1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

See ChangeLog: Thu Jul 27 12:01:00 CEST 2000 Werner Koch

This commit is contained in:
Werner Koch 2000-07-27 10:01:27 +00:00
parent 8bd661db8c
commit a2ad808d1f
11 changed files with 131 additions and 3 deletions

4
NEWS
View File

@ -7,6 +7,10 @@ Noteworthy changes in the current CVS branch STABLE-BRANCH-1-0
* Revoked user IDs are now marked in the output of --list-key
* New options --show-session-key and --override-session-key
to help the British folks to somewhat minimize the danger
of this Orwellian RIP bill.
Noteworthy changes in version 1.0.2 (2000-07-12)
----------------------------------------------

View File

@ -214,7 +214,7 @@ more arguments in future versions.
"char" is the character displayed with no --status-fd enabled, with
the linefeed replaced by an 'X'. "cur" is the current amount
done and "total" is amount to be done; a "total" of 0 indicates that
the total amount is not known. 100/100 may be used to detect the
the total amount is not known. 100/100 may be used to detect the
end of operation.
SIG_CREATED <type> <pubkey algo> <hash algo> <class> <timestamp> <key fpr>
@ -225,6 +225,11 @@ more arguments in future versions.
(only the first character should be checked)
class: 2 hex digits with the signature class
SESSION_KEY <algo>:<hexdigits>
The session key used to decrypt the message. This message will
only be emmited when the special option --show-session-key
is used. The format is suitable to be passed to the option
--override-session-key
Key generation

View File

@ -1338,6 +1338,29 @@ the encoding used in old versions. This may only happen for ElGamal signatures
which are not widely used.
</para></listitem></varlistentry>
<varlistentry>
<term>--show-session-key</term>
<listitem><para>
Display the session key used for one message. See --override-session-key
for the counterpart of this option.
</para>
<para>
We think that Key-Escrow is a Bad Thing; however the user should
have the freedom to decide whether to go to prison or to reveal the content of
one specific message without compromising all messages ever encrypted for one
secret key. DON'T USE IT UNLESS YOU ARE REALLY FORCED TO DO SO.
</para></listitem></varlistentry>
<varlistentry>
<term>--override-session-key &ParmString; </term>
<listitem><para>
Don't use the public key but the session key &ParmString;. The format of this
string is the same as the one printed by --show-session-key. This option
is normally not used but comes handy in case someone forces you to reveal the
content of an encrypted message; using this option you can do this without
handing out the secret key.
</para></listitem></varlistentry>
</variablelist>
</refsect1>

View File

@ -1,3 +1,11 @@
Thu Jul 27 12:01:00 CEST 2000 Werner Koch <wk@openit.de>
* g10.c: New options --show-session-key and --override-session-key
* pubkey-enc.c (hextobyte): New.
(get_override_session_key): New.
* mainproc.c (proc_pubkey_enc): Add session-key stuff.
* status.h, status.c (STATUS_SESSION_KEY): New.
Thu Jul 27 10:02:38 CEST 2000 Werner Koch <wk@openit.de>
* g10.c (main): Use setmode(O_BINARY) for MSDOS while generating random bytes

View File

@ -188,6 +188,8 @@ enum cmd_and_opt_values { aNull = 0,
oFastListMode,
oListOnly,
oIgnoreTimeConflict,
oShowSessionKey,
oOverrideSessionKey,
oNoRandomSeedFile,
oNoAutoKeyRetrieve,
oEmu3DESS2KBug, /* will be removed in 1.1 */
@ -370,6 +372,8 @@ static ARGPARSE_OPTS opts[] = {
{ oFastListMode,"fast-list-mode", 0, "@" },
{ oListOnly, "list-only", 0, "@"},
{ oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" },
{ oShowSessionKey, "show-session-key", 0, "@" },
{ oOverrideSessionKey, "override-session-key", 2, "@" },
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
{ oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" },
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
@ -920,6 +924,10 @@ main( int argc, char **argv )
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
case oNoRandomSeedFile: use_random_seed = 0; break;
case oNoAutoKeyRetrieve: opt.auto_key_retrieve = 0; break;
case oShowSessionKey: opt.show_session_key = 1; break;
case oOverrideSessionKey:
opt.override_session_key = pargs.r.ret_str;
break;
default : pargs.err = configfp? 1:2; break;
}

View File

@ -219,8 +219,17 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
write_status_text( STATUS_ENC_TO, buf );
}
if( is_ELGAMAL(enc->pubkey_algo)
if( !opt.list_only && opt.override_session_key ) {
/* It does not make nuch sense to store the session key in
* secure memory because it has already been passed on the
* command line and the GCHQ knows about it */
c->dek = m_alloc( sizeof *c->dek );
result = get_override_session_key ( c->dek, opt.override_session_key );
if ( result ) {
m_free(c->dek); c->dek = NULL;
}
}
else if( is_ELGAMAL(enc->pubkey_algo)
|| enc->pubkey_algo == PUBKEY_ALGO_DSA
|| is_RSA(enc->pubkey_algo) ) {
if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
@ -246,6 +255,15 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
else if( !result ) {
if( opt.verbose > 1 )
log_info( _("public key encrypted data: good DEK\n") );
if ( opt.show_session_key ) {
int i;
char *buf = m_alloc ( c->dek->keylen*2 + 20 );
sprintf ( buf, "%d:", c->dek->algo );
for(i=0; i < c->dek->keylen; i++ )
sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
log_info( "session key: \"%s\"\n", buf );
write_status_text ( STATUS_SESSION_KEY, buf );
}
}
else { /* store it for later display */
struct kidlist_item *x = m_alloc( sizeof *x );

View File

@ -91,6 +91,8 @@ struct {
int ignore_time_conflict;
int command_fd;
int auto_key_retrieve;
const char *override_session_key;
int show_session_key;
} opt;

View File

@ -332,6 +332,7 @@ int protect_secret_key( PKT_secret_key *sk, DEK *dek );
/*-- pubkey-enc.c --*/
int get_session_key( PKT_pubkey_enc *k, DEK *dek );
int get_override_session_key( DEK *dek, const char *string );
/*-- compress.c --*/
int handle_compressed( void *ctx, PKT_compressed *cd,

View File

@ -221,3 +221,59 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid )
}
static int
hextobyte( const char *s )
{
int c;
if( *s >= '0' && *s <= '9' )
c = 16 * (*s - '0');
else if( *s >= 'A' && *s <= 'F' )
c = 16 * (10 + *s - 'A');
else if( *s >= 'a' && *s <= 'f' )
c = 16 * (10 + *s - 'a');
else
return -1;
s++;
if( *s >= '0' && *s <= '9' )
c += *s - '0';
else if( *s >= 'A' && *s <= 'F' )
c += 10 + *s - 'A';
else if( *s >= 'a' && *s <= 'f' )
c += 10 + *s - 'a';
else
return -1;
return c;
}
/****************
* Get the session key from the given string.
* String is supposed to be formatted as this:
* <algo-id>:<even-number-of-hex-digits>
*/
int
get_override_session_key( DEK *dek, const char *string )
{
const char *s;
int i;
if ( !string )
return G10ERR_BAD_KEY;
dek->algo = atoi(string);
if ( dek->algo < 1 )
return G10ERR_BAD_KEY;
if ( !(s = strchr ( string, ':' )) )
return G10ERR_BAD_KEY;
s++;
for(i=0; i < DIM(dek->key) && *s; i++, s +=2 ) {
int c = hextobyte ( s );
if (c == -1)
return G10ERR_BAD_KEY;
dek->key[i] = c;
}
if ( *s )
return G10ERR_BAD_KEY;
dek->keylen = i;
return 0;
}

View File

@ -151,6 +151,7 @@ write_status_text ( int no, const char *text)
case STATUS_DELETE_PROBLEM : s = "DELETE_PROBLEM\n"; break;
case STATUS_PROGRESS : s = "PROGRESS\n"; break;
case STATUS_SIG_CREATED : s = "SIG_CREATED\n"; break;
case STATUS_SESSION_KEY : s = "SESSION_KEY\n"; break;
default: s = "?\n"; break;
}

View File

@ -81,6 +81,8 @@
#define STATUS_GOT_IT 49
#define STATUS_PROGRESS 50
#define STATUS_SIG_CREATED 51
#define STATUS_SESSION_KEY 52
/*-- status.c --*/
void set_status_fd ( int fd );