security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-22 14:57:02 +01:00
Code Activity

--openpgp implies --allow-non-selfsigned-uid

Browse Source 
If none of the uids are primary (because none are valid) then pick the
first to be primary (but still invalid).  This is for cosmetics in case
some display needs to print a user ID from a non-selfsigned key.  Also use
--allow-non-selfsigned-uid to make such a key valid and not
--always-trust.  The key is *not* automatically trusted via
--allow-non-selfsigned-uid.

Make sure non-selfsigned uids print [uncertain] on verification even
though one is primary now.

If the main key is not valid, then neither are the subkeys.

Allow --allow-non-selfsigned-uid to work on completely unsigned keys.
Print the uids in UTF8.  Remove mark_non_selfsigned_uids_valid()

Show revocation key as UTF8.

Allow --not-dash-escaped to work with v3 keys.
This commit is contained in:
David Shaw 2002-03-17 23:47:32 +00:00
parent 8cb9dd7a39
commit b8858a3ef1
7 changed files with 75 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
g10/ChangeLog
View File

@ -1,3 +1,31 @@
2002-03-17 David Shaw <dshaw@jabberwocky.com>
* g10.c (main): --openpgp implies --allow-non-selfsigned-uid.
* getkey.c (merge_selfsigs_main): If none of the uids are primary
(because none are valid) then pick the first to be primary (but
still invalid). This is for cosmetics in case some display needs
to print a user ID from a non-selfsigned key. Also use
--allow-non-selfsigned-uid to make such a key valid and not
--always-trust. The key is *not* automatically trusted via
--allow-non-selfsigned-uid.
* mainproc.c (check_sig_and_print): Make sure non-selfsigned uids
print [uncertain] on verification even though one is primary now.
* getkey.c (merge_selfsigs): If the main key is not valid, then
neither are the subkeys.
* import.c (import_one): Allow --allow-non-selfsigned-uid to work
on completely unsigned keys. Print the uids in UTF8. Remove
mark_non_selfsigned_uids_valid().
* keyedit.c (show_key_with_all_names): Show revocation key as
UTF8.
* sign.c (clearsign_file): Allow --not-dash-escaped to work with
v3 keys.
2002-03-13 David Shaw <dshaw@jabberwocky.com>
* import.c (chk_self_sigs): Show which user ID a bad self-sig

1
g10/g10.c
View File

@ -1071,6 +1071,7 @@ main( int argc, char **argv )
case oOpenPGP:
opt.rfc1991 = 0;
opt.rfc2440 = 1;
opt.allow_non_selfsigned_uid = 1;
opt.pgp2_workarounds = 0;
opt.escape_from = 0;
opt.force_v3_sigs = 0;

32
g10/getkey.c
View File

@ -1354,12 +1354,13 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
pk->is_valid = 1;
}
/* If the key isn't valid yet, and we have --always-trust set,
then force it valid. */
if(opt.always_trust && !pk->is_valid)
/* If the key isn't valid yet, and we have
--allow-non-selfsigned-uid set, then force it valid. */
if(!pk->is_valid && opt.allow_non_selfsigned_uid)
{
if(opt.verbose)
log_info(_("Invalid key %08lX made valid by --always-trust\n"),
log_info(_("Invalid key %08lX made valid by "
"--allow-non-selfsigned-uid\n"),
(ulong)keyid_from_pk(pk,NULL));
pk->is_valid = 1;
@ -1454,7 +1455,22 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
/* none is flagged primary - use the latest user ID we have */
uidnode2->pkt->pkt.user_id->is_primary = 1;
}
else
{
/* None of our uids were self-signed, so pick the first one to
be the primary. This is the best we can do here since
there are no self sigs to date the uids. */
for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
k = k->next )
{
if(k->pkt->pkttype==PKT_USER_ID)
{
k->pkt->pkt.user_id->is_primary=1;
break;
}
}
}
}
@ -1611,6 +1627,13 @@ merge_selfsigs( KBNODE keyblock )
}
}
/* If the main key is not valid, then the subkeys aren't either,
even if they have binding sigs. */
if(!main_pk->is_valid)
for(k=keyblock; k; k=k->next)
if(k->pkt->pkttype==PKT_PUBLIC_SUBKEY)
k->pkt->pkt.public_key->is_valid=0;
/* set the preference list of all keys to those of the primary
* user ID. Note: we use these preferences when we don't know by
* which user ID the key has been selected.
@ -1640,7 +1663,6 @@ merge_selfsigs( KBNODE keyblock )
pk->mdc_feature = mdc_feature;
}
}
}

37
g10/import.c
View File

@ -67,7 +67,6 @@ static int import_revoke_cert( const char *fname, KBNODE node,
struct stats_s *stats);
static int chk_self_sigs( const char *fname, KBNODE keyblock,
PKT_public_key *pk, u32 *keyid );
static void mark_non_selfsigned_uids_valid( KBNODE keyblock, u32 *kid );
static int delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid );
static int merge_blocks( const char *fname, KBNODE keyblock_orig,
KBNODE keyblock, u32 *keyid,
@ -445,8 +444,18 @@ import_one( const char *fname, KBNODE keyblock, int fast,
if( rc )
return rc== -1? 0:rc;
/* If we allow such a thing, mark unsigned uids as valid */
if( opt.allow_non_selfsigned_uid )
mark_non_selfsigned_uids_valid( keyblock, keyid );
for( node=keyblock; node; node = node->next )
if( node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) )
{
char *user=utf8_to_native(node->pkt->pkt.user_id->name,
node->pkt->pkt.user_id->len,0);
node->flag |= 1;
log_info( _("key %08lX: accepted non self-signed user ID '%s'\n"),
(ulong)keyid[1],user);
m_free(user);
}
if( !delete_inv_parts( fname, keyblock, keyid ) ) {
if( !opt.quiet ) {
@ -866,30 +875,6 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
return 0;
}
/****************
* If a user ID has at least one signature, mark it as valid
*/
static void
mark_non_selfsigned_uids_valid( KBNODE keyblock, u32 *kid )
{
KBNODE node;
for(node=keyblock->next; node; node = node->next ) {
if( node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) ) {
if( (node->next && node->next->pkt->pkttype == PKT_SIGNATURE)
|| !node->next ) {
node->flag |= 1;
log_info( _("key %08lX: accepted non self-signed user ID '"),
(ulong)kid[1]);
print_string( log_stream(), node->pkt->pkt.user_id->name,
node->pkt->pkt.user_id->len, 0 );
fputs("'\n", log_stream() );
}
}
}
}
/****************
* delete all parts which are invalid and those signatures whose
* public key algorithm is not available in this implemenation;

2
g10/keyedit.c
View File

@ -1419,7 +1419,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
keyid_from_fingerprint(pk->revkey[i].fpr,
MAX_FINGERPRINT_LEN,r_keyid);
user=get_user_id_string(r_keyid);
user=get_user_id_string_native(r_keyid);
tty_printf(_("This key may be revoked by %s key %s%s\n"),
pubkey_algo_to_string(pk->revkey[i].algid),

2
g10/mainproc.c
View File

@ -1276,6 +1276,8 @@ check_sig_and_print( CTX c, KBNODE node )
for( un=keyblock; un; un = un->next ) {
if( un->pkt->pkttype != PKT_USER_ID )
continue;
if ( !un->pkt->pkt.user_id->created )
continue;
if ( un->pkt->pkt.user_id->is_revoked )
continue;
if ( !un->pkt->pkt.user_id->is_primary )

12
g10/sign.c
View File

@ -825,9 +825,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
}
}
if( old_style && only_md5 )
iobuf_writestr(out, LF );
else {
if( !(old_style && only_md5) ) {
const char *s;
int any = 0;
byte hashs_seen[256];
@ -851,12 +849,12 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
}
assert(any);
iobuf_writestr(out, LF );
if( opt.not_dash_escaped )
iobuf_writestr( out,
"NotDashEscaped: You need GnuPG to verify this message" LF );
iobuf_writestr(out, LF );
}
if( opt.not_dash_escaped )
iobuf_writestr( out,
"NotDashEscaped: You need GnuPG to verify this message" LF );
iobuf_writestr(out, LF );
textmd = md_open(0, 0);
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {