* options.h, gpg.c (main): Add --enable-dsa2 and --disable-dsa2. Defaults

to disable. * pkclist.c (algo_available): If --enable-dsa2 is set, we're allowed to truncate hashes to fit DSA keys. * sign.c (match_dsa_hash): New. Return the best match hash for a given q size. (do_sign, hash_for, sign_file): When signing with a DSA key, if it has q==160, assume it is an old DSA key and don't allow truncation unless --enable-dsa2 is also set. q!=160 always allows truncation since they must be DSA2 keys. (make_keysig_packet): If the user doesn't specify a --cert-digest-algo, use match_dsa_hash to pick the best hash for key signatures.
2025-07-02 22:46:30 +02:00 · 2006-04-20 21:32:42 +00:00 · 2006-04-20 21:32:42 +00:00 · 0f1c0a9f28
commit 0f1c0a9f28
parent b625a6d1a9
5 changed files with 145 additions and 34 deletions
--- a/g10/options.h
+++ b/g10/options.h
@ -222,6 +222,7 @@ struct
    unsigned int require_cross_cert:1;
    unsigned int use_embedded_filename:1;
    unsigned int utf8_filename:1;
+    unsigned int dsa2:1;
  } flags;

  /* Linked list of ways to find a key if the key isn't on the local