From 5df1c247be5223343668f9a56eb5f8290c954b6e Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 10 Oct 2022 11:20:16 +0200 Subject: [PATCH] gpg: For de-vs use AES-128 instead of 3DES as implicit preference. * g10/pkclist.c (select_algo_from_prefs): Change implicit cipher algorithm. -- Although 3DES is still a compliant algorithm, some other software does not consider it has compliant but also does not set preference accordingly. Thus it is better to switch the implicit cipher algorithm similar to what we already did with SHA-1. Note that in GnuPG 2.3 3DES is already not anymore used here. GnuPG-bug-id: 6063 --- g10/pkclist.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/g10/pkclist.c b/g10/pkclist.c index 82a8d3b4b..fb8b17620 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1479,8 +1479,16 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, --pgp2 mode is on. This was a 2440 thing that was dropped from 4880 but is still relevant to GPG's 1991 support. All this doesn't mean IDEA is actually - available, of course. */ - implicit=CIPHER_ALGO_3DES; + available, of course. + + Because "de-vs" compliance will soon not anymore allow + 3DES it does not make sense to assign 3DES as implicit + algorithm. Instead it is better to use AES-128 as + implicit algorithm here. */ + if (opt.compliance == CO_DE_VS) + implicit = CIPHER_ALGO_AES; + else + implicit=CIPHER_ALGO_3DES; break;