Page MenuHome GnuPG
Files F34606967

No OneTemporary
Actions

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.
diff --git a/agent/ChangeLog b/agent/ChangeLog
index 7a4716c3d..adb278868 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,2044 +1,2056 @@
+2007-11-20 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (get_agent_scd_notify_event): New.
+ (handle_signal): Factor SIGUSR2 code out to:
+ (agent_sigusr2_action): .. New.
+ (agent_sighup_action): Print info message here and not in
+ handle_signal.
+ (handle_connections) [PTH_EVENT_HANDLE]: Call agent_sigusr2_action.
+
+ * call-scd.c (agent_scd_check_aliveness) [W32]: Implemented.
+ (start_scd) [W32]: Send event-signal option.
+
2007-11-19 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_askpin): Set the tooltip for the quality
bar.
2007-11-15 Werner Koch <wk@g10code.com>
* agent.h (struct server_control_s): Add XAUTHORITY and
PINENTRY_USER_DATA.
* gpg-agent.c: New option --xauthority.
(main, agent_init_default_ctrl)
(agent_deinit_default_ctrl): Implemented
* command.c (cmd_updatestartuptty): Ditto.
* command-ssh.c (start_command_handler_ssh): Ditto.
* call-pinentry.c (atfork_cb): Set the environment.
(start_pinentry): Pass CTRL as arg to atfork_cb.
2007-11-14 Werner Koch <wk@g10code.com>
* call-scd.c (start_scd) [W32]: Take care of fflush peculiarities.
2007-11-07 Werner Koch <wk@g10code.com>
* agent.h: Remove errors.h.
2007-10-24 Werner Koch <wk@g10code.com>
* genkey.c (check_passphrase_constraints): Changed the wording of
the warning messages.
2007-10-19 Werner Koch <wk@g10code.com>
* protect-tool.c (get_passphrase): Use new utf8 switch fucntions.
2007-10-15 Daiki Ueno <ueno@unixuser.org> (wk)
* command-ssh.c (reenter_compare_cb): New function; imported from
genkey.c.
(ssh_identity_register): Ask initial passphrase twice.
2007-10-02 Werner Koch <wk@g10code.com>
* command.c (cmd_getinfo): Add "pid" subcommand.
2007-10-01 Werner Koch <wk@g10code.com>
* agent.h (struct server_control_s): Remove unused CONNECTION_FD.
* gpg-agent.c: Remove w32-afunix.h. Include mkdtemp.h.
(socket_nonce, socket_nonce_ssh): New.
(create_server_socket): Use assuan socket wrappers. Remove W32
specific stuff. Save the server nonce.
(check_nonce): New.
(start_connection_thread, start_connection_thread_ssh): Call it.
(handle_connections): Change args to gnupg_fd_t.
* command.c (start_command_handler): Change LISTEN_FD to gnupg_fd_t.
* command-ssh.c (start_command_handler_ssh): Ditto.
2007-09-18 Werner Koch <wk@g10code.com>
* agent.h (struct pin_entry_info_s): Add element WITH_QUALITYBAR.
* genkey.c (check_passphrase_constraints): New arg SILENT.
Changed all callers.
(agent_protect_and_store, agent_genkey): Enable qualitybar.
* call-pinentry.c (agent_askpin): Send that option.
(unescape_passphrase_string): New.
(inq_quality): New.
(estimate_passphrase_quality): New.
2007-09-14 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (agent_popup_message_stop): Implement kill for
Windows.
2007-08-28 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Add option --faked-system-time.
* protect-tool.c (read_and_unprotect): Print the protected-at date.
* agent.h (struct server_control_s): Add member IN_PASSWD.
* command.c (cmd_passwd): Set it.
* findkey.c (try_unprotect_cb): Use it.
* protect.c (do_encryption): Replace asprintf by xtryasprint.
(agent_protect): Create the protected-at item.
(agent_unprotect): Add optional arg PROTECTED_AT.
(merge_lists): Add args CUTOFF and CUTLEN.
(agent_unprotect): Use them.
* findkey.c (try_unprotect_cb): Add code to test for expired keys.
(unprotect): Allow changing the passphrase.
2007-08-27 Werner Koch <wk@g10code.com>
* gpg-agent.c: Add options --min-passphrase-nonalpha,
--check-passphrase-pattern and --enforce-passphrase-constraints.
(MIN_PASSPHRASE_NONALPHA): Init nonalpha option to 1.
(main): Declare options for gpgconf.
* agent.h (struct): Add members MIN_PASSPHRASE_NONALPHA,
ENFORCE_PASSPHRASE_CONSTRAINTS and CHECK_PASSPHRASE_PATTERN.
* genkey.c (nonalpha_charcount): New.
(check_passphrase_pattern): New.
(check_passphrase_constraints): Implement. Factor some code out...
(take_this_one_anyway, take_this_one_anyway2): .. New.
* call-pinentry.c (agent_show_message): New.
(agent_askpin): We better reset the pin buffer before asking.
* trustlist.c (insert_colons): New.
(agent_marktrusted): Pretty print the fpr.
2007-08-22 Werner Koch <wk@g10code.com>
* findkey.c (O_BINARY): Make sure it is defined.
(agent_write_private_key): Use O_BINARY
* protect-tool.c (import_p12_file): Add hack to allow importing of
gnupg 2.0.4 generated files.
2007-08-06 Werner Koch <wk@g10code.com>
* trustlist.c (read_one_trustfile): Add flag "cm".
(agent_istrusted): Ditto.
2007-08-02 Werner Koch <wk@g10code.com>
* gpg-agent.c: Include gc-opt-flags.h and remove their definition
here.
2007-07-13 Werner Koch <wk@g10code.com>
* genkey.c (check_passphrase_constraints): Require a confirmation
for an empty passphrase.
(agent_genkey, agent_protect_and_store): No need to repeat an
empty passphrase.
2007-07-05 Werner Koch <wk@g10code.com>
* call-scd.c (struct inq_needpin_s): New.
(inq_needpin): Pass unknown inquiries up.
2007-07-04 Werner Koch <wk@g10code.com>
* gpg-agent.c (TIMERTICK_INTERVAL): New.
(fixed_gcry_pth_init, main): Kludge to fix Pth initialization.
2007-07-03 Werner Koch <wk@g10code.com>
* gpg-agent.c (handle_connections): Do not use FD_SETSIZE for
select but compute the correct number.
2007-07-02 Werner Koch <wk@g10code.com>
* command.c (cmd_reloadagent) [W32]: New.
(register_commands) [W32]: New command RELOADAGENT.
* Makefile.am (gpg_agent_SOURCES): Remove w32main.c and w32main.h.
(gpg_agent_res_ldflags): Remove icon file as we don't have a
proper icon yet.
* gpg-agent.c (main): do not include w32main.h. Remove all calls
to w32main.c.
(agent_sighup_action): New.
(handle_signal): Use it.
2007-06-26 Werner Koch <wk@g10code.com>
* gpg-agent.c (create_directories) [W32]: Made it work.
2007-06-21 Werner Koch <wk@g10code.com>
* agent.h (ctrl_t): Remove. It is now declared in ../common/util.h.
* gpg-agent.c (check_for_running_agent): New arg SILENT. Changed
all callers.
(create_server_socket): If the standard socket is in use check
whether a agent is running and avoid starting another one.
2007-06-18 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (main): Percent escape pathname in --gpgconf-list
output.
2007-06-18 Werner Koch <wk@g10code.com>
* w32main.c (build_argv): New.
(WinMain): Use it.
* command.c (cmd_killagent) [W32]: New.
(cmd_getinfo): New.
* gpg-agent.c (get_agent_ssh_socket_name): New.
(no_force_standard_socket) New.
(create_server_socket): Use it.
* Makefile.am (gpg_agent_res_ldflags): Pass windows option to ld.
2007-06-14 Werner Koch <wk@g10code.com>
* protect-tool.c (main): Setup default socket name for
simple-pwquery.
(MAP_SPWQ_ERROR_IMPL): New. Use map_spwq_error for spqw related
error codes.
* preset-passphrase.c (main): Setup default socket name for
simple-pwquery.
(map_spwq_error): Remove.
(MAP_SPWQ_ERROR_IMPL): New.
* call-pinentry.c (start_pinentry): Use gnupg_module_name.
* call-scd.c (start_scd): Ditto.
2007-06-12 Werner Koch <wk@g10code.com>
* taskbar.c: New.
* trustlist.c (read_one_trustfile): Replace GNUPG_SYSCONFDIR by a
function call.
(read_trustfiles): Ditto.
* gpg-agent.c (main): Replace some calls by init_common_subsystems.
* preset-passphrase.c (main): Ditto.
* protect-tool.c (main): Ditto.
2007-06-11 Werner Koch <wk@g10code.com>
* Makefile.am (common_libs): Use libcommonstd macro.
(commonpth_libs): Use libcommonpth macro.
* protect-tool.c (main) [W32]: Call pth_init.
* preset-passphrase.c (main) [W32]: Replace the explicit Winsocket
init by a call to pth_init.
* trustlist.c (initialize_module_trustlist): New.
* gpg-agent.c (main): Call it.
* call-pinentry.c (initialize_module_query): Rename to
initialize_module_call_pinentry.
* minip12.c: Remove iconv.h. Add utf8conf.h. Changed all iconv
calss to use these jnlib wrappers.
2007-06-06 Werner Koch <wk@g10code.com>
* minip12.c (enum): Rename CONTEXT to ASNCONTEXT as winnt.h
defines such a symbol to access the process context.
* call-pinentry.c (dump_mutex_state) [W32]: Handle the W32Pth case.
* call-scd.c (dump_mutex_state): Ditto.
* protect-tool.c (i18n_init): Remove.
* preset-passphrase.c (i18n_init): Remove.
* gpg-agent.c (i18n_init): Remove.
2007-05-19 Marcus Brinkmann <marcus@g10code.de>
* protect-tool.c (get_passphrase): Free ORIG_CODESET on error.
2007-05-14 Werner Koch <wk@g10code.com>
* protect.c (make_shadow_info): Replace sprintf by smklen.
2007-04-20 Werner Koch <wk@g10code.com>
* gpg-agent.c (my_gcry_logger, my_gcry_outofcore_handler): Removed.
(main): Call the setup_libgcrypt_logging helper.
* protect-tool.c (my_gcry_logger): Removed.
(main): Call the setup_libgcrypt_logging helper.
2007-04-03 Werner Koch <wk@g10code.com>
* trustlist.c (read_trustfiles): Take a missing trustlist as an
empty one.
2007-03-20 Werner Koch <wk@g10code.com>
* protect-tool.c: New option --p12-charset.
* minip12.c (p12_build): Implement it.
2007-03-19 Werner Koch <wk@g10code.com>
* minip12.c: Include iconv.h.
(decrypt_block): New.
(parse_bag_encrypted_data, parse_bag_data): Use it here.
(bag_data_p, bag_decrypted_data_p): New helpers.
2007-03-06 Werner Koch <wk@g10code.com>
* gpg-agent.c (main) <gpgconf>: Add entries for all ttl options.
2007-02-20 Werner Koch <wk@g10code.com>
* call-pinentry.c (start_pinentry): Fix for OS X to allow loading
of the bundle. Tested by Benjamin Donnachie.
2007-02-14 Werner Koch <wk@g10code.com>
* gpg-agent.c: New option --pinentry-touch-file.
(get_agent_socket_name): New.
* agent.h (opt): Add pinentry_touch_file.
* call-pinentry.c (start_pinentry): Send new option to the
pinentry.
2007-01-31 Moritz Schulte <moritz@g10code.com> (wk)
* command-ssh.c (stream_read_string): Initialize LENGTH to zero.
(start_command_handler_ssh): Use es_fgetc/es_ungetc to check if
EOF has been reached before trying to process another request.
2007-01-31 Werner Koch <wk@g10code.com>
* command-ssh.c (start_command_handler_ssh):
* Makefile.am (t_common_ldadd): Add LIBICONV.
2007-01-25 Werner Koch <wk@g10code.com>
* genkey.c (check_passphrase_constraints): Get ngettext call right
and use UTF-8 aware strlen.
* protect-tool.c (get_passphrase): New arg OPT_CHECK.
(get_new_passphrase): Enable OPT_CHECK on the first call.
* command.c (cmd_get_passphrase): Implement option --check.
2007-01-24 Werner Koch <wk@g10code.com>
* gpg-agent.c (MIN_PASSPHRASE_LEN): New
(parse_rereadable_options): New option --min-passphrase-len.
* genkey.c (check_passphrase_constraints): New.
(agent_genkey, agent_protect_and_store): Call new function. Fix
memory leak.
* call-pinentry.c (agent_askpin): Allow translation of the displayed
error message.
(agent_popup_message_start): Remove arg CANCEL_BTN.
(popup_message_thread): Use --one-button option.
* command.c (cmd_passwd): Now that we don't distinguish between
assuan and regular error codes we can jump to the end on error.
2006-12-07 David Shaw <dshaw@jabberwocky.com>
* Makefile.am: Link to iconv for jnlib dependency.
2006-11-20 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_popup_message_stop): Use SIGKILL.
* call-scd.c (inq_needpin): Implement POPUPKEYPADPROMPT and
DISMISSKEYPADPROMPT.
2006-11-15 Werner Koch <wk@g10code.com>
* protect.c (make_shadow_info): Cast printf arg to unsigned int.
* minip12.c (parse_bag_encrypted_data): Ditto.
(parse_bag_data, p12_parse): Ditto.
* command-ssh.c (ssh_identity_register): Changed buffer_n to
size_t.
* agent.h (struct server_control_s): New field thread_startup.
* command.c (start_command_handler): Moved CTRL init code to ..
* gpg-agent.c (start_connection_thread): .. here.
(agent_deinit_default_ctrl): New.
(agent_init_default_ctrl): Made static.
(handle_connections): Allocate CTRL and pass it pth_spawn.
* command-ssh.c (start_command_handler_ssh): Moved CTRL init code
to ..
* gpg-agent.c (start_connection_thread_ssh): .. here.
2006-11-14 Werner Koch <wk@g10code.com>
* command.c (bump_key_eventcounter): New.
(bump_card_eventcounter): New.
(cmd_geteventcounter): New command.
* gpg-agent.c (handle_signal): Call bump_card_eventcounter.
* findkey.c (agent_write_private_key): Call bump_key_eventcounter.
* trustlist.c (agent_reload_trustlist): Ditto.
* command.c (post_cmd_notify, io_monitor): New.
(register_commands, start_command_handler): Register them.
2006-11-09 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): In detached mode connect standard
descriptors to /dev/null.
* trustlist.c (read_trustfiles): Make sure not to pass a zero size
to realloc as the C standards says that this behaves like free.
2006-11-06 Werner Koch <wk@g10code.com>
* protect-tool.c (my_strusage): Fixed typo.
2006-10-23 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): New command --gpgconf-test.
* minip12.c (parse_bag_encrypted_data, parse_bag_data): Allow for
a salt of 20 bytes.
2006-10-20 Werner Koch <wk@g10code.com>
* Makefile.am (t_common_ldadd): Use GPG_ERROR_LIBS instead -o just -l
2006-10-19 Werner Koch <wk@g10code.com>
* findkey.c (unprotect): Use it to avoid unnecessary calls to
agent_askpin.
* call-pinentry.c (pinentry_active_p): New.
2006-10-17 Werner Koch <wk@g10code.com>
* Makefile.am (gpg_agent_LDADD): Link to libcommonpth.
(gpg_agent_CFLAGS): New. This allows to only link this with Pth.
2006-10-16 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_get_confirmation): Map Cancel code here too.
* trustlist.c (agent_marktrusted): Return Cancel instead of
Not_Confirmed for the first question.
2006-10-12 Werner Koch <wk@g10code.com>
* protect-tool.c (get_passphrase): Fix if !HAVE_LANGINFO_CODESET.
2006-10-06 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
(gpg_agent_LDADD): Ditto.
* divert-scd.c (divert_pksign): Use PKAUTH for the TLS algo.
2006-10-05 Werner Koch <wk@g10code.com>
* command.c (has_option_name): New.
(cmd_sethash): New --hash option.
* pksign.c (do_encode_raw_pkcs1): New.
(agent_pksign_do): Use it here for the TLS algo.
* agent.h (GCRY_MD_USER_TLS_MD5SHA1): New.
* divert-scd.c (pksign): Add case for tls-md5sha1.
* divert-scd.c (encode_md_for_card): Check that the algo is valid.
2006-10-04 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_get_passphrase): Changed to return the
unencoded passphrase.
(agent_askpin, agent_get_passphrase, agent_get_confirmation): Need
to map the cancel error.
* command.c (send_back_passphrase): New.
(cmd_get_passphrase): Use it here. Also implement --data option.
(skip_options): New.
2006-09-26 Werner Koch <wk@g10code.com>
* learncard.c (agent_handle_learn): Send back the keypair
information.
2006-09-25 Werner Koch <wk@g10code.com>
* trustlist.c (read_one_trustfile): Allow extra flags.
(struct trustitem_s): Replaced KEYFLAGS by a FLAGS struct.
Changed all code to use this.
(agent_istrusted): New arg CTRL. Changed all callers. Send back
flags.
* command.c (agent_write_status): New.
2006-09-20 Werner Koch <wk@g10code.com>
* Makefile.am: Changes to allow parallel make runs.
2006-09-15 Werner Koch <wk@g10code.com>
* trustlist.c: Entirely rewritten.
(agent_trustlist_housekeeping): Removed and removed all calls.
2006-09-14 Werner Koch <wk@g10code.com>
Replaced all call gpg_error_from_errno(errno) by
gpg_error_from_syserror().
* call-pinentry.c (start_pinentry): Replaced pipe_connect2 by
pipe_connect_ext.
* call-scd.c (start_scd): Ditto.
* command.c (start_command_handler): Replaced
init_connected_socket_server by init_socket_server_ext.
2006-09-13 Werner Koch <wk@g10code.com>
* preset-passphrase.c (main) [W32]: Check for WSAStartup error.
2006-09-08 Werner Koch <wk@g10code.com>
* call-scd.c: Add signal.h as we are referencing SIGUSR2.
2006-09-06 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (AM_CFLAGS): Add $(GPG_ERR_CFLAGS).
(gpg_agent_LDADD): Replace -lgpg-error with $(GPG_ERROR_LIBS).
2006-09-06 Werner Koch <wk@g10code.com>
* query.c: Renamed to ..
* call-pinentry.c: .. this.
* agent.h (out_of_core): Removed.
(CTRL): Removed and changed everywhere to ctrl_t.
Replaced all Assuan error codes by libgpg-error codes. Removed
all map_to_assuan_status and map_assuan_err.
* gpg-agent.c (main): Call assuan_set_assuan_err_source to have Assuan
switch to gpg-error codes.
* command.c (set_error): Adjusted.
2006-09-04 Werner Koch <wk@g10code.com>
* command.c (percent_plus_unescape): New.
(cmd_get_val, cmd_putval): New.
2006-08-29 Werner Koch <wk@g10code.com>
* command-ssh.c (stream_read_mpi): Sanity check for early
detecting of too large keys.
* gpg-agent.c (my_gcry_outofcore_handler): New.
(main): Register it.
(main): No allocate 32k secure memory (was 16k).
2006-07-31 Werner Koch <wk@g10code.com>
* preset-passphrase.c (make_hexstring): For consistency use
xtrymalloc and changed caller to use xfree. Fixed function
comment.
2006-07-29 Marcus Brinkmann <marcus@g10code.de>
* preset-passphrase.c (preset_passphrase): Do not strip off last
character of passphrase.
(make_hexstring): New function.
* command.c (cmd_preset_passphrase): Use parse_hexstring to syntax
check passphrase argument. Truncate passphrase at delimiter.
2006-07-24 Werner Koch <wk@g10code.com>
* minip12.c (build_key_bag): New args SHA1HASH and
KEYIDSTR. Append bag Attributes if these args are given.
(build_cert_sequence): ditto.
(p12_build): Calculate certificate hash and pass to build
functions.
2006-07-21 Werner Koch <wk@g10code.com>
* minip12.c (oid_pkcs_12_keyBag): New.
(parse_bag_encrypted_data): New arg R_RESULT. Support keybags and
return the key object.
(p12_parse): Take new arg into account. Free RESULT on error.
2006-06-26 Werner Koch <wk@g10code.com>
* gpg-agent.c (handle_signal): Print info for SIGUSR2 only in
verbose mode.
2006-06-22 Werner Koch <wk@g10code.com>
* command-ssh.c (make_cstring): Use memcpy instead of strncpy.
(ssh_receive_mpint_list, sexp_key_extract, data_sign): Use
xtrycalloc instead of xtrymalloc followed by memset.
2006-06-20 Werner Koch <wk@g10code.com>
* minip12.c (create_final): New arg PW. Add code to calculate the
MAC.
2006-06-09 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (gpg_agent_LDADD): Add $(NETLIBS).
(gpg_protect_tool_LDADD): Likewise.
(gpg_preset_passphrase_LDADD): Likewise.
2006-04-09 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_request_process): Removed FIXME mentioning a
possible DoS attack.
2006-04-01 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_identity_register): Make KEY_GRIP_RAW be 20
instead of 21 bytes long; do not fill KEY_GRIP_RAW[20] with NUL
byte - KEY_GRIP_RAW is a raw binary string anyway.
2006-02-09 Werner Koch <wk@g10code.com>
* call-scd.c (struct scd_local_s): New field next_local.
(scd_local_list): New.
(start_scd): Put new local into list.
(agent_reset_scd): Remove it from the list.
(agent_scd_check_aliveness): Here is the actual reason why we need
all this stuff.
(agent_reset_scd): Send the new command RESTART instead of RESET.
2005-12-16 Werner Koch <wk@g10code.com>
* minip12.c (cram_octet_string): New
(p12_parse): Use it for NDEFed bags.
(parse_bag_data): Ditto.
(string_to_key, set_key_iv, crypt_block): New arg SALTLEN.
(p12_build): Use old value 8 for new arg.
(parse_bag_encrypted_data, parse_bag_data): Allow for salts of 8
to 16 bytes. Add new arg R_CONSUMED.
2005-11-24 Werner Koch <wk@g10code.com>
* minip12.c (p12_parse): Fixed for case that the key object comes
prior to the certificate.
2005-10-19 Werner Koch <wk@g10code.com>
* divert-scd.c (getpin_cb): Hack to use it for a keypad message.
* call-scd.c (inq_needpin): Reworked to support the new KEYPADINFO.
* query.c (start_pinentry): Keep track of the owner.
(popup_message_thread, agent_popup_message_start)
(agent_popup_message_stop, agent_reset_query): New.
* command.c (start_command_handler): Make sure a popup window gets
closed.
2005-10-08 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (gpg_protect_tool_LDADD): Add ../gl/libgnu.a.
(gpg_preset_passphrase_LDADD, t_common_ldadd): Likewise.
(gpg_agent_LDADD): Add ../gl/libgnu.a after ../common/libcommon.a.
2005-09-16 Werner Koch <wk@g10code.com>
* minip12.c (build_key_sequence, build_cert_sequence): Fixed
padding.
2005-09-15 Moritz Schulte <moritz@g10code.com>
* t-protect.c (test_agent_protect): Implemented.
(main): Disable use of secure memory.
2005-09-09 Werner Koch <wk@g10code.com>
* minip12.c (p12_build): Oops, array needs to be larger for the
certificate.
(build_cert_bag): Fixed yesterdays change.
* command-ssh.c (card_key_available): Let the card handler decide
whether the card is supported here. Also get a short serial
number to return from the card handler.
2005-09-08 Werner Koch <wk@g10code.com>
* minip12.c (build_cert_bag): Use a non constructed object.
i.e. 0x80 and not 0xa0.
2005-08-16 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Use a default file name for --write-env-file.
2005-07-25 Werner Koch <wk@g10code.com>
* findkey.c (agent_public_key_from_file): Fixed array assignment.
This was the cause for random segvs.
2005-06-29 Werner Koch <wk@g10code.com>
* command-ssh.c (data_sign): Removed empty statement.
2005-06-21 Werner Koch <wk@g10code.com>
* minip12.c (create_final): Cast size_t to ulong for printf.
(build_key_bag, build_cert_bag, build_cert_sequence): Ditto.
2005-06-16 Werner Koch <wk@g10code.com>
* protect-tool.c (make_advanced): Makde RESULT a plain char.
* call-scd.c (unescape_status_string): Need to cast unsigned char*
for strcpy.
(agent_card_pksign): Made arg R_BUF an unsigned char**.
* divert-scd.c (divert_pksign): Made SIGVAL unsigned char*.
(encode_md_for_card): Initialize R_VAL and R_LEN.
* genkey.c (store_key): Made BUF unsigned.
* protect.c (do_encryption): Ditto.
(do_encryption): Made arg PROTBEGIN unsigned. Initialize RESULT
and RESULTLEN even on error.
(merge_lists): Need to cast unsigned char * for strcpy. Initialize
RESULTand RESULTLEN even on error.
(agent_unprotect): Likewise for strtoul.
(make_shadow_info): Made P and INFO plain char.
(agent_shadow_key): Made P plain char.
2005-06-15 Werner Koch <wk@g10code.com>
* query.c (agent_get_passphrase): Made HEXSTRING a char*.
* command-ssh.c (ssh_key_grip): Made arg BUFFER unsigned.
(ssh_key_grip): Simplified.
(data_sign): Initialize variables with the definition.
(ssh_convert_key_to_blob): Make sure that BLOB and BLOB_SIZE
are set to NULL on error. Cool, gcc-4 detects uninitialized stuff
beyond function boundaries; well it can't know that we do error
proper error handling so that this was not a real error.
(file_to_buffer): Likewise for BUFFER and BUFFER_N.
(data_sign): Likewise for SIG and SIG_N.
(stream_read_byte): Set B to a value even on error.
* command.c (cmd_genkey): Changed VALUE to char.
(cmd_readkey): Cast arg for gcry_sexp_sprint.
* agent.h (struct server_control_s): Made KEYGRIP unsigned.
2005-06-13 Werner Koch <wk@g10code.com>
* command-ssh.c (start_command_handler_ssh): Reset the SCD.
2005-06-09 Werner Koch <wk@g10code.com>
* gpg-agent.c (create_socket_name): New option --max-cache-ttl-ssh.
* cache.c (housekeeping): Use it.
(agent_put_cache): Use a switch to get the default ttl so that it
is easier to add more cases.
2005-06-06 Werner Koch <wk@g10code.com>
* gpg-agent.c: New option --default-cache-ttl-ssh.
* agent.h (cache_mode_t): New.
* pksign.c (agent_pksign_do): New arg CACHE_MODE to replace the
ARG IGNORE_CACHE. Changed all callers.
(agent_pksign): Ditto.
* findkey.c (agent_key_from_file): Ditto. Canged all callers.
(unprotect): Ditto.
* command-ssh.c (data_sign): Use CACHE_MODE_SSH.
* cache.c (agent_get_cache): New arg CACHE_MODE.
(agent_put_cache): Ditto. Store it in the cache.
* query.c (agent_query_dump_state, dump_mutex_state): New.
(unlock_pinentry): Reset the global context before releasing the
mutex.
* gpg-agent.c (handle_signal): Dump query.c info on SIGUSR1.
* call-scd.c (agent_scd_check_aliveness): Always do a waitpid and
add a timeout to the locking.
2005-06-03 Werner Koch <wk@g10code.com>
* command.c (cmd_updatestartuptty): New.
* gpg-agent.c: New option --write-env-file.
* gpg-agent.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
2005-06-02 Werner Koch <wk@g10code.com>
* call-scd.c (agent_scd_dump_state, dump_mutex_state): New.
* gpg-agent.c (handle_signal): Print it on SIGUSR1.
(handle_connections): Include the file descriptor into the
threadnames.
2005-06-01 Werner Koch <wk@g10code.com>
* gpg-agent.c: Include setenv.h.
2005-05-31 Werner Koch <wk@g10code.com>
* agent.h (out_of_core): s/__inline__/inine. Noted by Ray Link.
2005-05-25 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Do not unset the DISPLAY when we are
continuing as child.
2005-05-24 Werner Koch <wk@g10code.com>
* call-scd.c (inq_needpin): Skip leading spaces in of PIN
description.
* divert-scd.c (getpin_cb): Enhanced to cope with description
flags.
* query.c (agent_askpin): Add arg PROMPT_TEXT. Changed all
callers.
2005-05-21 Werner Koch <wk@g10code.com>
* call-scd.c (start_scd): Don't test for an alive scdaemon here.
(agent_scd_check_aliveness): New.
* gpg-agent.c (handle_tick): Test for an alive scdaemon.
(handle_signal): Print thread info on SIGUSR1.
2005-05-20 Werner Koch <wk@g10code.com>
* protect-tool.c: New option --canonical.
(show_file): Implement it.
* keyformat.txt: Define the created-at attribute for keys.
2005-05-18 Werner Koch <wk@g10code.com>
* divert-scd.c (ask_for_card): Removed the card reset kludge.
2005-05-17 Werner Koch <wk@g10code.com>
* call-scd.c (unlock_scd): Add new arg CTRL. Changed all callers.
(start_scd): Reoworked to allow for additional connections.
* agent.h (ctrl_t): Add local data for the SCdaemon.
* command.c (start_command_handler): Release SERVER_LOCAL.
* gpg-agent.c (create_server_socket): Use xmalloc.
(main): Removed option --disable-pth a dummy. Removed non-pth
code path.
(cleanup_sh): Removed. Not needed anymore.
2005-05-05 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_key_to_buffer): Rename to ...
(ssh_key_to_protected_buffer): ... this; change callers.
Improved documentation.
Use ssh_key_grip(), where gcry_pk_get_keygrip() has been used
before.
(ssh_handler_sign_request): Removed unusued variable P.
2005-04-20 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_handler_request_identities): Removed
debugging code (sleep call), which was commited unintenionally.
2005-04-20 Werner Koch <wk@g10code.com>
* minip12.c (parse_bag_encrypted_data): Fix the unpadding hack.
* gpg-agent.c: New option --disable-scdaemon.
(handle_connections): Add time event to drive ...
(handle_tick): New function.
(main): Record the parent PID. Fixed segv when using ssh and a
command.
* call-scd.c (start_scd): Take care of this option.
2005-04-03 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_request_spec): New member: secret_input.
(REQUEST_SPEC_DEFINE): New argument: secret_input.
(request_specs): Add secret_input flag.
(request_spec_lookup): New function ...
(ssh_request_process): ... use it here; depending on secret_input
flag allocate secure or non-secure memory.
2005-03-02 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (sexp_key_extract): Removed FIXME, since
xtrymallos does set errno correctly by now.
(sexp_extract_identifier): Remove const attribute from identifier.
(ssh_handler_request_identities): Remove const attribute from
key_type; removes ugly casts and FIXME.
(sexp_key_extract): Remove const attribute from comment.
(ssh_send_key_public): Remove const attribute from
key_type/comment; removes ugly cast.
(data_sign): Remove const attribute from identifier; removes ugly
cast.
(key_secret_to_public): Remove const attribute from comment;
removes ugly cast.
(ssh_handler_sign_request): Remove const attribute from p.
(sexp_key_extract): Use make_cstring().
(ssh_key_extract_comment): Likewise.
(ssh_key_to_buffer): Use secure memory for memory area to hold the
key S-Expression.
Added more comments.
2005-02-25 Werner Koch <wk@g10code.com>
* findkey.c (modify_description): Keep invalid % escapes, so that
%0A may pass through.
* agent.h (server_control_s): New field USE_AUTH_CALL.
* call-scd.c (agent_card_pksign): Make use of it.
* command-ssh.c (data_sign): Set the flag.
(ssh_send_key_public): New arg OVERRIDE_COMMENT.
(card_key_available): Add new arg CARDSN.
(ssh_handler_request_identities): Use the card s/n as comment.
(sexp_key_extract): Use GCRYMPI_FMT_STD.
(data_sign): Ditto.
* learncard.c (make_shadow_info): Moved to ..
* protect.c (make_shadow_info): .. here. Return NULL on malloc
failure. Made global.
* agent.h: Add prototype.
2005-02-24 Werner Koch <wk@g10code.com>
* call-scd.c (unescape_status_string): New. Actual a copy of
../g10/call-agent.c
(card_getattr_cb, agent_card_getattr): New.
* command-ssh.c (card_key_available): New.
(ssh_handler_request_identities): First see whether a card key is
available.
* gpg-agent.c (handle_connections): Need to check for events if
select returns with -1.
2005-02-23 Werner Koch <wk@g10code.com>
* command-ssh.c (get_passphrase): Removed.
(ssh_identity_register): Partly rewritten.
(open_control_file, search_control_file, add_control_entry): New.
(ssh_handler_request_identities): Return only files listed in our
control file.
* findkey.c (unprotect): Check for allocation error.
* agent.h (opt): Add fields to record the startup terminal
settings.
* gpg-agent.c (main): Record them and do not force keep display
with --enable-ssh-support.
* command-ssh.c (start_command_handler_ssh): Use them here.
* gpg-agent.c: Renamed option --ssh-support to
--enable-ssh-support.
* command.c (cmd_readkey): New.
(register_commands): Register new command "READKEY".
* command-ssh.c (ssh_request_process): Improved logging.
* findkey.c (agent_write_private_key): Always use plain open.
Don't depend on an umask for permissions.
(agent_key_from_file): Factored file reading code out to ..
(read_key_file): .. new function.
(agent_public_key_from_file): New.
2005-02-22 Werner Koch <wk@g10code.com>
* command-ssh.c (stream_read_string): Removed call to abort on
memory error because the CVS version of libgcrypt makes sure
that ERRNO gets always set on error even with a faulty user
supplied function.
2005-02-19 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do
not use elems_secret member of key_spec.
(ssh_key_type_spec): Removed member: elems_secret.
(ssh_key_types): Removed elems_secret data.
(ssh_sexp_construct): Renamed to ...
(sexp_key_construct): ... this; changed callers.
(ssh_sexp_extract): Renamed to ...
(sexp_key_extract): ... this; changed callers.
(ssh_sexp_extract_key_type): Renamed to ...
(sexp_extract_identifier): ... this; changed callers; use
make_cstring().
Added more comments.
2005-02-18 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp
template, clarified.
(ssh_sexp_extract): Support shadowed-private-key-sexp; treat
protected-private key and shadowed-private-key as public keys.
(key_secret_to_public): Rewritten: simply use ssh_sexp_extract()
and ssh_sexp_construct().
2005-02-15 Werner Koch <wk@g10code.com>
* findkey.c (modify_description): Don't increment OUT_LEN during
the second pass.
2005-02-14 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (es_read_byte): Renamed to ...
(stream_es_read_byte): ... this; changed callers.
(es_write_byte): Renamed to ...
(stream_write_byte): ... this; changed callers.
(es_read_uint32): Renamed to ...
(stream_read_uint32): ... this; changed callers.
(es_write_uint32): Renamed to ...
(stream_write_uint32): ... this; changed callers.
(es_read_data): Renamed to ...
(stream_read_data): ... this; changed callers.
(es_write_data): Renamed to ...
(stream_write_data): ... this; changed callers.
(es_read_string): Renamed to ...
(stream_read_string): ... this; changed callers.
(es_read_cstring): Renamed to ...
(stream_read_cstring): ... this; changed callers.
(es_write_string): Renamed to ...
(stream_write_string): ... this; changed callers.
(es_write_cstring): Renamed to ...
(stream_write_cstring): ... this; changed callers.
(es_read_mpi): Renamed to ...
(stream_read_mpi): ... this; changed callers.
(es_write_mpi): Renamed to ...
(stream_write_mpi): ... this; changed callers.
(es_copy): Renamed to ...
(stream_copy): ... this; changed callers.
(es_read_file): Renamed to ...
(file_to_buffer): ... this; changed callers.
(ssh_identity_register): Removed variable description_length;
changed code to use asprintf for description.
(stream_write_uint32): Do not filter out the last byte of shift
expression.
(uint32_construct): New macro ...
(stream_read_uint32): ... use it; removed unnecessary cast.
2005-02-03 Werner Koch <wk@g10code.com>
* agent.h (agent_exit): Add JNLIB_GCC_A_NR to indicate that this
function won't return.
* gpg-agent.c (check_for_running_agent): Initialize pid to a
default value if not needed.
* command-ssh.c: Removed stdint.h. s/byte_t/unsigned char/,
s/uint32/u32/ becuase that is what we have always used in GnuPG.
(ssh_request_specs): Moved to top of file.
(ssh_key_types): Ditto.
(make_cstring): Ditto.
(data_sign): Don't use a variable for the passphrase prompt, make
it translatable.
(ssh_request_process):
* findkey.c (modify_description): Renamed arguments for clarity,
polished documentation. Make comment a C-string. Fixed case of
DESCRIPTION being just "%".
(agent_key_from_file): Make sure comment string to a C-string.
* gpg-agent.c (create_socket_name): Cleanup the implemntation, use
DIMof, agent_exit, removed superflous args and return the
allocated string as value. Documented. Changed callers.
(create_server_socket): Cleanups similar to above. Changed callers.
(cleanup_do): Renamed to ..
(remove_socket): .. this. Changed caller.
(handle_connections): The signals are to be handled in the select
and not in the accept. Test all FDs after returning from a
select. Remove the event tests from the accept calls. The select
already assured that the accept won't block.
2005-01-29 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_handler_request_identities)
(ssh_handler_sign_request, ssh_handler_add_identity)
(ssh_handler_remove_identity, ssh_handler_remove_all_identities)
(ssh_handler_lock, ssh_handler_unlock): Changed to return an error
code instead of a boolean.
(ssh_request_process): Changed to return a boolean instead of an
error; adjust caller.
(ssh_request_handle_t): Adjusted type.
(ssh_request_spec): New member: identifier.
(REQUEST_SPEC_DEFINE): New macro; use it for initialization of
request_specs[].
(ssh_request_process): In debugging mode, log identifier of
handler to execute.
(start_command_handler_ssh): Moved most of the stream handling
code ...
(ssh_request_process): ... here.
2005-01-28 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_handler_add_identity): Pass ctrl to
ssh_identity_register().
(ssh_identity_register): New argument: ctrl; pass ctrl to
get_passphrase().
(get_passphrase): Pass ctrl instead of NULL to agent_askpin().
(start_command_handler_ssh): Use agent_init_default_ctrl();
deallocate structure members, which might be dynamically
allocated.
(lifetime_default): Removed variable.
(ssh_handler_add_identity): Fix ttl handling; renamed variable
`death' to `ttl'.
(ssh_identity_register): Fix key grip handling.
2005-01-26 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_handler_sign_request): Confirm to agent
protocol in case of failure.
* command-ssh.c: New file.
* Makefile.am (gpg_agent_SOURCES): New source file: command-ssh.c.
* findkey.c (modify_description): New function.
(agent_key_from_file): Support comment field in key s-expressions.
* gpg-agent.c (enum cmd_and_opt_values): New item: oSSHSupport.
(opts) New entry for oSSHSupport.
New variable: socket_name_ssh.
(cleanup_do): New function based on cleanup().
(cleanup): Use cleanup_do() for socket_name and socket_name_ssh.
(main): New switch case for oSSHSupport.
(main): Move socket name creation code to ...
(create_socket_name): ... this new function.
(main): Use create_socket_name() for creating socket names for
socket_name and for socket_name_ssh in case ssh support is
enabled.
Move socket creation code to ...
(create_server_socket): ... this new function.
(main): Use create_server_socket() for creating sockets.
In case standard_socket is set, do not only store a socket name in
socket_name, but also in socket_name_ssh.
Generate additional environment info strings for ssh support.
Pass additional ssh socket argument to handle_connections.
(start_connection_thread_ssh): New function.
(handle_connections): Use select to multiplex between gpg-agent
and ssh-agent protocol.
* agent.h (struct opt): New member: ssh_support.
(start_command_handler_ssh): Add prototype.
2005-01-04 Werner Koch <wk@g10code.com>
* trustlist.c (agent_marktrusted): Use "Cancel" for the first
confirmation and made the strings translatable.
* cache.c (agent_put_cache): Fix the test for using the default
TTL.
2004-12-21 Werner Koch <wk@g10code.com>
* preset-passphrase.c (preset_passphrase): Handle --passphrase.
* Makefile.am (gpg_preset_passphrase_LDADD): Reorder libs so that
pwquery may use stuff from jnlib. Conditionally add -lwsock2
(gpg_protect_tool_LDADD): Ditto.
* preset-passphrase.c (main): Use default_homedir().
(main) [W32]: Initialize sockets.
2004-12-21 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libexec_PROGRAMS): Add gpg-preset-passphrase.
(gpg_preset_passphrase_SOURCES, gpg_preset_passphrase_LDADD): New
targets.
* agent.h (opt): New member allow_cache_passphrase.
* cache.c (housekeeping): Check if R->ttl is not negative.
(agent_put_cache): Allow ttl to be negative.
* command.c (parse_hexstring): Allow something to follow the
hexstring.
(cmd_cache_passphrase): New function.
(register_commands): Add it.
* gpg-agent.c: Handle --allow-preset-passphrase.
* preset-passphrase.c: New file.
2004-12-21 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Use default_homedir().
* protect-tool.c (main): Ditto.
2004-12-20 Werner Koch <wk@g10code.com>
* gpg-agent.c (main) [W32]: Now that Mutexes work we can remove
the pth_init kludge.
(main): Add new options --[no-]use-standard-socket.
(check_for_running_agent): Check whether it is running on the
standard socket.
* call-scd.c (init_membuf, put_membuf, get_membuf): Removed. We
now use the identical implementation from ../common/membuf.c.
* pksign.c (agent_pksign): Changed arg OUTFP to OUTBUF and use
membuf functions to return the value.
* pkdecrypt.c (agent_pkdecrypt): Ditto.
* genkey.c (agent_genkey): Ditto.
* command.c (cmd_pksign, cmd_pkdecrypt, cmd_genkey): Replaced
assuan_get_data_fp() by a the membuf scheme.
(clear_outbuf, write_and_clear_outbuf): New.
2004-12-19 Werner Koch <wk@g10code.com>
* query.c (initialize_module_query): New.
* call-scd.c (initialize_module_call_scd): New.
* gpg-agent.c (main): Call them.
2004-12-18 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Remove special Pth initialize.
* agent.h (map_assuan_err): Define in terms of
map_assuan_err_with_source.
2004-12-17 Moritz Schulte <moritz@g10code.com>
* query.c: Undo change from 2004-12-05.
2004-12-15 Werner Koch <wk@g10code.com>
* gpg-agent.c [W32]: Various hacks to make it work.
* findkey.c (agent_write_private_key) [W32]: Adjust open call.
* call-scd.c (start_scd) [W32]: Don't check whether the daemon
didn't died. To hard to do under Windows.
(start_scd) [W32]: Disable sending of the event signal option.
* protect-tool.c (read_file, export_p12_file) [W32]: Use setmode
to get stdout and stin into binary mode.
2004-12-05 Moritz Schulte <moritz@g10code.com>
* query.c (start_pinentry): Allow CTRL be NULL.
2004-10-22 Werner Koch <wk@g10code.com>
* gpg-agent.c (parse_rereadable_options): Return "not handled"
when the log file has not beend hadled. This is will let the main
option processing continue. Fixed a bug introduced on 2004-09-4
resulting in logging to stderr until a HUP has been given.
(main): Don't close the listen FD.
2004-09-30 Werner Koch <wk@g10code.com>
* Makefile.am: Adjusted from gettext 1.14.
2004-09-29 Werner Koch <wk@g10code.com>
* minip12.c (parse_bag_encrypted_data): Print error if a bad
passphrase has been given.
2004-09-28 Werner Koch <wk@g10code.com>
* protect.c (agent_unprotect): Fixed wiping of CLEARTEXT. Thanks
to Moritz for pointing this out.
2004-09-25 Moritz Schulte <moritz@g10code.com>
* agent.h: Declare: agent_pksign_do.
(struct server_control_s): New member: raw_value.
* pksign.c (do_encode_md): New argument: raw_value; support
generation of raw (non-pkcs1) data objects; adjust callers.
(agent_pksign_do): New function, based on code ripped
out from agent_pksign.
(agent_pksign): Use agent_pksign_do.
* command.c (start_command_handler): Set ctrl.digest.raw_value.
2004-09-09 Werner Koch <wk@g10code.de>
* gpg-agent.c (check_for_running_agent): New.
(main): The default action is now to check for an already running
agent.
(parse_rereadable_options): Set logfile only on reread.
(main): Do not print the "is development version" note.
2004-08-20 Werner Koch <wk@g10code.de>
* gpg-agent.c: New option --max-cache-ttl. Suggested by Alexander
Belopolsky.
* cache.c (housekeeping): Use it here instead of the hardwired
default of 1 hour.
* query.c (start_pinentry): Use a timeout for the pinentry lock.
2004-08-18 Werner Koch <wk@g10code.de>
* protect-tool.c (get_passphrase): Make sure that the default
prompts passed to gpg-agent are utf-8 encoded. Add new prompt values.
(import_p12_file, import_p12_file, export_p12_file): Changed calls
to get_passphrase so that better prompts are displayed.
(get_new_passphrase): New.
2004-07-22 Werner Koch <wk@g10code.de>
* trustlist.c (read_list): Allow colons in the fingerprint.
(headerblurb): Rephrased.
* gpg-agent.c (handle_connections): Increase the stack size ot 256k.
2004-06-20 Moritz Schulte <moritz@g10code.com>
* gpg-agent.c: Include <sys/stat.h> (build fix for BSD).
2004-05-11 Werner Koch <wk@gnupg.org>
* gpg-agent.c (handle_signal): Reload the trustlist on SIGHUP.
(start_connection_thread): Hack to simulate a ticker.
* trustlist.c (agent_trustlist_housekeeping)
(agent_reload_trustlist): New. Protected all global functions
here with a simple counter which is sufficient for Pth.
2004-05-03 Werner Koch <wk@gnupg.org>
* gpg-agent.c: Remove help texts for options lile --lc-ctype.
(main): New option --allow-mark-trusted.
* trustlist.c (agent_marktrusted): Use it here.
2004-04-30 Werner Koch <wk@gnupg.org>
* protect-tool.c: New option --enable-status-msg.
(store_private_key): Print status messages for imported keys.
(read_and_unprotect): Ditto for bad passphrase.
* gpg-agent.c (parse_rereadable_options): New arg REREAD. Allow
changing oLogFile.
(current_logfile): New.
2004-04-26 Werner Koch <wk@gnupg.org>
* call-scd.c (start_scd): Do not register an event signal if we
are running as a pipe server.
2004-04-21 Werner Koch <wk@gnupg.org>
* call-scd.c (start_scd): Send event-signal option. Always check
that the scdaemon is still running.
* gpg-agent.c (handle_signal): Do not use SIGUSR{1,2} anymore for
changing the verbosity.
2004-04-16 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Tell the logging code that we are running
detached.
2004-04-06 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Use new libgcrypt thread library register
scheme.
2004-03-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (main): For now, always print the default config
file name for --gpgconf-list.
2004-03-17 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main) <gpgconf>: Fixed default value quoting.
2004-03-16 Werner Koch <wk@gnupg.org>
* gpg-agent.c (parse_rereadable_options): Use the new
DEFAULT_CACHE_TTL macro.
(main): Updated --gpgconf-list output.
2004-02-21 Werner Koch <wk@gnupg.org>
* command.c (cmd_passwd): Take acount of a key description.
* genkey.c (reenter_compare_cb): Do not set the error text.
(agent_protect_and_store, agent_genkey): Force a re-enter after a
non-matching passphrase.
* query.c (agent_askpin): Add new arg INITIAL_ERRTEXT; changed
all callers.
2004-02-19 Werner Koch <wk@gnupg.org>
* protect-tool.c: New options --have-cert and --prompt.
(export_p12_file): Read a certificate from STDIN and pass it to
p12_build. Detect a keygrip and construct the filename in that
case. Unprotcet a key if needed. Print error messages for key
formats we can't handle.
(release_passphrase): New.
(get_passphrase): New arg PROMPTNO. Return the allocated
string. Changed all callers.
* minip12.c: Revamped the build part.
(p12_build): New args CERT and CERTLEN.
2004-02-18 Werner Koch <wk@gnupg.org>
* protect-tool.c (main): Setup the used character set.
* gpg-agent.c (main): Ditto.
* gpg-agent.c (set_debug): New. New option --debug-level.
(main): New option --gpgconf-list.
2004-02-17 Werner Koch <wk@gnupg.org>
* pksign.c (do_encode_md): Cleaned up by using gcry_sexp_build.
* Makefile.am (gpg_protect_tool_SOURCES): Removed
simple-pwquery.[ch], as we once moved it to ../common.
2004-02-13 Werner Koch <wk@gnupg.org>
* command.c (cmd_setkeydesc): New.
(register_commands): Add command SETKEYDESC.
(cmd_pksign, cmd_pkdecrypt): Use the key description.
(reset_notify): Reset the description.
* findkey.c (unprotect): Add arg DESC_TEXT.
(agent_key_from_file): Ditto.
* pksign.c (agent_pksign): Ditto.
* pkdecrypt.c (agent_pkdecrypt): Ditto. Made CIPHERTEXT an
unsigned char*.
* protect-tool.c (main): New options --no-fail-on-exist, --homedir.
(store_private_key): Use them here.
2004-02-12 Werner Koch <wk@gnupg.org>
* protect-tool.c (read_file, main): Allow reading from stdin.
* Makefile.am: Include cmacros.am for common flags.
(libexec_PROGRAMS): Put gpg-protect-tool there.
2004-02-10 Werner Koch <wk@gnupg.org>
* minip12.c (parse_bag_encrypted_data): Finished implementation.
(p12_parse): Add callback args.
* protect-tool.c (import_p12_cert_cb): New.
(import_p12_file): Use it.
2004-02-06 Werner Koch <wk@gnupg.org>
* minip12.c (crypt_block): Add arg CIPHER_ALGO; changed all callers.
(set_key_iv): Add arg KEYBYTES; changed caller.
2004-02-03 Werner Koch <wk@gnupg.org>
* findkey.c (agent_key_from_file): Extra paranoid wipe.
* protect.c (agent_unprotect): Ditto.
(merge_lists): Ditto. Add arg RESULTLEN.
* pkdecrypt.c (agent_pkdecrypt): Don't show the secret key even in
debug mode.
* protect.c: Add DSA and Elgamal description.
2004-01-29 Werner Koch <wk@gnupg.org>
* agent.h (server_control_s): Add connection_fd field.
* command.c (start_command_handler): Init it here.
* gpg-agent.c (agent_init_default_ctrl): and here.
* call-scd.c: Add the CTRL arg to all functions calling start_scd
and pass it to start_scd. Changed all callers
(start_scd): Keep track of the current active connection.
(agent_reset_scd): New.
* command.c (start_command_handler): Call it here.
* learncard.c (agent_handle_learn): Add arg CTRL; changed caller.
(send_cert_back): Ditto.
2004-01-28 Werner Koch <wk@gnupg.org>
* trustlist.c (agent_marktrusted): Check whether the trustlist is
writable.
2004-01-27 Werner Koch <wk@gnupg.org>
* sexp-parse.h: Moved to ../common.
2004-01-24 Werner Koch <wk@gnupg.org>
* call-scd.c (atfork_cb): New.
(start_scd): Make sure secmem gets cleared.
* query.c (atfork_cb): New.
(start_pinentry): Make sure secmem gets cleared.
2004-01-16 Werner Koch <wk@gnupg.org>
* findkey.c (agent_key_from_file): Now return an error code so
that we have more detailed error messages in the upper layers.
This fixes the handling of pinentry's cancel button.
* pksign.c (agent_pksign): Changed accordingly.
* pkdecrypt.c (agent_pkdecrypt): Ditto.
* command.c (cmd_passwd): Ditto.
2003-12-16 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Set the prefixes for assuan logging.
2003-12-15 Werner Koch <wk@gnupg.org>
* protect.c (do_encryption): Use gcry_create_nonce instad of the
obsolete WEAK_RANDOM.
2003-11-20 Werner Koch <wk@gnupg.org>
* sexp-parse.h (snext): Don't use atoi_1 and digitp macros, so
that this file is useful by other applications too.
2003-10-27 Werner Koch <wk@gnupg.org>
* command.c (cmd_get_confirmation): New command.
2003-08-20 Timo Schulz <twoaday@freakmail.de>
* pksign.c (do_encode_md): Allocate enough space. Cast md
byte to unsigned char to prevent sign extension.
2003-08-14 Timo Schulz <twoaday@freakmail.de>
* pksign.c (do_encode_md): Due to the fact pkcs#1 padding
is now in Libgcrypt, use the new interface.
2003-07-31 Werner Koch <wk@gnupg.org>
* Makefile.am (gpg_agent_LDADD): Added INTLLIBS.
(gpg_protect_tool_SOURCES): Added simple-pwquery.[ch]
2003-07-27 Werner Koch <wk@gnupg.org>
Adjusted for gcry_mpi_print and gcry_mpi_scan API change.
2003-07-15 Werner Koch <wk@gnupg.org>
* simple-pwquery.c, simple-pwquery.h: Moved to ../common.
* Makefile.am (gpg_protect_tool_LDADD): Add simple-pwquery.o.
Removed it from xx_SOURCES.
2003-07-04 Werner Koch <wk@gnupg.org>
* gpg-agent.c (handle_connections): Kludge to allow use of Pth 1
and 2.
2003-06-30 Werner Koch <wk@gnupg.org>
* call-scd.c (learn_status_cb): Store the serialno in PARM.
2003-06-26 Werner Koch <wk@gnupg.org>
* call-scd.c (agent_card_serialno): Don't do a RESET anymore.
2003-06-25 Werner Koch <wk@gnupg.org>
* command.c (cmd_scd): New.
* call-scd.c (agent_card_scd): New.
* divert-scd.c (divert_generic_cmd): New
* call-scd.c (agent_card_learn): New callback args SINFO.
(learn_status_cb): Pass all other status lines to the sinfo
callback.
* learncard.c (release_sinfo, sinfo_cb): New.
(agent_handle_learn): Pass the new cb to the learn function and
pass the collected information back to the client's assuan
connection.
* gpg-agent.c (main): Moved pth_init before gcry_check_version.
2003-06-24 Werner Koch <wk@gnupg.org>
* gpg-agent.c (handle_connections): Adjusted for Pth 2.0
Adjusted for changes in the libgcrypt API. Some more fixes for the
libgpg-error stuff.
2003-06-04 Werner Koch <wk@gnupg.org>
Renamed error codes from INVALID to INV and removed _ERROR suffixes.
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* agent.h: Include gpg-error.h and errno.h
* Makefile.am: Link with libgpg-error
* query.c: assuan.h is now a system header.
* genkey.c (agent_genkey): Fixed silly use of xmalloc by
xtrymalloc.
2003-04-29 Werner Koch <wk@gnupg.org>
* command.c (register_commands): Adjusted for new Assuan semantics.
* Makefile.am: Don't override LDFLAGS.
2002-12-04 Werner Koch <wk@gnupg.org>
* gpg-agent.c: New variable config_filename.
(parse_rereadable_options): New.
(main): Use it here. Add setting of default values, set
config_filename.
(reread_configuration): Filled with actual code.
2002-12-03 Werner Koch <wk@gnupg.org>
* protect-tool.c (read_key): Don't run make_canonical on a NULL
buffer.
* command.c (parse_hexstring): New.
(cmd_sethash): Use it.
(parse_keygrip): New.
(cmd_havekey, cmd_sigkey): Use it.
(cmd_passwd): New.
* genkey.c (agent_protect_and_store): New.
(store_key): Add arg FORCE.
(agent_genkey): Pass false to this force of store_key.
2002-11-13 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Switch all messages to utf-8.
* simple-pwquery.c (agent_send_all_options): Use $GPG_TTY and
stdin with ttyname.
* cache.c (new_data): Uiih - /sizeof d/sizeof *d/.
2002-11-10 Werner Koch <wk@gnupg.org>
* command.c (option_handler): Fix keep_tty check.
2002-11-06 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Make sure we have a default ttyname.
* command.c (option_handler): Check opt.keep_tty here
* query.c (start_pinentry): but not anymore here.
2002-11-05 Werner Koch <wk@gnupg.org>
* agent.h (opt,server_control_s): Move display and lc_ variables
to the control struct so that they are per connection.
* gpg-agent.c (agent_init_default_ctrl): New.
(main): Assign those command line options to new default_* variables.
Reset DISPLAY in server mode so that tehre is no implicit default.
* command.c (start_command_handler): Initialize and deinitialize
the control values.
(option_handler): Work on the ctrl values and not on the opt.
* query.c (start_pinentry): New argument CTRL to set the display
connection specific. Changed all callers to pass this value.
(agent_askpin,agent_get_passphrase,agent_get_confirmation): Add
CTRL arg and pass it ot start_pinentry.
* command.c (cmd_get_passphrase): Pass CTRL argument.
* trustlist.c (agent_marktrusted): Add CTRL argument
* command.c (cmd_marktrusted): Pass CTRL argument
* divert-scd.c (ask_for_card): Add CTRL arg.
(divert_pksign,divert_pkdecrypt): Ditto. Changed caller.
(getpin_cb): Use OPAQUE to pass the CTRL variable. Changed both
users.
* findkey.c (unprotect): Add CTRL arg.
(agent_key_from_file): Ditto.
* query.c (unlock_pinentry): Disconnect the pinentry so that we
start a new one for each request. This is required to support
clients with different environments (e.g. X magic cookies).
2002-09-05 Neal H. Walfield <neal@cs.uml.edu>
* gpg-agent.c (main) [USE_GNU_PTH]: No need to call
assuan_set_io_func as assuan is smart.
2002-09-25 Werner Koch <wk@gnupg.org>
* gpg-agent.c (handle_signal): Flush cache on SIGHUP.
* cache.c (agent_flush_cache): New.
* gpg-agent.c, agent.h: Add --keep-display and --keep-tty.
* query.c (start_pinentry): Implement them. The option passing
needs more thoughts.
2002-09-09 Werner Koch <wk@gnupg.org>
* gpg-agent.c (create_private_keys_directory)
(create_directories): New.
(main): Try to create a home directory.
2002-09-04 Neal H. Walfield <neal@g10code.de>
* gpg-agent.c (main): Use sigaction, not signal.
2002-09-03 Neal H. Walfield <neal@g10code.de>
* findkey.c: Include <fcntl.h>.
(agent_write_private_key): Prefer POSIX compatibity, open and
fdopen, over the simplicity of GNU extensions, fopen(file, "x").
2002-08-22 Werner Koch <wk@gnupg.org>
* query.c (agent_askpin): Provide the default desc text depending
on the pininfo. Do the basic PIN verification only when
min_digits is set.
2002-08-21 Werner Koch <wk@gnupg.org>
* query.c (agent_askpin): Hack to show the right default prompt.
(agent_get_passphrase): Ditto.
* trans.c: Removed and replaced all usages with standard _()
* divert-scd.c (getpin_cb): Pass a more descritive text to the
pinentry.
* Makefile.am: Renamed the binary protect-tool to gpg-protect-tool.
* protect-tool.c: Removed the note about internal use only.
* gpg-agent.c (main): New option --daemon so that the program is
not accidently started in the background.
2002-08-16 Werner Koch <wk@gnupg.org>
* call-scd.c (learn_status_cb): Handle CERTINFO status.
(agent_card_learn): Add args for certinfo cb.
* learncard.c (release_certinfo,certinfo_cb): New.
(send_cert_back): New. With factored out code from ..
(agent_handle_learn): here. Return certinfo stuff.
2002-07-26 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): New option --ignore-cache-for-signing.
* command.c (option_handler): New server option
use-cache-for-signing defaulting to true.
(cmd_pksign): handle global and per session option.
* findkey.c (agent_key_from_file, unprotect): New arg
ignore_cache. Changed all callers.
* pksign.c (agent_pksign): Likewise.
2002-06-29 Werner Koch <wk@gnupg.org>
* query.c (start_pinentry): Use GNUPG_DERAULT_PINENTRY.
* call-scd.c (start_scd): Use GNUPG_DEFAULT_SCDAEMON.
2002-06-28 Werner Koch <wk@gnupg.org>
* protect-tool.c (export_p12_file): New.
(main): New command --p12-export.
* minip12.c (create_final,p12_build,compute_tag_length): New.
(store_tag_length): New.
2002-06-27 Werner Koch <wk@gnupg.org>
* minip12.c (crypt_block): Renamed from decrypt_block, add arg to
allow encryption.
* Makefile.am (pkglib_PROGRAMS): Put protect-tool there.
* findkey.c (agent_write_private_key,agent_key_from_file)
(agent_key_available): Use GNUPG_PRIVATE_KEYS_DIR constant.
* gpg-agent.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.
* protect-tool.c (store_private_key): New.
(import_p12_file): Store the new file if requested.
(main): New options --force and --store.
* gpg-agent.c (main): Set a global flag when running detached.
* query.c (start_pinentry): Pass the list of FD to keep in the
child when not running detached.
* call-scd.c (start_scd): Ditto.
2002-06-26 Werner Koch <wk@gnupg.org>
* command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted)
(cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_get_passphrase)
(cmd_learn): Print an error message for a failed operation.
* simple-pwquery.c, simple-pwquery.h: New.
* protect-tool. (get_passphrase): New, used to get a passphrase
from the agent if none was given on the command line.
2002-06-25 Werner Koch <wk@gnupg.org>
* protect-tool.c (rsa_key_check): New.
(import_p12_file): New.
(main): New command --p12-import.
* minip12.c, minip12.h: New.
2002-06-24 Werner Koch <wk@gnupg.org>
* protect-tool.c (read_file): New.
(read_key): Factored most code out to read_file.
2002-06-17 Werner Koch <wk@gnupg.org>
* agent.h: Add a callback function to the pin_entry_info structure.
* query.c (agent_askpin): Use the callback to check for a correct
PIN. Removed the start_err_text argument because it is not
anymore needed; changed callers.
* findkey.c (unprotect): Replace our own check loop by a callback.
(try_unprotect_cb): New.
* genkey.c (reenter_compare_cb): New.
(agent_genkey): Use this callback here. Fixed setting of the pi2
variable and a segv in case of an empty PIN.
* divert-scd.c (getpin_cb): Removed some unused stuff and
explained what we still have to change.
2002-06-12 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): New option --disable-pth.
2002-06-11 Werner Koch <wk@gnupg.org>
* protect-tool.c: Add command --show-keygrip
(show_keygrip): New.
2002-05-23 Werner Koch <wk@gnupg.org>
* call-scd.c: Seirialized all scdaeom access when using Pth.
* cache.c: Made the cache Pth-thread-safe.
(agent_unlock_cache_entry): New.
* findkey.c (unprotect): Unlock the returned cache value.
* command.c (cmd_get_passphrase): Ditto.
* gpg-agent.c (main): Register pth_read/write with Assuan.
2002-05-22 Werner Koch <wk@gnupg.org>
* query.c: Serialized all pinentry access when using Pth.
* gpg-agent.c (handle_signal,start_connection_thread)
(handle_connections): New
(main): Use the new Pth stuff to allow concurrent connections.
* command.c (start_command_handler): Add new arg FD so that the
fucntion can also be used for an already connected socket.
* Makefile.am: Link with Pth.
2002-05-14 Werner Koch <wk@gnupg.org>
* cache.c (housekeeping, agent_put_cache): Use our time() wrapper.
2002-04-26 Werner Koch <wk@gnupg.org>
* cache.c (agent_put_cache): Reinitialize the creation time and
the ttl when reusing a slot.
* call-scd.c (start_scd): Print debug messages only with debug
flags set.
* query.c (start_pinentry): Ditto.
2002-04-25 Marcus Brinkmann <marcus@g10code.de>
* agent.h (agent_get_confirmation): Replace paramter prompt with
two parameters ok and cancel.
* query.c (agent_get_confirmation): Likewise. Implement this.
* trustlist.c (agent_marktrusted): Fix invocation of
agent_get_confirmation.
* divert-scd.c (ask_for_card): Likewise.
2002-04-24 Marcus Brinkmann <marcus@g10code.de>
* agent.h (struct opt): Add members display, ttyname, ttytype,
lc_ctype, and lc_messages.
* gpg-agent.c (enum cmd_and_opt_values): Add oDisplay, oTTYname,
oTTYtype, oLCctype, and LCmessages.
(main): Handle these options.
* command.c (option_handler): New function.
(register_commands): Register option handler.
* query.c (start_pinentry): Pass the various display and tty
options to the pinentry.
2002-04-05 Werner Koch <wk@gnupg.org>
* protect-tool.c (show_file): New. Used as default action.
2002-03-28 Werner Koch <wk@gnupg.org>
* divert-scd.c (encode_md_for_card): Don't do the pkcs-1 padding,
the scdaemon should take care of it.
(ask_for_card): Hack to not display the trailing zero.
2002-03-11 Werner Koch <wk@gnupg.org>
* learncard.c (kpinfo_cb): Remove the content restrictions from
the keyID.
2002-03-06 Werner Koch <wk@gnupg.org>
* learncard.c: New.
* divert-scd.c (ask_for_card): The serial number is binary so
convert it to hex here.
* findkey.c (agent_write_private_key): New.
* genkey.c (store_key): And use it here.
* pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done.
* divert-scd.c (divert_pkdecrypt): Changed interface and
implemented it.
2002-03-05 Werner Koch <wk@gnupg.org>
* call-scd.c (inq_needpin): New.
(agent_card_pksign): Add getpin_cb args.
(agent_card_pkdecrypt): New.
2002-03-04 Werner Koch <wk@gnupg.org>
* pksign.c (agent_pksign): Changed how the diversion is done.
* divert-scd.c (divert_pksign): Changed interface and implemented it.
(encode_md_for_card): New.
* call-scd.c (agent_card_pksign): New.
2002-02-28 Werner Koch <wk@gnupg.org>
* pksign.c (agent_pksign): Detect whether a Smartcard is to be
used and divert the operation in this case.
* pkdecrypt.c (agent_pkdecrypt): Likewise
* findkey.c (agent_key_from_file): Add optional arg shadow_info
and have it return information about a shadowed key.
* protect.c (agent_get_shadow_info): New.
* protect.c (snext,sskip,smatch): Moved to
* sexp-parse.h: New file.
* divert-scd.c: New.
2002-02-27 Werner Koch <wk@gnupg.org>
* protect.c (agent_shadow_key): New.
* command.c (cmd_learn): New command LEARN.
* gpg-agent.c: New option --scdaemon-program.
* call-scd.c (start_scd): New. Based on query.c
* query.c: Add 2 more arguments to all uses of assuan_transact.
2002-02-18 Werner Koch <wk@gnupg.org>
* findkey.c (unprotect): Show an error message for a bad passphrase.
* command.c (cmd_marktrusted): Implemented.
* trustlist.c (agent_marktrusted): New.
(open_list): Add APPEND arg.
* query.c (agent_get_confirmation): New.
2002-02-06 Werner Koch <wk@gnupg.org>
* cache.c (housekeeping): Fixed linking in the remove case.
2002-02-01 Werner Koch <wk@gnupg.org>
* gpg-agent.c: New option --default-cache-ttl.
* cache.c (agent_put_cache): Use it.
* cache.c: Add a few debug outputs.
* protect.c (agent_private_key_type): New.
* agent.h: Add PRIVATE_KEY_ enums.
* findkey.c (agent_key_from_file): Use it to decide whether we
have to unprotect a key.
(unprotect): Cache the passphrase.
* findkey.c (agent_key_from_file,agent_key_available): The key
files do now require a ".key" suffix to make a script's life
easier.
* genkey.c (store_key): Ditto.
2002-01-31 Werner Koch <wk@gnupg.org>
* genkey.c (store_key): Protect the key.
(agent_genkey): Ask for the passphrase.
* findkey.c (unprotect): Actually unprotect the key.
* query.c (agent_askpin): Add an optional start_err_text.
2002-01-30 Werner Koch <wk@gnupg.org>
* protect.c: New.
(hash_passphrase): Based on the GnuPG 1.0.6 version.
* protect-tool.c: New
2002-01-29 Werner Koch <wk@gnupg.org>
* findkey.c (agent_key_available): New.
* command.c (cmd_havekey): New.
(register_commands): And register new command.
2002-01-20 Werner Koch <wk@gnupg.org>
* command.c (cmd_get_passphrase): Remove the plus signs.
* query.c (start_pinentry): Send no-grab option to pinentry
* gpg-agent.c (main): Move variable grab as no_grab to agent.h.
2002-01-19 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Disable core dumps.
* cache.c: New.
* command.c (cmd_get_passphrase): Use the cache.
(cmd_clear_passphrase): Ditto.
* gpg-agent.c: Removed unused cruft and implement the socket
based server.
(my_strusage): Take bug report address from configure.ac.
* command.c (start_command_handler): Add an argument to start as
regular server.
(start_command_handler): Enable Assuan logging.
2002-01-15 Werner Koch <wk@gnupg.org>
* trustlist.c: New.
* command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted): New.
2002-01-07 Werner Koch <wk@gnupg.org>
* genkey.c: Store the secret part and return the public part.
2002-01-03 Werner Koch <wk@gnupg.org>
* command.c (cmd_get_passphrase): New.
(cmd_clear_passphrase): New.
* query.c (agent_get_passphrase): New.
2002-01-02 Werner Koch <wk@gnupg.org>
* genkey.c: New.
* command.c (cmd_genkey): New.
* command.c (rc_to_assuan_status): Removed and changed all callers
to use map_to_assuan_status.
2001-12-19 Werner Koch <wk@gnupg.org>
* keyformat.txt: New.
2001-12-19 Marcus Brinkmann <marcus@g10code.de>
* query.c (start_pinentry): Add new argument to assuan_pipe_connect.
2001-12-18 Werner Koch <wk@gnupg.org>
* Makefile.am: Use LIBGCRYPT macros
2001-12-14 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): New option --batch. New option --debug-wait
n, so that it is possible to attach gdb when used in server mode.
* query.c (agent_askpin): Don't ask in batch mode.
* command.c: Removed the conversion macros as they are now in
../common/util.h.
2001-12-14 Marcus Brinkmann <marcus@g10code.de>
* query.c (LINELENGTH): Removed.
(agent_askpin): Use ASSUAN_LINELENGTH, not LINELENGTH.
2001-11-19 Werner Koch <wk@gnupg.org>
* gpg-agent.c: Removed all GUI code, removed code for old
protocol. New code to use the Assuan protocol as a server and
also to communicate with a new ask-passphrase utility.
2000-11-22 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): csh support by Dan Winship, new options --sh
and --csh and set default by consulting $SHELL.
Mon Aug 21 17:59:17 CEST 2000 Werner Koch <wk@openit.de>
* gpg-agent.c (passphrase_dialog): Cleanup the window and added the
user supplied text to the window.
(main): Fixed segv in gtk_init when used without a command to start.
* gpg-agent.c: --flush option.
(req_flush): New.
(req_clear_passphrase): Implemented.
Fri Aug 18 14:27:14 CEST 2000 Werner Koch <wk@openit.de>
* gpg-agent.c: New.
* Makefile.am: New.
Copyright 2001, 2002, 2003, 2004, 2005,
2007 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/agent/agent.h b/agent/agent.h
index beb70111e..f824fe615 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -1,355 +1,358 @@
/* agent.h - Global definitions for the agent
* Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef AGENT_H
#define AGENT_H
#ifdef GPG_ERR_SOURCE_DEFAULT
#error GPG_ERR_SOURCE_DEFAULT already defined
#endif
#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPGAGENT
#include <gpg-error.h>
#define map_assuan_err(a) \
map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a))
#include <errno.h>
#include <gcrypt.h>
#include "../common/util.h"
#include "../common/membuf.h"
#include "../common/sysutils.h" /* (gnupg_fd_t) */
/* To convey some special hash algorithms we use algorithm numbers
reserved for application use. */
#ifndef GCRY_MD_USER
#define GCRY_MD_USER 1024
#endif
#define GCRY_MD_USER_TLS_MD5SHA1 (GCRY_MD_USER+1)
/* Maximum length of a digest. */
#define MAX_DIGEST_LEN 36
/* A large struct name "opt" to keep global flags */
struct
{
unsigned int debug; /* Debug flags (DBG_foo_VALUE) */
int verbose; /* Verbosity level */
int quiet; /* Be as quiet as possible */
int dry_run; /* Don't change any persistent data */
int batch; /* Batch mode */
const char *homedir; /* Configuration directory name */
/* Environment setting gathered at program start or changed using the
Assuan command UPDATESTARTUPTTY. */
char *startup_display;
char *startup_ttyname;
char *startup_ttytype;
char *startup_lc_ctype;
char *startup_lc_messages;
char *startup_xauthority;
char *startup_pinentry_user_data;
const char *pinentry_program; /* Filename of the program to start as
pinentry. */
const char *scdaemon_program; /* Filename of the program to handle
smartcard tasks. */
int disable_scdaemon; /* Never use the SCdaemon. */
int no_grab; /* Don't let the pinentry grab the keyboard */
/* The name of the file pinentry shall tocuh before exiting. If
this is not set the filoe name of the standard socket is used. */
const char *pinentry_touch_file;
/* The default and maximum TTL of cache entries. */
unsigned long def_cache_ttl; /* Default. */
unsigned long def_cache_ttl_ssh; /* for SSH. */
unsigned long max_cache_ttl; /* Default. */
unsigned long max_cache_ttl_ssh; /* for SSH. */
/* Flag disallowing bypassing of the warning. */
int enforce_passphrase_constraints;
/* The require minmum length of a passphrase. */
unsigned int min_passphrase_len;
/* The minimum number of non-alpha characters in a passphrase. */
unsigned int min_passphrase_nonalpha;
/* File name with a patternfile or NULL if not enabled. */
const char *check_passphrase_pattern;
/* If not 0 the user is asked to change his passphrase after these
number of days. */
unsigned int max_passphrase_days;
/* If set, a passphrase history will be written and checked at each
passphrase change. */
int enable_passhrase_history;
int running_detached; /* We are running detached from the tty. */
int ignore_cache_for_signing;
int allow_mark_trusted;
int allow_preset_passphrase;
int keep_tty; /* Don't switch the TTY (for pinentry) on request */
int keep_display; /* Don't switch the DISPLAY (for pinentry) on request */
int ssh_support; /* Enable ssh-agent emulation. */
} opt;
#define DBG_COMMAND_VALUE 1 /* debug commands i/o */
#define DBG_MPI_VALUE 2 /* debug mpi details */
#define DBG_CRYPTO_VALUE 4 /* debug low level crypto */
#define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */
#define DBG_CACHE_VALUE 64 /* debug the caching */
#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
#define DBG_HASHING_VALUE 512 /* debug hashing operations */
#define DBG_ASSUAN_VALUE 1024
#define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE)
#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
#define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE)
#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
struct server_local_s;
struct scd_local_s;
/* Collection of data per session (aka connection). */
struct server_control_s
{
/* Private data used to fire up the connection thread. We use this
structure do avoid an extra allocation for just a few bytes. */
struct {
gnupg_fd_t fd;
} thread_startup;
/* Private data of the server (command.c). */
struct server_local_s *server_local;
/* Private data of the SCdaemon (call-scd.c). */
struct scd_local_s *scd_local;
char *display;
char *ttyname;
char *ttytype;
char *lc_ctype;
char *lc_messages;
char *xauthority;
char *pinentry_user_data;
struct {
int algo;
unsigned char value[MAX_DIGEST_LEN];
int valuelen;
int raw_value: 1;
} digest;
unsigned char keygrip[20];
int have_keygrip;
int use_auth_call; /* Hack to send the PKAUTH command instead of the
PKSIGN command to the scdaemon. */
int in_passwd; /* Hack to inhibit enforced passphrase change
during an explicit passwd command. */
};
struct pin_entry_info_s
{
int min_digits; /* min. number of digits required or 0 for freeform entry */
int max_digits; /* max. number of allowed digits allowed*/
int max_tries;
int failed_tries;
int with_qualitybar; /* Set if the quality bar should be displayed. */
int (*check_cb)(struct pin_entry_info_s *); /* CB used to check the PIN */
void *check_cb_arg; /* optional argument which might be of use in the CB */
const char *cb_errtext; /* used by the cb to displaye a specific error */
size_t max_length; /* allocated length of the buffer */
char pin[1];
};
enum
{
PRIVATE_KEY_UNKNOWN = 0,
PRIVATE_KEY_CLEAR = 1,
PRIVATE_KEY_PROTECTED = 2,
PRIVATE_KEY_SHADOWED = 3
};
/* Values for the cache_mode arguments. */
typedef enum
{
CACHE_MODE_IGNORE = 0, /* Special mode to bypass the cache. */
CACHE_MODE_ANY, /* Any mode except ignore matches. */
CACHE_MODE_NORMAL, /* Normal cache (gpg-agent). */
CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */
CACHE_MODE_SSH /* SSH related cache. */
}
cache_mode_t;
/*-- gpg-agent.c --*/
void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */
const char *get_agent_socket_name (void);
const char *get_agent_ssh_socket_name (void);
+#ifdef HAVE_W32_SYSTEM
+void *get_agent_scd_notify_event (void);
+#endif
void agent_sighup_action (void);
/*-- command.c --*/
gpg_error_t agent_write_status (ctrl_t ctrl, const char *keyword, ...);
void bump_key_eventcounter (void);
void bump_card_eventcounter (void);
void start_command_handler (ctrl_t, gnupg_fd_t, gnupg_fd_t);
/*-- command-ssh.c --*/
void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
/*-- findkey.c --*/
int agent_write_private_key (const unsigned char *grip,
const void *buffer, size_t length, int force);
gpg_error_t agent_key_from_file (ctrl_t ctrl,
const char *desc_text,
const unsigned char *grip,
unsigned char **shadow_info,
cache_mode_t cache_mode,
gcry_sexp_t *result);
gpg_error_t agent_public_key_from_file (ctrl_t ctrl,
const unsigned char *grip,
gcry_sexp_t *result);
int agent_key_available (const unsigned char *grip);
/*-- call-pinentry.c --*/
void initialize_module_call_pinentry (void);
void agent_query_dump_state (void);
void agent_reset_query (ctrl_t ctrl);
int pinentry_active_p (ctrl_t ctrl, int waitseconds);
int agent_askpin (ctrl_t ctrl,
const char *desc_text, const char *prompt_text,
const char *inital_errtext,
struct pin_entry_info_s *pininfo);
int agent_get_passphrase (ctrl_t ctrl, char **retpass,
const char *desc, const char *prompt,
const char *errtext);
int agent_get_confirmation (ctrl_t ctrl, const char *desc, const char *ok,
const char *cancel);
int agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn);
int agent_popup_message_start (ctrl_t ctrl,
const char *desc, const char *ok_btn);
void agent_popup_message_stop (ctrl_t ctrl);
/*-- cache.c --*/
void agent_flush_cache (void);
int agent_put_cache (const char *key, cache_mode_t cache_mode,
const char *data, int ttl);
const char *agent_get_cache (const char *key, cache_mode_t cache_mode,
void **cache_id);
void agent_unlock_cache_entry (void **cache_id);
/*-- pksign.c --*/
int agent_pksign_do (ctrl_t ctrl, const char *desc_text,
gcry_sexp_t *signature_sexp,
cache_mode_t cache_mode);
int agent_pksign (ctrl_t ctrl, const char *desc_text,
membuf_t *outbuf, cache_mode_t cache_mode);
/*-- pkdecrypt.c --*/
int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
const unsigned char *ciphertext, size_t ciphertextlen,
membuf_t *outbuf);
/*-- genkey.c --*/
int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent);
int agent_genkey (ctrl_t ctrl,
const char *keyparam, size_t keyparmlen, membuf_t *outbuf);
int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey);
/*-- protect.c --*/
int agent_protect (const unsigned char *plainkey, const char *passphrase,
unsigned char **result, size_t *resultlen);
int agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
gnupg_isotime_t protected_at,
unsigned char **result, size_t *resultlen);
int agent_private_key_type (const unsigned char *privatekey);
unsigned char *make_shadow_info (const char *serialno, const char *idstring);
int agent_shadow_key (const unsigned char *pubkey,
const unsigned char *shadow_info,
unsigned char **result);
int agent_get_shadow_info (const unsigned char *shadowkey,
unsigned char const **shadow_info);
/*-- trustlist.c --*/
void initialize_module_trustlist (void);
gpg_error_t agent_istrusted (ctrl_t ctrl, const char *fpr);
gpg_error_t agent_listtrusted (void *assuan_context);
gpg_error_t agent_marktrusted (ctrl_t ctrl, const char *name,
const char *fpr, int flag);
void agent_reload_trustlist (void);
/*-- divert-scd.c --*/
int divert_pksign (ctrl_t ctrl,
const unsigned char *digest, size_t digestlen, int algo,
const unsigned char *shadow_info, unsigned char **r_sig);
int divert_pkdecrypt (ctrl_t ctrl,
const unsigned char *cipher,
const unsigned char *shadow_info,
char **r_buf, size_t *r_len);
int divert_generic_cmd (ctrl_t ctrl,
const char *cmdline, void *assuan_context);
/*-- call-scd.c --*/
void initialize_module_call_scd (void);
void agent_scd_dump_state (void);
void agent_scd_check_aliveness (void);
int agent_reset_scd (ctrl_t ctrl);
int agent_card_learn (ctrl_t ctrl,
void (*kpinfo_cb)(void*, const char *),
void *kpinfo_cb_arg,
void (*certinfo_cb)(void*, const char *),
void *certinfo_cb_arg,
void (*sinfo_cb)(void*, const char *,
size_t, const char *),
void *sinfo_cb_arg);
int agent_card_serialno (ctrl_t ctrl, char **r_serialno);
int agent_card_pksign (ctrl_t ctrl,
const char *keyid,
int (*getpin_cb)(void *, const char *, char*, size_t),
void *getpin_cb_arg,
const unsigned char *indata, size_t indatalen,
unsigned char **r_buf, size_t *r_buflen);
int agent_card_pkdecrypt (ctrl_t ctrl,
const char *keyid,
int (*getpin_cb)(void *, const char *, char*,size_t),
void *getpin_cb_arg,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen);
int agent_card_readcert (ctrl_t ctrl,
const char *id, char **r_buf, size_t *r_buflen);
int agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf);
gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result);
int agent_card_scd (ctrl_t ctrl, const char *cmdline,
int (*getpin_cb)(void *, const char *, char*, size_t),
void *getpin_cb_arg, void *assuan_context);
/*-- learncard.c --*/
int agent_handle_learn (ctrl_t ctrl, void *assuan_context);
#endif /*AGENT_H*/
diff --git a/agent/call-scd.c b/agent/call-scd.c
index 42f3f8e12..872ba3433 100644
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@@ -1,1142 +1,1149 @@
/* call-scd.c - fork of the scdaemon to do SC operations
* Copyright (C) 2001, 2002, 2005, 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <assert.h>
#include <unistd.h>
#include <signal.h>
#include <sys/stat.h>
#include <sys/types.h>
#ifndef HAVE_W32_SYSTEM
#include <sys/wait.h>
#endif
#include <pth.h>
#include "agent.h"
#include <assuan.h>
#ifdef _POSIX_OPEN_MAX
#define MAX_OPEN_FDS _POSIX_OPEN_MAX
#else
#define MAX_OPEN_FDS 20
#endif
/* Definition of module local data of the CTRL structure. */
struct scd_local_s
{
/* We keep a list of all allocated context with a an achnor at
SCD_LOCAL_LIST (see below). */
struct scd_local_s *next_local;
/* We need to get back to the ctrl object actually referencing this
structure. This is really an awkward way of enumerint the lcoal
contects. A much cleaner way would be to keep a global list of
ctrl objects to enumerate them. */
ctrl_t ctrl_backlink;
assuan_context_t ctx; /* NULL or session context for the SCdaemon
used with this connection. */
int locked; /* This flag is used to assert proper use of
start_scd and unlock_scd. */
};
/* Callback parameter for learn card */
struct learn_parm_s
{
void (*kpinfo_cb)(void*, const char *);
void *kpinfo_cb_arg;
void (*certinfo_cb)(void*, const char *);
void *certinfo_cb_arg;
void (*sinfo_cb)(void*, const char *, size_t, const char *);
void *sinfo_cb_arg;
};
struct inq_needpin_s
{
assuan_context_t ctx;
int (*getpin_cb)(void *, const char *, char*, size_t);
void *getpin_cb_arg;
assuan_context_t passthru; /* If not NULL, pass unknown inquiries
up to the caller. */
};
/* To keep track of all active SCD contexts, we keep a linked list
anchored at this variable. */
static struct scd_local_s *scd_local_list;
/* A Mutex used inside the start_scd function. */
static pth_mutex_t start_scd_lock;
/* A malloced string with the name of the socket to be used for
additional connections. May be NULL if not provided by
SCdaemon. */
static char *socket_name;
/* The context of the primary connection. This is also used as a flag
to indicate whether the scdaemon has been started. */
static assuan_context_t primary_scd_ctx;
/* To allow reuse of the primary connection, the following flag is set
to true if the primary context has been reset and is not in use by
any connection. */
static int primary_scd_ctx_reusable;
/* Local prototypes. */
static assuan_error_t membuf_data_cb (void *opaque,
const void *buffer, size_t length);
/* This function must be called once to initialize this module. This
has to be done before a second thread is spawned. We can't do the
static initialization because Pth emulation code might not be able
to do a static init; in particular, it is not possible for W32. */
void
initialize_module_call_scd (void)
{
static int initialized;
if (!initialized)
{
if (!pth_mutex_init (&start_scd_lock))
log_fatal ("error initializing mutex: %s\n", strerror (errno));
initialized = 1;
}
}
static void
dump_mutex_state (pth_mutex_t *m)
{
#ifdef _W32_PTH_H
log_printf ("unknown under W32");
#else
if (!(m->mx_state & PTH_MUTEX_INITIALIZED))
log_printf ("not_initialized");
else if (!(m->mx_state & PTH_MUTEX_LOCKED))
log_printf ("not_locked");
else
log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count);
#endif
}
/* This function may be called to print infromation pertaining to the
current state of this module to the log. */
void
agent_scd_dump_state (void)
{
log_info ("agent_scd_dump_state: scd_lock=");
dump_mutex_state (&start_scd_lock);
log_printf ("\n");
log_info ("agent_scd_dump_state: primary_scd_ctx=%p pid=%ld reusable=%d\n",
primary_scd_ctx,
(long)assuan_get_pid (primary_scd_ctx),
primary_scd_ctx_reusable);
if (socket_name)
log_info ("agent_scd_dump_state: socket=`%s'\n", socket_name);
}
/* The unlock_scd function shall be called after having accessed the
SCD. It is currently not very useful but gives an opportunity to
keep track of connections currently calling SCD. Note that the
"lock" operation is done by the start_scd() function which must be
called and error checked before any SCD operation. CTRL is the
usual connection context and RC the error code to be passed trhough
the function. */
static int
unlock_scd (ctrl_t ctrl, int rc)
{
if (ctrl->scd_local->locked != 1)
{
log_error ("unlock_scd: invalid lock count (%d)\n",
ctrl->scd_local->locked);
if (!rc)
rc = gpg_error (GPG_ERR_INTERNAL);
}
ctrl->scd_local->locked = 0;
return rc;
}
/* To make sure we leave no secrets in our image after forking of the
scdaemon, we use this callback. */
static void
atfork_cb (void *opaque, int where)
{
if (!where)
gcry_control (GCRYCTL_TERM_SECMEM);
}
/* Fork off the SCdaemon if this has not already been done. Lock the
daemon and make sure that a proper context has been setup in CTRL.
This function might also lock the daemon, which means that the
caller must call unlock_scd after this fucntion has returned
success and the actual Assuan transaction been done. */
static int
start_scd (ctrl_t ctrl)
{
gpg_error_t err = 0;
const char *pgmname;
assuan_context_t ctx;
const char *argv[3];
int no_close_list[3];
int i;
int rc;
if (opt.disable_scdaemon)
return gpg_error (GPG_ERR_NOT_SUPPORTED);
/* If this is the first call for this session, setup the local data
structure. */
if (!ctrl->scd_local)
{
ctrl->scd_local = xtrycalloc (1, sizeof *ctrl->scd_local);
if (!ctrl->scd_local)
return gpg_error_from_syserror ();
ctrl->scd_local->ctrl_backlink = ctrl;
ctrl->scd_local->next_local = scd_local_list;
scd_local_list = ctrl->scd_local;
}
/* Assert that the lock count is as expected. */
if (ctrl->scd_local->locked)
{
log_error ("start_scd: invalid lock count (%d)\n",
ctrl->scd_local->locked);
return gpg_error (GPG_ERR_INTERNAL);
}
ctrl->scd_local->locked++;
if (ctrl->scd_local->ctx)
return 0; /* Okay, the context is fine. We used to test for an
alive context here and do an disconnect. Now that we
have a ticker function to check for it, it is easier
not to check here but to let the connection run on an
error instead. */
/* We need to protect the following code. */
if (!pth_mutex_acquire (&start_scd_lock, 0, NULL))
{
log_error ("failed to acquire the start_scd lock: %s\n",
strerror (errno));
return gpg_error (GPG_ERR_INTERNAL);
}
/* Check whether the pipe server has already been started and in
this case either reuse a lingering pipe connection or establish a
new socket based one. */
if (primary_scd_ctx && primary_scd_ctx_reusable)
{
ctx = primary_scd_ctx;
primary_scd_ctx_reusable = 0;
if (opt.verbose)
log_info ("new connection to SCdaemon established (reusing)\n");
goto leave;
}
if (socket_name)
{
rc = assuan_socket_connect (&ctx, socket_name, 0);
if (rc)
{
log_error ("can't connect to socket `%s': %s\n",
socket_name, gpg_strerror (rc));
err = gpg_error (GPG_ERR_NO_SCDAEMON);
goto leave;
}
if (opt.verbose)
log_info ("new connection to SCdaemon established\n");
goto leave;
}
if (primary_scd_ctx)
{
log_info ("SCdaemon is running but won't accept further connections\n");
err = gpg_error (GPG_ERR_NO_SCDAEMON);
goto leave;
}
/* Nope, it has not been started. Fire it up now. */
if (opt.verbose)
log_info ("no running SCdaemon - starting it\n");
if (fflush (NULL))
{
#ifndef HAVE_W32_SYSTEM
err = gpg_error_from_syserror ();
#endif
log_error ("error flushing pending output: %s\n", strerror (errno));
/* At least Windows XP fails here with EBADF. According to docs
and Wine an fflush(NULL) is the same as _flushall. However
the Wime implementaion does not flush stdin,stdout and stderr
- see above. Lets try to ignore the error. */
#ifndef HAVE_W32_SYSTEM
goto leave;
#endif
}
if (!opt.scdaemon_program || !*opt.scdaemon_program)
opt.scdaemon_program = gnupg_module_name (GNUPG_MODULE_NAME_SCDAEMON);
if ( !(pgmname = strrchr (opt.scdaemon_program, '/')))
pgmname = opt.scdaemon_program;
else
pgmname++;
argv[0] = pgmname;
argv[1] = "--multi-server";
argv[2] = NULL;
i=0;
if (!opt.running_detached)
{
if (log_get_fd () != -1)
no_close_list[i++] = log_get_fd ();
no_close_list[i++] = fileno (stderr);
}
no_close_list[i] = -1;
/* Connect to the pinentry and perform initial handshaking. Use
detached flag (128) so that under W32 SCDAEMON does not show up a
new window. */
rc = assuan_pipe_connect_ext (&ctx, opt.scdaemon_program, argv,
no_close_list, atfork_cb, NULL, 128);
if (rc)
{
log_error ("can't connect to the SCdaemon: %s\n",
gpg_strerror (rc));
err = gpg_error (GPG_ERR_NO_SCDAEMON);
goto leave;
}
if (opt.verbose)
log_debug ("first connection to SCdaemon established\n");
/* Get the name of the additional socket opened by scdaemon. */
{
membuf_t data;
unsigned char *databuf;
size_t datalen;
xfree (socket_name);
socket_name = NULL;
init_membuf (&data, 256);
assuan_transact (ctx, "GETINFO socket_name",
membuf_data_cb, &data, NULL, NULL, NULL, NULL);
databuf = get_membuf (&data, &datalen);
if (databuf && datalen)
{
socket_name = xtrymalloc (datalen + 1);
if (!socket_name)
log_error ("warning: can't store socket name: %s\n",
strerror (errno));
else
{
memcpy (socket_name, databuf, datalen);
socket_name[datalen] = 0;
if (DBG_ASSUAN)
log_debug ("additional connections at `%s'\n", socket_name);
}
}
xfree (databuf);
}
/* Tell the scdaemon we want him to send us an event signal. */
-#ifndef HAVE_W32_SYSTEM
{
char buf[100];
- sprintf (buf, "OPTION event-signal=%d", SIGUSR2);
+#ifdef HAVE_W32_SYSTEM
+ snprintf (buf, sizeof buf, "OPTION event-signal=%lx",
+ (unsigned long)get_agent_scd_notify_event ());
+#else
+ snprintf (buf, sizeof buf, "OPTION event-signal=%d", SIGUSR2);
+#endif
assuan_transact (ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL);
}
-#endif
primary_scd_ctx = ctx;
primary_scd_ctx_reusable = 0;
leave:
if (err)
{
unlock_scd (ctrl, err);
}
else
{
ctrl->scd_local->ctx = ctx;
}
if (!pth_mutex_release (&start_scd_lock))
log_error ("failed to release the start_scd lock: %s\n", strerror (errno));
return err;
}
/* Check whether the Scdaemon is still alive and clean it up if not. */
void
agent_scd_check_aliveness (void)
{
pth_event_t evt;
pid_t pid;
int rc;
+#ifdef HAVE_W32_SYSTEM
+ DWORD dummyec;
+#endif
if (!primary_scd_ctx)
return; /* No scdaemon running. */
/* This is not a critical function so we use a short timeout while
acquiring the lock. */
evt = pth_event (PTH_EVENT_TIME, pth_timeout (1, 0));
if (!pth_mutex_acquire (&start_scd_lock, 0, evt))
{
if (pth_event_occurred (evt))
{
if (opt.verbose > 1)
log_info ("failed to acquire the start_scd lock while"
" doing an aliveness check: %s\n", "timeout");
}
else
log_error ("failed to acquire the start_scd lock while"
" doing an aliveness check: %s\n", strerror (errno));
pth_event_free (evt, PTH_FREE_THIS);
return;
}
pth_event_free (evt, PTH_FREE_THIS);
if (primary_scd_ctx)
{
pid = assuan_get_pid (primary_scd_ctx);
#ifdef HAVE_W32_SYSTEM
-#warning Need to implement an alive test for scdaemon
+ if (pid != (pid_t)(void*)(-1) && pid
+ && !GetExitCodeProcess ((HANDLE)pid, &dummyec))
#else
if (pid != (pid_t)(-1) && pid
&& ((rc=waitpid (pid, NULL, WNOHANG))==-1 || (rc == pid)) )
+#endif
{
/* Okay, scdaemon died. Disconnect the primary connection
now but take care that it won't do another wait. Also
cleanup all other connections and release their
resources. The next use will start a new daemon then.
Due to the use of the START_SCD_LOCAL we are sure that
none of these context are actually in use. */
struct scd_local_s *sl;
assuan_set_flag (primary_scd_ctx, ASSUAN_NO_WAITPID, 1);
assuan_disconnect (primary_scd_ctx);
for (sl=scd_local_list; sl; sl = sl->next_local)
{
if (sl->ctx)
{
if (sl->ctx != primary_scd_ctx)
assuan_disconnect (sl->ctx);
sl->ctx = NULL;
}
}
primary_scd_ctx = NULL;
primary_scd_ctx_reusable = 0;
xfree (socket_name);
socket_name = NULL;
}
-#endif
}
if (!pth_mutex_release (&start_scd_lock))
log_error ("failed to release the start_scd lock while"
" doing the aliveness check: %s\n", strerror (errno));
}
/* Reset the SCD if it has been used. Actually it is not a reset but
a cleanup of resources used by the current connection. */
int
agent_reset_scd (ctrl_t ctrl)
{
if (ctrl->scd_local)
{
if (ctrl->scd_local->ctx)
{
/* We can't disconnect the primary context because libassuan
does a waitpid on it and thus the system would hang.
Instead we send a reset and keep that connection for
reuse. */
if (ctrl->scd_local->ctx == primary_scd_ctx)
{
/* Send a RESTART to the SCD. This is required for the
primary connection as a kind of virtual EOF; we don't
have another way to tell it that the next command
should be viewed as if a new connection has been
made. For the non-primary connections this is not
needed as we simply close the socket. We don't check
for an error here because the RESTART may fail for
example if the scdaemon has already been terminated.
Anyway, we need to set the reusable flag to make sure
that the aliveness check can clean it up. */
assuan_transact (primary_scd_ctx, "RESTART",
NULL, NULL, NULL, NULL, NULL, NULL);
primary_scd_ctx_reusable = 1;
}
else
assuan_disconnect (ctrl->scd_local->ctx);
ctrl->scd_local->ctx = NULL;
}
/* Remove the local context from our list and release it. */
if (!scd_local_list)
BUG ();
else if (scd_local_list == ctrl->scd_local)
scd_local_list = ctrl->scd_local->next_local;
else
{
struct scd_local_s *sl;
for (sl=scd_local_list; sl->next_local; sl = sl->next_local)
if (sl->next_local == ctrl->scd_local)
break;
if (!sl->next_local)
BUG ();
sl->next_local = ctrl->scd_local->next_local;
}
xfree (ctrl->scd_local);
ctrl->scd_local = NULL;
}
return 0;
}
/* Return a new malloced string by unescaping the string S. Escaping
is percent escaping and '+'/space mapping. A binary Nul will
silently be replaced by a 0xFF. Function returns NULL to indicate
an out of memory status. */
static char *
unescape_status_string (const unsigned char *s)
{
char *buffer, *d;
buffer = d = xtrymalloc (strlen ((const char*)s)+1);
if (!buffer)
return NULL;
while (*s)
{
if (*s == '%' && s[1] && s[2])
{
s++;
*d = xtoi_2 (s);
if (!*d)
*d = '\xff';
d++;
s += 2;
}
else if (*s == '+')
{
*d++ = ' ';
s++;
}
else
*d++ = *s++;
}
*d = 0;
return buffer;
}
static int
learn_status_cb (void *opaque, const char *line)
{
struct learn_parm_s *parm = opaque;
const char *keyword = line;
int keywordlen;
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
;
while (spacep (line))
line++;
if (keywordlen == 8 && !memcmp (keyword, "CERTINFO", keywordlen))
{
parm->certinfo_cb (parm->certinfo_cb_arg, line);
}
else if (keywordlen == 11 && !memcmp (keyword, "KEYPAIRINFO", keywordlen))
{
parm->kpinfo_cb (parm->kpinfo_cb_arg, line);
}
else if (keywordlen && *line)
{
parm->sinfo_cb (parm->sinfo_cb_arg, keyword, keywordlen, line);
}
return 0;
}
/* Perform the LEARN command and return a list of all private keys
stored on the card. */
int
agent_card_learn (ctrl_t ctrl,
void (*kpinfo_cb)(void*, const char *),
void *kpinfo_cb_arg,
void (*certinfo_cb)(void*, const char *),
void *certinfo_cb_arg,
void (*sinfo_cb)(void*, const char *, size_t, const char *),
void *sinfo_cb_arg)
{
int rc;
struct learn_parm_s parm;
rc = start_scd (ctrl);
if (rc)
return rc;
memset (&parm, 0, sizeof parm);
parm.kpinfo_cb = kpinfo_cb;
parm.kpinfo_cb_arg = kpinfo_cb_arg;
parm.certinfo_cb = certinfo_cb;
parm.certinfo_cb_arg = certinfo_cb_arg;
parm.sinfo_cb = sinfo_cb;
parm.sinfo_cb_arg = sinfo_cb_arg;
rc = assuan_transact (ctrl->scd_local->ctx, "LEARN --force",
NULL, NULL, NULL, NULL,
learn_status_cb, &parm);
if (rc)
return unlock_scd (ctrl, rc);
return unlock_scd (ctrl, 0);
}
static int
get_serialno_cb (void *opaque, const char *line)
{
char **serialno = opaque;
const char *keyword = line;
const char *s;
int keywordlen, n;
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
;
while (spacep (line))
line++;
if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
{
if (*serialno)
return gpg_error (GPG_ERR_CONFLICT); /* Unexpected status line. */
for (n=0,s=line; hexdigitp (s); s++, n++)
;
if (!n || (n&1)|| !(spacep (s) || !*s) )
return gpg_error (GPG_ERR_ASS_PARAMETER);
*serialno = xtrymalloc (n+1);
if (!*serialno)
return out_of_core ();
memcpy (*serialno, line, n);
(*serialno)[n] = 0;
}
return 0;
}
/* Return the serial number of the card or an appropriate error. The
serial number is returned as a hexstring. */
int
agent_card_serialno (ctrl_t ctrl, char **r_serialno)
{
int rc;
char *serialno = NULL;
rc = start_scd (ctrl);
if (rc)
return rc;
rc = assuan_transact (ctrl->scd_local->ctx, "SERIALNO",
NULL, NULL, NULL, NULL,
get_serialno_cb, &serialno);
if (rc)
{
xfree (serialno);
return unlock_scd (ctrl, rc);
}
*r_serialno = serialno;
return unlock_scd (ctrl, 0);
}
static int
membuf_data_cb (void *opaque, const void *buffer, size_t length)
{
membuf_t *data = opaque;
if (buffer)
put_membuf (data, buffer, length);
return 0;
}
/* Handle the NEEDPIN inquiry. */
static int
inq_needpin (void *opaque, const char *line)
{
struct inq_needpin_s *parm = opaque;
char *pin;
size_t pinlen;
int rc;
if (!strncmp (line, "NEEDPIN", 7) && (line[7] == ' ' || !line[7]))
{
line += 7;
while (*line == ' ')
line++;
pinlen = 90;
pin = gcry_malloc_secure (pinlen);
if (!pin)
return out_of_core ();
rc = parm->getpin_cb (parm->getpin_cb_arg, line, pin, pinlen);
if (!rc)
rc = assuan_send_data (parm->ctx, pin, pinlen);
xfree (pin);
}
else if (!strncmp (line, "POPUPKEYPADPROMPT", 17)
&& (line[17] == ' ' || !line[17]))
{
line += 17;
while (*line == ' ')
line++;
rc = parm->getpin_cb (parm->getpin_cb_arg, line, NULL, 1);
}
else if (!strncmp (line, "DISMISSKEYPADPROMPT", 19)
&& (line[19] == ' ' || !line[19]))
{
rc = parm->getpin_cb (parm->getpin_cb_arg, "", NULL, 0);
}
else if (parm->passthru)
{
unsigned char *value;
size_t valuelen;
int rest;
int needrest = !strncmp (line, "KEYDATA", 8);
/* Pass the inquiry up to our caller. We limit the maximum
amount to an arbitrary value. As we know that the KEYDATA
enquiry is pretty sensitive we disable logging then */
if ((rest = (needrest
&& !assuan_get_flag (parm->passthru, ASSUAN_CONFIDENTIAL))))
assuan_begin_confidential (parm->passthru);
rc = assuan_inquire (parm->passthru, line, &value, &valuelen, 8096);
if (rest)
assuan_end_confidential (parm->passthru);
if (!rc)
{
if ((rest = (needrest
&& !assuan_get_flag (parm->ctx, ASSUAN_CONFIDENTIAL))))
assuan_begin_confidential (parm->ctx);
rc = assuan_send_data (parm->ctx, value, valuelen);
if (rest)
assuan_end_confidential (parm->ctx);
xfree (value);
}
else
log_error ("error forwarding inquiry `%s': %s\n",
line, gpg_strerror (rc));
}
else
{
log_error ("unsupported inquiry `%s'\n", line);
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}
return rc;
}
/* Create a signature using the current card */
int
agent_card_pksign (ctrl_t ctrl,
const char *keyid,
int (*getpin_cb)(void *, const char *, char*, size_t),
void *getpin_cb_arg,
const unsigned char *indata, size_t indatalen,
unsigned char **r_buf, size_t *r_buflen)
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
membuf_t data;
struct inq_needpin_s inqparm;
size_t len;
unsigned char *sigbuf;
size_t sigbuflen;
*r_buf = NULL;
rc = start_scd (ctrl);
if (rc)
return rc;
if (indatalen*2 + 50 > DIM(line))
return unlock_scd (ctrl, gpg_error (GPG_ERR_GENERAL));
sprintf (line, "SETDATA ");
p = line + strlen (line);
for (i=0; i < indatalen ; i++, p += 2 )
sprintf (p, "%02X", indata[i]);
rc = assuan_transact (ctrl->scd_local->ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_scd (ctrl, rc);
init_membuf (&data, 1024);
inqparm.ctx = ctrl->scd_local->ctx;
inqparm.getpin_cb = getpin_cb;
inqparm.getpin_cb_arg = getpin_cb_arg;
inqparm.passthru = 0;
snprintf (line, DIM(line)-1,
ctrl->use_auth_call? "PKAUTH %s":"PKSIGN %s", keyid);
line[DIM(line)-1] = 0;
rc = assuan_transact (ctrl->scd_local->ctx, line,
membuf_data_cb, &data,
inq_needpin, &inqparm,
NULL, NULL);
if (rc)
{
xfree (get_membuf (&data, &len));
return unlock_scd (ctrl, rc);
}
sigbuf = get_membuf (&data, &sigbuflen);
/* Create an S-expression from it which is formatted like this:
"(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" */
*r_buflen = 21 + 11 + sigbuflen + 4;
p = xtrymalloc (*r_buflen);
*r_buf = (unsigned char*)p;
if (!p)
return unlock_scd (ctrl, out_of_core ());
p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
sprintf (p, "%u:", (unsigned int)sigbuflen);
p += strlen (p);
memcpy (p, sigbuf, sigbuflen);
p += sigbuflen;
strcpy (p, ")))");
xfree (sigbuf);
assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
return unlock_scd (ctrl, 0);
}
/* Decipher INDATA using the current card. Note that the returned value is */
int
agent_card_pkdecrypt (ctrl_t ctrl,
const char *keyid,
int (*getpin_cb)(void *, const char *, char*, size_t),
void *getpin_cb_arg,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen)
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
membuf_t data;
struct inq_needpin_s inqparm;
size_t len;
*r_buf = NULL;
rc = start_scd (ctrl);
if (rc)
return rc;
/* FIXME: use secure memory where appropriate */
if (indatalen*2 + 50 > DIM(line))
return unlock_scd (ctrl, gpg_error (GPG_ERR_GENERAL));
sprintf (line, "SETDATA ");
p = line + strlen (line);
for (i=0; i < indatalen ; i++, p += 2 )
sprintf (p, "%02X", indata[i]);
rc = assuan_transact (ctrl->scd_local->ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_scd (ctrl, rc);
init_membuf (&data, 1024);
inqparm.ctx = ctrl->scd_local->ctx;
inqparm.getpin_cb = getpin_cb;
inqparm.getpin_cb_arg = getpin_cb_arg;
inqparm.passthru = 0;
snprintf (line, DIM(line)-1, "PKDECRYPT %s", keyid);
line[DIM(line)-1] = 0;
rc = assuan_transact (ctrl->scd_local->ctx, line,
membuf_data_cb, &data,
inq_needpin, &inqparm,
NULL, NULL);
if (rc)
{
xfree (get_membuf (&data, &len));
return unlock_scd (ctrl, rc);
}
*r_buf = get_membuf (&data, r_buflen);
if (!*r_buf)
return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
return unlock_scd (ctrl, 0);
}
/* Read a certificate with ID into R_BUF and R_BUFLEN. */
int
agent_card_readcert (ctrl_t ctrl,
const char *id, char **r_buf, size_t *r_buflen)
{
int rc;
char line[ASSUAN_LINELENGTH];
membuf_t data;
size_t len;
*r_buf = NULL;
rc = start_scd (ctrl);
if (rc)
return rc;
init_membuf (&data, 1024);
snprintf (line, DIM(line)-1, "READCERT %s", id);
line[DIM(line)-1] = 0;
rc = assuan_transact (ctrl->scd_local->ctx, line,
membuf_data_cb, &data,
NULL, NULL,
NULL, NULL);
if (rc)
{
xfree (get_membuf (&data, &len));
return unlock_scd (ctrl, rc);
}
*r_buf = get_membuf (&data, r_buflen);
if (!*r_buf)
return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
return unlock_scd (ctrl, 0);
}
/* Read a key with ID and return it in an allocate buffer pointed to
by r_BUF as a valid S-expression. */
int
agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf)
{
int rc;
char line[ASSUAN_LINELENGTH];
membuf_t data;
size_t len, buflen;
*r_buf = NULL;
rc = start_scd (ctrl);
if (rc)
return rc;
init_membuf (&data, 1024);
snprintf (line, DIM(line)-1, "READKEY %s", id);
line[DIM(line)-1] = 0;
rc = assuan_transact (ctrl->scd_local->ctx, line,
membuf_data_cb, &data,
NULL, NULL,
NULL, NULL);
if (rc)
{
xfree (get_membuf (&data, &len));
return unlock_scd (ctrl, rc);
}
*r_buf = get_membuf (&data, &buflen);
if (!*r_buf)
return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
if (!gcry_sexp_canon_len (*r_buf, buflen, NULL, NULL))
{
xfree (*r_buf); *r_buf = NULL;
return unlock_scd (ctrl, gpg_error (GPG_ERR_INV_VALUE));
}
return unlock_scd (ctrl, 0);
}
/* Type used with the card_getattr_cb. */
struct card_getattr_parm_s {
const char *keyword; /* Keyword to look for. */
size_t keywordlen; /* strlen of KEYWORD. */
char *data; /* Malloced and unescaped data. */
int error; /* ERRNO value or 0 on success. */
};
/* Callback function for agent_card_getattr. */
static assuan_error_t
card_getattr_cb (void *opaque, const char *line)
{
struct card_getattr_parm_s *parm = opaque;
const char *keyword = line;
int keywordlen;
if (parm->data)
return 0; /* We want only the first occurrence. */
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
;
while (spacep (line))
line++;
if (keywordlen == parm->keywordlen
&& !memcmp (keyword, parm->keyword, keywordlen))
{
parm->data = unescape_status_string ((const unsigned char*)line);
if (!parm->data)
parm->error = errno;
}
return 0;
}
/* Call the agent to retrieve a single line data object. On success
the object is malloced and stored at RESULT; it is guaranteed that
NULL is never stored in this case. On error an error code is
returned and NULL stored at RESULT. */
gpg_error_t
agent_card_getattr (ctrl_t ctrl, const char *name, char **result)
{
int err;
struct card_getattr_parm_s parm;
char line[ASSUAN_LINELENGTH];
*result = NULL;
if (!*name)
return gpg_error (GPG_ERR_INV_VALUE);
memset (&parm, 0, sizeof parm);
parm.keyword = name;
parm.keywordlen = strlen (name);
/* We assume that NAME does not need escaping. */
if (8 + strlen (name) > DIM(line)-1)
return gpg_error (GPG_ERR_TOO_LARGE);
stpcpy (stpcpy (line, "GETATTR "), name);
err = start_scd (ctrl);
if (err)
return err;
err = assuan_transact (ctrl->scd_local->ctx, line,
NULL, NULL, NULL, NULL,
card_getattr_cb, &parm);
if (!err && parm.error)
err = gpg_error_from_errno (parm.error);
if (!err && !parm.data)
err = gpg_error (GPG_ERR_NO_DATA);
if (!err)
*result = parm.data;
else
xfree (parm.data);
return unlock_scd (ctrl, err);
}
static int
pass_status_thru (void *opaque, const char *line)
{
assuan_context_t ctx = opaque;
char keyword[200];
int i;
for (i=0; *line && !spacep (line) && i < DIM(keyword)-1; line++, i++)
keyword[i] = *line;
keyword[i] = 0;
/* truncate any remaining keyword stuff. */
for (; *line && !spacep (line); line++)
;
while (spacep (line))
line++;
assuan_write_status (ctx, keyword, line);
return 0;
}
static int
pass_data_thru (void *opaque, const void *buffer, size_t length)
{
assuan_context_t ctx = opaque;
assuan_send_data (ctx, buffer, length);
return 0;
}
/* Send the line CMDLINE with command for the SCDdaemon to it and send
all status messages back. This command is used as a general quoting
mechanism to pass everything verbatim to SCDAEMON. The PIN
inquiry is handled inside gpg-agent. */
int
agent_card_scd (ctrl_t ctrl, const char *cmdline,
int (*getpin_cb)(void *, const char *, char*, size_t),
void *getpin_cb_arg, void *assuan_context)
{
int rc;
struct inq_needpin_s inqparm;
rc = start_scd (ctrl);
if (rc)
return rc;
inqparm.ctx = ctrl->scd_local->ctx;
inqparm.getpin_cb = getpin_cb;
inqparm.getpin_cb_arg = getpin_cb_arg;
inqparm.passthru = assuan_context;
rc = assuan_transact (ctrl->scd_local->ctx, cmdline,
pass_data_thru, assuan_context,
inq_needpin, &inqparm,
pass_status_thru, assuan_context);
if (rc)
{
return unlock_scd (ctrl, rc);
}
return unlock_scd (ctrl, 0);
}
diff --git a/agent/command.c b/agent/command.c
index c0c21bf79..91279fa0f 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -1,1661 +1,1661 @@
/* command.c - gpg-agent command handler
* Copyright (C) 2001, 2002, 2003, 2004, 2005,
* 2006 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/* FIXME: we should not use the default assuan buffering but setup
some buffering in secure mempory to protect session keys etc. */
#include <config.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
#include <assert.h>
#include <assuan.h>
#include "agent.h"
/* maximum allowed size of the inquired ciphertext */
#define MAXLEN_CIPHERTEXT 4096
/* maximum allowed size of the key parameters */
#define MAXLEN_KEYPARAM 1024
#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
#if MAX_DIGEST_LEN < 20
#error MAX_DIGEST_LEN shorter than keygrip
#endif
/* Data used to associate an Assuan context with local server data */
struct server_local_s
{
assuan_context_t assuan_ctx;
int message_fd;
int use_cache_for_signing;
char *keydesc; /* Allocated description for the next key
operation. */
int pause_io_logging; /* Used to suppress I/O logging during a command */
#ifdef HAVE_W32_SYSTEM
int stopme; /* If set to true the agent will be terminated after
the end of this session. */
#endif
};
/* An entry for the getval/putval commands. */
struct putval_item_s
{
struct putval_item_s *next;
size_t off; /* Offset to the value into DATA. */
size_t len; /* Length of the value. */
char d[1]; /* Key | Nul | value. */
};
/* A list of key value pairs fpr the getval/putval commands. */
static struct putval_item_s *putval_list;
/* To help polling clients, we keep tarck of the number of certain
events. This structure keeps those counters. The counters are
integers and there should be no problem if they are overflowing as
callers need to check only whether a counter changed. The actual
values are not meaningful. */
struct
{
/* Incremented if any of the other counters below changed. */
unsigned int any;
/* Incremented if a key is added or removed from the internal privat
key database. */
unsigned int key;
/* Incremented if a change of the card readers stati has been
detected. */
unsigned int card;
} eventcounter;
/* Release the memory buffer MB but first wipe out the used memory. */
static void
clear_outbuf (membuf_t *mb)
{
void *p;
size_t n;
p = get_membuf (mb, &n);
if (p)
{
memset (p, 0, n);
xfree (p);
}
}
/* Write the content of memory buffer MB as assuan data to CTX and
wipe the buffer out afterwards. */
static gpg_error_t
write_and_clear_outbuf (assuan_context_t ctx, membuf_t *mb)
{
assuan_error_t ae;
void *p;
size_t n;
p = get_membuf (mb, &n);
if (!p)
return out_of_core ();
ae = assuan_send_data (ctx, p, n);
memset (p, 0, n);
xfree (p);
return ae;
}
static void
reset_notify (assuan_context_t ctx)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
memset (ctrl->keygrip, 0, 20);
ctrl->have_keygrip = 0;
ctrl->digest.valuelen = 0;
xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = NULL;
}
/* Check whether the option NAME appears in LINE */
static int
has_option (const char *line, const char *name)
{
const char *s;
int n = strlen (name);
s = strstr (line, name);
return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n)));
}
/* Same as has_option but does only test for the name of the option
and ignores an argument, i.e. with NAME being "--hash" it would
return true for "--hash" as well as for "--hash=foo". */
static int
has_option_name (const char *line, const char *name)
{
const char *s;
int n = strlen (name);
s = strstr (line, name);
return (s && (s == line || spacep (s-1))
&& (!s[n] || spacep (s+n) || s[n] == '='));
}
/* Skip over options. It is assumed that leading spaces have been
removed (this is the case for lines passed to a handler from
assuan). Blanks after the options are also removed. */
static char *
skip_options (char *line)
{
while ( *line == '-' && line[1] == '-' )
{
while (*line && !spacep (line))
line++;
while (spacep (line))
line++;
}
return line;
}
/* Replace all '+' by a blank. */
static void
plus_to_blank (char *s)
{
for (; *s; s++)
{
if (*s == '+')
*s = ' ';
}
}
/* Do the percent and plus/space unescaping in place and return the
length of the valid buffer. */
static size_t
percent_plus_unescape (char *string)
{
unsigned char *p = (unsigned char *)string;
size_t n = 0;
while (*string)
{
if (*string == '%' && string[1] && string[2])
{
string++;
*p++ = xtoi_2 (string);
n++;
string+= 2;
}
else if (*string == '+')
{
*p++ = ' ';
n++;
string++;
}
else
{
*p++ = *string++;
n++;
}
}
return n;
}
/* Parse a hex string. Return an Assuan error code or 0 on success and the
length of the parsed string in LEN. */
static int
parse_hexstring (assuan_context_t ctx, const char *string, size_t *len)
{
const char *p;
size_t n;
/* parse the hash value */
for (p=string, n=0; hexdigitp (p); p++, n++)
;
if (*p != ' ' && *p != '\t' && *p)
return set_error (GPG_ERR_ASS_PARAMETER, "invalid hexstring");
if ((n&1))
return set_error (GPG_ERR_ASS_PARAMETER, "odd number of digits");
*len = n;
return 0;
}
/* Parse the keygrip in STRING into the provided buffer BUF. BUF must
provide space for 20 bytes. BUF is not changed if the function
returns an error. */
static int
parse_keygrip (assuan_context_t ctx, const char *string, unsigned char *buf)
{
int rc;
size_t n;
const unsigned char *p;
rc = parse_hexstring (ctx, string, &n);
if (rc)
return rc;
n /= 2;
if (n != 20)
return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of keygrip");
for (p=(const unsigned char*)string, n=0; n < 20; p += 2, n++)
buf[n] = xtoi_2 (p);
return 0;
}
/* Write an assuan status line. */
gpg_error_t
agent_write_status (ctrl_t ctrl, const char *keyword, ...)
{
gpg_error_t err = 0;
va_list arg_ptr;
const char *text;
assuan_context_t ctx = ctrl->server_local->assuan_ctx;
char buf[950], *p;
size_t n;
va_start (arg_ptr, keyword);
p = buf;
n = 0;
while ( (text = va_arg (arg_ptr, const char *)) )
{
if (n)
{
*p++ = ' ';
n++;
}
for ( ; *text && n < DIM (buf)-2; n++)
*p++ = *text++;
}
*p = 0;
err = assuan_write_status (ctx, keyword, buf);
va_end (arg_ptr);
return err;
}
/* GETEVENTCOUNTER
Return a a status line named EVENTCOUNTER with the current values
of all event counters. The values are decimal numbers in the range
0 to UINT_MAX and wrapping around to 0. The actual values should
not be relied upon, they shall only be used to detect a change.
The currently defined counters are:
ANY - Incremented with any change of any of the other counters.
KEY - Incremented for added or removed private keys.
CARD - Incremented for changes of the card readers stati.
*/
static int
cmd_geteventcounter (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
char any_counter[25];
char key_counter[25];
char card_counter[25];
snprintf (any_counter, sizeof any_counter, "%u", eventcounter.any);
snprintf (key_counter, sizeof key_counter, "%u", eventcounter.key);
snprintf (card_counter, sizeof card_counter, "%u", eventcounter.card);
return agent_write_status (ctrl, "EVENTCOUNTER",
any_counter,
key_counter,
card_counter,
NULL);
}
/* This function should be called once for all key removals or
- additions. Thus function is assured not to do any context
+ additions. This function is assured not to do any context
switches. */
void
bump_key_eventcounter (void)
{
eventcounter.key++;
eventcounter.any++;
}
/* This function should be called for all card reader status
- changes. Thus function is assured not to do any context
+ changes. This function is assured not to do any context
switches. */
void
bump_card_eventcounter (void)
{
eventcounter.card++;
eventcounter.any++;
}
/* ISTRUSTED <hexstring_with_fingerprint>
Return OK when we have an entry with this fingerprint in our
trustlist */
static int
cmd_istrusted (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc, n, i;
char *p;
char fpr[41];
/* Parse the fingerprint value. */
for (p=line,n=0; hexdigitp (p); p++, n++)
;
if (*p || !(n == 40 || n == 32))
return set_error (GPG_ERR_ASS_PARAMETER, "invalid fingerprint");
i = 0;
if (n==32)
{
strcpy (fpr, "00000000");
i += 8;
}
for (p=line; i < 40; p++, i++)
fpr[i] = *p >= 'a'? (*p & 0xdf): *p;
fpr[i] = 0;
rc = agent_istrusted (ctrl, fpr);
if (!rc || gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
return rc;
else if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF )
return gpg_error (GPG_ERR_NOT_TRUSTED);
else
{
log_error ("command is_trusted failed: %s\n", gpg_strerror (rc));
return rc;
}
}
/* LISTTRUSTED
List all entries from the trustlist */
static int
cmd_listtrusted (assuan_context_t ctx, char *line)
{
int rc = agent_listtrusted (ctx);
if (rc)
log_error ("command listtrusted failed: %s\n", gpg_strerror (rc));
return rc;
}
/* MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name>
Store a new key in into the trustlist*/
static int
cmd_marktrusted (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc, n, i;
char *p;
char fpr[41];
int flag;
/* parse the fingerprint value */
for (p=line,n=0; hexdigitp (p); p++, n++)
;
if (!spacep (p) || !(n == 40 || n == 32))
return set_error (GPG_ERR_ASS_PARAMETER, "invalid fingerprint");
i = 0;
if (n==32)
{
strcpy (fpr, "00000000");
i += 8;
}
for (p=line; i < 40; p++, i++)
fpr[i] = *p >= 'a'? (*p & 0xdf): *p;
fpr[i] = 0;
while (spacep (p))
p++;
flag = *p++;
if ( (flag != 'S' && flag != 'P') || !spacep (p) )
return set_error (GPG_ERR_ASS_PARAMETER, "invalid flag - must be P or S");
while (spacep (p))
p++;
rc = agent_marktrusted (ctrl, p, fpr, flag);
if (rc)
log_error ("command marktrusted failed: %s\n", gpg_strerror (rc));
return rc;
}
/* HAVEKEY <hexstring_with_keygrip>
Return success when the secret key is available */
static int
cmd_havekey (assuan_context_t ctx, char *line)
{
int rc;
unsigned char buf[20];
rc = parse_keygrip (ctx, line, buf);
if (rc)
return rc;
if (agent_key_available (buf))
return gpg_error (GPG_ERR_NO_SECKEY);
return 0;
}
/* SIGKEY <hexstring_with_keygrip>
SETKEY <hexstring_with_keygrip>
Set the key used for a sign or decrypt operation */
static int
cmd_sigkey (assuan_context_t ctx, char *line)
{
int rc;
ctrl_t ctrl = assuan_get_pointer (ctx);
rc = parse_keygrip (ctx, line, ctrl->keygrip);
if (rc)
return rc;
ctrl->have_keygrip = 1;
return 0;
}
/* SETKEYDESC plus_percent_escaped_string
Set a description to be used for the next PKSIGN or PKDECRYPT
operation if this operation requires the entry of a passphrase. If
this command is not used a default text will be used. Note, that
this description implictly selects the label used for the entry
box; if the string contains the string PIN (which in general will
not be translated), "PIN" is used, otherwise the translation of
"passphrase" is used. The description string should not contain
blanks unless they are percent or '+' escaped.
The description is only valid for the next PKSIGN or PKDECRYPT
operation.
*/
static int
cmd_setkeydesc (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
char *desc, *p;
for (p=line; *p == ' '; p++)
;
desc = p;
p = strchr (desc, ' ');
if (p)
*p = 0; /* We ignore any garbage; we might late use it for other args. */
if (!desc || !*desc)
return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
/* Note, that we only need to replace the + characters and should
leave the other escaping in place because the escaped string is
send verbatim to the pinentry which does the unescaping (but not
the + replacing) */
plus_to_blank (desc);
xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = xtrystrdup (desc);
if (!ctrl->server_local->keydesc)
return out_of_core ();
return 0;
}
/* SETHASH --hash=<name>|<algonumber> <hexstring>
The client can use this command to tell the server about the data
(which usually is a hash) to be signed. */
static int
cmd_sethash (assuan_context_t ctx, char *line)
{
int rc;
size_t n;
char *p;
ctrl_t ctrl = assuan_get_pointer (ctx);
unsigned char *buf;
char *endp;
int algo;
/* Parse the alternative hash options which may be used instead of
the algo number. */
if (has_option_name (line, "--hash"))
{
if (has_option (line, "--hash=sha1"))
algo = GCRY_MD_SHA1;
else if (has_option (line, "--hash=sha256"))
algo = GCRY_MD_SHA256;
else if (has_option (line, "--hash=rmd160"))
algo = GCRY_MD_RMD160;
else if (has_option (line, "--hash=md5"))
algo = GCRY_MD_MD5;
else if (has_option (line, "--hash=tls-md5sha1"))
algo = GCRY_MD_USER_TLS_MD5SHA1;
else
return set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm");
}
else
algo = 0;
line = skip_options (line);
if (!algo)
{
/* No hash option has been given: require an algo number instead */
algo = (int)strtoul (line, &endp, 10);
for (line = endp; *line == ' ' || *line == '\t'; line++)
;
if (!algo || gcry_md_test_algo (algo))
return set_error (GPG_ERR_UNSUPPORTED_ALGORITHM, NULL);
}
ctrl->digest.algo = algo;
/* Parse the hash value. */
rc = parse_hexstring (ctx, line, &n);
if (rc)
return rc;
n /= 2;
if (algo == GCRY_MD_USER_TLS_MD5SHA1 && n == 36)
;
else if (n != 16 && n != 20 && n != 24 && n != 32)
return set_error (GPG_ERR_ASS_PARAMETER, "unsupported length of hash");
if (n > MAX_DIGEST_LEN)
return set_error (GPG_ERR_ASS_PARAMETER, "hash value to long");
buf = ctrl->digest.value;
ctrl->digest.valuelen = n;
for (p=line, n=0; n < ctrl->digest.valuelen; p += 2, n++)
buf[n] = xtoi_2 (p);
for (; n < ctrl->digest.valuelen; n++)
buf[n] = 0;
return 0;
}
/* PKSIGN <options>
Perform the actual sign operation. Neither input nor output are
sensitive to eavesdropping. */
static int
cmd_pksign (assuan_context_t ctx, char *line)
{
int rc;
cache_mode_t cache_mode = CACHE_MODE_NORMAL;
ctrl_t ctrl = assuan_get_pointer (ctx);
membuf_t outbuf;
if (opt.ignore_cache_for_signing)
cache_mode = CACHE_MODE_IGNORE;
else if (!ctrl->server_local->use_cache_for_signing)
cache_mode = CACHE_MODE_IGNORE;
init_membuf (&outbuf, 512);
rc = agent_pksign (ctrl, ctrl->server_local->keydesc,
&outbuf, cache_mode);
if (rc)
clear_outbuf (&outbuf);
else
rc = write_and_clear_outbuf (ctx, &outbuf);
if (rc)
log_error ("command pksign failed: %s\n", gpg_strerror (rc));
xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = NULL;
return rc;
}
/* PKDECRYPT <options>
Perform the actual decrypt operation. Input is not
sensitive to eavesdropping */
static int
cmd_pkdecrypt (assuan_context_t ctx, char *line)
{
int rc;
ctrl_t ctrl = assuan_get_pointer (ctx);
unsigned char *value;
size_t valuelen;
membuf_t outbuf;
/* First inquire the data to decrypt */
rc = assuan_inquire (ctx, "CIPHERTEXT",
&value, &valuelen, MAXLEN_CIPHERTEXT);
if (rc)
return rc;
init_membuf (&outbuf, 512);
rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc,
value, valuelen, &outbuf);
xfree (value);
if (rc)
clear_outbuf (&outbuf);
else
rc = write_and_clear_outbuf (ctx, &outbuf);
if (rc)
log_error ("command pkdecrypt failed: %s\n", gpg_strerror (rc));
xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = NULL;
return rc;
}
/* GENKEY
Generate a new key, store the secret part and return the public
part. Here is an example transaction:
C: GENKEY
S: INQUIRE KEYPARM
C: D (genkey (rsa (nbits 1024)))
C: END
S: D (public-key
S: D (rsa (n 326487324683264) (e 10001)))
S OK key created
*/
static int
cmd_genkey (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc;
unsigned char *value;
size_t valuelen;
membuf_t outbuf;
/* First inquire the parameters */
rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM);
if (rc)
return rc;
init_membuf (&outbuf, 512);
rc = agent_genkey (ctrl, (char*)value, valuelen, &outbuf);
xfree (value);
if (rc)
clear_outbuf (&outbuf);
else
rc = write_and_clear_outbuf (ctx, &outbuf);
if (rc)
log_error ("command genkey failed: %s\n", gpg_strerror (rc));
return rc;
}
/* READKEY <hexstring_with_keygrip>
Return the public key for the given keygrip. */
static int
cmd_readkey (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc;
unsigned char grip[20];
gcry_sexp_t s_pkey = NULL;
rc = parse_keygrip (ctx, line, grip);
if (rc)
return rc; /* Return immediately as this is already an Assuan error code.*/
rc = agent_public_key_from_file (ctrl, grip, &s_pkey);
if (!rc)
{
size_t len;
unsigned char *buf;
len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len);
buf = xtrymalloc (len);
if (!buf)
rc = gpg_error_from_syserror ();
else
{
len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
rc = assuan_send_data (ctx, buf, len);
xfree (buf);
}
gcry_sexp_release (s_pkey);
}
if (rc)
log_error ("command readkey failed: %s\n", gpg_strerror (rc));
return rc;
}
static int
send_back_passphrase (assuan_context_t ctx, int via_data, const char *pw)
{
size_t n;
int rc;
assuan_begin_confidential (ctx);
n = strlen (pw);
if (via_data)
rc = assuan_send_data (ctx, pw, n);
else
{
char *p = xtrymalloc_secure (n*2+1);
if (!p)
rc = gpg_error_from_syserror ();
else
{
bin2hex (pw, n, p);
rc = assuan_set_okay_line (ctx, p);
xfree (p);
}
}
return rc;
}
/* GET_PASSPHRASE [--data] [--check] <cache_id>
[<error_message> <prompt> <description>]
This function is usually used to ask for a passphrase to be used
for conventional encryption, but may also be used by programs which
need specal handling of passphrases. This command uses a syntax
which helps clients to use the agent with minimum effort. The
agent either returns with an error or with a OK followed by the hex
encoded passphrase. Note that the length of the strings is
implicitly limited by the maximum length of a command.
If the option "--data" is used the passphrase is returned by usual
data lines and not on the okay line.
If the option "--check" is used the passphrase constraints checks as
implemented by gpg-agent are applied. A check is not done if the
passphrase has been found in the cache.
*/
static int
cmd_get_passphrase (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc;
const char *pw;
char *response;
char *cacheid = NULL, *desc = NULL, *prompt = NULL, *errtext = NULL;
char *p;
void *cache_marker;
int opt_data, opt_check;
opt_data = has_option (line, "--data");
opt_check = has_option (line, "--check");
line = skip_options (line);
cacheid = line;
p = strchr (cacheid, ' ');
if (p)
{
*p++ = 0;
while (*p == ' ')
p++;
errtext = p;
p = strchr (errtext, ' ');
if (p)
{
*p++ = 0;
while (*p == ' ')
p++;
prompt = p;
p = strchr (prompt, ' ');
if (p)
{
*p++ = 0;
while (*p == ' ')
p++;
desc = p;
p = strchr (desc, ' ');
if (p)
*p = 0; /* Ignore trailing garbage. */
}
}
}
if (!cacheid || !*cacheid || strlen (cacheid) > 50)
return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID");
if (!desc)
return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
if (!strcmp (cacheid, "X"))
cacheid = NULL;
if (!strcmp (errtext, "X"))
errtext = NULL;
if (!strcmp (prompt, "X"))
prompt = NULL;
if (!strcmp (desc, "X"))
desc = NULL;
pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_NORMAL, &cache_marker)
: NULL;
if (pw)
{
rc = send_back_passphrase (ctx, opt_data, pw);
agent_unlock_cache_entry (&cache_marker);
}
else
{
/* Note, that we only need to replace the + characters and
should leave the other escaping in place because the escaped
string is send verbatim to the pinentry which does the
unescaping (but not the + replacing) */
if (errtext)
plus_to_blank (errtext);
if (prompt)
plus_to_blank (prompt);
if (desc)
plus_to_blank (desc);
response = NULL;
do
{
xfree (response);
rc = agent_get_passphrase (ctrl, &response, desc, prompt, errtext);
}
while (!rc
&& opt_check
&& check_passphrase_constraints (ctrl, response, 0));
if (!rc)
{
if (cacheid)
agent_put_cache (cacheid, CACHE_MODE_USER, response, 0);
rc = send_back_passphrase (ctx, opt_data, response);
xfree (response);
}
}
if (rc)
log_error ("command get_passphrase failed: %s\n", gpg_strerror (rc));
return rc;
}
/* CLEAR_PASSPHRASE <cache_id>
may be used to invalidate the cache entry for a passphrase. The
function returns with OK even when there is no cached passphrase.
*/
static int
cmd_clear_passphrase (assuan_context_t ctx, char *line)
{
char *cacheid = NULL;
char *p;
/* parse the stuff */
for (p=line; *p == ' '; p++)
;
cacheid = p;
p = strchr (cacheid, ' ');
if (p)
*p = 0; /* ignore garbage */
if (!cacheid || !*cacheid || strlen (cacheid) > 50)
return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID");
agent_put_cache (cacheid, CACHE_MODE_USER, NULL, 0);
return 0;
}
/* GET_CONFIRMATION <description>
This command may be used to ask for a simple confirmation.
DESCRIPTION is displayed along with a Okay and Cancel button. This
command uses a syntax which helps clients to use the agent with
minimum effort. The agent either returns with an error or with a
OK. Note, that the length of DESCRIPTION is implicitly limited by
the maximum length of a command. DESCRIPTION should not contain
any spaces, those must be encoded either percent escaped or simply
as '+'.
*/
static int
cmd_get_confirmation (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc;
char *desc = NULL;
char *p;
/* parse the stuff */
for (p=line; *p == ' '; p++)
;
desc = p;
p = strchr (desc, ' ');
if (p)
*p = 0; /* We ignore any garbage -may be later used for other args. */
if (!desc || !*desc)
return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
if (!strcmp (desc, "X"))
desc = NULL;
/* Note, that we only need to replace the + characters and should
leave the other escaping in place because the escaped string is
send verbatim to the pinentry which does the unescaping (but not
the + replacing) */
if (desc)
plus_to_blank (desc);
rc = agent_get_confirmation (ctrl, desc, NULL, NULL);
if (rc)
log_error ("command get_confirmation failed: %s\n", gpg_strerror (rc));
return rc;
}
/* LEARN [--send]
Learn something about the currently inserted smartcard. With
--send the new certificates are send back. */
static int
cmd_learn (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc;
rc = agent_handle_learn (ctrl, has_option (line, "--send")? ctx : NULL);
if (rc)
log_error ("command learn failed: %s\n", gpg_strerror (rc));
return rc;
}
/* PASSWD <hexstring_with_keygrip>
Change the passphrase/PID for the key identified by keygrip in LINE. */
static int
cmd_passwd (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc;
unsigned char grip[20];
gcry_sexp_t s_skey = NULL;
unsigned char *shadow_info = NULL;
rc = parse_keygrip (ctx, line, grip);
if (rc)
goto leave;
ctrl->in_passwd++;
rc = agent_key_from_file (ctrl, ctrl->server_local->keydesc,
grip, &shadow_info, CACHE_MODE_IGNORE, &s_skey);
if (rc)
;
else if (!s_skey)
{
log_error ("changing a smartcard PIN is not yet supported\n");
rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
}
else
rc = agent_protect_and_store (ctrl, s_skey);
ctrl->in_passwd--;
xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = NULL;
leave:
gcry_sexp_release (s_skey);
xfree (shadow_info);
if (rc)
log_error ("command passwd failed: %s\n", gpg_strerror (rc));
return rc;
}
/* PRESET_PASSPHRASE <hexstring_with_keygrip> <timeout> <hexstring>
Set the cached passphrase/PIN for the key identified by the keygrip
to passwd for the given time, where -1 means infinite and 0 means
the default (currently only a timeout of -1 is allowed, which means
to never expire it). If passwd is not provided, ask for it via the
pinentry module. */
static int
cmd_preset_passphrase (assuan_context_t ctx, char *line)
{
int rc;
unsigned char grip[20];
char *grip_clear = NULL;
char *passphrase = NULL;
int ttl;
size_t len;
if (!opt.allow_preset_passphrase)
return gpg_error (GPG_ERR_NOT_SUPPORTED);
rc = parse_keygrip (ctx, line, grip);
if (rc)
return rc;
/* FIXME: parse_keygrip should return a tail pointer. */
grip_clear = line;
while (*line && (*line != ' ' && *line != '\t'))
line++;
if (!*line)
return gpg_error (GPG_ERR_MISSING_VALUE);
*line = '\0';
line++;
while (*line && (*line == ' ' || *line == '\t'))
line++;
/* Currently, only infinite timeouts are allowed. */
ttl = -1;
if (line[0] != '-' || line[1] != '1')
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
line++;
line++;
while (!(*line != ' ' && *line != '\t'))
line++;
/* Syntax check the hexstring. */
rc = parse_hexstring (ctx, line, &len);
if (rc)
return rc;
line[len] = '\0';
/* If there is a passphrase, use it. Currently, a passphrase is
required. */
if (*line)
passphrase = line;
else
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
rc = agent_put_cache (grip_clear, CACHE_MODE_ANY, passphrase, ttl);
if (rc)
log_error ("command preset_passwd failed: %s\n", gpg_strerror (rc));
return rc;
}
/* SCD <commands to pass to the scdaemon>
This is a general quote command to redirect everything to the
SCDAEMON. */
static int
cmd_scd (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc;
rc = divert_generic_cmd (ctrl, line, ctx);
return rc;
}
/* GETVAL <key>
Return the value for KEY from the special environment as created by
PUTVAL.
*/
static int
cmd_getval (assuan_context_t ctx, char *line)
{
int rc = 0;
char *key = NULL;
char *p;
struct putval_item_s *vl;
for (p=line; *p == ' '; p++)
;
key = p;
p = strchr (key, ' ');
if (p)
{
*p++ = 0;
for (; *p == ' '; p++)
;
if (*p)
return set_error (GPG_ERR_ASS_PARAMETER, "too many arguments");
}
if (!key || !*key)
return set_error (GPG_ERR_ASS_PARAMETER, "no key given");
for (vl=putval_list; vl; vl = vl->next)
if ( !strcmp (vl->d, key) )
break;
if (vl) /* Got an entry. */
rc = assuan_send_data (ctx, vl->d+vl->off, vl->len);
else
return gpg_error (GPG_ERR_NO_DATA);
if (rc)
log_error ("command getval failed: %s\n", gpg_strerror (rc));
return rc;
}
/* PUTVAL <key> [<percent_escaped_value>]
The gpg-agent maintains a kind of environment which may be used to
store key/value pairs in it, so that they can be retrieved later.
This may be used by helper daemons to daemonize themself on
invocation and register them with gpg-agent. Callers of the
daemon's service may now first try connect to get the information
for that service from gpg-agent through the GETVAL command and then
try to connect to that daemon. Only if that fails they may start
an own instance of the service daemon.
KEY is an an arbitrary symbol with the same syntax rules as keys
for shell environment variables. PERCENT_ESCAPED_VALUE is the
corresponsing value; they should be similar to the values of
envronment variables but gpg-agent does not enforce any
restrictions. If that value is not given any value under that KEY
is removed from this special environment.
*/
static int
cmd_putval (assuan_context_t ctx, char *line)
{
int rc = 0;
char *key = NULL;
char *value = NULL;
size_t valuelen = 0;
char *p;
struct putval_item_s *vl, *vlprev;
for (p=line; *p == ' '; p++)
;
key = p;
p = strchr (key, ' ');
if (p)
{
*p++ = 0;
for (; *p == ' '; p++)
;
if (*p)
{
value = p;
p = strchr (value, ' ');
if (p)
*p = 0;
valuelen = percent_plus_unescape (value);
}
}
if (!key || !*key)
return set_error (GPG_ERR_ASS_PARAMETER, "no key given");
for (vl=putval_list,vlprev=NULL; vl; vlprev=vl, vl = vl->next)
if ( !strcmp (vl->d, key) )
break;
if (vl) /* Delete old entry. */
{
if (vlprev)
vlprev->next = vl->next;
else
putval_list = vl->next;
xfree (vl);
}
if (valuelen) /* Add entry. */
{
vl = xtrymalloc (sizeof *vl + strlen (key) + valuelen);
if (!vl)
rc = gpg_error_from_syserror ();
else
{
vl->len = valuelen;
vl->off = strlen (key) + 1;
strcpy (vl->d, key);
memcpy (vl->d + vl->off, value, valuelen);
vl->next = putval_list;
putval_list = vl;
}
}
if (rc)
log_error ("command putval failed: %s\n", gpg_strerror (rc));
return rc;
}
/* UPDATESTARTUPTTY
Set startup TTY and X DISPLAY variables to the values of this
session. This command is useful to pull future pinentries to
another screen. It is only required because there is no way in the
ssh-agent protocol to convey this information. */
static int
cmd_updatestartuptty (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
xfree (opt.startup_display); opt.startup_display = NULL;
xfree (opt.startup_ttyname); opt.startup_ttyname = NULL;
xfree (opt.startup_ttytype); opt.startup_ttytype = NULL;
xfree (opt.startup_lc_ctype); opt.startup_lc_ctype = NULL;
xfree (opt.startup_lc_messages); opt.startup_lc_messages = NULL;
xfree (opt.startup_xauthority); opt.startup_xauthority = NULL;
if (ctrl->display)
opt.startup_display = xtrystrdup (ctrl->display);
if (ctrl->ttyname)
opt.startup_ttyname = xtrystrdup (ctrl->ttyname);
if (ctrl->ttytype)
opt.startup_ttytype = xtrystrdup (ctrl->ttytype);
if (ctrl->lc_ctype)
opt.startup_lc_ctype = xtrystrdup (ctrl->lc_ctype);
if (ctrl->lc_messages)
opt.startup_lc_messages = xtrystrdup (ctrl->lc_messages);
if (ctrl->xauthority)
opt.startup_xauthority = xtrystrdup (ctrl->xauthority);
if (ctrl->pinentry_user_data)
opt.startup_pinentry_user_data = xtrystrdup (ctrl->pinentry_user_data);
return 0;
}
#ifdef HAVE_W32_SYSTEM
/* KILLAGENT
Under Windows we start the agent on the fly. Thus it also make
sense to allow a client to stop the agent. */
static int
cmd_killagent (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
ctrl->server_local->stopme = 1;
return 0;
}
/* RELOADAGENT
As signals are inconvenient under Windows, we provide this command
to allow reloading of the configuration. */
static int
cmd_reloadagent (assuan_context_t ctx, char *line)
{
agent_sighup_action ();
return 0;
}
#endif /*HAVE_W32_SYSTEM*/
/* GETINFO <what>
Multipurpose function to return a variety of information.
Supported values for WHAT are:
version - Return the version of the program.
pid - Return the process id of the server.
socket_name - Return the name of the socket.
ssh_socket_name - Return the name of the ssh socket.
*/
static int
cmd_getinfo (assuan_context_t ctx, char *line)
{
int rc = 0;
if (!strcmp (line, "version"))
{
const char *s = VERSION;
rc = assuan_send_data (ctx, s, strlen (s));
}
else if (!strcmp (line, "pid"))
{
char numbuf[50];
snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
}
else if (!strcmp (line, "socket_name"))
{
const char *s = get_agent_socket_name ();
if (s)
rc = assuan_send_data (ctx, s, strlen (s));
else
rc = gpg_error (GPG_ERR_NO_DATA);
}
else if (!strcmp (line, "ssh_socket_name"))
{
const char *s = get_agent_ssh_socket_name ();
if (s)
rc = assuan_send_data (ctx, s, strlen (s));
else
rc = gpg_error (GPG_ERR_NO_DATA);
}
else
rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
return rc;
}
static int
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
if (!strcmp (key, "display"))
{
if (ctrl->display)
free (ctrl->display);
ctrl->display = strdup (value);
if (!ctrl->display)
return out_of_core ();
}
else if (!strcmp (key, "ttyname"))
{
if (!opt.keep_tty)
{
if (ctrl->ttyname)
free (ctrl->ttyname);
ctrl->ttyname = strdup (value);
if (!ctrl->ttyname)
return out_of_core ();
}
}
else if (!strcmp (key, "ttytype"))
{
if (!opt.keep_tty)
{
if (ctrl->ttytype)
free (ctrl->ttytype);
ctrl->ttytype = strdup (value);
if (!ctrl->ttytype)
return out_of_core ();
}
}
else if (!strcmp (key, "lc-ctype"))
{
if (ctrl->lc_ctype)
free (ctrl->lc_ctype);
ctrl->lc_ctype = strdup (value);
if (!ctrl->lc_ctype)
return out_of_core ();
}
else if (!strcmp (key, "lc-messages"))
{
if (ctrl->lc_messages)
free (ctrl->lc_messages);
ctrl->lc_messages = strdup (value);
if (!ctrl->lc_messages)
return out_of_core ();
}
else if (!strcmp (key, "xauthority"))
{
if (ctrl->xauthority)
free (ctrl->xauthority);
ctrl->xauthority = strdup (value);
if (!ctrl->xauthority)
return out_of_core ();
}
else if (!strcmp (key, "pinentry-user-data"))
{
if (ctrl->pinentry_user_data)
free (ctrl->pinentry_user_data);
ctrl->pinentry_user_data = strdup (value);
if (!ctrl->pinentry_user_data)
return out_of_core ();
}
else if (!strcmp (key, "use-cache-for-signing"))
ctrl->server_local->use_cache_for_signing = *value? atoi (value) : 0;
else
return gpg_error (GPG_ERR_UNKNOWN_OPTION);
return 0;
}
/* Called by libassuan after all commands. ERR is the error from the
last assuan operation and not the one returned from the command. */
static void
post_cmd_notify (assuan_context_t ctx, int err)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
/* Switch off any I/O monitor controlled logging pausing. */
ctrl->server_local->pause_io_logging = 0;
}
/* This function is called by libassuan for all I/O. We use it here
to disable logging for the GETEVENTCOUNTER commands. This is so
that the debug output won't get cluttered by this primitive
command. */
static unsigned int
io_monitor (assuan_context_t ctx, int direction,
const char *line, size_t linelen)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
/* Note that we only check for the uppercase name. This allows to
see the logging for debugging if using a non-upercase command
name. */
if (ctx && !direction
&& linelen >= 15
&& !strncmp (line, "GETEVENTCOUNTER", 15)
&& (linelen == 15 || spacep (line+15)))
{
ctrl->server_local->pause_io_logging = 1;
}
return ctrl->server_local->pause_io_logging? 1:0;
}
/* Tell the assuan library about our commands */
static int
register_commands (assuan_context_t ctx)
{
static struct {
const char *name;
int (*handler)(assuan_context_t, char *line);
} table[] = {
{ "GETEVENTCOUNTER",cmd_geteventcounter },
{ "ISTRUSTED", cmd_istrusted },
{ "HAVEKEY", cmd_havekey },
{ "SIGKEY", cmd_sigkey },
{ "SETKEY", cmd_sigkey },
{ "SETKEYDESC", cmd_setkeydesc },
{ "SETHASH", cmd_sethash },
{ "PKSIGN", cmd_pksign },
{ "PKDECRYPT", cmd_pkdecrypt },
{ "GENKEY", cmd_genkey },
{ "READKEY", cmd_readkey },
{ "GET_PASSPHRASE", cmd_get_passphrase },
{ "PRESET_PASSPHRASE", cmd_preset_passphrase },
{ "CLEAR_PASSPHRASE", cmd_clear_passphrase },
{ "GET_CONFIRMATION", cmd_get_confirmation },
{ "LISTTRUSTED", cmd_listtrusted },
{ "MARKTRUSTED", cmd_marktrusted },
{ "LEARN", cmd_learn },
{ "PASSWD", cmd_passwd },
{ "INPUT", NULL },
{ "OUTPUT", NULL },
{ "SCD", cmd_scd },
{ "GETVAL", cmd_getval },
{ "PUTVAL", cmd_putval },
{ "UPDATESTARTUPTTY", cmd_updatestartuptty },
#ifdef HAVE_W32_SYSTEM
{ "KILLAGENT", cmd_killagent },
{ "RELOADAGENT", cmd_reloadagent },
#endif
{ "GETINFO", cmd_getinfo },
{ NULL }
};
int i, rc;
for (i=0; table[i].name; i++)
{
rc = assuan_register_command (ctx, table[i].name, table[i].handler);
if (rc)
return rc;
}
#ifdef HAVE_ASSUAN_SET_IO_MONITOR
assuan_register_post_cmd_notify (ctx, post_cmd_notify);
#endif
assuan_register_reset_notify (ctx, reset_notify);
assuan_register_option_handler (ctx, option_handler);
return 0;
}
/* Startup the server. If LISTEN_FD and FD is given as -1, this is a
simple piper server, otherwise it is a regular server. CTRL is the
control structure for this connection; it has only the basic
intialization. */
void
start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
{
int rc;
assuan_context_t ctx;
if (listen_fd == GNUPG_INVALID_FD && fd == GNUPG_INVALID_FD)
{
int filedes[2];
filedes[0] = 0;
filedes[1] = 1;
rc = assuan_init_pipe_server (&ctx, filedes);
}
else if (listen_fd != GNUPG_INVALID_FD)
{
rc = assuan_init_socket_server_ext (&ctx, listen_fd, 0);
}
else
{
rc = assuan_init_socket_server_ext (&ctx, fd, 2);
}
if (rc)
{
log_error ("failed to initialize the server: %s\n",
gpg_strerror(rc));
agent_exit (2);
}
rc = register_commands (ctx);
if (rc)
{
log_error ("failed to register commands with Assuan: %s\n",
gpg_strerror(rc));
agent_exit (2);
}
assuan_set_pointer (ctx, ctrl);
ctrl->server_local = xcalloc (1, sizeof *ctrl->server_local);
ctrl->server_local->assuan_ctx = ctx;
ctrl->server_local->message_fd = -1;
ctrl->server_local->use_cache_for_signing = 1;
ctrl->digest.raw_value = 0;
if (DBG_ASSUAN)
assuan_set_log_stream (ctx, log_get_stream ());
#ifdef HAVE_ASSUAN_SET_IO_MONITOR
assuan_set_io_monitor (ctx, io_monitor);
#endif
for (;;)
{
rc = assuan_accept (ctx);
if (rc == -1)
{
break;
}
else if (rc)
{
log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
break;
}
rc = assuan_process (ctx);
if (rc)
{
log_info ("Assuan processing failed: %s\n", gpg_strerror (rc));
continue;
}
}
/* Reset the SCD if needed. */
agent_reset_scd (ctrl);
/* Reset the pinentry (in case of popup messages). */
agent_reset_query (ctrl);
/* Cleanup. */
assuan_deinit_server (ctx);
#ifdef HAVE_W32_SYSTEM
if (ctrl->server_local->stopme)
agent_exit (0);
#endif
xfree (ctrl->server_local);
ctrl->server_local = NULL;
}
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index e4d8f3e13..48087db63 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1,1905 +1,1951 @@
/* gpg-agent.c - The GnuPG Agent
* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
* 2006, 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <stdarg.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <time.h>
#include <fcntl.h>
#include <sys/stat.h>
#ifndef HAVE_W32_SYSTEM
# include <sys/socket.h>
# include <sys/un.h>
#endif /*!HAVE_W32_SYSTEM*/
#include <unistd.h>
#include <signal.h>
#include <pth.h>
#define JNLIB_NEED_LOG_LOGV
#include "agent.h"
#include <assuan.h> /* Malloc hooks and socket wrappers. */
#include "i18n.h"
#include "mkdtemp.h" /* Gnulib replacement. */
#include "sysutils.h"
#include "setenv.h"
#include "gc-opt-flags.h"
enum cmd_and_opt_values
{ aNull = 0,
oCsh = 'c',
oQuiet = 'q',
oSh = 's',
oVerbose = 'v',
oNoVerbose = 500,
aGPGConfList,
aGPGConfTest,
oOptions,
oDebug,
oDebugAll,
oDebugLevel,
oDebugWait,
oNoGreeting,
oNoOptions,
oHomedir,
oNoDetach,
oNoGrab,
oLogFile,
oServer,
oDaemon,
oBatch,
oPinentryProgram,
oPinentryTouchFile,
oDisplay,
oTTYname,
oTTYtype,
oLCctype,
oLCmessages,
oXauthority,
oScdaemonProgram,
oDefCacheTTL,
oDefCacheTTLSSH,
oMaxCacheTTL,
oMaxCacheTTLSSH,
oEnforcePassphraseConstraints,
oMinPassphraseLen,
oMinPassphraseNonalpha,
oCheckPassphrasePattern,
oMaxPassphraseDays,
oEnablePassphraseHistory,
oUseStandardSocket,
oNoUseStandardSocket,
oFakedSystemTime,
oIgnoreCacheForSigning,
oAllowMarkTrusted,
oAllowPresetPassphrase,
oKeepTTY,
oKeepDISPLAY,
oSSHSupport,
oDisableScdaemon,
oWriteEnvFile
};
static ARGPARSE_OPTS opts[] = {
{ aGPGConfList, "gpgconf-list", 256, "@" },
{ aGPGConfTest, "gpgconf-test", 256, "@" },
{ 301, NULL, 0, N_("@Options:\n ") },
{ oServer, "server", 0, N_("run in server mode (foreground)") },
{ oDaemon, "daemon", 0, N_("run in daemon mode (background)") },
{ oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
{ oSh, "sh", 0, N_("sh-style command output") },
{ oCsh, "csh", 0, N_("csh-style command output") },
{ oOptions, "options" , 2, N_("|FILE|read options from FILE")},
{ oDebug, "debug" ,4|16, "@"},
{ oDebugAll, "debug-all" ,0, "@"},
{ oDebugLevel, "debug-level" ,2, "@"},
{ oDebugWait,"debug-wait",1, "@"},
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
{ oNoGrab, "no-grab" ,0, N_("do not grab keyboard and mouse")},
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
{ oUseStandardSocket, "use-standard-socket", 0,
N_("use a standard location for the socket")},
{ oNoUseStandardSocket, "no-use-standard-socket", 0, "@"},
{ oPinentryProgram, "pinentry-program", 2 ,
N_("|PGM|use PGM as the PIN-Entry program") },
{ oPinentryTouchFile, "pinentry-touch-file", 2 , "@" },
{ oScdaemonProgram, "scdaemon-program", 2 ,
N_("|PGM|use PGM as the SCdaemon program") },
{ oDisableScdaemon, "disable-scdaemon", 0, N_("do not use the SCdaemon") },
{ oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */
{ oDisplay, "display", 2, "@" },
{ oTTYname, "ttyname", 2, "@" },
{ oTTYtype, "ttytype", 2, "@" },
{ oLCctype, "lc-ctype", 2, "@" },
{ oLCmessages, "lc-messages", 2, "@" },
{ oXauthority, "xauthority", 2, "@" },
{ oKeepTTY, "keep-tty", 0, N_("ignore requests to change the TTY")},
{ oKeepDISPLAY, "keep-display",
0, N_("ignore requests to change the X display")},
{ oDefCacheTTL, "default-cache-ttl", 4,
N_("|N|expire cached PINs after N seconds")},
{ oDefCacheTTLSSH, "default-cache-ttl-ssh", 4, "@" },
{ oMaxCacheTTL, "max-cache-ttl", 4, "@" },
{ oMaxCacheTTLSSH, "max-cache-ttl-ssh", 4, "@" },
{ oEnforcePassphraseConstraints, "enforce-passphrase-constraints", 0, "@"},
{ oMinPassphraseLen, "min-passphrase-len", 4, "@" },
{ oMinPassphraseNonalpha, "min-passphrase-nonalpha", 4, "@" },
{ oCheckPassphrasePattern, "check-passphrase-pattern", 2, "@" },
{ oMaxPassphraseDays, "max-passphrase-days", 4, "@" },
{ oEnablePassphraseHistory, "enable-passphrase-history", 0, "@" },
{ oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
N_("do not use the PIN cache when signing")},
{ oAllowMarkTrusted, "allow-mark-trusted", 0,
N_("allow clients to mark keys as \"trusted\"")},
{ oAllowPresetPassphrase, "allow-preset-passphrase", 0,
N_("allow presetting passphrase")},
{ oSSHSupport, "enable-ssh-support", 0, N_("enable ssh-agent emulation") },
{ oWriteEnvFile, "write-env-file", 2|8,
N_("|FILE|write environment settings also to FILE")},
{0}
};
#define DEFAULT_CACHE_TTL (10*60) /* 10 minutes */
#define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */
#define MAX_CACHE_TTL (120*60) /* 2 hours */
#define MAX_CACHE_TTL_SSH (120*60) /* 2 hours */
#define MIN_PASSPHRASE_LEN (8)
#define MIN_PASSPHRASE_NONALPHA (1)
#define MAX_PASSPHRASE_DAYS (0)
/* The timer tick used for housekeeping stuff. For Windows we use a
longer period as the SetWaitableTimer seems to signal earlier than
the 2 seconds. */
#ifdef HAVE_W32_SYSTEM
#define TIMERTICK_INTERVAL (4)
#else
#define TIMERTICK_INTERVAL (2) /* Seconds. */
#endif
/* flag to indicate that a shutdown was requested */
static int shutdown_pending;
/* It is possible that we are currently running under setuid permissions */
static int maybe_setuid = 1;
/* Name of the communication socket used for native gpg-agent requests. */
static char *socket_name;
/* Name of the communication socket used for ssh-agent-emulation. */
static char *socket_name_ssh;
/* We need to keep track of the server's nonces (these are dummies for
POSIX systems). */
static assuan_sock_nonce_t socket_nonce;
static assuan_sock_nonce_t socket_nonce_ssh;
/* Default values for options passed to the pinentry. */
static char *default_display;
static char *default_ttyname;
static char *default_ttytype;
static char *default_lc_ctype;
static char *default_lc_messages;
static char *default_xauthority;
/* Name of a config file, which will be reread on a HUP if it is not NULL. */
static char *config_filename;
/* Helper to implement --debug-level */
static const char *debug_level;
/* Keep track of the current log file so that we can avoid updating
the log file after a SIGHUP if it didn't changed. Malloced. */
static char *current_logfile;
/* The handle_tick() function may test whether a parent is still
running. We record the PID of the parent here or -1 if it should be
watched. */
static pid_t parent_pid = (pid_t)(-1);
/*
Local prototypes.
*/
static char *create_socket_name (int use_standard_socket,
char *standard_name, char *template);
static gnupg_fd_t create_server_socket (int is_standard_name, char *name,
assuan_sock_nonce_t *nonce);
static void create_directories (void);
static void agent_init_default_ctrl (ctrl_t ctrl);
static void agent_deinit_default_ctrl (ctrl_t ctrl);
static void handle_connections (gnupg_fd_t listen_fd,
gnupg_fd_t listen_fd_ssh);
static int check_for_running_agent (int silent, int mode);
/* Pth wrapper function definitions. */
GCRY_THREAD_OPTION_PTH_IMPL;
static int fixed_gcry_pth_init (void)
{
return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
}
/*
Functions.
*/
static const char *
my_strusage (int level)
{
const char *p;
switch (level)
{
case 11: p = "gpg-agent (GnuPG)";
break;
case 13: p = VERSION; break;
case 17: p = PRINTABLE_OS_NAME; break;
case 19: p = _("Please report bugs to <" PACKAGE_BUGREPORT ">.\n");
break;
case 1:
case 40: p = _("Usage: gpg-agent [options] (-h for help)");
break;
case 41: p = _("Syntax: gpg-agent [options] [command [args]]\n"
"Secret key management for GnuPG\n");
break;
default: p = NULL;
}
return p;
}
/* Setup the debugging. With the global variable DEBUG_LEVEL set to NULL
only the active debug flags are propagated to the subsystems. With
DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding
all flags already set. Note that we don't fail here, because it is
important to keep gpg-agent running even after re-reading the
options due to a SIGHUP. */
static void
set_debug (void)
{
if (!debug_level)
;
else if (!strcmp (debug_level, "none"))
opt.debug = 0;
else if (!strcmp (debug_level, "basic"))
opt.debug = DBG_ASSUAN_VALUE;
else if (!strcmp (debug_level, "advanced"))
opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE;
else if (!strcmp (debug_level, "expert"))
opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE
|DBG_CACHE_VALUE);
else if (!strcmp (debug_level, "guru"))
opt.debug = ~0;
else
{
log_error (_("invalid debug-level `%s' given\n"), debug_level);
opt.debug = 0; /* Reset debugging, so that prior debug
statements won't have an undesired effect. */
}
if (opt.debug && !opt.verbose)
opt.verbose = 1;
if (opt.debug && opt.quiet)
opt.quiet = 0;
if (opt.debug & DBG_MPI_VALUE)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
if (opt.debug & DBG_CRYPTO_VALUE )
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
}
/* Helper for cleanup to remove one socket with NAME. */
static void
remove_socket (char *name)
{
if (name && *name)
{
char *p;
remove (name);
p = strrchr (name, '/');
if (p)
{
*p = 0;
rmdir (name);
*p = '/';
}
*name = 0;
}
}
static void
cleanup (void)
{
remove_socket (socket_name);
remove_socket (socket_name_ssh);
}
/* Handle options which are allowed to be reset after program start.
Return true when the current option in PARGS could be handled and
false if not. As a special feature, passing a value of NULL for
PARGS, resets the options to the default. REREAD should be set
true if it is not the initial option parsing. */
static int
parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
{
if (!pargs)
{ /* reset mode */
opt.quiet = 0;
opt.verbose = 0;
opt.debug = 0;
opt.no_grab = 0;
opt.pinentry_program = NULL;
opt.pinentry_touch_file = NULL;
opt.scdaemon_program = NULL;
opt.def_cache_ttl = DEFAULT_CACHE_TTL;
opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
opt.max_cache_ttl = MAX_CACHE_TTL;
opt.max_cache_ttl_ssh = MAX_CACHE_TTL_SSH;
opt.enforce_passphrase_constraints = 0;
opt.min_passphrase_len = MIN_PASSPHRASE_LEN;
opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
opt.check_passphrase_pattern = NULL;
opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
opt.enable_passhrase_history = 0;
opt.ignore_cache_for_signing = 0;
opt.allow_mark_trusted = 0;
opt.disable_scdaemon = 0;
return 1;
}
switch (pargs->r_opt)
{
case oQuiet: opt.quiet = 1; break;
case oVerbose: opt.verbose++; break;
case oDebug: opt.debug |= pargs->r.ret_ulong; break;
case oDebugAll: opt.debug = ~0; break;
case oDebugLevel: debug_level = pargs->r.ret_str; break;
case oLogFile:
if (!reread)
return 0; /* not handeld */
if (!current_logfile || !pargs->r.ret_str
|| strcmp (current_logfile, pargs->r.ret_str))
{
log_set_file (pargs->r.ret_str);
xfree (current_logfile);
current_logfile = xtrystrdup (pargs->r.ret_str);
}
break;
case oNoGrab: opt.no_grab = 1; break;
case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
case oDisableScdaemon: opt.disable_scdaemon = 1; break;
case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break;
case oEnforcePassphraseConstraints:
opt.enforce_passphrase_constraints=1;
break;
case oMinPassphraseLen: opt.min_passphrase_len = pargs->r.ret_ulong; break;
case oMinPassphraseNonalpha:
opt.min_passphrase_nonalpha = pargs->r.ret_ulong;
break;
case oCheckPassphrasePattern:
opt.check_passphrase_pattern = pargs->r.ret_str;
break;
case oMaxPassphraseDays:
opt.max_passphrase_days = pargs->r.ret_ulong;
break;
case oEnablePassphraseHistory:
opt.enable_passhrase_history = 1;
break;
case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
default:
return 0; /* not handled */
}
return 1; /* handled */
}
/* The main entry point. */
int
main (int argc, char **argv )
{
ARGPARSE_ARGS pargs;
int orig_argc;
int may_coredump;
char **orig_argv;
FILE *configfp = NULL;
char *configname = NULL;
const char *shell;
unsigned configlineno;
int parse_debug = 0;
int default_config =1;
int greeting = 0;
int nogreeting = 0;
int pipe_server = 0;
int is_daemon = 0;
int nodetach = 0;
int csh_style = 0;
char *logfile = NULL;
int debug_wait = 0;
int gpgconf_list = 0;
int standard_socket = 0;
gpg_error_t err;
const char *env_file_name = NULL;
set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
/* Please note that we may running SUID(ROOT), so be very CAREFUL
when adding any stuff between here and the call to INIT_SECMEM()
somewhere after the option parsing */
log_set_prefix ("gpg-agent", JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID);
/* Make sure that our subsystems are ready. */
init_common_subsystems ();
i18n_init ();
/* Libgcrypt requires us to register the threading model first.
