security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-23 20:08:04 +01:00
Code Activity

New option --allow-secret-key-import

Browse Source
This commit is contained in:
Werner Koch 2000-12-07 10:55:10 +00:00
parent bb1bab488f
commit ed33264fe2
7 changed files with 43 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -8,6 +8,9 @@
! and make sure that they don't pipe the signed material to stdin ! ! and make sure that they don't pipe the signed material to stdin !
! without using a filename and "-" on the the command line. ! ! without using a filename and "-" on the the command line. !
* Secret keys are no longer imported unless you use the new option
--allow-secret-key-import.
* Support for the gpg-agent from gpg 1.1 * Support for the gpg-agent from gpg 1.1
* Better LFS support. * Better LFS support.

1
THANKS
View File

@ -42,6 +42,7 @@ Enzo Michelangeli em@MailAndNews.com
Ernst Molitor ernst.molitor@uni-bonn.de Ernst Molitor ernst.molitor@uni-bonn.de
Fabio Coatti cova@ferrara.linux.it Fabio Coatti cova@ferrara.linux.it
Felix von Leitner leitner@amdiv.de Felix von Leitner leitner@amdiv.de
Florian Weimer Florian.Weimer@rus.uni-stuttgart.de
Frank Donahoe fdonahoe@wilkes1.wilkes.edu Frank Donahoe fdonahoe@wilkes1.wilkes.edu
Frank Heckenbach heckenb@mi.uni-erlangen.de Frank Heckenbach heckenb@mi.uni-erlangen.de
Frank Stajano frank.stajano@cl.cam.ac.uk Frank Stajano frank.stajano@cl.cam.ac.uk

9
doc/gpg.sgml
View File

@ -479,6 +479,7 @@ command --update-trustdb.
There are a few other options which control how this command works. There are a few other options which control how this command works.
Most notable here is the --merge-only options which does not insert new keys Most notable here is the --merge-only options which does not insert new keys
but does only the merging of new signatures, user-IDs and subkeys. but does only the merging of new signatures, user-IDs and subkeys.
See also the option --allow-secret-key-import.
</para></listitem></varlistentry> </para></listitem></varlistentry>
@ -1404,6 +1405,14 @@ handing out the secret key.
Don't insert new keys into the keyrings while doing an import. Don't insert new keys into the keyrings while doing an import.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry>
<term>--allow-secret-key-import</term>
<listitem><para>
Allow import of secret keys. The import command normally skips secret
keys because a secret key can otherwise be used to attack the trust
calculation.
</para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--try-all-secrets</term> <term>--try-all-secrets</term>
<listitem><para> <listitem><para>

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2000-12-07 Werner Koch <wk@gnupg.org>
* g10.c: New option --allow-secret-key-import.
* import.c (import_keys,import_keys_stream): Honor this option.
(import): New arg allow_secret and pass that arg down to ...
(import_secret_one): to this and print a warnign if secret key
importing is not allowed.
2000-12-05 Werner Koch <wk@gnupg.org> 2000-12-05 Werner Koch <wk@gnupg.org>
* cipher.c (cipher_filter): Moved the end_encryption status ... * cipher.c (cipher_filter): Moved the end_encryption status ...

3
g10/g10.c
View File

@ -183,6 +183,7 @@ enum cmd_and_opt_values { aNull = 0,
oDisablePubkeyAlgo, oDisablePubkeyAlgo,
oAllowNonSelfsignedUID, oAllowNonSelfsignedUID,
oAllowFreeformUID, oAllowFreeformUID,
oAllowSecretKeyImport,
oEnableSpecialFilenames, oEnableSpecialFilenames,
oNoLiteral, oNoLiteral,
oSetFilesize, oSetFilesize,
@ -389,6 +390,7 @@ static ARGPARSE_OPTS opts[] = {
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" }, { oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
{ oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" }, { oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" },
{ oMergeOnly, "merge-only", 0, "@" }, { oMergeOnly, "merge-only", 0, "@" },
{ oAllowSecretKeyImport, "allow-secret-key-import", 0, "@" },
{ oTryAllSecrets, "try-all-secrets", 0, "@" }, { oTryAllSecrets, "try-all-secrets", 0, "@" },
{ oEnableSpecialFilenames, "enable-special-filenames", 0, "@" }, { oEnableSpecialFilenames, "enable-special-filenames", 0, "@" },
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"}, { oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
@ -954,6 +956,7 @@ main( int argc, char **argv )
opt.override_session_key = pargs.r.ret_str; opt.override_session_key = pargs.r.ret_str;
break; break;
case oMergeOnly: opt.merge_only = 1; break; case oMergeOnly: opt.merge_only = 1; break;
case oAllowSecretKeyImport: opt.allow_secret_key_import = 1; break;
case oTryAllSecrets: opt.try_all_secrets = 1; break; case oTryAllSecrets: opt.try_all_secrets = 1; break;
case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break; case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
case oEnableSpecialFilenames: case oEnableSpecialFilenames:

24
g10/import.c
View File

@ -54,11 +54,11 @@ static struct {
} stats; } stats;
static int import( IOBUF inp, int fast, const char* fname ); static int import( IOBUF inp, int fast, const char* fname, int allow_secret );
static void print_stats(void); static void print_stats(void);
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
static int import_one( const char *fname, KBNODE keyblock, int fast ); static int import_one( const char *fname, KBNODE keyblock, int fast );
static int import_secret_one( const char *fname, KBNODE keyblock ); static int import_secret_one( const char *fname, KBNODE keyblock, int allow );
static int import_revoke_cert( const char *fname, KBNODE node ); static int import_revoke_cert( const char *fname, KBNODE node );
static int chk_self_sigs( const char *fname, KBNODE keyblock, static int chk_self_sigs( const char *fname, KBNODE keyblock,
PKT_public_key *pk, u32 *keyid ); PKT_public_key *pk, u32 *keyid );
@ -127,7 +127,7 @@ import_keys( char **fnames, int nnames, int fast )
if( !inp ) if( !inp )
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) ); log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
else { else {
int rc = import( inp, fast, fname ); int rc = import( inp, fast, fname, opt.allow_secret_key_import );
iobuf_close(inp); iobuf_close(inp);
if( rc ) if( rc )
log_error("import from `%s' failed: %s\n", fname, log_error("import from `%s' failed: %s\n", fname,
@ -148,7 +148,7 @@ import_keys_stream( IOBUF inp, int fast )
/* fixme: don't use static variables */ /* fixme: don't use static variables */
memset( &stats, 0, sizeof( stats ) ); memset( &stats, 0, sizeof( stats ) );
rc = import( inp, fast, "[stream]" ); rc = import( inp, fast, "[stream]", opt.allow_secret_key_import );
print_stats(); print_stats();
if( !fast ) if( !fast )
sync_trustdb(); sync_trustdb();
@ -156,7 +156,7 @@ import_keys_stream( IOBUF inp, int fast )
} }
static int static int
import( IOBUF inp, int fast, const char* fname ) import( IOBUF inp, int fast, const char* fname, int allow_secret )
{ {
PACKET *pending_pkt = NULL; PACKET *pending_pkt = NULL;
KBNODE keyblock; KBNODE keyblock;
@ -174,7 +174,7 @@ import( IOBUF inp, int fast, const char* fname )
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
rc = import_one( fname, keyblock, fast ); rc = import_one( fname, keyblock, fast );
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY ) else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
rc = import_secret_one( fname, keyblock ); rc = import_secret_one( fname, keyblock, allow_secret );
else if( keyblock->pkt->pkttype == PKT_SIGNATURE else if( keyblock->pkt->pkttype == PKT_SIGNATURE
&& keyblock->pkt->pkt.signature->sig_class == 0x20 ) && keyblock->pkt->pkt.signature->sig_class == 0x20 )
rc = import_revoke_cert( fname, keyblock ); rc = import_revoke_cert( fname, keyblock );
@ -556,9 +556,12 @@ import_one( const char *fname, KBNODE keyblock, int fast )
/**************** /****************
* Ditto for secret keys. Handling is simpler than for public keys. * Ditto for secret keys. Handling is simpler than for public keys.
* We allow secret key importing only when allow is true, this is so
* that a secret key can not be imported accidently and thereby tampering
* with the trust calculation.
*/ */
static int static int
import_secret_one( const char *fname, KBNODE keyblock ) import_secret_one( const char *fname, KBNODE keyblock, int allow )
{ {
PKT_secret_key *sk; PKT_secret_key *sk;
KBNODE node, uidnode; KBNODE node, uidnode;
@ -586,6 +589,13 @@ import_secret_one( const char *fname, KBNODE keyblock )
putc('\n', stderr); putc('\n', stderr);
} }
stats.secret_read++; stats.secret_read++;
if (!allow) {
log_info ( _("secret key %08lX not imported "
"(use %s to allow for it)\n"),
(ulong)keyid[1], "--allow-secret-key-import");
return 0;
}
if( !uidnode ) { if( !uidnode ) {
log_error( _("key %08lX: no user ID\n"), (ulong)keyid[1]); log_error( _("key %08lX: no user ID\n"), (ulong)keyid[1]);
return 0; return 0;

1
g10/options.h
View File

@ -97,6 +97,7 @@ struct {
int show_session_key; int show_session_key;
int use_agent; int use_agent;
int merge_only; int merge_only;
int allow_secret_key_import;
int try_all_secrets; int try_all_secrets;
} opt; } opt;