gpg: Print PGP-2 fingerprint instead of all zeroes.

* g10/keyid.c (fingerprint_from_pk): Allow PGP-2 fingerprints.
* g10/keylist.c (print_fingerprint): Print a warning after a PGP-2
fingerprint.
--

Printing all zeroes for a PGP-2 (v3 key) fingerprint has the problem
that frontends (or the user) may use that fingerprint to lookup a key
and gpg will return all PGP2 keys.  They may then show a different
PGP-2 key than the one actually used for a signature.  This is worse
than displaying a weak fingerprint.

GnuPG-bug-id: 2000
Signed-off-by: Werner Koch <[email protected]>

2 files changed, 9 insertions, 1 deletions

diff --git a/g10/keyid.c b/g10/keyid.c
index ef6ee1c11..83020e96b 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -670,7 +670,7 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len )
 
   if ( pk->version < 4 )
     {
-      if ( is_RSA(pk->pubkey_algo) && opt.flags.allow_weak_digest_algos)
+      if (is_RSA(pk->pubkey_algo))
         {
           /* RSA in version 3 packets is special. */
           gcry_md_hd_t md;
diff --git a/g10/keylist.c b/g10/keylist.c
index bb19bc30a..457695b68 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1590,6 +1590,14 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
         putc ('\n', fp);
     else
         tty_printf ("\n");
+
+    if (n==16 && !opt.with_colons && !opt.flags.allow_weak_digest_algos)
+      {
+        if (fp)
+          fprintf (fp, _("WARNING: a PGP-2 fingerprint is not safe\n"));
+        else
+          tty_printf (_("WARNING: a PGP-2 fingerprint is not safe\n"));
+      }
 }
 
 /* Print the serial number of an OpenPGP card if available. */