diff options
| author | Werner Koch <[email protected]> | 2022-10-10 09:20:16 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-10-10 09:22:57 +0000 |
| commit | 5df1c247be5223343668f9a56eb5f8290c954b6e (patch) | |
| tree | 660cc9f5ccab41f61194f022f838cdcfd64655e9 | |
| parent | sm: Fix reporting of bad passphrase error (diff) | |
| download | gnupg-5df1c247be5223343668f9a56eb5f8290c954b6e.tar.gz gnupg-5df1c247be5223343668f9a56eb5f8290c954b6e.zip | |
gpg: For de-vs use AES-128 instead of 3DES as implicit preference.
* g10/pkclist.c (select_algo_from_prefs): Change implicit cipher
algorithm.
--
Although 3DES is still a compliant algorithm, some other software does
not consider it has compliant but also does not set preference
accordingly. Thus it is better to switch the implicit cipher algorithm
similar to what we already did with SHA-1.
Note that in GnuPG 2.3 3DES is already not anymore used here.
GnuPG-bug-id: 6063
| -rw-r--r-- | g10/pkclist.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/g10/pkclist.c b/g10/pkclist.c index 82a8d3b4b..fb8b17620 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1479,8 +1479,16 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, --pgp2 mode is on. This was a 2440 thing that was dropped from 4880 but is still relevant to GPG's 1991 support. All this doesn't mean IDEA is actually - available, of course. */ - implicit=CIPHER_ALGO_3DES; + available, of course. + + Because "de-vs" compliance will soon not anymore allow + 3DES it does not make sense to assign 3DES as implicit + algorithm. Instead it is better to use AES-128 as + implicit algorithm here. */ + if (opt.compliance == CO_DE_VS) + implicit = CIPHER_ALGO_AES; + else + implicit=CIPHER_ALGO_3DES; break; |