gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.

* g10/pkclist.c (select_algo_from_prefs): Change implicit hash algorithm. -- GnuPG-bug-id: 6043
author: Werner Koch <[email protected]> 2022-07-28 08:39:45 +0000
committer: Werner Koch <[email protected]> 2022-07-28 08:41:02 +0000
commit: eb675fbc4e4db52c3276bc0748b49df8a213fbc4 (patch)
tree: e62387d056b281adffbeb451f4a868909654a0c8 /g10/pkclist.c
parent: scd:openpgp: New vendor (diff)
download: gnupg-eb675fbc4e4db52c3276bc0748b49df8a213fbc4.tar.gz
gnupg-eb675fbc4e4db52c3276bc0748b49df8a213fbc4.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 392689352..9b08cc4d1 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -1519,9 +1519,17 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
 	     code will never even be called.  Even if the hash wasn't
 	     locked at MD5, we don't support sign+encrypt in --pgp2
 	     mode, and that's the only time PREFTYPE_HASH is used
-	     anyway. -dms */
+	     anyway. -dms
 
-          implicit=DIGEST_ALGO_SHA1;
+             Because "de-vs" compliance does not allow SHA-1 it does
+             not make sense to assign SHA-1 as implicit algorithm.
+             Instead it is better to use SHA-256 as implicit algorithm
+             (which will be the case for rfc4880bis anyway).  */
+
+          if (opt.compliance == CO_DE_VS)
+            implicit = DIGEST_ALGO_SHA256;
+          else
+            implicit = DIGEST_ALGO_SHA1;
 
 	  break;
author	Werner Koch <[email protected]>	2022-07-28 08:39:45 +0000
committer	Werner Koch <[email protected]>	2022-07-28 08:41:02 +0000
commit	eb675fbc4e4db52c3276bc0748b49df8a213fbc4 (patch)
tree	e62387d056b281adffbeb451f4a868909654a0c8 /g10/pkclist.c
parent	scd:openpgp: New vendor (diff)
download	gnupg-eb675fbc4e4db52c3276bc0748b49df8a213fbc4.tar.gz gnupg-eb675fbc4e4db52c3276bc0748b49df8a213fbc4.zip