Allow generation of DSA2 keys without --enable-dsa2.

2009-05-20 09:57:10 +00:00 · 2009-05-20 09:57:10 +00:00 · 556d4ed983
parent ad6326185e
commit 556d4ed983
4 changed files with 17 additions and 16 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,8 @@
+2009-05-20  Werner Koch  <wk@g10code.com>
+
+	* gpg.texi (GPG Configuration Options): Explain new meaning of
+	--enable-dsa2.
+
 2009-03-16  David Shaw  <dshaw@jabberwocky.com>

 	* gpg.texi (GPG Configuration Options): Document keyserver-options
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1093,10 +1093,10 @@ validation. This option is only meaningful if pka-lookups is set.

@item --enable-dsa2
@itemx --disable-dsa2
-Enables new-style DSA keys which (unlike the old style) may be larger
-than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note
-that very few programs currently support these keys and signatures
-from them.
+Enable hash truncation for all DSA keys even for old DSA Keys up to
+1024 bit.  This is also the default with @option{--openpgp}.  Note
+that older versions of GnuPG also required this flag to allow the
+generation of DSA larger than 1024 bit.

@item --photo-viewer @code{string}
 This is the command line that should be run to view a photo ID. "%i"
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,8 +1,12 @@
 2009-05-20  Werner Koch  <wk@g10code.com>

+	* keygen.c (ask_keysize): Allow selection of DSA key size even
+	without --enable-dsa2.
+	(gen_dsa): Remove size check.
+
 	* keygen.c (ask_key_flags): Fix bug in the translation check.
 	Fixes bug#1056.
-
+	
 2009-05-18  Daiki Ueno  <ueno@unixuser.org>  (wk)

 	* encode.c (encode_simple): Tell passphrase_to_dek to cache
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -1263,7 +1263,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
  gcry_sexp_t misc_key_info;
  unsigned int qbits;

-  if ( nbits < 512 || (!opt.flags.dsa2 && nbits > 1024)) 
+  if ( nbits < 512) 
    {
      nbits = 1024;
      log_info(_("keysize invalid; using %u bits\n"), nbits );
@ -1768,16 +1768,8 @@ ask_keysize (int algo, unsigned int primary_keysize)
  switch(algo)
    {
    case PUBKEY_ALGO_DSA:
-      if(opt.flags.dsa2)
-	{
-	  def=2048;
-	  max=3072;
-	}
-      else
-	{
-	  tty_printf(_("DSA keypair will have %u bits.\n"),1024);
-	  return 1024;
-	}
+      def=2048;
+      max=3072;
      break;

    case PUBKEY_ALGO_RSA: