summaryrefslogtreecommitdiffstats
path: root/g10/keyid.c
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2014-10-12 20:07:12 +0200
committerWerner Koch <wk@gnupg.org>2014-10-17 13:32:16 +0200
commit8fd150b05b744fe9465057c12529d5e6b6b02785 (patch)
tree4d6618ea951982d704277815cf922a175eb1428f /g10/keyid.c
parentdirmngr: Minor usage output fix. (diff)
downloadgnupg2-8fd150b05b744fe9465057c12529d5e6b6b02785.tar.xz
gnupg2-8fd150b05b744fe9465057c12529d5e6b6b02785.zip
gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys. * g10/parse-packet.c (read_protected_v3_mpi): Remove. (parse_key): Remove support for v3-keys. Add dedicated warnings for v3-key packets. * g10/keyid.c (hash_public_key): Remove v3-key support. (keyid_from_pk): Ditto. (fingerprint_from_pk): Ditto. * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs. * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs, oForceV4Certs, oNoForceV4Certs. (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs, --no-force-v4-certs int dummy options. (main): Remove setting of the force_v3_sigs force_v4_certs flags. * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs. * g10/sign.c (hash_uid): Remove support for v3-signatures (hash_sigversion_to_magic): Ditto. (only_old_style): Remove this v3-key function. (write_signature_packets): Remove support for creating v3-signatures. (sign_file): Ditto. (sign_symencrypt_file): Ditto. (clearsign_file): Ditto. Remove code to emit no Hash armor line if only v3-keys are used. (make_keysig_packet): Remove arg SIGVERSION and force using v4-signatures. Change all callers to not pass a value for this arg. Remove all v3-key related code. (update_keysig_packet): Remove v3-signature support. * g10/keyedit.c (sign_uids): Always create v4-signatures. * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and change caller. -- v3 keys are deprecated for about 15 years and due the severe weaknesses of MD5 it does not make any sense to keep code around to use these old and broken keys. Users who need to decrypt old messages should use gpg 1.4 and best re-encrypt them to modern standards. verification of old (i.e. PGP2) created signatures is thus also not anymore possible but such signatures have no values anyway - MD5 is just too broken. We have also kept support for v3 signatures until now. With the removal of support for v3 keys it is questionable whether it makes any sense to keep support for v3-signatures. What we do now is to keep support for verification of v3-signatures but we force the use of v4-signatures. The latter makes the --pgp6 and --pgp7 switch a bit obsolete because those PGP versions require v3-signatures for messages. These versions of PGP are also really old and not anymore maintained so they have not received any bug fixes and should not be used anyway. Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/keyid.c')
-rw-r--r--g10/keyid.c96
1 files changed, 12 insertions, 84 deletions
diff --git a/g10/keyid.c b/g10/keyid.c
index 8b4eeb1f2..662806b3e 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -147,10 +147,6 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
size_t nbytes;
int npkey = pubkey_get_npkey (pk->pubkey_algo);
- /* Two extra bytes for the expiration date in v3 */
- if(pk->version<4)
- n+=2;
-
/* FIXME: We can avoid the extra malloc by calling only the first
mpi_print here which computes the required length and calling the
real mpi_print only at the end. The speed advantage would only be
@@ -211,16 +207,6 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
gcry_md_putc ( md, pk->timestamp >> 8 );
gcry_md_putc ( md, pk->timestamp );
- if(pk->version<4)
- {
- u16 days=0;
- if(pk->expiredate)
- days=(u16)((pk->expiredate - pk->timestamp) / 86400L);
-
- gcry_md_putc ( md, days >> 8 );
- gcry_md_putc ( md, days );
- }
-
gcry_md_putc ( md, pk->pubkey_algo );
if(npkey==0 && pk->pkey[0]
@@ -432,18 +418,6 @@ keyid_from_pk (PKT_public_key *pk, u32 *keyid)
keyid[1] = pk->keyid[1];
lowbits = keyid[1];
}
- else if( pk->version < 4 )
- {
- if( is_RSA(pk->pubkey_algo) )
- {
- lowbits = (pubkey_get_npkey (pk->pubkey_algo) ?
- v3_keyid ( pk->pkey[0], keyid ) : 0); /* From n. */
- pk->keyid[0] = keyid[0];
- pk->keyid[1] = keyid[1];
- }
- else
- pk->keyid[0]=pk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF;
- }
else
{
const byte *dp;
@@ -706,66 +680,20 @@ colon_expirestr_from_sig (PKT_signature *sig)
byte *
fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
{
- byte *buf;
const byte *dp;
- size_t len, nbytes;
- int i;
-
- if ( pk->version < 4 )
- {
- if ( is_RSA(pk->pubkey_algo) )
- {
- /* RSA in version 3 packets is special. */
- gcry_md_hd_t md;
-
- if (gcry_md_open (&md, DIGEST_ALGO_MD5, 0))
- BUG ();
- if ( pubkey_get_npkey (pk->pubkey_algo) > 1 )
- {
- for (i=0; i < 2; i++)
- {
- if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0,
- &nbytes, pk->pkey[i]))
- BUG ();
- /* fixme: Better allocate BUF on the stack */
- buf = xmalloc (nbytes);
- if (gcry_mpi_print (GCRYMPI_FMT_USG, buf, nbytes,
- NULL, pk->pkey[i]))
- BUG ();
- gcry_md_write (md, buf, nbytes);
- xfree (buf);
- }
- }
- gcry_md_final (md);
- if (!array)
- array = xmalloc (16);
- len = 16;
- memcpy (array, gcry_md_read (md, DIGEST_ALGO_MD5), 16);
- gcry_md_close(md);
- }
- else
- {
- if (!array)
- array = xmalloc(16);
- len = 16;
- memset (array,0,16);
- }
- }
- else
- {
- gcry_md_hd_t md;
+ size_t len;
+ gcry_md_hd_t md;
- md = do_fingerprint_md(pk);
- dp = gcry_md_read( md, 0 );
- len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
- assert( len <= MAX_FINGERPRINT_LEN );
- if (!array)
- array = xmalloc ( len );
- memcpy (array, dp, len );
- pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
- pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
- gcry_md_close( md);
- }
+ md = do_fingerprint_md(pk);
+ dp = gcry_md_read( md, 0 );
+ len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
+ assert( len <= MAX_FINGERPRINT_LEN );
+ if (!array)
+ array = xmalloc ( len );
+ memcpy (array, dp, len );
+ pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
+ pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
+ gcry_md_close( md);
if (ret_len)
*ret_len = len;