Which Digest Algorithm to use?
Olaf Gellert
og at pre-secure.de
Mon Mar 6 14:32:53 CET 2006
David Shaw wrote:
>> I do have some old PGP-2 keys (that are pretty well
>> connected in the WebOfTrust). I understand that PGP2
>> keys use MD5 as default hash algorithm and they do
>> not contain any fields to store adapted preferences.
>> But I still can use "--digest-algorithm" to create
>> SHA1 or SHA256 signatures. But what are the implications
>> of this? I guess GPG will successfully validate these
>> signatures. PGP2 will certainly not. What about PGP 6,
>> 7, 8, ...?
>
> There is a misunderstanding here. PGP 2 keys don't use MD5 as a
> default hash algorithm. They act just like any other key - they use
> the prefs on the *recipient* keys, filtered through
> personal-digest-prefs, and if all else fails, use SHA-1.
Well, it seems to be like this:
When I sign a PGP-2 key (which has no preferences)
with my own PGP2-key, MD5 is the default hash algorithm
(which makes some sense because PGP2 will probably not
be able to validate signatures based on other algorithms).
When I sign a PGP2 key with a newer key (DSA), it
would be SHA1 (even though the recipient will probably
not be able to validate this with his PGP2 program).
Correct?
Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE og at pre-secure.de
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
More information about the Gnupg-users
mailing list