gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.

* g10/pkclist.c (select_algo_from_prefs): Change implicit hash algorithm. -- GnuPG-bug-id: 6043
author: Werner Koch <[email protected]> 2022-07-28 08:39:45 +0000
committer: Werner Koch <[email protected]> 2022-07-28 08:39:45 +0000
commit: 890e616593af5d1e0f2eb932768205ef90928e5e (patch)
tree: 803734c31ef5c3355385e25582a3b0ead827950a
parent: agent: New option --no-user-trustlist and --sys-trustlist-name. (diff)
download: gnupg-890e616593af5d1e0f2eb932768205ef90928e5e.tar.gz
gnupg-890e616593af5d1e0f2eb932768205ef90928e5e.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/g10/pkclist.c b/g10/pkclist.c
index bfc4f84e4..82a8d3b4b 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -1490,9 +1490,17 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
 	     code will never even be called.  Even if the hash wasn't
 	     locked at MD5, we don't support sign+encrypt in --pgp2
 	     mode, and that's the only time PREFTYPE_HASH is used
-	     anyway. -dms */
+	     anyway. -dms
 
-          implicit=DIGEST_ALGO_SHA1;
+             Because "de-vs" compliance does not allow SHA-1 it does
+             not make sense to assign SHA-1 as implicit algorithm.
+             Instead it is better to use SHA-256 as implicit algorithm
+             (which will be the case for rfc4880bis anyway).  */
+
+          if (opt.compliance == CO_DE_VS)
+            implicit = DIGEST_ALGO_SHA256;
+          else
+            implicit = DIGEST_ALGO_SHA1;
 
 	  break;
author	Werner Koch <[email protected]>	2022-07-28 08:39:45 +0000
committer	Werner Koch <[email protected]>	2022-07-28 08:39:45 +0000
commit	890e616593af5d1e0f2eb932768205ef90928e5e (patch)
tree	803734c31ef5c3355385e25582a3b0ead827950a
parent	agent: New option --no-user-trustlist and --sys-trustlist-name. (diff)
download	gnupg-890e616593af5d1e0f2eb932768205ef90928e5e.tar.gz gnupg-890e616593af5d1e0f2eb932768205ef90928e5e.zip