mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
* g10/sign.c (update_keysig_packet): Convert digest algo when needed. -- Several gpg commands try to keep most properties of a key signature when updating (i.e. creating a new version of a key signature). This included the use of the current hash-algorithm. This patch changes this so that SHA-1 or RMD160 are replaced by SHA-256 if possible (i.e. for RSA signatures). Affected commands are for example --quick-set-expire and --quick-set-primary-uid. GnuPG-bug-id: 4508 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
8d0d61aca3
commit
c1dc7a8329
@ -1593,6 +1593,13 @@ update_keysig_packet (ctrl_t ctrl,
|
|||||||
|
|
||||||
if ( opt.cert_digest_algo )
|
if ( opt.cert_digest_algo )
|
||||||
digest_algo = opt.cert_digest_algo;
|
digest_algo = opt.cert_digest_algo;
|
||||||
|
else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA
|
||||||
|
|| pksk->pubkey_algo == PUBKEY_ALGO_ECDSA
|
||||||
|
|| pksk->pubkey_algo == PUBKEY_ALGO_EDDSA)
|
||||||
|
digest_algo = orig_sig->digest_algo;
|
||||||
|
else if (orig_sig->digest_algo == DIGEST_ALGO_SHA1
|
||||||
|
|| orig_sig->digest_algo == DIGEST_ALGO_RMD160)
|
||||||
|
digest_algo = DEFAULT_DIGEST_ALGO;
|
||||||
else
|
else
|
||||||
digest_algo = orig_sig->digest_algo;
|
digest_algo = orig_sig->digest_algo;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user