gpg: Add option --allow-weak-key-signatures.

* g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2019-11-07 10:36:17 +01:00 · 2019-11-07 10:36:17 +01:00 · e624c41dba
commit e624c41dba
parent f4047f5605
6 changed files with 45 additions and 6 deletions
--- a/g10/misc.c
+++ b/g10/misc.c
@ -362,6 +362,24 @@ print_digest_rejected_note (enum gcry_md_algos algo)
 }


+void
+print_sha1_keysig_rejected_note (void)
+{
+  static int shown;
+
+  if (shown)
+    return;
+
+  shown = 1;
+  es_fflush (es_stdout);
+  log_info (_("Note: third-party key signatures using"
+              " the %s algorithm are rejected\n"),
+            gcry_md_algo_name (GCRY_MD_SHA1));
+  print_further_info ("use option \"%s\" to override",
+                      "--allow-weak-key-signatures");
+}
+
+
 /* Print a message
 *  "(reported error: %s)\n
 * in verbose mode to further explain an error.  If the error code has