mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-11 13:14:25 +01:00
PGP2 patch. --pgp2 sets things up for pgp2 compatibility, and prints a
warning if the user does something that would make the message not compatible (i.e. encrypt with a non-RSA key, etc.)
This commit is contained in:
parent
1ccd578910
commit
27949781ec
@ -1,3 +1,17 @@
|
|||||||
|
2001-12-07 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* g10.c, options.h: New option --pgp2. This is identical to
|
||||||
|
"--rfc1991 --cipher-algo idea --compress-algo 1 --digest-algo md5
|
||||||
|
--force_v3_sigs" with the addition of an warning to advise the
|
||||||
|
user not to use a pipe (which would break pgp2 compatibility).
|
||||||
|
|
||||||
|
* encode.c (encode_crypt): warn if the user tries to encrypt to
|
||||||
|
any key that is not RSA and <= 2048 bits when the --pgp2 option is
|
||||||
|
used.
|
||||||
|
|
||||||
|
* sign.c (sign_file, clearsign_file): When using --pgp2, make a v3
|
||||||
|
sig, and warn if the signature is made with a non-v3 key.
|
||||||
|
|
||||||
2001-12-05 David Shaw <dshaw@jabberwocky.com>
|
2001-12-05 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt
|
* sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt
|
||||||
|
13
g10/encode.c
13
g10/encode.c
@ -250,7 +250,7 @@ encode_crypt( const char *filename, STRLIST remusr )
|
|||||||
armor_filter_context_t afx;
|
armor_filter_context_t afx;
|
||||||
compress_filter_context_t zfx;
|
compress_filter_context_t zfx;
|
||||||
text_filter_context_t tfx;
|
text_filter_context_t tfx;
|
||||||
PK_LIST pk_list;
|
PK_LIST pk_list,work_list;
|
||||||
int do_compress = opt.compress && !opt.rfc1991;
|
int do_compress = opt.compress && !opt.rfc1991;
|
||||||
|
|
||||||
|
|
||||||
@ -263,6 +263,17 @@ encode_crypt( const char *filename, STRLIST remusr )
|
|||||||
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
|
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
|
if(opt.pgp2)
|
||||||
|
for(work_list=pk_list;work_list->next!=NULL;work_list=work_list->next)
|
||||||
|
if(!(is_RSA(work_list->pk->pubkey_algo) &&
|
||||||
|
nbits_from_pk(work_list->pk)<=2048))
|
||||||
|
{
|
||||||
|
log_info(_("You can only encrypt to RSA keys of 2048 bits or "
|
||||||
|
"less in --pgp2 mode\n"));
|
||||||
|
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
/* prepare iobufs */
|
/* prepare iobufs */
|
||||||
if( !(inp = iobuf_open(filename)) ) {
|
if( !(inp = iobuf_open(filename)) ) {
|
||||||
log_error(_("can't open %s: %s\n"), filename? filename: "[stdin]",
|
log_error(_("can't open %s: %s\n"), filename? filename: "[stdin]",
|
||||||
|
38
g10/g10.c
38
g10/g10.c
@ -149,6 +149,8 @@ enum cmd_and_opt_values { aNull = 0,
|
|||||||
oLoadExtension,
|
oLoadExtension,
|
||||||
oRFC1991,
|
oRFC1991,
|
||||||
oOpenPGP,
|
oOpenPGP,
|
||||||
|
oPGP2,
|
||||||
|
oNoPGP2,
|
||||||
oCipherAlgo,
|
oCipherAlgo,
|
||||||
oDigestAlgo,
|
oDigestAlgo,
|
||||||
oCompressAlgo,
|
oCompressAlgo,
|
||||||
@ -363,6 +365,8 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
|
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
|
||||||
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
|
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
|
||||||
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
|
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
|
||||||
|
{ oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")},
|
||||||
|
{ oNoPGP2, "no-pgp2", 0, "@"},
|
||||||
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
|
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
|
||||||
{ oS2KDigest, "s2k-digest-algo",2,
|
{ oS2KDigest, "s2k-digest-algo",2,
|
||||||
N_("|NAME|use message digest algorithm NAME for passphrases")},
|
N_("|NAME|use message digest algorithm NAME for passphrases")},
|
||||||
@ -1013,6 +1017,8 @@ main( int argc, char **argv )
|
|||||||
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
|
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
|
||||||
opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
|
opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
|
||||||
break;
|
break;
|
||||||
|
case oPGP2: opt.pgp2 = 1; break;
|
||||||
|
case oNoPGP2: opt.pgp2 = 0; break;
|
||||||
case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
|
case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
|
||||||
case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break;
|
case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break;
|
||||||
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
|
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
|
||||||
@ -1267,6 +1273,28 @@ main( int argc, char **argv )
|
|||||||
if (preference_list && keygen_set_std_prefs (preference_list))
|
if (preference_list && keygen_set_std_prefs (preference_list))
|
||||||
log_error(_("invalid preferences\n"));
|
log_error(_("invalid preferences\n"));
|
||||||
|
|
||||||
|
/* Do this after the switch(), so it can override these
|
||||||
|
settings. */
|
||||||
|
if(opt.pgp2)
|
||||||
|
{
|
||||||
|
opt.rfc1991 = 1;
|
||||||
|
opt.rfc2440 = 0;
|
||||||
|
opt.force_v4_certs = 0;
|
||||||
|
opt.no_comment = 1;
|
||||||
|
opt.escape_from = 1;
|
||||||
|
opt.force_v3_sigs = 1;
|
||||||
|
opt.pgp2_workarounds = 1;
|
||||||
|
opt.def_cipher_algo = CIPHER_ALGO_IDEA;
|
||||||
|
if( cmd==aEncr && check_cipher_algo(CIPHER_ALGO_IDEA) ) {
|
||||||
|
log_info(_("Encrypting a message to a PGP 2.x user requires "
|
||||||
|
"the IDEA cipher module.\n"));
|
||||||
|
log_error(_("Please see http://www.gnupg.org/why-not-idea.html"
|
||||||
|
" for more information.\n"));
|
||||||
|
}
|
||||||
|
opt.def_digest_algo = DIGEST_ALGO_MD5;
|
||||||
|
opt.def_compress_algo = 1;
|
||||||
|
}
|
||||||
|
|
||||||
if( log_get_errorcount(0) )
|
if( log_get_errorcount(0) )
|
||||||
g10_exit(2);
|
g10_exit(2);
|
||||||
|
|
||||||
@ -1385,6 +1413,12 @@ main( int argc, char **argv )
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case aEncr: /* encrypt the given file */
|
case aEncr: /* encrypt the given file */
|
||||||
|
if( argc == 0 && opt.pgp2 ) {
|
||||||
|
log_info(_("You must use files (and not a pipe) when "
|
||||||
|
"encrypting with --pgp2 enabled.\n"));
|
||||||
|
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||||
|
}
|
||||||
|
|
||||||
if( argc > 1 )
|
if( argc > 1 )
|
||||||
wrong_args(_("--encrypt [filename]"));
|
wrong_args(_("--encrypt [filename]"));
|
||||||
if( (rc = encode_crypt(fname,remusr)) )
|
if( (rc = encode_crypt(fname,remusr)) )
|
||||||
@ -1413,6 +1447,10 @@ main( int argc, char **argv )
|
|||||||
case aSignEncr: /* sign and encrypt the given file */
|
case aSignEncr: /* sign and encrypt the given file */
|
||||||
if( argc > 1 )
|
if( argc > 1 )
|
||||||
wrong_args(_("--sign --encrypt [filename]"));
|
wrong_args(_("--sign --encrypt [filename]"));
|
||||||
|
if(opt.pgp2) {
|
||||||
|
log_info(_("You can't sign and encrypt at the same time while in --pgp2 mode\n"));
|
||||||
|
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||||
|
}
|
||||||
if( argc ) {
|
if( argc ) {
|
||||||
sl = m_alloc_clear( sizeof *sl + strlen(fname));
|
sl = m_alloc_clear( sizeof *sl + strlen(fname));
|
||||||
strcpy(sl->d, fname);
|
strcpy(sl->d, fname);
|
||||||
|
@ -1,4 +1,3 @@
|
|||||||
|
|
||||||
/* options.h
|
/* options.h
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
|
* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
@ -77,6 +76,7 @@ struct {
|
|||||||
int compress_keys;
|
int compress_keys;
|
||||||
int compress_sigs;
|
int compress_sigs;
|
||||||
int always_trust;
|
int always_trust;
|
||||||
|
int pgp2;
|
||||||
int rfc1991;
|
int rfc1991;
|
||||||
int rfc2440;
|
int rfc2440;
|
||||||
int pgp2_workarounds;
|
int pgp2_workarounds;
|
||||||
|
24
g10/sign.c
24
g10/sign.c
@ -550,14 +550,22 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
|
|||||||
if( fname && filenames->next && (!detached || encryptflag) )
|
if( fname && filenames->next && (!detached || encryptflag) )
|
||||||
log_bug("multiple files can only be detached signed");
|
log_bug("multiple files can only be detached signed");
|
||||||
|
|
||||||
if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style)
|
if(opt.expert && !opt.pgp2 && !opt.batch &&
|
||||||
|
!opt.force_v3_sigs && !old_style)
|
||||||
duration=ask_expire_interval(1);
|
duration=ask_expire_interval(1);
|
||||||
|
|
||||||
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
|
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
|
||||||
goto leave;
|
goto leave;
|
||||||
if( !old_style && !duration )
|
if( (!old_style && !duration) || opt.pgp2 )
|
||||||
old_style = only_old_style( sk_list );
|
old_style = only_old_style( sk_list );
|
||||||
|
|
||||||
|
if(!old_style && opt.pgp2)
|
||||||
|
{
|
||||||
|
log_info(_("You can only sign with PGP 2.x style keys "
|
||||||
|
"while in --pgp2 mode\n"));
|
||||||
|
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||||
|
}
|
||||||
|
|
||||||
if( encryptflag ) {
|
if( encryptflag ) {
|
||||||
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) )
|
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) )
|
||||||
goto leave;
|
goto leave;
|
||||||
@ -719,14 +727,22 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
|
|||||||
memset( &afx, 0, sizeof afx);
|
memset( &afx, 0, sizeof afx);
|
||||||
init_packet( &pkt );
|
init_packet( &pkt );
|
||||||
|
|
||||||
if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style)
|
if(opt.expert && !opt.pgp2 && !opt.batch &&
|
||||||
|
!opt.force_v3_sigs && !old_style)
|
||||||
duration=ask_expire_interval(1);
|
duration=ask_expire_interval(1);
|
||||||
|
|
||||||
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
|
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
|
||||||
goto leave;
|
goto leave;
|
||||||
if( !old_style && !duration )
|
if( (!old_style && !duration) || opt.pgp2 )
|
||||||
old_style = only_old_style( sk_list );
|
old_style = only_old_style( sk_list );
|
||||||
|
|
||||||
|
if(!old_style && opt.pgp2)
|
||||||
|
{
|
||||||
|
log_info(_("You can only clearsign with PGP 2.x style keys "
|
||||||
|
"while in --pgp2 mode\n"));
|
||||||
|
log_info(_("This message will not be usable by PGP 2.x\n"));
|
||||||
|
}
|
||||||
|
|
||||||
/* prepare iobufs */
|
/* prepare iobufs */
|
||||||
if( !(inp = iobuf_open(fname)) ) {
|
if( !(inp = iobuf_open(fname)) ) {
|
||||||
log_error("can't open %s: %s\n", fname? fname: "[stdin]",
|
log_error("can't open %s: %s\n", fname? fname: "[stdin]",
|
||||||
|
Loading…
x
Reference in New Issue
Block a user