RSA // OAEP // SHA-1

Michel Messerschmidt lists at
Wed Jan 30 20:40:25 CET 2013

On Tue, Jan 29, 2013 at 06:36:25PM -0600, John Clizbe wrote:
> vedaal at wrote:
> > if so, would this fall under the open-pgp RFC, or would it have to go through an
> > RSA standard first?
> RFC 4880 makes no mention of OAEP. RFC 4880 references RFC 3447 for details of
> RSA implementation.
> So, from what I can tell, RSA standard first, then OpenPGP by incorporating
> the new RSA standard. THEN, Gnupg.

Although it is the default, RFC 3447 is not restricted to SHA-1.
Appendix B actually states:
"For the RSAES-OAEP encryption scheme and EMSA-PSS encoding method, 
only SHA-1 and SHA-256/384/512 are recommended."

More information about the Gnupg-users mailing list