security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Add gpgconf related dummy options default_pubkey_algo. 

Add option --skip-hidden-recipients
Comment updates.
This commit is contained in:
Werner Koch 2009-11-23 19:18:04 +00:00
parent 5741eace29
commit cf2ec5673f
12 changed files with 71 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/ChangeLog
View File

@ -1,3 +1,8 @@
2009-11-18 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Key related Options): Describe
--skip-hidden-recipients.
2009-10-19 David Shaw <dshaw@jabberwocky.com> 2009-10-19 David Shaw <dshaw@jabberwocky.com>
* gpg.texi (GPG Configuration Options): Clarify that ca-cert-file * gpg.texi (GPG Configuration Options): Clarify that ca-cert-file

14
doc/gpg.texi
View File

@ -1761,14 +1761,24 @@ Use @var{name} as the key to sign with. Note that this option overrides
@option{--default-key}. @option{--default-key}.
@item --try-all-secrets @item --try-all-secrets
@opindex try-all-secrets
Don't look at the key ID as stored in the message but try all secret Don't look at the key ID as stored in the message but try all secret
keys in turn to find the right decryption key. This option forces the keys in turn to find the right decryption key. This option forces the
behaviour as used by anonymous recipients (created by using behaviour as used by anonymous recipients (created by using
@option{--throw-keyids}) and might come handy in case where an encrypted @option{--throw-keyids}) and might come handy in case where an encrypted
message contains a bogus key ID. message contains a bogus key ID.
@item --skip-hidden-recipients
@itemx --no-skip-hidden-recipients
@opindex skip-hidden-recipients
@opindex no-skip-hidden-recipients
During decryption skip all anonymous recipients. This option helps in
the case that people use the hidden recipients feature to hide there
own encrypt-to key from others. If oneself has many secret keys this
may lead to a major annoyance because all keys are tried in turn to
decrypt soemthing which was not really intended for it. The drawback
of this option is that it is currently not possible to decrypt a
message which includes real anonymous recipients.
@end table @end table

10
g10/ChangeLog
View File

@ -1,3 +1,13 @@
2009-11-23 Werner Koch <wk@g10code.com>
* gpg.c (gpgconf_list): Add key "default_pubkey_algo".
2009-11-18 Werner Koch <wk@g10code.com>
* gpg.c: Add option --skip-hidden-recipients and no- variant.
* options.h (struct opt): Add field SKIP_HIDDEN_RECIPIENTS.
* pubkey-enc.c (get_session_key): Implement that option.
2009-11-04 Werner Koch <wk@g10code.com> 2009-11-04 Werner Koch <wk@g10code.com>
* server.c (register_commands): Add NULL arg to * server.c (register_commands): Add NULL arg to

13
g10/gpg.c
View File

@ -233,6 +233,8 @@ enum cmd_and_opt_values
oWithSigList, oWithSigList,
oWithSigCheck, oWithSigCheck,
oSkipVerify, oSkipVerify,
oSkipHiddenRecipients,
oNoSkipHiddenRecipients,
oCompressKeys, oCompressKeys,
oCompressSigs, oCompressSigs,
oAlwaysTrust, oAlwaysTrust,
@ -626,6 +628,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (aListSigs, "list-sig", "@"), /* alias */ ARGPARSE_s_n (aListSigs, "list-sig", "@"), /* alias */
ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */ ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"), ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
ARGPARSE_s_n (oCompressKeys, "compress-keys", "@"), ARGPARSE_s_n (oCompressKeys, "compress-keys", "@"),
ARGPARSE_s_n (oCompressSigs, "compress-sigs", "@"), ARGPARSE_s_n (oCompressSigs, "compress-sigs", "@"),
ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */ ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
@ -1586,6 +1590,11 @@ gpgconf_list (const char *configfile)
printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT); printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
printf ("group:%lu:\n", GC_OPT_FLAG_NONE); printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
/* The next one is an info only item and should match what
keygen:ask_keysize actually implements. */
printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
"RSA-2048");
xfree (configfile_esc); xfree (configfile_esc);
} }
@ -2315,6 +2324,10 @@ main (int argc, char **argv)
case oWithSigList: opt.list_sigs = 1; break; case oWithSigList: opt.list_sigs = 1; break;
case oSkipVerify: opt.skip_verify=1; break; case oSkipVerify: opt.skip_verify=1; break;
case oSkipHiddenRecipients: opt.skip_hidden_recipients = 1; break;
case oNoSkipHiddenRecipients: opt.skip_hidden_recipients = 0; break;
case oCompressKeys: opt.compress_keys = 1; break; case oCompressKeys: opt.compress_keys = 1; break;
case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break; case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
/* There are many programs (like mutt) that call gpg with /* There are many programs (like mutt) that call gpg with

2
g10/keygen.c
View File

@ -1765,6 +1765,8 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage)
static unsigned static unsigned
ask_keysize (int algo, unsigned int primary_keysize) ask_keysize (int algo, unsigned int primary_keysize)
{ {
/* NOTE: If you change the default key size/algo, remember to change
it also in gpgconf.c:gpgconf_list. */
unsigned int nbits, min, def=2048, max=4096; unsigned int nbits, min, def=2048, max=4096;
int for_subkey = !!primary_keysize; int for_subkey = !!primary_keysize;
int autocomp = 0; int autocomp = 0;

1
g10/options.h
View File

@ -94,6 +94,7 @@ struct
char *lc_messages; char *lc_messages;
int skip_verify; int skip_verify;
int skip_hidden_recipients;
int compress_keys; int compress_keys;
int compress_sigs; int compress_sigs;
/* TM_CLASSIC must be zero to accomodate trustdbs generated before /* TM_CLASSIC must be zero to accomodate trustdbs generated before

2
g10/pubkey-enc.c
View File

@ -85,6 +85,8 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
if( !(rc = get_seckey( sk, k->keyid )) ) if( !(rc = get_seckey( sk, k->keyid )) )
rc = get_it( k, dek, sk, k->keyid ); rc = get_it( k, dek, sk, k->keyid );
} }
else if (opt.skip_hidden_recipients)
rc = gpg_error (GPG_ERR_NO_SECKEY);
else { /* anonymous receiver: Try all available secret keys */ else { /* anonymous receiver: Try all available secret keys */
void *enum_context = NULL; void *enum_context = NULL;
u32 keyid[2]; u32 keyid[2];

4
sm/ChangeLog
View File

@ -1,3 +1,7 @@
2009-11-23 Werner Koch <wk@g10code.com>
* gpgsm.c (main) <aGpgConfList>: Add key "default_pubkey_algo".
2009-11-10 Marcus Brinkmann <marcus@g10code.de> 2009-11-10 Marcus Brinkmann <marcus@g10code.de>
* server.c (cmd_getauditlog): Don't dup FD for es_fdopen_nc as * server.c (cmd_getauditlog): Don't dup FD for es_fdopen_nc as

3
sm/certreqgen.c
View File

@ -475,7 +475,8 @@ proc_parameters (ctrl_t ctrl,
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
/* Check the keylength. */ /* Check the keylength. NOTE: If you change this make sure that it
macthes the gpgconflist item in gpgsm.c */
if (!get_parameter (para, pKEYLENGTH, 0)) if (!get_parameter (para, pKEYLENGTH, 0))
nbits = 2048; nbits = 2048;
else else

5
sm/gpgsm.c
View File

@ -1634,6 +1634,11 @@ main ( int argc, char **argv)
printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_DEFAULT); printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_DEFAULT);
printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE); printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
/* The next one is an info only item and should match what
proc_parameters actually implements. */
printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
"RSA-2048");
} }
break; break;
case aGPGConfTest: case aGPGConfTest:

4
tools/ChangeLog
View File

@ -1,3 +1,7 @@
2009-11-23 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gc_options_gpg): Add default_pubkey_algo.
2009-11-05 Marcus Brinkmann <marcus@g10code.de> 2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (start_agent): Update use of * gpg-connect-agent.c (start_agent): Update use of

11
tools/gpgconf-comp.c
View File

@ -667,6 +667,11 @@ static gc_option_t gc_options_gpg[] =
{ "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT, { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
"gnupg", "|FILE|read options from FILE", "gnupg", "|FILE|read options from FILE",
GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG }, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
{ "default_pubkey_algo",
(GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
NULL, NULL,
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
{ "Debug", { "Debug",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
@ -695,6 +700,8 @@ static gc_option_t gc_options_gpg[] =
GC_ARG_TYPE_STRING, GC_BACKEND_GPG }, GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
GC_OPTION_NULL GC_OPTION_NULL
}; };
@ -744,6 +751,10 @@ static gc_option_t gc_options_gpgsm[] =
{ "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC, { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
"gnupg", N_("|SPEC|use this keyserver to lookup keys"), "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM }, GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
{ "default_pubkey_algo",
(GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
NULL, NULL,
GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
{ "Debug", { "Debug",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,