--pgp6 flag. This is not nearly as involved as --pgp2. In short, it

turns off force_mdc, turns on no_comment, escape_from, and force_v3_sigs, and sets compression to 1. It also restricts the user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. See the comments above algo_available() for lots of discussion on why you would want to do this.
2025-06-17 20:27:03 +02:00 · 2002-01-29 01:12:00 +00:00 · 2002-01-29 01:12:00 +00:00 · 04d8d2263c
commit 04d8d2263c
parent 77afb82dc2
5 changed files with 106 additions and 70 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,13 @@
 2002-01-28  David Shaw  <dshaw@jabberwocky.com>
 	* g10.c (main), options.h, pkclist.c (algo_available): --pgp6
 	flag.  This is not nearly as involved as --pgp2.  In short, it
 	turns off force_mdc, turns on no_comment, escape_from, and
 	force_v3_sigs, and sets compression to 1.  It also restricts the
 	user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160.
 	See the comments above algo_available() for lots of discussion on
 	why you would want to do this.
 2002-01-27  David Shaw  <dshaw@jabberwocky.com>
 	* keygen.c (keygen_set_std_prefs): Comment
--- a/g10/encode.c
+++ b/g10/encode.c
@ -624,20 +624,3 @@ encode_crypt_files(int nfiles, char **files, STRLIST remusr)
        }
    }
 }
--- a/g10/g10.c
+++ b/g10/g10.c
@ -158,6 +158,8 @@ enum cmd_and_opt_values { aNull = 0,
    oOpenPGP,
    oPGP2,
    oNoPGP2,
    oPGP6,
    oNoPGP6,
    oCipherAlgo,
    oDigestAlgo,
    oCompressAlgo,
@ -388,6 +390,8 @@ static ARGPARSE_OPTS opts[] = {
    { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
    { oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")},
    { oNoPGP2, "no-pgp2", 0, "@"},
    { oPGP6, "pgp6", 0, "@"},
    { oNoPGP6, "no-pgp6", 0, "@"},
    { oS2KMode, "s2k-mode",  1, N_("|N|use passphrase mode N")},
    { oS2KDigest, "s2k-digest-algo",2,
 		N_("|NAME|use message digest algorithm NAME for passphrases")},
@ -1064,6 +1068,8 @@ main( int argc, char **argv )
 	    break;
 	  case oPGP2: opt.pgp2 = 1; break;
 	  case oNoPGP2: opt.pgp2 = 0; break;
 	  case oPGP6: opt.pgp6 = 1; break;
 	  case oNoPGP6: opt.pgp6 = 0; break;
 	  case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
 	  case oEmu3DESS2KBug:	opt.emulate_bugs |= EMUBUG_3DESS2K; break;
 	  case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
@ -1295,67 +1301,82 @@ main( int argc, char **argv )
    set_debug();
    g10_opt_homedir = opt.homedir;
-    /* Do this after the switch(), so it can override settings. */
+    /* Do these after the switch(), so they can override settings. */
-    if(opt.pgp2)
+    if(opt.pgp2 && opt.pgp6)
      log_error(_("%s not allowed with %s!\n"),"--pgp2","--pgp6");
    else
      {
-	int unusable=0;
+	if(opt.pgp2)
 	  {
 	    int unusable=0;
-	if(cmd==aSign && !detached_sig)
+	    if(cmd==aSign && !detached_sig)
 	  {
 	    log_info(_("you can only make detached or clear signatures "
 		       "while in --pgp2 mode\n"));
 	    unusable=1;
 	  }
 	else if(cmd==aSignEncr || cmd==aSignSym)
 	  {
 	    log_info(_("you can't sign and encrypt at the "
 		       "same time while in --pgp2 mode\n"));
 	    unusable=1;
 	  }
 	else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym))
 	  {
 	    log_info(_("you must use files (and not a pipe) when "
 		       "working with --pgp2 enabled.\n"));
 	    unusable=1;
 	  }
 	else if(cmd==aEncr || cmd==aSym)
 	  {
 	    /* Everything else should work without IDEA (except using
 	       a secret key encrypted with IDEA and setting an IDEA
 	       preference, but those have their own error
 	       messages). */
 	    if(check_cipher_algo(CIPHER_ALGO_IDEA))
 	      {
-		log_info(_("encrypting a message in --pgp2 mode requires "
+		log_info(_("you can only make detached or clear signatures "
-			   "the IDEA cipher\n"));
+			   "while in --pgp2 mode\n"));
 		idea_cipher_warn(1);
 		unusable=1;
 	      }
-	    else if(cmd==aSym)
