mirror of
git://git.gnupg.org/gnupg.git
synced 2025-02-22 19:58:29 +01:00
New option --allow-secret-key-import
This commit is contained in:
Werner Koch
parent
bb1bab488f
commit
ed33264fe2
3
NEWS
3
NEWS
@ -8,6 +8,9 @@
|
||||
! and make sure that they don't pipe the signed material to stdin !
|
||||
! without using a filename and "-" on the the command line. !
|
||||
|
||||
* Secret keys are no longer imported unless you use the new option
|
||||
--allow-secret-key-import.
|
||||
|
||||
* Support for the gpg-agent from gpg 1.1
|
||||
|
||||
* Better LFS support.
|
||||
|
||||
1
THANKS
1
THANKS
@ -42,6 +42,7 @@ Enzo Michelangeli em@MailAndNews.com
|
||||
Ernst Molitor ernst.molitor@uni-bonn.de
|
||||
Fabio Coatti cova@ferrara.linux.it
|
||||
Felix von Leitner leitner@amdiv.de
|
||||
Florian Weimer Florian.Weimer@rus.uni-stuttgart.de
|
||||
Frank Donahoe fdonahoe@wilkes1.wilkes.edu
|
||||
Frank Heckenbach heckenb@mi.uni-erlangen.de
|
||||
Frank Stajano frank.stajano@cl.cam.ac.uk
|
||||
|
||||
@ -479,6 +479,7 @@ command --update-trustdb.
|
||||
There are a few other options which control how this command works.
|
||||
Most notable here is the --merge-only options which does not insert new keys
|
||||
but does only the merging of new signatures, user-IDs and subkeys.
|
||||
See also the option --allow-secret-key-import.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
|
||||
@ -1404,6 +1405,14 @@ handing out the secret key.
|
||||
Don't insert new keys into the keyrings while doing an import.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--allow-secret-key-import</term>
|
||||
<listitem><para>
|
||||
Allow import of secret keys. The import command normally skips secret
|
||||
keys because a secret key can otherwise be used to attack the trust
|
||||
calculation.
|
||||
</para></listitem></varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--try-all-secrets</term>
|
||||
<listitem><para>
|
||||
|
||||
@ -1,3 +1,11 @@
|
||||
2000-12-07 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* g10.c: New option --allow-secret-key-import.
|
||||
* import.c (import_keys,import_keys_stream): Honor this option.
|
||||
(import): New arg allow_secret and pass that arg down to ...
|
||||
(import_secret_one): to this and print a warnign if secret key
|
||||
importing is not allowed.
|
||||
|
||||
2000-12-05 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* cipher.c (cipher_filter): Moved the end_encryption status ...
|
||||
|
||||
@ -183,6 +183,7 @@ enum cmd_and_opt_values { aNull = 0,
|
||||
oDisablePubkeyAlgo,
|
||||
oAllowNonSelfsignedUID,
|
||||
oAllowFreeformUID,
|
||||
oAllowSecretKeyImport,
|
||||
oEnableSpecialFilenames,
|
||||
oNoLiteral,
|
||||
oSetFilesize,
|
||||
@ -389,6 +390,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
|
||||
{ oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" },
|
||||
{ oMergeOnly, "merge-only", 0, "@" },
|
||||
{ oAllowSecretKeyImport, "allow-secret-key-import", 0, "@" },
|
||||
{ oTryAllSecrets, "try-all-secrets", 0, "@" },
|
||||
{ oEnableSpecialFilenames, "enable-special-filenames", 0, "@" },
|
||||
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
|
||||
@ -954,6 +956,7 @@ main( int argc, char **argv )
|
||||
opt.override_session_key = pargs.r.ret_str;
|
||||
break;
|
||||
case oMergeOnly: opt.merge_only = 1; break;
|
||||
case oAllowSecretKeyImport: opt.allow_secret_key_import = 1; break;
|
||||
case oTryAllSecrets: opt.try_all_secrets = 1; break;
|
||||
case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
|
||||
case oEnableSpecialFilenames:
|
||||
|
||||
24
g10/import.c
24
g10/import.c
@ -54,11 +54,11 @@ static struct {
|
||||
} stats;
|
||||
|
||||
|
||||
static int import( IOBUF inp, int fast, const char* fname );
|
||||
static int import( IOBUF inp, int fast, const char* fname, int allow_secret );
|
||||
static void print_stats(void);
|
||||
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
|
||||
static int import_one( const char *fname, KBNODE keyblock, int fast );
|
||||
static int import_secret_one( const char *fname, KBNODE keyblock );
|
||||
static int import_secret_one( const char *fname, KBNODE keyblock, int allow );
|
||||
static int import_revoke_cert( const char *fname, KBNODE node );
|
||||
static int chk_self_sigs( const char *fname, KBNODE keyblock,
|
||||
PKT_public_key *pk, u32 *keyid );
|
||||
@ -127,7 +127,7 @@ import_keys( char **fnames, int nnames, int fast )
|
||||
if( !inp )
|
||||
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
|
||||
else {
|
||||
int rc = import( inp, fast, fname );
|
||||
int rc = import( inp, fast, fname, opt.allow_secret_key_import );
|
||||
iobuf_close(inp);
|
||||
if( rc )
|
||||
log_error("import from `%s' failed: %s\n", fname,
|
||||
@ -148,7 +148,7 @@ import_keys_stream( IOBUF inp, int fast )
|
||||
|
||||
/* fixme: don't use static variables */
|
||||
memset( &stats, 0, sizeof( stats ) );
|
||||
rc = import( inp, fast, "[stream]" );
|
||||
rc = import( inp, fast, "[stream]", opt.allow_secret_key_import );
|
||||
print_stats();
|
||||
if( !fast )
|
||||
sync_trustdb();
|
||||
@ -156,7 +156,7 @@ import_keys_stream( IOBUF inp, int fast )
|
||||
}
|
||||
|
||||
static int
|
||||
import( IOBUF inp, int fast, const char* fname )
|
||||
import( IOBUF inp, int fast, const char* fname, int allow_secret )
|
||||
{
|
||||
PACKET *pending_pkt = NULL;
|
||||
KBNODE keyblock;
|
||||
@ -174,7 +174,7 @@ import( IOBUF inp, int fast, const char* fname )
|
||||
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
|
||||
rc = import_one( fname, keyblock, fast );
|
||||
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
|
||||
rc = import_secret_one( fname, keyblock );
|
||||
rc = import_secret_one( fname, keyblock, allow_secret );
|
||||
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
|
||||
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
|
||||
rc = import_revoke_cert( fname, keyblock );
|
||||
@ -556,9 +556,12 @@ import_one( const char *fname, KBNODE keyblock, int fast )
|
||||
|
||||
/****************
|
||||
* Ditto for secret keys. Handling is simpler than for public keys.
|
||||
* We allow secret key importing only when allow is true, this is so
|
||||
* that a secret key can not be imported accidently and thereby tampering
|
||||
* with the trust calculation.
|
||||
*/
|
||||
static int
|
||||
import_secret_one( const char *fname, KBNODE keyblock )
|
||||
import_secret_one( const char *fname, KBNODE keyblock, int allow )
|
||||
{
|
||||
PKT_secret_key *sk;
|
||||
KBNODE node, uidnode;
|
||||
@ -586,6 +589,13 @@ import_secret_one( const char *fname, KBNODE keyblock )
|
||||
putc('\n', stderr);
|
||||
}
|
||||
stats.secret_read++;
|
||||
if (!allow) {
|
||||
log_info ( _("secret key %08lX not imported "
|
||||
"(use %s to allow for it)\n"),
|
||||
(ulong)keyid[1], "--allow-secret-key-import");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if( !uidnode ) {
|
||||
log_error( _("key %08lX: no user ID\n"), (ulong)keyid[1]);
|
||||
return 0;
|
||||
|
||||
@ -97,6 +97,7 @@ struct {
|
||||
int show_session_key;
|
||||
int use_agent;
|
||||
int merge_only;
|
||||
int allow_secret_key_import;
|
||||
int try_all_secrets;
|
||||
} opt;
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user