Changing signature algorithms
David Picón Álvarez
Thu Oct 17 04:47:02 2002
> I'm using GPG version 1.0.7 (stock), which is capable of the following
> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
> Hash: MD5, SHA1, RIPEMD160
There's a gnupg 1.2 if you're interested, and 1.2.1 is going to be released
> My problem is that I can't find the switch to create a non-SHA1 hash.
> I want to sign using MD5 or RipeMD160.
> Another problem is that with the --cipher-algo switch, I cannot change
> the algorithm used to encrypt the hash on my signature. In fact, this
> switch won't even let me select the default DSA algorithm.
I don't understand what you mean by that. Sorry.
> I'm guessing that the answer to my second question is that the
> algorithm used to encrypt the hash is determined by my key. Is that
> correct? If so, then what is the --cipher-algo switch used for?
The --cypher-algo is used to choose the asymmetric algorithm you use when
you encrypt something to other people.
> Then I tried to generate an RSA key, and was told it could only be
> used to sign messages. Why can't it be used for encryption? To
> confuse things, I ran a 'showpref' on the key, and it did not list any
> asymmetric ciphers, not even RSA; but it did list symmetric ciphers:
> AES, CAST5, 3DES. How are these ciphers used with a key that can only
> sign? My understanding of a signature is that the hash is encrypted
> with an asymmetric key, not a symmetric key.
The symmetric cyphers are not listed because they're obvious. If your key is
RSA it's going to use RSA. There's nothing to do about that. The preferred
cyphers on a sign-only key don't mean much. However, you can add a RSA
encryption subkey to your RSA sign-only key and thus use RSA for everything
with no problem whatsoever.
Hope this helps,
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----