Selection of digest algorithm

Sven Radde email at
Thu Jan 29 11:58:42 CET 2009


David Shaw schrieb:
>> First, when sending a signed email from Evolution, SHA1 seems to be
>> chosen, no matter what "personal-digest-preferences" or even
>> "digest-algo" is set in the gpg.conf file (other parts of gpg.conf are
>> honored, however).
>> Is this a limitation of the PGP/MIME standard that Evolution uses?
> No.  OpenPGP/MIME can use any hash that OpenPGP can.  Possibly
> Evolution is overriding the gpg.conf setting for your hashes?
I looked into RFC 2015 and 3156, and they appear to restrict the allowed
values for the "micalg" parameter.
2015 defines "pgp-md5" and "pgp-sha1" as valid, whereas 3156 allows
"pgp-md5", "pgp-sha1", "pgp-ripemd160", "pgp-md2", "pgp-tiger192", and
So it would appear that Evolution uses RFC 2015, skipping the obsolete MD5.

Is there a GnuPG setting to find out more about the exact calls that
Evolution does? As I said, other parts of gpg.conf are honored and I do
not seem to be able to set some "debug-flag" within Evolution to log its
calls to gpg (which may be based on the fact that I'm by far no expert
with Evolution).

Is there some kind of "recommended" email application when it comes to
GnuPG support? Or, put differently, which ones are known for "good"
I have used Enigmail in the past but I was under the impression that its
integration was hampered by limitations of Thunderbird's plugin API.

Thanks (also @the others) for the info about the OpenPGP card. I found
the limitation to SHA1 and RIPEMD Bits in the v1.1 spec.

cu, Sven

More information about the Gnupg-users mailing list