[git] GnuPG - branch, master, updated. gnupg-2.1.15-376-g43bfaf2
by Werner Koch
cvs at cvs.gnupg.org
Wed Nov 16 09:05:41 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 43bfaf2c5417ede621c0a07721952ea549a7a139 (commit)
from 500e594c2da530e69a63fc1a40d173458682fa0e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 43bfaf2c5417ede621c0a07721952ea549a7a139
Author: Werner Koch <wk at gnupg.org>
Date: Wed Nov 16 09:02:53 2016 +0100
gpg: New option --override-session-key-fd.
* g10/gpg.c (oOverrideSessionKeyFD): New.
(opts): Add option --override-session-key-fd.
(main): Handle that option.
(read_sessionkey_from_fd): New.
--
The override-session-key feature was designed to mitigate the effect
of the British RIP act by allowing to keep the private key private and
hand out only a session key. For that use case the leaking of the
session key would not be a problem. However there are other use
cases, for example fast re-decryption after an initial decryption,
which would benefit from concealing the session key from other users.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index aff3aeb..c69e512 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3118,13 +3118,17 @@ inappropriate plaintext so they can take action against the offending
user.
@item --override-session-key @code{string}
+ at itemx --override-session-key-fd @code{fd}
@opindex override-session-key
-Don't use the public key but the session key @code{string}. The format
-of this string is the same as the one printed by
- at option{--show-session-key}. This option is normally not used but comes
-handy in case someone forces you to reveal the content of an encrypted
-message; using this option you can do this without handing out the
-secret key.
+Don't use the public key but the session key @code{string} respective
+the session key taken from the first line read from file descriptor
+ at code{fd}. The format of this string is the same as the one printed
+by @option{--show-session-key}. This option is normally not used but
+comes handy in case someone forces you to reveal the content of an
+encrypted message; using this option you can do this without handing
+out the secret key. Note that using @option{--override-session-key}
+may reveal the session key to all local users via the global process
+table.
@item --ask-sig-expire
@itemx --no-ask-sig-expire
diff --git a/g10/gpg.c b/g10/gpg.c
index 495356c..c54facb 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -343,6 +343,7 @@ enum cmd_and_opt_values
oIgnoreMDCError,
oShowSessionKey,
oOverrideSessionKey,
+ oOverrideSessionKeyFD,
oNoRandomSeedFile,
oAutoKeyRetrieve,
oNoAutoKeyRetrieve,
@@ -776,6 +777,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
+ ARGPARSE_s_i (oOverrideSessionKeyFD, "override-session-key-fd", "@"),
ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
@@ -919,6 +921,7 @@ static void add_notation_data( const char *string, int which );
static void add_policy_url( const char *string, int which );
static void add_keyserver_url( const char *string, int which );
static void emergency_cleanup (void);
+static void read_sessionkey_from_fd (int fd);
static char *
@@ -2262,6 +2265,7 @@ main (int argc, char **argv)
int eyes_only=0;
int multifile=0;
int pwfd = -1;
+ int ovrseskeyfd = -1;
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
int any_explicit_recipient = 0;
int require_secmem = 0;
@@ -3289,6 +3293,9 @@ main (int argc, char **argv)
case oOverrideSessionKey:
opt.override_session_key = pargs.r.ret_str;
break;
+ case oOverrideSessionKeyFD:
+ ovrseskeyfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
+ break;
case oMergeOnly:
deprecated_warning(configname,configlineno,"--merge-only",
"--import-options ","merge-only");
@@ -3856,8 +3863,11 @@ main (int argc, char **argv)
g10_exit(0);
- if( pwfd != -1 ) /* Read the passphrase now. */
- read_passphrase_from_fd( pwfd );
+ if (pwfd != -1) /* Read the passphrase now. */
+ read_passphrase_from_fd (pwfd);
+
+ if (ovrseskeyfd != -1 ) /* Read the sessionkey now. */
+ read_sessionkey_from_fd (ovrseskeyfd);
fname = argc? *argv : NULL;
@@ -5212,3 +5222,34 @@ add_keyserver_url( const char *string, int which )
if(critical)
sl->flags |= 1;
}
+
+
+static void
+read_sessionkey_from_fd (int fd)
+{
+ int i, len;
+ char *line;
+
+ for (line = NULL, i = len = 100; ; i++ )
+ {
+ if (i >= len-1 )
+ {
+ char *tmp = line;
+ len += 100;
+ line = xmalloc_secure (len);
+ if (tmp)
+ {
+ memcpy (line, tmp, i);
+ xfree (tmp);
+ }
+ else
+ i=0;
+ }
+ if (read (fd, line + i, 1) != 1 || line[i] == '\n')
+ break;
+ }
+ line[i] = 0;
+ log_debug ("seskey: %s\n", line);
+ gpgrt_annotate_leaked_object (line);
+ opt.override_session_key = line;
+}
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 16 ++++++++++------
g10/gpg.c | 45 +++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 53 insertions(+), 8 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list