diff options
| author | Werner Koch <[email protected]> | 2007-12-12 17:41:05 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2007-12-12 17:41:05 +0000 |
| commit | aeb5a65f7c07de88dc497da76ea4b2060802230a (patch) | |
| tree | efe2de5ca859c61f08ae76423b3f67d0b88b9239 | |
| parent | Doc fixes. (diff) | |
| download | gnupg-aeb5a65f7c07de88dc497da76ea4b2060802230a.tar.gz gnupg-aeb5a65f7c07de88dc497da76ea4b2060802230a.zip | |
Allow type 20 keys only with option --rfc2440.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | g10/ChangeLog | 7 | ||||
| -rw-r--r-- | g10/misc.c | 15 |
3 files changed, 24 insertions, 1 deletions
@@ -14,7 +14,8 @@ Noteworthy changes in version 2.0.8 * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the pinentry. - * Allow encryption using Elgamal keys with the algorithm id 20. + * Allow encryption with legacy Elgamal sign+encrypt keys with option + --rfc2440. * Fixed the auto creation of the key stub for smartcards. diff --git a/g10/ChangeLog b/g10/ChangeLog index dba73c96e..99e677eaf 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,10 @@ +2007-12-12 Werner Koch <[email protected]> + + * misc.c (print_pubkey_algo_note): Print a warning if a type 20 + key is used. + (openpgp_pk_test_algo, openpgp_pk_test_algo2) + (openpgp_pk_algo_usage): Allow type 20 keys only in rfc2440 mode. + 2007-12-12 David Shaw <[email protected]> (wk) * trustdb.c (sanitize_regexp): New. Protect against dangerous diff --git a/g10/misc.c b/g10/misc.c index fa85e61c7..233c40264 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -289,6 +289,10 @@ print_pubkey_algo_note( int algo ) gcry_pk_algo_name (algo)); } } + else if (algo == 20) + { + log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n")); + } } void @@ -387,6 +391,10 @@ openpgp_cipher_algo_name (int algo) int openpgp_pk_test_algo( int algo ) { + /* Dont't allow type 20 keys unless in rfc2440 mode. */ + if (!RFC2440 && algo == 20) + return gpg_error (GPG_ERR_PUBKEY_ALGO); + if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; @@ -400,6 +408,10 @@ openpgp_pk_test_algo2( int algo, unsigned int use ) { size_t use_buf = use; + /* Dont't allow type 20 keys unless in rfc2440 mode. */ + if (!RFC2440 && algo == 20) + return gpg_error (GPG_ERR_PUBKEY_ALGO); + if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; @@ -427,6 +439,9 @@ openpgp_pk_algo_usage ( int algo ) use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG; break; case PUBKEY_ALGO_ELGAMAL: + if (RFC2440) + use = PUBKEY_USAGE_ENC; + break; case PUBKEY_ALGO_ELGAMAL_E: use = PUBKEY_USAGE_ENC; break; |