security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10
History
Werner Koch 915297705a
kbx: Redefine the UBID which is now the primary fingerprint. 
* common/util.h (UBID_LEN): New.  Use it at all places.
* kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item.
* kbx/keybox-dump.c (print_ubib): Remove.
(_keybox_dump_blob): Do not print the now removed ubid flag.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants
for the size of the ubid and grip.
* kbx/keybox-search.c (blob_cmp_ubid): New.
(has_ubid): Make it a simple wrapper around blob_cmp_ubid.
(keybox_get_data): Add arg 'r_ubid'.

* kbx/frontend.h (enum kbxd_store_modes): New.
* kbx/kbxserver.c (cmd_store): Add new option --insert.

* kbx/backend-cache.c (be_cache_initialize): New.
(be_cache_add_resource): Call it here.
* kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'.
(be_kbx_search): Get the UBID from keybox_get_data.
* kbx/backend-support.c (be_fingerprint_from_blob): Replace by ...
(be_ubid_from_blob): new.  Change all callers.

* kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but
use the new cache init function.
(kbxd_store): Replace arg 'only_update' by 'mode'.  Seek using the
ubid.  Take care of the mode.
--

It turned out that using the hash of the entire blob was not helpful.
Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint
of the blob.  In case this is a v5 OpenPGP key a left truncated
version of the SHA-256 hash is used; in all other cases the full SHA-1
hash.  Using a SHA-256 hash does not make sense because v4 keys are
and will for some time be the majority of keys and thus padding them
with zeroes won't make any difference.  Even if fingerprint collisions
can eventually be created we will assume that the keys are bogus and
that it does not make sense to store its twin also in our key storage.
We can also easily extend the update code to detect a collision and
reject the update.

