diff options
| author | Werner Koch <[email protected]> | 2013-10-04 11:44:39 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2014-03-07 09:14:05 +0000 |
| commit | db1f74ba5338f624f146a3cb41a346e46b15c8f9 (patch) | |
| tree | 29852506d1074216fa8bf3c031a4053b8705c579 /g10/keyserver.c | |
| parent | agent: Fix UPDATESTARTUPTTY for ssh. (diff) | |
| download | gnupg-db1f74ba5338f624f146a3cb41a346e46b15c8f9.tar.gz gnupg-db1f74ba5338f624f146a3cb41a346e46b15c8f9.zip | |
gpg: Protect against rogue keyservers sending secret keys.
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--
By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id. The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.
Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit e7abed3448c1c1a4e756c12f95b665b517d22ebe)
Resolved conflicts:
g10/import.c
g10/keyserver.c
Diffstat (limited to 'g10/keyserver.c')
| -rw-r--r-- | g10/keyserver.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/g10/keyserver.c b/g10/keyserver.c index 4de56fc46..28b4a1010 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1578,11 +1578,14 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, harmless to ignore them, but ignoring them does make gpg complain about "no valid OpenPGP data found". One way to do this could be to continue parsing this line-by-line and make - a temp iobuf for each key. */ + a temp iobuf for each key. Note that we don't allow the + import of secret keys from a keyserver. Keyservers should + never accept or send them but we better protect against rogue + keyservers. */ import_keys_es_stream (ctrl, datastream, stats_handle, NULL, NULL, - opt.keyserver_options.import_options); - + (opt.keyserver_options.import_options + | IMPORT_NO_SECKEY)); import_print_stats (stats_handle); import_release_stats_handle (stats_handle); } @@ -1721,7 +1724,8 @@ keyserver_import_cert (ctrl_t ctrl, opt.no_armor=1; err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len, - opt.keyserver_options.import_options); + (opt.keyserver_options.import_options + | IMPORT_NO_SECKEY)); opt.no_armor=armor_status; |