On Wed, Jun 01, 2005 at 10:00:45PM +0200, Kiefer, Sascha wrote: > > Yes, you will. > > > > However, why are you doing this? GnuPG automatically does > > this for you. > > Not really. Only if i change the pref for the key i use. > My system is similar to the PGP universal system which runs on a server. > Let's think about SHA-1. Right now, it will be the preferred hash alg > for most of the keys. But it's broke, so the administrator what's to > use RIPEMD instead. Instead of changing all prefs of all keys, he just > sets the policy, that RIPEMD is the preferred algorithm (or maybe sets > that at least SHA256 must be used and keys that do not support it will > Not be used) > Get the point?
Yes, but this is a bad mistake to make. If an algorithm does not appear in someones preferences, then it shouldn't be used. For example, IDEA is an optional algorithm in OpenPGP. If your administrator decides that everyone should use IDEA, that will mean that some users will not be able to read the message. The whole point of preferences is for the users to tell you what algorithms they can handle. Overriding this means that the users are getting something they can't handle. The only safe way to do this is to either do nothing and let the automatic algorithm selection system do its job, or use --personal-xxx-preferences which works within the preference system to pick an algorithm (and won't pick it if it means violating the preferences). David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
