--digest-algo ignored on gnupg-1.4.9?

freejack at is-not-my.name freejack at is-not-my.name
Fri Jan 7 03:21:01 CET 2011

Hi David,

> --digest-algo specifies the digest for making signatures.  It is not
>   related to symmetric-only ("-c") encryption, where the digest is used as
>   part of the S2K to mangle your passphrase into a symmetric key.  You
>   want the --s2k-digest-algo option.  As the documentation says: 
>       --s2k-digest-algo name
>               Use name as the digest algorithm used to mangle the
>   passphrases. 

I misunderstood, thanks for clearing it up. Maybe this is what Vedaal was
saying as well.

>               The default algorithm is SHA-1.
> Incidentally, RIPEMD/160 is not being used:

It was in a prior example, but that's not really the issue so much as my
--digest-algo wasn't affecting anything. Now I know why.

> > :symkey enc packet: version 4, cipher 2, s2k 3, hash 2
> > 	salt b3a9a45872132be3, count 65536 (96)
> hash 2 is SHA-1, which is the proper default for --s2k-digest-algo.
> RIPEMD/160 is hash 3. 

Yes, understood.

> David

Thanks very much David and Robert and Vedaal. I'll verify this tomorrow. At
this point sorry for the false alarm and wasting your time. Off to work for
me now. Cheers guys!

More information about the Gnupg-users mailing list