message digest for signed emails
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Sep 10 16:59:14 CEST 2013
On 09/10/2013 09:12 AM, Adam Gold wrote:
> My gpg.conf contains the following lines:
>
> default-preference-list SHA512 SHA256 SHA384 SHA224 SHA1 AES256 AES192 AES CAST5 3DES ZLIB BZIP2 ZIP Uncompressed
> personal-digest-preferences SHA512 SHA256 SHA384 SHA224 SHA1
the lines above look like they indicate your preferences as you describe
them.
> personal-cipher-preferences AES256 AES192 AES CAST5 3DES
> personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
> cert-digest-algo SHA512
> s2k-cipher-algo AES256
> s2k-digest-algo SHA512
> s2k-count 65011712
these lines aren't relevant for data signatures.
> I appreciate there are some lines there not directly related to email
> signature message digests but at least lines 1 and 3 should set the default
> order as specified. If I generate a new key and then check the preferences
> (--edit-key ID, showpref) it does indeed reflect the above order. However
> if I send a signed email, it always starts with 'Hash: SHA1'.
gpg is not a mail user agent. what are you using to send mail? how is
it connected to gpg? Your original message claims:
X-Mailer: Microsoft Outlook 15.0
> One additional point: if I use --clearsign for a non-email related document,
> this will employ the SHA512 digest. Why the discrepancy? What do I need to
> do to change it on my email?
You need to provide more details about your mail user agent and how it
interacts with GnuPG -- it sounds like the behavior is being introduced
there.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130910/16ef3f3f/attachment.sig>
More information about the Gnupg-users
mailing list