Note that this will also do the pth_init. */
gcry_threads_pth.init = fixed_gcry_pth_init;
err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
if (err)
{
log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
gpg_strerror (err));
}
/* Check that the libraries are suitable. Do it here because
the option parsing may need services of the library. */
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
{
log_fatal( _("%s is too old (need %s, have %s)\n"), "libgcrypt",
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
}
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
assuan_set_assuan_log_stream (log_get_stream ());
assuan_set_assuan_log_prefix (log_get_prefix (NULL));
assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT);
setup_libgcrypt_logging ();
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
may_coredump = disable_core_dumps ();
/* Set default options. */
parse_rereadable_options (NULL, 0); /* Reset them to default values. */
#ifdef HAVE_W32_SYSTEM
standard_socket = 1; /* Under Windows we always use a standard
socket. */
#endif
shell = getenv ("SHELL");
if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
csh_style = 1;
opt.homedir = default_homedir ();
/* Record some of the original environment strings. */
opt.startup_display = getenv ("DISPLAY");
if (opt.startup_display)
opt.startup_display = xstrdup (opt.startup_display);
opt.startup_ttyname = ttyname (0);
if (opt.startup_ttyname)
opt.startup_ttyname = xstrdup (opt.startup_ttyname);
opt.startup_ttytype = getenv ("TERM");
if (opt.startup_ttytype)
opt.startup_ttytype = xstrdup (opt.startup_ttytype);
/* Fixme: Better use the locale function here. */
opt.startup_lc_ctype = getenv ("LC_CTYPE");
if (opt.startup_lc_ctype)
opt.startup_lc_ctype = xstrdup (opt.startup_lc_ctype);
opt.startup_lc_messages = getenv ("LC_MESSAGES");
if (opt.startup_lc_messages)
opt.startup_lc_messages = xstrdup (opt.startup_lc_messages);
opt.startup_xauthority = getenv ("XAUTHORITY");
if (opt.startup_xauthority)
opt.startup_xauthority = xstrdup (opt.startup_xauthority);
opt.startup_pinentry_user_data = getenv ("PINENTRY_USER_DATA");
if (opt.startup_pinentry_user_data)
opt.startup_pinentry_user_data = xstrdup (opt.startup_pinentry_user_data);
/* Check whether we have a config file on the commandline */
orig_argc = argc;
orig_argv = argv;
pargs.argc = &argc;
pargs.argv = &argv;
pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
while (arg_parse( &pargs, opts))
{
if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
parse_debug++;
else if (pargs.r_opt == oOptions)
{ /* yes there is one, so we do not try the default one, but
read the option file when it is encountered at the
commandline */
default_config = 0;
}
else if (pargs.r_opt == oNoOptions)
default_config = 0; /* --no-options */
else if (pargs.r_opt == oHomedir)
opt.homedir = pargs.r.ret_str;
}
/* Initialize the secure memory. */
gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
maybe_setuid = 0;
/*
Now we are now working under our real uid
*/
if (default_config)
configname = make_filename (opt.homedir, "gpg-agent.conf", NULL );
argc = orig_argc;
argv = orig_argv;
pargs.argc = &argc;
pargs.argv = &argv;
pargs.flags= 1; /* do not remove the args */
next_pass:
if (configname)
{
configlineno = 0;
configfp = fopen (configname, "r");
if (!configfp)
{
if (default_config)
{
if( parse_debug )
log_info (_("NOTE: no default option file `%s'\n"),
configname );
}
else
{
log_error (_("option file `%s': %s\n"),
configname, strerror(errno) );
exit(2);
}
xfree (configname);
configname = NULL;
}
if (parse_debug && configname )
log_info (_("reading options from `%s'\n"), configname );
default_config = 0;
}
while (optfile_parse( configfp, configname, &configlineno, &pargs, opts) )
{
if (parse_rereadable_options (&pargs, 0))
continue; /* Already handled */
switch (pargs.r_opt)
{
case aGPGConfList: gpgconf_list = 1; break;
case aGPGConfTest: gpgconf_list = 2; break;
case oBatch: opt.batch=1; break;
case oDebugWait: debug_wait = pargs.r.ret_int; break;
case oOptions:
/* config files may not be nested (silently ignore them) */
if (!configfp)
{
xfree(configname);
configname = xstrdup(pargs.r.ret_str);
goto next_pass;
}
break;
case oNoGreeting: nogreeting = 1; break;
case oNoVerbose: opt.verbose = 0; break;
case oNoOptions: break; /* no-options */
case oHomedir: opt.homedir = pargs.r.ret_str; break;
case oNoDetach: nodetach = 1; break;
case oLogFile: logfile = pargs.r.ret_str; break;
case oCsh: csh_style = 1; break;
case oSh: csh_style = 0; break;
case oServer: pipe_server = 1; break;
case oDaemon: is_daemon = 1; break;
case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break;
case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break;
case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str);
case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);
break;
case oUseStandardSocket: standard_socket = 1; break;
case oNoUseStandardSocket: standard_socket = 0; break;
case oFakedSystemTime:
{
time_t faked_time = isotime2epoch (pargs.r.ret_str);
if (faked_time == (time_t)(-1))
faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
gnupg_set_time (faked_time, 0);
}
break;
case oKeepTTY: opt.keep_tty = 1; break;
case oKeepDISPLAY: opt.keep_display = 1; break;
case oSSHSupport: opt.ssh_support = 1; break;
case oWriteEnvFile:
if (pargs.r_type)
env_file_name = pargs.r.ret_str;
else
env_file_name = make_filename ("~/.gpg-agent-info", NULL);
break;
default : pargs.err = configfp? 1:2; break;
}
}
if (configfp)
{
fclose( configfp );
configfp = NULL;
/* Keep a copy of the name so that it can be read on SIGHUP. */
config_filename = configname;
configname = NULL;
goto next_pass;
}
xfree (configname);
configname = NULL;
if (log_get_errorcount(0))
exit(2);
if (nogreeting )
greeting = 0;
if (greeting)
{
fprintf (stderr, "%s %s; %s\n",
strusage(11), strusage(13), strusage(14) );
fprintf (stderr, "%s\n", strusage(15) );
}
#ifdef IS_DEVELOPMENT_VERSION
/* We don't want to print it here because gpg-agent is useful of its
own and quite matured. */
/*log_info ("NOTE: this is a development version!\n");*/
#endif
set_debug ();
if (atexit (cleanup))
{
log_error ("atexit failed\n");
cleanup ();
exit (1);
}
initialize_module_call_pinentry ();
initialize_module_call_scd ();
initialize_module_trustlist ();
/* Try to create missing directories. */
create_directories ();
if (debug_wait && pipe_server)
{
log_debug ("waiting for debugger - my pid is %u .....\n",
(unsigned int)getpid());
gnupg_sleep (debug_wait);
log_debug ("... okay\n");
}
if (gpgconf_list == 2)
agent_exit (0);
if (gpgconf_list)
{
char *filename;
char *filename_esc;
/* List options and default values in the GPG Conf format. */
filename = make_filename (opt.homedir, "gpg-agent.conf", NULL );
filename_esc = percent_escape (filename, NULL);
printf ("gpgconf-gpg-agent.conf:%lu:\"%s\n",
GC_OPT_FLAG_DEFAULT, filename_esc);
xfree (filename);
xfree (filename_esc);
printf ("verbose:%lu:\n"
"quiet:%lu:\n"
"debug-level:%lu:\"none:\n"
"log-file:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME );
printf ("default-cache-ttl:%lu:%d:\n",
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL );
printf ("default-cache-ttl-ssh:%lu:%d:\n",
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL_SSH );
printf ("max-cache-ttl:%lu:%d:\n",
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL );
printf ("max-cache-ttl-ssh:%lu:%d:\n",
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH );
printf ("enforce-passphrase-constraints:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("min-passphrase-len:%lu:%d:\n",
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN );
printf ("min-passphrase-nonalpha:%lu:%d:\n",
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
MIN_PASSPHRASE_NONALPHA);
printf ("check-passphrase-pattern:%lu:\n",
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
printf ("max-passphrase-days:%lu:%d:\n",
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
MAX_PASSPHRASE_DAYS);
printf ("enable-passphrase-history:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("no-grab:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("ignore-cache-for-signing:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("allow-mark-trusted:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("disable-scdaemon:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
agent_exit (0);
}
/* If this has been called without any options, we merely check
whether an agent is already running. We do this here so that we
don't clobber a logfile but print it directly to stderr. */
if (!pipe_server && !is_daemon)
{
log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX);
check_for_running_agent (0, 0);
agent_exit (0);
}
#ifdef ENABLE_NLS
/* gpg-agent usually does not output any messages because it runs in
the background. For log files it is acceptable to have messages
always encoded in utf-8. We switch here to utf-8, so that
commands like --help still give native messages. It is far
easier to switch only once instead of for every message and it
actually helps when more then one thread is active (avoids an
extra copy step). */
bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
#endif
/* Now start with logging to a file if this is desired. */
if (logfile)
{
log_set_file (logfile);
log_set_prefix (NULL, (JNLIB_LOG_WITH_PREFIX
|JNLIB_LOG_WITH_TIME
|JNLIB_LOG_WITH_PID));
current_logfile = xstrdup (logfile);
}
/* Make sure that we have a default ttyname. */
if (!default_ttyname && ttyname (1))
default_ttyname = xstrdup (ttyname (1));
if (!default_ttytype && getenv ("TERM"))
default_ttytype = xstrdup (getenv ("TERM"));
if (pipe_server)
{
/* This is the simple pipe based server */
ctrl_t ctrl;
ctrl = xtrycalloc (1, sizeof *ctrl);
if (!ctrl)
{
log_error ("error allocating connection control data: %s\n",
strerror (errno) );
agent_exit (1);
}
agent_init_default_ctrl (ctrl);
start_command_handler (ctrl, GNUPG_INVALID_FD, GNUPG_INVALID_FD);
agent_deinit_default_ctrl (ctrl);
xfree (ctrl);
}
else if (!is_daemon)
; /* NOTREACHED */
else
{ /* Regular server mode */
gnupg_fd_t fd;
gnupg_fd_t fd_ssh;
pid_t pid;
/* Remove the DISPLAY variable so that a pinentry does not
default to a specific display. There is still a default
display when gpg-agent was started using --display or a
client requested this using an OPTION command. Note, that we
don't do this when running in reverse daemon mode (i.e. when
exec the program given as arguments). */
#ifndef HAVE_W32_SYSTEM
if (!opt.keep_display && !argc)
unsetenv ("DISPLAY");
#endif
/* Create the sockets. */
socket_name = create_socket_name (standard_socket,
"S.gpg-agent",
"/tmp/gpg-XXXXXX/S.gpg-agent");
if (opt.ssh_support)
socket_name_ssh = create_socket_name (standard_socket,
"S.gpg-agent.ssh",
"/tmp/gpg-XXXXXX/S.gpg-agent.ssh");
fd = create_server_socket (standard_socket, socket_name,
&socket_nonce);
if (opt.ssh_support)
fd_ssh = create_server_socket (standard_socket, socket_name_ssh,
&socket_nonce_ssh);
else
fd_ssh = GNUPG_INVALID_FD;
/* If we are going to exec a program in the parent, we record
the PID, so that the child may check whether the program is
still alive. */
if (argc)
parent_pid = getpid ();
fflush (NULL);
#ifdef HAVE_W32_SYSTEM
pid = getpid ();
printf ("set GPG_AGENT_INFO=%s;%lu;1\n", socket_name, (ulong)pid);
#else /*!HAVE_W32_SYSTEM*/
pid = fork ();
if (pid == (pid_t)-1)
{
log_fatal ("fork failed: %s\n", strerror (errno) );
exit (1);
}
else if (pid)
{ /* We are the parent */
char *infostr, *infostr_ssh_sock, *infostr_ssh_pid;
close (fd);
/* Create the info string: <name>:<pid>:<protocol_version> */
if (asprintf (&infostr, "GPG_AGENT_INFO=%s:%lu:1",
socket_name, (ulong)pid ) < 0)
{
log_error ("out of core\n");
kill (pid, SIGTERM);
exit (1);
}
if (opt.ssh_support)
{
if (asprintf (&infostr_ssh_sock, "SSH_AUTH_SOCK=%s",
socket_name_ssh) < 0)
{
log_error ("out of core\n");
kill (pid, SIGTERM);
exit (1);
}
if (asprintf (&infostr_ssh_pid, "SSH_AGENT_PID=%u",
pid) < 0)
{
log_error ("out of core\n");
kill (pid, SIGTERM);
exit (1);
}
}
*socket_name = 0; /* Don't let cleanup() remove the socket -
the child should do this from now on */
if (opt.ssh_support)
*socket_name_ssh = 0;
if (env_file_name)
{
FILE *fp;
fp = fopen (env_file_name, "w");
if (!fp)
log_error (_("error creating `%s': %s\n"),
env_file_name, strerror (errno));
else
{
fputs (infostr, fp);
putc ('\n', fp);
if (opt.ssh_support)
{
fputs (infostr_ssh_sock, fp);
putc ('\n', fp);
fputs (infostr_ssh_pid, fp);
putc ('\n', fp);
}
fclose (fp);
}
}
if (argc)
{ /* Run the program given on the commandline. */
if (putenv (infostr))
{
log_error ("failed to set environment: %s\n",
strerror (errno) );
kill (pid, SIGTERM );
exit (1);
}
if (opt.ssh_support && putenv (infostr_ssh_sock))
{
log_error ("failed to set environment: %s\n",
strerror (errno) );
kill (pid, SIGTERM );
exit (1);
}
if (opt.ssh_support && putenv (infostr_ssh_pid))
{
log_error ("failed to set environment: %s\n",
strerror (errno) );
kill (pid, SIGTERM );
exit (1);
}
execvp (argv[0], argv);
log_error ("failed to run the command: %s\n", strerror (errno));
kill (pid, SIGTERM);
exit (1);
}
else
{
/* Print the environment string, so that the caller can use
shell's eval to set it */
if (csh_style)
{
*strchr (infostr, '=') = ' ';
printf ("setenv %s\n", infostr);
if (opt.ssh_support)
{
*strchr (infostr_ssh_sock, '=') = ' ';
printf ("setenv %s\n", infostr_ssh_sock);
*strchr (infostr_ssh_pid, '=') = ' ';
printf ("setenv %s\n", infostr_ssh_pid);
}
}
else
{
printf ( "%s; export GPG_AGENT_INFO;\n", infostr);
if (opt.ssh_support)
{
printf ("%s; export SSH_AUTH_SOCK;\n", infostr_ssh_sock);
printf ("%s; export SSH_AGENT_PID;\n", infostr_ssh_pid);
}
}
free (infostr); /* (Note that a vanilla free is here correct.) */
if (opt.ssh_support)
{
free (infostr_ssh_sock);
free (infostr_ssh_pid);
}
exit (0);
}
/*NOTREACHED*/
} /* End parent */
/*
This is the child
*/
/* Detach from tty and put process into a new session */
if (!nodetach )
{
int i;
unsigned int oldflags;
/* Close stdin, stdout and stderr unless it is the log stream */
for (i=0; i <= 2; i++)
{
if (!log_test_fd (i) && i != fd )
{
if ( ! close (i)
&& open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1)
{
log_error ("failed to open `%s': %s\n",
"/dev/null", strerror (errno));
cleanup ();
exit (1);
}
}
}
if (setsid() == -1)
{
log_error ("setsid() failed: %s\n", strerror(errno) );
cleanup ();
exit (1);
}
log_get_prefix (&oldflags);
log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED);
opt.running_detached = 1;
}
if (chdir("/"))
{
log_error ("chdir to / failed: %s\n", strerror (errno));
exit (1);
}
{
struct sigaction sa;
sa.sa_handler = SIG_IGN;
sigemptyset (&sa.sa_mask);
sa.sa_flags = 0;
sigaction (SIGPIPE, &sa, NULL);
}
#endif /*!HAVE_W32_SYSTEM*/
handle_connections (fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD);
assuan_sock_close (fd);
}
return 0;
}
void
agent_exit (int rc)
{
/*FIXME: update_random_seed_file();*/
#if 1
/* at this time a bit annoying */
if (opt.debug & DBG_MEMSTAT_VALUE)
{
gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
}
if (opt.debug)
gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
#endif
gcry_control (GCRYCTL_TERM_SECMEM );
rc = rc? rc : log_get_errorcount(0)? 2 : 0;
exit (rc);
}
static void
agent_init_default_ctrl (ctrl_t ctrl)
{
/* Note we ignore malloc errors because we can't do much about it
and the request will fail anyway shortly after this
initialization. */
if (ctrl->display)
free (ctrl->display);
ctrl->display = default_display? strdup (default_display) : NULL;
if (ctrl->ttyname)
free (ctrl->ttyname);
ctrl->ttyname = default_ttyname? strdup (default_ttyname) : NULL;
if (ctrl->ttytype)
free (ctrl->ttytype);
ctrl->ttytype = default_ttytype? strdup (default_ttytype) : NULL;
if (ctrl->lc_ctype)
free (ctrl->lc_ctype);
ctrl->lc_ctype = default_lc_ctype? strdup (default_lc_ctype) : NULL;
if (ctrl->lc_messages)
free (ctrl->lc_messages);
ctrl->lc_messages = default_lc_messages? strdup (default_lc_messages) : NULL;
if (ctrl->xauthority)
free (ctrl->xauthority);
ctrl->xauthority = default_xauthority? strdup (default_xauthority) : NULL;
if (ctrl->pinentry_user_data)
free (ctrl->pinentry_user_data);
ctrl->pinentry_user_data = NULL;
}
static void
agent_deinit_default_ctrl (ctrl_t ctrl)
{
if (ctrl->display)
free (ctrl->display);
if (ctrl->ttyname)
free (ctrl->ttyname);
if (ctrl->ttytype)
free (ctrl->ttytype);
if (ctrl->lc_ctype)
free (ctrl->lc_ctype);
if (ctrl->lc_messages)
free (ctrl->lc_messages);
if (ctrl->xauthority)
free (ctrl->xauthority);
if (ctrl->pinentry_user_data)
free (ctrl->pinentry_user_data);
}
/* Reread parts of the configuration. Note, that this function is
obviously not thread-safe and should only be called from the PTH
signal handler.
Fixme: Due to the way the argument parsing works, we create a
memory leak here for all string type arguments. There is currently
no clean way to tell whether the memory for the argument has been
allocated or points into the process' original arguments. Unless
we have a mechanism to tell this, we need to live on with this. */
static void
reread_configuration (void)
{
ARGPARSE_ARGS pargs;
FILE *fp;
unsigned int configlineno = 0;
int dummy;
if (!config_filename)
return; /* No config file. */
fp = fopen (config_filename, "r");
if (!fp)
{
log_error (_("option file `%s': %s\n"),
config_filename, strerror(errno) );
return;
}
parse_rereadable_options (NULL, 1); /* Start from the default values. */
memset (&pargs, 0, sizeof pargs);
dummy = 0;
pargs.argc = &dummy;
pargs.flags = 1; /* do not remove the args */
while (optfile_parse (fp, config_filename, &configlineno, &pargs, opts) )
{
if (pargs.r_opt < -1)
pargs.err = 1; /* Print a warning. */
else /* Try to parse this option - ignore unchangeable ones. */
parse_rereadable_options (&pargs, 1);
}
fclose (fp);
set_debug ();
}
/* Return the file name of the socket we are using for native
requests. */
const char *
get_agent_socket_name (void)
{
const char *s = socket_name;
return (s && *s)? s : NULL;
}
/* Return the file name of the socket we are using for SSH
requests. */
const char *
get_agent_ssh_socket_name (void)
{
const char *s = socket_name_ssh;
return (s && *s)? s : NULL;
}
+/* Under W32, this function returns the handle of the scdaemon
+ notification event. Calling it the first time creates that
+ event. */
+#ifdef HAVE_W32_SYSTEM
+void *
+get_agent_scd_notify_event (void)
+{
+ static HANDLE the_event;
+
+ if (!the_event)
+ {
+ SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
+
+ the_event = CreateEvent ( &sa, FALSE, FALSE, NULL);
+ if (!the_event)
+ log_error ("can't create scd notify event: %s\n", w32_strerror (-1) );
+ }
+ return the_event;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
/* Create a name for the socket. With USE_STANDARD_SOCKET given as
true using STANDARD_NAME in the home directory or if given as
false from the mkdir type name TEMPLATE. In the latter case a
unique name in a unique new directory will be created. In both
cases check for valid characters as well as against a maximum
allowed length for a unix domain socket is done. The function
terminates the process in case of an error. Returns: Pointer to an
allocated string with the absolute name of the socket used. */
static char *
create_socket_name (int use_standard_socket,
char *standard_name, char *template)
{
char *name, *p;
if (use_standard_socket)
name = make_filename (opt.homedir, standard_name, NULL);
else
{
name = xstrdup (template);
p = strrchr (name, '/');
if (!p)
BUG ();
*p = 0;
if (!mkdtemp (name))
{
log_error (_("can't create directory `%s': %s\n"),
name, strerror (errno));
agent_exit (2);
}
*p = '/';
}
if (strchr (name, PATHSEP_C))
{
log_error (("`%s' are not allowed in the socket name\n"), PATHSEP_S);
agent_exit (2);
}
if (strlen (name) + 1 >= DIMof (struct sockaddr_un, sun_path) )
{
log_error (_("name of socket too long\n"));
agent_exit (2);
}
return name;
}
/* Create a Unix domain socket with NAME. IS_STANDARD_NAME indicates
whether a non-random socket is used. Returns the file descriptor or
terminates the process in case of an error. */
static gnupg_fd_t
create_server_socket (int is_standard_name, char *name,
assuan_sock_nonce_t *nonce)
{
struct sockaddr_un *serv_addr;
socklen_t len;
gnupg_fd_t fd;
int rc;
fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
if (fd == ASSUAN_INVALID_FD)
{
log_error (_("can't create socket: %s\n"), strerror (errno));
agent_exit (2);
}
serv_addr = xmalloc (sizeof (*serv_addr));
memset (serv_addr, 0, sizeof *serv_addr);
serv_addr->sun_family = AF_UNIX;
if (strlen (name) + 1 >= sizeof (serv_addr->sun_path))
{
log_error (_("socket name `%s' is too long\n"), name);
agent_exit (2);
}
strcpy (serv_addr->sun_path, name);
len = (offsetof (struct sockaddr_un, sun_path)
+ strlen (serv_addr->sun_path) + 1);
rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
if (is_standard_name && rc == -1 && errno == EADDRINUSE)
{
if (!check_for_running_agent (1, 1))
{
log_error (_("a gpg-agent is already running - "
"not starting a new one\n"));
*name = 0; /* Inhibit removal of the socket by cleanup(). */
assuan_sock_close (fd);
agent_exit (2);
}
remove (name);
rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
}
if (rc != -1
&& (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce)))
log_error (_("error getting nonce for the socket\n"));
if (rc == -1)
{
/* We use gpg_strerror here because it allows us to get strings
for some W32 socket error codes. */
log_error (_("error binding socket to `%s': %s\n"),
serv_addr->sun_path,
gpg_strerror (gpg_error_from_errno (errno)));
assuan_sock_close (fd);
if (is_standard_name)
*name = 0; /* Inhibit removal of the socket by cleanup(). */
agent_exit (2);
}
if (listen (FD2INT(fd), 5 ) == -1)
{
log_error (_("listen() failed: %s\n"), strerror (errno));
assuan_sock_close (fd);
agent_exit (2);
}
if (opt.verbose)
log_info (_("listening on socket `%s'\n"), serv_addr->sun_path);
return fd;
}
/* Check that the directory for storing the private keys exists and
create it if not. This function won't fail as it is only a
convenience function and not strictly necessary. */
static void
create_private_keys_directory (const char *home)
{
char *fname;
struct stat statbuf;
fname = make_filename (home, GNUPG_PRIVATE_KEYS_DIR, NULL);
if (stat (fname, &statbuf) && errno == ENOENT)
{
#ifdef HAVE_W32_SYSTEM /*FIXME: Setup proper permissions. */
if (!CreateDirectory (fname, NULL))
log_error (_("can't create directory `%s': %s\n"),
fname, w32_strerror (-1) );
#else
if (mkdir (fname, S_IRUSR|S_IWUSR|S_IXUSR ))
log_error (_("can't create directory `%s': %s\n"),
fname, strerror (errno) );
#endif
else if (!opt.quiet)
log_info (_("directory `%s' created\n"), fname);
}
xfree (fname);
}
/* Create the directory only if the supplied directory name is the
same as the default one. This way we avoid to create arbitrary
directories when a non-default home directory is used. To cope
with HOME, we compare only the suffix if we see that the default
homedir does start with a tilde. We don't stop here in case of
problems because other functions will throw an error anyway.*/
static void
create_directories (void)
{
struct stat statbuf;
const char *defhome = standard_homedir ();
char *home;
home = make_filename (opt.homedir, NULL);
if ( stat (home, &statbuf) )
{
if (errno == ENOENT)
{
if (
#ifdef HAVE_W32_SYSTEM
( !compare_filenames (home, defhome) )
#else
(*defhome == '~'
&& (strlen (home) >= strlen (defhome+1)
&& !strcmp (home + strlen(home)
- strlen (defhome+1), defhome+1)))
|| (*defhome != '~' && !strcmp (home, defhome) )
#endif
)
{
#ifdef HAVE_W32_SYSTEM
if (!CreateDirectory (home, NULL))
log_error (_("can't create directory `%s': %s\n"),
home, w32_strerror (-1) );
#else
if (mkdir (home, S_IRUSR|S_IWUSR|S_IXUSR ))
log_error (_("can't create directory `%s': %s\n"),
home, strerror (errno) );
#endif
else
{
if (!opt.quiet)
log_info (_("directory `%s' created\n"), home);
create_private_keys_directory (home);
}
}
}
else
log_error (_("stat() failed for `%s': %s\n"), home, strerror (errno));
}
else if ( !S_ISDIR(statbuf.st_mode))
{
log_error (_("can't use `%s' as home directory\n"), home);
}
else /* exists and is a directory. */
{
create_private_keys_directory (home);
}
xfree (home);
}
/* This is the worker for the ticker. It is called every few seconds
and may only do fast operations. */
static void
handle_tick (void)
{
/* Check whether the scdaemon has died and cleanup in this case. */
agent_scd_check_aliveness ();
/* If we are running as a child of another process, check whether
the parent is still alive and shutdown if not. */
#ifndef HAVE_W32_SYSTEM
if (parent_pid != (pid_t)(-1))
{
if (kill (parent_pid, 0))
{
shutdown_pending = 2;
log_info ("parent process died - shutting down\n");
log_info ("%s %s stopped\n", strusage(11), strusage(13) );
cleanup ();
agent_exit (0);
}
}
#endif /*HAVE_W32_SYSTEM*/
}
-/* A global fucntion which allows us to call the reload stuff from
- other palces too. This is only used when build for W32. */
+/* A global function which allows us to call the reload stuff from
+ other places too. This is only used when build for W32. */
void
agent_sighup_action (void)
{
+ log_info ("SIGHUP received - "
+ "re-reading configuration and flushing cache\n");
agent_flush_cache ();
reread_configuration ();
agent_reload_trustlist ();
}
+static void
+agent_sigusr2_action (void)
+{
+ if (opt.verbose)
+ log_info ("SIGUSR2 received - checking smartcard status\n");
+ /* Nothing to check right now. We only increment a counter. */
+ bump_card_eventcounter ();
+}
+
+
static void
handle_signal (int signo)
{
switch (signo)
{
#ifndef HAVE_W32_SYSTEM
case SIGHUP:
- log_info ("SIGHUP received - "
- "re-reading configuration and flushing cache\n");
agent_sighup_action ();
break;
case SIGUSR1:
log_info ("SIGUSR1 received - printing internal information:\n");
pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ());
agent_query_dump_state ();
agent_scd_dump_state ();
break;
case SIGUSR2:
- if (opt.verbose)
- log_info ("SIGUSR2 received - checking smartcard status\n");
- /* Nothing to check right now. We only increment a counter. */
- bump_card_eventcounter ();
+ agent_sigusr2_action ();
break;
case SIGTERM:
if (!shutdown_pending)
log_info ("SIGTERM received - shutting down ...\n");
else
log_info ("SIGTERM received - still %ld running threads\n",
pth_ctrl( PTH_CTRL_GETTHREADS ));
shutdown_pending++;
if (shutdown_pending > 2)
{
log_info ("shutdown forced\n");
log_info ("%s %s stopped\n", strusage(11), strusage(13) );
cleanup ();
agent_exit (0);
}
break;
case SIGINT:
log_info ("SIGINT received - immediate shutdown\n");
log_info( "%s %s stopped\n", strusage(11), strusage(13));
cleanup ();
agent_exit (0);
break;
#endif
default:
log_info ("signal %d received - no action defined\n", signo);
}
}
/* Check the nonce on a new connection. This is a NOP unless we we
are using our Unix domain socket emulation under Windows. */
static int
check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
{
if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce))
{
log_info (_("error reading nonce on fd %d: %s\n"),
FD2INT(ctrl->thread_startup.fd), strerror (errno));
assuan_sock_close (ctrl->thread_startup.fd);
xfree (ctrl);
return -1;
}
else
return 0;
}
/* This is the standard connection thread's main function. */
static void *
start_connection_thread (void *arg)
{
ctrl_t ctrl = arg;
if (check_nonce (ctrl, &socket_nonce))
return NULL;
agent_init_default_ctrl (ctrl);
if (opt.verbose)
log_info (_("handler 0x%lx for fd %d started\n"),
(long)pth_self (), FD2INT(ctrl->thread_startup.fd));
start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd);
if (opt.verbose)
log_info (_("handler 0x%lx for fd %d terminated\n"),
(long)pth_self (), FD2INT(ctrl->thread_startup.fd));
agent_deinit_default_ctrl (ctrl);
xfree (ctrl);
return NULL;
}
/* This is the ssh connection thread's main function. */
static void *
start_connection_thread_ssh (void *arg)
{
ctrl_t ctrl = arg;
if (check_nonce (ctrl, &socket_nonce_ssh))
return NULL;
agent_init_default_ctrl (ctrl);
if (opt.verbose)
log_info (_("ssh handler 0x%lx for fd %d started\n"),
(long)pth_self (), FD2INT(ctrl->thread_startup.fd));
start_command_handler_ssh (ctrl, ctrl->thread_startup.fd);
if (opt.verbose)
log_info (_("ssh handler 0x%lx for fd %d terminated\n"),
(long)pth_self (), FD2INT(ctrl->thread_startup.fd));
agent_deinit_default_ctrl (ctrl);
xfree (ctrl);
return NULL;
}
/* Connection handler loop. Wait for connection requests and spawn a
thread after accepting a connection. */
static void
handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh)
{
pth_attr_t tattr;
pth_event_t ev, time_ev;
sigset_t sigs;
int signo;
struct sockaddr_un paddr;
socklen_t plen;
fd_set fdset, read_fdset;
int ret;
gnupg_fd_t fd;
int nfd;
tattr = pth_attr_new();
pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024);
#ifndef HAVE_W32_SYSTEM /* fixme */
/* Make sure that the signals we are going to handle are not blocked
and create an event object for them. */
sigemptyset (&sigs );
sigaddset (&sigs, SIGHUP);
sigaddset (&sigs, SIGUSR1);
sigaddset (&sigs, SIGUSR2);
sigaddset (&sigs, SIGINT);
sigaddset (&sigs, SIGTERM);
pth_sigmask (SIG_UNBLOCK, &sigs, NULL);
ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
#else
+# ifdef PTH_EVENT_HANDLE
+ sigs = 0;
+ ev = pth_event (PTH_EVENT_HANDLE, get_agent_scd_notify_event ());
+ signo = 0;
+# else
+ /* Use a dummy event. */
sigs = 0;
ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
+# endif
#endif
time_ev = NULL;
FD_ZERO (&fdset);
FD_SET (FD2INT (listen_fd), &fdset);
nfd = FD2INT (listen_fd);
if (listen_fd_ssh != GNUPG_INVALID_FD)
{
FD_SET ( FD2INT(listen_fd_ssh), &fdset);
if (FD2INT (listen_fd_ssh) > nfd)
nfd = FD2INT (listen_fd_ssh);
}
for (;;)
{
sigset_t oldsigs;
if (shutdown_pending)
{
if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)
break; /* ready */
/* Do not accept anymore connections and wait for existing
connections to terminate */
signo = 0;
pth_wait (ev);
if (pth_event_occurred (ev) && signo)
handle_signal (signo);
continue;
}
/* Create a timeout event if needed. */
if (!time_ev)
time_ev = pth_event (PTH_EVENT_TIME,
pth_timeout (TIMERTICK_INTERVAL, 0));
/* POSIX says that fd_set should be implemented as a structure,
thus a simple assignment is fine to copy the entire set. */
read_fdset = fdset;
if (time_ev)
pth_event_concat (ev, time_ev, NULL);
ret = pth_select_ev (nfd+1, &read_fdset, NULL, NULL, NULL, ev);
if (time_ev)
pth_event_isolate (time_ev);
if (ret == -1)
{
if (pth_event_occurred (ev)
|| (time_ev && pth_event_occurred (time_ev)))
{
if (pth_event_occurred (ev))
- handle_signal (signo);
+ {
+#if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE)
+ agent_sigusr2_action ();
+#else
+ handle_signal (signo);
+#endif
+ }
if (time_ev && pth_event_occurred (time_ev))
{
pth_event_free (time_ev, PTH_FREE_ALL);
time_ev = NULL;
handle_tick ();
}
continue;
}
log_error (_("pth_select failed: %s - waiting 1s\n"),
strerror (errno));
pth_sleep (1);
continue;
}
if (pth_event_occurred (ev))
{
+#if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE)
+ agent_sigusr2_action ();
+#else
handle_signal (signo);
+#endif
}
if (time_ev && pth_event_occurred (time_ev))
{
pth_event_free (time_ev, PTH_FREE_ALL);
time_ev = NULL;
handle_tick ();
}
/* We now might create new threads and because we don't want any
signals (as we are handling them here) to be delivered to a
new thread. Thus we need to block those signals. */
pth_sigmask (SIG_BLOCK, &sigs, &oldsigs);
if (FD_ISSET (FD2INT (listen_fd), &read_fdset))
{
ctrl_t ctrl;
plen = sizeof paddr;
fd = INT2FD (pth_accept (FD2INT(listen_fd),
(struct sockaddr *)&paddr, &plen));
if (fd == GNUPG_INVALID_FD)
{
log_error ("accept failed: %s\n", strerror (errno));
}
else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) )
{
log_error ("error allocating connection control data: %s\n",
strerror (errno) );
assuan_sock_close (fd);
}
else
{
char threadname[50];
snprintf (threadname, sizeof threadname-1,
"conn fd=%d (gpg)", FD2INT(fd));
threadname[sizeof threadname -1] = 0;
pth_attr_set (tattr, PTH_ATTR_NAME, threadname);
ctrl->thread_startup.fd = fd;
if (!pth_spawn (tattr, start_connection_thread, ctrl))
{
log_error ("error spawning connection handler: %s\n",
strerror (errno) );
assuan_sock_close (fd);
xfree (ctrl);
}
}
fd = GNUPG_INVALID_FD;
}
if (listen_fd_ssh != GNUPG_INVALID_FD
&& FD_ISSET ( FD2INT (listen_fd_ssh), &read_fdset))
{
ctrl_t ctrl;
plen = sizeof paddr;
fd = INT2FD(pth_accept (FD2INT(listen_fd_ssh),
(struct sockaddr *)&paddr, &plen));
if (fd == GNUPG_INVALID_FD)
{
log_error ("accept failed for ssh: %s\n", strerror (errno));
}
else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) )
{
log_error ("error allocating connection control data: %s\n",
strerror (errno) );
assuan_sock_close (fd);
}
else
{
char threadname[50];
agent_init_default_ctrl (ctrl);
snprintf (threadname, sizeof threadname-1,
"conn fd=%d (ssh)", FD2INT(fd));
threadname[sizeof threadname -1] = 0;
pth_attr_set (tattr, PTH_ATTR_NAME, threadname);
ctrl->thread_startup.fd = fd;
if (!pth_spawn (tattr, start_connection_thread_ssh, ctrl) )
{
log_error ("error spawning ssh connection handler: %s\n",
strerror (errno) );
assuan_sock_close (fd);
xfree (ctrl);
}
}
fd = GNUPG_INVALID_FD;
}
/* Restore the signal mask. */
pth_sigmask (SIG_SETMASK, &oldsigs, NULL);
}
pth_event_free (ev, PTH_FREE_ALL);
if (time_ev)
pth_event_free (time_ev, PTH_FREE_ALL);
cleanup ();
log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
}
/* Figure out whether an agent is available and running. Prints an
error if not. If SILENT is true, no mesdsages are printed. Usually
started with MODE 0. Returns 0 if the agent is running. */
static int
check_for_running_agent (int silent, int mode)
{
int rc;
char *infostr, *p;
assuan_context_t ctx;
int prot, pid;
if (!mode)
{
infostr = getenv ("GPG_AGENT_INFO");
if (!infostr || !*infostr)
{
if (!check_for_running_agent (silent, 1))
return 0; /* Okay, its running on the standard socket. */
if (!silent)
log_error (_("no gpg-agent running in this session\n"));
return -1;
}
infostr = xstrdup (infostr);
if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr)
{
xfree (infostr);
if (!check_for_running_agent (silent, 1))
return 0; /* Okay, its running on the standard socket. */
if (!silent)
log_error (_("malformed GPG_AGENT_INFO environment variable\n"));
return -1;
}
*p++ = 0;
pid = atoi (p);
while (*p && *p != PATHSEP_C)
p++;
prot = *p? atoi (p+1) : 0;
if (prot != 1)
{
xfree (infostr);
if (!silent)
log_error (_("gpg-agent protocol version %d is not supported\n"),
prot);
if (!check_for_running_agent (silent, 1))
return 0; /* Okay, its running on the standard socket. */
return -1;
}
}
else /* MODE != 0 */
{
infostr = make_filename (opt.homedir, "S.gpg-agent", NULL);
pid = (pid_t)(-1);
}
rc = assuan_socket_connect (&ctx, infostr, pid);
xfree (infostr);
if (rc)
{
if (!mode && !check_for_running_agent (silent, 1))
return 0; /* Okay, its running on the standard socket. */
if (!mode && !silent)
log_error ("can't connect to the agent: %s\n", gpg_strerror (rc));
return -1;
}
if (!opt.quiet && !silent)
log_info ("gpg-agent running and available\n");
assuan_disconnect (ctx);
return 0;
}
diff --git a/common/ChangeLog b/common/ChangeLog
index 9db29d908..d398d2a77 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,1115 +1,1119 @@
+2007-11-27 Werner Koch <wk@g10code.com>
+
+ * homedir.c (dirmngr_socket_name): Use CSIDL_WINDOWS.
+
2007-11-15 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment): Add args XAUTHORITY and
PINENTRY_USER_DATA.
(start_new_gpg_agent): Ditto.
2007-11-07 Werner Koch <wk@g10code.com>
* status.h: New.
* errors.h: Remove.
2007-11-05 Werner Koch <wk@g10code.com>
* audit.c, audit.h: New.
* Makefile.am: Add rules to build audit-events.h.
* exaudit.awk: New.
* mkstrtable.awk: New. Taken from libgpg-error.
2007-10-19 Werner Koch <wk@g10code.com>
* i18n.c (i18n_switchto_utf8, i18n_switchback): New.
2007-10-01 Werner Koch <wk@g10code.com>
* sysutils.h (FD2INT, INT2FD): New.
2007-09-21 Werner Koch <wk@g10code.com>
* homedir.c (default_homedir): Make registry work. Reported by
Marc Mutz.
2007-08-29 Werner Koch <wk@g10code.com>
* exechelp.c (gnupg_wait_process): Add arg EXITCODE. Changed all
callers.
(gnupg_create_inbound_pipe): New.
* util.h (GNUPG_MODULE_NAME_GPGSM, GNUPG_MODULE_NAME_GPG): New.
* homedir.c (gnupg_module_name): Add them
2007-08-28 Werner Koch <wk@g10code.com>
* gettime.c (check_isotime, add_isotime): New. Originally written
for DirMngr by me.
(add_days_to_isotime): New.
(date2jd, jd2date, days_per_month, days_per_year): New. Taken from
my ancient (1988) code used in Wedit (time2.c).
2007-08-27 Werner Koch <wk@g10code.com>
* util.h (GNUPG_MODULE_NAME_CHECK_PATTERN): New.
* homedir.c (gnupg_module_name): Add it.
* exechelp.c (w32_fd_or_null) [W32]: New.
(gnupg_spawn_process_fd): New.
(gnupg_wait_process) [W32]: Close the handle after if the process has
returned.
2007-08-22 Werner Koch <wk@g10code.com>
Updated estream from libestream.
* estream.c (mem_malloc, mem_realloc, mem_free): New. Use them
instead of the ES_MEM_foo.
* estream.c (estream_cookie_mem): Remove members DONT_FREE,
APPEND_ZERO, PTR and SIZE. Add MEMORY_LIMIT. Put GROW into a new
FLAGS struct.
(es_func_mem_create): Remove APPEND_ZERO, DONT_FREE, PTR and
SIZE. Add MEMORY_LIMIT.
(es_func_mem_write, es_func_mem_seek, es_func_mem_destroy): Revamp.
(es_open_memstream): Change API to just take a memory limit and a
mode argument. Rename to ..
(es_fopenmem): .. this.
(HAVE_W32_SYSTEM) [_WIN32]: Define if not defined.
(tmpfd) [W32]: Implement directly using the W32 API.
(es_fgets): Rewrite without using doreadline.
2007-08-21 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_tmpfile): New.
* t-sysutils.c: New.
* Makefile.am (module_tests): Add t-sysutils.
2007-08-20 Werner Koch <wk@g10code.com>
* exechelp.c [W32]: Redefine X_OK to F_OK.
2007-08-16 Werner Koch <wk@g10code.com>
* Makefile.am (t_convert_DEPENDENCIES): Remove
($(PROGRAMS)): Remove.
(t_common_ldadd): Use libcommon.a and not the macro.
2007-08-14 Werner Koch <wk@g10code.com>
* homedir.c (dirmngr_socket_name): New.
2007-08-07 Werner Koch <wk@g10code.com>
* tlv.c, tlv.h: Move from ../scd/.
* tlv.c (parse_sexp, parse_ber_header): Add ERRSOURCE arg and prefix
name with a _.
* tlv.h: Use macro to convey ERRSOURCE.
2007-08-02 Werner Koch <wk@g10code.com>
* gc-opt-flags.h: New.
2007-08-01 Werner Koch <wk@g10code.com>
* estream-printf.c (read_dummy_value): Removed as it is useless now.
(read_values): Remove check on !vaargs which is not anymore needed
and anyway not portable. Reported by Peter O'Gorman.
2007-07-16 Werner Koch <wk@g10code.com>
* estream.c (es_func_file_create): Clear NO_CLOSE flag.
2007-07-12 Werner Koch <wk@g10code.com>
* sysutils.h (gnupg_fd_t): New.
* sysutils.c (translate_sys2libc_fd): Use that type instead of int.
(translate_sys2libc_fd_int): New.
2007-07-09 Werner Koch <wk@g10code.com>
* t-gettime.c (test_isotime2epoch): Use time_t and not u32.
2007-07-05 Werner Koch <wk@g10code.com>
* t-gettime.c: New.
* gettime.c (isotime2epoch, epoch2isotime): New.
2007-07-04 Werner Koch <wk@g10code.com>
* estream.c (es_init_do): Do not throw an error if pth has already
been initialized.
2007-06-26 Werner Koch <wk@g10code.com>
* Makefile.am ($(PROGRAMS)): New.
* util.h (init_common_subsystems): Moved to ..
* init.h: .. New.
* util.h: Include init.h.
* homedir.c (standard_homedir): New.
(default_homedir) [W32]: Reimplemented in terms of
standard_homedir. Fixed memory leak.
2007-06-25 Werner Koch <wk@g10code.com>
* iobuf.c: Add more documentation and slighly restructured macro
defintion for better readability.
(FILEP_OR_FD): Rename to fp_or_fd_t.
(CLOSE_CACHE): Rename to close_cache_t.
* sysutils.c (translate_sys2libc_fd): New using the code from iobuf.c.
* iobuf.c: Include sysutils.h.
(iobuf_translate_file_handle): Remove.
(translate_file_handle): Use new function.
* estream-printf.c [TEST]: Header including fixes.
(do_format): Do not append a trailing Nul. This avoids spurious
Nuls in the es_printf output.
(estream_vsnprintf, estream_vasprintf): Take this in account.
* estream.h (struct es__stream): Change FLAGS to a bit structure.
(ES__FLAG_WRITING): Replace by a bit from FLAGS. * estream.c
(struct estream_internal): Rename FLAGS to MODEFLAGS so that they
are not confused with the estream flags.
(es_initialize, es_create): Add arg MODEFLAGS so that we can setup
the intial writemode. Changed all callers to pass them.
(es_convert_mode): Set O_BINARY.
(es_func_fd_create, es_func_fp_create, es_func_file_create) [W32]:
Call setmode if requested.
2007-06-24 Werner Koch <wk@g10code.com>
* estream.c (do_fpopen, es_fpopen, es_fpopen_nc): New.
(es_func_fp_create, es_func_fp_read, es_func_fp_write)
(es_func_fp_seek, es_func_fp_destroy): New.
2007-06-22 Werner Koch <wk@g10code.com>
* estream.c (es_fdopen): Factored code out to..
(do_fdopen): .. new.
(es_fdopen_nc): New.
(estream_cookie_fd): Add field NO_CLOSE.
(es_func_fd_create): Add arg NO_CLOSE and changed all callers.
(es_func_fd_destroy): Handle the new flag.
* homedir.c (gnupg_libexecdir) [W32]: Factor code out to ..
(w32_rootdir): .. new.
(gnupg_sysconfdir, gnupg_libdir, gnupg_datadir) [W32]: Return
name based on w32_rootdir().
2007-06-21 Werner Koch <wk@g10code.com>
* membuf.h (get_membuf_len): New.
* membuf.c (init_membuf_secure): Really allocate in secure memory.
(put_membuf_str): New.
* ttyio.c (tty_getf): New.
* util.h (ctrl_t): Declare it here.
* asshelp.c (start_new_gpg_agent): New. Based on code from
../sm/call-agent.c
2007-06-20 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_sleep): New.
* sysutils.h [W32]: Remove _sleep wrapper. Changed all callers to
use gnupg_sleep.
* exechelp.c (build_w32_commandline_copy): New.
(build_w32_commandline): Factored some code out to new function
and correctly process a PGMNAME with spaces.
(gnupg_spawn_process_detached) [W32]: Implement.
2007-06-14 Werner Koch <wk@g10code.com>
* simple-pwquery.h (MAP_SPWQ_ERROR_IMPL): New.
(SPWQ_NO_PIN_ENTRY): New.
* simple-pwquery.c (simple_pw_set_socket): New.
(agent_open): Use it if GPG_AGENT_INFO is not set.
(simple_pwquery): Extended to allow returning of otehyr error codes.
* util.h (GNUPG_MODULE_NAME_AGENT, GNUPG_MODULE_NAME_PINENTRY)
(GNUPG_MODULE_NAME_SCDAEMON, GNUPG_MODULE_NAME_DIRMNGR)
(GNUPG_MODULE_NAME_PROTECT_TOOL): New.
* homedir.c (gnupg_module_name): New.
(gnupg_bindir): New.
2007-06-12 Werner Koch <wk@g10code.com>
* homedir.c (gnupg_sysconfdir): New.
(gnupg_libexecdir): New. Taken from g10/misc.c:get_libexecdir.
(gnupg_datadir): New.
(gnupg_libdir): New.
* http.c (connect_server) [W32]: Do not call init_sockets if
HTTP_NO_WSASTARTUP is defined.
* init.c: New.
* estream.c (es_init_do): Init stream lock here because we can't
use a static initialization with W32pth.
2007-06-11 Werner Koch <wk@g10code.com>
* Makefile.am (t_common_ldadd): Use libcommonstd macro.
2007-06-06 Werner Koch <wk@g10code.com>
* Makefile.am: Include am/cmacros.am.
* sysutils.h [W32]: Remove prototypes for the registry access.
* w32reg.c: Move to ../jnlib/w32-reg.c.
* i18n.c (i18n_init): New.
* simple-gettext.c: Remove.
* iobuf.c (iobuf_get_filelength): Rename SIZE to EXSIZE to silent
shadowing warning.
2007-06-04 Werner Koch <wk@g10code.com>
* http.c [W32]: Include unistd.h also in this case.
(write_server) [W32]: Fixed error code.
(init_sockets): Fixed syntax error.
(cookie_close): Replace close by sock_close macro.
* estream.c [w32]: Do not init Mutex.
* Makefile.am (common_sources) [USE_SNS_SRV]: Build srv.c only
when needed.
* ttyio.c (init_ttyfp) [W32]: Do not use TTYFP.
* util.h: Include ../jnlib/dynload.h.
* dynload.h: Move to ../jnlib.
2007-05-30 Werner Koch <wk@g10code.com>
* estream.c (MEM_FREE, MEM_ALLOC, MEM_REALLOC): Prefix with ES_ as
windows.h also has such definitions,
2007-05-15 Werner Koch <wk@g10code.com>
* util.h: Do not include gnulib's vasprintf. Redefine asprintf
and vasprintf.
* xasprintf.c (xasprintf, xtryasprintf): Use estream_vasprintf.
* estream-printf.h, estream-printf.c: New. Taken from current
libestream SVN.
* Makefile.am (common_sources): Add them.
2007-05-14 Werner Koch <wk@g10code.com>
* sexp-parse.h (smklen): New.
* sexputil.c: Include sexp-parse.h.
(make_simple_sexp_from_hexstr): Replace sprintf by smklen.
2007-05-07 Werner Koch <wk@g10code.com>
* signal.c (got_fatal_signal): Protect SIG from being clobbered by
a faulty signal implementaion. Suggested by James Juran.
2007-04-25 Werner Koch <wk@g10code.com>
* i18n.h (ngettext): New.
* simple-gettext.c (ngettext): New.
2007-04-20 Werner Koch <wk@g10code.com>
* miscellaneous.c (my_gcry_logger, my_gcry_outofcore_handler):
Moved from gpg-agent to here.
(my_gcry_fatalerror_handler): new.
(setup_libgcrypt_logging): New.
2007-03-19 Werner Koch <wk@g10code.com>
* miscellaneous.c (print_hexstring): New.
* estream.c (es_fprintf_unlocked): New.
(es_write_sanitized): New.
(es_write_hexstring): New.
(es_write_sanitized_utf8_buffer) [GNUPG_MAJOR_VERSION]: New.
2007-03-09 David Shaw <dshaw@jabberwocky.com>
From STABLE-BRANCH-1-4
* http.c (do_parse_uri): Remove the hkp port 11371 detection. We
implement hkp in the keyserver handler, and the support here makes
it appear like a bad hkp request actually succeeded.
2007-01-31 Werner Koch <wk@g10code.com>
* Makefile.am (t_common_ldadd): Add LIBINCONV and LIBINTL.
2007-01-25 Werner Koch <wk@g10code.com>
* simple-pwquery.c (simple_pwquery): New arg OPT_CHECK.
2006-12-13 David Shaw <dshaw@jabberwocky.com>
* Makefile.am (AM_CPPFLAGS): Include intl/ so we can reference the
built-in headers.
2006-11-23 Werner Koch <wk@g10code.com>
* http.c: Include i18n.h
2006-11-21 Werner Koch <wk@g10code.com>
* estream.c: Remove explicit Pth soft mapping diabling becuase it
is now done in config.h.
2006-11-15 Werner Koch <wk@g10code.com>
* estream.c: Disabled Pth soft mapping.
(my_funopen_hook_ret_t): New.
(print_fun_writer): Use it here.
* iobuf.c (fd_cache_close): Use %d instead of %p for debug output.
2006-11-03 Werner Koch <wk@g10code.com>
* Makefile.am (t_convert_DEPENDENCIES): Add libcommon. From
Gentoo.
2006-10-24 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS).
(libsimple_pwquery_a_CFLAGS): New variable.
2006-10-20 Werner Koch <wk@g10code.com>
* convert.c (hex2bin): New.
2006-10-17 Werner Koch <wk@g10code.com>
* estream.c (struct estream_internal, es_initialize)
(es_deinitialize, print_fun_writer, es_print): New and modified
functions to avoid tempfiles for printf style printing.
* Makefile.am (libcommonpth_a_SOURCES): New. We now build a secon
version of the library with explicit Pth support.
* exechelp.c, estream.c: Make use of WITHOUT_GNU_PTH.
2006-10-08 Werner Koch <wk@g10code.com>
* gpgrlhelp.c: Trun all functions into dummies if readline is not
available.
2006-10-06 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
* util.h (GNUPG_GCC_A_SENTINEL): Defined for gcc >= 4.
2006-10-04 David Shaw <dshaw@jabberwocky.com>
* gpgrlhelp.c: readline requires stdio.h.
2006-10-04 Werner Koch <wk@g10code.com>
* membuf.c (init_membuf_secure): New.
(put_membuf): Make sure that ERRNO is set even if the underlying
malloc code does not work properly.
(get_membuf): Set ERRNO on error.
(get_membuf): Allow to pass LEN as NULL.
2006-10-02 Werner Koch <wk@g10code.com>
* iobuf.c (iobuf_unread): Removed. This code is not required.
Also removed the entire unget buffer stuff.
2006-09-27 Werner Koch <wk@g10code.com>
* util.h: Do not include strsep.h and strpbrk.h.
(isascii): Removed as it is now in jnlib.
* iobuf.c (pop_filter, underflow, iobuf_close): Free the unget
buffer.
2006-09-27 Florian Weimer <fweimer@bfk.de> (wk)
* iobuf.c (iobuf_unread): New.
2006-09-22 Werner Koch <wk@g10code.com>
* i18n.h: Changed license to an all permissive one.
* ttyio.c (tty_get): We need to use readline too. Added two more
hooks.
2006-09-21 Werner Koch <wk@g10code.com>
* ttyio.c (tty_private_set_rl_hooks): New.
(tty_enable_completion, tty_disable_completion): Use a hook to
enable readline support. Now always available.
(tty_cleanup_rl_after_signal): New.
* ttyio.h: Removed readline specific stuff. Included util.h.
* common-defs.h: New.
2006-09-15 Werner Koch <wk@g10code.com>
* convert.c: New.
(hexcolon2bin): New.
(bin2hex, bin2hexcolon, do_binhex): New.
* t-convert.c: New
2006-09-14 Werner Koch <wk@g10code.com>
* util.h (out_of_core): Use new gpg_error_from_syserror function.
* http.c (init_sockets): Changed it to require 2.2 unless it is
build within gnupg 1 where we require 1.1 (and not anymore allow
for 1.0).
2006-09-07 Werner Koch <wk@g10code.com>
* exechelp.c (gnupg_spawn_process): Factor out post fork code to ..
(do_exec): .. new function. Allow passing of -1 for the fds.
(gnupg_spawn_process): Terminate gcrypt's secure memory in the child.
(gnupg_spawn_process_detached): New.
2006-09-06 Werner Koch <wk@g10code.com>
* maperror.c: Removed.
* util.h (out_of_core): New.
2006-09-04 Werner Koch <wk@g10code.com>
* http.c (http_get_header): New.
(capitalize_header_name, store_header): New.
(parse_response): Store headers away.
(send_request): Return GPG_ERR_NOT_FOUND if connect_server failed.
* http.h: New flag HTTP_FLAG_NEED_HEADER.
2006-08-21 Werner Koch <wk@g10code.com>
* Makefile.am (libcommon_a_SOURCES): Added keyserver.h
* openpgpdefs.h: New. Stripped from ..g10/packet.h.
2006-08-16 Werner Koch <wk@g10code.com>
* keyserver.h: Moved from ../include to here.
* http.c: Include srv.h.
* srv.c, srv.h: New. Taken from GnuPG 1.4
2006-08-14 Werner Koch <wk@g10code.com>
* http.h (struct http_context_s): Moved to implementation.
* http.c (http_open): Changed call to return a context.
(http_open_document): Ditto.
(http_get_read_ptr, http_get_read_ptr, http_get_status_code): New.
(do_parse_uri): Replaced strlwr by straight code to ease
standalone use of this file.
(http_wait_response): Removed arg STATUS_CODE as it is available
through an accessor function. Adjusted caller.
(http_escape_string): New.
* estream.c (es_read_line): Renamed to ..
(doreadline): .. this. Changed all callers.
(es_read_line): New. This is theusual limited getline variabnt as
used at several places. Here taken and adjusted from xreadline.c
(es_free): New.
2006-08-11 Werner Koch <wk@g10code.com>
* http.c: Major internal changes to optionallly support GNUTLS and
ESTREAM.
(http_open): Move initialization of the stream ...
(send_request): .. here.
(http_register_tls_callback): New.
* estream.c (es_writen): Try to seek only is a seek function has
been registered.
2006-08-09 Werner Koch <wk@g10code.com>
* http.c, http.h: New. Taken from gnupg 1.4.5, merged with
changes done for the Dirmngr project (by g10 Code) and cleaned up
some stuff.
(make_header_line): New. Change all caller to make user of the new
* Makefile.am (libcommon_a_SOURCES): Added http.c and http.h.
2006-05-23 Werner Koch <wk@g10code.com>
* gettime.c (isotimestamp): New.
* ttyio.c (tty_get_ttyname): Posixly correct usage of ctermid.
* dns-cert.c: New. Taken from 1.4.3's util/cert.c.
* dns-cert.h: New.
2006-05-22 Werner Koch <wk@g10code.com>
* pka.c: New. Taked from 1.4.3.
* pka.h: New.
* Makefile.am: Added pka.
2006-05-19 Werner Koch <wk@g10code.com>
* yesno.c (answer_is_yes_no_default, answer_is_yes_no_quit):
Updated from 1.4.3.
(answer_is_okay_cancel): new. From 1.4.3.
* miscellaneous.c (match_multistr): New. Taken from 1.4.3.
* ttyio.c (tty_enable_completion, tty_disable_completion): New
dummy functions.
* ttyio.h: Add prototypes and stubs.
2006-04-19 Werner Koch <wk@g10code.com>
* iobuf.c (iobuf_get_fd): New. Taken from 1.4.3.
(iobuf_is_pipe_filename): New.
(pop_filter): Made static.
(iobuf_skip_rest): New. Orginal patch by Florian
Weimer. Added new argument PARTIAL.
(block_filter): Remove the old gpg indeterminate length mode.
(block_filter): Properly handle a partial body stream
that ends with a 5-byte length that happens to be zero.
(iobuf_set_block_mode, iobuf_in_block_mode): Removed as
superfluous.
(iobuf_get_filelength): New arg OVERFLOW.
(iobuf_get_filelength) [W32]: Use GetFileSizeEx if available
* miscellaneous.c (is_file_compressed): Take care of OVERFLOW.
2006-04-18 Werner Koch <wk@g10code.com>
* homedir.c (w32_shgetfolderpath): New. Taken from gpg 1.4.3.
(default_homedir): Use it.
2005-10-08 Marcus Brinkmann <marcus@g10code.de>
* signal.c (get_signal_name): Check value of HAVE_DECL_SYS_SIGLIST
instead of just if it is defined.
2005-09-28 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
2005-07-04 Marcus Brinkmann <marcus@g10code.de>
* simple-pwquery.h (simple_pwclear): New prototype.
* simple-pwquery.c (simple_pwclear): New function.
2005-06-15 Werner Koch <wk@g10code.com>
* miscellaneous.c (make_printable_string): Made P a void*.
* sexputil.c (keygrip_from_canon_sexp, cmp_simple_canon_sexp):
Fixed signed/unsigned pointer mismatch.
(make_simple_sexp_from_hexstr): Ditto. This is all too ugly; I
wonder why gcc-4's default is to warn about them and forcing us to
use cast the warning away.
* iobuf.c (block_filter): Ditto.
(iobuf_flush): Ditto.
(iobuf_read_line): Ditto.
(iobuf_read): Make BUFFER a void *.
(iobuf_write): Make BUFFER a const void *.
* ttyio.c (tty_print_utf8_string2): Ditto.
* estream.c (estream_cookie_mem): Make MEMORY unsigned char*.
(es_write): Make BUFFER a void *.
(es_writen): Ditto.
(es_func_fd_read, es_func_fd_write, es_func_mem_read)
(es_func_mem_write): Ditto.
(es_read, es_readn): Ditto.
(es_func_mem_write): Made MEMORY_NEW an unsigned char *.
* estream.h (es_cookie_read_function_t)
(es_cookie_write_function_t): Changed buffer arg to void*.
2005-06-03 Werner Koch <wk@g10code.com>
* estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
(es_func_fd_read, es_func_fd_write): Protect against EINTR.
2005-06-01 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CPPFLAGS): Added.
* util.h: Add some includes for gnulib.
(ttyname, isascii): Define them inline.
* fseeko.c, ftello.c: Removed.
* strsep.c, mkdtemp.c: Removed.
* ttyname.c, isascii.c: Removed.
2005-05-31 Werner Koch <wk@g10code.com>
* dynload.h: s/__inline__/inline/.
2005-05-13 Werner Koch <wk@g10code.com>
* signal.c (got_fatal_signal): Print the signal number if we can't
get a name for it.
(get_signal_name): Return NULL if no name is available. Fixed
conditional for sys_siglist to the correct one.
2005-04-17 Werner Koch <wk@g10code.com>
* sexputil.c (cmp_simple_canon_sexp): New.
(make_simple_sexp_from_hexstr): New.
2005-04-07 Werner Koch <wk@g10code.com>
* sexputil.c: New.
2005-04-11 Marcus Brinkmann <marcus@g10code.de>
* simple-pwquery.c (simple_pwquery): Use spwq_secure_free.
2005-03-03 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CFLAGS): Added PTH_CFLAGS. Noted by Kazu Yamamoto.
2005-02-25 Werner Koch <wk@g10code.com>
* xasprintf.c (xtryasprintf): New.
2005-01-26 Moritz Schulte <moritz@g10code.com>
* Makefile.am (libcommon_a_SOURCES): New source files: estream.c,
estream.h.
* estream.c, estream.h: New files.
2005-01-03 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment): Fixed changed from
2004-12-18; cut+paste error for lc-messages.
2004-12-21 Werner Koch <wk@g10code.com>
* simple-pwquery.c (agent_open) [W32]: Implement for W32.
(readline) [W32]: Use recv instead of read.
(writen) [W32]: Use send instead of write.
(my_stpcpy): Define a stpcpy replacement so that this file
continues to be self-contained.
(agent_send_all_options) [W32]: Don't call ttyname.
2004-12-21 Marcus Brinkmann <marcus@g10code.de>
* simple-pwquery.h (simple_query): Add prototype.
* simple-pwquery.c (simple_query): New function.
2004-12-21 Werner Koch <wk@g10code.com>
* signal.c (got_fatal_signal, got_usr_signal)
(got_fatal_signal) [DOSISH]: Don't build.
* simple-gettext.c: Include sysutils.h
* homedir.c: New. Use CSIDL_APPDATA for W32 as the default home
directory.
* Makefile.am (libcommon_a_SOURCES): Add it.
(EXTRA_DIST): Removed mkerror and mkerrtok.
2004-12-20 Werner Koch <wk@g10code.com>
* sysutils.h [W32]: Define sleep.
* util.h: Add prototype for mkdtemp.
* membuf.c (put_membuf): Wipe out buffer after a failed realloc.
2004-12-19 Werner Koch <wk@g10code.com>
* maperror.c (map_assuan_err_with_source): Oops, args were swapped.
2004-12-18 Werner Koch <wk@g10code.com>
* maperror.c (map_assuan_err): Renamed to ..
(map_assuan_err_with_source): .. this and add arg SOURCE.c
* asshelp.c (send_pinentry_environment, send_one_option): Add arg
ERRSOURCE.
2004-12-15 Werner Koch <wk@g10code.com>
* sysutils.h [W32]: Prototypes for registry functions.
* w32reg.c: Include sysutils.h
* simple-pwquery.c [W32]: Dummy code to allow a build.
* exechelp.c [W32]: Implemented for W32 .
* ttyname.c: New.
* asshelp.c (send_one_option): New.
(send_pinentry_environment): Cleaned up and made sure that empty
values are not send.
2004-12-07 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment) [W32]: Do not use ttyname.
2004-12-06 Werner Koch <wk@g10code.com>
* exechelp.h, exechelp.c: New. Based on code from ../sm/import.c.
2004-12-03 Werner Koch <wk@g10code.com>
* strsep.c: Fixed copyright comments.
2004-11-26 Werner Koch <wk@g10code.com>
* simple-gettext.c: New taken from gnupg 1.3.x
* simple-pwquery.c [_WIN32]: Include winsock2.h.
(agent_open): Disable it until we have our AF_UNIX implementation
ready.
* fseeko.c, ftello.c: Include sys/types for the sake of W32.
2004-11-23 Werner Koch <wk@g10code.com>
* b64enc.c: Include stdio.h and string.h
2004-08-18 Werner Koch <wk@g10code.de>
* simple-pwquery.c (simple_pwquery): Handle gpg-error style return
code for canceled.
2004-07-20 Werner Koch <wk@g10code.de>
* maperror.c: Removed header ksba.h. Not required anymore.
2004-06-14 Werner Koch <wk@gnupg.org>
* xreadline.c: New. Based on the iobuf_read_line function.
2004-05-12 Werner Koch <wk@gnupg.org>
* util.h (xtrycalloc_secure,xtrymalloc_secure): New.
2004-05-11 Werner Koch <wk@gnupg.org>
* sysutils.c (disable_core_dumps): Only set the current limit.
(enable_core_dumps): New.
2004-04-13 Werner Koch <wk@gnupg.org>
* simple-pwquery.c (copy_and_escape): Relaxed quoting.
2004-04-05 Werner Koch <wk@gnupg.org>
* errors.h (STATUS_NEWSIG): New.
2004-03-11 Werner Koch <wk@gnupg.org>
* dynload.h [__MINGW32__]: Define RTLD_LAZY.
2004-03-09 Werner Koch <wk@gnupg.org>
* maperror.c (map_assuan_err): Map the Locale_Problem item.
2004-03-03 Werner Koch <wk@gnupg.org>
* asshelp.c, asshelp.h: New.
(send_pinentry_environment): New. Code taken from ../sm/call-agent.c.
2004-02-19 Werner Koch <wk@gnupg.org>
* simple-pwquery.c (agent_open): Don't mangle INFOSTR.
2004-02-17 Werner Koch <wk@gnupg.org>
* simple-pwquery.c (agent_open): Ignore an empty GPG_AGENT_INFO.
* errors.h: Added STATUS_IMPORT_OK.
2004-02-10 Werner Koch <wk@gnupg.org>
* b64enc.c: New. Based on code from ../sm/base64.c.
2004-01-30 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libcommon_a_SOURCES): Add xasprintf.c.
* miscellaneous.c (xasprintf): Moved to ...
* xasprintf (xasprintf): ... here. New file.
This allows to use xasprintf without sucking in gpg-error.
2004-01-27 Werner Koch <wk@gnupg.org>
* sexp-parse.h: New; moved from../agent.
* util.h (xtoi_4): New.
2003-12-23 Werner Koch <wk@gnupg.org>
* maperror.c (map_assuan_err): Prepared for a new error code.
2003-12-17 Werner Koch <wk@gnupg.org>
* gettime.c (asctimestamp): Add a note on a non-avoidable gcc warning.
* util.h [!HAVE_VASPRINTF]: Add printf format attribute to the
replacement function.
* miscellaneous.c (xasprintf): New.
2003-11-14 Werner Koch <wk@gnupg.org>
* mkdtemp.c (mkdtemp): Use gcry_create_nonce.
* cryptmiss.c: Removed.
2003-11-13 Werner Koch <wk@gnupg.org>
* util.h (vasprintf): Also fixed the prototype.
* vasprintf.c (vasprintf): ARGS should not be a pointer. Fixed
segv on Solaris. Reported by Andrew J. Schorr.
2003-11-12 Werner Koch <wk@gnupg.org>
* maperror.c (map_ksba_err, map_gcry_err, map_kbx_err): Removed.
2003-10-31 Werner Koch <wk@gnupg.org>
* util.h (gnupg_isotime_t): New.
(gnupg_copy_time): New.
* gettime.c (gnupg_get_isotime): New.
2003-09-23 Werner Koch <wk@gnupg.org>
* iobuf.c (check_special_filename): Replaced is isdigit by digitp
to avoid passing negative values and potential locale problems.
Problem noted by Christian Biere.
* util.h (ascii_isspace): New.
2003-09-18 Werner Koch <wk@gnupg.org>
* ttyio.c (tty_fprintf): New.
(tty_print_string, tty_print_utf8_string2)
(tty_print_utf8_string): Made P argument const byte*.
2003-08-20 Marcus Brinkmann <marcus@g10code.de>
* maperror.c (map_ksba_err): Map -1. Use gpg_err_make to set
the error source.
2003-08-14 Timo Schulz <twoaday@freakmail.de>
* dynload.h. New. W32 wrapper around the dynload mechanism.
2003-07-15 Werner Koch <wk@gnupg.org>
* simple-pwquery.c, simple-pwquery.h: New; moved from ../agent.
* Makefile.am (libsimple_pwquery_a_LIBADD): New.
2003-06-25 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Directly map 0 to 0.
2003-06-17 Werner Koch <wk@gnupg.org>
* gettime.c (scan_isodatestr,add_days_to_timestamp,strtimevalue)
(strtimestamp,asctimestamp): New. Code taken from gnupg 1.3.2
mischelp.c.
* yesno.c: New. Code taken from gnupg 1.3.2 mischelp.c
* miscellaneous.c: New.
* util.h: Include utf8conf.h
2003-06-16 Werner Koch <wk@gnupg.org>
* gettime.c (make_timestamp): New.
* ttyio.c: New. Taken from gnupg 1.2.
* ttyio.h: Move from ../include.
2003-06-13 Werner Koch <wk@gnupg.org>
* util.h (seterr): Removed macro.
(xmalloc_secure,xcalloc_secure): New.
2003-06-11 Werner Koch <wk@gnupg.org>
* iobuf.c (iobuf_writebyte,iobuf_write): Return error code from
iobuf_flush.
(iobuf_writestr): Ditto.
2003-06-10 Werner Koch <wk@gnupg.org>
* iobuf.c, iobuf.h: New. Taken from current gnupg 1.3 CVS. Run
indent on it and adjusted error handling to libgpg-error style.
Replaced IOBUF by iobuf_t. Renamed malloc functions.
2003-06-04 Werner Koch <wk@gnupg.org>
* errors.h: Removed all error codes. We keep the status codes for
now.
* Makefile.am: Do not create errors.c anymore; remove it from the
sources.
* maperror.c: Don't include error.h. Change all error codes to
libgpg-error style.
(map_assuan_err): Changed to new Assuan error code convention.
(map_to_assuan_status): Likewise.
(map_gcry_err,map_kbx_err): Not needed. For now dummy functions.
* membuf.c, membuf.h: New. Code taken from ../sm/call-agent.h.
* Makefile.am: Added above.
2003-04-29 Werner Koch <wk@gnupg.org>
* util.h (fopencokokie): Removed prototype and struct.
* fopencookie.c: Removed.
* maperror.c: Use system assuan.h
2002-10-31 Neal H. Walfield <neal@g10code.de>
* isascii.c: New file.
* putc_unlocked.c: Likewise.
2002-10-28 Neal H. Walfield <neal@g10code.de>
* signal.c (caught_fatal_sig): Remove superfluous zero
initializer.
(caught_sigusr1): Likewise.
2002-09-04 Neal H. Walfield <neal@g10code.de>
* vasprintf.c (vasprintf) [va_copy]: Use va_copy.
[!va_copy && __va_copy]: Use __va_copy.
[!va_copy && !__va_copy]: Only now fall back to using memcpy.
2002-08-21 Werner Koch <wk@gnupg.org>
* errors.h: Added STATUS_IMPORT_PROBLEM.
2002-08-20 Werner Koch <wk@gnupg.org>
* vasprintf.c: Hack to handle NULL for %s.
2002-08-09 Werner Koch <wk@gnupg.org>
* signal.c: New. Taken from GnuPG 1.1.91.
2002-07-23 Werner Koch <wk@gnupg.org>
* util.h (_IO_cookie_io_functions_t): Fixed typo. Noted by
Richard Lefebvre.
2002-07-22 Werner Koch <wk@gnupg.org>
* fseeko.c, ftello.c: New.
2002-06-28 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Map more errorcodes to Bad
Certificate.
2002-06-26 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Map EOF to No_Data_Available.
2002-06-10 Werner Koch <wk@gnupg.org>
* errors.h (gnupg_error_token): Add new prototype.
(STATUS_ERROR): New.
* mkerrtok: New.
* Makefile.am: Use it to create the new error token function.
2002-06-04 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Map Bad_CA_Certificate.
2002-05-23 Werner Koch <wk@gnupg.org>
* no-pth.c, Makefile.am: Removed.
2002-05-22 Werner Koch <wk@gnupg.org>
* mkdtemp.c: Replaced byte by unsigned char because it is no longer
defined in gcrypt.h.
2002-05-21 Werner Koch <wk@gnupg.org>
* maperror.c (map_gcry_err): Add libgcrypt's new S-expression errors.
(map_ksba_err): Add a few mappings.
2002-05-14 Werner Koch <wk@gnupg.org>
* gettime.c: New.
2002-05-03 Werner Koch <wk@gnupg.org>
* errors.h: Added STARUS_EXPSIG and STATUS_EXPKEYSIG.
2002-04-15 Werner Koch <wk@gnupg.org>
* cryptmiss.c: New.
2002-02-14 Werner Koch <wk@gnupg.org>
* maperror.c: Add more assuan<->gnupg mappings.
2002-02-12 Werner Koch <wk@gnupg.org>
* fopencookie.c: Dummy function.
* vasprintf.c: New. Taken from binutils-2.9.1 and dropped all non
ANSI-C stuff. Merged with asprintf version.
* no-pth.c: New.
2002-01-23 Werner Koch <wk@gnupg.org>
* mkdtemp.c: Copied from gnupg-1.0.6c and changed to use libgcrypt.
2002-01-19 Werner Koch <wk@gnupg.org>
* sysutils.c: New. This is the misc.c file from gnupg 1.0.6 with
the OpenPGP stuff removed.
* sysutils.h: New.
2002-01-15 Werner Koch <wk@gnupg.org>
* maperror.c: Add mapping for Not_Trusted.
2002-01-11 Werner Koch <wk@gnupg.org>
* maperror.c (map_assuan_err): Codes for CRL
2002-01-08 Werner Koch <wk@gnupg.org>
* util.h (spacep): New.
2002-01-02 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): New. Merged from ../agent
and ../sm.
2001-12-20 Werner Koch <wk@gnupg.org>
* maperror.c (map_gcry_err): Add some mappings.
2001-12-18 Werner Koch <wk@gnupg.org>
* Makefile.am (AM_CPPFLAGS): Include flags for gcrypt and ksba
2001-12-14 Werner Koch <wk@gnupg.org>
* util.h (digitp, hexdigitp): New ctype like macros.
(atoi_1,atoi_2,atoi_4,xtoi_1,xtoi_2): New.
Copyright 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/common/homedir.c b/common/homedir.c
index b85f760a0..6f1b49c21 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -1,385 +1,390 @@
/* homedir.c - Setup the home directory.
* Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdlib.h>
#include <errno.h>
#include <fcntl.h>
#ifdef HAVE_W32_SYSTEM
#include <shlobj.h>
#ifndef CSIDL_APPDATA
#define CSIDL_APPDATA 0x001a
#endif
#ifndef CSIDL_LOCAL_APPDATA
#define CSIDL_LOCAL_APPDATA 0x001c
#endif
#ifndef CSIDL_FLAG_CREATE
#define CSIDL_FLAG_CREATE 0x8000
#endif
#endif /*HAVE_W32_SYSTEM*/
#include "util.h"
#include "sysutils.h"
/* This is a helper function to load a Windows function from either of
one DLLs. */
#ifdef HAVE_W32_SYSTEM
static HRESULT
w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
{
static int initialized;
static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPSTR);
if (!initialized)
{
static char *dllnames[] = { "shell32.dll", "shfolder.dll", NULL };
void *handle;
int i;
initialized = 1;
for (i=0, handle = NULL; !handle && dllnames[i]; i++)
{
handle = dlopen (dllnames[i], RTLD_LAZY);
if (handle)
{
func = dlsym (handle, "SHGetFolderPathA");
if (!func)
{
dlclose (handle);
handle = NULL;
}
}
}
}
if (func)
return func (a,b,c,d,e);
else
return -1;
}
#endif /*HAVE_W32_SYSTEM*/
/* Get the standard home directory. In general this function should
not be used as it does not consider a registry value (under W32) or
the GNUPGHOME encironment variable. It is better to use
default_homedir(). */
const char *
standard_homedir (void)
{
#ifdef HAVE_W32_SYSTEM
static const char *dir;
if (!dir)
{
char path[MAX_PATH];
/* It might be better to use LOCAL_APPDATA because this is
defined as "non roaming" and thus more likely to be kept
locally. For private keys this is desired. However, given
that many users copy private keys anyway forth and back,
using a system roaming services might be better than to let
them do it manually. A security conscious user will anyway
use the registry entry to have better control. */
if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
NULL, 0, path) >= 0)
{
char *tmp = xmalloc (strlen (path) + 6 +1);
strcpy (stpcpy (tmp, path), "\\gnupg");
dir = tmp;
/* Try to create the directory if it does not yet exists. */
if (access (dir, F_OK))
CreateDirectory (dir, NULL);
}
else
dir = GNUPG_DEFAULT_HOMEDIR;
}
return dir;
#else/*!HAVE_W32_SYSTEM*/
return GNUPG_DEFAULT_HOMEDIR;
#endif /*!HAVE_W32_SYSTEM*/
}
/* Set up the default home directory. The usual --homedir option
should be parsed later. */
const char *
default_homedir (void)
{
const char *dir;
dir = getenv ("GNUPGHOME");
#ifdef HAVE_W32_SYSTEM
if (!dir || !*dir)
{
static const char *saved_dir;
if (!saved_dir)
{
if (!dir || !*dir)
{
char *tmp;
tmp = read_w32_registry_string (NULL, "Software\\GNU\\GnuPG",
"HomeDir");
if (tmp && !*tmp)
{
xfree (tmp);
tmp = NULL;
}
if (tmp)
saved_dir = tmp;
}
if (!saved_dir)
saved_dir = standard_homedir ();
}
dir = saved_dir;
}
#endif /*HAVE_W32_SYSTEM*/
if (!dir || !*dir)
dir = GNUPG_DEFAULT_HOMEDIR;
return dir;
}
#ifdef HAVE_W32_SYSTEM
static const char *
w32_rootdir (void)
{
static int got_dir;
static char dir[MAX_PATH+5];
if (!got_dir)
{
char *p;
if ( !GetModuleFileName ( NULL, dir, MAX_PATH) )
{
log_debug ("GetModuleFileName failed: %s\n", w32_strerror (0));
*dir = 0;
}
got_dir = 1;
p = strrchr (dir, DIRSEP_C);
if (p)
*p = 0;
else
{
log_debug ("bad filename `%s' returned for this process\n", dir);
*dir = 0;
}
}
if (*dir)
return dir;
/* Fallback to the hardwired value. */
return GNUPG_LIBEXECDIR;
}
#endif /*HAVE_W32_SYSTEM*/
/* Return the name of the sysconfdir. This is a static string. This
function is required because under Windows we can't simply compile
it in. */
const char *
gnupg_sysconfdir (void)
{
#ifdef HAVE_W32_SYSTEM
static char *name;
if (!name)
{
const char *s1, *s2;
s1 = w32_rootdir ();
s2 = DIRSEP_S "etc" DIRSEP_S "gnupg";
name = xmalloc (strlen (s1) + strlen (s2) + 1);
strcpy (stpcpy (name, s1), s2);
}
return name;
#else /*!HAVE_W32_SYSTEM*/
return GNUPG_SYSCONFDIR;
#endif /*!HAVE_W32_SYSTEM*/
}
const char *
gnupg_bindir (void)
{
#ifdef HAVE_W32_SYSTEM
return w32_rootdir ();
#else /*!HAVE_W32_SYSTEM*/
return GNUPG_BINDIR;
#endif /*!HAVE_W32_SYSTEM*/
}
/* Return the name of the libexec directory. The name is allocated in
a static area on the first use. This function won't fail. */
const char *
gnupg_libexecdir (void)
{
#ifdef HAVE_W32_SYSTEM
return w32_rootdir ();
#else /*!HAVE_W32_SYSTEM*/
return GNUPG_LIBEXECDIR;
#endif /*!HAVE_W32_SYSTEM*/
}
const char *
gnupg_libdir (void)
{
#ifdef HAVE_W32_SYSTEM
static char *name;
if (!name)
{
const char *s1, *s2;
s1 = w32_rootdir ();
s2 = DIRSEP_S "lib" DIRSEP_S "gnupg";
name = xmalloc (strlen (s1) + strlen (s2) + 1);
strcpy (stpcpy (name, s1), s2);
}
return name;
#else /*!HAVE_W32_SYSTEM*/
return GNUPG_LIBDIR;
#endif /*!HAVE_W32_SYSTEM*/
}
const char *
gnupg_datadir (void)
{
#ifdef HAVE_W32_SYSTEM
static char *name;
if (!name)
{
const char *s1, *s2;
s1 = w32_rootdir ();
s2 = DIRSEP_S "share" DIRSEP_S "gnupg";
name = xmalloc (strlen (s1) + strlen (s2) + 1);
strcpy (stpcpy (name, s1), s2);
}
return name;
#else /*!HAVE_W32_SYSTEM*/
return GNUPG_DATADIR;
#endif /*!HAVE_W32_SYSTEM*/
}
/* Return the default socket name used by DirMngr. */
const char *
dirmngr_socket_name (void)
{
#ifdef HAVE_W32_SYSTEM
static char *name;
if (!name)
{
- const char *s1, *s2;
- s1 = w32_rootdir ();
+ char s1[MAX_PATH];
+ const char *s2;
+
+ /* We need something akin CSIDL_COMMON_PROGRAMS, but local
+ (non-roaming). */
+ if (w32_shgetfolderpath (NULL, CSIDL_WINDOWS, NULL, 0, s1) < 0)
+ strcpy (s1, "C:\\WINDOWS");
s2 = DIRSEP_S "S.dirmngr";
name = xmalloc (strlen (s1) + strlen (s2) + 1);
strcpy (stpcpy (name, s1), s2);
}
return name;
#else /*!HAVE_W32_SYSTEM*/
return "/var/run/dirmngr/socket";
#endif /*!HAVE_W32_SYSTEM*/
}
/* Return the file name of a helper tool. WHICH is one of the
GNUPG_MODULE_NAME_foo constants. */
const char *
gnupg_module_name (int which)
{
const char *s, *s2;
#define X(a,b) do { \
static char *name; \
if (!name) \
{ \
s = gnupg_ ## a (); \
s2 = DIRSEP_S b EXEEXT_S; \
name = xmalloc (strlen (s) + strlen (s2) + 1); \
strcpy (stpcpy (name, s), s2); \
} \
return name; \
} while (0)
switch (which)
{
case GNUPG_MODULE_NAME_AGENT:
#ifdef GNUPG_DEFAULT_AGENT
return GNUPG_DEFAULT_AGENT;
#else
X(bindir, "gpg-agent");
#endif
case GNUPG_MODULE_NAME_PINENTRY:
#ifdef GNUPG_DEFAULT_PINENTRY
return GNUPG_DEFAULT_PINENTRY;
#else
X(bindir, "pinentry");
#endif
case GNUPG_MODULE_NAME_SCDAEMON:
#ifdef GNUPG_DEFAULT_SCDAEMON
return GNUPG_DEFAULT_SCDAEMON;
#else
X(bindir, "scdaemon");
#endif
case GNUPG_MODULE_NAME_DIRMNGR:
#ifdef GNUPG_DEFAULT_DIRMNGR
return GNUPG_DEFAULT_DIRMNGR;
#else
X(bindir, "dirmngr");
#endif
case GNUPG_MODULE_NAME_PROTECT_TOOL:
#ifdef GNUPG_DEFAULT_PROTECT_TOOL
return GNUPG_DEFAULT_PROTECT_TOOL;
#else
X(libexecdir, "gpg-protect-tool");
#endif
case GNUPG_MODULE_NAME_CHECK_PATTERN:
X(libexecdir, "gpg-check-pattern");
case GNUPG_MODULE_NAME_GPGSM:
X(bindir, "gpgsm");
case GNUPG_MODULE_NAME_GPG:
X(bindir, "gpg2");
default:
BUG ();
}
#undef X
}
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 1e276e2a3..6fbde7c95 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,524 +1,527 @@
2007-11-19 Werner Koch <wk@g10code.com>
+ * gpg.texi (GPG Configuration Options): English Grammar fix.
+ Thanks to Gerg Troxel.
+
* gpgsm.texi (Certificate Options): Document
--auto-issuer-key-retrieve.
2007-11-15 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA.
* gpg-agent.texi (Agent Options): Add xauthority.
2007-10-31 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.texi (Agent Options): Fix typos, by Bernhard Reiter.
2007-10-27 David Shaw <dshaw@jabberwocky.com>
* gpg.texi: Document --rfc4880 (the new --openpgp).
2007-10-25 David Shaw <dshaw@jabberwocky.com>
* gpg.texi: Clarify --force-v3-sigs, --pgp2, and --pgp6 a bit.
2007-10-23 Werner Koch <wk@g10code.com>
* tools.texi (Listing global options): New.
2007-10-19 Werner Koch <wk@g10code.com>
* tools.texi (Controlling gpg-connect-agent): Updated.
2007-08-29 Werner Koch <wk@g10code.com>
* tools.texi (Checking programs): New.
2007-08-27 Werner Koch <wk@g10code.com>
* examples/pwpattern.list: New.
2007-08-24 Werner Koch <wk@g10code.com>
* debugging.texi (Common Problems): Add "A root certifciate does
not validate."
2007-08-14 Werner Koch <wk@g10code.com>
* glossary.texi (Glossary): Add a more items.
2007-08-13 Werner Koch <wk@g10code.com>
* yat2m.c (proc_texi_cmd): Do not put @samp content between two
newlines.
* gpg-agent.texi (Agent Configuration): Explain the CM flag for
trustlist.txt.
2007-08-09 Werner Koch <wk@g10code.com>
* gpgsm.texi (Certificate Options): Describe --validation-model.
2007-07-23 Werner Koch <wk@g10code.com>
* scdaemon.texi (Scdaemon Commands): Remove obsolete --print-atr.
2007-07-17 Werner Koch <wk@g10code.com>
* gpgsm.texi (Input and Output): Document --default-key.
2007-07-04 Werner Koch <wk@g10code.com>
* gpl.texi: Updated to GPLv3.
2007-06-22 Werner Koch <wk@g10code.com>
* gpg.texi (Operational GPG Commands): Describe the flags used by
--check-sigs.
2007-06-21 Werner Koch <wk@g10code.com>
* gpgsm.texi (Certificate Management): Changed description of
--gen-key.
2007-06-19 Werner Koch <wk@g10code.com>
* glossary.texi (Glossary): Describe PSE.
2007-06-18 Werner Koch <wk@g10code.com>
* gpg-agent.texi (Agent GETINFO): New.
2007-06-06 Werner Koch <wk@g10code.com>
* Makefile.am (yat2m): Use a plain rule to build it for the sake
of cross-compiling.
* yat2m.c (finish_page): Init SECT to NULL.
2007-05-11 Werner Koch <wk@g10code.com>
* gpgsm.texi (--export): Enhanced description.
2007-05-09 Werner Koch <wk@g10code.com>
* examples/gpgconf.conf: Remove active example line.
* Makefile.am (online): Distinguish between released and svn manuals.
2007-05-08 Werner Koch <wk@g10code.com>
* howtos.texi: New.
* howto-create-a-server-cert.texi: New.
* Makefile.am (gnupg_TEXINFOS): Add new files.
* gnupg.texi: Moved the logo for HTML more to the top.
* Makefile.am (install-html-local): New.
(DVIPS): Redefine to include srcdir.
2007-05-04 Werner Koch <wk@g10code.com>
* gnupg.texi (Top): Fix typo and a grammar issue.
* Makefile.am (EXTRA_DIST): Add gnupg-logo.png. Suggested by
Bernard Leak.
2007-04-15 David Shaw <dshaw@jabberwocky.com>
* gpg.texi (OpenPGP Options): Update the personal-foo-preferences
documentation a bit.
2007-04-10 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Configuration Options): Document --batch, no-tty,
--yes and --no.
2007-03-08 Werner Koch <wk@g10code.com>
* gnupg-logo.png, gnupg-logo.eps, gnupg-logo.pdf: New.
* gnupg-badge-openpgp.eps, gnupg-badge-openpgp.eps
* gnupg-badge-openpgp.jpg: Removed.
* gnupg.texi: Use new logo.
2007-03-07 Werner Koch <wk@g10code.com>
* tools.texi (applygnupgdefaults): New.
2007-03-06 Werner Koch <wk@g10code.com>
* examples/gpgconf.conf: New.
2007-03-04 David Shaw <dshaw@jabberwocky.com>
* gpg.texi (GPG Esoteric Options): Document
--allow-multiple-messages.
2007-02-26 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Configuration): Document envvar LANGUAGE.
(GPG Configuration Options): Document show-primary-uid-only.
2007-02-18 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Esoteric Options): No card reader options for gpg2.
2007-02-14 Werner Koch <wk@g10code.com>
* gpg-agent.texi (Agent Options): Doc --pinentry-touch-file.
2007-02-05 Werner Koch <wk@g10code.com>
* debugging.texi (Common Problems): Tell how to export a private
key without a certificate.
2007-01-30 Werner Koch <wk@g10code.com>
* com-certs.pem: Added the current root certifcates of D-Trust and
S-Trust.
2007-01-18 David Shaw <dshaw@jabberwocky.com>
* gpg.texi, specify-user-id.texi: Only some of the mentions of
exclamation marks have an example. Give examples to the rest.
2007-01-17 David Shaw <dshaw@jabberwocky.com>
* gpg.texi (GPG Configuration Options): Make http_proxy option
documentation match reality.
(BUGS): Warn about hibernate/safe-sleep/etc writing main RAM to
disk, despite locking.
2006-12-08 Werner Koch <wk@g10code.com>
* gnupg.texi (direntry): Rename gpg to gpg2.
2006-12-04 Werner Koch <wk@g10code.com>
* gpgv.texi: New.
* tools.texi: Include new file.
2006-12-02 David Shaw <dshaw@jabberwocky.com>
* gpg.texi (GPG Esoteric Options): Document --passphrase-repeat.
2006-11-14 Werner Koch <wk@g10code.com>
* gpgsm.texi (GPGSM EXPORT): Document changes.
2006-11-11 Werner Koch <wk@g10code.com>
* gnupg.texi (Top): Move gpg-agent part before gpg.
2006-11-05 David Shaw <dshaw@jabberwocky.com>
* gpg.texi: Reference to --s2k-count in --s2k-mode.
2006-10-30 Werner Koch <wk@g10code.com>
* faq.raw: Minor corrections.
2006-10-12 Werner Koch <wk@g10code.com>
* Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict
with gpg1.
2006-10-12 David Shaw <dshaw@jabberwocky.com>
* gpg.texi: Document --s2k-count.
2006-09-25 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Examples): Add markup to all options. This is
required to have the double dashs printed correclty.
2006-09-22 Werner Koch <wk@g10code.com>
* instguide.texi (Installation): New.
* assuan.texi (Assuan): Removed. Use the libassuan manual instead.
* gnupg.texi: Reflect these changes.
* gpg.texi: Make some parts depend on the "gpgone" set
command. This allows us to use the same source for gpg1 and gpg2.
* yat2m.c (parse_file): Better parsing of @ifset and ifclear.
(main): Allow definition of "-D gpgone".
(parse_file): Allow macro definitions.
(proc_texi_cmd): Expand macros.
(proc_texi_buffer): Process commands terminated by the closing
brace of the enclosing command.
2006-09-20 Werner Koch <wk@g10code.com>
* texi.css: New. Note that the current vesion of makeinfo has a
bug while copying the @import directive. A pacth has been send to
upstream.
2006-09-19 Werner Koch <wk@g10code.com>
* gpg.texi: Some restructuring.
* Makefile.am (online): New target.
2006-09-18 Werner Koch <wk@g10code.com>
* com-certs.pem: New.
2006-09-13 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Esoteric Options): Fixed typo in
--require-cross-certification and made it the default.
2006-09-11 Werner Koch <wk@g10code.com>
* HACKING: Cleaned up.
2006-09-08 Werner Koch <wk@g10code.com>
* yat2m.c (parse_file): Ignore @node lines immediately.
(proc_texi_cmd): No special @end ifset processing anymore.
* specify-user-id.texi: New. Factored out of gpg.texi and ../README.
2006-09-07 Werner Koch <wk@g10code.com>
* scdaemon.texi (Scdaemon Configuration): New.
* examples/scd-event: Event handler for sdaemon.
* examples/: New directory
2006-08-22 Werner Koch <wk@g10code.com>
* yat2m.c (parse_file): Added code to skip a line after @mansect.
* gnupg7.texi: New.
2006-08-21 Werner Koch <wk@g10code.com>
* Makefile.am: Added other doc files from gpg 1.4.
2006-08-17 Werner Koch <wk@g10code.com>
* Makefile.am: Added rules to build man pages.
* yat2m.c: New.
2006-02-14 Werner Koch <wk@gnupg.org>
* gpgsm.texi (GPGSM Configuration): New section.
2005-11-14 Werner Koch <wk@g10code.com>
* qualified.txt: Added real information.
2005-11-13 Werner Koch <wk@g10code.com>
* qualified.txt: New.
* Makefile.am (dist_pkgdata_DATA): New.
2005-08-16 Werner Koch <wk@g10code.com>
* gpg-agent.texi (Agent Options): Note default file name for
--write-env-file.
2005-06-03 Werner Koch <wk@g10code.com>
* debugging.texi (Architecture Details): New section, mostly empty.
* gnupg-card-architecture.fig: New.
* Makefile.am: Rules to build png and eps versions.
* gpg-agent.texi (Agent UPDATESTARTUPTTY): New.
2005-05-17 Werner Koch <wk@g10code.com>
* gpg-agent.texi (Agent Options): Removed --disable-pth.
2005-04-27 Werner Koch <wk@g10code.com>
* tools.texi (symcryptrun): Added.
* scdaemon.texi: Removed OpenSC specific options.
2005-04-20 Werner Koch <wk@g10code.com>
* gpg-agent.texi (Agent Configuration): New section.
2005-02-24 Werner Koch <wk@g10code.com>
* tools.texi (gpg-connect-agent): New.
2005-02-14 Werner Koch <wk@g10code.com>
* gpgsm.texi (Certificate Management): Document --import.
2005-01-27 Moritz Schulte <moritz@g10code.com>
* gpg-agent.texi: Document ssh-agent emulation layer.
2005-01-04 Werner Koch <wk@g10code.com>
* gnupg.texi: Updated to use @copying.
2004-12-22 Werner Koch <wk@g10code.com>
* gnupg.texi: Reordered.
* contrib.texi: Updated.
2004-12-21 Werner Koch <wk@g10code.com>
* tools.texi (gpg-preset-passphrase): New section.
* gnupg-badge-openpgp.eps, gnupg-badge-openpgp.jpg: New
* gnupg.texi: Add a logo.
* sysnotes.texi: New.
2004-11-05 Werner Koch <wk@g10code.com>
* debugging.texi (Common Problems): Curses pinentry problem.
2004-10-22 Werner Koch <wk@g10code.com>
* tools.texi (Helper Tools): Document gpgsm-gencert.sh.
2004-10-05 Werner Koch <wk@g10code.com>
* gpg-agent.texi (Invoking GPG-AGENT): Tell that GPG_TTY needs to
be set in all cases.
2004-09-30 Werner Koch <wk@g10code.com>
* gpg.texi: New.
* gnupg.texi: Include gpg.texi
* tools.texi: Add a few @command markups.
* gpgsm.texi: Ditto
* gpg-agent.texi: Ditto.
* scdaemon.texi: Ditto.
2004-09-30 Marcus Brinkmann <marcus@g10code.de>
* tools.texi (Changing options): Add documentation for gpgconf.
* contrib.texi (Contributors): Add two missing periods.
2004-09-29 Werner Koch <wk@g10code.com>
* gpgsm.texi (Configuration Options): Add --log-file.
* gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the
expected pinentry filename.
Changed license of the manual stuff to GPL.
* gnupg.texi (Top): New menu item Helper Tools.
* tools.texi (Helper Tools): New.
* Makefile.am (gnupg_TEXINFOS): Add tools.texi.
2004-08-05 Werner Koch <wk@g10code.de>
* scdaemon.texi (Card applications): New section.
2004-06-22 Werner Koch <wk@g10code.com>
* glossary.texi: New.
2004-06-18 Werner Koch <wk@gnupg.org>
* debugging.texi: New.
* gnupg.texi: Include it.
2004-05-11 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Esoteric Options): Add --debug-allow-core-dump.
2004-05-03 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent Options): Add --allow-mark-trusted.
2004-02-03 Werner Koch <wk@gnupg.org>
* contrib.texi (Contributors): Updated from the gpg 1.2.3 thanks
list.
* gpgsm.texi, gpg-agent.texi, scdaemon.texi: Language cleanups.
2003-12-01 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp.
2003-11-17 Werner Koch <wk@gnupg.org>
* scdaemon.texi (Scdaemon Options): Added --allow-admin and
--deny-admin.
2003-10-27 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent GET_CONFIRMATION): New.
2002-12-04 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent Signals): New.
2002-12-03 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Operational Commands): Add --passwd and
--call-protect-tool.
* gpg-agent.texi (Agent PASSWD): New
2002-11-13 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Invoking GPG-AGENT): Tell about GPG_TTY.
2002-11-12 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Operational Commands): Add --call-dirmngr.
2002-09-25 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent Options): Add --keep-tty and --keep-display.
2002-09-12 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Invoking GPG-AGENT): Explained how to start only
one instance.
2002-08-28 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent Options): Explained more options.
* scdaemon.texi (Scdaemon Options): Ditto.
2002-08-09 Werner Koch <wk@gnupg.org>
* Makefile.am (gnupg_TEXINFOS): Include contrib.texi.
2002-08-06 Werner Koch <wk@gnupg.org>
* gpgsm.texi: Added more options.
2002-07-26 Werner Koch <wk@gnupg.org>
* assuan.texi: New.
* gpgsm.texi, scdaemon.texi, gpg-agent.texi: Documented the Assuan
protocol used.
2002-07-22 Werner Koch <wk@gnupg.org>
* gnupg.texi, scdaemon.texi, gpg-agent.texi: New.
* contrib.texi, gpl.texi, fdl.texi: New.
* gpgsm.texi: Made this an include file for gnupg.texi.
* Makefile.am: Build gnupg.info instead of gpgsm.info.
2002-06-04 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Invocation): Described the various debug flags.
2002-05-14 Werner Koch <wk@gnupg.org>
* Makefile.am, gpgsm.texi: New.
Copyright 2002, 2004, 2005 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 0a1b92ab9..f7b7df856 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1,2768 +1,2768 @@
@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
@c 2007 Free Software Foundation, Inc.
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@node Invoking GPG
@chapter Invoking GPG
@cindex GPG command options
@cindex command options
@cindex options, GPG command
@c Begin GnuPG 1.x specific stuff
@ifset gpgone
@macro gpgname
gpg
@end macro
@manpage gpg.1
@ifset manverb
.B gpg
\- OpenPGP encryption and signing tool
@end ifset
@mansect synopsis
@ifset manverb
.B gpg
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.I command
.RI [ args ]
@end ifset
@end ifset
@c End GnuPG 1.x specific stuff
@c Begin GnuPG 2 specific stuff
@ifclear gpgone
@macro gpgname
gpg2
@end macro
@manpage gpg2.1
@ifset manverb
.B gpg2
\- OpenPGP encryption and signing tool
@end ifset
@mansect synopsis
@ifset manverb
.B gpg2
.RB [ \-\-homedir
.IR dir ]
.RB [ \-\-options
.IR file ]
.RI [ options ]
.I command
.RI [ args ]
@end ifset
@end ifclear
@c Begin GnuPG 2 specific stuff
@mansect description
@command{@gpgname} is the OpenPGP part of the GNU Privacy Guard (GnuPG). It
is a tool to provide digital encryption and signing services using the
OpenPGP standard. @command{@gpgname} features complete key management and
all bells and whistles you can expect from a decent OpenPGP
implementation.
@ifset gpgone
This is the standalone version of @command{gpg}. For desktop use you
should consider using @command{gpg2}.
@end ifset
@ifclear gpgone
In contrast to the standalone version @command{gpg}, which is more
suited for server and embedded platforms, this version is installed
under the name @command{gpg2} and more targeted to the desktop as it
requires several other modules to be installed. The standalone version
will be kept maintained and it is possible to install both versions on
the same system. If you need to use different configuration files, you
should make use of something like @file{gpg.conf-2} instead of just
@file{gpg.conf}.
@end ifclear
@manpause
@ifclear gpgone
Documentation for the old standard @command{gpg} is available as a man
page and at @inforef{Top,GnuPG 1,gpg}.
@end ifclear
@xref{Option Index}, for an index to @command{@gpgname}'s commands and options.
@mancont
@menu
* GPG Commands:: List of all commands.
* GPG Options:: List of all options.
* GPG Configuration:: Configuration files.
* GPG Examples:: Some usage examples.
Developer information:
@c * Unattended Usage:: Using @command{gpg} from other programs.
@c * GPG Protocol:: The protocol the server mode uses.
@end menu
@c *******************************************
@c *************** ****************
@c *************** COMMANDS ****************
@c *************** ****************
@c *******************************************
@mansect commands
@node GPG Commands
@section Commands
Commands are not distinguished from options execpt for the fact that
only one command is allowed.
@command{@gpgname} may be run with no commands, in which case it will
perform a reasonable action depending on the type of file it is given
as input (an encrypted message is decrypted, a signature is verified,
a file containing keys is listed).
Please remember that option as well as command parsing stops as soon as
a non-option is encountered, you can explicitly stop parsing by
using the special option @option{--}.
@menu
* General GPG Commands:: Commands not specific to the functionality.
* Operational GPG Commands:: Commands to select the type of operation.
* OpenPGP Key Management:: How to manage your keys.
@end menu
@c *******************************************
@c ********** GENERAL COMMANDS *************
@c *******************************************
@node General GPG Commands
@subsection Commands not specific to the function
@table @gnupgtabopt
@item --version
@opindex version
Print the program version and licensing information. Note that you
cannot abbreviate this command.
@item --help
@itemx -h
@opindex help
Print a usage message summarizing the most useful command line options.
Not that you cannot abbreviate this command.
@item --warranty
@opindex warranty
Print warranty information.
@item --dump-options
@opindex dump-options
Print a list of all available options and commands. Note that you cannot
abbreviate this command.
@end table
@c *******************************************
@c ******** OPERATIONAL COMMANDS ***********
@c *******************************************
@node Operational GPG Commands
@subsection Commands to select the type of operation
@table @gnupgtabopt
@item --sign
@itemx -s
@opindex sign
Make a signature. This command may be combined with @option{--encrypt}
(for a signed and encrypted message), @option{--symmetric} (for a signed
and symmetrically encrypted message), or @option{--encrypt} and
@option{--symmetric} together (for a signed message that may be
decrypted via a secret key or a passphrase).
@item --clearsign
@opindex clearsign
Make a clear text signature. The content in a clear text signature is
readable without any special software. OpenPGP software is only
needed to verify the signature. Clear text signatures may modify
end-of-line whitespace for platform independence and are not intended
to be reversible.
@item --detach-sign
@itemx -b
@opindex detach-sign
Make a detached signature.
@item --encrypt
@itemx -e
@opindex encrypt
Encrypt data. This option may be combined with @option{--sign} (for a
signed and encrypted message), @option{--symmetric} (for a message that
may be decrypted via a secret key or a passphrase), or @option{--sign}
and @option{--symmetric} together (for a signed message that may be
decrypted via a secret key or a passphrase).
@item --symmetric
@itemx -c
@opindex symmetric
Encrypt with a symmetric cipher using a passphrase. The default
symmetric cipher used is CAST5, but may be chosen with the
@option{--cipher-algo} option. This option may be combined with
@option{--sign} (for a signed and symmetrically encrypted message),
@option{--encrypt} (for a message that may be decrypted via a secret key
or a passphrase), or @option{--sign} and @option{--encrypt} together
(for a signed message that may be decrypted via a secret key or a
passphrase).
@item --store
@opindex store
Store only (make a simple RFC1991 literal data packet).
@item --decrypt
@itemx -d
@opindex decrypt
Decrypt the file given on the command line (or @code{stdin} if no file
is specified) and write it to stdout (or the file specified with
@option{--output}). If the decrypted file is signed, the signature is also
verified. This command differs from the default operation, as it never
writes to the filename which is included in the file and it rejects
files which don't begin with an encrypted message.
@item --verify
@opindex verify
Assume that the first argument is a signed file or a detached signature
and verify it without generating any output. With no arguments, the
signature packet is read from stdin. If only a sigfile is given, it may
be a complete signature or a detached signature, in which case the
signed stuff is expected in a file without the ".sig" or ".asc"
extension. With more than 1 argument, the first should be a detached
signature and the remaining files are the signed stuff. To read the
signed stuff from stdin, use @samp{-} as the second filename. For
security reasons a detached signature cannot read the signed material
from stdin without denoting it in the above way.
@item --multifile
@opindex multifile
This modifies certain other commands to accept multiple files for
processing on the command line or read from stdin with each filename on
a separate line. This allows for many files to be processed at
once. @option{--multifile} may currently be used along with
@option{--verify}, @option{--encrypt}, and @option{--decrypt}. Note that
@option{--multifile --verify} may not be used with detached signatures.
@item --verify-files
@opindex verify-files
Identical to @option{--multifile --verify}.
@item --encrypt-files
@opindex encrypt-files
Identical to @option{--multifile --encrypt}.
@item --decrypt-files
@opindex decrypt-files
Identical to @option{--multifile --decrypt}.
@item --list-keys
@itemx -k
@itemx --list-public-keys
@opindex list-keys
List all keys from the public keyrings, or just the keys given on the
command line.
@ifset gpgone
@option{-k} is slightly different from @option{--list-keys} in that it
allows only for one argument and takes the second argument as the
keyring to search. This is for command line compatibility with PGP 2
and has been removed in @command{gpg2}.
@end ifset
Avoid using the output of this command in scripts or other programs as
it is likely to change as GnuPG changes. See @option{--with-colons} for a
machine-parseable key listing command that is appropriate for use in
scripts and other programs.
@item --list-secret-keys
@itemx -K
@opindex list-secret-keys
List all keys from the secret keyrings, or just the ones given on the
command line. A @code{#} after the letters @code{sec} means that the
secret key is not usable (for example, if it was created via
@option{--export-secret-subkeys}).
@item --list-sigs
@opindex list-sigs
Same as @option{--list-keys}, but the signatures are listed too.
For each signature listed, there are several flags in between the "sig"
tag and keyid. These flags give additional information about each
signature. From left to right, they are the numbers 1-3 for certificate
check level (see @option{--ask-cert-level}), "L" for a local or
non-exportable signature (see @option{--lsign-key}), "R" for a
nonRevocable signature (see the @option{--edit-key} command "nrsign"),
"P" for a signature that contains a policy URL (see
@option{--cert-policy-url}), "N" for a signature that contains a
notation (see @option{--cert-notation}), "X" for an eXpired signature
(see @option{--ask-cert-expire}), and the numbers 1-9 or "T" for 10 and
above to indicate trust signature levels (see the @option{--edit-key}
command "tsign").
@item --check-sigs
@opindex check-sigs
Same as @option{--list-sigs}, but the signatures are verified.
The status of the verification is indicated by a flag directly following
the "sig" tag (and thus before the flags described above for
@option{--list-sigs}). A "!" indicates that the signature has been
successfully verified, a "-" denotes a bad signature and a "%" is used
if an error occured while checking the signature (e.g. a non supported
algorithm).
@item --fingerprint
@opindex fingerprint
List all keys (or the specified ones) along with their
fingerprints. This is the same output as @option{--list-keys} but with
the additional output of a line with the fingerprint. May also be
combined with @option{--list-sigs} or @option{--check-sigs}. If this
command is given twice, the fingerprints of all secondary keys are
listed too.
@item --list-packets
@opindex list-packets
List only the sequence of packets. This is mainly
useful for debugging.
@item --card-edit
@opindex card-edit
Present a menu to work with a smartcard. The subcommand "help" provides
an overview on available commands. For a detailed description, please
see the Card HOWTO at
http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO .
@item --card-status
@opindex card-status
Show the content of the smart card.
@item --change-pin
@opindex change-pin
Present a menu to allow changing the PIN of a smartcard. This
functionality is also available as the subcommand "passwd" with the
@option{--card-edit} command.
@item --delete-key @code{name}
@opindex delete-key
Remove key from the public keyring. In batch mode either @option{--yes} is
required or the key must be specified by fingerprint. This is a
safeguard against accidental deletion of multiple keys.
@item --delete-secret-key @code{name}
@opindex delete-secret-key
Remove key from the secret and public keyring. In batch mode the key
must be specified by fingerprint.
@item --delete-secret-and-public-key @code{name}
@opindex delete-secret-and-public-key
Same as @option{--delete-key}, but if a secret key exists, it will be
removed first. In batch mode the key must be specified by fingerprint.
@item --export
@opindex export
Either export all keys from all keyrings (default keyrings and those
registered via option @option{--keyring}), or if at least one name is given,
those of the given name. The new keyring is written to stdout or to the
file given with option @option{--output}. Use together with
@option{--armor} to mail those keys.
@item --send-keys @code{key IDs}
@opindex send-keys
Similar to @option{--export} but sends the keys to a keyserver.
Fingerprints may be used instead of key IDs. Option @option{--keyserver}
must be used to give the name of this keyserver. Don't send your
complete keyring to a keyserver --- select only those keys which are new
or changed by you.
@item --export-secret-keys
@itemx --export-secret-subkeys
@opindex export-secret-keys
@opindex export-secret-subkeys
Same as @option{--export}, but exports the secret keys instead. This is
normally not very useful and a security risk. The second form of the
command has the special property to render the secret part of the
primary key useless; this is a GNU extension to OpenPGP and other
implementations can not be expected to successfully import such a key.
See the option @option{--simple-sk-checksum} if you want to import such
an exported key with an older OpenPGP implementation.
@item --import
@itemx --fast-import
@opindex import
Import/merge keys. This adds the given keys to the
keyring. The fast version is currently just a synonym.
There are a few other options which control how this command works.
Most notable here is the @option{--keyserver-options merge-only} option
which does not insert new keys but does only the merging of new
signatures, user-IDs and subkeys.
@item --recv-keys @code{key IDs}
@opindex recv-keys
Import the keys with the given key IDs from a keyserver. Option
@option{--keyserver} must be used to give the name of this keyserver.
@item --refresh-keys
@opindex refresh-keys
Request updates from a keyserver for keys that already exist on the
local keyring. This is useful for updating a key with the latest
signatures, user IDs, etc. Calling this with no arguments will refresh
the entire keyring. Option @option{--keyserver} must be used to give the
name of the keyserver for all keys that do not have preferred keyservers
set (see @option{--keyserver-options honor-keyserver-url}).
@item --search-keys @code{names}
@opindex search-keys
Search the keyserver for the given names. Multiple names given here will
be joined together to create the search string for the keyserver.
Option @option{--keyserver} must be used to give the name of this
keyserver. Keyservers that support different search methods allow using
the syntax specified in "How to specify a user ID" below. Note that
different keyserver types support different search methods. Currently
only LDAP supports them all.
@item --fetch-keys @code{URIs}
@opindex fetch-keys
Retrieve keys located at the specified URIs. Note that different
installations of GnuPG may support different protocols (HTTP, FTP,
LDAP, etc.)
@item --update-trustdb
@opindex update-trustdb
Do trust database maintenance. This command iterates over all keys and
builds the Web of Trust. This is an interactive command because it may
have to ask for the "ownertrust" values for keys. The user has to give
an estimation of how far she trusts the owner of the displayed key to
correctly certify (sign) other keys. GnuPG only asks for the ownertrust
value if it has not yet been assigned to a key. Using the
@option{--edit-key} menu, the assigned value can be changed at any time.
@item --check-trustdb
@opindex check-trustdb
Do trust database maintenance without user interaction. From time to
time the trust database must be updated so that expired keys or
signatures and the resulting changes in the Web of Trust can be
tracked. Normally, GnuPG will calculate when this is required and do it
automatically unless @option{--no-auto-check-trustdb} is set. This
command can be used to force a trust database check at any time. The
processing is identical to that of @option{--update-trustdb} but it
skips keys with a not yet defined "ownertrust".
For use with cron jobs, this command can be used together with
@option{--batch} in which case the trust database check is done only if
a check is needed. To force a run even in batch mode add the option
@option{--yes}.
@item --export-ownertrust
@opindex export-ownertrust
Send the ownertrust values to stdout. This is useful for backup purposes
as these values are the only ones which can't be re-created from a
corrupted trust DB.
@item --import-ownertrust
@opindex import-ownertrust
Update the trustdb with the ownertrust values stored in @code{files} (or
stdin if not given); existing values will be overwritten.
@item --rebuild-keydb-caches
@opindex rebuild-keydb-caches
When updating from version 1.0.6 to 1.0.7 this command should be used
to create signature caches in the keyring. It might be handy in other
situations too.
@item --print-md @code{algo}
@itemx --print-mds
@opindex print-md
Print message digest of algorithm ALGO for all given files or stdin.
With the second form (or a deprecated "*" as algo) digests for all
available algorithms are printed.
@item --gen-random @code{0|1|2}
@opindex gen-random
Emit @var{count} random bytes of the given quality level. If count is
not given or zero, an endless sequence of random bytes will be emitted.
PLEASE, don't use this command unless you know what you are doing; it
may remove precious entropy from the system!
@item --gen-prime @code{mode} @code{bits}
@opindex gen-prime
Use the source, Luke :-). The output format is still subject to change.
@item --enarmor
@item --dearmor
@opindex enarmor
@opindex --enarmor
Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor.
This is a GnuPG extension to OpenPGP and in general not very useful.
@end table
@c *******************************************
@c ******* KEY MANGEMENT COMMANDS **********
@c *******************************************
@node OpenPGP Key Management
@subsection How to manage your keys
This section explains the main commands for key management
@table @gnupgtabopt
@item --gen-key
@opindex gen-key
Generate a new key pair. This command is normally only used
interactively.
There is an experimental feature which allows you to create keys in
batch mode. See the file @file{doc/DETAILS} in the source distribution
on how to use this.
@item --gen-revoke @code{name}
@opindex gen-revoke
Generate a revocation certificate for the complete key. To revoke
a subkey or a signature, use the @option{--edit} command.
@item --desig-revoke @code{name}
@opindex desig-revoke
Generate a designated revocation certificate for a key. This allows a
user (with the permission of the keyholder) to revoke someone else's
key.
@item --edit-key
@opindex edit-key
Present a menu which enables you to do most of the key management
related tasks. It expects the specification of a key on the command
line.
@c ******** Begin Edit-key Options **********
@table @asis
@item sign
@opindex keyedit:sign
Make a signature on key of user @code{name} If the key is not yet
signed by the default user (or the users given with -u), the program
displays the information of the key again, together with its
fingerprint and asks whether it should be signed. This question is
repeated for all users specified with
-u.
@item lsign
@opindex keyedit:lsign
Same as "sign" but the signature is marked as non-exportable and will
therefore never be used by others. This may be used to make keys
valid only in the local environment.
@item nrsign
@opindex keyedit:nrsign
Same as "sign" but the signature is marked as non-revocable and can
therefore never be revoked.
@item tsign
@opindex keyedit:tsign
Make a trust signature. This is a signature that combines the notions
of certification (like a regular signature), and trust (like the
"trust" command). It is generally only useful in distinct communities
or groups.
@end table
@c man:.RS
Note that "l" (for local / non-exportable), "nr" (for non-revocable,
and "t" (for trust) may be freely mixed and prefixed to "sign" to
create a signature of any type desired.
@c man:.RE
@table @asis
@item revsig
@opindex keyedit:revsig
Revoke a signature. For every signature which has been generated by
one of the secret keys, GnuPG asks whether a revocation certificate
should be generated.
@item trust
@opindex keyedit:trust
Change the owner trust value. This updates the
trust-db immediately and no save is required.
@item disable
@itemx enable
@opindex keyedit:disable
@opindex keyedit:enable
Disable or enable an entire key. A disabled key can not normally be
used for encryption.
@item adduid
@opindex keyedit:adduid
Create an alternate user id.
@item addphoto
@opindex keyedit:addphoto
Create a photographic user id. This will prompt for a JPEG file that
will be embedded into the user ID. Note that a very large JPEG will make
for a very large key. Also note that some programs will display your
JPEG unchanged (GnuPG), and some programs will scale it to fit in a
dialog box (PGP).
@item deluid
@opindex keyedit:deluid
Delete a user id. Note that it is not possible to retract a user id,
once it has been send to the public (i.e. to a keyserver). In that case
you better use @code{revuid}.
@item delsig
@opindex keyedit:delsig
Delete a signature. Note that it is not possible to retract a signature,
once it has been send to the public (i.e. to a keyserver). In that case
you better use @code{revsig}.
@item revuid
@opindex keyedit:revuid
Revoke a user id.
@item addkey
@opindex keyedit:addkey
Add a subkey to this key.
@item addcardkey
@opindex keyedit:addcardkey
Generate a key on a card and add it to this key.
@item keytocard
@opindex keyedit:keytocard
Transfer the selected secret key (or the primary key if no key has been
selected) to a smartcard. The secret key in the keyring will be replaced
by a stub if the key could be stored successfully on the card and you
use the save command later. Only certain key types may be transferred to
the card. A sub menu allows you to select on what card to store the
key. Note that it is not possible to get that key back from the card -
if the card gets broken your secret key will be lost unless you have a
backup somewhere.
@item bkuptocard @code{file}
@opindex keyedit:bkuptocard
Restore the given file to a card. This command may be used to restore a
backup key (as generated during card initialization) to a new card. In
almost all cases this will be the encryption key. You should use this
command only with the corresponding public key and make sure that the
file given as argument is indeed the backup to restore. You should then
select 2 to restore as encryption key. You will first be asked to enter
the passphrase of the backup key and then for the Admin PIN of the card.
@item delkey
@opindex keyedit:delkey
Remove a subkey (secondart key). Note that it is not possible to retract
a subkey, once it has been send to the public (i.e. to a keyserver). In
that case you better use @code{revkey}.
@item addrevoker
@opindex keyedit:addrevoker
Add a designated revoker. This takes one optional argument:
"sensitive". If a designated revoker is marked as sensitive, it will not
be exported by default (see export-options).
@item revkey
@opindex keyedit:revkey
Revoke a subkey.
@item expire
@opindex keyedit:expire
Change the key expiration time. If a subkey is selected, the
expiration time of this subkey will be changed. With no selection,
the key expiration of the primary key is changed.
@item passwd
@opindex keyedit:passwd
Change the passphrase of the secret key.
@item primary
@opindex keyedit:primary
Flag the current user id as the primary one, removes the primary user
id flag from all other user ids and sets the timestamp of all affected
self-signatures one second ahead. Note that setting a photo user ID
as primary makes it primary over other photo user IDs, and setting a
regular user ID as primary makes it primary over other regular user
IDs.
@item uid @code{n}
@opindex keyedit:uid
Toggle selection of user id with index @code{n}.
Use 0 to deselect all.
@item key @code{n}
@opindex keyedit:key
Toggle selection of subkey with index @code{n}.
Use 0 to deselect all.
@item check
@opindex keyedit:check
Check all selected user ids.
@item showphoto
@opindex keyedit:showphoto
Display the selected photographic user
id.
@item pref
@opindex keyedit:pref
List preferences from the selected user ID. This shows the actual
preferences, without including any implied preferences.
@item showpref
@opindex keyedit:showpref
More verbose preferences listing for the selected user ID. This shows
the preferences in effect by including the implied preferences of 3DES
(cipher), SHA-1 (digest), and Uncompressed (compression) if they are
not already included in the preference list. In addition, the
preferred keyserver and signature notations (if any) are shown.
@item setpref @code{string}
@opindex keyedit:setpref
Set the list of user ID preferences to @code{string} for all (or just
the selected) user IDs. Calling setpref with no arguments sets the
preference list to the default (either built-in or set via
@option{--default-preference-list}), and calling setpref with "none" as
the argument sets an empty preference list. Use @command{@gpgname
--version} to get a list of available algorithms. Note that while you
can change the preferences on an attribute user ID (aka "photo ID"),
GnuPG does not select keys via attribute user IDs so these preferences
will not be used by GnuPG.
@item keyserver
@opindex keyedit:keyserver
Set a preferred keyserver for the specified user ID(s). This allows
other users to know where you prefer they get your key from. See
@option{--keyserver-options honor-keyserver-url} for more on how this
works. Setting a value of "none" removes an existing preferred
keyserver.
@item notation
@opindex keyedit:notation
Set a name=value notation for the specified user ID(s). See
@option{--cert-notation} for more on how this works. Setting a value of
"none" removes all notations, setting a notation prefixed with a minus
sign (-) removes that notation, and setting a notation name (without the
=value) prefixed with a minus sign removes all notations with that name.
@item toggle
@opindex keyedit:toggle
Toggle between public and secret key listing.
@item clean
@opindex keyedit:clean
Compact (by removing all signatures except the selfsig) any user ID
that is no longer usable (e.g. revoked, or expired). Then, remove any
signatures that are not usable by the trust calculations.
Specifically, this removes any signature that does not validate, any
signature that is superseded by a later signature, revoked signatures,
and signatures issued by keys that are not present on the keyring.
@item minimize
@opindex keyedit:minimize
Make the key as small as possible. This removes all signatures from
each user ID except for the most recent self-signature.
@item cross-certify
@opindex keyedit:cross-certify
Add cross-certification signatures to signing subkeys that may not
currently have them. Cross-certification signatures protect against a
subtle attack against signing subkeys. See
@option{--require-cross-certification}.
@item save
@opindex keyedit:save
Save all changes to the key rings and quit.
@item quit
@opindex keyedit:quit
Quit the program without updating the
key rings.
@end table
@c man:.RS
The listing shows you the key with its secondary keys and all user
ids. Selected keys or user ids are indicated by an asterisk. The trust
value is displayed with the primary key: the first is the assigned owner
trust and the second is the calculated trust value. Letters are used for
the values:
@c man:.RE
@table @asis
@item -
No ownertrust assigned / not yet calculated.
@item e
Trust
calculation has failed; probably due to an expired key.
@item q
Not enough information for calculation.
@item n
Never trust this key.
@item m
Marginally trusted.
@item f
Fully trusted.
@item u
Ultimately trusted.
@end table
@c ******** End Edit-key Options **********
@item --sign-key @code{name}
@opindex sign-key
Signs a public key with your secret key. This is a shortcut version of
the subcommand "sign" from @option{--edit}.
@item --lsign-key @code{name}
@opindex lsign-key
Signs a public key with your secret key but marks it as
non-exportable. This is a shortcut version of the subcommand "lsign"
from @option{--edit-key}.
@end table
@c *******************************************
@c *************** ****************
@c *************** OPTIONS ****************
@c *************** ****************
@c *******************************************
@mansect options
@node GPG Options
@section Option Summary
@command{@gpgname} comes features a bunch of options to control the exact
behaviour and to change the default configuration.
@menu
* GPG Configuration Options:: How to change the configuration.
* GPG Key related Options:: Key related options.
* GPG Input and Output:: Input and Output.
* OpenPGP Options:: OpenPGP protocol specific options.
* GPG Esoteric Options:: Doing things one usually don't want to do.
@end menu
Long options can be put in an options file (default
"~/.gnupg/gpg.conf"). Short option names will not work - for example,
"armor" is a valid option for the options file, while "a" is not. Do not
write the 2 dashes, but simply the name of the option and any required
arguments. Lines with a hash ('#') as the first non-white-space
character are ignored. Commands may be put in this file too, but that is
not generally useful as the command will execute automatically with
every execution of gpg.
Please remember that option parsing stops as soon as a non-option is
encountered, you can explicitly stop parsing by using the special option
@option{--}.
@c *******************************************
@c ******** CONFIGURATION OPTIONS **********
@c *******************************************
@node GPG Configuration Options
@subsection How to change the configuration
These options are used to change the configuraton and are usually found
in the option file.
@table @gnupgtabopt
@item --default-key @var{name}
@opindex default-key
Use @var{name} as the default key to sign with. If this option is not
used, the default key is the first key found in the secret keyring.
Note that @option{-u} or @option{--local-user} overrides this option.
@item --default-recipient @var{name}
@opindex default-recipient
Use @var{name} as default recipient if option @option{--recipient} is
not used and don't ask if this is a valid one. @var{name} must be
non-empty.
@item --default-recipient-self
@opindex default-recipient-self
Use the default key as default recipient if option @option{--recipient} is not
used and don't ask if this is a valid one. The default key is the first
one from the secret keyring or the one set with @option{--default-key}.
@item --no-default-recipient
@opindex no-default-recipient
Reset @option{--default-recipient} and @option{--default-recipient-self}.
@item -v, --verbose
@opindex verbose
Give more information during processing. If used
twice, the input data is listed in detail.
@item --no-verbose
@opindex no-verbose
Reset verbose level to 0.
@item -q, --quiet
@opindex quiet
Try to be as quiet as possible.
@item --batch
@itemx --no-batch
@opindex batch
@opindex no-batch
Use batch mode. Never ask, do not allow interactive commands.
@option{--no-batch} disables this option.
@item --no-tty
@opindex no-tty
Make sure that the TTY (terminal) is never used for any output.
This option is needed in some cases because GnuPG sometimes prints
warnings to the TTY even if @option{--batch} is used.
@item --yes
@opindex yes
Assume "yes" on most questions.
@item --no
@opindex no
Assume "no" on most questions.
@item --list-options @code{parameters}
@opindex list-options
This is a space or comma delimited string that gives options used when
listing keys and signatures (that is, @option{--list-keys},
@option{--list-sigs}, @option{--list-public-keys},
@option{--list-secret-keys}, and the @option{--edit-key} functions).
Options can be prepended with a @option{no-} (after the two dashes) to
give the opposite meaning. The options are:
@table @asis
@item show-photos
@opindex list-options:show-photos
Causes @option{--list-keys}, @option{--list-sigs},
@option{--list-public-keys}, and @option{--list-secret-keys} to display
any photo IDs attached to the key. Defaults to no. See also
@option{--photo-viewer}.
@item show-policy-urls
@opindex list-options:show-policy-urls
Show policy URLs in the @option{--list-sigs} or @option{--check-sigs}
listings. Defaults to no.
@item show-notations
@itemx show-std-notations
@itemx show-user-notations
@opindex list-options:show-notations
@opindex list-options:show-std-notations
@opindex list-options:show-user-notations
Show all, IETF standard, or user-defined signature notations in the
@option{--list-sigs} or @option{--check-sigs} listings. Defaults to no.
@item show-keyserver-urls
Show any preferred keyserver URL in the @option{--list-sigs} or
@option{--check-sigs} listings. Defaults to no.
@item show-uid-validity
Display the calculated validity of user IDs during key listings.
Defaults to no.
@item show-unusable-uids
Show revoked and expired user IDs in key listings. Defaults to no.
@item show-unusable-subkeys
Show revoked and expired subkeys in key listings. Defaults to no.
@item show-keyring
Display the keyring name at the head of key listings to show which
keyring a given key resides on. Defaults to no.
@item show-sig-expire
Show signature expiration dates (if any) during @option{--list-sigs} or
@option{--check-sigs} listings. Defaults to no.
@item show-sig-subpackets
Include signature subpackets in the key listing. This option can take an
optional argument list of the subpackets to list. If no argument is
passed, list all subpackets. Defaults to no. This option is only
meaningful when using @option{--with-colons} along with
@option{--list-sigs} or @option{--check-sigs}.
@end table
@item --verify-options @code{parameters}
This is a space or comma delimited string that gives options used when
verifying signatures. Options can be prepended with a `no-' to give
the opposite meaning. The options are:
@table @asis
@item show-photos
Display any photo IDs present on the key that issued the signature.
Defaults to no. See also @option{--photo-viewer}.
@item show-policy-urls
Show policy URLs in the signature being verified. Defaults to no.
@item show-notations
@itemx show-std-notations
@itemx show-user-notations
Show all, IETF standard, or user-defined signature notations in the
signature being verified. Defaults to IETF standard.
@item show-keyserver-urls
Show any preferred keyserver URL in the signature being verified.
Defaults to no.
@item show-uid-validity
Display the calculated validity of the user IDs on the key that issued
the signature. Defaults to no.
@item show-unusable-uids
Show revoked and expired user IDs during signature verification.
Defaults to no.
@item show-primary-uid-only
Show only the primary user ID during signature verification. That is
all the AKA lines as well as photo Ids are not shown with the signature
verification status.
@item pka-lookups
Enable PKA lookups to verify sender addresses. Note that PKA is based
on DNS, and so enabling this option may disclose information on when
and what signatures are verified or to whom data is encrypted. This
is similar to the "web bug" described for the auto-key-retrieve
feature.
@item pka-trust-increase
Raise the trust in a signature to full if the signature passes PKA
validation. This option is only meaningful if pka-lookups is set.
@end table
@item --enable-dsa2
@itemx --disable-dsa2
Enables new-style DSA keys which (unlike the old style) may be larger
than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note
that very few programs currently support these keys and signatures
from them.
@item --photo-viewer @code{string}
This is the command line that should be run to view a photo ID. "%i"
will be expanded to a filename containing the photo. "%I" does the
same, except the file will not be deleted once the viewer exits.
Other flags are "%k" for the key ID, "%K" for the long key ID, "%f"
for the key fingerprint, "%t" for the extension of the image type
(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
and "%%" for an actual percent sign. If neither %i or %I are present,
then the photo will be supplied to the viewer on standard input.
The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
stdin". Note that if your image viewer program is not secure, then
executing it from GnuPG does not make it secure.
@item --exec-path @code{string}
Sets a list of directories to search for photo viewers and keyserver
helpers. If not provided, keyserver helpers use the compiled-in
default directory, and photo viewers use the $PATH environment
variable.
Note, that on W32 system this value is ignored when searching for
keyserver helpers.
@item --keyring @code{file}
Add @code{file} to the current list of keyrings. If @code{file} begins
with a tilde and a slash, these are replaced by the $HOME directory. If
the filename does not contain a slash, it is assumed to be in the GnuPG
home directory ("~/.gnupg" if @option{--homedir} or $GNUPGHOME is not
used).
Note that this adds a keyring to the current list. If the intent is to
use the specified keyring alone, use @option{--keyring} along with
@option{--no-default-keyring}.
@item --secret-keyring @code{file}
Same as @option{--keyring} but for the secret keyrings.
@item --primary-keyring @code{file}
Designate @code{file} as the primary public keyring. This means that
newly imported keys (via @option{--import} or keyserver
@option{--recv-from}) will go to this keyring.
@item --trustdb-name @code{file}
Use @code{file} instead of the default trustdb. If @code{file} begins
with a tilde and a slash, these are replaced by the $HOME directory. If
the filename does not contain a slash, it is assumed to be in the GnuPG
home directory (@file{~/.gnupg} if @option{--homedir} or $GNUPGHOME is
not used).
@ifset gpgone
@anchor{option --homedir}
@end ifset
@include opt-homedir.texi
@ifset gpgone
@item --pcsc-driver @code{file}
Use @code{file} to access the smartcard reader. The current default is
`libpcsclite.so.1' for GLIBC based systems,
`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
`winscard.dll' for Windows and `libpcsclite.so' for other systems.
@end ifset
@ifset gpgone
@item --disable-ccid
Disable the integrated support for CCID compliant readers. This
allows to fall back to one of the other drivers even if the internal
CCID driver can handle the reader. Note, that CCID support is only
available if libusb was available at build time.
@end ifset
@ifset gpgone
@item --reader-port @code{number_or_string}
This option may be used to specify the port of the card terminal. A
value of 0 refers to the first serial device; add 32768 to access USB
devices. The default is 32768 (first USB device). PC/SC or CCID
readers might need a string here; run the program in verbose mode to get
a list of available readers. The default is then the first reader
found.
@end ifset
@item --display-charset @code{name}
Set the name of the native character set. This is used to convert
some informational strings like user IDs to the proper UTF-8 encoding.
Note that this has nothing to do with the character set of data to be
-encrypted or signed; GnuPG does not recode user supplied data. If
+encrypted or signed; GnuPG does not recode user-supplied data. If
this option is not used, the default character set is determined from
the current locale. A verbosity level of 3 shows the chosen set.
Valid values for @code{name} are:
@table @asis
@item iso-8859-1
This is the Latin 1 set.
@item iso-8859-2
The Latin 2 set.
@item iso-8859-15
This is currently an alias for
the Latin 1 set.
@item koi8-r
The usual Russian set (rfc1489).
@item utf-8
Bypass all translations and assume
that the OS uses native UTF-8 encoding.
@end table
@item --utf8-strings
@itemx --no-utf8-strings
Assume that command line arguments are given as UTF8 strings. The
default (@option{--no-utf8-strings}) is to assume that arguments are
encoded in the character set as specified by
@option{--display-charset}. These options affect all following
arguments. Both options may be used multiple times.
@ifset gpgone
@anchor{option --options}
@end ifset
@item --options @code{file}
Read options from @code{file} and do not try to read them from the
default options file in the homedir (see @option{--homedir}). This
option is ignored if used in an options file.
@item --no-options
Shortcut for @option{--options /dev/null}. This option is detected
before an attempt to open an option file. Using this option will also
prevent the creation of a @file{~/.gnupg} homedir.
@item -z @code{n}
@itemx --compress-level @code{n}
@itemx --bzip2-compress-level @code{n}
Set compression level to @code{n} for the ZIP and ZLIB compression
algorithms. The default is to use the default compression level of zlib
(normally 6). @option{--bzip2-compress-level} sets the compression level
for the BZIP2 compression algorithm (defaulting to 6 as well). This is a
different option from @option{--compress-level} since BZIP2 uses a
significant amount of memory for each additional compression level.
@option{-z} sets both. A value of 0 for @code{n} disables compression.
@item --bzip2-decompress-lowmem
Use a different decompression method for BZIP2 compressed files. This
alternate method uses a bit more than half the memory, but also runs
at half the speed. This is useful under extreme low memory
circumstances when the file was originally compressed at a high
@option{--bzip2-compress-level}.
@item --mangle-dos-filenames
@itemx --no-mangle-dos-filenames
@opindex mangle-dos-filenames
@opindex no-mangle-dos-filenames
Older version of Windows cannot handle filenames with more than one
dot. @option{--mangle-dos-filenames} causes GnuPG to replace (rather
than add to) the extension of an output filename to avoid this
problem. This option is off by default and has no effect on non-Windows
platforms.
@item --ask-cert-level
@itemx --no-ask-cert-level
When making a key signature, prompt for a certification level. If this
option is not specified, the certification level used is set via
@option{--default-cert-level}. See @option{--default-cert-level} for
information on the specific levels and how they are
used. @option{--no-ask-cert-level} disables this option. This option
defaults to no.
@item --default-cert-level @code{n}
The default to use for the check level when signing a key.
0 means you make no particular claim as to how carefully you verified
the key.
1 means you believe the key is owned by the person who claims to own
it but you could not, or did not verify the key at all. This is
useful for a "persona" verification, where you sign the key of a
pseudonymous user.
2 means you did casual verification of the key. For example, this
could mean that you verified that the key fingerprint and checked the
user ID on the key against a photo ID.
3 means you did extensive verification of the key. For example, this
could mean that you verified the key fingerprint with the owner of the
key in person, and that you checked, by means of a hard to forge
document with a photo ID (such as a passport) that the name of the key
owner matches the name in the user ID on the key, and finally that you
verified (by exchange of email) that the email address on the key
belongs to the key owner.
Note that the examples given above for levels 2 and 3 are just that:
examples. In the end, it is up to you to decide just what "casual"
and "extensive" mean to you.
This option defaults to 0 (no particular claim).
@item --min-cert-level
When building the trust database, treat any signatures with a
certification level below this as invalid. Defaults to 2, which
disregards level 1 signatures. Note that level 0 "no particular
claim" signatures are always accepted.
@item --trusted-key @code{long key ID}
Assume that the specified key (which must be given
as a full 8 byte key ID) is as trustworthy as one of
your own secret keys. This option is useful if you
don't want to keep your secret keys (or one of them)
online but still want to be able to check the validity of a given
recipient's or signator's key.
@item --trust-model @code{pgp|classic|direct|always|auto}
Set what trust model GnuPG should follow. The models are:
@table @asis
@item pgp
This is the Web of Trust combined with trust signatures as used in PGP
5.x and later. This is the default trust model when creating a new
trust database.
@item classic
This is the standard Web of Trust as used in PGP 2.x and earlier.
@item direct
Key validity is set directly by the user and not calculated via the
Web of Trust.
@item always
Skip key validation and assume that used keys are always fully
trusted. You generally won't use this unless you are using some
external validation scheme. This option also suppresses the
"[uncertain]" tag printed with signature checks when there is no
evidence that the user ID is bound to the key.
@item auto
Select the trust model depending on whatever the internal trust
database says. This is the default model if such a database already
exists.
@end table
@item --auto-key-locate @code{parameters}
@itemx --no-auto-key-locate
GnuPG can automatically locate and retrieve keys as needed using this
option. This happens when encrypting to an email address (in the
"user@@example.com" form), and there are no user@@example.com keys on
the local keyring. This option takes any number of the following
arguments, in the order they are to be tried:
@table @asis
@item cert
locate a key using DNS CERT, as specified in 2538bis (currently in
draft): http://www.josefsson.org/rfc2538bis/
@item pka
locate a key using DNS PKA.
@item ldap
locate a key using the PGP Universal method of checking
"ldap://keys.(thedomain)".
@item keyserver
locate a key using whatever keyserver is defined using the
@option{--keyserver} option.
@item (keyserver URL)
In addition, a keyserver URL as used in the @option{--keyserver} option may be
used here to query that particular keyserver.
@end table
@item --keyid-format @code{short|0xshort|long|0xlong}
Select how to display key IDs. "short" is the traditional 8-character
key ID. "long" is the more accurate (but less convenient)
16-character key ID. Add an "0x" to either to include an "0x" at the
beginning of the key ID, as in 0x99242560.
@item --keyserver @code{name}
Use @code{name} as your keyserver. This is the server that
@option{--recv-keys}, @option{--send-keys}, and @option{--search-keys}
will communicate with to receive keys from, send keys to, and search for
keys on. The format of the @code{name} is a URI:
`scheme:[//]keyservername[:port]' The scheme is the type of keyserver:
"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP
keyservers, or "mailto" for the Graff email keyserver. Note that your
particular installation of GnuPG may have other keyserver types
available as well. Keyserver schemes are case-insensitive. After the
keyserver name, optional keyserver configuration options may be
provided. These are the same as the global @option{--keyserver-options}
from below, but apply only to this particular keyserver.
Most keyservers synchronize with each other, so there is generally no
need to send keys to more than one server. The keyserver
@code{hkp://subkeys.pgp.net} uses round robin DNS to give a different
keyserver each time you use it.
@item --keyserver-options @code{name=value1 }
This is a space or comma delimited string that gives options for the
keyserver. Options can be prepended with a `no-' to give the opposite
meaning. Valid import-options or export-options may be used here as well
to apply to importing (@option{--recv-key}) or exporting
(@option{--send-key}) a key from a keyserver. While not all options are
available for all keyserver types, some common options are:
@table @asis
@item include-revoked
When searching for a key with @option{--search-keys}, include keys that
are marked on the keyserver as revoked. Note that not all keyservers
differentiate between revoked and unrevoked keys, and for such
keyservers this option is meaningless. Note also that most keyservers do
not have cryptographic verification of key revocations, and so turning
this option off may result in skipping keys that are incorrectly marked
as revoked.
@item include-disabled
When searching for a key with @option{--search-keys}, include keys that
are marked on the keyserver as disabled. Note that this option is not
used with HKP keyservers.
@item auto-key-retrieve
This option enables the automatic retrieving of keys from a keyserver
when verifying signatures made by keys that are not on the local
keyring.
Note that this option makes a "web bug" like behavior possible.
Keyserver operators can see which keys you request, so by sending you
a message signed by a brand new key (which you naturally will not have
on your local keyring), the operator can tell both your IP address and
the time when you verified the signature.
@item honor-keyserver-url
When using @option{--refresh-keys}, if the key in question has a preferred
keyserver URL, then use that preferred keyserver to refresh the key
from. In addition, if auto-key-retrieve is set, and the signature
being verified has a preferred keyserver URL, then use that preferred
keyserver to fetch the key from. Defaults to yes.
@item honor-pka-record
If auto-key-retrieve is set, and the signature being verified has a
PKA record, then use the PKA information to fetch the key. Defaults
to yes.
@item include-subkeys
When receiving a key, include subkeys as potential targets. Note that
this option is not used with HKP keyservers, as they do not support
retrieving keys by subkey id.
@item use-temp-files
On most Unix-like platforms, GnuPG communicates with the keyserver
helper program via pipes, which is the most efficient method. This
option forces GnuPG to use temporary files to communicate. On some
platforms (such as Win32 and RISC OS), this option is always enabled.
@item keep-temp-files
If using `use-temp-files', do not delete the temp files after using
them. This option is useful to learn the keyserver communication
protocol by reading the temporary files.
@item verbose
Tell the keyserver helper program to be more verbose. This option can
be repeated multiple times to increase the verbosity level.
@item timeout
Tell the keyserver helper program how long (in seconds) to try and
perform a keyserver action before giving up. Note that performing
multiple actions at the same time uses this timeout value per action.
For example, when retrieving multiple keys via @option{--recv-keys}, the
timeout applies separately to each key retrieval, and not to the
@option{--recv-keys} command as a whole. Defaults to 30 seconds.
@item http-proxy=@code{value}
Set the proxy to use for HTTP and HKP keyservers. This overrides the
"http_proxy" environment variable, if any.
@item max-cert-size
When retrieving a key via DNS CERT, only accept keys up to this size.
Defaults to 16384 bytes.
@end table
@item --completes-needed @code{n}
Number of completely trusted users to introduce a new
key signer (defaults to 1).
@item --marginals-needed @code{n}
Number of marginally trusted users to introduce a new
key signer (defaults to 3)
@item --max-cert-depth @code{n}
Maximum depth of a certification chain (default is 5).
@item --simple-sk-checksum
Secret keys are integrity protected by using a SHA-1 checksum. This
method is part of the upcoming enhanced OpenPGP specification but
GnuPG already uses it as a countermeasure against certain attacks.
Old applications don't understand this new format, so this option may
be used to switch back to the old behaviour. Using this option bears
a security risk. Note that using this option only takes effect when
the secret key is encrypted - the simplest way to make this happen is
to change the passphrase on the key (even changing it to the same
value is acceptable).
@item --no-sig-cache
Do not cache the verification status of key signatures.
Caching gives a much better performance in key listings. However, if
you suspect that your public keyring is not save against write
modifications, you can use this option to disable the caching. It
probably does not make sense to disable it because all kind of damage
can be done if someone else has write access to your public keyring.
@item --no-sig-create-check
GnuPG normally verifies each signature right after creation to protect
against bugs and hardware malfunctions which could leak out bits from
the secret key. This extra verification needs some time (about 115%
for DSA keys), and so this option can be used to disable it.
However, due to the fact that the signature creation needs manual
interaction, this performance penalty does not matter in most settings.
@item --auto-check-trustdb
@itemx --no-auto-check-trustdb
If GnuPG feels that its information about the Web of Trust has to be
updated, it automatically runs the @option{--check-trustdb} command
internally. This may be a time consuming
process. @option{--no-auto-check-trustdb} disables this option.
@item --use-agent
@itemx --no-use-agent
@ifclear gpgone
This is dummy option. @command{@gpgname} always requires the agent.
@end ifclear
@ifset gpgone
Try to use the GnuPG-Agent. With this option, GnuPG first tries to
connect to the agent before it asks for a
passphrase. @option{--no-use-agent} disables this option.
@end ifset
@item --gpg-agent-info
@ifclear gpgone
This is dummy option. It has no effect when used with @command{gpg2}.
@end ifclear
@ifset gpgone
Override the value of the environment variable
@samp{GPG_AGENT_INFO}. This is only used when @option{--use-agent} has
been given. Given that this option is not anymore used by
@command{gpg2}, it should be avoided if possible.
@end ifset
@item --lock-once
Lock the databases the first time a lock is requested
and do not release the lock until the process
terminates.
@item --lock-multiple
Release the locks every time a lock is no longer
needed. Use this to override a previous @option{--lock-once}
from a config file.
@item --lock-never
Disable locking entirely. This option should be used only in very
special environments, where it can be assured that only one process
is accessing those files. A bootable floppy with a stand-alone
encryption system will probably use this. Improper usage of this
option may lead to data and key corruption.
@item --exit-on-status-write-error
This option will cause write errors on the status FD to immediately
terminate the process. That should in fact be the default but it never
worked this way and thus we need an option to enable this, so that the
change won't break applications which close their end of a status fd
connected pipe too early. Using this option along with
@option{--enable-progress-filter} may be used to cleanly cancel long
running gpg operations.
@item --limit-card-insert-tries @code{n}
With @code{n} greater than 0 the number of prompts asking to insert a
smartcard gets limited to N-1. Thus with a value of 1 gpg won't at
all ask to insert a card if none has been inserted at startup. This
option is useful in the configuration file in case an application does
not know about the smartcard support and waits ad infinitum for an
inserted card.
@item --no-random-seed-file
GnuPG uses a file to store its internal random pool over invocations.
This makes random generation faster; however sometimes write operations
are not desired. This option can be used to achieve that with the cost of
slower random generation.
@item --no-greeting
Suppress the initial copyright message.
@item --no-secmem-warning
Suppress the warning about "using insecure memory".
@item --no-permission-warning
Suppress the warning about unsafe file and home directory (@option{--homedir})
permissions. Note that the permission checks that GnuPG performs are
not intended to be authoritative, but rather they simply warn about
certain common permission problems. Do not assume that the lack of a
warning means that your system is secure.
Note that the warning for unsafe @option{--homedir} permissions cannot be
suppressed in the gpg.conf file, as this would allow an attacker to
place an unsafe gpg.conf file in place, and use this file to suppress
warnings about itself. The @option{--homedir} permissions warning may only be
suppressed on the command line.
@item --no-mdc-warning
Suppress the warning about missing MDC integrity protection.
@item --require-secmem
@itemx --no-require-secmem
Refuse to run if GnuPG cannot get secure memory. Defaults to no
(i.e. run, but give a warning).
@item --require-cross-certification
@itemx --no-require-cross-certification
When verifying a signature made from a subkey, ensure that the cross
certification "back signature" on the subkey is present and valid. This
protects against a subtle attack against subkeys that can sign.
Defaults to @option{--require-cross-certification} for
@command{@gpgname}.
@item --expert
@itemx --no-expert
Allow the user to do certain nonsensical or "silly" things like
signing an expired or revoked key, or certain potentially incompatible
things like generating unusual key types. This also disables certain
warning messages about potentially incompatible actions. As the name
implies, this option is for experts only. If you don't fully
understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option.
@end table
@c *******************************************
@c ******** KEY RELATED OPTIONS ************
@c *******************************************
@node GPG Key related Options
@subsection Key related options
@table @gnupgtabopt
@item --recipient @var{name}
@itemx -r
@opindex recipient
Encrypt for user id @var{name}. If this option or
@option{--hidden-recipient} is not specified, GnuPG asks for the user-id
unless @option{--default-recipient} is given.
@item --hidden-recipient @var{name}
@itemx -R
@opindex hidden-recipient
Encrypt for user ID @var{name}, but hide the key ID of this user's
key. This option helps to hide the receiver of the message and is a
limited countermeasure against traffic analysis. If this option or
@option{--recipient} is not specified, GnuPG asks for the user ID unless
@option{--default-recipient} is given.
@item --encrypt-to @code{name}
Same as @option{--recipient} but this one is intended for use in the
options file and may be used with your own user-id as an
"encrypt-to-self". These keys are only used when there are other
recipients given either by use of @option{--recipient} or by the asked
user id. No trust checking is performed for these user ids and even
disabled keys can be used.
@item --hidden-encrypt-to @code{name}
Same as @option{--hidden-recipient} but this one is intended for use in the
options file and may be used with your own user-id as a hidden
"encrypt-to-self". These keys are only used when there are other
recipients given either by use of @option{--recipient} or by the asked user id.
No trust checking is performed for these user ids and even disabled
keys can be used.
@item --no-encrypt-to
Disable the use of all @option{--encrypt-to} and
@option{--hidden-encrypt-to} keys.
@item --group @code{name=value1 }
Sets up a named group, which is similar to aliases in email programs.
Any time the group name is a recipient (@option{-r} or
@option{--recipient}), it will be expanded to the values
specified. Multiple groups with the same name are automatically merged
into a single group.
The values are @code{key IDs} or fingerprints, but any key description
is accepted. Note that a value with spaces in it will be treated as
two different values. Note also there is only one level of expansion
--- you cannot make an group that points to another group. When used
from the command line, it may be necessary to quote the argument to
this option to prevent the shell from treating it as multiple
arguments.
@item --ungroup @code{name}
Remove a given entry from the @option{--group} list.
@item --no-groups
Remove all entries from the @option{--group} list.
@item --local-user @var{name}
@itemx -u
@opindex local-user
Use @var{name} as the key to sign with. Note that this option overrides
@option{--default-key}.
@item --try-all-secrets
Don't look at the key ID as stored in the message but try all secret
keys in turn to find the right decryption key. This option forces the
behaviour as used by anonymous recipients (created by using
@option{--throw-keyids}) and might come handy in case where an encrypted
message contains a bogus key ID.
@end table
@c *******************************************
@c ******** INPUT AND OUTPUT ***************
@c *******************************************
@node GPG Input and Output
@subsection Input and Output
@table @gnupgtabopt
@item --armor
@itemx -a
@opindex armor
Create ASCII armored output. The default is to create the binary
OpenPGP format.
@item --no-armor
Assume the input data is not in ASCII armored format.
@item --output @var{file}
@itemx -o @var{file}
@opindex output
Write output to @var{file}.
@item --max-output @code{n}
@opindex max-output
This option sets a limit on the number of bytes that will be generated
when processing a file. Since OpenPGP supports various levels of
compression, it is possible that the plaintext of a given message may be
significantly larger than the original OpenPGP message. While GnuPG
works properly with such messages, there is often a desire to set a
maximum file size that will be generated before processing is forced to
stop by the OS limits. Defaults to 0, which means "no limit".
@item --import-options @code{parameters}
This is a space or comma delimited string that gives options for
importing keys. Options can be prepended with a `no-' to give the
opposite meaning. The options are:
@table @asis
@item import-local-sigs
Allow importing key signatures marked as "local". This is not
generally useful unless a shared keyring scheme is being used.
Defaults to no.
@item repair-pks-subkey-bug
During import, attempt to repair the damage caused by the PKS keyserver
bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note
that this cannot completely repair the damaged key as some crucial data
is removed by the keyserver, but it does at least give you back one
subkey. Defaults to no for regular @option{--import} and to yes for
keyserver @option{--recv-keys}.
@item merge-only
During import, allow key updates to existing keys, but do not allow
any new keys to be imported. Defaults to no.
@item import-clean
After import, compact (remove all signatures except the
self-signature) any user IDs from the new key that are not usable.
Then, remove any signatures from the new key that are not usable.
This includes signatures that were issued by keys that are not present
on the keyring. This option is the same as running the @option{--edit-key}
command "clean" after import. Defaults to no.
@item import-minimal
Import the smallest key possible. This removes all signatures except
the most recent self-signature on each user ID. This option is the
same as running the @option{--edit-key} command "minimize" after import.
Defaults to no.
@end table
@item --export-options @code{parameters}
This is a space or comma delimited string that gives options for
exporting keys. Options can be prepended with a `no-' to give the
opposite meaning. The options are:
@table @asis
@item export-local-sigs
Allow exporting key signatures marked as "local". This is not
generally useful unless a shared keyring scheme is being used.
Defaults to no.
@item export-attributes
Include attribute user IDs (photo IDs) while exporting. This is
useful to export keys if they are going to be used by an OpenPGP
program that does not accept attribute user IDs. Defaults to yes.
@item export-sensitive-revkeys
Include designated revoker information that was marked as
"sensitive". Defaults to no.
@item export-reset-subkey-passwd
When using the @option{--export-secret-subkeys} command, this option resets
the passphrases for all exported subkeys to empty. This is useful
when the exported subkey is to be used on an unattended machine where
a passphrase doesn't necessarily make sense. Defaults to no.
@item export-clean
Compact (remove all signatures from) user IDs on the key being
exported if the user IDs are not usable. Also, do not export any
signatures that are not usable. This includes signatures that were
issued by keys that are not present on the keyring. This option is
the same as running the @option{--edit-key} command "clean" before export
except that the local copy of the key is not modified. Defaults to
no.
@item export-minimal
Export the smallest key possible. This removes all signatures except the
most recent self-signature on each user ID. This option is the same as
running the @option{--edit-key} command "minimize" before export except
that the local copy of the key is not modified. Defaults to no.
@end table
@item --with-colons
@opindex with-colons
Print key listings delimited by colons. Note that the output will be
encoded in UTF-8 regardless of any @option{--display-charset} setting. This
format is useful when GnuPG is called from scripts and other programs
as it is easily machine parsed. The details of this format are
documented in the file @file{doc/DETAILS}, which is included in the GnuPG
source distribution.
@item --fixed-list-mode
@opindex fixed-list-mode
Do not merge primary user ID and primary key in @option{--with-colon}
listing mode and print all timestamps as seconds since 1970-01-01.
@item --with-fingerprint
@opindex with-fingerprint
Same as the command @option{--fingerprint} but changes only the format
of the output and may be used together with another command.
@end table
@c *******************************************
@c ******** OPENPGP OPTIONS ****************
@c *******************************************
@node OpenPGP Options
@subsection OpenPGP protocol specific options.
@table @gnupgtabopt
@item -t, --textmode
@itemx --no-textmode
Treat input files as text and store them in the OpenPGP canonical text
form with standard "CRLF" line endings. This also sets the necessary
flags to inform the recipient that the encrypted or signed data is text
and may need its line endings converted back to whatever the local
system uses. This option is useful when communicating between two
platforms that have different line ending conventions (UNIX-like to Mac,
Mac to Windows, etc). @option{--no-textmode} disables this option, and
is the default.
@ifset gpgone
If @option{-t} (but not @option{--textmode}) is used together with
armoring and signing, this enables clearsigned messages. This kludge is
needed for command-line compatibility with command-line versions of PGP;
normally you would use @option{--sign} or @option{--clearsign} to select
the type of the signature.
@end ifset
@item --force-v3-sigs
@itemx --no-force-v3-sigs
OpenPGP states that an implementation should generate v4 signatures
but PGP versions 5 through 7 only recognize v4 signatures on key
material. This option forces v3 signatures for signatures on data.
Note that this option implies @option{--ask-sig-expire},
@option{--sig-policy-url}, @option{--sig-notation}, and
@option{--sig-keyserver-url}, as these features cannot be used with v3
signatures. @option{--no-force-v3-sigs} disables this option.
@item --force-v4-certs
@itemx --no-force-v4-certs
Always use v4 key signatures even on v3 keys. This option also
changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
@option{--no-force-v4-certs} disables this option.
@item --force-mdc
Force the use of encryption with a modification detection code. This
is always used with the newer ciphers (those with a blocksize greater
than 64 bits), or if all of the recipient keys indicate MDC support in
their feature flags.
@item --disable-mdc
Disable the use of the modification detection code. Note that by
using this option, the encrypted message becomes vulnerable to a
message modification attack.
@item --personal-cipher-preferences @code{string}
Set the list of personal cipher preferences to @code{string}. Use
@command{@gpgname --version} to get a list of available algorithms,
and use @code{none} to set no preference at all. This allows the user
to factor in their own preferred algorithms when algorithms are chosen
via recipient key preferences. The most highly ranked cipher in this
list is also used for the @option{--symmetric} encryption command.
@item --personal-digest-preferences @code{string}
Set the list of personal digest preferences to @code{string}. Use
@command{@gpgname --version} to get a list of available algorithms,
and use @code{none} to set no preference at all. This allows the user
to factor in their own preferred algorithms when algorithms are chosen
via recipient key preferences. The most highly ranked digest
algorithm in this list is algo used when signing without encryption
(e.g. @option{--clearsign} or @option{--sign}). The default value is
SHA-1.
@item --personal-compress-preferences @code{string}
Set the list of personal compression preferences to @code{string}.
Use @command{@gpgname --version} to get a list of available
algorithms, and use @code{none} to set no preference at all. This
allows the user to factor in their own preferred algorithms when
algorithms are chosen via recipient key preferences. The most highly
ranked compression algorithm in this list is algo used when there are
no recipient keys to consider (e.g. @option{--symmetric}).
@item --s2k-cipher-algo @code{name}
Use @code{name} as the cipher algorithm used to protect secret keys.
The default cipher is CAST5. This cipher is also used for
conventional encryption if @option{--personal-cipher-preferences} and
@option{--cipher-algo} is not given.
@item --s2k-digest-algo @code{name}
Use @code{name} as the digest algorithm used to mangle the passphrases.
The default algorithm is SHA-1.
@item --s2k-mode @code{n}
Selects how passphrases are mangled. If @code{n} is 0 a plain
passphrase (which is not recommended) will be used, a 1 adds a salt to
the passphrase and a 3 (the default) iterates the whole process a
number of times (see --s2k-count). Unless @option{--rfc1991} is used,
this mode is also used for conventional encryption.
@item --s2k-count @code{n}
Specify how many times the passphrase mangling is repeated. This
value may range between 1024 and 65011712 inclusive, and the default
is 65536. Note that not all values in the 1024-65011712 range are
legal and if an illegal value is selected, GnuPG will round up to the
nearest legal value. This option is only meaningful if
@option{--s2k-mode} is 3.
@end table
@c ***************************
@c ******* Compliance ********
@c ***************************
@subsection Compliance options
These options control what GnuPG is compliant to. Only one of these
options may be active at a time. Note that the default setting of
this is nearly always the correct one. See the INTEROPERABILITY WITH
OTHER OPENPGP PROGRAMS section below before using one of these
options.
@table @gnupgtabopt
@item --gnupg
@opindex gnupg
Use standard GnuPG behavior. This is essentially OpenPGP behavior
(see @option{--openpgp}), but with some additional workarounds for common
compatibility problems in different versions of PGP. This is the
default option, so it is not generally needed, but it may be useful to
override a different compliance option in the gpg.conf file.
@item --openpgp
@opindex openpgp
Reset all packet, cipher and digest options to strict OpenPGP
behavior. Use this option to reset all previous options like
@option{--s2k-*}, @option{--cipher-algo}, @option{--digest-algo} and
@option{--compress-algo} to OpenPGP compliant values. All PGP
workarounds are disabled.
@item --rfc4880
@opindex rfc4880
Reset all packet, cipher and digest options to strict RFC-4880
behavior. Note that this is currently the same thing as
@option{--openpgp}.
@item --rfc2440
@opindex rfc2440
Reset all packet, cipher and digest options to strict RFC-2440
behavior.
@item --rfc1991
@opindex rfc1991
Try to be more RFC-1991 (PGP 2.x) compliant.
@item --pgp2
@opindex pgp2
Set up all options to be as PGP 2.x compliant as possible, and warn if
an action is taken (e.g. encrypting to a non-RSA key) that will create
a message that PGP 2.x will not be able to handle. Note that `PGP
2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
--no-force-v4-certs --no-sk-comment --escape-from-lines
--force-v3-sigs --cipher-algo IDEA --digest-algo MD5 --compress-algo
ZIP}. It also disables @option{--textmode} when encrypting.
@item --pgp6
@opindex pgp6
Set up all options to be as PGP 6 compliant as possible. This
restricts you to the ciphers IDEA (if the IDEA plugin is installed),
3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the
compression algorithms none and ZIP. This also disables
--throw-keyids, and making signatures with signing subkeys as PGP 6
does not understand signatures made by signing subkeys.
This option implies @option{--disable-mdc --no-sk-comment
--escape-from-lines --force-v3-sigs}.
@item --pgp7
@opindex pgp7
Set up all options to be as PGP 7 compliant as possible. This is
identical to @option{--pgp6} except that MDCs are not disabled, and the
list of allowable ciphers is expanded to add AES128, AES192, AES256, and
TWOFISH.
@item --pgp8
@opindex pgp8
Set up all options to be as PGP 8 compliant as possible. PGP 8 is a lot
closer to the OpenPGP standard than previous versions of PGP, so all
this does is disable @option{--throw-keyids} and set
@option{--escape-from-lines}. All algorithms are allowed except for the
SHA224, SHA384, and SHA512 digests.
@end table
@c *******************************************
@c ******** ESOTERIC OPTIONS ***************
@c *******************************************
@node GPG Esoteric Options
@subsection Doing things one usually doesn't want to do.
@table @gnupgtabopt
@item -n
@itemx --dry-run
@opindex dry-run
Don't make any changes (this is not completely implemented).
@item --list-only
Changes the behaviour of some commands. This is like @option{--dry-run} but
different in some cases. The semantic of this command may be extended in
the future. Currently it only skips the actual decryption pass and
therefore enables a fast listing of the encryption keys.
@item -i
@itemx --interactive
@opindex interactive
Prompt before overwriting any files.
@item --debug @var{flags}
@opindex debug
Set debugging flags. All flags are or-ed and @var{flags} may
be given in C syntax (e.g. 0x0042).
@item --debug-all
Set all useful debugging flags.
@ifset gpgone
@item --debug-ccid-driver
Enable debug output from the included CCID driver for smartcards.
Note that this option is only available on some system.
@end ifset
@item --enable-progress-filter
Enable certain PROGRESS status outputs. This option allows frontends
to display a progress indicator while gpg is processing larger files.
There is a slight performance overhead using it.
@item --status-fd @code{n}
Write special status strings to the file descriptor @code{n}.
See the file DETAILS in the documentation for a listing of them.
@item --status-file @code{file}
Same as @option{--status-fd}, except the status data is written to file
@code{file}.
@item --logger-fd @code{n}
Write log output to file descriptor @code{n} and not to stderr.
@item --logger-file @code{file}
Same as @option{--logger-fd}, except the logger data is written to file
@code{file}.
@item --attribute-fd @code{n}
Write attribute subpackets to the file descriptor @code{n}. This is most
useful for use with @option{--status-fd}, since the status messages are
needed to separate out the various subpackets from the stream delivered
to the file descriptor.
@item --attribute-file @code{file}
Same as @option{--attribute-fd}, except the attribute data is written to
file @code{file}.
@item --comment @code{string}
@itemx --no-comments
Use @code{string} as a comment string in clear text signatures and ASCII
armored messages or keys (see @option{--armor}). The default behavior is
not to use a comment string. @option{--comment} may be repeated multiple
times to get multiple comment strings. @option{--no-comments} removes
all comments. It is a good idea to keep the length of a single comment
below 60 characters to avoid problems with mail programs wrapping such
lines. Note that comment lines, like all other header lines, are not
protected by the signature.
@item --emit-version
@itemx --no-emit-version
Force inclusion of the version string in ASCII armored output.
@option{--no-emit-version} disables this option.
@item --sig-notation @code{name=value}
@itemx --cert-notation @code{name=value}
@itemx -N, --set-notation @code{name=value}
Put the name value pair into the signature as notation data.
@code{name} must consist only of printable characters or spaces, and
must contain a '@@' character in the form keyname@@domain.example.com
(substituting the appropriate keyname and domain name, of course). This
is to help prevent pollution of the IETF reserved notation
namespace. The @option{--expert} flag overrides the '@@'
check. @code{value} may be any printable string; it will be encoded in
UTF8, so you should check that your @option{--display-charset} is set
correctly. If you prefix @code{name} with an exclamation mark (!), the
notation data will be flagged as critical
(rfc2440:5.2.3.15). @option{--sig-notation} sets a notation for data
signatures. @option{--cert-notation} sets a notation for key signatures
(certifications). @option{--set-notation} sets both.
There are special codes that may be used in notation names. "%k" will
be expanded into the key ID of the key being signed, "%K" into the
long key ID of the key being signed, "%f" into the fingerprint of the
key being signed, "%s" into the key ID of the key making the
signature, "%S" into the long key ID of the key making the signature,
"%g" into the fingerprint of the key making the signature (which might
be a subkey), "%p" into the fingerprint of the primary key of the key
making the signature, "%c" into the signature count from the OpenPGP
smartcard, and "%%" results in a single "%". %k, %K, and %f are only
meaningful when making a key signature (certification), and %c is only
meaningful when using the OpenPGP smartcard.
@item --sig-policy-url @code{string}
@itemx --cert-policy-url @code{string}
@itemx --set-policy-url @code{string}
Use @code{string} as a Policy URL for signatures (rfc2440:5.2.3.19). If
you prefix it with an exclamation mark (!), the policy URL packet will
be flagged as critical. @option{--sig-policy-url} sets a policy url for
data signatures. @option{--cert-policy-url} sets a policy url for key
signatures (certifications). @option{--set-policy-url} sets both.
The same %-expandos used for notation data are available here as well.
@item --sig-keyserver-url @code{string}
Use @code{string} as a preferred keyserver URL for data signatures. If
you prefix it with an exclamation mark (!), the keyserver URL packet
will be flagged as critical.
The same %-expandos used for notation data are available here as well.
@item --set-filename @code{string}
Use @code{string} as the filename which is stored inside messages.
This overrides the default, which is to use the actual filename of the
file being encrypted.
@item --for-your-eyes-only
@itemx --no-for-your-eyes-only
Set the `for your eyes only' flag in the message. This causes GnuPG
to refuse to save the file unless the @option{--output} option is given, and
PGP to use the "secure viewer" with a Tempest-resistant font to
display the message. This option overrides @option{--set-filename}.
@option{--no-for-your-eyes-only} disables this option.
@item --use-embedded-filename
@itemx --no-use-embedded-filename
Try to create a file with a name as embedded in the data. This can be
a dangerous option as it allows to overwrite files. Defaults to no.
@item --cipher-algo @code{name}
Use @code{name} as cipher algorithm. Running the program with the
command @option{--version} yields a list of supported algorithms. If
this is not used the cipher algorithm is selected from the preferences
stored with the key. In general, you do not want to use this option as
it allows you to violate the OpenPGP standard.
@option{--personal-cipher-preferences} is the safe way to accomplish the
same thing.
@item --digest-algo @code{name}
Use @code{name} as the message digest algorithm. Running the program
with the command @option{--version} yields a list of supported algorithms. In
general, you do not want to use this option as it allows you to
violate the OpenPGP standard. @option{--personal-digest-preferences} is the
safe way to accomplish the same thing.
@item --compress-algo @code{name}
Use compression algorithm @code{name}. "zlib" is RFC-1950 ZLIB
compression. "zip" is RFC-1951 ZIP compression which is used by PGP.
"bzip2" is a more modern compression scheme that can compress some
things better than zip or zlib, but at the cost of more memory used
during compression and decompression. "uncompressed" or "none"
disables compression. If this option is not used, the default
behavior is to examine the recipient key preferences to see which
algorithms the recipient supports. If all else fails, ZIP is used for
maximum compatibility.
ZLIB may give better compression results than ZIP, as the compression
window size is not limited to 8k. BZIP2 may give even better
compression results than that, but will use a significantly larger
amount of memory while compressing and decompressing. This may be
significant in low memory situations. Note, however, that PGP (all
versions) only supports ZIP compression. Using any algorithm other
than ZIP or "none" will make the message unreadable with PGP. In
general, you do not want to use this option as it allows you to
violate the OpenPGP standard. @option{--personal-compress-preferences} is the
safe way to accomplish the same thing.
@item --cert-digest-algo @code{name}
Use @code{name} as the message digest algorithm used when signing a
key. Running the program with the command @option{--version} yields a
list of supported algorithms. Be aware that if you choose an algorithm
that GnuPG supports but other OpenPGP implementations do not, then some
users will not be able to use the key signatures you make, or quite
possibly your entire key.
@item --disable-cipher-algo @code{name}
Never allow the use of @code{name} as cipher algorithm.
The given name will not be checked so that a later loaded algorithm
will still get disabled.
@item --disable-pubkey-algo @code{name}
Never allow the use of @code{name} as public key algorithm.
The given name will not be checked so that a later loaded algorithm
will still get disabled.
@item --throw-keyids
@itemx --no-throw-keyids
Do not put the recipient key IDs into encrypted messages. This helps
to hide the receivers of the message and is a limited countermeasure
against traffic analysis. On the receiving side, it may slow down the
decryption process because all available secret keys must be tried.
@option{--no-throw-keyids} disables this option. This option is essentially
the same as using @option{--hidden-recipient} for all recipients.
@item --not-dash-escaped
This option changes the behavior of cleartext signatures
so that they can be used for patch files. You should not
send such an armored file via email because all spaces
and line endings are hashed too. You can not use this
option for data which has 5 dashes at the beginning of a
line, patch files don't have this. A special armor header
line tells GnuPG about this cleartext signature option.
@item --escape-from-lines
@itemx --no-escape-from-lines
Because some mailers change lines starting with "From " to ">From " it
is good to handle such lines in a special way when creating cleartext
signatures to prevent the mail system from breaking the signature. Note
that all other PGP versions do it this way too. Enabled by
default. @option{--no-escape-from-lines} disables this option.
@item --passphrase-repeat @code{n}
Specify how many times @command{@gpgname} will request a new
passphrase be repeated. This is useful for helping memorize a
passphrase. Defaults to 1 repetition.
@item --passphrase-fd @code{n}
Read the passphrase from file descriptor @code{n}. Only the first line
will be read from file descriptor @code{n}. If you use 0 for @code{n},
the passphrase will be read from stdin. This can only be used if only
one passphrase is supplied.
@ifclear gpgone
Note that this passphrase is only used if the option @option{--batch}
has also been given. This is different from @command{gpg}.
@end ifclear
@item --passphrase-file @code{file}
Read the passphrase from file @code{file}. Only the first line will
be read from file @code{file}. This can only be used if only one
passphrase is supplied. Obviously, a passphrase stored in a file is
of questionable security if other users can read this file. Don't use
this option if you can avoid it.
@ifclear gpgone
Note that this passphrase is only used if the option @option{--batch}
has also been given. This is different from @command{gpg}.
@end ifclear
@item --passphrase @code{string}
Use @code{string} as the passphrase. This can only be used if only one
passphrase is supplied. Obviously, this is of very questionable
security on a multi-user system. Don't use this option if you can
avoid it.
@ifclear gpgone
Note that this passphrase is only used if the option @option{--batch}
has also been given. This is different from @command{gpg}.
@end ifclear
@item --command-fd @code{n}
This is a replacement for the deprecated shared-memory IPC mode.
If this option is enabled, user input on questions is not expected
from the TTY but from the given file descriptor. It should be used
together with @option{--status-fd}. See the file doc/DETAILS in the source
distribution for details on how to use it.
@item --command-file @code{file}
Same as @option{--command-fd}, except the commands are read out of file
@code{file}
@item --allow-non-selfsigned-uid
@itemx --no-allow-non-selfsigned-uid
Allow the import and use of keys with user IDs which are not
self-signed. This is not recommended, as a non self-signed user ID is
trivial to forge. @option{--no-allow-non-selfsigned-uid} disables.
@item --allow-freeform-uid
Disable all checks on the form of the user ID while generating a new
one. This option should only be used in very special environments as
it does not ensure the de-facto standard format of user IDs.
@item --ignore-time-conflict
GnuPG normally checks that the timestamps associated with keys and
signatures have plausible values. However, sometimes a signature
seems to be older than the key due to clock problems. This option
makes these checks just a warning. See also @option{--ignore-valid-from} for
timestamp issues on subkeys.
@item --ignore-valid-from
GnuPG normally does not select and use subkeys created in the future.
This option allows the use of such keys and thus exhibits the
pre-1.0.7 behaviour. You should not use this option unless you there
is some clock problem. See also @option{--ignore-time-conflict} for timestamp
issues with signatures.
@item --ignore-crc-error
The ASCII armor used by OpenPGP is protected by a CRC checksum against
transmission errors. Occasionally the CRC gets mangled somewhere on
the transmission channel but the actual content (which is protected by
the OpenPGP protocol anyway) is still okay. This option allows GnuPG
to ignore CRC errors.
@item --ignore-mdc-error
This option changes a MDC integrity protection failure into a warning.
This can be useful if a message is partially corrupt, but it is
necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
@item --no-default-keyring
Do not add the default keyrings to the list of keyrings. Note that
GnuPG will not operate without any keyrings, so if you use this option
and do not provide alternate keyrings via @option{--keyring} or
@option{--secret-keyring}, then GnuPG will still use the default public or
secret keyrings.
@item --skip-verify
Skip the signature verification step. This may be
used to make the decryption faster if the signature
verification is not needed.
@item --with-key-data
Print key listings delimited by colons (like @option{--with-colons}) and
print the public key data.
@item --fast-list-mode
Changes the output of the list commands to work faster; this is achieved
by leaving some parts empty. Some applications don't need the user ID
and the trust information given in the listings. By using this options
they can get a faster listing. The exact behaviour of this option may
change in future versions. If you are missing some information, don't
use this option.
@item --no-literal
This is not for normal use. Use the source to see for what it might be useful.
@item --set-filesize
This is not for normal use. Use the source to see for what it might be useful.
@item --show-session-key
Display the session key used for one message. See
@option{--override-session-key} for the counterpart of this option.
We think that Key Escrow is a Bad Thing; however the user should have
the freedom to decide whether to go to prison or to reveal the content
of one specific message without compromising all messages ever
encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY
FORCED TO DO SO.
@item --override-session-key @code{string}
Don't use the public key but the session key @code{string}. The format
of this string is the same as the one printed by
@option{--show-session-key}. This option is normally not used but comes
handy in case someone forces you to reveal the content of an encrypted
message; using this option you can do this without handing out the
secret key.
@item --ask-sig-expire
@itemx --no-ask-sig-expire
When making a data signature, prompt for an expiration time. If this
option is not specified, the expiration time set via
@option{--default-sig-expire} is used. @option{--no-ask-sig-expire}
disables this option. Note that by default, @option{--force-v3-sigs} is
set which also disables this option. If you want signature expiration,
you must set @option{--no-force-v3-sigs} as well as turning
@option{--ask-sig-expire} on.
@item --default-sig-expire
The default expiration time to use for signature expiration. Valid
values are "0" for no expiration, a number followed by the letter d
(for days), w (for weeks), m (for months), or y (for years) (for
example "2m" for two months, or "5y" for five years), or an absolute
date in the form YYYY-MM-DD. Defaults to "0".
@item --ask-cert-expire
@itemx --no-ask-cert-expire
When making a key signature, prompt for an expiration time. If this
option is not specified, the expiration time set via
@option{--default-cert-expire} is used. @option{--no-ask-cert-expire}
disables this option.
@item --default-cert-expire
The default expiration time to use for key signature expiration.
Valid values are "0" for no expiration, a number followed by the
letter d (for days), w (for weeks), m (for months), or y (for years)
(for example "2m" for two months, or "5y" for five years), or an
absolute date in the form YYYY-MM-DD. Defaults to "0".
@item --allow-secret-key-import
This is an obsolete option and is not used anywhere.
@item --allow-multiple-messages
@item --no-allow-multiple-messages
Allow processing of multiple OpenPGP messages contained in a single
file or stream. Some programs that call GPG are not prepared to deal
with multiple messages being processed together, so this option
defaults to no. Note that versions of GPG prior to 1.4.7 always
allowed multiple messages.
@item --enable-special-filenames
This options enables a mode in which filenames of the form
@file{-&n}, where n is a non-negative decimal number,
refer to the file descriptor n and not to a file with that name.
@item --no-expensive-trust-checks
Experimental use only.
@item --preserve-permissions
Don't change the permissions of a secret keyring back to user
read/write only. Use this option only if you really know what you are doing.
@item --default-preference-list @code{string}
@opindex default-preference-list
Set the list of default preferences to @code{string}. This preference
list is used for new keys and becomes the default for "setpref" in the
edit menu.
@item --default-keyserver-url @code{name}
@opindex default-keyserver-url
Set the default keyserver URL to @code{name}. This keyserver will be
used as the keyserver URL when writing a new self-signature on a key,
which includes key generation and changing preferences.
@item --list-config
@opindex list-config
Display various internal configuration parameters of GnuPG. This option
is intended for external programs that call GnuPG to perform tasks, and
is thus not generally useful. See the file @file{doc/DETAILS} in the
source distribution for the details of which configuration items may be
listed. @option{--list-config} is only usable with
@option{--with-colons} set.
@item --gpgconf-list
@opindex gpgconf-list
This command is simliar to @option{--list-config} but in general only
internally used by the @command{gpgconf} tool.
@item --gpgconf-test
@opindex gpgconf-test
This is more or less dummy action. However it parses the configuration
file and returns with failure if the configuraion file would prevent
@command{gpg} from startup. Thus it may be used to run a syntax check
on the configuration file.
@end table
@c *******************************
@c ******* Deprecated ************
@c *******************************
@subsection Deprecated options
@table @gnupgtabopt
@ifset gpgone
@item --load-extension @code{name}
Load an extension module. If @code{name} does not contain a slash it is
searched for in the directory configured when GnuPG was built
(generally "/usr/local/lib/gnupg"). Extensions are not generally
useful anymore, and the use of this option is deprecated.
@end ifset
@item --show-photos
@itemx --no-show-photos
Causes @option{--list-keys}, @option{--list-sigs},
@option{--list-public-keys}, @option{--list-secret-keys}, and verifying
a signature to also display the photo ID attached to the key, if
any. See also @option{--photo-viewer}. These options are deprecated. Use
@option{--list-options [no-]show-photos} and/or @option{--verify-options
[no-]show-photos} instead.
@item --show-keyring
Display the keyring name at the head of key listings to show which
keyring a given key resides on. This option is deprecated: use
@option{--list-options [no-]show-keyring} instead.
@ifset gpgone
@item --ctapi-driver @code{file}
Use @code{file} to access the smartcard reader. The current default
is `libtowitoko.so'. Note that the use of this interface is
deprecated; it may be removed in future releases.
@end ifset
@item --always-trust
Identical to @option{--trust-model always}. This option is deprecated.
@item --show-notation
@itemx --no-show-notation
Show signature notations in the @option{--list-sigs} or @option{--check-sigs} listings
as well as when verifying a signature with a notation in it. These
options are deprecated. Use @option{--list-options [no-]show-notation}
and/or @option{--verify-options [no-]show-notation} instead.
@item --show-policy-url
@itemx --no-show-policy-url
Show policy URLs in the @option{--list-sigs} or @option{--check-sigs}
listings as well as when verifying a signature with a policy URL in
it. These options are deprecated. Use @option{--list-options
[no-]show-policy-url} and/or @option{--verify-options
[no-]show-policy-url} instead.
@end table
@c *******************************************
@c *************** ****************
@c *************** FILES ****************
@c *************** ****************
@c *******************************************
@mansect files
@node GPG Configuration
@section Configuration files
There are a few configuration files to control certain aspects of
@command{@gpgname}'s operation. Unless noted, they are expected in the
current home directory (@pxref{option --homedir}).
@table @file
@item gpg.conf
@cindex gpgsm.conf
This is the standard configuration file read by @command{@gpgname} on
startup. It may contain any valid long option; the leading two dashes
may not be entered and the option may not be abbreviated. This default
name may be changed on the command line (@pxref{option
--options}).
@end table
@c man:.RE
Note that on larger installations, it is useful to put predefined files
into the directory @file{/etc/skel/.gnupg/} so that newly created users
start up with a working configuration.
@ifclear gpgone
For existing users the a small
helper script is provided to create these files (@pxref{addgnupghome}).
@end ifclear
For internal purposes @command{@gpgname} creates and maintaines a few other
files; They all live in in the current home directory (@pxref{option
--homedir}). Only the @command{@gpgname} may modify these files.
@table @file
@item ~/.gnupg/secring.gpg
The secret keyring.
@item ~/.gnupg/secring.gpg.lock
and the lock file
@item ~/.gnupg/pubring.gpg
The public keyring
@item ~/.gnupg/pubring.gpg.lock
and the lock file
@item ~/.gnupg/trustdb.gpg
The trust database
@item ~/.gnupg/trustdb.gpg.lock
and the lock file
@item ~/.gnupg/random_seed
used to preserve the internal random pool
@item /usr[/local]/share/gnupg/options.skel
Skeleton options file
@item /usr[/local]/lib/gnupg/
Default location for extensions
@end table
@c man:.RE
Operation is further controlled by a few environment variables:
@table @asis
@item HOME
Used to locate the default home directory.
@item GNUPGHOME
If set directory used instead of "~/.gnupg".
@item GPG_AGENT_INFO
Used to locate the gpg-agent.
@ifset gpgone
This is only honored when @option{--use-agent} is set.
@end ifset
The value consists of 3 colon delimited fields: The first is the path
to the Unix Domain Socket, the second the PID of the gpg-agent and the
protocol version which should be set to 1. When starting the gpg-agent
as described in its documentation, this variable is set to the correct
value. The option @option{--gpg-agent-info} can be used to override it.
@item PINENTRY_USER_DATA
This value is passed via gpg-agent to pinentry. It is useful to convey
extra information to a custom pinentry
@item COLUMNS
@itemx LINES
Used to size some displays to the full size of the screen.
@item LANGUAGE
Apart from its use by GNU, it is used in the W32 version to override the
language selection done through the Registry. If used and set to a a
valid and available language name (@var{langid}), the file with the
translation is loaded from
@code{@var{gpgdir}/gnupg.nls/@var{langid}.mo}. Here @var{gpgdir} is the
directory out of which the gpg binary has been laoded. If it can't be
loaded the Registry is tried as a fallback.
@end table
@c *******************************************
@c *************** ****************
@c *************** EXAMPLES ****************
@c *************** ****************
@c *******************************************
@mansect examples
@node GPG Examples
@section Examples
@table @asis
@item gpg -se -r @code{Bob} @code{file}
sign and encrypt for user Bob
@item gpg --clearsign @code{file}
make a clear text signature
@item gpg -sb @code{file}
make a detached signature
@item gpg --list-keys @code{user_ID}
show keys
@item gpg --fingerprint @code{user_ID}
show fingerprint
@item gpg --verify @code{pgpfile}
@itemx gpg --verify @code{sigfile}
Verify the signature of the file but do not output the data. The
second form is used for detached signatures, where @code{sigfile}
is the detached signature (either ASCII armored or binary) and
are the signed data; if this is not given, the name of
the file holding the signed data is constructed by cutting off the
extension (".asc" or ".sig") of @code{sigfile} or by asking the
user for the filename.
@end table
@c *******************************************
@c *************** ****************
@c *************** USER ID ****************
@c *************** ****************
@c *******************************************
@mansect how to specify a user id
@ifset isman
@include specify-user-id.texi
@end ifset
@mansect return vaue
@chapheading RETURN VALUE
The program returns 0 if everything was fine, 1 if at least
a signature was bad, and other error codes for fatal errors.
@mansect warnings
@chapheading WARNINGS
Use a *good* password for your user account and a *good* passphrase
to protect your secret key. This passphrase is the weakest part of the
whole system. Programs to do dictionary attacks on your secret keyring
are very easy to write and so you should protect your "~/.gnupg/"
directory very well.
Keep in mind that, if this program is used over a network (telnet), it
is *very* easy to spy out your passphrase!
If you are going to verify detached signatures, make sure that the
program knows about it; either give both filenames on the command line
or use @samp{-} to specify stdin.
@mansect interoperability
@chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
GnuPG tries to be a very flexible implementation of the OpenPGP
standard. In particular, GnuPG implements many of the optional parts
of the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
compression algorithms. It is important to be aware that not all
OpenPGP programs implement these optional algorithms and that by
forcing their use via the @option{--cipher-algo},
@option{--digest-algo}, @option{--cert-digest-algo}, or
@option{--compress-algo} options in GnuPG, it is possible to create a
perfectly valid OpenPGP message, but one that cannot be read by the
intended recipient.
There are dozens of variations of OpenPGP programs available, and each
supports a slightly different subset of these optional algorithms.
For example, until recently, no (unhacked) version of PGP supported
the BLOWFISH cipher algorithm. A message using BLOWFISH simply could
not be read by a PGP user. By default, GnuPG uses the standard
OpenPGP preferences system that will always do the right thing and
create messages that are usable by all recipients, regardless of which
OpenPGP program they use. Only override this safe default if you
really know what you are doing.
If you absolutely must override the safe default, or if the preferences
on a given key are invalid for some reason, you are far better off using
the @option{--pgp6}, @option{--pgp7}, or @option{--pgp8} options. These
options are safe as they do not force any particular algorithms in
violation of OpenPGP, but rather reduce the available algorithms to a
"PGP-safe" list.
@mansect bugs
@chapheading BUGS
On many systems this program should be installed as setuid(root). This
is necessary to lock memory pages. Locking memory pages prevents the
operating system from writing memory pages (which may contain
passphrases or other sensitive material) to disk. If you get no
warning message about insecure memory your operating system supports
locking without being root. The program drops root privileges as soon
as locked memory is allocated.
Note also that some systems (especially laptops) have the ability to
``suspend to disk'' (also known as ``safe sleep'' or ``hibernate'').
This writes all memory to disk before going into a low power or even
powered off mode. Unless measures are taken in the operating system
to protect the saved memory, passphrases or other sensitive material
may be recoverable from it later.
@mansect see also
@ifset isman
@command{gpgv}(1),
@ifclear gpgone
@command{gpgsm}(1),
@command{gpg-agent}(1)
@end ifclear
@end ifset
@include see-also-note.texi
diff --git a/po/de.po b/po/de.po
index aa136f1fe..566deae3d 100644
--- a/po/de.po
+++ b/po/de.po
@@ -1,8235 +1,8235 @@
# GnuPG german translation
# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
# 2005, 2006 Free Software Foundation, Inc.
# Walter Koch <koch@u32.de>, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006
# Merged with the gnupg 1.9.23 translation by Werner Koch on 2006-09-25.
#
msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.0.6\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"POT-Creation-Date: 2007-11-19 16:02+0100\n"
-"PO-Revision-Date: 2007-11-19 16:41+0100\n"
+"PO-Revision-Date: 2007-11-20 14:43+0100\n"
"Last-Translator: Walter Koch <koch@u32.de>\n"
"Language-Team: German <de@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
#: agent/call-pinentry.c:205
#, c-format
msgid "failed to acquire the pinentry lock: %s\n"
msgstr "Die Sperre für das Pinentry kann nicht gesetzt werden: %s\n"
#: agent/call-pinentry.c:548
msgid ""
"Please enter your PIN, so that the secret key can be unlocked for this "
"session"
msgstr ""
"Bitte geben Sie Ihre PIN ein, so daß der geheime Schlüssel benutzt werden "
"kann"
#: agent/call-pinentry.c:551
msgid ""
"Please enter your passphrase, so that the secret key can be unlocked for "
"this session"
msgstr ""
"Bitte geben Sie Ihre Passphrase ein, so daß der geheime Schlüssel benutzt "
"werden kann"
#. TRANSLATORS: This string is displayed pinentry as the label
#. for the quality bar.
#: agent/call-pinentry.c:586
msgid "Quality:"
msgstr "Qualität:"
#. TRANSLATORS: This string is a tooltip, shown by pinentry when
#. hovering over the quality bar. Please use an appropriate
#. sting to describe what this is about. The length of the
#. tooltip is limited to about 900 characters. If you do not
#. translate this a default english string (see source) will be
#. used.
#: agent/call-pinentry.c:604
msgid "pinentry.qualitybar.tooltip"
msgstr ""
"Die Qualität der Passphrase, die Sie oben eingegeben haben.\n"
"Bitte fragen sie Ihren Systembeauftragten nach den\n"
"Kriterien für die Messung der Qualität."
#: agent/call-pinentry.c:647
#, c-format
msgid "SETERROR %s (try %d of %d)"
msgstr "SETERROR %s (Versuch %d von %d)"
#: agent/call-pinentry.c:667 agent/call-pinentry.c:679
msgid "PIN too long"
msgstr "Die PIN ist zu lang"
#: agent/call-pinentry.c:668
msgid "Passphrase too long"
msgstr "Das Mantra (Passphrase) ist zu lang"
#: agent/call-pinentry.c:676
msgid "Invalid characters in PIN"
msgstr "Ungültige Zeichen in der PIN"
#: agent/call-pinentry.c:681
msgid "PIN too short"
msgstr "Die PIN ist zu kurz"
#: agent/call-pinentry.c:693
msgid "Bad PIN"
msgstr "Falsche PIN"
#: agent/call-pinentry.c:694
msgid "Bad Passphrase"
msgstr "Falsche Passphrase"
#: agent/call-pinentry.c:730
msgid "Passphrase"
msgstr "Passphrase"
#: agent/command-ssh.c:529
#, c-format
msgid "ssh keys greater than %d bits are not supported\n"
msgstr "SSH Schlüssel von mehr als %d Bits werden nicht unterstützt\n"
#: agent/command-ssh.c:688 g10/exec.c:478 g10/gpg.c:1059 g10/keygen.c:3141
#: g10/keygen.c:3174 g10/keyring.c:1202 g10/keyring.c:1506 g10/openfile.c:275
#: g10/openfile.c:368 g10/sign.c:798 g10/sign.c:1107 g10/tdbio.c:536
#, c-format
msgid "can't create `%s': %s\n"
msgstr "'%s' kann nicht erzeugt werden: %s\n"
#: agent/command-ssh.c:700 g10/card-util.c:680 g10/card-util.c:749
#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
#: g10/encode.c:504 g10/gpg.c:1060 g10/import.c:193 g10/keygen.c:2630
#: g10/keyring.c:1532 g10/openfile.c:192 g10/openfile.c:353
#: g10/plaintext.c:503 g10/sign.c:780 g10/sign.c:975 g10/sign.c:1091
#: g10/sign.c:1247 g10/tdbdump.c:139 g10/tdbdump.c:147 g10/tdbio.c:540
#: g10/tdbio.c:603 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:1939
#: sm/gpgsm.c:1976 sm/gpgsm.c:2014 sm/qualified.c:66
#, c-format
msgid "can't open `%s': %s\n"
msgstr "'%s' kann nicht geöffnet werden: %s\n"
#: agent/command-ssh.c:1615 agent/command-ssh.c:1633
#, c-format
msgid "error getting serial number of card: %s\n"
msgstr "Fehler beim Holen der Karten-Seriennummer: %s\n"
#: agent/command-ssh.c:1619
#, c-format
msgid "detected card with S/N: %s\n"
msgstr "Erkannte Karte hat die Seriennummer: %s\n"
#: agent/command-ssh.c:1624
#, c-format
msgid "error getting default authentication keyID of card: %s\n"
msgstr "Fehler beim Holen der Authentisierungsschlüssel-ID der Karte: %s\n"
#: agent/command-ssh.c:1644
#, c-format
msgid "no suitable card key found: %s\n"
msgstr "keine passender Kartenschlüssel gefunden: %s\n"
#: agent/command-ssh.c:1694
#, c-format
msgid "shadowing the key failed: %s\n"
msgstr "\"Shadowing\" des Schlüssels schlug fehl: %s\n"
#: agent/command-ssh.c:1709
#, c-format
msgid "error writing key: %s\n"
msgstr "Fehler beim Schreiben des Schlüssels: %s\n"
#: agent/command-ssh.c:2014
#, c-format
msgid "Please enter the passphrase for the ssh key%0A %c"
msgstr "Bitte geben Sie die Passphrase für den SSH-Schlüssel %0A %c ein"
#: agent/command-ssh.c:2342 agent/genkey.c:308 agent/genkey.c:430
#: agent/protect-tool.c:1197
msgid "Please re-enter this passphrase"
msgstr "Bitte geben Sie die Passphrase noch einmal ein:"
#: agent/command-ssh.c:2363
#, c-format
msgid ""
"Please enter a passphrase to protect the received secret key%%0A %s%%"
"0Awithin gpg-agent's key storage"
msgstr ""
"Bitte geben Sie eine Passphrase ein, um den empfangenen geheimen Schlüssel%%"
"0A %s%%0A im Schlüsselspeicher des gpg-agenten zu schützen"
#: agent/command-ssh.c:2401 agent/genkey.c:338 agent/genkey.c:461
#: agent/protect-tool.c:1203 tools/symcryptrun.c:434
msgid "does not match - try again"
msgstr "Keine Übereinstimmung - bitte nochmal versuchen"
#: agent/command-ssh.c:2885
#, c-format
msgid "failed to create stream from socket: %s\n"
msgstr "Das Erzeugen eines Datenstrom aus dem Socket schlug fehl: %s\n"
#: agent/divert-scd.c:217
msgid "Admin PIN"
msgstr "Admin-PIN"
#: agent/divert-scd.c:275
msgid "Repeat this PIN"
msgstr "PIN bitte wiederholen"
#: agent/divert-scd.c:278
msgid "PIN not correctly repeated; try again"
msgstr "PIN wurde nicht richtig wiederholt; noch einmal versuchen"
#: agent/divert-scd.c:290
#, c-format
msgid "Please enter the PIN%s%s%s to unlock the card"
msgstr "Bitte geben Sie die PIN%s%s%s ein um die Karte zu entsperren"
#: agent/genkey.c:106 sm/export.c:628 sm/export.c:644 sm/import.c:525
#: sm/import.c:550
#, c-format
msgid "error creating temporary file: %s\n"
msgstr "Fehler beim Erstellen einer temporären Datei: %s\n"
#: agent/genkey.c:113 sm/export.c:635 sm/import.c:533
#, c-format
msgid "error writing to temporary file: %s\n"
msgstr "Fehler beim Schreiben auf eine temporäre Datei: %s\n"
#: agent/genkey.c:151 agent/genkey.c:157
msgid "Enter new passphrase"
msgstr "Neue Passphrase eingeben"
#: agent/genkey.c:165
msgid "Take this one anyway"
msgstr "Diese trotzdem benutzen"
#: agent/genkey.c:191
#, c-format
msgid ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
"at least %u character long."
msgid_plural ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
"at least %u characters long."
msgstr[0] ""
"WARNUNG: Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben. "
"Eine Passphrase sollte%%0A mindestens %u Zeichen lang sein."
msgstr[1] ""
"WARNUNG: Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben. "
"Eine Passphrase sollte%%0A mindestens %u Zeichen lang sein."
#: agent/genkey.c:212
#, c-format
msgid ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
"contain at least %u digit or%%0Aspecial character."
msgid_plural ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
"contain at least %u digits or%%0Aspecial characters."
msgstr[0] ""
"WARNUNG: Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben. "
"Eine Passphrase sollte%%0Amindestens %u Sonderzeichen oder eine Ziffer "
"enthalten."
msgstr[1] ""
"WARNUNG: Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben. "
"Eine Passphrase sollte%%0A mindestens %u Sonderzeichen oder Ziffern "
"enthalten."
#: agent/genkey.c:235
#, c-format
msgid ""
"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
"a known term or match%%0Acertain pattern."
msgstr "WARNUNG: Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben. Eine Passphrase sollte kein%%0Abekanntes Wort sein oder nach bekannten Regeln aufgebaut sein."
#: agent/genkey.c:251
#, c-format
msgid ""
"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
msgstr ""
"Sie haben keine Passphrase eingegeben!%0AEine leere Passphrase ist nicht "
"erlaubt."
#: agent/genkey.c:253
#, c-format
msgid ""
"You have not entered a passphrase - this is in general a bad idea!%0APlease "
"confirm that you do not want to have any protection on your key."
msgstr ""
"Sie möchten keine Passphrase - Dies ist *nicht* zu empfehlen!%0ABitte\n"
"bestätigen Sie, daß sie auf jeden Schutz Ihres privaten Schlüssels\n"
"verzichten."
#: agent/genkey.c:262
msgid "Yes, protection is not needed"
msgstr "Ja, ein Schutz ist nicht notwendig"
#: agent/genkey.c:306
#, c-format
msgid "Please enter the passphrase to%0Ato protect your new key"
msgstr "Bitte geben Sie die Passphrase ein%0Aum Ihren Schlüssel zu schützen"
#: agent/genkey.c:429
msgid "Please enter the new passphrase"
msgstr "Bitte geben Sie die Passphrase ein:"
#: agent/gpg-agent.c:117 agent/preset-passphrase.c:72 agent/protect-tool.c:109
#: scd/scdaemon.c:101
msgid ""
"@Options:\n"
" "
msgstr ""
"@Optionen:\n"
" "
#: agent/gpg-agent.c:119 scd/scdaemon.c:103
msgid "run in server mode (foreground)"
msgstr "Im Server Modus ausführen"
#: agent/gpg-agent.c:120 scd/scdaemon.c:106
msgid "run in daemon mode (background)"
msgstr "Im Daemon Modus ausführen"
#: agent/gpg-agent.c:121 g10/gpg.c:471 g10/gpgv.c:70 kbx/kbxutil.c:88
#: scd/scdaemon.c:107 sm/gpgsm.c:342 tools/gpg-connect-agent.c:66
#: tools/gpgconf.c:72 tools/symcryptrun.c:164
msgid "verbose"
msgstr "Detaillierte Informationen"
#: agent/gpg-agent.c:122 g10/gpgv.c:71 kbx/kbxutil.c:89 scd/scdaemon.c:108
#: sm/gpgsm.c:343
msgid "be somewhat more quiet"
msgstr "Etwas weniger Infos"
#: agent/gpg-agent.c:123 scd/scdaemon.c:109
msgid "sh-style command output"
msgstr "Ausgabe für /bin/sh"
#: agent/gpg-agent.c:124 scd/scdaemon.c:110
msgid "csh-style command output"
msgstr "Ausgabe für /bin/csh"
#: agent/gpg-agent.c:125 tools/symcryptrun.c:167
msgid "|FILE|read options from FILE"
msgstr "|DATEI|Konfigurationsoptionen aus DATEI lesen"
#: agent/gpg-agent.c:130 scd/scdaemon.c:119
msgid "do not detach from the console"
msgstr "Im Vordergrund laufen lassen"
#: agent/gpg-agent.c:131
msgid "do not grab keyboard and mouse"
msgstr "Tastatur und Maus nicht \"grabben\""
#: agent/gpg-agent.c:132 scd/scdaemon.c:120 tools/symcryptrun.c:166
msgid "use a log file for the server"
msgstr "Logausgaben in eine Datei umlenken"
#: agent/gpg-agent.c:134
msgid "use a standard location for the socket"
msgstr "Benutze einen Standardnamen für den Socket"
#: agent/gpg-agent.c:137
msgid "|PGM|use PGM as the PIN-Entry program"
msgstr "|PGM|benutze PGM as PIN-Entry"
#: agent/gpg-agent.c:140
msgid "|PGM|use PGM as the SCdaemon program"
msgstr "|PGM|benutze PGM as SCdaemon"
#: agent/gpg-agent.c:141
msgid "do not use the SCdaemon"
msgstr "Den Scdaemon-basierten Kartenzugriff nicht nutzen"
#: agent/gpg-agent.c:150
msgid "ignore requests to change the TTY"
msgstr "Ignoriere Anfragen, das TTY zu wechseln"
#: agent/gpg-agent.c:152
msgid "ignore requests to change the X display"
msgstr "Ignoriere Anfragen, das X-Display zu wechseln"
#: agent/gpg-agent.c:155
msgid "|N|expire cached PINs after N seconds"
msgstr "|N|lasse PINs im Cache nach N Sekunden verfallen"
#: agent/gpg-agent.c:168
msgid "do not use the PIN cache when signing"
msgstr "benutze PINs im Cache nicht bem Signieren"
#: agent/gpg-agent.c:170
msgid "allow clients to mark keys as \"trusted\""
msgstr "erlaube Aufrufern Schlüssel als \"vertrauenswürdig\" zu markieren"
#: agent/gpg-agent.c:172
msgid "allow presetting passphrase"
msgstr "erlaube ein \"preset\" von Passphrases"
#: agent/gpg-agent.c:173
msgid "enable ssh-agent emulation"
msgstr "Die ssh-agent-Emulation anschalten"
#: agent/gpg-agent.c:175
msgid "|FILE|write environment settings also to FILE"
msgstr "|DATEI|Schreibe die Umgebungsvariabeln auf DATEI"
#: agent/gpg-agent.c:282 agent/preset-passphrase.c:94 agent/protect-tool.c:146
#: scd/scdaemon.c:207 sm/gpgsm.c:570 tools/gpg-connect-agent.c:171
#: tools/gpgconf.c:94 tools/symcryptrun.c:204
msgid "Please report bugs to <"
msgstr "Fehlerberichte bitte an <"
#: agent/gpg-agent.c:285
msgid "Usage: gpg-agent [options] (-h for help)"
msgstr "Aufruf: gpg-agent [Optionen] (-h für Hilfe)"
#: agent/gpg-agent.c:287
msgid ""
"Syntax: gpg-agent [options] [command [args]]\n"
"Secret key management for GnuPG\n"
msgstr ""
"Syntax: gpg-agent [Optionen] [Befehl [Argumente]]\n"
"Verwaltung von geheimen Schlüsseln für GnuPG\n"
#: agent/gpg-agent.c:322 g10/gpg.c:966 scd/scdaemon.c:247 sm/gpgsm.c:732
#, c-format
msgid "invalid debug-level `%s' given\n"
msgstr "ungültige Debugebene `%s' angegeben\n"
#: agent/gpg-agent.c:521 agent/protect-tool.c:1066 kbx/kbxutil.c:428
#: scd/scdaemon.c:342 sm/gpgsm.c:873 sm/gpgsm.c:876 tools/symcryptrun.c:997
#, c-format
msgid "%s is too old (need %s, have %s)\n"
msgstr "Die Bibliothek %s ist nicht aktuell (benötige %s, habe %s)\n"
#: agent/gpg-agent.c:620 g10/gpg.c:2072 scd/scdaemon.c:423 sm/gpgsm.c:964
#, c-format
msgid "NOTE: no default option file `%s'\n"
msgstr "Hinweis: Keine voreingestellte Optionendatei '%s' vorhanden\n"
#: agent/gpg-agent.c:625 agent/gpg-agent.c:1205 g10/gpg.c:2076
#: scd/scdaemon.c:428 sm/gpgsm.c:968 tools/symcryptrun.c:930
#, c-format
msgid "option file `%s': %s\n"
msgstr "Optionendatei '%s': %s\n"
#: agent/gpg-agent.c:633 g10/gpg.c:2083 scd/scdaemon.c:436 sm/gpgsm.c:975
#, c-format
msgid "reading options from `%s'\n"
msgstr "Optionen werden aus '%s' gelesen\n"
#: agent/gpg-agent.c:965 g10/plaintext.c:140 g10/plaintext.c:145
#: g10/plaintext.c:162
#, c-format
msgid "error creating `%s': %s\n"
msgstr "Fehler beim Erstellen von `%s': %s\n"
#: agent/gpg-agent.c:1275 agent/gpg-agent.c:1387 agent/gpg-agent.c:1391
#: agent/gpg-agent.c:1432 agent/gpg-agent.c:1436 g10/exec.c:172
#: g10/openfile.c:429 scd/scdaemon.c:921
#, c-format
msgid "can't create directory `%s': %s\n"
msgstr "Verzeichnis `%s' kann nicht erzeugt werden: %s\n"
#: agent/gpg-agent.c:1289 scd/scdaemon.c:935
msgid "name of socket too long\n"
msgstr "Der Name des Sockets ist zu lang\n"
#: agent/gpg-agent.c:1312 scd/scdaemon.c:958
#, c-format
msgid "can't create socket: %s\n"
msgstr "Socket kann nicht erzeugt werden: %s\n"
#: agent/gpg-agent.c:1321
#, c-format
msgid "socket name `%s' is too long\n"
msgstr "Der Name des Sockets `%s' ist zu lang\n"
#: agent/gpg-agent.c:1333
msgid "a gpg-agent is already running - not starting a new one\n"
msgstr "Ein gpg-agent läuft bereits - ein weiterer wird nicht gestartet\n"
#: agent/gpg-agent.c:1344 scd/scdaemon.c:978
msgid "error getting nonce for the socket\n"
msgstr "Fehler beim Ermitteln der \"Nonce\" dieses Sockets\n"
#: agent/gpg-agent.c:1349 scd/scdaemon.c:981
#, c-format
msgid "error binding socket to `%s': %s\n"
msgstr "Der Socket kann nicht an `%s' gebunden werden: %s\n"
#: agent/gpg-agent.c:1361 scd/scdaemon.c:990
#, c-format
msgid "listen() failed: %s\n"
msgstr "Der listen()-Aufruf ist fehlgeschlagen: %s\n"
#: agent/gpg-agent.c:1367 scd/scdaemon.c:997
#, c-format
msgid "listening on socket `%s'\n"
msgstr "Es wird auf Socket `%s' gehört\n"
#: agent/gpg-agent.c:1395 agent/gpg-agent.c:1442 g10/openfile.c:432
#, c-format
msgid "directory `%s' created\n"
msgstr "Verzeichnis `%s' erzeugt\n"
#: agent/gpg-agent.c:1448
#, c-format
msgid "stat() failed for `%s': %s\n"
msgstr "stat()-Aufruf für `%s' fehlgeschlagen: %s\n"
#: agent/gpg-agent.c:1452
#, c-format
msgid "can't use `%s' as home directory\n"
msgstr "Die Datei `%s' kann nicht als Home-Verzeichnis benutzt werden\n"
#: agent/gpg-agent.c:1562 scd/scdaemon.c:1013
#, c-format
msgid "error reading nonce on fd %d: %s\n"
msgstr "Fehler beim Lesen der \"Nonce\" von FD %d: %s\n"
#: agent/gpg-agent.c:1584
#, c-format
msgid "handler 0x%lx for fd %d started\n"
msgstr "Handhabungsroutine 0x%lx für fd %d gestartet\n"
#: agent/gpg-agent.c:1589
#, c-format
msgid "handler 0x%lx for fd %d terminated\n"
msgstr "Handhabungsroutine 0x%lx für den fd %d beendet\n"
#: agent/gpg-agent.c:1609
#, c-format
msgid "ssh handler 0x%lx for fd %d started\n"
msgstr "SSH-Handhabungsroutine 0x%lx für fd %d gestartet\n"
#: agent/gpg-agent.c:1614
#, c-format
msgid "ssh handler 0x%lx for fd %d terminated\n"
msgstr "SSH-Handhabungsroutine 0x%lx für fd %d beendet\n"
#: agent/gpg-agent.c:1718 scd/scdaemon.c:1135
#, c-format
msgid "pth_select failed: %s - waiting 1s\n"
msgstr "pth_select()-Aufruf fehlgeschlagen: %s - warte 1s\n"
#: agent/gpg-agent.c:1827 scd/scdaemon.c:1202
#, c-format
msgid "%s %s stopped\n"
msgstr "%s %s angehalten\n"
#: agent/gpg-agent.c:1850
msgid "no gpg-agent running in this session\n"
msgstr "Der gpg-agent läuft nicht für diese Session\n"
#: agent/gpg-agent.c:1861 common/simple-pwquery.c:329
#: tools/gpg-connect-agent.c:1953
msgid "malformed GPG_AGENT_INFO environment variable\n"
msgstr "fehlerhaft aufgebaute GPG_AGENT_INFO - Umgebungsvariable\n"
#: agent/gpg-agent.c:1874 common/simple-pwquery.c:341
#: tools/gpg-connect-agent.c:1964
#, c-format
msgid "gpg-agent protocol version %d is not supported\n"
msgstr "GPG-Agent-Protokoll-Version %d wird nicht unterstützt\n"
#: agent/preset-passphrase.c:98
msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
msgstr "Aufruf: gpg-preset-passphrase [Optionen] KEYGRIP (-h für Hilfe)\n"
#: agent/preset-passphrase.c:101
msgid ""
"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
"Password cache maintenance\n"
msgstr ""
"Syntax: gpg-preset-passphrase [Optionen] KEYGRIP\n"
"Kennwortpuffer-Pflege\n"
#: agent/protect-tool.c:149
msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
msgstr "Aufruf: gpg-protect-tool [Optionen] (-h für Hilfe)\n"
#: agent/protect-tool.c:151
msgid ""
"Syntax: gpg-protect-tool [options] [args]\n"
"Secret key maintenance tool\n"
msgstr ""
"Syntax: gpg-protect-tool [Optionen] [Argumente]\n"
"Werkzeug zum Bearbeiten von geheimen Schlüsseln\n"
#: agent/protect-tool.c:1188
msgid "Please enter the passphrase to unprotect the PKCS#12 object."
msgstr "Bitte geben Sie die Passphrase zum Entsperren des PKCS#12 Objekts ein"
#: agent/protect-tool.c:1191
msgid "Please enter the passphrase to protect the new PKCS#12 object."
msgstr ""
"Bitte geben Sie die Passphrase zum Schützen des neuen PKCS#12 Objekts ein"
#: agent/protect-tool.c:1194
msgid ""
"Please enter the passphrase to protect the imported object within the GnuPG "
"system."
msgstr ""
"Bitte geben Sie die Passphrase ein, um das importierte Objekt im GnuPG "
"System zu schützen."
#: agent/protect-tool.c:1199
msgid ""
"Please enter the passphrase or the PIN\n"
"needed to complete this operation."
msgstr ""
"Die Eingabe der Passphrase bzw. der PIN\n"
"wird benötigt um diese Aktion auszuführen."
#: agent/protect-tool.c:1204 tools/symcryptrun.c:435
msgid "Passphrase:"
msgstr "Passphrase:"
#: agent/protect-tool.c:1212 tools/symcryptrun.c:442
#, c-format
msgid "error while asking for the passphrase: %s\n"
msgstr "Fehler bei der Abfrage der Passphrase: %s\n"
#: agent/protect-tool.c:1215 tools/symcryptrun.c:446
msgid "cancelled\n"
msgstr "Vom Benutzer abgebrochen\n"
#: agent/trustlist.c:132 agent/trustlist.c:322
#, c-format
msgid "error opening `%s': %s\n"
msgstr "Fehler beim Öffnen von `%s': %s\n"
#: agent/trustlist.c:147
#, c-format
msgid "file `%s', line %d: %s\n"
msgstr "Datei `%s', Zeile %d: %s\n"
#: agent/trustlist.c:167 agent/trustlist.c:175
#, c-format
msgid "statement \"%s\" ignored in `%s', line %d\n"
msgstr ""
"Anweisung \"%s\" in `%s', Zeile %d\n"
" ignoriert\n"
#: agent/trustlist.c:181
#, c-format
msgid "system trustlist `%s' not available\n"
msgstr ""
"Systemliste der vertrauenswürdigen Zertifikate '%s' ist nicht vorhanden\n"
#: agent/trustlist.c:216
#, c-format
msgid "bad fingerprint in `%s', line %d\n"
msgstr "fehlerhafter Fingerabdruck in `%s', Zeile %d\n"
#: agent/trustlist.c:242 agent/trustlist.c:249
#, c-format
msgid "invalid keyflag in `%s', line %d\n"
msgstr "Ungültiger Schlüsselflag in `%s', Zeile %d\n"
#: agent/trustlist.c:283
#, c-format
msgid "error reading `%s', line %d: %s\n"
msgstr "Fehler beim Lesen von `%s', Zeile %d: %s\n"
#: agent/trustlist.c:384 agent/trustlist.c:431
msgid "error reading list of trusted root certificates\n"
msgstr "Fehler beim Lesen der Liste vertrauenswürdiger root-Zertifikate\n"
#. TRANSLATORS: This prompt is shown by the Pinentry
#. and has one special property: A "%%0A" is used by
#. Pinentry to insert a line break. The double
#. percent sign is actually needed because it is also
#. a printf format string. If you need to insert a
#. plain % sign, you need to encode it as "%%25". The
#. second "%s" gets replaced by a hexdecimal
#. fingerprint string whereas the first one receives
#. the name as stored in the certificate.
#: agent/trustlist.c:539
#, c-format
msgid ""
"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
"fingerprint:%%0A %s"
msgstr ""
"Bitte prüfen Sie, daß das Zertifikat mit dem Namen:%%0A \"%s\"%%0Afolgenden "
"Fingerabdruck hat:%%0A %s"
#. TRANSLATORS: "Correct" is the label of a button and intended to
#. be hit if the fingerprint matches the one of the CA. The other
#. button is "the default "Cancel" of the Pinentry.
#: agent/trustlist.c:551
msgid "Correct"
msgstr "Korrekt"
#. TRANSLATORS: This prompt is shown by the Pinentry
#. and has one special property: A "%%0A" is used by
#. Pinentry to insert a line break. The double
#. percent sign is actually needed because it is also
#. a printf format string. If you need to insert a
#. plain % sign, you need to encode it as "%%25". The
#. "%s" gets replaced by the name as store in the
#. certificate.
#: agent/trustlist.c:574
#, c-format
msgid ""
"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
"certificates?"
msgstr ""
"Wenn Sie vollständiges Vertrauen haben, daß%%0A \"%s\"%%"
"0ABenutzerzertifikate verläßlich zertifiziert, so antworten Sie mit \"Ja\""
#: agent/trustlist.c:583
msgid "Yes"
msgstr "Ja"
#: agent/trustlist.c:583
msgid "No"
msgstr "Nein"
#: agent/findkey.c:158
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
"Hinweis: Diese Passphrase wurde noch nie geändert/%0ABitte ändern Sie sie "
"jetzt."
#: agent/findkey.c:174
#, c-format
msgid ""
"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
"it now."
msgstr ""
"Diese Passphrase wurde seit dem %.4s-%.2s-%.2s nicht%%0A\n"
"mehr geändert. Bitte ändern Sie sie jetzt."
#: agent/findkey.c:188 agent/findkey.c:195
msgid "Change passphrase"
msgstr "Die Passphrase ändern"
#: agent/findkey.c:196
msgid "I'll change it later"
msgstr "Ich werde sie später ändern"
#: common/exechelp.c:371 common/exechelp.c:459 tools/gpgconf-comp.c:1338
#: tools/gpgconf-comp.c:1641
#, c-format
msgid "error creating a pipe: %s\n"
msgstr "Fehler beim Erzeugen einer \"Pipe\": %s\n"
#: common/exechelp.c:435 common/exechelp.c:492
#, c-format
msgid "can't fdopen pipe for reading: %s\n"
msgstr "Pipe kann nicht zum Lesen \"fdopen\"t werden: %s\n"
#: common/exechelp.c:471 common/exechelp.c:599 common/exechelp.c:834
#, c-format
msgid "error forking process: %s\n"
msgstr "Fehler beim \"Forken\" des Prozess: %s\n"
#: common/exechelp.c:645 common/exechelp.c:698
#, c-format
msgid "waiting for process %d to terminate failed: %s\n"
msgstr "Das Warten auf die Beendigung des Prozesses %d schlug fehl: %s\n"
#: common/exechelp.c:653
#, c-format
msgid "error getting exit code of process %d: %s\n"
msgstr "Fehler beim Holen des Exitwerte des Prozesses %d: %s\n"
#: common/exechelp.c:659 common/exechelp.c:709
#, c-format
msgid "error running `%s': exit status %d\n"
msgstr "Fehler bei Ausführung von `%s': Endestatus %d\n"
#: common/exechelp.c:704
#, c-format
msgid "error running `%s': probably not installed\n"
msgstr "Feler bei Ausführung von `%s': wahrscheinlich nicht installiert\n"
#: common/exechelp.c:717
#, c-format
msgid "error running `%s': terminated\n"
msgstr "Fehler bei Ausführung von `%s': beendet\n"
#: common/http.c:1625
#, c-format
msgid "error creating socket: %s\n"
msgstr "Fehler beim Erstellen des Sockets: %s\n"
#: common/http.c:1669
msgid "host not found"
msgstr "Host nicht gefunden"
#: common/simple-pwquery.c:315
msgid "gpg-agent is not available in this session\n"
msgstr "GPG-Agent ist in dieser Sitzung nicht vorhanden\n"
#: common/simple-pwquery.c:373
#, c-format
msgid "can't connect to `%s': %s\n"
msgstr "Verbindung zu '%s' kann nicht aufgebaut werden: %s\n"
#: common/simple-pwquery.c:384
msgid "communication problem with gpg-agent\n"
msgstr "Kommunikationsproblem mit GPG-Agent\n"
#: common/simple-pwquery.c:394
msgid "problem setting the gpg-agent options\n"
msgstr "Beim setzen der gpg-agent Optionen ist ein problem aufgetreten\n"
#: common/simple-pwquery.c:557 common/simple-pwquery.c:653
msgid "canceled by user\n"
msgstr "Vom Benutzer abgebrochen\n"
#: common/simple-pwquery.c:572 common/simple-pwquery.c:659
msgid "problem with the agent\n"
msgstr "Problem mit dem Agenten\n"
#: common/sysutils.c:103
#, c-format
msgid "can't disable core dumps: %s\n"
msgstr "core-dump-Dateierzeugung kann nicht abgeschaltet werden: %s\n"
#: common/sysutils.c:198
#, c-format
msgid "Warning: unsafe ownership on %s \"%s\"\n"
msgstr "WARNUNG: Unsichere Besitzrechte für %s \"%s\"\n"
#: common/sysutils.c:230
#, c-format
msgid "Warning: unsafe permissions on %s \"%s\"\n"
msgstr "WARNUNG: Unsichere Zugriffsrechte für %s \"%s\"\n"
#. TRANSLATORS: See doc/TRANSLATE about this string.
#: common/yesno.c:31 common/yesno.c:68
msgid "yes"
msgstr "ja"
#: common/yesno.c:32 common/yesno.c:73
msgid "yY"
msgstr "jJyY"
#. TRANSLATORS: See doc/TRANSLATE about this string.
#: common/yesno.c:34 common/yesno.c:70
msgid "no"
msgstr "nein"
#: common/yesno.c:35 common/yesno.c:74
msgid "nN"
msgstr "nN"
#. TRANSLATORS: See doc/TRANSLATE about this string.
#: common/yesno.c:72
msgid "quit"
msgstr "quit"
#: common/yesno.c:75
msgid "qQ"
msgstr "qQ"
#. TRANSLATORS: See doc/TRANSLATE about this string.
#: common/yesno.c:109
msgid "okay|okay"
msgstr "okay|okay"
#. TRANSLATORS: See doc/TRANSLATE about this string.
#: common/yesno.c:111
msgid "cancel|cancel"
msgstr "abbrechen|abbrechen"
#: common/yesno.c:112
msgid "oO"
msgstr "oO"
#: common/yesno.c:113
msgid "cC"
msgstr "cC"
#: common/miscellaneous.c:71
#, c-format
msgid "out of core in secure memory while allocating %lu bytes"
msgstr ""
"Kein sicherer Speicher mehr vorhanden, als %lu Byte zugewiesen werden sollten"
#: common/miscellaneous.c:74
#, c-format
msgid "out of core while allocating %lu bytes"
msgstr "Kein Speicher mehr vorhanden, als %lu Byte zugewiesen werden sollten"
#: g10/armor.c:379
#, c-format
msgid "armor: %s\n"
msgstr "ASCII-Hülle: %s\n"
#: g10/armor.c:418
msgid "invalid armor header: "
msgstr "Ungültige ASCII-Hülle"
#: g10/armor.c:429
msgid "armor header: "
msgstr "ASCII-Hülle: "
#: g10/armor.c:442
msgid "invalid clearsig header\n"
msgstr "Ungültige Klartextsignatur-Einleitung\n"
#: g10/armor.c:455
msgid "unknown armor header: "
msgstr "Unbekannter Header in der ASCII-Hülle: "
#: g10/armor.c:508
msgid "nested clear text signatures\n"
msgstr "verschachtelte Klartextunterschriften\n"
#: g10/armor.c:643
msgid "unexpected armor: "
msgstr "Unerwartete ASCII-Hülle: "
#: g10/armor.c:655
msgid "invalid dash escaped line: "
msgstr "Ungültige mit Bindestrich \"escapte\" Zeile: "
#: g10/armor.c:809 g10/armor.c:1419
#, c-format
msgid "invalid radix64 character %02X skipped\n"
msgstr "Ungültiges \"radix64\" Zeichen %02x übersprungen\n"
#: g10/armor.c:852
msgid "premature eof (no CRC)\n"
msgstr "vorzeitiges Dateiende (keine Prüfsumme)\n"
#: g10/armor.c:886
msgid "premature eof (in CRC)\n"
msgstr "vorzeitiges Dateiende (innerhalb der Prüfsumme)\n"
#: g10/armor.c:894
msgid "malformed CRC\n"
msgstr "Falsch aufgebaute Prüfsumme\n"
#: g10/armor.c:898 g10/armor.c:1456
#, c-format
msgid "CRC error; %06lX - %06lX\n"
msgstr "Prüfsummenfehler; %06lx - %06lx\n"
#: g10/armor.c:918
msgid "premature eof (in trailer)\n"
msgstr "vorzeitiges Dateiende (im Nachsatz)\n"
#: g10/armor.c:922
msgid "error in trailer line\n"
msgstr "Fehler in der Nachsatzzeile\n"
#: g10/armor.c:1233
msgid "no valid OpenPGP data found.\n"
msgstr "Keine gültigen OpenPGP-Daten gefunden.\n"
#: g10/armor.c:1238
#, c-format
msgid "invalid armor: line longer than %d characters\n"
msgstr "ungültige ASCII-Hülle: Zeile ist länger als %d Zeichen\n"
#: g10/armor.c:1242
msgid ""
"quoted printable character in armor - probably a buggy MTA has been used\n"
msgstr ""
"\"quoted printable\" Zeichen in der ASCII-Hülle gefunden - möglicherweise\n"
" war ein fehlerhafter Email-Transporter(\"MTA\") die Ursache\n"
#: g10/build-packet.c:976
msgid ""
"a notation name must have only printable characters or spaces, and end with "
"an '='\n"
msgstr ""
"Ein \"notation\"-Name darf nur Buchstaben, Zahlen, Punkte oder Unterstriche "
"enthalten und muß mit einem '=' enden\n"
#: g10/build-packet.c:988
msgid "a user notation name must contain the '@' character\n"
msgstr "Ein \"notation\"-Wert darf das '@'-Zeichen nicht verwenden\n"
#: g10/build-packet.c:994
msgid "a notation name must not contain more than one '@' character\n"
msgstr "Ein \"notation\"-Wert darf das '@'-Zeichen maximal einmal verwenden\n"
#: g10/build-packet.c:1012
msgid "a notation value must not use any control characters\n"
msgstr "Ein \"notation\"-Wert darf keine Kontrollzeichen verwenden\n"
#: g10/build-packet.c:1046 g10/build-packet.c:1055
msgid "WARNING: invalid notation data found\n"
msgstr "WARNUNG: Ungültige \"Notation\"-Daten gefunden\n"
#: g10/build-packet.c:1077 g10/build-packet.c:1079
msgid "not human readable"
msgstr "nicht als Klartext darstellbar"
#: g10/card-util.c:62 g10/card-util.c:308
#, c-format
msgid "OpenPGP card not available: %s\n"
msgstr "OpenPGP Karte ist nicht vorhanden: %s\n"
#: g10/card-util.c:67
#, c-format
msgid "OpenPGP card no. %s detected\n"
msgstr "OpenPGP Karte Nr. %s erkannt\n"
#: g10/card-util.c:75 g10/card-util.c:1394 g10/delkey.c:126 g10/keyedit.c:1529
#: g10/keygen.c:2817 g10/revoke.c:216 g10/revoke.c:455
msgid "can't do this in batch mode\n"
msgstr "Dies kann im Batchmodus nicht durchgeführt werden.\n"
#: g10/card-util.c:102 g10/card-util.c:1127 g10/card-util.c:1206
#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1577
#: g10/keygen.c:1644
msgid "Your selection? "
msgstr "Ihre Auswahl? "
#: g10/card-util.c:218 g10/card-util.c:268
msgid "[not set]"
msgstr "[nicht gesetzt]"
#: g10/card-util.c:415
msgid "male"
msgstr "männlich"
#: g10/card-util.c:416
msgid "female"
msgstr "weiblich"
#: g10/card-util.c:416
msgid "unspecified"
msgstr "unbestimmt"
#: g10/card-util.c:443
msgid "not forced"
msgstr "nicht zwingend"
#: g10/card-util.c:443
msgid "forced"
msgstr "zwingend"
#: g10/card-util.c:521
msgid "Error: Only plain ASCII is currently allowed.\n"
msgstr "Fehler: Nur reines ASCII ist derzeit erlaubt.\n"
#: g10/card-util.c:523
msgid "Error: The \"<\" character may not be used.\n"
msgstr "Fehler: Das Zeichen \"<\" kann nicht benutzt werden.\n"
#: g10/card-util.c:525
msgid "Error: Double spaces are not allowed.\n"
msgstr "Fehler: Doppelte Leerzeichen sind nicht erlaubt.\n"
#: g10/card-util.c:542
msgid "Cardholder's surname: "
msgstr "Familienname des Kartenbesitzers:"
#: g10/card-util.c:544
msgid "Cardholder's given name: "
msgstr "Vorname des Kartenbesitzers:"
#: g10/card-util.c:562
#, c-format
msgid "Error: Combined name too long (limit is %d characters).\n"
msgstr ""
"Fehler: Der zusammengesetzte Name ist zu lang (Grenze beträgt %d Zeichen).\n"
#: g10/card-util.c:583
msgid "URL to retrieve public key: "
msgstr "URL um den öffentlichen Schlüssel zu holen: "
#: g10/card-util.c:591
#, c-format
msgid "Error: URL too long (limit is %d characters).\n"
msgstr "Fehler: URL ist zu lang (Grenze beträgt %d Zeichen).\n"
#: g10/card-util.c:689 g10/card-util.c:758 g10/import.c:283
#, c-format
msgid "error reading `%s': %s\n"
msgstr "Fehler beim Lesen von `%s': %s\n"
#: g10/card-util.c:697
msgid "Login data (account name): "
msgstr "Logindaten (Kontenname): "
#: g10/card-util.c:707
#, c-format
msgid "Error: Login data too long (limit is %d characters).\n"
msgstr "Fehler: Logindaten sind zu lang (Grenze beträgt %d Zeichen).\n"
#: g10/card-util.c:766
msgid "Private DO data: "
msgstr "Geheime DO-Daten: "
#: g10/card-util.c:776
#, c-format
msgid "Error: Private DO too long (limit is %d characters).\n"
msgstr "Fehler: Geheime DO-Daten sind zu lang (Grenze beträgt %d Zeichen).\n"
#: g10/card-util.c:796
msgid "Language preferences: "
msgstr "Spracheinstellungen"
#: g10/card-util.c:804
msgid "Error: invalid length of preference string.\n"
msgstr "Fehler: Ungültige Länge der Einstellungs-Zeichenfolge.\n"
#: g10/card-util.c:813
msgid "Error: invalid characters in preference string.\n"
msgstr "Fehler: Ungültige Zeichen in der Einstellungs-Zeichenfolge\n"
#: g10/card-util.c:834
msgid "Sex ((M)ale, (F)emale or space): "
msgstr "Geschlecht: (Männlich (M), Weiblich (F) oder Leerzeichen): "
#: g10/card-util.c:848
msgid "Error: invalid response.\n"
msgstr "Fehler: ungültige Antwort.\n"
#: g10/card-util.c:869
msgid "CA fingerprint: "
msgstr "CA-Fingerabdruck: "
#: g10/card-util.c:892
msgid "Error: invalid formatted fingerprint.\n"
msgstr "Fehler: ungültig geformter Fingerabdruck.\n"
#: g10/card-util.c:940
#, c-format
msgid "key operation not possible: %s\n"
msgstr "Schlüsseloperation nicht möglich: %s\n"
#: g10/card-util.c:941
msgid "not an OpenPGP card"
msgstr "Keine gültige OpenPGP-Karte"
#: g10/card-util.c:950
#, c-format
msgid "error getting current key info: %s\n"
msgstr "Fehler beim Holen der aktuellen Schlüsselinfo: %s\n"
#: g10/card-util.c:1034
msgid "Replace existing key? (y/N) "
msgstr "Vorhandenen Schlüssel ersetzen? (j/N) "
#: g10/card-util.c:1054 g10/card-util.c:1063
msgid "Make off-card backup of encryption key? (Y/n) "
msgstr ""
"Sicherung des Verschlüsselungsschlüssel außerhalb der Karte erstellen? (J/n) "
#: g10/card-util.c:1075
msgid "Replace existing keys? (y/N) "
msgstr "Vorhandene Schlüssel ersetzen? (j/N) "
#: g10/card-util.c:1084
#, c-format
msgid ""
"Please note that the factory settings of the PINs are\n"
" PIN = `%s' Admin PIN = `%s'\n"
"You should change them using the command --change-pin\n"
msgstr ""
"Bitte beachten: Die Werkseinstellung der PINs sind\n"
" PIN = `%s' Admin-PIN = `%s'\n"
"Sie sollten sie mittels des Befehls --change-pin ändern\n"
#: g10/card-util.c:1118
msgid "Please select the type of key to generate:\n"
msgstr "Bitte wählen Sie die Art des Schlüssel, der erzeugt werden soll:\n"
#: g10/card-util.c:1120 g10/card-util.c:1197
msgid " (1) Signature key\n"
msgstr " (1) Unterschriften-Schlüssel\n"
#: g10/card-util.c:1121 g10/card-util.c:1199
msgid " (2) Encryption key\n"
msgstr " (2) Verschlüsselungs-Schlüssel\n"
#: g10/card-util.c:1122 g10/card-util.c:1201
msgid " (3) Authentication key\n"
msgstr " (3) Authentisierungs-Schlüssel\n"
#: g10/card-util.c:1138 g10/card-util.c:1217 g10/keyedit.c:945
#: g10/keygen.c:1581 g10/keygen.c:1609 g10/keygen.c:1683 g10/revoke.c:685
msgid "Invalid selection.\n"
msgstr "Ungültige Auswahl.\n"
#: g10/card-util.c:1194
msgid "Please select where to store the key:\n"
msgstr "Wählen Sie den Speicherort für den Schlüssel:\n"
#: g10/card-util.c:1229
msgid "unknown key protection algorithm\n"
msgstr "Unbekanntes Schlüssel-Schutzverfahren\n"
#: g10/card-util.c:1234
msgid "secret parts of key are not available\n"
msgstr "Geheime Teile des Schlüssels sind nicht vorhanden\n"
#: g10/card-util.c:1239
msgid "secret key already stored on a card\n"
msgstr "geheimer Schlüssel ist bereits auf einer Karte gespeichert\n"
#: g10/card-util.c:1307 g10/keyedit.c:1362
msgid "quit this menu"
msgstr "Menü verlassen"
#: g10/card-util.c:1309
msgid "show admin commands"
msgstr "Zeige Admin-Befehle"
#: g10/card-util.c:1310 g10/keyedit.c:1365
msgid "show this help"
msgstr "Diese Hilfe zeigen"
#: g10/card-util.c:1312
msgid "list all available data"
msgstr "Alle vorhandenen Daten auflisten"
#: g10/card-util.c:1315
msgid "change card holder's name"
msgstr "Kartenbesitzernamen ändern"
#: g10/card-util.c:1316
msgid "change URL to retrieve key"
msgstr "Schlüssel-holen-URL ändern"
#: g10/card-util.c:1317
msgid "fetch the key specified in the card URL"
msgstr "Holen des Schlüssels mittels der URL auf der Karte"
#: g10/card-util.c:1318
msgid "change the login name"
msgstr "Ändern der Logindaten"
#: g10/card-util.c:1319
msgid "change the language preferences"
msgstr "Ändern der Spracheinstellungen"
#: g10/card-util.c:1320
msgid "change card holder's sex"
msgstr "Ändern des Geschlechts des Kartenbesitzers"
#: g10/card-util.c:1321
msgid "change a CA fingerprint"
msgstr "Ändern des CA-Fingerabdrucks"
#: g10/card-util.c:1322
msgid "toggle the signature force PIN flag"
msgstr "Umschalte des \"Signature-force-PIN\"-Schalters"
#: g10/card-util.c:1323
msgid "generate new keys"
msgstr "neue Schlüssel erzeugen"
#: g10/card-util.c:1324
msgid "menu to change or unblock the PIN"
msgstr "Menü für Ändern oder Entsperren der PIN"
#: g10/card-util.c:1325
msgid "verify the PIN and list all data"
msgstr "überprüfe die PIN und liste alle Daten auf"
#: g10/card-util.c:1445 g10/keyedit.c:1634
msgid "Command> "
msgstr "Befehl> "
#: g10/card-util.c:1483
msgid "Admin-only command\n"
msgstr "nur-Admin Befehl\n"
#: g10/card-util.c:1514
msgid "Admin commands are allowed\n"
msgstr "Admin-Befehle sind erlaubt\n"
#: g10/card-util.c:1516
msgid "Admin commands are not allowed\n"
msgstr "Admin-Befehle sind nicht erlaubt\n"
#: g10/card-util.c:1590 g10/keyedit.c:2255
msgid "Invalid command (try \"help\")\n"
msgstr "Ungültiger Befehl (versuchen Sie's mal mit \"help\")\n"
#: g10/decrypt.c:110 g10/encode.c:876
msgid "--output doesn't work for this command\n"
msgstr "--output funktioniert nicht bei diesem Befehl\n"
#: g10/decrypt.c:166 g10/gpg.c:3931 g10/keyring.c:376 g10/keyring.c:663
#, c-format
msgid "can't open `%s'\n"
msgstr "'%s' kann nicht geöffnet werden\n"
#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3401 g10/keyserver.c:1719
#: g10/revoke.c:226
#, c-format
msgid "key \"%s\" not found: %s\n"
msgstr "Schlüssel \"%s\" nicht gefunden: %s\n"
#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2367 g10/keyserver.c:1733
#: g10/revoke.c:232 g10/revoke.c:477
#, c-format
msgid "error reading keyblock: %s\n"
msgstr "Fehler beim Lesen des Schlüsselblocks: %s\n"
#: g10/delkey.c:127 g10/delkey.c:134
msgid "(unless you specify the key by fingerprint)\n"
msgstr "(es sei denn, Sie geben den Schlüssel mittels Fingerprint an)\n"
#: g10/delkey.c:133
msgid "can't do this in batch mode without \"--yes\"\n"
msgstr "dies kann im Batchmodus ohne \"--yes\" nicht durchgeführt werden\n"
#: g10/delkey.c:145
msgid "Delete this key from the keyring? (y/N) "
msgstr "Diesen Schlüssel aus dem Schlüsselbund löschen? (j/N) "
#: g10/delkey.c:153
msgid "This is a secret key! - really delete? (y/N) "
msgstr "Dies ist ein privater Schlüssel! - Wirklich löschen? (j/N) "
#: g10/delkey.c:163
#, c-format
msgid "deleting keyblock failed: %s\n"
msgstr "löschen des Schlüsselblocks fehlgeschlagen: %s\n"
#: g10/delkey.c:173
msgid "ownertrust information cleared\n"
msgstr "Der \"Ownertrust\" wurde gelöscht\n"
#: g10/delkey.c:204
#, c-format
msgid "there is a secret key for public key \"%s\"!\n"
msgstr ""
"Es gibt einen privaten Schlüssel zu diesem öffentlichen Schlüssel \"%s\"!\n"
#: g10/delkey.c:206
msgid "use option \"--delete-secret-keys\" to delete it first.\n"
msgstr ""
"Verwenden Sie zunächst den Befehl \"--delete-secret-key\", um ihn zu "
"entfernen.\n"
#: g10/encode.c:226 g10/sign.c:1266
#, c-format
msgid "error creating passphrase: %s\n"
msgstr "Fehler beim Erzeugen der Passphrase: %s\n"
#: g10/encode.c:232
msgid "can't use a symmetric ESK packet due to the S2K mode\n"
msgstr ""
"Aufgrund des S2K-Modus kann ein symmetrisches ESK Paket nicht benutzt "
"werden\n"
#: g10/encode.c:246
#, c-format
msgid "using cipher %s\n"
msgstr "benutze Cipher %s\n"
#: g10/encode.c:256 g10/encode.c:577
#, c-format
msgid "`%s' already compressed\n"
msgstr "`%s' ist bereits komprimiert\n"
#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:561
#, c-format
msgid "WARNING: `%s' is an empty file\n"
msgstr "WARNUNG: '%s' ist eine leere Datei.\n"
#: g10/encode.c:485
msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
msgstr ""
"Im --pgp2-Modus kann nur für RSA-Schlüssel mit maximal 2048 Bit "
"verschlüsselt werden\n"
#: g10/encode.c:510
#, c-format
msgid "reading from `%s'\n"
msgstr "Lesen von '%s'\n"
#: g10/encode.c:541
msgid ""
"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
msgstr ""
"Die IDEA-Verschlüsselung kann nicht mit allen Zielschlüsseln verwendet "
"werden.\n"
#: g10/encode.c:559
#, c-format
msgid ""
"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
msgstr ""
"WARNUNG: Erzwungene Verwendung des symmetrischen Verschlüsselungsverfahren %"
"s (%d) verletzt die Empfängervoreinstellungen\n"
#: g10/encode.c:655 g10/sign.c:936
#, c-format
msgid ""
"WARNING: forcing compression algorithm %s (%d) violates recipient "
"preferences\n"
msgstr ""
"WARNUNG: Erzwungenes Kompressionsverfahren %s (%d) verletzt die "
"Empfängervoreinstellungen.\n"
#: g10/encode.c:751
#, c-format
msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
msgstr ""
"Erzwungene Verwendung des symmetrischen Verschlüsselungsverfahren %s (%d) "
"verletzt die Empfängervoreinstellungen\n"
#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:861
#, c-format
msgid "you may not use %s while in %s mode\n"
msgstr "Die Benutzung von %s ist im %s-Modus nicht erlaubt.\n"
#: g10/encode.c:848
#, c-format
msgid "%s/%s encrypted for: \"%s\"\n"
msgstr "%s/%s verschlüsselt für: %s\n"
#: g10/encr-data.c:92 g10/mainproc.c:286
#, c-format
msgid "%s encrypted data\n"
msgstr "%s verschlüsselte Daten\n"
#: g10/encr-data.c:94 g10/mainproc.c:290
#, c-format
msgid "encrypted with unknown algorithm %d\n"
msgstr "Mit unbekanntem Verfahren verschlüsselt %d\n"
#: g10/encr-data.c:132 sm/decrypt.c:126
msgid ""
"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
msgstr ""
"Warnung: Botschaft wurde mit einem unsicheren Schlüssel verschlüsselt.\n"
#: g10/encr-data.c:144
msgid "problem handling encrypted packet\n"
msgstr "Problem beim Bearbeiten des verschlüsselten Packets\n"
#: g10/exec.c:49
msgid "no remote program execution supported\n"
msgstr "Ausführen von externen Programmen wird nicht unterstützt\n"
#: g10/exec.c:313
msgid ""
"external program calls are disabled due to unsafe options file permissions\n"
msgstr ""
"Ausführen von externen Programmen ist ausgeschaltet, da die Dateirechte "
"nicht sicher sind\n"
#: g10/exec.c:343
msgid "this platform requires temporary files when calling external programs\n"
msgstr ""
"Diese Plattform benötigt temporäre Dateien zur Ausführung von externen\n"
"Programmen\n"
#: g10/exec.c:421
#, c-format
msgid "unable to execute program `%s': %s\n"
msgstr "Ausführen des Programms `%s' nicht möglich: %s\n"
#: g10/exec.c:424
#, c-format
msgid "unable to execute shell `%s': %s\n"
msgstr "Ausführen der Shell `%s' nicht möglich: %s\n"
#: g10/exec.c:509
#, c-format
msgid "system error while calling external program: %s\n"
msgstr "Fehler beim Aufruf eines externen Programms: %s\n"
#: g10/exec.c:520 g10/exec.c:586
msgid "unnatural exit of external program\n"
msgstr "ungewöhnliches Ende eines externen Programms\n"
#: g10/exec.c:535
msgid "unable to execute external program\n"
msgstr "Externes Programm konnte nicht aufgerufen werden\n"
#: g10/exec.c:552
#, c-format
msgid "unable to read external program response: %s\n"
msgstr "Die Ausgabe des externen Programms konnte nicht gelesen werden: %s\n"
#: g10/exec.c:597 g10/exec.c:604
#, c-format
msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
msgstr ""
"WARNUNG: die temporäre Datei (%s) `%s' konnte nicht entfernt werden: %s\n"
#: g10/exec.c:609
#, c-format
msgid "WARNING: unable to remove temp directory `%s': %s\n"
msgstr "WARNUNG: Temporäres Verzeichnis `%s' kann nicht entfernt werden: %s\n"
#: g10/export.c:61
msgid "export signatures that are marked as local-only"
msgstr "Exportiere auch Unterschriften die als nicht exportfähig markiert sind"
#: g10/export.c:63
msgid "export attribute user IDs (generally photo IDs)"
msgstr "Exportiere Attribute von User-IDs (i.A. Foto-IDs)"
#: g10/export.c:65
msgid "export revocation keys marked as \"sensitive\""
msgstr "Exportiere Widerrufsschlüssel die als \"sensitiv\" markiert sind"
#: g10/export.c:67
msgid "remove the passphrase from exported subkeys"
msgstr "Die Passphrase von exportierten Unterschlüssel entfernen"
#: g10/export.c:69
msgid "remove unusable parts from key during export"
msgstr "Unbrauchbare Teile des Schlüssel während des Exports entfernen"
#: g10/export.c:71
msgid "remove as much as possible from key during export"
msgstr "Während des Exports soviel wie möglich vom Schlüssel entfernen"
#: g10/export.c:73
msgid "export keys in an S-expression based format"
msgstr "Exportiere Schlüssel in einem auf S-Ausdrücken basierenden Format"
#: g10/export.c:338
msgid "exporting secret keys not allowed\n"
msgstr "Exportieren geheimer Schlüssel ist nicht erlaubt\n"
#: g10/export.c:367
#, c-format
msgid "key %s: not protected - skipped\n"
msgstr "Schlüssel %s: ungeschützt - übersprungen\n"
#: g10/export.c:375
#, c-format
msgid "key %s: PGP 2.x style key - skipped\n"
msgstr "Schlüssel %s: PGP 2.x-artiger Schlüssel - übersprungen\n"
#: g10/export.c:386
#, c-format
msgid "key %s: key material on-card - skipped\n"
msgstr "Schlüssel %s: Schlüsselmaterial ist auf einer Karte - übersprungen\n"
#: g10/export.c:537
msgid "about to export an unprotected subkey\n"
msgstr "Ein ungeschützter Unterschlüssel wird exportiert werden\n"
#: g10/export.c:560
#, c-format
msgid "failed to unprotect the subkey: %s\n"
msgstr "Entfernen des Schutzes für des Unterschlüssel fehlgeschlagen: %s\n"
# translated by wk
#: g10/export.c:584
#, c-format
msgid "WARNING: secret key %s does not have a simple SK checksum\n"
msgstr "WARNUNG: Der geheime Schlüssel %s hat keine einfache SK-Prüfsumme\n"
#: g10/export.c:633
msgid "WARNING: nothing exported\n"
msgstr "WARNUNG: Nichts exportiert\n"
#: g10/getkey.c:151
msgid "too many entries in pk cache - disabled\n"
msgstr "zu viele Einträge im pk-Cache - abgeschaltet\n"
#: g10/getkey.c:174
msgid "[User ID not found]"
msgstr "[User-ID nicht gefunden]"
#: g10/getkey.c:951 g10/getkey.c:961 g10/getkey.c:971 g10/getkey.c:987
#: g10/getkey.c:1002
#, c-format
msgid "automatically retrieved `%s' via %s\n"
msgstr "`%s' automatisch via %s geholt\n"
#: g10/getkey.c:1834
#, c-format
msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
msgstr ""
"Ungültiger Schlüssel %s, gültig gemacht per --allow-non-selfsigned-uid\n"
#: g10/getkey.c:2391 g10/keyedit.c:3726
#, c-format
msgid "no secret subkey for public subkey %s - ignoring\n"
msgstr ""
"Kein privater Unterschlüssel zum öffentlichen Unterschlüssel %s - ignoriert\n"
#: g10/getkey.c:2622
#, c-format
msgid "using subkey %s instead of primary key %s\n"
msgstr "der Unterschlüssel %s wird anstelle des Hauptschlüssels %s verwendet\n"
#: g10/getkey.c:2669
#, c-format
msgid "key %s: secret key without public key - skipped\n"
msgstr ""
"Schlüssel %s: geheimer Schlüssel ohne öffentlichen Schlüssel - übersprungen\n"
#: g10/gpg.c:370 kbx/kbxutil.c:71 sm/gpgsm.c:244 tools/gpgconf.c:56
msgid ""
"@Commands:\n"
" "
msgstr ""
"@Befehle:\n"
" "
#: g10/gpg.c:372
msgid "|[file]|make a signature"
msgstr "|[Datei]|Eine Unterschrift erzeugen"
#: g10/gpg.c:373
msgid "|[file]|make a clear text signature"
msgstr "|[Datei]|Eine Klartextunterschrift erzeugen"
#: g10/gpg.c:374 sm/gpgsm.c:248
msgid "make a detached signature"
msgstr "Eine abgetrennte Unterschrift erzeugen"
#: g10/gpg.c:375 sm/gpgsm.c:249
msgid "encrypt data"
msgstr "Daten verschlüsseln"
#: g10/gpg.c:377 sm/gpgsm.c:250
msgid "encryption only with symmetric cipher"
msgstr "Daten symmetrisch verschlüsseln"
#: g10/gpg.c:379 sm/gpgsm.c:251
msgid "decrypt data (default)"
msgstr "Daten entschlüsseln (Voreinstellung)"
#: g10/gpg.c:381 sm/gpgsm.c:252
msgid "verify a signature"
msgstr "Signatur prüfen"
#: g10/gpg.c:383 sm/gpgsm.c:254
msgid "list keys"
msgstr "Liste der Schlüssel"
#: g10/gpg.c:385
msgid "list keys and signatures"
msgstr "Liste der Schlüssel und ihrer Signaturen"
#: g10/gpg.c:386
msgid "list and check key signatures"
msgstr "Signaturen der Schlüssel auflisten und prüfen"
#: g10/gpg.c:387 sm/gpgsm.c:258
msgid "list keys and fingerprints"
msgstr "Liste der Schlüssel und ihrer \"Fingerabdrücke\""
#: g10/gpg.c:388 sm/gpgsm.c:256
msgid "list secret keys"
msgstr "Liste der geheimen Schlüssel"
#: g10/gpg.c:389
msgid "generate a new key pair"
msgstr "Ein neues Schlüsselpaar erzeugen"
#: g10/gpg.c:390
msgid "remove keys from the public keyring"
msgstr "Schlüssel aus dem öff. Schlüsselbund entfernen"
#: g10/gpg.c:392
msgid "remove keys from the secret keyring"
msgstr "Schlüssel aus dem geh. Schlüsselbund entfernen"
#: g10/gpg.c:393
msgid "sign a key"
msgstr "Schlüssel signieren"
#: g10/gpg.c:394
msgid "sign a key locally"
msgstr "Schlüssel nur für diesen Rechner signieren"
#: g10/gpg.c:395
msgid "sign or edit a key"
msgstr "Unterschreiben oder bearbeiten eines Schl."
