Choice of signing hash.
shavital at mac.com
Wed Jul 8 08:30:37 CEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
thank you David and Robert for your clarifications about the nature of
hashes SHA224 and SHA256, and your recommendation of the syntax that
should be used in gpg.conf.
I have commented digest-algo and added personal-digest-preferences
SHA256, and tested it from TB+Enigmail and GPGMail.
I should have paid more attention to man gpg:
- --personal-digest-preferences string
Set the list of personal digest preferences to string, this list
should be a string similar to the one printed by the command
"pref" in the edit menu. This allows the user to factor in their
own preferred algorithms when algorithms are chosen via recipi-
ent key preferences. The most highly ranked digest algorithm in
this list is algo used when signing without encryption (e.g.
- --clearsign or --sign). The default value is SHA-1.
- --digest-algo name
Use name as the message digest algorithm. Running the program
with the command --version yields a list of supported algo-
rithms. In general, you do not want to use this option as it
allows you to violate the OpenPGP standard. --personal-digest-
preferences is the safe way to accomplish the same thing.
By November 2005, I was instructed by someone in this list how to add a
sign-only subkey of 2048 bits. It had to be a RSA subkey, because at the
moment DSA2 was not yet available.
That's the signing subkey I have been using since then.
Thanks again for the information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users