Hi! On Sat, 2 Nov 2024 17:52, Nutchanon Wetchasit said:
> from its default value to "SHA512". [1] And now, I would like to use
> one of these in actual encrypted correspondences, but I'm not sure which one
> was actually generated after the config change. I have also used one of them
That is easy. Given that your key is older than 2019 we won't reject
keys with SHA-1 key signatures. However, you can enforce this and also
any other crypto use of SHA-1 by adding
weak-digest SHA1
to your gpg.conf.
> > :signature packet: algo 1, keyid F1D9FE7298C60B03
> > version 4, created 1619409428, md5len 0, sigclass 0x13
> > digest algo 2, begin of digest 54 a3
>
> ^ But does the "digest algo 2" really mean the same thing as
> what's so-called "H2" in the `pref` command output of
> `gpg --edit-key` shell?
Right, 2 is SHA1. H2 means hash algo number 2.
DIGEST_ALGO_MD5 = 1,
DIGEST_ALGO_SHA1 = 2,
DIGEST_ALGO_RMD160 = 3,
/* 4, 5, 6, and 7 are reserved. */
DIGEST_ALGO_SHA256 = 8,
DIGEST_ALGO_SHA384 = 9,
DIGEST_ALGO_SHA512 = 10,
DIGEST_ALGO_SHA224 = 11,
> As far as I understand, the information I'm looking for is considered
> under-the-hood and isn't available directly from interactive
Right. However, you can do some tricks with --list-filter to filter out
certain packets.
> [1] As far as I understand, GPG classic uses SHA-1 hash for user ID binding
> signature unless configured otherwise. With SHA-1 being considered dodgy
> for security use, I proceeded to change that setting (and associated
Yes. You may however create a new binding signature which will then use
SHA256. For example by changing the expiration date.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
