1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Werner Koch 825abec0e7
gpg,sm: New option --with-key-screening.
* common/pkscreening.c: New.
* common/pkscreening.h: New.
* common/Makefile.am (common_sources): Add them.
* g10/gpg.c (opts): New option --with-key-screening.
* g10/options.h (struct opt): New field with_key_screening.
* g10/keylist.c: Include pkscreening.h.
(print_pk_screening): New.
(list_keyblock_print): Call it.
(print_compliance_flags): Call it.
* sm/gpgsm.c (opts): New option --with-key-screening.
* sm/gpgsm.h (scruct opt): New field with_key_screening.
* sm/keylist.c:  Include pkscreening.h.
(print_pk_screening): New.
(print_compliance_flags): Call it.  Add new arg cert.
(list_cert_colon): Pass arg cert
(list_cert_std): Call print_pk_screening.
* sm/fingerprint.c (gpgsm_get_rsa_modulus): New.
--

This new option can be used to detect ROCA affected keys.  To scan an
entire keyring and print the affected fingerprints use this:

  gpg -k --with-key-screening --with-colons | gawk -F: \
       '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next};
        $1=="fpr" && found {print $10}; {found=0}'

The same works for gpgsm.  Note that we need gawk due to the "\<" in
the r.e.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-17 21:10:19 +02:00
..
2017-02-21 13:11:46 -05:00
2017-04-28 10:06:33 +09:00
2015-10-28 10:20:17 +01:00
2017-04-28 10:06:33 +09:00
2015-11-17 12:50:22 +01:00
2017-04-28 10:06:33 +09:00
2017-03-30 16:13:43 +02:00
2017-02-21 13:11:46 -05:00
2017-02-21 13:11:46 -05:00
2016-03-02 14:27:30 +01:00
2017-04-28 10:06:33 +09:00
2017-02-21 13:11:46 -05:00
2017-02-21 13:11:46 -05:00
2017-02-21 13:11:46 -05:00
2017-01-05 20:43:40 +01:00
2017-02-21 13:11:46 -05:00
2017-09-27 09:33:14 +02:00
2017-02-21 13:11:46 -05:00

Common functionality used by all modules of GnuPG.