Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0eeb5498cc
NetBSD/crypto/external/bsd
History
agc 0eeb5498cc One more reason not to use DSA keys: 
The DSA algorithm seems to require a digest value which is 20 bytes
long, which kind of implies SHA-1.

If we have a DSA signature, use SHA-1 as a hash algorithm, for backwards
compatibility. RSA signatures continue to use SHA256 by default, although
this can be given as an argument, if desired.

This fixes DSA signatures with netpgp:

% netpgp --sign --userid d4a643c5 a
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid              Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% netpgp --verify a.gpg
Good signature for a.gpg made Tue May 18 05:41:25 2010
using DSA key 8222c3ecd4a643c5
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid              Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
%
2010-05-19 02:50:16 +00:00
..
netpgp One more reason not to use DSA keys: 2010-05-19 02:50:16 +00:00
openssh Fix .Dd format. 2010-05-14 01:46:04 +00:00
openssl Regen with modern pod2man and drop trailing whitespace. 2010-04-12 18:03:46 +00:00
Makefile Move openssl to the front of SUBDIR list and add .WAIT after it since 2010-03-20 02:07:33 +00:00