diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 8 | ||||
| -rw-r--r-- | g10/getkey.c | 35 | ||||
| -rw-r--r-- | g10/parse-packet.c | 16 |
3 files changed, 57 insertions, 2 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index b82b7d9f9..268af9290 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,11 @@ +Thu Sep 14 17:45:11 CEST 2000 Werner Koch <[email protected]> + + * parse-packet.c (dump_sig_subpkt): Dump key flags. Print special + warning in case of faked ARRs. + + * getkey.c (finsih_lookup): Hack so that for v4 RSA keys the subkey + is used for encryption. + Thu Sep 14 14:20:38 CEST 2000 Werner Koch <[email protected]> * g10.c (main): Default S2K algorithms are now SHA1 and CAST5 - this diff --git a/g10/getkey.c b/g10/getkey.c index 26fcda686..434b8a917 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1598,7 +1598,40 @@ finish_lookup( KBNODE keyblock, PKT_public_key *pk, KBNODE k, byte *namehash, merge_one_pk_and_selfsig( keyblock, keyblock, pk ); } else { - if( primary && pk->pubkey_usage + if( primary && pk->pubkey_usage == PUBKEY_USAGE_ENC + && keyblock->pkt->pkt.public_key->version > 3 + && keyblock->pkt->pkt.public_key->pubkey_algo == PUBKEY_ALGO_RSA + && k->pkt->pkttype == PKT_PUBLIC_KEY ) { + /* Ugly hack to support v4 RSA keys. Here we assume that the + primary key should be used only for signing and a subkey + should be used for encryption. So now look for a subkey. + */ + KBNODE save_k = k; + u32 mainkid[2]; + u32 cur_time = make_timestamp(); + + keyid_from_pk( keyblock->pkt->pkt.public_key, mainkid ); + + for(k = save_k ; k; k = k->next ) { + if( k->pkt->pkttype == PKT_PUBLIC_SUBKEY + && !check_pubkey_algo2( + k->pkt->pkt.public_key->pubkey_algo, + pk->pubkey_usage ) + && !has_expired( k, mainkid, cur_time ) + ) + break; + } + + if( !k ) + k = save_k; /* not found: better use the main key instead */ + else + log_info(_("using secondary key %08lX " + "instead of primary key %08lX\n"), + (ulong)keyid_from_pk( k->pkt->pkt.public_key, NULL), + (ulong)keyid_from_pk( save_k->pkt->pkt.public_key, NULL) + ); + } + else if( primary && pk->pubkey_usage && check_pubkey_algo2( k->pkt->pkt.public_key->pubkey_algo, pk->pubkey_usage ) == G10ERR_WR_PUBKEY_ALGO ) { /* if the usage is not correct, try to use a subkey */ diff --git a/g10/parse-packet.c b/g10/parse-packet.c index eb7cedac7..91aa231b0 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -702,6 +702,18 @@ dump_sig_subpkt( int hashed, int type, int critical, const char *p=NULL; int i; + /* The CERT has warning out with explains how to use GNUPG to + * detect the ARRs - we print our old message here when it is a faked + * ARR and add an additional notice */ + if ( type == SIGSUBPKT_ARR && !hashed ) { + printf("\tsubpkt %d len %u (additional recipient request)\n" + "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically " + "encrypt to this key and thereby reveal the plaintext to " + "the owner of this ARR key. Detailed info follows:\n", + type, (unsigned)length ); + } + + printf("\t%s%ssubpkt %d len %u (", /*)*/ critical ? "critical ":"", hashed ? "hashed ":"", type, (unsigned)length ); @@ -808,7 +820,9 @@ dump_sig_subpkt( int hashed, int type, int critical, print_string( stdout, buffer, length, ')' ); break; case SIGSUBPKT_KEY_FLAGS: - p = "key flags"; + fputs ( "key flags:", stdout ); + for( i=0; i < length; i++ ) + printf(" %02X", buffer[i] ); break; case SIGSUBPKT_SIGNERS_UID: p = "signer's user ID"; |