message digest for signed emails
Adam Gold
awg1 at gmx.com
Tue Sep 10 15:12:02 CEST 2013
I apologise in advance if this is a repeat question (I have consulted the
archives although not exhaustively) but I've been trying to get this right
for two days now to no avail. I want the message digest for my emails to be
SHA512 (or SHA256) but I can't seem to change it from SHA1. I have tried
generating new keys, changing email clients and/or key management programs
but nothing seems to work.
My gpg.conf contains the following lines:
default-preference-list SHA512 SHA256 SHA384 SHA224 SHA1 AES256 AES192 AES
CAST5 3DES ZLIB BZIP2 ZIP Uncompressed
personal-cipher-preferences AES256 AES192 AES CAST5 3DES
personal-digest-preferences SHA512 SHA256 SHA384 SHA224 SHA1
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
cert-digest-algo SHA512
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-count 65011712
I appreciate there are some lines there not directly related to email
signature message digests but at least lines 1 and 3 should set the default
order as specified. If I generate a new key and then check the preferences
(--edit-key ID, showpref) it does indeed reflect the above order. However
if I send a signed email, it always starts with 'Hash: SHA1'.
One additional point: if I use --clearsign for a non-email related document,
this will employ the SHA512 digest. Why the discrepancy? What do I need to
do to change it on my email?
More information about the Gnupg-users
mailing list