mirror of git://git.gnupg.org/gnupg.git
gpg: Print PGP-2 fingerprint instead of all zeroes.
* g10/keyid.c (fingerprint_from_pk): Allow PGP-2 fingerprints. * g10/keylist.c (print_fingerprint): Print a warning after a PGP-2 fingerprint. -- Printing all zeroes for a PGP-2 (v3 key) fingerprint has the problem that frontends (or the user) may use that fingerprint to lookup a key and gpg will return all PGP2 keys. They may then show a different PGP-2 key than the one actually used for a signature. This is worse than displaying a weak fingerprint. GnuPG-bug-id: 2000 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
e2eba81fae
commit
be34857939
|
|
@ -670,7 +670,7 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len )
|
|||
|
||||
if ( pk->version < 4 )
|
||||
{
|
||||
if ( is_RSA(pk->pubkey_algo) && opt.flags.allow_weak_digest_algos)
|
||||
if (is_RSA(pk->pubkey_algo))
|
||||
{
|
||||
/* RSA in version 3 packets is special. */
|
||||
gcry_md_hd_t md;
|
||||
|
|
|
|||
|
|
@ -1590,6 +1590,14 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
|
|||
putc ('\n', fp);
|
||||
else
|
||||
tty_printf ("\n");
|
||||
|
||||
if (n==16 && !opt.with_colons && !opt.flags.allow_weak_digest_algos)
|
||||
{
|
||||
if (fp)
|
||||
fprintf (fp, _("WARNING: a PGP-2 fingerprint is not safe\n"));
|
||||
else
|
||||
tty_printf (_("WARNING: a PGP-2 fingerprint is not safe\n"));
|
||||
}
|
||||
}
|
||||
|
||||
/* Print the serial number of an OpenPGP card if available. */
|
||||
|
|
|
|||
Loading…
Reference in New Issue