blacklisting MD5 in gpg

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu May 7 19:09:41 CEST 2009


On 05/07/2009 12:36 PM, Werner Koch wrote:
> Unfortunately this is hard to implement because --version is processed
> by the option parser internally and I doubt that it makes sense to
> change this to display more information.  --version displays the build
> in algorithms; thus even the option --disable-cipher-algo has no effect.


really?  it works for me on a debian testing system:

>> 0 dkg at pip:~$ diff -u <(gpg --version) <(gpg --disable-cipher-algo CAST5 --version)
>> --- /dev/fd/63	2009-05-07 13:00:29.744655397 -0400
>> +++ /dev/fd/62	2009-05-07 13:00:29.752652274 -0400
>> @@ -7,6 +7,6 @@
>>  Home: ~/.gnupg
>>  Supported algorithms:
>>  Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
>> -Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
>> +Cipher: 3DES, BLOWFISH, AES, AES192, AES256, TWOFISH
>>  Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
>>  Compression: Uncompressed, ZIP, ZLIB, BZIP2
>> 1 dkg at pip:~$ diff -u <(gpg2 --version) <(gpg2 --disable-cipher-algo CAST5 --version)
>> --- /dev/fd/63	2009-05-07 13:01:00.184650141 -0400
>> +++ /dev/fd/62	2009-05-07 13:01:00.184650141 -0400
>> @@ -8,6 +8,6 @@
>>  Home: ~/.gnupg
>>  Supported algorithms:
>>  Pubkey: RSA, ELG, DSA
>> -Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
>> +Cipher: 3DES, BLOWFISH, AES, AES192, AES256, TWOFISH
>>  Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
>>  Compression: Uncompressed, ZIP, ZLIB, BZIP2
>> 1 dkg at pip:~$ 

it seems to work if i set it in gpg.conf too.

> The prober way to get the current configuration is to read gpg.conf or
> to use gpgconf along with a GUI tool.  There are just to many setting in
> gpg to show them all.  We would need to add extra code to show them and
> we will for sure encounter bugs in that the option setting is not
> displayed properly.

what about including it in the output of --list-config?  (personally,
i'd like to see it in both --list-config and --version)

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090507/611d7803/attachment.pgp>


More information about the Gnupg-devel mailing list