From fc30a414d8d6586207444356ec270bd3fe0f6e68 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 18 Aug 2014 11:45:00 +0200
Subject: gpg: Change default cipher for --symmetric from CAST5 to AES-128.

* g10/main.h (DEFAULT_CIPHER_ALGO): Change to AES or CAST5 or 3DES
depending on configure options.
* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.

--

(cherry picked from commit 57df1121c18b004dd763b35eabf7b51fc9e8ec38)
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 doc/gpg.texi |  2 +-
 g10/gpg.c    |  6 +-----
 g10/main.h   | 11 +++++++++--
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 27ae18c76..0b8beed1e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -11,7 +11,7 @@
 
 @c Begin algorithm defaults
 
-@set DEFSYMENCALGO CAST5
+@set DEFSYMENCALGO AES128
 
 @c End algorithm defaults
 
diff --git a/g10/gpg.c b/g10/gpg.c
index 3f0d3059a..590be23d3 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1883,11 +1883,7 @@ main (int argc, char **argv )
     opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
     opt.s2k_mode = 3; /* iterated+salted */
     opt.s2k_count = 96; /* 65536 iterations */
-#ifdef USE_CAST5
-    opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
-#else
-    opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
-#endif
+    opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
     opt.completes_needed = 1;
     opt.marginals_needed = 3;
     opt.max_cert_depth = 5;
diff --git a/g10/main.h b/g10/main.h
index dbc8d8f10..21ec1f077 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -26,11 +26,18 @@
 #include "keydb.h"
 
 /* It could be argued that the default cipher should be 3DES rather
-   than CAST5, and the default compression should be 0
+   than AES128, and the default compression should be 0
    (i.e. uncompressed) rather than 1 (zip).  However, the real world
    issues of speed and size come into play here. */
 
-#define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5
+#if USE_AES
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES
+#elif USE_CAST5
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5
+#else
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_3DES
+#endif
+
 #define DEFAULT_DIGEST_ALGO     DIGEST_ALGO_SHA1
 #define DEFAULT_COMPRESS_ALGO   COMPRESS_ALGO_ZIP
 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
-- 
cgit v1.2.3