Setting default RSA key length to 4096 in gpg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

2 files changed, 83 insertions, 0 deletions

diff --git a/debian/patches/progress-linux/0002-gpg-default-to-4096-bit-keys.patch b/debian/patches/progress-linux/0002-gpg-default-to-4096-bit-keys.patch
new file mode 100644
index 0000000..695056c
--- /dev/null
+++ b/debian/patches/progress-linux/0002-gpg-default-to-4096-bit-keys.patch
@@ -0,0 +1,82 @@
+Author: Daniel Baumann <daniel.baumann@progress-linux.org>
+Subject: gpg: default to 4096-bit RSA keys.
+
+diff -Naurp gnupg2.orig/agent/command.c gnupg2/agent/command.c
+--- gnupg2.orig/agent/command.c
++++ gnupg2/agent/command.c
+@@ -843,7 +843,7 @@ static const char hlp_genkey[] =
+   "\n"
+   "  C: GENKEY\n"
+   "  S: INQUIRE KEYPARAM\n"
+-  "  C: D (genkey (rsa (nbits 3072)))\n"
++  "  C: D (genkey (rsa (nbits 4096)))\n"
+   "  C: END\n"
+   "  S: D (public-key\n"
+   "  S: D   (rsa (n 326487324683264) (e 10001)))\n"
+diff -Naurp gnupg2.orig/doc/wks.texi gnupg2/doc/wks.texi
+--- gnupg2.orig/doc/wks.texi
++++ gnupg2/doc/wks.texi
+@@ -412,10 +412,10 @@ the submission address:
+ The output of the last command looks similar to this:
+ 
+ @example
+-  sec   rsa3072 2016-08-30 [SC]
++  sec   rsa4096 2016-08-30 [SC]
+         C0FCF8642D830C53246211400346653590B3795B
+   uid           [ultimate] key-submission@@example.net
+-  ssb   rsa3072 2016-08-30 [E]
++  ssb   rsa4096 2016-08-30 [E]
+ @end example
+ 
+ Take the fingerprint from that output and manually publish the key:
+diff -Naurp gnupg2.orig/g10/keygen.c gnupg2/g10/keygen.c
+--- gnupg2.orig/g10/keygen.c
++++ gnupg2/g10/keygen.c
+@@ -49,7 +49,7 @@
+ /* The default algorithms. You should also check that the value
+    is inside the bounds enforced by ask_keysize and gen_xxx.  See also
+    get_keysize_range which encodes the allowed ranges.  */
+-#define DEFAULT_STD_KEY_PARAM  "rsa3072/cert,sign+rsa3072/encr"
++#define DEFAULT_STD_KEY_PARAM  "rsa4096/cert,sign+rsa4096/encr"
+ #define FUTURE_STD_KEY_PARAM   "ed25519/cert,sign+cv25519/encr"
+ 
+ /* When generating keys using the streamlined key generation dialog,
+@@ -1652,7 +1652,7 @@ gen_rsa (int algo, unsigned int nbits, K
+ 
+   if (nbits < 1024)
+     {
+-      nbits = 3072;
++      nbits = 4096;
+       log_info (_("keysize invalid; using %u bits\n"), nbits );
+     }
+   else if (nbits > maxsize)
+@@ -2267,7 +2267,7 @@ get_keysize_range (int algo, unsigned in
+     default:
+       *min = opt.compliance == CO_DE_VS ? 2048: 1024;
+       *max = 4096;
+-      def = 3072;
++      def = 4096;
+       break;
+     }
+ 
+diff -Naurp gnupg2.orig/g10/keyid.c gnupg2/g10/keyid.c
+--- gnupg2.orig/g10/keyid.c
++++ gnupg2/g10/keyid.c
+@@ -73,7 +73,7 @@ pubkey_letter( int algo )
+    is copied to the supplied buffer up a length of BUFSIZE-1.
+    Examples for the output are:
+ 
+-   "rsa3072"  - RSA with 3072 bit
++   "rsa4096"  - RSA with 4096 bit
+    "elg1024"  - Elgamal with 1024 bit
+    "ed25519"  - ECC using the curve Ed25519.
+    "E_1.2.3.4"  - ECC using the unsupported curve with OID "1.2.3.4".
+@@ -83,7 +83,7 @@ pubkey_letter( int algo )
+    If the option --legacy-list-mode is active, the output use the
+    legacy format:
+ 
+-   "3072R" - RSA with 3072 bit
++   "4096R" - RSA with 4096 bit
+    "1024g" - Elgamal with 1024 bit
+    "256E"  - ECDSA using a curve with 256 bit
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 5b3442b..ea7ef45 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -25,3 +25,4 @@ from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch
 from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch
 from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch
 progress-linux/0001-gpgsm-default-to-4096-bit-keys.patch
+progress-linux/0002-gpg-default-to-4096-bit-keys.patch