gpgv: Tweak default options for extra security.

* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on cached status. Similarly, set opt.flags.require_cross_cert for backsig validation for subkey signature. -- It is common that an organization distributes binary keyrings with signature cache (Tag 12, Trust Packet) and people use gpgv to validate signature with such keyrings. In such a use case, it is possible that the key validation itself is skipped. For the purpose of gpgv validation of signatures, we should not depend on signature cache in keyrings (if any), but we should validate the key by its self signature for primary key, and back signature for subkey. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-03-23 21:59:57 +01:00 · 2016-07-09 10:20:02 +09:00 · 2016-07-09 10:20:02 +09:00 · e32c575e0f
commit e32c575e0f
parent cbe467e794
1 changed files with 2 additions and 0 deletions
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@ -167,6 +167,8 @@ main( int argc, char **argv )
  opt.command_fd = -1; /* no command fd */
  opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE;
  opt.trust_model = TM_ALWAYS;
+  opt.no_sig_cache = 1;
+  opt.flags.require_cross_cert = 1;
  opt.batch = 1;

  opt.weak_digests = NULL;