

CHANGES 1.99.5 -> 1.99.6

+ made --homedir=d consistent with POLS. Default is $HOME/.gnupg, and
  if a directory is specified with --homedir=d, the directory containing
  conf file and keyrings is taken to be "d".

CHANGES 1.99.4 -> 1.99.5

+ Luke Mewburn completely overhauled the auto tools infrastructure
+ changed signature (hah!) of some netpgp file management prototypes to
  use const char * for file names and user ids, not char * - suggested by
  christos
+ change some of the openpgpsdk display functions to return integer values,
  and send those values back from the netpgp functions - suggested by
  christos
+ rather than passing a shedload of variables to netpgp_init(), get rid
  of them, and set variables using the netpgp_[gs]etvar() interface
+ replace some magic constants with descriptive names
+ use a netpgp variable to skip userid checks if necessary
+ add ability to allow coredumps via --coredumps if (a) you have taken
  leave of your sanity, and (b) you have some magical persistent
  storage which doesn't spare sectors, and (c) you know how to remove
  a file securely
+ bumped library version on NetBSD to 1.0 for interface changes
2009-05-31 23:38:21 +00:00
agc
e852ea95dc Update the netpgp package from version 20090428 to 20090525:
Changes since previous version:

CHANGES 1.99.3 -> 1.99.4

+ get rid of some magic constants
+ revamped regression test script to count number of tests passed
+ made checkhash array in ops_seckey_t dynamic, rather than statically
  allocated
+ made mdc array dynamic, and added a length field to mdc for future use
+ revamped usage message to match reality
+ made portable version again for the autoconfed package sources
+ add separate netpgpdigest.h file so that separate digest sizes can be
  used without having to include "packet.h" in everything

CHANGES 1.99.2 -> 1.99.3

+ modified regression tests to make it easier to see status messages
+ modified --encrypt, --decrypt, --sign, and --clearsign as well as --cat
  to respect the --output argument for the output file. Default behaviour
  remains unchanged - if --output is not specified, standard file names
  and suffixes apply. Note that --verify has not been changed - this is
  for compatibility with gpg, POLA/POLS, and because --verify-cat/--cat
  provides this behaviour

Get rid of a few TODO items that aren't needed.

CHANGES 1.99.1 -> 1.99.2

+ various minor cleanups
+ fix longstanding pasto where the key server preference packets are
  displayed with the correct ptag information
+ up until now, there has been an asymmetry in the command line
  options for netpgp(1) - whilst a file may have signature information
  added to it with the "--sign" command, there has been no way to
  retrieve the contents of the file without the signature.  The new
  "--cat" option does this (there are synonyms of "--verify-show" and
  "--verify-cat") - the signature is verified, and if it matches, the
  original contents of the file are sent to the output file (which
  defaults to stdout, and can be set with the --output option on the
  command line).  If the signature does not match, there is no output,
  and an EXIT_FAILURE code is returned.
+ revamped netpgp(1) to make it clear what commands are available, how
  these commands relate to each other, and which commands take custom
  options

CHANGES 1.0.0 -> 1.99.1

+ released and tagged version 1.0.0; development version now 1.99.1
+ get rid of some fields which are no longer needed
+ minor name changes
+ add mmapped field to ops_data_t struct to denote that the array needs an
  munmap(2) and not a free(3)
+ add an __ops_mem_readfile() function, and use it for reading files.
  The function does mmap(2), and then falls back to read(2) if that fails.
  Retire unused __ops_fileread() which had an unusual interface
+ drop sign_detached() from netpgp.c down into signature.c as
  __ops_sign_detached()

+ got rid of "local" header files. These aren't necessary since the openpgpsdk
  code was modified to all be in the same directory
+ added netpgp_getvar() and netpgp_setvar(), and use them to get and set the
  user id and hash algorithm preference
+ get rid of <stdbool.h> usage - I'm still not sure this is the way we should
  be going long term, but the bool changes got integrated with the others,
  and are there in cvs history if we want to resurrect them. Correct autoconf
  accordingly. Bump netpgp minimus version, and autoconf-based date version.
+ updated documentation to reflect these changes

Commit the weekend's changes:

+ minor name changes
+ remove duplicated code (commented out) in packet-print.c
+ original code contained abstraction violations for hash size - fix them
+ get rid of some magic constants related to length of hash arrays
+ allow a choice of hash algorithms for the signature digest (rather
  than hardcoding SHA1 - it is looking as though collisions are easier
  to manufacture based on recent findings)
+ move default signature RSA hash algorithm to SHA256 (from SHA1). This is
  passed as a string parameter from the high-level interface. We'll
  revisit this later after a good way to specify the algorithm has been
  found.
+ display the size of the keys in --list-packets
+ display the keydata prior to file decryption

+ add a --help option
+ if setrlimit exists, set the core dump size to be 0
  (with thanks to mrg for the reference implementation)
+ get rid of __ops_start_cleartext_sig/__ops_start_msg_sig abstractions
  and just "export" the __ops_start_sig function - the function is not
  actually exported, just usable by other __ops functions
+ bump internal version number to 0.99.2, autoconf version to 20090506
+ prettify usage message output

Change some names to something a bit less obscure.

e.g. For some unfathomable reason, I find "__ops_write_mem_from_file" a bit
counterintuitive - replace that by "__ops_fileread"

+ __ops_packet_t -> __ops_subpacket_t
+ __ops_parser_content_t -> __ops_packet_t
+ rename some other long names
  51 chars is the record function name length so far
+ preliminary moves to support detached signatures
  as yet, incomplete
+ add back command line option to list packets in a signed or encrypted file
+ make __ops_parse() take an argument whether to print errors, and kill the
  __ops_parse_and_print_errors() function
+ get rid of some assertions in the code - this is a library - about 100 to go

Make this code WARNS=4
Add an option to the netpgp command to produce a detached signature.
2009-05-25 06:50:53 +00:00
agc
b0903c297b Initial import of the "glorious 50" release of netpgp-20090428 into the
Packages Collection.

	The netpgp command can digitally sign files and verify that the
	signatures attached to files were signed by a given user identifier.
	netpgp can also encrypt files using the public or private keys of
	users and, in the same manner, decrypt files which were encrypted.

	The netpgp utility can also be used to generate a new key-pair for a
	user.  This key is in two parts, the public key (which can be used by
	other people) and a private key.

	In addition to these primary uses, the third way of using netpgp is to
	maintain keyrings.  Keyrings are collections of public keys belonging
	to other users.  By using other means of identification, it is
	possible to establish the bona fides of other users.  Once trust has
	been established, the public key of the other user will be signed.
	The other user's public key can be added to our keyring.  The other
	user will add our public key to their keyring.

This software is built on top of openpgpsdk 0.9.1, but provides a
higher-level interface, is autoconf-ed and libtool-ed, and has had
some significant bugs fixed.
2009-04-29 04:54:34 +00:00