Changing default digest algo
Chuck Peters
cp at axs.org
Mon Nov 4 06:45:32 CET 2013
I generated some new keys in Sept and would like to convert the digest
from SHA1 to SHA512.
I added the following to gpg.conf:
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
CAST5 ZLIB BZIP2 ZIP Uncompressed
I changed the preferences:
gpg> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB
BZIP2 ZIP Uncompressed
And verified:
gpg> showpref
[ultimate] (1). Charles F. Peters II (Chuck) <cp at axs.org>
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
When I check the keys, it still shows SHA1:
$ gpg --export-options export-minimal --export 23E9EB24 | gpg
--list-packets |grep -A 2 signature|grep 'digest algo 2,'
digest algo 2, begin of digest a3 6e
digest algo 2, begin of digest 3b 34
digest algo 2, begin of digest f2 3e
digest algo 2, begin of digest ae 58
digest algo 2, begin of digest 67 fa
digest algo 2, begin of digest e6 39
I tried a few things like changing the passphrase, signing my key and
gpg --s2k-digest-algo SHA512 --edit-key 23E9EB24 and nothing seems to
work. How do I change the digest to SHA512?
Thanks,
Chuck
1. http://www.debian-administration.org/users/dkg/weblog/48
2, https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
More information about the Gnupg-users
mailing list