Generating a new key

David Shaw dshaw at jabberwocky.com
Sun Mar 21 05:10:17 CET 2010 

On Mar 20, 2010, at 11:40 PM, Faramir wrote:

>  Another thing to consider, is SHA is not as safe as it used to be, and
> it it becomes easily crackeable, signatures issued using SHA can become
> unsafe. So maybe you'd like to use SHA-256 instead of SHA-128. If I'm
> not wrong, you would need to add the following lines to your gpg.conf
> file, before generating your key:
> s2k-digest-algo SHA256
> cert-digest-algo SHA256
> 
> The first line tells gnupg to use SHA-256 instead of SHA-1 to mangle the
> passphrases. I don't really know what is that mangling thing, but if the
> idea is to replace SHA-1 with SHA-256, it can be useful. (I have a bad
> feeling about telling other people to use that line).

It's what GnuPG uses (in combination with a few other things) to convert your typeable-by-a-human passphrase into the symmetric key used to encrypt the secret key: S2K stands for "String to Key".  It's okay to use SHA-256 here, but note that it means you might have problems moving your secret key to a different program that doesn't support SHA-256.  There aren't a vast number of current programs that don't support SHA-256 these days, but there are some pretty old installations out there.

Incidentally, you don't have to set s2k-digest-algo before you generate your key.  If you want to "upgrade" an existing key passphrase so it is mangled via SHA-256, just set the s2k-digest-algo and change the passphrase (you can even change it to what it is currently set to - it's the change at all that causes the passphrase to be remangled).

A somewhat larger risk here is that the s2k-digest-algo also applies to symmetrically encrypted data (i.e. gpg --symmetric).  You need to make sure your recipient can handle it before using it.

> The second line tells gnupg to use SHA-256 instead of SHA-1 for signing
> other keys.

And also your own key (in the self-signatures that contain the preferences and other key items).

> But beware, older implementations of PGP maybe won't be able to read
> SHA-256 (but probably, these implementations are outdated).

Yes, they are outdated, but they do exist.  How common they are depends on your community.  If you're talking about the open-source community or people on this list, for example, I'd be surprised to see more than a small number.  If you're talking about code that was installed a while back, then you'd likely see more that can't handle it.

David

More information about the Gnupg-users mailing list