mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
allow for default algorithms in a gpg parameter file
This commit is contained in:
parent
66a0019120
commit
49b00ffd67
3
NEWS
3
NEWS
@ -8,6 +8,9 @@ Noteworthy changes in version 2.1.x (under development)
|
|||||||
|
|
||||||
* The G13 tool for disk encryption key management has been added.
|
* The G13 tool for disk encryption key management has been added.
|
||||||
|
|
||||||
|
* The default for --include-cert is now to include all certificates
|
||||||
|
in the chain except for the root certificate.
|
||||||
|
|
||||||
* Numerical values may now be used as an alternative to the
|
* Numerical values may now be used as an alternative to the
|
||||||
debug-level keywords.
|
debug-level keywords.
|
||||||
|
|
||||||
|
41
doc/DETAILS
41
doc/DETAILS
@ -823,11 +823,14 @@ The format of this file is as follows:
|
|||||||
used. Some syntactically checks may be performed.
|
used. Some syntactically checks may be performed.
|
||||||
The currently defined parameters are:
|
The currently defined parameters are:
|
||||||
Key-Type: <algo-number>|<algo-string>
|
Key-Type: <algo-number>|<algo-string>
|
||||||
Starts a new parameter block by giving the type of the
|
Starts a new parameter block by giving the type of the primary
|
||||||
primary key. The algorithm must be capable of signing.
|
key. The algorithm must be capable of signing. This is a
|
||||||
This is a required parameter.
|
required parameter. It may be "default" to use the default
|
||||||
|
one; in this case don't give a Key-Usage and use "default" for
|
||||||
|
the Subkey-Type.
|
||||||
Key-Length: <length-in-bits>
|
Key-Length: <length-in-bits>
|
||||||
Length of the key in bits. Default is 1024.
|
Length of the key in bits. The default is returned by running
|
||||||
|
the command "gpg --gpgconf-list".
|
||||||
Key-Usage: <usage-list>
|
Key-Usage: <usage-list>
|
||||||
Space or comma delimited list of key usage, allowed values are
|
Space or comma delimited list of key usage, allowed values are
|
||||||
"encrypt", "sign", and "auth". This is used to generate the
|
"encrypt", "sign", and "auth". This is used to generate the
|
||||||
@ -835,13 +838,15 @@ The format of this file is as follows:
|
|||||||
this usage. Note that OpenPGP requires that all primary keys
|
this usage. Note that OpenPGP requires that all primary keys
|
||||||
are capable of certification, so no matter what usage is given
|
are capable of certification, so no matter what usage is given
|
||||||
here, the "cert" flag will be on. If no Key-Usage is
|
here, the "cert" flag will be on. If no Key-Usage is
|
||||||
specified, all the allowed usages for that particular
|
specified and the key-type is not "default", all allowed
|
||||||
algorithm are used.
|
usages for that particular algorithm are used; if it is not
|
||||||
|
given but "default" is used the usage will be "sign".
|
||||||
Subkey-Type: <algo-number>|<algo-string>
|
Subkey-Type: <algo-number>|<algo-string>
|
||||||
This generates a secondary key. Currently only one subkey
|
This generates a secondary key. Currently only one subkey
|
||||||
can be handled.
|
can be handled.
|
||||||
Subkey-Length: <length-in-bits>
|
Subkey-Length: <length-in-bits>
|
||||||
Length of the subkey in bits. Default is 1024.
|
Length of the subkey in bits. The default is returned by running
|
||||||
|
the command "gpg --gpgconf-list".
|
||||||
Subkey-Usage: <usage-list>
|
Subkey-Usage: <usage-list>
|
||||||
Similar to Key-Usage.
|
Similar to Key-Usage.
|
||||||
Passphrase: <string>
|
Passphrase: <string>
|
||||||
@ -892,9 +897,9 @@ The format of this file is as follows:
|
|||||||
keyserver URL for the key.
|
keyserver URL for the key.
|
||||||
|
|
||||||
|
|
||||||
Here is an example:
|
Here is an example on how to create a key:
|
||||||
$ cat >foo <<EOF
|
$ cat >foo <<EOF
|
||||||
%echo Generating a standard key
|
%echo Generating a basic OpenPGP key
|
||||||
Key-Type: DSA
|
Key-Type: DSA
|
||||||
Key-Length: 1024
|
Key-Length: 1024
|
||||||
Subkey-Type: ELG-E
|
Subkey-Type: ELG-E
|
||||||
@ -919,6 +924,24 @@ $ gpg --no-default-keyring --secret-keyring ./foo.sec \
|
|||||||
sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar>
|
sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar>
|
||||||
ssb 1024g/8F70E2C0 2000-03-09
|
ssb 1024g/8F70E2C0 2000-03-09
|
||||||
|
|
||||||
|
If you want to create a key with the default algorithms you would
|
||||||
|
use these parameters:
|
||||||
|
|
||||||
|
%echo Generating a default key
|
||||||
|
Key-Type: default
|
||||||
|
Subkey-Type: default
|
||||||
|
Name-Real: Joe Tester
|
||||||
|
Name-Comment: with stupid passphrase
|
||||||
|
Name-Email: joe@foo.bar
|
||||||
|
Expire-Date: 0
|
||||||
|
Passphrase: abc
|
||||||
|
%pubring foo.pub
|
||||||
|
%secring foo.sec
|
||||||
|
# Do a commit here, so that we can later print "done" :-)
|
||||||
|
%commit
|
||||||
|
%echo done
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Layout of the TrustDB
|
Layout of the TrustDB
|
||||||
|
@ -1,3 +1,11 @@
|
|||||||
|
2009-12-04 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* keygen.c (DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE): New.
|
||||||
|
(ask_keysize): Use new macro.
|
||||||
|
(gen_rsa): Set default size if NBITS is 0.
|
||||||
|
(get_parameter_algo): Add algo name "default". Add arg R_DEFAULT.
|
||||||
|
(proc_parameter_file): Process default flag.
|
||||||
|
|
||||||
2009-12-03 Werner Koch <wk@g10code.com>
|
2009-12-03 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* gpg.c (set_debug): Allow for numerical debug leveles. Print
|
* gpg.c (set_debug): Allow for numerical debug leveles. Print
|
||||||
|
@ -1617,8 +1617,8 @@ gpgconf_list (const char *configfile)
|
|||||||
printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
|
printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
|
||||||
printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
|
printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
|
||||||
|
|
||||||
/* The next one is an info only item and should match what
|
/* The next one is an info only item and should match the macros at
|
||||||
keygen:ask_keysize actually implements. */
|
the top of keygen.c */
|
||||||
printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
|
printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
|
||||||
"RSA-2048");
|
"RSA-2048");
|
||||||
|
|
||||||
|
87
g10/keygen.c
87
g10/keygen.c
@ -43,6 +43,12 @@
|
|||||||
#include "keyserver-internal.h"
|
#include "keyserver-internal.h"
|
||||||
#include "call-agent.h"
|
#include "call-agent.h"
|
||||||
|
|
||||||
|
/* The default algorithms. If you change them remember to change them
|
||||||
|
also in gpg.c:gpgconf_list. You should also check that the value
|
||||||
|
is inside the bounds enforced by ask_keysize and gen_xxx. */
|
||||||
|
#define DEFAULT_STD_ALGO GCRY_PK_RSA
|
||||||
|
#define DEFAULT_STD_KEYSIZE 2048
|
||||||
|
|
||||||
|
|
||||||
#define MAX_PREFS 30
|
#define MAX_PREFS 30
|
||||||
|
|
||||||
@ -1426,6 +1432,9 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
|||||||
|
|
||||||
assert (is_RSA(algo));
|
assert (is_RSA(algo));
|
||||||
|
|
||||||
|
if (!nbits)
|
||||||
|
nbits = DEFAULT_STD_KEYSIZE;
|
||||||
|
|
||||||
if (nbits < 1024)
|
if (nbits < 1024)
|
||||||
{
|
{
|
||||||
nbits = 1024;
|
nbits = 1024;
|
||||||
@ -1765,9 +1774,7 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage)
|
|||||||
static unsigned
|
static unsigned
|
||||||
ask_keysize (int algo, unsigned int primary_keysize)
|
ask_keysize (int algo, unsigned int primary_keysize)
|
||||||
{
|
{
|
||||||
/* NOTE: If you change the default key size/algo, remember to change
|
unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
|
||||||
it also in gpgconf.c:gpgconf_list. */
|
|
||||||
unsigned int nbits, min, def=2048, max=4096;
|
|
||||||
int for_subkey = !!primary_keysize;
|
int for_subkey = !!primary_keysize;
|
||||||
int autocomp = 0;
|
int autocomp = 0;
|
||||||
|
|
||||||
@ -2382,22 +2389,37 @@ get_parameter_value( struct para_data_s *para, enum para_name key )
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
get_parameter_algo( struct para_data_s *para, enum para_name key )
|
get_parameter_algo( struct para_data_s *para, enum para_name key,
|
||||||
|
int *r_default)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
struct para_data_s *r = get_parameter( para, key );
|
struct para_data_s *r = get_parameter( para, key );
|
||||||
if( !r )
|
|
||||||
return -1;
|
if (r_default)
|
||||||
if( digitp( r->u.value ) )
|
*r_default = 0;
|
||||||
i = atoi( r->u.value );
|
|
||||||
else if ( !strcmp ( r->u.value, "ELG-E")
|
if (!r)
|
||||||
|| !strcmp ( r->u.value, "ELG") )
|
return -1;
|
||||||
i = GCRY_PK_ELG_E;
|
|
||||||
else
|
if (!ascii_strcasecmp (r->u.value, "default"))
|
||||||
i = gcry_pk_map_name (r->u.value);
|
{
|
||||||
if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
|
/* Note: If you change this default algo, remember to change it
|
||||||
i = 0; /* we don't want to allow generation of these algorithms */
|
also in gpg.c:gpgconf_list. */
|
||||||
return i;
|
i = DEFAULT_STD_ALGO;
|
||||||
|
if (r_default)
|
||||||
|
*r_default = 1;
|
||||||
|
}
|
||||||
|
else if (digitp (r->u.value))
|
||||||
|
i = atoi( r->u.value );
|
||||||
|
else if (!strcmp (r->u.value, "ELG-E")
|
||||||
|
|| !strcmp (r->u.value, "ELG"))
|
||||||
|
i = GCRY_PK_ELG_E;
|
||||||
|
else
|
||||||
|
i = gcry_pk_map_name (r->u.value);
|
||||||
|
|
||||||
|
if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
|
||||||
|
i = 0; /* we don't want to allow generation of these algorithms */
|
||||||
|
return i;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -2541,13 +2563,15 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
|
|||||||
const char *s1, *s2, *s3;
|
const char *s1, *s2, *s3;
|
||||||
size_t n;
|
size_t n;
|
||||||
char *p;
|
char *p;
|
||||||
int have_user_id=0,err,algo;
|
int is_default = 0;
|
||||||
|
int have_user_id = 0;
|
||||||
|
int err, algo;
|
||||||
|
|
||||||
/* Check that we have all required parameters. */
|
/* Check that we have all required parameters. */
|
||||||
r = get_parameter( para, pKEYTYPE );
|
r = get_parameter( para, pKEYTYPE );
|
||||||
if(r)
|
if(r)
|
||||||
{
|
{
|
||||||
algo=get_parameter_algo(para,pKEYTYPE);
|
algo = get_parameter_algo (para, pKEYTYPE, &is_default);
|
||||||
if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG))
|
if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG))
|
||||||
{
|
{
|
||||||
log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
|
log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
|
||||||
@ -2563,10 +2587,13 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
|
|||||||
err = parse_parameter_usage (fname, para, pKEYUSAGE);
|
err = parse_parameter_usage (fname, para, pKEYUSAGE);
|
||||||
if (!err)
|
if (!err)
|
||||||
{
|
{
|
||||||
/* Default to algo capabilities if key-usage is not provided */
|
