1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-11 13:14:25 +01:00

PGP2 patch. --pgp2 sets things up for pgp2 compatibility, and prints a

warning if the user does something that would make the message not
compatible (i.e. encrypt with a non-RSA key, etc.)
This commit is contained in:
David Shaw 2001-12-07 15:24:32 +00:00
parent 1ccd578910
commit 27949781ec
5 changed files with 85 additions and 6 deletions

View File

@ -1,3 +1,17 @@
2001-12-07 David Shaw <dshaw@jabberwocky.com>
* g10.c, options.h: New option --pgp2. This is identical to
"--rfc1991 --cipher-algo idea --compress-algo 1 --digest-algo md5
--force_v3_sigs" with the addition of an warning to advise the
user not to use a pipe (which would break pgp2 compatibility).
* encode.c (encode_crypt): warn if the user tries to encrypt to
any key that is not RSA and <= 2048 bits when the --pgp2 option is
used.
* sign.c (sign_file, clearsign_file): When using --pgp2, make a v3
sig, and warn if the signature is made with a non-v3 key.
2001-12-05 David Shaw <dshaw@jabberwocky.com> 2001-12-05 David Shaw <dshaw@jabberwocky.com>
* sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt

View File

@ -250,7 +250,7 @@ encode_crypt( const char *filename, STRLIST remusr )
armor_filter_context_t afx; armor_filter_context_t afx;
compress_filter_context_t zfx; compress_filter_context_t zfx;
text_filter_context_t tfx; text_filter_context_t tfx;
PK_LIST pk_list; PK_LIST pk_list,work_list;
int do_compress = opt.compress && !opt.rfc1991; int do_compress = opt.compress && !opt.rfc1991;
@ -263,6 +263,17 @@ encode_crypt( const char *filename, STRLIST remusr )
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) ) if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
return rc; return rc;
if(opt.pgp2)
for(work_list=pk_list;work_list->next!=NULL;work_list=work_list->next)
if(!(is_RSA(work_list->pk->pubkey_algo) &&
nbits_from_pk(work_list->pk)<=2048))
{
log_info(_("You can only encrypt to RSA keys of 2048 bits or "
"less in --pgp2 mode\n"));
log_info(_("This message will not be usable by PGP 2.x\n"));
break;
}
/* prepare iobufs */ /* prepare iobufs */
if( !(inp = iobuf_open(filename)) ) { if( !(inp = iobuf_open(filename)) ) {
log_error(_("can't open %s: %s\n"), filename? filename: "[stdin]", log_error(_("can't open %s: %s\n"), filename? filename: "[stdin]",

