SHA2 in OpenPGP cards?

Simon Josefsson simon at josefsson.org
Mon Oct 5 08:52:48 CEST 2009


Werner Koch <wk at gnupg.org> writes:

> On Tue, 29 Sep 2009 09:46, simon at josefsson.org said:
>> Hi!  Before I spend time testing it, can the OpenPGP card support
>> RSA-SHA2 signatures?
>
> The v2 cards support any hash agorithm as long as they fit into pkcs#1.

When I attempt to generate a new key on the card with this in my
~/.gnupg/gpg.conf:

personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

I get this error:

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: checking created signature failed: Bad signature
gpg: signing failed: Bad signature
gpg: make_keysig_packet failed: Bad signature
Key generation failed: Bad signature

When I comment out the three lines above, it worked fine.  Any ideas?

GnuPG 2.0.13 from Debian.

/Simon



More information about the Gnupg-users mailing list