mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
See ChangeLog: Thu Jul 27 12:01:00 CEST 2000 Werner Koch
This commit is contained in:
parent
8bd661db8c
commit
a2ad808d1f
4
NEWS
4
NEWS
@ -7,6 +7,10 @@ Noteworthy changes in the current CVS branch STABLE-BRANCH-1-0
|
|||||||
|
|
||||||
* Revoked user IDs are now marked in the output of --list-key
|
* Revoked user IDs are now marked in the output of --list-key
|
||||||
|
|
||||||
|
* New options --show-session-key and --override-session-key
|
||||||
|
to help the British folks to somewhat minimize the danger
|
||||||
|
of this Orwellian RIP bill.
|
||||||
|
|
||||||
|
|
||||||
Noteworthy changes in version 1.0.2 (2000-07-12)
|
Noteworthy changes in version 1.0.2 (2000-07-12)
|
||||||
----------------------------------------------
|
----------------------------------------------
|
||||||
|
@ -214,7 +214,7 @@ more arguments in future versions.
|
|||||||
"char" is the character displayed with no --status-fd enabled, with
|
"char" is the character displayed with no --status-fd enabled, with
|
||||||
the linefeed replaced by an 'X'. "cur" is the current amount
|
the linefeed replaced by an 'X'. "cur" is the current amount
|
||||||
done and "total" is amount to be done; a "total" of 0 indicates that
|
done and "total" is amount to be done; a "total" of 0 indicates that
|
||||||
the total amount is not known. 100/100 may be used to detect the
|
the total amount is not known. 100/100 may be used to detect the
|
||||||
end of operation.
|
end of operation.
|
||||||
|
|
||||||
SIG_CREATED <type> <pubkey algo> <hash algo> <class> <timestamp> <key fpr>
|
SIG_CREATED <type> <pubkey algo> <hash algo> <class> <timestamp> <key fpr>
|
||||||
@ -225,6 +225,11 @@ more arguments in future versions.
|
|||||||
(only the first character should be checked)
|
(only the first character should be checked)
|
||||||
class: 2 hex digits with the signature class
|
class: 2 hex digits with the signature class
|
||||||
|
|
||||||
|
SESSION_KEY <algo>:<hexdigits>
|
||||||
|
The session key used to decrypt the message. This message will
|
||||||
|
only be emmited when the special option --show-session-key
|
||||||
|
is used. The format is suitable to be passed to the option
|
||||||
|
--override-session-key
|
||||||
|
|
||||||
|
|
||||||
Key generation
|
Key generation
|
||||||
|
23
doc/gpg.sgml
23
doc/gpg.sgml
@ -1338,6 +1338,29 @@ the encoding used in old versions. This may only happen for ElGamal signatures
|
|||||||
which are not widely used.
|
which are not widely used.
|
||||||
</para></listitem></varlistentry>
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>--show-session-key</term>
|
||||||
|
<listitem><para>
|
||||||
|
Display the session key used for one message. See --override-session-key
|
||||||
|
for the counterpart of this option.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
We think that Key-Escrow is a Bad Thing; however the user should
|
||||||
|
have the freedom to decide whether to go to prison or to reveal the content of
|
||||||
|
one specific message without compromising all messages ever encrypted for one
|
||||||
|
secret key. DON'T USE IT UNLESS YOU ARE REALLY FORCED TO DO SO.
|
||||||
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>--override-session-key &ParmString; </term>
|
||||||
|
<listitem><para>
|
||||||
|
Don't use the public key but the session key &ParmString;. The format of this
|
||||||
|
string is the same as the one printed by --show-session-key. This option
|
||||||
|
is normally not used but comes handy in case someone forces you to reveal the
|
||||||
|
content of an encrypted message; using this option you can do this without
|
||||||
|
handing out the secret key.
|
||||||
|
</para></listitem></varlistentry>
|
||||||
|
|
||||||
|
|
||||||
</variablelist>
|
</variablelist>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
@ -1,3 +1,11 @@
|
|||||||
|
Thu Jul 27 12:01:00 CEST 2000 Werner Koch <wk@openit.de>
|
||||||
|
|
||||||
|
* g10.c: New options --show-session-key and --override-session-key
|
||||||
|
* pubkey-enc.c (hextobyte): New.
|
||||||
|
(get_override_session_key): New.
|
||||||
|
* mainproc.c (proc_pubkey_enc): Add session-key stuff.
|
||||||
|
* status.h, status.c (STATUS_SESSION_KEY): New.