/* Default to algo capabilities if key-usage is not provided and
|
||||||
|
no default algorithm has been requested. */
|
||||||
r = xmalloc_clear(sizeof(*r));
|
r = xmalloc_clear(sizeof(*r));
|
||||||
r->key = pKEYUSAGE;
|
r->key = pKEYUSAGE;
|
||||||
r->u.usage = openpgp_pk_algo_usage(algo);
|
r->u.usage = (is_default
|
||||||
|
? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)
|
||||||
|
: openpgp_pk_algo_usage(algo));
|
||||||
r->next = para;
|
r->next = para;
|
||||||
para = r;
|
para = r;
|
||||||
}
|
}
|
||||||
@ -2583,10 +2610,11 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
is_default = 0;
|
||||||
r = get_parameter( para, pSUBKEYTYPE );
|
r = get_parameter( para, pSUBKEYTYPE );
|
||||||
if(r)
|
if(r)
|
||||||
{
|
{
|
||||||
algo = get_parameter_algo (para, pSUBKEYTYPE);
|
algo = get_parameter_algo (para, pSUBKEYTYPE, &is_default);
|
||||||
if (openpgp_pk_test_algo (algo))
|
if (openpgp_pk_test_algo (algo))
|
||||||
{
|
{
|
||||||
log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
|
log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
|
||||||
@ -2600,7 +2628,9 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
|
|||||||
provided */
|
provided */
|
||||||
r = xmalloc_clear (sizeof(*r));
|
r = xmalloc_clear (sizeof(*r));
|
||||||
r->key = pSUBKEYUSAGE;
|
r->key = pSUBKEYUSAGE;
|
||||||
r->u.usage = openpgp_pk_algo_usage (algo);
|
r->u.usage = (is_default
|
||||||
|
? PUBKEY_USAGE_ENC
|
||||||
|
: openpgp_pk_algo_usage (algo));
|
||||||
r->next = para;
|
r->next = para;
|
||||||
para = r;
|
para = r;
|
||||||
}
|
}
|
||||||
@ -3441,7 +3471,7 @@ do_generate_keypair (struct para_data_s *para,
|
|||||||
|
|
||||||
if (!card)
|
if (!card)
|
||||||
{
|
{
|
||||||
rc = do_create (get_parameter_algo( para, pKEYTYPE ),
|
rc = do_create (get_parameter_algo( para, pKEYTYPE, NULL ),
|
||||||
get_parameter_uint( para, pKEYLENGTH ),
|
get_parameter_uint( para, pKEYLENGTH ),
|
||||||
pub_root, sec_root,
|
pub_root, sec_root,
|
||||||
get_parameter_dek( para, pPASSPHRASE_DEK ),
|
get_parameter_dek( para, pPASSPHRASE_DEK ),
|
||||||
@ -3503,7 +3533,7 @@ do_generate_keypair (struct para_data_s *para,
|
|||||||
{
|
{
|
||||||
if (!card)
|
if (!card)
|
||||||
{
|
{
|
||||||
rc = do_create( get_parameter_algo( para, pSUBKEYTYPE ),
|
rc = do_create( get_parameter_algo( para, pSUBKEYTYPE, NULL ),
|
||||||
get_parameter_uint( para, pSUBKEYLENGTH ),
|
get_parameter_uint( para, pSUBKEYLENGTH ),
|
||||||
pub_root, sec_root,
|
pub_root, sec_root,
|
||||||
get_parameter_dek( para, pPASSPHRASE_DEK ),
|
get_parameter_dek( para, pPASSPHRASE_DEK ),
|
||||||
@ -3612,7 +3642,8 @@ do_generate_keypair (struct para_data_s *para,
|
|||||||
int no_enc_rsa;
|
int no_enc_rsa;
|
||||||
PKT_public_key *pk;
|
PKT_public_key *pk;
|
||||||
|
|
||||||
no_enc_rsa = (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_RSA
|
no_enc_rsa = ((get_parameter_algo (para, pKEYTYPE, NULL)
|
||||||
|
== PUBKEY_ALGO_RSA)
|
||||||
&& get_parameter_uint (para, pKEYUSAGE)
|
&& get_parameter_uint (para, pKEYUSAGE)
|
||||||
&& !((get_parameter_uint (para, pKEYUSAGE)
|
&& !((get_parameter_uint (para, pKEYUSAGE)
|
||||||
& PUBKEY_USAGE_ENC)) );
|
& PUBKEY_USAGE_ENC)) );
|
||||||
@ -3634,7 +3665,7 @@ do_generate_keypair (struct para_data_s *para,
|
|||||||
|
|
||||||
|
|
||||||
if (!opt.batch
|
if (!opt.batch
|
||||||
&& (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_DSA
|
&& (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA
|
||||||
|| no_enc_rsa )
|
|| no_enc_rsa )
|
||||||
&& !get_parameter (para, pSUBKEYTYPE) )
|
&& !get_parameter (para, pSUBKEYTYPE) )
|
||||||
{
|
{
|
||||||
|
Loading…
x
Reference in New Issue
Block a user