Personal prefs (was Re: --group questions)

David Shaw dshaw@jabberwocky.com
Wed Nov 20 18:18:01 2002


On Wed, Nov 20, 2002 at 05:24:46PM +0100, Kai Raven wrote:
> Hello David,
> 
> On Wed, 20 Nov 2002 08:30:01 -0500 you wrote:
> 
> > Yes.  Putting cipher-algo or digest-algo in gpg.conf should really
> > only be used in very special circumstances.  The prefs functions let
> > you do the same thing, but in a safe manner that won't generate
> > messages that violate the recipients preferences.
> 
> Yes.
> 
> And another question or a discrepancy:
> If i set digest-algo RIPEMD160 in my gpg.conf, always RIPEMD160 is used.
> My preferences are: S10 S9 S8 S7 S1 S2 S4 H3 H2 Z2 Z1 [mdc]
> So i want, that RIPEMD160 is always used for signing a file or
> message (not a reply with encryption to a recipient). But if i delete
> digest-algo RIPDEMD160, SHA-1 is used - why? That isn't so with
> encryption. Without setting cipher-algo TWOFISH, TWOFISH is always used.
> So i have to set digest-algo RIPEMD160, but this would violate the
> preferences in the case of encrypting & signing to a recipient.

This is correct.  Preferences are only consulted when encrypting or
encrypt+signing.  When you are only signing, there is no "recipient"
to consult the preferences for, so none of the preference calculations
are invoked and the hash used is whatever --digest-algo is set to.

I see the problem though.  Perhaps it would be good to have
--digest-algo default to the most highly ranked
--personal-digest-preferences value instead of SHA1.  Then it would be
possible to put it into the gpg.conf file without running the risk of
using a hash that the recipient coult not use.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson