* g10/keygen.c (parse_key_parameter_part): when using a legacy compliance mode, ensure that new keys are only algorithms known by the corresponding tools.
-- GnuPG-bug-id: 7511 Signed-off-by: Daniel Kahn Gillmor <[email protected]> --- g10/keygen.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/g10/keygen.c b/g10/keygen.c index 185585e3f..10a2eb9a1 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3998,6 +3998,15 @@ parse_key_parameter_part (ctrl_t ctrl, else return gpg_error (GPG_ERR_UNKNOWN_CURVE); + if ((RFC4880||RFC2440||PGP8||PGP7) && + (algo != PUBKEY_ALGO_RSA) && + (algo != PUBKEY_ALGO_DSA) && + (algo != PUBKEY_ALGO_ELGAMAL_E)) { + log_error (_("Cannot generate pubkey algorithm \"%s\" in compliance mode: %s\n"), + string, gnupg_compliance_label (opt.compliance)); + return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); + } + /* Parse the flags. */ keyuse = 0; if (flags) -- 2.47.2 _______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
