gpg: Default to SHA-256 for all signature types on RSA keys.

* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in strict RFC or PGP modes. * g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for RSA key signatures. -- (Backported from commit d33246700578cddd1cb8ed8164cfbba50aba4ef3)
2025-01-10 13:04:23 +01:00 · 2014-09-27 15:21:02 +02:00 · 2014-09-27 15:21:02 +02:00 · 36179da032
commit 36179da032
parent ba2b8c20ee
2 changed files with 2 additions and 2 deletions
--- a/g10/main.h
+++ b/g10/main.h
@ -33,7 +33,7 @@
   issues of speed and size come into play here. */

 #define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5
-#define DEFAULT_DIGEST_ALGO     DIGEST_ALGO_SHA1
+#define DEFAULT_DIGEST_ALGO     ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1)
 #define DEFAULT_COMPRESS_ALGO   COMPRESS_ALGO_ZIP
 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1

--- a/g10/sign.c
+++ b/g10/sign.c
@ -1425,7 +1425,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 	else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
 	  digest_algo = match_dsa_hash (gcry_mpi_get_nbits (sk->skey[1])/8);
 	else
-	  digest_algo = DIGEST_ALGO_SHA1;
+	  digest_algo = DEFAULT_DIGEST_ALGO;
      }

    if ( gcry_md_open (&md, digest_algo, 0 ) )