gpg: Protect against rogue keyservers sending secret keys.
authorWerner Koch <wk@gnupg.org>
Fri, 4 Oct 2013 11:44:39 +0000 (13:44 +0200)
committerWerner Koch <wk@gnupg.org>
Fri, 7 Mar 2014 09:14:05 +0000 (10:14 +0100)
commitdb1f74ba5338f624f146a3cb41a346e46b15c8f9
tree29852506d1074216fa8bf3c031a4053b8705c579
parent90688b29f3701f4d3e2a5a49c5544fe8d2a84b2d
gpg: Protect against rogue keyservers sending secret keys.

* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--

By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id.  The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.

Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e7abed3448c1c1a4e756c12f95b665b517d22ebe)

Resolved conflicts:
g10/import.c
g10/keyserver.c
g10/import.c
g10/keyserver.c
g10/options.h