mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
See ChangeLog: Thu Jul 27 12:01:00 CEST 2000 Werner Koch
This commit is contained in:
parent
8bd661db8c
commit
a2ad808d1f
4
NEWS
4
NEWS
@ -7,6 +7,10 @@ Noteworthy changes in the current CVS branch STABLE-BRANCH-1-0
|
||||
|
||||
* Revoked user IDs are now marked in the output of --list-key
|
||||
|
||||
* New options --show-session-key and --override-session-key
|
||||
to help the British folks to somewhat minimize the danger
|
||||
of this Orwellian RIP bill.
|
||||
|
||||
|
||||
Noteworthy changes in version 1.0.2 (2000-07-12)
|
||||
----------------------------------------------
|
||||
|
@ -214,7 +214,7 @@ more arguments in future versions.
|
||||
"char" is the character displayed with no --status-fd enabled, with
|
||||
the linefeed replaced by an 'X'. "cur" is the current amount
|
||||
done and "total" is amount to be done; a "total" of 0 indicates that
|
||||
the total amount is not known. 100/100 may be used to detect the
|
||||
the total amount is not known. 100/100 may be used to detect the
|
||||
end of operation.
|
||||
|
||||
SIG_CREATED <type> <pubkey algo> <hash algo> <class> <timestamp> <key fpr>
|
||||
@ -225,6 +225,11 @@ more arguments in future versions.
|
||||
(only the first character should be checked)
|
||||
class: 2 hex digits with the signature class
|
||||
|
||||
SESSION_KEY <algo>:<hexdigits>
|
||||
The session key used to decrypt the message. This message will
|
||||
only be emmited when the special option --show-session-key
|
||||
is used. The format is suitable to be passed to the option
|
||||
--override-session-key
|
||||
|
||||
|
||||
Key generation
|
||||
|
23
doc/gpg.sgml
23
doc/gpg.sgml
@ -1338,6 +1338,29 @@ the encoding used in old versions. This may only happen for ElGamal signatures
|
||||
which are not widely used.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--show-session-key</term>
|
||||
<listitem><para>
|
||||
Display the session key used for one message. See --override-session-key
|
||||
for the counterpart of this option.
|
||||
</para>
|
||||
<para>
|
||||
We think that Key-Escrow is a Bad Thing; however the user should
|
||||
have the freedom to decide whether to go to prison or to reveal the content of
|
||||
one specific message without compromising all messages ever encrypted for one
|
||||
secret key. DON'T USE IT UNLESS YOU ARE REALLY FORCED TO DO SO.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--override-session-key &ParmString; </term>
|
||||
<listitem><para>
|
||||
Don't use the public key but the session key &ParmString;. The format of this
|
||||
string is the same as the one printed by --show-session-key. This option
|
||||
is normally not used but comes handy in case someone forces you to reveal the
|
||||
content of an encrypted message; using this option you can do this without
|
||||
handing out the secret key.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
@ -1,3 +1,11 @@
|
||||
Thu Jul 27 12:01:00 CEST 2000 Werner Koch <wk@openit.de>
|
||||
|
||||
* g10.c: New options --show-session-key and --override-session-key
|
||||
* pubkey-enc.c (hextobyte): New.
|
||||
(get_override_session_key): New.
|
||||
* mainproc.c (proc_pubkey_enc): Add session-key stuff.
|
||||
* status.h, status.c (STATUS_SESSION_KEY): New.
|
||||
|
||||
Thu Jul 27 10:02:38 CEST 2000 Werner Koch <wk@openit.de>
|
||||
|
||||
* g10.c (main): Use setmode(O_BINARY) for MSDOS while generating random bytes
|
||||
|
@ -188,6 +188,8 @@ enum cmd_and_opt_values { aNull = 0,
|
||||
oFastListMode,
|
||||
oListOnly,
|
||||
oIgnoreTimeConflict,
|
||||
oShowSessionKey,
|
||||
oOverrideSessionKey,
|
||||
oNoRandomSeedFile,
|
||||
oNoAutoKeyRetrieve,
|
||||
oEmu3DESS2KBug, /* will be removed in 1.1 */
|
||||
@ -370,6 +372,8 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oFastListMode,"fast-list-mode", 0, "@" },
|
||||
{ oListOnly, "list-only", 0, "@"},
|
||||
{ oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" },
|
||||
{ oShowSessionKey, "show-session-key", 0, "@" },
|
||||
{ oOverrideSessionKey, "override-session-key", 2, "@" },
|
||||
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
|
||||
{ oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" },
|
||||
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
|
||||
@ -920,6 +924,10 @@ main( int argc, char **argv )
|
||||
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
|
||||
case oNoRandomSeedFile: use_random_seed = 0; break;
|
||||
case oNoAutoKeyRetrieve: opt.auto_key_retrieve = 0; break;
