security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

gpg: Fix --version output and explicitly disable ECC.

Browse Source 
* g10/misc.c (openpgp_pk_algo_name): New.  Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E.  Return an error for ECC algos.
(openpgp_pk_test_algo2):  Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
--

Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks.  This patches fixes that and
also make sure that gpg does advertise any ECC features.  The patch in
build_list is not really needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2013-10-08 15:29:36 +02:00
parent 3544beff86
commit 6286d01ba3
11 changed files with 111 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
g10/encode.c
View File

@ -83,7 +83,7 @@ encode_seskey( DEK *dek, DEK **seskey, byte *enckey )
/* The encrypted session key is prefixed with a one-octet algorithm id. */
buf[0] = (*seskey)->algo;
memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen );
/* We only pass already checked values to the following fucntion,
thus we consider any failure as fatal. */
if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
@ -117,7 +117,7 @@ use_mdc(PK_LIST pk_list,int algo)
if(select_mdc_from_pklist(pk_list))
return 1;
/* The keys don't support MDC, so now we do a bit of a hack - if any
of the AESes or TWOFISH are in the prefs, we assume that the user
can handle a MDC. This is valid for PGP 7, which can handle MDCs
@ -178,7 +178,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
memset( &zfx, 0, sizeof zfx);
memset( &tfx, 0, sizeof tfx);
init_packet(&pkt);
/* prepare iobufs */
inp = iobuf_open(filename);
if (inp)
@ -207,7 +207,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
it has no S2K salt. RFC1991 always uses simple S2K. */
if ( RFC1991 && use_seskey )
use_seskey = 0;
cfx.dek = NULL;
if( mode ) {
int canceled;
@ -254,7 +254,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
{
if (opt.verbose)
log_info(_("`%s' already compressed\n"), filename);
do_compress = 0;
do_compress = 0;
}
if( rc || (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) {
@ -563,7 +563,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
cfx.dek->algo = opt.def_cipher_algo;
}
cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo);
/* Only do the is-file-already-compressed check if we are using a
@ -575,7 +575,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
{
if (opt.verbose)
log_info(_("`%s' already compressed\n"), filename);
do_compress = 0;
do_compress = 0;
}
if (rc2)
{
@ -846,7 +846,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
if( opt.verbose ) {
char *ustr = get_user_id_string_native (enc->keyid);
log_info(_("%s/%s encrypted for: \"%s\"\n"),
gcry_pk_algo_name (enc->pubkey_algo),
openpgp_pk_algo_name (enc->pubkey_algo),
openpgp_cipher_algo_name (dek->algo),
ustr );
xfree(ustr);
@ -874,9 +874,9 @@ encode_crypt_files(int nfiles, char **files, strlist_t remusr)
if (opt.outfile)
{
log_error(_("--output doesn't work for this command\n"));
return;
return;
}
if (!nfiles)
{
char line[2048];

9
g10/gpg.c
View File

@ -854,8 +854,8 @@ my_strusage( int level )
case 33: p = _("\nSupported algorithms:\n"); break;
case 34:
if (!pubkeys)
pubkeys = build_list (_("Pubkey: "), 0,
gcry_pk_algo_name,
pubkeys = build_list (_("Pubkey: "), 'P',
openpgp_pk_algo_name,
openpgp_pk_test_algo );
p = pubkeys;
break;
@ -906,6 +906,9 @@ build_list (const char *text, char letter,
for (i=0; i <= 110; i++ )
{
if (letter == 'P' && i == 19 )
continue; /* No need to print a second "ECC" string. */
if (!chkf (i) && (s = mapf (i)))
{
if (mb.len - len > 60)
@ -921,7 +924,7 @@ build_list (const char *text, char letter,
put_membuf_str (&mb, text);
put_membuf_str (&mb, s);
if (opt.verbose && letter)
if (opt.verbose && letter && letter != 'P')
{
char num[20];
snprintf (num, sizeof num, " (%c%d)", letter, i);

4
g10/keyedit.c
View File

@ -2810,7 +2810,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
if(pk->is_revoked)
{
char *user=get_user_id_string_native(pk->revoked.keyid);
const char *algo = gcry_pk_algo_name (pk->revoked.algo);
const char *algo = openpgp_pk_algo_name (pk->revoked.algo);
tty_printf (_("The following key was revoked on"
" %s by %s key %s\n"),
revokestr_from_pk(pk),algo?algo:"?",user);
@ -2828,7 +2828,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
char *user;
const char *algo;
algo = gcry_pk_algo_name (pk->revkey[i].algid);
algo = openpgp_pk_algo_name (pk->revkey[i].algid);
keyid_from_fingerprint(pk->revkey[i].fpr,
MAX_FINGERPRINT_LEN,r_keyid);

6
g10/keygen.c
View File

@ -1603,7 +1603,7 @@ ask_key_flags(int algo,int subkey)
{
tty_printf("\n");
tty_printf(_("Possible actions for a %s key: "),
gcry_pk_algo_name (algo));
openpgp_pk_algo_name (algo));
print_key_flags(possible);
tty_printf("\n");
tty_printf(_("Current allowed actions: "));
@ -1807,7 +1807,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
}
tty_printf(_("%s keys may be between %u and %u bits long.\n"),
gcry_pk_algo_name (algo), min, max);
openpgp_pk_algo_name (algo), min, max);
for(;;)
{
@ -1826,7 +1826,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
if(nbits<min || nbits>max)
tty_printf(_("%s keysizes must be in the range %u-%u\n"),
gcry_pk_algo_name (algo), min, max);
openpgp_pk_algo_name (algo), min, max);
else
break;
}

2
g10/keyserver.c
View File

@ -485,7 +485,7 @@ print_keyrec(int number,struct keyrec *keyrec)
{
const char *str;
str = gcry_pk_algo_name (map_pk_openpgp_to_gcry (keyrec->type));
str = openpgp_pk_algo_name (keyrec->type);
if(str && strcmp (str, "?"))
printf("%s ",str);
else

1
g10/main.h
View File

@ -93,6 +93,7 @@ int map_pk_openpgp_to_gcry (int algo);
int openpgp_pk_test_algo( int algo );
int openpgp_pk_test_algo2 ( int algo, unsigned int use );
int openpgp_pk_algo_usage ( int algo );
const char *openpgp_pk_algo_name (int algo);
int openpgp_md_test_algo( int algo );
#ifdef USE_IDEA

4
g10/mainproc.c
View File

@ -455,7 +455,7 @@ print_pkenc_list( struct kidlist_item *list, int failed )
if ( !failed && list->reason )
continue;
algstr = gcry_pk_algo_name ( list->pubkey_algo );
algstr = openpgp_pk_algo_name ( list->pubkey_algo );
pk = xmalloc_clear( sizeof *pk );
if( !algstr )
@ -1644,7 +1644,7 @@ check_sig_and_print( CTX c, KBNODE node )
/* (Indendation below not yet changed to GNU style.) */
astr = gcry_pk_algo_name ( sig->pubkey_algo );
astr = openpgp_pk_algo_name ( sig->pubkey_algo );
if(keystrlen()>8)
{
log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));

36
g10/misc.c
View File

@ -297,7 +297,7 @@ print_pubkey_algo_note( int algo )
{
warn=1;
log_info (_("WARNING: using experimental public key algorithm %s\n"),
gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo)));
openpgp_pk_algo_name (algo));
}
}
else if (algo == 20)
@ -423,8 +423,9 @@ map_pk_openpgp_to_gcry (int algo)
{
switch (algo)
{
case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/;
case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/;
case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/;
case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/;
case PUBKEY_ALGO_ELGAMAL_E: return GCRY_PK_ELG;
default: return algo;
}
}
@ -433,11 +434,15 @@ map_pk_openpgp_to_gcry (int algo)
int
openpgp_pk_test_algo( int algo )
{
/* ECC is not yet supported even if supported by Libgcrypt. */
if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
return gpg_error (GPG_ERR_PUBKEY_ALGO);
/* Dont't allow type 20 keys unless in rfc2440 mode. */
if (!RFC2440 && algo == 20)
return gpg_error (GPG_ERR_PUBKEY_ALGO);
if (algo == GCRY_PK_ELG_E)
if (algo == PUBKEY_ALGO_ELGAMAL_E)
algo = GCRY_PK_ELG;
if (algo < 0 || algo > 110)
@ -450,11 +455,15 @@ openpgp_pk_test_algo2( int algo, unsigned int use )
{
size_t use_buf = use;
/* ECC is not yet supported even if supported by Libgcrypt. */
if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
return gpg_error (GPG_ERR_PUBKEY_ALGO);
/* Dont't allow type 20 keys unless in rfc2440 mode. */
if (!RFC2440 && algo == 20)
return gpg_error (GPG_ERR_PUBKEY_ALGO);
if (algo == GCRY_PK_ELG_E)
if (algo == PUBKEY_ALGO_ELGAMAL_E)
algo = GCRY_PK_ELG;
if (algo < 0 || algo > 110)
@ -491,12 +500,29 @@ openpgp_pk_algo_usage ( int algo )
case PUBKEY_ALGO_DSA:
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break;
case PUBKEY_ALGO_ECDH:
use = PUBKEY_USAGE_ENC;
break;
case PUBKEY_ALGO_ECDSA:
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break;
default:
break;
}
return use;
}
/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
string representation of the algorithm name. For unknown algorithm
IDs this function returns "?". */
const char *
openpgp_pk_algo_name (int algo)
{
return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
}
int
openpgp_md_test_algo( int algo )
{

