gpg: Remove all support for v3 keys and always create v4-signatures.

* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys.  Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.

* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto.  Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures.  Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.

* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--

v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys.  Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.

We have also kept support for v3 signatures until now.  With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures.  What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages.  These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 7 insertions, 11 deletions

diff --git a/g10/revoke.c b/g10/revoke.c
index 81b5d6de5..6b9e709fe 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -338,7 +338,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
 
 	    /* create it */
 	    rc = make_keysig_packet( &sig, pk, NULL, NULL, pk2, 0x20, 0,
-				     0, 0, 0,
+				     0, 0,
 				     revocation_reason_build_cb, reason,
                                      NULL);
 	    if( rc ) {
@@ -465,7 +465,6 @@ create_revocation (const char *filename,
   push_armor_filter (afx, out);
 
   rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0,
-                           opt.force_v4_certs? 4:0,
                            0, 0,
                            revocation_reason_build_cb, reason, cache_nonce);
   if (rc)
@@ -649,16 +648,13 @@ gen_revoke (const char *uname)
       goto leave;
     }
 
-  if (psk->version >= 4 || opt.force_v4_certs)
+  /* Get the reason for the revocation.  */
+  reason = ask_revocation_reason (1, 0, 1);
+  if (!reason)
     {
-      /* Get the reason for the revocation.  */
-      reason = ask_revocation_reason (1, 0, 1);
-      if (!reason)
-        {
-          /* user decided to cancel */
-          rc = 0;
-          goto leave;
-        }
+      /* User decided to cancel.  */
+      rc = 0;
+      goto leave;
     }
 
   if (!opt.armor)