added gnupg

1 files changed, 37 insertions, 0 deletions

diff --git a/repo/gnupg/0320-gpg-default-to-aes256.patch b/repo/gnupg/0320-gpg-default-to-aes256.patch
new file mode 100644
index 0000000..2d9a90f
--- /dev/null
+++ b/repo/gnupg/0320-gpg-default-to-aes256.patch
@@ -0,0 +1,37 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Thu, 7 Sep 2017 19:04:00 -0400
+Subject: gpg: default to AES-256.
+
+* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.
+
+--
+
+It's 2017, and pretty much everyone has AES-256 available.  Symmetric
+crypto is also rarely the bottleneck (asymmetric crypto is much more
+expensive).  AES-256 provides some level of protection against
+large-scale decryption efforts, and longer key lengths provide a hedge
+against unforseen cryptanalysis.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+(cherry picked from commit 73ff075204df09db5248170a049f06498cdbb7aa)
+---
+ g10/main.h | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/from-master/gpg-default-to-AES-256.patch
+
+diff --git a/g10/main.h b/g10/main.h
+index 68360e2..1983e42 100644
+--- a/g10/main.h
++++ b/g10/main.h
+@@ -31,7 +31,9 @@
+    (i.e. uncompressed) rather than 1 (zip).  However, the real world
+    issues of speed and size come into play here. */
+ 
+-#if GPG_USE_AES128
++#if GPG_USE_AES256
++# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES256
++#elif GPG_USE_AES128
+ # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES
+ #elif GPG_USE_CAST5
+ # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5