diff options
| -rw-r--r-- | agent/protect.c | 7 | ||||
| -rw-r--r-- | doc/gpg-agent.texi | 3 |
2 files changed, 3 insertions, 7 deletions
diff --git a/agent/protect.c b/agent/protect.c index 09aa50352..a9de732a1 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -42,11 +42,6 @@ #include "../common/sexp-parse.h" -/* To use the openpgp-s2k3-ocb-aes scheme by default set the value of - * this macro to 1. Note that the caller of agent_protect may - * override this default. */ -#define PROT_DEFAULT_TO_OCB 0 - /* The protection mode for encryption. The supported modes for decryption are listed in agent_unprotect(). */ #define PROT_CIPHER GCRY_CIPHER_AES128 @@ -580,7 +575,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, int have_curve = 0; if (use_ocb == -1) - use_ocb = PROT_DEFAULT_TO_OCB; + use_ocb = opt.enable_extended_key_format; /* Create an S-expression with the protected-at timestamp. */ memcpy (timestamp_exp, "(12:protected-at15:", 19); diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index ca9d469fd..6aab646f0 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -579,7 +579,8 @@ the passphrase of a key will also convert the key to that new format. Using this option makes the private keys unreadable for gpg-agent versions before 2.1.12. The advantage of the extended private key format is that it is text based and can carry additional meta data. - +Note that this option also changes the key protection format to use +OCB mode. @anchor{option --enable-ssh-support} @item --enable-ssh-support |