[PATCH] default-preference-list: prefer SHA512.

Thu Sep 28 14:32:26 CEST 2017

* g10/keygen.c (keygen_set_std_prefs): when producing default internal
  personal-digest-preferences, keep the same order.  When publishing
  external preferences, state preference for SHA512 first.

--

SHA-512 has a wider security margin than SHA-256.  It is also slightly
faster on most of the architectures on which GnuPG runs today.  New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.

Specifically, this changes --default-preference-list from:

   SHA256 SHA384 SHA512 SHA224

to:

   SHA512 SHA384 SHA256 SHA224

This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.

Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
 g10/keygen.c | 35 ++++++++++++++++++++++++-----------
 1 file changed, 24 insertions(+), 11 deletions(-)

diff --git a/g10/keygen.c b/g10/keygen.c
index e959ee901..3235fdd5d 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -382,18 +382,31 @@ keygen_set_std_prefs (const char *string,int personal)
 	      strcat(dummy_string,"S7 ");
 	    strcat(dummy_string,"S2 "); /* 3DES */
 
-            /* The default hash algo order is:
+            if (personal) {
+              /* The default internal hash algo order is:
                  SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.
-             */
-	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
-	      strcat (dummy_string, "H8 ");
-
-	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
-	      strcat (dummy_string, "H9 ");
-
-	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
-	      strcat (dummy_string, "H10 ");
-
+              */
+              if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
+                strcat (dummy_string, "H8 ");
+
+              if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
+                strcat (dummy_string, "H9 ");
+
+              if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
+                strcat (dummy_string, "H10 ");
+            } else {
+              /* The default advertised hash algo order is:
+                 SHA-512, SHA-384, SHA-256, SHA-224, SHA-1.
+              */
+              if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
+                strcat (dummy_string, "H10 ");
+
+              if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
+                strcat (dummy_string, "H9 ");
+
+              if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
+                strcat (dummy_string, "H8 ");
+            }
 	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
 	      strcat (dummy_string, "H11 ");
 
-- 
2.14.1