96
g10/passphrase.c
View File

@ -74,7 +74,7 @@ encode_s2k_iterations (int iterations)
if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
/* Default to 65536 which we used up to 2.0.13. */
return 96;
return 96;
}
else if (mycnt >= 65011712)
return 255; /* Largest possible value. */
@ -87,7 +87,7 @@ encode_s2k_iterations (int iterations)
if (iterations >= 65011712)
return 255;
/* Need count to be in the range 16-31 */
for (count=iterations>>6; count>=32; count>>=1)
c++;
@ -96,13 +96,13 @@ encode_s2k_iterations (int iterations)
if (S2K_DECODE_COUNT(result) < iterations)
result++;
return result;
}
/* Hash a passphrase using the supplied s2k.
/* Hash a passphrase using the supplied s2k.
Always needs: dek->algo, s2k->mode, s2k->hash_algo. */
static void
hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
@ -119,20 +119,20 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
if (gcry_md_open (&md, s2k->hash_algo, 1))
BUG ();
for (pass=0; used < dek->keylen ; pass++ )
for (pass=0; used < dek->keylen ; pass++ )
{
if ( pass )
if ( pass )
{
gcry_md_reset (md);
for (i=0; i < pass; i++ ) /* Preset the hash context. */
gcry_md_putc (md, 0 );
}
if ( s2k->mode == 1 || s2k->mode == 3 )
if ( s2k->mode == 1 || s2k->mode == 3 )
{
int len2 = pwlen + 8;
ulong count = len2;
if ( s2k->mode == 3 )
{
count = S2K_DECODE_COUNT(s2k->count);
@ -146,7 +146,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
/* A little bit complicated because we need a ulong for count. */
while ( count > len2 ) /* maybe iterated+salted */
{
{
gcry_md_write ( md, s2k->salt, 8 );
gcry_md_write ( md, pw, pwlen );
count -= len2;
@ -242,7 +242,7 @@ read_passphrase_from_fd( int fd )
int i, len;
char *pw;
if ( !opt.batch )
if ( !opt.batch )
{ /* Not used but we have to do a dummy read, so that it won't end
up at the begin of the message if the quite usual trick to
prepend the passphtrase to the message is used. */
@ -251,12 +251,12 @@ read_passphrase_from_fd( int fd )
while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
;
*buf = 0;
return;
return;
}
for (pw = NULL, i = len = 100; ; i++ )
for (pw = NULL, i = len = 100; ; i++ )
{
if (i >= len-1 )
if (i >= len-1 )
{
char *pw2 = pw;
len += 100;
@ -322,35 +322,35 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
if( keyid && get_pubkey( pk, keyid ) )
{
if (pk)
free_public_key( pk );
free_public_key( pk );
pk = NULL; /* oops: no key for some reason */
}
orig_codeset = i18n_switchto_utf8 ();
if (custom_description)
atext = native_to_utf8 (custom_description);
else if ( !mode && pk && keyid )
{
{
char *uid;
size_t uidlen;
const char *algo_name = gcry_pk_algo_name ( pk->pubkey_algo );
const char *algo_name = openpgp_pk_algo_name (pk->pubkey_algo);
const char *timestr;
char *maink;
if ( !algo_name )
algo_name = "?";
#define KEYIDSTRING _(" (main key ID %s)")
maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 );
if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
&& keyid[1] != keyid[3] )
sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) );
else
*maink = 0;
uid = get_user_id ( keyid, &uidlen );
uid = get_user_id ( keyid, &uidlen );
timestr = strtimestamp (pk->timestamp);
#undef KEYIDSTRING
@ -361,7 +361,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
"%u-bit %s key, ID %s,\n" \
"created %s%s.\n" )
atext = xmalloc ( 100 + strlen (PROMPTSTRING)
atext = xmalloc ( 100 + strlen (PROMPTSTRING)
+ uidlen + 15 + strlen(algo_name) + keystrlen()
+ strlen (timestr) + strlen (maink) );
sprintf (atext, PROMPTSTRING,
@ -373,16 +373,16 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
#undef PROMPTSTRING
{
{
size_t dummy;
fingerprint_from_pk( pk, fpr, &dummy );
have_fpr = 1;
}
}
else
atext = xstrdup ( _("Enter passphrase\n") );
if (!mode && cacheid)
my_cacheid = cacheid;
@ -398,7 +398,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext,
repeat, check, &pw);
xfree (my_prompt);
xfree (atext); atext = NULL;
@ -413,7 +413,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
if (canceled)
*canceled = 1;
}
else
else
{
log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
/* Due to limitations in the API of the upper layers they
@ -422,7 +422,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
definitely not happen and let it continue without requiring a
passphrase. Given that now all the upper layers handle a
cancel correctly, we simply set the cancel flag now for all
errors from the agent. */
errors from the agent. */
if (canceled)
*canceled = 1;
@ -450,7 +450,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
int rc;
(void)algo;
if (!cacheid)
{
PKT_public_key *pk;
@ -460,7 +460,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
byte fpr[MAX_FINGERPRINT_LEN];
char hexfprbuf[2*20+1];
size_t dummy;
pk = xcalloc (1, sizeof *pk);
if ( !keyid || get_pubkey( pk, keyid ) )
{
@ -488,7 +488,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
NULL, sets it to true.
MODE 0: Allow cached passphrase
1: Ignore cached passphrase
1: Ignore cached passphrase
2: Ditto, but create a new key
3: Allow cached passphrase; use the S2K salt as the cache ID
4: Ditto, but create a new key
@ -496,7 +496,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
DEK *
passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
int cipher_algo, STRING2KEY *s2k, int mode,
const char *tryagain_text,
const char *tryagain_text,
const char *custdesc, const char *custprompt,
int *canceled)
{
@ -509,11 +509,11 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
if (!canceled)
canceled = &dummy_canceled;
*canceled = 0;
if ( !s2k )
{
assert (mode != 3 && mode != 4);
/* This is used for the old rfc1991 mode
/* This is used for the old rfc1991 mode
* Note: This must match the code in encode.c with opt.rfc1991 set */
s2k = &help_s2k;
s2k->mode = 0;
@ -539,16 +539,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
/* If we do not have a passphrase available in NEXT_PW and status
information are request, we print them now. */
if ( !next_pw && is_status_enabled() )
if ( !next_pw && is_status_enabled() )
{
char buf[50];
if ( keyid )
{
u32 used_kid[2];
char *us;
if ( keyid[2] && keyid[3] )
if ( keyid[2] && keyid[3] )
{
used_kid[0] = keyid[2];
used_kid[1] = keyid[3];
@ -558,16 +558,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
used_kid[0] = keyid[0];
used_kid[1] = keyid[1];
}
us = get_long_user_id_string ( keyid );
write_status_text ( STATUS_USERID_HINT, us );
xfree(us);
snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
(ulong)keyid[0], (ulong)keyid[1],
(ulong)used_kid[0], (ulong)used_kid[1],
pubkey_algo );
write_status_text ( STATUS_NEED_PASSPHRASE, buf );
}
else
@ -586,7 +586,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
{
PKT_public_key *pk = xmalloc_clear( sizeof *pk );
char *p;
p = get_user_id_native(keyid);
tty_printf ("\n");
tty_printf (_("You need a passphrase to unlock the secret key for\n"
@ -595,8 +595,8 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
if ( !get_pubkey( pk, keyid ) )
{
const char *s = gcry_pk_algo_name ( pk->pubkey_algo );
const char *s = openpgp_pk_algo_name (pk->pubkey_algo);
tty_printf (_("%u-bit %s key, ID %s, created %s"),
nbits_from_pk( pk ), s?s:"?", keystr(keyid),
strtimestamp(pk->timestamp) );
@ -620,19 +620,19 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
free_public_key( pk );
}
if ( next_pw )
if ( next_pw )
{
/* Simply return the passphrase we already have in NEXT_PW. */
pw = next_pw;
next_pw = NULL;
}
else if ( have_static_passphrase () )
else if ( have_static_passphrase () )
{
/* Return the passphrase we have stored in FD_PASSWD. */
pw = xmalloc_secure ( strlen(fd_passwd)+1 );
strcpy ( pw, fd_passwd );
}
else
else
{
if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
{
@ -653,7 +653,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
return NULL;
}
}
if ( !pw || !*pw )
write_status( STATUS_MISSING_PASSPHRASE );

2
g10/sign.c
View File

@ -318,7 +318,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
if( opt.verbose ) {
char *ustr = get_user_id_string_native (sig->keyid);
log_info(_("%s/%s signature from: \"%s\"\n"),
gcry_pk_algo_name (sk->pubkey_algo),
openpgp_pk_algo_name (sk->pubkey_algo),
gcry_md_algo_name (sig->digest_algo),
ustr );
xfree(ustr);

12
include/cipher.h
View File

@ -51,14 +51,14 @@
#define CIPHER_ALGO_CAMELLIA256 13
#define CIPHER_ALGO_DUMMY 110 /* No encryption at all. */
#define PUBKEY_ALGO_RSA /* 1 */ GCRY_PK_RSA
#define PUBKEY_ALGO_RSA_E /* 2 */ GCRY_PK_RSA_E /* RSA encrypt only. */
#define PUBKEY_ALGO_RSA_S /* 3 */ GCRY_PK_RSA_S /* RSA sign only. */
#define PUBKEY_ALGO_ELGAMAL_E /* 16 */ GCRY_PK_ELG_E /* Elgamal encr only */
#define PUBKEY_ALGO_DSA /* 17 */ GCRY_PK_DSA
#define PUBKEY_ALGO_RSA 1
#define PUBKEY_ALGO_RSA_E 2 /* RSA encrypt only. */
#define PUBKEY_ALGO_RSA_S 3 /* RSA sign only. */
#define PUBKEY_ALGO_ELGAMAL_E 16 /* Elgamal encr only */
#define PUBKEY_ALGO_DSA 17
#define PUBKEY_ALGO_ECDH 18
#define PUBKEY_ALGO_ECDSA 19
#define PUBKEY_ALGO_ELGAMAL /* 20 */ GCRY_PK_ELG /* Elgamal encr+sign */
#define PUBKEY_ALGO_ELGAMAL 20 /* Elgamal encr+sign */
#define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */
#define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */