[gnupg-1.0.6] local signatures may be exportable
Thomas Roessler
roessler@does-not-exist.org
Fri Jul 27 13:44:01 2001
--QKdGvSO+nmPlgiQ/
Content-Type: multipart/mixed; boundary="7JfCtLOvnd9MIVvH"
Content-Disposition: inline
--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2001-07-27 13:06:13 +0200, Florian Weimer wrote:
>I've got a patch (against an earlier version of GnuPG) which does=20
>similar things for implementing signature expiration and notation=20
>data even with V3 issuer and signed keys. (A V4 signature is=20
>generated in this case as well.)
Like the attached patch? (I suppose expired signatures were=20
generally part of your patch. Also, the attached patch contains the=20
previous one; the new additions weren't tested.)
--=20
Thomas Roessler http://log.does-not-exist.org/
--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch.gnupg-1.0.6.tlr.rsa_lsign.2"
Content-Transfer-Encoding: quoted-printable
diff -ur gnupg-1.0.6.orig/g10/keyedit.c gnupg-1.0.6/g10/keyedit.c
--- gnupg-1.0.6.orig/g10/keyedit.c Fri Jul 27 09:35:00 2001
+++ gnupg-1.0.6/g10/keyedit.c Fri Jul 27 09:19:31 2001
@@ -367,7 +367,7 @@
node->pkt->pkt.user_id,
NULL,
sk,
- 0x10, 0,
+ 0x10, 0, local ? 4 : 0,
sign_mk_attrib,
&attrib );
if( rc ) {
@@ -1298,7 +1298,7 @@
sec_where =3D NULL;
assert(pk && sk );
=20
- rc =3D make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0,
+ rc =3D make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0,
keygen_add_std_prefs, pk );
free_secret_key( sk );
if( rc ) {
@@ -1593,11 +1593,11 @@
/* create new self signature */
if( mainkey )
rc =3D make_keysig_packet( &newsig, main_pk, uid, NULL,
- sk, 0x13, 0,
+ sk, 0x13, 0, 0,
keygen_add_std_prefs, main_pk );
else
rc =3D make_keysig_packet( &newsig, main_pk, NULL, sub_pk,
- sk, 0x18, 0,
+ sk, 0x18, 0, 0,
keygen_add_key_expire, sub_pk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n",
@@ -1917,7 +1917,7 @@
unode->pkt->pkt.user_id,
NULL,
sk,
- 0x30, 0,
+ 0x30, 0, 0,
sign_mk_attrib,
&attrib );
free_secret_key(sk);
@@ -1979,7 +1979,7 @@
=20
node->flag &=3D ~NODFLG_SELKEY;
sk =3D copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key );
- rc =3D make_keysig_packet( &sig, mainpk, NULL, subpk, sk, 0x28, 0,
+ rc =3D make_keysig_packet( &sig, mainpk, NULL, subpk, sk, 0x28, 0, 0,
sign_mk_attrib,
&attrib );
free_secret_key(sk);
diff -ur gnupg-1.0.6.orig/g10/keygen.c gnupg-1.0.6/g10/keygen.c
--- gnupg-1.0.6.orig/g10/keygen.c Fri Jul 27 09:35:00 2001
+++ gnupg-1.0.6/g10/keygen.c Fri Jul 27 09:21:48 2001
@@ -190,7 +190,7 @@
cache_public_key (pk);
=20
/* and make the signature */
- rc =3D make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0,
+ rc =3D make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0,
keygen_add_std_prefs, pk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
@@ -235,7 +235,7 @@
BUG();
=20
/* and make the signature */
- rc =3D make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0,
+ rc =3D make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0, 0,
keygen_add_key_expire, subpk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
diff -ur gnupg-1.0.6.orig/g10/packet.h gnupg-1.0.6/g10/packet.h
--- gnupg-1.0.6.orig/g10/packet.h Fri Jul 27 09:35:00 2001
+++ gnupg-1.0.6/g10/packet.h Fri Jul 27 09:17:54 2001
@@ -403,6 +403,7 @@
PKT_user_id *uid, PKT_public_key *subpk,
