mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-22 14:57:02 +01:00
PGP2 patch. --pgp2 sets things up for pgp2 compatibility, and prints a
warning if the user does something that would make the message not compatible (i.e. encrypt with a non-RSA key, etc.)
This commit is contained in:
parent
1ccd578910
commit
27949781ec
@ -1,3 +1,17 @@
|
||||
2001-12-07 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* g10.c, options.h: New option --pgp2. This is identical to
|
||||
"--rfc1991 --cipher-algo idea --compress-algo 1 --digest-algo md5
|
||||
--force_v3_sigs" with the addition of an warning to advise the
|
||||
user not to use a pipe (which would break pgp2 compatibility).
|
||||
|
||||
* encode.c (encode_crypt): warn if the user tries to encrypt to
|
||||
any key that is not RSA and <= 2048 bits when the --pgp2 option is
|
||||
used.
|
||||
|
||||
* sign.c (sign_file, clearsign_file): When using --pgp2, make a v3
|
||||
sig, and warn if the signature is made with a non-v3 key.
|
||||
|
||||
2001-12-05 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt
|
||||
|
13
g10/encode.c
13
g10/encode.c
@ -250,7 +250,7 @@ encode_crypt( const char *filename, STRLIST remusr )
|
||||
armor_filter_context_t afx;
|
||||
compress_filter_context_t zfx;
|
||||
text_filter_context_t tfx;
|
||||
PK_LIST pk_list;
|
||||
PK_LIST pk_list,work_list;
|
||||
int do_compress = opt.compress && !opt.rfc1991;
|
||||
|
||||
|
||||
@ -263,6 +263,17 @@ encode_crypt( const char *filename, STRLIST remusr )
|
||||
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
|
||||
return rc;
|
||||
|
||||
if(opt.pgp2)
|
||||
for(work_list=pk_list;work_list->next!=NULL;work_list=work_list->next)
|
||||
if(!(is_RSA(work_list->pk->pubkey_algo) &&
|
||||
nbits_from_pk(work_list->pk)<=2048))
|
||||
{
|
||||
log_info(_("You can only encrypt to RSA keys of 2048 bits or "
|
||||
"less in --pgp2 mode\n"));
|
||||
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||
break;
|
||||
}
|
||||
|
||||
/* prepare iobufs */
|
||||
if( !(inp = iobuf_open(filename)) ) {
|
||||
log_error(_("can't open %s: %s\n"), filename? filename: "[stdin]",
|
||||
|
38
g10/g10.c
38
g10/g10.c
@ -149,6 +149,8 @@ enum cmd_and_opt_values { aNull = 0,
|
||||
oLoadExtension,
|
||||
oRFC1991,
|
||||
oOpenPGP,
|
||||
oPGP2,
|
||||
oNoPGP2,
|
||||
oCipherAlgo,
|
||||
oDigestAlgo,
|
||||
oCompressAlgo,
|
||||
@ -363,6 +365,8 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
|
||||
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
|
||||
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
|
||||
{ oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")},
|
||||
{ oNoPGP2, "no-pgp2", 0, "@"},
|
||||
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
|
||||
{ oS2KDigest, "s2k-digest-algo",2,
|
||||
N_("|NAME|use message digest algorithm NAME for passphrases")},
|
||||
@ -1013,6 +1017,8 @@ main( int argc, char **argv )
|
||||
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
|
||||
opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
|
||||
break;
|
||||
case oPGP2: opt.pgp2 = 1; break;
|
||||
case oNoPGP2: opt.pgp2 = 0; break;
|
||||
case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
|
||||
case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break;
|
||||
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
|
||||
@ -1267,6 +1273,28 @@ main( int argc, char **argv )
|
||||
if (preference_list && keygen_set_std_prefs (preference_list))
|
||||
log_error(_("invalid preferences\n"));
|
||||
|
||||
/* Do this after the switch(), so it can override these
|
||||
settings. */
|
||||
if(opt.pgp2)
|
||||
{
|
||||
opt.rfc1991 = 1;
|
||||
opt.rfc2440 = 0;
|
||||
opt.force_v4_certs = 0;
|
||||
opt.no_comment = 1;
|
||||
opt.escape_from = 1;
|
||||
opt.force_v3_sigs = 1;
