User-level changes:
==================
- libgpgme is not used anymore; it is replaced by a built-in piece of code called OpenPGP-SDK
(http://openpgp.nominet.org.uk/cgi-bin/trac.cgi) that was improved to be used by RetroShare
for handling PGP keys.
- the gnupg keyring is not used anymore. Now, RetroShare has it's own gpg keyring, shared by all instances.
On linux it's located in ~/.retroshare/pgp/. A lock system prevents multiple locations to read/write keyrings
simultaneously.
- the trust database from gnupg is not documented, so RetroShare cannot import it. This comes from the fact that
the GPG standard (RFC4880) asks explicitly not to export trust information. So RetroShare has it's own
trust DB shared by locations. This means you need to re-trust people. Sorry for that!
- at start, if no keyring is found, RS will propose to copy the gnupg keyring to use your existing keys. Clicking on
"OK" will do the copy, and you should find back all existing locations, except for DSA keys.
- locations for which the suitable keypair is not in the keyring will not be displayed in the login window
- locations for which the suitable keypair is not a RSA/RSA key will not be displayed. RetroShare does not
support DSA/Elgamal keypairs yet.
- a key import/export exchange function has been added in the certificate creation window (you go there from the login
window by clicking on "manage keys/locations". This allows to easily create a new location with the same pgp key on
another computer. To obtain a suitable keypair using gnupg, you need to concatenate the encrypted private key and the
public key into an ascii file. This can be done using:
gpg -a --export-secret-keys [your ID] > mykey.asc
gpg -a --export [your ID] >> mykey.asc
- importing a key with subkeys in not yet possible. Please remove subkeys before importing.
- The code has been tested for a reasonnable amount of time, but it's not possible to prevent some new bugs
to appear. Please report them asap supplying: call-stacks if possible, and terminal output. In particular,
openpgp has some assert()'s that should not be triggered unless RetroShare is calling it in an improper way.
Internal changes
================
- a specific component, PGPHandler, takes care of the interface between openpgp-sdk and RetroShare
openpgp-sdk is c-code, with it's own memory management, which has been kept well separated from
RetroShare.
- GPG Ids are now a specific class (not a std::string anymore) for code consistency reasons. As strings are
still used in many places, this requires a few conversions. In particular, AuthGPG takes strings as
function params and calls GPGHandler with the proper PGPIdType class. In the future, RetroShare should
only use PGPIdType. The same will be done for SSL ids.
- signature cleaning is still handled by the Retroshare built-in function, not by openpgp, but we will
do this later.
Still to do
===========
- DSA needs subkey handling, since the encryption is performed by a Elgamal subkey. Not sure this will be done.
- GPGIds/SSLIds cleaning (meaning replace strings by appropriate types). Lots of confusion throughout the code in retroshare-gui in particular.
- key removal from keyring. This is a challenge to keep locations synchronised.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5293 b45a01b8-16f6-495d-af2f-9b41ad6348cc
* fixed utf8 in dropping links to channels
* fixed pasting cert links in the friend list
* added code to allow pasting GPG certificates missing a newline at the end.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5064 b45a01b8-16f6-495d-af2f-9b41ad6348cc
- added checkbox in ConfCertDialog to allow adding/removing signatures
- enabled again key signature button in friend wizard
- RS cert links now use small keys.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@4836 b45a01b8-16f6-495d-af2f-9b41ad6348cc
- set default of the signature checkbox in ConnectFriendWizard to disabled
- set the initial option for the download directory to network wide only
- set the default of a new shared directory to network wide
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@4578 b45a01b8-16f6-495d-af2f-9b41ad6348cc
* Switched ServerPage to use netMode, rather than tryNetMode. This fixes the Network Status.
* Added "Advanced Mode" to Settings GeneralPage.
* Store / Set Advanced Mode via rsConfig::get/setConfigurationOptions.
* removed %0D%0A from Linux / OSX emails - made it Windows Only.
* updated GetStartedDialog text.
* updated Dht and Nat Indicators to accurately reflect Network status. Roughly:
- DHT. Off: gray, ERROR: red, NO RS PEERS: yellow, GOOD: green.
- NAT. Offline: gray, BAD NET: red, NO DHT, or FIREWALLED: yellow, GOOD: green
* disable GetStartedDialog is AdvancedMode is set.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@4502 b45a01b8-16f6-495d-af2f-9b41ad6348cc
The existing gpg keys and locations with umlauts are now shown wrong. The changes are not backward compatible.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@4460 b45a01b8-16f6-495d-af2f-9b41ad6348cc
Added new button in ConnectFriendWizard for cleaning the certificate.
Fixed cleaning:
- added blank line after the armor header
- moved the checksum to a new line
Recompile of the GUI needed.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@4134 b45a01b8-16f6-495d-af2f-9b41ad6348cc
Changed the usage of RsPeerDetails.validLvl to RsPeerDetails.trustLvl for the display in the column "Did I authenticated peer" in NetworkDialog.
Added an icon to the MessageBox of the NotifySysMessage.
Fixed german language.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3926 b45a01b8-16f6-495d-af2f-9b41ad6348cc
