gpg,gpgsm: Add option --min-rsa-length.

* common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
2025-07-02 22:46:30 +02:00 · 2021-11-18 20:44:14 +01:00 · 2021-11-18 20:44:14 +01:00 · 6ee01c1d26
commit 6ee01c1d26
parent f453d52e53
8 changed files with 59 additions and 9 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -2881,7 +2881,13 @@ SHA224, SHA384, and SHA512 digests.
@opindex compliance
 This option can be used instead of one of the options above.  Valid
 values for @var{string} are the above option names (without the double
-dash) and possibly others as shown when using "help" for @var{value}.
+dash) and possibly others as shown when using "help" for @var{string}.
+
+@item --min-rsa-length @var{n}
+@opindex min-rsa-length
+This option adjusts the compliance mode "de-vs" for stricter key size
+requirements.  For example, a value of 3000 turns rsa2048 and dsa2048
+keys into non-VS-NfD compliant keys.

@end table

--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@ -667,6 +667,16 @@ such broken signatures.  If @command{gpgsm} prints an error like
 ``digest algo 8 has not been enabled'' you may want to try this option,
 with @samp{SHA256} for @var{name}.

+@item --compliance @var{string}
+@opindex compliance
+Set the compliance mode.  Valid values are shown when using "help" for
+@var{string}.
+
+@item --min-rsa-length @var{n}
+@opindex min-rsa-length
+This option adjusts the compliance mode "de-vs" for stricter key size
+requirements.  For example, a value of 3000 turns rsa2048 and dsa2048
+keys into non-VS-NfD compliant keys.

@item --faked-system-time @var{epoch}
@opindex faked-system-time