| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* g10/main.h (import_filter_t): New.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()
--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.
Signed-off-by: Stefan Tomanek <[email protected]>
Re-indention and minor changes by wk.
Resolved conflicts:
g10/import.c
g10/keyserver.c
g10/main.h
|
|
* g10/misc.c (openpgp_pk_algo_name): New. Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E. Return an error for ECC algos.
(openpgp_pk_test_algo2): Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
--
Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks. This patches fixes that and
also make sure that gpg does advertise any ECC features. The patch in
build_list is not really needed.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--
By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id. The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.
Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <[email protected]>
|
|
* keyserver.c (print_keyrec): Honor --keyid-format when getting back
full fingerprints from the keyserver (the comment in the code was
correct, the code was not).
|
|
* g10/misc.c (map_pk_openpgp_to_gcry): New.
* g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
--
Although we don't have support for ECC, we want to print a proper
algorithm name in keyserver listings. This will only work while using
a ECC enabled Libgcrypt. Problem reported by Kristian Fiskerstrand.
|
|
resorting to keys.{domain}.
|
|
fix reading large certificates.
|
|
From 1.4.
|
|
Add trustdb chnages from 1.4.
Check algo usage for batch key generation.
|
|
addition to full URLs in CERT records.
|
|
|
|
Implemented key helper kdns
|
|
Registry key is not anymore required. Helpfiles are not properly located.
|
|
Removed intl/.
|
|
See the ChangeLogs for details.
|
|
* keyserver.c: Windows Vista doesn't grok X_OK and so fails access()
tests. Previous versions interpreted X_OK as F_OK anyway, so we'll
just use F_OK directly.
|
|
|
|
than whatever key selector the user used on the command line.
|
|
|
|
|
|
shows no prblems. Needs more testing of course.
|
|
|
|
|
|
but no --keyserver set.
|
|
to add "_uri" to certain gpgkeys_xxx helpers when the meaning is
different if a path is provided (i.e. ldap).
|
|
a place not in the regular include search path.
|
|
|
|
Still does not build.
|
|
The gpg part does not yet build.
|
|
both the fingerprint alone, and fingerprint+URL cases.
* getkey.c (get_pubkey_byname): Minor cleanup.
|
|
|
|
same API as the other auto-key-locate fetchers.
* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched. This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it. In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker. By forcing the use of
the fingerprint, we won't use the attacker's key here.
|
|
keyserver_import_cert, keyserver_import_name, keyserver_import_ldap):
Pass fingerprint info through.
|
|
the key being imported. (import_keys_internal, import_keys_stream,
import): Change all callers.
|
|
--no-auto-key-locate.
* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.
* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New. Find a keyserver that matches ours and
return its spec.
* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
|
|
used.
|
|
treatment of include-revoked, include-subkeys, and try-dns-srv. These are
keyserver features, and GPG shouldn't get involved here.
|
|
options to the list, as ordering may be significant to the user.
|
|
(parse_keyserver_options): Moved from here. (parse_keyserver_uri): Use it
here so each keyserver can have some private options in addition to the
main keyserver-options (e.g. per-keyserver auth).
|
|
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
|
|
auto-cert-retrieve as it is no longer meaningful. Add max-cert-size to
allow users to pick a max key size retrieved via CERT.
|
|
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.
|
|
importing at -r time. The URL in the PKA record may point to a key put in
by an attacker. Fix is to use the fingerprint from the PKA record as the
recipient. This ensures that the PKA record is followed.
* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
|
|
* keyserver-internal.h, keyserver.c (keyserver_import_ldap): Import using
the PGP Universal trick of asking ldap://keys.(maildomain) for the key.
|
|
even when we've assumed "hkp" when there was no scheme.
|
|
direct_uri flag so the right keyserver helper is run.
|
|
keyserver helpers on systems that use extensions.
* misc.c (path_access) [HAVE_DRIVE_LETTERS]: Do the right thing with
drive letter systems.
|
|
in a refresh batch has a preferred keyserver set. Noted by Nicolas
Rachinsky.
|
|
(keyserver_import_pka), card-util.c (fetch_url): Always require a
scheme:// for keyserver URLs except when used as part of the
--keyserver command for backwards compatibility.
|
|
getkey.c:get_pubkey_byname which was getting crowded.
* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records. Can handle both the PGP (actual key) and IPGP (URL) CERT types.
* getkey.c (get_pubkey_byname): Call them both here.
* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
|
