dgouttegattat at incenp.org
Wed Mar 18 01:12:16 CET 2015
On 03/18/2015 12:28 AM, Daniel Kahn Gillmor wrote:
> On Tue 2015-03-17 18:53:42 -0400, Damien Goutte-Gattat wrote:
>> Do you mean signatures in general, or key signatures (certifications)?
>> For key signatures, SHA-1 is still the default for RSA keys
> Is this correct? I think we should be defaulting to SHA-256 for RSA
> certifications these days.
Actually no, it is not. My mistake.
SHA-256 is the default cert-digest-algo since GnuPG 2.1.0.
>> but signatures on (EC)DSA keys will use up to SHA-512 depending on the
>> key size (SHA-256 for a Brainpool-256 key, SHA-512 for a BrainpoolP512
I meant *on*, but now I realize I was only thinking about *self*
signatures, where the signing key and the signed key happen to be the same.
In the more general case you are right of course: the default hash
algorithm is determined by the type and size of the *signing* key, not
of the key that is about to be signed.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users