summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/gpg.texi19
-rw-r--r--g10/gpg.c8
-rw-r--r--g10/main.h1
-rw-r--r--g10/misc.c18
-rw-r--r--g10/options.h1
-rw-r--r--g10/sig-check.c4
6 files changed, 45 insertions, 6 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 450e521dc..674c4c6ba 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -113,9 +113,12 @@ only one command is allowed. Generally speaking, irrelevant options
are silently ignored, and may not be checked for correctness.
@command{@gpgname} may be run with no commands. In this case it will
-perform a reasonable action depending on the type of file it is given
-as input (an encrypted message is decrypted, a signature is verified,
-a file containing keys is listed, etc.).
+print a warning perform a reasonable action depending on the type of
+file it is given as input (an encrypted message is decrypted, a
+signature is verified, a file containing keys is listed, etc.).
+
+If you run into any problems, please add the option @option{--verbose}
+to the invocation to see more diagnostics.
@menu
@@ -2387,10 +2390,10 @@ opposite meaning. The options are:
@item self-sigs-only
Accept only self-signatures while importing a key. All other
- key-signatures are skipped at an early import stage. This option
+ key signatures are skipped at an early import stage. This option
can be used with @code{keyserver-options} to mitigate attempts to
flood a key with bogus signatures from a keyserver. The drawback is
- that all other valid key-signatures, as required by the Web of Trust
+ that all other valid key signatures, as required by the Web of Trust
are also not imported.
@item repair-keys
@@ -3340,6 +3343,12 @@ weak. See also @option{--allow-weak-digest-algos} to disable
rejection of weak digests. MD5 is always considered weak, and does
not need to be listed explicitly.
+@item --allow-weak-key-signatures
+@opindex allow-weak-key-signatures
+To avoid a minor risk of collision attacks on third-party key
+signatures made using SHA-1, those key signatures are considered
+invalid. This options allows to override this restriction.
+
@item --no-default-keyring
@opindex no-default-keyring
Do not add the default keyrings to the list of keyrings. Note that
diff --git a/g10/gpg.c b/g10/gpg.c
index 332b46e39..2eb4fd51d 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -414,6 +414,7 @@ enum cmd_and_opt_values
oEnableDSA2,
oDisableDSA2,
oAllowWeakDigestAlgos,
+ oAllowWeakKeySignatures,
oFakedSystemTime,
oNoAutostart,
oPrintPKARecords,
@@ -902,6 +903,9 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoSymkeyCache, "no-symkey-cache", "@"),
ARGPARSE_s_n (oUseKeyboxd, "use-keyboxd", "@"),
+ /* Options to override new security defaults. */
+ ARGPARSE_s_n (oAllowWeakKeySignatures, "allow-weak-key-signatures", "@"),
+
/* Options which can be used in special circumstances. They are not
* published and we hope they are never required. */
ARGPARSE_s_n (oUseOnlyOpenPGPCard, "use-only-openpgp-card", "@"),
@@ -3639,6 +3643,10 @@ main (int argc, char **argv)
opt.flags.allow_weak_digest_algos = 1;
break;
+ case oAllowWeakKeySignatures:
+ opt.flags.allow_weak_key_signatures = 1;
+ break;
+
case oFakedSystemTime:
{
size_t len = strlen (pargs.r.ret_str);
diff --git a/g10/main.h b/g10/main.h
index 981315a4a..2001c8646 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -101,6 +101,7 @@ void print_pubkey_algo_note (pubkey_algo_t algo);
void print_cipher_algo_note (cipher_algo_t algo);
void print_digest_algo_note (digest_algo_t algo);
void print_digest_rejected_note (enum gcry_md_algos algo);
+void print_sha1_keysig_rejected_note (void);
void print_reported_error (gpg_error_t err, gpg_err_code_t skip_if_ec);
void print_further_info (const char *format, ...) GPGRT_ATTR_PRINTF(1,2);
void additional_weak_digest (const char* digestname);
diff --git a/g10/misc.c b/g10/misc.c
index d4ceb4db6..07ce1d41d 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -362,6 +362,24 @@ print_digest_rejected_note (enum gcry_md_algos algo)
}
+void
+print_sha1_keysig_rejected_note (void)
+{
+ static int shown;
+
+ if (shown)
+ return;
+
+ shown = 1;
+ es_fflush (es_stdout);
+ log_info (_("Note: third-party key signatures using"
+ " the %s algorithm are rejected\n"),
+ gcry_md_algo_name (GCRY_MD_SHA1));
+ print_further_info ("use option \"%s\" to override",
+ "--allow-weak-key-signatures");
+}
+
+
/* Print a message
* "(reported error: %s)\n
* in verbose mode to further explain an error. If the error code has
diff --git a/g10/options.h b/g10/options.h
index 26c8439b6..339804f59 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -246,6 +246,7 @@ struct
unsigned int utf8_filename:1;
unsigned int dsa2:1;
unsigned int allow_weak_digest_algos:1;
+ unsigned int allow_weak_key_signatures:1;
unsigned int large_rsa:1;
unsigned int disable_signer_uid:1;
/* Flag to enable experimental features from RFC4880bis. */
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 3d8ed20f2..8a46f7653 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -1012,12 +1012,14 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
else if (IS_UID_SIG (sig) || IS_UID_REV (sig))
{
log_assert (packet->pkttype == PKT_USER_ID);
- if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig)
+ if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
+ && !opt.flags.allow_weak_key_signatures)
{
/* If the signature was created using SHA-1 we consider this
* signature invalid because it makes it possible to mount a
* chosen-prefix collision. We don't do this for
* self-signatures, though. */
+ print_sha1_keysig_rejected_note ();
rc = gpg_error (GPG_ERR_DIGEST_ALGO);
}
else