From bdf439035d123e4751e133ad42982673b0c86b75 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 25 Mar 2015 10:12:11 +0100 Subject: [PATCH] sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption). * sm/certreqgen.c (create_request): Change default hash algo. * sm/gpgsm.c (main): Change default bulk cipher algo. -- Signed-off-by: Werner Koch --- sm/certreqgen.c | 2 +- sm/gpgsm.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sm/certreqgen.c b/sm/certreqgen.c index c3f3165c2..ab8fbc825 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -611,7 +611,7 @@ create_request (ctrl_t ctrl, if (err) return err; - rc = gcry_md_open (&md, GCRY_MD_SHA1, 0); + rc = gcry_md_open (&md, GCRY_MD_SHA256, 0); if (rc) { log_error ("md_open failed: %s\n", gpg_strerror (rc)); diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 855de83d6..ef01a5cdf 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -931,7 +931,7 @@ main ( int argc, char **argv) /* Note: If you change this default cipher algorithm , please remember to update the Gpgconflist entry as well. */ - opt.def_cipher_algoid = "3DES"; /*des-EDE3-CBC*/ + opt.def_cipher_algoid = "AES"; opt.homedir = default_homedir (); @@ -1652,7 +1652,7 @@ main ( int argc, char **argv) #ifndef HAVE_W32_SYSTEM printf ("prefer-system-dirmngr:%lu:\n", GC_OPT_FLAG_NONE); #endif - printf ("cipher-algo:%lu:\"3DES:\n", GC_OPT_FLAG_DEFAULT); + printf ("cipher-algo:%lu:\"AES:\n", GC_OPT_FLAG_DEFAULT); printf ("p12-charset:%lu:\n", GC_OPT_FLAG_DEFAULT); printf ("default-key:%lu:\n", GC_OPT_FLAG_DEFAULT); printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_DEFAULT);