diff --git a/NEWS b/NEWS index e6fe5a914..d5130d7fc 100644 --- a/NEWS +++ b/NEWS @@ -14,7 +14,8 @@ Noteworthy changes in version 2.0.8 * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the pinentry. - * Allow encryption using Elgamal keys with the algorithm id 20. + * Allow encryption with legacy Elgamal sign+encrypt keys with option + --rfc2440. * Fixed the auto creation of the key stub for smartcards. diff --git a/g10/ChangeLog b/g10/ChangeLog index dba73c96e..99e677eaf 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,10 @@ +2007-12-12 Werner Koch + + * misc.c (print_pubkey_algo_note): Print a warning if a type 20 + key is used. + (openpgp_pk_test_algo, openpgp_pk_test_algo2) + (openpgp_pk_algo_usage): Allow type 20 keys only in rfc2440 mode. + 2007-12-12 David Shaw (wk) * trustdb.c (sanitize_regexp): New. Protect against dangerous diff --git a/g10/misc.c b/g10/misc.c index fa85e61c7..233c40264 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -289,6 +289,10 @@ print_pubkey_algo_note( int algo ) gcry_pk_algo_name (algo)); } } + else if (algo == 20) + { + log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n")); + } } void @@ -387,6 +391,10 @@ openpgp_cipher_algo_name (int algo) int openpgp_pk_test_algo( int algo ) { + /* Dont't allow type 20 keys unless in rfc2440 mode. */ + if (!RFC2440 && algo == 20) + return gpg_error (GPG_ERR_PUBKEY_ALGO); + if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; @@ -400,6 +408,10 @@ openpgp_pk_test_algo2( int algo, unsigned int use ) { size_t use_buf = use; + /* Dont't allow type 20 keys unless in rfc2440 mode. */ + if (!RFC2440 && algo == 20) + return gpg_error (GPG_ERR_PUBKEY_ALGO); + if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; @@ -427,6 +439,9 @@ openpgp_pk_algo_usage ( int algo ) use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG; break; case PUBKEY_ALGO_ELGAMAL: + if (RFC2440) + use = PUBKEY_USAGE_ENC; + break; case PUBKEY_ALGO_ELGAMAL_E: use = PUBKEY_USAGE_ENC; break;