netpgp: fix or suppress a few lint warnings

No functional change.

netpgp: fix use after free when writing keyring

Same pattern as in the previous commit.

netpgp: fix use after free when reading pubkey

To reproduce:
srcdir=...
objdir=...
cd "$srcdir"/crypto/external/bsd/netpgp/dist/bindings/lua
cp "$objdir"/crypto/external/bsd/netpgp/bindings/lua/netpgp.so \
./libluanetpgp.so
LD_LIBRARY_PATH="." MALLOC_CONF=junk:true lua netpgp.lua

> $HOME/.gnupg/pubring.gpg: No such file or directory
> Can't read pubring ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

cleanly fail initialization on empty keyring

Fix some error handling, json support, keyring handling.

branches: 1.101.10; 1.101.12;
Avoid some type casts

Submitted on tech-pkg@ as:
[PATCH 03/11] Avoid some type casts

No functional change intended.

Revert "Remove a useless loop around getpass()"

getpass(3) may return NULL upon failures on Linux, and netpgp should remain
portable to other systems.

Remove a useless loop around getpass()

According to getpass(3), this library function cannot return NULL.
Verified with a source code inspection.

branches: 1.98.2; 1.98.4;
CID 977755: Resource leaks.

Fix signing of in-memory data with SSH keys

Add the --trusted-keys argument to netpgpkeys(1) to print out PGP ids in a
machine-readable manner.

re-order the fields that we print out in the pgp_sprint_pubkey() function
to be more usual.

print out the name from within pgp_sprint_pubkey() rather than tagging it
onto the end of the output from the function.

branches: 1.94.2;
plug some memory leaks in error paths

when matching pubkeys, also return the first (pgp) uid for the key in the
resultant key listing

when using json to format keys returned from libnetpgp, also prepare for
machine-readable format ("mr") as well as human ("human"), even though
it's not yet used.

get some things off the TODO list

when initialising, recognise keys in a different order.

1. read the public keyring

2. if a userid has been specified, use it

3. if not, check the configuration file (~/.gnupg/gpg.conf) for a
default user id

4, only read the secret keyring if we need to (decrypting or signing)

5. if signing, and we still don't have a userid, use the first key in
the secret keyring

6. if encrypting, and we still have no userid, use the first in the
public keyring

ssh keys remain the same as previously.

only attempt to load the secret key if we need to (for signing or for
decrypting).

change mj library to take an additional argument for a string type,
denoting its length. this allows binary strings to be encoded using
libmj.

escape magic characters in json strings in a more efficient manner.
the previous method was not scalable.

update callers to suit

bump libmj major version number

add examples to the libmj(3) man page

avoid a double free - from Anthony Bentley.

clean up lint (on amd64)

avoid nameclash - call the generated user id variable "generated userid"

also keep the time of structure initialisation as an internal variable.

When generating a key, set the new key's userid (last 16 bytes of
fingerprint) as an internal netpgp variable.

This can then be queried using netpgp_getvar(netpgp, "userid") to find the
new key's id.

Fix PR 44075 from Peter Pentchev, but do this by adding a
--numtries=<attempts> option to netpgp(1) to provide the maximum
number of attempts to retrieve the correct passphrase when signing or
decrypting, and use it in libnetpgp(3). The default number of
attempts is 3, and a value of "unlimited" will loop until the correct
passphrase has been entered.

Use a regular expression to match the various ASCII-armoured headers we
may encounter - fixes PR 44074 from Peter Pentchev in a different way.

Changes to help with netpgp key generation and interoperability:

+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
secret-sharing functionality for netpgp

Rename internal ops-ssh.h header file to ssh2pgp.h to better reflect its
use.

Take the internal functions and definitions back out of the implementation
namespace:

:g/\<__ops/s//pgp/g
:g/\<__OPS/s//__PGP/g
:g/\<OPS/s//PGP/g

No functional change, regression tests complete successfully.

allow user-specification of cipher to be used when encrypting packets.

preserve the CAST5 default for now.

at the user level, this is specified using the --cipher=<ciphername>
option.

Update to version 3.99.13:

+ add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
as specified in RFC 5581
+ add the camellia cipher implementation from openssl

PR/42435 : Check pointers against NULL to avoid dereferencing them

2 minor changes:

+ when writing out the key as an ssh key, don't include the user id
information at the end, in-line with expectations about standard ssh
key formats

+ since the signing key changed its "menu line" entry from "pub" to
"signature", the offset of the key id moved 7 chars to the right, so
take this into consideration when generating new keys

Allow the user specification of the secret key file as the
--sshkeyfile or -S argument, and check that the public key file exists
before trying to read it.

Changes to 3.99.12/20100907

+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias [-S file] for [--sshkeyfile file] to
netpgpkeys(1) and netpgp(1)

As far as ssh key file support goes, see the following example:

% cp configure a
% netpgp -S ~/.ssh/id_rsa.pub -e a
% netpgp -S ~/.ssh/id_rsa.pub -d a.gpg
Enter PEM pass phrase:
% ls -al a a.gpg
-rwxr-xr-x 1 agc agc 758398 Sep 7 05:38 a
-rw------- 1 agc agc 156886 Sep 7 05:38 a.gpg
%

Add a utility function, netpgp_write_sshkey(3), which will take a PGP public
key (RSA only) and format it as an ssh pubkey.

If we get passed a key which has no subuids, sigs, fingerprint or any
other data, and has been revoked, don't even attempt to print it out.

move the functions to parse the JSON from netpgpkeys(1) into libnetpgp(3)

update the version number for recent changes.

update the date for recent changes.

regenerate the autoconf files.

Various minor changes to netpgp:

+ be smarter when checking for a null id
+ add test for rubbish being returned when listing specific keys in netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys

Denote the signing key with the word "signature" (the encryption key
already has the tag "encryption"). This is a bit more meaningful than
"pub" and "sub".

fix some more amd64 lint

+ rationalise birthtime/expiration timestamps into a single function

+ clean up some 64-bit (amd64) lint

Changes to 3.99.9/20100809

+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1)
+ add some small preparations for using the first subkey for encryption
(much more to follow)

Catch up the JSON routines being in their own library. Use the JSON routines
to return all the text as a JSON-encoded string for all keys and sigs which
are returned.

minor clean up after ourselves - free a compiled regexp

Changes to 3.99.7/20100701

+ recognise ascii-armoured encrypted messages properly, in memory and
in files
+ print error message and exit for now when trying to encrypt with a DSA key
+ fix bug reported by dyoung when trying to print out the encryption key
fingerprint

if using ssh keys with any of the netpgp programs, set the home
directory appropriately.

add some aliases for long command options across all programs

Use the correct default ssh user key file (just a typo).

Use the portable strcasecmp() function.

factor out the code which recognises ASCII-armour into its own function.

factor out code to append a key to the pubring file.

recognise ascii-armoured headers on keys when importing.

Changes to 3.99.5

+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
older hexdump function from openpgpsdk
+ pass hash type down from command line where needed
+ add test for netpgp/ssh key fingerprint matching
+ make netpgpkeys(1) take a --hash= option

With these changes, netpgp can be made to generate the same fingerprint as
openssh (by default, ssh-keygen(1) uses an md5 digest)

% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5
1 key
pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11
Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>

% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b /etc/ssh/ssh_host_rsa_key.pub (RSA)
%

Check for a null keyring before listing keys - with thanks to Jeff Rizzo
for the problem report.

make sure we have created a directory when generating a new key.

don't try to re-read the key after writing it - that's done by a separate
function. Problem found by Tyler Retzlaff, fixed in a different way.

check that keyrings are non-NULL before attempting to free them - from a
nudge by Tyler Retzlaff.

Simplify and shorten the internals of packet processing by getting rid of
the intermediate pseudo-abstraction layer, which detracted from understanding
and had no benefit whatsoever. Rename some enums and some definitions.

Protect against NULL pointers in key output in a different way - only
advance its counter if it's non-NULL.

Regression test for this is:

netpgpkeys --list-key '\.de\>'

with my standard keyring (to list all keys which have at least one subuid
with a German email address).

avoid a duplicated error message

extend the resolve_userid() function to take a keyring, and use it for
functions which require a secret key as well.

add a static function to resolve the userid in one place, and start to use it

One more reason not to use DSA keys:

The DSA algorithm seems to require a digest value which is 20 bytes
long, which kind of implies SHA-1.

If we have a DSA signature, use SHA-1 as a hash algorithm, for backwards
compatibility. RSA signatures continue to use SHA256 by default, although
this can be given as an argument, if desired.

This fixes DSA signatures with netpgp:

% netpgp --sign --userid d4a643c5 a
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% netpgp --verify a.gpg
Good signature for a.gpg made Tue May 18 05:41:25 2010
using DSA key 8222c3ecd4a643c5
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
%

When setting up res (results), errs (error) and outs (outputs) streams,
change the pre-defined stdio streams to be denoted by "<stdout>" and
"<stderr>", to distinguish them from file names.

In netpgpkeys(1), send the default "res" (results) stream to stdout,
rather than stderr. Requested by Anon Ymous (and makes perfect sense).

Avoid a possible overwrite of a value in the (key, value) array, in
the event that a reference to the value is passed to the
netpgp_setvar() function as the new value. Problem noted, cause
detected, and most of the fix contributed by, Anon Ymous. Thanks!

if the home directory does not exist, still set its value as a netpgp
variable, as the netpgpkeys(1) program, for one, will try to create the
home directory if it does not exist.

should fix PR 42435

use hexdump() function where appropriate.

change the way that we generate a detached signature file, so that ascii
armour is used if --armor is specified. addresses PR 43248 from Juan RP.

Don't rely on \r\n line endings when doing comparisons on strings for
the presence of ASCII armored signatures. Be consistent with the spelling
of certain transatlanticly-munged words.

Fix (RSA) key generation.

Part of the fix for PR 42435 from Jukka Ruohonen.

Changes to 2.99.2/20100315

+ make subkey sigs available by hkp as well as on the command line
+ use the sketchily-defined vindex option to the hkp protocol to
return the subkey signature information
+ add a netpgp_unsetvar() function as a corollary to netpgp_setvar()
+ use a variable name of ''subkey sigs'' to denote that subkey
signatures should be returned with the pubkey uids

Changes to 2.99.1/20100313

+ add functionality to parse basic signature subkeys
+ in doing so, add expiration of keys
+ at the same time, add revocation of keys
+ recognise the primary user id, and use it when displaying user ids
+ recognise self signed keys and subkeys
+ rework the indentation of output
+ add the --list-sigs [userid] option to netpgpkeys(1)
+ use memcmp(3) rather than strcmp(3) when checking binary user ids to
be exported
+ add expiration display to subkey signature output
+ update libnetpgp library version major number to 3

clean up some lint that crept in.

Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes:

Changes to 1.99.20/20100304

+ move args to some functions around to be consistent
+ use uint*_t where appropriate
+ fix bug in verify memory
+ add documentation to manual pages to show how to do combined
signing/encryption and decryption/verification
+ make verification of ascii-armoured memory work the same as binary
+ eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc
PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for
newer linux platforms with glibc 2.10.1. solved a bit differently, by
implementing strdup(3) and strcasecmp(3) independently, and using regexps
to avoid calling strptime(3).

fix a bug in verifying memory.

add two examples to the netpgp(1) manual page outlining how to sign
and encrypt via a pipeline, and how to decrypt and verify/cat using a
pipeline.

Changes to 1.99.19/20100212

+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!)
+ make the singular of time units read correctly
+ print decryption key info properly when prompting for passphrase

changes to 1.99.18/20100211

small steps, but lots of them - this is the first one.

+ print out the correct key information when signing files and memory.
what used to be printed out was the copy of the public key which is
stored as part of the private key(!). does not address the info shown
when decrypting, since that is done in a different way, by callback.
this whole part needs to be re-written, but will have to wait for two
good hands.

Changes to 1.99.16/20100205

+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
packets would cause a SIGSEGV
+ add duration arg to netpgp(1), and check for validity when verifying
signatures
+ add birthtime arg to netpgp(1), and check for validity when verifying
signatures
+ add netpgp commands to print pubkey, if desired
+ allow the passphrase for the signature to be taken from --pass-fd
+ get rid of static indent value when printing packet contents
+ print signature validity times when verifying a file's signature

Remove a code excerpt which is not ready for primetime just yet

Modify regression test suite behaviour - remove the (error) tests for
commands with no file arguments, as input will now be taken from stdin,
and output will go to stdout, if no file arguments are given on the
command line.

Netpgp changes to 1.99.15/20091221

+ some ssh host keys do not have the username of the generator included
in the key itself. If there is no username in there, create one.
+ added netpgp_encrypt_memory() and netpgp_decrypt_memory()
+ overhaul netpgp(1) to work with stdin/stdout if no filenames specified:

% netpgp --encrypt < a | netpgp --decrypt > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
% diff a b
% ls -al a b
-rw-r--r-- 1 agc agc 15243 Dec 20 08:55 a
-rw-r--r-- 1 agc agc 15243 Dec 21 17:15 b
%

% netpgp --sign < a | netpgp --cat > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
Good signature for <stdin> made Mon Dec 21 18:25:02 2009
using RSA (Encrypt or Sign) key 1b68dcfcc0596823
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair@hockley-crooks.com>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com>
%

+ add explanations of memory-based operations to manual pages

Prepare for a new netpgp-20091210 portable release.

Apart from infrastructure changes, there are the following functional ones:

+ Update to version 20091210

+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring. If no
pattern is specified to match, then all keys are returned.

+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library

+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable. This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library

+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file

+ autoconf infrastructure changes

+ take a hammer to the _GNU_SOURCE definitions problems

+ don't rely on strnlen(3) being present everywhere

+ When using ssh keys, use the first key as the default userid, unless
specified.

+ The internal variable "sshetcdir" has been renamed to "sshkeydir"

+ When matching the text fields in the username, use an ICASE, NOSUB, EXTENDED
regular expression. This allows more advanced ways of searching, such as:

% netpgpkeys --list-keys '\.de\>'

to find all the keys in the default keyring which have an email address
in Germany. This is actually surprisingly useful.

Add the ability to use ssh host keys (on the fly) to provide RSA keys.

These keys can be used in the same way as normal PGP keys - to sign, verify,
encrypt and decrypt files and data.

% cp configure a
% sudo netpgp --ssh-keys --sign --userid 1e00404a a
Password:
pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
% sudo chmod 644 a.gpg
% netpgp --ssh-keys --verify a.gpg
netpgp: default key set to "C0596823"
can't open '/etc/ssh/ssh_host_rsa_key'
Good signature for a.gpg made Fri Dec 4 23:04:36 2009
using RSA (Encrypt or Sign) key 040180871e00404a
pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>
% uname -a
NetBSD osx-vm1.crowthorne.alistaircrooks.co.uk 5.99.20 NetBSD 5.99.20 (ISCSI) #0: Wed Oct 7 17:16:33 PDT 2009 agc@osx-vm1.crowthorne.alistaircrooks.co.uk:/usr/obj/i386/usr/src/sys/arch/i386/compile/ISCSI i386
%

The ssh host keys do not need to be manipulated in any way - the information
is read from existing files.

Commit some changes that have been in a private tree for a while:

+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions

Clean up some Flexelint (issues pointed out by phk - many thanks!).

Also make sure the return value for each memory allocation is checked - this
is still a WIP.

Clean up more Flexelint, from phk - many thanks! - just low-hanging fruit
for just now.

Move the null file checks for sign/verify/encrypt/decrypt down into the
library itself. Update the regression test script to add some tests.

Don't complain if $HOME/.gnupg does not exist (and using --homedir).

Don't require a userid to be set in the gpg.conf file - it can be set
on the command line when it's needed (for signing and encryption, the
other operations in netpgp(1) will take the userid from the
signed/encrypted file).

Add tests for the lack of a default userid in the config file.

+ only prompt for the passphrase for the secret key if the secret key is
protected by a passphrase

CHANGES 1.99.10 -> 1.99.11

+ address keys array from 0 with unsigned indices
+ print results to io->res stream - default to stderr, and set using
netpgp_setvar(..., "results", filename)
+ __ops_keyid()'s third arg was always the size of the keyid array - no need
to pass it
+ get rid of the excessive type-checking in packet-show-cast.h, which wasn't
necessary, and fold all the show routines into packet-show.c
+ introduce a generic __ops_new() and use it for some structure allocation

Add a separate res output stream for results, and print results to it.

This is settable from userlevel by using
netpgp_setvar(..., "results", filename)

CHANGES 1.99.9 -> 1.99.10

+ fix a bug in decryption whereby a bad passphrase would cause a segmentation
violation
+ fix some regressions in key searching in the underlying find keys routines
+ add C++ declaration protection to the external interface in netpgp.h
+ split out the key management parts of netpgp(1) into netpgpkeys(1)

CHANGES 1.99.8 -> 1.99.9

+ make more use of __ops_io_t structure
+ addition of standalone, stripped-down netpgpverify utility
+ addition of test for --list-packets on an empty file
+ bring forward some simplifications from netpgpverify
+ some name changes
+ get rid of the increment and then decrement keycount around
accumulated data ("it's to do with counting")
+ then use unsigned integers for the size and counts for the
dynamic array of keys, and use the common dynamic array macros
for keys in a keyring
+ if it's a union, let's use it as a union, not a struct
+ modified documentation to correct the --list-packets command (sorry, ver)
+ add a new directory structure for both the distribution and the
reachover Makefiles. The autotest framework has been partially overhauled
but more TLC is needed here.
+ add a --pass-fd=n option so that external programs can provide the
passphrase on a file descriptor without going through the callback,
requested by joerg

Fix an core dump reported by Oliver Gould - if there is no file from which
to read packets to list, fail with a decent error message.

CHANGES 1.99.7 -> 1.99.8

+ get rid of __ops_malloc_passphrase() - strdup() works just as well
+ generalise __ops_seckey_forget() to become __ops_forget(), give it a size
parameter, and make it work on things other than secret keys (passphrases
for instance)
+ minor struct field enum renaming
+ minor function call renaming
+ add ops_io_t struct to hold pointers to IO streams, and pass it down
where necessary

CHANGES 1.99.5 -> 1.99.6

+ made --homedir=d consistent with POLS. Default is $HOME/.gnupg, and
if a directory is specified with --homedir=d, the directory containing
conf file and keyrings is taken to be "d".

CHANGES 1.99.4 -> 1.99.5

+ Luke Mewburn completely overhauled the auto tools infrastructure
+ changed signature (hah!) of some netpgp file management prototypes to
use const char * for file names and user ids, not char * - suggested by
christos
+ change some of the openpgpsdk display functions to return integer values,
and send those values back from the netpgp functions - suggested by
christos
+ rather than passing a shedload of variables to netpgp_init(), get rid
of them, and set variables using the netpgp_[gs]etvar() interface
+ replace some magic constants with descriptive names
+ use a netpgp variable to skip userid checks if necessary
+ add ability to allow coredumps via --coredumps if (a) you have taken
leave of your sanity, and (b) you have some magical persistent
storage which doesn't spare sectors, and (c) you know how to remove
a file securely
+ bumped library version on NetBSD to 1.0 for interface changes

CHANGES 1.99.3 -> 1.99.4

+ get rid of some magic constants
+ revamped regression test script to count number of tests passed
+ made checkhash array in ops_seckey_t dynamic, rather than statically
allocated
+ made mdc array dynamic, and added a length field to mdc for future use
+ revamped usage message to match reality
+ made portable version again for the autoconfed package sources
+ add separate netpgpdigest.h file so that separate digest sizes can be
used without having to include "packet.h" in everything

CHANGES 1.99.1 -> 1.99.2

+ various minor cleanups
+ fix longstanding pasto where the key server preference packets are
displayed with the correct ptag information
+ up until now, there has been an asymmetry in the command line
options for netpgp(1) - whilst a file may have signature information
added to it with the "--sign" command, there has been no way to
retrieve the contents of the file without the signature. The new
"--cat" option does this (there are synonyms of "--verify-show" and
"--verify-cat") - the signature is verified, and if it matches, the
original contents of the file are sent to the output file (which
defaults to stdout, and can be set with the --output option on the
command line). If the signature does not match, there is no output,
and an EXIT_FAILURE code is returned.
+ revamped netpgp(1) to make it clear what commands are available, how
these commands relate to each other, and which commands take custom
options

CHANGES 1.0.0 -> 1.99.1

+ released and tagged version 1.0.0; development version now 1.99.1
+ get rid of some fields which are no longer needed
+ minor name changes
+ add mmapped field to ops_data_t struct to denote that the array needs an
munmap(2) and not a free(3)
+ add an __ops_mem_readfile() function, and use it for reading files.
The function does mmap(2), and then falls back to read(2) if that fails.
Retire unused __ops_fileread() which had an unusual interface
+ drop sign_detached() from netpgp.c down into signature.c as
__ops_sign_detached()

+ don't use arrays of length 1 to hold single instances of characters,
unsigned or not - just use a single character itself
+ misc cleanup
+ rename cinfo to "output" and ops_createinfo_t to "ops_output_t" to
be a bit more descriptive
+ shorten some long names
+ get rid of test for libgen.h - it's not needed anymore
+ bump to version 0.99.4, and 20090515 sources, regenerate configure and co
+ numerous name changes to be more consistent and more concise
+ add verbosity level to the variables that can be set and retrieved by
netpgp_setvar() and netpgp_getvar()
+ added --verbose option to netpgp(1)
+ add __RCSID() to all files

+ got rid of "local" header files. These aren't necessary since the openpgpsdk
code was modified to all be in the same directory
+ added netpgp_getvar() and netpgp_setvar(), and use them to get and set the
user id and hash algorithm preference
+ get rid of <stdbool.h> usage - I'm still not sure this is the way we should
be going long term, but the bool changes got integrated with the others,
and are there in cvs history if we want to resurrect them. Correct autoconf
accordingly. Bump netpgp minimus version, and autoconf-based date version.
+ updated documentation to reflect these changes

branches: 1.11.2;
Commit the weekend's changes:

+ minor name changes
+ remove duplicated code (commented out) in packet-print.c
+ original code contained abstraction violations for hash size - fix them
+ get rid of some magic constants related to length of hash arrays
+ allow a choice of hash algorithms for the signature digest (rather
than hardcoding SHA1 - it is looking as though collisions are easier
to manufacture based on recent findings)
+ move default signature RSA hash algorithm to SHA256 (from SHA1). This is
passed as a string parameter from the high-level interface. We'll
revisit this later after a good way to specify the algorithm has been
found.
+ display the size of the keys in --list-packets
+ display the keydata prior to file decryption

+ add a --help option
+ if setrlimit exists, set the core dump size to be 0
(with thanks to mrg for the reference implementation)
+ get rid of __ops_start_cleartext_sig/__ops_start_msg_sig abstractions
and just "export" the __ops_start_sig function - the function is not
actually exported, just usable by other __ops functions
+ bump internal version number to 0.99.2, autoconf version to 20090506
+ prettify usage message output

Change some names to something a bit less obscure.

e.g. For some unfathomable reason, I find "__ops_write_mem_from_file" a bit
counterintuitive - replace that by "__ops_fileread"

Don't bother searching for assert.h, it's not needed any more

+ __ops_packet_t -> __ops_subpacket_t
+ __ops_parser_content_t -> __ops_packet_t
+ rename some other long names
51 chars is the record function name length so far
+ preliminary moves to support detached signatures
as yet, incomplete
+ add back command line option to list packets in a signed or encrypted file
+ make __ops_parse() take an argument whether to print errors, and kill the
__ops_parse_and_print_errors() function
+ get rid of some assertions in the code - this is a library - about 100 to go

Reorder the args to a static function to mirror some other function calls.

Attempt to use mmap(2) to read a file, and fall back to multiple read(2)
calls if that fails.

Make this code WARNS=4
Add an option to the netpgp command to produce a detached signature.

WARNS=3 fixes

Let's allocate enough space for the keyring structure, and not a pointer to it.

WARNS=4 changes

branches: 1.1.1;
Initial revision

cleanly fail initialization on empty keyring

Fix some error handling, json support, keyring handling.

branches: 1.101.10; 1.101.12;
Avoid some type casts

Submitted on tech-pkg@ as:
[PATCH 03/11] Avoid some type casts

No functional change intended.

Revert "Remove a useless loop around getpass()"

getpass(3) may return NULL upon failures on Linux, and netpgp should remain
portable to other systems.

Remove a useless loop around getpass()

According to getpass(3), this library function cannot return NULL.
Verified with a source code inspection.

branches: 1.98.2; 1.98.4;
CID 977755: Resource leaks.

Fix signing of in-memory data with SSH keys

Add the --trusted-keys argument to netpgpkeys(1) to print out PGP ids in a
machine-readable manner.

re-order the fields that we print out in the pgp_sprint_pubkey() function
to be more usual.

print out the name from within pgp_sprint_pubkey() rather than tagging it
onto the end of the output from the function.

branches: 1.94.2;
plug some memory leaks in error paths

when matching pubkeys, also return the first (pgp) uid for the key in the
resultant key listing

when using json to format keys returned from libnetpgp, also prepare for
machine-readable format ("mr") as well as human ("human"), even though
it's not yet used.

get some things off the TODO list

when initialising, recognise keys in a different order.

1. read the public keyring

2. if a userid has been specified, use it

3. if not, check the configuration file (~/.gnupg/gpg.conf) for a
default user id

4, only read the secret keyring if we need to (decrypting or signing)

5. if signing, and we still don't have a userid, use the first key in
the secret keyring

6. if encrypting, and we still have no userid, use the first in the
public keyring

ssh keys remain the same as previously.

only attempt to load the secret key if we need to (for signing or for
decrypting).

change mj library to take an additional argument for a string type,
denoting its length. this allows binary strings to be encoded using
libmj.

escape magic characters in json strings in a more efficient manner.
the previous method was not scalable.

update callers to suit

bump libmj major version number

add examples to the libmj(3) man page

avoid a double free - from Anthony Bentley.

clean up lint (on amd64)

avoid nameclash - call the generated user id variable "generated userid"

also keep the time of structure initialisation as an internal variable.

When generating a key, set the new key's userid (last 16 bytes of
fingerprint) as an internal netpgp variable.

This can then be queried using netpgp_getvar(netpgp, "userid") to find the
new key's id.

Fix PR 44075 from Peter Pentchev, but do this by adding a
--numtries=<attempts> option to netpgp(1) to provide the maximum
number of attempts to retrieve the correct passphrase when signing or
decrypting, and use it in libnetpgp(3). The default number of
attempts is 3, and a value of "unlimited" will loop until the correct
passphrase has been entered.

Use a regular expression to match the various ASCII-armoured headers we
may encounter - fixes PR 44074 from Peter Pentchev in a different way.

Changes to help with netpgp key generation and interoperability:

+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
secret-sharing functionality for netpgp

Rename internal ops-ssh.h header file to ssh2pgp.h to better reflect its
use.

Take the internal functions and definitions back out of the implementation
namespace:

:g/\<__ops/s//pgp/g
:g/\<__OPS/s//__PGP/g
:g/\<OPS/s//PGP/g

No functional change, regression tests complete successfully.

allow user-specification of cipher to be used when encrypting packets.

preserve the CAST5 default for now.

at the user level, this is specified using the --cipher=<ciphername>
option.

Update to version 3.99.13:

+ add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
as specified in RFC 5581
+ add the camellia cipher implementation from openssl

PR/42435 : Check pointers against NULL to avoid dereferencing them

2 minor changes:

+ when writing out the key as an ssh key, don't include the user id
information at the end, in-line with expectations about standard ssh
key formats

+ since the signing key changed its "menu line" entry from "pub" to
"signature", the offset of the key id moved 7 chars to the right, so
take this into consideration when generating new keys

Allow the user specification of the secret key file as the
--sshkeyfile or -S argument, and check that the public key file exists
before trying to read it.

Changes to 3.99.12/20100907

+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias [-S file] for [--sshkeyfile file] to
netpgpkeys(1) and netpgp(1)

As far as ssh key file support goes, see the following example:

% cp configure a
% netpgp -S ~/.ssh/id_rsa.pub -e a
% netpgp -S ~/.ssh/id_rsa.pub -d a.gpg
Enter PEM pass phrase:
% ls -al a a.gpg
-rwxr-xr-x 1 agc agc 758398 Sep 7 05:38 a
-rw------- 1 agc agc 156886 Sep 7 05:38 a.gpg
%

Add a utility function, netpgp_write_sshkey(3), which will take a PGP public
key (RSA only) and format it as an ssh pubkey.

If we get passed a key which has no subuids, sigs, fingerprint or any
other data, and has been revoked, don't even attempt to print it out.

move the functions to parse the JSON from netpgpkeys(1) into libnetpgp(3)

update the version number for recent changes.

update the date for recent changes.

regenerate the autoconf files.

Various minor changes to netpgp:

+ be smarter when checking for a null id
+ add test for rubbish being returned when listing specific keys in netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys

Denote the signing key with the word "signature" (the encryption key
already has the tag "encryption"). This is a bit more meaningful than
"pub" and "sub".

fix some more amd64 lint

+ rationalise birthtime/expiration timestamps into a single function

+ clean up some 64-bit (amd64) lint

Changes to 3.99.9/20100809

+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1)
+ add some small preparations for using the first subkey for encryption
(much more to follow)

Catch up the JSON routines being in their own library. Use the JSON routines
to return all the text as a JSON-encoded string for all keys and sigs which
are returned.

minor clean up after ourselves - free a compiled regexp

Changes to 3.99.7/20100701

+ recognise ascii-armoured encrypted messages properly, in memory and
in files
+ print error message and exit for now when trying to encrypt with a DSA key
+ fix bug reported by dyoung when trying to print out the encryption key
fingerprint

if using ssh keys with any of the netpgp programs, set the home
directory appropriately.

add some aliases for long command options across all programs

Use the correct default ssh user key file (just a typo).

Use the portable strcasecmp() function.

factor out the code which recognises ASCII-armour into its own function.

factor out code to append a key to the pubring file.

recognise ascii-armoured headers on keys when importing.

Changes to 3.99.5

+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
older hexdump function from openpgpsdk
+ pass hash type down from command line where needed
+ add test for netpgp/ssh key fingerprint matching
+ make netpgpkeys(1) take a --hash= option

With these changes, netpgp can be made to generate the same fingerprint as
openssh (by default, ssh-keygen(1) uses an md5 digest)

% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5
1 key
pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11
Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>

% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b /etc/ssh/ssh_host_rsa_key.pub (RSA)
%

Check for a null keyring before listing keys - with thanks to Jeff Rizzo
for the problem report.

make sure we have created a directory when generating a new key.

don't try to re-read the key after writing it - that's done by a separate
function. Problem found by Tyler Retzlaff, fixed in a different way.

check that keyrings are non-NULL before attempting to free them - from a
nudge by Tyler Retzlaff.

