gpg: Allow updating a SHA-1 key certification w/o --force-sign-key.

* g10/keyedit.c (sign_uids): Add a case for this. -- GnuPG-bug-id: 7663
author: Werner Koch <[email protected]> 2025-05-28 08:39:17 +0000
committer: Werner Koch <[email protected]> 2025-05-28 08:41:32 +0000
commit: 15a71f108d9eb25b2cfd8c190b9514c1a21e1c48 (patch)
tree: 538086c80d73e417a788c41c6732f93d9ae89e6d /g10/keyedit.c
parent: doc: Minor speedo build clarification (diff)
download: gnupg-15a71f108d9eb25b2cfd8c190b9514c1a21e1c48.tar.gz
gnupg-15a71f108d9eb25b2cfd8c190b9514c1a21e1c48.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 1f3f8f3b3..eebeecfcd 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -855,7 +855,16 @@ sign_uids (ctrl_t ctrl, estream_t fp,
                                 _("\"%s\" was already signed by key %s\n"),
 				user, keystr_from_pk (pk));
 
-		  if (opt.flags.force_sign_key
+                  if (node->pkt->pkt.signature->digest_algo
+                      == DIGEST_ALGO_SHA1
+                      && !opt.flags.allow_weak_key_signatures)
+                    {
+                      /* Allow updating a signature to a stronger
+                       * digest algorithm without an extra option.  */
+		      xfree (user);
+		      continue;
+                    }
+		  else if (opt.flags.force_sign_key
                       || (opt.expert && !(flags & SIGN_UIDS_QUICK)
                           && cpr_get_answer_is_yes ("sign_uid.dupe_okay",
                                                     _("Do you want to sign it "
author	Werner Koch <[email protected]>	2025-05-28 08:39:17 +0000
committer	Werner Koch <[email protected]>	2025-05-28 08:41:32 +0000
commit	15a71f108d9eb25b2cfd8c190b9514c1a21e1c48 (patch)
tree	538086c80d73e417a788c41c6732f93d9ae89e6d /g10/keyedit.c
parent	doc: Minor speedo build clarification (diff)
download	gnupg-15a71f108d9eb25b2cfd8c190b9514c1a21e1c48.tar.gz gnupg-15a71f108d9eb25b2cfd8c190b9514c1a21e1c48.zip