diff options
| author | Werner Koch <wk@gnupg.org> | 2019-11-07 10:36:17 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2019-11-07 10:36:17 +0100 |
| commit | e624c41dbafd33af82c1153188d14de72fcc7cd8 (patch) | |
| tree | 2c0af29b948eeebbdc3667d7859f4f01417c03fb /g10/sig-check.c | |
| parent | gpg: Print rfc4880bis note only in verbose mode. (diff) | |
| download | gnupg2-e624c41dbafd33af82c1153188d14de72fcc7cd8.tar.xz gnupg2-e624c41dbafd33af82c1153188d14de72fcc7cd8.zip | |
gpg: Add option --allow-weak-key-signatures.
* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
* g10/misc.c (print_sha1_keysig_rejected_note): New.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/sig-check.c')
| -rw-r--r-- | g10/sig-check.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c index 3d8ed20f2..8a46f7653 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -1012,12 +1012,14 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, else if (IS_UID_SIG (sig) || IS_UID_REV (sig)) { log_assert (packet->pkttype == PKT_USER_ID); - if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig) + if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig + && !opt.flags.allow_weak_key_signatures) { /* If the signature was created using SHA-1 we consider this * signature invalid because it makes it possible to mount a * chosen-prefix collision. We don't do this for * self-signatures, though. */ + print_sha1_keysig_rejected_note (); rc = gpg_error (GPG_ERR_DIGEST_ALGO); } else |