gpg,sm: New option --with-key-screening.

* common/pkscreening.c: New. * common/pkscreening.h: New. * common/Makefile.am (common_sources): Add them. * g10/gpg.c (opts): New option --with-key-screening. * g10/options.h (struct opt): New field with_key_screening. * g10/keylist.c: Include pkscreening.h. (print_pk_screening): New. (list_keyblock_print): Call it. (print_compliance_flags): Call it. * sm/gpgsm.c (opts): New option --with-key-screening. * sm/gpgsm.h (scruct opt): New field with_key_screening. * sm/keylist.c: Include pkscreening.h. (print_pk_screening): New. (print_compliance_flags): Call it. Add new arg cert. (list_cert_colon): Pass arg cert (list_cert_std): Call print_pk_screening. * sm/fingerprint.c (gpgsm_get_rsa_modulus): New. -- This new option can be used to detect ROCA affected keys. To scan an entire keyring and print the affected fingerprints use this: gpg -k --with-key-screening --with-colons | gawk -F: \ '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next}; $1=="fpr" && found {print $10}; {found=0}' The same works for gpgsm. Note that we need gawk due to the "\<" in the r.e. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2017-10-17 21:10:19 +02:00 · 2017-10-17 21:10:19 +02:00 · 825abec0e7
commit 825abec0e7
parent 69e579d785
11 changed files with 358 additions and 5 deletions
--- a/g10/options.h
+++ b/g10/options.h
@ -82,6 +82,7 @@ struct
  int with_fingerprint; /* Option --with-fingerprint active.  */
  int with_subkey_fingerprint; /* Option --with-subkey-fingerprint active.  */
  int with_keygrip;     /* Option --with-keygrip active.  */
+  int with_key_screening;/* Option --with-key-screening active.  */
  int with_tofu_info;   /* Option --with-tofu_info active.  */
  int with_secret;      /* Option --with-secret active.  */
  int with_wkd_hash;    /* Option --with-wkd-hash.  */