security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-07-03 02:58:57 +02:00
Code Activity
cf01cf8b88
gnupg/g10
History
NIIBE Yutaka cf01cf8b88 gpgv: Tweak default options for extra security. 
* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status.  Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.

--

(backport of master
commit e32c575e0f)

It is common that an organization distributes binary keyrings with
signature cache (Tag 12, Trust Packet) and people use gpgv to validate
signature with such keyrings.  In such a use case, it is possible that
the key validation itself is skipped.

For the purpose of gpgv validation of signatures, we should not depend
on signature cache in keyrings (if any), but we should validate the key
by its self signature for primary key, and back signature for subkey.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-09 10:41:08 +09:00
..
apdu.c Use inline functions to convert buffer data to scalars. 2015-02-23 10:47:26 +01:00
apdu.h First set of changes to backport the new card code from 2.0. 2009-07-21 14:30:13 +00:00
app-common.h First set of changes to backport the new card code from 2.0. 2009-07-21 14:30:13 +00:00
app-openpgp.c Use inline functions to convert buffer data to scalars. 2015-02-23 10:47:26 +01:00
armor.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
build-packet.c gpg: Fix segv due to NULL value stored as opaque MPI 2015-02-23 10:56:21 +01:00
card-util.c Preparing a release candidate 2010-09-23 08:15:45 +00:00
cardglue.c support more hash algorithms to support the v2 card 2010-07-24 09:18:42 +00:00
cardglue.h support more hash algorithms to support the v2 card 2010-07-24 09:18:42 +00:00
ccid-driver.c Use inline functions to convert buffer data to scalars. 2015-02-23 10:47:26 +01:00
ccid-driver.h First set of changes to backport the new card code from 2.0. 2009-07-21 14:30:13 +00:00
ChangeLog-2011 Rename all ChangeLog files to ChangeLog-2011. 2011-12-02 19:42:56 +01:00
cipher.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
compress-bz2.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
compress.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
dearmor.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
decrypt.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
delkey.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
encode.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
encr-data.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
exec.c Revert that last stupid setuid detection fix. 2008-07-17 19:47:19 +00:00
exec.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
export.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
filter.h gpg: Print better diagnostics for keyserver operations. 2015-02-23 10:52:37 +01:00
free-packet.c g10: fix cmp_public_key and cmp_secret_keys. 2015-04-30 17:20:08 +09:00
getkey.c g10: Improve handling of no corresponding public key. 2015-05-19 10:14:09 +09:00
global.h Add kbnode_t for easier backporting. 2014-08-06 18:33:21 +02:00
gpg.c g10: Fix --list-packets. 2016-06-28 16:10:14 +09:00
gpgv.c gpgv: Tweak default options for extra security. 2016-07-09 10:41:08 +09:00
helptext.c Fix typos spotted during translations 2012-08-24 16:37:44 +02:00
import.c gpg: Remove an unused variable. 2015-02-23 10:53:05 +01:00
iso7816.c minor changes for VMS 2009-12-15 11:07:43 +00:00
iso7816.h Last minute fixes 2009-09-02 17:30:53 +00:00
kbnode.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keydb.c gpg: signal handling fix 2013-07-12 17:26:55 +09:00
keydb.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keyedit.c gpg: Print a warning if the subkey expiration may not be what you want. 2015-02-23 10:36:18 +01:00
keygen.c g10: Fix keysize with --expert. 2016-07-06 11:45:05 +09:00
keyid.c gpg: Fix segv due to NULL value stored as opaque MPI 2015-02-23 10:56:21 +01:00
keylist.c Print hash algorithm in sig records 2014-06-23 14:57:32 +02:00
keyring.c gpg: Prevent an invalid memory read using a garbled keyring. 2015-02-23 10:46:07 +01:00
keyring.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keyserver-internal.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
keyserver.c Switch to a hash and CERT record based PKA system. 2015-02-26 18:30:08 +01:00
main.h gpg: Add option --weak-digest to gpg and gpgv. 2015-12-19 15:14:27 +01:00
mainproc.c g10: Fix --list-packets. 2016-06-28 16:10:14 +09:00
Makefile.am Don't link gpgv with libreadline 2011-02-23 15:13:40 +01:00
mdfilter.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
misc.c gpg: Add option --weak-digest to gpg and gpgv. 2015-12-19 15:14:27 +01:00
openfile.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 19:41:24 +01:00
OPTIONS See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
options.h g10: Fix --list-packets. 2016-06-28 16:10:14 +09:00
options.skel * options.skel: Make the example for force-v3-sigs match reality (it 2010-09-28 16:13:24 +00:00
packet.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
parse-packet.c g10: Fix --list-packets. 2016-06-28 16:10:14 +09:00
passphrase.c Pass DBUS_SESSION_BUS_ADDRESS for gnome3 2015-12-17 15:14:56 +01:00
photoid.c * photoid.c (generate_photo_id): Check for the JPEG magic numbers 2011-04-05 23:47:58 -04:00
photoid.h * main.h, mainproc.c (check_sig_and_print), keylist.c 2008-10-03 19:54:30 +00:00
pipemode.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
pkclist.c gpg: Use more specific reason codes for INV_RECP. 2014-06-23 09:25:45 +02:00
plaintext.c gpg: Make the use of "--verify FILE" for detached sigs harder. 2014-11-14 19:41:24 +01:00
progress.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
pubkey-enc.c Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
pubring.asc See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch 2000-07-31 08:04:16 +00:00
revoke.c Fix a couple of minor bugs. 2009-06-24 14:01:20 +00:00
seckey-cert.c Protect against NULL return of mpi_get_opaque. 2015-02-23 11:04:35 +01:00
seskey.c * sig-check.c (do_check): Code to try both the incorrect and correct 2007-11-28 23:08:35 +00:00
sig-check.c gpg: Add option --weak-digest to gpg and gpgv. 2015-12-19 15:14:27 +01:00
sign.c Obsolete option --no-sig-create-check. 2015-09-01 07:47:14 +02:00
signal.c gpg: signal handling fix 2013-07-12 17:26:55 +09:00
skclist.c Fix bug 1045. 2009-05-11 09:37:25 +00:00
status.c Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
status.h Support the not anymore patented IDEA cipher algorithm. 2012-11-08 13:25:02 +01:00
tdbdump.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
tdbio.c g10: Fix another race condition for trustdb access. 2016-06-15 09:01:00 +09:00
tdbio.h gpg: Do not require a trustdb with --always-trust. 2013-10-11 09:35:01 +02:00
textfilter.c g10: Fix iobuf API of filter function for alignment. 2016-01-26 15:38:27 +09:00
tlv.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00
tlv.h Switched to GPLv3. 2007-10-23 10:48:09 +00:00
trustdb.c gpg: Avoid cluttering stdout with trustdb info in verbose mode. 2015-11-20 13:23:31 +01:00
trustdb.h Changes to --min-cert-level should cause a trustdb rebuild (issue 1366) 2012-01-19 22:33:51 -05:00
verify.c Switched to GPLv3. 2007-10-23 10:48:09 +00:00