mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-24 10:39:57 +01:00
* keygen.c (get_parameter_algo): Never allow generation of the
deprecated RSA-E or RSA-S flavors of PGP RSA. (ask_algo): Allow generation of RSA sign and encrypt in expert mode. Don't allow ElGamal S+E unless in expert mode. * helptext.c: Added entry keygen.algo.rsa_se.
This commit is contained in:
parent
2e56b988c8
commit
0295445a4c
@ -1,3 +1,11 @@
|
|||||||
|
2002-05-07 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* keygen.c (get_parameter_algo): Never allow generation of the
|
||||||
|
deprecated RSA-E or RSA-S flavors of PGP RSA.
|
||||||
|
(ask_algo): Allow generation of RSA sign and encrypt in expert
|
||||||
|
mode. Don't allow ElGamal S+E unless in expert mode.
|
||||||
|
* helptext.c: Added entry keygen.algo.rsa_se.
|
||||||
|
|
||||||
2002-05-07 David Shaw <dshaw@jabberwocky.com>
|
2002-05-07 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* keyedit.c (sign_uids): If --expert it set, allow re-signing a
|
* keyedit.c (sign_uids): If --expert it set, allow re-signing a
|
||||||
|
@ -94,6 +94,12 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
|
|||||||
"with them are quite large and very slow to verify."
|
"with them are quite large and very slow to verify."
|
||||||
)},
|
)},
|
||||||
|
|
||||||
|
{ "keygen.algo.rsa_se", N_(
|
||||||
|
"In general it is not a good idea to use the same key for signing and\n"
|
||||||
|
"encryption. This algorithm should only be used in certain domains.\n"
|
||||||
|
"Please consult your security expert first."
|
||||||
|
)},
|
||||||
|
|
||||||
|
|
||||||
{ "keygen.size", N_(
|
{ "keygen.size", N_(
|
||||||
"Enter the size of the key"
|
"Enter the size of the key"
|
||||||
|
22
g10/keygen.c
22
g10/keygen.c
@ -780,10 +780,13 @@ ask_algo (int addmode, unsigned int *r_usage)
|
|||||||
tty_printf( _(" (%d) DSA (sign only)\n"), 2 );
|
tty_printf( _(" (%d) DSA (sign only)\n"), 2 );
|
||||||
if( addmode )
|
if( addmode )
|
||||||
tty_printf( _(" (%d) ElGamal (encrypt only)\n"), 3 );
|
tty_printf( _(" (%d) ElGamal (encrypt only)\n"), 3 );
|
||||||
|
if (opt.expert)
|
||||||
tty_printf( _(" (%d) ElGamal (sign and encrypt)\n"), 4 );
|
tty_printf( _(" (%d) ElGamal (sign and encrypt)\n"), 4 );
|
||||||
tty_printf( _(" (%d) RSA (sign only)\n"), 5 );
|
tty_printf( _(" (%d) RSA (sign only)\n"), 5 );
|
||||||
if (addmode)
|
if (addmode)
|
||||||
tty_printf( _(" (%d) RSA (encrypt only)\n"), 6 );
|
tty_printf( _(" (%d) RSA (encrypt only)\n"), 6 );
|
||||||
|
if (opt.expert)
|
||||||
|
tty_printf( _(" (%d) RSA (sign and encrypt)\n"), 7 );
|
||||||
|
|
||||||
for(;;) {
|
for(;;) {
|
||||||
answer = cpr_get("keygen.algo",_("Your selection? "));
|
answer = cpr_get("keygen.algo",_("Your selection? "));
|
||||||
@ -794,6 +797,14 @@ ask_algo (int addmode, unsigned int *r_usage)
|
|||||||
algo = 0; /* create both keys */
|
algo = 0; /* create both keys */
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
else if( algo == 7 && opt.expert ) {
|
||||||
|
if (cpr_get_answer_is_yes ("keygen.algo.rsa_se",_(
|
||||||
|
"The use of this algorithm is deprecated - create anyway? "))){
|
||||||
|
algo = PUBKEY_ALGO_RSA;
|
||||||
|
*r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
else if( algo == 6 && addmode ) {
|
else if( algo == 6 && addmode ) {
|
||||||
algo = PUBKEY_ALGO_RSA;
|
algo = PUBKEY_ALGO_RSA;
|
||||||
*r_usage = PUBKEY_USAGE_ENC;
|
*r_usage = PUBKEY_USAGE_ENC;
|
||||||
@ -804,7 +815,7 @@ ask_algo (int addmode, unsigned int *r_usage)
|
|||||||
*r_usage = PUBKEY_USAGE_SIG;
|
*r_usage = PUBKEY_USAGE_SIG;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
else if( algo == 4 ) {
|
else if( algo == 4 && opt.expert) {
|
||||||
if( cpr_get_answer_is_yes("keygen.algo.elg_se",_(
|
if( cpr_get_answer_is_yes("keygen.algo.elg_se",_(
|
||||||
"The use of this algorithm is deprecated - create anyway? "))){
|
"The use of this algorithm is deprecated - create anyway? "))){
|
||||||
algo = PUBKEY_ALGO_ELGAMAL;
|
algo = PUBKEY_ALGO_ELGAMAL;
|
||||||
@ -1329,12 +1340,17 @@ get_parameter_value( struct para_data_s *para, enum para_name key )
|
|||||||
static int
|
static int
|
||||||
get_parameter_algo( struct para_data_s *para, enum para_name key )
|
get_parameter_algo( struct para_data_s *para, enum para_name key )
|
||||||
{
|
{
|
||||||
|
int i;
|
||||||
struct para_data_s *r = get_parameter( para, key );
|
struct para_data_s *r = get_parameter( para, key );
|
||||||
if( !r )
|
if( !r )
|
||||||
return -1;
|
return -1;
|
||||||
if( isdigit( *r->u.value ) )
|
if( isdigit( *r->u.value ) )
|
||||||
return atoi( r->u.value );
|
i = atoi( r->u.value );
|
||||||
return string_to_pubkey_algo( r->u.value );
|
else
|
||||||
|
i = string_to_pubkey_algo( r->u.value );
|
||||||
|
if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
|
||||||
|
i = 0; /* we don't want to allow generation of these algorithms */
|
||||||
|
return i;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
Loading…
x
Reference in New Issue
Block a user