1.0.6b comments
David Shaw
dshaw@jabberwocky.com
Wed Oct 24 22:12:01 2001
--1sNVjLsmu1MXqwQ/
Content-Type: multipart/mixed; boundary="2JFBq9zoW8cOFH7v"
Content-Disposition: inline
--2JFBq9zoW8cOFH7v
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hiya,
I've been playing with 1.0.6b, and have a few comments. Some of these
are not necessarily bugs, and some of them exist in 1.0.6 as well.
Aside from this, 1.0.6b is really great. I love --update-trustdb.
1) Merely having the secret key present is not enough to make a key
ultimately trusted. You have to do it by hand in --edit. If a new
key is generated, however, it is ultimately trusted.
2) The --edit menu does not detect if you have v3 secret keys
(i.e. you can't "toggle"). V4 secret keys do work.
3) If you try to make a 4096-bit RSA key, gpg seems to make a 4095-bit
key.
4) Sign a key, so that it's trust goes to "full". Now, delete or
revoke the signature. The trust level stays at "full" until you
export, delete, and then re-import the trustdb.
5) When you delete a key with ownertrust set it does not disappear
from the trustdb.
6) You can revoke the same key signature multiple times (unclear
whether this is really a problem or not).
7) When revoking a key signature, the reason for revocation prompt
doesn't allow for the "no reason specified" option allowed in the
RFC. A patch for that is attached.
8) RSA key signatures are always made with MD5 as the hash. This
makes sense for v3 key sigs, but v4 RSA key sigs are probably safe
to use something else.
9) Revoking a key or signature prompts for a revocation reason. This
doesn't work properly with v3 keys in that it prompts, accepts the
user's input, but does not actually include the reason in the
revocation signature. This is the same problem that 1.0.6 had with
making non-exportable sigs with v3 keys (i.e. v3 keys make v3 sigs,
so no v4 features). Note the same thing happens with
set-policy-url or notation-data with v3 keys.
As I see it, if you are making a signature on a v4 key using your
v3 key, it doesn't make sense to generate a v3 sig. After all, the
point of using a v3 sig is to be backwards compatible, but no
v3-only PGP implementation could understand the v4 key the sig is
on in the first place.
I've added a feature (patch attached) to always make v4 key sigs
unless it is a v3 key making a key sig on a v3 key, in which case
it makes a v3 key sig. I also added a "force-v4-certs" flag to
force v4 key sigs (certs) if the user wants v4 key signatures all
the time. This only affects key certification signatures. Regular
document signatures are unchanged.
This doesn't really solve the stated issue that gpg prompts the
user even if it is not going to use the revocation reason but it
does help the underlying problem.
10) Key flags don't seem to work properly in that if a key is flagged
certify-only (0x01), or signature-only (0x02), it still can do the
other (certify-only keys can sign, and signature-only keys can
certify).
David
--=20
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
--2JFBq9zoW8cOFH7v
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch.gnupg-1.0.6b.dms.revokereason.1"
Content-Transfer-Encoding: quoted-printable
Index: revoke.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvs/gnupg/gnupg/g10/revoke.c,v
retrieving revision 1.20.2.9
diff -u -r1.20.2.9 revoke.c
--- revoke.c 2001/09/07 07:57:51 1.20.2.9
+++ revoke.c 2001/10/24 19:13:11
@@ -240,9 +240,10 @@
struct revocation_reason_info *
ask_revocation_reason( int key_rev, int cert_rev, int hint )
{
- int code;
+ int code=3D-1;
char *description =3D NULL;
struct revocation_reason_info *reason;
+ const char *text_0 =3D _("No reason specified");
const char *text_1 =3D _("Key has been compromised");
const char *text_2 =3D _("Key is superseded");
const char *text_3 =3D _("Key is no longer used");
@@ -254,6 +255,7 @@
description =3D NULL;
=20
tty_printf(_("Please select the reason for the revocation:\n"));
+ tty_printf( " 0 =3D %s\n", text_0 );
if( key_rev )
tty_printf(" 1 =3D %s\n", text_1 );
if( key_rev )
@@ -262,29 +264,31 @@
tty_printf(" 3 =3D %s\n", text_3 );
if( cert_rev )
tty_printf(" 4 =3D %s\n", text_4 );
- tty_printf( " 0 =3D %s\n", _("Cancel") );
+ tty_printf( " Q =3D %s\n", _("Cancel") );
if( hint )
tty_printf(_("(Probably you want to select %d here)\n"), hint );
=20
- for(code =3D 0; !code;) {
+ while(code=3D=3D-1) {
int n;
char *answer =3D cpr_get("ask_revocation_reason.code",
_("Your decision? "));
trim_spaces( answer );
cpr_kill_prompt();
- if( *answer =3D=3D 'q' || *answer =3D=3D 'Q' )
- n =3D 0;
- else if( !isdigit( *answer ) )
- n =3D -1;
- else if( hint && !*answer )
+ if( *answer =3D=3D 'q' || *answer =3D=3D 'Q')
+ return NULL; /* cancel */
+ if( hint && !*answer )
n =3D hint;
+ else if(!isdigit( *answer ) )
+ n =3D -1;
else
n =3D atoi(answer);
m_free(answer);
- if( !n )
- return NULL; /* cancel */
+ if( n =3D=3D 0 ) {
+ code =3D 0x00; /* no particular reason */
+ code_text =3D text_0;
+ }
else if( key_rev && n =3D=3D 1 ) {
- code =3D 0x02; /* key has been compromised */
+ code =3D 0x02; /* key has been compromised */
code_text =3D text_1;
}
else if( key_rev && n =3D=3D 2 ) {
--2JFBq9zoW8cOFH7v
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch.gnupg-1.0.6b.dms.sigversion.1"
Content-Transfer-Encoding: quoted-printable
? Makefile.in
? Makefile
? .deps
? gpg
? gpgv
Index: g10.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvs/gnupg/gnupg/g10/Attic/g10.c,v
retrieving revision 1.129.2.57
diff -u -r1.129.2.57 g10.c
--- g10.c 2001/10/06 07:31:28 1.129.2.57
+++ g10.c 2001/10/24 19:36:04
@@ -180,6 +180,8 @@
oThrowKeyid,
oForceV3Sigs,
oNoForceV3Sigs,
+ oForceV4Certs,
+ oNoForceV4Certs,
oForceMDC,
oS2KMode,
oS2KDigest,
@@ -311,6 +313,8 @@
{ oNoTTY, "no-tty", 0, N_("don't use the terminal at all") },
{ oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
{ oNoForceV3Sigs, "no-force-v3-sigs", 0, N_("do not force v3 signature=
s") },
+ { oForceV4Certs, "force-v4-certs", 0, N_("force v4 key signatures") },
+ { oNoForceV4Certs, "no-force-v4-certs", 0, N_("do not force v4 key sig=
natures") },
{ oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") },
{ oDryRun, "dry-run", 0, N_("do not make any changes") },
/*{ oInteractive, "interactive", 0, N_("prompt before overwriting") }, */
@@ -956,6 +960,7 @@
case oRFC1991:
opt.rfc1991 =3D 1;
opt.rfc2440 =3D 0;
+ opt.force_v4_certs =3D 0;
opt.no_comment =3D 1;
opt.escape_from =3D 1;
break;
@@ -998,6 +1003,8 @@
case oThrowKeyid: opt.throw_keyid =3D 1; break;
case oForceV3Sigs: opt.force_v3_sigs =3D 1; break;
case oNoForceV3Sigs: opt.force_v3_sigs =3D 0; break;
+ case oForceV4Certs: opt.force_v4_certs =3D 1; break;
+ case oNoForceV4Certs: opt.force_v4_certs =3D 0; break;
case oForceMDC: opt.force_mdc =3D 1; break;
case oS2KMode: opt.s2k_mode =3D pargs.r.ret_int; break;
case oS2KDigest: s2k_digest_string =3D m_strdup(pargs.r.ret_str); break;
Index: options.h
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvs/gnupg/gnupg/g10/options.h,v
retrieving revision 1.51.2.30
diff -u -r1.51.2.30 options.h
--- options.h 2001/09/25 15:20:59 1.51.2.30
+++ options.h 2001/10/24 19:36:04
@@ -57,6 +57,7 @@
int list_packets; /* list-packets mode: 1=3Dnormal, 2=3Dinvoked by com=
mand*/
int def_cipher_algo;
int force_v3_sigs;
+ int force_v4_certs;
int force_mdc;
int def_digest_algo;
int def_compress_algo;
Index: sign.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvs/gnupg/gnupg/g10/sign.c,v
retrieving revision 1.75.2.23
diff -u -r1.75.2.23 sign.c
--- sign.c 2001/09/09 16:09:19 1.75.2.23
+++ sign.c 2001/10/24 19:36:04
@@ -982,8 +982,18 @@
|| sigclass =3D=3D 0x20 || sigclass =3D=3D 0x18
|| sigclass =3D=3D 0x30 || sigclass =3D=3D 0x28 );
=20
+ if (opt.force_v4_certs)
+ sigversion =3D 4;
+
if (sigversion < sk->version)
sigversion =3D sk->version;
+
+ /* If you are making a signature on a v4 key using your v3 key, it
+ doesn't make sense to generate a v3 sig. After all, no v3-only
+ PGP implementation could understand the v4 key in the first
+ place. */
+ if (sigversion < pk->version)
+ sigversion =3D pk->version;
=20
if( !digest_algo ) {
switch( sk->pubkey_algo ) {
--2JFBq9zoW8cOFH7v--
--1sNVjLsmu1MXqwQ/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6b (GNU/Linux)
iQEVAwUBO9cgKIccwqs8s7QVAQHJhwf8C806sdn+1ZvXbweOu92OyH4bgXMjurkn
UUAHKx45eMa/oq/0Sn11wwucntr4CHQhGlc7b1IJ6/aVPp3tvtaWQ2OfAMRSCGgW
i/rLAPeoQVdd1ULuI5ZPtyXKAqCSR8bB+HzpWHduobGXeCE/N7vNgMPa+VpelEnI
ToPdgsR2CRCIsAEaflEiSar6C8LFWSL1QXqFD/VDPxHGlG+rOHP2lR21OO0/l1Ue
0Yk7fm+aUeIK8f22KAeE3+x6sPsDmGXDKptndZLf3mgAXWdWI4/3TNpcmIJ7WYxN
Lf/TUW3dJimuBg9IhPZLL+qC6tp4RJJcYa1BKysNWmBC9N7JMpOp8A==
=Vx5N
-----END PGP SIGNATURE-----
--1sNVjLsmu1MXqwQ/--