[gnupg-1.0.6] local signatures may be exportable
Thomas Roessler
roessler@does-not-exist.org
Fri Jul 27 09:53:01 2001
--DSayHWYpDlRfCAAQ
Content-Type: multipart/mixed; boundary="rS8CxjVDS/+yyDmU"
Content-Disposition: inline
--rS8CxjVDS/+yyDmU
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
When you sign a (public key, user ID) couple using a V3 RSA key,=20
gnupg will create a V3 signature. This includes the case of local=20
signatures. Bad enough, there is no such concept as a local V3=20
signature, which implies that using "lsign" with a V3 RSA key is=20
equivalent to "sign", and produces an exportable(!) signature.
This, in turn, can lead to considerable embarrassment (and loss of=20
reputation) of the signer, and to bad judgement by others who rely=20
on such signatures.
The attached patch fixes this problem by adding a minimum version=20
parameter to make_keysig_packet(), and makes sure that local=20
signatures are always at least V4.
Note that this patch does not introduce any interoperability=20
problems or noncompliance with the spec since, by definition, local=20
signatures should never be seen on the wire.
--=20
Thomas Roessler http://log.does-not-exist.org/
--rS8CxjVDS/+yyDmU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch.gnupg-1.0.6.tlr.rsa_lsign.1"
Content-Transfer-Encoding: quoted-printable
diff -ur gnupg-1.0.6.orig/g10/keyedit.c gnupg-1.0.6/g10/keyedit.c
--- gnupg-1.0.6.orig/g10/keyedit.c Fri May 25 08:58:51 2001
+++ gnupg-1.0.6/g10/keyedit.c Fri Jul 27 09:19:31 2001
@@ -367,7 +367,7 @@
node->pkt->pkt.user_id,
NULL,
sk,
- 0x10, 0,
+ 0x10, 0, local ? 4 : 0,
sign_mk_attrib,
&attrib );
if( rc ) {
@@ -1298,7 +1298,7 @@
sec_where =3D NULL;
assert(pk && sk );
=20
- rc =3D make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0,
+ rc =3D make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0,
keygen_add_std_prefs, pk );
free_secret_key( sk );
if( rc ) {
@@ -1593,11 +1593,11 @@
/* create new self signature */
if( mainkey )
rc =3D make_keysig_packet( &newsig, main_pk, uid, NULL,
- sk, 0x13, 0,
+ sk, 0x13, 0, 0,
keygen_add_std_prefs, main_pk );
else
rc =3D make_keysig_packet( &newsig, main_pk, NULL, sub_pk,
- sk, 0x18, 0,
+ sk, 0x18, 0, 0,
keygen_add_key_expire, sub_pk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n",
@@ -1917,7 +1917,7 @@
unode->pkt->pkt.user_id,
NULL,
sk,
- 0x30, 0,
+ 0x30, 0, 0,
sign_mk_attrib,
&attrib );
free_secret_key(sk);
@@ -1979,7 +1979,7 @@
=20
node->flag &=3D ~NODFLG_SELKEY;
sk =3D copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key );
- rc =3D make_keysig_packet( &sig, mainpk, NULL, subpk, sk, 0x28, 0,
+ rc =3D make_keysig_packet( &sig, mainpk, NULL, subpk, sk, 0x28, 0, 0,
sign_mk_attrib,
&attrib );
free_secret_key(sk);
diff -ur gnupg-1.0.6.orig/g10/keygen.c gnupg-1.0.6/g10/keygen.c
--- gnupg-1.0.6.orig/g10/keygen.c Tue May 29 08:32:11 2001
+++ gnupg-1.0.6/g10/keygen.c Fri Jul 27 09:21:48 2001
@@ -190,7 +190,7 @@
cache_public_key (pk);
=20
/* and make the signature */
- rc =3D make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0,
+ rc =3D make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0,
keygen_add_std_prefs, pk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
@@ -235,7 +235,7 @@
BUG();
=20
/* and make the signature */
- rc =3D make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0,
+ rc =3D make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0, 0,
keygen_add_key_expire, subpk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
diff -ur gnupg-1.0.6.orig/g10/packet.h gnupg-1.0.6/g10/packet.h
--- gnupg-1.0.6.orig/g10/packet.h Sun May 27 16:08:48 2001
+++ gnupg-1.0.6/g10/packet.h Fri Jul 27 09:17:54 2001
@@ -403,6 +403,7 @@
PKT_user_id *uid, PKT_public_key *subpk,
PKT_secret_key *sk,
int sigclass, int digest_algo,
+ int sig_version,
int (*mksubpkt)(PKT_signature *, void *),
void *opaque );
=20
diff -ur gnupg-1.0.6.orig/g10/revoke.c gnupg-1.0.6/g10/revoke.c
--- gnupg-1.0.6.orig/g10/revoke.c Fri May 25 08:58:52 2001
+++ gnupg-1.0.6/g10/revoke.c Fri Jul 27 09:21:06 2001
@@ -191,7 +191,7 @@
iobuf_push_filter( out, armor_filter, &afx );
=20
/* create it */
- rc =3D make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0,
+ rc =3D make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0, 0,
revocation_reason_build_cb,
reason );
if( rc ) {
diff -ur gnupg-1.0.6.orig/g10/sign.c gnupg-1.0.6/g10/sign.c
--- gnupg-1.0.6.orig/g10/sign.c Tue Mar 27 16:23:03 2001
+++ gnupg-1.0.6/g10/sign.c Fri Jul 27 09:17:18 2001
@@ -802,6 +802,7 @@
PKT_user_id *uid, PKT_public_key *subpk,
PKT_secret_key *sk,
int sigclass, int digest_algo,
+ int sig_version,
int (*mksubpkt)(PKT_signature *, void *), void *opaque
)
{
@@ -812,6 +813,10 @@
assert( (sigclass >=3D 0x10 && sigclass <=3D 0x13)
|| sigclass =3D=3D 0x20 || sigclass =3D=3D 0x18
|| sigclass =3D=3D 0x30 || sigclass =3D=3D 0x28 );
+
+ if( sk->version > sig_version )
+ sig_version =3D sk->version;
+
if( !digest_algo ) {
switch( sk->pubkey_algo ) {
case PUBKEY_ALGO_DSA: digest_algo =3D DIGEST_ALGO_SHA1; break;
@@ -828,7 +833,7 @@
hash_public_key( md, subpk );
}
else if( sigclass !=3D 0x20 ) {
- if( sk->version >=3D4 ) {
+ if( sig_version >=3D4 ) {
byte buf[5];
buf[0] =3D 0xb4; /* indicates a userid packet */
buf[1] =3D uid->len >> 24; /* always use 4 length bytes */
@@ -841,7 +846,7 @@
}
/* and make the signature packet */
sig =3D m_alloc_clear( sizeof *sig );
- sig->version =3D sk->version;
+ sig->version =3D sig_version;
keyid_from_sk( sk, sig->keyid );
sig->pubkey_algo =3D sk->pubkey_algo;
sig->digest_algo =3D digest_algo;
--rS8CxjVDS/+yyDmU--
--DSayHWYpDlRfCAAQ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
iQEVAwUBO2EctdImKUTOasbBAQJu2gf+IRlnQHy/vvQ7KGZIbZk3kAcqQEKWtl8C
6JU6owPknYpaI+C643cxyWvC88odFCDsqkNX02IOC0qMPPdRLnV4TueRjw6/Xl5A
c+CeqVgK+oILL7l0eoAXBe5pJCTBw5NzVXlstDp/6Ia9+7iqQVMhTZw/MYJ1p3m9
qvs7L/gvxQpTPaAYFSuQUYR3M7ucss/SuVid9HHm/723d5r2tnypWgoCdHdunocv
D0iR/hz3qY7FeFNYjbFROuMMmPJWFgPVtY1ZfXEFI7x7kXxfo/G3JZ/vtGloGFfv
VCzBu9O9k/VBRh2n/RRi9GGti53gxtT8/xY+us/ksF6q3cB2hhsLjQ==
=cl2S
-----END PGP SIGNATURE-----
--DSayHWYpDlRfCAAQ--