diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | g10/keyedit.c | 11 |
2 files changed, 13 insertions, 1 deletions
@@ -1,6 +1,9 @@ Noteworthy changes in version 2.5.7 (unreleased) ------------------------------------------------ + * gpg: Allow updating a SHA-1 key certification w/o using + the --force-sign-key option. [T7663] + Noteworthy changes in version 2.5.6 (2025-05-08) ------------------------------------------------ diff --git a/g10/keyedit.c b/g10/keyedit.c index 1f3f8f3b3..eebeecfcd 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -855,7 +855,16 @@ sign_uids (ctrl_t ctrl, estream_t fp, _("\"%s\" was already signed by key %s\n"), user, keystr_from_pk (pk)); - if (opt.flags.force_sign_key + if (node->pkt->pkt.signature->digest_algo + == DIGEST_ALGO_SHA1 + && !opt.flags.allow_weak_key_signatures) + { + /* Allow updating a signature to a stronger + * digest algorithm without an extra option. */ + xfree (user); + continue; + } + else if (opt.flags.force_sign_key || (opt.expert && !(flags & SIGN_UIDS_QUICK) && cpr_get_answer_is_yes ("sign_uid.dupe_okay", _("Do you want to sign it " |