From 0a036b6b032a4ce08dd70624a065a7038474f67c Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 8 Nov 2001 16:24:04 +0000 Subject: [PATCH] Tweaked v3 -c decryption, let --force-v4-certs use SHA-1 for all RSA keys. --- g10/ChangeLog | 8 +++++++- g10/mainproc.c | 31 ++++++++++++++++++++++++++----- g10/pubkey-enc.c | 4 ++-- g10/sign.c | 5 ++++- 4 files changed, 39 insertions(+), 9 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 5ce79becd..96e783f76 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,11 @@ 2001-11-08 Werner Koch + * pubkey-enc.c (get_it): To reduce the number of questions on the + MLs print the the name of cipher algorithm 1 with the error message. + + * mainproc.c: Changed the way old rfc1991 encryption cipher is + selected. Based on a patch by W Lewis. + * pkclist.c (do_edit_ownertrust): Allow to skip over keys, the non working "show info" is now assigned to "i" * trustdb.c (ask_ownertrust, validate_keys): Implement a real quit @@ -11,7 +17,7 @@ * g10.c, options.h : New option --[no-]froce-v4-certs. * sign.c (make_keysig_packet): Create v4 sigs on v4 keys even with - a v3 key. Use new option. By David Shaw + a v3 key. Use that new option. By David Shaw * revoke.c (ask_revocation_reason): Allow to select "no reason". By David Shaw. diff --git a/g10/mainproc.c b/g10/mainproc.c index f8db5fa0d..f2d29b2bd 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -421,12 +421,33 @@ proc_encrypted( CTX c, PACKET *pkt ) if( opt.list_only ) result = -1; else if( !c->dek && !c->last_was_session_key ) { - int algo = opt.def_cipher_algo ? opt.def_cipher_algo - : opt.s2k_cipher_algo; + int algo; + STRING2KEY s2kbuf, *s2k = NULL; + /* assume this is old style conventional encrypted data */ - log_info(_("assuming %s encrypted data\n"), - cipher_algo_to_string (algo) ); - c->dek = passphrase_to_dek( NULL, 0, algo, NULL, 0); + if ( (algo = opt.def_cipher_algo)) + log_info (_("assuming %s encrypted data\n"), + cipher_algo_to_string(algo)); + else if ( check_cipher_algo(CIPHER_ALGO_IDEA) ) { + algo = opt.def_cipher_algo; + if (!algo) + algo = opt.s2k_cipher_algo;; + log_info (_("IDEA cipher unavailable, " + "optimistically attempting to use %s instead\n"), + cipher_algo_to_string(algo)); + } + else { + algo = CIPHER_ALGO_IDEA; + if (!opt.def_digest_algo) { + /* If no digest is given we assume MD5 */ + s2kbuf.mode = 0; + s2kbuf.hash_algo = DIGEST_ALGO_MD5; + s2k = &s2kbuf; + } + log_info (_("assuming %s encrypted data\n"), "IDEA"); + } + + c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0 ); if (c->dek) c->dek->algo_info_printed = 1; } diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 7ef9a5a0f..613c4737a 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -173,8 +173,8 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid ) rc = check_cipher_algo( dek->algo ); if( rc ) { if( !opt.quiet && rc == G10ERR_CIPHER_ALGO ) { - log_info(_("cipher algorithm %d is unknown or disabled\n"), - dek->algo); + log_info(_("cipher algorithm %d%s is unknown or disabled\n"), + dek->algo, dek->algo == CIPHER_ALGO_IDEA? " (IDEA)":""); } dek->algo = 0; goto leave; diff --git a/g10/sign.c b/g10/sign.c index f5d2dae11..5da8073b3 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1002,7 +1002,10 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, break; case PUBKEY_ALGO_RSA_S: case PUBKEY_ALGO_RSA: - digest_algo = sk->version < 4? DIGEST_ALGO_MD5 : DIGEST_ALGO_SHA1; + if (opt.force_v4_sigs || sk->version > 3) + digest_algo = DIGEST_ALGO_SHA1; + else + digest_algo = DIGEST_ALGO_MD5; break; default: digest_algo = DIGEST_ALGO_RMD160;