#: g10/gpg.c:396
msgid "generate a revocation certificate"
msgstr "Ein Schlüsselwiderruf-Zertifikat erzeugen"
#: g10/gpg.c:398
msgid "export keys"
msgstr "Schlüssel exportieren"
#: g10/gpg.c:399 sm/gpgsm.c:261
msgid "export keys to a key server"
msgstr "Schlüssel zu einem Schlü.server exportieren"
#: g10/gpg.c:400 sm/gpgsm.c:262
msgid "import keys from a key server"
msgstr "Schlüssel von einem Schlü.server importieren"
#: g10/gpg.c:402
msgid "search for keys on a key server"
msgstr "Schlüssel auf einem Schlü.server suchen"
#: g10/gpg.c:404
msgid "update all keys from a keyserver"
msgstr "alle Schlüssel per Schlü.server aktualisieren"
#: g10/gpg.c:408
msgid "import/merge keys"
msgstr "Schlüssel importieren/kombinieren"
#: g10/gpg.c:411
msgid "print the card status"
msgstr "den Karten-Status ausgeben"
#: g10/gpg.c:412
msgid "change data on a card"
msgstr "Daten auf einer Karte ändern"
#: g10/gpg.c:413
msgid "change a card's PIN"
msgstr "PIN einer Karte ändern"
#: g10/gpg.c:422
msgid "update the trust database"
msgstr "Ändern der \"Trust\"-Datenbank"
#: g10/gpg.c:429
msgid "|algo [files]|print message digests"
msgstr "|algo [Dateien]|Message-Digests für die Dateien ausgeben"
#: g10/gpg.c:432 sm/gpgsm.c:266
msgid "run in server mode"
msgstr "Im Server Modus ausführen"
#: g10/gpg.c:434 g10/gpgv.c:68 kbx/kbxutil.c:81 sm/gpgsm.c:281
#: tools/gpg-connect-agent.c:64 tools/gpgconf.c:69 tools/symcryptrun.c:157
msgid ""
"@\n"
"Options:\n"
" "
msgstr ""
"@\n"
"Optionen:\n"
" "
#: g10/gpg.c:436 sm/gpgsm.c:283
msgid "create ascii armored output"
msgstr "Ausgabe mit ASCII-Hülle versehen"
#: g10/gpg.c:438 sm/gpgsm.c:295
msgid "|NAME|encrypt for NAME"
msgstr "|NAME|Verschlüsseln für NAME"
#: g10/gpg.c:449 sm/gpgsm.c:333
msgid "use this user-id to sign or decrypt"
msgstr "Mit dieser User-ID signieren"
#: g10/gpg.c:450 sm/gpgsm.c:336
msgid "|N|set compress level N (0 disables)"
msgstr "Kompressionsstufe auf N setzen (0=keine)"
#: g10/gpg.c:455 sm/gpgsm.c:338
msgid "use canonical text mode"
msgstr "Textmodus benutzen"
#: g10/gpg.c:469 sm/gpgsm.c:341
#, fuzzy
msgid "|FILE|write output to FILE"
msgstr "|DATEI|Konfigurationsoptionen aus DATEI lesen"
#: g10/gpg.c:482 kbx/kbxutil.c:90 sm/gpgsm.c:352 tools/gpgconf.c:74
msgid "do not make any changes"
msgstr "Keine wirklichen Änderungen durchführen"
#: g10/gpg.c:483
msgid "prompt before overwriting"
msgstr "vor Überschreiben nachfragen"
#: g10/gpg.c:526
msgid "use strict OpenPGP behavior"
msgstr "OpenPGP-Verhalten strikt beachten"
#: g10/gpg.c:527
msgid "generate PGP 2.x compatible messages"
msgstr "PGP 2.x-kompatibele Botschaften erzeugen"
#: g10/gpg.c:556 sm/gpgsm.c:400
msgid ""
"@\n"
"(See the man page for a complete listing of all commands and options)\n"
msgstr ""
"@\n"
"(Auf der \"man\"-Seite ist eine vollständige Liste aller Befehle und "
"Optionen)\n"
#: g10/gpg.c:559 sm/gpgsm.c:403
msgid ""
"@\n"
"Examples:\n"
"\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
" --clearsign [file] make a clear text signature\n"
" --detach-sign [file] make a detached signature\n"
" --list-keys [names] show keys\n"
" --fingerprint [names] show fingerprints\n"
msgstr ""
"@\n"
"Beispiele:\n"
"\n"
" -se -r Bob [Datei] Signieren und verschlüsseln für Benutzer Bob\n"
" --clearsign [Datei] Eine Klartextsignatur erzeugen\n"
" --detach-sign [Datei] Eine abgetrennte Signatur erzeugen\n"
" --list-keys [Namen] Schlüssel anzeigen\n"
" --fingerprint [Namen] \"Fingerabdrücke\" anzeigen\n"
#: g10/gpg.c:755 g10/gpgv.c:95
msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
msgstr ""
"Berichte über Programmfehler bitte in englisch an <gnupg-bugs@gnu.org>.\n"
"Sinn- oder Schreibfehler in den deutschen Texten bitte an <de@li.org>.\n"
#: g10/gpg.c:772
msgid "Usage: gpg [options] [files] (-h for help)"
msgstr "Aufruf: gpg [Optionen] [Dateien] (-h für Hilfe)"
#: g10/gpg.c:775
msgid ""
"Syntax: gpg [options] [files]\n"
"sign, check, encrypt or decrypt\n"
"default operation depends on the input data\n"
msgstr ""
"Aufruf: gpg [Optionen] [Dateien]\n"
"Signieren, prüfen, verschlüsseln, entschlüsseln.\n"
"Die voreingestellte Operation ist abhängig von den Eingabedaten\n"
#: g10/gpg.c:786 sm/gpgsm.c:583
msgid ""
"\n"
"Supported algorithms:\n"
msgstr ""
"\n"
"Unterstützte Verfahren:\n"
#: g10/gpg.c:789
msgid "Pubkey: "
msgstr "Öff.Schlüssel: "
#: g10/gpg.c:796 g10/keyedit.c:2321
msgid "Cipher: "
msgstr "Verschlü.: "
#: g10/gpg.c:803
msgid "Hash: "
msgstr "Hash: "
#: g10/gpg.c:810 g10/keyedit.c:2365
msgid "Compression: "
msgstr "Komprimierung: "
#: g10/gpg.c:817 sm/gpgsm.c:603
msgid "Used libraries:"
msgstr ""
#: g10/gpg.c:925
msgid "usage: gpg [options] "
msgstr "Aufruf: gpg [Optionen] "
#: g10/gpg.c:1095 sm/gpgsm.c:768
msgid "conflicting commands\n"
msgstr "Widersprüchliche Befehle\n"
#: g10/gpg.c:1113
#, c-format
msgid "no = sign found in group definition `%s'\n"
msgstr "Kein '='-Zeichen in der Gruppendefinition gefunden `%s'\n"
#: g10/gpg.c:1310
#, c-format
msgid "WARNING: unsafe ownership on homedir `%s'\n"
msgstr "WARNUNG: Unsicheres Besitzverhältnis des Home-Verzeichnis `%s'\n"
#: g10/gpg.c:1313
#, c-format
msgid "WARNING: unsafe ownership on configuration file `%s'\n"
msgstr "WARNUNG: Unsicheres Besitzverhältnis der Konfigurationsdatei `%s'\n"
#: g10/gpg.c:1316
#, c-format
msgid "WARNING: unsafe ownership on extension `%s'\n"
msgstr "WARNUNG: Unsicheres Besitzverhältnis auf die Erweiterung `%s'\n"
#: g10/gpg.c:1322
#, c-format
msgid "WARNING: unsafe permissions on homedir `%s'\n"
msgstr "WARNUNG: Unsichere Zugriffsrechte des Home-Verzeichnis `%s'\n"
#: g10/gpg.c:1325
#, c-format
msgid "WARNING: unsafe permissions on configuration file `%s'\n"
msgstr "WARNUNG: Unsichere Zugriffsrechte der Konfigurationsdatei `%s'\n"
#: g10/gpg.c:1328
#, c-format
msgid "WARNING: unsafe permissions on extension `%s'\n"
msgstr "WARNUNG: Unsichere Zugriffsrechte auf die Erweiterung `%s'\n"
#: g10/gpg.c:1334
#, c-format
msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
msgstr ""
"WARNUNG: Unsicheres Besitzverhältnis des umgebenden Verzeichnisses für Home-"
"Verzeichnis `%s'\n"
#: g10/gpg.c:1337
#, c-format
msgid ""
"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
msgstr ""
"WARNUNG: Unsicheres Besitzverhältnis des umgebenden Verzeichnisses der "
"Konfigurationsdatei `%s'\n"
#: g10/gpg.c:1340
#, c-format
msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
msgstr ""
"WARNUNG: Unsicheres Besitzverhältnis des umgebenden Verzeichnisses `%s'\n"
#: g10/gpg.c:1346
#, c-format
msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
msgstr ""
"WARNUNG: Unsichere Zugriffsrechte des umgebenden Verzeichnisses des Home-"
"Verzeichnisses `%s'\n"
#: g10/gpg.c:1349
#, c-format
msgid ""
"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
msgstr ""
"WARNUNG: Unsichere Zugriffsrechte des umgebenden Verzeichnisses der "
"Konfigurationsdatei `%s'\n"
#: g10/gpg.c:1352
#, c-format
msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
msgstr ""
"WARNUNG: Unsichere Zugriffsrechte des umgebenden Verzeichnisses auf "
"Erweiterung `%s'\n"
#: g10/gpg.c:1495
#, c-format
msgid "unknown configuration item `%s'\n"
msgstr "Unbekanntes Konfigurationselement `%s'\n"
#: g10/gpg.c:1590
msgid "display photo IDs during key listings"
msgstr "Anzeigen der Foto-ID in den Schlüssellisten"
#: g10/gpg.c:1592
msgid "show policy URLs during signature listings"
msgstr "Zeige Richtlinien-URL während der Unterschriftenlisten"
#: g10/gpg.c:1594
msgid "show all notations during signature listings"
msgstr "Alle Notationen mit den Signaturen anlisten"
#: g10/gpg.c:1596
msgid "show IETF standard notations during signature listings"
msgstr "Zeige IETF-Standard"
#: g10/gpg.c:1600
msgid "show user-supplied notations during signature listings"
msgstr "Zeige anwenderseitige Notationen in den Unterschriftenlisten"
#: g10/gpg.c:1602
msgid "show preferred keyserver URLs during signature listings"
msgstr "Der bevorzugten Schlüsselserver mit den Signaturen anlisten"
#: g10/gpg.c:1604
msgid "show user ID validity during key listings"
msgstr "Zeige Gültigkeit der User-ID in den Schlüssellisten"
#: g10/gpg.c:1606
msgid "show revoked and expired user IDs in key listings"
msgstr "Zeige widerrufene und verfallene User-ID in den Schlüssellisten"
#: g10/gpg.c:1608
msgid "show revoked and expired subkeys in key listings"
msgstr "Zeige widerrufene und verfallene Unterschlüssel in den Schlüssellisten"
#: g10/gpg.c:1610
msgid "show the keyring name in key listings"
msgstr "Anzeigen des Schlüsselbundes, in dem ein Schlüssel drin ist"
#: g10/gpg.c:1612
msgid "show expiration dates during signature listings"
msgstr "Das Ablaufdatum mit den Signaturen anlisten"
#: g10/gpg.c:1875
#, c-format
msgid "libgcrypt is too old (need %s, have %s)\n"
msgstr ""
"Die Bibliothek \"libgcrypt\" is zu alt (benötigt wird %s, vorhanden ist %s)\n"
#: g10/gpg.c:2030
#, c-format
msgid "NOTE: old default options file `%s' ignored\n"
msgstr "Hinweis: Alte voreingestellte Optionendatei '%s' wurde ignoriert\n"
#: g10/gpg.c:2290 g10/gpg.c:2955 g10/gpg.c:2967
#, c-format
msgid "NOTE: %s is not for normal use!\n"
msgstr "Hinweis: %s ist nicht für den üblichen Gebrauch gedacht!\n"
#: g10/gpg.c:2471 g10/gpg.c:2483
#, c-format
msgid "`%s' is not a valid signature expiration\n"
msgstr "`%s' ist kein gültiges Unterschriftablaufdatum\n"
#: g10/gpg.c:2565
#, c-format
msgid "`%s' is not a valid character set\n"
msgstr "`%s' ist kein gültiger Zeichensatz\n"
#: g10/gpg.c:2588 g10/gpg.c:2783 g10/keyedit.c:4084
msgid "could not parse keyserver URL\n"
msgstr "Schlüsselserver-URL konnte nicht analysiert werden\n"
#: g10/gpg.c:2600
#, c-format
msgid "%s:%d: invalid keyserver options\n"
msgstr "%s:%d: ungültige Schlüsselserver-Option\n"
#: g10/gpg.c:2603
msgid "invalid keyserver options\n"
msgstr "Ungültige Schlüsselserver-Option\n"
#: g10/gpg.c:2610
#, c-format
msgid "%s:%d: invalid import options\n"
msgstr "%s:%d: ungültige Import-Option\n"
#: g10/gpg.c:2613
msgid "invalid import options\n"
msgstr "Ungültige Import-Option\n"
#: g10/gpg.c:2620
#, c-format
msgid "%s:%d: invalid export options\n"
msgstr "%s:%d: ungültige Export-Option.\n"
#: g10/gpg.c:2623
msgid "invalid export options\n"
msgstr "Ungültige Export-Option\n"
#: g10/gpg.c:2630
#, c-format
msgid "%s:%d: invalid list options\n"
msgstr "%s:%d: ungültige Listen-Option.\n"
#: g10/gpg.c:2633
msgid "invalid list options\n"
msgstr "Ungültige Listen-Option\n"
#: g10/gpg.c:2641
msgid "display photo IDs during signature verification"
msgstr "Zeige die Foto-ID während der Unterschriftenprüfung"
#: g10/gpg.c:2643
msgid "show policy URLs during signature verification"
msgstr "Zeige Richtlinien-URLs während der Unterschriftenprüfung"
#: g10/gpg.c:2645
msgid "show all notations during signature verification"
msgstr "Alle Notationen wahrend der Signaturprüfung anzeigen"
#: g10/gpg.c:2647
msgid "show IETF standard notations during signature verification"
msgstr "Zeige IETF-Standard-Notationen während der Unterschriftenprüfung"
#: g10/gpg.c:2651
msgid "show user-supplied notations during signature verification"
msgstr "Zeie anwenderseitige Notationen während der Unterschriftenprüfung"
#: g10/gpg.c:2653
msgid "show preferred keyserver URLs during signature verification"
msgstr ""
"Die URL für den bevorzugten Schlüsselserver während der "
"Unterschriftenprüfung anzeigen"
#: g10/gpg.c:2655
msgid "show user ID validity during signature verification"
msgstr "Die Gültigkeit der User-ID während der Unterschriftenprüfung anzeigen"
#: g10/gpg.c:2657
msgid "show revoked and expired user IDs in signature verification"
msgstr ""
"Zeige widerrufene und verfallene User-IDs während der Unterschriftenprüfung"
#: g10/gpg.c:2659
msgid "show only the primary user ID in signature verification"
msgstr "Zeige nur die Hauptuser-ID während der Unterschriftenprüfung"
#: g10/gpg.c:2661
msgid "validate signatures with PKA data"
msgstr "Prüfe Unterschriftengültigkeit mittels PKA-Daten"
#: g10/gpg.c:2663
msgid "elevate the trust of signatures with valid PKA data"
msgstr "werte das Vertrauen zu Unterschriften durch gültige PKA-Daten auf"
#: g10/gpg.c:2670
#, c-format
msgid "%s:%d: invalid verify options\n"
msgstr "%s:%d: ungültige Überprüfuns-Option.\n"
#: g10/gpg.c:2673
msgid "invalid verify options\n"
msgstr "Ungültige Überprüfungs-Option\n"
#: g10/gpg.c:2680
#, c-format
msgid "unable to set exec-path to %s\n"
msgstr "Der Ausführungspfad konnte nicht auf %s gesetzt werden.\n"
#: g10/gpg.c:2855
#, c-format
msgid "%s:%d: invalid auto-key-locate list\n"
msgstr "%s:%d: ungültige \"auto-key-locate\"-Liste\n"
#: g10/gpg.c:2858
msgid "invalid auto-key-locate list\n"
msgstr "ungültige \"auto-key-locate\"-Liste\n"
#: g10/gpg.c:2944 sm/gpgsm.c:1355
msgid "WARNING: program may create a core file!\n"
msgstr "WARNUNG: Programm könnte eine core-dump-Datei schreiben!\n"
#: g10/gpg.c:2948
#, c-format
msgid "WARNING: %s overrides %s\n"
msgstr "WARNUNG: %s ersetzt %s\n"
#: g10/gpg.c:2957
#, c-format
msgid "%s not allowed with %s!\n"
msgstr "%s kann nicht zusammen mit %s verwendet werden!\n"
#: g10/gpg.c:2960
#, c-format
msgid "%s makes no sense with %s!\n"
msgstr "%s zusammen mit %s ist nicht sinnvoll!\n"
#: g10/gpg.c:2975
#, c-format
msgid "will not run with insecure memory due to %s\n"
msgstr "Startet nicht mit unsicherem Speicher, wegen Option %s\n"
#: g10/gpg.c:2989
msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
msgstr ""
"Im --pgp2-Modus können Sie nur abgetrennte oder Klartextunterschriften "
"machen\n"
#: g10/gpg.c:2995
msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
msgstr ""
"Im --pgp2-Modus können Sie nicht gleichzeitig unterschreiben und "
"verschlüsseln\n"
#: g10/gpg.c:3001
msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
msgstr ""
"Im --pgp2-Modus müssen Sie Dateien benutzen und können keine Pipes "
"verwenden.\n"
#: g10/gpg.c:3014
msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
msgstr ""
"Verschlüssen einer Botschaft benötigt im --pgp2-Modus die IDEA-"
"Verschlüsselung\n"
#: g10/gpg.c:3080 g10/gpg.c:3104 sm/gpgsm.c:1427
msgid "selected cipher algorithm is invalid\n"
msgstr "Das ausgewählte Verschlüsselungsverfahren ist ungültig\n"
#: g10/gpg.c:3086 g10/gpg.c:3110 sm/gpgsm.c:1435
msgid "selected digest algorithm is invalid\n"
msgstr "Das ausgewählte Hashverfahren ist ungültig\n"
#: g10/gpg.c:3092
msgid "selected compression algorithm is invalid\n"
msgstr "Das ausgewählte Komprimierungsverfahren ist ungültig\n"
#: g10/gpg.c:3098
msgid "selected certification digest algorithm is invalid\n"
msgstr "Das ausgewählte Hashverfahren ist ungültig\n"
#: g10/gpg.c:3113
msgid "completes-needed must be greater than 0\n"
msgstr "completes-needed müssen größer als 0 sein\n"
#: g10/gpg.c:3115
msgid "marginals-needed must be greater than 1\n"
msgstr "marginals-needed müssen größer als 1 sein\n"
#: g10/gpg.c:3117
msgid "max-cert-depth must be in the range from 1 to 255\n"
msgstr "max-cert-depth muß im Bereich 1 bis 255 liegen\n"
#: g10/gpg.c:3119
msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
msgstr "ungültiger \"default-cert-level\"; Wert muß 0, 1, 2 oder 3 sein\n"
#: g10/gpg.c:3121
msgid "invalid min-cert-level; must be 1, 2, or 3\n"
msgstr "ungültiger \"min-cert-level\"; Wert muß 0, 1, 2 oder 3 sein\n"
#: g10/gpg.c:3124
msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
msgstr "Hinweis: Vom \"simple S2K\"-Modus (0) ist strikt abzuraten\n"
#: g10/gpg.c:3128
msgid "invalid S2K mode; must be 0, 1 or 3\n"
msgstr "ungültiger \"simple S2K\"-Modus; Wert muß 0, 1 oder 3 sein\n"
#: g10/gpg.c:3135
msgid "invalid default preferences\n"
msgstr "ungültige Standard-Voreinstellungen\n"
#: g10/gpg.c:3144
msgid "invalid personal cipher preferences\n"
msgstr "ungültige private Verschlüsselungsvoreinstellungen\n"
#: g10/gpg.c:3148
msgid "invalid personal digest preferences\n"
msgstr "ungültige private Hashvoreinstellungen\n"
#: g10/gpg.c:3152
msgid "invalid personal compress preferences\n"
msgstr "ungültige private Komprimierungsvoreinstellungen\n"
#: g10/gpg.c:3185
#, c-format
msgid "%s does not yet work with %s\n"
msgstr "%s arbeitet noch nicht mit %s zusammen\n"
#: g10/gpg.c:3232
#, c-format
msgid "you may not use cipher algorithm `%s' while in %s mode\n"
msgstr ""
"Die Benutzung des Verschlüsselungsverfahren %s ist im %s-Modus nicht "
"erlaubt.\n"
#: g10/gpg.c:3237
#, c-format
msgid "you may not use digest algorithm `%s' while in %s mode\n"
msgstr "Die Benutzung der Hashmethode %s ist im %s-Modus nicht erlaubt.\n"
#: g10/gpg.c:3242
#, c-format
msgid "you may not use compression algorithm `%s' while in %s mode\n"
msgstr ""
"Die Benutzung des Komprimierverfahren %s ist im %s-Modus nicht erlaubt.\n"
#: g10/gpg.c:3334
#, c-format
msgid "failed to initialize the TrustDB: %s\n"
msgstr "Die Trust-DB kann nicht initialisiert werden: %s\n"
#: g10/gpg.c:3345
msgid "WARNING: recipients (-r) given without using public key encryption\n"
msgstr ""
"WARNUNG: Empfänger (-r) angegeben ohne Verwendung von Public-Key-Verfahren\n"
#: g10/gpg.c:3366
msgid "--store [filename]"
msgstr "--store [Dateiname]"
#: g10/gpg.c:3373
msgid "--symmetric [filename]"
msgstr "--symmetric [Dateiname]"
#: g10/gpg.c:3375
#, c-format
msgid "symmetric encryption of `%s' failed: %s\n"
msgstr "Symmetrische Entschlüsselung von `%s' fehlgeschlagen: %s\n"
#: g10/gpg.c:3385
msgid "--encrypt [filename]"
msgstr "--encrypt [Dateiname]"
#: g10/gpg.c:3398
msgid "--symmetric --encrypt [filename]"
msgstr "--symmetric --encrypt [Dateiname]"
#: g10/gpg.c:3400
msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
msgstr ""
"--symmetric --encrypt kann nicht zusammen mit --s2k-mode 0 verwendet werden\n"
#: g10/gpg.c:3403
#, c-format
msgid "you cannot use --symmetric --encrypt while in %s mode\n"
msgstr "Im %s-Modus kann --symmetric --encrypt nicht verwendet werden.\n"
#: g10/gpg.c:3421
msgid "--sign [filename]"
msgstr "--sign [Dateiname]"
#: g10/gpg.c:3434
msgid "--sign --encrypt [filename]"
msgstr "--sign --encrypt [Dateiname]"
#: g10/gpg.c:3449
msgid "--symmetric --sign --encrypt [filename]"
msgstr "--symmetric --sign --encrypt [Dateiname]"
#: g10/gpg.c:3451
msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
msgstr ""
"--symmetric --sign --encrypt kann nicht zusammen mit --s2k-mode 0 verwendet "
"werden\n"
#: g10/gpg.c:3454
#, c-format
msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
msgstr ""
"Im %s-Modus kann --symmetric --sign --encrypt nicht verwendet werden.\n"
#: g10/gpg.c:3474
msgid "--sign --symmetric [filename]"
msgstr "--sign --symmetric [Dateiname]"
#: g10/gpg.c:3483
msgid "--clearsign [filename]"
msgstr "--clearsign [Dateiname]"
#: g10/gpg.c:3508
msgid "--decrypt [filename]"
msgstr "--decrypt [Dateiname]"
#: g10/gpg.c:3516
msgid "--sign-key user-id"
msgstr "--sign-key User-ID"
#: g10/gpg.c:3520
msgid "--lsign-key user-id"
msgstr "--lsign-key User-ID"
#: g10/gpg.c:3541
msgid "--edit-key user-id [commands]"
msgstr "--edit-key User-ID [Befehle]"
#: g10/gpg.c:3626
#, c-format
msgid "keyserver send failed: %s\n"
msgstr "Senden an Schlüsselserver fehlgeschlagen: %s\n"
#: g10/gpg.c:3628
#, c-format
msgid "keyserver receive failed: %s\n"
msgstr "Empfangen vom Schlüsselserver fehlgeschlagen: %s\n"
#: g10/gpg.c:3630
#, c-format
msgid "key export failed: %s\n"
msgstr "Schlüsselexport fehlgeschlagen: %s\n"
#: g10/gpg.c:3641
#, c-format
msgid "keyserver search failed: %s\n"
msgstr "Suche auf dem Schlüsselserver fehlgeschlagen: %s\n"
#: g10/gpg.c:3651
#, c-format
msgid "keyserver refresh failed: %s\n"
msgstr "Refresh vom Schlüsselserver fehlgeschlagen: %s\n"
#: g10/gpg.c:3702
#, c-format
msgid "dearmoring failed: %s\n"
msgstr "Entfernen der ASCII-Hülle ist fehlgeschlagen: %s\n"
#: g10/gpg.c:3710
#, c-format
msgid "enarmoring failed: %s\n"
msgstr "Anbringen der ASCII-Hülle ist fehlgeschlagen: %s\n"
#: g10/gpg.c:3800
#, c-format
msgid "invalid hash algorithm `%s'\n"
msgstr "Ungültiges Hashverfahren '%s'\n"
#: g10/gpg.c:3917
msgid "[filename]"
msgstr "[Dateiname]"
#: g10/gpg.c:3921
msgid "Go ahead and type your message ...\n"
msgstr "Auf geht's - Botschaft eintippen ...\n"
#: g10/gpg.c:4233
msgid "the given certification policy URL is invalid\n"
msgstr "Die angegebene Zertifikat-Richtlinien-URL ist ungültig\n"
#: g10/gpg.c:4235
msgid "the given signature policy URL is invalid\n"
msgstr "Die angegebene Unterschriften-Richtlinien-URL ist ungültig\n"
#: g10/gpg.c:4268
msgid "the given preferred keyserver URL is invalid\n"
msgstr "Die angegebene URL des bevorzugten Schlüsselserver ist ungültig\n"
#: g10/gpgv.c:72
msgid "take the keys from this keyring"
msgstr "Schlüssel aus diesem Schlüsselbund nehmen"
#: g10/gpgv.c:74
msgid "make timestamp conflicts only a warning"
msgstr "differierende Zeitangaben sind kein Fehler"
#: g10/gpgv.c:75 sm/gpgsm.c:375
msgid "|FD|write status info to this FD"
msgstr "|FD|Statusinfo auf FD (Dateihandle) ausgeben"
#: g10/gpgv.c:99
msgid "Usage: gpgv [options] [files] (-h for help)"
msgstr "Aufruf: gpg [Optionen] [Dateien] (-h für Hilfe)"
#: g10/gpgv.c:102
msgid ""
"Syntax: gpg [options] [files]\n"
"Check signatures against known trusted keys\n"
msgstr "Aufruf: gpgv [Optionen] [Dateien] (-h Hilfe)\n"
#: g10/helptext.c:49
msgid ""
"It's up to you to assign a value here; this value will never be exported\n"
"to any 3rd party. We need it to implement the web-of-trust; it has nothing\n"
"to do with the (implicitly created) web-of-certificates."
msgstr ""
"Sie müssen selbst entscheiden, welchen Wert Sie hier eintragen; dieser Wert\n"
"wird niemals an eine dritte Seite weitergegeben. Wir brauchen diesen Wert,\n"
"um das \"Netz des Vertrauens\" aufzubauen. Dieses hat nichts mit dem\n"
"(implizit erzeugten) \"Netz der Zertifikate\" zu tun."
#: g10/helptext.c:55
msgid ""
"To build the Web-of-Trust, GnuPG needs to know which keys are\n"
"ultimately trusted - those are usually the keys for which you have\n"
"access to the secret key. Answer \"yes\" to set this key to\n"
"ultimately trusted\n"
msgstr ""
"Um das Web-of-Trust aufzubauen muß GnuPG wissen, welchen Schlüsseln\n"
"uneingeschränkt vertraut wird. Das sind üblicherweise die Schlüssel\n"
"auf deren geheimen Schlüssel Sie Zugruff haben.\n"
"Antworten Sie mit \"yes\" um diesen Schlüssel uneingeschränkt zu vertrauen\n"
#: g10/helptext.c:62
msgid "If you want to use this untrusted key anyway, answer \"yes\"."
msgstr ""
"Wenn Sie diesen nicht vertrauenswürdigen Schlüssel trotzdem benutzen "
"wollen,\n"
"so antworten Sie mit \"ja\"."
#: g10/helptext.c:66
msgid ""
"Enter the user ID of the addressee to whom you want to send the message."
msgstr "Geben Sie die User-ID dessen ein, dem Sie die Botschaft senden wollen."
#: g10/helptext.c:70
msgid ""
"Select the algorithm to use.\n"
"\n"
"DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
"for signatures.\n"
"\n"
"Elgamal is an encrypt-only algorithm.\n"
"\n"
"RSA may be used for signatures or encryption.\n"
"\n"
"The first (primary) key must always be a key which is capable of signing."
msgstr ""
"Wählen Sie das zu verwendene Verfahren.\n"
"\n"
"DSA (alias DSS) ist der \"Digital Signature Algorithm\" und kann nur für\n"
"Unterschriften genutzt werden.\n"
"\n"
"Elgamal ist ein Verfahren nur für Verschlüsselung.\n"
"\n"
"RSA kann sowohl für Unterschriften als auch für Verschlüsselung genutzt\n"
"werden.\n"
"\n"
"Der erste Schlüssel (Hauptschlüssel) muß immer ein Schlüssel sein, mit dem\n"
"unterschrieben werden kann."
#: g10/helptext.c:84
msgid ""
"In general it is not a good idea to use the same key for signing and\n"
"encryption. This algorithm should only be used in certain domains.\n"
"Please consult your security expert first."
msgstr ""
"Normalerweise ist es nicht gut, denselben Schlüssel zum unterschreiben\n"
"und verschlüsseln zu nutzen. Dieses Verfahren sollte in speziellen\n"
"Anwendungsgebiten benutzt werden. Bitte lassen Sie sich zuerst von \n"
"einem Sicherheistexperten beraten."
#: g10/helptext.c:91
msgid "Enter the size of the key"
msgstr "Wählen Sie die gewünschte Schlüssellänge"
#: g10/helptext.c:95 g10/helptext.c:100 g10/helptext.c:112 g10/helptext.c:144
#: g10/helptext.c:172 g10/helptext.c:177 g10/helptext.c:182
msgid "Answer \"yes\" or \"no\""
msgstr "Geben Sie \"ja\" oder \"nein\" ein"
#: g10/helptext.c:105
msgid ""
"Enter the required value as shown in the prompt.\n"
"It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
"get a good error response - instead the system tries to interpret\n"
"the given value as an interval."
msgstr ""
"Geben Sie den benötigten Wert so an, wie er im Prompt erscheint.\n"
"Es ist zwar möglich ein \"ISO\"-Datum (JJJJ-MM-DD) einzugeben, aber man\n"
"erhält dann ggfs. keine brauchbaren Fehlermeldungen - stattdessen versucht\n"
"der Rechner den Wert als Intervall (von-bis) zu deuten."
#: g10/helptext.c:117
msgid "Enter the name of the key holder"
msgstr "Geben Sie den Namen des Schlüsselinhabers ein"
#: g10/helptext.c:122
msgid "please enter an optional but highly suggested email address"
msgstr ""
"Geben Sie eine Email-Adresse ein. Dies ist zwar nicht unbedingt notwendig,\n"
"aber sehr empfehlenswert."
#: g10/helptext.c:126
msgid "Please enter an optional comment"
msgstr "Geben Sie - bei Bedarf - einen Kommentar ein"
#: g10/helptext.c:131
msgid ""
"N to change the name.\n"
"C to change the comment.\n"
"E to change the email address.\n"
"O to continue with key generation.\n"
"Q to to quit the key generation."
msgstr ""
"N um den Namen zu ändern.\n"
"K um den Kommentar zu ändern.\n"
"E um die Email-Adresse zu ändern.\n"
"F um mit der Schlüsselerzeugung fortzusetzen.\n"
"B um die Schlüsselerzeugung abbrechen."
#: g10/helptext.c:140
msgid "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
msgstr ""
"Geben Sie \"ja\" (oder nur \"j\") ein, um den Unterschlüssel zu erzeugen."
#: g10/helptext.c:148
msgid ""
"When you sign a user ID on a key, you should first verify that the key\n"
"belongs to the person named in the user ID. It is useful for others to\n"
"know how carefully you verified this.\n"
"\n"
"\"0\" means you make no particular claim as to how carefully you verified "
"the\n"
" key.\n"
"\n"
"\"1\" means you believe the key is owned by the person who claims to own it\n"
" but you could not, or did not verify the key at all. This is useful "
"for\n"
" a \"persona\" verification, where you sign the key of a pseudonymous "
"user.\n"
"\n"
"\"2\" means you did casual verification of the key. For example, this "
"could\n"
" mean that you verified the key fingerprint and checked the user ID on "
"the\n"
" key against a photo ID.\n"
"\n"
"\"3\" means you did extensive verification of the key. For example, this "
"could\n"
" mean that you verified the key fingerprint with the owner of the key in\n"
" person, and that you checked, by means of a hard to forge document with "
"a\n"
" photo ID (such as a passport) that the name of the key owner matches "
"the\n"
" name in the user ID on the key, and finally that you verified (by "
"exchange\n"
" of email) that the email address on the key belongs to the key owner.\n"
"\n"
"Note that the examples given above for levels 2 and 3 are *only* examples.\n"
"In the end, it is up to you to decide just what \"casual\" and \"extensive"
"\"\n"
"mean to you when you sign other keys.\n"
"\n"
"If you don't know what the right answer is, answer \"0\"."
msgstr ""
"Wenn Sie die User-ID eines Schlüssels beglaubigen wollen, sollten Sie "
"zunächst\n"
"sicherstellen, daß der Schlüssel demjenigen gehört, der in der User-ID "
"genannt\n"
"ist. Für Dritte ist es hilfreich zu wissen, wie gut diese Zuordnung "
"überprüft\n"
"wurde.\n"
"\n"
"\"0\" zeigt, daß Sie keine bestimmte Aussage über die Sorgfalt der \n"
" Schlüsselzuordnung machen.\n"
"\n"
"\"1\" Sie glauben, daß der Schlüssel der benannten Person gehört,\n"
" aber Sie konnten oder nahmen die Überpüfung überhaupt nicht vor.\n"
" Dies ist hilfreich für eine \"persona\"-Überprüfung, wobei man den\n"
" Schlüssel eines Pseudonym-Trägers beglaubigt\n"
"\n"
"\"2\" Sie nahmen eine flüchtige Überprüfung vor. Das heißt Sie haben z.B.\n"
" den Schlüsselfingerabdruck kontrolliert und die User-ID des Schlüssels\n"
" anhand des Fotos geprüft.\n"
"\n"
"\"3\" Sie haben eine ausführlich Kontrolle des Schlüssels vorgenommen.\n"
" Das kann z.B. die Kontrolle des Schlüsselfingerabdrucks mit dem\n"
" Schlüsselinhaber persönlich vorgenommen haben; daß Sie die User-ID des\n"
" Schlüssel anhand einer schwer zu fälschenden Urkunde mit Foto (wie z.B.\n"
" einem Paß) abgeglichen haben und schließlich per Email-Verkehr die\n"
" Email-Adresse als zum Schlüsselbesitzer gehörig erkannt haben.\n"
"\n"
"Beachten Sie, daß diese Beispiele für die Antworten 2 und 3 *nur* Beispiele\n"
"sind. Schlußendlich ist es Ihre Sache, was Sie unter \"flüchtig\" oder\n"
" \"ausführlich\" verstehen, wenn Sie Schlüssel Dritter beglaubigen.\n"
"\n"
"Wenn Sie nicht wissen, wie Sie antworten sollen, wählen Sie \"0\"."
#: g10/helptext.c:186
msgid "Answer \"yes\" if you want to sign ALL the user IDs"
msgstr "Geben Sie \"ja\" (oder nur \"j\") ein, um alle User-IDs zu beglaubigen"
#: g10/helptext.c:190
msgid ""
"Answer \"yes\" if you really want to delete this user ID.\n"
"All certificates are then also lost!"
msgstr ""
"Geben Sie \"ja\" (oder nur \"j\") ein, um diese User-ID zu LÖSCHEN.\n"
"Alle Zertifikate werden dann auch weg sein!"
#: g10/helptext.c:195
msgid "Answer \"yes\" if it is okay to delete the subkey"
msgstr ""
"Geben Sie \"ja\" (oder nur \"j\") ein, um diesen Unterschlüssel zu löschen"
#: g10/helptext.c:200
msgid ""
"This is a valid signature on the key; you normally don't want\n"
"to delete this signature because it may be important to establish a\n"
"trust connection to the key or another key certified by this key."
msgstr ""
"Dies ist eine gültige Beglaubigung für den Schlüssel. Es ist normalerweise\n"
"unnötig sie zu löschen. Sie ist möglicherweise sogar notwendig, um einen\n"
"Trust-Weg zu diesem oder einem durch diesen Schlüssel beglaubigten "
"Schlüssel\n"
"herzustellen."
#: g10/helptext.c:205
msgid ""
"This signature can't be checked because you don't have the\n"
"corresponding key. You should postpone its deletion until you\n"
"know which key was used because this signing key might establish\n"
"a trust connection through another already certified key."
msgstr ""
"Diese Beglaubigung kann nicht geprüft werden, da Sie den passenden "
"Schlüssel\n"
"nicht besitzen. Sie sollten die Löschung der Beglaubigung verschieben, bis\n"
"sie wissen, welcher Schlüssel verwendet wurde. Denn vielleicht würde genau\n"
"diese Beglaubigung den \"Trust\"-Weg komplettieren."
#: g10/helptext.c:211
msgid ""
"The signature is not valid. It does make sense to remove it from\n"
"your keyring."
msgstr ""
"Diese Beglaubigung ist ungültig. Es ist sinnvoll sie aus Ihrem\n"
"Schlüsselbund zu entfernen."
#: g10/helptext.c:215
msgid ""
"This is a signature which binds the user ID to the key. It is\n"
"usually not a good idea to remove such a signature. Actually\n"
"GnuPG might not be able to use this key anymore. So do this\n"
"only if this self-signature is for some reason not valid and\n"
"a second one is available."
msgstr ""
"Diese Beglaubigung bindet die User-ID an den Schlüssel. Normalerweise ist\n"
"es nicht gut, solche Beglaubigungen zu entfernen. Um ehrlich zu sein:\n"
"Es könnte dann sein, daß GnuPG diesen Schlüssel gar nicht mehr benutzen "
"kann.\n"
"Sie sollten diese Eigenbeglaubigung also nur dann entfernen, wenn sie aus\n"
"irgendeinem Grund nicht gültig ist und eine zweite Beglaubigung verfügbar "
"ist."
#: g10/helptext.c:223
msgid ""
"Change the preferences of all user IDs (or just of the selected ones)\n"
"to the current list of preferences. The timestamp of all affected\n"
"self-signatures will be advanced by one second.\n"
msgstr ""
"Ändern der Voreinstellung aller User-IDs (oder nur der ausgewählten)\n"
"auf die aktuelle Liste der Voreinstellung. Die Zeitangaben aller "
"betroffenen\n"
"Eigenbeglaubigungen werden um eine Sekunde vorgestellt.\n"
#: g10/helptext.c:230
msgid "Please enter the passhrase; this is a secret sentence \n"
msgstr "Bitte geben Sie die Passphrase ein. Dies ist ein geheimer Satz \n"
#: g10/helptext.c:236
msgid "Please repeat the last passphrase, so you are sure what you typed in."
msgstr ""
"Um sicher zu gehen, daß Sie sich bei der Eingabe der Passphrase nicht\n"
"vertippt haben, geben Sie diese bitte nochmal ein. Nur wenn beide Eingaben\n"
"übereinstimmen, wird die Passphrase akzeptiert."
#: g10/helptext.c:240
msgid "Give the name of the file to which the signature applies"
msgstr ""
"Geben Sie den Namen der Datei an, zu dem die abgetrennte Unterschrift gehört"
#: g10/helptext.c:245
msgid "Answer \"yes\" if it is okay to overwrite the file"
msgstr "Geben Sie \"ja\" ein, wenn Sie die Datei überschreiben möchten"
#: g10/helptext.c:250
msgid ""
"Please enter a new filename. If you just hit RETURN the default\n"
"file (which is shown in brackets) will be used."
msgstr ""
"Geben Sie bitte einen neuen Dateinamen ein. Falls Sie nur die\n"
"Eingabetaste betätigen, wird der (in Klammern angezeigte) Standarddateiname\n"
"verwendet."
#: g10/helptext.c:256
msgid ""
"You should specify a reason for the certification. Depending on the\n"
"context you have the ability to choose from this list:\n"
" \"Key has been compromised\"\n"
" Use this if you have a reason to believe that unauthorized persons\n"
" got access to your secret key.\n"
" \"Key is superseded\"\n"
" Use this if you have replaced this key with a newer one.\n"
" \"Key is no longer used\"\n"
" Use this if you have retired this key.\n"
" \"User ID is no longer valid\"\n"
" Use this to state that the user ID should not longer be used;\n"
" this is normally used to mark an email address invalid.\n"
msgstr ""
"Sie sollten einen Grund für die Zertifizierung angeben. Je nach\n"
"Zusammenhang können Sie aus dieser Liste auswählen:\n"
" \"Schlüssel wurde kompromitiert\"\n"
" Falls Sie Grund zu der Annahme haben, daß nicht berechtigte Personen\n"
" Zugriff zu Ihrem geheimen Schlüssel hatten\n"
" \"Schlüssel ist überholt\"\n"
" Falls Sie diesen Schlüssel durch einem neuen ersetzt haben.\n"
" \"Schlüssel wird nicht mehr benutzt\"\n"
" Falls Sie diesen Schlüssel zurückgezogen haben.\n"
" \"User-ID ist nicht mehr gültig\"\n"
" Um bekanntzugeben, daß die User-ID nicht mehr benutzt werden soll.\n"
" So weist man normalerweise auf eine ungültige Emailadresse hin.\n"
#: g10/helptext.c:272
msgid ""
"If you like, you can enter a text describing why you issue this\n"
"revocation certificate. Please keep this text concise.\n"
"An empty line ends the text.\n"
msgstr ""
"Wenn Sie möchten, können Sie hier einen Text eingeben, der darlegt, warum\n"
"Sie diesen Widerruf herausgeben. Der Text sollte möglichst knapp sein.\n"
"Eine Leerzeile beendet die Eingabe.\n"
#: g10/helptext.c:287
msgid "No help available"
msgstr "Keine Hilfe vorhanden."
#: g10/helptext.c:295
#, c-format
msgid "No help available for `%s'"
msgstr "Keine Hilfe für '%s' vorhanden."
#: g10/import.c:94
msgid "import signatures that are marked as local-only"
msgstr "Importiere Signaturen, die als nicht exportfähig markiert sind"
#: g10/import.c:96
msgid "repair damage from the pks keyserver during import"
msgstr "Beseitige Beschädigung durch den Schlüsselserver während des Imports"
#: g10/import.c:98
msgid "do not update the trustdb after import"
msgstr "ändern Sie die \"Trust\"-Datenbank nach dem Import nicht"
#: g10/import.c:100
msgid "create a public key when importing a secret key"
msgstr ""
"beim Import eines geheimen Schlüssels einen öffentliche Schlüssel erzeugen"
#: g10/import.c:102
msgid "only accept updates to existing keys"
msgstr "Nur Änderungen bereits existierender Schlüssel vornehmen"
#: g10/import.c:104
msgid "remove unusable parts from key after import"
msgstr "entferne nach dem Import unbrauchbare Teile des Schlüssels"
#: g10/import.c:106
msgid "remove as much as possible from key after import"
msgstr "nach dem Import soviel wie möglich aus dem Schlüssel entfernen"
#: g10/import.c:269
#, c-format
msgid "skipping block of type %d\n"
msgstr "überspringe den Block vom Typ %d\n"
#: g10/import.c:278
#, c-format
msgid "%lu keys processed so far\n"
msgstr "%lu Schlüssel bislang bearbeitet\n"
#: g10/import.c:295
#, c-format
msgid "Total number processed: %lu\n"
msgstr "Anzahl insgesamt bearbeiteter Schlüssel: %lu\n"
#: g10/import.c:297
#, c-format
msgid " skipped new keys: %lu\n"
msgstr " ignorierte neue Schlüssel: %lu\n"
#: g10/import.c:300
#, c-format
msgid " w/o user IDs: %lu\n"
msgstr " ohne User-ID: %lu\n"
#: g10/import.c:302 sm/import.c:112
#, c-format
msgid " imported: %lu"
msgstr " importiert: %lu"
#: g10/import.c:308 sm/import.c:116
#, c-format
msgid " unchanged: %lu\n"
msgstr " unverändert: %lu\n"
#: g10/import.c:310
#, c-format
msgid " new user IDs: %lu\n"
msgstr " neue User-IDs: %lu\n"
#: g10/import.c:312
#, c-format
msgid " new subkeys: %lu\n"
msgstr " neue Unterschlüssel: %lu\n"
#: g10/import.c:314
#, c-format
msgid " new signatures: %lu\n"
msgstr " neue Signaturen: %lu\n"
#: g10/import.c:316
#, c-format
msgid " new key revocations: %lu\n"
msgstr " neue Schlüsselwiderrufe: %lu\n"
#: g10/import.c:318 sm/import.c:118
#, c-format
msgid " secret keys read: %lu\n"
msgstr " gelesene geheime Schlüssel: %lu\n"
#: g10/import.c:320 sm/import.c:120
#, c-format
msgid " secret keys imported: %lu\n"
msgstr " geheime Schlüssel importiert: %lu\n"
#: g10/import.c:322 sm/import.c:122
#, c-format
msgid " secret keys unchanged: %lu\n"
msgstr " unveränderte geh.Schl.: %lu\n"
#: g10/import.c:324 sm/import.c:124
#, c-format
msgid " not imported: %lu\n"
msgstr " nicht importiert: %lu\n"
#: g10/import.c:326
#, c-format
msgid " signatures cleaned: %lu\n"
msgstr " Signaturen bereinigt: %lu\n"
#: g10/import.c:328
#, c-format
msgid " user IDs cleaned: %lu\n"
msgstr " User-IDs bereinigt: %lu\n"
#: g10/import.c:569
#, c-format
msgid ""
"WARNING: key %s contains preferences for unavailable\n"
"algorithms on these user IDs:\n"
msgstr ""
"WARNING: Schlüssel %s hat Einstellungen zu nicht verfügbaren\n"
"Verfahren für folgende User-ID:\n"
#: g10/import.c:610
#, c-format
msgid " \"%s\": preference for cipher algorithm %s\n"
msgstr " \"%s\": Einstellungen des Verschlüsselungsverfahren %s\n"
#: g10/import.c:625
#, c-format
msgid " \"%s\": preference for digest algorithm %s\n"
msgstr " \"%s\": Einstellungen der Hashmethode %s\n"
#: g10/import.c:637
#, c-format
msgid " \"%s\": preference for compression algorithm %s\n"
msgstr " \"%s\": Einstellungen der Komprimierungsverfahren %s\n"
#: g10/import.c:650
msgid "it is strongly suggested that you update your preferences and\n"
msgstr "es ist extrem empfehlenswert Ihre Einstellungen zu ändern und\n"
#: g10/import.c:652
msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
msgstr ""
"diesen Schüssel wieder zu verteilen, um mögliche Probleme durch unpassende "
"Verfahrenskombinationen zu vermeiden\n"
#: g10/import.c:676
#, c-format
msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
msgstr ""
"Sie können Ihren Einstellungen mittels \"gpg --edit-key %s updpref save\" "
"ändern\n"
#: g10/import.c:726 g10/import.c:1124
#, c-format
msgid "key %s: no user ID\n"
msgstr "Schlüssel %s: Keine User-ID\n"
#: g10/import.c:755
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "Schlüssel %s: PKS Unterschlüsseldefekt repariert\n"
#: g10/import.c:770
#, c-format
msgid "key %s: accepted non self-signed user ID \"%s\"\n"
msgstr "Schlüssel %s: Nicht eigenbeglaubigte User-ID `%s' übernommen\n"
#: g10/import.c:776
#, c-format
msgid "key %s: no valid user IDs\n"
msgstr "Schlüssel %s: Keine gültigen User-IDs\n"
#: g10/import.c:778
msgid "this may be caused by a missing self-signature\n"
msgstr "dies könnte durch fehlende Eigenbeglaubigung verursacht worden sein\n"
#: g10/import.c:788 g10/import.c:1246
#, c-format
msgid "key %s: public key not found: %s\n"
msgstr "Schlüssel %s: Öffentlicher Schlüssel nicht gefunden: %s\n"
#: g10/import.c:794
#, c-format
msgid "key %s: new key - skipped\n"
msgstr "Schlüssel %s: neuer Schlüssel - übersprungen\n"
#: g10/import.c:803
#, c-format
msgid "no writable keyring found: %s\n"
msgstr "kein schreibbarer Schlüsselbund gefunden: %s\n"
#: g10/import.c:808 g10/openfile.c:278 g10/sign.c:802 g10/sign.c:1111
#, c-format
msgid "writing to `%s'\n"
msgstr "Schreiben nach '%s'\n"
#: g10/import.c:812 g10/import.c:907 g10/import.c:1164 g10/import.c:1307
#: g10/import.c:2381 g10/import.c:2403
#, c-format
msgid "error writing keyring `%s': %s\n"
msgstr "Fehler beim Schreiben des Schlüsselbundes `%s': %s\n"
#: g10/import.c:831
#, c-format
msgid "key %s: public key \"%s\" imported\n"
msgstr "Schlüssel %s: Öffentlicher Schlüssel \"%s\" importiert\n"
#: g10/import.c:855
#, c-format
msgid "key %s: doesn't match our copy\n"
msgstr "Schlüssel %s: Stimmt nicht mit unserer Kopie überein\n"
#: g10/import.c:872 g10/import.c:1264
#, c-format
msgid "key %s: can't locate original keyblock: %s\n"
msgstr "Schlüssel %s: der originale Schlüsselblock wurde nicht gefunden: %s\n"
#: g10/import.c:880 g10/import.c:1271
#, c-format
msgid "key %s: can't read original keyblock: %s\n"
msgstr "Schlüssel %s: Lesefehler im originalen Schlüsselblock: %s\n"
#: g10/import.c:917
#, c-format
msgid "key %s: \"%s\" 1 new user ID\n"
msgstr "Schlüssel %s: \"%s\" 1 neue User-ID\n"
#: g10/import.c:920
#, c-format
msgid "key %s: \"%s\" %d new user IDs\n"
msgstr "Schlüssel %s: \"%s\" %d neue User-IDs\n"
#: g10/import.c:923
#, c-format
msgid "key %s: \"%s\" 1 new signature\n"
msgstr "Schlüssel %s: \"%s\" 1 neue Signatur\n"
#: g10/import.c:926
#, c-format
msgid "key %s: \"%s\" %d new signatures\n"
msgstr "Schlüssel %s: \"%s\" %d neue Signaturen\n"
#: g10/import.c:929
#, c-format
msgid "key %s: \"%s\" 1 new subkey\n"
msgstr "Schlüssel %s: \"%s\" 1 neuer Unterschlüssel\n"
#: g10/import.c:932
#, c-format
msgid "key %s: \"%s\" %d new subkeys\n"
msgstr "Schlüssel %s: \"%s\" %d neue Unterschlüssel\n"
#: g10/import.c:935
#, c-format
msgid "key %s: \"%s\" %d signature cleaned\n"
msgstr "Schlüssel %s: \"%s\" %d Signaturen bereinigt\n"
#: g10/import.c:938
#, c-format
msgid "key %s: \"%s\" %d signatures cleaned\n"
msgstr "Schlüssel %s: \"%s\" %d Signaturen bereinigt\n"
#: g10/import.c:941
#, c-format
msgid "key %s: \"%s\" %d user ID cleaned\n"
msgstr "Schlüssel %s: \"%s\" %d User-ID bereinigt\n"
#: g10/import.c:944
#, c-format
msgid "key %s: \"%s\" %d user IDs cleaned\n"
msgstr "Schlüssel %s: \"%s\" %d User-IDs bereinigt\n"
#: g10/import.c:967
#, c-format
msgid "key %s: \"%s\" not changed\n"
msgstr "Schlüssel %s: \"%s\" nicht geändert\n"
#: g10/import.c:1130
#, c-format
msgid "key %s: secret key with invalid cipher %d - skipped\n"
msgstr ""
"Schlüssel %s: geheimer Schlüssel mit ungültiger Verschlüsselung %d - "
"übersprungen\n"
#: g10/import.c:1141
msgid "importing secret keys not allowed\n"
msgstr "Importieren geheimer Schlüssel ist nicht erlaubt\n"
#: g10/import.c:1158 g10/import.c:2396
#, c-format
msgid "no default secret keyring: %s\n"
msgstr "Kein voreingestellter geheimer Schlüsselbund: %s\n"
#: g10/import.c:1169
#, c-format
msgid "key %s: secret key imported\n"
msgstr "Schlüssel %s: geheimer Schlüssel importiert\n"
#: g10/import.c:1199
#, c-format
msgid "key %s: already in secret keyring\n"
msgstr "Schlüssel %s: Ist bereits im geheimen Schlüsselbund\n"
#: g10/import.c:1209
#, c-format
msgid "key %s: secret key not found: %s\n"
msgstr "Schlüssel %s: geheimer Schlüssel nicht gefunden: %s\n"
#: g10/import.c:1239
#, c-format
msgid "key %s: no public key - can't apply revocation certificate\n"
msgstr ""
"Schlüssel %s: Kein öffentlicher Schlüssel - der Schlüsselwiderruf kann nicht "
"angebracht werden\n"
#: g10/import.c:1282
#, c-format
msgid "key %s: invalid revocation certificate: %s - rejected\n"
msgstr "Schlüssel %s: Ungültiges Widerrufzertifikat: %s - zurückgewiesen\n"
#: g10/import.c:1314
#, c-format
msgid "key %s: \"%s\" revocation certificate imported\n"
msgstr "Schlüssel %s: \"%s\" Widerrufzertifikat importiert\n"
#: g10/import.c:1380
#, c-format
msgid "key %s: no user ID for signature\n"
msgstr "Schlüssel %s: Keine User-ID für Signatur\n"
#: g10/import.c:1395
#, c-format
msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
msgstr ""
"Schlüssel %s: Nicht unterstütztes Public-Key-Verfahren für User-ID \"%s\"\n"
#: g10/import.c:1397
#, c-format
msgid "key %s: invalid self-signature on user ID \"%s\"\n"
msgstr "Schlüssel %s: Ungültige Eigenbeglaubigung für User-ID \"%s\"\n"
#: g10/import.c:1415
#, c-format
msgid "key %s: no subkey for key binding\n"
msgstr "Schlüssel %s: Kein Unterschlüssel für die Unterschlüsselanbindung\n"
#: g10/import.c:1426 g10/import.c:1476
#, c-format
msgid "key %s: unsupported public key algorithm\n"
msgstr "Schlüssel %s: Nicht unterstütztes Public-Key-Verfahren\n"
#: g10/import.c:1428
#, c-format
msgid "key %s: invalid subkey binding\n"
msgstr "Schlüssel %s: Ungültige Unterschlüssel-Anbindung\n"
#: g10/import.c:1443
#, c-format
msgid "key %s: removed multiple subkey binding\n"
msgstr "Schlüssel %s: Mehrfache Unterschlüssel-Anbindung entfernt\n"
#: g10/import.c:1465
#, c-format
msgid "key %s: no subkey for key revocation\n"
msgstr "Schlüssel %s: Kein Unterschlüssel für Schlüsselwiderruf\n"
#: g10/import.c:1478
#, c-format
msgid "key %s: invalid subkey revocation\n"
msgstr "Schlüssel %s: Ungültiger Unterschlüsselwiderruf\n"
#: g10/import.c:1493
#, c-format
msgid "key %s: removed multiple subkey revocation\n"
msgstr "Schlüssel %s: Mehrfacher Unterschlüsselwiderruf entfernt\n"
#: g10/import.c:1535
#, c-format
msgid "key %s: skipped user ID \"%s\"\n"
msgstr "Schlüssel %s: User-ID übersprungen \"%s\"\n"
#: g10/import.c:1556
#, c-format
msgid "key %s: skipped subkey\n"
msgstr "Schlüssel %s: Unterschlüssel übersprungen\n"
#: g10/import.c:1583
#, c-format
msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
msgstr ""
"Schlüssel %s: Nicht exportfähige Unterschrift (Klasse %02x) - übersprungen\n"
#: g10/import.c:1593
#, c-format
msgid "key %s: revocation certificate at wrong place - skipped\n"
msgstr "Schlüssel %s: Widerrufzertifikat an falschem Platz - übersprungen\n"
#: g10/import.c:1610
#, c-format
msgid "key %s: invalid revocation certificate: %s - skipped\n"
msgstr "Schlüssel %s: Ungültiges Widerrufzertifikat: %s - übersprungen\n"
#: g10/import.c:1624
#, c-format
msgid "key %s: subkey signature in wrong place - skipped\n"
msgstr ""
"Schlüssel %s: Unterschlüssel-Widerrufzertifikat an falschem Platz - "
"übersprungen\n"
#: g10/import.c:1632
#, c-format
msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
msgstr ""
"Schlüssel %s: unerwartete Unterschriftenklasse (0x%02x) - übersprungen\n"
#: g10/import.c:1744
#, c-format
msgid "key %s: duplicated user ID detected - merged\n"
msgstr "Schlüssel %s: Doppelte User-ID entdeckt - zusammengeführt\n"
#: g10/import.c:1806
#, c-format
msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
msgstr "WARNUNG: Schlüssel %s ist u.U. widerrufen: hole Widerrufschlüssel %s\n"
#: g10/import.c:1820
#, c-format
msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
msgstr ""
"WARNUNG: Schlüssel %s ist u.U. widerrufen: Widerrufschlüssel %s ist nicht "
"vorhanden\n"
#: g10/import.c:1879
#, c-format
msgid "key %s: \"%s\" revocation certificate added\n"
msgstr "Schlüssel %s: \"%s\" Widerrufzertifikat hinzugefügt\n"
#: g10/import.c:1913
#, c-format
msgid "key %s: direct key signature added\n"
msgstr "Schlüssel %s: \"direct-key\"-Signaturen hinzugefügt\n"
#: g10/import.c:2302
msgid "NOTE: a key's S/N does not match the card's one\n"
msgstr ""
"Hinweis: Eine Schlüsselseriennr stimmt nicht mit derjenigen der Karte "
"überein\n"
#: g10/import.c:2310
msgid "NOTE: primary key is online and stored on card\n"
msgstr "Hinweis: Hauptschlüssel ist online und auf der Karte gespeichert\n"
#: g10/import.c:2312
msgid "NOTE: secondary key is online and stored on card\n"
msgstr "Hinweis: Zweitschlüssel ist online und auf der Karte gespeichert\n"
#: g10/keydb.c:168
#, c-format
msgid "error creating keyring `%s': %s\n"
msgstr "Fehler beim Erzeugen des Schlüsselbundes `%s': %s\n"
#: g10/keydb.c:174
#, c-format
msgid "keyring `%s' created\n"
msgstr "Schlüsselbund `%s' erstellt\n"
#: g10/keydb.c:315 g10/keydb.c:318
#, c-format
msgid "keyblock resource `%s': %s\n"
msgstr "Schlüsselblockhilfsmittel`%s': %s\n"
#: g10/keydb.c:697
#, c-format
msgid "failed to rebuild keyring cache: %s\n"
msgstr "Schlüsselbund-Cache konnte nicht neu erzeugt werden: %s\n"
#: g10/keyedit.c:265
msgid "[revocation]"
msgstr "[Widerruf]"
#: g10/keyedit.c:266
msgid "[self-signature]"
msgstr "[Eigenbeglaubigung]"
#: g10/keyedit.c:344 g10/keylist.c:388
msgid "1 bad signature\n"
msgstr "1 falsche Beglaubigung\n"
#: g10/keyedit.c:346 g10/keylist.c:390
#, c-format
msgid "%d bad signatures\n"
msgstr "%d falsche Beglaubigungen\n"
#: g10/keyedit.c:348 g10/keylist.c:392
msgid "1 signature not checked due to a missing key\n"
msgstr "1 Beglaubigung wegen fehlendem Schlüssel nicht geprüft\n"
#: g10/keyedit.c:350 g10/keylist.c:394
#, c-format
msgid "%d signatures not checked due to missing keys\n"
msgstr "%d Beglaubigungen wegen fehlenden Schlüsseln nicht geprüft\n"
#: g10/keyedit.c:352 g10/keylist.c:396
msgid "1 signature not checked due to an error\n"
msgstr "1 Beglaubigung aufgrund von Fehler nicht geprüft\n"
#: g10/keyedit.c:354 g10/keylist.c:398
#, c-format
msgid "%d signatures not checked due to errors\n"
msgstr "%d Beglaubigungen aufgrund von Fehlern nicht geprüft\n"
#: g10/keyedit.c:356
msgid "1 user ID without valid self-signature detected\n"
msgstr "Eine User-ID ohne gültige Eigenbeglaubigung entdeckt\n"
#: g10/keyedit.c:358
#, c-format
msgid "%d user IDs without valid self-signatures detected\n"
msgstr "%d User-IDs ohne gültige Eigenbeglaubigung entdeckt\n"
#: g10/keyedit.c:414 g10/pkclist.c:261
msgid ""
"Please decide how far you trust this user to correctly verify other users' "
"keys\n"
"(by looking at passports, checking fingerprints from different sources, "
"etc.)\n"
msgstr ""
"Bitte entscheiden Sie, in wieweit Sie diesem User zutrauen,\n"
"Schlüssel anderer User korrekt zu prüfen (durch Vergleich\n"
"mit Lichtbildausweisen, Vergleich der Fingerabdrücke aus\n"
"unterschiedlichen Quellen ...)?\n"
"\n"
#: g10/keyedit.c:418 g10/pkclist.c:273
#, c-format
msgid " %d = I trust marginally\n"
msgstr " %d = Ich vertraue ihm marginal\n"
#: g10/keyedit.c:419 g10/pkclist.c:275
#, c-format
msgid " %d = I trust fully\n"
msgstr " %d = Ich vertraue ihm vollständig\n"
#: g10/keyedit.c:438
msgid ""
"Please enter the depth of this trust signature.\n"
"A depth greater than 1 allows the key you are signing to make\n"
"trust signatures on your behalf.\n"
msgstr ""
"Geben Sie bitte die Tiefe dieser \"Trust\"-Unterschrift ein.\n"
"Eine Tiefe größer 1 erlaubt dem zu unterschreibenden Schlüssel\n"
"Trust-Signatures für Sie zu machen.\n"
#: g10/keyedit.c:454
msgid "Please enter a domain to restrict this signature, or enter for none.\n"
msgstr ""
"Geben Sie bitte eine Domain ein, um die Unterschrift einzuschränken,\n"
"oder nur die Eingabetaste für keine Domain\n"
#: g10/keyedit.c:598
#, c-format
msgid "User ID \"%s\" is revoked."
msgstr "User-ID \"%s\" ist widerrufen."
#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
#: g10/keyedit.c:895 g10/keyedit.c:1753
msgid "Are you sure you still want to sign it? (y/N) "
msgstr "Wollen Sie ihn immer noch beglaubigen? (j/N) "
#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
#: g10/keyedit.c:1759
msgid " Unable to sign.\n"
msgstr " Beglaubigen ist nicht möglich.\n"
#: g10/keyedit.c:626
#, c-format
msgid "User ID \"%s\" is expired."
msgstr "User-ID \"%s\" ist abgelaufen."
#: g10/keyedit.c:654
#, c-format
msgid "User ID \"%s\" is not self-signed."
msgstr "User-ID \"%s\" ist nicht eigenbeglaubigt."
#: g10/keyedit.c:682
#, c-format
msgid "User ID \"%s\" is signable. "
msgstr "User-ID \"%s\" ist unterschreibbar."
#: g10/keyedit.c:684
msgid "Sign it? (y/N) "
msgstr "Wirklich unterschreiben? (j/N) "
#: g10/keyedit.c:706
#, c-format
msgid ""
"The self-signature on \"%s\"\n"
"is a PGP 2.x-style signature.\n"
msgstr ""
"Die Eigenbeglaubigung von \"%s\"\n"
"ist eine PGP 2.x artige Signatur.\n"
#: g10/keyedit.c:715
msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
msgstr "Soll sie zu einer OpenPGP Eigenbeglaubigung geändert werden? (j/N) "
#: g10/keyedit.c:729
#, c-format
msgid ""
"Your current signature on \"%s\"\n"
"has expired.\n"
msgstr ""
"Ihre derzeitige Beglaubigung von \"%s\"\n"
"ist abgelaufen.\n"
#: g10/keyedit.c:733
msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
msgstr ""
"Soll eine neue Beglaubigung als Ersatz für die abgelaufene erstellt werden? "
"(J/n) "
#: g10/keyedit.c:754
#, c-format
msgid ""
"Your current signature on \"%s\"\n"
"is a local signature.\n"
msgstr ""
"Die derzeitige Beglaubigung von \"%s\"\n"
"ist nur für diesen Rechner gültig.\n"
#: g10/keyedit.c:758
msgid "Do you want to promote it to a full exportable signature? (y/N) "
msgstr ""
"Soll sie zu einer voll exportierbaren Beglaubigung erhoben werden? (j/N) "
#: g10/keyedit.c:779
#, c-format
msgid "\"%s\" was already locally signed by key %s\n"
msgstr "\"%s\" wurde bereits durch Schlüssel %s lokal beglaubigt\n"
#: g10/keyedit.c:782
#, c-format
msgid "\"%s\" was already signed by key %s\n"
msgstr "\"%s\" wurde bereits durch Schlüssel %s beglaubigt\n"
#: g10/keyedit.c:787
msgid "Do you want to sign it again anyway? (y/N) "
msgstr "Wollen Sie ihn immer noch wieder beglaubigen? (j/N) "
#: g10/keyedit.c:809
#, c-format
msgid "Nothing to sign with key %s\n"
msgstr "Nichts zu beglaubigen für Schlüssel %s\n"
#: g10/keyedit.c:824
msgid "This key has expired!"
msgstr "Dieser Schlüssel ist verfallen!"
#: g10/keyedit.c:842
#, c-format
msgid "This key is due to expire on %s.\n"
msgstr "Dieser Schlüssel wird %s verfallen.\n"
#: g10/keyedit.c:848
msgid "Do you want your signature to expire at the same time? (Y/n) "
msgstr "Soll Ihre Beglaubigung zur selben Zeit verfallen? (J/n) "
#: g10/keyedit.c:888
msgid ""
"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
"mode.\n"
msgstr ""
"Im --pgp2-Modus kann nur mit PGP-2.x-artigen Schlüsseln unterschrieben "
"werden\n"
#: g10/keyedit.c:890
msgid "This would make the key unusable in PGP 2.x.\n"
msgstr "Dies würde den Schlüssel für PGP 2.x unbrauchbar machen\n"
#: g10/keyedit.c:915
msgid ""
"How carefully have you verified the key you are about to sign actually "
"belongs\n"
"to the person named above? If you don't know what to answer, enter \"0\".\n"
msgstr ""
"Wie genau haben Sie überprüft, ob der Schlüssel, den Sie jetzt beglaubigen\n"
"wollen, wirklich der o.g. Person gehört?\n"
"Wenn Sie darauf keine Antwort wissen, geben Sie \"0\" ein.\n"
#: g10/keyedit.c:920
#, c-format
msgid " (0) I will not answer.%s\n"
msgstr " (0) Ich antworte nicht.%s\n"
#: g10/keyedit.c:922
#, c-format
msgid " (1) I have not checked at all.%s\n"
msgstr " (1) Ich habe es überhaupt nicht überprüft.%s\n"
#: g10/keyedit.c:924
#, c-format
msgid " (2) I have done casual checking.%s\n"
msgstr " (2) Ich habe es flüchtig überprüft.%s\n"
#: g10/keyedit.c:926
#, c-format
msgid " (3) I have done very careful checking.%s\n"
msgstr " (3) Ich habe es sehr sorgfältig überprüft.%s\n"
# translated by wk
#: g10/keyedit.c:932
msgid "Your selection? (enter `?' for more information): "
msgstr "Ihre Auswahl? ('?' für weitere Informationen): "
#: g10/keyedit.c:956
#, c-format
msgid ""
"Are you sure that you want to sign this key with your\n"
"key \"%s\" (%s)\n"
msgstr ""
"Sind Sie wirklich sicher, daß Sie vorstehenden Schlüssel mit Ihrem\n"
"Schlüssel \"%s\" (%s) beglaubigen wollen\n"
#: g10/keyedit.c:963
msgid "This will be a self-signature.\n"
msgstr "Dies wird eine Eigenbeglaubigung sein.\n"
#: g10/keyedit.c:969
msgid "WARNING: the signature will not be marked as non-exportable.\n"
msgstr ""
"WARNUNG: Die Unterschrift wird nicht als nicht-exportierbar markiert "
"werden.\n"
#: g10/keyedit.c:977
msgid "WARNING: the signature will not be marked as non-revocable.\n"
msgstr ""
"WARNUNG: Die Unterschrift wird nicht als unwiderrufbar markiert werden.\n"
#: g10/keyedit.c:987
msgid "The signature will be marked as non-exportable.\n"
msgstr "Die Unterschrift wird als nicht-exportfähig markiert werden.\n"
#: g10/keyedit.c:994
msgid "The signature will be marked as non-revocable.\n"
msgstr "Die Unterschrift wird als nicht-exportfähig markiert werden.\n"
#: g10/keyedit.c:1001
msgid "I have not checked this key at all.\n"
msgstr "Ich habe diesen Schlüssel überhaupt nicht überprüft.\n"
#: g10/keyedit.c:1006
msgid "I have checked this key casually.\n"
msgstr "Ich habe diesen Schlüssel flüchtig überprüft.\n"
#: g10/keyedit.c:1011
msgid "I have checked this key very carefully.\n"
msgstr "Ich habe diesen Schlüssel sehr sorgfältig überprüft.\n"
#: g10/keyedit.c:1021
msgid "Really sign? (y/N) "
msgstr "Wirklich unterschreiben? (j/N) "
#: g10/keyedit.c:1066 g10/keyedit.c:4803 g10/keyedit.c:4894 g10/keyedit.c:4958
#: g10/keyedit.c:5019 g10/sign.c:316
#, c-format
msgid "signing failed: %s\n"
msgstr "Beglaubigung fehlgeschlagen: %s\n"
#: g10/keyedit.c:1131
msgid "Key has only stub or on-card key items - no passphrase to change.\n"
msgstr ""
"Der Schlüssel enthält nur \"stub\"- oder \"on-card\"-Schüsselelemente- keine "
"Passphrase ist zu ändern.\n"
#: g10/keyedit.c:1142 g10/keygen.c:3516
msgid "This key is not protected.\n"
msgstr "Dieser Schlüssel ist nicht geschützt.\n"
#: g10/keyedit.c:1146 g10/keygen.c:3503 g10/revoke.c:538
msgid "Secret parts of primary key are not available.\n"
msgstr "Geheime Teile des Haupschlüssels sind nicht vorhanden\n"
#: g10/keyedit.c:1150 g10/keygen.c:3519
msgid "Secret parts of primary key are stored on-card.\n"
msgstr "Geheime Teile des Haupschlüssels sind auf der Karte gespeichert.\n"
#: g10/keyedit.c:1154 g10/keygen.c:3523
msgid "Key is protected.\n"
msgstr "Schlüssel ist geschützt.\n"
#: g10/keyedit.c:1178
#, c-format
msgid "Can't edit this key: %s\n"
msgstr "Dieser Schlüssel kann nicht editiert werden: %s\n"
#: g10/keyedit.c:1184
msgid ""
"Enter the new passphrase for this secret key.\n"
"\n"
msgstr ""
"Geben Sie die neue Passphrase für diesen geheimen Schlüssel ein.\n"
"\n"
#: g10/keyedit.c:1199 g10/keygen.c:2116
msgid "passphrase not correctly repeated; try again"
msgstr "Passphrase wurde nicht richtig wiederholt; noch einmal versuchen"
#: g10/keyedit.c:1204
msgid ""
"You don't want a passphrase - this is probably a *bad* idea!\n"
"\n"
msgstr ""
"Sie wollen keine Passphrase - dies ist *nicht* zu empfehlen!\n"
"\n"
#: g10/keyedit.c:1207
msgid "Do you really want to do this? (y/N) "
msgstr "Möchten Sie dies wirklich tun? (j/N) "
#: g10/keyedit.c:1278
msgid "moving a key signature to the correct place\n"
msgstr "schiebe eine Beglaubigung an die richtige Stelle\n"
#: g10/keyedit.c:1364
msgid "save and quit"
msgstr "speichern und Menü verlassen"
#: g10/keyedit.c:1367
msgid "show key fingerprint"
msgstr "Fingerabdruck des Schlüssels anzeigen"
#: g10/keyedit.c:1368
msgid "list key and user IDs"
msgstr "Schlüssel und User-IDs auflisten"
#: g10/keyedit.c:1370
msgid "select user ID N"
msgstr "User-ID N auswählen"
#: g10/keyedit.c:1371
msgid "select subkey N"
msgstr "Unterschlüssel N auswählen"
#: g10/keyedit.c:1372
msgid "check signatures"
msgstr "Signaturen prüfen"
#: g10/keyedit.c:1377
msgid "sign selected user IDs [* see below for related commands]"
msgstr "die ausgewählten User-IDs beglaubigen [* für verwandte Befehle s.u.]"
#: g10/keyedit.c:1382
msgid "sign selected user IDs locally"
msgstr "Die ausgewählte User-ID nur für diesen Rechner beglaubigen"
#: g10/keyedit.c:1384
msgid "sign selected user IDs with a trust signature"
msgstr "Die ausgewählte User-ID mit einer \"Trust\"-Unterschrift beglaubigen"
#: g10/keyedit.c:1386
msgid "sign selected user IDs with a non-revocable signature"
msgstr "die ausgewählten User-ID unwiderrufbar beglaubigen"
#: g10/keyedit.c:1390
msgid "add a user ID"
msgstr "Eine User-ID hinzufügen"
#: g10/keyedit.c:1392
msgid "add a photo ID"
msgstr "Eine Foto-ID hinzufügen"
#: g10/keyedit.c:1394
msgid "delete selected user IDs"
msgstr "ausgewählte User-IDs entfernen"
#: g10/keyedit.c:1399
msgid "add a subkey"
msgstr "einen Unterschlüssel hinzufügen"
#: g10/keyedit.c:1403
msgid "add a key to a smartcard"
msgstr "der Smartcard einen Schlssel hinzufgen"
#: g10/keyedit.c:1405
msgid "move a key to a smartcard"
msgstr "einen Schlssel auf die Smartcard schieben"
#: g10/keyedit.c:1407
msgid "move a backup key to a smartcard"
msgstr "eine Sicherungskopie des Schlssels auf die Smartcard schieben"
#: g10/keyedit.c:1411
msgid "delete selected subkeys"
msgstr "ausgewählte Unterschlüssel entfernen"
#: g10/keyedit.c:1413
msgid "add a revocation key"
msgstr "Einen Widerrufschlüssel hinzufügen"
#: g10/keyedit.c:1415
msgid "delete signatures from the selected user IDs"
msgstr "Beglaubigungen der ausgewählten User-IDs entfernen"
#: g10/keyedit.c:1417
msgid "change the expiration date for the key or selected subkeys"
msgstr ""
"das Verfallsdatum des Schlüssel oder ausgewählter Unterschlüssels ändern"
#: g10/keyedit.c:1419
msgid "flag the selected user ID as primary"
msgstr "User-ID als Haupt-User-ID kennzeichnen"
#: g10/keyedit.c:1421
msgid "toggle between the secret and public key listings"
msgstr "Umschalten zwischen dem Auflisten geheimer und öffentlicher Schlüssel"
#: g10/keyedit.c:1424
msgid "list preferences (expert)"
msgstr "Liste der Voreinstellungen (für Experten)"
#: g10/keyedit.c:1426
msgid "list preferences (verbose)"
msgstr "Liste der Voreinstellungen (ausführlich)"
#: g10/keyedit.c:1428
msgid "set preference list for the selected user IDs"
msgstr "ändern der Voreinstellungsliste der ausgewählten User-IDs"
#: g10/keyedit.c:1433
msgid "set the preferred keyserver URL for the selected user IDs"
msgstr ""
"Setze die URL des bevorzugten Schlüsselservers für die ausgewählten User-IDs"
#: g10/keyedit.c:1435
msgid "set a notation for the selected user IDs"
msgstr "Eine Notation für die ausgewählten User-IDs setzen"
#: g10/keyedit.c:1437
msgid "change the passphrase"
msgstr "Die Passphrase ändern"
#: g10/keyedit.c:1441
msgid "change the ownertrust"
msgstr "Den \"Owner trust\" ändern"
#: g10/keyedit.c:1443
msgid "revoke signatures on the selected user IDs"
msgstr "Beglaubigungen der ausgewählten User-IDs widerrufen"
#: g10/keyedit.c:1445
msgid "revoke selected user IDs"
msgstr "Ausgewählte User-ID widerrufen"
#: g10/keyedit.c:1450
msgid "revoke key or selected subkeys"
msgstr "Schlüssel oder ausgewählten Unterschlüssel widerrufen"
#: g10/keyedit.c:1451
msgid "enable key"
msgstr "Schlüssel anschalten"
#: g10/keyedit.c:1452
msgid "disable key"
msgstr "Schlüssel abschalten"
#: g10/keyedit.c:1453
msgid "show selected photo IDs"
msgstr "ausgewählte Foto-IDs anzeigen"
#: g10/keyedit.c:1455
msgid "compact unusable user IDs and remove unusable signatures from key"
msgstr ""
"unbrauchbare User-IDs verkleinern und unbrauchbare Unterschrifen aus dem "
"Schlüssel entfernen"
#: g10/keyedit.c:1457
msgid "compact unusable user IDs and remove all signatures from key"
msgstr ""
"unbrauchbare User-IDs verkleinern und alle Unterschrifen aus dem Schlüssel "
"entfernen"
#: g10/keyedit.c:1579
#, c-format
msgid "error reading secret keyblock \"%s\": %s\n"
msgstr "Fehler beim Lesen des geheimen Schlüsselblocks \"%s\": %s\n"
#: g10/keyedit.c:1597
msgid "Secret key is available.\n"
msgstr "Geheimer Schlüssel ist vorhanden.\n"
#: g10/keyedit.c:1680
msgid "Need the secret key to do this.\n"
msgstr "Hierzu wird der geheime Schlüssel benötigt.\n"
#: g10/keyedit.c:1688
msgid "Please use the command \"toggle\" first.\n"
msgstr "Bitte verwenden sie zunächst den Befehl \"toggle\"\n"
#: g10/keyedit.c:1707
msgid ""
"* The `sign' command may be prefixed with an `l' for local signatures "
"(lsign),\n"
" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
msgstr ""
"* Dem `sign'-Befehl darf ein `l' für nicht exportfähige Signaturen "
"vorangestellt werden (\"lsign\"),\n"
" ein `t' für 'Trust'-Unterschrift (\"tsign\"), ein `nr' für unwiderrufbare "
"Unterschriften\n"
" (\"nrsign\"), oder jede Kombination davon (\"ltsign\", \"tnrsign\", etc.).\n"
#: g10/keyedit.c:1747
msgid "Key is revoked."
msgstr "Schlüssel wurde widerrufen."
