mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg: Default to SHA-512 for all signature types on RSA keys.
* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA512 instead of SHA256 in --gnupg mode (leave strict RFC and PGP modes alone). * configure.ac: Do not allow disabling sha512. * g10/misc.c (map_md_openpgp_to_gcry): Always support SHA512. -- SHA512 is more performant on most 64-bit platforms than SHA256, and offers a better security margin. It is also widely implemented. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Gbp-Pq: Topic update-defaults Gbp-Pq: Name gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
This commit is contained in:
parent
f7c7872853
commit
a446c4db95
3 changed files with 3 additions and 6 deletions
|
@ -751,11 +751,8 @@ map_md_openpgp_to_gcry (digest_algo_t algo)
|
|||
case DIGEST_ALGO_SHA384: return 0;
|
||||
#endif
|
||||
|
||||
#ifdef GPG_USE_SHA512
|
||||
case DIGEST_ALGO_SHA512: return GCRY_MD_SHA512;
|
||||
#else
|
||||
case DIGEST_ALGO_SHA512: return 0;
|
||||
#endif
|
||||
|
||||
default: return 0;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue