"SHA1 Protection" from way to see what cipher/algo was used to create your key?

David Shaw dshaw at jabberwocky.com
Thu Jun 21 15:15:24 CEST 2012

On Jun 21, 2012, at 9:00 AM, Sam Smith wrote:

> when running the command: gpg --list-packets <keyname.asc>
> there is an outputted line that reads:  "SHA1 protection"
> I did some looking online and saw that this line stays even when people change their hash algorithm to something else (like SHA2).
> If the "SHA1 protection" is not indicating the use of SHA1 hash, what is it communicating? If a SHA2 hash is being used to mangle the passphrase of the secret key being stored on the disk, why is the line "SHA1 protection" being shown?

It means that the secret key is has (in addition to the passphrase) an internal SHA-1 hash to detect tampering.  It's basically a large checksum, used to foil attacks that involve modifying the secret key.  It's not related to the hash algorithm you use when signing things.


More information about the Gnupg-users mailing list