Simplify and shorten the internals of packet processing by getting rid of
the intermediate pseudo-abstraction layer, which detracted from understanding
and had no benefit whatsoever. Rename some enums and some definitions.

Protect against NULL pointers in key output in a different way - only
advance its counter if it's non-NULL.

Regression test for this is:

netpgpkeys --list-key '\.de\>'

with my standard keyring (to list all keys which have at least one subuid
with a German email address).

avoid a duplicated error message

extend the resolve_userid() function to take a keyring, and use it for
functions which require a secret key as well.

add a static function to resolve the userid in one place, and start to use it

One more reason not to use DSA keys:

The DSA algorithm seems to require a digest value which is 20 bytes
long, which kind of implies SHA-1.

If we have a DSA signature, use SHA-1 as a hash algorithm, for backwards
compatibility. RSA signatures continue to use SHA256 by default, although
this can be given as an argument, if desired.

This fixes DSA signatures with netpgp:

% netpgp --sign --userid d4a643c5 a
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% netpgp --verify a.gpg
Good signature for a.gpg made Tue May 18 05:41:25 2010
using DSA key 8222c3ecd4a643c5
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
%

When setting up res (results), errs (error) and outs (outputs) streams,
change the pre-defined stdio streams to be denoted by "<stdout>" and
"<stderr>", to distinguish them from file names.

In netpgpkeys(1), send the default "res" (results) stream to stdout,
rather than stderr. Requested by Anon Ymous (and makes perfect sense).

Avoid a possible overwrite of a value in the (key, value) array, in
the event that a reference to the value is passed to the
netpgp_setvar() function as the new value. Problem noted, cause
detected, and most of the fix contributed by, Anon Ymous. Thanks!

if the home directory does not exist, still set its value as a netpgp
variable, as the netpgpkeys(1) program, for one, will try to create the
home directory if it does not exist.

should fix PR 42435

use hexdump() function where appropriate.

change the way that we generate a detached signature file, so that ascii
armour is used if --armor is specified. addresses PR 43248 from Juan RP.

Don't rely on \r\n line endings when doing comparisons on strings for
the presence of ASCII armored signatures. Be consistent with the spelling
of certain transatlanticly-munged words.

Fix (RSA) key generation.

Part of the fix for PR 42435 from Jukka Ruohonen.

Changes to 2.99.2/20100315

+ make subkey sigs available by hkp as well as on the command line
+ use the sketchily-defined vindex option to the hkp protocol to
return the subkey signature information
+ add a netpgp_unsetvar() function as a corollary to netpgp_setvar()
+ use a variable name of ''subkey sigs'' to denote that subkey
signatures should be returned with the pubkey uids

Changes to 2.99.1/20100313

+ add functionality to parse basic signature subkeys
+ in doing so, add expiration of keys
+ at the same time, add revocation of keys
+ recognise the primary user id, and use it when displaying user ids
+ recognise self signed keys and subkeys
+ rework the indentation of output
+ add the --list-sigs [userid] option to netpgpkeys(1)
+ use memcmp(3) rather than strcmp(3) when checking binary user ids to
be exported
+ add expiration display to subkey signature output
+ update libnetpgp library version major number to 3

clean up some lint that crept in.

Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes:

Changes to 1.99.20/20100304

+ move args to some functions around to be consistent
+ use uint*_t where appropriate
+ fix bug in verify memory
+ add documentation to manual pages to show how to do combined
signing/encryption and decryption/verification
+ make verification of ascii-armoured memory work the same as binary
+ eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc
PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for
newer linux platforms with glibc 2.10.1. solved a bit differently, by
implementing strdup(3) and strcasecmp(3) independently, and using regexps
to avoid calling strptime(3).

fix a bug in verifying memory.

add two examples to the netpgp(1) manual page outlining how to sign
and encrypt via a pipeline, and how to decrypt and verify/cat using a
pipeline.

Changes to 1.99.19/20100212

+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!)
+ make the singular of time units read correctly
+ print decryption key info properly when prompting for passphrase

changes to 1.99.18/20100211

small steps, but lots of them - this is the first one.

+ print out the correct key information when signing files and memory.
what used to be printed out was the copy of the public key which is
stored as part of the private key(!). does not address the info shown
when decrypting, since that is done in a different way, by callback.
this whole part needs to be re-written, but will have to wait for two
good hands.

Changes to 1.99.16/20100205

+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
packets would cause a SIGSEGV
+ add duration arg to netpgp(1), and check for validity when verifying
signatures
+ add birthtime arg to netpgp(1), and check for validity when verifying
signatures
+ add netpgp commands to print pubkey, if desired
+ allow the passphrase for the signature to be taken from --pass-fd
+ get rid of static indent value when printing packet contents
+ print signature validity times when verifying a file's signature

Remove a code excerpt which is not ready for primetime just yet

Modify regression test suite behaviour - remove the (error) tests for
commands with no file arguments, as input will now be taken from stdin,
and output will go to stdout, if no file arguments are given on the
command line.

Netpgp changes to 1.99.15/20091221

+ some ssh host keys do not have the username of the generator included
in the key itself. If there is no username in there, create one.
+ added netpgp_encrypt_memory() and netpgp_decrypt_memory()
+ overhaul netpgp(1) to work with stdin/stdout if no filenames specified:

% netpgp --encrypt < a | netpgp --decrypt > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
% diff a b
% ls -al a b
-rw-r--r-- 1 agc agc 15243 Dec 20 08:55 a
-rw-r--r-- 1 agc agc 15243 Dec 21 17:15 b
%

% netpgp --sign < a | netpgp --cat > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
Good signature for <stdin> made Mon Dec 21 18:25:02 2009
using RSA (Encrypt or Sign) key 1b68dcfcc0596823
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair@hockley-crooks.com>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com>
%

+ add explanations of memory-based operations to manual pages

Prepare for a new netpgp-20091210 portable release.

Apart from infrastructure changes, there are the following functional ones:

+ Update to version 20091210

+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring. If no
pattern is specified to match, then all keys are returned.

+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library

+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable. This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library

+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file

+ autoconf infrastructure changes

+ take a hammer to the _GNU_SOURCE definitions problems

+ don't rely on strnlen(3) being present everywhere

+ When using ssh keys, use the first key as the default userid, unless
specified.

+ The internal variable "sshetcdir" has been renamed to "sshkeydir"

+ When matching the text fields in the username, use an ICASE, NOSUB, EXTENDED
regular expression. This allows more advanced ways of searching, such as:

% netpgpkeys --list-keys '\.de\>'

to find all the keys in the default keyring which have an email address
in Germany. This is actually surprisingly useful.

Add the ability to use ssh host keys (on the fly) to provide RSA keys.

These keys can be used in the same way as normal PGP keys - to sign, verify,
encrypt and decrypt files and data.

% cp configure a
% sudo netpgp --ssh-keys --sign --userid 1e00404a a
Password:
pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
% sudo chmod 644 a.gpg
% netpgp --ssh-keys --verify a.gpg
netpgp: default key set to "C0596823"
can't open '/etc/ssh/ssh_host_rsa_key'
Good signature for a.gpg made Fri Dec 4 23:04:36 2009
using RSA (Encrypt or Sign) key 040180871e00404a
pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>
% uname -a
NetBSD osx-vm1.crowthorne.alistaircrooks.co.uk 5.99.20 NetBSD 5.99.20 (ISCSI) #0: Wed Oct 7 17:16:33 PDT 2009 agc@osx-vm1.crowthorne.alistaircrooks.co.uk:/usr/obj/i386/usr/src/sys/arch/i386/compile/ISCSI i386
%

The ssh host keys do not need to be manipulated in any way - the information
is read from existing files.

Commit some changes that have been in a private tree for a while:

+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions

Clean up some Flexelint (issues pointed out by phk - many thanks!).

Also make sure the return value for each memory allocation is checked - this
is still a WIP.

Clean up more Flexelint, from phk - many thanks! - just low-hanging fruit
for just now.

Move the null file checks for sign/verify/encrypt/decrypt down into the
library itself. Update the regression test script to add some tests.

Don't complain if $HOME/.gnupg does not exist (and using --homedir).

Don't require a userid to be set in the gpg.conf file - it can be set
on the command line when it's needed (for signing and encryption, the
other operations in netpgp(1) will take the userid from the
signed/encrypted file).

Add tests for the lack of a default userid in the config file.

+ only prompt for the passphrase for the secret key if the secret key is
protected by a passphrase

CHANGES 1.99.10 -> 1.99.11

+ address keys array from 0 with unsigned indices
+ print results to io->res stream - default to stderr, and set using
netpgp_setvar(..., "results", filename)
+ __ops_keyid()'s third arg was always the size of the keyid array - no need
to pass it
+ get rid of the excessive type-checking in packet-show-cast.h, which wasn't
necessary, and fold all the show routines into packet-show.c
+ introduce a generic __ops_new() and use it for some structure allocation

Add a separate res output stream for results, and print results to it.

This is settable from userlevel by using
netpgp_setvar(..., "results", filename)

CHANGES 1.99.9 -> 1.99.10

+ fix a bug in decryption whereby a bad passphrase would cause a segmentation
violation
+ fix some regressions in key searching in the underlying find keys routines
+ add C++ declaration protection to the external interface in netpgp.h
+ split out the key management parts of netpgp(1) into netpgpkeys(1)

CHANGES 1.99.8 -> 1.99.9

+ make more use of __ops_io_t structure
+ addition of standalone, stripped-down netpgpverify utility
+ addition of test for --list-packets on an empty file
+ bring forward some simplifications from netpgpverify
+ some name changes
+ get rid of the increment and then decrement keycount around
accumulated data ("it's to do with counting")
+ then use unsigned integers for the size and counts for the
dynamic array of keys, and use the common dynamic array macros
for keys in a keyring
+ if it's a union, let's use it as a union, not a struct
+ modified documentation to correct the --list-packets command (sorry, ver)
+ add a new directory structure for both the distribution and the
reachover Makefiles. The autotest framework has been partially overhauled
but more TLC is needed here.
+ add a --pass-fd=n option so that external programs can provide the
passphrase on a file descriptor without going through the callback,
requested by joerg

Fix an core dump reported by Oliver Gould - if there is no file from which
to read packets to list, fail with a decent error message.

CHANGES 1.99.7 -> 1.99.8

+ get rid of __ops_malloc_passphrase() - strdup() works just as well
+ generalise __ops_seckey_forget() to become __ops_forget(), give it a size
parameter, and make it work on things other than secret keys (passphrases
for instance)
+ minor struct field enum renaming
+ minor function call renaming
+ add ops_io_t struct to hold pointers to IO streams, and pass it down
where necessary

CHANGES 1.99.5 -> 1.99.6

+ made --homedir=d consistent with POLS. Default is $HOME/.gnupg, and
if a directory is specified with --homedir=d, the directory containing
conf file and keyrings is taken to be "d".

CHANGES 1.99.4 -> 1.99.5

+ Luke Mewburn completely overhauled the auto tools infrastructure
+ changed signature (hah!) of some netpgp file management prototypes to
use const char * for file names and user ids, not char * - suggested by
christos
+ change some of the openpgpsdk display functions to return integer values,
and send those values back from the netpgp functions - suggested by
christos
+ rather than passing a shedload of variables to netpgp_init(), get rid
of them, and set variables using the netpgp_[gs]etvar() interface
+ replace some magic constants with descriptive names
+ use a netpgp variable to skip userid checks if necessary
+ add ability to allow coredumps via --coredumps if (a) you have taken
leave of your sanity, and (b) you have some magical persistent
storage which doesn't spare sectors, and (c) you know how to remove
a file securely
+ bumped library version on NetBSD to 1.0 for interface changes

CHANGES 1.99.3 -> 1.99.4

+ get rid of some magic constants
+ revamped regression test script to count number of tests passed
+ made checkhash array in ops_seckey_t dynamic, rather than statically
allocated
+ made mdc array dynamic, and added a length field to mdc for future use
+ revamped usage message to match reality
+ made portable version again for the autoconfed package sources
+ add separate netpgpdigest.h file so that separate digest sizes can be
used without having to include "packet.h" in everything

CHANGES 1.99.1 -> 1.99.2

+ various minor cleanups
+ fix longstanding pasto where the key server preference packets are
displayed with the correct ptag information
+ up until now, there has been an asymmetry in the command line
options for netpgp(1) - whilst a file may have signature information
added to it with the "--sign" command, there has been no way to
retrieve the contents of the file without the signature. The new
"--cat" option does this (there are synonyms of "--verify-show" and
"--verify-cat") - the signature is verified, and if it matches, the
original contents of the file are sent to the output file (which
defaults to stdout, and can be set with the --output option on the
command line). If the signature does not match, there is no output,
and an EXIT_FAILURE code is returned.
+ revamped netpgp(1) to make it clear what commands are available, how
these commands relate to each other, and which commands take custom
options

CHANGES 1.0.0 -> 1.99.1

+ released and tagged version 1.0.0; development version now 1.99.1
+ get rid of some fields which are no longer needed
+ minor name changes
+ add mmapped field to ops_data_t struct to denote that the array needs an
munmap(2) and not a free(3)
+ add an __ops_mem_readfile() function, and use it for reading files.
The function does mmap(2), and then falls back to read(2) if that fails.
Retire unused __ops_fileread() which had an unusual interface
+ drop sign_detached() from netpgp.c down into signature.c as
__ops_sign_detached()

+ don't use arrays of length 1 to hold single instances of characters,
unsigned or not - just use a single character itself
+ misc cleanup
+ rename cinfo to "output" and ops_createinfo_t to "ops_output_t" to
be a bit more descriptive
+ shorten some long names
+ get rid of test for libgen.h - it's not needed anymore
+ bump to version 0.99.4, and 20090515 sources, regenerate configure and co
+ numerous name changes to be more consistent and more concise
+ add verbosity level to the variables that can be set and retrieved by
netpgp_setvar() and netpgp_getvar()
+ added --verbose option to netpgp(1)
+ add __RCSID() to all files

+ got rid of "local" header files. These aren't necessary since the openpgpsdk
code was modified to all be in the same directory
+ added netpgp_getvar() and netpgp_setvar(), and use them to get and set the
user id and hash algorithm preference
+ get rid of <stdbool.h> usage - I'm still not sure this is the way we should
be going long term, but the bool changes got integrated with the others,
and are there in cvs history if we want to resurrect them. Correct autoconf
accordingly. Bump netpgp minimus version, and autoconf-based date version.
+ updated documentation to reflect these changes

branches: 1.11.2;
Commit the weekend's changes:

+ minor name changes
+ remove duplicated code (commented out) in packet-print.c
+ original code contained abstraction violations for hash size - fix them
+ get rid of some magic constants related to length of hash arrays
+ allow a choice of hash algorithms for the signature digest (rather
than hardcoding SHA1 - it is looking as though collisions are easier
to manufacture based on recent findings)
+ move default signature RSA hash algorithm to SHA256 (from SHA1). This is
passed as a string parameter from the high-level interface. We'll
revisit this later after a good way to specify the algorithm has been
found.
+ display the size of the keys in --list-packets
+ display the keydata prior to file decryption

+ add a --help option
+ if setrlimit exists, set the core dump size to be 0
(with thanks to mrg for the reference implementation)
+ get rid of __ops_start_cleartext_sig/__ops_start_msg_sig abstractions
and just "export" the __ops_start_sig function - the function is not
actually exported, just usable by other __ops functions
+ bump internal version number to 0.99.2, autoconf version to 20090506
+ prettify usage message output

Change some names to something a bit less obscure.

e.g. For some unfathomable reason, I find "__ops_write_mem_from_file" a bit
counterintuitive - replace that by "__ops_fileread"

Don't bother searching for assert.h, it's not needed any more

+ __ops_packet_t -> __ops_subpacket_t
+ __ops_parser_content_t -> __ops_packet_t
+ rename some other long names
51 chars is the record function name length so far
+ preliminary moves to support detached signatures
as yet, incomplete
+ add back command line option to list packets in a signed or encrypted file
+ make __ops_parse() take an argument whether to print errors, and kill the
__ops_parse_and_print_errors() function
+ get rid of some assertions in the code - this is a library - about 100 to go

Reorder the args to a static function to mirror some other function calls.

Attempt to use mmap(2) to read a file, and fall back to multiple read(2)
calls if that fails.

Make this code WARNS=4
Add an option to the netpgp command to produce a detached signature.

WARNS=3 fixes

Let's allocate enough space for the keyring structure, and not a pointer to it.

WARNS=4 changes

branches: 1.1.1;
Initial revision

Fix some error handling, json support, keyring handling.

branches: 1.101.10;
Avoid some type casts

Submitted on tech-pkg@ as:
[PATCH 03/11] Avoid some type casts

No functional change intended.

Revert "Remove a useless loop around getpass()"

getpass(3) may return NULL upon failures on Linux, and netpgp should remain
portable to other systems.

Remove a useless loop around getpass()

According to getpass(3), this library function cannot return NULL.
Verified with a source code inspection.

branches: 1.98.2; 1.98.4;
CID 977755: Resource leaks.

Fix signing of in-memory data with SSH keys

Add the --trusted-keys argument to netpgpkeys(1) to print out PGP ids in a
machine-readable manner.

re-order the fields that we print out in the pgp_sprint_pubkey() function
to be more usual.

print out the name from within pgp_sprint_pubkey() rather than tagging it
onto the end of the output from the function.

branches: 1.94.2;
plug some memory leaks in error paths

when matching pubkeys, also return the first (pgp) uid for the key in the
resultant key listing

when using json to format keys returned from libnetpgp, also prepare for
machine-readable format ("mr") as well as human ("human"), even though
it's not yet used.

get some things off the TODO list

when initialising, recognise keys in a different order.

1. read the public keyring

2. if a userid has been specified, use it

3. if not, check the configuration file (~/.gnupg/gpg.conf) for a
default user id

4, only read the secret keyring if we need to (decrypting or signing)

5. if signing, and we still don't have a userid, use the first key in
the secret keyring

6. if encrypting, and we still have no userid, use the first in the
public keyring

ssh keys remain the same as previously.

only attempt to load the secret key if we need to (for signing or for
decrypting).

change mj library to take an additional argument for a string type,
denoting its length. this allows binary strings to be encoded using
libmj.

escape magic characters in json strings in a more efficient manner.
the previous method was not scalable.

update callers to suit

bump libmj major version number

add examples to the libmj(3) man page

avoid a double free - from Anthony Bentley.

clean up lint (on amd64)

avoid nameclash - call the generated user id variable "generated userid"

also keep the time of structure initialisation as an internal variable.

When generating a key, set the new key's userid (last 16 bytes of
fingerprint) as an internal netpgp variable.

This can then be queried using netpgp_getvar(netpgp, "userid") to find the
new key's id.

Fix PR 44075 from Peter Pentchev, but do this by adding a
--numtries=<attempts> option to netpgp(1) to provide the maximum
number of attempts to retrieve the correct passphrase when signing or
decrypting, and use it in libnetpgp(3). The default number of
attempts is 3, and a value of "unlimited" will loop until the correct
passphrase has been entered.

Use a regular expression to match the various ASCII-armoured headers we
may encounter - fixes PR 44074 from Peter Pentchev in a different way.

Changes to help with netpgp key generation and interoperability:

+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
secret-sharing functionality for netpgp

Rename internal ops-ssh.h header file to ssh2pgp.h to better reflect its
use.

Take the internal functions and definitions back out of the implementation
namespace:

:g/\<__ops/s//pgp/g
:g/\<__OPS/s//__PGP/g
:g/\<OPS/s//PGP/g

No functional change, regression tests complete successfully.

allow user-specification of cipher to be used when encrypting packets.

preserve the CAST5 default for now.

at the user level, this is specified using the --cipher=<ciphername>
option.

Update to version 3.99.13:

+ add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
as specified in RFC 5581
+ add the camellia cipher implementation from openssl

PR/42435 : Check pointers against NULL to avoid dereferencing them

2 minor changes:

+ when writing out the key as an ssh key, don't include the user id
information at the end, in-line with expectations about standard ssh
key formats

+ since the signing key changed its "menu line" entry from "pub" to
"signature", the offset of the key id moved 7 chars to the right, so
take this into consideration when generating new keys

Allow the user specification of the secret key file as the
--sshkeyfile or -S argument, and check that the public key file exists
before trying to read it.

Changes to 3.99.12/20100907

+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias [-S file] for [--sshkeyfile file] to
netpgpkeys(1) and netpgp(1)

As far as ssh key file support goes, see the following example:

% cp configure a
% netpgp -S ~/.ssh/id_rsa.pub -e a
% netpgp -S ~/.ssh/id_rsa.pub -d a.gpg
Enter PEM pass phrase:
% ls -al a a.gpg
-rwxr-xr-x 1 agc agc 758398 Sep 7 05:38 a
-rw------- 1 agc agc 156886 Sep 7 05:38 a.gpg
%

Add a utility function, netpgp_write_sshkey(3), which will take a PGP public
key (RSA only) and format it as an ssh pubkey.

If we get passed a key which has no subuids, sigs, fingerprint or any
other data, and has been revoked, don't even attempt to print it out.

move the functions to parse the JSON from netpgpkeys(1) into libnetpgp(3)

update the version number for recent changes.

update the date for recent changes.

regenerate the autoconf files.

Various minor changes to netpgp:

+ be smarter when checking for a null id
+ add test for rubbish being returned when listing specific keys in netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys

Denote the signing key with the word "signature" (the encryption key
already has the tag "encryption"). This is a bit more meaningful than
"pub" and "sub".

fix some more amd64 lint

+ rationalise birthtime/expiration timestamps into a single function

+ clean up some 64-bit (amd64) lint

Changes to 3.99.9/20100809

+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1)
+ add some small preparations for using the first subkey for encryption
(much more to follow)

Catch up the JSON routines being in their own library. Use the JSON routines
to return all the text as a JSON-encoded string for all keys and sigs which
are returned.

minor clean up after ourselves - free a compiled regexp

Changes to 3.99.7/20100701

+ recognise ascii-armoured encrypted messages properly, in memory and
in files
+ print error message and exit for now when trying to encrypt with a DSA key
+ fix bug reported by dyoung when trying to print out the encryption key
fingerprint

if using ssh keys with any of the netpgp programs, set the home
directory appropriately.

add some aliases for long command options across all programs

Use the correct default ssh user key file (just a typo).

Use the portable strcasecmp() function.

factor out the code which recognises ASCII-armour into its own function.

factor out code to append a key to the pubring file.

recognise ascii-armoured headers on keys when importing.

Changes to 3.99.5

+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
older hexdump function from openpgpsdk
+ pass hash type down from command line where needed
+ add test for netpgp/ssh key fingerprint matching
+ make netpgpkeys(1) take a --hash= option

With these changes, netpgp can be made to generate the same fingerprint as
openssh (by default, ssh-keygen(1) uses an md5 digest)

% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5
1 key
pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11
Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>

% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b /etc/ssh/ssh_host_rsa_key.pub (RSA)
%

Check for a null keyring before listing keys - with thanks to Jeff Rizzo
for the problem report.

make sure we have created a directory when generating a new key.

don't try to re-read the key after writing it - that's done by a separate
function. Problem found by Tyler Retzlaff, fixed in a different way.

check that keyrings are non-NULL before attempting to free them - from a
nudge by Tyler Retzlaff.

Simplify and shorten the internals of packet processing by getting rid of
the intermediate pseudo-abstraction layer, which detracted from understanding
and had no benefit whatsoever. Rename some enums and some definitions.

Protect against NULL pointers in key output in a different way - only
advance its counter if it's non-NULL.

Regression test for this is:

netpgpkeys --list-key '\.de\>'

with my standard keyring (to list all keys which have at least one subuid
with a German email address).

avoid a duplicated error message

extend the resolve_userid() function to take a keyring, and use it for
functions which require a secret key as well.

add a static function to resolve the userid in one place, and start to use it

One more reason not to use DSA keys:

The DSA algorithm seems to require a digest value which is 20 bytes
long, which kind of implies SHA-1.

If we have a DSA signature, use SHA-1 as a hash algorithm, for backwards
compatibility. RSA signatures continue to use SHA256 by default, although
this can be given as an argument, if desired.

This fixes DSA signatures with netpgp:

% netpgp --sign --userid d4a643c5 a
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% netpgp --verify a.gpg
Good signature for a.gpg made Tue May 18 05:41:25 2010
using DSA key 8222c3ecd4a643c5
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
%

When setting up res (results), errs (error) and outs (outputs) streams,
change the pre-defined stdio streams to be denoted by "<stdout>" and
"<stderr>", to distinguish them from file names.

In netpgpkeys(1), send the default "res" (results) stream to stdout,
rather than stderr. Requested by Anon Ymous (and makes perfect sense).

Avoid a possible overwrite of a value in the (key, value) array, in
the event that a reference to the value is passed to the
netpgp_setvar() function as the new value. Problem noted, cause
detected, and most of the fix contributed by, Anon Ymous. Thanks!

if the home directory does not exist, still set its value as a netpgp
variable, as the netpgpkeys(1) program, for one, will try to create the
home directory if it does not exist.

should fix PR 42435

use hexdump() function where appropriate.

change the way that we generate a detached signature file, so that ascii
armour is used if --armor is specified. addresses PR 43248 from Juan RP.

Don't rely on \r\n line endings when doing comparisons on strings for
the presence of ASCII armored signatures. Be consistent with the spelling
of certain transatlanticly-munged words.

Fix (RSA) key generation.

Part of the fix for PR 42435 from Jukka Ruohonen.

Changes to 2.99.2/20100315

+ make subkey sigs available by hkp as well as on the command line
+ use the sketchily-defined vindex option to the hkp protocol to
return the subkey signature information
+ add a netpgp_unsetvar() function as a corollary to netpgp_setvar()
+ use a variable name of ''subkey sigs'' to denote that subkey
signatures should be returned with the pubkey uids

Changes to 2.99.1/20100313

+ add functionality to parse basic signature subkeys
+ in doing so, add expiration of keys
+ at the same time, add revocation of keys
+ recognise the primary user id, and use it when displaying user ids
+ recognise self signed keys and subkeys
+ rework the indentation of output
+ add the --list-sigs [userid] option to netpgpkeys(1)
+ use memcmp(3) rather than strcmp(3) when checking binary user ids to
be exported
+ add expiration display to subkey signature output
+ update libnetpgp library version major number to 3

clean up some lint that crept in.

Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes:

Changes to 1.99.20/20100304

+ move args to some functions around to be consistent
+ use uint*_t where appropriate
+ fix bug in verify memory
+ add documentation to manual pages to show how to do combined
signing/encryption and decryption/verification
+ make verification of ascii-armoured memory work the same as binary
+ eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc
PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for
newer linux platforms with glibc 2.10.1. solved a bit differently, by
implementing strdup(3) and strcasecmp(3) independently, and using regexps
to avoid calling strptime(3).

fix a bug in verifying memory.

add two examples to the netpgp(1) manual page outlining how to sign
and encrypt via a pipeline, and how to decrypt and verify/cat using a
pipeline.

Changes to 1.99.19/20100212

+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!)
+ make the singular of time units read correctly
+ print decryption key info properly when prompting for passphrase

changes to 1.99.18/20100211

small steps, but lots of them - this is the first one.

+ print out the correct key information when signing files and memory.
what used to be printed out was the copy of the public key which is
stored as part of the private key(!). does not address the info shown
when decrypting, since that is done in a different way, by callback.
this whole part needs to be re-written, but will have to wait for two
good hands.

Changes to 1.99.16/20100205

+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
packets would cause a SIGSEGV
+ add duration arg to netpgp(1), and check for validity when verifying
signatures
+ add birthtime arg to netpgp(1), and check for validity when verifying
signatures
+ add netpgp commands to print pubkey, if desired
+ allow the passphrase for the signature to be taken from --pass-fd
+ get rid of static indent value when printing packet contents
+ print signature validity times when verifying a file's signature

Remove a code excerpt which is not ready for primetime just yet

Modify regression test suite behaviour - remove the (error) tests for
commands with no file arguments, as input will now be taken from stdin,
and output will go to stdout, if no file arguments are given on the
command line.

Netpgp changes to 1.99.15/20091221

+ some ssh host keys do not have the username of the generator included
in the key itself. If there is no username in there, create one.
+ added netpgp_encrypt_memory() and netpgp_decrypt_memory()
+ overhaul netpgp(1) to work with stdin/stdout if no filenames specified:

% netpgp --encrypt < a | netpgp --decrypt > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
% diff a b
% ls -al a b
-rw-r--r-- 1 agc agc 15243 Dec 20 08:55 a
-rw-r--r-- 1 agc agc 15243 Dec 21 17:15 b
%

% netpgp --sign < a | netpgp --cat > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
Good signature for <stdin> made Mon Dec 21 18:25:02 2009
using RSA (Encrypt or Sign) key 1b68dcfcc0596823
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair@hockley-crooks.com>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com>
%

+ add explanations of memory-based operations to manual pages

Prepare for a new netpgp-20091210 portable release.

Apart from infrastructure changes, there are the following functional ones:

+ Update to version 20091210

+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring. If no
pattern is specified to match, then all keys are returned.

+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library

+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable. This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library

+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file

+ autoconf infrastructure changes

+ take a hammer to the _GNU_SOURCE definitions problems

+ don't rely on strnlen(3) being present everywhere

+ When using ssh keys, use the first key as the default userid, unless
specified.

+ The internal variable "sshetcdir" has been renamed to "sshkeydir"

+ When matching the text fields in the username, use an ICASE, NOSUB, EXTENDED
regular expression. This allows more advanced ways of searching, such as:

% netpgpkeys --list-keys '\.de\>'

to find all the keys in the default keyring which have an email address
in Germany. This is actually surprisingly useful.

Add the ability to use ssh host keys (on the fly) to provide RSA keys.

These keys can be used in the same way as normal PGP keys - to sign, verify,
encrypt and decrypt files and data.

% cp configure a
% sudo netpgp --ssh-keys --sign --userid 1e00404a a
Password:
pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
% sudo chmod 644 a.gpg
% netpgp --ssh-keys --verify a.gpg
netpgp: default key set to "C0596823"
can't open '/etc/ssh/ssh_host_rsa_key'
Good signature for a.gpg made Fri Dec 4 23:04:36 2009
using RSA (Encrypt or Sign) key 040180871e00404a
pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>
% uname -a
NetBSD osx-vm1.crowthorne.alistaircrooks.co.uk 5.99.20 NetBSD 5.99.20 (ISCSI) #0: Wed Oct 7 17:16:33 PDT 2009 agc@osx-vm1.crowthorne.alistaircrooks.co.uk:/usr/obj/i386/usr/src/sys/arch/i386/compile/ISCSI i386
%

The ssh host keys do not need to be manipulated in any way - the information
is read from existing files.

Commit some changes that have been in a private tree for a while:

+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions

Clean up some Flexelint (issues pointed out by phk - many thanks!).

Also make sure the return value for each memory allocation is checked - this
is still a WIP.

Clean up more Flexelint, from phk - many thanks! - just low-hanging fruit
for just now.

Move the null file checks for sign/verify/encrypt/decrypt down into the
library itself. Update the regression test script to add some tests.

Don't complain if $HOME/.gnupg does not exist (and using --homedir).

Don't require a userid to be set in the gpg.conf file - it can be set
on the command line when it's needed (for signing and encryption, the
other operations in netpgp(1) will take the userid from the
signed/encrypted file).

Add tests for the lack of a default userid in the config file.

+ only prompt for the passphrase for the secret key if the secret key is
protected by a passphrase

CHANGES 1.99.10 -> 1.99.11

+ address keys array from 0 with unsigned indices
+ print results to io->res stream - default to stderr, and set using
netpgp_setvar(..., "results", filename)
+ __ops_keyid()'s third arg was always the size of the keyid array - no need
to pass it
+ get rid of the excessive type-checking in packet-show-cast.h, which wasn't
necessary, and fold all the show routines into packet-show.c
+ introduce a generic __ops_new() and use it for some structure allocation

Add a separate res output stream for results, and print results to it.

This is settable from userlevel by using
netpgp_setvar(..., "results", filename)

CHANGES 1.99.9 -> 1.99.10

+ fix a bug in decryption whereby a bad passphrase would cause a segmentation
violation
+ fix some regressions in key searching in the underlying find keys routines
+ add C++ declaration protection to the external interface in netpgp.h
+ split out the key management parts of netpgp(1) into netpgpkeys(1)

CHANGES 1.99.8 -> 1.99.9

+ make more use of __ops_io_t structure
+ addition of standalone, stripped-down netpgpverify utility
+ addition of test for --list-packets on an empty file
+ bring forward some simplifications from netpgpverify
+ some name changes
+ get rid of the increment and then decrement keycount around
accumulated data ("it's to do with counting")
+ then use unsigned integers for the size and counts for the
dynamic array of keys, and use the common dynamic array macros
for keys in a keyring
+ if it's a union, let's use it as a union, not a struct
+ modified documentation to correct the --list-packets command (sorry, ver)
+ add a new directory structure for both the distribution and the
reachover Makefiles. The autotest framework has been partially overhauled
but more TLC is needed here.
+ add a --pass-fd=n option so that external programs can provide the
passphrase on a file descriptor without going through the callback,
requested by joerg

Fix an core dump reported by Oliver Gould - if there is no file from which
to read packets to list, fail with a decent error message.

CHANGES 1.99.7 -> 1.99.8

+ get rid of __ops_malloc_passphrase() - strdup() works just as well
+ generalise __ops_seckey_forget() to become __ops_forget(), give it a size
parameter, and make it work on things other than secret keys (passphrases
for instance)
+ minor struct field enum renaming
+ minor function call renaming
+ add ops_io_t struct to hold pointers to IO streams, and pass it down
where necessary

CHANGES 1.99.5 -> 1.99.6

+ made --homedir=d consistent with POLS. Default is $HOME/.gnupg, and
if a directory is specified with --homedir=d, the directory containing
conf file and keyrings is taken to be "d".

CHANGES 1.99.4 -> 1.99.5

+ Luke Mewburn completely overhauled the auto tools infrastructure
+ changed signature (hah!) of some netpgp file management prototypes to
use const char * for file names and user ids, not char * - suggested by
christos
+ change some of the openpgpsdk display functions to return integer values,
and send those values back from the netpgp functions - suggested by
christos
+ rather than passing a shedload of variables to netpgp_init(), get rid
of them, and set variables using the netpgp_[gs]etvar() interface
+ replace some magic constants with descriptive names
+ use a netpgp variable to skip userid checks if necessary
+ add ability to allow coredumps via --coredumps if (a) you have taken
leave of your sanity, and (b) you have some magical persistent
storage which doesn't spare sectors, and (c) you know how to remove
a file securely
+ bumped library version on NetBSD to 1.0 for interface changes

CHANGES 1.99.3 -> 1.99.4

+ get rid of some magic constants
+ revamped regression test script to count number of tests passed
+ made checkhash array in ops_seckey_t dynamic, rather than statically
allocated
+ made mdc array dynamic, and added a length field to mdc for future use
+ revamped usage message to match reality
+ made portable version again for the autoconfed package sources
+ add separate netpgpdigest.h file so that separate digest sizes can be
used without having to include "packet.h" in everything

CHANGES 1.99.1 -> 1.99.2

+ various minor cleanups
+ fix longstanding pasto where the key server preference packets are
displayed with the correct ptag information
+ up until now, there has been an asymmetry in the command line
options for netpgp(1) - whilst a file may have signature information
added to it with the "--sign" command, there has been no way to
retrieve the contents of the file without the signature. The new
"--cat" option does this (there are synonyms of "--verify-show" and
"--verify-cat") - the signature is verified, and if it matches, the
original contents of the file are sent to the output file (which
defaults to stdout, and can be set with the --output option on the
command line). If the signature does not match, there is no output,
and an EXIT_FAILURE code is returned.
+ revamped netpgp(1) to make it clear what commands are available, how
these commands relate to each other, and which commands take custom
options

CHANGES 1.0.0 -> 1.99.1

+ released and tagged version 1.0.0; development version now 1.99.1
+ get rid of some fields which are no longer needed
+ minor name changes
+ add mmapped field to ops_data_t struct to denote that the array needs an
munmap(2) and not a free(3)
+ add an __ops_mem_readfile() function, and use it for reading files.
The function does mmap(2), and then falls back to read(2) if that fails.
Retire unused __ops_fileread() which had an unusual interface
+ drop sign_detached() from netpgp.c down into signature.c as
__ops_sign_detached()

+ don't use arrays of length 1 to hold single instances of characters,
unsigned or not - just use a single character itself
+ misc cleanup
+ rename cinfo to "output" and ops_createinfo_t to "ops_output_t" to
be a bit more descriptive
+ shorten some long names
+ get rid of test for libgen.h - it's not needed anymore
+ bump to version 0.99.4, and 20090515 sources, regenerate configure and co
+ numerous name changes to be more consistent and more concise
+ add verbosity level to the variables that can be set and retrieved by
netpgp_setvar() and netpgp_getvar()
+ added --verbose option to netpgp(1)
+ add __RCSID() to all files

+ got rid of "local" header files. These aren't necessary since the openpgpsdk
code was modified to all be in the same directory
+ added netpgp_getvar() and netpgp_setvar(), and use them to get and set the
user id and hash algorithm preference
+ get rid of <stdbool.h> usage - I'm still not sure this is the way we should
be going long term, but the bool changes got integrated with the others,
and are there in cvs history if we want to resurrect them. Correct autoconf
accordingly. Bump netpgp minimus version, and autoconf-based date version.
+ updated documentation to reflect these changes

branches: 1.11.2;
Commit the weekend's changes:

+ minor name changes
+ remove duplicated code (commented out) in packet-print.c
+ original code contained abstraction violations for hash size - fix them
+ get rid of some magic constants related to length of hash arrays
+ allow a choice of hash algorithms for the signature digest (rather
than hardcoding SHA1 - it is looking as though collisions are easier
to manufacture based on recent findings)
+ move default signature RSA hash algorithm to SHA256 (from SHA1). This is
passed as a string parameter from the high-level interface. We'll
revisit this later after a good way to specify the algorithm has been
found.
+ display the size of the keys in --list-packets
+ display the keydata prior to file decryption

+ add a --help option
+ if setrlimit exists, set the core dump size to be 0
(with thanks to mrg for the reference implementation)
+ get rid of __ops_start_cleartext_sig/__ops_start_msg_sig abstractions
and just "export" the __ops_start_sig function - the function is not
actually exported, just usable by other __ops functions
+ bump internal version number to 0.99.2, autoconf version to 20090506
+ prettify usage message output

Change some names to something a bit less obscure.

e.g. For some unfathomable reason, I find "__ops_write_mem_from_file" a bit
counterintuitive - replace that by "__ops_fileread"

Don't bother searching for assert.h, it's not needed any more

+ __ops_packet_t -> __ops_subpacket_t
+ __ops_parser_content_t -> __ops_packet_t
+ rename some other long names
51 chars is the record function name length so far
+ preliminary moves to support detached signatures
as yet, incomplete
+ add back command line option to list packets in a signed or encrypted file
+ make __ops_parse() take an argument whether to print errors, and kill the
__ops_parse_and_print_errors() function
+ get rid of some assertions in the code - this is a library - about 100 to go

Reorder the args to a static function to mirror some other function calls.

Attempt to use mmap(2) to read a file, and fall back to multiple read(2)
calls if that fails.

Make this code WARNS=4
Add an option to the netpgp command to produce a detached signature.

WARNS=3 fixes

Let's allocate enough space for the keyring structure, and not a pointer to it.

WARNS=4 changes

branches: 1.1.1;
Initial revision

Avoid some type casts

Submitted on tech-pkg@ as:
[PATCH 03/11] Avoid some type casts

No functional change intended.

Revert "Remove a useless loop around getpass()"

getpass(3) may return NULL upon failures on Linux, and netpgp should remain
portable to other systems.

Remove a useless loop around getpass()

According to getpass(3), this library function cannot return NULL.
Verified with a source code inspection.

branches: 1.98.2; 1.98.4;
CID 977755: Resource leaks.

Fix signing of in-memory data with SSH keys

Add the --trusted-keys argument to netpgpkeys(1) to print out PGP ids in a
machine-readable manner.

re-order the fields that we print out in the pgp_sprint_pubkey() function
to be more usual.

print out the name from within pgp_sprint_pubkey() rather than tagging it
onto the end of the output from the function.

branches: 1.94.2;
plug some memory leaks in error paths

when matching pubkeys, also return the first (pgp) uid for the key in the
resultant key listing

when using json to format keys returned from libnetpgp, also prepare for
machine-readable format ("mr") as well as human ("human"), even though
it's not yet used.

get some things off the TODO list

when initialising, recognise keys in a different order.

