Kevin J. McCarthy wrote:
> I'm attaching a patch that instead creates a default of "des3" for the
> smime_encrypt_with option. Since it doesn't work unset, the patch
> removes the comment about that. The manual will now list
> Default: "des3".
> for smime_encrypt_with.
>
> I'd appreciate if you would check to make sure the patch works.
It works.
But I'd recommend aes256.
see
http://en.wikipedia.org/wiki/Data_Encryption_Standard#Security_and_cryptanalysis
I'm attaching a patch that instead creates a default of "aes256".
Michael Schwipps
diff -r 1235dd48ef3f contrib/smime.rc
--- a/contrib/smime.rc Sat Jan 31 20:05:30 2015 -0800
+++ b/contrib/smime.rc Tue Feb 03 12:44:40 2015 +0100
@@ -60,7 +60,7 @@
# Algorithm to use for encryption.
# valid choices are aes128, aes192, aes256, rc2-40, rc2-64, rc2-128, des, des3
-set smime_encrypt_with="des3"
+set smime_encrypt_with="aes256"
# Encrypt a message. Input file is a MIME entity.
set smime_encrypt_command="openssl smime -encrypt -%a -outform DER -in %f %c"
diff -r 1235dd48ef3f init.h
--- a/init.h Sat Jan 31 20:05:30 2015 -0800
+++ b/init.h Tue Feb 03 12:44:40 2015 +0100
@@ -2687,12 +2687,11 @@
** possible \fCprintf(3)\fP-like sequences.
** (S/MIME only)
*/
- { "smime_encrypt_with", DT_STR, R_NONE, UL &SmimeCryptAlg, 0 },
+ { "smime_encrypt_with", DT_STR, R_NONE, UL &SmimeCryptAlg, UL "aes256"
},
/*
** .pp
** This sets the algorithm that should be used for encryption.
** Valid choices are ``aes128'', ``aes192'', ``aes256'', ``des'', ``des3'',
``rc2-40'', ``rc2-64'', ``rc2-128''.
- ** If \fIunset\fP, ``3des'' (TripleDES) is used.
** (S/MIME only)
*/
{ "smime_get_cert_command", DT_STR, R_NONE, UL &SmimeGetCertCommand, 0},
