please change the default hashing algorithm

Ben McGinnes ben at
Tue Jul 14 19:47:45 CEST 2015

On 13/07/2015 7:41 pm, Andrew Clausen wrote:
> I tested it by making a test user account, and
> gpg --gen-key
> echo test > test.txt
> gpg --sign test.txt
> gpg -v < test.txt
> which gives:
> gpg: original file name='test.txt'
> test
> gpg: Signature made Mon 13 Jul 2015 10:16:53 BST using DSA key ID 73207F13
> gpg: using PGP trust model
> gpg: Good signature from "test test (test) <test at test>"
> gpg: binary signature, digest algorithm SHA1
> I had trouble building gpg-2.0.28 (gettext too old) and gpg-2.0.26
> (make didn't know how to build audit-event.h).  I can dig deeper if
> that helps, but my guess is that this is clear enough...

That can be fixed with the digest preferences.  If a key was generated
before the gpg.conf file was set with stronger digest preferences
first it will inherit the original settings with SHA1 as the preferred
digest.  Overriding that in gpg.conf before generating the key results
in new keys using the preference order specified in gpg.conf.

To change an existing key you need to edit that key and then use the
setpref command to reorder those preferences.  Don't forget to save
instead of just quitting when done.  The setpref command takes the
same input as the default-preference-list in gpg.conf.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150715/b89c7791/attachment.sig>

More information about the Gnupg-devel mailing list