security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

*** empty log message ***

This commit is contained in:
Werner Koch 1998-09-29 16:15:15 +00:00
parent 41fa8a3345
commit 9a854f1010
13 changed files with 200 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
NEWS
View File

@ -11,6 +11,12 @@ Noteworthy changes in version 0.4.1
"--s2k-mode 3 --s2k-cipher-algo cast5 --s2k-digest-algo sha1"
when changing a passphrase.
* doc/OpenPGP talks about OpenPGP compliance, doc/HACKING gives
some hints about the internal structure.
* checked gnupg against the August 1998 draft (07) and I believe
it is in compliance with this document (except one point).
Noteworthy changes in version 0.4.0
-----------------------------------

9
TODO
View File

@ -2,6 +2,15 @@
* after creating a new uid, the preferences in the trustdb are not updated.
We should always sync the trustdb in such cases.
* The critical bit of signature subpackets is not yet supported; i.e.
it is ignored.
* Exportable Certification Flag is ignored
* Why does OpenPGP say: The algorithm byte is included in the
checksum of an encoded key, but the actual implementaion does
not do this but works??
* write a tool to extract selected keys from a file.
* new menu to delete signatures and list signature in menu

2
doc/HACKING
View File

@ -3,6 +3,8 @@
(Some notes on GNUPG internals.)
===> Under construction <=======
Memory allocation
-----------------

2
doc/Makefile.am
View File

@ -1,6 +1,6 @@
## Process this file with automake to create Makefile.in
EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ HACKING
EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ HACKING OpenPGP
man_MANS = gpg.1

129
doc/OpenPGP Normal file
View File

@ -0,0 +1,129 @@
GNUPG and OpenPGP
=================
The current OpenPGP draft expires 1999-02.
OpenPGP is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
To view the entire list of current Internet-Drafts, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
Compatibility Notes
===================
GNUPG (>0.4) is in compliance with OpenPGP despite these exeptions:
* (5.1) The critical bit in signature subpackets is currently
ignored. This will be fixed soon.
* (5.3) GNUPG has an option to use simple S2K for "Symmetric-Key
Encrypted Session-Key Packets"; however a warning message is
issued if this option is active.
* (5.5.2) states that an implementaion MUST NOT create a v3 key
with an algorithm other than RSA. GNUPG has an option to
create an ElGamal key in a v3 packet; the properties of such
a key are as good as a v4 key. RFC1991 does not specifiy how
to create fingerprints for algorithms other than RSA and so it
is okay to choose a special format for ElGamal.
* (9.1) states that RSA SHOULD be implemented. This is not done
(except with an extension, usable outside the U.S.) due to
patent problems.
* (9.2) states that IDEA SHOULD be implemented. This is not done
due to patent problems.
* (12.1) states that an implementaion MUST NOT use a symmetric
algorithm which is not in the preference list. GNUPG has an
option to override this.
* A special format of partial packet length exists for v3 packets
which can be considered to be in compliance with RFC1991; this
format is only created if a special option is active.
All MAY features are implemented with this exception:
* multi-part armored messages are not supported.
MIME should be used instead.
Some Notes on OpenPGP / PGP Compatibility:
==========================================
* PGP 5.x does not accept V4 signatures for anything other than
key material.
* PGP 5.x does not recognize the "five-octet" lengths in
new-format headers or in signature subpacket lengths.
* PGP 5.0 rejects an encrypted session key if the keylength
differs from the S2K symmetric algorithm. This is a bug in its
validation function.
* PGP 5.0 does not handle multiple one-pass signature headers and
trailers. Signing one will compress the one-pass signed literal
and prefix a V3 signature instead of doing a nested one-pass
signature.
* When exporting a private key, PGP 2.x generates the header
"BEGIN PGP SECRET KEY BLOCK" instead of "BEGIN PGP PRIVATE KEY
BLOCK". All previous versions ignore the implied data type, and
look directly at the packet data type.
* In a clear-signed signature, PGP 5.0 will figure out the correct
hash algorithm if there is no "Hash:" header, but it will reject
a mismatch between the header and the actual algorithm used. The
"standard" (i.e. Zimmermann/Finney/et al.) version of PGP 2.x
rejects the "Hash:" header and assumes MD5. There are a number
of enhanced variants of PGP 2.6.x that have been modified for
SHA-1 signatures.
* PGP 5.0 can read an RSA key in V4 format, but can only recognize
it with a V3 keyid, and can properly use only a V3 format RSA
key.
* Neither PGP 5.x nor PGP 6.0 recognize Elgamal Encrypt and Sign
keys. They only handle Elgamal Encrypt-only keys.
Parts of this document are taken from:
======================================
OpenPGP Message Format
draft-ietf-openpgp-formats-07.txt
Copyright 1998 by The Internet Society. All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

24
doc/gpg.1pod
View File

@ -75,7 +75,7 @@ B<-k> [I<username>] [I<keyring>]
B<-kvc> List fingerprints
B<-kvvc> List fingerprints and signatures
B<--list-keys> [I<names>]
B<--list-keys> [I<names>]
List all keys from the public keyrings, or just the
ones given on the command line.
@ -83,7 +83,7 @@ B<--list-secret-keys> [I<names>]
List all keys from the secret keyrings, or just the
ones given on the command line.
B<--list-sigs> [I<names>]
B<--list-sigs> [I<names>]
Same as B<--list-keys>, but the signatures are listed
too.
@ -201,7 +201,7 @@ B<--import-ownertrust> [I<filename>]
Long options can be put in an options file (default F<~/.gnupg/options>);
do not write the 2 dashes, but simply the name of the option and any
arguments if required. Lines with a hash as the first non-white-space
arguments if required. Lines with a hash as the first non-white-space
character are ignored. Commands may be put in this file too, but that
does not make sense.
@ -322,7 +322,9 @@ B<--cipher-algo> I<name>
B<--digest-algo> I<name>
Use I<name> as message digest algorithm. Running the
program with the option B<--verbose> yields a list of
supported algorithms.
supported algorithms. Please note that using this
option may violate the OpenPGP requirement, that a
160 bit hash is to be used for DSA.
B<--s2k-cipher-algo> I<name>
Use I<name> as the cipher algorithm used to protect secret
@ -411,11 +413,11 @@ a signature was bad and other errorcode for fatal errors.
=head1 EXAMPLES
-se -r Bob [file] sign and encrypt for user Bob
-sat [file] make a clear text signature
-sb [file] make a detached signature
-k [userid] show keys
-kc [userid] show fingerprint
-se -r Bob [file] sign and encrypt for user Bob
-sat [file] make a clear text signature
-sb [file] make a detached signature
-k [userid] show keys
-kc [userid] show fingerprint
=head1 ENVIRONMENT
@ -430,13 +432,13 @@ F<~/.gnupg/pubring.gpg> The public keyring
F<~/.gnupg/trustdb.gpg> The trust database
F<~/.gnupg/options> May contain options
F<~/.gnupg/options> May contain options
F</usr[/local]/lib/gnupg/> Default location for extensions
=head1 SEE ALSO
gpg(1) gpgm(1)
gpg(1) gpgm(1)
=head1 WARNINGS

5
g10/ChangeLog
View File

@ -1,3 +1,8 @@
Tue Sep 29 08:32:08 1998 me,,, (wk@tobold)
* mainproc.c (proc_plaintext): Display note for special filename.
* plaintext.c (handle_plaintext): Suppress output of special file.
Mon Sep 28 12:57:12 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (verify_own_keys): Add warning if a key is not protected.

11
g10/g10.c
View File

@ -215,11 +215,11 @@ static ARGPARSE_OPTS opts[] = {
{ oMarginalsNeeded, "marginals-needed", 1, N_("(default is 3)")},
{ oLoadExtension, "load-extension" ,2, N_("|file|load extension module")},
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
{ oS2KMode, "s2k-mode", 1, N_("|N| use passphrase mode N")},
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
{ oS2KDigest, "s2k-digest-algo",2,
N_("|NAME| use message digest algorithm NAME for passphrases")},
N_("|NAME|use message digest algorithm NAME for passphrases")},
{ oS2KCipher, "s2k-cipher-algo",2,
N_("|NAME| use cipher algorithm NAME for passphrases")},
N_("|NAME|use cipher algorithm NAME for passphrases")},
#ifdef IS_G10
{ oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")},
{ oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
@ -789,7 +789,10 @@ main( int argc, char **argv )
if( opt.marginals_needed < 2 )
log_error(_("marginals-needed must be greater than 1\n"));
switch( opt.s2k_mode ) {
case 0: case 1: case 3: break;
case 0:
log_info(_("note: simple S2K mode (0) is strongly discouraged\n"));
break;
case 1: case 3: break;
default:
log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
}

5
g10/import.c
View File

@ -247,6 +247,7 @@ import_one( const char *fname, KBNODE keyblock )
u32 keyid[2];
int rc = 0;
int new_key = 0;
int mod_key = 0;
/* get the key and print some info about it */
node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
@ -284,6 +285,7 @@ import_one( const char *fname, KBNODE keyblock )
return 0;
}
/* do we have this key already in one of our pubrings ? */
pk_orig = m_alloc_clear( sizeof *pk_orig );
rc = get_pubkey( pk_orig, keyid );
@ -350,6 +352,7 @@ import_one( const char *fname, KBNODE keyblock )
if( rc )
goto leave;
if( n_uids || n_sigs || n_subk ) {
mod_key = 1;
/* keyblock_orig has been updated; write */
if( opt.verbose > 1 )
log_info_f(keyblock_resource_name(&kbpos),
@ -394,6 +397,8 @@ import_one( const char *fname, KBNODE keyblock )
log_error("key %08lX: trustdb insert failed: %s\n",
(ulong)keyid[1], g10_errstr(rc) );
}
else if( mod_key )
rc = update_trustdb( new_key? pk: pk_orig);
else
rc = clear_trust_checked_flag( new_key? pk : pk_orig );
}

4
g10/mainproc.c
View File

@ -243,7 +243,9 @@ proc_plaintext( CTX c, PACKET *pkt )
int any, clearsig, rc;
KBNODE n;
if( opt.verbose )
if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
log_info(_("note: sender requested \"for-your-eyes-only\"\n"));
else if( opt.verbose )
log_info("original file name='%.*s'\n", pt->namelen, pt->name);
free_md_filter_context( &c->mfx );
c->mfx.md = md_open( 0, 0);

4
g10/plaintext.c
View File

@ -98,6 +98,10 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
fname = m_alloc( strlen( opt.outfile ) + 1);
strcpy(fname, opt.outfile );
}
else if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) {
log_info(_("data not saved; use option \"--output\" to save it\n"));
nooutput = 1;
}
else {
fname = m_alloc( pt->namelen +1 );
memcpy( fname, pt->name, pt->namelen );

10
g10/trustdb.c
View File

@ -909,15 +909,16 @@ update_sigs( TRUSTREC *dir )
if( (sig->sig_class&~3) == 0x10 ) {
rc = check_key_signature( keyblock, node, &i );
if( rc == G10ERR_NO_PUBKEY ) {
log_info("key %08lX.%lu, uid %02X%02X: "
"no public key for signature %08lX\n",
if( opt.verbose )
log_info(_("key %08lX.%lu, uid %02X%02X: "
"no public key for signature %08lX\n"),
(ulong)keyid[1], lid, urec.r.uid.namehash[18],
urec.r.uid.namehash[19], (ulong)sig->keyid[1] );
miskey = 1;
}
else if( rc )
log_error("key %08lX.%lu, uid %02X%02X: "
"invalid %ssignature: %s\n",
log_info(_("key %08lX.%lu, uid %02X%02X: "
"invalid %ssignature: %s\n"),
(ulong)keyid[1], lid, urec.r.uid.namehash[18],
urec.r.uid.namehash[19],
i?"self-":"",g10_errstr(rc));
@ -1520,6 +1521,7 @@ list_trust_path( int max_depth, const char *username )
/****************
* Check the complete trustdb or only the entries for the given username
* FIXME: We need a mode which only looks at keys with the MISKEY flag set.
*/
void
check_trustdb( const char *username )

20
zlib/Makefile
View File

@ -1,5 +1,5 @@
# Generated automatically from Makefile.in by configure.
# Makefile.in generated automatically by automake 1.2f from Makefile.am
# Makefile.in generated automatically by automake 1.3 from Makefile.am
# Copyright (C) 1994, 1995, 1996, 1997, 1998 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
@ -37,6 +37,8 @@ mandir = ${prefix}/man
includedir = ${prefix}/include
oldincludedir = /usr/include
DISTDIR =
pkgdatadir = $(datadir)/gnupg
pkglibdir = $(libdir)/gnupg
pkgincludedir = $(includedir)/gnupg
@ -93,7 +95,7 @@ RANLIB = ranlib
USE_INCLUDED_LIBINTL = no
USE_NLS = no
VERSION = 0.4.0a
ZLIBS =
ZLIBS = ../zlib/libzlib.a
l =
CFLAGS = -O -Wall
@ -103,7 +105,7 @@ EXTRA_DIST = README algorithm.doc ChangeLog example.c
# I found no other easy way to use this only if zlib is neede
# doing this with SUBDIR = @xxx@ in the top Makefile.am does not
# work because automake doesn't scan this Makefile.am here.
#noinst_LIBRARIES = libzlib.a
noinst_LIBRARIES = libzlib.a
libzlib_a_SOURCES = adler32.c compress.c crc32.c gzio.c \
uncompr.c deflate.c trees.c zutil.c \
@ -122,7 +124,7 @@ LIBRARIES = $(noinst_LIBRARIES)
DEFS = -DHAVE_CONFIG_H -I. -I$(srcdir) -I..
CPPFLAGS =
LDFLAGS =
LIBS = -ldl -lz
LIBS = -ldl
libzlib_a_LIBADD =
libzlib_a_OBJECTS = adler32.o compress.o crc32.o gzio.o uncompr.o \
deflate.o trees.o zutil.o inflate.o infblock.o inftrees.o infcodes.o \
@ -144,14 +146,14 @@ DEP_FILES = .deps/adler32.P .deps/compress.P .deps/crc32.P \
SOURCES = $(libzlib_a_SOURCES)
OBJECTS = $(libzlib_a_OBJECTS)
default: all
all: Makefile $(LIBRARIES)
.SUFFIXES:
.SUFFIXES: .S .c .o .s
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && $(AUTOMAKE) --gnu zlib/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES)
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES)
cd $(top_builddir) \
&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
@ -267,8 +269,6 @@ install: install-exec install-data all
uninstall:
all: Makefile $(LIBRARIES)
install-strip:
$(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' INSTALL_SCRIPT='$(INSTALL_PROGRAM)' install
installdirs:
@ -305,7 +305,7 @@ maintainer-clean: maintainer-clean-noinstLIBRARIES \
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
.PHONY: default mostlyclean-noinstLIBRARIES distclean-noinstLIBRARIES \
.PHONY: mostlyclean-noinstLIBRARIES distclean-noinstLIBRARIES \
clean-noinstLIBRARIES maintainer-clean-noinstLIBRARIES \
mostlyclean-compile distclean-compile clean-compile \
maintainer-clean-compile tags mostlyclean-tags distclean-tags \