mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-01 22:28:02 +02:00
825abec0e7
* common/pkscreening.c: New.
* common/pkscreening.h: New.
* common/Makefile.am (common_sources): Add them.
* g10/gpg.c (opts): New option --with-key-screening.
* g10/options.h (struct opt): New field with_key_screening.
* g10/keylist.c: Include pkscreening.h.
(print_pk_screening): New.
(list_keyblock_print): Call it.
(print_compliance_flags): Call it.
* sm/gpgsm.c (opts): New option --with-key-screening.
* sm/gpgsm.h (scruct opt): New field with_key_screening.
* sm/keylist.c: Include pkscreening.h.
(print_pk_screening): New.
(print_compliance_flags): Call it. Add new arg cert.
(list_cert_colon): Pass arg cert
(list_cert_std): Call print_pk_screening.
* sm/fingerprint.c (gpgsm_get_rsa_modulus): New.
--
This new option can be used to detect ROCA affected keys. To scan an
entire keyring and print the affected fingerprints use this:
gpg -k --with-key-screening --with-colons | gawk -F: \
'$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next};
$1=="fpr" && found {print $10}; {found=0}'
The same works for gpgsm. Note that we need gawk due to the "\<" in
the r.e.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
||
|---|---|---|
| .. | ||
| call-agent.c | ||
| call-dirmngr.c | ||
| certchain.c | ||
| certcheck.c | ||
| certdump.c | ||
| certlist.c | ||
| certreqgen-ui.c | ||
| certreqgen.c | ||
| ChangeLog-2011 | ||
| decrypt.c | ||
| delete.c | ||
| encrypt.c | ||
| export.c | ||
| fingerprint.c | ||
| gpgsm-w32info.rc | ||
| gpgsm.c | ||
| gpgsm.h | ||
| import.c | ||
| keydb.c | ||
| keydb.h | ||
| keylist.c | ||
| Makefile.am | ||
| minip12.c | ||
| minip12.h | ||
| misc.c | ||
| passphrase.c | ||
| passphrase.h | ||
| qualified.c | ||
| server.c | ||
| sign.c | ||
| verify.c | ||