[openpgp] SHA-2 support should be mandatory – change defaults

Werner Koch wk at gnupg.org
Thu Aug 14 11:42:21 CEST 2014

On Wed, 13 Aug 2014 05:41, dshaw at jabberwocky.com said:

> Maybe the answer is to remove the things to generate PGP 2 messages
> specifically, and leave the other stuff?  That feels a bit messy.

Did this for 2.1.  The options --pgp2 and --rfc1991 are completely
gone.  Unless --allow-weak-digest-algos is used some signature
verification hacks are also not anymore used - actually the signature
verification would have been skipped at a later point but this safes us
a useless double hashing of the message

> I'd remove them as well.  They're much easier to remove than --pgp2 as they only affect very specific (and few) places in the code.

These options are no dummy options for 2.1.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list