blacklisting MD5 in gpg [was: Re: un-trusting MD5 in gpg]

David Shaw dshaw at
Thu May 7 17:12:45 CEST 2009

On May 7, 2009, at 10:37 AM, Daniel Kahn Gillmor wrote:

> On 05/07/2009 04:57 AM, Werner Koch wrote:
>> On Thu,  7 May 2009 00:04, dshaw at said:
>> I would prefer
>>  --blacklist-digest-algo NAME_or_NUMBER
>> The reason is that we do not need a specific order as with
>> personal-digest-preferences.  It makes implementation (cf. gpgconf)
>> easier and better matches other options related to algorithms.
> So if gpg eventually decides to blacklist MD5 by default, and a user
> throws caution to the winds and decides that they simply must rely on
> (or create) signatures over MD5, they'd do:
> --no-blacklist-digest-algo MD5
> is that right?

Sounds good.

> Should gpg --version somehow indicate algorithms which it knows about
> but which are blacklisted in the current configuration?

That's a good idea.  Maybe putting it in brackets or something like  
"[MD5]" to indicate that it exists, but isn't being used.


More information about the Gnupg-devel mailing list