mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg: Protect against rogue keyservers sending secret keys.
* g10/options.h (IMPORT_NO_SECKEY): New. * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new flag. * g10/import.c (import_secret_one): Deny import if flag is set. -- By modifying a keyserver or a DNS record to send a secret key, an attacker could trick a user into signing using a different key and user id. The trust model should protect against such rogue keys but we better make sure that secret keys are never received from remote sources. Suggested-by: Stefan Tomanek Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
dd868acb0d
commit
e7abed3448
3 changed files with 22 additions and 10 deletions
|
@ -1195,6 +1195,12 @@ import_secret_one( const char *fname, KBNODE keyblock,
|
|||
}
|
||||
stats->secret_read++;
|
||||
|
||||
if ((options & IMPORT_NO_SECKEY))
|
||||
{
|
||||
log_error (_("importing secret keys not allowed\n"));
|
||||
return 0;
|
||||
}
|
||||
|
||||
if( !uidnode )
|
||||
{
|
||||
log_error( _("key %s: no user ID\n"), keystr_from_sk(sk));
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue