restrict the set of accepted digest algorithms

HW42 hw42 at
Tue Feb 10 17:09:48 CET 2015

Hauke Laging:
> Am Di 10.02.2015, 03:45:31 schrieb HW42:
>> is there an option to restrict the set of "accepted" (see below) set
>> of digest algorithms (after searching the man page I don't think so)?
> That is not possible (in the general case and the one you are interested 
> in) because the standard required SHA-1 to be accepted.

So you have a policy to not include options which can violate the
OpenPGP standard?

> But, of course, you are not required to use the exit code for a 
> decision. Run
> gpg -v --status-fd 1 --verify
> and check the output for a line starting with "[GNUPG:] VALIDSIG". It if 
> appears then the seventh field after VALIDSIG is the digest algo number. 
> Check that against your set.

I'm aware of this possibility. It just require much more work than to
add a cmdline parameter (or set an option in gpg.conf) for the software
using GnuPG. Especially if I want to check certification chains.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150210/c8e633ea/attachment-0001.sig>

More information about the Gnupg-devel mailing list