1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Changed default hash algorithm preferences

This commit is contained in:
Werner Koch 2009-07-09 08:52:31 +00:00
parent 2e835fd6ab
commit e50cac1d84
4 changed files with 53 additions and 21 deletions

11
NEWS
View File

@ -1,14 +1,17 @@
Noteworthy changes in version 2.0.13
-------------------------------------------------
* GPG now generates 2048 bit RSA keys by default. The default hash
algorithm preferences has changed to prefer SHA-256 over SHA-1.
2048 bit DSA keys are now generated to use a 256 bit hash algorithm
* The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now
passed to the Pinentry to make SCIM work.
* gpgsm --gen-key implements a --batch mode.
* The GPGSM command --gen-key features a --batch mode and implements
all features of gpgsm-gencert.sh in standard mode.
* gpgsm --gen-key implements all features of gpgsm-gencert.sh.
* New option --re-import for gpgsm's IMPORT server command.
* New option --re-import for GPGSM's IMPORT server command.
* Minor bug fixes.

View File

@ -1,3 +1,14 @@
2009-07-09 Werner Koch <wk@g10code.com>
* gpg.c (main): Remove the SHA-1 default from the personal digest
list. This was used in the past as a hack to avoid preferring
RMD-160.
* keygen.c (keygen_set_std_prefs): Remove RMD-160 from the list.
Change order to SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
(gen_dsa): Use a 256 bit Q for 2048 bit P. Runt to FIPS allowed
values in non-expert mode.
2009-07-07 Werner Koch <wk@g10code.com>
* gpg.c (set_opt_session_env): New.

View File

@ -3195,11 +3195,6 @@ main (int argc, char **argv)
keygen_set_std_prefs(opt.def_preference_list,0))
log_error(_("invalid default preferences\n"));
/* We provide defaults for the personal digest list. This is
SHA-1. */
if(!pers_digest_list)
pers_digest_list="h2";
if(pers_cipher_list &&
keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
log_error(_("invalid personal cipher preferences\n"));

View File

@ -1,6 +1,6 @@
/* keygen.c - generate a key pair
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
* 2006, 2007 Free Software Foundation, Inc.
* 2006, 2007, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -301,7 +301,7 @@ keygen_set_std_prefs (const char *string,int personal)
byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS];
int nsym=0, nhash=0, nzip=0, val, rc=0;
int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */
char dummy_string[45+1]; /* Enough for 15 items. */
char dummy_string[20*4+1]; /* Enough for 20 items. */
if (!string || !ascii_strcasecmp (string, "default"))
{
@ -345,15 +345,29 @@ keygen_set_std_prefs (const char *string,int personal)
if ( !openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
strcat(dummy_string,"S1 ");
/* SHA-1 */
strcat(dummy_string,"H2 ");
/* The default hash algo order is:
SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
Ordering SHA-1 before SHA-384 might be viewed as a bit
strange; it is done because we expect that soon enough
SHA-3 will be available and at that point there should
be no more need for SHA-384 etc. Anyway this order is
just a default and can easily be changed by a config
option. */
if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
strcat (dummy_string, "H8 ");
/* RIPEMD160 */
if (!openpgp_md_test_algo(DIGEST_ALGO_RMD160))
strcat(dummy_string,"H3 ");
strcat (dummy_string, "H2 "); /* SHA-1 */
if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
strcat (dummy_string, "H9 ");
if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
strcat (dummy_string, "H10 ");
if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
strcat (dummy_string, "H11 ");
/* ZLIB */
strcat(dummy_string,"Z2 ");
@ -507,7 +521,8 @@ keygen_set_std_prefs (const char *string,int personal)
/* Return a fake user ID containing the preferences. Caller must
free. */
PKT_user_id *keygen_get_std_prefs(void)
PKT_user_id *
keygen_get_std_prefs(void)
{
int i,j=0;
PKT_user_id *uid=xmalloc_clear(sizeof(PKT_user_id));
@ -1280,6 +1295,14 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
log_info(_("keysize rounded up to %u bits\n"), nbits );
}
/* To comply with FIPS rules we round up to the next value unless in
expert mode. */
if (!opt.expert && nbits > 1024 && (nbits % 1024))
{
nbits = ((nbits + 1023) / 1024) * 1024;
log_info(_("keysize rounded up to %u bits\n"), nbits );
}
/*
Figure out a q size based on the key size. FIPS 180-3 says:
@ -1291,11 +1314,11 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
2048/256 is an odd pair since there is also a 2048/224 and
3072/256. Matching sizes is not a very exact science.
We'll do 256 qbits for nbits over 2048, 224 for nbits over 1024
We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024
but less than 2048, and 160 for 1024 (DSA1).
*/
if (nbits > 2048)
if (nbits > 2047)
qbits = 256;
else if ( nbits > 1024)
qbits = 224;