SHA2 compatibility

David Shaw dshaw at
Sun May 28 00:03:27 CEST 2006

On Sat, May 27, 2006 at 10:02:15PM +0200, Qed wrote:
> I was investigating the possibility to use a RSA master key with SHA256
> or SHA512 as certification digest algorithm.
> The problem is, as usual, compatibility.
> I don't know anything about the diffusion of the various PGP versions
> and their capabilities.
> I've found a PGP compatibility table, written by Eric L. Howes, where
> PGP 8.0 is reported to support none of SHA2 hashes, but it is quite
> outdated(latest GnuPG version reported is 1.2.1).
> David Shaw in a recent message <20060526161325.GC19437 at>
> about DSA2 said:
> > 3) Allowing truncation of a bigger hash to fit into the however many
> >    bits the key allows.
> >
> > As far as I can tell at the moment, PGP 8 allows only #3.  That is,
> > if you have a regular DSA key (1024 bits, 160-bit hash), you can use
> > a larger hash like SHA-256 with it.  Of course, you still only get
> > 160 bits of strength (you just can't fit 256 bits into a 160 bit
> > field).

This is a true statement, but not relevant to your question.  I was
discussing DSA keys, and you're asking about RSA.  You can use any
hash with RSA that you like.  There are no restrictions in size or
otherwise.  The only thing you have to worry about is whether your
recipient can handle that hash or not.

> A quick look at the source code confirms that --pgp8 allows SHA256 but
> not SHA[224|384|512].
> Any definitive response about PGP 8.0 *real* capabilities?

Exactly what --pgp8 allows.  SHA256 alone.


More information about the Gnupg-users mailing list