security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

Changed default algo and size.

Browse Source
This commit is contained in:
Werner Koch 2009-05-17 13:08:18 +00:00
parent c4e92c3344
commit f61e15670a
2 changed files with 151 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
g10/ChangeLog
View File

@ -1,3 +1,12 @@
2009-05-17 Werner Koch <wk@g10code.com>
* keygen.c (ask_algo): Add arg R_SUBKEY_ALGO. Change return value
semantics. Change presented order of algorithms. Make RSA+RSA
the default.
(generate_keypair): Adjust for change.
(ask_keysize): Add arg PRIMARY_KEYSIZE for subkey creation.
Change callers.
2009-05-15 Werner Koch <wk@g10code.com> 2009-05-15 Werner Koch <wk@g10code.com>
* keygen.c (gen_card_key_with_backup): Get the size of the key * keygen.c (gen_card_key_with_backup): Get the size of the key

232
g10/keygen.c
View File

@ -1636,94 +1636,141 @@ ask_key_flags(int algo,int subkey)
} }
/**************** /* Ask for an algorithm. The function returns the algorithm id to
* Returns: 0 to create both a DSA and a Elgamal key. * create. If ADDMODE is false the function won't show an option to
* and only if key flags are to be written the desired usage. * create the primary and subkey combined and won't set R_USAGE
*/ * either. If a combined algorithm has been selected, the subkey
* algorithm is stored at R_SUBKEY_ALGO. */
static int static int
ask_algo (int addmode, unsigned int *r_usage) ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage)
{ {
char *answer; char *answer;
int algo; int algo;
int dummy_algo;
*r_usage = 0; if (!r_subkey_algo)
tty_printf(_("Please select what kind of key you want:\n")); r_subkey_algo = &dummy_algo;
if( !addmode )
tty_printf(_(" (%d) DSA and Elgamal (default)\n"), 1 );
tty_printf( _(" (%d) DSA (sign only)\n"), 2 );
if (opt.expert)
tty_printf( _(" (%d) DSA (set your own capabilities)\n"), 3 );
if( addmode )
tty_printf(_(" (%d) Elgamal (encrypt only)\n"), 4 );
tty_printf( _(" (%d) RSA (sign only)\n"), 5 );
if (addmode)
tty_printf(_(" (%d) RSA (encrypt only)\n"), 6 );
if (opt.expert)
tty_printf( _(" (%d) RSA (set your own capabilities)\n"), 7 );
for(;;) { tty_printf (_("Please select what kind of key you want:\n"));
answer = cpr_get("keygen.algo",_("Your selection? "));
cpr_kill_prompt(); if (!addmode)
algo = *answer? atoi(answer): 1; tty_printf (_(" (%d) RSA and RSA (default)\n"), 1 );
xfree(answer); if (!addmode)
if( algo == 1 && !addmode ) { tty_printf (_(" (%d) DSA and Elgamal\n"), 2 );
algo = 0; /* create both keys */
break; tty_printf (_(" (%d) DSA (sign only)\n"), 3 );
} tty_printf (_(" (%d) RSA (sign only)\n"), 4 );
else if( algo == 7 && opt.expert ) {
algo = PUBKEY_ALGO_RSA; if (addmode)
*r_usage=ask_key_flags(algo,addmode); {
break; tty_printf (_(" (%d) Elgamal (encrypt only)\n"), 5 );
} tty_printf (_(" (%d) RSA (encrypt only)\n"), 6 );
else if( algo == 6 && addmode ) { }
algo = PUBKEY_ALGO_RSA; if (opt.expert)
*r_usage = PUBKEY_USAGE_ENC; {
break; tty_printf (_(" (%d) DSA (set your own capabilities)\n"), 7 );
} tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 );
else if( algo == 5 ) {
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_SIG;
break;
}
else if( algo == 4 && addmode ) {
algo = PUBKEY_ALGO_ELGAMAL_E;
*r_usage = PUBKEY_USAGE_ENC;
break;
}
else if( algo == 3 && opt.expert ) {
algo = PUBKEY_ALGO_DSA;
*r_usage=ask_key_flags(algo,addmode);
break;
}
else if( algo == 2 ) {
algo = PUBKEY_ALGO_DSA;
*r_usage = PUBKEY_USAGE_SIG;
break;
}
else
tty_printf(_("Invalid selection.\n"));
} }
return algo; for(;;)
{
*r_usage = 0;
*r_subkey_algo = 0;
answer = cpr_get ("keygen.algo", _("Your selection? "));
cpr_kill_prompt ();
algo = *answer? atoi (answer) : 1;
xfree(answer);
if (algo == 1 && !addmode)
{
algo = PUBKEY_ALGO_RSA;
*r_subkey_algo = PUBKEY_ALGO_RSA;
break;
}
else if (algo == 2 && !addmode)
{
algo = PUBKEY_ALGO_DSA;
*r_subkey_algo = PUBKEY_ALGO_ELGAMAL_E;
break;
}
else if (algo == 3)
{
algo = PUBKEY_ALGO_DSA;
*r_usage = PUBKEY_USAGE_SIG;
break;
}
else if (algo == 4)
{
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_SIG;
break;
}
else if (algo == 5 && addmode)
{
algo = PUBKEY_ALGO_ELGAMAL_E;
*r_usage = PUBKEY_USAGE_ENC;
break;
}
else if (algo == 6 && addmode)
{
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_ENC;
break;
}
else if (algo == 7 && opt.expert)
{
algo = PUBKEY_ALGO_DSA;
*r_usage = ask_key_flags (algo, addmode);
break;
}
else if (algo == 8 && opt.expert)
{
algo = PUBKEY_ALGO_RSA;
*r_usage = ask_key_flags (algo, addmode);
break;
}
else
tty_printf (_("Invalid selection.\n"));
}
return algo;
} }
/* Ask for the key size. ALGO is the algorithjm. If PRIMARY_KEYSIZE
is not 0, the function asks for the size of the encryption
subkey. */
static unsigned static unsigned
ask_keysize( int algo ) ask_keysize (int algo, unsigned int primary_keysize)
{ {
unsigned int nbits, min, def=2048, max=4096; unsigned int nbits, min, def=2048, max=4096;
int for_subkey = !!primary_keysize;
int autocomp = 0;
if(opt.expert) if(opt.expert)
min=512; min=512;
else else
min=1024; min=1024;
if (primary_keysize && !opt.expert)
{
/* Deduce the subkey size from the primary key size. */
if (algo == PUBKEY_ALGO_DSA && primary_keysize > 3072)
nbits = 3072; /* For performance reasons we don't support more
than 3072 bit DSA. However we won't see this
case anyway because DSA can't be used as an
encryption subkey ;-). */
else
nbits = primary_keysize;
autocomp = 1;
goto leave;
}
switch(algo) switch(algo)
{ {
case PUBKEY_ALGO_DSA: case PUBKEY_ALGO_DSA:
if(opt.flags.dsa2) if(opt.flags.dsa2)
{ {
def=1024; def=2048;
max=3072; max=3072;
} }
else else
@ -1743,18 +1790,16 @@ ask_keysize( int algo )
for(;;) for(;;)
{ {
char *prompt,*answer; char *prompt, *answer;
#define PROMPTSTRING _("What keysize do you want? (%u) ") if (for_subkey)
prompt = xasprintf (_("What keysize do you want "
prompt=xmalloc(strlen(PROMPTSTRING)+20); "for the subkey? (%u) "), def);
sprintf(prompt,PROMPTSTRING,def); else
prompt = xasprintf (_("What keysize do you want? (%u) "), def);
#undef PROMPTSTRING answer = cpr_get ("keygen.size", prompt);
cpr_kill_prompt ();
answer = cpr_get("keygen.size",prompt); nbits = *answer? atoi (answer): def;
cpr_kill_prompt();
nbits = *answer? atoi(answer): def;
xfree(prompt); xfree(prompt);
xfree(answer); xfree(answer);
@ -1767,15 +1812,18 @@ ask_keysize( int algo )
tty_printf(_("Requested keysize is %u bits\n"), nbits ); tty_printf(_("Requested keysize is %u bits\n"), nbits );
leave:
if( algo == PUBKEY_ALGO_DSA && (nbits % 64) ) if( algo == PUBKEY_ALGO_DSA && (nbits % 64) )
{ {
