gpg: default-preference-list: prefer SHA512.

* g10/keygen.c (keygen_set_std_prefs): when producing default internal personal-digest-preferences, keep the same order. When publishing external preferences, state preference for SHA512 first. -- SHA-512 has a wider security margin than SHA-256. It is also slightly faster on most of the architectures on which GnuPG runs today. New keys should publish defaults that indicate we prefer the stronger, more performant digest. Specifically, this changes --default-preference-list from: SHA256 SHA384 SHA512 SHA224 to: SHA512 SHA384 SHA256 SHA224 This patch deliberately avoids touching --personal-digest-preferences (which itself would affect the default of --digest-algo and --cert-digest-algo), so that public-facing cleartext signatures and identity certifications will continue to be made with SHA256 by default. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-09-28 08:32:26 -04:00 · 2017-09-28 08:32:26 -04:00 · 8ede3ae29a
parent c81a447190
commit 8ede3ae29a
1 changed files with 27 additions and 10 deletions
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -384,19 +384,36 @@ keygen_set_std_prefs (const char *string,int personal)
 	      strcat(dummy_string,"S7 ");
 	    strcat(dummy_string,"S2 "); /* 3DES */

-            /* The default hash algo order is:
-                 SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.
-             */
-	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
-	      strcat (dummy_string, "H8 ");
+            if (personal)
+              {
+                /* The default internal hash algo order is:
+                 *  SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.
+                 */
+                if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
+                  strcat (dummy_string, "H8 ");

-	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
-	      strcat (dummy_string, "H9 ");
+                if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
+                  strcat (dummy_string, "H9 ");

-	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
-	      strcat (dummy_string, "H10 ");
+                if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
+                  strcat (dummy_string, "H10 ");
+              }
+            else
+              {
+                /* The default advertised hash algo order is:
+                 *  SHA-512, SHA-384, SHA-256, SHA-224, SHA-1.
+                 */
+                if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
+                  strcat (dummy_string, "H10 ");

-	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
+                if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
+                  strcat (dummy_string, "H9 ");
+
+                if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
+                  strcat (dummy_string, "H8 ");
+              }
+
+            if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
 	      strcat (dummy_string, "H11 ");

 	    strcat (dummy_string, "H2 "); /* SHA-1 */