gpgsm: default to 3072-bit keys.

* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <[email protected]>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch

1 files changed, 2 insertions, 2 deletions

diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 44318702a..1d610c1bb 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -26,7 +26,7 @@
      $ cat >foo <<EOF
      %echo Generating a standard key
      Key-Type: RSA
-     Key-Length: 2048
+     Key-Length: 3072
      Name-DN: CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Ddorf,C=DE
      Name-Email: [email protected]
      # Do a commit here, so that we can later print a "done"
@@ -468,7 +468,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
   /* Check the keylength.  NOTE: If you change this make sure that it
      macthes the gpgconflist item in gpgsm.c  */
   if (!get_parameter (para, pKEYLENGTH, 0))
-    nbits = 2048;
+    nbits = 3072;
   else
     nbits = get_parameter_uint (para, pKEYLENGTH);
   if ((nbits < 1024 || nbits > 4096) && !cardkeyid)