gpg rejects SHA224 with DSA-2048

If I attempt to create a data signature using a 2048-bit DSA signing key, and the SHA224 hash algorithm, GnuPG complains as follows: ~ $ gpg -u A39CE7E5 --digest-algo H11 -b test.txt ... 2048-bit DSA key, ID A39CE7E5, created 2009-11-02 (main key ID 14CA0E78) gpg: writing to `test.txt.asc' gpg:

Re: gpg rejects SHA224 with DSA-2048

On Sat, Nov 07, 2009 at 07:48:01PM -0500 I wrote: > However, RFC4880 and FIPS186 clearly state: > > ...that DSA be used in one of the following ways: > >... > > * 2048-bit key, 224-bit q, SHA-224, SHA-256, SHA-384, or SHA-512 >hash > >... > I should clarify t

Re: gpg rejects SHA224 with DSA-2048

On Sat, Nov 07, 2009 at 09:44:23PM -0500 Also sprach Robert J. Hansen: > Kevin Kammer wrote: > > If I attempt to create a data signature using a 2048-bit DSA signing > > key, and the SHA224 hash algorithm, GnuPG complains as follows: > > > > ~ $ gpg -u A39CE7E5 --

Re: gpg rejects SHA224 with DSA-2048

On Sun, Nov 08, 2009 at 09:46:08PM -0500 David Shaw wrote: > > That's not quite how it works. What matters here is how the key was > generated in the first place. > > One of the numbers used to generate a DSA key is known as "q". In DSA, > the size of q is what controls the size of the hash th

Re: I am sure I did not forget my passphrase

On Sun, Nov 08, 2009 at 04:24:01PM +0100 Marko Randjelovic wrote: > > Is there a way to check if secret key info was modified? Check the time/date of the latest self-signature on the key. However, if the key data was unintentionally modified outside of gpg, such as through data corruption, then

Re: gpg rejects SHA224 with DSA-2048

On Sun, Nov 08, 2009 at 10:17:52PM -0500 Robert J. Hansen wrote: > David Shaw wrote: > > However, if you managed to generate a 2048-bit key with a 224-bit q > > (as earlier versions of GPG did), all versions of GPG would > > (correctly) allow the use of SHA-224 with this key. > > When did this cha

Re: Algorithm used to encrypt

On Sun, Nov 08, 2009 at 05:52:37PM +0100 Heinz Diehl wrote: > Hi, > > seems I'm just too stupid today to find what's maybe obvious: > given an ascii armored gpg encrypted file, how can I find out what > algorithm has been used to encrypt the file? > > Thanks, > Heinz. I should preface what I sa

Re: Algorithm used to encrypt

On Sun, Nov 08, 2009 at 10:57:46PM -0500 I wrote: > On Sun, Nov 08, 2009 at 05:52:37PM +0100 Heinz Diehl wrote: > > Hi, > > > > seems I'm just too stupid today to find what's maybe obvious: > > given an ascii armored gpg encrypted file, how can I find out what > > algorithm has been used to encryp

Re: gpg rejects SHA224 with DSA-2048

On Sun, Nov 08, 2009 at 11:11:01PM -0500 Also sprach Robert J. Hansen: > Kevin Kammer wrote: > > Unless there is some inescapable constraint on the size of one's > > signature, I am hard pressed to think of a reason for using SHA224 when > > SHA256 is available. > &g

Re: gpg rejects SHA224 with DSA-2048

On Mon, Nov 09, 2009 at 11:52:48AM +0100 Also sprach Werner Koch: > On Mon, 9 Nov 2009 04:17, r...@sixdemonbag.org said: > > > When did this changeover take place, and is there any way to get the old > > behavior back? > > On 2009-07-09; that is since 1.4.10 / 2.0.13. There is no option to > ch

Re: Is it safe to put an encrypted file on a public web server

On Wed, Nov 11, 2009 at 09:01:09AM -0500 Also sprach David Shaw: > AES256 is probably the best all-round choice in GPG if you want to > just say "strongest" and leave it at that AES 192 or AES 128 may actually be a more secure choice than AES 256, until they work out the following: http://www.sch

OpenPGP Card source

Is the source code that lives in the OpenPGP card, v2.0, as implemented in the Kernel Concepts/Zeitcontrol version, available anywhere for review? I have looked on their respective websites, as well as g10 code and the gnupg ftp server, but have not seen any obvious path to it (and I am assuming

Re: Updating signature cert-level

On Wed, Apr 27, 2011 at 08:59:49AM -0400 Also sprach David Shaw: Incidentally, it is possible to tweak the trust calculations to take signature level into account. GnuPG supports reading a trust "map" generated by an external process that can use whatever trust rules it likes. I don't know of

Conditional options directives

I think this post falls under the heading of "Feature Request," unless someone already knows how to accomplish the following. I think it would be useful if there was a way to format the GnuPG options file to conditionally apply options, depending on the key used (or potentially, depending upon

Re: I'm looking for a very beginnerfriendly gpg

On Fri, May 06, 2011 at 05:25:23AM -0700 Also sprach Erica3: I'm looking for the most newbie-friendly, easiest-to-use version of gpg. No writing commands, just clicking and if possible, I want to download and install the whole thing at once and not have to put things (gpg and interface?) togethe

Re: PGP Help Require Basic

On Tue, May 10, 2011 at 04:32:24PM +1000 Also sprach Aakash: > Hi folks, > > Well, I have got to encrypt/decrypt the files using Open PGP. Now I have got > PGP key block and Pgp KEY from other party. I have also installed GPG on my > local machine. > > but i really dont have any idea what to do n

Card fails to decrypt using 4096-bit key

0x24620B795999A6DB gpg: encrypted with 4096 bit RSA key, ID 0xA9D4A64F1FADF7D2, created 2012-05-16 "Kevin Kammer " gpg: public key decryption failed: General error gpg: decryption failed: No secret key This is essentially the same error that Edmond

Re: how to use samrtcard with PC/SC cardreader

On Wed, May 16, 2012 at 10:13:51AM +0800 Also sprach Yang Hon-Jang: > I am interested in NOT put private keys in disk. I like the idea, put > private keys in smartcard. > > How to use the Fellowship > Smartcarddescri

Re: Some people say longer keys are silly. I think they should be supported by gpg.

On Tue, May 22, 2012 at 08:26:14PM +0200 Also sprach Hauke Laging: > Given the frequency of this discussion and the amount of effort takes by the > participants: Wouldn't it make sense to make this a FAQ entry? Honestly now, do you think having a FAQ entry stops this topic resurrecting every few

Re: Draft of nine new FAQ questions

On Wed, May 23, 2012 at 05:34:16PM +0100 Also sprach michael crane: > > for me the first should always be "what is gnupg ?" > I believe these nine "new" FAQ entries are to be added to the existing entries to provide additional information regarding keysizes specifically. They are not comprehens

Re: FAQ, take two

On Sun, Jun 03, 2012 at 09:40:02PM -0400 Also sprach Robert J. Hansen: > What I *am* interested in, though, are content errors. It is quite > likely I have a few in there, and maybe even a few howlers. So please, > take a look and see what you think. Thanks for taking the time to write this; he

Re: no password needed to export secret-keys?

On Mon, Jun 04, 2012 at 11:57:02AM -0400 Also sprach Sam Smith: > No, the exported file is NOT protected by the passphrase. > > If I export the key. And then delete my secret key from my keyring. > And now Import what I exported, I am not asked for a password before > the import is allowed to co

Re: FAQ, take two

On Mon, Jun 04, 2012 at 02:08:52PM -0400 Also sprach Robert J. Hansen: > On 6/4/12 12:35 PM, Kevin Kammer wrote: > > Section 2.6: For Solaris 11, gnupg is also available via the default > > IPS publisher. The version Oracle provides is 2.0.17 vs 2.0.18 from > > Ope

Re: FAQ, take two

On Mon, Jun 04, 2012 at 09:11:13PM +0200 Also sprach Werner Koch: > On Mon, 4 Jun 2012 18:35, lists.gn...@mephisto.fastmail.net said: > > > require extensive manual configuration for it to work properly (but if > > you're using Mutt, you already know that). See > > http://wiki.mutt.org/?MuttGuide

Re: GPG with GPUs

On Sat, Jun 16, 2012 at 03:44:04PM -0400 Also sprach Robert J. Hansen: > ... unless he's running on an Ivy Bridge or later, in which case it > already has a hardware RNG built in. If he's currently running on hardware later than Ivy Bridge, then he's either an Intel engineer or a time traveler, an

Re: private key protection

On Tue, Oct 18, 2011 at 09:15:14AM -0400 Also sprach Mark H. Wood: > On Tue, Oct 18, 2011 at 02:10:07PM +0200, Jerome Baum wrote: > > >> I'm going to lean very far out the window and assume he meant the actual > > >> private key, not the private key-ring/-file/... > > > > > > I'm not sure I unders

Mac OS X 10.8 and OpenPGP Cards

Well, the inevitable has happened, again. I just upgraded from Mac OS X 10.7 to 10.8, and my ZeitControl cards, which were formerly working perfectly, are now inaccessible. ~ $ gpg2 --card-status gpg: selecting openpgp failed: Card error gpg: OpenPGP card not available: Card error Since I haven

Re: Mac OS X 10.8 and OpenPGP Cards

On Fri, Jul 27, 2012 at 09:26:14AM +0100 Also sprach Nicholas Cole: > On Thu, Jul 26, 2012 at 8:34 PM, Kevin Kammer > wrote: > > ... > > > > I just upgraded from Mac OS X 10.7 to 10.8, and my ZeitControl cards, > > which were formerly working perfectly, are now ina

Re: Mac OS X 10.8 and OpenPGP Cards

On Fri, Jul 27, 2012 at 08:45:51PM +0200 Also sprach Richard Höchenberger: > On 27/7/2012 20:12, Kevin Kammer wrote: > > It has been so long since I had to mess with it (on my mac anyway) that > > I don't remember. Which libraries do you mean? > > I never had to instal

Re: Mac OS X 10.8 and OpenPGP Cards

On Tue, Jul 31, 2012 at 12:00:23PM +0200 Also sprach Olav Seyfarth: > -BEGIN PGP SIGNED MESSAGE- > Hash: RIPEMD160 > > Hi Kevin, list, > > > I just upgraded from Mac OS X 10.7 to 10.8, and my ZeitControl cards, which > > were formerly working perfectly, are now inaccessible. > > please n