--pgp2 option

David Shaw dshaw at jabberwocky.com
Fri Nov 16 21:29:01 CET 2001 

Here's a --pgp2 command line option.  With all of the repeated
questions on various mailing lists and people getting confused, I
think this should help reduce the number of times the PGP 2 question
gets asked.

The big difference between this and the "--rfc1991 --cipher-algo idea
--compress-algo 1" solution in the HOWTO is that with --pgp2 set,
GnuPG will return an error if the user tries to do something that will
not work with PGP 2.x.  Errors are returned for using a pipe instead
of a filename as well as trying to encrypt to a non V3 or non-RSA key.

ChangeLog attached as well :)

David

-- 
   David Shaw  |  dshaw at jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson
-------------- next part --------------
Index: ChangeLog
===================================================================
RCS file: /cvs/gnupg/gnupg/g10/ChangeLog,v
retrieving revision 1.162.2.170
diff -u -r1.162.2.170 ChangeLog
--- ChangeLog	2001/11/09 09:36:22	1.162.2.170
+++ ChangeLog	2001/11/16 20:26:20
@@ -1,3 +1,14 @@
+2001-11-16  David Shaw  <dshaw at jabberwocky.com>
+
+	* g10.c, options.h: New option --pgp2.  This is identical to
+	"--rfc1991 --cipher-algo idea --compress-algo 1" with the addition
+	of an error to force the user not to use a pipe (which would break
+	pgp2 compatibility).
+
+        * encode.c (encode_crypt): fail if the user tries to encrypt to a
+	non-RSA or non-V3 (really the same thing) when the --pgp2 option
+	is used.
+
 2001-11-09  Werner Koch  <wk at gnupg.org>
 
 	* export.c (do_export_stream): Put all given names into a search
Index: encode.c
===================================================================
RCS file: /cvs/gnupg/gnupg/g10/encode.c,v
retrieving revision 1.47.2.10
diff -u -r1.47.2.10 encode.c
--- encode.c	2001/08/30 16:39:22	1.47.2.10
+++ encode.c	2001/11/16 20:26:20
@@ -250,7 +250,7 @@
     armor_filter_context_t afx;
     compress_filter_context_t zfx;
     text_filter_context_t tfx;
-    PK_LIST pk_list;
+    PK_LIST pk_list,work_list;
     int do_compress = opt.compress && !opt.rfc1991;
 
 
@@ -262,6 +262,15 @@
 
     if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
 	return rc;
+
+    if(opt.pgp2)
+      for(work_list=pk_list;work_list->next!=NULL;work_list=work_list->next)
+	if(!(is_RSA(work_list->pk->pubkey_algo) && work_list->pk->version==3))
+	  {
+	    log_error(_("You can only encrypt to old-style RSA keys in --pgp2 mode\n"));
+	    rc=G10ERR_WR_PUBKEY_ALGO;
+	    goto leave;
+	  }
 
     /* prepare iobufs */
     if( !(inp = iobuf_open(filename)) ) {
Index: g10.c
===================================================================
RCS file: /cvs/gnupg/gnupg/g10/Attic/g10.c,v
retrieving revision 1.129.2.58
diff -u -r1.129.2.58 g10.c
--- g10.c	2001/11/08 13:25:48	1.129.2.58
+++ g10.c	2001/11/16 20:26:21
@@ -142,6 +142,7 @@
     oLoadExtension,
     oRFC1991,
     oOpenPGP,
+    oPGP2,
     oCipherAlgo,
     oDigestAlgo,
     oCompressAlgo,
@@ -343,6 +344,7 @@
     { oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
     { oRFC1991, "rfc1991",   0, N_("emulate the mode described in RFC1991")},
     { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
+    { oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")},
     { oS2KMode, "s2k-mode",  1, N_("|N|use passphrase mode N")},
     { oS2KDigest, "s2k-digest-algo",2,
 		N_("|NAME|use message digest algorithm NAME for passphrases")},
@@ -663,6 +665,7 @@
     int greeting = 0;
     int nogreeting = 0;
     int use_random_seed = 1;
+    int no_stdin = 0;
     enum cmd_and_opt_values cmd = 0;
     const char *trustdb_name = NULL;
     char *def_cipher_string = NULL;
@@ -981,6 +984,15 @@
 	    opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
 	    opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
 	    break;
+	case oPGP2:
+	  opt.pgp2 = 1;
+	  opt.rfc1991 = 1;
+	  opt.def_cipher_algo = CIPHER_ALGO_IDEA;
+	  opt.def_compress_algo = 1;
+	  no_stdin=1;
+	  if( check_cipher_algo(CIPHER_ALGO_IDEA) )
+	    log_error(_("--pgp2 mode requires the IDEA module to be present\n"));
+	  break;
 	  case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
 	  case oEmu3DESS2KBug:	opt.emulate_bugs |= EMUBUG_3DESS2K; break;
 	  case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
@@ -1319,6 +1331,11 @@
 	break;
 
       case aEncr: /* encrypt the given file */
+	if( argc == 0 && no_stdin ) {
+	  log_error(_("You must use files when encrypting with --pgp2 enabled.\n"));
+	  break;
+	}
+
 	if( argc > 1 )
 	    wrong_args(_("--encrypt [filename]"));
 	if( (rc = encode_crypt(fname,remusr)) )
Index: options.h
===================================================================
RCS file: /cvs/gnupg/gnupg/g10/options.h,v
retrieving revision 1.51.2.31
diff -u -r1.51.2.31 options.h
--- options.h	2001/11/08 13:25:48	1.51.2.31
+++ options.h	2001/11/16 20:26:21
@@ -74,6 +74,7 @@
     int compress_keys;
     int compress_sigs;
     int always_trust;
+    int pgp2;
     int rfc1991;
     int rfc2440;
     int pgp2_workarounds;

More information about the Gnupg-devel mailing list