Diffusion GnuPG a446c4db9574

gpg: Default to SHA-512 for all signature types on RSA keys.

Authored by dkg on Sep 8 2017, 12:49 AM.

Description

gpg: Default to SHA-512 for all signature types on RSA keys.

* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA512 instead of SHA256 in
--gnupg mode (leave strict RFC and PGP modes alone).
* configure.ac: Do not allow disabling sha512.
* g10/misc.c (map_md_openpgp_to_gcry): Always support SHA512.

SHA512 is more performant on most 64-bit platforms than SHA256, and
offers a better security margin. It is also widely implemented.

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch

  • Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Details

Committed
dkgJul 20 2019, 8:16 PM
Parents
rGf7c787285335: gpg: default to AES-256.
Branches
Unknown
Tags
Unknown