Why are the signing digest orders in showpref not being used?

smu johnson smujohnson at gmail.com
Thu Sep 16 05:18:02 CEST 2010 

Dear GnuPG,

Have I found a bug?  My key pref says SHA256 should be chosen first, so why
does it use SHA1 instead when I encrypt for that key, and sign also with
that key?

If this is not a bug, what is the use of that preference order if it is just
being ignored in the most basic case?  I realize --digest-algo SHA256 would
do what I want, but I mean... I thought the order of digests in the public
key preferences was used to prevent me from having to do that.

===============
Proof of order:
===============

C:\tmp>gpg --edit-key smu
gpg (GnuPG) 1.4.10; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  4096R/6FB7BD3F  created: 2010-08-13  expires: 2020-08-10  usage: SC
                     trust: ultimate      validity: ultimate
sub  4096R/E316B6A8  created: 2010-08-13  expires: 2020-08-10  usage: E
[ultimate] (1). smu johnson <smujohnson at gmail.com>

Command> showpref
[ultimate] (1). smu johnson <smujohnson at gmail.com>
     Cipher: TWOFISH, CAMELLIA256, CAMELLIA192, CAMELLIA128, BLOWFISH,
CAST5, AES, 3DES
     Digest: SHA256, SHA1, SHA384, SHA512, SHA224
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify

Command>

===========================
Proof of using SHA1 instead
===========================

C:\tmp>echo piggy | gpg -a -se -r smu -u smu | gpg -v

You need a passphrase to unlock the secret key for
user: "smu johnson <smujohnson at gmail.com>"
4096-bit RSA key, ID 6FB7BD3F, created 2010-08-13

gpg: armor header: Version: GnuPG v1.4.10 (MingW32)
gpg: public key is E316B6A8
gpg: using subkey E316B6A8 instead of primary key 6FB7BD3F

You need a passphrase to unlock the secret key for
user: "smu johnson <smujohnson at gmail.com>"
gpg: using subkey E316B6A8 instead of primary key 6FB7BD3F
4096-bit RSA key, ID E316B6A8, created 2010-08-13 (main key ID 6FB7BD3F)

gpg: encrypted with 4096-bit RSA key, ID E316B6A8, created 2010-08-13
      "smu johnson <smujohnson at gmail.com>"
gpg: TWOFISH encrypted data
gpg: original file name=''
piggy
gpg: Signature made 09/15/10 20:08:02 using RSA key ID 6FB7BD3F
gpg: using PGP trust model
gpg: Good signature from "smu johnson <smujohnson at gmail.com>"
gpg: binary signature, digest algorithm SHA1


...there ya have it.  Thanks in advance to anyone reading.

-- 
smu johnson <smujohnson at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100915/f11e123c/attachment.htm>

More information about the Gnupg-devel mailing list