Changing signature algorithms

David Picón Álvarez eleuteri@myrealbox.com
Thu Oct 17 04:47:02 2002


--fMYhz1fZ.5XiMkIG0nnxfhpcRy8C.PaU
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi,


> I'm using GPG version 1.0.7 (stock), which is capable of the following
> algorithms:
>
>   Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
>   Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
>   Hash: MD5, SHA1, RIPEMD160

There's a gnupg 1.2 if you're interested, and 1.2.1 is going to be released
soon.

> My problem is that I can't find the switch to create a non-SHA1 hash.
> I want to sign using MD5 or RipeMD160.

--digest-algo

> Another problem is that with the --cipher-algo switch, I cannot change
> the algorithm used to encrypt the hash on my signature.  In fact, this
> switch won't even let me select the default DSA algorithm.

I don't understand what you mean by that. Sorry.

> I'm guessing that the answer to my second question is that the
> algorithm used to encrypt the hash is determined by my key.  Is that
> correct?  If so, then what is the --cipher-algo switch used for?

The --cypher-algo is used to choose the asymmetric algorithm you use when
you encrypt something to other people.

> Then I tried to generate an RSA key, and was told it could only be
> used to sign messages.  Why can't it be used for encryption?  To
> confuse things, I ran a 'showpref' on the key, and it did not list any
> asymmetric ciphers, not even RSA; but it did list symmetric ciphers:
> AES, CAST5, 3DES.  How are these ciphers used with a key that can only
> sign?  My understanding of a signature is that the hash is encrypted
> with an asymmetric key, not a symmetric key.

The symmetric cyphers are not listed because they're obvious. If your key is
RSA it's going to use RSA. There's nothing to do about that. The preferred
cyphers on a sign-only key don't mean much. However, you can add a RSA
encryption subkey to your RSA sign-only key and thus use RSA for everything
with no problem whatsoever.


Hope this helps,
--David.



--fMYhz1fZ.5XiMkIG0nnxfhpcRy8C.PaU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----

iQQXAwUAPa4lqYVy4iYQ9LKqFAKQzxAAnhzZzp24I7zFaQSHlYTHehPDhIYecM+u
10Lm0HvPAyHkqNUy59BtMB+j+kbshsKO0yeIxz22BT+S9K9EX2Or4JVHAal2R/SY
1pMzlKdPq7fbIWOzd9T7YVGuSD5pXfJJx4QBbi+Vq7BLGUUqgky7g2VonI2+Cyv6
yq0RI4Kb5b41d7rtReZvySJCCwecgupr2RMq8ceRtyiKRSyKOCLsBnL/yEX0Tnjv
bt5aAvAW/9mJiCxfQ1ve360pawtQVR56qOZ7F8M0Fy9MKslCfT0mCon4Ki8bcQfJ
Xo+tylT2bQQll6F5xktMri1DnCmVEprFrH+/o1Y5oCZCIoqQHB2e8NRlYPEzBZd3
n9uDS6lrGmVxIqsNpRxxqicrM5xajDnIDN/AW3/h1dS7UF2+6xAGyAF/FAPGjDDi
ZzbfRMPdfKjJw1pm4LirNmtlUfzcrBFwHlV0iYrUgmRYVTKLY8LdXrP1gGzLF4tQ
vsoRCI469W8XGWA24mxNrOhTh97jYPQsNnNOG0814Hab4ZusgYmxGVQhLceg5wyE
HI/mtH1Qf6GJzgBJTp6futCb98Y6owNfJlsS+upnsvHZIBpOhcYSjNZAd1iU/uFb
zhiKGjcjDkjJhdNmNOhe5xcFBYJPZSvszOrbj75OF4ez9O9gtqN0iVzIkZmakQKB
3a8IJ8WCiRYP/jYXWlZue221RFLR+tfozNsUT7uxaSCHUWbFw3ieBibBO60eeTw6
h78+NLE5mPUnXvxD9OVW8KFVV3eKThyp/P2RoJWvtvSFb/JqMWrbzGKQ1qnGJM1W
Ss2HPS3PjBdZRySMHV4HJYWyUoFjNOpcdEXUOi1mO+ktL9/O7Fr2Zi8Lbc2faaBs
YCCyBTKLIH41814nXzxu2rDF2+BpFfw2x3trNM22wFjTh/6L18WJV/zCJHcecFu4
aMnOTGseV3dyj69mQLiPyPgzBjFMZ68heZs5V20iHEFaf8GjVzSzMmNznJyXxOkN
lDxZYBiFklwql3nUlkCRQkbsYEako86/wYU+d35zX1GF2WYtGw4DS7ZLEmgPexx5
qhuyEEbx4ftyfDrxXBTtiEQO9bf3QJAefNbHEXa/zWU8LbZorWAHF1xvv8dit8lr
Zb5pxNOMx9AE9B54VormDdwpiQ5xcRBqeuWLyJ97Xwyn0/wLRPoemzkaYUdTyN6w
2vDmUH+tKy6sKga1LGFWmDaR19HKToiAOjklJ7NttE5WMM95HH9afmz/7RSz/Txt
CZ0x+VzNrvxJYvzKffGFrmGQ6kfR0NGx7z2zLqx/SRqAWks6kTaYJKL/5Bd2TgGi
JJiZIVO34x2qQ82Vt7b7oFh39TuZCuz9nKNP0kD20UfOZSi1bbat29Qg
=KcDI
-----END PGP SIGNATURE-----

--fMYhz1fZ.5XiMkIG0nnxfhpcRy8C.PaU--