assistant: When generating a gpg secret key, avoid hardcoding the key algorithm and size
This aims to future-proof gpg key generation. OpenPGP is in flux with a conflict over standards ongoing. It seems not unlikely that different systems will have different gpg commands that support different algorithms. This also simplifies the code by using the --quick-gen-key interface rather than the experimental batch interface. It seems less likely that --quick-gen-key will break than an experimental interface (whose documentation I can no longer find). --quick-gen-key is supported since gpg 2.1.0 (2014). Sponsored-by: Graham Spencer on Patreon
This commit is contained in:
Joey Hess
parent
d37dbd62b8
commit
de6a297d36
4 changed files with 21 additions and 39 deletions
|
|
@ -54,7 +54,7 @@ withNewSecretKey :: (KeyId -> Handler Html) -> Handler Html
|
|||
withNewSecretKey use = do
|
||||
cmd <- liftAnnex $ gpgCmd <$> Annex.getGitConfig
|
||||
userid <- liftIO $ newUserId cmd
|
||||
liftIO $ genSecretKey cmd RSA "" userid maxRecommendedKeySize
|
||||
liftIO $ genSecretKey cmd "" userid
|
||||
results <- M.keys . M.filter (== userid) <$> liftIO (secretKeys cmd)
|
||||
case results of
|
||||
[] -> giveup "Failed to generate gpg key!"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue