Displaying signature algorithms when doing --check-sigs, disabling algorithms for web of trust.
Tomasz Wozowicz
zirconiumnzinc at gmail.com
Sat May 7 12:51:58 CEST 2011
On Sun, May 1, 2011 at 1:54 PM, zirconium <zirconiumnzinc at gmail.com> wrote:
> Hi
>
> Is there a way to display hash algorithms along with public key
> algoritms (and its lenght) of signatures when issuing "--check-sigs"
> (or check in the "--edit-key" shell)?
>
> I also would like to know if there is a way to force that GPG will not
> accept signatures made with a certain hash or public key algorithms,
> when calculating validity of keys trough web of trust? In the case of
> public key it should be possible to specify key length.
>
>
> I didnt have luck finding answers to my questions in documentation,
> only a partial solution to my second question:
>
> There is an option "disable-pubkey-algo" that will totally disable
> choosen public key algoritm, however it only works after doing
> --check-trustdb with that option, otherwise it still accepts key
> signatures (certifications) made with disabled algorithm, as a valid
> signatures (for example when calculating key validity, or when doing
> "--check-sigs"). It can create problems when changing from
> "trust-model pgp" to "trust-model direct", beacuse as GPG says, there
> is "no need for a trustdb check with `direct' trust model". But is
> that really true that that there is no need for trustdb check? Im not
> sure, but GPG doesnt allow that.
>
> So while "disable-pubkey-algo" can be used to disable signatures made
> with certain public key algorithm when calculating validity of keys
> trough web of trust, there is no way to specify key length. Also there
> is no such option for hash algorithms. No "disable-hash-algo" or
> "disable-cert-digest-algo" or anything like that.
>
>
>
> Could you point me to specific portions of documentation?
> Thanks for help
>
Anyone willing to help? Please answer. Thanks
More information about the Gnupg-users
mailing list