Signed-off-by: Werner Koch <wk@gnupg.org>
 		2019-11-28 11:16:13 +01:00
..
ChangeLog-2011 Spelling: correct spelling of "passphrase". 2016-11-02 12:53:58 +01:00
Makefile.am Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
all-tests.scm tests: Make it possible to run all tests using our infrastructure. 2017-05-11 18:12:37 +02:00
armor.c g10: Fix possible null dereference. 2019-05-14 11:20:07 +09:00
build-packet.c gpg: Move a keydb function to another file. 2019-11-27 11:58:47 +01:00
call-agent.c gpg: New option --use-only-openpgp-card 2019-08-21 14:13:51 +02:00
call-agent.h card: Fix showing KDF object attribute. 2019-07-19 13:26:49 +09:00
call-dirmngr.c dirmngr,gpg: Better diagnostic in case of bad TLS certificates. 2019-11-18 18:26:55 +01:00
call-dirmngr.h gpg: Store key origin info for new DANE and WKD retrieved keys. 2017-07-24 20:09:52 +02:00
call-keyboxd.c kbx: Redefine the UBID which is now the primary fingerprint. 2019-11-28 11:16:13 +01:00
card-util.c gpg: Use modern spelling for the female salutation. 2019-08-22 10:24:16 +02:00
cipher-aead.c g10: Fix log_debug formatting. 2018-11-08 12:14:23 +09:00
cipher-cfb.c gpg: Remove MDC options 2018-05-29 12:42:52 +02:00
compress-bz2.c g10,tools: Fix bzlib.h include order. 2017-04-11 13:52:19 +09:00
compress.c gpg: Fix minor memory leak in the compress filter. 2018-05-02 20:15:10 +02:00
cpr.c spelling: Fix "synchronize" 2019-06-23 20:21:02 -04:00
dearmor.c Revert "g10: Always save standard revocation certificate in file." 2017-08-01 19:08:16 +02:00
decrypt-data.c common: Allow a readlimit for iobuf_esopen. 2019-09-10 15:45:58 +02:00
decrypt.c gpg: Fix using --decrypt along with --use-embedded-filename. 2019-05-17 13:40:24 +02:00
dek.h gpg: More check for symmetric key encryption. 2019-07-18 11:02:34 +09:00
delkey.c gpg: Remove an unused variable. 2019-11-06 14:47:29 +01:00
distsigkey.gpg build: Update distsigkey.gpg 2017-11-22 20:54:47 +01:00
ecdh.c Fix the previous commit. 2019-03-14 08:23:38 +09:00
encrypt.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
exec.c gpg: photoid: Move functions from exec.c. 2019-07-25 11:21:58 +09:00
exec.h gpg: photoid: Move functions from exec.c. 2019-07-25 11:21:58 +09:00
expand-group.c gpg: Fix expand GPG groups when resolving a key 2019-09-30 14:08:13 +02:00
export.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
filter.h g10/armor: use libgcrypt's CRC24 implementation 2018-11-08 21:31:12 +02:00
free-packet.c gpg: Fix possible double free of the card serialno. 2017-07-21 17:49:10 +02:00
getkey.c gpg: More fix of get_best_pubkey_byname. 2019-10-17 10:46:34 +09:00
gpg-w32info.rc w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpg.c gpg: Add option --allow-weak-key-signatures. 2019-11-07 10:36:17 +01:00
gpg.h gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
gpg.w32-manifest.in w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpgcompose.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
gpgsql.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
gpgsql.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
gpgv.c g10: Change decryption key selection for public key encryption. 2018-08-27 13:12:31 +09:00
helptext.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
import.c gpg: Fix a potential loss of key sigs during import with self-sigs-only. 2019-11-07 15:07:25 +01:00
kbnode.c gpg: Avoid importing secret keys if the keyblock is not valid. 2019-03-15 20:41:38 +01:00
key-check.c gpg: Improve import's repair-key duplicate signature detection. 2018-06-07 18:41:17 +02:00
key-check.h gpg: Avoid output to the tty during import. 2017-07-27 11:38:57 +02:00
key-clean.c gpg: Rework the signature subpacket iteration function. 2019-09-05 20:38:23 +02:00
key-clean.h headers: fix spelling 2018-10-25 16:53:05 -04:00
keydb-private.h kbx: Redefine the UBID which is now the primary fingerprint. 2019-11-28 11:16:13 +01:00
keydb.c kbx: Redefine the UBID which is now the primary fingerprint. 2019-11-28 11:16:13 +01:00
keydb.h gpg: Fix expand GPG groups when resolving a key 2019-09-30 14:08:13 +02:00
keyedit.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
keyedit.h gpg: During secret key import print "sec" instead of "pub". 2019-03-15 19:14:34 +01:00
keygen.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
keyid.c gpg: Cache a once computed fingerprint in PKT_public_key. 2019-04-12 11:11:09 +02:00
keylist.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
keyring.c gpg: Fix keyring retrieval. 2019-07-10 15:06:54 +09:00
keyring.h gpg: Pass CTRL to many more functions. 2017-03-31 20:07:20 +02:00
keyserver-internal.h gpg: Pass key origin values to import functions. 2017-07-13 18:29:01 +02:00
keyserver.c gpg: Fix --recv-key in case of a given fingerprint. 2019-09-30 18:03:31 +02:00
main.h gpg: Add option --allow-weak-key-signatures. 2019-11-07 10:36:17 +01:00
mainproc.c gpg: Rework the signature subpacket iteration function. 2019-09-05 20:38:23 +02:00
mdfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
migrate.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
misc.c gpg: Add option --allow-weak-key-signatures. 2019-11-07 10:36:17 +01:00
objcache.c doc: Minor doc updates and a typo fix. 2019-09-25 16:21:30 +02:00
objcache.h gpg: Fix getting User ID. 2019-07-11 12:32:44 +09:00
openfile.c gpg: Rename a misnomed arg in open_outfile. 2018-01-28 18:59:18 +01:00
options.h gpg: Add option --allow-weak-key-signatures. 2019-11-07 10:36:17 +01:00
packet.h gpg: Move a keydb function to another file. 2019-11-27 11:58:47 +01:00
parse-packet.c gpg: Fix a recently introduced printf format buglet. 2019-09-27 15:57:52 +02:00
passphrase.c gpg: Move S2K encoding function to a shared file. 2019-01-26 23:10:38 +01:00
photoid.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
photoid.h gpg: A little clean up. 2019-07-23 12:04:21 +09:00
pkclist.c gpg: Fix expand GPG groups when resolving a key 2019-09-30 14:08:13 +02:00
pkglue.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pkglue.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
plaintext.c gpg: Fix using --decrypt along with --use-embedded-filename. 2019-05-17 13:40:24 +02:00
progress.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pubkey-enc.c gpg: Return the last error for pubkey decryption. 2019-07-05 15:16:08 +09:00
pubring.asc Update copyright notices for 2017. 2017-01-23 19:16:55 +01:00
revoke.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
rmd160.c Clean up word replication. 2017-02-21 13:11:46 -05:00
rmd160.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
seckey-cert.c More change for common. 2017-03-07 20:32:09 +09:00
server.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
seskey.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
sig-check.c gpg: Add option --allow-weak-key-signatures. 2019-11-07 10:36:17 +01:00
sign.c gpg: Forbid the creation of SHA-1 third-party key signatures. 2019-11-11 11:41:00 +01:00
skclist.c gpg: Improve the code to decrypt using PIV cards. 2019-04-03 17:45:35 +02:00
t-keydb-get-keyblock.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
t-keydb-get-keyblock.gpg gpg: Correctly handle keyblocks followed by legacy keys. 2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx g10: Add test for keydb as well as new testing infrastructure. 2015-09-02 15:08:57 +02:00
t-keydb.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
t-rmd160.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-stutter-data.asc gpg: Add a new test. 2016-03-08 14:08:49 +01:00
t-stutter.c g10: Stop compiler warning for t-stutter. 2017-05-10 11:13:03 +09:00
tdbdump.c Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
tdbio.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
tdbio.h gpg: Pass CTRL arg to get_trusthashrec. 2018-03-26 18:06:43 +02:00
test-stubs.c g10: Change decryption key selection for public key encryption. 2018-08-27 13:12:31 +09:00
test.c tests: Locate resources and scripts relative to top source dir. 2017-04-24 14:14:05 +02:00
textfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
tofu.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
tofu.h g10: Remove dead code. 2016-12-06 12:16:56 +01:00
trust.c gpg: Move key cleaning functions to a separate file. 2018-07-06 11:40:16 +02:00
trustdb.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
trustdb.h gpg: Move key cleaning functions to a separate file. 2018-07-06 11:40:16 +02:00
verify.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
zlib-riscos.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00