summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am3
-rw-r--r--NEWS50
-rw-r--r--agent/agent.h22
-rw-r--r--agent/cache.c27
-rw-r--r--agent/call-pinentry.c103
-rw-r--r--agent/call-scd.c159
-rw-r--r--agent/command-ssh.c128
-rw-r--r--agent/command.c15
-rw-r--r--agent/divert-scd.c125
-rw-r--r--agent/findkey.c40
-rw-r--r--agent/genkey.c2
-rw-r--r--agent/gpg-agent.c2
-rw-r--r--agent/keyformat.txt6
-rw-r--r--agent/pkdecrypt.c2
-rw-r--r--agent/pksign.c19
-rw-r--r--agent/preset-passphrase.c2
-rw-r--r--agent/protect.c2
-rw-r--r--build-aux/speedo.mk35
-rw-r--r--build-aux/speedo/w32/inst.nsi19
-rw-r--r--common/Makefile.am4
-rw-r--r--common/argparse.c8
-rw-r--r--common/argparse.h4
-rw-r--r--common/asshelp.c2
-rw-r--r--common/dotlock.c10
-rw-r--r--common/dotlock.h4
-rw-r--r--common/dynload.h4
-rw-r--r--common/exechelp-w32.c12
-rw-r--r--common/exectool.c5
-rw-r--r--common/homedir.c2
-rw-r--r--common/iobuf.c2
-rw-r--r--common/ksba-io-support.c (renamed from sm/base64.c)153
-rw-r--r--common/ksba-io-support.h66
-rw-r--r--common/logging.c44
-rw-r--r--common/logging.h6
-rw-r--r--common/membuf.c2
-rw-r--r--common/mischelp.c4
-rw-r--r--common/mischelp.h4
-rw-r--r--common/name-value.c2
-rw-r--r--common/session-env.c2
-rw-r--r--common/sexp-parse.h2
-rw-r--r--common/sexputil.c65
-rw-r--r--common/simple-pwquery.c2
-rw-r--r--common/simple-pwquery.h2
-rw-r--r--common/status.h1
-rw-r--r--common/stringhelp.c4
-rw-r--r--common/stringhelp.h4
-rw-r--r--common/strlist.c4
-rw-r--r--common/strlist.h4
-rw-r--r--common/sysutils.c11
-rw-r--r--common/sysutils.h1
-rw-r--r--common/t-stringhelp.c4
-rw-r--r--common/t-strlist.c4
-rw-r--r--common/t-support.c4
-rw-r--r--common/t-support.h4
-rw-r--r--common/t-timestuff.c4
-rw-r--r--common/t-w32-reg.c4
-rw-r--r--common/ttyio.c2
-rw-r--r--common/types.h4
-rw-r--r--common/utf8conv.c6
-rw-r--r--common/utf8conv.h4
-rw-r--r--common/util.h10
-rw-r--r--common/w32-reg.c4
-rw-r--r--common/w32help.h4
-rw-r--r--common/yesno.c2
-rw-r--r--configure.ac80
-rw-r--r--dirmngr/ChangeLog-20114
-rw-r--r--dirmngr/Makefile.am7
-rw-r--r--dirmngr/certcache.c597
-rw-r--r--dirmngr/certcache.h32
-rw-r--r--dirmngr/crlcache.c6
-rw-r--r--dirmngr/crlfetch.c31
-rw-r--r--dirmngr/dirmngr.c101
-rw-r--r--dirmngr/dirmngr.h34
-rw-r--r--dirmngr/dns-stuff.c81
-rw-r--r--dirmngr/dns-stuff.h5
-rw-r--r--dirmngr/http-ntbtls.c124
-rw-r--r--dirmngr/http.c433
-rw-r--r--dirmngr/http.h17
-rw-r--r--dirmngr/ks-engine-finger.c4
-rw-r--r--dirmngr/ks-engine-hkp.c207
-rw-r--r--dirmngr/ks-engine-http.c8
-rw-r--r--dirmngr/ks-engine-ldap.c8
-rw-r--r--dirmngr/ldap.c22
-rw-r--r--dirmngr/loadswdb.c7
-rw-r--r--dirmngr/misc.c2
-rw-r--r--dirmngr/ocsp.c5
-rw-r--r--dirmngr/server.c166
-rw-r--r--dirmngr/t-http.c84
-rw-r--r--dirmngr/validate.c235
-rw-r--r--dirmngr/validate.h43
-rw-r--r--doc/DETAILS12
-rw-r--r--doc/TRANSLATE2
-rw-r--r--doc/dirmngr.texi15
-rw-r--r--doc/faq.org4
-rw-r--r--doc/gpg-agent.texi6
-rw-r--r--doc/gpg.texi44
-rw-r--r--doc/gpgsm.texi2
-rw-r--r--doc/gpgv.texi5
-rw-r--r--doc/scdaemon.texi2
-rw-r--r--doc/vuln-announce-2007-multiple-message.txt2
-rw-r--r--doc/whats-new-in-2.1.txt6
-rw-r--r--g10/armor.c2
-rw-r--r--g10/build-packet.c2
-rw-r--r--g10/call-agent.c2
-rw-r--r--g10/call-dirmngr.c26
-rw-r--r--g10/card-util.c2
-rw-r--r--g10/compress.c2
-rw-r--r--g10/cpr.c3
-rw-r--r--g10/encrypt.c6
-rw-r--r--g10/export.c75
-rw-r--r--g10/getkey.c2
-rw-r--r--g10/gpg.c23
-rw-r--r--g10/gpgv.c44
-rw-r--r--g10/import.c2
-rw-r--r--g10/keydb.c2
-rw-r--r--g10/keyedit.c8
-rw-r--r--g10/keygen.c284
-rw-r--r--g10/keyid.c2
-rw-r--r--g10/keylist.c5
-rw-r--r--g10/keyring.c24
-rw-r--r--g10/main.h6
-rw-r--r--g10/mainproc.c6
-rw-r--r--g10/misc.c2
-rw-r--r--g10/passphrase.c3
-rw-r--r--g10/pkclist.c4
-rw-r--r--g10/pubkey-enc.c36
-rw-r--r--g10/revoke.c2
-rw-r--r--g10/rmd160.c2
-rw-r--r--g10/server.c19
-rw-r--r--g10/sign.c11
-rw-r--r--g10/tdbdump.c22
-rw-r--r--g10/test-stubs.c3
-rw-r--r--g10/tofu.c114
-rw-r--r--g10/trust.c32
-rw-r--r--g10/trustdb.c87
-rw-r--r--g10/trustdb.h10
-rw-r--r--g13/Makefile.am2
-rw-r--r--g13/g13-syshelp.h2
-rw-r--r--g13/server.c2
-rw-r--r--g13/sh-cmd.c2
-rw-r--r--kbx/keybox-blob.c4
-rw-r--r--m4/autobuild.m42
-rw-r--r--m4/gettext.m44
-rw-r--r--m4/intl.m44
-rw-r--r--m4/intldir.m44
-rw-r--r--m4/lcmessage.m44
-rw-r--r--m4/nls.m44
-rw-r--r--m4/po.m44
-rw-r--r--m4/progtest.m44
-rw-r--r--po/POTFILES.in2
-rw-r--r--po/ca.po70
-rw-r--r--po/cs.po78
-rw-r--r--po/da.po74
-rw-r--r--po/de.po80
-rw-r--r--po/el.po70
-rw-r--r--po/eo.po67
-rw-r--r--po/es.po77
-rw-r--r--po/et.po70
-rw-r--r--po/fi.po70
-rw-r--r--po/fr.po82
-rw-r--r--po/gl.po70
-rw-r--r--po/hu.po70
-rw-r--r--po/id.po70
-rw-r--r--po/it.po70
-rw-r--r--po/ja.po82
-rw-r--r--po/nb.po77
-rw-r--r--po/nl.po7647
-rw-r--r--po/pl.po86
-rw-r--r--po/pt.po71
-rw-r--r--po/ro.po75
-rw-r--r--po/ru.po737
-rw-r--r--po/sk.po70
-rw-r--r--po/sv.po76
-rw-r--r--po/tr.po79
-rw-r--r--po/uk.po570
-rw-r--r--po/zh_CN.po75
-rw-r--r--po/zh_TW.po77
-rw-r--r--scd/apdu.c99
-rw-r--r--scd/apdu.h2
-rw-r--r--scd/app-common.h7
-rw-r--r--scd/app-dinsig.c2
-rw-r--r--scd/app-geldkarte.c2
-rw-r--r--scd/app-nks.c2
-rw-r--r--scd/app-openpgp.c235
-rw-r--r--scd/app.c160
-rw-r--r--scd/ccid-driver.c271
-rw-r--r--scd/ccid-driver.h4
-rw-r--r--scd/command.c66
-rw-r--r--scd/scdaemon.c206
-rw-r--r--scd/scdaemon.h5
-rw-r--r--sm/Makefile.am1
-rw-r--r--sm/call-dirmngr.c2
-rw-r--r--sm/certchain.c2
-rw-r--r--sm/certdump.c4
-rw-r--r--sm/certlist.c2
-rw-r--r--sm/certreqgen-ui.c24
-rw-r--r--sm/certreqgen.c12
-rw-r--r--sm/decrypt.c21
-rw-r--r--sm/encrypt.c11
-rw-r--r--sm/export.c28
-rw-r--r--sm/gpgsm.h18
-rw-r--r--sm/import.c13
-rw-r--r--sm/keydb.c2
-rw-r--r--sm/keylist.c2
-rw-r--r--sm/sign.c11
-rw-r--r--sm/verify.c21
-rw-r--r--tests/gpgme/gpgme-defs.scm6
-rw-r--r--tests/gpgme/run-tests.scm2
-rw-r--r--tests/gpgme/wrap.scm7
-rw-r--r--tests/gpgscm/Makefile.am3
-rw-r--r--tests/gpgscm/ffi.c9
-rw-r--r--tests/gpgscm/ffi.scm3
-rw-r--r--tests/gpgscm/init.scm10
-rw-r--r--tests/gpgscm/lib.scm2
-rw-r--r--tests/gpgscm/main.c2
-rw-r--r--tests/gpgscm/scheme-private.h12
-rw-r--r--tests/gpgscm/scheme.c582
-rw-r--r--tests/gpgscm/time.scm42
-rw-r--r--tests/gpgsm/verify.scm8
-rw-r--r--tests/openpgp/Makefile.am9
-rw-r--r--tests/openpgp/defs.scm27
-rw-r--r--tests/openpgp/gpgconf.scm17
-rw-r--r--tests/openpgp/issue2929.scm32
-rwxr-xr-xtests/openpgp/issue2941.scm34
-rwxr-xr-xtests/openpgp/quick-key-manipulation.scm57
-rw-r--r--tests/openpgp/samplekeys/README2
-rw-r--r--tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc23
-rw-r--r--tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc38
-rwxr-xr-xtests/openpgp/ssh-import.scm33
-rwxr-xr-xtests/openpgp/tofu.scm51
-rwxr-xr-xtests/openpgp/verify.scm3
-rw-r--r--tools/gpg-connect-agent.c22
-rw-r--r--tools/gpg-wks-client.c90
-rw-r--r--tools/gpg-wks-server.c27
-rw-r--r--tools/gpg-wks.h4
-rw-r--r--tools/gpgconf-comp.c275
-rw-r--r--tools/gpgconf.c2
-rw-r--r--tools/gpgparsemail.c2
-rw-r--r--tools/gpgtar.c4
-rwxr-xr-xtools/mail-signed-keys2
-rw-r--r--tools/mime-parser.c25
-rw-r--r--tools/mime-parser.h2
-rw-r--r--tools/symcryptrun.c4
-rw-r--r--tools/wks-receive.c49
244 files changed, 14722 insertions, 3398 deletions
diff --git a/Makefile.am b/Makefile.am
index e220f8b..71e691a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,7 +19,8 @@
## Process this file with automake to produce Makefile.in
ACLOCAL_AMFLAGS = -I m4
-DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-g13 \
+AM_DISTCHECK_CONFIGURE_FLAGS = --enable-gnupg-builddir-envvar \
+ --enable-symcryptrun --enable-g13 \
--enable-gpg2-is-gpg --enable-gpgtar --enable-wks-tools --disable-ntbtls
GITLOG_TO_CHANGELOG=gitlog-to-changelog
diff --git a/NEWS b/NEWS
index 054ede9..18923b4 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,51 @@
+Noteworthy changes in version 2.1.19 (2017-03-01)
+-------------------------------------------------
+
+ * gpg: Print a warning if Tor mode is requested but the Tor daemon
+ is not running.
+
+ * gpg: New status code DECRYPTION_KEY to print the actual private
+ key used for decryption.
+
+ * gpgv: New options --log-file and --debug.
+
+ * gpg-agent: Revamp the prompts to ask for card PINs.
+
+ * scd: Support for multiple card readers.
+
+ * scd: Removed option --debug-disable-ticker. Ticker is used
+ only when it is required to watch removal of device/card.
+
+ * scd: Improved detection of card inserting and removal.
+
+ * dirmngr: New option --disable-ipv4.
+
+ * dirmngr: New option --no-use-tor to explicitly disable the use of
+ Tor.
+
+ * dirmngr: The option --allow-version-check is now required even if
+ the option --use-tor is also used.
+
+ * dirmngr: Handle a missing nsswitch.conf gracefully.
+
+ * dirmngr: Avoid PTR lookups for keyserver pools. The are only done
+ for the debug command "keyserver --hosttable".
+
+ * dirmngr: Rework the internal certificate cache to support classes
+ of certificates. Load system provided certificates on startup.
+ Add options --tls, --no-crl, and --systrust to the "VALIDATE"
+ command.
+
+ * dirmngr: Add support for the ntbtls library.
+
+ * wks: Create mails with a "WKS-Phase" header. Fix detection of
+ Draft-2 mode.
+
+ * The Windows installer is now build with limited TLS support.
+
+ * Many other bug fixes and new regression tests.
+
+
Noteworthy changes in version 2.1.18 (2017-01-23)
-------------------------------------------------
@@ -61,6 +109,8 @@ Noteworthy changes in version 2.1.18 (2017-01-23)
* Fixed spurious failures on BSD system in the spawn functions.
This affected for example gpg-wks-client and gpgconf.
+ See-also: gnupg-announce/2017q1/000401.html
+
Noteworthy changes in version 2.1.17 (2016-12-20)
-------------------------------------------------
diff --git a/agent/agent.h b/agent/agent.h
index 2db5a5c..e98a246 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -218,6 +218,7 @@ struct server_control_s
session_env_t session_env;
char *lc_ctype;
char *lc_messages;
+ unsigned long client_pid;
/* The current pinentry mode. */
pinentry_mode_t pinentry_mode;
@@ -380,6 +381,8 @@ gpg_error_t ssh_search_control_file (ssh_control_file_t cf,
void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
/*-- findkey.c --*/
+gpg_error_t agent_modify_description (const char *in, const char *comment,
+ const gcry_sexp_t key, char **result);
int agent_write_private_key (const unsigned char *grip,
const void *buffer, size_t length, int force);
gpg_error_t agent_key_from_file (ctrl_t ctrl,
@@ -504,11 +507,11 @@ void agent_reload_trustlist (void);
/*-- divert-scd.c --*/
-int divert_pksign (ctrl_t ctrl,
+int divert_pksign (ctrl_t ctrl, const char *desc_text,
const unsigned char *digest, size_t digestlen, int algo,
const unsigned char *shadow_info, unsigned char **r_sig,
size_t *r_siglen);
-int divert_pkdecrypt (ctrl_t ctrl,
+int divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
const unsigned char *cipher,
const unsigned char *shadow_info,
char **r_buf, size_t *r_len, int *r_padding);
@@ -535,15 +538,19 @@ int agent_card_learn (ctrl_t ctrl,
int agent_card_serialno (ctrl_t ctrl, char **r_serialno, const char *demand);
int agent_card_pksign (ctrl_t ctrl,
const char *keyid,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg,
+ const char *desc_text,
int mdalgo,
const unsigned char *indata, size_t indatalen,
unsigned char **r_buf, size_t *r_buflen);
int agent_card_pkdecrypt (ctrl_t ctrl,
const char *keyid,
- int (*getpin_cb)(void *, const char *, char*,size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*,size_t),
void *getpin_cb_arg,
+ const char *desc_text,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen, int *r_padding);
int agent_card_readcert (ctrl_t ctrl,
@@ -552,11 +559,14 @@ int agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf);
int agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
const char *id, const char *keydata,
size_t keydatalen,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg);
gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result);
+gpg_error_t agent_card_cardlist (ctrl_t ctrl, strlist_t *result);
int agent_card_scd (ctrl_t ctrl, const char *cmdline,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg, void *assuan_context);
diff --git a/agent/cache.c b/agent/cache.c
index f58eaea..41e0905 100644
--- a/agent/cache.c
+++ b/agent/cache.c
@@ -475,6 +475,29 @@ agent_get_cache (const char *key, cache_mode_t cache_mode)
void
agent_store_cache_hit (const char *key)
{
- xfree (last_stored_cache_key);
- last_stored_cache_key = key? xtrystrdup (key) : NULL;
+ char *new;
+ char *old;
+
+ /* To make sure the update is atomic under the non-preemptive thread
+ * model, we must make sure not to surrender control to a different
+ * thread. Therefore, we avoid calling the allocator during the
+ * update.
+ *
+ * Background: xtrystrdup uses gcry_strdup which may use the secure
+ * memory allocator of Libgcrypt. That allocator takes locks and
+ * since version 1.14 libgpg-error is nPth aware and thus taking a
+ * lock may now lead to thread switch. Note that this only happens
+ * when secure memory is _allocated_ (the standard allocator uses
+ * malloc which is not nPth aware) but not when calling _xfree_
+ * because gcry_free needs to check whether the pointer is in secure
+ * memory and thus needs to take a lock.
+ */
+ new = key ? xtrystrdup (key) : NULL;
+
+ /* Atomic update. */
+ old = last_stored_cache_key;
+ last_stored_cache_key = new;
+ /* Done. */
+
+ xfree (old);
}
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index fa00bf9..0af1854 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -31,6 +31,7 @@
# include <sys/wait.h>
# include <sys/types.h>
# include <signal.h>
+# include <sys/utsname.h>
#endif
#include <npth.h>
@@ -55,6 +56,17 @@
/* The assuan context of the current pinentry. */
static assuan_context_t entry_ctx;
+/* A list of features of the current pinentry. */
+static struct
+{
+ /* The Pinentry support RS+US tabbing. This means that a RS (0x1e)
+ * starts a new tabbing block in which a US (0x1f) followed by a
+ * colon marks a colon. A pinentry can use this to pretty print
+ * name value pairs. */
+ unsigned int tabbing:1;
+} entry_features;
+
+
/* The control variable of the connection owning the current pinentry.
This is only valid if ENTRY_CTX is not NULL. Note, that we care
only about the value of the pointer and that it should never be
@@ -207,6 +219,31 @@ atfork_cb (void *opaque, int where)
}
+/* Status line callback for the FEATURES status. */
+static gpg_error_t
+getinfo_features_cb (void *opaque, const char *line)
+{
+ const char *args;
+ char **tokens;
+ int i;
+
+ (void)opaque;
+
+ if ((args = has_leading_keyword (line, "FEATURES")))
+ {
+ tokens = strtokenize (args, " ");
+ if (!tokens)
+ return gpg_error_from_syserror ();
+ for (i=0; tokens[i]; i++)
+ if (!strcmp (tokens[i], "tabbing"))
+ entry_features.tabbing = 1;
+ xfree (tokens);
+ }
+
+ return 0;
+}
+
+
static gpg_error_t
getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
{
@@ -540,21 +577,52 @@ start_pinentry (ctrl_t ctrl)
}
}
+ /* Tell Pinentry about our client. */
+ if (ctrl->client_pid)
+ {
+ char *optstr;
+ const char *nodename = "";
+
+#ifndef HAVE_W32_SYSTEM
+ struct utsname utsbuf;
+ if (!uname (&utsbuf))
+ nodename = utsbuf.nodename;
+#endif /*!HAVE_W32_SYSTEM*/
+
+ if ((optstr = xtryasprintf ("OPTION owner=%lu %s",
+ ctrl->client_pid, nodename)))
+ {
+ assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
+ NULL);
+ /* We ignore errors because this is just a fancy thing and
+ older pinentries do not support this feature. */
+ xfree (optstr);
+ }
+ }
+
- /* Ask the pinentry for its version and flavor and streo that as a
+ /* Ask the pinentry for its version and flavor and store that as a
* string in MB. This information is useful for helping users to
- * figure out Pinentry problems. */
+ * figure out Pinentry problems. Noet that "flavor" may also return
+ * a status line with the features; we use a dedicated handler for
+ * that. */
{
membuf_t mb;
init_membuf (&mb, 256);
if (assuan_transact (entry_ctx, "GETINFO flavor",
- put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
+ put_membuf_cb, &mb,
+ NULL, NULL,
+ getinfo_features_cb, NULL))
put_membuf_str (&mb, "unknown");
put_membuf_str (&mb, " ");
if (assuan_transact (entry_ctx, "GETINFO version",
put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
put_membuf_str (&mb, "unknown");
+ put_membuf_str (&mb, " ");
+ if (assuan_transact (entry_ctx, "GETINFO ttyinfo",
+ put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
+ put_membuf_str (&mb, "? ? ?");
put_membuf (&mb, "", 1);
flavor_version = get_membuf (&mb, NULL);
}
@@ -843,6 +911,25 @@ pinentry_status_cb (void *opaque, const char *line)
}
+/* Build a SETDESC command line. This is a dedicated funcion so that
+ * it can remove control characters which are not supported by the
+ * current Pinentry. */
+static void
+build_cmd_setdesc (char *line, size_t linelen, const char *desc)
+{
+ char *src, *dst;
+
+ snprintf (line, linelen, "SETDESC %s", desc);
+ if (!entry_features.tabbing)
+ {
+ /* Remove RS and US. */
+ for (src=dst=line; *src; src++)
+ if (!strchr ("\x1e\x1f", *src))
+ *dst++ = *src;
+ *dst = 0;
+ }
+}
+
/* Call the Entry and ask for the PIN. We do check for a valid PIN
@@ -933,7 +1020,7 @@ agent_askpin (ctrl_t ctrl,
if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
return unlock_pinentry (rc);
- snprintf (line, DIM(line), "SETDESC %s", desc_text);
+ build_cmd_setdesc (line, DIM(line), desc_text);
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
@@ -1142,7 +1229,7 @@ agent_get_passphrase (ctrl_t ctrl,
if (desc)
- snprintf (line, DIM(line), "SETDESC %s", desc);
+ build_cmd_setdesc (line, DIM(line), desc);
else
snprintf (line, DIM(line), "RESET");
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
@@ -1230,7 +1317,7 @@ agent_get_confirmation (ctrl_t ctrl,
return rc;
if (desc)
- snprintf (line, DIM(line), "SETDESC %s", desc);
+ build_cmd_setdesc (line, DIM(line), desc);
else
snprintf (line, DIM(line), "RESET");
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
@@ -1303,7 +1390,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn)
return rc;
if (desc)
- snprintf (line, DIM(line), "SETDESC %s", desc);
+ build_cmd_setdesc (line, DIM(line), desc);
else
snprintf (line, DIM(line), "RESET");
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
@@ -1373,7 +1460,7 @@ agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn)
return rc;
if (desc)
- snprintf (line, DIM(line), "SETDESC %s", desc);
+ build_cmd_setdesc (line, DIM(line), desc);
else
snprintf (line, DIM(line), "RESET");
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
diff --git a/agent/call-scd.c b/agent/call-scd.c
index 15a2ba5..c86eb74 100644
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@@ -39,6 +39,7 @@
#include "agent.h"
#include <assuan.h>
+#include "strlist.h"
#ifdef _POSIX_OPEN_MAX
#define MAX_OPEN_FDS _POSIX_OPEN_MAX
@@ -49,13 +50,13 @@
/* Definition of module local data of the CTRL structure. */
struct scd_local_s
{
- /* We keep a list of all allocated context with a an achnor at
+ /* We keep a list of all allocated context with an anchor at
SCD_LOCAL_LIST (see below). */
struct scd_local_s *next_local;
/* We need to get back to the ctrl object actually referencing this
- structure. This is really an awkward way of enumerint the lcoal
- contects. A much cleaner way would be to keep a global list of
+ structure. This is really an awkward way of enumerating the local
+ contexts. A much cleaner way would be to keep a global list of
ctrl objects to enumerate them. */
ctrl_t ctrl_backlink;
@@ -78,14 +79,21 @@ struct learn_parm_s
void *sinfo_cb_arg;
};
-struct inq_needpin_s
+
+/* Callback parameter used by inq_getpin and inq_writekey_parms. */
+struct inq_needpin_parm_s
{
assuan_context_t ctx;
- int (*getpin_cb)(void *, const char *, char*, size_t);
+ int (*getpin_cb)(void *, const char *, const char *, char*, size_t);
void *getpin_cb_arg;
+ const char *getpin_cb_desc;
assuan_context_t passthru; /* If not NULL, pass unknown inquiries
up to the caller. */
int any_inq_seen;
+
+ /* The next fields are used by inq_writekey_parm. */
+ const unsigned char *keydata;
+ size_t keydatalen;
};
@@ -713,7 +721,7 @@ agent_card_serialno (ctrl_t ctrl, char **r_serialno, const char *demand)
static gpg_error_t
inq_needpin (void *opaque, const char *line)
{
- struct inq_needpin_s *parm = opaque;
+ struct inq_needpin_parm_s *parm = opaque;
const char *s;
char *pin;
size_t pinlen;
@@ -728,18 +736,21 @@ inq_needpin (void *opaque, const char *line)
if (!pin)
return out_of_core ();
- rc = parm->getpin_cb (parm->getpin_cb_arg, line, pin, pinlen);
+ rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,
+ line, pin, pinlen);
if (!rc)
rc = assuan_send_data (parm->ctx, pin, pinlen);
xfree (pin);
}
else if ((s = has_leading_keyword (line, "POPUPPINPADPROMPT")))
{
- rc = parm->getpin_cb (parm->getpin_cb_arg, s, NULL, 1);
+ rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,
+ s, NULL, 1);
}
else if ((s = has_leading_keyword (line, "DISMISSPINPADPROMPT")))
{
- rc = parm->getpin_cb (parm->getpin_cb_arg, "", NULL, 0);
+ rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,
+ "", NULL, 0);
}
else if (parm->passthru)
{
@@ -823,13 +834,17 @@ cancel_inquire (ctrl_t ctrl, gpg_error_t rc)
return rc;
}
+
/* Create a signature using the current card. MDALGO is either 0 or
- gives the digest algorithm. */
+ * gives the digest algorithm. DESC_TEXT is an additional parameter
+ * passed to GETPIN_CB. */
int
agent_card_pksign (ctrl_t ctrl,
const char *keyid,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg,
+ const char *desc_text,
int mdalgo,
const unsigned char *indata, size_t indatalen,
unsigned char **r_buf, size_t *r_buflen)
@@ -837,7 +852,7 @@ agent_card_pksign (ctrl_t ctrl,
int rc;
char line[ASSUAN_LINELENGTH];
membuf_t data;
- struct inq_needpin_s inqparm;
+ struct inq_needpin_parm_s inqparm;
*r_buf = NULL;
rc = start_scd (ctrl);
@@ -858,8 +873,12 @@ agent_card_pksign (ctrl_t ctrl,
inqparm.ctx = ctrl->scd_local->ctx;
inqparm.getpin_cb = getpin_cb;
inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.getpin_cb_desc = desc_text;
inqparm.passthru = 0;
inqparm.any_inq_seen = 0;
+ inqparm.keydata = NULL;
+ inqparm.keydatalen = 0;
+
if (ctrl->use_auth_call)
snprintf (line, sizeof line, "PKAUTH %s", keyid);
else
@@ -905,21 +924,24 @@ padding_info_cb (void *opaque, const char *line)
/* Decipher INDATA using the current card. Note that the returned
- value is not an s-expression but the raw data as returned by
- scdaemon. The padding information is stored at R_PADDING with -1
- for not known. */
+ * value is not an s-expression but the raw data as returned by
+ * scdaemon. The padding information is stored at R_PADDING with -1
+ * for not known. DESC_TEXT is an additional parameter passed to
+ * GETPIN_CB. */
int
agent_card_pkdecrypt (ctrl_t ctrl,
const char *keyid,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg,
+ const char *desc_text,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen, int *r_padding)
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
membuf_t data;
- struct inq_needpin_s inqparm;
+ struct inq_needpin_parm_s inqparm;
size_t len;
*r_buf = NULL;
@@ -950,8 +972,11 @@ agent_card_pkdecrypt (ctrl_t ctrl,
inqparm.ctx = ctrl->scd_local->ctx;
inqparm.getpin_cb = getpin_cb;
inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.getpin_cb_desc = desc_text;
inqparm.passthru = 0;
inqparm.any_inq_seen = 0;
+ inqparm.keydata = NULL;
+ inqparm.keydatalen = 0;
snprintf (line, DIM(line), "PKDECRYPT %s", keyid);
rc = assuan_transact (ctrl->scd_local->ctx, line,
put_membuf_cb, &data,
@@ -1050,24 +1075,12 @@ agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf)
}
-struct writekey_parm_s
-{
- assuan_context_t ctx;
- int (*getpin_cb)(void *, const char *, char*, size_t);
- void *getpin_cb_arg;
- assuan_context_t passthru;
- int any_inq_seen;
- /**/
- const unsigned char *keydata;
- size_t keydatalen;
-};
-
/* Handle a KEYDATA inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the end */
static gpg_error_t
inq_writekey_parms (void *opaque, const char *line)
{
- struct writekey_parm_s *parm = opaque;
+ struct inq_needpin_parm_s *parm = opaque;
if (has_leading_keyword (line, "KEYDATA"))
return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen);
@@ -1079,12 +1092,13 @@ inq_writekey_parms (void *opaque, const char *line)
int
agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
const char *id, const char *keydata, size_t keydatalen,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg)
{
int rc;
char line[ASSUAN_LINELENGTH];
- struct writekey_parm_s parms;
+ struct inq_needpin_parm_s parms;
(void)serialno;
rc = start_scd (ctrl);
@@ -1095,6 +1109,7 @@ agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
parms.ctx = ctrl->scd_local->ctx;
parms.getpin_cb = getpin_cb;
parms.getpin_cb_arg = getpin_cb_arg;
+ parms.getpin_cb_desc= NULL;
parms.passthru = 0;
parms.any_inq_seen = 0;
parms.keydata = keydata;
@@ -1107,6 +1122,8 @@ agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
rc = cancel_inquire (ctrl, rc);
return unlock_scd (ctrl, rc);
}
+
+
/* Type used with the card_getattr_cb. */
struct card_getattr_parm_s {
@@ -1191,6 +1208,75 @@ agent_card_getattr (ctrl_t ctrl, const char *name, char **result)
}
+
+struct card_cardlist_parm_s {
+ int error;
+ strlist_t list;
+};
+
+/* Callback function for agent_card_cardlist. */
+static gpg_error_t
+card_cardlist_cb (void *opaque, const char *line)
+{
+ struct card_cardlist_parm_s *parm = opaque;
+ const char *keyword = line;
+ int keywordlen;
+
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ while (spacep (line))
+ line++;
+
+ if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
+ {
+ const char *s;
+ int n;
+
+ for (n=0,s=line; hexdigitp (s); s++, n++)
+ ;
+
+ if (!n || (n&1) || *s)
+ parm->error = gpg_error (GPG_ERR_ASS_PARAMETER);
+ else
+ add_to_strlist (&parm->list, line);
+ }
+
+ return 0;
+}
+
+/* Call the scdaemon to retrieve list of available cards. On success
+ the allocated strlist is stored at RESULT. On error an error code is
+ returned and NULL stored at RESULT. */
+gpg_error_t
+agent_card_cardlist (ctrl_t ctrl, strlist_t *result)
+{
+ int err;
+ struct card_cardlist_parm_s parm;
+ char line[ASSUAN_LINELENGTH];
+
+ *result = NULL;
+
+ memset (&parm, 0, sizeof parm);
+ strcpy (line, "GETINFO card_list");
+
+ err = start_scd (ctrl);
+ if (err)
+ return err;
+
+ err = assuan_transact (ctrl->scd_local->ctx, line,
+ NULL, NULL, NULL, NULL,
+ card_cardlist_cb, &parm);
+ if (!err && parm.error)
+ err = parm.error;
+
+ if (!err)
+ *result = parm.list;
+ else
+ free_strlist (parm.list);
+
+ return unlock_scd (ctrl, err);
+}
+
static gpg_error_t
@@ -1241,11 +1327,12 @@ pass_data_thru (void *opaque, const void *buffer, size_t length)
inquiry is handled inside gpg-agent. */
int
agent_card_scd (ctrl_t ctrl, const char *cmdline,
- int (*getpin_cb)(void *, const char *, char*, size_t),
+ int (*getpin_cb)(void *, const char *,
+ const char *, char*, size_t),
void *getpin_cb_arg, void *assuan_context)
{
int rc;
- struct inq_needpin_s inqparm;
+ struct inq_needpin_parm_s inqparm;
int saveflag;
rc = start_scd (ctrl);
@@ -1255,8 +1342,12 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline,
inqparm.ctx = ctrl->scd_local->ctx;
inqparm.getpin_cb = getpin_cb;
inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.getpin_cb_desc = NULL;
inqparm.passthru = assuan_context;
inqparm.any_inq_seen = 0;
+ inqparm.keydata = NULL;
+ inqparm.keydatalen = 0;
+
saveflag = assuan_get_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS);
assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, 1);
rc = assuan_transact (ctrl->scd_local->ctx, cmdline,
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index f57bac3..79b8f85 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2382,6 +2382,35 @@ ssh_key_grip (gcry_sexp_t key, unsigned char *buffer)
}
+static gpg_error_t
+card_key_list (ctrl_t ctrl, char **r_serialno, strlist_t *result)
+{
+ gpg_error_t err;
+
+ *r_serialno = NULL;
+ *result = NULL;
+
+ err = agent_card_serialno (ctrl, r_serialno, NULL);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_ENODEV)
+ return 0; /* Nothing available. */
+
+ if (opt.verbose)
+ log_info (_("error getting serial number of card: %s\n"),
+ gpg_strerror (err));
+ return err;
+ }
+
+ err = agent_card_cardlist (ctrl, result);
+ if (err)
+ {
+ xfree (*r_serialno);
+ *r_serialno = NULL;
+ }
+ return err;
+}
+
/* Check whether a smartcard is available and whether it has a usable
key. Store a copy of that key at R_PK and return 0. If no key is
available store NULL at R_PK and return an error code. If CARDSN
@@ -2561,17 +2590,54 @@ ssh_handler_request_identities (ctrl_t ctrl,
reader - this should be allowed even without being listed in
sshcontrol. */
- if (!opt.disable_scdaemon
- && !card_key_available (ctrl, &key_public, &cardsn))
+ if (!opt.disable_scdaemon)
{
- err = ssh_send_key_public (key_blobs, key_public, cardsn);
- gcry_sexp_release (key_public);
- key_public = NULL;
- xfree (cardsn);
+ char *serialno;
+ strlist_t card_list, sl;
+
+ err = card_key_list (ctrl, &serialno, &card_list);
if (err)
- goto out;
+ {
+ if (opt.verbose)
+ log_info (_("error getting list of cards: %s\n"),
+ gpg_strerror (err));
+ goto out;
+ }
- key_counter++;
+ for (sl = card_list; sl; sl = sl->next)
+ {
+ char *serialno0;
+ err = agent_card_serialno (ctrl, &serialno0, sl->d);
+ if (err)
+ {
+ if (opt.verbose)
+ log_info (_("error getting serial number of card: %s\n"),
+ gpg_strerror (err));
+ xfree (serialno);
+ free_strlist (card_list);
+ goto out;
+ }
+
+ xfree (serialno0);
+ if (card_key_available (ctrl, &key_public, &cardsn))
+ continue;
+
+ err = ssh_send_key_public (key_blobs, key_public, cardsn);
+ gcry_sexp_release (key_public);
+ key_public = NULL;
+ xfree (cardsn);
+ if (err)
+ {
+ xfree (serialno);
+ free_strlist (card_list);
+ goto out;
+ }
+
+ key_counter++;
+ }
+
+ xfree (serialno);
+ free_strlist (card_list);
}
/* Then look at all the registered and non-disabled keys. */
@@ -2655,7 +2721,7 @@ data_hash (unsigned char *data, size_t data_n,
}
-/* This function signs the data described by CTRL. If HASH is is not
+/* This function signs the data described by CTRL. If HASH is not
NULL, (HASH,HASHLEN) overrides the hash stored in CTRL. This is to
allow the use of signature algorithms that implement the hashing
internally (e.g. Ed25519). On success the created signature is
@@ -3491,6 +3557,44 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
}
+/* Return the peer's pid. Stripped down code from libassuan. */
+static unsigned long
+get_client_pid (int fd)
+{
+ pid_t client_pid = (pid_t)(-1);
+
+#ifdef HAVE_SO_PEERCRED
+ {
+ struct ucred cr;
+ socklen_t cl = sizeof cr;
+
+ if ( !getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl))
+ client_pid = cr.pid;
+ }
+#elif defined (HAVE_GETPEERUCRED)
+ {
+ ucred_t *ucred = NULL;
+
+ if (getpeerucred (fd, &ucred) != -1)
+ {
+ client_pid= ucred_getpid (ucred);
+ ucred_free (ucred);
+ }
+ }
+#elif defined (HAVE_LOCAL_PEEREID)
+ {
+ struct unpcbid unp;
+ socklen_t unpl = sizeof unp;
+
+ if (getsockopt (fd, 0, LOCAL_PEEREID, &unp, &unpl) != -1)
+ client_pid = unp.unp_pid;
+ }
+#endif
+
+ return client_pid == (pid_t)(-1)? 0 : (unsigned long)client_pid;
+}
+
+
/* Start serving client on SOCK_CLIENT. */
void
start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
@@ -3503,6 +3607,8 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
if (err)
goto out;
+ ctrl->client_pid = get_client_pid (FD2INT(sock_client));
+
/* Create stream from socket. */
stream_sock = es_fdopen (FD2INT(sock_client), "r+");
if (!stream_sock)
@@ -3548,7 +3654,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
#ifdef HAVE_W32_SYSTEM
/* Serve one ssh-agent request. This is used for the Putty support.
- REQUEST is the the mmapped memory which may be accessed up to a
+ REQUEST is the mmapped memory which may be accessed up to a
length of MAXREQLEN. Returns 0 on success which also indicates
that a valid SSH response message is now in REQUEST. */
int
@@ -3643,7 +3749,7 @@ serve_mmapped_ssh_request (ctrl_t ctrl,
size_t response_size;
/* NB: In contrast to the request-stream, the response stream
- includes the the message type byte. */
+ includes the message type byte. */
if (es_fclose_snatch (response_stream, &response_data, &response_size))
{
log_error ("snatching ssh response failed: %s",
diff --git a/agent/command.c b/agent/command.c
index a2d4931..ec38649 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -434,7 +434,7 @@ leave_cmd (assuan_context_t ctx, gpg_error_t err)
static const char hlp_geteventcounter[] =
"GETEVENTCOUNTER\n"
"\n"
- "Return a a status line named EVENTCOUNTER with the current values\n"
+ "Return a status line named EVENTCOUNTER with the current values\n"
"of all event counters. The values are decimal numbers in the range\n"
"0 to UINT_MAX and wrapping around to 0. The actual values should\n"
"not be relied upon, they shall only be used to detect a change.\n"
@@ -2007,7 +2007,7 @@ static const char hlp_keywrap_key[] =
"KEYWRAP_KEY [--clear] <mode>\n"
"\n"
"Return a key to wrap another key. For now the key is returned\n"
- "verbatim and and thus makes not much sense because an eavesdropper on\n"
+ "verbatim and thus makes not much sense because an eavesdropper on\n"
"the gpg-agent connection will see the key as well as the wrapped key.\n"
"However, this function may either be equipped with a public key\n"
"mechanism or not used at all if the key is a pre-shared key. In any\n"
@@ -2631,7 +2631,7 @@ static const char hlp_putval[] =
"try to connect to that daemon. Only if that fails they may start\n"
"an own instance of the service daemon. \n"
"\n"
- "KEY is an an arbitrary symbol with the same syntax rules as keys\n"
+ "KEY is an arbitrary symbol with the same syntax rules as keys\n"
"for shell environment variables. PERCENT_ESCAPED_VALUE is the\n"
"corresponding value; they should be similar to the values of\n"
"envronment variables but gpg-agent does not enforce any\n"
@@ -3288,6 +3288,8 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
for (;;)
{
+ pid_t client_pid;
+
rc = assuan_accept (ctx);
if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1)
{
@@ -3299,7 +3301,12 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
break;
}
- ctrl->server_local->connect_from_self = (assuan_get_pid (ctx)==getpid ());
+ client_pid = assuan_get_pid (ctx);
+ ctrl->server_local->connect_from_self = (client_pid == getpid ());
+ if (client_pid != ASSUAN_INVALID_PID)
+ ctrl->client_pid = (unsigned long)client_pid;
+ else
+ ctrl->client_pid = 0;
rc = assuan_process (ctx);
if (rc)
diff --git a/agent/divert-scd.c b/agent/divert-scd.c
index 7331f58..d9d734c 100644
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@@ -39,22 +39,39 @@ ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)
char *serialno;
int no_card = 0;
char *desc;
- char *want_sn, *want_kid;
- int want_sn_displen;
+ char *want_sn, *want_kid, *want_sn_disp;
+ int len;
*r_kid = NULL;
rc = parse_shadow_info (shadow_info, &want_sn, &want_kid, NULL);
if (rc)
return rc;
+ want_sn_disp = xtrystrdup (want_sn);
+ if (!want_sn_disp)
+ {
+ rc = gpg_error_from_syserror ();
+ xfree (want_sn);
+ return rc;
+ }
- /* We assume that a 20 byte serial number is a standard one which
- has the property to have a zero in the last nibble (Due to BCD
- representation). We don't display this '0' because it may
- confuse the user. */
- want_sn_displen = strlen (want_sn);
- if (want_sn_displen == 20 && want_sn[19] == '0')
- want_sn_displen--;
+ len = strlen (want_sn_disp);
+ if (len == 32 && !strncmp (want_sn_disp, "D27600012401", 12))
+ {
+ /* This is an OpenPGP card - reformat */
+ memmove (want_sn_disp, want_sn_disp+16, 4);
+ want_sn_disp[4] = ' ';
+ memmove (want_sn_disp+5, want_sn_disp+20, 8);
+ want_sn_disp[13] = 0;
+ }
+ else if (len == 20 && want_sn_disp[19] == '0')
+ {
+ /* We assume that a 20 byte serial number is a standard one
+ * which has the property to have a zero in the last nibble (Due
+ * to BCD representation). We don't display this '0' because it
+ * may confuse the user. */
+ want_sn_disp[19] = 0;
+ }
for (;;)
{
@@ -93,12 +110,12 @@ ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)
{
if (asprintf (&desc,
"%s:%%0A%%0A"
- " \"%.*s\"",
+ " %s",
no_card
? L_("Please insert the card with serial number")
: L_("Please remove the current card and "
"insert the one with serial number"),
- want_sn_displen, want_sn) < 0)
+ want_sn_disp) < 0)
{
rc = out_of_core ();
}
@@ -114,6 +131,7 @@ ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)
}
if (rc)
{
+ xfree (want_sn_disp);
xfree (want_sn);
xfree (want_kid);
return rc;
@@ -157,12 +175,27 @@ encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo,
}
+/* Return true if STRING ends in "%0A". */
+static int
+has_percent0A_suffix (const char *string)
+{
+ size_t n;
+
+ return (string
+ && (n = strlen (string)) >= 3
+ && !strcmp (string + n - 3, "%0A"));
+}
+
+
/* Callback used to ask for the PIN which should be set into BUF. The
buf has been allocated by the caller and is of size MAXBUF which
includes the terminating null. The function should return an UTF-8
string with the passphrase, the buffer may optionally be padded
with arbitrary characters.
+ If DESC_TEXT is not NULL it can be used as further informtion shown
+ atop of the INFO message.
+
INFO gets displayed as part of a generic string. However if the
first character of INFO is a vertical bar all up to the next
verical bar are considered flags and only everything after the
@@ -185,7 +218,8 @@ encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo,
are considered.
*/
static int
-getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
+getpin_cb (void *opaque, const char *desc_text, const char *info,
+ char *buf, size_t maxbuf)
{
struct pin_entry_info_s *pi;
int rc;
@@ -242,7 +276,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
{
if (info)
{
- char *desc;
+ char *desc, *desc2;
if ( asprintf (&desc,
L_("%s%%0A%%0AUse the reader's pinpad for input."),
@@ -250,12 +284,22 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
rc = gpg_error_from_syserror ();
else
{
- rc = agent_popup_message_start (ctrl, desc, NULL);
+ /* Prepend DESC_TEXT to INFO. */
+ if (desc_text)
+ desc2 = strconcat (desc_text,
+ has_percent0A_suffix (desc_text)
+ ? "%0A" : "%0A%0A",
+ desc, NULL);
+ else
+ desc2 = NULL;
+ rc = agent_popup_message_start (ctrl,
+ desc2? desc2:desc, NULL);
+ xfree (desc2);
xfree (desc);
}
}
else
- rc = agent_popup_message_start (ctrl, NULL, NULL);
+ rc = agent_popup_message_start (ctrl, desc_text, NULL);
}
else
rc = gpg_error (GPG_ERR_INV_VALUE);
@@ -276,7 +320,20 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
if (any_flags)
{
- rc = agent_askpin (ctrl, info, prompt, again_text, pi, NULL, 0);
+ {
+ char *desc2;
+
+ if (desc_text)
+ desc2 = strconcat (desc_text,
+ has_percent0A_suffix (desc_text)
+ ? "%0A" : "%0A%0A",
+ info, NULL);
+ else
+ desc2 = NULL;
+ rc = agent_askpin (ctrl, desc2? desc2 : info,
+ prompt, again_text, pi, NULL, 0);
+ xfree (desc2);
+ }
again_text = NULL;
if (!rc && newpin)
{
@@ -315,14 +372,24 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
}
else
{
- char *desc;
+ char *desc, *desc2;
+
if ( asprintf (&desc,
L_("Please enter the PIN%s%s%s to unlock the card"),
info? " (":"",
info? info:"",
info? ")":"") < 0)
desc = NULL;
- rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi, NULL, 0);
+ if (desc_text)
+ desc2 = strconcat (desc_text,
+ has_percent0A_suffix (desc_text)
+ ? "%0A" : "%0A%0A",
+ desc, NULL);
+ else
+ desc2 = NULL;
+ rc = agent_askpin (ctrl, desc2? desc2 : desc? desc : info,
+ prompt, NULL, pi, NULL, 0);
+ xfree (desc2);
xfree (desc);
}
@@ -337,9 +404,13 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
-
+/* This function is used when a sign operation has been diverted to a
+ * smartcard. DESC_TEXT is the original text for a prompt has send by
+ * gpg to gpg-agent.
+ *
+ * FIXME: Explain the other args. */
int
-divert_pksign (ctrl_t ctrl,
+divert_pksign (ctrl_t ctrl, const char *desc_text,
const unsigned char *digest, size_t digestlen, int algo,
const unsigned char *shadow_info, unsigned char **r_sig,
size_t *r_siglen)
@@ -349,6 +420,8 @@ divert_pksign (ctrl_t ctrl,
size_t siglen;
unsigned char *sigval = NULL;
+ (void)desc_text;
+
rc = ask_for_card (ctrl, shadow_info, &kid);
if (rc)
return rc;
@@ -357,7 +430,7 @@ divert_pksign (ctrl_t ctrl,
{
int save = ctrl->use_auth_call;
ctrl->use_auth_call = 1;
- rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl,
+ rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl, NULL,
algo, digest, digestlen, &sigval, &siglen);
ctrl->use_auth_call = save;
}
@@ -369,7 +442,7 @@ divert_pksign (ctrl_t ctrl,
rc = encode_md_for_card (digest, digestlen, algo, &data, &ndata);
if (!rc)
{
- rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl,
+ rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl, NULL,
algo, data, ndata, &sigval, &siglen);
xfree (data);
}
@@ -387,12 +460,12 @@ divert_pksign (ctrl_t ctrl,
}
-/* Decrypt the the value given asn an S-expression in CIPHER using the
+/* Decrypt the value given asn an S-expression in CIPHER using the
key identified by SHADOW_INFO and return the plaintext in an
allocated buffer in R_BUF. The padding information is stored at
R_PADDING with -1 for not known. */
int
-divert_pkdecrypt (ctrl_t ctrl,
+divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
const unsigned char *cipher,
const unsigned char *shadow_info,
char **r_buf, size_t *r_len, int *r_padding)
@@ -406,6 +479,8 @@ divert_pkdecrypt (ctrl_t ctrl,
char *plaintext;
size_t plaintextlen;
+ (void)desc_text;
+
*r_padding = -1;
s = cipher;
@@ -471,7 +546,7 @@ divert_pkdecrypt (ctrl_t ctrl,
if (rc)
return rc;
- rc = agent_card_pkdecrypt (ctrl, kid, getpin_cb, ctrl,
+ rc = agent_card_pkdecrypt (ctrl, kid, getpin_cb, ctrl, NULL,
ciphertext, ciphertextlen,
&plaintext, &plaintextlen, r_padding);
if (!rc)
diff --git a/agent/findkey.c b/agent/findkey.c
index 1b187ba..ac74fa9 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -321,9 +321,9 @@ try_unprotect_cb (struct pin_entry_info_s *pi)
The functions returns 0 on success or an error code. On success a
newly allocated string is stored at the address of RESULT.
*/
-static gpg_error_t
-modify_description (const char *in, const char *comment, const gcry_sexp_t key,
- char **result)
+gpg_error_t
+agent_modify_description (const char *in, const char *comment,
+ const gcry_sexp_t key, char **result)
{
size_t comment_length;
size_t in_len;
@@ -332,12 +332,19 @@ modify_description (const char *in, const char *comment, const gcry_sexp_t key,
size_t i;
int special, pass;
char *ssh_fpr = NULL;
+ char *p;
+
+ *result = NULL;
+
+ if (!comment)
+ comment = "";
comment_length = strlen (comment);
in_len = strlen (in);
/* First pass calculates the length, second pass does the actual
copying. */
+ /* FIXME: This can be simplified by using es_fopenmem. */
out = NULL;
out_len = 0;
for (pass=0; pass < 2; pass++)
@@ -427,8 +434,23 @@ modify_description (const char *in, const char *comment, const gcry_sexp_t key,
}
*out = 0;
- assert (*result + out_len == out);
+ log_assert (*result + out_len == out);
xfree (ssh_fpr);
+
+ /* The ssh prompt may sometimes end in
+ * "...%0A ()"
+ * The empty parentheses doesn't look very good. We use this hack
+ * here to remove them as well as the indentation spaces. */
+ p = *result;
+ i = strlen (p);
+ if (i > 2 && !strcmp (p + i - 2, "()"))
+ {
+ p += i - 2;
+ *p-- = 0;
+ while (p > *result && spacep (p))
+ *p-- = 0;
+ }
+
return 0;
}
@@ -874,8 +896,8 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
desc_text_final = NULL;
if (desc_text)
- rc = modify_description (desc_text, comment? comment:"", s_skey,
- &desc_text_final);
+ rc = agent_modify_description (desc_text, comment, s_skey,
+ &desc_text_final);
gcry_free (comment);
if (!rc)
@@ -1289,7 +1311,7 @@ agent_public_key_from_file (ctrl_t ctrl,
-/* Check whether the the secret key identified by GRIP is available.
+/* Check whether the secret key identified by GRIP is available.
Returns 0 is the key is available. */
int
agent_key_available (const unsigned char *grip)
@@ -1453,8 +1475,8 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
}
if (desc_text)
- err = modify_description (desc_text, comment? comment:"", s_skey,
- &desc_text_final);
+ err = agent_modify_description (desc_text, comment, s_skey,
+ &desc_text_final);
if (err)
goto leave;
diff --git a/agent/genkey.c b/agent/genkey.c
index 8a43d89..7fb0139 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -220,7 +220,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw,
}
/* Now check the constraints and collect the error messages unless
- in in silent mode which returns immediately. */
+ in silent mode which returns immediately. */
if (utf8_charcount (pw, -1) < minlen )
{
if (!failed_constraint)
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index c0208cc..5a5b55b 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -2394,7 +2394,7 @@ handle_signal (int signo)
}
#endif
-/* Check the nonce on a new connection. This is a NOP unless we we
+/* Check the nonce on a new connection. This is a NOP unless we
are using our Unix domain socket emulation under Windows. */
static int
check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
diff --git a/agent/keyformat.txt b/agent/keyformat.txt
index e80496e..68fbdbc 100644
--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@@ -133,7 +133,7 @@ The currently defined protection modes are:
*** openpgp-s2k3-sha1-aes-cbc
- This describes an algorithm using using AES in CBC mode for
+ This describes an algorithm using AES in CBC mode for
encryption, SHA-1 for integrity protection and the String to Key
algorithm 3 from OpenPGP (rfc4880).
@@ -182,7 +182,7 @@ The currently defined protection modes are:
*** openpgp-s2k3-ocb-aes
- This describes an algorithm using using AES-128 in OCB mode, a nonce
+ This describes an algorithm using AES-128 in OCB mode, a nonce
of 96 bit, a taglen of 128 bit, and the String to Key algorithm 3
from OpenPGP (rfc4880).
@@ -311,7 +311,7 @@ This format is used to transfer keys between gpg and gpg-agent.
* PROTALGO is a Libgcrypt style cipher algorithm name
* IV is the initialization verctor.
* S2KMODE is the value from RFC-4880.
- * S2KHASH is a a libgcrypt style hash algorithm identifier.
+ * S2KHASH is a libgcrypt style hash algorithm identifier.
* S2KSALT is the 8 byte salt
* S2KCOUNT is the count value from RFC-4880.
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
index 3d0f5aa..f1023b4 100644
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@@ -86,7 +86,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
goto leave;
}
- rc = divert_pkdecrypt (ctrl, ciphertext, shadow_info,
+ rc = divert_pkdecrypt (ctrl, desc_text, ciphertext, shadow_info,
&buf, &len, r_padding);
if (rc)
{
diff --git a/agent/pksign.c b/agent/pksign.c
index b347608..3b2fcc4 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -285,7 +285,8 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
const void *overridedata, size_t overridedatalen)
{
- gcry_sexp_t s_skey = NULL, s_sig = NULL;
+ gcry_sexp_t s_skey = NULL;
+ gcry_sexp_t s_sig = NULL;
gcry_sexp_t s_hash = NULL;
gcry_sexp_t s_pkey = NULL;
unsigned char *shadow_info = NULL;
@@ -346,10 +347,18 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
is_ECDSA = 1;
}
- rc = divert_pksign (ctrl,
- data, datalen,
- ctrl->digest.algo,
- shadow_info, &buf, &len);
+ {
+ char *desc2 = NULL;
+
+ if (desc_text)
+ agent_modify_description (desc_text, NULL, s_skey, &desc2);
+
+ rc = divert_pksign (ctrl, desc2? desc2 : desc_text,
+ data, datalen,
+ ctrl->digest.algo,
+ shadow_info, &buf, &len);
+ xfree (desc2);
+ }
if (rc)
{
log_error ("smartcard signing failed: %s\n", gpg_strerror (rc));
diff --git a/agent/preset-passphrase.c b/agent/preset-passphrase.c
index ae6f0ce..b8d2aaa 100644
--- a/agent/preset-passphrase.c
+++ b/agent/preset-passphrase.c
@@ -239,7 +239,7 @@ main (int argc, char **argv)
else
usage (1);
- /* Tell simple-pwquery about the the standard socket name. */
+ /* Tell simple-pwquery about the standard socket name. */
{
char *tmp = make_filename (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
simple_pw_set_socket (tmp);
diff --git a/agent/protect.c b/agent/protect.c
index e205869..7ae7e64 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -690,7 +690,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
return rc;
/* Now create the protected version of the key. Note that the 10
- extra bytes are for for the inserted "protected-" string (the
+ extra bytes are for the inserted "protected-" string (the
beginning of the plaintext reads: "((11:private-key(" ). The 35
term is the space for (12:protected-at15:<timestamp>). */
*resultlen = (10
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 8a366e6..c799863 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -184,14 +184,22 @@ speedo_spkgs = \
ifeq ($(TARGETOS),w32)
speedo_spkgs += \
- zlib bzip2 adns sqlite
+ zlib bzip2 sqlite
ifeq ($(WITH_GUI),1)
speedo_spkgs += gettext libiconv
endif
endif
speedo_spkgs += \
- libassuan libksba gnupg
+ libassuan libksba
+
+ifeq ($(TARGETOS),w32)
+speedo_spkgs += \
+ ntbtls
+endif
+
+speedo_spkgs += \
+ gnupg
ifeq ($(TARGETOS),w32)
ifeq ($(WITH_GUI),1)
@@ -241,7 +249,7 @@ endif
# Packages which use the gnupg autogen.sh build style
speedo_gnupg_style = \
libgpg-error npth libgcrypt \
- libassuan libksba gnupg gpgme \
+ libassuan libksba ntbtls gnupg gpgme \
pinentry gpa gpgex
# Packages which use only make and no build directory
@@ -290,6 +298,10 @@ libksba_ver := $(shell awk '$$1=="libksba_ver" {print $$2}' swdb.lst)
libksba_sha1 := $(shell awk '$$1=="libksba_sha1" {print $$2}' swdb.lst)
libksba_sha2 := $(shell awk '$$1=="libksba_sha2" {print $$2}' swdb.lst)
+ntbtls_ver := $(shell awk '$$1=="ntbtls_ver" {print $$2}' swdb.lst)
+ntbtls_sha1 := $(shell awk '$$1=="ntbtls_sha1" {print $$2}' swdb.lst)
+ntbtls_sha2 := $(shell awk '$$1=="ntbtls_sha2" {print $$2}' swdb.lst)
+
gpgme_ver := $(shell awk '$$1=="gpgme_ver" {print $$2}' swdb.lst)
gpgme_sha1 := $(shell awk '$$1=="gpgme_sha1" {print $$2}' swdb.lst)
gpgme_sha2 := $(shell awk '$$1=="gpgme_sha2" {print $$2}' swdb.lst)
@@ -314,10 +326,6 @@ bzip2_ver := $(shell awk '$$1=="bzip2_ver" {print $$2}' swdb.lst)
bzip2_sha1 := $(shell awk '$$1=="bzip2_sha1_gz" {print $$2}' swdb.lst)
bzip2_sha2 := $(shell awk '$$1=="bzip2_sha2_gz" {print $$2}' swdb.lst)
-adns_ver := $(shell awk '$$1=="adns_ver" {print $$2}' swdb.lst)
-adns_sha1 := $(shell awk '$$1=="adns_sha1" {print $$2}' swdb.lst)
-adns_sha2 := $(shell awk '$$1=="adns_sha2" {print $$2}' swdb.lst)
-
sqlite_ver := $(shell awk '$$1=="sqlite_ver" {print $$2}' swdb.lst)
sqlite_sha1 := $(shell awk '$$1=="sqlite_sha1_gz" {print $$2}' swdb.lst)
sqlite_sha2 := $(shell awk '$$1=="sqlite_sha2_gz" {print $$2}' swdb.lst)
@@ -329,10 +337,11 @@ $(info Libgpg-error ...: $(libgpg_error_ver))
$(info Npth ...........: $(npth_ver))
$(info Libgcrypt ......: $(libgcrypt_ver))
$(info Libassuan ......: $(libassuan_ver))
+$(info Libksba ........: $(libksba_ver))
$(info Zlib ...........: $(zlib_ver))
$(info Bzip2 ..........: $(bzip2_ver))
-$(info ADNS ...........: $(adns_ver))
$(info SQLite .........: $(sqlite_ver))
+$(info NtbTLS .. ......: $(ntbtls_ver))
$(info GPGME ..........: $(gpgme_ver))
$(info Pinentry .......: $(pinentry_ver))
$(info GPA ............: $(gpa_ver))
@@ -396,6 +405,8 @@ else ifeq ($(WHAT),git)
speedo_pkg_libgcrypt_gitref = master
speedo_pkg_libksba_git = $(gitrep)/libksba
speedo_pkg_libksba_gitref = master
+ speedo_pkg_ntbtls_git = $(gitrep)/ntbtls
+ speedo_pkg_ntbtls_gitref = master
speedo_pkg_gpgme_git = $(gitrep)/gpgme
speedo_pkg_gpgme_gitref = master
speedo_pkg_pinentry_git = $(gitrep)/pinentry
@@ -415,6 +426,8 @@ else ifeq ($(WHAT),release)
$(pkgrep)/libgcrypt/libgcrypt-$(libgcrypt_ver).tar.bz2
speedo_pkg_libksba_tar = \
$(pkgrep)/libksba/libksba-$(libksba_ver).tar.bz2
+ speedo_pkg_ntbtls_tar = \
+ $(pkgrep)/ntbtls/ntbtls-$(ntbtls_ver).tar.bz2
speedo_pkg_gpgme_tar = \
$(pkgrep)/gpgme/gpgme-$(gpgme_ver).tar.bz2
speedo_pkg_pinentry_tar = \
@@ -431,7 +444,6 @@ speedo_pkg_pkg_config_tar = $(pkg2rep)/pkg-config-$(pkg_config_ver).tar.gz
speedo_pkg_zlib_tar = $(pkgrep)/zlib/zlib-$(zlib_ver).tar.gz
speedo_pkg_bzip2_tar = $(pkgrep)/bzip2/bzip2-$(bzip2_ver).tar.gz
speedo_pkg_sqlite_tar = $(pkgrep)/sqlite/sqlite-autoconf-$(sqlite_ver).tar.gz
-speedo_pkg_adns_tar = $(pkg10rep)/adns/adns-$(adns_ver).tar.bz2
speedo_pkg_libiconv_tar = $(pkg2rep)/libiconv-$(libiconv_ver).tar.gz
speedo_pkg_gettext_tar = $(pkg2rep)/gettext-$(gettext_ver).tar.gz
speedo_pkg_libffi_tar = $(pkg2rep)/libffi-$(libffi_ver).tar.gz
@@ -459,9 +471,12 @@ speedo_pkg_libgcrypt_configure = --disable-static
speedo_pkg_libksba_configure = --disable-static
+# For now we build ntbtls only static
+speedo_pkg_ntbtls_configure = --enable-static --disable-shared
+
ifeq ($(TARGETOS),w32)
speedo_pkg_gnupg_configure = \
- --enable-gpg2-is-gpg --disable-g13 --disable-ntbtls \
+ --enable-gpg2-is-gpg --disable-g13 --enable-ntbtls \
--enable-build-timestamp
else
speedo_pkg_gnupg_configure = --disable-g13
diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index 164e26b..b4d6994 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -581,6 +581,7 @@ Section "GnuPG" SEC_gnupg
File "bin/gpg-connect-agent.exe"
File "bin/gpgtar.exe"
File "libexec/gpg-preset-passphrase.exe"
+ File "libexec/gpg-wks-client.exe"
ClearErrors
SetOverwrite try
@@ -610,6 +611,7 @@ Section "GnuPG" SEC_gnupg
File "share/gnupg/gpg-conf.skel"
File "share/gnupg/dirmngr-conf.skel"
File "share/gnupg/distsigkey.gpg"
+ File "share/gnupg/sks-keyservers.netCA.pem"
SetOutPath "$INSTDIR\share\locale\ca\LC_MESSAGES"
File share/locale/ca/LC_MESSAGES/gnupg2.mo
@@ -735,15 +737,6 @@ Section "-zlib" SEC_zlib
File bin/zlib1.dll
SectionEnd
-Section "-adns" SEC_adns
- SetOutPath "$INSTDIR\bin"
- File bin/libadns-1.dll
- SetOutPath "$INSTDIR\lib"
- File /oname=libadns.imp lib/libadns.dll.a
- SetOutPath "$INSTDIR\include"
- File include/adns.h
-SectionEnd
-
Section "-npth" SEC_npth
SetOutPath "$INSTDIR\bin"
File bin/libnpth-0.dll
@@ -1193,12 +1186,6 @@ Section "-un.npth"
Delete "$INSTDIR\include\npth.h"
SectionEnd
-Section "-un.adns"
- Delete "$INSTDIR\bin\libadns-1.dll"
- Delete "$INSTDIR\lib\libadns.imp"
- Delete "$INSTDIR\include\adns.h"
-SectionEnd
-
Section "-un.zlib"
Delete "$INSTDIR\bin\zlib1.dll"
SectionEnd
@@ -1278,7 +1265,9 @@ Section "-un.gnupg"
Delete "$INSTDIR\bin\gpg-connect-agent.exe"
Delete "$INSTDIR\bin\gpgtar.exe"
Delete "$INSTDIR\bin\gpg-preset-passphrase.exe"
+ Delete "$INSTDIR\bin\gpg-wks-client.exe"
+ Delete "$INSTDIR\share\gnupg\sks-keyservers.netCA.pem"
Delete "$INSTDIR\share\gnupg\dirmngr-conf.skel"
Delete "$INSTDIR\share\gnupg\distsigkey.gpg"
Delete "$INSTDIR\share\gnupg\gpg-conf.skel"
diff --git a/common/Makefile.am b/common/Makefile.am
index 72e3fb4..68b8710 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -91,7 +91,9 @@ common_sources = \
exectool.c exectool.h \
server-help.c server-help.h \
name-value.c name-value.h \
- recsel.c recsel.h
+ recsel.c recsel.h \
+ ksba-io-support.c ksba-io-support.h
+
if HAVE_W32_SYSTEM
common_sources += w32-reg.c
diff --git a/common/argparse.c b/common/argparse.c
index b53efce..2540894 100644
--- a/common/argparse.c
+++ b/common/argparse.c
@@ -4,8 +4,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
@@ -61,7 +61,7 @@
/* GnuPG uses GPLv3+ but a standalone version of this defaults to
GPLv2+ because that is the license of this file. Change this if
you include it in a program which uses GPLv3. If you don't want to
- set a a copyright string for your usage() you may also hardcode it
+ set a copyright string for your usage() you may also hardcode it
here. */
#ifndef GNUPG_MAJOR_VERSION
@@ -571,7 +571,7 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno,
int unread_buf[3]; /* We use an int so that we can store EOF. */
int unread_buf_count = 0;
- if (!fp) /* Divert to to arg_parse() in this case. */
+ if (!fp) /* Divert to arg_parse() in this case. */
return arg_parse (arg, opts);
initialize (arg, filename, lineno);
diff --git a/common/argparse.h b/common/argparse.h
index 81e881d..d75b49f 100644
--- a/common/argparse.h
+++ b/common/argparse.h
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/asshelp.c b/common/asshelp.c
index 2cab310..f3a92f9 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -414,7 +414,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
/* If the agent has been configured for use with a standard
socket, an environment variable is not required and thus
- we we can savely start the agent here. */
+ we can safely start the agent here. */
i = 0;
argv[i++] = "--homedir";
argv[i++] = abs_homedir;
diff --git a/common/dotlock.c b/common/dotlock.c
index 7ebd523..cbbd0f3 100644
--- a/common/dotlock.c
+++ b/common/dotlock.c
@@ -4,8 +4,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
@@ -411,7 +411,7 @@ struct dotlock_handle
};
-/* A list of of all lock handles. The volatile attribute might help
+/* A list of all lock handles. The volatile attribute might help
if used in an atexit handler. Note that [UN]LOCK_all_lockfiles
must not change ERRNO. */
static volatile dotlock_t all_lockfiles;
@@ -913,7 +913,7 @@ dotlock_create (const char *file_to_lock, unsigned int flags)
-/* Convenience function to store a file descriptor (or any any other
+/* Convenience function to store a file descriptor (or any other
integer value) in the context of handle H. */
void
dotlock_set_fd (dotlock_t h, int fd)
@@ -921,7 +921,7 @@ dotlock_set_fd (dotlock_t h, int fd)
h->extra_fd = fd;
}
-/* Convenience function to retrieve a file descriptor (or any any other
+/* Convenience function to retrieve a file descriptor (or any other
integer value) stored in the context of handle H. */
int
dotlock_get_fd (dotlock_t h)
diff --git a/common/dotlock.h b/common/dotlock.h
index 78a7e73..03131bb 100644
--- a/common/dotlock.h
+++ b/common/dotlock.h
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/dynload.h b/common/dynload.h
index 61930d2..54a47b2 100644
--- a/common/dynload.h
+++ b/common/dynload.h
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
index e79ee5b..2c44e2c 100644
--- a/common/exechelp-w32.c
+++ b/common/exechelp-w32.c
@@ -309,6 +309,7 @@ create_pipe_and_estream (int filedes[2], int flags,
{
gpg_error_t err = 0;
HANDLE fds[2];
+ es_syshd_t syshd;
filedes[0] = filedes[1] = -1;
err = my_error (GPG_ERR_GENERAL);
@@ -337,10 +338,17 @@ create_pipe_and_estream (int filedes[2], int flags,
if (! err && r_fp)
{
+ syshd.type = ES_SYSHD_HANDLE;
if (!outbound)
- *r_fp = es_fdopen (filedes[0], nonblock? "r,nonblock" : "r");
+ {
+ syshd.u.handle = fds[0];
+ *r_fp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r");
+ }
else
- *r_fp = es_fdopen (filedes[1], nonblock? "w,nonblock" : "w");
+ {
+ syshd.u.handle = fds[1];
+ *r_fp = es_sysopen (&syshd, nonblock? "w,nonblock" : "w");
+ }
if (!*r_fp)
{
err = my_error_from_syserror ();
diff --git a/common/exectool.c b/common/exectool.c
index ed8225a..c9e0020 100644
--- a/common/exectool.c
+++ b/common/exectool.c
@@ -384,7 +384,12 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
/* Now find the argument marker and replace by the pipe's fd.
Yeah, that is an ugly non-thread safe hack but it safes us to
create a copy of the array. */
+#ifdef HAVE_W32_SYSTEM
+ snprintf (extrafdbuf, sizeof extrafdbuf, "-&%lu",
+ (unsigned long)(void*)_get_osfhandle (extrapipe[0]));
+#else
snprintf (extrafdbuf, sizeof extrafdbuf, "-&%d", extrapipe[0]);
+#endif
for (argsaveidx=0; argv[argsaveidx]; argsaveidx++)
if (!strcmp (argv[argsaveidx], "-&@INEXTRA@"))
{
diff --git a/common/homedir.c b/common/homedir.c
index 6b40bb6..3055a32 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -914,7 +914,7 @@ gnupg_set_builddir (const char *newdir)
static void
gnupg_set_builddir_from_env (void)
{
-#ifdef IS_DEVELOPMENT_VERSION
+#if defined(IS_DEVELOPMENT_VERSION) || defined(ENABLE_GNUPG_BUILDDIR_ENVVAR)
if (gnupg_build_directory)
return;
diff --git a/common/iobuf.c b/common/iobuf.c
index d346027..db66a7f 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -2502,7 +2502,7 @@ iobuf_get_fname_nonnull (iobuf_t a)
* Enable or disable partial body length mode (RFC 4880 4.2.2.4).
*
* If LEN is 0, this disables partial block mode by popping the
- * partial body length filter, which which must be the most recently
+ * partial body length filter, which must be the most recently
* added filter.
*
* If LEN is non-zero, it pushes a partial body length filter. If
diff --git a/sm/base64.c b/common/ksba-io-support.c
index f3c7def..5c7fd22 100644
--- a/sm/base64.c
+++ b/common/ksba-io-support.c
@@ -1,14 +1,25 @@
-/* base64.c
- * Copyright (C) 2001, 2003, 2010 Free Software Foundation, Inc.
+/* kska-io-support.c - Supporting functions for ksba reader and writer
+ * Copyright (C) 2001-2005, 2007, 2010-2011, 2017 Werner Koch
+ * Copyright (C) 2006 g10 Code GmbH
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
*
- * GnuPG is distributed in the hope that it will be useful,
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
@@ -25,13 +36,12 @@
#include <unistd.h>
#include <time.h>
#include <assert.h>
-
-#include "gpgsm.h"
-
-
#include <ksba.h>
+#include "util.h"
#include "i18n.h"
+#include "ksba-io-support.h"
+
#ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n"
@@ -39,6 +49,7 @@
#define LF "\n"
#endif
+
/* Data used by the reader callbacks. */
struct reader_cb_parm_s
{
@@ -76,7 +87,7 @@ struct writer_cb_parm_s
{
estream_t stream; /* Output stream. */
- const char *pem_name;
+ char *pem_name; /* Malloced. */
int wrote_begin;
int did_finish;
@@ -90,8 +101,8 @@ struct writer_cb_parm_s
};
-/* context for this module's functions */
-struct base64_context_s {
+/* Context for this module's functions. */
+struct gnupg_ksba_io_s {
union {
struct reader_cb_parm_s rparm;
struct writer_cb_parm_s wparm;
@@ -464,7 +475,7 @@ base64_writer_cb (void *cb_value, const void *buffer, size_t count)
}
-/* This callback is only used in stream mode. Hiowever, we don't
+/* This callback is only used in stream mode. However, we don't
restrict it to this. */
static int
plain_writer_cb (void *cb_value, const void *buffer, size_t count)
@@ -539,18 +550,30 @@ base64_finish_write (struct writer_cb_parm_s *parm)
-/* Create a reader for the given file descriptor. Depending on the
- control information an input decoding is automagically chosen.
- The function returns a Base64Context object which must be passed to
- the gpgme_destroy_reader function. The created KsbaReader object
- is also returned, but the caller must not call the
- ksba_reader_release function on. If ALLOW_MULTI_PEM is true, the
- reader expects that the caller uses ksba_reader_clear after EOF
- until no more objects were found. */
-int
-gpgsm_create_reader (Base64Context *ctx,
- ctrl_t ctrl, estream_t fp, int allow_multi_pem,
- ksba_reader_t *r_reader)
+/* Create a reader for the stream FP. FLAGS can be used to specify
+ * the expected input encoding.
+ *
+ * The function returns a gnupg_ksba_io_t object which must be passed to
+ * the gpgme_destroy_reader function. The created ksba_reader_t
+ * object is stored at R_READER - the caller must not call the
+ * ksba_reader_release function on.
+ *
+ * The supported flags are:
+ *
+ * GNUPG_KSBA_IO_PEM - Assume the input is PEM encoded
+ * GNUPG_KSBA_IO_BASE64 - Assume the input is Base64 encoded.
+ * GNUPG_KSBA_IO_AUTODETECT - The reader tries to detect the encoding.
+ * GNUPG_KSBA_IO_MULTIPEM - The reader expects that the caller uses
+ * ksba_reader_clear after EOF until no more
+ * objects were found.
+ *
+ * Note that the PEM flag has a higher priority than the BASE64 flag
+ * which in turn has a gight priority than the AUTODETECT flag.
+ */
+gpg_error_t
+gnupg_ksba_create_reader (gnupg_ksba_io_t *ctx,
+ unsigned int flags, estream_t fp,
+ ksba_reader_t *r_reader)
{
int rc;
ksba_reader_t r;
@@ -559,7 +582,7 @@ gpgsm_create_reader (Base64Context *ctx,
*ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx)
return out_of_core ();
- (*ctx)->u.rparm.allow_multi_pem = allow_multi_pem;
+ (*ctx)->u.rparm.allow_multi_pem = !!(flags & GNUPG_KSBA_IO_MULTIPEM);
rc = ksba_reader_new (&r);
if (rc)
@@ -569,18 +592,18 @@ gpgsm_create_reader (Base64Context *ctx,
}
(*ctx)->u.rparm.fp = fp;
- if (ctrl->is_pem)
+ if ((flags & GNUPG_KSBA_IO_PEM))
{
(*ctx)->u.rparm.assume_pem = 1;
(*ctx)->u.rparm.assume_base64 = 1;
rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
}
- else if (ctrl->is_base64)
+ else if ((flags & GNUPG_KSBA_IO_BASE64))
{
(*ctx)->u.rparm.assume_base64 = 1;
rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
}
- else if (ctrl->autodetect_encoding)
+ else if ((flags & GNUPG_KSBA_IO_AUTODETECT))
{
(*ctx)->u.rparm.autodetect = 1;
rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
@@ -601,14 +624,17 @@ gpgsm_create_reader (Base64Context *ctx,
}
+/* Return True if an EOF as been seen. */
int
-gpgsm_reader_eof_seen (Base64Context ctx)
+gnupg_ksba_reader_eof_seen (gnupg_ksba_io_t ctx)
{
return ctx && ctx->u.rparm.eof_seen;
}
+
+/* Destroy a reader object. */
void
-gpgsm_destroy_reader (Base64Context ctx)
+gnupg_ksba_destroy_reader (gnupg_ksba_io_t ctx)
{
if (!ctx)
return;
@@ -619,15 +645,27 @@ gpgsm_destroy_reader (Base64Context ctx)
-/* Create a writer for the given STREAM. Depending on
- the control information an output encoding is automagically
- chosen. The function returns a Base64Context object which must be
- passed to the gpgme_destroy_writer function. The created
- KsbaWriter object is also returned, but the caller must not call
- the ksba_reader_release function on it. */
-int
-gpgsm_create_writer (Base64Context *ctx, ctrl_t ctrl, estream_t stream,
- ksba_writer_t *r_writer)
+/* Create a writer for the given STREAM. Depending on FLAGS an output
+ * encoding is chosen. In PEM mode PEM_NAME is used for the header
+ * and footer lines; if PEM_NAME is NULL the string "CMS OBJECT" is
+ * used.
+ *
+ * The function returns a gnupg_ksba_io_t object which must be passed to
+ * the gpgme_destroy_writer function. The created ksba_writer_t
+ * object is stored at R_WRITER - the caller must not call the
+ * ksba_reader_release function on it.
+ *
+ * The supported flags are:
+ *
+ * GNUPG_KSBA_IO_PEM - Write output as PEM
+ * GNUPG_KSBA_IO_BASE64 - Write output as plain Base64; note that the PEM
+ * flag overrides this flag.
+ *
+ */
+gpg_error_t
+gnupg_ksba_create_writer (gnupg_ksba_io_t *ctx, unsigned int flags,
+ const char *pem_name, estream_t stream,
+ ksba_writer_t *r_writer)
{
int rc;
ksba_writer_t w;
@@ -635,7 +673,7 @@ gpgsm_create_writer (Base64Context *ctx, ctrl_t ctrl, estream_t stream,
*r_writer = NULL;
*ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx)
- return out_of_core ();
+ return gpg_error_from_syserror ();
rc = ksba_writer_new (&w);
if (rc)
@@ -644,12 +682,22 @@ gpgsm_create_writer (Base64Context *ctx, ctrl_t ctrl, estream_t stream,
return rc;
}
- if (ctrl->create_pem || ctrl->create_base64)
+ if ((flags & GNUPG_KSBA_IO_PEM) || (flags & GNUPG_KSBA_IO_BASE64))
{
(*ctx)->u.wparm.stream = stream;
- if (ctrl->create_pem)
- (*ctx)->u.wparm.pem_name = ctrl->pem_name? ctrl->pem_name
- : "CMS OBJECT";
+ if ((flags & GNUPG_KSBA_IO_PEM))
+ {
+ (*ctx)->u.wparm.pem_name = xtrystrdup (pem_name
+ ? pem_name
+ : "CMS OBJECT");
+ if (!(*ctx)->u.wparm.pem_name)
+ {
+ rc = gpg_error_from_syserror ();
+ ksba_writer_release (w);
+ xfree (*ctx); *ctx = NULL;
+ return rc;
+ }
+ }
rc = ksba_writer_set_cb (w, base64_writer_cb, &(*ctx)->u.wparm);
}
else if (stream)
@@ -673,8 +721,10 @@ gpgsm_create_writer (Base64Context *ctx, ctrl_t ctrl, estream_t stream,
}
-int
-gpgsm_finish_writer (Base64Context ctx)
+/* Flush a writer. This is for example required to write the padding
+ * or the PEM footer. */
+gpg_error_t
+gnupg_ksba_finish_writer (gnupg_ksba_io_t ctx)
{
struct writer_cb_parm_s *parm;
@@ -689,12 +739,15 @@ gpgsm_finish_writer (Base64Context ctx)
return base64_finish_write (parm);
}
+
+/* Destroy a writer object. */
void
-gpgsm_destroy_writer (Base64Context ctx)
+gnupg_ksba_destroy_writer (gnupg_ksba_io_t ctx)
{
if (!ctx)
return;
ksba_writer_release (ctx->u2.writer);
+ xfree (ctx->u.wparm.pem_name);
xfree (ctx);
}
diff --git a/common/ksba-io-support.h b/common/ksba-io-support.h
new file mode 100644
index 0000000..e33e0ed
--- /dev/null
+++ b/common/ksba-io-support.h
@@ -0,0 +1,66 @@
+/* ksba-io-support.h - Supporting functions for ksba reader and writer
+ * Copyright (C) 2017 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_KSBA_IO_SUPPORT_H
+#define GNUPG_KSBA_IO_SUPPORT_H
+
+/* Flags used with gnupg_ksba_create_reader and
+ * gnupg_ksba_create_writer. */
+#define GNUPG_KSBA_IO_PEM 1 /* X.509 PEM format. */
+#define GNUPG_KSBA_IO_BASE64 2 /* Plain Base64 format. */
+#define GNUPG_KSBA_IO_AUTODETECT 4 /* Try to autodetect the format. */
+#define GNUPG_KSBA_IO_MULTIPEM 8 /* Allow more than one PEM chunk. */
+
+
+/* Context object. */
+typedef struct gnupg_ksba_io_s *gnupg_ksba_io_t;
+
+
+
+gpg_error_t gnupg_ksba_create_reader (gnupg_ksba_io_t *ctx,
+ unsigned int flags,
+ estream_t fp,
+ ksba_reader_t *r_reader);
+
+int gnupg_ksba_reader_eof_seen (gnupg_ksba_io_t ctx);
+void gnupg_ksba_destroy_reader (gnupg_ksba_io_t ctx);
+
+gpg_error_t gnupg_ksba_create_writer (gnupg_ksba_io_t *ctx,
+ unsigned int flags,
+ const char *pem_name,
+ estream_t stream,
+ ksba_writer_t *r_writer);
+
+gpg_error_t gnupg_ksba_finish_writer (gnupg_ksba_io_t ctx);
+void gnupg_ksba_destroy_writer (gnupg_ksba_io_t ctx);
+
+
+
+
+#endif /*GNUPG_KSBA_IO_SUPPORT_H*/
diff --git a/common/logging.c b/common/logging.c
index 8c70742..18c40b3 100644
--- a/common/logging.c
+++ b/common/logging.c
@@ -4,8 +4,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
@@ -61,6 +61,7 @@
#include "i18n.h"
#include "common-defs.h"
#include "logging.h"
+#include "sysutils.h"
#ifdef HAVE_W32_SYSTEM
# define S_IRGRP S_IRUSR
@@ -570,6 +571,9 @@ log_set_file (const char *name)
void
log_set_fd (int fd)
{
+ if (! gnupg_fd_valid (fd))
+ log_fatal ("logger-fd is invalid: %s\n", strerror (errno));
+
set_file_fd (NULL, fd);
}
@@ -723,7 +727,7 @@ print_prefix (int level, int leading_backspace)
static void
do_logv (int level, int ignore_arg_ptr, const char *extrastring,
- const char *fmt, va_list arg_ptr)
+ const char *prefmt, const char *fmt, va_list arg_ptr)
{
int leading_backspace = (fmt && *fmt == '\b');
@@ -755,6 +759,9 @@ do_logv (int level, int ignore_arg_ptr, const char *extrastring,
if (fmt)
{
+ if (prefmt)
+ es_fputs_unlocked (prefmt, logstream);
+
if (ignore_arg_ptr)
{ /* This is used by log_string and comes with the extra
* feature that after a LF the next line is indent at the
@@ -857,7 +864,7 @@ log_log (int level, const char *fmt, ...)
va_list arg_ptr ;
va_start (arg_ptr, fmt) ;
- do_logv (level, 0, NULL, fmt, arg_ptr);
+ do_logv (level, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
}
@@ -865,7 +872,18 @@ log_log (int level, const char *fmt, ...)
void
log_logv (int level, const char *fmt, va_list arg_ptr)
{
- do_logv (level, 0, NULL, fmt, arg_ptr);
+ do_logv (level, 0, NULL, NULL, fmt, arg_ptr);
+}
+
+
+/* Same as log_logv but PREFIX is printed immediately before FMT.
+ * Note that PREFIX is an additional string and independent of the
+ * prefix set by log_set_prefix. */
+void
+log_logv_with_prefix (int level, const char *prefix,
+ const char *fmt, va_list arg_ptr)
+{
+ do_logv (level, 0, NULL, prefix, fmt, arg_ptr);
}
@@ -874,7 +892,7 @@ do_log_ignore_arg (int level, const char *str, ...)
{
va_list arg_ptr;
va_start (arg_ptr, str);
- do_logv (level, 1, NULL, str, arg_ptr);
+ do_logv (level, 1, NULL, NULL, str, arg_ptr);
va_end (arg_ptr);
}
@@ -896,7 +914,7 @@ log_info (const char *fmt, ...)
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_INFO, 0, NULL, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_INFO, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
}
@@ -907,7 +925,7 @@ log_error (const char *fmt, ...)
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_ERROR, 0, NULL, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_ERROR, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
/* Protect against counter overflow. */
if (errorcount < 30000)
@@ -921,7 +939,7 @@ log_fatal (const char *fmt, ...)
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_FATAL, 0, NULL, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_FATAL, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
abort (); /* Never called; just to make the compiler happy. */
}
@@ -933,7 +951,7 @@ log_bug (const char *fmt, ...)
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_BUG, 0, NULL, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_BUG, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
abort (); /* Never called; just to make the compiler happy. */
}
@@ -945,7 +963,7 @@ log_debug (const char *fmt, ...)
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_DEBUG, 0, NULL, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_DEBUG, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
}
@@ -959,7 +977,7 @@ log_debug_with_string (const char *string, const char *fmt, ...)
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (GPGRT_LOG_DEBUG, 0, string, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_DEBUG, 0, string, NULL, fmt, arg_ptr);
va_end (arg_ptr);
}
@@ -970,7 +988,7 @@ log_printf (const char *fmt, ...)
va_list arg_ptr;
va_start (arg_ptr, fmt);
- do_logv (fmt ? GPGRT_LOG_CONT : GPGRT_LOG_BEGIN, 0, NULL, fmt, arg_ptr);
+ do_logv (fmt ? GPGRT_LOG_CONT : GPGRT_LOG_BEGIN, 0, NULL, NULL, fmt, arg_ptr);
va_end (arg_ptr);
}
diff --git a/common/logging.h b/common/logging.h
index ed1d3b9..e1bf56b 100644
--- a/common/logging.h
+++ b/common/logging.h
@@ -4,8 +4,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
@@ -90,6 +90,8 @@ enum jnlib_log_levels {
};
void log_log (int level, const char *fmt, ...) GPGRT_ATTR_PRINTF(2,3);
void log_logv (int level, const char *fmt, va_list arg_ptr);
+void log_logv_with_prefix (int level, const char *prefix,
+ const char *fmt, va_list arg_ptr);
void log_string (int level, const char *string);
void log_bug (const char *fmt, ...) GPGRT_ATTR_NR_PRINTF(1,2);
void log_fatal (const char *fmt, ...) GPGRT_ATTR_NR_PRINTF(1,2);
diff --git a/common/membuf.c b/common/membuf.c
index 4c1a844..18a971d 100644
--- a/common/membuf.c
+++ b/common/membuf.c
@@ -67,7 +67,7 @@ init_membuf_secure (membuf_t *mb, int initiallen)
}
-/* Shift the the content of the membuf MB by AMOUNT bytes. The next
+/* Shift the content of the membuf MB by AMOUNT bytes. The next
operation will then behave as if AMOUNT bytes had not been put into
the buffer. If AMOUNT is greater than the actual accumulated
bytes, the membuf is basically reset to its initial state. */
diff --git a/common/mischelp.c b/common/mischelp.c
index fd8f675..75ba607 100644
--- a/common/mischelp.c
+++ b/common/mischelp.c
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/mischelp.h b/common/mischelp.h
index 1ad146e..18ec96e 100644
--- a/common/mischelp.h
+++ b/common/mischelp.h
@@ -4,8 +4,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/name-value.c b/common/name-value.c
index 1018668..5094acd 100644
--- a/common/name-value.c
+++ b/common/name-value.c
@@ -59,7 +59,7 @@ struct name_value_entry
/* The name. Comments and blank lines have NAME set to NULL. */
char *name;
- /* The value as stored in the file. We store it when when we parse
+ /* The value as stored in the file. We store it when we parse
a file so that we can reproduce it. */
strlist_t raw_value;
diff --git a/common/session-env.c b/common/session-env.c
index 1bc3a2b..c1eb1d9 100644
--- a/common/session-env.c
+++ b/common/session-env.c
@@ -317,7 +317,7 @@ session_env_getenv (session_env_t se, const char *name)
long it has not been removed or updated by a call to
session_env_putenv. If the variable does not exist, the function
tries to return the value trough a call to getenv; if that returns
- a value, this value is recorded and and used. If no value could be
+ a value, this value is recorded and used. If no value could be
found, returns NULL. The caller must not change the returned
value. */
char *
diff --git a/common/sexp-parse.h b/common/sexp-parse.h
index 9b14f77..4f77f14 100644
--- a/common/sexp-parse.h
+++ b/common/sexp-parse.h
@@ -89,7 +89,7 @@ sskip (unsigned char const **buf, int *depth)
}
-/* Check whether the the string at the address BUF points to matches
+/* Check whether the string at the address BUF points to matches
the token. Return true on match and update BUF to point behind the
token. Return false and do not update the buffer if it does not
match. */
diff --git a/common/sexputil.c b/common/sexputil.c
index 0c5c730..a8dc1a5 100644
--- a/common/sexputil.c
+++ b/common/sexputil.c
@@ -512,53 +512,6 @@ get_rsa_pk_from_canon_sexp (const unsigned char *keydata, size_t keydatalen,
}
-/* Return the algo of a public RSA expressed as an canonical encoded
- S-expression. The return value is a statically allocated
- string. On error that string is set to NULL. */
-gpg_error_t
-get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen,
- const char **r_algo)
-{
- gpg_error_t err;
- const unsigned char *buf, *tok;
- size_t buflen, toklen;
- int depth;
-
- *r_algo = NULL;
-
- buf = keydata;
- buflen = keydatalen;
- depth = 0;
- if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
- return err;
- if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
- return err;
- if (!tok || toklen != 10 || memcmp ("public-key", tok, toklen))
- return gpg_error (GPG_ERR_BAD_PUBKEY);
- if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
- return err;
- if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
- return err;
- if (!tok)
- return gpg_error (GPG_ERR_BAD_PUBKEY);
-
- if (toklen == 3 && !memcmp ("rsa", tok, toklen))
- *r_algo = "rsa";
- else if (toklen == 3 && !memcmp ("dsa", tok, toklen))
- *r_algo = "dsa";
- else if (toklen == 3 && !memcmp ("elg", tok, toklen))
- *r_algo = "elg";
- else if (toklen == 5 && !memcmp ("ecdsa", tok, toklen))
- *r_algo = "ecdsa";
- else if (toklen == 5 && !memcmp ("eddsa", tok, toklen))
- *r_algo = "eddsa";
- else
- return gpg_error (GPG_ERR_PUBKEY_ALGO);
-
- return 0;
-}
-
-
/* Return the algo of a public KEY of SEXP. */
int
get_pk_algo_from_key (gcry_sexp_t key)
@@ -606,3 +559,21 @@ get_pk_algo_from_key (gcry_sexp_t key)
return algo;
}
+
+
+/* This is a variant of get_pk_algo_from_key but takes an canonical
+ * encoded S-expression as input. Returns a GCRYPT public key
+ * identiier or 0 on error. */
+int
+get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen)
+{
+ gcry_sexp_t sexp;
+ int algo;
+
+ if (gcry_sexp_sscan (&sexp, NULL, keydata, keydatalen))
+ return 0;
+
+ algo = get_pk_algo_from_key (sexp);
+ gcry_sexp_release (sexp);
+ return algo;
+}
diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
index c74317f..e7f4af3 100644
--- a/common/simple-pwquery.c
+++ b/common/simple-pwquery.c
@@ -352,7 +352,7 @@ default_inq_cb (void *opaque, const char *line)
/* Ask the gpg-agent for a passphrase and present the user with a
DESCRIPTION, a PROMPT and optionally with a TRYAGAIN extra text.
- If a CACHEID is not NULL it is used to locate the passphrase in in
+ If a CACHEID is not NULL it is used to locate the passphrase in
the cache and store it under this ID. If OPT_CHECK is true
gpg-agent is asked to apply some checks on the passphrase security.
If ERRORCODE is not NULL it should point a variable receiving an
diff --git a/common/simple-pwquery.h b/common/simple-pwquery.h
index f98a396..772aa39 100644
--- a/common/simple-pwquery.h
+++ b/common/simple-pwquery.h
@@ -42,7 +42,7 @@
/* Ask the gpg-agent for a passphrase and present the user with a
DESCRIPTION, a PROMPT and optiaonlly with a TRYAGAIN extra text.
- If a CACHEID is not NULL it is used to locate the passphrase in in
+ If a CACHEID is not NULL it is used to locate the passphrase in
the cache and store it under this ID. If OPT_CHECK is true
gpg-agent is asked to apply some checks on the passphrase security.
If ERRORCODE is not NULL it should point a variable receiving an
diff --git a/common/status.h b/common/status.h
index 3de4aa5..8831a0f 100644
--- a/common/status.h
+++ b/common/status.h
@@ -57,6 +57,7 @@ enum
STATUS_NO_PUBKEY,
STATUS_NO_SECKEY,
STATUS_NEED_PASSPHRASE_SYM,
+ STATUS_DECRYPTION_KEY,
STATUS_DECRYPTION_INFO,
STATUS_DECRYPTION_FAILED,
STATUS_DECRYPTION_OKAY,
diff --git a/common/stringhelp.c b/common/stringhelp.c
index dea2212..341dd52 100644
--- a/common/stringhelp.c
+++ b/common/stringhelp.c
@@ -6,8 +6,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/stringhelp.h b/common/stringhelp.h
index d0156d5..3852d0f 100644
--- a/common/stringhelp.h
+++ b/common/stringhelp.h
@@ -5,8 +5,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/strlist.c b/common/strlist.c
index 02881cd..6feb3a4 100644
--- a/common/strlist.c
+++ b/common/strlist.c
@@ -4,8 +4,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/strlist.h b/common/strlist.h
index d74bc4d..641ea06 100644
--- a/common/strlist.h
+++ b/common/strlist.h
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/sysutils.c b/common/sysutils.c
index e67420f..a796677 100644
--- a/common/sysutils.c
+++ b/common/sysutils.c
@@ -1281,3 +1281,14 @@ gnupg_get_socket_name (int fd)
return name;
}
#endif /*!HAVE_W32_SYSTEM*/
+
+/* Check whether FD is valid. */
+int
+gnupg_fd_valid (int fd)
+{
+ int d = dup (fd);
+ if (d < 0)
+ return 0;
+ close (d);
+ return 1;
+}
diff --git a/common/sysutils.h b/common/sysutils.h
index a9316d7..ecd9f84 100644
--- a/common/sysutils.h
+++ b/common/sysutils.h
@@ -72,6 +72,7 @@ int gnupg_setenv (const char *name, const char *value, int overwrite);
int gnupg_unsetenv (const char *name);
char *gnupg_getcwd (void);
char *gnupg_get_socket_name (int fd);
+int gnupg_fd_valid (int fd);
gpg_error_t gnupg_inotify_watch_socket (int *r_fd, const char *socket_name);
int gnupg_inotify_has_name (int fd, const char *name);
diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c
index d86d896..a105ad1 100644
--- a/common/t-stringhelp.c
+++ b/common/t-stringhelp.c
@@ -4,8 +4,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/t-strlist.c b/common/t-strlist.c
index bd835ca..fdbeb9b 100644
--- a/common/t-strlist.c
+++ b/common/t-strlist.c
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/t-support.c b/common/t-support.c
index 8ed0a62..fc4bd4b 100644
--- a/common/t-support.c
+++ b/common/t-support.c
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/t-support.h b/common/t-support.h
index 5449a56..7aa46c0 100644
--- a/common/t-support.h
+++ b/common/t-support.h
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/t-timestuff.c b/common/t-timestuff.c
index 1e524f5..6a75925 100644
--- a/common/t-timestuff.c
+++ b/common/t-timestuff.c
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/t-w32-reg.c b/common/t-w32-reg.c
index 48ea0d4..01816db 100644
--- a/common/t-w32-reg.c
+++ b/common/t-w32-reg.c
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/ttyio.c b/common/ttyio.c
index 29af1b3..c7c9d85 100644
--- a/common/ttyio.c
+++ b/common/ttyio.c
@@ -602,7 +602,7 @@ tty_get( const char *prompt )
return do_get ( prompt, 0 );
}
-/* Variable argument version of tty_get. The prompt is is actually a
+/* Variable argument version of tty_get. The prompt is actually a
format string with arguments. */
char *
tty_getf (const char *promptfmt, ... )
diff --git a/common/types.h b/common/types.h
index 7d85a35..8e551df 100644
--- a/common/types.h
+++ b/common/types.h
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/utf8conv.c b/common/utf8conv.c
index bce9e3a..d2c2820 100644
--- a/common/utf8conv.c
+++ b/common/utf8conv.c
@@ -4,8 +4,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
@@ -160,7 +160,7 @@ set_native_charset (const char *newset)
const char *aliases;
/* We are a console program thus we need to use the
- GetConsoleOutputCP function and not the the GetACP which
+ GetConsoleOutputCP function and not the GetACP which
would give the codepage for a GUI program. Note this is not
a bulletproof detection because GetConsoleCP might return a
different one for console input. Not sure how to cope with
diff --git a/common/utf8conv.h b/common/utf8conv.h
index 1c6c584..8b76e11 100644
--- a/common/utf8conv.h
+++ b/common/utf8conv.h
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/util.h b/common/util.h
index f7a53e1..c0aa57a 100644
--- a/common/util.h
+++ b/common/util.h
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
@@ -195,10 +195,10 @@ gpg_error_t get_rsa_pk_from_canon_sexp (const unsigned char *keydata,
size_t *r_nlen,
unsigned char const **r_e,
size_t *r_elen);
-gpg_error_t get_pk_algo_from_canon_sexp (const unsigned char *keydata,
- size_t keydatalen,
- const char **r_algo);
+
int get_pk_algo_from_key (gcry_sexp_t key);
+int get_pk_algo_from_canon_sexp (const unsigned char *keydata,
+ size_t keydatalen);
/*-- convert.c --*/
int hex2bin (const char *string, void *buffer, size_t length);
diff --git a/common/w32-reg.c b/common/w32-reg.c
index 2d64215..d8d94b9 100644
--- a/common/w32-reg.c
+++ b/common/w32-reg.c
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/w32help.h b/common/w32help.h
index e495e34..177efbc 100644
--- a/common/w32help.h
+++ b/common/w32help.h
@@ -3,8 +3,8 @@
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute and/or modify this
+ * part of GnuPG under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
diff --git a/common/yesno.c b/common/yesno.c
index 58de63d..ebe8d82 100644
--- a/common/yesno.c
+++ b/common/yesno.c
@@ -114,7 +114,7 @@ answer_is_yes_no_quit ( const char *s )
}
/*
- Return 1 for okay, 0 for for cancel or DEF_ANSWER for default.
+ Return 1 for okay, 0 for cancel or DEF_ANSWER for default.
*/
int
answer_is_okay_cancel (const char *s, int def_answer)
diff --git a/configure.ac b/configure.ac
index f929cb6..4b9ceca 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,7 +28,7 @@ min_automake_version="1.14"
m4_define([mym4_package],[gnupg])
m4_define([mym4_major], [2])
m4_define([mym4_minor], [1])
-m4_define([mym4_micro], [18])
+m4_define([mym4_micro], [19])
# To start a new development series, i.e a new major or minor number
# you need to mark an arbitrary commit before the first beta release
@@ -990,6 +990,22 @@ else
fi
fi
+#
+# Allow to set a fixed trust store file for system provided certificates.
+#
+AC_ARG_WITH([default-trust-store-file],
+ [AC_HELP_STRING([--with-default-trust-store-file=FILE],
+ [Use FILE as system trust store])],
+ default_trust_store_file="$withval",
+ default_trust_store_file="")
+if test x"$default_trust_store_file" = xno;then
+ default_trust_store_file=""
+fi
+if test x"$default_trust_store_file" != x ; then
+ AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
+ ["$default_trust_store_file"], [Use as default system trust store file])
+fi
+
AC_MSG_NOTICE([checking for networking options])
@@ -1375,6 +1391,53 @@ if test $ac_cv_func_mmap != yes -a $mmap_needed = yes; then
AC_MSG_ERROR([[Sorry, the current implemenation requires mmap.]])
fi
+
+#
+# Check for the getsockopt SO_PEERCRED
+# (This has been copied from libassuan)
+#
+AC_MSG_CHECKING(for SO_PEERCRED)
+AC_CACHE_VAL(gnupg_cv_sys_so_peercred,
+ [AC_TRY_COMPILE([#include <sys/socket.h>],
+ [struct ucred cr;
+ int cl = sizeof cr;
+ getsockopt (1, SOL_SOCKET, SO_PEERCRED, &cr, &cl);],
+ gnupg_cv_sys_so_peercred=yes,
+ gnupg_cv_sys_so_peercred=no)
+ ])
+AC_MSG_RESULT($gnupg_cv_sys_so_peercred)
+
+if test $gnupg_cv_sys_so_peercred = yes; then
+ AC_DEFINE(HAVE_SO_PEERCRED, 1,
+ [Defined if SO_PEERCRED is supported (Linux specific)])
+else
+ # Check for the getsockopt LOCAL_PEEREID (NetBSD)
+ AC_MSG_CHECKING(for LOCAL_PEEREID)
+ AC_CACHE_VAL(gnupg_cv_sys_so_local_peereid,
+ [AC_TRY_COMPILE([#include <sys/socket.>
+ #include <sys/un.h>],
+ [struct unpcbid unp;
+ int unpl = sizeof unp;
+ getsockopt (1, SOL_SOCKET, LOCAL_PEEREID, &unp, &unpl);],
+ gnupg_cv_sys_so_local_peereid=yes,
+ gnupg_cv_sys_so_local_peereid=no)
+ ])
+ AC_MSG_RESULT($gnupg_cv_sys_so_local_peereid)
+
+ if test $gnupg_cv_sys_so_local_peereid = yes; then
+ AC_DEFINE(HAVE_LOCAL_PEEREID, 1,
+ [Defined if LOCAL_PEEREID is supported (NetBSD specific)])
+ else
+ # (Open)Solaris
+ AC_CHECK_FUNCS([getpeerucred], AC_CHECK_HEADERS([ucred.h]))
+ if test $ac_cv_func_getpeerucred != yes; then
+ # FreeBSD
+ AC_CHECK_FUNCS([getpeereid])
+ fi
+ fi
+fi
+
+
#
# W32 specific test
#
@@ -1630,6 +1693,21 @@ AC_ARG_ENABLE(optimization,
fi])
#
+# We do not want support for the GNUPG_BUILDDIR environment variable
+# in a released version. However, our regression tests suite requires
+# this and thus we build with support for it during "make distcheck".
+# This configure option implements this along with the top Makefile's
+# AM_DISTCHECK_CONFIGURE_FLAGS.
+#
+gnupg_builddir_envvar=no
+AC_ARG_ENABLE(gnupg-builddir-envvar,,
+ gnupg_builddir_envvar=$enableval)
+if test x"$gnupg_builddir_envvar" = x"yes"; then
+ AC_DEFINE(ENABLE_GNUPG_BUILDDIR_ENVVAR, 1,
+ [This is only used with "make distcheck"])
+fi
+
+#
# Add user CFLAGS.
#
CFLAGS="$CFLAGS $CFLAGS_orig"
diff --git a/dirmngr/ChangeLog-2011 b/dirmngr/ChangeLog-2011
index a793a33..243f2b5 100644
--- a/dirmngr/ChangeLog-2011
+++ b/dirmngr/ChangeLog-2011
@@ -1497,7 +1497,7 @@
* dirmngr-client.c (inq_cert): Ignore "SENDCERT" and
"SENDISSUERCERT".
- * server.c (do_get_cert_local): Limit the length of a retruned
+ * server.c (do_get_cert_local): Limit the length of a returned
certificate. Return NULL without an error if an empry value has
been received.
@@ -1897,7 +1897,7 @@
corrupted CRL files.
(open_dir): Read the new dbfile hash field.
- * src/crlfetch.c (crl_fetch, crl_fetch_default): Changed to retrun
+ * src/crlfetch.c (crl_fetch, crl_fetch_default): Changed to return
a stream.
(fun_reader, fun_closer, setup_funopen): New.
* src/server.c (inquire_cert): Changed to use the new stream interface
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index d3f89bc..8d22cc4 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -62,6 +62,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \
ocsp.c ocsp.h validate.c validate.h \
dns-stuff.c dns-stuff.h \
http.c http.h \
+ http-ntbtls.c \
ks-action.c ks-action.h ks-engine.h \
ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
@@ -138,12 +139,14 @@ endif
# http tests
+# We need to add the KSBA flags in case we are building against GNUTLS.
+# In that case NTBTLS flags are empty, but we need ksba anyway.
t_http_SOURCES = $(t_common_src) t-http.c http.c dns-stuff.c
t_http_CFLAGS = -DWITHOUT_NPTH=1 $(USE_C99_CFLAGS) \
$(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS) \
- $(GPG_ERROR_CFLAGS)
+ $(GPG_ERROR_CFLAGS) $(KSBA_CFLAGS)
t_http_LDADD = $(t_common_ldadd) \
- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
+ $(NTBTLS_LIBS) $(KSBA_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
t_ldap_parse_uri_SOURCES = \
t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index ad85d99..3284ff2 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -1,5 +1,5 @@
/* certcache.c - Certificate caching
- * Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH
+ * Copyright (C) 2004, 2005, 2007, 2008, 2017 g10 Code GmbH
*
* This file is part of DirMngr.
*
@@ -29,11 +29,11 @@
#include "dirmngr.h"
#include "misc.h"
+#include "../common/ksba-io-support.h"
#include "crlfetch.h"
#include "certcache.h"
-
-#define MAX_EXTRA_CACHED_CERTS 1000
+#define MAX_NONPERM_CACHED_CERTS 1000
/* Constants used to classify search patterns. */
enum pattern_class
@@ -66,11 +66,14 @@ struct cert_item_s
char *issuer_dn; /* The malloced issuer DN. */
ksba_sexp_t sn; /* The malloced serial number */
char *subject_dn; /* The malloced subject DN - maybe NULL. */
- struct
- {
- unsigned int loaded:1; /* It has been explicitly loaded. */
- unsigned int trusted:1; /* This is a trusted root certificate. */
- } flags;
+
+ /* If this field is set the certificate has been taken from some
+ * configuration and shall not be flushed from the cache. */
+ unsigned int permanent:1;
+
+ /* If this field is set the certificate is trusted. The actual
+ * value is a (possible) combination of CERTTRUST_CLASS values. */
+ unsigned int trustclasses:4;
};
typedef struct cert_item_s *cert_item_t;
@@ -88,10 +91,21 @@ static npth_rwlock_t cert_cache_lock;
/* Flag to track whether the cache has been initialized. */
static int initialization_done;
-/* Total number of certificates loaded during initialization and
- cached during operation. */
-static unsigned int total_loaded_certificates;
-static unsigned int total_extra_certificates;
+/* Total number of non-permanent certificates. */
+static unsigned int total_nonperm_certificates;
+
+
+#ifdef HAVE_W32_SYSTEM
+/* We load some functions dynamically. Provide typedefs for tehse
+ * fucntions. */
+typedef HCERTSTORE (WINAPI *CERTOPENSYSTEMSTORE)
+ (HCRYPTPROV hProv, LPCSTR szSubsystemProtocol);
+typedef PCCERT_CONTEXT (WINAPI *CERTENUMCERTIFICATESINSTORE)
+ (HCERTSTORE hCertStore, PCCERT_CONTEXT pPrevCertContext);
+typedef WINBOOL (WINAPI *CERTCLOSESTORE)
+ (HCERTSTORE hCertStore,DWORD dwFlags);
+#endif /*HAVE_W32_SYSTEM*/
+
@@ -154,8 +168,8 @@ compare_serialno (ksba_sexp_t serial1, ksba_sexp_t serial2 )
/* Return a malloced canonical S-Expression with the serial number
- converted from the hex string HEXSN. Return NULL on memory
- error. */
+ * converted from the hex string HEXSN. Return NULL on memory
+ * error. */
ksba_sexp_t
hexsn_to_sexp (const char *hexsn)
{
@@ -205,6 +219,7 @@ cert_compute_fpr (ksba_cert_t cert, unsigned char *digest)
}
+
/* Cleanup one slot. This releases all resourses but keeps the actual
slot in the cache marked for reuse. */
static void
@@ -224,18 +239,29 @@ clean_cache_slot (cert_item_t ci)
cert = ci->cert;
ci->cert = NULL;
+ ci->permanent = 0;
+ ci->trustclasses = 0;
+
ksba_cert_release (cert);
}
/* Put the certificate CERT into the cache. It is assumed that the
- cache is locked while this function is called. If FPR_BUFFER is not
- NULL the fingerprint of the certificate will be stored there.
- FPR_BUFFER neds to point to a buffer of at least 20 bytes. The
- fingerprint will be stored on success or when the function returns
- gpg_err_code(GPG_ERR_DUP_VALUE). */
+ * cache is locked while this function is called.
+ *
+ * FROM_CONFIG indicates that CERT is a permanent certificate and
+ * should stay in the cache. IS_TRUSTED requests that the trusted
+ * flag is set for the certificate; a value of 1 indicates the
+ * cert is trusted due to GnuPG mechanisms, a value of 2 indicates
+ * that it is trusted because it has been taken from the system's
+ * store of trusted certificates. If FPR_BUFFER is not NULL the
+ * fingerprint of the certificate will be stored there. FPR_BUFFER
+ * needs to point to a buffer of at least 20 bytes. The fingerprint
+ * will be stored on success or when the function returns
+ * GPG_ERR_DUP_VALUE. */
static gpg_error_t
-put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
+put_cert (ksba_cert_t cert, int permanent, unsigned int trustclass,
+ void *fpr_buffer)
{
unsigned char help_fpr_buffer[20], *fpr;
cert_item_t ci;
@@ -243,24 +269,24 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
fpr = fpr_buffer? fpr_buffer : &help_fpr_buffer;
/* If we already reached the caching limit, drop a couple of certs
- from the cache. Our dropping strategy is simple: We keep a
- static index counter and use this to start looking for
- certificates, then we drop 5 percent of the oldest certificates
- starting at that index. For a large cache this is a fair way of
- removing items. An LRU strategy would be better of course.
- Because we append new entries to the head of the list and we want
- to remove old ones first, we need to do this from the tail. The
- implementation is not very efficient but compared to the long
- time it takes to retrieve a certifciate from an external resource
- it seems to be reasonable. */
- if (!is_loaded && total_extra_certificates >= MAX_EXTRA_CACHED_CERTS)
+ * from the cache. Our dropping strategy is simple: We keep a
+ * static index counter and use this to start looking for
+ * certificates, then we drop 5 percent of the oldest certificates
+ * starting at that index. For a large cache this is a fair way of
+ * removing items. An LRU strategy would be better of course.
