with their header files, it seems - insight from the tor project mailing
list).
And just so that the search engines can find it:
> In file included from ssh2pgp.c:39:
> /usr/include/arpa/inet.h:74: warning: 'struct in_addr' declared inside parameter list
> /usr/include/arpa/inet.h:74: warning: its scope is only this definition or declaration, which is probably not what you want
> /usr/include/arpa/inet.h:75: warning: 'struct in_addr' declared inside parameter list
> *** Error code 1
is fixed by including <netinet/in.h> before <arpa/inet.h> - found after a
long-distance debug session with Anthony Bentley - thanks!
Elgamal decryption code from Postgresql by Marko Kreen.
% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% netpgp -d < f.gpg > f.netpgp
netpgp: default key set to "d4a643c5"
signature 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
encryption 2048/Elgamal (Encrypt-Only) a97a7db6d727bc1e 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% ls -al f*
-rw-r--r-- 1 agc agc 5730 Nov 6 23:53 f
-rw------- 1 agc agc 1727 Nov 6 23:53 f.gpg
-rw-r--r-- 1 agc agc 5730 Nov 6 23:54 f.netpgp
% diff f f.netpgp
%
This makes DSA keys into first class citizens, since encryption and
decryption using DSA/Elgamal is now supported.
code is inspired by the (BSD-licensed) Elgamal crypto code in
Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead of
MPIs, and its keys have a completely different structure, so much has
changed.
% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% gpg -d f.gpg > f2
You need a passphrase to unlock the secret key for
user: "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 (main key ID D4A643C5)
gpg: encrypted with 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19
"Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
% diff f f2
% ls -al f*
-rw-r--r-- 1 agc agc 5730 Nov 6 05:40 f
-rw------- 1 agc agc 1727 Nov 6 05:40 f.gpg
-rw-r--r-- 1 agc agc 5730 Nov 6 05:41 f2
%
in the GNU autoconf infrastructure with ltmain.sh script - change all
occurrences of "$echo" to "$ECHO".
(Incidentally, this does not show up under pkgsrc, since pkgsrc uses
the platform's libtool instead of the script which comes with the
distribution)
``When netpgp thinks (even for a little while, even if it
should change its mind almost immediately) that it's
processing a detached signature, it sends a message to that
effect to io->outs.
This kind of interferes with "netpgp --cat" :)''
Use io->errs instead of io->outs for the informational message.
The patch fixes two problems when verifying a clearsigned message:
- a copy/paste error - "litdata" should be "cleartext"
- a use of an uninitialized variable, resulting in freeing
an uninitialized pointer on the stack... resulting in a segfault
+ add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
as specified in RFC 5581
+ add the camellia cipher implementation from openssl
initialisation. return an error if allocation failed.
modify symmetric key initialisation function signature to return an
indication of success or failure.
get rid of one-time typedef for function definitions; their indirection
does not add any extra insight, and just obfuscates the declarations.
Fixes an error reported by Anthony Bentley when compiling on OpenBSD,
which apparently lacks bzlib.h (and bz2).
Tests run to completion successfully both with and without bz2 being
available.
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.
+ when writing out the key as an ssh key, don't include the user id
information at the end, in-line with expectations about standard ssh
key formats
+ since the signing key changed its "menu line" entry from "pub" to
"signature", the offset of the key id moved 7 chars to the right, so
take this into consideration when generating new keys
by Oliver Gould in
http://www.olix0r.net/PubKeyAccessAuthScheme.txt
This implementation includes an example client and server program, but
is not (yet) hooked into the build.
To quote from Oliver's RFC:
HTTP services are a core Internet technology, yet the Digest
authentication scheme provided by RFC 2617 only describes
authentication by way of shared-secrets (i.e. passwords).
This model has operational drawbacks, as authenticating
services are required to have access to a user's secret (or a
hash thereof), or retrograde technologies, such as cookies,
are employed.
Similarly to SSH's "publickey" authentication method [RFC
4252], the PubKey Access Authentication scheme allows an HTTP
server to authenticate clients using public key credentials.
Like the Digest Access Authentication Scheme [RFC 2617], the
PubKey.v1 scheme is based on a simple challenge-response
paradigm. The PubKey scheme responds to unauthorized clients
with a challenge value; and a valid response contains a
cryptographic signature of client's id, the authentication
realm, and the server's challenge.
The client's secret never leaves the client. The server
verifies the client's signed authorization request with the
client's published public keys.
libpaa(3) uses libnetpgp(3) for its digital signatures, SHA1Init(3)
for digests, and base64 encoding for transmission of data.
+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias [-S file] for [--sshkeyfile file] to
netpgpkeys(1) and netpgp(1)
As far as ssh key file support goes, see the following example:
% cp configure a
% netpgp -S ~/.ssh/id_rsa.pub -e a
% netpgp -S ~/.ssh/id_rsa.pub -d a.gpg
Enter PEM pass phrase:
% ls -al a a.gpg
-rwxr-xr-x 1 agc agc 758398 Sep 7 05:38 a
-rw------- 1 agc agc 156886 Sep 7 05:38 a.gpg
%
in ssh format. In combination with hkpd (using ssh key files), this utility
can be used to distribute ssh pubkey files to remote computers using the
HKP protocol.
Add a C HKP client.
Provide reachover Makefiles for each, but do not hook them up to the build
just yet.
The HKP client and server can be embedded in other programs.
+ be smarter when checking for a null id
+ add test for rubbish being returned when listing specific keys in netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys
setoption() function, probably best to return one
+ check for a valid entry in the JSON array instead of trusting that
we have one
+ if there is no JSON value to print, don't print it
+ if we've set the keyring from an ssh key file, then we're using ssh
keys - no need to set that value separately. This means that
% netpgpkeys --sshkeyfile ~/.ssh/id_test.pub -l
1 key found
signature 2048/RSA (Encrypt or Sign) 8368881b3b9832ec 2010-08-26
Key fingerprint: 3abd bf38 33a5 1f87 d704 ad42 8368 881b 3b98 32ec
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/home/agc/.ssh/id_test.pub) <agc@osx-vm1.crowthorne.alistaircrooks.co.uk>
%
lists ssh pubkeys properly, no need for other tautological arguments
+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1)
+ add some small preparations for using the first subkey for encryption
(much more to follow)
+ recognise ascii-armoured encrypted messages properly, in memory and
in files
+ print error message and exit for now when trying to encrypt with a DSA key
+ fix bug reported by dyoung when trying to print out the encryption key
fingerprint
we're ELF now, and there are many missing checks against OBJECT_FMT.
if we ever consider switching, the we can figure out what new ones
we need but for now it's just clutter.
this doesn't remove any of the support for exec_aout or any actually
required-for-boot a.out support, only the ability to build a netbsd
release in a.out format. ie, most of this code has been dead for
over a decade.
i've tested builds on vax, amd64, i386, mac68k, macppc, sparc, atari,
amiga, shark, cats, dreamcast, landisk, mmeye and x68k. this covers
the 5 MACHINE_ARCH's affected, and all the other arch code touched.
it also includes some actual run-time testing of sparc, i386 and
shark, and i performed binary comparison upon amiga and x68k as well.
some minor details relevant:
- move shlib.[ch] from ld.aout_so into ldconfig proper, and cut them
down to only the parts ldconfig needs
- remove various unused source files
- switch amiga bootblocks to using elf2bb.h instead of aout2bb.h
+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
older hexdump function from openpgpsdk
+ pass hash type down from command line where needed
+ add test for netpgp/ssh key fingerprint matching
+ make netpgpkeys(1) take a --hash= option
With these changes, netpgp can be made to generate the same fingerprint as
openssh (by default, ssh-keygen(1) uses an md5 digest)
% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5
1 key
pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11
Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>
% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b /etc/ssh/ssh_host_rsa_key.pub (RSA)
%
Changes since 3.99.2:
+ avoid possible free() of new value passed to netpgp_setvar(),
with thanks to Anon Ymous.
+ netpgpkeys(1): print keys to stdout, not stderr - reported by Anon
Ymous.
+ fix DSA signatures and verification
+ simplify and shorten the internals of packet processing by getting rid of
the intermediate pseudo-abstraction layer, which detracted from understanding
and had no benefit whatsoever. Rename some enums and some definitions.
+ add some checking to new key generation, and don't try to read in
the keys after writing them - reported by Tyler Retzlaff
don't try to re-read the key after writing it - that's done by a separate
function. Problem found by Tyler Retzlaff, fixed in a different way.
check that keyrings are non-NULL before attempting to free them - from a
nudge by Tyler Retzlaff.
advance its counter if it's non-NULL.
Regression test for this is:
netpgpkeys --list-key '\.de\>'
with my standard keyring (to list all keys which have at least one subuid
with a German email address).
verify functionality was useful, but the time has come to learn lessons
and move on.
Replace the trimmed down code with a call to the verification code from
libnetpgp(3).
The DSA algorithm seems to require a digest value which is 20 bytes
long, which kind of implies SHA-1.
If we have a DSA signature, use SHA-1 as a hash algorithm, for backwards
compatibility. RSA signatures continue to use SHA256 by default, although
this can be given as an argument, if desired.
