gpg: Change default cipher for --symmetric from CAST5 to AES-128.

* g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES depending on configure option. * g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.
2025-01-23 15:07:03 +01:00 · 2014-08-18 11:45:00 +02:00 · 2014-08-18 11:45:00 +02:00 · 57df1121c1
commit 57df1121c1
parent 425d075016
3 changed files with 26 additions and 6 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1,4 +1,4 @@
-@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ @c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
@c               2008, 2009, 2010 Free Software Foundation, Inc.
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@ -14,6 +14,19 @@
@cindex command options
@cindex options, GPG command

+@c Begin algorithm defaults
+
+@ifclear gpgtwoone
+@set DEFSYMENCALGO CAST5
+@end ifclear
+
+@ifset gpgtwoone
+@set DEFSYMENCALGO AES128
+@end ifset
+
+@c End algorithm defaults
+
+
@c Begin GnuPG 1.x specific stuff
@ifset gpgone
@macro gpgname
@ -217,7 +230,7 @@ decrypted via a secret key or a passphrase).
@itemx -c
@opindex symmetric
 Encrypt with a symmetric cipher using a passphrase. The default
-symmetric cipher used is CAST5, but may be chosen with the
+symmetric cipher used is @value{DEFSYMENCALGO}, but may be chosen with the
@option{--cipher-algo} option. This option may be combined with
@option{--sign} (for a signed and symmetrically encrypted message),
@option{--encrypt} (for a message that may be decrypted via a secret key
@ -2272,7 +2285,7 @@ to consider (e.g. @option{--symmetric}).
@item --s2k-cipher-algo @code{name}
@opindex s2k-cipher-algo
 Use @code{name} as the cipher algorithm used to protect secret keys.
-The default cipher is CAST5. This cipher is also used for
+The default cipher is @value{DEFSYMENCALGO}. This cipher is also used for
 conventional encryption if @option{--personal-cipher-preferences} and
@option{--cipher-algo} is not given.

--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -2072,7 +2072,7 @@ main (int argc, char **argv)
    opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
    opt.s2k_mode = 3; /* iterated+salted */
    opt.s2k_count = 0; /* Auto-calibrate when needed.  */
-    opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
+    opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
    opt.completes_needed = 1;
    opt.marginals_needed = 3;
    opt.max_cert_depth = 5;
--- a/g10/main.h
+++ b/g10/main.h
@ -26,11 +26,18 @@
 #include "util.h"

 /* It could be argued that the default cipher should be 3DES rather
-   than CAST5, and the default compression should be 0
+   than AES128, and the default compression should be 0
   (i.e. uncompressed) rather than 1 (zip).  However, the real world
   issues of speed and size come into play here. */

-#define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5
+#if GPG_USE_AES128
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES
+#elif GPG_USE_CAST5
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5
+#else
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_3DES
+#endif
+
 #define DEFAULT_DIGEST_ALGO     DIGEST_ALGO_SHA1
 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
 #ifdef HAVE_ZIP