Update copyright header.

[pwmd.git] / NEWS

PWMD v3.0.0
-----------
This version contains quite a few changes and enhancements. Please read the
example configuration file and the generated documentation in doc/pwmd.info,
after doing ./configure && make, for details since most commands and options
have changed.

You will need to convert your existing pwmd v2.x data file to the new format
by doing the following:

        $ pwmd --convert datafile -o newfile

then place "newfile" in ~/.pwmd/data. This will generate a new public and
private key pair (unless not using gpg-agent support by specifying --no-agent)
and prompt for the passphrase to use for protecting the secret key. The secret
portion of the key is stored in ~/.gnupg/private-keys-v1.d/ by gpg-agent.

Since pwmd now uses the gpg-agent for passphrase caching and key management by
default, this means smartcards are also supported. A "stub" of the secret key
is stored in the above mentioned key directory, but the secret portion of the
key is stored on the smartcard. To convert your existing data while encrypting
to an existing public key, pass the --keygrip option with --convert or
--import. You may also need to pass the --sign-keygrip, too. See the pwmd
manual for details.

The XML document is now cached in pwmd when the passphrase is cached in
gpg-agent. This is needed to prevent requiring a smartcard to be inserted for
each OPEN command. pwmd will operate on a copy of the cached document and
update the cached one after a SAVE. It is also much faster than having to
decrypt the data file during each OPEN although the cached document is still
encrypted, it is only encrypted with 1 iteration and with a generated key.

Ported to POSIX threads (pthreads).

Renamed error codes:
    PWMD_LIBXML_ERROR -> GPG_ERR_BAD_DATA
    PWMD_NO_FILE -> GPG_ERR_INV_STATE
    PWMD_FILE_MODIFIED -> GPG_ERR_CHECKSUM

Most commands now have an --inquire option to retrieve remaining non-option
arguments via a server inquire. This avoids the assuan line length limit for
longer element paths.

Added the PASSWD command to change the passphrase of a secret key or a
symmetrically encrypted key (SAVE --no-agent, or pwmd --no-agent).

Added the AGENT command to send a command directly to gpg-agent.

Added the GETINFO command to retrieve server details. This removes the
VERSION and GETPID commands.

Removed the CONFIG and KEEPALIVE status messages.

Added the NEWFILE status message to determine when the file OPEN'ed is a new
one.

Added ISCACHED --lock to lock the file mutex. This doesn't require an OPEN'd
file. It was added to prevent a race condition with another client accessing
the same file when one client needed to determine the cache status before the
OPEN.

Texinfo documentation.

Commands that normally returned GPG_ERR_NO_VALUE now return GPG_ERR_NO_DATA.

The --iterations command line, configuration and SAVE options have been renamed
to "s2k-count". The PASSWD command can be used to change this value for an
existing secret key.

The CLEARCACHE command returns an error when the file mutex associated with
the data file is locked by another client. Although an error is returned the
cached file is flagged for cache removal which will occur when the data file
mutex is released.

Added LIST --all to retrieve the entire element tree. Flags are appended to
each element path when this option is used. See the documentation for details.

The checksum is now a CRC32 checksum rather than a stat() of the ctime of the
data file.

The data file header is now packed so it can be used across architectures.

Can now listen for remote connections via TLS (IPv4 and IPv6) as well as the
local UNIX domain socket.

Added tests. Run them with 'make tests' in the tests/ directory.

More portable: *BSD, SunOS/Solaris/OpenSolaris, Android and Linux.

Removed the libglib-2.0 dependency.