Commit 5bc1222d authored by Jonathan McDowell's avatar Jonathan McDowell

Fix subkey check to cope with ECC subkeys

ECC subkeys are type 18 and we were only excluding type 19+, causing
false positives on the weak subkey test.
parent a00498cd
......@@ -9,6 +9,7 @@ debian-keyring (2018.05.xx) UNRELEASED; urgency=medium
[ Jonathan McDowell ]
* Temporarily remove 0x021B361B6B031B00 (Julian Andres Klode) due to
subkey loss
* Fix subkey check to cope with ECC subkeys
-- Gunnar Wolf <gwolf@debian.org> Wed, 30 May 2018 10:05:20 -0500
......@@ -9,7 +9,7 @@ find_too_short () {
| awk -F: -v keyring=$1 \
'BEGIN { ok = 1 } \
/^pub/ { fpr = $5 ; if ($3 < 2048) { print keyring ":\t0x" $5 " is smaller than 2048 bits"; ok = 0 } } \
/^sub/ { if ($2 != "r" && $2 != "e" && $3 < 2048 && $4 < 19) { print keyring ":\t0x" fpr " has subkey smaller than 2048 bits"; ok = 0 } } \
/^sub/ { if ($2 != "r" && $2 != "e" && $3 < 2048 && $4 < 18) { print keyring ":\t0x" fpr " has subkey smaller than 2048 bits"; ok = 0 } } \
END { if (!ok) { exit 1 } }'
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment