aaron.toponce at gmail.com
Thu Feb 24 14:48:49 CET 2011
On Thu, Feb 24, 2011 at 08:37:50PM +1100, Ben McGinnes wrote:
> On 24/02/11 8:03 PM, Doug Barton wrote:
> > You're using a 1024 bit DSA key, which won't allow for 256 bit
> > hashes. RIPEMD-160 is the largest you can use, and works well for
> > that kind of key.
Okay. That's understandable. That was why I generated a 2048-bit RSA
subkey, so I could take advantage of the SHA2 algorithms. For some
reason, I was thinking that with the update of GPG, my 1024-bit DSA key
now had access to them.
> Well, he can use SHA256 or SHA512, but like mine it will be truncated
> to 160 bits, as was explained to me on this list a couple of months ago.
> As I recall, I edited the key with setpref to this:
> Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES,
> CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA
> Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5
> Compression: BZIP2, ZLIB, ZIP, Uncompressed
> Features: MDC, Keyserver no-modify
> Then added this to gpg.conf:
> default-preference-list S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 H10 H9 H8
> H11 H3 H2 H1 Z3 Z2 Z1 Z0
> personal-cipher-preferences S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1
> personal-digest-preferences H10 H9 H8 H11 H3 H2 H1
> personal-compress-preferences Z3 Z2 Z1 Z0
I wanted to avoid breaking from default, which was the main reason for
my post, but it appears that it's not possible if I want to use the
stronger hashes, which is fine. As long as I know the limitations of my
keys, and don't force preferences when sending encrypted/signed mail to
others, I'm good.
> IDEA is only included because of one or two freaks I know who still
> use it. Oh and some ancient stuff I encrypted around fifteen years
> ago, but have yet to convert.
Yeah, no interest in IDEA here. :)
Thanks for your help.
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 527 bytes
Desc: Digital signature
More information about the Gnupg-users