Is it possible to sign a message with multiple digest algorithms?

Daniel Kahn Gillmor dkg at
Sun Sep 7 07:10:54 CEST 2014

On 09/06/2014 09:40 PM, vedaal at wrote:
> On 9/6/2014 at 6:46 PM, "Pete Stephenson" <pete at> wrote:
>> Is it possible to sign a message (or certify a key) with multiple 
>> digest algorithms?
>> For example, one might wish to sign a message with both SHA256 and
>> RIPEMD160.

> It can be done if a separate signing subkey is used for each different digest.

It should also be possible from a file format point of view to just
produce two signatures (or two certifications) that differ only in the
digest algorithm.

Presumably, if you're doing certifications (OpenPGP identity assertions)
you might prefer to mark the stronger digest more recent than the weaker
one (the finest resolution in the signature timestamps is 1 second, but
that should be ok for most uses).  This is because most implementations
only consider the most recent valid certification; so an implementation
that knows how to interpret the stronger digest should prefer it, while
one that only knows how to do the older digests should just ignore the
more recent digest which it can't confirm and stick with the weaker one.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140907/93b45e14/attachment.sig>

More information about the Gnupg-users mailing list