mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode. This is basically identical to --pgp7 in all ways except that signing subkeys, v4 data sigs (including expiration), and SK comments are allowed. * getkey.c (finish_lookup): Comment. * main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder user ID display in the --edit-key menu to match that of the --list-keys display. * g10.c (add_notation_data): Fix initialization.
This commit is contained in:
parent
768ded7c03
commit
e357092285
@ -1,3 +1,19 @@
|
|||||||
|
2002-12-03 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
|
||||||
|
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8
|
||||||
|
mode. This is basically identical to --pgp7 in all ways except
|
||||||
|
that signing subkeys, v4 data sigs (including expiration), and SK
|
||||||
|
comments are allowed.
|
||||||
|
|
||||||
|
* getkey.c (finish_lookup): Comment.
|
||||||
|
|
||||||
|
* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu):
|
||||||
|
Reorder user ID display in the --edit-key menu to match that of
|
||||||
|
the --list-keys display.
|
||||||
|
|
||||||
|
* g10.c (add_notation_data): Fix initialization.
|
||||||
|
|
||||||
2002-12-01 David Shaw <dshaw@jabberwocky.com>
|
2002-12-01 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* keyedit.c (menu_expire): Don't lose key flags when changing the
|
* keyedit.c (menu_expire): Don't lose key flags when changing the
|
||||||
|
@ -708,16 +708,16 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
|
|||||||
keyid_from_pk( pk, enc->keyid );
|
keyid_from_pk( pk, enc->keyid );
|
||||||
enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));
|
enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));
|
||||||
|
|
||||||
if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7))
|
if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7 || opt.pgp8))
|
||||||
{
|
{
|
||||||
log_info(_("you may not use %s while in %s mode\n"),
|
log_info(_("you may not use %s while in %s mode\n"),
|
||||||
"--throw-keyid",
|
"--throw-keyid",
|
||||||
opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":"--pgp7");
|
opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
|
||||||
|
|
||||||
log_info(_("this message may not be usable by %s\n"),
|
log_info(_("this message may not be usable by %s\n"),
|
||||||
opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":"PGP 7.x");
|
opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":opt.pgp7?"PGP 7.x":"PGP 8.x");
|
||||||
|
|
||||||
opt.pgp2=opt.pgp6=opt.pgp7=0;
|
opt.pgp2=opt.pgp6=opt.pgp7=opt.pgp8=0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Okay, what's going on: We have the session key somewhere in
|
/* Okay, what's going on: We have the session key somewhere in
|
||||||
|
36
g10/g10.c
36
g10/g10.c
@ -175,6 +175,8 @@ enum cmd_and_opt_values { aNull = 0,
|
|||||||
oNoPGP6,
|
oNoPGP6,
|
||||||
oPGP7,
|
oPGP7,
|
||||||
oNoPGP7,
|
oNoPGP7,
|
||||||
|
oPGP8,
|
||||||
|
oNoPGP8,
|
||||||
oCipherAlgo,
|
oCipherAlgo,
|
||||||
oDigestAlgo,
|
oDigestAlgo,
|
||||||
oCertDigestAlgo,
|
oCertDigestAlgo,
|
||||||
@ -458,6 +460,8 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
{ oNoPGP6, "no-pgp6", 0, "@"},
|
{ oNoPGP6, "no-pgp6", 0, "@"},
|
||||||
{ oPGP7, "pgp7", 0, "@"},
|
{ oPGP7, "pgp7", 0, "@"},
|
||||||
{ oNoPGP7, "no-pgp7", 0, "@"},
|
{ oNoPGP7, "no-pgp7", 0, "@"},
|
||||||
|
{ oPGP8, "pgp8", 0, "@"},
|
||||||
|
{ oNoPGP8, "no-pgp8", 0, "@"},
|
||||||
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
|
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
|
||||||
{ oS2KDigest, "s2k-digest-algo",2,
|
{ oS2KDigest, "s2k-digest-algo",2,
|
||||||
N_("|NAME|use message digest algorithm NAME for passphrases")},
|
N_("|NAME|use message digest algorithm NAME for passphrases")},
|
||||||
@ -1526,6 +1530,8 @@ main( int argc, char **argv )
|
|||||||
case oNoPGP6: opt.pgp6 = 0; break;
|
case oNoPGP6: opt.pgp6 = 0; break;
|
||||||
case oPGP7: opt.pgp7 = 1; break;
|
case oPGP7: opt.pgp7 = 1; break;
|
||||||
case oNoPGP7: opt.pgp7 = 0; break;
|
case oNoPGP7: opt.pgp7 = 0; break;
|
||||||
|
case oPGP8: opt.pgp8 = 1; break;
|
||||||
|
case oNoPGP8: opt.pgp8 = 0; break;
|
||||||
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
|
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
|
||||||
case oCompressSigs: opt.compress_sigs = 1; break;
|
case oCompressSigs: opt.compress_sigs = 1; break;
|
||||||
case oRunAsShmCP:
|
case oRunAsShmCP:
|
||||||
@ -1846,9 +1852,9 @@ main( int argc, char **argv )
|
|||||||
set_debug();
|
set_debug();
|
||||||
|
|
||||||
/* Do these after the switch(), so they can override settings. */
|
/* Do these after the switch(), so they can override settings. */
|
||||||
if(opt.pgp2 && (opt.pgp6 || opt.pgp7))
|
if(opt.pgp2 && (opt.pgp6 || opt.pgp7 || opt.pgp8))
|
||||||
log_error(_("%s not allowed with %s!\n"),
|
log_error(_("%s not allowed with %s!\n"),
|
||||||
"--pgp2",opt.pgp6?"--pgp6":"--pgp7");
|
"--pgp2",opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if(opt.pgp2)
|
if(opt.pgp2)
|
||||||
@ -1929,20 +1935,28 @@ main( int argc, char **argv )
|
|||||||
opt.def_compress_algo = 1;
|
opt.def_compress_algo = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if(opt.pgp6)
|
||||||
if(opt.pgp6 || opt.pgp7)
|
|
||||||
{
|
{
|
||||||
opt.sk_comments=0;
|
opt.sk_comments=0;
|
||||||
opt.escape_from=1;
|
opt.escape_from=1;
|
||||||
opt.force_v3_sigs=1;
|
opt.force_v3_sigs=1;
|
||||||
opt.ask_sig_expire=0;
|
opt.ask_sig_expire=0;
|
||||||
opt.def_compress_algo=1;
|
opt.def_compress_algo=1;
|
||||||
|
opt.force_mdc=0;
|
||||||
if(opt.pgp6) /* pgp7 has MDC */
|
opt.disable_mdc=1;
|
||||||
{
|
}
|
||||||
opt.force_mdc=0;
|
else if(opt.pgp7)
|
||||||
opt.disable_mdc=1;
|
{
|
||||||
}
|
opt.sk_comments=0;
|
||||||
|
opt.escape_from=1;
|
||||||
|
opt.force_v3_sigs=1;
|
||||||
|
opt.ask_sig_expire=0;
|
||||||
|
opt.def_compress_algo=1;
|
||||||
|
}
|
||||||
|
else if(opt.pgp8)
|
||||||
|
{
|
||||||
|
opt.escape_from=1;
|
||||||
|
opt.def_compress_algo=1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2830,7 +2844,7 @@ add_notation_data( const char *string, int which )
|
|||||||
for( s=string ; *s != '='; s++ )
|
for( s=string ; *s != '='; s++ )
|
||||||
{
|
{
|
||||||
if( *s=='@')
|
if( *s=='@')
|
||||||
saw_at=0;
|
saw_at=1;
|
||||||
|
|
||||||
if( !*s || (*s & 0x80) || (!isgraph(*s) && !isspace(*s)) )
|
if( !*s || (*s & 0x80) || (!isgraph(*s) && !isspace(*s)) )
|
||||||
{
|
{
|
||||||
|
@ -2056,7 +2056,8 @@ finish_lookup (GETKEY_CTX ctx)
|
|||||||
unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
|
unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
|
||||||
/* Request the primary if we're certifying another key, and also
|
/* Request the primary if we're certifying another key, and also
|
||||||
if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
|
if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
|
||||||
do not understand signatures made by a signing subkey. */
|
do not understand signatures made by a signing subkey. PGP 8
|
||||||
|
does. */
|
||||||
int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
|
int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
|
||||||
((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
|
((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
|
||||||
u32 latest_date;
|
u32 latest_date;
|
||||||
|
@ -1112,6 +1112,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
|||||||
modified++;
|
modified++;
|
||||||
if( collapse_uids( &keyblock ) )
|
if( collapse_uids( &keyblock ) )
|
||||||
modified++;
|
modified++;
|
||||||
|
reorder_keyblock(keyblock);
|
||||||
|
|
||||||
if( !sign_mode ) {/* see whether we have a matching secret key */
|
if( !sign_mode ) {/* see whether we have a matching secret key */
|
||||||
PKT_public_key *pk = keyblock->pkt->pkt.public_key;
|
PKT_public_key *pk = keyblock->pkt->pkt.public_key;
|
||||||
|
@ -955,7 +955,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
|||||||
* Reorder the keyblock so that the primary user ID (and not attribute
|
* Reorder the keyblock so that the primary user ID (and not attribute
|
||||||
* packet) comes first. Fixme: Replace this by a generic sort
|
* packet) comes first. Fixme: Replace this by a generic sort
|
||||||
* function. */
|
* function. */
|
||||||
static void
|
void
|
||||||
reorder_keyblock (KBNODE keyblock)
|
reorder_keyblock (KBNODE keyblock)
|
||||||
{
|
{
|
||||||
KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
|
KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
|
||||||
|
@ -204,6 +204,7 @@ void release_revocation_reason_info( struct revocation_reason_info *reason );
|
|||||||
/*-- keylist.c --*/
|
/*-- keylist.c --*/
|
||||||
void public_key_list( STRLIST list );
|
void public_key_list( STRLIST list );
|
||||||
void secret_key_list( STRLIST list );
|
void secret_key_list( STRLIST list );
|
||||||
|
void reorder_keyblock (KBNODE keyblock);
|
||||||
void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
|
void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
|
||||||
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
|
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
|
||||||
void show_policy_url(PKT_signature *sig,int indent);
|
void show_policy_url(PKT_signature *sig,int indent);
|
||||||
|
@ -92,8 +92,8 @@ struct {
|
|||||||
unsigned int force_ownertrust;
|
unsigned int force_ownertrust;
|
||||||
int pgp2;
|
int pgp2;
|
||||||
int pgp6;
|
int pgp6;
|
||||||
int pgp7; /* if we get any more of these, it's time to look at a
|
int pgp7;
|
||||||
special emulate_pgp variable... */
|
int pgp8;
|
||||||
int rfc1991;
|
int rfc1991;
|
||||||
int rfc2440;
|
int rfc2440;
|
||||||
int pgp2_workarounds;
|
int pgp2_workarounds;
|
||||||
|
@ -1103,19 +1103,20 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
|
|||||||
|
|
||||||
/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
|
/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
|
||||||
CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
|
CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
|
||||||
and all compressions except none (0) and ZIP (1). pgp7 mode
|
and all compressions except none (0) and ZIP (1). pgp7 and pgp8
|
||||||
expands the cipher list to include AES128 (7), AES192 (8), AES256
|
mode expands the cipher list to include AES128 (7), AES192 (8),
|
||||||
(9), and TWOFISH (10). For a true PGP key all of this is unneeded
|
AES256 (9), and TWOFISH (10). For a true PGP key all of this is
|
||||||
as they are the only items present in the preferences subpacket,
|
