[svn] GnuPG - r5017 - in trunk: doc g10

svn author wk cvs at cvs.gnupg.org
Wed May 20 11:57:10 CEST 2009 

Author: wk
Date: 2009-05-20 11:57:10 +0200 (Wed, 20 May 2009)
New Revision: 5017

Modified:
   trunk/doc/ChangeLog
   trunk/doc/gpg.texi
   trunk/g10/ChangeLog
   trunk/g10/keygen.c
Log:
Allow generation of DSA2 keys without --enable-dsa2.


Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2009-05-20 09:08:48 UTC (rev 5016)
+++ trunk/doc/ChangeLog	2009-05-20 09:57:10 UTC (rev 5017)
@@ -1,3 +1,8 @@
+2009-05-20  Werner Koch  <wk at g10code.com>
+
+	* gpg.texi (GPG Configuration Options): Explain new meaning of
+	--enable-dsa2.
+
 2009-03-16  David Shaw  <dshaw at jabberwocky.com>
 
 	* gpg.texi (GPG Configuration Options): Document keyserver-options

Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2009-05-20 09:08:48 UTC (rev 5016)
+++ trunk/g10/ChangeLog	2009-05-20 09:57:10 UTC (rev 5017)
@@ -1,8 +1,12 @@
 2009-05-20  Werner Koch  <wk at g10code.com>
 
+	* keygen.c (ask_keysize): Allow selection of DSA key size even
+	without --enable-dsa2.
+	(gen_dsa): Remove size check.
+
 	* keygen.c (ask_key_flags): Fix bug in the translation check.
 	Fixes bug#1056.
-
+	
 2009-05-18  Daiki Ueno  <ueno at unixuser.org>  (wk)
 
 	* encode.c (encode_simple): Tell passphrase_to_dek to cache

Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi	2009-05-20 09:08:48 UTC (rev 5016)
+++ trunk/doc/gpg.texi	2009-05-20 09:57:10 UTC (rev 5017)
@@ -1093,10 +1093,10 @@
 
 @item --enable-dsa2
 @itemx --disable-dsa2
-Enables new-style DSA keys which (unlike the old style) may be larger
-than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note
-that very few programs currently support these keys and signatures
-from them.
+Enable hash truncation for all DSA keys even for old DSA Keys up to
+1024 bit.  This is also the default with @option{--openpgp}.  Note
+that older versions of GnuPG also required this flag to allow the
+generation of DSA larger than 1024 bit.
 
 @item --photo-viewer @code{string}
 This is the command line that should be run to view a photo ID. "%i"

Modified: trunk/g10/keygen.c
===================================================================
--- trunk/g10/keygen.c	2009-05-20 09:08:48 UTC (rev 5016)
+++ trunk/g10/keygen.c	2009-05-20 09:57:10 UTC (rev 5017)
@@ -1263,7 +1263,7 @@
   gcry_sexp_t misc_key_info;
   unsigned int qbits;
 
-  if ( nbits < 512 || (!opt.flags.dsa2 && nbits > 1024)) 
+  if ( nbits < 512) 
     {
       nbits = 1024;
       log_info(_("keysize invalid; using %u bits\n"), nbits );
@@ -1768,16 +1768,8 @@
   switch(algo)
     {
     case PUBKEY_ALGO_DSA:
-      if(opt.flags.dsa2)
-	{
-	  def=2048;
-	  max=3072;
-	}
-      else
-	{
-	  tty_printf(_("DSA keypair will have %u bits.\n"),1024);
-	  return 1024;
-	}
+      def=2048;
+      max=3072;
       break;
 
     case PUBKEY_ALGO_RSA:

More information about the Gnupg-commits mailing list