security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Code Activity

gpg: Print PGP-2 fingerprint instead of all zeroes.

Browse Source 
* g10/keyid.c (fingerprint_from_pk): Allow PGP-2 fingerprints.
* g10/keylist.c (print_fingerprint): Print a warning after a PGP-2
fingerprint.
--

Printing all zeroes for a PGP-2 (v3 key) fingerprint has the problem
that frontends (or the user) may use that fingerprint to lookup a key
and gpg will return all PGP2 keys.  They may then show a different
PGP-2 key than the one actually used for a signature.  This is worse
than displaying a weak fingerprint.

GnuPG-bug-id: 2000
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-06-17 08:37:02 +02:00
parent e2eba81fae
commit be34857939
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
g10/keyid.c
View File

@ -670,7 +670,7 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len )
if ( pk->version < 4 )
{
if ( is_RSA(pk->pubkey_algo) && opt.flags.allow_weak_digest_algos)
if (is_RSA(pk->pubkey_algo))
{
/* RSA in version 3 packets is special. */
gcry_md_hd_t md;

8
g10/keylist.c
View File

@ -1590,6 +1590,14 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
putc ('\n', fp);
else
tty_printf ("\n");
if (n==16 && !opt.with_colons && !opt.flags.allow_weak_digest_algos)
{
if (fp)
fprintf (fp, _("WARNING: a PGP-2 fingerprint is not safe\n"));
else
tty_printf (_("WARNING: a PGP-2 fingerprint is not safe\n"));
}
}
/* Print the serial number of an OpenPGP card if available. */