[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.28-9-gbe34857

by Werner Koch cvs at cvs.gnupg.org
Wed Jun 17 08:40:53 CEST 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  be348579397797bdf814c41e3cbd086156f77dd6 (commit)
      from  e2eba81faea28a775cbd4fadce442f561a4e06a5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit be348579397797bdf814c41e3cbd086156f77dd6
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 17 08:37:02 2015 +0200

    gpg: Print PGP-2 fingerprint instead of all zeroes.
    
    * g10/keyid.c (fingerprint_from_pk): Allow PGP-2 fingerprints.
    * g10/keylist.c (print_fingerprint): Print a warning after a PGP-2
    fingerprint.
    --
    
    Printing all zeroes for a PGP-2 (v3 key) fingerprint has the problem
    that frontends (or the user) may use that fingerprint to lookup a key
    and gpg will return all PGP2 keys.  They may then show a different
    PGP-2 key than the one actually used for a signature.  This is worse
    than displaying a weak fingerprint.
    
    GnuPG-bug-id: 2000
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/keyid.c b/g10/keyid.c
index ef6ee1c..83020e9 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -670,7 +670,7 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len )
 
   if ( pk->version < 4 )
     {
-      if ( is_RSA(pk->pubkey_algo) && opt.flags.allow_weak_digest_algos)
+      if (is_RSA(pk->pubkey_algo))
         {
           /* RSA in version 3 packets is special. */
           gcry_md_hd_t md;
diff --git a/g10/keylist.c b/g10/keylist.c
index bb19bc3..457695b 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1590,6 +1590,14 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
         putc ('\n', fp);
     else
         tty_printf ("\n");
+
+    if (n==16 && !opt.with_colons && !opt.flags.allow_weak_digest_algos)
+      {
+        if (fp)
+          fprintf (fp, _("WARNING: a PGP-2 fingerprint is not safe\n"));
+        else
+          tty_printf (_("WARNING: a PGP-2 fingerprint is not safe\n"));
+      }
 }
 
 /* Print the serial number of an OpenPGP card if available. */

-----------------------------------------------------------------------

Summary of changes:
 g10/keyid.c   | 2 +-
 g10/keylist.c | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list