wishes for improved digest handling

Hauke Laging mailinglisten at hauke-laging.de
Wed Jun 19 02:41:54 CEST 2013


1) I just noticed that you can enforce the sender to make a SHA-1 signature 
(if he also encrypts the message) by clearing the digest preferences (or 
setting it to SHA-1 only). I am aware that this is done in compliance with the 
RfC. I just want to suggest that a warning is issued if a digest is used which 
is not listed in --personal-digest-preferences.

2) I would also like to suggest to allow the usage of --recipient with --sign 
(without --encrypt) because it makes sense. The digest compatibility checking 
is not related to the encryption so IMHO it doesn't make sense not to allow it 
without encryption. If recipients are given for a signing operation then the 
result should be that a digest is chosen which is explicitly compatible with 
all intended users of the signature. The code is already there. Even the case 
"--recipient without --encrypt" is detected. Thus this should be a quite small 
change to the code (replace the warning by calling the digest selection).

3) Last wish: I would like to have an option for explicitly forbidding the use 
of certain ciphers or digests. This affects only those which are defined in 
the standard as fallback (a mistake which should be avoided in the next 
OpenPGP version). I don't see any sense in optimizing a crypto application for 
compatibility instead of security.

PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130619/8462ddde/attachment.sig>

More information about the Gnupg-users mailing list