This version adds
Pwmd::isQueued() to determine if a command is in the command or garbage collecting queue; adds
Pwmd::genkey() to make use of pwmd’s new
GENKEY command and finally adds
PwmdKeyGenDialog for generating a new encryption, signing and subkey.
PwmdSaveWidget can now delete a key from the keyring and has a couple expiry fixes. It also allows specifying only one signing key to adapt changes from pwmd.
This version adds pwmd_genkey() to make use of pwmd’s new
GENKEY command when used with a local pinentry. Also, the
.listkeys command now outputs a key’s keygrip as well as fingerprint.
This changes a few important things from beta1: The
SAVE command will no longer generate any keys even if the file is a new one. Instead, you should use the new
GENKEY command to generate a keypair, then provide the encryption and signing keyid’s to
SAVE. Or you can provide any other existing keyid’s.
A new command
GENKEY has been added. Use this to generate a new encryption, signing or subkey for use with the
SAVE command now only allows a single signer.
Added configuration parameter “
strict_open” to prevent clients from creating new data files.
DELETEKEY to delete a private key (and its’ subkeys).
DUMP command no longer requires a passing checksum test. This is to allow a client to dump what they have edited when the checksum fails do to another client modifying the data file or some other reason.
Added copy-on-write support. When two or more clients have the same data file open and one modifies the document, a copy of the document is made for the client. Otherwise a document pointer is shared among clients to save some memory. The first client to
SAVE the same document as another client “wins” and others will need to reopen the data file do to a checksum failure.
And… Happy New Year!
This is a beta version so users can test it out and submit patches for any (major) bug fixes, features and any other changes before the final 3.1.0 release. The major change in this release is the use of GpgME for all crypto operations and the removal of “literal” elements. When a “target” attribute is encounted for an element in an element path, the target is always followed. See NEWS for more changes in this release.
Download it here.
This version contains many changes to work with pwmd 3.1.0-beta1 and libpwmd 8.0.0 as well as a new Save dialog and other interface cleanups and rearrangements. Lots of stuff.
Download it here.
This version requires pwmd version 3.1.0-beta1 or later. Read the NEWS to see whats changed.
Download it here.
The master branch of pwmd has merged the no-literals branch and also fixes the CLEARCACHE command to clear gpg-agent cached keys among other things. This requires libgpgme >= 1.7.0 and gpg-agent >= 2.1.15 which are both still in development and haven’t been released yet. But you can still try things out by building from their git repositories.
Also added are two new special attributes expire and expire_increment. When the
GET command encounters an element with the expire attribute and the currrent time is greater than the attribute value, a new status message
STATUS_EXPIRE is sent. The expire_increment attribute is the number of seconds that the next
STORE command will increment the expire attribute by from the current time. So if you have set an expiry for an element and use a qpwmc shortcut to fetch element content with an expired element, you will be notified about it.
I’ve created a new branch for removal of literal element paths. This branch pretty much fixes recursion loops but has the problem that it can’t exactly mimic
find(1) output for elements with a target loop: the
LIST of the element path will stop at the node where the loop is detected which may really be in a child of the target node. For example, the pseudo-document:
a<TAB>b<TAB>c -> c
c<TAB>d -> a
LIST output. It will stop at
a->b->c with a target loop flag appended.
I’ve run into a couple of more bugs relating to handling of the
target attribute and recursion loops and have also recently learned about SQL relational object pointers which may be a canidate for replacing the
target attribute and XML database format entirely. The command syntax may be able to be kept the same with the exception of the
XPATHATTR commands. But SQL has easier searching syntax anyway.
Hopefully we should be able to use
sqlite3 since it can do in-memory databases and possibly faster than the XML database, too. We’ll see how it goes…
UPDATE: There is a project libsqlfs that utilizes sqlite’s VFS features as a fuse module. The fuse module itself isn’t very useful because fuse is Linux and *BSD (just looking at configure.ac) specific and not portable to other OS’s. Most filesystem operations can be done without the fuse parts with the exception (naturally) of symbolic links. I’ve got a somewhat working implementation of sqlfs_proc_realpath() that may be a suitable substitute for the
Since the VFS features of sqlite are being used, most commands will probably change to look and behave like shell commands:
UPDATE 2: Well, I don’t think SQLite is going to work as well as I thought. So I’m going to rewrite how the “target” attribute works by removing the notion of literal elements to simplify things. An element with a “target” attribute will work as usual, but a literal element — the element of the same name without a “target” attribute — will be non-existant. So if you remove an element that contains a “target” attribute, it will remove only that element and not the target element path. Kinda like removing a symbolic link on a filesystem. Remove the link and not the stuff the link points to. Thats the new plan. But things may of course change.
This version contains mostly fixes backported from the development branch of pwmd. Here’s the NEWS for this release:
The "tcp_require_key" configuration parameter will no longer clear the cache
entry for a data file. It will only try to decrypt it.
Do an fsync(2) on the data file directory after a SAVE as recommended by the
Only show regular files in the LS command and also be sure the OPEN'd file
is a regular one.
Disallow a new line character in an attribute value to prevent ATTR LIST
TLS-1.0 is now disabled by default.
Fixed handling of invalid group names in an ACL. They are ignored rather than
returning an error.
When using gpg-agent and the agent cached key has expired, return
GPG_ERR_KEY_EXPIRED rather than GPG_ERR_NO_DATA. This can make it easier to
determine why you are asked for a passphrase by reviewing a pwmd log. Note
that the "max-cache-ttl" gpg-agent configuration parameter also affects the
cache state for a data file.
A few minor bug fixes. See ChangeLog for details.
Download it here.