mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
allow for default algorithms in a gpg parameter file
This commit is contained in:
parent
66a0019120
commit
49b00ffd67
3
NEWS
3
NEWS
@ -8,6 +8,9 @@ Noteworthy changes in version 2.1.x (under development)
|
||||
|
||||
* The G13 tool for disk encryption key management has been added.
|
||||
|
||||
* The default for --include-cert is now to include all certificates
|
||||
in the chain except for the root certificate.
|
||||
|
||||
* Numerical values may now be used as an alternative to the
|
||||
debug-level keywords.
|
||||
|
||||
|
41
doc/DETAILS
41
doc/DETAILS
@ -823,11 +823,14 @@ The format of this file is as follows:
|
||||
used. Some syntactically checks may be performed.
|
||||
The currently defined parameters are:
|
||||
Key-Type: <algo-number>|<algo-string>
|
||||
Starts a new parameter block by giving the type of the
|
||||
primary key. The algorithm must be capable of signing.
|
||||
This is a required parameter.
|
||||
Starts a new parameter block by giving the type of the primary
|
||||
key. The algorithm must be capable of signing. This is a
|
||||
required parameter. It may be "default" to use the default
|
||||
one; in this case don't give a Key-Usage and use "default" for
|
||||
the Subkey-Type.
|
||||
Key-Length: <length-in-bits>
|
||||
Length of the key in bits. Default is 1024.
|
||||
Length of the key in bits. The default is returned by running
|
||||
the command "gpg --gpgconf-list".
|
||||
Key-Usage: <usage-list>
|
||||
Space or comma delimited list of key usage, allowed values are
|
||||
"encrypt", "sign", and "auth". This is used to generate the
|
||||
@ -835,13 +838,15 @@ The format of this file is as follows:
|
||||
this usage. Note that OpenPGP requires that all primary keys
|
||||
are capable of certification, so no matter what usage is given
|
||||
here, the "cert" flag will be on. If no Key-Usage is
|
||||
specified, all the allowed usages for that particular
|
||||
algorithm are used.
|
||||
specified and the key-type is not "default", all allowed
|
||||
usages for that particular algorithm are used; if it is not
|
||||
given but "default" is used the usage will be "sign".
|
||||
Subkey-Type: <algo-number>|<algo-string>
|
||||
This generates a secondary key. Currently only one subkey
|
||||
can be handled.
|
||||
Subkey-Length: <length-in-bits>
|
||||
Length of the subkey in bits. Default is 1024.
|
||||
Length of the subkey in bits. The default is returned by running
|
||||
the command "gpg --gpgconf-list".
|
||||
Subkey-Usage: <usage-list>
|
||||
Similar to Key-Usage.
|
||||
Passphrase: <string>
|
||||
@ -892,9 +897,9 @@ The format of this file is as follows:
|
||||
keyserver URL for the key.
|
||||
|
||||
|
||||
Here is an example:
|
||||
Here is an example on how to create a key:
|
||||
$ cat >foo <<EOF
|
||||
%echo Generating a standard key
|
||||
%echo Generating a basic OpenPGP key
|
||||
Key-Type: DSA
|
||||
Key-Length: 1024
|
||||
Subkey-Type: ELG-E
|
||||
@ -919,6 +924,24 @@ $ gpg --no-default-keyring --secret-keyring ./foo.sec \
|
||||
sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar>
|
||||
ssb 1024g/8F70E2C0 2000-03-09
|
||||
|
||||
If you want to create a key with the default algorithms you would
|
||||
use these parameters:
|
||||
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Subkey-Type: default
|
||||
Name-Real: Joe Tester
|
||||
Name-Comment: with stupid passphrase
|
||||
Name-Email: joe@foo.bar
|
||||
Expire-Date: 0
|
||||
Passphrase: abc
|
||||
%pubring foo.pub
|
||||
%secring foo.sec
|
||||
# Do a commit here, so that we can later print "done" :-)
|
||||
%commit
|
||||
%echo done
|
||||
|
||||
|
||||
|
||||
|
||||
Layout of the TrustDB
|
||||
|
@ -1,3 +1,11 @@
|
||||
2009-12-04 Werner Koch <wk@g10code.com>
|
||||
|
||||
* keygen.c (DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE): New.
|
||||
(ask_keysize): Use new macro.
|
||||
(gen_rsa): Set default size if NBITS is 0.
|
||||
(get_parameter_algo): Add algo name "default". Add arg R_DEFAULT.
|
||||
(proc_parameter_file): Process default flag.
|
||||
|
||||
2009-12-03 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpg.c (set_debug): Allow for numerical debug leveles. Print
|
||||
|
@ -1617,8 +1617,8 @@ gpgconf_list (const char *configfile)
|
||||
printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
|
||||
printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
|
||||
|
||||
/* The next one is an info only item and should match what
|
||||
keygen:ask_keysize actually implements. */
|
||||
/* The next one is an info only item and should match the macros at
|
||||
the top of keygen.c */
|
||||
printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
|
||||
"RSA-2048");
|
||||
|
||||
|
61
g10/keygen.c
61
g10/keygen.c
@ -43,6 +43,12 @@
|
||||
#include "keyserver-internal.h"
|
||||
#include "call-agent.h"
|
||||
|
||||
/* The default algorithms. If you change them remember to change them
|
||||
also in gpg.c:gpgconf_list. You should also check that the value
|
||||
is inside the bounds enforced by ask_keysize and gen_xxx. */
|
||||
#define DEFAULT_STD_ALGO GCRY_PK_RSA
|
||||
#define DEFAULT_STD_KEYSIZE 2048
|
||||
|
||||
|
||||
#define MAX_PREFS 30
|
||||
|
||||
@ -1426,6 +1432,9 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
||||
|
||||
assert (is_RSA(algo));
|
||||
|
||||
if (!nbits)
|
||||
nbits = DEFAULT_STD_KEYSIZE;
|
||||
|
||||
if (nbits < 1024)
|
||||
{
|
||||
nbits = 1024;
|
||||
@ -1765,9 +1774,7 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage)
|
||||
static unsigned
|
||||
ask_keysize (int algo, unsigned int primary_keysize)
|
||||
{
|
||||
/* NOTE: If you change the default key size/algo, remember to change
|
||||
it also in gpgconf.c:gpgconf_list. */
|
||||
unsigned int nbits, min, def=2048, max=4096;
|
||||
unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
|
||||
int for_subkey = !!primary_keysize;
|
||||
int autocomp = 0;
|
||||
|
||||
@ -2382,19 +2389,34 @@ get_parameter_value( struct para_data_s *para, enum para_name key )
|
||||
}
|
||||
|
||||
static int
|
||||
get_parameter_algo( struct para_data_s *para, enum para_name key )
|
||||
get_parameter_algo( struct para_data_s *para, enum para_name key,
|
||||
int *r_default)
|
||||
{
|
||||
int i;
|
||||
struct para_data_s *r = get_parameter( para, key );
|
||||
|
||||
if (r_default)
|
||||
*r_default = 0;
|
||||
|
||||
if (!r)
|
||||
return -1;
|
||||
if( digitp( r->u.value ) )
|
||||
|
||||
if (!ascii_strcasecmp (r->u.value, "default"))
|
||||
{
|
||||
/* Note: If you change this default algo, remember to change it
|
||||
also in gpg.c:gpgconf_list. */
|
||||
i = DEFAULT_STD_ALGO;
|
||||
if (r_default)
|
||||
*r_default = 1;
|
||||
}
|
||||
else if (digitp (r->u.value))
|
||||
i = atoi( r->u.value );
|
||||
else if (!strcmp (r->u.value, "ELG-E")
|
||||
|| !strcmp (r->u.value, "ELG"))
|
||||
i = GCRY_PK_ELG_E;
|
||||
else
|
||||
i = gcry_pk_map_name (r->u.value);
|
||||
|
||||
if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
|
||||
i = 0; /* we don't want to allow generation of these algorithms */
|
||||
return i;
|
||||
@ -2541,13 +2563,15 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
|
||||
const char *s1, *s2, *s3;
|
||||
size_t n;
|
||||
char *p;
|
||||
int have_user_id=0,err,algo;
|
||||
