restrict the set of accepted digest algorithms
hw42 at ipsumj.de
Tue Feb 10 17:09:48 CET 2015
> Am Di 10.02.2015, 03:45:31 schrieb HW42:
>> is there an option to restrict the set of "accepted" (see below) set
>> of digest algorithms (after searching the man page I don't think so)?
> That is not possible (in the general case and the one you are interested
> in) because the standard required SHA-1 to be accepted.
So you have a policy to not include options which can violate the
> But, of course, you are not required to use the exit code for a
> decision. Run
> gpg -v --status-fd 1 --verify
> and check the output for a line starting with "[GNUPG:] VALIDSIG". It if
> appears then the seventh field after VALIDSIG is the digest algo number.
> Check that against your set.
I'm aware of this possibility. It just require much more work than to
add a cmdline parameter (or set an option in gpg.conf) for the software
using GnuPG. Especially if I want to check certification chains.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel