1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

* keygen.c (get_parameter_algo): Never allow generation of the

deprecated RSA-E or RSA-S flavors of PGP RSA.
(ask_algo): Allow generation of RSA sign and encrypt in expert
mode.  Don't allow ElGamal S+E unless in expert mode.
* helptext.c: Added entry keygen.algo.rsa_se.
This commit is contained in:
Werner Koch 2002-05-07 07:24:29 +00:00
parent 2e56b988c8
commit 0295445a4c
3 changed files with 34 additions and 4 deletions

View File

@ -1,3 +1,11 @@
2002-05-07 Werner Koch <wk@gnupg.org>
* keygen.c (get_parameter_algo): Never allow generation of the
deprecated RSA-E or RSA-S flavors of PGP RSA.
(ask_algo): Allow generation of RSA sign and encrypt in expert
mode. Don't allow ElGamal S+E unless in expert mode.
* helptext.c: Added entry keygen.algo.rsa_se.
2002-05-07 David Shaw <dshaw@jabberwocky.com> 2002-05-07 David Shaw <dshaw@jabberwocky.com>
* keyedit.c (sign_uids): If --expert it set, allow re-signing a * keyedit.c (sign_uids): If --expert it set, allow re-signing a

View File

@ -94,6 +94,12 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
"with them are quite large and very slow to verify." "with them are quite large and very slow to verify."
)}, )},
{ "keygen.algo.rsa_se", N_(
"In general it is not a good idea to use the same key for signing and\n"
"encryption. This algorithm should only be used in certain domains.\n"
"Please consult your security expert first."
)},
{ "keygen.size", N_( { "keygen.size", N_(
"Enter the size of the key" "Enter the size of the key"

View File

@ -780,10 +780,13 @@ ask_algo (int addmode, unsigned int *r_usage)
tty_printf( _(" (%d) DSA (sign only)\n"), 2 ); tty_printf( _(" (%d) DSA (sign only)\n"), 2 );
if( addmode ) if( addmode )
tty_printf( _(" (%d) ElGamal (encrypt only)\n"), 3 ); tty_printf( _(" (%d) ElGamal (encrypt only)\n"), 3 );
tty_printf( _(" (%d) ElGamal (sign and encrypt)\n"), 4 ); if (opt.expert)
tty_printf( _(" (%d) ElGamal (sign and encrypt)\n"), 4 );
tty_printf( _(" (%d) RSA (sign only)\n"), 5 ); tty_printf( _(" (%d) RSA (sign only)\n"), 5 );
if (addmode) if (addmode)
tty_printf( _(" (%d) RSA (encrypt only)\n"), 6 ); tty_printf( _(" (%d) RSA (encrypt only)\n"), 6 );
if (opt.expert)
tty_printf( _(" (%d) RSA (sign and encrypt)\n"), 7 );
for(;;) { for(;;) {
answer = cpr_get("keygen.algo",_("Your selection? ")); answer = cpr_get("keygen.algo",_("Your selection? "));
@ -794,6 +797,14 @@ ask_algo (int addmode, unsigned int *r_usage)
algo = 0; /* create both keys */ algo = 0; /* create both keys */
break; break;
} }
else if( algo == 7 && opt.expert ) {
if (cpr_get_answer_is_yes ("keygen.algo.rsa_se",_(
"The use of this algorithm is deprecated - create anyway? "))){
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
break;
}
}
else if( algo == 6 && addmode ) { else if( algo == 6 && addmode ) {
algo = PUBKEY_ALGO_RSA; algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_ENC; *r_usage = PUBKEY_USAGE_ENC;
@ -804,7 +815,7 @@ ask_algo (int addmode, unsigned int *r_usage)
*r_usage = PUBKEY_USAGE_SIG; *r_usage = PUBKEY_USAGE_SIG;
break; break;
} }
else if( algo == 4 ) { else if( algo == 4 && opt.expert) {
if( cpr_get_answer_is_yes("keygen.algo.elg_se",_( if( cpr_get_answer_is_yes("keygen.algo.elg_se",_(
"The use of this algorithm is deprecated - create anyway? "))){ "The use of this algorithm is deprecated - create anyway? "))){
algo = PUBKEY_ALGO_ELGAMAL; algo = PUBKEY_ALGO_ELGAMAL;
@ -1329,12 +1340,17 @@ get_parameter_value( struct para_data_s *para, enum para_name key )
static int static int
get_parameter_algo( struct para_data_s *para, enum para_name key ) get_parameter_algo( struct para_data_s *para, enum para_name key )
{ {
int i;
struct para_data_s *r = get_parameter( para, key ); struct para_data_s *r = get_parameter( para, key );
if( !r ) if( !r )
return -1; return -1;
if( isdigit( *r->u.value ) ) if( isdigit( *r->u.value ) )
return atoi( r->u.value ); i = atoi( r->u.value );
return string_to_pubkey_algo( r->u.value ); else
i = string_to_pubkey_algo( r->u.value );
if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
i = 0; /* we don't want to allow generation of these algorithms */
return i;
} }
/* /*