--digest-algo ignored on gnupg-1.4.9?

Robert J. Hansen rjh at sixdemonbag.org
Wed Jan 5 20:01:10 CET 2011

On 01/05/2011 01:37 PM, freejack at is-not-my.name wrote:
> Hi, it appears --digest-algo is ignored for symmetric encryption using gpg
> 1.4.9.

Using --digest-algo is pretty dangerous.  It's easy to create messages
your recipients can't parse.  --personal-digest-preferences is what you
want to use instead.

Anyway, I can't recreate this bug:

[rjh at localhost]$ gpg --list-packets test.asc
:symkey enc packet: version 4, cipher 2, s2k 3, hash 2
	salt 6cbb4c1e2c0fbae1, count 65536 (96)
gpg: 3DES encrypted data
:encrypted data packet:
	length: unknown
gpg: encrypted with 1 passphrase
:compressed packet: algo=1
:literal data packet:
	mode b (62), created 1294253512, name="test.txt",
	raw data: 2385 bytes
gpg: WARNING: message was not integrity protected

SHA-1 is used in the symmetric packet, as is expected.  See RFC4880,
section 5.13: "Symmetrically Encrypted Integrity Protected Data Packet":
SHA-1 is the only option for digest algorithms for this particular packet.

--digest-algo will let you determine which algorithm to use, whenever
there is a choice of which algorithm to use.  There is no choice here.

More information about the Gnupg-users mailing list