1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00

gpg: Default to SHA-256 for all signature types on RSA keys.

* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
strict RFC or PGP modes.
* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
RSA key signatures.
--

(Backported from commit d332467005)
This commit is contained in:
Werner Koch 2014-09-27 15:21:02 +02:00
parent ba2b8c20ee
commit 36179da032
2 changed files with 2 additions and 2 deletions

View File

@ -33,7 +33,7 @@
issues of speed and size come into play here. */
#define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5
#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1
#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1)
#define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP
#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1

View File

@ -1425,7 +1425,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
digest_algo = match_dsa_hash (gcry_mpi_get_nbits (sk->skey[1])/8);
else
digest_algo = DIGEST_ALGO_SHA1;
digest_algo = DEFAULT_DIGEST_ALGO;
}
if ( gcry_md_open (&md, digest_algo, 0 ) )