--digest-algo ignored on gnupg-1.4.9?
dshaw at jabberwocky.com
Fri Jan 7 00:23:53 CET 2011
On Jan 6, 2011, at 5:37 PM, freejack at is-not-my.name wrote:
>>> Sounds reasonable but then why is it using RIPEMD160? I tested with 3DES
>>> instead of IDEA and got the same thing. RIPEMD160 is being used, not
>>> SHA1. Thanks for looking at this.
>> Try sharing your gpg.conf file. The answer is probably found in there
> I'll do better than that. Here's a test with no .gnupg folder at all,
> starting from scratch.
> user:~$ gpg -c -ao test.asc --digest-algo sha512 --cipher-algo 3des test.txt
--digest-algo specifies the digest for making signatures. It is not related to symmetric-only ("-c") encryption, where the digest is used as part of the S2K to mangle your passphrase into a symmetric key. You want the --s2k-digest-algo option. As the documentation says:
Use name as the digest algorithm used to mangle the passphrases.
The default algorithm is SHA-1.
Incidentally, RIPEMD/160 is not being used:
> :symkey enc packet: version 4, cipher 2, s2k 3, hash 2
> salt b3a9a45872132be3, count 65536 (96)
hash 2 is SHA-1, which is the proper default for --s2k-digest-algo. RIPEMD/160 is hash 3.
More information about the Gnupg-users