nbits = ((nbits + 63) / 64) * 64; nbits = ((nbits + 63) / 64) * 64;
tty_printf(_("rounded up to %u bits\n"), nbits ); if (!autocomp)
tty_printf(_("rounded up to %u bits\n"), nbits );
} }
else if( (nbits % 32) ) else if( (nbits % 32) )
{ {
nbits = ((nbits + 31) / 32) * 32; nbits = ((nbits + 31) / 32) * 32;
tty_printf(_("rounded up to %u bits\n"), nbits ); if (!autocomp)
tty_printf(_("rounded up to %u bits\n"), nbits );
} }
return nbits; return nbits;
@ -3003,16 +3051,19 @@ generate_keypair (const char *fname, const char *card_serialno,
} }
else else
{ {
algo = ask_algo( 0, &use ); int subkey_algo;
if( !algo )
{ /* default: DSA with ElG subkey of the specified size */ algo = ask_algo (0, &subkey_algo, &use);
if (subkey_algo)
{
/* Create primary and subkey at once. */
both = 1; both = 1;
r = xmalloc_clear( sizeof *r + 20 ); r = xmalloc_clear( sizeof *r + 20 );
r->key = pKEYTYPE; r->key = pKEYTYPE;
sprintf( r->u.value, "%d", PUBKEY_ALGO_DSA ); sprintf( r->u.value, "%d", algo );
r->next = para; r->next = para;
para = r; para = r;
nbits = ask_keysize( PUBKEY_ALGO_DSA ); nbits = ask_keysize (algo, 0);
r = xmalloc_clear( sizeof *r + 20 ); r = xmalloc_clear( sizeof *r + 20 );
r->key = pKEYLENGTH; r->key = pKEYLENGTH;
sprintf( r->u.value, "%u", nbits); sprintf( r->u.value, "%u", nbits);
@ -3024,10 +3075,9 @@ generate_keypair (const char *fname, const char *card_serialno,
r->next = para; r->next = para;
para = r; para = r;
algo = PUBKEY_ALGO_ELGAMAL_E;
r = xmalloc_clear( sizeof *r + 20 ); r = xmalloc_clear( sizeof *r + 20 );
r->key = pSUBKEYTYPE; r->key = pSUBKEYTYPE;
sprintf( r->u.value, "%d", algo ); sprintf( r->u.value, "%d", subkey_algo);
r->next = para; r->next = para;
para = r; para = r;
r = xmalloc_clear( sizeof *r + 20 ); r = xmalloc_clear( sizeof *r + 20 );
@ -3055,10 +3105,10 @@ generate_keypair (const char *fname, const char *card_serialno,
r->next = para; r->next = para;
para = r; para = r;
} }
nbits = 0;
} }
nbits = ask_keysize( algo ); nbits = ask_keysize (algo, nbits);
r = xmalloc_clear( sizeof *r + 20 ); r = xmalloc_clear( sizeof *r + 20 );
r->key = both? pSUBKEYLENGTH : pKEYLENGTH; r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
sprintf( r->u.value, "%u", nbits); sprintf( r->u.value, "%u", nbits);
@ -3658,9 +3708,9 @@ generate_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock)
if (rc) if (rc)
goto leave; goto leave;
algo = ask_algo (1, &use); algo = ask_algo (1, NULL, &use);
assert (algo); assert (algo);
nbits = ask_keysize (algo); nbits = ask_keysize (algo, 0);
expire = ask_expire_interval (0, NULL); expire = ask_expire_interval (0, NULL);
if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay", if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
_("Really create? (y/N) "))) _("Really create? (y/N) ")))
@ -4017,8 +4067,8 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
mode_t oldmask; mode_t oldmask;
keyid_from_sk (sk, NULL); keyid_from_sk (sk, NULL);
sprintf (name_buffer,"sk_%08lX%08lX.gpg", snprintf (name_buffer, sizeof name_buffer, "sk_%08lX%08lX.gpg",
(ulong)sk->keyid[0], (ulong)sk->keyid[1]); (ulong)sk->keyid[0], (ulong)sk->keyid[1]);
fname = make_filename (backup_dir, name_buffer, NULL); fname = make_filename (backup_dir, name_buffer, NULL);
oldmask = umask (077); oldmask = umask (077);