1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Werner Koch 166e779634
gpg: Switch to AES256 for symmetric encryption in de-vs mode.
* g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs
mode.
* g10/encrypt.c (setup_symkey): Add extra compliance check.
(encrypt_simple): Avoid printing a second error oncplinace failure.
--

Because we used the RFC4880 mode as base for the de-vs mode we got
3DES as symmetric encryption algorithm.  With the default gnupg mode
that was already used.  The new extra compliance checks are added to
detect whether a --personal-cipher-preference or --cipher-algo option
tried to override the algorithms.  They are still possible but now
non-compliant algorithms will throw an error.

Manual testing can be done with commands like this:

  gpg --no-options --compliance=de-vs \
   --personal-cipher-preferences "S1 S7" \
   --pinentry-mode loopback -v --passphrase abc -ac </etc/motd

Here the command fails due to IDEA (S1) being the preferred cipher
algorithm.  Using "--s2k-digest-algo SHA1" instead of
--personal-cipher-preferences will also fail.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d1f2a6d9f71cf50318f4891c84aeedb975553896)
2020-11-03 15:42:59 +01:00
..
2019-05-14 11:24:35 +09:00
2018-05-31 12:08:22 +02:00
2019-06-23 20:17:47 -04:00
2020-08-24 19:48:13 +02:00
2015-02-04 09:15:34 +01:00
2018-03-08 14:08:51 +09:00
2017-03-07 20:25:54 +09:00
2017-03-07 20:25:54 +09:00
2020-10-30 15:52:16 +01:00
2020-10-28 18:10:01 +01:00
2020-10-28 18:10:01 +01:00
2017-03-07 20:25:54 +09:00
2020-03-14 20:07:37 +01:00
2020-04-16 08:36:28 +02:00
2017-03-07 20:25:54 +09:00
2017-03-07 20:25:54 +09:00
2017-01-23 19:16:55 +01:00
2020-10-28 18:10:01 +01:00
2017-02-21 13:11:46 -05:00
2017-03-07 20:32:09 +09:00
2017-03-07 20:25:54 +09:00
2017-04-28 10:06:33 +09:00
2016-03-08 14:08:49 +01:00
2016-12-06 12:16:56 +01:00
2020-07-15 14:16:57 +09:00