mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-14 21:47:19 +02:00
gpg: Disallow the use of v3 keys.
* g10/gpg.c: Add options --allow-v3-keys and --no-allow-v3-keys. (main): Enable --allow-v3-keys in --pgp2 mode. * g10/options.h (opt): Add field allow_v3_keys. * g10/import.c (delete_v3_subkeys): New. (import_one): Skip v3 keys and delete v3 subkeys. (import_print_stats): Print stats on v3 keys and subkeys. * g10/getkey.c (finish_lookup): Skip v3 keys. -- This is a first take on disabling v3 keys. We may need to add some tweaks to make decryption using an existing v3 key easier. There is no need to disallow decryption. Thanks to Georgi Guninski to put some pressure on us to finally do what PGP 2 folks will probably don’t like. See the discussion on gnupg-devel starting 2012-06-22.
This commit is contained in:
Werner Koch
parent
ca8eec8e28
commit
2b32eb15aa
7 changed files with 108 additions and 5 deletions
|
|
@ -459,7 +459,7 @@ more arguments in future versions.
|
|||
|
||||
IMPORT_RES <count> <no_user_id> <imported> <imported_rsa> <unchanged>
|
||||
<n_uids> <n_subk> <n_sigs> <n_revoc> <sec_read> <sec_imported>
|
||||
<sec_dups> <skipped_new_keys> <not_imported>
|
||||
<sec_dups> <skipped_new_keys> <not_imported> <n_v3> <n_v3_subkeys>
|
||||
Final statistics on import process (this is one long line)
|
||||
|
||||
FILE_START <what> <filename>
|
||||
|
|
|
|||
14
doc/gpg.texi
14
doc/gpg.texi
|
|
@ -2637,6 +2637,20 @@ Disable all checks on the form of the user ID while generating a new
|
|||
one. This option should only be used in very special environments as
|
||||
it does not ensure the de-facto standard format of user IDs.
|
||||
|
||||
@ifset gpgtwoone
|
||||
@item --allow-v3-keys
|
||||
@itemx --no-allow-v3-keys
|
||||
@opindex allow-v3-keys
|
||||
Allow the use of deprecated v3 keys with @command{gpg}. The default
|
||||
is not to allow their use.
|
||||
|
||||
Since version 2.1 GnuPG does not anymore allow the import or use of v3
|
||||
keys. Those keys have been generated in the past by PGP 2 and exhibit
|
||||
a couple of flaws. For example they rely on the broken MD5 algorithm.
|
||||
OpenPGP has long deprecated their use (cf. RFC-4880, section 5.5.2).
|
||||
This option may be used to exceptionally allow their use.
|
||||
@end ifset
|
||||
|
||||
@item --ignore-time-conflict
|
||||
@opindex ignore-time-conflict
|
||||
GnuPG normally checks that the timestamps associated with keys and
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue