rpms / gnupg2

Clone
Source Code
GIT

Blame SOURCES/gnupg-2.3.1-revert-default-eddsa.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   4ebffe2d144055b348b7cd8627a500e21abf69d4
  2.   SOURCES
  3.   gnupg-2.3.1-revert-default-eddsa.patch
Blob History Raw
b5a5d8 
From ff31dde456f32950f0df6c974b4c41f1d650d68f Mon Sep 17 00:00:00 2001
b5a5d8 
From: Werner Koch <wk@gnupg.org>
b5a5d8 
Date: Mon, 5 Oct 2020 14:21:31 +0200
b5a5d8 
Subject: [PATCH GnuPG] gpg: Switch to ed25519+cv25519 as default algo.
b5a5d8
b5a5d8 
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future
b5a5d8 
default ago.
b5a5d8 
(ask_algo): Change default and also the way we indicate the default
b5a5d8 
algo in the list of algos.
b5a5d8 
(ask_curve): Indicate the default curve.
b5a5d8
b5a5d8 
Signed-off-by: Werner Koch <wk@gnupg.org>
b5a5d8 
---
b5a5d8 
 g10/keygen.c | 57 ++++++++++++++++++++++++++--------------------------
b5a5d8 
 1 file changed, 29 insertions(+), 28 deletions(-)
b5a5d8
b5a5d8 
diff --git a/g10/keygen.c b/g10/keygen.c
b5a5d8 
index 16e4e58ea..b510525e3 100644
b5a5d8 
--- a/g10/keygen.c
b5a5d8 
+++ b/g10/keygen.c
b5a5d8 
@@ -47,10 +47,11 @@
b5a5d8 
 #include "../common/mbox-util.h"
b5a5d8
b5a5d8
b5a5d8 
-/* The default algorithms.  If you change them, you should ensure the value
b5a5d8 
-   is inside the bounds enforced by ask_keysize and gen_xxx.  See also
b5a5d8 
-   get_keysize_range which encodes the allowed ranges.  */
b5a5d8 
-#define DEFAULT_STD_KEY_PARAM  "rsa3072/cert,sign+rsa3072/encr"
b5a5d8 
+/* The default algorithms.  If you change them, you should ensure the
b5a5d8 
+   value is inside the bounds enforced by ask_keysize and gen_xxx.
b5a5d8 
+   See also get_keysize_range which encodes the allowed ranges.  The
b5a5d8 
+   default answer in ask_algo also needs to be adjusted.  */
b5a5d8 
+#define DEFAULT_STD_KEY_PARAM  "ed25519/cert,sign+cv25519/encr"
b5a5d8 
 #define FUTURE_STD_KEY_PARAM   "ed25519/cert,sign+cv25519/encr"
b5a5d8
b5a5d8 
 /* When generating keys using the streamlined key generation dialog,
b5a5d8 
@@ -2112,50 +2113,49 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
b5a5d8
b5a5d8 
 #if GPG_USE_RSA
b5a5d8 
   if (!addmode)
b5a5d8 
-    tty_printf (_("   (%d) RSA and RSA (default)\n"), 1 );
b5a5d8 
+    tty_printf (_("   (%d) RSA and RSA%s\n"), 1, "");
b5a5d8 
 #endif
b5a5d8
b5a5d8 
   if (!addmode && opt.compliance != CO_DE_VS)
b5a5d8 
-    tty_printf (_("   (%d) DSA and Elgamal\n"), 2 );
b5a5d8 
+    tty_printf (_("   (%d) DSA and Elgamal%s\n"), 2, "");
b5a5d8
b5a5d8 
   if (opt.compliance != CO_DE_VS)
b5a5d8 
-    tty_printf (_("   (%d) DSA (sign only)\n"), 3 );
b5a5d8 
+    tty_printf (_("   (%d) DSA (sign only)%s\n"), 3, "");
b5a5d8 
 #if GPG_USE_RSA
b5a5d8 
-  tty_printf (_("   (%d) RSA (sign only)\n"), 4 );
b5a5d8 
+  tty_printf (_("   (%d) RSA (sign only)%s\n"), 4, "");
b5a5d8 
 #endif
b5a5d8
b5a5d8 
   if (addmode)
b5a5d8 
     {
b5a5d8 
       if (opt.compliance != CO_DE_VS)
b5a5d8 
-        tty_printf (_("   (%d) Elgamal (encrypt only)\n"), 5 );
b5a5d8 
+        tty_printf (_("   (%d) Elgamal (encrypt only)%s\n"), 5, "");
b5a5d8 
 #if GPG_USE_RSA
b5a5d8 
-      tty_printf (_("   (%d) RSA (encrypt only)\n"), 6 );
b5a5d8 
+      tty_printf (_("   (%d) RSA (encrypt only)%s\n"), 6, "");
b5a5d8 
 #endif
b5a5d8 
     }
b5a5d8 
   if (opt.expert)
b5a5d8 
     {
b5a5d8 
       if (opt.compliance != CO_DE_VS)
b5a5d8 
-        tty_printf (_("   (%d) DSA (set your own capabilities)\n"), 7 );
b5a5d8 
+        tty_printf (_("   (%d) DSA (set your own capabilities)%s\n"), 7, "");
b5a5d8 
 #if GPG_USE_RSA
b5a5d8 
-      tty_printf (_("   (%d) RSA (set your own capabilities)\n"), 8 );
b5a5d8 
+      tty_printf (_("   (%d) RSA (set your own capabilities)%s\n"), 8, "");
b5a5d8 
 #endif
b5a5d8 
     }
b5a5d8
b5a5d8 
 #if GPG_USE_ECDSA || GPG_USE_ECDH || GPG_USE_EDDSA
b5a5d8 
-  if (opt.expert && !addmode)
b5a5d8 
-    tty_printf (_("   (%d) ECC and ECC\n"), 9 );
b5a5d8 
-  if (opt.expert)
b5a5d8 
-    tty_printf (_("  (%d) ECC (sign only)\n"), 10 );
b5a5d8 
+  if (!addmode)
b5a5d8 
+    tty_printf (_("   (%d) ECC (sign and encrypt)%s\n"), 9, _(" *default*") );
b5a5d8 
+  tty_printf (_("  (%d) ECC (sign only)\n"), 10 );
b5a5d8 
   if (opt.expert)
b5a5d8 
-    tty_printf (_("  (%d) ECC (set your own capabilities)\n"), 11 );
b5a5d8 
-  if (opt.expert && addmode)
b5a5d8 
-    tty_printf (_("  (%d) ECC (encrypt only)\n"), 12 );
b5a5d8 
+    tty_printf (_("  (%d) ECC (set your own capabilities)%s\n"), 11, "");
b5a5d8 
+  if (addmode)
b5a5d8 
+    tty_printf (_("  (%d) ECC (encrypt only)%s\n"), 12, "");
b5a5d8 
 #endif
b5a5d8
b5a5d8 
   if (opt.expert && r_keygrip)
b5a5d8 
-    tty_printf (_("  (%d) Existing key\n"), 13 );
b5a5d8 
+    tty_printf (_("  (%d) Existing key%s\n"), 13, "");
b5a5d8 
   if (r_keygrip)
b5a5d8 
-    tty_printf (_("  (%d) Existing key from card\n"), 14 );
b5a5d8 
+    tty_printf (_("  (%d) Existing key from card%s\n"), 14, "");
b5a5d8
b5a5d8 
   for (;;)
b5a5d8 
     {
b5a5d8 
@@ -2164,7 +2164,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
b5a5d8 
       xfree (answer);
b5a5d8 
       answer = cpr_get ("keygen.algo", _("Your selection? "));
b5a5d8 
       cpr_kill_prompt ();
b5a5d8 
-      algo = *answer? atoi (answer) : 1;
b5a5d8 
+      algo = *answer? atoi (answer) : 9;  /* Default algo is 9 */
b5a5d8
b5a5d8 
       if (opt.compliance == CO_DE_VS
b5a5d8 
           && (algo == 2 || algo == 3 || algo == 5 || algo == 7))
b5a5d8 
@@ -2220,13 +2220,13 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
b5a5d8 
           break;
b5a5d8 
 	}
b5a5d8 
       else if ((algo == 9 || !strcmp (answer, "ecc+ecc"))
b5a5d8 
-               && opt.expert && !addmode)
b5a5d8 
+               && !addmode)
b5a5d8 
         {
b5a5d8 
           algo = PUBKEY_ALGO_ECDSA;
b5a5d8 
           *r_subkey_algo = PUBKEY_ALGO_ECDH;
b5a5d8 
           break;
b5a5d8 
 	}
b5a5d8 
-      else if ((algo == 10 || !strcmp (answer, "ecc/s")) && opt.expert)
b5a5d8 
+      else if ((algo == 10 || !strcmp (answer, "ecc/s")))
b5a5d8 
         {
b5a5d8 
           algo = PUBKEY_ALGO_ECDSA;
b5a5d8 
           *r_usage = PUBKEY_USAGE_SIG;
b5a5d8 
@@ -2239,7 +2239,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
b5a5d8 
           break;
b5a5d8 
 	}
b5a5d8 
       else if ((algo == 12 || !strcmp (answer, "ecc/e"))
b5a5d8 
-               && opt.expert && addmode)
b5a5d8 
+               && addmode)
b5a5d8 
         {
b5a5d8 
           algo = PUBKEY_ALGO_ECDH;
b5a5d8 
           *r_usage = PUBKEY_USAGE_ENC;
b5a5d8 
@@ -2616,7 +2616,7 @@ ask_curve (int *algo, int *subkey_algo, const char *current)
b5a5d8 
     { "NIST P-256",      NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
b5a5d8 
     { "NIST P-384",      NULL, NULL,               MY_USE_ECDSADH,  0, 0, 0 },
b5a5d8 
     { "NIST P-521",      NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
b5a5d8 
-    { "brainpoolP256r1", NULL, "Brainpool P-256",  MY_USE_ECDSADH,  1, 1, 0 },
b5a5d8 
+    { "brainpoolP256r1", NULL, "Brainpool P-256",  MY_USE_ECDSADH,  1, 0, 0 },
b5a5d8 
     { "brainpoolP384r1", NULL, "Brainpool P-384",  MY_USE_ECDSADH,  1, 1, 0 },
b5a5d8 
     { "brainpoolP512r1", NULL, "Brainpool P-512",  MY_USE_ECDSADH,  1, 1, 0 },
b5a5d8 
     { "secp256k1",       NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
b5a5d8 
@@ -2672,9 +2672,10 @@ ask_curve (int *algo, int *subkey_algo, const char *current)
b5a5d8 
         }
b5a5d8
b5a5d8 
       curves[idx].available = 1;
b5a5d8 
-      tty_printf ("   (%d) %s\n", idx + 1,
b5a5d8 
+      tty_printf ("   (%d) %s%s\n", idx + 1,
b5a5d8 
                   curves[idx].pretty_name?
b5a5d8 
-                  curves[idx].pretty_name:curves[idx].name);
b5a5d8 
+                  curves[idx].pretty_name:curves[idx].name,
b5a5d8 
+                  idx == 0? _(" *default*"):"");
b5a5d8 
     }
b5a5d8 
   gcry_sexp_release (keyparms);
b5a5d8
b5a5d8 
--
b5a5d8 
2.31.1
b5a5d8

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation