diff --git a/g10/ChangeLog b/g10/ChangeLog
index 1fb7bfbb0..8e74aaa8f 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,11 @@
+2003-11-27 David Shaw <dshaw@jabberwocky.com>
+
+ * keygen.c (ask_algo): Remove ability to generate Elgamal
+ sign+encrypt keys.
+
+ * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Disallow
+ use of sign+encrypt Elgamal keys.
+
2003-11-20 David Shaw <dshaw@jabberwocky.com>
* seskey.c (do_encode_md): Comment about earlier (pre-PGP 2.3)
diff --git a/g10/getkey.c b/g10/getkey.c
index 72b80ba76..d1be8e51e 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1677,6 +1677,11 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
if ( x ) /* mask it down to the actual allowed usage */
key_usage &= x;
}
+
+ /* Type 20 Elgamal keys are not usable. */
+ if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
+ key_usage=0;
+
pk->pubkey_usage = key_usage;
if ( !key_expire_seen ) {
@@ -1893,6 +1898,13 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
if ( x ) /* mask it down to the actual allowed usage */
key_usage &= x;
}
+
+ /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are
+ not usable. */
+ if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL
+ || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
+ key_usage=0;
+
subpk->pubkey_usage = key_usage;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
diff --git a/g10/keygen.c b/g10/keygen.c
index 51354af4c..6b8cf0ecd 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1052,13 +1052,11 @@ ask_algo (int addmode, unsigned int *r_usage)
tty_printf( _(" (%d) DSA (sign only)\n"), 2 );
if( addmode )
tty_printf( _(" (%d) ElGamal (encrypt only)\n"), 3 );
- if (opt.expert)
- tty_printf( _(" (%d) ElGamal (sign and encrypt)\n"), 4 );
- tty_printf( _(" (%d) RSA (sign only)\n"), 5 );
+ tty_printf( _(" (%d) RSA (sign only)\n"), 4 );
if (addmode)
- tty_printf( _(" (%d) RSA (encrypt only)\n"), 6 );
+ tty_printf( _(" (%d) RSA (encrypt only)\n"), 5 );
if (opt.expert)
- tty_printf( _(" (%d) RSA (sign and encrypt)\n"), 7 );
+ tty_printf( _(" (%d) RSA (sign and encrypt)\n"), 6 );
for(;;) {
answer = cpr_get("keygen.algo",_("Your selection? "));
@@ -1069,36 +1067,21 @@ ask_algo (int addmode, unsigned int *r_usage)
algo = 0; /* create both keys */
break;
}
- else if( algo == 7 && opt.expert ) {
+ else if( algo == 6 && opt.expert ) {
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
break;
}
- else if( algo == 6 && addmode ) {
+ else if( algo == 5 && addmode ) {
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_ENC;
break;
}
- else if( algo == 5 ) {
+ else if( algo == 4 ) {
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_SIG;
break;
}
- else if( algo == 4 && opt.expert)
- {
- tty_printf(_(
-"The use of this algorithm is only supported by GnuPG. You will not be\n"
-"able to use this key to communicate with PGP users. This algorithm is also\n"
-"very slow, and may not be as secure as the other choices.\n"));
-
- if( cpr_get_answer_is_yes("keygen.algo.elg_se",
- _("Create anyway? ")))
- {
- algo = PUBKEY_ALGO_ELGAMAL;
- *r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
- break;
- }
- }
else if( algo == 3 && addmode ) {
algo = PUBKEY_ALGO_ELGAMAL_E;
*r_usage = PUBKEY_USAGE_ENC;