RSA sign+encrypt (with subkey) key generation
disastry at saiknes.lv
disastry at saiknes.lv
Wed May 22 21:21:06 CEST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hello
here is the patch that allows to generate RSA sign+encrypt (with subkey) keys
in one step (like DSA/Elgamal keys) - no need to go to --key-edit to add subkey
it also allows to generate RSA/Elgamal and DSA/RSA keys in one step.
this patch is for 1.0.7a (cvs version)
patch also available at
http://disastry.dhs.org/pgp/gpg/gnupg-1.0.7a-keygen.diff
__
Disastry http://disastry.dhs.org/
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
iQA/AwUBPOtZkDBaTVEuJQxkEQNPqACeI4JHKHqW2/bz/yhL4Si7t7TQesoAoIn7
sjEvzUyMrauX8ZRvEa6vWfXk
=Y/XQ
-----END PGP SIGNATURE-----
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message
This patch enables gpg version 1.0.7a to generate RSA sign + RSA encrypt keys
and RSA sign + ElGamal encrypt and DSA + RSA encrypt keys.
Copyright 2001 Free Software Foundation, Inc.
This patch is free software; you can use it, redistribute it
and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
--- gnupg/g10/keygen.c Thu May 16 05:35:54 2002
+++ gnupg107a/g10/keygen.c Wed May 22 12:19:21 2002
@@ -849,8 +849,14 @@
tty_printf( _(" (%d) RSA (sign only)\n"), 5 );
if (addmode)
tty_printf( _(" (%d) RSA (encrypt only)\n"), 6 );
+ if (!addmode)
+ tty_printf( _(" (%d) RSA (sign and encrypt (with subkey))\n"), 7 );
if (opt.expert)
- tty_printf( _(" (%d) RSA (sign and encrypt)\n"), 7 );
+ tty_printf( _(" (%d) RSA (sign and encrypt (single key))\n"), 8 );
+ if (!addmode && opt.expert) { /* add odd keys too... */
+ tty_printf( _(" (%d) RSA (sign) and ElGamal(encrypt)\n"), 9 );
+ tty_printf( _(" (%d) DSA (sign) and RSA (encrypt)\n"), 10 );
+ }
for(;;) {
answer = cpr_get("keygen.algo",_("Your selection? "));
@@ -858,10 +864,20 @@
algo = *answer? atoi(answer): 1;
m_free(answer);
if( algo == 1 && !addmode ) {
- algo = 0; /* create both keys */
+ algo = PUBKEY_ALGO_DSA | (PUBKEY_ALGO_ELGAMAL_E << 8); /* create both keys */
+ break;
+ }
+ else if( algo == 10 && !addmode && opt.expert ) {
+ algo = PUBKEY_ALGO_DSA | (PUBKEY_ALGO_RSA << 8); /* create both keys */
+ *r_usage = PUBKEY_USAGE_ENC << 8;
break;
}
- else if( algo == 7 && opt.expert ) {
+ else if( algo == 9 && !addmode && opt.expert ) {
+ algo = PUBKEY_ALGO_RSA | (PUBKEY_ALGO_ELGAMAL_E << 8); /* create both keys */
+ *r_usage = PUBKEY_USAGE_SIG;
+ break;
+ }
+ else if( algo == 8 && opt.expert ) {
if (cpr_get_answer_is_yes ("keygen.algo.rsa_se",_(
"The use of this algorithm is deprecated - create anyway? "))){
algo = PUBKEY_ALGO_RSA;
@@ -869,6 +885,11 @@
break;
}
}
+ else if( algo == 7 && !addmode ) {
+ algo = PUBKEY_ALGO_RSA | (PUBKEY_ALGO_RSA << 8); /* create both keys */
+ *r_usage = PUBKEY_USAGE_SIG | (PUBKEY_USAGE_ENC << 8);
+ break;
+ }
else if( algo == 6 && addmode ) {
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_ENC;
@@ -1855,7 +1876,7 @@
void
generate_keypair( const char *fname )
{
- unsigned int nbits;
+ unsigned int nbits = 0;
char *uid = NULL;
DEK *dek;
STRING2KEY *s2k;
@@ -1875,26 +1896,52 @@
}
algo = ask_algo( 0, &use );
- if( !algo ) { /* default: DSA with ElG subkey of the specified size */
+ if( algo >> 8 ) { /* default: DSA with ElG subkey of the specified size */
both = 1;
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYTYPE;
- sprintf( r->u.value, "%d", PUBKEY_ALGO_DSA );
+ sprintf( r->u.value, "%d", algo & 0xff );
r->next = para;
para = r;
- tty_printf(_("DSA keypair will have 1024 bits.\n"));
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYLENGTH;
- strcpy( r->u.value, "1024" );
+ if ((algo & 0xff) == PUBKEY_ALGO_DSA) {
+ tty_printf(_("DSA keypair will have 1024 bits.\n"));
+ strcpy( r->u.value, "1024" );
+ } else {
+ nbits = ask_keysize( algo && 0xff );
+ sprintf( r->u.value, "%u", nbits);
+ }
r->next = para;
para = r;
- algo = PUBKEY_ALGO_ELGAMAL_E;
+ if (use & 0xff) {
+ r = m_alloc_clear( sizeof *r + 20 );
+ r->key = pKEYUSAGE;
+ sprintf( r->u.value, "%s%s",
+ (use & PUBKEY_USAGE_SIG)? "sign ":"",
+ (use & PUBKEY_USAGE_ENC)? "encrypt ":"" );
+ r->next = para;
+ para = r;
+ }
+
+ algo = algo >> 8;
+ use = use >> 8;
r = m_alloc_clear( sizeof *r + 20 );
r->key = pSUBKEYTYPE;
sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
+
+ if (use) {
+ r = m_alloc_clear( sizeof *r + 20 );
+ r->key = pSUBKEYUSAGE;
+ sprintf( r->u.value, "%s%s",
+ (use & PUBKEY_USAGE_SIG)? "sign ":"",
+ (use & PUBKEY_USAGE_ENC)? "encrypt ":"" );
+ r->next = para;
+ para = r;
+ }
}
else {
r = m_alloc_clear( sizeof *r + 20 );
@@ -1915,7 +1962,8 @@
}
- nbits = ask_keysize( algo );
+ if ( !nbits )
+ nbits = ask_keysize( algo );
r = m_alloc_clear( sizeof *r + 20 );
r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
sprintf( r->u.value, "%u", nbits);
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (MingW32)
iD8DBQE863N1MFpNUS4lDGQRAgqTAJ9NW005a2n9RneLmYVz61IOVNCeTQCgj3Zy
z8nOyOhhpk+IoUnaMptHeNA=
=k+D4
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list