From a2ad808d1f5e591c3ab24ae325c900806801dee0 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 27 Jul 2000 10:01:27 +0000 Subject: [PATCH] See ChangeLog: Thu Jul 27 12:01:00 CEST 2000 Werner Koch --- NEWS | 4 ++++ doc/DETAILS | 7 +++++- doc/gpg.sgml | 23 ++++++++++++++++++++ g10/ChangeLog | 8 +++++++ g10/g10.c | 8 +++++++ g10/mainproc.c | 22 +++++++++++++++++-- g10/options.h | 2 ++ g10/packet.h | 1 + g10/pubkey-enc.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ g10/status.c | 1 + g10/status.h | 2 ++ 11 files changed, 131 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 2650c93d9..175e52f51 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,10 @@ Noteworthy changes in the current CVS branch STABLE-BRANCH-1-0 * Revoked user IDs are now marked in the output of --list-key + * New options --show-session-key and --override-session-key + to help the British folks to somewhat minimize the danger + of this Orwellian RIP bill. + Noteworthy changes in version 1.0.2 (2000-07-12) ---------------------------------------------- diff --git a/doc/DETAILS b/doc/DETAILS index 14715a827..b641dd7f9 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -214,7 +214,7 @@ more arguments in future versions. "char" is the character displayed with no --status-fd enabled, with the linefeed replaced by an 'X'. "cur" is the current amount done and "total" is amount to be done; a "total" of 0 indicates that - the total amount is not known. 100/100 may be used to detect the + the total amount is not known. 100/100 may be used to detect the end of operation. SIG_CREATED @@ -225,6 +225,11 @@ more arguments in future versions. (only the first character should be checked) class: 2 hex digits with the signature class + SESSION_KEY : + The session key used to decrypt the message. This message will + only be emmited when the special option --show-session-key + is used. The format is suitable to be passed to the option + --override-session-key Key generation diff --git a/doc/gpg.sgml b/doc/gpg.sgml index b57c9ab48..465d6d559 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -1338,6 +1338,29 @@ the encoding used in old versions. This may only happen for ElGamal signatures which are not widely used. + +--show-session-key + +Display the session key used for one message. See --override-session-key +for the counterpart of this option. + + +We think that Key-Escrow is a Bad Thing; however the user should +have the freedom to decide whether to go to prison or to reveal the content of +one specific message without compromising all messages ever encrypted for one +secret key. DON'T USE IT UNLESS YOU ARE REALLY FORCED TO DO SO. + + + +--override-session-key &ParmString; + +Don't use the public key but the session key &ParmString;. The format of this +string is the same as the one printed by --show-session-key. This option +is normally not used but comes handy in case someone forces you to reveal the +content of an encrypted message; using this option you can do this without +handing out the secret key. + + diff --git a/g10/ChangeLog b/g10/ChangeLog index a70ee77b7..9a33b5bc2 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,11 @@ +Thu Jul 27 12:01:00 CEST 2000 Werner Koch + + * g10.c: New options --show-session-key and --override-session-key + * pubkey-enc.c (hextobyte): New. + (get_override_session_key): New. + * mainproc.c (proc_pubkey_enc): Add session-key stuff. + * status.h, status.c (STATUS_SESSION_KEY): New. + Thu Jul 27 10:02:38 CEST 2000 Werner Koch * g10.c (main): Use setmode(O_BINARY) for MSDOS while generating random bytes diff --git a/g10/g10.c b/g10/g10.c index 98e56769c..88d5d025d 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -188,6 +188,8 @@ enum cmd_and_opt_values { aNull = 0, oFastListMode, oListOnly, oIgnoreTimeConflict, + oShowSessionKey, + oOverrideSessionKey, oNoRandomSeedFile, oNoAutoKeyRetrieve, oEmu3DESS2KBug, /* will be removed in 1.1 */ @@ -370,6 +372,8 @@ static ARGPARSE_OPTS opts[] = { { oFastListMode,"fast-list-mode", 0, "@" }, { oListOnly, "list-only", 0, "@"}, { oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" }, + { oShowSessionKey, "show-session-key", 0, "@" }, + { oOverrideSessionKey, "override-session-key", 2, "@" }, { oNoRandomSeedFile, "no-random-seed-file", 0, "@" }, { oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" }, { oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"}, @@ -920,6 +924,10 @@ main( int argc, char **argv ) case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break; case oNoRandomSeedFile: use_random_seed = 0; break; case oNoAutoKeyRetrieve: opt.auto_key_retrieve = 0; break; + case oShowSessionKey: opt.show_session_key = 1; break; + case oOverrideSessionKey: + opt.override_session_key = pargs.r.ret_str; + break; default : pargs.err = configfp? 