Diffusion GnuPG 484d6ba5896a

gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.

Authored by werner on May 13 2019, 7:01 PM.

Description

gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.

* g10/sign.c (update_keysig_packet): Convert digest algo when needed.

Several gpg commands try to keep most properties of a key signature
when updating (i.e. creating a new version of a key signature). This
included the use of the current hash-algorithm. This patch changes
this so that SHA-1 or RMD160 are replaced by SHA-256 if
possible (i.e. for RSA signatures). Affected commands are for example
--quick-set-expire and --quick-set-primary-uid.

  • GnuPG-bug-id: T4508
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Committed
wernerMay 13 2019, 7:01 PM
Parents
rGd07666412d43: gpg: Cleanup use of make_keysig_packet.
Branches
Unknown
Tags
Unknown
Tasks
T4508: gnupg1: digest-preference not honoured