projects / gnupg2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e5f2c55) | patch
gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
authorWerner Koch <wk@gnupg.org>
Mon, 13 May 2019 17:01:28 +0000 (19:01 +0200)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 22 Aug 2019 19:11:59 +0000 (20:11 +0100)
commit11660c4bd1a85fe37c68ff406ab2bce3554e5461
treeff85c6cc3452d93c52ec515a855acef846ae0e23tree | snapshot
parente5f2c553406d13fd9c85cdac818acce32e967742commit | diff
gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.

* g10/sign.c (update_keysig_packet): Convert digest algo when needed.
--

Several gpg commands try to keep most properties of a key signature
when updating (i.e. creating a new version of a key signature).  This
included the use of the current hash-algorithm.  This patch changes
this so that SHA-1 or RMD160 are replaced by SHA-256 if
possible (i.e. for RSA signatures).  Affected commands are for example
--quick-set-expire and --quick-set-primary-uid.

GnuPG-bug-id: 4508
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c1dc7a832921fdf5686d377f33db78707c0345e2)

Gbp-Pq: Topic from-2.2.16
Gbp-Pq: Name gpg-Change-update_keysig_packet-to-replace-SHA-1-by-SHA-2.patch
g10/sign.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.