security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Add option --allow-weak-key-signatures.

Browse source 
* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
* g10/misc.c (print_sha1_keysig_rejected_note): New.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e624c41dba)
This commit is contained in:
Werner Koch 2019-11-07 10:36:17 +01:00
parent 1d83f92fa9
commit 3b1fcf6523
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
6 changed files with 43 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
g10/sig-check.c
View file

@ -966,13 +966,15 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
{
log_assert (packet->pkttype == PKT_USER_ID);
if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
&& sig->timestamp > 1547856000)
&& sig->timestamp > 1547856000
&& !opt.flags.allow_weak_key_signatures)
{
/* If the signature was created using SHA-1 we consider this
* signature invalid because it makes it possible to mount a
* chosen-prefix collision. We don't do this for
* self-signatures or for signatures created before the
* somewhat arbitrary cut-off date 2019-01-19. */
print_sha1_keysig_rejected_note ();
rc = gpg_error (GPG_ERR_DIGEST_ALGO);
}
else