On Thu, Feb 24, 2011 at 10:32:11AM -0500, Daniel Kahn Gillmor wrote: > On 02/24/2011 04:03 AM, Doug Barton wrote: > > You're using a 1024 bit DSA key, which won't allow for 256 bit hashes. > > RIPEMD-160 is the largest you can use, and works well for that kind of key. > > This isn't actually the case. Aaron's primary key (0x8086060F) is > indeed 1024-bit DSA, but his mail is signed with a 2048-bit RSA subkey > (0xFC04088F), which is perfectly capable of using the stronger digests.
I just ran 'setpref' without any arguments, and it told me that SHA256 would be the default signing algorithm. So, when attempting at doing the signatures, I found SHA1 was coming out. In the past (and now future), I signed all my mail with SHA512, just because I can. The message that started this thread, however, is signed with SHA1, as I wanted to show what was happening (run 'gpg -v --list-packets' on the sig). I didn't want to break from the defaults that GnuPG provided. Due to my 1024-bit DSA key, it appears that RIPEMD-160, SHA1 and MD5 are my only options for signatures. So, with my 2048-bit RSA subkey, I can use all the sHA2 hashes. I had just thought that with the recent update of GnuPG, the SHA2 hashes were available to my DSA key as well. No worries. I'll stick with the non-default prefs in my ~/.gnupg/gpg.conf. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
