diff options
Diffstat (limited to 'debian/patches/from-master/gpg-default-to-3072-bit-keys.patch')
| -rw-r--r-- | debian/patches/from-master/gpg-default-to-3072-bit-keys.patch | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/debian/patches/from-master/gpg-default-to-3072-bit-keys.patch b/debian/patches/from-master/gpg-default-to-3072-bit-keys.patch new file mode 100644 index 0000000..59b0b13 --- /dev/null +++ b/debian/patches/from-master/gpg-default-to-3072-bit-keys.patch @@ -0,0 +1,91 @@ +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Thu, 7 Sep 2017 18:41:10 -0400 +Subject: gpg: default to 3072-bit keys. + +* agent/command.c (hlp_genkey): update help text to suggest the use of +3072 bits. +* doc/wks.texi: Make example match default generation. +* g10/keygen.c (gen_elg): update default from 2048 to 3072. +* g10/keyid.c (pubkey_string): update comment so that first example +is the default 3072-bit RSA. + +-- + +3072-bit RSA is widely considered to be 128-bit-equivalent security. +This is a sensible default in 2017. + +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> + +(cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c) +--- + agent/command.c | 2 +- + doc/wks.texi | 4 ++-- + g10/keygen.c | 2 +- + g10/keyid.c | 4 ++-- + 4 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/agent/command.c b/agent/command.c +index b682c55..ea65290 100644 +--- a/agent/command.c ++++ b/agent/command.c +@@ -843,7 +843,7 @@ static const char hlp_genkey[] = + "\n" + " C: GENKEY\n" + " S: INQUIRE KEYPARAM\n" +- " C: D (genkey (rsa (nbits 2048)))\n" ++ " C: D (genkey (rsa (nbits 3072)))\n" + " C: END\n" + " S: D (public-key\n" + " S: D (rsa (n 326487324683264) (e 10001)))\n" +diff --git a/doc/wks.texi b/doc/wks.texi +index e398ccb..68ed117 100644 +--- a/doc/wks.texi ++++ b/doc/wks.texi +@@ -447,10 +447,10 @@ the submission address: + The output of the last command looks similar to this: + + @example +- sec rsa2048 2016-08-30 [SC] ++ sec rsa3072 2016-08-30 [SC] + C0FCF8642D830C53246211400346653590B3795B + uid [ultimate] key-submission@@example.net +- ssb rsa2048 2016-08-30 [E] ++ ssb rsa3072 2016-08-30 [E] + @end example + + Take the fingerprint from that output and manually publish the key: +diff --git a/g10/keygen.c b/g10/keygen.c +index 80d65c4..5b4a785 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -1436,7 +1436,7 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root, + + if (nbits < 1024) + { +- nbits = 2048; ++ nbits = 3072; + log_info (_("keysize invalid; using %u bits\n"), nbits ); + } + else if (nbits > 4096) +diff --git a/g10/keyid.c b/g10/keyid.c +index 69d85da..2987287 100644 +--- a/g10/keyid.c ++++ b/g10/keyid.c +@@ -73,7 +73,7 @@ pubkey_letter( int algo ) + is copied to the supplied buffer up a length of BUFSIZE-1. + Examples for the output are: + +- "rsa2048" - RSA with 2048 bit ++ "rsa3072" - RSA with 3072 bit + "elg1024" - Elgamal with 1024 bit + "ed25519" - ECC using the curve Ed25519. + "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". +@@ -83,7 +83,7 @@ pubkey_letter( int algo ) + If the option --legacy-list-mode is active, the output use the + legacy format: + +- "2048R" - RSA with 2048 bit ++ "3072R" - RSA with 3072 bit + "1024g" - Elgamal with 1024 bit + "256E" - ECDSA using a curve with 256 bit + |