security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity
gnupg/g10
History
Werner Koch 40595b5793
gpg: Set a limit of 5 to the number of keys imported from the WKD. 
* g10/import.c (import): Limit the number of considered keys to 5.
(import_one): Return the first fingerprint in case of WKD.
--

The Web Key Directory should carry only one key.  However, some
providers like to put old or expired keys also into the WKD.  I don't
thunk that this is a good idea but I heard claims that this is needed
for them to migrate existing key data bases.

This patch puts a limit on 5 on it (we had none right now) and also
fixes the issue that gpg could not work immediately with the requested
key because the code uses the fingerprint of the key to use the
imported key.  Now the first key is used.  On a second try (w/o
accessing the WKD) the regular key selection mechanism would be in
effect.  I think this is the most conservative approach.  Let's see
whether it helps.

Signed-off-by: Werner Koch <wk@gnupg.org>
 		2019-04-11 09:55:27 +02:00
..
ChangeLog-2011 Spelling: correct spelling of "passphrase". 2016-11-02 12:53:58 +01:00
Makefile.am gpg: Move key cleaning functions to a separate file. 2018-07-06 11:40:16 +02:00
all-tests.scm tests: Make it possible to run all tests using our infrastructure. 2017-05-11 18:12:37 +02:00
armor.c g10/armor: optimize radix64 to binary conversion 2018-11-08 21:31:12 +02:00
build-packet.c gpg: Implement v5 keys and v5 signatures. 2019-03-14 11:26:54 +01:00
call-agent.c gpg: Improve the code to decrypt using PIV cards. 2019-04-03 17:45:35 +02:00
call-agent.h gpg: Improve the code to decrypt using PIV cards. 2019-04-03 17:45:35 +02:00
call-dirmngr.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
call-dirmngr.h gpg: Store key origin info for new DANE and WKD retrieved keys. 2017-07-24 20:09:52 +02:00
card-util.c gpg: Prepare card code to allow other than OpenPGP cards. 2019-04-01 19:24:33 +02:00
cipher-aead.c g10: Fix log_debug formatting. 2018-11-08 12:14:23 +09:00
cipher-cfb.c gpg: Remove MDC options 2018-05-29 12:42:52 +02:00
compress-bz2.c g10,tools: Fix bzlib.h include order. 2017-04-11 13:52:19 +09:00
compress.c gpg: Fix minor memory leak in the compress filter. 2018-05-02 20:15:10 +02:00
cpr.c gpg: Simplify an interactive import status line. 2019-03-15 13:03:34 +01:00
dearmor.c Revert "g10: Always save standard revocation certificate in file." 2017-08-01 19:08:16 +02:00
decrypt-data.c g10/decrypt-data: use iobuf_read for higher performance 2018-11-08 21:31:12 +02:00
decrypt.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
dek.h gpg: First take on PKT_ENCRYPTED_AEAD. 2018-01-21 16:30:53 +01:00
delkey.c kbx: Unify the fingerprint search modes. 2019-03-14 14:55:06 +01:00
distsigkey.gpg build: Update distsigkey.gpg 2017-11-22 20:54:47 +01:00
ecdh.c Fix the previous commit. 2019-03-14 08:23:38 +09:00
encrypt.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
exec.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
exec.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
export.c kbx: Unify the fingerprint search modes. 2019-03-14 14:55:06 +01:00
filter.h g10/armor: use libgcrypt's CRC24 implementation 2018-11-08 21:31:12 +02:00
free-packet.c gpg: Fix possible double free of the card serialno. 2017-07-21 17:49:10 +02:00
getkey.c gpg: Fix printing of the user id during import. 2019-04-05 17:02:43 +02:00
gpg-w32info.rc w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpg.c kbx: Unify the fingerprint search modes. 2019-03-14 14:55:06 +01:00
gpg.h Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
gpg.w32-manifest.in w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpgcompose.c gpg: During secret key import print "sec" instead of "pub". 2019-03-15 19:14:34 +01:00
gpgsql.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
gpgsql.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
gpgv.c g10: Change decryption key selection for public key encryption. 2018-08-27 13:12:31 +09:00
helptext.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
import.c gpg: Set a limit of 5 to the number of keys imported from the WKD. 2019-04-11 09:55:27 +02:00
kbnode.c gpg: Avoid importing secret keys if the keyblock is not valid. 2019-03-15 20:41:38 +01:00
key-check.c gpg: Improve import's repair-key duplicate signature detection. 2018-06-07 18:41:17 +02:00
key-check.h gpg: Avoid output to the tty during import. 2017-07-27 11:38:57 +02:00
key-clean.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
key-clean.h headers: fix spelling 2018-10-25 16:53:05 -04:00
