Should I set cert-digest-algo?

Daniel Kahn Gillmor dkg at
Tue Mar 16 15:38:58 CET 2010

On 03/16/2010 10:02 AM, Grant Olson wrote:
> A while ago I stumbled onto instructions to up my prefs to use a better
> hash than SHA1:

Hi Grant, i'm the author of that post.

> Today I was surfing around, and saw some relatively recent posts on the
> list that said setting "digest-algo" in gpg.conf was a Bad Idea(tm).  I
> didn't find any threads on setting "cert-digest-algo", but the manpage
> notes that this can cause interoperability issues.
> So is setting "cert-digest-algo SHA256" okay, or is it going to cause

I've used cert-digest-algo SHA512 (even more likely to cause interop
problems than SHA256) ever since i wrote that post, and i have gotten no
complaints at all about my certifications being unusable.

this may have something to do with who i interact with, though (mostly
other free software folks);  you might have a different experience if
you have contacts who are locked into ancient software for one reason or

I think that SHA256 should be pretty unobjectionable these days.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100316/ff413385/attachment.pgp>

More information about the Gnupg-users mailing list