diff options
Diffstat (limited to '')
| -rw-r--r-- | doc/gpg.texi | 9 | ||||
| -rw-r--r-- | g10/gpg.c | 3 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | g10/sign.c | 9 |
4 files changed, 7 insertions, 15 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index a5cbafd6b..9d62afb7f 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1629,15 +1629,6 @@ modifications, you can use this option to disable the caching. It probably does not make sense to disable it because all kind of damage can be done if someone else has write access to your public keyring. -@item --no-sig-create-check -@opindex no-sig-create-check -GnuPG normally verifies each signature right after creation to protect -against bugs and hardware malfunctions which could leak out bits from -the secret key. This extra verification needs some time (about 115% -for DSA keys), and so this option can be used to disable it. -However, due to the fact that the signature creation needs manual -interaction, this performance penalty does not matter in most settings. - @item --auto-check-trustdb @itemx --no-auto-check-trustdb @opindex auto-check-trustdb @@ -337,7 +337,6 @@ enum cmd_and_opt_values oFixedListMode, oLegacyListMode, oNoSigCache, - oNoSigCreateCheck, oAutoCheckTrustDB, oNoAutoCheckTrustDB, oPreservePermissions, @@ -727,7 +726,6 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"), ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"), ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"), - ARGPARSE_s_n (oNoSigCreateCheck, "no-sig-create-check", "@"), ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ), ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"), ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"), @@ -2990,7 +2988,6 @@ main (int argc, char **argv) } break; case oNoSigCache: opt.no_sig_cache = 1; break; - case oNoSigCreateCheck: opt.no_sig_create_check = 1; break; case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break; case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break; case oAllowFreeformUID: opt.allow_freeform_uid = 1; break; diff --git a/g10/options.h b/g10/options.h index 465c5b215..fd2f4a2f6 100644 --- a/g10/options.h +++ b/g10/options.h @@ -191,7 +191,6 @@ struct int try_all_secrets; int no_expensive_trust_checks; int no_sig_cache; - int no_sig_create_check; int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; diff --git a/g10/sign.c b/g10/sign.c index afc117e7d..7a8d6978e 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -294,8 +294,13 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig, /* Check that the signature verification worked and nothing is * fooling us e.g. by a bug in the signature create code or by - * deliberately introduced faults. */ - if (!err && !opt.no_sig_create_check) + * deliberately introduced faults. Because Libgcrypt 1.7 does this + * for RSA internally there is no need to do it here again. */ + if (!err +#if GCRYPT_VERSION_NUMBER >= 0x010700 /* Libgcrypt >= 1.7 */ + && !is_RSA (pksk->pubkey_algo) +#endif /* Libgcrypt >= 1.7 */ + ) { PKT_public_key *pk = xmalloc_clear (sizeof *pk); |