|
||||
case oShowSessionKey: opt.show_session_key = 1; break;
|
||||
case oOverrideSessionKey:
|
||||
opt.override_session_key = pargs.r.ret_str;
|
||||
break;
|
||||
|
||||
default : pargs.err = configfp? 1:2; break;
|
||||
}
|
||||
|
@ -219,8 +219,17 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
|
||||
write_status_text( STATUS_ENC_TO, buf );
|
||||
}
|
||||
|
||||
|
||||
if( is_ELGAMAL(enc->pubkey_algo)
|
||||
if( !opt.list_only && opt.override_session_key ) {
|
||||
/* It does not make nuch sense to store the session key in
|
||||
* secure memory because it has already been passed on the
|
||||
* command line and the GCHQ knows about it */
|
||||
c->dek = m_alloc( sizeof *c->dek );
|
||||
result = get_override_session_key ( c->dek, opt.override_session_key );
|
||||
if ( result ) {
|
||||
m_free(c->dek); c->dek = NULL;
|
||||
}
|
||||
}
|
||||
else if( is_ELGAMAL(enc->pubkey_algo)
|
||||
|| enc->pubkey_algo == PUBKEY_ALGO_DSA
|
||||
|| is_RSA(enc->pubkey_algo) ) {
|
||||
if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
|
||||
@ -246,6 +255,15 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
|
||||
else if( !result ) {
|
||||
if( opt.verbose > 1 )
|
||||
log_info( _("public key encrypted data: good DEK\n") );
|
||||
if ( opt.show_session_key ) {
|
||||
int i;
|
||||
char *buf = m_alloc ( c->dek->keylen*2 + 20 );
|
||||
sprintf ( buf, "%d:", c->dek->algo );
|
||||
for(i=0; i < c->dek->keylen; i++ )
|
||||
sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
|
||||
log_info( "session key: \"%s\"\n", buf );
|
||||
write_status_text ( STATUS_SESSION_KEY, buf );
|
||||
}
|
||||
}
|
||||
else { /* store it for later display */
|
||||
struct kidlist_item *x = m_alloc( sizeof *x );
|
||||
|
@ -91,6 +91,8 @@ struct {
|
||||
int ignore_time_conflict;
|
||||
int command_fd;
|
||||
int auto_key_retrieve;
|
||||
const char *override_session_key;
|
||||
int show_session_key;
|
||||
} opt;
|
||||
|
||||
|
||||
|
@ -332,6 +332,7 @@ int protect_secret_key( PKT_secret_key *sk, DEK *dek );
|
||||
|
||||
/*-- pubkey-enc.c --*/
|
||||
int get_session_key( PKT_pubkey_enc *k, DEK *dek );
|
||||
int get_override_session_key( DEK *dek, const char *string );
|
||||
|
||||
/*-- compress.c --*/
|
||||
int handle_compressed( void *ctx, PKT_compressed *cd,
|
||||
|
@ -221,3 +221,59 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid )
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
hextobyte( const char *s )
|
||||
{
|
||||
int c;
|
||||
|
||||
if( *s >= '0' && *s <= '9' )
|
||||
c = 16 * (*s - '0');
|
||||
else if( *s >= 'A' && *s <= 'F' )
|
||||
c = 16 * (10 + *s - 'A');
|
||||
else if( *s >= 'a' && *s <= 'f' )
|
||||
c = 16 * (10 + *s - 'a');
|
||||
else
|
||||
return -1;
|
||||
s++;
|
||||
if( *s >= '0' && *s <= '9' )
|
||||
c += *s - '0';
|
||||
else if( *s >= 'A' && *s <= 'F' )
|
||||
c += 10 + *s - 'A';
|
||||
else if( *s >= 'a' && *s <= 'f' )
|
||||
c += 10 + *s - 'a';
|
||||
else
|
||||
return -1;
|
||||
return c;
|
||||
}
|
||||
|
||||
/****************
|
||||
* Get the session key from the given string.
|
||||
* String is supposed to be formatted as this:
|
||||
* <algo-id>:<even-number-of-hex-digits>
|
||||
*/
|
||||
int
|
||||
get_override_session_key( DEK *dek, const char *string )
|
||||
{
|
||||
const char *s;
|
||||
int i;
|
||||
|
||||
if ( !string )
|
||||
return G10ERR_BAD_KEY;
|
||||
dek->algo = atoi(string);
|
||||
if ( dek->algo < 1 )
|
||||
return G10ERR_BAD_KEY;
|
||||
if ( !(s = strchr ( string, ':' )) )
|
||||
return G10ERR_BAD_KEY;
|
||||
s++;
|
||||
for(i=0; i < DIM(dek->key) && *s; i++, s +=2 ) {
|
||||
int c = hextobyte ( s );
|
||||
if (c == -1)
|
||||
return G10ERR_BAD_KEY;
|
||||
dek->key[i] = c;
|
||||
}
|
||||
if ( *s )
|
||||
return G10ERR_BAD_KEY;
|
||||
dek->keylen = i;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -151,6 +151,7 @@ write_status_text ( int no, const char *text)
|
||||
case STATUS_DELETE_PROBLEM : s = "DELETE_PROBLEM\n"; break;
|
||||
case STATUS_PROGRESS : s = "PROGRESS\n"; break;
|
||||
case STATUS_SIG_CREATED : s = "SIG_CREATED\n"; break;
|
||||
case STATUS_SESSION_KEY : s = "SESSION_KEY\n"; break;
|
||||
default: s = "?\n"; break;
|
||||
}
|
||||
|
||||
|
@ -81,6 +81,8 @@
|
||||
#define STATUS_GOT_IT 49
|
||||
#define STATUS_PROGRESS 50
|
||||
#define STATUS_SIG_CREATED 51
|
||||
#define STATUS_SESSION_KEY 52
|
||||
|
||||
|
||||
/*-- status.c --*/
|
||||
void set_status_fd ( int fd );
|
||||
|
Loading…
x
Reference in New Issue
Block a user