message digest for signed emails

Daniel Kahn Gillmor dkg at
Tue Sep 10 16:59:14 CEST 2013

On 09/10/2013 09:12 AM, Adam Gold wrote:

> My gpg.conf contains the following lines:
> default-preference-list SHA512 SHA256 SHA384 SHA224 SHA1 AES256 AES192 AES CAST5 3DES ZLIB BZIP2 ZIP Uncompressed
> personal-digest-preferences SHA512 SHA256 SHA384 SHA224 SHA1

the lines above look like they indicate your preferences as you describe

> personal-cipher-preferences AES256 AES192 AES CAST5 3DES
> personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
> cert-digest-algo SHA512
> s2k-cipher-algo AES256
> s2k-digest-algo SHA512
> s2k-count 65011712

these lines aren't relevant for data signatures.

> I appreciate there are some lines there not directly related to email
> signature message digests but at least lines 1 and 3 should set the default
> order as specified.  If I generate a new key and then check the preferences
> (--edit-key ID, showpref) it does indeed reflect the above order.  However
> if I send a signed email, it always starts with 'Hash: SHA1'.

gpg is not a mail user agent.  what are you using to send mail?  how is
it connected to gpg?  Your original message claims:

X-Mailer: Microsoft Outlook 15.0

> One additional point: if I use --clearsign for a non-email related document,
> this will employ the SHA512 digest.  Why the discrepancy?  What do I need to
> do to change it on my email?

You need to provide more details about your mail user agent and how it
interacts with GnuPG -- it sounds like the behavior is being introduced


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130910/16ef3f3f/attachment.sig>

More information about the Gnupg-users mailing list