projects / gnupg2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9e9543f) | patch
gpg: Default to SHA-512 for all signature types on RSA keys.
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 7 Sep 2017 22:49:35 +0000 (18:49 -0400)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 22 Aug 2019 19:11:59 +0000 (20:11 +0100)
commite00a3119f7388bd9b6d62f55d8888ec78251bd1b
tree41ca8be7143146756a475eec6635bffe228d15f4tree | snapshot
parent9e9543f19231eac5525fa54b2ec0b24037d039f4commit | diff
gpg: Default to SHA-512 for all signature types on RSA keys.

* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA512 instead of SHA256 in
--gnupg mode (leave strict RFC and PGP modes alone).
* configure.ac: Do not allow disabling sha512.
* g10/misc.c (map_md_openpgp_to_gcry): Always support SHA512.

--

SHA512 is more performant on most 64-bit platforms than SHA256, and
offers a better security margin.  It is also widely implemented.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Gbp-Pq: Topic update-defaults
Gbp-Pq: Name gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
configure.ac diff | blob | history
g10/main.h diff | blob | history
g10/misc.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.