Removing v3 support from 2.1

Werner Koch wk at
Sun Oct 12 20:29:14 CEST 2014


I removed all code pertaining to v3 keys and also forced using v4
signatures.  If you want to test this, please checkout the
"wk/test-master" branch.

commit bb961e062bbf1011ef3430afdf2075561ba400ab
Author: Werner Koch <wk at>
Date:   Sun Oct 12 20:07:12 2014 +0200

    gpg: Remove all support for v3 keys and always create v4-signatures.
    * g10/build-packet.c (do_key): Remove support for building v3 keys.
    * g10/parse-packet.c (read_protected_v3_mpi): Remove.
    (parse_key): Remove support for v3-keys.  Add dedicated warnings for
    v3-key packets.
    * g10/keyid.c (hash_public_key): Remove v3-key support.
    (keyid_from_pk): Ditto.
    (fingerprint_from_pk): Ditto.
    * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
    * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
    oForceV4Certs, oNoForceV4Certs.
    (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
    --no-force-v4-certs int dummy options.
    (main): Remove setting of the force_v3_sigs force_v4_certs flags.
    * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
    * g10/sign.c (hash_uid): Remove support for v3-signatures
    (hash_sigversion_to_magic): Ditto.
    (only_old_style): Remove this v3-key function.
    (write_signature_packets): Remove support for creating v3-signatures.
    (sign_file): Ditto.
    (sign_symencrypt_file): Ditto.
    (clearsign_file): Ditto.  Remove code to emit no Hash armor line if
    only v3-keys are used.
    (make_keysig_packet): Remove arg SIGVERSION and force using
    v4-signatures.  Change all callers to not pass a value for this arg.
    Remove all v3-key related code.
    (update_keysig_packet): Remove v3-signature support.
    * g10/keyedit.c (sign_uids): Always create v4-signatures.
    * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
    change caller.
    v3 keys are deprecated for about 15 years and due the severe
    weaknesses of MD5 it does not make any sense to keep code around to
    use these old and broken keys.  Users who need to decrypt old messages
    should use gpg 1.4 and best re-encrypt them to modern standards.
    verification of old (i.e. PGP2) created signatures is thus also not
    anymore possible but such signatures have no values anyway - MD5 is
    just too broken.
    We have also kept support for v3 signatures until now.  With the
    removal of support for v3 keys it is questionable whether it makes any
    sense to keep support for v3-signatures.  What we do now is to keep
    support for verification of v3-signatures but we force the use of
    v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
    obsolete because those PGP versions require v3-signatures for
    messages.  These versions of PGP are also really old and not anymore
    maintained so they have not received any bug fixes and should not be
    used anyway.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list