[Pkg-gnupg-commit] [gnupg2] 261/292: gpg: New option --override-session-key-fd.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Nov 21 06:31:49 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 43bfaf2c5417ede621c0a07721952ea549a7a139
Author: Werner Koch <wk at gnupg.org>
Date: Wed Nov 16 09:02:53 2016 +0100
gpg: New option --override-session-key-fd.
* g10/gpg.c (oOverrideSessionKeyFD): New.
(opts): Add option --override-session-key-fd.
(main): Handle that option.
(read_sessionkey_from_fd): New.
--
The override-session-key feature was designed to mitigate the effect
of the British RIP act by allowing to keep the private key private and
hand out only a session key. For that use case the leaking of the
session key would not be a problem. However there are other use
cases, for example fast re-decryption after an initial decryption,
which would benefit from concealing the session key from other users.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
doc/gpg.texi | 16 ++++++++++------
g10/gpg.c | 45 +++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 53 insertions(+), 8 deletions(-)
diff --git a/doc/gpg.texi b/doc/gpg.texi
index aff3aeb..c69e512 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3118,13 +3118,17 @@ inappropriate plaintext so they can take action against the offending
user.
@item --override-session-key @code{string}
+ at itemx --override-session-key-fd @code{fd}
@opindex override-session-key
-Don't use the public key but the session key @code{string}. The format
-of this string is the same as the one printed by
- at option{--show-session-key}. This option is normally not used but comes
-handy in case someone forces you to reveal the content of an encrypted
-message; using this option you can do this without handing out the
-secret key.
+Don't use the public key but the session key @code{string} respective
+the session key taken from the first line read from file descriptor
+ at code{fd}. The format of this string is the same as the one printed
+by @option{--show-session-key}. This option is normally not used but
+comes handy in case someone forces you to reveal the content of an
+encrypted message; using this option you can do this without handing
+out the secret key. Note that using @option{--override-session-key}
+may reveal the session key to all local users via the global process
+table.
@item --ask-sig-expire
@itemx --no-ask-sig-expire
diff --git a/g10/gpg.c b/g10/gpg.c
index 495356c..c54facb 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -343,6 +343,7 @@ enum cmd_and_opt_values
oIgnoreMDCError,
oShowSessionKey,
oOverrideSessionKey,
+ oOverrideSessionKeyFD,
oNoRandomSeedFile,
oAutoKeyRetrieve,
oNoAutoKeyRetrieve,
@@ -776,6 +777,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
+ ARGPARSE_s_i (oOverrideSessionKeyFD, "override-session-key-fd", "@"),
ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
@@ -919,6 +921,7 @@ static void add_notation_data( const char *string, int which );
static void add_policy_url( const char *string, int which );
static void add_keyserver_url( const char *string, int which );
static void emergency_cleanup (void);
+static void read_sessionkey_from_fd (int fd);
static char *
@@ -2262,6 +2265,7 @@ main (int argc, char **argv)
int eyes_only=0;
int multifile=0;
int pwfd = -1;
+ int ovrseskeyfd = -1;
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
int any_explicit_recipient = 0;
int require_secmem = 0;
@@ -3289,6 +3293,9 @@ main (int argc, char **argv)
case oOverrideSessionKey:
opt.override_session_key = pargs.r.ret_str;
break;
+ case oOverrideSessionKeyFD:
+ ovrseskeyfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
+ break;
case oMergeOnly:
deprecated_warning(configname,configlineno,"--merge-only",
"--import-options ","merge-only");
@@ -3856,8 +3863,11 @@ main (int argc, char **argv)
g10_exit(0);
- if( pwfd != -1 ) /* Read the passphrase now. */
- read_passphrase_from_fd( pwfd );
+ if (pwfd != -1) /* Read the passphrase now. */
+ read_passphrase_from_fd (pwfd);
+
+ if (ovrseskeyfd != -1 ) /* Read the sessionkey now. */
+ read_sessionkey_from_fd (ovrseskeyfd);
fname = argc? *argv : NULL;
@@ -5212,3 +5222,34 @@ add_keyserver_url( const char *string, int which )
if(critical)
sl->flags |= 1;
}
+
+
+static void
+read_sessionkey_from_fd (int fd)
+{
+ int i, len;
+ char *line;
+
+ for (line = NULL, i = len = 100; ; i++ )
+ {
+ if (i >= len-1 )
+ {
+ char *tmp = line;
+ len += 100;
+ line = xmalloc_secure (len);
+ if (tmp)
+ {
+ memcpy (line, tmp, i);
+ xfree (tmp);
+ }
+ else
+ i=0;
+ }
+ if (read (fd, line + i, 1) != 1 || line[i] == '\n')
+ break;
+ }
+ line[i] = 0;
+ log_debug ("seskey: %s\n", line);
+ gpgrt_annotate_leaked_object (line);
+ opt.override_session_key = line;
+}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list