1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00

* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),

pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode.  This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.

* getkey.c (finish_lookup): Comment.
This commit is contained in:
David Shaw 2002-12-03 23:09:20 +00:00
parent 33783a41a4
commit dc70beb88f
7 changed files with 63 additions and 35 deletions

View File

@ -1,5 +1,13 @@
2002-12-03 David Shaw <dshaw@jabberwocky.com>
* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8
mode. This is basically identical to --pgp7 in all ways except
that signing subkeys, v4 data sigs (including expiration), and SK
comments are allowed.
* getkey.c (finish_lookup): Comment.
* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu):
Reorder user ID display in the --edit-key menu to match that of
the --list-keys display.

View File

@ -709,16 +709,16 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
keyid_from_pk( pk, enc->keyid );
enc->throw_keyid = opt.throw_keyid;
if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7))
if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7 || opt.pgp8))
{
log_info(_("you may not use %s while in %s mode\n"),
"--throw-keyid",
opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":"--pgp7");
opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
log_info(_("this message may not be usable by %s\n"),
opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":"PGP 7.x");
opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":opt.pgp7?"PGP 7.x":"PGP 8.x");
opt.pgp2=opt.pgp6=opt.pgp7=0;
opt.pgp2=opt.pgp6=opt.pgp7=opt.pgp8=0;
}
/* Okay, what's going on: We have the session key somewhere in

View File

@ -172,6 +172,8 @@ enum cmd_and_opt_values { aNull = 0,
oNoPGP6,
oPGP7,
oNoPGP7,
oPGP8,
oNoPGP8,
oCipherAlgo,
oDigestAlgo,
oCertDigestAlgo,
@ -449,6 +451,8 @@ static ARGPARSE_OPTS opts[] = {
{ oNoPGP6, "no-pgp6", 0, "@"},
{ oPGP7, "pgp7", 0, "@"},
{ oNoPGP7, "no-pgp7", 0, "@"},
{ oPGP8, "pgp8", 0, "@"},
{ oNoPGP8, "no-pgp8", 0, "@"},
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
{ oS2KDigest, "s2k-digest-algo",2,
N_("|NAME|use message digest algorithm NAME for passphrases")},
@ -1457,6 +1461,8 @@ main( int argc, char **argv )
case oNoPGP6: opt.pgp6 = 0; break;
case oPGP7: opt.pgp7 = 1; break;
case oNoPGP7: opt.pgp7 = 0; break;
case oPGP8: opt.pgp8 = 1; break;
case oNoPGP8: opt.pgp8 = 0; break;
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
case oCompressSigs: opt.compress_sigs = 1; break;
case oRunAsShmCP:
@ -1743,9 +1749,9 @@ main( int argc, char **argv )
set_debug();
/* Do these after the switch(), so they can override settings. */
if(opt.pgp2 && (opt.pgp6 || opt.pgp7))
if(opt.pgp2 && (opt.pgp6 || opt.pgp7 || opt.pgp8))
log_error(_("%s not allowed with %s!\n"),
"--pgp2",opt.pgp6?"--pgp6":"--pgp7");
"--pgp2",opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
else
{
if(opt.pgp2)
@ -1826,20 +1832,28 @@ main( int argc, char **argv )
opt.def_compress_algo = 1;
}
}
if(opt.pgp6 || opt.pgp7)
else if(opt.pgp6)
{
opt.sk_comments=0;
opt.escape_from=1;
opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
opt.def_compress_algo=1;
if(opt.pgp6) /* pgp7 has MDC */
{
opt.force_mdc=0;
opt.disable_mdc=1;
}
opt.force_mdc=0;
opt.disable_mdc=1;
}
else if(opt.pgp7)
{
opt.sk_comments=0;
opt.escape_from=1;
opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
opt.def_compress_algo=1;
}
else if(opt.pgp8)
{
opt.escape_from=1;
opt.def_compress_algo=1;
}
}

View File

@ -2055,7 +2055,8 @@ finish_lookup (GETKEY_CTX ctx)
unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
/* Request the primary if we're certifying another key, and also
if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
do not understand signatures made by a signing subkey. */
do not understand signatures made by a signing subkey. PGP 8
does. */
int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
u32 latest_date;

View File

@ -89,10 +89,11 @@ struct {
int compress_keys;
int compress_sigs;
int always_trust;
/* TODO: change these to an emulate_pgp variable */
int pgp2;
int pgp6;
int pgp7; /* if we get any more of these, it's time to look at a
special emulate_pgp variable... */
int pgp7;
int pgp8;
int rfc1991;
int rfc2440;
int pgp2_workarounds;

View File

@ -1059,19 +1059,20 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
and all compressions except none (0) and ZIP (1). pgp7 mode
expands the cipher list to include AES128 (7), AES192 (8), AES256
(9), and TWOFISH (10). For a true PGP key all of this is unneeded
as they are the only items present in the preferences subpacket,
but checking here covers the weird case of encrypting to a key that
had preferences from a different implementation which was then used
with PGP. I am not completely comfortable with this as the right
thing to do, as it slightly alters the list of what the user is
supposedly requesting. It is not against the RFC however, as the
preference chosen will never be one that the user didn't specify
somewhere ("The implementation may use any mechanism to pick an
algorithm in the intersection"), and PGP has no mechanism to fix
such a broken preference list, so I'm including it. -dms */
and all compressions except none (0) and ZIP (1). pgp7 and pgp8
mode expands the cipher list to include AES128 (7), AES192 (8),
AES256 (9), and TWOFISH (10). For a true PGP key all of this is
unneeded as they are the only items present in the preferences
subpacket, but checking here covers the weird case of encrypting to
a key that had preferences from a different implementation which
was then used with PGP. I am not completely comfortable with this
as the right thing to do, as it slightly alters the list of what
the user is supposedly requesting. It is not against the RFC
however, as the preference chosen will never be one that the user
didn't specify somewhere ("The implementation may use any mechanism
to pick an algorithm in the intersection"), and PGP has no
mechanism to fix such a broken preference list, so I'm including
it. -dms */
static int
algo_available( int preftype, int algo, void *hint )
@ -1080,8 +1081,9 @@ algo_available( int preftype, int algo, void *hint )
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
return 0;
if( opt.pgp7 && (algo != 1 && algo != 2 && algo != 3 &&
algo != 7 && algo != 8 && algo != 9 && algo != 10) )
if( (opt.pgp7 || opt.pgp8)
&& (algo != 1 && algo != 2 && algo != 3
&& algo != 7 && algo != 8 && algo != 9 && algo != 10) )
return 0;
return algo && !check_cipher_algo( algo );
@ -1095,13 +1097,15 @@ algo_available( int preftype, int algo, void *hint )
if(bits && (bits != md_digest_length(algo)))
return 0;
if( (opt.pgp6 || opt.pgp7 ) && ( algo != 1 && algo != 2 && algo != 3) )
if( (opt.pgp6 || opt.pgp7 || opt.pgp8 )
&& ( algo != 1 && algo != 2 && algo != 3) )
return 0;
return algo && !check_digest_algo( algo );
}
else if( preftype == PREFTYPE_ZIP ) {
if ( ( opt.pgp6 || opt.pgp7 ) && ( algo !=0 && algo != 1) )
if ( ( opt.pgp6 || opt.pgp7 || opt.pgp8 )
&& ( algo !=0 && algo != 1) )
return 0;
return !check_compress_algo( algo );

View File

@ -549,7 +549,7 @@ gen_revoke( const char *uname )
goto leave;
}
if(opt.pgp2 || opt.pgp6 || opt.pgp7)
if(opt.pgp2 || opt.pgp6 || opt.pgp7 | opt.pgp8)
{
/* Use a minimal pk for PGPx mode, since PGP can't import bare
revocation certificates. */