why is SHA1 used? How do I get SHA256 to be used?
Laurent Jumet
laurent.jumet at skynet.be
Tue Jul 10 00:18:09 CEST 2012
Hello Sam !
Sam Smith <smickson at hotmail.com> wrote:
> Here's the result of ShowPRef for my key:
> Cipher: AES256, AES192, AES, CAST5, 3DES
> Digest: SHA256, SHA1, SHA384, SHA512, SHA224
> Compression: ZLIB, BZIP2, ZIP, Uncompressed
> SHA1 is showing up second. So when I sign a message, why isn't SHA256 used?
> The headers on my emails appear to show SHA1 as the hash being used.
> I no longer consider SHA1 secure. Neither does the U.S. Government. So I
> don't want it to be the default hash being used.
> How do I get SHA256 to be the default hash used when I sign emails and
> encrypt them?
I think that by default, --gnupg is in use; --gnupg means --openpgp
This means strict OpenPGP behaviour: MD5, SHA1, RIPEMD160
Try using "--digest-algo SHA256" in the command line or GPG.CONF; may be you'll need to suppress "--personal-digest-preferences" from GPG.CONF (I don't know).
--
Laurent Jumet
KeyID: 0xCFAF704C
More information about the Gnupg-users
mailing list