OpenPGP card v1 does not support digest algorithm SHA256

David Shaw dshaw at jabberwocky.com
Tue Dec 29 23:28:06 CET 2009


On Dec 29, 2009, at 4:09 AM, Stefan Xenon wrote:

>> You don't give your full command, but I presume you have something like
>> "cert-digest-algo sha256" in your gpg.conf or on the command line.  That
>> isn't doable with a v1 card.
> 
> I started generating new keys as usual: gpg2 --card-edit / admin /
> generate and went through the menu with the default values. Also I did
> not modify my gpg.conf manually.
> 
> I assume gpg2 uses SHA256 by default but should have an exception for
> version 1 cards because they don't support the algorithm.

No.  gpg1 and gpg2 both use SHA1 by default.  The only way you can get SHA256 as a cert digest is if you either use DSA2 (which the cards don't use, as they are RSA only), or if you specifically configure for it.  I'd double check your gpg.conf.

Also note that in your original email, you indicated you were using gpg 1.4.10.

David




More information about the Gnupg-devel mailing list