gpg: Remove all support for v3 keys and always create v4-signatures.

* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys.  Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.

* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto.  Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures.  Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.

* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--

v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys.  Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.

We have also kept support for v3 signatures until now.  With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures.  What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages.  These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.

Signed-off-by: Werner Koch <[email protected]>

Author: dd9jn

doc/OpenPGP

@@ -9,6 +9,15 @@
   ===================
    GnuPG (>=1.0.3) is in compliance with RFC2440 despite these exceptions:
 
+    * With GnuPG >= 2.1.0 all support for version 3 keys has been
+      removed.  Thus there is no more compatibility with PGP-2.  Users
+      who need to be able to decrypt old PGP 2 messages should use
+      GnuPG 1.4.x along with the option --allow-weak-digest-algos.
+
+    * With GnuPG >= 2.1.0 all signatures (on messages and keys) are
+      created using version 4 signatures.  Support for verifying
+      version 3 signature is still available.
+
     * (9.2) states that IDEA SHOULD be implemented.  This is not done
       due to patent problems.
       UPDATE: Since version 1.4.13 (or GnuPG 2.x with Libgcrypt 1.6)

doc/gpg.texi

@@ -2129,6 +2129,7 @@ platforms that have different line ending conventions (UNIX-like to Mac,
 Mac to Windows, etc). @option{--no-textmode} disables this option, and
 is the default.
 
+@ifclear gpgtwoone
 @item --force-v3-sigs
 @itemx --no-force-v3-sigs
 @opindex force-v3-sigs
@@ -2147,6 +2148,15 @@ Defaults to no.
 Always use v4 key signatures even on v3 keys. This option also
 changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
 @option{--no-force-v4-certs} disables this option.
+@end ifclear
+
+@ifset gpgtwoone
+@item --force-v3-sigs
+@itemx --no-force-v3-sigs
+@item --force-v4-certs
+@itemx --no-force-v4-certs
+These options are obsolete and have no effect since GnuPG 2.1.
+@end ifset
 
 @item --force-mdc
 @opindex force-mdc
@@ -2301,8 +2311,12 @@ compression algorithms none and ZIP. This also disables
 --throw-keyids, and making signatures with signing subkeys as PGP 6
 does not understand signatures made by signing subkeys.
 
-This option implies @option{--disable-mdc --escape-from-lines
---force-v3-sigs}.
+@ifclear gpgtwoone
+This option implies @option{--disable-mdc --escape-from-lines --force-v3-sigs}.
+@end ifclear
+@ifset gpgtwoone
+This option implies @option{--disable-mdc --escape-from-lines}.
+@end ifset
 
 @item --pgp7
 @opindex pgp7

g10/build-packet.c

@@ -291,24 +291,13 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
   int i, nskey, npkey;
   iobuf_t a = iobuf_temp(); /* Build in a self-enlarging buffer.  */
 
-  /* Write the version number - if none is specified, use 3 */
+  /* Write the version number - if none is specified, use 4 */
   if ( !pk->version )
-    iobuf_put ( a, 3 );
+    iobuf_put ( a, 4 );
   else
     iobuf_put ( a, pk->version );
   write_32 (a, pk->timestamp );
 
-  /* v3 needs the expiration time. */
-  if ( pk->version < 4 )
-    {
-      u16 ndays;
-      if ( pk->expiredate )
-        ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L);
-      else
-        ndays = 0;
-      write_16(a, ndays);
-    }
-
   iobuf_put (a, pk->pubkey_algo );
 
   /* Get number of secret and public parameters.  They are held in one
@@ -347,45 +336,37 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
       /* Build the header for protected (encrypted) secret parameters.  */
       if (ski->is_protected)
         {
-          if ( is_RSA (pk->pubkey_algo) && pk->version < 4 && !ski->s2k.mode )
+          /* OpenPGP protection according to rfc2440. */
+          iobuf_put (a, ski->sha1chk? 0xfe : 0xff);
+          iobuf_put (a, ski->algo);
+          if (ski->s2k.mode >= 1000)
             {
-              /* The simple rfc1991 (v3) way. */
-              iobuf_put (a, ski->algo );
-              iobuf_write (a, ski->iv, ski->ivlen);
+              /* These modes are not possible in OpenPGP, we use them
+                 to implement our extensions, 101 can be viewed as a
+                 private/experimental extension (this is not specified
+                 in rfc2440 but the same scheme is used for all other
+                 algorithm identifiers). */
+              iobuf_put (a, 101);
+              iobuf_put (a, ski->s2k.hash_algo);
+              iobuf_write (a, "GNU", 3 );
+              iobuf_put (a, ski->s2k.mode - 1000);
             }
           else
             {
-              /* OpenPGP protection according to rfc2440. */
-              iobuf_put (a, ski->sha1chk? 0xfe : 0xff);
-              iobuf_put (a, ski->algo);
-              if (ski->s2k.mode >= 1000)
-                {
-                  /* These modes are not possible in OpenPGP, we use
-                     them to implement our extensions, 101 can be
-                     viewed as a private/experimental extension (this
-                     is not specified in rfc2440 but the same scheme
-                     is used for all other algorithm identifiers). */
-                  iobuf_put (a, 101);
-                  iobuf_put (a, ski->s2k.hash_algo);
-                  iobuf_write (a, "GNU", 3 );
-                  iobuf_put (a, ski->s2k.mode - 1000);
-                }
-              else
-                {
-                  iobuf_put (a, ski->s2k.mode);
-                  iobuf_put (a, ski->s2k.hash_algo);
-                }
-
-              if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
-                iobuf_write (a, ski->s2k.salt, 8);
-
-              if (ski->s2k.mode == 3)
-                iobuf_put (a, ski->s2k.count);
-
-              /* For our special modes 1001, 1002 we do not need an IV. */
-              if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002)
-                iobuf_write (a, ski->iv, ski->ivlen);
+              iobuf_put (a, ski->s2k.mode);
+              iobuf_put (a, ski->s2k.hash_algo);
             }
+
+          if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
+            iobuf_write (a, ski->s2k.salt, 8);
+
+          if (ski->s2k.mode == 3)
+            iobuf_put (a, ski->s2k.count);
+
+          /* For our special modes 1001, 1002 we do not need an IV. */
+          if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002)
+            iobuf_write (a, ski->iv, ski->ivlen);
+
         }
       else /* Not protected. */
         iobuf_put (a, 0 );
@@ -400,7 +381,7 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
           /* The serial number gets stored in the IV field.  */
           iobuf_write (a, ski->iv, ski->ivlen);
         }
-      else if (ski->is_protected && pk->version >= 4)
+      else if (ski->is_protected)
         {
           /* The secret key is protected - write it out as it is.  */
           byte *p;
@@ -410,20 +391,6 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
           p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits);
           iobuf_write (a, p, (ndatabits+7)/8 );
         }
-      else if (ski->is_protected)
-        {
-          /* The secret key is protected the old v4 way. */
-          for ( ; i < nskey; i++ )
-            {
-              byte *p;
-              unsigned int ndatabits;
-
-              assert (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE));
-              p = gcry_mpi_get_opaque (pk->pkey[i], &ndatabits);
-              iobuf_write (a, p, (ndatabits+7)/8);
-            }
-          write_16 (a, ski->csum );
-        }
       else
         {
           /* Non-protected key. */