View File

@ -149,6 +149,8 @@ enum cmd_and_opt_values { aNull = 0,
oLoadExtension, oLoadExtension,
oRFC1991, oRFC1991,
oOpenPGP, oOpenPGP,
oPGP2,
oNoPGP2,
oCipherAlgo, oCipherAlgo,
oDigestAlgo, oDigestAlgo,
oCompressAlgo, oCompressAlgo,
@ -363,6 +365,8 @@ static ARGPARSE_OPTS opts[] = {
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")}, { oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")}, { oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")}, { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
{ oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")},
{ oNoPGP2, "no-pgp2", 0, "@"},
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")}, { oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
{ oS2KDigest, "s2k-digest-algo",2, { oS2KDigest, "s2k-digest-algo",2,
N_("|NAME|use message digest algorithm NAME for passphrases")}, N_("|NAME|use message digest algorithm NAME for passphrases")},
@ -1013,6 +1017,8 @@ main( int argc, char **argv )
opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
break; break;
case oPGP2: opt.pgp2 = 1; break;
case oNoPGP2: opt.pgp2 = 0; break;
case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break; case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break;
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break; case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
@ -1267,6 +1273,28 @@ main( int argc, char **argv )
if (preference_list && keygen_set_std_prefs (preference_list)) if (preference_list && keygen_set_std_prefs (preference_list))
log_error(_("invalid preferences\n")); log_error(_("invalid preferences\n"));
/* Do this after the switch(), so it can override these
settings. */
if(opt.pgp2)
{
opt.rfc1991 = 1;
opt.rfc2440 = 0;
opt.force_v4_certs = 0;
opt.no_comment = 1;
opt.escape_from = 1;
opt.force_v3_sigs = 1;
opt.pgp2_workarounds = 1;
opt.def_cipher_algo = CIPHER_ALGO_IDEA;
if( cmd==aEncr && check_cipher_algo(CIPHER_ALGO_IDEA) ) {
log_info(_("Encrypting a message to a PGP 2.x user requires "
"the IDEA cipher module.\n"));
log_error(_("Please see http://www.gnupg.org/why-not-idea.html"
" for more information.\n"));
}
opt.def_digest_algo = DIGEST_ALGO_MD5;
opt.def_compress_algo = 1;
}
if( log_get_errorcount(0) ) if( log_get_errorcount(0) )
g10_exit(2); g10_exit(2);
@ -1385,6 +1413,12 @@ main( int argc, char **argv )
break; break;
case aEncr: /* encrypt the given file */ case aEncr: /* encrypt the given file */
if( argc == 0 && opt.pgp2 ) {
log_info(_("You must use files (and not a pipe) when "
"encrypting with --pgp2 enabled.\n"));
log_info(_("This message will not be usable by PGP 2.x\n"));
}
if( argc > 1 ) if( argc > 1 )
wrong_args(_("--encrypt [filename]")); wrong_args(_("--encrypt [filename]"));
if( (rc = encode_crypt(fname,remusr)) ) if( (rc = encode_crypt(fname,remusr)) )
@ -1413,6 +1447,10 @@ main( int argc, char **argv )
case aSignEncr: /* sign and encrypt the given file */ case aSignEncr: /* sign and encrypt the given file */
if( argc > 1 ) if( argc > 1 )
wrong_args(_("--sign --encrypt [filename]")); wrong_args(_("--sign --encrypt [filename]"));
if(opt.pgp2) {
log_info(_("You can't sign and encrypt at the same time while in --pgp2 mode\n"));
log_info(_("This message will not be usable by PGP 2.x\n"));
}
if( argc ) { if( argc ) {
sl = m_alloc_clear( sizeof *sl + strlen(fname)); sl = m_alloc_clear( sizeof *sl + strlen(fname));
strcpy(sl->d, fname); strcpy(sl->d, fname);

View File

@ -1,4 +1,3 @@
/* options.h /* options.h
* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
* *
@ -77,6 +76,7 @@ struct {
int compress_keys; int compress_keys;
int compress_sigs; int compress_sigs;
int always_trust; int always_trust;
int pgp2;
int rfc1991; int rfc1991;
int rfc2440; int rfc2440;
int pgp2_workarounds; int pgp2_workarounds;

View File

@ -550,14 +550,22 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( fname && filenames->next && (!detached || encryptflag) ) if( fname && filenames->next && (!detached || encryptflag) )
log_bug("multiple files can only be detached signed"); log_bug("multiple files can only be detached signed");
if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style) if(opt.expert && !opt.pgp2 && !opt.batch &&
!opt.force_v3_sigs && !old_style)
duration=ask_expire_interval(1); duration=ask_expire_interval(1);
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave; goto leave;
if( !old_style && !duration ) if( (!old_style && !duration) || opt.pgp2 )
old_style = only_old_style( sk_list ); old_style = only_old_style( sk_list );
if(!old_style && opt.pgp2)
{
log_info(_("You can only sign with PGP 2.x style keys "
"while in --pgp2 mode\n"));
log_info(_("This message will not be usable by PGP 2.x\n"));
}
if( encryptflag ) { if( encryptflag ) {
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) ) if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) )
goto leave; goto leave;
@ -719,14 +727,22 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
memset( &afx, 0, sizeof afx); memset( &afx, 0, sizeof afx);
init_packet( &pkt ); init_packet( &pkt );
if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style) if(opt.expert && !opt.pgp2 && !opt.batch &&
!opt.force_v3_sigs && !old_style)
duration=ask_expire_interval(1); duration=ask_expire_interval(1);
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave; goto leave;
if( !old_style && !duration ) if( (!old_style && !duration) || opt.pgp2 )
old_style = only_old_style( sk_list ); old_style = only_old_style( sk_list );
if(!old_style && opt.pgp2)
{
log_info(_("You can only clearsign with PGP 2.x style keys "
"while in --pgp2 mode\n"));
log_info(_("This message will not be usable by PGP 2.x\n"));
}
/* prepare iobufs */ /* prepare iobufs */
if( !(inp = iobuf_open(fname)) ) { if( !(inp = iobuf_open(fname)) ) {
log_error("can't open %s: %s\n", fname? fname: "[stdin]", log_error("can't open %s: %s\n", fname? fname: "[stdin]",