Damien Goutte-Gattat dgouttegattat at
Wed Mar 18 01:12:16 CET 2015

On 03/18/2015 12:28 AM, Daniel Kahn Gillmor wrote:
> On Tue 2015-03-17 18:53:42 -0400, Damien Goutte-Gattat wrote:
>> Do you mean signatures in general, or key signatures (certifications)?
>> For key signatures, SHA-1 is still the default for RSA keys
> Is this correct?  I think we should be defaulting to SHA-256 for RSA
> certifications these days.

Actually no, it is not. My mistake.

SHA-256 is the default cert-digest-algo since GnuPG 2.1.0.

>> but signatures on (EC)DSA keys will use up to SHA-512 depending on the
>> key size (SHA-256 for a Brainpool-256 key, SHA-512 for a BrainpoolP512
>> key).

I meant *on*, but now I realize I was only thinking about *self* 
signatures, where the signing key and the signed key happen to be the same.

In the more general case you are right of course: the default hash 
algorithm is determined by the type and size of the *signing* key, not 
of the key that is about to be signed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150318/7aba889d/attachment.sig>

More information about the Gnupg-users mailing list