gpg: Set default keysize to rsa3072

* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
(gen_rsa): Set fallback to 3072.
(get_keysize_range): Set default to 3072.
* doc/examples/vsnfd.prf: No more need for default-new-key-algo.

Signed-off-by: Werner Koch <[email protected]>

2 files changed, 4 insertions, 6 deletions

diff --git a/doc/examples/vsnfd.prf b/doc/examples/vsnfd.prf
index 2884fe71e..0c0ddd81e 100644
--- a/doc/examples/vsnfd.prf
+++ b/doc/examples/vsnfd.prf
@@ -6,7 +6,6 @@
 
 [gpg]
 compliance de-vs
-default-new-key-algo rsa3072/cert,sign+rsa3072/encr
 
 [gpgsm]
 compliance de-vs
diff --git a/g10/keygen.c b/g10/keygen.c
index e2eab87b1..471f52a5a 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -46,11 +46,10 @@
 #include "../common/mbox-util.h"
 
 
-/* The default algorithms.  If you change them remember to change them
-   also in gpg.c:gpgconf_list.  You should also check that the value
+/* The default algorithms. You should also check that the value
    is inside the bounds enforced by ask_keysize and gen_xxx.  See also
    get_keysize_range which encodes the allowed ranges.  */
-#define DEFAULT_STD_KEY_PARAM  "rsa2048/cert,sign+rsa2048/encr"
+#define DEFAULT_STD_KEY_PARAM  "rsa3072/cert,sign+rsa3072/encr"
 #define FUTURE_STD_KEY_PARAM   "ed25519/cert,sign+cv25519/encr"
 
 /* When generating keys using the streamlined key generation dialog,
@@ -1653,7 +1652,7 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
 
   if (nbits < 1024)
     {
-      nbits = 2048;
+      nbits = 3072;
       log_info (_("keysize invalid; using %u bits\n"), nbits );
     }
   else if (nbits > maxsize)
@@ -2264,7 +2263,7 @@ get_keysize_range (int algo, unsigned int *min, unsigned int *max)
     default:
       *min = opt.compliance == CO_DE_VS ? 2048: 1024;
       *max = 4096;
-      def = 2048;
+      def = 3072;
       break;
     }