1:2; break; } diff --git a/g10/mainproc.c b/g10/mainproc.c index a12dbd873..882db04e2 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -219,8 +219,17 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) write_status_text( STATUS_ENC_TO, buf ); } - - if( is_ELGAMAL(enc->pubkey_algo) + if( !opt.list_only && opt.override_session_key ) { + /* It does not make nuch sense to store the session key in + * secure memory because it has already been passed on the + * command line and the GCHQ knows about it */ + c->dek = m_alloc( sizeof *c->dek ); + result = get_override_session_key ( c->dek, opt.override_session_key ); + if ( result ) { + m_free(c->dek); c->dek = NULL; + } + } + else if( is_ELGAMAL(enc->pubkey_algo) || enc->pubkey_algo == PUBKEY_ALGO_DSA || is_RSA(enc->pubkey_algo) ) { if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1]) @@ -246,6 +255,15 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) else if( !result ) { if( opt.verbose > 1 ) log_info( _("public key encrypted data: good DEK\n") ); + if ( opt.show_session_key ) { + int i; + char *buf = m_alloc ( c->dek->keylen*2 + 20 ); + sprintf ( buf, "%d:", c->dek->algo ); + for(i=0; i < c->dek->keylen; i++ ) + sprintf(buf+strlen(buf), "%02X", c->dek->key[i] ); + log_info( "session key: \"%s\"\n", buf ); + write_status_text ( STATUS_SESSION_KEY, buf ); + } } else { /* store it for later display */ struct kidlist_item *x = m_alloc( sizeof *x ); diff --git a/g10/options.h b/g10/options.h index 312068e41..0476aa97d 100644 --- a/g10/options.h +++ b/g10/options.h @@ -91,6 +91,8 @@ struct { int ignore_time_conflict; int command_fd; int auto_key_retrieve; + const char *override_session_key; + int show_session_key; } opt; diff --git a/g10/packet.h b/g10/packet.h index 62626c826..851efab24 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -332,6 +332,7 @@ int protect_secret_key( PKT_secret_key *sk, DEK *dek ); /*-- pubkey-enc.c --*/ int get_session_key( PKT_pubkey_enc *k, DEK *dek ); +int get_override_session_key( DEK *dek, const char *string ); /*-- compress.c --*/ int handle_compressed( void *ctx, PKT_compressed *cd, diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 1806de8f8..b1a9c8ec4 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -221,3 +221,59 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) } +static int +hextobyte( const char *s ) +{ + int c; + + if( *s >= '0' && *s <= '9' ) + c = 16 * (*s - '0'); + else if( *s >= 'A' && *s <= 'F' ) + c = 16 * (10 + *s - 'A'); + else if( *s >= 'a' && *s <= 'f' ) + c = 16 * (10 + *s - 'a'); + else + return -1; + s++; + if( *s >= '0' && *s <= '9' ) + c += *s - '0'; + else if( *s >= 'A' && *s <= 'F' ) + c += 10 + *s - 'A'; + else if( *s >= 'a' && *s <= 'f' ) + c += 10 + *s - 'a'; + else + return -1; + return c; +} + +/**************** + * Get the session key from the given string. + * String is supposed to be formatted as this: + * : + */ +int +get_override_session_key( DEK *dek, const char *string ) +{ + const char *s; + int i; + + if ( !string ) + return G10ERR_BAD_KEY; + dek->algo = atoi(string); + if ( dek->algo < 1 ) + return G10ERR_BAD_KEY; + if ( !(s = strchr ( string, ':' )) ) + return G10ERR_BAD_KEY; + s++; + for(i=0; i < DIM(dek->key) && *s; i++, s +=2 ) { + int c = hextobyte ( s ); + if (c == -1) + return G10ERR_BAD_KEY; + dek->key[i] = c; + } + if ( *s ) + return G10ERR_BAD_KEY; + dek->keylen = i; + return 0; +} + diff --git a/g10/status.c b/g10/status.c index b3bc51e5b..f6e51a8c3 100644 --- a/g10/status.c +++ b/g10/status.c @@ -151,6 +151,7 @@ write_status_text ( int no, const char *text) case STATUS_DELETE_PROBLEM : s = "DELETE_PROBLEM\n"; break; case STATUS_PROGRESS : s = "PROGRESS\n"; break; case STATUS_SIG_CREATED : s = "SIG_CREATED\n"; break; + case STATUS_SESSION_KEY : s = "SESSION_KEY\n"; break; default: s = "?\n"; break; } diff --git a/g10/status.h b/g10/status.h index 843f95cc7..0f65c22d5 100644 --- a/g10/status.h +++ b/g10/status.h @@ -81,6 +81,8 @@ #define STATUS_GOT_IT 49 #define STATUS_PROGRESS 50 #define STATUS_SIG_CREATED 51 +#define STATUS_SESSION_KEY 52 + /*-- status.c --*/ void set_status_fd ( int fd );