DSA2 and recipient preferences

Alphax alphasigmax at gmail.com
Sun Jun 4 02:58:17 CEST 2006 

David Shaw wrote:
> On Sat, Jun 03, 2006 at 10:33:10PM +0200, Qed wrote:
>> Playing with DSA2 keys(gnupg 1.4.4-svn4149) I've noticed a potentially
>> problematic behaviour when mixing old and new keys.
>>
>> Suppose you have three keys:
>> # <mybigDSA2> is your key and is a 3072DSA(q=256)
>> # <recentKEY> is a key that has the following digest prefs: SHA1,
>> SHA256, RIPEMD160
>> # <oldKEY> is a key with the following(rather common) digest prefs:
>> SHA1, RIPEMD160
>> and you have personal-digest-preferences "H10 H9 H8 H3 H2" in your
>> gpg.conf.
>>
>> with "gpg -u <mybigDSA2> -s -e --encrypt-to <mybigDSA2> -r <recentKEY>"
>> we obtain a DSA/SHA256 signature, correct.
>>
>> with "gpg -u <mybigDSA2> -s -e --encrypt-to <mybigDSA2> -r <oldKEY>"
>> we obtain a DSA/SHA512(truncated to 256bits) signature without ANY warning.
>>
>> with "gpg -u <mybigDSA2> -s -e --encrypt-to <mybigDSA2> -r <recentKEY>
>> -r <oldKEY>"
>> again we obtain a DSA/SHA512 sig without warnings, thus violating the
>> preferences of both recipients.
> 
> Not a bug, just a no-way-out situation.  You told GPG to sign using a
> q=256 key, so the hash has to be 256 bits or larger.  At the same
> time, you told GPG that it had to use either SHA1 or RIPEMD160, both
> of which are 160 bits.  In the case where GPG simply cannot come up
> with a hash that pleases everyone, it goes with what the signing key
> is capable of (i.e. 256 or larger) joined with your
> personal-digest-prefs.  Thus it chose SHA512: larger than 256 bits so
> the signing key was happy, and 512 because you listed it first.
> 
> I sympathize about the desire for a warning message here, but remember
> that this would mean a warning message for almost every signature made
> with a DSA2 key.  Any time you have a DSA2 key signing and encrypting
> to an older key without SHA256 (which are a significant majority of
> keys at this point) you would get a warning.  In such a situation,
> warnings become meaningless.
<snip>

How many people genuinely can't handle SHA256? Only pre-PGP 8 users?

-- 
                Alphax
        Death to all fanatics!
  Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 569 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060604/7ccca805/signature.pgp

More information about the Gnupg-devel mailing list