why gpg use SHA1 instead of pref???

redstar cmzlwnql at trashmail.net
Thu Mar 22 12:12:26 CET 2007


Its question of why gpg use SHA1 hash encryption of message. For testing I send
message to self and pgpdump will show RIPEMD160 in hash of signing, its normal
expectation of my prefs. But for encryption its use of hash SHA1. Here is some

$ gpg --edit-key foo
gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Secret key is available.

pub  1024D/7645B413  created: 2007-03-08  expires: 2007-04-07  usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048g/2A031F9B  created: 2007-03-08  expires: 2007-04-07  usage: E   
sub  2048R/8C905961  created: 2007-03-08  expires: 2007-04-07  usage: S   
sub  2048R/D9C8767A  created: 2007-03-08  expires: 2007-04-07  usage: E   
[ultimate] (1). testing key <foo at bar.com>

Command> showpref
[ultimate] (1). testing key <foo at bar.com>
     Cipher: CAST5, 3DES, BLOWFISH, TWOFISH, AES256, AES192
     Digest: RIPEMD160, SHA512, SHA256, SHA384, SHA1, MD5
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify

Command> pref
[ultimate] (1). testing key <foo at bar.com>
     S3 S2 S4 S10 S9 S8 H3 H10 H8 H9 H2 H1 Z2 Z3 Z1 Z0 [mdc] [no-ks-modify]


$ pgpdump foomessage.gpg 
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
	New version(3)
	Key ID - 0xB1CAB8AFD9C8767A
	Pub alg - RSA Encrypt or Sign(pub 1)
	RSA m^e mod n(2048 bits) - ...
		-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted and MDC Packet(tag 18)(70 bytes)
	Ver 1
	Encrypted data [sym alg is specified in pub-key encrypted session key]
		(plain text + MDC SHA1(20 bytes))

What I must do for using RIPEMD160 hash of encryption??? Its normal because
encryption specifications requirements? Or its error of gpg?

Why he will use RSA encryption as other symmetric ciphers like CAST5, 3DES,
BLOWFISH,, in prefs, and, RSA its not in prefs list?

Sorry of bad enlish.!


More information about the Gnupg-users mailing list