1. read the public keyring

2. if a userid has been specified, use it

3. if not, check the configuration file (~/.gnupg/gpg.conf) for a
default user id

4, only read the secret keyring if we need to (decrypting or signing)

5. if signing, and we still don't have a userid, use the first key in
the secret keyring

6. if encrypting, and we still have no userid, use the first in the
public keyring

ssh keys remain the same as previously.

only attempt to load the secret key if we need to (for signing or for
decrypting).

change mj library to take an additional argument for a string type,
denoting its length. this allows binary strings to be encoded using
libmj.

escape magic characters in json strings in a more efficient manner.
the previous method was not scalable.

update callers to suit

bump libmj major version number

add examples to the libmj(3) man page

avoid a double free - from Anthony Bentley.

clean up lint (on amd64)

avoid nameclash - call the generated user id variable "generated userid"

also keep the time of structure initialisation as an internal variable.

When generating a key, set the new key's userid (last 16 bytes of
fingerprint) as an internal netpgp variable.

This can then be queried using netpgp_getvar(netpgp, "userid") to find the
new key's id.

Fix PR 44075 from Peter Pentchev, but do this by adding a
--numtries=<attempts> option to netpgp(1) to provide the maximum
number of attempts to retrieve the correct passphrase when signing or
decrypting, and use it in libnetpgp(3). The default number of
attempts is 3, and a value of "unlimited" will loop until the correct
passphrase has been entered.

Use a regular expression to match the various ASCII-armoured headers we
may encounter - fixes PR 44074 from Peter Pentchev in a different way.

Changes to help with netpgp key generation and interoperability:

+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
secret-sharing functionality for netpgp

Rename internal ops-ssh.h header file to ssh2pgp.h to better reflect its
use.

Take the internal functions and definitions back out of the implementation
namespace:

:g/\<__ops/s//pgp/g
:g/\<__OPS/s//__PGP/g
:g/\<OPS/s//PGP/g

No functional change, regression tests complete successfully.

allow user-specification of cipher to be used when encrypting packets.

preserve the CAST5 default for now.

at the user level, this is specified using the --cipher=<ciphername>
option.

Update to version 3.99.13:

+ add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
as specified in RFC 5581
+ add the camellia cipher implementation from openssl

PR/42435 : Check pointers against NULL to avoid dereferencing them

2 minor changes:

+ when writing out the key as an ssh key, don't include the user id
information at the end, in-line with expectations about standard ssh
key formats

+ since the signing key changed its "menu line" entry from "pub" to
"signature", the offset of the key id moved 7 chars to the right, so
take this into consideration when generating new keys

Allow the user specification of the secret key file as the
--sshkeyfile or -S argument, and check that the public key file exists
before trying to read it.

Changes to 3.99.12/20100907

+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias [-S file] for [--sshkeyfile file] to
netpgpkeys(1) and netpgp(1)

As far as ssh key file support goes, see the following example:

% cp configure a
% netpgp -S ~/.ssh/id_rsa.pub -e a
% netpgp -S ~/.ssh/id_rsa.pub -d a.gpg
Enter PEM pass phrase:
% ls -al a a.gpg
-rwxr-xr-x 1 agc agc 758398 Sep 7 05:38 a
-rw------- 1 agc agc 156886 Sep 7 05:38 a.gpg
%

Add a utility function, netpgp_write_sshkey(3), which will take a PGP public
key (RSA only) and format it as an ssh pubkey.

If we get passed a key which has no subuids, sigs, fingerprint or any
other data, and has been revoked, don't even attempt to print it out.

move the functions to parse the JSON from netpgpkeys(1) into libnetpgp(3)

update the version number for recent changes.

update the date for recent changes.

regenerate the autoconf files.

Various minor changes to netpgp:

+ be smarter when checking for a null id
+ add test for rubbish being returned when listing specific keys in netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys

Denote the signing key with the word "signature" (the encryption key
already has the tag "encryption"). This is a bit more meaningful than
"pub" and "sub".

fix some more amd64 lint

+ rationalise birthtime/expiration timestamps into a single function

+ clean up some 64-bit (amd64) lint

Changes to 3.99.9/20100809

+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1)
+ add some small preparations for using the first subkey for encryption
(much more to follow)

Catch up the JSON routines being in their own library. Use the JSON routines
to return all the text as a JSON-encoded string for all keys and sigs which
are returned.

minor clean up after ourselves - free a compiled regexp

Changes to 3.99.7/20100701

+ recognise ascii-armoured encrypted messages properly, in memory and
in files
+ print error message and exit for now when trying to encrypt with a DSA key
+ fix bug reported by dyoung when trying to print out the encryption key
fingerprint

if using ssh keys with any of the netpgp programs, set the home
directory appropriately.

add some aliases for long command options across all programs

Use the correct default ssh user key file (just a typo).

Use the portable strcasecmp() function.

factor out the code which recognises ASCII-armour into its own function.

factor out code to append a key to the pubring file.

recognise ascii-armoured headers on keys when importing.

Changes to 3.99.5

+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
older hexdump function from openpgpsdk
+ pass hash type down from command line where needed
+ add test for netpgp/ssh key fingerprint matching
+ make netpgpkeys(1) take a --hash= option

With these changes, netpgp can be made to generate the same fingerprint as
openssh (by default, ssh-keygen(1) uses an md5 digest)

% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5
1 key
pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11
Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>

% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b /etc/ssh/ssh_host_rsa_key.pub (RSA)
%

Check for a null keyring before listing keys - with thanks to Jeff Rizzo
for the problem report.

make sure we have created a directory when generating a new key.

don't try to re-read the key after writing it - that's done by a separate
function. Problem found by Tyler Retzlaff, fixed in a different way.

check that keyrings are non-NULL before attempting to free them - from a
nudge by Tyler Retzlaff.

Simplify and shorten the internals of packet processing by getting rid of
the intermediate pseudo-abstraction layer, which detracted from understanding
and had no benefit whatsoever. Rename some enums and some definitions.

Protect against NULL pointers in key output in a different way - only
advance its counter if it's non-NULL.

Regression test for this is:

netpgpkeys --list-key '\.de\>'

with my standard keyring (to list all keys which have at least one subuid
with a German email address).

avoid a duplicated error message

extend the resolve_userid() function to take a keyring, and use it for
functions which require a secret key as well.

add a static function to resolve the userid in one place, and start to use it

One more reason not to use DSA keys:

The DSA algorithm seems to require a digest value which is 20 bytes
long, which kind of implies SHA-1.

If we have a DSA signature, use SHA-1 as a hash algorithm, for backwards
compatibility. RSA signatures continue to use SHA256 by default, although
this can be given as an argument, if desired.

This fixes DSA signatures with netpgp:

% netpgp --sign --userid d4a643c5 a
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% netpgp --verify a.gpg
Good signature for a.gpg made Tue May 18 05:41:25 2010
using DSA key 8222c3ecd4a643c5
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
%

When setting up res (results), errs (error) and outs (outputs) streams,
change the pre-defined stdio streams to be denoted by "<stdout>" and
"<stderr>", to distinguish them from file names.

In netpgpkeys(1), send the default "res" (results) stream to stdout,
rather than stderr. Requested by Anon Ymous (and makes perfect sense).

Avoid a possible overwrite of a value in the (key, value) array, in
the event that a reference to the value is passed to the
netpgp_setvar() function as the new value. Problem noted, cause
detected, and most of the fix contributed by, Anon Ymous. Thanks!

if the home directory does not exist, still set its value as a netpgp
variable, as the netpgpkeys(1) program, for one, will try to create the
home directory if it does not exist.

should fix PR 42435

use hexdump() function where appropriate.

change the way that we generate a detached signature file, so that ascii
armour is used if --armor is specified. addresses PR 43248 from Juan RP.

Don't rely on \r\n line endings when doing comparisons on strings for
the presence of ASCII armored signatures. Be consistent with the spelling
of certain transatlanticly-munged words.

Fix (RSA) key generation.

Part of the fix for PR 42435 from Jukka Ruohonen.

Changes to 2.99.2/20100315

+ make subkey sigs available by hkp as well as on the command line
+ use the sketchily-defined vindex option to the hkp protocol to
return the subkey signature information
+ add a netpgp_unsetvar() function as a corollary to netpgp_setvar()
+ use a variable name of ''subkey sigs'' to denote that subkey
signatures should be returned with the pubkey uids

Changes to 2.99.1/20100313

+ add functionality to parse basic signature subkeys
+ in doing so, add expiration of keys
+ at the same time, add revocation of keys
+ recognise the primary user id, and use it when displaying user ids
+ recognise self signed keys and subkeys
+ rework the indentation of output
+ add the --list-sigs [userid] option to netpgpkeys(1)
+ use memcmp(3) rather than strcmp(3) when checking binary user ids to
be exported
+ add expiration display to subkey signature output
+ update libnetpgp library version major number to 3

clean up some lint that crept in.

Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes:

Changes to 1.99.20/20100304

+ move args to some functions around to be consistent
+ use uint*_t where appropriate
+ fix bug in verify memory
+ add documentation to manual pages to show how to do combined
signing/encryption and decryption/verification
+ make verification of ascii-armoured memory work the same as binary
+ eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc
PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for
newer linux platforms with glibc 2.10.1. solved a bit differently, by
implementing strdup(3) and strcasecmp(3) independently, and using regexps
to avoid calling strptime(3).

fix a bug in verifying memory.

add two examples to the netpgp(1) manual page outlining how to sign
and encrypt via a pipeline, and how to decrypt and verify/cat using a
pipeline.

Changes to 1.99.19/20100212

+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!)
+ make the singular of time units read correctly
+ print decryption key info properly when prompting for passphrase

changes to 1.99.18/20100211

small steps, but lots of them - this is the first one.

+ print out the correct key information when signing files and memory.
what used to be printed out was the copy of the public key which is
stored as part of the private key(!). does not address the info shown
when decrypting, since that is done in a different way, by callback.
this whole part needs to be re-written, but will have to wait for two
good hands.

Changes to 1.99.16/20100205

+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
packets would cause a SIGSEGV
+ add duration arg to netpgp(1), and check for validity when verifying
signatures
+ add birthtime arg to netpgp(1), and check for validity when verifying
signatures
+ add netpgp commands to print pubkey, if desired
+ allow the passphrase for the signature to be taken from --pass-fd
+ get rid of static indent value when printing packet contents
+ print signature validity times when verifying a file's signature