--digest-algo ignored on gnupg-1.4.9?

David Shaw dshaw at jabberwocky.com
Fri Jan 7 00:23:53 CET 2011

On Jan 6, 2011, at 5:37 PM, freejack at is-not-my.name wrote:

>>> Sounds reasonable but then why is it using RIPEMD160? I tested with 3DES
>>> instead of IDEA and got the same thing. RIPEMD160 is being used, not
>>> SHA1. Thanks for looking at this.
>> Try sharing your gpg.conf file.  The answer is probably found in there
>> somewhere.
> I'll do better than that. Here's a test with no .gnupg folder at all,
> starting from scratch.
> user:~$ gpg -c -ao test.asc --digest-algo sha512 --cipher-algo 3des test.txt 

--digest-algo specifies the digest for making signatures.  It is not related to symmetric-only ("-c") encryption, where the digest is used as part of the S2K to mangle your passphrase into a symmetric key.  You want the --s2k-digest-algo option.  As the documentation says:

      --s2k-digest-algo name
              Use name as the digest algorithm used to mangle the passphrases.
              The default algorithm is SHA-1.

Incidentally, RIPEMD/160 is not being used:

> :symkey enc packet: version 4, cipher 2, s2k 3, hash 2
> 	salt b3a9a45872132be3, count 65536 (96)

hash 2 is SHA-1, which is the proper default for --s2k-digest-algo.  RIPEMD/160 is hash 3.


More information about the Gnupg-users mailing list