[PATCH GnuPG 5/5] gpg: Emit only RSA, DSA, and ElGamal with legacy compliance modes
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Feb 5 00:46:08 CET 2025
* g10/keygen.c (parse_key_parameter_part): when using a legacy
compliance mode, ensure that new keys are only algorithms known by the
corresponding tools.
--
GnuPG-bug-id: 7511
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
g10/keygen.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/g10/keygen.c b/g10/keygen.c
index 185585e3f..10a2eb9a1 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -3998,6 +3998,15 @@ parse_key_parameter_part (ctrl_t ctrl,
else
return gpg_error (GPG_ERR_UNKNOWN_CURVE);
+ if ((RFC4880||RFC2440||PGP8||PGP7) &&
+ (algo != PUBKEY_ALGO_RSA) &&
+ (algo != PUBKEY_ALGO_DSA) &&
+ (algo != PUBKEY_ALGO_ELGAMAL_E)) {
+ log_error (_("Cannot generate pubkey algorithm \"%s\" in compliance mode: %s\n"),
+ string, gnupg_compliance_label (opt.compliance));
+ return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
+ }
+
/* Parse the flags. */
keyuse = 0;
if (flags)
--
2.47.2
More information about the Gnupg-devel
mailing list