From 19a76c00aed45f576956d20f933a952ec6bc918c Mon Sep 17 00:00:00 2001
From: David Blacka <david@blacka.com>
Date: Fri, 29 Mar 2024 21:43:32 -0400
Subject: [PATCH] update a few defaults

---
 src/main/java/com/verisignlabs/dnssec/cl/DSTool.java | 2 +-
 src/main/java/com/verisignlabs/dnssec/cl/KeyGen.java | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/verisignlabs/dnssec/cl/DSTool.java b/src/main/java/com/verisignlabs/dnssec/cl/DSTool.java
index 3054555..6134899 100644
--- a/src/main/java/com/verisignlabs/dnssec/cl/DSTool.java
+++ b/src/main/java/com/verisignlabs/dnssec/cl/DSTool.java
@@ -56,7 +56,7 @@ public class DSTool extends CLBase {
     public dsType createType = dsType.DS;
     public String outputfile = null;
     public String keyname = null;
-    public int digestId = DNSSEC.Digest.SHA1;
+    public int digestId = DNSSEC.Digest.SHA256;
 
     public CLIState() {
       super("jdnssec-dstool [..options..] keyfile");
diff --git a/src/main/java/com/verisignlabs/dnssec/cl/KeyGen.java b/src/main/java/com/verisignlabs/dnssec/cl/KeyGen.java
index 16b292b..f757d75 100644
--- a/src/main/java/com/verisignlabs/dnssec/cl/KeyGen.java
+++ b/src/main/java/com/verisignlabs/dnssec/cl/KeyGen.java
@@ -44,8 +44,8 @@ public class KeyGen extends CLBase {
    * state.
    */
   protected static class CLIState extends CLIStateBase {
-    public int algorithm = 8;
-    public int keylength = 1024;
+    public int algorithm = 13;
+    public int keylength = 2048;
     public boolean useLargeE = true;
     public String outputfile = null;
     public File keydir = null;
@@ -77,10 +77,10 @@ public class KeyGen extends CLBase {
       String[] algStrings = DnsKeyAlgorithm.getInstance().supportedAlgMnemonics();
       String algStringSet = String.join(" | ", algStrings);
       opts.addOption(Option.builder("a").hasArg().argName("algorithm")
-          .desc(algStringSet + " | alias, RSASHA256 is default.").build());
+          .desc(algStringSet + " | alias, ECDSAP256SHA256 is default.").build());
 
       opts.addOption(Option.builder("b").hasArg().argName("size").desc(
-          "key size, in bits (default 1024). RSA: [512..4096], DSA: [512..1024], DH: [128..4096], ECDSA: ignored, EdDSA: ignored")
+          "key size, in bits (default 2048). RSA: [512..4096], DSA: [512..1024], DH: [128..4096], ECDSA: ignored, EdDSA: ignored")
           .build());
       opts.addOption(Option.builder("f").hasArg().argName("file").longOpt("output-file")
           .desc("base filename from the public/private key files").build());