security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Do not allow old cipher algorithms for encryption.

Browse source 
* g10/gpg.c: New option --allow-old-cipher-algos.
(set_compliance_option): Set --rfc4880bis explictly to SHA256 and
AES256.  Allow old cipher algos for OpenPGP, rfc4880, and rfc2440.
* g10/options.h (opt): Add flags.allow_old_cipher_algos.
* g10/misc.c (print_sha1_keysig_rejected_note): Always print the note
unless in --quiet mode.
* g10/encrypt.c (setup_symkey): Disallow by default algos with a
blocklengt < 128.
(encrypt_crypt): Ditto.  Fallback by default to AES instead of 3DES.
* g10/pkclist.c (algo_available): Take care of old cipher also.
(select_algo_from_prefs): Use AES as implicit algorithm by default.

* tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos.
--

GnuPG-bug-id: 3415
This commit is contained in:
Werner Koch 2021-02-10 14:31:34 +01:00
parent 6e730c1881
commit 825dd7220f
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
7 changed files with 92 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

5
g10/misc.c
View file

@ -396,8 +396,9 @@ print_sha1_keysig_rejected_note (void)
log_info (_("Note: third-party key signatures using"
" the %s algorithm are rejected\n"),
gcry_md_algo_name (GCRY_MD_SHA1));
print_further_info ("use option \"%s\" to override",
"--allow-weak-key-signatures");
if (!opt.quiet)
log_info (_("(use option \"%s\" to override)\n"),
"--allow-weak-key-signatures");
}