From 121286d9d1506dbaad9ba33bae2e459814fe5849 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 7 Sep 2017 18:39:37 -0400
Subject: gpgsm: default to 3072-bit keys.

* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
(cherry picked from commit 7955262151a5c755814dd23414e6804f79125355)
---
 sm/gpgsm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sm/gpgsm.c')

diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index defc698db..52f26e21d 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1800,7 +1800,7 @@ main ( int argc, char **argv)
         /* The next one is an info only item and should match what
            proc_parameters actually implements.  */
         es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
-                   "RSA-2048");
+                   "RSA-3072");
         es_printf ("compliance:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "gnupg");
 
       }
-- 
cgit v1.2.3