SHA2 digest on gpg smartcard

David Shaw dshaw at
Wed Feb 24 19:25:17 CET 2010

On Feb 17, 2010, at 12:46 PM, Laurent Bigonville wrote:

> Hi,
> I've have a OpenGPG smartcard version 2.0 and I would generate digests
> stronger than SHA1.
> I've added "personal-digest-preferences SHA256" to my gpg.conf file,
> but when I sign a message the headers still uses SHA1. If I force with
> --digest-algo (which is not recommended according to the doc) to SHA256
> it works and I'm able to verify the signature.
> I've opened a bug[1], but I was told that it was not a bug.
> Then could someone enlighten me about the reasons of this?

I'm looking at this, and it seems the code that selects a hash does not currently differentiate between the V1 card (where only 160-bit hashes were usable) and the V2 card (where other hashes are possible).


More information about the Gnupg-users mailing list