force-v4-certs and digest-algo

David Shaw dshaw at
Fri May 10 00:31:01 CEST 2002

On Thu, May 09, 2002 at 08:55:13PM +0000, Brian M. Carlson wrote:
> On Thu, May 09, 2002 at 03:51:08PM -0400, David Shaw wrote:
> > On Thu, May 09, 2002 at 07:40:24PM +0000, Brian M. Carlson wrote:
> > 
> > > I have set force-v4-certs in my options file. I also have
> > > digest-algo RIPEMD160 set. Yet, my signatures still are made with
> > > SHA1, which I deprecate strongly.  If I have a preference on my key,
> > > I'd prefer that gpg choose that, unless I choose a digest-algo
> > > option, in which case gpg uses that. gpg has done neither.
> > 
> > Let me make sure I understand what you are doing.  You want your key
> > signatures - not data signatures - to use RIPEMD160 and not SHA1?
> > 
> > --digest-algo only applies to data signatures.
> > 
> > Why do you strongly deprecate SHA1?
> SHA1 was created by the US government. I feel that the US government does not
> have its citizens best interest at heart in the realm of cryptography, and
> sometimes not with privacy in general. I prefer RIPEMD160 as it was created
> independently outside of the US. Anyway, whatever my reason, shouldn't it
> be my choice?

Sure, I'm just curious.

There is one "danger" of making RIPEMD160 key signatures, in that it
is not a required algorithm in OpenPGP.  There can be implementations
that do not support it, and so key signatures using it are not
universally usable.  This means that two different implementations may
have two different views of the web of trust, which is not a great

That said, they're your signatures, and you need to make them in a way
that you are comfortable with.  The two "bigs", PGP and GnuPG both
support RIPEMD160.

> digest-algo has worked before, with my RSA key and with my ElGamal
> 20 key (see sig) on key signatures. I might be able to dig them up
> for you.

ElGamal key signatures use RIPEMD160 by default.  What version of
GnuPG did you do the RSA one with?  It certainly couldn't have been
1.0.6 or 1.0.7.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list