|
||||||
|
|
||||||
Thu Jul 27 10:02:38 CEST 2000 Werner Koch <wk@openit.de>
|
Thu Jul 27 10:02:38 CEST 2000 Werner Koch <wk@openit.de>
|
||||||
|
|
||||||
* g10.c (main): Use setmode(O_BINARY) for MSDOS while generating random bytes
|
* g10.c (main): Use setmode(O_BINARY) for MSDOS while generating random bytes
|
||||||
|
@ -188,6 +188,8 @@ enum cmd_and_opt_values { aNull = 0,
|
|||||||
oFastListMode,
|
oFastListMode,
|
||||||
oListOnly,
|
oListOnly,
|
||||||
oIgnoreTimeConflict,
|
oIgnoreTimeConflict,
|
||||||
|
oShowSessionKey,
|
||||||
|
oOverrideSessionKey,
|
||||||
oNoRandomSeedFile,
|
oNoRandomSeedFile,
|
||||||
oNoAutoKeyRetrieve,
|
oNoAutoKeyRetrieve,
|
||||||
oEmu3DESS2KBug, /* will be removed in 1.1 */
|
oEmu3DESS2KBug, /* will be removed in 1.1 */
|
||||||
@ -370,6 +372,8 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
{ oFastListMode,"fast-list-mode", 0, "@" },
|
{ oFastListMode,"fast-list-mode", 0, "@" },
|
||||||
{ oListOnly, "list-only", 0, "@"},
|
{ oListOnly, "list-only", 0, "@"},
|
||||||
{ oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" },
|
{ oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" },
|
||||||
|
{ oShowSessionKey, "show-session-key", 0, "@" },
|
||||||
|
{ oOverrideSessionKey, "override-session-key", 2, "@" },
|
||||||
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
|
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
|
||||||
{ oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" },
|
{ oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" },
|
||||||
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
|
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
|
||||||
@ -920,6 +924,10 @@ main( int argc, char **argv )
|
|||||||
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
|
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
|
||||||
case oNoRandomSeedFile: use_random_seed = 0; break;
|
case oNoRandomSeedFile: use_random_seed = 0; break;
|
||||||
case oNoAutoKeyRetrieve: opt.auto_key_retrieve = 0; break;
|
case oNoAutoKeyRetrieve: opt.auto_key_retrieve = 0; break;
|
||||||
|
case oShowSessionKey: opt.show_session_key = 1; break;
|
||||||
|
case oOverrideSessionKey:
|
||||||
|
opt.override_session_key = pargs.r.ret_str;
|
||||||
|
break;
|
||||||
|
|
||||||
default : pargs.err = configfp? 1:2; break;
|
default : pargs.err = configfp? 1:2; break;
|
||||||
}
|
}
|
||||||
|
@ -219,8 +219,17 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
|
|||||||
write_status_text( STATUS_ENC_TO, buf );
|
write_status_text( STATUS_ENC_TO, buf );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( !opt.list_only && opt.override_session_key ) {
|
||||||
if( is_ELGAMAL(enc->pubkey_algo)
|
/* It does not make nuch sense to store the session key in
|
||||||
|
* secure memory because it has already been passed on the
|
||||||
|
* command line and the GCHQ knows about it */
|
||||||
|
c->dek = m_alloc( sizeof *c->dek );
|
||||||
|
result = get_override_session_key ( c->dek, opt.override_session_key );
|
||||||
|
if ( result ) {
|
||||||
|
m_free(c->dek); c->dek = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if( is_ELGAMAL(enc->pubkey_algo)
|
||||||
|| enc->pubkey_algo == PUBKEY_ALGO_DSA
|
|| enc->pubkey_algo == PUBKEY_ALGO_DSA
|
||||||
|| is_RSA(enc->pubkey_algo) ) {
|
|| is_RSA(enc->pubkey_algo) ) {
|
||||||
if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
|
if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
|
||||||
@ -246,6 +255,15 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
|
|||||||
else if( !result ) {
|
else if( !result ) {
|
||||||
if( opt.verbose > 1 )
|
if( opt.verbose > 1 )
|
||||||
log_info( _("public key encrypted data: good DEK\n") );
|
log_info( _("public key encrypted data: good DEK\n") );
|
||||||
|
if ( opt.show_session_key ) {
|
||||||
|
int i;
|
||||||
|
char *buf = m_alloc ( c->dek->keylen*2 + 20 );
|
||||||
|
sprintf ( buf, "%d:", c->dek->algo );
|
||||||
|
for(i=0; i < c->dek->keylen; i++ )
|
||||||
|
sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
|
||||||
|
log_info( "session key: \"%s\"\n", buf );
|
||||||
|
write_status_text ( STATUS_SESSION_KEY, buf );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else { /* store it for later display */
|
else { /* store it for later display */
|
||||||
struct kidlist_item *x = m_alloc( sizeof *x );
|
struct kidlist_item *x = m_alloc( sizeof *x );
|
||||||
|
@ -91,6 +91,8 @@ struct {
|
|||||||
int ignore_time_conflict;
|
int ignore_time_conflict;
|
||||||
int command_fd;
|
int command_fd;
|
||||||
int auto_key_retrieve;
|
int auto_key_retrieve;
|
||||||
|
const char *override_session_key;
|
||||||
|
int show_session_key;
|
||||||
} opt;
|
} opt;
|
||||||
|
|
||||||
|
|
||||||
|
@ -332,6 +332,7 @@ int protect_secret_key( PKT_secret_key *sk, DEK *dek );
|
|||||||
|
|
||||||
/*-- pubkey-enc.c --*/
|
/*-- pubkey-enc.c --*/
|
||||||
int get_session_key( PKT_pubkey_enc *k, DEK *dek );
|
int get_session_key( PKT_pubkey_enc *k, DEK *dek );
|
||||||
|
int get_override_session_key( DEK *dek, const char *string );
|
||||||
|
|
||||||
/*-- compress.c --*/
|
/*-- compress.c --*/
|
||||||
int handle_compressed( void *ctx, PKT_compressed *cd,
|
int handle_compressed( void *ctx, PKT_compressed *cd,
|
||||||
|
@ -221,3 +221,59 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid )
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int
|
||||||
|
hextobyte( const char *s )
|
||||||
|
{
|
||||||
|
int c;
|
||||||
|
|
||||||
|
if( *s >= '0' && *s <= '9' )
|
||||||
|
c = 16 * (*s - '0');
|
||||||
|
else if( *s >= 'A' && *s <= 'F' )
|
||||||
|
c = 16 * (10 + *s - 'A');
|
||||||
|
else if( *s >= 'a' && *s <= 'f' )
|
||||||
|
c = 16 * (10 + *s - 'a');
|
||||||
|
else
|
||||||
|
return -1;
|
||||||
|
s++;
|
||||||
|
if( *s >= '0' && *s <= '9' )
|
||||||
|
c += *s - '0';
|
||||||
|
else if( *s >= 'A' && *s <= 'F' )
|
||||||
|
c += 10 + *s - 'A';
|
||||||
|
else if( *s >= 'a' && *s <= 'f' )
|
||||||
|
c += 10 + *s - 'a';
|
||||||
|
else
|
||||||
|
return -1;
|
||||||
|
return c;
|
||||||
|
}
|
||||||
|
|
||||||
|
/****************
|
||||||
|
* Get the session key from the given string.
|
||||||
|
* String is supposed to be formatted as this:
|
||||||
|
* <algo-id>:<even-number-of-hex-digits>
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
get_override_session_key( DEK *dek, const char *string )
|
||||||
|
{
|
||||||
|
const char *s;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
if ( !string )
|
||||||
|
return G10ERR_BAD_KEY;
|
||||||
|
dek->algo = atoi(string);
|
||||||
|
if ( dek->algo < 1 )
|
||||||
|
return G10ERR_BAD_KEY;
|
||||||
|
if ( !(s = strchr ( string, ':' )) )
|
||||||
|
return G10ERR_BAD_KEY;
|
||||||
|
s++;
|
||||||
|
for(i=0; i < DIM(dek->key) && *s; i++, s +=2 ) {
|
||||||
|
int c = hextobyte ( s );
|
||||||
|
if (c == -1)
|
||||||
|
return G10ERR_BAD_KEY;
|
||||||
|
dek->key[i] = c;
|
||||||
|
}
|
||||||
|
if ( *s )
|
||||||
|
return G10ERR_BAD_KEY;
|
||||||
|
dek->keylen = i;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
@ -151,6 +151,7 @@ write_status_text ( int no, const char *text)
|
|||||||
case STATUS_DELETE_PROBLEM : s = "DELETE_PROBLEM\n"; break;
|
case STATUS_DELETE_PROBLEM : s = "DELETE_PROBLEM\n"; break;
|
||||||
case STATUS_PROGRESS : s = "PROGRESS\n"; break;
|
case STATUS_PROGRESS : s = "PROGRESS\n"; break;
|
||||||
case STATUS_SIG_CREATED : s = "SIG_CREATED\n"; break;
|
case STATUS_SIG_CREATED : s = "SIG_CREATED\n"; break;
|
||||||
|
case STATUS_SESSION_KEY : s = "SESSION_KEY\n"; break;
|
||||||
default: s = "?\n"; break;
|
default: s = "?\n"; break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -81,6 +81,8 @@
|
|||||||
#define STATUS_GOT_IT 49
|
#define STATUS_GOT_IT 49
|
||||||
#define STATUS_PROGRESS 50
|
#define STATUS_PROGRESS 50
|
||||||
#define STATUS_SIG_CREATED 51
|
#define STATUS_SIG_CREATED 51
|
||||||
|
#define STATUS_SESSION_KEY 52
|
||||||
|
|
||||||
|
|
||||||
/*-- status.c --*/
|
/*-- status.c --*/
|
||||||
void set_status_fd ( int fd );
|
void set_status_fd ( int fd );
|
||||||
|
Loading…
x
Reference in New Issue
Block a user