|
||||
opt.pgp2_workarounds = 1;
|
||||
opt.def_cipher_algo = CIPHER_ALGO_IDEA;
|
||||
if( cmd==aEncr && check_cipher_algo(CIPHER_ALGO_IDEA) ) {
|
||||
log_info(_("Encrypting a message to a PGP 2.x user requires "
|
||||
"the IDEA cipher module.\n"));
|
||||
log_error(_("Please see http://www.gnupg.org/why-not-idea.html"
|
||||
" for more information.\n"));
|
||||
}
|
||||
opt.def_digest_algo = DIGEST_ALGO_MD5;
|
||||
opt.def_compress_algo = 1;
|
||||
}
|
||||
|
||||
if( log_get_errorcount(0) )
|
||||
g10_exit(2);
|
||||
|
||||
@ -1385,6 +1413,12 @@ main( int argc, char **argv )
|
||||
break;
|
||||
|
||||
case aEncr: /* encrypt the given file */
|
||||
if( argc == 0 && opt.pgp2 ) {
|
||||
log_info(_("You must use files (and not a pipe) when "
|
||||
"encrypting with --pgp2 enabled.\n"));
|
||||
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||
}
|
||||
|
||||
if( argc > 1 )
|
||||
wrong_args(_("--encrypt [filename]"));
|
||||
if( (rc = encode_crypt(fname,remusr)) )
|
||||
@ -1413,6 +1447,10 @@ main( int argc, char **argv )
|
||||
case aSignEncr: /* sign and encrypt the given file */
|
||||
if( argc > 1 )
|
||||
wrong_args(_("--sign --encrypt [filename]"));
|
||||
if(opt.pgp2) {
|
||||
log_info(_("You can't sign and encrypt at the same time while in --pgp2 mode\n"));
|
||||
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||
}
|
||||
if( argc ) {
|
||||
sl = m_alloc_clear( sizeof *sl + strlen(fname));
|
||||
strcpy(sl->d, fname);
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
/* options.h
|
||||
* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
|
||||
*
|
||||
@ -77,6 +76,7 @@ struct {
|
||||
int compress_keys;
|
||||
int compress_sigs;
|
||||
int always_trust;
|
||||
int pgp2;
|
||||
int rfc1991;
|
||||
int rfc2440;
|
||||
int pgp2_workarounds;
|
||||
|
24
g10/sign.c
24
g10/sign.c
@ -550,14 +550,22 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
|
||||
if( fname && filenames->next && (!detached || encryptflag) )
|
||||
log_bug("multiple files can only be detached signed");
|
||||
|
||||
if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style)
|
||||
if(opt.expert && !opt.pgp2 && !opt.batch &&
|
||||
!opt.force_v3_sigs && !old_style)
|
||||
duration=ask_expire_interval(1);
|
||||
|
||||
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
|
||||
goto leave;
|
||||
if( !old_style && !duration )
|
||||
if( (!old_style && !duration) || opt.pgp2 )
|
||||
old_style = only_old_style( sk_list );
|
||||
|
||||
if(!old_style && opt.pgp2)
|
||||
{
|
||||
log_info(_("You can only sign with PGP 2.x style keys "
|
||||
"while in --pgp2 mode\n"));
|
||||
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||
}
|
||||
|
||||
if( encryptflag ) {
|
||||
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) )
|
||||
goto leave;
|
||||
@ -719,14 +727,22 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
|
||||
memset( &afx, 0, sizeof afx);
|
||||
init_packet( &pkt );
|
||||
|
||||
if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style)
|
||||
if(opt.expert && !opt.pgp2 && !opt.batch &&
|
||||
!opt.force_v3_sigs && !old_style)
|
||||
duration=ask_expire_interval(1);
|
||||
|
||||
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
|
||||
goto leave;
|
||||
if( !old_style && !duration )
|
||||
if( (!old_style && !duration) || opt.pgp2 )
|
||||
old_style = only_old_style( sk_list );
|
||||
|
||||
if(!old_style && opt.pgp2)
|
||||
{
|
||||
log_info(_("You can only clearsign with PGP 2.x style keys "
|
||||
"while in --pgp2 mode\n"));
|
||||
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||
}
|
||||
|
||||
/* prepare iobufs */
|
||||
if( !(inp = iobuf_open(fname)) ) {
|
||||
log_error("can't open %s: %s\n", fname? fname: "[stdin]",
|
||||
|
Loading…
x
Reference in New Issue
Block a user