gnupg 1.4.3 uses SHA1 when preferred Digest is SHA2

Jason Wittlin-Cohen jasonwc at
Sun Jun 11 22:46:37 CEST 2006

I was playing around with the gnupg command line options and I noticed
that whenever I signed or encrypted and signed a file, GPG would use
SHA1 rather than SHA256, which is the preferred digest for my primary key.

I confirmed that SHA256 was the preferred digest by using "gpg
--edit-key 2228BC8F" and then did "showpref" which outputted the
relevant line:

"Digest: SHA256, SHA384, SHA512, RIPEMD160, SHA1"

Yet, when I encrypt and sign a file with "gpg -esv blah.txt" I see:

"gpg: RSA/SHA1 signature from: "2228BC8F Jason Wittlin-Cohen
<jasonwc at>"

When I manually specify "gpg -esv --digest-algo SHA256 blah.txt" I see:

"gpg: RSA/SHA256 signature from: "2228BC8F Jason Wittlin-Cohen
<jasonwc at>"

I can also manually specify SHA384 or SHA512 and Enigmail will use
SHA256,384, or 512 as well, without complaints.

Any idea why GPG isn't using my preferred digest unless I manually
specify it? It does use my preferred cipher (AES-256).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 542 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060611/5ef3739a/signature.pgp

More information about the Gnupg-users mailing list