#: g10/keyedit.c:1766
msgid "Really sign all user IDs? (y/N) "
msgstr "Wirklich alle User-IDs beglaubigen? "
#: g10/keyedit.c:1773
msgid "Hint: Select the user IDs to sign\n"
msgstr "Tip: Wählen Sie die User-IDs, die beglaubigt werden sollen\n"
#: g10/keyedit.c:1782
#, c-format
msgid "Unknown signature type `%s'\n"
msgstr "Unbekannter Unterschriftentyp `%s'\n"
#: g10/keyedit.c:1805
#, c-format
msgid "This command is not allowed while in %s mode.\n"
msgstr "Dieser Befehl ist im %s-Modus nicht erlaubt.\n"
#: g10/keyedit.c:1827 g10/keyedit.c:1847 g10/keyedit.c:2013
msgid "You must select at least one user ID.\n"
msgstr "Zumindestens eine User-ID muß ausgewählt werden.\n"
#: g10/keyedit.c:1829
msgid "You can't delete the last user ID!\n"
msgstr "Die letzte User-ID kann nicht gelöscht werden!\n"
#: g10/keyedit.c:1831
msgid "Really remove all selected user IDs? (y/N) "
msgstr "Möchten Sie alle ausgewählten User-IDs wirklich entfernen? (j/N) "
#: g10/keyedit.c:1832
msgid "Really remove this user ID? (y/N) "
msgstr "Diese User-ID wirklich entfernen? (j/N) "
#: g10/keyedit.c:1882
msgid "Really move the primary key? (y/N) "
msgstr "Den Hauptschlüssel wirklich verschieben? (j/N) "
#: g10/keyedit.c:1894
msgid "You must select exactly one key.\n"
msgstr "Sie müssen genau einen Schlüssel auswählen.\n"
#: g10/keyedit.c:1922
msgid "Command expects a filename argument\n"
msgstr "Befehl benötigt einen Dateinamen als Argument\n"
#: g10/keyedit.c:1936
#, c-format
msgid "Can't open `%s': %s\n"
msgstr "'%s' kann nicht geöffnet werden: %s\n"
#: g10/keyedit.c:1953
#, c-format
msgid "Error reading backup key from `%s': %s\n"
msgstr "Fehler beim Lesen der Sicherungskopie des Schlüssels von `%s': %s\n"
#: g10/keyedit.c:1977
msgid "You must select at least one key.\n"
msgstr "Zumindestens ein Schlüssel muß ausgewählt werden.\n"
#: g10/keyedit.c:1980
msgid "Do you really want to delete the selected keys? (y/N) "
msgstr "Möchten Sie die ausgewählten Schlüssel wirklich entfernen? (j/N) "
#: g10/keyedit.c:1981
msgid "Do you really want to delete this key? (y/N) "
msgstr "Möchten Sie diesen Schlüssel wirklich entfernen? (j/N) "
#: g10/keyedit.c:2016
msgid "Really revoke all selected user IDs? (y/N) "
msgstr "Möchten Sie wirklich alle ausgewählten User-IDs widerrufen? (j/N) "
#: g10/keyedit.c:2017
msgid "Really revoke this user ID? (y/N) "
msgstr "Diese User-ID wirklich widerrufen? (j/N) "
#: g10/keyedit.c:2035
msgid "Do you really want to revoke the entire key? (y/N) "
msgstr "Möchten Sie diesen Schlüssel wirklich vollständig widerrufen? "
#: g10/keyedit.c:2046
msgid "Do you really want to revoke the selected subkeys? (y/N) "
msgstr "Möchten Sie die ausgewählten Unterschlüssel wirklich widerrufen? "
#: g10/keyedit.c:2048
msgid "Do you really want to revoke this subkey? (y/N) "
msgstr "Möchten Sie diesen Schlüssel wirklich widerrufen? "
#: g10/keyedit.c:2098
msgid "Owner trust may not be set while using a user provided trust database\n"
msgstr ""
"\"Owner trust\" kann nicht gesetzt werden, wenn eine anwendereigene 'Trust'-"
"Datenbank benutzt wird\n"
#: g10/keyedit.c:2140
msgid "Set preference list to:\n"
msgstr "Setze die Liste der Voreinstellungen auf:\n"
#: g10/keyedit.c:2146
msgid "Really update the preferences for the selected user IDs? (y/N) "
msgstr ""
"Möchten Sie die Voreinstellungen der ausgewählten User-IDs wirklich ändern? "
"(j/N) "
#: g10/keyedit.c:2148
msgid "Really update the preferences? (y/N) "
msgstr "Die Voreinstellungen wirklich ändern? (j/N) "
#: g10/keyedit.c:2216
msgid "Save changes? (y/N) "
msgstr "Änderungen speichern? "
#: g10/keyedit.c:2219
msgid "Quit without saving? (y/N) "
msgstr "Beenden ohne zu speichern? "
#: g10/keyedit.c:2229
#, c-format
msgid "update failed: %s\n"
msgstr "Änderung fehlgeschlagen: %s\n"
#: g10/keyedit.c:2236
#, c-format
msgid "update secret failed: %s\n"
msgstr "Änderung des Geheimnisses fehlgeschlagen: %s\n"
#: g10/keyedit.c:2243
msgid "Key not changed so no update needed.\n"
msgstr "Schlüssel ist nicht geändert worden, also ist kein Speichern nötig.\n"
#: g10/keyedit.c:2343
msgid "Digest: "
msgstr "Digest: "
#: g10/keyedit.c:2394
msgid "Features: "
msgstr "Eigenschaften: "
#: g10/keyedit.c:2405
msgid "Keyserver no-modify"
msgstr "Keyserver no-modify"
#: g10/keyedit.c:2420 g10/keylist.c:306
msgid "Preferred keyserver: "
msgstr "Bevorzugter Schlüsselserver:"
#: g10/keyedit.c:2428 g10/keyedit.c:2429
msgid "Notations: "
msgstr "\"Notationen\": "
#: g10/keyedit.c:2639
msgid "There are no preferences on a PGP 2.x-style user ID.\n"
msgstr "PGP 2.x-artige Schlüssel haben keine Voreinstellungen.\n"
#: g10/keyedit.c:2698
#, c-format
msgid "This key was revoked on %s by %s key %s\n"
msgstr "Dieser Schlüssel wurde am %s von %s Schlüssel %s widerrufen\n"
#: g10/keyedit.c:2719
#, c-format
msgid "This key may be revoked by %s key %s"
msgstr ""
"Dieser Schlüssel könnte durch %s mit Schlüssel %s widerrufen worden sein"
#: g10/keyedit.c:2725
msgid "(sensitive)"
msgstr "(empfindlich)"
#: g10/keyedit.c:2741 g10/keyedit.c:2797 g10/keyedit.c:2858 g10/keyedit.c:2873
#: g10/keylist.c:192 g10/keyserver.c:521
#, c-format
msgid "created: %s"
msgstr "erzeugt: %s"
#: g10/keyedit.c:2744 g10/keylist.c:769 g10/keylist.c:863 g10/mainproc.c:983
#, c-format
msgid "revoked: %s"
msgstr "widerrufen: %s"
#: g10/keyedit.c:2746 g10/keylist.c:740 g10/keylist.c:775 g10/keylist.c:869
#, c-format
msgid "expired: %s"
msgstr "verfallen: %s"
#: g10/keyedit.c:2748 g10/keyedit.c:2799 g10/keyedit.c:2860 g10/keyedit.c:2875
#: g10/keylist.c:194 g10/keylist.c:746 g10/keylist.c:781 g10/keylist.c:875
#: g10/keylist.c:896 g10/keyserver.c:527 g10/mainproc.c:989
#, c-format
msgid "expires: %s"
msgstr "verfällt: %s"
#: g10/keyedit.c:2750
#, c-format
msgid "usage: %s"
msgstr "Aufruf: %s"
#: g10/keyedit.c:2765
#, c-format
msgid "trust: %s"
msgstr "Vertrauen: %s"
#: g10/keyedit.c:2769
#, c-format
msgid "validity: %s"
msgstr "Gültigkeit: %s"
#: g10/keyedit.c:2776
msgid "This key has been disabled"
msgstr "Hinweis: Dieser Schlüssel ist abgeschaltet"
#: g10/keyedit.c:2804 g10/keylist.c:198
msgid "card-no: "
msgstr "Kartennummer:"
#: g10/keyedit.c:2828
msgid ""
"Please note that the shown key validity is not necessarily correct\n"
"unless you restart the program.\n"
msgstr ""
"Bitte beachten Sie, daß ohne einen Programmneustart die angezeigte\n"
"Schlüsselgültigkeit nicht notwendigerweise korrekt ist.\n"
#: g10/keyedit.c:2892 g10/keyedit.c:3238 g10/keyserver.c:531
#: g10/mainproc.c:1835 g10/trustdb.c:1173 g10/trustdb.c:1693
msgid "revoked"
msgstr "widerrufen"
#: g10/keyedit.c:2894 g10/keyedit.c:3240 g10/keyserver.c:535
#: g10/mainproc.c:1837 g10/trustdb.c:526 g10/trustdb.c:1695
msgid "expired"
msgstr "verfallen"
# translated by wk
#: g10/keyedit.c:2959
msgid ""
"WARNING: no user ID has been marked as primary. This command may\n"
" cause a different user ID to become the assumed primary.\n"
msgstr ""
"WARNUNG: Keine User-ID ist als primär markiert. Dieser Befehl kann\n"
"dazu führen, daß eine andere User-ID as primär angesehen wird.\n"
#: g10/keyedit.c:3020
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
" of PGP to reject this key.\n"
msgstr ""
"WARNUNG: Dies ist ein PGP2-artiger Schlüssel. Hinzufügen einer Foto-ID "
"könnte\n"
" bei einigen PGP-Versionen zur Zurückweisung des Schlüssels führen.\n"
#: g10/keyedit.c:3025 g10/keyedit.c:3360
msgid "Are you sure you still want to add it? (y/N) "
msgstr "Wollen Sie ihn immer noch hinzufügen? (j/N) "
#: g10/keyedit.c:3031
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Sie können einem PGP2-artigen SchlüÂüsel keine Foto-ID hinzufügen.\n"
#: g10/keyedit.c:3171
msgid "Delete this good signature? (y/N/q)"
msgstr "Diese korrekte Beglaubigung entfernen? (j/N/q)"
#: g10/keyedit.c:3181
msgid "Delete this invalid signature? (y/N/q)"
msgstr "Diese ungültige Beglaubigung entfernen= (j/N/q)"
#: g10/keyedit.c:3185
msgid "Delete this unknown signature? (y/N/q)"
msgstr "Diese unbekannte Beglaubigung entfernen? (j/N/q)"
#: g10/keyedit.c:3191
msgid "Really delete this self-signature? (y/N)"
msgstr "Eigenbeglaubigung wirklich entfernen? (j/N)"
#: g10/keyedit.c:3205
#, c-format
msgid "Deleted %d signature.\n"
msgstr "%d Beglaubigungen entfernt.\n"
#: g10/keyedit.c:3206
#, c-format
msgid "Deleted %d signatures.\n"
msgstr "%d Beglaubigungen entfernt.\n"
#: g10/keyedit.c:3209
msgid "Nothing deleted.\n"
msgstr "Nichts entfernt.\n"
#: g10/keyedit.c:3242 g10/trustdb.c:1697
msgid "invalid"
msgstr "ungültig"
#: g10/keyedit.c:3244
#, c-format
msgid "User ID \"%s\" compacted: %s\n"
msgstr "User-ID \"%s\" bereits verkleinert: %s\n"
#: g10/keyedit.c:3251
#, c-format
msgid "User ID \"%s\": %d signature removed\n"
msgstr "User-ID \"%s\": %d Signatur entfernt\n"
#: g10/keyedit.c:3252
#, c-format
msgid "User ID \"%s\": %d signatures removed\n"
msgstr "User-ID \"%s\": %d Signaturen entfernt\n"
#: g10/keyedit.c:3260
#, c-format
msgid "User ID \"%s\": already minimized\n"
msgstr "User-ID \"%s\": bereits minimiert\n"
#: g10/keyedit.c:3261
#, c-format
msgid "User ID \"%s\": already clean\n"
msgstr "User-ID \"%s\": bereits sauber\n"
#: g10/keyedit.c:3355
msgid ""
"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
"cause\n"
" some versions of PGP to reject this key.\n"
msgstr ""
"WARNUNG: Dies ist ein PGP2-artiger Schlüssel. Hinzufügen eines vorgesehenen\n"
" Widerrufers könnte bei einigen PGP-Versionen zur Zurückweisung\n"
" des Schlüssels führen.\n"
#: g10/keyedit.c:3366
msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
msgstr ""
"Sie können einem PGP2-artigen SchlüÂüsel keine vorgesehenen Widerrufer "
"hinzufügen.\n"
#: g10/keyedit.c:3386
msgid "Enter the user ID of the designated revoker: "
msgstr "Geben sie die User-ID des designierten Widerrufers ein: "
#: g10/keyedit.c:3411
msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
msgstr ""
"Ein PGP 2.x-artiger Schlüssel kann nicht als vorgesehener Widerrufer "
"eingetragen werden\n"
#: g10/keyedit.c:3426
msgid "you cannot appoint a key as its own designated revoker\n"
msgstr "Ein Schlüssel kann nicht sein eigener vorgesehener Widerrufer werden\n"
#: g10/keyedit.c:3448
msgid "this key has already been designated as a revoker\n"
msgstr "Dieser Schlüssel wurde bereits als ein Widerrufer vorgesehen\n"
#: g10/keyedit.c:3467
msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
msgstr ""
"WARNUNG: Einen Schlüssel als vorgesehenen Widerrufer zu deklarieren, kann "
"nicht rückgangig gemacht werden!\n"
#: g10/keyedit.c:3473
msgid ""
"Are you sure you want to appoint this key as a designated revoker? (y/N) "
msgstr ""
"Möchten Sie diesen Schlüssel wirklich als vorgesehenen Widerrufer festlegen? "
"(j/N): "
#: g10/keyedit.c:3534
msgid "Please remove selections from the secret keys.\n"
msgstr "Bitte entfernen Sie die Auswahl von den geheimen Schlüsseln.\n"
#: g10/keyedit.c:3540
msgid "Please select at most one subkey.\n"
msgstr "Bitte wählen Sie höchstens einen Unterschlüssel aus.\n"
#: g10/keyedit.c:3544
msgid "Changing expiration time for a subkey.\n"
msgstr "Ändern des Verfallsdatums des Unterschlüssels.\n"
#: g10/keyedit.c:3547
msgid "Changing expiration time for the primary key.\n"
msgstr "Ändern des Verfallsdatums des Hauptschlüssels.\n"
#: g10/keyedit.c:3593
msgid "You can't change the expiration date of a v3 key\n"
msgstr "Sie können das Verfallsdatum eines v3-Schlüssels nicht ändern\n"
#: g10/keyedit.c:3609
msgid "No corresponding signature in secret ring\n"
msgstr "Keine entsprechende Signatur im geheimen Schlüsselbund\n"
#: g10/keyedit.c:3687
#, c-format
msgid "signing subkey %s is already cross-certified\n"
msgstr "Signaturunterschlüssel %s ist bereits rücksigniert\n"
#: g10/keyedit.c:3693
#, c-format
msgid "subkey %s does not sign and so does not need to be cross-certified\n"
msgstr ""
"Unterschlüssel %s ist des Unterschreibens nicht mächtig und braucht deshalb "
"keine Rücksignatur\n"
#: g10/keyedit.c:3856
msgid "Please select exactly one user ID.\n"
msgstr "Bitte genau eine User-ID auswählen.\n"
#: g10/keyedit.c:3895 g10/keyedit.c:4005 g10/keyedit.c:4125 g10/keyedit.c:4266
#, c-format
msgid "skipping v3 self-signature on user ID \"%s\"\n"
msgstr "Überspringen der v3 Eigenbeglaubigung von User-ID \"%s\"\n"
#: g10/keyedit.c:4066
msgid "Enter your preferred keyserver URL: "
msgstr "Geben Sie die URL Ihres bevorzugten Schlüsselservers ein: "
#: g10/keyedit.c:4146
msgid "Are you sure you want to replace it? (y/N) "
msgstr "Wollen Sie ihn wirklich ersetzen? (j/N) "
#: g10/keyedit.c:4147
msgid "Are you sure you want to delete it? (y/N) "
msgstr "Wollen Sie ihn wirklich löschen? (j/N) "
#: g10/keyedit.c:4209
msgid "Enter the notation: "
msgstr "Geben Sie die \"Notation\" ein: "
#: g10/keyedit.c:4358
msgid "Proceed? (y/N) "
msgstr "Fortfahren (j/N)? "
#: g10/keyedit.c:4422
#, c-format
msgid "No user ID with index %d\n"
msgstr "Keine User-ID mit Index %d\n"
#: g10/keyedit.c:4480
#, c-format
msgid "No user ID with hash %s\n"
msgstr "Keine User-ID mit Hash %s\n"
#: g10/keyedit.c:4507
#, c-format
msgid "No subkey with index %d\n"
msgstr "Kein Unterschlüssel mit Index %d\n"
#: g10/keyedit.c:4642
#, c-format
msgid "user ID: \"%s\"\n"
msgstr "User-ID: \"%s\"\n"
#: g10/keyedit.c:4645 g10/keyedit.c:4709 g10/keyedit.c:4752
#, c-format
msgid "signed by your key %s on %s%s%s\n"
msgstr " beglaubigt durch Ihren Schlüssel %s am %s%s%s\n"
#: g10/keyedit.c:4647 g10/keyedit.c:4711 g10/keyedit.c:4754
msgid " (non-exportable)"
msgstr " (nicht-exportierbar)"
#: g10/keyedit.c:4651
#, c-format
msgid "This signature expired on %s.\n"
msgstr "Diese Unterschrift ist seit %s verfallen.\n"
#: g10/keyedit.c:4655
msgid "Are you sure you still want to revoke it? (y/N) "
msgstr "Wollen Sie ihn immer noch widerrufen? (j/N) "
#: g10/keyedit.c:4659
msgid "Create a revocation certificate for this signature? (y/N) "
msgstr "Ein Widerrufszertifikat für diese Unterschrift erzeugen (j/N)"
#: g10/keyedit.c:4686
#, c-format
msgid "You have signed these user IDs on key %s:\n"
msgstr "Sie haben folgende User-IDs des Schlüssels %s beglaubigt:\n"
#: g10/keyedit.c:4712
msgid " (non-revocable)"
msgstr " (unwiderrufbar)"
#: g10/keyedit.c:4719
#, c-format
msgid "revoked by your key %s on %s\n"
msgstr "widerrufen durch Ihren Schlüssel %s um %s\n"
#: g10/keyedit.c:4741
msgid "You are about to revoke these signatures:\n"
msgstr "Es werden nun folgende Beglaubigungen entfernt:\n"
#: g10/keyedit.c:4761
msgid "Really create the revocation certificates? (y/N) "
msgstr "Wirklich ein Unterschrift-Widerrufszertifikat erzeugen? (j/N) "
#: g10/keyedit.c:4791
msgid "no secret key\n"
msgstr "Kein geheimer Schlüssel\n"
#: g10/keyedit.c:4861
#, c-format
msgid "user ID \"%s\" is already revoked\n"
msgstr "User-ID \"%s\" ist bereits widerrufen\n"
#: g10/keyedit.c:4878
#, c-format
msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
msgstr ""
"WARNUNG: Eine User-ID-Unterschrift datiert mit %d Sekunden aus der Zukunft\n"
#: g10/keyedit.c:4942
#, c-format
msgid "Key %s is already revoked.\n"
msgstr "Schlüssel %s ist bereits widerrufen\n"
#: g10/keyedit.c:5004
#, c-format
msgid "Subkey %s is already revoked.\n"
msgstr "Unterschlüssel %s ist bereits widerrufen\n"
#: g10/keyedit.c:5099
#, c-format
msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
msgstr "Anzeigen einer %s Foto-ID (Größe %ld) für Schlüssel %s (User-ID %d)\n"
#: g10/keygen.c:268
#, c-format
msgid "preference `%s' duplicated\n"
msgstr "Voreinstellung `%s' ist doppelt\n"
#: g10/keygen.c:275
msgid "too many cipher preferences\n"
msgstr "zu viele Verschlüsselungeinstellungen\n"
#: g10/keygen.c:277
msgid "too many digest preferences\n"
msgstr "zu viele Hashvoreinstellungen\n"
#: g10/keygen.c:279
msgid "too many compression preferences\n"
msgstr "zu viele Komprimierungsvoreinstellungen\n"
#: g10/keygen.c:404
#, c-format
msgid "invalid item `%s' in preference string\n"
msgstr "Ungültiges Feld `%s' in der Voreinstellungszeichenkette\n"
#: g10/keygen.c:884
msgid "writing direct signature\n"
msgstr "Die \"Direct Key Signature\" wird geschrieben\n"
#: g10/keygen.c:926
msgid "writing self signature\n"
msgstr "Die Eigenbeglaubigung wird geschrieben\n"
#: g10/keygen.c:983
msgid "writing key binding signature\n"
msgstr "Schreiben der \"key-binding\" Signatur\n"
#: g10/keygen.c:1151 g10/keygen.c:1262 g10/keygen.c:1267 g10/keygen.c:1402
#: g10/keygen.c:3016
#, c-format
msgid "keysize invalid; using %u bits\n"
msgstr "Ungültige Schlüssellänge; %u Bit werden verwendet\n"
#: g10/keygen.c:1157 g10/keygen.c:1273 g10/keygen.c:1408 g10/keygen.c:3022
#, c-format
msgid "keysize rounded up to %u bits\n"
msgstr "Schlüssellänge auf %u Bit aufgerundet\n"
#: g10/keygen.c:1299
msgid ""
"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
msgstr ""
"WARNUNG: Einige OpenPGP-Programme können einen DSA-Schlüssel dieser "
"Digestlänge nicht verwenden\n"
#: g10/keygen.c:1519
msgid "Sign"
msgstr "Unterschr."
#: g10/keygen.c:1522
msgid "Certify"
msgstr "Zertif."
#: g10/keygen.c:1525
msgid "Encrypt"
msgstr "Verschl."
#: g10/keygen.c:1528
msgid "Authenticate"
msgstr "Authentisierung"
#: g10/keygen.c:1536
msgid "SsEeAaQq"
msgstr "UuVvAaQq"
#: g10/keygen.c:1555
#, c-format
msgid "Possible actions for a %s key: "
msgstr "Mögliche Vorgänge eines %s-Schlüssels: "
#: g10/keygen.c:1559
msgid "Current allowed actions: "
msgstr "Derzeit erlaubte Vorgänge: "
#: g10/keygen.c:1564
#, c-format
msgid " (%c) Toggle the sign capability\n"
msgstr " (%c) Umschalten der Unterschreibfähigkeit\n"
#: g10/keygen.c:1567
#, c-format
msgid " (%c) Toggle the encrypt capability\n"
msgstr " (%c) Umschalten der Verschlüsselungsfähigkeit\n"
#: g10/keygen.c:1570
#, c-format
msgid " (%c) Toggle the authenticate capability\n"
msgstr " (%c) Umschalten der Authentisierungsfähigkeit\n"
#: g10/keygen.c:1573
#, c-format
msgid " (%c) Finished\n"
msgstr " (%c) Beenden\n"
#: g10/keygen.c:1629
msgid "Please select what kind of key you want:\n"
msgstr "Bitte wählen Sie, welche Art von Schlüssel Sie möchten:\n"
#: g10/keygen.c:1631
#, c-format
msgid " (%d) DSA and Elgamal (default)\n"
msgstr " (%d) DSA und Elgamal (voreingestellt)\n"
#: g10/keygen.c:1632
#, c-format
msgid " (%d) DSA (sign only)\n"
msgstr " (%d) DSA (nur unterschreiben/beglaubigen)\n"
#: g10/keygen.c:1634
#, c-format
msgid " (%d) DSA (set your own capabilities)\n"
msgstr " (%d) DSA (Leistungsfähigkeit selber einstellbar)\n"
#: g10/keygen.c:1636
#, c-format
msgid " (%d) Elgamal (encrypt only)\n"
msgstr " (%d) Elgamal (nur verschlüsseln)\n"
#: g10/keygen.c:1637
#, c-format
msgid " (%d) RSA (sign only)\n"
msgstr " (%d) RSA (nur signieren/beglaubigen)\n"
#: g10/keygen.c:1639
#, c-format
msgid " (%d) RSA (encrypt only)\n"
msgstr " (%d) RSA (nur verschlüsseln)\n"
#: g10/keygen.c:1641
#, c-format
msgid " (%d) RSA (set your own capabilities)\n"
msgstr " (%d) RSA (Leistungsfähigkeit selber einstellbar)\n"
#: g10/keygen.c:1710
#, c-format
msgid "DSA keypair will have %u bits.\n"
msgstr "Das DSA-Schlüsselpaar wird %u Bit haben.\n"
#: g10/keygen.c:1720
#, c-format
msgid "%s keys may be between %u and %u bits long.\n"
msgstr "%s-Schlüssel können zwischen %u und %u Bit lang sein.\n"
#: g10/keygen.c:1727
#, c-format
msgid "What keysize do you want? (%u) "
msgstr "Welche Schlüssellänge wünschen Sie? (%u) "
#: g10/keygen.c:1741
#, c-format
msgid "%s keysizes must be in the range %u-%u\n"
msgstr "%s-Schlüssellängen müssen im Bereich %u-%u sein\n"
#: g10/keygen.c:1747
#, c-format
msgid "Requested keysize is %u bits\n"
msgstr "Die verlangte Schlüssellänge beträgt %u Bit\n"
#: g10/keygen.c:1752 g10/keygen.c:1757
#, c-format
msgid "rounded up to %u bits\n"
msgstr "aufgerundet auf %u Bit\n"
#: g10/keygen.c:1826
msgid ""
"Please specify how long the key should be valid.\n"
" 0 = key does not expire\n"
" <n> = key expires in n days\n"
" <n>w = key expires in n weeks\n"
" <n>m = key expires in n months\n"
" <n>y = key expires in n years\n"
msgstr ""
"Bitte wählen Sie, wie lange der Schlüssel gültig bleiben soll.\n"
" 0 = Schlüssel verfällt nie\n"
" <n> = Schlüssel verfällt nach n Tagen\n"
" <n>w = Schlüssel verfällt nach n Wochen\n"
" <n>m = Schlüssel verfällt nach n Monaten\n"
" <n>y = Schlüssel verfällt nach n Jahren\n"
#: g10/keygen.c:1837
msgid ""
"Please specify how long the signature should be valid.\n"
" 0 = signature does not expire\n"
" <n> = signature expires in n days\n"
" <n>w = signature expires in n weeks\n"
" <n>m = signature expires in n months\n"
" <n>y = signature expires in n years\n"
msgstr ""
"Bitte wählen Sie, wie lange die Beglaubigung gültig bleiben soll.\n"
" 0 = Schlüssel verfällt nie\n"
" <n> = Schlüssel verfällt nach n Tagen\n"
" <n>w = Schlüssel verfällt nach n Wochen\n"
" <n>m = Schlüssel verfällt nach n Monaten\n"
" <n>y = Schlüssel verfällt nach n Jahren\n"
#: g10/keygen.c:1860
msgid "Key is valid for? (0) "
msgstr "Wie lange bleibt der Schlüssel gültig? (0) "
#: g10/keygen.c:1865
#, c-format
msgid "Signature is valid for? (%s) "
msgstr "Wie lange bleibt die Beglaubigung gültig? (%s) "
#: g10/keygen.c:1883
msgid "invalid value\n"
msgstr "Ungültiger Wert.\n"
#: g10/keygen.c:1890
msgid "Key does not expire at all\n"
msgstr "Schlüssel verfällt nie\n"
#: g10/keygen.c:1891
msgid "Signature does not expire at all\n"
msgstr "Signature verfällt nie\n"
#: g10/keygen.c:1896
#, c-format
msgid "Key expires at %s\n"
msgstr "Key verfällt am %s\n"
#: g10/keygen.c:1897
#, c-format
msgid "Signature expires at %s\n"
msgstr "Unterschrift verfällt am %s\n"
#: g10/keygen.c:1901
msgid ""
"Your system can't display dates beyond 2038.\n"
"However, it will be correctly handled up to 2106.\n"
msgstr ""
"Ihr Rechner kann Daten jenseits des Jahres 2038 nicht anzeigen.\n"
"Trotzdem werden Daten bis 2106 korrekt verarbeitet.\n"
#: g10/keygen.c:1908
msgid "Is this correct? (y/N) "
msgstr "Ist dies richtig? (j/N) "
#: g10/keygen.c:1931
msgid ""
"\n"
"You need a user ID to identify your key; the software constructs the user "
"ID\n"
"from the Real Name, Comment and Email Address in this form:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
"\n"
msgstr ""
"\n"
"Sie benötigen eine User-ID, um Ihren Schlüssel eindeutig zu machen; das\n"
"Programm baut diese User-ID aus Ihrem echten Namen, einem Kommentar und\n"
"Ihrer Email-Adresse in dieser Form auf:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
"\n"
#: g10/keygen.c:1944
msgid "Real name: "
msgstr "Ihr Name (\"Vorname Nachname\"): "
#: g10/keygen.c:1952
msgid "Invalid character in name\n"
msgstr "Ungültiges Zeichen im Namen\n"
#: g10/keygen.c:1954
msgid "Name may not start with a digit\n"
msgstr "Der Name darf nicht mit einer Ziffer beginnen.\n"
#: g10/keygen.c:1956
msgid "Name must be at least 5 characters long\n"
msgstr "Der Name muß min. 5 Zeichen lang sein.\n"
#: g10/keygen.c:1964
msgid "Email address: "
msgstr "Email-Adresse: "
#: g10/keygen.c:1970
msgid "Not a valid email address\n"
msgstr "Diese Email-Adresse ist ungültig\n"
#: g10/keygen.c:1978
msgid "Comment: "
msgstr "Kommentar: "
#: g10/keygen.c:1984
msgid "Invalid character in comment\n"
msgstr "Ungültiges Zeichen im Kommentar.\n"
#: g10/keygen.c:2006
#, c-format
msgid "You are using the `%s' character set.\n"
msgstr "Sie benutzen den Zeichensatz `%s'\n"
#: g10/keygen.c:2012
#, c-format
msgid ""
"You selected this USER-ID:\n"
" \"%s\"\n"
"\n"
msgstr ""
"Sie haben diese User-ID gewählt:\n"
" \"%s\"\n"
"\n"
#: g10/keygen.c:2017
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Bitte keine Emailadressen als Namen oder Kommentar verwenden\n"
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
#. letter changed to match the one in the answer string.
#.
#. n = Change name
#. c = Change comment
#. e = Change email
#. o = Okay (ready, continue)
#. q = Quit
#.
#: g10/keygen.c:2033
msgid "NnCcEeOoQq"
msgstr "NnKkEeFfBb"
#: g10/keygen.c:2043
msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
msgstr "Ändern: (N)ame, (K)ommentar, (E)-Mail oder (B)eenden? "
#: g10/keygen.c:2044
msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
msgstr "Ändern: (N)ame, (K)ommentar, (E)-Mail oder (F)ertig/(B)eenden? "
#: g10/keygen.c:2063
msgid "Please correct the error first\n"
msgstr "Bitte beseitigen Sie zuerst den Fehler\n"
#: g10/keygen.c:2102
msgid ""
"You need a Passphrase to protect your secret key.\n"
"\n"
msgstr ""
"Sie benötigen eine Passphrase, um den geheimen Schlüssel zu schützen.\n"
"\n"
#: g10/keygen.c:2117
#, c-format
msgid "%s.\n"
msgstr "%s.\n"
#: g10/keygen.c:2123
msgid ""
"You don't want a passphrase - this is probably a *bad* idea!\n"
"I will do it anyway. You can change your passphrase at any time,\n"
"using this program with the option \"--edit-key\".\n"
"\n"
msgstr ""
"Sie möchten keine Passphrase - Dies ist *nicht* zu empfehlen!\n"
"Es ist trotzdem möglich. Sie können Ihre Passphrase jederzeit\n"
"ändern, indem sie dieses Programm mit dem Befehl \"--edit-key\"\n"
"aufrufen.\n"
"\n"
#: g10/keygen.c:2147
msgid ""
"We need to generate a lot of random bytes. It is a good idea to perform\n"
"some other action (type on the keyboard, move the mouse, utilize the\n"
"disks) during the prime generation; this gives the random number\n"
"generator a better chance to gain enough entropy.\n"
msgstr ""
"Wir müssen eine ganze Menge Zufallswerte erzeugen. Sie können dies\n"
"unterstützen, indem Sie z.B. in einem anderen Fenster/Konsole irgendetwas\n"
"tippen, die Maus verwenden oder irgendwelche anderen Programme benutzen.\n"
#: g10/keygen.c:2956 g10/keygen.c:2983
msgid "Key generation canceled.\n"
msgstr "Schlüsselerzeugung abgebrochen.\n"
#: g10/keygen.c:3188 g10/keygen.c:3355
#, c-format
msgid "writing public key to `%s'\n"
msgstr "schreiben des öffentlichen Schlüssels nach '%s'\n"
#: g10/keygen.c:3190 g10/keygen.c:3358
#, c-format
msgid "writing secret key stub to `%s'\n"
msgstr "schreiben des geheimen Schlüssel-\"stub\"s nach `%s'\n"
#: g10/keygen.c:3193 g10/keygen.c:3361
#, c-format
msgid "writing secret key to `%s'\n"
msgstr "schreiben des geheimen Schlüssels nach '%s'\n"
#: g10/keygen.c:3342
#, c-format
msgid "no writable public keyring found: %s\n"
msgstr "kein schreibbarer öffentlicher Schlüsselbund gefunden: %s\n"
#: g10/keygen.c:3349
#, c-format
msgid "no writable secret keyring found: %s\n"
msgstr "kein schreibbarer geheimer Schlüsselbund gefunden: %s\n"
#: g10/keygen.c:3369
#, c-format
msgid "error writing public keyring `%s': %s\n"
msgstr "Fehler beim Schreiben des öff. Schlüsselbundes `%s': %s\n"
#: g10/keygen.c:3377
#, c-format
msgid "error writing secret keyring `%s': %s\n"
msgstr "Fehler beim Schreiben des geheimen Schlüsselbundes `%s': %s\n"
#: g10/keygen.c:3404
msgid "public and secret key created and signed.\n"
msgstr "Öffentlichen und geheimen Schlüssel erzeugt und signiert.\n"
#: g10/keygen.c:3415
msgid ""
"Note that this key cannot be used for encryption. You may want to use\n"
"the command \"--edit-key\" to generate a subkey for this purpose.\n"
msgstr ""
"Bitte beachten Sie, daß dieser Schlüssel nicht zum Verschlüsseln benutzt\n"
"werden kann. Sie können aber mit dem Befehl \"--edit-key\" einen\n"
"Unterschlüssel für diesem Zweck erzeugen.\n"
#: g10/keygen.c:3428 g10/keygen.c:3573 g10/keygen.c:3694
#, c-format
msgid "Key generation failed: %s\n"
msgstr "Schlüsselerzeugung fehlgeschlagen: %s\n"
#: g10/keygen.c:3483 g10/keygen.c:3624 g10/sign.c:241
#, c-format
msgid ""
"key has been created %lu second in future (time warp or clock problem)\n"
msgstr ""
"Der Schlüssel wurde %lu Sekunde in der Zukunft erzeugt (Zeitreise oder Uhren "
"stimmen nicht überein)\n"
#: g10/keygen.c:3485 g10/keygen.c:3626 g10/sign.c:243
#, c-format
msgid ""
"key has been created %lu seconds in future (time warp or clock problem)\n"
msgstr ""
"Der Schlüssel wurde %lu Sekunden in der Zukunft erzeugt (Zeitreise oder "
"Uhren stimmen nicht überein)\n"
#: g10/keygen.c:3496 g10/keygen.c:3637
msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
msgstr "HINWEIS: Unterschlüssel für v3-Schlüssen sind nicht OpenPGP-konform\n"
#: g10/keygen.c:3537 g10/keygen.c:3670
msgid "Really create? (y/N) "
msgstr "Wirklich erzeugen? (j/N) "
#: g10/keygen.c:3843
#, c-format
msgid "storing key onto card failed: %s\n"
msgstr "Speicher des Schlüssels auf der Karte schlug fehl: %s\n"
#: g10/keygen.c:3891
#, c-format
msgid "can't create backup file `%s': %s\n"
msgstr "Sicherungsdatei '%s' kann nicht erzeugt werden: %s\n"
#: g10/keygen.c:3917
#, c-format
msgid "NOTE: backup of card key saved to `%s'\n"
msgstr "Hinweis: Sicherung des Kartenschlüssels wurde auf `%s' gespeichert\n"
#: g10/keyid.c:538 g10/keyid.c:550 g10/keyid.c:562 g10/keyid.c:574
msgid "never "
msgstr "niemals "
#: g10/keylist.c:263
msgid "Critical signature policy: "
msgstr "Entscheidende Beglaubigungsrichtlinie: "
#: g10/keylist.c:265
msgid "Signature policy: "
msgstr "Beglaubigungsrichtlinie: "
#: g10/keylist.c:304
msgid "Critical preferred keyserver: "
msgstr "Entscheidender bevorzugter Schlüsselserver"
#: g10/keylist.c:357
msgid "Critical signature notation: "
msgstr "Entscheidender Beglaubigungs-\"Notation\": "
#: g10/keylist.c:359
msgid "Signature notation: "
msgstr "Beglaubigungs-\"Notation\": "
#: g10/keylist.c:469
msgid "Keyring"
msgstr "Schlüsselbund"
#: g10/keylist.c:1504
msgid "Primary key fingerprint:"
msgstr "Haupt-Fingerabdruck ="
#: g10/keylist.c:1506
msgid " Subkey fingerprint:"
msgstr "Unter-Fingerabdruck ="
#. TRANSLATORS: this should fit into 24 bytes to that the
#. * fingerprint data is properly aligned with the user ID
#: g10/keylist.c:1513
msgid " Primary key fingerprint:"
msgstr " Haupt-Fingerabdruck ="
#: g10/keylist.c:1515
msgid " Subkey fingerprint:"
msgstr " Unter-Fingerabdruck ="
#: g10/keylist.c:1519 g10/keylist.c:1523
msgid " Key fingerprint ="
msgstr " Schl.-Fingerabdruck ="
#: g10/keylist.c:1590
msgid " Card serial no. ="
msgstr " Kartenseriennr. ="
#: g10/keyring.c:1249
#, c-format
msgid "renaming `%s' to `%s' failed: %s\n"
msgstr "umbenennen von `%s' nach `%s' schlug fehl: %s\n"
#: g10/keyring.c:1254
msgid "WARNING: 2 files with confidential information exists.\n"
msgstr "Warnung: Zwei Dateien mit vertraulichem Inhalt vorhanden.\n"
#: g10/keyring.c:1256
#, c-format
msgid "%s is the unchanged one\n"
msgstr "%s ist der Unveränderte\n"
#: g10/keyring.c:1257
#, c-format
msgid "%s is the new one\n"
msgstr "%s ist der Neue\n"
#: g10/keyring.c:1258
msgid "Please fix this possible security flaw\n"
msgstr "Bitte diesen potentiellen Sicherheitsmangel beseitigen\n"
#: g10/keyring.c:1380
#, c-format
msgid "caching keyring `%s'\n"
msgstr "Puffern des Schlüsselbundes `%s'\n"
#: g10/keyring.c:1426
#, c-format
msgid "%lu keys cached so far (%lu signatures)\n"
msgstr "%lu Schlüssel bislang gepuffert (%lu Beglaubigungen)\n"
#: g10/keyring.c:1438
#, c-format
msgid "%lu keys cached (%lu signatures)\n"
msgstr "%lu Schlüssel gepuffert (%lu Beglaubigungen)\n"
#: g10/keyring.c:1510
#, c-format
msgid "%s: keyring created\n"
msgstr "%s: Schlüsselbund erstellt\n"
#: g10/keyserver.c:71
msgid "include revoked keys in search results"
msgstr "Widerrufene Schlüssel in den Suchergebnissen aufführen"
#: g10/keyserver.c:72
msgid "include subkeys when searching by key ID"
msgstr "Unterschlüssel in der Suche über Schlüssel-IDs aufführen"
#: g10/keyserver.c:74
msgid "use temporary files to pass data to keyserver helpers"
msgstr ""
"verwende temporäre Dateien, um Daten an die Schlüsselserverhilfsprogramme zu "
"geben"
#: g10/keyserver.c:76
msgid "do not delete temporary files after using them"
msgstr "Temporäre Dateien nach Nutzung nicht löschen"
#: g10/keyserver.c:80
msgid "automatically retrieve keys when verifying signatures"
msgstr "Schlüssel für die Unterschriftenprüfung automatisch holen"
#: g10/keyserver.c:82
msgid "honor the preferred keyserver URL set on the key"
msgstr ""
"Die im Schlüssel enthaltene bevorzugte URL für Schlüsselserver beachten"
#: g10/keyserver.c:84
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "Die im Schlüssel enthaltenen PKA-Daten beim Schlüsselholen beachten"
#: g10/keyserver.c:150
#, c-format
msgid "WARNING: keyserver option `%s' is not used on this platform\n"
msgstr ""
"WARNUNG: Schlüsselserver-Option `%s' wird auf dieser Plattform nicht "
"verwendet\n"
#: g10/keyserver.c:533
msgid "disabled"
msgstr "abgeschaltet"
#: g10/keyserver.c:734
msgid "Enter number(s), N)ext, or Q)uit > "
msgstr "Eingabe von Nummern, Nächste (N) oder Abbrechen (Q) > "
#: g10/keyserver.c:818 g10/keyserver.c:1440
#, c-format
msgid "invalid keyserver protocol (us %d!=handler %d)\n"
msgstr "Ungültiges Schlüsselserverprotokoll (wir %d!=Handhabungsroutine %d)\n"
#: g10/keyserver.c:916
#, c-format
msgid "key \"%s\" not found on keyserver\n"
msgstr "Schlüssel \"%s\" wurde auf dem Schlüsselserver nicht gefunden\n"
#: g10/keyserver.c:918
msgid "key not found on keyserver\n"
msgstr "Schlüssel wurde auf dem Schlüsselserver nicht gefunden\n"
#: g10/keyserver.c:1159
#, c-format
msgid "requesting key %s from %s server %s\n"
msgstr "fordere Schlüssel %s von %s-Server %s an\n"
#: g10/keyserver.c:1163
#, c-format
msgid "requesting key %s from %s\n"
msgstr "fordere Schlüssel %s von %s an\n"
#: g10/keyserver.c:1187
#, c-format
msgid "searching for names from %s server %s\n"
msgstr "suche Namen auf %s-Server %s\n"
#: g10/keyserver.c:1190
#, c-format
msgid "searching for names from %s\n"
msgstr "suche Namen auf %s\n"
#: g10/keyserver.c:1343
#, c-format
msgid "sending key %s to %s server %s\n"
msgstr "sende Schlüssel %s auf den %s-Server %s\n"
#: g10/keyserver.c:1347
#, c-format
msgid "sending key %s to %s\n"
msgstr "sende Schlüssel %s auf %s\n"
#: g10/keyserver.c:1390
#, c-format
msgid "searching for \"%s\" from %s server %s\n"
msgstr "suche nach \"%s\" auf %s-Server %s\n"
#: g10/keyserver.c:1393
#, c-format
msgid "searching for \"%s\" from %s\n"
msgstr "suche nach \"%s\" auf %s\n"
#: g10/keyserver.c:1400 g10/keyserver.c:1496
msgid "no keyserver action!\n"
msgstr "Kein Schlüsselserver-Vorgang\n"
#: g10/keyserver.c:1448
#, c-format
msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
msgstr ""
"WARNUNG: Die Schlüsselserver-Handhabungsroutine stammt von einer anderen "
"GnuPG-Version (%s)\n"
#: g10/keyserver.c:1457
msgid "keyserver did not send VERSION\n"
msgstr "Schlüsselserver sendete VERSION nicht\n"
#: g10/keyserver.c:1519 g10/keyserver.c:2047
msgid "no keyserver known (use option --keyserver)\n"
msgstr "Kein Schlüsselserver bekannt (Option --keyserver verwenden)\n"
#: g10/keyserver.c:1525
msgid "external keyserver calls are not supported in this build\n"
msgstr ""
"Externe Schlüsselserveraufrufe werden in diesem \"Build\" nicht unterstützt\n"
#: g10/keyserver.c:1537
#, c-format
msgid "no handler for keyserver scheme `%s'\n"
msgstr "Keine Handhabungsroutine für Schlüsselserverschema `%s'\n"
#: g10/keyserver.c:1542
#, c-format
msgid "action `%s' not supported with keyserver scheme `%s'\n"
msgstr "Vorgang `%s' wird vom Schlüsselserverschema `%s' nicht unterstützt\n"
#: g10/keyserver.c:1550
#, c-format
msgid "%s does not support handler version %d\n"
msgstr "%s unterstützt Hilfsroutinenversion %d nicht\n"
#: g10/keyserver.c:1557
msgid "keyserver timed out\n"
msgstr "Schlüsselserver-Zeitüberschreitung\n"
#: g10/keyserver.c:1562
msgid "keyserver internal error\n"
msgstr "interner Fehler Schlüsselserver\n"
#: g10/keyserver.c:1571
#, c-format
msgid "keyserver communications error: %s\n"
msgstr "Schlüsselserver-Datenübertragunsfehler: %s\n"
#: g10/keyserver.c:1596 g10/keyserver.c:1630
#, c-format
msgid "\"%s\" not a key ID: skipping\n"
msgstr "\"%s\" ist keine Schlüssel-ID: überspringe\n"
#: g10/keyserver.c:1889
#, c-format
msgid "WARNING: unable to refresh key %s via %s: %s\n"
msgstr "WARNUNG: Schlüssel %s kann per %s nicht aktualisiert werden: %s\n"
#: g10/keyserver.c:1911
#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "ein Schlüssel wird per %s aktualisiert\n"
#: g10/keyserver.c:1913
#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "%d Schlüssel werden per %s aktualisiert\n"
#: g10/keyserver.c:1969
#, c-format
msgid "WARNING: unable to fetch URI %s: %s\n"
msgstr "WARNUNG: die URI %s kann nicht geholt werden: %s\n"
#: g10/keyserver.c:1975
#, c-format
msgid "WARNING: unable to parse URI %s\n"
msgstr "WARNUNG: die URI %s kann nicht analysiert werden\n"
#: g10/mainproc.c:231
#, c-format
msgid "weird size for an encrypted session key (%d)\n"
msgstr "Seltsame Länge für einen verschlüsselten Sitzungsschlüssel (%d)\n"
#: g10/mainproc.c:284
#, c-format
msgid "%s encrypted session key\n"
msgstr "%s verschlüsselter Sitzungsschlüssel\n"
#: g10/mainproc.c:294
#, c-format
msgid "passphrase generated with unknown digest algorithm %d\n"
msgstr "Passphrase wurde mit unbekanntem Hashverfahren %d erstellt\n"
#: g10/mainproc.c:360
#, c-format
msgid "public key is %s\n"
msgstr "Öffentlicher Schlüssel ist %s\n"
#: g10/mainproc.c:417
msgid "public key encrypted data: good DEK\n"
msgstr "Mit öffentlichem Schlüssel verschlüsselte Daten: Korrekte DEK\n"
#: g10/mainproc.c:450
#, c-format
msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
msgstr "verschlüsselt mit %u-Bit %s Schlüssel, ID %s, erzeugt %s\n"
#: g10/mainproc.c:454 g10/pkclist.c:217
#, c-format
msgid " \"%s\"\n"
msgstr " \"%s\"\n"
# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
# [kw]
#: g10/mainproc.c:458
#, c-format
msgid "encrypted with %s key, ID %s\n"
msgstr "verschlüsselt mit %s Schlüssel, ID %s\n"
#: g10/mainproc.c:472
#, c-format
msgid "public key decryption failed: %s\n"
msgstr "Entschlüsselung mit Public-Key-Verfahren fehlgeschlagen: %s\n"
#: g10/mainproc.c:486
#, c-format
msgid "encrypted with %lu passphrases\n"
msgstr "Verschlüsselt mit %lu Passphrases\n"
#: g10/mainproc.c:488
msgid "encrypted with 1 passphrase\n"
msgstr "Verschlüsselt mit einer Passphrase\n"
#: g10/mainproc.c:520 g10/mainproc.c:542
#, c-format
msgid "assuming %s encrypted data\n"
msgstr "vermutlich %s-verschlüsselte Daten\n"
#: g10/mainproc.c:528
#, c-format
msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
msgstr "IDEA-Verschlüsselung nicht verfügbar; versucht wird stattdessen %s\n"
#: g10/mainproc.c:561
msgid "decryption okay\n"
msgstr "Entschlüsselung erfolgreich\n"
#: g10/mainproc.c:565
msgid "WARNING: message was not integrity protected\n"
msgstr ""
"WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected)\n"
#: g10/mainproc.c:578
msgid "WARNING: encrypted message has been manipulated!\n"
msgstr "Warnung: Verschlüsselte Botschaft ist manipuliert worden!\n"
#: g10/mainproc.c:584
#, c-format
msgid "decryption failed: %s\n"
msgstr "Entschlüsselung fehlgeschlagen: %s\n"
#: g10/mainproc.c:605
msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
msgstr ""
"Hinweis: Der Absender verlangte Vertraulichkeit(\"for-your-eyes-only\")\n"
#: g10/mainproc.c:607
#, c-format
msgid "original file name='%.*s'\n"
msgstr "Ursprünglicher Dateiname='%.*s'\n"
#: g10/mainproc.c:695
msgid "WARNING: multiple plaintexts seen\n"
msgstr "WARNUNG: Mehr als ein Klartext erkannt\n"
#: g10/mainproc.c:836
msgid "standalone revocation - use \"gpg --import\" to apply\n"
msgstr ""
"Einzelner Widerruf - verwenden Sie \"gpg --import\" um ihn anzuwenden\n"
#: g10/mainproc.c:1189 g10/mainproc.c:1226
msgid "no signature found\n"
msgstr "Keine Unterschrift gefunden\n"
#: g10/mainproc.c:1464
msgid "signature verification suppressed\n"
msgstr "Unterschriften-Überprüfung unterdrückt\n"
#: g10/mainproc.c:1573
msgid "can't handle this ambiguous signature data\n"
msgstr "diese mehrdeutige Unterschriftdaten können nicht bearbeitet werden\n"
#: g10/mainproc.c:1584
#, c-format
msgid "Signature made %s\n"
msgstr "Unterschrift vom %s\n"
#: g10/mainproc.c:1585
#, c-format
msgid " using %s key %s\n"
msgstr " mittels %s-Schlüssel %s\n"
# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
#: g10/mainproc.c:1589
#, c-format
msgid "Signature made %s using %s key ID %s\n"
msgstr "Unterschrift vom %s mittels %s-Schlüssel ID %s\n"
#: g10/mainproc.c:1609
msgid "Key available at: "
msgstr "Schlüssel erhältlich bei: "
#: g10/mainproc.c:1742 g10/mainproc.c:1790
#, c-format
msgid "BAD signature from \"%s\""
msgstr "FALSCHE Unterschrift von \"%s\""
#: g10/mainproc.c:1744 g10/mainproc.c:1792
#, c-format
msgid "Expired signature from \"%s\""
msgstr "Verfallene Unterschrift von \"%s\""
#: g10/mainproc.c:1746 g10/mainproc.c:1794
#, c-format
msgid "Good signature from \"%s\""
msgstr "Korrekte Unterschrift von \"%s\""
#: g10/mainproc.c:1796
msgid "[uncertain]"
msgstr "[ungewiß] "
#: g10/mainproc.c:1828
#, c-format
msgid " aka \"%s\""
msgstr " alias \"%s\""
#: g10/mainproc.c:1926
#, c-format
msgid "Signature expired %s\n"
msgstr "Diese Unterschrift ist seit %s verfallen.\n"
#: g10/mainproc.c:1931
#, c-format
msgid "Signature expires %s\n"
msgstr "Diese Unterschrift verfällt am %s.\n"
#: g10/mainproc.c:1934
#, c-format
msgid "%s signature, digest algorithm %s\n"
msgstr "%s Unterschrift, Hashmethode \"%s\"\n"
#: g10/mainproc.c:1935
msgid "binary"
msgstr "Binäre"
#: g10/mainproc.c:1936
msgid "textmode"
msgstr "Textmodus"
#: g10/mainproc.c:1936 g10/trustdb.c:525
msgid "unknown"
msgstr "unbekannt"
#: g10/mainproc.c:1956
#, c-format
msgid "Can't check signature: %s\n"
msgstr "Unterschrift kann nicht geprüft werden: %s\n"
#: g10/mainproc.c:2040 g10/mainproc.c:2056 g10/mainproc.c:2152
msgid "not a detached signature\n"
msgstr "keine abgetrennte Unterschrift\n"
#: g10/mainproc.c:2083
msgid ""
"WARNING: multiple signatures detected. Only the first will be checked.\n"
msgstr ""
"WARNUNG: Mehrfache Signaturen erkannt. Es wird nur die erste geprüft.\n"
#: g10/mainproc.c:2091
#, c-format
msgid "standalone signature of class 0x%02x\n"
msgstr "Einzelne Unterschrift der Klasse 0x%02x\n"
#: g10/mainproc.c:2156
msgid "old style (PGP 2.x) signature\n"
msgstr "Unterschrift nach alter (PGP 2.x) Art\n"
#: g10/mainproc.c:2166
msgid "invalid root packet detected in proc_tree()\n"
msgstr "ungültiges root-Paket in proc_tree() entdeckt\n"
#: g10/misc.c:109 g10/misc.c:137 g10/misc.c:209
#, c-format
msgid "fstat of `%s' failed in %s: %s\n"
msgstr "fstat von `%s' schlug fehl in %s: %s\n"
#: g10/misc.c:174
#, c-format
msgid "fstat(%d) failed in %s: %s\n"
msgstr "fstat(%d) schlug fehl in %s: %s\n"
#: g10/misc.c:288
#, c-format
msgid "WARNING: using experimental public key algorithm %s\n"
msgstr "WARNUNG: Verwendung des experimentellen Public-Key-Verfahrens %s\n"
#: g10/misc.c:303
#, c-format
msgid "WARNING: using experimental cipher algorithm %s\n"
msgstr "WARNING: Verwendung des experimentellen Verschlüsselungsverfahren %s\n"
#: g10/misc.c:318
#, c-format
msgid "WARNING: using experimental digest algorithm %s\n"
msgstr "WARNUNG: Verwendung des experimentellen Hashverfahrens %s\n"
#: g10/misc.c:323
#, c-format
msgid "WARNING: digest algorithm %s is deprecated\n"
msgstr "WARNUNG: Die Verwendung des Hashverfahrens %s ist nicht ratsam\n"
#: g10/misc.c:416
msgid "the IDEA cipher plugin is not present\n"
msgstr "das IDEA-Verschlüsselungs-Plugin ist nicht vorhanden\n"
#: g10/misc.c:417 g10/sig-check.c:107 jnlib/utf8conv.c:88
#, c-format
msgid "please see %s for more information\n"
msgstr "Siehe %s für weitere Infos\n"
#: g10/misc.c:652
#, c-format
msgid "%s:%d: deprecated option \"%s\"\n"
msgstr "%s:%d: mißbilligte Option \"%s\".\n"
#: g10/misc.c:656
#, c-format
msgid "WARNING: \"%s\" is a deprecated option\n"
msgstr "WARNUNG: \"%s\" ist eine mißbilligte Option.\n"
#: g10/misc.c:658
#, c-format
msgid "please use \"%s%s\" instead\n"
msgstr "Bitte benutzen Sie stattdessen \"%s%s\".\n"
#: g10/misc.c:665
#, c-format
msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
msgstr ""
"WARNUNG: \"%s\" ist ein nicht ratsamer Befehl - verwenden Sie ihn nicht.\n"
#: g10/misc.c:675
#, c-format
msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
msgstr "%s:%u: Die Option \"%s\" is veraltet - sie hat keine Wirkung\n"
#: g10/misc.c:678
#, c-format
msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
msgstr "WARNUNG: \"%s\" ist eine veraltete Option - sie hat keine Wirkung.\n"
#: g10/misc.c:739
msgid "Uncompressed"
msgstr "nicht komprimiert"
#. TRANSLATORS: See doc/TRANSLATE about this string.
#: g10/misc.c:764
msgid "uncompressed|none"
msgstr "unkomprimiert|kein|keine"
#: g10/misc.c:891
#, c-format
msgid "this message may not be usable by %s\n"
msgstr "Diese Botschaft könnte für %s unbrauchbar sein\n"
#: g10/misc.c:1066
#, c-format
msgid "ambiguous option `%s'\n"
msgstr "Mehrdeutige Option '%s'\n"
#: g10/misc.c:1091
#, c-format
msgid "unknown option `%s'\n"
msgstr "Unbekannte Option '%s'\n"
#: g10/openfile.c:89
#, c-format
msgid "File `%s' exists. "
msgstr "Datei '%s' existiert bereits. "
#: g10/openfile.c:93
msgid "Overwrite? (y/N) "
msgstr "Überschreiben (j/N)? "
#: g10/openfile.c:126
#, c-format
msgid "%s: unknown suffix\n"
msgstr "%s: unbekannte Dateinamenerweiterung\n"
#: g10/openfile.c:150
msgid "Enter new filename"
msgstr "Neuen Dateinamen eingeben"
#: g10/openfile.c:195
msgid "writing to stdout\n"
msgstr "Schreiben auf die Standardausgabe\n"
#: g10/openfile.c:316
#, c-format
msgid "assuming signed data in `%s'\n"
msgstr "die unterzeichneten Daten sind wohl in '%s'\n"
#: g10/openfile.c:395
#, c-format
msgid "new configuration file `%s' created\n"
msgstr "Neue Konfigurationsdatei `%s' erstellt\n"
#: g10/openfile.c:397
#, c-format
msgid "WARNING: options in `%s' are not yet active during this run\n"
msgstr ""
"WARNUNG: Optionen in `%s' sind während dieses Laufes noch nicht wirksam\n"
#: g10/parse-packet.c:191
#, c-format
msgid "can't handle public key algorithm %d\n"
msgstr "dieses Public-Key Verfahren %d kann nicht benutzt werden\n"
#: g10/parse-packet.c:796
msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
msgstr ""
"WARNUNG: Möglicherweise unsicherer symmetrisch verschlüsselter "
"Sitzungsschlüssel\n"
#: g10/parse-packet.c:1247
#, c-format
msgid "subpacket of type %d has critical bit set\n"
msgstr "Im Unterpaket des Typs %d ist das \"critical bit\" gesetzt\n"
#: g10/passphrase.c:295 g10/passphrase.c:581
#, c-format
msgid " (main key ID %s)"
msgstr " (Hauptschlüssel-ID %s)"
#: g10/passphrase.c:309
#, c-format
msgid ""
"You need a passphrase to unlock the secret key for user:\n"
"\"%.*s\"\n"
"%u-bit %s key, ID %s, created %s%s\n"
msgstr ""
"Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.\n"
"Benutzer: \"%.*s\"\n"
"%u-bit %s Schlüssel, ID %s, erzeugt %s%s\n"
#: g10/passphrase.c:334
msgid "Repeat passphrase\n"
msgstr "Geben Sie die Passphrase nochmal ein\n"
#: g10/passphrase.c:336
msgid "Enter passphrase\n"
msgstr "Geben Sie die Passphrase ein\n"
#: g10/passphrase.c:363
msgid "cancelled by user\n"
msgstr "Abbruch durch Benutzer\n"
#: g10/passphrase.c:369 g10/passphrase.c:428
#, c-format
msgid "problem with the agent: %s\n"
msgstr "Problem mit dem Agenten: %s\n"
#: g10/passphrase.c:560
#, c-format
msgid ""
"You need a passphrase to unlock the secret key for\n"
"user: \"%s\"\n"
msgstr ""
"Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.\n"
"Benutzer: \"%s\"\n"
#: g10/passphrase.c:568
#, c-format
msgid "%u-bit %s key, ID %s, created %s"
msgstr "%u-Bit %s Schlüssel, ID %s, erzeugt %s"
#: g10/passphrase.c:577
#, c-format
msgid " (subkey on main key ID %s)"
msgstr " (Unterschlüssel aus Hauptschlüssel-ID %s)"
# translated by wk
#: g10/photoid.c:72
msgid ""
"\n"
"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
"Remember that the image is stored within your public key. If you use a\n"
"very large picture, your key will become very large as well!\n"
"Keeping the image close to 240x288 is a good size to use.\n"
msgstr ""
"\n"
"Wählen Sie ein Bild für Ihre Foto-ID aus. Das Bild muß eine JPEG-Datei\n"
"sein. Bitte beachten Sie, daß das Bild in Ihrem öffentlichen\n"
"Schlüssel gespeichert wird. Wenn Sie ein sehr großes Bild benutzen,\n"
"wir Ihr Schlüssel leider auch sehr groß werden. Ein Bild der GröÂße\n"
"240x288 Pixel ist eine gute Wahl.\n"
#: g10/photoid.c:94
msgid "Enter JPEG filename for photo ID: "
msgstr "Dateiname mit JPEG für die Foto-ID eingeben: "
#: g10/photoid.c:115
#, c-format
msgid "unable to open JPEG file `%s': %s\n"
msgstr "JPEG-Datei `%s' kann nicht geöffnet werden: %s\n"
#: g10/photoid.c:126
#, c-format
msgid "This JPEG is really large (%d bytes) !\n"
msgstr "Diese JPEG-Datei ist echt groß (%d Byte)!\n"
#: g10/photoid.c:128
msgid "Are you sure you want to use it? (y/N) "
msgstr "Wollen Sie es wirklich benutzen? (j/N) "
#: g10/photoid.c:145
#, c-format
msgid "`%s' is not a JPEG file\n"
msgstr "`%s' ist keine JPEG-Datei\n"
#: g10/photoid.c:164
msgid "Is this photo correct (y/N/q)? "
msgstr "Ist dieses Bild richtig? (j/N) "
#: g10/photoid.c:368
msgid "unable to display photo ID!\n"
msgstr "Die Foto-ID kann nicht angezeigt werden!\n"
#: g10/pkclist.c:60 g10/revoke.c:623
msgid "No reason specified"
msgstr "Kein Grund angegeben"
#: g10/pkclist.c:62 g10/revoke.c:625
msgid "Key is superseded"
msgstr "Schlüssel ist überholt"
#: g10/pkclist.c:64 g10/revoke.c:624
msgid "Key has been compromised"
msgstr "Hinweis: Dieser Schlüssel ist nicht mehr sicher"
#: g10/pkclist.c:66 g10/revoke.c:626
msgid "Key is no longer used"
msgstr "Schlüssel wird nicht mehr benutzt"
#: g10/pkclist.c:68 g10/revoke.c:627
msgid "User ID is no longer valid"
msgstr "User-ID ist nicht mehr gültig"
#: g10/pkclist.c:72
msgid "reason for revocation: "
msgstr "Grund für Widerruf: "
#: g10/pkclist.c:89
msgid "revocation comment: "
msgstr "Widerruf-Bemerkung: "
#: g10/pkclist.c:204
msgid "iImMqQsS"
msgstr "iImMqQsS"
#: g10/pkclist.c:212
msgid "No trust value assigned to:\n"
msgstr "Es ist kein \"trust value\" zugewiesen für:\n"
#: g10/pkclist.c:244
#, c-format
msgid " aka \"%s\"\n"
msgstr " \"%s\"\n"
#: g10/pkclist.c:254
msgid ""
"How much do you trust that this key actually belongs to the named user?\n"
msgstr ""
"Wie sicher sind Sie, daß dieser Schlüssel wirklich dem angegebenen Besitzer "
"gehört?\n"
#: g10/pkclist.c:269
#, c-format
msgid " %d = I don't know or won't say\n"
msgstr " %d = Weiß nicht so recht\n"
#: g10/pkclist.c:271
#, c-format
msgid " %d = I do NOT trust\n"
msgstr " %d = Nein, ihm traue ich NICHT\n"
#: g10/pkclist.c:277
#, c-format
msgid " %d = I trust ultimately\n"
msgstr " %d = Ich vertraue ihm absolut\n"
#: g10/pkclist.c:283
msgid " m = back to the main menu\n"
msgstr " m = Zurück zum Menü\n"
#: g10/pkclist.c:286
msgid " s = skip this key\n"
msgstr " s = diesen Schlüssel überspringen\n"
#: g10/pkclist.c:287
msgid " q = quit\n"
msgstr " q = verlassen\n"
#: g10/pkclist.c:291
#, c-format
msgid ""
"The minimum trust level for this key is: %s\n"
"\n"
msgstr "Die minimale Trust-Ebene für diesen Schlüssel beträgt: %s\n"
#: g10/pkclist.c:297 g10/revoke.c:652
msgid "Your decision? "
msgstr "Ihre Auswahl? "
#: g10/pkclist.c:318
msgid "Do you really want to set this key to ultimate trust? (y/N) "
msgstr "Wollen Sie diesem Schlüssel wirklich uneingeschränkt vertrauen? (j/N) "
#: g10/pkclist.c:332
msgid "Certificates leading to an ultimately trusted key:\n"
msgstr "Zertifikate führen zu einem letztlich vertrauenswürdigen Schlüssel:\n"
#: g10/pkclist.c:417
#, c-format
msgid "%s: There is no assurance this key belongs to the named user\n"
msgstr ""
"%s: Es gibt keine Garantie, daß dieser Schlüssel wirklich dem angegebenen "
"Besitzer gehört.\n"
#: g10/pkclist.c:422
#, c-format
msgid "%s: There is limited assurance this key belongs to the named user\n"
msgstr ""
"%s: Es gibt nur eine beschränkte Garantie, daß dieser Schlüssel wirklich dem "
"angegebenen Besitzer gehört.\n"
#: g10/pkclist.c:428
msgid "This key probably belongs to the named user\n"
msgstr "Dieser Schlüssel gehört wahrscheinlich dem angegebenen Besitzer\n"
#: g10/pkclist.c:433
msgid "This key belongs to us\n"
msgstr ""
"Dieser Schlüssel gehört uns (da wir nämlich den geheimen Schlüssel dazu "
"haben)\n"
#: g10/pkclist.c:459
msgid ""
"It is NOT certain that the key belongs to the person named\n"
"in the user ID. If you *really* know what you are doing,\n"
"you may answer the next question with yes.\n"
msgstr ""
"Es ist NICHT sicher, daß der Schlüssel zu dem in der User-ID\n"
"Genannten gehört. Wenn Sie *wirklich* wissen, was Sie tun,\n"
"können Sie die nächste Frage mit ja beantworten\n"
#: g10/pkclist.c:478
msgid "Use this key anyway? (y/N) "
msgstr "Diesen Schlüssel trotzdem benutzen? (j/N) "
#: g10/pkclist.c:512
msgid "WARNING: Using untrusted key!\n"
msgstr "WARNUNG: Ein Schlüssel ohne gesichertes Vertrauen wird benutzt!\n"
#: g10/pkclist.c:519
msgid "WARNING: this key might be revoked (revocation key not present)\n"
msgstr ""
"WARNUNG: Dieser schlüssel ist u.U. widerrufen: Widerrufschlüssel ist nicht "
"vorhanden\n"
#: g10/pkclist.c:528
msgid "WARNING: This key has been revoked by its designated revoker!\n"
msgstr ""
"WARNUNG: Dieser Schlüssel wurde vom vorgesehen Widerrufer widerrufen!\n"
#: g10/pkclist.c:531
msgid "WARNING: This key has been revoked by its owner!\n"
msgstr "WARNUNG: Dieser Schlüssel wurde von seinem Besitzer widerrufen!\n"
#: g10/pkclist.c:532
msgid " This could mean that the signature is forged.\n"
msgstr " Das könnte bedeuten, daß die Signatur gefälscht ist.\n"
#: g10/pkclist.c:538
msgid "WARNING: This subkey has been revoked by its owner!\n"
msgstr "WARNUNG: Dieser Unterschlüssel wurde von seinem Besitzer widerrufen!\n"
#: g10/pkclist.c:543
msgid "Note: This key has been disabled.\n"
msgstr "Hinweis: Dieser Schlüssel wurde abgeschaltet.\n"
#: g10/pkclist.c:563
#, c-format
msgid "Note: Verified signer's address is `%s'\n"
msgstr "Hinweis: Überprüfte Adresse des Unterzeichners ist `%s'\n"
#: g10/pkclist.c:570
#, c-format
msgid "Note: Signer's address `%s' does not match DNS entry\n"
msgstr ""
"Hinweise: Adresse des Unterzeichners `%s' passt nicht zum DNS-Eintrag\n"
#: g10/pkclist.c:582
msgid "trustlevel adjusted to FULL due to valid PKA info\n"
msgstr "\"Trust\"-Ebene auf VOLLSTÄNDIG geändert (wg. gültiger PKA-Info)\n"
#: g10/pkclist.c:590
msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
msgstr "\"Trust\"-Ebene auf NIEMALS geändert (wg. falscher PKA-Info)\n"
#: g10/pkclist.c:601
msgid "Note: This key has expired!\n"
msgstr "Hinweis: Dieser Schlüssel ist verfallen!\n"
#: g10/pkclist.c:612
msgid "WARNING: This key is not certified with a trusted signature!\n"
msgstr "WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!\n"
#: g10/pkclist.c:614
msgid ""
" There is no indication that the signature belongs to the owner.\n"
msgstr ""
" Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen "
"Besitzer gehört.\n"
#: g10/pkclist.c:622
msgid "WARNING: We do NOT trust this key!\n"
msgstr "WARNUNG: Wir haben KEIN Vertrauen zu diesem Schlüssel!\n"
#: g10/pkclist.c:623
msgid " The signature is probably a FORGERY.\n"
msgstr " Die Signatur ist wahrscheinlich eine FÄLSCHUNG.\n"
#: g10/pkclist.c:631
msgid ""
"WARNING: This key is not certified with sufficiently trusted signatures!\n"
msgstr ""
"WARNUNG: Dieser Schlüssel ist nicht durch hinreichend vertrauenswürdige "
"Signaturen zertifiziert!\n"
#: g10/pkclist.c:633
msgid " It is not certain that the signature belongs to the owner.\n"
msgstr ""
" Es ist nicht sicher, daß die Signatur wirklich dem vorgeblichen "
"Besitzer gehört.\n"
#: g10/pkclist.c:832 g10/pkclist.c:874 g10/pkclist.c:1086 g10/pkclist.c:1156
#, c-format
msgid "%s: skipped: %s\n"
msgstr "%s: übersprungen: %s\n"
#: g10/pkclist.c:844 g10/pkclist.c:1124
#, c-format
msgid "%s: skipped: public key already present\n"
msgstr "%s: übersprungen: öffentlicher Schlüssel bereits vorhanden\n"
#: g10/pkclist.c:895
msgid "You did not specify a user ID. (you may use \"-r\")\n"
msgstr ""
"Sie haben keine User-ID angegeben (Sie können die Option \"-r\" verwenden).\n"
#: g10/pkclist.c:919
msgid "Current recipients:\n"
msgstr "Derzeitige Empfänger:\n"
#: g10/pkclist.c:945
msgid ""
"\n"
"Enter the user ID. End with an empty line: "
msgstr ""
"\n"
"Geben Sie die User-ID ein. Beenden mit einer leeren Zeile: "
#: g10/pkclist.c:970
msgid "No such user ID.\n"
msgstr "Keine solche User-ID vorhanden.\n"
#: g10/pkclist.c:979 g10/pkclist.c:1053
msgid "skipped: public key already set as default recipient\n"
msgstr ""
"übersprungen: öffentlicher Schlüssel bereits als Standardempfänger gesetzt\n"
#: g10/pkclist.c:1000
msgid "Public key is disabled.\n"
msgstr "Öffentlicher Schlüssel ist abgeschaltet.\n"
#: g10/pkclist.c:1009
msgid "skipped: public key already set\n"
msgstr "übersprungen: öffentlicher Schlüssel bereits gesetzt\n"
#: g10/pkclist.c:1044
#, c-format
msgid "unknown default recipient \"%s\"\n"
msgstr "Unbekannter voreingestellter Empfänger \"%s\"\n"
#: g10/pkclist.c:1102
#, c-format
msgid "%s: skipped: public key is disabled\n"
msgstr "%s: übersprungen: öffentlicher Schlüssel ist abgeschaltet\n"
#: g10/pkclist.c:1164
msgid "no valid addressees\n"
msgstr "Keine gültigen Adressaten\n"
#: g10/pkclist.c:1478
#, c-format
msgid "Note: key %s has no %s feature\n"
msgstr "Hinweis: Schlüssel %s besitzt nicht die %s Eigenschaft\n"
#: g10/pkclist.c:1503
#, c-format
msgid "Note: key %s has no preference for %s\n"
msgstr "Hinweis: Schlüssel %s hat keine Einstellung für %s\n"
#: g10/plaintext.c:95
msgid "data not saved; use option \"--output\" to save it\n"
msgstr ""
"Daten wurden nicht gespeichert; verwenden Sie dafür die Option \"--output\"\n"
#: g10/plaintext.c:472
msgid "Detached signature.\n"
msgstr "Abgetrennte Beglaubigungen.\n"
#: g10/plaintext.c:479
msgid "Please enter name of data file: "
msgstr "Bitte geben Sie den Namen der Datendatei ein: "
#: g10/plaintext.c:511
msgid "reading stdin ...\n"
msgstr "lese stdin ...\n"
#: g10/plaintext.c:549
msgid "no signed data\n"
msgstr "keine unterschriebene Daten\n"
#: g10/plaintext.c:565
#, c-format
msgid "can't open signed data `%s'\n"
msgstr "kann signierte Datei '%s' nicht öffnen.\n"
#: g10/plaintext.c:599
#, c-format
msgid "can't open signed data fd=%d: %s\n"
msgstr "kann signierte Daten auf fd=%d nicht öffnen: %s\n"
#: g10/pubkey-enc.c:105
#, c-format
msgid "anonymous recipient; trying secret key %s ...\n"
msgstr "Ungenannter Empfänger; Versuch mit geheimen Schlüssel %s ...\n"
#: g10/pubkey-enc.c:136
msgid "okay, we are the anonymous recipient.\n"
msgstr "Alles klar, wir sind der ungenannte Empfänger.\n"
#: g10/pubkey-enc.c:225
msgid "old encoding of the DEK is not supported\n"
msgstr "alte Kodierung des DEK wird nicht unterstützt\n"
#: g10/pubkey-enc.c:246
#, c-format
msgid "cipher algorithm %d%s is unknown or disabled\n"
msgstr "Verschüsselungsverfahren %d%s ist unbekannt oder abgeschaltet\n"
#: g10/pubkey-enc.c:284
#, c-format
msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
msgstr ""
"WARNUNG: Das Verschlüsselungsverfahren %s wurde nicht in den "
"Empfängereinstellungen gefunden\n"
#: g10/pubkey-enc.c:304
#, c-format
msgid "NOTE: secret key %s expired at %s\n"
msgstr "Hinweis: geheimer Schlüssel %s verfällt am %s\n"
#: g10/pubkey-enc.c:310
msgid "NOTE: key has been revoked"
msgstr "Hinweis: Schlüssel wurde widerrufen"
#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
#: g10/revoke.c:186 g10/revoke.c:587
#, c-format
msgid "build_packet failed: %s\n"
msgstr "\"build_packet\" fehlgeschlagen: %s\n"
#: g10/revoke.c:145
#, c-format
msgid "key %s has no user IDs\n"
msgstr "Schlüssel %s hat keine User-IDs\n"
#: g10/revoke.c:306
msgid "To be revoked by:\n"
msgstr "Schlüssel soll widerrufen werden von:\n"
#: g10/revoke.c:310
msgid "(This is a sensitive revocation key)\n"
msgstr "(Dies ist ein \"sensitiver\" Widerrufsschlüssel)\n"
#: g10/revoke.c:314
msgid "Create a designated revocation certificate for this key? (y/N) "
msgstr ""
"Ein vorgesehenes Widerrufszertifikat für diesen Schlüssel erzeugen? (j/N) "
#: g10/revoke.c:327 g10/revoke.c:553
msgid "ASCII armored output forced.\n"
msgstr "Ausgabe mit ASCII Hülle erzwungen\n"
#: g10/revoke.c:342 g10/revoke.c:567
#, c-format
msgid "make_keysig_packet failed: %s\n"
msgstr "\"make_keysig_packet\" fehlgeschlagen: %s\n"
#: g10/revoke.c:405
msgid "Revocation certificate created.\n"
msgstr "Widerrufzertifikat erzeugt.\n"
#: g10/revoke.c:411
#, c-format
msgid "no revocation keys found for \"%s\"\n"
msgstr "keine Widerrufsschlüssel für \"%s\" gefunden\n"
#: g10/revoke.c:470
#, c-format
msgid "secret key \"%s\" not found: %s\n"
msgstr "Geheimer Schlüssel \"%s\" nicht gefunden: %s\n"
#: g10/revoke.c:499
#, c-format
msgid "no corresponding public key: %s\n"
msgstr "kein zugehöriger öffentlicher Schlüssel: %s\n"
#: g10/revoke.c:510
msgid "public key does not match secret key!\n"
msgstr "Öffentliche Schlüssel paßt nicht zum geheimen Schlüssel!\n"
#: g10/revoke.c:517
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Ein Widerrufszertifikat für diesen Schlüssel erzeugen? (j/N) "
#: g10/revoke.c:534
msgid "unknown protection algorithm\n"
msgstr "Unbekanntes Schutzverfahren\n"
#: g10/revoke.c:542
msgid "NOTE: This key is not protected!\n"
msgstr "Dieser Schlüssel ist nicht geschützt.\n"
# translated by wk
#: g10/revoke.c:593
msgid ""
"Revocation certificate created.\n"
"\n"
"Please move it to a medium which you can hide away; if Mallory gets\n"
"access to this certificate he can use it to make your key unusable.\n"
"It is smart to print this certificate and store it away, just in case\n"
"your media become unreadable. But have some caution: The print system of\n"
"your machine might store the data and make it available to others!\n"
msgstr ""
"Widerrufszertifikat wurde erzeugt.\n"
"\n"
"Bitte speichern Sie es auf einem Medium welches sie wegschliessen\n"
"können; falls Mallory (ein Angreifer) Zugang zu diesem Zertifikat\n"
"erhält, kann erIhren Schlüssel unbrauchbar machen. Es wäre klug,\n"
"dieses Widerrufszertifikat auch auszudrucken und sicher aufzubewahren,\n"
"falls das ursprüngliche Mediumnicht mehr lesbar ist. Aber Obacht: Das\n"
"Drucksystem kann unter Umständen eine Kopie anderen Nutzern zugänglich\n"
"machen.\n"
#: g10/revoke.c:635
msgid "Please select the reason for the revocation:\n"
msgstr "Grund für den Widerruf:\n"
#: g10/revoke.c:645
msgid "Cancel"
msgstr "Abbruch"
#: g10/revoke.c:647
#, c-format
msgid "(Probably you want to select %d here)\n"
msgstr "(Wahrscheinlich möchten Sie hier %d auswählen)\n"
#: g10/revoke.c:688
msgid "Enter an optional description; end it with an empty line:\n"
msgstr ""
"Geben Sie eine optionale Beschreibung ein. Beenden mit einer leeren Zeile:\n"
#: g10/revoke.c:716
#, c-format
msgid "Reason for revocation: %s\n"
msgstr "Grund für Widerruf: %s\n"
#: g10/revoke.c:718
msgid "(No description given)\n"
msgstr "(Keine Beschreibung angegeben)\n"
#: g10/revoke.c:723
msgid "Is this okay? (y/N) "
msgstr "Ist das OK? (j/N) "
#: g10/seckey-cert.c:55
msgid "secret key parts are not available\n"
msgstr "Teile des geheimen Schlüssels sind nicht vorhanden\n"
#: g10/seckey-cert.c:61
#, c-format
msgid "protection algorithm %d%s is not supported\n"
msgstr "Schutzverfahren %d%s wird nicht unterstützt\n"
#: g10/seckey-cert.c:72
#, c-format
msgid "protection digest %d is not supported\n"
msgstr "Hashschutzverfahren %d wird nicht unterstützt\n"
#: g10/seckey-cert.c:291
msgid "Invalid passphrase; please try again"
msgstr "Ungültige Passphrase; versuchen Sie es bitte noch einmal"
#: g10/seckey-cert.c:292
#, c-format
msgid "%s ...\n"
msgstr "%s ...\n"
#: g10/seckey-cert.c:361
msgid "WARNING: Weak key detected - please change passphrase again.\n"
msgstr ""
"WARNUNG: Unsicherer Schlüssel entdeckt -\n"
" bitte Passphrase nochmals wechseln.\n"
#: g10/seckey-cert.c:404
msgid "generating the deprecated 16-bit checksum for secret key protection\n"
msgstr ""
"Die mißbilligte 16-bit Prüfsumme wird zum Schutz des geheimen Schlüssels "
"benutzt\n"
#: g10/seskey.c:61 sm/encrypt.c:119
msgid "weak key created - retrying\n"
msgstr "Unsicherer Schlüssel erzeugt - neuer Versuch\n"
#: g10/seskey.c:65
#, c-format
msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
msgstr ""
"Trotz %d-fachen Versuch konnte die Erzeugung eines unsicheren Schlüssels für "
"sym.Verschlüsselung nicht vermieden werden!\n"
#: g10/seskey.c:227 sm/certcheck.c:89
msgid "DSA requires the hash length to be a multiple of 8 bits\n"
msgstr "Für DSA muß die Hashlänge ein Vielfaches von 8 Bit sein\n"
#: g10/seskey.c:240
#, c-format
msgid "DSA key %s uses an unsafe (%u bit) hash\n"
msgstr "DSA-Schlüssel %s verwendet einen unsicheren (%u Bit-) Hash\n"
#: g10/seskey.c:252
#, c-format
msgid "DSA key %s requires a %u bit or larger hash\n"
msgstr "DSA-Schlüssel %s benötigt einen mindestens %u Bit langen Hash\n"
#: g10/sig-check.c:80
msgid "WARNING: signature digest conflict in message\n"
msgstr "WARNUNG: Widersprechende Hashverfahren in der signierten Nachricht\n"
#: g10/sig-check.c:105
#, c-format
msgid "WARNING: signing subkey %s is not cross-certified\n"
msgstr "WARNUNG: Signaturunterschlüssel %s hat keine Rücksignatur\n"
#: g10/sig-check.c:117
#, c-format
msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
msgstr "WARNUNG: Signaturunterschlüssel %s hat eine ungültige Rücksignatur\n"
#: g10/sig-check.c:189
#, c-format
msgid "public key %s is %lu second newer than the signature\n"
msgstr ""
"Öffentlicher Schlüssel %s ist %lu Sekunden jünger als die Unterschrift\n"
#: g10/sig-check.c:190
#, c-format
msgid "public key %s is %lu seconds newer than the signature\n"
msgstr ""
"Öffentlicher Schlüssel %s ist %lu Sekunden jünger als die Unterschrift\n"
#: g10/sig-check.c:201
#, c-format
msgid ""
"key %s was created %lu second in the future (time warp or clock problem)\n"
msgstr ""
"Schlüssel %s wurde %lu Sekunden in der Zukunft erzeugt (Zeitreise oder "
"Uhrenproblem)\n"
#: g10/sig-check.c:203
#, c-format
msgid ""
"key %s was created %lu seconds in the future (time warp or clock problem)\n"
msgstr ""
"Schlüssel %s wurde %lu Sekunden in der Zukunft erzeugt (Zeitreise oder "
"Uhrenproblem)\n"
#: g10/sig-check.c:213
#, c-format
msgid "NOTE: signature key %s expired %s\n"
msgstr "Hinweis: Signaturschlüssel %s ist am %s verfallen\n"
#: g10/sig-check.c:296
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"Vermutlich eine FALSCHE Unterschrift von Schlüssel %s, wegen unbekanntem "
"\"critical bit\"\n"
#: g10/sig-check.c:561
#, c-format
msgid "key %s: no subkey for subkey revocation signature\n"
msgstr ""
"Schlüssel %s: Kein Unterschlüssel für die Unterschlüsselwiderruf-"
"Beglaubigung\n"
#: g10/sig-check.c:588
#, c-format
msgid "key %s: no subkey for subkey binding signature\n"
msgstr ""
"Schlüssel %s: Kein Unterschlüssel für die Unterschlüsselanbindungs-"
"Beglaubigung\n"
#: g10/sign.c:89
#, c-format
msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
msgstr ""
"WARNUNG: \"Notation\" kann nicht %%-erweitert werden (zu groß). Verwende "
"\"unerweiterte\".\n"
#: g10/sign.c:115
#, c-format
msgid ""
"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
msgstr ""
"WARNUNG: Richtlinien-URL kann nicht %%-erweitert werden (zu groß). Verwende "
"\"unerweiterte\".\n"
#: g10/sign.c:138
#, c-format
msgid ""
"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
"unexpanded.\n"
msgstr ""
"WARNUNG: URL für bevorzugten Schlüsselserver kann nicht %%-erweitert werden "
"(zu groß). Verwende \"unerweiterte\".\n"
#: g10/sign.c:311
#, c-format
msgid "checking created signature failed: %s\n"
msgstr "Prüfung der erstellten Unterschrift ist fehlgeschlagen: %s\n"
#: g10/sign.c:320
#, c-format
msgid "%s/%s signature from: \"%s\"\n"
msgstr "%s/%s Unterschrift von: \"%s\"\n"
#: g10/sign.c:758
msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
msgstr ""
"Im --pgp2-Modus kann nur mit PGP-2.x-artigen Schlüsseln eine abgetrennte "
"Unterschrift erzeugt werden\n"
#: g10/sign.c:834
#, c-format
msgid ""
"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
msgstr ""
"WARNUNG: Erzwingen des Hashverfahrens %s (%d) verstößt gegen die "
"Empfängervoreinstellungen\n"
#: g10/sign.c:961
msgid "signing:"
msgstr "unterschreibe:"
#: g10/sign.c:1076
msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
msgstr ""
"Im --pgp2-Modus können Sie Klartextunterschriften nur mit PGP-2.x-artigen "
"Schlüssel machen\n"
#: g10/sign.c:1260
#, c-format
msgid "%s encryption will be used\n"
msgstr "%s Verschlüsselung wird verwendet\n"
#: g10/skclist.c:149 g10/skclist.c:213
msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
msgstr ""
"Schlüssel ist nicht als unsicher gekennzeichnet - er ist nur mit einem\n"
"echten Zufallsgenerator verwendbar\n"
#: g10/skclist.c:180
#, c-format
msgid "skipped \"%s\": duplicated\n"
msgstr "übersprungen \"%s\": doppelt\n"
#: g10/skclist.c:188 g10/skclist.c:198 g10/skclist.c:207
#, c-format
msgid "skipped \"%s\": %s\n"
msgstr "übersprungen \"%s\": %s\n"
#: g10/skclist.c:193
msgid "skipped: secret key already present\n"
msgstr "übersprungen: geheimer Schlüssel bereits vorhanden\n"
#: g10/skclist.c:208
msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
msgstr ""
"Dies ist ein durch PGP erzeugter Elgamal-Schlüssel. Das ist für Signaturen "
"NICHT sicher genug!"
#: g10/tdbdump.c:58 g10/trustdb.c:360
#, c-format
msgid "trust record %lu, type %d: write failed: %s\n"
msgstr "Vertrauenssatz %lu, Typ %d: Schreiben fehlgeschlagen: %s\n"
#: g10/tdbdump.c:103
#, c-format
msgid ""
"# List of assigned trustvalues, created %s\n"
"# (Use \"gpg --import-ownertrust\" to restore them)\n"
msgstr ""
"# Liste de zugewiesenden Trustwerte, erzeugt am %s\n"
"# (\"gpg --import-ownertrust\" um sie zu restaurieren)\n"
#: g10/tdbdump.c:158 g10/tdbdump.c:166 g10/tdbdump.c:171 g10/tdbdump.c:176
#, c-format
msgid "error in `%s': %s\n"
msgstr "Fehler in `%s': %s\n"
#: g10/tdbdump.c:158
msgid "line too long"
msgstr "Zeile ist zu lang"
#: g10/tdbdump.c:166
msgid "colon missing"
msgstr "Doppelpunkt fehlt"
#: g10/tdbdump.c:172
msgid "invalid fingerprint"
msgstr "ungültiger Fingerabdruck"
#: g10/tdbdump.c:177
msgid "ownertrust value missing"
msgstr "\"Owner trust\"-Wert fehlt"
#: g10/tdbdump.c:213
#, c-format
msgid "error finding trust record in `%s': %s\n"
msgstr "Fehler beim Suchen des \"Trust records\" in `%s': %s\n"
#: g10/tdbdump.c:217
#, c-format
msgid "read error in `%s': %s\n"
msgstr "Lesefehler in `%s': %s\n"
#: g10/tdbdump.c:226 g10/trustdb.c:375
#, c-format
msgid "trustdb: sync failed: %s\n"
msgstr "\"Trust-DB\": sync fehlgeschlagen: %s\n"
#: g10/tdbio.c:128 g10/tdbio.c:1437
#, c-format
msgid "trustdb rec %lu: lseek failed: %s\n"
msgstr "trustdb Satz %lu: lseek fehlgeschlagen: %s\n"
#: g10/tdbio.c:135 g10/tdbio.c:1444
#, c-format
msgid "trustdb rec %lu: write failed (n=%d): %s\n"
msgstr "trustdb Satz %lu: write fehlgeschlagen (n=%d): %s\n"
#: g10/tdbio.c:245
msgid "trustdb transaction too large\n"
msgstr "trustdb Transaktion zu groß\n"
#: g10/tdbio.c:498
#, c-format
msgid "can't access `%s': %s\n"
msgstr "kann aus `%s' nicht zugreifen: %s\n"
#: g10/tdbio.c:513
#, c-format
msgid "%s: directory does not exist!\n"
msgstr "%s: Verzeichnis existiert nicht!\n"
#: g10/tdbio.c:523 g10/tdbio.c:546 g10/tdbio.c:587 sm/keydb.c:221
#, c-format
msgid "can't create lock for `%s'\n"
msgstr "Datei `%s' konnte nicht gesperrt werden\n"
#: g10/tdbio.c:525 g10/tdbio.c:590
#, c-format
msgid "can't lock `%s'\n"
msgstr "'%s' kann nicht gesperrt werden\n"
#: g10/tdbio.c:551
#, c-format
msgid "%s: failed to create version record: %s"
msgstr "%s: Fehler beim Erzeugen des Versionsatzes: %s"
#: g10/tdbio.c:555
#, c-format
msgid "%s: invalid trustdb created\n"
msgstr "%s: ungültige trust-db erzeugt\n"
#: g10/tdbio.c:558
#, c-format
msgid "%s: trustdb created\n"
msgstr "%s: trust-db erzeugt\n"
#: g10/tdbio.c:600
msgid "NOTE: trustdb not writable\n"
msgstr "Notiz: Die \"trustdb\" ist nicht schreibbar\n"
#: g10/tdbio.c:608
#, c-format
msgid "%s: invalid trustdb\n"
msgstr "%s: ungültige 'Trust'-Datenbank\n"
#: g10/tdbio.c:640
#, c-format
msgid "%s: failed to create hashtable: %s\n"
msgstr "%s: hashtable kann nicht erzeugt werden: %s\n"
#: g10/tdbio.c:648
#, c-format
msgid "%s: error updating version record: %s\n"
msgstr "%s: Fehler beim Ändern des Versionsatzes: %s\n"
#: g10/tdbio.c:665 g10/tdbio.c:685 g10/tdbio.c:701 g10/tdbio.c:715
#: g10/tdbio.c:745 g10/tdbio.c:1369 g10/tdbio.c:1396
#, c-format
msgid "%s: error reading version record: %s\n"
msgstr "%s: Fehler beim Lesen des Versionsatzes: %s\n"
#: g10/tdbio.c:724
#, c-format
msgid "%s: error writing version record: %s\n"
msgstr "%s: Fehler beim Schreiben des Versionsatzes: %s\n"
#: g10/tdbio.c:1164
#, c-format
msgid "trustdb: lseek failed: %s\n"
msgstr "trustdb: lseek fehlgeschlagen: %s\n"
#: g10/tdbio.c:1173
#, c-format
msgid "trustdb: read failed (n=%d): %s\n"
msgstr "trustdb: read failed (n=%d): %s\n"
#: g10/tdbio.c:1194
#, c-format
msgid "%s: not a trustdb file\n"
msgstr "%s: keine trustdb Datei\n"
#: g10/tdbio.c:1212
#, c-format
msgid "%s: version record with recnum %lu\n"
msgstr "%s: version record with recnum %lu\n"
#: g10/tdbio.c:1217
#, c-format
msgid "%s: invalid file version %d\n"
msgstr "%s: invalid file version %d\n"
#: g10/tdbio.c:1402
#, c-format
msgid "%s: error reading free record: %s\n"
msgstr "%s: Fehler beim Lesen eines freien Satzes: %s\n"
#: g10/tdbio.c:1410
#, c-format
msgid "%s: error writing dir record: %s\n"
msgstr "%s: Fehler beim Schreiben eines Verzeichnis-Satzes: %s\n"
#: g10/tdbio.c:1420
#, c-format
msgid "%s: failed to zero a record: %s\n"
msgstr "%s: konnte einen Satz nicht Nullen: %s\n"
#: g10/tdbio.c:1450
#, c-format
msgid "%s: failed to append a record: %s\n"
msgstr "%s: konnte Satz nicht anhängen: %s\n"
#: g10/tdbio.c:1495
msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
msgstr ""
"Die \"Trust\"-Datenbank ist beschädigt; verwenden Sie \"gpg --fix-trustdb"
"\".\n"
#: g10/textfilter.c:147
#, c-format
msgid "can't handle text lines longer than %d characters\n"
msgstr "Textzeilen länger als %d Zeichen können nicht benutzt werden\n"
#: g10/textfilter.c:247
#, c-format
msgid "input line longer than %d characters\n"
msgstr "Eingabezeile ist länger als %d Zeichen\n"
#: g10/trustdb.c:221
#, c-format
msgid "`%s' is not a valid long keyID\n"
msgstr "'%s' ist keine gültige lange Schlüssel-ID\n"
#: g10/trustdb.c:252
#, c-format
msgid "key %s: accepted as trusted key\n"
msgstr "Schlüssel %s: Als vertrauenswürdiger Schlüssel akzeptiert\n"
#: g10/trustdb.c:290
#, c-format
msgid "key %s occurs more than once in the trustdb\n"
msgstr "Schlüssel %s tritt mehr als einmal in der \"trustdb\" auf\n"
#: g10/trustdb.c:305
#, c-format
msgid "key %s: no public key for trusted key - skipped\n"
msgstr ""
"Schlüssel %s: kein öffentlicher Schlüssel für den vertrauenswürdigen "
"Schlüssel - übersprungen\n"
#: g10/trustdb.c:315
#, c-format
msgid "key %s marked as ultimately trusted\n"
msgstr "Schlüssel %s ist als uneingeschränkt vertrauenswürdig gekennzeichnet\n"
#: g10/trustdb.c:339
#, c-format
msgid "trust record %lu, req type %d: read failed: %s\n"
msgstr "trust record %lu, req type %d: read failed: %s\n"
#: g10/trustdb.c:345
#, c-format
msgid "trust record %lu is not of requested type %d\n"
msgstr "Vertrauenssatz %lu ist nicht von der angeforderten Art %d\n"
#: g10/trustdb.c:441
#, c-format
msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
msgstr ""
"kann unbekanntes Vertrauensmodell nicht verwenden (%d) - verwende "
"Vertrauensmodell %s\n"
#: g10/trustdb.c:447
#, c-format
msgid "using %s trust model\n"
msgstr "verwende Vertrauensmodell %s\n"
#: g10/trustdb.c:499
msgid "10 translator see trustdb.c:uid_trust_string_fixed"
msgstr "10"
#: g10/trustdb.c:501
msgid "[ revoked]"
msgstr "[widerrufen]"
#: g10/trustdb.c:503 g10/trustdb.c:508
msgid "[ expired]"
msgstr "[verfall.]"
