* doc/gpg.texi (default-new-key-algo): Remind the user that this should come after any compliance modes, like --allow-old-cipher-algos.
-- GnuPG-bug-id: 7511 Signed-off-by: Daniel Kahn Gillmor <[email protected]> --- doc/gpg.texi | 3 ++- g10/gpg.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 7a709d170..5572cba7d 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3848,7 +3848,8 @@ generation. The @var{string} is similar to the arguments required for the command @option{--quick-add-key} but slightly different. You need to consult the source code to learn the details. Note that the advanced key generation commands can always be used to specify a key -algorithm directly. +algorithm directly. Setting a compliance mode will set or clear this +flag, so it should only be used after a compliance mode setting. @item --no-auto-trust-new-key @opindex no-auto-trust-new-key diff --git a/g10/gpg.c b/g10/gpg.c index 994b83b94..e16c92373 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2295,6 +2295,7 @@ set_compliance_option (enum cmd_and_opt_values option) opt.s2k_digest_algo = 0; opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO; opt.flags.allow_old_cipher_algos = 0; + opt.def_new_key_algo = NULL; break; case oOpenPGP: @@ -2310,6 +2311,7 @@ set_compliance_option (enum cmd_and_opt_values option) opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_3DES; opt.flags.allow_old_cipher_algos = 1; + opt.def_new_key_algo = "rsa3072/cert,sign+rsa3072/encr"; break; case oRFC2440: @@ -2323,6 +2325,7 @@ set_compliance_option (enum cmd_and_opt_values option) opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_3DES; opt.flags.allow_old_cipher_algos = 1; + opt.def_new_key_algo = "rsa3072/cert,sign+rsa3072/encr"; break; case oPGP7: -- 2.47.2 _______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
