Created
August 5, 2014 20:16
-
-
Save coruus/be3c7e2c4e4dc155d2a2 to your computer and use it in GitHub Desktop.
Update GnuPG defaults
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I hope this patch is acceptable in something like its present form. If | |
| so, I'll write up the documentation updates as well. (But I suspect it | |
| may spark some discussion.) | |
| It updates some rather outdated defaults hard-wired into GnuPG: | |
| 1. Default cipher algorithm: CAST5 -> AES256 | |
| 2. Default digest algorithm: SHA1 -> SHA512 | |
| 3. Default S2K hash algorithm: SHA1 -> SHA256 | |
| 4. Default S2K iterations: 255 (this takes about 400ms in E2E, not | |
| sure about GnuPG timing) | |
| 5. Modification detection codes always used. | |
| 6. Slightly increased default RSA key-size to better match RSA | |
| key-size recommendations. | |
| 7. Display long key IDs by default. (Would a default of showing | |
| fingerprints be acceptable to folks?) | |
| 8. (Try to) never fall back to MD5, SHA1, or RIPEMD160 unless the user | |
| explicitly requests the use of one of these algorithms. | |
| The details of the patch follow. | |
| - David | |
| From 0b8d5677a2f0c80d81ca34c6c1af53aadf43f969 Mon Sep 17 00:00:00 2001 | |
| From: David Leon Gil <coruus@gmail.com> | |
| Date: Tue, 5 Aug 2014 11:46:28 -0400 | |
| Subject: [PATCH] Update defaults. | |
| --- | |
| g10/gpg.c | 12 ++++++------ | |
| g10/keygen.c | 52 ++++++++++++++++++++++++++++------------------------ | |
| g10/main.h | 6 +++--- | |
| g10/sign.c | 36 ++++++++++++++++++++++++++++-------- | |
| 5 files changed, 65 insertions(+), 41 deletions(-) | |
| diff --git a/g10/gpg.c b/g10/gpg.c | |
| index 1f840c6..c08095e 100644 | |
| --- a/g10/gpg.c | |
| +++ b/g10/gpg.c | |
| @@ -1719,7 +1719,7 @@ gpgconf_list (const char *configfile) | |
| /* The next one is an info only item and should match the macros at | |
| the top of keygen.c */ | |
| es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, | |
| - "RSA-2048"); | |
| + "RSA-4096"); | |
| xfree (configfile_esc); | |
| } | |
| @@ -2074,17 +2074,17 @@ main (int argc, char **argv) | |
| opt.cert_digest_algo = 0; | |
| opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */ | |
| opt.s2k_mode = 3; /* iterated+salted */ | |
| - opt.s2k_count = 0; /* Auto-calibrate when needed. */ | |
| - opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; | |
| + opt.s2k_count = 255; /* The maximum is a safe default. */ | |
| + opt.s2k_cipher_algo = CIPHER_ALGO_AES256; | |
| opt.completes_needed = 1; | |
| opt.marginals_needed = 3; | |
| opt.max_cert_depth = 5; | |
| - opt.pgp2_workarounds = 1; | |
| + opt.pgp2_workarounds = 0; | |
| opt.escape_from = 1; | |
| opt.flags.require_cross_cert = 1; | |
| opt.import_options = 0; | |
| opt.export_options = EXPORT_ATTRIBUTES; | |
| - opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG; | |
| + opt.keyserver_options.import_options = 0; | |
| opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; | |
| opt.keyserver_options.options = (KEYSERVER_HONOR_KEYSERVER_URL | |
| | KEYSERVER_HONOR_PKA_RECORD ); | |
| @@ -2101,7 +2101,7 @@ main (int argc, char **argv) | |
| opt.mangle_dos_filenames = 0; | |
| opt.min_cert_level = 2; | |
| set_screen_dimensions (); | |
| - opt.keyid_format = KF_SHORT; | |
| + opt.keyid_format = KF_0xLONG; | |
| opt.def_sig_expire = "0"; | |
| opt.def_cert_expire = "0"; | |
| set_homedir (default_homedir ()); | |
| diff --git a/g10/keygen.c b/g10/keygen.c | |
| index af5d34d..0a2fd07 100644 | |
| --- a/g10/keygen.c | |
| +++ b/g10/keygen.c | |
| @@ -48,7 +48,7 @@ | |
| also in gpg.c:gpgconf_list. You should also check that the value | |
| is inside the bounds enforced by ask_keysize and gen_xxx. */ | |
| #define DEFAULT_STD_ALGO GCRY_PK_RSA | |
| -#define DEFAULT_STD_KEYSIZE 2048 | |
| +#define DEFAULT_STD_KEYSIZE 4096 | |
| /* Flag bits used during key generation. */ | |
| #define KEYGEN_FLAG_NO_PROTECTION 1 | |
| @@ -353,26 +353,36 @@ keygen_set_std_prefs (const char *string,int personal) | |
| /* The default hash algo order is: | |
| - SHA-256, SHA-1, SHA-384, SHA-512, SHA-224. | |
| - Ordering SHA-1 before SHA-384 might be viewed as a bit | |
| - strange; it is done because we expect that soon enough | |
| - SHA-3 will be available and at that point there should | |
| - be no more need for SHA-384 etc. Anyway this order is | |
| - just a default and can easily be changed by a config | |
| - option. */ | |
| - if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) | |
| + SHA-512, SHA-384, SHA-256, SHA-224, SHA-1. | |
| + SHA-512 is faster on systems with 64-bit arithmetic | |
| + operations; it is also considered stronger than SHA-256. | |
| + Published attacks on SHA-1 indicate that its security | |
| + is inadequate for use as a digest algorithm. (It has | |
| + an equivalent security strength to <1024 bit RSA key.) | |
| + */ | |
| + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) { | |
| + strcat (dummy_string, "H10 "); | |
| + } | |
| + | |
| + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384)) { | |
| + strcat (dummy_string, "H9 "); | |
| + } | |
| + | |
| + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) { | |
| strcat (dummy_string, "H8 "); | |
| + } | |
| + | |
| + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224)) { | |
| + strcat (dummy_string, "H11 "); | |
| + } | |
| strcat (dummy_string, "H2 "); /* SHA-1 */ | |
| - if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384)) | |
| - strcat (dummy_string, "H9 "); | |
| - | |
| - if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) | |
| - strcat (dummy_string, "H10 "); | |
| - | |
| - if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224)) | |
| - strcat (dummy_string, "H11 "); | |
| + if(!check_compress_algo(COMPRESS_ALGO_ZIP)) | |
| + { | |
| + strcat(dummy_string,"Z1 "); | |
| + any_compress = 1; | |
| + } | |
| if(!check_compress_algo(COMPRESS_ALGO_ZLIB)) | |
| { | |
| @@ -386,12 +396,6 @@ keygen_set_std_prefs (const char *string,int personal) | |
| any_compress = 1; | |
| } | |
| - if(!check_compress_algo(COMPRESS_ALGO_ZIP)) | |
| - { | |
| - strcat(dummy_string,"Z1 "); | |
| - any_compress = 1; | |
| - } | |
| - | |
| /* In case we have no compress algo at all, declare that | |
| we prefer no compresssion. */ | |
| if (!any_compress) | |
| @@ -2022,7 +2026,7 @@ ask_keysize (int algo, unsigned int primary_keysize) | |
| case PUBKEY_ALGO_ECDSA: | |
| case PUBKEY_ALGO_ECDH: | |
| min=256; | |
| - def=256; | |
| + def=384; | |
| max=521; | |
| break; | |
| diff --git a/g10/main.h b/g10/main.h | |
| index 4ec4bbf..6b2ee6f 100644 | |
| --- a/g10/main.h | |
| +++ b/g10/main.h | |
| @@ -30,9 +30,9 @@ | |
| (i.e. uncompressed) rather than 1 (zip). However, the real world | |
| issues of speed and size come into play here. */ | |
| -#define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5 | |
| -#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1 | |
| -#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1 | |
| +#define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES256 | |
| +#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA512 | |
| +#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA256 | |
| #ifdef HAVE_ZIP | |
| # define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP | |
| #else | |
| diff --git a/g10/sign.c b/g10/sign.c | |
| index 907d8c5..ba6c42a 100644 | |
| --- a/g10/sign.c | |
| +++ b/g10/sign.c | |
| @@ -444,15 +444,30 @@ hash_for (PKT_public_key *pk) | |
| } | |
| else if (recipient_digest_algo) | |
| { | |
| - return recipient_digest_algo; | |
| + switch (recipient_digest_algo) { | |
| + case DIGEST_ALGO_SHA1: | |
| + case DIGEST_ALGO_MD5: | |
| + case DIGEST_ALGO_RMD160: | |
| + return DIGEST_ALGO_SHA256; | |
| + default: | |
| + return recipient_digest_algo; | |
| + } | |
| } | |
| else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA | |
| && openpgp_oid_is_ed25519 (pk->pkey[0])) | |
| { | |
| - if (opt.personal_digest_prefs) | |
| - return opt.personal_digest_prefs[0].value; | |
| - else | |
| + if (opt.personal_digest_prefs) { | |
| + switch (opt.personal_digest_prefs[0].value) { | |
| + case DIGEST_ALGO_SHA1: | |
| + case DIGEST_ALGO_MD5: | |
| + case DIGEST_ALGO_RMD160: | |
| + return DIGEST_ALGO_SHA256; | |
| + default: | |
| + return opt.personal_digest_prefs[0].value; | |
| + } | |
| + } else { | |
| return DIGEST_ALGO_SHA256; | |
| + } | |
| } | |
| else if (pk->pubkey_algo == PUBKEY_ALGO_DSA | |
| || pk->pubkey_algo == PUBKEY_ALGO_ECDSA) | |
| @@ -463,6 +478,8 @@ hash_for (PKT_public_key *pk) | |
| qbytes = ecdsa_qbits_from_Q (qbytes); | |
| qbytes = qbytes/8; | |
| + // Question: Does this ensure RFC6637 compliance? | |
| + | |
| /* It's a DSA key, so find a hash that is the same size as q or | |
| larger. If q is 160, assume it is an old DSA key and use a | |
| 160-bit hash unless --enable-dsa2 is set, in which case act | |
| @@ -518,7 +535,11 @@ hash_for (PKT_public_key *pk) | |
| { | |
| /* It's not DSA, so we can use whatever the first hash algorithm | |
| is in the pref list */ | |
| - return opt.personal_digest_prefs[0].value; | |
| + if (opt.personal_digest_prefs[0].value == DIGEST_ALGO_SHA1) { | |
| + return DIGEST_ALGO_SHA256; | |
| + } else { | |
| + return opt.personal_digest_prefs[0].value; | |
| + } | |
| } | |
| else | |
| return DEFAULT_DIGEST_ALGO; | |
| @@ -1359,11 +1380,10 @@ sign_symencrypt_file (const char *fname, | |
| strlist_t locusr) | |
| } | |
| /* We have no way to tell if the recipient can handle messages | |
| - with an MDC, so this defaults to no. Perhaps in a few years, | |
| + with an MDC, so this defaulted to no. After many years, | |
| this can be defaulted to yes. Note that like regular | |
| encrypting, --force-mdc overrides --disable-mdc. */ | |
| - if(opt.force_mdc) | |
| - cfx.dek->use_mdc=1; | |
| + cfx.dek->use_mdc=1; | |
| /* now create the outfile */ | |
| rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment