Thanks. The clearsign "test" worked. What does "cert-digest-algo" do? I read the description in the GnuPG manual and what you quoted, but I still don't understand. Could someone explain to me what cert-digest-algo does and how it differs from digest-algo when placed in gpg.conf?
so "personal-digest-preferences SHA256" will specificy that SHA256 be used for digitally signing my messages, right? and "default-preference-list" is only used for when user generates a new key, right? > To: gnupg-users@gnupg.org > From: k...@sumptuouscapital.com > Subject: Re: How to "activate" gpg.conf entries? > Date: Wed, 11 Jul 2012 16:54:27 +0200 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 2012-07-11 16:09, Sam Smith wrote: > > I've added the following 3 lines to my gpg.conf file: > > > > 1) to use stronger hash when supported by others, I added this line > > = *personal-digest-preferences SHA256* > > > > 2) to use the SHA256 hash when I Sign a message, I added this line > > =*cert-digest-algo SHA256* > > This is not what cert-digest-algo does, I'd recommend removing this > line at all, but; > --cert-digest-algo name > Use name as the message digest algorithm used when > signing a key. Running the program with the command > --version yields a list of supported algorithms. Be aware > that if you choose an algorithm that GnuPG supports > but other OpenPGP implementations do not, then some users > will not be able to use the key signatures you make, > or quite possibly your entire key. > > > > > 3) to change what is used when a new key is generated I added this > > line = *default-preference-list SHA256 SHA384 SHA512 SHA224 AES256 > > AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed* > > > Note that as per RFC4880 this will still not remove SHA1[0: 13.3.2.] > or 3DES[0: 13.2.], as these are appended tacitly to be able to ensure > a matching set between implementations. > > > > > > If I am using the wrong command for my intended purpose, please do > > let me know :) > > > > What procedure should I now do to "activate" or put into effect > > these preferences? Once done, is there a way to verify that these > > preferences are in effect, how can I verify? > > > > Clearsign some text and see what hash it yield? > > Also note what has been mentioned regarding the use of 1024 bit DSA > keys, which are limited to the use of 160 bit hash algo. If you wish > to use a non-truncated version of SHA256 and have such a key, you'll > have to propagate to a new one. > > [0] http://tools.ietf.org/html/rfc4880 > > > > - -- > - ---------------------------- > Kristian Fiskerstrand > http://www.sumptuouscapital.com > Twitter: @krifisk > - ---------------------------- > Corruptissima re publica plurimæ leges > The greater the degeneration of the republic, the more of its laws > - ---------------------------- > This email was digitally signed using the OpenPGP > standard. If you want to read more about this > The book: Sending Emails - The Safe Way: An > introduction to OpenPGP security is now > available in both Amazon Kindle and Paperback > format at > http://www.amazon.com/dp/B006RSG1S4/ > - ---------------------------- > Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.19 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQIcBAEBCAAGBQJP/ZOjAAoJEBbgz41rC5UI5MMQAJih43IyXYh7BpxOe22PQkJS > xc3F2sRfbyjyWE2trLyNhP+TVGFPeej7rx39wYzgr05VBktN0kavjQ5THWlS6P5T > e6byMSdF0gfveEq8LVu87iDkR9105H9f2exoq+/DJA7DcLJ7DDtKtk6K7UBu2D02 > x6Lu7kAx6ixqUVW+QwT/WCSEWhVe8ELOS923AergJl6f0UeUUFnpr+RHdH/gwz2d > ejA77HlVgA85WcF6lkzvIXtmwWnMw/f7kDmOLyggtqIm2xu4C+woU6glyFpeJiym > F0Zuj6IZRv22ZJhWbfiI691SXN+HaV5aZdPi2HwMdM2IF5E5XL82P4zwJgCAPgL/ > Amywqdv0nWfJ3nBOY4YuzDmnhiIyvjjOCcJg2/GHBN0flKEJ+47wWTFqQkFGCUCg > RWK8qPJJvihIaVXztyGwSDMqPSBAEBSA4FQ2JGphjDXcBBrBcgd1FpgInXY11ovq > vf4NXSHtp7qkZTRS8xuu6IqomuKsjdHOAWwTbPMGkgw1XrR9UqAnHDuS7AFjVyiZ > nU+gN0Ub6/OhEBID6ANFodEmL/TthpcrlyZK6IxEPrYiOwM64cnIZ0qmhNP0MBBu > 2VpQJdMYTbHpIhPvLVdHuuBY/KRaceuhqkUtz8Ut6zGOK0/N260bAW8txfHkZQjH > rVkNcAhTFX/nkqjMHpJy > =t6mT > -----END PGP SIGNATURE----- > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users