keydb.c kbx: Unify the fingerprint search modes. 2019-03-14 14:55:06 +01:00
keydb.h gpg: Fix printing of the user id during import. 2019-04-05 17:02:43 +02:00
keyedit.c gpg: Allow import of PGP desktop exported secret keys. 2019-03-18 13:07:14 +01:00
keyedit.h gpg: During secret key import print "sec" instead of "pub". 2019-03-15 19:14:34 +01:00
keygen.c gpg: Improve the code to decrypt using PIV cards. 2019-04-03 17:45:35 +02:00
keyid.c gpg: Print modern style key info for non-decryptable keys. 2019-04-03 09:04:49 +02:00
keylist.c gpg: Make invalid primary key algos obvious in key listings. 2019-03-05 12:39:11 +01:00
keyring.c kbx: Unify the fingerprint search modes. 2019-03-14 14:55:06 +01:00
keyring.h gpg: Pass CTRL to many more functions. 2017-03-31 20:07:20 +02:00
keyserver-internal.h gpg: Pass key origin values to import functions. 2017-07-13 18:29:01 +02:00
keyserver.c kbx: Unify the fingerprint search modes. 2019-03-14 14:55:06 +01:00
main.h gpg: Allow import of PGP desktop exported secret keys. 2019-03-18 13:07:14 +01:00
mainproc.c gpg: Print modern style key info for non-decryptable keys. 2019-04-03 09:04:49 +02:00
mdfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
migrate.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
misc.c gpg: Allow generating Ed25519 key from an existing key. 2019-01-30 11:28:14 +01:00
openfile.c gpg: Rename a misnomed arg in open_outfile. 2018-01-28 18:59:18 +01:00
options.h gpg: New list-option "show-only-fpr-mbox". 2018-12-04 15:31:41 +01:00
packet.h gpg: Implement v5 keys and v5 signatures. 2019-03-14 11:26:54 +01:00
parse-packet.c gpg: Implement v5 keys and v5 signatures. 2019-03-14 11:26:54 +01:00
passphrase.c gpg: Move S2K encoding function to a shared file. 2019-01-26 23:10:38 +01:00
photoid.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
photoid.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
pkclist.c gpg: Remove unused arg from a function. 2018-08-28 15:16:19 +02:00
pkglue.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pkglue.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
plaintext.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
progress.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pubkey-enc.c gpg: Allow decryption using PIV cards. 2019-04-03 15:30:10 +02:00
pubring.asc Update copyright notices for 2017. 2017-01-23 19:16:55 +01:00
revoke.c gpg: Prepare revocation keys for use with v5 keys. 2018-12-04 15:43:19 +01:00
rmd160.c Clean up word replication. 2017-02-21 13:11:46 -05:00
rmd160.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
seckey-cert.c More change for common. 2017-03-07 20:32:09 +09:00
server.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
seskey.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
sig-check.c gpg: Implement v5 keys and v5 signatures. 2019-03-14 11:26:54 +01:00
sign.c gpg: Implement v5 keys and v5 signatures. 2019-03-14 11:26:54 +01:00
skclist.c gpg: Improve the code to decrypt using PIV cards. 2019-04-03 17:45:35 +02:00
t-keydb-get-keyblock.c gpg: Fix actual leak and possible leaks in the packet parser. 2017-03-30 16:01:52 +02:00
t-keydb-get-keyblock.gpg gpg: Correctly handle keyblocks followed by legacy keys. 2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx g10: Add test for keydb as well as new testing infrastructure. 2015-09-02 15:08:57 +02:00
t-keydb.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-rmd160.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-stutter-data.asc gpg: Add a new test. 2016-03-08 14:08:49 +01:00
t-stutter.c g10: Stop compiler warning for t-stutter. 2017-05-10 11:13:03 +09:00
tdbdump.c Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
tdbio.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
tdbio.h gpg: Pass CTRL arg to get_trusthashrec. 2018-03-26 18:06:43 +02:00
test-stubs.c g10: Change decryption key selection for public key encryption. 2018-08-27 13:12:31 +09:00
test.c tests: Locate resources and scripts relative to top source dir. 2017-04-24 14:14:05 +02:00
textfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
tofu.c common: Prepare for parsing mail sub-addresses. 2018-11-12 07:44:33 +01:00
tofu.h g10: Remove dead code. 2016-12-06 12:16:56 +01:00
trust.c gpg: Move key cleaning functions to a separate file. 2018-07-06 11:40:16 +02:00
trustdb.c common: Prepare for parsing mail sub-addresses. 2018-11-12 07:44:33 +01:00
trustdb.h gpg: Move key cleaning functions to a separate file. 2018-07-06 11:40:16 +02:00
verify.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
zlib-riscos.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00