unneeded as they are the only items present in the preferences
|
||||||
but checking here covers the weird case of encrypting to a key that
|
subpacket, but checking here covers the weird case of encrypting to
|
||||||
had preferences from a different implementation which was then used
|
a key that had preferences from a different implementation which
|
||||||
with PGP. I am not completely comfortable with this as the right
|
was then used with PGP. I am not completely comfortable with this
|
||||||
thing to do, as it slightly alters the list of what the user is
|
as the right thing to do, as it slightly alters the list of what
|
||||||
supposedly requesting. It is not against the RFC however, as the
|
the user is supposedly requesting. It is not against the RFC
|
||||||
preference chosen will never be one that the user didn't specify
|
however, as the preference chosen will never be one that the user
|
||||||
somewhere ("The implementation may use any mechanism to pick an
|
didn't specify somewhere ("The implementation may use any mechanism
|
||||||
algorithm in the intersection"), and PGP has no mechanism to fix
|
to pick an algorithm in the intersection"), and PGP has no
|
||||||
such a broken preference list, so I'm including it. -dms */
|
mechanism to fix such a broken preference list, so I'm including
|
||||||
|
it. -dms */
|
||||||
|
|
||||||
static int
|
static int
|
||||||
algo_available( int preftype, int algo, void *hint )
|
algo_available( int preftype, int algo, void *hint )
|
||||||
@ -1124,8 +1125,9 @@ algo_available( int preftype, int algo, void *hint )
|
|||||||
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
|
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if( opt.pgp7 && (algo != 1 && algo != 2 && algo != 3 &&
|
if( (opt.pgp7 || opt.pgp8)
|
||||||
algo != 7 && algo != 8 && algo != 9 && algo != 10) )
|
&& (algo != 1 && algo != 2 && algo != 3
|
||||||
|
&& algo != 7 && algo != 8 && algo != 9 && algo != 10) )
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return algo && !check_cipher_algo( algo );
|
return algo && !check_cipher_algo( algo );
|
||||||
@ -1139,13 +1141,15 @@ algo_available( int preftype, int algo, void *hint )
|
|||||||
if(bits && (bits != md_digest_length(algo)))
|
if(bits && (bits != md_digest_length(algo)))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if( (opt.pgp6 || opt.pgp7 ) && ( algo != 1 && algo != 2 && algo != 3) )
|
if( (opt.pgp6 || opt.pgp7 || opt.pgp8 )
|
||||||
|
&& ( algo != 1 && algo != 2 && algo != 3) )
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return algo && !check_digest_algo( algo );
|
return algo && !check_digest_algo( algo );
|
||||||
}
|
}
|
||||||
else if( preftype == PREFTYPE_ZIP ) {
|
else if( preftype == PREFTYPE_ZIP ) {
|
||||||
if ( ( opt.pgp6 || opt.pgp7 ) && ( algo !=0 && algo != 1) )
|
if ( ( opt.pgp6 || opt.pgp7 || opt.pgp8 )
|
||||||
|
&& ( algo !=0 && algo != 1) )
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return !check_compress_algo( algo );
|
return !check_compress_algo( algo );
|
||||||
|
@ -521,7 +521,7 @@ gen_revoke( const char *uname )
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(opt.pgp2 || opt.pgp6 || opt.pgp7)
|
if(opt.pgp2 || opt.pgp6 || opt.pgp7 | opt.pgp8)
|
||||||
{
|
{
|
||||||
/* Use a minimal pk for PGPx mode, since PGP can't import bare
|
/* Use a minimal pk for PGPx mode, since PGP can't import bare
|
||||||
revocation certificates. */
|
revocation certificates. */
|
||||||
|
Loading…
x
Reference in New Issue
Block a user