int is_default = 0;
|
||||
int have_user_id = 0;
|
||||
int err, algo;
|
||||
|
||||
/* Check that we have all required parameters. */
|
||||
r = get_parameter( para, pKEYTYPE );
|
||||
if(r)
|
||||
{
|
||||
algo=get_parameter_algo(para,pKEYTYPE);
|
||||
algo = get_parameter_algo (para, pKEYTYPE, &is_default);
|
||||
if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG))
|
||||
{
|
||||
log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
|
||||
@ -2563,10 +2587,13 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
|
||||
err = parse_parameter_usage (fname, para, pKEYUSAGE);
|
||||
if (!err)
|
||||
{
|
||||
/* Default to algo capabilities if key-usage is not provided */
|
||||
/* Default to algo capabilities if key-usage is not provided and
|
||||
no default algorithm has been requested. */
|
||||
r = xmalloc_clear(sizeof(*r));
|
||||
r->key = pKEYUSAGE;
|
||||
r->u.usage = openpgp_pk_algo_usage(algo);
|
||||
r->u.usage = (is_default
|
||||
? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)
|
||||
: openpgp_pk_algo_usage(algo));
|
||||
r->next = para;
|
||||
para = r;
|
||||
}
|
||||
@ -2583,10 +2610,11 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
|
||||
}
|
||||
}
|
||||
|
||||
is_default = 0;
|
||||
r = get_parameter( para, pSUBKEYTYPE );
|
||||
if(r)
|
||||
{
|
||||
algo = get_parameter_algo (para, pSUBKEYTYPE);
|
||||
algo = get_parameter_algo (para, pSUBKEYTYPE, &is_default);
|
||||
if (openpgp_pk_test_algo (algo))
|
||||
{
|
||||
log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
|
||||
@ -2600,7 +2628,9 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
|
||||
provided */
|
||||
r = xmalloc_clear (sizeof(*r));
|
||||
r->key = pSUBKEYUSAGE;
|
||||
r->u.usage = openpgp_pk_algo_usage (algo);
|
||||
r->u.usage = (is_default
|
||||
? PUBKEY_USAGE_ENC
|
||||
: openpgp_pk_algo_usage (algo));
|
||||
r->next = para;
|
||||
para = r;
|
||||
}
|
||||
@ -3441,7 +3471,7 @@ do_generate_keypair (struct para_data_s *para,
|
||||
|
||||
if (!card)
|
||||
{
|
||||
rc = do_create (get_parameter_algo( para, pKEYTYPE ),
|
||||
rc = do_create (get_parameter_algo( para, pKEYTYPE, NULL ),
|
||||
get_parameter_uint( para, pKEYLENGTH ),
|
||||
pub_root, sec_root,
|
||||
get_parameter_dek( para, pPASSPHRASE_DEK ),
|
||||
@ -3503,7 +3533,7 @@ do_generate_keypair (struct para_data_s *para,
|
||||
{
|
||||
if (!card)
|
||||
{
|
||||
rc = do_create( get_parameter_algo( para, pSUBKEYTYPE ),
|
||||
rc = do_create( get_parameter_algo( para, pSUBKEYTYPE, NULL ),
|
||||
get_parameter_uint( para, pSUBKEYLENGTH ),
|
||||
pub_root, sec_root,
|
||||
get_parameter_dek( para, pPASSPHRASE_DEK ),
|
||||
@ -3612,7 +3642,8 @@ do_generate_keypair (struct para_data_s *para,
|
||||
int no_enc_rsa;
|
||||
PKT_public_key *pk;
|
||||
|
||||
no_enc_rsa = (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_RSA
|
||||
no_enc_rsa = ((get_parameter_algo (para, pKEYTYPE, NULL)
|
||||
== PUBKEY_ALGO_RSA)
|
||||
&& get_parameter_uint (para, pKEYUSAGE)
|
||||
&& !((get_parameter_uint (para, pKEYUSAGE)
|
||||
& PUBKEY_USAGE_ENC)) );
|
||||
@ -3634,7 +3665,7 @@ do_generate_keypair (struct para_data_s *para,
|
||||
|
||||
|
||||
if (!opt.batch
|
||||
&& (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_DSA
|
||||
&& (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA
|
||||
|| no_enc_rsa )
|
||||
&& !get_parameter (para, pSUBKEYTYPE) )
|
||||
{
|
||||
|
Loading…
x
Reference in New Issue
Block a user