On 09/06/2014 09:40 PM, ved...@nym.hush.com wrote: > On 9/6/2014 at 6:46 PM, "Pete Stephenson" <p...@heypete.com> wrote: >> Is it possible to sign a message (or certify a key) with multiple >> digest algorithms? >> >> For example, one might wish to sign a message with both SHA256 and >> RIPEMD160.
> It can be done if a separate signing subkey is used for each different digest.
It should also be possible from a file format point of view to just
produce two signatures (or two certifications) that differ only in the
digest algorithm.
Presumably, if you're doing certifications (OpenPGP identity assertions)
you might prefer to mark the stronger digest more recent than the weaker
one (the finest resolution in the signature timestamps is 1 second, but
that should be ok for most uses). This is because most implementations
only consider the most recent valid certification; so an implementation
that knows how to interpret the stronger digest should prefer it, while
one that only knows how to do the older digests should just ignore the
more recent digest which it can't confirm and stick with the weaker one.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
