Skip to content

Commit

Permalink
warning: Display warning when using GPG short ID
Browse files Browse the repository at this point in the history 
The use of GPG short ids is insecure is insecure.  It is trivial to
create a colliding short id with the use of inexpensive hardware.  As
GPG still uses short ids as their default behavior, it is important to
meet users where they're at and while not causing things to break, we
should inform and discourage users from this practice.

Affects #10
  • Loading branch information
@brianredbeard
brianredbeard committed Jul 20, 2016
1 parent 27b12d9 commit dd720ef
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,7 @@ func checkGPG(file *File) (state SigState, err error) {
// short or long id. If it's not 8 or 16, it's not valid.
switch l {
case 8:
fmt.Println("WARNING: The use of short ids is NOT secure. See https://evil32.com for more info.")
rid = signer.PrimaryKey.KeyIdShortString()
case 16:
rid = signer.PrimaryKey.KeyIdString()
Expand Down

0 comments on commit dd720ef

Please sign in to comment.