From: Daniel Kahn Gillmor Date: Wed, 3 Jan 2018 12:34:26 -0500 Subject: gpg: Prefer SHA-512 and SHA-384 in personal-digest-preferences. * g10/keygen.c (keygen_set_std_prefs): prefer SHA-512 and SHA-384 by default. -- In 8ede3ae29a39641a2f98ad9a4cf61ea99085a892, upstream changed the defaults for --default-preference-list to advertise a preference for SHA-512, without touching --personal-digest-preferences. This makes the same change for --personal-digest-preferences, since every modern OpenPGP library supports them all. Signed-off-by: Daniel Kahn Gillmor --- g10/keygen.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch diff --git a/g10/keygen.c b/g10/keygen.c index 79d4579..cb92468 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -391,16 +391,16 @@ keygen_set_std_prefs (const char *string,int personal) if (personal) { /* The default internal hash algo order is: - * SHA-256, SHA-384, SHA-512, SHA-224, SHA-1. + * SHA-512, SHA-384, SHA-256, SHA-224, SHA-1. */ - if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) - strcat (dummy_string, "H8 "); + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) + strcat (dummy_string, "H10 "); if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384)) strcat (dummy_string, "H9 "); - if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) - strcat (dummy_string, "H10 "); + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) + strcat (dummy_string, "H8 "); } else {