aaron.toponce at gmail.com
Thu Feb 24 22:28:43 CET 2011
On Thu, Feb 24, 2011 at 10:32:11AM -0500, Daniel Kahn Gillmor wrote:
> On 02/24/2011 04:03 AM, Doug Barton wrote:
> > You're using a 1024 bit DSA key, which won't allow for 256 bit hashes.
> > RIPEMD-160 is the largest you can use, and works well for that kind of key.
> This isn't actually the case. Aaron's primary key (0x8086060F) is
> indeed 1024-bit DSA, but his mail is signed with a 2048-bit RSA subkey
> (0xFC04088F), which is perfectly capable of using the stronger digests.
I just ran 'setpref' without any arguments, and it told me that SHA256
would be the default signing algorithm. So, when attempting at doing the
signatures, I found SHA1 was coming out.
In the past (and now future), I signed all my mail with SHA512, just
because I can. The message that started this thread, however, is signed
with SHA1, as I wanted to show what was happening (run 'gpg -v
--list-packets' on the sig). I didn't want to break from the defaults
that GnuPG provided.
Due to my 1024-bit DSA key, it appears that RIPEMD-160, SHA1 and MD5 are
my only options for signatures. So, with my 2048-bit RSA subkey, I can
use all the sHA2 hashes. I had just thought that with the recent update
of GnuPG, the SHA2 hashes were available to my DSA key as well.
No worries. I'll stick with the non-default prefs in my
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 527 bytes
Desc: Digital signature
More information about the Gnupg-users