security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-26 22:29:58 +01:00
Code Activity

gpg: New option --override-session-key-fd.

Browse Source 
* g10/gpg.c (oOverrideSessionKeyFD): New.
(opts): Add option --override-session-key-fd.
(main): Handle that option.
(read_sessionkey_from_fd): New.
--

The override-session-key feature was designed to mitigate the effect
of the British RIP act by allowing to keep the private key private and
hand out only a session key.  For that use case the leaking of the
session key would not be a problem.  However there are other use
cases, for example fast re-decryption after an initial decryption,
which would benefit from concealing the session key from other users.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-11-16 09:02:53 +01:00
parent 500e594c2d
commit 43bfaf2c54
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 53 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/gpg.texi
View File

@ -3118,13 +3118,17 @@ inappropriate plaintext so they can take action against the offending
user. user.
@item --override-session-key @code{string} @item --override-session-key @code{string}
@itemx --override-session-key-fd @code{fd}
@opindex override-session-key @opindex override-session-key
Don't use the public key but the session key @code{string}. The format Don't use the public key but the session key @code{string} respective
of this string is the same as the one printed by the session key taken from the first line read from file descriptor
@option{--show-session-key}. This option is normally not used but comes @code{fd}. The format of this string is the same as the one printed
handy in case someone forces you to reveal the content of an encrypted by @option{--show-session-key}. This option is normally not used but
message; using this option you can do this without handing out the comes handy in case someone forces you to reveal the content of an
secret key. encrypted message; using this option you can do this without handing
out the secret key. Note that using @option{--override-session-key}
may reveal the session key to all local users via the global process
table.
@item --ask-sig-expire @item --ask-sig-expire
@itemx --no-ask-sig-expire @itemx --no-ask-sig-expire

45
g10/gpg.c
View File

@ -343,6 +343,7 @@ enum cmd_and_opt_values
oIgnoreMDCError, oIgnoreMDCError,
oShowSessionKey, oShowSessionKey,
oOverrideSessionKey, oOverrideSessionKey,
oOverrideSessionKeyFD,
oNoRandomSeedFile, oNoRandomSeedFile,
oAutoKeyRetrieve, oAutoKeyRetrieve,
oNoAutoKeyRetrieve, oNoAutoKeyRetrieve,
@ -776,6 +777,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"), ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"), ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"), ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
ARGPARSE_s_i (oOverrideSessionKeyFD, "override-session-key-fd", "@"),
ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"), ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"), ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"), ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
@ -919,6 +921,7 @@ static void add_notation_data( const char *string, int which );
static void add_policy_url( const char *string, int which ); static void add_policy_url( const char *string, int which );
static void add_keyserver_url( const char *string, int which ); static void add_keyserver_url( const char *string, int which );
static void emergency_cleanup (void); static void emergency_cleanup (void);
static void read_sessionkey_from_fd (int fd);
static char * static char *
@ -2262,6 +2265,7 @@ main (int argc, char **argv)
int eyes_only=0; int eyes_only=0;
int multifile=0; int multifile=0;
int pwfd = -1; int pwfd = -1;
int ovrseskeyfd = -1;
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */ int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
int any_explicit_recipient = 0; int any_explicit_recipient = 0;
int require_secmem = 0; int require_secmem = 0;
@ -3289,6 +3293,9 @@ main (int argc, char **argv)
case oOverrideSessionKey: case oOverrideSessionKey:
opt.override_session_key = pargs.r.ret_str; opt.override_session_key = pargs.r.ret_str;
break; break;
case oOverrideSessionKeyFD:
ovrseskeyfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
break;
case oMergeOnly: case oMergeOnly:
deprecated_warning(configname,configlineno,"--merge-only", deprecated_warning(configname,configlineno,"--merge-only",
"--import-options ","merge-only"); "--import-options ","merge-only");
@ -3856,8 +3863,11 @@ main (int argc, char **argv)
g10_exit(0); g10_exit(0);
if( pwfd != -1 ) /* Read the passphrase now. */ if (pwfd != -1) /* Read the passphrase now. */
read_passphrase_from_fd( pwfd ); read_passphrase_from_fd (pwfd);
if (ovrseskeyfd != -1 ) /* Read the sessionkey now. */
read_sessionkey_from_fd (ovrseskeyfd);
fname = argc? *argv : NULL; fname = argc? *argv : NULL;
@ -5212,3 +5222,34 @@ add_keyserver_url( const char *string, int which )
if(critical) if(critical)
sl->flags |= 1; sl->flags |= 1;
} }
static void
read_sessionkey_from_fd (int fd)
{
int i, len;
char *line;
for (line = NULL, i = len = 100; ; i++ )
{
if (i >= len-1 )
{
char *tmp = line;
len += 100;
line = xmalloc_secure (len);
if (tmp)
{
memcpy (line, tmp, i);
xfree (tmp);
}
else
i=0;
}
if (read (fd, line + i, 1) != 1 || line[i] == '\n')
break;
}
line[i] = 0;
log_debug ("seskey: %s\n", line);
gpgrt_annotate_leaked_object (line);
opt.override_session_key = line;
}