GnuPG 1.3.4 SHA256 problem?
jvender at owensboro.net
Tue Dec 2 07:39:39 CET 2003
-----BEGIN PGP SIGNED MESSAGE-----
> On Mon, Dec 01, 2003 at 11:19:14AM -0600, Joe Vender wrote:
>> I've compiled the gnupg 1.3.4 code which is on the download
>> MinGW on windows and am using it on windows. When I set
>> digest-algo SHA256
>> in my gpg.conf file, and then try to clearsign (or anything
else), I get
>> the following:
>> "DSA requires the use of 160 bit hash algorithm
>> clearsign failed: general error"
>> If I use SHA1 as the digest-algo, everything seems to work. I
>> that this version was supposed to have SHA256 read and write
>> What am I doing wrong?
> SHA256 is a 256-bit hash. As the error says, DSA requires a
> SHA256 is only useful if you are using RSA.
After digging some more, I finally figured out what I was doing
wrong. After generating a new RSA key, the SHA256 hash is
working. On point though that I thought was strange behavior
When trying to use the SHA256 hash with a DSA key and trying to
clearsign text consisting of the word "test" in a file, it would
- -----BEGIN PGP SIGNED MESSAGE-----
and stop, since it couldn't create the signature. Shouldn't
there be some kind of check that the key is using a compatible
hash *before* asking for a passphrase and not even try to output
any text, as above, if the hash won't work? Or, maybe offer a
choice of compatible hashes or an abort before asking for the
It would be very helpful to have the possibility to be able to
enter seperate RSAV4-digest-algo and DSA-Digest-algo choices in
the gpg.conf file. That way, the user could, by default, use the
SHA256 hash if choosing an RSAv4 key and either the SHA1 or
RIPEMD160 if choosing a DSA key, without having to alter the
gpg.conf when going between RSAv4/DSA keys.
When using the SHA256 hash with the DSA key, I was prompted for
a passphrase, which led me to believe that the settings would
work, and the partial output was confusing, since I wasn't aware
that it wouldn't work. When the SHA256 hash is released
(read/write) as part of the next production stable gnupg, new
gpg users will probably make the same mistake trying to use
SHA256 with a DSA key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.4 (MingW32) - GPGshell v3.00
-----END PGP SIGNATURE-----
More information about the Gnupg-devel