mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
--pgp6 flag. This is not nearly as involved as --pgp2. In short, it
turns off force_mdc, turns on no_comment, escape_from, and force_v3_sigs, and sets compression to 1. It also restricts the user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. See the comments above algo_available() for lots of discussion on why you would want to do this.
This commit is contained in:
David Shaw
parent
77afb82dc2
commit
04d8d2263c
@ -1,3 +1,13 @@
|
||||
2002-01-28 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* g10.c (main), options.h, pkclist.c (algo_available): --pgp6
|
||||
flag. This is not nearly as involved as --pgp2. In short, it
|
||||
turns off force_mdc, turns on no_comment, escape_from, and
|
||||
force_v3_sigs, and sets compression to 1. It also restricts the
|
||||
user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160.
|
||||
See the comments above algo_available() for lots of discussion on
|
||||
why you would want to do this.
|
||||
|
||||
2002-01-27 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keygen.c (keygen_set_std_prefs): Comment
|
||||
|
||||
17
g10/encode.c
17
g10/encode.c
@ -624,20 +624,3 @@ encode_crypt_files(int nfiles, char **files, STRLIST remusr)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
23
g10/g10.c
23
g10/g10.c
@ -158,6 +158,8 @@ enum cmd_and_opt_values { aNull = 0,
|
||||
oOpenPGP,
|
||||
oPGP2,
|
||||
oNoPGP2,
|
||||
oPGP6,
|
||||
oNoPGP6,
|
||||
oCipherAlgo,
|
||||
oDigestAlgo,
|
||||
oCompressAlgo,
|
||||
@ -388,6 +390,8 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
|
||||
{ oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")},
|
||||
{ oNoPGP2, "no-pgp2", 0, "@"},
|
||||
{ oPGP6, "pgp6", 0, "@"},
|
||||
{ oNoPGP6, "no-pgp6", 0, "@"},
|
||||
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
|
||||
{ oS2KDigest, "s2k-digest-algo",2,
|
||||
N_("|NAME|use message digest algorithm NAME for passphrases")},
|
||||
@ -1064,6 +1068,8 @@ main( int argc, char **argv )
|
||||
break;
|
||||
case oPGP2: opt.pgp2 = 1; break;
|
||||
case oNoPGP2: opt.pgp2 = 0; break;
|
||||
case oPGP6: opt.pgp6 = 1; break;
|
||||
case oNoPGP6: opt.pgp6 = 0; break;
|
||||
case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
|
||||
case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break;
|
||||
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
|
||||
@ -1295,7 +1301,11 @@ main( int argc, char **argv )
|
||||
set_debug();
|
||||
g10_opt_homedir = opt.homedir;
|
||||
|
||||
/* Do this after the switch(), so it can override settings. */
|
||||
/* Do these after the switch(), so they can override settings. */
|
||||
if(opt.pgp2 && opt.pgp6)
|
||||
log_error(_("%s not allowed with %s!\n"),"--pgp2","--pgp6");
|
||||
else
|
||||
{
|
||||
if(opt.pgp2)
|
||||
{
|
||||
int unusable=0;
|
||||
@ -1348,6 +1358,7 @@ main( int argc, char **argv )
|
||||
{
|
||||
opt.rfc1991 = 1;
|
||||
opt.rfc2440 = 0;
|
||||
opt.force_mdc = 0;
|
||||
opt.force_v4_certs = 0;
|
||||
opt.no_comment = 1;
|
||||
opt.escape_from = 1;
|
||||
@ -1359,6 +1370,16 @@ main( int argc, char **argv )
|
||||
}
|
||||
}
|
||||
|
||||
if(opt.pgp6)
|
||||
{
|
||||
opt.force_mdc=0;
|
||||
opt.no_comment=1;
|
||||
opt.escape_from=1;
|
||||
opt.force_v3_sigs=1;
|
||||
opt.def_compress_algo=1;
|
||||
}
|
||||
}
|
||||
|
||||
/* must do this after dropping setuid, because string_to...
|
||||
* may try to load an module */
|
||||
if( def_cipher_string ) {
|
||||
|
||||
@ -79,6 +79,7 @@ struct {
|
||||
int compress_sigs;
|
||||
int always_trust;
|
||||
int pgp2;
|
||||
int pgp6;
|
||||
int rfc1991;
|
||||
int rfc2440;
|
||||
int pgp2_workarounds;
|
||||
|
||||
@ -926,17 +926,40 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
|
||||
}
|
||||
|
||||
|
||||
/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
|
||||
CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
|
||||
and all compressions except none (0) and ZIP (1). For a true PGP6
|
||||
key all of this is unneeded as they are the only items present in
|
||||
the preferences subpacket, but checking here covers the weird case
|
||||
of encrypting to a key that had preferences from a different
|
||||
implementation which was then used with PGP6. I am not completely
|
||||
comfortable with this as the right thing to do, as it slightly
|
||||
alters the list of what the user is supposedly requesting. It is
|
||||
not against the RFC however, as the preference chosen will never be
|
||||
one that the user didn't specify somewhere ("The implementation may
|
||||
use any mechanism to pick an algorithm in the intersection"), and
|
||||
PGP6 has no mechanism to fix such a broken preference list, so I'm
|
||||
including it. -dms */
|
||||
|
||||
static int
|
||||
algo_available( int preftype, int algo )
|
||||
{
|
||||
if( preftype == PREFTYPE_SYM ) {
|
||||
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
|
||||
return 0;
|
||||
|
||||
return algo && !check_cipher_algo( algo );
|
||||
}
|
||||
else if( preftype == PREFTYPE_HASH ) {
|
||||
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
|
||||
return 0;
|
||||
|
||||
return algo && !check_digest_algo( algo );
|
||||
}
|
||||
else if( preftype == PREFTYPE_ZIP ) {
|
||||
if ( opt.pgp6 && ( algo !=0 && algo != 1) )
|
||||
return 0;
|
||||
|
||||
return !algo || algo == 1 || algo == 2;
|
||||
}
|
||||
else
|
||||
@ -1080,5 +1103,3 @@ select_mdc_from_pklist (PK_LIST pk_list)
|
||||
}
|
||||
return 1; /* can be used */
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user