Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to apply security rule only to certain signatures. #1819

Closed
ni4 opened this issue May 2, 2022 · 2 comments · Fixed by #1861
Closed

Add option to apply security rule only to certain signatures. #1819

ni4 opened this issue May 2, 2022 · 2 comments · Fixed by #1861
Assignees
@ni4
Milestone
v0.16.1

Comments

@ni4
Copy link
Contributor

ni4 commented May 2, 2022
edited

Description

Currently hash security rules apply to all signatures. However, it may be desirable to distinguish between key signatures and data signatures, so we should add corresponding flag to the rnp_add_security_rule().
Probably it could also worth to allow SHA1 for key's signatures by default.
@ni4 ni4 added this to the v0.17.0 milestone May 2, 2022
@antonsviridenko
Copy link
Contributor

Why do we need that?

@ni4
Copy link
Contributor Author

ni4 commented May 2, 2022

Please see the discussion here: https://mailarchive.ietf.org/arch/msg/openpgp/KeTgr5qdLlu3eKQSHnG-3qCmx4Q/
Basically, while it is simple to avoid to sign data using the SHA1 hash algorithm, it could become harmful for the keys.

@ni4 ni4 self-assigned this May 10, 2022
@ni4 ni4 mentioned this issue Jun 21, 2022
Merged
@ni4 ni4 modified the milestones: v0.17.0, v0.16.1 Aug 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ni4 ni4

Labels
None yet
Projects
None yet
Milestone
v0.16.1
Development

Successfully merging a pull request may close this issue.

Separate security rules for data and key signatures. rnpgp/rnp
2 participants
@antonsviridenko @ni4