[gnupg-users] Preferred hash algorithm when signing
Robert J. Hansen
rjh at sixdemonbag.org
Tue Aug 21 18:35:25 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 8/21/12 12:26 PM, Laurent Jumet wrote:
> It primary depends on the lenghth of the main (signing) key. If
> main key is 1024, he cannot sign with SHA256; he can sign with a
> RIPEMD160 but not higher, and other preferences are ignored.
Yes and no.
DSA-1024 requires the use of a 160-bit hash. If the --enable-dsa2
flag is set, he will be able to sign with any hash he likes: it will
just be silently truncated to 160 bits. Otherwise, yes, the choices
are SHA-1 and RIPEMD-160.
DSA-2048 requires the use of at least a 224-bit hash.
DSA-3072 requires the use of at least a 256-bit hash.
RSA has no requirements on hash length.
-----BEGIN PGP SIGNATURE-----
iFYEAREIAAYFAlAzuM0ACgkQI4Br5da5jhCBgADcDY7/P02Q/njE1WF6NGNMdfpV
/eXyzaWEC3rl1ADeLc9oS7Oi/akAOuqP0EriL+c3U9DuOOJaWFvzWw==
=mENf
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list