This fixes DSA signatures with netpgp:
% netpgp --sign --userid d4a643c5 a
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% netpgp --verify a.gpg
Good signature for a.gpg made Tue May 18 05:41:25 2010
using DSA key 8222c3ecd4a643c5
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
%
change the pre-defined stdio streams to be denoted by "<stdout>" and
"<stderr>", to distinguish them from file names.
In netpgpkeys(1), send the default "res" (results) stream to stdout,
rather than stderr. Requested by Anon Ymous (and makes perfect sense).
the event that a reference to the value is passed to the
netpgp_setvar() function as the new value. Problem noted, cause
detected, and most of the fix contributed by, Anon Ymous. Thanks!
get rid of all traces of dmalloc - it's not used anymore. we can now g/c
initialisation functions which do not do anything.
also get rid of the pkeyid() functions, which just prints a
hexadecimal string
a detached armoured signature, as well as just a plain standard signed
file.
This is in response to PR 43245 from Juan RP, and addresses the
verification of detached armoured signatures, but in a different way
to the patch provided in the PR which is hopefully more generic, and
less reliant upon size of detached signature files.
in our SSH client and daemon as it causes crashes on architectures which
strict aligment requirements (e.g. NetBSD/sparc64).
This fixes PR bin/43221 by myself.
Changes to 3.99.1/20100413
+ bump major command versions to be compatible with shlib major
+ fixed a number of bugs in (RSA) key generation
+ modified netpgpkeys(1) to take an optional argument to --generate-key
if the argument is provided, it is used as the equivalent of the gecos
field for the newly-generated key.
BIGNUM fields - part of long-standing bug inherited from openpgpsdk.
Part of the fix for PR 42435 from Jukka Ruohonen.
Also pass the desired hash algorithm down, so that SHA1 is no longer
hardcoded.
handshake_dgst[] may be used without being allocated, causing NULL
pointer dereference.
Fix by checking that handshake_dgst is not NULL before use.
Reported to openssl as ticket openssl.org #2214.
Fix tested on netbsd-5 by Luke Mewburn with apache, and by me with
freeradius (fixing segmentation fault in both cases).
from http://www.openssl.org/news/secadv_20100324.txt:
"In TLS connections, certain incorrectly formatted records can cause an OpenSSL
client or server to crash due to a read attempt at NULL".
+ make subkey sigs available by hkp as well as on the command line
+ use the sketchily-defined vindex option to the hkp protocol to
return the subkey signature information
+ add a netpgp_unsetvar() function as a corollary to netpgp_setvar()
+ use a variable name of ''subkey sigs'' to denote that subkey
signatures should be returned with the pubkey uids
+ add a man page for hkpd(8)
+ add support for ipv6 as well as ipv4. individual families can be specified
on the command line using the -f argument. default to inet4 and inet6.
+ rationalise the process of getting a socket and binding to it for hkpd.
+ add functionality to parse basic signature subkeys
+ in doing so, add expiration of keys
+ at the same time, add revocation of keys
+ recognise the primary user id, and use it when displaying user ids
+ recognise self signed keys and subkeys
+ rework the indentation of output
+ add the --list-sigs [userid] option to netpgpkeys(1)
+ use memcmp(3) rather than strcmp(3) when checking binary user ids to
be exported
+ add expiration display to subkey signature output
+ update libnetpgp library version major number to 3
Changes to 1.99.20/20100304
+ move args to some functions around to be consistent
+ use uint*_t where appropriate
+ fix bug in verify memory
+ add documentation to manual pages to show how to do combined
signing/encryption and decryption/verification
+ make verification of ascii-armoured memory work the same as binary
+ eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc
PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for
newer linux platforms with glibc 2.10.1. solved a bit differently, by
implementing strdup(3) and strcasecmp(3) independently, and using regexps
to avoid calling strptime(3).
discontinued draft for hkp servers, in lieu of any official rfc.
the post method for adding keys to the server has not been implemented.
not until i've gone through all of the implications, anyway.
hkp servers serve up pgp public keys over http. the default port is 11371,
but it can be any port, specifiable at run time. whilst this hkpd will
return valid html to browsers, it is aimed at the ''machine readable''
side, using the ''&options=mr'' option to the http get string.
this hkpd server will get hooked into the build at a later date.
+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!)
+ make the singular of time units read correctly
+ print decryption key info properly when prompting for passphrase
small steps, but lots of them - this is the first one.
+ print out the correct key information when signing files and memory.
what used to be printed out was the copy of the public key which is
stored as part of the private key(!). does not address the info shown
when decrypting, since that is done in a different way, by callback.
this whole part needs to be re-written, but will have to wait for two
good hands.
Changes to 1.99.17/20100208
+ get rid of last 2 static variables - use the __ops_printstate_t struct
passed down, and add the indent variable here too
+ get rid of 3 occurrences in reader.c where an automatic buffer was
addressed (as part of a subsequent callback) by a struct field from
a calling scope, and only valid within the callback. Found by
Flexelint and phk - many thanks.
