diff options
| author | Werner Koch <wk@gnupg.org> | 2013-10-04 13:44:39 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2014-03-07 10:14:05 +0100 |
| commit | db1f74ba5338f624f146a3cb41a346e46b15c8f9 (patch) | |
| tree | 29852506d1074216fa8bf3c031a4053b8705c579 /g10/options.h | |
| parent | agent: Fix UPDATESTARTUPTTY for ssh. (diff) | |
| download | gnupg2-db1f74ba5338f624f146a3cb41a346e46b15c8f9.tar.xz gnupg2-db1f74ba5338f624f146a3cb41a346e46b15c8f9.zip | |
gpg: Protect against rogue keyservers sending secret keys.
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--
By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id. The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.
Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e7abed3448c1c1a4e756c12f95b665b517d22ebe)
Resolved conflicts:
g10/import.c
g10/keyserver.c
Diffstat (limited to 'g10/options.h')
| -rw-r--r-- | g10/options.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/g10/options.h b/g10/options.h index 15ae4126b..47b8bfb29 100644 --- a/g10/options.h +++ b/g10/options.h @@ -324,6 +324,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define IMPORT_MERGE_ONLY (1<<4) #define IMPORT_MINIMAL (1<<5) #define IMPORT_CLEAN (1<<6) +#define IMPORT_NO_SECKEY (1<<7) #define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_ATTRIBUTES (1<<1) |