Avoid making SHA1 signatures.

author: Joe Crayne <joe@jerkface.net> 2020-05-06 04:03:59 -0400
committer: Joe Crayne <joe@jerkface.net> 2020-05-06 11:52:18 -0400
commit: 9058b14426d159651df10e47a26f81110ed89c02 (patch)
tree: f4e5ebfb42a1b5bdbab820d8ec00b4292992eaf9
parent: 6699e70f9197ea901b9f8ad5ac0818682e335cff (diff)
2 files changed, 5 insertions, 8 deletions
diff --git a/lib/KeyRing/BuildKeyDB.hs b/lib/KeyRing/BuildKeyDB.hs
index 3fe1d17..44952de 100644
--- a/lib/KeyRing/BuildKeyDB.hs
+++ b/lib/KeyRing/BuildKeyDB.hs
@@ -688,7 +688,7 @@ insertSubkey transcode kk (KeyData top topsigs uids subs) tags inputfile key0 =
                try wkun' $ \wkun -> do
                sig_ov <- pgpSign (Message [wkun])
                                  tor_ov
-                                  SHA1
+                                  SHA256
                                  (show $ fingerprint wkun)
                flip (maybe $ return $ KikiSuccess (uids,[(fname, WarnFailedToMakeSignature)]))
                     (sig_ov >>= listToMaybe . signatures_over)
diff --git a/lib/Transforms.hs b/lib/Transforms.hs
index 7e4d288..6250dea 100644
--- a/lib/Transforms.hs
+++ b/lib/Transforms.hs
@@ -472,7 +472,6 @@ keyFlags0 wkun uidsigs = concat
    preferredhash = filterOr ispreferedhash subs $
               PreferredHashAlgorithmsPacket
                              [ SHA256
-                              , SHA1
                              , SHA384
                              , SHA512
                              , SHA224
@@ -581,9 +580,7 @@ makeSig doDecrypt top fname subkey_p tags mbsig = do
                                         (sigpackets 0x19
                                                     hashed0
                                                     [IssuerPacket subgrip]))
-                        (if key_algorithm (head parsedkey)==ECDSA
+                        SHA256
-                            then SHA256
-                            else SHA1)
                        subgrip
    let iss = IssuerPacket (show $ fingerprint wk)
        cons_iss back_sig = iss : map EmbeddedSignaturePacket (signatures_over back_sig)
@@ -595,7 +592,7 @@ makeSig doDecrypt top fname subkey_p tags mbsig = do
                                        (sigpackets 0x18
                                                   hashed0
                                                   unhashed0))
-                      SHA1
+                      SHA256
                      grip
    let newSig = do
            r <- addOrigin new_sig
@@ -628,7 +625,7 @@ makeSig doDecrypt top fname subkey_p tags mbsig = do
                           (SubkeySignature wk
                                            (packet subkey_p)
                                            [sig'] )
-                           SHA1
+                           SHA256
                           (show $ fingerprint wk)
        newsig <- addOrigin new_sig
        return $ fmap (,[]) newsig
@@ -698,7 +695,7 @@ performManipulations doDecrypt rt wk manip = do
                new_sig <- maybeToList new_sig
                guard (null $ selfsigs)
                signatures_over new_sig
-        sigr <- pgpSign (Message [wkun]) sigOver SHA1 (show $ fingerprint wkun)
+        sigr <- pgpSign (Message [wkun]) sigOver SHA256 (show $ fingerprint wkun)
        let f ::([SigAndTrust],OriginMap) -> ([SigAndTrust],OriginMap)
            f x = ( map ( (,Map.empty) . toMappedPacket om) (additional sigr) ++ fst x
                  , om `Map.union` snd x )
author	Joe Crayne <joe@jerkface.net>	2020-05-06 04:03:59 -0400
committer	Joe Crayne <joe@jerkface.net>	2020-05-06 11:52:18 -0400
commit	9058b14426d159651df10e47a26f81110ed89c02 (patch)
tree	f4e5ebfb42a1b5bdbab820d8ec00b4292992eaf9
parent	6699e70f9197ea901b9f8ad5ac0818682e335cff (diff)