"SHA1 Protection" from way to see what cipher/algo was used to create your key?

Sam Smith smickson at hotmail.com
Thu Jun 21 15:00:04 CEST 2012 

when running the command: gpg --list-packets <keyname.asc>

there is an outputted line that reads:  "SHA1 protection"

I did some looking online and saw that this line stays even when people change their hash algorithm to something else (like SHA2).

If the "SHA1 protection" is not indicating the use of SHA1 hash, what is it communicating? If a SHA2 hash is being used to mangle the passphrase of the secret key being stored on the disk, why is the line "SHA1 protection" being shown?



> Date: Tue, 19 Jun 2012 13:50:47 -0400
> To: gnupg-users at gnupg.org
> Subject: way to see what cipher/algo was used to create your key?
> From: vedaal at nym.hush.com
> 
> Sam Smith smickson at hotmail.com wrote on:
> Tue Jun 19 01:30:44 CEST 2012 
> 
> >a way to learn what cipher & hash was used to create the secret 
> key? 
> 
> 
> export your secret key as seckey.asc
> then do gpg --list-packets seckey.asc
> 
> 
> here is an example of one of mine:
> 
> V:\z\>gpg --list-packets v:\seckey.asc
> gpg: armor: BEGIN PGP PRIVATE KEY BLOCK
> gpg: armor header: Version: GnuPG v1.4.12 (MingW32) 
> gpg: armor header: Comment: Acts of Kindness better the World, and 
> protect the Soul
> :secret key packet:
>         version 4, algo 1, created 1201031494, expires 0
>         skey[0]: [4096 bits]
>         skey[1]: [17 bits]
>         iter+salt S2K, algo: 10, SHA1 protection, hash: 8, salt: 
> 
> 'version 4'  describes the key-version 
> (all current gnupg keys are v4, older keys from pgp were v3,  maybe 
> when elliptic curve crypto gets done, there might be a v5 ;-) )
> 
> 'algo 1' describes the 'type' of key (RSA, ELG, DSA, etc.) and the 
> 1
> refers to RSA
> 
> the line beginning 'iter+salt' describes the algorithm used to 
> encrypt the secret key, and the hash used.
> 
> 'algo: 10' is Twofish
> 'hash 8' is SHA256
> 
> (not the 'defaults')  
> your key will probably show 'algo: 9' (AES256) and 'hash: 2' (SHA1)
> 
> 
> (btw, Should a listing explaining these things be in the FAQ ? )
> 
> 
> vedaal
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120621/4ab2364a/attachment.htm>

More information about the Gnupg-users mailing list