5 files changed, 85 insertions, 6 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 1e044a535..7c5cd3c32 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,17 @@
+2001-12-07  David Shaw  <[email protected]>
+
+	* g10.c, options.h: New option --pgp2.  This is identical to
+	"--rfc1991 --cipher-algo idea --compress-algo 1 --digest-algo md5
+	--force_v3_sigs" with the addition of an warning to advise the
+	user not to use a pipe (which would break pgp2 compatibility).
+
+	* encode.c (encode_crypt): warn if the user tries to encrypt to
+	any key that is not RSA and <= 2048 bits when the --pgp2 option is
+	used.
+
+	* sign.c (sign_file, clearsign_file): When using --pgp2, make a v3
+	sig, and warn if the signature is made with a non-v3 key.
+
 2001-12-05  David Shaw  <[email protected]>
 
 	* sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt
diff --git a/g10/encode.c b/g10/encode.c
index 7d9f0952f..a90f35993 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -250,7 +250,7 @@ encode_crypt( const char *filename, STRLIST remusr )
     armor_filter_context_t afx;
     compress_filter_context_t zfx;
     text_filter_context_t tfx;
-    PK_LIST pk_list;
+    PK_LIST pk_list,work_list;
     int do_compress = opt.compress && !opt.rfc1991;
 
 
@@ -263,6 +263,17 @@ encode_crypt( const char *filename, STRLIST remusr )
     if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
 	return rc;
 
+    if(opt.pgp2)
+      for(work_list=pk_list;work_list->next!=NULL;work_list=work_list->next)
+	if(!(is_RSA(work_list->pk->pubkey_algo) &&
+	     nbits_from_pk(work_list->pk)<=2048))
+	  {
+	    log_info(_("You can only encrypt to RSA keys of 2048 bits or "
+		       "less in --pgp2 mode\n"));
+	    log_info(_("This message will not be usable by PGP 2.x\n"));
+	    break;
+	  }
+
     /* prepare iobufs */
     if( !(inp = iobuf_open(filename)) ) {
 	log_error(_("can't open %s: %s\n"), filename? filename: "[stdin]",
diff --git a/g10/g10.c b/g10/g10.c
index e4062909e..d9a524dcc 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -149,6 +149,8 @@ enum cmd_and_opt_values { aNull = 0,
     oLoadExtension,
     oRFC1991,
     oOpenPGP,
+    oPGP2,
+    oNoPGP2,
     oCipherAlgo,
     oDigestAlgo,
     oCompressAlgo,
@@ -363,6 +365,8 @@ static ARGPARSE_OPTS opts[] = {
     { oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
     { oRFC1991, "rfc1991",   0, N_("emulate the mode described in RFC1991")},
     { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
+    { oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")},
+    { oNoPGP2, "no-pgp2", 0, "@"},
     { oS2KMode, "s2k-mode",  1, N_("|N|use passphrase mode N")},
     { oS2KDigest, "s2k-digest-algo",2,
 		N_("|NAME|use message digest algorithm NAME for passphrases")},
@@ -1013,6 +1017,8 @@ main( int argc, char **argv )
 	    opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
 	    opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
 	    break;
+	  case oPGP2: opt.pgp2 = 1; break;
+	  case oNoPGP2: opt.pgp2 = 0; break;
 	  case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
 	  case oEmu3DESS2KBug:	opt.emulate_bugs |= EMUBUG_3DESS2K; break;
 	  case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
@@ -1267,6 +1273,28 @@ main( int argc, char **argv )
     if (preference_list && keygen_set_std_prefs (preference_list))
         log_error(_("invalid preferences\n"));
 
+    /* Do this after the switch(), so it can override these
+       settings. */
+    if(opt.pgp2)
+      {
+	opt.rfc1991 = 1;
+	opt.rfc2440 = 0;
+	opt.force_v4_certs = 0;
+	opt.no_comment = 1;
+	opt.escape_from = 1;
+	opt.force_v3_sigs = 1;
+	opt.pgp2_workarounds = 1;
+	opt.def_cipher_algo = CIPHER_ALGO_IDEA;
+	if( cmd==aEncr && check_cipher_algo(CIPHER_ALGO_IDEA) ) {
+	  log_info(_("Encrypting a message to a PGP 2.x user requires "
+		     "the IDEA cipher module.\n"));
+	  log_error(_("Please see http://www.gnupg.org/why-not-idea.html"
+		      " for more information.\n"));
+	}
+	opt.def_digest_algo = DIGEST_ALGO_MD5;
+	opt.def_compress_algo = 1;
+      }
+
     if( log_get_errorcount(0) )
 	g10_exit(2);
 
@@ -1385,6 +1413,12 @@ main( int argc, char **argv )
 	break;
 
       case aEncr: /* encrypt the given file */
+	if( argc == 0 && opt.pgp2 ) {
+	  log_info(_("You must use files (and not a pipe) when "
+		     "encrypting with --pgp2 enabled.\n"));
+	  log_info(_("This message will not be usable by PGP 2.x\n"));
+	}
+
 	if( argc > 1 )
 	    wrong_args(_("--encrypt [filename]"));
 	if( (rc = encode_crypt(fname,remusr)) )
@@ -1413,6 +1447,10 @@ main( int argc, char **argv )
       case aSignEncr: /* sign and encrypt the given file */
 	if( argc > 1 )
 	    wrong_args(_("--sign --encrypt [filename]"));
+        if(opt.pgp2) {
+	  log_info(_("You can't sign and encrypt at the same time while in --pgp2 mode\n"));
+	  log_info(_("This message will not be usable by PGP 2.x\n"));
+	}
 	if( argc ) {
 	    sl = m_alloc_clear( sizeof *sl + strlen(fname));
 	    strcpy(sl->d, fname);
diff --git a/g10/options.h b/g10/options.h
index cbcb33fed..4f4eca4bf 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -1,4 +1,3 @@
-
 /* options.h
  * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
  *
@@ -77,6 +76,7 @@ struct {
     int compress_keys;
     int compress_sigs;
     int always_trust;
+    int pgp2;
     int rfc1991;
     int rfc2440;
     int pgp2_workarounds;
diff --git a/g10/sign.c b/g10/sign.c
index 61380d016..d1860b438 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -550,14 +550,22 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
     if( fname && filenames->next && (!detached || encryptflag) )
 	log_bug("multiple files can only be detached signed");
 
-    if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style)
+    if(opt.expert && !opt.pgp2 && !opt.batch &&
+       !opt.force_v3_sigs && !old_style)
       duration=ask_expire_interval(1);
 
     if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
 	goto leave;
-    if( !old_style && !duration )
+    if( (!old_style && !duration) || opt.pgp2 )
 	old_style = only_old_style( sk_list );
 
+    if(!old_style && opt.pgp2)
+      {
+	log_info(_("You can only sign with PGP 2.x style keys "
+		    "while in --pgp2 mode\n"));
+	log_info(_("This message will not be usable by PGP 2.x\n"));
+      }
+
     if( encryptflag ) {
 	if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) )
 	    goto leave;
@@ -719,14 +727,22 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
     memset( &afx, 0, sizeof afx);
     init_packet( &pkt );
 
-    if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style)
+    if(opt.expert && !opt.pgp2 && !opt.batch &&
+       !opt.force_v3_sigs && !old_style)
       duration=ask_expire_interval(1);
 
     if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
 	goto leave;
-    if( !old_style && !duration )
+    if( (!old_style && !duration) || opt.pgp2 )
 	old_style = only_old_style( sk_list );
 
+    if(!old_style && opt.pgp2)
+      {
+	log_info(_("You can only clearsign with PGP 2.x style keys "
+		   "while in --pgp2 mode\n"));
+	log_info(_("This message will not be usable by PGP 2.x\n"));
+      }
+
     /* prepare iobufs */
     if( !(inp = iobuf_open(fname)) ) {
 	log_error("can't open %s: %s\n", fname? fname: "[stdin]",