security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10
History
Werner Koch fb26e144ad
gpg: New option --override-compliance-check 
* g10/gpg.c (oOverrideComplianceCheck): New.
(opts): Add new option.
(main): Set option and add check for batch mode.
* g10/options.h (opt): Add flags.override_compliance_check.

* g10/sig-check.c (check_signature2): Factor complaince checking out
to ...
(check_key_verify_compliance): this.  Turn error into a warning in
override mode.
--

There is one important use case for this: For systems configured
globally to use de-vs mode, Ed25519 and other key types are not
allowed because they are not listred in the BSI algorithm catalog.
Now, our release signing keys happen to be Ed25519 and thus we need to
offer a way for users to check new versions even if the system is in
de-vs mode.  This does on purpose not work in --batch mode so that
scripted solutions won't accidently pass a signature check.

GnuPG-bug-id: 5655
 		2021-10-13 17:25:28 +02:00
..
ChangeLog-2011 Spelling: correct spelling of "passphrase". 2016-11-02 12:53:58 +01:00
Makefile.am gpg: Remove more or less useless tool gpgcompose. 2021-02-02 13:06:33 +01:00
all-tests.scm tests: Make it possible to run all tests using our infrastructure. 2017-05-11 18:12:37 +02:00
armor.c g10: Fix possible null dereference. 2019-05-14 11:20:07 +09:00
build-packet.c gpg,ecc: Handle external representation as SOS with opaque MPI. 2020-06-09 10:32:47 +09:00
call-agent.c g10: Avoid memory leaks 2021-05-20 14:42:29 +02:00
call-agent.h gpg: Add new command keytotpm to convert a private key to TPM format 2021-03-10 13:34:18 +01:00
call-dirmngr.c gpg,sm: Simplify keyserver spec parsing. 2021-06-16 12:03:13 +02:00
call-dirmngr.h gpg: Lookup a missing public key of the current card via LDAP. 2021-04-16 20:21:23 +02:00
call-keyboxd.c keyboxd: Fix searching for exact mail addresses. 2021-04-21 14:40:08 +02:00
card-util.c gpg: Return SUCCESS/FAILURE status also for --card-edit/name. 2021-08-19 14:09:27 +02:00
cipher-aead.c g10: Fix log_debug formatting. 2018-11-08 12:14:23 +09:00
cipher-cfb.c gpg: Remove MDC options 2018-05-29 12:42:52 +02:00
compress-bz2.c g10,tools: Fix bzlib.h include order. 2017-04-11 13:52:19 +09:00
compress.c gpg: Fix minor memory leak in the compress filter. 2018-05-02 20:15:10 +02:00
cpr.c g10: Fix memory leaks 2021-05-20 13:38:39 +02:00
dearmor.c Revert "g10: Always save standard revocation certificate in file." 2017-08-01 19:08:16 +02:00
decrypt-data.c gpg: Make AEAD modes subject to compliance checks. 2020-04-16 08:52:29 +02:00
decrypt.c gpg: Fix using --decrypt along with --use-embedded-filename. 2019-05-17 13:40:24 +02:00
dek.h gpg: More check for symmetric key encryption. 2019-07-18 11:02:34 +09:00
delkey.c gpg: Fix the previous commit. 2020-11-11 09:13:13 +09:00
distsigkey.gpg Update release signing keys. 2021-09-14 10:15:20 +02:00
ecdh.c gpg: Allow ECDH with a smartcard returning just the x-ccordinate. 2021-03-29 14:36:52 +02:00
encrypt.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:48:15 +02:00
exec.c w32: Change spawn functions to use Unicode version of CreateProcess. 2021-03-08 21:53:28 +01:00
exec.h gpg: photoid: Move functions from exec.c. 2019-07-25 11:21:58 +09:00
expand-group.c gpg: Fix expand GPG groups when resolving a key 2019-09-30 14:08:13 +02:00
export.c gpg: Support exporting Ed448 SSH key. 2021-03-22 16:57:18 +09:00
filter.h g10/armor: use libgcrypt's CRC24 implementation 2018-11-08 21:31:12 +02:00
free-packet.c gpg: Skip the packet when not used for AEAD. 2021-09-28 14:49:21 +09:00
getkey.c gpg: Handle backsig for v5 signature. 2021-09-29 11:30:00 +09:00
gpg-w32info.rc w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpg.c gpg: New option --override-compliance-check 2021-10-13 17:25:28 +02:00
gpg.h gpg: Improve speed of secret key listing. 2021-05-19 02:42:35 +02:00
gpg.w32-manifest.in w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpgsql.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
gpgsql.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
gpgv.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:48:15 +02:00
helptext.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
import.c gpg: Print a warning when importing a bad cv25519 secret key. 2021-09-14 13:00:40 +02:00
kbnode.c gpg: Avoid importing secret keys if the keyblock is not valid. 2019-03-15 20:41:38 +01:00
key-check.c gpg: Fix debug output for key_check_all_keysigs with opaque MPI. 2020-11-02 11:32:27 +09:00
key-check.h gpg: Avoid output to the tty during import. 2017-07-27 11:38:57 +02:00
key-clean.c gpg: Sort the signatures in standard key listings. 2020-10-27 17:21:19 +01:00
key-clean.h headers: fix spelling 2018-10-25 16:53:05 -04:00