PKT_secret_key *sk,
int sigclass, int digest_algo,
+ int sig_version,
int (*mksubpkt)(PKT_signature *, void *),
void *opaque );
=20
diff -ur gnupg-1.0.6.orig/g10/revoke.c gnupg-1.0.6/g10/revoke.c
--- gnupg-1.0.6.orig/g10/revoke.c Fri Jul 27 09:35:00 2001
+++ gnupg-1.0.6/g10/revoke.c Fri Jul 27 09:21:06 2001
@@ -191,7 +191,7 @@
iobuf_push_filter( out, armor_filter, &afx );
=20
/* create it */
- rc =3D make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0,
+ rc =3D make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0, 0,
revocation_reason_build_cb,
reason );
if( rc ) {
diff -ur gnupg-1.0.6.orig/g10/sign.c gnupg-1.0.6/g10/sign.c
--- gnupg-1.0.6.orig/g10/sign.c Fri Jul 27 09:35:00 2001
+++ gnupg-1.0.6/g10/sign.c Fri Jul 27 13:30:32 2001
@@ -504,6 +504,10 @@
/* fixme: this code is partly duplicated in make_keysig_packet */
sig =3D m_alloc_clear( sizeof *sig );
sig->version =3D old_style || opt.force_v3_sigs ? 3 : sk->version;
+ =20
+ if( !opt.force_v3_sigs && sig->version < 4 && (opt.notation_data |=
| opt.set_policy_url) )
+ sig->version =3D 4;
+ =20
keyid_from_sk( sk, sig->keyid );
sig->digest_algo =3D hash_for(sk->pubkey_algo, sk->version);
sig->pubkey_algo =3D sk->pubkey_algo;
@@ -709,6 +713,11 @@
/* fixme: this code is duplicated above */
sig =3D m_alloc_clear( sizeof *sig );
sig->version =3D old_style || opt.force_v3_sigs ? 3 : sk->version;
+ =20
+ if( !opt.force_v3_sigs && sig->version < 4 && (opt.notation_data |=
| opt.set_policy_url) )
+ sig->version =3D 4;
+
+ =20
keyid_from_sk( sk, sig->keyid );
sig->digest_algo =3D hash_for(sk->pubkey_algo, sk->version);
sig->pubkey_algo =3D sk->pubkey_algo;
@@ -802,6 +811,7 @@
PKT_user_id *uid, PKT_public_key *subpk,
PKT_secret_key *sk,
int sigclass, int digest_algo,
+ int sig_version,
int (*mksubpkt)(PKT_signature *, void *), void *opaque
)
{
@@ -812,6 +822,12 @@
assert( (sigclass >=3D 0x10 && sigclass <=3D 0x13)
|| sigclass =3D=3D 0x20 || sigclass =3D=3D 0x18
|| sigclass =3D=3D 0x30 || sigclass =3D=3D 0x28 );
+
+ if( sig_version < 4 && (opt.set_policy_url || opt.notation_data ))
+ sig_version =3D 4;
+ if( sk->version > sig_version )
+ sig_version =3D sk->version;
+
if( !digest_algo ) {
switch( sk->pubkey_algo ) {
case PUBKEY_ALGO_DSA: digest_algo =3D DIGEST_ALGO_SHA1; break;
@@ -828,7 +844,7 @@
hash_public_key( md, subpk );
}
else if( sigclass !=3D 0x20 ) {
- if( sk->version >=3D4 ) {
+ if( sig_version >=3D4 ) {
byte buf[5];
buf[0] =3D 0xb4; /* indicates a userid packet */
buf[1] =3D uid->len >> 24; /* always use 4 length bytes */
@@ -841,7 +857,7 @@
}
/* and make the signature packet */
sig =3D m_alloc_clear( sizeof *sig );
- sig->version =3D sk->version;
+ sig->version =3D sig_version;
keyid_from_sk( sk, sig->keyid );
sig->pubkey_algo =3D sk->pubkey_algo;
sig->digest_algo =3D digest_algo;
--7JfCtLOvnd9MIVvH--
--QKdGvSO+nmPlgiQ/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
iQEVAwUBO2FS69ImKUTOasbBAQKUIggArtES2esSWyvNmpTfu25ICDnsYcsNfYxt
mDdx/hnjbYrHvD5cfMRGpVcN3PQjpOYnRz40OjbGNDlSRNMWByg9WtG71h7MZgqS
ZCWiGik577BmmkDxBDDNm4bjm7WM5gwW19kerudjH7cGqjHwTyyhWVF6MwJYY8yQ
z4uhQorM4vFMkZSy4NUVe+0UFU9MZYBfyXwwav4W2gAFhmYlKVn36cCj/DBW5dlw
DQGJsv94uAHadVgHbHyrl4AaFMx1lGrOSE3MTEOOzo3YqE/BrSMYWQplyS/IZovo
yxUjMNWdc4h1Nsho5AvwVqT23sJUZ+GsickizF0y9qTFfRgIm3JQEA==
=zJF0
-----END PGP SIGNATURE-----
--QKdGvSO+nmPlgiQ/--