security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity
gnupg/sm
History
Werner Koch 2c75af9f65
sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs. 
* sm/keylist.c (print_compliance_flags): Also check the diges_also.
--

A certificate with algorithm sha1WithRSAEncryption can be de-vs
compliant (e.g. if the next in the chain used sha256WithRSAEncryption
to sign it and RSA is long enough) but flagging it as such is useless
because that certificate can't be used because it will create
signatures using the non-compliant SHA-1 algorithm.

Well, it could be used for encryption.  But also evaluating the
key-usage flags here would make it harder for the user to understand
why certain certificates are listed as de-vs compliant and others are
not.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-28 14:45:21 +01:00
..
call-agent.c sm: Support generation of card-based ed25519 CSR. 2019-02-18 11:33:20 +09:00
call-dirmngr.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
certchain.c all: fix more spelling errors 2018-10-25 16:53:05 -04:00
certcheck.c Use the gpgrt log functions if possible. 2017-11-27 15:00:25 +01:00
certdump.c Use the gpgrt log functions if possible. 2017-11-27 15:00:25 +01:00
certlist.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
certreqgen-ui.c sm: In --gen-key with "key from card" show also the algorithm. 2019-02-08 12:35:26 +01:00
certreqgen.c sm: Fix certificate creation with key on card. 2019-02-21 17:32:39 +01:00
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-01 11:09:02 +01:00
decrypt.c Use the gpgrt log functions if possible. 2017-11-27 15:00:25 +01:00
delete.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
encrypt.c gpg,sm: String changes for compliance diagnostics. 2017-07-28 17:46:43 +02:00
export.c sm: Fix minor memory leak in --export-p12. 2018-02-14 14:54:51 +01:00
fingerprint.c Use the gpgrt log functions if possible. 2017-11-27 15:00:25 +01:00
gpgsm-w32info.rc w32: Add icons and version information. 2013-05-07 21:35:48 +02:00
gpgsm.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
gpgsm.h headers: fix spelling 2018-10-25 16:53:05 -04:00
import.c Use the gpgrt log functions if possible. 2017-11-27 15:00:25 +01:00
keydb.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
keydb.h gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource. 2016-11-10 17:07:28 +01:00
keylist.c sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs. 2019-02-28 14:45:21 +01:00
Makefile.am Remove -I option to common. 2017-03-07 20:25:54 +09:00
minip12.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
minip12.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
misc.c sm: Prepare algo mapping to handle values > 255. 2019-02-21 08:51:50 +01:00
passphrase.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
passphrase.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
qualified.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
server.c sm: Add OPTION request-origin. 2018-03-23 15:07:56 +01:00
sign.c gpg,sm: String changes for compliance diagnostics. 2017-07-28 17:46:43 +02:00
verify.c Use the gpgrt log functions if possible. 2017-11-27 15:00:25 +01:00