Damien Goutte-Gattat dgouttegattat at
Wed Mar 18 13:12:29 CET 2015

On 03/18/2015 01:34 AM, Robert J. Hansen wrote:
> I think this shouldn't be supported; CAST5 should only be used if (a) it's in the
> recipient's key prefs and (b) it's explicitly listed in
> default-cipher-prefs.

I don’t think that ignoring the recipient’s preferences should be the 
default behavior. The recipient’s choices should be honored by default 
*unless* you explicitly decide against it.

If you want to ignore a particular cipher, you could use the 
--disable-cipher-algo option. Disable CAST5 and it will never be 
selected by GnuPG even if it appears on the recipient’s list.

>> Do you mean signatures in general, or key signatures
>> (certifications)?
> The former, although I think setting cert-digest-algo SHA256 by default
> may be worth discussing.

Not anymore, it’s already done. :) I was wrong on that point, SHA-1 is 
no longer used by default for certifications since GnuPG 2.1.0.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150318/edb4b57b/attachment.sig>

More information about the Gnupg-users mailing list