Minor bug in --pgp6 option
anon4321 at comcast.net
anon4321 at comcast.net
Tue Jul 28 19:35:20 CEST 2009
I checked the source of gnppg 1.4.9 and 2.0.12 and both seem to be missing some settings when the --pgp6 option is used.
In the if statement at line 3089 of the 2.0.12 version of g10\gpg.c, some options don't seem to be set as described in the manual:
else if (PGP6)
{
opt.escape_from=1;
opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
}
else if (PGP7)
{
opt.escape_from=1;
opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
}
The manual describes the --pgp6 and --pgp7 options as:
--pgp6
Set up all options to be as PGP 6 compliant as possible. This restricts you
to the ciphers IDEA (if the IDEA plugin is installed), 3DES, and CAST5, the
hashes MD5, SHA1 and RIPEMD160, and the compression algorithms none
and ZIP. This also disables –throw-keyids, and making signatures with signing
subkeys as PGP 6 does not understand signatures made by signing subkeys.
This option implies ‘ --disable-mdc --no-sk-comment --escape-from-lines
--force-v3-sigs ’.
--pgp7
Set up all options to be as PGP 7 compliant as possible. This is identical to
‘ --pgp6 ’ except that MDCs are not disabled, and the list of allowable ciphers
is expanded to add AES128, AES192, AES256, and TWOFISH.
So from the manual, the if statement should at least be:
else if (PGP6)
{
opt.disable_mdc=1; /* Bug fix. */
opt.escape_from=1;
opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
}
else if (PGP7)
{
opt.escape_from=1;
opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090728/e1f08d6c/attachment.htm>
More information about the Gnupg-devel
mailing list