Regular Expression Support

Werner Koch wk at
Thu Feb 20 13:06:19 CET 2020

On Wed, 19 Feb 2020 16:32, Daniel Kahn Gillmor said:

> There has been a series of problems with the GnuPG implementation of
> regexps even on those platforms where some portion of regex is
> implemented, iirc.

Indeed we have had some problems with that due to our use of non-rfc4880
compliant regex libraries and different assumptions on which regexp are
to be used.  OpenPGP states:

   The regular expression uses the same syntax as the Henry Spencer's
   "almost public domain" regular expression [REGEX] package.  A
   description of the syntax is found in Section 8 below.

I doubt that anyone fully checked Henry Spencer's code against the
description in section 8 or even against one of the larger regexp
implementations.  GnuPG stepped things mostly aside by not allowing to
enter arbitrary regexps.

Aside of OpenPGP GnuPG has the small helper gpg-check-pattern to reject
common patterns as password.  There we define regexp as

  /* The pattern is an extended regular expression. */

but I think that it would be okay to use the Spencer code here as well.
The sample file list just two examples

  # German number plates.
  /^[A-Z]{1,3}[ ]*-[ ]*[A-Z]{1,2}[ ]*[0-9]+/
  # Dates (very limited, only ISO dates). */

which is vanilla extend r.e.  



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list