-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2012-07-11 16:09, Sam Smith wrote: > I've added the following 3 lines to my gpg.conf file: > > 1) to use stronger hash when supported by others, I added this line > = *personal-digest-preferences SHA256* > > 2) to use the SHA256 hash when I Sign a message, I added this line > =*cert-digest-algo SHA256*
This is not what cert-digest-algo does, I'd recommend removing this line at all, but; --cert-digest-algo name Use name as the message digest algorithm used when signing a key. Running the program with the command --version yields a list of supported algorithms. Be aware that if you choose an algorithm that GnuPG supports but other OpenPGP implementations do not, then some users will not be able to use the key signatures you make, or quite possibly your entire key. > > 3) to change what is used when a new key is generated I added this > line = *default-preference-list SHA256 SHA384 SHA512 SHA224 AES256 > AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed* Note that as per RFC4880 this will still not remove SHA1[0: 13.3.2.] or 3DES[0: 13.2.], as these are appended tacitly to be able to ensure a matching set between implementations. > > If I am using the wrong command for my intended purpose, please do > let me know :) > > What procedure should I now do to "activate" or put into effect > these preferences? Once done, is there a way to verify that these > preferences are in effect, how can I verify? > Clearsign some text and see what hash it yield? Also note what has been mentioned regarding the use of 1024 bit DSA keys, which are limited to the use of 160 bit hash algo. If you wish to use a non-truncated version of SHA256 and have such a key, you'll have to propagate to a new one. [0] http://tools.ietf.org/html/rfc4880 - -- - ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws - ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJP/ZOjAAoJEBbgz41rC5UI5MMQAJih43IyXYh7BpxOe22PQkJS xc3F2sRfbyjyWE2trLyNhP+TVGFPeej7rx39wYzgr05VBktN0kavjQ5THWlS6P5T e6byMSdF0gfveEq8LVu87iDkR9105H9f2exoq+/DJA7DcLJ7DDtKtk6K7UBu2D02 x6Lu7kAx6ixqUVW+QwT/WCSEWhVe8ELOS923AergJl6f0UeUUFnpr+RHdH/gwz2d ejA77HlVgA85WcF6lkzvIXtmwWnMw/f7kDmOLyggtqIm2xu4C+woU6glyFpeJiym F0Zuj6IZRv22ZJhWbfiI691SXN+HaV5aZdPi2HwMdM2IF5E5XL82P4zwJgCAPgL/ Amywqdv0nWfJ3nBOY4YuzDmnhiIyvjjOCcJg2/GHBN0flKEJ+47wWTFqQkFGCUCg RWK8qPJJvihIaVXztyGwSDMqPSBAEBSA4FQ2JGphjDXcBBrBcgd1FpgInXY11ovq vf4NXSHtp7qkZTRS8xuu6IqomuKsjdHOAWwTbPMGkgw1XrR9UqAnHDuS7AFjVyiZ nU+gN0Ub6/OhEBID6ANFodEmL/TthpcrlyZK6IxEPrYiOwM64cnIZ0qmhNP0MBBu 2VpQJdMYTbHpIhPvLVdHuuBY/KRaceuhqkUtz8Ut6zGOK0/N260bAW8txfHkZQjH rVkNcAhTFX/nkqjMHpJy =t6mT -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users