Hello, I have few PGP keys I generated years ago with GPG Classic 1.4, around the time that I changed its `cert-digest-algo` configuration key from its default value to "SHA512". [1] And now, I would like to use one of these in actual encrypted correspondences, but I'm not sure which one was actually generated after the config change. I have also used one of them for signing certain public document; so I would like to avoid generating new key as much as possible...
So the question is: how could I verify, from `gpg --list-packets` output, that the public key file in question uses sufficiently-secure hash functions (SHA-256/384/512 in case of RSA-based keys) in its user ID certificate binding signature? - In case this mattered: one of the keys I would like to check is: <https://savannah.gnu.org/people/viewgpg.php?user_id=82809> I guess the information I'm looking for is around here in the `gpg --list-packets` listing: > :signature packet: algo 1, keyid F1D9FE7298C60B03 > version 4, created 1619409428, md5len 0, sigclass 0x13 > digest algo 2, begin of digest 54 a3 ^ But does the "digest algo 2" really mean the same thing as what's so-called "H2" in the `pref` command output of `gpg --edit-key` shell? As far as I understand, the information I'm looking for is considered under-the-hood and isn't available directly from interactive `gpg --edit-key` interface in this GPG version 1.4 at least. (Please correct me if I'm wrong about this) Note: I know that the hard way to do this is opening the tome of RFC 2440 [2] and try identifying everything from the beginning to the point that revealed the information I wanted to know; but that method is quite error prone, so I would like to know about a specific point to look for, before trying to plow my way through. Regards, Nutchanon Wetchasit GnuPG: 1.4.12 (Debian) System: Debian GNU/Linux 7.0 "Wheezy" i386 ----- [1] As far as I understand, GPG classic uses SHA-1 hash for user ID binding signature unless configured otherwise. With SHA-1 being considered dodgy for security use, I proceeded to change that setting (and associated default cipher/hash preferences), for it to continue to be usable with meaningful level of secrecy. [2] https://www.rfc-editor.org/rfc/rfc2440.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