#: g10/trustdb.c:507
msgid "[ unknown]"
msgstr "[ unbek.]"
#: g10/trustdb.c:509
msgid "[ undef ]"
msgstr "[ undef.]"
#: g10/trustdb.c:510
msgid "[marginal]"
msgstr "[marginal]"
#: g10/trustdb.c:511
msgid "[ full ]"
msgstr "[ vollst.]"
#: g10/trustdb.c:512
msgid "[ultimate]"
msgstr "[ uneing.]"
#: g10/trustdb.c:527
msgid "undefined"
msgstr "unbestimmt"
#: g10/trustdb.c:528
msgid "never"
msgstr "niemals"
#: g10/trustdb.c:529
msgid "marginal"
msgstr "marginal"
#: g10/trustdb.c:530
msgid "full"
msgstr "vollständig"
#: g10/trustdb.c:531
msgid "ultimate"
msgstr "uneingeschränkt"
#: g10/trustdb.c:571
msgid "no need for a trustdb check\n"
msgstr "\"Trust-DB\"-Überprüfung nicht nötig\n"
#: g10/trustdb.c:577 g10/trustdb.c:2346
#, c-format
msgid "next trustdb check due at %s\n"
msgstr "nächste \"Trust-DB\"-Pflichtüberprüfung am %s\n"
#: g10/trustdb.c:586
#, c-format
msgid "no need for a trustdb check with `%s' trust model\n"
msgstr "\"Trust-DB\"-Überprüfung ist beim `%s'-Vertrauensmodell nicht nötig\n"
#: g10/trustdb.c:601
#, c-format
msgid "no need for a trustdb update with `%s' trust model\n"
msgstr "\"Trust-DB\"-Änderung ist beim `%s'-Vertrauensmodell nicht nötig\n"
#: g10/trustdb.c:833 g10/trustdb.c:1271
#, c-format
msgid "public key %s not found: %s\n"
msgstr "Öffentlicher Schlüssel %s nicht gefunden: %s\n"
#: g10/trustdb.c:1028
msgid "please do a --check-trustdb\n"
msgstr "Bitte ein --check-trustdb durchführen\n"
#: g10/trustdb.c:1032
msgid "checking the trustdb\n"
msgstr "\"Trust-DB\" wird überprüft\n"
# translated by wk
#: g10/trustdb.c:2089
#, c-format
msgid "%d keys processed (%d validity counts cleared)\n"
msgstr "%d Schlüssel verarbeitet (%d Validity Zähler gelöscht)\n"
#: g10/trustdb.c:2154
msgid "no ultimately trusted keys found\n"
msgstr "keine uneingeschränkt vertrauenswürdige Schlüssel gefunden\n"
#: g10/trustdb.c:2168
#, c-format
msgid "public key of ultimately trusted key %s not found\n"
msgstr ""
"öff.Schlüssel des uneingeschränkt vertrautem Schlüssel %s nicht gefunden\n"
#: g10/trustdb.c:2191
#, c-format
msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
msgstr "%d marginal-needed, %d complete-needed, %s Vertrauensmodell\n"
#: g10/trustdb.c:2277
#, c-format
msgid ""
"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
msgstr ""
"Tiefe: %d gültig: %3d unterschrieben: %3d Vertrauen: %d-, %dq, %dn, %dm, %"
"df, %du\n"
#: g10/trustdb.c:2352
#, c-format
msgid "unable to update trustdb version record: write failed: %s\n"
msgstr ""
"\"Trust-DB\"-Versions-Satz kann nicht geändert werden: Schreiben "
"fehlgeschlagen: %s\n"
#: g10/verify.c:118
msgid ""
"the signature could not be verified.\n"
"Please remember that the signature file (.sig or .asc)\n"
"should be the first file given on the command line.\n"
msgstr ""
"Die Unterschrift konnte nicht überprüft werden.\n"
"Denken Sie daran, daß die Datei mit der Unterschrift (.sig oder .asc)\n"
"als erster in der Kommandozeile stehen sollte.\n"
#: g10/verify.c:205
#, c-format
msgid "input line %u too long or missing LF\n"
msgstr "Eingabezeile %u ist zu lang oder es fehlt ein LF\n"
#: g10/verify.c:250
#, c-format
msgid "can't open fd %d: %s\n"
msgstr "fd=%d kann nicht geöffnet werden: %s\n"
#: jnlib/argparse.c:176
msgid "argument not expected"
msgstr "Argument nicht erwartet"
#: jnlib/argparse.c:178
msgid "read error"
msgstr "Lesefehler"
#: jnlib/argparse.c:180
msgid "keyword too long"
msgstr "Schlüsselwort ist zu lang"
#: jnlib/argparse.c:182
msgid "missing argument"
msgstr "Fehlendes Argument"
#: jnlib/argparse.c:184
msgid "invalid command"
msgstr "Ungültige Befehl"
#: jnlib/argparse.c:186
msgid "invalid alias definition"
msgstr "Ungültige Alias-Definition"
#: jnlib/argparse.c:188
msgid "invalid option"
msgstr "Ungültige Option"
#: jnlib/argparse.c:196
#, c-format
msgid "missing argument for option \"%.50s\"\n"
msgstr "Fehlendes Argument für Option \"%.50s\"\n"
#: jnlib/argparse.c:198
#, c-format
msgid "option \"%.50s\" does not expect an argument\n"
msgstr "Option \"%.50s\" erwartet kein Argument\n"
#: jnlib/argparse.c:201
#, c-format
msgid "invalid command \"%.50s\"\n"
msgstr "Ungültiger Befehl \"%.50s\"\n"
#: jnlib/argparse.c:203
#, c-format
msgid "option \"%.50s\" is ambiguous\n"
msgstr "Option \"%.50s\" ist mehrdeutig\n"
#: jnlib/argparse.c:205
#, c-format
msgid "command \"%.50s\" is ambiguous\n"
msgstr "Befehl \"%.50s\" ist mehrdeutig\n"
#: jnlib/argparse.c:207
#, c-format
msgid "invalid option \"%.50s\"\n"
msgstr "Ungültige Option \"%.50s\"\n"
#: jnlib/logging.c:624
#, c-format
msgid "you found a bug ... (%s:%d)\n"
msgstr "Sie haben eine Bug (Programmfehler) gefunden ... (%s:%d)\n"
#: jnlib/utf8conv.c:86
#, c-format
msgid "error loading `%s': %s\n"
msgstr "Fehler beim Laden von `%s': %s\n"
#: jnlib/utf8conv.c:124
#, c-format
msgid "conversion from `%s' to `%s' not available\n"
msgstr "Umwandlung von `%s' in `%s' ist nicht verfügbar\n"
#: jnlib/utf8conv.c:132
#, c-format
msgid "iconv_open failed: %s\n"
msgstr "iconv_open fehlgeschlagen: %s\n"
#: jnlib/utf8conv.c:392 jnlib/utf8conv.c:658
#, c-format
msgid "conversion from `%s' to `%s' failed: %s\n"
msgstr "Umwandlung von `%s' in `%s' schlug fehl: %s\n"
#: kbx/kbxutil.c:92
msgid "set debugging flags"
msgstr "Debug Flags setzen"
#: kbx/kbxutil.c:93
msgid "enable full debugging"
msgstr "Alle Debug Flags setzen"
#: kbx/kbxutil.c:114
msgid "Please report bugs to "
msgstr "Bitte richten sie Berichte über Bugs (Softwarefehler) an "
#: kbx/kbxutil.c:118
msgid "Usage: kbxutil [options] [files] (-h for help)"
msgstr "Aufruf: kbxutil [Optionen] [Dateien] (-h für Hilfe)"
#: kbx/kbxutil.c:121
msgid ""
"Syntax: kbxutil [options] [files]\n"
"list, export, import Keybox data\n"
msgstr ""
"Syntax: kbxutil [Optionen] [Dateien]\n"
"Anlistem exportieren und Importieren von KeyBox Dateien\n"
#: scd/app-nks.c:326 scd/app-openpgp.c:1328
msgid "||Please enter your PIN at the reader's keypad"
msgstr "||Bitte die PIN auf der Tastatur des Kartenleser eingeben"
#: scd/app-nks.c:330 scd/app-openpgp.c:1332 scd/app-openpgp.c:1364
#: scd/app-openpgp.c:1483
#, c-format
msgid "PIN callback returned error: %s\n"
msgstr "PIN-Callback meldete Fehler: %s\n"
#: scd/app-nks.c:378
msgid "the NullPIN has not yet been changed\n"
msgstr "Die Nullpin wurde noch nicht geändert\n"
#: scd/app-openpgp.c:599
#, c-format
msgid "failed to store the fingerprint: %s\n"
msgstr "Der Fingerabdruck kann nicht gespeichert werden: %s\n"
#: scd/app-openpgp.c:612
#, c-format
msgid "failed to store the creation date: %s\n"
msgstr "Das Erzeugungsdatum konnte nicht gespeichert werden: %s\n"
#: scd/app-openpgp.c:1007
#, c-format
msgid "reading public key failed: %s\n"
msgstr "Lesen des öffentlichen Schlüssels fehlgeschlagen: %s\n"
#: scd/app-openpgp.c:1015 scd/app-openpgp.c:2047
msgid "response does not contain the public key data\n"
msgstr "Die Antwort enthält keine öffentliche Schlüssel-Daten\n"
#: scd/app-openpgp.c:1023 scd/app-openpgp.c:2055
msgid "response does not contain the RSA modulus\n"
msgstr "Die Antwort enthält das RSA-Modulus nicht\n"
#: scd/app-openpgp.c:1032 scd/app-openpgp.c:2065
msgid "response does not contain the RSA public exponent\n"
msgstr "Antwort enthält den öffentlichen RSA-Exponenten nicht\n"
#: scd/app-openpgp.c:1314
#, c-format
msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
msgstr ""
"||Bitte die PIN auf der Tastatur des Kartenleser eingeben%%0A[Sigs erzeugt: %"
"lu]"
#: scd/app-openpgp.c:1348
#, c-format
msgid "||Please enter the PIN%%0A[sigs done: %lu]"
msgstr "||Bitte die PIN eingeben%%0A[Sigs erzeugt: %lu]"
#: scd/app-openpgp.c:1371 scd/app-openpgp.c:1489
#, c-format
msgid "PIN for CHV%d is too short; minimum length is %d\n"
msgstr "PIN für CHV%d ist zu kurz; die Mindestlänge beträgt %d\n"
#: scd/app-openpgp.c:1384 scd/app-openpgp.c:1424 scd/app-openpgp.c:1499
#: scd/app-openpgp.c:2318
#, c-format
msgid "verify CHV%d failed: %s\n"
msgstr "Prüfung des CHV%d fehlgeschlagen: %s\n"
#: scd/app-openpgp.c:1447
msgid "access to admin commands is not configured\n"
msgstr "Zugriff auf Admin-Befehle ist nicht eingerichtet\n"
#: scd/app-openpgp.c:1462 scd/app-openpgp.c:2528
msgid "error retrieving CHV status from card\n"
msgstr "Fehler beim Holen des CHV-Status' von der Karte\n"
#: scd/app-openpgp.c:1468 scd/app-openpgp.c:2537
msgid "card is permanently locked!\n"
msgstr "Karte ist dauerhaft gesperrt!\n"
#: scd/app-openpgp.c:1473
#, c-format
msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
msgstr "Noch %d Admin-PIN-Versuche, bis die Karte dauerhaft geperrt ist\n"
#. TRANSLATORS: Do not translate the "|A|" prefix but
#. keep it at the start of the string. We need this elsewhere
#. to get some infos on the string.
#: scd/app-openpgp.c:1480
msgid "|A|Admin PIN"
msgstr "|A|Admin-PIN"
#. TRANSLATORS: Do not translate the "|*|" prefixes but
#. keep it at the start of the string. We need this elsewhere
#. to get some infos on the string.
#: scd/app-openpgp.c:1629
msgid "|AN|New Admin PIN"
msgstr "|AN|Neue Admin-PIN"
#: scd/app-openpgp.c:1629
msgid "|N|New PIN"
msgstr "|N|Neue PIN"
#: scd/app-openpgp.c:1633
#, c-format
msgid "error getting new PIN: %s\n"
msgstr "Fehler beim Abfragen einer neuen PIN: %s\n"
#: scd/app-openpgp.c:1683 scd/app-openpgp.c:2133
msgid "error reading application data\n"
msgstr "Fehler beim Lesen der Anwendungsdaten\n"
#: scd/app-openpgp.c:1689 scd/app-openpgp.c:2140
msgid "error reading fingerprint DO\n"
msgstr "Fehler beim Lesen des Fingerabdrucks DO\n"
#: scd/app-openpgp.c:1699
msgid "key already exists\n"
msgstr "Schlüssel existiert bereits\n"
#: scd/app-openpgp.c:1703
msgid "existing key will be replaced\n"
msgstr "Existierender Schlüssel wird ersetzt werden\n"
#: scd/app-openpgp.c:1705
msgid "generating new key\n"
msgstr "neue Schlüssel werden erzeugt\n"
#: scd/app-openpgp.c:1872
msgid "creation timestamp missing\n"
msgstr "Erzeugungsdatum fehlt\n"
#: scd/app-openpgp.c:1879
#, c-format
msgid "RSA modulus missing or not of size %d bits\n"
msgstr "Der RSA Modulus fehlt oder ist nicht %d Bits lang\n"
#: scd/app-openpgp.c:1886
#, c-format
msgid "RSA public exponent missing or larger than %d bits\n"
msgstr "der öffentliche Exponent fehlt oder ist zu groß (mehr als %d Bit)\n"
#: scd/app-openpgp.c:1894 scd/app-openpgp.c:1901
#, c-format
msgid "RSA prime %s missing or not of size %d bits\n"
msgstr "Die RSA Primzahl %s fehlt oder ist nicht %d Bits lang\n"
#: scd/app-openpgp.c:1964
#, c-format
msgid "failed to store the key: %s\n"
msgstr "Speichern des Schlüssels fehlgeschlagen: %s\n"
#: scd/app-openpgp.c:2024
msgid "please wait while key is being generated ...\n"
msgstr "Bitte warten, der Schlüssel wird erzeugt ...\n"
#: scd/app-openpgp.c:2038
msgid "generating key failed\n"
msgstr "Schlüsselerzeugung fehlgeschlagen\n"
#: scd/app-openpgp.c:2041
#, c-format
msgid "key generation completed (%d seconds)\n"
msgstr "Schlüsselerzeugung abgeschlossen (%d Sekunden)\n"
#: scd/app-openpgp.c:2098
msgid "invalid structure of OpenPGP card (DO 0x93)\n"
msgstr "Ungültige Struktur der OpenPGP-Karte (DO 0x93)}\n"
#: scd/app-openpgp.c:2148
msgid "fingerprint on card does not match requested one\n"
msgstr "Der Fingerabdruck auf der Karte entspricht nicht dem angeforderten.\n"
#: scd/app-openpgp.c:2236
#, c-format
msgid "card does not support digest algorithm %s\n"
msgstr "Die Hashmethode %s wird von der Karte nicht unterstützt\n"
#: scd/app-openpgp.c:2297
#, c-format
msgid "signatures created so far: %lu\n"
msgstr "Anzahl bereits erzeugter Signaturen: %lu\n"
#: scd/app-openpgp.c:2542
msgid ""
"verification of Admin PIN is currently prohibited through this command\n"
msgstr ""
"Die Überprüfung der Admin PIN is momentan durch einen Befehl verboten "
"worden\n"
#: scd/app-openpgp.c:2615 scd/app-openpgp.c:2625
#, c-format
msgid "can't access %s - invalid OpenPGP card?\n"
msgstr "Kann auf %s nicht zugreifen - ungültige OpenPGP-Karte?\n"
#: scd/scdaemon.c:105
msgid "run in multi server mode (foreground)"
msgstr "Im Multiserver Modus ausführen"
#: scd/scdaemon.c:111 sm/gpgsm.c:364
msgid "read options from file"
msgstr "Konfigurationsoptionen aus Datei lesen"
#: scd/scdaemon.c:121
msgid "|N|connect to reader at port N"
msgstr "|N|Verbinde mit dem Leser auf Port N"
#: scd/scdaemon.c:122
msgid "|NAME|use NAME as ct-API driver"
msgstr "|NAME|Benutze NAME als CT-API Treiber"
#: scd/scdaemon.c:123
msgid "|NAME|use NAME as PC/SC driver"
msgstr "|NAME|Benutze NAME als PC/SC Treiber"
#: scd/scdaemon.c:126
msgid "do not use the internal CCID driver"
msgstr "Den internen CCID Treiber nicht benutzen"
#: scd/scdaemon.c:131
msgid "do not use a reader's keypad"
msgstr "Die Tastatur des Kartenleser nicht benutzen"
#: scd/scdaemon.c:132
msgid "allow the use of admin card commands"
msgstr "Erlaube die Benutzung von \"Admin\"-Befehlen"
#: scd/scdaemon.c:210
msgid "Usage: scdaemon [options] (-h for help)"
msgstr "Aufruf: scdaemon [Optionen] (-h für Hilfe)"
#: scd/scdaemon.c:212
msgid ""
"Syntax: scdaemon [options] [command [args]]\n"
"Smartcard daemon for GnuPG\n"
msgstr ""
"Synatx: scdaemon [Optionen] [Befehl [Argumente]]\n"
"Smartcard Daemon für GnuPG\n"
#: scd/scdaemon.c:668
msgid "please use the option `--daemon' to run the program in the background\n"
msgstr ""
"Bitte die Option `--daemon' nutzen um das Programm im Hintergund "
"auszuführen\n"
#: scd/scdaemon.c:1022
#, c-format
msgid "handler for fd %d started\n"
msgstr "Handhabungsroutine für fd %d gestartet\n"
#: scd/scdaemon.c:1028
#, c-format
msgid "handler for fd %d terminated\n"
msgstr "Handhabungsroutine für den fd %d beendet\n"
#: sm/base64.c:325
#, c-format
msgid "invalid radix64 character %02x skipped\n"
msgstr "Ungültiges Basis-64 Zeichen %02X wurde übersprungen\n"
#: sm/call-dirmngr.c:187
#, c-format
msgid "no running dirmngr - starting `%s'\n"
msgstr "Kein aktiver Dirmngr - `%s' wird einer gestartet\n"
#: sm/call-dirmngr.c:220
msgid "malformed DIRMNGR_INFO environment variable\n"
msgstr "Die Variable DIRMNGR_INFO ist fehlerhaft\n"
#: sm/call-dirmngr.c:232
#, c-format
msgid "dirmngr protocol version %d is not supported\n"
msgstr "Die Dirmngr Protokollversion %d wird nicht unterstützt\n"
#: sm/call-dirmngr.c:252
msgid "can't connect to the dirmngr - trying fall back\n"
msgstr ""
"Verbindung zum Dirmngr kann nicht aufgebaut werden - Ersatzmethode wird "
"versucht\n"
#: sm/certchain.c:194
#, c-format
msgid "validation model requested by certificate: %s"
msgstr "Durch Zertifikat angefordertes Gültigkeitsmodell: %s"
#: sm/certchain.c:195 sm/certchain.c:1646
msgid "chain"
msgstr "Kette"
#: sm/certchain.c:196 sm/certchain.c:1646
msgid "shell"
msgstr "Schale"
#: sm/certchain.c:241
#, c-format
msgid "critical certificate extension %s is not supported"
msgstr "Die kritische Zertifikaterweiterung %s wird nicht unterstützt"
#: sm/certchain.c:279
msgid "issuer certificate is not marked as a CA"
msgstr "Das Herausgeberzertifikat ist nicht für eine CA gekennzeichnet"
#: sm/certchain.c:317
msgid "critical marked policy without configured policies"
msgstr "entscheidende Richtlinie ohne konfigurierte Richtlinien"
#: sm/certchain.c:327
#, c-format
msgid "failed to open `%s': %s\n"
msgstr "Datei `%s' kann nicht geöffnet werden: %s\n"
#: sm/certchain.c:334 sm/certchain.c:363
msgid "note: non-critical certificate policy not allowed"
msgstr "Notiz: Die unkritische Zertifikatrichtlinie ist nicht erlaubt"
#: sm/certchain.c:338 sm/certchain.c:367
msgid "certificate policy not allowed"
msgstr "Die Zertifikatrichtlinie ist nicht erlaubt"
#: sm/certchain.c:478
msgid "looking up issuer at external location\n"
msgstr "Der Herausgeber wird von einer externen Stelle gesucht\n"
#: sm/certchain.c:498
#, c-format
msgid "number of issuers matching: %d\n"
-msgstr "Anzahl der übereinstimmenden Heruasgeber: %d\n"
+msgstr "Anzahl der übereinstimmenden Herausgeber: %d\n"
#: sm/certchain.c:651 sm/certchain.c:1069 sm/certchain.c:1674 sm/decrypt.c:259
#: sm/encrypt.c:341 sm/sign.c:327 sm/verify.c:113
msgid "failed to allocated keyDB handle\n"
msgstr "Ein keyDB Handle konnte nicht bereitgestellt werden\n"
#: sm/certchain.c:742
msgid "certificate has been revoked"
msgstr "Das Zertifikat wurde widerrufen"
#: sm/certchain.c:752
msgid "no CRL found for certificate"
msgstr "Keine CRL für das Zertifikat gefunden"
#: sm/certchain.c:757
msgid "the status of the certificate is unknown"
msgstr "Der Status des Zertifikats ist nicht bekannt"
#: sm/certchain.c:762
msgid "the available CRL is too old"
msgstr "Die vorhandene CRL ist zu alt"
#: sm/certchain.c:764
msgid "please make sure that the \"dirmngr\" is properly installed\n"
msgstr ""
"Bitte vergewissern Sie sich das der \"dirmngr\" richtig installierrt ist\n"
#: sm/certchain.c:770
#, c-format
msgid "checking the CRL failed: %s"
msgstr "Die CRL konnte nicht geprüft werden: %s"
#: sm/certchain.c:799 sm/certchain.c:867
#, c-format
msgid "certificate with invalid validity: %s"
msgstr "Zertifikat mit unzulässiger Gültigkeit: %s"
#: sm/certchain.c:814 sm/certchain.c:899
msgid "certificate not yet valid"
msgstr "Das Zertifikat ist noch nicht gültig"
#: sm/certchain.c:815 sm/certchain.c:900
msgid "root certificate not yet valid"
msgstr "Das Wurzelzertifikat ist noch nicht gültig"
#: sm/certchain.c:816 sm/certchain.c:901
msgid "intermediate certificate not yet valid"
msgstr "Das Zwischenzertifikat ist noch nicht gültig"
#: sm/certchain.c:829
msgid "certificate has expired"
msgstr "Das Zertifikat ist abgelaufen"
#: sm/certchain.c:830
msgid "root certificate has expired"
msgstr "Das Wurzelzertifikat ist abgelaufen"
#: sm/certchain.c:831
msgid "intermediate certificate has expired"
msgstr "Das Zwischenzertifikat ist abgelaufen"
#: sm/certchain.c:873
#, c-format
msgid "required certificate attributes missing: %s%s%s"
msgstr "Notwendige Zertifikatattribute fehlen: %s%s%s"
#: sm/certchain.c:882
msgid "certificate with invalid validity"
msgstr "Zertifikat mit unzulässiger Gültigkeit"
#: sm/certchain.c:919
msgid "signature not created during lifetime of certificate"
msgstr ""
"Die Unterschrift wurde nicht in der Gültigkeitszeit des Zertifikat erzeugt"
#: sm/certchain.c:921
msgid "certificate not created during lifetime of issuer"
msgstr ""
"Das Zertifikat wurde nicht während der Gültigkeitszeit des Herausgebers "
"erzeugt"
#: sm/certchain.c:922
msgid "intermediate certificate not created during lifetime of issuer"
msgstr ""
"Das Zwischenzertifikat wurde nicht während der Gültigkeitszeit des "
"Herausgebers erzeugt"
#: sm/certchain.c:926
msgid " ( signature created at "
msgstr " (Unterschrift erzeugt am "
#: sm/certchain.c:927
msgid " (certificate created at "
msgstr " ( Zertifikat erzeugt am "
#: sm/certchain.c:930
msgid " (certificate valid from "
msgstr " ( Zertifikat gültig von "
#: sm/certchain.c:931
msgid " ( issuer valid from "
msgstr " ( Herausgeber gültig von "
#: sm/certchain.c:961
#, c-format
msgid "fingerprint=%s\n"
msgstr "Fingerprint=%s\n"
#: sm/certchain.c:970
msgid "root certificate has now been marked as trusted\n"
msgstr "Das Wurzelzertifikat wurde nun als vertrauenswürdig markiert\n"
#: sm/certchain.c:983
msgid "interactive marking as trusted not enabled in gpg-agent\n"
msgstr ""
"Interaktives vertrauenswürdig-Markieren ist in gpg-agent ausgeschaltet\n"
#: sm/certchain.c:989
msgid "interactive marking as trusted disabled for this session\n"
msgstr ""
"Interaktives vertrauenswürdig-Markieren ist in dieser Sitzung ausgeschaltet\n"
#: sm/certchain.c:1046
msgid "WARNING: creation time of signature not known - assuming current time"
msgstr ""
"WARNUNG: Der Erzeugungszeitpunkt der Unterschrift ist nicht bekannt - Nehme "
"die aktuelle Zeit an"
#: sm/certchain.c:1110
msgid "no issuer found in certificate"
msgstr "Im Zertifikat ist kein Herausgeber enthalten"
#: sm/certchain.c:1184
msgid "self-signed certificate has a BAD signature"
msgstr "Das eigenbeglaubigte Zertifikat hat eine FALSCHE Signatur"
#: sm/certchain.c:1253
msgid "root certificate is not marked trusted"
msgstr "Das Wurzelzertifikat ist nicht als vertrauenswürdig markiert"
#: sm/certchain.c:1266
#, c-format
msgid "checking the trust list failed: %s\n"
msgstr "Fehler beim Prüfen der vertrauenswürdigen Zertifikate: %s\n"
#: sm/certchain.c:1295 sm/import.c:158
msgid "certificate chain too long\n"
msgstr "Der Zertifikatkette ist zu lang\n"
#: sm/certchain.c:1307
msgid "issuer certificate not found"
msgstr "Herausgeberzertifikat nicht gefunden"
#: sm/certchain.c:1340
msgid "certificate has a BAD signature"
msgstr "Das Zertifikat hat eine FALSCHE Signatur"
#: sm/certchain.c:1371
msgid "found another possible matching CA certificate - trying again"
msgstr ""
"Eine anderes möglicherweise passendes CA-Zertifikat gefunden - versuche "
"nochmal"
#: sm/certchain.c:1422
#, c-format
msgid "certificate chain longer than allowed by CA (%d)"
msgstr "Die Zertifikatkette ist länger als von der CA erlaubt (%d)"
#: sm/certchain.c:1462 sm/certchain.c:1745
msgid "certificate is good\n"
msgstr "Das Zertifikat ist korrekt\n"
#: sm/certchain.c:1463
msgid "intermediate certificate is good\n"
msgstr "Das Zwischenzertifikat ist korrekt\n"
#: sm/certchain.c:1464
msgid "root certificate is good\n"
msgstr "Das Wurzelzertifikat ist korrekt\n"
#: sm/certchain.c:1635
msgid "switching to chain model"
msgstr "Umgeschaltet auf das Kettenmodell"
#: sm/certchain.c:1644
#, c-format
msgid "validation model used: %s"
msgstr "Benutztes Gültigkeitsmodell: %s"
#: sm/certcheck.c:101
#, c-format
msgid "%s key uses an unsafe (%u bit) hash\n"
msgstr "%s-Schlüssel verwendet ein unsicheres (%u-Bit) Hashverfahren\n"
#: sm/certcheck.c:111
#, c-format
msgid "a %u bit hash is not valid for a %u bit %s key\n"
msgstr ""
"Ein %u-Bit Hashverfahren ist für einen %u-Bit %s Schlüssel nicht möglich\n"
#: sm/certcheck.c:248 sm/sign.c:480 sm/verify.c:198
msgid "(this is the MD2 algorithm)\n"
msgstr "(Dies ist der MD2 Algorithmus)\n"
#: sm/certdump.c:66 sm/certdump.c:149
msgid "none"
msgstr "keine"
#: sm/certdump.c:160
msgid "[none]"
msgstr "[keine]"
#: sm/certdump.c:583 sm/certdump.c:628 sm/certdump.c:693 sm/certdump.c:746
msgid "[Error - invalid encoding]"
msgstr "[Fehler - Ungültige Kodierung]"
#: sm/certdump.c:591 sm/certdump.c:636
msgid "[Error - out of core]"
msgstr "[Fehler - Nicht genügend Speicher]"
#: sm/certdump.c:673 sm/certdump.c:729
msgid "[Error - No name]"
msgstr "[Fehler - Kein Name]"
#: sm/certdump.c:698 sm/certdump.c:752
msgid "[Error - invalid DN]"
msgstr "[Fehler - Ungültiger DN]"
#: sm/certdump.c:946
#, c-format
msgid ""
"Please enter the passphrase to unlock the secret key for:\n"
"\"%s\"\n"
"S/N %s, ID 0x%08lX, created %s"
msgstr ""
"Bitte geben Sie die Passphrase an, um den \n"
"geheimen Schlüssel von\n"
"\"%s\"\n"
"S/N %s, ID 0x%08lX, erzeugt %s\n"
"zu entsperren"
#: sm/certlist.c:121
msgid "no key usage specified - assuming all usages\n"
msgstr ""
"Schlüsselverwendungszweck nicht vorhanden - für alle Zwecke akzeptiert\n"
#: sm/certlist.c:131 sm/keylist.c:258
#, c-format
msgid "error getting key usage information: %s\n"
msgstr "Fehler beim Holen der Schlüsselbenutzungsinformationen: %s\n"
#: sm/certlist.c:141
msgid "certificate should have not been used for certification\n"
msgstr "Das Zertifikat hätte nicht zum Zertifizieren benutzt werden sollen\n"
#: sm/certlist.c:153
msgid "certificate should have not been used for OCSP response signing\n"
msgstr ""
"Das Zertifikat hätte nicht zum Signieren von OCSP Antworten benutzt werden "
"sollen\n"
#: sm/certlist.c:164
msgid "certificate should have not been used for encryption\n"
msgstr "Das Zertifikat hätte nicht zum Verschlüsseln benutzt werden sollen\n"
#: sm/certlist.c:165
msgid "certificate should have not been used for signing\n"
msgstr "Das Zertifikat hätte nicht zum Signieren benutzt werden sollen\n"
#: sm/certlist.c:166
msgid "certificate is not usable for encryption\n"
msgstr "Das Zertifikat kann nicht zum Verschlüsseln benutzt werden\n"
#: sm/certlist.c:167
msgid "certificate is not usable for signing\n"
msgstr "Das Zertifikat kann nicht zum Signieren benutzt werden\n"
#: sm/certreqgen.c:474
#, c-format
msgid "line %d: invalid algorithm\n"
msgstr "Zeile %d: Ungültiges Verfahren\n"
#: sm/certreqgen.c:487
#, c-format
msgid "line %d: invalid key length %u (valid are %d to %d)\n"
msgstr "Zeile %d: Ungültige Schlüssellänge %u (gültig Werte: %d bis %d)\n"
#: sm/certreqgen.c:505
#, c-format
msgid "line %d: no subject name given\n"
msgstr "Zeile %d: Kein Subject-Name angegeben\n"
#: sm/certreqgen.c:514
#, c-format
msgid "line %d: invalid subject name label `%.*s'\n"
msgstr "Zeile %d: ungültiger Subject-Name-Label `%.*s'\n"
#: sm/certreqgen.c:517
#, c-format
msgid "line %d: invalid subject name `%s' at pos %d\n"
msgstr "Zeile %d: ungültige Betreffbezeichnung `%s' in Spalte %d\n"
#: sm/certreqgen.c:534
#, c-format
msgid "line %d: not a valid email address\n"
msgstr "Zeile %d: Keine gültige E-Mailadresse\n"
#: sm/certreqgen.c:546
#, c-format
msgid "line %d: error reading key `%s' from card: %s\n"
msgstr "Zeile %d: Fehler beim Lesen des Schlüssels `%s' von der Karte: %s\n"
#: sm/certreqgen.c:558
#, c-format
msgid "line %d: error getting key by keygrip `%s': %s\n"
msgstr "Zeile %d: Fehler beim Holen des Schlüssels per \"Keygrip\" `%s': %s\n"
#: sm/certreqgen.c:574
#, c-format
msgid "line %d: key generation failed: %s <%s>\n"
msgstr "Zeile %d: Schlüsselerzeugung schlug fehl: %s <%s>\n"
#: sm/decrypt.c:324
msgid "(this is the RC2 algorithm)\n"
msgstr "(Dies ist der RC-2 Algorithmus)\n"
#: sm/decrypt.c:326
msgid "(this does not seem to be an encrypted message)\n"
msgstr "(dies is wahrscheinlich keine verschlüsselte Nachricht)\n"
#: sm/delete.c:50 sm/delete.c:101
#, c-format
msgid "certificate `%s' not found: %s\n"
msgstr "Zertifikat `%s' nicht gefunden: %s\n"
#: sm/delete.c:111 sm/keydb.c:1395 sm/keydb.c:1495
#, c-format
msgid "error locking keybox: %s\n"
msgstr "Fehler beim Sperren der Keybox: %s\n"
#: sm/delete.c:132
#, c-format
msgid "duplicated certificate `%s' deleted\n"
msgstr "Doppeltes Zertifikat `%s' gelöscht\n"
#: sm/delete.c:134
#, c-format
msgid "certificate `%s' deleted\n"
msgstr "Zertifikat `%s' gelöscht\n"
#: sm/delete.c:164
#, c-format
msgid "deleting certificate \"%s\" failed: %s\n"
msgstr "Fehler beim Löschen des Zertifikats \"%s\": %s\n"
#: sm/encrypt.c:332
msgid "no valid recipients given\n"
msgstr "Keine gültigen Empfänger angegeben\n"
#: sm/gpgsm.c:246
msgid "|[FILE]|make a signature"
msgstr "|[DATEI]|Erzeuge eine Signatur"
#: sm/gpgsm.c:247
msgid "|[FILE]|make a clear text signature"
msgstr "|[DATEI]|Erzeuge eine Klartextsignatur"
#: sm/gpgsm.c:255
msgid "list external keys"
msgstr "Externe Schlüssel anzeigen"
#: sm/gpgsm.c:257
msgid "list certificate chain"
msgstr "Schlüssel mit Zertifikatekette anzeigen"
#: sm/gpgsm.c:260
msgid "remove key from the public keyring"
msgstr "Schlüssel aus dem öffentlichen Schlüsselbund löschen"
#: sm/gpgsm.c:263
msgid "import certificates"
msgstr "Zertifikate importieren"
#: sm/gpgsm.c:264
msgid "export certificates"
msgstr "Zertifikate exportieren"
#: sm/gpgsm.c:265
msgid "register a smartcard"
msgstr "Smartcard registrieren"
#: sm/gpgsm.c:267
msgid "pass a command to the dirmngr"
msgstr "Das Kommand an den Dirmngr durchreichen"
#: sm/gpgsm.c:269
msgid "invoke gpg-protect-tool"
msgstr "Rufe das gpg-protect-tool auf"
#: sm/gpgsm.c:270
msgid "change a passphrase"
msgstr "Die Passphrase ändern"
#: sm/gpgsm.c:285
msgid "create base-64 encoded output"
msgstr "Ausgabe im Basis-64 format erzeugen"
#: sm/gpgsm.c:289
msgid "assume input is in PEM format"
msgstr "Eingabedaten sind im PEM Format"
#: sm/gpgsm.c:291
msgid "assume input is in base-64 format"
msgstr "Eingabedaten sind im Basis-64 Format"
#: sm/gpgsm.c:293
msgid "assume input is in binary format"
msgstr "Eingabedaten sind im Binärformat"
#: sm/gpgsm.c:298
msgid "use system's dirmngr if available"
msgstr "Benutze den System Dirmngr falls verfügbar"
#: sm/gpgsm.c:299
msgid "never consult a CRL"
msgstr "Niemals eine CRL konsultieren"
#: sm/gpgsm.c:306
msgid "check validity using OCSP"
msgstr "Die Gültigkeit mittels OCSP prüfen"
#: sm/gpgsm.c:311
msgid "|N|number of certificates to include"
msgstr "|N|Sende N Zertifikate mit"
#: sm/gpgsm.c:314
msgid "|FILE|take policy information from FILE"
msgstr "|DATEI|Richtlinieninformationen DATEI entnehmen"
#: sm/gpgsm.c:317
msgid "do not check certificate policies"
msgstr "Zertikikatrichtlinien nicht überprüfen"
#: sm/gpgsm.c:321
msgid "fetch missing issuer certificates"
msgstr "Fehlende Zertifikate automatisch holen"
#: sm/gpgsm.c:325
msgid "|NAME|use NAME as default recipient"
msgstr "|NAME|NAME als voreingestellten Empfänger benutzen"
#: sm/gpgsm.c:327
msgid "use the default key as default recipient"
msgstr ""
"Den Standardschlüssel als voreingestellten\n"
"Empfänger benutzen"
#: sm/gpgsm.c:344
msgid "don't use the terminal at all"
msgstr "das Terminal gar nicht benutzen"
#: sm/gpgsm.c:345
#, fuzzy
msgid "|FILE|write a server mode log to FILE"
msgstr "|DATEI|Schreibe im Servermodus Logs auf DATEI"
#: sm/gpgsm.c:347
#, fuzzy
msgid "|FILE|write an audit log to FILE"
msgstr "|DATEI|Schreibe im Servermodus Logs auf DATEI"
#: sm/gpgsm.c:349
msgid "force v3 signatures"
msgstr "v3 Signaturen erzwingen"
#: sm/gpgsm.c:350
msgid "always use a MDC for encryption"
msgstr "Beim Verschlüsseln ein Siegel (MDC) verwenden"
#: sm/gpgsm.c:355
msgid "batch mode: never ask"
msgstr "Stapelmodus: Keine Abfragen"
#: sm/gpgsm.c:356
msgid "assume yes on most questions"
msgstr "\"Ja\" als Standardantwort annehmen"
#: sm/gpgsm.c:357
msgid "assume no on most questions"
msgstr "\"Nein\" als Standardantwort annehmen"
#: sm/gpgsm.c:359
msgid "add this keyring to the list of keyrings"
msgstr "Als öffentlichen Schlüsselbund mitbenutzen"
#: sm/gpgsm.c:360
msgid "add this secret keyring to the list"
msgstr "Als geheimen Schlüsselbund mitbenutzen"
#: sm/gpgsm.c:361 tools/gpgconf-comp.c:645 tools/gpgconf-comp.c:707
msgid "|NAME|use NAME as default secret key"
msgstr "|NAME|NAME als voreingestellten Schlüssel benutzen"
#: sm/gpgsm.c:362
msgid "|HOST|use this keyserver to lookup keys"
msgstr "|HOST|Schlüssel bei diesem Server nachschlagen"
#: sm/gpgsm.c:363
msgid "|NAME|set terminal charset to NAME"
msgstr "|NAME|Terminalzeichensatz NAME benutzen"
#: sm/gpgsm.c:367
msgid "|LEVEL|set the debugging level to LEVEL"
msgstr "|NAME|Die Debugstufe auf NAME setzen"
#: sm/gpgsm.c:382
msgid "|FILE|load extension module FILE"
msgstr "|DATEI|Erweiterungsmodul DATEI laden"
#: sm/gpgsm.c:388
msgid "|NAME|use cipher algorithm NAME"
msgstr "|NAME|Verschlüsselungsverfahren NAME benutzen"
#: sm/gpgsm.c:390
msgid "|NAME|use message digest algorithm NAME"
msgstr "|NAME|Hashverfahren NAME benutzen"
#: sm/gpgsm.c:392
msgid "|N|use compress algorithm N"
msgstr "|N|Komprimierverfahren N benutzen"
#: sm/gpgsm.c:573
msgid "Usage: gpgsm [options] [files] (-h for help)"
msgstr "Aufruf: gpgsm [Optionen] [Dateien] (-h für Hilfe)"
#: sm/gpgsm.c:576
msgid ""
"Syntax: gpgsm [options] [files]\n"
"sign, check, encrypt or decrypt using the S/MIME protocol\n"
"default operation depends on the input data\n"
msgstr ""
"Syntax: gpgsm [Optionen] [Dateien]\n"
"Signieren, prüfen, ver- und entschlüsseln mittels S/MIME protocol\n"
#: sm/gpgsm.c:703
msgid "usage: gpgsm [options] "
msgstr "Aufruf: gpgsm [Optionen] "
#: sm/gpgsm.c:801
#, c-format
msgid "NOTE: won't be able to encrypt to `%s': %s\n"
msgstr "Hinweis: Verschlüsselung für `%s' wird nicht möglich sein: %s\n"
#: sm/gpgsm.c:812
#, c-format
msgid "unknown validation model `%s'\n"
msgstr "Unbekanntes Gültigkeitsmodell '%s'\n"
#: sm/gpgsm.c:1372
msgid "WARNING: running with faked system time: "
msgstr "WARNUNG: Ausführung mit gefälschter Systemzeit: "
#: sm/gpgsm.c:1468
#, c-format
msgid "importing common certificates `%s'\n"
msgstr "Importiere allgemeine Zertifikate: %s\n"
#: sm/gpgsm.c:1486
#, c-format
msgid "can't sign using `%s': %s\n"
msgstr "Signieren mit `%s' nicht möglich: %s\n"
#: sm/gpgsm.c:1686
msgid "this command has not yet been implemented\n"
msgstr "Dieser Befehl wurde noch nicht implementiert\n"
#: sm/import.c:109
#, c-format
msgid "total number processed: %lu\n"
msgstr "gesamte verarbeitete Anzahl: %lu\n"
#: sm/import.c:227
msgid "error storing certificate\n"
msgstr "Fehler beim speichern des Zertifikats\n"
#: sm/import.c:235
msgid "basic certificate checks failed - not imported\n"
msgstr "Grundlegende Zertifikatprüfungen fehlgeschlagen - nicht importiert\n"
#: sm/import.c:421 sm/import.c:453
#, c-format
msgid "error importing certificate: %s\n"
msgstr "Fehler beim Importieren des Zertifikats: %s\n"
#: sm/import.c:542 tools/gpg-connect-agent.c:1274
#, c-format
msgid "error reading input: %s\n"
msgstr "Fehler beim Lesen der Eingabe: %s\n"
#: sm/keydb.c:188
#, c-format
msgid "error creating keybox `%s': %s\n"
msgstr "Die \"Keybox\" `%s' konnte nicht erstellt werden: %s\n"
#: sm/keydb.c:191
msgid "you may want to start the gpg-agent first\n"
msgstr "Sie sollten zuerst den gpg-agent starten\n"
#: sm/keydb.c:196
#, c-format
msgid "keybox `%s' created\n"
msgstr "Die \"Keybox\" `%s' wurde erstellt\n"
#: sm/keydb.c:1310 sm/keydb.c:1378
msgid "failed to get the fingerprint\n"
msgstr "Kann den Fingerprint nicht ermitteln\n"
#: sm/keydb.c:1317 sm/keydb.c:1385
msgid "failed to allocate keyDB handle\n"
msgstr "Kann keinen KeyDB Handler bereitstellen\n"
#: sm/keydb.c:1338
#, c-format
msgid "problem looking for existing certificate: %s\n"
msgstr "Problem bei der Suche nach vorhandenem Zertifikat: %s\n"
#: sm/keydb.c:1346
#, c-format
msgid "error finding writable keyDB: %s\n"
msgstr "Fehler bei der Suche nach einer schreibbaren KeyDB: %s\n"
#: sm/keydb.c:1354
#, c-format
msgid "error storing certificate: %s\n"
msgstr "Fehler beim Speichern des Zertifikats: %s\n"
#: sm/keydb.c:1406
#, c-format
msgid "problem re-searching certificate: %s\n"
msgstr "Problem bei Wiederfinden des Zertifikats: %s\n"
#: sm/keydb.c:1415 sm/keydb.c:1507
#, c-format
msgid "error getting stored flags: %s\n"
msgstr "Fehler beim Holen der gespeicherten Flags: %s\n"
#: sm/keydb.c:1427 sm/keydb.c:1518
#, c-format
msgid "error storing flags: %s\n"
msgstr "Fehler beim Speichern der Flags: %s\n"
#: sm/misc.c:55
msgid "GPG_TTY has not been set - using maybe bogus default\n"
msgstr ""
"GPG_TTY wurde nicht gesetzt - ein (möglicherweise falscher) Standardwert "
"wird deshalb verwendet\n"
#: sm/qualified.c:105
#, c-format
msgid "invalid formatted fingerprint in `%s', line %d\n"
msgstr "Der Fingerabdruck in `%s', Zeile %d is fehlerhaft formatiert\n"
#: sm/qualified.c:123
#, c-format
msgid "invalid country code in `%s', line %d\n"
msgstr "Ungültiger Landescode in `%s', Zeile %d\n"
#: sm/qualified.c:200
#, c-format
msgid ""
"You are about to create a signature using your certificate:\n"
"\"%s\"\n"
"This will create a qualified signature by law equated to a handwritten "
"signature.\n"
"\n"
"%s%sAre you really sure that you want to do this?"
msgstr ""
"Sie sind dabei, eine Signatur mit dem Zertifikat:\n"
"\"%s\"\n"
"zu erzeugen. Dies wird eine qualifizierte Signatur erzeugen, \n"
"die gesetzlich einer handgeschriebenen gleichgestellt ist.\n"
"\n"
"%s%sSind Sie wirklich sicher, daß Sie dies möchten?"
#: sm/qualified.c:209 sm/verify.c:580
msgid ""
"Note, that this software is not officially approved to create or verify such "
"signatures.\n"
msgstr ""
"Bitte beachten Sie, daß diese Software nicht offiziell zur Erzeugung\n"
"oder Prüfung von qualifizierten Signaturen zugelassen ist.\n"
#: sm/qualified.c:277
#, c-format
msgid ""
"You are about to create a signature using your certificate:\n"
"\"%s\"\n"
"Note, that this certificate will NOT create a qualified signature!"
msgstr ""
"Sie sind dabei, eine Signatur mit dem Zertifikat:\n"
"\"%s\n"
"zu erzeugen. Bitte beachten Sie, daß dies KEINE qualifizierte\n"
"Signatur erzeugen wird."
#: sm/sign.c:445
#, c-format
msgid "checking for qualified certificate failed: %s\n"
msgstr "Prüfung auf ein qualifiziertes Zertifikats fehlgeschlagen: %s\n"
#: sm/verify.c:424
msgid "Signature made "
msgstr "Signatur erzeugt am "
#: sm/verify.c:428
msgid "[date not given]"
msgstr "[Datum nicht vorhanden]"
#: sm/verify.c:429
#, c-format
msgid " using certificate ID 0x%08lX\n"
msgstr " mittels Zertifikat ID 0x%08lX\n"
#: sm/verify.c:558
msgid "Good signature from"
msgstr "Korrekte Signatur von"
#: sm/verify.c:559
msgid " aka"
msgstr " alias"
#: sm/verify.c:577
msgid "This is a qualified signature\n"
msgstr "Dies ist eine qualifizierte Unterschrift.\n"
#: tools/gpg-connect-agent.c:67 tools/gpgconf.c:73 tools/symcryptrun.c:165
msgid "quiet"
msgstr "Weniger Ausgaben"
#: tools/gpg-connect-agent.c:68
msgid "print data out hex encoded"
msgstr "Druckdaten hexkodiert ausgeben"
#: tools/gpg-connect-agent.c:69
msgid "decode received data lines"
msgstr "Dekodiere empfangene Datenzeilen"
#: tools/gpg-connect-agent.c:70
msgid "|NAME|connect to Assuan socket NAME"
msgstr "|NAME|Verbinde mit dem Assuan-Socket NAME"
#: tools/gpg-connect-agent.c:71
msgid "run the Assuan server given on the command line"
msgstr "Starten des auf der Kommandozeile angegebenen Assuan-Server"
#: tools/gpg-connect-agent.c:73
msgid "do not use extended connect mode"
msgstr "Den \"extended connect\"-Modus nicht nutzen"
#: tools/gpg-connect-agent.c:74
#, fuzzy
msgid "|FILE|run commands from FILE on startup"
msgstr "|DATEI|Konfigurationsoptionen aus DATEI lesen"
#: tools/gpg-connect-agent.c:75
msgid "run /subst on startup"
msgstr ""
#: tools/gpg-connect-agent.c:174
msgid "Usage: gpg-connect-agent [options] (-h for help)"
msgstr "Aufruf: gpg-connect-agent [Optionen] (-h für Hilfe)"
#: tools/gpg-connect-agent.c:177
msgid ""
"Syntax: gpg-connect-agent [options]\n"
"Connect to a running agent and send commands\n"
msgstr ""
"Syntax: gpg-connect-agent [Optionen]\n"
"Mit einem laufenden Agenten verbinden und Befehle senden\n"
#: tools/gpg-connect-agent.c:1155
#, c-format
msgid "option \"%s\" requires a program and optional arguments\n"
msgstr "Option \"%s\" erfordert ein Programm und evtl. Argumente\n"
#: tools/gpg-connect-agent.c:1164
#, c-format
msgid "option \"%s\" ignored due to \"%s\"\n"
msgstr "Option \"%s\" wird wegen \"%s\" nicht beachtet\n"
#: tools/gpg-connect-agent.c:1219 tools/gpg-connect-agent.c:1645
#, c-format
msgid "receiving line failed: %s\n"
msgstr "Empfangen der Zeile schlug fehl: %s\n"
#: tools/gpg-connect-agent.c:1299
msgid "line too long - skipped\n"
msgstr "Zeile zu lang - übersprungen\n"
#: tools/gpg-connect-agent.c:1303
msgid "line shortened due to embedded Nul character\n"
msgstr "Zeile wegen enthaltenem Nul-Zeichen gekürzt\n"
#: tools/gpg-connect-agent.c:1619
#, c-format
msgid "unknown command `%s'\n"
msgstr "unbekannter Befehl `%s'\n"
#: tools/gpg-connect-agent.c:1637
#, c-format
msgid "sending line failed: %s\n"
msgstr "Senden der Zeile schlug fehl: %s\n"
#: tools/gpg-connect-agent.c:1986
#, c-format
msgid "error sending %s command: %s\n"
msgstr "Fehler beim Senden des %s-Befehls: %s\n"
#: tools/gpg-connect-agent.c:1995
#, c-format
msgid "error sending standard options: %s\n"
msgstr "Fehler beim Senden der Standardoptionen: %s\n"
#: tools/gpgconf-comp.c:459 tools/gpgconf-comp.c:563 tools/gpgconf-comp.c:630
#: tools/gpgconf-comp.c:692 tools/gpgconf-comp.c:773
msgid "Options controlling the diagnostic output"
msgstr "Optionen zur Einstellung Diagnoseausgaben"
#: tools/gpgconf-comp.c:472 tools/gpgconf-comp.c:576 tools/gpgconf-comp.c:643
#: tools/gpgconf-comp.c:705 tools/gpgconf-comp.c:796
msgid "Options controlling the configuration"
msgstr "Optionen zur Einstellung der Konfiguration"
#: tools/gpgconf-comp.c:482 tools/gpgconf-comp.c:601 tools/gpgconf-comp.c:656
#: tools/gpgconf-comp.c:724 tools/gpgconf-comp.c:803
msgid "Options useful for debugging"
msgstr "Nützliche Optionen zum Debuggen"
#: tools/gpgconf-comp.c:487 tools/gpgconf-comp.c:606 tools/gpgconf-comp.c:661
#: tools/gpgconf-comp.c:729 tools/gpgconf-comp.c:811
msgid "|FILE|write server mode logs to FILE"
msgstr "|DATEI|Schreibe im Servermodus Logs auf DATEI"
#: tools/gpgconf-comp.c:495 tools/gpgconf-comp.c:611 tools/gpgconf-comp.c:737
msgid "Options controlling the security"
msgstr "Optionen zur Einstellung der Sicherheit"
#: tools/gpgconf-comp.c:502
msgid "|N|expire SSH keys after N seconds"
msgstr "|N|lasse SSH Schlüssel im Cache nach N Sekunden verfallen"
#: tools/gpgconf-comp.c:506
msgid "|N|set maximum PIN cache lifetime to N seconds"
msgstr "|N|setze die maximale Lebensdauer von PINs im Cache auf N Sekunden"
#: tools/gpgconf-comp.c:510
msgid "|N|set maximum SSH key lifetime to N seconds"
msgstr "|N|setze die maximale Lebenszeit von SSH Schlüsseln auf N Sekunden"
#: tools/gpgconf-comp.c:524
msgid "Options enforcing a passphrase policy"
msgstr "Optionen für eien Passphrase-Policy"
#: tools/gpgconf-comp.c:527
msgid "do not allow to bypass the passphrase policy"
msgstr "Einhaltung der Passphrase-Policy erzwingen"
#: tools/gpgconf-comp.c:531
msgid "|N|set minimal required length for new passphrases to N"
msgstr "|N|setze die kleinste erlaubte Länge von Passphrasen auf N"
#: tools/gpgconf-comp.c:535
msgid "|N|require at least N non-alpha characters for a new passphrase"
msgstr "|N|Verlange mindestens N Nicht-Buchstaben für eine neue Passphrase"
#: tools/gpgconf-comp.c:539
msgid "|FILE|check new passphrases against pattern in FILE"
msgstr "|DATEI|Prüfe neue Passphrases gegen die Regelen in DATEI"
#: tools/gpgconf-comp.c:543
msgid "|N|expire the passphrase after N days"
msgstr "|N|Lasse die Passphrase nach N Tagen verfallen"
#: tools/gpgconf-comp.c:547
msgid "do not allow the reuse of old passphrases"
msgstr "Verbiete die Wiedernutzung alter Passphrases."
#: tools/gpgconf-comp.c:648 tools/gpgconf-comp.c:710
msgid "|NAME|encrypt to user ID NAME as well"
msgstr "|NAME|Auf an NAME verschlüsseln"
#: tools/gpgconf-comp.c:669
msgid "Configuration for Keyservers"
msgstr "Konfiguration der Schlüsselserver"
#: tools/gpgconf-comp.c:671
msgid "|URL|use keyserver at URL"
msgstr "Benutze Schlüsselserver unter der URL"
#: tools/gpgconf-comp.c:674
msgid "allow PKA lookups (DNS requests)"
msgstr "Erlaube PKA Zugriffe (DNS Anfragen)"
#: tools/gpgconf-comp.c:719
msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
msgstr "|NAME|Benutze die Kodierung NAME für PKCS#12 Passphrasen"
#: tools/gpgconf-comp.c:742
msgid "do not check CRLs for root certificates"
msgstr "CRL bei Wurzelzertifikaten nicht überprüfen"
#: tools/gpgconf-comp.c:786
msgid "Options controlling the format of the output"
msgstr "Optionen zum Einstellen der Ausgabeformate"
#: tools/gpgconf-comp.c:822
msgid "Options controlling the interactivity and enforcement"
msgstr "Optionen zur Einstellung der Interaktivität und Geltendmachung"
#: tools/gpgconf-comp.c:832
msgid "Configuration for HTTP servers"
msgstr "Konfiguration für HTTP Server"
#: tools/gpgconf-comp.c:843
msgid "use system's HTTP proxy setting"
msgstr "Benutze die HTTP Proxy Einstellung des Systems"
#: tools/gpgconf-comp.c:848
msgid "Configuration of LDAP servers to use"
msgstr "Konfiguration der zu nutzenden LDAP-Server"
#: tools/gpgconf-comp.c:885
msgid "Configuration for OCSP"
msgstr "Konfiguration zu OCSP"
#: tools/gpgconf-comp.c:3006
msgid "Note that group specifications are ignored\n"
msgstr "Beachten Sie, daß Gruppenspezifiaktionen ignoriert werden\n"
#: tools/gpgconf.c:58
msgid "list all components"
msgstr "Liste aller Komponenten"
#: tools/gpgconf.c:59
msgid "check all programs"
msgstr "Prüfe alle Programme"
#: tools/gpgconf.c:60
msgid "|COMPONENT|list options"
msgstr "|KOMPONENTE|Zeige die Optionen an"
#: tools/gpgconf.c:61
msgid "|COMPONENT|change options"
msgstr "|KOMPONENTE|Ändere die Optionen"
#: tools/gpgconf.c:63
msgid "apply global default values"
msgstr "Wende die gobalen Voreinstellungen an"
#: tools/gpgconf.c:65
#, fuzzy
msgid "list global configuration file"
msgstr "Prüfe die globale Konfigurationsdatei"
#: tools/gpgconf.c:67
msgid "check global configuration file"
msgstr "Prüfe die globale Konfigurationsdatei"
#: tools/gpgconf.c:71
msgid "use as output file"
msgstr "Als Ausgabedatei benutzen"
#: tools/gpgconf.c:75
msgid "activate changes at runtime, if possible"
msgstr "Aktiviere Änderungen zur Laufzeit; falls möglich"
#: tools/gpgconf.c:97
msgid "Usage: gpgconf [options] (-h for help)"
msgstr "Aufruf: gpgconf [Optionen] (-h für Hilfe)"
#: tools/gpgconf.c:100
msgid ""
"Syntax: gpgconf [options]\n"
"Manage configuration options for tools of the GnuPG system\n"
msgstr ""
"Syntax: gpgconf {Optionen]\n"
"Verwalte Konfigurationsoptionen für Programme des GnuPG Systems\n"
#: tools/gpgconf.c:202 tools/gpgconf.c:240
msgid "usage: gpgconf [options] "
msgstr "Aufruf: gpgconf [Optionen] "
#: tools/gpgconf.c:204
msgid "Need one component argument"
msgstr "Benötige ein Komponentenargument"
#: tools/gpgconf.c:213
msgid "Component not found"
msgstr "Komponente nicht gefunden"
#: tools/gpgconf.c:242
msgid "No argument allowed"
msgstr "Argumente sind nicht erlaubt"
#: tools/no-libgcrypt.c:30
#, c-format
msgid "error allocating enough memory: %s\n"
msgstr "Fehler beim Zuteilen genügenden Speichers: %s\n"
#: tools/symcryptrun.c:152
msgid ""
"@\n"
"Commands:\n"
" "
msgstr ""
"@\n"
"@KBefehle:\n"
" "
#: tools/symcryptrun.c:154
msgid "decryption modus"
msgstr "Entschlüsselungsmodus"
#: tools/symcryptrun.c:155
msgid "encryption modus"
msgstr "Verschlüsselungsmodus"
#: tools/symcryptrun.c:159
msgid "tool class (confucius)"
msgstr "Toolklasse (Konfuzius)"
#: tools/symcryptrun.c:160
msgid "program filename"
msgstr "Programmdateiname"
#: tools/symcryptrun.c:162
msgid "secret key file (required)"
msgstr "Dateiname des geheimen Schlüssels (erforderlich)"
#: tools/symcryptrun.c:163
msgid "input file name (default stdin)"
msgstr "Eingabedateiname (Standardeingabe ist voreingestellt)"
#: tools/symcryptrun.c:207
msgid "Usage: symcryptrun [options] (-h for help)"
msgstr "Aufruf: symcryptrun [Optionen] (-h für Hilfe)"
#: tools/symcryptrun.c:210
msgid ""
"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
"[options...] COMMAND [inputfile]\n"
"Call a simple symmetric encryption tool\n"
msgstr ""
"Syntax: symcryptrun --class KLASSE --program PROGRAMM --"
"keyfileSCHLUESSELDATEI [Optionen...] KOMMANDO [Eingabedatei]\n"
"Aufruf eines einfachen symmetrischen Verschlüsselungstool\n"
#: tools/symcryptrun.c:279
#, c-format
msgid "%s on %s aborted with status %i\n"
msgstr "%s auf %s brach mit Status %i ab\n"
#: tools/symcryptrun.c:286
#, c-format
msgid "%s on %s failed with status %i\n"
msgstr "%s auf %s schlug mit Status %i fehl\n"
#: tools/symcryptrun.c:312
#, c-format
msgid "can't create temporary directory `%s': %s\n"
msgstr "Das temporäre Verzeichnis `%s' kann nicht erstellt werden: %s\n"
#: tools/symcryptrun.c:352 tools/symcryptrun.c:369
#, c-format
msgid "could not open %s for writing: %s\n"
msgstr "%s kann nicht zum Schreiben geöffnet werden: %s\n"
#: tools/symcryptrun.c:380
#, c-format
msgid "error writing to %s: %s\n"
msgstr "Fehler beim Schreiben von %s: %s\n"
#: tools/symcryptrun.c:387
#, c-format
msgid "error reading from %s: %s\n"
msgstr "Fehler beim Lesen von %s: %s\n"
#: tools/symcryptrun.c:394 tools/symcryptrun.c:401
#, c-format
msgid "error closing %s: %s\n"
msgstr "Fehler beim Schliessen von %s: %s\n"
#: tools/symcryptrun.c:486
msgid "no --program option provided\n"
msgstr "Option --programm nicht angegeben\n"
#: tools/symcryptrun.c:492
msgid "only --decrypt and --encrypt are supported\n"
msgstr "nur --decrypt und --encrypt sind vorhanden\n"
#: tools/symcryptrun.c:498
msgid "no --keyfile option provided\n"
msgstr "keine --keyfile -Option angegeben\n"
#: tools/symcryptrun.c:509
msgid "cannot allocate args vector\n"
msgstr "Kann \"args-vector\" nicht zuteilen\n"
#: tools/symcryptrun.c:527
#, c-format
msgid "could not create pipe: %s\n"
msgstr "Pipe kann nicht erzeugt werden: %s\n"
#: tools/symcryptrun.c:534
#, c-format
msgid "could not create pty: %s\n"
msgstr "Pty kann nicht erzeugt werden: %s\n"
#: tools/symcryptrun.c:550
#, c-format
msgid "could not fork: %s\n"
msgstr "Kann nicht fork()en: %s\n"
#: tools/symcryptrun.c:578
#, c-format
msgid "execv failed: %s\n"
msgstr "Der execv()-Aufruf ist fehlgeschlagen: %s\n"
#: tools/symcryptrun.c:607
#, c-format
msgid "select failed: %s\n"
msgstr "Der select()-Aufruf ist fehlgeschlagen: %s\n"
#: tools/symcryptrun.c:624
#, c-format
msgid "read failed: %s\n"
msgstr "Lesen schlug fehl: %s\n"
#: tools/symcryptrun.c:676
#, c-format
msgid "pty read failed: %s\n"
msgstr "\"pty read\"-Aufruf ist fehlgeschlagen: %s\n"
#: tools/symcryptrun.c:728
#, c-format
msgid "waitpid failed: %s\n"
msgstr "Der waitpid()-Aufruf ist fehlgeschlagen: %s\n"
#: tools/symcryptrun.c:742
#, c-format
msgid "child aborted with status %i\n"
msgstr "Kind brach mit Status %i ab\n"
#: tools/symcryptrun.c:797
#, c-format
msgid "cannot allocate infile string: %s\n"
msgstr "Kann In-Datei-Zeichenkette keinen Speicher zuteilen: %s\n"
#: tools/symcryptrun.c:810
#, c-format
msgid "cannot allocate outfile string: %s\n"
msgstr "Kann Out-Datei-Zeichenkette keinen Speicher zuteilen: %s\n"
#: tools/symcryptrun.c:985
#, c-format
msgid "either %s or %s must be given\n"
msgstr "entweder %s oder %s muß angegeben sein\n"
#: tools/symcryptrun.c:1012
msgid "no class provided\n"
msgstr "keine Klasse angegeben\n"
#: tools/symcryptrun.c:1021
#, c-format
msgid "class %s is not supported\n"
msgstr "Klasse %s wird nicht unterstützt\n"
#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
#~ msgstr ""
#~ "Notationen können in einen v3- (PGP 2.x-artigen-) Schlüssel nicht "
#~ "eingetragen werden\n"
#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
#~ msgstr ""
#~ "Notationen können in eine v3 (PGP 2.x-artige) Schlüsselunterschrift nicht "
#~ "eingetragen werden\n"
#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
#~ msgstr ""
#~ "Eine Policy URL kann in einen v3 (PGP 2.x-artigen) Schlüssel nicht "
#~ "eingetragen werden\n"
# translated by wk
#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
#~ msgstr ""
#~ "Eine Policy URL kann in einem v3 Schlüssel(PGP 2.x artig) nicht "
#~ "gespeichert werden\n"
#, fuzzy
#~ msgid "shelll"
#~ msgstr "Schale"
#~ msgid "no running gpg-agent - starting one\n"
#~ msgstr "Kein aktiver gpg-agent - es wird einer gestarted\n"
#~ msgid "can't connect to the agent - trying fall back\n"
#~ msgstr ""
#~ "Verbindung zum gpg-agent nicht möglich - Ersatzmethode wird versucht\n"
#~ msgid "key generation is not available from the commandline\n"
#~ msgstr "Die Schlüsselerzeugung ist über die Kommandozeile nicht möglich\n"
#~ msgid "please use the script \"%s\" to generate a new key\n"
#~ msgstr ""
#~ "Bitte verwenden Sie das Skript \"%s\" zur Erzeugung eines neuen "
#~ "Schlüssels.\n"
#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
#~ msgstr ""
#~ "Verschlüsselungserweiterung `%s' wurde wegen unsicherer Zugriffsrechte "
#~ "nicht geladen\n"
#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
#~ msgstr "DSA benötigt einen 160-bit Hash Algorithmus\n"
diff --git a/tests/openpgp/ChangeLog b/tests/openpgp/ChangeLog
index 9e3b96a85..07a21357b 100644
--- a/tests/openpgp/ChangeLog
+++ b/tests/openpgp/ChangeLog
@@ -1,321 +1,326 @@
+2007-11-22 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (./gpg_dearmor): Add --homedir so that we don't
+ auto create a ~/.gnupg/. From Gentoo.
+
2007-10-25 Werner Koch <wk@g10code.com>
Add missing copyright notices to *.test.
2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
From 1.4 (July):
* defs.inc (all_cipher_algos): New function to return all ciphers.
* defs.inc (all_cipher_algos): New function to return all ciphers
we support. This is safer than the previous setup which could
hide that some ciphers weren't being tested. Plus, this
automatically tests any new ciphers libgcrypt supports.
(all_hash_algos): New.
* sigs.test: Use it here, and also test with >=160 bit hashes for
DSA2.
* conventional.test, encrypt.test, encrypt-dsa.test,
* conventional-mdc.test: Use it here.
2007-05-02 David Shaw <dshaw@jabberwocky.com>
* conventional.test, encrypt.test, encrypt-dsa.test,
conventional-mdc.test: Fix some broken tests that were only
testing 3DES instead of all available ciphers.
2007-03-04 David Shaw <dshaw@jabberwocky.com> (wk)
* verify.test: Use --allow-multiple-messages instead of
--allow-multisig-verification. Two clearsigs in a row counds as a
multiple-message test.
2006-11-16 Werner Koch <wk@g10code.com>
* Makefile.am (plain-large): Use gpg.texi instead of FAQ which
won't be found as it is not a source file. Pointed out by Moritz.
2006-10-04 Werner Koch <wk@g10code.com>
* signencrypt.test: Need to prepend srcdir to the file name
2006-09-27 Werner Koch <wk@g10code.com>
* signencrypt.test: Add a test for bug 537.
* bug537-test.data.asc: New. Taken from the BTS.
2006-08-21 Werner Koch <wk@g10code.com>
Copied tests from 1.4 and adjusted paths.
2006-04-19 David Shaw <dshaw@jabberwocky.com>
* sigs.test, mds.test: Add tests for SHA-224, SHA-384, and
SHA-512.
2006-04-11 Werner Koch <wk@g10code.com>
* armor.test: New.
2006-03-09 Werner Koch <wk@g10code.com>
* defs.inc: Removed Basishm by proper redirection.
2006-03-06 Werner Koch <wk@g10code.com>
* defs.inc: Print error messages also to stderr. Allow for
verbose environment variable.
(linefeed): New.
(suspend_error, resume_error): New.
* verify.test: More tests.
* multisig.test: Better error printing.
(sig_1ls1ls_valid, sig_ls_valid): Moved to the non-valid group.
2006-02-14 Werner Koch <wk@gnupg.org>
* verify.test: New.
2005-06-21 Werner Koch <wk@g10code.com>
* conventional.test (algos): Uhh ohh, cut+paste error and not
tested.
2005-06-02 Werner Koch <wk@g10code.com>
* conventional.test: have_cipher_algo now requires uppercase
algorithm names. Changed. Noted by John R. Shannon.
2004-02-09 David Shaw <dshaw@jabberwocky.com>
* clearsig.test, sigs.test: Properly detect RSA being missing, and
use the proper key for doing an RSA test.
2003-12-31 David Shaw <dshaw@jabberwocky.com>
* clearsig.test, conventional-mdc.test, conventional.test,
defs.inc, encrypt-dsa.test, encrypt.test, genkey1024.test,
plain-1.asc, plain-1-pgp.asc, plain-2.asc, plain-3.asc,
pubring.asc, secring.asc, sigs.test: Rework tests to work properly
with a gpg binary that doesn't have all ciphers and all pk algos.
Basically, we test for the ciphers we have, only test signing with
non-160-bit hashes with RSA (we test all hashes as hashes). Test
all key lengths of AES.
2003-12-05 David Shaw <dshaw@jabberwocky.com>
* Makefile.am: Reenable tests now that the Elgamal signature keys
are gone.
* defs.inc, pubring.asc, secring.asc, plain-1.asc, plain-2.asc,
plain-3.asc: Remove the old v3 Elgamal keys and replace with
RSA+Elgamal and RSA s+e.
2003-12-03 David Shaw <dshaw@jabberwocky.com>
* options: Remove emulate-md-encode-bug.
2003-11-27 Werner Koch <wk@gnupg.org>
* Makefile.am (TESTS): Temporary remove tests using ElG signatures.
2003-09-04 David Shaw <dshaw@jabberwocky.com>
* mds.test, sigs.test: Remove TIGER/192 and make SHA-256 optional
(since it might not be compiled in).
2003-07-10 David Shaw <dshaw@jabberwocky.com>
* Makefile.am: Add --no-permission-warning to avoid spurious
warning when importing demo keys.
2003-05-27 Werner Koch <wk@gnupg.org>
* Makefile.am (CLEANFILES): Add gpg.conf
2003-05-26 David Shaw <dshaw@jabberwocky.com>
* defs.inc (pgmname): Make sure there is a valid options
file. (From wk on stable branch)
* mds.test: Note that missing algorithms are not errors.
2003-04-23 David Shaw <dshaw@jabberwocky.com>
* Makefile.am, options.in: Rename options.in to options since it
no longer needs to be a generated file.
* sigs.test: TODO note to add the new SHAs when we start
generating them.
* mds.test: Test the new SHAs.
2002-05-10 Werner Koch <wk@gnupg.org>
* Makefile.am: Add gpg_dearmor to all targets where it is used.
Noted by Andreas Haumer.
2002-04-19 Werner Koch <wk@gnupg.org>
* signencrypt-dsa.test, sigs-dsa.test: Don't check with MD5 as
this is not valid with DSA signatures.
2001-12-22 Werner Koch <wk@gnupg.org>
* options.in: Add no-permission-warning.
2001-12-21 Werner Koch <wk@gnupg.org>
* Makefile.am (distclean-local): prefix mkdemodirs with srcdir
(DISTCLEANFILES): Add random_seed.
2001-12-19 Werner Koch <wk@gnupg.org>
* options.in: Remove load-extension tiger
* Makefile.am (./options): append it if there is such a module.
2001-10-23 Werner Koch <wk@gnupg.org>
* defs.inc, Makefile.am: Do not use $srcdir when invoking gpg.
Write the logfile to the current directory.
2001-09-28 Werner Koch <wk@gnupg.org>
* defs.inc: Write a log file for each test.
* run-gpg, run-gpgm, run-gpg.patterns: Removed. Replaced in all
tests by a simple macro from defs.inc.
* Makefile.am (CLEANFILES): Remove log files.
(./gpg_dearmor): create it and use it instead of the macro.
This is needed in multisig.test due to IFS tricks.
* armsignencrypt.test, signencrypt-dsa.test, signencrypt.test,
armencryptp.test, armencrypt.test, encryptp.test, seat.test,
encrypt-dsa.test, encrypt.test: Use --always-trust because the
test are not designed to check the validity.
2001-09-06 Werner Koch <wk@gnupg.org>
* genkey1024.test: Simplified by using a parameter file.
2001-05-30 Werner Koch <wk@gnupg.org>
* multisig.test (IFS): Reset IFS just before the test.
2001-04-30 Werner Koch <wk@gnupg.org>
* multisig.test: Add an set +x to avoid ksh problems
2001-04-28 Werner Koch <wk@gnupg.org>
* run-gpg.patterns: a v3 test key expired yesterday, suppress the
messages.
2001-03-27 Werner Koch <wk@gnupg.org>
* defs.inc: Removed creation of options file.
* options.in: New.
* Makefile.am: Create options file and fixed import of pubdemo.asc.
* run-gpg.patterns (gpg): Add some more patterns.
2001-03-20 Werner Koch <wk@gnupg.org>
* Makefile.am: Import the pubdemo.asc file
* sigs.test (hash_algo_list): s/tiger/tiger192/
2001-03-19 Werner Koch <wk@gnupg.org>
* mkdemodirs (GPGDEMO): Add --allow-secret-key-import to all gpg
invocations. Use echon -n instead of an argument with \c.
2001-02-12 Werner Koch <wk@gnupg.org>
* multisig.test: new
* Makefile.am (TESTS): Added.
2000-10-18 Werner Koch <wk@gnupg.org>
* conventional-mdc.test: Add Rijndael and fix for empty plain texts.
Thu Feb 10 17:39:44 CET 2000 Werner Koch <wk@gnupg.de>
* mkdemodirs: Fixed the --clean loop.
Thu Jan 13 19:31:58 CET 2000 Werner Koch <wk@gnupg.de>
* defs.inc (chdir): Removed becuase it is unsused an plain old sh
does not like this name. Reported by Alec Habig.
Tue Oct 26 20:02:23 1999 Werner Koch (wk@gnupg.org)
* Makefile.am (GPG_DEARMOR): New and use --no-options.
Tue Aug 31 17:20:44 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* defs.inc: set LC_ALL empty
Wed Aug 4 10:34:18 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* defs.inc (echo_n): New and used instead of /bin/echo "\c"
Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* mkdemodirs: New
* signdemokey: New.
* Makefile.am (distclean-local): New.
Wed Mar 17 13:09:03 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* mds.test: replaced the "echo -n"
Mon Mar 8 20:47:17 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* pubdemo.asc, secdemo.asc: New.
Fri Feb 19 15:49:15 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* genkey1024.test: Be really quiet.
1999-01-01 Geoff Keating <geoffk@ozemail.com.au>
* Makefile.am (CLEANFILES): Also delete trustdb and any leftover
lockfiles.
Fri Nov 27 15:30:24 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
* clearsig.test: Some more test cases.
Sun Oct 25 18:19:35 1998 Werner Koch (wk@isil.d.shuttle.de)
* mds.test: Check whether TIGER is available.
* sigs.tesr: Ditto.
Wed Sep 23 12:25:07 1998 Werner Koch (wk@isil.d.shuttle.de)
* run-gpg.patterns: New (because Solaris fgrep does not like -f -).
Mon Aug 10 21:33:38 1998 Werner Koch (wk@(none))
* genkey1024.test: Ariel fixed this.
Wed Jul 8 10:43:47 1998 Werner Koch (wk@isil.d.shuttle.de)
* seat.test: New.
Mon May 18 15:40:02 1998 Werner Koch (wk@isil.d.shuttle.de)
* Makefile.am: Now uses mk-tdata to produce random test data.
* ChangeLog: New.
Copyright 1998, 1999, 2000, 2001, 2007 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index cf32bb9b0..3bc6d9cb8 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -1,106 +1,106 @@
# Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# Process this file with automake to create Makefile.in
GPG_IMPORT = ../../g10/gpg2 --homedir . \
--quiet --yes --no-permission-warning --import
TESTS = version.test mds.test \
decrypt.test decrypt-dsa.test \
sigs.test sigs-dsa.test \
encrypt.test encrypt-dsa.test \
seat.test clearsig.test encryptp.test detach.test \
armsigs.test armencrypt.test armencryptp.test \
signencrypt.test signencrypt-dsa.test \
armsignencrypt.test armdetach.test \
armdetachm.test detachm.test genkey1024.test \
conventional.test conventional-mdc.test \
multisig.test verify.test armor.test
TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \
pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
gpg.conf.tmpl bug537-test.data.asc
DATA_FILES = data-500 data-9000 data-32000 data-80000 plain-large
EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \
mkdemodirs signdemokey
CLEANFILES = prepared.stamp x y yy z out err $(DATA_FILES) \
plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
*.test.log gpg_dearmor gpg.conf \
pubring.gpg secring.gpg pubring.pkr secring.skr
DISTCLEANFILES = pubring.gpg~ random_seed
all-local: prepared.stamp
distclean-local:
$(srcdir)/mkdemodirs --clean
prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \
./pubring.pkr ./secring.skr ./gpg_dearmor $(DATA_FILES)
$(GPG_IMPORT) $(srcdir)/pubdemo.asc
echo timestamp >./prepared.stamp
./gpg_dearmor:
echo '#!/bin/sh' >./gpg_dearmor
- echo "../../g10/gpg2 --no-options --no-greeting \
+ echo "../../g10/gpg2 --no-options --no-greeting --homedir . \
--no-secmem-warning --batch --dearmor" >>./gpg_dearmor
chmod 755 ./gpg_dearmor
./pubring.gpg: $(srcdir)/pubring.asc $(srcdir)/pubdemo.asc ./gpg_dearmor
./gpg_dearmor > ./pubring.gpg < $(srcdir)/pubring.asc
./secring.gpg: $(srcdir)/secring.asc ./gpg_dearmor
./gpg_dearmor > ./secring.gpg < $(srcdir)/secring.asc
./pubring.pkr: $(srcdir)/pubring.pkr.asc ./gpg_dearmor
./gpg_dearmor > ./pubring.pkr < $(srcdir)/pubring.pkr.asc
./secring.skr: $(srcdir)/secring.skr.asc ./gpg_dearmor
./gpg_dearmor > ./secring.skr < $(srcdir)/secring.skr.asc
./plain-1: $(srcdir)/plain-1o.asc ./gpg_dearmor
./gpg_dearmor > ./plain-1 < $(srcdir)/plain-1o.asc
./plain-2: $(srcdir)/plain-2o.asc ./gpg_dearmor
./gpg_dearmor > ./plain-2 < $(srcdir)/plain-2o.asc
./plain-3: $(srcdir)/plain-3o.asc ./gpg_dearmor
./gpg_dearmor > ./plain-3 < $(srcdir)/plain-3o.asc
data-500:
../../tools/mk-tdata 500 >data-500
data-9000:
../../tools/mk-tdata 9000 >data-9000
data-32000:
../../tools/mk-tdata 32000 >data-32000
data-80000:
../../tools/mk-tdata 80000 >data-80000
plain-large:
cat $(srcdir)/../../doc/HACKING \
$(srcdir)/../../doc/DETAILS \
$(srcdir)/../../doc/gpg.texi >plain-large
# To speed up key generation we create a dummy random seed file
random_seed:
../../tools/mk-tdata 600

File Metadata

Mime Type
text/x-diff
Expires
Sun, Jan 18, 11:31 PM (16 h, 16 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
b5/80/6d3106e070aee129795b57bab458

Event Timeline