projects
/
apps
/
madmutt.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
move rfc2047.c into lib-mime, reindent it.
[apps/madmutt.git]
/
pgp.c
diff --git
a/pgp.c
b/pgp.c
index
5580c69
..
a17b481
100644
(file)
--- a/
pgp.c
+++ b/
pgp.c
@@
-21,19
+21,22
@@
# include "config.h"
#endif
# include "config.h"
#endif
+#include <lib-lib/mem.h>
+#include <lib-lib/ascii.h>
+#include <lib-lib/str.h>
+#include <lib-lib/macros.h>
+#include <lib-lib/file.h>
+
+#include <lib-mime/mime.h>
+
#include "mutt.h"
#include "enter.h"
#include "mutt.h"
#include "enter.h"
-#include "ascii.h"
#include "handler.h"
#include "mutt_curses.h"
#include "pgp.h"
#include "handler.h"
#include "mutt_curses.h"
#include "pgp.h"
-#include "mime.h"
#include "copy.h"
#include "attach.h"
#include "copy.h"
#include "attach.h"
-#include "lib/mem.h"
-#include "lib/intl.h"
-#include "lib/str.h"
#include "lib/debug.h"
#include <sys/wait.h>
#include "lib/debug.h"
#include <sys/wait.h>
@@
-67,7
+70,7
@@
time_t PgpExptime = 0; /* when does the cached passphrase expire? */
void pgp_void_passphrase (void)
{
void pgp_void_passphrase (void)
{
-
memset (PgpPass, 0, sizeof
(PgpPass));
+
p_clear(PgpPass, sizeof
(PgpPass));
PgpExptime = 0;
}
PgpExptime = 0;
}
@@
-109,14
+112,8
@@
int pgp_use_gpg_agent (void) {
if (!option (OPTUSEGPGAGENT) || !getenv ("GPG_AGENT_INFO"))
return 0;
if (!option (OPTUSEGPGAGENT) || !getenv ("GPG_AGENT_INFO"))
return 0;
- if ((tty = ttyname(0))) {
- char tmp[SHORT_STRING];
- snprintf (tmp, sizeof (tmp), "GPG_TTY=%s", tty);
- putenv (tmp);
-#if 0
- setenv("GPG_TTY", tty, 0);
-#endif
- }
+ if ((tty = ttyname(0)))
+ setenv ("GPG_TTY", tty, 0);
return 1;
}
return 1;
}
@@
-167,7
+164,7
@@
static int pgp_copy_checksig (FILE * fpin, FILE * fpout)
fputs (line, fpout);
fputc ('\n', fpout);
}
fputs (line, fpout);
fputc ('\n', fpout);
}
-
mem_free
(&line);
+
p_delete
(&line);
}
else {
debug_print (2, ("No pattern.\n"));
}
else {
debug_print (2, ("No pattern.\n"));
@@
-211,11
+208,11
@@
static void pgp_copy_clearsigned (FILE * fpin, STATE * s, char *charset)
continue;
}
continue;
}
- if (
str_cmp
(buf, "-----BEGIN PGP SIGNATURE-----\n") == 0)
+ if (
m_strcmp
(buf, "-----BEGIN PGP SIGNATURE-----\n") == 0)
break;
if (armor_header) {
break;
if (armor_header) {
- char *p =
str_skip_initws
(buf);
+ char *p =
vskipspaces
(buf);
if (*p == '\0')
armor_header = 0;
if (*p == '\0')
armor_header = 0;
@@
-239,11
+236,13
@@
static void pgp_copy_clearsigned (FILE * fpin, STATE * s, char *charset)
int pgp_application_pgp_handler (BODY * m, STATE * s)
{
int pgp_application_pgp_handler (BODY * m, STATE * s)
{
+ int could_not_decrypt = 0;
int needpass = -1, pgp_keyblock = 0;
int c = 1;
int clearsign = 0, rv, rc;
long start_pos = 0;
int needpass = -1, pgp_keyblock = 0;
int c = 1;
int clearsign = 0, rv, rc;
long start_pos = 0;
- long bytes, last_pos, offset;
+ long bytes;
+ off_t last_pos, offset;
char buf[HUGE_STRING];
char outfile[_POSIX_PATH_MAX];
char tmpfname[_POSIX_PATH_MAX];
char buf[HUGE_STRING];
char outfile[_POSIX_PATH_MAX];
char tmpfname[_POSIX_PATH_MAX];
@@
-260,29
+259,29
@@
int pgp_application_pgp_handler (BODY * m, STATE * s)
rc = 0; /* silence false compiler warning if (s->flags & M_DISPLAY) */
rc = 0; /* silence false compiler warning if (s->flags & M_DISPLAY) */
- fseek (s->fpin, m->offset, 0);
+ fseek
o
(s->fpin, m->offset, 0);
last_pos = m->offset;
for (bytes = m->length; bytes > 0;) {
if (fgets (buf, sizeof (buf), s->fpin) == NULL)
break;
last_pos = m->offset;
for (bytes = m->length; bytes > 0;) {
if (fgets (buf, sizeof (buf), s->fpin) == NULL)
break;
- offset = ftell (s->fpin);
- bytes -= (offset - last_pos); /* don't rely on
str_
len(buf) */
+ offset = ftell
o
(s->fpin);
+ bytes -= (offset - last_pos); /* don't rely on
m_str
len(buf) */
last_pos = offset;
last_pos = offset;
- if (
str_ncmp
("-----BEGIN PGP ", buf, 15) == 0) {
+ if (
m_strncmp
("-----BEGIN PGP ", buf, 15) == 0) {
clearsign = 0;
start_pos = last_pos;
clearsign = 0;
start_pos = last_pos;
- if (
str_cmp
("MESSAGE-----\n", buf + 15) == 0)
+ if (
m_strcmp
("MESSAGE-----\n", buf + 15) == 0)
needpass = 1;
needpass = 1;
- else if (
str_cmp
("SIGNED MESSAGE-----\n", buf + 15) == 0) {
+ else if (
m_strcmp
("SIGNED MESSAGE-----\n", buf + 15) == 0) {
clearsign = 1;
needpass = 0;
}
else if (!option (OPTDONTHANDLEPGPKEYS) &&
clearsign = 1;
needpass = 0;
}
else if (!option (OPTDONTHANDLEPGPKEYS) &&
-
str_cmp
("PUBLIC KEY BLOCK-----\n", buf + 15) == 0) {
+
m_strcmp
("PUBLIC KEY BLOCK-----\n", buf + 15) == 0) {
needpass = 0;
pgp_keyblock = 1;
}
needpass = 0;
pgp_keyblock = 1;
}
@@
-305,17
+304,17
@@
int pgp_application_pgp_handler (BODY * m, STATE * s)
fputs (buf, tmpfp);
while (bytes > 0 && fgets (buf, sizeof (buf) - 1, s->fpin) != NULL) {
fputs (buf, tmpfp);
while (bytes > 0 && fgets (buf, sizeof (buf) - 1, s->fpin) != NULL) {
- offset = ftell (s->fpin);
- bytes -= (offset - last_pos); /* don't rely on
str_
len(buf) */
+ offset = ftell
o
(s->fpin);
+ bytes -= (offset - last_pos); /* don't rely on
m_str
len(buf) */
last_pos = offset;
fputs (buf, tmpfp);
if ((needpass
last_pos = offset;
fputs (buf, tmpfp);
if ((needpass
- &&
str_cmp
("-----END PGP MESSAGE-----\n", buf) == 0)
+ &&
m_strcmp
("-----END PGP MESSAGE-----\n", buf) == 0)
|| (!needpass
|| (!needpass
- && (
str_cmp
("-----END PGP SIGNATURE-----\n", buf) == 0
- ||
str_cmp
("-----END PGP PUBLIC KEY BLOCK-----\n",
+ && (
m_strcmp
("-----END PGP SIGNATURE-----\n", buf) == 0
+ ||
m_strcmp
("-----END PGP PUBLIC KEY BLOCK-----\n",
buf) == 0)))
break;
}
buf) == 0)))
break;
}
@@
-381,17
+380,22
@@
int pgp_application_pgp_handler (BODY * m, STATE * s)
}
/* treat empty result as sign of failure */
}
/* treat empty result as sign of failure */
+ /* TODO: maybe on failure mutt should include the original undecoded text. */
if (pgpout) {
rewind (pgpout);
c = fgetc (pgpout);
ungetc (c, pgpout);
}
if (!clearsign && (!pgpout || c == EOF)) {
if (pgpout) {
rewind (pgpout);
c = fgetc (pgpout);
ungetc (c, pgpout);
}
if (!clearsign && (!pgpout || c == EOF)) {
- mutt_error _("Could not decrypt PGP message");
- mutt_sleep (1);
- pgp_void_passphrase ();
- rc = -1;
- goto out;
+ could_not_decrypt = 1;
+ pgp_void_passphrase ();
+ }
+
+ if (could_not_decrypt && !(s->flags & M_DISPLAY)) {
+ mutt_error _("Could not decrypt PGP message");
+ mutt_sleep (1);
+ rc = -1;
+ goto out;
}
}
}
}
@@
-431,7
+435,10
@@
int pgp_application_pgp_handler (BODY * m, STATE * s)
state_putc ('\n', s);
if (needpass) {
state_attach_puts (_("[-- END PGP MESSAGE --]\n"), s);
state_putc ('\n', s);
if (needpass) {
state_attach_puts (_("[-- END PGP MESSAGE --]\n"), s);
- mutt_message _("PGP message successfully decrypted.");
+ if (could_not_decrypt)
+ mutt_error _("Could not decrypt PGP message.");
+ else
+ mutt_message _("PGP message successfully decrypted.");
}
else if (pgp_keyblock)
state_attach_puts (_("[-- END PGP PUBLIC KEY BLOCK --]\n"), s);
}
else if (pgp_keyblock)
state_attach_puts (_("[-- END PGP PUBLIC KEY BLOCK --]\n"), s);
@@
-501,12
+508,12
@@
static int pgp_check_traditional_one_body (FILE * fp, BODY * b,
}
while (fgets (buf, sizeof (buf), tfp)) {
}
while (fgets (buf, sizeof (buf), tfp)) {
- if (
str_ncmp
("-----BEGIN PGP ", buf, 15) == 0) {
- if (
str_cmp
("MESSAGE-----\n", buf + 15) == 0)
+ if (
m_strncmp
("-----BEGIN PGP ", buf, 15) == 0) {
+ if (
m_strcmp
("MESSAGE-----\n", buf + 15) == 0)
enc = 1;
enc = 1;
- else if (
str_cmp
("SIGNED MESSAGE-----\n", buf + 15) == 0)
+ else if (
m_strcmp
("SIGNED MESSAGE-----\n", buf + 15) == 0)
sgn = 1;
sgn = 1;
- else if (
str_cmp
("PUBLIC KEY BLOCK-----\n", buf + 15) == 0)
+ else if (
m_strcmp
("PUBLIC KEY BLOCK-----\n", buf + 15) == 0)
key = 1;
}
}
key = 1;
}
}
@@
-567,7
+574,7
@@
int pgp_verify_one (BODY * sigbdy, STATE * s, const char *tempfile)
return -1;
}
return -1;
}
- fseek (s->fpin, sigbdy->offset, 0);
+ fseek
o
(s->fpin, sigbdy->offset, 0);
mutt_copy_bytes (s->fpin, fp, sigbdy->length);
fclose (fp);
mutt_copy_bytes (s->fpin, fp, sigbdy->length);
fclose (fp);
@@
-682,7
+689,7
@@
static void pgp_extract_keys_from_attachment (FILE * fp, BODY * top)
return;
}
return;
}
-
memset (&s, 0, sizeof (STATE)
);
+
p_clear(&s, 1
);
s.fpin = fp;
s.fpout = tempfp;
s.fpin = fp;
s.fpout = tempfp;
@@
-749,7
+756,7
@@
BODY *pgp_decrypt_part (BODY * a, STATE * s, FILE * fpout, BODY * p)
* the temporary file.
*/
* the temporary file.
*/
- fseek (s->fpin, a->offset, 0);
+ fseek
o
(s->fpin, a->offset, 0);
mutt_copy_bytes (s->fpin, pgptmp, a->length);
fclose (pgptmp);
mutt_copy_bytes (s->fpin, pgptmp, a->length);
fclose (pgptmp);
@@
-776,7
+783,7
@@
BODY *pgp_decrypt_part (BODY * a, STATE * s, FILE * fpout, BODY * p)
* read_mime_header has a hard time parsing the message.
*/
while (fgets (buf, sizeof (buf) - 1, pgpout) != NULL) {
* read_mime_header has a hard time parsing the message.
*/
while (fgets (buf, sizeof (buf) - 1, pgpout) != NULL) {
- len =
str_len
(buf);
+ len =
m_strlen
(buf);
if (len > 1 && buf[len - 2] == '\r')
strcpy (buf + len - 2, "\n"); /* __STRCPY_CHECKED__ */
fputs (buf, fpout);
if (len > 1 && buf[len - 2] == '\r')
strcpy (buf + len - 2, "\n"); /* __STRCPY_CHECKED__ */
fputs (buf, fpout);
@@
-837,7
+844,7
@@
int pgp_decrypt_mime (FILE * fpin, FILE ** fpout, BODY * b, BODY ** cur)
b = b->parts->next;
b = b->parts->next;
-
memset (&s, 0, sizeof (s)
);
+
p_clear(&s, 1
);
s.fpin = fpin;
mutt_mktemp (tempfile);
if ((*fpout = safe_fopen (tempfile, "w+")) == NULL) {
s.fpin = fpin;
mutt_mktemp (tempfile);
if ((*fpout = safe_fopen (tempfile, "w+")) == NULL) {
@@
-988,9
+995,9
@@
BODY *pgp_sign_message (BODY * a)
* recommended for future releases of PGP.
*/
while (fgets (buffer, sizeof (buffer) - 1, pgpout) != NULL) {
* recommended for future releases of PGP.
*/
while (fgets (buffer, sizeof (buffer) - 1, pgpout) != NULL) {
- if (
str_cmp
("-----BEGIN PGP MESSAGE-----\n", buffer) == 0)
+ if (
m_strcmp
("-----BEGIN PGP MESSAGE-----\n", buffer) == 0)
fputs ("-----BEGIN PGP SIGNATURE-----\n", fp);
fputs ("-----BEGIN PGP SIGNATURE-----\n", fp);
- else if (
str_cmp
("-----END PGP MESSAGE-----\n", buffer) == 0)
+ else if (
m_strcmp
("-----END PGP MESSAGE-----\n", buffer) == 0)
fputs ("-----END PGP SIGNATURE-----\n", fp);
else
fputs (buffer, fp);
fputs ("-----END PGP SIGNATURE-----\n", fp);
else
fputs (buffer, fp);
@@
-1029,7
+1036,7
@@
BODY *pgp_sign_message (BODY * a)
t = mutt_new_body ();
t->type = TYPEMULTIPART;
t = mutt_new_body ();
t->type = TYPEMULTIPART;
- t->subtype =
str_dup
("signed");
+ t->subtype =
m_strdup
("signed");
t->encoding = ENC7BIT;
t->use_disp = 0;
t->disposition = DISPINLINE;
t->encoding = ENC7BIT;
t->use_disp = 0;
t->disposition = DISPINLINE;
@@
-1044,8
+1051,8
@@
BODY *pgp_sign_message (BODY * a)
t->parts->next = mutt_new_body ();
t = t->parts->next;
t->type = TYPEAPPLICATION;
t->parts->next = mutt_new_body ();
t = t->parts->next;
t->type = TYPEAPPLICATION;
- t->subtype =
str_dup
("pgp-signature");
- t->filename =
str_dup
(sigfile);
+ t->subtype =
m_strdup
("pgp-signature");
+ t->filename =
m_strdup
(sigfile);
t->use_disp = 0;
t->disposition = DISPINLINE;
t->encoding = ENC7BIT;
t->use_disp = 0;
t->disposition = DISPINLINE;
t->encoding = ENC7BIT;
@@
-1059,7
+1066,7
@@
static short is_numerical_keyid (const char *s)
/* or should we require the "0x"? */
if (strncmp (s, "0x", 2) == 0)
s += 2;
/* or should we require the "0x"? */
if (strncmp (s, "0x", 2) == 0)
s += 2;
- if (
str_len
(s) % 8)
+ if (
m_strlen
(s) % 8)
return 0;
while (*s)
if (strchr ("0123456789ABCDEFabcdef", *s++) == NULL)
return 0;
while (*s)
if (strchr ("0123456789ABCDEFabcdef", *s++) == NULL)
@@
-1071,14
+1078,14
@@
static short is_numerical_keyid (const char *s)
/* This routine attempts to find the keyids of the recipients of a message.
* It returns NULL if any of the keys can not be found.
*/
/* This routine attempts to find the keyids of the recipients of a message.
* It returns NULL if any of the keys can not be found.
*/
-char *pgp_findKeys (
ADDRESS * to, ADDRESS * cc, ADDRESS
* bcc)
+char *pgp_findKeys (
address_t * to, address_t * cc, address_t
* bcc)
{
char *keyID, *keylist = NULL, *t;
size_t keylist_size = 0;
size_t keylist_used = 0;
{
char *keyID, *keylist = NULL, *t;
size_t keylist_size = 0;
size_t keylist_used = 0;
-
ADDRESS
*tmp = NULL, *addr = NULL;
-
ADDRESS
**last = &tmp;
-
ADDRESS
*p, *q;
+
address_t
*tmp = NULL, *addr = NULL;
+
address_t
**last = &tmp;
+
address_t
*p, *q;
int i;
pgp_key_t k_info = NULL, key = NULL;
int i;
pgp_key_t k_info = NULL, key = NULL;
@@
-1099,7
+1106,7
@@
char *pgp_findKeys (ADDRESS * to, ADDRESS * cc, ADDRESS * bcc)
abort ();
}
abort ();
}
- *last =
rfc822_cpy_adr
(p);
+ *last =
address_list_dup
(p);
while (*last)
last = &((*last)->next);
}
while (*last)
last = &((*last)->next);
}
@@
-1138,9
+1145,9
@@
char *pgp_findKeys (ADDRESS * to, ADDRESS * cc, ADDRESS * bcc)
k_info = pgp_getkeybystr (keyID, KEYFLAG_CANENCRYPT, PGP_PUBRING);
}
else if (r == -1) {
k_info = pgp_getkeybystr (keyID, KEYFLAG_CANENCRYPT, PGP_PUBRING);
}
else if (r == -1) {
-
mem_free
(&keylist);
-
rfc822_free_address
(&tmp);
-
rfc822_free_address
(&addr);
+
p_delete
(&keylist);
+
address_delete
(&tmp);
+
address_delete
(&addr);
return NULL;
}
}
return NULL;
}
}
@@
-1155,9
+1162,9
@@
char *pgp_findKeys (ADDRESS * to, ADDRESS * cc, ADDRESS * bcc)
if ((key = pgp_ask_for_key (buf, q->mailbox,
KEYFLAG_CANENCRYPT, PGP_PUBRING)) == NULL) {
if ((key = pgp_ask_for_key (buf, q->mailbox,
KEYFLAG_CANENCRYPT, PGP_PUBRING)) == NULL) {
-
mem_free
(&keylist);
-
rfc822_free_address
(&tmp);
-
rfc822_free_address
(&addr);
+
p_delete
(&keylist);
+
address_delete
(&tmp);
+
address_delete
(&addr);
return NULL;
}
}
return NULL;
}
}
@@
-1167,17
+1174,17
@@
char *pgp_findKeys (ADDRESS * to, ADDRESS * cc, ADDRESS * bcc)
keyID = pgp_keyid (key);
bypass_selection:
keyID = pgp_keyid (key);
bypass_selection:
- keylist_size +=
str_len
(keyID) + 4;
-
mem_realloc
(&keylist, keylist_size);
+ keylist_size +=
m_strlen
(keyID) + 4;
+
p_realloc
(&keylist, keylist_size);
sprintf (keylist + keylist_used, "%s0x%s", keylist_used ? " " : "", /* __SPRINTF_CHECKED__ */
keyID);
sprintf (keylist + keylist_used, "%s0x%s", keylist_used ? " " : "", /* __SPRINTF_CHECKED__ */
keyID);
- keylist_used =
str_len
(keylist);
+ keylist_used =
m_strlen
(keylist);
pgp_free_key (&key);
pgp_free_key (&key);
-
rfc822_free_address
(&addr);
+
address_delete
(&addr);
}
}
-
rfc822_free_address
(&tmp);
+
address_delete
(&tmp);
return (keylist);
}
return (keylist);
}
@@
-1275,7
+1282,7
@@
BODY *pgp_encrypt_message (BODY * a, char *keylist, int sign)
t = mutt_new_body ();
t->type = TYPEMULTIPART;
t = mutt_new_body ();
t->type = TYPEMULTIPART;
- t->subtype =
str_dup
("encrypted");
+ t->subtype =
m_strdup
("encrypted");
t->encoding = ENC7BIT;
