Thx for this explanation. Is the "personal-digest-preferences" shown in the public key? Is this preference list something others can see (how do I make it appear in the public key)? If it is not displayed in the public key, I don't understand what good it is or how/where it would get used.
> Date: Thu, 12 Jul 2012 11:52:17 -0400 > From: r...@sixdemonbag.org > To: gnupg-users@gnupg.org > Subject: Re: cert-digest-algo clarification > > On 7/12/2012 11:39 AM, Sam Smith wrote: > > Say I want to tell everyone, "Hey, I prefer you use SHA256 when > > communicating with me." What command should I use to communicate > > this? "default-preference-list" right? > > There's a difference between what you can enforce and what you might be > able to suggest. > > The OpenPGP spec requires that no OpenPGP implementation will ever use > any algorithm except those that are listed on your certificate as ones > that your implementation understands. This list of "I can understand > the following algorithms" can be found by 'gpg --edit-key [keyid] showpref'. > > Some OpenPGP implementations, such as GnuPG, will treat that set of > capabilities as a list of preferences. If your prefs show up as "SHA256 > SHA-1", for instance, an OpenPGP implementation would be forbidden from > using RIPEMD160, but would be able to use SHA1. GnuPG would likewise be > forbidden from using RIPEMD160, but would be more likely to use SHA-1 > than SHA256. > > GnuPG might still use SHA-1, though! If the sender is using a DSA-1k > key and does not have --enable-dsa2 active, SHA256 is disallowed for the > signature, so GnuPG will have to fall back to SHA-1. > > The takeaway here is that the capabilities shown on your certificate > ("gpg --edit-key [keyid] showpref") MAY be used as a preference list, > are not guaranteed to be used as a preference list, and even if using an > OpenPGP implementation that treats it as a preference list you may wind > up getting stuck with SHA-1 anyway. > > > So "personal-digest-preferences" overrides this? > > No. personal-digest-preferences declares which digest algorithms you > prefer to use and in which order. The certificate preferences declare > which algorithms you are *capable* of using (and, for some > implementations, which algorithms you prefer *other people* to use and > in which order). > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users