55 lines
1.8 KiB
Diff
55 lines
1.8 KiB
Diff
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
Date: Mon, 14 Nov 2016 07:57:20 +0900
|
|
Subject: gpg: Change default digest algorithm to SHA256
|
|
|
|
* g10/main.h: set DEFAULT_DIGEST_ALGO to DIGEST_ALGO_SHA256
|
|
|
|
--
|
|
|
|
gnupg 2.x defaults to making signatures and certifications with
|
|
sha256, and has for quite some time; i know of no problems with that
|
|
decision today (it's 2016!). We should emulate it in the 1.4.x
|
|
branch.
|
|
|
|
Debian-Bug-Id: 824084
|
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
---
|
|
g10/main.h | 2 +-
|
|
g10/sign.c | 4 ++--
|
|
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/g10/main.h b/g10/main.h
|
|
index a0b96f9..a5500cc 100644
|
|
--- a/g10/main.h
|
|
+++ b/g10/main.h
|
|
@@ -38,7 +38,7 @@
|
|
# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES
|
|
#endif
|
|
|
|
-#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1
|
|
+#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA256
|
|
#define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP
|
|
#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
|
|
|
|
diff --git a/g10/sign.c b/g10/sign.c
|
|
index ed8ac73..81c5452 100644
|
|
--- a/g10/sign.c
|
|
+++ b/g10/sign.c
|
|
@@ -1396,7 +1396,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
|
|
|
|
if( !digest_algo )
|
|
{
|
|
- /* Basically, this means use SHA1 always unless it's a v3 RSA
|
|
+ /* Basically, this means use the default digest algo always unless it's a v3 RSA
|
|
key making a v3 cert (use MD5), or the user specified
|
|
something (use whatever they said), or it's DSA (use the
|
|
best match). They still can't pick an inappropriate hash
|
|
@@ -1412,7 +1412,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
|
|
else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
|
|
digest_algo = match_dsa_hash(mpi_get_nbits(sk->skey[1])/8);
|
|
else
|
|
- digest_algo = DIGEST_ALGO_SHA1;
|
|
+ digest_algo = DEFAULT_DIGEST_ALGO;
|
|
}
|
|
|
|
md = md_open( digest_algo, 0 );
|