Displaying signature algorithms when doing --check-sigs, disabling algorithms for web of trust.

zirconium zirconiumnzinc at gmail.com
Sun May 1 13:54:40 CEST 2011


Is there a way to display hash algorithms along with public key
algoritms (and its lenght) of signatures when issuing "--check-sigs"
(or check in the "--edit-key" shell)?

I also would like to know if there is a way to force that GPG will not
accept signatures made with a certain hash or public key algorithms,
when calculating validity of keys trough web of trust?  In the case of
public key it should be possible to specify key length.

I didnt have luck finding answers to my questions in documentation,
only a partial solution to my second question:

There is an option "disable-pubkey-algo" that will totally disable
choosen public key algoritm, however it only works after doing
--check-trustdb with that option, otherwise it still accepts key
signatures (certifications) made with disabled algorithm, as a valid
signatures (for example when calculating key validity, or when doing
"--check-sigs"). It can create problems when changing from
"trust-model pgp" to "trust-model direct", beacuse as GPG says, there
is "no need for a trustdb check with `direct' trust model". But is
that really true that that there is no need for trustdb check? Im not
sure, but GPG doesnt allow that.

So while "disable-pubkey-algo" can be used to disable signatures made
with certain public key algorithm when calculating validity of keys
trough web of trust, there is no way to specify key length. Also there
is no such option for hash algorithms. No "disable-hash-algo" or
"disable-cert-digest-algo" or anything like that.

Could you point me to specific portions of documentation?
Thanks for help

More information about the Gnupg-users mailing list