+ * Because we append new entries to the head of the list and we want
+ * to remove old ones first, we need to do this from the tail. The
+ * implementation is not very efficient but compared to the long
+ * time it takes to retrieve a certificate from an external resource
+ * it seems to be reasonable. */
+ if (!permanent && total_nonperm_certificates >= MAX_NONPERM_CACHED_CERTS)
{
static int idx;
cert_item_t ci_mark;
int i;
unsigned int drop_count;
- drop_count = MAX_EXTRA_CACHED_CERTS / 20;
+ drop_count = MAX_NONPERM_CACHED_CERTS / 20;
if (drop_count < 2)
drop_count = 2;
@@ -270,13 +296,13 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
{
ci_mark = NULL;
for (ci = cert_cache[i]; ci; ci = ci->next)
- if (ci->cert && !ci->flags.loaded)
+ if (ci->cert && !ci->permanent)
ci_mark = ci;
if (ci_mark)
{
clean_cache_slot (ci_mark);
drop_count--;
- total_extra_certificates--;
+ total_nonperm_certificates--;
}
}
if (i==idx)
@@ -302,8 +328,6 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
ci->next = cert_cache[*fpr];
cert_cache[*fpr] = ci;
}
- else
- memset (&ci->flags, 0, sizeof ci->flags);
ksba_cert_ref (cert);
ci->cert = cert;
@@ -316,13 +340,11 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
return gpg_error (GPG_ERR_INV_CERT_OBJ);
}
ci->subject_dn = ksba_cert_get_subject (cert, 0);
- ci->flags.loaded = !!is_loaded;
- ci->flags.trusted = !!is_trusted;
+ ci->permanent = !!permanent;
+ ci->trustclasses = trustclass;
- if (is_loaded)
- total_loaded_certificates++;
- else
- total_extra_certificates++;
+ if (!permanent)
+ total_nonperm_certificates++;
return 0;
}
@@ -330,10 +352,10 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
/* Load certificates from the directory DIRNAME. All certificates
matching the pattern "*.crt" or "*.der" are loaded. We assume that
- certificates are DER encoded and not PEM encapsulated. The cache
+ certificates are DER encoded and not PEM encapsulated. The cache
should be in a locked state when calling this function. */
static gpg_error_t
-load_certs_from_dir (const char *dirname, int are_trusted)
+load_certs_from_dir (const char *dirname, unsigned int trustclass)
{
gpg_error_t err;
DIR *dir;
@@ -390,12 +412,12 @@ load_certs_from_dir (const char *dirname, int are_trusted)
continue;
}
- err = put_cert (cert, 1, are_trusted, NULL);
+ err = put_cert (cert, 1, trustclass, NULL);
if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
log_info (_("certificate '%s' already cached\n"), fname);
else if (!err)
{
- if (are_trusted)
+ if (trustclass)
log_info (_("trusted certificate '%s' loaded\n"), fname);
else
log_info (_("certificate '%s' loaded\n"), fname);
@@ -421,24 +443,280 @@ load_certs_from_dir (const char *dirname, int are_trusted)
}
+/* Load certificates from FILE. The certificates are expected to be
+ * PEM encoded so that it is possible to load several certificates.
+ * TRUSTCLASSES is used to mark the certificates as trusted. The
+ * cache should be in a locked state when calling this function.
+ * NO_ERROR repalces an error message when FNAME was not found by an
+ * information message. */
+static gpg_error_t
+load_certs_from_file (const char *fname, unsigned int trustclasses,
+ int no_error)
+{
+ gpg_error_t err;
+ estream_t fp = NULL;
+ gnupg_ksba_io_t ioctx = NULL;
+ ksba_reader_t reader;
+ ksba_cert_t cert = NULL;
+
+ fp = es_fopen (fname, "rb");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ if (gpg_err_code (err) == GPG_ERR_ENONET && no_error)
+ log_info (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
+ else
+ log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
+ goto leave;
+ }
+
+ err = gnupg_ksba_create_reader (&ioctx,
+ (GNUPG_KSBA_IO_AUTODETECT
+ | GNUPG_KSBA_IO_MULTIPEM),
+ fp, &reader);
+ if (err)
+ {
+ log_error ("can't create reader: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+
+ /* Loop to read all certificates from the file. */
+ do
+ {
+ ksba_cert_release (cert);
+ cert = NULL;
+ err = ksba_cert_new (&cert);
+ if (!err)
+ err = ksba_cert_read_der (cert, reader);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ err = 0;
+ else
+ log_error (_("can't parse certificate '%s': %s\n"),
+ fname, gpg_strerror (err));
+ goto leave;
+ }
+
+ err = put_cert (cert, 1, trustclasses, NULL);
+ if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
+ log_info (_("certificate '%s' already cached\n"), fname);
+ else if (err)
+ log_error (_("error loading certificate '%s': %s\n"),
+ fname, gpg_strerror (err));
+ else if (opt.verbose > 1)
+ {
+ char *p;
+
+ log_info (_("trusted certificate '%s' loaded\n"), fname);
+ p = get_fingerprint_hexstring_colon (cert);
+ log_info (_(" SHA1 fingerprint = %s\n"), p);
+ xfree (p);
+
+ cert_log_name (_(" issuer ="), cert);
+ cert_log_subject (_(" subject ="), cert);
+ }
+
+ ksba_reader_clear (reader, NULL, NULL);
+ }
+ while (!gnupg_ksba_reader_eof_seen (ioctx));
+
+ leave:
+ ksba_cert_release (cert);
+ gnupg_ksba_destroy_reader (ioctx);
+ es_fclose (fp);
+
+ return err;
+}
+
+
+#ifdef HAVE_W32_SYSTEM
+/* Load all certificates from the Windows store named STORENAME. All
+ * certificates are considered to be system provided trusted
+ * certificates. The cache should be in a locked state when calling
+ * this function. */
+static void
+load_certs_from_w32_store (const char *storename)
+{
+ static int init_done;
+ static CERTOPENSYSTEMSTORE pCertOpenSystemStore;
+ static CERTENUMCERTIFICATESINSTORE pCertEnumCertificatesInStore;
+ static CERTCLOSESTORE pCertCloseStore;
+ gpg_error_t err;
+ HCERTSTORE w32store;
+ const CERT_CONTEXT *w32cert;
+ ksba_cert_t cert = NULL;
+ unsigned int count = 0;
+
+ /* Initialize on the first use. */
+ if (!init_done)
+ {
+ static HANDLE hCrypt32;
+
+ init_done = 1;
+
+ hCrypt32 = LoadLibrary ("Crypt32.dll");
+ if (!hCrypt32)
+ {
+ log_error ("can't load Crypt32.dll: %s\n", w32_strerror (-1));
+ return;
+ }
+
+ pCertOpenSystemStore = (CERTOPENSYSTEMSTORE)
+ GetProcAddress (hCrypt32, "CertOpenSystemStoreA");
+ pCertEnumCertificatesInStore = (CERTENUMCERTIFICATESINSTORE)
+ GetProcAddress (hCrypt32, "CertEnumCertificatesInStore");
+ pCertCloseStore = (CERTCLOSESTORE)
+ GetProcAddress (hCrypt32, "CertCloseStore");
+ if ( !pCertOpenSystemStore
+ || !pCertEnumCertificatesInStore
+ || !pCertCloseStore)
+ {
+ log_error ("can't load crypt32.dll: %s\n", "missing function");
+ pCertOpenSystemStore = NULL;
+ }
+ }
+
+ if (!pCertOpenSystemStore)
+ return; /* Not initialized. */
+
+
+ w32store = pCertOpenSystemStore (0, storename);
+ if (!w32store)
+ {
+ log_error ("can't open certificate store '%s': %s\n",
+ storename, w32_strerror (-1));
+ return;
+ }
+
+ w32cert = NULL;
+ while ((w32cert = pCertEnumCertificatesInStore (w32store, w32cert)))
+ {
+ if (w32cert->dwCertEncodingType == X509_ASN_ENCODING)
+ {
+ ksba_cert_release (cert);
+ cert = NULL;
+ err = ksba_cert_new (&cert);
+ if (!err)
+ err = ksba_cert_init_from_mem (cert,
+ w32cert->pbCertEncoded,
+ w32cert->cbCertEncoded);
+ if (err)
+ {
+ log_error (_("can't parse certificate '%s': %s\n"),
+ storename, gpg_strerror (err));
+ break;
+ }
+
+ err = put_cert (cert, 1, CERTTRUST_CLASS_SYSTEM, NULL);
+ if (!err)
+ count++;
+ if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
+ log_info (_("certificate '%s' already cached\n"), storename);
+ else if (err)
+ log_error (_("error loading certificate '%s': %s\n"),
+ storename, gpg_strerror (err));
+ else if (opt.verbose > 1)
+ {
+ char *p;
+
+ log_info (_("trusted certificate '%s' loaded\n"), storename);
+ p = get_fingerprint_hexstring_colon (cert);
+ log_info (_(" SHA1 fingerprint = %s\n"), p);
+ xfree (p);
+
+ cert_log_name (_(" issuer ="), cert);
+ cert_log_subject (_(" subject ="), cert);
+ }
+ }
+ }
+
+ ksba_cert_release (cert);
+ pCertCloseStore (w32store, 0);
+
+ if (DBG_X509)
+ log_debug ("number of certs loaded from store '%s': %u\n",
+ storename, count);
+
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+/* Load the trusted certificates provided by the system. */
+static gpg_error_t
+load_certs_from_system (void)
+{
+#ifdef HAVE_W32_SYSTEM
+
+ load_certs_from_w32_store ("ROOT");
+ load_certs_from_w32_store ("CA");
+
+ return 0;
+
+#else /*!HAVE_W32_SYSTEM*/
+
+ /* A list of certificate bundles to try. */
+ static struct {
+ const char *name;
+ } table[] = {
+#ifdef DEFAULT_TRUST_STORE_FILE
+ { DEFAULT_TRUST_STORE_FILE }
+#else
+ { "/etc/ssl/ca-bundle.pem" },
+ { "/etc/ssl/certs/ca-certificates.crt" },
+ { "/etc/pki/tls/cert.pem" },
+ { "/usr/local/share/certs/ca-root-nss.crt" },
+ { "/etc/ssl/cert.pem" }
+#endif /*!DEFAULT_TRUST_STORE_FILE*/
+ };
+ int idx;
+ gpg_error_t err = 0;
+
+ for (idx=0; idx < DIM (table); idx++)
+ if (!access (table[idx].name, F_OK))
+ {
+ /* Take the first available bundle. */
+ err = load_certs_from_file (table[idx].name, CERTTRUST_CLASS_SYSTEM, 0);
+ break;
+ }
+
+ return err;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
/* Initialize the certificate cache if not yet done. */
void
-cert_cache_init (void)
+cert_cache_init (strlist_t hkp_cacerts)
{
- char *dname;
+ char *fname;
+ strlist_t sl;
if (initialization_done)
return;
init_cache_lock ();
acquire_cache_write_lock ();
- dname = make_filename (gnupg_sysconfdir (), "trusted-certs", NULL);
- load_certs_from_dir (dname, 1);
- xfree (dname);
+ load_certs_from_system ();
+
+ fname = make_filename_try (gnupg_sysconfdir (), "trusted-certs", NULL);
+ if (fname)
+ load_certs_from_dir (fname, CERTTRUST_CLASS_CONFIG);
+ xfree (fname);
+
+ fname = make_filename_try (gnupg_sysconfdir (), "extra-certs", NULL);
+ if (fname)
+ load_certs_from_dir (fname, 0);
+ xfree (fname);
+
+ fname = make_filename_try (gnupg_datadir (),
+ "sks-keyservers.netCA.pem", NULL);
+ if (fname)
+ load_certs_from_file (fname, CERTTRUST_CLASS_HKPSPOOL, 1);
+ xfree (fname);
- dname = make_filename (gnupg_sysconfdir (), "extra-certs", NULL);
- load_certs_from_dir (dname, 0);
- xfree (dname);
+ for (sl = hkp_cacerts; sl; sl = sl->next)
+ load_certs_from_file (sl->d, CERTTRUST_CLASS_HKP, 0);
initialization_done = 1;
release_cache_lock ();
@@ -476,8 +754,7 @@ cert_cache_deinit (int full)
}
}
- total_loaded_certificates = 0;
- total_extra_certificates = 0;
+ total_nonperm_certificates = 0;
initialization_done = 0;
release_cache_lock ();
}
@@ -486,10 +763,51 @@ cert_cache_deinit (int full)
void
cert_cache_print_stats (void)
{
+ cert_item_t ci;
+ int idx;
+ unsigned int n_nonperm = 0;
+ unsigned int n_permanent = 0;
+ unsigned int n_trusted = 0;
+ unsigned int n_trustclass_system = 0;
+ unsigned int n_trustclass_config = 0;
+ unsigned int n_trustclass_hkp = 0;
+ unsigned int n_trustclass_hkpspool = 0;
+
+ acquire_cache_read_lock ();
+ for (idx = 0; idx < 256; idx++)
+ for (ci=cert_cache[idx]; ci; ci = ci->next)
+ if (ci->cert)
+ {
+ if (ci->permanent)
+ n_permanent++;
+ else
+ n_nonperm++;
+ if (ci->trustclasses)
+ {
+ n_trusted++;
+ if ((ci->trustclasses & CERTTRUST_CLASS_SYSTEM))
+ n_trustclass_system++;
+ if ((ci->trustclasses & CERTTRUST_CLASS_CONFIG))
+ n_trustclass_config++;
+ if ((ci->trustclasses & CERTTRUST_CLASS_HKP))
+ n_trustclass_hkp++;
+ if ((ci->trustclasses & CERTTRUST_CLASS_HKPSPOOL))
+ n_trustclass_hkpspool++;
+ }
+ }
+
+ release_cache_lock ();
+
log_info (_("permanently loaded certificates: %u\n"),
- total_loaded_certificates);
+ n_permanent);
log_info (_(" runtime cached certificates: %u\n"),
- total_extra_certificates);
+ n_nonperm);
+ log_info (_(" trusted certificates: %u (%u,%u,%u,%u)\n"),
+ n_trusted,
+ n_trustclass_system,
+ n_trustclass_config,
+ n_trustclass_hkp,
+ n_trustclass_hkpspool);
}
@@ -684,7 +1002,7 @@ get_cert_bysubject (const char *subject_dn, unsigned int seq)
-/* Return a value describing the the class of PATTERN. The offset of
+/* Return a value describing the class of PATTERN. The offset of
the actual string to be used for the comparison is stored at
R_OFFSET. The offset of the serialnumer is stored at R_SN_OFFSET. */
static enum pattern_class
@@ -981,7 +1299,7 @@ get_certs_bypattern (const char *pattern,
/* Return the certificate matching ISSUER_DN and SERIALNO; if it is
- not already in the cache, try to find it from other resources. */
+ * not already in the cache, try to find it from other resources. */
ksba_cert_t
find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
{
@@ -996,23 +1314,23 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
return cert;
/* Ask back to the service requester to return the certificate.
- This is because we can assume that he already used the
- certificate while checking for the CRL. */
+ * This is because we can assume that he already used the
+ * certificate while checking for the CRL. */
hexsn = serial_hex (serialno);
if (!hexsn)
{
log_error ("serial_hex() failed\n");
return NULL;
}
- buf = xtrymalloc (1 + strlen (hexsn) + 1 + strlen (issuer_dn) + 1);
+ buf = strconcat ("#", hexsn, "/", issuer_dn, NULL);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
xfree (hexsn);
return NULL;
}
- strcpy (stpcpy (stpcpy (stpcpy (buf, "#"), hexsn),"/"), issuer_dn);
xfree (hexsn);
+
cert = get_cert_local (ctrl, buf);
xfree (buf);
if (cert)
@@ -1093,10 +1411,10 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
/* Return the certificate matching SUBJECT_DN and (if not NULL)
- KEYID. If it is not already in the cache, try to find it from other
- resources. Note, that the external search does not work for user
- certificates because the LDAP lookup is on the caCertificate
- attribute. For our purposes this is just fine. */
+ * KEYID. If it is not already in the cache, try to find it from other
+ * resources. Note, that the external search does not work for user
+ * certificates because the LDAP lookup is on the caCertificate
+ * attribute. For our purposes this is just fine. */
ksba_cert_t
find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
{
@@ -1107,11 +1425,11 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
ksba_sexp_t subj;
/* If we have certificates from an OCSP request we first try to use
- them. This is because these certificates will really be the
- required ones and thus even in the case that they can't be
- uniquely located by the following code we can use them. This is
- for example required by Telesec certificates where a keyId is
- used but the issuer certificate comes without a subject keyId! */
+ * them. This is because these certificates will really be the
+ * required ones and thus even in the case that they can't be
+ * uniquely located by the following code we can use them. This is
+ * for example required by Telesec certificates where a keyId is
+ * used but the issuer certificate comes without a subject keyId! */
if (ctrl->ocsp_certs && subject_dn)
{
cert_item_t ci;
@@ -1136,8 +1454,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
log_debug ("find_cert_bysubject: certificate not in ocsp_certs\n");
}
-
- /* First we check whether the certificate is cached. */
+ /* No check whether the certificate is cached. */
for (seq=0; (cert = get_cert_bysubject (subject_dn, seq)); seq++)
{
if (!keyid)
@@ -1158,24 +1475,23 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
log_debug ("find_cert_bysubject: certificate not in cache\n");
/* Ask back to the service requester to return the certificate.
- This is because we can assume that he already used the
- certificate while checking for the CRL. */
+ * This is because we can assume that he already used the
+ * certificate while checking for the CRL. */
if (keyid)
cert = get_cert_local_ski (ctrl, subject_dn, keyid);
else
{
/* In contrast to get_cert_local_ski, get_cert_local uses any
- passed pattern, so we need to make sure that an exact subject
- search is done. */
+ * passed pattern, so we need to make sure that an exact subject
+ * search is done. */
char *buf;
- buf = xtrymalloc (1 + strlen (subject_dn) + 1);
+ buf = strconcat ("/", subject_dn, NULL);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
return NULL;
}
- strcpy (stpcpy (buf, "/"), subject_dn);
cert = get_cert_local (ctrl, buf);
xfree (buf);
}
@@ -1264,12 +1580,12 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
}
-
/* Return 0 if the certificate is a trusted certificate. Returns
- GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
- case of systems errors. */
+ * GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
+ * case of systems errors. TRUSTCLASSES are the bitwise ORed
+ * CERTTRUST_CLASS values to use for the check. */
gpg_error_t
-is_trusted_cert (ksba_cert_t cert)
+is_trusted_cert (ksba_cert_t cert, unsigned int trustclasses)
{
unsigned char fpr[20];
cert_item_t ci;
@@ -1280,8 +1596,10 @@ is_trusted_cert (ksba_cert_t cert)
for (ci=cert_cache[*fpr]; ci; ci = ci->next)
if (ci->cert && !memcmp (ci->fpr, fpr, 20))
{
- if (ci->flags.trusted)
+ if ((ci->trustclasses & trustclasses))
{
+ /* The certificate is trusted in one of the given
+ * TRUSTCLASSES. */
release_cache_lock ();
return 0; /* Yes, it is trusted. */
}
@@ -1295,8 +1613,8 @@ is_trusted_cert (ksba_cert_t cert)
/* Given the certificate CERT locate the issuer for this certificate
- and return it at R_CERT. Returns 0 on success or
- GPG_ERR_NOT_FOUND. */
+ * and return it at R_CERT. Returns 0 on success or
+ * GPG_ERR_NOT_FOUND. */
gpg_error_t
find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
{
@@ -1332,16 +1650,18 @@ find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
{
issuer_cert = find_cert_bysn (ctrl, s, authidno);
}
+
if (!issuer_cert && keyid)
{
/* Not found by issuer+s/n. Now that we have an AKI
- keyIdentifier look for a certificate with a matching
- SKI. */
+ * keyIdentifier look for a certificate with a matching
+ * SKI. */
issuer_cert = find_cert_bysubject (ctrl, issuer_dn, keyid);
}
+
/* Print a note so that the user does not feel too helpless when
- an issuer certificate was found and gpgsm prints BAD
- signature because it is not the correct one. */
+ * an issuer certificate was found and gpgsm prints BAD
+ * signature because it is not the correct one. */
if (!issuer_cert)
{
log_info ("issuer certificate ");
@@ -1367,8 +1687,8 @@ find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
}
/* If this did not work, try just with the issuer's name and assume
- that there is only one such certificate. We only look into our
- cache then. */
+ * that there is only one such certificate. We only look into our
+ * cache then. */
if (err || !issuer_cert)
{
issuer_cert = get_cert_bysubject (issuer_dn, 0);
@@ -1389,3 +1709,92 @@ find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
return err;
}
+
+
+
+/* Read a list of certificates in PEM format from stream FP and store
+ * them on success at R_CERTLIST. On error NULL is stored at R_CERT
+ * list and an error code returned. Note that even on success an
+ * empty list of certificates can be returned (i.e. NULL stored at
+ * R_CERTLIST) iff the input stream has no certificates. */
+gpg_error_t
+read_certlist_from_stream (certlist_t *r_certlist, estream_t fp)
+{
+ gpg_error_t err;
+ gnupg_ksba_io_t ioctx = NULL;
+ ksba_reader_t reader;
+ ksba_cert_t cert = NULL;
+ certlist_t certlist = NULL;
+ certlist_t cl, *cltail;
+
+ *r_certlist = NULL;
+
+ err = gnupg_ksba_create_reader (&ioctx,
+ (GNUPG_KSBA_IO_PEM | GNUPG_KSBA_IO_MULTIPEM),
+ fp, &reader);
+ if (err)
+ goto leave;
+
+ /* Loop to read all certificates from the stream. */
+ cltail = &certlist;
+ do
+ {
+ ksba_cert_release (cert);
+ cert = NULL;
+ err = ksba_cert_new (&cert);
+ if (!err)
+ err = ksba_cert_read_der (cert, reader);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ err = 0;
+ goto leave;
+ }
+
+ /* Append the certificate to the list. We also store the
+ * fingerprint and check whether we have a cached certificate;
+ * in that case the cached certificate is put into the list to
+ * take advantage of a validation result which might be stored
+ * in the cached certificate. */
+ cl = xtrycalloc (1, sizeof *cl);
+ if (!cl)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ cert_compute_fpr (cert, cl->fpr);
+ cl->cert = get_cert_byfpr (cl->fpr);
+ if (!cl->cert)
+ {
+ cl->cert = cert;
+ cert = NULL;
+ }
+ *cltail = cl;
+ cltail = &cl->next;
+ ksba_reader_clear (reader, NULL, NULL);
+ }
+ while (!gnupg_ksba_reader_eof_seen (ioctx));
+
+ leave:
+ ksba_cert_release (cert);
+ gnupg_ksba_destroy_reader (ioctx);
+ if (err)
+ release_certlist (certlist);
+ else
+ *r_certlist = certlist;
+
+ return err;
+}
+
+
+/* Release the certificate list CL. */
+void
+release_certlist (certlist_t cl)
+{
+ while (cl)
+ {
+ certlist_t next = cl->next;
+ ksba_cert_release (cl->cert);
+ cl = next;
+ }
+}
diff --git a/dirmngr/certcache.h b/dirmngr/certcache.h
index 9986f15..92529bf 100644
--- a/dirmngr/certcache.h
+++ b/dirmngr/certcache.h
@@ -21,8 +21,17 @@
#ifndef CERTCACHE_H
#define CERTCACHE_H
+/* The origin of the trusted root certificates. */
+enum {
+ CERTTRUST_CLASS_SYSTEM = 1, /* From the system's list of trusted certs. */
+ CERTTRUST_CLASS_CONFIG = 2, /* From dirmngr's config files. */
+ CERTTRUST_CLASS_HKP = 4, /* From --hkp-cacert */
+ CERTTRUST_CLASS_HKPSPOOL= 8, /* The one and only from sks-keyservers */
+};
+
+
/* First time initialization of the certificate cache. */
-void cert_cache_init (void);
+void cert_cache_init (strlist_t hkp_cacerts);
/* Deinitialize the certificate cache. */
void cert_cache_deinit (int full);
@@ -41,10 +50,10 @@ gpg_error_t cache_cert (ksba_cert_t cert);
gpg_error_t cache_cert_silent (ksba_cert_t cert, void *fpr_buffer);
/* Return 0 if the certificate is a trusted certificate. Returns
- GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
- case of systems errors. */
-gpg_error_t is_trusted_cert (ksba_cert_t cert);
-
+ * GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
+ * case of systems errors. TRUSTCLASSES are the bitwise ORed
+ * CERTTRUST_CLASS values to use for the check. */
+gpg_error_t is_trusted_cert (ksba_cert_t cert, unsigned trustclasses);
/* Return a certificate object for the given fingerprint. FPR is
expected to be a 20 byte binary SHA-1 fingerprint. If no matching
@@ -99,5 +108,18 @@ gpg_error_t find_issuing_cert (ctrl_t ctrl,
+/* A simple list of certificates. */
+struct certlist_s
+{
+ struct certlist_s *next;
+ ksba_cert_t cert;
+ unsigned char fpr[20]; /* of the certificate. */
+};
+typedef struct certlist_s *certlist_t;
+
+gpg_error_t read_certlist_from_stream (certlist_t *r_certlist, estream_t fp);
+void release_certlist (certlist_t cl);
+
+
#endif /*CERTCACHE_H*/
diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index 2e471cb..248ad9a 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -44,7 +44,7 @@
Field 1: Constant "v"
Field 2: Version number of this file. Must be 1.
- This record must be the first non-comment record record and
+ This record must be the first non-comment record and
there shall only exist one record of this type.
1.3. CRL cache record
@@ -1851,7 +1851,9 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
md = NULL;
err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
- VALIDATE_MODE_CRL_RECURSIVE,
+ (VALIDATE_FLAG_TRUST_CONFIG
+ | VALIDATE_FLAG_CRL
+ | VALIDATE_FLAG_RECURSIVE),
r_trust_anchor);
if (err)
{
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 8fe6e0b..f7a23ff 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -167,10 +167,11 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
http_release_parsed_uri (uri);
if (err && !strncmp (url, "https:", 6))
{
- /* Our HTTP code does not support TLS, thus we can't use this
- scheme and it is frankly not useful for CRL retrieval anyway.
- We resort to using http, assuming that the server also
- provides plain http access. */
+ /* FIXME: We now support https.
+ * Our HTTP code does not support TLS, thus we can't use this
+ * scheme and it is frankly not useful for CRL retrieval anyway.
+ * We resort to using http, assuming that the server also
+ * provides plain http access. */
free_this = xtrymalloc (strlen (url) + 1);
if (free_this)
{
@@ -198,7 +199,9 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
err = http_open_document (&hd, url, NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
- |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
+ |(dirmngr_use_tor()? HTTP_FLAG_FORCE_TOR:0)
+ |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4:0)
+ ),
ctrl->http_proxy, NULL, NULL, NULL);
switch ( err? 99999 : http_get_status_code (hd) )
@@ -290,7 +293,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
"LDAP");
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
}
- else if (opt.use_tor)
+ else if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
@@ -316,7 +319,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
gpg_error_t
crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
{
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
@@ -341,14 +344,14 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
}
-/* Fetch a CA certificate for DN using the default server. This
- function only initiates the fetch; fetch_next_cert must be used to
- actually read the certificate; end_cert_fetch to end the
- operation. */
+/* Fetch a CA certificate for DN using the default server. This
+ * function only initiates the fetch; fetch_next_cert must be used to
+ * actually read the certificate; end_cert_fetch to end the
+ * operation. */
gpg_error_t
ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
{
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
@@ -375,7 +378,7 @@ gpg_error_t
start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
strlist_t patterns, const ldap_server_t server)
{
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("CRL access not possible due to Tor mode\n"));
@@ -415,7 +418,7 @@ fetch_next_cert (cert_fetch_context_t context,
/* Fetch the next data from CONTEXT, assuming it is a certificate and return
- it as a cert object in R_CERT. */
+ * it as a cert object in R_CERT. */
gpg_error_t
fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
{
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 061cfc3..c877a9b 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -111,6 +111,7 @@ enum cmd_and_opt_values {
oBatch,
oDisableHTTP,
oDisableLDAP,
+ oDisableIPv4,
oIgnoreLDAPDP,
oIgnoreHTTPDP,
oIgnoreOCSPSvcUrl,
@@ -137,6 +138,7 @@ enum cmd_and_opt_values {
oHTTPWrapperProgram,
oIgnoreCertExtension,
oUseTor,
+ oNoUseTor,
oKeyServer,
oNameServer,
oDisableCheckOwnSocket,
@@ -223,6 +225,9 @@ static ARGPARSE_OPTS opts[] = {
N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via Tor")),
+ ARGPARSE_s_n (oNoUseTor, "no-use-tor", "@"),
+
+ ARGPARSE_s_n (oDisableIPv4, "disable-ipv4", "@"),
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
@@ -262,6 +267,7 @@ static struct debug_flags_s debug_flags [] =
{ DBG_DNS_VALUE , "dns" },
{ DBG_NETWORK_VALUE, "network" },
{ DBG_LOOKUP_VALUE , "lookup" },
+ { DBG_EXTPROG_VALUE, "extprog" },
{ 77, NULL } /* 77 := Do not exit on "help" or "?". */
};
@@ -297,6 +303,16 @@ static volatile int shutdown_pending;
/* Flags to indicate that we shall not watch our own socket. */
static int disable_check_own_socket;
+/* Flag to control the Tor mode. */
+static enum
+ { TOR_MODE_AUTO = 0, /* Switch to NO or YES */
+ TOR_MODE_NEVER, /* Never use Tor. */
+ TOR_MODE_NO, /* Do not use Tor */
+ TOR_MODE_YES, /* Use Tor */
+ TOR_MODE_FORCE /* Force using Tor */
+ } tor_mode;
+
+
/* Counter for the active connections. */
static int active_connections;
@@ -304,6 +320,10 @@ static int active_connections;
* thread to run background network tasks. */
static int network_activity_seen;
+/* A list of filenames registred with --hkp-cacert. */
+static strlist_t hkp_cacert_filenames;
+
+
/* The timer tick used for housekeeping stuff. */
#define TIMERTICK_INTERVAL (60)
@@ -479,7 +499,7 @@ set_debug (void)
static void
set_tor_mode (void)
{
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* Enable Tor mode and when called again force a new curcuit
* (e.g. on SIGHUP). */
@@ -490,6 +510,26 @@ set_tor_mode (void)
log_info ("(is your Libassuan recent enough?)\n");
}
}
+ else
+ disable_dns_tormode ();
+}
+
+
+/* Return true if Tor shall be used. */
+int
+dirmngr_use_tor (void)
+{
+ if (tor_mode == TOR_MODE_AUTO)
+ {
+ /* FIXME: Figure out whether Tor is running. */
+ }
+
+ if (tor_mode == TOR_MODE_FORCE)
+ return 2; /* Use Tor (using 2 to indicate force mode) */
+ else if (tor_mode == TOR_MODE_YES)
+ return 1; /* Use Tor */
+ else
+ return 0; /* Do not use Tor. */
}
@@ -551,8 +591,11 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
}
FREE_STRLIST (opt.ignored_cert_extensions);
http_register_tls_ca (NULL);
+ FREE_STRLIST (hkp_cacert_filenames);
FREE_STRLIST (opt.keyserver);
- /* Note: We do not allow resetting of opt.use_tor at runtime. */
+ /* Note: We do not allow resetting of TOR_MODE_FORCE at runtime. */
+ if (tor_mode != TOR_MODE_FORCE)
+ tor_mode = TOR_MODE_AUTO;
disable_check_own_socket = 0;
enable_standard_resolver (0);
set_dns_timeout (0);
@@ -593,6 +636,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oDisableHTTP: opt.disable_http = 1; break;
case oDisableLDAP: opt.disable_ldap = 1; break;
+ case oDisableIPv4: opt.disable_ipv4 = 1; break;
case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
@@ -615,11 +659,14 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oHkpCaCert:
{
+ /* We need to register the filenames with gnutls (http.c) and
+ * also for our own cert cache. */
char *tmpname;
/* Do tilde expansion and make path absolute. */
tmpname = make_absfilename (pargs->r.ret_str, NULL);
http_register_tls_ca (tmpname);
+ add_to_strlist (&hkp_cacert_filenames, pargs->r.ret_str);
xfree (tmpname);
}
break;
@@ -628,7 +675,13 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
break;
- case oUseTor: opt.use_tor = 1; break;
+ case oUseTor:
+ tor_mode = TOR_MODE_FORCE;
+ break;
+ case oNoUseTor:
+ if (tor_mode != TOR_MODE_FORCE)
+ tor_mode = TOR_MODE_NEVER;
+ break;
case oStandardResolver: enable_standard_resolver (1); break;
case oRecursiveResolver: enable_recursive_resolver (1); break;
@@ -652,6 +705,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
set_dns_verbose (opt.verbose, !!DBG_DNS);
http_set_verbose (opt.verbose, !!DBG_NETWORK);
+ set_dns_disable_ipv4 (opt.disable_ipv4);
return 1; /* Handled. */
}
@@ -670,6 +724,23 @@ pid_suffix_callback (unsigned long *r_suffix)
}
#endif /*!HAVE_W32_SYSTEM*/
+#if HTTP_USE_NTBTLS
+static void
+my_ntbtls_log_handler (void *opaque, int level, const char *fmt, va_list argv)
+{
+ (void)opaque;
+
+ if (level == -1)
+ log_logv_with_prefix (GPGRT_LOG_INFO, "ntbtls: ", fmt, argv);
+ else
+ {
+ char prefix[10+20];
+ snprintf (prefix, sizeof prefix, "ntbtls(%d): ", level);
+ log_logv_with_prefix (GPGRT_LOG_DEBUG, prefix, fmt, argv);
+ }
+}
+#endif
+
static void
thread_init (void)
@@ -756,6 +827,10 @@ main (int argc, char **argv)
setup_libgcrypt_logging ();
+#if HTTP_USE_NTBTLS
+ ntbtls_set_log_handler (my_ntbtls_log_handler, NULL);
+#endif
+
/* Setup defaults. */
shell = getenv ("SHELL");
if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
@@ -1003,7 +1078,7 @@ main (int argc, char **argv)
thread_init ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
http_register_netactivity_cb (netactivity_action);
start_command_handler (ASSUAN_INVALID_FD);
@@ -1038,7 +1113,7 @@ main (int argc, char **argv)
log_set_prefix (NULL, 0);
thread_init ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
http_register_netactivity_cb (netactivity_action);
handle_connections (3);
@@ -1245,7 +1320,7 @@ main (int argc, char **argv)
#endif
thread_init ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
http_register_netactivity_cb (netactivity_action);
handle_connections (fd);
@@ -1267,7 +1342,7 @@ main (int argc, char **argv)
dirmngr_init_default_ctrl (&ctrlbuf);
thread_init ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
if (!argc)
rc = crl_cache_load (&ctrlbuf, NULL);
@@ -1290,7 +1365,7 @@ main (int argc, char **argv)
dirmngr_init_default_ctrl (&ctrlbuf);
thread_init ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
rc = crl_fetch (&ctrlbuf, argv[0], &reader);
if (rc)
@@ -1423,8 +1498,10 @@ dirmngr_exit (int rc)
void
dirmngr_init_default_ctrl (ctrl_t ctrl)
{
+ ctrl->magic = SERVER_CONTROL_MAGIC;
if (opt.http_proxy)
ctrl->http_proxy = xstrdup (opt.http_proxy);
+ ctrl->http_no_crl = 1;
}
@@ -1433,6 +1510,8 @@ dirmngr_deinit_default_ctrl (ctrl_t ctrl)
{
if (!ctrl)
return;
+ ctrl->magic = 0xdeadbeef;
+
xfree (ctrl->http_proxy);
ctrl->http_proxy = NULL;
}
@@ -1699,7 +1778,7 @@ dirmngr_sighup_action (void)
reread_configuration ();
cert_cache_deinit (0);
crl_cache_deinit ();
- cert_cache_init ();
+ cert_cache_init (hkp_cacert_filenames);
crl_cache_init ();
reload_dns_stuff (0);
ks_hkp_reload ();
@@ -1793,7 +1872,7 @@ housekeeping_thread (void *arg)
if (network_activity_seen)
{
network_activity_seen = 0;
- if (opt.use_tor || opt.allow_version_check)
+ if (opt.allow_version_check)
dirmngr_load_swdb (&ctrlbuf, 0);
}
@@ -2137,7 +2216,7 @@ handle_connections (assuan_fd_t listen_fd)
close (my_inotify_fd);
#endif /*HAVE_INOTIFY_INIT*/
npth_attr_destroy (&tattr);
- if (listen_fd != -1)
+ if (listen_fd != GNUPG_INVALID_FD)
assuan_sock_close (fd);
cleanup ();
log_info ("%s %s stopped\n", strusage(11), strusage(13));
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 35bc000..b269865 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -91,13 +91,13 @@ struct
program. */
int running_detached; /* We are running in detached mode. */
- int use_tor; /* Tor mode has been enabled. */
int allow_version_check; /* --allow-version-check is active. */
int force; /* Force loading outdated CRLs. */
int disable_http; /* Do not use HTTP at all. */
int disable_ldap; /* Do not use LDAP at all. */
+ int disable_ipv4; /* Do not use leagacy IP addresses. */
int honor_http_proxy; /* Honor the http_proxy env variable. */
const char *http_proxy; /* The default HTTP proxy. */
const char *ldap_proxy; /* Use given LDAP proxy. */
@@ -144,6 +144,7 @@ struct
#define DBG_IPC_VALUE 1024 /* debug assuan communication */
#define DBG_NETWORK_VALUE 2048 /* debug network I/O. */
#define DBG_LOOKUP_VALUE 8192 /* debug lookup details */
+#define DBG_EXTPROG_VALUE 16384 /* debug external program calls */
#define DBG_X509 (opt.debug & DBG_X509_VALUE)
#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
@@ -154,8 +155,10 @@ struct
#define DBG_IPC (opt.debug & DBG_IPC_VALUE)
#define DBG_NETWORK (opt.debug & DBG_NETWORK_VALUE)
#define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE)
+#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
-/* A simple list of certificate references. */
+/* A simple list of certificate references. FIXME: Better use
+ certlist_t also for references (Store NULL at .cert) */
struct cert_ref_s
{
struct cert_ref_s *next;
@@ -163,15 +166,23 @@ struct cert_ref_s
};
typedef struct cert_ref_s *cert_ref_t;
+
/* Forward references; access only through server.c. */
struct server_local_s;
+#if SIZEOF_UNSIGNED_LONG == 8
+# define SERVER_CONTROL_MAGIC 0x6469726d6e677220
+#else
+# define SERVER_CONTROL_MAGIC 0x6469726d
+#endif
+
/* Connection control structure. */
struct server_control_s
{
- int refcount; /* Count additional references to this object. */
- int no_server; /* We are not running under server control. */
- int status_fd; /* Only for non-server mode. */
+ unsigned long magic;/* Always has SERVER_CONTROL_MAGIC. */
+ int refcount; /* Count additional references to this object. */
+ int no_server; /* We are not running under server control. */
+ int status_fd; /* Only for non-server mode. */
struct server_local_s *server_local;
int force_crl_refresh; /* Always load a fresh CRL. */
@@ -181,6 +192,8 @@ struct server_control_s
int audit_events; /* Send audit events to client. */
char *http_proxy; /* The used http_proxy or NULL. */
+
+ unsigned int http_no_crl:1; /* Do not check CRLs for https. */
};
@@ -190,7 +203,7 @@ void dirmngr_init_default_ctrl (ctrl_t ctrl);
void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
void dirmngr_sighup_action (void);
const char* dirmngr_get_current_socket_name (void);
-
+int dirmngr_use_tor (void);
/*-- Various housekeeping functions. --*/
void ks_hkp_housekeeping (time_t curtime);
@@ -211,6 +224,15 @@ gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...);
gpg_error_t dirmngr_status_help (ctrl_t ctrl, const char *text);
gpg_error_t dirmngr_tick (ctrl_t ctrl);
+/*-- http-ntbtls.c --*/
+/* Note that we don't use a callback for gnutls. */
+
+gpg_error_t gnupg_http_tls_verify_cb (void *opaque,
+ http_t http,
+ http_session_t session,
+ unsigned int flags,
+ void *tls_context);
+
/*-- loadswdb.c --*/
gpg_error_t dirmngr_load_swdb (ctrl_t ctrl, int force);
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 9347196..d72d1c7 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -119,6 +119,10 @@ static int opt_debug;
/* The timeout in seconds for libdns requests. */
static int opt_timeout;
+/* The flag to disable IPv4 access - right now this only skips
+ * returned A records. */
+static int opt_disable_ipv4;
+
/* If set force the use of the standard resolver. */
static int standard_resolver;
@@ -218,6 +222,14 @@ enable_dns_tormode (int new_circuit)
}
+/* Disable tor mode. */
+void
+disable_dns_tormode (void)
+{
+ tor_mode = 0;
+}
+
+
/* Set verbosity and debug mode for this module. */
void
set_dns_verbose (int verbose, int debug)
@@ -227,6 +239,15 @@ set_dns_verbose (int verbose, int debug)
}
+/* Set the Disable-IPv4 flag so that the name resolver does not return
+ * A addresses. */
+void
+set_dns_disable_ipv4 (int yes)
+{
+ opt_disable_ipv4 = !!yes;
+}
+
+
/* Set the timeout for libdns requests to SECONDS. A value of 0 sets
* the default timeout and values are capped at 10 minutes. */
void
@@ -477,12 +498,10 @@ libdns_init (void)
(dns_nssconf_loadpath (ld.resolv_conf, fname));
if (err)
{
- log_error ("failed to load '%s': %s\n", fname, gpg_strerror (err));
- /* not fatal, nsswitch.conf is not used on all systems; assume
- * classic behavior instead. Our dns library states "bf" which tries
- * DNS then Files, which is not classic; FreeBSD
- * /usr/src/lib/libc/net/gethostnamadr.c defines default_src[] which
- * is Files then DNS, which is. */
+ /* This is not a fatal error: nsswitch.conf is not used on
+ * all systems; assume classic behavior instead. */
+ if (gpg_err_code (err) != GPG_ERR_ENOENT)
+ log_error ("failed to load '%s': %s\n", fname, gpg_strerror (err));
if (opt_debug)
log_debug ("dns: fallback resolution order, files then DNS\n");
ld.resolv_conf->lookup[0] = 'f';
@@ -490,6 +509,23 @@ libdns_init (void)
ld.resolv_conf->lookup[2] = '\0';
err = GPG_ERR_NO_ERROR;
}
+ else if (!strchr (ld.resolv_conf->lookup, 'b'))
+ {
+ /* No DNS resulution type found in the list. This might be
+ * due to systemd based systems which allow for custom
+ * keywords which are not known to us and thus we do not
+ * know whether DNS is wanted or not. Becuase DNS is
+ * important for our infrastructure, we forcefully append
+ * DNS to the end of the list. */
+ if (strlen (ld.resolv_conf->lookup)+2 < sizeof ld.resolv_conf->lookup)
+ {
+ if (opt_debug)
+ log_debug ("dns: appending DNS to resolution order\n");
+ strcat (ld.resolv_conf->lookup, "b");
+ }
+ else
+ log_error ("failed to append DNS to resolution order\n");
+ }
#endif /* Unix */
}
@@ -683,6 +719,7 @@ resolve_name_libdns (const char *name, unsigned short port,
struct addrinfo *ent;
char portstr_[21];
char *portstr = NULL;
+ char *namebuf = NULL;
int derr;
*r_dai = NULL;
@@ -695,8 +732,6 @@ resolve_name_libdns (const char *name, unsigned short port,
hints.ai_flags = AI_ADDRCONFIG;
if (r_canonname)
hints.ai_flags |= AI_CANONNAME;
- if (is_ip_address (name))
- hints.ai_flags |= AI_NUMERICHOST;
if (port)
{
@@ -708,6 +743,25 @@ resolve_name_libdns (const char *name, unsigned short port,
if (err)
goto leave;
+
+ if (is_ip_address (name))
+ {
+ hints.ai_flags |= AI_NUMERICHOST;
+ /* libdns does not grok brackets - remove them. */
+ if (*name == '[' && name[strlen(name)-1] == ']')
+ {
+ namebuf = xtrymalloc (strlen (name));
+ if (!namebuf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ strcpy (namebuf, name+1);
+ namebuf[strlen (namebuf)-1] = 0;
+ name = namebuf;
+ }
+ }
+
ai = dns_ai_open (name, portstr, 0, &hints, res, &derr);
if (!ai)
{
@@ -789,6 +843,7 @@ resolve_name_libdns (const char *name, unsigned short port,
else
*r_dai = daihead;
+ xfree (namebuf);
return err;
}
#endif /*USE_LIBDNS*/
@@ -826,7 +881,7 @@ resolve_name_standard (const char *name, unsigned short port,
else
*portstr = 0;
- /* We can't use the the AI_IDN flag because that does the conversion
+ /* We can't use the AI_IDN flag because that does the conversion
using the current locale. However, GnuPG always used UTF-8. To
support IDN we would need to make use of the libidn API. */
ret = getaddrinfo (name, *portstr? portstr : NULL, &hints, &aibuf);
@@ -873,6 +928,8 @@ resolve_name_standard (const char *name, unsigned short port,
{
if (ai->ai_family != AF_INET6 && ai->ai_family != AF_INET)
continue;
+ if (opt_disable_ipv4 && ai->ai_family == AF_INET)
+ continue;
dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
dai->family = ai->ai_family;
@@ -1170,7 +1227,7 @@ is_ip_address (const char *name)
if (*name == '[')
return 6; /* yes: A legal DNS name may not contain this character;
- this mut be bracketed v6 address. */
+ this must be bracketed v6 address. */
if (*name == '.')
return 0; /* No. A leading dot is not a valid IP address. */
@@ -1212,7 +1269,7 @@ is_ip_address (const char *name)
if (*s == '.')
{
if (s[1] == '.')
- return 0; /* No: Douple dot. */
+ return 0; /* No: Double dot. */
if (atoi (s+1) > 255)
return 0; /* No: Ipv4 byte value too large. */
ndots++;
@@ -1623,7 +1680,7 @@ get_dns_cert_standard (const char *name, int want_certtype,
found, the malloced data is returned at (R_KEY, R_KEYLEN) and
the other return parameters are set to NULL/0. If an IPGP CERT
record was found the fingerprint is stored as an allocated block at
- R_FPR and its length at R_FPRLEN; an URL is is allocated as a
+ R_FPR and its length at R_FPRLEN; an URL is allocated as a
string and returned at R_URL. If WANT_CERTTYPE is 0 this function
returns the first CERT found with a supported type; it is expected
that only one CERT record is used. If WANT_CERTTYPE is one of the
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index d68dd17..9b8303c 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -95,6 +95,10 @@ struct srventry
/* Set verbosity and debug mode for this module. */
void set_dns_verbose (int verbose, int debug);
+/* Set the Disable-IPv4 flag so that the name resolver does not return
+ * A addresses. */
+void set_dns_disable_ipv4 (int yes);
+
/* Set the timeout for libdns requests to SECONDS. */
void set_dns_timeout (int seconds);
@@ -116,6 +120,7 @@ int recursive_resolver_p (void);
/* Put this module eternally into Tor mode. When called agained with
* NEW_CIRCUIT request a new TOR circuit for the next DNS query. */
void enable_dns_tormode (int new_circuit);
+void disable_dns_tormode (void);
/* Change the default IP address of the nameserver to IPADDR. The
address needs to be a numerical IP address and will be used for the
diff --git a/dirmngr/http-ntbtls.c b/dirmngr/http-ntbtls.c
new file mode 100644
index 0000000..00d6a58
--- /dev/null
+++ b/dirmngr/http-ntbtls.c
@@ -0,0 +1,124 @@
+/* http-ntbtls.c - Support for using NTBTLS with http.c
+ * Copyright (C) 2017 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "dirmngr.h"
+#include "certcache.h"
+#include "validate.h"
+
+#ifdef HTTP_USE_NTBTLS
+# include <ntbtls.h>
+
+
+
+/* The callback used to verify the peer's certificate. */
+gpg_error_t
+gnupg_http_tls_verify_cb (void *opaque,
+ http_t http,
+ http_session_t session,
+ unsigned int http_flags,
+ void *tls_context)
+{
+ ctrl_t ctrl = opaque;
+ ntbtls_t tls = tls_context;
+ gpg_error_t err;
+ int idx;
+ ksba_cert_t cert;
+ ksba_cert_t hostcert = NULL;
+ unsigned int validate_flags;
+ const char *hostname;
+
+ (void)http;
+ (void)session;
+
+ log_assert (ctrl && ctrl->magic == SERVER_CONTROL_MAGIC);
+ log_assert (!ntbtls_check_context (tls));
+
+ /* Get the peer's certs fron ntbtls. */
+ for (idx = 0;
+ (cert = ntbtls_x509_get_peer_cert (tls, idx)); idx++)
+ {
+ if (!idx)
+ hostcert = cert;
+ else
+ {
+ /* Quick hack to make verification work by inserting the supplied
+ * certs into the cache. FIXME! */
+ cache_cert (cert);
+ ksba_cert_release (cert);
+ }
+ }
+ if (!idx)
+ {
+ err = gpg_error (GPG_ERR_MISSING_CERT);
+ goto leave;
+ }
+
+ validate_flags = VALIDATE_FLAG_TLS;
+
+ /* Are we using the standard hkps:// pool use the dedicated
+ * root certificate. */
+ hostname = ntbtls_get_hostname (tls);
+ if (hostname
+ && !ascii_strcasecmp (hostname, "hkps.pool.sks-keyservers.net"))
+ {
+ validate_flags |= VALIDATE_FLAG_TRUST_HKPSPOOL;
+ }
+ else /* Use the certificates as requested from the HTTP module. */
+ {
+ if ((http_flags & HTTP_FLAG_TRUST_DEF))
+ validate_flags |= VALIDATE_FLAG_TRUST_HKP;
+ if ((http_flags & HTTP_FLAG_TRUST_SYS))
+ validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
+ }
+
+ if ((http_flags & HTTP_FLAG_NO_CRL))
+ validate_flags |= VALIDATE_FLAG_NOCRLCHECK;
+
+ err = validate_cert_chain (ctrl, hostcert, NULL, validate_flags, NULL);
+
+ leave:
+ ksba_cert_release (hostcert);
+ return err;
+}
+
+
+#else /*!HTTP_USE_NTBTLS*/
+
+/* Dummy function used when not build without ntbtls support. */
+gpg_error_t
+gnupg_http_tls_verify_cb (void *opaque,
+ http_t http,
+ http_session_t session,
+ unsigned int flags,
+ void *tls_context)
+{
+ (void)opaque;
+ (void)http;
+ (void)session;
+ (void)flags;
+ (void)tls_context;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+}
+#endif /*!HTTP_USE_NTBTLS*/
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 35877d2..890f5f6 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -155,16 +155,22 @@ static gpg_error_t send_request (http_t hd, const char *httphost,
static char *build_rel_path (parsed_uri_t uri);
static gpg_error_t parse_response (http_t hd);
-static assuan_fd_t connect_server (const char *server, unsigned short port,
+static gpg_error_t connect_server (const char *server, unsigned short port,
unsigned int flags, const char *srvtag,
- int *r_host_not_found);
+ assuan_fd_t *r_sock);
+static gpgrt_ssize_t read_server (int sock, void *buffer, size_t size);
static gpg_error_t write_server (int sock, const char *data, size_t length);
static gpgrt_ssize_t cookie_read (void *cookie, void *buffer, size_t size);
static gpgrt_ssize_t cookie_write (void *cookie,
const void *buffer, size_t size);
static int cookie_close (void *cookie);
-
+#ifdef HAVE_W32_SYSTEM
+static gpgrt_ssize_t simple_cookie_read (void *cookie,
+ void *buffer, size_t size);
+static gpgrt_ssize_t simple_cookie_write (void *cookie,
+ const void *buffer, size_t size);
+#endif
/* A socket object used to a allow ref counting of sockets. */
struct my_socket_s
@@ -184,6 +190,7 @@ static es_cookie_io_functions_t cookie_functions =
cookie_close
};
+
struct cookie_s
{
/* Socket object or NULL if already closed. */
@@ -202,9 +209,31 @@ struct cookie_s
};
typedef struct cookie_s *cookie_t;
+
+/* Simple cookie functions. Here the cookie is an int with the
+ * socket. */
+#ifdef HAVE_W32_SYSTEM
+static es_cookie_io_functions_t simple_cookie_functions =
+ {
+ simple_cookie_read,
+ simple_cookie_write,
+ NULL,
+ NULL
+ };
+#endif
+
+
+#if SIZEOF_UNSIGNED_LONG == 8
+# define HTTP_SESSION_MAGIC 0x0068545470534553 /* "hTTpSES" */
+#else
+# define HTTP_SESSION_MAGIC 0x68547365 /* "hTse" */
+#endif
+
/* The session object. */
struct http_session_s
{
+ unsigned long magic;
+
int refcount; /* Number of references to this object. */
#ifdef HTTP_USE_GNUTLS
gnutls_certificate_credentials_t certcred;
@@ -221,6 +250,13 @@ struct http_session_s
/* A callback function to log details of TLS certifciates. */
void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
const void **, size_t *);
+
+ /* The flags passed to the session object. */
+ unsigned int flags;
+
+ /* A per-session TLS verification callback. */
+ http_verify_cb_t verify_cb;
+ void *verify_cb_value;
};
@@ -234,9 +270,17 @@ struct header_s
typedef struct header_s *header_t;
+#if SIZEOF_UNSIGNED_LONG == 8
+# define HTTP_CONTEXT_MAGIC 0x0068545470435458 /* "hTTpCTX" */
+#else
+# define HTTP_CONTEXT_MAGIC 0x68546378 /* "hTcx" */
+#endif
+
+
/* Our handle context. */
struct http_context_s
{
+ unsigned long magic;
unsigned int status_code;
my_socket_t sock;
unsigned int in_data:1;
@@ -406,6 +450,27 @@ my_gnutls_write (gnutls_transport_ptr_t ptr, const void *buffer, size_t size)
#endif /*HTTP_USE_GNUTLS*/
+#ifdef HTTP_USE_NTBTLS
+/* Connect the ntbls callback to our generic callback. */
+static gpg_error_t
+my_ntbtls_verify_cb (void *opaque, ntbtls_t tls, unsigned int verify_flags)
+{
+ http_t hd = opaque;
+
+ (void)verify_flags;
+
+ log_assert (hd && hd->session && hd->session->verify_cb);
+ log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
+ log_assert (hd->session->magic == HTTP_SESSION_MAGIC);
+
+ return hd->session->verify_cb (hd->session->verify_cb_value,
+ hd, hd->session,
+ (hd->flags | hd->session->flags),
+ tls);
+}
+#endif /*HTTP_USE_NTBTLS*/
+
+
/* This notification function is called by estream whenever stream is
@@ -418,6 +483,7 @@ fp_onclose_notification (estream_t stream, void *opaque)
{
http_t hd = opaque;
+ log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
if (hd->fp_read && hd->fp_read == stream)
hd->fp_read = NULL;
else if (hd->fp_write && hd->fp_write == stream)
@@ -577,6 +643,8 @@ session_unref (int lnr, http_session_t sess)
if (!sess)
return;
+ log_assert (sess->magic == HTTP_SESSION_MAGIC);
+
sess->refcount--;
if (opt_debug > 1)
log_debug ("http.c:%d:session_unref: sess %p ref now %d\n",
@@ -588,6 +656,7 @@ session_unref (int lnr, http_session_t sess)
close_tls_session (sess);
#endif /*USE_TLS*/
+ sess->magic = 0xdeadbeef;
xfree (sess);
}
#define http_session_unref(a) session_unref (__LINE__, (a))
@@ -604,10 +673,12 @@ http_session_release (http_session_t sess)
* Valid values for FLAGS are:
* HTTP_FLAG_TRUST_DEF - Use the CAs set with http_register_tls_ca
* HTTP_FLAG_TRUST_SYS - Also use the CAs defined by the system
+ * HTTP_FLAG_NO_CRL - Do not consult CRLs for https.
*/
gpg_error_t
-http_session_new (http_session_t *r_session, const char *tls_priority,
- const char *intended_hostname, unsigned int flags)
+http_session_new (http_session_t *r_session,
+ const char *intended_hostname, unsigned int flags,
+ http_verify_cb_t verify_cb, void *verify_cb_value)
{
gpg_error_t err;
http_session_t sess;
@@ -617,97 +688,24 @@ http_session_new (http_session_t *r_session, const char *tls_priority,
sess = xtrycalloc (1, sizeof *sess);
if (!sess)
return gpg_error_from_syserror ();
+ sess->magic = HTTP_SESSION_MAGIC;
sess->refcount = 1;
+ sess->flags = flags;
+ sess->verify_cb = verify_cb;
+ sess->verify_cb_value = verify_cb_value;
#if HTTP_USE_NTBTLS
{
- x509_cert_t ca_chain;
- char line[256];
- estream_t fp, mem_p;
- size_t nread, nbytes;
- struct b64state state;
- void *buf;
- size_t buflen;
- char *pemname;
-
- (void)tls_priority;
-
- pemname = make_filename_try (gnupg_datadir (),
- "sks-keyservers.netCA.pem", NULL);
- if (!pemname)
- {
- err = gpg_error_from_syserror ();
- log_error ("setting CA from file '%s' failed: %s\n",
- pemname, gpg_strerror (err));
- goto leave;
- }
-
- fp = es_fopen (pemname, "r");
- if (!fp)
- {
- err = gpg_error_from_syserror ();
- log_error ("can't open '%s': %s\n", pemname, gpg_strerror (err));
- xfree (pemname);
- goto leave;
- }
- xfree (pemname);
-
- mem_p = es_fopenmem (0, "r+b");
- err = b64dec_start (&state, "CERTIFICATE");
- if (err)
- {
- log_error ("b64dec failure: %s\n", gpg_strerror (err));
- goto leave;
- }
-
- while ( (nread = es_fread (line, 1, DIM (line), fp)) )
- {
- err = b64dec_proc (&state, line, nread, &nbytes);
- if (err)
- {
- if (gpg_err_code (err) == GPG_ERR_EOF)
- break;
-
- log_error ("b64dec failure: %s\n", gpg_strerror (err));
- es_fclose (fp);
- es_fclose (mem_p);
- goto leave;
- }
- else if (nbytes)
- es_fwrite (line, 1, nbytes, mem_p);
- }
- err = b64dec_finish (&state);
- if (err)
- {
- log_error ("b64dec failure: %s\n", gpg_strerror (err));
- es_fclose (fp);
- es_fclose (mem_p);
- goto leave;
- }
-
- es_fclose_snatch (mem_p, &buf, &buflen);
- es_fclose (fp);
-
- err = ntbtls_x509_cert_new (&ca_chain);
- if (err)
- {
- log_error ("ntbtls_x509_new failed: %s\n", gpg_strerror (err));
- xfree (buf);
- goto leave;
- }
-
- err = ntbtls_x509_append_cert (ca_chain, buf, buflen);
- xfree (buf);
+ (void)intended_hostname; /* Not needed because we do not preload
+ * certificates. */
err = ntbtls_new (&sess->tls_session, NTBTLS_CLIENT);
if (err)
{
log_error ("ntbtls_new failed: %s\n", gpg_strerror (err));
- ntbtls_x509_cert_release (ca_chain);
goto leave;
}
- err = ntbtls_set_ca_chain (sess->tls_session, ca_chain, NULL);
}
#elif HTTP_USE_GNUTLS
{
@@ -799,7 +797,7 @@ http_session_new (http_session_t *r_session, const char *tls_priority,
gnutls_transport_set_ptr (sess->tls_session, NULL);
rc = gnutls_priority_set_direct (sess->tls_session,
- tls_priority? tls_priority : "NORMAL",
+ "NORMAL",
&errpos);
if (rc < 0)
{
@@ -818,11 +816,12 @@ http_session_new (http_session_t *r_session, const char *tls_priority,
goto leave;
}
}
-#else /*!HTTP_USE_GNUTLS*/
+#else /*!HTTP_USE_GNUTLS && !HTTP_USE_NTBTLS*/
{
- (void)tls_priority;
+ (void)intended_hostname;
+ (void)flags;
}
-#endif /*!HTTP_USE_GNUTLS*/
+#endif /*!HTTP_USE_GNUTLS && !HTTP_USE_NTBTLS*/
if (opt_debug > 1)
log_debug ("http.c:session_new: sess %p created\n", sess);
@@ -890,6 +889,7 @@ http_open (http_t *r_hd, http_req_t reqtype, const char *url,
hd = xtrycalloc (1, sizeof *hd);
if (!hd)
return gpg_error_from_syserror ();
+ hd->magic = HTTP_CONTEXT_MAGIC;
hd->req_type = reqtype;
hd->flags = flags;
hd->session = http_session_ref (session);
@@ -924,7 +924,6 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
gpg_error_t err = 0;
http_t hd;
cookie_t cookie;
- int hnf;
*r_hd = NULL;
@@ -943,6 +942,7 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
hd = xtrycalloc (1, sizeof *hd);
if (!hd)
return gpg_error_from_syserror ();
+ hd->magic = HTTP_CONTEXT_MAGIC;
hd->req_type = HTTP_REQ_OPAQUE;
hd->flags = flags;
@@ -950,12 +950,9 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
{
assuan_fd_t sock;
- sock = connect_server (server, port, hd->flags, srvtag, &hnf);
- if (sock == ASSUAN_INVALID_FD)
+ err = connect_server (server, port, hd->flags, srvtag, &sock);
+ if (err)
{
- err = gpg_err_make (default_errsource,
- (hnf? GPG_ERR_UNKNOWN_HOST
- : gpg_err_code_from_syserror ()));
xfree (hd);
return err;
}
@@ -1130,6 +1127,8 @@ http_close (http_t hd, int keep_read_stream)
if (!hd)
return;
+ log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
+
/* First remove the close notifications for the streams. */
if (hd->fp_read)
es_onclose (hd->fp_read, 0, fp_onclose_notification, hd);
@@ -1143,6 +1142,7 @@ http_close (http_t hd, int keep_read_stream)
if (hd->fp_write)
es_fclose (hd->fp_write);
http_session_unref (hd->session);
+ hd->magic = 0xdeadbeef;
http_release_parsed_uri (hd->uri);
while (hd->headers)
{
@@ -1177,7 +1177,7 @@ http_get_status_code (http_t hd)
/* Return information pertaining to TLS. If TLS is not in use for HD,
NULL is returned. WHAT is used ask for specific information:
- (NULL) := Only check whether TLS is is use. Returns an
+ (NULL) := Only check whether TLS is in use. Returns an
unspecified string if TLS is in use. That string may
even be the empty string.
*/
@@ -1643,7 +1643,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
char *proxy_authstr = NULL;
char *authstr = NULL;
int sock;
- int hnf;
if (hd->uri->use_tls && !hd->session)
{
@@ -1713,7 +1712,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
&& *http_proxy ))
{
parsed_uri_t uri;
- int save_errno;
if (proxy)
http_proxy = proxy;
@@ -1760,25 +1758,20 @@ send_request (http_t hd, const char *httphost, const char *auth,
}
}
- sock = connect_server (*uri->host ? uri->host : "localhost",
- uri->port ? uri->port : 80,
- hd->flags, srvtag, &hnf);
- save_errno = errno;
+ err = connect_server (*uri->host ? uri->host : "localhost",
+ uri->port ? uri->port : 80,
+ hd->flags, srvtag, &sock);
http_release_parsed_uri (uri);
- if (sock == ASSUAN_INVALID_FD)
- gpg_err_set_errno (save_errno);
}
else
{
- sock = connect_server (server, port, hd->flags, srvtag, &hnf);
+ err = connect_server (server, port, hd->flags, srvtag, &sock);
}
- if (sock == ASSUAN_INVALID_FD)
+ if (err)
{
xfree (proxy_authstr);
- return gpg_err_make (default_errsource,
- (hnf? GPG_ERR_UNKNOWN_HOST
- : gpg_err_code_from_syserror ()));
+ return err;
}
hd->sock = my_socket_new (sock);
if (!hd->sock)
@@ -1788,7 +1781,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
}
-
#if HTTP_USE_NTBTLS
if (hd->uri->use_tls)
{
@@ -1796,7 +1788,14 @@ send_request (http_t hd, const char *httphost, const char *auth,
my_socket_ref (hd->sock);
+ /* Until we support send/recv in estream under Windows we need
+ * to use es_fopencookie. */
+#ifdef HAVE_W32_SYSTEM
+ in = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "rb",
+ simple_cookie_functions);
+#else
in = es_fdopen_nc (hd->sock->fd, "rb");
+#endif
if (!in)
{
err = gpg_error_from_syserror ();
@@ -1804,7 +1803,12 @@ send_request (http_t hd, const char *httphost, const char *auth,
return err;
}
+#ifdef HAVE_W32_SYSTEM
+ out = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "wb",
+ simple_cookie_functions);
+#else
out = es_fdopen_nc (hd->sock->fd, "wb");
+#endif
if (!out)
{
err = gpg_error_from_syserror ();
@@ -1822,6 +1826,21 @@ send_request (http_t hd, const char *httphost, const char *auth,
return err;
}
+#ifdef HTTP_USE_NTBTLS
+ if (hd->session->verify_cb)
+ {
+ err = ntbtls_set_verify_cb (hd->session->tls_session,
+ my_ntbtls_verify_cb, hd);
+ if (err)
+ {
+ log_error ("ntbtls_set_verify_cb failed: %s\n",
+ gpg_strerror (err));
+ xfree (proxy_authstr);
+ return err;
+ }
+ }
+#endif /*HTTP_USE_NTBTLS*/
+
while ((err = ntbtls_handshake (hd->session->tls_session)))
{
switch (err)
@@ -1835,10 +1854,33 @@ send_request (http_t hd, const char *httphost, const char *auth,
}
hd->session->verify.done = 0;
- if (tls_callback)
+
+ /* Try the available verify callbacks until one returns success
+ * or a real error. Note that NTBTLS does the verification
+ * during the handshake via */
+#ifdef HTTP_USE_NTBTLS
+ err = 0; /* Fixme check that the CB has been called. */
+#else
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
+
+ if (hd->session->verify_cb
+ && gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
+ && gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
+ err = hd->session->verify_cb (hd->session->verify_cb_value,
+ hd, hd->session,
+ (hd->flags | hd->session->flags),
+ hd->session->tls_session);
+
+ if (tls_callback
+ && gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
+ && gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
err = tls_callback (hd, hd->session, 0);
- else
+
+ if (gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
+ && gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
err = http_verify_server_credentials (hd->session);
+
if (err)
{
log_info ("TLS connection authentication failed: %s <%s>\n",
@@ -1846,6 +1888,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
xfree (proxy_authstr);
return err;
}
+
}
#elif HTTP_USE_GNUTLS
if (hd->uri->use_tls)
@@ -1954,7 +1997,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
{
char portstr[35];
- if (port == 80)
+ if (port == (hd->uri->use_tls? 443 : 80))
*portstr = 0;
else
snprintf (portstr, sizeof portstr, ":%u", port);
@@ -2162,11 +2205,10 @@ store_header (http_t hd, char *line)
if (h)
{
/* We have already seen a line with that name. Thus we assume
- it is a comma separated list and merge them. */
- p = xtrymalloc (strlen (h->value) + 1 + strlen (value)+ 1);
+ * it is a comma separated list and merge them. */
+ p = strconcat (h->value, ",", value, NULL);
if (!p)
return gpg_err_code_from_syserror ();
- strcpy (stpcpy (stpcpy (p, h->value), ","), value);
xfree (h->value);
h->value = p;
return 0;
@@ -2476,11 +2518,13 @@ my_sock_new_for_addr (struct sockaddr *addr, int type, int proto)
}
-/* Actually connect to a server. Returns the file descriptor or -1 on
- error. ERRNO is set on error. */
-static assuan_fd_t
+/* Actually connect to a server. On success 0 is returned and the
+ * file descriptor for the socket is stored at R_SOCK; on error an
+ * error code is returned and ASSUAN_INVALID_FD is stored at
+ * R_SOCK. */
+static gpg_error_t
connect_server (const char *server, unsigned short port,
- unsigned int flags, const char *srvtag, int *r_host_not_found)
+ unsigned int flags, const char *srvtag, assuan_fd_t *r_sock)
{
gpg_error_t err;
assuan_fd_t sock = ASSUAN_INVALID_FD;
@@ -2488,11 +2532,11 @@ connect_server (const char *server, unsigned short port,
int hostfound = 0;
int anyhostaddr = 0;
int srv, connected;
- int last_errno = 0;
+ gpg_error_t last_err = 0;
struct srventry *serverlist = NULL;
- int ret;
- *r_host_not_found = 0;
+ *r_sock = ASSUAN_INVALID_FD;
+
#if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
init_sockets ();
#endif /*Windows*/
@@ -2509,18 +2553,21 @@ connect_server (const char *server, unsigned short port,
ASSUAN_SOCK_TOR);
if (sock == ASSUAN_INVALID_FD)
{
- if (errno == EHOSTUNREACH)
- *r_host_not_found = 1;
- log_error ("can't connect to '%s': %s\n", server, strerror (errno));
+ err = gpg_err_make (default_errsource,
+ (errno == EHOSTUNREACH)? GPG_ERR_UNKNOWN_HOST
+ : gpg_err_code_from_syserror ());
+ log_error ("can't connect to '%s': %s\n", server, gpg_strerror (err));
+ return err;
}
- else
- notify_netactivity ();
- return sock;
+
+ notify_netactivity ();
+ *r_sock = sock;
+ return 0;
#else /*!ASSUAN_SOCK_TOR*/
- gpg_err_set_errno (ENETUNREACH);
- return -1; /* Out of core. */
+ err = gpg_err_make (default_errsource, GPG_ERR_ENETUNREACH);
+ return ASSUAN_INVALID_FD;
#endif /*!HASSUAN_SOCK_TOR*/
}
@@ -2533,6 +2580,7 @@ connect_server (const char *server, unsigned short port,
log_info ("getting '%s' SRV for '%s' failed: %s\n",
srvtag, server, gpg_strerror (err));
/* Note that on error SRVCOUNT is zero. */
+ err = 0;
}
if (!serverlist)
@@ -2541,7 +2589,8 @@ connect_server (const char *server, unsigned short port,
up a fake SRV record. */
serverlist = xtrycalloc (1, sizeof *serverlist);
if (!serverlist)
- return -1; /* Out of core. */
+ return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+
serverlist->port = port;
strncpy (serverlist->target, server, DIMof (struct srventry, target));
serverlist->target[DIMof (struct srventry, target)-1] = '\0';
@@ -2562,6 +2611,7 @@ connect_server (const char *server, unsigned short port,
{
log_info ("resolving '%s' failed: %s\n",
serverlist[srv].target, gpg_strerror (err));
+ last_err = err;
continue; /* Not found - try next one. */
}
hostfound = 1;
@@ -2578,18 +2628,20 @@ connect_server (const char *server, unsigned short port,
sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
if (sock == ASSUAN_INVALID_FD)
{
- int save_errno = errno;
- log_error ("error creating socket: %s\n", strerror (errno));
+ err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
+ log_error ("error creating socket: %s\n", gpg_strerror (err));
free_dns_addrinfo (aibuf);
xfree (serverlist);
- errno = save_errno;
- return ASSUAN_INVALID_FD;
+ return err;
}
anyhostaddr = 1;
- ret = assuan_sock_connect (sock, ai->addr, ai->addrlen);
- if (ret)
- last_errno = errno;
+ if (assuan_sock_connect (sock, ai->addr, ai->addrlen))
+ {
+ last_err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
+ }
else
{
connected = 1;
@@ -2616,17 +2668,53 @@ connect_server (const char *server, unsigned short port,
server, (int)WSAGetLastError());
#else
log_error ("can't connect to '%s': %s\n",
- server, strerror (last_errno));
+ server, gpg_strerror (last_err));
#endif
}
- if (!hostfound || (hostfound && !anyhostaddr))
- *r_host_not_found = 1;
+ err = last_err? last_err : gpg_err_make (default_errsource,
+ GPG_ERR_UNKNOWN_HOST);
if (sock != ASSUAN_INVALID_FD)
assuan_sock_close (sock);
- gpg_err_set_errno (last_errno);
- return ASSUAN_INVALID_FD;
+ return err;
}
- return sock;
+
+ *r_sock = sock;
+ return 0;
+}
+
+
+/* Helper to read from a socket. This handles npth things and
+ * EINTR. */
+static gpgrt_ssize_t
+read_server (int sock, void *buffer, size_t size)
+{
+ int nread;
+
+ do
+ {
+#ifdef HAVE_W32_SYSTEM
+ /* Under Windows we need to use recv for a socket. */
+# if defined(USE_NPTH)
+ npth_unprotect ();
+# endif
+ nread = recv (sock, buffer, size, 0);
+# if defined(USE_NPTH)
+ npth_protect ();
+# endif
+
+#else /*!HAVE_W32_SYSTEM*/
+
+# ifdef USE_NPTH
+ nread = npth_read (sock, buffer, size);
+# else
+ nread = read (sock, buffer, size);
+# endif
+
+#endif /*!HAVE_W32_SYSTEM*/
+ }
+ while (nread == -1 && errno == EINTR);
+
+ return nread;
}
@@ -2745,29 +2833,7 @@ cookie_read (void *cookie, void *buffer, size_t size)
else
#endif /*HTTP_USE_GNUTLS*/
{
- do
- {
-#ifdef HAVE_W32_SYSTEM
- /* Under Windows we need to use recv for a socket. */
-# if defined(USE_NPTH)
- npth_unprotect ();
-# endif
- nread = recv (c->sock->fd, buffer, size, 0);
-# if defined(USE_NPTH)
- npth_protect ();
-# endif
-
-#else /*!HAVE_W32_SYSTEM*/
-
-# ifdef USE_NPTH
- nread = npth_read (c->sock->fd, buffer, size);
-# else
- nread = read (c->sock->fd, buffer, size);
-# endif
-
-#endif /*!HAVE_W32_SYSTEM*/
- }
- while (nread == -1 && errno == EINTR);
+ nread = read_server (c->sock->fd, buffer, size);
}
if (c->content_length_valid && nread > 0)
@@ -2849,6 +2915,34 @@ cookie_write (void *cookie, const void *buffer_arg, size_t size)
}
+#ifdef HAVE_W32_SYSTEM
+static gpgrt_ssize_t
+simple_cookie_read (void *cookie, void *buffer, size_t size)
+{
+ int sock = (int)(uintptr_t)cookie;
+ return read_server (sock, buffer, size);
+}
+
+static gpgrt_ssize_t
+simple_cookie_write (void *cookie, const void *buffer_arg, size_t size)
+{
+ int sock = (int)(uintptr_t)cookie;
+ const char *buffer = buffer_arg;
+ int nwritten;
+
+ if (write_server (sock, buffer, size))
+ {
+ gpg_err_set_errno (EIO);
+ nwritten = -1;
+ }
+ else
+ nwritten = size;
+
+ return (gpgrt_ssize_t)nwritten;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
#ifdef HTTP_USE_GNUTLS
/* Wrapper for gnutls_bye used by my_socket_unref. */
static void
@@ -2912,10 +3006,7 @@ cookie_close (void *cookie)
gpg_error_t
http_verify_server_credentials (http_session_t sess)
{
-#if HTTP_USE_NTBTLS
- (void)sess;
- return 0; /* FIXME!! */
-#elif HTTP_USE_GNUTLS
+#if HTTP_USE_GNUTLS
static const char const errprefix[] = "TLS verification of peer failed";
int rc;
unsigned int status;
diff --git a/dirmngr/http.h b/dirmngr/http.h
index 0b581fe..2609b9e 100644
--- a/dirmngr/http.h
+++ b/dirmngr/http.h
@@ -86,8 +86,9 @@ enum
HTTP_FLAG_IGNORE_CL = 32, /* Ignore content-length. */
HTTP_FLAG_IGNORE_IPv4 = 64, /* Do not use IPv4. */
HTTP_FLAG_IGNORE_IPv6 = 128, /* Do not use IPv6. */
- HTTP_FLAG_TRUST_DEF = 256, /* Use the default CAs. */
- HTTP_FLAG_TRUST_SYS = 512 /* Also use the system defined CAs. */
+ HTTP_FLAG_TRUST_DEF = 256, /* Use the CAs configured for HKP. */
+ HTTP_FLAG_TRUST_SYS = 512, /* Also use the system defined CAs. */
+ HTTP_FLAG_NO_CRL = 1024 /* Do not consult CRLs for https. */
};
@@ -97,6 +98,13 @@ typedef struct http_session_s *http_session_t;
struct http_context_s;
typedef struct http_context_s *http_t;
+/* A TLS verify callback function. */
+typedef gpg_error_t (*http_verify_cb_t) (void *opaque,
+ http_t http,
+ http_session_t session,
+ unsigned int flags,
+ void *tls_context);
+
void http_set_verbose (int verbose, int debug);
void http_register_tls_callback (gpg_error_t (*cb)(http_t,http_session_t,int));
@@ -105,9 +113,10 @@ void http_register_netactivity_cb (void (*cb)(void));
gpg_error_t http_session_new (http_session_t *r_session,
- const char *tls_priority,
const char *intended_hostname,
- unsigned int flags);
+ unsigned int flags,
+ http_verify_cb_t cb,
+ void *cb_value);
http_session_t http_session_ref (http_session_t sess);
void http_session_release (http_session_t sess);
diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c
index b1f02ad..811b72d 100644
--- a/dirmngr/ks-engine-finger.c
+++ b/dirmngr/ks-engine-finger.c
@@ -83,7 +83,9 @@ ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp)
*server++ = 0;
err = http_raw_connect (&http, server, 79,
- (opt.use_tor? HTTP_FLAG_FORCE_TOR : 0), NULL);
+ ((dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR : 0)
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
+ NULL);
if (err)
{
xfree (name);
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 45965ce..b6a0675 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -82,16 +82,13 @@ struct hostinfo_s
unsigned int v6:1; /* Host supports AF_INET6. */
unsigned int onion:1;/* NAME is an onion (Tor HS) address. */
unsigned int dead:1; /* Host is currently unresponsive. */
+ unsigned int iporname_valid:1; /* The field IPORNAME below is valid */
+ /* (but may be NULL) */
time_t died_at; /* The time the host was marked dead. If this is
0 the host has been manually marked dead. */
char *cname; /* Canonical name of the host. Only set if this
is a pool or NAME has a numerical IP address. */
- char *v4addr; /* A string with the v4 IP address of the host.
- NULL if NAME has a numeric IP address or no v4
- address is available. */
- char *v6addr; /* A string with the v6 IP address of the host.
- NULL if NAME has a numeric IP address or no v6
- address is available. */
+ char *iporname; /* Numeric IP address or name for printing. */
unsigned short port; /* The port used by the host, 0 if unknown. */
char name[1]; /* The hostname. */
};
@@ -128,10 +125,10 @@ create_new_hostinfo (const char *name)
hi->v6 = 0;
hi->onion = 0;
hi->dead = 0;
+ hi->iporname_valid = 0;
hi->died_at = 0;
hi->cname = NULL;
- hi->v4addr = NULL;
- hi->v6addr = NULL;
+ hi->iporname = NULL;
hi->port = 0;
/* Add it to the hosttable. */
@@ -258,6 +255,31 @@ arecords_is_pool (dns_addrinfo_t aibuf)
}
+/* Print a warninng iff Tor is not running but Tor has been requested.
+ * Also return true if it is not running. */
+static int
+tor_not_running_p (ctrl_t ctrl)
+{
+ assuan_fd_t sock;
+
+ if (!dirmngr_use_tor ())
+ return 0;
+
+ sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
+ if (sock != ASSUAN_INVALID_FD)
+ {
+ assuan_sock_close (sock);
+ return 0;
+ }
+
+ log_info ("(it seems Tor is not running)\n");
+ dirmngr_status (ctrl, "WARNING", "tor_not_running 0",
+ "Tor is enabled but the local Tor daemon"
+ " seems to be down", NULL);
+ return 1;
+}
+
+
/* Add the host AI under the NAME into the HOSTTABLE. If PORT is not
zero, it specifies which port to use to talk to the host. If NAME
specifies a pool (as indicated by IS_POOL), update the given
@@ -270,15 +292,20 @@ add_host (const char *name, int is_pool,
gpg_error_t tmperr;
char *tmphost;
int idx, tmpidx;
- int is_numeric = 0;
int i;
idx = find_hostinfo (name);
- if (!is_pool && !is_ip_address (name))
+ if (is_pool)
{
- /* This is a hostname but not a pool. Use the name
- as given without going through resolve_dns_addr. */
+ /* For a pool immediately convert the address to a string. */
+ tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
+ (DNS_NUMERICHOST | DNS_WITHBRACKET), &tmphost);
+ }
+ else if (!is_ip_address (name))
+ {
+ /* This is a hostname. Use the name as given without going
+ * through resolve_dns_addr. */
tmphost = xtrystrdup (name);
if (!tmphost)
tmperr = gpg_error_from_syserror ();
@@ -287,10 +314,10 @@ add_host (const char *name, int is_pool,
}
else
{
+ /* Do a PTR lookup on AI. If a name was not found the function
+ * returns the numeric address (with brackets). */
tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
DNS_WITHBRACKET, &tmphost);
- if (tmphost && is_ip_address (tmphost))
- is_numeric = 1;
}
if (tmperr)
@@ -319,45 +346,21 @@ add_host (const char *name, int is_pool,
if (tmpidx == -1)
{
- log_error ("map_host for '%s' problem: %s - '%s'"
- " [ignored]\n",
+ log_error ("map_host for '%s' problem: %s - '%s' [ignored]\n",
name, strerror (errno), tmphost);
}
else /* Set or update the entry. */
{
- char *ipaddr = NULL;
-
if (port)
hosttable[tmpidx]->port = port;
- if (!is_numeric)
- {
- xfree (tmphost);
- tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
- (DNS_NUMERICHOST
- | DNS_WITHBRACKET),
- &tmphost);
- if (tmperr)
- log_info ("resolve_dns_addr failed: %s\n",
- gpg_strerror (tmperr));
- else
- {
- ipaddr = tmphost;
- tmphost = NULL;
- }
- }
-
if (ai->family == AF_INET6)
{
hosttable[tmpidx]->v6 = 1;
- xfree (hosttable[tmpidx]->v6addr);
- hosttable[tmpidx]->v6addr = ipaddr;
}
else if (ai->family == AF_INET)
{
hosttable[tmpidx]->v4 = 1;
- xfree (hosttable[tmpidx]->v4addr);
- hosttable[tmpidx]->v4addr = ipaddr;
}
else
BUG ();
@@ -454,6 +457,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
if (err)
{
xfree (reftbl);
+ if (gpg_err_code (err) == GPG_ERR_ECONNREFUSED)
+ tor_not_running_p (ctrl);
return err;
}
@@ -505,6 +510,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
{
if (ai->family != AF_INET && ai->family != AF_INET6)
continue;
+ if (opt.disable_ipv4 && ai->family == AF_INET)
+ continue;
dirmngr_tick (ctrl);
add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx);
@@ -585,7 +592,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
{
for (ai = aibuf; ai; ai = ai->next)
{
- if (ai->family == AF_INET6 || ai->family == AF_INET)
+ if (ai->family == AF_INET6
+ || (!opt.disable_ipv4 && ai->family == AF_INET))
{
err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host);
if (!err)
@@ -789,6 +797,7 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
if (err)
return err;
+ /* FIXME: We need a lock for the hosttable. */
curtime = gnupg_get_time ();
for (idx=0; idx < hosttable_size; idx++)
if ((hi=hosttable[idx]))
@@ -800,16 +809,82 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
}
else
diedstr = died = NULL;
- err = ks_printf_help (ctrl, "%3d %s %s %s %s%s%s%s%s%s%s%s\n",
+
+ if (!hi->iporname_valid)
+ {
+ char *canon = NULL;
+
+ xfree (hi->iporname);
+ hi->iporname = NULL;
+
+ /* Do a lookup just for the display purpose. */
+ if (hi->onion || hi->pool)
+ ;
+ else if (is_ip_address (hi->name))
+ {
+ dns_addrinfo_t aibuf, ai;
+
+ /* Turn the numerical IP address string into an AI and
+ * then do a DNS PTR lookup. */
+ if (!resolve_dns_name (hi->name, 0, 0,
+ SOCK_STREAM,
+ &aibuf, &canon))
+ {
+ if (canon && is_ip_address (canon))
+ {
+ xfree (canon);
+ canon = NULL;
+ }
+ for (ai = aibuf; !canon && ai; ai = ai->next)
+ {
+ resolve_dns_addr (ai->addr, ai->addrlen,
+ DNS_WITHBRACKET, &canon);
+ if (canon && is_ip_address (canon))
+ {
+ /* We already have the numeric IP - no need to
+ * display it a second time. */
+ xfree (canon);
+ canon = NULL;
+ }
+ }
+ }
+ free_dns_addrinfo (aibuf);
+ }
+ else
+ {
+ dns_addrinfo_t aibuf, ai;
+
+ /* Get the IP address as a string from a name. Note
+ * that resolve_dns_addr allocates CANON on success
+ * and thus terminates the loop. */
+ if (!resolve_dns_name (hi->name, 0,
+ hi->v6? AF_INET6 : AF_INET,
+ SOCK_STREAM,
+ &aibuf, NULL))
+ {
+ for (ai = aibuf; !canon && ai; ai = ai->next)
+ {
+ resolve_dns_addr (ai->addr, ai->addrlen,
+ DNS_NUMERICHOST|DNS_WITHBRACKET,
+ &canon);
+ }
+ }
+ free_dns_addrinfo (aibuf);
+ }
+
+ hi->iporname = canon;
+ hi->iporname_valid = 1;
+ }
+
+ err = ks_printf_help (ctrl, "%3d %s %s %s %s%s%s%s%s%s%s\n",
idx,
hi->onion? "O" : hi->v6? "6":" ",
hi->v4? "4":" ",
hi->dead? "d":" ",
hi->name,
- hi->v6addr? " v6=":"",
- hi->v6addr? hi->v6addr:"",
- hi->v4addr? " v4=":"",
- hi->v4addr? hi->v4addr:"",
+ hi->iporname? " (":"",
+ hi->iporname? hi->iporname : "",
+ hi->iporname? ")":"",
diedstr? " (":"",
diedstr? diedstr:"",
diedstr? ")":"" );
@@ -1016,6 +1091,7 @@ ks_hkp_reload (void)
hi = hosttable[idx];
if (!hi)
continue;
+ hi->iporname_valid = 0;
if (!hi->dead)
continue;
hi->dead = 0;
@@ -1047,7 +1123,10 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
*r_fp = NULL;
- err = http_session_new (&session, NULL, httphost, HTTP_FLAG_TRUST_DEF);
+ err = http_session_new (&session, httphost,
+ ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
+ | HTTP_FLAG_TRUST_DEF),
+ gnupg_http_tls_verify_cb, ctrl);
if (err)
goto leave;
http_session_set_log_cb (session, cert_log_cb);
@@ -1060,7 +1139,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
/* fixme: AUTH */ NULL,
(httpflags
|(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
- |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
+ |(dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
+ |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
ctrl->http_proxy,
session,
NULL,
@@ -1178,13 +1258,13 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
}
-/* Helper to evaluate the error code ERR form a send_request() call
+/* Helper to evaluate the error code ERR from a send_request() call
with REQUEST. The function returns true if the caller shall try
again. TRIES_LEFT points to a variable to track the number of
retries; this function decrements it and won't return true if it is
down to zero. */
static int
-handle_send_request_error (gpg_error_t err, const char *request,
+handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request,
unsigned int *tries_left)
{
int retry = 0;
@@ -1195,16 +1275,9 @@ handle_send_request_error (gpg_error_t err, const char *request,
switch (gpg_err_code (err))
{
case GPG_ERR_ECONNREFUSED:
- if (opt.use_tor)
- {
- assuan_fd_t sock;
-
- sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
- if (sock == ASSUAN_INVALID_FD)
- log_info ("(it seems Tor is not running)\n");
- else
- assuan_sock_close (sock);
- }
+ if (tor_not_running_p (ctrl))
+ break; /* A retry does not make sense. */
+ /* Okay: Tor is up or --use-tor is not used. */
/*FALLTHRU*/
case GPG_ERR_ENETUNREACH:
case GPG_ERR_ENETDOWN:
@@ -1222,6 +1295,16 @@ handle_send_request_error (gpg_error_t err, const char *request,
}
break;
+ case GPG_ERR_EACCES:
+ if (dirmngr_use_tor ())
+ {
+ log_info ("(Tor configuration problem)\n");
+ dirmngr_status (ctrl, "WARNING", "tor_config_problem 0",
+ "Please check that the \"SocksPort\" flag "
+ "\"IPv6Traffic\" is set in torrc", NULL);
+ }
+ break;
+
default:
break;
}
@@ -1332,7 +1415,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
/* Send the request. */
err = send_request (ctrl, request, hostport, httphost, httpflags,
NULL, NULL, &fp, r_http_status);
- if (handle_send_request_error (err, request, &tries))
+ if (handle_send_request_error (ctrl, err, request, &tries))
{
reselect = 1;
goto again;
@@ -1466,7 +1549,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
/* Send the request. */
err = send_request (ctrl, request, hostport, httphost, httpflags,
NULL, NULL, &fp, NULL);
- if (handle_send_request_error (err, request, &tries))
+ if (handle_send_request_error (ctrl, err, request, &tries))
{
reselect = 1;
goto again;
@@ -1575,7 +1658,7 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen)
/* Send the request. */
err = send_request (ctrl, request, hostport, httphost, 0,
put_post_cb, &parm, &fp, NULL);
- if (handle_send_request_error (err, request, &tries))
+ if (handle_send_request_error (ctrl, err, request, &tries))
{
reselect = 1;
goto again;
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index 858c943..d4a6c8a 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -76,7 +76,10 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
once_more:
/* Note that we only use the system provided certificates with the
* fetch command. */
- err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_SYS);
+ err = http_session_new (&session, NULL,
+ ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
+ | HTTP_FLAG_TRUST_SYS),
+ gnupg_http_tls_verify_cb, ctrl);
if (err)
goto leave;
http_session_set_log_cb (session, cert_log_cb);
@@ -88,7 +91,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
/* httphost */ NULL,
/* fixme: AUTH */ NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
- | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
+ | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
ctrl->http_proxy,
session,
NULL,
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 6d520e9..f664655 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -850,7 +850,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
(void) ctrl;
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("LDAP access not possible due to Tor mode\n"));
@@ -1033,7 +1033,7 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
(void) ctrl;
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("LDAP access not possible due to Tor mode\n"));
@@ -1471,7 +1471,7 @@ modlist_dump (LDAPMod **modlist, estream_t output)
for ((ptr = (*m)->mod_values), (i = 1); ptr && *ptr; ptr++, i ++)
{
/* Assuming terminals are about 80 characters wide,
- display at most most about 10 lines of debugging
+ display at most about 10 lines of debugging
output. If we do trim the buffer, append '...' to
the end. */
const int max_len = 10 * 70;
@@ -1909,7 +1909,7 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
/* Elide a warning. */
(void) ctrl;
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not support LDAP over Tor. */
log_error (_("LDAP access not possible due to Tor mode\n"));
diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
index 20cbbd8..a037f5d 100644
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@@ -445,26 +445,16 @@ make_url (char **url, const char *dn, const char *filter)
xfree (u_dn);
return err;
}
- *url = malloc ( 8 + strlen (u_dn)
- + 1 + strlen (attrs)
- + 5 + strlen (u_filter) + 1 );
+
+ *url = strconcat ("ldap:///", u_dn, "?", attrs, "?sub?", u_filter, NULL);
if (!*url)
- {
- err = gpg_error_from_errno (errno);
- xfree (u_dn);
- xfree (u_filter);
- return err;
- }
+ err = gpg_error_from_syserror ();
+ else
+ err = 0;
- stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (*url, "ldap:///"),
- u_dn),
- "?"),
- attrs),
- "?sub?"),
- u_filter);
xfree (u_dn);
xfree (u_filter);
- return 0;
+ return err;
}
diff --git a/dirmngr/loadswdb.c b/dirmngr/loadswdb.c
index 2d6bdc1..5a7778d 100644
--- a/dirmngr/loadswdb.c
+++ b/dirmngr/loadswdb.c
@@ -191,6 +191,9 @@ verify_status_cb (void *opaque, const char *keyword, char *args)
{
struct verify_status_parm_s *parm = opaque;
+ if (DBG_EXTPROG)
+ log_debug ("gpgv status: %s %s\n", keyword, args);
+
/* We care only about the first valid signature. */
if (!strcmp (keyword, "VALIDSIG") && !parm->anyvalid)
{
@@ -302,12 +305,16 @@ dirmngr_load_swdb (ctrl_t ctrl, int force)
goto leave;
}
+ if (DBG_EXTPROG)
+ log_debug ("starting gpgv\n");
err = gnupg_exec_tool_stream (gnupg_module_name (GNUPG_MODULE_NAME_GPGV),
argv, swdb, swdb_sig, NULL,
verify_status_cb, &verify_status_parm);
if (!err && verify_status_parm.sigtime == (time_t)(-1))
err = gpg_error (verify_status_parm.anyvalid? GPG_ERR_BAD_SIGNATURE
/**/ : GPG_ERR_INV_TIME );
+ if (DBG_EXTPROG)
+ log_debug ("gpgv finished: err=%d\n", err);
if (err)
goto leave;
diff --git a/dirmngr/misc.c b/dirmngr/misc.c
index 2ee6d82..6d7c963 100644
--- a/dirmngr/misc.c
+++ b/dirmngr/misc.c
@@ -62,6 +62,8 @@ hashify_data( const char* data, size_t len )
return hexify_data (buf, 20, 0);
}
+
+/* FIXME: Replace this by hextobin. */
char*
hexify_data (const unsigned char* data, size_t len, int with_prefix)
{
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
index 9127cf7..aff8e32 100644
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@@ -132,7 +132,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
(void)ctrl;
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* For now we do not allow OCSP via Tor due to possible privacy
concerns. Needs further research. */
@@ -174,7 +174,8 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
once_more:
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
- | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
+ | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
ctrl->http_proxy, NULL, NULL, NULL);
if (err)
{
diff --git a/dirmngr/server.c b/dirmngr/server.c
index c9c4ad4..9fa8229 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -60,6 +60,10 @@
Dirmngr was a system service and not a user service. */
#define MAX_CERT_LENGTH (16*1024)
+/* The limit for the CERTLIST inquiry. We allow for up to 20
+ * certificates but also take PEM encoding into account. */
+#define MAX_CERTLIST_LENGTH ((MAX_CERT_LENGTH * 20 * 4)/3)
+
/* The same goes for OpenPGP keyblocks, but here we need to allow for
much longer blocks; a 200k keyblock is not too unusual for keys
with a lot of signatures (e.g. 0x5b0358a2). 9C31503C6D866396 even
@@ -186,7 +190,7 @@ data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size)
const char *buffer = buffer_arg;
gpg_error_t err;
- /* If we do not want logging, enable it it here. */
+ /* If we do not want logging, enable it here. */
if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging)
ctrl->server_local->inhibit_data_logging_now = 1;
@@ -366,17 +370,15 @@ do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
char *buf;
ksba_cert_t cert;
- if (name)
+ buf = name? strconcat (command, " ", name, NULL) : xtrystrdup (command);
+ if (!buf)
+ rc = gpg_error_from_syserror ();
+ else
{
- buf = xmalloc ( strlen (command) + 1 + strlen(name) + 1);
- strcpy (stpcpy (stpcpy (buf, command), " "), name);
+ rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
+ &value, &valuelen, MAX_CERT_LENGTH);
+ xfree (buf);
}
- else
- buf = xstrdup (command);
-
- rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
- &value, &valuelen, MAX_CERT_LENGTH);
- xfree (buf);
if (rc)
{
log_error (_("assuan_inquire(%s) failed: %s\n"),
@@ -406,12 +408,11 @@ do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
-/* Ask back to return a certificate for name, given as a regular
- gpgsm certificate indentificates (e.g. fingerprint or one of the
- other methods). Alternatively, NULL may be used for NAME to
- return the current target certificate. Either return the certificate
- in a KSBA object or NULL if it is not available.
-*/
+/* Ask back to return a certificate for NAME, given as a regular gpgsm
+ * certificate identifier (e.g. fingerprint or one of the other
+ * methods). Alternatively, NULL may be used for NAME to return the
+ * current target certificate. Either return the certificate in a
+ * KSBA object or NULL if it is not available. */
ksba_cert_t
get_cert_local (ctrl_t ctrl, const char *name)
{
@@ -425,13 +426,12 @@ get_cert_local (ctrl_t ctrl, const char *name)
}
-/* Ask back to return the issuing certificate for name, given as a
- regular gpgsm certificate indentificates (e.g. fingerprint or one
- of the other methods). Alternatively, NULL may be used for NAME to
- return thecurrent target certificate. Either return the certificate
- in a KSBA object or NULL if it is not available.
-*/
+/* Ask back to return the issuing certificate for NAME, given as a
+ * regular gpgsm certificate identifier (e.g. fingerprint or one
+ * of the other methods). Alternatively, NULL may be used for NAME to
+ * return the current target certificate. Either return the certificate
+ * in a KSBA object or NULL if it is not available. */
ksba_cert_t
get_issuing_cert_local (ctrl_t ctrl, const char *name)
{
@@ -444,8 +444,9 @@ get_issuing_cert_local (ctrl_t ctrl, const char *name)
return do_get_cert_local (ctrl, name, "SENDISSUERCERT");
}
+
/* Ask back to return a certificate with subject NAME and a
- subjectKeyIdentifier of KEYID. */
+ * subjectKeyIdentifier of KEYID. */
ksba_cert_t
get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
{
@@ -475,15 +476,13 @@ get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
return NULL;
}
- buf = xtrymalloc (15 + strlen (hexkeyid) + 2 + strlen(name) + 1);
+ buf = strconcat ("SENDCERT_SKI ", hexkeyid, " /", name, NULL);
if (!buf)
{
-
log_error ("can't allocate enough memory: %s\n", strerror (errno));
xfree (hexkeyid);
return NULL;
}
- strcpy (stpcpy (stpcpy (stpcpy (buf, "SENDCERT_SKI "), hexkeyid)," /"),name);
xfree (hexkeyid);
rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
@@ -625,9 +624,14 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
else if (!strcmp (key, "honor-keyserver-url-used"))
{
/* Return an error if we are running in Tor mode. */
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
err = gpg_error (GPG_ERR_FORBIDDEN);
}
+ else if (!strcmp (key, "http-crl"))
+ {
+ int i = *value? atoi (value) : 0;
+ ctrl->http_no_crl = !i;
+ }
else
err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
@@ -1735,7 +1739,7 @@ cmd_cachecert (assuan_context_t ctx, char *line)
static const char hlp_validate[] =
- "VALIDATE\n"
+ "VALIDATE [--systrust] [--tls] [--no-crl]\n"
"\n"
"Validate a certificate using the certificate validation function\n"
"used internally by dirmngr. This command is only useful for\n"
@@ -1745,20 +1749,40 @@ static const char hlp_validate[] =
" INQUIRE TARGETCERT\n"
"\n"
"and the caller is expected to return the certificate for the\n"
- "request as a binary blob.";
+ "request as a binary blob. The option --tls modifies this by asking\n"
+ "for list of certificates with\n"
+ "\n"
+ " INQUIRE CERTLIST\n"
+ "\n"
+ "Here the first certificate is the target certificate, the remaining\n"
+ "certificates are suggested intermediary certificates. All certifciates\n"
+ "need to be PEM encoded.\n"
+ "\n"
+ "The option --systrust changes the behaviour to include the system\n"
+ "provided root certificates as trust anchors. The option --no-crl\n"
+ "skips CRL checks";
static gpg_error_t
cmd_validate (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
ksba_cert_t cert = NULL;
+ certlist_t certlist = NULL;
unsigned char *value = NULL;
size_t valuelen;
+ int systrust_mode, tls_mode, no_crl;
- (void)line;
+ systrust_mode = has_option (line, "--systrust");
+ tls_mode = has_option (line, "--tls");
+ no_crl = has_option (line, "--no-crl");
+ line = skip_options (line);
- err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
- &value, &valuelen, MAX_CERT_LENGTH);
+ if (tls_mode)
+ err = assuan_inquire (ctrl->server_local->assuan_ctx, "CERTLIST",
+ &value, &valuelen, MAX_CERTLIST_LENGTH);
+ else
+ err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
+ &value, &valuelen, MAX_CERT_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
@@ -1767,6 +1791,27 @@ cmd_validate (assuan_context_t ctx, char *line)
if (!valuelen) /* No data returned; return a comprehensible error. */
err = gpg_error (GPG_ERR_MISSING_CERT);
+ else if (tls_mode)
+ {
+ estream_t fp;
+
+ fp = es_fopenmem_init (0, "rb", value, valuelen);
+ if (!fp)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ err = read_certlist_from_stream (&certlist, fp);
+ es_fclose (fp);
+ if (!err && !certlist)
+ err = gpg_error (GPG_ERR_MISSING_CERT);
+ if (!err)
+ {
+ /* Extraxt the first certificate from the list. */
+ cert = certlist->cert;
+ ksba_cert_ref (cert);
+ }
+ }
+ }
else
{
err = ksba_cert_new (&cert);
@@ -1777,26 +1822,45 @@ cmd_validate (assuan_context_t ctx, char *line)
if(err)
goto leave;
- /* If we have this certificate already in our cache, use the cached
- version for validation because this will take care of any cached
- results. */
- {
- unsigned char fpr[20];
- ksba_cert_t tmpcert;
+ if (!tls_mode)
+ {
+ /* If we have this certificate already in our cache, use the
+ * cached version for validation because this will take care of
+ * any cached results. We don't need to do this in tls mode
+ * because this has already been done for certificate in a
+ * certlist_t. */
+ unsigned char fpr[20];
+ ksba_cert_t tmpcert;
- cert_compute_fpr (cert, fpr);
- tmpcert = get_cert_byfpr (fpr);
- if (tmpcert)
- {
- ksba_cert_release (cert);
- cert = tmpcert;
- }
- }
+ cert_compute_fpr (cert, fpr);
+ tmpcert = get_cert_byfpr (fpr);
+ if (tmpcert)
+ {
+ ksba_cert_release (cert);
+ cert = tmpcert;
+ }
+ }
+
+ /* Quick hack to make verification work by inserting the supplied
+ * certs into the cache. */
+ if (tls_mode && certlist)
+ {
+ certlist_t cl;
- err = validate_cert_chain (ctrl, cert, NULL, VALIDATE_MODE_CERT, NULL);
+ for (cl = certlist->next; cl; cl = cl->next)
+ cache_cert (cl->cert);
+ }
+
+ err = validate_cert_chain (ctrl, cert, NULL,
+ (VALIDATE_FLAG_TRUST_CONFIG
+ | (tls_mode ? VALIDATE_FLAG_TLS : 0)
+ | (systrust_mode ? VALIDATE_FLAG_TRUST_SYSTEM : 0)
+ | (no_crl ? VALIDATE_FLAG_NOCRLCHECK : 0)),
+ NULL);
leave:
ksba_cert_release (cert);
+ release_certlist (certlist);
return leave_cmd (ctx, err);
}
@@ -2338,14 +2402,18 @@ cmd_getinfo (assuan_context_t ctx, char *line)
}
else if (!strcmp (line, "tor"))
{
- if (opt.use_tor)
+ int use_tor;
+
+ use_tor = dirmngr_use_tor ();
+ if (use_tor)
{
if (!is_tor_running (ctrl))
err = assuan_write_status (ctx, "NO_TOR", "Tor not running");
else
err = 0;
if (!err)
- assuan_set_okay_line (ctx, "- Tor mode is enabled");
+ assuan_set_okay_line (ctx, use_tor == 1 ? "- Tor mode is enabled"
+ /**/ : "- Tor mode is enforced");
}
else
err = set_error (GPG_ERR_FALSE, "Tor mode is NOT enabled");
diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c
index a87382a..35f5947 100644
--- a/dirmngr/t-http.c
+++ b/dirmngr/t-http.c
@@ -42,7 +42,7 @@
#include "logging.h"
#include "http.h"
-
+#include <ksba.h>
#if HTTP_USE_NTBTLS
# include <ntbtls.h>
#elif HTTP_USE_GNUTLS
@@ -118,6 +118,57 @@ my_gnutls_log (int level, const char *text)
}
#endif
+#if HTTP_USE_NTBTLS
+static gpg_error_t
+my_http_tls_verify_cb (void *opaque,
+ http_t http,
+ http_session_t session,
+ unsigned int http_flags,
+ void *tls_context)
+{
+ gpg_error_t err;
+ int idx;
+ ksba_cert_t cert;
+ ksba_cert_t hostcert = NULL;
+
+ (void)opaque;
+ (void)http;
+ (void)session;
+ (void)http_flags;
+
+ /* Get the peer's certs fron ntbtls. */
+ for (idx = 0;
+ (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++)
+ {
+ if (!idx)
+ {
+ log_info ("Received host certificate\n");
+ hostcert = cert;
+ }
+ else
+ {
+
+ log_info ("Received additional certificate\n");
+ ksba_cert_release (cert);
+ }
+ }
+ if (!idx)
+ {
+ err = gpg_error (GPG_ERR_MISSING_CERT);
+ goto leave;
+ }
+
+ err = 0;
+
+ leave:
+ ksba_cert_release (hostcert);
+ log_info ("my_http_tls_verify_cb returns: %s\n", gpg_strerror (err));
+ return err;
+}
+#endif /*HTTP_USE_NTBTLS*/
+
+
+
/* Prepend FNAME with the srcdir environment variable's value and
return an allocated filename. */
static char *
@@ -142,14 +193,14 @@ main (int argc, char **argv)
{
int last_argc = -1;
gpg_error_t err;
- int rc;
- parsed_uri_t uri;
+ int rc; parsed_uri_t uri;
uri_tuple_t r;
http_t hd;
int c;
unsigned int my_http_flags = 0;
int no_out = 0;
int tls_dbg = 0;
+ int no_crl = 0;
const char *cafile = NULL;
http_session_t session = NULL;
@@ -171,12 +222,13 @@ main (int argc, char **argv)
"Options:\n"
" --verbose print timings etc.\n"
" --debug flyswatter\n"
- " --gnutls-debug N use GNUTLS debug level N\n"
+ " --tls-debug N use TLS debug level N\n"
" --cacert FNAME expect CA certificate in file FNAME\n"
" --no-verify do not verify the certificate\n"
" --force-tls use HTTP_FLAG_FORCE_TLS\n"
" --force-tor use HTTP_FLAG_FORCE_TOR\n"
- " --no-out do not print the content\n",
+ " --no-out do not print the content\n"
+ " --no-crl do not consuilt a CRL\n",
stdout);
exit (0);
}
@@ -191,7 +243,7 @@ main (int argc, char **argv)
debug++;
argc--; argv++;
}
- else if (!strcmp (*argv, "--gnutls-debug"))
+ else if (!strcmp (*argv, "--tls-debug"))
{
argc--; argv++;
if (argc)
@@ -229,6 +281,11 @@ main (int argc, char **argv)
no_out = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--no-crl"))
+ {
+ no_crl = 1;
+ argc--; argv++;
+ }
else if (!strncmp (*argv, "--", 2))
{
fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
@@ -248,9 +305,13 @@ main (int argc, char **argv)
assuan_sock_init ();
#if HTTP_USE_NTBTLS
-
- (void)err;
-
+ log_info ("new session.\n");
+ err = http_session_new (&session, NULL,
+ ((no_crl? HTTP_FLAG_NO_CRL : 0)
+ | HTTP_FLAG_TRUST_DEF),
+ my_http_tls_verify_cb, NULL);
+ if (err)
+ log_error ("http_session_new failed: %s\n", gpg_strerror (err));
ntbtls_set_debug (tls_dbg, NULL, NULL);
#elif HTTP_USE_GNUTLS
@@ -262,7 +323,10 @@ main (int argc, char **argv)
http_register_tls_callback (verify_callback);
http_register_tls_ca (cafile);
- err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF);
+ err = http_session_new (&session, NULL,
+ ((no_crl? HTTP_FLAG_NO_CRL : 0)
+ | HTTP_FLAG_TRUST_DEF),
+ NULL, NULL);
if (err)
log_error ("http_session_new failed: %s\n", gpg_strerror (err));
diff --git a/dirmngr/validate.c b/dirmngr/validate.c
index b3dc9d8..3671a8b 100644
--- a/dirmngr/validate.c
+++ b/dirmngr/validate.c
@@ -1,6 +1,6 @@
/* validate.c - Validate a certificate chain.
* Copyright (C) 2001, 2003, 2004, 2008 Free Software Foundation, Inc.
- * Copyright (C) 2004, 2006, 2008 g10 Code GmbH
+ * Copyright (C) 2004, 2006, 2008, 2017 g10 Code GmbH
*
* This file is part of DirMngr.
*
@@ -33,6 +33,20 @@
#include "validate.h"
#include "misc.h"
+
+/* Mode parameters for cert_check_usage(). */
+enum cert_usage_modes
+ {
+ CERT_USAGE_MODE_SIGN, /* Usable for encryption. */
+ CERT_USAGE_MODE_ENCR, /* Usable for signing. */
+ CERT_USAGE_MODE_VRFY, /* Usable for verification. */
+ CERT_USAGE_MODE_DECR, /* Usable for decryption. */
+ CERT_USAGE_MODE_CERT, /* Usable for cert signing. */
+ CERT_USAGE_MODE_OCSP, /* Usable for OCSP respone signing. */
+ CERT_USAGE_MODE_CRL /* Usable for CRL signing. */
+ };
+
+
/* While running the validation function we need to keep track of the
certificates and the validation outcome of each. We use this type
for it. */
@@ -60,6 +74,29 @@ static const char oid_kp_ocspSigning[] = "1.3.6.1.5.5.7.3.9";
static gpg_error_t check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert);
+/* Make sure that the values defined in the headers are correct. We
+ * can't use the preprocessor due to the use of enums. */
+static void
+check_header_constants (void)
+{
+ log_assert (CERTTRUST_CLASS_SYSTEM == VALIDATE_FLAG_TRUST_SYSTEM);
+ log_assert (CERTTRUST_CLASS_CONFIG == VALIDATE_FLAG_TRUST_CONFIG);
+ log_assert (CERTTRUST_CLASS_HKP == VALIDATE_FLAG_TRUST_HKP);
+ log_assert (CERTTRUST_CLASS_HKPSPOOL == VALIDATE_FLAG_TRUST_HKPSPOOL);
+
+#undef X
+#define X (VALIDATE_FLAG_TRUST_SYSTEM | VALIDATE_FLAG_TRUST_CONFIG \
+ | VALIDATE_FLAG_TRUST_HKP | VALIDATE_FLAG_TRUST_HKPSPOOL)
+
+#if ( X & VALIDATE_FLAG_MASK_TRUST ) != X
+# error VALIDATE_FLAG_MASK_TRUST is bad
+#endif
+#if ( ~X & VALIDATE_FLAG_MASK_TRUST )
+# error VALIDATE_FLAG_MASK_TRUST is bad
+#endif
+
+#undef X
+}
/* Check whether CERT contains critical extensions we don't know
@@ -189,7 +226,7 @@ allowed_ca (ksba_cert_t cert, int *chainlen)
return err;
if (!flag)
{
- if (!is_trusted_cert (cert))
+ if (!is_trusted_cert (cert, CERTTRUST_CLASS_CONFIG))
{
/* The German SigG Root CA's certificate does not flag
itself as a CA; thus we relax this requirement if we
@@ -219,8 +256,8 @@ check_revocations (ctrl_t ctrl, chain_item_t chain)
int any_crl_too_old = 0;
chain_item_t ci;
- assert (ctrl->check_revocations_nest_level >= 0);
- assert (chain);
+ log_assert (ctrl->check_revocations_nest_level >= 0);
+ log_assert (chain);
if (ctrl->check_revocations_nest_level > 10)
{
@@ -365,19 +402,21 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
R_TRUST_ANCHOR; in all other cases NULL is stored there. */
gpg_error_t
validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
- int mode, char **r_trust_anchor)
+ unsigned int flags, char **r_trust_anchor)
{
gpg_error_t err = 0;
int depth, maxdepth;
char *issuer = NULL;
char *subject = NULL;
- ksba_cert_t subject_cert = NULL, issuer_cert = NULL;
+ ksba_cert_t subject_cert = NULL;
+ ksba_cert_t issuer_cert = NULL;
ksba_isotime_t current_time;
ksba_isotime_t exptime;
int any_expired = 0;
int any_no_policy_match = 0;
chain_item_t chain;
+ check_header_constants ();
if (r_exptime)
*r_exptime = 0;
@@ -390,20 +429,9 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
dump_cert ("subject", cert);
/* May the target certificate be used for this purpose? */
- switch (mode)
- {
- case VALIDATE_MODE_OCSP:
- err = cert_use_ocsp_p (cert);
- break;
- case VALIDATE_MODE_CRL:
- case VALIDATE_MODE_CRL_RECURSIVE:
- err = cert_use_crl_p (cert);
- break;
- default:
- err = 0;
- break;
- }
- if (err)
+ if ((flags & VALIDATE_FLAG_OCSP) && (err = check_cert_use_ocsp (cert)))
+ return err;
+ if ((flags & VALIDATE_FLAG_CRL) && (err = check_cert_use_crl (cert)))
return err;
/* If we already validated the certificate not too long ago, we can
@@ -438,7 +466,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
/* We walk up the chain until we find a trust anchor. */
subject_cert = cert;
- maxdepth = 10;
+ maxdepth = 10; /* Sensible limit on the length of the chain. */
chain = NULL;
depth = 0;
for (;;)
@@ -520,7 +548,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
goto leave;
/* Is this a self-signed certificate? */
- if (is_root_cert ( subject_cert, issuer, subject))
+ if (is_root_cert (subject_cert, issuer, subject))
{
/* Yes, this is our trust anchor. */
if (check_cert_sig (subject_cert, subject_cert) )
@@ -536,7 +564,8 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
if (err)
goto leave; /* No. */
- err = is_trusted_cert (subject_cert);
+ err = is_trusted_cert (subject_cert,
+ (flags & VALIDATE_FLAG_MASK_TRUST));
if (!err)
; /* Yes we trust this cert. */
else if (gpg_err_code (err) == GPG_ERR_NOT_TRUSTED)
@@ -630,9 +659,9 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
dump_cert ("issuer", issuer_cert);
}
- /* Now check the signature of the certificate. Well, we
- should delay this until later so that faked certificates
- can't be turned into a DoS easily. */
+ /* Now check the signature of the certificate. FIXME: we should
+ * delay this until later so that faked certificates can't be
+ * turned into a DoS easily. */
err = check_cert_sig (issuer_cert, subject_cert);
if (err)
{
@@ -669,14 +698,14 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
}
}
#endif
- /* We give a more descriptive error code than the one
- returned from the signature checking. */
+ /* Return a more descriptive error code than the one
+ * returned from the signature checking. */
err = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
goto leave;
}
/* Check that the length of the chain is not longer than allowed
- by the CA. */
+ * by the CA. */
{
int chainlen;
@@ -693,7 +722,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
}
/* May that certificate be used for certification? */
- err = cert_use_cert_p (issuer_cert);
+ err = check_cert_use_cert (issuer_cert);
if (err)
goto leave; /* No. */
@@ -722,9 +751,11 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
issuer_cert = NULL;
}
+ /* Even if we have no error here we need to check whether we
+ * encountered an error somewhere during the checks. Set the error
+ * code to the most critical one. */
if (!err)
- { /* If we encountered an error somewhere during the checks, set
- the error code to the most critical one */
+ {
if (any_expired)
err = gpg_error (GPG_ERR_CERT_EXPIRED);
else if (any_no_policy_match)
@@ -740,21 +771,26 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
cert_log_name (" certificate", citem->cert);
}
- if (!err && mode != VALIDATE_MODE_CRL)
+ /* Now check for revocations unless CRL checks are disabled or we
+ * are non-recursive CRL mode. */
+ if (!err
+ && !(flags & VALIDATE_FLAG_NOCRLCHECK)
+ && !((flags & VALIDATE_FLAG_CRL)
+ && !(flags & VALIDATE_FLAG_RECURSIVE)))
{ /* Now that everything is fine, walk the chain and check each
- certificate for revocations.
-
- 1. item in the chain - The root certificate.
- 2. item - the CA below the root
- last item - the target certificate.
-
- Now for each certificate in the chain check whether it has
- been included in a CRL and thus be revoked. We don't do OCSP
- here because this does not seem to make much sense. This
- might become a recursive process and we should better cache
- our validity results to avoid double work. Far worse a
- catch-22 may happen for an improper setup hierarchy and we
- need a way to break up such a deadlock. */
+ * certificate for revocations.
+ *
+ * 1. item in the chain - The root certificate.
+ * 2. item - the CA below the root
+ * last item - the target certificate.
+ *
+ * Now for each certificate in the chain check whether it has
+ * been included in a CRL and thus be revoked. We don't do OCSP
+ * here because this does not seem to make much sense. This
+ * might become a recursive process and we should better cache
+ * our validity results to avoid double work. Far worse a
+ * catch-22 may happen for an improper setup hierarchy and we
+ * need a way to break up such a deadlock. */
err = check_revocations (ctrl, chain);
}
@@ -773,11 +809,11 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
if (!err && !(r_trust_anchor && *r_trust_anchor))
{
/* With no error we can update the validation cache. We do this
- for all certificates in the chain. Note that we can't use
- the cache if the caller requested to check the trustiness of
- the root certificate himself. Adding such a feature would
- require us to also store the fingerprint of root
- certificate. */
+ * for all certificates in the chain. Note that we can't use
+ * the cache if the caller requested to check the trustiness of
+ * the root certificate himself. Adding such a feature would
+ * require us to also store the fingerprint of root
+ * certificate. */
chain_item_t citem;
time_t validated_at = gnupg_get_time ();
@@ -853,8 +889,8 @@ pk_algo_from_sexp (gcry_sexp_t pkey)
/* Check the signature on CERT using the ISSUER_CERT. This function
- does only test the cryptographic signature and nothing else. It is
- assumed that the ISSUER_CERT is valid. */
+ * does only test the cryptographic signature and nothing else. It is
+ * assumed that the ISSUER_CERT is valid. */
static gpg_error_t
check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
{
@@ -952,20 +988,23 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
/* Prepare the values for signature verification. At this point we
- have these values:
-
- S_PKEY - S-expression with the issuer's public key.
- S_SIG - Signature value as given in the certrificate.
- MD - Finalized hash context with hash of the certificate.
- ALGO_NAME - Lowercase hash algorithm name
+ * have these values:
+ *
+ * S_PKEY - S-expression with the issuer's public key.
+ * S_SIG - Signature value as given in the certificate.
+ * MD - Finalized hash context with hash of the certificate.
+ * ALGO_NAME - Lowercase hash algorithm name
*/
digestlen = gcry_md_get_algo_dlen (algo);
digest = gcry_md_read (md, algo);
if (pk_algo_from_sexp (s_pkey) == GCRY_PK_DSA)
{
+ /* NB.: We support only SHA-1 here because we had problems back
+ * then to get test data for DSA-2. Meanwhile DSA has been
+ * replaced by ECDSA which we do not yet support. */
if (digestlen != 20)
{
- log_error (_("DSA requires the use of a 160 bit hash algorithm\n"));
+ log_error ("DSA requires the use of a 160 bit hash algorithm\n");
gcry_md_close (md);
gcry_sexp_release (s_sig);
gcry_sexp_release (s_pkey);
@@ -975,7 +1014,7 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
(int)digestlen, digest) )
BUG ();
}
- else /* Not DSA. */
+ else /* Not DSA - we assume RSA */
{
if ( gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))",
algo_name, (int)digestlen, digest) )
@@ -995,13 +1034,9 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
-/* Return 0 if the cert is usable for encryption. A MODE of 0 checks
- for signing, a MODE of 1 checks for encryption, a MODE of 2 checks
- for verification and a MODE of 3 for decryption (just for
- debugging). MODE 4 is for certificate signing, MODE 5 for OCSP
- response signing, MODE 6 is for CRL signing. */
-static int
-cert_usage_p (ksba_cert_t cert, int mode)
+/* Return 0 if CERT is usable for MODE. */
+static gpg_error_t
+check_cert_usage (ksba_cert_t cert, enum cert_usage_modes mode)
{
gpg_error_t err;
unsigned int use;
@@ -1071,7 +1106,8 @@ cert_usage_p (ksba_cert_t cert, int mode)
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
{
err = 0;
- if (opt.verbose && mode < 2)
+ if (opt.verbose && (mode == CERT_USAGE_MODE_SIGN
+ || mode == CERT_USAGE_MODE_ENCR))
log_info (_("no key usage specified - assuming all usages\n"));
use = ~0;
}
@@ -1088,17 +1124,36 @@ cert_usage_p (ksba_cert_t cert, int mode)
return err;
}
- if (mode == 4)
+ switch (mode)
{
+ case CERT_USAGE_MODE_SIGN:
+ case CERT_USAGE_MODE_VRFY:
+ if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
+ | KSBA_KEYUSAGE_NON_REPUDIATION)))
+ return 0;
+ log_info (mode == CERT_USAGE_MODE_VRFY
+ ? _("certificate should not have been used for signing\n")
+ : _("certificate is not usable for signing\n"));
+ break;
+
+ case CERT_USAGE_MODE_ENCR:
+ case CERT_USAGE_MODE_DECR:
+ if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT
+ | KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
+ return 0;
+ log_info (mode == CERT_USAGE_MODE_DECR
+ ? _("certificate should not have been used for encryption\n")
+ : _("certificate is not usable for encryption\n"));
+ break;
+
+ case CERT_USAGE_MODE_CERT:
if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
return 0;
log_info (_("certificate should not have "
"been used for certification\n"));
- return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
- }
+ break;
- if (mode == 5)
- {
+ case CERT_USAGE_MODE_OCSP:
if (use != ~0
&& (have_ocsp_signing
|| (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
@@ -1106,50 +1161,38 @@ cert_usage_p (ksba_cert_t cert, int mode)
return 0;
log_info (_("certificate should not have "
"been used for OCSP response signing\n"));
- return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
- }
+ break;
- if (mode == 6)
- {
+ case CERT_USAGE_MODE_CRL:
if ((use & (KSBA_KEYUSAGE_CRL_SIGN)))
return 0;
log_info (_("certificate should not have "
"been used for CRL signing\n"));
- return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+ break;
}
- if ((use & ((mode&1)?
- (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT):
- (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
- )
- return 0;
-
- log_info (mode==3? _("certificate should not have been used "
- "for encryption\n"):
- mode==2? _("certificate should not have been used for signing\n"):
- mode==1? _("certificate is not usable for encryption\n"):
- _("certificate is not usable for signing\n"));
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
}
+
/* Return 0 if the certificate CERT is usable for certification. */
gpg_error_t
-cert_use_cert_p (ksba_cert_t cert)
+check_cert_use_cert (ksba_cert_t cert)
{
- return cert_usage_p (cert, 4);
+ return check_cert_usage (cert, CERT_USAGE_MODE_CERT);
}
/* Return 0 if the certificate CERT is usable for signing OCSP
responses. */
gpg_error_t
-cert_use_ocsp_p (ksba_cert_t cert)
+check_cert_use_ocsp (ksba_cert_t cert)
{
- return cert_usage_p (cert, 5);
+ return check_cert_usage (cert, CERT_USAGE_MODE_OCSP);
}
/* Return 0 if the certificate CERT is usable for signing CRLs. */
gpg_error_t
-cert_use_crl_p (ksba_cert_t cert)
+check_cert_use_crl (ksba_cert_t cert)
{
- return cert_usage_p (cert, 6);
+ return check_cert_usage (cert, CERT_USAGE_MODE_CRL);
}
diff --git a/dirmngr/validate.h b/dirmngr/validate.h
index 0d9283c..c7082e3 100644
--- a/dirmngr/validate.h
+++ b/dirmngr/validate.h
@@ -22,34 +22,47 @@
#define VALIDATE_H
-enum {
- /* Simple certificate validation mode. */
- VALIDATE_MODE_CERT = 0,
- /* Standard CRL issuer certificate validation; i.e. CRLs are not
- considered for CRL issuer certificates. */
- VALIDATE_MODE_CRL = 1,
- /* Full CRL validation. */
- VALIDATE_MODE_CRL_RECURSIVE = 2,
- /* Validation as used for OCSP. */
- VALIDATE_MODE_OCSP = 3
-};
+/* Flag values matching the CERTTRUST_CLASS values and a MASK for
+ * them. check_header_constants() checks their consistency. */
+#define VALIDATE_FLAG_TRUST_SYSTEM 1
+#define VALIDATE_FLAG_TRUST_CONFIG 2
+#define VALIDATE_FLAG_TRUST_HKP 4
+#define VALIDATE_FLAG_TRUST_HKPSPOOL 8
+#define VALIDATE_FLAG_MASK_TRUST 0x0f
+
+/* Standard CRL issuer certificate validation; i.e. CRLs are not
+ * considered for CRL issuer certificates. */
+#define VALIDATE_FLAG_CRL 64
+
+/* If this flag is set along with VALIDATE_FLAG_CRL a full CRL
+ * verification is done. */
+#define VALIDATE_FLAG_RECURSIVE 128
+
+/* Validation mode as used for OCSP. */
+#define VALIDATE_FLAG_OCSP 256
+
+/* Validation mode as used with TLS. */
+#define VALIDATE_FLAG_TLS 512
+
+/* Don't do CRL checks. */
+#define VALIDATE_FLAG_NOCRLCHECK 1024
/* Validate the certificate CHAIN up to the trust anchor. Optionally
return the closest expiration time in R_EXPTIME. */
gpg_error_t validate_cert_chain (ctrl_t ctrl,
ksba_cert_t cert, ksba_isotime_t r_exptime,
- int mode, char **r_trust_anchor);
+ unsigned int flags, char **r_trust_anchor);
/* Return 0 if the certificate CERT is usable for certification. */
-gpg_error_t cert_use_cert_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_cert (ksba_cert_t cert);
/* Return 0 if the certificate CERT is usable for signing OCSP
responses. */
-gpg_error_t cert_use_ocsp_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_ocsp (ksba_cert_t cert);
/* Return 0 if the certificate CERT is usable for signing CRLs. */
-gpg_error_t cert_use_crl_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_crl (ksba_cert_t cert);
#endif /*VALIDATE_H*/
diff --git a/doc/DETAILS b/doc/DETAILS
index ac599fc..8c11872 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -187,7 +187,7 @@ described here.
only filled if the issuer certificate is available. The root has
been reached if this is the same string as the fingerprint. The
advantage of using this value is that it is guaranteed to have
- been been build by the same lookup algorithm as gpgsm uses.
+ been built by the same lookup algorithm as gpgsm uses.
For "uid" records this field lists the preferences in the same way
gpg's --edit-key menu does.
@@ -486,6 +486,12 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
*** END_DECRYPTION
Mark the end of the actual decryption process. This are also
emitted when in --list-only mode.
+*** DECRYPTION_KEY <fpr> <fpr2> <otrust>
+ This line is emitted when a public key decryption succeeded in
+ providing a session key. <fpr> is the hexified fingerprint of the
+ actual key used for descryption. <fpr2> is the fingerprint of the
+ primary key. <otrust> is the letter with the ownertrust; this is
+ in general a 'u' which stands for ultimately trusted.
*** DECRYPTION_INFO <mdc_method> <sym_algo>
Print information about the symmetric encryption algorithm and the
MDC method. This will be emitted even if the decryption fails.
@@ -702,7 +708,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
VALIDATION_MODEL describes the algorithm used to check the
validity of the key. The defaults are the standard Web of Trust
- model for gpg and the the standard X.509 model for gpgsm. The
+ model for gpg and the standard X.509 model for gpgsm. The
defined values are
- pgp :: The standard PGP WoT.
@@ -796,7 +802,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
recent message was verified 4 seconds ago.'
*** PKA_TRUST_
- This is is one:
+ This is one of:
- PKA_TRUST_GOOD <addr-spec>
- PKA_TRUST_BAD <addr-spec>
diff --git a/doc/TRANSLATE b/doc/TRANSLATE
index 7c3e544..9bd9b08 100644
--- a/doc/TRANSLATE
+++ b/doc/TRANSLATE
@@ -37,7 +37,7 @@ are disabled like this
.#gpgsm.some.help-item
This string is not translated.
-After translation you should remove the the hash mark so that the
+After translation you should remove the hash mark so that the
entry looks like.
.gpgsm.some.help-item
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index e27157c..7a6ba47 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -266,8 +266,8 @@ seconds.
@item --allow-version-check
@opindex allow-version-check
Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get
-the list of current software versions. If this option is enabled, or
-if @option{use-tor} is active, the list is retrieved when the local
+the list of current software versions. If this option is enabled
+the list is retrieved in case the local
copy does not exist or is older than 5 to 7 days. See the option
@option{--query-swdb} of the command @command{gpgconf} for more
details. Note, that regardless of this option a version check can
@@ -313,6 +313,11 @@ not be used a different one can be given using this option. Note that
a numerical IP address must be given (IPv6 or IPv4) and that no error
checking is done for @var{ipaddr}.
+@item --disable-ipv4
+@opindex disable-ipv4
+Disable the use of all IPv4 addresses. This option is mainly useful
+for debugging.
+
@item --disable-ldap
@opindex disable-ldap
Entirely disables the use of LDAP.
@@ -770,7 +775,7 @@ configuration.
@end table
If DirMngr has not enough information about the given certificate (which
-is the case for not yet cached certificates), it will will inquire the
+is the case for not yet cached certificates), it will inquire the
missing data:
@example
@@ -1033,7 +1038,7 @@ as a binary blob.
@c c) No authorityKeyIdentifier exits: The certificate is retrieved
@c using @code{find_cert_bysubject} without the key ID argument. If
@c the certificate is in the certificate cache the first one with a
-@c matching subject is is directly returned. Then the requester is
+@c matching subject is directly returned. Then the requester is
@c asked via the Assuan inquiry ``SENDCERT'' and an exact
@c specification of the subject whether he can
@c provide this certificate. If this succeed the returned
@@ -1110,7 +1115,7 @@ as a binary blob.
@c respectively. The have already been described above under the
@c description of @code{crl_cache_insert}. If no certificate was found
@c or with no authorityKeyIdentifier, only the cache is consulted using
-@c @code{get_cert_bysubject}. The latter is is done under the assumption
+@c @code{get_cert_bysubject}. The latter is done under the assumption
@c that a matching certificate has explicitly been put into the
@c certificate cache. If the issuer's certificate could not be found,
@c the validation terminates with the error code @code{GPG_ERR_MISSING_CERT}.
diff --git a/doc/faq.org b/doc/faq.org
index 8fc3775..f038508 100644
--- a/doc/faq.org
+++ b/doc/faq.org
@@ -1462,7 +1462,7 @@ update this FAQ in the next month. See the section "Changes" for recent updates
: | sort | uniq | xargs echo gpg --recv-keys
Note that the invocation of sort is also required to wait for the
- of the listing before before starting the import.
+ of the listing before starting the import.
* Bug reporting and hacking
@@ -1491,7 +1491,7 @@ details.
GnuPG has originally been developed in Germany because we have been
able to do that without being affected by the US export restrictions.
We had to reject any contributions from US citizens or from people
-living the the US. That changed by end of 2000 when the export
+living in the US. That changed by end of 2000 when the export
restrictions were basically dropped for all kind of freely available
software. However there are still some requirements in the US.
Quoting David Shaw: mail
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 3177af4..b72892c 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -77,7 +77,7 @@ the included Secure Shell Agent you may start the agent using:
@c
@c The rationale for this separation is that it allows access to the
@c secret key to be tightly controlled and audited, and it doesn't permit
-@c the the supplicant to either copy the key or to override the owner's
+@c the supplicant to either copy the key or to override the owner's
@c intentions.
@example
@@ -1412,7 +1412,7 @@ numbers in the range @code{0} to @code{UINT_MAX} and wrapping around to
0. The actual values should not be relied upon; they shall only be used
to detect a change.
-The currently defined counters are are:
+The currently defined counters are:
@table @code
@item ANY
Incremented with any change of any of the other counters.
@@ -1508,7 +1508,7 @@ following values are defined:
@item cache-ttl-opt-preset
This option sets the cache TTL for new entries created by GENKEY and
-PASSWD commands when using the @option{--preset} option. It it is not
+PASSWD commands when using the @option{--preset} option. It is not
used a default value is used.
@item s2k-count
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 8e1a5e6..20a2d12 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -141,7 +141,8 @@ cannot abbreviate this command.
@itemx -h
@opindex help
Print a usage message summarizing the most useful command-line options.
-Note that you cannot abbreviate this command.
+Note that you cannot arbitrarily abbreviate this command
+(though you can use its short form @option{-h}).
@item --warranty
@opindex warranty
@@ -643,10 +644,13 @@ For a description of these optional arguments see the command
the default is to a create certification and signing key.
The @code{expire} argument can be used to specify an expiration date
-for the key. Several formats are supported; commonly the ISO
-YYYY-MM-DD format is used. The values ``never'', ``none'' can be used
-for no expiration date. Not specifying a value, or using ``-''
-results in a key expiring in a reasonable default interval.
+for the key. Several formats are supported; commonly the ISO formats
+``YYYY-MM-DD'' or ``YYYYMMDDThhmmss'' are used. To make the key
+expire in N seconds, N days, N weeks, N months, or N years use
+``seconds=N'', ``Nd'', ``Nw'', ``Nm'', or ``Ny'' respectively. Not
+specifying a value, or using ``-'' results in a key expiring in a
+reasonable default interval. The values ``never'', ``none'' can be
+used for no expiration date.
If this command is used with @option{--batch},
@option{--pinentry-mode} has been set to @code{loopback}, and one of
@@ -683,15 +687,20 @@ Depending on the given @code{algo} the subkey may either be an
encryption subkey or a signing subkey. If an algorithm is capable of
signing and encryption and such a subkey is desired, a @code{usage}
string must be given. This string is either ``default'' or ``-'' to
-keep the default or a comma delimited list of keywords: ``sign'' for a
-signing subkey, ``auth'' for an authentication subkey, and ``encr''
-for an encryption subkey (``encrypt'' can be used as alias for
-``encr''). The valid combinations depend on the algorithm.
+keep the default or a comma delimited list (or space delimited list)
+of keywords: ``sign'' for a signing subkey, ``auth'' for an
+authentication subkey, and ``encr'' for an encryption subkey
+(``encrypt'' can be used as alias for ``encr''). The valid
+combinations depend on the algorithm.
The @code{expire} argument can be used to specify an expiration date
-for the subkey. Several formats are supported; commonly the ISO
-YYYY-MM-DD format is used. The values ``never'', ``none'', or ``-''
-can be used for no expiration date.
+for the key. Several formats are supported; commonly the ISO formats
+``YYYY-MM-DD'' or ``YYYYMMDDThhmmss'' are used. To make the key
+expire in N seconds, N days, N weeks, N months, or N years use
+``seconds=N'', ``Nd'', ``Nw'', ``Nm'', or ``Ny'' respectively. Not
+specifying a value, or using ``-'' results in a key expiring in a
+reasonable default interval. The values ``never'', ``none'' can be
+used for no expiration date.
@item --generate-key
@opindex generate-key
@@ -1421,7 +1430,7 @@ Note that this adds a keyring to the current list. If the intent is to
use the specified keyring alone, use @option{--keyring} along with
@option{--no-default-keyring}.
-If the the option @option{--no-keyring} has been used no keyrings will
+If the option @option{--no-keyring} has been used no keyrings will
be used at all.
@@ -1823,7 +1832,8 @@ are available for all keyserver types, some common options are:
used with HKP keyservers.
@item auto-key-retrieve
- This is the same as the option @option{auto-key-retrieve}.
+ This is an obsolete alias for the option @option{auto-key-retrieve}.
+ Please do not use it; it will be removed in future versions..
@item honor-keyserver-url
When using @option{--refresh-keys}, if the key in question has a preferred
@@ -2370,8 +2380,8 @@ The available properties are:
@item --export-options @code{parameters}
@opindex export-options
This is a space or comma delimited string that gives options for
-exporting keys. Options can be prepended with a `no-' to give the
-opposite meaning. The options are:
+exporting keys. Options can be prepended with a `no-' to give the
+opposite meaning. The options are:
@table @asis
@@ -3382,7 +3392,7 @@ For existing users a small
helper script is provided to create these files (@pxref{addgnupghome}).
For internal purposes @command{@gpgname} creates and maintains a few other
-files; They all live in in the current home directory (@pxref{option
+files; They all live in the current home directory (@pxref{option
--homedir}). Only the @command{@gpgname} program may modify these files.
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index b92eaea..1d00839 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -898,7 +898,7 @@ start up with a working configuration. For existing users a small
helper script is provided to create these files (@pxref{addgnupghome}).
For internal purposes @command{gpgsm} creates and maintains a few other files;
-they all live in in the current home directory (@pxref{option
+they all live in the current home directory (@pxref{option
--homedir}). Only @command{gpgsm} may modify these files.
diff --git a/doc/gpgv.texi b/doc/gpgv.texi
index 0608a3f..5336c98 100644
--- a/doc/gpgv.texi
+++ b/doc/gpgv.texi
@@ -111,6 +111,11 @@ file DETAILS in the documentation for a listing of them.
@opindex logger-fd
Write log output to file descriptor @code{n} and not to stderr.
+@item --log-file @code{file}
+@opindex log-file
+Same as @option{--logger-fd}, except the logger data is written to
+file @code{file}. Use @file{socket://} to log to socket.
+
@item --ignore-time-conflict
@opindex ignore-time-conflict
GnuPG normally checks that the timestamps associated with keys and
diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi
index 1617801..4c6bb93 100644
--- a/doc/scdaemon.texi
+++ b/doc/scdaemon.texi
@@ -225,7 +225,7 @@ This option appends a thread ID to the PID in the log output.
@efindex ASSUAN_DEBUG
Changes the active Libassuan logging categories to @var{cats}. The
value for @var{cats} is an unsigned integer given in usual C-Syntax.
-A value of of 0 switches to a default category. If this option is not
+A value of 0 switches to a default category. If this option is not
used the categories are taken from the environment variable
@code{ASSUAN_DEBUG}. Note that this option has only an effect if the
Assuan debug flag has also been with the option @option{--debug}. For
diff --git a/doc/vuln-announce-2007-multiple-message.txt b/doc/vuln-announce-2007-multiple-message.txt
index 16c08d4..154b274 100644
--- a/doc/vuln-announce-2007-multiple-message.txt
+++ b/doc/vuln-announce-2007-multiple-message.txt
@@ -81,7 +81,7 @@ Here the PLAINTEXT status lines clearly identify the start of a new
message.
Note, that using gpg on the command line is in almost all cases not
-done with redirection but by letting gpg save the the signed message.
+done with redirection but by letting gpg save the signed message.
In this case gpg will save the message to different files or in case
the file names are identical, prompt the over to overwrite the first
one again.
diff --git a/doc/whats-new-in-2.1.txt b/doc/whats-new-in-2.1.txt
index 19ed8b9..4b7349a 100644
--- a/doc/whats-new-in-2.1.txt
+++ b/doc/whats-new-in-2.1.txt
@@ -103,7 +103,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
• The scripts to create a Windows installer are now part of GnuPG.
Now for the detailed description of these new features. Note that the
- examples assume that that /gpg/ is installed as /gpg/. Your
+ examples assume that /gpg/ is installed as /gpg/. Your
installation may have it installed under the name /gpg2/.
@@ -510,7 +510,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
at login time and use an environment variable (`GPG_AGENT_INFO') to
tell the other GnuPG modules how to connect to the agent. However,
correctly managing the start up and this environment variable is
- cumbersome so that that an easier method is required. Since GnuPG
+ cumbersome so that an easier method is required. Since GnuPG
2.0.16 the `--use-standard-socket' option already allowed to start the
agent on the fly; however the environment variable was still required.
@@ -535,7 +535,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
A deficit of the OpenPGP protocol is that signatures carry only a
limited indication on which public key has been used to create a
signature. Thus a verification engine may only use this “long key idâ€
- to look up the the key in its own store or from a public keyserver.
+ to look up the key in its own store or from a public keyserver.
Unfortunately it has now become possible to create a key with a long
key id matching the key id of another key. Importing a key with a
long key id already used by another key in gpg’s local key store was
diff --git a/g10/armor.c b/g10/armor.c
index 58d8e01..6b7c3f7 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -1294,7 +1294,7 @@ armor_filter( void *opaque, int control,
c = bintoasc[radbuf[2]&077];
iobuf_put(a, c);
iobuf_writestr(a,afx->eol);
- /* and the the trailer */
+ /* and the trailer */
if( afx->what >= DIM(tail_strings) )
log_bug("afx->what=%d", afx->what);
iobuf_writestr(a, "-----");
diff --git a/g10/build-packet.c b/g10/build-packet.c
index ad46a02..489fadd 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -621,7 +621,7 @@ calc_plaintext( PKT_plaintext *pt )
is assumed to have been enabled on OUT. On success, partial block
mode is disabled.
- If PT->BUF is NULL, the the caller must write out the data. In
+ If PT->BUF is NULL, the caller must write out the data. In
this case, if PT->LEN was 0, then partial body length mode was
enabled and the caller must disable it by calling
iobuf_set_partial_body_length_mode (out, 0). */
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 335e12a..7c30bdb 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -340,7 +340,7 @@ unescape_status_string (const unsigned char *s)
}
-/* Take a 20 byte hexencoded string and put it into the the provided
+/* Take a 20 byte hexencoded string and put it into the provided
20 byte buffer FPR in binary format. */
static int
unhexify_fpr (const char *hexstr, unsigned char *fpr)
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index 4be9da1..2f2ba98 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -374,7 +374,8 @@ ks_status_cb (void *opaque, const char *line)
{
struct ks_status_parm_s *parm = opaque;
gpg_error_t err = 0;
- const char *s;
+ const char *s, *s2;
+ const char *warn;
if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
{
@@ -385,6 +386,29 @@ ks_status_cb (void *opaque, const char *line)
err = gpg_error_from_syserror ();
}
}
+ else if ((s = has_leading_keyword (line, "WARNING")))
+ {
+ if ((s2 = has_leading_keyword (s, "tor_not_running")))
+ warn = _("Tor is not running");
+ else if ((s2 = has_leading_keyword (s, "tor_config_problem")))
+ warn = _("Tor is not properly configured");
+ else
+ warn = NULL;
+
+ if (warn)
+ {
+ log_info (_("WARNING: %s\n"), warn);
+ if (s2)
+ {
+ while (*s2 && !spacep (s2))
+ s2++;
+ while (*s2 && spacep (s2))
+ s2++;
+ if (*s2)
+ print_further_info ("%s", s2);
+ }
+ }
+ }
return err;
}
diff --git a/g10/card-util.c b/g10/card-util.c
index e358572..969f6c9 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -72,7 +72,7 @@ write_sc_op_status (gpg_error_t err)
}
-/* Change the PIN of a an OpenPGP card. This is an interactive
+/* Change the PIN of an OpenPGP card. This is an interactive
function. */
void
change_pin (int unblock_v2, int allow_admin)
diff --git a/g10/compress.c b/g10/compress.c
index fbc8097..a14d107 100644
--- a/g10/compress.c
+++ b/g10/compress.c
@@ -182,7 +182,7 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
nread = iobuf_read( a, zfx->inbuf + n, count );
if( nread == -1 ) nread = 0;
n += nread;
- /* Algo 1 has no zlib header which requires us to to give
+ /* Algo 1 has no zlib header which requires us to give
* inflate an extra dummy byte to read. To be on the safe
* side we allow for up to 4 ff bytes. */
if( nread < count && zfx->algo == 1 && zfx->algo1hack < 4) {
diff --git a/g10/cpr.c b/g10/cpr.c
index 0133cad..4984e89 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -107,6 +107,9 @@ set_status_fd (int fd)
if (fd == -1)
return;
+ if (! gnupg_fd_valid (fd))
+ log_fatal ("status-fd is invalid: %s\n", strerror (errno));
+
if (fd == 1)
statusfp = es_stdout;
else if (fd == 2)
diff --git a/g10/encrypt.c b/g10/encrypt.c
index 5268946..6130ba0 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -319,7 +319,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
&& !overflow && opt.verbose)
log_info(_("WARNING: '%s' is an empty file\n"), filename );
/* We can't encode the length of very large files because
- OpenPGP uses only 32 bit for file sizes. So if the the
+ OpenPGP uses only 32 bit for file sizes. So if the
size of a file is larger than 2^32 minus some bytes for
packet headers, we switch to partial length encoding. */
if ( tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) )
@@ -461,7 +461,7 @@ write_symkey_enc (STRING2KEY *symkey_s2k, DEK *symkey_dek, DEK *dek,
* The caller may provide a checked list of public keys in
* PROVIDED_PKS; if not the function builds a list of keys on its own.
*
- * Note that FILEFD is currently only used by cmd_encrypt in the the
+ * Note that FILEFD is currently only used by cmd_encrypt in the
* not yet finished server.c.
*/
int
@@ -659,7 +659,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
&& !overflow && opt.verbose)
log_info(_("WARNING: '%s' is an empty file\n"), filename );
/* We can't encode the length of very large files because
- OpenPGP uses only 32 bit for file sizes. So if the the size
+ OpenPGP uses only 32 bit for file sizes. So if the size
of a file is larger than 2^32 minus some bytes for packet
headers, we switch to partial length encoding. */
if (tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) )
diff --git a/g10/export.c b/g10/export.c
index f354ca0..4138261 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -247,16 +247,17 @@ export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options,
/*
* Export secret keys (to stdout or to --output FILE).
*
- * Depending on opt.armor the output is armored. If USERS is NULL,
- * all secret keys will be exported. STATS is either an export stats
- * object for update or NULL.
+ * Depending on opt.armor the output is armored. OPTIONS are defined
+ * in main.h. If USERS is NULL, all secret keys will be exported.
+ * STATS is either an export stats object for update or NULL.
*
* This function is the core of "gpg --export-secret-keys".
*/
int
-export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats)
+export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats)
{
- return do_export (ctrl, users, 1, 0, stats);
+ return do_export (ctrl, users, 1, options, stats);
}
@@ -264,16 +265,18 @@ export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats)
* Export secret sub keys (to stdout or to --output FILE).
*
* This is the same as export_seckeys but replaces the primary key by
- * a stub key. Depending on opt.armor the output is armored. If
- * USERS is NULL, all secret subkeys will be exported. STATS is
- * either an export stats object for update or NULL.
+ * a stub key. Depending on opt.armor the output is armored. OPTIONS
+ * are defined in main.h. If USERS is NULL, all secret subkeys will
+ * be exported. STATS is either an export stats object for update or
+ * NULL.
*
* This function is the core of "gpg --export-secret-subkeys".
*/
int
-export_secsubkeys (ctrl_t ctrl, strlist_t users, export_stats_t stats)
+export_secsubkeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats)
{
- return do_export (ctrl, users, 2, 0, stats);
+ return do_export (ctrl, users, 2, options, stats);
}
@@ -1022,7 +1025,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
goto leave;
}
- /* Put the curve's OID into into the MPI array. This requires
+ /* Put the curve's OID into the MPI array. This requires
that we shift Q and D. For ECDH also insert the KDF parms. */
if (is_ecdh)
{
@@ -1969,11 +1972,9 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
}
/* Always do the cleaning on the public key part if requested.
- Note that we don't yet set this option if we are exporting
- secret keys. Note that both export-clean and export-minimal
- only apply to UID sigs (0x10, 0x11, 0x12, and 0x13). A
- designated revocation is never stripped, even with
- export-minimal set. */
+ * Note that both export-clean and export-minimal only apply to
+ * UID sigs (0x10, 0x11, 0x12, and 0x13). A designated
+ * revocation is never stripped, even with export-minimal set. */
if ((options & EXPORT_CLEAN))
clean_key (keyblock, opt.verbose, (options&EXPORT_MINIMAL), NULL, NULL);
@@ -2208,6 +2209,48 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
latest_key = node;
}
}
+
+ /* If no subkey was suitable check the primary key. */
+ if (!latest_key
+ && (node = keyblock) && node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ pk = node->pkt->pkt.public_key;
+ if (DBG_LOOKUP)
+ log_debug ("\tchecking primary key %08lX\n",
+ (ulong) keyid_from_pk (pk, NULL));
+ if (!(pk->pubkey_usage & PUBKEY_USAGE_AUTH))
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not usable for authentication\n");
+ }
+ else if (!pk->flags.valid)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not valid\n");
+ }
+ else if (pk->flags.revoked)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key has been revoked\n");
+ }
+ else if (pk->has_expired)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key has expired\n");
+ }
+ else if (pk->timestamp > curtime && !opt.ignore_valid_from)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key not yet valid\n");
+ }
+ else
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key is fine\n");
+ latest_date = pk->timestamp;
+ latest_key = node;
+ }
+ }
}
if (!latest_key)
diff --git a/g10/getkey.c b/g10/getkey.c
index e39de28..163ab80 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1143,7 +1143,7 @@ key_byname (GETKEY_CTX *retctx, strlist_t namelist,
/* Find a public key identified by NAME.
*
- * If name appears to be a valid valid RFC822 mailbox (i.e., email
+ * If name appears to be a valid RFC822 mailbox (i.e., email
* address) and auto key lookup is enabled (no_akl == 0), then the
* specified auto key lookup methods (--auto-key-lookup) are used to
* import the key into the local keyring. Otherwise, just the local
diff --git a/g10/gpg.c b/g10/gpg.c
index f9039ae..5a880fd 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -728,9 +728,9 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
- ARGPARSE_s_n (aListKeys, "list-key", "@"), /* alias */
- ARGPARSE_s_n (aListSigs, "list-sig", "@"), /* alias */
- ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
+ ARGPARSE_c (aListKeys, "list-key", "@"), /* alias */
+ ARGPARSE_c (aListSigs, "list-sig", "@"), /* alias */
+ ARGPARSE_c (aCheckKeys, "check-sig", "@"), /* alias */
ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
@@ -1840,11 +1840,13 @@ gpgconf_list (const char *configfile)
es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
+ es_printf ("auto-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
es_printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("compliance:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "gnupg");
es_printf ("default-new-key-algo:%lu:\n", GC_OPT_FLAG_NONE);
+ es_printf ("trust-model:%lu:\n", GC_OPT_FLAG_NONE);
/* The next one is an info only item and should match the macros at
the top of keygen.c */
@@ -3079,6 +3081,8 @@ main (int argc, char **argv)
case oCommandFD:
opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
+ if (! gnupg_fd_valid (opt.command_fd))
+ log_fatal ("command-fd is invalid: %s\n", strerror (errno));
break;
case oCommandFile:
opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1);
@@ -4542,7 +4546,7 @@ main (int argc, char **argv)
add_to_strlist2( &sl, *argv, utf8_strings );
{
export_stats_t stats = export_new_stats ();
- export_seckeys (ctrl, sl, stats);
+ export_seckeys (ctrl, sl, opt.export_options, stats);
export_print_stats (stats);
export_release_stats (stats);
}
@@ -4555,7 +4559,7 @@ main (int argc, char **argv)
add_to_strlist2( &sl, *argv, utf8_strings );
{
export_stats_t stats = export_new_stats ();
- export_secsubkeys (ctrl, sl, stats);
+ export_secsubkeys (ctrl, sl, opt.export_options, stats);
export_print_stats (stats);
export_release_stats (stats);
}
@@ -4892,8 +4896,12 @@ main (int argc, char **argv)
#endif /*USE_TOFU*/
break;
- case aListPackets:
default:
+ if (!opt.quiet)
+ log_info (_("WARNING: no command supplied."
+ " Trying to guess what you mean ...\n"));
+ /*FALLTHU*/
+ case aListPackets:
if( argc > 1 )
wrong_args("[filename]");
/* Issue some output for the unix newbie */
@@ -5293,6 +5301,9 @@ read_sessionkey_from_fd (int fd)
int i, len;
char *line;
+ if (! gnupg_fd_valid (fd))
+ log_fatal ("override-session-key-fd is invalid: %s\n", strerror (errno));
+
for (line = NULL, i = len = 100; ; i++ )
{
if (i >= len-1 )
diff --git a/g10/gpgv.c b/g10/gpgv.c
index bd16b39..a6d1add 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -61,9 +61,11 @@ enum cmd_and_opt_values {
oIgnoreTimeConflict,
oStatusFD,
oLoggerFD,
+ oLoggerFile,
oHomedir,
oWeakDigest,
oEnableSpecialFilenames,
+ oDebug,
aTest
};
@@ -81,15 +83,37 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_i (oStatusFD, "status-fd",
N_("|FD|write status info to this FD")),
ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
+ ARGPARSE_s_s (oLoggerFile, "log-file", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
ARGPARSE_s_s (oWeakDigest, "weak-digest",
N_("|ALGO|reject signatures made with ALGO")),
ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
+ ARGPARSE_s_s (oDebug, "debug", "@"),
ARGPARSE_end ()
};
+/* The list of supported debug flags. */
+static struct debug_flags_s debug_flags [] =
+ {
+ { DBG_PACKET_VALUE , "packet" },
+ { DBG_MPI_VALUE , "mpi" },
+ { DBG_CRYPTO_VALUE , "crypto" },
+ { DBG_FILTER_VALUE , "filter" },
+ { DBG_IOBUF_VALUE , "iobuf" },
+ { DBG_MEMORY_VALUE , "memory" },
+ { DBG_CACHE_VALUE , "cache" },
+ { DBG_MEMSTAT_VALUE, "memstat" },
+ { DBG_TRUST_VALUE , "trust" },
+ { DBG_HASHING_VALUE, "hashing" },
+ { DBG_IPC_VALUE , "ipc" },
+ { DBG_CLOCK_VALUE , "clock" },
+ { DBG_LOOKUP_VALUE , "lookup" },
+ { DBG_EXTPROG_VALUE, "extprog" },
+ { 0, NULL }
+ };
+
int g10_errors_seen = 0;
@@ -192,12 +216,27 @@ main( int argc, char **argv )
opt.list_sigs=1;
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
break;
+ case oDebug:
+ if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
+ {
+ pargs.r_opt = ARGPARSE_INVALID_ARG;
+ pargs.err = ARGPARSE_PRINT_ERROR;
+ }
+ break;
case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
case oOutput: opt.outfile = pargs.r.ret_str; break;
- case oStatusFD: set_status_fd( pargs.r.ret_int ); break;
+ case oStatusFD:
+ set_status_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
+ break;
case oLoggerFD:
log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
break;
+ case oLoggerFile:
+ log_set_file (pargs.r.ret_str);
+ log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
+ | GPGRT_LOG_WITH_TIME
+ | GPGRT_LOG_WITH_PID) );
+ break;
case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
case oWeakDigest:
additional_weak_digest(pargs.r.ret_str);
@@ -332,9 +371,10 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
}
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
(void)pk;
+ (void)no_create;
return '?';
}
diff --git a/g10/import.c b/g10/import.c
index b6c04dc..45ec07a 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -76,7 +76,7 @@ struct import_stats_s
#define NODE_FLAG_A 8
-/* A an object and a global instance to store selectors created from
+/* An object and a global instance to store selectors created from
* --import-filter keep-uid=EXPR.
* --import-filter drop-sig=EXPR.
*
diff --git a/g10/keydb.c b/g10/keydb.c
index aab90e3..4c5149d 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -1092,7 +1092,7 @@ unlock_all (KEYDB_HANDLE hd)
* keydb_get_keyblock (hd, ...); // -> Result 1.
*
* Note: it is only possible to save a single save state at a time.
- * In other words, the the save stack only has room for a single
+ * In other words, the save stack only has room for a single
* instance of the state. */
void
keydb_push_found_state (KEYDB_HANDLE hd)
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 1456d28..892da1a 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1080,7 +1080,7 @@ trustsig_prompt (byte * trust_value, byte * trust_depth, char **regexp)
/*
- * Loop over all LOCUSR and and sign the uids after asking. If no
+ * Loop over all LOCUSR and sign the uids after asking. If no
* user id is marked, all user ids will be signed; if some user_ids
* are marked only those will be signed. If QUICK is true the
* function won't ask the user and use sensible defaults.
@@ -3679,7 +3679,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
(ulong) pk->timestamp, (ulong) pk->expiredate);
if (node->pkt->pkttype == PKT_PUBLIC_KEY
&& !(opt.fast_list_mode || opt.no_expensive_trust_checks))
- es_putc (get_ownertrust_info (pk), fp);
+ es_putc (get_ownertrust_info (pk, 0), fp);
es_putc (':', fp);
es_putc (':', fp);
es_putc (':', fp);
@@ -3896,7 +3896,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
static int did_warn = 0;
trust = get_validity_string (ctrl, pk, NULL);
- otrust = get_ownertrust_string (pk);
+ otrust = get_ownertrust_string (pk, 0);
/* Show a warning once */
if (!did_warn
@@ -5186,7 +5186,7 @@ change_primary_uid_cb (PKT_signature * sig, void *opaque)
* Set the primary uid flag for the selected UID. We will also reset
* all other primary uid flags. For this to work with have to update
* all the signature timestamps. If we would do this with the current
- * time, we lose quite a lot of information, so we use a a kludge to
+ * time, we lose quite a lot of information, so we use a kludge to
* do this: Just increment the timestamp by one second which is
* sufficient to updated a signature during import.
*/
diff --git a/g10/keygen.c b/g10/keygen.c
index 98ef29e..24cf93c 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -89,7 +89,8 @@ enum para_name {
pSERIALNO,
pCARDBACKUPKEY,
pHANDLE,
- pKEYSERVER
+ pKEYSERVER,
+ pKEYGRIP
};
struct para_data_s {
@@ -1785,7 +1786,7 @@ ask_key_flags (int algo, int subkey, unsigned int current)
else if (!subkey && *s == 'c')
{
/* Accept 'c' for the primary key because USAGE_CERT
- will will be set anyway. This is for folks who
+ will be set anyway. This is for folks who
want to experiment with a cert-only primary key. */
current |= PUBKEY_USAGE_CERT;
}
@@ -1838,7 +1839,7 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip)
gpg_error_t err;
unsigned char *public;
size_t publiclen;
- const char *algostr;
+ int algo;
if (hexgrip[0] == '&')
hexgrip++;
@@ -1848,26 +1849,10 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip)
return 0;
publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL);
- get_pk_algo_from_canon_sexp (public, publiclen, &algostr);
+ algo = get_pk_algo_from_canon_sexp (public, publiclen);
xfree (public);
- /* FIXME: Mapping of ECC algorithms is probably not correct. */
- if (!algostr)
- return 0;
- else if (!strcmp (algostr, "rsa"))
- return PUBKEY_ALGO_RSA;
- else if (!strcmp (algostr, "dsa"))
- return PUBKEY_ALGO_DSA;
- else if (!strcmp (algostr, "elg"))
- return PUBKEY_ALGO_ELGAMAL_E;
- else if (!strcmp (algostr, "ecc"))
- return PUBKEY_ALGO_ECDH;
- else if (!strcmp (algostr, "ecdsa"))
- return PUBKEY_ALGO_ECDSA;
- else if (!strcmp (algostr, "eddsa"))
- return PUBKEY_ALGO_EDDSA;
- else
- return 0;
+ return map_pk_gcry_to_openpgp (algo);
}
@@ -3653,8 +3638,9 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
{ "Preferences", pPREFERENCES },
{ "Revoker", pREVOKER },
{ "Handle", pHANDLE },
- { "Keyserver", pKEYSERVER },
- { NULL, 0 }
+ { "Keyserver", pKEYSERVER },
+ { "Keygrip", pKEYGRIP },
+ { NULL, 0 }
};
IOBUF fp;
byte *line;
@@ -4175,137 +4161,166 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
else if (full) /* Full featured key generation. */
{
int subkey_algo;
- char *curve = NULL;
-
- /* Fixme: To support creating a primary key by keygrip we better
- also define the keyword for the parameter file. Note that
- the subkey case will never be asserted if a keygrip has been
- given. */
- algo = ask_algo (ctrl, 0, &subkey_algo, &use, NULL);
- if (subkey_algo)
+ char *key_from_hexgrip = NULL;
+
+ algo = ask_algo (ctrl, 0, &subkey_algo, &use, &key_from_hexgrip);
+ if (key_from_hexgrip)
{
- /* Create primary and subkey at once. */
- both = 1;
- if (algo == PUBKEY_ALGO_ECDSA
- || algo == PUBKEY_ALGO_EDDSA
- || algo == PUBKEY_ALGO_ECDH)
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo);
+ r->next = para;
+ para = r;
+
+ if (use)
{
- curve = ask_curve (&algo, &subkey_algo);
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = pKEYTYPE;
- sprintf( r->u.value, "%d", algo);
- r->next = para;
- para = r;
- nbits = 0;
- r = xmalloc_clear (sizeof *r + strlen (curve));
- r->key = pKEYCURVE;
- strcpy (r->u.value, curve);
+ r = xmalloc_clear( sizeof *r + 25 );
+ r->key = pKEYUSAGE;
+ sprintf( r->u.value, "%s%s%s",
+ (use & PUBKEY_USAGE_SIG)? "sign ":"",
+ (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
+ (use & PUBKEY_USAGE_AUTH)? "auth":"" );
r->next = para;
para = r;
}
- else
+
+ r = xmalloc_clear( sizeof *r + 40 );
+ r->key = pKEYGRIP;
+ strcpy (r->u.value, key_from_hexgrip);
+ r->next = para;
+ para = r;
+
+ xfree (key_from_hexgrip);
+ }
+ else
+ {
+ char *curve = NULL;
+
+ if (subkey_algo)
{
+ /* Create primary and subkey at once. */
+ both = 1;
+ if (algo == PUBKEY_ALGO_ECDSA
+ || algo == PUBKEY_ALGO_EDDSA
+ || algo == PUBKEY_ALGO_ECDH)
+ {
+ curve = ask_curve (&algo, &subkey_algo);
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo);
+ r->next = para;
+ para = r;
+ nbits = 0;
+ r = xmalloc_clear (sizeof *r + strlen (curve));
+ r->key = pKEYCURVE;
+ strcpy (r->u.value, curve);
+ r->next = para;
+ para = r;
+ }
+ else
+ {
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo);
+ r->next = para;
+ para = r;
+ nbits = ask_keysize (algo, 0);
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYLENGTH;
+ sprintf( r->u.value, "%u", nbits);
+ r->next = para;
+ para = r;
+ }
r = xmalloc_clear( sizeof *r + 20 );
- r->key = pKEYTYPE;
- sprintf( r->u.value, "%d", algo);
+ r->key = pKEYUSAGE;
+ strcpy( r->u.value, "sign" );
r->next = para;
para = r;
- nbits = ask_keysize (algo, 0);
+
r = xmalloc_clear( sizeof *r + 20 );
- r->key = pKEYLENGTH;
- sprintf( r->u.value, "%u", nbits);
+ r->key = pSUBKEYTYPE;
+ sprintf( r->u.value, "%d", subkey_algo);
+ r->next = para;
+ para = r;
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pSUBKEYUSAGE;
+ strcpy( r->u.value, "encrypt" );
r->next = para;
para = r;
- }
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = pKEYUSAGE;
- strcpy( r->u.value, "sign" );
- r->next = para;
- para = r;
-
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = pSUBKEYTYPE;
- sprintf( r->u.value, "%d", subkey_algo);
- r->next = para;
- para = r;
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = pSUBKEYUSAGE;
- strcpy( r->u.value, "encrypt" );
- r->next = para;
- para = r;
- if (algo == PUBKEY_ALGO_ECDSA
- || algo == PUBKEY_ALGO_EDDSA
- || algo == PUBKEY_ALGO_ECDH)
+ if (algo == PUBKEY_ALGO_ECDSA
+ || algo == PUBKEY_ALGO_EDDSA
+ || algo == PUBKEY_ALGO_ECDH)
+ {
+ if (algo == PUBKEY_ALGO_EDDSA
+ && subkey_algo == PUBKEY_ALGO_ECDH)
+ {
+ /* Need to switch to a different curve for the
+ encryption key. */
+ xfree (curve);
+ curve = xstrdup ("Curve25519");
+ }
+ r = xmalloc_clear (sizeof *r + strlen (curve));
+ r->key = pSUBKEYCURVE;
+ strcpy (r->u.value, curve);
+ r->next = para;
+ para = r;
+ }
+ }
+ else /* Create only a single key. */
{
- if (algo == PUBKEY_ALGO_EDDSA
- && subkey_algo == PUBKEY_ALGO_ECDH)
+ /* For ECC we need to ask for the curve before storing the
+ algo because ask_curve may change the algo. */
+ if (algo == PUBKEY_ALGO_ECDSA
+ || algo == PUBKEY_ALGO_EDDSA
+ || algo == PUBKEY_ALGO_ECDH)
{
- /* Need to switch to a different curve for the
- encryption key. */
- xfree (curve);
- curve = xstrdup ("Curve25519");
+ curve = ask_curve (&algo, NULL);
+ r = xmalloc_clear (sizeof *r + strlen (curve));
+ r->key = pKEYCURVE;
+ strcpy (r->u.value, curve);
+ r->next = para;
+ para = r;
}
- r = xmalloc_clear (sizeof *r + strlen (curve));
- r->key = pSUBKEYCURVE;
- strcpy (r->u.value, curve);
+
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
+
+ if (use)
+ {
+ r = xmalloc_clear( sizeof *r + 25 );
+ r->key = pKEYUSAGE;
+ sprintf( r->u.value, "%s%s%s",
+ (use & PUBKEY_USAGE_SIG)? "sign ":"",
+ (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
+ (use & PUBKEY_USAGE_AUTH)? "auth":"" );
+ r->next = para;
+ para = r;
+ }
+ nbits = 0;
}
- }
- else /* Create only a single key. */
- {
- /* For ECC we need to ask for the curve before storing the
- algo because ask_curve may change the algo. */
+
if (algo == PUBKEY_ALGO_ECDSA
|| algo == PUBKEY_ALGO_EDDSA
|| algo == PUBKEY_ALGO_ECDH)
{
- curve = ask_curve (&algo, NULL);
- r = xmalloc_clear (sizeof *r + strlen (curve));
- r->key = pKEYCURVE;
- strcpy (r->u.value, curve);
- r->next = para;
- para = r;
+ /* The curve has already been set. */
}
-
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = pKEYTYPE;
- sprintf( r->u.value, "%d", algo );
- r->next = para;
- para = r;
-
- if (use)
+ else
{
- r = xmalloc_clear( sizeof *r + 25 );
- r->key = pKEYUSAGE;
- sprintf( r->u.value, "%s%s%s",
- (use & PUBKEY_USAGE_SIG)? "sign ":"",
- (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
- (use & PUBKEY_USAGE_AUTH)? "auth":"" );
+ nbits = ask_keysize (both? subkey_algo : algo, nbits);
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
+ sprintf( r->u.value, "%u", nbits);
r->next = para;
para = r;
}
- nbits = 0;
- }
- if (algo == PUBKEY_ALGO_ECDSA
- || algo == PUBKEY_ALGO_EDDSA
- || algo == PUBKEY_ALGO_ECDH)
- {
- /* The curve has already been set. */
+ xfree (curve);
}
- else
- {
- nbits = ask_keysize (both? subkey_algo : algo, nbits);
- r = xmalloc_clear( sizeof *r + 20 );
- r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
- sprintf( r->u.value, "%u", nbits);
- r->next = para;
- para = r;
- }
-
- xfree (curve);
}
else /* Default key generation. */
{
@@ -4547,6 +4562,9 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
int did_sub = 0;
u32 timestamp;
char *cache_nonce = NULL;
+ int algo;
+ u32 expire;
+ const char *key_from_hexgrip = NULL;
if (outctrl->dryrun)
{
@@ -4612,20 +4630,26 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
node of the subkey but that is more work than just to pass the
current timestamp. */
- if (!card)
- err = do_create (get_parameter_algo( para, pKEYTYPE, NULL ),
+ algo = get_parameter_algo( para, pKEYTYPE, NULL );
+ expire = get_parameter_u32( para, pKEYEXPIRE );
+ key_from_hexgrip = get_parameter_value (para, pKEYGRIP);
+ if (key_from_hexgrip)
+ err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip,
+ pub_root, timestamp, expire, 0);
+ else if (!card)
+ err = do_create (algo,
get_parameter_uint( para, pKEYLENGTH ),
get_parameter_value (para, pKEYCURVE),
pub_root,
timestamp,
- get_parameter_u32( para, pKEYEXPIRE ), 0,
+ expire, 0,
outctrl->keygen_flags,
get_parameter_passphrase (para),
&cache_nonce, NULL);
else
- err = gen_card_key (1, get_parameter_algo( para, pKEYTYPE, NULL ),
+ err = gen_card_key (1, algo,
1, pub_root, &timestamp,
- get_parameter_u32 (para, pKEYEXPIRE));
+ expire);
/* Get the pointer to the generated public key packet. */
if (!err)
@@ -5109,7 +5133,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
node = find_kbnode (pub_keyblock, PKT_PUBLIC_KEY);
if (!node)
{
- log_error ("Oops; publkic key lost!\n");
+ log_error ("Oops; public key lost!\n");
err = gpg_error (GPG_ERR_INTERNAL);
goto leave;
}
diff --git a/g10/keyid.c b/g10/keyid.c
index dd098fd..6e8d97f 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -202,7 +202,7 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
}
gcry_md_putc ( md, 0x99 ); /* ctb */
- /* What does it mean if n is greater than than 0xFFFF ? */
+ /* What does it mean if n is greater than 0xFFFF ? */
gcry_md_putc ( md, n >> 8 ); /* 2 byte length header */
gcry_md_putc ( md, n );
gcry_md_putc ( md, pk->version );
diff --git a/g10/keylist.c b/g10/keylist.c
index 4fe1e40..2684f59 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1232,7 +1232,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
}
if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
- ownertrust_print = get_ownertrust_info (pk);
+ ownertrust_print = get_ownertrust_info (pk, 0);
else
ownertrust_print = 0;
@@ -1900,6 +1900,9 @@ set_attrib_fd (int fd)
if (fd == -1)
return;
+ if (! gnupg_fd_valid (fd))
+ log_fatal ("attribute-fd is invalid: %s\n", strerror (errno));
+
#ifdef HAVE_DOSISH_SYSTEM
setmode (fd, O_BINARY);
#endif
diff --git a/g10/keyring.c b/g10/keyring.c
index f1281e9..9b7b5fd 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -777,7 +777,7 @@ prepare_search (KEYRING_HANDLE hd)
/* A map of the all characters valid used for word_match()
- * Valid characters are in in this table converted to uppercase.
+ * Valid characters are in this table converted to uppercase.
* because the upper 128 bytes have special meaning, we assume
* that they are all valid.
* Note: We must use numerical values here in case that this program
@@ -928,13 +928,27 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
else if ( mode == KEYDB_SEARCH_MODE_MAIL
|| mode == KEYDB_SEARCH_MODE_MAILSUB
|| mode == KEYDB_SEARCH_MODE_MAILEND) {
+ int have_angles = 1;
for (i=0, s= uid; i < uidlen && *s != '<'; s++, i++)
;
+ if (i == uidlen)
+ {
+ /* The UID is a plain addr-spec (cf. RFC2822 section 4.3). */
+ have_angles = 0;
+ s = uid;
+ i = 0;
+ }
if (i < uidlen) {
- /* skip opening delim and one char and look for the closing one*/
- s++; i++;
- for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
- ;
+ if (have_angles)
+ {
+ /* skip opening delim and one char and look for the closing one*/
+ s++; i++;
+ for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
+ ;
+ }
+ else
+ se = s + uidlen;
+
if (i < uidlen) {
i = se - s;
if (mode == KEYDB_SEARCH_MODE_MAIL) {
diff --git a/g10/main.h b/g10/main.h
index 5ed501b..6837e98 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -397,8 +397,10 @@ gpg_error_t parse_and_set_export_filter (const char *string);
int export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options,
export_stats_t stats);
-int export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats);
-int export_secsubkeys (ctrl_t ctrl, strlist_t users, export_stats_t stats);
+int export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats);
+int export_secsubkeys (ctrl_t ctrl, strlist_t users, unsigned int options,
+ export_stats_t stats);
gpg_error_t export_pubkey_buffer (ctrl_t ctrl, const char *keyspec,
unsigned int options,
diff --git a/g10/mainproc.c b/g10/mainproc.c
index ac2ab03..4f8d0be 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -78,7 +78,7 @@ struct mainproc_context
signature. */
struct
{
- /* A file descriptor of the the signed data. Only used if not -1. */
+ /* A file descriptor of the signed data. Only used if not -1. */
int data_fd;
/* A list of filenames with the data files or NULL. This is only
used if DATA_FD is -1. */
@@ -1032,7 +1032,7 @@ list_node (CTX c, kbnode_t node)
colon_datestr_from_pk( pk ),
colon_strtime (pk->expiredate) );
if (pk->flags.primary && !opt.fast_list_mode)
- es_putc (get_ownertrust_info (pk), es_stdout);
+ es_putc (get_ownertrust_info (pk, 1), es_stdout);
es_putc (':', es_stdout);
es_putc ('\n', es_stdout);
}
@@ -1997,7 +1997,7 @@ check_sig_and_print (CTX c, kbnode_t node)
log_assert (mainpk);
- /* In case we did not found a valid valid textual userid above
+ /* In case we did not found a valid textual userid above
we print the first user id packet or a "[?]" instead along
with the "Good|Expired|Bad signature" line. */
if (!count)
diff --git a/g10/misc.c b/g10/misc.c
index 4b9ad99..ac00009 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -522,7 +522,7 @@ openpgp_cipher_blocklen (cipher_algo_t algo)
block length. This is so that the packet parsing code works even
for unknown algorithms (for which we assume 8 due to tradition).
- NOTE: If you change the the returned blocklen above 16, check
+ NOTE: If you change the returned blocklen above 16, check
the callers because they may use a fixed size buffer of that
size. */
switch (algo)
diff --git a/g10/passphrase.c b/g10/passphrase.c
index fb4ec4c..37abc0f 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -166,6 +166,9 @@ read_passphrase_from_fd( int fd )
int i, len;
char *pw;
+ if (! gnupg_fd_valid (fd))
+ log_fatal ("passphrase-fd is invalid: %s\n", strerror (errno));
+
if ( !opt.batch && opt.pinentry_mode != PINENTRY_MODE_LOOPBACK)
{ /* Not used but we have to do a dummy read, so that it won't end
up at the begin of the message if the quite usual trick to
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 288affc..012f751 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -188,7 +188,7 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
int show=0;
int min_num;
int did_help=defer_help;
- unsigned int minimum = tdb_get_min_ownertrust (pk);
+ unsigned int minimum = tdb_get_min_ownertrust (pk, 0);
switch(minimum)
{
@@ -818,7 +818,7 @@ expand_group (strlist_t input)
* success the new key is added to PK_LIST_ADDR. NAME is the user id
* of the key. USE the requested usage and a set MARK_HIDDEN will
* mark the key in the updated list as a hidden recipient. If
- * FROM_FILE is true, NAME is is not a user ID but the name of a file
+ * FROM_FILE is true, NAME is not a user ID but the name of a file
* holding a key. */
gpg_error_t
find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 117744f..e037c12 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -211,7 +211,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
/* Now get the DEK (data encryption key) from the frame
*
- * Old versions encode the DEK in in this format (msb is left):
+ * Old versions encode the DEK in this format (msb is left):
*
* 0 1 DEK(16 bytes) CSUM(2 bytes) 0 RND(n bytes) 2
*
@@ -335,9 +335,11 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
if (DBG_CRYPTO)
log_printhex ("DEK is:", dek->key, dek->keylen);
- /* Check that the algo is in the preferences and whether it has expired. */
+ /* Check that the algo is in the preferences and whether it has
+ * expired. Also print a status line with the key's fingerprint. */
{
PKT_public_key *pk = NULL;
+ PKT_public_key *mainpk = NULL;
KBNODE pkb = get_pubkeyblock (keyid);
if (!pkb)
@@ -351,9 +353,11 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
&& !is_algo_in_prefs (pkb, PREFTYPE_SYM, dek->algo))
log_info (_("WARNING: cipher algorithm %s not found in recipient"
" preferences\n"), openpgp_cipher_algo_name (dek->algo));
+
if (!err)
{
- KBNODE k;
+ kbnode_t k;
+ int first = 1;
for (k = pkb; k; k = k->next)
{
@@ -361,8 +365,14 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
u32 aki[2];
- keyid_from_pk (k->pkt->pkt.public_key, aki);
+ if (first)
+ {
+ first = 0;
+ mainpk = k->pkt->pkt.public_key;
+ }
+
+ keyid_from_pk (k->pkt->pkt.public_key, aki);
if (aki[0] == keyid[0] && aki[1] == keyid[1])
{
pk = k->pkt->pkt.public_key;
@@ -386,6 +396,24 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
show_revocation_reason (pk, 1);
}
+ if (is_status_enabled () && pk && mainpk)
+ {
+ char pkhex[MAX_FINGERPRINT_LEN*2+1];
+ char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
+
+ hexfingerprint (pk, pkhex, sizeof pkhex);
+ hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
+
+ /* Note that we do not want to create a trustdb just for
+ * getting the ownertrust: If there is no trustdb there can't
+ * be ulitmately trusted key anyway and thus the ownertrust
+ * value is irrelevant. */
+ write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c",
+ pkhex, mainpkhex,
+ get_ownertrust_info (mainpk, 1));
+
+ }
+
release_kbnode (pkb);
err = 0;
}
diff --git a/g10/revoke.c b/g10/revoke.c
index 591b641..3a2b068 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -442,7 +442,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
to stdout or the filename given by --output. REASON describes the
revocation reason. PSK is the public primary key - we expect that
a corresponding secret key is available. KEYBLOCK is the entire
- KEYBLOCK which is used in PGP mode to write a a minimal key and not
+ KEYBLOCK which is used in PGP mode to write a minimal key and not
just the naked revocation signature; it may be NULL. If LEADINTEXT
is not NULL, it is written right before the (armored) output.*/
static int
diff --git a/g10/rmd160.c b/g10/rmd160.c
index 7c77ca5..cf27796 100644
--- a/g10/rmd160.c
+++ b/g10/rmd160.c
@@ -17,7 +17,7 @@
* along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
-/* For historic reasons gpg uses RIPE-MD160 to to identify names in
+/* For historic reasons gpg uses RIPE-MD160 to identify names in
the trustdb. It would be better to change that to SHA-1, to take
advantage of a SHA-1 hardware operation provided by some CPUs.
This would break trustdb compatibility and thus we don't want to do
diff --git a/g10/server.c b/g10/server.c
index b89f0be..e3a3bad 100644
--- a/g10/server.c
+++ b/g10/server.c
@@ -770,18 +770,15 @@ gpg_server (ctrl_t ctrl)
gpg_error_t
gpg_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line)
{
- if (opt.verbose)
- {
- char *linecopy = xtrystrdup (line);
- char *fields[4];
-
- if (linecopy
- && split_fields (linecopy, fields, DIM (fields)) >= 4
- && !strcmp (fields[0], "PINENTRY_LAUNCHED"))
- log_info (_("pinentry launched (pid %s, flavor %s, version %s)\n"),
- fields[1], fields[2], fields[3]);
+ const char *s;
- xfree (linecopy);
+ if (opt.verbose
+ && !strncmp (line, "PINENTRY_LAUNCHED", 17)
+ && (line[17]==' '||!line[17]))
+ {
+ for (s = line + 17; *s && spacep (s); s++)
+ ;
+ log_info (_("pinentry launched (%s)\n"), s);
}
if (!ctrl || !ctrl->server_local
diff --git a/g10/sign.c b/g10/sign.c
index acc894c..ff099b3 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -686,7 +686,10 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
pk = sk_rover->pk;
/* Build the signature packet. */
- sig = xmalloc_clear (sizeof *sig);
+ sig = xtrycalloc (1, sizeof *sig);
+ if (!sig)
+ return gpg_error_from_syserror ();
+
if (duration || opt.sig_policy_url
|| opt.sig_notations || opt.sig_keyserver_url)
sig->version = 4;
@@ -731,8 +734,12 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
print_status_sig_created (pk, sig, status_letter);
free_packet (&pkt);
if (rc)
- log_error ("build signature packet failed: %s\n", gpg_strerror (rc));
+ log_error ("build signature packet failed: %s\n",
+ gpg_strerror (rc));
}
+ else
+ xfree (sig);
+
if (rc)
return rc;
}
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
index 41a0258..ab2f072 100644
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@@ -70,7 +70,7 @@ list_trustdb (estream_t fp, const char *username)
(void)username;
- init_trustdb();
+ init_trustdb (0);
/* For now we ignore the user ID. */
if (1)
{
@@ -101,7 +101,7 @@ export_ownertrust()
int i;
byte *p;
- init_trustdb();
+ init_trustdb (0);
es_printf (_("# List of assigned trustvalues, created %s\n"
"# (Use \"gpg --import-ownertrust\" to restore them)\n"),
asctimestamp( make_timestamp() ) );
@@ -133,7 +133,7 @@ import_ownertrust( const char *fname )
int any = 0;
int rc;
- init_trustdb();
+ init_trustdb (0);
if( iobuf_is_pipe_filename (fname) ) {
fp = es_stdin;
fname = "[stdin]";
@@ -193,18 +193,22 @@ import_ownertrust( const char *fname )
if( !rc ) { /* found: update */
if (rec.r.trust.ownertrust != otrust)
{
- if( rec.r.trust.ownertrust )
- log_info("changing ownertrust from %u to %u\n",
- rec.r.trust.ownertrust, otrust );
- else
- log_info("setting ownertrust to %u\n", otrust );
+ if (!opt.quiet)
+ {
+ if( rec.r.trust.ownertrust )
+ log_info("changing ownertrust from %u to %u\n",
+ rec.r.trust.ownertrust, otrust );
+ else
+ log_info("setting ownertrust to %u\n", otrust );
+ }
rec.r.trust.ownertrust = otrust;
write_record (&rec );
any = 1;
}
}
else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) { /* insert */
- log_info("inserting ownertrust of %u\n", otrust );
+ if (!opt.quiet)
+ log_info("inserting ownertrust of %u\n", otrust );
memset (&rec, 0, sizeof rec);
rec.recnum = tdbio_new_recnum ();
rec.rectype = RECTYPE_TRUST;
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index 8752f88..a74df20 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -138,9 +138,10 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
}
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
(void)pk;
+ (void)no_create;
return '?';
}
diff --git a/g10/tofu.c b/g10/tofu.c
index 8d535fa..8c41ad7 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1969,7 +1969,7 @@ ask_about_binding (ctrl_t ctrl,
else if (!response[0])
/* Default to unknown. Don't save it. */
{
- tty_printf (_("Defaulting to unknown."));
+ tty_printf (_("Defaulting to unknown.\n"));
*policy = TOFU_POLICY_UNKNOWN;
break;
}
@@ -2306,7 +2306,11 @@ build_conflict_set (tofu_dbs_t dbs,
/* Return the effective policy for the binding <FINGERPRINT, EMAIL>
* (email has already been normalized) and any conflict information in
* *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns
- * _tofu_GET_POLICY_ERROR if an error occurs. */
+ * _tofu_GET_POLICY_ERROR if an error occurs.
+ *
+ * This function registers the binding in the bindings table if it has
+ * not yet been registered.
+ */
static enum tofu_policy
get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
const char *fingerprint, const char *user_id, const char *email,
@@ -2644,7 +2648,9 @@ get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
static enum tofu_policy
get_trust (ctrl_t ctrl, PKT_public_key *pk,
const char *fingerprint, const char *email,
- const char *user_id, int may_ask, time_t now)
+ const char *user_id, int may_ask,
+ enum tofu_policy *policyp, strlist_t *conflict_setp,
+ time_t now)
{
tofu_dbs_t dbs = ctrl->tofu.dbs;
int in_transaction = 0;
@@ -2675,6 +2681,14 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
&& _tofu_GET_TRUST_ERROR != TRUST_FULLY
&& _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE);
+ begin_transaction (ctrl, 0);
+ in_transaction = 1;
+
+ /* We need to call get_policy even if the key is ultimately trusted
+ * to make sure the binding has been registered. */
+ policy = get_policy (dbs, pk, fingerprint, user_id, email,
+ &conflict_set, now);
+
/* If the key is ultimately trusted, there is nothing to do. */
{
u32 kid[2];
@@ -2683,14 +2697,11 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
if (tdb_keyid_is_utk (kid))
{
trust_level = TRUST_ULTIMATE;
+ policy = TOFU_POLICY_GOOD;
goto out;
}
}
- begin_transaction (ctrl, 0);
- in_transaction = 1;
-
- policy = get_policy (dbs, pk, fingerprint, user_id, email, &conflict_set, now);
if (policy == TOFU_POLICY_AUTO)
{
policy = opt.tofu_default_policy;
@@ -2758,10 +2769,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
}
else
{
- for (iter = conflict_set; iter; iter = iter->next)
- show_statistics (dbs, iter->d, email,
- TOFU_POLICY_ASK, NULL, 1, now);
-
trust_level = TRUST_UNDEFINED;
}
@@ -2807,7 +2814,13 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
if (in_transaction)
end_transaction (ctrl, 0);
- free_strlist (conflict_set);
+ if (policyp)
+ *policyp = policy;
+
+ if (conflict_setp)
+ *conflict_setp = conflict_set;
+ else
+ free_strlist (conflict_set);
return trust_level;
}
@@ -2936,7 +2949,7 @@ write_stats_status (estream_t fp,
*
* POLICY is the key's policy (as returned by get_policy).
*
- * Returns 0 if if ONLY_STATUS_FD is set. Otherwise, returns whether
+ * Returns 0 if ONLY_STATUS_FD is set. Otherwise, returns whether
* the caller should call show_warning after iterating over all user
* ids.
*/
@@ -2970,7 +2983,8 @@ show_statistics (tofu_dbs_t dbs,
/* Get the signature stats. */
rc = gpgsql_exec_printf
(dbs->db, strings_collect_cb, &strlist, &err,
- "select count (*), min (signatures.time), max (signatures.time)\n"
+ "select count (*), coalesce (min (signatures.time), 0),\n"
+ " coalesce (max (signatures.time), 0)\n"
" from signatures\n"
" left join bindings on signatures.binding = bindings.oid\n"
" where fingerprint = %Q and email = %Q;",
@@ -3023,7 +3037,8 @@ show_statistics (tofu_dbs_t dbs,
/* Get the encryption stats. */
rc = gpgsql_exec_printf
(dbs->db, strings_collect_cb, &strlist, &err,
- "select count (*), min (encryptions.time), max (encryptions.time)\n"
+ "select count (*), coalesce (min (encryptions.time), 0),\n"
+ " coalesce (max (encryptions.time), 0)\n"
" from encryptions\n"
" left join bindings on encryptions.binding = bindings.oid\n"
" where fingerprint = %Q and email = %Q;",
@@ -3326,7 +3341,8 @@ tofu_register_signature (ctrl_t ctrl,
/* Make sure the binding exists and record any TOFU
conflicts. */
- if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0, now)
+ if (get_trust (ctrl, pk, fingerprint, email, user_id->d,
+ 0, NULL, NULL, now)
== _tofu_GET_TRUST_ERROR)
{
rc = gpg_error (GPG_ERR_GENERAL);
@@ -3480,7 +3496,7 @@ tofu_register_encryption (ctrl_t ctrl,
if (! user_id_list)
log_info (_("WARNING: Encrypting to %s, which has no "
- "non-revoked user ids.\n"),
+ "non-revoked user ids\n"),
keystr (pk->keyid));
}
@@ -3492,11 +3508,13 @@ tofu_register_encryption (ctrl_t ctrl,
for (user_id = user_id_list; user_id; user_id = user_id->next)
{
char *email = email_from_user_id (user_id->d);
+ strlist_t conflict_set = NULL;
+ enum tofu_policy policy;
/* Make sure the binding exists and that we recognize any
conflicts. */
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
- may_ask, now);
+ may_ask, &policy, &conflict_set, now);
if (tl == _tofu_GET_TRUST_ERROR)
{
/* An error. */
@@ -3505,6 +3523,28 @@ tofu_register_encryption (ctrl_t ctrl,
goto die;
}
+
+ /* If there is a conflict and MAY_ASK is true, we need to show
+ * the TOFU statistics for the current binding and the
+ * conflicting bindings. But, if we are not in batch mode, then
+ * they have already been printed (this is required to make sure
+ * the information is available to the caller before cpr_get is
+ * called). */
+ if (policy == TOFU_POLICY_ASK && may_ask && opt.batch)
+ {
+ strlist_t iter;
+
+ /* The conflict set should contain at least the current
+ * key. */
+ log_assert (conflict_set);
+
+ for (iter = conflict_set; iter; iter = iter->next)
+ show_statistics (dbs, iter->d, email,
+ TOFU_POLICY_ASK, NULL, 1, now);
+ }
+
+ free_strlist (conflict_set);
+
rc = gpgsql_stepx
(dbs->db, &dbs->s.register_encryption, NULL, NULL, &err,
"insert into encryptions\n"
@@ -3663,6 +3703,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
int bindings = 0;
int bindings_valid = 0;
int need_warning = 0;
+ int had_conflict = 0;
dbs = opendbs (ctrl);
if (! dbs)
@@ -3681,11 +3722,13 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
for (user_id = user_id_list; user_id; user_id = user_id->next, bindings ++)
{
char *email = email_from_user_id (user_id->d);
+ strlist_t conflict_set = NULL;
+ enum tofu_policy policy;
/* Always call get_trust to make sure the binding is
registered. */
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
- may_ask, now);
+ may_ask, &policy, &conflict_set, now);
if (tl == _tofu_GET_TRUST_ERROR)
{
/* An error. */
@@ -3708,13 +3751,36 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED)
{
- enum tofu_policy policy =
- get_policy (dbs, pk, fingerprint, user_id->d, email, NULL, now);
+ /* If policy is ask, then we already printed out the
+ * conflict information in ask_about_binding or will do so
+ * in a moment. */
+ if (policy != TOFU_POLICY_ASK)
+ need_warning |=
+ show_statistics (dbs, fingerprint, email, policy, NULL, 0, now);
+
+ /* If there is a conflict and MAY_ASK is true, we need to
+ * show the TOFU statistics for the current binding and the
+ * conflicting bindings. But, if we are not in batch mode,
+ * then they have already been printed (this is required to
+ * make sure the information is available to the caller
+ * before cpr_get is called). */
+ if (policy == TOFU_POLICY_ASK && opt.batch)
+ {
+ strlist_t iter;
+
+ /* The conflict set should contain at least the current
+ * key. */
+ log_assert (conflict_set);
- need_warning |=
- show_statistics (dbs, fingerprint, email, policy, NULL, 0, now);
+ had_conflict = 1;
+ for (iter = conflict_set; iter; iter = iter->next)
+ show_statistics (dbs, iter->d, email,
+ TOFU_POLICY_ASK, NULL, 1, now);
+ }
}
+ free_strlist (conflict_set);
+
if (tl == TRUST_NEVER)
trust_level = TRUST_NEVER;
else if (tl == TRUST_EXPIRED)
@@ -3739,7 +3805,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
xfree (email);
}
- if (need_warning)
+ if (need_warning && ! had_conflict)
show_warning (fingerprint, user_id_list);
die:
diff --git a/g10/trust.c b/g10/trust.c
index 888b4ca..d0ea77e 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -179,17 +179,18 @@ get_ownertrust (PKT_public_key *pk)
(void)pk;
return TRUST_UNKNOWN;
#else
- return tdb_get_ownertrust (pk);
+ return tdb_get_ownertrust (pk, 0);
#endif
}
/*
* Same as get_ownertrust but this takes the minimum ownertrust value
- * into into account, and will bump up the value as needed.
+ * into account, and will bump up the value as needed. NO_CREATE
+ * inhibits creation of a trustdb it that does not yet exists.
*/
static int
-get_ownertrust_with_min (PKT_public_key *pk)
+get_ownertrust_with_min (PKT_public_key *pk, int no_create)
{
#ifdef NO_TRUST_MODELS
(void)pk;
@@ -197,8 +198,15 @@ get_ownertrust_with_min (PKT_public_key *pk)
#else
unsigned int otrust, otrust_min;
- otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
- otrust_min = tdb_get_min_ownertrust (pk);
+ /* Shortcut instead of doing the same twice in the two tdb_get
+ * functions: If the caller asked not to create a trustdb we call
+ * init_trustdb directly and allow it to fail with an error code for
+ * a non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
+ otrust = (tdb_get_ownertrust (pk, no_create) & TRUST_MASK);
+ otrust_min = tdb_get_min_ownertrust (pk, no_create);
if (otrust < otrust_min)
{
/* If the trust that the user has set is less than the trust
@@ -217,23 +225,25 @@ get_ownertrust_with_min (PKT_public_key *pk)
/*
* Same as get_ownertrust but return a trust letter instead of an
- * value. This takes the minimum ownertrust value into account.
+ * value. This takes the minimum ownertrust value into account. If
+ * NO_CREATE is set, no efforts for creating a trustdb will be taken.
*/
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
- return trust_letter (get_ownertrust_with_min (pk));
+ return trust_letter (get_ownertrust_with_min (pk, no_create));
}
/*
* Same as get_ownertrust but return a trust string instead of an
- * value. This takes the minimum ownertrust value into account.
+ * value. This takes the minimum ownertrust value into account. If
+ * NO_CREATE is set, no efforts for creating a trustdb will be taken.
*/
const char *
-get_ownertrust_string (PKT_public_key *pk)
+get_ownertrust_string (PKT_public_key *pk, int no_create)
{
- return trust_value_to_string (get_ownertrust_with_min (pk));
+ return trust_value_to_string (get_ownertrust_with_min (pk, no_create));
}
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 75714ab..f4df4c8 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -222,7 +222,7 @@ tdb_register_trusted_key( const char *string )
/*
* Helper to add a key to the global list of ultimately trusted keys.
- * Retruns: true = inserted, false = already in in list.
+ * Returns: true = inserted, false = already in list.
*/
static int
add_utk (u32 *kid)
@@ -296,9 +296,9 @@ verify_own_keys(void)
keystr(k->kid));
else
{
- tdb_update_ownertrust (&pk,
- ((tdb_get_ownertrust (&pk) & ~TRUST_MASK)
- | TRUST_ULTIMATE ));
+ tdb_update_ownertrust
+ (&pk, ((tdb_get_ownertrust (&pk, 0) & ~TRUST_MASK)
+ | TRUST_ULTIMATE ));
release_public_key_parts (&pk);
}
@@ -439,21 +439,34 @@ how_to_fix_the_trustdb ()
}
-void
-init_trustdb ()
+/* Initialize the trustdb. With NO_CREATE set a missing trustdb is
+ * not an error and the function won't terminate the process on error;
+ * in that case 0 is returned if there is a trustdb or an error code
+ * if no trustdb is available. */
+gpg_error_t
+init_trustdb (int no_create)
{
int level = trustdb_args.level;
const char* dbname = trustdb_args.dbname;
if( trustdb_args.init )
- return;
+ return 0;
trustdb_args.init = 1;
if(level==0 || level==1)
{
- int rc = tdbio_set_dbname( dbname, !!level, &trustdb_args.no_trustdb);
- if( rc )
+ int rc = tdbio_set_dbname (dbname, (!no_create && level),
+ &trustdb_args.no_trustdb);
+ if (no_create && trustdb_args.no_trustdb)
+ {
+ /* No trustdb found and the caller asked us not to create
+ * it. Return an error and set the initialization state
+ * back so that we always test for an existing trustdb. */
+ trustdb_args.init = 0;
+ return gpg_error (GPG_ERR_ENOENT);
+ }
+ if (rc)
log_fatal("can't init trustdb: %s\n", gpg_strerror (rc) );
}
else
@@ -493,6 +506,8 @@ init_trustdb ()
if(!tdbio_db_matches_options())
pending_check_trustdb=1;
}
+
+ return 0;
}
@@ -504,7 +519,7 @@ init_trustdb ()
void
check_trustdb (ctrl_t ctrl)
{
- init_trustdb();
+ init_trustdb (0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
{
@@ -541,7 +556,7 @@ check_trustdb (ctrl_t ctrl)
void
update_trustdb (ctrl_t ctrl)
{
- init_trustdb ();
+ init_trustdb (0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
validate_keys (ctrl, 1);
@@ -553,7 +568,7 @@ update_trustdb (ctrl_t ctrl)
void
tdb_revalidation_mark (void)
{
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
@@ -591,7 +606,7 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
{
TRUSTREC opts;
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
memset (&opts, 0, sizeof opts);
else
@@ -622,7 +637,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
{
int rc;
- init_trustdb();
+ init_trustdb (0);
rc = tdbio_search_trust_bypk (pk, rec);
if (rc)
{
@@ -642,12 +657,16 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
return 0;
}
-/****************
- * Return the assigned ownertrust value for the given public key.
- * The key should be the primary key.
+
+/*
+ * Return the assigned ownertrust value for the given public key. The
+ * key should be the primary key. If NO_CREATE is set a missing
+ * trustdb will not be created. This comes for example handy when we
+ * want to print status lines (DECRYPTION_KEY) which carry ownertrust
+ * values but we usually use --always-trust.
*/
unsigned int
-tdb_get_ownertrust ( PKT_public_key *pk)
+tdb_get_ownertrust (PKT_public_key *pk, int no_create)
{
TRUSTREC rec;
gpg_error_t err;
@@ -655,6 +674,12 @@ tdb_get_ownertrust ( PKT_public_key *pk)
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
+ /* If the caller asked not to create a trustdb we call init_trustdb
+ * directly and allow it to fail with an error code for a
+ * non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
err = read_trust_record (pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */
@@ -669,7 +694,7 @@ tdb_get_ownertrust ( PKT_public_key *pk)
unsigned int
-tdb_get_min_ownertrust (PKT_public_key *pk)
+tdb_get_min_ownertrust (PKT_public_key *pk, int no_create)
{
TRUSTREC rec;
gpg_error_t err;
@@ -677,6 +702,12 @@ tdb_get_min_ownertrust (PKT_public_key *pk)
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
+ /* If the caller asked not to create a trustdb we call init_trustdb
+ * directly and allow it to fail with an error code for a
+ * non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
err = read_trust_record (pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */
@@ -808,7 +839,7 @@ tdb_clear_ownertrusts (PKT_public_key *pk)
TRUSTREC rec;
gpg_error_t err;
- init_trustdb ();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return 0;
@@ -915,7 +946,7 @@ tdb_cache_disabled_value (PKT_public_key *pk)
if (pk->flags.disabled_valid)
return pk->flags.disabled;
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb)
return 0; /* No trustdb => not disabled. */
@@ -950,7 +981,7 @@ tdb_check_trustdb_stale (ctrl_t ctrl)
{
static int did_nextcheck=0;
- init_trustdb ();
+ init_trustdb (0);
if (trustdb_args.no_trustdb)
return; /* No trustdb => can't be stale. */
@@ -1021,7 +1052,7 @@ tdb_get_validity_core (ctrl_t ctrl,
(void)may_ask;
#endif
- init_trustdb ();
+ init_trustdb (0);
/* If we have no trustdb (which also means it has not been created)
and the trust-model is always, we don't know the validity -
@@ -1036,7 +1067,7 @@ tdb_get_validity_core (ctrl_t ctrl,
{
/* Note that this happens BEFORE any user ID stuff is checked.
The direct trust model applies to keys as a whole. */
- validity = tdb_get_ownertrust (main_pk);
+ validity = tdb_get_ownertrust (main_pk, 0);
goto leave;
}
@@ -1248,7 +1279,7 @@ get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
uid->help_marginal_count=uid->help_full_count=0;
- init_trustdb ();
+ init_trustdb (0);
if(read_trust_record (pk, &trec))
return;
@@ -1353,7 +1384,7 @@ ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
{
ot=edit_ownertrust (ctrl, pk, 0);
if(ot>0)
- ot = tdb_get_ownertrust (pk);
+ ot = tdb_get_ownertrust (pk, 0);
else if(ot==0)
ot = minimum?minimum:TRUST_UNDEFINED;
else
@@ -2142,9 +2173,9 @@ validate_keys (ctrl_t ctrl, int interactive)
k->kid[1]=kid[1];
k->ownertrust =
(tdb_get_ownertrust
- (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK);
+ (kar->keyblock->pkt->pkt.public_key, 0) & TRUST_MASK);
k->min_ownertrust = tdb_get_min_ownertrust
- (kar->keyblock->pkt->pkt.public_key);
+ (kar->keyblock->pkt->pkt.public_key, 0);
k->trust_depth=
kar->keyblock->pkt->pkt.public_key->trust_depth;
k->trust_value=
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 6081d10..3088063 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -127,7 +127,7 @@ void update_trustdb (ctrl_t ctrl);
int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void);
const char *trust_model_string (int model);
-void init_trustdb( void );
+gpg_error_t init_trustdb (int no_create);
void tdb_check_trustdb_stale (ctrl_t ctrl);
void sync_trustdb( void );
@@ -152,10 +152,10 @@ void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth,
byte *min_cert_level);
-unsigned int tdb_get_ownertrust (PKT_public_key *pk);
-unsigned int tdb_get_min_ownertrust (PKT_public_key *pk);
-int get_ownertrust_info (PKT_public_key *pk);
-const char *get_ownertrust_string (PKT_public_key *pk);
+unsigned int tdb_get_ownertrust (PKT_public_key *pk, int no_create);
+unsigned int tdb_get_min_ownertrust (PKT_public_key *pk, int no_create);
+int get_ownertrust_info (PKT_public_key *pk, int no_create);
+const char *get_ownertrust_string (PKT_public_key *pk, int no_create);
void tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
int tdb_clear_ownertrusts (PKT_public_key *pk);
diff --git a/g13/Makefile.am b/g13/Makefile.am
index c0e7a71..cc0e6a8 100644
--- a/g13/Makefile.am
+++ b/g13/Makefile.am
@@ -70,7 +70,7 @@ g13_syshelp_LDADD = $(libcommon) \
module_tests = t-g13tuple
t_common_ldadd = $(libcommon) $(LIBGCRYPT_LIBS) \
- $(LIBASSUAN_LIBS)
+ $(LIBASSUAN_LIBS) $(LIBICONV)
t_g13tuple_SOURCES = t-g13tuple.c g13tuple.c
t_g13tuple_LDADD = $(t_common_ldadd)
diff --git a/g13/g13-syshelp.h b/g13/g13-syshelp.h
index b6adcbd..0243166 100644
--- a/g13/g13-syshelp.h
+++ b/g13/g13-syshelp.h
@@ -32,7 +32,7 @@ struct tab_item_s
char *label; /* Optional malloced label for that entry. */
char *mountpoint; /* NULL or a malloced mountpoint. */
char blockdev[1]; /* String with the name of the block device. If
- it starts with a slash is is a regular device
+ it starts with a slash it is a regular device
name, otherwise it is a PARTUUID. */
};
diff --git a/g13/server.c b/g13/server.c
index 0c4563e..e3cb313 100644
--- a/g13/server.c
+++ b/g13/server.c
@@ -44,7 +44,7 @@ static FILE *statusfp;
the CTRL object of each connection. */
struct server_local_s
{
- /* The Assuan contect we are working on. */
+ /* The Assuan context we are working on. */
assuan_context_t assuan_ctx;
char *containername; /* Malloced active containername. */
diff --git a/g13/sh-cmd.c b/g13/sh-cmd.c
index a54f0ae..523ec56 100644
--- a/g13/sh-cmd.c
+++ b/g13/sh-cmd.c
@@ -35,7 +35,7 @@
the CTRL object of each connection. */
struct server_local_s
{
- /* The Assuan contect we are working on. */
+ /* The Assuan context we are working on. */
assuan_context_t assuan_ctx;
/* The malloced name of the device. */
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
index 73ecfbe..f3bdceb 100644
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@@ -123,7 +123,7 @@
IDs go here.
- bN Space for the keyblock or certificate.
- bN RFU. This is the remaining space after keyblock and before
- the checksum. Is is not covered by the checksum.
+ the checksum. It is not covered by the checksum.
- b20 SHA-1 checksum (useful for KS syncronisation?)
Note, that KBX versions before GnuPG 2.1 used an MD5
checksum. However it was only created but never checked.
@@ -589,7 +589,7 @@ create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
put32 ( a, 0 ); /* size of reserved space */
/* reserved space (which is currently of size 0) */
- /* space where we write keyIDs and and other stuff so that the
+ /* space where we write keyIDs and other stuff so that the
pointers can actually point to somewhere */
if (blobtype == KEYBOX_BLOBTYPE_PGP)
{
diff --git a/m4/autobuild.m4 b/m4/autobuild.m4
index bd1f4dc..ceed464 100644
--- a/m4/autobuild.m4
+++ b/m4/autobuild.m4
@@ -7,7 +7,7 @@
# that contains a configuration script generated by Autoconf, under
# the same distribution terms as the rest of that program.
#
-# This file can can be used in projects which are not available under
+# This file can be used in projects which are not available under
# the GNU General Public License or the GNU Library General Public
# License but which still want to provide support for Autobuild.
diff --git a/m4/gettext.m4 b/m4/gettext.m4
index c9ae1f7..cdac014 100644
--- a/m4/gettext.m4
+++ b/m4/gettext.m4
@@ -4,13 +4,13 @@ dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
diff --git a/m4/intl.m4 b/m4/intl.m4
index 3906a17..ee47182 100644
--- a/m4/intl.m4
+++ b/m4/intl.m4
@@ -4,13 +4,13 @@ dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
diff --git a/m4/intldir.m4 b/m4/intldir.m4
index 7a28843..0bc1b7a 100644
--- a/m4/intldir.m4
+++ b/m4/intldir.m4
@@ -4,13 +4,13 @@ dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
AC_PREREQ(2.52)
diff --git a/m4/lcmessage.m4 b/m4/lcmessage.m4
index 19aa77e..eef389d 100644
--- a/m4/lcmessage.m4
+++ b/m4/lcmessage.m4
@@ -4,13 +4,13 @@ dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
diff --git a/m4/nls.m4 b/m4/nls.m4
index 7967cc2..6b50be3 100644
--- a/m4/nls.m4
+++ b/m4/nls.m4
@@ -4,13 +4,13 @@ dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
diff --git a/m4/po.m4 b/m4/po.m4
index f7c9c06..201c7ca 100644
--- a/m4/po.m4
+++ b/m4/po.m4
@@ -4,13 +4,13 @@ dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
diff --git a/m4/progtest.m4 b/m4/progtest.m4
index a56365c..6dc2f0f 100644
--- a/m4/progtest.m4
+++ b/m4/progtest.m4
@@ -4,13 +4,13 @@ dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl
-dnl This file can can be used in projects which are not available under
+dnl This file can be used in projects which are not available under
dnl the GNU General Public License or the GNU Library General Public
dnl License but which still want to provide support for the GNU gettext
dnl functionality.
dnl Please note that the actual code of the GNU gettext library is covered
dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
+dnl gettext package is covered by the GNU General Public License.
dnl They are *not* in the public domain.
dnl Authors:
diff --git a/po/POTFILES.in b/po/POTFILES.in
index d2f3592..f071651 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -23,6 +23,7 @@ common/asshelp.c
common/audit.c
common/helpfile.c
common/gettime.c
+common/ksba-io-support.c
common/argparse.c
common/logging.c
@@ -82,7 +83,6 @@ scd/app-openpgp.c
scd/app-dinsig.c
scd/scdaemon.c
-sm/base64.c
sm/call-agent.c
sm/call-dirmngr.c
sm/certchain.c
diff --git a/po/ca.po b/po/ca.po
index b00c346..296b374 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -176,6 +176,10 @@ msgstr ""
"no s'ha trobat cap anell secret de escrivible: %s\n"
"\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "error en crear «%s»: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1087,6 +1091,10 @@ msgstr "error en l'última línia\n"
msgid "[none]"
msgstr "[no establert]"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "el caràcter radix64 %02x invàlid s'ha omés\n"
+
msgid "argument not expected"
msgstr ""
@@ -2599,6 +2607,9 @@ msgstr "error en la creació de la contrasenya: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Endavant, escriviu el missatge...\n"
@@ -6042,7 +6053,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6169,7 +6180,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "error mentre s'enviava a «%s»: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6431,6 +6442,9 @@ msgstr "no s'ha pogut emmagatzemar l'empremta digital: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "no s'ha pogut reconstruir la memòria cau de l'anell: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6449,20 +6463,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "canvia la contrasenya"
#, c-format
@@ -6473,9 +6500,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "l'enviament al servidor de claus ha fallat: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6487,11 +6511,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "canvia la contrasenya"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "canvia la contrasenya"
@@ -6500,6 +6520,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "canvia la contrasenya"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Seleccioneu la raó de la revocació:\n"
@@ -6671,10 +6695,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "el caràcter radix64 %02x invàlid s'ha omés\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent no està disponible en aquesta sessió\n"
@@ -7505,6 +7525,10 @@ msgstr "Certificat invàlid"
msgid " runtime cached certificates: %u\n"
msgstr "error en la creació de la contrasenya: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "S'ha creat el certificat de revocació.\n"
@@ -8688,9 +8712,6 @@ msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
msgid "certificate chain is good\n"
msgstr "Certificat de revocació vàlid"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA requereix l'ús d'un algoritme de dispersió de 160 bits\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -9127,6 +9148,13 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "canvia la contrasenya"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA requereix l'ús d'un algoritme de dispersió de 160 bits\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [nom_del_fitxer]"
diff --git a/po/cs.po b/po/cs.po
index d14f88a..487972b 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -174,6 +174,11 @@ msgstr "na kartÄ› není autentizaÄní klÃ­Ä pro SSH: %s\n"
msgid "no suitable card key found: %s\n"
msgstr "nenalezen žádný vhodný klÃ­Ä karty: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "chyba při získání uložených příznaků: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1014,6 +1019,10 @@ msgstr "ignoruji řádek s nepořádkem"
msgid "[none]"
msgstr "[neuvedeno]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "neplatný radix64 znak %02x byl pÅ™eskoÄen\n"
+
msgid "argument not expected"
msgstr "argument nebyl oÄekáván"
@@ -2416,6 +2425,9 @@ msgstr "chyba pÅ™i rozboru názvu klíÄe „%s“: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr "„%s“ nevypadá jako platné ID klíÄe, otisk klíÄe nebo keygrip\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "ZaÄnÄ›te psát svou zprávu…\n"
@@ -5709,7 +5721,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5851,7 +5863,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "chyba při odesílání dat: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6110,6 +6122,9 @@ msgstr "uložení otisku se nezdařilo: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "uložení data vytvoření se nezdařilo: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "chyba při získání CHV z karty\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "odpovÄ›Ä neobsahuje RSA modulus\n"
@@ -6128,6 +6143,23 @@ msgstr "odpovÄ›Ä neobsahuje veÅ™ejný klíÄ\n"
msgid "reading public key failed: %s\n"
msgstr "Ätení veÅ™ejného klíÄe se nezdaÅ™ilo: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "používám implicitní PIN jako %s\n"
@@ -6138,11 +6170,9 @@ msgstr ""
"použití implicitního PINu jako %s selhalo: %s – vypínám jeho budoucí "
"použití\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Prosím vložte PIN%%0A[podpis hotov: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Prosím vložte PIN"
#, c-format
@@ -6153,9 +6183,6 @@ msgstr "PIN pro CHV%d je příliš krátký; minimální délka je %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "ověření CHV%d se nezdařilo: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "chyba při získání CHV z karty\n"
-
msgid "card is permanently locked!\n"
msgstr "karta je trvale uzamÄena!\n"
@@ -6172,17 +6199,16 @@ msgstr[2] ""
"Do trvalého uzamÄení karty zůstává %d pokusů o zadání PINu administrátora\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Prosím, zadejte PIN správce%%0A[zbývá pokusů: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Prosím, zadejte PIN správce"
msgid "access to admin commands is not configured\n"
msgstr "přístup k administrátorským příkazům není nakonfigurován\n"
+msgid "||Please enter the PIN"
+msgstr "||Prosím vložte PIN"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Prosím, zadejte resetaÄní kód karty"
@@ -6340,10 +6366,6 @@ msgstr "obsluha pro deskriptor %d spuštěna\n"
msgid "handler for fd %d terminated\n"
msgstr "obsluha pro deskriptor %d ukonÄena\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "neplatný radix64 znak %02x byl pÅ™eskoÄen\n"
-
msgid "no dirmngr running in this session\n"
msgstr "v této relaci neběží žádný dirmngr\n"
@@ -7117,6 +7139,12 @@ msgstr " trvale zavedených certifikátů: %u\n"
msgid " runtime cached certificates: %u\n"
msgstr "za běhu nakešovaných certifikátů: %u\n"
+# XXX: Align with msgid "permanently loaded certificates:"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "za běhu nakešovaných certifikátů: %u\n"
+
msgid "certificate already cached\n"
msgstr "certifikát již v keši\n"
@@ -8232,9 +8260,6 @@ msgstr "kontrola důvěryhodnosti kořenového certifikátu selhala: %s\n"
msgid "certificate chain is good\n"
msgstr "řetěz certifikátů je v pořádku\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA požaduje použití 160bitového hašovacího algoritmu\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr "certifikát neměl být použit pro podepsání CRL\n"
@@ -8672,6 +8697,15 @@ msgstr ""
"Syntaxe: gpg-check-pattern [volby] soubor_se_vzorem\n"
"Prověří heslo zadané na vstupu proti souboru se vzory\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Prosím vložte PIN%%0A[podpis hotov: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Prosím, zadejte PIN správce%%0A[zbývá pokusů: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA požaduje použití 160bitového hašovacího algoritmu\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [jméno souboru]"
diff --git a/po/da.po b/po/da.po
index 0e10efb..0cd2a63 100644
--- a/po/da.po
+++ b/po/da.po
@@ -171,6 +171,11 @@ msgstr "fejl ved indhentelse af standard-keyID for godkendelses af kort: %s\n"
msgid "no suitable card key found: %s\n"
msgstr "ingen egnet kortnøgle fundet: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "fejl ved indhentelse af gemte flag: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1085,6 +1090,10 @@ msgstr "ignorerer affaldslinje"
msgid "[none]"
msgstr "[ingen]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "ugyldigt radix64-tegn %02x udeladt\n"
+
msgid "argument not expected"
msgstr "parameter var ikke forventet"
@@ -2554,6 +2563,9 @@ msgstr "fejl ved lagring af certifikat: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "GÃ¥ til sagen og skriv meddelelsen ...\n"
@@ -5945,7 +5957,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6077,7 +6089,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "fejl under afsendelse af %s-kommando: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6341,6 +6353,9 @@ msgstr "kunne ikke gemme fingeraftrykket: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "kunne ikke gemme oprettelsesdatoen: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "fejl ved indhentelse af CHV-status fra kort\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "svar indeholder ikke RSA modulus'erne\n"
@@ -6359,6 +6374,23 @@ msgstr "svar indeholder ikke data for offentlig nøgle\n"
msgid "reading public key failed: %s\n"
msgstr "læsning af offentlig nøgle mislykkedes: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "bruger standard-PIN som %s\n"
@@ -6369,11 +6401,9 @@ msgstr ""
"kunne ikke bruge standard-PIN som %s: %s - deaktiverer yderligere "
"standardbrug\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Indtast venligst PIN%%0A[sigs færdig: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Indtast venligst PIN'en"
#, c-format
@@ -6384,9 +6414,6 @@ msgstr "PIN for CHV%d er for kort; minimumlængde er %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "verificering af CHV%d mislykkedes: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "fejl ved indhentelse af CHV-status fra kort\n"
-
msgid "card is permanently locked!\n"
msgstr "kort er permanent låst!\n"
@@ -6399,17 +6426,16 @@ msgstr[0] "%d PIN-forsøg for administrator før kort permanent låses\n"
msgstr[1] "%d PIN-forsøg for administrator før kort permanent låses\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Ændr venligst administrator-PIN%%0A[tilbageværende forsøg: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Indtast venligst administrator-PIN'en"
msgid "access to admin commands is not configured\n"
msgstr "adgang til administratorkommandoer er ikke konfigureret\n"
+msgid "||Please enter the PIN"
+msgstr "||Indtast venligst PIN'en"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Indtast venligst nulstillingskoden for kortet"
@@ -6579,10 +6605,6 @@ msgstr "håndtering for fd %d startet\n"
msgid "handler for fd %d terminated\n"
msgstr "håndtering for fd %d termineret\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "ugyldigt radix64-tegn %02x udeladt\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
@@ -7404,6 +7426,11 @@ msgstr "Inkluderede certifikater"
msgid " runtime cached certificates: %u\n"
msgstr "antallet af matchende certifikater: %d\n"
+#, fuzzy, c-format
+#| msgid "number of matching certificates: %d\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "antallet af matchende certifikater: %d\n"
+
#, fuzzy
#| msgid " (certificate created at "
msgid "certificate already cached\n"
@@ -8720,9 +8747,6 @@ msgstr "kontrollerer for kvalificeret certifikat mislykkedes: %s\n"
msgid "certificate chain is good\n"
msgstr "certifikat er gyldigt\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr ""
-
#, fuzzy
#| msgid "certificate should not have been used for signing\n"
msgid "certificate should not have been used for CRL signing\n"
@@ -9184,6 +9208,12 @@ msgstr ""
"Syntaks: gpg-check-pattern [tilvalg] mønsterfil\n"
"Kontroller en adgangsfrase angivet på stdin mod mønsterfilen\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Indtast venligst PIN%%0A[sigs færdig: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Ændr venligst administrator-PIN%%0A[tilbageværende forsøg: %d]"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [filnavn]"
diff --git a/po/de.po b/po/de.po
index 36ba928..165dade 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2017-01-23 19:23+0100\n"
+"PO-Revision-Date: 2017-02-22 18:55+0100\n"
"Last-Translator: Werner Koch <wk@gnupg.org>\n"
"Language-Team: German <de@li.org>\n"
"Language: de\n"
@@ -154,6 +154,10 @@ msgid "no suitable card key found: %s\n"
msgstr "keine passender Kartenschlüssel gefunden: %s\n"
#, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "Fehler beim Holen der Liste der Karten: %s\n"
+
+#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
"allow this?"
@@ -1007,6 +1011,10 @@ msgstr "Zeile mit nicht identifizierten Zeichen wird ignoriert"
msgid "[none]"
msgstr "[keine]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "Ungültiges Basis-64 Zeichen %02X wurde übersprungen\n"
+
msgid "argument not expected"
msgstr "Argument nicht erwartet"
@@ -2386,6 +2394,10 @@ msgstr ""
"'%s\" sieht nicht nach einer gültigen Schlüssel-ID, einem Fingerabdruck oder "
"einem \"Keygrip\" aus\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+"WARNING: Kein Kommando angegeben. Versuche zu raten was gemeint ist ...\n"
+
msgid "Go ahead and type your message ...\n"
msgstr "Auf geht's - Botschaft eintippen ...\n"
@@ -5719,7 +5731,7 @@ msgstr "gGaAuUlLfF"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr "(G)ut, einmal (A)kzeptieren, (U)nbekannt, einmal ab(L)ehnen, (F)alsch?"
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5927,7 +5939,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "Fehler beim Öffnen der TOFU Datenbank: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6190,6 +6202,9 @@ msgstr "Der Fingerabdruck kann nicht gespeichert werden: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "Das Erzeugungsdatum konnte nicht gespeichert werden: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "Fehler beim Holen des CHV-Status' von der Karte\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "Die Antwort enthält das RSA-Modulus nicht\n"
@@ -6206,6 +6221,23 @@ msgstr "Die Antwort enthält keine öffentliche Schlüssel-Daten\n"
msgid "reading public key failed: %s\n"
msgstr "Lesen des öffentlichen Schlüssels fehlgeschlagen: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr "%sNummer: %s%%0ABesitzer: %s%%0AAnzahl: %lu%s"
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr "%sNummer: %s%%0ABesitzer: %s%s"
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr "Verbliebene Versuche: %d"
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "Die Standard PIN wird für %s benutzt\n"
@@ -6216,12 +6248,8 @@ msgstr ""
"Die Standard PIN für %s konnte nicht benutzt werden: %s - Die Standard PIN "
"wird nicht weiter benutzt\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Bitte die PIN eingeben%%0A[Sigs erzeugt: %lu]"
-
-msgid "||Please enter the PIN"
-msgstr "||Bitte die PIN eingeben"
+msgid "||Please unlock the card"
+msgstr "||Bitte entsperren Sie die Karte"
#, c-format
msgid "PIN for CHV%d is too short; minimum length is %d\n"
@@ -6231,9 +6259,6 @@ msgstr "PIN für CHV%d ist zu kurz; die Mindestlänge beträgt %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "Prüfung des CHV%d fehlgeschlagen: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "Fehler beim Holen des CHV-Status' von der Karte\n"
-
msgid "card is permanently locked!\n"
msgstr "Karte ist dauerhaft gesperrt!\n"
@@ -6245,17 +6270,16 @@ msgstr[0] "Noch %d Admin-PIN-Versuch, bis die Karte dauerhaft gesperrt ist\n"
msgstr[1] "Noch %d Admin-PIN-Versuche, bis die Karte dauerhaft gesperrt ist\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Bitte die Admin-PIN eingeben.%%0A[Verbliebene Versuche: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Bitte die Admin-PIN eingeben."
msgid "access to admin commands is not configured\n"
msgstr "Zugriff auf Admin-Befehle ist nicht eingerichtet\n"
+msgid "||Please enter the PIN"
+msgstr "||Bitte die PIN eingeben"
+
msgid "||Please enter the Reset Code for the card"
msgstr "Bitte geben Sie den Rückstellcode für diese Karte ein"
@@ -6414,10 +6438,6 @@ msgstr "Handhabungsroutine für fd %d gestartet\n"
msgid "handler for fd %d terminated\n"
msgstr "Handhabungsroutine für den fd %d beendet\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "Ungültiges Basis-64 Zeichen %02X wurde übersprungen\n"
-
msgid "no dirmngr running in this session\n"
msgstr "Der Dirmngr läuft nicht für diese Session\n"
@@ -7207,7 +7227,11 @@ msgstr " dauerhaft geladene Zertifikate: %u\n"
#, c-format
msgid " runtime cached certificates: %u\n"
-msgstr "zur Laufzeit zwischengespeicherte Zertifikate: %u\n"
+msgstr " zwischengespeicherte Zertifikate: %u\n"
+
+#, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr " vertrauenswürdige Zertifikate: %u (%u,%u,%u,%u)\n"
msgid "certificate already cached\n"
msgstr "Zertifikat ist bereits im Zwischenspeicher\n"
@@ -8345,9 +8369,6 @@ msgstr ""
msgid "certificate chain is good\n"
msgstr "Der Zertifikatkette ist gültig\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA benötigt eine 160 Bit Hashmethode\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Das Zertifikat hätte nicht zum Signieren einer CRL benutzt werden sollen\n"
@@ -8770,6 +8791,15 @@ msgstr ""
"Syntax: gpg-check-pattern [optionen] Musterdatei\n"
"Die von stdin gelesene Passphrase gegen die Musterdatei prüfen\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Bitte die PIN eingeben%%0A[Sigs erzeugt: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Bitte die Admin-PIN eingeben.%%0A[Verbliebene Versuche: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA benötigt eine 160 Bit Hashmethode\n"
+
#, fuzzy
#~| msgid ""
#~| "@\n"
diff --git a/po/el.po b/po/el.po
index 7c413a2..956ba1a 100644
--- a/po/el.po
+++ b/po/el.po
@@ -154,6 +154,10 @@ msgstr "αδυναμία εγγÏαφής μυστικής κλειδοθήκηÏ
msgid "no suitable card key found: %s\n"
msgstr "δε βÏέθηκε εγγÏάψιμη μυστική κλειδοθήκη: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "σφάλμα στη δημιουÏγία της φÏάσης κλειδί: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1036,6 +1040,10 @@ msgstr "σφάλμα στη γÏαμμή trailer\n"
msgid "[none]"
msgstr "άγνωστο"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "μη έγκυÏος radix64 χαÏακτήÏας %02x παÏάβλεψη\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "εγγÏαφή του Î¼Ï…ÏƒÏ„Î¹ÎºÎ¿Ï ÎºÎ»ÎµÎ¹Î´Î¹Î¿Ï ÏƒÏ„Î¿ `%s'\n"
@@ -2521,6 +2529,9 @@ msgstr "σφάλμα στη δημιουÏγία της φÏάσης κλειδÎ
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "ΜποÏείτε Ï„ÏŽÏα να εισαγάγετε το μήνυμα σας ...\n"
@@ -5915,7 +5926,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6041,7 +6052,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "σφάλμα στη αποστολή Ï€Ïος το `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6296,6 +6307,9 @@ msgstr "αποτυχία αÏχικοποίησης της TrustDB: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "αποτυχία επαναδόμησης της cache κλειδοθήκης: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6314,20 +6328,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "διαγÏαφή block κλειδιών απέτυχε: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "αλλαγή της φÏάσης κλειδί"
#, c-format
@@ -6338,9 +6365,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "keyserver αποστολή απέτυχε: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6352,11 +6376,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "αλλαγή της φÏάσης κλειδί"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "αλλαγή της φÏάσης κλειδί"
@@ -6365,6 +6385,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "αλλαγή της φÏάσης κλειδί"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "ΠαÏακαλώ επιλέξτε την αιτία για την ανάκληση:\n"
@@ -6534,10 +6558,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "μη έγκυÏος radix64 χαÏακτήÏας %02x παÏάβλεψη\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "ο gpg-agent δεν είναι διαθέσιμος σε αυτή τη συνεδÏία\n"
@@ -7342,6 +7362,10 @@ msgstr "κακό πιστοποιητικό"
msgid " runtime cached certificates: %u\n"
msgstr "σφάλμα στη δημιουÏγία της φÏάσης κλειδί: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "σφάλμα στη δημιουÏγία της φÏάσης κλειδί: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Πιστοποιητικό ανάκλησης δημιουÏγήθηκε.\n"
@@ -8511,9 +8535,6 @@ msgstr "απέτυχε ο έλεγχος της υπογÏαφής που δημ
msgid "certificate chain is good\n"
msgstr "η Ï€Ïοεπιλογή %c%lu αντιγÏάφτηκε\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "ο DSA απαιτεί τη χÏήση ενός 160 bit αλγόÏιθμου hash\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8950,6 +8971,13 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "αλλαγή της φÏάσης κλειδί"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "ο DSA απαιτεί τη χÏήση ενός 160 bit αλγόÏιθμου hash\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [όνομα αÏχείου]"
diff --git a/po/eo.po b/po/eo.po
index 4367a86..c521758 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -155,6 +155,10 @@ msgstr "eraro dum skribado de sekreta Ålosilaro '%s': %s\n"
msgid "no suitable card key found: %s\n"
msgstr "neniu skribebla sekreta Ålosilaro trovita: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1041,6 +1045,10 @@ msgstr "eraro en vostolinio\n"
msgid "[none]"
msgstr "nekonata versio"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "nevalida signo %02x en bazo 64 ignorita\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "skribas sekretan Ålosilon al '%s'\n"
@@ -2506,6 +2514,9 @@ msgstr "eraro dum kreado de pasfrazo: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Ektajpu vian mesaÄon ...\n"
@@ -5863,7 +5874,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5988,7 +5999,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "eraro dum sendo al '%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6238,6 +6249,9 @@ msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "malsukcesis rekonstrui Ålosilaran staplon: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6256,20 +6270,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "forviÅo de Ålosilbloko malsukcesis: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "ÅanÄi la pasfrazon"
#, c-format
@@ -6280,9 +6307,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "Kreado de Ålosiloj malsukcesis: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6294,11 +6318,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "ÅanÄi la pasfrazon"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "ÅanÄi la pasfrazon"
@@ -6307,6 +6327,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "ÅanÄi la pasfrazon"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Kialo por revoko: "
@@ -6477,10 +6501,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "nevalida signo %02x en bazo 64 ignorita\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent ne estas disponata en ĉi tiu sesio\n"
@@ -7295,6 +7315,10 @@ msgstr "Nevalida atestilo"
msgid " runtime cached certificates: %u\n"
msgstr "eraro dum kreado de pasfrazo: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Ålosilo %08lX: revokatestilo aldonita\n"
@@ -8456,9 +8480,6 @@ msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
msgid "certificate chain is good\n"
msgstr "Valida atestilrevoko"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr ""
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8894,6 +8915,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "ÅanÄi la pasfrazon"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [dosiero]"
diff --git a/po/es.po b/po/es.po
index a8fcb0c..dd61f45 100644
--- a/po/es.po
+++ b/po/es.po
@@ -180,6 +180,11 @@ msgstr ""
msgid "no suitable card key found: %s\n"
msgstr "no se encuentra una clave de tarjeta adecuada: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "error obteniendo parámetros almacenados: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1104,6 +1109,10 @@ msgstr "ignorando línea con basura"
msgid "[none]"
msgstr "[ninguno]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caracter inválido radix64 %02x omitido\n"
+
msgid "argument not expected"
msgstr "parámetro inesperado"
@@ -2579,6 +2588,9 @@ msgstr "error almacenando certificado: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
# Falta un espacio.
# En español no se deja espacio antes de los puntos suspensivos
# (Real Academia dixit) :)
@@ -5936,7 +5948,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6067,7 +6079,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "error enviando orden %s: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6335,6 +6347,9 @@ msgstr "fallo al almacenar la huella digital: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "fallo guardando la fecha de creación: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "error recuperando el estatus CHV de la tarjeta\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "la respuesta no incluye el módulo RSA\n"
@@ -6353,6 +6368,23 @@ msgstr "la respuesta no incluye la clave pública\n"
msgid "reading public key failed: %s\n"
msgstr "fallo leyendo clave pública: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "usando PIN por defecto %s\n"
@@ -6361,11 +6393,9 @@ msgstr "usando PIN por defecto %s\n"
msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr "fallo al usar el PIN por defecto %s: %s - en adelante deshabilitado\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Por favor introduzca PIN%%0A[firmas hechas: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Por favor introduzca PIN"
#, c-format
@@ -6376,9 +6406,6 @@ msgstr "El PIN para CHV%d es demasiado corto; longitud mínima %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "la verificación CHV%d falló: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "error recuperando el estatus CHV de la tarjeta\n"
-
msgid "card is permanently locked!\n"
msgstr "¡la tarjeta está bloqueada permanentemente!\n"
@@ -6395,17 +6422,16 @@ msgstr[1] ""
"bloquearpermanentemente la clave\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Introduzca PIN de Administrador%%0A[intentos restantes: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Por favor introduzca PIN de Administrador"
msgid "access to admin commands is not configured\n"
msgstr "el acceso a órdenes de administrador no está configurado\n"
+msgid "||Please enter the PIN"
+msgstr "||Por favor introduzca PIN"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Por favor introduzca Código de Reinicio de la tarjeta"
@@ -6581,10 +6607,6 @@ msgstr "manejador del descriptor %d iniciado\n"
msgid "handler for fd %d terminated\n"
msgstr "manejador del descriptor %d terminado\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "caracter inválido radix64 %02x omitido\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
@@ -7414,6 +7436,11 @@ msgstr "Certificados incluidos"
msgid " runtime cached certificates: %u\n"
msgstr "número de certificados coincidentes: %d\n"
+#, fuzzy, c-format
+#| msgid "number of matching certificates: %d\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "número de certificados coincidentes: %d\n"
+
#, fuzzy
#| msgid " (certificate created at "
msgid "certificate already cached\n"
@@ -8742,9 +8769,6 @@ msgstr "la comprobación de la firma cualificada falló: %s\n"
msgid "certificate chain is good\n"
msgstr "certificado correcto\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA necesita un algoritmo de hash de 160 bits.\n"
-
#, fuzzy
#| msgid "certificate should have not been used for signing\n"
msgid "certificate should not have been used for CRL signing\n"
@@ -9223,6 +9247,15 @@ msgstr ""
"Compara frase contraseña dada en entrada estándar con un fichero de "
"patrones\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Por favor introduzca PIN%%0A[firmas hechas: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Introduzca PIN de Administrador%%0A[intentos restantes: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA necesita un algoritmo de hash de 160 bits.\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [nombre_fichero]"
diff --git a/po/et.po b/po/et.po
index 4ee508b..1b3b417 100644
--- a/po/et.po
+++ b/po/et.po
@@ -152,6 +152,10 @@ msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
msgid "no suitable card key found: %s\n"
msgstr "kirjutatavat salajaste võtmete hoidlat pole: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1034,6 +1038,10 @@ msgstr "viga lõpetaval real\n"
msgid "[none]"
msgstr "tundmatu"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "vigane radix64 sümbol %02x vahele jäetud\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "kirjutan salajase võtme faili `%s'\n"
@@ -2506,6 +2514,9 @@ msgstr "viga parooli loomisel: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Kirjutage nüüd oma teade ...\n"
@@ -5841,7 +5852,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5967,7 +5978,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "viga teate saatmisel serverile `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6219,6 +6230,9 @@ msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "võtmehoidla vahemälu uuesti loomine ebaõnnestus: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6237,20 +6251,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "muuda parooli"
#, c-format
@@ -6261,9 +6288,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "võtmeserverile saatmine ebaõnnestus: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6275,11 +6299,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "muuda parooli"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "muuda parooli"
@@ -6288,6 +6308,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "muuda parooli"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Palun valige tühistamise põhjus:\n"
@@ -6457,10 +6481,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "vigane radix64 sümbol %02x vahele jäetud\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
@@ -7264,6 +7284,10 @@ msgstr "halb sertifikaat"
msgid " runtime cached certificates: %u\n"
msgstr "viga parooli loomisel: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "viga parooli loomisel: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Tühistamise sertifikaat on loodud.\n"
@@ -8429,9 +8453,6 @@ msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
msgid "certificate chain is good\n"
msgstr "eelistus %c%lu on duplikaat\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA nõuab 160 bitist räsialgoritmi kasutamist\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8868,6 +8889,13 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "muuda parooli"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA nõuab 160 bitist räsialgoritmi kasutamist\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [failinimi]"
diff --git a/po/fi.po b/po/fi.po
index 1fa4e4c..c6cae25 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -168,6 +168,10 @@ msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
msgid "no suitable card key found: %s\n"
msgstr "kirjoitettavissa olevaa salaista avainrengasta ei löydy: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1051,6 +1055,10 @@ msgstr "virhe trailer-rivissä\n"
msgid "[none]"
msgstr "tuntematon "
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "epäkelpo radix64-merkki %02x ohitettu\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
@@ -2522,6 +2530,9 @@ msgstr "virhe luotaessa salasanaa: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Kirjoita viestisi...\n"
@@ -5900,7 +5911,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6026,7 +6037,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6279,6 +6290,9 @@ msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "avainrenkaan välimuistin uudelleenluominen epäonnistui: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6297,20 +6311,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "avainlohkojen poisto epäonnistui: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "muuta salasanaa"
#, c-format
@@ -6321,9 +6348,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "avainpalvelimelle lähettäminen epäonnistui: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6335,11 +6359,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "muuta salasanaa"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "muuta salasanaa"
@@ -6348,6 +6368,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "muuta salasanaa"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Valitse mitätöinnin syy:\n"
@@ -6518,10 +6542,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "epäkelpo radix64-merkki %02x ohitettu\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
@@ -7325,6 +7345,10 @@ msgstr "virheellinen varmenne"
msgid " runtime cached certificates: %u\n"
msgstr "virhe luotaessa salasanaa: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Mitätöintivarmenne luotu.\n"
@@ -8493,9 +8517,6 @@ msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
msgid "certificate chain is good\n"
msgstr "valinta %c%lu on kopio\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA vaatii 160-bittisen tiivistealgoritmin käyttöä\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8932,6 +8953,13 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "muuta salasanaa"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA vaatii 160-bittisen tiivistealgoritmin käyttöä\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [tiedostonimi]"
diff --git a/po/fr.po b/po/fr.po
index 50da5ca..d8aea0d 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -160,6 +160,11 @@ msgstr "aucune clef d'authentification pour SSH sur la carte : %s\n"
msgid "no suitable card key found: %s\n"
msgstr "aucune clef de carte convenable n'a été trouvée : %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "erreur de lecture des options stockées : %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1024,6 +1029,10 @@ msgstr "ligne inutile ignorée"
msgid "[none]"
msgstr "[aucun]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caractère %02x incorrect en radix64, ignoré\n"
+
msgid "argument not expected"
msgstr "argument inattendu"
@@ -2455,6 +2464,9 @@ msgstr "erreur de chargement du certificat « %s » : %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Vous pouvez taper votre message…\n"
@@ -5829,7 +5841,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5961,7 +5973,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "erreur d'envoi de données : %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6232,6 +6244,9 @@ msgstr "impossible de stocker l'empreinte : %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "impossible de stocker la date de création : %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "erreur de récupération de l'état CHV de la carte\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "la réponse ne contient pas le module RSA\n"
@@ -6250,6 +6265,23 @@ msgstr "la réponse ne contient pas les données de clef publique\n"
msgid "reading public key failed: %s\n"
msgstr "échec de lecture de clef publique : %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "utilisation du code personnel par défaut en tant que %s\n"
@@ -6260,11 +6292,9 @@ msgstr ""
"impossible d'utiliser le code personnel par défaut en tant que %s :\n"
"%s — désactivation de la prochaine utilisation par défaut\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Veuillez entrer le code personnel%%0A[signatures faites : %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Veuillez entrer le code personnel"
#, c-format
@@ -6277,9 +6307,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "échec de vérification CHV%d : %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "erreur de récupération de l'état CHV de la carte\n"
-
msgid "card is permanently locked!\n"
msgstr "la carte est irrémédiablement bloquée.\n"
@@ -6296,19 +6323,16 @@ msgstr[1] ""
"avant que la carte ne soit irrémédiablement bloquée\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr ""
-"|A|Veuillez entrer le code personnel d'administration%%0A[tentatives "
-"restantes : %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Veuillez entrer le code personnel d'administration"
msgid "access to admin commands is not configured\n"
msgstr "l'accès aux commandes d'administration n'est pas configuré\n"
+msgid "||Please enter the PIN"
+msgstr "||Veuillez entrer le code personnel"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Veuillez entrer le code de réinitialisation pour la carte"
@@ -6478,10 +6502,6 @@ msgstr "gestionnaire pour le descripteur %d démarré\n"
msgid "handler for fd %d terminated\n"
msgstr "gestionnaire pour le descripteur %d terminé\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "caractère %02x incorrect en radix64, ignoré\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
@@ -7274,6 +7294,11 @@ msgstr "certificats chargés de façon permanente : %u\n"
msgid " runtime cached certificates: %u\n"
msgstr " certificats actuellement en cache : %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr " certificats actuellement en cache : %u\n"
+
msgid "certificate already cached\n"
msgstr "certificat déjà en cache\n"
@@ -8450,9 +8475,6 @@ msgstr ""
msgid "certificate chain is good\n"
msgstr "la chaîne de certificats est correcte\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA nécessite l'utilisation d'un algorithme de hachage de 160 bits\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"le certificat n'aurait pas dû être utilisé pour signer une liste de "
@@ -8899,6 +8921,18 @@ msgstr ""
"Vérifier une phrase secrète donnée sur l'entrée standard par rapport à "
"ficmotif\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Veuillez entrer le code personnel%%0A[signatures faites : %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr ""
+#~ "|A|Veuillez entrer le code personnel d'administration%%0A[tentatives "
+#~ "restantes : %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr ""
+#~ "DSA nécessite l'utilisation d'un algorithme de hachage de 160 bits\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [fichier]"
diff --git a/po/gl.po b/po/gl.po
index 4daa963..cacffc3 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -153,6 +153,10 @@ msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
msgid "no suitable card key found: %s\n"
msgstr "non se atopou un chaveiro privado no que se poida escribir: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1042,6 +1046,10 @@ msgstr "error nunha liña adicional\n"
msgid "[none]"
msgstr "descoñecido"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "carácter radix64 non válido %02x omitido\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "gravando a chave secreta en `%s'\n"
@@ -2516,6 +2524,9 @@ msgstr "erro ao crea-lo contrasinal: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Escriba a súa mensaxe ...\n"
@@ -5907,7 +5918,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6033,7 +6044,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "erro ao enviar a `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6287,6 +6298,9 @@ msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "fallo ao reconstruí-la caché de chaveiros: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6305,20 +6319,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "fallou o borrado do bloque de chaves: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "cambia-lo contrasinal"
#, c-format
@@ -6329,9 +6356,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "o envío ao servidor de chaves fallou: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6343,11 +6367,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "cambia-lo contrasinal"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "cambia-lo contrasinal"
@@ -6356,6 +6376,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "cambia-lo contrasinal"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Por favor, escolla o motivo da revocación:\n"
@@ -6526,10 +6550,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "carácter radix64 non válido %02x omitido\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent non está dispoñible nesta sesión\n"
@@ -7346,6 +7366,10 @@ msgstr "Certificado non válido"
msgid " runtime cached certificates: %u\n"
msgstr "erro ao crea-lo contrasinal: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Creouse o certificado de revocación.\n"
@@ -8517,9 +8541,6 @@ msgstr "fallou a comprobación da sinatura creada: %s\n"
msgid "certificate chain is good\n"
msgstr "Revocación de certificado válida"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA require o emprego dun algoritmo hash de 160 bits\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8959,6 +8980,13 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "cambia-lo contrasinal"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA require o emprego dun algoritmo hash de 160 bits\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [ficheiro]"
diff --git a/po/hu.po b/po/hu.po
index 3b3874d..d7d8c11 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -152,6 +152,10 @@ msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
msgid "no suitable card key found: %s\n"
msgstr "Nem írható titkoskulcs-karikát találtam: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1034,6 +1038,10 @@ msgstr "Hiba a záró sorban!\n"
msgid "[none]"
msgstr "Ismeretlen módú"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "Kihagytam a %02x kódú érvénytelen radix64 karaktert.\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "Ãrom a titkos kulcsot a %s állományba.\n"
@@ -2504,6 +2512,9 @@ msgstr "Hiba a jelszó létrehozásakor: %s.\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Kezdheti gépelni az üzenetet...\n"
@@ -5870,7 +5881,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5996,7 +6007,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "Hiba %s-ra/-re küldéskor: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6249,6 +6260,9 @@ msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
msgid "failed to store the creation date: %s\n"
msgstr "Nem tudtam újraépíteni a kulcskarika cache-ét: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6267,20 +6281,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "jelszóváltoztatás"
#, c-format
@@ -6291,9 +6318,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "Küldés a kulcsszerverre sikertelen: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6305,11 +6329,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "jelszóváltoztatás"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "jelszóváltoztatás"
@@ -6318,6 +6338,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "jelszóváltoztatás"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Kérem, válassza ki a visszavonás okát:\n"
@@ -6487,10 +6511,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "Kihagytam a %02x kódú érvénytelen radix64 karaktert.\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "GPG ügynök nem elérhető ebben a munkafolyamatban.\n"
@@ -7295,6 +7315,10 @@ msgstr "rossz igazolás"
msgid " runtime cached certificates: %u\n"
msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Visszavonó igazolás létrehozva.\n"
@@ -8460,9 +8484,6 @@ msgstr "A létrehozott aláírás ellenőrzése sikertelen: %s.\n"
msgid "certificate chain is good\n"
msgstr "%c%lu preferencia kétszer szerepel!\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "A DSA 160 bites hash (kivonatoló) algoritmust igényel.\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8899,6 +8920,13 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "jelszóváltoztatás"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "A DSA 160 bites hash (kivonatoló) algoritmust igényel.\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [fájlnév]"
diff --git a/po/id.po b/po/id.po
index 25d39ca..04bac61 100644
--- a/po/id.po
+++ b/po/id.po
@@ -157,6 +157,10 @@ msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
msgid "no suitable card key found: %s\n"
msgstr "tidak ditemukan keyring rahasia yang dapat ditulisi: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1039,6 +1043,10 @@ msgstr "kesalahan dalam garis trailer\n"
msgid "[none]"
msgstr "tidak dikenal"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "karakter radix64 tidak valid %02x dilewati\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "menulis kunci rahasia ke `%s'\n"
@@ -2509,6 +2517,9 @@ msgstr "kesalahan penciptaan passphrase: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Teruskan dan ketikkan pesan anda ....\n"
@@ -5862,7 +5873,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5988,7 +5999,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "kesalahan mengirim ke `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6240,6 +6251,9 @@ msgstr "gagal inisialisasi TrustDB: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "gagal membuat kembali cache keyring: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6258,20 +6272,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "gagal menghapus keyblok: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "ubah passphrase"
#, c-format
@@ -6282,9 +6309,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "Pengiriman keyserver gagal: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6296,11 +6320,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "ubah passphrase"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "ubah passphrase"
@@ -6309,6 +6329,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "ubah passphrase"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Silakan pilih alasan untuk pembatalan:\n"
@@ -6478,10 +6502,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "karakter radix64 tidak valid %02x dilewati\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
@@ -7286,6 +7306,10 @@ msgstr "sertifikat yang buruk"
msgid " runtime cached certificates: %u\n"
msgstr "kesalahan penciptaan passphrase: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Sertifikat pembatalan tercipta.\n"
@@ -8451,9 +8475,6 @@ msgstr "Gagal memeriksa signature yang dibuat: %s\n"
msgid "certificate chain is good\n"
msgstr "preferensi %c%lu ganda \n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA butuh penggunaan algoritma hash 160 bit\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8890,6 +8911,13 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "ubah passphrase"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA butuh penggunaan algoritma hash 160 bit\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [namafile]"
diff --git a/po/it.po b/po/it.po
index c70ddc4..e9f9394 100644
--- a/po/it.po
+++ b/po/it.po
@@ -152,6 +152,10 @@ msgstr "errore scrivendo il portachiavi segreto `%s': %s\n"
msgid "no suitable card key found: %s\n"
msgstr "non è stato trovato un portachiavi segreto scrivibile: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1034,6 +1038,10 @@ msgstr "errore nella riga della coda\n"
msgid "[none]"
msgstr "sconosciuto"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "Carattere radix64 non valido %02x saltato\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "scrittura della chiave segreta in `%s'\n"
@@ -2515,6 +2523,9 @@ msgstr "errore nella creazione della passhprase: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Vai avanti e scrivi il messaggio...\n"
@@ -5903,7 +5914,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6029,7 +6040,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "errore leggendo `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6282,6 +6293,9 @@ msgstr "inizializzazione del trustdb fallita: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "rebuild della cache del portachiavi fallito: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6300,20 +6314,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "cancellazione del keyblock fallita: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "cambia la passphrase"
#, c-format
@@ -6324,9 +6351,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "invio al keyserver fallito: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6338,11 +6362,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "cambia la passphrase"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "cambia la passphrase"
@@ -6351,6 +6371,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "cambia la passphrase"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Per favore scegli il motivo della revoca:\n"
@@ -6520,10 +6544,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "Carattere radix64 non valido %02x saltato\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent non è disponibile in questa sessione\n"
@@ -7327,6 +7347,10 @@ msgstr "certificato danneggiato"
msgid " runtime cached certificates: %u\n"
msgstr "errore nella creazione della passhprase: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Certificato di revoca creato.\n"
@@ -8495,9 +8519,6 @@ msgstr "controllo della firma creata fallito: %s\n"
msgid "certificate chain is good\n"
msgstr "la preferenza %c%lu è doppia\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA richiede l'uso di un algoritmo di hashing con almeno 160 bit\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8934,6 +8955,13 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "cambia la passphrase"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA richiede l'uso di un algoritmo di hashing con almeno 160 bit\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [nomefile]"
diff --git a/po/ja.po b/po/ja.po
index 0a6b92d..c8a21d3 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -149,6 +149,11 @@ msgstr "カードã«sshã®èªè¨¼éµãŒã‚ã‚Šã¾ã›ã‚“: %s\n"
msgid "no suitable card key found: %s\n"
msgstr "é©å½“ãªã‚«ãƒ¼ãƒ‰ã®éµãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "ä¿å­˜ã•ã‚ŒãŸãƒ•ãƒ©ã‚°ã®å–得エラー: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -977,6 +982,10 @@ msgstr "ガベージ行を無視ã—ã¾ã™"
msgid "[none]"
msgstr "[未設定]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "無効ãª64進文字%02Xをスキップã—ã¾ã—ãŸ\n"
+
msgid "argument not expected"
msgstr "引数ã¯æœŸå¾…ã•ã‚Œã¦ã„ã¾ã›ã‚“"
@@ -2305,6 +2314,9 @@ msgstr "éµæŒ‡å®š'%s'ã®æ§‹æ–‡è§£æžã‚¨ãƒ©ãƒ¼: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr "'%s'ã¯æœ‰åŠ¹ãªéµID, フィンガープリントã€keygripã§ã¯ãªã„よã†ã§ã™ã€‚\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "開始ã—ã¾ã™ã€‚メッセージを打ã£ã¦ãã ã•ã„ ...\n"
@@ -5426,7 +5438,9 @@ msgstr ""
"(G)ood-良, (A)ccept once-一度ã ã‘èªã‚ã‚‹, (U)nknown-ä¸æ˜Ž, (R)eject once-一度ã "
"ã‘å¦, (B)ad-ダメ? "
-msgid "Defaulting to unknown."
+#, fuzzy
+#| msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr "ä¸æ˜ŽãŒãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ã™ã€‚"
msgid "TOFU db corruption detected.\n"
@@ -5542,8 +5556,9 @@ msgstr[0] ""
msgid "error opening TOFU database: %s\n"
msgstr "TOFUデータベースã®ã‚ªãƒ¼ãƒ—ンã§ã‚¨ãƒ©ãƒ¼: %s\n"
-#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+#, fuzzy, c-format
+#| msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
"*警告*: %s ã«æš—å·åŒ–ã—ã¾ã™ã€‚失効ã—ã¦ã„ãªã„ユーザIDãŒä¸€ã¤ã‚‚ãªã„ã‚‚ã®ã§ã™ã€‚\n"
@@ -5786,6 +5801,9 @@ msgstr "指紋ã®ä¿ç®¡ã«å¤±æ•—ã—ã¾ã—ãŸ: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "生æˆæ—¥ã®ä¿ç®¡ã«å¤±æ•—ã—ã¾ã—ãŸ: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "カードã‹ã‚‰CHVステイタスã®å–å¾—ã§ã‚¨ãƒ©ãƒ¼\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "応答ã«RSAã®ãƒ¢ã‚¸ãƒ¥ãƒ©ã‚¹ãŒå«ã¾ã‚Œã¦ã„ã¾ã›ã‚“\n"
@@ -5802,6 +5820,23 @@ msgstr "応答ã«å…¬é–‹éµãƒ‡ãƒ¼ã‚¿ãŒå«ã¾ã‚Œã¦ã„ã¾ã›ã‚“\n"
msgid "reading public key failed: %s\n"
msgstr "公開éµã®èª­ã¿è¾¼ã¿ã«å¤±æ•—ã—ã¾ã—ãŸ: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "デフォルトPINã‚’%sã¨ã—ã¦ä½¿ã„ã¾ã™\n"
@@ -5812,11 +5847,9 @@ msgstr ""
"デフォルトã®PIN %s を使ã†ã®ã«å¤±æ•—ã—ã¾ã—ãŸ: %s - ã“れ以上デフォルトã¨ã—ã¦ã®ä½¿"
"用を無効ã¨ã—ã¾ã™\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||PINを入力ã—ã¦ãã ã•ã„%%0A[ç½²åæ•°: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||PINを入力ã—ã¦ãã ã•ã„"
#, c-format
@@ -5827,9 +5860,6 @@ msgstr "CHV%dã®PINãŒçŸ­ã™ãŽã¾ã™ã€‚最短ã§%dã§ã™\n"
msgid "verify CHV%d failed: %s\n"
msgstr "CHV%dã®èªè¨¼ã«å¤±æ•—ã—ã¾ã—ãŸ: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "カードã‹ã‚‰CHVステイタスã®å–å¾—ã§ã‚¨ãƒ©ãƒ¼\n"
-
msgid "card is permanently locked!\n"
msgstr "カードãŒæ°¸ä¹…ã«ãƒ­ãƒƒã‚¯ã•ã‚Œã¦ã¾ã™!\n"
@@ -5840,17 +5870,16 @@ msgid_plural ""
msgstr[0] "カードã®æ°¸ä¹…ロックå‰ã«%d回ã®ç®¡ç†è€…PINã®è©¦è¡ŒãŒæ®‹ã£ã¦ã„ã¾ã™\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|管ç†è€…PINを入力ã—ã¦ãã ã•ã„%%0A[残り回数: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|管ç†è€…PINを入力ã—ã¦ãã ã•ã„"
msgid "access to admin commands is not configured\n"
msgstr "管ç†ã‚³ãƒžãƒ³ãƒ‰ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ãŒè¨­å®šã•ã‚Œã¦ã„ã¾ã›ã‚“\n"
+msgid "||Please enter the PIN"
+msgstr "||PINを入力ã—ã¦ãã ã•ã„"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||カードã®ãƒªã‚»ãƒƒãƒˆãƒ»ã‚³ãƒ¼ãƒ‰ã‚’入力ã—ã¦ãã ã•ã„"
@@ -6006,10 +6035,6 @@ msgstr "fd %dã®ãƒãƒ³ãƒ‰ãƒ©ãŒé–‹å§‹ã•ã‚Œã¾ã—ãŸ\n"
msgid "handler for fd %d terminated\n"
msgstr "fd %dã®ãƒãƒ³ãƒ‰ãƒ©ãŒçµ‚了ã—ã¾ã—ãŸ\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "無効ãª64進文字%02Xをスキップã—ã¾ã—ãŸ\n"
-
msgid "no dirmngr running in this session\n"
msgstr "ã“ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã§dirmngrã¯å®Ÿè¡Œã•ã‚Œã¦ã„ã¾ã›ã‚“\n"
@@ -6778,6 +6803,11 @@ msgstr "永続的ã«ãƒ­ãƒ¼ãƒ‰ã•ã‚Œã‚‹è¨¼æ˜Žæ›¸: %u\n"
msgid " runtime cached certificates: %u\n"
msgstr "実行時キャッシュ証明書ã®æ•°: %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "実行時キャッシュ証明書ã®æ•°: %u\n"
+
msgid "certificate already cached\n"
msgstr " ã™ã§ã«ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã•ã‚ŒãŸè¨¼æ˜Žæ›¸\n"
@@ -7881,9 +7911,6 @@ msgstr "ルート証明書ã®ä¿¡ç”¨æ¤œæŸ»ã«å¤±æ•—ã—ã¾ã—ãŸ: %s\n"
msgid "certificate chain is good\n"
msgstr "証明書ãƒã‚§ã‚¤ãƒ³ã¯æ­£ã—ã„ã§ã™\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSAã¯160ビットã®ã®ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®ä½¿ç”¨ã‚’å¿…è¦ã¨ã—ã¾ã™\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr "証明書ã¯CRLç½²åã®ãŸã‚ã«ä½¿ã‚れるã¹ãã§ã¯ã‚ã‚Šã¾ã›ã‚“ã§ã—ãŸ\n"
@@ -8304,6 +8331,15 @@ msgstr ""
"å½¢å¼: gpg-check-pattern [オプション] パターンファイル\n"
"パターンファイルã«å¯¾ã—ã¦æ¨™æº–入力ã®ãƒ‘スフレーズを確èªã™ã‚‹\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||PINを入力ã—ã¦ãã ã•ã„%%0A[ç½²åæ•°: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|管ç†è€…PINを入力ã—ã¦ãã ã•ã„%%0A[残り回数: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSAã¯160ビットã®ã®ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®ä½¿ç”¨ã‚’å¿…è¦ã¨ã—ã¾ã™\n"
+
#~ msgid ""
#~ "@\n"
#~ "Examples:\n"
diff --git a/po/nb.po b/po/nb.po
index c56fa57..d104bf5 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -153,6 +153,11 @@ msgstr "ingen ssh-autentiseringnøkkel på kort: %s\n"
msgid "no suitable card key found: %s\n"
msgstr "fant ingen passende kortnøkkel: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "feil under henting av lagrede valg: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -985,6 +990,10 @@ msgstr "ignorerer ubrukelig linje"
msgid "[none]"
msgstr "[ingen]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "hoppet over ugyldig radix64-tegn %02x\n"
+
msgid "argument not expected"
msgstr "uforventet argument"
@@ -2335,6 +2344,9 @@ msgstr ""
"«%s» ser hverken ut til å være en gyldig nøkkel-ID, fingeravtrykk eller "
"nøkkelgrep\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Skriv inn melding …\n"
@@ -5588,7 +5600,7 @@ msgstr "gGaAuUnNdD"
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr "(G)od, (A)ksepter én gang, (U)kjent, (N)ekt én gang, (D)årlig? "
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5786,7 +5798,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "feil under åpning av TOFU-database: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6032,6 +6044,9 @@ msgstr "klarte ikke å lagre fingeravtrykk: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "klarte ikke å lagre opprettelsesdato: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "feil under henting av CHV-status fra kort\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "svar inneholder ikke RSA-modulus\n"
@@ -6050,6 +6065,23 @@ msgstr "svar inneholder ikke offentlig nøkkeldata\n"
msgid "reading public key failed: %s\n"
msgstr "lesing av offentlig nøkkel mislyktes: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "bruker forvalgt PIN som %s\n"
@@ -6060,11 +6092,9 @@ msgstr ""
"klarte ikke å bruke forvalgt PIN som %s: %s. Lar være å bruke forvalgt PIN "
"senere\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Skriv inn PIN%%0A[signaturer utført: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Skriv inn PIN-kode"
#, c-format
@@ -6075,9 +6105,6 @@ msgstr "PIN for CHV%d er for kort; minum lengde er %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "bekreftelse av CHV%d mislyktes: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "feil under henting av CHV-status fra kort\n"
-
msgid "card is permanently locked!\n"
msgstr "kortet er låst for godt.\n"
@@ -6089,17 +6116,16 @@ msgstr[0] "%d Admin-PIN-forsøk gjenstår før kortet blir låst permanent\n"
msgstr[1] "%d Admin-PIN-forsøk gjenstår før kortet blir låst permanent\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Skriv inn admin-PIN%%0A[gjenstående forsøk: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Skriv inn admin-PIN"
msgid "access to admin commands is not configured\n"
msgstr "tilgang til admin-kommandoer er ikke konfigurert\n"
+msgid "||Please enter the PIN"
+msgstr "||Skriv inn PIN-kode"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Skriv inn tilbakestillingskode for kortet"
@@ -6254,10 +6280,6 @@ msgstr "startet håndteringsprogram for fd %d\n"
msgid "handler for fd %d terminated\n"
msgstr "avsluttet håndteringsprogram for fd %d\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "hoppet over ugyldig radix64-tegn %02x\n"
-
msgid "no dirmngr running in this session\n"
msgstr "ingen dirmngr kjører i gjeldende økt\n"
@@ -7027,6 +7049,11 @@ msgstr "permanent innlastede sertifikater: %u\n"
msgid " runtime cached certificates: %u\n"
msgstr " hurtiglagrede sertifikater: %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr " hurtiglagrede sertifikater: %u\n"
+
msgid "certificate already cached\n"
msgstr "sertifikat allerede hurtiglagret\n"
@@ -8132,9 +8159,6 @@ msgstr "troverdighetssjekk av rotsertifikat mislyktes: %s\n"
msgid "certificate chain is good\n"
msgstr "sertifikatkjede er funnet i orden\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA krever kontrollsum på 160 bit\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr "sertifikat skulle ikke vært brukt til CRL-signering\n"
@@ -8573,6 +8597,15 @@ msgstr ""
"Syntaks: gpg-check-pattern [valg] mønsterfil\n"
"Kontroller passordfrase oppgitt på standard innkanal mot valgt mønsterfil\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Skriv inn PIN%%0A[signaturer utført: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Skriv inn admin-PIN%%0A[gjenstående forsøk: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA krever kontrollsum på 160 bit\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [filnavn]"
diff --git a/po/nl.po b/po/nl.po
new file mode 100644
index 0000000..6c447ec
--- /dev/null
+++ b/po/nl.po
@@ -0,0 +1,7647 @@
+# Dutch translations for package gnupg2.
+# Copyright (C) 2006 Free Software Foundation, Inc.
+# This file is distributed under the same license as the gnupg package.
+# Automatically generated, 2006.
+#
+# All this catalog "translates" are quotation characters.
+# The msgids must be ASCII and therefore cannot contain real quotation
+# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
+# and double quote (0x22). These substitutes look strange; see
+# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
+#
+# This catalog translates grave accent (0x60) and apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019).
+# It also translates pairs of apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019)
+# and pairs of quotation mark (0x22) to
+# left double quotation mark (U+201C) and right double quotation mark (U+201D).
+#
+# When output to an UTF-8 terminal, the quotation characters appear perfectly.
+# When output to an ISO-8859-1 terminal, the single quotation marks are
+# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
+# grave/acute accent (by libiconv), and the double quotation marks are
+# transliterated to 0x22.
+# When output to an ASCII terminal, the single quotation marks are
+# transliterated to apostrophes, and the double quotation marks are
+# transliterated to 0x22.
+# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014, 2015.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 2.0.28\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"PO-Revision-Date: 2015-06-07 16:56+0200\n"
+"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
+"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Gtranslator 2.91.6\n"
+
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "verwerven van de pinentry-vergrendeling is mislukt: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+msgid "|pinentry-label|_OK"
+msgstr "|pinentry-label|_OK"
+
+msgid "|pinentry-label|_Cancel"
+msgstr "|pinentry-label|_Annuleren"
+
+msgid "|pinentry-label|_Yes"
+msgstr "|pinentry-label|_Ja"
+
+msgid "|pinentry-label|_No"
+msgstr "|pinentry-label|_Nee"
+
+msgid "|pinentry-label|PIN:"
+msgstr "|pinentry-label|Pincode:"
+
+msgid "|pinentry-label|_Save in password manager"
+msgstr "|pinentry-label|_Bewaren in de wachtwoordmanager"
+
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Wilt U uw wachtwoordzin echt zichtbaar maken op het scherm?"
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr "|pinentry-tt|Wachtwoordzin zichtbaar maken"
+
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "|pinentry-tt|Wachtwoordzin verbergen"
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+msgid "Quality:"
+msgstr "Kwaliteit:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+"De kwaliteit van de hierboven ingevoerde wachtwoordzin.\n"
+"Vraag aan uw systeembeheerder nadere toelichting bij\n"
+"de gehanteerde criteria voor het meten van de kwaliteit."
+
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+"Voer uw pincode in, zodat de geheime sleutel voor deze sessie ontgrendeld "
+"kan worden"
+
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Voer uw wachtwoordzin in, zodat de geheime sleutel voor deze sessie "
+"ontgrendeld kan worden"
+
+#. TRANSLATORS: The string is appended to an error message in
+#. the pinentry. The %s is the actual error message, the
+#. two %d give the current and maximum number of tries.
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (poging %d van %d)"
+
+msgid "PIN too long"
+msgstr "Pincode is te lang"
+
+msgid "Passphrase too long"
+msgstr "Wachtwoordzin is te lang"
+
+msgid "Invalid characters in PIN"
+msgstr "Ongeldige tekens in de pincode"
+
+msgid "PIN too short"
+msgstr "Pincode is te kort"
+
+msgid "Bad PIN"
+msgstr "Slechte pincode"
+
+msgid "Bad Passphrase"
+msgstr "Slechte wachtwoordzin"
+
+msgid "Passphrase"
+msgstr "Wachtwoordzin"
+
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "ssh-sleutels groter dan %d bits worden niet ondersteund\n"
+
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "kan `%s' niet aanmaken: %s\n"
+
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "kan `%s' niet openen: %s\n"
+
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "fout bij het opvragen van het serienummer van de kaart: %s\n"
+
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "kaart gevonden met serienummer: %s\n"
+
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr ""
+"fout bij het ophalen van de kaart van de ID van de standaard "
+"authenticatiesleutel: %s\n"
+
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "geen bruikbare kaartsleutel gevonden: %s\n"
+
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "verheimelijken van de sleutel is mislukt: %s\n"
+
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "fout bij het wegschrijven van de sleutel: %s\n"
+
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+"Een ssh-proces vroeg om het gebruik van sleutel%%0A %s%%0A (%s)%%0AWilt u "
+"dit toestaan?"
+
+msgid "Allow"
+msgstr "Toestaan"
+
+msgid "Deny"
+msgstr "Verbieden"
+
+#, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Voer de wachtwoordzin in voor de ssh-sleutel%%0A %F%%0A (%c)"
+
+msgid "Please re-enter this passphrase"
+msgstr "Gelieve deze wachtwoordzin nogmaals in te voeren"
+
+#, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A "
+"%s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Gelieve een wachtwoordzin in te voeren ter beveiliging van de verkregen "
+"geheime sleutel%%0A %s%%0A %s%%0Abinnen de sleutelopslagplaats van de "
+"gpg-agent"
+
+msgid "does not match - try again"
+msgstr "komt niet overeen - probeer opnieuw"
+
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "een gegevensstroom vanuit de socket doen ontstaan is mislukt: %s\n"
+
+msgid "Please insert the card with serial number"
+msgstr "Plaats de kaart met serienummer"
+
+msgid "Please remove the current card and insert the one with serial number"
+msgstr "Verwijder de huidige kaart en plaats die met serienummer"
+
+msgid "Admin PIN"
+msgstr "Pincode van de beheerder"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+msgid "PUK"
+msgstr "PUK-code"
+
+msgid "Reset Code"
+msgstr "Reset-Code"
+
+#, c-format
+msgid "%s%%0A%%0AUse the reader's pinpad for input."
+msgstr "%s%%0A%%0AGebruik het numeriek pad van de kaartlezer als input."
+
+msgid "Repeat this Reset Code"
+msgstr "Herhaal deze Reset-Code"
+
+msgid "Repeat this PUK"
+msgstr "Herhaal deze PUK-code"
+
+msgid "Repeat this PIN"
+msgstr "Herhaal deze pincode"
+
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Reset-Code was niet tweemaal hetzelfde; probeer opnieuw"
+
+msgid "PUK not correctly repeated; try again"
+msgstr "PUK-code was niet tweemaal hetzelfde; probeer opnieuw"
+
+msgid "PIN not correctly repeated; try again"
+msgstr "Pincode was niet tweemaal hetzelfde; probeer opnieuw"
+
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Gelieve de pincode%s%s%s in te voeren om de kaart te ontgrendelen"
+
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "fout bij het maken van een tijdelijk bestand: %s\n"
+
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "fout bij het schrijven naar het tijdelijk bestand: %s\n"
+
+msgid "Enter new passphrase"
+msgstr "Voer nieuwe wachtwoordzin in"
+
+msgid "Take this one anyway"
+msgstr "Die toch gebruiken"
+
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"Waarschuwing: u heeft een onveilige wachtwoordzin ingevoerd.%%0AEen "
+"wachtwoordzin moet minstens %u teken lang zijn."
+msgstr[1] ""
+"Waarschuwing: u heeft een onveilige wachtwoordzin ingevoerd.%%0AEen "
+"wachtwoordzin moet minstens %u tekens lang zijn."
+
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Waarschuwing: u heeft een onveilige wachtwoordzin ingevoerd.%%0AEen "
+"wachtwoordzin moet minstens %u cijfer of%%0A speciaal teken bevatten."
+msgstr[1] ""
+"Waarschuwing: u heeft een onveilige wachtwoordzin ingevoerd.%%0AEen "
+"wachtwoordzin moet minstens %u cijfers of%%0A speciale tekens bevatten."
+
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"Waarschuwing: u heeft een onveilige wachtwoordzin ingevoerd.%%0AEen "
+"wachtwoordzin mag geen bekende term zijn of overeenkomen met%%0A een bepaald "
+"patroon."
+
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+"U heeft geen wachtwoordzin ingevoerd!!%0AEen lege wachtwoordzin is niet "
+"toegestaan."
+
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"U heeft geen wachtwoordzin ingevoerd - dit is meestal en slecht idee!"
+"%0AGelieve te bevestigen dat u uw sleutel op geen enkele manier wenst te "
+"beveiligen."
+
+msgid "Yes, protection is not needed"
+msgstr "Ja, een beveiliging is onnodig"
+
+#, c-format
+msgid "Please enter the passphrase to%0Aprotect your new key"
+msgstr ""
+"Gelieve de wachtwoordzin in te voeren ter%0Abeveiliging van uw nieuwe sleutel"
+
+msgid "Please enter the new passphrase"
+msgstr "Gelieve de nieuwe wachtwoordzin in te voeren"
+
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Opties:\n"
+" "
+
+msgid "run in daemon mode (background)"
+msgstr "uitvoeren als achtergronddienst (daemon-modus)"
+
+msgid "run in server mode (foreground)"
+msgstr "uitvoeren in servermodus (voorgronddienst)"
+
+msgid "verbose"
+msgstr "gedetailleerd"
+
+msgid "be somewhat more quiet"
+msgstr "wees wat stiller"
+
+msgid "sh-style command output"
+msgstr "commando-uitvoer in sh-formaat"
+
+msgid "csh-style command output"
+msgstr "commando-uitvoer in csh-formaat"
+
+msgid "|FILE|read options from FILE"
+msgstr "|BESTAND|de opties inlezen vanuit BESTAND"
+
+msgid "do not detach from the console"
+msgstr "niet van de console loskoppelen"
+
+msgid "do not grab keyboard and mouse"
+msgstr "het toetsenbord en de muis niet kapen"
+
+msgid "use a log file for the server"
+msgstr "gebruik een logboekbestand voor de server"
+
+msgid "use a standard location for the socket"
+msgstr "gebruik een standaardlocatie voor de socket"
+
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PROG|PROG gebruiken als programma voor het invoeren van de pincode"
+
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PROG|PROG gebruiken als het programma voor de SC-achtergronddienst"
+
+msgid "do not use the SCdaemon"
+msgstr "gebruik de SC-achtergronddienst niet"
+
+msgid "ignore requests to change the TTY"
+msgstr "verzoeken om de TTY te wijzigen negeren"
+
+msgid "ignore requests to change the X display"
+msgstr "verzoeken om het grafisch beeldscherm te wijzigen negeren"
+
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|in de cache geladen pincodes laten verlopen na N seconden"
+
+msgid "do not use the PIN cache when signing"
+msgstr ""
+"maak bij het ondertekenen geen gebruik van het cachegeheugen met de pincodes"
+
+msgid "disallow clients to mark keys as \"trusted\""
+msgstr "clients niet toestaan om sleutels als \"betrouwbaar\" te markeren"
+
+msgid "allow presetting passphrase"
+msgstr "het vooraf instellen van de wachtwoordzin toestaan"
+
+msgid "enable ssh support"
+msgstr "ssh-ondersteuning mogelijk maken"
+
+msgid "enable putty support"
+msgstr "putty-ondersteuning mogelijk maken"
+
+msgid "disallow the use of an external password cache"
+msgstr "het gebruik van een externe wachtwoordcache niet toestaan"
+
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|BESTAND|schrijf omgevingsinstellingen ook weg naar BESTAND"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Gelieve fouten te signaleren aan <@EMAIL@>.\n"
+
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Gebruik: gpg-agent [opties] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"Syntaxis: gpg-agent [opties] [opdracht [argumenten]]\n"
+"Beheer van geheime sleutels van GnuPG\n"
+
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "ongeldig debug-niveau `%s' opgegeven\n"
+
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s is te oud (heb %s nodig, heb %s)\n"
+
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOOT: geen bestand `%s' met standaardopties\n"
+
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "optiebestand `%s': %s\n"
+
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "inlezen van opties uit `%s'\n"
+
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "fout bij het aanmaken van `%s': %s\n"
+
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "kan map `%s' niet maken: %s\n"
+
+msgid "name of socket too long\n"
+msgstr "socketnaam is te lang\n"
+
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "kan socket niet aanmaken: %s\n"
+
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "socketnaam `%s' is te lang\n"
+
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr ""
+"er is al een instantie van gpg-agent actief - er wordt geen nieuwe "
+"opgestart\n"
+
+msgid "error getting nonce for the socket\n"
+msgstr "fout bij het verkrijgen van nonce voor de socket\n"
+
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "fout bij de het verbinden van de socket met `%s': %s\n"
+
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "listen() is mislukt: %s\n"
+
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "er wordt geluisterd op socket `%s'\n"
+
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "map `%s' aangemaakt\n"
+
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "opvragen van status van `%s' mislukte: %s\n"
+
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "kan map `%s' niet gebruiken als thuismap\n"
+
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "fout bij het lezen van nonce op bestandsindicator %d: %s\n"
+
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "verwerker 0x%lx voor bestandsindicator %d werd gestart\n"
+
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "verwerker 0x%lx voor bestandsindicator %d werd beëindigd\n"
+
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "ssh-verwerker 0x%lx voor bestandsindicator %d werd gestart\n"
+
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "ssh-verwerker 0x%lx voor bestandsindicator %d werd beëindigd\n"
+
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select mislukte: %s - er wordt 1s gewacht\n"
+
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s gestopt\n"
+
+msgid "no gpg-agent running in this session\n"
+msgstr "er is geen instantie van gpg-agent actief tijdens deze sessie\n"
+
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "ongeldig formaat van de omgevingsvariabele GPG_AGENT_INFO\n"
+
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "protocolversie %d van gpg-agent wordt niet ondersteund\n"
+
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Gebruik: gpg-preset-passphrase [opties] SLEUTELHENDEL (-h voor hulp)\n"
+
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"Syntaxis: gpg-preset-passphrase [opties] SLEUTELHENDEL\n"
+"Onderhoud van de wachtwoordcache\n"
+
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Commando's:\n"
+" "
+
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opties:\n"
+" "
+
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Gebruik: gpg-protect-tool [opties] (-h voor hulp)\n"
+
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"Syntaxis: gpg-protect-tool [opties] [argumenten]\n"
+"Hulpmiddel voor het onderhoud van de geheime sleutels\n"
+
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr ""
+"Voer de wachtwoordzin in om de beveiliging van het PKCS#12-object op te "
+"heffen."
+
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Voer de wachtwoordzin in om het nieuwe PKCS#12-object te beveiligen."
+
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Voer de wachtwoordzin in om het in het GnuPG-systeem geïmporteerde object te "
+"beveiligen."
+
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Gelieve de wachtwoordzin of de pincode in te voeren\n"
+"dit is nodig om deze bewerking te voltooien."
+
+msgid "Passphrase:"
+msgstr "Wachtwoordzin:"
+
+msgid "cancelled\n"
+msgstr "geannuleerd\n"
+
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "fout bij het opvragen van de wachtwoordzin: %s\n"
+
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "fout bij het openen van `%s': %s\n"
+
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "bestand `%s', regel %d: %s\n"
+
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "instructie \"%s\" genegeerd in `%s', regel %d\n"
+
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "de lijst `%s' over systeembetrouwbaarheid is niet beschikbaar\n"
+
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "slechte vingerafdruk in `%s', regel %d\n"
+
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "ongeldige sleutelparameter in `%s', regel %d\n"
+
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "fout bij het lezen van `%s', regel %d: %s\n"
+
+msgid "error reading list of trusted root certificates\n"
+msgstr "fout bij het lezen van de lijst van vertrouwde stamcertificaten\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"Vertrouwt u er uiterst sterk op dat%%0A \"%s\"%%0Aop een correcte wijze "
+"gebruikerscertificaten certificeert?"
+
+msgid "Yes"
+msgstr "Ja"
+
+msgid "No"
+msgstr "Nee"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Gelieve te verifiëren of het certificaat dat geïdentificeerd werd als:%%0A "
+"\"%s\"%%0Avolgende vingerafdruk heeft:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+msgid "Correct"
+msgstr "Juist"
+
+msgid "Wrong"
+msgstr "Fout"
+
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+"Noot: Deze wachtwoordzin werd nog nooit gewijzigd.%0AGelieve hem nu te "
+"wijzigen."
+
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"Deze wachtwoordzin werd niet meer gewijzigd%%0Asinds %.4s-%.2s-%.2s. Gelieve "
+"hem nu te wijzigen."
+
+msgid "Change passphrase"
+msgstr "Wijzig de wachtwoordzin"
+
+msgid "I'll change it later"
+msgstr "Ik zal hem later wijzigen"
+
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "fout bij het maken van een pijp: %s\n"
+
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "kan de pijp met fdopen niet openen om eruit te lezen: %s\n"
+
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "fout bij het starten van een nieuw proces (fork): %s\n"
+
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "wachten op het einde van proces %d is mislukt: %s\n"
+
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "fout bij het opvragen van de afsluitcode van proces %d: %s\n"
+
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "fout bij het uitvoeren van `%s': afsluitstatus %d\n"
+
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "fout bij het uitvoeren van `%s': wellicht niet geïnstalleerd\n"
+
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "fout bij het uitvoeren van `%s': gestopt\n"
+
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "fout bij het maken van een socket: %s\n"
+
+msgid "host not found"
+msgstr "computer niet gevonden"
+
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent is niet beschikbaar tijdens deze sessie\n"
+
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "kan geen verbinding maken met `%s': %s\n"
+
+msgid "communication problem with gpg-agent\n"
+msgstr "probleem in de communicatie met gpg-agent\n"
+
+msgid "problem setting the gpg-agent options\n"
+msgstr "problemen bij het instellen van de opties voor gpg-agent\n"
+
+msgid "canceled by user\n"
+msgstr "afgebroken door de gebruiker\n"
+
+msgid "problem with the agent\n"
+msgstr "probleem met de agent\n"
+
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "het is niet mogelijk om core-dumps uit te schakelen: %s\n"
+
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Waarschuwing: onveilige eigendomsinstellingen op %s \"%s\"\n"
+
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Waarschuwing: onveilige toegangsrechten op %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "yes"
+msgstr "yes|ja"
+
+msgid "yY"
+msgstr "yYjJ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "no"
+msgstr "no|nee"
+
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "quit"
+msgstr "quit|stoppen"
+
+msgid "qQ"
+msgstr "qQsS"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "okay|okay"
+msgstr "okay|oké|ok|OK"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "cancel|cancel"
+msgstr "cancel|cancelen|annuleren"
+
+msgid "oO"
+msgstr "oO"
+
+msgid "cC"
+msgstr "cCaA"
+
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+"over de limiet van het beveiligde geheugen bij het reserveren van %lu bytes"
+
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "over de geheugenlimiet bij het reserveren van %lu bytes"
+
+msgid "no running gpg-agent - starting one\n"
+msgstr "er is geen instantie van gpg-agent actief - er wordt een gestart\n"
+
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr "er wordt %d seconden gewacht terwijl de agent opstart\n"
+
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+"kan geen verbinding krijgen met de agent - er wordt een noodoplossing "
+"geprobeerd\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+msgid "|audit-log-result|Good"
+msgstr "|audit-log-result|Goed"
+
+msgid "|audit-log-result|Bad"
+msgstr "|audit-log-result|Slecht"
+
+msgid "|audit-log-result|Not supported"
+msgstr "|audit-log-result|Niet ondersteund"
+
+msgid "|audit-log-result|No certificate"
+msgstr "|audit-log-result|Geen certificaat"
+
+msgid "|audit-log-result|Not enabled"
+msgstr "|audit-log-result|Niet geactiveerd"
+
+msgid "|audit-log-result|Error"
+msgstr "|audit-log-result|Fout"
+
+msgid "|audit-log-result|Not used"
+msgstr "|audit-log-result|Niet gebruikt"
+
+msgid "|audit-log-result|Okay"
+msgstr "|audit-log-result|Oké"
+
+msgid "|audit-log-result|Skipped"
+msgstr "|audit-log-result|Overgeslagen"
+
+msgid "|audit-log-result|Some"
+msgstr "|audit-log-result|Sommige"
+
+msgid "Certificate chain available"
+msgstr "Ketting van certificaten is beschikbaar"
+
+msgid "root certificate missing"
+msgstr "stamcertificaat ontbreekt"
+
+msgid "Data encryption succeeded"
+msgstr "Versleutelen van gegevens is geslaagd"
+
+msgid "Data available"
+msgstr "Er zijn gegevens beschikbaar"
+
+msgid "Session key created"
+msgstr "Sessiesleutel aangemaakt"
+
+#, c-format
+msgid "algorithm: %s"
+msgstr "algoritme: %s"
+
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "niet ondersteund algoritme: %s"
+
+msgid "seems to be not encrypted"
+msgstr "lijkt niet versleuteld te zijn"
+
+msgid "Number of recipients"
+msgstr "Aantal ontvangers"
+
+#, c-format
+msgid "Recipient %d"
+msgstr "Ontvanger %d"
+
+msgid "Data signing succeeded"
+msgstr "Gegevens ondertekenen is gelukt"
+
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr "algoritme voor het hashen van gegevens: %s"
+
+#, c-format
+msgid "Signer %d"
+msgstr "Ondertekenaar %d"
+
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr "algoritme voor het hashen van attributen: %s"
+
+msgid "Data decryption succeeded"
+msgstr "Gegevens versleutelen is gelukt"
+
+msgid "Encryption algorithm supported"
+msgstr "Versleutelingsalgoritme wordt ondersteund"
+
+msgid "Data verification succeeded"
+msgstr "Verificatie van gegevens is gelukt"
+
+msgid "Signature available"
+msgstr "Ondertekening is beschikbaar"
+
+msgid "Parsing data succeeded"
+msgstr "Gegevens ontleden is gelukt"
+
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "slecht algoritme voor het hashen van gegevens: %s"
+
+#, c-format
+msgid "Signature %d"
+msgstr "Handtekening %d"
+
+msgid "Certificate chain valid"
+msgstr "Ketting van certificaten is geldig"
+
+msgid "Root certificate trustworthy"
+msgstr "Stamcertificaat is betrouwbaar"
+
+msgid "no CRL found for certificate"
+msgstr "geen enkele lijst van intrekkingen gevonden voor het certificaat"
+
+msgid "the available CRL is too old"
+msgstr "de beschikbare lijst van intrekkingen is te oud"
+
+msgid "CRL/OCSP check of certificates"
+msgstr ""
+"Verificatie van de certificaten met de lijst van intrekkingen en met OCSP"
+
+msgid "Included certificates"
+msgstr "Ingesloten certificaten"
+
+msgid "No audit log entries."
+msgstr "Geen invoer in het auditlogboek."
+
+msgid "Unknown operation"
+msgstr "Onbekende bewerking"
+
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent kan gebruikt worden"
+
+msgid "Dirmngr usable"
+msgstr "Dirmngr kan gebruikt worden"
+
+#, c-format
+msgid "No help available for `%s'."
+msgstr "Geen hulp beschikbaar voor `%s'."
+
+msgid "ignoring garbage line"
+msgstr "regel met rommel wordt genegeerd"
+
+msgid "[none]"
+msgstr "[geen]"
+
+#, c-format
+msgid "armor: %s\n"
+msgstr "harnas: %s\n"
+
+msgid "invalid armor header: "
+msgstr "ongeldige harnas-intro: "
+
+msgid "armor header: "
+msgstr "harnas-intro: "
+
+msgid "invalid clearsig header\n"
+msgstr "ongeldige intro van de handtekening in klare tekst\n"
+
+msgid "unknown armor header: "
+msgstr "onbekende harnas-intro: "
+
+msgid "nested clear text signatures\n"
+msgstr "geneste ondertekeningen in klare tekst\n"
+
+msgid "unexpected armor: "
+msgstr "onverwacht harnas: "
+
+msgid "invalid dash escaped line: "
+msgstr "door liggend streepje afgeschermde regel is ongeldig: "
+
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "ongeldig radix64-teken %02X overgeslagen\n"
+
+msgid "premature eof (no CRC)\n"
+msgstr "voortijdig bestandseinde (eof) (geen CRC)\n"
+
+msgid "premature eof (in CRC)\n"
+msgstr "voortijdig bestandseinde (eof) (in CRC)\n"
+
+msgid "malformed CRC\n"
+msgstr "ongeldige CRC\n"
+
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC-fout; %06lX - %06lX\n"
+
+msgid "premature eof (in trailer)\n"
+msgstr "voortijdig bestandseinde (eof) (in de epiloog)\n"
+
+msgid "error in trailer line\n"
+msgstr "fout in epiloogregel\n"
+
+msgid "no valid OpenPGP data found.\n"
+msgstr "geen geldige OpenPGP-gegevens gevonden.\n"
+
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "ongeldig harnas: de regel is langer dan %d tekens\n"
+
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"harnas bevat een 'quoted printable'-teken - wellicht werd een defecte MTA "
+"(mail-server) gebruikt\n"
+
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"een notatiebenaming mag enkel afdrukbare tekens of spaties bevatten, en moet "
+"eindigen met een '='-teken\n"
+
+msgid "a user notation name must contain the '@' character\n"
+msgstr "een notatiebenaming voor een gebruiker moet het teken '@' bevatten\n"
+
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr ""
+"een notatiebenaming mag niet meer dan een keer het teken '@' bevatten\n"
+
+msgid "a notation value must not use any control characters\n"
+msgstr "een notatiewaarde mag geen enkel controleteken bevatten\n"
+
+msgid "WARNING: invalid notation data found\n"
+msgstr "WAARSCHUWING: ongeldige notatiegegevens gevonden\n"
+
+msgid "not human readable"
+msgstr "niet leesbaar door de gebruiker"
+
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP-kaart is niet beschikbaar: %s\n"
+
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "OpenPGP-kaartnummer %s gevonden\n"
+
+msgid "can't do this in batch mode\n"
+msgstr "dit is niet mogelijk in automatische modus\n"
+
+msgid "This command is only available for version 2 cards\n"
+msgstr "Dit commando is enkel beschikbaar voor kaarten van versie 2\n"
+
+msgid "Reset Code not or not anymore available\n"
+msgstr "Reset-Code niet of niet langer beschikbaar\n"
+
+msgid "Your selection? "
+msgstr "Uw keuze? "
+
+msgid "[not set]"
+msgstr "[niet ingesteld]"
+
+msgid "male"
+msgstr "man"
+
+msgid "female"
+msgstr "vrouw"
+
+msgid "unspecified"
+msgstr "niet gespecificeerd"
+
+msgid "not forced"
+msgstr "niet geforceerd"
+
+msgid "forced"
+msgstr "geforceerd"
+
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Fout: Alleen platte ASCII is momenteel toegestaan.\n"
+
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Fout: U mag het teken \"<\" niet gebruiken.\n"
+
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Fout: Dubbele spaties gebruiken is niet toegestaan.\n"
+
+msgid "Cardholder's surname: "
+msgstr "Achternaam van de kaarthouder: "
+
+msgid "Cardholder's given name: "
+msgstr "Voornaam van de kaarthouder: "
+
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Fout: Volledige naam is te lang (de limiet is %d tekens).\n"
+
+msgid "URL to retrieve public key: "
+msgstr "URL voor het ophalen van de publieke sleutel: "
+
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Fout: URL is te lang (de limiet is %d tekens).\n"
+
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "fout bij het reserveren van voldoende geheugen: %s\n"
+
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "fout bij het lezen van `%s': %s\n"
+
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr "fout bij het wegschrijven van `%s': %s\n"
+
+msgid "Login data (account name): "
+msgstr "Aanmeldgegevens (accountnaam): "
+
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Fout: Aanmeldgegevens zijn te lang (de limiet is %d tekens).\n"
+
+msgid "Private DO data: "
+msgstr "Geheime DO-gegevens: "
+
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Fout: Geheime DO is te lang (de limiet is %d tekens).\n"
+
+msgid "Language preferences: "
+msgstr "Taalvoorkeuren: "
+
+msgid "Error: invalid length of preference string.\n"
+msgstr "Fout: ongeldige lengte van de voorkeursinformatie.\n"
+
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Fout: ongeldige tekens in voorkeursinformatie.\n"
+
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Geslacht ((M)Man, (F)Vrouw of spatie): "
+
+msgid "Error: invalid response.\n"
+msgstr "Fout: ongeldig antwoord.\n"
+
+msgid "CA fingerprint: "
+msgstr "CA-vingerafdruk: "
+
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Fout: ongeldig opgemaakte vingerafdruk.\n"
+
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "sleutelbewerking is niet mogelijk: %s\n"
+
+msgid "not an OpenPGP card"
+msgstr "geen OpenPGP-kaart"
+
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "fout bij het ophalen van de gegevens van de huidige sleutel: %s\n"
+
+msgid "Replace existing key? (y/N) "
+msgstr "Bestaande sleutel vervangen? (j/N) "
+
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+"NOOT: Het kan niet gegarandeerd worden dat de kaart\n"
+" de gevraagde grootte ondersteunt.\n"
+" Indien het aanmaken van de sleutel niet lukt, moet u de documentatie\n"
+" bij uw kaart raadplegen om na te gaan welke groottes toegelaten zijn.\n"
+
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Welke sleutelgrootte wilt u voor de Ondertekeningssleutel? (%u) "
+
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Welke sleutelgrootte wilt u voor de Encryptiesleutel? (%u) "
+
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Welke sleutelgrootte wilt u voor de Authenticatiesleutel? (%u) "
+
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "afgerond naar %u bits\n"
+
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "%s sleutelgrootte moet vallen binnen het bereik %u-%u\n"
+
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+"De kaart zal nu opnieuw ingesteld worden om een sleutel van %u bits aan te "
+"maken\n"
+
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr ""
+"fout bij het veranderen van de grootte van sleutel %d naar %u bits: %s\n"
+
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Een externe reservekopie maken van de encryptiesleutel? (J/n) "
+
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "NOOT: sleutels worden al op de kaart bewaard!\n"
+
+msgid "Replace existing keys? (y/N) "
+msgstr "Bestaande sleutels vervangen? (j/N) "
+
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Gelieve te noteren dat de fabrieksinstellingen voor de pincodes de volgende "
+"zijn:\n"
+" pincode = `%s' Beheerderspincode = `%s'\n"
+"U wordt aangeraden deze te wijzigen met het commando --change-pin\n"
+
+msgid "Please select the type of key to generate:\n"
+msgstr "Selecteer het type sleutel dat aangemaakt moet worden:\n"
+
+msgid " (1) Signature key\n"
+msgstr " (1) Ondertekeningssleutel\n"
+
+msgid " (2) Encryption key\n"
+msgstr " (2) Encryptiesleutel\n"
+
+msgid " (3) Authentication key\n"
+msgstr " (3) Authenticatiesleutel\n"
+
+msgid "Invalid selection.\n"
+msgstr "Ongeldige keuze.\n"
+
+msgid "Please select where to store the key:\n"
+msgstr "Geef aan waar de sleutel moet opgeslagen worden:\n"
+
+msgid "unknown key protection algorithm\n"
+msgstr "onbekend sleutelbeveiligingsalgoritme\n"
+
+msgid "secret parts of key are not available\n"
+msgstr "geheime delen van de sleutel zijn niet beschikbaar\n"
+
+msgid "secret key already stored on a card\n"
+msgstr "geheime sleutel staat reeds op de kaart\n"
+
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr "fout bij het wegschrijven van de sleutel naar de kaart: %s\n"
+
+msgid "quit this menu"
+msgstr "dit menu verlaten"
+
+msgid "show admin commands"
+msgstr "toon beheerderscommando's"
+
+msgid "show this help"
+msgstr "toon deze hulp"
+
+msgid "list all available data"
+msgstr "toon alle beschikbare gegevens"
+
+msgid "change card holder's name"
+msgstr "verander de naam van de kaarthouder"
+
+msgid "change URL to retrieve key"
+msgstr "verander de URL waarvan de sleutel opgehaald moet worden"
+
+msgid "fetch the key specified in the card URL"
+msgstr "haal de sleutel op van de URL die op de kaart vermeld staat"
+
+msgid "change the login name"
+msgstr "verander de aanmeldnaam"
+
+msgid "change the language preferences"
+msgstr "verander de taalvoorkeuren"
+
+msgid "change card holder's sex"
+msgstr "verander het geslacht van de kaarthouder"
+
+msgid "change a CA fingerprint"
+msgstr "verander een CA-vingerafdruk"
+
+msgid "toggle the signature force PIN flag"
+msgstr ""
+"schakel de parameter die om een pincode vraagt bij het ondertekenen aan/uit"
+
+msgid "generate new keys"
+msgstr "maak nieuwe sleutels aan"
+
+msgid "menu to change or unblock the PIN"
+msgstr "menu voor het wijzigen of ontgrendelen van de pincode"
+
+msgid "verify the PIN and list all data"
+msgstr "controleer de pincode en toon alle gegevens"
+
+msgid "unblock the PIN using a Reset Code"
+msgstr "ontgrendel de pincode met behulp van een Reset-Code"
+
+msgid "gpg/card> "
+msgstr "gpg/kaart> "
+
+msgid "Admin-only command\n"
+msgstr "Enkel de beheerder kan dit commando uitvoeren\n"
+
+msgid "Admin commands are allowed\n"
+msgstr "Beheerderscommando's zijn toegestaan\n"
+
+msgid "Admin commands are not allowed\n"
+msgstr "Beheerderscommando's zijn niet toegestaan\n"
+
+msgid "Invalid command (try \"help\")\n"
+msgstr "Ongeldig commando (probeer \"help\")\n"
+
+msgid "--output doesn't work for this command\n"
+msgstr "--output werkt niet voor dit commando\n"
+
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "kan `%s' niet openen\n"
+
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "sleutel \"%s\" niet gevonden: %s\n"
+
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "fout tijdens het lezen van sleutelblok: %s\n"
+
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(tenzij u de sleutel via de vingerafdruk specificeert)\n"
+
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr ""
+"dit is onmogelijk in automatische modus zonder de parameter \"--yes\"\n"
+
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Deze sleutel uit de sleutelring verwijderen? (j/N) "
+
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Dit is een geheime sleutel! - echt verwijderen? (j/N) "
+
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "verwijderen van sleutelblok is mislukt: %s\n"
+
+msgid "ownertrust information cleared\n"
+msgstr "de betrouwbaarheidsgegevens werden gewist\n"
+
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "een geheime sleutel fungeert als publieke sleutel \"%s\"!\n"
+
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+"gebruik de optie \"--delete-secret-keys\" om hem eerst te verwijderen.\n"
+
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "fout bij het maken van de wachtwoordzin: %s\n"
+
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "kan geen symmetrisch ESK-pakket gebruiken omwille van de S2K-modus\n"
+
+#, c-format
+msgid "using cipher %s\n"
+msgstr "versleutelingsalgoritme %s wordt gebruikt\n"
+
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' is reeds gecomprimeerd\n"
+
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "WAARSCHUWING: `%s' is een leeg bestand\n"
+
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"U kunt enkel versleutelen naar RSA-sleutels van 2048 bits of minder in de "
+"modus --pgp2\n"
+
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "lezen van `%s'\n"
+
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"het is onmogelijk om het IDEA-versleutelingsalgoritme te gebruiken voor al "
+"de sleutels waarnaar u versleutelt.\n"
+
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"WAARSCHUWING: het dwingend opleggen van het symmetrisch "
+"versleutelingsalgoritme %s (%d) gaat in tegen de voorkeuren van de "
+"ontvanger\n"
+
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"WAARSCHUWING: het dwingend opleggen van het compressiealgoritme %s (%d) gaat "
+"in tegen de voorkeuren van de ontvanger\n"
+
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"het dwingend opleggen van het symmetrisch versleutelingsalgoritme %s (%d) "
+"gaat in tegen de voorkeuren van de ontvanger\n"
+
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "u mag %s niet gebruiken in de %s-modus\n"
+
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s versleuteld voor: \"%s\"\n"
+
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s versleutelde gegevens\n"
+
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "versleuteld met onbekend algoritme %d\n"
+
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"WAARSCHUWING: het bericht is versleuteld met een zwakke sleutel in het "
+"symmetrische versleutelingsalgoritme.\n"
+
+msgid "problem handling encrypted packet\n"
+msgstr "probleem met het verwerken van het versleutelde pakket\n"
+
+msgid "no remote program execution supported\n"
+msgstr "het uitvoeren van externe programma's wordt niet ondersteund\n"
+
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"het aanroepen van externe programma's is uitgeschakeld omdat de "
+"toegangsrechten van het optiebestand onveilig zijn\n"
+
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"dit platform heeft tijdelijke bestanden nodig bij het aanroepen van externe "
+"programma's\n"
+
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "kan programma `%s' niet uitvoeren: %s\n"
+
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "kan shell `%s' niet uitvoeren: %s\n"
+
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systeemfout bij het aanroepen van een extern programma: %s\n"
+
+msgid "unnatural exit of external program\n"
+msgstr "onnatuurlijk einde van het externe programma\n"
+
+msgid "unable to execute external program\n"
+msgstr "niet in staat om het externe programma uit te voeren\n"
+
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "niet in staat om het antwoord van het externe programma te lezen: %s\n"
+
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+"WAARSCHUWING: tijdelijk bestand (%s) `%s' kan niet verwijderd worden: %s\n"
+
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "WAARSCHUWING: tijdelijke map `%s' kan niet verwijderd worden: %s\n"
+
+msgid "export signatures that are marked as local-only"
+msgstr "exporteer handtekeningen die gemarkeerd staan als uitsluitend lokaal"
+
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+"exporteer identiteitsattributen van gebruikers (meestal identiteitsfoto's)"
+
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "exporteer intrekkingssleutels die als \"gevoelig\" gemarkeerd zijn"
+
+msgid "remove the passphrase from exported subkeys"
+msgstr "verwijder de wachtwoordzin van de geëxporteerde subsleutels"
+
+msgid "remove unusable parts from key during export"
+msgstr "verwijder de onbruikbare delen van de sleutel tijdens het exporteren"
+
+msgid "remove as much as possible from key during export"
+msgstr "verwijder zo veel mogelijk van de sleutel tijdens het exporteren"
+
+msgid "export keys in an S-expression based format"
+msgstr "exporteer sleutels in een formaat gebaseerd op een S-expressie"
+
+msgid "exporting secret keys not allowed\n"
+msgstr "het exporteren van geheime sleutels is niet toegestaan\n"
+
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "sleutel %s: niet beveiligd - overgeslagen\n"
+
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "sleutel %s: sleutel van het type PGP 2.x - overgeslagen\n"
+
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "sleutel %s: sleutelmateriaal op kaart - overgeslagen\n"
+
+msgid "about to export an unprotected subkey\n"
+msgstr "sta op het punt om een onbeveiligde subsleutel te exporteren\n"
+
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "wegnemen van de beveiliging van de subsleutel is mislukt: %s\n"
+
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+"WAARSCHUWING: geheime sleutel %s heeft geen eenvoudige SK-controlesom\n"
+
+msgid "WARNING: nothing exported\n"
+msgstr "WAARSCHUWING: er werd niets geëxporteerd\n"
+
+msgid "too many entries in pk cache - disabled\n"
+msgstr "te veel regels in de pk-cache - gedeactiveerd\n"
+
+msgid "[User ID not found]"
+msgstr "[Gebruikers-ID niet gevonden]"
+
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "sleutel %s: geheime sleutel zonder publieke sleutel - overgeslagen\n"
+
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "`%s' automatisch opgehaald via %s\n"
+
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "fout bij het ophalen van `%s' via %s: %s\n"
+
+msgid "No fingerprint"
+msgstr "Geen vingerafdruk"
+
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Ongeldige sleutel %s is geldig gemaakt met --allow-non-selfsigned-uid\n"
+
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "geen geheime subsleutel voor publieke subsleutel %s - overgeslagen\n"
+
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "subsleutel %s wordt gebruikt in plaats van primaire sleutel %s\n"
+
+msgid "make a signature"
+msgstr "maak een ondertekening"
+
+msgid "make a clear text signature"
+msgstr "maak een ondertekening in klare tekst"
+
+msgid "make a detached signature"
+msgstr "maak een ontkoppelde ondertekening"
+
+msgid "encrypt data"
+msgstr "versleutel gegevens"
+
+msgid "encryption only with symmetric cipher"
+msgstr "enkel versleutelen met het symmetrisch versleutelingsalgoritme"
+
+msgid "decrypt data (default)"
+msgstr "ontcijfer gegevens (standaard)"
+
+msgid "verify a signature"
+msgstr "controleer een ondertekening"
+
+msgid "list keys"
+msgstr "toon sleutels"
+
+msgid "list keys and signatures"
+msgstr "toon sleutels en ondertekeningen"
+
+msgid "list and check key signatures"
+msgstr "toon en controleer sleutelondertekeningen"
+
+msgid "list keys and fingerprints"
+msgstr "toon sleutels en vingerafdrukken"
+
+msgid "list secret keys"
+msgstr "toon geheime sleutels"
+
+msgid "generate a new key pair"
+msgstr "maak een nieuw sleutelpaar aan"
+
+msgid "generate a revocation certificate"
+msgstr "maak een intrekkingscertificaat aan"
+
+msgid "remove keys from the public keyring"
+msgstr "verwijder sleutels uit de publieke sleutelring"
+
+msgid "remove keys from the secret keyring"
+msgstr "verwijder sleutels uit de geheime sleutelring"
+
+msgid "sign a key"
+msgstr "onderteken een sleutel"
+
+msgid "sign a key locally"
+msgstr "onderteken een sleutel lokaal"
+
+msgid "sign or edit a key"
+msgstr "onderteken of bewerk een sleutel"
+
+msgid "change a passphrase"
+msgstr "wijzig een wachtwoordzin"
+
+msgid "export keys"
+msgstr "exporteer sleutels"
+
+msgid "export keys to a keyserver"
+msgstr "exporteer sleutels naar een sleutelserver"
+
+msgid "import keys from a keyserver"
+msgstr "importeer sleutels van een sleutelserver"
+
+msgid "search for keys on a keyserver"
+msgstr "zoek naar sleutels op een sleutelserver"
+
+msgid "update all keys from a keyserver"
+msgstr "alle sleutels bijwerken vanaf een sleutelserver"
+
+msgid "import/merge keys"
+msgstr "sleutels importeren/samenvoegen"
+
+msgid "print the card status"
+msgstr "toon de kaartstatus"
+
+msgid "change data on a card"
+msgstr "wijzig gegevens op een kaart"
+
+msgid "change a card's PIN"
+msgstr "wijzig de pincode van een kaart"
+
+msgid "update the trust database"
+msgstr "werk de database met betrouwbaarheidsinformatie bij"
+
+msgid "print message digests"
+msgstr "toon de hash-waarden van het bericht"
+
+msgid "run in server mode"
+msgstr "in servermodus uitvoeren"
+
+msgid "create ascii armored output"
+msgstr "creëer uitvoer in ascii-harnas"
+
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|GEBRUIKERS-ID|versleutel voor GEBRUIKERS-ID"
+
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+"|GEBRUIKERS-ID|gebruik deze GEBRUIKERS-ID om te ondertekenen of te "
+"ontcijferen"
+
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|stel compressieniveau N in (0 voor geen)"
+
+msgid "use canonical text mode"
+msgstr "gebruik de gebruikelijke tekstmodus"
+
+msgid "|FILE|write output to FILE"
+msgstr "|BESTAND|schrijf uitvoer weg naar BESTAND"
+
+msgid "do not make any changes"
+msgstr "maak geen wijzigingen"
+
+msgid "prompt before overwriting"
+msgstr "niet overschrijven zonder te vragen"
+
+msgid "use strict OpenPGP behavior"
+msgstr "strikt OpenPGP-gedrag toepassen"
+
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(zie de man-pagina voor een complete lijst van alle commando's en opties)\n"
+
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clear-sign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Voorbeelden:\n"
+"\n"
+" -se -r Bob [bestand] onderteken en versleutel voor gebruiker Bob\n"
+" --clear-sign [bestand] maak een ondertekening in klare tekst\n"
+" --detach-sign [bestand] maak een ontkoppelde ondertekening\n"
+" --list-keys [namen] toon sleutels\n"
+" --fingerprint [namen] toon vingerafdrukken\n"
+
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Gebruik: gpg [opties] [bestanden] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"Sign, check, encrypt or decrypt\n"
+"Default operation depends on the input data\n"
+msgstr ""
+"Syntaxis: gpg [opties] [bestanden]\n"
+"Onderteken, controleer, versleutel of ontcijfer\n"
+"Standaardactie is afhankelijk van de gegevensinvoer\n"
+
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Ondersteunde algoritmes:\n"
+
+msgid "Pubkey: "
+msgstr "Publieke sleutel: "
+
+msgid "Cipher: "
+msgstr "Versleutelingsalgoritme: "
+
+msgid "Hash: "
+msgstr "Hashalgoritme: "
+
+msgid "Compression: "
+msgstr "Compressiealgoritme: "
+
+msgid "usage: gpg [options] "
+msgstr "gebruik: gpg [opties] "
+
+msgid "conflicting commands\n"
+msgstr "conflicterende commando's\n"
+
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "geen '='-teken gevonden in de groepsdefinitie `%s'\n"
+
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "WAARSCHUWING: onveilige eigendomsinstellingen van thuismap `%s'\n"
+
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr ""
+"WAARSCHUWING: onveilige eigendomsinstellingen van configuratiebestand `%s'\n"
+
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "WAARSCHUWING: onveilige eigendomsinstellingen van uitbreiding ‘%s’\n"
+
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "WAARSCHUWING: toegangsrechten van thuismap `%s' zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr ""
+"WAARSCHUWING: toegangsrechten van configuratiebestand `%s' zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "WAARSCHUWING: toegangsrechten van uitbreiding ‘%s’ zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"WAARSCHUWING: de eigendomsinstellingen van de map waarin de thuismap `%s' "
+"zich bevindt, zijn onveilig\n"
+
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"WAARSCHUWING: de eigendomsinstellingen van de map waarin configuratiebestand "
+"`%s' zich bevindt, zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"WAARSCHUWING: de eigendomsinstellingen van de map waarin uitbreiding `%s' "
+"zich bevindt, zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"WAARSCHUWING: de toegangsrechten van de map waarin de thuismap `%s' zich "
+"bevindt, zijn onveilig\n"
+
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"WAARSCHUWING: de toegangsrechten van de map waarin configuratiebestand `%s' "
+"zich bevindt, zijn onveilig\n"
+
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"WAARSCHUWING: de toegangsrechten van de map waarin uitbreiding `%s' zich "
+"bevindt, zijn onveilig\n"
+
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "onbekend configuratie-item `%s'\n"
+
+msgid "display photo IDs during key listings"
+msgstr "toon identiteitsfoto's bij de lijst van sleutels"
+
+msgid "show policy URLs during signature listings"
+msgstr "toon richtlijn-URL's bij de lijst van handtekeningen"
+
+msgid "show all notations during signature listings"
+msgstr "toon alle notaties bij het weergeven van de lijst van handtekeningen"
+
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+"toon IETF-standaardnotaties bij het weergeven van de lijst van handtekeningen"
+
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+"toon door de gebruiker gemaakte notaties bij het weergeven van de lijst van "
+"handtekeningen"
+
+msgid "show preferred keyserver URLs during signature listings"
+msgstr ""
+"toon de URL van de voorkeurssleutelserver bij de lijst van handtekeningen"
+
+msgid "show user ID validity during key listings"
+msgstr "toon de geldigheid van de gebruikers-ID bij de lijst van sleutels"
+
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+"toon de ingetrokken en verlopen gebruikers-ID's bij de lijst van sleutels"
+
+msgid "show revoked and expired subkeys in key listings"
+msgstr "toon de ingetrokken en vervallen subsleutels bij de lijst van sleutels"
+
+msgid "show the keyring name in key listings"
+msgstr "toon de naam van de sleutelring bij de lijst van sleutels"
+
+msgid "show expiration dates during signature listings"
+msgstr "toon de vervaldata bij de lijst van handtekeningen"
+
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOOT: oud bestand `%s' met standaardopties werd genegeerd\n"
+
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libgcrypt is te oud (heb %s nodig, heb %s)\n"
+
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOOT: %s is niet bedoeld voor normaal gebruik!\n"
+
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "`%s' is geen geldige vervaldatum voor handtekeningen\n"
+
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "`%s' is geen geldige tekenset\n"
+
+msgid "could not parse keyserver URL\n"
+msgstr "kon de URL van de sleutelserver niet ontleden\n"
+
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: ongeldige sleutelserveropties\n"
+
+msgid "invalid keyserver options\n"
+msgstr "ongeldige sleutelserveropties\n"
+
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: ongeldige importopties\n"
+
+msgid "invalid import options\n"
+msgstr "ongeldige importopties\n"
+
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: ongeldige exportopties\n"
+
+msgid "invalid export options\n"
+msgstr "ongeldige exportopties\n"
+
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: ongeldige lijstopties\n"
+
+msgid "invalid list options\n"
+msgstr "ongeldige lijstopties\n"
+
+msgid "display photo IDs during signature verification"
+msgstr "toon identiteitsfoto's bij het controleren van de handtekening"
+
+msgid "show policy URLs during signature verification"
+msgstr "toon richtlijn-URL's bij het controleren van de handtekening"
+
+msgid "show all notations during signature verification"
+msgstr "toon alle notaties bij het controleren van de handtekening"
+
+msgid "show IETF standard notations during signature verification"
+msgstr "toon IETF-standaardnotaties bij het controleren van de handtekening"
+
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+"toon door de gebruiker gemaakte notaties bij het controleren van de "
+"handtekening"
+
+msgid "show preferred keyserver URLs during signature verification"
+msgstr ""
+"toon de URL van de voorkeurssleutelserver bij het controleren van de "
+"handtekening"
+
+msgid "show user ID validity during signature verification"
+msgstr ""
+"toon de geldigheid van de gebruikers-ID bij het controleren van de "
+"handtekening"
+
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+"toon de ingetrokken en vervallen gebruikers-ID's bij het controleren van de "
+"handtekening"
+
+msgid "show only the primary user ID in signature verification"
+msgstr ""
+"toon enkel de primaire gebruikers-ID bij het controleren van de handtekening"
+
+msgid "validate signatures with PKA data"
+msgstr "valideer ondertekeningen met PKA-gegevens"
+
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+"verhoog de betrouwbaarheid van ondertekeningen met geldige PKA-gegevens"
+
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: ongeldige verificatieopties\n"
+
+msgid "invalid verify options\n"
+msgstr "ongeldige verificatieopties\n"
+
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "kon het pad naar het programma %s niet instellen\n"
+
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: lijst voor het automatisch opzoeken van sleutels is ongeldig\n"
+
+msgid "invalid auto-key-locate list\n"
+msgstr "lijst voor het automatisch opzoeken van sleutels is ongeldig\n"
+
+msgid "WARNING: program may create a core file!\n"
+msgstr "WAARSCHUWING: het programma zou een core-dump-bestand kunnen maken!\n"
+
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "WAARSCHUWING: %s heeft voorrang op %s\n"
+
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s mag niet gebruikt worden met %s!\n"
+
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s is zinloos in combinatie met %s!\n"
+
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "zal met onveilig geheugen niet werken wegens %s\n"
+
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"enkel ontkoppelde ondertekeningen of handtekeningen in klare tekst zijn "
+"mogelijk in de modus --pgp2\n"
+
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "u kunt miet tegelijk ondertekenen en versleutelen in de modus --pgp2\n"
+
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "u moet bestanden (en geen pipe) gebruiken in de modus --pgp2.\n"
+
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+"om een bericht te versleutelen in de modus --pgp2 is het IDEA-"
+"versleutelingsalgoritme nodig\n"
+
+msgid "selected cipher algorithm is invalid\n"
+msgstr "ongeldig versleutelingsalgoritme gekozen\n"
+
+msgid "selected digest algorithm is invalid\n"
+msgstr "ongeldig hashalgoritme gekozen\n"
+
+msgid "selected compression algorithm is invalid\n"
+msgstr "ongeldig compressiealgoritme gekozen\n"
+
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "het gekozen hashalgoritme voor certificatie is ongeldig\n"
+
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed moet groter zijn dan 0\n"
+
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed moet groter zijn dan 1\n"
+
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth moet liggen tussen 1 en 255\n"
+
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "ongeldig default-cert-level; moet 0, 1, 2 of 3 zijn\n"
+
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "ongeldig min-cert-level; moet 1, 2 of 3 zijn\n"
+
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOOT: eenvoudige S2K-modus (0) wordt sterk afgeraden\n"
+
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "ongeldige S2K-modus; moet 0, 1 of 3 zijn\n"
+
+msgid "invalid default preferences\n"
+msgstr "ongeldige standaardvoorkeuren\n"
+
+msgid "invalid personal cipher preferences\n"
+msgstr "ongeldige voorkeuren in het persoonlijk versleutelingsalgoritme\n"
+
+msgid "invalid personal digest preferences\n"
+msgstr "ongeldige voorkeuren in het persoonlijk hashalgoritme\n"
+
+msgid "invalid personal compress preferences\n"
+msgstr "ongeldige voorkeuren in het persoonlijk compressiealgoritme\n"
+
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s werkt nog niet met %s\n"
+
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "u mag versleutelingsalgoritme `%s' niet gebruiken in %s-modus\n"
+
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "u mag hashalgoritme `%s' niet gebruiken in %s-modus\n"
+
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "u mag compressiealgoritme `%s' niet gebruiken in %s-modus\n"
+
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr ""
+"initialiseren van de TrustDB (database van vertrouwen) is mislukt: %s\n"
+
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"WAARSCHUWING: er werden ontvangers (-r) opgegeven zonder dat versleuteling "
+"met een publieke sleutel toegepast wordt\n"
+
+msgid "--store [filename]"
+msgstr "--store [bestandsnaam]"
+
+msgid "--symmetric [filename]"
+msgstr "--symmetric [bestandsnaam]"
+
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "symmetrische versleuteling van `%s' is mislukt: %s\n"
+
+msgid "--encrypt [filename]"
+msgstr "--encrypt [bestandsnaam]"
+
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [bestandsnaam]"
+
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "u kunt --symmetric --encrypt niet gebruiken samen met --s2k-mode 0\n"
+
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "u kunt --symmetric --encrypt niet in %s-modus gebruiken\n"
+
+msgid "--sign [filename]"
+msgstr "--sign [bestandsnaam]"
+
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [bestandsnaam]"
+
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [bestandsnaam]"
+
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+"u kunt --symmetric --sign --encrypt niet gebruiken samen met --s2k-mode 0\n"
+
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "u kunt --symmetric --sign --encrypt niet in %s-modus gebruiken\n"
+
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [bestandsnaam]"
+
+msgid "--clear-sign [filename]"
+msgstr "--clear-sign [bestandsnaam]"
+
+msgid "--decrypt [filename]"
+msgstr "--decrypt [bestandsnaam]"
+
+msgid "--sign-key user-id"
+msgstr "--sign-key gebruikers-id"
+
+msgid "--lsign-key user-id"
+msgstr "--lsign-key gebruikers-id"
+
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key gebruikers-id [commando's]"
+
+msgid "--passwd <user-id>"
+msgstr "--passwd <gebruikers-id>"
+
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "verzenden naar sleutelserver is mislukt: %s\n"
+
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "opvragen vanaf sleutelserver is mislukt: %s\n"
+
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "sleutel exporteren is mislukt: %s\n"
+
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "opzoeking op sleutelserver is mislukt: %s\n"
+
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "verversen vanaf sleutelserver is mislukt: %s\n"
+
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "ontmantelen van harnas is mislukt: %s\n"
+
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "opbouwen van harnas is mislukt: %s\n"
+
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "ongeldig hashalgoritme `%s'\n"
+
+msgid "[filename]"
+msgstr "[bestandsnaam]"
+
+msgid "Go ahead and type your message ...\n"
+msgstr "U kunt uw bericht typen ...\n"
+
+msgid "the given certification policy URL is invalid\n"
+msgstr "de opgegeven URL voor certificeringsrichtlijnen is ongeldig\n"
+
+msgid "the given signature policy URL is invalid\n"
+msgstr "de opgegeven URL voor ondertekeningsrichtlijnen is ongeldig\n"
+
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "de opgegeven URL voor de voorkeurssleutelserver is ongeldig\n"
+
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|BESTAND|gebruik de sleutels van de sleutelring BESTAND"
+
+msgid "make timestamp conflicts only a warning"
+msgstr "maak dateringsconflicten slechts een waarschuwing waard"
+
+msgid "|FD|write status info to this FD"
+msgstr "|FD|schrijf statusinformatie naar deze bestandsindicator (FD)"
+
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Gebruik: gpgv [opties] [bestanden] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Syntaxis: gpg [opties] [bestanden]\n"
+"Controleer ondertekeningen via gekende en vertrouwde sleutels\n"
+
+msgid "No help available"
+msgstr "Geen hulp beschikbaar"
+
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Geen hulp beschikbaar voor `%s'"
+
+msgid "import signatures that are marked as local-only"
+msgstr "importeer handtekeningen die als uitsluitend lokaal zijn gemarkeerd"
+
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+"herstel beschadigingen die ontstaan zijn bij het importeren vanuit de pks-"
+"sleutelserver"
+
+msgid "do not clear the ownertrust values during import"
+msgstr ""
+"zet de waarden in verband met betrouwbaarheid bij het importeren niet op nul"
+
+msgid "do not update the trustdb after import"
+msgstr "werk de betrouwbaarheidsdatabank (trustdb) niet bij na het importeren"
+
+msgid "create a public key when importing a secret key"
+msgstr ""
+"maak een publieke sleutel aan bij het importeren van een geheime sleutel"
+
+msgid "only accept updates to existing keys"
+msgstr "accepteer alleen het bijwerken van bestaande sleutels"
+
+msgid "remove unusable parts from key after import"
+msgstr "verwijder onbruikbare delen van de sleutel na het importeren"
+
+msgid "remove as much as possible from key after import"
+msgstr "verwijder zo veel mogelijk van de sleutel na het importeren"
+
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "blok van het type %d wordt overgeslagen\n"
+
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu sleutels verwerkt tot dusver\n"
+
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr " Totaal aantal verwerkt: %lu\n"
+
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " overgeslagen nieuwe sleutels: %lu\n"
+
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " zonder gebruikers-ID: %lu\n"
+
+#, c-format
+msgid " imported: %lu"
+msgstr " geïmporteerd: %lu"
+
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " onveranderd: %lu\n"
+
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nieuwe gebruikers-ID's: %lu\n"
+
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nieuwe subsleutels: %lu\n"
+
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nieuwe handtekeningen: %lu\n"
+
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr "nieuwe intrekkingen van sleutels: %lu\n"
+
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " gelezen geheime sleutels: %lu\n"
+
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " geïmporteerde geheime sleutels: %lu\n"
+
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " ongewijzigde geheime sleutels: %lu\n"
+
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " niet geïmporteerd: %lu\n"
+
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " opgeschoonde handtekeningen: %lu\n"
+
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " opgeschoonde gebruikers-ID's: %lu\n"
+
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"WAARSCHUWING: sleutel %s bevat voorkeuren voor niet-beschikbare\n"
+"algoritmes bij deze gebruikers-ID's:\n"
+
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": voorkeur voor versleutelingsalgoritme %s\n"
+
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": voorkeur voor hashalgoritme %s\n"
+
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " \"%s\": voorkeur voor compressiealgoritme %s\n"
+
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "we raden u sterk aan om uw voorkeuren aan te passen en\n"
+
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"om deze sleutel opnieuw te distribueren om mogelijke problemen met niet-"
+"overeenstemmende algoritmes te voorkomen\n"
+
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr "u kunt uw voorkeuren bijwerken met: gpg --edit-key %s updpref save\n"
+
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "sleutel %s: geen gebruikers-ID\n"
+
+#, c-format
+msgid "key %s: %s\n"
+msgstr "sleutel %s: %s\n"
+
+msgid "rejected by import filter"
+msgstr "verworpen door de importfilter"
+
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "sleutel %s: beschadigingen in PKS-subsleutel hersteld\n"
+
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "sleutel %s: niet auto-gesigneerde gebruikers-ID \"%s\" aanvaard\n"
+
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "sleutel %s: geen geldige gebruikers-ID's\n"
+
+msgid "this may be caused by a missing self-signature\n"
+msgstr ""
+"dit kan veroorzaakt worden door het ontbreken van een eigen ondertekening\n"
+
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "sleutel %s: publieke sleutel niet gevonden: %s\n"
+
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "sleutel %s: nieuwe sleutel - overgeslagen\n"
+
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "geen sleutelring gevonden waarnaartoe geschreven kan worden: %s\n"
+
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "aan het schrijven naar `%s'\n"
+
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "fout bij het schrijven naar sleutelring `%s': %s\n"
+
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "sleutel %s: publieke sleutel \"%s\" geïmporteerd\n"
+
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "sleutel %s: stemt niet overeen met onze kopie\n"
+
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "sleutel %s: kan het originele sleutelblok niet vinden: %s\n"
+
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "sleutel %s: kan het originele sleutelblok niet lezen: %s\n"
+
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "sleutel %s: \"%s\" 1 nieuwe gebruikers-ID\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "sleutel %s: \"%s\" %d nieuwe gebruikers-ID's\n"
+
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "sleutel %s: \"%s\" 1 nieuwe ondertekening\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "sleutel %s: \"%s\" %d nieuwe ondertekeningen\n"
+
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "sleutel %s: \"%s\" 1 nieuwe subsleutel\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "sleutel %s: \"%s\" %d nieuwe subsleutels\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "sleutel %s: \"%s\" %d ondertekening opgeschoond\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "sleutel %s: \"%s\" %d ondertekeningen opgeschoond\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "sleutel %s: \"%s\" %d gebruikers-ID opgeschoond\n"
+
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "sleutel %s: \"%s\" %d gebruikers-ID's opgeschoond\n"
+
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "sleutel %s: \"%s\" niet veranderd\n"
+
+#, c-format
+msgid "secret key %s: %s\n"
+msgstr "geheime sleutel %s: %s\n"
+
+msgid "importing secret keys not allowed\n"
+msgstr "importeren van geheime sleutels is niet toegestaan\n"
+
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr ""
+"sleutel %s: geheime sleutel met ongeldig versleutelingsalgoritme %d - "
+"overgeslagen\n"
+
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "geen standaardsleutelring voor geheime sleutels: %s\n"
+
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "sleutel %s: geheime sleutel geïmporteerd\n"
+
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "sleutel %s: reeds in sleutelring van geheime sleutels\n"
+
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "sleutel %s: geheime sleutel niet gevonden: %s\n"
+
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"sleutel %s: geen publieke sleutel - kan intrekkingscertificaat niet "
+"toepassen\n"
+
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "sleutel %s: ongeldig intrekkingscertificaat: %s - afgewezen\n"
+
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "sleutel %s: \"%s\" intrekkingscertificaat geïmporteerd\n"
+
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "sleutel %s: geen gebruikers-ID voor ondertekening\n"
+
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"sleutel %s: niet ondersteund publieke-sleutelalgoritme voor gebruikers-ID "
+"\"%s\"\n"
+
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "sleutel %s: ongeldige eigen ondertekening bij gebruikers-ID \"%s\"\n"
+
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "sleutel %s: niet ondersteund publieke-sleutelalgoritme\n"
+
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "sleutel %s: ongeldige rechtstreekse ondertekening van de sleutel\n"
+
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "sleutel %s: geen subsleutel voor de koppeling met de sleutel\n"
+
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "sleutel %s: ongeldige koppeling met de subsleutel\n"
+
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "sleutel %s: meervoudige koppeling met de subsleutel verwijderd\n"
+
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "sleutel %s: geen subsleutel voor het intrekken van de sleutel\n"
+
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "sleutel %s: ongeldige intrekking van subsleutel\n"
+
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "sleutel %s: meervoudige intrekking van de subsleutel verwijderd\n"
+
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "sleutel %s: gebruikers-ID \"%s\" overgeslagen\n"
+
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "sleutel %s: subsleutel overgeslagen\n"
+
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr ""
+"sleutel %s: ondertekening (klasse 0x%02X) kan niet geëxporteerd worden - "
+"overgeslagen\n"
+
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "sleutel %s: intrekkingscertificaat op verkeerde plek - overgeslagen\n"
+
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "sleutel %s: ongeldig intrekkingscertificaat: %s - overgeslagen\n"
+
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr ""
+"sleutel %s: ondertekening van subsleutel op de verkeerde plek - "
+"overgeslagen\n"
+
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "sleutel %s: onverwachte ondertekening klasse (0x%02X) - overgeslagen\n"
+
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "sleutel %s: duplicaat van gebruikers-ID gevonden - samengevoegd\n"
+
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"WAARSCHUWING: sleutel %s kan ingetrokken zijn: ophalen intrekkingssleutel "
+"%s\n"
+
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"WAARSCHUWING: sleutel %s kan ingetrokken zijn: intrekkingssleutel %s niet "
+"aanwezig.\n"
+
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "sleutel %s: \"%s\" intrekkingscertificaat toegevoegd\n"
+
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "sleutel %s: directe ondertekening van de sleutel toegevoegd\n"
+
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+"NOOT: een serienummer van een sleutel stemt niet overeen met die van de "
+"kaart\n"
+
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "NOOT: primaire sleutel is online en opgeslagen op de kaart\n"
+
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "NOOT: secundaire sleutel is online en opgeslagen op de kaart\n"
+
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "fout bij het aanmaken van de sleutelring `%s': %s\n"
+
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "sleutelring `%s' is aangemaakt\n"
+
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "bron van de sleutelblok `%s': %s\n"
+
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "de cache van de sleutelring opnieuw bouwen is mislukt: %s\n"
+
+msgid "[revocation]"
+msgstr "[intrekking]"
+
+msgid "[self-signature]"
+msgstr "[eigen ondertekening]"
+
+msgid "1 bad signature\n"
+msgstr "1 slechte ondertekening\n"
+
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d slechte ondertekeningen\n"
+
+msgid "1 signature not checked due to a missing key\n"
+msgstr ""
+"1 ondertekening werd niet gecontroleerd wegens een ontbrekende sleutel\n"
+
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr ""
+"%d ondertekeningen werden niet gecontroleerd wegens ontbrekende sleutels\n"
+
+msgid "1 signature not checked due to an error\n"
+msgstr "1 ondertekening werd niet gecontroleerd wegens een fout\n"
+
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d ondertekeningen werden niet gecontroleerd wegens fouten\n"
+
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 gebruikers-ID gevonden zonder geldige eigen handtekening\n"
+
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d gebruikers-ID's gevonden zonder geldige eigen handtekening\n"
+
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Geef aan in welke mate u er op vertrouwt dat deze gebruiker de sleutels van "
+"andere gebruikers op correcte wijze controleert\n"
+"(door het paspoort te bekijken, vingerafdrukken uit verschillende bronnen te "
+"checken, enz.)\n"
+
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Ik vertrouw het maar marginaal\n"
+
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Ik vertrouw het volledig\n"
+
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Geef aan hoe groot het vertrouwen mag zijn in deze betrouwbare "
+"handtekening.\n"
+"Als de waarde groter dan 1 is, stelt u de sleutel die u ondertekent, in de\n"
+"mogelijkheid om in uw plaats handtekeningen van vertrouwen te plaatsen.\n"
+
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+"Voer een domein in als u de geldigheid van de handtekening daartoe wilt "
+"beperken, laat leeg voor geen beperking.\n"
+
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Gebruikers-ID \"%s\" is ingetrokken."
+
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Weet U zeker dat U die nog steeds wilt ondertekenen? (j/N) "
+
+msgid " Unable to sign.\n"
+msgstr " Ondertekenen is niet mogelijk.\n"
+
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Gebruikers-ID \"%s\" is vervallen."
+
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "Gebruikers-ID \"%s\" is niet auto-gesigneerd."
+
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "Gebruikers-ID \"%s\" kan ondertekend worden. "
+
+msgid "Sign it? (y/N) "
+msgstr "Ondertekenen? (j/N) "
+
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"De eigen ondertekening van \"%s\"\n"
+"is een ondertekening van het type PGP 2.x.\n"
+
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr ""
+"Wilt u ze opwaarderen tot een eigen ondertekening van het type OpenPGP? (j/"
+"N) "
+
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Uw huidige ondertekening op \"%s\"\n"
+"is verlopen.\n"
+
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Wilt U een nieuwe ondertekening uitgeven om de vervallen te vervangen ? (j/"
+"N) "
+
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Uw huidige ondertekening op \"%s\"\n"
+"is een lokale ondertekening.\n"
+
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+"Wilt u ze opwaarderen naar een ondertekening die volledig exporteerbaar is? "
+"(j/N) "
+
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" was reeds lokaal ondertekend met sleutel %s\n"
+
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" was reeds ondertekend met sleutel %s\n"
+
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Wilt u die toch opnieuw ondertekenen? (j/N) "
+
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Er valt niets te ondertekenen met sleutel %s\n"
+
+msgid "This key has expired!"
+msgstr "Deze sleutel is verlopen!"
+
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Deze sleutel zal vervallen op %s.\n"
+
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Wilt u uw handtekening op hetzelfde moment laten vervallen? (J/n) "
+
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"U mag geen OpenPGP-ondertekening zetten bij een sleutel van het type PGP 2.x "
+"als u de modus --pgp2 gebruikt.\n"
+
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Dit zou de sleutel onbruikbaar maken met PGP 2.x.\n"
+
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Hoe zorgvuldig heeft u gecontroleerd dat de sleutel die u gaat ondertekenen\n"
+"werkelijk van de hiervoor genoemde persoon is? Indien u niet goed weet wat\n"
+"te antwoorden, geef dan \"0\" op\n"
+
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Hierop geef ik geen antwoord.%s\n"
+
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Ik heb dit helemaal niet gecontroleerd.%s\n"
+
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Ik heb een oppervlakkige controle uitgevoerd.%s\n"
+
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Ik heb dit zeer zorgvuldig gecontroleerd.%s\n"
+
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Uw keuze? (type `?' voor meer informatie): "
+
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Weet u zeker dat u deze sleutel wilt ondertekenen met uw\n"
+"sleutel \"%s\" (%s)\n"
+
+msgid "This will be a self-signature.\n"
+msgstr "Dit zal een eigen ondertekening zijn.\n"
+
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"WAARSCHUWING: de ondertekening zal niet als niet-exporteerbaar\n"
+" worden gemarkeerd.\n"
+
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"WAARSCHUWING: de ondertekening zal niet als niet in te trekken\n"
+" worden gemarkeerd.\n"
+
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "De ondertekening zal als niet-exporteerbaar gemarkeerd worden.\n"
+
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "De ondertekening zal als niet in te trekken gemarkeerd worden.\n"
+
+msgid "I have not checked this key at all.\n"
+msgstr "Ik heb deze sleutel helemaal niet gecontroleerd.\n"
+
+msgid "I have checked this key casually.\n"
+msgstr "Ik heb deze sleutel oppervlakkig gecontroleerd.\n"
+
+msgid "I have checked this key very carefully.\n"
+msgstr "Ik heb deze sleutel zeer zorgvuldig gecontroleerd.\n"
+
+msgid "Really sign? (y/N) "
+msgstr "Echt ondertekenen? (j/N) "
+
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "ondertekenen is mislukt: %s\n"
+
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"Deze sleutel bevat slechts partiële of op de kaart opgeslagen elementen - er "
+"is geen wachtwoordzin die veranderd kan worden.\n"
+
+msgid "This key is not protected.\n"
+msgstr "Deze sleutel is niet beveiligd.\n"
+
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Geheime delen van de primaire sleutel zijn niet beschikbaar.\n"
+
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Geheime delen van de primaire sleutel staan opgeslagen op de kaart.\n"
+
+msgid "Key is protected.\n"
+msgstr "Sleutel is beveiligd.\n"
+
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Deze sleutel kan niet bewerkt worden: %s\n"
+
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Voer de nieuwe wachtwoordzin voor deze geheime sleutel in.\n"
+"\n"
+
+msgid "passphrase not correctly repeated; try again"
+msgstr "de wachtwoordzin is niet twee keer dezelfde; probeer opnieuw"
+
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"U wilt geen wachtwoordzin - Dit is wellicht een *slecht* idee!\n"
+"\n"
+
+msgid "Do you really want to do this? (y/N) "
+msgstr "Wilt u dit echt doen? (j/N) "
+
+msgid "moving a key signature to the correct place\n"
+msgstr ""
+"de ondertekening van de sleutel wordt naar de juiste plaats verplaatst\n"
+
+msgid "save and quit"
+msgstr "opslaan en stoppen"
+
+msgid "show key fingerprint"
+msgstr "toon de vingerafdruk van de sleutel"
+
+msgid "list key and user IDs"
+msgstr "toon sleutel en gebruikers-ID's"
+
+msgid "select user ID N"
+msgstr "selecteer gebruikers-ID N"
+
+msgid "select subkey N"
+msgstr "selecteer subsleutel N"
+
+msgid "check signatures"
+msgstr "controleer handtekeningen"
+
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+"onderteken geselecteerde gebruikers-ID's [* zie hieronder voor gerelateerde "
+"commando's]"
+
+msgid "sign selected user IDs locally"
+msgstr "onderteken geselecteerde gebruikers-ID's lokaal"
+
+msgid "sign selected user IDs with a trust signature"
+msgstr ""
+"onderteken geselecteerde gebruikers-ID's met een handtekening van vertrouwen"
+
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+"onderteken geselecteerde gebruikers-ID's met een handtekening die niet "
+"ingetrokken kan worden"
+
+msgid "add a user ID"
+msgstr "voeg een gebruikers-ID toe"
+
+msgid "add a photo ID"
+msgstr "voeg een identiteitsfoto toe"
+
+msgid "delete selected user IDs"
+msgstr "verwijder geselecteerde gebruikers-ID's"
+
+msgid "add a subkey"
+msgstr "voeg een subsleutel toe"
+
+msgid "add a key to a smartcard"
+msgstr "voeg een sleutel toe op een chipkaart"
+
+msgid "move a key to a smartcard"
+msgstr "verplaats een sleutel naar een chipkaart"
+
+msgid "move a backup key to a smartcard"
+msgstr "verplaats een reservesleutel naar een chipkaart"
+
+msgid "delete selected subkeys"
+msgstr "verwijder de geselecteerde subsleutels"
+
+msgid "add a revocation key"
+msgstr "voeg een intrekkingssleutel toe"
+
+msgid "delete signatures from the selected user IDs"
+msgstr "verwijder ondertekeningen van de geselecteerde gebruikers-ID's"
+
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "verander de vervaldatum van de sleutel of de geselecteerde subsleutels"
+
+msgid "flag the selected user ID as primary"
+msgstr "markeer de geselecteerde gebruikers-ID als primair"
+
+msgid "toggle between the secret and public key listings"
+msgstr "wissel tussen de lijst met geheime en die met publieke sleutels"
+
+msgid "list preferences (expert)"
+msgstr "toon voorkeuren (expert)"
+
+msgid "list preferences (verbose)"
+msgstr "toon voorkeuren (uitvoerig)"
+
+msgid "set preference list for the selected user IDs"
+msgstr "stel de lijst met voorkeuren in voor de geselecteerde gebruikers-ID's"
+
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+"stel de URL in van de voorkeurssleutelserver voor de geselecteerde "
+"gebruikers-ID's"
+
+msgid "set a notation for the selected user IDs"
+msgstr "stel een notatie in voor de geselecteerde gebruikers-ID's"
+
+msgid "change the passphrase"
+msgstr "wijzig de wachtwoordzin"
+
+msgid "change the ownertrust"
+msgstr "wijzig de betrouwbaarheidsinformatie"
+
+msgid "revoke signatures on the selected user IDs"
+msgstr "trek de handtekeningen op de geselecteerde gebruikers-ID's in"
+
+msgid "revoke selected user IDs"
+msgstr "trek de geselecteerde gebruikers-ID's in"
+
+msgid "revoke key or selected subkeys"
+msgstr "trek de sleutel of de geselecteerde subsleutels in"
+
+msgid "enable key"
+msgstr "activeer de sleutel"
+
+msgid "disable key"
+msgstr "deactiveer de sleutel"
+
+msgid "show selected photo IDs"
+msgstr "toon de geselecteerde identiteitsfoto's"
+
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+"comprimeer onbruikbare gebruikers-ID's en verwijder onbruikbare "
+"handtekeningen van de sleutel"
+
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+"comprimeer onbruikbare gebruikers-ID's en verwijder alle handtekeningen van "
+"de sleutel"
+
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "fout bij het lezen van het geheime sleutelblok \"%s\": %s\n"
+
+msgid "Secret key is available.\n"
+msgstr "Geheime sleutel is beschikbaar.\n"
+
+msgid "Need the secret key to do this.\n"
+msgstr "Hiervoor is de geheime sleutel nodig.\n"
+
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Gebruik eerst het commando \"toggle\" (wisselen).\n"
+
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* Het commando `sign' (ondertekenen) kan worden voorafgegaan door een\n"
+" `l' (lsign) om een lokale ondertekening te maken, een `t' (tsign) om een\n"
+" handtekening van vertrouwen te plaatsen, een `nr' (nrsign) om een\n"
+" niet-intrekbare handtekening te zetten, of om het even welke combinatie\n"
+" hiervan (ltsign, tnrsign, enz.).\n"
+
+msgid "Key is revoked."
+msgstr "Sleutel werd ingetrokken."
+
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Echt alle gebruikers-ID's ondertekenen? (j/N) "
+
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Hint: Selecteer de gebruikers-ID's die U wilt ondertekenen\n"
+
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Onbekend ondertekeningstype ‘%s’\n"
+
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Dit commando is niet toegestaan in %s-modus.\n"
+
+msgid "You must select at least one user ID.\n"
+msgstr "U moet minimaal één gebruikers-ID selecteren.\n"
+
+msgid "You can't delete the last user ID!\n"
+msgstr "U kunt de laatste gebruikers-ID niet verwijderen!\n"
+
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Werkelijk alle geselecteerde gebruikers-ID's verwijderen? (j/N) "
+
+msgid "Really remove this user ID? (y/N) "
+msgstr "Wilt u deze gebruikers-ID echt verwijderen? (j/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+msgid "Really move the primary key? (y/N) "
+msgstr "Wilt u echt de primaire sleutel verplaatsen? (j/N) "
+
+msgid "You must select exactly one key.\n"
+msgstr "U moet exact één sleutel selecteren.\n"
+
+msgid "Command expects a filename argument\n"
+msgstr "Commando verwacht een bestandsnaam als argument\n"
+
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Kan `%s' niet openen: %s\n"
+
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Fout bij het lezen van reservesleutel van `%s': %s\n"
+
+msgid "You must select at least one key.\n"
+msgstr "U moet minimaal één sleutel selecteren.\n"
+
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Wilt u de geselecteerde sleutels echt wissen? (j/N) "
+
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Wilt u deze sleutel echt wissen? (j/N) "
+
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Wilt u alle geselecteerde gebruikers-ID's echt intrekken? (j/N) "
+
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Wilt u deze gebruikers-ID echt intrekken? (j/N) "
+
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Wilt u echt de volledige sleutel intrekken? (j/N) "
+
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Wilt U de geselecteerde subsleutels echt intrekken? (j/N) "
+
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Wilt U deze subsleutel echt intrekken? (j/N) "
+
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Betrouwbaarheidsinformatie kan niet ingesteld worden wanneer gebruik\n"
+"gemaakt wordt van een door een gebruiker zelf verstrekte vertrouwenslijst\n"
+
+msgid "Set preference list to:\n"
+msgstr "Stel voorkeurenlijst in op:\n"
+
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"De voorkeuren voor de geselecteerde gebruikers-ID's echt aanpassen? (j/N) "
+
+msgid "Really update the preferences? (y/N) "
+msgstr "De voorkeuren echt aanpassen? (j/N) "
+
+msgid "Save changes? (y/N) "
+msgstr "Aanpassingen opslaan? (j/N) "
+
+msgid "Quit without saving? (y/N) "
+msgstr "Stoppen zonder opslaan? (j/N) "
+
+#, c-format
+msgid "update failed: %s\n"
+msgstr "aanpassen is mislukt: %s\n"
+
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "aanpassen van geheime gedeelte is mislukt: %s\n"
+
+msgid "Key not changed so no update needed.\n"
+msgstr "Sleutel is niet veranderd, dus er is geen aanpassing nodig.\n"
+
+msgid "Digest: "
+msgstr "Hashing: "
+
+msgid "Features: "
+msgstr "Functies: "
+
+msgid "Keyserver no-modify"
+msgstr "Sleutelserver zonder wijziging"
+
+msgid "Preferred keyserver: "
+msgstr "Voorkeurssleutelserver: "
+
+msgid "Notations: "
+msgstr "Notaties: "
+
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Een gebruikers-ID in een formaat PGP 2.x kent geen voorkeuren.\n"
+
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "De volgende sleutel werd ingetrokken op %s door %s sleutel %s\n"
+
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Deze sleutel kan ingetrokken zijn door %s sleutel %s"
+
+msgid "(sensitive)"
+msgstr "(gevoelig)"
+
+#, c-format
+msgid "created: %s"
+msgstr "aangemaakt op: %s"
+
+#, c-format
+msgid "revoked: %s"
+msgstr "ingetrokken op: %s"
+
+#, c-format
+msgid "expired: %s"
+msgstr "verlopen op: %s"
+
+#, c-format
+msgid "expires: %s"
+msgstr "vervaldatum: %s"
+
+#, c-format
+msgid "usage: %s"
+msgstr "gebruik: %s"
+
+#, c-format
+msgid "trust: %s"
+msgstr "betrouwbaarheid: %s"
+
+#, c-format
+msgid "validity: %s"
+msgstr "geldigheid: %s"
+
+msgid "This key has been disabled"
+msgstr "Deze sleutel werd uitgeschakeld"
+
+msgid "card-no: "
+msgstr "kaartnummer: "
+
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Houd er rekening mee dat de getoonde geldigheid van de sleutel niet\n"
+"noodzakelijk correct is, tenzij u de applicatie herstart.\n"
+
+msgid "revoked"
+msgstr "ingetrokken"
+
+msgid "expired"
+msgstr "verlopen"
+
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"WAARSCHUWING: Er werd geen gebruikers-ID als primair gemarkeerd. Door dit\n"
+" programma te gebruiken kan er een andere gebruikers-ID de\n"
+" veronderstelde primaire ID worden.\n"
+
+msgid "WARNING: Your encryption subkey expires soon.\n"
+msgstr "Waarschuwing: Uw subsleutel voor versleutelen vervalt weldra.\n"
+
+msgid "You may want to change its expiration date too.\n"
+msgstr "Misschien wilt u ook zijn vervaldatum wijzigen.\n"
+
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"WAARSCHUWING: Dit is een sleutel in PGP2-formaat. Het toevoegen van een\n"
+" identiteitsfoto kan er voor zorgen dat sommige versies van "
+"PGP\n"
+" deze sleutel zullen verwerpen.\n"
+
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Weet U zeker dat u die nog steeds wilt toevoegen? (j/N) "
+
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+"U kunt geen identiteitsfoto toevoegen aan een sleutel in PGP2-formaat.\n"
+
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Deze goede handtekening verwijderen? (j/N/s)"
+
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Deze ongeldige handtekening verwijderen? (j/N/s)"
+
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Deze onbekende handtekening verwijderen? (j/N/s)"
+
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Deze eigen handtekening echt verwijderen? (j/N)"
+
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d handtekening verwijderd.\n"
+
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d handtekeningen verwijderd.\n"
+
+msgid "Nothing deleted.\n"
+msgstr "Niets verwijderd.\n"
+
+msgid "invalid"
+msgstr "ongeldig"
+
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Gebruikers-ID \"%s\" is gecomprimeerd: %s\n"
+
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Gebruikers-ID \"%s\": %d handtekening verwijderd\n"
+
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Gebruikers-ID \"%s\": %d handtekeningen verwijderd\n"
+
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "Gebruikers-ID \"%s\": reeds geminimaliseerd\n"
+
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "Gebruikers-ID \"%s\": reeds opgeschoond\n"
+
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"WAARSCHUWING: Dit is een sleutel van het type PGP 2.x. Het toevoegen van "
+"een\n"
+" bevoegde intrekker kan er voor zorgen dat sommige PGP-versies\n"
+" deze sleutel zullen verwerpen.\n"
+
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+"U mag geen bevoegde intrekker toevoegen aan een sleutel van het type PGP 2."
+"x.\n"
+
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Geef de gebruikers-ID van de bevoegde intrekker: "
+
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+"kan geen sleutel van het type PGP 2.x aanstellen als bevoegde intrekker\n"
+
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "u kunt een sleutel niet aanstellen als zijn eigen bevoegde intrekker\n"
+
+msgid "this key has already been designated as a revoker\n"
+msgstr "deze sleutel is al aangesteld als bevoegde intrekker\n"
+
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"WAARSCHUWING: een sleutel aanstellen als bevoegde intrekker kan niet "
+"ongedaan\n"
+" gemaakt worden!\n"
+
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Weet u zeker dat u deze sleutel wilt aanstellen als bevoegde intrekker? (j/"
+"N) "
+
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Haal de gekozen onderdelen uit de geheime sleutels.\n"
+
+msgid "Please select at most one subkey.\n"
+msgstr "Selecteer hoogstens één subsleutel.\n"
+
+msgid "Changing expiration time for a subkey.\n"
+msgstr "De vervaldatum van een subsleutel wordt veranderd.\n"
+
+msgid "Changing expiration time for the primary key.\n"
+msgstr "De vervaldatum van de primaire sleutel wordt veranderd.\n"
+
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "U kunt de vervaldatum van een v3-sleutel niet veranderen\n"
+
+msgid "No corresponding signature in secret ring\n"
+msgstr "Er is geen overeenkomstige ondertekening in de geheime sleutelring\n"
+
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr ""
+"er gebeurde reeds een kruiscertificering van de ondertekening van subsleutel "
+"%s\n"
+
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+"subsleutel %s ondertekent niet en heeft dus geen kruiscertificering nodig\n"
+
+msgid "Please select exactly one user ID.\n"
+msgstr "Selecteer exact één gebruikers-ID.\n"
+
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr ""
+"de eigen ondertekening in v3-stijl van gebruikers-ID \"%s\" wordt "
+"overgeslagen\n"
+
+msgid "Enter your preferred keyserver URL: "
+msgstr "Geef de URL van de sleutelserver van uw voorkeur: "
+
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Weet u zeker dat u die wilt vervangen? (j/N) "
+
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Weet u zeker dat u die wilt verwijderen? (j/N) "
+
+msgid "Enter the notation: "
+msgstr "Voer de notatie in: "
+
+msgid "Proceed? (y/N) "
+msgstr "Doorgaan? (j/N) "
+
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Er is geen gebruikers-ID met index %d\n"
+
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Er is geen gebruikers-ID met hash %s\n"
+
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "Er is geen subsleutel met index %d\n"
+
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "gebruikers-ID: \"%s\"\n"
+
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "ondertekend met uw sleutel %s op %s%s%s\n"
+
+msgid " (non-exportable)"
+msgstr " (niet exporteerbaar)"
+
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Deze ondertekening is verlopen op %s.\n"
+
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Weet u zeker dat u die nog altijd wilt intrekken? (j/N) "
+
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Een intrekkingscertificaat voor deze ondertekening aanmaken? (j/N) "
+
+msgid "Not signed by you.\n"
+msgstr "Niet door u ondertekend.\n"
+
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "U heeft deze gebruikers-ID's op sleutel %s ondertekend:\n"
+
+msgid " (non-revocable)"
+msgstr " (niet intrekbaar)"
+
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "ingetrokken door uw sleutel %s op %s\n"
+
+msgid "You are about to revoke these signatures:\n"
+msgstr "U staat op het punt deze ondertekeningen in te trekken:\n"
+
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Wilt u deze intrekkingscertificaten echt aanmaken? (j/N) "
+
+msgid "no secret key\n"
+msgstr "geen geheime sleutel\n"
+
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "gebruikers-ID \"%s\" is reeds ingetrokken\n"
+
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"WAARSCHUWING: de ondertekening van een gebruikers-ID\n"
+" is %d seconden in de toekomst gedateerd\n"
+
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Sleutel %s is reeds ingetrokken.\n"
+
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Subsleutel %s is reeds ingetrokken.\n"
+
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"%s identiteitsfoto van formaat %ld voor sleutel %s (gebruikers-ID %d) wordt "
+"getoond\n"
+
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "voorkeur `%s' heeft duplicaat\n"
+
+msgid "too many cipher preferences\n"
+msgstr "te veel voorkeursinstellingen voor versleuteling\n"
+
+msgid "too many digest preferences\n"
+msgstr "te veel voorkeursinstellingen voor hashing\n"
+
+msgid "too many compression preferences\n"
+msgstr "te veel voorkeursinstellingen voor compressie\n"
+
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "ongeldig item `%s' in voorkeursinstellingen\n"
+
+msgid "writing direct signature\n"
+msgstr "directe ondertekening wordt weggeschreven\n"
+
+msgid "writing self signature\n"
+msgstr "eigen handtekening wordt weggeschreven\n"
+
+msgid "writing key binding signature\n"
+msgstr "de ondertekening van de koppeling met de sleutel wordt weggeschreven\n"
+
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "sleutelgrootte is ongeldig; %u bit wordt gebruikt\n"
+
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "sleutelgrootte afgerond op %u bits\n"
+
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"WAARSCHUWING: sommige OpenPGP-programma's kunnen niet overweg met een\n"
+" DSA-sleutel van deze hashgrootte\n"
+
+msgid "Sign"
+msgstr "Ondertekenen"
+
+msgid "Certify"
+msgstr "Certificeren"
+
+msgid "Encrypt"
+msgstr "Versleutelen"
+
+msgid "Authenticate"
+msgstr "Authenticeren"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+msgid "SsEeAaQq"
+msgstr "OoVvAaSs"
+
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Mogelijke acties voor een %s-sleutel: "
+
+msgid "Current allowed actions: "
+msgstr "Momenteel toegestane acties: "
+
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) De bekwaamheid om te onderteken activeren/deactiveren\n"
+
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) De bekwaamheid om te versleutelen activeren/deactiveren\n"
+
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) De bekwaamheid om te authenticeren activeren/deactiveren\n"
+
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Klaar\n"
+
+msgid "Please select what kind of key you want:\n"
+msgstr "Selecteer het soort sleutel dat u wilt:\n"
+
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) RSA en RSA (standaard)\n"
+
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA en Elgamal\n"
+
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (alleen ondertekenen)\n"
+
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (alleen ondertekenen)\n"
+
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (alleen versleutelen)\n"
+
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (alleen versleutelen)\n"
+
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (eigen bekwaamheden instellen)\n"
+
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (eigen bekwaamheden instellen)\n"
+
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "%s-sleutels moeten tussen %u en %u bits lang zijn.\n"
+
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Welke sleutellengte wilt u voor de subsleutel? (%u) "
+
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Welke sleutellengte wilt u? (%u) "
+
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Gevraagde sleutellengte is %u bits\n"
+
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Geef aan hoe lang de sleutel geldig moet zijn.\n"
+" 0 = sleutel verloopt nooit\n"
+" <n> = sleutel verloopt na n dagen\n"
+" <n>w = sleutel verloopt na n weken\n"
+" <n>m = sleutel verloopt na n maanden\n"
+" <n>y = sleutel verloopt na n jaar\n"
+
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Geef aan hoe lang de ondertekening geldig moet zijn.\n"
+" 0 = ondertekening verloopt nooit\n"
+" <n> = ondertekening verloopt na n dagen\n"
+" <n>w = ondertekening verloopt na n weken\n"
+" <n>m = ondertekening verloopt na n maanden\n"
+" <n>y = ondertekening verloopt na n jaar\n"
+
+msgid "Key is valid for? (0) "
+msgstr "Hoe lang moet de sleutel geldig zijn? (0) "
+
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Hoe lang moet de ondertekening geldig zijn? (%s) "
+
+msgid "invalid value\n"
+msgstr "ongeldige waarde\n"
+
+msgid "Key does not expire at all\n"
+msgstr "Sleutel verloopt helemaal niet\n"
+
+msgid "Signature does not expire at all\n"
+msgstr "Ondertekening verloopt helemaal niet\n"
+
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Sleutel vervalt op %s\n"
+
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "Ondertekening vervalt op %s\n"
+
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Uw systeem kan geen datum weergeven na 2038.\n"
+"Data worden echter wel juist verwerkt tot 2106.\n"
+
+msgid "Is this correct? (y/N) "
+msgstr "Is dit correct? (j/N) "
+
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG moet een gebruikers-ID bouwen ter identificatie van uw sleutel.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"U heeft een gebruikers-ID nodig om uw sleutel te identificeren; de software\n"
+"construeert de gebruikers-ID aan de hand van de werkelijke naam, de\n"
+"toelichting en het e-mailadres in het volgende formaat:\n"
+" \"Heinrich Heine (De dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+msgid "Real name: "
+msgstr "Werkelijke naam: "
+
+msgid "Invalid character in name\n"
+msgstr "Ongeldig teken in de naam\n"
+
+msgid "Name may not start with a digit\n"
+msgstr "Een naam mag niet met een cijfer beginnen\n"
+
+msgid "Name must be at least 5 characters long\n"
+msgstr "Een naam moet minimaal 5 tekens lang zijn\n"
+
+msgid "Email address: "
+msgstr "E-mailadres: "
+
+msgid "Not a valid email address\n"
+msgstr "Geen geldig e-mailadres\n"
+
+msgid "Comment: "
+msgstr "Toelichting: "
+
+msgid "Invalid character in comment\n"
+msgstr "Ongeldig teken in de toelichting\n"
+
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "U gebruikt tekenset `%s'.\n"
+
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"U heeft de volgende GEBRUIKERS-ID gekozen:\n"
+" \"%s\"\n"
+"\n"
+
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+"Plaats het e-mailadres alstublieft niet bij de werkelijke naam of de "
+"toelichting\n"
+
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Een dergelijke gebruikers-ID bestaat reeds voor deze sleutel!\n"
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+msgid "NnCcEeOoQq"
+msgstr "NnTtEeOoSs"
+
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Wijzig (N)aam, (T)oelichting, (E)-mailadres of (S)toppen? "
+
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Wijzig (N)aam, (T)oelichting, (E)-mailadres of (O)ké/(S)toppen? "
+
+msgid "Please correct the error first\n"
+msgstr "Verbeter eerst de fout\n"
+
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"U heeft een wachtwoordzin nodig om uw geheime sleutel te beveiligen.\n"
+"\n"
+
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Voer een wachtwoordzin in om de externe veiligheidskopie van de nieuwe "
+"encryptiesleutel te beveiligen."
+
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"U wilt geen wachtwoordzin - dit is waarschijnlijk een *slecht* idee!\n"
+"Ik ga het toch doen. U kunt uw wachtwoordzin op elk moment wijzigen\n"
+"met behulp van dit programma en de optie \"--edit-key\".\n"
+"\n"
+
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"We moeten een hele hoop willekeurige bytes genereren. U doet er goed aan om\n"
+"een andere activiteit te ondernemen (tikken op het toetsenbord, de muis\n"
+"bewegen, de schijven gebruiken) tijdens het genereren van het priemgetal.\n"
+"Dit geeft het programma dat het willekeurig getal genereert, meer kans om\n"
+"voldoende entropie te verzamelen.\n"
+
+msgid "Key generation canceled.\n"
+msgstr "Het aanmaken van de sleutel is geannuleerd.\n"
+
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "publieke sleutel wordt weggeschreven naar `%s'\n"
+
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "een stukje van de geheime sleutel wordt weggeschreven naar `%s'\n"
+
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "geheime sleutel wordt weggeschreven naar `%s'\n"
+
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr ""
+"geen publieke sleutelring gevonden waarnaar geschreven kan worden: %s\n"
+
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "geen geheime sleutelring gevonden waarnaar geschreven kan worden: %s\n"
+
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "fout bij het schrijven naar de publieke sleutelring `%s': %s\n"
+
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "fout bij het schrijven naar de geheime sleutelring `%s': %s\n"
+
+msgid "public and secret key created and signed.\n"
+msgstr "publieke en geheime sleutel zijn aangemaakt en ondertekend.\n"
+
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Noteer dat deze sleutel niet gebruikt kan worden voor versleuteling. U zou\n"
+"het commando \"--edit-key\" kunnen gebruiken om voor dit doel een "
+"subsleutel\n"
+"aan te maken.\n"
+
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Sleutel aanmaken is mislukt: %s\n"
+
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"de sleutel werd %lu seconde in de toekomst aangemaakt (afwijkende tijd of er "
+"is een probleem met de klok)\n"
+
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"de sleutel werd %lu seconden in de toekomst aangemaakt (afwijkende tijd of "
+"er is een probleem met de klok)\n"
+
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+"NOOT: subsleutels aanmaken voor v3-sleutels is niet compatibel met OpenPGP\n"
+
+msgid "Really create? (y/N) "
+msgstr "Werkelijk aanmaken? (j/N) "
+
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "sleutel opslaan op kaart is niet gelukt: %s\n"
+
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "kan reservebestand `%s' niet aanmaken: %s\n"
+
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOOT: reservebestand van de kaartsleutel opgeslagen als `%s'\n"
+
+msgid "never "
+msgstr "nooit "
+
+msgid "Critical signature policy: "
+msgstr "Kritieke ondertekeningsrichtlijnen: "
+
+msgid "Signature policy: "
+msgstr "Ondertekeningsrichtlijnen: "
+
+msgid "Critical preferred keyserver: "
+msgstr "Kritieke voorkeurssleutelserver: "
+
+msgid "Critical signature notation: "
+msgstr "Kritieke notatie van de handtekening: "
+
+msgid "Signature notation: "
+msgstr "Notatie van de handtekening: "
+
+msgid "Keyring"
+msgstr "Sleutelring"
+
+msgid "Primary key fingerprint:"
+msgstr "Vingerafdruk van de primaire sleutel:"
+
+msgid " Subkey fingerprint:"
+msgstr " Vingerafdruk van de subsleutel:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+msgid " Primary key fingerprint:"
+msgstr " Vingerafdruk van de primaire sleutel:"
+
+msgid " Subkey fingerprint:"
+msgstr " Vingerafdruk van de subsleutel:"
+
+msgid " Key fingerprint ="
+msgstr " Vingerafdruk van de sleutel ="
+
+#, fuzzy, c-format
+#| msgid "WARNING: using experimental digest algorithm %s\n"
+msgid "WARNING: a PGP-2 fingerprint is not safe\n"
+msgstr "WAARSCHUWING: er wordt een experimenteel hashalgoritme %s gebruikt\n"
+
+msgid " Card serial no. ="
+msgstr " Serienummer van de kaart ="
+
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "het hernoemen van `%s' naar `%s' is mislukt: %s\n"
+
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr ""
+"WAARSCHUWING: er bestaan twee bestanden met vertrouwelijke informatie.\n"
+
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s is het ongewijzigde\n"
+
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s is het nieuwe\n"
+
+msgid "Please fix this possible security flaw\n"
+msgstr "Los dit mogelijk veiligheidseuvel alstublieft op\n"
+
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "sleutelring `%s' wordt in de cache geladen\n"
+
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu sleutels tot dusver in de cache geladen (%lu ondertekeningen)\n"
+
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu sleutels in de cache geladen (%lu ondertekeningen)\n"
+
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: sleutelring aangemaakt\n"
+
+msgid "include revoked keys in search results"
+msgstr "ingetrokken sleutels ook weergeven bij de zoekresultaten"
+
+msgid "include subkeys when searching by key ID"
+msgstr "ook zoeken op subsleutels als gezocht wordt op sleutel-ID"
+
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+"gebruik tijdelijke bestanden om gegevens door te geven aan de "
+"sleutelserverhelpers"
+
+msgid "do not delete temporary files after using them"
+msgstr "tijdelijke bestanden na gebruik niet verwijderen"
+
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "sleutels automatisch ophalen bij het controleren van ondertekeningen"
+
+msgid "honor the preferred keyserver URL set on the key"
+msgstr ""
+"honoreer de URL van de voorkeurssleutelserver zoals die in de sleutel "
+"vermeld staat"
+
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+"honoreer bij het ophalen van de sleutel de PKA-staat die in de sleutel "
+"vervat zit"
+
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"WAARSCHUWING: sleutelserveroptie `%s' wordt niet gebruikt op dit platform\n"
+
+msgid "disabled"
+msgstr "uitgeschakeld"
+
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Voer (een) getal(len) in, V)olgende , of S)toppen > "
+
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "ongeldig sleutelserverprotocol (wij %d!=verwerkingsroutine %d)\n"
+
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "sleutel \"%s\" niet gevonden op de sleutelserver\n"
+
+msgid "key not found on keyserver\n"
+msgstr "sleutel niet gevonden op de sleutelserver\n"
+
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "opvragen sleutel %s van %s server %s\n"
+
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "opvragen sleutel %s van %s\n"
+
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "namen zoeken van %s server %s\n"
+
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "namen zoeken van %s\n"
+
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "versturen van sleutel %s naar %s server %s\n"
+
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "versturen van sleutel %s naar %s\n"
+
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "zoeken naar \"%s\" van %s server %s\n"
+
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "zoeken naar \"%s\" van %s\n"
+
+msgid "no keyserver action!\n"
+msgstr "geen sleutelserveractiviteit!\n"
+
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+"WAARSCHUWING: verwerkingsroutine van sleutelserver heeft een andere GnuPG-"
+"versie (%s)\n"
+
+msgid "keyserver did not send VERSION\n"
+msgstr "sleutelserver verstuurde geen versie-informatie\n"
+
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "fout in de communicatie met de sleutelserver: %s\n"
+
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "er is geen sleutelserver bekend (gebruik optie --keyserver)\n"
+
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+"het aanroepen van externe sleutelservers wordt in deze versie niet "
+"ondersteund\n"
+
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "geen verwerkingsroutine voor sleutelserverstelsel `%s'\n"
+
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "de actie `%s' wordt niet ondersteund door sleutelserverstelsel `%s'\n"
+
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s ondersteunt verwerkingsroutine met versie %d niet\n"
+
+msgid "keyserver timed out\n"
+msgstr "sleutelserver reageert te langzaam\n"
+
+msgid "keyserver internal error\n"
+msgstr "sleutelserver geeft een interne fout\n"
+
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "\"%s\" is geen sleutel-ID: overgeslagen\n"
+
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr ""
+"WAARSCHUWING: het is niet mogelijk sleutel %s via %s te verversen: %s\n"
+
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "verversen van 1 sleutel vanuit %s\n"
+
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "verversen van %d sleutels vanuit %s\n"
+
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "WAARSCHUWING: het is niet mogelijk om URI %s op te halen: %s\n"
+
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "WAARSCHUWING: het is niet mogelijk om URI %s te ontleden\n"
+
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "vreemde lengte voor een versleutelde sessiesleutel (%d)\n"
+
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s versleutelde sessiesleutel\n"
+
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "wachtwoordzin is gemaakt met onbekend hashalgoritme %d\n"
+
+#, c-format
+msgid "public key is %s\n"
+msgstr "publieke sleutel is %s\n"
+
+msgid "public key encrypted data: good DEK\n"
+msgstr "met de publieke sleutel versleutelde gegevens: goede DEK\n"
+
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "versleuteld met %u bit %s-sleutel, ID %s, gemaakt op %s\n"
+
+#, c-format
+msgid " \"%s\"\n"
+msgstr " \"%s\"\n"
+
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "versleuteld met %s-sleutel, ID %s\n"
+
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "ontcijferen van publieke sleutel is mislukt : %s\n"
+
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "versleuteld met %lu wachtwoordzinnen\n"
+
+msgid "encrypted with 1 passphrase\n"
+msgstr "versleuteld met 1 wachtwoordzin\n"
+
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "gegevens waarschijnlijk versleuteld met %s\n"
+
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"IDEA-versleutelingsalgoritme is niet beschikbaar, maar we gaan in plaats "
+"daarvan met goede moed %s proberen\n"
+
+msgid "decryption okay\n"
+msgstr "ontcijfering oké\n"
+
+msgid "WARNING: message was not integrity protected\n"
+msgstr "WAARSCHUWING: de integriteit van het bericht was niet beveiligd\n"
+
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "WAARSCHUWING: versleuteld bericht werd gemanipuleerd!\n"
+
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr "gewiste wachtwoordzin in de cache geplaatst met ID: %s\n"
+
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "ontcijferen mislukt: %s\n"
+
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr ""
+"NOOT: afzender heeft het volgende verzocht: \"alleen-voor-u-persoonlijk\"\n"
+
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "originele bestandsnaam='%.*s'\n"
+
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "WAARSCHUWING: er werd meerdere keren een klare tekst gezien\n"
+
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "autonome intrekking - gebruik \"gpg --import\" om ze toe te passen\n"
+
+msgid "no signature found\n"
+msgstr "geen ondertekening gevonden\n"
+
+msgid "signature verification suppressed\n"
+msgstr "controle van de ondertekening onderdrukt\n"
+
+msgid "can't handle this ambiguous signature data\n"
+msgstr "kan deze ambigue ondertekeningsgegevens niet verwerken\n"
+
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Ondertekening gemaakt op %s\n"
+
+#, c-format
+msgid " using %s key %s\n"
+msgstr " met %s sleutel %s\n"
+
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Ondertekening gemaakt op %s met %s sleutel-ID %s\n"
+
+msgid "Key available at: "
+msgstr "Sleutel beschikbaar op: "
+
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "SLECHTE handtekening van \"%s\""
+
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Vervallen handtekening van \"%s\""
+
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Goede handtekening van \"%s\""
+
+msgid "[uncertain]"
+msgstr "[onzeker]"
+
+#, c-format
+msgid " aka \"%s\""
+msgstr " ook bekend als \"%s\""
+
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Ondertekening vervallen op %s\n"
+
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Ondertekening verloopt op %s\n"
+
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s handtekening, hashalgoritme %s\n"
+
+msgid "binary"
+msgstr "binair"
+
+msgid "textmode"
+msgstr "tekstmodus"
+
+msgid "unknown"
+msgstr "onbekend"
+
+#, c-format
+msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
+msgstr ""
+"WAARSCHUWING: geen ontkoppelde handtekening; bestand '%s' werd NIET "
+"geverifieerd!\n"
+
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Kan ondertekening niet controleren: %s\n"
+
+msgid "not a detached signature\n"
+msgstr "geen ontkoppelde ondertekening\n"
+
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"WAARSCHUWING: meerdere ondertekeningen gevonden.\n"
+" Alleen de eerste zal gecontroleerd worden.\n"
+
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "autonome ondertekening van klasse 0x%02x\n"
+
+msgid "old style (PGP 2.x) signature\n"
+msgstr "ondertekening in oude stijl (PGP 2.x)\n"
+
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "ongeldig stampakket gevonden in proc_tree()\n"
+
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "opvragen van status (fstat) van `%s' mislukte in %s: %s\n"
+
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "opvragen van status (fstat(%d)) mislukte in %s: %s\n"
+
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr ""
+"WAARSCHUWING: er wordt een experimenteel algoritme %s\n"
+" gebruikt voor de publieke sleutel\n"
+
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"WAARSCHUWING: Elgamal-sleutels die ondertekenen + versleutelen zijn "
+"verouderd\n"
+
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr ""
+"WAARSCHUWING: er wordt een experimenteel versleutelingsalgoritme %s "
+"gebruikt\n"
+
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "WAARSCHUWING: er wordt een experimenteel hashalgoritme %s gebruikt\n"
+
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "WAARSCHUWING: hashalgoritme %s is verouderd\n"
+
+#, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "Noot: handtekeningen die het %s-algoritme gebruiken worden verworpen\n"
+
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "het IDEA versleutelingsalgoritme is niet beschikbaar\n"
+
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "lees %s voor meer informatie\n"
+
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: verouderde optie \"%s\"\n"
+
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "WAARSCHUWING: \"%s\" is een verouderde optie\n"
+
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "gelieve in de plaats \"%s%s\" te gebruiken\n"
+
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "WAARSCHUWING: \"%s\" is een verouderd commando - gebruik het niet\n"
+
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: verouderde optie \"%s\" - ze heeft geen enkel effect\n"
+
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr ""
+"WAARSCHUWING: \"%s\" is een verouderde optie - ze heeft geen enkel effect\n"
+
+#, c-format
+msgid "%s:%u: \"%s%s\" is obsolete in this file - it only has effect in %s\n"
+msgstr ""
+"%s:%u: \"%s%s\" is in dit bestand verouderd - ze heeft enkel effect in %s\n"
+
+#, c-format
+msgid ""
+"WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
+msgstr ""
+"WAARSCHUWING: \"%s%s\" is een verouderde optie - ze heeft geen effect tenzij "
+"op %s\n"
+
+msgid "Uncompressed"
+msgstr "Niet gecomprimeerd"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+msgid "uncompressed|none"
+msgstr "niet gecomprimeerd|geen"
+
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "dit bericht kan mogelijk niet gebruikt worden door %s\n"
+
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "dubbelzinnige optie `%s'\n"
+
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "onbekende optie `%s'\n"
+
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Bestand `%s' bestaat. "
+
+msgid "Overwrite? (y/N) "
+msgstr "Overschrijven? (j/N) "
+
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: onbekend achtervoegsel\n"
+
+msgid "Enter new filename"
+msgstr "Voer een nieuwe bestandsnaam in"
+
+msgid "writing to stdout\n"
+msgstr "schrijven naar standaarduitvoer\n"
+
+#, c-format
+msgid "assuming signed data in '%s'\n"
+msgstr "gegevens in `%s' worden verondersteld ondertekend te zijn\n"
+
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "nieuw configuratiebestand `%s' aangemaakt\n"
+
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"WAARSCHUWING: opties in `%s' zijn tijdens deze doorloop nog niet actief\n"
+
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "kan het algoritme %d van de publieke sleutel niet verwerken\n"
+
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"WAARSCHUWING: mogelijk onveilige symmetrisch versleutelde sessiesleutel\n"
+
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "de kritieke bit is gezet voor het subpakket van type %d\n"
+
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problemen met de agent: %s\n"
+
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (hoofdsleutel-ID %s)"
+
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Voer de wachtwoordzin in om de geheime sleutel te ontgrendelen\n"
+"van het volgende OpenPGP-certificaat:\n"
+"\"%.*s\"\n"
+"%u-bit %s-sleutel, ID %s,\n"
+"gemaakt op %s%s.\n"
+
+msgid "Enter passphrase\n"
+msgstr "Voer de wachtwoordzin in\n"
+
+msgid "cancelled by user\n"
+msgstr "geannuleerd door de gebruiker\n"
+
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"U heeft een wachtwoordzin nodig om de geheime sleutel te ontgrendelen\n"
+"van gebruiker: \"%s\"\n"
+
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bit %s-sleutel, ID %s, aangemaakt op %s"
+
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (subsleutel bij hoofdsleutel-ID %s)"
+
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Kies een afbeelding om als uw identiteitsfoto te gebruiken. De afbeelding\n"
+"moet een bestand in JPEG-formaat zijn. Onthoud dat de afbeelding opgeslagen\n"
+"wordt in uw publieke sleutel. Als u een erg grote afbeelding gebruikt, zal\n"
+"uw publieke sleutel ook erg groot worden! Een goed formaat voor de "
+"afbeelding\n"
+"is ongeveer 240x288.\n"
+
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Geef de naam van het JPEG-bestand voor de identiteitsfoto: "
+
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "kan JPEG-bestand `%s' niet openen: %s\n"
+
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Dit JPEG-bestand is erg groot (%d bytes) !\n"
+
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Weet U zeker dat u het wilt gebruiken? (j/N) "
+
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "`%s' is geen JPEG-bestand\n"
+
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Is deze foto correct (j/N/s)? "
+
+msgid "unable to display photo ID!\n"
+msgstr "het is niet mogelijk de identiteitsfoto te tonen!\n"
+
+msgid "No reason specified"
+msgstr "Geen reden opgegeven"
+
+msgid "Key is superseded"
+msgstr "Sleutel is vervangen"
+
+msgid "Key has been compromised"
+msgstr "Sleutel is gecompromitteerd"
+
+msgid "Key is no longer used"
+msgstr "Sleutel is niet meer in gebruik"
+
+msgid "User ID is no longer valid"
+msgstr "Gebruikers-ID is niet langer geldig"
+
+msgid "reason for revocation: "
+msgstr "reden van de intrekking: "
+
+msgid "revocation comment: "
+msgstr "toelichting bij de intrekking: "
+
+#. TRANSLATORS: These are the allowed answers in lower and
+#. uppercase. Below you will find the matching strings which
+#. should be translated accordingly and the letter changed to
+#. match the one in the answer string.
+#.
+#. i = please show me more information
+#. m = back to the main menu
+#. s = skip this key
+#. q = quit
+#.
+msgid "iImMqQsS"
+msgstr "iImMsSoO"
+
+msgid "No trust value assigned to:\n"
+msgstr "Er werd geen betrouwbaarheidswaarde toegekend aan:\n"
+
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " ook bekend als \"%s\"\n"
+
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"In hoeverre vertrouwt U erop dat deze sleutel werkelijk\n"
+"bij de genoemde gebruiker hoort?\n"
+
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Weet ik niet of zal ik niet zeggen\n"
+
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = Ik vertrouw het NIET\n"
+
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Ik heb er het uiterste vertrouwen in\n"
+
+msgid " m = back to the main menu\n"
+msgstr " m = terug naar het hoofdmenu\n"
+
+msgid " s = skip this key\n"
+msgstr " o = sla deze sleutel over\n"
+
+msgid " q = quit\n"
+msgstr " s = stoppen\n"
+
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"Het minimale betrouwbaarheidsniveau van deze sleutel is: %s\n"
+"\n"
+
+msgid "Your decision? "
+msgstr "Uw besluit? "
+
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Wilt u deze sleutel echt instellen als uiterst betrouwbaar? (j/N) "
+
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificaten die leiden naar een uiterst betrouwbare sleutel:\n"
+
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr "%s: Er is geen zekerheid dat deze sleutel van de genoemde persoon is\n"
+
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Er is een beperkte zekerheid dat deze sleutel van de genoemde persoon "
+"is\n"
+
+msgid "This key probably belongs to the named user\n"
+msgstr "Deze sleutel is waarschijnlijk van de genoemde persoon\n"
+
+msgid "This key belongs to us\n"
+msgstr "Deze sleutel is van ons\n"
+
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Het is NIET zeker dat deze sleutel van de persoon is die genoemd wordt\n"
+"in de gebruikers-ID. Als u echter HEEL zeker weet wat u doet,\n"
+"mag u op de volgende vraag Ja antwoorden.\n"
+
+msgid "Use this key anyway? (y/N) "
+msgstr "Deze sleutel toch gebruiken? (j/N) "
+
+msgid "WARNING: Using untrusted key!\n"
+msgstr "WAARSCHUWING: er wordt een onbetrouwbare sleutel gebruikt!\n"
+
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"WAARSCHUWING: deze sleutel kan ingetrokken zijn\n"
+" (maar de intrekkingssleutel is niet aanwezig)\n"
+
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr ""
+"WAARSCHUWING: Deze sleutel werd ingetrokken door zijn bevoegde intrekker!\n"
+
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "WAARSCHUWING: Deze sleutel werd ingetrokken door de eigenaar!\n"
+
+msgid " This could mean that the signature is forged.\n"
+msgstr " Dit kan betekenen dat de ondertekening vervalst is.\n"
+
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr ""
+"WAARSCHUWING: Deze subsleutel werd ingetrokken door de eigenaar ervan!\n"
+
+msgid "Note: This key has been disabled.\n"
+msgstr "Noot: Deze sleutel is uitgeschakeld.\n"
+
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "Noot: Het gecontroleerde adres van de ondertekenaar is `%s'\n"
+
+# TODO
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+"Noot: Het adres `%s' van de ondertekenaar komt niet overeen met een DNS-"
+"registratie\n"
+
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+"betrouwbaarheidsniveau bijgesteld naar VOLLEDIG op basis van geldige PKA-"
+"info\n"
+
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+"betrouwbaarheidsniveau bijgesteld naar NOOIT op basis van slechte PKA-info\n"
+
+msgid "Note: This key has expired!\n"
+msgstr "Noot: Deze sleutel is vervallen!\n"
+
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+"WAARSCHUWING: Deze sleutel werd niet gecertificeerd\n"
+" door een betrouwbare handtekening!\n"
+
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Er is geen aanwijzing dat de handtekening van de eigenaar is.\n"
+
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "WAARSCHUWING: We vertrouwen deze sleutel NIET!\n"
+
+msgid " The signature is probably a FORGERY.\n"
+msgstr " De handtekening is waarschijnlijk een VERVALSING.\n"
+
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"WAARSCHUWING: Deze sleutel werd niet met voldoende\n"
+" betrouwbare handtekeningen gecertificeerd!\n"
+
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Het is niet zeker dat de handtekening van de eigenaar is.\n"
+
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: overgeslagen: %s\n"
+
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: overgeslagen: publieke sleutel is al aanwezig\n"
+
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+"U heeft geen gebruikers-ID gespecificeerd. (u kunt de optie \"-r\" "
+"gebruiken)\n"
+
+msgid "Current recipients:\n"
+msgstr "Huidige ontvangers:\n"
+
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Voer de gebruikers-ID in. Beëindig met een lege regel: "
+
+msgid "No such user ID.\n"
+msgstr "Een dergelijke gebruikers-ID is er niet.\n"
+
+msgid "skipped: public key already set as default recipient\n"
+msgstr ""
+"overgeslagen: publieke sleutel was reeds als standaardontvanger ingesteld\n"
+
+msgid "Public key is disabled.\n"
+msgstr "Publieke sleutel werd uitgeschakeld\n"
+
+msgid "skipped: public key already set\n"
+msgstr "overgeslagen: publieke sleutel was reeds ingesteld\n"
+
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "onbekende standaardontvanger \"%s\"\n"
+
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: overgeslagen: publieke sleutel is uitgeschakeld\n"
+
+msgid "no valid addressees\n"
+msgstr "geen geldige geadresseerden\n"
+
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Noot: sleutel %s heeft functionaliteit %s niet\n"
+
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Noot: sleutel %s bevat geen voorkeur voor %s\n"
+
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"gegevens niet bewaard; gebruik de optie \"--output\" om ze te bewaren\n"
+
+msgid "Detached signature.\n"
+msgstr "Ontkoppelde handtekening.\n"
+
+msgid "Please enter name of data file: "
+msgstr "Voer de naam in van het gegevensbestand: "
+
+msgid "reading stdin ...\n"
+msgstr "lezen van standaardinvoer (stdin) ...\n"
+
+msgid "no signed data\n"
+msgstr "geen ondertekende gegevens\n"
+
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "kan de ondertekende gegevens `%s' niet openen\n"
+
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr ""
+"kan de ondertekende gegevens uit bestandsindicator=%d niet openen: %s\n"
+
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "anonieme ontvanger; geheime sleutel %s wordt geprobeerd ...\n"
+
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "oké, wij zijn de anonieme ontvanger.\n"
+
+msgid "old encoding of the DEK is not supported\n"
+msgstr "de oude codering van de encryptiesleutel DEK wordt niet ondersteund\n"
+
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "versleutelingsalgoritme %d%s is onbekend of uitgeschakeld\n"
+
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+"WAARSCHUWING: versleutelingsalgoritme %s niet gevonden\n"
+" in de voorkeuren van de ontvanger\n"
+
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOOT: geheime sleutel %s verviel op %s\n"
+
+msgid "NOTE: key has been revoked"
+msgstr "NOOT: sleutel werd ingetrokken"
+
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet is mislukt: %s\n"
+
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "sleutel %s heeft geen gebruikers-ID's\n"
+
+msgid "To be revoked by:\n"
+msgstr "Moet worden ingetrokken door:\n"
+
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Dit is een gevoelige intekkingssleutel)\n"
+
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Een bevoegd intrekkingscertificaat aanmaken voor deze sleutel? (j/N) "
+
+msgid "ASCII armored output forced.\n"
+msgstr "gedwongen uitvoer in ASCII-harnas.\n"
+
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet is mislukt: %s\n"
+
+msgid "Revocation certificate created.\n"
+msgstr "Intrekkingscertificaat werd aangemaakt.\n"
+
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "er werden geen intrekkingssleutels gevonden voor \"%s\"\n"
+
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "geheime sleutel \"%s\" niet gevonden: %s\n"
+
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "geen overeenkomstige publieke sleutel: %s\n"
+
+msgid "public key does not match secret key!\n"
+msgstr "publieke sleutel komt niet overeen met de geheime sleutel!\n"
+
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Een intrekkingscertificaat voor deze sleutel maken? (j/N) "
+
+msgid "unknown protection algorithm\n"
+msgstr "onbekend beveiligingsalgoritme\n"
+
+msgid "NOTE: This key is not protected!\n"
+msgstr "NOOT: Deze sleutel is niet beveiligd!\n"
+
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Intrekkingscertificaat aangemaakt.\n"
+"\n"
+"Gelieve het naar een medium te verplaatsen dat u kunt wegstoppen; indien\n"
+"iemand dit certificaat in handen krijgt, kan hij het gebruiken om uw "
+"sleutel\n"
+"onbruikbaar te maken. Het is verstandig om dit certificaat af te drukken en\n"
+"het weg te bergen, voor het geval uw media onleesbaar zouden worden. Maar\n"
+"neem wat voorzichtigheid in acht: het printersysteem van uw computer kan de\n"
+"gegevens opslaan, waardoor ze voor anderen toegankelijk kunnen worden!\n"
+
+msgid "Please select the reason for the revocation:\n"
+msgstr "Gelieve een reden te kiezen voor de intrekking:\n"
+
+msgid "Cancel"
+msgstr "Annuleren"
+
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Wellicht wilt u hier %d kiezen)\n"
+
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Voer een optionele beschrijving in; beëindig met een lege regel:\n"
+
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Reden van intrekking: %s\n"
+
+msgid "(No description given)\n"
+msgstr "(Geen beschrijving gegeven)\n"
+
+msgid "Is this okay? (y/N) "
+msgstr "Is dit oké? (j/N) "
+
+msgid "secret key parts are not available\n"
+msgstr "onderdelen van de geheime sleutel zijn niet beschikbaar\n"
+
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "beveiligingsalgoritme %d%s wordt niet ondersteund\n"
+
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "beveiligingshash %d wordt niet ondersteund\n"
+
+msgid "Invalid passphrase; please try again"
+msgstr "Ongeldige wachtwoordzin; probeer opnieuw"
+
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"WAARSCHUWING: Een zwakke sleutel gevonden - gelieve de\n"
+" wachtwoordzin opnieuw te wijzigen.\n"
+
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"de controlesom ter beveiliging van de geheime sleutel\n"
+"wordt aangemaakt in het verouderde 16-bit-formaat\n"
+
+msgid "weak key created - retrying\n"
+msgstr "er werd een zwakke sleutel aangemaakt - er wordt nogmaals geprobeerd\n"
+
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"een zwakke sleutel voor het symmetrisch versleutelingsalgoritme\n"
+"kan niet vermeden worden; er werd %d maal geprobeerd!\n"
+
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA vereist dat de lengte van de hash een veelvoud van 8 bits is\n"
+
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "DSA-sleutel %s gebruikt een onveilige (%u bit) hash\n"
+
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "DSA-sleutel %s vereist een hash van %u bit of meer\n"
+
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "WAARSCHUWING: conflicterende ondertekeningshash in het bericht\n"
+
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+"WAARSCHUWING: er is geen kruiscertificering gebeurd\n"
+" van de ondertekenende subsleutel %s\n"
+
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"WAARSCHUWING: ondertekenende subsleutel %s heeft een ongeldige "
+"kruiscertificering\n"
+
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "publieke sleutel %s is %lu seconde recenter dan de handtekening\n"
+
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "publieke sleutel %s is %lu seconden recenter dan de handtekening\n"
+
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"sleutel %s werd %lu seconde in de toekomst aangemaakt\n"
+"(afwijkende tijd of een probleem met de klok)\n"
+
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"sleutel %s werd %lu seconden in de toekomst aangemaakt\n"
+"(afwijkende tijd of een probleem met de klok)\n"
+
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOOT: ondertekeningssleutel %s verviel op %s\n"
+
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOOT: ondertekeningssleutel %s werd ingetrokken\n"
+
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"er wordt verondersteld dat de ondertekening van\n"
+"sleutel %s slecht is, omdat de kritieke bit niet gekend is\n"
+
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr ""
+"sleutel %s: geen subsleutel voor de ondertekening\n"
+"van de intrekking van de subsleutel\n"
+
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr ""
+"sleutel %s: geen subsleutel voor de ondertekening van de koppeling met de "
+"subsleutel\n"
+
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"WAARSCHUWING: kan geen expansie maken op basis van %% van de notatie\n"
+" (te groot). De niet-geëxpandeerde versie wordt gebruikt.\n"
+
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"WAARSCHUWING: kan geen expansie maken op basis van %% van de richtlijn-URL\n"
+" (te groot). De niet-geëxpandeerde versie wordt gebruikt.\n"
+
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"WAARSCHUWING: kan geen expansie maken op basis van %% van de\n"
+" URL van de voorkeurssleutelsserver (te groot).\n"
+" De niet-geëxpandeerde versie wordt gebruikt.\n"
+
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "controle van de aangemaakte ondertekening is mislukt: %s\n"
+
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s ondertekening van: \"%s\"\n"
+
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"u kunt enkel een ontkoppelde ondertekening maken met een\n"
+"sleutel van het type PGP 2.x als u in modus --pgp2 bent\n"
+
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"WAARSCHUWING: het hashalgoritme %s (%d) dwingend opleggen is in strijd\n"
+" met de voorkeuren van de ontvanger\n"
+
+msgid "signing:"
+msgstr "bezig met ondertekenen:"
+
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"u kunt enkel een ondertekening in klare tekst maken met een\n"
+"sleutel van het type PGP 2.x als u in modus --pgp2 bent\n"
+
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s-versleuteling zal gebruikt worden\n"
+
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"sleutel staat niet als onveilig gemarkeerd - kan hem niet gebruiken\n"
+"met de gesimuleerde generator van willekeurige getallen (RNG)!\n"
+
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "\"%s\" overgeslagen: waren duplicaten\n"
+
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "\"%s\" overgeslagen: %s\n"
+
+msgid "skipped: secret key already present\n"
+msgstr "overgeslagen: geheime sleutel is al aanwezig\n"
+
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"dit is een Elgamal-sleutel aangemaakt met PGP.\n"
+"Het is niet veilig om er mee te ondertekenen!"
+
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "staat van betrouwbaarheid %lu, type %d: registreren mislukt: %s\n"
+
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Lijst van toegekende betrouwbaarheidswaarden, aangemaakt op %s\n"
+"# (Gebruik \"gpg --import-ownertrust\" om ze te repareren)\n"
+
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "fout in `%s': %s\n"
+
+msgid "line too long"
+msgstr "regel is te lang"
+
+msgid "colon missing"
+msgstr "ontbrekende dubbele punt"
+
+msgid "invalid fingerprint"
+msgstr "ongeldige vingerafdruk"
+
+msgid "ownertrust value missing"
+msgstr "ontbrekende waarde voor mate van betrouwbaarheid"
+
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "fout bij het zoeken naar de staat van betrouwbaarheid in `%s': %s\n"
+
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "leesfout in `%s': %s\n"
+
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "betrouwbaarheidsdatabank (trustdb): synchronisatie mislukt: %s\n"
+
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "kan geen grendel maken voor `%s'\n"
+
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "kan `%s' niet vergrendelen\n"
+
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr ""
+"betrouwbaarheidsdatabank (trustdb): element %lu: lseek is mislukt: %s\n"
+
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+"betrouwbaarheidsdatabank (trustdb): element %lu: wegschrijven is mislukt (n="
+"%d): %s\n"
+
+msgid "trustdb transaction too large\n"
+msgstr "betrouwbaarheidsdatabank (trustdb): transactie is te groot\n"
+
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: map bestaat niet!\n"
+
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "krijg geen toegang tot `%s': %s\n"
+
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: het registreren van de versie is mislukt: %s"
+
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: ongeldige betrouwbaarheidsdatabank (trustdb) aangemaakt\n"
+
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: betrouwbaarheidsdatabank (trustdb) aangemaakt\n"
+
+msgid "NOTE: trustdb not writable\n"
+msgstr ""
+"NOOT: er kan niet geschreven worden in de betrouwbaarheidsdatabank "
+"(trustdb)\n"
+
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: ongeldige betrouwbaarheidsdatabank (trustdb)\n"
+
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: aanmaken van de hashtabel is mislukt: %s\n"
+
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: fout bij het bijwerken van versiegegevens: %s\n"
+
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: fout bij het lezen van versiegegevens: %s\n"
+
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: fout bij het wegschrijven van versiegegevens: %s\n"
+
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "betrouwbaarheidsdatabank (trustdb): lseek is mislukt: %s\n"
+
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "betrouwbaarheidsdatabank (trustdb): lezen is mislukt (n=%d): %s\n"
+
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: bestand is geen betrouwbaarheidsdatabank (trustdb)\n"
+
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: versiegegevens met registratienummer %lu\n"
+
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: ongeldige bestandsversie %d\n"
+
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: fout bij het lezen van vrije staat: %s\n"
+
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: fout bij het wegschrijven van de staat van de map: %s\n"
+
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: fout bij het op nul zetten van een staat: %s\n"
+
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: het toevoegen van een staat is mislukt: %s\n"
+
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "Fout: de betrouwbaarheidsdatabank (trustdb) is beschadigd.\n"
+
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "kan geen tekstregels verwerken die groter zijn dan %d tekens\n"
+
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "invoerregel groter dan %d tekens\n"
+
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' is geen geldige ID voor een lange sleutel\n"
+
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "sleutel %s: aanvaard als betrouwbare sleutel\n"
+
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr ""
+"sleutel %s komt meer dan eens voor in de betrouwbaarheidsdatabank (trustdb)\n"
+
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"sleutel %s: geen publieke sleutel voor de vertrouwde sleutel - overgeslagen\n"
+
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "sleutel %s gemarkeerd als uiterst betrouwbaar\n"
+
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "staat van betrouwbaarheid %lu, vereist type %d: lezen mislukt: %s\n"
+
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "staat van betrouwbaarheid %lu is niet van het vereiste type %d\n"
+
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+"U kunt proberen om de betrouwbaarheidsdatabank (trustdb)\n"
+"opnieuw aan te maken met behulp van de commando's:\n"
+
+msgid "If that does not work, please consult the manual\n"
+msgstr "Indien dit niet lukt, gelieve dan de handleiding te raadplegen\n"
+
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"kan onbekend betrouwbaarheidsmodel (%d) niet\n"
+"gebruiken - betrouwbaarheidsmodel %s wordt verondersteld\n"
+
+#, c-format
+msgid "using %s trust model\n"
+msgstr "betrouwbaarheidsmodel %s wordt gebruikt\n"
+
+#. TRANSLATORS: these strings are similar to those in
+#. trust_value_to_string(), but are a fixed length. This is needed to
+#. make attractive information listings where columns line up
+#. properly. The value "10" should be the length of the strings you
+#. choose to translate to. This is the length in printable columns.
+#. It gets passed to atoi() so everything after the number is
+#. essentially a comment and need not be translated. Either key and
+#. uid are both NULL, or neither are NULL.
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+"11 translator see trustdb.c:uid_trust_string_fixed: werd gelezen door "
+"vertaler"
+
+msgid "[ revoked]"
+msgstr "[ingetrok]"
+
+msgid "[ expired]"
+msgstr "[vervalln]"
+
+msgid "[ unknown]"
+msgstr "[onbekend]"
+
+msgid "[ undef ]"
+msgstr "[ ongedef]"
+
+msgid "[marginal]"
+msgstr "[marginal]"
+
+msgid "[ full ]"
+msgstr "[volledig]"
+
+msgid "[ultimate]"
+msgstr "[ uiterst]"
+
+msgid "undefined"
+msgstr "niet gedefinieerd"
+
+msgid "never"
+msgstr "nooit"
+
+msgid "marginal"
+msgstr "marginaal"
+
+msgid "full"
+msgstr "volledig"
+
+msgid "ultimate"
+msgstr "uiterst"
+
+msgid "no need for a trustdb check\n"
+msgstr "een controle van de betrouwbaarheidsdatabank (trustdb) is niet nodig\n"
+
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "volgende controle van de betrouwbaarheidsdatabank (trustdb) is op %s\n"
+
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr ""
+"een controle van de betrouwbaarheidsdatabank (trustdb)\n"
+"is niet nodig bij het vertrouwensmodel `%s'\n"
+
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr ""
+"een bijwerking van de betrouwbaarheidsdatabank (trustdb)\n"
+"is niet nodig bij het vertrouwensmodel `%s'\n"
+
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "publieke sleutel %s niet gevonden: %s\n"
+
+msgid "please do a --check-trustdb\n"
+msgstr "gelieve het commando --check-trustdb uit te voeren\n"
+
+msgid "checking the trustdb\n"
+msgstr "de betrouwbaarheidsdatabank (trustdb) wordt gecontroleerd\n"
+
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d sleutels werden verwerkt (%d geldigheidstellers op nul gezet)\n"
+
+msgid "no ultimately trusted keys found\n"
+msgstr "geen uiterst betrouwbare sleutels gevonden\n"
+
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "publieke sleutel van uiterst betrouwbare sleutel %s niet gevonden\n"
+
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "%d marginale nodig, %d volledige nodig, vertrouwensmodel %s\n"
+
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"diepte: %d geldig: %3d ondert.: %3d vertr.: %d-, %dq, %dn, %dm, %df, %du\n"
+
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"bijwerken van de versiegegevens van de betrouwbaarheidsdatabank (trustdb):\n"
+"wegschrijven is mislukt: %s\n"
+
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"de ondertekening kon niet geverifieerd worden.\n"
+"Denk eraan dat het bestand met handtekeningen (.sig of .asc)\n"
+"het eerste bestand moet zijn dat aan de commandolijn ingevoerd wordt.\n"
+
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "invoerregel %u is te lang of LF ontbreekt\n"
+
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "kan bestandsindicator %d niet openen: %s\n"
+
+msgid "argument not expected"
+msgstr "onverwacht argument"
+
+msgid "read error"
+msgstr "leesfout"
+
+msgid "keyword too long"
+msgstr "sleutelwoord is te lang"
+
+msgid "missing argument"
+msgstr "ontbrekend argument"
+
+msgid "invalid argument"
+msgstr "ongeldig argument"
+
+msgid "invalid command"
+msgstr "ongeldig commando"
+
+msgid "invalid alias definition"
+msgstr "ongeldige definitie van een alias"
+
+msgid "out of core"
+msgstr "geheugenlimiet overschreden"
+
+msgid "invalid option"
+msgstr "ongeldige optie"
+
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "ontbrekend argument voor optie \"%.50s\"\n"
+
+#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "ontbrekend argument voor optie \"%.50s\"\n"
+
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "optie \"%.50s\" verwacht geen argument\n"
+
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "ongeldig commando \"%.50s\"\n"
+
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "optie \"%.50s\" is ambigue\n"
+
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "commando \"%.50s\" is ambigue\n"
+
+msgid "out of core\n"
+msgstr "geheugenlimiet overschreden\n"
+
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "ongeldige optie \"%.50s\"\n"
+
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "u vond een bug ... (%s:%d)\n"
+
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "omzetting van `%s' naar `%s' is niet beschikbaar\n"
+
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open is mislukt: %s\n"
+
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "omzetting van `%s' naar `%s' is mislukt: %s\n"
+
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "kon tijdelijk bestand `%s' niet aanmaken: %s\n"
+
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "fout bij het wegschrijven van `%s': %s\n"
+
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "oud grendelbestand (aangemaakt door %d) wordt verwijderd\n"
+
+msgid " - probably dead - removing lock"
+msgstr " - wellicht dood - grendel wordt verwijderd"
+
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "wachten op de grendel (vastgehouden door %d%s) %s...\n"
+
+msgid "(deadlock?) "
+msgstr "(dode grendel?) "
+
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "grendel `%s' werd niet geplaatst: %s\n"
+
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "wachten op grendel %s...\n"
+
+msgid "set debugging flags"
+msgstr "stel debug-opties in"
+
+msgid "enable full debugging"
+msgstr "maak debuggen ten volle mogelijk"
+
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Gebruik: kbxutil [opties] [bestanden] (-h voor hulp)"
+
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"List, export, import Keybox data\n"
+msgstr ""
+"Syntaxis: kbxutil [opties] [bestanden]\n"
+"Toon, exporteer, importeer Keybox-gegevens (sleutelkistje-data)\n"
+
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "RSA-modulus ontbreekt of heeft niet een grootte van %d bits\n"
+
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "publieke exponent van RSA ontbreekt of is groter dan %d bits\n"
+
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "Herroepen van de pincode gaf een fout: %s\n"
+
+msgid "the NullPIN has not yet been changed\n"
+msgstr "de nul-pincode werd nog niet gewijzigd\n"
+
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|N|Gelieve een nieuwe pincode in te voeren voor de standaardsleutels."
+
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Gelieve de pincode voor de standaardsleutels in te voeren."
+
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|NP|Gelieve een nieuwe PUK-code (PIN Unblocking Code) in te voeren voor de "
+"standaardsleutels."
+
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|P|Gelieve de PUK-code (PIN Unblocking Code) in te voeren voor de "
+"standaardsleutels."
+
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+"|N|Gelieve een nieuwe pincode in te voeren voor de sleutel die bevoegde "
+"handtekeningen kan aanmaken."
+
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+"||Gelieve de pincode in te voeren voor de sleutel die bevoegde "
+"handtekeningen kan aanmaken."
+
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|NP|Gelieve een nieuwe PUK-code (PIN Unblocking Code) in te voeren voor de "
+"sleutel die bevoegde handtekeningen kan aanmaken."
+
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|P|Gelieve de PUK-code (PIN Unblocking Code) in te voeren voor de sleutel "
+"die bevoegde handtekeningen kan aanmaken."
+
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "fout bij het verkrijgen van een nieuwe pincode: %s\n"
+
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "opslaan van de vingerafdruk is mislukt: %s\n"
+
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "opslaan van de aanmaakdatum is mislukt: %s\n"
+
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "het lezen van de publieke sleutel is mislukt: %s\n"
+
+msgid "response does not contain the public key data\n"
+msgstr "antwoord bevat de gegevens van de publieke sleutel niet\n"
+
+msgid "response does not contain the RSA modulus\n"
+msgstr "antwoord bevat de RSA-modulus niet\n"
+
+msgid "response does not contain the RSA public exponent\n"
+msgstr "antwoord bevat de publieke exponent van RSA niet\n"
+
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "de standaardpincode wordt gebruikt voor %s\n"
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+"de standaardpincode gebruiken voor %s is mislukt: %s - standaard\n"
+"wordt in het vervolg niet meer gebruikt\n"
+
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Graag invoer van de pincode%%0A[gemaakte ondertekeningen: %lu]"
+
+msgid "||Please enter the PIN"
+msgstr "||Gelieve de pincode in te voeren"
+
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "pincode voor CHV%d is te kort; die moet minimaal %d lang zijn\n"
+
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "controle van CHV%d is mislukt: %s\n"
+
+msgid "error retrieving CHV status from card\n"
+msgstr "fout bij het ophalen van de CHV-status uit de kaart\n"
+
+msgid "card is permanently locked!\n"
+msgstr "kaart is permanent vergrendeld!\n"
+
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+"beheerder heeft %d resterende pogingen om de pincode in te voeren\n"
+"voordat de kaart permanent vergrendeld wordt\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "|A|Graag invoer van de beheerderspincode%%0A[resterende pogingen: %d]"
+
+msgid "|A|Please enter the Admin PIN"
+msgstr "|A|Gelieve de pincode van de beheerder in te voeren"
+
+msgid "access to admin commands is not configured\n"
+msgstr "toegang tot beheerderscommando's is niet ingesteld\n"
+
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Gelieve de Reset-Code voor de kaart in te voeren"
+
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Reset-Code is te kort; die moet minimaal %d lang zijn\n"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+msgid "|RN|New Reset Code"
+msgstr "|RN|Nieuwe Reset-Code"
+
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Nieuwe pincode voor de beheerder"
+
+msgid "|N|New PIN"
+msgstr "|N|Nieuwe pincode"
+
+msgid "||Please enter the Admin PIN and New Admin PIN"
+msgstr ""
+"||Gelieve de pincode van de beheerder en zijn nieuwe pincode in te voeren"
+
+msgid "||Please enter the PIN and New PIN"
+msgstr "||Gelieve de pincode en de nieuwe pincode in te voeren"
+
+msgid "error reading application data\n"
+msgstr "fout bij het lezen van toepassingsgegevens\n"
+
+msgid "error reading fingerprint DO\n"
+msgstr "fout bij het lezen van de vingerafdruk DO\n"
+
+msgid "key already exists\n"
+msgstr "de sleutel bestaat reeds\n"
+
+msgid "existing key will be replaced\n"
+msgstr "de bestaande sleutel zal vervangen worden\n"
+
+msgid "generating new key\n"
+msgstr "aanmaken van nieuwe sleutel\n"
+
+msgid "writing new key\n"
+msgstr "wegschrijven van nieuwe sleutel\n"
+
+msgid "creation timestamp missing\n"
+msgstr "aanmaaktijdstip ontbreekt\n"
+
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "priemgetal %s van RSA ontbreekt of heeft niet de grootte van %d bits\n"
+
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "opslaan van de sleutel is mislukt: %s\n"
+
+msgid "please wait while key is being generated ...\n"
+msgstr "wacht terwijl de sleutel wordt aangemaakt ...\n"
+
+msgid "generating key failed\n"
+msgstr "aanmaken van de sleutel is mislukt\n"
+
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "het aanmaken van de sleutel is voltooid (in %d seconden)\n"
+
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "ongeldige structuur van de OpenPGP-kaart (DO 0x93)\n"
+
+msgid "fingerprint on card does not match requested one\n"
+msgstr "vingerafdruk op de kaart komt niet overeen met de gevraagde\n"
+
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "de kaart ondersteunt het hashalgoritme %s niet\n"
+
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "tot dusver gegenereerde handtekeningen: %lu\n"
+
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"controleren van de pincode van de beheerder wordt momenteel verboden met dit "
+"commando\n"
+
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "kan geen toegang krijgen tot %s - ongeldige OpenPGP-kaart?\n"
+
+msgid "||Please enter your PIN at the reader's pinpad"
+msgstr ""
+"||Gelieve uw pincode in te voeren op het numeriek pad van de kaartlezer"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+msgid "|N|Initial New PIN"
+msgstr "|N|Initiële nieuwe pincode"
+
+msgid "run in multi server mode (foreground)"
+msgstr "uitvoeren in multi-servermodus (voorgrond)"
+
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|NIVEAU|stel het debuggingsniveau in op NIVEAU"
+
+msgid "|FILE|write a log to FILE"
+msgstr "|BESTAND|houd een logboek bij in BESTAND"
+
+msgid "|N|connect to reader at port N"
+msgstr "|N|maak verbinding met de lezer via poort N"
+
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NAAM|gebruik NAAM als stuurprogramma voor ct-API"
+
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NAAM|gebruik NAAM als stuurprogramma voor PC/SC"
+
+msgid "do not use the internal CCID driver"
+msgstr "gebruik het interne stuurprogramma CCID niet"
+
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+"|N|verbreek de verbinding met de kaart na een inactiviteit van N seconden"
+
+msgid "do not use a reader's pinpad"
+msgstr "gebruik het numeriek pad van de kaartlezer niet"
+
+msgid "deny the use of admin card commands"
+msgstr "sta het gebruik van commando's voor het beheer van de kaart niet toe"
+
+msgid "use variable length input for pinpad"
+msgstr "maak bij het numeriek pad gebruik van een invoer van variabele lengte"
+
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Gebruik: scdaemon [opties] (-h voor hulp)"
+
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"Syntaxis: scdaemon [opties] [commando [parameters]]\n"
+"Chipkaart-achtergronddienst voor GnuPG\n"
+
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+"gelieve de optie `--daemon' te gebruiken om het programma in de achtergrond "
+"uit te voeren\n"
+
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "verwerker voor bestandsindicator %d gestart\n"
+
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "verwerker voor bestandsindicator %d beëindigd\n"
+
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "ongeldig radix64-teken %02X overgeslagen\n"
+
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "doorspelen van aanvraag %s aan de client is mislukt\n"
+
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "dirmngr wordt nog niet uitgevoerd - `%s' wordt gestart\n"
+
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "ongeldig formaat van de omgevingsvariabele DIRMNGR_INFO\n"
+
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "protocolversie %d van dirmngr wordt niet ondersteund\n"
+
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+"kan geen verbinding leggen met de dirmngr - er wordt een noodoplossing "
+"geprobeerd\n"
+
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "door het certificaat gevraagd valideringsmodel: %s"
+
+msgid "chain"
+msgstr "ketting"
+
+msgid "shell"
+msgstr "shell"
+
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "kritieke certificaatsuitbreiding %s wordt niet ondersteund"
+
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+"het certificaat van de uitgever staat niet als een certificeringsautoriteit "
+"gemarkeerd"
+
+msgid "critical marked policy without configured policies"
+msgstr ""
+"gemarkeerd als kritieke richtlijn maar instellingen voor beleidsrichtlijnen "
+"ontbreken"
+
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "kan `%s' niet openen: %s\n"
+
+msgid "note: non-critical certificate policy not allowed"
+msgstr "noot: niet-kritieke certificaatsrichtlijn niet toegestaan"
+
+msgid "certificate policy not allowed"
+msgstr "certificaatsrichtlijn niet toegestaan"
+
+msgid "looking up issuer at external location\n"
+msgstr "uitgever wordt op een externe locatie opgezocht\n"
+
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "aantal overeenstemmende uitgevers: %d\n"
+
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "uitgever wordt opgezocht in de cache van Dirmngr\n"
+
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "aantal overeenstemmende certificaten: %d\n"
+
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr ""
+"het enkel in de cache van dirmngr opzoeken van de sleutel is mislukt: %s\n"
+
+msgid "failed to allocate keyDB handle\n"
+msgstr "het reserveren van het beheer van de sleuteldatabase is mislukt\n"
+
+msgid "certificate has been revoked"
+msgstr "certificaat werd ingetrokken"
+
+msgid "the status of the certificate is unknown"
+msgstr "onbekende status van het certificaat"
+
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+"gelieve u ervan te vergewissen dat de \"dirmngr\" behoorlijk geïnstalleerd "
+"werd\n"
+
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "controle van de lijst van ingetrokken certificaten is mislukt: %s"
+
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "certificaat met een ongeldige geldigheid: %s"
+
+msgid "certificate not yet valid"
+msgstr "certificaat is nog niet geldig"
+
+msgid "root certificate not yet valid"
+msgstr "stamcertificaat is nog niet geldig"
+
+msgid "intermediate certificate not yet valid"
+msgstr "het tussenliggend certificaat is nog niet geldig"
+
+msgid "certificate has expired"
+msgstr "het certificaat is verlopen"
+
+msgid "root certificate has expired"
+msgstr "het stamcertificaat is vervallen"
+
+msgid "intermediate certificate has expired"
+msgstr "het tussenliggend certificaat is vervallen"
+
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "de vereiste certificaatattributen ontbreken: %s%s%s"
+
+msgid "certificate with invalid validity"
+msgstr "certificaat met ongeldige geldigheid"
+
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+"handtekening werd niet aangemaakt binnen de levensduur van het certificaat"
+
+msgid "certificate not created during lifetime of issuer"
+msgstr "certificaat werd niet aangemaakt binnen de levensduur van de uitgever"
+
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+"het tussenliggend certificaat werd niet aangemaakt binnen de levensduur van "
+"de uitgever"
+
+msgid " ( signature created at "
+msgstr " (handtekening aangemaakt op "
+
+msgid " (certificate created at "
+msgstr " ( certificaat aangemaakt op "
+
+msgid " (certificate valid from "
+msgstr " ( certificaat geldig van "
+
+msgid " ( issuer valid from "
+msgstr " ( uitgever geldig van "
+
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "vingerafdruk=%s\n"
+
+msgid "root certificate has now been marked as trusted\n"
+msgstr "het stamcertificaat werd nu als betrouwbaar gemarkeerd\n"
+
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+"iets interactief als betrouwbaar markeren is niet mogelijk met gpg-agent\n"
+
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+"iets interactief als betrouwbaar markeren is tijdens deze sessie niet "
+"mogelijk\n"
+
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+"WAARSCHUWING: het tijdstip waarop de handtekening aangemaakt werd is niet "
+"bekend - er wordt aangenomen dat het nu was"
+
+msgid "no issuer found in certificate"
+msgstr "geen uitgever gevonden in het certificaat"
+
+msgid "self-signed certificate has a BAD signature"
+msgstr "auto-gesigneerd certificaat heeft een SLECHTE handtekening"
+
+msgid "root certificate is not marked trusted"
+msgstr "stamcertificaat staat niet gemarkeerd als betrouwbaar"
+
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "controle van de lijst van vertrouwen is mislukt: %s\n"
+
+msgid "certificate chain too long\n"
+msgstr "certificaatketting is te lang\n"
+
+msgid "issuer certificate not found"
+msgstr "certificaat van uitgever niet gevonden"
+
+msgid "certificate has a BAD signature"
+msgstr "certificaat heeft een SLECHTE ondertekening"
+
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+"mogelijk een ander overeenstemmend CA-certificaat gevonden - er wordt "
+"opnieuw geprobeerd"
+
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+"certificaatketting is langer dan toegestaan door de certificatieautoriteit "
+"(%d)"
+
+msgid "certificate is good\n"
+msgstr "certificaat is goed\n"
+
+msgid "intermediate certificate is good\n"
+msgstr "tussenliggend certificaat is goed\n"
+
+msgid "root certificate is good\n"
+msgstr "stamcertificaat is goed\n"
+
+msgid "switching to chain model"
+msgstr "er wordt overgeschakeld op het kettingmodel"
+
+#, c-format
+msgid "validation model used: %s"
+msgstr "gebruikt valideringsmodel: %s"
+
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "%s-sleutel gebruikt een onveilige (%u bit) hash\n"
+
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "een hash van %u bit is niet geldig voor een %u bit %s-sleutel\n"
+
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(dit is het MD2-algoritme)\n"
+
+msgid "none"
+msgstr "geen"
+
+msgid "[Error - invalid encoding]"
+msgstr "[Fout - ongeldige codering]"
+
+msgid "[Error - out of core]"
+msgstr "[Fout - geheugenlimiet overschreden]"
+
+msgid "[Error - No name]"
+msgstr "[Fout - Geen naam]"
+
+msgid "[Error - invalid DN]"
+msgstr "[Fout - ongeldige DN]"
+
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Voer de wachtwoordzin in voor het ontgrendelen van de geheime sleutel van "
+"het X.509-certificaat:\n"
+"\"%s\"\n"
+"serienummer %s, ID 0x%08lX,\n"
+"aangemaakt op %s, vervalt op %s.\n"
+
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+"geen gebruik gespecificeerd voor de sleutel - elk gebruik wordt "
+"verondersteld\n"
+
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr ""
+"fout bij het ophalen van de informatie over het gebruik van de sleutel: %s\n"
+
+msgid "certificate should not have been used for certification\n"
+msgstr "het certificaat had niet gebruikt mogen worden om te certificeren\n"
+
+msgid "certificate should not have been used for OCSP response signing\n"
+msgstr ""
+"het certificaat had niet gebruikt mogen worden voor het ondertekenen van "
+"OCSP-antwoorden\n"
+
+msgid "certificate should not have been used for encryption\n"
+msgstr "het certificaat had niet gebruikt mogen worden om te versleutelen\n"
+
+msgid "certificate should not have been used for signing\n"
+msgstr "het certificaat had niet gebruikt mogen worden om te ondertekenen\n"
+
+msgid "certificate is not usable for encryption\n"
+msgstr "het certificaat kan niet gebruikt worden om te versleutelen\n"
+
+msgid "certificate is not usable for signing\n"
+msgstr "het certificaat kan niet gebruikt worden om te ondertekenen\n"
+
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "regel %d: ongeldig algoritme\n"
+
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "regel %d: ongeldige sleutellengte %u (geldig is van %d tot %d)\n"
+
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "regel %d: geen naam aan het subject gegeven\n"
+
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "regel %d: de naam van het subject heeft het ongeldige label `%.*s'\n"
+
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "regel %d: het subject heeft de ongeldige naam `%s' op positie %d\n"
+
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "regel %d: geen geldig e-mailadres\n"
+
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "regel %d: fout bij het lezen van sleutel `%s' van de kaart: %s\n"
+
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr ""
+"regel %d: fout bij het ophalen van de sleutel met sleutelhendel `%s': %s\n"
+
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "regel %d: sleutel aanmaken is mislukt: %s <%s>\n"
+
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"Om deze certificaataanvraag te vervolledigen moet u nogmaals de "
+"wachtwoordzin invoeren voor de sleutel die u zonet aanmaakte.\n"
+
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Bestaande sleutel\n"
+
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) Bestaande sleutel op de kaart\n"
+
+msgid "Enter the keygrip: "
+msgstr "Voer de sleutelhendel in: "
+
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+"Geen geldige sleutelhendel (een reeks van 40 hexadecimale cijfers wordt "
+"verwacht)\n"
+
+msgid "No key with this keygrip\n"
+msgstr "Deze sleutelhendel heeft geen sleutel bij zich\n"
+
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr "fout bij het lezen van de kaart: %s\n"
+
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "Serienummer van de kaart: %s\n"
+
+msgid "Available keys:\n"
+msgstr "Beschikbare sleutels:\n"
+
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Mogelijke acties voor een %s-sleutel:\n"
+
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) ondertekenen, versleutelen\n"
+
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) ondertekenen\n"
+
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) versleutelen\n"
+
+msgid "Enter the X.509 subject name: "
+msgstr "Voer de naam in voor het subject in X.509-formaat: "
+
+msgid "No subject name given\n"
+msgstr "Geen naam voor het subject ingevoerd\n"
+
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "De naam voor het subject heeft ongeldig label `%.*s'\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Subject met ongeldige naam `%s'\n"
+
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "21"
+
+msgid "Enter email addresses"
+msgstr "Voer de e-mailadressen in"
+
+msgid " (end with an empty line):\n"
+msgstr " (beëindig met een lege regel):\n"
+
+msgid "Enter DNS names"
+msgstr "Voer de DNS-namen in"
+
+msgid " (optional; end with an empty line):\n"
+msgstr " (facultatief; beëindig met een lege regel):\n"
+
+msgid "Enter URIs"
+msgstr "Voer de URI's in"
+
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Te gebruiken parameters bij het aanvragen van een certificaat:\n"
+
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+"Er wordt nu een aanvraag voor een certificaat gemaakt. Dit kan even "
+"duren ...\n"
+
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+"Klaar. U zou die aanvraag nu moeten sturen naar uw certificatieautoriteit.\n"
+
+msgid "resource problem: out of core\n"
+msgstr "een probleem van hulpbronnen: geheugenlimiet overschreden\n"
+
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(dit is het RC2-algoritme)\n"
+
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(dit lijkt geen versleuteld bericht te zijn)\n"
+
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "certificaat `%s' niet gevonden: %s\n"
+
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "fout bij het vergrendelen van het sleutelkistje: %s\n"
+
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "duplicaat van het certificaat `%s' werd verwijderd\n"
+
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certificaat `%s' werd verwijderd\n"
+
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "verwijderen van certificaat \"%s\" is mislukt: %s\n"
+
+msgid "no valid recipients given\n"
+msgstr "geen geldige ontvangers opgegeven)\n"
+
+msgid "list external keys"
+msgstr "toon externe sleutels"
+
+msgid "list certificate chain"
+msgstr "toon de certificaatketting"
+
+msgid "import certificates"
+msgstr "importeer certificaten"
+
+msgid "export certificates"
+msgstr "exporteer certificaten"
+
+msgid "register a smartcard"
+msgstr "registreer een chipkaart"
+
+msgid "pass a command to the dirmngr"
+msgstr "geef een opdracht door aan de dirmngr"
+
+msgid "invoke gpg-protect-tool"
+msgstr "Activeer gpg-protect-tool"
+
+msgid "create base-64 encoded output"
+msgstr "creëer uitvoer in base-64-formaat"
+
+msgid "assume input is in PEM format"
+msgstr "ga er van uit dat de invoer in PEM-formaat is"
+
+msgid "assume input is in base-64 format"
+msgstr "ga er van uit dat de invoer in base-64-formaat is"
+
+msgid "assume input is in binary format"
+msgstr "ga er van uit dat de invoer in binair formaat is"
+
+msgid "use system's dirmngr if available"
+msgstr "gebruik de dirmngr van het systeem als die beschikbaar is"
+
+msgid "never consult a CRL"
+msgstr "raadpleeg nooit een CRL (lijst van ingetrokken certificaten)"
+
+msgid "check validity using OCSP"
+msgstr "controleer geldigheid met OCSP"
+
+msgid "|N|number of certificates to include"
+msgstr "|N|aantal toe te voegen certificaten"
+
+msgid "|FILE|take policy information from FILE"
+msgstr "|BESTAND|haal richtlijninformatie uit BESTAND"
+
+msgid "do not check certificate policies"
+msgstr "kijk de certificaatrichtlijnen niet na"
+
+msgid "fetch missing issuer certificates"
+msgstr "haal ontbrekende uitgeverscertificaten op"
+
+msgid "don't use the terminal at all"
+msgstr "maak helemaal geen gebruik van de terminal"
+
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|BESTAND|houd een logboek bij in server-modus in BESTAND"
+
+msgid "|FILE|write an audit log to FILE"
+msgstr "|BESTAND|houd een auditlogboek bij in BESTAND"
+
+msgid "batch mode: never ask"
+msgstr "automatische modus: stel nooit vragen"
+
+msgid "assume yes on most questions"
+msgstr "ga uit van een ja-antwoord op de meeste vragen"
+
+msgid "assume no on most questions"
+msgstr "ga uit van een nee-antwoord op de meeste vragen"
+
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|BESTAND|voeg de sleutelring toe aan de lijst van sleutelringen"
+
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|GEBRUIKERS-ID|gebruik GEBRUIKERS-ID als de standaard geheime sleutel"
+
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|gebruik deze sleutelserver om sleutels op te zoeken"
+
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAAM|gebruik versleutelingsalgoritme NAAM"
+
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NAAM|gebruik hashalgoritme NAAM"
+
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Gebruik: gpgsm [opties] [bestanden] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"Sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"Default operation depends on the input data\n"
+msgstr ""
+"Syntaxis: gpgsm [opties] [bestanden]\n"
+"Onderteken, controleer, versleutel of ontcijfer met het S/MIME-protocol\n"
+"Standaardactie is afhankelijk van de ingevoerde gegevens\n"
+
+msgid "usage: gpgsm [options] "
+msgstr "gebruik: gpgsm [opties] "
+
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "NOOT: zal niet in staat zijn om te versleutelen naar `%s': %s\n"
+
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "onbekend valideringsmodel `%s'\n"
+
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: geen computernaam opgegeven\n"
+
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: wachtwoord zonder gebruiker gegeven\n"
+
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: deze regel wordt overgeslagen\n"
+
+msgid "could not parse keyserver\n"
+msgstr "kon de sleutelserver niet ontleden\n"
+
+msgid "WARNING: running with faked system time: "
+msgstr "WAARSCHUWING: wordt uitgevoerd met de gesimuleerde systeemtijd: "
+
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "bezig met importeren van gemeenschappelijke certificaten `%s'\n"
+
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "kan niet ondertekenen met `%s': %s\n"
+
+msgid "invalid command (there is no implicit command)\n"
+msgstr "ongeldig commando (er is geen impliciet commando)\n"
+
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "totaal aantal verwerkt: %lu\n"
+
+msgid "error storing certificate\n"
+msgstr "fout bij het opslaan van het certificaat\n"
+
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+"basale controle van het certificaat mislukte - wordt niet geïmporteerd\n"
+
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "fout bij het inlezen van de opgeslagen opties: %s\n"
+
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "fout bij het importeren van het certificaat: %s\n"
+
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "fout bij het lezen van invoer: %s\n"
+
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "fout bij het aanmaken van sleuteldoosje `%s': %s\n"
+
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "sleuteldoosje `%s' is aangemaakt\n"
+
+msgid "failed to get the fingerprint\n"
+msgstr "opvragen van de vingerafdruk is mislukt: %s\n"
+
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "probleem bij het opzoeken van een bestaand certificaat: %s\n"
+
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr ""
+"fout bij het zoeken naar een sleuteldatabase waarin kan geschreven worden: "
+"%s\n"
+
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "fout bij het opslaan van het certificaat: %s\n"
+
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "probleem bij het opnieuw opzoeken van het certificaat: %s\n"
+
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "fout bij het opslaan van de opties: %s\n"
+
+msgid "Error - "
+msgstr "Fout - "
+
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+"GPG_TTY werd niet ingesteld - de standaard, die misschien gebrekkig zal "
+"functioneren, wordt gebruik\n"
+
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "ongeldig opgemaakte vingerafdruk in `%s', regel %d\n"
+
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "ongeldige landcode in `%s', regel %d\n"
+
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"U staat op het punt om een handtekening aan te maken met uw certificaat:\n"
+"\"%s\"\n"
+"Dit zal een bevoegde handtekening aanmaken die volgens de wet evenwaardig is "
+"aan een met de hand geplaatste handtekening.\n"
+"\n"
+"%s%sBent u er echt zeker van dat u dit wilt doen?"
+
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Noteer dat deze programmatuur niet officieel goedgekeurd is om dergelijke "
+"handtekeningen aan te maken of te verifiëren.\n"
+
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"U staat op het punt om een handtekening aan te maken met uw certificaat:\n"
+"\"%s\"\n"
+"Noteer dat dit certificaat GEEN bevoegde handtekening zal aanmaken!"
+
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr ""
+"hashalgoritme %d (%s) voor ondertekenaar %d wordt niet ondersteund; %s wordt "
+"gebruikt\n"
+
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+"er wordt gebruik gemaakt van het hashalgoritme voor ondertekenaar %d: %s "
+"(%s)\n"
+
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "nagaan of het een bevoegd certificaat betreft, is mislukt: %s\n"
+
+msgid "Signature made "
+msgstr "Handtekening geplaatst"
+
+msgid "[date not given]"
+msgstr "[datum niet vermeld]"
+
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " er wordt gebruik gemaakt van certificaat ID 0x%08lX\n"
+
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+"ongeldige ondertekening: het hashattribuut van het bericht komt niet overeen "
+"met het berekende\n"
+
+msgid "Good signature from"
+msgstr "Goede handtekening van"
+
+msgid " aka"
+msgstr " ook bekend als"
+
+msgid "This is a qualified signature\n"
+msgstr "Dit is een bevoegde ondertekening\n"
+
+msgid "quiet"
+msgstr "stil"
+
+msgid "print data out hex encoded"
+msgstr "toon de gecodeerde gegevens in hexadecimaal formaat"
+
+msgid "decode received data lines"
+msgstr "ontcijfer de ontvangen dataregels"
+
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|NAAM|maak verbinding met Assuan-socket NAAM"
+
+msgid "run the Assuan server given on the command line"
+msgstr "start de Assuan-server die aan de commandolijn ingevoerd werd"
+
+msgid "do not use extended connect mode"
+msgstr "maak geen gebruik van de uitvoerige verbindingsmodus"
+
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|BESTAND|voer bij het opstarten de opdrachten uit BESTAND uit"
+
+msgid "run /subst on startup"
+msgstr "voer bij het opstarten /subst uit"
+
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Gebruik: gpg-connect-agent [opties] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"Syntaxis: gpg-connect-agent [opties]\n"
+"Maak een verbinding met een actieve agent en stuur opdrachten\n"
+
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "optie \"%s\" vereist een programma en optionele argumenten\n"
+
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "optie \"%s\" genegeerd omwille van \"%s\"\n"
+
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "ontvangen van regel is mislukt: %s\n"
+
+msgid "line too long - skipped\n"
+msgstr "regel is te lang - overgeslagen\n"
+
+msgid "line shortened due to embedded Nul character\n"
+msgstr "regel werd ingekort wegens een ingebed NULL-teken\n"
+
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "onbekende opdracht `%s'\n"
+
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "regel versturen is mislukt: %s\n"
+
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "fout bij het versturen van opdracht %s: %s\n"
+
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "fout bij het versturen van standaardopties: %s\n"
+
+msgid "Options controlling the diagnostic output"
+msgstr "Opties die de diagnostische uitvoer sturen"
+
+msgid "Options controlling the configuration"
+msgstr "Opties die de configuratie-instellingen sturen"
+
+msgid "Options useful for debugging"
+msgstr "Nuttige opties voor foutenanalyse (debugging)"
+
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|BESTAND|schrijf logboekgegevens in server-modus naar BESTAND"
+
+msgid "Options controlling the security"
+msgstr "Opties die de beveiliging sturen"
+
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|laat SSH-sleutels na N seconden verlopen"
+
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+"|N|stel de maximale levensduur van de cache van de pincode in op N seconden"
+
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|stel de maximale levensduur van een SSH-sleutel in op N seconden"
+
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+"Opties voor het toepassen van richtlijnen in verband met wachtwoordzinnen"
+
+msgid "do not allow bypassing the passphrase policy"
+msgstr "sta niet toe om de richtlijnen inzake wachtwoordzinnen te omzeilen"
+
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|stel de minimale lengte voor nieuwe wachtwoordzinnen in op N"
+
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+"|N|stel als vereiste dat een nieuwe wachtwoordzin minstens N niet-alfa "
+"tekens moet bevatten"
+
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|BESTAND|toets nieuwe wachtwoordzinnen af aan het patroon in BESTAND"
+
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|laat de wachtwoordzin na N dagen vervallen"
+
+msgid "do not allow the reuse of old passphrases"
+msgstr "laat het opnieuw gebruiken van oude wachtwoordzinnen niet toe"
+
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAAM|gebruik NAAM als standaard geheime sleutel"
+
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAAM|versleutel ook naar gebruikers-ID NAAM"
+
+msgid "|SPEC|set up email aliases"
+msgstr "|SPEC|stel e-mail aliassen in"
+
+msgid "Configuration for Keyservers"
+msgstr "Instellingen voor Sleutelservers"
+
+msgid "|URL|use keyserver at URL"
+msgstr "|URL|gebruik de sleutelserver op URL"
+
+msgid "allow PKA lookups (DNS requests)"
+msgstr "sta PKA-opzoekingen toe (DNS-verzoeken)"
+
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+"|MECHANISME|gebruik MECHANISME om sleutels via e-mailadressen te localiseren"
+
+msgid "disable all access to the dirmngr"
+msgstr "deactiveer alle toegang tot de dirmngr"
+
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr ""
+"|NAAM|gebruik codering NAAM voor wachtwoordzinnen van het formaat PKCS#12"
+
+msgid "do not check CRLs for root certificates"
+msgstr ""
+"voer voor stamcertificaten geen controle uit bij de lijst van ingetrokken "
+"certificaten"
+
+msgid "Options controlling the format of the output"
+msgstr "Opties om het formaat van de uitvoer te sturen"
+
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Opties die een invloed hebben op de interactiviteit en de uitvoering"
+
+msgid "Configuration for HTTP servers"
+msgstr "Configuratie van de HTTP-servers"
+
+msgid "use system's HTTP proxy setting"
+msgstr "gebruik de instellingen van het systeem met betrekking tot HTTP proxy"
+
+msgid "Configuration of LDAP servers to use"
+msgstr "Te gebruiken configuratie voor de LDAP-servers"
+
+msgid "LDAP server list"
+msgstr "Lijst van LDAP-servers"
+
+msgid "Configuration for OCSP"
+msgstr "Configuratie van OCSP"
+
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "Externe verificatie van component %s is mislukt"
+
+msgid "Note that group specifications are ignored\n"
+msgstr "Noteer dat groepsspecificaties genegeerd worden\n"
+
+msgid "list all components"
+msgstr "toon alle componenten"
+
+msgid "check all programs"
+msgstr "controleer alle programma's"
+
+msgid "|COMPONENT|list options"
+msgstr "|COMPONENT|toon opties"
+
+msgid "|COMPONENT|change options"
+msgstr "|COMPONENT|wijzig opties"
+
+msgid "|COMPONENT|check options"
+msgstr "|COMPONENT|controleer opties"
+
+msgid "apply global default values"
+msgstr "pas de globale standaardwaarden toe"
+
+msgid "get the configuration directories for gpgconf"
+msgstr "haal de mappen op met de configuratie-instellingen van gpgconf"
+
+msgid "list global configuration file"
+msgstr "toon het bestand met de globale configuratie-instellingen"
+
+msgid "check global configuration file"
+msgstr "controleer het bestand met de globale configuratie-instellingen"
+
+msgid "use as output file"
+msgstr "gebruik als uitvoerbestand"
+
+msgid "activate changes at runtime, if possible"
+msgstr ""
+"pas indien mogelijk wijzigingen nog toe tijdens de uitvoering van het "
+"programma"
+
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Gebruik: gpgconf [opties] (-h voor hulp)"
+
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"Syntaxis: gpgconf [opties]\n"
+"Beheer de configuratieopties van de instrumenten van het GnuPG-systeem\n"
+
+msgid "usage: gpgconf [options] "
+msgstr "gebruik: gpgconf [opties] "
+
+msgid "Need one component argument"
+msgstr "Een component als argument is vereist"
+
+msgid "Component not found"
+msgstr "Component niet gevonden"
+
+msgid "No argument allowed"
+msgstr "Een argument is niet toegelaten"
+
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Commando's:\n"
+" "
+
+msgid "decryption modus"
+msgstr "ontcijferingsmodus"
+
+msgid "encryption modus"
+msgstr "encryptiemodus"
+
+msgid "tool class (confucius)"
+msgstr "klasse van instrumenten (confucius)"
+
+msgid "program filename"
+msgstr "bestandsnaam van het programma"
+
+msgid "secret key file (required)"
+msgstr "geheime-sleutelbestand (verplicht)"
+
+msgid "input file name (default stdin)"
+msgstr "bestandsnaam voor de invoer (standaard is stdin)"
+
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Gebruik: symcryptrun [opties] (-h voor hulp)"
+
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"Syntaxis: symcryptrun --class KLASSE --program PROGRAMMA --keyfile "
+"SLEUTELBESTAND [opties...] COMMANDO [invoerbestand]\n"
+"Uitvoeren van een eenvoudig hulpmiddel voor symmetrische versleuteling\n"
+
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s op %s afgebroken met status %i\n"
+
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s op %s mislukte met status %i\n"
+
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "kan tijdelijke map `%s' niet maken: %s\n"
+
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "kon %s niet openen om er naar te schrijven: %s\n"
+
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "fout bij het schrijven naar %s: %s\n"
+
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "fout bij het lezen uit %s: %s\n"
+
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "fout bij het sluiten van %s: %s\n"
+
+msgid "no --program option provided\n"
+msgstr "geen optie --program meegegeven\n"
+
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "enkel --decrypt en --encrypt worden ondersteund\n"
+
+msgid "no --keyfile option provided\n"
+msgstr "geen optie --keyfile meegegeven\n"
+
+msgid "cannot allocate args vector\n"
+msgstr "kan de parametervector niet reserveren\n"
+
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "kon pijp niet aanmaken: %s\n"
+
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "kon pty niet aanmaken: %s\n"
+
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "kon geen nieuw programma (fork) starten: %s\n"
+
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "execv is mislukt: %s\n"
+
+#, c-format
+msgid "select failed: %s\n"
+msgstr "selecteren is mislukt: %s\n"
+
+#, c-format
+msgid "read failed: %s\n"
+msgstr "lezen is mislukt: %s\n"
+
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "lezen van pty is mislukt: %s\n"
+
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "waitpid is mislukt: %s\n"
+
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "kindproces werd afgebroken met status %i\n"
+
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "kan de tekenreeks infile niet reserveren: %s\n"
+
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "kan de tekenreeks outfile niet reserveren: %s\n"
+
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "ofwel %s of %s moet opgegeven worden\n"
+
+msgid "no class provided\n"
+msgstr "geen klasse opgegeven\n"
+
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "klasse %s wordt niet ondersteund\n"
+
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Gebruik: gpg-check-pattern [opties] patroonbestand (-h voor hulp)\n"
+
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"Syntaxis: gpg-check-pattern [opties] patroonbestand\n"
+"Toets een wachtwoordzin die op stdin ingevoerd werd, aan een patroonbestand\n"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "kan geen priemgetal genereren met pbits=%u qbits=%u\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "kan geen priemgetal genereren van minder dan %d bits\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "geen module gevonden om entropie te verzamelen\n"
+
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "kan `%s' niet vergrendelen: %s\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "kan status van `%s' niet vaststellen: %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' is geen gewoon bestand - wordt genegeerd\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "noot: bestand random_seed is leeg\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr ""
+#~ "WAARSCHUWING: ongeldige grootte van het bestand random_seed - wordt niet "
+#~ "gebruikt\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "kan `%s' niet lezen: %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "noot: bestand random_seed wordt niet bijgewerkt\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "kan `%s' niet wegschrijven: %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "kan `%s' niet afsluiten: %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr ""
+#~ "WAARSCHUWING: er wordt een onveilige generator van willekeurige getallen "
+#~ "gebruikt!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "De generator van willekeurige getallen is alleen maar een zootje "
+#~ "ongeregeld\n"
+#~ "om iets te hebben dat werkt - het is niet echt een sterk programma!\n"
+#~ "\n"
+#~ "GEBRUIK DE DOOR DIT PROGRAMMA GEGENEREERDE GEGEVENS NIET!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Ogenblik geduld, entropie wordt verzameld. Werk intussen wat.\n"
+#~ "Het zal er niet enkel voor zorgen dat u zich niet gaat vervelen, het\n"
+#~ "zal tegelijk de kwaliteit van de entropie verbeteren.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Er zijn niet genoeg willekeurige bytes beschikbaar. Doe wat ander werk om "
+#~ "het OS\n"
+#~ "de gelegenheid te geven meer entropie te verzamelen! (heb nog %d bytes "
+#~ "nodig)\n"
+
+#~ msgid "card reader not available\n"
+#~ msgstr "kaartlezer is niet beschikbaar\n"
+
+#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
+#~ msgstr "Plaats de kaart en druk op enter of op 'c' om te cancelen: "
+
+#~ msgid "Hit return when ready or enter 'c' to cancel: "
+#~ msgstr "Druk op enter als u klaar bent of op 'c' om te cancelen: "
+
+#~ msgid "Enter New Admin PIN: "
+#~ msgstr "Voer de nieuwe pincode voor de beheerder in: "
+
+#~ msgid "Enter New PIN: "
+#~ msgstr "Voer nieuwe pincode in: "
+
+#~ msgid "Enter Admin PIN: "
+#~ msgstr "Voer de pincode voor de beheerder in: "
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "berichten aanmaken die compatibel zijn met PGP 2.x"
+
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "NOOT: %s is niet beschikbaar in deze versie\n"
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [gebruikers-id] [sleutelring]"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Het is aan u om hier een waarde toe te kennen; deze waarde zal nooit naar "
+#~ "een\n"
+#~ "derde partij geëxporteerd worden. We hebben ze nodig om het netwerk-van-"
+#~ "vertrouwen\n"
+#~ "(web-of-trust) te implementeren. Dit heeft niets te maken met het "
+#~ "(impliciet\n"
+#~ "aangemaakte) netwerk-van-certificaten (web-of-certificates)."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Om het netwerk-van-vertrouwen op te bouwen, moet GnuPG weten welke "
+#~ "sleutels\n"
+#~ "volledig vertrouwd worden. Dit zijn gewoonlijk de sleutels waarvoor u ook "
+#~ "toegang\n"
+#~ "tot de geheime sleutel heeft. Antwoord \"yes\" om deze sleutel in te\n"
+#~ "stellen als volledig te vertrouwen.\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Als u deze niet-vertrouwde sleutel toch wilt gebruiken, antwoord dan \"yes"
+#~ "\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "Voer het gebruikers-ID in van de ontvanger van dit bericht."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "Selecteer het te gebruiken algoritme.\n"
+#~ "\n"
+#~ "DSA (ook bekend als DSS) is het algoritme voor digitale handtekeningen\n"
+#~ "(Digital Signature Algorithm) dat enkel voor ondertekeningen kan gebruikt "
+#~ "worden.\n"
+#~ "\n"
+#~ "Elgamal is een algoritme enkel bedoeld voor versleuteling.\n"
+#~ "\n"
+#~ "RSA kan gebruikt worden voor ondertekeningen en versleuteling.\n"
+#~ "\n"
+#~ "De eerste (primaire) sleutel moet altijd een sleutel zijn waarmee "
+#~ "ondertekend\n"
+#~ "kan worden."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "In het algemeen is het geen goed idee om dezelfde sleutel te gebruiken "
+#~ "om\n"
+#~ "te ondertekenen en te versleutelen. Dit algoritme zou enkel in bepaalde "
+#~ "domeinen\n"
+#~ "gebruikt mogen worden. Vraag eerst een beveiligingsspecialist om advies."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Voer de lengte van de sleutel in"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Antwoord \"yes\" (Ja) of \"no\" (nee)"
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Geef de vereiste waarde op, zoals getoond in de vraag.\n"
+#~ "Het is mogelijk om een datum in ISO-formaat (JJJJ-MM-DD) in te voeren, "
+#~ "maar u\n"
+#~ "zult geen passende foutmelding krijgen - het systeem zal daarentegen "
+#~ "proberen\n"
+#~ "om de ingevoerde waarde te interpreteren als een interval."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Geef de naam van de sleutelhouder"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr ""
+#~ "geef alstublieft een e-mailadres, dit is niet verplicht maar wel sterk "
+#~ "aangeraden"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Geef eventueel een toelichting. Dit is facultatief"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to quit the key generation."
+#~ msgstr ""
+#~ "N om de de naam te veranderen.\n"
+#~ "C om de toelichting te veranderen.\n"
+#~ "E om het e-mailadres te veranderen.\n"
+#~ "O om door te gaan met het aanmaken van de sleutel.\n"
+#~ "Q om het aanmaken van de sleutel af te breken."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr ""
+#~ "Antwoord \"yes\" (of alleen \"y\") als het oké is om de subsleutel te "
+#~ "maken."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Als U een gebruikers-ID koppelt aan een sleutel, moet U eerst nagaan of "
+#~ "de\n"
+#~ "sleutel echt van de persoon is die in het gebruikers-ID genoemd wordt.\n"
+#~ "Voor anderen is het van belang te weten dat U dit grondig gecontroleerd "
+#~ "heeft.\n"
+#~ "\n"
+#~ "\"0\" betekent dat U zich niet uitspreekt over hoe grondig U deze "
+#~ "sleutel\n"
+#~ " heeft gecontroleerd\n"
+#~ "\n"
+#~ "\"1\" betekent dat U gelooft dat de sleutel eigendom is van de persoon "
+#~ "die beweert\n"
+#~ " er eigenaar van te zijn, maar dat u de sleutel niet controleerde of "
+#~ "dit\n"
+#~ " niet kon doen. Dit is zinvol in geval van een \"persona\"-verificatie "
+#~ "bij\n"
+#~ " het ondertekenen van de sleutel van het pseudoniem van een "
+#~ "gebruiker.\n"
+#~ "\n"
+#~ "\"2\" betekent dat U de sleutel vluchtig gecontroleerd heeft. Dit kan "
+#~ "bijvoorbeeld\n"
+#~ " betekenen dat u de vingerafdruk van de sleutel gecontroleerd heeft en "
+#~ "de\n"
+#~ " gebruikers-ID getoetst heeft aan een identiteitsfoto.\n"
+#~ "\n"
+#~ "\"3\" betekent dat u de sleutel uitvoerig heeft gecontroleerd. Dit kan "
+#~ "bijvoorbeeld\n"
+#~ " betekenen dat U de vingerafdruk van de sleutel persoonlijk "
+#~ "gecontroleerd\n"
+#~ " heeft bij de eigenaar van de sleutel, en dat u gecontroleerd heeft "
+#~ "aan de hand\n"
+#~ " van een foto op een moeilijk te vervalsen document (zoals een "
+#~ "paspoort)\n"
+#~ " dat de naam van de eigenaar van de sleutel overeenkomt met de naam in "
+#~ "de\n"
+#~ " gebruikers-ID op de sleutel, en dat u tenslotte gecontroleerd heeft "
+#~ "(via het\n"
+#~ " uitwisselen van e-mail) dat het e-mailadres op de sleutel effectief "
+#~ "van\n"
+#~ " de eigenaar van de sleutel is.\n"
+#~ "\n"
+#~ "Noteer dat de gegeven voorbeelden voor de niveaus 2 en 3 *slechts* "
+#~ "voorbeelden\n"
+#~ "zijn. Uiteindelijk moet U zelf uitmaken wat voor u de betekenis is van "
+#~ "\"vluchtig\"\n"
+#~ "en \"uitvoerig\" bij het ondertekenen van sleutels van anderen.\n"
+#~ "\n"
+#~ "Indien u twijfelt over wat het correcte antwoord is, antwoord dan \"0\"."
+
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Antwoord \"yes\" als U ALLE gebruikers-ID's wilt tekenen."
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Antwoord \"yes\" als u werkelijk deze gebruikers-ID wilt wissen.\n"
+#~ "Alle bijbehorende certificaten worden ook gewist!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Antwoord \"yes\" als het oké is om de subsleutel te wissen"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Dit is een geldige ondertekening van de sleutel; normaal gezien wilt U "
+#~ "deze\n"
+#~ "ondertekening niet wissen. omdat ze belangrijk kan zijn voor het opzetten "
+#~ "van een\n"
+#~ "betrouwbare relatie met behulp van deze sleutel of met een andere sleutel "
+#~ "die met\n"
+#~ "deze sleutel gecertificeerd werd."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Deze ondertekening kan niet worden gecontroleerd omdat u de bijbehorende\n"
+#~ "sleutel niet heeft. U wordt aangeraden om het verwijderen ervan uit te "
+#~ "stellen\n"
+#~ "totdat u weet welke sleutel gebruikt geweest is, omdat deze "
+#~ "ondertekenende\n"
+#~ "sleutel misschien een betrouwbare relatie tot stand brengt via\n"
+#~ "een andere reeds gecertificeerde sleutel."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "De ondertekening is niet geldig. Het is een goed idee om ze van uw "
+#~ "sleutelring\n"
+#~ "af te halen."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Dit is een ondertekening die de gebruikers-ID aan de sleutel koppelt. "
+#~ "Het\n"
+#~ "is meestal niet goed om een dergelijke handtekening te verwijderen. "
+#~ "Waarschijnlijk\n"
+#~ "zal GnuPG deze sleutel dan niet meer kunnen gebruiken. Doe dit dus alleen "
+#~ "als deze\n"
+#~ "zelf geplaatste handtekening om een of andere reden niet geldig is en er\n"
+#~ "een andere beschikbaar is."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Vervang de voorkeuren van alle (of alleen de gekozen) gebruikers-ID's\n"
+#~ "door de huidige lijst van voorkeuren. De tijdsindicatie van alle "
+#~ "betrokken\n"
+#~ "zelf geplaatste handtekeningen zal met een seconde worden verhoogd.\n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Herhaal de laatste wachtwoordzin, om zeker te zijn dat u die juist "
+#~ "intypte."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr ""
+#~ "Geef de naam van het bestand waarop deze handtekening van toepassing is"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Antwoord \"yes\" als het oké is om bestand te overschrijven"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Geef alstublieft een nieuwe bestandsnaam. Als U gewoon op Enter drukt zal "
+#~ "het\n"
+#~ "standaardbestand (u ziet zijn naam tussen de blokhaken) gebruikt worden."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Geef hier een reden voor de certificering. Afhankelijk van de context "
+#~ "kunt U\n"
+#~ "een omschrijving kiezen uit deze lijst:\n"
+#~ " \"Sleutel is gecompromitteerd\"\n"
+#~ " Gebruik dit indien u redenen heeft om aan te nemen dat onbevoegde\n"
+#~ " personen uw geheime sleutel in handen gekregen hebben.\n"
+#~ " \"Sleutel is vervangen\"\n"
+#~ " Gebruik dit als u deze sleutel door een nieuwe vervangen heeft.\n"
+#~ " \"Sleutel wordt niet langer gebruikt\"\n"
+#~ " Gebruik dit indien u deze sleutel ingetrokken heeft.\n"
+#~ " \"Gebruikers-ID is niet langer geldig\"\n"
+#~ " Gebruik dit om te stellen dat deze gebruikers-ID niet langer "
+#~ "gebruikt\n"
+#~ " zou moeten worden. Gewoonlijk gebruikt men dit om een e-mailadres "
+#~ "als\n"
+#~ " niet langer geldig te markeren.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Als U wilt kunt U een tekst intypen met uitleg waarom u dit\n"
+#~ "certificaat van intrekking maakt. Hou deze tekst beknopt.\n"
+#~ "Beëindig de tekst met een lege regel.\n"
+
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr " algoritmes bij deze gebruikers-ID's:\n"
+
+#~ msgid "NOTE: This feature is not available in %s\n"
+#~ msgstr "NOOT: Deze functionaliteit is niet beschikbaar in %s\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Herhaal wachtwoordzin\n"
+
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "kan geen wachtwoordzin vragen in automatische modus\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Voer wachtwoordzin in: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Herhaal wachtwoordzin: "
+
+#~ msgid "no photo viewer set\n"
+#~ msgstr "geen programma ingesteld om de foto te bekijken\n"
+
+#~ msgid "general error"
+#~ msgstr "algemene fout"
+
+#~ msgid "unknown packet type"
+#~ msgstr "onbekend pakkettype"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "onbekend algoritme van de publieke sleutel"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "onbekend hashalgoritme"
+
+#~ msgid "bad public key"
+#~ msgstr "slechte publieke sleutel"
+
+#~ msgid "bad secret key"
+#~ msgstr "slechte geheime sleutel"
+
+#~ msgid "bad signature"
+#~ msgstr "slechte handtekening"
+
+#~ msgid "checksum error"
+#~ msgstr "fout in de controlesom"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "kan de sleutelring niet openen"
+
+#~ msgid "invalid packet"
+#~ msgstr "ongeldig pakket"
+
+#~ msgid "no such user id"
+#~ msgstr "een dergelijk gebruikers-id bestaat niet"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "er werd een verkeerde geheime sleutel gebruikt"
+
+#~ msgid "bad key"
+#~ msgstr "slechte sleutel"
+
+#~ msgid "file write error"
+#~ msgstr "fout bij het wegschrijven naar het bestand"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "onbekend compressiealgoritme"
+
+#~ msgid "file open error"
+#~ msgstr "fout bij het openen van het bestand"
+
+#~ msgid "file create error"
+#~ msgstr "fout bij het aanmaken van het bestand"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "niet geïmplementeerd algoritme voor de publieke sleutel"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "niet geïmplementeerd versleutelingsalgoritme"
+
+#~ msgid "unknown signature class"
+#~ msgstr "onbekende handtekeningenklasse"
+
+#~ msgid "trust database error"
+#~ msgstr "fout in de betrouwbaarheidsdatabank (trustdb)"
+
+#~ msgid "bad MPI"
+#~ msgstr "slecht MPI (geheel getal van multipele precisie)"
+
+#~ msgid "resource limit"
+#~ msgstr "bronlimiet"
+
+#~ msgid "invalid keyring"
+#~ msgstr "ongeldige sleutelring"
+
+#~ msgid "malformed user id"
+#~ msgstr "ongeldige gebruikers-id"
+
+#~ msgid "file close error"
+#~ msgstr "fout bij het sluiten van het bestand"
+
+#~ msgid "file rename error"
+#~ msgstr "fout bij het hernoemen van het bestand"
+
+#~ msgid "file delete error"
+#~ msgstr "fout bij het verwijderen van het bestand"
+
+#~ msgid "unexpected data"
+#~ msgstr "onverwachte gegevens"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "dateringsconflict"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "onbruikbaar algoritme van de publieke sleutel"
+
+#~ msgid "file exists"
+#~ msgstr "bestand bestaat"
+
+#~ msgid "weak key"
+#~ msgstr "zwakke sleutel"
+
+#~ msgid "bad URI"
+#~ msgstr "slechte URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "niet ondersteunde URI"
+
+#~ msgid "network error"
+#~ msgstr "netwerkfout"
+
+#~ msgid "not processed"
+#~ msgstr "niet verwerkt"
+
+#~ msgid "unusable public key"
+#~ msgstr "onbruikbare publieke sleutel"
+
+#~ msgid "unusable secret key"
+#~ msgstr "onbruikbare geheime sleutel"
+
+#~ msgid "keyserver error"
+#~ msgstr "fout van de sleutelserver"
+
+#~ msgid "no card"
+#~ msgstr "geen kaart"
+
+#~ msgid "no data"
+#~ msgstr "geen gegevens"
+
+#~ msgid "ERROR: "
+#~ msgstr "FOUT: "
+
+#~ msgid "WARNING: "
+#~ msgstr "WAARSCHUWING: "
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... dit is een bug (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "WAARSCHUWING: er wordt onveilig geheugen gebruikt!\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/documentation/faqs.html for more "
+#~ "information\n"
+#~ msgstr ""
+#~ "zie http://www.gnupg.org/documentation/faqs.html voor meer informatie\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "bewerking is niet mogelijk zonder geïnitialiseerd veilig geheugen\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr ""
+#~ "(misschien heeft u voor deze taak het verkeerde programma gebruikt)\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "versleutelalgoritme uitbreiding ‘%s’ is niet geladen door onveilige\n"
+#~ "instellingen\n"
+
+#~ msgid "Command> "
+#~ msgstr "Commando> "
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA sleutelpaar krijgt %u bits.\n"
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "the trustdb is corrupted; please run “gpg --fix-trustdbâ€.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "can't put notation data into v3 (PGP 2.x style) signatures\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
diff --git a/po/pl.po b/po/pl.po
index 59b798b..2559b48 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -1,5 +1,5 @@
# Gnu Privacy Guard.
-# Copyright (C) 1998, 1999, 2000, 2001, 2002,
+# Copyright (C) 1998, 1999, 2000, 2001, 2002,
# 2007 Free Software Foundation, Inc.
# Janusz A. Urbanowicz <alex@bofh.net.pl>, 1999, 2000, 2001, 2002, 2003-2004
# Jakub Bogusz <qboosh@pld-linux.org>, 2003-2013.
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.0.20\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2013-05-12 17:25+0200\n"
+"PO-Revision-Date: 2017-02-22 16:03+0100\n"
"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
"Language: pl\n"
@@ -160,6 +160,11 @@ msgstr "błąd pobierania domyślnego keyID uwierzytelnienia karty: %s\n"
msgid "no suitable card key found: %s\n"
msgstr "nie znaleziono pasujÄ…cego klucza karty: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "błąd pobierania zapisanych flag: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1071,6 +1076,10 @@ msgstr "zignorowano błędną linię"
msgid "[none]"
msgstr "[brak]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "niewłaściwy znak formatu radix64 %02x został pominięty\n"
+
msgid "argument not expected"
msgstr "nieoczekiwany argument"
@@ -2561,6 +2570,9 @@ msgstr "błąd zapisywania certyfikatu: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Wpisz tutaj swoją wiadomość ...\n"
@@ -4276,16 +4288,12 @@ msgstr ""
"Zmienić (I)mię/nazwisko, (K)omentarz, adres (E)mail, przejść (D)alej,\n"
"czy (W)yjść z programu? "
-#, fuzzy
-#| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
msgid "Change (N)ame, (E)mail, or (Q)uit? "
-msgstr "Zmienić (I)mię/nazwisko, (K)omentarz, adres (E)mail, czy (W)yjść? "
+msgstr "Zmienić (I)mię/nazwisko, adres (E)mail, czy (W)yjść? "
-#, fuzzy
-#| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
msgstr ""
-"Zmienić (I)mię/nazwisko, (K)omentarz, adres (E)mail, przejść (D)alej,\n"
+"Zmienić (I)mię/nazwisko, adres (E)mail, przejść (D)alej,\n"
"czy (W)yjść z programu? "
msgid "Please correct the error first\n"
@@ -5999,7 +6007,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6141,7 +6149,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "błąd wysyłania polecenia %s: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6406,6 +6414,9 @@ msgstr "nie powiódł się zapis odcisku: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "nie powiódł się zapis daty utworzenia: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "błąd podczas odczytu stanu CHV z karty\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "odpowiedź nie zawiera współczynnika RSA\n"
@@ -6424,6 +6435,23 @@ msgstr "odpowiedź nie zawiera danych klucza publicznego\n"
msgid "reading public key failed: %s\n"
msgstr "odczyt klucza publicznego nie powiódł się: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "użycie domyślnego PIN-u jako %s\n"
@@ -6434,11 +6462,9 @@ msgstr ""
"nie udało się użyć domyślnego PIN-u jako %s: %s - wyłączenie dalszego "
"domyślnego użycia\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Proszę wpisać PIN%%0A[podpisów wykonanych: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Proszę wpisać PIN"
#, c-format
@@ -6449,9 +6475,6 @@ msgstr "PIN dla CHV%d jest zbyt krótki; minimalna długość to %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "weryfikacja CHV%d nie powiodła się: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "błąd podczas odczytu stanu CHV z karty\n"
-
msgid "card is permanently locked!\n"
msgstr "karta została trwale zablokowana!\n"
@@ -6468,17 +6491,16 @@ msgstr[2] ""
"Zostało %d prób PIN-u administracyjnego do trwałego zablokowania karty\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Proszę wprowadzić PIN administracyjny%%0A[pozostało prób: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Proszę wprowadzić PIN administracyjny"
msgid "access to admin commands is not configured\n"
msgstr "dostęp do poleceń administratora nie został skonfigurowany\n"
+msgid "||Please enter the PIN"
+msgstr "||Proszę wpisać PIN"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Proszę wprowadzić kod resetujący dla karty"
@@ -6648,10 +6670,6 @@ msgstr "obsługa fd %d uruchomiona\n"
msgid "handler for fd %d terminated\n"
msgstr "obsługa fd %d zakończona\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "niewłaściwy znak formatu radix64 %02x został pominięty\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
@@ -7473,6 +7491,11 @@ msgstr "Dołączone certyfikaty"
msgid " runtime cached certificates: %u\n"
msgstr "liczba pasujących certyfikatów: %d\n"
+#, fuzzy, c-format
+#| msgid "number of matching certificates: %d\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "liczba pasujących certyfikatów: %d\n"
+
#, fuzzy
#| msgid " (certificate created at "
msgid "certificate already cached\n"
@@ -8790,9 +8813,6 @@ msgstr "sprawdzenie certyfikatu kwalifikowanego nie powiodło się: %s\n"
msgid "certificate chain is good\n"
msgstr "certyfikat jest dobry\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr ""
-
#, fuzzy
#| msgid "certificate should not have been used for signing\n"
msgid "certificate should not have been used for CRL signing\n"
@@ -9258,6 +9278,12 @@ msgstr ""
"Składnia: gpg-check-pattern [opcje] plik-wzorców\n"
"Sprawdzanie hasła ze standardowego wejścia względem pliku wzorców\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Proszę wpisać PIN%%0A[podpisów wykonanych: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Proszę wprowadzić PIN administracyjny%%0A[pozostało prób: %d]"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [plik]"
diff --git a/po/pt.po b/po/pt.po
index 8fab7f8..1be33e1 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -155,6 +155,10 @@ msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
msgid "no suitable card key found: %s\n"
msgstr "nenhum porta-chaves secreto com permissões de escrita encontrado: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1039,6 +1043,10 @@ msgstr "erro na última linha\n"
msgid "[none]"
msgstr "versão desconhecida"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caracter radix64 inválido %02x ignorado\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "a escrever chave privada para `%s'\n"
@@ -2509,6 +2517,9 @@ msgstr "erro na criação da frase secreta: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Digite a sua mensagem ...\n"
@@ -5869,7 +5880,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5994,7 +6005,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "erro ao enviar para `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6248,6 +6259,9 @@ msgstr "falha ao inicializar a base de dados de confiança: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "falha ao criar 'cache' do porta-chaves: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6266,20 +6280,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "remoção do bloco de chave falhou: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "muda a frase secreta"
#, c-format
@@ -6290,9 +6317,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "A geração de chaves falhou: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6304,11 +6328,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "muda a frase secreta"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "muda a frase secreta"
@@ -6317,6 +6337,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "muda a frase secreta"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "motivo da revocação: "
@@ -6486,10 +6510,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "caracter radix64 inválido %02x ignorado\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "o gpg-agent não está disponível nesta sessão\n"
@@ -7297,6 +7317,10 @@ msgstr "certificado incorrecto"
msgid " runtime cached certificates: %u\n"
msgstr "erro na criação da frase secreta: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
@@ -8461,9 +8485,6 @@ msgstr "verificação da assinatura criada falhou: %s\n"
msgid "certificate chain is good\n"
msgstr "preferência %c%lu duplicada\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA necessita de utilização de uma algoritmo de dispersão de 160 bit\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8901,6 +8922,14 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "muda a frase secreta"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr ""
+#~ "DSA necessita de utilização de uma algoritmo de dispersão de 160 bit\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [nome_do_ficheiro]"
diff --git a/po/ro.po b/po/ro.po
index 69ab0f3..7c7f7f3 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -159,6 +159,10 @@ msgstr "eroare la obţinerea informaţiei pentru cheia curentă: %s\n"
msgid "no suitable card key found: %s\n"
msgstr "nu am găsit nici un inel de chei secret de scris: %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "eroare la obţinere noului PIN: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1057,6 +1061,10 @@ msgstr "eroare linia de trailer\n"
msgid "[none]"
msgstr "[nesetat(ă)]"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caracter radix64 invalid %02X sărit\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "Nu sunt permise comenzi administrare\n"
@@ -2542,6 +2550,9 @@ msgstr "eroare la obţinerea numărului serial: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Daţi-i drumul şi scrieţi mesajul ...\n"
@@ -5903,7 +5914,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6029,7 +6040,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "eroare trimitere la `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6286,6 +6297,9 @@ msgstr "am eşuat să stochez amprenta: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "am eşuat să stochez data creării: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "eroare la recuperarea stării CHV de pe card\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "răspunsul nu conţine modulul RSA\n"
@@ -6304,20 +6318,33 @@ msgstr "răspunsul nu conţine datele cheii publice\n"
msgid "reading public key failed: %s\n"
msgstr "citirea cheii publice a eÅŸuat: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
msgstr ""
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+msgid "Remaining attempts: %d"
+msgstr ""
+
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
#, c-format
@@ -6328,9 +6355,6 @@ msgstr "PIN-ul pentru CHV%d este prea scurt; lungimea minimă este %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "verificarea CHV%d a eÅŸuat: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "eroare la recuperarea stării CHV de pe card\n"
-
msgid "card is permanently locked!\n"
msgstr "cardul este încuiat permanent!\n"
@@ -6345,11 +6369,7 @@ msgstr[1] ""
"%d încercări PIN Admin rămase înainte de a încuia cardul permanent\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
@@ -6358,6 +6378,10 @@ msgid "access to admin commands is not configured\n"
msgstr "accesul la comenzile de administrare nu este configurată\n"
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
@@ -6525,10 +6549,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "caracter radix64 invalid %02X sărit\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent nu este disponibil în această sesiune\n"
@@ -7337,6 +7357,10 @@ msgstr "certificat incorect"
msgid " runtime cached certificates: %u\n"
msgstr "eroare la obţinerea numărului serial: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "eroare la obţinerea numărului serial: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "Certificat de revocare creat.\n"
@@ -8532,9 +8556,6 @@ msgstr "verificarea semnăturii create a eşuat: %s\n"
msgid "certificate chain is good\n"
msgstr "preferinţa `%s' duplicată\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA necesită folosirea unui algoritm cu hash de 160 biţi\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8973,6 +8994,16 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "||Vă rugăm introduceţi PIN%%0A[semnături făcute: %lu]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA necesită folosirea unui algoritm cu hash de 160 biţi\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [nume_fiÅŸier]"
diff --git a/po/ru.po b/po/ru.po
index 9386d59..8d3776e 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -4,14 +4,14 @@
# !-- no such user (2011-01-11)
# Thanks Pawel I. Shajdo <pshajdo@gmail.com>.
# Thanks Cmecb for the inspiration.
-# Ineiev <ineiev@gnu.org>, 2014, 2015, 2016
+# Ineiev <ineiev@gnu.org>, 2014, 2015, 2016, 2017
#
# Designated-Translator: none
msgid ""
msgstr ""
"Project-Id-Version: GnuPG 2.1.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2016-11-18 15:44+0100\n"
+"PO-Revision-Date: 2017-01-24 17:17+0000\n"
"Last-Translator: Ineiev <ineiev@gnu.org>\n"
"Language-Team: Russian <gnupg-ru@gnupg.org>\n"
"Language: ru\n"
@@ -150,6 +150,11 @@ msgstr "на карте нет оÑновного аутентификацион
msgid "no suitable card key found: %s\n"
msgstr "на карте не найдено подходÑщего ключа: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ñохраненных признаков: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -663,7 +668,7 @@ msgid ""
"Warning: This key is also listed for use with SSH!\n"
"Deleting the key might remove your ability to access remote machines."
msgstr ""
-"Внимание: Ñтот ключ также в ÑпиÑке Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ñ SSH!\n"
+"Внимание: Ñтот ключ также находитÑÑ Ð² ÑпиÑке Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ñ SSH!\n"
"Удаление его может лишить Ð’Ð°Ñ Ð²Ð¾Ð·Ð¼Ð¾Ð¶Ð½Ð¾Ñти доÑтупа к удаленным машинам."
msgid "DSA requires the hash length to be a multiple of 8 bits\n"
@@ -751,15 +756,13 @@ msgstr "Внимание: небезопаÑный владелец %s \"%s\"\n"
msgid "Warning: unsafe permissions on %s \"%s\"\n"
msgstr "Внимание: небезопаÑные права доÑтупа %s \"%s\"\n"
-#, fuzzy, c-format
-#| msgid "waiting for the agent to come up ... (%ds)\n"
+#, c-format
msgid "waiting for file '%s' to become accessible ...\n"
-msgstr "ожидаю Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ Ð°Ð³ÐµÐ½Ñ‚Ð° ... (%iÑ)\n"
+msgstr "ожидаю доÑтупноÑти файла '%s'\n"
-#, fuzzy, c-format
-#| msgid "error renaming '%s' to '%s': %s\n"
+#, c-format
msgid "renaming '%s' to '%s' failed: %s\n"
-msgstr "ошибка Ð¿ÐµÑ€ÐµÐ¸Ð¼ÐµÐ½Ð¾Ð²Ð°Ð½Ð¸Ñ '%s' в '%s': %s\n"
+msgstr "Ñбой при переименовании '%s' в '%s': %s\n"
#. TRANSLATORS: See doc/TRANSLATE about this string.
msgid "yes"
@@ -988,6 +991,10 @@ msgstr "игнорируем дефектную Ñтроку"
msgid "[none]"
msgstr "[отÑутÑтвует]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "недопуÑтимый Ñимвол radix64 %02x пропущен\n"
+
msgid "argument not expected"
msgstr "неожиданный параметр"
@@ -1112,7 +1119,7 @@ msgid "unexpected armor: "
msgstr "неожиданный текÑтовый формат: "
msgid "invalid dash escaped line: "
-msgstr "недопуÑÑ‚Ð¸Ð¼Ð°Ñ Ñтрока, Ð²Ñ‹Ð´ÐµÐ»ÐµÐ½Ð½Ð°Ñ Ð´ÐµÑ„Ð¸Ñами: "
+msgstr "недопуÑÑ‚Ð¸Ð¼Ð°Ñ Ñтрока Ñ Ð²Ñ‹ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ‹Ð¼Ð¸ дефиÑами: "
#, c-format
msgid "invalid radix64 character %02X skipped\n"
@@ -1246,10 +1253,10 @@ msgid "Error: Double spaces are not allowed.\n"
msgstr "Ошибка: Двойные пробелы недопуÑтимы.\n"
msgid "Cardholder's surname: "
-msgstr "Ð¤Ð°Ð¼Ð¸Ð»Ð¸Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° карты: "
+msgstr "Ð¤Ð°Ð¼Ð¸Ð»Ð¸Ñ Ð´ÐµÑ€Ð¶Ð°Ñ‚ÐµÐ»Ñ ÐºÐ°Ñ€Ñ‚Ñ‹: "
msgid "Cardholder's given name: "
-msgstr "Ð˜Ð¼Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° карты: "
+msgstr "Ð˜Ð¼Ñ Ð´ÐµÑ€Ð¶Ð°Ñ‚ÐµÐ»Ñ ÐºÐ°Ñ€Ñ‚Ñ‹: "
#, c-format
msgid "Error: Combined name too long (limit is %d characters).\n"
@@ -1423,7 +1430,7 @@ msgid "list all available data"
msgstr "вывеÑти вÑе доÑтупные данные"
msgid "change card holder's name"
-msgstr "изменить Ð¸Ð¼Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° карты"
+msgstr "изменить Ð¸Ð¼Ñ Ð´ÐµÑ€Ð¶Ð°Ñ‚ÐµÐ»Ñ ÐºÐ°Ñ€Ñ‚Ñ‹"
msgid "change URL to retrieve key"
msgstr "изменить URL Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð°"
@@ -1438,7 +1445,7 @@ msgid "change the language preferences"
msgstr "изменить Ñзыковые предпочтениÑ"
msgid "change card holder's sex"
-msgstr "изменить пол владельца карты"
+msgstr "изменить пол Ð´ÐµÑ€Ð¶Ð°Ñ‚ÐµÐ»Ñ ÐºÐ°Ñ€Ñ‚Ñ‹"
msgid "change a CA fingerprint"
msgstr "Ñменить отпечаток удоÑтоверÑющего центра"
@@ -1496,7 +1503,7 @@ msgid "key \"%s\" not found\n"
msgstr "ключ \"%s\" не найден\n"
msgid "(unless you specify the key by fingerprint)\n"
-msgstr "(еÑли только Ð’Ñ‹ не задали ключ отпечатком)\n"
+msgstr "(еÑли только ключ не задан отпечатком)\n"
msgid "can't do this in batch mode without \"--yes\"\n"
msgstr "не могу выполнить в пакетном режиме без \"--yes\"\n"
@@ -1575,7 +1582,7 @@ msgstr ""
#, c-format
msgid "%s/%s encrypted for: \"%s\"\n"
-msgstr "%s/%s зашифровано длÑ: \"%s\"\n"
+msgstr "%s/%s зашифровано Ð´Ð»Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\"\n"
#, c-format
msgid "you may not use %s while in %s mode\n"
@@ -1644,7 +1651,9 @@ msgid "export signatures that are marked as local-only"
msgstr "ÑкÑпортировать подпиÑи, помеченные как 'только локальные'"
msgid "export attribute user IDs (generally photo IDs)"
-msgstr "ÑкÑпортировать атрибутные ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ (обычно фотоидентификаторы)"
+msgstr ""
+"ÑкÑпортировать атрибутные идентификаторы Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ (обычно "
+"фотоидентификаторы)"
msgid "export revocation keys marked as \"sensitive\""
msgstr "ÑкÑпортировать ключи отзыва, помеченные как 'оÑобо важные'"
@@ -1656,7 +1665,7 @@ msgid "remove as much as possible from key during export"
msgstr "при ÑкÑпорте удалить из ключа как можно больше"
msgid "use the GnuPG key backup format"
-msgstr ""
+msgstr "пользоватьÑÑ Ð°Ñ€Ñ…Ð¸Ð²Ð½Ñ‹Ð¼ форматом ключей GnuPG"
msgid " - skipped"
msgstr " - пропущено"
@@ -1684,7 +1693,7 @@ msgid "error creating '%s': %s\n"
msgstr "ошибка ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ '%s': %s\n"
msgid "[User ID not found]"
-msgstr "[ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð½Ðµ найден]"
+msgstr "[Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð½Ðµ найден]"
#, c-format
msgid "(check argument of option '%s')\n"
@@ -1785,15 +1794,13 @@ msgid "quickly generate a new key pair"
msgstr "быÑтро Ñоздать новую пару ключей"
msgid "quickly add a new user-id"
-msgstr "быÑтро добавить новый ID пользователÑ"
+msgstr "быÑтро добавить новый идентификатор пользователÑ"
msgid "quickly revoke a user-id"
-msgstr "быÑтро отозвать ID пользователÑ"
+msgstr "быÑтро отозвать идентификатор пользователÑ"
-#, fuzzy
-#| msgid "quickly generate a new key pair"
msgid "quickly set a new expiration date"
-msgstr "быÑтро Ñоздать новую пару ключей"
+msgstr "быÑтро уÑтановить новый Ñрок дейÑтвиÑ"
msgid "full featured key pair generation"
msgstr "Ñоздание полноценной пары ключей"
@@ -1898,16 +1905,6 @@ msgstr ""
"@\n"
"(Полный ÑпиÑок команд и параметров Ñм. на Ñтранице man)\n"
-#, fuzzy
-#| msgid ""
-#| "@\n"
-#| "Examples:\n"
-#| "\n"
-#| " -se -r Bob [file] sign and encrypt for user Bob\n"
-#| " --clear-sign [file] make a clear text signature\n"
-#| " --detach-sign [file] make a detached signature\n"
-#| " --list-keys [names] show keys\n"
-#| " --fingerprint [names] show fingerprints\n"
msgid ""
"@\n"
"Examples:\n"
@@ -1921,8 +1918,8 @@ msgstr ""
"@\n"
"Примеры:\n"
"\n"
-" -se -r Вова [файл] подпиÑать и зашифровать Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡Ð°Ñ‚ÐµÐ»Ñ Ð’Ð¾Ð²Ð°\n"
-" --clear-sign [файл] Ñоздать текÑтовую подпиÑÑŒ\n"
+" -se -r Вова [файл] подпиÑать и зашифровать Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡Ð°Ñ‚ÐµÐ»Ñ Ð’Ð¾Ð²Ð°\n"
+" --clear-sign [файл] Ñоздать текÑтовую подпиÑÑŒ\n"
" --detach-sign [файл] Ñоздать отделенную подпиÑÑŒ\n"
" --list-keys [имена] показать ключи\n"
" --fingerprint [имена] показать отпечатки\n"
@@ -2055,10 +2052,13 @@ msgid "show preferred keyserver URLs during signature listings"
msgstr "показать в ÑпиÑке подпиÑей URL предпочтительных Ñерверов ключей"
msgid "show user ID validity during key listings"
-msgstr "показать в ÑпиÑке ключей дейÑтвительноÑÑ‚ÑŒ ID пользователей"
+msgstr ""
+"показать в ÑпиÑке ключей дейÑтвительноÑÑ‚ÑŒ идентификаторов пользователей"
msgid "show revoked and expired user IDs in key listings"
-msgstr "показать в ÑпиÑке ключей отозванные и проÑроченные ID пользователей"
+msgstr ""
+"показать в ÑпиÑке ключей отозванные и проÑроченные идентификаторы "
+"пользователей"
msgid "show revoked and expired subkeys in key listings"
msgstr "показать в ÑпиÑке ключей отозванные и проÑроченные подключи"
@@ -2162,14 +2162,17 @@ msgid "show preferred keyserver URLs during signature verification"
msgstr "показать при проверке подпиÑей URL предпочтительных Ñерверов ключей"
msgid "show user ID validity during signature verification"
-msgstr "показать при проверке подпиÑей дейÑтвительноÑÑ‚ÑŒ ID пользователей"
+msgstr ""
+"показать при проверке подпиÑей дейÑтвительноÑÑ‚ÑŒ идентификаторов пользователей"
msgid "show revoked and expired user IDs in signature verification"
msgstr ""
-"показать при проверке подпиÑей отозванные и проÑроченные ID пользователÑ"
+"показать при проверке подпиÑей отозванные и проÑроченные идентификаторы "
+"пользователÑ"
msgid "show only the primary user ID in signature verification"
-msgstr "показать при проверке подпиÑей только первичный ID пользователÑ"
+msgstr ""
+"показать при проверке подпиÑей только первичный идентификатор пользователÑ"
msgid "validate signatures with PKA data"
msgstr "проверить подпиÑи по данным PKA"
@@ -2350,6 +2353,9 @@ msgstr "ошибка ÑинтакÑичеÑкого анализа ÑпецифÐ
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr "'%s' не ÑвлÑетÑÑ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼, отпечатком или кодом ключа\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Пишите Ñообщение ...\n"
@@ -2418,10 +2424,8 @@ msgstr "удалить поÑле импорта из ключа как можн
msgid "run import filters and export key immediately"
msgstr "применить фильтры импорта и немедленно ÑкÑпортировать ключ"
-#, fuzzy
-#| msgid "assume input is in binary format"
msgid "assume the GnuPG key backup format"
-msgstr "предполагаю, что входные данные в двоичном формате"
+msgstr "ожидать ключи в архивном формате GnuPG"
#, c-format
msgid "skipping block of type %d\n"
@@ -2445,7 +2449,7 @@ msgstr " пропущено новых ключей: %lu\n"
#, c-format
msgid " w/o user IDs: %lu\n"
-msgstr " без ID пользователÑ: %lu\n"
+msgstr " без идентификатора пользователÑ: %lu\n"
#, c-format
msgid " imported: %lu"
@@ -2457,7 +2461,7 @@ msgstr " неизмененных: %lu\n"
#, c-format
msgid " new user IDs: %lu\n"
-msgstr " новых ID пользователÑ: %lu\n"
+msgstr " новых идентификаторов пользователÑ: %lu\n"
#, c-format
msgid " new subkeys: %lu\n"
@@ -2493,7 +2497,7 @@ msgstr " очищено подпиÑей: %lu\n"
#, c-format
msgid " user IDs cleaned: %lu\n"
-msgstr " очищено ID пользователей: %lu\n"
+msgstr " очищено идентификаторов пользователей: %lu\n"
#, c-format
msgid ""
@@ -2501,7 +2505,7 @@ msgid ""
"algorithms on these user IDs:\n"
msgstr ""
"Внимание: ключ %s Ñодержит Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð´Ð»Ñ Ð½ÐµÐ´Ð¾Ñтупных\n"
-"алгоритмов Ð´Ð»Ñ Ñледующих ID пользователей:\n"
+"алгоритмов Ð´Ð»Ñ Ñледующих идентификаторов пользователей:\n"
#, c-format
msgid " \"%s\": preference for cipher algorithm %s\n"
@@ -2529,7 +2533,7 @@ msgstr ""
#, c-format
msgid "key %s: no user ID\n"
-msgstr "ключ %s: нет ID пользователÑ\n"
+msgstr "ключ %s: нет идентификатора пользователÑ\n"
#, c-format
msgid "key %s: %s\n"
@@ -2544,11 +2548,12 @@ msgstr "ключ %s: повреждение подключа PKS иÑправлÐ
#, c-format
msgid "key %s: accepted non self-signed user ID \"%s\"\n"
-msgstr "ключ %s: принÑÑ‚ без Ñамозаверенного ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\"\n"
+msgstr ""
+"ключ %s: принÑÑ‚ без Ñамозаверенного идентификатора Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\"\n"
#, c-format
msgid "key %s: no valid user IDs\n"
-msgstr "ключ %s: нет дейÑтвительных ID пользователÑ\n"
+msgstr "ключ %s: нет дейÑтвительных идентификаторов пользователÑ\n"
msgid "this may be caused by a missing self-signature\n"
msgstr "может быть, из-за отÑутÑÑ‚Ð²Ð¸Ñ ÑамоподпиÑи\n"
@@ -2587,11 +2592,11 @@ msgstr "ключ %s: оригинальный блок ключей не читÐ
#, c-format
msgid "key %s: \"%s\" 1 new user ID\n"
-msgstr "ключ %s: \"%s\" 1 новый ID пользователÑ\n"
+msgstr "ключ %s: \"%s\" 1 новый идентификатор пользователÑ\n"
#, c-format
msgid "key %s: \"%s\" %d new user IDs\n"
-msgstr "ключ %s: \"%s\" %d новых ID пользователÑ\n"
+msgstr "ключ %s: \"%s\" %d новых идентификаторов пользователÑ\n"
#, c-format
msgid "key %s: \"%s\" 1 new signature\n"
@@ -2619,11 +2624,11 @@ msgstr "ключ %s: \"%s\" %d подпиÑей очищено\n"
#, c-format
msgid "key %s: \"%s\" %d user ID cleaned\n"
-msgstr "ключ %s: \"%s\" %d ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¾Ñ‡Ð¸Ñ‰ÐµÐ½\n"
+msgstr "ключ %s: \"%s\" %d идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¾Ñ‡Ð¸Ñ‰ÐµÐ½\n"
#, c-format
msgid "key %s: \"%s\" %d user IDs cleaned\n"
-msgstr "ключ %s: \"%s\" %d ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¾Ñ‡Ð¸Ñ‰ÐµÐ½Ð¾\n"
+msgstr "ключ %s: \"%s\" %d идентификаторов Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¾Ñ‡Ð¸Ñ‰ÐµÐ½Ð¾\n"
#, c-format
msgid "key %s: \"%s\" not changed\n"
@@ -2680,17 +2685,18 @@ msgstr "ключ %s: Ñертификат отзыва \"%s\" импортиро
#, c-format
msgid "key %s: no user ID for signature\n"
-msgstr "ключ %s: нет ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи\n"
+msgstr "ключ %s: нет идентификатора Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи\n"
#, c-format
msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
msgstr ""
-"ключ %s: алгоритм Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ ключом у ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" не "
+"ключ %s: алгоритм Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ ключом у идентификатора Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" не "
"поддерживаетÑÑ\n"
#, c-format
msgid "key %s: invalid self-signature on user ID \"%s\"\n"
-msgstr "ключ %s: Ð½ÐµÐ¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð°Ñ ÑамоподпиÑÑŒ на ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\"\n"
+msgstr ""
+"ключ %s: Ð½ÐµÐ¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð°Ñ ÑамоподпиÑÑŒ на идентификаторе Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\"\n"
#, c-format
msgid "key %s: unsupported public key algorithm\n"
@@ -2726,7 +2732,7 @@ msgstr "ключ %s: удален многократный отзыв подкл
#, c-format
msgid "key %s: skipped user ID \"%s\"\n"
-msgstr "ключ %s: пропущен ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\"\n"
+msgstr "ключ %s: пропущен идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\"\n"
#, c-format
msgid "key %s: skipped subkey\n"
@@ -2754,7 +2760,8 @@ msgstr "ключ %s: неожиданный клаÑÑ Ð¿Ð¾Ð´Ð¿Ð¸Ñи (0x%02X) -
#, c-format
msgid "key %s: duplicated user ID detected - merged\n"
-msgstr "ключ %s: обнаружено дублирование ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ - объединены\n"
+msgstr ""
+"ключ %s: обнаружено дублирование идентификатора Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ - объединены\n"
#, c-format
msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
@@ -2898,11 +2905,12 @@ msgstr ""
#, c-format
msgid "Skipping user ID \"%s\", which is not a text ID.\n"
-msgstr "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" пропущен: Ñто не текÑтовый ID.\n"
+msgstr ""
+"Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" пропущен: Ñто не текÑтовый идентификатор.\n"
#, c-format
msgid "User ID \"%s\" is revoked."
-msgstr "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" отозван."
+msgstr "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" отозван."
msgid "Are you sure you still want to sign it? (y/N) "
msgstr "Ð’Ñ‹ вÑе равно хотите его подпиÑать? (y/N) "
@@ -2912,15 +2920,15 @@ msgstr " Ðе могу подпиÑать.\n"
#, c-format
msgid "User ID \"%s\" is expired."
-msgstr "Срок дейÑÑ‚Ð²Ð¸Ñ ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" иÑтек."
+msgstr "Срок дейÑÑ‚Ð²Ð¸Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð° Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" иÑтек."
#, c-format
msgid "User ID \"%s\" is not self-signed."
-msgstr "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" не Ñамозаверен."
+msgstr "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" не Ñамозаверен."
#, c-format
msgid "User ID \"%s\" is signable. "
-msgstr "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" можно подпиÑать."
+msgstr "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" можно подпиÑать."
msgid "Sign it? (y/N) "
msgstr "ПодпиÑать его? (y/N) "
@@ -3069,10 +3077,10 @@ msgid "show the keygrip"
msgstr "показать код ключа"
msgid "list key and user IDs"
-msgstr "вывеÑти ÑпиÑок ключей и ID пользователÑ"
+msgstr "вывеÑти ÑпиÑок ключей и идентификаторов пользователÑ"
msgid "select user ID N"
-msgstr "выбрать ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ N"
+msgstr "выбрать идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ N"
msgid "select subkey N"
msgstr "выбрать подключ N"
@@ -3081,25 +3089,26 @@ msgid "check signatures"
msgstr "проверка подпиÑей"
msgid "sign selected user IDs [* see below for related commands]"
-msgstr "подпиÑать выбранные ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ [* опиÑание команд Ñм. ниже]"
+msgstr ""
+"подпиÑать выбранные идентификаторы Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ [* опиÑание команд Ñм. ниже]"
msgid "sign selected user IDs locally"
-msgstr "локально подпиÑать выбранные ID пользователÑ"
+msgstr "локально подпиÑать выбранные идентификаторы пользователÑ"
msgid "sign selected user IDs with a trust signature"
-msgstr "подпиÑать выбранные ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñью довериÑ"
+msgstr "подпиÑать выбранные идентификаторы Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñью довериÑ"
msgid "sign selected user IDs with a non-revocable signature"
-msgstr "подпиÑать выбранные ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð±ÐµÐ· возможноÑти отзыва"
+msgstr "подпиÑать выбранные идентификаторы Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð±ÐµÐ· возможноÑти отзыва"
msgid "add a user ID"
-msgstr "добавить ID пользователÑ"
+msgstr "добавить идентификатор пользователÑ"
msgid "add a photo ID"
msgstr "добавить фотоидентификатор"
msgid "delete selected user IDs"
-msgstr "удалить выбранные ID пользователÑ"
+msgstr "удалить выбранные идентификаторы пользователÑ"
msgid "add a subkey"
msgstr "добавить подключ"
@@ -3120,13 +3129,13 @@ msgid "add a revocation key"
msgstr "добавить ключ отзыва"
msgid "delete signatures from the selected user IDs"
-msgstr "удалить подпиÑи Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… ID пользователÑ"
+msgstr "удалить подпиÑи Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… идентификаторов пользователÑ"
msgid "change the expiration date for the key or selected subkeys"
msgstr "Ñменить Ñрок дейÑÑ‚Ð²Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð° или выбранных подключей"
msgid "flag the selected user ID as primary"
-msgstr "пометить выбранный ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ ÐºÐ°Ðº первичный"
+msgstr "пометить выбранный идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ ÐºÐ°Ðº первичный"
msgid "list preferences (expert)"
msgstr "ÑпиÑок предпочтений (ÑкÑпертам)"
@@ -3135,14 +3144,16 @@ msgid "list preferences (verbose)"
msgstr "ÑпиÑок предпочтений (подробный)"
msgid "set preference list for the selected user IDs"
-msgstr "уÑтановить ÑпиÑок предпочтений Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… ID пользователÑ"
+msgstr ""
+"уÑтановить ÑпиÑок предпочтений Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… идентификаторов пользователÑ"
msgid "set the preferred keyserver URL for the selected user IDs"
msgstr ""
-"уÑтановить URL предпочтительного Ñервера ключей Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… ID пользователÑ"
+"уÑтановить URL предпочтительного Ñервера ключей Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… "
+"идентификаторов пользователÑ"
msgid "set a notation for the selected user IDs"
-msgstr "уÑтановить замечание Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… ID пользователÑ"
+msgstr "уÑтановить замечание Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… идентификаторов пользователÑ"
msgid "change the passphrase"
msgstr "Ñменить фразу-пароль"
@@ -3151,10 +3162,10 @@ msgid "change the ownertrust"
msgstr "изменить уровень Ð´Ð¾Ð²ÐµÑ€Ð¸Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ñƒ"
msgid "revoke signatures on the selected user IDs"
-msgstr "отозвать подпиÑи у выбранных ID пользователÑ"
+msgstr "отозвать подпиÑи у выбранных идентификаторов пользователÑ"
msgid "revoke selected user IDs"
-msgstr "отозвать выбранные ID пользователÑ"
+msgstr "отозвать выбранные идентификаторы пользователÑ"
msgid "revoke key or selected subkeys"
msgstr "отозвать ключ или выбранные подключи"
@@ -3170,10 +3181,12 @@ msgstr "показать выбранные фотоидентификаторы
msgid "compact unusable user IDs and remove unusable signatures from key"
msgstr ""
-"Ñжать непригодные ID пользователей и удалить непригодные подпиÑи из ключа"
+"Ñжать непригодные идентификаторы пользователей и удалить непригодные подпиÑи "
+"из ключа"
msgid "compact unusable user IDs and remove all signatures from key"
-msgstr "Ñжать непригодные ID пользователей и удалить вÑе подпиÑи из ключа"
+msgstr ""
+"Ñжать непригодные идентификаторы пользователей и удалить вÑе подпиÑи из ключа"
msgid "Secret key is available.\n"
msgstr "Секретный ключ доÑтупен.\n"
@@ -3195,13 +3208,15 @@ msgid "Key is revoked."
msgstr "Ключ отозван."
msgid "Really sign all user IDs? (y/N) "
-msgstr "ДейÑтвительно подпиÑать вÑе ID пользователÑ? (y/N) "
+msgstr "ДейÑтвительно подпиÑать вÑе идентификаторы пользователÑ? (y/N) "
msgid "Really sign all text user IDs? (y/N) "
-msgstr "ДейÑтвительно подпиÑать вÑе текÑтовые ID пользователÑ? (y/N) "
+msgstr ""
+"ДейÑтвительно подпиÑать вÑе текÑтовые идентификаторы пользователÑ? (y/N) "
msgid "Hint: Select the user IDs to sign\n"
-msgstr "ПодÑказка: Выберите ID пользователей, которые нужно подпиÑать\n"
+msgstr ""
+"ПодÑказка: Выберите идентификаторы пользователей, которые нужно подпиÑать\n"
#, c-format
msgid "Unknown signature type '%s'\n"
@@ -3212,20 +3227,21 @@ msgid "This command is not allowed while in %s mode.\n"
msgstr "Ð”Ð°Ð½Ð½Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° в режиме %s недопуÑтима.\n"
msgid "You must select at least one user ID.\n"
-msgstr "Ð’Ñ‹ должны выбрать Ñ…Ð¾Ñ‚Ñ Ð±Ñ‹ один ID пользователÑ.\n"
+msgstr "Ð’Ñ‹ должны выбрать Ñ…Ð¾Ñ‚Ñ Ð±Ñ‹ один идентификатор пользователÑ.\n"
#, c-format
msgid "(Use the '%s' command.)\n"
msgstr "(Команда '%s'.)\n"
msgid "You can't delete the last user ID!\n"
-msgstr "Ð’Ñ‹ не можете удалить поÑледний ID пользователÑ!\n"
+msgstr "Ð’Ñ‹ не можете удалить поÑледний идентификатор пользователÑ!\n"
msgid "Really remove all selected user IDs? (y/N) "
-msgstr "ДейÑтвительно удалить вÑе выбранные ID пользователей? (y/N) "
+msgstr ""
+"ДейÑтвительно удалить вÑе выбранные идентификаторы пользователей? (y/N) "
msgid "Really remove this user ID? (y/N) "
-msgstr "ДейÑтвительно удалить Ñтот ID пользователÑ? (y/N) "
+msgstr "ДейÑтвительно удалить Ñтот идентификатор пользователÑ? (y/N) "
#. TRANSLATORS: Please take care: This is about
#. moving the key and not about removing it.
@@ -3256,10 +3272,11 @@ msgid "Do you really want to delete this key? (y/N) "
msgstr "Ð’Ñ‹ дейÑтвительно хотите удалить данный ключ? (y/N) "
msgid "Really revoke all selected user IDs? (y/N) "
-msgstr "ДейÑтвительно отозвать вÑе выбранные ID пользователей? (y/N) "
+msgstr ""
+"ДейÑтвительно отозвать вÑе выбранные идентификаторы пользователей? (y/N) "
msgid "Really revoke this user ID? (y/N) "
-msgstr "ДейÑтвительно отозвать данный ID пользователÑ? (y/N) "
+msgstr "ДейÑтвительно отозвать данный идентификатор пользователÑ? (y/N) "
msgid "Do you really want to revoke the entire key? (y/N) "
msgstr "Ð’Ñ‹ дейÑтвительно хотите отозвать ключ целиком? (y/N) "
@@ -3280,7 +3297,8 @@ msgstr "УÑтановить Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð²:\n"
msgid "Really update the preferences for the selected user IDs? (y/N) "
msgstr ""
-"ДейÑтвительно обновить Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… ID пользователей? (y/N) "
+"ДейÑтвительно обновить Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… идентификаторов "
+"пользователей? (y/N) "
msgid "Really update the preferences? (y/N) "
msgstr "ДейÑтвительно обновить предпочтениÑ? (y/N) "
@@ -3312,18 +3330,17 @@ msgstr "\"%s\" - не первичный отпечаток\n"
#, c-format
msgid "Invalid user ID '%s': %s\n"
-msgstr "ÐедопуÑтимый ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ '%s': %s\n"
+msgstr "ÐедопуÑтимый идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ '%s': %s\n"
msgid "No matching user IDs."
-msgstr "Ðет подходÑщих ID пользователей."
+msgstr "Ðет подходÑщих идентификаторов пользователей."
msgid "Nothing to sign.\n"
msgstr "ПодпиÑывать нечего.\n"
-#, fuzzy, c-format
-#| msgid "'%s' is not a valid signature expiration\n"
+#, c-format
msgid "'%s' is not a valid expiration time\n"
-msgstr "'%s' - не допуÑтимый Ñрок дейÑÑ‚Ð²Ð¸Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи\n"
+msgstr "'%s' - не допуÑтимый Ñрок дейÑтвиÑ\n"
msgid "Digest: "
msgstr "Хеш: "
@@ -3341,7 +3358,8 @@ msgid "Notations: "
msgstr "ЗамечаниÑ: "
msgid "There are no preferences on a PGP 2.x-style user ID.\n"
-msgstr "Ð’ ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ñ‚Ð¸Ð¿Ð° PGP 2.x не может быть предпочтений.\n"
+msgstr ""
+"Ð’ идентификаторе Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ñ‚Ð¸Ð¿Ð° PGP 2.x не может быть предпочтений.\n"
#, c-format
msgid "The following key was revoked on %s by %s key %s\n"
@@ -3409,9 +3427,9 @@ msgid ""
"WARNING: no user ID has been marked as primary. This command may\n"
" cause a different user ID to become the assumed primary.\n"
msgstr ""
-"Внимание: нет ID пользователÑ, помеченного как первичный. Эта команда может\n"
-" привеÑти к тому, что первичным Ñтанет ÑчитатьÑÑ Ð´Ñ€ÑƒÐ³Ð¾Ð¹\n"
-" ID пользователÑ.\n"
+"Внимание: нет идентификатора пользователÑ, помеченного как первичный.\n"
+" Эта команда может привеÑти к тому, что первичным Ñтанет ÑчитатьÑÑ\n"
+" другой идентификатор пользователÑ.\n"
msgid "WARNING: Your encryption subkey expires soon.\n"
msgstr "Внимание: Срок дейÑÑ‚Ð²Ð¸Ñ Ð’Ð°ÑˆÐµÐ³Ð¾ подключа Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¸Ñтекает.\n"
@@ -3434,7 +3452,7 @@ msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "ÐÐµÐ»ÑŒÐ·Ñ Ð´Ð¾Ð±Ð°Ð²Ð¸Ñ‚ÑŒ фотоидентификатор в ключ типа PGP2.\n"
msgid "Such a user ID already exists on this key!\n"
-msgstr "Такой ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð½Ð° Ñтом ключе уже еÑÑ‚ÑŒ!\n"
+msgstr "Такой идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð½Ð° Ñтом ключе уже еÑÑ‚ÑŒ!\n"
msgid "Delete this good signature? (y/N/q)"
msgstr "Удалить данную дейÑтвительную подпиÑÑŒ? (y/N/q)"
@@ -3463,22 +3481,22 @@ msgstr "недопуÑтимый"
#, c-format
msgid "User ID \"%s\" compacted: %s\n"
-msgstr "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" Ñжат: %s\n"
+msgstr "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" Ñжат: %s\n"
#, c-format
msgid "User ID \"%s\": %d signature removed\n"
msgid_plural "User ID \"%s\": %d signatures removed\n"
-msgstr[0] "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\": %d подпиÑÑŒ удалена\n"
-msgstr[1] "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\": %d подпиÑи удалены\n"
-msgstr[2] "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\": %d подпиÑей удалено\n"
+msgstr[0] "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\": %d подпиÑÑŒ удалена\n"
+msgstr[1] "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\": %d подпиÑи удалены\n"
+msgstr[2] "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\": %d подпиÑей удалено\n"
#, c-format
msgid "User ID \"%s\": already minimized\n"
-msgstr "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" уже минимизирован\n"
+msgstr "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" уже минимизирован\n"
#, c-format
msgid "User ID \"%s\": already clean\n"
-msgstr "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\": уже очищен\n"
+msgstr "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\": уже очищен\n"
msgid ""
"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
@@ -3492,7 +3510,7 @@ msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
msgstr "ÐÐµÐ»ÑŒÐ·Ñ Ð´Ð¾Ð±Ð°Ð²Ð¸Ñ‚ÑŒ оÑобый отзывающий ключ в ключ типа PGP 2.x.\n"
msgid "Enter the user ID of the designated revoker: "
-msgstr "Укажите ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ ÐºÐ»ÑŽÑ‡Ð°, назначенного отзывающим: "
+msgstr "Укажите идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ ÐºÐ»ÑŽÑ‡Ð°, назначенного отзывающим: "
msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
msgstr "Ð½ÐµÐ»ÑŒÐ·Ñ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ отзывающим ключ типа PGP 2.x\n"
@@ -3535,11 +3553,11 @@ msgid "subkey %s does not sign and so does not need to be cross-certified\n"
msgstr "подключ %s не Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñей, он не нуждаетÑÑ Ð² перекреÑтном заверении\n"
msgid "Please select exactly one user ID.\n"
-msgstr "Выберите ровно один ID пользователÑ.\n"
+msgstr "Выберите ровно один идентификатор пользователÑ.\n"
#, c-format
msgid "skipping v3 self-signature on user ID \"%s\"\n"
-msgstr "пропуÑк ÑамоподпиÑи v3 на ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\"\n"
+msgstr "пропуÑк ÑамоподпиÑи v3 на идентификаторе Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\"\n"
msgid "Enter your preferred keyserver URL: "
msgstr "Введите URL предпочтительного Ñервера ключей: "
@@ -3558,15 +3576,15 @@ msgstr "Продолжить? (y/N) "
#, c-format
msgid "No user ID with index %d\n"
-msgstr "Ðет ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ñ Ð¸Ð½Ð´ÐµÐºÑом %d\n"
+msgstr "Ðет идентификатора Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ñ Ð¸Ð½Ð´ÐµÐºÑом %d\n"
#, c-format
msgid "No user ID with hash %s\n"
-msgstr "Ðет ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ñ Ñ…ÐµÑˆÐµÐ¼ %s\n"
+msgstr "Ðет идентификатора Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ñ Ñ…ÐµÑˆÐµÐ¼ %s\n"
#, c-format
msgid "No subkey with key ID '%s'.\n"
-msgstr "Ðет подключа Ñ ID ключа '%s'.\n"
+msgstr "Ðет подключа Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ ключа '%s'.\n"
#, c-format
msgid "No subkey with index %d\n"
@@ -3574,7 +3592,7 @@ msgstr "Ðет подключа Ñ Ð¸Ð½Ð´ÐµÐºÑом %d\n"
#, c-format
msgid "user ID: \"%s\"\n"
-msgstr "ID пользователÑ: \"%s\"\n"
+msgstr "Идентификатор пользователÑ: \"%s\"\n"
#, c-format
msgid "signed by your key %s on %s%s%s\n"
@@ -3598,7 +3616,7 @@ msgstr "Вами не подпиÑано.\n"
#, c-format
msgid "You have signed these user IDs on key %s:\n"
-msgstr "Ð’Ñ‹ подпиÑали Ñти ID пользователей на ключе %s:\n"
+msgstr "Ð’Ñ‹ подпиÑали Ñти идентификаторы пользователей на ключе %s:\n"
msgid " (non-revocable)"
msgstr " (неотзываемаÑ)"
@@ -3622,11 +3640,13 @@ msgstr "попытка отзыва непользовательÑкого идÐ
#, c-format
msgid "user ID \"%s\" is already revoked\n"
-msgstr "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" уже отозван\n"
+msgstr "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ \"%s\" уже отозван\n"
#, c-format
msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
-msgstr "Внимание: подпиÑÑŒ ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð´Ð°Ñ‚Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð° %d Ñекундами в будущем\n"
+msgstr ""
+"Внимание: подпиÑÑŒ идентификатора Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð´Ð°Ñ‚Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð° %d Ñекундами в "
+"будущем\n"
#, c-format
msgid "Key %s is already revoked.\n"
@@ -3885,7 +3905,7 @@ msgid ""
"\n"
msgstr ""
"\n"
-"GnuPG должен ÑоÑтавить ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð´Ð»Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ ключа.\n"
+"GnuPG должен ÑоÑтавить идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð´Ð»Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ ключа.\n"
"\n"
#. TRANSLATORS: This string is in general not anymore used
@@ -3901,8 +3921,8 @@ msgid ""
"\n"
msgstr ""
"\n"
-"Ð”Ð»Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ Вашего ключа необходим ID пользователÑ. Программа ÑоздаÑÑ‚ "
-"его\n"
+"Ð”Ð»Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ Вашего ключа необходим идентификатор пользователÑ. "
+"Программа ÑоздаÑÑ‚ его\n"
"из Вашего имени, Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð¸ адреÑа Ñлектронной почты в виде:\n"
" \"ВаÑÑ ÐŸÑƒÑˆÐºÐ¸Ð½ (перÑонаж) <vp@test.ru>\"\n"
"\n"
@@ -3945,7 +3965,7 @@ msgid ""
" \"%s\"\n"
"\n"
msgstr ""
-"Ð’Ñ‹ выбрали Ñледующий ID пользователÑ:\n"
+"Ð’Ñ‹ выбрали Ñледующий идентификатор пользователÑ:\n"
" \"%s\"\n"
"\n"
@@ -4183,7 +4203,7 @@ msgid "include revoked keys in search results"
msgstr "включить в результаты поиÑка отозванные ключи"
msgid "include subkeys when searching by key ID"
-msgstr "иÑкать по ID ключа, Ð²ÐºÐ»ÑŽÑ‡Ð°Ñ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡Ð¸"
+msgstr "иÑкать по идентификатору ключа, Ð²ÐºÐ»ÑŽÑ‡Ð°Ñ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡Ð¸"
msgid "override timeout options set for dirmngr"
msgstr "переназначить наÑтройки времени Ð¾Ð¶Ð¸Ð´Ð°Ð½Ð¸Ñ Ð´Ð»Ñ dirmngr"
@@ -4209,7 +4229,7 @@ msgstr "недопуÑтимый протокол Ñервера ключей (Ð
#, c-format
msgid "\"%s\" not a key ID: skipping\n"
-msgstr "\"%s\" - не ID ключа: пропущен\n"
+msgstr "\"%s\" - не идентификатор ключа: пропущен\n"
#, c-format
msgid "refreshing %d key from %s\n"
@@ -4280,7 +4300,7 @@ msgstr "данные зашифрованы открытым ключом: хоÑ
#, c-format
msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
-msgstr "зашифровано %u-битным ключом %s Ñ ID %s, Ñозданным %s\n"
+msgstr "зашифровано %u-битным ключом %s Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ %s, Ñозданным %s\n"
#, c-format
msgid " \"%s\"\n"
@@ -4288,7 +4308,7 @@ msgstr " \"%s\"\n"
#, c-format
msgid "encrypted with %s key, ID %s\n"
-msgstr "зашифровано ключом %s Ñ ID %s\n"
+msgstr "зашифровано ключом %s Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ %s\n"
#, c-format
msgid "public key decryption failed: %s\n"
@@ -4362,11 +4382,11 @@ msgstr "ПодпиÑÑŒ Ñделана %s\n"
#, c-format
msgid " using %s key %s\n"
-msgstr " ключом %s Ñ ID %s\n"
+msgstr " ключом %s Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ %s\n"
#, c-format
msgid "Signature made %s using %s key ID %s\n"
-msgstr "ПодпиÑÑŒ Ñделана %s ключом %s Ñ ID %s\n"
+msgstr "ПодпиÑÑŒ Ñделана %s ключом %s Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ %s\n"
#, c-format
msgid " issuer \"%s\"\n"
@@ -4581,7 +4601,7 @@ msgstr "прервано пользователем\n"
#, c-format
msgid " (main key ID %s)"
-msgstr " (ID главного ключа %s)"
+msgstr " (идентификатор главного ключа %s)"
msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
msgstr "Введите фразу-пароль Ð´Ð»Ñ Ñ€Ð°Ð·Ð±Ð»Ð¾ÐºÐ¸Ñ€Ð¾Ð²ÐºÐ¸ Ñекретного ключа OpenPGP:"
@@ -4611,7 +4631,7 @@ msgid ""
msgstr ""
"%s\n"
"\"%.*s\"\n"
-"%u-битный ключ %s, ID %s,\n"
+"%u-битный ключ %s, идентификатор %s,\n"
"Ñоздан %s%s.\n"
"%s"
@@ -4665,7 +4685,7 @@ msgid "Key is no longer used"
msgstr "Ключ больше не иÑпользуетÑÑ"
msgid "User ID is no longer valid"
-msgstr "ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð±Ð¾Ð»ÑŒÑˆÐµ не дейÑтвителен"
+msgstr "Идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð±Ð¾Ð»ÑŒÑˆÐµ не дейÑтвителен"
msgid "reason for revocation: "
msgstr "причина отзыва: "
@@ -4758,11 +4778,6 @@ msgstr "Данный ключ принадлежит нам\n"
msgid "%s: This key is bad! It has been marked as untrusted!\n"
msgstr "%s: ÐекачеÑтвенный ключ! Он помечен как недоверенный!\n"
-#, fuzzy
-#| msgid ""
-#| "This key has is bad! It has been marked as untrusted! If you\n"
-#| "*really* know what you are doing, you may answer the next\n"
-#| "question with yes.\n"
msgid ""
"This key is bad! It has been marked as untrusted! If you\n"
"*really* know what you are doing, you may answer the next\n"
@@ -4777,7 +4792,7 @@ msgid ""
"you may answer the next question with yes.\n"
msgstr ""
"ÐЕТ уверенноÑти в том, что ключ принадлежит человеку, указанному\n"
-"в ID пользователÑ. ЕÑли Ð’Ñ‹ ТОЧÐО знаете, что делаете,\n"
+"в идентификаторе пользователÑ. ЕÑли Ð’Ñ‹ ТОЧÐО знаете, что делаете,\n"
"можете ответить на Ñледующий Ð²Ð¾Ð¿Ñ€Ð¾Ñ ÑƒÑ‚Ð²ÐµÑ€Ð´Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð¾.\n"
msgid "Use this key anyway? (y/N) "
@@ -4867,7 +4882,7 @@ msgid "option '%s' given, but option '%s' not given\n"
msgstr "задан параметр '%s', но параметр '%s' не задан\n"
msgid "You did not specify a user ID. (you may use \"-r\")\n"
-msgstr "Ðе задан ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ (можно иÑпользовать \"-r\").\n"
+msgstr "Ðе задан идентификатор Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ (можно иÑпользовать \"-r\").\n"
msgid "Current recipients:\n"
msgstr "Текущие получатели:\n"
@@ -4877,10 +4892,10 @@ msgid ""
"Enter the user ID. End with an empty line: "
msgstr ""
"\n"
-"Введите ID пользователÑ. Завершите пуÑтой Ñтрокой: "
+"Введите идентификатор пользователÑ. Завершите пуÑтой Ñтрокой: "
msgid "No such user ID.\n"
-msgstr "Ðет такого ID пользователÑ.\n"
+msgstr "Ðет такого идентификатора пользователÑ.\n"
msgid "skipped: public key already set as default recipient\n"
msgstr "пропущено: открытый ключ уже уÑтановлен Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡Ð°Ñ‚ÐµÐ»Ñ Ð¿Ð¾ умолчанию\n"
@@ -4961,7 +4976,7 @@ msgstr "Ñбой build_packet: %s\n"
#, c-format
msgid "key %s has no user IDs\n"
-msgstr "у ключа %s нет ID пользователÑ\n"
+msgstr "у ключа %s нет идентификатора пользователÑ\n"
msgid "To be revoked by:\n"
msgstr "Будет отозван:\n"
@@ -5400,13 +5415,12 @@ msgstr "ошибка отката назад Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð² базе да
msgid "unsupported TOFU database version: %s\n"
msgstr "верÑÐ¸Ñ Ð±Ð°Ð·Ñ‹ данных TOFU (не поддерживаетÑÑ): %s\n"
-#, fuzzy, c-format
-#| msgid "error creating temporary file: %s\n"
+#, c-format
msgid "error creating 'ultimately_trusted_keys' TOFU table: %s\n"
-msgstr "ошибка ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð²Ñ€ÐµÐ¼ÐµÐ½Ð½Ð¾Ð³Ð¾ файла: %s\n"
+msgstr "ошибка ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ‹ TOFU 'ultimately_trusted_keys': %s\n"
msgid "TOFU DB error"
-msgstr ""
+msgstr "ошибка базы данных TOFU"
#, c-format
msgid "error reading TOFU database: %s\n"
@@ -5420,14 +5434,13 @@ msgstr "ошибка Ð¾Ð¿Ñ€ÐµÐ´ÐµÐ»ÐµÐ½Ð¸Ñ Ð²ÐµÑ€Ñии базы данных T
msgid "error initializing TOFU database: %s\n"
msgstr "ошибка инициализации базы данных TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "error reading TOFU database: %s\n"
+#, c-format
msgid "error creating 'encryptions' TOFU table: %s\n"
-msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð±Ð°Ð·Ñ‹ данных TOFU: %s\n"
+msgstr "ошибка ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ‹ TOFU 'encryptions': %s\n"
#, c-format
msgid "adding column effective_policy to bindings DB: %s\n"
-msgstr ""
+msgstr "добавление Ñтолбца effective_policy в базу данных привÑзок: %s\n"
#, c-format
msgid "error opening TOFU database '%s': %s\n"
@@ -5442,11 +5455,10 @@ msgid ""
"This is the first time the email address \"%s\" is being used with key %s."
msgstr "ÐÐ´Ñ€ÐµÑ Ñлектронной почты \"%s\" иÑпользуетÑÑ Ñ ÐºÐ»ÑŽÑ‡Ð¾Ð¼ %s впервые."
-#, fuzzy, c-format
-#| msgid "The email address \"%s\" is associated with %d keys!"
+#, c-format
msgid "The email address \"%s\" is associated with %d key!"
msgid_plural "The email address \"%s\" is associated with %d keys!"
-msgstr[0] "ÐÐ´Ñ€ÐµÑ Ñлектронной почты \"%s\" ÑвÑзан Ñ %d ключами!"
+msgstr[0] "ÐÐ´Ñ€ÐµÑ Ñлектронной почты \"%s\" ÑвÑзан Ñ %d ключом!"
msgstr[1] "ÐÐ´Ñ€ÐµÑ Ñлектронной почты \"%s\" ÑвÑзан Ñ %d ключами!"
msgstr[2] "ÐÐ´Ñ€ÐµÑ Ñлектронной почты \"%s\" ÑвÑзан Ñ %d ключами!"
@@ -5465,7 +5477,7 @@ msgstr ""
#, c-format
msgid "error gathering other user IDs: %s\n"
-msgstr "ошибка при Ñборе ID других пользователей: %s\n"
+msgstr "ошибка при Ñборе идентификаторов других пользователей: %s\n"
msgid "This key's user IDs:\n"
msgstr "Идентификаторы Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ñтого ключа:\n"
@@ -5495,107 +5507,83 @@ msgstr ", "
msgid "this key"
msgstr "Ñтот ключ"
-#, fuzzy, c-format
-#| msgid "Verified %d message"
-#| msgid_plural "Verified %d messages"
+#, c-format
msgid "Verified %d message."
msgid_plural "Verified %d messages."
-msgstr[0] "Проверено %d Ñообщение"
-msgstr[1] "Проверены %d ÑообщениÑ"
-msgstr[2] "Проверено %d Ñообщений"
+msgstr[0] "Проверено %d Ñообщение."
+msgstr[1] "Проверены %d ÑообщениÑ."
+msgstr[2] "Проверено %d Ñообщений."
-#, fuzzy, c-format
-#| msgid "Encrypted %d message"
-#| msgid_plural "Encrypted %d messages"
+#, c-format
msgid "Encrypted %d message."
msgid_plural "Encrypted %d messages."
-msgstr[0] "Зашифровано %d Ñообщение"
-msgstr[1] "Зашифрованы %d ÑообщениÑ"
-msgstr[2] "Зашифровано %d Ñообщений"
+msgstr[0] "Зашифровано %d Ñообщение."
+msgstr[1] "Зашифрованы %d ÑообщениÑ."
+msgstr[2] "Зашифровано %d Ñообщений."
-#, fuzzy, c-format
-#| msgid "Verified %d message"
-#| msgid_plural "Verified %d messages"
+#, c-format
msgid "Verified %d message in the future."
msgid_plural "Verified %d messages in the future."
-msgstr[0] "Проверено %d Ñообщение"
-msgstr[1] "Проверены %d ÑообщениÑ"
-msgstr[2] "Проверено %d Ñообщений"
+msgstr[0] "Проверено %d Ñообщение в будущем."
+msgstr[1] "Проверены %d ÑÐ¾Ð¾Ð±Ñ‰ÐµÐ½Ð¸Ñ Ð² будущем."
+msgstr[2] "Проверено %d Ñообщений в будущем."
-#, fuzzy, c-format
-#| msgid ", and encrypted %ld message in the past %s"
-#| msgid_plural ", and encrypted %ld messages in the past %s"
+#, c-format
msgid "Encrypted %d message in the future."
msgid_plural "Encrypted %d messages in the future."
-msgstr[0] ", зашифровано %ld Ñообщение за %s."
-msgstr[1] ", зашифрованы %ld ÑÐ¾Ð¾Ð±Ñ‰ÐµÐ½Ð¸Ñ Ð·Ð° %s."
-msgstr[2] ", зашифровано %ld Ñообщений за %s."
+msgstr[0] "Зашифровано %d Ñообщение в будущем."
+msgstr[1] "Зашифрованы %d ÑÐ¾Ð¾Ð±Ñ‰ÐµÐ½Ð¸Ñ Ð² будущем."
+msgstr[2] "Зашифровано %d Ñообщений в будущем."
-#, fuzzy, c-format
-#| msgid " over the past day."
-#| msgid_plural " over the past %d days."
+#, c-format
msgid "Messages verified over the past %d day: %d."
msgid_plural "Messages verified over the past %d days: %d."
-msgstr[0] " за %d прошедший день."
-msgstr[1] " за %d прошедших днÑ."
-msgstr[2] " за %d прошедших дней."
+msgstr[0] "Проверено Ñообщений за %d прошедший день: %d."
+msgstr[1] "Проверено Ñообщений за %d прошедших днÑ: %d."
+msgstr[2] "Проверено Ñообщений за %d прошедших дней: %d."
-#, fuzzy, c-format
-#| msgid " over the past day."
-#| msgid_plural " over the past %d days."
+#, c-format
msgid "Messages encrypted over the past %d day: %d."
msgid_plural "Messages encrypted over the past %d days: %d."
-msgstr[0] " за %d прошедший день."
-msgstr[1] " за %d прошедших днÑ."
-msgstr[2] " за %d прошедших дней."
+msgstr[0] "Зашифровано Ñообщений за %d прошедший день: %d."
+msgstr[1] "Зашифровано Ñообщений за %d прошедших днÑ: %d."
+msgstr[2] "Зашифровано Ñообщений за %d прошедших дней: %d."
-#, fuzzy, c-format
-#| msgid " over the past month."
-#| msgid_plural " over the past %d months."
+#, c-format
msgid "Messages verified over the past %d month: %d."
msgid_plural "Messages verified over the past %d months: %d."
-msgstr[0] " за %d прошедший меÑÑц."
-msgstr[1] " за %d прошедших меÑÑца."
-msgstr[2] " за %d прошедших меÑÑцев."
+msgstr[0] "Проверено Ñообщений за %d прошедший меÑÑц: %d."
+msgstr[1] "Проверено Ñообщений за %d прошедших меÑÑца: %d."
+msgstr[2] "Проверено Ñообщений за %d прошедших меÑÑцев: %d."
-#, fuzzy, c-format
-#| msgid " over the past month."
-#| msgid_plural " over the past %d months."
+#, c-format
msgid "Messages encrypted over the past %d month: %d."
msgid_plural "Messages encrypted over the past %d months: %d."
-msgstr[0] " за %d прошедший меÑÑц."
-msgstr[1] " за %d прошедших меÑÑца."
-msgstr[2] " за %d прошедших меÑÑцев."
+msgstr[0] "Зашифровано Ñообщений за %d прошедший меÑÑц: %d."
+msgstr[1] "Зашифровано Ñообщений за %d прошедших меÑÑца: %d."
+msgstr[2] "Зашифровано Ñообщений за %d прошедших меÑÑцев: %d."
-#, fuzzy, c-format
-#| msgid " over the past year."
-#| msgid_plural " over the past %d years."
+#, c-format
msgid "Messages verified over the past %d year: %d."
msgid_plural "Messages verified over the past %d years: %d."
-msgstr[0] " за %d прошедший год."
-msgstr[1] " за %d прошедших днÑ."
-msgstr[2] " за %d прошедших дней."
+msgstr[0] "Проверено Ñообщений за %d прошедший год: %d."
+msgstr[1] "Проверено Ñообщений за %d прошедших года: %d."
+msgstr[2] "Проверено Ñообщений за %d прошедших лет: %d."
-#, fuzzy, c-format
-#| msgid " over the past year."
-#| msgid_plural " over the past %d years."
+#, c-format
msgid "Messages encrypted over the past %d year: %d."
msgid_plural "Messages encrypted over the past %d years: %d."
-msgstr[0] " за %d прошедший год."
-msgstr[1] " за %d прошедших днÑ."
-msgstr[2] " за %d прошедших дней."
+msgstr[0] "Зашифровано Ñообщений за %d прошедший год: %d."
+msgstr[1] "Зашифровано Ñообщений за %d прошедших года: %d."
+msgstr[2] "Зашифровано Ñообщений за %d прошедших лет: %d."
-#, fuzzy, c-format
-#| msgid " over the past day."
-#| msgid_plural " over the past %d days."
+#, c-format
msgid "Messages verified in the past: %d."
-msgstr " за %d прошедший день."
+msgstr "Проверено Ñообщений в прошлом: %d."
-#, fuzzy, c-format
-#| msgid ", and encrypted %ld message in the past %s"
-#| msgid_plural ", and encrypted %ld messages in the past %s"
+#, c-format
msgid "Messages encrypted in the past: %d."
-msgstr ", зашифровано %ld Ñообщение за %s."
+msgstr "Зашифровавно Ñообщений в прошлом: %d."
#. TRANSLATORS: Please translate the text found in the source
#. * file below. We don't directly internationalize that text so
@@ -5605,9 +5593,8 @@ msgstr ""
"Обычно Ñ ÐºÐ¾Ð½ÐºÑ€ÐµÑ‚Ð½Ñ‹Ð¼ адреÑом Ñлектронной почты ÑвÑзан только один ключ. "
"Однако иногда Ñоздают новый ключ, например, еÑли ключ Ñлишком Ñтар или "
"владелец Ñчитает, что ключ может быть раÑкрыт. Ð’ противном Ñлучае новый ключ "
-"может означать атаку \"человек поÑередине\"! Перед тем как принÑÑ‚ÑŒ Ñтот "
-"ключ, Ñледует ÑвÑзатьÑÑ Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†ÐµÐ¼ и убедитьÑÑ, что Ñтот новый ключ "
-"правомерен."
+"может означать перехват Ñообщений! Перед тем как принÑÑ‚ÑŒ Ñтот ключ, Ñледует "
+"ÑвÑзатьÑÑ Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†ÐµÐ¼ и убедитьÑÑ, что Ñтот новый ключ правомерен."
#. TRANSLATORS: Two letters (normally the lower and upper case
#. * version of the hotkey) for each of the five choices. If
@@ -5619,7 +5606,9 @@ msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
"(G)Хороший, (A)Пока принÑÑ‚ÑŒ, (U)ÐеÑÑно, (R)Пока отвергнуть, (B)Плохой? "
-msgid "Defaulting to unknown."
+#, fuzzy
+#| msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr "ПринимаетÑÑ Ð¸Ñходное значение (неÑÑно)."
msgid "TOFU db corruption detected.\n"
@@ -5629,111 +5618,89 @@ msgstr "Обнаружено повреждение базы данных TOFU.\
msgid "resetting keydb: %s\n"
msgstr "ÑÐ±Ñ€Ð¾Ñ Ð±Ð°Ð·Ñ‹ данных ключей: %s\n"
-#, fuzzy, c-format
-#| msgid "error setting TOFU binding's trust level to %s\n"
+#, c-format
msgid "error setting TOFU binding's policy to %s\n"
-msgstr "ошибка уÑтановки ÑƒÑ€Ð¾Ð²Ð½Ñ Ð´Ð¾Ð²ÐµÑ€Ð¸Ñ Ð¿Ñ€Ð¸Ð²Ñзки TOFU в %s\n"
+msgstr "ошибка уÑтановки правил привÑзки TOFU в %s\n"
#, c-format
msgid "error changing TOFU policy: %s\n"
msgstr "ошибка при Ñмене правила TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "%d~year"
-#| msgid_plural "%d~years"
+#, c-format
msgid "%lld~year"
msgid_plural "%lld~years"
-msgstr[0] "%d~год"
-msgstr[1] "%d~года"
-msgstr[2] "%d~лет"
+msgstr[0] "%lld~прошедший~год"
+msgstr[1] "%lld~прошедших~года"
+msgstr[2] "%lld~прошедших~лет"
-#, fuzzy, c-format
-#| msgid "%d~month"
-#| msgid_plural "%d~months"
+#, c-format
msgid "%lld~month"
msgid_plural "%lld~months"
-msgstr[0] "%d~меÑÑц"
-msgstr[1] "%d~меÑÑца"
-msgstr[2] "%d~меÑÑцев"
+msgstr[0] "%lld~прошедший~меÑÑц"
+msgstr[1] "%lld~прошедших~меÑÑца"
+msgstr[2] "%lld~прошедших~меÑÑцев"
#, c-format
msgid "%lld~week"
msgid_plural "%lld~weeks"
-msgstr[0] ""
-msgstr[1] ""
-msgstr[2] ""
+msgstr[0] "%lld~прошедшую~неделю"
+msgstr[1] "%lld~прошедшие~недели"
+msgstr[2] "%lld~прошедших~недель"
-#, fuzzy, c-format
-#| msgid "%d~day"
-#| msgid_plural "%d~days"
+#, c-format
msgid "%lld~day"
msgid_plural "%lld~days"
-msgstr[0] "%d~день"
-msgstr[1] "%d~днÑ"
-msgstr[2] "%d~дней"
+msgstr[0] "%lld~прошедший~день"
+msgstr[1] "%lld~прошедших~днÑ"
+msgstr[2] "%lld~прошедших~дней"
-#, fuzzy, c-format
-#| msgid "%d~hour"
-#| msgid_plural "%d~hours"
+#, c-format
msgid "%lld~hour"
msgid_plural "%lld~hours"
-msgstr[0] "%d~чаÑ"
-msgstr[1] "%d~чаÑа"
-msgstr[2] "%d~чаÑов"
+msgstr[0] "%lld~прошедший~чаÑ"
+msgstr[1] "%lld~прошедших~чаÑа"
+msgstr[2] "%lld~прошедших~чаÑов"
-#, fuzzy, c-format
-#| msgid "%d~minute"
-#| msgid_plural "%d~minutes"
+#, c-format
msgid "%lld~minute"
msgid_plural "%lld~minutes"
-msgstr[0] "%d~минута"
-msgstr[1] "%d~минуты"
-msgstr[2] "%d~минут"
+msgstr[0] "%lld~прошедшую~минуту"
+msgstr[1] "%lld~прошедшие~минуты"
+msgstr[2] "%lld~прошедших~минут"
-#, fuzzy, c-format
-#| msgid "%d~second"
-#| msgid_plural "%d~seconds"
+#, c-format
msgid "%lld~second"
msgid_plural "%lld~seconds"
-msgstr[0] "%d~Ñекунда"
-msgstr[1] "%d~Ñекунды"
-msgstr[2] "%d~Ñекунд"
+msgstr[0] "%lld~прошедшую~Ñекунду"
+msgstr[1] "%lld~прошедшие~Ñекунды"
+msgstr[2] "%lld~прошедших~Ñекунд"
#, c-format
msgid "%s: Verified 0~signatures and encrypted 0~messages."
-msgstr ""
+msgstr "%s: Проверено 0~подпиÑей, зашифровано 0~Ñообщений."
-#, fuzzy, c-format
-#| msgid "Verified %ld signatures"
+#, c-format
msgid "%s: Verified 0 signatures."
-msgstr "Проверено %ld подпиÑей"
+msgstr "%s: Проверено 0 подпиÑей."
-#, fuzzy, c-format
-#| msgid "Verified %ld signature in the past %s"
-#| msgid_plural "Verified %ld signatures in the past %s"
+#, c-format
msgid "%s: Verified %ld~signature in the past %s."
msgid_plural "%s: Verified %ld~signatures in the past %s."
-msgstr[0] "Проверена %ld подпиÑÑŒ за %s."
-msgstr[1] "Проверены %ld пропиÑи за %s."
-msgstr[2] "Проверено %ld подпиÑей за %s."
+msgstr[0] "%s: Проверена %ld~подпиÑÑŒ за %s."
+msgstr[1] "%s: Проверены %ld~пропиÑи за %s."
+msgstr[2] "%s: Проверено %ld~подпиÑей за %s."
-#, fuzzy
-#| msgid "Encrypted %d message"
-#| msgid_plural "Encrypted %d messages"
msgid "Encrypted 0 messages."
-msgstr "Зашифровано %d Ñообщение"
+msgstr "Зашифровано 0 Ñообщений."
-#, fuzzy, c-format
-#| msgid ", and encrypted %ld message in the past %s"
-#| msgid_plural ", and encrypted %ld messages in the past %s"
+#, c-format
msgid "Encrypted %ld~message in the past %s."
msgid_plural "Encrypted %ld~messages in the past %s."
-msgstr[0] ", зашифровано %ld Ñообщение за %s."
-msgstr[1] ", зашифрованы %ld ÑÐ¾Ð¾Ð±Ñ‰ÐµÐ½Ð¸Ñ Ð·Ð° %s."
-msgstr[2] ", зашифровано %ld Ñообщений за %s."
+msgstr[0] "Зашифровано %ld~Ñообщение за %s."
+msgstr[1] "Зашифрованы %ld~ÑÐ¾Ð¾Ð±Ñ‰ÐµÐ½Ð¸Ñ Ð·Ð° %s."
+msgstr[2] "Зашифровано %ld~Ñообщений за %s."
-#, fuzzy, c-format
-#| msgid "policy: %s"
+#, c-format
msgid "(policy: %s)"
msgstr "правило: %s"
@@ -5794,8 +5761,8 @@ msgid "error opening TOFU database: %s\n"
msgstr "ошибка при открытии базы данных TOFU: %s\n"
#, fuzzy, c-format
-#| msgid "WARNING: Encrypting to %s, which has nonon-revoked user ids.\n"
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+#| msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
"Ð’ÐИМÐÐИЕ: Шифрование Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð° %s, у которого нет неотозванных "
"идентификаторов пользователÑ.\n"
@@ -5808,7 +5775,7 @@ msgstr ""
#, c-format
msgid "'%s' is not a valid long keyID\n"
-msgstr "'%s' не ÑвлÑетÑÑ Ð´Ð¾Ð¿ÑƒÑтимым длинным ID ключа\n"
+msgstr "'%s' не ÑвлÑетÑÑ Ð´Ð¾Ð¿ÑƒÑтимым длинным идентификатором ключа\n"
#, c-format
msgid "key %s: accepted as trusted key\n"
@@ -6049,6 +6016,9 @@ msgstr "Ñбой при Ñохранении отпечатка: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "Ñбой при Ñохранении даты ÑозданиÑ: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÑтатуÑа CHV Ñ ÐºÐ°Ñ€Ñ‚Ñ‹\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "в ответе отÑутÑтвует модуль RSA\n"
@@ -6065,6 +6035,23 @@ msgstr "ответ не Ñодержит данных открытого клюÑ
msgid "reading public key failed: %s\n"
msgstr "Ñбой при чтении открытого ключа: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "оÑновной PIN применÑетÑÑ ÐºÐ°Ðº %s\n"
@@ -6075,11 +6062,9 @@ msgstr ""
"не удалоÑÑŒ применить оÑновной PIN как %s: %s - далее применÑÑ‚ÑŒÑÑ\n"
"как оÑновной не будет\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Введите PIN%%0A[Ñделано подпиÑей: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Введите PIN"
#, c-format
@@ -6090,9 +6075,6 @@ msgstr "PIN Ð´Ð»Ñ CHV%d Ñлишком короток, Ð¼Ð¸Ð½Ð¸Ð¼Ð°Ð»ÑŒÐ½Ð°Ñ Ð
msgid "verify CHV%d failed: %s\n"
msgstr "Ñбой при проверке CHV%d: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÑтатуÑа CHV Ñ ÐºÐ°Ñ€Ñ‚Ñ‹\n"
-
msgid "card is permanently locked!\n"
msgstr "карта окончательно заблокирована!\n"
@@ -6108,17 +6090,16 @@ msgstr[2] ""
"оÑталоÑÑŒ %d попыток ввода админиÑтративного PIN перед блокировкой карты\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Введите админиÑтративный PIN%%0A[оÑталоÑÑŒ попыток: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Введите админиÑтративный PIN"
msgid "access to admin commands is not configured\n"
msgstr "доÑтуп к командам ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ð½Ðµ наÑтроен\n"
+msgid "||Please enter the PIN"
+msgstr "||Введите PIN"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Введите код ÑброÑа Ð´Ð»Ñ ÐºÐ°Ñ€Ñ‚Ñ‹"
@@ -6276,10 +6257,6 @@ msgstr "обработчик fd %d запущен\n"
msgid "handler for fd %d terminated\n"
msgstr "обработчик fd %d оÑтановлен\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "недопуÑтимый Ñимвол radix64 %02x пропущен\n"
-
msgid "no dirmngr running in this session\n"
msgstr "в Ñтом ÑеанÑе dirmngr не работает\n"
@@ -6494,7 +6471,7 @@ msgid ""
msgstr ""
"Введите фразу-пароль Ð´Ð»Ñ Ð´Ð¾Ñтупа к Ñекретному ключу Ñертификата X.509:\n"
"\"%s\"\n"
-"S/N %s, ID 0x%08lX,\n"
+"S/N %s, идентификатор 0x%08lX,\n"
"Ñоздан %s, иÑтекает %s.\n"
msgid "no key usage specified - assuming all usages\n"
@@ -6976,7 +6953,7 @@ msgstr "[дата не указана]"
#, c-format
msgid " using certificate ID 0x%08lX\n"
-msgstr " Ñ Ð¿Ð¾Ð¼Ð¾Ñ‰ÑŒÑŽ Ñертификата Ñ ID 0x%08lX\n"
+msgstr " Ñ Ð¿Ð¾Ð¼Ð¾Ñ‰ÑŒÑŽ Ñертификата Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ 0x%08lX\n"
msgid ""
"invalid signature: message digest attribute does not match computed one\n"
@@ -7051,6 +7028,11 @@ msgstr " поÑтоÑнно загруженных Ñертификатов
msgid " runtime cached certificates: %u\n"
msgstr "Ñертификатов в буфере времени иÑполнениÑ: %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "Ñертификатов в буфере времени иÑполнениÑ: %u\n"
+
msgid "certificate already cached\n"
msgstr "Ñертификат уже в буфере\n"
@@ -7235,38 +7217,41 @@ msgstr "Ñбой ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ объекта буфера: %s\n
#, c-format
msgid "no CRL available for issuer id %s\n"
-msgstr "ÑпиÑка отозванных Ñертификатов Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ ID %s нет в наличии\n"
+msgstr ""
+"ÑпиÑка отозванных Ñертификатов Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ %s нет в "
+"наличии\n"
#, c-format
msgid "cached CRL for issuer id %s too old; update required\n"
msgstr ""
-"ÑпиÑок отозванных Ñертификатов Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ ID %s в буфере Ñлишком Ñтар; "
-"требуетÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ\n"
+"ÑпиÑок отозванных Ñертификатов Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ %s в буфере "
+"Ñлишком Ñтар; требуетÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ\n"
#, c-format
msgid ""
"force-crl-refresh active and %d minutes passed for issuer id %s; update "
"required\n"
msgstr ""
-"дейÑтвует force-crl-refresh и прошло %d минут Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ ID %s; "
-"требуетÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ\n"
+"дейÑтвует force-crl-refresh и прошло %d минут Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ "
+"%s; требуетÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ\n"
#, c-format
msgid "force-crl-refresh active for issuer id %s; update required\n"
msgstr ""
-"Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ ID %s дейÑтвует force-crl-refresh; требуетÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ\n"
+"Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ %s дейÑтвует force-crl-refresh; требуетÑÑ "
+"обновление\n"
#, c-format
msgid "available CRL for issuer ID %s can't be used\n"
msgstr ""
-"доÑтупный ÑпиÑок отозванных Ñертификатов Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ ID %s Ð½ÐµÐ»ÑŒÐ·Ñ "
-"иÑпользовать\n"
+"доÑтупный ÑпиÑок отозванных Ñертификатов Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ %s "
+"Ð½ÐµÐ»ÑŒÐ·Ñ Ð¸Ñпользовать\n"
#, c-format
msgid "cached CRL for issuer id %s tampered; we need to update\n"
msgstr ""
-"ÑпиÑок отозванных Ñертификатов Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ ID %s в буфере поврежден; его "
-"нужно обновить\n"
+"ÑпиÑок отозванных Ñертификатов Ð´Ð»Ñ Ð¸Ð·Ð´Ð°Ñ‚ÐµÐ»Ñ Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð¾Ð¼ %s в буфере "
+"поврежден; его нужно обновить\n"
msgid "WARNING: invalid cache record length for S/N "
msgstr "Внимание: недопуÑÑ‚Ð¸Ð¼Ð°Ñ Ð´Ð»Ñ Ñерийного номера длина буферной запиÑи "
@@ -7649,10 +7634,8 @@ msgstr "Ð¿Ñ€Ð¸Ð½ÑƒÐ´Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð°Ñ Ð·Ð°Ð³Ñ€ÑƒÐ·ÐºÐ° уÑтаревших ÑпÐ
msgid "allow sending OCSP requests"
msgstr "разрешить поÑылку запроÑов OCSP"
-#, fuzzy
-#| msgid "query the software version database"
msgid "allow online software version check"
-msgstr "запроÑить базу данных верÑий программ"
+msgstr "разрешить проверку верÑий программ по Ñети"
msgid "inhibit the use of HTTP"
msgstr "запретить иÑпользование HTTP"
@@ -8044,7 +8027,7 @@ msgstr "Ñбой Ñ€Ð°Ð·Ð¼ÐµÑ‰ÐµÐ½Ð¸Ñ Ñлемента ÑпиÑка: %s\n"
#, c-format
msgid "error getting responder ID: %s\n"
-msgstr "ошибка при получении ID ответчика: %s\n"
+msgstr "ошибка при получении идентификатора ответчика: %s\n"
msgid "no suitable certificate found to verify the OCSP response\n"
msgstr "не найдено подходÑщего Ñертификата Ð´Ð»Ñ Ð¿Ñ€Ð¾Ð²ÐµÑ€ÐºÐ¸ ответа OCSP\n"
@@ -8117,7 +8100,7 @@ msgid "ldapserver missing"
msgstr "нет Ñервера LDAP"
msgid "serialno missing in cert ID"
-msgstr "в ID Ñертификата нет Ñерийного номера"
+msgstr "в идентификаторе Ñертификата нет Ñерийного номера"
#, c-format
msgid "assuan_inquire failed: %s\n"
@@ -8190,9 +8173,6 @@ msgstr "Ñбой при проверке доверенноÑти корнево
msgid "certificate chain is good\n"
msgstr "Ñ…Ð¾Ñ€Ð¾ÑˆÐ°Ñ Ñ†ÐµÐ¿Ð¾Ñ‡ÐºÐ° Ñертификатов\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA требует 160-битной хеш-функции\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
"Ñертификат не Ñледовало иÑпользовать Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑ‹Ð²Ð°Ð½Ð¸Ñ ÑпиÑка отозванных "
@@ -8317,7 +8297,7 @@ msgid "|NAME|use NAME as default secret key"
msgstr "|NAME|иÑпользовать NAME как оÑновной Ñекретный ключ"
msgid "|NAME|encrypt to user ID NAME as well"
-msgstr "|NAME|зашифровывать также Ð´Ð»Ñ ID Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ NAME"
+msgstr "|NAME|зашифровывать также Ð´Ð»Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ‚Ð¾Ñ€Ð° Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ NAME"
msgid "|SPEC|set up email aliases"
msgstr "|SPEC|уÑтановить Ñинонимы Ñлектронной почты"
@@ -8369,31 +8349,23 @@ msgstr "СпиÑок Ñерверов LDAP"
msgid "Configuration for OCSP"
msgstr "ÐаÑтройки OCSP"
-#, fuzzy
-#| msgid "GPG for OpenPGP"
msgid "OpenPGP"
-msgstr "GPG Ð´Ð»Ñ OpenPGP"
+msgstr "OpenPGP"
msgid "Private Keys"
-msgstr ""
+msgstr "Закрытые ключи"
-#, fuzzy
-#| msgid "Smartcard Daemon"
msgid "Smartcards"
-msgstr "Демон криптографичеÑких карт"
+msgstr "КриптографичеÑкие карты"
-#, fuzzy
-#| msgid "GPG for S/MIME"
msgid "S/MIME"
-msgstr "GPG Ð´Ð»Ñ S/MIME"
+msgstr "S/MIME"
msgid "Network"
-msgstr ""
+msgstr "Сеть"
-#, fuzzy
-#| msgid "PIN and Passphrase Entry"
msgid "Passphrase Entry"
-msgstr "Ввод PIN и фраз-паролей"
+msgstr "Ввод фраз-паролей"
msgid "Component not suitable for launching"
msgstr "Компонент не подходит Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑка"
@@ -8405,15 +8377,13 @@ msgstr "ВнешнÑÑ Ð¿Ñ€Ð¾Ð²ÐµÑ€ÐºÐ° компонента %s не прошлÐ
msgid "Note that group specifications are ignored\n"
msgstr "Обратите внимание, что Ñпецификации групп игнорируютÑÑ\n"
-#, fuzzy, c-format
-#| msgid "error closing '%s': %s\n"
+#, c-format
msgid "error closing '%s'\n"
-msgstr "ошибка Ð·Ð°ÐºÑ€Ñ‹Ñ‚Ð¸Ñ '%s': %s\n"
+msgstr "ошибка Ð·Ð°ÐºÑ€Ñ‹Ñ‚Ð¸Ñ '%s'\n"
-#, fuzzy, c-format
-#| msgid "error hashing '%s': %s\n"
+#, c-format
msgid "error parsing '%s'\n"
-msgstr "ошибка при получении хеша '%s': %s\n"
+msgstr "ошибка при интерпретации '%s'\n"
msgid "list all components"
msgstr "вывод ÑпиÑка вÑех компонентов"
@@ -8433,10 +8403,8 @@ msgstr "|COMPONENT|проверить параметры"
msgid "apply global default values"
msgstr "применить глобальные Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾ умолчанию"
-#, fuzzy
-#| msgid "|FILE|take policy information from FILE"
msgid "|FILE|update configuration files using FILE"
-msgstr "|FILE|взÑÑ‚ÑŒ информацию о правилах из файла FILE"
+msgstr "|FILE|обновить файлы конфигурации из файла FILE"
msgid "get the configuration directories for @GPGCONF@"
msgstr "получить каталоги наÑтроек Ð´Ð»Ñ @GPGCONF@"
@@ -8629,62 +8597,11 @@ msgstr ""
"СинтакÑиÑ: gpg-check-pattern [параметры] файл_образцов\n"
"Проверить фразу-пароль, поÑтупающую из stdin, по файлу образцов\n"
-#~ msgid "--store [filename]"
-#~ msgstr "--store [файл]"
-
-#~ msgid "--symmetric [filename]"
-#~ msgstr "--symmetric [файл]"
-
-#~ msgid "--encrypt [filename]"
-#~ msgstr "--encrypt [файл]"
-
-#~ msgid "--symmetric --encrypt [filename]"
-#~ msgstr "--symmetric --encrypt [файл]"
-
-#~ msgid "--sign [filename]"
-#~ msgstr "--sign [файл]"
-
-#~ msgid "--sign --encrypt [filename]"
-#~ msgstr "--sign --encrypt [файл]"
-
-#~ msgid "--symmetric --sign --encrypt [filename]"
-#~ msgstr "--symmetric --sign --encrypt [файл]"
-
-#~ msgid "--sign --symmetric [filename]"
-#~ msgstr "--sign --symmetric [файл]"
-
-#~ msgid "--clear-sign [filename]"
-#~ msgstr "--clear-sign [файл]"
-
-#~ msgid "--decrypt [filename]"
-#~ msgstr "--decrypt [файл]"
-
-#~ msgid "--sign-key user-id"
-#~ msgstr "--sign-key <ID пользователÑ>"
-
-#~ msgid "--lsign-key user-id"
-#~ msgstr "--lsign-key <ID пользователÑ>"
-
-#~ msgid "--edit-key user-id [commands]"
-#~ msgstr "--edit-key <ID пользователÑ> [команды]"
-
-#~ msgid "--passwd <user-id>"
-#~ msgstr "--passwd <ID пользователÑ>"
-
-#~ msgid "[filename]"
-#~ msgstr "[файл]"
-
-#~ msgid " in the past."
-#~ msgstr " в прошлом."
-
-#~ msgid "%s: "
-#~ msgstr "%s: "
-
-#~ msgid ", and encrypted %ld messages"
-#~ msgstr ", зашифровано %ld Ñообщений"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Введите PIN%%0A[Ñделано подпиÑей: %lu]"
-#~ msgid "GPG Agent"
-#~ msgstr "Ðгент GPG"
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Введите админиÑтративный PIN%%0A[оÑталоÑÑŒ попыток: %d]"
-#~ msgid "Key Acquirer"
-#~ msgstr "ДиÑпетчер ключей"
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA требует 160-битной хеш-функции\n"
diff --git a/po/sk.po b/po/sk.po
index 8641d20..9840924 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -155,6 +155,10 @@ msgstr "chyba pri zápise do súboru tajných kľúÄov `%s': %s\n"
msgid "no suitable card key found: %s\n"
msgstr "nenájdený zapisovateľný súbor tajných kľúÄov (secring): %s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1039,6 +1043,10 @@ msgstr "chyba v pätiÄke\n"
msgid "[none]"
msgstr "neznáme"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "neplatný znak vo formáte radix64 %02x bol preskoÄený\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "zapisujem tajný kÄ¾ÃºÄ do `%s'\n"
@@ -2522,6 +2530,9 @@ msgstr "chyba pri vytváraní hesla: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "ZaÄnite písaÅ¥ svoju správu ...\n"
@@ -5887,7 +5898,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6013,7 +6024,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "chyba pri posielaní na `%s': %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6266,6 +6277,9 @@ msgstr "nemôžem inicializovať databázu dôvery: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "zlyhalo obnovenie vyrovnávacej pamäti kľúÄov: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
msgid "response does not contain the RSA modulus\n"
msgstr ""
@@ -6284,20 +6298,33 @@ msgstr ""
msgid "reading public key failed: %s\n"
msgstr "zmazanie bloku kľúÄa sa nepodarilo: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
msgstr ""
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "zmeniť heslo"
#, c-format
@@ -6308,9 +6335,6 @@ msgstr ""
msgid "verify CHV%d failed: %s\n"
msgstr "nepodarilo poslaÅ¥ kÄ¾ÃºÄ na server: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr ""
-
msgid "card is permanently locked!\n"
msgstr ""
@@ -6322,11 +6346,7 @@ msgstr[0] ""
msgstr[1] ""
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "zmeniť heslo"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "zmeniť heslo"
@@ -6335,6 +6355,10 @@ msgid "access to admin commands is not configured\n"
msgstr ""
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "zmeniť heslo"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "Prosím výberte dôvod na revokáciu:\n"
@@ -6504,10 +6528,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "neplatný znak vo formáte radix64 %02x bol preskoÄený\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent nie je v tomto sedení dostupný\n"
@@ -7315,6 +7335,10 @@ msgstr "nesprávny certifikát"
msgid " runtime cached certificates: %u\n"
msgstr "chyba pri vytváraní hesla: %s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "RevokaÄný certifikát bol vytvorený.\n"
@@ -8481,9 +8505,6 @@ msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
msgid "certificate chain is good\n"
msgstr "duplicita predvoľby %c%lu\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA požaduje použitie 160 bitového hashovacieho algoritmu\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8920,6 +8941,13 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "zmeniť heslo"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA požaduje použitie 160 bitového hashovacieho algoritmu\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [meno súboru]"
diff --git a/po/sv.po b/po/sv.po
index 22e4932..ebb985f 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -183,6 +183,11 @@ msgstr "fel när nyckel-id för autentisering hämtades från kortet: %s\n"
msgid "no suitable card key found: %s\n"
msgstr "ingen lämplig kortnyckel hittades: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "fel vid hämtning av lagrade flaggor: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1106,6 +1111,11 @@ msgstr "ignorerar skräprad"
msgid "[none]"
msgstr "[ingen]"
+# överhoppad eller hoppades över?
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "ogiltigt radix64-tecken %02x hoppades över\n"
+
msgid "argument not expected"
msgstr "argument förväntades inte"
@@ -2610,6 +2620,9 @@ msgstr "fel vid lagring av certifikat: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Skriv ditt meddelande här ...\n"
@@ -6044,7 +6057,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6176,7 +6189,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "fel vid sändning av %s-kommando: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6456,6 +6469,9 @@ msgstr "misslyckades med att lagra fingeravtrycket: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "misslyckades med att lagra datum för skapandet: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "fel vid hämtning av CHV-status från kort\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "svaret innehåller inte en RSA-modulus\n"
@@ -6474,6 +6490,23 @@ msgstr "svaret innehåller inte publikt nyckeldata\n"
msgid "reading public key failed: %s\n"
msgstr "läsning av publik nyckel misslyckades: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "använder standard-PIN som %s\n"
@@ -6484,11 +6517,9 @@ msgstr ""
"misslyckades med att använda standard-PIN som %s: %s - inaktiverar "
"ytterligare standardanvändning\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Ange PIN-koden%%0A[signaturer kvar: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Ange PIN-koden"
#, c-format
@@ -6499,9 +6530,6 @@ msgstr "PIN-kod för CHV%d är för kort; minimumlängd är %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "validering av CHV%d misslyckades: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "fel vid hämtning av CHV-status från kort\n"
-
msgid "card is permanently locked!\n"
msgstr "kortet är låst permanent!\n"
@@ -6516,17 +6544,16 @@ msgstr[1] ""
"%d försök för Admin PIN-koden återstår innan kortet låses permanent\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|Ange administratörens PIN-kod%%0A[återstående försök: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Ange administratörens PIN-kod"
msgid "access to admin commands is not configured\n"
msgstr "åtkomst till administrationskommandon är inte konfigurerat\n"
+msgid "||Please enter the PIN"
+msgstr "||Ange PIN-koden"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Ange nollställningskoden för kortet"
@@ -6703,11 +6730,6 @@ msgstr "hanterare för fd %d startad\n"
msgid "handler for fd %d terminated\n"
msgstr "hanterare för fd %d avslutad\n"
-# överhoppad eller hoppades över?
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "ogiltigt radix64-tecken %02x hoppades över\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
@@ -7541,6 +7563,11 @@ msgstr "Inkluderade certifikat"
msgid " runtime cached certificates: %u\n"
msgstr "antal matchande certifikat: %d\n"
+#, fuzzy, c-format
+#| msgid "number of matching certificates: %d\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "antal matchande certifikat: %d\n"
+
#, fuzzy
#| msgid " (certificate created at "
msgid "certificate already cached\n"
@@ -8863,9 +8890,6 @@ msgstr "sökande efter kvalificerat certifikat misslyckades: %s\n"
msgid "certificate chain is good\n"
msgstr "certifikatet är korrekt\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr ""
-
#, fuzzy
#| msgid "certificate should have not been used for signing\n"
msgid "certificate should not have been used for CRL signing\n"
@@ -9329,6 +9353,12 @@ msgstr ""
"Syntax: gpg-check-pattern [flaggor] mönsterfil\n"
"Kontrollera en lösenfras angiven på standard in mot mönsterfilen\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Ange PIN-koden%%0A[signaturer kvar: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|Ange administratörens PIN-kod%%0A[återstående försök: %d]"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [filnamn]"
diff --git a/po/tr.po b/po/tr.po
index 3cb5e2f..0e4e743 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -154,6 +154,11 @@ msgstr "kartın öntanımlı kimlik doğrulama anahtar kimliği alınırken hata
msgid "no suitable card key found: %s\n"
msgstr "uygun bir kart anahtarı yok: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "saklanmış bayraklar alınırken hata: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1076,6 +1081,10 @@ msgstr "bozuk satır yok sayılıyor"
msgid "[none]"
msgstr "[yok]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "geçersiz radix64 karakteri %02x atlandı\n"
+
msgid "argument not expected"
msgstr "deÄŸiÅŸtirge beklenmiyordu"
@@ -2541,6 +2550,9 @@ msgstr "serifika saklanırken hata: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "İletinizi yazın ...\n"
@@ -5971,7 +5983,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -6103,7 +6115,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "%s komutu gönderilirken hata: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6366,6 +6378,9 @@ msgstr "parmakizinin saklanması başarısız oldu: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "oluşturma tarihinin saklanması başarısız oldu: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "karttan CHV durumu alınırken hata\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "yanıt RSA modülü içermiyor\n"
@@ -6384,6 +6399,23 @@ msgstr "yanıt genel anahtar verisi içermiyor\n"
msgid "reading public key failed: %s\n"
msgstr "genel anahtar okuması başarısız: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "%s olarak öntanımlı PIN kullanılıyor\n"
@@ -6394,11 +6426,9 @@ msgstr ""
"%s olarak öntanımlı PIN kullanılamadı: %s - öntanımlı kullanımı iptal "
"ediliyor\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Lütfen PIN'i giriniz%%0A[yapılan imza: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Lütfen PIN'i giriniz"
#, c-format
@@ -6409,9 +6439,6 @@ msgstr "CHV%d için PIN çok kısa; asgari uzunluk: %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "CHV%d doğrulaması başarısız oldu: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "karttan CHV durumu alınırken hata\n"
-
msgid "card is permanently locked!\n"
msgstr "kart kalıcı olarak kilitli!\n"
@@ -6426,13 +6453,7 @@ msgstr[1] ""
"kart kalıcı olarak kilitlenmeden önce %d Yönetici PIN kalmasına çalışılıyor\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr ""
-"|A|Lütfen Yönetici PIN'ini okuyucu tuştakımından giriniz%%0A[kalan deneme: "
-"%d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "||Lütfen PIN'i giriniz"
@@ -6440,6 +6461,9 @@ msgstr "||Lütfen PIN'i giriniz"
msgid "access to admin commands is not configured\n"
msgstr "yönetici komutlarına erişim yapılandırılmamış\n"
+msgid "||Please enter the PIN"
+msgstr "||Lütfen PIN'i giriniz"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
@@ -6617,10 +6641,6 @@ msgstr "fd %d için eylemci başlatıldı\n"
msgid "handler for fd %d terminated\n"
msgstr "fd %d için eylemci sonlandı\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "geçersiz radix64 karakteri %02x atlandı\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
@@ -7450,6 +7470,11 @@ msgstr "İçerilen sertifikalar"
msgid " runtime cached certificates: %u\n"
msgstr "eşleşen sertifika sayısı: %d\n"
+#, fuzzy, c-format
+#| msgid "number of matching certificates: %d\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "eşleşen sertifika sayısı: %d\n"
+
#, fuzzy
#| msgid " (certificate created at "
msgid "certificate already cached\n"
@@ -8766,9 +8791,6 @@ msgstr "nitelikli sertifika için sınama başarısız: %s\n"
msgid "certificate chain is good\n"
msgstr "sertifika iyi durumda\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr ""
-
#, fuzzy
#| msgid "certificate should have not been used for signing\n"
msgid "certificate should not have been used for CRL signing\n"
@@ -9235,6 +9257,15 @@ msgstr ""
"Standart girdiden verilen anahtar parolasını örüntü dosyasıyla "
"karşılaştırır\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Lütfen PIN'i giriniz%%0A[yapılan imza: %lu]"
+
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr ""
+#~ "|A|Lütfen Yönetici PIN'ini okuyucu tuştakımından giriniz%%0A[kalan "
+#~ "deneme: %d]"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [dosyaismi]"
diff --git a/po/uk.po b/po/uk.po
index 7044b85..e38dd37 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -2,12 +2,12 @@
# Copyright (C) 2011 Free Software Foundation, Inc.
# This file is distributed under the same license as the GnuPG package.
#
-# Yuri Chornoivan <yurchor@ukr.net>, 2011, 2014, 2015, 2016.
+# Yuri Chornoivan <yurchor@ukr.net>, 2011, 2014, 2015, 2016, 2017.
msgid ""
msgstr ""
"Project-Id-Version: GNU gnupg 2.1.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2016-07-10 15:11+0300\n"
+"PO-Revision-Date: 2017-01-27 14:10+0200\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <kde-i18n-uk@kde.org>\n"
"Language: uk\n"
@@ -151,6 +151,11 @@ msgstr "на карті немає ключа Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð´Ð»Ñ
msgid "no suitable card key found: %s\n"
msgstr "не виÑвлено відповідних ключів картки: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð¸Ñ… прапорців: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -301,10 +306,8 @@ msgstr "запуÑтити у режимі фонової Ñлужби (фоно
msgid "run in server mode (foreground)"
msgstr "запуÑтити у режимі Ñервера (оÑновному)"
-#, fuzzy
-#| msgid "run in server mode"
msgid "run in supervised mode"
-msgstr "запуÑтити у режимі Ñервера"
+msgstr "запуÑтити у режимі із наглÑдом"
msgid "verbose"
msgstr "докладний режим"
@@ -755,10 +758,9 @@ msgstr "Увага: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð»Ð°Ñника не Ñ” безпечн
msgid "Warning: unsafe permissions on %s \"%s\"\n"
msgstr "Увага: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð² доÑтупу не Ñ” безпечним Ð´Ð»Ñ %s — «%s»\n"
-#, fuzzy, c-format
-#| msgid "waiting for the agent to come up ... (%ds)\n"
+#, c-format
msgid "waiting for file '%s' to become accessible ...\n"
-msgstr "Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° працездатніÑÑ‚ÑŒ агента… (%d Ñ)\n"
+msgstr "очікуємо на Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾Ñтупу до файла «%s»…\n"
#, c-format
msgid "renaming '%s' to '%s' failed: %s\n"
@@ -992,6 +994,10 @@ msgstr "ігноруємо беззміÑтовний Ñ€Ñдок"
msgid "[none]"
msgstr "[немає]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "пропущено некоректний Ñимвол radix64 %02x\n"
+
msgid "argument not expected"
msgstr "неочікуваний аргумент"
@@ -1674,7 +1680,7 @@ msgid "remove as much as possible from key during export"
msgstr "вилучити макÑимум чаÑтин з ключа під Ñ‡Ð°Ñ ÐµÐºÑпортуваннÑ"
msgid "use the GnuPG key backup format"
-msgstr ""
+msgstr "викориÑтовувати формат резервних копій ключів GnuPG"
msgid " - skipped"
msgstr " - пропущено"
@@ -1806,10 +1812,8 @@ msgstr "швидке Ð´Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ ідентифікаторÐ
msgid "quickly revoke a user-id"
msgstr "швидке Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° кориÑтувача"
-#, fuzzy
-#| msgid "quickly generate a new key pair"
msgid "quickly set a new expiration date"
-msgstr "швидке ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¸ ключів"
+msgstr "швидке вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð½Ð¾Ð²Ð¾Ñ— дати Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроку дії"
msgid "full featured key pair generation"
msgstr "повноцінне ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¸ ключів"
@@ -1917,16 +1921,6 @@ msgstr ""
"(Щоб ознайомитиÑÑ Ð·Ñ– ÑпиÑком команд Ñ– параметрів, ÑкориÑтайтеÑÑ Ñторінкою "
"довідника (man))\n"
-#, fuzzy
-#| msgid ""
-#| "@\n"
-#| "Examples:\n"
-#| "\n"
-#| " -se -r Bob [file] sign and encrypt for user Bob\n"
-#| " --clear-sign [file] make a clear text signature\n"
-#| " --detach-sign [file] make a detached signature\n"
-#| " --list-keys [names] show keys\n"
-#| " --fingerprint [names] show fingerprints\n"
msgid ""
"@\n"
"Examples:\n"
@@ -2095,10 +2089,9 @@ msgstr "показувати назву Ñховища ключів у ÑпиÑÐ
msgid "show expiration dates during signature listings"
msgstr "показувати дати Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроків дії у ÑпиÑку підпиÑів"
-#, fuzzy, c-format
-#| msgid "invalid argument for option \"%.50s\"\n"
+#, c-format
msgid "valid values for option '%s':\n"
-msgstr "некоректний аргумент параметра «%.50s»\n"
+msgstr "коректні Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° «%s»:\n"
#, c-format
msgid "unknown TOFU policy '%s'\n"
@@ -2107,10 +2100,9 @@ msgstr "невідомі правила TOFU «%s»\n"
msgid "(use \"help\" to list choices)\n"
msgstr "(команда «help» виводить ÑпиÑок можливих варіантів)\n"
-#, fuzzy, c-format
-#| msgid "invalid argument for option \"%.50s\"\n"
+#, c-format
msgid "invalid value for option '%s'\n"
-msgstr "некоректний аргумент параметра «%.50s»\n"
+msgstr "некоректне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° «%s»\n"
#, c-format
msgid "Note: old default options file '%s' ignored\n"
@@ -2124,10 +2116,9 @@ msgstr "ЗÐУВÐЖЕÐÐЯ: %s не призначено Ð´Ð»Ñ Ð·Ð²Ð¸Ñ‡Ð°Ð¹Ð½
msgid "'%s' is not a valid signature expiration\n"
msgstr "«%s» не Ñ” коректним запиÑом Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроку дії підпиÑу\n"
-#, fuzzy, c-format
-#| msgid "line %d: not a valid email address\n"
+#, c-format
msgid "\"%s\" is not a proper mail address\n"
-msgstr "Ñ€Ñдок %d: некоректна адреÑа електронної пошти\n"
+msgstr "«%s» не Ñ” коректною адреÑою електронної пошти\n"
#, c-format
msgid "invalid pinentry mode '%s'\n"
@@ -2394,6 +2385,9 @@ msgstr "помилка під Ñ‡Ð°Ñ Ñпроби обробки ÑпецифіÐ
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr "«%s» не є коректним ідентифікатором ключа, відбитком або кодом\n"
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "Почніть вводити ваше повідомленнÑ...\n"
@@ -2462,10 +2456,8 @@ msgstr "вилучити макÑимум чаÑтин з ключа піÑлÑ
msgid "run import filters and export key immediately"
msgstr "запуÑтити фільтри Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° екÑпортувати ключ негайно"
-#, fuzzy
-#| msgid "assume input is in binary format"
msgid "assume the GnuPG key backup format"
-msgstr "вважати вхідні дані даними у двійковому форматі"
+msgstr "припуÑкати формат резервних копій ключів GnuPG"
#, c-format
msgid "skipping block of type %d\n"
@@ -3381,10 +3373,9 @@ msgstr "Ðемає відповідних ідентифікаторів корÐ
msgid "Nothing to sign.\n"
msgstr "Ðічого підпиÑувати.\n"
-#, fuzzy, c-format
-#| msgid "'%s' is not a valid signature expiration\n"
+#, c-format
msgid "'%s' is not a valid expiration time\n"
-msgstr "«%s» не Ñ” коректним запиÑом Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроку дії підпиÑу\n"
+msgstr "«%s» не Ñ” коректним запиÑом Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроку дії\n"
msgid "Digest: "
msgstr "Контрольна Ñума: "
@@ -4450,10 +4441,9 @@ msgstr " за допомогою %s ключа %s\n"
msgid "Signature made %s using %s key ID %s\n"
msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ñтворено %s ключем %s з ідентифікатором %s\n"
-#, fuzzy, c-format
-#| msgid " aka \"%s\""
+#, c-format
msgid " issuer \"%s\"\n"
-msgstr " або «%s»"
+msgstr " видавець «%s»\n"
msgid "Key available at: "
msgstr "Ключ доÑтупний на: "
@@ -4841,25 +4831,18 @@ msgstr "Ймовірно, цей ключ належить кориÑтувачÐ
msgid "This key belongs to us\n"
msgstr "Цей ключ належить нам\n"
-#, fuzzy, c-format
-#| msgid "root certificate has now been marked as trusted\n"
+#, c-format
msgid "%s: This key is bad! It has been marked as untrusted!\n"
-msgstr "кореневий Ñертифікат було позначено Ñк надійний\n"
+msgstr "%s: цей ключ Ñ” помилковим! Його позначено Ñк не вартий довіри!\n"
-#, fuzzy
-#| msgid ""
-#| "It is NOT certain that the key belongs to the person named\n"
-#| "in the user ID. If you *really* know what you are doing,\n"
-#| "you may answer the next question with yes.\n"
msgid ""
"This key is bad! It has been marked as untrusted! If you\n"
"*really* know what you are doing, you may answer the next\n"
"question with yes.\n"
msgstr ""
-"Ðе можна з певніÑÑ‚ÑŽ вважати, що ключ належить оÑобі,\n"
-"вказаній у ідентифікаторі кориÑтувача. Якщо вам *точно*\n"
-"відомі наÑлідки ваших дій, можете Ñтвердно відповіÑти\n"
-"на наÑтупне питаннÑ.\n"
+"Цей ключ Ñ” помилковим! Його позначено Ñк не вартий довіри! Якщо\n"
+"ви попри це впевнені у наÑлідках Ñвоїх дій, вам Ñлід відповіÑти\n"
+"на наÑтупне Ð¿Ð¸Ñ‚Ð°Ð½Ð½Ñ Â«Ñ‚Ð°ÐºÂ».\n"
msgid ""
"It is NOT certain that the key belongs to the person named\n"
@@ -5505,13 +5488,13 @@ msgstr "помилка під Ñ‡Ð°Ñ ÑкаÑÐ¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð¼Ñ–Ð½ у баз
msgid "unsupported TOFU database version: %s\n"
msgstr "непідтримувана верÑÑ–Ñ Ð±Ð°Ð·Ð¸ даних TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "error creating temporary file: %s\n"
+#, c-format
msgid "error creating 'ultimately_trusted_keys' TOFU table: %s\n"
-msgstr "помилка ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ‚Ð¸Ð¼Ñ‡Ð°Ñового файла: %s\n"
+msgstr ""
+"помилка під Ñ‡Ð°Ñ Ñпроби Ñтворити таблицю TOFU «ultimately_trusted_keys»: %s\n"
msgid "TOFU DB error"
-msgstr ""
+msgstr "помилка бази даних TOFU"
#, c-format
msgid "error reading TOFU database: %s\n"
@@ -5525,14 +5508,13 @@ msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²ÐµÑ€ÑÑ
msgid "error initializing TOFU database: %s\n"
msgstr "помилка під Ñ‡Ð°Ñ Ñпроби ініціалізації бази даних TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "error reading TOFU database: %s\n"
+#, c-format
msgid "error creating 'encryptions' TOFU table: %s\n"
-msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð±Ð°Ð·Ð¸ даних TOFU: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñтворити таблицю TOFU «encryptions»: %s\n"
#, c-format
msgid "adding column effective_policy to bindings DB: %s\n"
-msgstr ""
+msgstr "додаємо Ñтовпчик effective_policy до бази даних прив’Ñзок: %s\n"
#, c-format
msgid "error opening TOFU database '%s': %s\n"
@@ -5542,45 +5524,37 @@ msgstr "помилка під Ñ‡Ð°Ñ Ñпроби відкрити бази да
msgid "error updating TOFU database: %s\n"
msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð±Ð°Ð·Ð¸ даних TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "The email address \"%s\" is associated with %d key:\n"
-#| msgid_plural "The email address \"%s\" is associated with %d keys:\n"
+#, c-format
msgid ""
"This is the first time the email address \"%s\" is being used with key %s."
-msgstr "ÐдреÑу електронної пошти «%s» пов’Ñзано із %d ключем:\n"
+msgstr "ÐдреÑа електронної пошти «%s» вперше викориÑтовуєтьÑÑ Ð· ключем %s."
-#, fuzzy, c-format
-#| msgid "The email address \"%s\" is associated with %d key:\n"
-#| msgid_plural "The email address \"%s\" is associated with %d keys:\n"
+#, c-format
msgid "The email address \"%s\" is associated with %d key!"
msgid_plural "The email address \"%s\" is associated with %d keys!"
-msgstr[0] "ÐдреÑу електронної пошти «%s» пов’Ñзано із %d ключем:\n"
-msgstr[1] "ÐдреÑу електронної пошти «%s» пов’Ñзано із %d ключем:\n"
-msgstr[2] "ÐдреÑу електронної пошти «%s» пов’Ñзано із %d ключем:\n"
+msgstr[0] "ÐдреÑу електронної пошти «%s» пов’Ñзано із %d ключем!"
+msgstr[1] "ÐдреÑу електронної пошти «%s» пов’Ñзано із %d ключами!"
+msgstr[2] "ÐдреÑу електронної пошти «%s» пов’Ñзано із %d ключами!"
-#, fuzzy
-#| msgid ""
-#| "The key with fingerprint %s raised a conflict with the binding %s. Since "
-#| "this binding's policy was 'auto', it was changed to 'ask'."
msgid " Since this binding's policy was 'auto', it has been changed to 'ask'."
msgstr ""
-"Ключ із відбитком %s конфліктує із прив’Ñзкою %s. ОÑкільки правилами цієї "
-"прив’Ñзки визначалоÑÑ Â«Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾Â», Ñ—Ñ… змінено на «запитувати»."
+" ОÑкільки правилами цієї прив’Ñзки визначалоÑÑ Â«Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾Â», Ñ—Ñ… змінено на "
+"«запитувати»."
#, c-format
msgid ""
"Please indicate whether this email address should be associated with key %s "
"or whether you think someone is impersonating \"%s\"."
msgstr ""
+"Будь лаÑка, вкажіть, Ñлід пов’Ñзати цю адреÑу електронної пошти з ключем %s "
+"чи ви вважаєте, що хтоÑÑŒ видає Ñебе за «%s»."
#, c-format
msgid "error gathering other user IDs: %s\n"
msgstr "помилка під Ñ‡Ð°Ñ Ð·Ð±Ð¸Ñ€Ð°Ð½Ð½Ñ Ñ–Ð½ÑˆÐ¸Ñ… ідентифікаторів кориÑтувачів: %s\n"
-#, fuzzy
-#| msgid "list key and user IDs"
msgid "This key's user IDs:\n"
-msgstr "показати ÑпиÑок ключів та ідентифікаторів кориÑтувача"
+msgstr "Ідентифікатори кориÑтувачів цього ключа:\n"
#, c-format
msgid "policy: %s"
@@ -5603,116 +5577,88 @@ msgid "Statistics for keys with the email address \"%s\":\n"
msgstr "СтатиÑтичні дані Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ñ–Ð² із адреÑою електронної пошти «%s»:\n"
msgid ", "
-msgstr ""
+msgstr ", "
msgid "this key"
msgstr "цей ключ"
-#, fuzzy, c-format
-#| msgid "Verified %ld messages signed by \"%s\"."
+#, c-format
msgid "Verified %d message."
msgid_plural "Verified %d messages."
-msgstr[0] "Перевірено %ld повідомлень, підпиÑаних «%s»."
-msgstr[1] "Перевірено %ld повідомлень, підпиÑаних «%s»."
-msgstr[2] "Перевірено %ld повідомлень, підпиÑаних «%s»."
+msgstr[0] "Перевірено %d повідомленнÑ."
+msgstr[1] "Перевірено %d повідомленнÑ."
+msgstr[2] "Перевірено %d повідомлень."
-#, fuzzy, c-format
-#| msgid "encrypted with %lu passphrases\n"
+#, c-format
msgid "Encrypted %d message."
msgid_plural "Encrypted %d messages."
-msgstr[0] "зашифровано за допомогою %lu паролів\n"
-msgstr[1] "зашифровано за допомогою %lu паролів\n"
-msgstr[2] "зашифровано за допомогою %lu паролів\n"
+msgstr[0] "Зашифровано %d повідомленнÑ."
+msgstr[1] "Зашифровано %d повідомленнÑ."
+msgstr[2] "Зашифровано %d повідомлень."
-#, fuzzy, c-format
-#| msgid "%ld message signed in the future."
-#| msgid_plural "%ld messages signed in the future."
+#, c-format
msgid "Verified %d message in the future."
msgid_plural "Verified %d messages in the future."
-msgstr[0] "%ld Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñано у майбутньому."
-msgstr[1] "%ld Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñано у майбутньому."
-msgstr[2] "%ld повідомлень підпиÑано у майбутньому."
+msgstr[0] "Перевірено %d Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñƒ майбутньому."
+msgstr[1] "Перевірено %d Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñƒ майбутньому."
+msgstr[2] "Перевірено %d повідомлень у майбутньому."
-#, fuzzy, c-format
-#| msgid "%ld message signed in the future."
-#| msgid_plural "%ld messages signed in the future."
+#, c-format
msgid "Encrypted %d message in the future."
msgid_plural "Encrypted %d messages in the future."
-msgstr[0] "%ld Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñано у майбутньому."
-msgstr[1] "%ld Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñано у майбутньому."
-msgstr[2] "%ld повідомлень підпиÑано у майбутньому."
+msgstr[0] "Зашифровано %d Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñƒ майбутньому."
+msgstr[1] "Зашифровано %d Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñƒ майбутньому."
+msgstr[2] "Зашифровано %d повідомлень у майбутньому."
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
msgid "Messages verified over the past %d day: %d."
msgid_plural "Messages verified over the past %d days: %d."
-msgstr[0] " протÑгом %ld попереднього днÑ."
-msgstr[1] " протÑгом %ld попередніх днів."
-msgstr[2] " протÑгом %ld попередніх днів."
+msgstr[0] "Перевірено повідомлень протÑгом оÑтаннього %d днÑ: %d."
+msgstr[1] "Перевірено повідомлень протÑгом оÑтанніх %d днів: %d."
+msgstr[2] "Перевірено повідомлень протÑгом оÑтанніх %d днів: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
msgid "Messages encrypted over the past %d day: %d."
msgid_plural "Messages encrypted over the past %d days: %d."
-msgstr[0] " протÑгом %ld попереднього днÑ."
-msgstr[1] " протÑгом %ld попередніх днів."
-msgstr[2] " протÑгом %ld попередніх днів."
+msgstr[0] "Повідомлень, Ñкі зашифровано протÑгом оÑтаннього %d днÑ: %d."
+msgstr[1] "Повідомлень, Ñкі зашифровано протÑгом оÑтанніх %d днів: %d."
+msgstr[2] "Повідомлень, Ñкі зашифровано протÑгом оÑтанніх %d днів: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld month."
-#| msgid_plural " over the past %ld months."
+#, c-format
msgid "Messages verified over the past %d month: %d."
msgid_plural "Messages verified over the past %d months: %d."
-msgstr[0] " протÑгом %ld попереднього міÑÑцÑ."
-msgstr[1] " протÑгом %ld попередніх міÑÑців."
-msgstr[2] " протÑгом %ld попередніх міÑÑців."
+msgstr[0] "Перевірено повідомлень протÑгом оÑтаннього %d міÑÑцÑ: %d."
+msgstr[1] "Перевірено повідомлень протÑгом оÑтанніх %d міÑÑців: %d."
+msgstr[2] "Перевірено повідомлень протÑгом оÑтанніх %d міÑÑців: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld month."
-#| msgid_plural " over the past %ld months."
+#, c-format
msgid "Messages encrypted over the past %d month: %d."
msgid_plural "Messages encrypted over the past %d months: %d."
-msgstr[0] " протÑгом %ld попереднього міÑÑцÑ."
-msgstr[1] " протÑгом %ld попередніх міÑÑців."
-msgstr[2] " протÑгом %ld попередніх міÑÑців."
+msgstr[0] "Повідомлень, Ñкі зашифровано протÑгом оÑтаннього %d міÑÑцÑ: %d."
+msgstr[1] "Повідомлень, Ñкі зашифровано протÑгом оÑтанніх %d міÑÑців: %d."
+msgstr[2] "Повідомлень, Ñкі зашифровано протÑгом оÑтанніх %d міÑÑців: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
msgid "Messages verified over the past %d year: %d."
msgid_plural "Messages verified over the past %d years: %d."
-msgstr[0] " протÑгом %ld попереднього днÑ."
-msgstr[1] " протÑгом %ld попередніх днів."
-msgstr[2] " протÑгом %ld попередніх днів."
+msgstr[0] "Перевірено повідомлень протÑгом оÑтаннього %d року: %d."
+msgstr[1] "Перевірено повідомлень протÑгом оÑтанніх %d років: %d."
+msgstr[2] "Перевірено повідомлень протÑгом оÑтанніх %d років: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
msgid "Messages encrypted over the past %d year: %d."
msgid_plural "Messages encrypted over the past %d years: %d."
-msgstr[0] " протÑгом %ld попереднього днÑ."
-msgstr[1] " протÑгом %ld попередніх днів."
-msgstr[2] " протÑгом %ld попередніх днів."
+msgstr[0] "Повідомлень, Ñкі зашифровано протÑгом оÑтаннього %d року: %d."
+msgstr[1] "Повідомлень, Ñкі зашифровано протÑгом оÑтанніх %d років: %d."
+msgstr[2] "Повідомлень, Ñкі зашифровано протÑгом оÑтанніх %d років: %d."
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
msgid "Messages verified in the past: %d."
-msgstr " протÑгом %ld попереднього днÑ."
+msgstr "Повідомлень, Ñкі перевірено у минулому: %d."
-#, fuzzy, c-format
-#| msgid ""
-#| "Verified %ld message signed by \"%s\"\n"
-#| "in the past %s."
-#| msgid_plural ""
-#| "Verified %ld messages signed by \"%s\"\n"
-#| "in the past %s."
+#, c-format
msgid "Messages encrypted in the past: %d."
-msgstr ""
-"Перевірено %ld повідомленнÑ, підпиÑане «%s»,\n"
-"протÑгом такого Ñтроку: %s."
+msgstr "Повідомлень, Ñкі зашифровано у минулому: %d."
#. TRANSLATORS: Please translate the text found in the source
#. * file below. We don't directly internationalize that text so
@@ -5737,180 +5683,123 @@ msgstr ""
"(G)Добрий, (A)ПрийнÑти одноразово, (U)Ðевідомий, (R)Відкинути одноразово, "
"(B)Поганий? "
-msgid "Defaulting to unknown."
-msgstr ""
+#, fuzzy
+#| msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
+msgstr "Типовим значеннÑм Ñ” «невідомий»."
msgid "TOFU db corruption detected.\n"
-msgstr ""
+msgstr "ВиÑвлено Ð¿Ð¾ÑˆÐºÐ¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð±Ð°Ð·Ð¸ даних TOFU.\n"
-#, fuzzy, c-format
-#| msgid "error writing key: %s\n"
+#, c-format
msgid "resetting keydb: %s\n"
-msgstr "помилка під Ñ‡Ð°Ñ Ñпроби запиÑу ключа: %s\n"
+msgstr "Ñкидаємо базу даних ключів: %s\n"
-#, fuzzy, c-format
-#| msgid "error setting TOFU binding's trust level to %s\n"
+#, c-format
msgid "error setting TOFU binding's policy to %s\n"
-msgstr ""
-"помилка під Ñ‡Ð°Ñ Ñпроби вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ€Ñ–Ð²Ð½Ñ Ð´Ð¾Ð²Ñ–Ñ€Ð¸ до прив’Ñзки TOFU до %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð» прив’Ñзки TOFU до %s\n"
#, c-format
msgid "error changing TOFU policy: %s\n"
msgstr "помилка під Ñ‡Ð°Ñ Ñпроби змінити правила TOFU: %s\n"
-#, fuzzy, c-format
-#| msgid "%d~year"
-#| msgid_plural "%d~years"
+#, c-format
msgid "%lld~year"
msgid_plural "%lld~years"
-msgstr[0] "%d~рік"
-msgstr[1] "%d~роки"
-msgstr[2] "%d~років"
+msgstr[0] "%lld~рік"
+msgstr[1] "%lld~роки"
+msgstr[2] "%lld~років"
-#, fuzzy, c-format
-#| msgid "%d~month"
-#| msgid_plural "%d~months"
+#, c-format
msgid "%lld~month"
msgid_plural "%lld~months"
-msgstr[0] "%d~міÑÑць"
-msgstr[1] "%d~міÑÑці"
-msgstr[2] "%d~міÑÑців"
+msgstr[0] "%lld~міÑÑць"
+msgstr[1] "%lld~міÑÑці"
+msgstr[2] "%lld~міÑÑців"
#, c-format
msgid "%lld~week"
msgid_plural "%lld~weeks"
-msgstr[0] ""
-msgstr[1] ""
-msgstr[2] ""
+msgstr[0] "%lld~тиждень"
+msgstr[1] "%lld~тижні"
+msgstr[2] "%lld~тижнів"
-#, fuzzy, c-format
-#| msgid "%d~day"
-#| msgid_plural "%d~days"
+#, c-format
msgid "%lld~day"
msgid_plural "%lld~days"
-msgstr[0] "%d~день"
-msgstr[1] "%d~дні"
-msgstr[2] "%d~днів"
+msgstr[0] "%lld~день"
+msgstr[1] "%lld~дні"
+msgstr[2] "%lld~днів"
-#, fuzzy, c-format
-#| msgid "%d~hour"
-#| msgid_plural "%d~hours"
+#, c-format
msgid "%lld~hour"
msgid_plural "%lld~hours"
-msgstr[0] "%d~година"
-msgstr[1] "%d~години"
-msgstr[2] "%d~годин"
+msgstr[0] "%lld~година"
+msgstr[1] "%lld~години"
+msgstr[2] "%lld~годин"
-#, fuzzy, c-format
-#| msgid "%d~minute"
-#| msgid_plural "%d~minutes"
+#, c-format
msgid "%lld~minute"
msgid_plural "%lld~minutes"
-msgstr[0] "%d~хвилина"
-msgstr[1] "%d~хвилини"
-msgstr[2] "%d~хвилин"
+msgstr[0] "%lld~хвилина"
+msgstr[1] "%lld~хвилини"
+msgstr[2] "%lld~хвилин"
-#, fuzzy, c-format
-#| msgid "%d~second"
-#| msgid_plural "%d~seconds"
+#, c-format
msgid "%lld~second"
msgid_plural "%lld~seconds"
-msgstr[0] "%d~Ñекунда"
-msgstr[1] "%d~Ñекунди"
-msgstr[2] "%d~Ñекунд"
+msgstr[0] "%lld~Ñекунда"
+msgstr[1] "%lld~Ñекунди"
+msgstr[2] "%lld~Ñекунд"
#, c-format
msgid "%s: Verified 0~signatures and encrypted 0~messages."
-msgstr ""
+msgstr "%s: перевірено 0~підпиÑів Ñ– зашифровано 0~повідомлень."
-#, fuzzy, c-format
-#| msgid "Deleted %d signatures.\n"
+#, c-format
msgid "%s: Verified 0 signatures."
-msgstr "Вилучено %d підпиÑів.\n"
+msgstr "%s: перевірено 0 підпиÑів."
-#, fuzzy, c-format
-#| msgid ""
-#| "Verified %ld message signed by \"%s\"\n"
-#| "in the past %s."
-#| msgid_plural ""
-#| "Verified %ld messages signed by \"%s\"\n"
-#| "in the past %s."
+#, c-format
msgid "%s: Verified %ld~signature in the past %s."
msgid_plural "%s: Verified %ld~signatures in the past %s."
-msgstr[0] ""
-"Перевірено %ld повідомленнÑ, підпиÑане «%s»,\n"
-"протÑгом такого Ñтроку: %s."
-msgstr[1] ""
-"Перевірено %ld повідомленнÑ, підпиÑаних «%s»,\n"
-"протÑгом такого Ñтроку: %s."
-msgstr[2] ""
-"Перевірено %ld повідомлень, підпиÑаних «%s»,\n"
-"протÑгом такого Ñтроку: %s."
+msgstr[0] "%s: перевірено %ld~Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð¿Ñ€Ð¾Ñ‚Ñгом оÑтаннього %s."
+msgstr[1] "%s: перевірено %ld~підпиÑи протÑгом оÑтаннього %s."
+msgstr[2] "%s: перевірено %ld~підпиÑів протÑгом оÑтаннього %s."
-#, fuzzy
-#| msgid "encrypted with %lu passphrases\n"
msgid "Encrypted 0 messages."
-msgstr "зашифровано за допомогою %lu паролів\n"
+msgstr "Зашифровано 0 повідомлень."
-#, fuzzy, c-format
-#| msgid ""
-#| "Verified %ld message signed by \"%s\"\n"
-#| "in the past %s."
-#| msgid_plural ""
-#| "Verified %ld messages signed by \"%s\"\n"
-#| "in the past %s."
+#, c-format
msgid "Encrypted %ld~message in the past %s."
msgid_plural "Encrypted %ld~messages in the past %s."
-msgstr[0] ""
-"Перевірено %ld повідомленнÑ, підпиÑане «%s»,\n"
-"протÑгом такого Ñтроку: %s."
-msgstr[1] ""
-"Перевірено %ld повідомленнÑ, підпиÑаних «%s»,\n"
-"протÑгом такого Ñтроку: %s."
-msgstr[2] ""
-"Перевірено %ld повідомлень, підпиÑаних «%s»,\n"
-"протÑгом такого Ñтроку: %s."
+msgstr[0] "Зашифровано %ld~Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ñ‚Ñгом оÑтаннього %s."
+msgstr[1] "Зашифровано %ld~Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ñ‚Ñгом оÑтаннього %s."
+msgstr[2] "Зашифровано %ld~повідомлень протÑгом оÑтаннього %s."
-#, fuzzy, c-format
-#| msgid "policy: %s"
+#, c-format
msgid "(policy: %s)"
-msgstr "правило: %s"
+msgstr "(правило: %s)"
-#, fuzzy
-#| msgid "Warning: we've have yet to see a message signed by this key!\n"
msgid ""
"Warning: we have yet to see a message signed using this key and user id!\n"
-msgstr "ПопередженнÑ: повідомлень, Ñкі було б підпиÑано цим ключем, не було!\n"
+msgstr ""
+"ПопередженнÑ: ще не Ñ–Ñнує повідомлень, Ñкі було б підпиÑано цим ключем та "
+"ідентифікатором кориÑтувача!\n"
-#, fuzzy
-#| msgid "Warning: we've only seen a single message signed by this key!\n"
msgid ""
"Warning: we've only seen one message signed using this key and user id!\n"
-msgstr "ПопередженнÑ: цим ключем було підпиÑано лише одне повідомленнÑ!\n"
+msgstr ""
+"ПопередженнÑ: за допомогою цього ключа Ñ– ідентифікатора кориÑтувача "
+"підпиÑано лише одне повідомленнÑ!\n"
-#, fuzzy
-#| msgid "Warning: we've have yet to see a message signed by this key!\n"
msgid "Warning: you have yet to encrypt a message to this key!\n"
-msgstr "ПопередженнÑ: повідомлень, Ñкі було б підпиÑано цим ключем, не було!\n"
+msgstr "ПопередженнÑ: цим ключем ще не зашифровано жодного повідомленнÑ!\n"
-#, fuzzy
-#| msgid "Warning: we've only seen a single message signed by this key!\n"
msgid "Warning: you have only encrypted one message to this key!\n"
-msgstr "ПопередженнÑ: цим ключем було підпиÑано лише одне повідомленнÑ!\n"
+msgstr "ПопередженнÑ: цим ключем було зашифровано лише одне повідомленнÑ!\n"
-#, fuzzy, c-format
-#| msgid ""
-#| "Warning: if you think you've seen more than %ld message signed by this "
-#| "key, then this key might be a forgery! Carefully examine the email "
-#| "address for small variations. If the key is suspect, then use\n"
-#| " %s\n"
-#| "to mark it as being bad.\n"
-#| msgid_plural ""
-#| "Warning: if you think you've seen more than %ld messages signed by this "
-#| "key, then this key might be a forgery! Carefully examine the email "
-#| "address for small variations. If the key is suspect, then use\n"
-#| " %s\n"
-#| "to mark it as being bad.\n"
+#, c-format
msgid ""
"Warning: if you think you've seen more signatures by this key and user id, "
"then this key might be a forgery! Carefully examine the email address for "
@@ -5924,24 +5813,24 @@ msgid_plural ""
" %s\n"
"to mark it as being bad.\n"
msgstr[0] ""
-"ПопередженнÑ: Ñкщо вам здаєтьÑÑ, що у Ð²Ð°Ñ Ð±ÑƒÐ»Ð¾ понад %ld повідомленнÑ, "
-"підпиÑане цим ключем, цей ключ може бути підробним! Уважно перевірте, чи "
-"точно вказано адреÑу електронної пошти. Якщо ключ Ñ” підозріливим, "
-"ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ\n"
+"ПопередженнÑ: Ñкщо вам здаєтьÑÑ, що у Ð²Ð°Ñ Ð±ÑƒÐ»Ð¾ більше підпиÑів за допомогою "
+"цього ключа, цей ключ та ідентифікатор кориÑтувача можуть бути підробними! "
+"Уважно перевірте, чи точно вказано адреÑу електронної пошти. Якщо ключ Ñ” "
+"підозріливим, ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ\n"
" %s\n"
"Ð´Ð»Ñ Ð¿Ð¾Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° Ñк помилкового.\n"
msgstr[1] ""
-"ПопередженнÑ: Ñкщо вам здаєтьÑÑ, що у Ð²Ð°Ñ Ð±ÑƒÐ»Ð¾ понад %ld повідомленнÑ, "
-"підпиÑане цим ключем, цей ключ може бути підробним! Уважно перевірте, чи "
-"точно вказано адреÑу електронної пошти. Якщо ключ Ñ” підозріливим, "
-"ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ\n"
+"ПопередженнÑ: Ñкщо вам здаєтьÑÑ, що у Ð²Ð°Ñ Ð±ÑƒÐ»Ð¾ більше підпиÑів за допомогою "
+"цього ключа, цей ключ та ідентифікатори кориÑтувача можуть бути підробними! "
+"Уважно перевірте, чи точно вказано адреÑи електронної пошти. Якщо ключ Ñ” "
+"підозріливим, ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ\n"
" %s\n"
"Ð´Ð»Ñ Ð¿Ð¾Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° Ñк помилкового.\n"
msgstr[2] ""
-"ПопередженнÑ: Ñкщо вам здаєтьÑÑ, що у Ð²Ð°Ñ Ð±ÑƒÐ»Ð¾ понад %ld повідомлень, "
-"підпиÑане цим ключем, цей ключ може бути підробним! Уважно перевірте, чи "
-"точно вказано адреÑу електронної пошти. Якщо ключ Ñ” підозріливим, "
-"ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ\n"
+"ПопередженнÑ: Ñкщо вам здаєтьÑÑ, що у Ð²Ð°Ñ Ð±ÑƒÐ»Ð¾ більше підпиÑів за допомогою "
+"цього ключа, цей ключ та ідентифікатори кориÑтувача можуть бути підробними! "
+"Уважно перевірте, чи точно вказано адреÑи електронної пошти. Якщо ключ Ñ” "
+"підозріливим, ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ\n"
" %s\n"
"Ð´Ð»Ñ Ð¿Ð¾Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° Ñк помилкового.\n"
@@ -5949,14 +5838,18 @@ msgstr[2] ""
msgid "error opening TOFU database: %s\n"
msgstr "помилка під Ñ‡Ð°Ñ Ñпроби відкрити бази даних TOFU: %s\n"
-#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+#, fuzzy, c-format
+#| msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
+"ПОПЕРЕДЖЕÐÐЯ: шифруємо до %s, Ð´Ð»Ñ Ñкого не виÑвлено не відкликаних "
+"ідентифікаторів кориÑтувача.\n"
-#, fuzzy, c-format
-#| msgid "error writing public keyring '%s': %s\n"
+#, c-format
msgid "error setting policy for key %s, user id \"%s\": %s"
-msgstr "помилка під Ñ‡Ð°Ñ Ñпроби запиÑу до Ñховища відкритих ключів «%s»: %s\n"
+msgstr ""
+"помилка під Ñ‡Ð°Ñ Ñпроби вÑтановити правила Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð° %s, ідентифікатор "
+"кориÑтувача «%s»: %s"
#, c-format
msgid "'%s' is not a valid long keyID\n"
@@ -6214,16 +6107,17 @@ msgstr "не вдалоÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ відбиток: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "не вдалоÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ дату ÑтвореннÑ: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "помилка Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ñтану CHV з картки\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "відповідь не міÑтить оÑнови чиÑÐ»ÐµÐ½Ð½Ñ RSA\n"
msgid "response does not contain the RSA public exponent\n"
msgstr "відповідь не міÑтить відкритого показника RSA\n"
-#, fuzzy
-#| msgid "response does not contain the EC public point\n"
msgid "response does not contain the EC public key\n"
-msgstr "відповідь не міÑтить відкритої точки еліптичної кривої\n"
+msgstr "відповідь не міÑтить відкритого ключа еліптичної кривої\n"
msgid "response does not contain the public key data\n"
msgstr "відповідь не міÑтить даних відкритого ключа\n"
@@ -6232,6 +6126,23 @@ msgstr "відповідь не міÑтить даних відкритого Ð
msgid "reading public key failed: %s\n"
msgstr "помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "викориÑтовуємо типовий пінкод Ñк %s\n"
@@ -6242,11 +6153,9 @@ msgstr ""
"не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтати типовий пінкод Ñк %s: %s — вимикаємо подальше типове "
"викориÑтаннÑ\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||Будь лаÑка, вкажіть пінкод%%0A[підпиÑів: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||Вкажіть пінкод"
#, c-format
@@ -6257,9 +6166,6 @@ msgstr "Пінкод Ð´Ð»Ñ CHV%d занадто короткий; мінімаÐ
msgid "verify CHV%d failed: %s\n"
msgstr "помилка перевірки CHV%d: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "помилка Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ñтану CHV з картки\n"
-
msgid "card is permanently locked!\n"
msgstr "картку заблоковано!\n"
@@ -6278,18 +6184,16 @@ msgstr[2] ""
"картку буде оÑтаточно заблоковано\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr ""
-"|A|Будь лаÑка, вкажіть адмініÑтративний пінкод%%0A[залишилоÑÑ Ñпроб: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|Вкажіть адмініÑтративний пінкод"
msgid "access to admin commands is not configured\n"
msgstr "доÑтуп до адмініÑтративних команд не налаштовано\n"
+msgid "||Please enter the PIN"
+msgstr "||Вкажіть пінкод"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||Вкажіть код ÑÐºÐ¸Ð´Ð°Ð½Ð½Ñ ÐºÐ¾Ð´Ñƒ картки"
@@ -6448,10 +6352,6 @@ msgstr "запущено запуÑк обробки Ð´Ð»Ñ Ð´ÐµÑкриптор
msgid "handler for fd %d terminated\n"
msgstr "роботу обробника Ð´Ð»Ñ Ð´ÐµÑкриптора %d перервано\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "пропущено некоректний Ñимвол radix64 %02x\n"
-
msgid "no dirmngr running in this session\n"
msgstr "у цьому ÑеанÑÑ– не запущено dirmngr\n"
@@ -7230,6 +7130,11 @@ msgstr "оÑтаточно завантажені Ñертифікати: %u\n"
msgid " runtime cached certificates: %u\n"
msgstr " динамічно кешовані Ñертифікати: %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr " динамічно кешовані Ñертифікати: %u\n"
+
msgid "certificate already cached\n"
msgstr "Ñертифікат вже кешовано\n"
@@ -7815,7 +7720,7 @@ msgid "allow sending OCSP requests"
msgstr "дозволити надÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð² OCSP"
msgid "allow online software version check"
-msgstr ""
+msgstr "дозволити інтерактивну перевірку верÑÑ–Ñ— програмного забезпеченнÑ"
msgid "inhibit the use of HTTP"
msgstr "заборонити викориÑÑ‚Ð°Ð½Ð½Ñ HTTP"
@@ -8351,9 +8256,6 @@ msgstr ""
msgid "certificate chain is good\n"
msgstr "коректний ланцюжок Ñертифікації\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA потребує викориÑÑ‚Ð°Ð½Ð½Ñ 160-бітового алгоритму хешуваннÑ\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr "Ñертифікат не мав викориÑтовуватиÑÑ Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸ÑÑƒÐ²Ð°Ð½Ð½Ñ CRL\n"
@@ -8529,31 +8431,23 @@ msgstr "ÑпиÑок Ñерверів LDAP"
msgid "Configuration for OCSP"
msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ OCSP"
-#, fuzzy
-#| msgid "GPG for OpenPGP"
msgid "OpenPGP"
-msgstr "GPG Ð´Ð»Ñ OpenPGP"
+msgstr "OpenPGP"
msgid "Private Keys"
-msgstr ""
+msgstr "Закриті ключі"
-#, fuzzy
-#| msgid "Smartcard Daemon"
msgid "Smartcards"
-msgstr "Фонова Ñлужба карток пам’ÑÑ‚Ñ–"
+msgstr "Картки пам’ÑÑ‚Ñ–"
-#, fuzzy
-#| msgid "GPG for S/MIME"
msgid "S/MIME"
-msgstr "GPG Ð´Ð»Ñ S/MIME"
+msgstr "S/MIME"
msgid "Network"
-msgstr ""
+msgstr "Мережа"
-#, fuzzy
-#| msgid "PIN and Passphrase Entry"
msgid "Passphrase Entry"
-msgstr "Ð’Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ñ–Ð½ÐºÐ¾Ð´Ñ–Ð² Ñ– паролів"
+msgstr "Ð’Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ"
msgid "Component not suitable for launching"
msgstr "Компонент не Ñ” придатним до запуÑку"
@@ -8565,15 +8459,13 @@ msgstr "Помилка зовнішньої перевірки компоненÑ
msgid "Note that group specifications are ignored\n"
msgstr "Зауважте, що Ñпецифікації груп буде проігноровано\n"
-#, fuzzy, c-format
-#| msgid "error closing '%s': %s\n"
+#, c-format
msgid "error closing '%s'\n"
-msgstr "помилка під Ñ‡Ð°Ñ Ñпроби закрити «%s»: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби закрити «%s»\n"
-#, fuzzy, c-format
-#| msgid "error hashing '%s': %s\n"
+#, c-format
msgid "error parsing '%s'\n"
-msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Â«%s»: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби обробити «%s»'\n"
msgid "list all components"
msgstr "показати ÑпиÑок вÑÑ–Ñ… компонентів"
@@ -8593,10 +8485,8 @@ msgstr "|COMPONENT|перевірити параметри"
msgid "apply global default values"
msgstr "заÑтоÑувати загальні типові значеннÑ"
-#, fuzzy
-#| msgid "|FILE|take policy information from FILE"
msgid "|FILE|update configuration files using FILE"
-msgstr "|FILE|взÑти дані щодо правил з вказаного файла"
+msgstr "|FILE|оновити файли налаштувань на оÑнові файла ФÐЙЛ"
msgid "get the configuration directories for @GPGCONF@"
msgstr "отримати назви каталогів налаштувань Ð´Ð»Ñ @GPGCONF@"
@@ -8607,10 +8497,8 @@ msgstr "показати загальний файл налаштувань"
msgid "check global configuration file"
msgstr "перевірити загальний файл налаштувань"
-#, fuzzy
-#| msgid "update the trust database"
msgid "query the software version database"
-msgstr "оновити базу даних довіри"
+msgstr "надіÑлати запит до бази даних верÑій програмного забезпеченнÑ"
msgid "reload all or a given component"
msgstr "перезавантажити вÑÑ– або вказаний компонент"
@@ -8791,6 +8679,16 @@ msgstr ""
"СинтакÑиÑ: gpg-check-pattern [параметри] файл_шаблонів\n"
"Перевірити пароль, вказаний у stdin, за допомогою файла_шаблонів\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||Будь лаÑка, вкажіть пінкод%%0A[підпиÑів: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr ""
+#~ "|A|Будь лаÑка, вкажіть адмініÑтративний пінкод%%0A[залишилоÑÑ Ñпроб: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA потребує викориÑÑ‚Ð°Ð½Ð½Ñ 160-бітового алгоритму хешуваннÑ\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [назва файла]"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 4566cbf..cbfbe24 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -159,6 +159,10 @@ msgstr "å–得当å‰å¯†é’¥ä¿¡æ¯æ—¶å‡ºé”™ï¼š%s\n"
msgid "no suitable card key found: %s\n"
msgstr "找ä¸åˆ°å¯å†™çš„ç§é’¥é’¥åŒ™çŽ¯ï¼š%s\n"
+#, fuzzy, c-format
+msgid "error getting list of cards: %s\n"
+msgstr "获å–æ–° PIN 时出错:%s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -1051,6 +1055,10 @@ msgstr "结尾行有问题\n"
msgid "[none]"
msgstr "[未设定]"
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "跳过无效的 64 进制字符 %02x\n"
+
#, fuzzy
msgid "argument not expected"
msgstr "ä¸å…许使用管ç†å‘˜å‘½ä»¤\n"
@@ -2487,6 +2495,9 @@ msgstr "å–得当å‰å¯†é’¥ä¿¡æ¯æ—¶å‡ºé”™ï¼š%s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "请开始键入您的报文……\n"
@@ -5749,7 +5760,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5875,7 +5886,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "读å–‘%s’时出错:%s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -6130,6 +6141,9 @@ msgstr "无法存储指纹:%s\n"
msgid "failed to store the creation date: %s\n"
msgstr "无法存储创建日期:%s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "从å¡ä¸­èŽ·å– CHV 状æ€æ—¶å‡ºé”™\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "å“åº”æœªåŒ…å« RSA 余数\n"
@@ -6148,20 +6162,33 @@ msgstr "å“应未包å«å…¬é’¥æ•°æ®\n"
msgid "reading public key failed: %s\n"
msgstr "无法读出公钥:%s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
#, c-format
-msgid "using default PIN as %s\n"
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
msgstr ""
#, c-format
-msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgid "%sNumber: %s%%0AHolder: %s%s"
msgstr ""
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+msgid "Remaining attempts: %d"
+msgstr ""
+
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
#, fuzzy
-msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
#, c-format
@@ -6172,9 +6199,6 @@ msgstr "CHV%d çš„ PIN 太短;最å°é•¿åº¦ä¸º %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "éªŒè¯ CHV%d 失败:%s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "从å¡ä¸­èŽ·å– CHV 状æ€æ—¶å‡ºé”™\n"
-
msgid "card is permanently locked!\n"
msgstr "å¡è¢«æ°¸ä¹…é”定ï¼\n"
@@ -6187,11 +6211,7 @@ msgstr[0] "å°è¯•ç®¡ç†å‘˜ PIN %d 次åŽï¼Œå¡å°†è¢«æ°¸ä¹…é”定ï¼\n"
msgstr[1] "å°è¯•ç®¡ç†å‘˜ PIN %d 次åŽï¼Œå¡å°†è¢«æ°¸ä¹…é”定ï¼\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, fuzzy, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
#, fuzzy
msgid "|A|Please enter the Admin PIN"
msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
@@ -6200,6 +6220,10 @@ msgid "access to admin commands is not configured\n"
msgstr "尚未é…置管ç†å‘˜å‘½ä»¤çš„æƒé™\n"
#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#, fuzzy
msgid "||Please enter the Reset Code for the card"
msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
@@ -6363,10 +6387,6 @@ msgstr ""
msgid "handler for fd %d terminated\n"
msgstr ""
-#, fuzzy, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "跳过无效的 64 进制字符 %02x\n"
-
#, fuzzy
msgid "no dirmngr running in this session\n"
msgstr "gpg-agent 在此次èˆè¯ä¸­æ— æ³•ä½¿ç”¨\n"
@@ -7172,6 +7192,10 @@ msgstr "è¯ä¹¦å·²æŸå"
msgid " runtime cached certificates: %u\n"
msgstr "生æˆå¯†ç çš„时候å‘生错误:%s\n"
+#, fuzzy, c-format
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr "生æˆå¯†ç çš„时候å‘生错误:%s\n"
+
#, fuzzy
msgid "certificate already cached\n"
msgstr "已建立åŠé”€è¯ä¹¦ã€‚\n"
@@ -8358,9 +8382,6 @@ msgstr "检查已建立的签åæ—¶å‘生错误: %s\n"
msgid "certificate chain is good\n"
msgstr "首选项‘%s’é‡å¤\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA è¦æ±‚使用 160 ä½çš„散列算法\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr ""
@@ -8797,6 +8818,16 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#, fuzzy
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA è¦æ±‚使用 160 ä½çš„散列算法\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [文件å]"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index a3df85e..df869c9 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -158,6 +158,11 @@ msgstr "å¡ç‰‡ä¸Šæ²’有 ssh 用的èªè­‰é‡‘é‘°: %s\n"
msgid "no suitable card key found: %s\n"
msgstr "找ä¸åˆ°åˆé©çš„å¡ç‰‡é‡‘é‘°: %s\n"
+#, fuzzy, c-format
+#| msgid "error getting stored flags: %s\n"
+msgid "error getting list of cards: %s\n"
+msgstr "å–得已存放的旗標時出錯: %s\n"
+
#, c-format
msgid ""
"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
@@ -985,6 +990,10 @@ msgstr "忽略垃圾列"
msgid "[none]"
msgstr "[ ç„¡ ]"
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "已跳éŽç„¡æ•ˆçš„ radix64 字符 %02x\n"
+
msgid "argument not expected"
msgstr "沒料到有引數"
@@ -2347,6 +2356,9 @@ msgstr "載入憑證 '%s' 時出錯: %s\n"
msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n"
msgstr ""
+msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
+msgstr ""
+
msgid "Go ahead and type your message ...\n"
msgstr "è«‹é–‹å§‹è¼¸å…¥ä½ çš„è¨Šæ¯ ...\n"
@@ -5539,7 +5551,7 @@ msgstr ""
msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
msgstr ""
-msgid "Defaulting to unknown."
+msgid "Defaulting to unknown.\n"
msgstr ""
msgid "TOFU db corruption detected.\n"
@@ -5661,7 +5673,7 @@ msgid "error opening TOFU database: %s\n"
msgstr "é€å‡ºè³‡æ–™æ™‚出錯: %s\n"
#, c-format
-msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
msgstr ""
#, fuzzy, c-format
@@ -5912,6 +5924,9 @@ msgstr "存放指紋失敗: %s\n"
msgid "failed to store the creation date: %s\n"
msgstr "存放創生日期失敗: %s\n"
+msgid "error retrieving CHV status from card\n"
+msgstr "從å¡ç‰‡å–回 CHV 狀態時出錯\n"
+
msgid "response does not contain the RSA modulus\n"
msgstr "å›žæ‡‰ä¸­æœªåŒ…å« RSA 系數\n"
@@ -5930,6 +5945,23 @@ msgstr "回應中未包å«å…¬é‘°è³‡æ–™\n"
msgid "reading public key failed: %s\n"
msgstr "讀å–公鑰時失敗: %s\n"
+#. TRANSLATORS: Put a \x1f right before a colon. This can be
+#. * used by pinentry to nicely align the names and values. Keep
+#. * the %s at the start and end of the string.
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
+msgstr ""
+
+#, c-format
+msgid "%sNumber: %s%%0AHolder: %s%s"
+msgstr ""
+
+#. TRANSLATORS: This is the number of remaining attempts to
+#. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed.
+#, c-format
+msgid "Remaining attempts: %d"
+msgstr ""
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "以 %s åšç‚ºé è¨­ PIN\n"
@@ -5938,11 +5970,9 @@ msgstr "以 %s åšç‚ºé è¨­ PIN\n"
msgid "failed to use default PIN as %s: %s - disabling further default use\n"
msgstr "使用 %s åšç‚ºé è¨­å€‹äººè­˜åˆ¥ç¢¼ (PIN) 失敗: %s - 正在åœç”¨ä¹‹å¾Œçš„é è¨­ä½¿ç”¨\n"
-#, c-format
-msgid "||Please enter the PIN%%0A[sigs done: %lu]"
-msgstr "||請輸入 PIN%%0A[簽署完æˆ: %lu]"
-
-msgid "||Please enter the PIN"
+#, fuzzy
+#| msgid "||Please enter the PIN"
+msgid "||Please unlock the card"
msgstr "||請輸入個人識別碼 (PIN)"
#, c-format
@@ -5953,9 +5983,6 @@ msgstr "用於 CHV%d 的個人識別碼 (PIN) 太短; 長度最少è¦æœ‰ %d\n"
msgid "verify CHV%d failed: %s\n"
msgstr "驗證 CHV%d 失敗: %s\n"
-msgid "error retrieving CHV status from card\n"
-msgstr "從å¡ç‰‡å–回 CHV 狀態時出錯\n"
-
msgid "card is permanently locked!\n"
msgstr "å¡ç‰‡æ°¸ä¹…鎖定了!!\n"
@@ -5967,17 +5994,16 @@ msgid_plural ""
msgstr[0] "%d 管ç†è€…個人識別碼 (PIN) 試圖在å¡ç‰‡æ°¸ä¹…鎖定å‰éºç•™ä¸‹ä¾†\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
-#. the start of the string. Use %%0A to force a linefeed.
-#, c-format
-msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
-msgstr "|A|請在上輸入管ç†è€… PIN%%0A[剩餘嘗試次數: %d]"
-
+#. the start of the string. Use %0A (single percent) for a linefeed.
msgid "|A|Please enter the Admin PIN"
msgstr "|A|請輸入管ç†è€… PIN"
msgid "access to admin commands is not configured\n"
msgstr "管ç†è€…指令存å–權é™å°šæœªçµ„æ…‹\n"
+msgid "||Please enter the PIN"
+msgstr "||請輸入個人識別碼 (PIN)"
+
msgid "||Please enter the Reset Code for the card"
msgstr "||請輸入å¡ç‰‡çš„é‡è¨­ç¢¼"
@@ -6134,10 +6160,6 @@ msgstr "用於 fd %d 的經手程å¼å·²å•Ÿå‹•\n"
msgid "handler for fd %d terminated\n"
msgstr "用於 fd %d 的經手程å¼å·²çµ‚æ­¢\n"
-#, c-format
-msgid "invalid radix64 character %02x skipped\n"
-msgstr "已跳éŽç„¡æ•ˆçš„ radix64 字符 %02x\n"
-
#, fuzzy
#| msgid "no gpg-agent running in this session\n"
msgid "no dirmngr running in this session\n"
@@ -6896,6 +6918,11 @@ msgstr "固定載入的憑證: %u\n"
msgid " runtime cached certificates: %u\n"
msgstr " 執行時期快å–的憑證: %u\n"
+#, fuzzy, c-format
+#| msgid " runtime cached certificates: %u\n"
+msgid " trusted certificates: %u (%u,%u,%u,%u)\n"
+msgstr " 執行時期快å–的憑證: %u\n"
+
msgid "certificate already cached\n"
msgstr "憑證早已快å–\n"
@@ -7995,9 +8022,6 @@ msgstr "檢查根憑證å¯ä¿¡åº¦æ™‚失敗: %s\n"
msgid "certificate chain is good\n"
msgstr "憑證éˆå®Œå¥½\n"
-msgid "DSA requires the use of a 160 bit hash algorithm\n"
-msgstr "DSA è¦æ±‚使用 160 ä½å…ƒçš„雜湊演算法\n"
-
msgid "certificate should not have been used for CRL signing\n"
msgstr "憑證應該還未被用於 CRL 簽署\n"
@@ -8435,6 +8459,15 @@ msgstr ""
"語法: gpg-check-pattern [é¸é …] 樣å¼æª”案\n"
"用樣å¼æª”案來檢查由標準輸入給定的密語\n"
+#~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+#~ msgstr "||請輸入 PIN%%0A[簽署完æˆ: %lu]"
+
+#~ msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+#~ msgstr "|A|請在上輸入管ç†è€… PIN%%0A[剩餘嘗試次數: %d]"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA è¦æ±‚使用 160 ä½å…ƒçš„雜湊演算法\n"
+
#~ msgid "--store [filename]"
#~ msgstr "--store [檔å]"
diff --git a/scd/apdu.c b/scd/apdu.c
index 38ebd2b..9df1572 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -109,7 +109,7 @@ struct reader_table_s {
int (*disconnect_card)(int);
int (*close_reader)(int);
int (*reset_reader)(int);
- int (*get_status_reader)(int, unsigned int *);
+ int (*get_status_reader)(int, unsigned int *, int);
int (*send_apdu_reader)(int,unsigned char *,size_t,
unsigned char *, size_t *, pininfo_t *);
int (*check_pinpad)(int, int, pininfo_t *);
@@ -141,11 +141,12 @@ struct reader_table_s {
} rapdu;
#endif /*USE_G10CODE_RAPDU*/
char *rdrname; /* Name of the connected reader or NULL if unknown. */
- int is_t0; /* True if we know that we are running T=0. */
- int is_spr532; /* True if we know that the reader is a SPR532. */
- int pinpad_varlen_supported; /* True if we know that the reader
- supports variable length pinpad
- input. */
+ unsigned int is_t0:1; /* True if we know that we are running T=0. */
+ unsigned int is_spr532:1; /* True if we know that the reader is a SPR532. */
+ unsigned int pinpad_varlen_supported:1; /* True if we know that the reader
+ supports variable length pinpad
+ input. */
+ unsigned int require_get_status:1;
unsigned char atr[33];
size_t atrlen; /* A zero length indicates that the ATR has
not yet been read; i.e. the card is not
@@ -364,10 +365,10 @@ long (* DLSTDCALL pcsc_control) (long card,
/* Prototypes. */
static int pcsc_vendor_specific_init (int slot);
-static int pcsc_get_status (int slot, unsigned int *status);
+static int pcsc_get_status (int slot, unsigned int *status, int on_wire);
static int reset_pcsc_reader (int slot);
-static int apdu_get_status_internal (int slot, int hang, int no_atr_reset,
- unsigned int *status);
+static int apdu_get_status_internal (int slot, int hang, unsigned int *status,
+ int on_wire);
static int check_pcsc_pinpad (int slot, int command, pininfo_t *pininfo);
static int pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1,
pininfo_t *pininfo);
@@ -470,6 +471,7 @@ new_reader_slot (void)
reader_table[reader].is_t0 = 1;
reader_table[reader].is_spr532 = 0;
reader_table[reader].pinpad_varlen_supported = 0;
+ reader_table[reader].require_get_status = 1;
#ifdef NEED_PCSC_WRAPPER
reader_table[reader].pcsc.req_fd = -1;
reader_table[reader].pcsc.rsp_fd = -1;
@@ -663,9 +665,10 @@ reset_ct_reader (int slot)
static int
-ct_get_status (int slot, unsigned int *status)
+ct_get_status (int slot, unsigned int *status, int on_wire)
{
(void)slot;
+ (void)on_wire;
/* The status we returned is wrong but we don't care because ctAPI
is not anymore required. */
*status = APDU_CARD_USABLE|APDU_CARD_PRESENT|APDU_CARD_ACTIVE;
@@ -927,11 +930,12 @@ dump_pcsc_reader_status (int slot)
#ifndef NEED_PCSC_WRAPPER
static int
-pcsc_get_status_direct (int slot, unsigned int *status)
+pcsc_get_status_direct (int slot, unsigned int *status, int on_wire)
{
long err;
struct pcsc_readerstate_s rdrstates[1];
+ (void)on_wire;
memset (rdrstates, 0, sizeof *rdrstates);
rdrstates[0].reader = reader_table[slot].rdrname;
rdrstates[0].current_state = PCSC_STATE_UNAWARE;
@@ -990,7 +994,7 @@ pcsc_get_status_direct (int slot, unsigned int *status)
#ifdef NEED_PCSC_WRAPPER
static int
-pcsc_get_status_wrapped (int slot, unsigned int *status)
+pcsc_get_status_wrapped (int slot, unsigned int *status, int on_wire)
{
long err;
reader_table_t slotp;
@@ -1000,6 +1004,7 @@ pcsc_get_status_wrapped (int slot, unsigned int *status)
unsigned char buffer[16];
int sw = SW_HOST_CARD_IO_ERROR;
+ (void)on_wire;
slotp = reader_table + slot;
if (slotp->pcsc.req_fd == -1
@@ -1099,12 +1104,12 @@ pcsc_get_status_wrapped (int slot, unsigned int *status)
static int
-pcsc_get_status (int slot, unsigned int *status)
+pcsc_get_status (int slot, unsigned int *status, int on_wire)
{
#ifdef NEED_PCSC_WRAPPER
- return pcsc_get_status_wrapped (slot, status);
+ return pcsc_get_status_wrapped (slot, status, on_wire);
#else
- return pcsc_get_status_direct (slot, status);
+ return pcsc_get_status_direct (slot, status, on_wire);
#endif
}
@@ -1703,7 +1708,7 @@ reset_pcsc_reader_wrapped (int slot)
slotp->atrlen = len;
/* Read the status so that IS_T0 will be set. */
- pcsc_get_status (slot, &dummy_status);
+ pcsc_get_status (slot, &dummy_status, 1);
return 0;
@@ -2012,7 +2017,7 @@ open_pcsc_reader_wrapped (const char *portstr)
unsigned int dummy_status;
/* Note that we use the constant and not the function because this
- code won't be be used under Windows. */
+ code won't be used under Windows. */
const char *wrapperpgm = GNUPG_LIBEXECDIR "/gnupg-pcsc-wrapper";
if (access (wrapperpgm, X_OK))
@@ -2182,7 +2187,7 @@ open_pcsc_reader_wrapped (const char *portstr)
pcsc_vendor_specific_init (slot);
/* Read the status so that IS_T0 will be set. */
- pcsc_get_status (slot, &dummy_status);
+ pcsc_get_status (slot, &dummy_status, 1);
dump_reader_status (slot);
unlock_slot (slot);
@@ -2469,12 +2474,12 @@ set_progress_cb_ccid_reader (int slot, gcry_handler_progress_t cb, void *cb_arg)
static int
-get_status_ccid (int slot, unsigned int *status)
+get_status_ccid (int slot, unsigned int *status, int on_wire)
{
int rc;
int bits;
- rc = ccid_slot_status (reader_table[slot].ccid.handle, &bits);
+ rc = ccid_slot_status (reader_table[slot].ccid.handle, &bits, on_wire);
if (rc)
return rc;
@@ -2572,6 +2577,7 @@ open_ccid_reader (struct dev_list *dl)
{
int err;
int slot;
+ int require_get_status;
reader_table_t slotp;
slot = new_reader_slot ();
@@ -2596,6 +2602,8 @@ open_ccid_reader (struct dev_list *dl)
err = 0;
}
+ require_get_status = ccid_require_get_status (slotp->ccid.handle);
+
reader_table[slot].close_reader = close_ccid_reader;
reader_table[slot].reset_reader = reset_ccid_reader;
reader_table[slot].get_status_reader = get_status_ccid;
@@ -2608,6 +2616,7 @@ open_ccid_reader (struct dev_list *dl)
/* Our CCID reader code does not support T=0 at all, thus reset the
flag. */
reader_table[slot].is_t0 = 0;
+ reader_table[slot].require_get_status = require_get_status;
dump_reader_status (slot);
unlock_slot (slot);
@@ -2712,13 +2721,14 @@ reset_rapdu_reader (int slot)
static int
-my_rapdu_get_status (int slot, unsigned int *status)
+my_rapdu_get_status (int slot, unsigned int *status, int on_wire)
{
int err;
reader_table_t slotp;
rapdu_msg_t msg = NULL;
int oldslot;
+ (void)on_wire;
slotp = reader_table + slot;
oldslot = rapdu_set_reader (slotp->rapdu.handle, slot);
@@ -3117,7 +3127,7 @@ apdu_open_one_reader (const char *portstr)
}
int
-apdu_open_reader (struct dev_list *dl)
+apdu_open_reader (struct dev_list *dl, int app_empty)
{
int slot;
@@ -3167,6 +3177,7 @@ apdu_open_reader (struct dev_list *dl)
/* Check identity by BAI against already opened HANDLEs. */
for (slot = 0; slot < MAX_READER; slot++)
if (reader_table[slot].used
+ && reader_table[slot].ccid.handle
&& ccid_compare_BAI (reader_table[slot].ccid.handle, bai))
break;
@@ -3191,12 +3202,19 @@ apdu_open_reader (struct dev_list *dl)
dl->idx++;
}
- slot = -1;
+ /* Not found. Try one for PC/SC, only when it's the initial scan. */
+ if (app_empty && dl->idx == dl->idx_max)
+ {
+ dl->idx++;
+ slot = apdu_open_one_reader (dl->portstr);
+ }
+ else
+ slot = -1;
}
else
#endif
{ /* PC/SC readers. */
- if (dl->idx == 0)
+ if (app_empty && dl->idx == 0)
{
dl->idx++;
slot = apdu_open_one_reader (dl->portstr);
@@ -3340,8 +3358,11 @@ apdu_enum_reader (int slot, int *used)
/* Connect a card. This is used to power up the card and make sure
that an ATR is available. Depending on the reader backend it may
- return an error for an inactive card or if no card is
- available. */
+ return an error for an inactive card or if no card is available.
+ Return -1 on error. Return 1 if reader requires get_status to
+ watch card removal. Return 0 if it's a token (always with a card),
+ or it supports INTERRUPT endpoint to watch card removal.
+ */
int
apdu_connect (int slot)
{
@@ -3355,7 +3376,7 @@ apdu_connect (int slot)
{
if (DBG_READER)
log_debug ("leave: apdu_connect => SW_HOST_NO_DRIVER\n");
- return SW_HOST_NO_DRIVER;
+ return -1;
}
/* Only if the access method provides a connect function we use it.
@@ -3377,7 +3398,7 @@ apdu_connect (int slot)
Without that we would force a reset of the card with the next
call to apdu_get_status. */
if (!sw)
- sw = apdu_get_status_internal (slot, 1, 1, &status);
+ sw = apdu_get_status_internal (slot, 1, &status, 1);
if (sw)
;
@@ -3386,10 +3407,19 @@ apdu_connect (int slot)
else if ((status & APDU_CARD_PRESENT) && !(status & APDU_CARD_ACTIVE))
sw = SW_HOST_CARD_INACTIVE;
+ if (sw == SW_HOST_CARD_INACTIVE)
+ {
+ /* Try power it up again. */
+ sw = apdu_reset (slot);
+ }
+
if (DBG_READER)
log_debug ("leave: apdu_connect => sw=0x%x\n", sw);
- return sw;
+ if (sw)
+ return -1;
+
+ return reader_table[slot].require_get_status;
}
@@ -3533,11 +3563,10 @@ apdu_get_atr (int slot, size_t *atrlen)
APDU_CARD_ACTIVE (bit 2) = card active
(bit 3) = card access locked [not yet implemented]
- For must applications, testing bit 0 is sufficient.
+ For most applications, testing bit 0 is sufficient.
*/
static int
-apdu_get_status_internal (int slot, int hang, int no_atr_reset,
- unsigned int *status)
+apdu_get_status_internal (int slot, int hang, unsigned int *status, int on_wire)
{
int sw;
unsigned int s;
@@ -3549,13 +3578,13 @@ apdu_get_status_internal (int slot, int hang, int no_atr_reset,
return sw;
if (reader_table[slot].get_status_reader)
- sw = reader_table[slot].get_status_reader (slot, &s);
+ sw = reader_table[slot].get_status_reader (slot, &s, on_wire);
unlock_slot (slot);
if (sw)
{
- if (!no_atr_reset)
+ if (on_wire)
reader_table[slot].atrlen = 0;
s = 0;
}
@@ -3574,7 +3603,7 @@ apdu_get_status (int slot, int hang, unsigned int *status)
if (DBG_READER)
log_debug ("enter: apdu_get_status: slot=%d hang=%d\n", slot, hang);
- sw = apdu_get_status_internal (slot, hang, 0, status);
+ sw = apdu_get_status_internal (slot, hang, status, 0);
if (DBG_READER)
{
if (status)
diff --git a/scd/apdu.h b/scd/apdu.h
index 473def5..6751e8c 100644
--- a/scd/apdu.h
+++ b/scd/apdu.h
@@ -91,7 +91,7 @@ gpg_error_t apdu_dev_list_start (const char *portstr, struct dev_list **l_p);
void apdu_dev_list_finish (struct dev_list *l);
/* Note, that apdu_open_reader returns no status word but -1 on error. */
-int apdu_open_reader (struct dev_list *l);
+int apdu_open_reader (struct dev_list *l, int app_empty);
int apdu_open_remote_reader (const char *portstr,
const unsigned char *cookie, size_t length,
int (*readfnc) (void *opaque,
diff --git a/scd/app-common.h b/scd/app-common.h
index b979f54..38e6cc6 100644
--- a/scd/app-common.h
+++ b/scd/app-common.h
@@ -54,7 +54,8 @@ struct app_ctx_s {
const char *apptype;
unsigned int card_version;
unsigned int card_status;
- unsigned int require_get_status:1;
+ unsigned int reset_requested:1;
+ unsigned int periodical_check_needed:1;
unsigned int did_chv1:1;
unsigned int force_chv1:1; /* True if the card does not cache CHV1. */
unsigned int did_chv2:1;
@@ -121,8 +122,6 @@ size_t app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff);
/*-- app.c --*/
-app_t app_list_start (void);
-void app_list_finish (void);
void app_send_card_list (ctrl_t ctrl);
char *app_get_serialno (app_t app);
@@ -134,7 +133,7 @@ gpg_error_t select_application (ctrl_t ctrl, const char *name, app_t *r_app,
int scan, const unsigned char *serialno_bin,
size_t serialno_bin_len);
char *get_supported_applications (void);
-void release_application (app_t app);
+void release_application (app_t app, int locked_already);
gpg_error_t app_munge_serialno (app_t app);
gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl,
unsigned int flags);
diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c
index 3f99e2e..99e4f00 100644
--- a/scd/app-dinsig.c
+++ b/scd/app-dinsig.c
@@ -416,7 +416,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
return gpg_error (GPG_ERR_INV_VALUE);
/* Check that the provided ID is vaid. This is not really needed
- but we do it to to enforce correct usage by the caller. */
+ but we do it to enforce correct usage by the caller. */
if (strncmp (keyidstr, "DINSIG.", 7) )
return gpg_error (GPG_ERR_INV_ID);
keyidstr += 7;
diff --git a/scd/app-geldkarte.c b/scd/app-geldkarte.c
index e3c7dcc..c277171 100644
--- a/scd/app-geldkarte.c
+++ b/scd/app-geldkarte.c
@@ -288,7 +288,7 @@ app_select_geldkarte (app_t app)
goto leave;
/* Read the first record of EF_ID (SFI=0x17). We require this
- record to be at least 24 bytes with the the first byte 0x67 and a
+ record to be at least 24 bytes with the first byte 0x67 and a
correct filler byte. */
err = iso7816_read_record (slot, 1, 1, ((0x17 << 3)|4), &result, &resultlen);
if (err)
diff --git a/scd/app-nks.c b/scd/app-nks.c
index a6487c4..4442a10 100644
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@@ -1004,7 +1004,7 @@ do_decipher (app_t app, const char *keyidstr,
return gpg_error (GPG_ERR_INV_VALUE);
/* Check that the provided ID is valid. This is not really needed
- but we do it to to enforce correct usage by the caller. */
+ but we do it to enforce correct usage by the caller. */
if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
;
else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 71c9e1b..5e75d4b 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -619,7 +619,7 @@ count_bits (const unsigned char *a, size_t len)
The lsb is here the rightmost bit. Defined flags bits are:
Bit 0 = CHV1 and CHV2 are not syncronized
- Bit 1 = CHV2 has been been set to the default PIN of "123456"
+ Bit 1 = CHV2 has been set to the default PIN of "123456"
(this implies that bit 0 is also set).
P=<pinpad-request>
@@ -1082,6 +1082,104 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
return rc;
}
+
+/* Return the DISP-NAME without any padding characters. Caller must
+ * free the result. If not found or empty NULL is returned. */
+static char *
+get_disp_name (app_t app)
+{
+ int rc;
+ void *relptr;
+ unsigned char *value;
+ size_t valuelen;
+ char *string;
+ char *p, *given;
+ char *result;
+
+ relptr = get_one_do (app, 0x005B, &value, &valuelen, &rc);
+ if (!relptr)
+ return NULL;
+
+ string = xtrymalloc (valuelen + 1);
+ if (!string)
+ {
+ xfree (relptr);
+ return NULL;
+ }
+ memcpy (string, value, valuelen);
+ string[valuelen] = 0;
+ xfree (relptr);
+
+ /* Swap surname and given name. */
+ given = strstr (string, "<<");
+ for (p = string; *p; p++)
+ if (*p == '<')
+ *p = ' ';
+
+ if (given && given[2])
+ {
+ *given = 0;
+ given += 2;
+ result = strconcat (given, " ", string, NULL);
+ }
+ else
+ {
+ result = string;
+ string = NULL;
+ }
+
+ xfree (string);
+ return result;
+}
+
+
+/* Return the pretty formatted serialnumber. On error NULL is
+ * returned. */
+static char *
+get_disp_serialno (app_t app)
+{
+ char *serial = app_get_serialno (app);
+
+ /* For our OpenPGP cards we do not want to show the entire serial
+ * number but a nicely reformatted actual serial number. */
+ if (serial && strlen (serial) > 16+12)
+ {
+ memmove (serial, serial+16, 4);
+ serial[4] = ' ';
+ /* memmove (serial+5, serial+20, 4); */
+ /* serial[9] = ' '; */
+ /* memmove (serial+10, serial+24, 4); */
+ /* serial[14] = 0; */
+ memmove (serial+5, serial+20, 8);
+ serial[13] = 0;
+ }
+ return serial;
+}
+
+
+/* Return the number of remaining tries for the standard or the admin
+ * pw. Returns -1 on card error. */
+static int
+get_remaining_tries (app_t app, int adminpw)
+{
+ void *relptr;
+ unsigned char *value;
+ size_t valuelen;
+ int remaining;
+
+ relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
+ if (!relptr || valuelen < 7)
+ {
+ log_error (_("error retrieving CHV status from card\n"));
+ xfree (relptr);
+ return -1;
+ }
+ remaining = value[adminpw? 6 : 4];
+ xfree (relptr);
+ return remaining;
+}
+
+
/* Retrieve the fingerprint from the card inserted in SLOT and write
the according hex representation to FPR. Caller must have provide
a buffer at FPR of least 41 bytes. Returns 0 on success or an
@@ -1874,7 +1972,74 @@ check_pinpad_request (app_t app, pininfo_t *pininfo, int admin_pin)
}
-/* Verify a CHV either using using the pinentry or if possible by
+/* Return a string with information about the card for use in a
+ * prompt. Returns NULL on memory failure. */
+static char *
+get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining)
+{
+ char *serial, *disp_name, *rembuf, *tmpbuf, *result;
+
+ serial = get_disp_serialno (app);
+ if (!serial)
+ return NULL;
+
+ disp_name = get_disp_name (app);
+ if (chvno == 1)
+ {
+ /* TRANSLATORS: Put a \x1f right before a colon. This can be
+ * used by pinentry to nicely align the names and values. Keep
+ * the %s at the start and end of the string. */
+ result = xtryasprintf (_("%s"
+ "Number\x1f: %s%%0A"
+ "Holder\x1f: %s%%0A"
+ "Counter\x1f: %lu"
+ "%s"),
+ "\x1e",
+ serial,
+ disp_name? disp_name:"",
+ sigcount,
+ "");
+ }
+ else
+ {
+ result = xtryasprintf (_("%s"
+ "Number\x1f: %s%%0A"
+ "Holder\x1f: %s"
+ "%s"),
+ "\x1e",
+ serial,
+ disp_name? disp_name:"",
+ "");
+ }
+ xfree (disp_name);
+ xfree (serial);
+
+ if (remaining != -1)
+ {
+ /* TRANSLATORS: This is the number of remaining attempts to
+ * enter a PIN. Use %%0A (double-percent,0A) for a linefeed. */
+ rembuf = xtryasprintf (_("Remaining attempts: %d"), remaining);
+ if (!rembuf)
+ {
+ xfree (result);
+ return NULL;
+ }
+ tmpbuf = strconcat (result, "%0A%0A", rembuf, NULL);
+ xfree (rembuf);
+ if (!tmpbuf)
+ {
+ xfree (result);
+ return NULL;
+ }
+ xfree (result);
+ result = tmpbuf;
+ }
+
+ return result;
+}
+
+
+/* Verify a CHV either using the pinentry or if possible by
using a pinpad. PINCB and PINCB_ARG describe the usual callback
for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only
used with CHV1. PINVALUE is the address of a pointer which will
@@ -1895,11 +2060,16 @@ verify_a_chv (app_t app,
const char *prompt;
pininfo_t pininfo;
int minlen = 6;
+ int remaining;
- assert (chvno == 1 || chvno == 2);
+ log_assert (chvno == 1 || chvno == 2);
*pinvalue = NULL;
+ remaining = get_remaining_tries (app, 0);
+ if (remaining == -1)
+ return gpg_error (GPG_ERR_CARD);
+
if (chvno == 2 && app->app_local->flags.def_chv2)
{
/* Special case for def_chv2 mechanism. */
@@ -1923,22 +2093,19 @@ verify_a_chv (app_t app,
pininfo.fixedlen = -1;
pininfo.minlen = minlen;
+ {
+ const char *firstline = _("||Please unlock the card");
+ char *infoblock = get_prompt_info (app, chvno, sigcount,
+ remaining < 3? remaining : -1);
- if (chvno == 1)
- {
-#define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")
- size_t promptsize = strlen (PROMPTSTRING) + 50;
-
- prompt_buffer = xtrymalloc (promptsize);
- if (!prompt_buffer)
- return gpg_error_from_syserror ();
- snprintf (prompt_buffer, promptsize, PROMPTSTRING, sigcount);
+ prompt_buffer = strconcat (firstline, "%0A%0A", infoblock, NULL);
+ if (prompt_buffer)
prompt = prompt_buffer;
-#undef PROMPTSTRING
- }
- else
- prompt = _("||Please enter the PIN");
+ else
+ prompt = firstline; /* ENOMEM fallback. */
+ xfree (infoblock);
+ }
if (!opt.disable_pinpad
&& !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo)
@@ -1961,7 +2128,7 @@ verify_a_chv (app_t app,
/* Dismiss the prompt. */
pincb (pincb_arg, NULL, NULL);
- assert (!*pinvalue);
+ log_assert (!*pinvalue);
}
else
{
@@ -2049,29 +2216,20 @@ verify_chv2 (app_t app,
static gpg_error_t
build_enter_admin_pin_prompt (app_t app, char **r_prompt)
{
- void *relptr;
- unsigned char *value;
- size_t valuelen;
int remaining;
char *prompt;
+ char *infoblock;
*r_prompt = NULL;
- relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
- if (!relptr || valuelen < 7)
- {
- log_error (_("error retrieving CHV status from card\n"));
- xfree (relptr);
- return gpg_error (GPG_ERR_CARD);
- }
- if (value[6] == 0)
+ remaining = get_remaining_tries (app, 1);
+ if (remaining == -1)
+ return gpg_error (GPG_ERR_CARD);
+ if (!remaining)
{
log_info (_("card is permanently locked!\n"));
- xfree (relptr);
return gpg_error (GPG_ERR_BAD_PIN);
}
- remaining = value[6];
- xfree (relptr);
log_info (ngettext("%d Admin PIN attempt remaining before card"
" is permanently locked\n",
@@ -2079,16 +2237,13 @@ build_enter_admin_pin_prompt (app_t app, char **r_prompt)
" is permanently locked\n",
remaining), remaining);
- if (remaining < 3)
- {
- /* TRANSLATORS: Do not translate the "|A|" prefix but keep it at
- the start of the string. Use %%0A to force a linefeed. */
- prompt = xtryasprintf (_("|A|Please enter the Admin PIN%%0A"
- "[remaining attempts: %d]"), remaining);
- }
- else
- prompt = xtrystrdup (_("|A|Please enter the Admin PIN"));
+ infoblock = get_prompt_info (app, 3, 0, remaining < 3? remaining : -1);
+ /* TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+ the start of the string. Use %0A (single percent) for a linefeed. */
+ prompt = strconcat (_("|A|Please enter the Admin PIN"),
+ "%0A%0A", infoblock, NULL);
+ xfree (infoblock);
if (!prompt)
return gpg_error_from_syserror ();
diff --git a/scd/app.c b/scd/app.c
index b10a452..1d81631 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -136,45 +136,38 @@ check_application_conflict (const char *name, app_t app)
}
-static void
-release_application_internal (app_t app)
-{
- if (!app->ref_count)
- log_bug ("trying to release an already released context\n");
-
- --app->ref_count;
-}
-
gpg_error_t
app_reset (app_t app, ctrl_t ctrl, int send_reset)
{
- gpg_error_t err;
-
- err = lock_app (app, ctrl);
- if (err)
- return err;
+ gpg_error_t err = 0;
if (send_reset)
{
- int sw = apdu_reset (app->slot);
+ int sw;
+
+ lock_app (app, ctrl);
+ sw = apdu_reset (app->slot);
if (sw)
err = gpg_error (GPG_ERR_CARD_RESET);
- /* Release the same application which is used by other sessions. */
- send_client_notifications (app, 1);
+ app->reset_requested = 1;
+ unlock_app (app);
+
+ scd_kick_the_loop ();
+ gnupg_sleep (1);
}
else
{
ctrl->app_ctx = NULL;
- release_application_internal (app);
+ release_application (app, 0);
}
- unlock_app (app);
return err;
}
static gpg_error_t
-app_new_register (int slot, ctrl_t ctrl, const char *name)
+app_new_register (int slot, ctrl_t ctrl, const char *name,
+ int periodical_check_needed)
{
gpg_error_t err = 0;
app_t app = NULL;
@@ -192,6 +185,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name)
}
app->slot = slot;
+ app->card_status = (unsigned int)-1;
if (npth_mutex_init (&app->lock, NULL))
{
@@ -302,7 +296,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name)
return err;
}
- app->require_get_status = 1; /* For token, this can be 0. */
+ app->periodical_check_needed = periodical_check_needed;
npth_mutex_lock (&app_list_lock);
app->next = app_top;
@@ -329,7 +323,9 @@ select_application (ctrl_t ctrl, const char *name, app_t *r_app,
if (scan || !app_top)
{
struct dev_list *l;
+ int periodical_check_needed = 0;
+ /* Scan the devices to find new device(s). */
err = apdu_dev_list_start (opt.reader_port, &l);
if (err)
return err;
@@ -337,38 +333,36 @@ select_application (ctrl_t ctrl, const char *name, app_t *r_app,
while (1)
{
int slot;
- int sw;
+ int periodical_check_needed_this;
- slot = apdu_open_reader (l);
+ slot = apdu_open_reader (l, !app_top);
if (slot < 0)
break;
- err = 0;
- sw = apdu_connect (slot);
-
- if (sw == SW_HOST_CARD_INACTIVE)
+ periodical_check_needed_this = apdu_connect (slot);
+ if (periodical_check_needed_this < 0)
{
- /* Try again. */
- sw = apdu_reset (slot);
+ /* We close a reader with no card. */
+ err = gpg_error (GPG_ERR_ENODEV);
}
-
- if (!sw || sw == SW_HOST_ALREADY_CONNECTED)
- err = 0;
- else if (sw == SW_HOST_NO_CARD)
- err = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
- else
- err = gpg_error (GPG_ERR_ENODEV);
-
- if (!err)
- err = app_new_register (slot, ctrl, name);
else
{
- /* We close a reader with no card. */
- apdu_close_reader (slot);
+ err = app_new_register (slot, ctrl, name,
+ periodical_check_needed_this);
+ if (periodical_check_needed_this)
+ periodical_check_needed = 1;
}
+
+ if (err)
+ apdu_close_reader (slot);
}
apdu_dev_list_finish (l);
+
+ /* If periodical check is needed for new device(s), kick the
+ scdaemon loop. */
+ if (periodical_check_needed)
+ scd_kick_the_loop ();
}
npth_mutex_lock (&app_list_lock);
@@ -464,6 +458,8 @@ deallocate_app (app_t app)
}
xfree (app->serialno);
+
+ unlock_app (app);
xfree (app);
}
@@ -473,7 +469,7 @@ deallocate_app (app_t app)
actually deferring the deallocation to allow for a later reuse by
a new connection. */
void
-release_application (app_t app)
+release_application (app_t app, int locked_already)
{
if (!app)
return;
@@ -483,9 +479,15 @@ release_application (app_t app)
is using the card - this way the PIN cache and other cached data
are preserved. */
- lock_app (app, NULL);
- release_application_internal (app);
- unlock_app (app);
+ if (!locked_already)
+ lock_app (app, NULL);
+
+ if (!app->ref_count)
+ log_bug ("trying to release an already released context\n");
+
+ --app->ref_count;
+ if (!locked_already)
+ unlock_app (app);
}
@@ -1014,21 +1016,26 @@ report_change (int slot, int old_status, int cur_status)
xfree (homestr);
}
-void
+int
scd_update_reader_status_file (void)
{
app_t a, app_next;
+ int periodical_check_needed = 0;
npth_mutex_lock (&app_list_lock);
for (a = app_top; a; a = app_next)
{
+ int sw;
+ unsigned int status;
+
+ lock_app (a, NULL);
app_next = a->next;
- if (a->require_get_status)
+
+ if (a->reset_requested)
+ status = 0;
+ else
{
- int sw;
- unsigned int status;
sw = apdu_get_status (a->slot, 0, &status);
-
if (sw == SW_HOST_NO_READER)
{
/* Most likely the _reader_ has been unplugged. */
@@ -1037,26 +1044,42 @@ scd_update_reader_status_file (void)
else if (sw)
{
/* Get status failed. Ignore that. */
+ if (a->periodical_check_needed)
+ periodical_check_needed = 1;
+ unlock_app (a);
continue;
}
+ }
- if (a->card_status != status)
+ if (a->card_status != status)
+ {
+ report_change (a->slot, a->card_status, status);
+ send_client_notifications (a, status == 0);
+
+ if (status == 0)
{
- report_change (a->slot, a->card_status, status);
- send_client_notifications (a, status == 0);
-
- if (status == 0)
- {
- log_debug ("Removal of a card: %d\n", a->slot);
- apdu_close_reader (a->slot);
- deallocate_app (a);
- }
- else
- a->card_status = status;
+ log_debug ("Removal of a card: %d\n", a->slot);
+ apdu_close_reader (a->slot);
+ deallocate_app (a);
}
+ else
+ {
+ a->card_status = status;
+ if (a->periodical_check_needed)
+ periodical_check_needed = 1;
+ unlock_app (a);
+ }
+ }
+ else
+ {
+ if (a->periodical_check_needed)
+ periodical_check_needed = 1;
+ unlock_app (a);
}
}
npth_mutex_unlock (&app_list_lock);
+
+ return periodical_check_needed;
}
/* This function must be called once to initialize this module. This
@@ -1078,19 +1101,6 @@ initialize_module_command (void)
return apdu_init ();
}
-app_t
-app_list_start (void)
-{
- npth_mutex_lock (&app_list_lock);
- return app_top;
-}
-
-void
-app_list_finish (void)
-{
- npth_mutex_unlock (&app_list_lock);
-}
-
void
app_send_card_list (ctrl_t ctrl)
{
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index b7f97ed..40b2599 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -262,9 +262,9 @@ struct ccid_driver_s
unsigned int auto_param:1;
unsigned int auto_pps:1;
unsigned int auto_ifsd:1;
- unsigned int powered_off:1;
unsigned int has_pinpad:2;
unsigned int enodev_seen:1;
+ int powered_off;
time_t last_progress; /* Last time we sent progress line. */
@@ -272,6 +272,9 @@ struct ccid_driver_s
ccid_set_progress_cb. */
void (*progress_cb)(void *, const char *, int, int, int);
void *progress_cb_arg;
+
+ unsigned char intr_buf[64];
+ struct libusb_transfer *transfer;
};
@@ -282,6 +285,7 @@ static int debug_level; /* Flag to control the debug output.
2 = Level 1 + T=1 protocol tracing
3 = Level 2 + USB/I/O tracing of SlotStatus.
*/
+static int ccid_usb_thread_is_alive;
static unsigned int compute_edc (const unsigned char *data, size_t datalen,
@@ -957,7 +961,7 @@ parse_ccid_descriptor (ccid_driver_t handle, unsigned short bcd_device,
The
0x5117 - SCR 3320 USB ID-000 reader
seems to be very slow but enabling this workaround boosts the
- performance to a a more or less acceptable level (tested by David).
+ performance to a more or less acceptable level (tested by David).
*/
if (handle->id_vendor == VENDOR_SCM
@@ -1004,19 +1008,31 @@ get_escaped_usb_string (libusb_device_handle *idev, int idx,
/* First get the list of supported languages and use the first one.
If we do don't find it we try to use English. Note that this is
all in a 2 bute Unicode encoding using little endian. */
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN,
LIBUSB_REQUEST_GET_DESCRIPTOR,
(LIBUSB_DT_STRING << 8), 0,
(char*)buf, sizeof buf, 1000 /* ms timeout */);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc < 4)
langid = 0x0409; /* English. */
else
langid = (buf[3] << 8) | buf[2];
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN,
LIBUSB_REQUEST_GET_DESCRIPTOR,
(LIBUSB_DT_STRING << 8) + idx, langid,
(char*)buf, sizeof buf, 1000 /* ms timeout */);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc < 2 || buf[1] != LIBUSB_DT_STRING)
return NULL; /* Error or not a string. */
len = buf[0];
@@ -1286,7 +1302,7 @@ scan_or_find_usb_device (int scan_mode,
With READERNO >= 0 or READERID is not NULL find mode is used. This
uses the same algorithm as the scan mode but stops and returns at
- the entry number READERNO and return the handle for the the opened
+ the entry number READERNO and return the handle for the opened
USB device. If R_RID is not NULL it will receive the reader ID of
that device. If R_DEV is not NULL it will the device pointer of
that device. If IFCDESC_EXTRA is NOT NULL it will receive a
@@ -1753,6 +1769,89 @@ ccid_compare_BAI (ccid_driver_t handle, unsigned int bai)
return handle->bai == bai;
}
+
+static void
+intr_cb (struct libusb_transfer *transfer)
+{
+ ccid_driver_t handle = transfer->user_data;
+
+ DEBUGOUT_1 ("CCID: interrupt callback %d\n", transfer->status);
+
+ if (transfer->status == LIBUSB_TRANSFER_TIMED_OUT)
+ {
+ int err;
+
+ submit_again:
+ /* Submit the URB again to keep watching the INTERRUPT transfer. */
+ err = libusb_submit_transfer (transfer);
+ if (err == LIBUSB_ERROR_NO_DEVICE)
+ goto device_removed;
+
+ DEBUGOUT_1 ("CCID submit transfer again %d\n", err);
+ }
+ else if (transfer->status == LIBUSB_TRANSFER_COMPLETED)
+ {
+ if (transfer->actual_length == 2
+ && transfer->buffer[0] == 0x50
+ && (transfer->buffer[1] & 1) == 0)
+ {
+ DEBUGOUT ("CCID: card removed\n");
+ handle->powered_off = 1;
+ }
+ else
+ {
+ /* Event other than card removal. */
+ goto submit_again;
+ }
+ }
+ else if (transfer->status == LIBUSB_TRANSFER_CANCELLED)
+ handle->powered_off = 1;
+ else
+ {
+ device_removed:
+ DEBUGOUT ("CCID: device removed\n");
+ handle->powered_off = 1;
+ }
+
+ scd_kick_the_loop ();
+}
+
+static void
+ccid_setup_intr (ccid_driver_t handle)
+{
+ struct libusb_transfer *transfer;
+ int err;
+
+ transfer = libusb_alloc_transfer (0);
+ handle->transfer = transfer;
+ libusb_fill_interrupt_transfer (transfer, handle->idev, handle->ep_intr,
+ handle->intr_buf, sizeof (handle->intr_buf),
+ intr_cb, handle, 0);
+ err = libusb_submit_transfer (transfer);
+ DEBUGOUT_2 ("CCID submit transfer (%x): %d", handle->ep_intr, err);
+}
+
+
+static void *
+ccid_usb_thread (void *arg)
+{
+ libusb_context *ctx = arg;
+
+ while (ccid_usb_thread_is_alive)
+ {
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
+ libusb_handle_events_completed (ctx, NULL);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
+ }
+
+ return NULL;
+}
+
+
static int
ccid_open_usb_reader (const char *spec_reader_name,
int idx, struct ccid_dev_table *ccid_table,
@@ -1760,7 +1859,7 @@ ccid_open_usb_reader (const char *spec_reader_name,
{
libusb_device *dev;
libusb_device_handle *idev = NULL;
- char *rid;
+ char *rid = NULL;
int rc = 0;
int ifc_no, set_no;
struct libusb_device_descriptor desc;
@@ -1786,13 +1885,39 @@ ccid_open_usb_reader (const char *spec_reader_name,
return rc;
}
+ if (ccid_usb_thread_is_alive++ == 0)
+ {
+ npth_t thread;
+ npth_attr_t tattr;
+ int err;
+
+ err = npth_attr_init (&tattr);
+ if (err)
+ {
+ DEBUGOUT_1 ("npth_attr_init failed: %s\n", strerror (err));
+ free (*handle);
+ *handle = NULL;
+ return err;
+ }
+
+ npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
+ err = npth_create (&thread, &tattr, ccid_usb_thread, NULL);
+ if (err)
+ {
+ DEBUGOUT_1 ("npth_create failed: %s\n", strerror (err));
+ free (*handle);
+ *handle = NULL;
+ return err;
+ }
+
+ npth_attr_destroy (&tattr);
+ }
+
rc = libusb_get_device_descriptor (dev, &desc);
if (rc)
{
- libusb_close (idev);
- free (*handle);
- *handle = NULL;
- return rc;
+ DEBUGOUT ("get_device_descripor failed\n");
+ goto leave;
}
rid = make_reader_id (idev, desc.idVendor, desc.idProduct,
@@ -1847,11 +1972,15 @@ ccid_open_usb_reader (const char *spec_reader_name,
}
}
+ if ((*handle)->ep_intr >= 0)
+ ccid_setup_intr (*handle);
+
rc = ccid_vendor_specific_init (*handle);
leave:
if (rc)
{
+ --ccid_usb_thread_is_alive;
free (rid);
libusb_close (idev);
free (*handle);
@@ -1871,8 +2000,8 @@ ccid_open_usb_reader (const char *spec_reader_name,
/* Open the reader with the internal number READERNO and return a
pointer to be used as handle in HANDLE. Returns 0 on success. */
int
-ccid_open_reader (const char *spec_reader_name,
- int idx, struct ccid_dev_table *ccid_table,
+ccid_open_reader (const char *spec_reader_name, int idx,
+ struct ccid_dev_table *ccid_table,
ccid_driver_t *handle, char **rdrname_p)
{
int n;
@@ -1941,6 +2070,35 @@ ccid_open_reader (const char *spec_reader_name,
}
+int
+ccid_require_get_status (ccid_driver_t handle)
+{
+ /* When a card reader supports interrupt transfer to check the
+ status of card, it is possible to submit only an interrupt
+ transfer, and no check is required by application layer. USB can
+ detect removal of a card and can detect removal of a reader.
+ */
+ if (handle->ep_intr >= 0)
+ return 0;
+
+ /* Libusb actually detects the removal of USB device in use.
+ However, there is no good API to handle the removal (yet),
+ cleanly and with good portability.
+
+ There is libusb_set_pollfd_notifiers function, but it doesn't
+ offer libusb_device_handle* data to its callback. So, when it
+ watches multiple devices, there is no way to know which device is
+ removed.
+
+ Once, we will have a good programming interface of libusb, we can
+ list tokens (with no interrupt transfer support, but always with
+ card inserted) here to return 0, so that scdaemon can submit
+ minimum packet on wire.
+ */
+ return 1;
+}
+
+
static void
do_close_reader (ccid_driver_t handle)
{
@@ -1964,11 +2122,34 @@ do_close_reader (ccid_driver_t handle)
if (!rc)
bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus,
seqno, 2000, 0);
- handle->powered_off = 1;
}
if (handle->idev)
{
+ if (handle->transfer)
+ {
+ if (!handle->powered_off)
+ {
+ DEBUGOUT ("libusb_cancel_transfer\n");
+
+ rc = libusb_cancel_transfer (handle->transfer);
+ if (rc != LIBUSB_ERROR_NOT_FOUND)
+ while (!handle->powered_off)
+ {
+ DEBUGOUT ("libusb_handle_events_completed\n");
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
+ libusb_handle_events_completed (NULL, &handle->powered_off);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
+ }
+ }
+
+ libusb_free_transfer (handle->transfer);
+ }
libusb_release_interface (handle->idev, handle->ifc_no);
+ --ccid_usb_thread_is_alive;
libusb_close (handle->idev);
handle->idev = NULL;
}
@@ -2110,9 +2291,15 @@ bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen,
{
int transferred;
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out,
(char*)msg, msglen, &transferred,
5000 /* ms timeout */);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc == 0 && transferred == msglen)
return 0;
@@ -2161,8 +2348,14 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
retry:
if (handle->idev)
{
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in,
(char*)buffer, length, &msglen, timeout);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc)
{
DEBUGOUT_1 ("usb_bulk_read error: %s\n", libusb_error_name (rc));
@@ -2297,6 +2490,9 @@ abort_cmd (ccid_driver_t handle, int seqno)
/* Send the abort command to the control pipe. Note that we don't
need to keep track of sent abort commands because there should
never be another thread using the same slot concurrently. */
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_control_transfer (handle->idev,
0x21,/* bmRequestType: host-to-device,
class specific, to interface. */
@@ -2305,6 +2501,9 @@ abort_cmd (ccid_driver_t handle, int seqno)
handle->ifc_no,
dummybuf, 0,
1000 /* ms timeout */);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc)
{
DEBUGOUT_1 ("usb_control_msg error: %s\n", libusb_error_name (rc));
@@ -2329,9 +2528,15 @@ abort_cmd (ccid_driver_t handle, int seqno)
msglen = 10;
set_msg_len (msg, 0);
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out,
(char*)msg, msglen, &transferred,
5000 /* ms timeout */);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc == 0 && transferred == msglen)
rc = 0;
else if (rc)
@@ -2341,9 +2546,15 @@ abort_cmd (ccid_driver_t handle, int seqno)
if (rc)
return rc;
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in,
(char*)msg, sizeof msg, &msglen,
5000 /*ms timeout*/);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
if (rc)
{
DEBUGOUT_1 ("usb_bulk_read error in abort_cmd: %s\n",
@@ -2508,7 +2719,7 @@ ccid_poll (ccid_driver_t handle)
/* Note that this function won't return the error codes NO_CARD or
CARD_INACTIVE */
int
-ccid_slot_status (ccid_driver_t handle, int *statusbits)
+ccid_slot_status (ccid_driver_t handle, int *statusbits, int on_wire)
{
int rc;
unsigned char msg[100];
@@ -2516,6 +2727,19 @@ ccid_slot_status (ccid_driver_t handle, int *statusbits)
unsigned char seqno;
int retries = 0;
+ if (handle->powered_off)
+ return CCID_DRIVER_ERR_NO_READER;
+
+ /* If the card (with its lower-level driver) doesn't require
+ GET_STATUS on wire (because it supports INTERRUPT transfer for
+ status change, or it's a token which has a card always inserted),
+ no need to send on wire. */
+ if (!on_wire && !ccid_require_get_status (handle))
+ {
+ *statusbits = 0;
+ return 0;
+ }
+
retry:
msg[0] = PC_to_RDR_GetSlotStatus;
msg[5] = 0; /* slot */
@@ -2538,16 +2762,21 @@ ccid_slot_status (ccid_driver_t handle, int *statusbits)
if (!retries)
{
DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n");
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
libusb_clear_halt (handle->idev, handle->ep_bulk_in);
libusb_clear_halt (handle->idev, handle->ep_bulk_out);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
}
else
DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n");
retries++;
goto retry;
}
- if (rc && rc != CCID_DRIVER_ERR_NO_CARD
- && rc != CCID_DRIVER_ERR_CARD_INACTIVE)
+ if (rc && rc != CCID_DRIVER_ERR_NO_CARD && rc != CCID_DRIVER_ERR_CARD_INACTIVE)
return rc;
*statusbits = (msg[7] & 3);
@@ -2727,7 +2956,7 @@ ccid_get_atr (ccid_driver_t handle,
};
/* First check whether a card is available. */
- rc = ccid_slot_status (handle, &statusbits);
+ rc = ccid_slot_status (handle, &statusbits, 1);
if (rc)
return rc;
if (statusbits == 2)
@@ -3285,7 +3514,13 @@ ccid_transceive (ccid_driver_t handle,
if (tpdulen < 4)
{
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
libusb_clear_halt (handle->idev, handle->ep_bulk_in);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
return CCID_DRIVER_ERR_ABORTED;
}
@@ -3719,7 +3954,13 @@ ccid_transceive_secure (ccid_driver_t handle,
if (tpdulen < 4)
{
+#ifdef USE_NPTH
+ npth_unprotect ();
+#endif
libusb_clear_halt (handle->idev, handle->ep_bulk_in);
+#ifdef USE_NPTH
+ npth_protect ();
+#endif
return CCID_DRIVER_ERR_ABORTED;
}
if (debug_level > 1)
diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h
index 9e71f5e..b6da30c 100644
--- a/scd/ccid-driver.h
+++ b/scd/ccid-driver.h
@@ -128,7 +128,7 @@ int ccid_shutdown_reader (ccid_driver_t handle);
int ccid_close_reader (ccid_driver_t handle);
int ccid_get_atr (ccid_driver_t handle,
unsigned char *atr, size_t maxatrlen, size_t *atrlen);
-int ccid_slot_status (ccid_driver_t handle, int *statusbits);
+int ccid_slot_status (ccid_driver_t handle, int *statusbits, int on_wire);
int ccid_transceive (ccid_driver_t handle,
const unsigned char *apdu, size_t apdulen,
unsigned char *resp, size_t maxresplen, size_t *nresp);
@@ -140,7 +140,7 @@ int ccid_transceive_escape (ccid_driver_t handle,
const unsigned char *data, size_t datalen,
unsigned char *resp, size_t maxresplen,
size_t *nresp);
-
+int ccid_require_get_status (ccid_driver_t handle);
#endif /*CCID_DRIVER_H*/
diff --git a/scd/command.c b/scd/command.c
index 8c7ca20..b1d5539 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -217,6 +217,7 @@ open_card_with_request (ctrl_t ctrl, const char *apptype, const char *serialno)
gpg_error_t err;
unsigned char *serialno_bin = NULL;
size_t serialno_bin_len = 0;
+ app_t app = ctrl->app_ctx;
/* If we are already initialized for one specific application we
need to check that the client didn't requested a specific
@@ -224,6 +225,10 @@ open_card_with_request (ctrl_t ctrl, const char *apptype, const char *serialno)
if (apptype && ctrl->app_ctx)
return check_application_conflict (apptype, ctrl->app_ctx);
+ /* Re-scan USB devices. Release APP, before the scan. */
+ ctrl->app_ctx = NULL;
+ release_application (app, 0);
+
if (serialno)
serialno_bin = hex_to_buffer (serialno, &serialno_bin_len);
@@ -895,7 +900,7 @@ cmd_getattr (assuan_context_t ctx, char *line)
static const char hlp_setattr[] =
"SETATTR <name> <value> \n"
"\n"
- "This command is used to store data on a a smartcard. The allowed\n"
+ "This command is used to store data on a smartcard. The allowed\n"
"names and values are depend on the currently selected smartcard\n"
"application. NAME and VALUE must be percent and '+' escaped.\n"
"\n"
@@ -949,7 +954,7 @@ static const char hlp_writecert[] =
"application. The actual certifciate is requested using the inquiry\n"
"\"CERTDATA\" and needs to be provided in its raw (e.g. DER) form.\n"
"\n"
- "In almost all cases a a PIN will be requested. See the related\n"
+ "In almost all cases a PIN will be requested. See the related\n"
"writecert function of the actually used application (app-*.c) for\n"
"details.";
static gpg_error_t
@@ -1002,7 +1007,7 @@ cmd_writecert (assuan_context_t ctx, char *line)
static const char hlp_writekey[] =
"WRITEKEY [--force] <keyid> \n"
"\n"
- "This command is used to store a secret key on a a smartcard. The\n"
+ "This command is used to store a secret key on a smartcard. The\n"
"allowed keyids depend on the currently selected smartcard\n"
"application. The actual keydata is requested using the inquiry\n"
"\"KEYDATA\" and need to be provided without any protection. With\n"
@@ -1367,30 +1372,26 @@ static const char hlp_getinfo[] =
"Multi purpose command to return certain information. \n"
"Supported values of WHAT are:\n"
"\n"
- "version - Return the version of the program.\n"
- "pid - Return the process id of the server.\n"
- "\n"
- "socket_name - Return the name of the socket.\n"
- "\n"
- "status - Return the status of the current reader (in the future, may\n"
- "also return the status of all readers). The status is a list of\n"
- "one-character flags. The following flags are currently defined:\n"
- " 'u' Usable card present. This is the normal state during operation.\n"
- " 'r' Card removed. A reset is necessary.\n"
- "These flags are exclusive.\n"
- "\n"
- "reader_list - Return a list of detected card readers. Does\n"
- " currently only work with the internal CCID driver.\n"
- "\n"
- "deny_admin - Returns OK if admin commands are not allowed or\n"
- " GPG_ERR_GENERAL if admin commands are allowed.\n"
- "\n"
- "app_list - Return a list of supported applications. One\n"
- " application per line, fields delimited by colons,\n"
- " first field is the name.\n"
- "\n"
- "card_list - Return a list of serial numbers of active cards,\n"
- " using a status response.";
+ " version - Return the version of the program.\n"
+ " pid - Return the process id of the server.\n"
+ " socket_name - Return the name of the socket.\n"
+ " connections - Return number of active connections.\n"
+ " status - Return the status of the current reader (in the future,\n"
+ " may also return the status of all readers). The status\n"
+ " is a list of one-character flags. The following flags\n"
+ " are currently defined:\n"
+ " 'u' Usable card present.\n"
+ " 'r' Card removed. A reset is necessary.\n"
+ " These flags are exclusive.\n"
+ " reader_list - Return a list of detected card readers. Does\n"
+ " currently only work with the internal CCID driver.\n"
+ " deny_admin - Returns OK if admin commands are not allowed or\n"
+ " GPG_ERR_GENERAL if admin commands are allowed.\n"
+ " app_list - Return a list of supported applications. One\n"
+ " application per line, fields delimited by colons,\n"
+ " first field is the name.\n"
+ " card_list - Return a list of serial numbers of active cards,\n"
+ " using a status response.";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
@@ -1417,6 +1418,13 @@ cmd_getinfo (assuan_context_t ctx, char *line)
else
rc = gpg_error (GPG_ERR_NO_DATA);
}
+ else if (!strcmp (line, "connections"))
+ {
+ char numbuf[20];
+
+ snprintf (numbuf, sizeof numbuf, "%d", get_active_connection_count ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
else if (!strcmp (line, "status"))
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@@ -1487,7 +1495,7 @@ cmd_restart (assuan_context_t ctx, char *line)
if (app)
{
ctrl->app_ctx = NULL;
- release_application (app);
+ release_application (app, 0);
}
if (locked_session && ctrl->server_local == locked_session)
{
@@ -1914,7 +1922,7 @@ send_client_notifications (app_t app, int removal)
{
sl->ctrl_backlink->app_ctx = NULL;
sl->card_removed = 1;
- release_application (app);
+ release_application (app, 1);
}
if (!sl->event_signal || !sl->assuan_ctx)
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
index 74fed44..f7e9f83 100644
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -52,6 +52,7 @@
#include "ccid-driver.h"
#include "gc-opt-flags.h"
#include "asshelp.h"
+#include "exechelp.h"
#include "../common/init.h"
#ifndef ENAMETOOLONG
@@ -60,10 +61,10 @@
enum cmd_and_opt_values
{ aNull = 0,
- oCsh = 'c',
- oQuiet = 'q',
- oSh = 's',
- oVerbose = 'v',
+ oCsh = 'c',
+ oQuiet = 'q',
+ oSh = 's',
+ oVerbose = 'v',
oNoVerbose = 500,
aGPGConfList,
@@ -98,7 +99,6 @@ enum cmd_and_opt_values
oDenyAdmin,
oDisableApplication,
oEnablePinpadVarlen,
- oDebugDisableTicker
};
@@ -114,18 +114,17 @@ static ARGPARSE_OPTS opts[] = {
N_("run in multi server mode (foreground)")),
ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
- ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
- ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
- ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
+ ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
+ ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
+ ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")),
- ARGPARSE_s_s (oDebug, "debug", "@"),
+ ARGPARSE_s_s (oDebug, "debug", "@"),
ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
ARGPARSE_s_s (oDebugLevel, "debug-level" ,
N_("|LEVEL|set the debugging level to LEVEL")),
ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
ARGPARSE_s_n (oDebugAllowCoreDump, "debug-allow-core-dump", "@"),
ARGPARSE_s_n (oDebugCCIDDriver, "debug-ccid-driver", "@"),
- ARGPARSE_s_n (oDebugDisableTicker, "debug-disable-ticker", "@"),
ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"),
ARGPARSE_p_u (oDebugAssuanLogCats, "debug-assuan-log-cats", "@"),
ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
@@ -189,8 +188,13 @@ static struct debug_flags_s debug_flags [] =
#define DEFAULT_PCSC_DRIVER "libpcsclite.so"
#endif
-/* The timer tick used for housekeeping stuff. We poll every 500ms to
- let the user immediately know a status change.
+/* The timer tick used to check card removal.
+
+ We poll every 500ms to let the user immediately know a status
+ change.
+
+ For a card reader with an interrupt endpoint, this timer is not
+ used with the internal CCID driver.
This is not too good for power saving but given that there is no
easy way to block on card status changes it is the best we can do.
@@ -220,11 +224,8 @@ static char *redir_socket_name;
POSIX systems). */
static assuan_sock_nonce_t socket_nonce;
-/* Debug flag to disable the ticker. The ticker is in fact not
- disabled but it won't perform any ticker specific actions. */
-static int ticker_disabled;
-
-
+/* FD to notify update of usb devices. */
+static int notify_fd;
static char *create_socket_name (char *standard_name);
static gnupg_fd_t create_server_socket (const char *name,
@@ -456,13 +457,13 @@ main (int argc, char **argv )
parse_debug++;
else if (pargs.r_opt == oOptions)
{ /* yes there is one, so we do not try the default one, but
- read the option file when it is encountered at the
- commandline */
+ read the option file when it is encountered at the
+ commandline */
default_config = 0;
- }
- else if (pargs.r_opt == oNoOptions)
+ }
+ else if (pargs.r_opt == oNoOptions)
default_config = 0; /* --no-options */
- else if (pargs.r_opt == oHomedir)
+ else if (pargs.r_opt == oHomedir)
gnupg_set_homedir (pargs.r.ret_str);
}
@@ -497,16 +498,16 @@ main (int argc, char **argv )
if( parse_debug )
log_info (_("Note: no default option file '%s'\n"),
configname );
- }
+ }
else
{
log_error (_("option file '%s': %s\n"),
configname, strerror(errno) );
exit(2);
- }
+ }
xfree (configname);
configname = NULL;
- }
+ }
if (parse_debug && configname )
log_info (_("reading options from '%s'\n"), configname );
default_config = 0;
@@ -541,7 +542,6 @@ main (int argc, char **argv )
ccid_set_debug_level (ccid_set_debug_level (-1)+1);
#endif /*HAVE_LIBUSB*/
break;
- case oDebugDisableTicker: ticker_disabled = 1; break;
case oDebugLogTid:
log_set_pid_suffix_cb (tid_log_callback);
break;
@@ -553,10 +553,10 @@ main (int argc, char **argv )
/* config files may not be nested (silently ignore them) */
if (!configfp)
{
- xfree(configname);
- configname = xstrdup(pargs.r.ret_str);
- goto next_pass;
- }
+ xfree(configname);
+ configname = xstrdup(pargs.r.ret_str);
+ goto next_pass;
+ }
break;
case oNoGreeting: nogreeting = 1; break;
case oNoVerbose: opt.verbose = 0; break;
@@ -588,12 +588,12 @@ main (int argc, char **argv )
add_to_strlist (&opt.disabled_applications, pargs.r.ret_str);
break;
- case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break;
+ case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break;
default:
pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
break;
- }
+ }
}
if (configfp)
{
@@ -656,7 +656,7 @@ main (int argc, char **argv )
char *filename_esc;
if (config_filename)
- filename = xstrdup (config_filename);
+ filename = xstrdup (config_filename);
else
filename = make_filename (gnupg_homedir (),
SCDAEMON_NAME EXTSEP_S "conf", NULL);
@@ -752,7 +752,7 @@ main (int argc, char **argv )
res = npth_attr_init (&tattr);
if (res)
- {
+ {
log_error ("error allocating thread attributes: %s\n",
strerror (res));
scd_exit (2);
@@ -1009,7 +1009,7 @@ handle_signal (int signo)
log_info ("%s %s stopped\n", strusage(11), strusage(13) );
cleanup ();
scd_exit (0);
- }
+ }
break;
case SIGINT:
@@ -1026,14 +1026,6 @@ handle_signal (int signo)
#endif /*!HAVE_W32_SYSTEM*/
-static void
-handle_tick (void)
-{
- if (!ticker_disabled)
- scd_update_reader_status_file ();
-}
-
-
/* Create a name for the socket. We check for valid characters as
well as against a maximum allowed length for a unix domain socket
is done. The function terminates the process in case of an error.
@@ -1116,7 +1108,7 @@ create_server_socket (const char *name, char **r_redir_name,
if (rc == -1)
{
log_error (_("error binding socket to '%s': %s\n"),
- unaddr->sun_path,
+ unaddr->sun_path,
gpg_strerror (gpg_error_from_syserror ()));
assuan_sock_close (fd);
scd_exit (2);
@@ -1158,6 +1150,8 @@ start_connection_thread (void *arg)
return NULL;
}
+ active_connections++;
+
scd_init_default_ctrl (ctrl);
if (opt.verbose)
log_info (_("handler for fd %d started\n"),
@@ -1177,10 +1171,24 @@ start_connection_thread (void *arg)
scd_deinit_default_ctrl (ctrl);
xfree (ctrl);
+
+ if (--active_connections == 0)
+ scd_kick_the_loop ();
+
return NULL;
}
+void
+scd_kick_the_loop (void)
+{
+ int ret;
+
+ /* Kick the select loop. */
+ ret = write (notify_fd, "", 1);
+ (void)ret;
+}
+
/* Connection handler loop. Wait for connection requests and spawn a
thread after accepting a connection. LISTEN_FD is allowed to be -1
in which case this code will only do regular timeouts and handle
@@ -1192,19 +1200,32 @@ handle_connections (int listen_fd)
struct sockaddr_un paddr;
socklen_t plen;
fd_set fdset, read_fdset;
+ int nfd;
int ret;
int fd;
- int nfd;
- struct timespec abstime;
- struct timespec curtime;
struct timespec timeout;
+ struct timespec *t;
int saved_errno;
#ifndef HAVE_W32_SYSTEM
int signo;
#endif
+ int pipe_fd[2];
+
+ ret = gnupg_create_pipe (pipe_fd);
+ if (ret)
+ {
+ log_error ("pipe creation failed: %s\n", gpg_strerror (ret));
+ return;
+ }
+ notify_fd = pipe_fd[1];
ret = npth_attr_init(&tattr);
- /* FIXME: Check error. */
+ if (ret)
+ {
+ log_error ("npth_attr_init failed: %s\n", strerror (ret));
+ return;
+ }
+
npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
#ifndef HAVE_W32_SYSTEM
@@ -1225,14 +1246,14 @@ handle_connections (int listen_fd)
nfd = listen_fd;
}
- npth_clock_gettime (&curtime);
- timeout.tv_sec = TIMERTICK_INTERVAL_SEC;
- timeout.tv_nsec = TIMERTICK_INTERVAL_USEC * 1000;
- npth_timeradd (&curtime, &timeout, &abstime);
- /* We only require abstime here. The others will be reused. */
+ FD_SET (pipe_fd[0], &fdset);
+ if (nfd < pipe_fd[0])
+ nfd = pipe_fd[0];
for (;;)
{
+ int periodical_check;
+
if (shutdown_pending)
{
if (active_connections == 0)
@@ -1243,57 +1264,66 @@ handle_connections (int listen_fd)
file descriptors to wait for, so that the select will be
used to just wait on a signal or timeout event. */
FD_ZERO (&fdset);
+ FD_SET (pipe_fd[0], &fdset);
+ nfd = pipe_fd[0];
listen_fd = -1;
- }
-
- npth_clock_gettime (&curtime);
- if (!(npth_timercmp (&curtime, &abstime, <)))
- {
- /* Timeout. */
- handle_tick ();
- timeout.tv_sec = TIMERTICK_INTERVAL_SEC;
- timeout.tv_nsec = TIMERTICK_INTERVAL_USEC * 1000;
- npth_timeradd (&curtime, &timeout, &abstime);
- }
- npth_timersub (&abstime, &curtime, &timeout);
+ }
+
+ periodical_check = scd_update_reader_status_file ();
+
+ timeout.tv_sec = TIMERTICK_INTERVAL_SEC;
+ timeout.tv_nsec = TIMERTICK_INTERVAL_USEC * 1000;
+
+ if (shutdown_pending || periodical_check)
+ t = &timeout;
+ else
+ t = NULL;
/* POSIX says that fd_set should be implemented as a structure,
thus a simple assignment is fine to copy the entire set. */
read_fdset = fdset;
#ifndef HAVE_W32_SYSTEM
- ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, npth_sigev_sigmask());
+ ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, t,
+ npth_sigev_sigmask ());
saved_errno = errno;
while (npth_sigev_get_pending(&signo))
- handle_signal (signo);
+ handle_signal (signo);
#else
- ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, NULL, NULL);
+ ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, t, NULL, NULL);
saved_errno = errno;
#endif
if (ret == -1 && saved_errno != EINTR)
- {
+ {
log_error (_("npth_pselect failed: %s - waiting 1s\n"),
strerror (saved_errno));
npth_sleep (1);
- continue;
- }
+ continue;
+ }
if (ret <= 0)
- /* Timeout. Will be handled when calculating the next timeout. */
- continue;
+ /* Timeout. Will be handled when calculating the next timeout. */
+ continue;
+
+ if (FD_ISSET (pipe_fd[0], &read_fdset))
+ {
+ char buf[256];
+
+ ret = read (pipe_fd[0], buf, sizeof buf);
+ }
if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset))
- {
+ {
ctrl_t ctrl;
plen = sizeof paddr;
- fd = npth_accept (listen_fd, (struct sockaddr *)&paddr, &plen);
- if (fd == -1)
- {
- log_error ("accept failed: %s\n", strerror (errno));
- }
+ fd = npth_accept (listen_fd, (struct sockaddr *)&paddr, &plen);
+ if (fd == -1)
+ {
+ log_error ("accept failed: %s\n", strerror (errno));
+ }
else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) )
{
log_error ("error allocating connection control data: %s\n",
@@ -1303,12 +1333,12 @@ handle_connections (int listen_fd)
else
{
char threadname[50];
- npth_t thread;
+ npth_t thread;
snprintf (threadname, sizeof threadname, "conn fd=%d", fd);
ctrl->thread_startup.fd = INT2FD (fd);
ret = npth_create (&thread, &tattr, start_connection_thread, ctrl);
- if (ret)
+ if (ret)
{
log_error ("error spawning connection handler: %s\n",
strerror (ret));
@@ -1316,13 +1346,21 @@ handle_connections (int listen_fd)
close (fd);
}
else
- npth_setname_np (thread, threadname);
+ npth_setname_np (thread, threadname);
}
- fd = -1;
- }
+ }
}
+ close (pipe_fd[0]);
+ close (pipe_fd[1]);
cleanup ();
log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
npth_attr_destroy (&tattr);
}
+
+/* Return the number of active connections. */
+int
+get_active_connection_count (void)
+{
+ return active_connections;
+}
diff --git a/scd/scdaemon.h b/scd/scdaemon.h
index d0bc98e..4797f3d 100644
--- a/scd/scdaemon.h
+++ b/scd/scdaemon.h
@@ -123,8 +123,11 @@ int scd_command_handler (ctrl_t, int);
void send_status_info (ctrl_t ctrl, const char *keyword, ...)
GPGRT_ATTR_SENTINEL(1);
void send_status_direct (ctrl_t ctrl, const char *keyword, const char *args);
-void scd_update_reader_status_file (void);
void send_client_notifications (app_t app, int removal);
+void scd_kick_the_loop (void);
+int get_active_connection_count (void);
+/*-- app.c --*/
+int scd_update_reader_status_file (void);
#endif /*SCDAEMON_H*/
diff --git a/sm/Makefile.am b/sm/Makefile.am
index a9c67a8..4cfb246 100644
--- a/sm/Makefile.am
+++ b/sm/Makefile.am
@@ -38,7 +38,6 @@ gpgsm_SOURCES = \
call-agent.c \
call-dirmngr.c \
fingerprint.c \
- base64.c \
certlist.c \
certdump.c \
certcheck.c \
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index d025063..45303e8 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -430,7 +430,7 @@ inq_certificate (void *opaque, const char *line)
}
-/* Take a 20 byte hexencoded string and put it into the the provided
+/* Take a 20 byte hexencoded string and put it into the provided
20 byte buffer FPR in binary format. */
static int
unhexify_fpr (const char *hexstr, unsigned char *fpr)
diff --git a/sm/certchain.c b/sm/certchain.c
index 083c3ad..b3e8656 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -2120,7 +2120,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen)
}
/* If this is a German signature law issued certificate, we store
- additional additional information. */
+ additional information. */
if (!gpgsm_is_in_qualified_list (NULL, array[depth-1], country)
&& !strcmp (country, "de"))
{
diff --git a/sm/certdump.c b/sm/certdump.c
index e47251e..bd37da4 100644
--- a/sm/certdump.c
+++ b/sm/certdump.c
@@ -1,5 +1,5 @@
/* certdump.c - Dump a certificate for debugging
- * Copyright (C) 2001, 2004, 2007 Free Software Foundation, Inc.
+ * Copyright (C) 2001-2010, 2014-2015 g10 Code GmbH
*
* This file is part of GnuPG.
*
@@ -492,7 +492,7 @@ print_dn_part (estream_t stream,
{
/* Forward to the last multi-valued RDN, so that we can
print them all in reverse in the correct order. Note
- that this overrides the the standard sequence but that
+ that this overrides the standard sequence but that
seems to a reasonable thing to do with multi-valued
RDNs. */
while (dn->multivalued && dn[1].key)
diff --git a/sm/certlist.c b/sm/certlist.c
index 7baec65..bfc35ce 100644
--- a/sm/certlist.c
+++ b/sm/certlist.c
@@ -336,7 +336,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
{
if (!first_subject)
{
- /* Save the the subject and the issuer for key usage
+ /* Save the subject and the issuer for key usage
and ambiguous name tests. */
first_subject = ksba_cert_get_subject (cert, 0);
first_issuer = ksba_cert_get_issuer (cert, 0);
diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c
index ece8668..b50d338 100644
--- a/sm/certreqgen-ui.c
+++ b/sm/certreqgen-ui.c
@@ -95,7 +95,7 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip)
gpg_error_t err;
ksba_sexp_t public;
size_t publiclen;
- const char *algostr;
+ int algo;
if (hexgrip[0] == '&')
hexgrip++;
@@ -105,21 +105,17 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip)
return NULL;
publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL);
- get_pk_algo_from_canon_sexp (public, publiclen, &algostr);
+ algo = get_pk_algo_from_canon_sexp (public, publiclen);
xfree (public);
- if (!algostr)
- return NULL;
- else if (!strcmp (algostr, "rsa"))
- return "RSA";
- else if (!strcmp (algostr, "dsa"))
- return "DSA";
- else if (!strcmp (algostr, "elg"))
- return "ELG";
- else if (!strcmp (algostr, "ecdsa"))
- return "ECDSA";
- else
- return NULL;
+ switch (algo)
+ {
+ case GCRY_PK_RSA: return "RSA";
+ case GCRY_PK_DSA: return "DSA";
+ case GCRY_PK_ELG: return "ELG";
+ case GCRY_PK_EDDSA: return "ECDSA";
+ default: return NULL;
+ }
}
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 9b4ffc9..fe35ea8 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -737,14 +737,18 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
if (!outctrl->dryrun)
{
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
int create_cert ;
create_cert = !!get_parameter_value (para, pSERIAL, 0);
ctrl->pem_name = create_cert? "CERTIFICATE" : "CERTIFICATE REQUEST";
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
log_error ("can't create writer: %s\n", gpg_strerror (rc));
else
@@ -752,7 +756,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
rc = create_request (ctrl, para, cardkeyid, public, sigkey, writer);
if (!rc)
{
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
log_error ("write failed: %s\n", gpg_strerror (rc));
else
@@ -762,7 +766,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
create_cert?"":" request");
}
}
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
}
}
diff --git a/sm/decrypt.c b/sm/decrypt.c
index a2907f6..cda4d29 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -243,8 +243,8 @@ int
gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
{
int rc;
- Base64Context b64reader = NULL;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64reader = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_reader_t reader;
ksba_writer_t writer;
ksba_cms_t cms = NULL;
@@ -274,14 +274,21 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
goto leave;
}
- rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, 0, &reader);
+ rc = gnupg_ksba_create_reader
+ (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
+ | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)),
+ in_fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gpg_strerror (rc));
goto leave;
}
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
@@ -557,7 +564,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
}
while (stopreason != KSBA_SR_READY);
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
@@ -575,8 +582,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
gpg_strerror (rc), gpg_strsource (rc));
}
ksba_cms_release (cms);
- gpgsm_destroy_reader (b64reader);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_reader (b64reader);
+ gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
es_fclose (in_fp);
if (dfparm.hd)
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 2c664f8..3a7d4bb 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -299,7 +299,7 @@ int
gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
{
int rc = 0;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
gpg_error_t err;
ksba_writer_t writer;
ksba_reader_t reader = NULL;
@@ -364,7 +364,10 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
encparm.fp = data_fp;
ctrl->pem_name = "ENCRYPTED MESSAGE";
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
@@ -499,7 +502,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
}
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
@@ -510,7 +513,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
leave:
ksba_cms_release (cms);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
ksba_reader_release (reader);
keydb_release (kh);
xfree (dek);
diff --git a/sm/export.c b/sm/export.c
index a32414e..d721d52 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -133,7 +133,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
KEYDB_HANDLE hd = NULL;
KEYDB_SEARCH_DESC *desc = NULL;
int ndesc;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
strlist_t sl;
ksba_cert_t cert = NULL;
@@ -263,7 +263,10 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
if (!b64writer)
{
ctrl->pem_name = "CERTIFICATE";
- rc = gpgsm_create_writer (&b64writer, ctrl, stream, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 :0)),
+ ctrl->pem_name, stream, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
@@ -281,13 +284,13 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
if (ctrl->create_pem)
{
/* We want one certificate per PEM block */
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;
}
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
b64writer = NULL;
}
}
@@ -299,7 +302,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
else if (b64writer)
{
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
@@ -308,7 +311,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
}
leave:
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
ksba_cert_release (cert);
xfree (desc);
keydb_release (hd);
@@ -328,7 +331,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
gpg_error_t err = 0;
KEYDB_HANDLE hd;
KEYDB_SEARCH_DESC *desc = NULL;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
ksba_cert_t cert = NULL;
const unsigned char *image;
@@ -433,7 +436,10 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
ctrl->pem_name = "PRIVATE KEY";
else
ctrl->pem_name = "RSA PRIVATE KEY";
- err = gpgsm_create_writer (&b64writer, ctrl, stream, &writer);
+ err = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, stream, &writer);
if (err)
{
log_error ("can't create writer: %s\n", gpg_strerror (err));
@@ -457,13 +463,13 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
if (ctrl->create_pem)
{
/* We want one certificate per PEM block */
- err = gpgsm_finish_writer (b64writer);
+ err = gnupg_ksba_finish_writer (b64writer);
if (err)
{
log_error ("write failed: %s\n", gpg_strerror (err));
goto leave;
}
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
b64writer = NULL;
}
@@ -471,7 +477,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
cert = NULL;
leave:
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
ksba_cert_release (cert);
xfree (desc);
keydb_release (hd);
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 76ff327..df96770 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -33,6 +33,7 @@
#include "../common/status.h"
#include "../common/audit.h"
#include "../common/session-env.h"
+#include "../common/ksba-io-support.h"
#define MAX_DIGEST_LEN 64
@@ -205,10 +206,6 @@ struct server_control_s
};
-/* Data structure used in base64.c. */
-typedef struct base64_context_s *Base64Context;
-
-
/* An object to keep a list of certificates. */
struct certlist_s
{
@@ -262,19 +259,6 @@ int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
char *gpgsm_get_certid (ksba_cert_t cert);
-/*-- base64.c --*/
-int gpgsm_create_reader (Base64Context *ctx,
- ctrl_t ctrl, estream_t fp, int allow_multi_pem,
- ksba_reader_t *r_reader);
-int gpgsm_reader_eof_seen (Base64Context ctx);
-void gpgsm_destroy_reader (Base64Context ctx);
-int gpgsm_create_writer (Base64Context *ctx,
- ctrl_t ctrl, estream_t stream,
- ksba_writer_t *r_writer);
-int gpgsm_finish_writer (Base64Context ctx);
-void gpgsm_destroy_writer (Base64Context ctx);
-
-
/*-- certdump.c --*/
void gpgsm_print_serial (estream_t fp, ksba_const_sexp_t p);
void gpgsm_print_time (estream_t fp, ksba_isotime_t t);
diff --git a/sm/import.c b/sm/import.c
index 4a8ecf7..b284b51 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -272,7 +272,7 @@ static int
import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
{
int rc;
- Base64Context b64reader = NULL;
+ gnupg_ksba_io_t b64reader = NULL;
ksba_reader_t reader;
ksba_cert_t cert = NULL;
ksba_cms_t cms = NULL;
@@ -288,7 +288,12 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
goto leave;
}
- rc = gpgsm_create_reader (&b64reader, ctrl, fp, 1, &reader);
+ rc = gnupg_ksba_create_reader
+ (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
+ | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)
+ | GNUPG_KSBA_IO_MULTIPEM),
+ fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gpg_strerror (rc));
@@ -375,14 +380,14 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
ksba_reader_clear (reader, NULL, NULL);
}
- while (!gpgsm_reader_eof_seen (b64reader));
+ while (!gnupg_ksba_reader_eof_seen (b64reader));
leave:
if (any && gpg_err_code (rc) == GPG_ERR_EOF)
rc = 0;
ksba_cms_release (cms);
ksba_cert_release (cert);
- gpgsm_destroy_reader (b64reader);
+ gnupg_ksba_destroy_reader (b64reader);
es_fclose (fp);
return rc;
}
diff --git a/sm/keydb.c b/sm/keydb.c
index 44dd9ca..75f83ee 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -265,7 +265,7 @@ keydb_add_resource (ctrl_t ctrl, const char *url, int force, int *auto_created)
/* Do we have an URL?
gnupg-kbx:filename := this is a plain keybox
- filename := See what is is, but create as plain keybox.
+ filename := See what it is, but create as plain keybox.
*/
if (strlen (resname) > 10)
{
diff --git a/sm/keylist.c b/sm/keylist.c
index 88a9c4f..6db42e3 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -1280,7 +1280,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
}
-/* Same as standard mode mode list all certifying certs too. */
+/* Same as standard mode list all certifying certs too. */
static void
list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
ksba_cert_t cert, int raw_mode,
diff --git a/sm/sign.c b/sm/sign.c
index 9153d58..0ca575b 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -316,7 +316,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
{
int i, rc;
gpg_error_t err;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
ksba_cms_t cms = NULL;
ksba_stop_reason_t stopreason;
@@ -340,7 +340,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
}
ctrl->pem_name = "SIGNED MESSAGE";
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
@@ -760,7 +763,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
}
while (stopreason != KSBA_SR_READY);
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
@@ -778,7 +781,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
if (release_signerlist)
gpgsm_release_certlist (signerlist);
ksba_cms_release (cms);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
gcry_md_close (data_md);
return rc;
diff --git a/sm/verify.c b/sm/verify.c
index a046883..1ac97cb 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -90,8 +90,8 @@ int
gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
{
int i, rc;
- Base64Context b64reader = NULL;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64reader = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_reader_t reader;
ksba_writer_t writer = NULL;
ksba_cms_t cms = NULL;
@@ -125,7 +125,11 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
goto leave;
}
- rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, 0, &reader);
+ rc = gnupg_ksba_create_reader
+ (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
+ | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)),
+ in_fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gpg_strerror (rc));
@@ -134,7 +138,10 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
if (out_fp)
{
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
@@ -246,7 +253,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
if (b64writer)
{
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
@@ -643,8 +650,8 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
leave:
ksba_cms_release (cms);
- gpgsm_destroy_reader (b64reader);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_reader (b64reader);
+ gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
gcry_md_close (data_md);
es_fclose (in_fp);
diff --git a/tests/gpgme/gpgme-defs.scm b/tests/gpgme/gpgme-defs.scm
index 6e35285..c102c93 100644
--- a/tests/gpgme/gpgme-defs.scm
+++ b/tests/gpgme/gpgme-defs.scm
@@ -42,6 +42,9 @@
(setenv "PATH" (string-append (path-join (getenv "GNUPG_BUILDDIR") "tools")
(string *pathsep*) (getenv "PATH")) #t)
+;; The tests expect the pinentry to return the passphrase "abc".
+(setenv "PINENTRY_USER_DATA" "abc" #t)
+
(define (create-file name content)
(letfd ((fd (open name (logior O_WRONLY O_CREAT O_BINARY) #o600)))
(display content (fdopen fd "wb"))))
@@ -50,8 +53,7 @@
(create-file "gpg.conf" "no-force-v3-sigs\n")
(create-file
"gpg-agent.conf"
- (string-append "pinentry-program "
- (in-gpgme-srcdir "tests" "gpg" "pinentry") "\n"))
+ (string-append "pinentry-program " (tool 'pinentry)))
(mkdir "private-keys-v1.d" "-rwx")
(log "Storing private keys")
diff --git a/tests/gpgme/run-tests.scm b/tests/gpgme/run-tests.scm
index bce5584..cb17977 100644
--- a/tests/gpgme/run-tests.scm
+++ b/tests/gpgme/run-tests.scm
@@ -54,7 +54,7 @@
(apply path-join
`(,(if (compiled? name)
gpgme-builddir
- gpgme-srcdir) ,@(:path cmpnts),name)))
+ gpgme-srcdir) ,@(:path cmpnts) ,(qualify name))))
(let ((makefile (apply path-join `(,gpgme-srcdir ,@(:path cmpnts)
"Makefile.am"))))
(map (lambda (name)
diff --git a/tests/gpgme/wrap.scm b/tests/gpgme/wrap.scm
index 4f3ae7d..e8f2b1f 100644
--- a/tests/gpgme/wrap.scm
+++ b/tests/gpgme/wrap.scm
@@ -56,5 +56,8 @@
(log "Importing extra key...")
(call-check `(,@GPG --yes --import ,(in-srcdir "pubkey-1.asc"))))))
-(log "Running" (car executable))
-(exit (run executable))
+(if (file-exists? (car executable))
+ (begin
+ (log "Running" (car executable))
+ (exit (run executable)))
+ (skip (car executable) "is not built"))
diff --git a/tests/gpgscm/Makefile.am b/tests/gpgscm/Makefile.am
index 9a5edc2..8942c7c 100644
--- a/tests/gpgscm/Makefile.am
+++ b/tests/gpgscm/Makefile.am
@@ -25,7 +25,8 @@ EXTRA_DIST = \
lib.scm \
repl.scm \
t-child.scm \
- tests.scm
+ tests.scm \
+ time.scm
AM_CPPFLAGS = -I$(top_srcdir)/common
include $(top_srcdir)/am/cmacros.am
diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c
index c91d4aa..42facee 100644
--- a/tests/gpgscm/ffi.c
+++ b/tests/gpgscm/ffi.c
@@ -502,6 +502,14 @@ do_get_isotime (scheme *sc, pointer args)
}
static pointer
+do_get_time (scheme *sc, pointer args)
+{
+ FFI_PROLOG ();
+ FFI_ARGS_DONE_OR_RETURN (sc, args);
+ FFI_RETURN_INT (sc, gnupg_get_time ());
+}
+
+static pointer
do_getpid (scheme *sc, pointer args)
{
FFI_PROLOG ();
@@ -1347,6 +1355,7 @@ ffi_init (scheme *sc, const char *argv0, const char *scriptname,
ffi_define_function (sc, mkdir);
ffi_define_function (sc, rmdir);
ffi_define_function (sc, get_isotime);
+ ffi_define_function (sc, get_time);
ffi_define_function (sc, getpid);
/* Random numbers. */
diff --git a/tests/gpgscm/ffi.scm b/tests/gpgscm/ffi.scm
index b62fd1f..3f2e553 100644
--- a/tests/gpgscm/ffi.scm
+++ b/tests/gpgscm/ffi.scm
@@ -47,3 +47,6 @@
;; Low-level mechanism to terminate the process.
(ffi-define (_exit status))
+
+;; Get the current time in seconds since the epoch.
+(ffi-define (get-time))
diff --git a/tests/gpgscm/init.scm b/tests/gpgscm/init.scm
index 83261b0..87d3c88 100644
--- a/tests/gpgscm/init.scm
+++ b/tests/gpgscm/init.scm
@@ -547,11 +547,11 @@
(display n)
(display ": ")
(let ((tag (get-tag f)))
- (unless (null? tag)
- (display (basename (car tag)))
- (display ":")
- (display (+ 1 (cdr tag)))
- (display ": ")))
+ (when (and (pair? tag) (string? (car tag)) (number? (cdr tag)))
+ (display (basename (car tag)))
+ (display ":")
+ (display (+ 1 (cdr tag)))
+ (display ": ")))
(write f))
(newline)
(loop (+ n 1) skip (cdr frames))))))
diff --git a/tests/gpgscm/lib.scm b/tests/gpgscm/lib.scm
index 6959aa4..2cfe725 100644
--- a/tests/gpgscm/lib.scm
+++ b/tests/gpgscm/lib.scm
@@ -20,7 +20,7 @@
(macro (assert form)
(let ((tag (get-tag form)))
`(if (not ,(cadr form))
- (throw ,(if (pair? tag)
+ (throw ,(if (and (pair? tag) (string? (car tag)) (number? (cdr tag)))
`(string-append ,(car tag) ":"
,(number->string (+ 1 (cdr tag)))
": Assertion failed: ")
diff --git a/tests/gpgscm/main.c b/tests/gpgscm/main.c
index c96dcf1..3191e05 100644
--- a/tests/gpgscm/main.c
+++ b/tests/gpgscm/main.c
@@ -88,7 +88,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
}
}
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
diff --git a/tests/gpgscm/scheme-private.h b/tests/gpgscm/scheme-private.h
index aba2319..abd89e8 100644
--- a/tests/gpgscm/scheme-private.h
+++ b/tests/gpgscm/scheme-private.h
@@ -27,10 +27,6 @@ typedef struct port {
struct {
FILE *file;
int closeit;
-#if SHOW_ERROR_LINE
- pointer curr_line;
- pointer filename;
-#endif
} stdio;
struct {
char *start;
@@ -38,6 +34,10 @@ typedef struct port {
char *curr;
} string;
} rep;
+#if SHOW_ERROR_LINE
+ pointer curr_line;
+ pointer filename;
+#endif
} port;
/* cell structure */
@@ -56,6 +56,10 @@ struct cell {
struct cell *_cdr;
} _cons;
struct {
+ size_t _length;
+ pointer _elements[0];
+ } _vector;
+ struct {
char *_data;
const foreign_object_vtable *_vtable;
} _foreign_object;
diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
index c4725db..b2ff721 100644
--- a/tests/gpgscm/scheme.c
+++ b/tests/gpgscm/scheme.c
@@ -111,27 +111,43 @@ static const char *strlwr(char *s) {
# define FIRST_CELLSEGS 3
#endif
+
+
+/* Support for immediate values.
+ *
+ * Immediate values are tagged with IMMEDIATE_TAG, which is neither
+ * used in types, nor in pointer values.
+ *
+ * XXX: Currently, we only use this to tag pointers in vectors. */
+#define IMMEDIATE_TAG 1
+#define is_immediate(p) ((pointer) ((uintptr_t) (p) & IMMEDIATE_TAG))
+#define set_immediate(p) ((pointer) ((uintptr_t) (p) | IMMEDIATE_TAG))
+#define clr_immediate(p) ((pointer) ((uintptr_t) (p) & ~IMMEDIATE_TAG))
+
+
+
enum scheme_types {
- T_STRING=1,
- T_NUMBER=2,
- T_SYMBOL=3,
- T_PROC=4,
- T_PAIR=5,
- T_CLOSURE=6,
- T_CONTINUATION=7,
- T_FOREIGN=8,
- T_CHARACTER=9,
- T_PORT=10,
- T_VECTOR=11,
- T_MACRO=12,
- T_PROMISE=13,
- T_ENVIRONMENT=14,
- T_FOREIGN_OBJECT=15,
- T_BOOLEAN=16,
- T_NIL=17,
- T_EOF_OBJ=18,
- T_SINK=19,
- T_LAST_SYSTEM_TYPE=19
+ T_STRING=1 << 1, /* Do not use the lsb, it is used for
+ * immediate values. */
+ T_NUMBER=2 << 1,
+ T_SYMBOL=3 << 1,
+ T_PROC=4 << 1,
+ T_PAIR=5 << 1,
+ T_CLOSURE=6 << 1,
+ T_CONTINUATION=7 << 1,
+ T_FOREIGN=8 << 1,
+ T_CHARACTER=9 << 1,
+ T_PORT=10 << 1,
+ T_VECTOR=11 << 1,
+ T_MACRO=12 << 1,
+ T_PROMISE=13 << 1,
+ T_ENVIRONMENT=14 << 1,
+ T_FOREIGN_OBJECT=15 << 1,
+ T_BOOLEAN=16 << 1,
+ T_NIL=17 << 1,
+ T_EOF_OBJ=18 << 1,
+ T_SINK=19 << 1,
+ T_LAST_SYSTEM_TYPE=19 << 1
};
static const char *
@@ -163,9 +179,9 @@ type_to_string (enum scheme_types typ)
}
/* ADJ is enough slack to align cells in a TYPE_BITS-bit boundary */
-#define ADJ 32
-#define TYPE_BITS 5
-#define T_MASKTYPE 31 /* 0000000000011111 */
+#define TYPE_BITS 6
+#define ADJ (1 << TYPE_BITS)
+#define T_MASKTYPE (ADJ - 1)
#define T_TAGGED 1024 /* 0000010000000000 */
#define T_FINALIZE 2048 /* 0000100000000000 */
#define T_SYNTAX 4096 /* 0001000000000000 */
@@ -210,6 +226,11 @@ INTERFACE INLINE int is_string(pointer p) { return (type(p)==T_STRING); }
INTERFACE static int is_list(scheme *sc, pointer p);
INTERFACE INLINE int is_vector(pointer p) { return (type(p)==T_VECTOR); }
+/* Given a vector, return it's length. */
+#define vector_length(v) (v)->_object._vector._length
+/* Given a vector length, compute the amount of cells required to
+ * represent it. */
+#define vector_size(len) (1 + ((len) - 1 + 2) / 3)
INTERFACE static void fill_vector(pointer vec, pointer obj);
INTERFACE static pointer vector_elem(pointer vec, int ielem);
INTERFACE static pointer set_vector_elem(pointer vec, int ielem, pointer a);
@@ -793,7 +814,7 @@ _gc_disable(struct scheme *sc, size_t reserve, int lineno)
if (sc->inhibit_gc == 0) {
reserve_cells(sc, (reserve));
sc->reserved_cells = (reserve);
-#ifndef NDEBUG
+#ifdef NDEBUG
(void) lineno;
#else
sc->reserved_lineno = lineno;
@@ -1018,42 +1039,17 @@ static pointer get_cell(scheme *sc, pointer a, pointer b)
static pointer get_vector_object(scheme *sc, int len, pointer init)
{
- pointer cells = get_consecutive_cells(sc,len/2+len%2+1);
+ pointer cells = get_consecutive_cells(sc, vector_size(len));
if(sc->no_memory) { return sc->sink; }
/* Record it as a vector so that gc understands it. */
- typeflag(cells) = (T_VECTOR | T_ATOM);
- ivalue_unchecked(cells)=len;
- set_num_integer(cells);
+ typeflag(cells) = (T_VECTOR | T_ATOM | T_FINALIZE);
+ vector_length(cells) = len;
fill_vector(cells,init);
if (gc_enabled (sc))
push_recent_alloc(sc, cells, sc->NIL);
return cells;
}
-#if defined TSGRIND
-static void check_cell_alloced(pointer p, int expect_alloced)
-{
- /* Can't use putstr(sc,str) because callers have no access to
- sc. */
- if(typeflag(p) & !expect_alloced)
- {
- fprintf(stderr,"Cell is already allocated!\n");
- }
- if(!(typeflag(p)) & expect_alloced)
- {
- fprintf(stderr,"Cell is not allocated!\n");
- }
-
-}
-static void check_range_alloced(pointer p, int n, int expect_alloced)
-{
- int i;
- for(i = 0;i<n;i++)
- { (void)check_cell_alloced(p+i,expect_alloced); }
-}
-
-#endif
-
/* Medium level cell allocation */
/* get new cons cell */
@@ -1077,11 +1073,19 @@ static int hash_fn(const char *key, int table_size);
static pointer oblist_initial_value(scheme *sc)
{
- return mk_vector(sc, 461); /* probably should be bigger */
+ /* There are about 768 symbols used after loading the
+ * interpreter. */
+ return mk_vector(sc, 1009);
}
-/* returns the new symbol */
-static pointer oblist_add_by_name(scheme *sc, const char *name)
+/* Add a new symbol NAME at SLOT. SLOT must be obtained using
+ * oblist_find_by_name, and no insertion must be done between
+ * obtaining the SLOT and calling this function. Returns the new
+ * symbol.
+ *
+ * If SLOT is NULL, the new symbol is be placed at the appropriate
+ * place in the vector. */
+static pointer oblist_add_by_name(scheme *sc, const char *name, pointer *slot)
{
#define oblist_add_by_name_allocates 3
pointer x;
@@ -1092,26 +1096,42 @@ static pointer oblist_add_by_name(scheme *sc, const char *name)
typeflag(x) = T_SYMBOL;
setimmutable(car(x));
- location = hash_fn(name, ivalue_unchecked(sc->oblist));
- set_vector_elem(sc->oblist, location,
- immutable_cons(sc, x, vector_elem(sc->oblist, location)));
+ if (slot == NULL) {
+ location = hash_fn(name, vector_length(sc->oblist));
+ set_vector_elem(sc->oblist, location,
+ immutable_cons(sc, x, vector_elem(sc->oblist, location)));
+ } else {
+ *slot = immutable_cons(sc, x, *slot);
+ }
+
gc_enable(sc);
return x;
}
-static INLINE pointer oblist_find_by_name(scheme *sc, const char *name)
+/* Lookup the symbol NAME. Returns the symbol, or NIL if it does not
+ * exist. In that case, SLOT points to the point where the new symbol
+ * is to be inserted.
+ *
+ * SLOT may be set to NULL if the new symbol should be placed at the
+ * appropriate place in the vector. */
+static INLINE pointer
+oblist_find_by_name(scheme *sc, const char *name, pointer **slot)
{
int location;
pointer x;
char *s;
+ int d;
- location = hash_fn(name, ivalue_unchecked(sc->oblist));
- for (x = vector_elem(sc->oblist, location); x != sc->NIL; x = cdr(x)) {
+ location = hash_fn(name, vector_length(sc->oblist));
+ for (*slot = NULL, x = vector_elem(sc->oblist, location);
+ x != sc->NIL; *slot = &cdr(x), x = **slot) {
s = symname(car(x));
/* case-insensitive, per R5RS section 2. */
- if(stricmp(name, s) == 0) {
- return car(x);
- }
+ d = stricmp(name, s);
+ if (d == 0)
+ return car(x); /* Hit. */
+ else if (d > 0)
+ break; /* Miss. */
}
return sc->NIL;
}
@@ -1122,7 +1142,7 @@ static pointer oblist_all_symbols(scheme *sc)
pointer x;
pointer ob_list = sc->NIL;
- for (i = 0; i < ivalue_unchecked(sc->oblist); i++) {
+ for (i = 0; i < vector_length(sc->oblist); i++) {
for (x = vector_elem(sc->oblist, i); x != sc->NIL; x = cdr(x)) {
ob_list = cons(sc, x, ob_list);
}
@@ -1137,30 +1157,41 @@ static pointer oblist_initial_value(scheme *sc)
return sc->NIL;
}
-static INLINE pointer oblist_find_by_name(scheme *sc, const char *name)
+/* Lookup the symbol NAME. Returns the symbol, or NIL if it does not
+ * exist. In that case, SLOT points to the point where the new symbol
+ * is to be inserted. */
+static INLINE pointer
+oblist_find_by_name(scheme *sc, const char *name, pointer **slot)
{
pointer x;
char *s;
+ int d;
- for (x = sc->oblist; x != sc->NIL; x = cdr(x)) {
+ for (*slot = &sc->oblist, x = **slot; x != sc->NIL; *slot = &cdr(x), x = **slot) {
s = symname(car(x));
/* case-insensitive, per R5RS section 2. */
- if(stricmp(name, s) == 0) {
- return car(x);
- }
+ d = stricmp(name, s);
+ if (d == 0)
+ return car(x); /* Hit. */
+ else if (d > 0)
+ break; /* Miss. */
}
return sc->NIL;
}
-/* returns the new symbol */
-static pointer oblist_add_by_name(scheme *sc, const char *name)
+/* Add a new symbol NAME at SLOT. SLOT must be obtained using
+ * oblist_find_by_name, and no insertion must be done between
+ * obtaining the SLOT and calling this function. Returns the new
+ * symbol. */
+static pointer oblist_add_by_name(scheme *sc, const char *name, pointer *slot)
{
+#define oblist_add_by_name_allocates 3
pointer x;
x = immutable_cons(sc, mk_string(sc, name), sc->NIL);
typeflag(x) = T_SYMBOL;
setimmutable(car(x));
- sc->oblist = immutable_cons(sc, x, sc->oblist);
+ *slot = immutable_cons(sc, x, *slot);
return x;
}
static pointer oblist_all_symbols(scheme *sc)
@@ -1323,63 +1354,57 @@ INTERFACE static pointer mk_vector(scheme *sc, int len)
{ return get_vector_object(sc,len,sc->NIL); }
INTERFACE static void fill_vector(pointer vec, pointer obj) {
- int i;
- int n = ivalue(vec)/2+ivalue(vec)%2;
- for(i=0; i < n; i++) {
- typeflag(vec+1+i) = T_PAIR;
- setimmutable(vec+1+i);
- car(vec+1+i)=obj;
- cdr(vec+1+i)=obj;
+ size_t i;
+ assert (is_vector (vec));
+ for(i = 0; i < vector_length(vec); i++) {
+ vec->_object._vector._elements[i] = set_immediate(obj);
}
}
INTERFACE static pointer vector_elem(pointer vec, int ielem) {
- int n=ielem/2;
- if(ielem%2==0) {
- return car(vec+1+n);
- } else {
- return cdr(vec+1+n);
- }
+ assert (is_vector (vec));
+ assert (ielem < vector_length(vec));
+ return clr_immediate(vec->_object._vector._elements[ielem]);
}
INTERFACE static pointer set_vector_elem(pointer vec, int ielem, pointer a) {
- int n=ielem/2;
- if(ielem%2==0) {
- return car(vec+1+n)=a;
- } else {
- return cdr(vec+1+n)=a;
- }
+ assert (is_vector (vec));
+ assert (ielem < vector_length(vec));
+ vec->_object._vector._elements[ielem] = set_immediate(a);
+ return a;
}
/* get new symbol */
INTERFACE pointer mk_symbol(scheme *sc, const char *name) {
#define mk_symbol_allocates oblist_add_by_name_allocates
pointer x;
+ pointer *slot;
/* first check oblist */
- x = oblist_find_by_name(sc, name);
+ x = oblist_find_by_name(sc, name, &slot);
if (x != sc->NIL) {
return (x);
} else {
- x = oblist_add_by_name(sc, name);
+ x = oblist_add_by_name(sc, name, slot);
return (x);
}
}
INTERFACE pointer gensym(scheme *sc) {
pointer x;
+ pointer *slot;
char name[40];
for(; sc->gensym_cnt<LONG_MAX; sc->gensym_cnt++) {
snprintf(name,40,"gensym-%ld",sc->gensym_cnt);
/* first check oblist */
- x = oblist_find_by_name(sc, name);
+ x = oblist_find_by_name(sc, name, &slot);
if (x != sc->NIL) {
continue;
} else {
- x = oblist_add_by_name(sc, name);
+ x = oblist_add_by_name(sc, name, slot);
return (x);
}
}
@@ -1546,19 +1571,15 @@ static void mark(pointer a) {
E2: setmark(p);
if(is_vector(p)) {
int i;
- int n = ivalue_unchecked(p)/2+ivalue_unchecked(p)%2;
- for(i=0; i < n; i++) {
- /* Vector cells will be treated like ordinary cells */
- mark(p+1+i);
+ for (i = 0; i < vector_length(p); i++) {
+ mark(clr_immediate(p->_object._vector._elements[i]));
}
}
#if SHOW_ERROR_LINE
else if (is_port(p)) {
port *pt = p->_object._port;
- if (pt->kind & port_file) {
- mark(pt->rep.stdio.curr_line);
- mark(pt->rep.stdio.filename);
- }
+ mark(pt->curr_line);
+ mark(pt->filename);
}
#endif
/* Mark tag if p has one. */
@@ -1627,11 +1648,8 @@ static void gc(scheme *sc, pointer a, pointer b) {
mark(sc->outport);
mark(sc->loadport);
for (i = 0; i <= sc->file_i; i++) {
- if (! (sc->load_stack[i].kind & port_file))
- continue;
-
- mark(sc->load_stack[i].rep.stdio.filename);
- mark(sc->load_stack[i].rep.stdio.curr_line);
+ mark(sc->load_stack[i].filename);
+ mark(sc->load_stack[i].curr_line);
}
/* Mark recent objects the interpreter doesn't know about yet. */
@@ -1655,6 +1673,8 @@ static void gc(scheme *sc, pointer a, pointer b) {
for (i = sc->last_cell_seg; i >= 0; i--) {
p = sc->cell_seg[i] + CELL_SEGSIZE;
while (--p >= sc->cell_seg[i]) {
+ if (typeflag(p) & IMMEDIATE_TAG)
+ continue;
if (is_mark(p)) {
clrmark(p);
} else {
@@ -1691,6 +1711,16 @@ static void finalize_cell(scheme *sc, pointer a) {
sc->free(a->_object._port);
} else if(is_foreign_object(a)) {
a->_object._foreign_object._vtable->finalize(sc, a->_object._foreign_object._data);
+ } else if (is_vector(a)) {
+ int i;
+ for (i = vector_size(vector_length(a)) - 1; i > 0; i--) {
+ pointer p = a + i;
+ typeflag(p) = 0;
+ car(p) = sc->NIL;
+ cdr(p) = sc->free_cell;
+ sc->free_cell = p;
+ sc->fcells += 1;
+ }
}
}
@@ -1698,25 +1728,44 @@ static void finalize_cell(scheme *sc, pointer a) {
static void
port_clear_location (scheme *sc, port *p)
{
- assert(p->kind & port_file);
- p->rep.stdio.curr_line = sc->NIL;
- p->rep.stdio.filename = sc->NIL;
+ p->curr_line = sc->NIL;
+ p->filename = sc->NIL;
+}
+
+static void
+port_increment_current_line (scheme *sc, port *p, long delta)
+{
+ if (delta == 0)
+ return;
+
+ p->curr_line =
+ mk_integer(sc, ivalue_unchecked(p->curr_line) + delta);
+}
+
+static void
+port_init_location (scheme *sc, port *p, pointer name)
+{
+ p->curr_line = mk_integer(sc, 0);
+ p->filename = name ? name : mk_string(sc, "<unknown>");
}
+#else
+
static void
-port_reset_current_line (scheme *sc, port *p)
+port_clear_location (scheme *sc, port *p)
{
- assert(p->kind & port_file);
- p->rep.stdio.curr_line = mk_integer(sc, 0);
}
static void
port_increment_current_line (scheme *sc, port *p, long delta)
{
- assert(p->kind & port_file);
- p->rep.stdio.curr_line =
- mk_integer(sc, ivalue_unchecked(p->rep.stdio.curr_line) + delta);
}
+
+static void
+port_init_location (scheme *sc, port *p, pointer name)
+{
+}
+
#endif
/* ========== Routines for Reading ========== */
@@ -1734,11 +1783,7 @@ static int file_push(scheme *sc, pointer fname) {
sc->load_stack[sc->file_i].rep.stdio.closeit=1;
sc->nesting_stack[sc->file_i]=0;
sc->loadport->_object._port=sc->load_stack+sc->file_i;
-
-#if SHOW_ERROR_LINE
- port_reset_current_line(sc, &sc->load_stack[sc->file_i]);
- sc->load_stack[sc->file_i].rep.stdio.filename = fname;
-#endif
+ port_init_location(sc, &sc->load_stack[sc->file_i], fname);
}
return fin!=0;
}
@@ -1747,10 +1792,7 @@ static void file_pop(scheme *sc) {
if(sc->file_i != 0) {
sc->nesting=sc->nesting_stack[sc->file_i];
port_close(sc,sc->loadport,port_input);
-#if SHOW_ERROR_LINE
- if (sc->load_stack[sc->file_i].kind & port_file)
- port_clear_location(sc, &sc->load_stack[sc->file_i]);
-#endif
+ port_clear_location(sc, &sc->load_stack[sc->file_i]);
sc->file_i--;
sc->loadport->_object._port=sc->load_stack+sc->file_i;
}
@@ -1778,15 +1820,7 @@ static port *port_rep_from_filename(scheme *sc, const char *fn, int prop) {
}
pt=port_rep_from_file(sc,f,prop);
pt->rep.stdio.closeit=1;
-
-#if SHOW_ERROR_LINE
- if (fn)
- pt->rep.stdio.filename = mk_string(sc, fn);
- else
- pt->rep.stdio.filename = mk_string(sc, "<unknown>");
-
- port_reset_current_line(sc, pt);
-#endif
+ port_init_location(sc, pt, mk_string(sc, fn));
return pt;
}
@@ -1810,10 +1844,7 @@ static port *port_rep_from_file(scheme *sc, FILE *f, int prop)
pt->kind = port_file | prop;
pt->rep.stdio.file = f;
pt->rep.stdio.closeit = 0;
-#if SHOW_ERROR_LINE
- pt->rep.stdio.filename = mk_string(sc, "<unknown>");
- port_reset_current_line(sc, pt);
-#endif
+ port_init_location(sc, pt, NULL);
return pt;
}
@@ -1836,6 +1867,7 @@ static port *port_rep_from_string(scheme *sc, char *start, char *past_the_end, i
pt->rep.string.start=start;
pt->rep.string.curr=start;
pt->rep.string.past_the_end=past_the_end;
+ port_init_location(sc, pt, NULL);
return pt;
}
@@ -1867,6 +1899,7 @@ static port *port_rep_from_scratch(scheme *sc) {
pt->rep.string.start=start;
pt->rep.string.curr=start;
pt->rep.string.past_the_end=start+BLOCK_SIZE-1;
+ port_init_location(sc, pt, NULL);
return pt;
}
@@ -1883,13 +1916,9 @@ static void port_close(scheme *sc, pointer p, int flag) {
port *pt=p->_object._port;
pt->kind&=~flag;
if((pt->kind & (port_input|port_output))==0) {
+ /* Cleanup is here so (close-*-port) functions could work too */
+ port_clear_location(sc, pt);
if(pt->kind&port_file) {
-
-#if SHOW_ERROR_LINE
- /* Cleanup is here so (close-*-port) functions could work too */
- port_clear_location(sc, pt);
-#endif
-
fclose(pt->rep.stdio.file);
}
pt->kind=port_free;
@@ -2164,14 +2193,8 @@ static INLINE int skipspace(scheme *sc) {
#endif
} while (isspace(c));
-/* record it */
-#if SHOW_ERROR_LINE
- {
- port *p = &sc->load_stack[sc->file_i];
- if (p->kind & port_file)
- port_increment_current_line(sc, p, curr_line);
- }
-#endif
+ /* record it */
+ port_increment_current_line(sc, &sc->load_stack[sc->file_i], curr_line);
if(c!=EOF) {
backchar(sc,c);
@@ -2208,10 +2231,8 @@ static int token(scheme *sc) {
while ((c=inchar(sc)) != '\n' && c!=EOF)
;
-#if SHOW_ERROR_LINE
- if(c == '\n' && sc->load_stack[sc->file_i].kind & port_file)
+ if(c == '\n')
port_increment_current_line(sc, &sc->load_stack[sc->file_i], 1);
-#endif
if(c == EOF)
{ return (TOK_EOF); }
@@ -2236,10 +2257,8 @@ static int token(scheme *sc) {
while ((c=inchar(sc)) != '\n' && c!=EOF)
;
-#if SHOW_ERROR_LINE
- if(c == '\n' && sc->load_stack[sc->file_i].kind & port_file)
+ if(c == '\n')
port_increment_current_line(sc, &sc->load_stack[sc->file_i], 1);
-#endif
if(c == EOF)
{ return (TOK_EOF); }
@@ -2579,6 +2598,22 @@ static int hash_fn(const char *key, int table_size)
}
#endif
+/* Compares A and B. Returns an integer less than, equal to, or
+ * greater than zero if A is stored at a memory location that is
+ * numerical less than, equal to, or greater than that of B. */
+static int
+pointercmp(pointer a, pointer b)
+{
+ uintptr_t a_n = (uintptr_t) a;
+ uintptr_t b_n = (uintptr_t) b;
+
+ if (a_n < b_n)
+ return -1;
+ if (a_n > b_n)
+ return 1;
+ return 0;
+}
+
#ifndef USE_ALIST_ENV
/*
@@ -2593,9 +2628,9 @@ static void new_frame_in_env(scheme *sc, pointer old_env)
{
pointer new_frame;
- /* The interaction-environment has about 300 variables in it. */
+ /* The interaction-environment has about 480 variables in it. */
if (old_env == sc->NIL) {
- new_frame = mk_vector(sc, 461);
+ new_frame = mk_vector(sc, 751);
} else {
new_frame = sc->NIL;
}
@@ -2606,53 +2641,75 @@ static void new_frame_in_env(scheme *sc, pointer old_env)
setenvironment(sc->envir);
}
+/* Insert (VARIABLE, VALUE) at SSLOT. SSLOT must be obtained using
+ * find_slot_spec_in_env, and no insertion must be done between
+ * obtaining SSLOT and the call to this function.
+ *
+ * If SSLOT is NULL, the new slot is put into the appropriate place in
+ * the environment vector. */
static INLINE void new_slot_spec_in_env(scheme *sc, pointer env,
- pointer variable, pointer value)
+ pointer variable, pointer value,
+ pointer *sslot)
{
#define new_slot_spec_in_env_allocates 2
pointer slot;
gc_disable(sc, gc_reservations (new_slot_spec_in_env));
slot = immutable_cons(sc, variable, value);
- if (is_vector(car(env))) {
- int location = hash_fn(symname(variable), ivalue_unchecked(car(env)));
+ if (sslot == NULL) {
+ int location;
+ assert(is_vector(car(env)));
+ location = hash_fn(symname(variable), vector_length(car(env)));
set_vector_elem(car(env), location,
immutable_cons(sc, slot, vector_elem(car(env), location)));
} else {
- car(env) = immutable_cons(sc, slot, car(env));
+ *sslot = immutable_cons(sc, slot, *sslot);
}
gc_enable(sc);
}
-static pointer find_slot_in_env(scheme *sc, pointer env, pointer hdl, int all)
+/* Find the slot in ENV under the key HDL. If ALL is given, look in
+ * all environments enclosing ENV. If the lookup fails, and SSLOT is
+ * given, the position where the new slot has to be inserted is stored
+ * at SSLOT.
+ *
+ * SSLOT may be set to NULL if the new symbol should be placed at the
+ * appropriate place in the vector. */
+static pointer
+find_slot_spec_in_env(scheme *sc, pointer env, pointer hdl, int all, pointer **sslot)
{
pointer x,y;
int location;
+ pointer *sl;
+ int d;
+ assert(is_symbol(hdl));
for (x = env; x != sc->NIL; x = cdr(x)) {
if (is_vector(car(x))) {
- location = hash_fn(symname(hdl), ivalue_unchecked(car(x)));
+ location = hash_fn(symname(hdl), vector_length(car(x)));
+ sl = NULL;
y = vector_elem(car(x), location);
} else {
- y = car(x);
+ sl = &car(x);
+ y = *sl;
}
- for ( ; y != sc->NIL; y = cdr(y)) {
- if (caar(y) == hdl) {
- break;
- }
- }
- if (y != sc->NIL) {
- break;
- }
- if(!all) {
- return sc->NIL;
- }
- }
- if (x != sc->NIL) {
- return car(y);
+ for ( ; y != sc->NIL; sl = &cdr(y), y = *sl) {
+ d = pointercmp(caar(y), hdl);
+ if (d == 0)
+ return car(y); /* Hit. */
+ else if (d > 0)
+ break; /* Miss. */
}
- return sc->NIL;
+
+ if (x == env && sslot)
+ *sslot = sl; /* Insert here. */
+
+ if (!all)
+ return sc->NIL; /* Miss, and stop looking. */
+ }
+
+ return sc->NIL; /* Not found in any environment. */
}
#else /* USE_ALIST_ENV */
@@ -2663,40 +2720,66 @@ static INLINE void new_frame_in_env(scheme *sc, pointer old_env)
setenvironment(sc->envir);
}
+/* Insert (VARIABLE, VALUE) at SSLOT. SSLOT must be obtained using
+ * find_slot_spec_in_env, and no insertion must be done between
+ * obtaining SSLOT and the call to this function. */
static INLINE void new_slot_spec_in_env(scheme *sc, pointer env,
- pointer variable, pointer value)
+ pointer variable, pointer value,
+ pointer *sslot)
{
- car(env) = immutable_cons(sc, immutable_cons(sc, variable, value), car(env));
+#define new_slot_spec_in_env_allocates 2
+ (void) env;
+ assert(is_symbol(variable));
+ *sslot = immutable_cons(sc, immutable_cons(sc, variable, value), *sslot);
}
-static pointer find_slot_in_env(scheme *sc, pointer env, pointer hdl, int all)
+/* Find the slot in ENV under the key HDL. If ALL is given, look in
+ * all environments enclosing ENV. If the lookup fails, and SSLOT is
+ * given, the position where the new slot has to be inserted is stored
+ * at SSLOT. */
+static pointer
+find_slot_spec_in_env(scheme *sc, pointer env, pointer hdl, int all, pointer **sslot)
{
pointer x,y;
+ pointer *sl;
+ int d;
+ assert(is_symbol(hdl));
+
for (x = env; x != sc->NIL; x = cdr(x)) {
- for (y = car(x); y != sc->NIL; y = cdr(y)) {
- if (caar(y) == hdl) {
- break;
- }
- }
- if (y != sc->NIL) {
- break;
- }
- if(!all) {
- return sc->NIL;
- }
- }
- if (x != sc->NIL) {
- return car(y);
+ for (sl = &car(x), y = *sl; y != sc->NIL; sl = &cdr(y), y = *sl) {
+ d = pointercmp(caar(y), hdl);
+ if (d == 0)
+ return car(y); /* Hit. */
+ else if (d > 0)
+ break; /* Miss. */
+ }
+
+ if (x == env && sslot)
+ *sslot = sl; /* Insert here. */
+
+ if (!all)
+ return sc->NIL; /* Miss, and stop looking. */
}
- return sc->NIL;
+
+ return sc->NIL; /* Not found in any environment. */
}
#endif /* USE_ALIST_ENV else */
+static pointer find_slot_in_env(scheme *sc, pointer env, pointer hdl, int all)
+{
+ return find_slot_spec_in_env(sc, env, hdl, all, NULL);
+}
+
static INLINE void new_slot_in_env(scheme *sc, pointer variable, pointer value)
{
#define new_slot_in_env_allocates new_slot_spec_in_env_allocates
- new_slot_spec_in_env(sc, sc->envir, variable, value);
+ pointer slot;
+ pointer *sslot;
+ assert(is_symbol(variable));
+ slot = find_slot_spec_in_env(sc, sc->envir, variable, 0, &sslot);
+ assert(slot == sc->NIL);
+ new_slot_spec_in_env(sc, sc->envir, variable, value, sslot);
}
static INLINE void set_slot_in_env(scheme *sc, pointer slot, pointer value)
@@ -2729,8 +2812,8 @@ static pointer _Error_1(scheme *sc, const char *s, pointer a) {
#if SHOW_ERROR_LINE
/* make sure error is not in REPL */
- if (sc->load_stack[sc->file_i].kind & port_file &&
- sc->load_stack[sc->file_i].rep.stdio.file != stdin) {
+ if (((sc->load_stack[sc->file_i].kind & port_file) == 0
+ || sc->load_stack[sc->file_i].rep.stdio.file != stdin)) {
pointer tag;
const char *fname;
int ln;
@@ -2741,8 +2824,8 @@ static pointer _Error_1(scheme *sc, const char *s, pointer a) {
fname = string_value(car(tag));
ln = ivalue_unchecked(cdr(tag));
} else {
- fname = string_value(sc->load_stack[sc->file_i].rep.stdio.filename);
- ln = ivalue_unchecked(sc->load_stack[sc->file_i].rep.stdio.curr_line);
+ fname = string_value(sc->load_stack[sc->file_i].filename);
+ ln = ivalue_unchecked(sc->load_stack[sc->file_i].curr_line);
}
/* should never happen */
@@ -3452,15 +3535,16 @@ static pointer opexe_0(scheme *sc, enum scheme_opcodes op) {
s_save(sc,OP_DEF1, sc->NIL, x);
s_thread_to(sc,OP_EVAL);
- CASE(OP_DEF1): /* define */
- x=find_slot_in_env(sc,sc->envir,sc->code,0);
+ CASE(OP_DEF1): { /* define */
+ pointer *sslot;
+ x = find_slot_spec_in_env(sc, sc->envir, sc->code, 0, &sslot);
if (x != sc->NIL) {
set_slot_in_env(sc, x, sc->value);
} else {
- new_slot_in_env(sc, sc->code, sc->value);
+ new_slot_spec_in_env(sc, sc->envir, sc->code, sc->value, sslot);
}
s_return(sc,sc->code);
-
+ }
CASE(OP_DEFP): /* defined? */
x=sc->envir;
@@ -3772,15 +3856,17 @@ static pointer opexe_1(scheme *sc, enum scheme_opcodes op) {
s_save(sc,OP_MACRO1, sc->NIL, x);
s_goto(sc,OP_EVAL);
- CASE(OP_MACRO1): /* macro */
+ CASE(OP_MACRO1): { /* macro */
+ pointer *sslot;
typeflag(sc->value) = T_MACRO;
- x = find_slot_in_env(sc, sc->envir, sc->code, 0);
+ x = find_slot_spec_in_env(sc, sc->envir, sc->code, 0, &sslot);
if (x != sc->NIL) {
set_slot_in_env(sc, x, sc->value);
} else {
- new_slot_in_env(sc, sc->code, sc->value);
+ new_slot_spec_in_env(sc, sc->envir, sc->code, sc->value, sslot);
}
s_return(sc,sc->code);
+ }
CASE(OP_CASE0): /* case */
s_save(sc,OP_CASE1, sc->NIL, cdr(sc->code));
@@ -4366,14 +4452,14 @@ static pointer opexe_2(scheme *sc, enum scheme_opcodes op) {
CASE(OP_VECLEN): /* vector-length */
gc_disable(sc, 1);
- s_return_enable_gc(sc, mk_integer(sc, ivalue(car(sc->args))));
+ s_return_enable_gc(sc, mk_integer(sc, vector_length(car(sc->args))));
CASE(OP_VECREF): { /* vector-ref */
int index;
index=ivalue(cadr(sc->args));
- if(index>=ivalue(car(sc->args))) {
+ if(index >= vector_length(car(sc->args))) {
Error_1(sc,"vector-ref: out of bounds:",cadr(sc->args));
}
@@ -4388,7 +4474,7 @@ static pointer opexe_2(scheme *sc, enum scheme_opcodes op) {
}
index=ivalue(cadr(sc->args));
- if(index>=ivalue(car(sc->args))) {
+ if(index >= vector_length(car(sc->args))) {
Error_1(sc,"vector-set!: out of bounds:",cadr(sc->args));
}
@@ -4884,18 +4970,18 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) {
} else if (sc->tok == TOK_DOT) {
Error_0(sc,"syntax error: illegal dot expression");
} else {
+#if USE_TAGS && SHOW_ERROR_LINE
+ pointer filename;
+ pointer lineno;
+#endif
sc->nesting_stack[sc->file_i]++;
#if USE_TAGS && SHOW_ERROR_LINE
- if (sc->load_stack[sc->file_i].kind & port_file) {
- pointer filename =
- sc->load_stack[sc->file_i].rep.stdio.filename;
- pointer lineno =
- sc->load_stack[sc->file_i].rep.stdio.curr_line;
-
- s_save(sc, OP_TAG_VALUE,
- cons(sc, filename, cons(sc, lineno, sc->NIL)),
- sc->NIL);
- }
+ filename = sc->load_stack[sc->file_i].filename;
+ lineno = sc->load_stack[sc->file_i].curr_line;
+
+ s_save(sc, OP_TAG_VALUE,
+ cons(sc, filename, cons(sc, lineno, sc->NIL)),
+ sc->NIL);
#endif
s_save(sc,OP_RDLIST, sc->NIL, sc->NIL);
s_thread_to(sc,OP_RDSEXPR);
@@ -4962,11 +5048,8 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) {
int c = inchar(sc);
if (c != '\n')
backchar(sc,c);
-#if SHOW_ERROR_LINE
- else if (sc->load_stack[sc->file_i].kind & port_file)
- port_increment_current_line(sc,
- &sc->load_stack[sc->file_i], 1);
-#endif
+ else
+ port_increment_current_line(sc, &sc->load_stack[sc->file_i], 1);
sc->nesting_stack[sc->file_i]--;
s_return(sc,reverse_in_place(sc, sc->NIL, sc->args));
} else if (sc->tok == TOK_DOT) {
@@ -5082,7 +5165,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) {
CASE(OP_PVECFROM): {
int i=ivalue_unchecked(cdr(sc->args));
pointer vec=car(sc->args);
- int len=ivalue_unchecked(vec);
+ int len = vector_length(vec);
if(i==len) {
putstr(sc,")");
s_return(sc,sc->T);
@@ -5320,8 +5403,12 @@ static void Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
static void assign_syntax(scheme *sc, char *name) {
pointer x;
+ pointer *slot;
- x = oblist_add_by_name(sc, name);
+ x = oblist_find_by_name(sc, name, &slot);
+ assert (x == sc->NIL);
+
+ x = oblist_add_by_name(sc, name, slot);
typeflag(x) |= T_SYNTAX;
}
@@ -5653,12 +5740,9 @@ void scheme_deinit(scheme *sc) {
}
sc->loadport=sc->NIL;
-#if SHOW_ERROR_LINE
for(i=0; i<=sc->file_i; i++) {
- if (sc->load_stack[i].kind & port_file)
- port_clear_location(sc, &sc->load_stack[i]);
+ port_clear_location(sc, &sc->load_stack[i]);
}
-#endif
sc->gc_verbose=0;
gc(sc,sc->NIL,sc->NIL);
@@ -5688,13 +5772,10 @@ void scheme_load_named_file(scheme *sc, FILE *fin, const char *filename) {
sc->interactive_repl=1;
}
-#if SHOW_ERROR_LINE
- port_reset_current_line(sc, &sc->load_stack[0]);
- if(fin!=stdin && filename)
- sc->load_stack[0].rep.stdio.filename = mk_string(sc, filename);
- else
- sc->load_stack[0].rep.stdio.filename = mk_string(sc, "<unknown>");
-#endif
+ port_init_location(sc, &sc->load_stack[0],
+ (fin != stdin && filename)
+ ? mk_string(sc, filename)
+ : NULL);
sc->inport=sc->loadport;
sc->args = mk_integer(sc,sc->file_i);
@@ -5704,9 +5785,7 @@ void scheme_load_named_file(scheme *sc, FILE *fin, const char *filename) {
sc->retcode=sc->nesting!=0;
}
-#if SHOW_ERROR_LINE
port_clear_location(sc, &sc->load_stack[0]);
-#endif
}
void scheme_load_string(scheme *sc, const char *cmd) {
@@ -5717,6 +5796,7 @@ void scheme_load_string(scheme *sc, const char *cmd) {
sc->load_stack[0].rep.string.start=(char*)cmd; /* This func respects const */
sc->load_stack[0].rep.string.past_the_end=(char*)cmd+strlen(cmd);
sc->load_stack[0].rep.string.curr=(char*)cmd;
+ port_init_location(sc, &sc->load_stack[0], NULL);
sc->loadport=mk_port(sc,sc->load_stack);
sc->retcode=0;
sc->interactive_repl=0;
@@ -5727,16 +5807,18 @@ void scheme_load_string(scheme *sc, const char *cmd) {
if(sc->retcode==0) {
sc->retcode=sc->nesting!=0;
}
+
+ port_clear_location(sc, &sc->load_stack[0]);
}
void scheme_define(scheme *sc, pointer envir, pointer symbol, pointer value) {
pointer x;
-
- x=find_slot_in_env(sc,envir,symbol,0);
+ pointer *sslot;
+ x = find_slot_spec_in_env(sc, envir, symbol, 0, &sslot);
if (x != sc->NIL) {
set_slot_in_env(sc, x, value);
} else {
- new_slot_spec_in_env(sc, envir, symbol, value);
+ new_slot_spec_in_env(sc, envir, symbol, value, sslot);
}
}
diff --git a/tests/gpgscm/time.scm b/tests/gpgscm/time.scm
new file mode 100644
index 0000000..a9b06d0
--- /dev/null
+++ b/tests/gpgscm/time.scm
@@ -0,0 +1,42 @@
+;; Simple time manipulation library.
+;;
+;; Copyright (C) 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+;; This library mimics what GnuPG thinks about expiration times.
+;; Granularity is one second. Its focus is not on correctness.
+
+;; Conversion functions.
+(define (minutes->seconds minutes)
+ (* minutes 60))
+(define (hours->seconds hours)
+ (* hours 60 60))
+(define (days->seconds days)
+ (* days 24 60 60))
+(define (weeks->seconds weeks)
+ (days->seconds (* weeks 7)))
+(define (months->seconds months)
+ (days->seconds (* months 30)))
+(define (years->seconds years)
+ (days->seconds (* years 365)))
+
+(define (time-matches? a b slack)
+ (< (abs (- a b)) slack))
+(assert (time-matches? (hours->seconds 1) (hours->seconds 2) (hours->seconds 2)))
+(assert (time-matches? (hours->seconds 2) (hours->seconds 1) (hours->seconds 2)))
+(assert (not (time-matches? (hours->seconds 4) (hours->seconds 1) (hours->seconds 2))))
+(assert (not (time-matches? (hours->seconds 1) (hours->seconds 4) (hours->seconds 2))))
diff --git a/tests/gpgsm/verify.scm b/tests/gpgsm/verify.scm
index 894c827..28210a9 100644
--- a/tests/gpgsm/verify.scm
+++ b/tests/gpgsm/verify.scm
@@ -54,12 +54,12 @@ MYdRclgjObCcoilA8fZ13VR4DiMJVFCxJL4qVWI=
;;
(info "Checking that a valid signature is verified as such.")
(lettmp (sig body)
- (with-output-to-file sig (lambda () (display test-sig1)))
- (with-output-to-file body (lambda () (display test-text1)))
+ (call-with-binary-output-file sig (lambda (port) (display test-sig1 port)))
+ (call-with-binary-output-file body (lambda (port) (display test-text1 port)))
(call-check `(,@gpgsm --verify ,sig ,body)))
(info "Checking that an invalid signature is verified as such.")
(lettmp (sig body)
- (with-output-to-file sig (lambda () (display test-sig1)))
- (with-output-to-file body (lambda () (display test-text1f)))
+ (call-with-binary-output-file sig (lambda (port) (display test-sig1 port)))
+ (call-with-binary-output-file body (lambda (port) (display test-text1f port)))
(assert (not (zero? (call `(,@gpgsm --verify ,sig ,body))))))
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 05341fb..afac58f 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -92,14 +92,13 @@ XTESTS = \
quick-key-manipulation.scm \
key-selection.scm \
delete-keys.scm \
+ gpgconf.scm \
issue2015.scm \
issue2346.scm \
issue2417.scm \
- issue2419.scm
-
-# Fixme: gpgconf.scm does not yet work with make distcheck.
-# gpgconf.scm
-
+ issue2419.scm \
+ issue2929.scm \
+ issue2941.scm
# XXX: Currently, one cannot override automake's 'check' target. As a
# workaround, we avoid defining 'TESTS', thus automake will not emit
diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
index 1d8173d..a06a570 100644
--- a/tests/openpgp/defs.scm
+++ b/tests/openpgp/defs.scm
@@ -29,7 +29,7 @@
(define usrpass3 "")
(define dsa-usrname1 "pgp5")
-;; we use the sub key because we do not yet have the logic to to derive
+;; we use the sub key because we do not yet have the logic to derive
;; the first encryption key from a keyblock (I guess) (Well of course
;; we have this by now and the notation below will lookup the primary
;; first and then search for the encryption subkey.)
@@ -149,14 +149,33 @@
(define :gc:c:name car)
(define :gc:c:description cadr)
(define :gc:c:pgmname caddr)
+(define (:gc:o:name x) (list-ref x 0))
+(define (:gc:o:flags x) (string->number (list-ref x 1)))
+(define (:gc:o:level x) (string->number (list-ref x 2)))
+(define (:gc:o:description x) (list-ref x 3))
+(define (:gc:o:type x) (string->number (list-ref x 4)))
+(define (:gc:o:alternate-type x) (string->number (list-ref x 5)))
+(define (:gc:o:argument-name x) (list-ref x 6))
+(define (:gc:o:default-value x) (list-ref x 7))
+(define (:gc:o:default-argument x) (list-ref x 8))
+(define (:gc:o:value x) (if (< (length x) 10) "" (list-ref x 9)))
(define (gpg-config component key)
(package
(define (value)
- (assoc key (gpg-conf '--list-options component)))
+ (let* ((conf (assoc key (gpg-conf '--list-options component)))
+ (type (:gc:o:type conf))
+ (value (:gc:o:value conf)))
+ (case type
+ ((0 2 3) (string->number value))
+ ((1 32) (substring value 1 (string-length value))))))
(define (update value)
- (gpg-conf' (string-append key ":0:" (percent-encode value))
- `(--change-options ,component)))
+ (let ((value' (cond
+ ((string? value) (string-append "\"" value))
+ ((number? value) (number->string value))
+ (else (throw "Unsupported value" value)))))
+ (gpg-conf' (string-append key ":0:" (percent-encode value'))
+ `(--change-options ,component))))
(define (clear)
(gpg-conf' (string-append key ":16:")
`(--change-options ,component)))))
diff --git a/tests/openpgp/gpgconf.scm b/tests/openpgp/gpgconf.scm
index b4cc9cb..33d04d8 100644
--- a/tests/openpgp/gpgconf.scm
+++ b/tests/openpgp/gpgconf.scm
@@ -31,21 +31,18 @@
(if value
(begin
(opt::update value)
- (assert (string=? value (list-ref (opt::value) 9))))
+ (assert (equal? value (opt::value))))
(begin
(opt::clear)
- (let ((v (opt::value)))
- (assert (or (< (length v) 10)
- (string=? "" (list-ref v 9))))))))
+ (assert (or (not (opt::value)) (string=? "" (opt::value)))))))
(progress ".")))))
(lambda (name . rest) name)
(list "keyserver" "verbose" "quiet")
(list (gpg-config 'gpg "keyserver")
(gpg-config 'gpg "verbose")
(gpg-config 'gpg "quiet"))
- (list (lambda (i) (if (even? i) "\"hkp://foo.bar" "\"hkps://bar.baz"))
- (lambda (i) (number->string
- ;; gpgconf: argument for option verbose of type 0
- ;; (none) must be positive
- (+ 1 i)))
- (lambda (i) (if (even? i) #f "1"))))
+ (list (lambda (i) (if (even? i) "hkp://foo.bar" "hkps://bar.baz"))
+ ;; gpgconf: argument for option verbose of type 0 (none) must
+ ;; be positive
+ (lambda (i) (+ 1 i))
+ (lambda (i) (if (even? i) #f 1))))
diff --git a/tests/openpgp/issue2929.scm b/tests/openpgp/issue2929.scm
new file mode 100644
index 0000000..121103b
--- /dev/null
+++ b/tests/openpgp/issue2929.scm
@@ -0,0 +1,32 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (with-path "defs.scm"))
+(setup-environment)
+
+(catch (skip "Tofu not supported")
+ (call-check `(,@gpg --trust-model=tofu --list-config)))
+
+;; Redefine GPG without --always-trust and TOFU trust model.
+(define gpg `(,(tool 'gpg) --no-permission-warning --trust-model=tofu))
+
+(info "Checking TOFU trust model with ultimately trusted keys (issue2929).")
+(call-check `(,@gpg --quick-generate-key frob@example.org))
+(call-check `(,@gpg --sign gpg.conf))
+(call-check `(,@gpg --verify gpg.conf.gpg))
diff --git a/tests/openpgp/issue2941.scm b/tests/openpgp/issue2941.scm
new file mode 100755
index 0000000..d7220e0
--- /dev/null
+++ b/tests/openpgp/issue2941.scm
@@ -0,0 +1,34 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (with-path "defs.scm"))
+(setup-legacy-environment)
+
+(define (check-failure options)
+ (let ((command `(,@gpg ,@options)))
+ (catch '()
+ (call-check command)
+ (error "Expected an error, but got none when executing" command))))
+
+(for-each-p
+ "Checking invocation with invalid file descriptors (issue2941)."
+ (lambda (option)
+ (check-failure `(,(string-append "--" option "=23") --sign gpg.conf)))
+ '("status-fd" "attribute-fd" "logger-fd"
+ "override-session-key-fd" "passphrase-fd" "command-fd"))
diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm
index d43f7b5..7ede5e9 100755
--- a/tests/openpgp/quick-key-manipulation.scm
+++ b/tests/openpgp/quick-key-manipulation.scm
@@ -1,6 +1,6 @@
#!/usr/bin/env gpgscm
-;; Copyright (C) 2016 g10 Code GmbH
+;; Copyright (C) 2016-2017 g10 Code GmbH
;;
;; This file is part of GnuPG.
;;
@@ -18,6 +18,7 @@
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (with-path "defs.scm"))
+(load (with-path "time.scm"))
(setup-environment)
;; XXX because of --always-trust, the trustdb is not created.
@@ -91,8 +92,9 @@
;; Make the key expire in one year.
(call-check `(,@gpg --quick-set-expire ,fpr "1y"))
-;; XXX It'd be nice to check that the value is right.
-(assert (not (equal? "" (expiration-time fpr))))
+(assert (time-matches? (+ (get-time) (years->seconds 1))
+ (string->number (expiration-time fpr))
+ (minutes->seconds 5)))
;;
@@ -119,6 +121,10 @@
'(()
(- - -)
(default default never)
+ (rsa "sign auth encr" "seconds=600") ;; GPGME uses this
+ (rsa "auth,encr" "2") ;; "without a letter, days is assumed"
+ (rsa "sign" "2105-01-01") ;; "last year GnuPG can represent is 2105"
+ (rsa "sign" "21050101T115500") ;; "last year GnuPG can represent is 2105"
(rsa sign "2d")
(rsa1024 sign "2w")
(rsa2048 encr "2m")
@@ -134,21 +140,58 @@
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (string-contains? (:cap subkey) "s"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (string-contains? (:cap subkey) "a"))
+ (assert (string-contains? (:cap subkey) "e"))
+ (assert (time-matches? (+ (get-time) 600)
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "a"))
+ (assert (string-contains? (:cap subkey) "e"))
+ (assert (time-matches? (+ (get-time) (days->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "s"))
+ (assert (time-matches? 4260207600 ;; 2105-01-01
+ (string->number (:expire subkey))
+ ;; This is off by 12h, but I guess it just
+ ;; choses the middle of the day.
+ (days->seconds 1))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "s"))
+ (assert (time-matches? 4260254100 ;; UTC 2105-01-01 11:55:00
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "s"))
+ (assert (time-matches? (+ (get-time) (days->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 1024 (:length subkey)))
(assert (string-contains? (:cap subkey) "s"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (time-matches? (+ (get-time) (weeks->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 2048 (:length subkey)))
(assert (string-contains? (:cap subkey) "e"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (time-matches? (+ (get-time) (months->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 4096 (:length subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (string-contains? (:cap subkey) "a"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (time-matches? (+ (get-time) (years->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
#f))
diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README
index 29524d5..6f2399f 100644
--- a/tests/openpgp/samplekeys/README
+++ b/tests/openpgp/samplekeys/README
@@ -17,3 +17,5 @@ E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection)
rsa-rsa-sample-1.asc RSA+RSA sample key (no passphrase)
ed25519-cv25519-sample-1.asc Ed25519+CV25519 sample key (no passphrase)
silent-running.asc Collection of sample secret keys (no passphrases)
+rsa-primary-auth-only.pub.asc rsa2408 primary only, usage: cert,auth
+rsa-primary-auth-only.sec.asc Ditto but the secret keyblock.
diff --git a/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc b/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc
new file mode 100644
index 0000000..f34999e
--- /dev/null
+++ b/tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc
@@ -0,0 +1,23 @@
+pub rsa2048 2017-02-14 [CA]
+ F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
+ Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
+uid [ unknown] ssh://host.example.net
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
+Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
+S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
+ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
+SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
+j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAG0FnNzaDovL2hvc3QuZXhh
+bXBsZS5uZXSJAU4EEwEIADgWIQT3S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIb
+IQULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclV
+tM60+ydPNgUJwyRXpKdLIm/AtM1zOijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv3
+1NNDNMbUuFumApVrLzJUBugFRb+8/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYX
+Zy6uim8E4OlJ41S68fQcMiTxbLTCDkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXf
+dyoiDz9N1V0ERzmGEiPewvHg2zWcVia07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCy
+AyU3X8fL10XKWooCAU+t4hR5hXYxYTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9
+kV8icGkI6KXp
+=zMXp
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc b/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc
new file mode 100644
index 0000000..9d72421
--- /dev/null
+++ b/tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc
@@ -0,0 +1,38 @@
+sec rsa2048 2017-02-14 [CA]
+ F74B4029E6906D12EBDA8EE3BD7744900FDABC8D
+ Keygrip = AB1BB1843677AF7CC4D6C14444320C3FF4147E98
+uid [ unknown] ssh://host.example.net
+
+Passprase: none
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQOYBFiizWgBCACi28riS0AaC7UvXaZfoafEvcXq/MAq6akiowPf3eY4zz5DkBPf
+Ep3kGuDMAFqULvchIt9vpg719Zar/Xldi+UG+/KsDz+TT5k+nP6CwvBHbAXXtISv
+S51TKKnTFpvjcgJc1BMFN0pGf7JnZx1QfRfsZO2BvS4qVzYCWbSS9hlpMq4aIgOc
+ERBMsZYMPnI4ijbXysksecDC91kbJH0q5j8aGir5sDyrDwfVLp0SUAubRFU5gXuZ
+SEv9QmeV7XoXKXzk9KEYy7GUgoAJzabvbF0rVXqd3DE8KFkwK7rKBe8sGC04DWlK
+j/sHJcAfMSqCi/SZyYpO+FSfnB+uJ1BNc05hABEBAAEAB/wN0yan4HIdQ+fU5i2c
+v0uknI9+i9zW8mWUi84Puks0K15CZ1VTLHC8JQ6hgq4twhw3HeS7GkJO3X2K4BuQ
+tggdIv94slqtQKaQ9XbNgYraz/AMXZtIiNy0FdGaGmM6rY+ccwxM9w1BFXn+48v4
+lzCUCq/2wX53wwDSC5dpRPw8km6+uksFh3dfY8kgfpjU/lUCCwQiooYrQhut1EGB
+lDLRHp2ntC1xsnowtdPzluIHFetFSnmn2ehGqXqXtXLAMF0HOirViO5dUVMuj2Pe
+ra3IYVYANYK/7FEsRXHxU6aB/BSnubb5EiqB1Oi1JNyMrvYZnRsoRUaMjVgjA4ne
+RwD5BADBZN2USYGgciDVh7kvTbrtS1igPhoe3xUUQsM0hVIEwBzG4A4pWXznIQyW
+BziVTnRNp953EbHJIYdn7vmJzdiRKI+hOvrF8dfvVsq+fp4pWxrc+zrC6qptpo6H
+IhkHWUpyfIPuTI8d+glIUIuDshwKau0UZ8VDTOYuRYEZX9PrAwQA15RdS3geA1cf
+UK/ZaKs5VnohcLtEE/z3BlvlQaEdHxSQJSLYC4By7zKVOFZlZkHk36IPikwYNTgc
+P57aLe7rwNZqPhADue1ZN6Ypetvrek55lAYL9XoPJ/mWaYz6oDWWW8vHYqEPk8OL
+N8/8a6DhK0iydXi9/ztHQllbOt0EUcsEAJBjX84FgIi3VRotRSEDN/tIhekNo8p6
+Pl8YF4V8A1hCVBEKRIcsPVx603DFiGFRcQQcBbblqVG4fpOYYgiBtEgJksRiMg/o
+kmVkl8BPrIhBGe2ez7byhhFvJDAoOWCdH0MWGaPGUoCGTDvd046GE8B3UWN9TSmo
+qAqfrUG0hQVQLEa0FnNzaDovL2hvc3QuZXhhbXBsZS5uZXSJAU4EEwEIADgWIQT3
+S0Ap5pBtEuvajuO9d0SQD9q8jQUCWKLNaAIbIQULCQgHAgYVCAkKCwIEFgIDAQIe
+AQIXgAAKCRC9d0SQD9q8jZBrB/41MJWUeclVtM60+ydPNgUJwyRXpKdLIm/AtM1z
+OijlFkwsaMmzbFSFJJX98HGASHdU5OpL2Lv31NNDNMbUuFumApVrLzJUBugFRb+8
+/uY7H3Z0/YKQ9g9OC3z7+uqFFv/+/wA+VdYXZy6uim8E4OlJ41S68fQcMiTxbLTC
+DkvBbpf505t6JhNqF6JB+SBFQJXvRqjoydXfdyoiDz9N1V0ERzmGEiPewvHg2zWc
+Via07NGhxN3slQ3klOfYJQ8Ye72feNq1zKCyAyU3X8fL10XKWooCAU+t4hR5hXYx
+YTSZse5q0FHZ38Lt9c3ApMSZ2+ueeOtGbsH9kV8icGkI6KXp
+=3QG9
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/ssh-import.scm b/tests/openpgp/ssh-import.scm
index ad5acc5..7a4364c 100755
--- a/tests/openpgp/ssh-import.scm
+++ b/tests/openpgp/ssh-import.scm
@@ -24,10 +24,35 @@
(call-check `(,(tool 'gpgconf) --null --list-dirs agent-ssh-socket))
#t)
-(define SSH-ADD #f)
+(define path (string-split (getenv "PATH") *pathsep*))
+(define ssh #f)
+(catch (skip "ssh not found") (set! ssh (path-expand "ssh" path)))
+
+(define ssh-add #f)
(catch (skip "ssh-add not found")
- (set! SSH-ADD
- (path-expand "ssh-add" (string-split (getenv "PATH") *pathsep*))))
+ (set! ssh-add (path-expand "ssh-add" path)))
+
+(define ssh-keygen #f)
+(catch (skip "ssh-keygen not found")
+ (set! ssh-keygen (path-expand "ssh-keygen" path)))
+
+(define ssh-version
+ (let ((tmp (:stderr (call-with-io `(,ssh "-V") "")))
+ (prefix "OpenSSH_"))
+ (unless (string-prefix? tmp prefix)
+ (skip "This doesn't look like OpenSSH:" tmp))
+ (string->number (substring tmp (string-length prefix)
+ (+ 3 (string-length prefix))))))
+
+(define (ssh-supports? algorithm)
+ (cond
+ ((equal? algorithm "ed25519")
+ (>= ssh-version 6.5))
+ (else
+ (not (string-contains? (:stderr (call-with-io `(,ssh-keygen
+ -t ,algorithm
+ -b "1009") ""))
+ "unknown key type")))))
(define keys
'(("dsa" "9a:e1:f1:5f:46:ea:a5:06:e1:e2:f8:38:8e:06:54:58")
@@ -48,7 +73,7 @@
(pipe:spawn `(,SSH-ADD -)))
(unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash)
(fail "key not added"))))
- car keys)
+ car (filter (lambda (x) (ssh-supports? (car x))) keys))
(info "Checking for issue2316...")
(unlink (path-join GNUPGHOME "sshcontrol"))
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index ca5786b..f4eab41 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -18,6 +18,7 @@
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (with-path "defs.scm"))
+(load (with-path "time.scm"))
(setup-environment)
(define GPGTIME 1480943782)
@@ -25,8 +26,6 @@
;; Generate a --faked-system-time parameter for a particular offset.
(define (faketime delta)
(string-append "--faked-system-time=" (number->string (+ GPGTIME delta))))
-;; A convenience function for the above.
-(define (days->seconds days) (* days 24 60 60))
;; Redefine GPG without --always-trust and a fixed time.
(define GPG `(,(tool 'gpg) --no-permission-warning ,(faketime 0)))
@@ -34,6 +33,9 @@
(catch (skip "Tofu not supported")
(call-check `(,@GPG --trust-model=tofu --list-config)))
+(let ((trust-model (gpg-config 'gpg "trust-model")))
+ (trust-model::update "tofu"))
+
(define KEYS '("1C005AF3" "BE04EB2B" "B662E42F"))
;; Import the test keys.
@@ -52,7 +54,7 @@
(define (getpolicy keyid . args)
(let ((policy
(list-ref (assoc "tfs" (gpg-with-colons
- `(--trust-model=tofu --with-tofu-info
+ `(--with-tofu-info
,@args
--list-keys ,keyid))) 5)))
(unless (member policy '("auto" "good" "unknown" "bad" "ask"))
@@ -76,8 +78,7 @@
(define (gettrust keyid . args)
(let ((trust
(list-ref (assoc "pub" (gpg-with-colons
- `(--trust-model=tofu
- ,@args
+ `(,@args
--list-keys ,keyid))) 1)))
(unless (and (= 1 (string-length trust))
(member (string-ref trust 0) (string->list "oidreqnmfuws-")))
@@ -97,7 +98,7 @@
;; Set key KEYID's policy to POLICY. Any remaining arguments are
;; passed as options to gpg.
(define (setpolicy keyid policy . args)
- (call-check `(,@GPG --trust-model=tofu ,@args
+ (call-check `(,@GPG ,@args
--tofu-policy ,policy ,keyid)))
(info "Checking tofu policies and trust...")
@@ -107,8 +108,7 @@
;; Verify a message. There should be no conflict and the trust
;; policy should be set to auto.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
(checkpolicy "1C005AF3" "auto")
;; Check default trust.
@@ -162,8 +162,7 @@
;; auto), but not affect 1C005AF3's policy.
(setpolicy "BE04EB2B" "auto")
(checkpolicy "BE04EB2B" "ask")
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/B662E42F-1.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/B662E42F-1.txt")))
(checkpolicy "BE04EB2B" "ask")
(checkpolicy "1C005AF3" "bad")
(checkpolicy "B662E42F" "ask")
@@ -177,8 +176,7 @@
(let*
((tfs (assoc "tfs"
(gpg-with-colons
- `(--trust-model=tofu --with-tofu-info
- ,@args --list-keys ,keyid))))
+ `(--with-tofu-info ,@args --list-keys ,keyid))))
(sigs (string->number (list-ref tfs 3)))
(sig-days (string->number (list-ref tfs 11)))
(encs (string->number (list-ref tfs 4)))
@@ -209,31 +207,26 @@
(check-counts "B662E42F" 0 0 0 0)
;; Verify a message. The signature count should increase by 1.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
(check-counts "1C005AF3" 1 1 0 0)
;; Verify the same message. The signature count should remain the
;; same.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
(check-counts "1C005AF3" 1 1 0 0)
;; Verify another message.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/1C005AF3-2.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/1C005AF3-2.txt")))
(check-counts "1C005AF3" 2 1 0 0)
;; Verify another message.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/1C005AF3-3.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/1C005AF3-3.txt")))
(check-counts "1C005AF3" 3 1 0 0)
;; Verify a message from a different sender. The signature count
;; should increase by 1 for that key.
-(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu/conflicting/BE04EB2B-1.txt")))
+(call-check `(,@GPG --verify ,(in-srcdir "tofu/conflicting/BE04EB2B-1.txt")))
(check-counts "1C005AF3" 3 1 0 0)
(check-counts "BE04EB2B" 1 1 0 0)
(check-counts "B662E42F" 0 0 0 0)
@@ -241,34 +234,34 @@
;; Verify another message on a new day. (Recall: we are interested in
;; when the message was first verified, not when the signer claimed
;; that it was signed.)
-(call-check `(,@GPG --trust-model=tofu ,(faketime (days->seconds 2))
+(call-check `(,@GPG ,(faketime (days->seconds 2))
--verify ,(in-srcdir "tofu/conflicting/1C005AF3-4.txt")))
(check-counts "1C005AF3" 4 2 0 0)
(check-counts "BE04EB2B" 1 1 0 0)
(check-counts "B662E42F" 0 0 0 0)
;; And another.
-(call-check `(,@GPG --trust-model=tofu ,(faketime (days->seconds 2))
+(call-check `(,@GPG ,(faketime (days->seconds 2))
--verify ,(in-srcdir "tofu/conflicting/1C005AF3-5.txt")))
(check-counts "1C005AF3" 5 2 0 0)
(check-counts "BE04EB2B" 1 1 0 0)
(check-counts "B662E42F" 0 0 0 0)
;; Another, but for a different key.
-(call-check `(,@GPG --trust-model=tofu ,(faketime (days->seconds 2))
+(call-check `(,@GPG ,(faketime (days->seconds 2))
--verify ,(in-srcdir "tofu/conflicting/BE04EB2B-2.txt")))
(check-counts "1C005AF3" 5 2 0 0)
(check-counts "BE04EB2B" 2 2 0 0)
(check-counts "B662E42F" 0 0 0 0)
;; And add a third day.
-(call-check `(,@GPG --trust-model=tofu ,(faketime (days->seconds 4))
+(call-check `(,@GPG ,(faketime (days->seconds 4))
--verify ,(in-srcdir "tofu/conflicting/BE04EB2B-3.txt")))
(check-counts "1C005AF3" 5 2 0 0)
(check-counts "BE04EB2B" 3 3 0 0)
(check-counts "B662E42F" 0 0 0 0)
-(call-check `(,@GPG --trust-model=tofu ,(faketime (days->seconds 4))
+(call-check `(,@GPG ,(faketime (days->seconds 4))
--verify ,(in-srcdir "tofu/conflicting/BE04EB2B-4.txt")))
(check-counts "1C005AF3" 5 2 0 0)
(check-counts "BE04EB2B" 4 3 0 0)
@@ -300,7 +293,7 @@
(for-each
(lambda (i)
(let ((fn (in-srcdir DIR (string-append key "-" i ".txt"))))
- (call-check `(,@GPG --trust-model=tofu --verify ,fn))))
+ (call-check `(,@GPG --verify ,fn))))
(list "1" "2")))
(list KEYIDA KEYIDB)))
@@ -392,7 +385,7 @@
(for-each
(lambda (i)
(let ((fn (in-srcdir DIR (string-append key "-" i ".txt"))))
- (call-check `(,@GPG --trust-model=tofu --verify ,fn))))
+ (call-check `(,@GPG --verify ,fn))))
(list "1" "2")))
(list KEYIDA KEYIDB)))
diff --git a/tests/openpgp/verify.scm b/tests/openpgp/verify.scm
index a398a14..d3bd763 100755
--- a/tests/openpgp/verify.scm
+++ b/tests/openpgp/verify.scm
@@ -243,6 +243,9 @@ FWIAQUplk7JWbyRKAJ92ZJyJpWfzb0yc1s7MY65r2qEHrg==
;; An Ed25519 cleartext message with an R parameter of only 247 bits
;; so that the code to re-insert the stripped zero byte kicks in. The
;; S parameter has 253 bits but that does not strip a full byte.
+;;
+;; Note that the message has a typo ("the the"), but this should not
+;; be fixed because it breaks this test.
(define msg_ed25519_rshort "
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c
index a5413cf..59e2192 100644
--- a/tools/gpg-connect-agent.c
+++ b/tools/gpg-connect-agent.c
@@ -187,7 +187,7 @@ static assuan_context_t start_agent (void);
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
@@ -1155,7 +1155,7 @@ main (int argc, char **argv)
int rc;
int cmderr;
const char *opt_run = NULL;
- FILE *script_fp = NULL;
+ gpgrt_stream_t script_fp = NULL;
int use_tty, keep_line;
struct {
int collecting;
@@ -1271,7 +1271,7 @@ main (int argc, char **argv)
"--tcp-socket", "--raw-socket");
}
- if (opt_run && !(script_fp = fopen (opt_run, "r")))
+ if (opt_run && !(script_fp = gpgrt_fopen (opt_run, "r")))
{
log_error ("cannot open run file '%s': %s\n",
opt_run, strerror (errno));
@@ -1425,15 +1425,15 @@ main (int argc, char **argv)
linesize = 0;
keep_line = 1;
}
- n = read_line (script_fp? script_fp:stdin,
- &line, &linesize, &maxlength);
+ n = gpgrt_read_line (script_fp ? script_fp : gpgrt_stdin,
+ &line, &linesize, &maxlength);
}
if (n < 0)
{
log_error (_("error reading input: %s\n"), strerror (errno));
if (script_fp)
{
- fclose (script_fp);
+ gpgrt_fclose (script_fp);
script_fp = NULL;
log_error ("stopping script execution\n");
continue;
@@ -1445,7 +1445,7 @@ main (int argc, char **argv)
/* EOF */
if (script_fp)
{
- fclose (script_fp);
+ gpgrt_fclose (script_fp);
script_fp = NULL;
if (opt.verbose)
log_info ("end of script\n");
@@ -1683,17 +1683,17 @@ main (int argc, char **argv)
log_error ("syntax error in run command\n");
if (script_fp)
{
- fclose (script_fp);
+ gpgrt_fclose (script_fp);
script_fp = NULL;
}
}
else if (script_fp)
{
log_error ("cannot nest run commands - stop\n");
- fclose (script_fp);
+ gpgrt_fclose (script_fp);
script_fp = NULL;
}
- else if (!(script_fp = fopen (p, "r")))
+ else if (!(script_fp = gpgrt_fopen (p, "r")))
{
log_error ("cannot open run file '%s': %s\n",
p, strerror (errno));
@@ -1864,7 +1864,7 @@ main (int argc, char **argv)
if ((rc || cmderr) && script_fp)
{
log_error ("stopping script execution\n");
- fclose (script_fp);
+ gpgrt_fclose (script_fp);
script_fp = NULL;
}
diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index 5814b40..c31e3a1 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -129,7 +129,7 @@ static gpg_error_t command_receive_cb (void *opaque,
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
@@ -373,6 +373,7 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec)
log_error ("error allocating memory buffer: %s\n", gpg_strerror (err));
goto leave;
}
+
/* Prefix the key with the MIME content type. */
es_fputs ("Content-Type: application/pgp-keys\n"
"\n", key);
@@ -437,20 +438,38 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec)
+struct decrypt_stream_parm_s
+{
+ char *fpr;
+ char *mainfpr;
+ int otrust;
+};
+
static void
decrypt_stream_status_cb (void *opaque, const char *keyword, char *args)
{
- (void)opaque;
+ struct decrypt_stream_parm_s *decinfo = opaque;
if (DBG_CRYPTO)
log_debug ("gpg status: %s %s\n", keyword, args);
-}
+ if (!strcmp (keyword, "DECRYPTION_KEY") && !decinfo->fpr)
+ {
+ char *fields[3];
+ if (split_fields (args, fields, DIM (fields)) >= 3)
+ {
+ decinfo->fpr = xstrdup (fields[0]);
+ decinfo->mainfpr = xstrdup (fields[1]);
+ decinfo->otrust = *fields[2];
+ }
+ }
+}
/* Decrypt the INPUT stream to a new stream which is stored at success
* at R_OUTPUT. */
static gpg_error_t
-decrypt_stream (estream_t *r_output, estream_t input)
+decrypt_stream (estream_t *r_output, struct decrypt_stream_parm_s *decinfo,
+ estream_t input)
{
gpg_error_t err;
ccparray_t ccp;
@@ -458,6 +477,7 @@ decrypt_stream (estream_t *r_output, estream_t input)
estream_t output;
*r_output = NULL;
+ memset (decinfo, 0, sizeof *decinfo);
output = es_fopenmem (0, "w+b");
if (!output)
@@ -492,7 +512,9 @@ decrypt_stream (estream_t *r_output, estream_t input)
}
err = gnupg_exec_tool_stream (opt.gpg_program, argv, input,
NULL, output,
- decrypt_stream_status_cb, NULL);
+ decrypt_stream_status_cb, decinfo);
+ if (!err && (!decinfo->fpr || !decinfo->mainfpr || !decinfo->otrust))
+ err = gpg_error (GPG_ERR_INV_ENGINE);
if (err)
{
log_error ("decryption failed: %s\n", gpg_strerror (err));
@@ -506,6 +528,12 @@ decrypt_stream (estream_t *r_output, estream_t input)
output = NULL;
leave:
+ if (err)
+ {
+ xfree (decinfo->fpr);
+ xfree (decinfo->mainfpr);
+ memset (decinfo, 0, sizeof *decinfo);
+ }
es_fclose (output);
xfree (argv);
return err;
@@ -749,8 +777,9 @@ command_send (const char *fingerprint, char *userid)
if (err)
goto leave;
- /* Tell server that we support draft version 3. */
- err = mime_maker_add_header (mime, "Wks-Draft-Version", "3");
+ /* Tell server which draft we support. */
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
if (err)
goto leave;
@@ -948,6 +977,10 @@ send_confirmation_response (const char *sender, const char *address,
err = mime_maker_add_header (mime, "Subject", "Key publication confirmation");
if (err)
goto leave;
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
+ if (err)
+ goto leave;
if (encrypt)
{
@@ -998,9 +1031,11 @@ send_confirmation_response (const char *sender, const char *address,
/* Reply to a confirmation request. The MSG has already been
- * decrypted and we only need to send the nonce back. */
+ * decrypted and we only need to send the nonce back. MAINFPR is
+ * either NULL or the primary key fingerprint of the key used to
+ * decrypt the request. */
static gpg_error_t
-process_confirmation_request (estream_t msg)
+process_confirmation_request (estream_t msg, const char *mainfpr)
{
gpg_error_t err;
nvc_t nvc;
@@ -1044,8 +1079,20 @@ process_confirmation_request (estream_t msg)
}
fingerprint = value;
- /* FIXME: Check that the fingerprint matches the key used to decrypt the
- * message. */
+ /* Check that the fingerprint matches the key used to decrypt the
+ * message. In --read mode or with the old format we don't have the
+ * decryption key; thus we can't bail out. */
+ if (!mainfpr || ascii_strcasecmp (mainfpr, fingerprint))
+ {
+ log_info ("target fingerprint: %s\n", fingerprint);
+ log_info ("but decrypted with: %s\n", mainfpr);
+ log_error ("confirmation request not decrypted with target key\n");
+ if (mainfpr)
+ {
+ err = gpg_error (GPG_ERR_INV_DATA);
+ goto leave;
+ }
+ }
/* Get the address. */
if (!((item = nvc_lookup (nvc, "address:")) && (value = nve_value (item))
@@ -1058,10 +1105,7 @@ process_confirmation_request (estream_t msg)
}
address = value;
/* FIXME: Check that the "address" matches the User ID we want to
- * publish. Also get the "fingerprint" and compare that to our to
- * be published key. Further we should make sure that we actually
- * decrypted using that fingerprint (which is a bit problematic if
- * --read is used). */
+ * publish. */
/* Get the sender. */
if (!((item = nvc_lookup (nvc, "sender:")) && (value = nve_value (item))
@@ -1130,14 +1174,24 @@ read_confirmation_request (estream_t msg)
}
if (c != '-')
- err = process_confirmation_request (msg);
+ err = process_confirmation_request (msg, NULL);
else
{
- err = decrypt_stream (&plaintext, msg);
+ struct decrypt_stream_parm_s decinfo;
+
+ err = decrypt_stream (&plaintext, &decinfo, msg);
if (err)
log_error ("decryption failed: %s\n", gpg_strerror (err));
+ else if (decinfo.otrust != 'u')
+ {
+ err = gpg_error (GPG_ERR_WRONG_SECKEY);
+ log_error ("key used to decrypt the confirmation request"
+ " was not generated by us\n");
+ }
else
- err = process_confirmation_request (plaintext);
+ err = process_confirmation_request (plaintext, decinfo.mainfpr);
+ xfree (decinfo.fpr);
+ xfree (decinfo.mainfpr);
}
es_fclose (plaintext);
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index 1a91858..0376cce 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -133,7 +133,7 @@ static gpg_error_t command_cron (void);
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
@@ -915,6 +915,18 @@ send_confirmation_request (server_ctx_t ctx,
err = mime_maker_add_header (mime, "Subject", "Confirm your key publication");
if (err)
goto leave;
+
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
+ if (err)
+ goto leave;
+
+ /* Help Enigmail to identify messages. Note that this is in no way
+ * secured. */
+ err = mime_maker_add_header (mime, "WKS-Phase", "confirm");
+ if (err)
+ goto leave;
+
for (sl = opt.extra_headers; sl; sl = sl->next)
{
err = mime_maker_add_header (mime, sl->d, NULL);
@@ -1008,7 +1020,7 @@ send_confirmation_request (server_ctx_t ctx,
if (err)
goto leave;
- mime_maker_dump_tree (mime);
+ /* mime_maker_dump_tree (mime); */
err = mime_maker_get_part (mime, partid, &signeddata);
if (err)
goto leave;
@@ -1098,7 +1110,7 @@ process_new_key (server_ctx_t ctx, estream_t key)
if (policybuf.auth_submit)
{
- /* Bypass the confirmation stuff and publish the the key as is. */
+ /* Bypass the confirmation stuff and publish the key as is. */
log_info ("publishing address '%s'\n", sl->d);
/* FIXME: We need to make sure that we do this only for the
* address in the mail. */
@@ -1206,6 +1218,13 @@ send_congratulation_message (const char *mbox, const char *keyfile)
err = mime_maker_add_header (mime, "Subject", "Your key has been published");
if (err)
goto leave;
+ err = mime_maker_add_header (mime, "Wks-Draft-Version",
+ STR2(WKS_DRAFT_VERSION));
+ if (err)
+ goto leave;
+ err = mime_maker_add_header (mime, "WKS-Phase", "done");
+ if (err)
+ goto leave;
for (sl = opt.extra_headers; sl; sl = sl->next)
{
err = mime_maker_add_header (mime, sl->d, NULL);
@@ -1515,7 +1534,7 @@ command_receive_cb (void *opaque, const char *mediatype,
/* Return a list of all configured domains. ECh list element is the
- * top directory for for the domain. To figure out the actual domain
+ * top directory for the domain. To figure out the actual domain
* name strrchr(name, '/') can be used. */
static gpg_error_t
get_domain_list (strlist_t *r_list)
diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h
index 62ceb34..3b28af4 100644
--- a/tools/gpg-wks.h
+++ b/tools/gpg-wks.h
@@ -24,6 +24,10 @@
#include "../common/strlist.h"
#include "mime-maker.h"
+/* The draft version we implement. */
+#define WKS_DRAFT_VERSION 3
+
+
/* We keep all global options in the structure OPT. */
struct
{
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index a25b513..d53947e 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -47,6 +47,7 @@
#include "util.h"
#include "i18n.h"
#include "exechelp.h"
+#include "sysutils.h"
#include "gc-opt-flags.h"
#include "gpgconf.h"
@@ -716,6 +717,10 @@ static gc_option_t gc_options_gpg[] =
(GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
NULL, NULL,
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
+ { "trust-model",
+ GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
{ "Debug",
@@ -743,6 +748,8 @@ static gc_option_t gc_options_gpg[] =
{ "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
+ { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
GC_OPTION_NULL
@@ -2163,8 +2170,11 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
config = es_fopen (config_filename, "r");
if (!config)
- gc_error (0, errno, "warning: can not open config file %s",
- config_filename);
+ {
+ if (errno != ENOENT)
+ gc_error (0, errno, "warning: can not open config file %s",
+ config_filename);
+ }
else
{
while ((length = es_read_line (config, &line, &line_len, NULL)) > 0)
@@ -2265,7 +2275,7 @@ retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
gc_option_t *list_option;
gc_option_t *config_option;
char *list_filename;
- FILE *list_file;
+ gpgrt_stream_t list_file;
char *line = NULL;
size_t line_len = 0;
ssize_t length;
@@ -2277,13 +2287,13 @@ retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
assert (!list_option->active);
list_filename = get_config_filename (component, backend);
- list_file = fopen (list_filename, "r");
+ list_file = gpgrt_fopen (list_filename, "r");
if (!list_file)
gc_error (0, errno, "warning: can not open list file %s", list_filename);
else
{
- while ((length = read_line (list_file, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (list_file, &line, &line_len, NULL)) > 0)
{
char *start;
char *end;
@@ -2316,7 +2326,7 @@ retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
else
list = xasprintf ("\"%s", gc_percent_escape (start));
}
- if (length < 0 || ferror (list_file))
+ if (length < 0 || gpgrt_ferror (list_file))
gc_error (1, errno, "can not read list file %s", list_filename);
}
@@ -2329,7 +2339,7 @@ retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
- if (list_file && fclose (list_file))
+ if (list_file && gpgrt_fclose (list_file))
gc_error (1, errno, "error closing %s", list_filename);
xfree (line);
}
@@ -2515,7 +2525,6 @@ option_check_validity (gc_option_t *option, unsigned long flags,
while (arg && *arg);
}
-
#ifdef HAVE_W32_SYSTEM
int
copy_file (const char *src_name, const char *dst_name)
@@ -2523,18 +2532,18 @@ copy_file (const char *src_name, const char *dst_name)
#define BUF_LEN 4096
char buffer[BUF_LEN];
int len;
- FILE *src;
- FILE *dst;
+ gpgrt_stream_t src;
+ gpgrt_stream_t dst;
- src = fopen (src_name, "r");
+ src = gpgrt_fopen (src_name, "r");
if (src == NULL)
return -1;
- dst = fopen (dst_name, "w");
+ dst = gpgrt_fopen (dst_name, "w");
if (dst == NULL)
{
int saved_err = errno;
- fclose (src);
+ gpgrt_fclose (src);
gpg_err_set_errno (saved_err);
return -1;
}
@@ -2543,28 +2552,28 @@ copy_file (const char *src_name, const char *dst_name)
{
int written;
- len = fread (buffer, 1, BUF_LEN, src);
+ len = gpgrt_fread (buffer, 1, BUF_LEN, src);
if (len == 0)
break;
- written = fwrite (buffer, 1, len, dst);
+ written = gpgrt_fwrite (buffer, 1, len, dst);
if (written != len)
break;
}
- while (!feof (src) && !ferror (src) && !ferror (dst));
+ while (! gpgrt_feof (src) && ! gpgrt_ferror (src) && ! gpgrt_ferror (dst));
- if (ferror (src) || ferror (dst) || !feof (src))
+ if (gpgrt_ferror (src) || gpgrt_ferror (dst) || ! gpgrt_feof (src))
{
int saved_errno = errno;
- fclose (src);
- fclose (dst);
+ gpgrt_fclose (src);
+ gpgrt_fclose (dst);
unlink (dst_name);
gpg_err_set_errno (saved_errno);
return -1;
}
- if (fclose (dst))
+ if (gpgrt_fclose (dst))
gc_error (1, errno, "error closing %s", dst_name);
- if (fclose (src))
+ if (gpgrt_fclose (src))
gc_error (1, errno, "error closing %s", src_name);
return 0;
@@ -2573,7 +2582,20 @@ copy_file (const char *src_name, const char *dst_name)
/* Create and verify the new configuration file for the specified
- backend and component. Returns 0 on success and -1 on error. */
+ * backend and component. Returns 0 on success and -1 on error. This
+ * function may store pointers to malloced strings in SRC_FILENAMEP,
+ * DEST_FILENAMEP, and ORIG_FILENAMEP. Those must be freed by the
+ * caller. The strings refer to three versions of the configuration
+ * file:
+ *
+ * SRC_FILENAME: The updated configuration is written to this file.
+ * DEST_FILENAME: Name of the configuration file read by the
+ * component.
+ * ORIG_FILENAME: A backup of the previous configuration file.
+ *
+ * To apply the configuration change, rename SRC_FILENAME to
+ * DEST_FILENAME. To revert to the previous configuration, rename
+ * ORIG_FILENAME to DEST_FILENAME. */
static int
change_options_file (gc_component_t component, gc_backend_t backend,
char **src_filenamep, char **dest_filenamep,
@@ -2588,8 +2610,8 @@ change_options_file (gc_component_t component, gc_backend_t backend,
ssize_t length;
int res;
int fd;
- FILE *src_file = NULL;
- FILE *dest_file = NULL;
+ gpgrt_stream_t src_file = NULL;
+ gpgrt_stream_t dest_file = NULL;
char *src_filename;
char *dest_filename;
char *orig_filename;
@@ -2641,6 +2663,8 @@ change_options_file (gc_component_t component, gc_backend_t backend,
if (res < 0 && errno != ENOENT)
{
xfree (dest_filename);
+ xfree (src_filename);
+ xfree (orig_filename);
return -1;
}
if (res < 0)
@@ -2659,7 +2683,7 @@ change_options_file (gc_component_t component, gc_backend_t backend,
fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
if (fd < 0)
return -1;
- src_file = fdopen (fd, "w");
+ src_file = gpgrt_fdopen (fd, "w");
res = errno;
if (!src_file)
{
@@ -2673,11 +2697,11 @@ change_options_file (gc_component_t component, gc_backend_t backend,
process. */
if (orig_filename)
{
- dest_file = fopen (dest_filename, "r");
+ dest_file = gpgrt_fopen (dest_filename, "r");
if (!dest_file)
goto change_file_one_err;
- while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
{
int disable = 0;
char *start;
@@ -2748,24 +2772,24 @@ change_options_file (gc_component_t component, gc_backend_t backend,
{
if (!in_marker)
{
- fprintf (src_file,
+ gpgrt_fprintf (src_file,
"# %s disabled this option here at %s\n",
GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
- fprintf (src_file, "# %s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "# %s", line);
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
}
}
else
{
- fprintf (src_file, "%s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s", line);
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
}
}
- if (length < 0 || ferror (dest_file))
+ if (length < 0 || gpgrt_ferror (dest_file))
goto change_file_one_err;
}
@@ -2776,8 +2800,8 @@ change_options_file (gc_component_t component, gc_backend_t backend,
proceed. Note that we first write a newline, this guards us
against files which lack the newline at the end of the last
line, while it doesn't hurt us in all other cases. */
- fprintf (src_file, "\n%s\n", marker);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "\n%s\n", marker);
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
}
@@ -2787,7 +2811,7 @@ change_options_file (gc_component_t component, gc_backend_t backend,
followed by the rest of the original file. */
while (cur_arg)
{
- fprintf (src_file, "%s\n", cur_arg);
+ gpgrt_fprintf (src_file, "%s\n", cur_arg);
/* Find next argument. */
if (arg)
@@ -2812,52 +2836,52 @@ change_options_file (gc_component_t component, gc_backend_t backend,
cur_arg = NULL;
}
- fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
if (!in_marker)
{
- fprintf (src_file, "# %s edited this configuration file.\n",
+ gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
GPGCONF_DISP_NAME);
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
- fprintf (src_file, "# It will disable options before this marked "
+ gpgrt_fprintf (src_file, "# It will disable options before this marked "
"block, but it will\n");
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
- fprintf (src_file, "# never change anything below these lines.\n");
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
}
if (dest_file)
{
- while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
{
- fprintf (src_file, "%s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s", line);
+ if (gpgrt_ferror (src_file))
goto change_file_one_err;
}
- if (length < 0 || ferror (dest_file))
+ if (length < 0 || gpgrt_ferror (dest_file))
goto change_file_one_err;
}
xfree (line);
line = NULL;
- res = fclose (src_file);
+ res = gpgrt_fclose (src_file);
if (res)
{
res = errno;
close (fd);
if (dest_file)
- fclose (dest_file);
+ gpgrt_fclose (dest_file);
gpg_err_set_errno (res);
return -1;
}
close (fd);
if (dest_file)
{
- res = fclose (dest_file);
+ res = gpgrt_fclose (dest_file);
if (res)
return -1;
}
@@ -2868,11 +2892,11 @@ change_options_file (gc_component_t component, gc_backend_t backend,
res = errno;
if (src_file)
{
- fclose (src_file);
+ gpgrt_fclose (src_file);
close (fd);
}
if (dest_file)
- fclose (dest_file);
+ gpgrt_fclose (dest_file);
gpg_err_set_errno (res);
return -1;
}
@@ -2880,7 +2904,19 @@ change_options_file (gc_component_t component, gc_backend_t backend,
/* Create and verify the new configuration file for the specified
* backend and component. Returns 0 on success and -1 on error. If
- * VERBATIM is set the profile mode is used. */
+ * VERBATIM is set the profile mode is used. This function may store
+ * pointers to malloced strings in SRC_FILENAMEP, DEST_FILENAMEP, and
+ * ORIG_FILENAMEP. Those must be freed by the caller. The strings
+ * refer to three versions of the configuration file:
+ *
+ * SRC_FILENAME: The updated configuration is written to this file.
+ * DEST_FILENAME: Name of the configuration file read by the
+ * component.
+ * ORIG_FILENAME: A backup of the previous configuration file.
+ *
+ * To apply the configuration change, rename SRC_FILENAME to
+ * DEST_FILENAME. To revert to the previous configuration, rename
+ * ORIG_FILENAME to DEST_FILENAME. */
static int
change_options_program (gc_component_t component, gc_backend_t backend,
char **src_filenamep, char **dest_filenamep,
@@ -2896,8 +2932,8 @@ change_options_program (gc_component_t component, gc_backend_t backend,
ssize_t length;
int res;
int fd;
- FILE *src_file = NULL;
- FILE *dest_file = NULL;
+ gpgrt_stream_t src_file = NULL;
+ gpgrt_stream_t dest_file = NULL;
char *src_filename;
char *dest_filename;
char *orig_filename;
@@ -2939,7 +2975,7 @@ change_options_program (gc_component_t component, gc_backend_t backend,
fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
if (fd < 0)
return -1;
- src_file = fdopen (fd, "w");
+ src_file = gpgrt_fdopen (fd, "w");
res = errno;
if (!src_file)
{
@@ -2953,11 +2989,11 @@ change_options_program (gc_component_t component, gc_backend_t backend,
process. */
if (orig_filename)
{
- dest_file = fopen (dest_filename, "r");
+ dest_file = gpgrt_fopen (dest_filename, "r");
if (!dest_file)
goto change_one_err;
- while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
{
int disable = 0;
char *start;
@@ -3004,24 +3040,24 @@ change_options_program (gc_component_t component, gc_backend_t backend,
{
if (!in_marker)
{
- fprintf (src_file,
+ gpgrt_fprintf (src_file,
"# %s disabled this option here at %s\n",
GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_one_err;
- fprintf (src_file, "# %s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "# %s", line);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
}
else
{
- fprintf (src_file, "%s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s", line);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
}
- if (length < 0 || ferror (dest_file))
+ if (length < 0 || gpgrt_ferror (dest_file))
goto change_one_err;
}
@@ -3032,8 +3068,8 @@ change_options_program (gc_component_t component, gc_backend_t backend,
proceed. Note that we first write a newline, this guards us
against files which lack the newline at the end of the last
line, while it doesn't hurt us in all other cases. */
- fprintf (src_file, "\n%s\n", marker);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "\n%s\n", marker);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
/* At this point, we have copied everything up to the end marker
@@ -3044,7 +3080,7 @@ change_options_program (gc_component_t component, gc_backend_t backend,
/* We have to turn on UTF8 strings for GnuPG. */
if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
- fprintf (src_file, "utf8-strings\n");
+ gpgrt_fprintf (src_file, "utf8-strings\n");
option = gc_component[component].options;
while (option->name)
@@ -3059,16 +3095,16 @@ change_options_program (gc_component_t component, gc_backend_t backend,
{
if (*arg == '\0' || *arg == ',')
{
- fprintf (src_file, "%s\n", option->name);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s\n", option->name);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
else if (gc_arg_type[option->arg_type].fallback
== GC_ARG_TYPE_NONE)
{
assert (*arg == '1');
- fprintf (src_file, "%s\n", option->name);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s\n", option->name);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
arg++;
@@ -3090,9 +3126,9 @@ change_options_program (gc_component_t component, gc_backend_t backend,
else
end = NULL;
- fprintf (src_file, "%s %s\n", option->name,
+ gpgrt_fprintf (src_file, "%s %s\n", option->name,
verbatim? arg : percent_deescape (arg));
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_one_err;
if (end)
@@ -3107,8 +3143,8 @@ change_options_program (gc_component_t component, gc_backend_t backend,
if (end)
*end = '\0';
- fprintf (src_file, "%s %s\n", option->name, arg);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s %s\n", option->name, arg);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
if (end)
@@ -3125,52 +3161,52 @@ change_options_program (gc_component_t component, gc_backend_t backend,
option++;
}
- fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
+ if (gpgrt_ferror (src_file))
goto change_one_err;
if (!in_marker)
{
- fprintf (src_file, "# %s edited this configuration file.\n",
+ gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
GPGCONF_DISP_NAME);
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_one_err;
- fprintf (src_file, "# It will disable options before this marked "
+ gpgrt_fprintf (src_file, "# It will disable options before this marked "
"block, but it will\n");
- if (ferror (src_file))
+ if (gpgrt_ferror (src_file))
goto change_one_err;
- fprintf (src_file, "# never change anything below these lines.\n");
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
if (dest_file)
{
- while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
{
- fprintf (src_file, "%s", line);
- if (ferror (src_file))
+ gpgrt_fprintf (src_file, "%s", line);
+ if (gpgrt_ferror (src_file))
goto change_one_err;
}
- if (length < 0 || ferror (dest_file))
+ if (length < 0 || gpgrt_ferror (dest_file))
goto change_one_err;
}
xfree (line);
line = NULL;
- res = fclose (src_file);
+ res = gpgrt_fclose (src_file);
if (res)
{
res = errno;
close (fd);
if (dest_file)
- fclose (dest_file);
+ gpgrt_fclose (dest_file);
gpg_err_set_errno (res);
return -1;
}
close (fd);
if (dest_file)
{
- res = fclose (dest_file);
+ res = gpgrt_fclose (dest_file);
if (res)
return -1;
}
@@ -3181,11 +3217,11 @@ change_options_program (gc_component_t component, gc_backend_t backend,
res = errno;
if (src_file)
{
- fclose (src_file);
+ gpgrt_fclose (src_file);
close (fd);
}
if (dest_file)
- fclose (dest_file);
+ gpgrt_fclose (dest_file);
gpg_err_set_errno (res);
return -1;
}
@@ -3240,6 +3276,7 @@ gc_component_change_options (int component, estream_t in, estream_t out,
int verbatim)
{
int err = 0;
+ int block = 0;
int runtime[GC_BACKEND_NR];
char *src_filename[GC_BACKEND_NR];
char *dest_filename[GC_BACKEND_NR];
@@ -3326,6 +3363,8 @@ gc_component_change_options (int component, estream_t in, estream_t out,
change_one_value (option, runtime, flags, new_value, 0);
}
+ if (length < 0 || gpgrt_ferror (in))
+ gc_error (1, errno, "error reading stream 'in'");
}
/* Now that we have collected and locally verified the changes,
@@ -3377,6 +3416,14 @@ gc_component_change_options (int component, estream_t in, estream_t out,
option++;
}
+ /* We are trying to atomically commit all changes. Unfortunately,
+ we cannot rely on gnupg_rename_file to manage the signals for us,
+ doing so would require us to pass NULL as BLOCK to any subsequent
+ call to it. Instead, we just manage the signal handling
+ manually. */
+ block = 1;
+ gnupg_block_all_signals ();
+
if (! err && ! opt.dry_run)
{
int i;
@@ -3390,20 +3437,13 @@ gc_component_change_options (int component, estream_t in, estream_t out,
assert (dest_filename[i]);
if (orig_filename[i])
- {
-#ifdef HAVE_W32_SYSTEM
- /* There is no atomic update on W32. */
- err = unlink (dest_filename[i]);
-#endif /* HAVE_W32_SYSTEM */
- if (!err)
- err = rename (src_filename[i], dest_filename[i]);
- }
+ err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
else
{
#ifdef HAVE_W32_SYSTEM
/* We skip the unlink if we expect the file not to
be there. */
- err = rename (src_filename[i], dest_filename[i]);
+ err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
#else /* HAVE_W32_SYSTEM */
/* This is a bit safer than rename() because we
expect DEST_FILENAME not to be there. If it
@@ -3443,13 +3483,7 @@ gc_component_change_options (int component, estream_t in, estream_t out,
a version of the file that is even newer than the one
we just installed. */
if (orig_filename[i])
- {
-#ifdef HAVE_W32_SYSTEM
- /* There is no atomic update on W32. */
- unlink (dest_filename[i]);
-#endif /* HAVE_W32_SYSTEM */
- rename (orig_filename[i], dest_filename[i]);
- }
+ gnupg_rename_file (orig_filename[i], dest_filename[i], NULL);
else
unlink (dest_filename[i]);
}
@@ -3479,16 +3513,13 @@ gc_component_change_options (int component, estream_t in, estream_t out,
backup_filename = xasprintf ("%s.%s.bak",
dest_filename[backend], GPGCONF_NAME);
-
-#ifdef HAVE_W32_SYSTEM
- /* There is no atomic update on W32. */
- unlink (backup_filename);
-#endif /* HAVE_W32_SYSTEM */
- rename (orig_filename[backend], backup_filename);
+ gnupg_rename_file (orig_filename[backend], backup_filename, NULL);
xfree (backup_filename);
}
leave:
+ if (block)
+ gnupg_unblock_all_signals ();
xfree (line);
for (backend = 0; backend < GC_BACKEND_NR; backend++)
{
@@ -3623,7 +3654,7 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
char *line = NULL;
size_t line_len = 0;
ssize_t length;
- FILE *config;
+ gpgrt_stream_t config;
int lineno = 0;
int in_rule = 0;
int got_match = 0;
@@ -3640,7 +3671,7 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
runtime[backend_id] = 0;
- config = fopen (fname, "r");
+ config = gpgrt_fopen (fname, "r");
if (!config)
{
/* Do not print an error if the file is not available, except
@@ -3654,7 +3685,7 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
return result;
}
- while ((length = read_line (config, &line, &line_len, NULL)) > 0)
+ while ((length = gpgrt_read_line (config, &line, &line_len, NULL)) > 0)
{
char *key, *component, *option, *flags, *value;
char *empty;
@@ -3880,12 +3911,12 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
}
}
- if (length < 0 || ferror (config))
+ if (length < 0 || gpgrt_ferror (config))
{
gc_error (0, errno, "error reading from '%s'", fname);
result = -1;
}
- if (fclose (config))
+ if (gpgrt_fclose (config))
gc_error (0, errno, "error closing '%s'", fname);
xfree (line);
diff --git a/tools/gpgconf.c b/tools/gpgconf.c
index a5ee188..a9f4607 100644
--- a/tools/gpgconf.c
+++ b/tools/gpgconf.c
@@ -109,7 +109,7 @@ static ARGPARSE_OPTS opts[] =
};
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
diff --git a/tools/gpgparsemail.c b/tools/gpgparsemail.c
index 8c9c4d4..b122097 100644
--- a/tools/gpgparsemail.c
+++ b/tools/gpgparsemail.c
@@ -463,7 +463,7 @@ show_event (rfc822parse_event_t event)
/* This function is called by the parser to communicate events. This
callback comminucates with the main program using a structure
- passed in OPAQUE. Should retrun 0 or set errno and return -1. */
+ passed in OPAQUE. Should return 0 or set errno and return -1. */
static int
message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg)
{
diff --git a/tools/gpgtar.c b/tools/gpgtar.c
index 23176dc..3dff176 100644
--- a/tools/gpgtar.c
+++ b/tools/gpgtar.c
@@ -137,7 +137,7 @@ static ARGPARSE_OPTS tar_opts[] = {
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
@@ -507,7 +507,7 @@ main (int argc, char **argv)
/* Read the next record from STREAM. RECORD is a buffer provided by
the caller and must be at leadt of size RECORDSIZE. The function
- return 0 on success and and error code on failure; a diagnostic
+ return 0 on success and error code on failure; a diagnostic
printed as well. Note that there is no need for an EOF indicator
because a tarball has an explicit EOF record. */
gpg_error_t
diff --git a/tools/mail-signed-keys b/tools/mail-signed-keys
index c63001a..3c564f1 100755
--- a/tools/mail-signed-keys
+++ b/tools/mail-signed-keys
@@ -41,7 +41,7 @@ if [ -z "$signedby" ]; then
fi
if [ "$dryrun" = "0" ]; then
- echo "About to send the the keys signed by $signedby" >&2
+ echo "About to send the keys signed by $signedby" >&2
echo -n "to their owners. Do you really want to do this? (y/N)" >&2
read
[ "$REPLY" != "y" -a "$REPLY" != "Y" ] && exit 0
diff --git a/tools/mime-parser.c b/tools/mime-parser.c
index 264353c..169ea2b 100644
--- a/tools/mime-parser.c
+++ b/tools/mime-parser.c
@@ -49,6 +49,9 @@ struct mime_parser_context_s
{
void *cookie; /* Cookie passed to all callbacks. */
+ /* The callback to announce the transation from header to body. */
+ gpg_error_t (*t2body) (void *cookie, int level);
+
/* The callback to announce a new part. */
gpg_error_t (*new_part) (void *cookie,
const char *mediatype,
@@ -224,6 +227,14 @@ parse_message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg)
ctx->want_part = 0;
ctx->decode_part = 0;
+
+ if (ctx->t2body)
+ {
+ rc = ctx->t2body (ctx->cookie, ctx->nesting_level);
+ if (rc)
+ goto t2body_leave;
+ }
+
field = rfc822parse_parse_field (msg, "Content-Type", -1);
if (field)
{
@@ -412,6 +423,7 @@ parse_message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg)
}
}
+ t2body_leave:
ctx->show.header = 0;
ctx->show.data = 1;
ctx->show.n_skip = 1;
@@ -541,6 +553,19 @@ mime_parser_set_verbose (mime_parser_t ctx, int level)
}
+/* Set a callback for the transition from header to body. LEVEL is
+ * the current nesting level, starting with 0. This callback can be
+ * used to evaluate headers before any other action is done. Note
+ * that if a new NEW_PART callback needs to be called it is done after
+ * this T2BODY callback. */
+void
+mime_parser_set_t2body (mime_parser_t ctx,
+ gpg_error_t (*fnc) (void *cookie, int level))
+{
+ ctx->t2body = fnc;
+}
+
+
/* Set the callback used to announce a new part. It will be called
* with the media type and media subtype of the part. If no
* Content-type header was given both values are the empty string.
diff --git a/tools/mime-parser.h b/tools/mime-parser.h
index 37a74a1..b9bb465 100644
--- a/tools/mime-parser.h
+++ b/tools/mime-parser.h
@@ -27,6 +27,8 @@ gpg_error_t mime_parser_new (mime_parser_t *r_ctx, void *cookie);
void mime_parser_release (mime_parser_t ctx);
void mime_parser_set_verbose (mime_parser_t ctx, int level);
+void mime_parser_set_t2body (mime_parser_t ctx,
+ gpg_error_t (*fnc) (void *cookie, int level));
void mime_parser_set_new_part (mime_parser_t ctx,
gpg_error_t (*fnc) (void *cookie,
const char *mediatype,
diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c
index dc680f5..a72b9cf 100644
--- a/tools/symcryptrun.c
+++ b/tools/symcryptrun.c
@@ -191,7 +191,7 @@ struct
} opt;
-/* Print usage information and and provide strings for help. */
+/* Print usage information and provide strings for help. */
static const char *
my_strusage (int level)
{
@@ -997,7 +997,7 @@ main (int argc, char **argv)
setup_libgcrypt_logging ();
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
- /* Tell simple-pwquery about the the standard socket name. */
+ /* Tell simple-pwquery about the standard socket name. */
{
char *tmp = make_filename (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
simple_pw_set_socket (tmp);
diff --git a/tools/wks-receive.c b/tools/wks-receive.c
index 12ec089..94f8bc6 100644
--- a/tools/wks-receive.c
+++ b/tools/wks-receive.c
@@ -255,6 +255,38 @@ collect_signature (void *cookie, const char *data)
}
+/* The callback for the transition from header to body. We use it to
+ * look at some header values. */
+static gpg_error_t
+t2body (void *cookie, int level)
+{
+ receive_ctx_t ctx = cookie;
+ rfc822parse_t msg;
+ char *value;
+ size_t valueoff;
+
+ log_info ("t2body for level %d\n", level);
+ if (!level)
+ {
+ /* This is the outermost header. */
+ msg = mime_parser_rfc822parser (ctx->parser);
+ if (msg)
+ {
+ value = rfc822parse_get_field (msg, "Wks-Draft-Version",
+ -1, &valueoff);
+ if (value)
+ {
+ if (atoi(value+valueoff) >= 2 )
+ ctx->draft_version_2 = 1;
+ free (value);
+ }
+ }
+ }
+
+ return 0;
+}
+
+
static gpg_error_t
new_part (void *cookie, const char *mediatype, const char *mediasubtype)
{
@@ -275,22 +307,6 @@ new_part (void *cookie, const char *mediatype, const char *mediasubtype)
}
else
{
- rfc822parse_t msg = mime_parser_rfc822parser (ctx->parser);
- if (msg)
- {
- char *value;
- size_t valueoff;
-
- value = rfc822parse_get_field (msg, "Wks-Draft-Version",
- -1, &valueoff);
- if (value)
- {
- if (atoi(value+valueoff) >= 2 )
- ctx->draft_version_2 = 1;
- free (value);
- }
- }
-
ctx->key_data = es_fopenmem (0, "w+b");
if (!ctx->key_data)
{
@@ -413,6 +429,7 @@ wks_receive (estream_t fp,
goto leave;
if (DBG_PARSER)
mime_parser_set_verbose (parser, 1);
+ mime_parser_set_t2body (parser, t2body);
mime_parser_set_new_part (parser, new_part);
mime_parser_set_part_data (parser, part_data);
mime_parser_set_collect_encrypted (parser, collect_encrypted);