un-trusting MD5 in gpg
Werner Koch
wk at gnupg.org
Thu May 7 18:41:17 CEST 2009
On Thu, 7 May 2009 17:34, dshaw at jabberwocky.com said:
> --blacklist-digest-algo (name or number)
> --no-blacklist-digest-algo (name or number)
>
> Repeating the blacklist-digest-algo option can be done to add more
> than one algorithm to the blacklist. no-blacklist-digest-algo can be
> used to remove something from the list. Whoever gets in last (add to
> the list or remove from the list) wins.
Okay.
> A blacklisted digest will cause signature verification to fail with an
> appropriate error message along the lines of "digest algorithm is
> blacklisted" (internally, GPG_ERR_BLACKLISTED_DIGEST or the like).
The name of the erro code is too specific. GPG_ERR_DISABLED_DIGEST is
better; if you like the error message may say "...disabled or blacklisted".
> A key certification created with a blacklisted digest will not be part
> of the web of trust.
>
> A blacklisted digest will also not be usable when creating a signature/
> certification, with the same sort of error returned.
>
> This does not affect the use of the digest in things like --print-md.
Okay.
> gpg --version will flag blacklisted algorithms by putting them in
> [brackets].
Not okay, see my other mail.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel
mailing list