Tweaked v3 -c decryption, let --force-v4-certs use SHA-1 for all RSA keys.

4 files changed, 39 insertions, 9 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 5ce79becd..96e783f76 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,11 @@
 2001-11-08  Werner Koch  <[email protected]>
 
+	* pubkey-enc.c (get_it): To reduce the number of questions on the
+	MLs print the the name of cipher algorithm 1 with the error message.
+
+	* mainproc.c: Changed the way old rfc1991 encryption cipher is
+	selected. Based on a patch by W Lewis.
+
 	* pkclist.c (do_edit_ownertrust): Allow to skip over keys, the non
 	working "show info" is now assigned to "i" 
 	* trustdb.c (ask_ownertrust, validate_keys): Implement a real quit
@@ -11,7 +17,7 @@
 
 	* g10.c, options.h : New option --[no-]froce-v4-certs.
 	* sign.c (make_keysig_packet): Create v4 sigs on v4 keys even with
-	a v3 key.  Use new option.  By David Shaw
+	a v3 key.  Use that new option.  By David Shaw
 
 	* revoke.c (ask_revocation_reason): Allow to select "no reason".
 	By David Shaw.
diff --git a/g10/mainproc.c b/g10/mainproc.c
index f8db5fa0d..f2d29b2bd 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -421,12 +421,33 @@ proc_encrypted( CTX c, PACKET *pkt )
     if( opt.list_only )
 	result = -1;
     else if( !c->dek && !c->last_was_session_key ) {
-        int algo = opt.def_cipher_algo ? opt.def_cipher_algo
-                                       : opt.s2k_cipher_algo;
+        int algo;
+        STRING2KEY s2kbuf, *s2k = NULL;
+
 	/* assume this is old style conventional encrypted data */
-        log_info(_("assuming %s encrypted data\n"),
-                 cipher_algo_to_string (algo) );
-	c->dek = passphrase_to_dek( NULL, 0, algo, NULL, 0);
+        if ( (algo = opt.def_cipher_algo))
+            log_info (_("assuming %s encrypted data\n"),
+                        cipher_algo_to_string(algo));
+        else if ( check_cipher_algo(CIPHER_ALGO_IDEA) ) {
+            algo = opt.def_cipher_algo;
+            if (!algo)
+                algo = opt.s2k_cipher_algo;;
+            log_info (_("IDEA cipher unavailable, "
+                        "optimistically attempting to use %s instead\n"),
+                       cipher_algo_to_string(algo));
+        }
+        else {
+            algo = CIPHER_ALGO_IDEA;
+            if (!opt.def_digest_algo) {
+                /* If no digest is given we assume MD5 */
+                s2kbuf.mode = 0;
+                s2kbuf.hash_algo = DIGEST_ALGO_MD5;
+                s2k = &s2kbuf;
+            }
+            log_info (_("assuming %s encrypted data\n"), "IDEA");
+        }
+
+	c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0 );
         if (c->dek)
             c->dek->algo_info_printed = 1;
     }
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 7ef9a5a0f..613c4737a 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -173,8 +173,8 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
     rc = check_cipher_algo( dek->algo );
     if( rc ) {
 	if( !opt.quiet && rc == G10ERR_CIPHER_ALGO ) {
-	    log_info(_("cipher algorithm %d is unknown or disabled\n"),
-							    dek->algo);
+	    log_info(_("cipher algorithm %d%s is unknown or disabled\n"),
+                     dek->algo, dek->algo == CIPHER_ALGO_IDEA? " (IDEA)":"");
 	}
 	dek->algo = 0;
 	goto leave;
diff --git a/g10/sign.c b/g10/sign.c
index f5d2dae11..5da8073b3 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1002,7 +1002,10 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
             break;
 	  case PUBKEY_ALGO_RSA_S:
 	  case PUBKEY_ALGO_RSA:
-            digest_algo = sk->version < 4? DIGEST_ALGO_MD5 : DIGEST_ALGO_SHA1;
+            if (opt.force_v4_sigs || sk->version > 3)
+              digest_algo = DIGEST_ALGO_SHA1;
+            else
+              digest_algo = DIGEST_ALGO_MD5;
             break;
 	  default:
             digest_algo = DIGEST_ALGO_RMD160;