Generating a new key
dshaw at jabberwocky.com
Sun Mar 21 05:10:17 CET 2010
On Mar 20, 2010, at 11:40 PM, Faramir wrote:
> Another thing to consider, is SHA is not as safe as it used to be, and
> it it becomes easily crackeable, signatures issued using SHA can become
> unsafe. So maybe you'd like to use SHA-256 instead of SHA-128. If I'm
> not wrong, you would need to add the following lines to your gpg.conf
> file, before generating your key:
> s2k-digest-algo SHA256
> cert-digest-algo SHA256
> The first line tells gnupg to use SHA-256 instead of SHA-1 to mangle the
> passphrases. I don't really know what is that mangling thing, but if the
> idea is to replace SHA-1 with SHA-256, it can be useful. (I have a bad
> feeling about telling other people to use that line).
It's what GnuPG uses (in combination with a few other things) to convert your typeable-by-a-human passphrase into the symmetric key used to encrypt the secret key: S2K stands for "String to Key". It's okay to use SHA-256 here, but note that it means you might have problems moving your secret key to a different program that doesn't support SHA-256. There aren't a vast number of current programs that don't support SHA-256 these days, but there are some pretty old installations out there.
Incidentally, you don't have to set s2k-digest-algo before you generate your key. If you want to "upgrade" an existing key passphrase so it is mangled via SHA-256, just set the s2k-digest-algo and change the passphrase (you can even change it to what it is currently set to - it's the change at all that causes the passphrase to be remangled).
A somewhat larger risk here is that the s2k-digest-algo also applies to symmetrically encrypted data (i.e. gpg --symmetric). You need to make sure your recipient can handle it before using it.
> The second line tells gnupg to use SHA-256 instead of SHA-1 for signing
> other keys.
And also your own key (in the self-signatures that contain the preferences and other key items).
> But beware, older implementations of PGP maybe won't be able to read
> SHA-256 (but probably, these implementations are outdated).
Yes, they are outdated, but they do exist. How common they are depends on your community. If you're talking about the open-source community or people on this list, for example, I'd be surprised to see more than a small number. If you're talking about code that was installed a while back, then you'd likely see more that can't handle it.
More information about the Gnupg-users