message digest for signed emails

Adam Gold awg1 at
Tue Sep 10 15:12:02 CEST 2013

I apologise in advance if this is a repeat question (I have consulted the
archives although not exhaustively) but I've been trying to get this right
for two days now to no avail.  I want the message digest for my emails to be
SHA512 (or SHA256) but I can't seem to change it from SHA1.  I have tried
generating new keys, changing email clients and/or key management programs
but nothing seems to work.

My gpg.conf contains the following lines:
default-preference-list SHA512 SHA256 SHA384 SHA224 SHA1 AES256 AES192 AES
CAST5 3DES ZLIB BZIP2 ZIP Uncompressed
personal-cipher-preferences AES256 AES192 AES CAST5 3DES
personal-digest-preferences SHA512 SHA256 SHA384 SHA224 SHA1
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
cert-digest-algo SHA512
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-count 65011712

I appreciate there are some lines there not directly related to email
signature message digests but at least lines 1 and 3 should set the default
order as specified.  If I generate a new key and then check the preferences
(--edit-key ID, showpref) it does indeed reflect the above order.  However
if I send a signed email, it always starts with 'Hash: SHA1'.

One additional point: if I use --clearsign for a non-email related document,
this will employ the SHA512 digest.  Why the discrepancy?  What do I need to
do to change it on my email?

More information about the Gnupg-users mailing list