multiple subkeys and key transition

Ben McGinnes ben at
Thu Dec 9 20:33:43 CET 2010

On 10/12/10 6:18 AM, Robert J. Hansen wrote:
> On 12/9/10 2:12 PM, Daniel Kahn Gillmor wrote:
>> But FIPS-186, as defined, only operates over 160-bit digests.  So longer
>> digest algorithms won't work with DSA1 keys.
> Not true.  Per the OpenPGP spec, it will simply truncate a longer digest
> down to 160 bits.

Well, I changed the prefs on my key to this:

[ultimate] (1). Ben McGinnes <ben at>
     Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES,
     Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5
     Compression: BZIP2, ZLIB, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify

Yet it still ignores everything which precedes RIPEMD160, presumably
because it's a DSA1 key and can't handle the SHA-2 digests.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101210/65b53636/attachment.pgp>

More information about the Gnupg-users mailing list