diff options
| -rw-r--r-- | AUTHORS | 175 | ||||
| -rw-r--r-- | NEWS | 45 | ||||
| -rw-r--r-- | README | 3 | ||||
| -rw-r--r-- | agent/agent.h | 10 | ||||
| -rw-r--r-- | agent/call-pinentry.c | 144 | ||||
| -rw-r--r-- | agent/command.c | 45 | ||||
| -rw-r--r-- | agent/gpg-agent.c | 9 | ||||
| -rw-r--r-- | agent/learncard.c | 12 | ||||
| -rw-r--r-- | agent/protect.c | 26 | ||||
| -rw-r--r-- | build-aux/speedo.mk | 20 | ||||
| -rw-r--r-- | build-aux/speedo/w32/README.txt | 25 | ||||
| -rw-r--r-- | build-aux/speedo/w32/pkg-copyright.txt | 289 | ||||
| -rw-r--r-- | common/gettime.c | 9 | ||||
| -rw-r--r-- | configure.ac | 26 | ||||
| -rw-r--r-- | dirmngr/dirmngr.c | 2 | ||||
| -rw-r--r-- | dirmngr/dirmngr_ldap.c | 2 | ||||
| -rw-r--r-- | dirmngr/ks-engine-http.c | 10 | ||||
| -rw-r--r-- | doc/dirmngr.texi | 2 | ||||
| -rw-r--r-- | doc/gpg-agent.texi | 34 | ||||
| -rw-r--r-- | doc/gpg.texi | 84 | ||||
| -rw-r--r-- | doc/gpgv.texi | 2 | ||||
| -rw-r--r-- | g10/card-util.c | 97 | ||||
| -rw-r--r-- | g10/getkey.c | 87 | ||||
| -rw-r--r-- | g10/import.c | 194 | ||||
| -rw-r--r-- | g10/key-check.c | 143 | ||||
| -rw-r--r-- | g10/keydb.c | 25 | ||||
| -rw-r--r-- | g10/keydb.h | 17 | ||||
| -rw-r--r-- | g10/keyedit.c | 100 | ||||
| -rw-r--r-- | g10/keygen.c | 28 | ||||
| -rw-r--r-- | g10/main.h | 2 | ||||
| -rw-r--r-- | g10/pkclist.c | 7 | ||||
| -rw-r--r-- | g10/trust.c | 20 | ||||
| -rw-r--r-- | po/ca.po | 25 | ||||
| -rw-r--r-- | po/cs.po | 28 | ||||
| -rw-r--r-- | po/da.po | 33 | ||||
| -rw-r--r-- | po/de.po | 29 | ||||
| -rw-r--r-- | po/el.po | 25 | ||||
| -rw-r--r-- | po/eo.po | 25 | ||||
| -rw-r--r-- | po/es.po | 33 | ||||
| -rw-r--r-- | po/et.po | 25 | ||||
| -rw-r--r-- | po/fi.po | 25 | ||||
| -rw-r--r-- | po/fr.po | 29 | ||||
| -rw-r--r-- | po/gl.po | 33 | ||||
| -rw-r--r-- | po/hu.po | 25 | ||||
| -rw-r--r-- | po/id.po | 25 | ||||
| -rw-r--r-- | po/it.po | 25 | ||||
| -rw-r--r-- | po/ja.po | 28 | ||||
| -rw-r--r-- | po/nb.po | 28 | ||||
| -rw-r--r-- | po/pl.po | 33 | ||||
| -rw-r--r-- | po/pt.po | 25 | ||||
| -rw-r--r-- | po/ro.po | 25 | ||||
| -rw-r--r-- | po/ru.po | 233 | ||||
| -rw-r--r-- | po/sk.po | 25 | ||||
| -rw-r--r-- | po/sv.po | 35 | ||||
| -rw-r--r-- | po/tr.po | 25 | ||||
| -rw-r--r-- | po/uk.po | 29 | ||||
| -rw-r--r-- | po/zh_CN.po | 25 | ||||
| -rw-r--r-- | po/zh_TW.po | 28 | ||||
| -rw-r--r-- | sm/call-dirmngr.c | 4 | ||||
| -rw-r--r-- | sm/certlist.c | 40 | ||||
| -rw-r--r-- | sm/gpgsm.c | 2 | ||||
| -rw-r--r-- | sm/gpgsm.h | 2 | ||||
| -rw-r--r-- | sm/keylist.c | 3 | ||||
| -rw-r--r-- | sm/server.c | 2 | ||||
| -rw-r--r-- | tests/gpgsm/gpgsm-defs.scm | 4 | ||||
| -rw-r--r-- | tests/openpgp/defs.scm | 4 | ||||
| -rw-r--r-- | tools/gpgconf-comp.c | 17 |
67 files changed, 1689 insertions, 1007 deletions
@@ -38,182 +38,15 @@ List of Copyright holders Authors with a FSF copyright assignment ======================================= -Ales Nyakhaychyk <nyakhaychyk@i1fn.linux.by> Translations [be] - -Andrey Jivsov <openpgp@brainhub.org> Assigns past and future changes for ECC. - (g10/ecdh.c. other changes to support ECC) - -Ben Kibbey <bjk@luxsci.net> Assigns past and future changes. - -Birger Langkjer <birger.langkjer@image.dk> Translations [da] - -Maxim Britov <maxim.britov@gmail.com> Translations [ru] - -Daniel Resare <daniel@resare.com> Translations [sv] -Per Tunedal <per@clipanish.com> Translations [sv] -Daniel Nylander <po@danielnylander.se> Translations [sv] - -Daiki Ueno <ueno@unixuser.org> Assigns Past and Future Changes. - (changed:passphrase.c and related code) - -David Shaw <dshaw@jabberwocky.com> Assigns past and future changes. - (all in keyserver/, - a lot of changes in g10/ see the ChangeLog, - bug fixes here and there) - -Dokianakis Theofanis <madf@hellug.gr> Translations [el] - -Edmund GRIMLEY EVANS <edmundo@rano.org> Translations [eo] - -Florian Weimer <fw@deneb.enyo.de> Assigns past and future changes - (changed:g10/parse-packet.c, include/iobuf.h, util/iobuf.c) - -g10 Code GmbH <info@g10code.com> Assigns past and future changes - (all work since 2001 as indicated by mail addresses in ChangeLogs) - -Gaël Quéri <gael@lautre.net> Translations [fr] - (fixed a lot of typos) - -Gregory Steuck <steuck@iname.com> Translations [ru] - -Nagy Ferenc László <nfl@nfllab.com> Translations [hu] - -Ivo Timmermans <itimmermans@bigfoot.com> Translations [nl] - -Jacobo Tarri'o Barreiro <jtarrio@iname.com> Translations [gl] - -Janusz Aleksander Urbanowicz <alex@bofh.torun.pl> Translations [pl] -Jakub Bogusz <qboosh@pld-linux.org> Translations [pl] - -Jedi Lin <Jedi@idej.org> Translations [zh-tw] - -Jouni Hiltunen <jouni.hiltunen@kolumbus.fi> Translations [fi] -Tommi Vainikainen <Tommi.Vainikainen@iki.fi> Translations [fi] - -Laurentiu Buzdugan <lbgnupg@rolix.org> Translations [ro] - -Magda Procha'zkova' <magda@math.muni.cz> Translations [cs] - -Michael Roth <mroth@nessie.de> Assigns changes. - (wrote cipher/des.c., changes and bug fixes all over the place) - -Michal Majer <mmajer@econ.umb.sk> Translations [sk] - -Marco d'Itri <md@linux.it> Translations [it] - -Marcus Brinkmann <marcus@g10code.de> - (gpgconf and fixes all over the place) - -Matthew Skala <mskala@ansuz.sooke.bc.ca> Disclaimer - (wrote cipher/twofish.c) - -Moritz Schulte <moritz@g10code.com> - (ssh support gpg-agent) - -Niklas Hernaeus <nh@df.lth.se> Disclaimer - (weak key patches) - -Nilgun Belma Buguner <nilgun@technologist.com> Translations [tr] - -Nils Ellmenreich <nils 'at' infosun.fmi.uni-passau.de> - Assigns past and future changes - (configure.in, cipher/rndlinux.c, FAQ) - -Paul Eggert <eggert@twinsun.com> - (configuration macros for LFS) - -Pavel I. Shajdo <pshajdo@gmail.com> Translations [ru] - (man pages) - -Pedro Morais <morais@poli.org> Translations [pt_PT] - -Rémi Guyomarch <rguyom@mail.dotcom.fr> Assigns past and future changes. - (g10/compress.c, g10/encr-data.c, - g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c) - -Stefan Bellon <sbellon@sbellon.de> Assigns past and future changes. - (All patches to support RISC OS) - -Timo Schulz <twoaday@freakmail.de> Assigns past and future changes. - (util/w32reg.c, g10/passphrase.c, g10/hkp.c) - -Tedi Heriyanto <tedi_h@gmx.net> Translations [id] - -Thiago Jung Bauermann <jungmann@cwb.matrix.com.br> Translations [pt_BR] -Rafael Caetano dos Santos <rcaetano@linux.ime.usp.br> Translations [pt_BR] - -Toomas Soome <tsoome@ut.ee> Translations [et] - -Urko Lusa <ulusa@euskalnet.net> Translations [es_ES] - -Walter Koch <koch@u32.de> Translations [de] - -Werner Koch <wk@gnupg.org> Assigns GNU Privacy Guard and future changes. - (started the whole thing, wrote the S/MIME extensions, the - smartcard daemon and the gpg-agent) - -Yosiaki IIDA <iida@ring.gr.jp> Translations [ja] - -Yuri Chornoivan, yurchor at ukr dot net: Translations [uk] - -Yutaka Niibe Assigns Past and Future Changes - (scd/) +The list of authors who signed a FSF copyright assignment is kept in +the GIT master branch's copy of this file. Authors with a DCO ================== -Andre Heinecke <aheinecke@intevation.de> -2014-09-19:4525694.FcpLvWDUFT@esus: - -Andreas Schwier <andreas.schwier@cardcontact.de> -2014-07-22:53CED1D8.1010306@cardcontact.de: - -Christian Aistleitner <christian@quelltextlich.at> -2013-05-26:20130626112332.GA2228@quelltextlich.at: - -Damien Goutte-Gattat <dgouttegattat@incenp.org> -2015-01-17:54BA49AA.2040708@incenp.org: - -Daniel Kahn Gillmor <dkg@fifthhorseman.net> -2014-09-24:87oau6w9q7.fsf@alice.fifthhorseman.net: - -Hans of Guardian <hans@guardianproject.info> -2013-06-26:D84473D7-F3F7-43D5-A9CE-16580B88D574@guardianproject.info: - -Ineiev <ineiev@gnu.org> -2017-05-09:20170509121611.GH25850@gnu.org: - -Jonas Borgström <jonas@borgstrom.se> -2013-08-29:521F1E7A.5080602@borgstrom.se: - -Joshua Rogers <git@internot.info> -2014-12-22:5497FE75.7010503@internot.info: - -Kyle Butt <kylebutt@gmail.com> -2013-05-29:CAAODAYLbCtqOG6msLLL0UTdASKWT6u2ptxsgUQ1JpusBESBoNQ@mail.gmail.com: - -Stefan Tomanek <tomanek@internet-sicherheit.de> -2014-01-30:20140129234449.GY30808@zirkel.wertarbyte.de: - -Tobias Mueller <muelli@cryptobitch.de> -2016-11-23:1479937342.11180.3.camel@cryptobitch.de: - -Werner Koch <wk@gnupg.org> -2013-03-29:87620ahchj.fsf@vigenere.g10code.de: - -William L. Thomson Jr. <wlt@o-sinc.com> -2017-05-23:assp.0316398ca8.20170523093623.00a17d03@o-sinc.com: - -Yann E. MORIN <yann.morin.1998@free.fr> -2016-07-10:20160710093202.GA3688@free.fr: - -Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr> -2016-10-17:580484F4.8040806@ssi.gouv.fr: - -Phil Pennock <phil.pennock@spodhuis.org> -Phil Pennock <phil@pennock-tech.com> -2017-01-19:20170119061225.GA26207@breadbox.private.spodhuis.org: +The list of authors who signed the Developer's Certificate of Origin +is kept in the GIT master branch's copy of this file. Other authors @@ -1,3 +1,46 @@ +Noteworthy changes in version 2.2.2 (2017-11-07) +------------------------------------------------ + + * gpg: Avoid duplicate key imports by concurrently running gpg + processes. [#3446] + + * gpg: Fix creating on-disk subkey with on-card primary key. [#3280] + + * gpg: Fix validity retrieval for multiple keyrings. [Debian#878812] + + * gpg: Fix --dry-run and import option show-only for secret keys. + + * gpg: Print "sec" or "sbb" for secret keys with import option + import-show. [#3431] + + * gpg: Make import less verbose. [#3397] + + * gpg: Add alias "Key-Grip" for parameter "Keygrip" and new + parameter "Subkey-Grip" to unattended key generation. [#3478] + + * gpg: Improve "factory-reset" command for OpenPGP cards. [#3286] + + * gpg: Ease switching Gnuk tokens into ECC mode by using the magic + keysize value 25519. + + * gpgsm: Fix --with-colon listing in crt records for fields > 12. + + * gpgsm: Do not expect X.509 keyids to be unique. [#1644] + + * agent: Fix stucked Pinentry when using --max-passphrase-days. [#3190] + + * agent: New option --s2k-count. [#3276 (workaround)] + + * dirmngr: Do not follow https-to-http redirects. [#3436] + + * dirmngr: Reduce default LDAP timeout from 100 to 15 seconds. [#3487] + + * gpgconf: Ignore non-installed components for commands + --apply-profile and --apply-defaults. [#3313] + + * Add configure option --enable-werror. [#2423] + + Noteworthy changes in version 2.2.1 (2017-09-19) ------------------------------------------------ @@ -19,6 +62,8 @@ Noteworthy changes in version 2.2.1 (2017-09-19) certificates are configured. If build with GNUTLS, this was already the case. + See-also: gnupg-announce/2017q3/000415.html + Noteworthy changes in version 2.2.0 (2017-08-28) ------------------------------------------------ @@ -26,8 +26,7 @@ Note that the 2.0 series of GnuPG will reach end-of-life on 2017-12-31. It is not possible to install a 2.2.x version along - with any 2.0.x version. However, it is possible to install GnuPG - 1.4 along with any 2.x version. + with any 2.0.x version. * BUILD INSTRUCTIONS diff --git a/agent/agent.h b/agent/agent.h index f5df75e..c2d8579 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -171,6 +171,10 @@ struct /* The digest algorithm to use for ssh fingerprints when * communicating with the user. */ int ssh_fingerprint_digest; + + /* The value of the option --s2k-count. If this option is not given + * or 0 an auto-calibrated value is used. */ + unsigned long s2k_count; } opt; @@ -254,6 +258,10 @@ struct server_control_s /* The current S2K which might be different from the calibrated count. */ unsigned long s2k_count; + + /* If pinentry is active for this thread. It can be more than 1, + when pinentry is called recursively. */ + int pinentry_active; }; @@ -477,8 +485,10 @@ gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey, char **passphrase_addr); /*-- protect.c --*/ +unsigned long get_calibrated_s2k_count (void); unsigned long get_standard_s2k_count (void); unsigned char get_standard_s2k_count_rfc4880 (void); +unsigned long get_standard_s2k_time (void); int agent_protect (const unsigned char *plainkey, const char *passphrase, unsigned char **result, size_t *resultlen, unsigned long s2k_count, int use_ocb); diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 6a5c1fe..a088681 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -67,12 +67,6 @@ static struct } entry_features; -/* The control variable of the connection owning the current pinentry. - This is only valid if ENTRY_CTX is not NULL. Note, that we care - only about the value of the pointer and that it should never be - dereferenced. */ -static ctrl_t entry_owner; - /* A mutex used to serialize access to the pinentry. */ static npth_mutex_t entry_lock; @@ -128,7 +122,7 @@ agent_query_dump_state (void) void agent_reset_query (ctrl_t ctrl) { - if (entry_ctx && popup_tid && entry_owner == ctrl) + if (entry_ctx && popup_tid && ctrl->pinentry_active) { agent_popup_message_stop (ctrl); } @@ -140,7 +134,7 @@ agent_reset_query (ctrl_t ctrl) stalled pinentry does not block other threads. Fixme: We should have a timeout in Assuan for the disconnect operation. */ static gpg_error_t -unlock_pinentry (gpg_error_t rc) +unlock_pinentry (ctrl_t ctrl, gpg_error_t rc) { assuan_context_t ctx = entry_ctx; int err; @@ -177,15 +171,18 @@ unlock_pinentry (gpg_error_t rc) } } - entry_ctx = NULL; - err = npth_mutex_unlock (&entry_lock); - if (err) + if (--ctrl->pinentry_active == 0) { - log_error ("failed to release the entry lock: %s\n", strerror (err)); - if (!rc) - rc = gpg_error_from_errno (err); + entry_ctx = NULL; + err = npth_mutex_unlock (&entry_lock); + if (err) + { + log_error ("failed to release the entry lock: %s\n", strerror (err)); + if (!rc) + rc = gpg_error_from_errno (err); + } + assuan_release (ctx); } - assuan_release (ctx); return rc; } @@ -288,6 +285,14 @@ start_pinentry (ctrl_t ctrl) char *flavor_version; int err; + if (ctrl->pinentry_active) + { + /* It's trying to use pinentry recursively. In this situation, + the thread holds ENTRY_LOCK already. */ + ctrl->pinentry_active++; + return 0; + } + npth_clock_gettime (&abstime); abstime.tv_sec += LOCK_TIMEOUT; err = npth_mutex_timedlock (&entry_lock, &abstime); @@ -302,8 +307,6 @@ start_pinentry (ctrl_t ctrl) return rc; } - entry_owner = ctrl; - if (entry_ctx) return 0; @@ -325,7 +328,7 @@ start_pinentry (ctrl_t ctrl) the Wine implementation does not flush stdin,stdout and stderr - see above. Let's try to ignore the error. */ #ifndef HAVE_W32_SYSTEM - return unlock_pinentry (tmperr); + return unlock_pinentry (ctrl, tmperr); #endif } @@ -371,6 +374,10 @@ start_pinentry (ctrl_t ctrl) log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc)); return rc; } + + ctrl->pinentry_active = 1; + entry_ctx = ctx; + /* We don't want to log the pinentry communication to make the logs easier to read. We might want to add a new debug option to enable pinentry logging. */ @@ -382,17 +389,15 @@ start_pinentry (ctrl_t ctrl) that atfork is used to change the environment for pinentry. We start the server in detached mode to suppress the console window under Windows. */ - rc = assuan_pipe_connect (ctx, full_pgmname, argv, + rc = assuan_pipe_connect (entry_ctx, full_pgmname, argv, no_close_list, atfork_cb, ctrl, ASSUAN_PIPE_CONNECT_DETACHED); if (rc) { log_error ("can't connect to the PIN entry module '%s': %s\n", full_pgmname, gpg_strerror (rc)); - assuan_release (ctx); - return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY)); + return unlock_pinentry (ctrl, gpg_error (GPG_ERR_NO_PIN_ENTRY)); } - entry_ctx = ctx; if (DBG_IPC) log_debug ("connection to PIN entry established\n"); @@ -402,65 +407,65 @@ start_pinentry (ctrl_t ctrl) { char *optstr; if (asprintf (&optstr, "OPTION pinentry-user-data=%s", value) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } rc = assuan_transact (entry_ctx, opt.no_grab? "OPTION no-grab":"OPTION grab", NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); value = session_env_getenv (ctrl->session_env, "GPG_TTY"); if (value) { char *optstr; if (asprintf (&optstr, "OPTION ttyname=%s", value) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } value = session_env_getenv (ctrl->session_env, "TERM"); if (value) { char *optstr; if (asprintf (&optstr, "OPTION ttytype=%s", value) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (ctrl->lc_ctype) { char *optstr; if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (ctrl->lc_messages) { char *optstr; if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -476,7 +481,7 @@ start_pinentry (ctrl_t ctrl) rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (opt.allow_emacs_pinentry) @@ -486,7 +491,7 @@ start_pinentry (ctrl_t ctrl) rc = assuan_transact (entry_ctx, "OPTION allow-emacs-prompt", NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -524,7 +529,7 @@ start_pinentry (ctrl_t ctrl) if (*s == '|' && (s2=strchr (s+1,'|'))) s = s2+1; if (asprintf (&optstr, "OPTION default-%s=%s", tbl[idx].key, s) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); @@ -651,8 +656,8 @@ start_pinentry (ctrl_t ctrl) rc = agent_inq_pinentry_launched (ctrl, pinentry_pid, flavor_version); if (gpg_err_code (rc) == GPG_ERR_CANCELED || gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) - return unlock_pinentry (gpg_err_make (GPG_ERR_SOURCE_DEFAULT, - gpg_err_code (rc))); + return unlock_pinentry (ctrl, gpg_err_make (GPG_ERR_SOURCE_DEFAULT, + gpg_err_code (rc))); rc = 0; } @@ -1022,18 +1027,18 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); build_cmd_setdesc (line, DIM(line), desc_text); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); snprintf (line, DIM(line), "SETPROMPT %s", prompt_text? prompt_text : is_pin? L_("PIN:") : L_("Passphrase:")); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); /* If a passphrase quality indicator has been requested and a minimum passphrase length has not been disabled, send the command @@ -1042,7 +1047,7 @@ agent_askpin (ctrl_t ctrl, { rc = setup_qualitybar (ctrl); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (initial_errtext) @@ -1051,7 +1056,7 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (pininfo->with_repeat) @@ -1082,7 +1087,7 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); errtext = NULL; } @@ -1092,7 +1097,7 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); @@ -1120,7 +1125,7 @@ agent_askpin (ctrl_t ctrl, errtext = is_pin? L_("PIN too long") : L_("Passphrase too long"); else if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (!errtext && pininfo->min_digits) { @@ -1146,7 +1151,7 @@ agent_askpin (ctrl_t ctrl, || gpg_err_code (rc) == GPG_ERR_BAD_PIN) errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase")); else if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (!errtext) @@ -1154,7 +1159,7 @@ agent_askpin (ctrl_t ctrl, if (pininfo->with_repeat && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED)) pininfo->repeat_okay = 1; - return unlock_pinentry (0); /* okay, got a PIN or passphrase */ + return unlock_pinentry (ctrl, 0); /* okay, got a PIN or passphrase */ } if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) @@ -1163,7 +1168,7 @@ agent_askpin (ctrl_t ctrl, pininfo->failed_tries --; } - return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN + return unlock_pinentry (ctrl, gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN : GPG_ERR_BAD_PASSPHRASE)); } @@ -1229,7 +1234,7 @@ agent_get_passphrase (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (desc) @@ -1238,18 +1243,18 @@ agent_get_passphrase (ctrl_t ctrl, snprintf (line, DIM(line), "RESET"); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); snprintf (line, DIM(line), "SETPROMPT %s", prompt); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (with_qualitybar && opt.min_passphrase_len) { rc = setup_qualitybar (ctrl); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (errtext) @@ -1257,14 +1262,14 @@ agent_get_passphrase (ctrl_t ctrl, snprintf (line, DIM(line), "SETERROR %s", errtext); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } memset (&parm, 0, sizeof parm); parm.size = ASSUAN_LINELENGTH/2 - 5; parm.buffer = gcry_malloc_secure (parm.size+10); if (!parm.buffer) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); @@ -1288,7 +1293,7 @@ agent_get_passphrase (ctrl_t ctrl, xfree (parm.buffer); else *retpass = parm.buffer; - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -1332,7 +1337,7 @@ agent_get_confirmation (ctrl_t ctrl, rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (ok) { @@ -1340,7 +1345,7 @@ agent_get_confirmation (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (notok) { @@ -1363,7 +1368,7 @@ agent_get_confirmation (ctrl_t ctrl, NULL, NULL, NULL, NULL, NULL, NULL); } if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } rc = assuan_transact (entry_ctx, "CONFIRM", @@ -1371,7 +1376,7 @@ agent_get_confirmation (ctrl_t ctrl, if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -1405,7 +1410,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (ok_btn) { @@ -1413,7 +1418,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } rc = assuan_transact (entry_ctx, "CONFIRM --one-button", NULL, NULL, NULL, @@ -1421,7 +1426,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -1469,19 +1474,19 @@ agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn) snprintf (line, DIM(line), "RESET"); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (ok_btn) { snprintf (line, DIM(line), "SETOK %s", ok_btn); rc = assuan_transact (entry_ctx, line, NULL,NULL,NULL,NULL,NULL,NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } err = npth_attr_init (&tattr); if (err) - return unlock_pinentry (gpg_error_from_errno (err)); + return unlock_pinentry (ctrl, gpg_error_from_errno (err)); npth_attr_setdetachstate (&tattr, NPTH_CREATE_JOINABLE); popup_finished = 0; @@ -1492,7 +1497,7 @@ agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn) rc = gpg_error_from_errno (err); log_error ("error spawning popup message handler: %s\n", strerror (err) ); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } npth_setname_np (popup_tid, "popup-message"); @@ -1551,10 +1556,9 @@ agent_popup_message_stop (ctrl_t ctrl) /* Thread IDs are opaque, but we try our best here by resetting it to the same content that a static global variable has. */ memset (&popup_tid, '\0', sizeof (popup_tid)); - entry_owner = NULL; /* Now we can close the connection. */ - unlock_pinentry (0); + unlock_pinentry (ctrl, 0); } int @@ -1580,5 +1584,5 @@ agent_clear_passphrase (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } diff --git a/agent/command.c b/agent/command.c index f2a6683..0916f88 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1988,14 +1988,17 @@ static const char hlp_scd[] = static gpg_error_t cmd_scd (assuan_context_t ctx, char *line) { - ctrl_t ctrl = assuan_get_pointer (ctx); int rc; - +#ifdef BUILD_WITH_SCDAEMON + ctrl_t ctrl = assuan_get_pointer (ctx); if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); rc = divert_generic_cmd (ctrl, line, ctx); - +#else + (void)ctx; (void)line; + rc = gpg_error (GPG_ERR_NOT_SUPPORTED); +#endif return rc; } @@ -2840,20 +2843,22 @@ static const char hlp_getinfo[] = "Multipurpose function to return a variety of information.\n" "Supported values for WHAT are:\n" "\n" - " version - Return the version of the program.\n" - " pid - Return the process id of the server.\n" - " socket_name - Return the name of the socket.\n" + " version - Return the version of the program.\n" + " pid - Return the process id of the server.\n" + " socket_name - Return the name of the socket.\n" " ssh_socket_name - Return the name of the ssh socket.\n" - " scd_running - Return OK if the SCdaemon is already running.\n" - " s2k_count - Return the calibrated S2K count.\n" + " scd_running - Return OK if the SCdaemon is already running.\n" + " s2k_time - Return the time in milliseconds required for S2K.\n" + " s2k_count - Return the standard S2K count.\n" + " s2k_count_cal - Return the calibrated S2K count.\n" " std_env_names - List the names of the standard environment.\n" " std_session_env - List the standard session environment.\n" " std_startup_env - List the standard startup environment.\n" - " cmd_has_option\n" - " - Returns OK if the command CMD implements the option OPT.\n" - " connections - Return number of active connections.\n" - " jent_active - Returns OK if Libgcrypt's JENT is active.\n" - " restricted - Returns OK if the connection is in restricted mode.\n"; + " connections - Return number of active connections.\n" + " jent_active - Returns OK if Libgcrypt's JENT is active.\n" + " restricted - Returns OK if the connection is in restricted mode.\n" + " cmd_has_option CMD OPT\n" + " - Returns OK if command CMD has option OPT.\n"; static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) { @@ -3011,6 +3016,20 @@ cmd_getinfo (assuan_context_t ctx, char *line) rc = gpg_error (GPG_ERR_FALSE); #endif } + else if (!strcmp (line, "s2k_count_cal")) + { + char numbuf[50]; + + snprintf (numbuf, sizeof numbuf, "%lu", get_calibrated_s2k_count ()); + rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); + } + else if (!strcmp (line, "s2k_time")) + { + char numbuf[50]; + + snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_time ()); + rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); + } else rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); return rc; diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 030d1da..2e19d19 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -134,6 +134,8 @@ enum cmd_and_opt_values oPuttySupport, oDisableScdaemon, oDisableCheckOwnSocket, + oS2KCount, + oWriteEnvFile }; @@ -248,6 +250,8 @@ static ARGPARSE_OPTS opts[] = { ), ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"), + ARGPARSE_s_u (oS2KCount, "s2k-count", "@"), + /* Dummy options for backward compatibility. */ ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"), @@ -819,6 +823,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) disable_check_own_socket = 0; /* Note: When changing the next line, change also gpgconf_list. */ opt.ssh_fingerprint_digest = GCRY_MD_MD5; + opt.s2k_count = 0; return 1; } @@ -910,6 +915,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.ssh_fingerprint_digest = i; break; + case oS2KCount: + opt.s2k_count = pargs->r.ret_ulong; + break; + default: return 0; /* not handled */ } diff --git a/agent/learncard.c b/agent/learncard.c index e0c882a..abe1dd0 100644 --- a/agent/learncard.c +++ b/agent/learncard.c @@ -340,14 +340,12 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force) } /* Pass on all the collected status information. */ - if (assuan_context) + for (sitem = sparm.info; sitem; sitem = sitem->next) { - for (sitem = sparm.info; sitem; sitem = sitem->next) - { - if (!strcmp (sitem->keyword, "SERIALNO")) - serialno = sitem->data; - assuan_write_status (assuan_context, sitem->keyword, sitem->data); - } + if (!strcmp (sitem->keyword, "SERIALNO")) + serialno = sitem->data; + if (assuan_context) + assuan_write_status (assuan_context, sitem->keyword, sitem->data); } if (!serialno) diff --git a/agent/protect.c b/agent/protect.c index c257861..3073fc4 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -191,10 +191,10 @@ calibrate_s2k_count (void) } - -/* Return the standard S2K count. */ +/* Return the calibrated S2K count. This is only public for the use + * of the Assuan getinfo s2k_count_cal command. */ unsigned long -get_standard_s2k_count (void) +get_calibrated_s2k_count (void) { static unsigned long count; @@ -206,6 +206,26 @@ get_standard_s2k_count (void) } +/* Return the standard S2K count. */ +unsigned long +get_standard_s2k_count (void) +{ + if (opt.s2k_count) + return opt.s2k_count < 65536 ? 65536 : opt.s2k_count; + + return get_calibrated_s2k_count (); +} + + +/* Return the milliseconds required for the standard S2K + * operation. */ +unsigned long +get_standard_s2k_time (void) +{ + return calibrate_s2k_count_one (get_standard_s2k_count ()); +} + + /* Same as get_standard_s2k_count but return the count in the encoding as described by rfc4880. */ unsigned char diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index b1c6ef8..7276787 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -757,6 +757,7 @@ define SETVARS git="$(call GETVAR,speedo_pkg_$(1)_git)"; \ gitref="$(call GETVAR,speedo_pkg_$(1)_gitref)"; \ tar="$(call GETVAR,speedo_pkg_$(1)_tar)"; \ + ver="$(call GETVAR,$(1)_ver)"; \ sha2="$(call GETVAR,$(1)_sha2)"; \ sha1="$(call GETVAR,$(1)_sha1)"; \ pkgsdir="$(sdir)/$(1)"; \ @@ -792,6 +793,7 @@ define SETVARS_W64 git="$(call GETVAR,speedo_pkg_$(1)_git)"; \ gitref="$(call GETVAR,speedo_pkg_$(1)_gitref)"; \ tar="$(call GETVAR,speedo_pkg_$(1)_tar)"; \ + ver="$(call GETVAR,$(1)_ver)"; \ sha2="$(call GETVAR,$(1)_sha2)"; \ sha1="$(call GETVAR,$(1)_sha1)"; \ pkgsdir="$(sdir)/$(1)"; \ @@ -1048,6 +1050,9 @@ endif touch $(stampdir)/stamp-w64-$(1)-03-install $(stampdir)/stamp-final-$(1): $(stampdir)/stamp-$(1)-03-install + @($(call SETVARS,$(1)); \ + printf "%-14s %-12s %s\n" $(1) "$$$${ver}" "$$$${sha1}" \ + >> $(bdir)/pkg-versions.txt) @echo "speedo: $(1) done" @touch $(stampdir)/stamp-final-$(1) @@ -1097,13 +1102,16 @@ endef # Insert the template for each source package. $(foreach spkg, $(speedo_spkgs), $(eval $(call SPKG_template,$(spkg)))) -$(stampdir)/stamp-final: $(stampdir)/stamp-directories +$(stampdir)/stamp-final: $(stampdir)/stamp-directories clean-pkg-versions ifeq ($(TARGETOS),w32) $(stampdir)/stamp-final: $(addprefix $(stampdir)/stamp-w64-final-,$(speedo_w64_build_list)) endif $(stampdir)/stamp-final: $(addprefix $(stampdir)/stamp-final-,$(speedo_build_list)) touch $(stampdir)/stamp-final +clean-pkg-versions: + @: >$(bdir)/pkg-versions.txt + all-speedo: $(stampdir)/stamp-final report-speedo: $(addprefix report-,$(speedo_build_list)) @@ -1143,12 +1151,18 @@ $(bdir)/NEWS.tmp: $(topsrc)/NEWS awk '/^Notewo/ {if(okay>1){exit}; okay++};okay {print $0}' \ <$(topsrc)/NEWS >$(bdir)/NEWS.tmp +# Sort the file with the package versions. +$(bdir)/pkg-versions.sorted: $(bdir)/pkg-versions.txt + grep -v '^gnupg ' <$(bdir)/pkg-versions.txt \ + | sort | uniq >$(bdir)/pkg-versions.sorted + $(bdir)/README.txt: $(bdir)/NEWS.tmp $(topsrc)/README $(w32src)/README.txt \ - $(w32src)/pkg-copyright.txt + $(w32src)/pkg-copyright.txt $(bdir)/pkg-versions.sorted sed -e '/^;.*/d;' \ -e '/!NEWSFILE!/{r $(bdir)/NEWS.tmp' -e 'd;}' \ -e '/!GNUPGREADME!/{r $(topsrc)/README' -e 'd;}' \ -e '/!PKG-COPYRIGHT!/{r $(w32src)/pkg-copyright.txt' -e 'd;}' \ + -e '/!PKG-VERSIONS!/{r $(bdir)/pkg-versions.sorted' -e 'd;}' \ -e 's,!VERSION!,$(INST_VERSION),g' \ < $(w32src)/README.txt \ | sed -e '/^#/d' \ @@ -1252,4 +1266,4 @@ check-tools: # Mark phony targets # .PHONY: all all-speedo report-speedo clean-stamps clean-speedo installer \ - w32_insthelpers check-tools + w32_insthelpers check-tools clean-pkg-versions diff --git a/build-aux/speedo/w32/README.txt b/build-aux/speedo/w32/README.txt index 0d72fe6..7c29095 100644 --- a/build-aux/speedo/w32/README.txt +++ b/build-aux/speedo/w32/README.txt @@ -5,8 +5,9 @@ ;; replaced by the Makefile; those words are enclosed by exclamation ;; marks. - GNUPG for Windows - =================== + + GNU Privacy Guard for Windows + =============================== This is GnuPG for Windows, version !VERSION!. @@ -15,7 +16,8 @@ Content: 1. Important notes 2. Changes 3. GnuPG README file - 4. Legal notices + 4. Package versions + 5. Legal notices 1. Important Notes @@ -47,7 +49,7 @@ release. !NEWSFILE! -3. GnuPG README file +3. GnuPG README File ==================== Below is the README file as distributed with the GnuPG source. @@ -55,8 +57,19 @@ Below is the README file as distributed with the GnuPG source. !GNUPGREADME! -4. Legal notices pertaining to the individual packets -===================================================== +4. Software Versions of the Included Packages +============================================= + +GnuPG for Windows depends on several independet developed packages +which are part of the installation. These packages along with their +version numbers and the SHA-1 checksums of their compressed tarballs +are listed here: + +!PKG-VERSIONS! + + +5. Legal Notices Pertaining to the Individual Packages +====================================================== GnuPG for Windows consist of several independent developed packages, available under different license conditions. Most of these packages diff --git a/build-aux/speedo/w32/pkg-copyright.txt b/build-aux/speedo/w32/pkg-copyright.txt index a630c8e..11056e8 100644 --- a/build-aux/speedo/w32/pkg-copyright.txt +++ b/build-aux/speedo/w32/pkg-copyright.txt @@ -1,11 +1,12 @@ Here is a list with collected copyright notices. For details see the -description of each individual package. [Compiled by wk 2016-06-17] +description of each individual package. [Compiled by wk 2017-11-07] -GnuPG is - Copyright (C) 1997-2016 Werner Koch - Copyright (C) 1994-2016 Free Software Foundation, Inc. - Copyright (C) 2003-2016 g10 Code GmbH +GNUPG is + + Copyright (C) 1997-2017 Werner Koch + Copyright (C) 1994-2017 Free Software Foundation, Inc. + Copyright (C) 2003-2017 g10 Code GmbH Copyright (C) 2002 Klarälvdalens Datakonsult AB Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper <drepper@gnu.ai.mit.edu> Copyright (C) 1994 X Consortium @@ -32,38 +33,209 @@ GnuPG is License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - 02110-1301, USA + along with this program; if not, see <https://www.gnu.org/licenses/>. -GPGME is +LIBGCRYPT is + + Copyright (C) 1989,1991-2017 Free Software Foundation, Inc. + Copyright (C) 1994 X Consortium + Copyright (C) 1996 L. Peter Deutsch + Copyright (C) 1997 Werner Koch + Copyright (C) 1998 The Internet Society + Copyright (C) 1996-1999 Peter Gutmann, Paul Kendall, and Chris Wedgwood + Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett + Copyright (C) 2003 Nikos Mavroyanopoulos + Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation) + Copyright (C) 2012-2017 g10 Code GmbH + Copyright (C) 2012 Simon Josefsson, Niels Möller + Copyright (c) 2012 Intel Corporation + Copyright (C) 2013 Christian Grothoff + Copyright (C) 2013-2017 Jussi Kivilinna + Copyright (C) 2013-2014 Dmitry Eremin-Solenikov + Copyright (C) 2014 Stephan Mueller + Copyright (C) 2017 Bundesamt für Sicherheit in der Informationstechnik + + Libgcrypt is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + Libgcrypt is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see <http://www.gnu.org/licenses/>. + + +LIBGPG-ERROR is + + Copyright (C) 2003-2004, 2010, 2013-2017 g10 Code GmbH + + libgpg-error is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public License + as published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + libgpg-error is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program; if not, see <http://www.gnu.org/licenses/>. + + +LIBASSUAN is + + Copyright (C) 1992-2013 Free Software Foundation, Inc. + Copyright (C) 1994 X Consortium Copyright (C) 2000 Werner Koch (dd9jn) - Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 g10 Code GmbH + Copyright (C) 2001-2016 g10 Code GmbH + Copyright (C) 2004 Simon Josefsson - GPGME is free software; you can redistribute it and/or modify it + Assuan is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - GPGME is distributed in the hope that it will be useful, but + Assuan is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - You should have received a copy of the GNU Lesser General Public License + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see <http://www.gnu.org/licenses/>. + + +LIBKSBA is + + Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2010, 2011 + 2012, 2013, 2014, 2015 g10 Code GmbH + Copyright (C) 2001, 2002, 2003, 2007 Free Software Foundation, Inc. + Copyright (C) 2000, 2001 Fabio Fiorina + + The library and the header files are distributed under the following + terms (LGPLv3+/GPLv2+): + + KSBA is free software; you can redistribute it and/or modify + it under the terms of either + + - the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at + your option) any later version. + + or + + - the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at + your option) any later version. + + or both in parallel, as here. + + KSBA is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + License for more details. + + The other parts (e.g. manual, build system, tests) are distributed + under the following terms (GPLv3): + + KSBA is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + KSBA is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + +NPTH is + + Copyright (C) 2011, 2012, 2014, 2015, 2017 g10 Code GmbH + + nPth is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + nPth is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + the GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see <https://www.gnu.org/licenses/>. + + +NTBTLS is + + Copyright (C) 2006-2014 Brainspark B.V. + Copyright (C) 2014-2017 g10 Code GmbH + + NTBTLS is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + NTBTLS is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>. -LIBGPG-ERROR is - Copyright (C) 2003, 2004 g10 Code GmbH +PINENTRY is - libgpg-error is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public License - as published by the Free Software Foundation; either version 2.1 of + Copyright (C) 1999 Robert Bihlmeyer <robbe@orcus.priv.at> + Copyright (C) 2001-2004, 2007-2008, 2010, 2015-2016 g10 Code GmbH + Copyright (C) 2002, 2008 Klarälvdalens Datakonsult AB (KDAB) + Copyright (C) 2004 by Albrecht Dreß <albrecht.dress@arcor.de> + Copyright 2007 Ingo Klöcker + Copyright (C) 2014 Serge Voilokov + Copyright (C) 2015 Daiki Ueno + Copyright (C) 2015 Daniel Kahn Gillmor <dkg@fifthhorseman.net> + Copyright 2016 Intevation GmbH + + PINENTRY is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + PINENTRY is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see <https://www.gnu.org/licenses/>. + + +GPGME is + + Copyright (C) 1991-2013 Free Software Foundation, Inc. + Copyright (C) 2000-2001 Werner Koch + Copyright (C) 2001-2017 g10 Code GmbH + Copyright (C) 2002 Klarälvdalens Datakonsult AB + Copyright (C) 2004-2008 Igor Belyi + Copyright (C) 2002 John Goerzen + Copyright (C) 2014, 2015 Martin Albrecht + Copyright (C) 2015 Ben McGinnes + Copyright (C) 2015-2016 Bundesamt für Sicherheit in der Informationstechnik + Copyright (C) 2016 Intevation GmbH + + GPGME is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - libgpg-error is distributed in the hope that it will be useful, but + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. @@ -74,7 +246,9 @@ LIBGPG-ERROR is NSIS is - Copyright (C) 1999-2005 Nullsoft, Inc. + Copyright 1999-2009 Nullsoft and Contributors + Copyright 2002-2008 Amir Szekely + Copyright 2003 Ramon This license applies to everything in the NSIS package, except where otherwise noted. @@ -100,19 +274,12 @@ NSIS is The user interface used with the installer is - Copyright (C) 2002-2005 Joost Verburg + Copyright 2002-2009 Joost Verburg [It is distributed along with NSIS and the same conditions as stated above apply] -ADNS is - - Copyright (C) 1997-2000,2003,2006 Ian Jackson - Copyright (C) 1999-2000,2003,2006 Tony Finch - Copyright (C) 1991 Massachusetts Institute of Technology - - TinySCHEME is part of the GnuPG package and is Copyright (c) 2000, Dimitrios Souflis @@ -146,7 +313,7 @@ TinySCHEME is part of the GnuPG package and is SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -libdns is part of the GnuPG package and is +LIBDNS is part of the GnuPG package and is Copyright (c) 2008, 2009, 2010, 2012-2016 William Ahern @@ -170,7 +337,69 @@ libdns is part of the GnuPG package and is USE OR OTHER DEALINGS IN THE SOFTWARE. -SQLite has +ZLIB is + + (C) 1995-2013 Jean-loup Gailly and Mark Adler + + This software is provided 'as-is', without any express or implied + warranty. In no event will the authors be held liable for any damages + arising from the use of this software. + + Permission is granted to anyone to use this software for any purpose, + including commercial applications, and to alter it and redistribute it + freely, subject to the following restrictions: + + 1. The origin of this software must not be misrepresented; you must not + claim that you wrote the original software. If you use this software + in a product, an acknowledgment in the product documentation would be + appreciated but is not required. + 2. Altered source versions must be plainly marked as such, and must not be + misrepresented as being the original software. + 3. This notice may not be removed or altered from any source distribution. + + Jean-loup Gailly Mark Adler + jloup@gzip.org madler@alumni.caltech.edu + + +BZIP2 is + + This program, "bzip2", the associated library "libbzip2", and all + documentation, are copyright (C) 1996-2010 Julian R Seward. All + rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. The origin of this software must not be misrepresented; you must + not claim that you wrote the original software. If you use this + software in a product, an acknowledgment in the product + documentation would be appreciated but is not required. + + 3. Altered source versions must be plainly marked as such, and must + not be misrepresented as being the original software. + + 4. The name of the author may not be used to endorse or promote + products derived from this software without specific prior written + permission. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +SQLITE has been put into the public-domain by its author D. Richard Hipp: The author disclaims copyright to this source code. In place of diff --git a/common/gettime.c b/common/gettime.c index 3e1ee55..4ad99f5 100644 --- a/common/gettime.c +++ b/common/gettime.c @@ -222,6 +222,8 @@ isotime_p (const char *string) for (s++, i=9; i < 15; i++, s++) if (!digitp (s)) return 0; + if (*s == 'Z') + s++; if ( !(!*s || (isascii (*s) && isspace(*s)) || *s == ':' || *s == ',')) return 0; /* Wrong delimiter. */ @@ -354,9 +356,10 @@ string2isotime (gnupg_isotime_t atime, const char *string) } -/* Scan an ISO timestamp and return an Epoch based timestamp. The only - supported format is "yyyymmddThhmmss" delimited by white space, nul, a - colon or a comma. Returns (time_t)(-1) for an invalid string. */ +/* Scan an ISO timestamp and return an Epoch based timestamp. The + only supported format is "yyyymmddThhmmss[Z]" delimited by white + space, nul, a colon or a comma. Returns (time_t)(-1) for an + invalid string. */ time_t isotime2epoch (const char *string) { diff --git a/configure.ac b/configure.ac index fbd5c18..dc1fc1a 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.14" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [2]) -m4_define([mym4_micro], [1]) +m4_define([mym4_micro], [2]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release @@ -89,12 +89,6 @@ AB_INIT AC_GNU_SOURCE -# Before we do anything with the C compiler, we first save the user's -# CFLAGS (they are restored at the end of the configure script). This -# is because some configure checks don't work with -Werror, but we'd -# like to use -Werror with our build. -CFLAGS_orig=$CFLAGS -CFLAGS= # Some status variables. have_gpg_error=no @@ -1672,6 +1666,17 @@ AC_ARG_ENABLE(optimization, fi]) # +# Add -Werror to CFLAGS. This hack can be used to avoid problems with +# misbehaving autoconf tests in case the user supplied -Werror. +# +AC_ARG_ENABLE(werror, + AC_HELP_STRING([--enable-werror], + [append -Werror to CFLAGS]), + [if test $enableval = yes ; then + CFLAGS="$CFLAGS -Werror" + fi]) + +# # Configure option --enable-all-tests # AC_MSG_CHECKING([whether "make check" shall run all tests]) @@ -1701,11 +1706,6 @@ if test x"$gnupg_builddir_envvar" = x"yes"; then fi # -# Add user CFLAGS. -# -CFLAGS="$CFLAGS $CFLAGS_orig" - -# # Decide what to build # @@ -1754,7 +1754,7 @@ if test "$build_scdaemon" = yes ; then AC_DEFINE(BUILD_WITH_SCDAEMON,1,[Defined if SCDAEMON is to be build]) fi if test "$build_dirmngr" = yes ; then - AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if SCDAEMON is to be build]) + AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if DIRMNGR is to be build]) fi if test "$build_g13" = yes ; then AC_DEFINE(BUILD_WITH_G13,1,[Defined if G13 is to be build]) diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 0d133c6..5317c21 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -279,7 +279,7 @@ static struct debug_flags_s debug_flags [] = }; #define DEFAULT_MAX_REPLIES 10 -#define DEFAULT_LDAP_TIMEOUT 100 /* arbitrary large timeout */ +#define DEFAULT_LDAP_TIMEOUT 15 /* seconds */ #define DEFAULT_CONNECT_TIMEOUT (15*1000) /* 15 seconds */ #define DEFAULT_CONNECT_QUICK_TIMEOUT ( 2*1000) /* 2 seconds */ diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c index 5a9ae97..5be4e58 100644 --- a/dirmngr/dirmngr_ldap.c +++ b/dirmngr/dirmngr_ldap.c @@ -104,7 +104,7 @@ static void npth_protect (void) { } typedef struct timeval my_ldap_timeval_t; #endif -#define DEFAULT_LDAP_TIMEOUT 100 /* Arbitrary long timeout. */ +#define DEFAULT_LDAP_TIMEOUT 15 /* Arbitrary long timeout. */ /* Constants for the options. */ diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index 7fb7731..6492dda 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -73,12 +73,13 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) estream_t fp = NULL; char *request_buffer = NULL; parsed_uri_t uri = NULL; - int is_onion; + int is_onion, is_https; err = http_parse_uri (&uri, url, 0); if (err) goto leave; is_onion = uri->onion; + is_https = uri->use_tls; once_more: /* Note that we only use the system provided certificates with the @@ -152,17 +153,18 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) url, s?s:"[none]", http_get_status_code (http)); if (s && *s && redirects_left-- ) { - if (is_onion) + if (is_onion || is_https) { /* Make sure that an onion address only redirects to - * another onion address. */ + * another onion address, or that a https address + * only redirects to a https address. */ http_release_parsed_uri (uri); uri = NULL; err = http_parse_uri (&uri, s, 0); if (err) goto leave; - if (! uri->onion) + if ((is_onion && ! uri->onion) || (is_https && ! uri->use_tls)) { err = gpg_error (GPG_ERR_FORBIDDEN); goto leave; diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index eef78a8..9654a0e 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -416,7 +416,7 @@ percent-escaped strings.} @item --ldaptimeout @var{secs} @opindex ldaptimeout Specify the number of seconds to wait for an LDAP query before timing -out. The default is currently 100 seconds. 0 will never timeout. +out. The default are 15 seconds. 0 will never timeout. @item --add-servers diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index d7a562a..afe2804 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -186,6 +186,9 @@ this convention). @node Agent Options @section Option Summary +Options may either be used on the command line or, after stripping off +the two leading dashes, in the configuration file. + @table @gnupgtabopt @anchor{option --options} @@ -193,8 +196,9 @@ this convention). @opindex options Reads configuration from @var{file} instead of from the default per-user configuration file. The default configuration file is named -@file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly -below the home directory of the user. +@file{gpg-agent.conf} and expected in the @file{.gnupg} directory +directly below the home directory of the user. This option is ignored +if used in an options file. @anchor{option --homedir} @include opt-homedir.texi @@ -648,10 +652,29 @@ Select the digest algorithm used to compute ssh fingerprints that are communicated to the user, e.g. in pinentry dialogs. OpenSSH has transitioned from using MD5 to the more secure SHA256. -@end table +@item --s2k-count @var{n} +@opindex s2k-count +Specify the iteration count used to protect the passphrase. This +option can be used to override the auto-calibration done by default. +The auto-calibration computes a count which requires 100ms to mangle +a given passphrase. + +To view the actually used iteration count and the milliseconds +required for an S2K operation use: + +@example +gpg-connect-agent 'GETINFO s2k_count' /bye +gpg-connect-agent 'GETINFO s2k_time' /bye +@end example -All the long options may also be given in the configuration file after -stripping off the two leading dashes. +To view the auto-calibrated count use: + +@example +gpg-connect-agent 'GETINFO s2k_count_cal' /bye +@end example + + +@end table @mansect files @@ -813,6 +836,7 @@ again. Only certain options are honored: @code{quiet}, @code{pinentry-invisible-char}, @code{default-cache-ttl}, @code{max-cache-ttl}, @code{ignore-cache-for-signing}, +@code{s2k-count}, @code{no-allow-external-cache}, @code{allow-emacs-pinentry}, @code{no-allow-mark-trusted}, @code{disable-scdaemon}, and @code{disable-check-own-socket}. @code{scdaemon-program} is also diff --git a/doc/gpg.texi b/doc/gpg.texi index b6a9b2d..bd45b04 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -309,43 +309,36 @@ the key using the command @option{--export-secret-subkeys}). A @code{>} after these tags indicate that the key is stored on a smartcard. See also @option{--list-keys}. -@item --list-signatures -@opindex list-signatures -@itemx --list-sigs -@opindex list-sigs -Same as @option{--list-keys}, but the signatures are listed too. -This command has the same effect as -using @option{--list-keys} with @option{--with-sig-list}. - -For each signature listed, there are several flags in between the "sig" -tag and keyid. These flags give additional information about each -signature. From left to right, they are the numbers 1-3 for certificate -check level (see @option{--ask-cert-level}), "L" for a local or -non-exportable signature (see @option{--lsign-key}), "R" for a -nonRevocable signature (see the @option{--edit-key} command "nrsign"), -"P" for a signature that contains a policy URL (see -@option{--cert-policy-url}), "N" for a signature that contains a -notation (see @option{--cert-notation}), "X" for an eXpired signature -(see @option{--ask-cert-expire}), and the numbers 1-9 or "T" for 10 and -above to indicate trust signature levels (see the @option{--edit-key} -command "tsign"). - @item --check-signatures @opindex check-signatures @itemx --check-sigs @opindex check-sigs -Same as @option{--list-signatures}, but the signatures are verified. Note -that for performance reasons the revocation status of a signing key is -not shown. -This command has the same effect as +Same as @option{--list-keys}, but the key signatures are verified and +listed too. Note that for performance reasons the revocation status +of a signing key is not shown. This command has the same effect as using @option{--list-keys} with @option{--with-sig-check}. -The status of the verification is indicated by a flag directly following -the "sig" tag (and thus before the flags described above for -@option{--list-signatures}). A "!" indicates that the signature has been -successfully verified, a "-" denotes a bad signature and a "%" is used -if an error occurred while checking the signature (e.g. a non supported -algorithm). +The status of the verification is indicated by a flag directly +following the "sig" tag (and thus before the flags described below. A +"!" indicates that the signature has been successfully verified, a "-" +denotes a bad signature and a "%" is used if an error occurred while +checking the signature (e.g. a non supported algorithm). Signatures +where the public key is not availabale are not listed; to see their +keyids the command @option{--list-sigs} can be used. + +For each signature listed, there are several flags in between the +signature status flag and keyid. These flags give additional +information about each key signature. From left to right, they are +the numbers 1-3 for certificate check level (see +@option{--ask-cert-level}), "L" for a local or non-exportable +signature (see @option{--lsign-key}), "R" for a nonRevocable signature +(see the @option{--edit-key} command "nrsign"), "P" for a signature +that contains a policy URL (see @option{--cert-policy-url}), "N" for a +signature that contains a notation (see @option{--cert-notation}), "X" +for an eXpired signature (see @option{--ask-cert-expire}), and the +numbers 1-9 or "T" for 10 and above to indicate trust signature levels +(see the @option{--edit-key} command "tsign"). + @item --locate-keys @opindex locate-keys @@ -360,7 +353,7 @@ be used to locate a key. Only public keys are listed. List all keys (or the specified ones) along with their fingerprints. This is the same output as @option{--list-keys} but with the additional output of a line with the fingerprint. May also be -combined with @option{--list-signatures} or @option{--check-signatures}. If this +combined with @option{--check-signatures}. If this command is given twice, the fingerprints of all secondary keys are listed too. This command also forces pretty printing of fingerprints if the keyid format has been set to "none". @@ -1254,7 +1247,7 @@ Assume "no" on most questions. @opindex list-options This is a space or comma delimited string that gives options used when listing keys and signatures (that is, @option{--list-keys}, -@option{--list-signatures}, @option{--list-public-keys}, +@option{--check-signatures}, @option{--list-public-keys}, @option{--list-secret-keys}, and the @option{--edit-key} functions). Options can be prepended with a @option{no-} (after the two dashes) to give the opposite meaning. The options are: @@ -1263,7 +1256,7 @@ give the opposite meaning. The options are: @item show-photos @opindex list-options:show-photos - Causes @option{--list-keys}, @option{--list-signatures}, + Causes @option{--list-keys}, @option{--check-signatures}, @option{--list-public-keys}, and @option{--list-secret-keys} to display any photo IDs attached to the key. Defaults to no. See also @option{--photo-viewer}. Does not work with @option{--with-colons}: @@ -1279,7 +1272,7 @@ give the opposite meaning. The options are: @item show-policy-urls @opindex list-options:show-policy-urls - Show policy URLs in the @option{--list-signatures} or @option{--check-signatures} + Show policy URLs in the @option{--check-signatures} listings. Defaults to no. @item show-notations @@ -1289,11 +1282,11 @@ give the opposite meaning. The options are: @opindex list-options:show-std-notations @opindex list-options:show-user-notations Show all, IETF standard, or user-defined signature notations in the - @option{--list-signatures} or @option{--check-signatures} listings. Defaults to no. + @option{--check-signatures} listings. Defaults to no. @item show-keyserver-urls @opindex list-options:show-keyserver-urls - Show any preferred keyserver URL in the @option{--list-signatures} or + Show any preferred keyserver URL in the @option{--check-signatures} listings. Defaults to no. @item show-uid-validity @@ -1316,7 +1309,7 @@ give the opposite meaning. The options are: @item show-sig-expire @opindex list-options:show-sig-expire - Show signature expiration dates (if any) during @option{--list-signatures} or + Show signature expiration dates (if any) during @option{--check-signatures} listings. Defaults to no. @item show-sig-subpackets @@ -1325,7 +1318,7 @@ give the opposite meaning. The options are: optional argument list of the subpackets to list. If no argument is passed, list all subpackets. Defaults to no. This option is only meaningful when using @option{--with-colons} along with - @option{--list-signatures} or @option{--check-signatures}. + @option{--check-signatures}. @end table @@ -2313,7 +2306,8 @@ opposite meaning. The options are: Show a listing of the key as imported right before it is stored. This can be combined with the option @option{--dry-run} to only look at keys; the option @option{show-only} is a shortcut for this - combination. + combination. Note that suffixes like '#' for "sec" and "sbb" lines + may or may not be printed. @item import-export Run the entire import code but instead of storing the key to the @@ -3224,6 +3218,16 @@ verification is not needed. Print key listings delimited by colons (like @option{--with-colons}) and print the public key data. +@item --list-signatures +@opindex list-signatures +@itemx --list-sigs +@opindex list-sigs +Same as @option{--list-keys}, but the signatures are listed too. This +command has the same effect as using @option{--list-keys} with +@option{--with-sig-list}. Note that in contrast to +@option{--check-signatures} the key signatures are not verified. + + @item --fast-list-mode @opindex fast-list-mode Changes the output of the list commands to work faster; this is achieved diff --git a/doc/gpgv.texi b/doc/gpgv.texi index 5336c98..a052861 100644 --- a/doc/gpgv.texi +++ b/doc/gpgv.texi @@ -187,6 +187,6 @@ The default keyring with the allowed keys. @end table @mansect see also -@command{gpg2}(1) +@command{gpg}(1) @include see-also-note.texi diff --git a/g10/card-util.c b/g10/card-util.c index 62b2a67..a396b7d 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1328,7 +1328,7 @@ show_keysize_warning (void) select the prompt. Returns 0 to use the default size (i.e. NBITS) or the selected size. */ static unsigned int -ask_card_rsa_keysize (int keyno, unsigned int nbits) +ask_card_keyattr (int keyno, unsigned int nbits) { unsigned int min_nbits = 1024; unsigned int max_nbits = 4096; @@ -1350,40 +1350,61 @@ ask_card_rsa_keysize (int keyno, unsigned int nbits) xfree (prompt); xfree (answer); - if (req_nbits != nbits && (req_nbits % 32) ) + if (req_nbits == 25519) { - req_nbits = ((req_nbits + 31) / 32) * 32; - tty_printf (_("rounded up to %u bits\n"), req_nbits); - } - - if (req_nbits == nbits) - return 0; /* Use default. */ + if (req_nbits == nbits) + return 0; /* Use default. */ - if (req_nbits < min_nbits || req_nbits > max_nbits) - { - tty_printf (_("%s keysizes must be in the range %u-%u\n"), - "RSA", min_nbits, max_nbits); + tty_printf (_("The card will now be re-configured" + " to generate a key of type: %s\n"), + keyno==1? "cv25519":"ed25519"); + show_keysize_warning (); + return req_nbits; } else { - tty_printf (_("The card will now be re-configured " - "to generate a key of %u bits\n"), req_nbits); - show_keysize_warning (); - return req_nbits; + if (req_nbits != nbits && (req_nbits % 32) ) + { + req_nbits = ((req_nbits + 31) / 32) * 32; + tty_printf (_("rounded up to %u bits\n"), req_nbits); + } + + if (req_nbits == nbits) + return 0; /* Use default. */ + + if (req_nbits < min_nbits || req_nbits > max_nbits) + { + tty_printf (_("%s keysizes must be in the range %u-%u\n"), + "RSA", min_nbits, max_nbits); + } + else + { + tty_printf (_("The card will now be re-configured" + " to generate a key of %u bits\n"), req_nbits); + show_keysize_warning (); + return req_nbits; + } } } } /* Change the size of key KEYNO (0..2) to NBITS and show an error - message if that fails. */ + * message if that fails. Using the magic value 25519 for NBITS + * switches to ed25519 or cv25519 depending on the KEYNO. */ static gpg_error_t -do_change_rsa_keysize (int keyno, unsigned int nbits) +do_change_keyattr (int keyno, unsigned int nbits) { gpg_error_t err; char args[100]; - snprintf (args, sizeof args, "--force %d 1 rsa%u", keyno+1, nbits); + if (nbits == 25519) + snprintf (args, sizeof args, "--force %d %d %s", + keyno+1, + keyno == 1? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_EDDSA, + keyno == 1? "cv25519" : "ed25519"); + else + snprintf (args, sizeof args, "--force %d 1 rsa%u", keyno+1, nbits); err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL); if (err) log_error (_("error changing size of key %d to %u bits: %s\n"), @@ -1457,10 +1478,16 @@ generate_card_keys (ctrl_t ctrl) for (keyno = 0; keyno < DIM (info.key_attr); keyno++) { - if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA) + if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA + || info.key_attr[keyno].algo == PUBKEY_ALGO_ECDH + || info.key_attr[keyno].algo == PUBKEY_ALGO_EDDSA) { - nbits = ask_card_rsa_keysize (keyno, info.key_attr[keyno].nbits); - if (nbits && do_change_rsa_keysize (keyno, nbits)) + if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA) + nbits = ask_card_keyattr (keyno, info.key_attr[keyno].nbits); + else + nbits = ask_card_keyattr (keyno, 25519 /* magic */); + + if (nbits && do_change_keyattr (keyno, nbits)) { /* Error: Better read the default key size again. */ agent_release_card_info (&info); @@ -1537,13 +1564,19 @@ card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock) key size. */ if (info.is_v2 && info.extcap.aac) { - if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA) + if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA + || info.key_attr[keyno].algo == PUBKEY_ALGO_ECDH + || info.key_attr[keyno].algo == PUBKEY_ALGO_EDDSA) { unsigned int nbits; ask_again: - nbits = ask_card_rsa_keysize (keyno-1, info.key_attr[keyno-1].nbits); - if (nbits && do_change_rsa_keysize (keyno-1, nbits)) + if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA) + nbits = ask_card_keyattr (keyno-1, info.key_attr[keyno-1].nbits); + else + nbits = ask_card_keyattr (keyno-1, 25519); + + if (nbits && do_change_keyattr (keyno-1, nbits)) { /* Error: Better read the default key size again. */ agent_release_card_info (&info); @@ -1727,9 +1760,6 @@ factory_reset (void) scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 e6 00 00 - scd reset - scd serialno undefined - scd apdu 00 A4 04 00 06 D2 76 00 01 24 01 scd apdu 00 44 00 00 /echo Card has been reset to factory defaults @@ -1804,17 +1834,6 @@ factory_reset (void) goto leave; } - /* The card is in termination state - reset and select again. */ - err = send_apdu (NULL, "RESET", 0); - if (err) - goto leave; - err = send_apdu ("undefined", "dummy select", 0); - if (err) - goto leave; - - /* Select the OpenPGP application. (no error checking here). */ - send_apdu ("00A4040006D27600012401", "SELECT AID", 0xffff); - /* Send activate datafile command. This is used without confirmation if the card is already in termination state. */ err = send_apdu ("00440000", "ACTIVATE DF", 0); diff --git a/g10/getkey.c b/g10/getkey.c index 852c532..c58e8ff 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1828,16 +1828,47 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock, * * Like get_pubkey_byfprint, PK may be NULL. In that case, this * function effectively just checks for the existence of the key. */ -int +gpg_error_t get_pubkey_byfprint_fast (PKT_public_key * pk, const byte * fprint, size_t fprint_len) { - int rc = 0; - KEYDB_HANDLE hd; + gpg_error_t err; KBNODE keyblock; + + err = get_keyblock_byfprint_fast (&keyblock, NULL, fprint, fprint_len, 0); + if (!err) + { + if (pk) + copy_public_key (pk, keyblock->pkt->pkt.public_key); + release_kbnode (keyblock); + } + + return err; +} + + +/* This function is similar to get_pubkey_byfprint_fast but returns a + * keydb handle at R_HD and the keyblock at R_KEYBLOCK. R_KEYBLOCK or + * R_HD may be NULL. If LOCK is set the handle has been opend in + * locked mode and keydb_disable_caching () has been called. On error + * R_KEYBLOCK is set to NULL but R_HD must be released by the caller; + * it may have a value of NULL, though. This allows to do an insert + * operation on a locked keydb handle. */ +gpg_error_t +get_keyblock_byfprint_fast (kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd, + const byte *fprint, size_t fprint_len, int lock) +{ + gpg_error_t err; + KEYDB_HANDLE hd; + kbnode_t keyblock; byte fprbuf[MAX_FINGERPRINT_LEN]; int i; + if (r_keyblock) + *r_keyblock = NULL; + if (r_hd) + *r_hd = NULL; + for (i = 0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++) fprbuf[i] = fprint[i]; while (i < MAX_FINGERPRINT_LEN) @@ -1847,32 +1878,58 @@ get_pubkey_byfprint_fast (PKT_public_key * pk, if (!hd) return gpg_error_from_syserror (); - rc = keydb_search_fpr (hd, fprbuf); - if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) + if (lock) { - keydb_release (hd); - return GPG_ERR_NO_PUBKEY; + err = keydb_lock (hd); + if (err) + { + /* If locking did not work, we better don't return a handle + * at all - there was a reason that locking has been + * requested. */ + keydb_release (hd); + return err; + } + keydb_disable_caching (hd); } - rc = keydb_get_keyblock (hd, &keyblock); - keydb_release (hd); - if (rc) + + /* Fo all other errors we return the handle. */ + if (r_hd) + *r_hd = hd; + + err = keydb_search_fpr (hd, fprbuf); + if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) { - log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc)); - return GPG_ERR_NO_PUBKEY; + if (!r_hd) + keydb_release (hd); + return gpg_error (GPG_ERR_NO_PUBKEY); + } + err = keydb_get_keyblock (hd, &keyblock); + if (err) + { + log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (err)); + if (!r_hd) + keydb_release (hd); + return gpg_error (GPG_ERR_NO_PUBKEY); } log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY); - if (pk) - copy_public_key (pk, keyblock->pkt->pkt.public_key); - release_kbnode (keyblock); /* Not caching key here since it won't have all of the fields properly set. */ + if (r_keyblock) + *r_keyblock = keyblock; + else + release_kbnode (keyblock); + + if (!r_hd) + keydb_release (hd); + return 0; } + const char * parse_def_secret_key (ctrl_t ctrl) { diff --git a/g10/import.c b/g10/import.c index 5b55f8f..71e3955 100644 --- a/g10/import.c +++ b/g10/import.c @@ -102,7 +102,7 @@ static int import (ctrl_t ctrl, static int read_block (IOBUF a, int with_meta, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys); static void revocation_present (ctrl_t ctrl, kbnode_t keyblock); -static int import_one (ctrl_t ctrl, +static gpg_error_t import_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, @@ -436,7 +436,7 @@ read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock) * * Key revocation certificates have special handling. */ -static int +static gpg_error_t import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, @@ -445,7 +445,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, int origin, const char *url) { int i; - int rc = 0; + gpg_error_t err = 0; struct import_stats_s *stats = stats_handle; if (!stats) @@ -453,8 +453,8 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, if (inp) { - rc = import (ctrl, inp, "[stream]", stats, fpr, fpr_len, options, - screener, screener_arg, origin, url); + err = import (ctrl, inp, "[stream]", stats, fpr, fpr_len, options, + screener, screener_arg, origin, url); } else { @@ -478,14 +478,14 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, log_error (_("can't open '%s': %s\n"), fname, strerror (errno)); else { - rc = import (ctrl, inp2, fname, stats, fpr, fpr_len, options, + err = import (ctrl, inp2, fname, stats, fpr, fpr_len, options, screener, screener_arg, origin, url); iobuf_close (inp2); /* Must invalidate that ugly cache to actually close it. */ iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname); - if (rc) + if (err) log_error ("import from '%s' failed: %s\n", - fname, gpg_strerror (rc) ); + fname, gpg_strerror (err) ); } if (!fname) break; @@ -507,7 +507,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, if (!(options & IMPORT_FAST)) check_or_update_trustdb (ctrl); - return rc; + return err; } @@ -521,7 +521,7 @@ import_keys (ctrl_t ctrl, char **fnames, int nnames, } -int +gpg_error_t import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, @@ -529,23 +529,23 @@ import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_screener_t screener, void *screener_arg, int origin, const char *url) { - int rc; + gpg_error_t err; iobuf_t inp; inp = iobuf_esopen (fp, "rb", 1); if (!inp) { - rc = gpg_error_from_syserror (); - log_error ("iobuf_esopen failed: %s\n", gpg_strerror (rc)); - return rc; + err = gpg_error_from_syserror (); + log_error ("iobuf_esopen failed: %s\n", gpg_strerror (err)); + return err; } - rc = import_keys_internal (ctrl, inp, NULL, 0, stats_handle, + err = import_keys_internal (ctrl, inp, NULL, 0, stats_handle, fpr, fpr_len, options, screener, screener_arg, origin, url); iobuf_close (inp); - return rc; + return err; } @@ -1608,7 +1608,7 @@ update_key_origin (kbnode_t keyblock, u32 curtime, int origin, const char *url) * even most error messages are suppressed. ORIGIN is the origin of * the key (0 for unknown) and URL the corresponding URL. */ -static int +static gpg_error_t import_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, @@ -1616,14 +1616,13 @@ import_one (ctrl_t ctrl, import_screener_t screener, void *screener_arg, int origin, const char *url) { + gpg_error_t err = 0; PKT_public_key *pk; - PKT_public_key *pk_orig = NULL; kbnode_t node, uidnode; kbnode_t keyblock_orig = NULL; byte fpr2[MAX_FINGERPRINT_LEN]; size_t fpr2len; u32 keyid[2]; - int rc = 0; int new_key = 0; int mod_key = 0; int same_key = 0; @@ -1632,6 +1631,7 @@ import_one (ctrl_t ctrl, char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; int any_filter = 0; + KEYDB_HANDLE hd = NULL; /* Get the key and print some info about it. */ node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); @@ -1778,7 +1778,7 @@ import_one (ctrl_t ctrl, merge_keys_done = 1; /* Note that we do not want to show the validity because the key * has not yet imported. */ - list_keyblock_direct (ctrl, keyblock, 0, 0, + list_keyblock_direct (ctrl, keyblock, from_sk, 0, opt.fingerprint || opt.with_fingerprint, 1); es_fflush (es_stdout); } @@ -1791,7 +1791,7 @@ import_one (ctrl_t ctrl, merge_keys_and_selfsig (ctrl, keyblock); merge_keys_done = 1; } - rc = write_keyblock_to_output (keyblock, opt.armor, opt.export_options); + err = write_keyblock_to_output (keyblock, opt.armor, opt.export_options); goto leave; } @@ -1799,37 +1799,37 @@ import_one (ctrl_t ctrl, goto leave; /* Do we have this key already in one of our pubrings ? */ - pk_orig = xmalloc_clear( sizeof *pk_orig ); - rc = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len); - if (rc && gpg_err_code (rc) != GPG_ERR_NO_PUBKEY - && gpg_err_code (rc) != GPG_ERR_UNUSABLE_PUBKEY ) - { + err = get_keyblock_byfprint_fast (&keyblock_orig, &hd, + fpr2, fpr2len, 1/*locked*/); + if ((err + && gpg_err_code (err) != GPG_ERR_NO_PUBKEY + && gpg_err_code (err) != GPG_ERR_UNUSABLE_PUBKEY) + || !hd) + { + /* The !hd above is to catch a misbehaving function which + * returns NO_PUBKEY for failing to allocate a handle. */ if (!silent) log_error (_("key %s: public key not found: %s\n"), - keystr(keyid), gpg_strerror (rc)); + keystr(keyid), gpg_strerror (err)); } - else if ( rc && (opt.import_options&IMPORT_MERGE_ONLY) ) + else if (err && (opt.import_options&IMPORT_MERGE_ONLY) ) { if (opt.verbose && !silent ) log_info( _("key %s: new key - skipped\n"), keystr(keyid)); - rc = 0; + err = 0; stats->skipped_new_keys++; } - else if (rc ) /* Insert this key. */ + else if (err) /* Insert this key. */ { - KEYDB_HANDLE hd; + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ int n_sigs_cleaned, n_uids_cleaned; - hd = keydb_new (); - if (!hd) - return gpg_error_from_syserror (); - - rc = keydb_locate_writable (hd); - if (rc) + err = keydb_locate_writable (hd); + if (err) { - log_error (_("no writable keyring found: %s\n"), gpg_strerror (rc)); - keydb_release (hd); - return GPG_ERR_GENERAL; + log_error (_("no writable keyring found: %s\n"), gpg_strerror (err)); + err = gpg_error (GPG_ERR_GENERAL); + goto leave; } if (opt.verbose > 1 ) log_info (_("writing to '%s'\n"), keydb_get_resource_name (hd) ); @@ -1843,19 +1843,19 @@ import_one (ctrl_t ctrl, * and thus the address of KEYBLOCK won't change. */ if ( !(options & IMPORT_RESTORE) ) { - rc = insert_key_origin (keyblock, origin, url); - if (rc) + err = insert_key_origin (keyblock, origin, url); + if (err) { - log_error ("insert_key_origin failed: %s\n", gpg_strerror (rc)); - keydb_release (hd); - return GPG_ERR_GENERAL; + log_error ("insert_key_origin failed: %s\n", gpg_strerror (err)); + err = gpg_error (GPG_ERR_GENERAL); + goto leave; } } - rc = keydb_insert_keyblock (hd, keyblock ); - if (rc) + err = keydb_insert_keyblock (hd, keyblock ); + if (err) log_error (_("error writing keyring '%s': %s\n"), - keydb_get_resource_name (hd), gpg_strerror (rc)); + keydb_get_resource_name (hd), gpg_strerror (err)); else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST)) { /* This should not be possible since we delete the @@ -1868,7 +1868,10 @@ import_one (ctrl_t ctrl, if (non_self) revalidation_mark (ctrl); } + + /* Release the handle and thus unlock the keyring asap. */ keydb_release (hd); + hd = NULL; /* We are ready. */ if (!opt.quiet && !silent) @@ -1888,64 +1891,34 @@ import_one (ctrl_t ctrl, stats->imported++; new_key = 1; } - else /* Merge the key. */ + else /* Key already exists - merge. */ { - KEYDB_HANDLE hd; int n_uids, n_sigs, n_subk, n_sigs_cleaned, n_uids_cleaned; u32 curtime = make_timestamp (); /* Compare the original against the new key; just to be sure nothing * weird is going on */ - if (cmp_public_keys( pk_orig, pk ) ) + if (cmp_public_keys (keyblock_orig->pkt->pkt.public_key, pk)) { if (!silent) log_error( _("key %s: doesn't match our copy\n"),keystr(keyid)); goto leave; } - /* Now read the original keyblock again so that we can use - that handle for updating the keyblock. */ - hd = keydb_new (); - if (!hd) - { - rc = gpg_error_from_syserror (); - goto leave; - } - keydb_disable_caching (hd); - rc = keydb_search_fpr (hd, fpr2); - if (rc ) - { - log_error (_("key %s: can't locate original keyblock: %s\n"), - keystr(keyid), gpg_strerror (rc)); - keydb_release (hd); - goto leave; - } - rc = keydb_get_keyblock (hd, &keyblock_orig); - if (rc) - { - log_error (_("key %s: can't read original keyblock: %s\n"), - keystr(keyid), gpg_strerror (rc)); - keydb_release (hd); - goto leave; - } - /* Make sure the original direct key sigs are all sane. */ n_sigs_cleaned = fix_bad_direct_key_sigs (ctrl, keyblock_orig, keyid); if (n_sigs_cleaned) commit_kbnode (&keyblock_orig); - /* and try to merge the block */ + /* Try to merge KEYBLOCK into KEYBLOCK_ORIG. */ clear_kbnode_flags( keyblock_orig ); clear_kbnode_flags( keyblock ); n_uids = n_sigs = n_subk = n_uids_cleaned = 0; - rc = merge_blocks (ctrl, options, keyblock_orig, keyblock, keyid, - curtime, origin, url, - &n_uids, &n_sigs, &n_subk ); - if (rc ) - { - keydb_release (hd); - goto leave; - } + err = merge_blocks (ctrl, options, keyblock_orig, keyblock, keyid, + curtime, origin, url, + &n_uids, &n_sigs, &n_subk ); + if (err) + goto leave; if ((options & IMPORT_CLEAN)) clean_key (ctrl, keyblock_orig, opt.verbose, (options&IMPORT_MINIMAL), @@ -1958,25 +1931,28 @@ import_one (ctrl_t ctrl, * and thus the address of KEYBLOCK won't change. */ if ( !(options & IMPORT_RESTORE) ) { - rc = update_key_origin (keyblock_orig, curtime, origin, url); - if (rc) + err = update_key_origin (keyblock_orig, curtime, origin, url); + if (err) { log_error ("update_key_origin failed: %s\n", - gpg_strerror (rc)); - keydb_release (hd); + gpg_strerror (err)); goto leave; } } mod_key = 1; /* KEYBLOCK_ORIG has been updated; write */ - rc = keydb_update_keyblock (ctrl, hd, keyblock_orig); - if (rc) + err = keydb_update_keyblock (ctrl, hd, keyblock_orig); + if (err) log_error (_("error writing keyring '%s': %s\n"), - keydb_get_resource_name (hd), gpg_strerror (rc) ); + keydb_get_resource_name (hd), gpg_strerror (err)); else if (non_self) revalidation_mark (ctrl); + /* Release the handle and thus unlock the keyring asap. */ + keydb_release (hd); + hd = NULL; + /* We are ready. */ if (!opt.quiet && !silent) { @@ -2025,6 +2001,10 @@ import_one (ctrl_t ctrl, } else { + /* Release the handle and thus unlock the keyring asap. */ + keydb_release (hd); + hd = NULL; + /* Fixme: we do not track the time we last checked a key for * updates. To do this we would need to rewrite even the * keys which have no changes. */ @@ -2041,11 +2021,10 @@ import_one (ctrl_t ctrl, stats->unchanged++; } - - keydb_release (hd); hd = NULL; } leave: + keydb_release (hd); if (mod_key || new_key || same_key) { /* A little explanation for this: we fill in the fingerprint @@ -2092,9 +2071,8 @@ import_one (ctrl_t ctrl, } release_kbnode( keyblock_orig ); - free_public_key( pk_orig ); - return rc; + return err; } @@ -2554,7 +2532,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, /* At least we cancel the secret key import when the public key import was skipped due to MERGE_ONLY option and a new key. */ - if (stats->skipped_new_keys <= nr_prev) + if (!(opt.dry_run || (options & IMPORT_DRY_RUN)) + && stats->skipped_new_keys <= nr_prev) { /* Read the keyblock again to get the effects of a merge. */ /* Fixme: we should do this based on the fingerprint or @@ -3267,14 +3246,15 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) /* Okay, we have a revocation key, and a * revocation issued by it. Do we have the key * itself? */ - int rc; + gpg_error_t err; - rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx].fpr, - MAX_FINGERPRINT_LEN); - if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY - || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY) + err = get_pubkey_byfprint_fast (NULL, + sig->revkey[idx].fpr, + MAX_FINGERPRINT_LEN); + if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY + || gpg_err_code (err) == GPG_ERR_UNUSABLE_PUBKEY) { - char *tempkeystr=xstrdup(keystr_from_pk(pk)); + char *tempkeystr = xstrdup (keystr_from_pk (pk)); /* No, so try and get it */ if ((opt.keyserver_options.options @@ -3290,13 +3270,13 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) opt.keyserver, 0); /* Do we have it now? */ - rc=get_pubkey_byfprint_fast (NULL, + err = get_pubkey_byfprint_fast (NULL, sig->revkey[idx].fpr, MAX_FINGERPRINT_LEN); } - if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY - || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY) + if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY + || gpg_err_code (err) == GPG_ERR_UNUSABLE_PUBKEY) log_info(_("WARNING: key %s may be revoked:" " revocation key %s not present.\n"), tempkeystr,keystr(keyid)); diff --git a/g10/key-check.c b/g10/key-check.c index d32067b..86b1e76 100644 --- a/g10/key-check.c +++ b/g10/key-check.c @@ -32,6 +32,27 @@ #include "key-check.h" + +/* Print PREFIX followed by TEXT. With mode > 0 use log_info, with + * mode < 0 use ttyio, else print to stdout. If TEXT is not NULL, it + * may be modified by this function. */ +static void +print_info (int mode, const char *prefix, char *text) +{ + char *p; + + if (!text) + text = ""; + else if ((p = strchr (text,'\n'))) + *p = 0; /* Strip LF. */ + + if (mode > 0) + log_info ("%s %s\n", prefix, text); + else + tty_fprintf (mode? NULL:es_stdout, "%s %s\n", prefix, text); +} + + /* Order two signatures. The actual ordering isn't important. Our * goal is to ensure that identical signatures occur together. */ static int @@ -100,7 +121,6 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, int only_selected, int only_selfsigs) { gpg_error_t err; - estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; PKT_public_key *pk; KBNODE n, n_next, *n_prevp, n2; char *pending_desc = NULL; @@ -476,8 +496,9 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, has_selfsig = 1; } - if ((n2 && n2 != last_printed_component) - || (! n2 && last_printed_component != current_component)) + if (DBG_PACKET + && ((n2 && n2 != last_printed_component) + || (! n2 && last_printed_component != current_component))) { int is_reordered = n2 && n2 != current_component; if (n2) @@ -489,36 +510,34 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, ; else if (last_printed_component->pkt->pkttype == PKT_USER_ID) { - tty_fprintf (fp, "uid "); - tty_print_utf8_string2 (fp, - last_printed_component - ->pkt->pkt.user_id->name, - last_printed_component - ->pkt->pkt.user_id->len, 0); + log_debug ("uid "); + print_utf8_buffer (log_get_stream (), + last_printed_component + ->pkt->pkt.user_id->name, + last_printed_component + ->pkt->pkt.user_id->len); + log_flush (); } else if (last_printed_component->pkt->pkttype == PKT_PUBLIC_KEY) - tty_fprintf (fp, "pub %s", - pk_keyid_str (last_printed_component + log_debug ("pub %s\n", + pk_keyid_str (last_printed_component ->pkt->pkt.public_key)); else - tty_fprintf (fp, "sub %s", - pk_keyid_str (last_printed_component - ->pkt->pkt.public_key)); + log_debug ("sub %s\n", + pk_keyid_str (last_printed_component + ->pkt->pkt.public_key)); if (modified) { if (is_reordered) - tty_fprintf (fp, _(" (reordered signatures follow)")); - if (mode > 0) - log_printf ("\n"); - else - tty_fprintf (fp, "\n"); + log_debug ("%s\n", _(" (reordered signatures follow)")); } } - if (modified) - keyedit_print_one_sig (ctrl, fp, rc, kb, n, NULL, NULL, NULL, + if (DBG_PACKET && modified) + keyedit_print_one_sig (ctrl, log_get_stream (), + rc, kb, n, NULL, NULL, NULL, has_selfsig, 0, only_selfsigs); } @@ -624,32 +643,62 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, } } - if (dups || missing_issuer || bad_signature || reordered) - tty_fprintf (fp, _("key %s:\n"), pk_keyid_str (pk)); - - if (dups) - tty_fprintf (fp, - ngettext ("%d duplicate signature removed\n", - "%d duplicate signatures removed\n", dups), dups); - if (missing_issuer) - tty_fprintf (fp, - ngettext ("%d signature not checked due to a missing key\n", - "%d signatures not checked due to missing keys\n", - missing_issuer), missing_issuer); - if (bad_signature) - tty_fprintf (fp, - ngettext ("%d bad signature\n", - "%d bad signatures\n", - bad_signature), bad_signature); - if (reordered) - tty_fprintf (fp, - ngettext ("%d signature reordered\n", - "%d signatures reordered\n", - reordered), reordered); - - if (only_selfsigs && (bad_signature || reordered)) - tty_fprintf (fp, _("Warning: errors found and only checked self-signatures," - " run '%s' to check all signatures.\n"), "check"); + if (!opt.quiet) + { + char prefix[100]; + char *p; + + /* To avoid string changes in 2.2 we strip the LF here. */ + snprintf (prefix, sizeof prefix, _("key %s:\n"), pk_keyid_str (pk)); + p = strrchr (prefix, '\n'); + if (p) + *p = 0; + + if (dups) + { + p = xtryasprintf + (ngettext ("%d duplicate signature removed\n", + "%d duplicate signatures removed\n", dups), dups); + print_info (mode, prefix, p); + xfree (p); + } + + if (missing_issuer) + { + p = xtryasprintf + (ngettext ("%d signature not checked due to a missing key\n", + "%d signatures not checked due to missing keys\n", + missing_issuer), missing_issuer); + print_info (mode, prefix, p); + xfree (p); + } + if (bad_signature) + { + p = xtryasprintf (ngettext ("%d bad signature\n", + "%d bad signatures\n", + bad_signature), bad_signature); + print_info (mode, prefix, p); + xfree (p); + } + + if (reordered) + { + p = xtryasprintf (ngettext ("%d signature reordered\n", + "%d signatures reordered\n", + reordered), reordered); + print_info (mode, prefix, p); + xfree (p); + } + + if (only_selfsigs && (bad_signature || reordered)) + { + p = xtryasprintf + (_("Warning: errors found and only checked self-signatures," + " run '%s' to check all signatures.\n"), "check"); + print_info (mode, prefix, p); + xfree (p); + } + } return modified; } diff --git a/g10/keydb.c b/g10/keydb.c index 0f28bc3..58a14a8 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -96,6 +96,10 @@ struct keydb_handle / keybox_lock, as appropriate). */ int locked; + /* If this flag is set a lock will only be released by + * keydb_release. */ + int keep_lock; + /* The index into ACTIVE of the resources in which the last search result was found. Initially -1. */ int found; @@ -964,6 +968,7 @@ keydb_release (KEYDB_HANDLE hd) log_assert (active_handles > 0); active_handles--; + hd->keep_lock = 0; unlock_all (hd); for (i=0; i < hd->used; i++) { @@ -985,6 +990,24 @@ keydb_release (KEYDB_HANDLE hd) } +/* Take a lock on the files immediately and not only during insert or + * update. This lock is released with keydb_release. */ +gpg_error_t +keydb_lock (KEYDB_HANDLE hd) +{ + gpg_error_t err; + + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); + + err = lock_all (hd); + if (!err) + hd->keep_lock = 1; + + return err; +} + + /* Set a flag on the handle to suppress use of cached results. This * is required for updating a keyring and for key listings. Fixme: * Using a new parameter for keydb_new might be a better solution. */ @@ -1098,7 +1121,7 @@ unlock_all (KEYDB_HANDLE hd) { int i; - if (!hd->locked) + if (!hd->locked || hd->keep_lock) return; for (i=hd->used-1; i >= 0; i--) diff --git a/g10/keydb.h b/g10/keydb.h index f503c99..7393768 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -154,6 +154,10 @@ KEYDB_HANDLE keydb_new (void); /* Free all resources owned by the database handle. */ void keydb_release (KEYDB_HANDLE hd); +/* Take a lock on the files immediately and not only during insert or + * update. This lock is released with keydb_release. */ +gpg_error_t keydb_lock (KEYDB_HANDLE hd); + /* Set a flag on the handle to suppress use of cached results. This is required for updating a keyring and for key listings. Fixme: Using a new parameter for keydb_new might be a better solution. */ @@ -339,8 +343,17 @@ int get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock, /* This function is similar to get_pubkey_byfprint, but it doesn't merge the self-signed data into the public key and subkeys or into the user ids. */ -int get_pubkey_byfprint_fast (PKT_public_key *pk, - const byte *fprint, size_t fprint_len); +gpg_error_t get_pubkey_byfprint_fast (PKT_public_key *pk, + const byte *fprint, size_t fprint_len); + +/* This function is similar to get_pubkey_byfprint, but it doesn't + merge the self-signed data into the public key and subkeys or into + the user ids. */ +gpg_error_t get_keyblock_byfprint_fast (kbnode_t *r_keyblock, + KEYDB_HANDLE *r_hd, + const byte *fprint, size_t fprint_len, + int lock); + /* Returns true if a secret key is available for the public key with key id KEYID. */ diff --git a/g10/keyedit.c b/g10/keyedit.c index 38cdbce..4acb2de 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1223,10 +1223,8 @@ parse_sign_type (const char *str, int *localsig, int *nonrevokesig, /* Need an SK for this command */ #define KEYEDIT_NEED_SK 1 -/* Cannot be viewing the SK for this command */ -#define KEYEDIT_NOT_SK 2 -/* Must be viewing the SK for this command */ -#define KEYEDIT_ONLY_SK 4 +/* Need an SUB KEY for this command */ +#define KEYEDIT_NEED_SUBSK 2 /* Match the tail of the string */ #define KEYEDIT_TAIL_MATCH 8 @@ -1268,12 +1266,12 @@ static struct { "key", cmdSELKEY, 0, N_("select subkey N")}, { "check", cmdCHECK, 0, N_("check signatures")}, { "c", cmdCHECK, 0, NULL}, - { "change-usage", cmdCHANGEUSAGE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "cross-certify", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "backsign", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "sign", cmdSIGN, KEYEDIT_NOT_SK | KEYEDIT_TAIL_MATCH, + { "change-usage", cmdCHANGEUSAGE, KEYEDIT_NEED_SK, NULL}, + { "cross-certify", cmdBACKSIGN, KEYEDIT_NEED_SK, NULL}, + { "backsign", cmdBACKSIGN, KEYEDIT_NEED_SK, NULL}, + { "sign", cmdSIGN, KEYEDIT_TAIL_MATCH, N_("sign selected user IDs [* see below for related commands]")}, - { "s", cmdSIGN, KEYEDIT_NOT_SK, NULL}, + { "s", cmdSIGN, 0, NULL}, /* "lsign" and friends will never match since "sign" comes first and it is a tail match. They are just here so they show up in the help menu. */ @@ -1282,62 +1280,62 @@ static struct { "nrsign", cmdNOP, 0, N_("sign selected user IDs with a non-revocable signature")}, { "debug", cmdDEBUG, 0, NULL}, - { "adduid", cmdADDUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a user ID")}, - { "addphoto", cmdADDPHOTO, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "adduid", cmdADDUID, KEYEDIT_NEED_SK, N_("add a user ID")}, + { "addphoto", cmdADDPHOTO, KEYEDIT_NEED_SK, N_("add a photo ID")}, - { "deluid", cmdDELUID, KEYEDIT_NOT_SK, N_("delete selected user IDs")}, + { "deluid", cmdDELUID, 0, N_("delete selected user IDs")}, /* delphoto is really deluid in disguise */ - { "delphoto", cmdDELUID, KEYEDIT_NOT_SK, NULL}, - { "addkey", cmdADDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a subkey")}, + { "delphoto", cmdDELUID, 0, NULL}, + { "addkey", cmdADDKEY, KEYEDIT_NEED_SK, N_("add a subkey")}, #ifdef ENABLE_CARD_SUPPORT - { "addcardkey", cmdADDCARDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "addcardkey", cmdADDCARDKEY, KEYEDIT_NEED_SK, N_("add a key to a smartcard")}, - { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK, + { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("move a key to a smartcard")}, - { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK, + { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("move a backup key to a smartcard")}, #endif /*ENABLE_CARD_SUPPORT */ - { "delkey", cmdDELKEY, KEYEDIT_NOT_SK, N_("delete selected subkeys")}, - { "addrevoker", cmdADDREVOKER, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "delkey", cmdDELKEY, 0, N_("delete selected subkeys")}, + { "addrevoker", cmdADDREVOKER, KEYEDIT_NEED_SK, N_("add a revocation key")}, - { "delsig", cmdDELSIG, KEYEDIT_NOT_SK, + { "delsig", cmdDELSIG, 0, N_("delete signatures from the selected user IDs")}, - { "expire", cmdEXPIRE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "expire", cmdEXPIRE, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("change the expiration date for the key or selected subkeys")}, - { "primary", cmdPRIMARY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "primary", cmdPRIMARY, KEYEDIT_NEED_SK, N_("flag the selected user ID as primary")}, { "toggle", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, /* Dummy command. */ { "t", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, - { "pref", cmdPREF, KEYEDIT_NOT_SK, N_("list preferences (expert)")}, - { "showpref", cmdSHOWPREF, KEYEDIT_NOT_SK, N_("list preferences (verbose)")}, - { "setpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "pref", cmdPREF, 0, N_("list preferences (expert)")}, + { "showpref", cmdSHOWPREF, 0, N_("list preferences (verbose)")}, + { "setpref", cmdSETPREF, KEYEDIT_NEED_SK, N_("set preference list for the selected user IDs")}, - { "updpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "keyserver", cmdPREFKS, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "updpref", cmdSETPREF, KEYEDIT_NEED_SK, NULL}, + { "keyserver", cmdPREFKS, KEYEDIT_NEED_SK, N_("set the preferred keyserver URL for the selected user IDs")}, - { "notation", cmdNOTATION, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "notation", cmdNOTATION, KEYEDIT_NEED_SK, N_("set a notation for the selected user IDs")}, - { "passwd", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "passwd", cmdPASSWD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("change the passphrase")}, - { "password", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, + { "password", cmdPASSWD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, NULL}, #ifndef NO_TRUST_MODELS - { "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")}, + { "trust", cmdTRUST, 0, N_("change the ownertrust")}, #endif /*!NO_TRUST_MODELS*/ - { "revsig", cmdREVSIG, KEYEDIT_NOT_SK, + { "revsig", cmdREVSIG, 0, N_("revoke signatures on the selected user IDs")}, - { "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "revuid", cmdREVUID, KEYEDIT_NEED_SK, N_("revoke selected user IDs")}, - { "revphoto", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "revkey", cmdREVKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "revphoto", cmdREVUID, KEYEDIT_NEED_SK, NULL}, + { "revkey", cmdREVKEY, KEYEDIT_NEED_SK, N_("revoke key or selected subkeys")}, #ifndef NO_TRUST_MODELS - { "enable", cmdENABLEKEY, KEYEDIT_NOT_SK, N_("enable key")}, - { "disable", cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key")}, + { "enable", cmdENABLEKEY, 0, N_("enable key")}, + { "disable", cmdDISABLEKEY, 0, N_("disable key")}, #endif /*!NO_TRUST_MODELS*/ { "showphoto", cmdSHOWPHOTO, 0, N_("show selected photo IDs")}, - { "clean", cmdCLEAN, KEYEDIT_NOT_SK, + { "clean", cmdCLEAN, 0, N_("compact unusable user IDs and remove unusable signatures from key")}, - { "minimize", cmdMINIMIZE, KEYEDIT_NOT_SK, + { "minimize", cmdMINIMIZE, 0, N_("compact unusable user IDs and remove all signatures from key")}, { NULL, cmdNONE, 0, NULL} @@ -1406,6 +1404,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, KBNODE keyblock = NULL; KEYDB_HANDLE kdbhd = NULL; int have_seckey = 0; + int have_anyseckey = 0; char *answer = NULL; int redisplay = 1; int modified = 0; @@ -1448,9 +1447,18 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, /* See whether we have a matching secret key. */ if (seckey_check) { - have_seckey = !agent_probe_any_secret_key (ctrl, keyblock); + have_anyseckey = !agent_probe_any_secret_key (ctrl, keyblock); + if (have_anyseckey + && !agent_probe_secret_key (ctrl, keyblock->pkt->pkt.public_key)) + { + /* The primary key is also available. */ + have_seckey = 1; + } + if (have_seckey && !quiet) - tty_printf (_("Secret key is available.\n")); + tty_printf (_("Secret key is available.\n")); + else if (have_anyseckey && !quiet) + tty_printf (_("Secret subkeys are available.\n")); } /* Main command loop. */ @@ -1548,12 +1556,14 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, else if (!ascii_strcasecmp (answer, cmds[i].name)) break; } - if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey) + if ((cmds[i].flags & (KEYEDIT_NEED_SK|KEYEDIT_NEED_SUBSK)) + && !(((cmds[i].flags & KEYEDIT_NEED_SK) && have_seckey) + || ((cmds[i].flags & KEYEDIT_NEED_SUBSK) && have_anyseckey))) { tty_printf (_("Need the secret key to do this.\n")); cmd = cmdNOP; } - else + else cmd = cmds[i].id; } @@ -1563,7 +1573,9 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, case cmdHELP: for (i = 0; cmds[i].name; i++) { - if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey) + if ((cmds[i].flags & (KEYEDIT_NEED_SK|KEYEDIT_NEED_SUBSK)) + && !(((cmds[i].flags & KEYEDIT_NEED_SK) && have_seckey) + ||((cmds[i].flags&KEYEDIT_NEED_SUBSK)&&have_anyseckey))) ; /* Skip those item if we do not have the secret key. */ else if (cmds[i].desc) tty_printf ("%-11s %s\n", cmds[i].name, _(cmds[i].desc)); diff --git a/g10/keygen.c b/g10/keygen.c index 2b17a1e..38686b2 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -90,7 +90,8 @@ enum para_name { pCARDBACKUPKEY, pHANDLE, pKEYSERVER, - pKEYGRIP + pKEYGRIP, + pSUBKEYGRIP, }; struct para_data_s { @@ -3649,6 +3650,8 @@ read_parameter_file (ctrl_t ctrl, const char *fname ) { "Handle", pHANDLE }, { "Keyserver", pKEYSERVER }, { "Keygrip", pKEYGRIP }, + { "Key-Grip", pKEYGRIP }, + { "Subkey-grip", pSUBKEYGRIP }, { NULL, 0 } }; IOBUF fp; @@ -4697,8 +4700,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, if (!err && card && get_parameter (para, pAUTHKEYTYPE)) { err = gen_card_key (3, get_parameter_algo( para, pAUTHKEYTYPE, NULL ), - 0, pub_root, ×tamp, - get_parameter_u32 (para, pKEYEXPIRE)); + 0, pub_root, ×tamp, expire); if (!err) err = write_keybinding (ctrl, pub_root, pri_psk, NULL, PUBKEY_USAGE_AUTH, timestamp, cache_nonce); @@ -4706,11 +4708,18 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, if (!err && get_parameter (para, pSUBKEYTYPE)) { - sub_psk = NULL; + int subkey_algo = get_parameter_algo (para, pSUBKEYTYPE, NULL); + s = NULL; - if (!card || (s = get_parameter_value (para, pCARDBACKUPKEY))) + key_from_hexgrip = get_parameter_value (para, pSUBKEYGRIP); + if (key_from_hexgrip) + err = do_create_from_keygrip (ctrl, subkey_algo, key_from_hexgrip, + pub_root, timestamp, + get_parameter_u32 (para, pSUBKEYEXPIRE), + 1); + else if (!card || (s = get_parameter_value (para, pCARDBACKUPKEY))) { - err = do_create (get_parameter_algo (para, pSUBKEYTYPE, NULL), + err = do_create (subkey_algo, get_parameter_uint (para, pSUBKEYLENGTH), get_parameter_value (para, pSUBKEYCURVE), pub_root, @@ -4736,9 +4745,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, } else { - err = gen_card_key (2, get_parameter_algo (para, pSUBKEYTYPE, NULL), - 0, pub_root, ×tamp, - get_parameter_u32 (para, pKEYEXPIRE)); + err = gen_card_key (2, subkey_algo, 0, pub_root, ×tamp, expire); } if (!err) @@ -5051,6 +5058,9 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/, &cache_nonce, &passwd_nonce); xfree (desc); + if (gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED + && gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT) + err = 0; /* Very likely that the key is on a card. */ if (err) goto leave; } @@ -354,7 +354,7 @@ gpg_error_t read_key_from_file (ctrl_t ctrl, const char *fname, void import_keys (ctrl_t ctrl, char **fnames, int nnames, import_stats_t stats_hd, unsigned int options, int origin, const char *url); -int import_keys_es_stream (ctrl_t ctrl, estream_t fp, +gpg_error_t import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, unsigned int options, diff --git a/g10/pkclist.c b/g10/pkclist.c index 67d932e..220936c 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -826,6 +826,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, { int rc; PKT_public_key *pk; + KBNODE keyblock = NULL; if (!name || !*name) return gpg_error (GPG_ERR_INV_USER_ID); @@ -838,7 +839,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, if (from_file) rc = get_pubkey_fromfile (ctrl, pk, name); else - rc = get_best_pubkey_byname (ctrl, NULL, pk, name, NULL, 0, 0); + rc = get_best_pubkey_byname (ctrl, NULL, pk, name, &keyblock, 0, 0); if (rc) { int code; @@ -861,6 +862,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, if (rc) { /* Key found but not usable for us (e.g. sign-only key). */ + release_kbnode (keyblock); send_status_inv_recp (3, name); /* Wrong key usage */ log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) ); free_public_key (pk); @@ -872,7 +874,8 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, { int trustlevel; - trustlevel = get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1); + trustlevel = get_validity (ctrl, keyblock, pk, pk->user_id, NULL, 1); + release_kbnode (keyblock); if ( (trustlevel & TRUST_FLAG_DISABLED) ) { /* Key has been disabled. */ diff --git a/g10/trust.c b/g10/trust.c index ee6078b..6d4f0e7 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -66,6 +66,26 @@ register_trusted_key (const char *string) #ifdef NO_TRUST_MODELS (void)string; #else + + /* Some users have conf files with entries like + * trusted-key 0x1234567812345678 # foo + * That is obviously wrong. Before fixing bug#1206 trailing garbage + * on a key specification if was ignored. We detect the above use case + * here and cut off the junk-looking-like-a comment. */ + if (strchr (string, '#')) + { + char *buf; + + buf = xtrystrdup (string); + if (buf) + { + *strchr (buf, '#') = 0; + tdb_register_trusted_key (buf); + xfree (buf); + return; + } + } + tdb_register_trusted_key (string); #endif } @@ -1505,6 +1505,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Quina grandària voleu? (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "arrodonida fins a %u bits\n" @@ -2849,14 +2853,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "clau %08lX: no correspon a la nostra còpia\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "clau %08lX: no s'ha trobat el bloc de claus original: %s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "clau %08lX: no s'ha pogut llegir el bloc de claus original: %s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "clau %08lX: «%s» 1 ID d'usuari nou\n" @@ -2945,6 +2941,14 @@ msgstr "" "clau %08lX: falta la clau pública: no es pot aplicar el certificat\n" "de revocació\n" +#, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "clau %08lX: no s'ha trobat el bloc de claus original: %s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "clau %08lX: no s'ha pogut llegir el bloc de claus original: %s\n" + # O «rebutjara»? ivb # Per tots els canvis d'anglicisme «ignorat» -> «es descarta», # «es rebutja» està bé. jm @@ -3466,6 +3470,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "La clau secreta està disponible.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "La clau secreta està disponible.\n" + msgid "Need the secret key to do this.\n" msgstr "Cal la clau secreta per a fer açò.\n" @@ -35,7 +35,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg2 2.1.10\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2015-12-07 20:45+0100\n" +"PO-Revision-Date: 2017-11-02 17:38+0100\n" "Last-Translator: Petr Pisar <petr.pisar@atlas.cz>\n" "Language-Team: Czech <gnupg-i18n@gnupg.org>\n" "Language: cs\n" @@ -1393,6 +1393,11 @@ msgstr "Jakou délku klíče pro šifrování si přejete? (%u) " msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Jakou délku klíče pro autentizaci si přejete? (%u) " +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "Karta bude nyní přenastavena na generování klíče dlouhého %u bitů\n" + #, c-format msgid "rounded up to %u bits\n" msgstr "zaokrouhleno na %u bitů\n" @@ -2670,14 +2675,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "klíč %s: neodpovídá naší kopii\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "klíč %s: nemohu najít originální blok klíče: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "klíč %s: nemohu číst originální blok klíče: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "klíč %s: „%s“ 1 nový identifikátor uživatele\n" @@ -2763,6 +2760,14 @@ msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "klíč %s: chybí veřejný klíč – nemohu aplikovat revokační certifikát\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "klíč %s: nemohu najít originální blok klíče: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "klíč %s: nemohu číst originální blok klíče: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "klíč %s: neplatný revokační certifikát: %s – zamítnuto\n" @@ -3214,6 +3219,11 @@ msgstr "směstnat nepoužitelná ID uživatelů a odstranit z klíče všechny msgid "Secret key is available.\n" msgstr "Tajný klíč je dostupný.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Tajný klíč je dostupný.\n" + msgid "Need the secret key to do this.\n" msgstr "Pro provedení této operace je potřeba tajný klíč.\n" @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2012-11-01 20:27+0200\n" +"PO-Revision-Date: 2017-11-02 17:39+0100\n" "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n" "Language: da\n" @@ -1451,11 +1451,6 @@ msgstr "fejl ved indhentelse af aktuel nøgleinformation: %s\n" msgid "Replace existing key? (y/N) " msgstr "Erstat eksisterende nøgle? (j/N) " -#, fuzzy -#| msgid "" -#| "NOTE: There is no guarantee that the card supports the requested size.\n" -#| " If the key generation does not succeed, please check the\n" -#| " documentation of your card to see what sizes are allowed.\n" msgid "" "Note: There is no guarantee that the card supports the requested size.\n" " If the key generation does not succeed, please check the\n" @@ -1478,6 +1473,11 @@ msgstr "Hvilken nøglestørrelse ønsker du for krypteringsnøglen? (%u) " msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Hvilken nøglestørrelse ønsker du for godkendelsesnøglen? (%u) " +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "Kortet vil nu blive omkonfigureret til at oprette en nøgle på %u bit\n" + #, c-format msgid "rounded up to %u bits\n" msgstr "afrundet op til %u bit\n" @@ -2811,14 +2811,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "nøgle %s: stemmer ikke med vores kopi\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "nøgle %s: kan ikke lokalisere original nøgleblok: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "nøgle %s: kan ikke læse original nøgleblok: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "nøgle %s: »%s« 1 ny bruger-id\n" @@ -2908,6 +2900,14 @@ msgstr "" "nøgle %s: ingen offentlig nøgle - kan ikke anvende tilbagekaldscertifikat\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "nøgle %s: kan ikke lokalisere original nøgleblok: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "nøgle %s: kan ikke læse original nøgleblok: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "nøgle %s: ugyldigt tilbagekaldscertifikat: %s - afvist\n" @@ -3382,6 +3382,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Hemmelig nøgle er tilgængelig.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Hemmelig nøgle er tilgængelig.\n" + msgid "Need the secret key to do this.\n" msgstr "Har brug for den hemmelige nøgle for dette.\n" @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-2.1.0\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2017-08-09 12:49+0200\n" +"PO-Revision-Date: 2017-11-02 17:36+0100\n" "Last-Translator: Werner Koch <wk@gnupg.org>\n" "Language-Team: German <de@li.org>\n" "Language: de\n" @@ -194,7 +194,7 @@ msgid "failed to create stream from socket: %s\n" msgstr "Das Erzeugen eines Datenstroms aus dem Socket schlug fehl: %s\n" msgid "Please insert the card with serial number" -msgstr "Die legen Sie die Karte mit der folgenden Seriennummer ein:" +msgstr "Bitte legen Sie die Karte mit der folgenden Seriennummer ein" msgid "Please remove the current card and insert the one with serial number" msgstr "" @@ -1378,6 +1378,10 @@ msgstr "" "Welche Schlüssellänge wünschen Sie für den Authentisierungs-Schlüssel? (%u) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "Die Karte wird nun rekonfiguriert für einen Schlüssel des Typs: %s\n" + +#, c-format msgid "rounded up to %u bits\n" msgstr "aufgerundet auf %u Bit\n" @@ -2629,14 +2633,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "Schlüssel %s: Stimmt nicht mit unserer Kopie überein\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "Schlüssel %s: der originale Schlüsselblock wurde nicht gefunden: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "Schlüssel %s: Lesefehler im originalen Schlüsselblock: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "Schlüssel %s: \"%s\" 1 neue User-ID\n" @@ -2727,6 +2723,14 @@ msgstr "" "angebracht werden\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "Schlüssel %s: der originale Schlüsselblock wurde nicht gefunden: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "Schlüssel %s: Lesefehler im originalen Schlüsselblock: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "Schlüssel %s: Ungültiges Widerrufzertifikat: %s - zurückgewiesen\n" @@ -3191,6 +3195,9 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Geheimer Schlüssel ist vorhanden.\n" +msgid "Secret subkeys are available.\n" +msgstr "Geheimer Unterschlüssel ist vorhanden.\n" + msgid "Need the secret key to do this.\n" msgstr "Hierzu wird der geheime Schlüssel benötigt.\n" @@ -5841,8 +5848,6 @@ msgstr "" "WARNUNG: Wir müssen noch eine mit diesem Schlüssel signierte Nachricht " "sehen.\n" -#, fuzzy -#| msgid "Warning: we've only seen a single message signed by this key!\n" msgid "" "Warning: we've only seen one message signed using this key and user id!\n" msgstr "" @@ -1440,6 +1440,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Τι μέγεθος κλειδιού θα θέλατε; (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "στρογγυλοποιήθηκε έως τα %u bits\n" @@ -2771,14 +2775,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "κλειδί %08lX: δεν ταιριάζει με το αντίγραφο μας\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "κλειδί %08lX: αδυναμία εντοπισμού του αρχικού τμήματος κλειδιού: %s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "κλειδί %08lX: αδυναμία ανάγνωσης του αρχικού τμήματος κλειδιού: %s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "κλειδί %08lX: \"%s\" 1 νέο user ID\n" @@ -2868,6 +2864,14 @@ msgstr "" "ανάκλησης\n" #, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "κλειδί %08lX: αδυναμία εντοπισμού του αρχικού τμήματος κλειδιού: %s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "κλειδί %08lX: αδυναμία ανάγνωσης του αρχικού τμήματος κλειδιού: %s\n" + +#, fuzzy, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "κλειδί %08lX: μη έγκυρο πιστοποιητικό ανάκλησης: %s - απόρριψη\n" @@ -3373,6 +3377,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Το μυστικό κλειδί είναι διαθέσιμο.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Το μυστικό κλειδί είναι διαθέσιμο.\n" + msgid "Need the secret key to do this.\n" msgstr "Απαιτείται το μυστικό κλειδί για να γίνει αυτό.\n" @@ -1442,6 +1442,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Kiun ŝlosilgrandon vi deziras? (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "rondigita ĝis %u bitoj\n" @@ -2752,14 +2756,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "ŝlosilo %08lX: diferencas de nia kopio\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "ŝlosilo %08lX: ne povas trovi originalan ŝlosilblokon: %s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "ŝlosilo %08lX: ne povas legi originalan ŝlosilblokon: %s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "ŝlosilo %08lX: 1 nova uzantidentigilo\n" @@ -2848,6 +2844,14 @@ msgstr "" "ŝlosilo %08lX: publika ŝlosilo mankas - ne povas apliki revokatestilon\n" #, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "ŝlosilo %08lX: ne povas trovi originalan ŝlosilblokon: %s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "ŝlosilo %08lX: ne povas legi originalan ŝlosilblokon: %s\n" + +#, fuzzy, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "ŝlosilo %08lX: nevalida revokatestilo: %s - malakceptita\n" @@ -3357,6 +3361,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Sekreta ŝlosilo estas havebla.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Sekreta ŝlosilo estas havebla.\n" + msgid "Need the secret key to do this.\n" msgstr "Bezonas la sekretan ŝlosilon por fari tion.\n" @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.0.9\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2015-10-09 17:10+0200\n" +"PO-Revision-Date: 2017-11-02 17:39+0100\n" "Last-Translator: Jaime Suárez <jaime.suma@gmail.com>\n" "Language-Team: Spanish <es@li.org>\n" "Language: es\n" @@ -1469,11 +1469,6 @@ msgstr "error obteniendo la información actual de la clave: %s\n" msgid "Replace existing key? (y/N) " msgstr "¿Reemplazar la clave existente? (s/N) " -#, fuzzy -#| msgid "" -#| "NOTE: There is no guarantee that the card supports the requested size.\n" -#| " If the key generation does not succeed, please check the\n" -#| " documentation of your card to see what sizes are allowed.\n" msgid "" "Note: There is no guarantee that the card supports the requested size.\n" " If the key generation does not succeed, please check the\n" @@ -1495,6 +1490,11 @@ msgstr "¿De qué tamaño quiere la clave de Cifrado? (%u) " msgid "What keysize do you want for the Authentication key? (%u) " msgstr "¿De qué tamaño quiere la clave de Autenticación? (%u) " +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "Ahora la tarjeta se reconfigurará para generar una clave de %u bits\n" + #, c-format msgid "rounded up to %u bits\n" msgstr "redondeados a %u bits\n" @@ -2840,14 +2840,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "clave %s: no coincide con nuestra copia\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "clave %s: no puede localizarse el bloque de claves original: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "clave %s: no puede leerse el bloque de claves original: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "clave %s: \"%s\" 1 ID de usuario nuevo\n" @@ -2938,6 +2930,14 @@ msgstr "" "certificado de revocación\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "clave %s: no puede localizarse el bloque de claves original: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "clave %s: no puede leerse el bloque de claves original: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "clave %s: certificado de revocación inválido: %s - rechazado\n" @@ -3395,6 +3395,11 @@ msgstr "compactar IDs inutilizables y borrar todas las firmas de la clave" msgid "Secret key is available.\n" msgstr "Clave secreta disponible.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Clave secreta disponible.\n" + msgid "Need the secret key to do this.\n" msgstr "Se necesita la clave secreta para hacer esto.\n" @@ -1436,6 +1436,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Millist võtmepikkust te soovite? (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "ümardatud üles %u bitini\n" @@ -2756,14 +2760,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "võti %08lX: ei sobi meie koopiaga\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "võti %08lX: ei leia algset võtmeblokki: %s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "võti %08lX: ei õnnestu lugeda algset võtmeblokki: %s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "võti %08lX: \"%s\" 1 uus kasutaja ID\n" @@ -2852,6 +2848,14 @@ msgstr "" "võti %08lX: avalik võti puudub - tühistamise sertifikaati ei saa rakendada\n" #, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "võti %08lX: ei leia algset võtmeblokki: %s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "võti %08lX: ei õnnestu lugeda algset võtmeblokki: %s\n" + +#, fuzzy, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "võti %08lX: vigane tühistamise sertifikaat: %s - lükkasin tagasi\n" @@ -3346,6 +3350,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Salajane võti on kasutatav.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Salajane võti on kasutatav.\n" + msgid "Need the secret key to do this.\n" msgstr "Selle tegamiseks on vaja salajast võtit.\n" @@ -1455,6 +1455,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Minkä kokoisen avaimen haluat? (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "pyöristetty %u bittiin\n" @@ -2773,14 +2777,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "avain %08lX: ei vastaa omaa kopiotamme\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "avain %08lX: alkuperäistä avainlohkoa ei löydy: %s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "avain %08lX. alkuperäisen avainlohko lukeminen ei onnistu: %s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "avain %08lX: \"%s\" 1 uusi käyttäjätunnus\n" @@ -2869,6 +2865,14 @@ msgstr "" "avain %08lX: ei julkista avainta - mitätöintivarmennetta ei voida käyttää\n" #, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "avain %08lX: alkuperäistä avainlohkoa ei löydy: %s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "avain %08lX. alkuperäisen avainlohko lukeminen ei onnistu: %s\n" + +#, fuzzy, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "avain %08lX: pätemätön mitätöintivarmenne: %s - hylätty\n" @@ -3366,6 +3370,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Salainen avain on saatavilla.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Salainen avain on saatavilla.\n" + msgid "Need the secret key to do this.\n" msgstr "Tähän tarvitaan salainen avain.\n" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.1\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2015-09-10 16:22+0200\n" +"PO-Revision-Date: 2017-11-02 17:40+0100\n" "Last-Translator: David Prévot <david@tilapin.org>\n" "Language-Team: French <traduc@traduc.org>\n" "Language: fr\n" @@ -1403,6 +1403,12 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "" "Quelle taille de clef désirez-vous pour la clef d'authentification ? (%u) " +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" +"La carte sera maintenant reconfigurée pour générer une clef de %u bits\n" + #, c-format msgid "rounded up to %u bits\n" msgstr "arrondie à %u bits\n" @@ -2710,14 +2716,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "clef %s : ne correspond pas à notre copie\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "clef %s : impossible de trouver le bloc de clef d'origine : %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "clef %s : impossible de lire le bloc de clef d'origine : %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "clef %s : « %s » 1 nouvelle identité\n" @@ -2805,6 +2803,14 @@ msgstr "" " de révocation\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "clef %s : impossible de trouver le bloc de clef d'origine : %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "clef %s : impossible de lire le bloc de clef d'origine : %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "clef %s : certificat de révocation incorrect : %s — rejeté\n" @@ -3265,6 +3271,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "La clef secrète est disponible.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "La clef secrète est disponible.\n" + msgid "Need the secret key to do this.\n" msgstr "La clef secrète est nécessaire pour faire cela.\n" @@ -1445,6 +1445,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "¿Qué tamaño de chave quere? (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "redondeado a %u bits\n" @@ -2765,18 +2769,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "chave %08lX: non coincide coa nosa copia\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "" -"chave %08lX: non foi posible localiza-lo bloque de chaves original:\n" -"%s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "" -"chave %08lX: non foi posible le-lo bloque de chaves original:\n" -"%s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "chave %08lX: \"%s\" 1 novo ID de usuario\n" @@ -2866,6 +2858,18 @@ msgstr "" "certificado de revocación\n" #, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "" +"chave %08lX: non foi posible localiza-lo bloque de chaves original:\n" +"%s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "" +"chave %08lX: non foi posible le-lo bloque de chaves original:\n" +"%s\n" + +#, fuzzy, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "" "chave %08lX: certificado de revocación incorrecto:\n" @@ -3370,6 +3374,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "A chave secreta está disponible.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "A chave secreta está disponible.\n" + msgid "Need the secret key to do this.\n" msgstr "Cómpre a chave secreta para facer isto.\n" @@ -1436,6 +1436,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Milyen kulcsméretet szeretne? (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "Felkerekítve %u bitre.\n" @@ -2753,14 +2757,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "%08lX kulcs: Nem egyezik a mi másolatunkkal!\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "%08lX kulcs: Nem találom az eredeti kulcsblokkot: %s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "%08lX kulcs: Nem tudom beolvasni az eredeti kulcsblokkot: %s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "%08lX kulcs: \"%s\" 1 új felhasználói azonosító.\n" @@ -2849,6 +2845,14 @@ msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "%08lX kulcs: Nincs nyilvános kulcs - nem tudok visszavonni.\n" #, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "%08lX kulcs: Nem találom az eredeti kulcsblokkot: %s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "%08lX kulcs: Nem tudom beolvasni az eredeti kulcsblokkot: %s\n" + +#, fuzzy, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "%08lX kulcs: Érvénytelen visszavonó igazolás: %s - visszautasítva.\n" @@ -3345,6 +3349,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Titkos kulcs rendelkezésre áll.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Titkos kulcs rendelkezésre áll.\n" + msgid "Need the secret key to do this.\n" msgstr "Ehhez szükség van a titkos kulcsra.\n" @@ -1442,6 +1442,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Keysize yang anda inginkan? (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "dibulatkan hingga %u bit\n" @@ -2758,14 +2762,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "kunci %08lX: tidak cocok dengan duplikat kami\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "kunci %08lX: tidak dapat menemukan keyblock orisinal: %s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "kunci %08lX: tidak dapat membaca keyblok orisinal: %s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "kunci %08lX: 1 user ID baru \"%s\"\n" @@ -2855,6 +2851,14 @@ msgstr "" "pembatalan\n" #, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "kunci %08lX: tidak dapat menemukan keyblock orisinal: %s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "kunci %08lX: tidak dapat membaca keyblok orisinal: %s\n" + +#, fuzzy, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "kunci %08lX: sertifikat pembatalan tidak valid: %s - ditolak\n" @@ -3350,6 +3354,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Kunci rahasia tersedia.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Kunci rahasia tersedia.\n" + msgid "Need the secret key to do this.\n" msgstr "Perlu kunci rahasia untuk melakukan hal ini.\n" @@ -1440,6 +1440,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Di che dimensioni vuoi la chiave? (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "arrotondate a %u bit\n" @@ -2764,14 +2768,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "chiave %08lX: non corrisponde alla nostra copia\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "chiave %08lX: impossibile individuare il keyblock originale: %s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "chiave %08lX: impossibile leggere il keyblock originale: %s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "chiave %08lX: \"%s\" 1 nuovo user ID\n" @@ -2861,6 +2857,14 @@ msgstr "" "certificato di revoca\n" #, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "chiave %08lX: impossibile individuare il keyblock originale: %s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "chiave %08lX: impossibile leggere il keyblock originale: %s\n" + +#, fuzzy, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "chiave %08lX: certificato di revoca non valido: %s - rifiutato\n" @@ -3357,6 +3361,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "È disponibile una chiave segreta.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "È disponibile una chiave segreta.\n" + msgid "Need the secret key to do this.\n" msgstr "Per fare questo serve la chiave segreta.\n" @@ -8,9 +8,9 @@ # msgid "" msgstr "" -"Project-Id-Version: gnupg 2.1.23\n" +"Project-Id-Version: gnupg 2.2.2\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2017-08-22 11:22+0900\n" +"PO-Revision-Date: 2017-11-07 11:11+0900\n" "Last-Translator: NIIBE Yutaka <gniibe@fsij.org>\n" "Language-Team: none\n" "Language: ja\n" @@ -1340,6 +1340,11 @@ msgstr "暗号化鍵の鍵長は? (%u) " msgid "What keysize do you want for the Authentication key? (%u) " msgstr "認証鍵の鍵長は? (%u) " +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "今、%uビットの鍵を生成するようにカードは再コンフィグされました\n" + #, c-format msgid "rounded up to %u bits\n" msgstr "%uビットに切り上げます\n" @@ -2545,14 +2550,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "鍵%s: こちらの複製と合いません\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "鍵%s: 元の鍵ブロックに位置づけできません: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "鍵%s: 元の鍵ブロックを読み込めません: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "鍵%s: \"%s\" 新しいユーザIDを1個\n" @@ -2638,6 +2635,14 @@ msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "鍵%s: 公開鍵がありません - 失効証明書を適用できません\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "鍵%s: 元の鍵ブロックに位置づけできません: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "鍵%s: 元の鍵ブロックを読み込めません: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "鍵%s: 無効な失効証明書: %s - 拒否\n" @@ -3079,6 +3084,9 @@ msgstr "使えないユーザIDをコンパクトにし、すべての署名を msgid "Secret key is available.\n" msgstr "秘密鍵が利用できます。\n" +msgid "Secret subkeys are available.\n" +msgstr "秘密副鍵が利用できます。\n" + msgid "Need the secret key to do this.\n" msgstr "この実行には秘密鍵がいります。\n" @@ -11,7 +11,7 @@ msgid "" msgstr "" "Project-Id-Version: GNU gnupg 2.1\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2017-08-15 10:19+0200\n" +"PO-Revision-Date: 2017-11-02 17:40+0100\n" "Last-Translator: Åka Sikrom <a4@hush.com>\n" "Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n" "Language: nb\n" @@ -1343,6 +1343,11 @@ msgstr "Hvor stor skal krypteringsnøkkelen være? (%u) " msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Hvor stor skal autentiseringsnøkkelen være? (%u) " +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "Kortet blir nå satt opp på nytt for å lage nøkkel på %u bit\n" + #, c-format msgid "rounded up to %u bits\n" msgstr "rundet opp til %u bit\n" @@ -2556,14 +2561,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "nøkkel %s: stemmer ikke med vår kopi\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "nøkkel %s: finner ikke original nøkkelblokk: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "nøkkel %s: klarte ikke å lese opprinnelig nøkkelblokk: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "nøkkel %s: «%s» 1 ny bruker-ID\n" @@ -2652,6 +2649,14 @@ msgstr "" "opphevelsessertifikat\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "nøkkel %s: finner ikke original nøkkelblokk: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "nøkkel %s: klarte ikke å lese opprinnelig nøkkelblokk: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "nøkkel %s: ugyldig opphevingssertifikat: %s - avvist\n" @@ -3103,6 +3108,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Hemmelig nøkkel er tilgjengelig.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Hemmelig nøkkel er tilgjengelig.\n" + msgid "Need the secret key to do this.\n" msgstr "Du trenger tilhørende hemmelig nøkkel for å gjøre dette.\n" @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-2.0.20\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2017-02-22 16:03+0100\n" +"PO-Revision-Date: 2017-11-02 17:41+0100\n" "Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n" "Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n" "Language: pl\n" @@ -1438,11 +1438,6 @@ msgstr "błąd podczas odczytu aktualnych informacji o kluczu: %s\n" msgid "Replace existing key? (y/N) " msgstr "Zastąpić istniejący klucz? (t/N) " -#, fuzzy -#| msgid "" -#| "NOTE: There is no guarantee that the card supports the requested size.\n" -#| " If the key generation does not succeed, please check the\n" -#| " documentation of your card to see what sizes are allowed.\n" msgid "" "Note: There is no guarantee that the card supports the requested size.\n" " If the key generation does not succeed, please check the\n" @@ -1464,6 +1459,11 @@ msgstr "Jakiej długości klucz do szyfrowania wygenerować? (%u) " msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Jakiej długości klucz do uwierzytelniania wygenerować? (%u) " +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "Karta zostanie przekonfigurowana do tworzenia klucza %u-bitowego\n" + #, c-format msgid "rounded up to %u bits\n" msgstr "zaokrąglono do %u bitów\n" @@ -2817,14 +2817,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "klucz %s: nie zgadza się z lokalną kopią\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "klucz %s: brak oryginalnego bloku klucza; %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "klucz %s: nie można odczytać oryginalnego bloku klucza: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "klucz %s: ,,%s'' 1 nowy identyfikator użytkownika\n" @@ -2915,6 +2907,14 @@ msgstr "" " unieważnienia\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "klucz %s: brak oryginalnego bloku klucza; %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "klucz %s: nie można odczytać oryginalnego bloku klucza: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "klucz %s: niepoprawny certyfikat unieważnienia: %s - odrzucony\n" @@ -3391,6 +3391,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Dostępny jest klucz tajny.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Dostępny jest klucz tajny.\n" + msgid "Need the secret key to do this.\n" msgstr "Do wykonania tej operacji potrzebny jest klucz tajny.\n" @@ -1441,6 +1441,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Qual o tamanho de chave desejado? (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "arredondado para %u bits\n" @@ -2758,14 +2762,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "chave %08lX: não corresponde à nossa cópia\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "chave %08lX: impossível localizar bloco de chaves original: %s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "chave %08lX: impossível ler bloco de chaves original: %s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "chave %8lX: \"%s\" 1 novo ID de utilizador\n" @@ -2855,6 +2851,14 @@ msgstr "" "de revogação\n" #, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "chave %08lX: impossível localizar bloco de chaves original: %s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "chave %08lX: impossível ler bloco de chaves original: %s\n" + +#, fuzzy, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "chave %08lX: certificado de revogação inválido: %s - rejeitado\n" @@ -3356,6 +3360,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Chave secreta disponível.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Chave secreta disponível.\n" + msgid "Need the secret key to do this.\n" msgstr "A chave secreta é necessária para fazer isto.\n" @@ -1446,6 +1446,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Ce lungime de cheie doriţi? (%u) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "rotunjită prin adaos la %u biţi\n" @@ -2798,14 +2802,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "cheia %s: nu se potriveşte cu copia noastră\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "cheia %s: nu pot găsi keyblock-ul original: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "cheia %s: nu pot citi keyblock-ul original: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "cheia %s: \"%s\" 1 nou ID utilizator\n" @@ -2894,6 +2890,14 @@ msgstr "" "cheia %s: nici o cheie publică - nu pot aplica certificatul de revocare\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "cheia %s: nu pot găsi keyblock-ul original: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "cheia %s: nu pot citi keyblock-ul original: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "cheia %s: certificat de revocare invalid: %s - respins\n" @@ -3358,6 +3362,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Cheia secretă este disponibilă.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Cheia secretă este disponibilă.\n" + msgid "Need the secret key to do this.\n" msgstr "Aveţi nevoie de cheia secretă pentru a face aceasta.\n" @@ -9,9 +9,9 @@ # Designated-Translator: none msgid "" msgstr "" -"Project-Id-Version: GnuPG 2.1.0\n" +"Project-Id-Version: GnuPG 2.2.0\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2017-08-05 17:17+0000\n" +"PO-Revision-Date: 2017-11-02 17:41+0100\n" "Last-Translator: Ineiev <ineiev@gnu.org>\n" "Language-Team: Russian <gnupg-ru@gnupg.org>\n" "Language: ru\n" @@ -111,7 +111,7 @@ msgid "Passphrase too long" msgstr "Слишком длинная фраза-пароль" msgid "Invalid characters in PIN" -msgstr "Недопустимый символ в PIN" +msgstr "Недопустимые символы в PIN" msgid "PIN too short" msgstr "Слишком короткий PIN" @@ -144,7 +144,7 @@ msgstr "обнаружена карта, серийный номер: %s\n" #, c-format msgid "no authentication key for ssh on card: %s\n" -msgstr "на карте нет основного аутентификационного ключа для ssh: %s\n" +msgstr "на карте нет ключа удостоверения личности для ssh: %s\n" #, c-format msgid "no suitable card key found: %s\n" @@ -263,9 +263,9 @@ msgstr "Да, защита не нужна" #, c-format msgid "A passphrase should be at least %u character long." msgid_plural "A passphrase should be at least %u characters long." -msgstr[0] "Фраза-пароль не должна быть короче %u символа" -msgstr[1] "Фраза-пароль не должна быть короче %u символов" -msgstr[2] "Фраза-пароль не должна быть короче %u символов" +msgstr[0] "Фраза-пароль не должна быть короче %u символа." +msgstr[1] "Фраза-пароль не должна быть короче %u символов." +msgstr[2] "Фраза-пароль не должна быть короче %u символов." #, c-format msgid "A passphrase should contain at least %u digit or%%0Aspecial character." @@ -378,7 +378,7 @@ msgid "enable ssh support" msgstr "включить поддержку ssh" msgid "|ALGO|use ALGO to show ssh fingerprints" -msgstr "|ALGO|использовать алгоритм ALGO для отображения отпечатков" +msgstr "|ALGO|использовать для отображения отпечатков алгоритм ALGO" msgid "enable putty support" msgstr "включить поддержку putty" @@ -390,7 +390,7 @@ msgid "Please report bugs to <@EMAIL@>.\n" msgstr "Об ошибках в программе сообщайте по адресу <@EMAIL@>.\n" msgid "Usage: @GPG_AGENT@ [options] (-h for help)" -msgstr "Вызов: @GPG_AGENT@ [параметры] (-h для подсказки)" +msgstr "Вызов: @GPG_AGENT@ [параметры] (-h - подсказка)" msgid "" "Syntax: @GPG_AGENT@ [options] [command [args]]\n" @@ -500,8 +500,7 @@ msgid "no gpg-agent running in this session\n" msgstr "в этом сеансе агент gpg не работает\n" msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n" -msgstr "" -"Вызов: gpg-preset-passphrase [параметры] КОД_КЛЮЧА (-h для подсказки)\n" +msgstr "Вызов: gpg-preset-passphrase [параметры] КОД_КЛЮЧА (-h - подсказка)\n" msgid "" "Syntax: gpg-preset-passphrase [options] KEYGRIP\n" @@ -527,7 +526,7 @@ msgstr "" " " msgid "Usage: gpg-protect-tool [options] (-h for help)\n" -msgstr "Вызов: gpg-protect-tool [параметры] (-h для подсказки)\n" +msgstr "Вызов: gpg-protect-tool [параметры] (-h - подсказка)\n" msgid "" "Syntax: gpg-protect-tool [options] [args]\n" @@ -678,7 +677,7 @@ msgstr "DSA требует длины хеша, кратной 8 битам\n" #, c-format msgid "%s key uses an unsafe (%u bit) hash\n" -msgstr "%s ключ использует небезопасный (%u бит) хеш\n" +msgstr "%s ключ использует небезопасный (%u-битный) хеш\n" #, c-format msgid "a %zu bit hash is not valid for a %u bit %s key\n" @@ -752,15 +751,15 @@ msgstr "не могу отключить создание файла образ #, c-format msgid "Warning: unsafe ownership on %s \"%s\"\n" -msgstr "Внимание: небезопасный владелец %s \"%s\"\n" +msgstr "Внимание: небезопасный владелец объекта %s \"%s\"\n" #, c-format msgid "Warning: unsafe permissions on %s \"%s\"\n" -msgstr "Внимание: небезопасные права доступа %s \"%s\"\n" +msgstr "Внимание: небезопасные права доступа объекта %s \"%s\"\n" #, c-format msgid "waiting for file '%s' to become accessible ...\n" -msgstr "ожидаю доступности файла '%s'\n" +msgstr "ожидаю доступа к файлу '%s'\n" #, c-format msgid "renaming '%s' to '%s' failed: %s\n" @@ -906,7 +905,7 @@ msgid "unsupported algorithm: %s" msgstr "алгоритм (не поддерживается): %s" msgid "seems to be not encrypted" -msgstr "кажется, не зашифровано" +msgstr "по-видимому, не зашифровано" msgid "Number of recipients" msgstr "Количество получателей" @@ -924,7 +923,7 @@ msgstr "хеш-функция данных: %s" #, c-format msgid "Signer %d" -msgstr "Подпись %d" +msgstr "Подпись ключом %d" #, c-format msgid "attr hash algorithm: %s" @@ -1077,11 +1076,11 @@ msgstr "ошибка записи в '%s': %s\n" #, c-format msgid "removing stale lockfile (created by %d)\n" -msgstr "удаляю залипшую блокировку (созданную %d)\n" +msgstr "удаляю залипшую блокировку (созданную процессом %d)\n" #, c-format msgid "waiting for lock (held by %d%s) %s...\n" -msgstr "жду снятия блокировки (заблокировано %d%s) %s...\n" +msgstr "жду снятия блокировки (заблокировано процессом %d%s) %s...\n" msgid "(deadlock?) " msgstr "(мертвая точка?) " @@ -1171,7 +1170,7 @@ msgstr "" "заканчиваться знаком '='\n" msgid "a user notation name must contain the '@' character\n" -msgstr "имя замечания должно содержать символ '@'\n" +msgstr "имя пользовательского замечания должно содержать символ '@'\n" msgid "a notation name must not contain more than one '@' character\n" msgstr "имя замечания не должно содержать более одного символа '@'\n" @@ -1180,7 +1179,7 @@ msgid "a notation value must not use any control characters\n" msgstr "в тексте замечания не должно быть управляющих символов\n" msgid "a notation name may not contain an '=' character\n" -msgstr "имя примечания не должно содержать символа '='\n" +msgstr "имя замечания не должно содержать символа '='\n" msgid "a notation name must have only printable characters or spaces\n" msgstr "имя замечания должно содержать только печатные символы или пробелы\n" @@ -1209,7 +1208,7 @@ msgstr "Внимание: %s\n" msgid "Note: Outdated servers may lack important security fixes.\n" msgstr "" -"Замечание: На старых серверах могут быть оставаться ошибки, критичные для " +"Замечание: На старых серверах могут оставаться ошибки, критичные для " "безопасности.\n" #, c-format @@ -1232,7 +1231,7 @@ msgid "can't do this in batch mode\n" msgstr "в пакетном режиме это действие невозможно\n" msgid "This command is only available for version 2 cards\n" -msgstr "Эта команда доступна только для карт версии 2.\n" +msgstr "Эта команда доступна только для карт версии 2\n" msgid "Reset Code not or not anymore available\n" msgstr "Код сброса (больше) не доступен\n" @@ -1253,10 +1252,10 @@ msgid "unspecified" msgstr "не указан" msgid "not forced" -msgstr "не принудительный" +msgstr "не требуется" msgid "forced" -msgstr "принудительный" +msgstr "требуется" msgid "Error: Only plain ASCII is currently allowed.\n" msgstr "Ошибка: Допустим только простой текст ASCII.\n" @@ -1348,7 +1347,12 @@ msgstr "Какой Вам нужен размер ключа для шифров #, c-format msgid "What keysize do you want for the Authentication key? (%u) " -msgstr "Какой Вам нужен размер ключа для аутентификации? (%u) " +msgstr "Какой Вам нужен размер ключа для удостоверения личности? (%u) " + +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "Теперь карта будет перенастроена на генерацию ключа длиной %u бит\n" #, c-format msgid "rounded up to %u bits\n" @@ -1395,7 +1399,7 @@ msgid " (2) Encryption key\n" msgstr " (2) Ключ шифрования\n" msgid " (3) Authentication key\n" -msgstr " (3) Ключ аутентификации\n" +msgstr " (3) Ключ удостоверения личности\n" msgid "Invalid selection.\n" msgstr "Неправильный выбор.\n" @@ -1408,7 +1412,7 @@ msgid "KEYTOCARD failed: %s\n" msgstr "сбой записи ключа на карту: %s\n" msgid "This command is not supported by this card\n" -msgstr "Данная команда этой картой не поддерживается.\n" +msgstr "Данная команда этой картой не поддерживается\n" msgid "Note: This command destroys all keys stored on the card!\n" msgstr "Замечание: эта команда сотрет с карты все ключи!\n" @@ -1712,8 +1716,7 @@ msgstr "(проверьте аргумент параметра '%s')\n" #, c-format msgid "Warning: '%s' should be a long key ID or a fingerprint\n" msgstr "" -"Внимание: '%s' должно быть должно быть длинным идентификатором или " -"отпечатком ключа\n" +"Внимание: '%s' должно быть длинным идентификатором или отпечатком ключа\n" #, c-format msgid "error looking up: %s\n" @@ -1939,7 +1942,7 @@ msgstr "" " --fingerprint [имена] показать отпечатки\n" msgid "Usage: @GPG@ [options] [files] (-h for help)" -msgstr "Вызов: @GPG@ [параметры] [файлы] (-h для подсказки)" +msgstr "Вызов: @GPG@ [параметры] [файлы] (-h - подсказка)" msgid "" "Syntax: @GPG@ [options] [files]\n" @@ -2045,43 +2048,43 @@ msgid "unknown configuration item '%s'\n" msgstr "неизвестный элемент в файле настроек '%s'\n" msgid "display photo IDs during key listings" -msgstr "показать в списке ключей фотоидентификаторы" +msgstr "показывать в списке ключей фотоидентификаторы" msgid "show key usage information during key listings" -msgstr "показать в списке ключей сведения о назначении ключа" +msgstr "показывать в списке ключей сведения о назначении ключа" msgid "show policy URLs during signature listings" -msgstr "показать в списке подписей URL правил" +msgstr "показывать в списке подписей URL правил" msgid "show all notations during signature listings" -msgstr "показать в списке подписей все замечания" +msgstr "показывать в списке подписей все замечания" msgid "show IETF standard notations during signature listings" -msgstr "показать в списке подписей замечания стандарта IETF" +msgstr "показывать в списке подписей замечания стандарта IETF" msgid "show user-supplied notations during signature listings" -msgstr "показать в списке подписей пользовательские замечания" +msgstr "показывать в списке подписей пользовательские замечания" msgid "show preferred keyserver URLs during signature listings" -msgstr "показать в списке подписей URL предпочтительных серверов ключей" +msgstr "показывать в списке подписей URL предпочтительных серверов ключей" msgid "show user ID validity during key listings" msgstr "" -"показать в списке ключей действительность идентификаторов пользователей" +"показывать в списке ключей действительность идентификаторов пользователей" msgid "show revoked and expired user IDs in key listings" msgstr "" -"показать в списке ключей отозванные и просроченные идентификаторы " +"показывать в списке ключей отозванные и просроченные идентификаторы " "пользователей" msgid "show revoked and expired subkeys in key listings" -msgstr "показать в списке ключей отозванные и просроченные подключи" +msgstr "показывать в списке ключей отозванные и просроченные подключи" msgid "show the keyring name in key listings" -msgstr "показать в списке ключей название таблицы ключей" +msgstr "показывать в списке ключей название таблицы ключей" msgid "show expiration dates during signature listings" -msgstr "показать в списке подписей сроки действия" +msgstr "показывать в списке подписей сроки действия" #, c-format msgid "unknown TOFU policy '%s'\n" @@ -2224,7 +2227,7 @@ msgstr "Внимание: работаем с фальшивым системн #, c-format msgid "will not run with insecure memory due to %s\n" -msgstr "не будет работать с небезопасной памятью из-за %s\n" +msgstr "отказываюсь работать с небезопасной памятью из-за %s\n" msgid "selected cipher algorithm is invalid\n" msgstr "выбран недопустимый алгоритм шифрования\n" @@ -2380,7 +2383,7 @@ msgid "|ALGO|reject signatures made with ALGO" msgstr "|ALGO|отвергать подписи, сделанные по данному алгоритму" msgid "Usage: gpgv [options] [files] (-h for help)" -msgstr "Вызов: gpgv [параметры] [файлы] (-h для подсказки)" +msgstr "Вызов: gpgv [параметры] [файлы] (-h - подсказка)" msgid "" "Syntax: gpgv [options] [files]\n" @@ -2394,7 +2397,7 @@ msgstr "Справки нет" #, c-format msgid "No help available for '%s'" -msgstr "Нет справки для '%s'" +msgstr "Нет справки по ключевому слову '%s'" msgid "import signatures that are marked as local-only" msgstr "импортировать подписи, обозначенные как 'только локальные'" @@ -2403,7 +2406,7 @@ msgid "repair damage from the pks keyserver during import" msgstr "устранить при импорте повреждения от сервера ключей pks" msgid "do not clear the ownertrust values during import" -msgstr "не сбрасывать уровни доверия владельцам после импорта" +msgstr "не сбрасывать уровни доверия владельцам при импорте" msgid "do not update the trustdb after import" msgstr "не обновлять таблицу доверия после импорта" @@ -2585,14 +2588,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "ключ %s: не совпадает с нашей копией\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "ключ %s: оригинальный блок ключей не найден: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "ключ %s: оригинальный блок ключей не читается: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "ключ %s: \"%s\" 1 новый идентификатор пользователя\n" @@ -2678,6 +2673,14 @@ msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "ключ %s: нет открытого ключа - не могу применить сертификат отзыва\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "ключ %s: оригинальный блок ключей не найден: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "ключ %s: оригинальный блок ключей не читается: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "ключ %s: недействительный сертификат отзыва: %s - отвергнут\n" @@ -2718,7 +2721,7 @@ msgstr "ключ %s: недопустимая связь подключей\n" #, c-format msgid "key %s: removed multiple subkey binding\n" -msgstr "ключ %s: удалено многократное связывание подключей\n" +msgstr "ключ %s: удалена многократная связь подключей\n" #, c-format msgid "key %s: no subkey for key revocation\n" @@ -3135,6 +3138,9 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Секретный ключ доступен.\n" +msgid "Secret subkeys are available.\n" +msgstr "Секретные подключи доступны.\n" + msgid "Need the secret key to do this.\n" msgstr "Для данного действия нужен секретный ключ.\n" @@ -3237,7 +3243,7 @@ msgstr "" "пользователем\n" msgid "Set preference list to:\n" -msgstr "Установить предпочтения в:\n" +msgstr "Установить предпочтения, равные:\n" msgid "Really update the preferences for the selected user IDs? (y/N) " msgstr "" @@ -3348,7 +3354,7 @@ msgid "expires: %s" msgstr " годен до: %s" # perhaps this should be somewhere in help/man -# (S - подпись, C - сертификация, E - шифрование, A - аутентификация) +# (S - подпись, C - сертификация, E - шифрование, A - удостоверение личности) # too long for repeating messages. #, c-format msgid "usage: %s" @@ -3436,7 +3442,7 @@ msgid "Nothing deleted.\n" msgstr "Ничего не удалено.\n" msgid "invalid" -msgstr "недопустимый" +msgstr "недопустим" #, c-format msgid "User ID \"%s\" compacted: %s\n" @@ -3620,24 +3626,26 @@ msgstr "Подключ %s уже отозван.\n" #, c-format msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n" -msgstr "Показ фотоидентификатора %s размера %ld для ключа %s (uid %d)\n" +msgstr "" +"Показ фотоидентификатора %s размера %ld для ключа %s (идентификатор " +"пользователя %d)\n" #, c-format msgid "invalid value for option '%s'\n" -msgstr "недопустимое значения для параметра \"%s\"\n" +msgstr "недопустимое значения параметра \"%s\"\n" #, c-format msgid "preference '%s' duplicated\n" msgstr "предпочтение '%s' дублируется\n" msgid "too many cipher preferences\n" -msgstr "слишком много шифровых предпочтений\n" +msgstr "слишком много предпочтений шифров\n" msgid "too many digest preferences\n" -msgstr "слишком много предпочтений для хеш-функций\n" +msgstr "слишком много предпочтений хеш-функций\n" msgid "too many compression preferences\n" -msgstr "слишком много предпочтений для методов сжатия\n" +msgstr "слишком много предпочтений методов сжатия\n" #, c-format msgid "invalid item '%s' in preference string\n" @@ -3650,7 +3658,7 @@ msgid "writing self signature\n" msgstr "запись самоподписи\n" msgid "writing key binding signature\n" -msgstr "запись объединяющей подписи\n" +msgstr "запись связующей подписи\n" #, c-format msgid "keysize invalid; using %u bits\n" @@ -3676,7 +3684,7 @@ msgid "Encrypt" msgstr "Зашифровать" msgid "Authenticate" -msgstr "Аутентифицировать" +msgstr "Удостоверить личность" #. TRANSLATORS: Please use only plain ASCII characters for the #. translation. If this is not possible use single digits. The @@ -3700,15 +3708,15 @@ msgstr "Допустимы действия: " #, c-format msgid " (%c) Toggle the sign capability\n" -msgstr " (%c) Переключить возможность использования для подписи\n" +msgstr " (%c) Переключить возможность подписи\n" #, c-format msgid " (%c) Toggle the encrypt capability\n" -msgstr " (%c) Переключить возможность использования для шифрования\n" +msgstr " (%c) Переключить возможность шифрования\n" #, c-format msgid " (%c) Toggle the authenticate capability\n" -msgstr " (%c) Переключить возможность использования для аутентификации\n" +msgstr " (%c) Переключить возможность удостоверения личности\n" #, c-format msgid " (%c) Finished\n" @@ -3743,11 +3751,11 @@ msgstr " (%d) RSA (только для шифрования)\n" #, c-format msgid " (%d) DSA (set your own capabilities)\n" -msgstr " (%d) DSA (с требуемыми возможностями)\n" +msgstr " (%d) DSA (задать возможности)\n" #, c-format msgid " (%d) RSA (set your own capabilities)\n" -msgstr " (%d) RSA (с требуемыми возможностями)\n" +msgstr " (%d) RSA (задать возможности)\n" #, c-format msgid " (%d) ECC and ECC\n" @@ -3759,7 +3767,7 @@ msgstr " (%d) ECC (только для подписи)\n" #, c-format msgid " (%d) ECC (set your own capabilities)\n" -msgstr " (%d) ECC (с требуемыми возможностями)\n" +msgstr " (%d) ECC (задать возможности)\n" #, c-format msgid " (%d) ECC (encrypt only)\n" @@ -3784,7 +3792,7 @@ msgstr "округлен до %u бит\n" #, c-format msgid "%s keys may be between %u and %u bits long.\n" -msgstr "длина ключей %s может быть от %u до %u бит.\n" +msgstr "длина ключей %s может быть от %u до %u.\n" #, c-format msgid "What keysize do you want for the subkey? (%u) " @@ -3923,7 +3931,7 @@ msgstr "Недопустимый символ в примечании\n" #, c-format msgid "You are using the '%s' character set.\n" -msgstr "Используется таблица символов: '%s'.\n" +msgstr "Используется таблица символов '%s'.\n" #, c-format msgid "" @@ -3954,16 +3962,16 @@ msgid "NnCcEeOoQq" msgstr "NnCcEeOoQq" msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? " -msgstr "Сменить (N)Имя, (C)Примечание, (E)Адрес или (Q)Выход? " +msgstr "Сменить (N)Имя, (C)Примечание, (E)Адрес; (Q)Выход? " msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? " -msgstr "Сменить (N)Имя, (C)Примечание, (E)Адрес или (O)Принять/(Q)Выход? " +msgstr "Сменить (N)Имя, (C)Примечание, (E)Адрес; (O)Принять/(Q)Выход? " msgid "Change (N)ame, (E)mail, or (Q)uit? " -msgstr "Сменить (N)Имя, (E)Адрес или (Q)Выход? " +msgstr "Сменить (N)Имя, (E)Адрес; (Q)Выход? " msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? " -msgstr "Сменить (N)Имя, (E)Адрес или (O)Принять/(Q)Выход? " +msgstr "Сменить (N)Имя, (E)Адрес; (O)Принять/(Q)Выход? " msgid "Please correct the error first\n" msgstr "Сначала исправьте ошибку\n" @@ -3990,7 +3998,7 @@ msgid "" " \"%s\"\n" "\n" msgstr "" -"Создается ключ для:\n" +"Создается ключ пользователя\n" " \"%s\"\n" "\n" @@ -3999,7 +4007,7 @@ msgstr "Продолжить? (Y/n) " #, c-format msgid "A key for \"%s\" already exists\n" -msgstr "Ключ для \"%s\" уже существует\n" +msgstr "Ключ пользователя \"%s\" уже существует\n" msgid "Create anyway? (y/N) " msgstr "Все равно создать новый? (y/N) " @@ -4042,7 +4050,7 @@ msgid "" "Note that this key cannot be used for encryption. You may want to use\n" "the command \"--edit-key\" to generate a subkey for this purpose.\n" msgstr "" -"Учтите, что данный ключ не может использоваться для шифрования. Вы можете\n" +"Учтите, что данный ключ не может использоваться для шифрования. Можно\n" "воспользоваться командой \"--edit-key\" и создать подключ для этих целей.\n" #, c-format @@ -4183,7 +4191,7 @@ msgid "include revoked keys in search results" msgstr "включить в результаты поиска отозванные ключи" msgid "include subkeys when searching by key ID" -msgstr "искать по идентификатору ключа, включая подключи" +msgstr "добавить подключи в поиск по идентификатору ключа" msgid "override timeout options set for dirmngr" msgstr "переназначить настройки времени ожидания для dirmngr" @@ -4201,7 +4209,7 @@ msgid "disabled" msgstr "отключен" msgid "Enter number(s), N)ext, or Q)uit > " -msgstr "Введите числа, N) Следующее или Q) Выход> " +msgstr "Введите числа, N) Следующее; Q) Выход > " #, c-format msgid "invalid keyserver protocol (us %d!=handler %d)\n" @@ -4224,7 +4232,7 @@ msgstr "Внимание: невозможно обновить ключ %s с % #, c-format msgid "key \"%s\" not found on keyserver\n" -msgstr "ключ \"%s\" не найден на сервере ключей\n" +msgstr "ключ \"%s\" на сервере ключей не найден\n" msgid "key not found on keyserver\n" msgstr "ключ не найден на сервере ключей\n" @@ -4241,7 +4249,7 @@ msgid "requesting key %s from %s\n" msgstr "получение ключа %s с %s\n" msgid "no keyserver known\n" -msgstr "ни один сервер ключей не известен\n" +msgstr "не известно ни одного сервера ключей\n" #, c-format msgid "skipped \"%s\": %s\n" @@ -4619,7 +4627,7 @@ msgid "" "Keeping the image close to 240x288 is a good size to use.\n" msgstr "" "\n" -"Выберите изображение для Вашего фотоидентификатора. Это должен быть файл " +"Выберите изображение для своего фотоидентификатора. Это должен быть файл " "JPEG.\n" "Помните, что изображение будет храниться в Вашем открытом ключе и увеличит\n" "его размер! Рекомендуется размер около 240x288.\n" @@ -5004,7 +5012,7 @@ msgid "" "of the gpg command \"--generate-revocation\" in the GnuPG manual." msgstr "" "Пользуйтесь им для отзыва этого ключа в случае раскрытия или потери\n" -"секретного ключа. Однако, если секретный ключ доступен, лучше создать\n" +"секретного ключа. Однако если секретный ключ доступен, лучше создать\n" "новый сертификат с указанием причины отзыва. Подробности см. в описании\n" "команды gpg \"--generate-revocation\" в руководстве по GnuPG." @@ -5276,11 +5284,11 @@ msgstr "таблица доверия: сбой синхронизации: %s\n #, c-format msgid "can't create lock for '%s'\n" -msgstr "невозможно создать блокировку для '%s'\n" +msgstr "не удается создать блокировку для '%s'\n" #, c-format msgid "can't lock '%s'\n" -msgstr "невозможно заблокировать '%s'\n" +msgstr "не удается заблокировать '%s'\n" #, c-format msgid "trustdb rec %lu: lseek failed: %s\n" @@ -5926,7 +5934,7 @@ msgid "enable full debugging" msgstr "полностью включить отладку" msgid "Usage: kbxutil [options] [files] (-h for help)" -msgstr "Вызов: kbxutil [параметры] [файлы] (-h для подсказки)" +msgstr "Вызов: kbxutil [параметры] [файлы] (-h - подсказка)" msgid "" "Syntax: kbxutil [options] [files]\n" @@ -6124,7 +6132,7 @@ msgstr "пропущена метка времени создания\n" #, c-format msgid "RSA prime %s missing or not of size %d bits\n" -msgstr "Простое число RSA %s пропущено или его размер не равен %d бит\n" +msgstr "Простое число RSA %s пропущено или его размер не равен %d\n" #, c-format msgid "failed to store the key: %s\n" @@ -6212,7 +6220,7 @@ msgid "use variable length input for pinpad" msgstr "использовать входные данные переменой длины для клавиатуры считывателя" msgid "Usage: @SCDAEMON@ [options] (-h for help)" -msgstr "Вызов: @SCDAEMON@ [параметры] (-h для подсказки)" +msgstr "Вызов: @SCDAEMON@ [параметры] (-h - подсказка)" msgid "" "Syntax: scdaemon [options] [command [args]]\n" @@ -6282,7 +6290,7 @@ msgstr "число соответствующих сертификатов: %d\n #, c-format msgid "dirmngr cache-only key lookup failed: %s\n" -msgstr "ключ не найден в буфере dirmngr: %s\n" +msgstr "ключ в буфере dirmngr не найден: %s\n" msgid "failed to allocate keyDB handle\n" msgstr "сбой при выделении памяти под указатель на базу данных\n" @@ -6769,7 +6777,7 @@ msgid "|NAME|use message digest algorithm NAME" msgstr "|NAME|использовать хеш-функцию NAME" msgid "Usage: @GPGSM@ [options] [files] (-h for help)" -msgstr "Вызов: @GPGSM@ [параметры] [файлы] (-h для подсказки)" +msgstr "Вызов: @GPGSM@ [параметры] [файлы] (-h - подсказка)" msgid "" "Syntax: @GPGSM@ [options] [files]\n" @@ -6777,8 +6785,7 @@ msgid "" "Default operation depends on the input data\n" msgstr "" "Синтаксис: @GPGSM@ [параметры] [файлы]\n" -"Подписать, проверить, зашифровать или расшифровать, используя протокол S/" -"MIME\n" +"Подписать, проверить, зашифровать или расшифровать по протоколу S/MIME\n" "Операция по умолчанию зависит от входных данных\n" #, c-format @@ -6911,11 +6918,12 @@ msgstr "" #, c-format msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n" -msgstr "хеш-функция %d (%s) для %d не поддерживается; использую %s\n" +msgstr "" +"хеш-функция %d (%s) для пользователя %d не поддерживается; использую %s\n" #, c-format msgid "hash algorithm used for signer %d: %s (%s)\n" -msgstr "хеш-функция для подписи %d: %s (%s)\n" +msgstr "хеш-функция для пользователя %d: %s (%s)\n" #, c-format msgid "checking for qualified certificate failed: %s\n" @@ -7020,7 +7028,7 @@ msgstr "ошибка помещения сертификата в буфер: %s #, c-format msgid "invalid SHA1 fingerprint string '%s'\n" -msgstr "неверный отпечаток SHA1 '%s'\n" +msgstr "неверная строка отпечатока SHA1 '%s'\n" #, c-format msgid "error fetching certificate by S/N: %s\n" @@ -7509,8 +7517,8 @@ msgstr "принудительно использовать основной о msgid "Usage: dirmngr-client [options] [certfile|pattern] (-h for help)\n" msgstr "" -"Вызов: dirmngr-client [параметры] [файл_сертификата|шаблон] (-h для " -"подсказки)\n" +"Вызов: dirmngr-client [параметры] [файл_сертификата|шаблон] (-h - " +"подсказка)\n" msgid "" "Syntax: dirmngr-client [options] [certfile|pattern]\n" @@ -7519,9 +7527,9 @@ msgid "" "not valid and other error codes for general failures\n" msgstr "" "Синтаксис: dirmngr-client [параметры] [файл_сертификата|шаблон]\n" -"Проверка сертификата X.509 по списку отозванных сертификатов или по OCSP\n" +"Проверка сертификата X.509 по списку отозванных сертификатов или по OCSP.