Which Digest Algorithm to use?

Olaf Gellert og at pre-secure.de
Mon Mar 6 14:32:53 CET 2006

David Shaw wrote:
>> I do have some old PGP-2 keys (that are pretty well
>> connected in the WebOfTrust). I understand that PGP2
>> keys use MD5 as default hash algorithm and they do
>> not contain any fields to store adapted preferences.
>> But I still can use "--digest-algorithm" to create
>> SHA1 or SHA256 signatures. But what are the implications
>> of this? I guess GPG will successfully validate these
>> signatures. PGP2 will certainly not. What about PGP 6,
>> 7, 8, ...?
> There is a misunderstanding here.  PGP 2 keys don't use MD5 as a
> default hash algorithm.  They act just like any other key - they use
> the prefs on the *recipient* keys, filtered through
> personal-digest-prefs, and if all else fails, use SHA-1.

Well, it seems to be like this:

When I sign a PGP-2 key (which has no preferences)
with my own PGP2-key, MD5 is the default hash algorithm
(which makes some sense because PGP2 will probably not
be able to validate signatures based on other algorithms).

When I sign a PGP2 key with a newer key (DSA), it
would be SHA1 (even though the recipient will probably
not be able to validate this with his PGP2 program).



Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og at pre-secure.de

                        A daily view on Internet Attacks

More information about the Gnupg-users mailing list