g10/filter.h

@@ -152,7 +152,7 @@ int cipher_filter( void *opaque, int control,
 int text_filter( void *opaque, int control,
 		 iobuf_t chain, byte *buf, size_t *ret_len);
 int copy_clearsig_text (iobuf_t out, iobuf_t inp, gcry_md_hd_t md,
-                        int escape_dash, int escape_from, int pgp2mode);
+                        int escape_dash, int escape_from);
 
 /*-- progress.c --*/
 progress_filter_context_t *new_progress_context (void);

g10/gpg.c

@@ -272,10 +272,6 @@ enum cmd_and_opt_values
     oShowPhotos,
     oNoShowPhotos,
     oPhotoViewer,
-    oForceV3Sigs,
-    oNoForceV3Sigs,
-    oForceV4Certs,
-    oNoForceV4Certs,
     oForceMDC,
     oNoForceMDC,
     oDisableMDC,
@@ -525,10 +521,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oQuiet,	  "quiet",   "@"),
   ARGPARSE_s_n (oNoTTY,   "no-tty",  "@"),
 
-  ARGPARSE_s_n (oForceV3Sigs,      "force-v3-sigs", "@"),
-  ARGPARSE_s_n (oNoForceV3Sigs, "no-force-v3-sigs", "@"),
-  ARGPARSE_s_n (oForceV4Certs,     "force-v4-certs", "@"),
-  ARGPARSE_s_n (oNoForceV4Certs, "no-force-v4-certs", "@"),
   ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
   ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
   ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
@@ -810,6 +802,10 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
   ARGPARSE_s_n (oNoop, "compress-keys", "@"),
   ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
+  ARGPARSE_s_n (oNoop, "force-v3-sigs", "@"),
+  ARGPARSE_s_n (oNoop, "no-force-v3-sigs", "@"),
+  ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
+  ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
 
   ARGPARSE_end ()
 };
@@ -2535,7 +2531,6 @@ main (int argc, char **argv)
 	    opt.allow_freeform_uid = 1;
 	    opt.pgp2_workarounds = 0;
 	    opt.escape_from = 1;
-	    opt.force_v3_sigs = 0;
 	    opt.not_dash_escaped = 0;
 	    opt.def_cipher_algo = 0;
 	    opt.def_digest_algo = 0;
@@ -2553,7 +2548,6 @@ main (int argc, char **argv)
 	    opt.allow_freeform_uid = 1;
 	    opt.pgp2_workarounds = 0;
 	    opt.escape_from = 0;
-	    opt.force_v3_sigs = 0;
 	    opt.not_dash_escaped = 0;
 	    opt.def_cipher_algo = 0;
 	    opt.def_digest_algo = 0;
@@ -2637,10 +2631,7 @@ main (int argc, char **argv)
 	    opt.verify_options&=~VERIFY_SHOW_PHOTOS;
 	    break;
 	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
-	  case oForceV3Sigs: opt.force_v3_sigs = 1; break;
-	  case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
-          case oForceV4Certs: opt.force_v4_certs = 1; break;
-          case oNoForceV4Certs: opt.force_v4_certs = 0; break;
+
 	  case oForceMDC: opt.force_mdc = 1; break;
 	  case oNoForceMDC: opt.force_mdc = 0; break;
 	  case oDisableMDC: opt.disable_mdc = 1; break;
@@ -3288,15 +3279,17 @@ main (int argc, char **argv)
     /* Do these after the switch(), so they can override settings. */
     if(PGP6)
       {
+        /* That does not anymore work becuase we have no more support
+           for v3 signatures.  */
 	opt.disable_mdc=1;
 	opt.escape_from=1;
-	opt.force_v3_sigs=1;
 	opt.ask_sig_expire=0;
       }
     else if(PGP7)
       {
+        /* That does not anymore work because we have no more support
+           for v3 signatures.  */
 	opt.escape_from=1;
-	opt.force_v3_sigs=1;
 	opt.ask_sig_expire=0;
       }
     else if(PGP8)