1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Allo RMD160 signatures

This commit is contained in:
Werner Koch 2006-03-21 12:48:51 +00:00
parent 6b19366e4e
commit 79f749fec9
5 changed files with 40 additions and 4 deletions

2
NEWS
View File

@ -11,6 +11,8 @@ Noteworthy changes in version 1.9.21
* [gpgsm] Kludge to allow use of Bundesnetzagentur issued
certificates.
* [scdaemon] Added --hash=xxx option to the PKSIGN command.
Noteworthy changes in version 1.9.20 (2005-12-20)
-------------------------------------------------

1
TODO
View File

@ -3,6 +3,7 @@
* src/base64
** Make parsing more robust
Currently we don't cope with overlong lines in the best way.
** Check that we really release the ksba reader/writer objects.
* sm/call-agent.c
** The protocol uses an incomplete S-expression

View File

@ -444,7 +444,14 @@ hex notation. The actual signing is done using the command
@end example
where @var{keyid} is the hexified ID of the key to be used. The key id
may have been retrieved using the command @code{LEARN}.
may have been retrieved using the command @code{LEARN}. If another
hash algorithm than SHA-1 is used, that algorithm may be given like:
@example
PKSIGN --hash=@var{algoname} @var{keyid}
@end example
With @var{algoname} are one of @code{sha1}, @code{rmd160} or @code{md5}.
@node Scdaemon PKDECRYPT

View File

@ -1,3 +1,7 @@
2006-03-21 Werner Koch <wk@g10code.com>
* command.c (cmd_pksign): Add --hash option.
2006-03-01 Werner Koch <wk@g10code.com>
* command.c (status_file_update_lock): New.

View File

@ -708,7 +708,9 @@ pin_cb (void *opaque, const char *info, char **retstr)
}
/* PKSIGN <hexified_id>
/* PKSIGN [--hash=[rmd160|sha1|md5]] <hexified_id>
The --hash option is optional; the default is SHA1.
*/
static int
@ -719,6 +721,26 @@ cmd_pksign (assuan_context_t ctx, char *line)
unsigned char *outdata;
size_t outdatalen;
char *keyidstr;
int hash_algo;
if (has_option (line, "--hash=rmd160"))
hash_algo = GCRY_MD_RMD160;
else if (has_option (line, "--hash=sha1"))
hash_algo = GCRY_MD_SHA1;
else if (has_option (line, "--hash=md5"))
hash_algo = GCRY_MD_MD5;
else if (!strstr (line, "--"))
hash_algo = GCRY_MD_SHA1;
else
return set_error (Parameter_Error, "invalid hash algorithm");
/* Skip over options. */
while ( *line == '-' && line[1] == '-' )
{
while (*line && !spacep (line))
line++;
while (spacep (line))
line++;
}
if ( IS_LOCKED (ctrl) )
return gpg_error (GPG_ERR_LOCKED);
@ -734,7 +756,7 @@ cmd_pksign (assuan_context_t ctx, char *line)
return ASSUAN_Out_Of_Core;
rc = app_sign (ctrl->app_ctx,
keyidstr, GCRY_MD_SHA1,
keyidstr, hash_algo,
pin_cb, ctx,
ctrl->in_data.value, ctrl->in_data.valuelen,
&outdata, &outdatalen);
@ -777,7 +799,7 @@ cmd_pkauth (assuan_context_t ctx, char *line)
if (!ctrl->app_ctx)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
/* We have to use a copy of the key ID because the function may use
/* We have to use a copy of the key ID because the function may use
the pin_cb which in turn uses the assuan line buffer and thus
overwriting the original line with the keyid */
keyidstr = xtrystrdup (line);