[Pkg-gnupg-commit] [gnupg2] 105/124: agent: Use OCB for key protection with --enable-extended-key-format.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Apr 5 15:55:37 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit d24375271b97e45deaeb1ef0a8434c64066ba2e8
Author: Werner Koch <wk at gnupg.org>
Date: Sun Apr 2 20:02:55 2017 +0200
agent: Use OCB for key protection with --enable-extended-key-format.
* agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
(agent_protect): Make the default protection mode depend on the extend
key format option.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
agent/protect.c | 7 +------
doc/gpg-agent.texi | 3 ++-
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/agent/protect.c b/agent/protect.c
index 09aa503..a9de732 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -42,11 +42,6 @@
#include "../common/sexp-parse.h"
-/* To use the openpgp-s2k3-ocb-aes scheme by default set the value of
- * this macro to 1. Note that the caller of agent_protect may
- * override this default. */
-#define PROT_DEFAULT_TO_OCB 0
-
/* The protection mode for encryption. The supported modes for
decryption are listed in agent_unprotect(). */
#define PROT_CIPHER GCRY_CIPHER_AES128
@@ -580,7 +575,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
int have_curve = 0;
if (use_ocb == -1)
- use_ocb = PROT_DEFAULT_TO_OCB;
+ use_ocb = opt.enable_extended_key_format;
/* Create an S-expression with the protected-at timestamp. */
memcpy (timestamp_exp, "(12:protected-at15:", 19);
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index ca9d469..6aab646 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -579,7 +579,8 @@ the passphrase of a key will also convert the key to that new format.
Using this option makes the private keys unreadable for gpg-agent
versions before 2.1.12. The advantage of the extended private key
format is that it is text based and can carry additional meta data.
-
+Note that this option also changes the key protection format to use
+OCB mode.
@anchor{option --enable-ssh-support}
@item --enable-ssh-support
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list