diff options
| -rw-r--r-- | doc/gpg.texi | 19 | ||||
| -rw-r--r-- | g10/gpg.c | 2 | ||||
| -rw-r--r-- | g10/main.h | 11 |
3 files changed, 26 insertions, 6 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 36aa18ef1..7ac1613f9 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1,4 +1,4 @@ -@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + @c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, @c 2008, 2009, 2010 Free Software Foundation, Inc. @c This is part of the GnuPG manual. @c For copying conditions, see the file gnupg.texi. @@ -14,6 +14,19 @@ @cindex command options @cindex options, GPG command +@c Begin algorithm defaults + +@ifclear gpgtwoone +@set DEFSYMENCALGO CAST5 +@end ifclear + +@ifset gpgtwoone +@set DEFSYMENCALGO AES128 +@end ifset + +@c End algorithm defaults + + @c Begin GnuPG 1.x specific stuff @ifset gpgone @macro gpgname @@ -217,7 +230,7 @@ decrypted via a secret key or a passphrase). @itemx -c @opindex symmetric Encrypt with a symmetric cipher using a passphrase. The default -symmetric cipher used is CAST5, but may be chosen with the +symmetric cipher used is @value{DEFSYMENCALGO}, but may be chosen with the @option{--cipher-algo} option. This option may be combined with @option{--sign} (for a signed and symmetrically encrypted message), @option{--encrypt} (for a message that may be decrypted via a secret key @@ -2272,7 +2285,7 @@ to consider (e.g. @option{--symmetric}). @item --s2k-cipher-algo @code{name} @opindex s2k-cipher-algo Use @code{name} as the cipher algorithm used to protect secret keys. -The default cipher is CAST5. This cipher is also used for +The default cipher is @value{DEFSYMENCALGO}. This cipher is also used for conventional encryption if @option{--personal-cipher-preferences} and @option{--cipher-algo} is not given. @@ -2072,7 +2072,7 @@ main (int argc, char **argv) opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */ opt.s2k_mode = 3; /* iterated+salted */ opt.s2k_count = 0; /* Auto-calibrate when needed. */ - opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; + opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO; opt.completes_needed = 1; opt.marginals_needed = 3; opt.max_cert_depth = 5; diff --git a/g10/main.h b/g10/main.h index b2efaae3b..4eb1b5f31 100644 --- a/g10/main.h +++ b/g10/main.h @@ -26,11 +26,18 @@ #include "util.h" /* It could be argued that the default cipher should be 3DES rather - than CAST5, and the default compression should be 0 + than AES128, and the default compression should be 0 (i.e. uncompressed) rather than 1 (zip). However, the real world issues of speed and size come into play here. */ -#define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5 +#if GPG_USE_AES128 +# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES +#elif GPG_USE_CAST5 +# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5 +#else +# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES +#endif + #define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1 #ifdef HAVE_ZIP |