mirror of
git://git.gnupg.org/gnupg.git
synced 2025-04-17 15:44:34 +02:00
* keygen.c (gen_dsa): Allow generating DSA2 keys (allow specifying sizes >
1024 when --enable-dsa2 is set). The size of q is set automatically based on the key size. (ask_keysize, generate_keypair): Ask for DSA size when --enable-dsa2 is set.
This commit is contained in:
parent
e9bbf255a6
commit
05a2a2f39a
@ -1,3 +1,11 @@
|
|||||||
|
2006-05-25 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* keygen.c (gen_dsa): Allow generating DSA2 keys
|
||||||
|
(allow specifying sizes > 1024 when --enable-dsa2 is set). The
|
||||||
|
size of q is set automatically based on the key size.
|
||||||
|
(ask_keysize, generate_keypair): Ask for DSA size when
|
||||||
|
--enable-dsa2 is set.
|
||||||
|
|
||||||
2006-05-24 David Shaw <dshaw@jabberwocky.com>
|
2006-05-24 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* exec.c (make_tempdir): Fix bug with a temporary directory on
|
* exec.c (make_tempdir): Fix bug with a temporary directory on
|
||||||
|
@ -978,6 +978,15 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
|
|||||||
}
|
}
|
||||||
else if(new_key)
|
else if(new_key)
|
||||||
{
|
{
|
||||||
|
/* A little explanation for this: we fill in the fingerprint
|
||||||
|
when importing keys as it can be useful to know the
|
||||||
|
fingerprint in certain keyserver-related cases (a keyserver
|
||||||
|
asked for a particular name, but the key doesn't have that
|
||||||
|
name). However, in cases where we're importing more than
|
||||||
|
one key at a time, we cannot know which key to fingerprint.
|
||||||
|
In these cases, rather than guessing, we do not fingerpring
|
||||||
|
at all, and we must hope the user ID on the keys are
|
||||||
|
useful. */
|
||||||
if(fpr)
|
if(fpr)
|
||||||
{
|
{
|
||||||
xfree(*fpr);
|
xfree(*fpr);
|
||||||
|
57
g10/keygen.c
57
g10/keygen.c
@ -1089,20 +1089,55 @@ gen_dsa(unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
|||||||
PKT_public_key *pk;
|
PKT_public_key *pk;
|
||||||
MPI skey[5];
|
MPI skey[5];
|
||||||
MPI *factors;
|
MPI *factors;
|
||||||
|
unsigned int qbits;
|
||||||
|
|
||||||
if( nbits > 1024 || nbits < 512 ) {
|
if( nbits < 512 || (!opt.flags.dsa2 && nbits > 1024))
|
||||||
|
{
|
||||||
nbits = 1024;
|
nbits = 1024;
|
||||||
log_info(_("keysize invalid; using %u bits\n"), nbits );
|
log_info(_("keysize invalid; using %u bits\n"), nbits );
|
||||||
}
|
}
|
||||||
|
else if(nbits>3072)
|
||||||
|
{
|
||||||
|
nbits = 3072;
|
||||||
|
log_info(_("keysize invalid; using %u bits\n"), nbits );
|
||||||
|
}
|
||||||
|
|
||||||
if( (nbits % 64) ) {
|
if(nbits % 64)
|
||||||
|
{
|
||||||
nbits = ((nbits + 63) / 64) * 64;
|
nbits = ((nbits + 63) / 64) * 64;
|
||||||
log_info(_("keysize rounded up to %u bits\n"), nbits );
|
log_info(_("keysize rounded up to %u bits\n"), nbits );
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = pubkey_generate( PUBKEY_ALGO_DSA, nbits, skey, &factors );
|
/*
|
||||||
if( rc ) {
|
Figure out a q size based on the key size. FIPS 180-3 says:
|
||||||
log_error("pubkey_generate failed: %s\n", g10_errstr(rc) );
|
|
||||||
|
L = 1024, N = 160
|
||||||
|
L = 2048, N = 224
|
||||||
|
L = 2048, N = 256
|
||||||
|
L = 3072, N = 256
|
||||||
|
|
||||||
|
2048/256 is an odd pair since there is also a 2048/224 and
|
||||||
|
3072/256. Matching sizes is not a very exact science.
