Home GnuPG
Diffusion GnuPG c1dc7a832921

gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.

Description

gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.

* g10/sign.c (update_keysig_packet): Convert digest algo when needed.

Several gpg commands try to keep most properties of a key signature
when updating (i.e. creating a new version of a key signature). This
included the use of the current hash-algorithm. This patch changes
this so that SHA-1 or RMD160 are replaced by SHA-256 if
possible (i.e. for RSA signatures). Affected commands are for example
--quick-set-expire and --quick-set-primary-uid.

  • GnuPG-bug-id: T4508
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on May 13 2019, 7:01 PM
Parents
rG8d0d61aca3d2: sm: Fix a warning in an es_fopencooie function.
Branches
Unknown
Tags
Unknown
Tasks
T4508: gnupg1: digest-preference not honoured