Use other hash than SHA-1

David Shaw dshaw at
Sat May 2 15:45:11 CEST 2009

On May 2, 2009, at 6:25 AM, Simon Ruderich wrote:

> I would like to use a different hash than SHA-1. I tried setting
> personal-digest-preferences SHA256 in my gpg.conf but it didn't
> work. What hash can I use with my key (default DSA/Elgamel key)
> and how?

The short answer is that you can only use a 160-bit hash with your  
default DSA key.  That means SHA-1 or RIPEMD/160.  There is a feature  
you can enable (--enable-dsa2) that will allow you to use a bigger  
hash -- but you can still only use 160 bits worth of it.  So if you  
use SHA-256, you're actually only taking 160 bits worth of it and  
discarding the rest.

To truly use all of a larger hash, you need to either use a RSA key or  
a large (not default) DSA key (i.e. generated with --enable-dsa2  
switched on, and a larger size than 1024 bits selected).


More information about the Gnupg-users mailing list