gpg: Switch to AES256 for symmetric encryption in de-vs mode. - gnupg

diff options

author	Werner Koch <[email protected]>	2020-11-03 12:55:25 +0000
committer	Werner Koch <[email protected]>	2020-11-03 14:37:40 +0000
commit	d1f2a6d9f71cf50318f4891c84aeedb975553896 (patch)
tree	4eb834d41464de4ad8288f7293d7f7ccb6af4dd0 /common/gettime.c
parent	gpg: Allow setting notations with the empty string as value. (diff)
download	gnupg-d1f2a6d9f71cf50318f4891c84aeedb975553896.tar.gz gnupg-d1f2a6d9f71cf50318f4891c84aeedb975553896.zip

gpg: Switch to AES256 for symmetric encryption in de-vs mode.

* g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs mode. * g10/encrypt.c (setup_symkey): Add extra compliance check. (encrypt_simple): Avoid printing a second error oncplinace failure. -- Because we used the RFC4880 mode as base for the de-vs mode we got 3DES as symmetric encryption algorithm. With the default gnupg mode that was already used. The new extra compliance checks are added to detect whether a --personal-cipher-preference or --cipher-algo option tried to override the algorithms. They are still possible but now non-compliant algorithms will throw an error. Manual testing can be done with commands like this: gpg --no-options --compliance=de-vs \ --personal-cipher-preferences "S1 S7" \ --pinentry-mode loopback -v --passphrase abc -ac </etc/motd Here the command fails due to IDEA (S1) being the preferred cipher algorithm. Using "--s2k-digest-algo SHA1" instead of --personal-cipher-preferences will also fail. Signed-off-by: Werner Koch <[email protected]>

Diffstat (limited to 'common/gettime.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: