commands for gpg keychain access

Charly Avital shavital at
Mon Apr 16 06:49:23 CEST 2007

Stoddard Richard wrote the following on 4/16/07 3:43 AM:
> Thanks for the help. Another question, however. I would have liked to  
> have not used SHA1 hash, but that was the only option I saw when  
> creating my key. Will I be able to change the hash on this key or  
> will I need to create a new one? Folks on this list helped me through  
> this when I was on Windows, and now I need help with the Apple. (BTW  
> - no regrets having switched.)
> --
> Thanks again,
> Rick

Welcome to the Mac!

Your key:
pub  1024D/9D157C31  created: 2007-04-15  expires: never       usage: SCA
                     trust: unknown       validity: unknown
sub  4096g/3A4E1AB7  created: 2007-04-15  expires: never       usage: E
[ unknown] (1). Richard Stoddard <richardstoddard at>

shows that the primary key, the one you use for signing, is 1024 bits,
and as far as I can remember, one needs at least 2048 bits.

But the good news (I think) is that it is a DSA key, and if you are
running gpg 1.4.*, you could enable the following two options in your
gpg.conf file:
digest-algo     SHA256 (if you want to use SHA256)

For this, you have to edit the contents of your gpg.conf file.
I understand you are using GPG Keychain Access. Open its Preferences...,
that are also accessible from the Apple Menu/System Preferences/GnuPG icon.

Click the + round button at the bottom of the GnuPG window, and add:
enable-dsa2, hit Return.
Click again the same button, and add, in two fields:
digest-algo       and to the value field (at the right of the previous
field:  SHA256.
Hit Return

You can also, in that same GnuPG (System Preferences) window, go to
'Expert', hit the 'Reveal in Finder' button, that will make visible and
graphically accessible the contents of /.gnupg (the gpg home directory).
Click the gpg.conf file, open it with a text editor (you have TextEdit
in your operating system) and add the two separate lines:
digest-algo SHA256

By the way, you will see in the contents of that gpg.conf many lines
that are preceded by #, which means that whatever follows # is not
enabled, only "commented".

Hope this is not too confusing...


Your signature verifies fine.

More information about the Gnupg-users mailing list