t->use_disp = 0;
t->disposition = DISPINLINE;
t->encoding = ENC7BIT;
t->use_disp = 0;
t->disposition = DISPINLINE;
@@
-1285,18
+1292,18
@@
BODY *pgp_encrypt_message (BODY * a, char *keylist, int sign)
t->parts = mutt_new_body ();
t->parts->type = TYPEAPPLICATION;
t->parts = mutt_new_body ();
t->parts->type = TYPEAPPLICATION;
- t->parts->subtype =
str_dup
("pgp-encrypted");
+ t->parts->subtype =
m_strdup
("pgp-encrypted");
t->parts->encoding = ENC7BIT;
t->parts->next = mutt_new_body ();
t->parts->next->type = TYPEAPPLICATION;
t->parts->encoding = ENC7BIT;
t->parts->next = mutt_new_body ();
t->parts->next->type = TYPEAPPLICATION;
- t->parts->next->subtype =
str_dup
("octet-stream");
+ t->parts->next->subtype =
m_strdup
("octet-stream");
t->parts->next->encoding = ENC7BIT;
t->parts->next->encoding = ENC7BIT;
- t->parts->next->filename =
str_dup
(tempfile);
+ t->parts->next->filename =
m_strdup
(tempfile);
t->parts->next->use_disp = 1;
t->parts->next->disposition = DISPINLINE;
t->parts->next->unlink = 1; /* delete after sending the message */
t->parts->next->use_disp = 1;
t->parts->next->disposition = DISPINLINE;
t->parts->next->unlink = 1; /* delete after sending the message */
- t->parts->next->d_filename =
str_dup
("msg.asc"); /* non pgp/mime can save */
+ t->parts->next->d_filename =
m_strdup
("msg.asc"); /* non pgp/mime can save */
return (t);
}
return (t);
}
@@
-1446,21
+1453,21
@@
BODY *pgp_traditional_encryptsign (BODY * a, int flags, char *keylist)
b->encoding = ENC7BIT;
b->type = TYPETEXT;
b->encoding = ENC7BIT;
b->type = TYPETEXT;
- b->subtype =
str_dup
("plain");
+ b->subtype =
m_strdup
("plain");
mutt_set_parameter ("x-action",
flags & ENCRYPT ? "pgp-encrypted" : "pgp-signed",
&b->parameter);
mutt_set_parameter ("charset", send_charset, &b->parameter);
mutt_set_parameter ("x-action",
flags & ENCRYPT ? "pgp-encrypted" : "pgp-signed",
&b->parameter);
mutt_set_parameter ("charset", send_charset, &b->parameter);
- b->filename =
str_dup
(pgpoutfile);
+ b->filename =
m_strdup
(pgpoutfile);
#if 0
/* The following is intended to give a clue to some completely brain-dead
* "mail environments" which are typically used by large corporations.
*/
#if 0
/* The following is intended to give a clue to some completely brain-dead
* "mail environments" which are typically used by large corporations.
*/
- b->d_filename =
str_dup
("msg.pgp");
+ b->d_filename =
m_strdup
("msg.pgp");
b->use_disp = 1;
#endif
b->use_disp = 1;
#endif
@@
-1514,7
+1521,7
@@
int pgp_send_menu (HEADER * msg, int *redraw)
pgp_ask_for_key (_("Sign as: "), NULL, KEYFLAG_CANSIGN,
PGP_PUBRING))) {
snprintf (input_signas, sizeof (input_signas), "0x%s", pgp_keyid (p));
pgp_ask_for_key (_("Sign as: "), NULL, KEYFLAG_CANSIGN,
PGP_PUBRING))) {
snprintf (input_signas, sizeof (input_signas), "0x%s", pgp_keyid (p));
-
str_replace
(&PgpSignAs, input_signas);
+
m_strreplace
(&PgpSignAs, input_signas);
pgp_free_key (&p);
msg->security |= SIGN;
pgp_free_key (&p);
msg->security |= SIGN;