security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-06-13 18:21:03 +02:00
Code Activity

gpg: Allow updating a SHA-1 key certification w/o --force-sign-key.

Browse Source 
* g10/keyedit.c (sign_uids): Add a case for this.
--

GnuPG-bug-id:  7663
This commit is contained in:
Werner Koch 2025-05-28 10:39:17 +02:00
parent e8eb92019f
commit 15a71f108d
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -1,6 +1,9 @@
Noteworthy changes in version 2.5.7 (unreleased) Noteworthy changes in version 2.5.7 (unreleased)
------------------------------------------------ ------------------------------------------------
* gpg: Allow updating a SHA-1 key certification w/o using
the --force-sign-key option. [T7663]
Noteworthy changes in version 2.5.6 (2025-05-08) Noteworthy changes in version 2.5.6 (2025-05-08)
------------------------------------------------ ------------------------------------------------

11
g10/keyedit.c
View File

@ -855,7 +855,16 @@ sign_uids (ctrl_t ctrl, estream_t fp,
_("\"%s\" was already signed by key %s\n"), _("\"%s\" was already signed by key %s\n"),
user, keystr_from_pk (pk)); user, keystr_from_pk (pk));
if (opt.flags.force_sign_key if (node->pkt->pkt.signature->digest_algo
== DIGEST_ALGO_SHA1
&& !opt.flags.allow_weak_key_signatures)
{
/* Allow updating a signature to a stronger
* digest algorithm without an extra option. */
xfree (user);
continue;
}
else if (opt.flags.force_sign_key
|| (opt.expert && !(flags & SIGN_UIDS_QUICK) || (opt.expert && !(flags & SIGN_UIDS_QUICK)
&& cpr_get_answer_is_yes ("sign_uid.dupe_okay", && cpr_get_answer_is_yes ("sign_uid.dupe_okay",
_("Do you want to sign it " _("Do you want to sign it "