Commit dcb24b91 authored by Jonathan McDowell's avatar Jonathan McDowell

Fix weak master key check to allow EC keys

The check for weak primary keys was unaware of EC keys. Now we have one
of these in the keyring fix things so we don't false positive.
parent 5bc1222d
......@@ -9,7 +9,8 @@ debian-keyring (2018.05.xx) UNRELEASED; urgency=medium
[ Jonathan McDowell ]
* Temporarily remove 0x021B361B6B031B00 (Julian Andres Klode) due to
subkey loss
* Fix subkey check to cope with ECC subkeys
* Fix weak subkey check to cope with ECC subkeys
* Fix weak master key check to allow EC keys
-- Gunnar Wolf <gwolf@debian.org> Wed, 30 May 2018 10:05:20 -0500
......@@ -8,7 +8,7 @@ find_too_short () {
--keyring "./output/keyrings/$k" --list-keys --with-colons \
| awk -F: -v keyring=$1 \
'BEGIN { ok = 1 } \
/^pub/ { fpr = $5 ; if ($3 < 2048) { print keyring ":\t0x" $5 " is smaller than 2048 bits"; ok = 0 } } \
/^pub/ { fpr = $5 ; if ($3 < 2048 && $4 < 18) { print keyring ":\t0x" $5 " is smaller than 2048 bits"; ok = 0 } } \
/^sub/ { if ($2 != "r" && $2 != "e" && $3 < 2048 && $4 < 18) { print keyring ":\t0x" fpr " has subkey smaller than 2048 bits"; ok = 0 } } \
END { if (!ok) { exit 1 } }'
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment