SHA2 digest on gpg smartcard
Laurent Jumet
laurent.jumet at skynet.be
Wed Feb 24 18:40:29 CET 2010
Hello Laurent !
Laurent Bigonville <l.bigonville at edpnet.be> wrote:
>> I've have a OpenGPG smartcard version 2.0 and I would generate digests
>> stronger than SHA1.
>>
>> I've added "personal-digest-preferences SHA256" to my gpg.conf file,
>> but when I sign a message the headers still uses SHA1. If I force with
>> --digest-algo (which is not recommended according to the doc) to
>> SHA256 it works and I'm able to verify the signat ure.
>>
>> I've opened a bug[1], but I was told that it was not a bug.
>> Then could someone enlighten me about the reasons of this?
In GPG.conf, you may put *your* preferences that will be confronted to those in the receipient key.
I suppose the receipient you are encrypting to, doesn't support higher schemes. This is an opinion.
I've this in my gpg.conf but don't forget you need to save your key after new settings and upload it to servers:
default-preference-list S7 S11 S12 S13 S1 S10 S3 S4 S2 S9 S8 H3 H8 H9 H10 H11 H2 H1 Z1 Z2 Z3 Z0
personal-cipher-preferences S7 S11 S12 S13 S1 S10 S3 S4 S2 S9 S8
personal-digest-preferences H3 H8 H9 H10 H11 H2 H1
personal-compress-preferences Z1 Z2 Z3 Z0
To set the preferences, this can help (use H8 for SHA256):
??????????????????????????????????????????????????????????
? Cipher-Algos: ? Digest-Algos: ? Compress-Algos: ?
??????????????????????????????????????????????????????????
? ? ? Z0 Uncompressed ?
? S1 IDEA ? H1 MD5 ? Z1 ZIP ?
? S2 3DES ? H2 SHA1 ? Z2 ZLIB ?
? S3 CAST5 ? H3 RIPEMD160 ? Z3 BZIP2 ?
? S4 BLOWFISH ? ? ?
? ? ? ?
? ? ? ?
? S7 AES ? ? ?
? S8 AES192 ? H8 SHA256 ? ?
? S9 AES256 ? H9 SHA384 ? ?
? S10 TWOFISH ? H10 SHA512 ? ?
? S11 CAMELLIA128 ? H11 SHA224 ? ?
? S12 CAMELLIA192 ? ? ?
? S13 CAMELLIA256 ? ? ?
??????????????????????????????????????????????????????????
--
Laurent Jumet
KeyID: 0xCFAF704C
More information about the Gnupg-users
mailing list