On Thu, Feb 24, 2011 at 08:37:50PM +1100, Ben McGinnes wrote: > On 24/02/11 8:03 PM, Doug Barton wrote: > > You're using a 1024 bit DSA key, which won't allow for 256 bit > > hashes. RIPEMD-160 is the largest you can use, and works well for > > that kind of key.
Okay. That's understandable. That was why I generated a 2048-bit RSA subkey, so I could take advantage of the SHA2 algorithms. For some reason, I was thinking that with the update of GPG, my 1024-bit DSA key now had access to them. > Well, he can use SHA256 or SHA512, but like mine it will be truncated > to 160 bits, as was explained to me on this list a couple of months ago. > > As I recall, I edited the key with setpref to this: > > Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES, > CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA > Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5 > Compression: BZIP2, ZLIB, ZIP, Uncompressed > Features: MDC, Keyserver no-modify > > Then added this to gpg.conf: > > enable-dsa2 > default-preference-list S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 H10 H9 H8 > H11 H3 H2 H1 Z3 Z2 Z1 Z0 > personal-cipher-preferences S9 S10 S13 S8 S12 S7 S11 S2 S3 S4 S1 > personal-digest-preferences H10 H9 H8 H11 H3 H2 H1 > personal-compress-preferences Z3 Z2 Z1 Z0 I wanted to avoid breaking from default, which was the main reason for my post, but it appears that it's not possible if I want to use the stronger hashes, which is fine. As long as I know the limitations of my keys, and don't force preferences when sending encrypted/signed mail to others, I'm good. > IDEA is only included because of one or two freaks I know who still > use it. Oh and some ancient stuff I encrypted around fifteen years > ago, but have yet to convert. Yeah, no interest in IDEA here. :) Thanks for your help. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users