keydb-private.h gpg: Set the found-by flags in the keyblock in keyboxd mode. 2020-09-22 16:20:41 +02:00
keydb.c w32: Replace some fopen by es_fopen. 2020-11-11 15:23:22 +01:00
keydb.h gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:48:15 +02:00
keyedit.c g10: Avoid memory leaks 2021-05-20 14:42:29 +02:00
keyedit.h gpg: New command --quick-revoke-sig 2020-10-28 17:06:27 +01:00
keygen.c gpg: Ed448 and X448 are only for v5 (for subkey). 2021-09-29 09:56:58 +09:00
keyid.c gpg: Fix compute_fingerprint for ECC with SOS. 2021-03-12 16:15:04 +09:00
keylist.c gpg: Improve speed of secret key listing. 2021-05-19 02:42:35 +02:00
keyring.c gpg: Support KEYGRIP search with traditional keyring. 2021-06-03 13:32:25 +09:00
keyring.h gpg: Pass CTRL to many more functions. 2017-03-31 20:07:20 +02:00
keyserver-internal.h gpg,sm: Simplify keyserver spec parsing. 2021-06-16 12:03:13 +02:00
keyserver.c gpg: Let --fetch-key return an exit code on failure. 2021-06-25 09:55:52 +02:00
main.h gpg: Do not use weak digest algos if selected by recipient prefs. 2020-11-02 13:45:19 +01:00
mainproc.c gpg: Report the status of NO_SECKEY for decryption. 2021-08-24 10:39:59 +09:00
mdfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
migrate.c Replace most of the remaining stdio calls by estream calls. 2020-10-20 12:15:56 +02:00
misc.c gpg: Do not allow old cipher algorithms for encryption. 2021-02-10 14:40:02 +01:00
objcache.c Spelling cleanup. 2020-02-18 18:07:46 -05:00
objcache.h gpg: Fix getting User ID. 2019-07-11 12:32:44 +09:00
openfile.c gpg: Partial fix for Unicode problem in output files. 2021-05-25 13:39:59 +02:00
options.h gpg: New option --override-compliance-check 2021-10-13 17:25:28 +02:00
packet.h gpg: Remove support for PKA. 2021-02-02 19:53:21 +01:00
parse-packet.c gpg: Remove support for PKA. 2021-02-02 19:53:21 +01:00
passphrase.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:48:15 +02:00
photoid.c gpg: Keep temp files when opening images via xdg-open 2021-03-01 09:43:26 +01:00
photoid.h gpg: A little clean up. 2019-07-23 12:04:21 +09:00
pkclist.c gpg: Do not allow old cipher algorithms for encryption. 2021-02-10 14:40:02 +01:00
pkglue.c A few minor code cleanups and typo fixes. 2021-05-11 09:06:34 +02:00
pkglue.h gpg: Use bytes for ECDH. 2020-06-09 15:45:51 +09:00
plaintext.c w32: Replace some fopen by es_fopen. 2020-11-11 15:23:22 +01:00
progress.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pubkey-enc.c gpg: Support ECDH with v5 key. 2021-03-24 14:51:42 +09:00
pubring.asc Update copyright notices for 2017. 2017-01-23 19:16:55 +01:00
revoke.c g10: Fix memory leaks 2021-05-20 13:38:39 +02:00
rmd160.c Clean up word replication. 2017-02-21 13:11:46 -05:00
rmd160.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
seckey-cert.c More change for common. 2017-03-07 20:32:09 +09:00
server.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
seskey.c gpg,ecc: Handle external representation as SOS with opaque MPI. 2020-06-09 10:32:47 +09:00
sig-check.c gpg: New option --override-compliance-check 2021-10-13 17:25:28 +02:00
sign.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:48:15 +02:00
skclist.c gpg: Allow decryption w/o public key but with correct card inserted. 2021-04-23 08:50:39 +02:00
t-keydb-get-keyblock.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
t-keydb-get-keyblock.gpg gpg: Correctly handle keyblocks followed by legacy keys. 2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx g10: Add test for keydb as well as new testing infrastructure. 2015-09-02 15:08:57 +02:00
t-keydb.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
t-rmd160.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-stutter-data.asc gpg: Add a new test. 2016-03-08 14:08:49 +01:00
t-stutter.c g10: Stop compiler warning for t-stutter. 2017-05-10 11:13:03 +09:00
tdbdump.c Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
tdbio.c Replace all calls to stat by gnupg_stat. 2020-10-20 16:38:06 +02:00
tdbio.h gpg: Pass CTRL arg to get_trusthashrec. 2018-03-26 18:06:43 +02:00
test-stubs.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:48:15 +02:00
test.c build: Always use EXTERN_UNLESS_MAIN_MODULE pattern. 2020-02-10 16:50:47 +01:00
textfilter.c gpg: Initialize a parameter to silence valgrind. 2020-09-04 11:32:47 +02:00
tofu.c g10: Fix memory leaks 2021-05-20 13:38:39 +02:00
tofu.h g10: Remove dead code. 2016-12-06 12:16:56 +01:00
trust.c gpg: Replace an obsolete trustdb function. 2021-04-23 20:45:25 +02:00
trustdb.c common: Annotate leaked memory in homedir.c 2021-05-21 09:23:04 +02:00
trustdb.h gpg: Replace an obsolete trustdb function. 2021-04-23 20:45:25 +02:00
verify.c gpg: Make really sure that --verify-files always returns an error. 2020-02-10 15:32:55 +01:00
zlib-riscos.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00