On the advisability of stronger digests than SHA-1 in OpenPGP certifications [was: Re: riseup.net OpenPGP Best Practices article]

[David Shaw]

On Jun 27, 2014, at 4:24 PM, John Clizbe <John at enigmail.net> wrote:

> Kristian Fiskerstrand wrote:
>> On 06/27/2014 03:54 PM, shmick at riseup.net wrote:
>> 
>> 
>>> Robert J. Hansen:
>>>> On 6/26/2014 5:57 PM, Daniel Kahn Gillmor wrote:
>>>>> PGP 8 was released over a decade ago, that's hardly a modern 
>>>>> implementation:
>>>> 
>>>> And yet, it still conforms (largely) to RFC4880.  Methinks
>>>> you're objecting because it's a largely-conforming implementation
>>>> that doesn't have good support for SHA256.  ;)
>>>> 
>>>>> In what ways is its support for SHA-256 limited?  I'm having a
>>>>> hard time finding documentation for it.
>>>> 
>>>> If I recall correctly, it can understand SHA-256 but not
>>>> generate SHA-256.  SHA-256 generation support was added late in
>>>> the 8.x series, but earlier 8.x releases could understand it.
>>>> 
> 
> That is as I remember it, Rob. I don't recall if there was a difference
> between 8.0 and 8.1 with respect to SHA-256. JM3 probably would.

My notes say that PGP 8.1 can verify sigs made with SHA-256, but won't generate it.  I'm afraid I don't have a copy of 8.1 handy any longer to check.

Incidentally, since subkeys have come up in this thread, I seem to recall a few strange bugs with 8.x (8.0? 8.1?) that make it difficult to use if the key you are encrypting to has a signing subkey.  8.x didn't always handle signing subkeys properly, so could end up failing to encrypt (it wasn't 100% of the time - it depended on which subkey was dated first).  If anyone is curious, I'll dig out my notes for this.  I submitted the bug to PGP, and I know it was fixed in a later version.

David