security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-21 19:48:05 +01:00
Code Activity
gnupg/g10
History
Daniel Kahn Gillmor 8ede3ae29a
gpg: default-preference-list: prefer SHA512. 
* g10/keygen.c (keygen_set_std_prefs): when producing default internal
personal-digest-preferences, keep the same order.  When publishing
external preferences, state preference for SHA512 first.

--

SHA-512 has a wider security margin than SHA-256.  It is also slightly
faster on most of the architectures on which GnuPG runs today.  New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.

Specifically, this changes --default-preference-list from:

   SHA256 SHA384 SHA512 SHA224

to:

   SHA512 SHA384 SHA256 SHA224

This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-12-12 15:07:43 +01:00
..
all-tests.scm
tests: Make it possible to run all tests using our infrastructure.
2017-05-11 18:12:37 +02:00
armor.c
g10, sm, dirmngr, common: Add comment for fall through.
2017-05-10 11:13:12 +09:00
build-packet.c
doc: Comment fixes and one trailing comma fix.
2017-07-20 18:13:40 +02:00
call-agent.c
Explain the "server is older than xxx warning".
2017-07-31 11:20:47 +02:00
call-agent.h
g10: Make sure to emit NEED_PASSPHRASE on --import of secret key.
2017-07-24 17:18:42 +02:00
call-dirmngr.c
gpg: Add option '--disable-dirmngr'.
2017-08-08 11:43:22 +02:00
call-dirmngr.h
gpg: Store key origin info for new DANE and WKD retrieved keys.
2017-07-24 20:09:52 +02:00
card-util.c
g10: Simplify "factory-reset" procedure.
2017-11-06 12:09:37 +01:00
ChangeLog-2011
Spelling: correct spelling of "passphrase".
2016-11-02 12:53:58 +01:00
cipher.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
compress-bz2.c
g10,tools: Fix bzlib.h include order.
2017-04-11 13:52:19 +09:00
compress.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
cpr.c
gpg: Fix memory leaking for long inputs via --command-fd.
2017-11-22 20:54:47 +01:00
dearmor.c
Revert "g10: Always save standard revocation certificate in file."
2017-08-01 19:08:16 +02:00
decrypt-data.c
gpg,sm: String changes for compliance diagnostics.
2017-07-28 17:46:43 +02:00
decrypt.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
dek.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
delkey.c
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
distsigkey.gpg
build: Update distsigkey.gpg
2017-11-22 20:54:47 +01:00
ecdh.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
encrypt.c
Revert "g10: Always save standard revocation certificate in file."
2017-08-01 19:08:16 +02:00
exec.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
exec.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
export.c
Revert "g10: Always save standard revocation certificate in file."
2017-08-01 19:08:16 +02:00
filter.h
Remove -I option to common.
2017-03-07 20:25:54 +09:00
free-packet.c
gpg: Fix possible double free of the card serialno.
2017-07-21 17:49:10 +02:00
getkey.c
gpg: Print AKL info only in verbose mode.
2017-11-15 08:47:41 +01:00
gpg-w32info.rc
w32: Add manifest to gpg.
2015-02-04 09:15:34 +01:00
gpg.c
gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".
2017-08-23 16:45:20 +02:00
gpg.h
gpg: Avoid multiple open calls to the keybox file.
2017-03-31 21:27:16 +02:00
gpg.w32-manifest.in
w32: Add manifest to gpg.
2015-02-04 09:15:34 +01:00
gpgcompose.c
gpg: Avoid output to the tty during import.
2017-07-27 11:38:57 +02:00
gpgsql.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
gpgsql.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
gpgv.c
gpgv: Initialize compliance checker.
2017-09-13 09:18:15 +02:00
helptext.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
import.c
gpg: Print sec/sbb with --import-option import-show or show-only.
2017-10-19 17:12:36 +02:00
kbnode.c
gpg: Extend free_packet to handle a packet parser context.
2017-03-29 12:08:31 +02:00
key-check.c
gpg: Avoid superfluous sig check info during import.
2017-10-24 21:11:38 +02:00
key-check.h
gpg: Avoid output to the tty during import.
2017-07-27 11:38:57 +02:00
keydb.c
gpg: Keep a lock during the read-update/insert cycle in import.
2017-10-19 15:02:28 +02:00
keydb.h
gpg: Keep a lock during the read-update/insert cycle in import.
2017-10-19 15:02:28 +02:00
keyedit.c
gpg: Improve the "secret key available" notice in keyedit.c
2017-10-24 10:56:13 +02:00
keyedit.h
gpg: Avoid output to the tty during import.
2017-07-27 11:38:57 +02:00
keygen.c
gpg: default-preference-list: prefer SHA512.
2017-12-12 15:07:43 +01:00
keyid.c
gpg: Make function mk_datestr public.
2017-07-20 18:13:40 +02:00
keylist.c
gpg: Avoid output to the tty during import.
2017-07-27 11:38:57 +02:00
keyring.c
gpg: Properly account for ring trust packets.
2017-05-08 14:33:11 +02:00
keyring.h
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
keyserver-internal.h
gpg: Pass key origin values to import functions.
2017-07-13 18:29:01 +02:00
keyserver.c
gpg: Extend --key-origin to take an optional URL arg.
2017-07-24 21:10:58 +02:00
main.h
gpg: Simplify keydb handling of the main import function.
2017-10-19 15:00:05 +02:00
mainproc.c
gpg: Tweak compliance checking for verification
2017-07-27 16:22:36 +02:00
Makefile.am
tofu: Compare squares instead of square roots.
2017-07-10 18:09:42 +02:00
mdfilter.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
migrate.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
misc.c
common,gpg: Move the compliance option printer.
2017-06-07 16:53:32 +02:00
openfile.c
Revert "g10: Always save standard revocation certificate in file."
2017-08-01 19:08:16 +02:00
options.h
gpg: Add option '--disable-dirmngr'.
2017-08-08 11:43:22 +02:00
packet.h
doc: Comment fixes and one trailing comma fix.
2017-07-20 18:13:40 +02:00
parse-packet.c
gpg: Do not read from uninitialized memory with --list-packets.
2017-11-26 18:33:49 +01:00
passphrase.c
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
photoid.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
photoid.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
pkclist.c
g10: Fix find_and_check_key for multiple keyrings.
2017-10-19 15:03:19 +02:00
pkglue.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
pkglue.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
plaintext.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
progress.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
pubkey-enc.c
gpg,sm: Error out on compliance mismatch while decrypting.
2017-08-01 08:41:47 +02:00
pubring.asc
Update copyright notices for 2017.
2017-01-23 19:16:55 +01:00
revoke.c
g10: Always save standard revocation certificate in file.
2017-08-02 16:14:48 +02:00
rmd160.c
Clean up word replication.
2017-02-21 13:11:46 -05:00
rmd160.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
seckey-cert.c
More change for common.
2017-03-07 20:32:09 +09:00
server.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
seskey.c
Spelling fixes in docs and comments.
2017-04-28 10:06:33 +09:00
sig-check.c
gpg: Fix memory leak in sig-check.
2017-08-24 20:26:19 +02:00
sign.c
Revert "g10: Always save standard revocation certificate in file."
2017-08-01 19:08:16 +02:00
skclist.c
g10: Fix default-key selection for signing, possibly by card.
2017-05-22 09:27:36 +09:00
t-keydb-get-keyblock.c
gpg: Fix actual leak and possible leaks in the packet parser.
2017-03-30 16:01:52 +02:00
t-keydb-get-keyblock.gpg
gpg: Correctly handle keyblocks followed by legacy keys.
2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx
g10: Add test for keydb as well as new testing infrastructure.
2015-09-02 15:08:57 +02:00
t-keydb.c
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
t-rmd160.c
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
t-stutter-data.asc
gpg: Add a new test.
2016-03-08 14:08:49 +01:00
t-stutter.c
g10: Stop compiler warning for t-stutter.
2017-05-10 11:13:03 +09:00
tdbdump.c
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
tdbio.c
Spelling fixes in docs and comments.
2017-04-28 10:06:33 +09:00
tdbio.h
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
test-stubs.c
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
test.c
tests: Locate resources and scripts relative to top source dir.
2017-04-24 14:14:05 +02:00
textfilter.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
tofu.c
tofu: Compare squares instead of square roots.
2017-07-10 18:09:42 +02:00
tofu.h
g10: Remove dead code.
2016-12-06 12:16:56 +01:00
trust.c
gpg: Workaround for junk after --trusted-key.
2017-09-28 14:10:12 +02:00
trustdb.c
g10: Fix regexp sanitization.
2017-12-04 19:26:49 +09:00
trustdb.h
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
verify.c
Spelling fixes in docs and comments.
2017-04-28 10:06:33 +09:00
zlib-riscos.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00