mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
* keygen.c (get_parameter_algo): Never allow generation of the
deprecated RSA-E or RSA-S flavors of PGP RSA. (ask_algo): Allow generation of RSA sign and encrypt in expert mode. Don't allow ElGamal S+E unless in expert mode. * helptext.c: Added entry keygen.algo.rsa_se.
This commit is contained in:
parent
2e56b988c8
commit
0295445a4c
@ -1,3 +1,11 @@
|
||||
2002-05-07 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* keygen.c (get_parameter_algo): Never allow generation of the
|
||||
deprecated RSA-E or RSA-S flavors of PGP RSA.
|
||||
(ask_algo): Allow generation of RSA sign and encrypt in expert
|
||||
mode. Don't allow ElGamal S+E unless in expert mode.
|
||||
* helptext.c: Added entry keygen.algo.rsa_se.
|
||||
|
||||
2002-05-07 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keyedit.c (sign_uids): If --expert it set, allow re-signing a
|
||||
|
@ -94,6 +94,12 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
|
||||
"with them are quite large and very slow to verify."
|
||||
)},
|
||||
|
||||
{ "keygen.algo.rsa_se", N_(
|
||||
"In general it is not a good idea to use the same key for signing and\n"
|
||||
"encryption. This algorithm should only be used in certain domains.\n"
|
||||
"Please consult your security expert first."
|
||||
)},
|
||||
|
||||
|
||||
{ "keygen.size", N_(
|
||||
"Enter the size of the key"
|
||||
|
24
g10/keygen.c
24
g10/keygen.c
@ -780,10 +780,13 @@ ask_algo (int addmode, unsigned int *r_usage)
|
||||
tty_printf( _(" (%d) DSA (sign only)\n"), 2 );
|
||||
if( addmode )
|
||||
tty_printf( _(" (%d) ElGamal (encrypt only)\n"), 3 );
|
||||
tty_printf( _(" (%d) ElGamal (sign and encrypt)\n"), 4 );
|
||||
if (opt.expert)
|
||||
tty_printf( _(" (%d) ElGamal (sign and encrypt)\n"), 4 );
|
||||
tty_printf( _(" (%d) RSA (sign only)\n"), 5 );
|
||||
if (addmode)
|
||||
tty_printf( _(" (%d) RSA (encrypt only)\n"), 6 );
|
||||
if (opt.expert)
|
||||
tty_printf( _(" (%d) RSA (sign and encrypt)\n"), 7 );
|
||||
|
||||
for(;;) {
|
||||
answer = cpr_get("keygen.algo",_("Your selection? "));
|
||||
@ -794,6 +797,14 @@ ask_algo (int addmode, unsigned int *r_usage)
|
||||
algo = 0; /* create both keys */
|
||||
break;
|
||||
}
|
||||
else if( algo == 7 && opt.expert ) {
|
||||
if (cpr_get_answer_is_yes ("keygen.algo.rsa_se",_(
|
||||
"The use of this algorithm is deprecated - create anyway? "))){
|
||||
algo = PUBKEY_ALGO_RSA;
|
||||
*r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if( algo == 6 && addmode ) {
|
||||
algo = PUBKEY_ALGO_RSA;
|
||||
*r_usage = PUBKEY_USAGE_ENC;
|
||||
@ -804,7 +815,7 @@ ask_algo (int addmode, unsigned int *r_usage)
|
||||
*r_usage = PUBKEY_USAGE_SIG;
|
||||
break;
|
||||
}
|
||||
else if( algo == 4 ) {
|
||||
else if( algo == 4 && opt.expert) {
|
||||
if( cpr_get_answer_is_yes("keygen.algo.elg_se",_(
|
||||
"The use of this algorithm is deprecated - create anyway? "))){
|
||||
algo = PUBKEY_ALGO_ELGAMAL;
|
||||
@ -1329,12 +1340,17 @@ get_parameter_value( struct para_data_s *para, enum para_name key )
|
||||
static int
|
||||
get_parameter_algo( struct para_data_s *para, enum para_name key )
|
||||
{
|
||||
int i;
|
||||
struct para_data_s *r = get_parameter( para, key );
|
||||
if( !r )
|
||||
return -1;
|
||||
if( isdigit( *r->u.value ) )
|
||||
return atoi( r->u.value );
|
||||
return string_to_pubkey_algo( r->u.value );
|
||||
i = atoi( r->u.value );
|
||||
else
|
||||
i = string_to_pubkey_algo( r->u.value );
|
||||
if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
|
||||
i = 0; /* we don't want to allow generation of these algorithms */
|
||||
return i;
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
x
Reference in New Issue
Block a user