Allow type 20 keys only with option --rfc2440.

NEWS

@@ -14,7 +14,8 @@ Noteworthy changes in version 2.0.8
  * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the
    pinentry.
 
- * Allow encryption using Elgamal keys with the algorithm id 20.
+ * Allow encryption with legacy Elgamal sign+encrypt keys with option
+   --rfc2440.
 
  * Fixed the auto creation of the key stub for smartcards.  
 

g10/ChangeLog

@@ -1,3 +1,10 @@
+2007-12-12  Werner Koch  <wk@g10code.com>
+
+	* misc.c (print_pubkey_algo_note): Print a warning if a type 20
+	key is used.
+	(openpgp_pk_test_algo, openpgp_pk_test_algo2) 
+	(openpgp_pk_algo_usage): Allow type 20 keys only in rfc2440 mode.
+
 2007-12-12  David Shaw  <dshaw@jabberwocky.com>  (wk)
 
 	* trustdb.c (sanitize_regexp): New.  Protect against dangerous

g10/misc.c

@@ -289,6 +289,10 @@ print_pubkey_algo_note( int algo )
 		    gcry_pk_algo_name (algo));
 	}
     }
+  else if (algo == 20)
+    {
+      log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n"));
+    }
 }
 
 void
@@ -387,6 +391,10 @@ openpgp_cipher_algo_name (int algo)
 int
 openpgp_pk_test_algo( int algo )
 {
+  /* Dont't allow type 20 keys unless in rfc2440 mode.  */
+  if (!RFC2440 && algo == 20)
+    return gpg_error (GPG_ERR_PUBKEY_ALGO);
+    
   if (algo == GCRY_PK_ELG_E)
     algo = GCRY_PK_ELG;
 
@@ -400,6 +408,10 @@ openpgp_pk_test_algo2( int algo, unsigned int use )
 {
   size_t use_buf = use;
 
+  /* Dont't allow type 20 keys unless in rfc2440 mode.  */
+  if (!RFC2440 && algo == 20)
+    return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
   if (algo == GCRY_PK_ELG_E)
     algo = GCRY_PK_ELG;
 
@@ -427,6 +439,9 @@ openpgp_pk_algo_usage ( int algo )
           use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG;
           break;
       case PUBKEY_ALGO_ELGAMAL:
+          if (RFC2440)
+             use = PUBKEY_USAGE_ENC;
+          break;
       case PUBKEY_ALGO_ELGAMAL_E:
           use = PUBKEY_USAGE_ENC;
           break;