From 36179da032fa43d82042b3d31ed175d17b8e9bc4 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Sat, 27 Sep 2014 15:21:02 +0200
Subject: [PATCH] gpg: Default to SHA-256 for all signature types on RSA keys.

* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
strict RFC or PGP modes.
* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
RSA key signatures.
--

(Backported from commit d33246700578cddd1cb8ed8164cfbba50aba4ef3)
---
 g10/main.h | 2 +-
 g10/sign.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/g10/main.h b/g10/main.h
index 226898d29..4cf2cc788 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -33,7 +33,7 @@
    issues of speed and size come into play here. */
 
 #define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5
-#define DEFAULT_DIGEST_ALGO     DIGEST_ALGO_SHA1
+#define DEFAULT_DIGEST_ALGO     ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1)
 #define DEFAULT_COMPRESS_ALGO   COMPRESS_ALGO_ZIP
 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
 
diff --git a/g10/sign.c b/g10/sign.c
index 0de3321be..e7e79cc21 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1425,7 +1425,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 	else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
 	  digest_algo = match_dsa_hash (gcry_mpi_get_nbits (sk->skey[1])/8);
 	else
-	  digest_algo = DIGEST_ALGO_SHA1;
+	  digest_algo = DEFAULT_DIGEST_ALGO;
       }
 
     if ( gcry_md_open (&md, digest_algo, 0 ) )