mirror of git://git.gnupg.org/gnupg.git
gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
* g10/pkclist.c (select_algo_from_prefs): Change implicit hash algorithm. -- GnuPG-bug-id: 6043
This commit is contained in:
Werner Koch
parent
6d9c8a1cbc
commit
eb675fbc4e
|
|
@ -1519,9 +1519,17 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
|
||||||
code will never even be called. Even if the hash wasn't
|
code will never even be called. Even if the hash wasn't
|
||||||
locked at MD5, we don't support sign+encrypt in --pgp2
|
locked at MD5, we don't support sign+encrypt in --pgp2
|
||||||
mode, and that's the only time PREFTYPE_HASH is used
|
mode, and that's the only time PREFTYPE_HASH is used
|
||||||
anyway. -dms */
|
anyway. -dms
|
||||||
|
|
||||||
implicit=DIGEST_ALGO_SHA1;
|
Because "de-vs" compliance does not allow SHA-1 it does
|
||||||
|
not make sense to assign SHA-1 as implicit algorithm.
|
||||||
|
Instead it is better to use SHA-256 as implicit algorithm
|
||||||
|
(which will be the case for rfc4880bis anyway). */
|
||||||
|
|
||||||
|
if (opt.compliance == CO_DE_VS)
|
||||||
|
implicit = DIGEST_ALGO_SHA256;
|
||||||
|
else
|
||||||
|
implicit = DIGEST_ALGO_SHA1;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue