On 03/18/2015 12:28 AM, Daniel Kahn Gillmor wrote:
On Tue 2015-03-17 18:53:42 -0400, Damien Goutte-Gattat wrote:Do you mean signatures in general, or key signatures (certifications)? For key signatures, SHA-1 is still the default for RSA keysIs this correct? I think we should be defaulting to SHA-256 for RSA certifications these days.
Actually no, it is not. My mistake. SHA-256 is the default cert-digest-algo since GnuPG 2.1.0.
but signatures on (EC)DSA keys will use up to SHA-512 depending on the key size (SHA-256 for a Brainpool-256 key, SHA-512 for a BrainpoolP512 key).
I meant *on*, but now I realize I was only thinking about *self* signatures, where the signing key and the signed key happen to be the same.
In the more general case you are right of course: the default hash algorithm is determined by the type and size of the *signing* key, not of the key that is about to be signed.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