\n" "Процесс возвращает 0, если сертификат достоверен, 1, если недостоверен,\n" -"и другие коды ошибок при общих отказах\n" +"и другие коды ошибок при общих отказах.\n" #, c-format msgid "error reading certificate from stdin: %s\n" @@ -7675,7 +7683,7 @@ msgstr "" "(Полный список команд и параметров см. в руководстве \"info\")\n" msgid "Usage: @DIRMNGR@ [options] (-h for help)" -msgstr "Вызов: @DIRMNGR@ [параметры] (-h для подсказки)" +msgstr "Вызов: @DIRMNGR@ [параметры] (-h - подсказка)" msgid "" "Syntax: @DIRMNGR@ [options] [command [args]]\n" @@ -7755,10 +7763,10 @@ msgid "|N|connect to port N" msgstr "|N|подключиться к порту N" msgid "|NAME|use user NAME for authentication" -msgstr "|NAME|использовать для аутентификации пользователя NAME" +msgstr "|NAME|использовать имя пользователя NAME для удостоверения личности" msgid "|PASS|use password PASS for authentication" -msgstr "|PASS|использовать для аутентификации пароль PASS" +msgstr "|PASS|использовать для удостоверения личности пароль PASS" msgid "take password from $DIRMNGR_LDAP_PASS" msgstr "взять пароль из $DIRMNGR_LDAP_PASS" @@ -7773,7 +7781,7 @@ msgid "|STRING|return the attribute STRING" msgstr "|STRING|вернуть атрибут STRING" msgid "Usage: dirmngr_ldap [options] [URL] (-h for help)\n" -msgstr "Вызов: dirmngr_ldap [параметры] [URL] (-h для подсказки)\n" +msgstr "Вызов: dirmngr_ldap [параметры] [URL] (-h - подсказка)\n" msgid "" "Syntax: dirmngr_ldap [options] [URL]\n" @@ -8188,7 +8196,7 @@ msgid "run /subst on startup" msgstr "выполнить при запуске подстановку subst" msgid "Usage: @GPG@-connect-agent [options] (-h for help)" -msgstr "Вызов: @GPG@-connect-agent [параметры] (-h для подсказки)" +msgstr "Вызов: @GPG@-connect-agent [параметры] (-h - подсказка)" msgid "" "Syntax: @GPG@-connect-agent [options]\n" @@ -8413,7 +8421,7 @@ msgid "activate changes at runtime, if possible" msgstr "задействовать изменения во время исполнения, если возможно" msgid "Usage: @GPGCONF@ [options] (-h for help)" -msgstr "Вызов: @GPGCONF@ [параметры] (-h для подсказки)" +msgstr "Вызов: @GPGCONF@ [параметры] (-h - подсказка)" msgid "" "Syntax: @GPGCONF@ [options]\n" @@ -8459,7 +8467,7 @@ msgid "input file name (default stdin)" msgstr "имя входного файла (по умолчанию stdin)" msgid "Usage: symcryptrun [options] (-h for help)" -msgstr "Вызов: symcryptrun [параметры] (-h для подсказки)" +msgstr "Вызов: symcryptrun [параметры] (-h - подсказка)" msgid "" "Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE " @@ -8566,8 +8574,7 @@ msgid "class %s is not supported\n" msgstr "класс %s не поддерживается\n" msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n" -msgstr "" -"Вызов: gpg-check-pattern [параметры] файл_образцов (-h для подсказки)\n" +msgstr "Вызов: gpg-check-pattern [параметры] файл_образцов (-h - подсказка)\n" msgid "" "Syntax: gpg-check-pattern [options] patternfile\n" @@ -1442,6 +1442,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Akú veľkosť kľúča si prajete? (1024) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "zaokrúhlené na %u bitov\n" @@ -2773,14 +2777,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "kľúč %08lX: nezodpovedá našej kópii\n" #, fuzzy, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "kľúč %08lX: nemôžem nájsť originálny blok kľúča: %s\n" - -#, fuzzy, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "kľúč %08lX: nemôžem čítať originálny blok kľúča: %s\n" - -#, fuzzy, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "kľúč %08lX: \"%s\" 1 nový identifikátor užívateľa\n" @@ -2869,6 +2865,14 @@ msgstr "" "kľúč %08lX: chýba verejný kľúč - nemôžem aplikovať revokačný certifikát\n" #, fuzzy, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "kľúč %08lX: nemôžem nájsť originálny blok kľúča: %s\n" + +#, fuzzy, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "kľúč %08lX: nemôžem čítať originálny blok kľúča: %s\n" + +#, fuzzy, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "kľúč %08lX: neplatný revokačný certifikát: %s - zamietnuté\n" @@ -3369,6 +3373,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Tajný kľúč je dostupný.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Tajný kľúč je dostupný.\n" + msgid "Need the secret key to do this.\n" msgstr "Na vykonanie tejto operácie je potrebný tajný kľúč.\n" @@ -24,7 +24,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg trunk\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2011-01-12 14:53+0100\n" +"PO-Revision-Date: 2017-11-02 17:41+0100\n" "Last-Translator: Daniel Nylander <po@danielnylander.se>\n" "Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n" "Language: sv\n" @@ -1479,11 +1479,6 @@ msgstr "fel vid hämtning av aktuell nyckelinformation: %s\n" msgid "Replace existing key? (y/N) " msgstr "Ersätt existerande nyckel? (j/N) " -#, fuzzy -#| msgid "" -#| "NOTE: There is no guarantee that the card supports the requested size.\n" -#| " If the key generation does not succeed, please check the\n" -#| " documentation of your card to see what sizes are allowed.\n" msgid "" "Note: There is no guarantee that the card supports the requested size.\n" " If the key generation does not succeed, please check the\n" @@ -1506,6 +1501,13 @@ msgstr "Vilken nyckelstorlek vill du använda för krypteringsnyckeln? (%u) " msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Vilken nyckelstorlek vill du använda för autentiseringsnyckeln? (%u) " +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" +"Kortet kommer nu att konfigureras om för att generera en nyckel med %u " +"bitar\n" + #, c-format msgid "rounded up to %u bits\n" msgstr "avrundade uppåt till %u bitar\n" @@ -2875,14 +2877,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "nyckel %s: stämmer inte mot vår lokala kopia\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "nyckel %s: kan inte hitta det ursprungliga nyckelblocket: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "nyckel %s: kan inte läsa det ursprungliga nyckelblocket %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "nyckel %s: \"%s\" 1 ny användaridentitet\n" @@ -2971,6 +2965,14 @@ msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "nyckel %s: ingen publik nyckel - kan inte verkställa spärrcertifikat\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "nyckel %s: kan inte hitta det ursprungliga nyckelblocket: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "nyckel %s: kan inte läsa det ursprungliga nyckelblocket %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "nyckel %s: ogiltigt spärrcertifikat: %s - avvisat\n" @@ -3441,6 +3443,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Den hemliga nyckeln finns tillgänglig.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Den hemliga nyckeln finns tillgänglig.\n" + msgid "Need the secret key to do this.\n" msgstr "Den hemliga nyckeln behövs för att göra detta.\n" @@ -1461,6 +1461,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "İstediğiniz anahtar uzunluğu nedir? (%u) " #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "%u bite yuvarlandı\n" @@ -2802,14 +2806,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "anahtar %s: bizim kopyamızla eşleşmiyor\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "anahtar %s: özgün anahtar bloku bulunamadı: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "anahtar %s: özgün anahtar bloku okunamadı: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "anahtar %s: \"%s\" 1 yeni kullanıcı kimliği\n" @@ -2900,6 +2896,14 @@ msgstr "" "uygulanamaz\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "anahtar %s: özgün anahtar bloku bulunamadı: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "anahtar %s: özgün anahtar bloku okunamadı: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "" "anahtar %s: yürürlükten kaldırma sertifikası geçersiz: %s - reddedildi\n" @@ -3377,6 +3381,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Gizli anahtar mevcut.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Gizli anahtar mevcut.\n" + msgid "Need the secret key to do this.\n" msgstr "Bunu yapmak için gizli anahtar gerekli.\n" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: GNU gnupg 2.1.0\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2017-01-27 14:10+0200\n" +"PO-Revision-Date: 2017-11-02 17:41+0100\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <kde-i18n-uk@kde.org>\n" "Language: uk\n" @@ -1356,6 +1356,12 @@ msgstr "Яким має бути розмір ключа для шифруван msgid "What keysize do you want for the Authentication key? (%u) " msgstr "Якому розміру ключа для розпізнавання ви надаєте перевагу? (%u) " +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" +"Зараз налаштування картки буде змінено для створення %u-бітового ключа\n" + #, c-format msgid "rounded up to %u bits\n" msgstr "округлено до %u бітів\n" @@ -2626,14 +2632,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "ключ %s: не відповідає нашій копії\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "ключ %s: не вдалося знайти початковий блок ключів: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "ключ %s: не вдалося прочитати початковий блок ключів: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "ключ %s: «%s» 1 новий ідентифікатор користувача\n" @@ -2723,6 +2721,14 @@ msgstr "" "відкликання\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "ключ %s: не вдалося знайти початковий блок ключів: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "ключ %s: не вдалося прочитати початковий блок ключів: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "ключ %s: некоректний сертифікат відкликання: %s — відкинуто\n" @@ -3182,6 +3188,11 @@ msgstr "" msgid "Secret key is available.\n" msgstr "Доступний закритий ключ.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "Доступний закритий ключ.\n" + msgid "Need the secret key to do this.\n" msgstr "Для цього потрібен закритий ключ.\n" diff --git a/po/zh_CN.po b/po/zh_CN.po index 0cf93cb..4b3954c 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -1427,6 +1427,10 @@ msgid "What keysize do you want for the Authentication key? (%u) " msgstr "您想要用多大的密钥尺寸?(%u)" #, c-format +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "" + +#, c-format msgid "rounded up to %u bits\n" msgstr "舍入到 %u 位\n" @@ -2739,14 +2743,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "密钥 %s:与我们的副本不吻合\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "密钥 %s:无法定位原始的密钥区块:%s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "密钥 %s:无法读取原始的密钥区块: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "密钥 %s:“%s”一个新的用户标识\n" @@ -2834,6 +2830,14 @@ msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "密钥 %s:没有公钥――无法应用吊销证书\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "密钥 %s:无法定位原始的密钥区块:%s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "密钥 %s:无法读取原始的密钥区块: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "密钥 %s:无效的吊销证书:%s――已拒绝\n" @@ -3280,6 +3284,11 @@ msgstr "压缩不可用的用户标识并删除所有签名" msgid "Secret key is available.\n" msgstr "私钥可用。\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "私钥可用。\n" + msgid "Need the secret key to do this.\n" msgstr "要有私钥才能这么做。\n" diff --git a/po/zh_TW.po b/po/zh_TW.po index a3f29b6..f997fa1 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: GNU gnupg 2.1.0\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"PO-Revision-Date: 2014-11-22 20:56+0800\n" +"PO-Revision-Date: 2017-11-02 17:42+0100\n" "Last-Translator: Jedi Lin <Jedi@Jedi.org>\n" "Language-Team: Chinese (traditional) <zh-l10n@linux.org.tw>\n" "Language: zh_TW\n" @@ -1355,6 +1355,11 @@ msgstr "你的加密金鑰想要用多大的金鑰尺寸? (%u) " msgid "What keysize do you want for the Authentication key? (%u) " msgstr "你的認證金鑰想要用多大的金鑰尺寸? (%u) " +#, fuzzy, c-format +#| msgid "The card will now be re-configured to generate a key of %u bits\n" +msgid "The card will now be re-configured to generate a key of type: %s\n" +msgstr "這張卡片將重新加以組態, 以便產生 %u 位元的金鑰\n" + #, c-format msgid "rounded up to %u bits\n" msgstr "加大到 %u 位元\n" @@ -2600,14 +2605,6 @@ msgid "key %s: doesn't match our copy\n" msgstr "金鑰 %s: 跟我們的副本不吻合\n" #, c-format -msgid "key %s: can't locate original keyblock: %s\n" -msgstr "金鑰 %s: 無法定址原始的金鑰區塊: %s\n" - -#, c-format -msgid "key %s: can't read original keyblock: %s\n" -msgstr "金鑰 %s: 無法讀取原始的金鑰區塊: %s\n" - -#, c-format msgid "key %s: \"%s\" 1 new user ID\n" msgstr "金鑰 %s: \"%s\" 1 個新的使用者 ID\n" @@ -2693,6 +2690,14 @@ msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "金鑰 %s: 沒有公鑰 - 無法套用撤銷憑證\n" #, c-format +msgid "key %s: can't locate original keyblock: %s\n" +msgstr "金鑰 %s: 無法定址原始的金鑰區塊: %s\n" + +#, c-format +msgid "key %s: can't read original keyblock: %s\n" +msgstr "金鑰 %s: 無法讀取原始的金鑰區塊: %s\n" + +#, c-format msgid "key %s: invalid revocation certificate: %s - rejected\n" msgstr "金鑰 %s: 無效的撤銷憑證: %s - 已駁回\n" @@ -3139,6 +3144,11 @@ msgstr "從金鑰中精簡無法使用的使用者 ID 並移除所有的簽章" msgid "Secret key is available.\n" msgstr "私鑰可用.\n" +#, fuzzy +#| msgid "Secret key is available.\n" +msgid "Secret subkeys are available.\n" +msgstr "私鑰可用.\n" + msgid "Need the secret key to do this.\n" msgstr "要有私鑰纔能這麼做.\n" diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 9301940..e943118 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -415,7 +415,7 @@ inq_certificate (void *opaque, const char *line) ksba_cert_t cert; - err = gpgsm_find_cert (parm->ctrl, line, ski, &cert); + err = gpgsm_find_cert (parm->ctrl, line, ski, &cert, 1); if (err) { log_error ("certificate not found: %s\n", gpg_strerror (err)); @@ -936,7 +936,7 @@ run_command_inq_cb (void *opaque, const char *line) if (!*line) return gpg_error (GPG_ERR_ASS_PARAMETER); - err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert); + err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert, 1); if (err) { log_error ("certificate not found: %s\n", gpg_strerror (err)); diff --git a/sm/certlist.c b/sm/certlist.c index 39ab03c..c9e275e 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -489,7 +489,8 @@ gpgsm_release_certlist (certlist_t list) subjectKeyIdentifier. */ int gpgsm_find_cert (ctrl_t ctrl, - const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert) + const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert, + int allow_ambiguous) { int rc; KEYDB_SEARCH_DESC desc; @@ -537,6 +538,16 @@ gpgsm_find_cert (ctrl_t ctrl, won't lead to ambiguous names. */ if (!rc && !keyid) { + ksba_isotime_t notbefore = ""; + const unsigned char *image = NULL; + size_t length = 0; + if (allow_ambiguous) + { + /* We want to return the newest certificate */ + if (ksba_cert_get_validity (*r_cert, 0, notbefore)) + *notbefore = '\0'; + image = ksba_cert_get_image (*r_cert, &length); + } next_ambiguous: rc = keydb_search (ctrl, kh, &desc, 1); if (rc == -1) @@ -546,6 +557,10 @@ gpgsm_find_cert (ctrl_t ctrl, if (!rc) { ksba_cert_t cert2 = NULL; + ksba_isotime_t notbefore2 = ""; + const unsigned char *image2 = NULL; + size_t length2 = 0; + int cmp = 0; if (!keydb_get_cert (kh, &cert2)) { @@ -554,6 +569,29 @@ gpgsm_find_cert (ctrl_t ctrl, ksba_cert_release (cert2); goto next_ambiguous; } + if (allow_ambiguous) + { + if (ksba_cert_get_validity (cert2, 0, notbefore2)) + *notbefore2 = '\0'; + image2 = ksba_cert_get_image (cert2, &length2); + cmp = strcmp (notbefore, notbefore2); + /* use certificate image bits as last resort for stable ordering */ + if (!cmp) + cmp = memcmp (image, image2, length < length2 ? length : length2); + if (!cmp) + cmp = length < length2 ? -1 : length > length2 ? 1 : 0; + if (cmp < 0) + { + ksba_cert_release (*r_cert); + *r_cert = cert2; + strcpy (notbefore, notbefore2); + image = image2; + length = length2; + } + else + ksba_cert_release (cert2); + goto next_ambiguous; + } ksba_cert_release (cert2); } rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME); @@ -2052,7 +2052,7 @@ main ( int argc, char **argv) ksba_cert_t cert = NULL; char *grip = NULL; - rc = gpgsm_find_cert (&ctrl, *argv, NULL, &cert); + rc = gpgsm_find_cert (&ctrl, *argv, NULL, &cert, 0); if (rc) ; else if (!(grip = gpgsm_get_keygrip_hexstring (cert))) @@ -328,7 +328,7 @@ int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, certlist_t *listaddr, int is_encrypt_to); void gpgsm_release_certlist (certlist_t list); int gpgsm_find_cert (ctrl_t ctrl, const char *name, ksba_sexp_t keyid, - ksba_cert_t *r_cert); + ksba_cert_t *r_cert, int allow_ambiguous); /*-- keylist.c --*/ gpg_error_t gpgsm_list_keys (ctrl_t ctrl, strlist_t names, diff --git a/sm/keylist.c b/sm/keylist.c index 24c86e1..9997da8 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -289,8 +289,6 @@ print_capabilities (ksba_cert_t cert, estream_t fp) es_putc ('S', fp); if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN)) es_putc ('C', fp); - - es_putc (':', fp); } @@ -503,6 +501,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, es_putc (':', fp); /* Field 12, capabilities: */ print_capabilities (cert, fp); + es_putc (':', fp); /* Field 13, not used: */ es_putc (':', fp); /* Field 14, not used: */ diff --git a/sm/server.c b/sm/server.c index 64a3add..568e51b 100644 --- a/sm/server.c +++ b/sm/server.c @@ -1179,7 +1179,7 @@ cmd_passwd (assuan_context_t ctx, char *line) line = skip_options (line); - err = gpgsm_find_cert (ctrl, line, NULL, &cert); + err = gpgsm_find_cert (ctrl, line, NULL, &cert, 0); if (err) ; else if (!(grip = gpgsm_get_keygrip_hexstring (cert))) diff --git a/tests/gpgsm/gpgsm-defs.scm b/tests/gpgsm/gpgsm-defs.scm index d99d7da..c78a127 100644 --- a/tests/gpgsm/gpgsm-defs.scm +++ b/tests/gpgsm/gpgsm-defs.scm @@ -67,7 +67,9 @@ "faked-system-time 1008241200") (create-file "gpg-agent.conf" (string-append "pinentry-program " (tool 'pinentry)) - (string-append "scdaemon-program " (tool 'scdaemon)) + (if (assoc "scdaemon" gpg-components) + (string-append "scdaemon-program " (tool 'scdaemon)) + "# No scdaemon available") ) (start-agent) (create-file diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index f52f316..a6347fe 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -354,7 +354,9 @@ (if (flag "--extended-key-format" *args*) "enable-extended-key-format" "#enable-extended-key-format") (string-append "pinentry-program " (tool 'pinentry)) - (string-append "scdaemon-program " (tool 'scdaemon)) + (if (assoc "scdaemon" gpg-components) + (string-append "scdaemon-program " (tool 'scdaemon)) + "# No scdaemon available") )) ;; Initialize the test environment, install appropriate configuration diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index e6ef4f4..9ce752b 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -2085,9 +2085,12 @@ get_config_filename (gc_component_t component, gc_backend_t backend) /* Retrieve the options for the component COMPONENT from backend - BACKEND, which we already know is a program-type backend. */ + * BACKEND, which we already know is a program-type backend. With + * ONLY_INSTALLED set components which are not installed are silently + * ignored. */ static void -retrieve_options_from_program (gc_component_t component, gc_backend_t backend) +retrieve_options_from_program (gc_component_t component, gc_backend_t backend, + int only_installed) { gpg_error_t err; const char *pgmname; @@ -2107,6 +2110,11 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend) argv[0] = "--gpgconf-list"; argv[1] = NULL; + if (only_installed && access (pgmname, X_OK)) + { + return; /* The component is not installed. */ + } + err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0, NULL, &outfp, NULL, &pid); if (err) @@ -2378,7 +2386,7 @@ retrieve_options_from_file (gc_component_t component, gc_backend_t backend) /* Retrieve the currently active options and their defaults from all involved backends for this component. Using -1 for component will - retrieve all options from all components. */ + retrieve all options from all installed components. */ void gc_component_retrieve_options (int component) { @@ -2420,7 +2428,8 @@ gc_component_retrieve_options (int component) assert (backend != GC_BACKEND_ANY); if (gc_backend[backend].program) - retrieve_options_from_program (component, backend); + retrieve_options_from_program (component, backend, + process_all); else retrieve_options_from_file (component, backend); } |