+ print filename/"memory" when time problems occur when validating signatures
+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
packets would cause a SIGSEGV
+ add duration arg to netpgp(1), and check for validity when verifying
signatures
+ add birthtime arg to netpgp(1), and check for validity when verifying
signatures
+ add netpgp commands to print pubkey, if desired
+ allow the passphrase for the signature to be taken from --pass-fd
+ get rid of static indent value when printing packet contents
+ print signature validity times when verifying a file's signature
instead of depending on the existance of struct winsize. Technically I should
bump the library version or version the symbol, but nothing seems to use this
outside the library!
it's "an OS dependent, generated file" configured for the target NetBSD
as noted in itself. Instead, include <roken-common.h>
(which is included from generated <roken.h> and required
for TRUE and fALSE definitions) and "nbtool_config.h" on tools build.
Fixes PR toolchain/41435 and makes cross build on Cygwin-1.7 work.
No particular comments in the PR.
commands with no file arguments, as input will now be taken from stdin,
and output will go to stdout, if no file arguments are given on the
command line.
+ some ssh host keys do not have the username of the generator included
in the key itself. If there is no username in there, create one.
+ added netpgp_encrypt_memory() and netpgp_decrypt_memory()
+ overhaul netpgp(1) to work with stdin/stdout if no filenames specified:
% netpgp --encrypt < a | netpgp --decrypt > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
% diff a b
% ls -al a b
-rw-r--r-- 1 agc agc 15243 Dec 20 08:55 a
-rw-r--r-- 1 agc agc 15243 Dec 21 17:15 b
%
% netpgp --sign < a | netpgp --cat > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
Good signature for <stdin> made Mon Dec 21 18:25:02 2009
using RSA (Encrypt or Sign) key 1b68dcfcc0596823
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair@hockley-crooks.com>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com>
%
+ add explanations of memory-based operations to manual pages
Apart from infrastructure changes, there are the following functional ones:
+ Update to version 20091210
+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring. If no
pattern is specified to match, then all keys are returned.
+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library
+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable. This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library
+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file
+ autoconf infrastructure changes
+ take a hammer to the _GNU_SOURCE definitions problems
+ don't rely on strnlen(3) being present everywhere
specified.
+ The internal variable "sshetcdir" has been renamed to "sshkeydir"
+ When matching the text fields in the username, use an ICASE, NOSUB, EXTENDED
regular expression. This allows more advanced ways of searching, such as:
% netpgpkeys --list-keys '\.de\>'
to find all the keys in the default keyring which have an email address
in Germany. This is actually surprisingly useful.
These keys can be used in the same way as normal PGP keys - to sign, verify,
encrypt and decrypt files and data.
% cp configure a
% sudo netpgp --ssh-keys --sign --userid 1e00404a a
Password:
pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
% sudo chmod 644 a.gpg
% netpgp --ssh-keys --verify a.gpg
netpgp: default key set to "C0596823"
can't open '/etc/ssh/ssh_host_rsa_key'
Good signature for a.gpg made Fri Dec 4 23:04:36 2009
using RSA (Encrypt or Sign) key 040180871e00404a
pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11
Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>
% uname -a
NetBSD osx-vm1.crowthorne.alistaircrooks.co.uk 5.99.20 NetBSD 5.99.20 (ISCSI) #0: Wed Oct 7 17:16:33 PDT 2009 agc@osx-vm1.crowthorne.alistaircrooks.co.uk:/usr/obj/i386/usr/src/sys/arch/i386/compile/ISCSI i386
%
The ssh host keys do not need to be manipulated in any way - the information
is read from existing files.
racoon uses a wrong IPsec-SA handle that is for other peer in case it
receives a ISAKMP message for IPsec-SA that has the same message-id as
the message-id that is received before.
racoon uses message-id to find the handle of IPsec-SA. The message-id
is a unique number for each peer, but different peers may use the same
value.
Different Windows Vista or Windows 7 peers seem to use the same
message-id. racoon can handle the first Windows's Phase-2, but it
cannot handle the second Windows. Because racoon misunderstands the
message for the second Windows as the message for the first Windows.
>Category: bin
>Synopsis: racoon uses a wrong IPsec-SA that is for different peer
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Nov 22 18:25:00 +0000 2009
>Originator: yasuoka@iij.ad.jp
the write function stack for the body of the message as well as the
headers.
This means that an ascii-armoured signed file created by netpgp conforms
to RFC 4880 (and 2440, thanks, moof[1]), and can be verified by gpg now, as
well as netpgp.
[1] Are there any other RFCs which are superceded by their double?
+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions
