summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:14:43 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:14:43 +0000
commit929e3b949abcdcc6e05a82919a66c0958fad0306 (patch)
treeb9bb827613b0da508ea8bfd3cfbaae51f99a131c
parentSetting default RSA key length to 4096 in gpgsm. (diff)
downloadgnupg2-929e3b949abcdcc6e05a82919a66c0958fad0306.tar.xz
gnupg2-929e3b949abcdcc6e05a82919a66c0958fad0306.zip
Setting default RSA key length to 4096 in gpg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/patches/progress-linux/0002-gpg-default-to-4096-bit-keys.patch82
-rw-r--r--debian/patches/series1
2 files changed, 83 insertions, 0 deletions
diff --git a/debian/patches/progress-linux/0002-gpg-default-to-4096-bit-keys.patch b/debian/patches/progress-linux/0002-gpg-default-to-4096-bit-keys.patch
new file mode 100644
index 0000000..695056c
--- /dev/null
+++ b/debian/patches/progress-linux/0002-gpg-default-to-4096-bit-keys.patch
@@ -0,0 +1,82 @@
+Author: Daniel Baumann <daniel.baumann@progress-linux.org>
+Subject: gpg: default to 4096-bit RSA keys.
+
+diff -Naurp gnupg2.orig/agent/command.c gnupg2/agent/command.c
+--- gnupg2.orig/agent/command.c
++++ gnupg2/agent/command.c
+@@ -843,7 +843,7 @@ static const char hlp_genkey[] =
+ "\n"
+ " C: GENKEY\n"
+ " S: INQUIRE KEYPARAM\n"
+- " C: D (genkey (rsa (nbits 3072)))\n"
++ " C: D (genkey (rsa (nbits 4096)))\n"
+ " C: END\n"
+ " S: D (public-key\n"
+ " S: D (rsa (n 326487324683264) (e 10001)))\n"
+diff -Naurp gnupg2.orig/doc/wks.texi gnupg2/doc/wks.texi
+--- gnupg2.orig/doc/wks.texi
++++ gnupg2/doc/wks.texi
+@@ -412,10 +412,10 @@ the submission address:
+ The output of the last command looks similar to this:
+
+ @example
+- sec rsa3072 2016-08-30 [SC]
++ sec rsa4096 2016-08-30 [SC]
+ C0FCF8642D830C53246211400346653590B3795B
+ uid [ultimate] key-submission@@example.net
+- ssb rsa3072 2016-08-30 [E]
++ ssb rsa4096 2016-08-30 [E]
+ @end example
+
+ Take the fingerprint from that output and manually publish the key:
+diff -Naurp gnupg2.orig/g10/keygen.c gnupg2/g10/keygen.c
+--- gnupg2.orig/g10/keygen.c
++++ gnupg2/g10/keygen.c
+@@ -49,7 +49,7 @@
+ /* The default algorithms. You should also check that the value
+ is inside the bounds enforced by ask_keysize and gen_xxx. See also
+ get_keysize_range which encodes the allowed ranges. */
+-#define DEFAULT_STD_KEY_PARAM "rsa3072/cert,sign+rsa3072/encr"
++#define DEFAULT_STD_KEY_PARAM "rsa4096/cert,sign+rsa4096/encr"
+ #define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr"
+
+ /* When generating keys using the streamlined key generation dialog,
+@@ -1652,7 +1652,7 @@ gen_rsa (int algo, unsigned int nbits, K
+
+ if (nbits < 1024)
+ {
+- nbits = 3072;
++ nbits = 4096;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
+ else if (nbits > maxsize)
+@@ -2267,7 +2267,7 @@ get_keysize_range (int algo, unsigned in
+ default:
+ *min = opt.compliance == CO_DE_VS ? 2048: 1024;
+ *max = 4096;
+- def = 3072;
++ def = 4096;
+ break;
+ }
+
+diff -Naurp gnupg2.orig/g10/keyid.c gnupg2/g10/keyid.c
+--- gnupg2.orig/g10/keyid.c
++++ gnupg2/g10/keyid.c
+@@ -73,7 +73,7 @@ pubkey_letter( int algo )
+ is copied to the supplied buffer up a length of BUFSIZE-1.
+ Examples for the output are:
+
+- "rsa3072" - RSA with 3072 bit
++ "rsa4096" - RSA with 4096 bit
+ "elg1024" - Elgamal with 1024 bit
+ "ed25519" - ECC using the curve Ed25519.
+ "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
+@@ -83,7 +83,7 @@ pubkey_letter( int algo )
+ If the option --legacy-list-mode is active, the output use the
+ legacy format:
+
+- "3072R" - RSA with 3072 bit
++ "4096R" - RSA with 4096 bit
+ "1024g" - Elgamal with 1024 bit
+ "256E" - ECDSA using a curve with 256 bit
+
diff --git a/debian/patches/series b/debian/patches/series
index 5b3442b..ea7ef45 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -25,3 +25,4 @@ from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch
from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch
from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch
progress-linux/0001-gpgsm-default-to-4096-bit-keys.patch
+progress-linux/0002-gpg-default-to-4096-bit-keys.patch