gnupg/common/pkscreening.h

/* pkscreening.c - Screen public keys for vulnerabilities
 * Copyright (C) 2017 Werner Koch
 *
 * This file is part of GnuPG.
 *
 * This file is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, see <https://www.gnu.org/licenses/>.
 */

#ifndef GNUPG_COMMON_PKSCREENING_H
#define GNUPG_COMMON_PKSCREENING_H

gpg_error_t screen_key_for_roca (gcry_mpi_t modulus);


#endif /*GNUPG_COMMON_PKSCREENING_H*/
gpg,sm: New option --with-key-screening. * common/pkscreening.c: New. * common/pkscreening.h: New. * common/Makefile.am (common_sources): Add them. * g10/gpg.c (opts): New option --with-key-screening. * g10/options.h (struct opt): New field with_key_screening. * g10/keylist.c: Include pkscreening.h. (print_pk_screening): New. (list_keyblock_print): Call it. (print_compliance_flags): Call it. * sm/gpgsm.c (opts): New option --with-key-screening. * sm/gpgsm.h (scruct opt): New field with_key_screening. * sm/keylist.c: Include pkscreening.h. (print_pk_screening): New. (print_compliance_flags): Call it. Add new arg cert. (list_cert_colon): Pass arg cert (list_cert_std): Call print_pk_screening. * sm/fingerprint.c (gpgsm_get_rsa_modulus): New. -- This new option can be used to detect ROCA affected keys. To scan an entire keyring and print the affected fingerprints use this: gpg -k --with-key-screening --with-colons \| gawk -F: \ '$1~/pub\|sub\|sec\|ssb\|crt/ && $18~/\<6001\>/ {found=1;next}; $1=="fpr" && found {print $10}; {found=0}' The same works for gpgsm. Note that we need gawk due to the "\<" in the r.e. Signed-off-by: Werner Koch <wk@gnupg.org> 2017-10-17 21:10:19 +02:00			`/* pkscreening.c - Screen public keys for vulnerabilities`
			`* Copyright (C) 2017 Werner Koch`
			`*`
			`* This file is part of GnuPG.`
			`*`
			`* This file is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU Lesser General Public License as`
			`* published by the Free Software Foundation; either version 2.1 of`
			`* the License, or (at your option) any later version.`
			`*`
			`* This file is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Lesser General Public License`
			`* along with this program; if not, see <https://www.gnu.org/licenses/>.`
			`*/`

			`#ifndef GNUPG_COMMON_PKSCREENING_H`
			`#define GNUPG_COMMON_PKSCREENING_H`

			`gpg_error_t screen_key_for_roca (gcry_mpi_t modulus);`


			`#endif /GNUPG_COMMON_PKSCREENING_H/`