How to Determine Digest Algorithm

Kristian Fiskerstrand newsaccount at kfwebs.net
Tue Dec 19 13:54:07 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Patrick Brunschwig wrote, On 12/19/2006 09:33 AM:
> I'm trying to find a good way to determine the digest algorithm that
> GnuPG uses for a signed message. My problem is this: for PGP/MIME signed
> messages, I need to know the algorithm before the message is created.
> Therefore I create a signed dummy message, and extract from it the hash
> algorithm. However, the problem is that this requires the user to type
> the passphrase twice, which I would like to avoid.

If the gpg-agent is used it would be cached. Ditto for the password
handling you're using in Enignamil

> 
> Is there a better way to determine the hash algorithm without actually
> creating a signed message?
> 

In my opinion the digest algorithm is better decided by the sender in
the first place. The message might not be addressed to everyone that is
supposed to verify it at a later point, and the digest itself should be
based upon the senders requirements.

e.g. I wouldn't sign a contract with an md5 digest algorithm, in the
light of the work being done on cracking such a message digest, because
that was the only common denominator. Then I'd rather ask the others to
upgrade.

Post scriptum! I've been experimenting a bit with the gnupg key
generation lately, and have at least a keyset of 15360 bit keys
generated ( http://www.kfwebs.net/news/603/15360-bit-OpenPGP-key )

- --
- ----------------------------
Kristian Fiskerstrand
http://www.kfwebs.net
- ----------------------------
http://www.secure-my-email.com
http://www.secure-my-internet.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRYfEuhbgz41rC5UIAQgXxA/+MJmQLEb9ghqETy+fJhvzIkR1zpgu+x8i
A9EXMl8fBQsYs3P9K1Q1y6puen16+aZG0cRH8xMCCl0OiC720jBiuRfC2pX+6Z7f
q3BjQPlhtrdbXE7u6Ar2KM/6h+n0VoKQ0xGZJoXg2Aqlin64LFRNo1OTTIO5jQgw
wG5RmxX8YbxvWKZk+cK5tTuGIgpofEotHBUZ6aPtqZBJMJKS41pdVdwtobcW+eDn
yKYTRYjrg/wUMUTwTKzUrLe1iBdmVv36mwHMiwOdE3koITkmcdsv7rYUS5s0k7KZ
0WWRiuKXQDVkDOJ/kaZh+FHFbaoxhAUio183tSZegZX1eJphrow1jUPLLSJw6Td9
/XVjROqfKWgaxwd+khcVqClwVSyUfIUbnXTzinNWL2soiqeSPkMR0Uws1Fq0jYF+
9s1gAdMjABUny/DazFOYPK4ue3JCJNgvsX4ISGG/7hC8eiurli0Owr/kRGX/sIpj
L1dip/kP5CeWavaVFrJnyBx36DHRGMUADqZSMUvE9cdaXsAOIdxDPzt74Ezhkuj6
/9tBg9w6PKcFkIzkin0AW261wA/2gizxPniEGD7Yd/ZsoC1acUO32EftBPllZjIt
qc9kUFAy1EDWzS4lLo/tk3aT8ZV1vZfMQw7SyUsdhXyysY6fTqqDhSznSTA1boiE
5dIi9/xjZIs=
=dgPO
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list