Which Digest Algorithm to use?

David Shaw dshaw at jabberwocky.com
Tue Mar 7 00:54:49 CET 2006


On Mon, Mar 06, 2006 at 02:32:53PM +0100, Olaf Gellert wrote:
> David Shaw wrote:
> >> I do have some old PGP-2 keys (that are pretty well
> >> connected in the WebOfTrust). I understand that PGP2
> >> keys use MD5 as default hash algorithm and they do
> >> not contain any fields to store adapted preferences.
> >> But I still can use "--digest-algorithm" to create
> >> SHA1 or SHA256 signatures. But what are the implications
> >> of this? I guess GPG will successfully validate these
> >> signatures. PGP2 will certainly not. What about PGP 6,
> >> 7, 8, ...?
> > 
> > There is a misunderstanding here.  PGP 2 keys don't use MD5 as a
> > default hash algorithm.  They act just like any other key - they use
> > the prefs on the *recipient* keys, filtered through
> > personal-digest-prefs, and if all else fails, use SHA-1.
> 
> Well, it seems to be like this:
> 
> When I sign a PGP-2 key (which has no preferences)
> with my own PGP2-key, MD5 is the default hash algorithm
> (which makes some sense because PGP2 will probably not
> be able to validate signatures based on other algorithms).
> 
> When I sign a PGP2 key with a newer key (DSA), it
> would be SHA1 (even though the recipient will probably
> not be able to validate this with his PGP2 program).
> 
> Correct?

I was talking about signing data, and you were talking about signing
keys.  Your understanding is correct.  Unless some option is used to
change things, the default behavior is to use SHA-1 except in the one
specific case of signing a PGP 2.x key with another PGP 2.x key.  This
case uses MD5.

This is done to avoid breaking the PGP 2.x key, as modern signatures
will render it unusable in PGP 2.x.

David



More information about the Gnupg-users mailing list