gpgv: Tweak default options for extra security.

* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on cached status. Similarly, set opt.flags.require_cross_cert for backsig validation for subkey signature. -- (backport of master commit e32c575e0f) It is common that an organization distributes binary keyrings with signature cache (Tag 12, Trust Packet) and people use gpgv to validate signature with such keyrings. In such a use case, it is possible that the key validation itself is skipped. For the purpose of gpgv validation of signatures, we should not depend on signature cache in keyrings (if any), but we should validate the key by its self signature for primary key, and back signature for subkey. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-09 10:20:02 +09:00 · 2016-07-09 10:20:02 +09:00 · cf01cf8b88
parent ca1fc59626
commit cf01cf8b88
1 changed files with 2 additions and 0 deletions
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@ -144,6 +144,8 @@ main( int argc, char **argv )
    opt.pgp2_workarounds = 1;
    opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
    opt.trust_model = TM_ALWAYS;
+    opt.no_sig_cache = 1;
+    opt.flags.require_cross_cert = 1;
    opt.batch = 1;
    opt.weak_digests = NULL;