SHA2 compatibility

Qed qed at
Sat May 27 22:02:15 CEST 2006

I was investigating the possibility to use a RSA master key with SHA256
or SHA512 as certification digest algorithm.
The problem is, as usual, compatibility.

I don't know anything about the diffusion of the various PGP versions
and their capabilities.

I've found a PGP compatibility table, written by Eric L. Howes, where
PGP 8.0 is reported to support none of SHA2 hashes, but it is quite
outdated(latest GnuPG version reported is 1.2.1).

David Shaw in a recent message <20060526161325.GC19437 at>
about DSA2 said:
> 3) Allowing truncation of a bigger hash to fit into the however many
>    bits the key allows.
> As far as I can tell at the moment, PGP 8 allows only #3.  That is,
> if you have a regular DSA key (1024 bits, 160-bit hash), you can use
> a larger hash like SHA-256 with it.  Of course, you still only get
> 160 bits of strength (you just can't fit 256 bits into a 160 bit
> field).

gpg manpage says about --pgp8 option:
> Set up all options to be as PGP 8 compliant as posssible.
> PGP 8 is a lot closer to the OpenPGP  standard  than  previous
> versions  of PGP, so all this does is disable --throw-keyids
> and  set  --escape-from-lines.
> All algorithms are allowed except for the SHA384 and SHA512 digests.
A quick look at the source code confirms that --pgp8 allows SHA256 but
not SHA[224|384|512].

Any definitive response about PGP 8.0 *real* capabilities?

Additional considerations/advices/warnings?


ICQ UIN: 301825501
OpenPGP key ID: 0x58D14EB3
Key fingerprint: 00B9 3E17 630F F2A7 FF96  DA6B AEE0 EC27 58D1 4EB3
Check fingerprints before trusting a key!

More information about the Gnupg-users mailing list