+	    else if(cmd==aSignEncr || cmd==aSignSym)
 	      {
-		m_free(def_cipher_string);
+		log_info(_("you can't sign and encrypt at the "
-		def_cipher_string = m_strdup("idea");
+			   "same time while in --pgp2 mode\n"));
 		unusable=1;
 	      }
 	    else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym))
 	      {
 		log_info(_("you must use files (and not a pipe) when "
 			   "working with --pgp2 enabled.\n"));
 		unusable=1;
 	      }
 	    else if(cmd==aEncr || cmd==aSym)
 	      {
 		/* Everything else should work without IDEA (except using
 		   a secret key encrypted with IDEA and setting an IDEA
 		   preference, but those have their own error
 		   messages). */
 		if(check_cipher_algo(CIPHER_ALGO_IDEA))
 		  {
 		    log_info(_("encrypting a message in --pgp2 mode requires "
 			       "the IDEA cipher\n"));
 		    idea_cipher_warn(1);
 		    unusable=1;
 		  }
 		else if(cmd==aSym)
 		  {
 		    m_free(def_cipher_string);
 		    def_cipher_string = m_strdup("idea");
 		  }
 	      }
 	    if(unusable)
 	      {
 		log_info(_("this message may not be usable by PGP 2.x\n"));
 		opt.pgp2=0;
 	      }
 	    else
 	      {
 		opt.rfc1991 = 1;
 		opt.rfc2440 = 0;
 		opt.force_mdc = 0;
 		opt.force_v4_certs = 0;
 		opt.no_comment = 1;
 		opt.escape_from = 1;
 		opt.force_v3_sigs = 1;
 		opt.pgp2_workarounds = 1;
 		m_free(def_digest_string);
 		def_digest_string = m_strdup("md5");
 		opt.def_compress_algo = 1;
 	      }
 	  }
-	if(unusable)
+	if(opt.pgp6)
 	  {
-	    log_info(_("this message may not be usable by PGP 2.x\n"));
+	    opt.force_mdc=0;
-	    opt.pgp2=0;
+	    opt.no_comment=1;
-	  }
+	    opt.escape_from=1;
-	else
+	    opt.force_v3_sigs=1;
-	  {
+	    opt.def_compress_algo=1;
 	    opt.rfc1991 = 1;
 	    opt.rfc2440 = 0;
 	    opt.force_v4_certs = 0;
 	    opt.no_comment = 1;
 	    opt.escape_from = 1;
 	    opt.force_v3_sigs = 1;
 	    opt.pgp2_workarounds = 1;
 	    m_free(def_digest_string);
 	    def_digest_string = m_strdup("md5");
 	    opt.def_compress_algo = 1;
 	  }
      }
--- a/g10/options.h
+++ b/g10/options.h
@ -79,6 +79,7 @@ struct {
    int compress_sigs;
    int always_trust;
    int pgp2;
    int pgp6;
    int rfc1991;
    int rfc2440;
    int pgp2_workarounds;
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -926,17 +926,40 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
 }
 /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
   CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
   and all compressions except none (0) and ZIP (1).  For a true PGP6
   key all of this is unneeded as they are the only items present in
   the preferences subpacket, but checking here covers the weird case
   of encrypting to a key that had preferences from a different
   implementation which was then used with PGP6.  I am not completely
   comfortable with this as the right thing to do, as it slightly
   alters the list of what the user is supposedly requesting.  It is
   not against the RFC however, as the preference chosen will never be
   one that the user didn't specify somewhere ("The implementation may
   use any mechanism to pick an algorithm in the intersection"), and
   PGP6 has no mechanism to fix such a broken preference list, so I'm
   including it. -dms */
 static int
 algo_available( int preftype, int algo )
 {
    if( preftype == PREFTYPE_SYM ) {
        if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
 	  return 0;
 	return algo && !check_cipher_algo( algo );
    }
    else if( preftype == PREFTYPE_HASH ) {
        if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
 	  return 0;
 	return algo && !check_digest_algo( algo );
    }
    else if( preftype == PREFTYPE_ZIP ) {
        if ( opt.pgp6 && ( algo !=0 && algo != 1) )
 	  return 0;
 	return !algo || algo == 1 || algo == 2;
    }
    else
@ -1080,5 +1103,3 @@ select_mdc_from_pklist (PK_LIST pk_list)
    }
    return 1; /* can be used */
 }