[openpgp] SHA-2 support should be mandatory – change defaults

Werner Koch wk at gnupg.org
Thu Aug 14 11:42:21 CEST 2014


On Wed, 13 Aug 2014 05:41, dshaw at jabberwocky.com said:

> Maybe the answer is to remove the things to generate PGP 2 messages
> specifically, and leave the other stuff?  That feels a bit messy.

Did this for 2.1.  The options --pgp2 and --rfc1991 are completely
gone.  Unless --allow-weak-digest-algos is used some signature
verification hacks are also not anymore used - actually the signature
verification would have been skipped at a later point but this safes us
a useless double hashing of the message

> I'd remove them as well.  They're much easier to remove than --pgp2 as they only affect very specific (and few) places in the code.

These options are no dummy options for 2.1.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list