why is SHA1 used? How do I get SHA256 to be used?
David Shaw
dshaw at jabberwocky.com
Tue Jul 10 17:18:29 CEST 2012
On Jul 10, 2012, at 10:39 AM, Laurent Jumet wrote:
> Hauke Laging <mailinglisten at hauke-laging.de> wrote:
>
>> As Rob already mentioned: You need --personal-digest-preferences (which is
>> just personal-digest-preferences in the config file). You put your favourite
>> first, e.g.:
>
>> personal-digest-preferences SHA256,RIPEMD160,SHA1
>
> Do you succeed in having a SHA256 hash with this statement?
> How can I explain that I have RIPEMD160 instead?
Your key is a 1024-bit DSA key. That key can only use a 160-bit hash, so you can use either RIPEMD160 or SHA-1. The rules for hash choice in DSA were relaxed a bit later, to allow for a 160-bit hash *or* a larger hash truncated to fit. To enable that, you can use "--enable-dsa2", and you should be able to get SHA256 - but note it's SHA256 truncated down to 160 bits. You can't use more than 160 bits without a larger DSA key.
David
More information about the Gnupg-users
mailing list