gpg: Add option --allow-weak-key-signatures.

* g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2019-11-07 10:36:17 +01:00 · 2019-11-07 10:36:17 +01:00 · e624c41dba
commit e624c41dba
parent f4047f5605
6 changed files with 45 additions and 6 deletions
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -414,6 +414,7 @@ enum cmd_and_opt_values
    oEnableDSA2,
    oDisableDSA2,
    oAllowWeakDigestAlgos,
+    oAllowWeakKeySignatures,
    oFakedSystemTime,
    oNoAutostart,
    oPrintPKARecords,
@ -902,6 +903,9 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oNoSymkeyCache, "no-symkey-cache", "@"),
  ARGPARSE_s_n (oUseKeyboxd,    "use-keyboxd", "@"),

+  /* Options to override new security defaults.  */
+  ARGPARSE_s_n (oAllowWeakKeySignatures, "allow-weak-key-signatures", "@"),
+
  /* Options which can be used in special circumstances. They are not
   * published and we hope they are never required.  */
  ARGPARSE_s_n (oUseOnlyOpenPGPCard, "use-only-openpgp-card", "@"),
@ -3639,6 +3643,10 @@ main (int argc, char **argv)
            opt.flags.allow_weak_digest_algos = 1;
            break;

+          case oAllowWeakKeySignatures:
+            opt.flags.allow_weak_key_signatures = 1;
+            break;
+
          case oFakedSystemTime:
            {
              size_t len = strlen (pargs.r.ret_str);