Werner Koch
e7abed3448
gpg: Protect against rogue keyservers sending secret keys.
...
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--
By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id. The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.
Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 13:44:39 +02:00
..
2010-05-12 16:18:49 +00:00
2011-08-04 12:22:04 +02:00
2013-04-25 09:33:33 +02:00
2009-12-21 16:19:09 +00:00
2011-07-07 11:20:53 +02:00
2011-12-02 19:28:02 +01:00
2012-05-24 10:55:11 +02:00
2007-11-19 16:03:50 +00:00
2009-09-03 11:29:25 +00:00
2007-07-04 19:49:40 +00:00
2009-08-06 20:12:00 +00:00
2007-11-19 16:03:50 +00:00
2007-11-19 16:03:50 +00:00
2007-11-19 16:03:50 +00:00
2009-06-05 14:11:03 +00:00
2012-05-24 10:55:11 +02:00
2013-04-23 18:06:46 +02:00
2007-07-04 19:49:40 +00:00
2007-11-19 16:03:50 +00:00
2007-07-04 19:49:40 +00:00
2007-07-04 19:49:40 +00:00
2013-10-04 08:53:49 +02:00
2013-05-07 21:17:04 +02:00
2013-08-02 09:26:32 +02:00
2013-01-03 20:21:20 +01:00
2013-08-19 11:22:11 +02:00
2007-12-04 15:00:14 +00:00
2013-10-04 13:44:39 +02:00
2007-07-04 19:49:40 +00:00
2013-01-03 20:21:20 +01:00
2009-12-21 16:19:09 +00:00
2011-08-04 12:22:04 +02:00
2013-10-04 08:54:25 +02:00
2011-07-01 10:33:43 +02:00
2012-05-24 10:55:11 +02:00
2009-07-20 11:02:20 +00:00
2009-04-03 10:34:22 +00:00
2007-07-04 19:49:40 +00:00
2013-10-04 13:44:39 +02:00
2012-11-27 17:35:16 +01:00
2013-10-04 08:20:49 +02:00
2013-05-07 21:17:04 +02:00
2007-11-19 16:03:50 +00:00
2013-04-23 18:06:46 +02:00
2007-07-04 19:49:40 +00:00
2000-07-31 08:04:16 +00:00
2013-10-04 13:44:39 +02:00
2013-08-06 10:04:12 +02:00
2009-09-03 20:51:55 +00:00
2011-07-22 13:56:14 +02:00
2010-01-11 16:05:26 +00:00
2013-04-23 18:06:46 +02:00
2008-10-03 20:00:46 +00:00
2012-12-19 11:29:37 +01:00
2011-06-13 14:35:30 +02:00
2007-07-04 19:49:40 +00:00
2010-05-12 10:53:02 +00:00
2007-07-04 19:49:40 +00:00
2009-06-05 14:11:03 +00:00
2000-07-31 08:04:16 +00:00
2009-06-24 14:03:09 +00:00
2008-12-12 12:01:20 +00:00
2008-12-12 08:54:50 +00:00
2010-03-12 17:24:06 +00:00
2010-02-12 15:15:34 +00:00
2009-06-05 14:11:03 +00:00
2011-08-04 12:22:04 +02:00
2013-04-22 19:59:34 +02:00
2009-05-26 09:29:02 +00:00
2009-08-06 20:12:00 +00:00
2008-12-11 17:44:52 +00:00
2008-10-20 13:53:23 +00:00
2012-01-19 23:03:56 -05:00
2012-01-19 23:03:56 -05:00
2007-11-19 16:03:50 +00:00
2012-08-24 10:33:28 +02:00
2012-01-19 23:03:56 -05:00
2008-10-20 13:53:23 +00:00