GnuPG 1.3.4 SHA256 problem?

David Shaw dshaw at jabberwocky.com
Tue Dec 2 09:35:10 CET 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Tue, Dec 02, 2003 at 07:39:39AM -0600, Joe Vender wrote:

> It would be very helpful to have the possibility to be able to
> enter seperate RSAV4-digest-algo and DSA-Digest-algo choices in
> the gpg.conf file. That way, the user could, by default, use the
> SHA256 hash if choosing an RSAv4 key and either the SHA1 or
> RIPEMD160 if choosing a DSA key, without having to alter the
> gpg.conf when going between RSAv4/DSA keys.

  personal-digest-preferences sha256 sha1

That will use SHA256 when possible, and SHA-1 otherwise.  You could
actually leave off the "sha1" at the end since that is the default.
Just list all hashes you want to use, ranked in preference order.

> When using the SHA256 hash with the DSA key, I was prompted for
> a passphrase, which led me to believe that the settings would
> work, and the partial output was confusing, since I wasn't aware
> that it wouldn't work. When the SHA256 hash is released
> (read/write) as part of the next production stable gnupg, new
> gpg users will probably make the same mistake trying to use
> SHA256 with a DSA key.

I'm not sure I get this.  You tried something that is impossible, and
you got an error message ("DSA requires the use of a 160 bit hash
algorithm") saying so.  Where's the problem?

SHA256 is unlikely to be made read/write in the stable GnuPG until the
unstable GnuPG becomes the stable one (1.4).

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.5-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iHEEAREDADEFAj/Mox4qGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJAfEAnjYaqh5EYOjeqBCZbfja+tucbI0FAJ4j
2q7JOYbadC+3h6Q1/R3QF8DS6w==
=afaH
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list