|
||||||
|
|
||||||
|
We'll do 256 qbits for nbits over 2048, 224 for nbits over 1024
|
||||||
|
but less than 2048, and 160 for 1024 (DSA1).
|
||||||
|
*/
|
||||||
|
|
||||||
|
if(nbits>2048)
|
||||||
|
qbits=256;
|
||||||
|
else if(nbits>1024)
|
||||||
|
qbits=224;
|
||||||
|
else
|
||||||
|
qbits=160;
|
||||||
|
|
||||||
|
if(qbits!=160)
|
||||||
|
log_info("WARNING: some OpenPGP programs can't"
|
||||||
|
" handle a DSA key with this digest size\n");
|
||||||
|
|
||||||
|
rc = dsa2_generate( PUBKEY_ALGO_DSA, nbits, qbits, skey, &factors );
|
||||||
|
if( rc )
|
||||||
|
{
|
||||||
|
log_error("dsa2_generate failed: %s\n", g10_errstr(rc) );
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1110,9 +1145,9 @@ gen_dsa(unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
|||||||
pk = xmalloc_clear( sizeof *pk );
|
pk = xmalloc_clear( sizeof *pk );
|
||||||
sk->timestamp = pk->timestamp = make_timestamp();
|
sk->timestamp = pk->timestamp = make_timestamp();
|
||||||
sk->version = pk->version = 4;
|
sk->version = pk->version = 4;
|
||||||
if( expireval ) {
|
if( expireval )
|
||||||
sk->expiredate = pk->expiredate = sk->timestamp + expireval;
|
sk->expiredate = pk->expiredate = sk->timestamp + expireval;
|
||||||
}
|
|
||||||
sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA;
|
sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA;
|
||||||
pk->pkey[0] = mpi_copy( skey[0] );
|
pk->pkey[0] = mpi_copy( skey[0] );
|
||||||
pk->pkey[1] = mpi_copy( skey[1] );
|
pk->pkey[1] = mpi_copy( skey[1] );
|
||||||
@ -1462,10 +1497,10 @@ ask_keysize( int algo )
|
|||||||
switch(algo)
|
switch(algo)
|
||||||
{
|
{
|
||||||
case PUBKEY_ALGO_DSA:
|
case PUBKEY_ALGO_DSA:
|
||||||
if(opt.expert)
|
if(opt.flags.dsa2)
|
||||||
{
|
{
|
||||||
def=1024;
|
def=1024;
|
||||||
max=1024;
|
max=3072;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -2574,10 +2609,10 @@ generate_keypair (const char *fname, const char *card_serialno,
|
|||||||
sprintf( r->u.value, "%d", PUBKEY_ALGO_DSA );
|
sprintf( r->u.value, "%d", PUBKEY_ALGO_DSA );
|
||||||
r->next = para;
|
r->next = para;
|
||||||
para = r;
|
para = r;
|
||||||
tty_printf(_("DSA keypair will have %u bits.\n"),1024);
|
nbits = ask_keysize( PUBKEY_ALGO_DSA );
|
||||||
r = xmalloc_clear( sizeof *r + 20 );
|
r = xmalloc_clear( sizeof *r + 20 );
|
||||||
r->key = pKEYLENGTH;
|
r->key = pKEYLENGTH;
|
||||||
strcpy( r->u.value, "1024" );
|
sprintf( r->u.value, "%u", nbits);
|
||||||
r->next = para;
|
r->next = para;
|
||||||
para = r;
|
para = r;
|
||||||
r = xmalloc_clear( sizeof *r + 20 );
|
r = xmalloc_clear( sizeof *r + 20 );
|
||||||
|
Loading…
x
Reference in New Issue
Block a user